diff --git a/ansible/playbook_podman_ollama_rocm.yml b/ansible/playbook_podman_ollama_rocm.yml index a4cce6a..beb7c7e 100644 --- a/ansible/playbook_podman_ollama_rocm.yml +++ b/ansible/playbook_podman_ollama_rocm.yml @@ -12,7 +12,7 @@ build: dockerfile: "{{ lookup('file', 'dockerfiles/Dockerfile.ollama.rocm') }}" env: - OLLAMA_CONTEXT_LENGTH: 4096 + OLLAMA_CONTEXT_LENGTH: 32000 OLLAMA_NUM_THREADS: 10 OLLAMA_NUM_PARALLEL: 2 OLLAMA_FLASH_ATTENTION: 1 diff --git a/requirements/dev.txt b/requirements/dev.txt index b55b448..d5ab24a 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -4,3 +4,4 @@ molecule molecule-podman passlib pytest-molecule +requests diff --git a/terraform/apps/prod-01/apps.tf b/terraform/apps/prod-01/apps.tf index 8f2be08..be41687 100644 --- a/terraform/apps/prod-01/apps.tf +++ b/terraform/apps/prod-01/apps.tf @@ -98,9 +98,10 @@ module "trivy" { persistent_folder = local.persistent_folder cron_schedule = local.trivy_cronjob_schedule + tag = "0.70.0" smtp_host = local.scaleway_smtp_host - smtp_port = local.scaleway_smtp_port + smtp_port = tostring(local.scaleway_smtp_port) smtp_username = var.scaleway_project_id smtp_password = local.mail_app_api_secret_key from_email = "trivy@${local.primary_domain}" diff --git a/terraform/modules/apps/grafana/config.tf b/terraform/modules/apps/grafana/config.tf index 8991f75..e65d009 100644 --- a/terraform/modules/apps/grafana/config.tf +++ b/terraform/modules/apps/grafana/config.tf @@ -1,4 +1,8 @@ locals { app_version = var.tag monitoring_folder = "${var.persistent_folder}/grafana" + + grafana_datasource_config = file("${path.module}/resources/default.yml") + grafana_dashboard_provider = file("${path.module}/resources/dashboard-provider.yml") + grafana_trivy_dashboard = file("${path.module}/resources/trivy-vulnerabilities-dashboard.json") } diff --git a/terraform/modules/apps/grafana/grafana.tf b/terraform/modules/apps/grafana/grafana.tf index 6363b06..234c285 100644 --- a/terraform/modules/apps/grafana/grafana.tf +++ b/terraform/modules/apps/grafana/grafana.tf @@ -1,3 +1,36 @@ +resource "kubernetes_config_map" "grafana_datasources" { + metadata { + name = "grafana-datasources" + namespace = kubernetes_namespace.grafana.metadata[0].name + } + + data = { + "default.yml" = replace(local.grafana_datasource_config, "__PROMETHEUS_URL__", var.prometheus_url) + } +} + +resource "kubernetes_config_map" "grafana_dashboard_provider" { + metadata { + name = "grafana-dashboard-provider" + namespace = kubernetes_namespace.grafana.metadata[0].name + } + + data = { + "dashboard-provider.yml" = local.grafana_dashboard_provider + } +} + +resource "kubernetes_config_map" "grafana_dashboards" { + metadata { + name = "grafana-dashboards" + namespace = kubernetes_namespace.grafana.metadata[0].name + } + + data = { + "trivy-vulnerabilities-dashboard.json" = local.grafana_trivy_dashboard + } +} + resource "kubernetes_deployment" "grafana" { metadata { @@ -67,6 +100,21 @@ resource "kubernetes_deployment" "grafana" { name = "grafana-pv" mount_path = "/var/lib/grafana" } + volume_mount { + name = "grafana-datasources" + mount_path = "/etc/grafana/provisioning/datasources" + read_only = true + } + volume_mount { + name = "grafana-dashboard-provider" + mount_path = "/etc/grafana/provisioning/dashboards" + read_only = true + } + volume_mount { + name = "grafana-dashboards" + mount_path = "/var/lib/grafana/dashboards" + read_only = true + } } volume { name = "grafana-pv" @@ -74,6 +122,24 @@ resource "kubernetes_deployment" "grafana" { path = local.monitoring_folder } } + volume { + name = "grafana-datasources" + config_map { + name = kubernetes_config_map.grafana_datasources.metadata[0].name + } + } + volume { + name = "grafana-dashboard-provider" + config_map { + name = kubernetes_config_map.grafana_dashboard_provider.metadata[0].name + } + } + volume { + name = "grafana-dashboards" + config_map { + name = kubernetes_config_map.grafana_dashboards.metadata[0].name + } + } } } } diff --git a/terraform/modules/apps/grafana/resources/auth-exportyer-dashboard.json b/terraform/modules/apps/grafana/resources/auth-exportyer-dashboard.json new file mode 100644 index 0000000..58965c9 --- /dev/null +++ b/terraform/modules/apps/grafana/resources/auth-exportyer-dashboard.json @@ -0,0 +1,580 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 5, + "links": [], + "panels": [ + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 2, + "panels": [], + "title": "Sessions", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 1 + }, + "id": 1, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "auth_sessions_active{}", + "legendFormat": "{{source}}", + "range": true, + "refId": "A" + } + ], + "title": "Active sessions (by source)", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 1 + }, + "id": 4, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum by (source, method) (rate(auth_sessions_total[5m]))", + "legendFormat": "{{source}} / {{method}}", + "range": true, + "refId": "A" + } + ], + "title": "Auth sessions started (rate)", + "type": "timeseries" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 8 + }, + "id": 6, + "panels": [], + "title": "Users", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 9 + }, + "id": 5, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "auth_sessions_by_user_total{}", + "legendFormat": "{{username}}:{{source}}", + "range": true, + "refId": "A" + } + ], + "title": "Top users by session starts (last 5m)", + "type": "timeseries" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 17 + }, + "id": 3, + "panels": [], + "title": "Exporter metrics", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 18 + }, + "id": 7, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "rate(auth_exporter_parse_errors_total[5m])", + "legendFormat": "{{instance}}", + "range": true, + "refId": "A" + } + ], + "title": "Parse errors (rate)", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "bezn5wieufi80d" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 18 + }, + "id": 8, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "editorMode": "code", + "expr": "rate(auth_exporter_user_labels_dropped_total[5m])", + "legendFormat": "{{instance}}", + "range": true, + "refId": "A" + } + ], + "title": "User label drops (rate)", + "type": "timeseries" + } + ], + "preload": false, + "schemaVersion": 42, + "tags": [ + "security" + ], + "templating": { + "list": [ + { + "current": { + "text": "prometheus-dev-01", + "value": "bezn5wieufi80d" + }, + "name": "datasource", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Auth Exporter", + "uid": "7381c747-ecf6-4f2f-ac4b-551e56f24cf0", + "version": 5 +} \ No newline at end of file diff --git a/terraform/modules/apps/grafana/resources/dashboard-provider.yml b/terraform/modules/apps/grafana/resources/dashboard-provider.yml new file mode 100644 index 0000000..0671abc --- /dev/null +++ b/terraform/modules/apps/grafana/resources/dashboard-provider.yml @@ -0,0 +1,12 @@ +apiVersion: 1 + +providers: + - name: trivy-vulnerabilities + orgId: 1 + folder: Security + type: file + disableDeletion: false + updateIntervalSeconds: 30 + allowUiUpdates: true + options: + path: /var/lib/grafana/dashboards diff --git a/terraform/modules/apps/grafana/resources/default.yml b/terraform/modules/apps/grafana/resources/default.yml index 6119791..8e8d3aa 100644 --- a/terraform/modules/apps/grafana/resources/default.yml +++ b/terraform/modules/apps/grafana/resources/default.yml @@ -1,38 +1,9 @@ -global: - scrape_interval: 5s - evaluation_interval: 5s -rule_files: - - /etc/prometheus/prometheus.rules -scrape_configs: - - job_name: kubernetes-nodes-cadvisor - scrape_interval: 10s - scrape_timeout: 10s - scheme: https # remove if you want to scrape metrics on insecure port - tls_config: - ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt - insecure_skip_verify: true - bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token - kubernetes_sd_configs: - - role: node - relabel_configs: - - action: labelmap - regex: __meta_kubernetes_node_label_(.+) - # Only for Kubernetes ^1.7.3. - # See: https://github.com/prometheus/prometheus/issues/2916 - - target_label: __address__ - replacement: kubernetes.default.svc:443 - - source_labels: [__meta_kubernetes_node_name] - regex: (.+) - target_label: __metrics_path__ - replacement: /api/v1/nodes/${1}/proxy/metrics/cadvisor - metric_relabel_configs: - - action: replace - source_labels: [id] - regex: '^/machine\.slice/machine-rkt\\x2d([^\\]+)\\.+/([^/]+)\.service$' - target_label: rkt_container_name - replacement: "${2}-${1}" - - action: replace - source_labels: [id] - regex: '^/system\.slice/(.+)\.service$' - target_label: systemd_service_name - replacement: "${1}" +apiVersion: 1 + +datasources: + - name: Prometheus + type: prometheus + access: proxy + url: __PROMETHEUS_URL__ + isDefault: true + editable: true diff --git a/terraform/modules/apps/grafana/resources/devolo-powerline-dashboard.json b/terraform/modules/apps/grafana/resources/devolo-powerline-dashboard.json new file mode 100644 index 0000000..7874893 --- /dev/null +++ b/terraform/modules/apps/grafana/resources/devolo-powerline-dashboard.json @@ -0,0 +1,551 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 8, + "links": [], + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": 0 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 5, + "x": 0, + "y": 0 + }, + "id": 2, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "devolo_uptime_seconds", + "instant": true, + "range": false, + "refId": "A" + } + ], + "title": "Device Uptime", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "bezn5wieufi80d" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "max": 200, + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "red", + "value": 0 + }, + { + "color": "orange", + "value": 70 + }, + { + "color": "green", + "value": 85 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 7, + "x": 5, + "y": 0 + }, + "id": 5, + "options": { + "displayMode": "lcd", + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "editorMode": "code", + "expr": "devolo_rx_mbps{device_id=~\"$device_id\", mac=~\"$mac\"}", + "legendFormat": "RX", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "bezn5wieufi80d" + }, + "editorMode": "code", + "expr": "devolo_tx_mbps{device_id=~\"$device_id\", mac=~\"$mac\"}", + "hide": false, + "instant": false, + "legendFormat": "TX", + "range": true, + "refId": "B" + } + ], + "title": "RX Rate", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "footer": { + "reducers": [] + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 12, + "x": 12, + "y": 0 + }, + "id": 3, + "options": { + "cellHeight": "sm", + "showHeader": true + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "devolo_device_info_info", + "instant": true, + "legendFormat": "", + "range": false, + "refId": "A" + } + ], + "title": "Devolo Device Info", + "transformations": [ + { + "id": "labelsToFields", + "options": { + "keepLabels": [ + "firmware", + "mac", + "name", + "serial" + ], + "mode": "columns" + } + }, + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true, + "Value": true, + "devolo_device_info_info": true + }, + "includeByName": {}, + "indexByName": {}, + "renameByName": { + "firmware": "Firmware", + "mac": "MAC", + "name": "Name", + "serial": "Serial" + } + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "continuous-RdYlGr" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "scheme", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "smooth", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 3, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "max": 200, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "red", + "value": 0 + }, + { + "color": "green", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 6 + }, + "id": 6, + "options": { + "legend": { + "calcs": [], + "displayMode": "hidden", + "placement": "right", + "showLegend": false + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "devolo_rx_mbps{device_id=~\"$device_id\", mac=~\"$mac\"}", + "instant": false, + "legendFormat": "TX", + "range": true, + "refId": "A" + } + ], + "title": "RX Throughput", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "continuous-RdYlGr", + "seriesBy": "max" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "scheme", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "smooth", + "lineWidth": 3, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "max": 200, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "red", + "value": 0 + }, + { + "color": "green", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 6 + }, + "id": 1, + "options": { + "legend": { + "calcs": [], + "displayMode": "hidden", + "placement": "right", + "showLegend": false + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "devolo_tx_mbps{device_id=~\"$device_id\", mac=~\"$mac\"}", + "instant": false, + "legendFormat": "TX", + "range": true, + "refId": "A" + } + ], + "title": "TX Throughput", + "type": "timeseries" + } + ], + "preload": false, + "refresh": "10s", + "schemaVersion": 42, + "tags": [ + "devolo", + "powerline", + "network" + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "PBFA97CFB590B2093" + }, + "label": "Prometheus", + "name": "DS_PROMETHEUS", + "options": [], + "query": "prometheus", + "refresh": 1, + "type": "datasource" + }, + { + "allValue": ".*", + "current": { + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(devolo_tx_mbps, device_id)", + "includeAll": true, + "label": "Device ID", + "multi": true, + "name": "device_id", + "options": [], + "query": { + "query": "label_values(devolo_tx_mbps, device_id)", + "refId": "StandardVariableQuery" + }, + "refresh": 2, + "type": "query" + }, + { + "allValue": ".*", + "current": { + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(devolo_tx_mbps{device_id=~\"$device_id\"}, mac)", + "includeAll": true, + "label": "MAC", + "multi": true, + "name": "mac", + "options": [], + "query": { + "query": "label_values(devolo_tx_mbps{device_id=~\"$device_id\"}, mac)", + "refId": "StandardVariableQuery" + }, + "refresh": 2, + "type": "query" + } + ] + }, + "time": { + "from": "now-24h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Devolo Powerline", + "uid": "devolo-powerline", + "version": 10 +} \ No newline at end of file diff --git a/terraform/modules/apps/grafana/resources/disk-health-dashboard.json b/terraform/modules/apps/grafana/resources/disk-health-dashboard.json new file mode 100644 index 0000000..aa9aa0e --- /dev/null +++ b/terraform/modules/apps/grafana/resources/disk-health-dashboard.json @@ -0,0 +1,652 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 7, + "links": [], + "panels": [ + { + "datasource": "$datasource", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 3, + "x": 0, + "y": 0 + }, + "id": 1, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "editorMode": "code", + "expr": "count(disk_info{})-count(disk_healthy{})", + "instant": true, + "legendFormat": "__auto", + "refId": "A" + } + ], + "title": "Unhealthy Disks", + "type": "stat" + }, + { + "datasource": "$datasource", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "orange", + "value": 60 + }, + { + "color": "red", + "value": 70 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 9, + "x": 3, + "y": 0 + }, + "id": 3, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "expr": "disk_smart_attr_normalized_value{name=\"Temperature_Celsius\",device=~\"$device\"}", + "legendFormat": "{{device}}", + "refId": "A" + } + ], + "title": "Temperature (Normalized)", + "type": "timeseries" + }, + { + "datasource": "$datasource", + "fieldConfig": { + "defaults": { + "color": { + "mode": "continuous-GrYlRd" + }, + "custom": { + "axisPlacement": "auto", + "fillOpacity": 70, + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineWidth": 0, + "spanNulls": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 11, + "x": 12, + "y": 0 + }, + "id": 2, + "options": { + "alignValue": "left", + "legend": { + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "mergeValues": true, + "rowHeight": 0.9, + "showValue": "auto", + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "expr": "disk_healthy{device=~\"$device\"}", + "legendFormat": "{{device}}", + "refId": "A" + } + ], + "title": "Disk Health State", + "type": "state-timeline" + }, + { + "datasource": "$datasource", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 23, + "x": 0, + "y": 7 + }, + "id": 4, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "expr": "disk_reallocated_sector_count{device=~\"$device\"}", + "legendFormat": "{{device}}", + "refId": "A" + } + ], + "title": "Reallocated Sectors", + "type": "timeseries" + }, + { + "datasource": "$datasource", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 23, + "x": 0, + "y": 14 + }, + "id": 5, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "expr": "disk_offline_uncorrectable{device=~\"$device\"}", + "legendFormat": "{{device}}", + "refId": "A" + } + ], + "title": "Offline Uncorrectable", + "type": "timeseries" + }, + { + "datasource": "$datasource", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 23, + "x": 0, + "y": 21 + }, + "id": 6, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "expr": "disk_smart_attr_raw_value{name=\"Power_On_Hours\",device=~\"$device\"}", + "legendFormat": "{{device}}", + "refId": "A" + } + ], + "title": "Power On Hours", + "type": "timeseries" + }, + { + "datasource": "$datasource", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 23, + "x": 0, + "y": 27 + }, + "id": 7, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "expr": "disk_smart_attr_raw_value{name=~\"Media_Wearout_Indicator|Available_Reservd_Space\",device=~\"$device\"}", + "legendFormat": "{{device}} {{name}}", + "refId": "A" + } + ], + "title": "Media / Wear Indicators", + "type": "timeseries" + } + ], + "preload": false, + "refresh": "", + "schemaVersion": 42, + "tags": [ + "disks", + "smart" + ], + "templating": { + "list": [ + { + "current": { + "text": "All", + "value": "$__all" + }, + "datasource": "$datasource", + "includeAll": true, + "multi": true, + "name": "device", + "options": [], + "query": "label_values(disk_healthy, device)", + "refresh": 1, + "type": "query" + }, + { + "current": { + "text": "prometheus-dev-01", + "value": "bezn5wieufi80d" + }, + "name": "datasource", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "browser", + "title": "Disk Health (smartctl)", + "uid": "disk-health-smartctl", + "version": 2 +} \ No newline at end of file diff --git a/terraform/modules/apps/grafana/resources/fail2ban-dashboard.json b/terraform/modules/apps/grafana/resources/fail2ban-dashboard.json new file mode 100644 index 0000000..c25d813 --- /dev/null +++ b/terraform/modules/apps/grafana/resources/fail2ban-dashboard.json @@ -0,0 +1,648 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 2, + "id": 3, + "links": [], + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "aezs0pa1i5xq8f" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "footer": { + "reducers": [] + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": ".*Time" + }, + "properties": [ + { + "id": "unit", + "value": "s" + } + ] + } + ] + }, + "gridPos": { + "h": 6, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 206, + "options": { + "cellHeight": "sm", + "showHeader": true + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "aezs0pa1i5xq8f" + }, + "editorMode": "code", + "exemplar": false, + "expr": "f2b_config_jail_max_retries{instance=~\"$instance\"}", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "{{jail}}", + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "aezs0pa1i5xq8f" + }, + "editorMode": "code", + "exemplar": false, + "expr": "f2b_config_jail_ban_time{instance=~\"$instance\"}", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "{{jail}}", + "refId": "B" + }, + { + "datasource": { + "type": "prometheus", + "uid": "aezs0pa1i5xq8f" + }, + "editorMode": "code", + "exemplar": false, + "expr": "f2b_config_jail_find_time{instance=~\"$instance\"}", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "legendFormat": "{{jail}}", + "refId": "C" + } + ], + "title": "F2B Config", + "transformations": [ + { + "id": "merge", + "options": {} + }, + { + "id": "groupBy", + "options": { + "fields": { + "Value #A": { + "aggregations": [ + "lastNotNull" + ], + "operation": "aggregate" + }, + "Value #B": { + "aggregations": [ + "lastNotNull" + ], + "operation": "aggregate" + }, + "Value #C": { + "aggregations": [ + "lastNotNull" + ], + "operation": "aggregate" + }, + "instance": { + "aggregations": [], + "operation": "groupby" + }, + "jail": { + "aggregations": [], + "operation": "groupby" + } + } + } + }, + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "Value #A (lastNotNull)": "Max Retries", + "Value #B (lastNotNull)": "Ban Time", + "Value #C (lastNotNull)": "Find Time", + "jail": "Jail" + } + } + } + ], + "transparent": true, + "type": "table" + }, + { + "datasource": { + "type": "prometheus", + "uid": "aezs0pa1i5xq8f" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 6 + }, + "id": 190, + "options": { + "legend": { + "calcs": [ + "lastNotNull" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "aezs0pa1i5xq8f" + }, + "editorMode": "code", + "exemplar": true, + "expr": "f2b_jail_failed_total{instance=~\"$instance\"}", + "hide": false, + "interval": "", + "legendFormat": "{{jail}}", + "range": true, + "refId": "A" + } + ], + "title": "Fail2Ban Failures (Total)", + "transparent": true, + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "aezs0pa1i5xq8f" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 6 + }, + "id": 191, + "options": { + "legend": { + "calcs": [ + "lastNotNull" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "aezs0pa1i5xq8f" + }, + "editorMode": "code", + "exemplar": true, + "expr": "f2b_jail_banned_total{instance=~\"$instance\"}", + "interval": "", + "legendFormat": "{{jail}}", + "range": true, + "refId": "A" + } + ], + "title": "Fail2Ban Bans (Total)", + "transparent": true, + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "aezs0pa1i5xq8f" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 14 + }, + "id": 208, + "options": { + "legend": { + "calcs": [ + "lastNotNull" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "aezs0pa1i5xq8f" + }, + "editorMode": "code", + "exemplar": true, + "expr": "f2b_jail_failed_current{instance=~\"$instance\"}", + "interval": "", + "legendFormat": "{{jail}}", + "range": true, + "refId": "A" + } + ], + "title": "Fail2Ban Failures (Current)", + "transparent": true, + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "aezs0pa1i5xq8f" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 14 + }, + "id": 209, + "options": { + "legend": { + "calcs": [ + "lastNotNull" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "aezs0pa1i5xq8f" + }, + "editorMode": "code", + "exemplar": true, + "expr": "f2b_jail_banned_current{instance=~\"$instance\"}", + "interval": "", + "legendFormat": "{{jail}}", + "range": true, + "refId": "A" + } + ], + "title": "Fail2Ban Bans (Current)", + "transparent": true, + "type": "timeseries" + } + ], + "preload": false, + "refresh": "30s", + "schemaVersion": 42, + "tags": [ + "security" + ], + "templating": { + "list": [ + { + "current": { + "text": [ + "fail2ban-exporter.prometheus.svc.cluster.local:9100" + ], + "value": [ + "fail2ban-exporter.prometheus.svc.cluster.local:9100" + ] + }, + "datasource": { + "type": "prometheus", + "uid": "aezs0pa1i5xq8f" + }, + "definition": "f2b_up", + "description": "Select which instance(s) to show", + "includeAll": false, + "label": "Instance", + "multi": true, + "name": "instance", + "options": [], + "query": { + "query": "f2b_up", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "/.*instance=\"([^\"]+)\"/", + "type": "query" + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Fail2Ban Exporter", + "uid": "cTkH9AT7z", + "version": 4 +} \ No newline at end of file diff --git a/terraform/modules/apps/grafana/resources/kubernetes-dashboard.json b/terraform/modules/apps/grafana/resources/kubernetes-dashboard.json new file mode 100644 index 0000000..70c6796 --- /dev/null +++ b/terraform/modules/apps/grafana/resources/kubernetes-dashboard.json @@ -0,0 +1,1691 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "Monitors Kubernetes cluster using Prometheus. Shows overall cluster CPU / Memory / Filesystem usage as well as individual pod, containers, systemd services statistics. Uses cAdvisor metrics only.", + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 2, + "links": [], + "panels": [ + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 34, + "panels": [], + "title": "Cluster overview", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 0 + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 65 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 90 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 8, + "x": 0, + "y": 1 + }, + "id": 4, + "maxDataPoints": 100, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "sizing": "auto" + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "sum (container_memory_working_set_bytes{id=\"/\",kubernetes_io_hostname=~\"^$Node$\"}) / sum (machine_memory_bytes{kubernetes_io_hostname=~\"^$Node$\"}) * 100", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "title": "Cluster memory usage", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 2, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 0 + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 65 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 90 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 8, + "x": 8, + "y": 1 + }, + "id": 6, + "maxDataPoints": 100, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "sizing": "auto" + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "sum (rate (container_cpu_usage_seconds_total{id=\"/\",kubernetes_io_hostname=~\"^$Node$\"}[1m])) / sum (machine_cpu_cores{kubernetes_io_hostname=~\"^$Node$\"}) * 100", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "title": "Cluster CPU usage (1m avg)", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 2, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 0 + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 65 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 90 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 5, + "w": 8, + "x": 16, + "y": 1 + }, + "id": 7, + "maxDataPoints": 100, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "sizing": "auto" + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "sum (container_fs_usage_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\",kubernetes_io_hostname=~\"^$Node$\"}) / sum (container_fs_limit_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\",kubernetes_io_hostname=~\"^$Node$\"}) * 100", + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "", + "metric": "", + "refId": "A", + "step": 10 + } + ], + "title": "Cluster filesystem usage", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "decimals": 2, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 0, + "y": 6 + }, + "id": 9, + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "sum (container_memory_working_set_bytes{id=\"/\",kubernetes_io_hostname=~\"^$Node$\"})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "title": "Used", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "decimals": 2, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 4, + "y": 6 + }, + "id": 10, + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "sum (machine_memory_bytes{kubernetes_io_hostname=~\"^$Node$\"})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "title": "Total", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "decimals": 2, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 8, + "y": 6 + }, + "id": 11, + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "sum (rate (container_cpu_usage_seconds_total{id=\"/\",kubernetes_io_hostname=~\"^$Node$\"}[1m]))", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "title": "Used", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "decimals": 2, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 12, + "y": 6 + }, + "id": 12, + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "sum (machine_cpu_cores{kubernetes_io_hostname=~\"^$Node$\"})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "title": "Total", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "decimals": 2, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 16, + "y": 6 + }, + "id": 13, + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "sum (container_fs_usage_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\",kubernetes_io_hostname=~\"^$Node$\"})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "title": "Used", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "decimals": 2, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 20, + "y": 6 + }, + "id": 14, + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "sum (container_fs_limit_bytes{device=~\"^/dev/[sv]d[a-z][1-9]$\",id=\"/\",kubernetes_io_hostname=~\"^$Node$\"})", + "interval": "10s", + "intervalFactor": 1, + "refId": "A", + "step": 10 + } + ], + "title": "Total", + "type": "stat" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 9 + }, + "id": 33, + "panels": [], + "title": "Network I/O pressure", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "Bps" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 24, + "x": 0, + "y": 10 + }, + "id": 32, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": false, + "width": 200 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "sum (rate (container_network_receive_bytes_total{kubernetes_io_hostname=~\"^$Node$\"}[1m]))", + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "Received", + "metric": "network", + "refId": "A", + "step": 10 + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "- sum (rate (container_network_transmit_bytes_total{kubernetes_io_hostname=~\"^$Node$\"}[1m]))", + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "Sent", + "metric": "network", + "refId": "B", + "step": 10 + } + ], + "title": "Network I/O pressure", + "type": "timeseries" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 16 + }, + "id": 35, + "panels": [], + "title": "Pods CPU usage", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "cores", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "smooth", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 11, + "w": 24, + "x": 0, + "y": 17 + }, + "id": 17, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum(rate(container_cpu_usage_seconds_total{image!=\"\",namespace=~\"^.*$\"}[1m])) by (pod)", + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "{{ pod_name }}", + "metric": "container_cpu", + "range": true, + "refId": "A", + "step": 10 + } + ], + "title": "Pods CPU usage (1m avg)", + "type": "timeseries" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 28 + }, + "id": 37, + "panels": [], + "title": "Containers CPU usage", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "cores", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "smooth", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 11, + "w": 24, + "x": 0, + "y": 29 + }, + "id": 46, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum (rate (container_cpu_usage_seconds_total{image!=\"\",namespace=~\"^.*$\"}[1m])) by (container, pod)", + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "pod: {{pod}}/{{container}}", + "metric": "container_cpu", + "range": true, + "refId": "A", + "step": 10 + } + ], + "title": "Containers CPU usage (1m avg)", + "type": "timeseries" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 40 + }, + "id": 39, + "panels": [], + "title": "Pods memory usage", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "smooth", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 41 + }, + "id": 25, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "width": 200 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum (container_memory_working_set_bytes{image!=\"\",namespace=~\"^.*$\"}) by (pod)", + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "{{ pod }}", + "metric": "container_memory_usage:sort_desc", + "range": true, + "refId": "A", + "step": 10 + } + ], + "title": "Pods memory usage", + "type": "timeseries" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 48 + }, + "id": 41, + "panels": [], + "title": "Containers memory usage", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "smooth", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 49 + }, + "id": 27, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "width": 200 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum (container_memory_working_set_bytes{image!=\"\",namespace=~\"^.*$\"}) by (container, pod)", + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "pod: {{ pod }}/{{ container }}", + "metric": "container_memory_usage:sort_desc", + "range": true, + "refId": "A", + "step": 10 + } + ], + "title": "Containers memory usage", + "type": "timeseries" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 56 + }, + "id": 43, + "panels": [], + "title": "Pods network I/O", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "smooth", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "Bps" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 57 + }, + "id": 16, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "width": 200 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum (rate (container_network_receive_bytes_total{image!=\"\",namespace=~\"^.*$\"}[1m])) by (pod)", + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "-> {{ pod }}", + "metric": "network", + "range": true, + "refId": "A", + "step": 10 + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "- sum (rate (container_network_transmit_bytes_total{image!=\"\",namespace=~\"^.*$\"}[1m])) by (pod)", + "hide": false, + "instant": false, + "legendFormat": "<- {{pod}}", + "range": true, + "refId": "B" + } + ], + "title": "Pods network I/O (1m avg)", + "type": "timeseries" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 64 + }, + "id": 44, + "panels": [], + "title": "Containers network I/O", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "smooth", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "Bps" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 65 + }, + "id": 30, + "options": { + "legend": { + "calcs": [ + "mean", + "lastNotNull" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "width": 200 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum (rate (container_network_receive_bytes_total{image!=\"\",namespace=~\"^.*$\"}[1m])) by (container,pod)", + "hide": false, + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "-> pod: {{ pod }}/{{ container }}", + "metric": "network", + "range": true, + "refId": "A", + "step": 10 + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "- sum (rate (container_network_transmit_bytes_total{image!=\"\",namespace=~\"^.*$\"}[1m])) by (container,pod)", + "hide": false, + "interval": "10s", + "intervalFactor": 1, + "legendFormat": "<- pod: {{ pod }}/{{ container }}", + "metric": "network", + "range": true, + "refId": "C", + "step": 10 + } + ], + "title": "Containers network I/O (1m avg)", + "type": "timeseries" + } + ], + "preload": false, + "refresh": "10s", + "schemaVersion": 42, + "tags": [ + "kubernetes" + ], + "templating": { + "list": [ + { + "allValue": ".*", + "current": { + "text": "All", + "value": "$__all" + }, + "datasource": "bezn5wieufi80d", + "includeAll": true, + "name": "Node", + "options": [], + "query": "label_values(kubernetes_io_hostname)", + "refresh": 1, + "type": "query" + }, + { + "allowCustomValue": false, + "current": { + "text": "prometheus-dev-01", + "value": "bezn5wieufi80d" + }, + "name": "datasource", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "/^prom/", + "type": "datasource" + } + ] + }, + "time": { + "from": "now-5m", + "to": "now" + }, + "timepicker": {}, + "timezone": "browser", + "title": "Kubernetes", + "uid": "9724c446-0aa7-4bfc-9fa9-ab17b860b527", + "version": 9 +} \ No newline at end of file diff --git a/terraform/modules/apps/grafana/resources/node-exporter-dashboard.json b/terraform/modules/apps/grafana/resources/node-exporter-dashboard.json new file mode 100644 index 0000000..8867861 --- /dev/null +++ b/terraform/modules/apps/grafana/resources/node-exporter-dashboard.json @@ -0,0 +1,14836 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 1, + "id": 4, + "links": [ + { + "icon": "external link", + "tags": [], + "targetBlank": true, + "title": "GitHub", + "type": "link", + "url": "https://github.com/rfmoz/grafana-dashboards" + }, + { + "icon": "external link", + "tags": [], + "targetBlank": true, + "title": "Grafana", + "type": "link", + "url": "https://grafana.com/grafana/dashboards/1860" + } + ], + "panels": [ + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 261, + "panels": [], + "title": "Quick CPU / Mem / Disk", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Resource pressure via PSI", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 1, + "links": [], + "mappings": [], + "max": 1, + "min": 0, + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "dark-yellow", + "value": 70 + }, + { + "color": "dark-red", + "value": 90 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 0, + "y": 1 + }, + "id": 323, + "options": { + "displayMode": "basic", + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "maxVizHeight": 300, + "minVizHeight": 10, + "minVizWidth": 0, + "namePlacement": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "text": {}, + "valueMode": "color" + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "editorMode": "code", + "exemplar": false, + "expr": "irate(node_pressure_cpu_waiting_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "instant": true, + "legendFormat": "CPU", + "range": false, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "exemplar": false, + "expr": "irate(node_pressure_memory_waiting_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "instant": true, + "legendFormat": "Mem", + "range": false, + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "exemplar": false, + "expr": "irate(node_pressure_io_waiting_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "instant": true, + "legendFormat": "I/O", + "range": false, + "refId": "C", + "step": 240 + }, + { + "editorMode": "code", + "exemplar": false, + "expr": "irate(node_pressure_irq_stalled_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "instant": true, + "legendFormat": "Irq", + "range": false, + "refId": "D", + "step": 240 + } + ], + "title": "Pressure", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Overall CPU busy percentage (averaged across all cores)", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 1, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 0 + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 85 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 95 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 3, + "y": 1 + }, + "id": 20, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "sizing": "auto" + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "editorMode": "code", + "exemplar": false, + "expr": "100 * (1 - avg(rate(node_cpu_seconds_total{mode=\"idle\", instance=\"$node\"}[$__rate_interval])))", + "instant": true, + "legendFormat": "", + "range": false, + "refId": "A", + "step": 240 + } + ], + "title": "CPU Busy", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "System load over all CPU cores together", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 1, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 0 + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 85 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 95 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 6, + "y": 1 + }, + "id": 155, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "sizing": "auto" + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "editorMode": "code", + "exemplar": false, + "expr": "scalar(node_load1{instance=\"$node\",job=\"$job\"}) * 100 / count(count(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}) by (cpu))", + "format": "time_series", + "instant": true, + "range": false, + "refId": "A", + "step": 240 + } + ], + "title": "Sys Load", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Real RAM usage excluding cache and reclaimable memory", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 1, + "mappings": [], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 0 + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 80 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 90 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 9, + "y": 1 + }, + "id": 16, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "sizing": "auto" + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "editorMode": "code", + "exemplar": false, + "expr": "clamp_min((1 - (node_memory_MemAvailable_bytes{instance=\"$node\", job=\"$job\"} / node_memory_MemTotal_bytes{instance=\"$node\", job=\"$job\"})) * 100, 0)", + "format": "time_series", + "instant": true, + "range": false, + "refId": "B", + "step": 240 + } + ], + "title": "RAM Used", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Percentage of swap space currently used by the system", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 1, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 0 + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 10 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 25 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 12, + "y": 1 + }, + "id": 21, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "sizing": "auto" + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "editorMode": "code", + "exemplar": false, + "expr": "((node_memory_SwapTotal_bytes{instance=\"$node\",job=\"$job\"} - node_memory_SwapFree_bytes{instance=\"$node\",job=\"$job\"}) / (node_memory_SwapTotal_bytes{instance=\"$node\",job=\"$job\"})) * 100", + "instant": true, + "range": false, + "refId": "A", + "step": 240 + } + ], + "title": "SWAP Used", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Used Root FS", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 1, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 0 + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 80 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 90 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 3, + "x": 15, + "y": 1 + }, + "id": 154, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "sizing": "auto" + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "editorMode": "code", + "exemplar": false, + "expr": "(\n (node_filesystem_size_bytes{instance=\"$node\", job=\"$job\", mountpoint=\"/\", fstype!=\"rootfs\"}\n - node_filesystem_avail_bytes{instance=\"$node\", job=\"$job\", mountpoint=\"/\", fstype!=\"rootfs\"})\n / node_filesystem_size_bytes{instance=\"$node\", job=\"$job\", mountpoint=\"/\", fstype!=\"rootfs\"}\n) * 100\n", + "format": "time_series", + "instant": true, + "range": false, + "refId": "A", + "step": 240 + } + ], + "title": "Root FS Used", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 2, + "w": 2, + "x": 18, + "y": 1 + }, + "id": 14, + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "editorMode": "code", + "exemplar": false, + "expr": "count(count(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}) by (cpu))", + "instant": true, + "legendFormat": "__auto", + "range": false, + "refId": "A" + } + ], + "title": "CPU Cores", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 0, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 2, + "w": 2, + "x": 20, + "y": 1 + }, + "id": 75, + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "editorMode": "code", + "exemplar": false, + "expr": "node_memory_MemTotal_bytes{instance=\"$node\",job=\"$job\"}", + "instant": true, + "range": false, + "refId": "A", + "step": 240 + } + ], + "title": "RAM Total", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 0, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 2, + "w": 2, + "x": 22, + "y": 1 + }, + "id": 18, + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "editorMode": "code", + "exemplar": false, + "expr": "node_memory_SwapTotal_bytes{instance=\"$node\",job=\"$job\"}", + "instant": true, + "range": false, + "refId": "A", + "step": 240 + } + ], + "title": "SWAP Total", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 0, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 0 + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 70 + }, + { + "color": "rgba(245, 54, 54, 0.9)", + "value": 90 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 2, + "w": 2, + "x": 18, + "y": 3 + }, + "id": 23, + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "editorMode": "code", + "exemplar": false, + "expr": "node_filesystem_size_bytes{instance=\"$node\",job=\"$job\",mountpoint=\"/\",fstype!=\"rootfs\"}", + "format": "time_series", + "instant": true, + "range": false, + "refId": "A", + "step": 240 + } + ], + "title": "RootFS Total", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 1, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 2, + "w": 4, + "x": 20, + "y": 3 + }, + "id": 15, + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "editorMode": "code", + "exemplar": false, + "expr": "node_time_seconds{instance=\"$node\",job=\"$job\"} - node_boot_time_seconds{instance=\"$node\",job=\"$job\"}", + "instant": true, + "range": false, + "refId": "A", + "step": 240 + } + ], + "title": "Uptime", + "type": "stat" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 5 + }, + "id": 263, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "CPU time spent busy vs idle, split by activity type", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 40, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "smooth", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "percent" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Busy Iowait" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890F02", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Idle" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#052B51", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Busy System" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#EAB839", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Busy User" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#0A437C", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Busy Other" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#6D1F62", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 6 + }, + "id": 77, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true, + "width": 250 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "exemplar": false, + "expr": "sum(irate(node_cpu_seconds_total{instance=\"$node\",job=\"$job\", mode=\"system\"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}) by (cpu)))", + "format": "time_series", + "instant": false, + "legendFormat": "Busy System", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "sum(irate(node_cpu_seconds_total{instance=\"$node\",job=\"$job\", mode=\"user\"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}) by (cpu)))", + "format": "time_series", + "legendFormat": "Busy User", + "range": true, + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "expr": "sum(irate(node_cpu_seconds_total{instance=\"$node\",job=\"$job\", mode=\"iowait\"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}) by (cpu)))", + "format": "time_series", + "legendFormat": "Busy Iowait", + "range": true, + "refId": "C", + "step": 240 + }, + { + "editorMode": "code", + "expr": "sum(irate(node_cpu_seconds_total{instance=\"$node\",job=\"$job\", mode=~\".*irq\"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}) by (cpu)))", + "format": "time_series", + "legendFormat": "Busy IRQs", + "range": true, + "refId": "D", + "step": 240 + }, + { + "editorMode": "code", + "expr": "sum(irate(node_cpu_seconds_total{instance=\"$node\",job=\"$job\", mode!='idle',mode!='user',mode!='system',mode!='iowait',mode!='irq',mode!='softirq'}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}) by (cpu)))", + "format": "time_series", + "legendFormat": "Busy Other", + "range": true, + "refId": "E", + "step": 240 + }, + { + "editorMode": "code", + "expr": "sum(irate(node_cpu_seconds_total{instance=\"$node\",job=\"$job\", mode=\"idle\"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}) by (cpu)))", + "format": "time_series", + "legendFormat": "Idle", + "range": true, + "refId": "F", + "step": 240 + } + ], + "title": "CPU Basic", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "RAM and swap usage overview, including caches", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 40, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "bytes" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Swap used" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#BF1B00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Total" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#E0F9D7", + "mode": "fixed" + } + }, + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.stacking", + "value": { + "group": false, + "mode": "normal" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Cache + Buffer" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#052B51", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Free" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#7EB26D", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 6 + }, + "id": 78, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true, + "width": 350 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_memory_MemTotal_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Total", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_MemTotal_bytes{instance=\"$node\",job=\"$job\"} - node_memory_MemFree_bytes{instance=\"$node\",job=\"$job\"} - (node_memory_Cached_bytes{instance=\"$node\",job=\"$job\"} + node_memory_Buffers_bytes{instance=\"$node\",job=\"$job\"} + node_memory_SReclaimable_bytes{instance=\"$node\",job=\"$job\"})", + "format": "time_series", + "legendFormat": "Used", + "range": true, + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_Cached_bytes{instance=\"$node\",job=\"$job\"} + node_memory_Buffers_bytes{instance=\"$node\",job=\"$job\"} + node_memory_SReclaimable_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Cache + Buffer", + "range": true, + "refId": "C", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_MemFree_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Free", + "range": true, + "refId": "D", + "step": 240 + }, + { + "editorMode": "code", + "expr": "(node_memory_SwapTotal_bytes{instance=\"$node\",job=\"$job\"} - node_memory_SwapFree_bytes{instance=\"$node\",job=\"$job\"})", + "format": "time_series", + "legendFormat": "Swap used", + "range": true, + "refId": "E", + "step": 240 + } + ], + "title": "Memory Basic", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Per-interface network traffic (receive and transmit) in bits per second", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 40, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "bps" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*Tx.*/" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 983 + }, + "id": 74, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "rate(node_network_receive_bytes_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])*8", + "format": "time_series", + "legendFormat": "Rx {{device}}", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "rate(node_network_transmit_bytes_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])*8", + "format": "time_series", + "legendFormat": "Tx {{device}} ", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Network Traffic Basic", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Percentage of filesystem space used for each mounted device", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 40, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 983 + }, + "id": 152, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "((node_filesystem_size_bytes{instance=\"$node\", job=\"$job\", device!~\"rootfs\"} - node_filesystem_avail_bytes{instance=\"$node\", job=\"$job\", device!~\"rootfs\"}) / node_filesystem_size_bytes{instance=\"$node\", job=\"$job\", device!~\"rootfs\"}) * 100", + "format": "time_series", + "legendFormat": "{{mountpoint}}", + "range": true, + "refId": "A", + "step": 240 + } + ], + "title": "Disk Space Used Basic", + "type": "timeseries" + } + ], + "title": "Basic CPU / Mem / Net / Disk", + "type": "row" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 6 + }, + "id": 265, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "CPU time usage split by state, normalized across all CPU cores", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 70, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "smooth", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "percent" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Idle - Waiting for something to happen" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#052B51", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Iowait - Waiting for I/O to complete" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#EAB839", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Irq - Servicing interrupts" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#BF1B00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Nice - Niced processes executing in user mode" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#C15C17", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Softirq - Servicing softirqs" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#E24D42", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Steal - Time spent in other operating systems when running in a virtualized environment" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#FCE2DE", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "System - Processes executing in kernel mode" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#508642", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "User - Normal processes executing in user mode" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#5195CE", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Guest CPU usage" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineStyle", + "value": { + "dash": [ + 10, + 10 + ], + "fill": "dash" + } + }, + { + "id": "custom.stacking", + "value": { + "group": "A", + "mode": "none" + } + } + ] + } + ] + }, + "gridPos": { + "h": 12, + "w": 12, + "x": 0, + "y": 991 + }, + "id": 3, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 250 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "sum(irate(node_cpu_seconds_total{mode=\"system\",instance=\"$node\",job=\"$job\"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}) by (cpu)))", + "format": "time_series", + "interval": "", + "legendFormat": "System - Processes executing in kernel mode", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "sum(irate(node_cpu_seconds_total{mode=\"user\",instance=\"$node\",job=\"$job\"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}) by (cpu)))", + "format": "time_series", + "legendFormat": "User - Normal processes executing in user mode", + "range": true, + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "expr": "sum(irate(node_cpu_seconds_total{mode=\"nice\",instance=\"$node\",job=\"$job\"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}) by (cpu)))", + "format": "time_series", + "legendFormat": "Nice - Niced processes executing in user mode", + "range": true, + "refId": "C", + "step": 240 + }, + { + "editorMode": "code", + "expr": "sum(irate(node_cpu_seconds_total{mode=\"iowait\",instance=\"$node\",job=\"$job\"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}) by (cpu)))", + "format": "time_series", + "legendFormat": "Iowait - Waiting for I/O to complete", + "range": true, + "refId": "D", + "step": 240 + }, + { + "editorMode": "code", + "expr": "sum(irate(node_cpu_seconds_total{mode=\"irq\",instance=\"$node\",job=\"$job\"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}) by (cpu)))", + "format": "time_series", + "legendFormat": "Irq - Servicing interrupts", + "range": true, + "refId": "E", + "step": 240 + }, + { + "editorMode": "code", + "expr": "sum(irate(node_cpu_seconds_total{mode=\"softirq\",instance=\"$node\",job=\"$job\"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}) by (cpu)))", + "format": "time_series", + "legendFormat": "Softirq - Servicing softirqs", + "range": true, + "refId": "F", + "step": 240 + }, + { + "editorMode": "code", + "expr": "sum(irate(node_cpu_seconds_total{mode=\"steal\",instance=\"$node\",job=\"$job\"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}) by (cpu)))", + "format": "time_series", + "legendFormat": "Steal - Time spent in other operating systems when running in a virtualized environment", + "range": true, + "refId": "G", + "step": 240 + }, + { + "editorMode": "code", + "expr": "sum(irate(node_cpu_seconds_total{mode=\"idle\",instance=\"$node\",job=\"$job\"}[$__rate_interval])) / scalar(count(count(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}) by (cpu)))", + "format": "time_series", + "legendFormat": "Idle - Waiting for something to happen", + "range": true, + "refId": "H", + "step": 240 + }, + { + "editorMode": "code", + "expr": "sum by(instance) (irate(node_cpu_guest_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])) / on(instance) group_left sum by (instance)((irate(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval]))) > 0", + "format": "time_series", + "legendFormat": "Guest CPU usage", + "range": true, + "refId": "I", + "step": 240 + } + ], + "title": "CPU", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Breakdown of physical memory and swap usage. Hardware-detected memory errors are also displayed", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 40, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "bytes" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Apps" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#629E51", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Buffers" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#614D93", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Cache" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#6D1F62", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Cached" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#511749", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Committed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#508642", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Free" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#0A437C", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Hardware Corrupted - Amount of RAM that the kernel identified as corrupted / not working" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#CFFAFF", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Inactive" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#584477", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "PageTables" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#0A50A1", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Page_Tables" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#0A50A1", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "RAM_Free" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#E0F9D7", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Slab" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#806EB7", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Slab_Cache" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#E0752D", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Swap" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#BF1B00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Swap - Swap memory usage" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#BF1B00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Swap_Cache" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#C15C17", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Swap_Free" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#2F575E", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Unused" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#EAB839", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Unused - Free memory unassigned" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#052B51", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/.*Hardware Corrupted - *./" + }, + "properties": [ + { + "id": "custom.stacking", + "value": { + "group": false, + "mode": "normal" + } + } + ] + } + ] + }, + "gridPos": { + "h": 12, + "w": 12, + "x": 12, + "y": 991 + }, + "id": 24, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 350 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_memory_MemTotal_bytes{instance=\"$node\",job=\"$job\"} - node_memory_MemFree_bytes{instance=\"$node\",job=\"$job\"} - node_memory_Buffers_bytes{instance=\"$node\",job=\"$job\"} - node_memory_Cached_bytes{instance=\"$node\",job=\"$job\"} - node_memory_Slab_bytes{instance=\"$node\",job=\"$job\"} - node_memory_PageTables_bytes{instance=\"$node\",job=\"$job\"} - node_memory_SwapCached_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Apps - Memory used by user-space applications", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_PageTables_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "PageTables - Memory used to map between virtual and physical memory addresses", + "range": true, + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_SwapCached_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "SwapCache - Memory that keeps track of pages that have been fetched from swap but not yet been modified", + "range": true, + "refId": "C", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_Slab_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Slab - Memory used by the kernel to cache data structures for its own use (caches like inode, dentry, etc)", + "range": true, + "refId": "D", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_Cached_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Cache - Parked file data (file content) cache", + "range": true, + "refId": "E", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_Buffers_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Buffers - Block device (e.g. harddisk) cache", + "range": true, + "refId": "F", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_MemFree_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Unused - Free memory unassigned", + "range": true, + "refId": "G", + "step": 240 + }, + { + "editorMode": "code", + "expr": "(node_memory_SwapTotal_bytes{instance=\"$node\",job=\"$job\"} - node_memory_SwapFree_bytes{instance=\"$node\",job=\"$job\"})", + "format": "time_series", + "legendFormat": "Swap - Swap space used", + "range": true, + "refId": "H", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_HardwareCorrupted_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Hardware Corrupted - Amount of RAM that the kernel identified as corrupted / not working", + "range": true, + "refId": "I", + "step": 240 + } + ], + "title": "Memory", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Incoming and outgoing network traffic per interface", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "out (-) / in (+)", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 40, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "bps" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*out.*/" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + } + ] + } + ] + }, + "gridPos": { + "h": 12, + "w": 12, + "x": 0, + "y": 1613 + }, + "id": 84, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "rate(node_network_receive_bytes_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])*8", + "format": "time_series", + "legendFormat": "{{device}} - Rx in", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "rate(node_network_transmit_bytes_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])*8", + "format": "time_series", + "legendFormat": "{{device}} - Tx out", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Network Traffic", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Network interface utilization as a percentage of its maximum capacity", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "out (-) / in (+)", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 40, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*out.*/" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + } + ] + } + ] + }, + "gridPos": { + "h": 12, + "w": 12, + "x": 12, + "y": 1613 + }, + "id": 338, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "rate(node_network_receive_bytes_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])\n / ignoring(speed) node_network_speed_bytes{instance=\"$node\",job=\"$job\", speed!=\"-1\"}", + "format": "time_series", + "legendFormat": "{{device}} - Rx in", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "(rate(node_network_transmit_bytes_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])\n / ignoring(speed) node_network_speed_bytes{instance=\"$node\",job=\"$job\", speed!=\"-1\"})", + "format": "time_series", + "legendFormat": "{{device}} - Tx out", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Network Saturation", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Disk I/O operations per second for each device", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "read (-) / write (+)", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "iops" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*Read.*/" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + } + ] + } + ] + }, + "gridPos": { + "h": 12, + "w": 12, + "x": 0, + "y": 1625 + }, + "id": 229, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_disk_reads_completed_total{instance=\"$node\",job=\"$job\",device=~\"[a-z]+|nvme[0-9]+n[0-9]+|mmcblk[0-9]+\"}[$__rate_interval])", + "legendFormat": "{{device}} - Read", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_disk_writes_completed_total{instance=\"$node\",job=\"$job\",device=~\"[a-z]+|nvme[0-9]+n[0-9]+|mmcblk[0-9]+\"}[$__rate_interval])", + "legendFormat": "{{device}} - Write", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Disk IOps", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Disk I/O throughput per device", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "read (-) / write (+)", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 40, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "Bps" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*Read*./" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + } + ] + } + ] + }, + "gridPos": { + "h": 12, + "w": 12, + "x": 12, + "y": 1625 + }, + "id": 42, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_disk_read_bytes_total{instance=\"$node\",job=\"$job\",device=~\"[a-z]+|nvme[0-9]+n[0-9]+|mmcblk[0-9]+\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "{{device}} - Read", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_disk_written_bytes_total{instance=\"$node\",job=\"$job\",device=~\"[a-z]+|nvme[0-9]+n[0-9]+|mmcblk[0-9]+\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "{{device}} - Write", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Disk Throughput", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Amount of available disk space per mounted filesystem, excluding rootfs. Based on block availability to non-root users", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 12, + "w": 12, + "x": 0, + "y": 1637 + }, + "id": 43, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_filesystem_avail_bytes{instance=\"$node\",job=\"$job\",device!~'rootfs'}", + "format": "time_series", + "legendFormat": "{{mountpoint}}", + "metric": "", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_filesystem_free_bytes{instance=\"$node\",job=\"$job\",device!~'rootfs'}", + "format": "time_series", + "hide": true, + "legendFormat": "{{mountpoint}} - Free", + "range": true, + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_filesystem_size_bytes{instance=\"$node\",job=\"$job\",device!~'rootfs'}", + "format": "time_series", + "hide": true, + "legendFormat": "{{mountpoint}} - Size", + "range": true, + "refId": "C", + "step": 240 + } + ], + "title": "Filesystem Space Available", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Disk usage (used = total - available) per mountpoint", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 12, + "w": 12, + "x": 12, + "y": 1637 + }, + "id": 156, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_filesystem_size_bytes{instance=\"$node\",job=\"$job\",device!~'rootfs'} - node_filesystem_avail_bytes{instance=\"$node\",job=\"$job\",device!~'rootfs'}", + "format": "time_series", + "legendFormat": "{{mountpoint}}", + "range": true, + "refId": "A", + "step": 240 + } + ], + "title": "Filesystem Used", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Percentage of time the disk was actively processing I/O operations", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 40, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 12, + "w": 12, + "x": 0, + "y": 1649 + }, + "id": 127, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_disk_io_time_seconds_total{instance=\"$node\",job=\"$job\",device=~\"[a-z]+|nvme[0-9]+n[0-9]+|mmcblk[0-9]+\"} [$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "{{device}}", + "range": true, + "refId": "A", + "step": 240 + } + ], + "title": "Disk I/O Utilization", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "How often tasks experience CPU, memory, or I/O delays. “Some” indicates partial slowdown; “Full” indicates all tasks are stalled. Based on Linux PSI metrics:\nhttps://docs.kernel.org/accounting/psi.html", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "some (-) / full (+)", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*Some.*/" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/.*Some.*/" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + } + ] + } + ] + }, + "gridPos": { + "h": 12, + "w": 12, + "x": 12, + "y": 1649 + }, + "id": 322, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "rate(node_pressure_cpu_waiting_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "CPU - Some", + "range": true, + "refId": "CPU some", + "step": 240 + }, + { + "editorMode": "code", + "expr": "rate(node_pressure_memory_waiting_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "Memory - Some", + "range": true, + "refId": "Memory some", + "step": 240 + }, + { + "editorMode": "code", + "expr": "rate(node_pressure_memory_stalled_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "Memory - Full", + "range": true, + "refId": "Memory full", + "step": 240 + }, + { + "editorMode": "code", + "expr": "rate(node_pressure_io_waiting_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "I/O - Some", + "range": true, + "refId": "I/O some", + "step": 240 + }, + { + "editorMode": "code", + "expr": "rate(node_pressure_io_stalled_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "I/O - Full", + "range": true, + "refId": "I/O full", + "step": 240 + }, + { + "editorMode": "code", + "expr": "rate(node_pressure_irq_stalled_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "IRQ - Full", + "range": true, + "refId": "A", + "step": 240 + } + ], + "title": "Pressure Stall Information", + "type": "timeseries" + } + ], + "title": "CPU / Memory / Net / Disk", + "type": "row" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 7 + }, + "id": 266, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Displays committed memory usage versus the system's commit limit. Exceeding the limit is allowed under Linux overcommit policies but may increase OOM risks under high load", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "bytes" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*CommitLimit - *./" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#BF1B00", + "mode": "fixed" + } + }, + { + "id": "custom.fillOpacity", + "value": 0 + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 992 + }, + "id": 135, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 350 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_memory_Committed_AS_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Committed_AS – Memory promised to processes (not necessarily used)", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_CommitLimit_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "CommitLimit - Max allowable committed memory", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Memory Committed", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Memory currently dirty (modified but not yet written to disk), being actively written back, or held by writeback buffers. High dirty or writeback memory may indicate disk I/O pressure or delayed flushing", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 992 + }, + "id": 130, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_memory_Writeback_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Writeback – Memory currently being flushed to disk", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_WritebackTmp_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "WritebackTmp – FUSE temporary writeback buffers", + "range": true, + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_Dirty_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Dirty – Memory marked dirty (pending write to disk)", + "range": true, + "refId": "C", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_NFS_Unstable_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "NFS Unstable – Pages sent to NFS server, awaiting storage commit", + "range": true, + "refId": "D", + "step": 240 + } + ], + "title": "Memory Writeback and Dirty", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Kernel slab memory usage, separated into reclaimable and non-reclaimable categories. Reclaimable memory can be freed under memory pressure (e.g., caches), while unreclaimable memory is locked by the kernel for core functions", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 1362 + }, + "id": 131, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_memory_SUnreclaim_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "SUnreclaim – Non-reclaimable slab memory (kernel objects)", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_SReclaimable_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "SReclaimable – Potentially reclaimable slab memory (e.g., inode cache)", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Memory Slab", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Memory used for mapped files (such as libraries) and shared memory (shmem and tmpfs), including variants backed by huge pages", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 1362 + }, + "id": 138, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 350 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_memory_Mapped_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Mapped – Memory mapped from files (e.g., libraries, mmap)", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_Shmem_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Shmem – Shared memory used by processes and tmpfs", + "range": true, + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_ShmemHugePages_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "ShmemHugePages – Shared memory (shmem/tmpfs) allocated with HugePages", + "range": true, + "refId": "C", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_ShmemPmdMapped_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "PMD Mapped – Shmem/tmpfs backed by Transparent HugePages (PMD)", + "range": true, + "refId": "D", + "step": 240 + } + ], + "title": "Memory Shared and Mapped", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Proportion of memory pages in the kernel's active and inactive LRU lists relative to total RAM. Active pages have been recently used, while inactive pages are less recently accessed but still resident in memory", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*Active.*/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/.*Inactive.*/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-blue", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 1372 + }, + "id": 136, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 350 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "(node_memory_Inactive_bytes{instance=\"$node\",job=\"$job\"}) \n/ \n(node_memory_MemTotal_bytes{instance=\"$node\",job=\"$job\"})", + "format": "time_series", + "legendFormat": "Inactive – Less recently used memory, more likely to be reclaimed", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "(node_memory_Active_bytes{instance=\"$node\",job=\"$job\"}) \n/ \n(node_memory_MemTotal_bytes{instance=\"$node\",job=\"$job\"})\n", + "format": "time_series", + "legendFormat": "Active – Recently used memory, retained unless under pressure", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Memory LRU Active / Inactive (%)", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Breakdown of memory pages in the kernel's active and inactive LRU lists, separated by anonymous (heap, tmpfs) and file-backed (caches, mmap) pages.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 1372 + }, + "id": 191, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 350 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_memory_Inactive_file_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Inactive_file - File-backed memory on inactive LRU list", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_Inactive_anon_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Inactive_anon – Anonymous memory on inactive LRU (incl. tmpfs & swap cache)", + "range": true, + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_Active_file_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Active_file - File-backed memory on active LRU list", + "range": true, + "refId": "C", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_Active_anon_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Active_anon – Anonymous memory on active LRU (incl. tmpfs & swap cache)", + "range": true, + "refId": "D", + "step": 240 + } + ], + "title": "Memory LRU Active / Inactive Detail", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Tracks kernel memory used for CPU-local structures, per-thread stacks, and bounce buffers used for I/O on DMA-limited devices. These areas are typically small but critical for low-level operations", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 1382 + }, + "id": 160, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 350 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_memory_KernelStack_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "KernelStack – Kernel stack memory (per-thread, non-reclaimable)", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_Percpu_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "PerCPU – Dynamically allocated per-CPU memory (used by kernel modules)", + "range": true, + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_Bounce_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "Bounce Memory – I/O buffer for DMA-limited devices", + "range": true, + "refId": "C", + "step": 240 + } + ], + "title": "Memory Kernel / CPU / IO", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Usage of the kernel's vmalloc area, which provides virtual memory allocations for kernel modules and drivers. Includes total, used, and largest free block sizes", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "bytes" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*Total.*/" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineStyle", + "value": { + "dash": [ + 10, + 10 + ], + "fill": "dash" + } + }, + { + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 1382 + }, + "id": 70, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_memory_VmallocChunk_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Vmalloc Free Chunk – Largest available block in vmalloc area", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_VmallocTotal_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Vmalloc Total – Total size of the vmalloc memory area", + "range": true, + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_VmallocUsed_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Vmalloc Used – Portion of vmalloc area currently in use", + "range": true, + "refId": "C", + "step": 240 + } + ], + "title": "Memory Vmalloc", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Memory used by anonymous pages (not backed by files), including standard and huge page allocations. Includes heap, stack, and memory-mapped anonymous regions", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 1392 + }, + "id": 129, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_memory_AnonHugePages_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "AnonHugePages – Anonymous memory using HugePages", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_AnonPages_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "AnonPages – Anonymous memory (non-file-backed)", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Memory Anonymous", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Memory that is locked in RAM and cannot be swapped out. Includes both kernel-unevictable memory and user-level memory locked with mlock()", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "bytes" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Hardware Corrupted - Amount of RAM that the kernel identified as corrupted / not working" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#CFFAFF", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 1392 + }, + "id": 137, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 350 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_memory_Unevictable_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Unevictable – Kernel-pinned memory (not swappable)", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_Mlocked_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Mlocked – Application-locked memory via mlock()", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Memory Unevictable and MLocked", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "How much memory is directly mapped in the kernel using different page sizes (4K, 2M, 1G). Helps monitor large page utilization in the direct map region", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Active" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#99440A", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Buffers" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#58140C", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Cache" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#6D1F62", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Cached" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#511749", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Committed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#508642", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Dirty" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#6ED0E0", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Free" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#B7DBAB", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Inactive" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#EA6460", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Mapped" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#052B51", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "PageTables" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#0A50A1", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Page_Tables" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#0A50A1", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Slab_Cache" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#EAB839", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Swap" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#BF1B00", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Swap_Cache" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#C15C17", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Total" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#511749", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Total RAM" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#052B51", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Total RAM + Swap" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#052B51", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "VmallocUsed" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#EA6460", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 1402 + }, + "id": 128, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_memory_DirectMap1G_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "DirectMap 1G – Memory mapped with 1GB pages", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_DirectMap2M_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "DirectMap 2M – Memory mapped with 2MB pages", + "range": true, + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_DirectMap4k_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "DirectMap 4K – Memory mapped with 4KB pages", + "range": true, + "refId": "C", + "step": 240 + } + ], + "title": "Memory DirectMap", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Displays HugePages memory usage in bytes, including allocated, free, reserved, and surplus memory. All values are calculated based on the number of huge pages multiplied by their configured size", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 1402 + }, + "id": 140, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_memory_HugePages_Free{instance=\"$node\",job=\"$job\"} * node_memory_Hugepagesize_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "HugePages Used – Currently allocated", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_HugePages_Rsvd{instance=\"$node\",job=\"$job\"} * node_memory_Hugepagesize_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "HugePages Reserved – Promised but unused", + "range": true, + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_HugePages_Surp{instance=\"$node\",job=\"$job\"} * node_memory_Hugepagesize_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "HugePages Surplus – Dynamic pool extension", + "range": true, + "refId": "C", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_memory_HugePages_Total{instance=\"$node\",job=\"$job\"} * node_memory_Hugepagesize_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "HugePages Total – Reserved memory", + "range": true, + "refId": "D", + "step": 240 + } + ], + "title": "Memory HugePages", + "type": "timeseries" + } + ], + "title": "Memory Meminfo", + "type": "row" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 8 + }, + "id": 267, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Rate of memory pages being read from or written to disk (page-in and page-out operations). High page-out may indicate memory pressure or swapping activity", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "out (-) / in (+)", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "ops" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*out.*/" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 993 + }, + "id": 176, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_vmstat_pgpgin{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "Pagesin - Page in ops", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_vmstat_pgpgout{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "Pagesout - Page out ops", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Memory Pages In / Out", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Rate at which memory pages are being swapped in from or out to disk. High swap-out activity may indicate memory pressure", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "out (-) / in (+)", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "ops" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*out.*/" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 993 + }, + "id": 22, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_vmstat_pswpin{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "Pswpin - Pages swapped in", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_vmstat_pswpout{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "Pswpout - Pages swapped out", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Memory Pages Swap In / Out", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Rate of memory page faults, split into total, major (disk-backed), and derived minor (non-disk) faults. High major fault rates may indicate memory pressure or insufficient RAM", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "ops" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Pgfault - Page major and minor fault ops" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.stacking", + "value": { + "group": false, + "mode": "none" + } + }, + { + "id": "custom.lineStyle", + "value": { + "dash": [ + 10, + 10 + ], + "fill": "dash" + } + }, + { + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 1173 + }, + "id": 175, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 350 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_vmstat_pgfault{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "Pgfault - Page major and minor fault ops", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_vmstat_pgmajfault{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "Pgmajfault - Major page fault ops", + "range": true, + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_vmstat_pgfault{instance=\"$node\",job=\"$job\"}[$__rate_interval]) - irate(node_vmstat_pgmajfault{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "Pgminfault - Minor page fault ops", + "range": true, + "refId": "C", + "step": 240 + } + ], + "title": "Memory Page Faults", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Rate of Out-of-Memory (OOM) kill events. A non-zero value indicates the kernel has terminated one or more processes due to memory exhaustion", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "ops" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "OOM Kills" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 1173 + }, + "id": 307, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_vmstat_oom_kill{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "OOM Kills", + "range": true, + "refId": "A", + "step": 240 + } + ], + "title": "OOM Killer", + "type": "timeseries" + } + ], + "title": "Memory Vmstat", + "type": "row" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 9 + }, + "id": 293, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Tracks the system clock's estimated and maximum error, as well as its offset from the reference clock (e.g., via NTP). Useful for detecting synchronization drift", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 10 + }, + "id": 260, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_timex_estimated_error_seconds{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "Estimated error", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_timex_offset_seconds{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "Offset local vs reference", + "range": true, + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_timex_maxerror_seconds{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "Maximum error", + "range": true, + "refId": "C", + "step": 240 + } + ], + "title": "Time Synchronized Drift", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "NTP phase-locked loop (PLL) time constant used by the kernel to control time adjustments. Lower values mean faster correction but less stability", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 10 + }, + "id": 291, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_timex_loop_time_constant{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "PLL Time Constant", + "range": true, + "refId": "A", + "step": 240 + } + ], + "title": "Time PLL Adjust", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Shows whether the system clock is synchronized to a reliable time source, and the current frequency correction ratio applied by the kernel to maintain synchronization", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 990 + }, + "id": 168, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_timex_sync_status{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "Sync status (1 = ok)", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_timex_frequency_adjustment_ratio{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "Frequency Adjustment", + "range": true, + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_timex_tick_seconds{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "hide": true, + "interval": "", + "legendFormat": "Tick Interval", + "range": true, + "refId": "C", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_timex_tai_offset_seconds{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "hide": true, + "interval": "", + "legendFormat": "TAI Offset", + "range": true, + "refId": "D", + "step": 240 + } + ], + "title": "Time Synchronized Status", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Displays the PPS signal's frequency offset and stability (jitter) in hertz. Useful for monitoring high-precision time sources like GPS or atomic clocks", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "rothz" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 990 + }, + "id": 333, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_timex_pps_frequency_hertz{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "PPS Frequency Offset", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_timex_pps_stability_hertz{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "PPS Frequency Stability", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "PPS Frequency / Stability", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Tracks PPS signal timing jitter and shift compared to system clock", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 1000 + }, + "id": 334, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_timex_pps_jitter_seconds{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "PPS Jitter", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_timex_pps_shift_seconds{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "PPS Shift", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "PPS Time Accuracy", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Rate of PPS synchronization diagnostics including calibration events, jitter violations, errors, and frequency stability exceedances", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 1000 + }, + "id": 335, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_timex_pps_calibration_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "PPS Calibrations/sec", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_timex_pps_error_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "PPS Errors/sec", + "range": true, + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_timex_pps_stability_exceeded_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "PPS Stability Exceeded/sec", + "range": true, + "refId": "C", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_timex_pps_jitter_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "PPS Jitter Events/sec", + "range": true, + "refId": "D", + "step": 240 + } + ], + "title": "PPS Sync Events", + "type": "timeseries" + } + ], + "title": "System Timesync", + "type": "row" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 10 + }, + "id": 312, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Processes currently in runnable or blocked states. Helps identify CPU contention or I/O wait bottlenecks.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 11 + }, + "id": 62, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_procs_blocked{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Blocked (I/O Wait)", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_procs_running{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Runnable (Ready for CPU)", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Processes Status", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Shows CPU saturation per core, calculated as the proportion of time spent waiting to run relative to total time demanded (running + waiting).", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*waiting.*/" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 11 + }, + "id": 305, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_schedstat_running_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "hide": true, + "interval": "", + "legendFormat": "CPU {{ cpu }} - Running", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_schedstat_waiting_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "hide": true, + "interval": "", + "legendFormat": "CPU {{cpu}} - Waiting Queue", + "range": true, + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_schedstat_waiting_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])\n/\n(irate(node_schedstat_running_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval]) + irate(node_schedstat_waiting_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval]))\n", + "format": "time_series", + "interval": "", + "legendFormat": "CPU {{cpu}}", + "range": true, + "refId": "C", + "step": 240 + } + ], + "title": "CPU Saturation per Core", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Rate of new processes being created on the system (forks/sec).", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "ops" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 971 + }, + "id": 148, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_forks_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "Process Forks per second", + "range": true, + "refId": "A", + "step": 240 + } + ], + "title": "Processes Forks", + "type": "timeseries" + } + ], + "title": "System Processes", + "type": "row" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 11 + }, + "id": 269, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Per-second rate of context switches and hardware interrupts. High values may indicate intense CPU or I/O activity", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "ops" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 12 + }, + "id": 8, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_context_switches_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "Context switches", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_intr_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "Interrupts", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Context Switches / Interrupts", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "System load average over 1, 5, and 15 minutes. Reflects the number of active or waiting processes. Values above CPU core count may indicate overload", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "CPU Core Count" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineStyle", + "value": { + "dash": [ + 10, + 10 + ], + "fill": "dash" + } + }, + { + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 12 + }, + "id": 7, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_load1{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Load 1m", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_load5{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Load 5m", + "range": true, + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_load15{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Load 15m", + "range": true, + "refId": "C", + "step": 240 + }, + { + "editorMode": "code", + "expr": "count(count(node_cpu_seconds_total{instance=\"$node\",job=\"$job\"}) by (cpu))", + "format": "time_series", + "legendFormat": "CPU Core Count", + "range": true, + "refId": "D", + "step": 240 + } + ], + "title": "System Load", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Real-time CPU frequency scaling per core, including average minimum and maximum allowed scaling frequencies", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "hertz" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Max" + }, + "properties": [ + { + "id": "custom.lineStyle", + "value": { + "dash": [ + 10, + 10 + ], + "fill": "dash" + } + }, + { + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" + } + }, + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": false, + "viz": false + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Min" + }, + "properties": [ + { + "id": "custom.lineStyle", + "value": { + "dash": [ + 10, + 10 + ], + "fill": "dash" + } + }, + { + "id": "color", + "value": { + "fixedColor": "blue", + "mode": "fixed" + } + }, + { + "id": "custom.hideFrom", + "value": { + "legend": true, + "tooltip": false, + "viz": false + } + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 902 + }, + "id": 321, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_cpu_scaling_frequency_hertz{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "CPU {{ cpu }}", + "range": true, + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "expr": "avg(node_cpu_scaling_frequency_max_hertz{instance=\"$node\",job=\"$job\"})", + "format": "time_series", + "interval": "", + "legendFormat": "Max", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "avg(node_cpu_scaling_frequency_min_hertz{instance=\"$node\",job=\"$job\"})", + "format": "time_series", + "interval": "", + "legendFormat": "Min", + "range": true, + "refId": "C", + "step": 240 + } + ], + "title": "CPU Frequency Scaling", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Rate of scheduling timeslices executed per CPU. Reflects how frequently the scheduler switches tasks on each core", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "ops" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 902 + }, + "id": 306, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_schedstat_timeslices_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "CPU {{ cpu }}", + "range": true, + "refId": "A", + "step": 240 + } + ], + "title": "CPU Schedule Timeslices", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Number of bits of entropy currently available to the system's random number generators (e.g., /dev/random). Low values may indicate that random number generation could block or degrade performance of cryptographic operations", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "decbits" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Entropy pool max" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineStyle", + "value": { + "dash": [ + 10, + 10 + ], + "fill": "dash" + } + }, + { + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 912 + }, + "id": 151, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_entropy_available_bits{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Entropy available", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_entropy_pool_size_bits{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Entropy pool max", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Entropy", + "type": "timeseries" + } + ], + "title": "System Misc", + "type": "row" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 12 + }, + "id": 304, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Monitors hardware sensor temperatures and critical thresholds as exposed by Linux hwmon. Includes CPU, GPU, and motherboard sensors where available", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "celsius" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*Critical*./" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#E24D42", + "mode": "fixed" + } + }, + { + "id": "custom.fillOpacity", + "value": 0 + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 923 + }, + "id": 158, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_hwmon_temp_celsius{instance=\"$node\",job=\"$job\"} * on(chip) group_left(chip_name) node_hwmon_chip_names{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "{{ chip_name }} {{ sensor }}", + "range": true, + "refId": "A", + "step": 240 + }, + { + "expr": "node_hwmon_temp_crit_alarm_celsius{instance=\"$node\",job=\"$job\"} * on(chip) group_left(chip_name) node_hwmon_chip_names{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "hide": true, + "interval": "", + "legendFormat": "{{ chip_name }} {{ sensor }} Critical Alarm", + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_hwmon_temp_crit_celsius{instance=\"$node\",job=\"$job\"} * on(chip) group_left(chip_name) node_hwmon_chip_names{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "{{ chip_name }} {{ sensor }} Critical", + "range": true, + "refId": "C", + "step": 240 + }, + { + "expr": "node_hwmon_temp_crit_hyst_celsius{instance=\"$node\",job=\"$job\"} * on(chip) group_left(chip_name) node_hwmon_chip_names{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "hide": true, + "interval": "", + "legendFormat": "{{ chip_name }} {{ sensor }} Critical Historical", + "refId": "D", + "step": 240 + }, + { + "expr": "node_hwmon_temp_max_celsius{instance=\"$node\",job=\"$job\"} * on(chip) group_left(chip_name) node_hwmon_chip_names{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "hide": true, + "interval": "", + "legendFormat": "{{ chip_name }} {{ sensor }} Max", + "refId": "E", + "step": 240 + } + ], + "title": "Hardware Temperature Monitor", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Shows how hard each cooling device (fan/throttle) is working relative to its maximum capacity", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "percent" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*Max*./" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#EF843C", + "mode": "fixed" + } + }, + { + "id": "custom.fillOpacity", + "value": 0 + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 923 + }, + "id": 300, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "100 * node_cooling_device_cur_state{instance=\"$node\",job=\"$job\"} / node_cooling_device_max_state{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "{{ name }} - {{ type }} ", + "range": true, + "refId": "A", + "step": 240 + } + ], + "title": "Cooling Device Utilization", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Shows the online status of power supplies (e.g., AC, battery). A value of 1-Yes indicates the power supply is active/online", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bool_yes_no" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 933 + }, + "id": 302, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_power_supply_online{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "{{ power_supply }} online", + "range": true, + "refId": "A", + "step": 240 + } + ], + "title": "Power Supply", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Displays the current fan speeds (RPM) from hardware sensors via the hwmon interface", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "rotrpm" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 933 + }, + "id": 325, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_hwmon_fan_rpm{instance=\"$node\",job=\"$job\"} * on(chip) group_left(chip_name) node_hwmon_chip_names{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "{{ chip_name }} {{ sensor }}", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_hwmon_fan_min_rpm{instance=\"$node\",job=\"$job\"} * on(chip) group_left(chip_name) node_hwmon_chip_names{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "hide": true, + "interval": "", + "legendFormat": "{{ chip_name }} {{ sensor }} rpm min", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Hardware Fan Speed", + "type": "timeseries" + } + ], + "title": "Hardware Misc", + "type": "row" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 13 + }, + "id": 270, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Number of I/O operations completed per second for the device (after merges), including both reads and writes", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "read (–) / write (+)", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "iops" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*Read.*/" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/sda.*/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 14 + }, + "id": 9, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_disk_reads_completed_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "legendFormat": "{{device}} - Read", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_disk_writes_completed_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "legendFormat": "{{device}} - Write", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Disk Read/Write IOps", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Number of bytes read from or written to the device per second", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "read (–) / write (+)", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "Bps" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*Read.*/" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/sda.*/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 14 + }, + "id": 33, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_disk_read_bytes_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "{{device}} - Read", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "exemplar": false, + "expr": "irate(node_disk_written_bytes_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "instant": false, + "legendFormat": "{{device}} - Write", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Disk Read/Write Data", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Average time for requests issued to the device to be served. This includes the time spent by the requests in queue and the time spent servicing them.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "read (–) / write (+)", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "s" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*Read.*/" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/sda.*/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 454 + }, + "id": 37, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_disk_read_time_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval]) / irate(node_disk_reads_completed_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "interval": "", + "legendFormat": "{{device}} - Read", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_disk_write_time_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval]) / irate(node_disk_writes_completed_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "interval": "", + "legendFormat": "{{device}} - Write", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Disk Average Wait Time", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Average queue length of the requests that were issued to the device", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/sda_*/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#7EB26D", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 454 + }, + "id": 35, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_disk_io_time_weighted_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "interval": "", + "legendFormat": "{{device}}", + "range": true, + "refId": "A", + "step": 240 + } + ], + "title": "Average Queue Size", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Number of read and write requests merged per second that were queued to the device", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "read (–) / write (+)", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "iops" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*Read.*/" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/sda.*/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 464 + }, + "id": 133, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_disk_reads_merged_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "legendFormat": "{{device}} - Read", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_disk_writes_merged_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "legendFormat": "{{device}} - Write", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Disk R/W Merged", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Percentage of time the disk spent actively processing I/O operations, including general I/O, discards (TRIM), and write cache flushes", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/sda.*/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 464 + }, + "id": 36, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_disk_io_time_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "interval": "", + "legendFormat": "{{device}} - General IO", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_disk_discard_time_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "interval": "", + "legendFormat": "{{device}} - Discard/TRIM", + "range": true, + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_disk_flush_requests_time_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "interval": "", + "legendFormat": "{{device}} - Flush (write cache)", + "range": true, + "refId": "C", + "step": 240 + } + ], + "title": "Time Spent Doing I/Os", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Per-second rate of discard (TRIM) and flush (write cache) operations. Useful for monitoring low-level disk activity on SSDs and advanced storage", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "ops" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/sda.*/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 474 + }, + "id": 301, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_disk_discards_completed_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "interval": "", + "legendFormat": "{{device}} - Discards completed", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_disk_discards_merged_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "interval": "", + "legendFormat": "{{device}} - Discards merged", + "range": true, + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_disk_flush_requests_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "interval": "", + "legendFormat": "{{device}} - Flush", + "range": true, + "refId": "C", + "step": 240 + } + ], + "title": "Disk Ops Discards / Flush", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Shows how many disk sectors are discarded (TRIMed) per second. Useful for monitoring SSD behavior and storage efficiency", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/sda.*/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 474 + }, + "id": 326, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_disk_discarded_sectors_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "interval": "", + "legendFormat": "{{device}}", + "range": true, + "refId": "A", + "step": 240 + } + ], + "title": "Disk Sectors Discarded Successfully", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Number of in-progress I/O requests at the time of sampling (active requests in the disk queue)", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "none" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/sda.*/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "orange", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 484 + }, + "id": 34, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_disk_io_now{instance=\"$node\",job=\"$job\"}", + "interval": "", + "legendFormat": "{{device}}", + "range": true, + "refId": "A", + "step": 240 + } + ], + "title": "Instantaneous Queue Size", + "type": "timeseries" + } + ], + "title": "Storage Disk", + "type": "row" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 14 + }, + "id": 271, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Number of file descriptors currently allocated system-wide versus the system limit. Important for detecting descriptor exhaustion risks", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*Max.*/" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineStyle", + "value": { + "dash": [ + 10, + 10 + ], + "fill": "dash" + } + }, + { + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 2170 + }, + "id": 28, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.6.1", + "targets": [ + { + "editorMode": "code", + "expr": "node_filefd_maximum{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Max open files", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_filefd_allocated{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "Open files", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "File Descriptor", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Number of free file nodes (inodes) available per mounted filesystem. A low count may prevent file creation even if disk space is available", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 2170 + }, + "id": 41, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.6.1", + "targets": [ + { + "editorMode": "code", + "expr": "node_filesystem_files_free{instance=\"$node\",job=\"$job\",device!~'rootfs'}", + "format": "time_series", + "legendFormat": "{{mountpoint}}", + "range": true, + "refId": "A", + "step": 240 + } + ], + "title": "File Nodes Free", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Indicates filesystems mounted in read-only mode or reporting device-level I/O errors.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "max": 1, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "bool_yes_no" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 2510 + }, + "id": 44, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.6.1", + "targets": [ + { + "editorMode": "code", + "expr": "node_filesystem_readonly{instance=\"$node\",job=\"$job\",device!~'rootfs'}", + "format": "time_series", + "legendFormat": "{{mountpoint}} - ReadOnly", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_filesystem_device_error{instance=\"$node\",job=\"$job\",device!~'rootfs',fstype!~'tmpfs'}", + "format": "time_series", + "interval": "", + "legendFormat": "{{mountpoint}} - Device error", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Filesystem in ReadOnly / Error", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Number of file nodes (inodes) available per mounted filesystem. Reflects maximum file capacity regardless of disk size", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 2510 + }, + "id": 219, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.6.1", + "targets": [ + { + "editorMode": "code", + "expr": "node_filesystem_files{instance=\"$node\",job=\"$job\",device!~'rootfs'}", + "format": "time_series", + "legendFormat": "{{mountpoint}}", + "range": true, + "refId": "A", + "step": 240 + } + ], + "title": "File Nodes Size", + "type": "timeseries" + } + ], + "title": "Storage Filesystem", + "type": "row" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 15 + }, + "id": 272, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Number of network packets received and transmitted per second, by interface.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "out (-) / in (+)", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "pps" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*out.*/" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 16 + }, + "id": 60, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 300 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "rate(node_network_receive_packets_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "{{device}} - Rx in", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "rate(node_network_transmit_packets_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "{{device}} - Tx out", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Network Traffic by Packets", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Rate of packet-level errors for each network interface. Receive errors may indicate physical or driver issues; transmit errors may reflect collisions or hardware faults", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "out (-) / in (+)", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "pps" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*out.*/" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 16 + }, + "id": 142, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 300 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "rate(node_network_receive_errs_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "{{device}} - Rx in", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "rate(node_network_transmit_errs_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "{{device}} - Tx out", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Network Traffic Errors", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Rate of dropped packets per network interface. Receive drops can indicate buffer overflow or driver issues; transmit drops may result from outbound congestion or queuing limits", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "out (-) / in (+)", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "pps" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*out.*/" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 26 + }, + "id": 143, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 300 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "rate(node_network_receive_drop_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "{{device}} - Rx in", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "rate(node_network_transmit_drop_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "{{device}} - Tx out", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Network Traffic Drop", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Rate of compressed network packets received and transmitted per interface. These are common in low-bandwidth or special interfaces like PPP or SLIP", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "out (-) / in (+)", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "pps" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*out.*/" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 26 + }, + "id": 141, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 300 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "rate(node_network_receive_compressed_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "{{device}} - Rx in", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "rate(node_network_transmit_compressed_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "{{device}} - Tx out", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Network Traffic Compressed", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Rate of incoming multicast packets received per network interface. Multicast is used by protocols such as mDNS, SSDP, and some streaming or cluster services", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "out (-) / in (+)", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "pps" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*out.*/" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 36 + }, + "id": 146, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 300 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "rate(node_network_receive_multicast_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "{{device}} - Rx in", + "range": true, + "refId": "A", + "step": 240 + } + ], + "title": "Network Traffic Multicast", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Rate of received packets that could not be processed due to missing protocol or handler in the kernel. May indicate unsupported traffic or misconfiguration", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "out (-) / in (+)", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "pps" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*out.*/" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 36 + }, + "id": 327, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 300 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "rate(node_network_receive_nohandler_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "{{device}} - Rx in", + "range": true, + "refId": "A", + "step": 240 + } + ], + "title": "Network Traffic NoHandler", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Rate of frame errors on received packets, typically caused by physical layer issues such as bad cables, duplex mismatches, or hardware problems", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "out (-) / in (+)", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "pps" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*out.*/" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 46 + }, + "id": 145, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 300 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.6.1", + "targets": [ + { + "editorMode": "code", + "expr": "rate(node_network_receive_frame_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "{{device}} - Rx in", + "range": true, + "refId": "A", + "step": 240 + } + ], + "title": "Network Traffic Frame", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Tracks FIFO buffer overrun errors on network interfaces. These occur when incoming or outgoing packets are dropped due to queue or buffer overflows, often indicating congestion or hardware limits", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "out (-) / in (+)", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "pps" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*out.*/" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 46 + }, + "id": 144, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 300 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.6.1", + "targets": [ + { + "editorMode": "code", + "expr": "rate(node_network_receive_fifo_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "{{device}} - Rx in", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "rate(node_network_transmit_fifo_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "{{device}} - Tx out", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Network Traffic Fifo", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Rate of packet collisions detected during transmission. Mostly relevant on half-duplex or legacy Ethernet networks", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "pps" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*out.*/" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 56 + }, + "id": 232, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 300 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.6.1", + "targets": [ + { + "editorMode": "code", + "expr": "rate(node_network_transmit_colls_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "{{device}} - Tx out", + "range": true, + "refId": "A", + "step": 240 + } + ], + "title": "Network Traffic Collision", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Rate of carrier errors during transmission. These typically indicate physical layer issues like faulty cabling or duplex mismatches", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "pps" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 56 + }, + "id": 231, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 300 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.6.1", + "targets": [ + { + "editorMode": "code", + "expr": "rate(node_network_transmit_carrier_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "{{device}} - Tx out", + "range": true, + "refId": "A", + "step": 240 + } + ], + "title": "Network Traffic Carrier Errors", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Number of ARP entries per interface. Useful for detecting excessive ARP traffic or table growth due to scanning or misconfiguration", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 66 + }, + "id": 230, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.6.1", + "targets": [ + { + "editorMode": "code", + "expr": "node_arp_entries{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "{{ device }} ARP Table", + "range": true, + "refId": "A", + "step": 240 + } + ], + "title": "ARP Entries", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Current and maximum connection tracking entries used by Netfilter (nf_conntrack). High usage approaching the limit may cause packet drops or connection issues", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "NF conntrack limit" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" + } + }, + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineStyle", + "value": { + "dash": [ + 10, + 10 + ], + "fill": "dash" + } + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 66 + }, + "id": 61, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.6.1", + "targets": [ + { + "editorMode": "code", + "expr": "node_nf_conntrack_entries{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "NF conntrack entries", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_nf_conntrack_entries_limit{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "NF conntrack limit", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "NF Conntrack", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Operational and physical link status of each network interface. Values are Yes for 'up' or link present, and No for 'down' or no carrier.\"", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "bool_yes_no" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 76 + }, + "id": 309, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 300 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.6.1", + "targets": [ + { + "editorMode": "code", + "expr": "node_network_up{operstate=\"up\",instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "hide": true, + "legendFormat": "{{interface}} - Operational state UP", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_network_carrier{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "instant": false, + "legendFormat": "{{device}} - Physical link", + "refId": "B" + } + ], + "title": "Network Operational Status", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Maximum speed of each network interface as reported by the operating system. This is a static hardware capability, not current throughput", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 0, + "fieldMinMax": false, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "bps" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 6, + "x": 12, + "y": 76 + }, + "id": 280, + "options": { + "displayMode": "basic", + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "maxVizHeight": 30, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "manual", + "valueMode": "color" + }, + "pluginVersion": "11.6.1", + "targets": [ + { + "editorMode": "code", + "expr": "node_network_speed_bytes{instance=\"$node\",job=\"$job\"} * 8", + "format": "time_series", + "legendFormat": "{{ device }}", + "range": true, + "refId": "A", + "step": 240 + } + ], + "title": "Speed", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "MTU (Maximum Transmission Unit) in bytes for each network interface. Affects packet size and transmission efficiency", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 0, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 6, + "x": 18, + "y": 76 + }, + "id": 288, + "options": { + "displayMode": "basic", + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "maxVizHeight": 30, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "manual", + "valueMode": "color" + }, + "pluginVersion": "11.6.1", + "targets": [ + { + "editorMode": "code", + "expr": "node_network_mtu_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "legendFormat": "{{ device }}", + "range": true, + "refId": "A", + "step": 240 + } + ], + "title": "MTU", + "type": "bargauge" + } + ], + "title": "Network Traffic", + "type": "row" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 16 + }, + "id": 273, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Tracks TCP socket usage and memory per node", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 297 + }, + "id": 63, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 300 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_sockstat_TCP_alloc{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "Allocated Sockets", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_sockstat_TCP_inuse{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "In-Use Sockets", + "range": true, + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_sockstat_TCP_orphan{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "Orphaned Sockets", + "range": true, + "refId": "C", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_sockstat_TCP_tw{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "TIME_WAIT Sockets", + "range": true, + "refId": "D", + "step": 240 + } + ], + "title": "Sockstat TCP", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Number of UDP and UDPLite sockets currently in use", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 297 + }, + "id": 124, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 300 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_sockstat_UDPLITE_inuse{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "UDPLite - In-Use Sockets", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_sockstat_UDP_inuse{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "UDP - In-Use Sockets", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Sockstat UDP", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Total number of sockets currently in use across all protocols (TCP, UDP, UNIX, etc.), as reported by /proc/net/sockstat", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 307 + }, + "id": 126, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 300 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_sockstat_sockets_used{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "Total sockets", + "range": true, + "refId": "A", + "step": 240 + } + ], + "title": "Sockstat Used", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Number of FRAG and RAW sockets currently in use. RAW sockets are used for custom protocols or tools like ping; FRAG sockets are used internally for IP packet defragmentation", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 307 + }, + "id": 125, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 300 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_sockstat_FRAG_inuse{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "FRAG - In-Use Sockets", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_sockstat_RAW_inuse{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "RAW - In-Use Sockets", + "range": true, + "refId": "C", + "step": 240 + } + ], + "title": "Sockstat FRAG / RAW", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Kernel memory used by TCP, UDP, and IP fragmentation buffers", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 317 + }, + "id": 220, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 300 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_sockstat_TCP_mem_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "TCP", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_sockstat_UDP_mem_bytes{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "UDP", + "range": true, + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_sockstat_FRAG_memory{instance=\"$node\",job=\"$job\"}", + "interval": "", + "legendFormat": "Fragmentation", + "range": true, + "refId": "C" + } + ], + "title": "Sockstat Memory Size", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Average memory used per socket (TCP/UDP). Helps tune net.ipv4.tcp_rmem / tcp_wmem", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 317 + }, + "id": 339, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 300 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_sockstat_TCP_mem_bytes{instance=\"$node\",job=\"$job\"} / node_sockstat_TCP_inuse{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "TCP", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_sockstat_UDP_mem_bytes{instance=\"$node\",job=\"$job\"} / node_sockstat_UDP_inuse{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "UDP", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Sockstat Average Socket Memory", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "TCP/UDP socket memory usage in kernel (in pages)", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 327 + }, + "id": 336, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 300 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_sockstat_TCP_mem{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "TCP", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_sockstat_UDP_mem{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "UDP", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "TCP/UDP Kernel Buffer Memory Pages", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Packets processed and dropped by the softnet network stack per CPU. Drops may indicate CPU saturation or network driver limitations", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "drop (-) / process (+)", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "pps" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*Dropped.*/" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 327 + }, + "id": 290, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 300 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_softnet_processed_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "CPU {{cpu}} - Processed", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_softnet_dropped_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "CPU {{cpu}} - Dropped", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Softnet Packets", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "How often the kernel was unable to process all packets in the softnet queue before time ran out. Frequent squeezes may indicate CPU contention or driver inefficiency", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "eps" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 337 + }, + "id": 310, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 300 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_softnet_times_squeezed_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "CPU {{cpu}} - Times Squeezed", + "range": true, + "refId": "A", + "step": 240 + } + ], + "title": "Softnet Out of Quota", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Tracks the number of packets processed or dropped by Receive Packet Steering (RPS), a mechanism to distribute packet processing across CPUs", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "pps" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*Dropped.*/" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + }, + { + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 337 + }, + "id": 330, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 300 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_softnet_received_rps_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "CPU {{cpu}} - Processed", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_softnet_flow_limit_count_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "CPU {{cpu}} - Dropped", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Softnet RPS", + "type": "timeseries" + } + ], + "title": "Network Sockstat", + "type": "row" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 17 + }, + "id": 274, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Rate of octets sent and received at the IP layer, as reported by /proc/net/netstat", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "out (-) / in (+)", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "Bps" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*out.*/" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 348 + }, + "id": 221, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "width": 300 + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_netstat_IpExt_InOctets{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "IP Rx in", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_netstat_IpExt_OutOctets{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "legendFormat": "IP Tx out", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Netstat IP In / Out Octets", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Rate of TCP segments sent and received per second, including data and control segments", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "out (-) / in (+)", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "pps" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*out.*/" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + } + ] + }, + { + "matcher": { + "id": "byRegexp", + "options": "/.*Snd.*/" + }, + "properties": [] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 348 + }, + "id": 299, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_netstat_Tcp_InSegs{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "instant": false, + "interval": "", + "legendFormat": "TCP Rx in", + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_netstat_Tcp_OutSegs{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "TCP Tx out", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "TCP In / Out", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Rate of UDP datagrams sent and received per second, based on /proc/net/netstat", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "out (-) / in (+)", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "pps" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*out.*/" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 358 + }, + "id": 55, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_netstat_Udp_InDatagrams{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "UDP Rx in", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_netstat_Udp_OutDatagrams{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "UDP Tx out", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "UDP In / Out", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Number of ICMP messages sent and received per second, including error and control messages", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "out (-) / in (+)", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "pps" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*out.*/" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 358 + }, + "id": 115, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_netstat_Icmp_InMsgs{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "ICMP Rx in", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_netstat_Icmp_OutMsgs{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "ICMP Tx out", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "ICMP In / Out", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Tracks various TCP error and congestion-related events, including retransmissions, timeouts, dropped connections, and buffer issues", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "pps" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 368 + }, + "id": 104, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_netstat_TcpExt_ListenOverflows{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "Listen Overflows", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_netstat_TcpExt_ListenDrops{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "Listen Drops", + "range": true, + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_netstat_TcpExt_TCPSynRetrans{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "SYN Retransmits", + "range": true, + "refId": "C", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_netstat_Tcp_RetransSegs{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "interval": "", + "legendFormat": "Segment Retransmits", + "range": true, + "refId": "D" + }, + { + "editorMode": "code", + "expr": "irate(node_netstat_Tcp_InErrs{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "interval": "", + "legendFormat": "Receive Errors", + "range": true, + "refId": "E" + }, + { + "editorMode": "code", + "expr": "irate(node_netstat_Tcp_OutRsts{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "interval": "", + "legendFormat": "RST Sent", + "range": true, + "refId": "F" + }, + { + "editorMode": "code", + "expr": "irate(node_netstat_TcpExt_TCPRcvQDrop{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "interval": "", + "legendFormat": "Receive Queue Drops", + "range": true, + "refId": "G" + }, + { + "editorMode": "code", + "expr": "irate(node_netstat_TcpExt_TCPOFOQueue{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "interval": "", + "legendFormat": "Out-of-order Queued", + "range": true, + "refId": "H" + }, + { + "editorMode": "code", + "expr": "irate(node_netstat_TcpExt_TCPTimeouts{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "interval": "", + "legendFormat": "TCP Timeouts", + "range": true, + "refId": "I" + } + ], + "title": "TCP Errors", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Rate of UDP and UDPLite datagram delivery errors, including missing listeners, buffer overflows, and protocol-specific issues", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "pps" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 368 + }, + "id": 109, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_netstat_Udp_InErrors{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "UDP Rx in Errors", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_netstat_Udp_NoPorts{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "UDP No Listener", + "range": true, + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_netstat_UdpLite_InErrors{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "interval": "", + "legendFormat": "UDPLite Rx in Errors", + "range": true, + "refId": "C" + }, + { + "editorMode": "code", + "expr": "irate(node_netstat_Udp_RcvbufErrors{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "UDP Rx in Buffer Errors", + "range": true, + "refId": "D", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_netstat_Udp_SndbufErrors{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "UDP Tx out Buffer Errors", + "range": true, + "refId": "E", + "step": 240 + } + ], + "title": "UDP Errors", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Rate of incoming ICMP messages that contained protocol-specific errors, such as bad checksums or invalid lengths", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "out (-) / in (+)", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "pps" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*out.*/" + }, + "properties": [ + { + "id": "custom.transform", + "value": "negative-Y" + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 378 + }, + "id": 50, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_netstat_Icmp_InErrors{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "ICMP Rx In", + "range": true, + "refId": "A", + "step": 240 + } + ], + "title": "ICMP Errors", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Rate of TCP SYN cookies sent, validated, and failed. These are used to protect against SYN flood attacks and manage TCP handshake resources under load", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "eps" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*Failed.*/" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 378 + }, + "id": 91, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_netstat_TcpExt_SyncookiesFailed{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "SYN Cookies Failed", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_netstat_TcpExt_SyncookiesRecv{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "SYN Cookies Validated", + "range": true, + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_netstat_TcpExt_SyncookiesSent{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "SYN Cookies Sent", + "range": true, + "refId": "C", + "step": 240 + } + ], + "title": "TCP SynCookie", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Number of currently established TCP connections and the system's max supported limit. On Linux, MaxConn may return -1 to indicate a dynamic/unlimited configuration", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*Max*./" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890F02", + "mode": "fixed" + } + }, + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineStyle", + "value": { + "dash": [ + 10, + 10 + ], + "fill": "dash" + } + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 388 + }, + "id": 85, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.6.1", + "targets": [ + { + "editorMode": "code", + "expr": "node_netstat_Tcp_CurrEstab{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "Current Connections", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_netstat_Tcp_MaxConn{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "Max Connections", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "TCP Connections", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Number of UDP packets currently queued in the receive (RX) and transmit (TX) buffers. A growing queue may indicate a bottleneck", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 388 + }, + "id": 337, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.6.1", + "targets": [ + { + "editorMode": "code", + "expr": "node_udp_queues{instance=\"$node\",job=\"$job\",ip=\"v4\",queue=\"rx\"}", + "format": "time_series", + "interval": "", + "legendFormat": "UDP Rx in Queue", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_udp_queues{instance=\"$node\",job=\"$job\",ip=\"v4\",queue=\"tx\"}", + "format": "time_series", + "interval": "", + "legendFormat": "UDP Tx out Queue", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "UDP Queue", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Rate of TCP connection initiations per second. 'Active' opens are initiated by this host. 'Passive' opens are accepted from incoming connections", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "eps" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 398 + }, + "id": 82, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.6.1", + "targets": [ + { + "editorMode": "code", + "expr": "irate(node_netstat_Tcp_ActiveOpens{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "Active Opens", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "irate(node_netstat_Tcp_PassiveOpens{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "Passive Opens", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "TCP Direct Transition", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Number of TCP sockets in key connection states. Requires the --collector.tcpstat flag on node_exporter", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "noValue": "0", + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green" + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 398 + }, + "id": 320, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "11.6.1", + "targets": [ + { + "editorMode": "code", + "expr": "node_tcp_connection_states{state=\"established\",instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "Established", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_tcp_connection_states{state=\"fin_wait2\",instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "FIN_WAIT2", + "range": true, + "refId": "B", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_tcp_connection_states{state=\"listen\",instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "Listen", + "range": true, + "refId": "C", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_tcp_connection_states{state=\"time_wait\",instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "TIME_WAIT", + "range": true, + "refId": "D", + "step": 240 + }, + { + "editorMode": "code", + "expr": "node_tcp_connection_states{state=\"close_wait\", instance=\"$node\", job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "CLOSE_WAIT", + "range": true, + "refId": "E", + "step": 240 + } + ], + "title": "TCP Stat", + "type": "timeseries" + } + ], + "title": "Network Netstat", + "type": "row" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 18 + }, + "id": 279, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Duration of each individual collector executed during a Node Exporter scrape. Useful for identifying slow or failing collectors", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 429 + }, + "id": 40, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_scrape_collector_duration_seconds{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "{{collector}}", + "range": true, + "refId": "A", + "step": 240 + } + ], + "title": "Node Exporter Scrape Time", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Rate of CPU time used by the process exposing this metric (user + system mode)", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 429 + }, + "id": 308, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "irate(process_cpu_seconds_total{instance=\"$node\",job=\"$job\"}[$__rate_interval])", + "format": "time_series", + "interval": "", + "legendFormat": "Process CPU Usage", + "range": true, + "refId": "A", + "step": 240 + } + ], + "title": "Exporter Process CPU Usage", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Tracks the memory usage of the process exposing this metric (e.g., node_exporter), including current virtual memory and maximum virtual memory limit", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "bytes" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Virtual Memory Limit" + }, + "properties": [ + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineStyle", + "value": { + "dash": [ + 10, + 10 + ], + "fill": "dash" + } + }, + { + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" + } + } + ] + }, + { + "__systemRef": "hideSeriesFrom", + "matcher": { + "id": "byNames", + "options": { + "mode": "exclude", + "names": [ + "Virtual Memory" + ], + "prefix": "All except:", + "readOnly": true + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": false, + "tooltip": true, + "viz": true + } + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 10, + "x": 0, + "y": 439 + }, + "id": 149, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "process_virtual_memory_bytes{instance=\"$node\",job=\"$job\"}", + "interval": "", + "legendFormat": "Virtual Memory", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "process_virtual_memory_max_bytes{instance=\"$node\",job=\"$job\"}", + "interval": "", + "legendFormat": "Virtual Memory Limit", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Exporter Processes Memory", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Number of file descriptors used by the exporter process versus its configured limit", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byRegexp", + "options": "/.*Max*./" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#890F02", + "mode": "fixed" + } + }, + { + "id": "custom.fillOpacity", + "value": 0 + }, + { + "id": "custom.lineStyle", + "value": { + "dash": [ + 10, + 10 + ], + "fill": "dash" + } + } + ] + }, + { + "__systemRef": "hideSeriesFrom", + "matcher": { + "id": "byNames", + "options": { + "mode": "exclude", + "names": [ + "Open file descriptors" + ], + "prefix": "All except:", + "readOnly": true + } + }, + "properties": [ + { + "id": "custom.hideFrom", + "value": { + "legend": false, + "tooltip": true, + "viz": true + } + } + ] + } + ] + }, + "gridPos": { + "h": 10, + "w": 10, + "x": 10, + "y": 439 + }, + "id": 64, + "options": { + "legend": { + "calcs": [ + "min", + "mean", + "max" + ], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "process_max_fds{instance=\"$node\",job=\"$job\"}", + "interval": "", + "legendFormat": "Maximum open file descriptors", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "process_open_fds{instance=\"$node\",job=\"$job\"}", + "interval": "", + "legendFormat": "Open file descriptors", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Exporter File Descriptor Usage", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "description": "Shows whether each Node Exporter collector scraped successfully (1 = success, 0 = failure), and whether the textfile collector returned an error.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "dark-red", + "value": 0 + }, + { + "color": "green", + "value": 1 + } + ] + }, + "unit": "bool" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 4, + "x": 20, + "y": 439 + }, + "id": 157, + "options": { + "displayMode": "basic", + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "editorMode": "code", + "expr": "node_scrape_collector_success{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "{{collector}}", + "range": true, + "refId": "A", + "step": 240 + }, + { + "editorMode": "code", + "expr": "1 - node_textfile_scrape_error{instance=\"$node\",job=\"$job\"}", + "format": "time_series", + "interval": "", + "legendFormat": "textfile", + "range": true, + "refId": "B", + "step": 240 + } + ], + "title": "Node Exporter Scrape", + "type": "bargauge" + } + ], + "title": "Node Exporter", + "type": "row" + } + ], + "preload": false, + "refresh": "1m", + "schemaVersion": 42, + "tags": [ + "linux" + ], + "templating": { + "list": [ + { + "current": { + "text": "Prometheus", + "value": "PBFA97CFB590B2093" + }, + "includeAll": false, + "label": "Datasource", + "name": "ds_prometheus", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + }, + { + "current": { + "text": "node-exporter", + "value": "node-exporter" + }, + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "definition": "", + "includeAll": false, + "label": "Job", + "name": "job", + "options": [], + "query": { + "query": "label_values(node_uname_info, job)", + "refId": "Prometheus-job-Variable-Query" + }, + "refresh": 1, + "regex": "", + "sort": 1, + "type": "query" + }, + { + "current": { + "text": "OPNsense", + "value": "OPNsense" + }, + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "definition": "label_values(node_uname_info{job=\"$job\"}, nodename)", + "includeAll": false, + "label": "Nodename", + "name": "nodename", + "options": [], + "query": { + "query": "label_values(node_uname_info{job=\"$job\"}, nodename)", + "refId": "Prometheus-nodename-Variable-Query" + }, + "refresh": 1, + "regex": "", + "sort": 1, + "type": "query" + }, + { + "current": { + "text": "10.19.4.1:9100", + "value": "10.19.4.1:9100" + }, + "datasource": { + "type": "prometheus", + "uid": "${ds_prometheus}" + }, + "definition": "label_values(node_uname_info{job=\"$job\", nodename=\"$nodename\"}, instance)", + "includeAll": false, + "label": "Instance", + "name": "node", + "options": [], + "query": { + "query": "label_values(node_uname_info{job=\"$job\", nodename=\"$nodename\"}, instance)", + "refId": "Prometheus-node-Variable-Query" + }, + "refresh": 1, + "regex": "", + "sort": 1, + "type": "query" + } + ] + }, + "time": { + "from": "now-24h", + "to": "now" + }, + "timepicker": {}, + "timezone": "browser", + "title": "Node Exporter", + "uid": "rYdddlPWk", + "version": 2 +} \ No newline at end of file diff --git a/terraform/modules/apps/grafana/resources/trivy-vulnerabilities-dashboard.json b/terraform/modules/apps/grafana/resources/trivy-vulnerabilities-dashboard.json new file mode 100644 index 0000000..38b05df --- /dev/null +++ b/terraform/modules/apps/grafana/resources/trivy-vulnerabilities-dashboard.json @@ -0,0 +1,1072 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": "$datasource", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 6, + "x": 0, + "y": 0 + }, + "id": 1, + "options": { + "colorMode": "background", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "editorMode": "code", + "expr": "sum(trivy_misconfiguration_failures{namespace=~\"${namespace:regex}\"})", + "instant": true, + "legendFormat": "", + "range": false, + "refId": "A" + } + ], + "title": "Total Failed Checks", + "type": "stat" + }, + { + "datasource": "$datasource", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "orange", + "value": 1 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "name" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "title": "Drilldown to resource checks", + "url": "/d/trivy-vuln-overview/trivy-vulnerabilities-overview?var-datasource=${datasource}&var-namespace=${namespace}&var-resource_namespace=${__data.fields.namespace}&var-resource_kind=${__data.fields.kind}&var-resource_name=${__data.fields.name}", + "targetBlank": false + } + ] + } + ] + } + ] + }, + "gridPos": { + "h": 6, + "w": 6, + "x": 6, + "y": 0 + }, + "id": 2, + "options": { + "colorMode": "background", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "editorMode": "code", + "expr": "sum(trivy_misconfiguration_successes{namespace=~\"${namespace:regex}\"})", + "instant": true, + "legendFormat": "", + "range": false, + "refId": "A" + } + ], + "title": "Total Passed Checks", + "type": "stat" + }, + { + "datasource": "$datasource", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 12, + "x": 12, + "y": 0 + }, + "id": 6, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "editorMode": "code", + "expr": "sum(trivy_misconfiguration_failures{namespace=~\"${namespace:regex}\"}) / clamp_min(sum(trivy_misconfiguration_failures{namespace=~\"${namespace:regex}\"}) + sum(trivy_misconfiguration_successes{namespace=~\"${namespace:regex}\"}), 1)", + "instant": true, + "legendFormat": "", + "range": false, + "refId": "A" + } + ], + "title": "Failure Ratio", + "type": "stat" + }, + { + "datasource": "$datasource", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 6 + }, + "id": 3, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "editorMode": "code", + "expr": "sum by (severity) (trivy_misconfiguration{status=\"FAIL\",namespace=~\"${namespace:regex}\"})", + "legendFormat": "{{severity}}", + "range": true, + "refId": "A" + } + ], + "title": "Failed Checks by Severity", + "type": "timeseries" + }, + { + "datasource": "$datasource", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 6 + }, + "id": 4, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "editorMode": "code", + "expr": "sum by (namespace) (trivy_misconfiguration{status=\"FAIL\",namespace=~\"${namespace:regex}\"})", + "legendFormat": "{{namespace}}", + "range": true, + "refId": "A" + } + ], + "title": "Failed Checks by Namespace", + "type": "barchart" + }, + { + "datasource": "$datasource", + "fieldConfig": { + "defaults": { + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 24, + "x": 0, + "y": 14 + }, + "id": 5, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "enablePagination": true, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true, + "sortBy": [ + { + "desc": true, + "displayName": "Failed Checks" + } + ] + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "editorMode": "code", + "expr": "sum by (namespace, kind, name, type) (trivy_misconfiguration{status=\"FAIL\",namespace=~\"${namespace:regex}\"})", + "format": "table", + "instant": true, + "legendFormat": "", + "range": false, + "refId": "A" + } + ], + "title": "Top Affected Resources", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true, + "__name__": true, + "job": true, + "instance": true + }, + "indexByName": {}, + "renameByName": { + "Value": "Failed Checks" + } + } + } + ], + "type": "table" + }, + { + "datasource": "$datasource", + "fieldConfig": { + "defaults": { + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Check ID" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "title": "Open Trivy Primary URL", + "url": "${__data.fields.primary_url}", + "targetBlank": true + }, + { + "title": "Search in Aqua AVD", + "url": "https://avd.aquasec.com/search/?q=${__value.raw}", + "targetBlank": true + } + ] + } + ] + } + ] + }, + "gridPos": { + "h": 12, + "w": 24, + "x": 0, + "y": 24 + }, + "id": 7, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "enablePagination": true, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true, + "sortBy": [ + { + "desc": true, + "displayName": "Failed Checks" + } + ] + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "editorMode": "code", + "expr": "sum by (check_id, title, check_namespace, primary_url, severity) (trivy_misconfiguration{status=\"FAIL\",namespace=~\"${namespace:regex}\"})", + "format": "table", + "instant": true, + "legendFormat": "", + "range": false, + "refId": "A" + } + ], + "title": "Top Failed Checks (What Is Misconfigured)", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true, + "__name__": true, + "job": true, + "instance": true + }, + "indexByName": {}, + "renameByName": { + "Value": "Failed Checks", + "check_id": "Check ID", + "check_namespace": "Check Namespace", + "primary_url": "Primary URL", + "title": "Check Title" + } + } + } + ], + "type": "table" + }, + { + "datasource": "$datasource", + "fieldConfig": { + "defaults": { + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Check ID" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "title": "Open Trivy Primary URL", + "url": "${__data.fields.primary_url}", + "targetBlank": true + }, + { + "title": "Search in Aqua AVD", + "url": "https://avd.aquasec.com/search/?q=${__value.raw}", + "targetBlank": true + } + ] + } + ] + } + ] + }, + "gridPos": { + "h": 12, + "w": 24, + "x": 0, + "y": 36 + }, + "id": 8, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "enablePagination": true, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true, + "sortBy": [ + { + "desc": true, + "displayName": "Failed Checks" + } + ] + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "editorMode": "code", + "expr": "sum by (namespace, kind, name, check_id, title, check_namespace, primary_url, severity) (trivy_misconfiguration{status=\"FAIL\",namespace=~\"$resource_namespace\",kind=~\"$resource_kind\",name=~\"$resource_name\"})", + "format": "table", + "instant": true, + "legendFormat": "", + "range": false, + "refId": "A" + } + ], + "title": "Resource Drilldown: Failed Checks", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true, + "__name__": true, + "job": true, + "instance": true + }, + "indexByName": {}, + "renameByName": { + "Value": "Failed Checks", + "check_id": "Check ID", + "check_namespace": "Check Namespace", + "primary_url": "Primary URL", + "title": "Check Title", + "kind": "Resource Kind", + "name": "Resource Name", + "namespace": "Resource Namespace" + } + } + } + ], + "type": "table" + }, + { + "datasource": "$datasource", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 8, + "x": 0, + "y": 48 + }, + "id": 9, + "options": { + "colorMode": "background", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "editorMode": "code", + "expr": "sum(trivy_vulnerability_total{namespace=~\"${namespace:regex}\"})", + "instant": true, + "legendFormat": "", + "range": false, + "refId": "A" + } + ], + "title": "Total Vulnerabilities", + "type": "stat" + }, + { + "datasource": "$datasource", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 16, + "x": 8, + "y": 48 + }, + "id": 10, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "editorMode": "code", + "expr": "sum by (severity) (trivy_vulnerability_severity_count{namespace=~\"${namespace:regex}\"})", + "legendFormat": "{{severity}}", + "range": true, + "refId": "A" + } + ], + "title": "Vulnerabilities by Severity", + "type": "timeseries" + }, + { + "datasource": "$datasource", + "fieldConfig": { + "defaults": { + "custom": { + "align": "auto", + "cellOptions": { + "type": "auto" + }, + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 1 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Vulnerability ID" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "title": "Open in NVD", + "url": "https://nvd.nist.gov/vuln/detail/${__value.raw}", + "targetBlank": true + }, + { + "title": "Open in CVE.org", + "url": "https://www.cve.org/CVERecord?id=${__value.raw}", + "targetBlank": true + } + ] + } + ] + } + ] + }, + "gridPos": { + "h": 12, + "w": 24, + "x": 0, + "y": 54 + }, + "id": 11, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "enablePagination": true, + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true, + "sortBy": [ + { + "desc": true, + "displayName": "Vulnerabilities" + } + ] + }, + "pluginVersion": "11.0.0", + "targets": [ + { + "editorMode": "code", + "expr": "sum by (namespace, kind, name, severity, vulnerability_id, package, target) (trivy_vulnerability{namespace=~\"${namespace:regex}\"})", + "format": "table", + "instant": true, + "legendFormat": "", + "range": false, + "refId": "A" + } + ], + "title": "Top Resource Vulnerabilities", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true, + "__name__": true, + "job": true, + "instance": true + }, + "indexByName": {}, + "renameByName": { + "Value": "Vulnerabilities", + "vulnerability_id": "Vulnerability ID", + "package": "Package", + "target": "Target" + } + } + } + ], + "type": "table" + } + ], + "refresh": "30s", + "schemaVersion": 39, + "style": "dark", + "tags": [ + "trivy", + "security", + "vulnerabilities" + ], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "includeAll": false, + "label": "Datasource", + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": "$datasource", + "definition": "label_values(trivy_misconfiguration, namespace)", + "hide": 0, + "includeAll": true, + "label": "Namespace", + "multi": true, + "name": "namespace", + "options": [], + "query": { + "query": "label_values(trivy_misconfiguration, namespace)", + "refId": "Prometheus-namespace" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "type": "query", + "allValue": ".*" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "hide": 0, + "includeAll": true, + "label": "Resource Namespace", + "multi": false, + "name": "resource_namespace", + "options": [], + "query": "", + "refresh": 0, + "regex": "", + "skipUrlSync": false, + "type": "custom", + "allValue": ".*" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "hide": 0, + "includeAll": true, + "label": "Resource Kind", + "multi": false, + "name": "resource_kind", + "options": [], + "query": "", + "refresh": 0, + "regex": "", + "skipUrlSync": false, + "type": "custom", + "allValue": ".*" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "hide": 0, + "includeAll": true, + "label": "Resource Name", + "multi": false, + "name": "resource_name", + "options": [], + "query": "", + "refresh": 0, + "regex": "", + "skipUrlSync": false, + "type": "custom", + "allValue": ".*" + } + ] + }, + "time": { + "from": "now-7d", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Trivy Vulnerabilities Overview", + "uid": "trivy-vuln-overview", + "version": 1, + "weekStart": "" +} diff --git a/terraform/modules/apps/grafana/resources/windows-exporter-dashboard.json b/terraform/modules/apps/grafana/resources/windows-exporter-dashboard.json new file mode 100644 index 0000000..c535c93 --- /dev/null +++ b/terraform/modules/apps/grafana/resources/windows-exporter-dashboard.json @@ -0,0 +1,2448 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "description": "Windows Exporter Dashboard Created By Ismaeil Rasoulivand with love", + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 1, + "id": 6, + "links": [], + "panels": [ + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 46, + "panels": [], + "title": "Overview", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 0, + "y": 1 + }, + "id": 33, + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "12.3.1", + "repeat": "host", + "repeatDirection": "v", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "windows_time_current_timestamp_seconds{instance=~\"$server\"} - on () windows_process_start_time_seconds_timestamp{instance=\"$server\",process=\"Idle\",process_id=\"0\"}", + "format": "time_series", + "hide": false, + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "title": "Uptime", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "#1f78c1", + "mode": "thresholds" + }, + "mappings": [], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#299c46", + "value": 0 + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 80 + }, + { + "color": "#d44a3a", + "value": 90 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 3, + "y": 1 + }, + "id": 19, + "maxDataPoints": 100, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "sizing": "auto" + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "100 - (avg by (instance) (irate(windows_cpu_time_total{mode=\"idle\", instance=~\"$server\"}[1m])) * 100)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "CPU Usage", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "rgb(31, 120, 193)", + "mode": "thresholds" + }, + "mappings": [], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#299c46", + "value": 0 + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 80 + }, + { + "color": "#d44a3a", + "value": 90 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 6, + "y": 1 + }, + "id": 23, + "maxDataPoints": 100, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "sizing": "auto" + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "(sum(windows_logical_disk_size_bytes{volume!~\"Harddisk.*\", instance=\"$server\"}) by (instance) - sum(windows_logical_disk_free_bytes{volume!~\"Harddisk.*\", instance=\"$server\"}) by (instance)) / sum(windows_logical_disk_size_bytes{volume!~\"Harddisk.*\", instance=\"$server\"}) by (instance) * 100", + "format": "time_series", + "intervalFactor": 1, + "range": true, + "refId": "A" + } + ], + "title": "Disk Usage", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "rgb(31, 120, 193)", + "mode": "thresholds" + }, + "mappings": [], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#299c46", + "value": 0 + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 80 + }, + { + "color": "#d44a3a", + "value": 90 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 9, + "y": 1 + }, + "id": 21, + "maxDataPoints": 100, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "sizing": "auto" + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "(windows_memory_physical_total_bytes{instance=~\"$server\"} - windows_memory_physical_free_bytes{instance=~\"$server\"}) / windows_memory_physical_total_bytes{instance=~\"$server\"} * 100", + "format": "time_series", + "intervalFactor": 1, + "range": true, + "refId": "A" + } + ], + "title": "Memory Usage", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 3, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 1 + }, + "id": 14, + "options": { + "dataLinks": [], + "legend": { + "calcs": [ + "lastNotNull" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "application": { + "filter": "" + }, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "windows_memory_physical_total_bytes{instance=~\"$server\"}-windows_memory_physical_free_bytes{instance=~\"$server\"}", + "format": "time_series", + "functions": [], + "group": { + "filter": "" + }, + "hide": false, + "host": { + "filter": "" + }, + "intervalFactor": 1, + "item": { + "filter": "" + }, + "legendFormat": "Used memory", + "metric": "mysql_global_status_questions", + "mode": 0, + "options": { + "showDisabledItems": false + }, + "range": true, + "refId": "B", + "step": 5 + }, + { + "application": { + "filter": "" + }, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "", + "format": "time_series", + "functions": [], + "group": { + "filter": "" + }, + "hide": false, + "host": { + "filter": "" + }, + "intervalFactor": 1, + "item": { + "filter": "" + }, + "legendFormat": "Free physical memory", + "metric": "mysql_global_status_questions", + "mode": 0, + "options": { + "showDisabledItems": false + }, + "range": true, + "refId": "C", + "step": 5 + }, + { + "application": { + "filter": "" + }, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "windows_memory_committed_bytes{instance=~\"$server\"}", + "format": "time_series", + "functions": [], + "group": { + "filter": "" + }, + "hide": false, + "host": { + "filter": "" + }, + "intervalFactor": 1, + "item": { + "filter": "" + }, + "legendFormat": "Used virtual memory", + "metric": "mysql_global_status_questions", + "mode": 0, + "options": { + "showDisabledItems": false + }, + "range": true, + "refId": "A", + "step": 5 + } + ], + "title": "Memory Details", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 0, + "y": 4 + }, + "id": 35, + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "/^windows_cpu_logical_processor\\{instance=\"localhost:9182\", job=\"windows\"\\}$/", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "12.3.1", + "repeat": "host", + "repeatDirection": "v", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "windows_cpu_logical_processor{instance=~\"$server\"}", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "Processors", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 1, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 0, + "y": 7 + }, + "id": 37, + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "/^windows_memory_physical_total_bytes\\{instance=\"localhost:9182\", job=\"windows\"\\}$/", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "12.3.1", + "repeat": "host", + "repeatDirection": "v", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "windows_memory_physical_total_bytes{instance=~\"$server\"}", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "RAM", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "#1f78c1", + "mode": "thresholds" + }, + "decimals": 1, + "mappings": [], + "max": 100, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#299c46", + "value": 0 + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 80 + }, + { + "color": "#d44a3a", + "value": 90 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 3, + "y": 7 + }, + "id": 48, + "maxDataPoints": 100, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "sizing": "auto" + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum(\n rate(windows_gpu_engine_time_seconds{instance=\"$server\", engtype=\"3D\"}[1m])\n) * 100", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "GPU Usage", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "#1f78c1", + "mode": "thresholds" + }, + "decimals": 1, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#299c46", + "value": 0 + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 80 + }, + { + "color": "#d44a3a", + "value": 90 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 6, + "y": 7 + }, + "id": 44, + "options": { + "minVizHeight": 75, + "minVizWidth": 75, + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true, + "sizing": "auto" + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "windows_gpu_adapter_memory_dedicated_bytes{instance=\"$server\"}/ on(instance) windows_gpu_dedicated_video_memory_size_bytes{instance=\"$server\"} * 100", + "interval": "", + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "GPU Memory usage (GB)", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "green", + "mode": "fixed" + }, + "decimals": 0, + "mappings": [], + "max": 100000000, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#299c46", + "value": 0 + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 70000000 + }, + { + "color": "#d44a3a", + "value": 90000000 + } + ] + }, + "unit": "bps" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 9, + "y": 7 + }, + "id": 39, + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "windows_memory_swap_page_operations_total{instance=\"$server\"}", + "format": "time_series", + "hide": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ instance }}", + "range": true, + "refId": "A" + } + ], + "title": "SWAP R/W", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "#1f78c1", + "mode": "thresholds" + }, + "decimals": 1, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "semi-dark-blue", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 0, + "y": 10 + }, + "id": 43, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "windows_gpu_dedicated_video_memory_size_bytes{instance=\"$server\"}", + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "VRAM", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 3, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 10 + }, + "id": 47, + "options": { + "dataLinks": [], + "legend": { + "calcs": [ + "lastNotNull" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "application": { + "filter": "" + }, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum by (phys) (\n windows_gpu_adapter_memory_dedicated_bytes{instance=\"$server\"}\n)", + "format": "time_series", + "functions": [], + "group": { + "filter": "" + }, + "hide": false, + "host": { + "filter": "" + }, + "intervalFactor": 1, + "item": { + "filter": "" + }, + "legendFormat": "Device: #{{phys}}", + "metric": "mysql_global_status_questions", + "mode": 0, + "options": { + "showDisabledItems": false + }, + "range": true, + "refId": "B", + "step": 5 + } + ], + "title": "VRAM details ", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "green", + "mode": "thresholds" + }, + "fieldMinMax": false, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "dark-red", + "value": 0 + }, + { + "color": "#EAB839", + "value": 10000000000 + }, + { + "color": "semi-dark-green", + "value": 10000000010 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 9, + "x": 0, + "y": 13 + }, + "id": 15, + "options": { + "displayMode": "basic", + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "mean" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "application": { + "filter": "" + }, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "windows_logical_disk_free_bytes{instance=~\"$server\", volume !~\"HarddiskVolume.+\"}", + "format": "time_series", + "functions": [], + "group": { + "filter": "" + }, + "hide": false, + "host": { + "filter": "" + }, + "intervalFactor": 1, + "item": { + "filter": "" + }, + "legendFormat": "{{volume}}", + "metric": "mysql_global_status_questions", + "mode": 0, + "options": { + "showDisabledItems": false + }, + "range": true, + "refId": "A", + "step": 20 + } + ], + "title": "Partitions Free Space", + "type": "bargauge" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "rgb(31, 120, 193)", + "mode": "thresholds" + }, + "decimals": 0, + "mappings": [], + "max": 100000000, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#299c46", + "value": 0 + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 70000000 + }, + { + "color": "#d44a3a", + "value": 90000000 + } + ] + }, + "unit": "bps" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 3, + "x": 9, + "y": 13 + }, + "id": 17, + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "percentChangeColorMode": "standard", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showPercentChange": false, + "textMode": "auto", + "wideLayout": true + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "(sum(irate(windows_net_bytes_total{instance=\"$server\"}[1m])) > 1)* 8", + "format": "time_series", + "hide": false, + "intervalFactor": 1, + "legendFormat": "", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": " sum(irate(windows_net_bytes_total{instance=~\"$server\",nic=\"Red_Hat_VirtIO_Ethernet_Adapter\"}[5m])) / sum(windows_net_current_bandwidth{instance=~\"$server\",nic=\"Red_Hat_VirtIO_Ethernet_Adapter\"}/8) * 100", + "format": "time_series", + "hide": true, + "intervalFactor": 1, + "refId": "B" + } + ], + "title": "Bandwidth", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "semi-dark-green", + "mode": "fixed" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Received mysqld-exporter:9104" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#0A50A1", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "stopped" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#2F575E", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 5, + "w": 24, + "x": 0, + "y": 19 + }, + "id": 7, + "options": { + "displayMode": "lcd", + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "maxVizHeight": 300, + "minVizHeight": 16, + "minVizWidth": 8, + "namePlacement": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showUnfilled": true, + "sizing": "auto", + "valueMode": "color" + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "application": { + "filter": "" + }, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "sum(windows_service_state{instance=~\"$server\"}) by (state)", + "format": "time_series", + "functions": [], + "group": { + "filter": "" + }, + "host": { + "filter": "" + }, + "intervalFactor": 1, + "item": { + "filter": "" + }, + "legendFormat": "{{state}}", + "mode": 0, + "options": { + "showDisabledItems": false + }, + "refId": "A", + "step": 5 + } + ], + "title": "Services by state", + "type": "bargauge" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 24 + }, + "id": 45, + "panels": [], + "title": "Details", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "smooth", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "idle" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-green", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "user" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 25 + }, + "id": 4, + "options": { + "dataLinks": [], + "legend": { + "calcs": [ + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "application": { + "filter": "" + }, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum by (mode) (rate(windows_cpu_time_total{instance=~\"$server\"}[5m]))", + "format": "time_series", + "functions": [], + "group": { + "filter": "" + }, + "hide": false, + "host": { + "filter": "" + }, + "intervalFactor": 1, + "item": { + "filter": "" + }, + "legendFormat": "{{mode}}", + "metric": "mysql_global_status_questions", + "mode": 0, + "options": { + "showDisabledItems": false + }, + "range": true, + "refId": "A", + "step": 20 + } + ], + "title": "CPU Load", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 25 + }, + "id": 25, + "options": { + "dataLinks": [], + "legend": { + "calcs": [ + "mean", + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "(avg without (cpu) (sum(irate(windows_cpu_time_total{instance=\"$server\",mode!=\"idle\"}[5m])) by (mode)) / 16)* 100", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{mode}}", + "refId": "A" + } + ], + "title": "CPU Usage", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percent" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 34 + }, + "id": 49, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum(\n rate(windows_gpu_engine_time_seconds{instance=\"$server\", engtype=\"3D\"}[1m])\n) * 100", + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "GPU Usage", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 34 + }, + "id": 9, + "options": { + "dataLinks": [], + "legend": { + "calcs": [ + "lastNotNull", + "max" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.3.1", + "targets": [ + { + "application": { + "filter": "" + }, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "rate(windows_logical_disk_split_ios_total{instance=~\"$server\", volume !~\"HarddiskVolume.+\"}[60s])", + "format": "time_series", + "functions": [], + "group": { + "filter": "" + }, + "hide": false, + "host": { + "filter": "" + }, + "intervalFactor": 1, + "item": { + "filter": "" + }, + "legendFormat": "i/o {{volume}}", + "metric": "mysql_global_status_questions", + "mode": 0, + "options": { + "showDisabledItems": false + }, + "refId": "A", + "step": 20 + } + ], + "title": "Hard disk i/o ops total", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "Bps" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 43 + }, + "id": 11, + "options": { + "dataLinks": [], + "legend": { + "calcs": [ + "lastNotNull", + "max" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "application": { + "filter": "" + }, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "rate(windows_net_bytes_sent_total{instance=~\"$server\"}[$interval]) >0", + "format": "time_series", + "functions": [], + "group": { + "filter": "" + }, + "hide": false, + "host": { + "filter": "" + }, + "interval": "", + "intervalFactor": 1, + "item": { + "filter": "" + }, + "legendFormat": "Sent- Upload", + "metric": "mysql_global_status_questions", + "mode": 0, + "options": { + "showDisabledItems": false + }, + "refId": "B", + "step": 10 + }, + { + "application": { + "filter": "" + }, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "- rate(windows_net_bytes_received_total{instance=~\"$server\"}[$interval]) <0", + "format": "time_series", + "functions": [], + "group": { + "filter": "" + }, + "hide": false, + "host": { + "filter": "" + }, + "interval": "", + "intervalFactor": 1, + "item": { + "filter": "" + }, + "legendFormat": "Received- Download", + "metric": "mysql_global_status_questions", + "mode": 0, + "options": { + "showDisabledItems": false + }, + "refId": "A", + "step": 10 + } + ], + "title": "Bandwidth", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 20, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 43 + }, + "id": 8, + "options": { + "dataLinks": [], + "legend": { + "calcs": [ + "lastNotNull", + "max" + ], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "application": { + "filter": "" + }, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "irate(windows_logical_disk_write_bytes_total{instance=~\"$server\", volume !~\"HarddiskVolume.+\"}[60s])", + "format": "time_series", + "functions": [], + "group": { + "filter": "" + }, + "hide": false, + "host": { + "filter": "" + }, + "intervalFactor": 1, + "item": { + "filter": "" + }, + "legendFormat": "Write {{volume}}", + "metric": "mysql_global_status_questions", + "mode": 0, + "options": { + "showDisabledItems": false + }, + "refId": "A", + "step": 20 + }, + { + "application": { + "filter": "" + }, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "- irate(windows_logical_disk_read_bytes_total{instance=~\"$server\", volume !~\"HarddiskVolume.+\"}[60s])", + "format": "time_series", + "functions": [], + "group": { + "filter": "" + }, + "hide": false, + "host": { + "filter": "" + }, + "intervalFactor": 1, + "item": { + "filter": "" + }, + "legendFormat": "Read {{volume}}", + "metric": "mysql_global_status_questions", + "mode": 0, + "options": { + "showDisabledItems": false + }, + "refId": "B", + "step": 20 + } + ], + "title": "Disk R/W", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "barWidthFactor": 0.6, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "showValues": false, + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": 0 + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 11, + "w": 24, + "x": 0, + "y": 52 + }, + "id": 12, + "options": { + "dataLinks": [], + "legend": { + "calcs": [ + "lastNotNull", + "max" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "hideZeros": false, + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "12.2.0", + "targets": [ + { + "application": { + "filter": "" + }, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "windows_process_threads{instance=~\"$server\"}", + "format": "time_series", + "functions": [], + "group": { + "filter": "" + }, + "hide": false, + "host": { + "filter": "" + }, + "interval": "", + "intervalFactor": 1, + "item": { + "filter": "" + }, + "legendFormat": "({{process}} threads) ", + "metric": "mysql_global_status_questions", + "mode": 0, + "options": { + "showDisabledItems": false + }, + "range": true, + "refId": "A", + "step": 20 + } + ], + "title": "system_threads", + "type": "timeseries" + } + ], + "preload": false, + "refresh": "5s", + "schemaVersion": 42, + "tags": [ + "windows" + ], + "templating": { + "list": [ + { + "auto": false, + "auto_count": 500, + "auto_min": "30s", + "current": { + "text": "60s", + "value": "60s" + }, + "hide": 2, + "label": "Interval", + "name": "interval", + "options": [ + { + "selected": true, + "text": "60s", + "value": "60s" + } + ], + "query": "60s", + "refresh": 2, + "type": "interval" + }, + { + "current": { + "text": "", + "value": "" + }, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "definition": "label_values(windows_cpu_time_total, instance)", + "includeAll": false, + "label": "Server", + "name": "server", + "options": [], + "query": "label_values(windows_cpu_time_total, instance)", + "refresh": 1, + "regex": "", + "type": "query" + }, + { + "current": { + "text": "prometheus-hpz440", + "value": "ef05a870872f4b" + }, + "name": "datasource", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "type": "datasource" + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "browser", + "title": "Windows Exporter", + "uid": "IV0hu1m7z", + "version": 14 +} \ No newline at end of file diff --git a/terraform/modules/apps/grafana/variables.tf b/terraform/modules/apps/grafana/variables.tf index c1a5fd3..ff8682f 100644 --- a/terraform/modules/apps/grafana/variables.tf +++ b/terraform/modules/apps/grafana/variables.tf @@ -20,3 +20,9 @@ variable "persistent_folder" { description = "The path to the persistent folder" type = string } + +variable "prometheus_url" { + description = "Prometheus service URL used by Grafana datasource provisioning" + type = string + default = "http://prometheus.prometheus.svc.cluster.local:9090" +} diff --git a/terraform/modules/utils/prometheus/config.tf b/terraform/modules/utils/prometheus/config.tf index 51bdd4a..7f85714 100644 --- a/terraform/modules/utils/prometheus/config.tf +++ b/terraform/modules/utils/prometheus/config.tf @@ -1,6 +1,7 @@ locals { app_version = var.tag prometheus_folder = "${var.persistent_folder}/prometheus" + pushgateway_folder = "${var.persistent_folder}/pushgateway" alertmanager_folder = "${var.persistent_folder}/alertmanager" prometheus_default_config = yamldecode(file("${path.module}/resources/prometheus.yml")) diff --git a/terraform/modules/utils/prometheus/pushgateway.tf b/terraform/modules/utils/prometheus/pushgateway.tf new file mode 100644 index 0000000..ed26684 --- /dev/null +++ b/terraform/modules/utils/prometheus/pushgateway.tf @@ -0,0 +1,104 @@ +resource "kubernetes_deployment" "pushgateway" { + metadata { + name = "pushgateway" + namespace = kubernetes_namespace.prometheus.metadata[0].name + labels = { + app = "pushgateway" + } + } + + spec { + replicas = 1 + strategy { + type = "Recreate" + } + + selector { + match_labels = { + app = "pushgateway" + } + } + + template { + metadata { + labels = { + app = "pushgateway" + } + annotations = { + "prometheus.io/scrape" = "true" + "prometheus.io/port" = "9091" + } + } + + spec { + automount_service_account_token = false + + security_context { + run_as_non_root = true + run_as_user = 65534 + run_as_group = 65534 + seccomp_profile { + type = "RuntimeDefault" + } + } + + container { + name = "pushgateway" + image = "prom/pushgateway:${local.app_version}" + args = ["--persistence.file=/pushgateway/metrics"] + + port { + name = "http" + container_port = 9091 + } + + security_context { + run_as_non_root = true + run_as_user = 65534 + run_as_group = 65534 + allow_privilege_escalation = false + privileged = false + read_only_root_filesystem = true + capabilities { + drop = ["ALL"] + } + } + + volume_mount { + name = "pushgateway-storage-volume" + mount_path = "/pushgateway" + } + } + + volume { + name = "pushgateway-storage-volume" + host_path { + path = local.pushgateway_folder + type = "DirectoryOrCreate" + } + } + } + } + } +} + +resource "kubernetes_service" "pushgateway" { + metadata { + name = "pushgateway" + namespace = kubernetes_namespace.prometheus.metadata[0].name + } + + spec { + selector = { + app = "pushgateway" + } + type = "ClusterIP" + + port { + port = 9091 + protocol = "TCP" + target_port = "http" + } + } +} + diff --git a/terraform/modules/utils/prometheus/resources/prometheus.yml b/terraform/modules/utils/prometheus/resources/prometheus.yml index 9c152c9..64be3a2 100644 --- a/terraform/modules/utils/prometheus/resources/prometheus.yml +++ b/terraform/modules/utils/prometheus/resources/prometheus.yml @@ -36,6 +36,10 @@ scrape_configs: regex: '^/system\.slice/(.+)\.service$' target_label: systemd_service_name replacement: "${1}" + - job_name: pushgateway + honor_labels: true + static_configs: + - targets: ["pushgateway.prometheus.svc.cluster.local:9091"] alerting: alertmanagers: - static_configs: diff --git a/terraform/modules/utils/trivy/main.tf b/terraform/modules/utils/trivy/main.tf index 8b7f1d1..0af1476 100644 --- a/terraform/modules/utils/trivy/main.tf +++ b/terraform/modules/utils/trivy/main.tf @@ -85,7 +85,7 @@ resource "kubernetes_cron_job_v1" "trivy" { backoff_limit = 1 parallelism = 1 completions = 1 - active_deadline_seconds = 250 + active_deadline_seconds = 600 template { metadata { @@ -126,9 +126,9 @@ resource "kubernetes_cron_job_v1" "trivy" { } } container { - name = "send-report" - image = "python:${local.python_version}" - args = ["/scripts/send_report.py"] + name = "send-report" + image = "python:${local.python_version}" + command = ["python3", "/scripts/send_report.py"] env { name = "SMTP_HOST" value = var.smtp_host @@ -163,6 +163,18 @@ resource "kubernetes_cron_job_v1" "trivy" { name = "EMAIL_TO" value = var.to_email } + env { + name = "PUSHGATEWAY_URL" + value = var.pushgateway_url + } + env { + name = "REPORT_PATH" + value = "/tmp/report.html" + } + env { + name = "TRIVY_OUTPUT_FILE" + value = "/tmp/trivy.json" + } security_context { run_as_non_root = true run_as_user = 1000 diff --git a/terraform/modules/utils/trivy/resources/fixtures/trivy.json b/terraform/modules/utils/trivy/resources/fixtures/trivy.json new file mode 100644 index 0000000..5024279 --- /dev/null +++ b/terraform/modules/utils/trivy/resources/fixtures/trivy.json @@ -0,0 +1,387194 @@ +{ + "ClusterName": "microk8s-prod-01", + "Resources": [ + { + "Kind": "ClusterRole", + "Name": "admin", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/admin", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 52, + "Failures": 12 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0041", + "Title": "Manage secrets", + "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", + "Message": "ClusterRole 'admin' shouldn't have access to manage resource 'secrets'", + "Namespace": "builtin.kubernetes.KSV041", + "Query": "data.builtin.kubernetes.KSV041.deny", + "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0041" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 65, + "EndLine": 77, + "Code": { + "Lines": [ + { + "Number": 65, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 66, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 67, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 68, + "Content": " - pods/attach", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/attach", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 69, + "Content": " - pods/exec", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/exec", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 70, + "Content": " - pods/portforward", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/portforward", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 71, + "Content": " - pods/proxy", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/proxy", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 72, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 73, + "Content": " - services/proxy", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - services/proxy", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 74, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0041", + "Title": "Manage secrets", + "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", + "Message": "ClusterRole 'admin' shouldn't have access to manage resource 'secrets'", + "Namespace": "builtin.kubernetes.KSV041", + "Query": "data.builtin.kubernetes.KSV041.deny", + "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0041" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 104, + "EndLine": 121, + "Code": { + "Lines": [ + { + "Number": 104, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 105, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 106, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 107, + "Content": " - configmaps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - configmaps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 108, + "Content": " - events", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - events", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 109, + "Content": " - persistentvolumeclaims", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - persistentvolumeclaims", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 110, + "Content": " - replicationcontrollers", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicationcontrollers", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 111, + "Content": " - replicationcontrollers/scale", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicationcontrollers/scale", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 112, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 113, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'admin' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 84, + "EndLine": 97, + "Code": { + "Lines": [ + { + "Number": 84, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 85, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 86, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 87, + "Content": " - pods", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 88, + "Content": " - pods/attach", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/attach", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 89, + "Content": " - pods/exec", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/exec", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 90, + "Content": " - pods/portforward", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/portforward", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 91, + "Content": " - pods/proxy", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/proxy", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 92, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 93, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'admin' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 104, + "EndLine": 121, + "Code": { + "Lines": [ + { + "Number": 104, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 105, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 106, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 107, + "Content": " - configmaps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - configmaps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 108, + "Content": " - events", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - events", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 109, + "Content": " - persistentvolumeclaims", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - persistentvolumeclaims", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 110, + "Content": " - replicationcontrollers", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicationcontrollers", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 111, + "Content": " - replicationcontrollers/scale", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicationcontrollers/scale", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 112, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 113, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'admin' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 128, + "EndLine": 144, + "Code": { + "Lines": [ + { + "Number": 128, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 129, + "Content": " - apps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - apps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 130, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 131, + "Content": " - daemonsets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - daemonsets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 132, + "Content": " - deployments", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 133, + "Content": " - deployments/rollback", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments/rollback", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 134, + "Content": " - deployments/scale", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments/scale", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 135, + "Content": " - replicasets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicasets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 136, + "Content": " - replicasets/scale", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicasets/scale", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 137, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'admin' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 155, + "EndLine": 165, + "Code": { + "Lines": [ + { + "Number": 155, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 156, + "Content": " - batch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - batch", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 157, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 158, + "Content": " - cronjobs", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - cronjobs", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 159, + "Content": " - jobs", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - jobs", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 160, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 161, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 162, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 163, + "Content": " - deletecollection", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deletecollection", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 164, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'admin' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 166, + "EndLine": 183, + "Code": { + "Lines": [ + { + "Number": 166, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 167, + "Content": " - extensions", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - extensions", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 168, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 169, + "Content": " - daemonsets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - daemonsets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 170, + "Content": " - deployments", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 171, + "Content": " - deployments/rollback", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments/rollback", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 172, + "Content": " - deployments/scale", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments/scale", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 173, + "Content": " - ingresses", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - ingresses", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 174, + "Content": " - networkpolicies", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - networkpolicies", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 175, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0049", + "Title": "Manage configmaps", + "Description": "Some workloads leverage configmaps to store sensitive data or configuration parameters that affect runtime behavior that can be modified by an attacker or combined with another issue to potentially lead to compromise.", + "Message": "ClusterRole 'admin' should not have access to resource 'configmaps' for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV049", + "Query": "data.builtin.kubernetes.KSV049.deny", + "Resolution": "Remove write permission verbs for resource 'configmaps'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0049", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0049" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 104, + "EndLine": 121, + "Code": { + "Lines": [ + { + "Number": 104, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 105, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 106, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 107, + "Content": " - configmaps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - configmaps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 108, + "Content": " - events", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - events", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 109, + "Content": " - persistentvolumeclaims", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - persistentvolumeclaims", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 110, + "Content": " - replicationcontrollers", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicationcontrollers", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 111, + "Content": " - replicationcontrollers/scale", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicationcontrollers/scale", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 112, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 113, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0053", + "Title": "Exec into Pods", + "Description": "The ability to exec into a container with privileged access to the host or with an attached SA with higher RBAC permissions is a common escalation path to cluster-admin.", + "Message": "ClusterRole 'admin' should not have access to resource '[\"pods/exec\"]' for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV053", + "Query": "data.builtin.kubernetes.KSV053.deny", + "Resolution": "Remove write permission verbs for resource 'pods/exec'", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0053", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0053" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 84, + "EndLine": 97, + "Code": { + "Lines": [ + { + "Number": 84, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 85, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 86, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 87, + "Content": " - pods", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 88, + "Content": " - pods/attach", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/attach", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 89, + "Content": " - pods/exec", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/exec", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 90, + "Content": " - pods/portforward", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/portforward", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 91, + "Content": " - pods/proxy", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/proxy", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 92, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 93, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0056", + "Title": "Manage Kubernetes networking", + "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", + "Message": "ClusterRole 'admin' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV056", + "Query": "data.builtin.kubernetes.KSV056.deny", + "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0056" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 104, + "EndLine": 121, + "Code": { + "Lines": [ + { + "Number": 104, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 105, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 106, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 107, + "Content": " - configmaps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - configmaps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 108, + "Content": " - events", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - events", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 109, + "Content": " - persistentvolumeclaims", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - persistentvolumeclaims", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 110, + "Content": " - replicationcontrollers", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicationcontrollers", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 111, + "Content": " - replicationcontrollers/scale", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicationcontrollers/scale", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 112, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 113, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0056", + "Title": "Manage Kubernetes networking", + "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", + "Message": "ClusterRole 'admin' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV056", + "Query": "data.builtin.kubernetes.KSV056.deny", + "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0056" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 166, + "EndLine": 183, + "Code": { + "Lines": [ + { + "Number": 166, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 167, + "Content": " - extensions", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - extensions", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 168, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 169, + "Content": " - daemonsets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - daemonsets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 170, + "Content": " - deployments", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 171, + "Content": " - deployments/rollback", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments/rollback", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 172, + "Content": " - deployments/scale", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments/scale", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 173, + "Content": " - ingresses", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - ingresses", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 174, + "Content": " - networkpolicies", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - networkpolicies", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 175, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0056", + "Title": "Manage Kubernetes networking", + "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", + "Message": "ClusterRole 'admin' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV056", + "Query": "data.builtin.kubernetes.KSV056.deny", + "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0056" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 194, + "EndLine": 204, + "Code": { + "Lines": [ + { + "Number": 194, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 195, + "Content": " - networking.k8s.io", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - networking.k8s.io", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 196, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 197, + "Content": " - ingresses", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - ingresses", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 198, + "Content": " - networkpolicies", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - networkpolicies", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 199, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 200, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 201, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 202, + "Content": " - deletecollection", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deletecollection", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 203, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "cert-manager-cainjector", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/cert-manager-cainjector", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 55, + "Failures": 2 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0041", + "Title": "Manage secrets", + "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", + "Message": "ClusterRole 'cert-manager-cainjector' shouldn't have access to manage resource 'secrets'", + "Namespace": "builtin.kubernetes.KSV041", + "Query": "data.builtin.kubernetes.KSV041.deny", + "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0041" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 23, + "EndLine": 30, + "Code": { + "Lines": [ + { + "Number": 23, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 24, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 25, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 26, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 27, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 28, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 29, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 30, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0114", + "Title": "Manage webhookconfigurations", + "Description": "Webhooks can silently intercept or actively mutate/block resources as they are being created or updated. This includes secrets and pod specs.", + "Message": "ClusterRole 'cert-manager-cainjector' should not have access to resources [\"mutatingwebhookconfigurations\", \"validatingwebhookconfigurations\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV114", + "Query": "data.builtin.kubernetes.KSV114.deny", + "Resolution": "Remove webhook configuration resources/verbs, acceptable values for verbs ['get', 'list', 'watch']", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0114", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0114" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 40, + "EndLine": 50, + "Code": { + "Lines": [ + { + "Number": 40, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 41, + "Content": " - admissionregistration.k8s.io", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - admissionregistration.k8s.io", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - validatingwebhookconfigurations", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - validatingwebhookconfigurations", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " - mutatingwebhookconfigurations", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - mutatingwebhookconfigurations", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 46, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 47, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 48, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 49, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "cert-manager-cluster-view", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/cert-manager-cluster-view", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "cert-manager-controller-approve:cert-manager-io", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/cert-manager-controller-approve:cert-manager-io", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "cert-manager-controller-certificates", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/cert-manager-controller-certificates", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0041", + "Title": "Manage secrets", + "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", + "Message": "ClusterRole 'cert-manager-controller-certificates' shouldn't have access to manage resource 'secrets'", + "Namespace": "builtin.kubernetes.KSV041", + "Query": "data.builtin.kubernetes.KSV041.deny", + "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0041" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 53, + "EndLine": 64, + "Code": { + "Lines": [ + { + "Number": 53, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 54, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 55, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 56, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 57, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 58, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 59, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 60, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 61, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 62, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "cert-manager-controller-certificatesigningrequests", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/cert-manager-controller-certificatesigningrequests", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "cert-manager-controller-challenges", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/cert-manager-controller-challenges", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 54, + "Failures": 5 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0041", + "Title": "Manage secrets", + "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", + "Message": "ClusterRole 'cert-manager-controller-challenges' shouldn't have access to manage resource 'secrets'", + "Namespace": "builtin.kubernetes.KSV041", + "Query": "data.builtin.kubernetes.KSV041.deny", + "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0041" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 40, + "EndLine": 47, + "Code": { + "Lines": [ + { + "Number": 40, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 41, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 46, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 47, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0041", + "Title": "Manage secrets", + "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", + "Message": "ClusterRole 'cert-manager-controller-challenges' shouldn't have access to manage resource 'secrets'", + "Namespace": "builtin.kubernetes.KSV041", + "Query": "data.builtin.kubernetes.KSV041.deny", + "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0041" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 100, + "EndLine": 107, + "Code": { + "Lines": [ + { + "Number": 100, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 101, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 102, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 103, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 104, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 105, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 106, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 107, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'cert-manager-controller-challenges' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 55, + "EndLine": 65, + "Code": { + "Lines": [ + { + "Number": 55, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 56, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 57, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 58, + "Content": " - pods", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 59, + "Content": " - services", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - services", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 60, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 61, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 62, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 63, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 64, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0056", + "Title": "Manage Kubernetes networking", + "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", + "Message": "ClusterRole 'cert-manager-controller-challenges' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV056", + "Query": "data.builtin.kubernetes.KSV056.deny", + "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0056" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 55, + "EndLine": 65, + "Code": { + "Lines": [ + { + "Number": 55, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 56, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 57, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 58, + "Content": " - pods", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 59, + "Content": " - services", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - services", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 60, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 61, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 62, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 63, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 64, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0056", + "Title": "Manage Kubernetes networking", + "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", + "Message": "ClusterRole 'cert-manager-controller-challenges' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV056", + "Query": "data.builtin.kubernetes.KSV056.deny", + "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0056" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 66, + "EndLine": 76, + "Code": { + "Lines": [ + { + "Number": 66, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 67, + "Content": " - networking.k8s.io", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - networking.k8s.io", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 68, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 69, + "Content": " - ingresses", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - ingresses", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 70, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 71, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 72, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 73, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 74, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 75, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "cert-manager-controller-clusterissuers", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/cert-manager-controller-clusterissuers", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0041", + "Title": "Manage secrets", + "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", + "Message": "ClusterRole 'cert-manager-controller-clusterissuers' shouldn't have access to manage resource 'secrets'", + "Namespace": "builtin.kubernetes.KSV041", + "Query": "data.builtin.kubernetes.KSV041.deny", + "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0041" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 31, + "EndLine": 41, + "Code": { + "Lines": [ + { + "Number": 31, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 32, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 40, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "cert-manager-controller-ingress-shim", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/cert-manager-controller-ingress-shim", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "cert-manager-controller-issuers", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/cert-manager-controller-issuers", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0041", + "Title": "Manage secrets", + "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", + "Message": "ClusterRole 'cert-manager-controller-issuers' shouldn't have access to manage resource 'secrets'", + "Namespace": "builtin.kubernetes.KSV041", + "Query": "data.builtin.kubernetes.KSV041.deny", + "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0041" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 31, + "EndLine": 41, + "Code": { + "Lines": [ + { + "Number": 31, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 32, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 40, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "cert-manager-controller-orders", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/cert-manager-controller-orders", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0041", + "Title": "Manage secrets", + "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", + "Message": "ClusterRole 'cert-manager-controller-orders' shouldn't have access to manage resource 'secrets'", + "Namespace": "builtin.kubernetes.KSV041", + "Query": "data.builtin.kubernetes.KSV041.deny", + "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0041" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 54, + "EndLine": 61, + "Code": { + "Lines": [ + { + "Number": 54, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 55, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 56, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 57, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 58, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 59, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 60, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 61, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "cert-manager-edit", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/cert-manager-edit", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "cert-manager-view", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/cert-manager-view", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "cert-manager-webhook:subjectaccessreviews", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/cert-manager-webhook:subjectaccessreviews", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "cluster-admin", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/cluster-admin", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 55, + "Failures": 2 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0044", + "Title": "No wildcard verb and resource roles", + "Description": "Check whether role permits wildcard verb on wildcard resource", + "Message": "Role permits wildcard verb on wildcard resource", + "Namespace": "builtin.kubernetes.KSV044", + "Query": "data.builtin.kubernetes.KSV044.deny", + "Resolution": "Create a role which does not permit wildcard verb on wildcard resource", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0044", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0044" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 13, + "EndLine": 18, + "Code": { + "Lines": [ + { + "Number": 13, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 14, + "Content": " - '*'", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m'*'", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " - '*'", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m'*'", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " - '*'", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m'*'\u001b[0m", + "FirstCause": false, + "LastCause": true + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0046", + "Title": "Manage all resources", + "Description": "Full control of the cluster resources, and therefore also root on all nodes where workloads can run and has access to all pods, secrets, and data.", + "Message": "ClusterRole 'cluster-admin' shouldn't manage all resources", + "Namespace": "builtin.kubernetes.KSV046", + "Query": "data.builtin.kubernetes.KSV046.deny", + "Resolution": "Remove '*' from 'rules.resources'. Provide specific list of resources to be managed by cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0046", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0046" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 13, + "EndLine": 18, + "Code": { + "Lines": [ + { + "Number": 13, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 14, + "Content": " - '*'", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m'*'", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " - '*'", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m'*'", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " - '*'", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m'*'\u001b[0m", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "coredns", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/coredns", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "edit", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/edit", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 52, + "Failures": 12 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0041", + "Title": "Manage secrets", + "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", + "Message": "ClusterRole 'edit' shouldn't have access to manage resource 'secrets'", + "Namespace": "builtin.kubernetes.KSV041", + "Query": "data.builtin.kubernetes.KSV041.deny", + "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0041" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 66, + "EndLine": 78, + "Code": { + "Lines": [ + { + "Number": 66, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 67, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 68, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 69, + "Content": " - pods/attach", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/attach", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 70, + "Content": " - pods/exec", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/exec", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 71, + "Content": " - pods/portforward", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/portforward", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 72, + "Content": " - pods/proxy", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/proxy", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 73, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 74, + "Content": " - services/proxy", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - services/proxy", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 75, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0041", + "Title": "Manage secrets", + "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", + "Message": "ClusterRole 'edit' shouldn't have access to manage resource 'secrets'", + "Namespace": "builtin.kubernetes.KSV041", + "Query": "data.builtin.kubernetes.KSV041.deny", + "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0041" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 105, + "EndLine": 122, + "Code": { + "Lines": [ + { + "Number": 105, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 106, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 107, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 108, + "Content": " - configmaps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - configmaps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 109, + "Content": " - events", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - events", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 110, + "Content": " - persistentvolumeclaims", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - persistentvolumeclaims", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 111, + "Content": " - replicationcontrollers", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicationcontrollers", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 112, + "Content": " - replicationcontrollers/scale", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicationcontrollers/scale", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 113, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 114, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'edit' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 85, + "EndLine": 98, + "Code": { + "Lines": [ + { + "Number": 85, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 86, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 87, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 88, + "Content": " - pods", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 89, + "Content": " - pods/attach", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/attach", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 90, + "Content": " - pods/exec", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/exec", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 91, + "Content": " - pods/portforward", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/portforward", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 92, + "Content": " - pods/proxy", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/proxy", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 93, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 94, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'edit' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 105, + "EndLine": 122, + "Code": { + "Lines": [ + { + "Number": 105, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 106, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 107, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 108, + "Content": " - configmaps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - configmaps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 109, + "Content": " - events", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - events", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 110, + "Content": " - persistentvolumeclaims", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - persistentvolumeclaims", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 111, + "Content": " - replicationcontrollers", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicationcontrollers", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 112, + "Content": " - replicationcontrollers/scale", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicationcontrollers/scale", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 113, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 114, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'edit' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 129, + "EndLine": 145, + "Code": { + "Lines": [ + { + "Number": 129, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 130, + "Content": " - apps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - apps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 131, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 132, + "Content": " - daemonsets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - daemonsets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 133, + "Content": " - deployments", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 134, + "Content": " - deployments/rollback", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments/rollback", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 135, + "Content": " - deployments/scale", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments/scale", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 136, + "Content": " - replicasets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicasets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 137, + "Content": " - replicasets/scale", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicasets/scale", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 138, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'edit' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 156, + "EndLine": 166, + "Code": { + "Lines": [ + { + "Number": 156, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 157, + "Content": " - batch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - batch", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 158, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 159, + "Content": " - cronjobs", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - cronjobs", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 160, + "Content": " - jobs", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - jobs", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 161, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 162, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 163, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 164, + "Content": " - deletecollection", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deletecollection", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 165, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'edit' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 167, + "EndLine": 184, + "Code": { + "Lines": [ + { + "Number": 167, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 168, + "Content": " - extensions", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - extensions", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 169, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 170, + "Content": " - daemonsets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - daemonsets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 171, + "Content": " - deployments", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 172, + "Content": " - deployments/rollback", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments/rollback", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 173, + "Content": " - deployments/scale", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments/scale", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 174, + "Content": " - ingresses", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - ingresses", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 175, + "Content": " - networkpolicies", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - networkpolicies", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 176, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0049", + "Title": "Manage configmaps", + "Description": "Some workloads leverage configmaps to store sensitive data or configuration parameters that affect runtime behavior that can be modified by an attacker or combined with another issue to potentially lead to compromise.", + "Message": "ClusterRole 'edit' should not have access to resource 'configmaps' for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV049", + "Query": "data.builtin.kubernetes.KSV049.deny", + "Resolution": "Remove write permission verbs for resource 'configmaps'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0049", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0049" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 105, + "EndLine": 122, + "Code": { + "Lines": [ + { + "Number": 105, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 106, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 107, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 108, + "Content": " - configmaps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - configmaps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 109, + "Content": " - events", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - events", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 110, + "Content": " - persistentvolumeclaims", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - persistentvolumeclaims", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 111, + "Content": " - replicationcontrollers", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicationcontrollers", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 112, + "Content": " - replicationcontrollers/scale", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicationcontrollers/scale", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 113, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 114, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0053", + "Title": "Exec into Pods", + "Description": "The ability to exec into a container with privileged access to the host or with an attached SA with higher RBAC permissions is a common escalation path to cluster-admin.", + "Message": "ClusterRole 'edit' should not have access to resource '[\"pods/exec\"]' for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV053", + "Query": "data.builtin.kubernetes.KSV053.deny", + "Resolution": "Remove write permission verbs for resource 'pods/exec'", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0053", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0053" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 85, + "EndLine": 98, + "Code": { + "Lines": [ + { + "Number": 85, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 86, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 87, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 88, + "Content": " - pods", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 89, + "Content": " - pods/attach", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/attach", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 90, + "Content": " - pods/exec", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/exec", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 91, + "Content": " - pods/portforward", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/portforward", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 92, + "Content": " - pods/proxy", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/proxy", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 93, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 94, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0056", + "Title": "Manage Kubernetes networking", + "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", + "Message": "ClusterRole 'edit' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV056", + "Query": "data.builtin.kubernetes.KSV056.deny", + "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0056" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 105, + "EndLine": 122, + "Code": { + "Lines": [ + { + "Number": 105, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 106, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 107, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 108, + "Content": " - configmaps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - configmaps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 109, + "Content": " - events", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - events", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 110, + "Content": " - persistentvolumeclaims", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - persistentvolumeclaims", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 111, + "Content": " - replicationcontrollers", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicationcontrollers", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 112, + "Content": " - replicationcontrollers/scale", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicationcontrollers/scale", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 113, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 114, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0056", + "Title": "Manage Kubernetes networking", + "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", + "Message": "ClusterRole 'edit' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV056", + "Query": "data.builtin.kubernetes.KSV056.deny", + "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0056" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 167, + "EndLine": 184, + "Code": { + "Lines": [ + { + "Number": 167, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 168, + "Content": " - extensions", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - extensions", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 169, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 170, + "Content": " - daemonsets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - daemonsets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 171, + "Content": " - deployments", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 172, + "Content": " - deployments/rollback", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments/rollback", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 173, + "Content": " - deployments/scale", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments/scale", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 174, + "Content": " - ingresses", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - ingresses", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 175, + "Content": " - networkpolicies", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - networkpolicies", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 176, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0056", + "Title": "Manage Kubernetes networking", + "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", + "Message": "ClusterRole 'edit' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV056", + "Query": "data.builtin.kubernetes.KSV056.deny", + "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0056" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 195, + "EndLine": 205, + "Code": { + "Lines": [ + { + "Number": 195, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 196, + "Content": " - networking.k8s.io", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - networking.k8s.io", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 197, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 198, + "Content": " - ingresses", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - ingresses", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 199, + "Content": " - networkpolicies", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - networkpolicies", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 200, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 201, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 202, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 203, + "Content": " - deletecollection", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deletecollection", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 204, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "metallb-system:controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/metallb-system:controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0114", + "Title": "Manage webhookconfigurations", + "Description": "Webhooks can silently intercept or actively mutate/block resources as they are being created or updated. This includes secrets and pod specs.", + "Message": "ClusterRole 'metallb-system:controller' should not have access to resources [\"mutatingwebhookconfigurations\", \"validatingwebhookconfigurations\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV114", + "Query": "data.builtin.kubernetes.KSV114.deny", + "Resolution": "Remove webhook configuration resources/verbs, acceptable values for verbs ['get', 'list', 'watch']", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0114", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0114" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 47, + "EndLine": 60, + "Code": { + "Lines": [ + { + "Number": 47, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 48, + "Content": " - admissionregistration.k8s.io", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - admissionregistration.k8s.io", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 49, + "Content": " resourceNames:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresourceNames\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 50, + "Content": " - metallb-webhook-configuration", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - metallb-webhook-configuration", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 51, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 52, + "Content": " - validatingwebhookconfigurations", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - validatingwebhookconfigurations", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 53, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 54, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 55, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 56, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "metallb-system:speaker", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/metallb-system:speaker", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "microk8s-hostpath", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/microk8s-hostpath", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 55, + "Failures": 2 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'microk8s-hostpath' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 58, + "EndLine": 65, + "Code": { + "Lines": [ + { + "Number": 58, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 59, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 60, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 61, + "Content": " - pods", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 62, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 63, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 64, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 65, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": true + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0056", + "Title": "Manage Kubernetes networking", + "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", + "Message": "ClusterRole 'microk8s-hostpath' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV056", + "Query": "data.builtin.kubernetes.KSV056.deny", + "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0056" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 32, + "EndLine": 42, + "Code": { + "Lines": [ + { + "Number": 32, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 33, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - endpoints", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - endpoints", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - update", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - update", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 41, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "nginx-ingress-microk8s-clusterrole", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/nginx-ingress-microk8s-clusterrole", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0041", + "Title": "Manage secrets", + "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", + "Message": "ClusterRole 'nginx-ingress-microk8s-clusterrole' shouldn't have access to manage resource 'secrets'", + "Namespace": "builtin.kubernetes.KSV041", + "Query": "data.builtin.kubernetes.KSV041.deny", + "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0041" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 21, + "EndLine": 31, + "Code": { + "Lines": [ + { + "Number": 21, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 22, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 23, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 24, + "Content": " - configmaps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - configmaps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 25, + "Content": " - endpoints", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - endpoints", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 26, + "Content": " - nodes", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - nodes", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 27, + "Content": " - pods", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 28, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 29, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 30, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "operator-maintenance-role", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/operator-maintenance-role", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 2 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'operator-maintenance-role' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 9, + "EndLine": 21, + "Code": { + "Lines": [ + { + "Number": 9, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 10, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 11, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 12, + "Content": " - pods", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 13, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 14, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 18, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'operator-maintenance-role' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 56, + "EndLine": 67, + "Code": { + "Lines": [ + { + "Number": 56, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 57, + "Content": " - batch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - batch", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 58, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 59, + "Content": " - jobs", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - jobs", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 60, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 61, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 62, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 63, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 64, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 65, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "prometheus", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/prometheus", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0047", + "Title": "Do not allow privilege escalation from node proxy", + "Description": "Check whether role permits privilege escalation from node proxy", + "Message": "Role permits privilege escalation from node proxy", + "Namespace": "builtin.kubernetes.KSV047", + "Query": "data.builtin.kubernetes.KSV047.deny", + "Resolution": "Create a role which does not permit privilege escalation from node proxy", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0047", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0047" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 9, + "EndLine": 20, + "Code": { + "Lines": [ + { + "Number": 9, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 10, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 11, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 12, + "Content": " - nodes", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - nodes", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 13, + "Content": " - nodes/proxy", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - nodes/proxy", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 14, + "Content": " - services", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - services", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " - endpoints", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - endpoints", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " - pods", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 18, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:aggregate-to-admin", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:aggregate-to-admin", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:aggregate-to-edit", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:aggregate-to-edit", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 52, + "Failures": 12 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0041", + "Title": "Manage secrets", + "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", + "Message": "ClusterRole 'system:aggregate-to-edit' shouldn't have access to manage resource 'secrets'", + "Namespace": "builtin.kubernetes.KSV041", + "Query": "data.builtin.kubernetes.KSV041.deny", + "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0041" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 14, + "EndLine": 26, + "Code": { + "Lines": [ + { + "Number": 14, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 15, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " - pods/attach", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/attach", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " - pods/exec", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/exec", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " - pods/portforward", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/portforward", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " - pods/proxy", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/proxy", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": " - services/proxy", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - services/proxy", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 23, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0041", + "Title": "Manage secrets", + "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", + "Message": "ClusterRole 'system:aggregate-to-edit' shouldn't have access to manage resource 'secrets'", + "Namespace": "builtin.kubernetes.KSV041", + "Query": "data.builtin.kubernetes.KSV041.deny", + "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0041" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 53, + "EndLine": 70, + "Code": { + "Lines": [ + { + "Number": 53, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 54, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 55, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 56, + "Content": " - configmaps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - configmaps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 57, + "Content": " - events", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - events", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 58, + "Content": " - persistentvolumeclaims", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - persistentvolumeclaims", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 59, + "Content": " - replicationcontrollers", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicationcontrollers", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 60, + "Content": " - replicationcontrollers/scale", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicationcontrollers/scale", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 61, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 62, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'system:aggregate-to-edit' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 33, + "EndLine": 46, + "Code": { + "Lines": [ + { + "Number": 33, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 34, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - pods", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - pods/attach", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/attach", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - pods/exec", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/exec", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - pods/portforward", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/portforward", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - pods/proxy", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/proxy", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 42, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'system:aggregate-to-edit' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 53, + "EndLine": 70, + "Code": { + "Lines": [ + { + "Number": 53, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 54, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 55, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 56, + "Content": " - configmaps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - configmaps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 57, + "Content": " - events", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - events", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 58, + "Content": " - persistentvolumeclaims", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - persistentvolumeclaims", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 59, + "Content": " - replicationcontrollers", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicationcontrollers", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 60, + "Content": " - replicationcontrollers/scale", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicationcontrollers/scale", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 61, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 62, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'system:aggregate-to-edit' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 77, + "EndLine": 93, + "Code": { + "Lines": [ + { + "Number": 77, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 78, + "Content": " - apps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - apps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 79, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 80, + "Content": " - daemonsets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - daemonsets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 81, + "Content": " - deployments", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 82, + "Content": " - deployments/rollback", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments/rollback", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 83, + "Content": " - deployments/scale", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments/scale", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 84, + "Content": " - replicasets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicasets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 85, + "Content": " - replicasets/scale", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicasets/scale", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 86, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'system:aggregate-to-edit' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 104, + "EndLine": 114, + "Code": { + "Lines": [ + { + "Number": 104, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 105, + "Content": " - batch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - batch", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 106, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 107, + "Content": " - cronjobs", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - cronjobs", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 108, + "Content": " - jobs", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - jobs", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 109, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 110, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 111, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 112, + "Content": " - deletecollection", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deletecollection", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 113, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'system:aggregate-to-edit' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 115, + "EndLine": 132, + "Code": { + "Lines": [ + { + "Number": 115, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 116, + "Content": " - extensions", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - extensions", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 117, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 118, + "Content": " - daemonsets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - daemonsets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 119, + "Content": " - deployments", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 120, + "Content": " - deployments/rollback", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments/rollback", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 121, + "Content": " - deployments/scale", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments/scale", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 122, + "Content": " - ingresses", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - ingresses", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 123, + "Content": " - networkpolicies", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - networkpolicies", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 124, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0049", + "Title": "Manage configmaps", + "Description": "Some workloads leverage configmaps to store sensitive data or configuration parameters that affect runtime behavior that can be modified by an attacker or combined with another issue to potentially lead to compromise.", + "Message": "ClusterRole 'system:aggregate-to-edit' should not have access to resource 'configmaps' for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV049", + "Query": "data.builtin.kubernetes.KSV049.deny", + "Resolution": "Remove write permission verbs for resource 'configmaps'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0049", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0049" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 53, + "EndLine": 70, + "Code": { + "Lines": [ + { + "Number": 53, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 54, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 55, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 56, + "Content": " - configmaps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - configmaps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 57, + "Content": " - events", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - events", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 58, + "Content": " - persistentvolumeclaims", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - persistentvolumeclaims", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 59, + "Content": " - replicationcontrollers", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicationcontrollers", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 60, + "Content": " - replicationcontrollers/scale", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicationcontrollers/scale", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 61, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 62, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0053", + "Title": "Exec into Pods", + "Description": "The ability to exec into a container with privileged access to the host or with an attached SA with higher RBAC permissions is a common escalation path to cluster-admin.", + "Message": "ClusterRole 'system:aggregate-to-edit' should not have access to resource '[\"pods/exec\"]' for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV053", + "Query": "data.builtin.kubernetes.KSV053.deny", + "Resolution": "Remove write permission verbs for resource 'pods/exec'", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0053", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0053" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 33, + "EndLine": 46, + "Code": { + "Lines": [ + { + "Number": 33, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 34, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - pods", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - pods/attach", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/attach", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - pods/exec", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/exec", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - pods/portforward", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/portforward", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - pods/proxy", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/proxy", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 42, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0056", + "Title": "Manage Kubernetes networking", + "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", + "Message": "ClusterRole 'system:aggregate-to-edit' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV056", + "Query": "data.builtin.kubernetes.KSV056.deny", + "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0056" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 53, + "EndLine": 70, + "Code": { + "Lines": [ + { + "Number": 53, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 54, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 55, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 56, + "Content": " - configmaps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - configmaps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 57, + "Content": " - events", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - events", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 58, + "Content": " - persistentvolumeclaims", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - persistentvolumeclaims", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 59, + "Content": " - replicationcontrollers", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicationcontrollers", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 60, + "Content": " - replicationcontrollers/scale", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicationcontrollers/scale", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 61, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 62, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0056", + "Title": "Manage Kubernetes networking", + "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", + "Message": "ClusterRole 'system:aggregate-to-edit' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV056", + "Query": "data.builtin.kubernetes.KSV056.deny", + "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0056" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 115, + "EndLine": 132, + "Code": { + "Lines": [ + { + "Number": 115, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 116, + "Content": " - extensions", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - extensions", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 117, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 118, + "Content": " - daemonsets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - daemonsets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 119, + "Content": " - deployments", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 120, + "Content": " - deployments/rollback", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments/rollback", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 121, + "Content": " - deployments/scale", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments/scale", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 122, + "Content": " - ingresses", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - ingresses", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 123, + "Content": " - networkpolicies", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - networkpolicies", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 124, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0056", + "Title": "Manage Kubernetes networking", + "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", + "Message": "ClusterRole 'system:aggregate-to-edit' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV056", + "Query": "data.builtin.kubernetes.KSV056.deny", + "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0056" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 143, + "EndLine": 153, + "Code": { + "Lines": [ + { + "Number": 143, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 144, + "Content": " - networking.k8s.io", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - networking.k8s.io", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 145, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 146, + "Content": " - ingresses", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - ingresses", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 147, + "Content": " - networkpolicies", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - networkpolicies", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 148, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 149, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 150, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 151, + "Content": " - deletecollection", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deletecollection", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 152, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:aggregate-to-view", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:aggregate-to-view", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:auth-delegator", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:auth-delegator", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:basic-user", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:basic-user", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:certificates.k8s.io:certificatesigningrequests:nodeclient", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:certificates.k8s.io:certificatesigningrequests:nodeclient", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:certificates.k8s.io:certificatesigningrequests:selfnodeclient", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:certificates.k8s.io:certificatesigningrequests:selfnodeclient", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:certificates.k8s.io:kube-apiserver-client-approver", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:certificates.k8s.io:kube-apiserver-client-approver", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:certificates.k8s.io:kube-apiserver-client-kubelet-approver", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:certificates.k8s.io:kube-apiserver-client-kubelet-approver", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:certificates.k8s.io:kubelet-serving-approver", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:certificates.k8s.io:kubelet-serving-approver", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:certificates.k8s.io:legacy-unknown-approver", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:certificates.k8s.io:legacy-unknown-approver", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:attachdetach-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:attachdetach-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:certificate-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:certificate-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:clusterrole-aggregation-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:clusterrole-aggregation-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:cronjob-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:cronjob-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 3 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'system:controller:cronjob-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 13, + "EndLine": 21, + "Code": { + "Lines": [ + { + "Number": 13, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 14, + "Content": " - batch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - batch", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " - cronjobs", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - cronjobs", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " - update", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - update", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'system:controller:cronjob-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 22, + "EndLine": 33, + "Code": { + "Lines": [ + { + "Number": 22, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 23, + "Content": " - batch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - batch", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 24, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 25, + "Content": " - jobs", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - jobs", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 26, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 27, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 28, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 29, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 30, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 31, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'system:controller:cronjob-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 46, + "EndLine": 52, + "Code": { + "Lines": [ + { + "Number": 46, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 47, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 48, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 49, + "Content": " - pods", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 50, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 51, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 52, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:daemon-set-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:daemon-set-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'system:controller:daemon-set-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 43, + "EndLine": 52, + "Code": { + "Lines": [ + { + "Number": 43, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 44, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 46, + "Content": " - pods", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 47, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 48, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 49, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 50, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 51, + "Content": " - patch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - patch", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 52, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:deployment-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:deployment-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 3 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'system:controller:deployment-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 13, + "EndLine": 22, + "Code": { + "Lines": [ + { + "Number": 13, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 14, + "Content": " - apps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - apps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " - extensions", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - extensions", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " - deployments", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " - update", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - update", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'system:controller:deployment-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 37, + "EndLine": 49, + "Code": { + "Lines": [ + { + "Number": 37, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 38, + "Content": " - apps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - apps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - extensions", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - extensions", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " - replicasets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicasets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 46, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'system:controller:deployment-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 50, + "EndLine": 58, + "Code": { + "Lines": [ + { + "Number": 50, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 51, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 52, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 53, + "Content": " - pods", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 54, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 55, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 56, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 57, + "Content": " - update", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - update", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 58, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:disruption-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:disruption-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:endpoint-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:endpoint-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0056", + "Title": "Manage Kubernetes networking", + "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", + "Message": "ClusterRole 'system:controller:endpoint-controller' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV056", + "Query": "data.builtin.kubernetes.KSV056.deny", + "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0056" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 22, + "EndLine": 31, + "Code": { + "Lines": [ + { + "Number": 22, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 23, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 24, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 25, + "Content": " - endpoints", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - endpoints", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 26, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 27, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 28, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 29, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 30, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 31, + "Content": " - update", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - update", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:endpointslice-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:endpointslice-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0056", + "Title": "Manage Kubernetes networking", + "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", + "Message": "ClusterRole 'system:controller:endpointslice-controller' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV056", + "Query": "data.builtin.kubernetes.KSV056.deny", + "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0056" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 29, + "EndLine": 38, + "Code": { + "Lines": [ + { + "Number": 29, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 30, + "Content": " - discovery.k8s.io", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - discovery.k8s.io", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 31, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " - endpointslices", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - endpointslices", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - update", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - update", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:endpointslicemirroring-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:endpointslicemirroring-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0056", + "Title": "Manage Kubernetes networking", + "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", + "Message": "ClusterRole 'system:controller:endpointslicemirroring-controller' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV056", + "Query": "data.builtin.kubernetes.KSV056.deny", + "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0056" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 34, + "EndLine": 43, + "Code": { + "Lines": [ + { + "Number": 34, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 35, + "Content": " - discovery.k8s.io", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - discovery.k8s.io", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - endpointslices", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - endpointslices", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - update", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - update", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:ephemeral-volume-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:ephemeral-volume-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:expand-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:expand-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0041", + "Title": "Manage secrets", + "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", + "Message": "ClusterRole 'system:controller:expand-controller' shouldn't have access to manage resource 'secrets'", + "Namespace": "builtin.kubernetes.KSV041", + "Query": "data.builtin.kubernetes.KSV041.deny", + "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0041" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 53, + "EndLine": 58, + "Code": { + "Lines": [ + { + "Number": 53, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 54, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 55, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 56, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 57, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 58, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:generic-garbage-collector", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:generic-garbage-collector", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0046", + "Title": "Manage all resources", + "Description": "Full control of the cluster resources, and therefore also root on all nodes where workloads can run and has access to all pods, secrets, and data.", + "Message": "ClusterRole 'system:controller:generic-garbage-collector' shouldn't manage all resources", + "Namespace": "builtin.kubernetes.KSV046", + "Query": "data.builtin.kubernetes.KSV046.deny", + "Resolution": "Remove '*' from 'rules.resources'. Provide specific list of resources to be managed by cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0046", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0046" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 13, + "EndLine": 23, + "Code": { + "Lines": [ + { + "Number": 13, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 14, + "Content": " - '*'", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m'*'", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " - '*'", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m'*'", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " - patch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - patch", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 22, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:horizontal-pod-autoscaler", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:horizontal-pod-autoscaler", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 2 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0046", + "Title": "Manage all resources", + "Description": "Full control of the cluster resources, and therefore also root on all nodes where workloads can run and has access to all pods, secrets, and data.", + "Message": "ClusterRole 'system:controller:horizontal-pod-autoscaler' shouldn't manage all resources", + "Namespace": "builtin.kubernetes.KSV046", + "Query": "data.builtin.kubernetes.KSV046.deny", + "Resolution": "Remove '*' from 'rules.resources'. Provide specific list of resources to be managed by cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0046", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0046" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 46, + "EndLine": 52, + "Code": { + "Lines": [ + { + "Number": 46, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 47, + "Content": " - custom.metrics.k8s.io", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - custom.metrics.k8s.io", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 48, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 49, + "Content": " - '*'", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m'*'", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 50, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 51, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 52, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": true + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0046", + "Title": "Manage all resources", + "Description": "Full control of the cluster resources, and therefore also root on all nodes where workloads can run and has access to all pods, secrets, and data.", + "Message": "ClusterRole 'system:controller:horizontal-pod-autoscaler' shouldn't manage all resources", + "Namespace": "builtin.kubernetes.KSV046", + "Query": "data.builtin.kubernetes.KSV046.deny", + "Resolution": "Remove '*' from 'rules.resources'. Provide specific list of resources to be managed by cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0046", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0046" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 53, + "EndLine": 59, + "Code": { + "Lines": [ + { + "Number": 53, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 54, + "Content": " - external.metrics.k8s.io", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - external.metrics.k8s.io", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 55, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 56, + "Content": " - '*'", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m'*'", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 57, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 58, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 59, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:job-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:job-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 2 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'system:controller:job-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 13, + "EndLine": 22, + "Code": { + "Lines": [ + { + "Number": 13, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 14, + "Content": " - batch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - batch", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " - jobs", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - jobs", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " - patch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - patch", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " - update", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - update", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'system:controller:job-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 35, + "EndLine": 44, + "Code": { + "Lines": [ + { + "Number": 35, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 36, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - pods", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - patch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - patch", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:legacy-service-account-token-cleaner", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:legacy-service-account-token-cleaner", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0041", + "Title": "Manage secrets", + "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", + "Message": "ClusterRole 'system:controller:legacy-service-account-token-cleaner' shouldn't have access to manage resource 'secrets'", + "Namespace": "builtin.kubernetes.KSV041", + "Query": "data.builtin.kubernetes.KSV041.deny", + "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0041" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 21, + "EndLine": 27, + "Code": { + "Lines": [ + { + "Number": 21, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 22, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 23, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 24, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 25, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 26, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 27, + "Content": " - patch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - patch", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:namespace-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:namespace-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0046", + "Title": "Manage all resources", + "Description": "Full control of the cluster resources, and therefore also root on all nodes where workloads can run and has access to all pods, secrets, and data.", + "Message": "ClusterRole 'system:controller:namespace-controller' shouldn't manage all resources", + "Namespace": "builtin.kubernetes.KSV046", + "Query": "data.builtin.kubernetes.KSV046.deny", + "Resolution": "Remove '*' from 'rules.resources'. Provide specific list of resources to be managed by cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0046", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0046" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 29, + "EndLine": 37, + "Code": { + "Lines": [ + { + "Number": 29, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 30, + "Content": " - '*'", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m'*'", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 31, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " - '*'", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m'*'", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - deletecollection", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deletecollection", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:node-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:node-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'system:controller:node-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 37, + "EndLine": 43, + "Code": { + "Lines": [ + { + "Number": 37, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 38, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - pods", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:persistent-volume-binder", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:persistent-volume-binder", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 54, + "Failures": 4 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0041", + "Title": "Manage secrets", + "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", + "Message": "ClusterRole 'system:controller:persistent-volume-binder' shouldn't have access to manage resource 'secrets'", + "Namespace": "builtin.kubernetes.KSV041", + "Query": "data.builtin.kubernetes.KSV041.deny", + "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0041" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 80, + "EndLine": 85, + "Code": { + "Lines": [ + { + "Number": 80, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 81, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 82, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 83, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 84, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 85, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": true + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'system:controller:persistent-volume-binder' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 45, + "EndLine": 54, + "Code": { + "Lines": [ + { + "Number": 45, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 46, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 47, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 48, + "Content": " - pods", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 49, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 50, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 51, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 52, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 53, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 54, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0056", + "Title": "Manage Kubernetes networking", + "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", + "Message": "ClusterRole 'system:controller:persistent-volume-binder' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV056", + "Query": "data.builtin.kubernetes.KSV056.deny", + "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0056" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 63, + "EndLine": 71, + "Code": { + "Lines": [ + { + "Number": 63, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 64, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 65, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 66, + "Content": " - endpoints", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - endpoints", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 67, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 68, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 69, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 70, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 71, + "Content": " - update", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - update", + "FirstCause": false, + "LastCause": true + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0056", + "Title": "Manage Kubernetes networking", + "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", + "Message": "ClusterRole 'system:controller:persistent-volume-binder' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV056", + "Query": "data.builtin.kubernetes.KSV056.deny", + "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0056" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 72, + "EndLine": 79, + "Code": { + "Lines": [ + { + "Number": 72, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 73, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 74, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 75, + "Content": " - services", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - services", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 76, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 77, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 78, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 79, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:pod-garbage-collector", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:pod-garbage-collector", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'system:controller:pod-garbage-collector' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 13, + "EndLine": 20, + "Code": { + "Lines": [ + { + "Number": 13, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 14, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " - pods", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:pv-protection-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:pv-protection-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:pvc-protection-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:pvc-protection-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:replicaset-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:replicaset-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 2 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'system:controller:replicaset-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 13, + "EndLine": 22, + "Code": { + "Lines": [ + { + "Number": 13, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 14, + "Content": " - apps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - apps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " - extensions", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - extensions", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " - replicasets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicasets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " - update", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - update", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'system:controller:replicaset-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 37, + "EndLine": 46, + "Code": { + "Lines": [ + { + "Number": 37, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 38, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - pods", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " - patch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - patch", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 46, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:replication-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:replication-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 2 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'system:controller:replication-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 13, + "EndLine": 21, + "Code": { + "Lines": [ + { + "Number": 13, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 14, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " - replicationcontrollers", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - replicationcontrollers", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " - update", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - update", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'system:controller:replication-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 34, + "EndLine": 43, + "Code": { + "Lines": [ + { + "Number": 34, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 35, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - pods", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " - patch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - patch", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:resourcequota-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:resourcequota-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0046", + "Title": "Manage all resources", + "Description": "Full control of the cluster resources, and therefore also root on all nodes where workloads can run and has access to all pods, secrets, and data.", + "Message": "ClusterRole 'system:controller:resourcequota-controller' shouldn't manage all resources", + "Namespace": "builtin.kubernetes.KSV046", + "Query": "data.builtin.kubernetes.KSV046.deny", + "Resolution": "Remove '*' from 'rules.resources'. Provide specific list of resources to be managed by cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0046", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0046" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 13, + "EndLine": 19, + "Code": { + "Lines": [ + { + "Number": 13, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 14, + "Content": " - '*'", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m'*'", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " - '*'", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m'*'", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:root-ca-cert-publisher", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:root-ca-cert-publisher", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0049", + "Title": "Manage configmaps", + "Description": "Some workloads leverage configmaps to store sensitive data or configuration parameters that affect runtime behavior that can be modified by an attacker or combined with another issue to potentially lead to compromise.", + "Message": "ClusterRole 'system:controller:root-ca-cert-publisher' should not have access to resource 'configmaps' for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV049", + "Query": "data.builtin.kubernetes.KSV049.deny", + "Resolution": "Remove write permission verbs for resource 'configmaps'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0049", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0049" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 13, + "EndLine": 19, + "Code": { + "Lines": [ + { + "Number": 13, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 14, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " - configmaps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - configmaps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " - update", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - update", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:route-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:route-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:service-account-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:service-account-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:service-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:service-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:statefulset-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:statefulset-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'system:controller:statefulset-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 40, + "EndLine": 49, + "Code": { + "Lines": [ + { + "Number": 40, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 41, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - pods", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 46, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 47, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 48, + "Content": " - patch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - patch", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 49, + "Content": " - update", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - update", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:ttl-after-finished-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:ttl-after-finished-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'system:controller:ttl-after-finished-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 13, + "EndLine": 21, + "Code": { + "Lines": [ + { + "Number": 13, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 14, + "Content": " - batch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - batch", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " - jobs", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - jobs", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:controller:ttl-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:controller:ttl-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:discovery", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:discovery", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:heapster", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:heapster", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:kube-aggregator", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:kube-aggregator", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:kube-controller-manager", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:kube-controller-manager", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 55, + "Failures": 5 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0041", + "Title": "Manage secrets", + "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", + "Message": "ClusterRole 'system:kube-controller-manager' shouldn't have access to manage resource 'secrets'", + "Namespace": "builtin.kubernetes.KSV041", + "Query": "data.builtin.kubernetes.KSV041.deny", + "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0041" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 37, + "EndLine": 43, + "Code": { + "Lines": [ + { + "Number": 37, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 38, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " - serviceaccounts", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - serviceaccounts", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": true + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0041", + "Title": "Manage secrets", + "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", + "Message": "ClusterRole 'system:kube-controller-manager' shouldn't have access to manage resource 'secrets'", + "Namespace": "builtin.kubernetes.KSV041", + "Query": "data.builtin.kubernetes.KSV041.deny", + "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0041" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 44, + "EndLine": 49, + "Code": { + "Lines": [ + { + "Number": 44, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 45, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 46, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 47, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 48, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 49, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": true + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0041", + "Title": "Manage secrets", + "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", + "Message": "ClusterRole 'system:kube-controller-manager' shouldn't have access to manage resource 'secrets'", + "Namespace": "builtin.kubernetes.KSV041", + "Query": "data.builtin.kubernetes.KSV041.deny", + "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0041" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 50, + "EndLine": 58, + "Code": { + "Lines": [ + { + "Number": 50, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 51, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 52, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 53, + "Content": " - configmaps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - configmaps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 54, + "Content": " - namespaces", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - namespaces", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 55, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 56, + "Content": " - serviceaccounts", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - serviceaccounts", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 57, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 58, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": true + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0041", + "Title": "Manage secrets", + "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", + "Message": "ClusterRole 'system:kube-controller-manager' shouldn't have access to manage resource 'secrets'", + "Namespace": "builtin.kubernetes.KSV041", + "Query": "data.builtin.kubernetes.KSV041.deny", + "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0041" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 59, + "EndLine": 65, + "Code": { + "Lines": [ + { + "Number": 59, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 60, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 61, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 62, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 63, + "Content": " - serviceaccounts", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - serviceaccounts", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 64, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 65, + "Content": " - update", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - update", + "FirstCause": false, + "LastCause": true + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0046", + "Title": "Manage all resources", + "Description": "Full control of the cluster resources, and therefore also root on all nodes where workloads can run and has access to all pods, secrets, and data.", + "Message": "ClusterRole 'system:kube-controller-manager' shouldn't manage all resources", + "Namespace": "builtin.kubernetes.KSV046", + "Query": "data.builtin.kubernetes.KSV046.deny", + "Resolution": "Remove '*' from 'rules.resources'. Provide specific list of resources to be managed by cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0046", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0046" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 78, + "EndLine": 84, + "Code": { + "Lines": [ + { + "Number": 78, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 79, + "Content": " - '*'", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m'*'", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 80, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 81, + "Content": " - '*'", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m'*'", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 82, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 83, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 84, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:kube-dns", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:kube-dns", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:kube-scheduler", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:kube-scheduler", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'system:kube-scheduler' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 45, + "EndLine": 53, + "Code": { + "Lines": [ + { + "Number": 45, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 46, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 47, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 48, + "Content": " - pods", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 49, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 50, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 51, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 52, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 53, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:kubelet-api-admin", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:kubelet-api-admin", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:monitoring", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:monitoring", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:node", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:node", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 55, + "Failures": 2 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0041", + "Title": "Manage secrets", + "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", + "Message": "ClusterRole 'system:node' shouldn't have access to manage resource 'secrets'", + "Namespace": "builtin.kubernetes.KSV041", + "Query": "data.builtin.kubernetes.KSV041.deny", + "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0041" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 93, + "EndLine": 101, + "Code": { + "Lines": [ + { + "Number": 93, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 94, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 95, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 96, + "Content": " - configmaps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - configmaps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 97, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 98, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 99, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 100, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 101, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "ClusterRole 'system:node' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 73, + "EndLine": 79, + "Code": { + "Lines": [ + { + "Number": 73, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 74, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 75, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 76, + "Content": " - pods", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 77, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 78, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 79, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:node-bootstrapper", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:node-bootstrapper", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:node-problem-detector", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:node-problem-detector", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:node-proxier", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:node-proxier", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:persistent-volume-provisioner", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:persistent-volume-provisioner", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:public-info-viewer", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:public-info-viewer", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:service-account-issuer-discovery", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:service-account-issuer-discovery", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "system:volume-scheduler", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/system:volume-scheduler", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "trivy", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/trivy", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 2 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0046", + "Title": "Manage all resources", + "Description": "Full control of the cluster resources, and therefore also root on all nodes where workloads can run and has access to all pods, secrets, and data.", + "Message": "ClusterRole 'trivy' shouldn't manage all resources", + "Namespace": "builtin.kubernetes.KSV046", + "Query": "data.builtin.kubernetes.KSV046.deny", + "Resolution": "Remove '*' from 'rules.resources'. Provide specific list of resources to be managed by cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0046", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0046" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 9, + "EndLine": 14, + "Code": { + "Lines": [ + { + "Number": 9, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 10, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 11, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 12, + "Content": " - '*'", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m'*'", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 13, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 14, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": true + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0046", + "Title": "Manage all resources", + "Description": "Full control of the cluster resources, and therefore also root on all nodes where workloads can run and has access to all pods, secrets, and data.", + "Message": "ClusterRole 'trivy' shouldn't manage all resources", + "Namespace": "builtin.kubernetes.KSV046", + "Query": "data.builtin.kubernetes.KSV046.deny", + "Resolution": "Remove '*' from 'rules.resources'. Provide specific list of resources to be managed by cluster role", + "Severity": "CRITICAL", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0046", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0046" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 15, + "EndLine": 23, + "Code": { + "Lines": [ + { + "Number": 15, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 16, + "Content": " - apps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - apps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " - batch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - batch", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " - networking.k8s.io", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - networking.k8s.io", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " - rbac.authorization.k8s.io", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - rbac.authorization.k8s.io", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " - '*'", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m'*'", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 23, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRole", + "Name": "view", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRole/view", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "admin-role-binding", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/admin-role-binding", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0111", + "Title": "User with admin access", + "Description": "Either cluster-admin or those granted powerful permissions.", + "Message": "ClusterRoleBinding 'admin-role-binding' should not bind to roles [\"cluster-admin\", \"admin\", \"edit\"]", + "Namespace": "builtin.kubernetes.KSV111", + "Query": "data.builtin.kubernetes.KSV111.deny", + "Resolution": "Remove binding for clusterrole 'cluster-admin', 'admin' or 'edit'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0111", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0111" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 3, + "EndLine": 7, + "Code": { + "Lines": [ + { + "Number": 3, + "Content": "metadata:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mmetadata\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 4, + "Content": " creationTimestamp: \"2024-10-06T12:22:20Z\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mcreationTimestamp\u001b[0m: \u001b[38;5;37m\"2024-10-06T12:22:20Z\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 5, + "Content": " name: admin-role-binding", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: admin-role-binding", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 6, + "Content": " resourceVersion: \"1263\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresourceVersion\u001b[0m: \u001b[38;5;37m\"1263\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 7, + "Content": " uid: 9f4a36bf-fe19-4933-86ab-7928ad8e010c", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33muid\u001b[0m: 9f4a36bf-fe19-4933-86ab-7928ad8e010c", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "cert-manager-cainjector", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/cert-manager-cainjector", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "cert-manager-controller-approve:cert-manager-io", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/cert-manager-controller-approve:cert-manager-io", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "cert-manager-controller-certificates", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/cert-manager-controller-certificates", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "cert-manager-controller-certificatesigningrequests", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/cert-manager-controller-certificatesigningrequests", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "cert-manager-controller-challenges", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/cert-manager-controller-challenges", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "cert-manager-controller-clusterissuers", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/cert-manager-controller-clusterissuers", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "cert-manager-controller-ingress-shim", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/cert-manager-controller-ingress-shim", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "cert-manager-controller-issuers", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/cert-manager-controller-issuers", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "cert-manager-controller-orders", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/cert-manager-controller-orders", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "cert-manager-webhook:subjectaccessreviews", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/cert-manager-webhook:subjectaccessreviews", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "cluster-admin", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/cluster-admin", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0111", + "Title": "User with admin access", + "Description": "Either cluster-admin or those granted powerful permissions.", + "Message": "ClusterRoleBinding 'cluster-admin' should not bind to roles [\"cluster-admin\", \"admin\", \"edit\"]", + "Namespace": "builtin.kubernetes.KSV111", + "Query": "data.builtin.kubernetes.KSV111.deny", + "Resolution": "Remove binding for clusterrole 'cluster-admin', 'admin' or 'edit'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0111", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0111" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 3, + "EndLine": 11, + "Code": { + "Lines": [ + { + "Number": 3, + "Content": "metadata:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mmetadata\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 4, + "Content": " annotations:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mannotations\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 5, + "Content": " rbac.authorization.kubernetes.io/autoupdate: \"true\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mrbac.authorization.kubernetes.io/autoupdate\u001b[0m: \u001b[38;5;37m\"true\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 6, + "Content": " creationTimestamp: \"2024-10-06T12:16:54Z\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcreationTimestamp\u001b[0m: \u001b[38;5;37m\"2024-10-06T12:16:54Z\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 7, + "Content": " labels:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mlabels\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 8, + "Content": " kubernetes.io/bootstrapping: rbac-defaults", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mkubernetes.io/bootstrapping\u001b[0m: rbac-defaults", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 9, + "Content": " name: cluster-admin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: cluster-admin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 10, + "Content": " resourceVersion: \"249\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresourceVersion\u001b[0m: \u001b[38;5;37m\"249\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 11, + "Content": " uid: ed5d42db-ee9e-4739-acd3-e19671dabc78", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33muid\u001b[0m: ed5d42db-ee9e-4739-acd3-e19671dabc78", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "coredns", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/coredns", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "metallb-system:controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/metallb-system:controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "metallb-system:speaker", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/metallb-system:speaker", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "microk8s-hostpath", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/microk8s-hostpath", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "nginx-ingress-microk8s", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/nginx-ingress-microk8s", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "operator-maintenance-binding", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/operator-maintenance-binding", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "prometheus", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/prometheus", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:basic-user", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:basic-user", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:attachdetach-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:attachdetach-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:certificate-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:certificate-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:clusterrole-aggregation-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:clusterrole-aggregation-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:cronjob-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:cronjob-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:daemon-set-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:daemon-set-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:deployment-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:deployment-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:disruption-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:disruption-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:endpoint-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:endpoint-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:endpointslice-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:endpointslice-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:endpointslicemirroring-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:endpointslicemirroring-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:ephemeral-volume-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:ephemeral-volume-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:expand-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:expand-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:generic-garbage-collector", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:generic-garbage-collector", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:horizontal-pod-autoscaler", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:horizontal-pod-autoscaler", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:job-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:job-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:legacy-service-account-token-cleaner", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:legacy-service-account-token-cleaner", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:namespace-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:namespace-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:node-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:node-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:persistent-volume-binder", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:persistent-volume-binder", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:pod-garbage-collector", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:pod-garbage-collector", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:pv-protection-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:pv-protection-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:pvc-protection-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:pvc-protection-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:replicaset-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:replicaset-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:replication-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:replication-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:resourcequota-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:resourcequota-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:root-ca-cert-publisher", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:root-ca-cert-publisher", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:route-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:route-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:service-account-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:service-account-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:service-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:service-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:statefulset-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:statefulset-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:ttl-after-finished-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:ttl-after-finished-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:controller:ttl-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:controller:ttl-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:discovery", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:discovery", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:kube-controller-manager", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:kube-controller-manager", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:kube-dns", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:kube-dns", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:kube-scheduler", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:kube-scheduler", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:monitoring", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:monitoring", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:node", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:node", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:node-proxier", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:node-proxier", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:public-info-viewer", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:public-info-viewer", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:service-account-issuer-discovery", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:service-account-issuer-discovery", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "system:volume-scheduler", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/system:volume-scheduler", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "ClusterRoleBinding", + "Name": "trivy", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ClusterRoleBinding/trivy", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Kind": "Node", + "Name": "prod-01.alexpires.me", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Node/prod-01.alexpires.me", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "cert-manager", + "Kind": "ConfigMap", + "Name": "kube-root-ca.crt", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/kube-root-ca.crt", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "cert-manager", + "Kind": "Deployment", + "Name": "cert-manager", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Deployment/cert-manager", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0125", + "Title": "Restrict container images to trusted registries", + "Description": "Ensure that all containers use images only from trusted registry domains.", + "Message": "Container cert-manager-controller in deployment cert-manager (namespace: cert-manager) uses an image from an untrusted registry.", + "Namespace": "builtin.kubernetes.KSV0125", + "Query": "data.builtin.kubernetes.KSV0125.deny", + "Resolution": "Use images from trusted registries.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", + "References": [ + "https://cloud.google.com/container-registry/docs/overview#registries", + "https://docs.aws.amazon.com/general/latest/gr/ecr.html", + "https://avd.aquasec.com/misconfig/ksv-0125" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 48, + "EndLine": 88, + "Code": { + "Lines": [ + { + "Number": 48, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 49, + "Content": " - --v=2", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --v=2", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 50, + "Content": " - --cluster-resource-namespace=$(POD_NAMESPACE)", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --cluster-resource-namespace=$(POD_NAMESPACE)", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 51, + "Content": " - --leader-election-namespace=kube-system", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --leader-election-namespace=kube-system", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 52, + "Content": " - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.14.5", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.14.5", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 53, + "Content": " - --max-concurrent-challenges=60", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --max-concurrent-challenges=60", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 54, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 55, + "Content": " - name: POD_NAMESPACE", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: POD_NAMESPACE", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 56, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 57, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "cert-manager", + "Kind": "Deployment", + "Name": "cert-manager-cainjector", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Deployment/cert-manager-cainjector", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0125", + "Title": "Restrict container images to trusted registries", + "Description": "Ensure that all containers use images only from trusted registry domains.", + "Message": "Container cert-manager-cainjector in deployment cert-manager-cainjector (namespace: cert-manager) uses an image from an untrusted registry.", + "Namespace": "builtin.kubernetes.KSV0125", + "Query": "data.builtin.kubernetes.KSV0125.deny", + "Resolution": "Use images from trusted registries.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", + "References": [ + "https://cloud.google.com/container-registry/docs/overview#registries", + "https://docs.aws.amazon.com/general/latest/gr/ecr.html", + "https://avd.aquasec.com/misconfig/ksv-0125" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 45, + "EndLine": 65, + "Code": { + "Lines": [ + { + "Number": 45, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 46, + "Content": " - --v=2", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --v=2", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 47, + "Content": " - --leader-election-namespace=kube-system", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --leader-election-namespace=kube-system", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 48, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 49, + "Content": " - name: POD_NAMESPACE", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: POD_NAMESPACE", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 50, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 51, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 52, + "Content": " apiVersion: v1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapiVersion\u001b[0m: v1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 53, + "Content": " fieldPath: metadata.namespace", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldPath\u001b[0m: metadata.namespace", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 54, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "cert-manager", + "Kind": "Deployment", + "Name": "cert-manager-webhook", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Deployment/cert-manager-webhook", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0125", + "Title": "Restrict container images to trusted registries", + "Description": "Ensure that all containers use images only from trusted registry domains.", + "Message": "Container cert-manager-webhook in deployment cert-manager-webhook (namespace: cert-manager) uses an image from an untrusted registry.", + "Namespace": "builtin.kubernetes.KSV0125", + "Query": "data.builtin.kubernetes.KSV0125.deny", + "Resolution": "Use images from trusted registries.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", + "References": [ + "https://cloud.google.com/container-registry/docs/overview#registries", + "https://docs.aws.amazon.com/general/latest/gr/ecr.html", + "https://avd.aquasec.com/misconfig/ksv-0125" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 45, + "EndLine": 97, + "Code": { + "Lines": [ + { + "Number": 45, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 46, + "Content": " - --v=2", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --v=2", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 47, + "Content": " - --secure-port=10250", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --secure-port=10250", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 48, + "Content": " - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 49, + "Content": " - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 50, + "Content": " - --dynamic-serving-dns-names=cert-manager-webhook", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --dynamic-serving-dns-names=cert-manager-webhook", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 51, + "Content": " - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE)", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE)", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 52, + "Content": " - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE).svc", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE).svc", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 53, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 54, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "cert-manager", + "Kind": "Role", + "Name": "cert-manager-webhook:dynamic-serving", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Role/cert-manager-webhook:dynamic-serving", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 2 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0113", + "Title": "Manage namespace secrets", + "Description": "Viewing secrets at the namespace scope can lead to escalation if another service account in that namespace has a higher privileged rolebinding or clusterrolebinding bound.", + "Message": "Role 'cert-manager-webhook:dynamic-serving' shouldn't have access to manage secrets in namespace 'cert-manager'", + "Namespace": "builtin.kubernetes.KSV113", + "Query": "data.builtin.kubernetes.KSV113.deny", + "Resolution": "Manage namespace secrets are not allowed. Remove resource 'secrets' from role", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0113", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0113" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 16, + "EndLine": 26, + "Code": { + "Lines": [ + { + "Number": 16, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 17, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " resourceNames:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresourceNames\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " - cert-manager-webhook-ca", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - cert-manager-webhook-ca", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 23, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 24, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 25, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0113", + "Title": "Manage namespace secrets", + "Description": "Viewing secrets at the namespace scope can lead to escalation if another service account in that namespace has a higher privileged rolebinding or clusterrolebinding bound.", + "Message": "Role 'cert-manager-webhook:dynamic-serving' shouldn't have access to manage secrets in namespace 'cert-manager'", + "Namespace": "builtin.kubernetes.KSV113", + "Query": "data.builtin.kubernetes.KSV113.deny", + "Resolution": "Manage namespace secrets are not allowed. Remove resource 'secrets' from role", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0113", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0113" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 27, + "EndLine": 32, + "Code": { + "Lines": [ + { + "Number": 27, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 28, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 29, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 30, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 31, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "cert-manager", + "Kind": "RoleBinding", + "Name": "cert-manager-webhook:dynamic-serving", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "RoleBinding/cert-manager-webhook:dynamic-serving", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "cert-manager", + "Kind": "Service", + "Name": "cert-manager", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/cert-manager", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "cert-manager", + "Kind": "Service", + "Name": "cert-manager-webhook", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/cert-manager-webhook", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "cert-manager", + "Kind": "ServiceAccount", + "Name": "cert-manager", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/cert-manager", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "cert-manager", + "Kind": "ServiceAccount", + "Name": "cert-manager-cainjector", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/cert-manager-cainjector", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "cert-manager", + "Kind": "ServiceAccount", + "Name": "cert-manager-webhook", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/cert-manager-webhook", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "cert-manager", + "Kind": "ServiceAccount", + "Name": "default", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/default", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "default", + "Kind": "ConfigMap", + "Name": "kube-root-ca.crt", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/kube-root-ca.crt", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "default", + "Kind": "Service", + "Name": "kubernetes", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/kubernetes", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "default", + "Kind": "ServiceAccount", + "Name": "default", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/default", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "default", + "Kind": "ServiceAccount", + "Name": "operator", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/operator", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "default", + "Kind": "ServiceAccount", + "Name": "provision", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/provision", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "gitea", + "Kind": "ConfigMap", + "Name": "gitea-backup-script", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/gitea-backup-script", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "gitea", + "Kind": "ConfigMap", + "Name": "gitea-mariadb-config", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/gitea-mariadb-config", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-01010", + "Title": "ConfigMap with sensitive content", + "Description": "Storing sensitive content such as usernames and email addresses in configMaps is unsafe", + "Message": "ConfigMap 'gitea-mariadb-config' in 'gitea' namespace stores sensitive contents in key(s) or value(s) '{\"ssl-key \"}'", + "Namespace": "builtin.kubernetes.KSV01010", + "Query": "data.builtin.kubernetes.KSV01010.deny", + "Resolution": "Remove sensitive content from configMap data value", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-01010", + "References": [ + "https://avd.aquasec.com/misconfig/ksv-01010" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general" + } + } + ] + } + ] + }, + { + "Namespace": "gitea", + "Kind": "ConfigMap", + "Name": "gitea-sql-backup-script", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/gitea-sql-backup-script", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "gitea", + "Kind": "ConfigMap", + "Name": "kube-root-ca.crt", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/kube-root-ca.crt", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "gitea", + "Kind": "ConfigMap", + "Name": "rclone-config", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/rclone-config", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-01010", + "Title": "ConfigMap with sensitive content", + "Description": "Storing sensitive content such as usernames and email addresses in configMaps is unsafe", + "Message": "ConfigMap 'rclone-config' in 'gitea' namespace stores sensitive contents in key(s) or value(s) '{\"secret_access_key \"}'", + "Namespace": "builtin.kubernetes.KSV01010", + "Query": "data.builtin.kubernetes.KSV01010.deny", + "Resolution": "Remove sensitive content from configMap data value", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-01010", + "References": [ + "https://avd.aquasec.com/misconfig/ksv-01010" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general" + } + } + ] + } + ] + }, + { + "Namespace": "gitea", + "Kind": "CronJob", + "Name": "gitea-backup", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "CronJob/gitea-backup", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 52, + "Failures": 5 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0012", + "Title": "Runs as root user", + "Description": "Force the running image to run as a non-root user to ensure least privileges.", + "Message": "Container 'gitea-backup' of CronJob 'gitea-backup' should set 'securityContext.runAsNonRoot' to true", + "Namespace": "builtin.kubernetes.KSV012", + "Query": "data.builtin.kubernetes.KSV012.deny", + "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0012" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 32, + "EndLine": 96, + "Code": { + "Lines": [ + { + "Number": 32, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 33, + "Content": " - /tmp/scripts/backup.sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /tmp/scripts/backup.sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - /bin/sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /bin/sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - -c", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -c", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - name: SCW_ACCESS_KEY", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: SCW_ACCESS_KEY", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 41, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0014", + "Title": "Root file system is not read-only", + "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", + "Message": "Container 'gitea-backup' of CronJob 'gitea-backup' should set 'securityContext.readOnlyRootFilesystem' to true", + "Namespace": "builtin.kubernetes.KSV014", + "Query": "data.builtin.kubernetes.KSV014.deny", + "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", + "https://avd.aquasec.com/misconfig/ksv-0014" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 32, + "EndLine": 96, + "Code": { + "Lines": [ + { + "Number": 32, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 33, + "Content": " - /tmp/scripts/backup.sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /tmp/scripts/backup.sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - /bin/sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /bin/sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - -c", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -c", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - name: SCW_ACCESS_KEY", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: SCW_ACCESS_KEY", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 41, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0023", + "Title": "hostPath volumes mounted", + "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", + "Message": "CronJob 'gitea-backup' should not set 'spec.template.volumes.hostPath'", + "Namespace": "builtin.kubernetes.KSV023", + "Query": "data.builtin.kubernetes.KSV023.deny", + "Resolution": "Do not set 'spec.volumes[*].hostPath'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0023" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 10, + "EndLine": 131, + "Code": { + "Lines": [ + { + "Number": 10, + "Content": "spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 11, + "Content": " concurrencyPolicy: Forbid", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mconcurrencyPolicy\u001b[0m: Forbid", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 12, + "Content": " failedJobsHistoryLimit: 2", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfailedJobsHistoryLimit\u001b[0m: \u001b[38;5;37m2", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 13, + "Content": " jobTemplate:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mjobTemplate\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 14, + "Content": " metadata:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mmetadata\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " creationTimestamp: null", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mcreationTimestamp\u001b[0m: \u001b[38;5;166mnull", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " labels:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mlabels\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " app: gitea-backup", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapp\u001b[0m: gitea-backup", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 19, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"gitea-backup\" of cronjob \"gitea-backup\" in \"gitea\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 32, + "EndLine": 96, + "Code": { + "Lines": [ + { + "Number": 32, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 33, + "Content": " - /tmp/scripts/backup.sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /tmp/scripts/backup.sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - /bin/sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /bin/sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - -c", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -c", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - name: SCW_ACCESS_KEY", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: SCW_ACCESS_KEY", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 41, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0125", + "Title": "Restrict container images to trusted registries", + "Description": "Ensure that all containers use images only from trusted registry domains.", + "Message": "Container gitea-backup in cronjob gitea-backup (namespace: gitea) uses an image from an untrusted registry.", + "Namespace": "builtin.kubernetes.KSV0125", + "Query": "data.builtin.kubernetes.KSV0125.deny", + "Resolution": "Use images from trusted registries.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", + "References": [ + "https://cloud.google.com/container-registry/docs/overview#registries", + "https://docs.aws.amazon.com/general/latest/gr/ecr.html", + "https://avd.aquasec.com/misconfig/ksv-0125" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 32, + "EndLine": 96, + "Code": { + "Lines": [ + { + "Number": 32, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 33, + "Content": " - /tmp/scripts/backup.sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /tmp/scripts/backup.sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - /bin/sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /bin/sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - -c", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -c", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - name: SCW_ACCESS_KEY", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: SCW_ACCESS_KEY", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 41, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "gitea", + "Kind": "CronJob", + "Name": "mariadb-backup-job", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "CronJob/mariadb-backup-job", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 52, + "Failures": 5 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0012", + "Title": "Runs as root user", + "Description": "Force the running image to run as a non-root user to ensure least privileges.", + "Message": "Container 'sql-cron-job' of CronJob 'mariadb-backup-job' should set 'securityContext.runAsNonRoot' to true", + "Namespace": "builtin.kubernetes.KSV012", + "Query": "data.builtin.kubernetes.KSV012.deny", + "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0012" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 30, + "EndLine": 75, + "Code": { + "Lines": [ + { + "Number": 30, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 31, + "Content": " - /tmp/scripts/backup.sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /tmp/scripts/backup.sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " - /bin/sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /bin/sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - -c", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -c", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - name: MARIADB_USER", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: MARIADB_USER", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 39, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0014", + "Title": "Root file system is not read-only", + "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", + "Message": "Container 'sql-cron-job' of CronJob 'mariadb-backup-job' should set 'securityContext.readOnlyRootFilesystem' to true", + "Namespace": "builtin.kubernetes.KSV014", + "Query": "data.builtin.kubernetes.KSV014.deny", + "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", + "https://avd.aquasec.com/misconfig/ksv-0014" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 30, + "EndLine": 75, + "Code": { + "Lines": [ + { + "Number": 30, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 31, + "Content": " - /tmp/scripts/backup.sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /tmp/scripts/backup.sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " - /bin/sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /bin/sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - -c", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -c", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - name: MARIADB_USER", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: MARIADB_USER", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 39, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0023", + "Title": "hostPath volumes mounted", + "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", + "Message": "CronJob 'mariadb-backup-job' should not set 'spec.template.volumes.hostPath'", + "Namespace": "builtin.kubernetes.KSV023", + "Query": "data.builtin.kubernetes.KSV023.deny", + "Resolution": "Do not set 'spec.volumes[*].hostPath'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0023" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 10, + "EndLine": 97, + "Code": { + "Lines": [ + { + "Number": 10, + "Content": "spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 11, + "Content": " concurrencyPolicy: Forbid", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mconcurrencyPolicy\u001b[0m: Forbid", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 12, + "Content": " failedJobsHistoryLimit: 2", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfailedJobsHistoryLimit\u001b[0m: \u001b[38;5;37m2", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 13, + "Content": " jobTemplate:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mjobTemplate\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 14, + "Content": " metadata:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mmetadata\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " creationTimestamp: null", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mcreationTimestamp\u001b[0m: \u001b[38;5;166mnull", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " labels:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mlabels\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " app: mariadb", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapp\u001b[0m: mariadb", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 19, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"sql-cron-job\" of cronjob \"mariadb-backup-job\" in \"gitea\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 30, + "EndLine": 75, + "Code": { + "Lines": [ + { + "Number": 30, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 31, + "Content": " - /tmp/scripts/backup.sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /tmp/scripts/backup.sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " - /bin/sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /bin/sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - -c", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -c", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - name: MARIADB_USER", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: MARIADB_USER", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 39, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "cronjob mariadb-backup-job in gitea namespace is using the default security context, which allows root privileges", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 27, + "EndLine": 94, + "Code": { + "Lines": [ + { + "Number": 27, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 28, + "Content": " automountServiceAccountToken: true", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 29, + "Content": " containers:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 30, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 31, + "Content": " - /tmp/scripts/backup.sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /tmp/scripts/backup.sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " - /bin/sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /bin/sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - -c", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -c", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 36, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "gitea", + "Kind": "Deployment", + "Name": "gitea-app", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Deployment/gitea-app", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 52, + "Failures": 5 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0012", + "Title": "Runs as root user", + "Description": "Force the running image to run as a non-root user to ensure least privileges.", + "Message": "Container 'gitea' of Deployment 'gitea-app' should set 'securityContext.runAsNonRoot' to true", + "Namespace": "builtin.kubernetes.KSV012", + "Query": "data.builtin.kubernetes.KSV012.deny", + "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0012" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 32, + "EndLine": 83, + "Code": { + "Lines": [ + { + "Number": 32, + "Content": " - image: gitea/gitea:1.25-rootless", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: gitea/gitea:1.25-rootless", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 33, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " livenessProbe:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " failureThreshold: 5", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m5", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " httpGet:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mhttpGet\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " path: /api/healthz", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mpath\u001b[0m: /api/healthz", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " port: http", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mport\u001b[0m: http", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " scheme: HTTPS", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mscheme\u001b[0m: HTTPS", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " initialDelaySeconds: 200", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33minitialDelaySeconds\u001b[0m: \u001b[38;5;37m200", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 41, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0023", + "Title": "hostPath volumes mounted", + "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", + "Message": "Deployment 'gitea-app' should not set 'spec.template.volumes.hostPath'", + "Namespace": "builtin.kubernetes.KSV023", + "Query": "data.builtin.kubernetes.KSV023.deny", + "Resolution": "Do not set 'spec.volumes[*].hostPath'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0023" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 12, + "EndLine": 118, + "Code": { + "Lines": [ + { + "Number": 12, + "Content": "spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 13, + "Content": " progressDeadlineSeconds: 600", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 14, + "Content": " replicas: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " revisionHistoryLimit: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " selector:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " matchLabels:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " app: gitea", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapp\u001b[0m: gitea", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " strategy:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " type: Recreate", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mtype\u001b[0m: Recreate", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 21, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"gitea\" of deployment \"gitea-app\" in \"gitea\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 32, + "EndLine": 83, + "Code": { + "Lines": [ + { + "Number": 32, + "Content": " - image: gitea/gitea:1.25-rootless", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: gitea/gitea:1.25-rootless", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 33, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " livenessProbe:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " failureThreshold: 5", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m5", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " httpGet:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mhttpGet\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " path: /api/healthz", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mpath\u001b[0m: /api/healthz", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " port: http", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mport\u001b[0m: http", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " scheme: HTTPS", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mscheme\u001b[0m: HTTPS", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " initialDelaySeconds: 200", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33minitialDelaySeconds\u001b[0m: \u001b[38;5;37m200", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 41, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "deployment gitea-app in gitea namespace is using the default security context, which allows root privileges", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 29, + "EndLine": 118, + "Code": { + "Lines": [ + { + "Number": 29, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 30, + "Content": " automountServiceAccountToken: true", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 31, + "Content": " containers:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " - image: gitea/gitea:1.25-rootless", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: gitea/gitea:1.25-rootless", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " livenessProbe:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " failureThreshold: 5", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m5", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " httpGet:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mhttpGet\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " path: /api/healthz", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mpath\u001b[0m: /api/healthz", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 38, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0125", + "Title": "Restrict container images to trusted registries", + "Description": "Ensure that all containers use images only from trusted registry domains.", + "Message": "Container gitea in deployment gitea-app (namespace: gitea) uses an image from an untrusted registry.", + "Namespace": "builtin.kubernetes.KSV0125", + "Query": "data.builtin.kubernetes.KSV0125.deny", + "Resolution": "Use images from trusted registries.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", + "References": [ + "https://cloud.google.com/container-registry/docs/overview#registries", + "https://docs.aws.amazon.com/general/latest/gr/ecr.html", + "https://avd.aquasec.com/misconfig/ksv-0125" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 32, + "EndLine": 83, + "Code": { + "Lines": [ + { + "Number": 32, + "Content": " - image: gitea/gitea:1.25-rootless", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: gitea/gitea:1.25-rootless", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 33, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " livenessProbe:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " failureThreshold: 5", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m5", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " httpGet:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mhttpGet\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " path: /api/healthz", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mpath\u001b[0m: /api/healthz", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " port: http", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mport\u001b[0m: http", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " scheme: HTTPS", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mscheme\u001b[0m: HTTPS", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " initialDelaySeconds: 200", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33minitialDelaySeconds\u001b[0m: \u001b[38;5;37m200", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 41, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "gitea", + "Kind": "Deployment", + "Name": "mariadb", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Deployment/mariadb", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 51, + "Failures": 7 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0001", + "Title": "Can elevate its own privileges", + "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", + "Message": "Container 'mariadb' of Deployment 'mariadb' should set 'securityContext.allowPrivilegeEscalation' to false", + "Namespace": "builtin.kubernetes.KSV001", + "Query": "data.builtin.kubernetes.KSV001.deny", + "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0001", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0001" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 29, + "EndLine": 101, + "Code": { + "Lines": [ + { + "Number": 29, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 30, + "Content": " - name: MARIADB_ROOT_PASSWORD", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: MARIADB_ROOT_PASSWORD", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 31, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " key: password", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mkey\u001b[0m: password", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " name: gitea-root-credentials", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: gitea-root-credentials", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " optional: false", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - name: MARIADB_ROOT_HOST", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: MARIADB_ROOT_HOST", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " value: 10.%", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m10\u001b[0m.%", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 38, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0012", + "Title": "Runs as root user", + "Description": "Force the running image to run as a non-root user to ensure least privileges.", + "Message": "Container 'mariadb' of Deployment 'mariadb' should set 'securityContext.runAsNonRoot' to true", + "Namespace": "builtin.kubernetes.KSV012", + "Query": "data.builtin.kubernetes.KSV012.deny", + "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0012" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 29, + "EndLine": 101, + "Code": { + "Lines": [ + { + "Number": 29, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 30, + "Content": " - name: MARIADB_ROOT_PASSWORD", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: MARIADB_ROOT_PASSWORD", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 31, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " key: password", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mkey\u001b[0m: password", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " name: gitea-root-credentials", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: gitea-root-credentials", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " optional: false", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - name: MARIADB_ROOT_HOST", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: MARIADB_ROOT_HOST", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " value: 10.%", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m10\u001b[0m.%", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 38, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0014", + "Title": "Root file system is not read-only", + "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", + "Message": "Container 'mariadb' of Deployment 'mariadb' should set 'securityContext.readOnlyRootFilesystem' to true", + "Namespace": "builtin.kubernetes.KSV014", + "Query": "data.builtin.kubernetes.KSV014.deny", + "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", + "https://avd.aquasec.com/misconfig/ksv-0014" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 29, + "EndLine": 101, + "Code": { + "Lines": [ + { + "Number": 29, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 30, + "Content": " - name: MARIADB_ROOT_PASSWORD", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: MARIADB_ROOT_PASSWORD", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 31, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " key: password", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mkey\u001b[0m: password", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " name: gitea-root-credentials", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: gitea-root-credentials", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " optional: false", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - name: MARIADB_ROOT_HOST", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: MARIADB_ROOT_HOST", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " value: 10.%", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m10\u001b[0m.%", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 38, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0023", + "Title": "hostPath volumes mounted", + "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", + "Message": "Deployment 'mariadb' should not set 'spec.template.volumes.hostPath'", + "Namespace": "builtin.kubernetes.KSV023", + "Query": "data.builtin.kubernetes.KSV023.deny", + "Resolution": "Do not set 'spec.volumes[*].hostPath'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0023" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 12, + "EndLine": 134, + "Code": { + "Lines": [ + { + "Number": 12, + "Content": "spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 13, + "Content": " progressDeadlineSeconds: 600", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 14, + "Content": " replicas: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " revisionHistoryLimit: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " selector:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " matchLabels:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " app: mariadb", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapp\u001b[0m: mariadb", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " strategy:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " type: Recreate", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mtype\u001b[0m: Recreate", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 21, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"mariadb\" of deployment \"mariadb\" in \"gitea\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 29, + "EndLine": 101, + "Code": { + "Lines": [ + { + "Number": 29, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 30, + "Content": " - name: MARIADB_ROOT_PASSWORD", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: MARIADB_ROOT_PASSWORD", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 31, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " key: password", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mkey\u001b[0m: password", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " name: gitea-root-credentials", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: gitea-root-credentials", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " optional: false", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - name: MARIADB_ROOT_HOST", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: MARIADB_ROOT_HOST", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " value: 10.%", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m10\u001b[0m.%", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 38, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "container mariadb in gitea namespace is using the default security context", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 29, + "EndLine": 101, + "Code": { + "Lines": [ + { + "Number": 29, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 30, + "Content": " - name: MARIADB_ROOT_PASSWORD", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: MARIADB_ROOT_PASSWORD", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 31, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " key: password", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mkey\u001b[0m: password", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " name: gitea-root-credentials", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: gitea-root-credentials", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " optional: false", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - name: MARIADB_ROOT_HOST", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: MARIADB_ROOT_HOST", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " value: 10.%", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m10\u001b[0m.%", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 38, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "deployment mariadb in gitea namespace is using the default security context, which allows root privileges", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 26, + "EndLine": 134, + "Code": { + "Lines": [ + { + "Number": 26, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 27, + "Content": " automountServiceAccountToken: true", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 28, + "Content": " containers:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 29, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 30, + "Content": " - name: MARIADB_ROOT_PASSWORD", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: MARIADB_ROOT_PASSWORD", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 31, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " key: password", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mkey\u001b[0m: password", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " name: gitea-root-credentials", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: gitea-root-credentials", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 35, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "gitea", + "Kind": "Ingress", + "Name": "gitea-ingress", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Ingress/gitea-ingress", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "gitea", + "Kind": "Role", + "Name": "gitea-ssh-access", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Role/gitea-ssh-access", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0053", + "Title": "Exec into Pods", + "Description": "The ability to exec into a container with privileged access to the host or with an attached SA with higher RBAC permissions is a common escalation path to cluster-admin.", + "Message": "Role 'gitea-ssh-access' should not have access to resource '[\"pods/exec\"]' for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV053", + "Query": "data.builtin.kubernetes.KSV053.deny", + "Resolution": "Remove write permission verbs for resource 'pods/exec'", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0053", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0053" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 18, + "EndLine": 23, + "Code": { + "Lines": [ + { + "Number": 18, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 19, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " - pods/exec", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods/exec", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 23, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "gitea", + "Kind": "RoleBinding", + "Name": "gitea-ssh-access", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "RoleBinding/gitea-ssh-access", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "gitea", + "Kind": "Service", + "Name": "http", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/http", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "gitea", + "Kind": "Service", + "Name": "mariadb", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/mariadb", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "gitea", + "Kind": "ServiceAccount", + "Name": "default", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/default", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "gitea", + "Kind": "ServiceAccount", + "Name": "gitea-app-sa", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/gitea-app-sa", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "gitea", + "Kind": "ServiceAccount", + "Name": "gitea-backup-sa", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/gitea-backup-sa", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "gitea", + "Kind": "ServiceAccount", + "Name": "gitea-mariadb-sa", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/gitea-mariadb-sa", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "ingress", + "Kind": "ConfigMap", + "Name": "kube-root-ca.crt", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/kube-root-ca.crt", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "ingress", + "Kind": "ConfigMap", + "Name": "nginx-ingress-tcp-microk8s-conf", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/nginx-ingress-tcp-microk8s-conf", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "ingress", + "Kind": "ConfigMap", + "Name": "nginx-ingress-udp-microk8s-conf", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/nginx-ingress-udp-microk8s-conf", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "ingress", + "Kind": "ConfigMap", + "Name": "nginx-load-balancer-microk8s-conf", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/nginx-load-balancer-microk8s-conf", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "ingress", + "Kind": "DaemonSet", + "Name": "nginx-ingress-microk8s-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "DaemonSet/nginx-ingress-microk8s-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 48, + "Failures": 9 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0001", + "Title": "Can elevate its own privileges", + "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", + "Message": "Container 'nginx-ingress-microk8s' of DaemonSet 'nginx-ingress-microk8s-controller' should set 'securityContext.allowPrivilegeEscalation' to false", + "Namespace": "builtin.kubernetes.KSV001", + "Query": "data.builtin.kubernetes.KSV001.deny", + "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0001", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0001" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 30, + "EndLine": 98, + "Code": { + "Lines": [ + { + "Number": 30, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 31, + "Content": " - /nginx-ingress-controller", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /nginx-ingress-controller", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - --ingress-class=public", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --ingress-class=public", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - ' '", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m' '", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - --publish-status-address=127.0.0.1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - --publish-status-address=127.0.0.1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 39, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0012", + "Title": "Runs as root user", + "Description": "Force the running image to run as a non-root user to ensure least privileges.", + "Message": "Container 'nginx-ingress-microk8s' of DaemonSet 'nginx-ingress-microk8s-controller' should set 'securityContext.runAsNonRoot' to true", + "Namespace": "builtin.kubernetes.KSV012", + "Query": "data.builtin.kubernetes.KSV012.deny", + "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0012" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 30, + "EndLine": 98, + "Code": { + "Lines": [ + { + "Number": 30, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 31, + "Content": " - /nginx-ingress-controller", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /nginx-ingress-controller", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - --ingress-class=public", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --ingress-class=public", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - ' '", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m' '", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - --publish-status-address=127.0.0.1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - --publish-status-address=127.0.0.1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 39, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0014", + "Title": "Root file system is not read-only", + "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", + "Message": "Container 'nginx-ingress-microk8s' of DaemonSet 'nginx-ingress-microk8s-controller' should set 'securityContext.readOnlyRootFilesystem' to true", + "Namespace": "builtin.kubernetes.KSV014", + "Query": "data.builtin.kubernetes.KSV014.deny", + "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", + "https://avd.aquasec.com/misconfig/ksv-0014" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 30, + "EndLine": 98, + "Code": { + "Lines": [ + { + "Number": 30, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 31, + "Content": " - /nginx-ingress-controller", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /nginx-ingress-controller", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - --ingress-class=public", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --ingress-class=public", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - ' '", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m' '", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - --publish-status-address=127.0.0.1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - --publish-status-address=127.0.0.1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 39, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0022", + "Title": "Specific capabilities added", + "Description": "According to pod security standard 'Capabilities', capabilities beyond the default set must not be added.", + "Message": "Container 'nginx-ingress-microk8s' of DaemonSet 'nginx-ingress-microk8s-controller' should not set 'securityContext.capabilities.add'", + "Namespace": "builtin.kubernetes.KSV022", + "Query": "data.builtin.kubernetes.KSV022.deny", + "Resolution": "Do not set spec.containers[*].securityContext.capabilities.add and spec.initContainers[*].securityContext.capabilities.add.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0022", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0022" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 30, + "EndLine": 98, + "Code": { + "Lines": [ + { + "Number": 30, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 31, + "Content": " - /nginx-ingress-controller", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /nginx-ingress-controller", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - --ingress-class=public", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --ingress-class=public", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - ' '", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m' '", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - --publish-status-address=127.0.0.1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - --publish-status-address=127.0.0.1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 39, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0024", + "Title": "Access to host ports", + "Description": "According to pod security standard 'Host Ports', hostPorts should be disallowed, or at minimum restricted to a known list.", + "Message": "Container 'nginx-ingress-microk8s' of DaemonSet 'nginx-ingress-microk8s-controller' should not set host ports, 'ports[*].hostPort'", + "Namespace": "builtin.kubernetes.KSV024", + "Query": "data.builtin.kubernetes.KSV024.deny", + "Resolution": "Do not set spec.containers[*].ports[*].hostPort and spec.initContainers[*].ports[*].hostPort.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0024", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0024" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 30, + "EndLine": 98, + "Code": { + "Lines": [ + { + "Number": 30, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 31, + "Content": " - /nginx-ingress-controller", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /nginx-ingress-controller", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - --ingress-class=public", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --ingress-class=public", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - ' '", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m' '", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - --publish-status-address=127.0.0.1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - --publish-status-address=127.0.0.1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 39, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"nginx-ingress-microk8s\" of daemonset \"nginx-ingress-microk8s-controller\" in \"ingress\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 30, + "EndLine": 98, + "Code": { + "Lines": [ + { + "Number": 30, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 31, + "Content": " - /nginx-ingress-controller", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /nginx-ingress-controller", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - --ingress-class=public", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --ingress-class=public", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - ' '", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m' '", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - --publish-status-address=127.0.0.1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - --publish-status-address=127.0.0.1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 39, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0117", + "Title": "Prevent binding to privileged ports", + "Description": "The ports which are lower than 1024 receive and transmit various sensitive and privileged data. Allowing containers to use them can bring serious implications.", + "Message": "daemonset nginx-ingress-microk8s-controller in ingress namespace should not set spec.template.spec.containers.ports.containerPort to less than 1024", + "Namespace": "builtin.kubernetes.KSV117", + "Query": "data.builtin.kubernetes.KSV117.deny", + "Resolution": "Do not map the container ports to privileged host ports when starting a container.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0117", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/", + "https://www.stigviewer.com/stig/kubernetes/2022-12-02/finding/V-242414", + "https://avd.aquasec.com/misconfig/ksv-0117" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general" + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "daemonset nginx-ingress-microk8s-controller in ingress namespace is using the default security context, which allows root privileges", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 28, + "EndLine": 105, + "Code": { + "Lines": [ + { + "Number": 28, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 29, + "Content": " containers:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mcontainers\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 30, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 31, + "Content": " - /nginx-ingress-controller", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /nginx-ingress-controller", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - --ingress-class=public", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --ingress-class=public", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - ' '", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m' '", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 37, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0125", + "Title": "Restrict container images to trusted registries", + "Description": "Ensure that all containers use images only from trusted registry domains.", + "Message": "Container nginx-ingress-microk8s in daemonset nginx-ingress-microk8s-controller (namespace: ingress) uses an image from an untrusted registry.", + "Namespace": "builtin.kubernetes.KSV0125", + "Query": "data.builtin.kubernetes.KSV0125.deny", + "Resolution": "Use images from trusted registries.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", + "References": [ + "https://cloud.google.com/container-registry/docs/overview#registries", + "https://docs.aws.amazon.com/general/latest/gr/ecr.html", + "https://avd.aquasec.com/misconfig/ksv-0125" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 30, + "EndLine": 98, + "Code": { + "Lines": [ + { + "Number": 30, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 31, + "Content": " - /nginx-ingress-controller", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /nginx-ingress-controller", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - --ingress-class=public", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --ingress-class=public", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - ' '", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m' '", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - --publish-status-address=127.0.0.1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - --publish-status-address=127.0.0.1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 39, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "ingress", + "Kind": "Role", + "Name": "nginx-ingress-microk8s-role", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Role/nginx-ingress-microk8s-role", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 55, + "Failures": 3 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0049", + "Title": "Manage configmaps", + "Description": "Some workloads leverage configmaps to store sensitive data or configuration parameters that affect runtime behavior that can be modified by an attacker or combined with another issue to potentially lead to compromise.", + "Message": "Role 'nginx-ingress-microk8s-role' should not have access to resource 'configmaps' for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV049", + "Query": "data.builtin.kubernetes.KSV049.deny", + "Resolution": "Remove write permission verbs for resource 'configmaps'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0049", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0049" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 22, + "EndLine": 30, + "Code": { + "Lines": [ + { + "Number": 22, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 23, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 24, + "Content": " resourceNames:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresourceNames\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 25, + "Content": " - ingress-controller-leader", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - ingress-controller-leader", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 26, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 27, + "Content": " - configmaps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - configmaps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 28, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 29, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 30, + "Content": " - update", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - update", + "FirstCause": false, + "LastCause": true + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0049", + "Title": "Manage configmaps", + "Description": "Some workloads leverage configmaps to store sensitive data or configuration parameters that affect runtime behavior that can be modified by an attacker or combined with another issue to potentially lead to compromise.", + "Message": "Role 'nginx-ingress-microk8s-role' should not have access to resource 'configmaps' for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV049", + "Query": "data.builtin.kubernetes.KSV049.deny", + "Resolution": "Remove write permission verbs for resource 'configmaps'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0049", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0049" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 31, + "EndLine": 36, + "Code": { + "Lines": [ + { + "Number": 31, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 32, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - configmaps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - configmaps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": true + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0113", + "Title": "Manage namespace secrets", + "Description": "Viewing secrets at the namespace scope can lead to escalation if another service account in that namespace has a higher privileged rolebinding or clusterrolebinding bound.", + "Message": "Role 'nginx-ingress-microk8s-role' shouldn't have access to manage secrets in namespace 'ingress'", + "Namespace": "builtin.kubernetes.KSV113", + "Query": "data.builtin.kubernetes.KSV113.deny", + "Resolution": "Manage namespace secrets are not allowed. Remove resource 'secrets' from role", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0113", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0113" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 13, + "EndLine": 21, + "Code": { + "Lines": [ + { + "Number": 13, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 14, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " - configmaps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - configmaps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " - endpoints", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - endpoints", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " - pods", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - pods", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "ingress", + "Kind": "RoleBinding", + "Name": "nginx-ingress-microk8s", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "RoleBinding/nginx-ingress-microk8s", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "ingress", + "Kind": "Service", + "Name": "ingress", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/ingress", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "ingress", + "Kind": "ServiceAccount", + "Name": "default", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/default", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "ingress", + "Kind": "ServiceAccount", + "Name": "nginx-ingress-microk8s-serviceaccount", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/nginx-ingress-microk8s-serviceaccount", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-node-lease", + "Kind": "ConfigMap", + "Name": "kube-root-ca.crt", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/kube-root-ca.crt", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-node-lease", + "Kind": "ServiceAccount", + "Name": "default", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/default", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-public", + "Kind": "ConfigMap", + "Name": "kube-root-ca.crt", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/kube-root-ca.crt", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-public", + "Kind": "ConfigMap", + "Name": "local-registry-hosting", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/local-registry-hosting", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-public", + "Kind": "Role", + "Name": "system:controller:bootstrap-signer", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Role/system:controller:bootstrap-signer", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0049", + "Title": "Manage configmaps", + "Description": "Some workloads leverage configmaps to store sensitive data or configuration parameters that affect runtime behavior that can be modified by an attacker or combined with another issue to potentially lead to compromise.", + "Message": "Role 'system:controller:bootstrap-signer' should not have access to resource 'configmaps' for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV049", + "Query": "data.builtin.kubernetes.KSV049.deny", + "Resolution": "Remove write permission verbs for resource 'configmaps'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0049", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0049" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 22, + "EndLine": 29, + "Code": { + "Lines": [ + { + "Number": 22, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 23, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 24, + "Content": " resourceNames:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresourceNames\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 25, + "Content": " - cluster-info", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - cluster-info", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 26, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 27, + "Content": " - configmaps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - configmaps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 28, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 29, + "Content": " - update", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - update", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "kube-public", + "Kind": "RoleBinding", + "Name": "system:controller:bootstrap-signer", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "RoleBinding/system:controller:bootstrap-signer", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-public", + "Kind": "ServiceAccount", + "Name": "default", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/default", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ConfigMap", + "Name": "coredns", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/coredns", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ConfigMap", + "Name": "extension-apiserver-authentication", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/extension-apiserver-authentication", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-01010", + "Title": "ConfigMap with sensitive content", + "Description": "Storing sensitive content such as usernames and email addresses in configMaps is unsafe", + "Message": "ConfigMap 'extension-apiserver-authentication' in 'kube-system' namespace stores sensitive contents in key(s) or value(s) '{\"requestheader-username-headers\"}'", + "Namespace": "builtin.kubernetes.KSV01010", + "Query": "data.builtin.kubernetes.KSV01010.deny", + "Resolution": "Remove sensitive content from configMap data value", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-01010", + "References": [ + "https://avd.aquasec.com/misconfig/ksv-01010" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general" + } + } + ] + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ConfigMap", + "Name": "kube-apiserver-legacy-service-account-token-tracking", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/kube-apiserver-legacy-service-account-token-tracking", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ConfigMap", + "Name": "kube-root-ca.crt", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/kube-root-ca.crt", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "Deployment", + "Name": "coredns", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Deployment/coredns", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 50, + "Failures": 7 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0012", + "Title": "Runs as root user", + "Description": "Force the running image to run as a non-root user to ensure least privileges.", + "Message": "Container 'coredns' of Deployment 'coredns' should set 'securityContext.runAsNonRoot' to true", + "Namespace": "builtin.kubernetes.KSV012", + "Query": "data.builtin.kubernetes.KSV012.deny", + "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0012" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 41, + "EndLine": 95, + "Code": { + "Lines": [ + { + "Number": 41, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 42, + "Content": " - -conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - /etc/coredns/Corefile", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /etc/coredns/Corefile", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " image: coredns/coredns:1.10.1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: coredns/coredns:1.10.1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 46, + "Content": " livenessProbe:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 47, + "Content": " failureThreshold: 5", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m5", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 48, + "Content": " httpGet:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mhttpGet\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 49, + "Content": " path: /health", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mpath\u001b[0m: /health", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 50, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0022", + "Title": "Specific capabilities added", + "Description": "According to pod security standard 'Capabilities', capabilities beyond the default set must not be added.", + "Message": "Container 'coredns' of Deployment 'coredns' should not set 'securityContext.capabilities.add'", + "Namespace": "builtin.kubernetes.KSV022", + "Query": "data.builtin.kubernetes.KSV022.deny", + "Resolution": "Do not set spec.containers[*].securityContext.capabilities.add and spec.initContainers[*].securityContext.capabilities.add.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0022", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0022" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 41, + "EndLine": 95, + "Code": { + "Lines": [ + { + "Number": 41, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 42, + "Content": " - -conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - /etc/coredns/Corefile", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /etc/coredns/Corefile", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " image: coredns/coredns:1.10.1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: coredns/coredns:1.10.1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 46, + "Content": " livenessProbe:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 47, + "Content": " failureThreshold: 5", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m5", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 48, + "Content": " httpGet:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mhttpGet\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 49, + "Content": " path: /health", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mpath\u001b[0m: /health", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 50, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0037", + "Title": "User resources should not be placed in kube-system namespace", + "Description": "ensure that user resources are not placed in kube-system namespace", + "Message": "Deployment 'coredns' should not be set with 'kube-system' namespace", + "Namespace": "builtin.kubernetes.KSV037", + "Query": "data.builtin.kubernetes.KSV037.deny", + "Resolution": "Deploy the user resources into a designated namespace which is not kube-system.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0037", + "References": [ + "https://kubernetes.io/docs/reference/setup-tools/kubeadm/implementation-details/", + "https://avd.aquasec.com/misconfig/ksv-0037" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 19, + "EndLine": 114, + "Code": { + "Lines": [ + { + "Number": 19, + "Content": "spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 20, + "Content": " progressDeadlineSeconds: 600", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " replicas: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": " revisionHistoryLimit: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 23, + "Content": " selector:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 24, + "Content": " matchLabels:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 25, + "Content": " k8s-app: kube-dns", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mk8s-app\u001b[0m: kube-dns", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 26, + "Content": " strategy:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 27, + "Content": " rollingUpdate:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mrollingUpdate\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 28, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"coredns\" of deployment \"coredns\" in \"kube-system\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 41, + "EndLine": 95, + "Code": { + "Lines": [ + { + "Number": 41, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 42, + "Content": " - -conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - /etc/coredns/Corefile", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /etc/coredns/Corefile", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " image: coredns/coredns:1.10.1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: coredns/coredns:1.10.1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 46, + "Content": " livenessProbe:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 47, + "Content": " failureThreshold: 5", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m5", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 48, + "Content": " httpGet:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mhttpGet\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 49, + "Content": " path: /health", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mpath\u001b[0m: /health", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 50, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0117", + "Title": "Prevent binding to privileged ports", + "Description": "The ports which are lower than 1024 receive and transmit various sensitive and privileged data. Allowing containers to use them can bring serious implications.", + "Message": "deployment coredns in kube-system namespace should not set spec.template.spec.containers.ports.containerPort to less than 1024", + "Namespace": "builtin.kubernetes.KSV117", + "Query": "data.builtin.kubernetes.KSV117.deny", + "Resolution": "Do not map the container ports to privileged host ports when starting a container.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0117", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/", + "https://www.stigviewer.com/stig/kubernetes/2022-12-02/finding/V-242414", + "https://avd.aquasec.com/misconfig/ksv-0117" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general" + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "deployment coredns in kube-system namespace is using the default security context, which allows root privileges", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 39, + "EndLine": 114, + "Code": { + "Lines": [ + { + "Number": 39, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 40, + "Content": " containers:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mcontainers\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " - -conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - /etc/coredns/Corefile", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /etc/coredns/Corefile", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " image: coredns/coredns:1.10.1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: coredns/coredns:1.10.1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 46, + "Content": " livenessProbe:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 47, + "Content": " failureThreshold: 5", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m5", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 48, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0125", + "Title": "Restrict container images to trusted registries", + "Description": "Ensure that all containers use images only from trusted registry domains.", + "Message": "Container coredns in deployment coredns (namespace: kube-system) uses an image from an untrusted registry.", + "Namespace": "builtin.kubernetes.KSV0125", + "Query": "data.builtin.kubernetes.KSV0125.deny", + "Resolution": "Use images from trusted registries.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", + "References": [ + "https://cloud.google.com/container-registry/docs/overview#registries", + "https://docs.aws.amazon.com/general/latest/gr/ecr.html", + "https://avd.aquasec.com/misconfig/ksv-0125" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 41, + "EndLine": 95, + "Code": { + "Lines": [ + { + "Number": 41, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 42, + "Content": " - -conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - /etc/coredns/Corefile", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /etc/coredns/Corefile", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " image: coredns/coredns:1.10.1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: coredns/coredns:1.10.1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 46, + "Content": " livenessProbe:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 47, + "Content": " failureThreshold: 5", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m5", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 48, + "Content": " httpGet:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mhttpGet\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 49, + "Content": " path: /health", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mpath\u001b[0m: /health", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 50, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "Deployment", + "Name": "hostpath-provisioner", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Deployment/hostpath-provisioner", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 49, + "Failures": 9 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0001", + "Title": "Can elevate its own privileges", + "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", + "Message": "Container 'hostpath-provisioner' of Deployment 'hostpath-provisioner' should set 'securityContext.allowPrivilegeEscalation' to false", + "Namespace": "builtin.kubernetes.KSV001", + "Query": "data.builtin.kubernetes.KSV001.deny", + "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0001", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0001" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 37, + "EndLine": 60, + "Code": { + "Lines": [ + { + "Number": 37, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 38, + "Content": " - name: NAMESPACE", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NAMESPACE", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " apiVersion: v1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapiVersion\u001b[0m: v1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " fieldPath: metadata.namespace", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldPath\u001b[0m: metadata.namespace", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - name: NODE_NAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NODE_NAME", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 46, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0012", + "Title": "Runs as root user", + "Description": "Force the running image to run as a non-root user to ensure least privileges.", + "Message": "Container 'hostpath-provisioner' of Deployment 'hostpath-provisioner' should set 'securityContext.runAsNonRoot' to true", + "Namespace": "builtin.kubernetes.KSV012", + "Query": "data.builtin.kubernetes.KSV012.deny", + "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0012" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 37, + "EndLine": 60, + "Code": { + "Lines": [ + { + "Number": 37, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 38, + "Content": " - name: NAMESPACE", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NAMESPACE", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " apiVersion: v1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapiVersion\u001b[0m: v1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " fieldPath: metadata.namespace", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldPath\u001b[0m: metadata.namespace", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - name: NODE_NAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NODE_NAME", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 46, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0014", + "Title": "Root file system is not read-only", + "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", + "Message": "Container 'hostpath-provisioner' of Deployment 'hostpath-provisioner' should set 'securityContext.readOnlyRootFilesystem' to true", + "Namespace": "builtin.kubernetes.KSV014", + "Query": "data.builtin.kubernetes.KSV014.deny", + "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", + "https://avd.aquasec.com/misconfig/ksv-0014" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 37, + "EndLine": 60, + "Code": { + "Lines": [ + { + "Number": 37, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 38, + "Content": " - name: NAMESPACE", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NAMESPACE", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " apiVersion: v1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapiVersion\u001b[0m: v1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " fieldPath: metadata.namespace", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldPath\u001b[0m: metadata.namespace", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - name: NODE_NAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NODE_NAME", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 46, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0023", + "Title": "hostPath volumes mounted", + "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", + "Message": "Deployment 'hostpath-provisioner' should not set 'spec.template.volumes.hostPath'", + "Namespace": "builtin.kubernetes.KSV023", + "Query": "data.builtin.kubernetes.KSV023.deny", + "Resolution": "Do not set 'spec.volumes[*].hostPath'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0023" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 16, + "EndLine": 72, + "Code": { + "Lines": [ + { + "Number": 16, + "Content": "spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 17, + "Content": " progressDeadlineSeconds: 600", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " replicas: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " revisionHistoryLimit: 0", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m0", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " selector:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " matchLabels:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": " k8s-app: hostpath-provisioner", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mk8s-app\u001b[0m: hostpath-provisioner", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 23, + "Content": " strategy:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 24, + "Content": " rollingUpdate:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mrollingUpdate\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 25, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0037", + "Title": "User resources should not be placed in kube-system namespace", + "Description": "ensure that user resources are not placed in kube-system namespace", + "Message": "Deployment 'hostpath-provisioner' should not be set with 'kube-system' namespace", + "Namespace": "builtin.kubernetes.KSV037", + "Query": "data.builtin.kubernetes.KSV037.deny", + "Resolution": "Deploy the user resources into a designated namespace which is not kube-system.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0037", + "References": [ + "https://kubernetes.io/docs/reference/setup-tools/kubeadm/implementation-details/", + "https://avd.aquasec.com/misconfig/ksv-0037" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 16, + "EndLine": 72, + "Code": { + "Lines": [ + { + "Number": 16, + "Content": "spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 17, + "Content": " progressDeadlineSeconds: 600", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " replicas: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " revisionHistoryLimit: 0", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m0", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " selector:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " matchLabels:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": " k8s-app: hostpath-provisioner", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mk8s-app\u001b[0m: hostpath-provisioner", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 23, + "Content": " strategy:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 24, + "Content": " rollingUpdate:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mrollingUpdate\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 25, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"hostpath-provisioner\" of deployment \"hostpath-provisioner\" in \"kube-system\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 37, + "EndLine": 60, + "Code": { + "Lines": [ + { + "Number": 37, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 38, + "Content": " - name: NAMESPACE", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NAMESPACE", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " apiVersion: v1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapiVersion\u001b[0m: v1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " fieldPath: metadata.namespace", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldPath\u001b[0m: metadata.namespace", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - name: NODE_NAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NODE_NAME", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 46, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "container hostpath-provisioner in kube-system namespace is using the default security context", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 37, + "EndLine": 60, + "Code": { + "Lines": [ + { + "Number": 37, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 38, + "Content": " - name: NAMESPACE", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NAMESPACE", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " apiVersion: v1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapiVersion\u001b[0m: v1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " fieldPath: metadata.namespace", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldPath\u001b[0m: metadata.namespace", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - name: NODE_NAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NODE_NAME", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 46, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "deployment hostpath-provisioner in kube-system namespace is using the default security context, which allows root privileges", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 35, + "EndLine": 72, + "Code": { + "Lines": [ + { + "Number": 35, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 36, + "Content": " containers:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mcontainers\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - name: NAMESPACE", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NAMESPACE", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " apiVersion: v1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapiVersion\u001b[0m: v1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " fieldPath: metadata.namespace", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldPath\u001b[0m: metadata.namespace", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - name: NODE_NAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NODE_NAME", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 44, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0125", + "Title": "Restrict container images to trusted registries", + "Description": "Ensure that all containers use images only from trusted registry domains.", + "Message": "Container hostpath-provisioner in deployment hostpath-provisioner (namespace: kube-system) uses an image from an untrusted registry.", + "Namespace": "builtin.kubernetes.KSV0125", + "Query": "data.builtin.kubernetes.KSV0125.deny", + "Resolution": "Use images from trusted registries.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", + "References": [ + "https://cloud.google.com/container-registry/docs/overview#registries", + "https://docs.aws.amazon.com/general/latest/gr/ecr.html", + "https://avd.aquasec.com/misconfig/ksv-0125" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 37, + "EndLine": 60, + "Code": { + "Lines": [ + { + "Number": 37, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 38, + "Content": " - name: NAMESPACE", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NAMESPACE", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " apiVersion: v1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapiVersion\u001b[0m: v1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " fieldPath: metadata.namespace", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldPath\u001b[0m: metadata.namespace", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - name: NODE_NAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NODE_NAME", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 46, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "Role", + "Name": "cert-manager-cainjector:leaderelection", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Role/cert-manager-cainjector:leaderelection", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "Role", + "Name": "cert-manager:leaderelection", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Role/cert-manager:leaderelection", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "Role", + "Name": "extension-apiserver-authentication-reader", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Role/extension-apiserver-authentication-reader", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "Role", + "Name": "system::leader-locking-kube-controller-manager", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Role/system::leader-locking-kube-controller-manager", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0049", + "Title": "Manage configmaps", + "Description": "Some workloads leverage configmaps to store sensitive data or configuration parameters that affect runtime behavior that can be modified by an attacker or combined with another issue to potentially lead to compromise.", + "Message": "Role 'system::leader-locking-kube-controller-manager' should not have access to resource 'configmaps' for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV049", + "Query": "data.builtin.kubernetes.KSV049.deny", + "Resolution": "Remove write permission verbs for resource 'configmaps'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0049", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0049" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 20, + "EndLine": 28, + "Code": { + "Lines": [ + { + "Number": 20, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 21, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": " resourceNames:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresourceNames\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 23, + "Content": " - kube-controller-manager", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - kube-controller-manager", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 24, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 25, + "Content": " - configmaps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - configmaps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 26, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 27, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 28, + "Content": " - update", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - update", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "Role", + "Name": "system::leader-locking-kube-scheduler", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Role/system::leader-locking-kube-scheduler", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0049", + "Title": "Manage configmaps", + "Description": "Some workloads leverage configmaps to store sensitive data or configuration parameters that affect runtime behavior that can be modified by an attacker or combined with another issue to potentially lead to compromise.", + "Message": "Role 'system::leader-locking-kube-scheduler' should not have access to resource 'configmaps' for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV049", + "Query": "data.builtin.kubernetes.KSV049.deny", + "Resolution": "Remove write permission verbs for resource 'configmaps'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0049", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0049" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 20, + "EndLine": 28, + "Code": { + "Lines": [ + { + "Number": 20, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 21, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": " resourceNames:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresourceNames\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 23, + "Content": " - kube-scheduler", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - kube-scheduler", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 24, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 25, + "Content": " - configmaps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - configmaps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 26, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 27, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 28, + "Content": " - update", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - update", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "Role", + "Name": "system:controller:bootstrap-signer", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Role/system:controller:bootstrap-signer", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0113", + "Title": "Manage namespace secrets", + "Description": "Viewing secrets at the namespace scope can lead to escalation if another service account in that namespace has a higher privileged rolebinding or clusterrolebinding bound.", + "Message": "Role 'system:controller:bootstrap-signer' shouldn't have access to manage secrets in namespace 'kube-system'", + "Namespace": "builtin.kubernetes.KSV113", + "Query": "data.builtin.kubernetes.KSV113.deny", + "Resolution": "Manage namespace secrets are not allowed. Remove resource 'secrets' from role", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0113", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0113" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 14, + "EndLine": 21, + "Code": { + "Lines": [ + { + "Number": 14, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 15, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "Role", + "Name": "system:controller:cloud-provider", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Role/system:controller:cloud-provider", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0049", + "Title": "Manage configmaps", + "Description": "Some workloads leverage configmaps to store sensitive data or configuration parameters that affect runtime behavior that can be modified by an attacker or combined with another issue to potentially lead to compromise.", + "Message": "Role 'system:controller:cloud-provider' should not have access to resource 'configmaps' for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV049", + "Query": "data.builtin.kubernetes.KSV049.deny", + "Resolution": "Remove write permission verbs for resource 'configmaps'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0049", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0049" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 14, + "EndLine": 22, + "Code": { + "Lines": [ + { + "Number": 14, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 15, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " - configmaps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - configmaps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "Role", + "Name": "system:controller:token-cleaner", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Role/system:controller:token-cleaner", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0113", + "Title": "Manage namespace secrets", + "Description": "Viewing secrets at the namespace scope can lead to escalation if another service account in that namespace has a higher privileged rolebinding or clusterrolebinding bound.", + "Message": "Role 'system:controller:token-cleaner' shouldn't have access to manage secrets in namespace 'kube-system'", + "Namespace": "builtin.kubernetes.KSV113", + "Query": "data.builtin.kubernetes.KSV113.deny", + "Resolution": "Manage namespace secrets are not allowed. Remove resource 'secrets' from role", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0113", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0113" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 14, + "EndLine": 22, + "Code": { + "Lines": [ + { + "Number": 14, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 15, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "RoleBinding", + "Name": "cert-manager-cainjector:leaderelection", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "RoleBinding/cert-manager-cainjector:leaderelection", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "RoleBinding", + "Name": "cert-manager:leaderelection", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "RoleBinding/cert-manager:leaderelection", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "RoleBinding", + "Name": "system::extension-apiserver-authentication-reader", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "RoleBinding/system::extension-apiserver-authentication-reader", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "RoleBinding", + "Name": "system::leader-locking-kube-controller-manager", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "RoleBinding/system::leader-locking-kube-controller-manager", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "RoleBinding", + "Name": "system::leader-locking-kube-scheduler", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "RoleBinding/system::leader-locking-kube-scheduler", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "RoleBinding", + "Name": "system:controller:bootstrap-signer", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "RoleBinding/system:controller:bootstrap-signer", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "RoleBinding", + "Name": "system:controller:cloud-provider", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "RoleBinding/system:controller:cloud-provider", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "RoleBinding", + "Name": "system:controller:token-cleaner", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "RoleBinding/system:controller:token-cleaner", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "Service", + "Name": "kube-dns", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/kube-dns", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0037", + "Title": "User resources should not be placed in kube-system namespace", + "Description": "ensure that user resources are not placed in kube-system namespace", + "Message": "Service 'kube-dns' should not be set with 'kube-system' namespace", + "Namespace": "builtin.kubernetes.KSV037", + "Query": "data.builtin.kubernetes.KSV037.deny", + "Resolution": "Deploy the user resources into a designated namespace which is not kube-system.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0037", + "References": [ + "https://kubernetes.io/docs/reference/setup-tools/kubeadm/implementation-details/", + "https://avd.aquasec.com/misconfig/ksv-0037" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 19, + "EndLine": 43, + "Code": { + "Lines": [ + { + "Number": 19, + "Content": "spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 20, + "Content": " clusterIP: 10.152.183.10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mclusterIP\u001b[0m: \u001b[38;5;37m10.152.183.10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " clusterIPs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mclusterIPs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": " - 10.152.183.10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m10.152.183.10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 23, + "Content": " internalTrafficPolicy: Cluster", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33minternalTrafficPolicy\u001b[0m: Cluster", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 24, + "Content": " ipFamilies:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mipFamilies\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 25, + "Content": " - IPv4", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - IPv4", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 26, + "Content": " ipFamilyPolicy: SingleStack", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mipFamilyPolicy\u001b[0m: SingleStack", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 27, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 28, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "attachdetach-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/attachdetach-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "certificate-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/certificate-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "clusterrole-aggregation-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/clusterrole-aggregation-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "coredns", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/coredns", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "cronjob-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/cronjob-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "daemon-set-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/daemon-set-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "default", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/default", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "deployment-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/deployment-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "disruption-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/disruption-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "endpoint-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/endpoint-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "endpointslice-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/endpointslice-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "endpointslicemirroring-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/endpointslicemirroring-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "ephemeral-volume-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/ephemeral-volume-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "expand-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/expand-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "generic-garbage-collector", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/generic-garbage-collector", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "horizontal-pod-autoscaler", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/horizontal-pod-autoscaler", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "job-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/job-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "legacy-service-account-token-cleaner", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/legacy-service-account-token-cleaner", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "microk8s-hostpath", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/microk8s-hostpath", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "namespace-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/namespace-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "node-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/node-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "persistent-volume-binder", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/persistent-volume-binder", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "pod-garbage-collector", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/pod-garbage-collector", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "pv-protection-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/pv-protection-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "pvc-protection-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/pvc-protection-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "replicaset-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/replicaset-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "replication-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/replication-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "resourcequota-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/resourcequota-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "root-ca-cert-publisher", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/root-ca-cert-publisher", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "service-account-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/service-account-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "service-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/service-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "statefulset-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/statefulset-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "ttl-after-finished-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/ttl-after-finished-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ServiceAccount", + "Name": "ttl-controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/ttl-controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "m3uproxy", + "Kind": "ConfigMap", + "Name": "kube-root-ca.crt", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/kube-root-ca.crt", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "m3uproxy", + "Kind": "ConfigMap", + "Name": "m3uproxy-playlist", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/m3uproxy-playlist", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "m3uproxy", + "Kind": "ConfigMap", + "Name": "squid-config", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/squid-config", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "m3uproxy", + "Kind": "ConfigMap", + "Name": "wireguard-config", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/wireguard-config", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-01010", + "Title": "ConfigMap with sensitive content", + "Description": "Storing sensitive content such as usernames and email addresses in configMaps is unsafe", + "Message": "ConfigMap 'wireguard-config' in 'm3uproxy' namespace stores sensitive contents in key(s) or value(s) '{\"PrivateKey \", \"PublicKey \"}'", + "Namespace": "builtin.kubernetes.KSV01010", + "Query": "data.builtin.kubernetes.KSV01010.deny", + "Resolution": "Remove sensitive content from configMap data value", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-01010", + "References": [ + "https://avd.aquasec.com/misconfig/ksv-01010" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general" + } + } + ] + } + ] + }, + { + "Namespace": "m3uproxy", + "Kind": "CronJob", + "Name": "geoip-update", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "CronJob/geoip-update", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 49, + "Failures": 8 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0001", + "Title": "Can elevate its own privileges", + "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", + "Message": "Container 'geoip-update' of CronJob 'geoip-update' should set 'securityContext.allowPrivilegeEscalation' to false", + "Namespace": "builtin.kubernetes.KSV001", + "Query": "data.builtin.kubernetes.KSV001.deny", + "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0001", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0001" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 30, + "EndLine": 63, + "Code": { + "Lines": [ + { + "Number": 30, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 31, + "Content": " - name: GEOIPUPDATE_ACCOUNT_ID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: GEOIPUPDATE_ACCOUNT_ID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " key: account_id", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mkey\u001b[0m: account_id", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " name: geoip-maxmind-credentials", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: geoip-maxmind-credentials", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " optional: false", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: GEOIPUPDATE_LICENSE_KEY", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: GEOIPUPDATE_LICENSE_KEY", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 39, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0012", + "Title": "Runs as root user", + "Description": "Force the running image to run as a non-root user to ensure least privileges.", + "Message": "Container 'geoip-update' of CronJob 'geoip-update' should set 'securityContext.runAsNonRoot' to true", + "Namespace": "builtin.kubernetes.KSV012", + "Query": "data.builtin.kubernetes.KSV012.deny", + "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0012" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 30, + "EndLine": 63, + "Code": { + "Lines": [ + { + "Number": 30, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 31, + "Content": " - name: GEOIPUPDATE_ACCOUNT_ID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: GEOIPUPDATE_ACCOUNT_ID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " key: account_id", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mkey\u001b[0m: account_id", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " name: geoip-maxmind-credentials", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: geoip-maxmind-credentials", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " optional: false", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: GEOIPUPDATE_LICENSE_KEY", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: GEOIPUPDATE_LICENSE_KEY", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 39, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0013", + "Title": "Image tag \":latest\" used", + "Description": "It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.", + "Message": "Container 'geoip-update' of CronJob 'geoip-update' should specify an image tag", + "Namespace": "builtin.kubernetes.KSV013", + "Query": "data.builtin.kubernetes.KSV013.deny", + "Resolution": "Use a specific container image tag that is not 'latest'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0013", + "References": [ + "https://kubernetes.io/docs/concepts/configuration/overview/#container-images", + "https://avd.aquasec.com/misconfig/ksv-0013" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 30, + "EndLine": 63, + "Code": { + "Lines": [ + { + "Number": 30, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 31, + "Content": " - name: GEOIPUPDATE_ACCOUNT_ID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: GEOIPUPDATE_ACCOUNT_ID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " key: account_id", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mkey\u001b[0m: account_id", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " name: geoip-maxmind-credentials", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: geoip-maxmind-credentials", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " optional: false", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: GEOIPUPDATE_LICENSE_KEY", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: GEOIPUPDATE_LICENSE_KEY", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 39, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0014", + "Title": "Root file system is not read-only", + "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", + "Message": "Container 'geoip-update' of CronJob 'geoip-update' should set 'securityContext.readOnlyRootFilesystem' to true", + "Namespace": "builtin.kubernetes.KSV014", + "Query": "data.builtin.kubernetes.KSV014.deny", + "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", + "https://avd.aquasec.com/misconfig/ksv-0014" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 30, + "EndLine": 63, + "Code": { + "Lines": [ + { + "Number": 30, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 31, + "Content": " - name: GEOIPUPDATE_ACCOUNT_ID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: GEOIPUPDATE_ACCOUNT_ID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " key: account_id", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mkey\u001b[0m: account_id", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " name: geoip-maxmind-credentials", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: geoip-maxmind-credentials", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " optional: false", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: GEOIPUPDATE_LICENSE_KEY", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: GEOIPUPDATE_LICENSE_KEY", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 39, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0023", + "Title": "hostPath volumes mounted", + "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", + "Message": "CronJob 'geoip-update' should not set 'spec.template.volumes.hostPath'", + "Namespace": "builtin.kubernetes.KSV023", + "Query": "data.builtin.kubernetes.KSV023.deny", + "Resolution": "Do not set 'spec.volumes[*].hostPath'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0023" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 10, + "EndLine": 80, + "Code": { + "Lines": [ + { + "Number": 10, + "Content": "spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 11, + "Content": " concurrencyPolicy: Allow", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mconcurrencyPolicy\u001b[0m: Allow", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 12, + "Content": " failedJobsHistoryLimit: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfailedJobsHistoryLimit\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 13, + "Content": " jobTemplate:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mjobTemplate\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 14, + "Content": " metadata:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mmetadata\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " creationTimestamp: null", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mcreationTimestamp\u001b[0m: \u001b[38;5;166mnull", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " name: geoip-update", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: geoip-update", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " backoffLimit: 6", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mbackoffLimit\u001b[0m: \u001b[38;5;37m6", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 19, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"geoip-update\" of cronjob \"geoip-update\" in \"m3uproxy\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 30, + "EndLine": 63, + "Code": { + "Lines": [ + { + "Number": 30, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 31, + "Content": " - name: GEOIPUPDATE_ACCOUNT_ID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: GEOIPUPDATE_ACCOUNT_ID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " key: account_id", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mkey\u001b[0m: account_id", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " name: geoip-maxmind-credentials", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: geoip-maxmind-credentials", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " optional: false", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: GEOIPUPDATE_LICENSE_KEY", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: GEOIPUPDATE_LICENSE_KEY", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 39, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "cronjob geoip-update in m3uproxy namespace is using the default security context, which allows root privileges", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 27, + "EndLine": 77, + "Code": { + "Lines": [ + { + "Number": 27, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 28, + "Content": " automountServiceAccountToken: true", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 29, + "Content": " containers:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 30, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 31, + "Content": " - name: GEOIPUPDATE_ACCOUNT_ID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: GEOIPUPDATE_ACCOUNT_ID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " key: account_id", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mkey\u001b[0m: account_id", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " name: geoip-maxmind-credentials", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: geoip-maxmind-credentials", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 36, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0125", + "Title": "Restrict container images to trusted registries", + "Description": "Ensure that all containers use images only from trusted registry domains.", + "Message": "Container geoip-update in cronjob geoip-update (namespace: m3uproxy) uses an image from an untrusted registry.", + "Namespace": "builtin.kubernetes.KSV0125", + "Query": "data.builtin.kubernetes.KSV0125.deny", + "Resolution": "Use images from trusted registries.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", + "References": [ + "https://cloud.google.com/container-registry/docs/overview#registries", + "https://docs.aws.amazon.com/general/latest/gr/ecr.html", + "https://avd.aquasec.com/misconfig/ksv-0125" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 30, + "EndLine": 63, + "Code": { + "Lines": [ + { + "Number": 30, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 31, + "Content": " - name: GEOIPUPDATE_ACCOUNT_ID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: GEOIPUPDATE_ACCOUNT_ID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " key: account_id", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mkey\u001b[0m: account_id", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " name: geoip-maxmind-credentials", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: geoip-maxmind-credentials", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " optional: false", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: GEOIPUPDATE_LICENSE_KEY", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: GEOIPUPDATE_LICENSE_KEY", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 39, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "m3uproxy", + "Kind": "Deployment", + "Name": "m3uproxy", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Deployment/m3uproxy", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 51, + "Failures": 6 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0012", + "Title": "Runs as root user", + "Description": "Force the running image to run as a non-root user to ensure least privileges.", + "Message": "Container 'm3uproxy' of Deployment 'm3uproxy' should set 'securityContext.runAsNonRoot' to true", + "Namespace": "builtin.kubernetes.KSV012", + "Query": "data.builtin.kubernetes.KSV012.deny", + "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0012" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 100, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: LOG_LEVEL", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: LOG_LEVEL", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " value: warn", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: warn", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: USERNAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: USERNAME", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " key: username", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mkey\u001b[0m: username", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " name: m3uproxy-credentials", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: m3uproxy-credentials", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " optional: false", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0013", + "Title": "Image tag \":latest\" used", + "Description": "It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.", + "Message": "Container 'm3uproxy' of Deployment 'm3uproxy' should specify an image tag", + "Namespace": "builtin.kubernetes.KSV013", + "Query": "data.builtin.kubernetes.KSV013.deny", + "Resolution": "Use a specific container image tag that is not 'latest'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0013", + "References": [ + "https://kubernetes.io/docs/concepts/configuration/overview/#container-images", + "https://avd.aquasec.com/misconfig/ksv-0013" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 100, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: LOG_LEVEL", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: LOG_LEVEL", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " value: warn", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: warn", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: USERNAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: USERNAME", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " key: username", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mkey\u001b[0m: username", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " name: m3uproxy-credentials", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: m3uproxy-credentials", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " optional: false", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0023", + "Title": "hostPath volumes mounted", + "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", + "Message": "Deployment 'm3uproxy' should not set 'spec.template.volumes.hostPath'", + "Namespace": "builtin.kubernetes.KSV023", + "Query": "data.builtin.kubernetes.KSV023.deny", + "Resolution": "Do not set 'spec.volumes[*].hostPath'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0023" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 12, + "EndLine": 136, + "Code": { + "Lines": [ + { + "Number": 12, + "Content": "spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 13, + "Content": " progressDeadlineSeconds: 600", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 14, + "Content": " replicas: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " revisionHistoryLimit: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " selector:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " matchLabels:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " app: m3uproxy", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapp\u001b[0m: m3uproxy", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " strategy:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " rollingUpdate:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mrollingUpdate\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 21, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"m3uproxy\" of deployment \"m3uproxy\" in \"m3uproxy\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 100, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: LOG_LEVEL", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: LOG_LEVEL", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " value: warn", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: warn", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: USERNAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: USERNAME", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " key: username", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mkey\u001b[0m: username", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " name: m3uproxy-credentials", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: m3uproxy-credentials", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " optional: false", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "deployment m3uproxy in m3uproxy namespace is using the default security context, which allows root privileges", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 33, + "EndLine": 136, + "Code": { + "Lines": [ + { + "Number": 33, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 34, + "Content": " automountServiceAccountToken: true", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " containers:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: LOG_LEVEL", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: LOG_LEVEL", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " value: warn", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: warn", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: USERNAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: USERNAME", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 42, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0125", + "Title": "Restrict container images to trusted registries", + "Description": "Ensure that all containers use images only from trusted registry domains.", + "Message": "Container m3uproxy in deployment m3uproxy (namespace: m3uproxy) uses an image from an untrusted registry.", + "Namespace": "builtin.kubernetes.KSV0125", + "Query": "data.builtin.kubernetes.KSV0125.deny", + "Resolution": "Use images from trusted registries.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", + "References": [ + "https://cloud.google.com/container-registry/docs/overview#registries", + "https://docs.aws.amazon.com/general/latest/gr/ecr.html", + "https://avd.aquasec.com/misconfig/ksv-0125" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 100, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: LOG_LEVEL", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: LOG_LEVEL", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " value: warn", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: warn", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: USERNAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: USERNAME", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " key: username", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mkey\u001b[0m: username", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " name: m3uproxy-credentials", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: m3uproxy-credentials", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " optional: false", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "m3uproxy", + "Kind": "Deployment", + "Name": "proxy-pt", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Deployment/proxy-pt", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 48, + "Failures": 13 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0001", + "Title": "Can elevate its own privileges", + "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", + "Message": "Container 'wireguard' of Deployment 'proxy-pt' should set 'securityContext.allowPrivilegeEscalation' to false", + "Namespace": "builtin.kubernetes.KSV001", + "Query": "data.builtin.kubernetes.KSV001.deny", + "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0001", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0001" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 34, + "EndLine": 76, + "Code": { + "Lines": [ + { + "Number": 34, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 35, + "Content": " - name: PUID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: PGID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: TZ", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " value: Europe/Berlin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: Europe/Berlin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " image: linuxserver/wireguard:1.0.20210914-r4-ls54", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: linuxserver/wireguard:1.0.20210914-r4-ls54", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 43, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0012", + "Title": "Runs as root user", + "Description": "Force the running image to run as a non-root user to ensure least privileges.", + "Message": "Container 'squid' of Deployment 'proxy-pt' should set 'securityContext.runAsNonRoot' to true", + "Namespace": "builtin.kubernetes.KSV012", + "Query": "data.builtin.kubernetes.KSV012.deny", + "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0012" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 77, + "EndLine": 119, + "Code": { + "Lines": [ + { + "Number": 77, + "Content": " - image: ubuntu/squid:6.1-23.10_edge", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: ubuntu/squid:6.1-23.10_edge", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 78, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 79, + "Content": " livenessProbe:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 80, + "Content": " failureThreshold: 3", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m3", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 81, + "Content": " initialDelaySeconds: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33minitialDelaySeconds\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 82, + "Content": " periodSeconds: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mperiodSeconds\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 83, + "Content": " successThreshold: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33msuccessThreshold\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 84, + "Content": " tcpSocket:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mtcpSocket\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 85, + "Content": " port: proxy", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mport\u001b[0m: proxy", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 86, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0012", + "Title": "Runs as root user", + "Description": "Force the running image to run as a non-root user to ensure least privileges.", + "Message": "Container 'wireguard' of Deployment 'proxy-pt' should set 'securityContext.runAsNonRoot' to true", + "Namespace": "builtin.kubernetes.KSV012", + "Query": "data.builtin.kubernetes.KSV012.deny", + "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0012" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 34, + "EndLine": 76, + "Code": { + "Lines": [ + { + "Number": 34, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 35, + "Content": " - name: PUID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: PGID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: TZ", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " value: Europe/Berlin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: Europe/Berlin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " image: linuxserver/wireguard:1.0.20210914-r4-ls54", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: linuxserver/wireguard:1.0.20210914-r4-ls54", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 43, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0014", + "Title": "Root file system is not read-only", + "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", + "Message": "Container 'squid' of Deployment 'proxy-pt' should set 'securityContext.readOnlyRootFilesystem' to true", + "Namespace": "builtin.kubernetes.KSV014", + "Query": "data.builtin.kubernetes.KSV014.deny", + "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", + "https://avd.aquasec.com/misconfig/ksv-0014" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 77, + "EndLine": 119, + "Code": { + "Lines": [ + { + "Number": 77, + "Content": " - image: ubuntu/squid:6.1-23.10_edge", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: ubuntu/squid:6.1-23.10_edge", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 78, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 79, + "Content": " livenessProbe:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 80, + "Content": " failureThreshold: 3", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m3", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 81, + "Content": " initialDelaySeconds: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33minitialDelaySeconds\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 82, + "Content": " periodSeconds: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mperiodSeconds\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 83, + "Content": " successThreshold: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33msuccessThreshold\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 84, + "Content": " tcpSocket:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mtcpSocket\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 85, + "Content": " port: proxy", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mport\u001b[0m: proxy", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 86, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0014", + "Title": "Root file system is not read-only", + "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", + "Message": "Container 'wireguard' of Deployment 'proxy-pt' should set 'securityContext.readOnlyRootFilesystem' to true", + "Namespace": "builtin.kubernetes.KSV014", + "Query": "data.builtin.kubernetes.KSV014.deny", + "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", + "https://avd.aquasec.com/misconfig/ksv-0014" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 34, + "EndLine": 76, + "Code": { + "Lines": [ + { + "Number": 34, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 35, + "Content": " - name: PUID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: PGID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: TZ", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " value: Europe/Berlin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: Europe/Berlin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " image: linuxserver/wireguard:1.0.20210914-r4-ls54", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: linuxserver/wireguard:1.0.20210914-r4-ls54", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 43, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0017", + "Title": "Privileged", + "Description": "Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges.", + "Message": "Container 'wireguard' of Deployment 'proxy-pt' should set 'securityContext.privileged' to false", + "Namespace": "builtin.kubernetes.KSV017", + "Query": "data.builtin.kubernetes.KSV017.deny", + "Resolution": "Change 'containers[].securityContext.privileged' to 'false'.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0017", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0017" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 34, + "EndLine": 76, + "Code": { + "Lines": [ + { + "Number": 34, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 35, + "Content": " - name: PUID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: PGID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: TZ", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " value: Europe/Berlin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: Europe/Berlin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " image: linuxserver/wireguard:1.0.20210914-r4-ls54", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: linuxserver/wireguard:1.0.20210914-r4-ls54", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 43, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0022", + "Title": "Specific capabilities added", + "Description": "According to pod security standard 'Capabilities', capabilities beyond the default set must not be added.", + "Message": "Container 'wireguard' of Deployment 'proxy-pt' should not set 'securityContext.capabilities.add'", + "Namespace": "builtin.kubernetes.KSV022", + "Query": "data.builtin.kubernetes.KSV022.deny", + "Resolution": "Do not set spec.containers[*].securityContext.capabilities.add and spec.initContainers[*].securityContext.capabilities.add.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0022", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0022" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 34, + "EndLine": 76, + "Code": { + "Lines": [ + { + "Number": 34, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 35, + "Content": " - name: PUID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: PGID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: TZ", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " value: Europe/Berlin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: Europe/Berlin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " image: linuxserver/wireguard:1.0.20210914-r4-ls54", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: linuxserver/wireguard:1.0.20210914-r4-ls54", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 43, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0023", + "Title": "hostPath volumes mounted", + "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", + "Message": "Deployment 'proxy-pt' should not set 'spec.template.volumes.hostPath'", + "Namespace": "builtin.kubernetes.KSV023", + "Query": "data.builtin.kubernetes.KSV023.deny", + "Resolution": "Do not set 'spec.volumes[*].hostPath'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0023" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 13, + "EndLine": 145, + "Code": { + "Lines": [ + { + "Number": 13, + "Content": "spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 14, + "Content": " progressDeadlineSeconds: 600", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " replicas: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " revisionHistoryLimit: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " selector:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " matchLabels:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " app: proxy-pt", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapp\u001b[0m: proxy-pt", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " strategy:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " type: Recreate", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mtype\u001b[0m: Recreate", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 22, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"squid\" of deployment \"proxy-pt\" in \"m3uproxy\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 77, + "EndLine": 119, + "Code": { + "Lines": [ + { + "Number": 77, + "Content": " - image: ubuntu/squid:6.1-23.10_edge", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: ubuntu/squid:6.1-23.10_edge", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 78, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 79, + "Content": " livenessProbe:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 80, + "Content": " failureThreshold: 3", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m3", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 81, + "Content": " initialDelaySeconds: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33minitialDelaySeconds\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 82, + "Content": " periodSeconds: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mperiodSeconds\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 83, + "Content": " successThreshold: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33msuccessThreshold\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 84, + "Content": " tcpSocket:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mtcpSocket\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 85, + "Content": " port: proxy", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mport\u001b[0m: proxy", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 86, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"wireguard\" of deployment \"proxy-pt\" in \"m3uproxy\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 34, + "EndLine": 76, + "Code": { + "Lines": [ + { + "Number": 34, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 35, + "Content": " - name: PUID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: PGID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: TZ", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " value: Europe/Berlin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: Europe/Berlin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " image: linuxserver/wireguard:1.0.20210914-r4-ls54", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: linuxserver/wireguard:1.0.20210914-r4-ls54", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 43, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "deployment proxy-pt in m3uproxy namespace is using the default security context, which allows root privileges", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 31, + "EndLine": 145, + "Code": { + "Lines": [ + { + "Number": 31, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 32, + "Content": " automountServiceAccountToken: true", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " containers:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - name: PUID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: PGID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: TZ", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 40, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0125", + "Title": "Restrict container images to trusted registries", + "Description": "Ensure that all containers use images only from trusted registry domains.", + "Message": "Container squid in deployment proxy-pt (namespace: m3uproxy) uses an image from an untrusted registry.", + "Namespace": "builtin.kubernetes.KSV0125", + "Query": "data.builtin.kubernetes.KSV0125.deny", + "Resolution": "Use images from trusted registries.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", + "References": [ + "https://cloud.google.com/container-registry/docs/overview#registries", + "https://docs.aws.amazon.com/general/latest/gr/ecr.html", + "https://avd.aquasec.com/misconfig/ksv-0125" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 77, + "EndLine": 119, + "Code": { + "Lines": [ + { + "Number": 77, + "Content": " - image: ubuntu/squid:6.1-23.10_edge", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: ubuntu/squid:6.1-23.10_edge", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 78, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 79, + "Content": " livenessProbe:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 80, + "Content": " failureThreshold: 3", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m3", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 81, + "Content": " initialDelaySeconds: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33minitialDelaySeconds\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 82, + "Content": " periodSeconds: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mperiodSeconds\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 83, + "Content": " successThreshold: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33msuccessThreshold\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 84, + "Content": " tcpSocket:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mtcpSocket\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 85, + "Content": " port: proxy", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mport\u001b[0m: proxy", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 86, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0125", + "Title": "Restrict container images to trusted registries", + "Description": "Ensure that all containers use images only from trusted registry domains.", + "Message": "Container wireguard in deployment proxy-pt (namespace: m3uproxy) uses an image from an untrusted registry.", + "Namespace": "builtin.kubernetes.KSV0125", + "Query": "data.builtin.kubernetes.KSV0125.deny", + "Resolution": "Use images from trusted registries.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", + "References": [ + "https://cloud.google.com/container-registry/docs/overview#registries", + "https://docs.aws.amazon.com/general/latest/gr/ecr.html", + "https://avd.aquasec.com/misconfig/ksv-0125" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 34, + "EndLine": 76, + "Code": { + "Lines": [ + { + "Number": 34, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 35, + "Content": " - name: PUID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: PGID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: TZ", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " value: Europe/Berlin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: Europe/Berlin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " image: linuxserver/wireguard:1.0.20210914-r4-ls54", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: linuxserver/wireguard:1.0.20210914-r4-ls54", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 43, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "m3uproxy", + "Kind": "Ingress", + "Name": "m3uproxy-ingress", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Ingress/m3uproxy-ingress", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "m3uproxy", + "Kind": "Service", + "Name": "http", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/http", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "m3uproxy", + "Kind": "Service", + "Name": "proxy-pt", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/proxy-pt", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "m3uproxy", + "Kind": "ServiceAccount", + "Name": "default", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/default", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "m3uproxy", + "Kind": "ServiceAccount", + "Name": "m3uproxy-app-sa", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/m3uproxy-app-sa", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "mail", + "Kind": "ConfigMap", + "Name": "ca-pem", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/ca-pem", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "mail", + "Kind": "ConfigMap", + "Name": "cert-checker-config", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/cert-checker-config", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "mail", + "Kind": "ConfigMap", + "Name": "dovecot-config", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/dovecot-config", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "mail", + "Kind": "ConfigMap", + "Name": "dovecot-sieve", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/dovecot-sieve", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "mail", + "Kind": "ConfigMap", + "Name": "getmail-runner", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/getmail-runner", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "mail", + "Kind": "ConfigMap", + "Name": "kube-root-ca.crt", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/kube-root-ca.crt", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "mail", + "Kind": "ConfigMap", + "Name": "mail-backup-script", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/mail-backup-script", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "mail", + "Kind": "ConfigMap", + "Name": "postfix-config", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/postfix-config", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "mail", + "Kind": "ConfigMap", + "Name": "rclone-config", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/rclone-config", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-01010", + "Title": "ConfigMap with sensitive content", + "Description": "Storing sensitive content such as usernames and email addresses in configMaps is unsafe", + "Message": "ConfigMap 'rclone-config' in 'mail' namespace stores sensitive contents in key(s) or value(s) '{\"secret_access_key \"}'", + "Namespace": "builtin.kubernetes.KSV01010", + "Query": "data.builtin.kubernetes.KSV01010.deny", + "Resolution": "Remove sensitive content from configMap data value", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-01010", + "References": [ + "https://avd.aquasec.com/misconfig/ksv-01010" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general" + } + } + ] + } + ] + }, + { + "Namespace": "mail", + "Kind": "ConfigMap", + "Name": "stunnel-dovecot", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/stunnel-dovecot", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-01010", + "Title": "ConfigMap with sensitive content", + "Description": "Storing sensitive content such as usernames and email addresses in configMaps is unsafe", + "Message": "ConfigMap 'stunnel-dovecot' in 'mail' namespace stores sensitive contents in key(s) or value(s) '{\"key \"}'", + "Namespace": "builtin.kubernetes.KSV01010", + "Query": "data.builtin.kubernetes.KSV01010.deny", + "Resolution": "Remove sensitive content from configMap data value", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-01010", + "References": [ + "https://avd.aquasec.com/misconfig/ksv-01010" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general" + } + } + ] + } + ] + }, + { + "Namespace": "mail", + "Kind": "ConfigMap", + "Name": "stunnel-postfix", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/stunnel-postfix", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "mail", + "Kind": "CronJob", + "Name": "cert-checker-dovecot", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "CronJob/cert-checker-dovecot", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 54, + "Failures": 3 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0023", + "Title": "hostPath volumes mounted", + "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", + "Message": "CronJob 'cert-checker-dovecot' should not set 'spec.template.volumes.hostPath'", + "Namespace": "builtin.kubernetes.KSV023", + "Query": "data.builtin.kubernetes.KSV023.deny", + "Resolution": "Do not set 'spec.volumes[*].hostPath'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0023" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 12, + "EndLine": 99, + "Code": { + "Lines": [ + { + "Number": 12, + "Content": "spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 13, + "Content": " concurrencyPolicy: Allow", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mconcurrencyPolicy\u001b[0m: Allow", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 14, + "Content": " failedJobsHistoryLimit: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfailedJobsHistoryLimit\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " jobTemplate:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mjobTemplate\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " metadata:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mmetadata\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " creationTimestamp: null", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mcreationTimestamp\u001b[0m: \u001b[38;5;166mnull", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " name: cert-checker", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: cert-checker", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " backoffLimit: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mbackoffLimit\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 21, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"cert-checker\" of cronjob \"cert-checker-dovecot\" in \"mail\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 32, + "EndLine": 72, + "Code": { + "Lines": [ + { + "Number": 32, + "Content": " - command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 33, + "Content": " - sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - -c", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -c", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /config/requirements.txt \u0026\u0026 python /config/check.py", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /config/requirements.txt \u0026\u0026 python /config/check.py", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: DEPLOYMENT_NAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DEPLOYMENT_NAME", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " value: dovecot", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: dovecot", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: NAMESPACE", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NAMESPACE", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " value: mail", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: mail", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 41, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "cronjob cert-checker-dovecot in mail namespace is using the default security context, which allows root privileges", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 29, + "EndLine": 96, + "Code": { + "Lines": [ + { + "Number": 29, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 30, + "Content": " automountServiceAccountToken: true", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 31, + "Content": " containers:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " - command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " - sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - -c", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -c", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /config/requirements.txt \u0026\u0026 python /config/check.py", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /config/requirements.txt \u0026\u0026 python /config/check.py", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: DEPLOYMENT_NAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DEPLOYMENT_NAME", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 38, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "mail", + "Kind": "CronJob", + "Name": "cert-checker-postfix", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "CronJob/cert-checker-postfix", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 54, + "Failures": 3 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0023", + "Title": "hostPath volumes mounted", + "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", + "Message": "CronJob 'cert-checker-postfix' should not set 'spec.template.volumes.hostPath'", + "Namespace": "builtin.kubernetes.KSV023", + "Query": "data.builtin.kubernetes.KSV023.deny", + "Resolution": "Do not set 'spec.volumes[*].hostPath'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0023" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 12, + "EndLine": 99, + "Code": { + "Lines": [ + { + "Number": 12, + "Content": "spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 13, + "Content": " concurrencyPolicy: Allow", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mconcurrencyPolicy\u001b[0m: Allow", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 14, + "Content": " failedJobsHistoryLimit: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfailedJobsHistoryLimit\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " jobTemplate:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mjobTemplate\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " metadata:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mmetadata\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " creationTimestamp: null", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mcreationTimestamp\u001b[0m: \u001b[38;5;166mnull", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " name: cert-checker", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: cert-checker", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " backoffLimit: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mbackoffLimit\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 21, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"cert-checker\" of cronjob \"cert-checker-postfix\" in \"mail\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 32, + "EndLine": 72, + "Code": { + "Lines": [ + { + "Number": 32, + "Content": " - command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 33, + "Content": " - sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - -c", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -c", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /config/requirements.txt \u0026\u0026 python /config/check.py", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /config/requirements.txt \u0026\u0026 python /config/check.py", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: DEPLOYMENT_NAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DEPLOYMENT_NAME", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " value: postfix", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: postfix", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: NAMESPACE", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NAMESPACE", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " value: mail", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: mail", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 41, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "cronjob cert-checker-postfix in mail namespace is using the default security context, which allows root privileges", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 29, + "EndLine": 96, + "Code": { + "Lines": [ + { + "Number": 29, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 30, + "Content": " automountServiceAccountToken: true", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 31, + "Content": " containers:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " - command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " - sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - -c", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -c", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /config/requirements.txt \u0026\u0026 python /config/check.py", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /config/requirements.txt \u0026\u0026 python /config/check.py", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: DEPLOYMENT_NAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DEPLOYMENT_NAME", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 38, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "mail", + "Kind": "CronJob", + "Name": "mail-backup", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "CronJob/mail-backup", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 52, + "Failures": 5 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0012", + "Title": "Runs as root user", + "Description": "Force the running image to run as a non-root user to ensure least privileges.", + "Message": "Container 'mail-backup' of CronJob 'mail-backup' should set 'securityContext.runAsNonRoot' to true", + "Namespace": "builtin.kubernetes.KSV012", + "Query": "data.builtin.kubernetes.KSV012.deny", + "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0012" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 32, + "EndLine": 96, + "Code": { + "Lines": [ + { + "Number": 32, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 33, + "Content": " - /tmp/scripts/backup.sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /tmp/scripts/backup.sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - /bin/sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /bin/sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - -c", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -c", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - name: SCW_ACCESS_KEY", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: SCW_ACCESS_KEY", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 41, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0014", + "Title": "Root file system is not read-only", + "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", + "Message": "Container 'mail-backup' of CronJob 'mail-backup' should set 'securityContext.readOnlyRootFilesystem' to true", + "Namespace": "builtin.kubernetes.KSV014", + "Query": "data.builtin.kubernetes.KSV014.deny", + "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", + "https://avd.aquasec.com/misconfig/ksv-0014" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 32, + "EndLine": 96, + "Code": { + "Lines": [ + { + "Number": 32, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 33, + "Content": " - /tmp/scripts/backup.sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /tmp/scripts/backup.sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - /bin/sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /bin/sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - -c", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -c", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - name: SCW_ACCESS_KEY", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: SCW_ACCESS_KEY", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 41, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0023", + "Title": "hostPath volumes mounted", + "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", + "Message": "CronJob 'mail-backup' should not set 'spec.template.volumes.hostPath'", + "Namespace": "builtin.kubernetes.KSV023", + "Query": "data.builtin.kubernetes.KSV023.deny", + "Resolution": "Do not set 'spec.volumes[*].hostPath'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0023" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 10, + "EndLine": 131, + "Code": { + "Lines": [ + { + "Number": 10, + "Content": "spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 11, + "Content": " concurrencyPolicy: Forbid", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mconcurrencyPolicy\u001b[0m: Forbid", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 12, + "Content": " failedJobsHistoryLimit: 2", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfailedJobsHistoryLimit\u001b[0m: \u001b[38;5;37m2", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 13, + "Content": " jobTemplate:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mjobTemplate\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 14, + "Content": " metadata:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mmetadata\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " creationTimestamp: null", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mcreationTimestamp\u001b[0m: \u001b[38;5;166mnull", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " labels:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mlabels\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " app: mail-backup", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapp\u001b[0m: mail-backup", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 19, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"mail-backup\" of cronjob \"mail-backup\" in \"mail\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 32, + "EndLine": 96, + "Code": { + "Lines": [ + { + "Number": 32, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 33, + "Content": " - /tmp/scripts/backup.sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /tmp/scripts/backup.sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - /bin/sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /bin/sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - -c", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -c", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - name: SCW_ACCESS_KEY", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: SCW_ACCESS_KEY", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 41, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0125", + "Title": "Restrict container images to trusted registries", + "Description": "Ensure that all containers use images only from trusted registry domains.", + "Message": "Container mail-backup in cronjob mail-backup (namespace: mail) uses an image from an untrusted registry.", + "Namespace": "builtin.kubernetes.KSV0125", + "Query": "data.builtin.kubernetes.KSV0125.deny", + "Resolution": "Use images from trusted registries.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", + "References": [ + "https://cloud.google.com/container-registry/docs/overview#registries", + "https://docs.aws.amazon.com/general/latest/gr/ecr.html", + "https://avd.aquasec.com/misconfig/ksv-0125" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 32, + "EndLine": 96, + "Code": { + "Lines": [ + { + "Number": 32, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 33, + "Content": " - /tmp/scripts/backup.sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /tmp/scripts/backup.sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - /bin/sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /bin/sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - -c", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -c", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - name: SCW_ACCESS_KEY", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: SCW_ACCESS_KEY", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 41, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "mail", + "Kind": "Deployment", + "Name": "dovecot", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Deployment/dovecot", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 48, + "Failures": 18 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0001", + "Title": "Can elevate its own privileges", + "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", + "Message": "Container 'dovecot' of Deployment 'dovecot' should set 'securityContext.allowPrivilegeEscalation' to false", + "Namespace": "builtin.kubernetes.KSV001", + "Query": "data.builtin.kubernetes.KSV001.deny", + "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0001", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0001" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 84, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - image: dovecot/dovecot:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: dovecot/dovecot:latest", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " name: dovecot", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: dovecot", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - containerPort: 31993", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31993", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " hostPort: 993", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mhostPort\u001b[0m: \u001b[38;5;37m993", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - containerPort: 31024", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31024", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " name: lmtp", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: lmtp", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0001", + "Title": "Can elevate its own privileges", + "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", + "Message": "Container 'stunnel' of Deployment 'dovecot' should set 'securityContext.allowPrivilegeEscalation' to false", + "Namespace": "builtin.kubernetes.KSV001", + "Query": "data.builtin.kubernetes.KSV001.deny", + "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0001", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0001" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 85, + "EndLine": 105, + "Code": { + "Lines": [ + { + "Number": 85, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 86, + "Content": " - /etc/conf/stunnel.conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /etc/conf/stunnel.conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 87, + "Content": " image: chainguard/stunnel:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 88, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 89, + "Content": " name: stunnel", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 90, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 91, + "Content": " - containerPort: 31000", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31000", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 92, + "Content": " name: auth", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: auth", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 93, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 94, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0012", + "Title": "Runs as root user", + "Description": "Force the running image to run as a non-root user to ensure least privileges.", + "Message": "Container 'dovecot' of Deployment 'dovecot' should set 'securityContext.runAsNonRoot' to true", + "Namespace": "builtin.kubernetes.KSV012", + "Query": "data.builtin.kubernetes.KSV012.deny", + "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0012" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 84, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - image: dovecot/dovecot:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: dovecot/dovecot:latest", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " name: dovecot", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: dovecot", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - containerPort: 31993", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31993", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " hostPort: 993", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mhostPort\u001b[0m: \u001b[38;5;37m993", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - containerPort: 31024", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31024", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " name: lmtp", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: lmtp", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0012", + "Title": "Runs as root user", + "Description": "Force the running image to run as a non-root user to ensure least privileges.", + "Message": "Container 'stunnel' of Deployment 'dovecot' should set 'securityContext.runAsNonRoot' to true", + "Namespace": "builtin.kubernetes.KSV012", + "Query": "data.builtin.kubernetes.KSV012.deny", + "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0012" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 85, + "EndLine": 105, + "Code": { + "Lines": [ + { + "Number": 85, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 86, + "Content": " - /etc/conf/stunnel.conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /etc/conf/stunnel.conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 87, + "Content": " image: chainguard/stunnel:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 88, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 89, + "Content": " name: stunnel", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 90, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 91, + "Content": " - containerPort: 31000", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31000", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 92, + "Content": " name: auth", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: auth", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 93, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 94, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0013", + "Title": "Image tag \":latest\" used", + "Description": "It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.", + "Message": "Container 'dovecot' of Deployment 'dovecot' should specify an image tag", + "Namespace": "builtin.kubernetes.KSV013", + "Query": "data.builtin.kubernetes.KSV013.deny", + "Resolution": "Use a specific container image tag that is not 'latest'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0013", + "References": [ + "https://kubernetes.io/docs/concepts/configuration/overview/#container-images", + "https://avd.aquasec.com/misconfig/ksv-0013" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 84, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - image: dovecot/dovecot:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: dovecot/dovecot:latest", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " name: dovecot", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: dovecot", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - containerPort: 31993", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31993", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " hostPort: 993", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mhostPort\u001b[0m: \u001b[38;5;37m993", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - containerPort: 31024", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31024", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " name: lmtp", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: lmtp", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0013", + "Title": "Image tag \":latest\" used", + "Description": "It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.", + "Message": "Container 'stunnel' of Deployment 'dovecot' should specify an image tag", + "Namespace": "builtin.kubernetes.KSV013", + "Query": "data.builtin.kubernetes.KSV013.deny", + "Resolution": "Use a specific container image tag that is not 'latest'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0013", + "References": [ + "https://kubernetes.io/docs/concepts/configuration/overview/#container-images", + "https://avd.aquasec.com/misconfig/ksv-0013" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 85, + "EndLine": 105, + "Code": { + "Lines": [ + { + "Number": 85, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 86, + "Content": " - /etc/conf/stunnel.conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /etc/conf/stunnel.conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 87, + "Content": " image: chainguard/stunnel:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 88, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 89, + "Content": " name: stunnel", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 90, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 91, + "Content": " - containerPort: 31000", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31000", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 92, + "Content": " name: auth", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: auth", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 93, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 94, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0014", + "Title": "Root file system is not read-only", + "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", + "Message": "Container 'dovecot' of Deployment 'dovecot' should set 'securityContext.readOnlyRootFilesystem' to true", + "Namespace": "builtin.kubernetes.KSV014", + "Query": "data.builtin.kubernetes.KSV014.deny", + "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", + "https://avd.aquasec.com/misconfig/ksv-0014" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 84, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - image: dovecot/dovecot:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: dovecot/dovecot:latest", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " name: dovecot", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: dovecot", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - containerPort: 31993", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31993", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " hostPort: 993", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mhostPort\u001b[0m: \u001b[38;5;37m993", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - containerPort: 31024", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31024", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " name: lmtp", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: lmtp", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0014", + "Title": "Root file system is not read-only", + "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", + "Message": "Container 'stunnel' of Deployment 'dovecot' should set 'securityContext.readOnlyRootFilesystem' to true", + "Namespace": "builtin.kubernetes.KSV014", + "Query": "data.builtin.kubernetes.KSV014.deny", + "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", + "https://avd.aquasec.com/misconfig/ksv-0014" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 85, + "EndLine": 105, + "Code": { + "Lines": [ + { + "Number": 85, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 86, + "Content": " - /etc/conf/stunnel.conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /etc/conf/stunnel.conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 87, + "Content": " image: chainguard/stunnel:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 88, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 89, + "Content": " name: stunnel", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 90, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 91, + "Content": " - containerPort: 31000", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31000", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 92, + "Content": " name: auth", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: auth", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 93, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 94, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0023", + "Title": "hostPath volumes mounted", + "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", + "Message": "Deployment 'dovecot' should not set 'spec.template.volumes.hostPath'", + "Namespace": "builtin.kubernetes.KSV023", + "Query": "data.builtin.kubernetes.KSV023.deny", + "Resolution": "Do not set 'spec.volumes[*].hostPath'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0023" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 14, + "EndLine": 167, + "Code": { + "Lines": [ + { + "Number": 14, + "Content": "spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 15, + "Content": " progressDeadlineSeconds: 600", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " replicas: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " revisionHistoryLimit: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " selector:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " matchLabels:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " app: dovecot", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapp\u001b[0m: dovecot", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " strategy:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": " type: Recreate", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mtype\u001b[0m: Recreate", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 23, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0024", + "Title": "Access to host ports", + "Description": "According to pod security standard 'Host Ports', hostPorts should be disallowed, or at minimum restricted to a known list.", + "Message": "Container 'dovecot' of Deployment 'dovecot' should not set host ports, 'ports[*].hostPort'", + "Namespace": "builtin.kubernetes.KSV024", + "Query": "data.builtin.kubernetes.KSV024.deny", + "Resolution": "Do not set spec.containers[*].ports[*].hostPort and spec.initContainers[*].ports[*].hostPort.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0024", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0024" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 84, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - image: dovecot/dovecot:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: dovecot/dovecot:latest", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " name: dovecot", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: dovecot", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - containerPort: 31993", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31993", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " hostPort: 993", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mhostPort\u001b[0m: \u001b[38;5;37m993", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - containerPort: 31024", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31024", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " name: lmtp", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: lmtp", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0024", + "Title": "Access to host ports", + "Description": "According to pod security standard 'Host Ports', hostPorts should be disallowed, or at minimum restricted to a known list.", + "Message": "Container 'dovecot' of Deployment 'dovecot' should not set host ports, 'ports[*].hostPort'", + "Namespace": "builtin.kubernetes.KSV024", + "Query": "data.builtin.kubernetes.KSV024.deny", + "Resolution": "Do not set spec.containers[*].ports[*].hostPort and spec.initContainers[*].ports[*].hostPort.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0024", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0024" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 85, + "EndLine": 105, + "Code": { + "Lines": [ + { + "Number": 85, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 86, + "Content": " - /etc/conf/stunnel.conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /etc/conf/stunnel.conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 87, + "Content": " image: chainguard/stunnel:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 88, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 89, + "Content": " name: stunnel", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 90, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 91, + "Content": " - containerPort: 31000", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31000", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 92, + "Content": " name: auth", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: auth", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 93, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 94, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"dovecot\" of deployment \"dovecot\" in \"mail\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 84, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - image: dovecot/dovecot:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: dovecot/dovecot:latest", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " name: dovecot", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: dovecot", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - containerPort: 31993", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31993", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " hostPort: 993", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mhostPort\u001b[0m: \u001b[38;5;37m993", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - containerPort: 31024", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31024", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " name: lmtp", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: lmtp", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"stunnel\" of deployment \"dovecot\" in \"mail\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 85, + "EndLine": 105, + "Code": { + "Lines": [ + { + "Number": 85, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 86, + "Content": " - /etc/conf/stunnel.conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /etc/conf/stunnel.conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 87, + "Content": " image: chainguard/stunnel:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 88, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 89, + "Content": " name: stunnel", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 90, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 91, + "Content": " - containerPort: 31000", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31000", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 92, + "Content": " name: auth", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: auth", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 93, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 94, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "container dovecot in mail namespace is using the default security context", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 85, + "EndLine": 105, + "Code": { + "Lines": [ + { + "Number": 85, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 86, + "Content": " - /etc/conf/stunnel.conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /etc/conf/stunnel.conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 87, + "Content": " image: chainguard/stunnel:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 88, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 89, + "Content": " name: stunnel", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 90, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 91, + "Content": " - containerPort: 31000", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31000", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 92, + "Content": " name: auth", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: auth", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 93, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 94, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "container dovecot in mail namespace is using the default security context", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 84, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - image: dovecot/dovecot:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: dovecot/dovecot:latest", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " name: dovecot", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: dovecot", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - containerPort: 31993", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31993", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " hostPort: 993", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mhostPort\u001b[0m: \u001b[38;5;37m993", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - containerPort: 31024", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31024", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " name: lmtp", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: lmtp", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "deployment dovecot in mail namespace is using the default security context, which allows root privileges", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 33, + "EndLine": 167, + "Code": { + "Lines": [ + { + "Number": 33, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 34, + "Content": " automountServiceAccountToken: true", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " containers:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - image: dovecot/dovecot:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: dovecot/dovecot:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " name: dovecot", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: dovecot", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - containerPort: 31993", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31993", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " hostPort: 993", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mhostPort\u001b[0m: \u001b[38;5;37m993", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 42, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0125", + "Title": "Restrict container images to trusted registries", + "Description": "Ensure that all containers use images only from trusted registry domains.", + "Message": "Container dovecot in deployment dovecot (namespace: mail) uses an image from an untrusted registry.", + "Namespace": "builtin.kubernetes.KSV0125", + "Query": "data.builtin.kubernetes.KSV0125.deny", + "Resolution": "Use images from trusted registries.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", + "References": [ + "https://cloud.google.com/container-registry/docs/overview#registries", + "https://docs.aws.amazon.com/general/latest/gr/ecr.html", + "https://avd.aquasec.com/misconfig/ksv-0125" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 84, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - image: dovecot/dovecot:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: dovecot/dovecot:latest", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " name: dovecot", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: dovecot", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - containerPort: 31993", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31993", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " hostPort: 993", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mhostPort\u001b[0m: \u001b[38;5;37m993", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - containerPort: 31024", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31024", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " name: lmtp", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: lmtp", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0125", + "Title": "Restrict container images to trusted registries", + "Description": "Ensure that all containers use images only from trusted registry domains.", + "Message": "Container stunnel in deployment dovecot (namespace: mail) uses an image from an untrusted registry.", + "Namespace": "builtin.kubernetes.KSV0125", + "Query": "data.builtin.kubernetes.KSV0125.deny", + "Resolution": "Use images from trusted registries.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", + "References": [ + "https://cloud.google.com/container-registry/docs/overview#registries", + "https://docs.aws.amazon.com/general/latest/gr/ecr.html", + "https://avd.aquasec.com/misconfig/ksv-0125" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 85, + "EndLine": 105, + "Code": { + "Lines": [ + { + "Number": 85, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 86, + "Content": " - /etc/conf/stunnel.conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /etc/conf/stunnel.conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 87, + "Content": " image: chainguard/stunnel:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 88, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 89, + "Content": " name: stunnel", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 90, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 91, + "Content": " - containerPort: 31000", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31000", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 92, + "Content": " name: auth", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: auth", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 93, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 94, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "mail", + "Kind": "Deployment", + "Name": "fetch-emails", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Deployment/fetch-emails", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 51, + "Failures": 6 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0001", + "Title": "Can elevate its own privileges", + "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", + "Message": "Container 'getmail' of Deployment 'fetch-emails' should set 'securityContext.allowPrivilegeEscalation' to false", + "Namespace": "builtin.kubernetes.KSV001", + "Query": "data.builtin.kubernetes.KSV001.deny", + "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0001", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0001" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 86, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " - python3", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - python3", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - /runner/runner.py", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /runner/runner.py", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - name: FETCH_INTERVAL_SECONDS", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: FETCH_INTERVAL_SECONDS", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " value: \"120\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"120\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " image: a13labs/getmail6:v0.0.1-6.19.07", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mimage\u001b[0m: a13labs/getmail6:v0.0.1-6.19.07", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " livenessProbe:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0012", + "Title": "Runs as root user", + "Description": "Force the running image to run as a non-root user to ensure least privileges.", + "Message": "Container 'getmail' of Deployment 'fetch-emails' should set 'securityContext.runAsNonRoot' to true", + "Namespace": "builtin.kubernetes.KSV012", + "Query": "data.builtin.kubernetes.KSV012.deny", + "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0012" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 86, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " - python3", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - python3", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - /runner/runner.py", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /runner/runner.py", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - name: FETCH_INTERVAL_SECONDS", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: FETCH_INTERVAL_SECONDS", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " value: \"120\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"120\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " image: a13labs/getmail6:v0.0.1-6.19.07", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mimage\u001b[0m: a13labs/getmail6:v0.0.1-6.19.07", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " livenessProbe:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0023", + "Title": "hostPath volumes mounted", + "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", + "Message": "Deployment 'fetch-emails' should not set 'spec.template.volumes.hostPath'", + "Namespace": "builtin.kubernetes.KSV023", + "Query": "data.builtin.kubernetes.KSV023.deny", + "Resolution": "Do not set 'spec.volumes[*].hostPath'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0023" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 14, + "EndLine": 124, + "Code": { + "Lines": [ + { + "Number": 14, + "Content": "spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 15, + "Content": " progressDeadlineSeconds: 600", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " replicas: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " revisionHistoryLimit: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " selector:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " matchLabels:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " app: fetch-emails", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapp\u001b[0m: fetch-emails", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " strategy:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": " rollingUpdate:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mrollingUpdate\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 23, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"getmail\" of deployment \"fetch-emails\" in \"mail\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 86, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " - python3", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - python3", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - /runner/runner.py", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /runner/runner.py", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - name: FETCH_INTERVAL_SECONDS", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: FETCH_INTERVAL_SECONDS", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " value: \"120\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"120\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " image: a13labs/getmail6:v0.0.1-6.19.07", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mimage\u001b[0m: a13labs/getmail6:v0.0.1-6.19.07", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " livenessProbe:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "deployment fetch-emails in mail namespace is using the default security context, which allows root privileges", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 33, + "EndLine": 124, + "Code": { + "Lines": [ + { + "Number": 33, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 34, + "Content": " automountServiceAccountToken: true", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " containers:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - python3", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - python3", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - /runner/runner.py", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /runner/runner.py", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - name: FETCH_INTERVAL_SECONDS", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: FETCH_INTERVAL_SECONDS", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " value: \"120\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"120\"", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 42, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0125", + "Title": "Restrict container images to trusted registries", + "Description": "Ensure that all containers use images only from trusted registry domains.", + "Message": "Container getmail in deployment fetch-emails (namespace: mail) uses an image from an untrusted registry.", + "Namespace": "builtin.kubernetes.KSV0125", + "Query": "data.builtin.kubernetes.KSV0125.deny", + "Resolution": "Use images from trusted registries.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", + "References": [ + "https://cloud.google.com/container-registry/docs/overview#registries", + "https://docs.aws.amazon.com/general/latest/gr/ecr.html", + "https://avd.aquasec.com/misconfig/ksv-0125" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 86, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " - python3", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - python3", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - /runner/runner.py", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /runner/runner.py", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - name: FETCH_INTERVAL_SECONDS", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: FETCH_INTERVAL_SECONDS", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " value: \"120\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"120\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " image: a13labs/getmail6:v0.0.1-6.19.07", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mimage\u001b[0m: a13labs/getmail6:v0.0.1-6.19.07", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " livenessProbe:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "mail", + "Kind": "Deployment", + "Name": "postfix", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Deployment/postfix", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 47, + "Failures": 18 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0001", + "Title": "Can elevate its own privileges", + "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", + "Message": "Container 'postfix' of Deployment 'postfix' should set 'securityContext.allowPrivilegeEscalation' to false", + "Namespace": "builtin.kubernetes.KSV001", + "Query": "data.builtin.kubernetes.KSV001.deny", + "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0001", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0001" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 97, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: DOVECOT_LMTP_ADDRESS", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_ADDRESS", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " value: lmtp.mail.svc.cluster.local", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: lmtp.mail.svc.cluster.local", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: DOVECOT_LMTP_PORT", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_PORT", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " value: \"31024\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"31024\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " - name: LOG_TO_STDOUT", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: LOG_TO_STDOUT", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " value: \"0\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"0\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - name: MAILNAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: MAILNAME", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " value: smtp.alexpires.me", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: smtp.alexpires.me", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0001", + "Title": "Can elevate its own privileges", + "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", + "Message": "Container 'stunnel' of Deployment 'postfix' should set 'securityContext.allowPrivilegeEscalation' to false", + "Namespace": "builtin.kubernetes.KSV001", + "Query": "data.builtin.kubernetes.KSV001.deny", + "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0001", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0001" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 98, + "EndLine": 116, + "Code": { + "Lines": [ + { + "Number": 98, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 99, + "Content": " - /etc/conf/stunnel.conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /etc/conf/stunnel.conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 100, + "Content": " image: chainguard/stunnel:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 101, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 102, + "Content": " name: stunnel", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 103, + "Content": " resources: {}", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m: {}", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 104, + "Content": " terminationMessagePath: /dev/termination-log", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mterminationMessagePath\u001b[0m: /dev/termination-log", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 105, + "Content": " terminationMessagePolicy: File", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mterminationMessagePolicy\u001b[0m: File", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 106, + "Content": " volumeMounts:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvolumeMounts\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 107, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0012", + "Title": "Runs as root user", + "Description": "Force the running image to run as a non-root user to ensure least privileges.", + "Message": "Container 'postfix' of Deployment 'postfix' should set 'securityContext.runAsNonRoot' to true", + "Namespace": "builtin.kubernetes.KSV012", + "Query": "data.builtin.kubernetes.KSV012.deny", + "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0012" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 97, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: DOVECOT_LMTP_ADDRESS", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_ADDRESS", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " value: lmtp.mail.svc.cluster.local", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: lmtp.mail.svc.cluster.local", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: DOVECOT_LMTP_PORT", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_PORT", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " value: \"31024\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"31024\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " - name: LOG_TO_STDOUT", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: LOG_TO_STDOUT", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " value: \"0\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"0\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - name: MAILNAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: MAILNAME", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " value: smtp.alexpires.me", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: smtp.alexpires.me", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0012", + "Title": "Runs as root user", + "Description": "Force the running image to run as a non-root user to ensure least privileges.", + "Message": "Container 'stunnel' of Deployment 'postfix' should set 'securityContext.runAsNonRoot' to true", + "Namespace": "builtin.kubernetes.KSV012", + "Query": "data.builtin.kubernetes.KSV012.deny", + "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0012" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 98, + "EndLine": 116, + "Code": { + "Lines": [ + { + "Number": 98, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 99, + "Content": " - /etc/conf/stunnel.conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /etc/conf/stunnel.conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 100, + "Content": " image: chainguard/stunnel:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 101, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 102, + "Content": " name: stunnel", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 103, + "Content": " resources: {}", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m: {}", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 104, + "Content": " terminationMessagePath: /dev/termination-log", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mterminationMessagePath\u001b[0m: /dev/termination-log", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 105, + "Content": " terminationMessagePolicy: File", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mterminationMessagePolicy\u001b[0m: File", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 106, + "Content": " volumeMounts:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvolumeMounts\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 107, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0013", + "Title": "Image tag \":latest\" used", + "Description": "It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.", + "Message": "Container 'stunnel' of Deployment 'postfix' should specify an image tag", + "Namespace": "builtin.kubernetes.KSV013", + "Query": "data.builtin.kubernetes.KSV013.deny", + "Resolution": "Use a specific container image tag that is not 'latest'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0013", + "References": [ + "https://kubernetes.io/docs/concepts/configuration/overview/#container-images", + "https://avd.aquasec.com/misconfig/ksv-0013" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 98, + "EndLine": 116, + "Code": { + "Lines": [ + { + "Number": 98, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 99, + "Content": " - /etc/conf/stunnel.conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /etc/conf/stunnel.conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 100, + "Content": " image: chainguard/stunnel:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 101, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 102, + "Content": " name: stunnel", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 103, + "Content": " resources: {}", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m: {}", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 104, + "Content": " terminationMessagePath: /dev/termination-log", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mterminationMessagePath\u001b[0m: /dev/termination-log", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 105, + "Content": " terminationMessagePolicy: File", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mterminationMessagePolicy\u001b[0m: File", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 106, + "Content": " volumeMounts:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvolumeMounts\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 107, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0014", + "Title": "Root file system is not read-only", + "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", + "Message": "Container 'postfix' of Deployment 'postfix' should set 'securityContext.readOnlyRootFilesystem' to true", + "Namespace": "builtin.kubernetes.KSV014", + "Query": "data.builtin.kubernetes.KSV014.deny", + "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", + "https://avd.aquasec.com/misconfig/ksv-0014" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 97, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: DOVECOT_LMTP_ADDRESS", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_ADDRESS", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " value: lmtp.mail.svc.cluster.local", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: lmtp.mail.svc.cluster.local", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: DOVECOT_LMTP_PORT", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_PORT", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " value: \"31024\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"31024\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " - name: LOG_TO_STDOUT", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: LOG_TO_STDOUT", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " value: \"0\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"0\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - name: MAILNAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: MAILNAME", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " value: smtp.alexpires.me", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: smtp.alexpires.me", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0014", + "Title": "Root file system is not read-only", + "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", + "Message": "Container 'stunnel' of Deployment 'postfix' should set 'securityContext.readOnlyRootFilesystem' to true", + "Namespace": "builtin.kubernetes.KSV014", + "Query": "data.builtin.kubernetes.KSV014.deny", + "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", + "https://avd.aquasec.com/misconfig/ksv-0014" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 98, + "EndLine": 116, + "Code": { + "Lines": [ + { + "Number": 98, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 99, + "Content": " - /etc/conf/stunnel.conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /etc/conf/stunnel.conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 100, + "Content": " image: chainguard/stunnel:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 101, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 102, + "Content": " name: stunnel", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 103, + "Content": " resources: {}", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m: {}", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 104, + "Content": " terminationMessagePath: /dev/termination-log", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mterminationMessagePath\u001b[0m: /dev/termination-log", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 105, + "Content": " terminationMessagePolicy: File", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mterminationMessagePolicy\u001b[0m: File", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 106, + "Content": " volumeMounts:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvolumeMounts\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 107, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0023", + "Title": "hostPath volumes mounted", + "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", + "Message": "Deployment 'postfix' should not set 'spec.template.volumes.hostPath'", + "Namespace": "builtin.kubernetes.KSV023", + "Query": "data.builtin.kubernetes.KSV023.deny", + "Resolution": "Do not set 'spec.volumes[*].hostPath'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0023" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 14, + "EndLine": 159, + "Code": { + "Lines": [ + { + "Number": 14, + "Content": "spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 15, + "Content": " progressDeadlineSeconds: 600", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " replicas: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " revisionHistoryLimit: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " selector:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " matchLabels:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " app: postfix", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapp\u001b[0m: postfix", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " strategy:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": " type: Recreate", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mtype\u001b[0m: Recreate", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 23, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0024", + "Title": "Access to host ports", + "Description": "According to pod security standard 'Host Ports', hostPorts should be disallowed, or at minimum restricted to a known list.", + "Message": "Container 'postfix' of Deployment 'postfix' should not set host ports, 'ports[*].hostPort'", + "Namespace": "builtin.kubernetes.KSV024", + "Query": "data.builtin.kubernetes.KSV024.deny", + "Resolution": "Do not set spec.containers[*].ports[*].hostPort and spec.initContainers[*].ports[*].hostPort.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0024", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0024" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 98, + "EndLine": 116, + "Code": { + "Lines": [ + { + "Number": 98, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 99, + "Content": " - /etc/conf/stunnel.conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /etc/conf/stunnel.conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 100, + "Content": " image: chainguard/stunnel:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 101, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 102, + "Content": " name: stunnel", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 103, + "Content": " resources: {}", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m: {}", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 104, + "Content": " terminationMessagePath: /dev/termination-log", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mterminationMessagePath\u001b[0m: /dev/termination-log", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 105, + "Content": " terminationMessagePolicy: File", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mterminationMessagePolicy\u001b[0m: File", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 106, + "Content": " volumeMounts:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvolumeMounts\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 107, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0024", + "Title": "Access to host ports", + "Description": "According to pod security standard 'Host Ports', hostPorts should be disallowed, or at minimum restricted to a known list.", + "Message": "Container 'postfix' of Deployment 'postfix' should not set host ports, 'ports[*].hostPort'", + "Namespace": "builtin.kubernetes.KSV024", + "Query": "data.builtin.kubernetes.KSV024.deny", + "Resolution": "Do not set spec.containers[*].ports[*].hostPort and spec.initContainers[*].ports[*].hostPort.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0024", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0024" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 97, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: DOVECOT_LMTP_ADDRESS", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_ADDRESS", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " value: lmtp.mail.svc.cluster.local", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: lmtp.mail.svc.cluster.local", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: DOVECOT_LMTP_PORT", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_PORT", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " value: \"31024\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"31024\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " - name: LOG_TO_STDOUT", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: LOG_TO_STDOUT", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " value: \"0\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"0\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - name: MAILNAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: MAILNAME", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " value: smtp.alexpires.me", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: smtp.alexpires.me", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"postfix\" of deployment \"postfix\" in \"mail\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 97, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: DOVECOT_LMTP_ADDRESS", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_ADDRESS", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " value: lmtp.mail.svc.cluster.local", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: lmtp.mail.svc.cluster.local", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: DOVECOT_LMTP_PORT", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_PORT", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " value: \"31024\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"31024\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " - name: LOG_TO_STDOUT", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: LOG_TO_STDOUT", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " value: \"0\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"0\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - name: MAILNAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: MAILNAME", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " value: smtp.alexpires.me", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: smtp.alexpires.me", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"stunnel\" of deployment \"postfix\" in \"mail\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 98, + "EndLine": 116, + "Code": { + "Lines": [ + { + "Number": 98, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 99, + "Content": " - /etc/conf/stunnel.conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /etc/conf/stunnel.conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 100, + "Content": " image: chainguard/stunnel:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 101, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 102, + "Content": " name: stunnel", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 103, + "Content": " resources: {}", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m: {}", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 104, + "Content": " terminationMessagePath: /dev/termination-log", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mterminationMessagePath\u001b[0m: /dev/termination-log", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 105, + "Content": " terminationMessagePolicy: File", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mterminationMessagePolicy\u001b[0m: File", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 106, + "Content": " volumeMounts:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvolumeMounts\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 107, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0117", + "Title": "Prevent binding to privileged ports", + "Description": "The ports which are lower than 1024 receive and transmit various sensitive and privileged data. Allowing containers to use them can bring serious implications.", + "Message": "deployment postfix in mail namespace should not set spec.template.spec.containers.ports.containerPort to less than 1024", + "Namespace": "builtin.kubernetes.KSV117", + "Query": "data.builtin.kubernetes.KSV117.deny", + "Resolution": "Do not map the container ports to privileged host ports when starting a container.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0117", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/", + "https://www.stigviewer.com/stig/kubernetes/2022-12-02/finding/V-242414", + "https://avd.aquasec.com/misconfig/ksv-0117" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general" + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "container postfix in mail namespace is using the default security context", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 98, + "EndLine": 116, + "Code": { + "Lines": [ + { + "Number": 98, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 99, + "Content": " - /etc/conf/stunnel.conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /etc/conf/stunnel.conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 100, + "Content": " image: chainguard/stunnel:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 101, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 102, + "Content": " name: stunnel", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 103, + "Content": " resources: {}", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m: {}", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 104, + "Content": " terminationMessagePath: /dev/termination-log", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mterminationMessagePath\u001b[0m: /dev/termination-log", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 105, + "Content": " terminationMessagePolicy: File", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mterminationMessagePolicy\u001b[0m: File", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 106, + "Content": " volumeMounts:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvolumeMounts\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 107, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "container postfix in mail namespace is using the default security context", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 97, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: DOVECOT_LMTP_ADDRESS", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_ADDRESS", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " value: lmtp.mail.svc.cluster.local", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: lmtp.mail.svc.cluster.local", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: DOVECOT_LMTP_PORT", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_PORT", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " value: \"31024\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"31024\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " - name: LOG_TO_STDOUT", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: LOG_TO_STDOUT", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " value: \"0\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"0\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - name: MAILNAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: MAILNAME", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " value: smtp.alexpires.me", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: smtp.alexpires.me", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "deployment postfix in mail namespace is using the default security context, which allows root privileges", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 33, + "EndLine": 159, + "Code": { + "Lines": [ + { + "Number": 33, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 34, + "Content": " automountServiceAccountToken: true", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " containers:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: DOVECOT_LMTP_ADDRESS", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_ADDRESS", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " value: lmtp.mail.svc.cluster.local", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: lmtp.mail.svc.cluster.local", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: DOVECOT_LMTP_PORT", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_PORT", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " value: \"31024\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"31024\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " - name: LOG_TO_STDOUT", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: LOG_TO_STDOUT", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 42, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0125", + "Title": "Restrict container images to trusted registries", + "Description": "Ensure that all containers use images only from trusted registry domains.", + "Message": "Container postfix in deployment postfix (namespace: mail) uses an image from an untrusted registry.", + "Namespace": "builtin.kubernetes.KSV0125", + "Query": "data.builtin.kubernetes.KSV0125.deny", + "Resolution": "Use images from trusted registries.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", + "References": [ + "https://cloud.google.com/container-registry/docs/overview#registries", + "https://docs.aws.amazon.com/general/latest/gr/ecr.html", + "https://avd.aquasec.com/misconfig/ksv-0125" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 97, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: DOVECOT_LMTP_ADDRESS", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_ADDRESS", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " value: lmtp.mail.svc.cluster.local", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: lmtp.mail.svc.cluster.local", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: DOVECOT_LMTP_PORT", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_PORT", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " value: \"31024\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"31024\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " - name: LOG_TO_STDOUT", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: LOG_TO_STDOUT", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " value: \"0\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"0\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - name: MAILNAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: MAILNAME", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " value: smtp.alexpires.me", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: smtp.alexpires.me", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0125", + "Title": "Restrict container images to trusted registries", + "Description": "Ensure that all containers use images only from trusted registry domains.", + "Message": "Container stunnel in deployment postfix (namespace: mail) uses an image from an untrusted registry.", + "Namespace": "builtin.kubernetes.KSV0125", + "Query": "data.builtin.kubernetes.KSV0125.deny", + "Resolution": "Use images from trusted registries.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", + "References": [ + "https://cloud.google.com/container-registry/docs/overview#registries", + "https://docs.aws.amazon.com/general/latest/gr/ecr.html", + "https://avd.aquasec.com/misconfig/ksv-0125" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 98, + "EndLine": 116, + "Code": { + "Lines": [ + { + "Number": 98, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 99, + "Content": " - /etc/conf/stunnel.conf", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /etc/conf/stunnel.conf", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 100, + "Content": " image: chainguard/stunnel:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 101, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 102, + "Content": " name: stunnel", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 103, + "Content": " resources: {}", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m: {}", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 104, + "Content": " terminationMessagePath: /dev/termination-log", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mterminationMessagePath\u001b[0m: /dev/termination-log", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 105, + "Content": " terminationMessagePolicy: File", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mterminationMessagePolicy\u001b[0m: File", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 106, + "Content": " volumeMounts:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvolumeMounts\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 107, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "mail", + "Kind": "Role", + "Name": "cert-checker-role", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Role/cert-checker-role", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0048", + "Title": "Manage Kubernetes workloads and pods", + "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", + "Message": "Role 'cert-checker-role' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", + "Namespace": "builtin.kubernetes.KSV048", + "Query": "data.builtin.kubernetes.KSV048.deny", + "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0048" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 10, + "EndLine": 18, + "Code": { + "Lines": [ + { + "Number": 10, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 11, + "Content": " - apps", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - apps", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 12, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 13, + "Content": " - deployments", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - deployments", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 14, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " - update", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - update", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " - patch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - patch", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "mail", + "Kind": "RoleBinding", + "Name": "cert-checker-biding", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "RoleBinding/cert-checker-biding", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "mail", + "Kind": "Service", + "Name": "auth", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/auth", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "mail", + "Kind": "Service", + "Name": "imap", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/imap", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "mail", + "Kind": "Service", + "Name": "lmtp", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/lmtp", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "mail", + "Kind": "Service", + "Name": "smtps", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/smtps", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "mail", + "Kind": "ServiceAccount", + "Name": "cert-checker-sa", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/cert-checker-sa", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "mail", + "Kind": "ServiceAccount", + "Name": "default", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/default", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "mail", + "Kind": "ServiceAccount", + "Name": "mail-app-sa", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/mail-app-sa", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "mail", + "Kind": "ServiceAccount", + "Name": "mail-backup-sa", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/mail-backup-sa", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "metallb-system", + "Kind": "ConfigMap", + "Name": "kube-root-ca.crt", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/kube-root-ca.crt", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "metallb-system", + "Kind": "ConfigMap", + "Name": "metallb-excludel2", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/metallb-excludel2", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "metallb-system", + "Kind": "DaemonSet", + "Name": "speaker", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "DaemonSet/speaker", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 50, + "Failures": 7 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0009", + "Title": "Access to host network", + "Description": "Sharing the host’s network namespace permits processes in the pod to communicate with processes bound to the host’s loopback adapter.", + "Message": "DaemonSet 'speaker' should not set 'spec.template.spec.hostNetwork' to true", + "Namespace": "builtin.kubernetes.KSV009", + "Query": "data.builtin.kubernetes.KSV009.deny", + "Resolution": "Do not set 'spec.template.spec.hostNetwork' to true.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0009", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0009" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 15, + "EndLine": 142, + "Code": { + "Lines": [ + { + "Number": 15, + "Content": "spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 16, + "Content": " revisionHistoryLimit: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " selector:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " matchLabels:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " app: metallb", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapp\u001b[0m: metallb", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " component: speaker", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mcomponent\u001b[0m: speaker", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " template:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mtemplate\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": " metadata:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mmetadata\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 23, + "Content": " annotations:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mannotations\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 24, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0012", + "Title": "Runs as root user", + "Description": "Force the running image to run as a non-root user to ensure least privileges.", + "Message": "Container 'speaker' of DaemonSet 'speaker' should set 'securityContext.runAsNonRoot' to true", + "Namespace": "builtin.kubernetes.KSV012", + "Query": "data.builtin.kubernetes.KSV012.deny", + "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0012" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 33, + "EndLine": 111, + "Code": { + "Lines": [ + { + "Number": 33, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 34, + "Content": " - --port=7472", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --port=7472", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - --log-level=info", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --log-level=info", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: METALLB_NODE_NAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: METALLB_NODE_NAME", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " apiVersion: v1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapiVersion\u001b[0m: v1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " fieldPath: spec.nodeName", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldPath\u001b[0m: spec.nodeName", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 42, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0022", + "Title": "Specific capabilities added", + "Description": "According to pod security standard 'Capabilities', capabilities beyond the default set must not be added.", + "Message": "Container 'speaker' of DaemonSet 'speaker' should not set 'securityContext.capabilities.add'", + "Namespace": "builtin.kubernetes.KSV022", + "Query": "data.builtin.kubernetes.KSV022.deny", + "Resolution": "Do not set spec.containers[*].securityContext.capabilities.add and spec.initContainers[*].securityContext.capabilities.add.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0022", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0022" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 33, + "EndLine": 111, + "Code": { + "Lines": [ + { + "Number": 33, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 34, + "Content": " - --port=7472", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --port=7472", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - --log-level=info", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --log-level=info", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: METALLB_NODE_NAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: METALLB_NODE_NAME", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " apiVersion: v1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapiVersion\u001b[0m: v1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " fieldPath: spec.nodeName", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldPath\u001b[0m: spec.nodeName", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 42, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"speaker\" of daemonset \"speaker\" in \"metallb-system\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 33, + "EndLine": 111, + "Code": { + "Lines": [ + { + "Number": 33, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 34, + "Content": " - --port=7472", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --port=7472", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - --log-level=info", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --log-level=info", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: METALLB_NODE_NAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: METALLB_NODE_NAME", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " apiVersion: v1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapiVersion\u001b[0m: v1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " fieldPath: spec.nodeName", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldPath\u001b[0m: spec.nodeName", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 42, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "daemonset speaker in metallb-system namespace is using the default security context, which allows root privileges", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 31, + "EndLine": 137, + "Code": { + "Lines": [ + { + "Number": 31, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 32, + "Content": " containers:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mcontainers\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - --port=7472", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --port=7472", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - --log-level=info", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --log-level=info", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: METALLB_NODE_NAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: METALLB_NODE_NAME", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 40, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0119", + "Title": "NET_RAW capability added", + "Description": "The NET_RAW capability grants attackers the ability to eavesdrop on network traffic or generate IP traffic with falsified source addresses, posing serious security risks.", + "Message": "container speaker of daemonset speaker in metallb-system namespace should not include 'NET_RAW' in securityContext.capabilities.add", + "Namespace": "builtin.kubernetes.KSV119", + "Query": "data.builtin.kubernetes.KSV119.deny", + "Resolution": "To mitigate potential security risks, it is strongly recommended to remove the NET_RAW capability from 'containers[].securityContext.capabilities.add'. It is advisable to follow the practice of dropping all capabilities and only adding the necessary ones.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0119", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/", + "https://avd.aquasec.com/misconfig/ksv-0119" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general" + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0125", + "Title": "Restrict container images to trusted registries", + "Description": "Ensure that all containers use images only from trusted registry domains.", + "Message": "Container speaker in daemonset speaker (namespace: metallb-system) uses an image from an untrusted registry.", + "Namespace": "builtin.kubernetes.KSV0125", + "Query": "data.builtin.kubernetes.KSV0125.deny", + "Resolution": "Use images from trusted registries.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", + "References": [ + "https://cloud.google.com/container-registry/docs/overview#registries", + "https://docs.aws.amazon.com/general/latest/gr/ecr.html", + "https://avd.aquasec.com/misconfig/ksv-0125" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 33, + "EndLine": 111, + "Code": { + "Lines": [ + { + "Number": 33, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 34, + "Content": " - --port=7472", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --port=7472", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - --log-level=info", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --log-level=info", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - name: METALLB_NODE_NAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: METALLB_NODE_NAME", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " fieldRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " apiVersion: v1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapiVersion\u001b[0m: v1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " fieldPath: spec.nodeName", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfieldPath\u001b[0m: spec.nodeName", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 42, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "metallb-system", + "Kind": "Deployment", + "Name": "controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Deployment/controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 55, + "Failures": 2 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"controller\" of deployment \"controller\" in \"metallb-system\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 40, + "EndLine": 91, + "Code": { + "Lines": [ + { + "Number": 40, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 41, + "Content": " - --port=7472", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --port=7472", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " - --log-level=info", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --log-level=info", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - --tls-min-version=VersionTLS12", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --tls-min-version=VersionTLS12", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " - name: METALLB_ML_SECRET_NAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: METALLB_ML_SECRET_NAME", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 46, + "Content": " value: memberlist", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: memberlist", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 47, + "Content": " - name: METALLB_DEPLOYMENT", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: METALLB_DEPLOYMENT", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 48, + "Content": " value: controller", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: controller", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 49, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0125", + "Title": "Restrict container images to trusted registries", + "Description": "Ensure that all containers use images only from trusted registry domains.", + "Message": "Container controller in deployment controller (namespace: metallb-system) uses an image from an untrusted registry.", + "Namespace": "builtin.kubernetes.KSV0125", + "Query": "data.builtin.kubernetes.KSV0125.deny", + "Resolution": "Use images from trusted registries.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", + "References": [ + "https://cloud.google.com/container-registry/docs/overview#registries", + "https://docs.aws.amazon.com/general/latest/gr/ecr.html", + "https://avd.aquasec.com/misconfig/ksv-0125" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 40, + "EndLine": 91, + "Code": { + "Lines": [ + { + "Number": 40, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 41, + "Content": " - --port=7472", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --port=7472", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " - --log-level=info", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --log-level=info", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - --tls-min-version=VersionTLS12", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --tls-min-version=VersionTLS12", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " - name: METALLB_ML_SECRET_NAME", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: METALLB_ML_SECRET_NAME", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 46, + "Content": " value: memberlist", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: memberlist", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 47, + "Content": " - name: METALLB_DEPLOYMENT", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: METALLB_DEPLOYMENT", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 48, + "Content": " value: controller", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: controller", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 49, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "metallb-system", + "Kind": "Role", + "Name": "controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Role/controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 2 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0113", + "Title": "Manage namespace secrets", + "Description": "Viewing secrets at the namespace scope can lead to escalation if another service account in that namespace has a higher privileged rolebinding or clusterrolebinding bound.", + "Message": "Role 'controller' shouldn't have access to manage secrets in namespace 'metallb-system'", + "Namespace": "builtin.kubernetes.KSV113", + "Query": "data.builtin.kubernetes.KSV113.deny", + "Resolution": "Manage namespace secrets are not allowed. Remove resource 'secrets' from role", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0113", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0113" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 12, + "EndLine": 23, + "Code": { + "Lines": [ + { + "Number": 12, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 13, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 14, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " - create", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - create", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " - delete", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - delete", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 21, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0113", + "Title": "Manage namespace secrets", + "Description": "Viewing secrets at the namespace scope can lead to escalation if another service account in that namespace has a higher privileged rolebinding or clusterrolebinding bound.", + "Message": "Role 'controller' shouldn't have access to manage secrets in namespace 'metallb-system'", + "Namespace": "builtin.kubernetes.KSV113", + "Query": "data.builtin.kubernetes.KSV113.deny", + "Resolution": "Manage namespace secrets are not allowed. Remove resource 'secrets' from role", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0113", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0113" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 24, + "EndLine": 31, + "Code": { + "Lines": [ + { + "Number": 24, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 25, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 26, + "Content": " resourceNames:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresourceNames\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 27, + "Content": " - memberlist", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - memberlist", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 28, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 29, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 30, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 31, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "metallb-system", + "Kind": "Role", + "Name": "pod-lister", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Role/pod-lister", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0113", + "Title": "Manage namespace secrets", + "Description": "Viewing secrets at the namespace scope can lead to escalation if another service account in that namespace has a higher privileged rolebinding or clusterrolebinding bound.", + "Message": "Role 'pod-lister' shouldn't have access to manage secrets in namespace 'metallb-system'", + "Namespace": "builtin.kubernetes.KSV113", + "Query": "data.builtin.kubernetes.KSV113.deny", + "Resolution": "Manage namespace secrets are not allowed. Remove resource 'secrets' from role", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0113", + "References": [ + "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", + "https://avd.aquasec.com/misconfig/ksv-0113" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 19, + "EndLine": 26, + "Code": { + "Lines": [ + { + "Number": 19, + "Content": " - apiGroups:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 20, + "Content": " - \"\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;37m\"\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " resources:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": " - secrets", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - secrets", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 23, + "Content": " verbs:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 24, + "Content": " - get", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - get", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 25, + "Content": " - list", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - list", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 26, + "Content": " - watch", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - watch", + "FirstCause": false, + "LastCause": true + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "metallb-system", + "Kind": "RoleBinding", + "Name": "controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "RoleBinding/controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "metallb-system", + "Kind": "RoleBinding", + "Name": "pod-lister", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "RoleBinding/pod-lister", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "metallb-system", + "Kind": "Service", + "Name": "metallb-webhook-service", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/metallb-webhook-service", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "metallb-system", + "Kind": "ServiceAccount", + "Name": "controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/controller", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "metallb-system", + "Kind": "ServiceAccount", + "Name": "default", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/default", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "metallb-system", + "Kind": "ServiceAccount", + "Name": "speaker", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/speaker", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "prometheus", + "Kind": "ConfigMap", + "Name": "alertmanager-conf", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/alertmanager-conf", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-01010", + "Title": "ConfigMap with sensitive content", + "Description": "Storing sensitive content such as usernames and email addresses in configMaps is unsafe", + "Message": "ConfigMap 'alertmanager-conf' in 'prometheus' namespace stores sensitive contents in key(s) or value(s) '{\" \\\"from\\\"\", \" \\\"to\\\"\"}'", + "Namespace": "builtin.kubernetes.KSV01010", + "Query": "data.builtin.kubernetes.KSV01010.deny", + "Resolution": "Remove sensitive content from configMap data value", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-01010", + "References": [ + "https://avd.aquasec.com/misconfig/ksv-01010" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general" + } + } + ] + } + ] + }, + { + "Namespace": "prometheus", + "Kind": "ConfigMap", + "Name": "auth-exporter-config", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/auth-exporter-config", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-01010", + "Title": "ConfigMap with sensitive content", + "Description": "Storing sensitive content such as usernames and email addresses in configMaps is unsafe", + "Message": "ConfigMap 'auth-exporter-config' in 'prometheus' namespace stores sensitive contents in key(s) or value(s) '{\" active_sessions_by_user.labels(source\", \" active_sessions_by_user.labels(source\", \" childu \", \" auth_sessions_by_user.labels(source\", \" username \", \"USERNAME \"}'", + "Namespace": "builtin.kubernetes.KSV01010", + "Query": "data.builtin.kubernetes.KSV01010.deny", + "Resolution": "Remove sensitive content from configMap data value", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-01010", + "References": [ + "https://avd.aquasec.com/misconfig/ksv-01010" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general" + } + } + ] + } + ] + }, + { + "Namespace": "prometheus", + "Kind": "ConfigMap", + "Name": "kube-root-ca.crt", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/kube-root-ca.crt", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "prometheus", + "Kind": "ConfigMap", + "Name": "prometheus-server-conf", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/prometheus-server-conf", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "prometheus", + "Kind": "Deployment", + "Name": "alertmanager", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Deployment/alertmanager", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 51, + "Failures": 6 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0013", + "Title": "Image tag \":latest\" used", + "Description": "It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.", + "Message": "Container 'alertmanager' of Deployment 'alertmanager' should specify an image tag", + "Namespace": "builtin.kubernetes.KSV013", + "Query": "data.builtin.kubernetes.KSV013.deny", + "Resolution": "Use a specific container image tag that is not 'latest'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0013", + "References": [ + "https://kubernetes.io/docs/concepts/configuration/overview/#container-images", + "https://avd.aquasec.com/misconfig/ksv-0013" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 62, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " - --config.file=/etc/alertmanager/alertmanager.yml", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --config.file=/etc/alertmanager/alertmanager.yml", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - --storage.path=/alertmanager", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --storage.path=/alertmanager", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " image: prom/alertmanager:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: prom/alertmanager:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " name: alertmanager", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: alertmanager", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - containerPort: 9093", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9093", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " name: http", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0014", + "Title": "Root file system is not read-only", + "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", + "Message": "Container 'alertmanager' of Deployment 'alertmanager' should set 'securityContext.readOnlyRootFilesystem' to true", + "Namespace": "builtin.kubernetes.KSV014", + "Query": "data.builtin.kubernetes.KSV014.deny", + "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", + "https://avd.aquasec.com/misconfig/ksv-0014" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 62, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " - --config.file=/etc/alertmanager/alertmanager.yml", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --config.file=/etc/alertmanager/alertmanager.yml", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - --storage.path=/alertmanager", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --storage.path=/alertmanager", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " image: prom/alertmanager:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: prom/alertmanager:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " name: alertmanager", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: alertmanager", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - containerPort: 9093", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9093", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " name: http", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0023", + "Title": "hostPath volumes mounted", + "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", + "Message": "Deployment 'alertmanager' should not set 'spec.template.volumes.hostPath'", + "Namespace": "builtin.kubernetes.KSV023", + "Query": "data.builtin.kubernetes.KSV023.deny", + "Resolution": "Do not set 'spec.volumes[*].hostPath'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0023" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 14, + "EndLine": 79, + "Code": { + "Lines": [ + { + "Number": 14, + "Content": "spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 15, + "Content": " progressDeadlineSeconds: 600", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " replicas: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " revisionHistoryLimit: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " selector:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " matchLabels:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " app: alertmanager", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapp\u001b[0m: alertmanager", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " strategy:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": " rollingUpdate:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mrollingUpdate\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 23, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"alertmanager\" of deployment \"alertmanager\" in \"prometheus\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 62, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " - --config.file=/etc/alertmanager/alertmanager.yml", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --config.file=/etc/alertmanager/alertmanager.yml", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - --storage.path=/alertmanager", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --storage.path=/alertmanager", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " image: prom/alertmanager:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: prom/alertmanager:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " name: alertmanager", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: alertmanager", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - containerPort: 9093", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9093", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " name: http", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "deployment alertmanager in prometheus namespace is using the default security context, which allows root privileges", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 33, + "EndLine": 79, + "Code": { + "Lines": [ + { + "Number": 33, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 34, + "Content": " automountServiceAccountToken: true", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " containers:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - --config.file=/etc/alertmanager/alertmanager.yml", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --config.file=/etc/alertmanager/alertmanager.yml", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - --storage.path=/alertmanager", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --storage.path=/alertmanager", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " image: prom/alertmanager:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: prom/alertmanager:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " name: alertmanager", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: alertmanager", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 42, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0125", + "Title": "Restrict container images to trusted registries", + "Description": "Ensure that all containers use images only from trusted registry domains.", + "Message": "Container alertmanager in deployment alertmanager (namespace: prometheus) uses an image from an untrusted registry.", + "Namespace": "builtin.kubernetes.KSV0125", + "Query": "data.builtin.kubernetes.KSV0125.deny", + "Resolution": "Use images from trusted registries.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", + "References": [ + "https://cloud.google.com/container-registry/docs/overview#registries", + "https://docs.aws.amazon.com/general/latest/gr/ecr.html", + "https://avd.aquasec.com/misconfig/ksv-0125" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 62, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " - --config.file=/etc/alertmanager/alertmanager.yml", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --config.file=/etc/alertmanager/alertmanager.yml", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - --storage.path=/alertmanager", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --storage.path=/alertmanager", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " image: prom/alertmanager:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: prom/alertmanager:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " name: alertmanager", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: alertmanager", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - containerPort: 9093", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9093", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " name: http", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "prometheus", + "Kind": "Deployment", + "Name": "auth-exporter", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Deployment/auth-exporter", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 52, + "Failures": 5 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0001", + "Title": "Can elevate its own privileges", + "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", + "Message": "Container 'auth-exporter' of Deployment 'auth-exporter' should set 'securityContext.allowPrivilegeEscalation' to false", + "Namespace": "builtin.kubernetes.KSV001", + "Query": "data.builtin.kubernetes.KSV001.deny", + "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0001", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0001" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 37, + "EndLine": 69, + "Code": { + "Lines": [ + { + "Number": 37, + "Content": " - command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 38, + "Content": " - sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - -c", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -c", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /exporter/requirements.txt \u0026\u0026 python /exporter/exporter.py --export-usernames", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /exporter/requirements.txt \u0026\u0026 python /exporter/exporter.py --export-usernames", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " image: python:3.12-slim", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: python:3.12-slim", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " name: auth-exporter", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: auth-exporter", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " - containerPort: 9100", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9100", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 46, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0012", + "Title": "Runs as root user", + "Description": "Force the running image to run as a non-root user to ensure least privileges.", + "Message": "Container 'auth-exporter' of Deployment 'auth-exporter' should set 'securityContext.runAsNonRoot' to true", + "Namespace": "builtin.kubernetes.KSV012", + "Query": "data.builtin.kubernetes.KSV012.deny", + "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0012" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 37, + "EndLine": 69, + "Code": { + "Lines": [ + { + "Number": 37, + "Content": " - command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 38, + "Content": " - sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - -c", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -c", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /exporter/requirements.txt \u0026\u0026 python /exporter/exporter.py --export-usernames", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /exporter/requirements.txt \u0026\u0026 python /exporter/exporter.py --export-usernames", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " image: python:3.12-slim", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: python:3.12-slim", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " name: auth-exporter", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: auth-exporter", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " - containerPort: 9100", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9100", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 46, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0023", + "Title": "hostPath volumes mounted", + "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", + "Message": "Deployment 'auth-exporter' should not set 'spec.template.volumes.hostPath'", + "Namespace": "builtin.kubernetes.KSV023", + "Query": "data.builtin.kubernetes.KSV023.deny", + "Resolution": "Do not set 'spec.volumes[*].hostPath'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0023" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 14, + "EndLine": 92, + "Code": { + "Lines": [ + { + "Number": 14, + "Content": "spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 15, + "Content": " progressDeadlineSeconds: 600", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " replicas: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " revisionHistoryLimit: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " selector:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " matchLabels:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " app: auth-exporter", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapp\u001b[0m: auth-exporter", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " strategy:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": " rollingUpdate:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mrollingUpdate\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 23, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"auth-exporter\" of deployment \"auth-exporter\" in \"prometheus\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 37, + "EndLine": 69, + "Code": { + "Lines": [ + { + "Number": 37, + "Content": " - command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 38, + "Content": " - sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - -c", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -c", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /exporter/requirements.txt \u0026\u0026 python /exporter/exporter.py --export-usernames", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /exporter/requirements.txt \u0026\u0026 python /exporter/exporter.py --export-usernames", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " image: python:3.12-slim", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: python:3.12-slim", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " name: auth-exporter", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: auth-exporter", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " - containerPort: 9100", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9100", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 46, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "deployment auth-exporter in prometheus namespace is using the default security context, which allows root privileges", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 34, + "EndLine": 92, + "Code": { + "Lines": [ + { + "Number": 34, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 35, + "Content": " automountServiceAccountToken: false", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mfalse", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " containers:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - -c", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -c", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /exporter/requirements.txt \u0026\u0026 python /exporter/exporter.py --export-usernames", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /exporter/requirements.txt \u0026\u0026 python /exporter/exporter.py --export-usernames", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " image: python:3.12-slim", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: python:3.12-slim", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 43, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "prometheus", + "Kind": "Deployment", + "Name": "fail2ban-exporter", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Deployment/fail2ban-exporter", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 50, + "Failures": 7 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0001", + "Title": "Can elevate its own privileges", + "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", + "Message": "Container 'fail2ban-exporter' of Deployment 'fail2ban-exporter' should set 'securityContext.allowPrivilegeEscalation' to false", + "Namespace": "builtin.kubernetes.KSV001", + "Query": "data.builtin.kubernetes.KSV001.deny", + "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0001", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0001" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 34, + "EndLine": 56, + "Code": { + "Lines": [ + { + "Number": 34, + "Content": " - image: registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 35, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " name: fail2ban-exporter", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: fail2ban-exporter", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - containerPort: 9191", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9191", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " name: http", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " resources: {}", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m: {}", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " securityContext:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecurityContext\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 43, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0012", + "Title": "Runs as root user", + "Description": "Force the running image to run as a non-root user to ensure least privileges.", + "Message": "Container 'fail2ban-exporter' of Deployment 'fail2ban-exporter' should set 'securityContext.runAsNonRoot' to true", + "Namespace": "builtin.kubernetes.KSV012", + "Query": "data.builtin.kubernetes.KSV012.deny", + "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0012" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 34, + "EndLine": 56, + "Code": { + "Lines": [ + { + "Number": 34, + "Content": " - image: registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 35, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " name: fail2ban-exporter", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: fail2ban-exporter", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - containerPort: 9191", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9191", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " name: http", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " resources: {}", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m: {}", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " securityContext:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecurityContext\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 43, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0013", + "Title": "Image tag \":latest\" used", + "Description": "It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.", + "Message": "Container 'fail2ban-exporter' of Deployment 'fail2ban-exporter' should specify an image tag", + "Namespace": "builtin.kubernetes.KSV013", + "Query": "data.builtin.kubernetes.KSV013.deny", + "Resolution": "Use a specific container image tag that is not 'latest'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0013", + "References": [ + "https://kubernetes.io/docs/concepts/configuration/overview/#container-images", + "https://avd.aquasec.com/misconfig/ksv-0013" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 34, + "EndLine": 56, + "Code": { + "Lines": [ + { + "Number": 34, + "Content": " - image: registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 35, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " name: fail2ban-exporter", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: fail2ban-exporter", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - containerPort: 9191", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9191", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " name: http", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " resources: {}", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m: {}", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " securityContext:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecurityContext\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 43, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0023", + "Title": "hostPath volumes mounted", + "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", + "Message": "Deployment 'fail2ban-exporter' should not set 'spec.template.volumes.hostPath'", + "Namespace": "builtin.kubernetes.KSV023", + "Query": "data.builtin.kubernetes.KSV023.deny", + "Resolution": "Do not set 'spec.volumes[*].hostPath'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0023" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 14, + "EndLine": 72, + "Code": { + "Lines": [ + { + "Number": 14, + "Content": "spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 15, + "Content": " progressDeadlineSeconds: 600", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " replicas: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " revisionHistoryLimit: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " selector:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " matchLabels:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " k8s-app: fail2ban-exporter", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mk8s-app\u001b[0m: fail2ban-exporter", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " strategy:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": " rollingUpdate:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mrollingUpdate\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 23, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"fail2ban-exporter\" of deployment \"fail2ban-exporter\" in \"prometheus\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 34, + "EndLine": 56, + "Code": { + "Lines": [ + { + "Number": 34, + "Content": " - image: registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 35, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " name: fail2ban-exporter", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: fail2ban-exporter", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - containerPort: 9191", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9191", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " name: http", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " resources: {}", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m: {}", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " securityContext:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecurityContext\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 43, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "deployment fail2ban-exporter in prometheus namespace is using the default security context, which allows root privileges", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 31, + "EndLine": 72, + "Code": { + "Lines": [ + { + "Number": 31, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 32, + "Content": " automountServiceAccountToken: false", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mfalse", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " containers:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - image: registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " name: fail2ban-exporter", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: fail2ban-exporter", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - containerPort: 9191", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9191", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " name: http", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 40, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0125", + "Title": "Restrict container images to trusted registries", + "Description": "Ensure that all containers use images only from trusted registry domains.", + "Message": "Container fail2ban-exporter in deployment fail2ban-exporter (namespace: prometheus) uses an image from an untrusted registry.", + "Namespace": "builtin.kubernetes.KSV0125", + "Query": "data.builtin.kubernetes.KSV0125.deny", + "Resolution": "Use images from trusted registries.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", + "References": [ + "https://cloud.google.com/container-registry/docs/overview#registries", + "https://docs.aws.amazon.com/general/latest/gr/ecr.html", + "https://avd.aquasec.com/misconfig/ksv-0125" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 34, + "EndLine": 56, + "Code": { + "Lines": [ + { + "Number": 34, + "Content": " - image: registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 35, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " name: fail2ban-exporter", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: fail2ban-exporter", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - containerPort: 9191", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9191", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " name: http", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " resources: {}", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mresources\u001b[0m: {}", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " securityContext:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecurityContext\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 43, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "prometheus", + "Kind": "Deployment", + "Name": "node-exporter", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Deployment/node-exporter", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 49, + "Failures": 8 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0001", + "Title": "Can elevate its own privileges", + "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", + "Message": "Container 'node-exporter' of Deployment 'node-exporter' should set 'securityContext.allowPrivilegeEscalation' to false", + "Namespace": "builtin.kubernetes.KSV001", + "Query": "data.builtin.kubernetes.KSV001.deny", + "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0001", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0001" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 34, + "EndLine": 58, + "Code": { + "Lines": [ + { + "Number": 34, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 35, + "Content": " - --path.rootfs=/host/root", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --path.rootfs=/host/root", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " image: quay.io/prometheus/node-exporter:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: quay.io/prometheus/node-exporter:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " name: node-exporter", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: node-exporter", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - containerPort: 9100", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9100", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " name: http", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 43, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0012", + "Title": "Runs as root user", + "Description": "Force the running image to run as a non-root user to ensure least privileges.", + "Message": "Container 'node-exporter' of Deployment 'node-exporter' should set 'securityContext.runAsNonRoot' to true", + "Namespace": "builtin.kubernetes.KSV012", + "Query": "data.builtin.kubernetes.KSV012.deny", + "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0012" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 34, + "EndLine": 58, + "Code": { + "Lines": [ + { + "Number": 34, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 35, + "Content": " - --path.rootfs=/host/root", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --path.rootfs=/host/root", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " image: quay.io/prometheus/node-exporter:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: quay.io/prometheus/node-exporter:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " name: node-exporter", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: node-exporter", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - containerPort: 9100", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9100", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " name: http", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 43, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0013", + "Title": "Image tag \":latest\" used", + "Description": "It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.", + "Message": "Container 'node-exporter' of Deployment 'node-exporter' should specify an image tag", + "Namespace": "builtin.kubernetes.KSV013", + "Query": "data.builtin.kubernetes.KSV013.deny", + "Resolution": "Use a specific container image tag that is not 'latest'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0013", + "References": [ + "https://kubernetes.io/docs/concepts/configuration/overview/#container-images", + "https://avd.aquasec.com/misconfig/ksv-0013" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 34, + "EndLine": 58, + "Code": { + "Lines": [ + { + "Number": 34, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 35, + "Content": " - --path.rootfs=/host/root", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --path.rootfs=/host/root", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " image: quay.io/prometheus/node-exporter:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: quay.io/prometheus/node-exporter:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " name: node-exporter", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: node-exporter", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - containerPort: 9100", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9100", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " name: http", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 43, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0023", + "Title": "hostPath volumes mounted", + "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", + "Message": "Deployment 'node-exporter' should not set 'spec.template.volumes.hostPath'", + "Namespace": "builtin.kubernetes.KSV023", + "Query": "data.builtin.kubernetes.KSV023.deny", + "Resolution": "Do not set 'spec.volumes[*].hostPath'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0023" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 14, + "EndLine": 74, + "Code": { + "Lines": [ + { + "Number": 14, + "Content": "spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 15, + "Content": " progressDeadlineSeconds: 600", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " replicas: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " revisionHistoryLimit: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " selector:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " matchLabels:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " k8s-app: node-exporter", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mk8s-app\u001b[0m: node-exporter", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " strategy:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": " rollingUpdate:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mrollingUpdate\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 23, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"node-exporter\" of deployment \"node-exporter\" in \"prometheus\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 34, + "EndLine": 58, + "Code": { + "Lines": [ + { + "Number": 34, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 35, + "Content": " - --path.rootfs=/host/root", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --path.rootfs=/host/root", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " image: quay.io/prometheus/node-exporter:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: quay.io/prometheus/node-exporter:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " name: node-exporter", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: node-exporter", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - containerPort: 9100", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9100", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " name: http", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 43, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "deployment node-exporter in prometheus namespace is using the default security context, which allows root privileges", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 31, + "EndLine": 74, + "Code": { + "Lines": [ + { + "Number": 31, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 32, + "Content": " automountServiceAccountToken: false", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mfalse", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " containers:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - --path.rootfs=/host/root", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --path.rootfs=/host/root", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " image: quay.io/prometheus/node-exporter:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: quay.io/prometheus/node-exporter:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " name: node-exporter", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: node-exporter", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 40, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0121", + "Title": "Kubernetes resource with disallowed volumes mounted", + "Description": "HostPath present many security risks and as a security practice it is better to avoid critical host paths mounts.", + "Message": "deployment node-exporter in prometheus namespace shouldn't have volumes set to {\"/\"}", + "Namespace": "builtin.kubernetes.KSV121", + "Query": "data.builtin.kubernetes.KSV121.deny", + "Resolution": "Do not Set 'spec.volumes[*].hostPath.path' to any of the disallowed volumes.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0121", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0121" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 14, + "EndLine": 74, + "Code": { + "Lines": [ + { + "Number": 14, + "Content": "spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 15, + "Content": " progressDeadlineSeconds: 600", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " replicas: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " revisionHistoryLimit: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " selector:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " matchLabels:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " k8s-app: node-exporter", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mk8s-app\u001b[0m: node-exporter", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " strategy:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": " rollingUpdate:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mrollingUpdate\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 23, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0125", + "Title": "Restrict container images to trusted registries", + "Description": "Ensure that all containers use images only from trusted registry domains.", + "Message": "Container node-exporter in deployment node-exporter (namespace: prometheus) uses an image from an untrusted registry.", + "Namespace": "builtin.kubernetes.KSV0125", + "Query": "data.builtin.kubernetes.KSV0125.deny", + "Resolution": "Use images from trusted registries.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", + "References": [ + "https://cloud.google.com/container-registry/docs/overview#registries", + "https://docs.aws.amazon.com/general/latest/gr/ecr.html", + "https://avd.aquasec.com/misconfig/ksv-0125" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 34, + "EndLine": 58, + "Code": { + "Lines": [ + { + "Number": 34, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 35, + "Content": " - --path.rootfs=/host/root", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --path.rootfs=/host/root", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " image: quay.io/prometheus/node-exporter:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: quay.io/prometheus/node-exporter:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " name: node-exporter", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: node-exporter", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " - containerPort: 9100", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9100", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " name: http", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " protocol: TCP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 43, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "prometheus", + "Kind": "Deployment", + "Name": "prometheus", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Deployment/prometheus", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 51, + "Failures": 6 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0013", + "Title": "Image tag \":latest\" used", + "Description": "It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.", + "Message": "Container 'prometheus' of Deployment 'prometheus' should specify an image tag", + "Namespace": "builtin.kubernetes.KSV013", + "Query": "data.builtin.kubernetes.KSV013.deny", + "Resolution": "Use a specific container image tag that is not 'latest'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0013", + "References": [ + "https://kubernetes.io/docs/concepts/configuration/overview/#container-images", + "https://avd.aquasec.com/misconfig/ksv-0013" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 35, + "EndLine": 62, + "Code": { + "Lines": [ + { + "Number": 35, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 36, + "Content": " - --config.file=/etc/prometheus/prometheus.yml", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --config.file=/etc/prometheus/prometheus.yml", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - --storage.tsdb.path=/prometheus/", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --storage.tsdb.path=/prometheus/", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - --storage.tsdb.retention.time=15d", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --storage.tsdb.retention.time=15d", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " image: prom/prometheus:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: prom/prometheus:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " name: prometheus", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: prometheus", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - containerPort: 9090", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9090", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 44, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0014", + "Title": "Root file system is not read-only", + "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", + "Message": "Container 'prometheus' of Deployment 'prometheus' should set 'securityContext.readOnlyRootFilesystem' to true", + "Namespace": "builtin.kubernetes.KSV014", + "Query": "data.builtin.kubernetes.KSV014.deny", + "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", + "References": [ + "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", + "https://avd.aquasec.com/misconfig/ksv-0014" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 35, + "EndLine": 62, + "Code": { + "Lines": [ + { + "Number": 35, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 36, + "Content": " - --config.file=/etc/prometheus/prometheus.yml", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --config.file=/etc/prometheus/prometheus.yml", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - --storage.tsdb.path=/prometheus/", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --storage.tsdb.path=/prometheus/", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - --storage.tsdb.retention.time=15d", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --storage.tsdb.retention.time=15d", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " image: prom/prometheus:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: prom/prometheus:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " name: prometheus", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: prometheus", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - containerPort: 9090", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9090", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 44, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0023", + "Title": "hostPath volumes mounted", + "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", + "Message": "Deployment 'prometheus' should not set 'spec.template.volumes.hostPath'", + "Namespace": "builtin.kubernetes.KSV023", + "Query": "data.builtin.kubernetes.KSV023.deny", + "Resolution": "Do not set 'spec.volumes[*].hostPath'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0023" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 14, + "EndLine": 81, + "Code": { + "Lines": [ + { + "Number": 14, + "Content": "spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 15, + "Content": " progressDeadlineSeconds: 600", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " replicas: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " revisionHistoryLimit: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " selector:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " matchLabels:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " app: prometheus", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapp\u001b[0m: prometheus", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " strategy:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": " type: Recreate", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mtype\u001b[0m: Recreate", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 23, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"prometheus\" of deployment \"prometheus\" in \"prometheus\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 35, + "EndLine": 62, + "Code": { + "Lines": [ + { + "Number": 35, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 36, + "Content": " - --config.file=/etc/prometheus/prometheus.yml", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --config.file=/etc/prometheus/prometheus.yml", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - --storage.tsdb.path=/prometheus/", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --storage.tsdb.path=/prometheus/", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - --storage.tsdb.retention.time=15d", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --storage.tsdb.retention.time=15d", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " image: prom/prometheus:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: prom/prometheus:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " name: prometheus", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: prometheus", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - containerPort: 9090", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9090", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 44, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "deployment prometheus in prometheus namespace is using the default security context, which allows root privileges", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 32, + "EndLine": 81, + "Code": { + "Lines": [ + { + "Number": 32, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 33, + "Content": " automountServiceAccountToken: true", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " containers:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - --config.file=/etc/prometheus/prometheus.yml", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --config.file=/etc/prometheus/prometheus.yml", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - --storage.tsdb.path=/prometheus/", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --storage.tsdb.path=/prometheus/", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - --storage.tsdb.retention.time=15d", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --storage.tsdb.retention.time=15d", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " image: prom/prometheus:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: prom/prometheus:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 41, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0125", + "Title": "Restrict container images to trusted registries", + "Description": "Ensure that all containers use images only from trusted registry domains.", + "Message": "Container prometheus in deployment prometheus (namespace: prometheus) uses an image from an untrusted registry.", + "Namespace": "builtin.kubernetes.KSV0125", + "Query": "data.builtin.kubernetes.KSV0125.deny", + "Resolution": "Use images from trusted registries.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", + "References": [ + "https://cloud.google.com/container-registry/docs/overview#registries", + "https://docs.aws.amazon.com/general/latest/gr/ecr.html", + "https://avd.aquasec.com/misconfig/ksv-0125" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 35, + "EndLine": 62, + "Code": { + "Lines": [ + { + "Number": 35, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 36, + "Content": " - --config.file=/etc/prometheus/prometheus.yml", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --config.file=/etc/prometheus/prometheus.yml", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " - --storage.tsdb.path=/prometheus/", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --storage.tsdb.path=/prometheus/", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - --storage.tsdb.retention.time=15d", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - --storage.tsdb.retention.time=15d", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " image: prom/prometheus:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: prom/prometheus:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " name: prometheus", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: prometheus", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - containerPort: 9090", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9090", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 44, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "prometheus", + "Kind": "Service", + "Name": "alertmanager", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/alertmanager", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "prometheus", + "Kind": "Service", + "Name": "auth-exporter", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/auth-exporter", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "prometheus", + "Kind": "Service", + "Name": "fail2ban-exporter", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/fail2ban-exporter", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "prometheus", + "Kind": "Service", + "Name": "node-exporter", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/node-exporter", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "prometheus", + "Kind": "Service", + "Name": "prometheus", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/prometheus", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "prometheus", + "Kind": "ServiceAccount", + "Name": "auth-exporter-sa", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/auth-exporter-sa", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "prometheus", + "Kind": "ServiceAccount", + "Name": "default", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/default", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "prometheus", + "Kind": "ServiceAccount", + "Name": "fail2ban-exporter", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/fail2ban-exporter", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "prometheus", + "Kind": "ServiceAccount", + "Name": "node-exporter", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/node-exporter", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "prometheus", + "Kind": "ServiceAccount", + "Name": "prometheus", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/prometheus", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "proxy", + "Kind": "ConfigMap", + "Name": "auth-script", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/auth-script", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0109", + "Title": "ConfigMap with secrets", + "Description": "Storing secrets in configMaps is unsafe", + "Message": "ConfigMap 'auth-script' in 'proxy' namespace stores secrets in key(s) or value(s) '{\"EXPECTED_TOKEN \"}'", + "Namespace": "builtin.kubernetes.KSV0109", + "Query": "data.builtin.kubernetes.KSV0109.deny", + "Resolution": "Remove password/secret from configMap data value", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0109", + "References": [ + "https://avd.aquasec.com/misconfig/ksv-0109" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general" + } + } + ] + } + ] + }, + { + "Namespace": "proxy", + "Kind": "ConfigMap", + "Name": "kube-root-ca.crt", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/kube-root-ca.crt", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "proxy", + "Kind": "ConfigMap", + "Name": "nginx-config", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/nginx-config", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "proxy", + "Kind": "ConfigMap", + "Name": "nginx-default-config", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/nginx-default-config", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "proxy", + "Kind": "ConfigMap", + "Name": "nginx-errors", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/nginx-errors", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "proxy", + "Kind": "ConfigMap", + "Name": "nginx-streams-config", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/nginx-streams-config", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "proxy", + "Kind": "ConfigMap", + "Name": "wireguard-config", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/wireguard-config", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 56, + "Failures": 1 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-01010", + "Title": "ConfigMap with sensitive content", + "Description": "Storing sensitive content such as usernames and email addresses in configMaps is unsafe", + "Message": "ConfigMap 'wireguard-config' in 'proxy' namespace stores sensitive contents in key(s) or value(s) '{\"PresharedKey \", \"PrivateKey \", \"PublicKey \"}'", + "Namespace": "builtin.kubernetes.KSV01010", + "Query": "data.builtin.kubernetes.KSV01010.deny", + "Resolution": "Remove sensitive content from configMap data value", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-01010", + "References": [ + "https://avd.aquasec.com/misconfig/ksv-01010" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general" + } + } + ] + } + ] + }, + { + "Namespace": "proxy", + "Kind": "Deployment", + "Name": "proxy", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Deployment/proxy", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 48, + "Failures": 14 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0001", + "Title": "Can elevate its own privileges", + "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", + "Message": "Container 'wireguard' of Deployment 'proxy' should set 'securityContext.allowPrivilegeEscalation' to false", + "Namespace": "builtin.kubernetes.KSV001", + "Query": "data.builtin.kubernetes.KSV001.deny", + "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0001", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0001" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 38, + "EndLine": 83, + "Code": { + "Lines": [ + { + "Number": 38, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: PUID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " - name: PGID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - name: TZ", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " value: Europe/Berlin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: Europe/Berlin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " image: linuxserver/wireguard:1.0.20210914-r4-ls54", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: linuxserver/wireguard:1.0.20210914-r4-ls54", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 46, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 47, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0012", + "Title": "Runs as root user", + "Description": "Force the running image to run as a non-root user to ensure least privileges.", + "Message": "Container 'proxy' of Deployment 'proxy' should set 'securityContext.runAsNonRoot' to true", + "Namespace": "builtin.kubernetes.KSV012", + "Query": "data.builtin.kubernetes.KSV012.deny", + "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0012" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 118, + "EndLine": 210, + "Code": { + "Lines": [ + { + "Number": 118, + "Content": " - image: nginx:stable-alpine", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: nginx:stable-alpine", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 119, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 120, + "Content": " livenessProbe:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 121, + "Content": " failureThreshold: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 122, + "Content": " httpGet:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mhttpGet\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 123, + "Content": " path: /health", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mpath\u001b[0m: /health", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 124, + "Content": " port: 8888", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mport\u001b[0m: \u001b[38;5;37m8888", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 125, + "Content": " scheme: HTTP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mscheme\u001b[0m: HTTP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 126, + "Content": " initialDelaySeconds: 5", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33minitialDelaySeconds\u001b[0m: \u001b[38;5;37m5", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 127, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0012", + "Title": "Runs as root user", + "Description": "Force the running image to run as a non-root user to ensure least privileges.", + "Message": "Container 'wireguard' of Deployment 'proxy' should set 'securityContext.runAsNonRoot' to true", + "Namespace": "builtin.kubernetes.KSV012", + "Query": "data.builtin.kubernetes.KSV012.deny", + "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0012" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 38, + "EndLine": 83, + "Code": { + "Lines": [ + { + "Number": 38, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: PUID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " - name: PGID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - name: TZ", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " value: Europe/Berlin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: Europe/Berlin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " image: linuxserver/wireguard:1.0.20210914-r4-ls54", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: linuxserver/wireguard:1.0.20210914-r4-ls54", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 46, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 47, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0017", + "Title": "Privileged", + "Description": "Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges.", + "Message": "Container 'wireguard' of Deployment 'proxy' should set 'securityContext.privileged' to false", + "Namespace": "builtin.kubernetes.KSV017", + "Query": "data.builtin.kubernetes.KSV017.deny", + "Resolution": "Change 'containers[].securityContext.privileged' to 'false'.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0017", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0017" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 38, + "EndLine": 83, + "Code": { + "Lines": [ + { + "Number": 38, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: PUID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " - name: PGID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - name: TZ", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " value: Europe/Berlin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: Europe/Berlin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " image: linuxserver/wireguard:1.0.20210914-r4-ls54", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: linuxserver/wireguard:1.0.20210914-r4-ls54", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 46, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 47, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0022", + "Title": "Specific capabilities added", + "Description": "According to pod security standard 'Capabilities', capabilities beyond the default set must not be added.", + "Message": "Container 'wireguard' of Deployment 'proxy' should not set 'securityContext.capabilities.add'", + "Namespace": "builtin.kubernetes.KSV022", + "Query": "data.builtin.kubernetes.KSV022.deny", + "Resolution": "Do not set spec.containers[*].securityContext.capabilities.add and spec.initContainers[*].securityContext.capabilities.add.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0022", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0022" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 38, + "EndLine": 83, + "Code": { + "Lines": [ + { + "Number": 38, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: PUID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " - name: PGID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - name: TZ", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " value: Europe/Berlin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: Europe/Berlin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " image: linuxserver/wireguard:1.0.20210914-r4-ls54", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: linuxserver/wireguard:1.0.20210914-r4-ls54", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 46, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 47, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0023", + "Title": "hostPath volumes mounted", + "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", + "Message": "Deployment 'proxy' should not set 'spec.template.volumes.hostPath'", + "Namespace": "builtin.kubernetes.KSV023", + "Query": "data.builtin.kubernetes.KSV023.deny", + "Resolution": "Do not set 'spec.volumes[*].hostPath'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0023" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 13, + "EndLine": 267, + "Code": { + "Lines": [ + { + "Number": 13, + "Content": "spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 14, + "Content": " progressDeadlineSeconds: 600", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " replicas: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " revisionHistoryLimit: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " selector:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " matchLabels:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " app: proxy", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapp\u001b[0m: proxy", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " strategy:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " type: Recreate", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mtype\u001b[0m: Recreate", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 22, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0024", + "Title": "Access to host ports", + "Description": "According to pod security standard 'Host Ports', hostPorts should be disallowed, or at minimum restricted to a known list.", + "Message": "Container 'proxy' of Deployment 'proxy' should not set host ports, 'ports[*].hostPort'", + "Namespace": "builtin.kubernetes.KSV024", + "Query": "data.builtin.kubernetes.KSV024.deny", + "Resolution": "Do not set spec.containers[*].ports[*].hostPort and spec.initContainers[*].ports[*].hostPort.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0024", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0024" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 84, + "EndLine": 117, + "Code": { + "Lines": [ + { + "Number": 84, + "Content": " - command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 85, + "Content": " - python", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - python", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 86, + "Content": " - /app/auth_server.py", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /app/auth_server.py", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 87, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 88, + "Content": " - name: AUTH_TOKEN", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: AUTH_TOKEN", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 89, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 90, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 91, + "Content": " key: token", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mkey\u001b[0m: token", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 92, + "Content": " name: auth-token-secret", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: auth-token-secret", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 93, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0024", + "Title": "Access to host ports", + "Description": "According to pod security standard 'Host Ports', hostPorts should be disallowed, or at minimum restricted to a known list.", + "Message": "Container 'proxy' of Deployment 'proxy' should not set host ports, 'ports[*].hostPort'", + "Namespace": "builtin.kubernetes.KSV024", + "Query": "data.builtin.kubernetes.KSV024.deny", + "Resolution": "Do not set spec.containers[*].ports[*].hostPort and spec.initContainers[*].ports[*].hostPort.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0024", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0024" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 38, + "EndLine": 83, + "Code": { + "Lines": [ + { + "Number": 38, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: PUID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " - name: PGID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - name: TZ", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " value: Europe/Berlin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: Europe/Berlin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " image: linuxserver/wireguard:1.0.20210914-r4-ls54", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: linuxserver/wireguard:1.0.20210914-r4-ls54", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 46, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 47, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0024", + "Title": "Access to host ports", + "Description": "According to pod security standard 'Host Ports', hostPorts should be disallowed, or at minimum restricted to a known list.", + "Message": "Container 'proxy' of Deployment 'proxy' should not set host ports, 'ports[*].hostPort'", + "Namespace": "builtin.kubernetes.KSV024", + "Query": "data.builtin.kubernetes.KSV024.deny", + "Resolution": "Do not set spec.containers[*].ports[*].hostPort and spec.initContainers[*].ports[*].hostPort.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0024", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0024" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 118, + "EndLine": 210, + "Code": { + "Lines": [ + { + "Number": 118, + "Content": " - image: nginx:stable-alpine", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: nginx:stable-alpine", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 119, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 120, + "Content": " livenessProbe:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 121, + "Content": " failureThreshold: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 122, + "Content": " httpGet:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mhttpGet\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 123, + "Content": " path: /health", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mpath\u001b[0m: /health", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 124, + "Content": " port: 8888", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mport\u001b[0m: \u001b[38;5;37m8888", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 125, + "Content": " scheme: HTTP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mscheme\u001b[0m: HTTP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 126, + "Content": " initialDelaySeconds: 5", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33minitialDelaySeconds\u001b[0m: \u001b[38;5;37m5", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 127, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"auth-sidecar\" of deployment \"proxy\" in \"proxy\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 84, + "EndLine": 117, + "Code": { + "Lines": [ + { + "Number": 84, + "Content": " - command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 85, + "Content": " - python", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - python", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 86, + "Content": " - /app/auth_server.py", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /app/auth_server.py", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 87, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 88, + "Content": " - name: AUTH_TOKEN", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: AUTH_TOKEN", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 89, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 90, + "Content": " secretKeyRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 91, + "Content": " key: token", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mkey\u001b[0m: token", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 92, + "Content": " name: auth-token-secret", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: auth-token-secret", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 93, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"proxy\" of deployment \"proxy\" in \"proxy\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 118, + "EndLine": 210, + "Code": { + "Lines": [ + { + "Number": 118, + "Content": " - image: nginx:stable-alpine", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: nginx:stable-alpine", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 119, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 120, + "Content": " livenessProbe:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 121, + "Content": " failureThreshold: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 122, + "Content": " httpGet:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mhttpGet\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 123, + "Content": " path: /health", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mpath\u001b[0m: /health", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 124, + "Content": " port: 8888", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mport\u001b[0m: \u001b[38;5;37m8888", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 125, + "Content": " scheme: HTTP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mscheme\u001b[0m: HTTP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 126, + "Content": " initialDelaySeconds: 5", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33minitialDelaySeconds\u001b[0m: \u001b[38;5;37m5", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 127, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"wireguard\" of deployment \"proxy\" in \"proxy\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 38, + "EndLine": 83, + "Code": { + "Lines": [ + { + "Number": 38, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: PUID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " - name: PGID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - name: TZ", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " value: Europe/Berlin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: Europe/Berlin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " image: linuxserver/wireguard:1.0.20210914-r4-ls54", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: linuxserver/wireguard:1.0.20210914-r4-ls54", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 46, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 47, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "deployment proxy in proxy namespace is using the default security context, which allows root privileges", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 35, + "EndLine": 267, + "Code": { + "Lines": [ + { + "Number": 35, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 36, + "Content": " automountServiceAccountToken: true", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " containers:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: PUID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " - name: PGID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - name: TZ", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 44, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0125", + "Title": "Restrict container images to trusted registries", + "Description": "Ensure that all containers use images only from trusted registry domains.", + "Message": "Container wireguard in deployment proxy (namespace: proxy) uses an image from an untrusted registry.", + "Namespace": "builtin.kubernetes.KSV0125", + "Query": "data.builtin.kubernetes.KSV0125.deny", + "Resolution": "Use images from trusted registries.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", + "References": [ + "https://cloud.google.com/container-registry/docs/overview#registries", + "https://docs.aws.amazon.com/general/latest/gr/ecr.html", + "https://avd.aquasec.com/misconfig/ksv-0125" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 38, + "EndLine": 83, + "Code": { + "Lines": [ + { + "Number": 38, + "Content": " - env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 39, + "Content": " - name: PUID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " - name: PGID", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " value: \"1000\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " - name: TZ", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " value: Europe/Berlin", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: Europe/Berlin", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 45, + "Content": " image: linuxserver/wireguard:1.0.20210914-r4-ls54", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimage\u001b[0m: linuxserver/wireguard:1.0.20210914-r4-ls54", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 46, + "Content": " imagePullPolicy: IfNotPresent", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 47, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "proxy", + "Kind": "Ingress", + "Name": "nextcloud", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Ingress/nextcloud", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "proxy", + "Kind": "Ingress", + "Name": "open-webui", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Ingress/open-webui", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "proxy", + "Kind": "Service", + "Name": "nextcloud", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/nextcloud", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "proxy", + "Kind": "Service", + "Name": "ollama", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/ollama", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "proxy", + "Kind": "Service", + "Name": "open-webui", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/open-webui", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "proxy", + "Kind": "Service", + "Name": "stream-21115-tc", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/stream-21115-tc", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "proxy", + "Kind": "Service", + "Name": "stream-21116-tc", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/stream-21116-tc", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "proxy", + "Kind": "Service", + "Name": "stream-21116-ud", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/stream-21116-ud", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "proxy", + "Kind": "Service", + "Name": "stream-21117-tc", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/stream-21117-tc", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "proxy", + "Kind": "Service", + "Name": "stream-9090-tcp", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/stream-9090-tcp", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "proxy", + "Kind": "ServiceAccount", + "Name": "default", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/default", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "proxy", + "Kind": "ServiceAccount", + "Name": "proxy-app-sa", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/proxy-app-sa", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "rustdesk", + "Kind": "ConfigMap", + "Name": "kube-root-ca.crt", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/kube-root-ca.crt", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "rustdesk", + "Kind": "ConfigMap", + "Name": "rustdesk-config", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/rustdesk-config", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "rustdesk", + "Kind": "Deployment", + "Name": "rustdesk", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Deployment/rustdesk", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 51, + "Failures": 6 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0012", + "Title": "Runs as root user", + "Description": "Force the running image to run as a non-root user to ensure least privileges.", + "Message": "Container 'rustdesk-container' of Deployment 'rustdesk' should set 'securityContext.runAsNonRoot' to true", + "Namespace": "builtin.kubernetes.KSV012", + "Query": "data.builtin.kubernetes.KSV012.deny", + "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0012" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 34, + "EndLine": 78, + "Code": { + "Lines": [ + { + "Number": 34, + "Content": " - envFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menvFrom\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 35, + "Content": " - configMapRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mconfigMapRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " name: rustdesk-config", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: rustdesk-config", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " optional: false", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " image: rustdesk/rustdesk-server-s6:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mimage\u001b[0m: rustdesk/rustdesk-server-s6:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " name: rustdesk-container", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: rustdesk-container", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " - containerPort: 21115", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m21115", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 43, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0013", + "Title": "Image tag \":latest\" used", + "Description": "It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.", + "Message": "Container 'rustdesk-container' of Deployment 'rustdesk' should specify an image tag", + "Namespace": "builtin.kubernetes.KSV013", + "Query": "data.builtin.kubernetes.KSV013.deny", + "Resolution": "Use a specific container image tag that is not 'latest'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0013", + "References": [ + "https://kubernetes.io/docs/concepts/configuration/overview/#container-images", + "https://avd.aquasec.com/misconfig/ksv-0013" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 34, + "EndLine": 78, + "Code": { + "Lines": [ + { + "Number": 34, + "Content": " - envFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menvFrom\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 35, + "Content": " - configMapRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mconfigMapRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " name: rustdesk-config", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: rustdesk-config", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " optional: false", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " image: rustdesk/rustdesk-server-s6:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mimage\u001b[0m: rustdesk/rustdesk-server-s6:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " name: rustdesk-container", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: rustdesk-container", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " - containerPort: 21115", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m21115", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 43, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0023", + "Title": "hostPath volumes mounted", + "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", + "Message": "Deployment 'rustdesk' should not set 'spec.template.volumes.hostPath'", + "Namespace": "builtin.kubernetes.KSV023", + "Query": "data.builtin.kubernetes.KSV023.deny", + "Resolution": "Do not set 'spec.volumes[*].hostPath'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0023" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 14, + "EndLine": 100, + "Code": { + "Lines": [ + { + "Number": 14, + "Content": "spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 15, + "Content": " progressDeadlineSeconds: 600", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " replicas: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " revisionHistoryLimit: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " selector:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " matchLabels:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " app: rustdesk-app", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapp\u001b[0m: rustdesk-app", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " strategy:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": " rollingUpdate:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mrollingUpdate\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 23, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"rustdesk-container\" of deployment \"rustdesk\" in \"rustdesk\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 34, + "EndLine": 78, + "Code": { + "Lines": [ + { + "Number": 34, + "Content": " - envFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menvFrom\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 35, + "Content": " - configMapRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mconfigMapRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " name: rustdesk-config", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: rustdesk-config", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " optional: false", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " image: rustdesk/rustdesk-server-s6:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mimage\u001b[0m: rustdesk/rustdesk-server-s6:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " name: rustdesk-container", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: rustdesk-container", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " - containerPort: 21115", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m21115", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 43, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "deployment rustdesk in rustdesk namespace is using the default security context, which allows root privileges", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 31, + "EndLine": 100, + "Code": { + "Lines": [ + { + "Number": 31, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 32, + "Content": " automountServiceAccountToken: false", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mfalse", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " containers:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - envFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menvFrom\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " - configMapRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mconfigMapRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " name: rustdesk-config", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: rustdesk-config", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " optional: false", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " image: rustdesk/rustdesk-server-s6:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mimage\u001b[0m: rustdesk/rustdesk-server-s6:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 40, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0125", + "Title": "Restrict container images to trusted registries", + "Description": "Ensure that all containers use images only from trusted registry domains.", + "Message": "Container rustdesk-container in deployment rustdesk (namespace: rustdesk) uses an image from an untrusted registry.", + "Namespace": "builtin.kubernetes.KSV0125", + "Query": "data.builtin.kubernetes.KSV0125.deny", + "Resolution": "Use images from trusted registries.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", + "References": [ + "https://cloud.google.com/container-registry/docs/overview#registries", + "https://docs.aws.amazon.com/general/latest/gr/ecr.html", + "https://avd.aquasec.com/misconfig/ksv-0125" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 34, + "EndLine": 78, + "Code": { + "Lines": [ + { + "Number": 34, + "Content": " - envFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33menvFrom\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 35, + "Content": " - configMapRef:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mconfigMapRef\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " name: rustdesk-config", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: rustdesk-config", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " optional: false", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " image: rustdesk/rustdesk-server-s6:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mimage\u001b[0m: rustdesk/rustdesk-server-s6:latest", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " name: rustdesk-container", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mname\u001b[0m: rustdesk-container", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " ports:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mports\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " - containerPort: 21115", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m21115", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 43, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "rustdesk", + "Kind": "Service", + "Name": "tcp", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/tcp", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "rustdesk", + "Kind": "Service", + "Name": "udp", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/udp", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "rustdesk", + "Kind": "ServiceAccount", + "Name": "default", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/default", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "rustdesk", + "Kind": "ServiceAccount", + "Name": "rustdesk-app-sa", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/rustdesk-app-sa", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "ssh-locker-web", + "Kind": "ConfigMap", + "Name": "kube-root-ca.crt", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/kube-root-ca.crt", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "ssh-locker-web", + "Kind": "Deployment", + "Name": "backend", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Deployment/backend", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 53, + "Failures": 4 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0013", + "Title": "Image tag \":latest\" used", + "Description": "It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.", + "Message": "Container 'backend' of Deployment 'backend' should specify an image tag", + "Namespace": "builtin.kubernetes.KSV013", + "Query": "data.builtin.kubernetes.KSV013.deny", + "Resolution": "Use a specific container image tag that is not 'latest'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0013", + "References": [ + "https://kubernetes.io/docs/concepts/configuration/overview/#container-images", + "https://avd.aquasec.com/misconfig/ksv-0013" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 35, + "EndLine": 76, + "Code": { + "Lines": [ + { + "Number": 35, + "Content": " - image: a13labs/ssh_locker_web:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: a13labs/ssh_locker_web:latest", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 36, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " livenessProbe:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " failureThreshold: 3", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m3", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " periodSeconds: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mperiodSeconds\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " successThreshold: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33msuccessThreshold\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " tcpSocket:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mtcpSocket\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " port: 8443", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mport\u001b[0m: \u001b[38;5;37m8443", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " timeoutSeconds: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mtimeoutSeconds\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 44, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0023", + "Title": "hostPath volumes mounted", + "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", + "Message": "Deployment 'backend' should not set 'spec.template.volumes.hostPath'", + "Namespace": "builtin.kubernetes.KSV023", + "Query": "data.builtin.kubernetes.KSV023.deny", + "Resolution": "Do not set 'spec.volumes[*].hostPath'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0023" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 15, + "EndLine": 112, + "Code": { + "Lines": [ + { + "Number": 15, + "Content": "spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 16, + "Content": " progressDeadlineSeconds: 600", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " replicas: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " revisionHistoryLimit: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " selector:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " matchLabels:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 21, + "Content": " app: backend", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapp\u001b[0m: backend", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 22, + "Content": " strategy:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 23, + "Content": " rollingUpdate:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mrollingUpdate\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 24, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"backend\" of deployment \"backend\" in \"ssh-locker-web\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 35, + "EndLine": 76, + "Code": { + "Lines": [ + { + "Number": 35, + "Content": " - image: a13labs/ssh_locker_web:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: a13labs/ssh_locker_web:latest", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 36, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " livenessProbe:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " failureThreshold: 3", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m3", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " periodSeconds: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mperiodSeconds\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " successThreshold: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33msuccessThreshold\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " tcpSocket:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mtcpSocket\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " port: 8443", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mport\u001b[0m: \u001b[38;5;37m8443", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " timeoutSeconds: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mtimeoutSeconds\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 44, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0125", + "Title": "Restrict container images to trusted registries", + "Description": "Ensure that all containers use images only from trusted registry domains.", + "Message": "Container backend in deployment backend (namespace: ssh-locker-web) uses an image from an untrusted registry.", + "Namespace": "builtin.kubernetes.KSV0125", + "Query": "data.builtin.kubernetes.KSV0125.deny", + "Resolution": "Use images from trusted registries.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", + "References": [ + "https://cloud.google.com/container-registry/docs/overview#registries", + "https://docs.aws.amazon.com/general/latest/gr/ecr.html", + "https://avd.aquasec.com/misconfig/ksv-0125" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 35, + "EndLine": 76, + "Code": { + "Lines": [ + { + "Number": 35, + "Content": " - image: a13labs/ssh_locker_web:latest", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: a13labs/ssh_locker_web:latest", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 36, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " livenessProbe:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " failureThreshold: 3", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m3", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " periodSeconds: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mperiodSeconds\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " successThreshold: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33msuccessThreshold\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " tcpSocket:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mtcpSocket\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " port: 8443", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mport\u001b[0m: \u001b[38;5;37m8443", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " timeoutSeconds: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mtimeoutSeconds\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 44, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "ssh-locker-web", + "Kind": "Service", + "Name": "backend", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/backend", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "ssh-locker-web", + "Kind": "ServiceAccount", + "Name": "default", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/default", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "ssh-locker-web", + "Kind": "ServiceAccount", + "Name": "ssh-locker-web", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/ssh-locker-web", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "trivy", + "Kind": "ConfigMap", + "Name": "kube-root-ca.crt", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/kube-root-ca.crt", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "trivy", + "Kind": "ConfigMap", + "Name": "trivy-scripts", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/trivy-scripts", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 55, + "Failures": 2 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-01010", + "Title": "ConfigMap with sensitive content", + "Description": "Storing sensitive content such as usernames and email addresses in configMaps is unsafe", + "Message": "ConfigMap 'trivy-scripts' in 'trivy' namespace stores sensitive contents in key(s) or value(s) '{\" msg[\\\"From\\\"] \", \" msg[\\\"To\\\"] \"}'", + "Namespace": "builtin.kubernetes.KSV01010", + "Query": "data.builtin.kubernetes.KSV01010.deny", + "Resolution": "Remove sensitive content from configMap data value", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-01010", + "References": [ + "https://avd.aquasec.com/misconfig/ksv-01010" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general" + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0109", + "Title": "ConfigMap with secrets", + "Description": "Storing secrets in configMaps is unsafe", + "Message": "ConfigMap 'trivy-scripts' in 'trivy' namespace stores secrets in key(s) or value(s) '{\" smtp_pass \"}'", + "Namespace": "builtin.kubernetes.KSV0109", + "Query": "data.builtin.kubernetes.KSV0109.deny", + "Resolution": "Remove password/secret from configMap data value", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0109", + "References": [ + "https://avd.aquasec.com/misconfig/ksv-0109" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general" + } + } + ] + } + ] + }, + { + "Namespace": "trivy", + "Kind": "CronJob", + "Name": "trivy-scan", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "CronJob/trivy-scan", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 53, + "Failures": 5 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0013", + "Title": "Image tag \":latest\" used", + "Description": "It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.", + "Message": "Container 'trivy' of CronJob 'trivy-scan' should specify an image tag", + "Namespace": "builtin.kubernetes.KSV013", + "Query": "data.builtin.kubernetes.KSV013.deny", + "Resolution": "Use a specific container image tag that is not 'latest'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0013", + "References": [ + "https://kubernetes.io/docs/concepts/configuration/overview/#container-images", + "https://avd.aquasec.com/misconfig/ksv-0013" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 31, + "EndLine": 59, + "Code": { + "Lines": [ + { + "Number": 31, + "Content": " - command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 32, + "Content": " - /bin/sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /bin/sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " - -c", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -c", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - /scripts/generate_report.sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /scripts/generate_report.sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - name: REPORT_TYPE", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: REPORT_TYPE", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " value: all", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: all", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - name: LEVELS", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: LEVELS", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " value: HIGH,CRITICAL", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: HIGH,CRITICAL", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 40, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"send-report\" of cronjob \"trivy-scan\" in \"trivy\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 60, + "EndLine": 102, + "Code": { + "Lines": [ + { + "Number": 60, + "Content": " - args:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 61, + "Content": " - /scripts/send_report.py", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /scripts/send_report.py", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 62, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 63, + "Content": " - name: SMTP_HOST", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: SMTP_HOST", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 64, + "Content": " value: smtp.tem.scw.cloud", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: smtp.tem.scw.cloud", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 65, + "Content": " - name: SMTP_PORT", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: SMTP_PORT", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 66, + "Content": " value: \"587\"", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"587\"", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 67, + "Content": " - name: SMTP_USER", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: SMTP_USER", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 68, + "Content": " valueFrom:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 69, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"trivy\" of cronjob \"trivy-scan\" in \"trivy\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 31, + "EndLine": 59, + "Code": { + "Lines": [ + { + "Number": 31, + "Content": " - command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 32, + "Content": " - /bin/sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /bin/sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " - -c", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -c", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - /scripts/generate_report.sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /scripts/generate_report.sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - name: REPORT_TYPE", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: REPORT_TYPE", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " value: all", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: all", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - name: LEVELS", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: LEVELS", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " value: HIGH,CRITICAL", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: HIGH,CRITICAL", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 40, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "cronjob trivy-scan in trivy namespace is using the default security context, which allows root privileges", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 28, + "EndLine": 119, + "Code": { + "Lines": [ + { + "Number": 28, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 29, + "Content": " automountServiceAccountToken: true", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 30, + "Content": " containers:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 31, + "Content": " - command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 32, + "Content": " - /bin/sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /bin/sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " - -c", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -c", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - /scripts/generate_report.sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /scripts/generate_report.sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - name: REPORT_TYPE", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: REPORT_TYPE", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 37, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0125", + "Title": "Restrict container images to trusted registries", + "Description": "Ensure that all containers use images only from trusted registry domains.", + "Message": "Container trivy in cronjob trivy-scan (namespace: trivy) uses an image from an untrusted registry.", + "Namespace": "builtin.kubernetes.KSV0125", + "Query": "data.builtin.kubernetes.KSV0125.deny", + "Resolution": "Use images from trusted registries.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", + "References": [ + "https://cloud.google.com/container-registry/docs/overview#registries", + "https://docs.aws.amazon.com/general/latest/gr/ecr.html", + "https://avd.aquasec.com/misconfig/ksv-0125" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 31, + "EndLine": 59, + "Code": { + "Lines": [ + { + "Number": 31, + "Content": " - command:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 32, + "Content": " - /bin/sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /bin/sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 33, + "Content": " - -c", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - -c", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 34, + "Content": " - /scripts/generate_report.sh", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - /scripts/generate_report.sh", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " env:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33menv\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - name: REPORT_TYPE", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: REPORT_TYPE", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " value: all", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: all", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " - name: LEVELS", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mname\u001b[0m: LEVELS", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " value: HIGH,CRITICAL", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: HIGH,CRITICAL", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 40, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "trivy", + "Kind": "ServiceAccount", + "Name": "default", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/default", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "trivy", + "Kind": "ServiceAccount", + "Name": "trivy", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/trivy", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "website", + "Kind": "ConfigMap", + "Name": "kube-root-ca.crt", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/kube-root-ca.crt", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "website", + "Kind": "ConfigMap", + "Name": "nginx-config", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/nginx-config", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "website", + "Kind": "ConfigMap", + "Name": "website-alexpires-me-default", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ConfigMap/website-alexpires-me-default", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "website", + "Kind": "Deployment", + "Name": "website-app", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Deployment/website-app", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 53, + "Failures": 4 + }, + "Misconfigurations": [ + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0012", + "Title": "Runs as root user", + "Description": "Force the running image to run as a non-root user to ensure least privileges.", + "Message": "Container 'website' of Deployment 'website-app' should set 'securityContext.runAsNonRoot' to true", + "Namespace": "builtin.kubernetes.KSV012", + "Query": "data.builtin.kubernetes.KSV012.deny", + "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", + "https://avd.aquasec.com/misconfig/ksv-0012" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 101, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - image: nginx:stable-alpine", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: nginx:stable-alpine", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " livenessProbe:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " failureThreshold: 3", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m3", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " httpGet:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mhttpGet\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " path: /", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mpath\u001b[0m: /", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " port: 8080", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mport\u001b[0m: \u001b[38;5;37m8080", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " scheme: HTTP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mscheme\u001b[0m: HTTP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " initialDelaySeconds: 5", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33minitialDelaySeconds\u001b[0m: \u001b[38;5;37m5", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0023", + "Title": "hostPath volumes mounted", + "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", + "Message": "Deployment 'website-app' should not set 'spec.template.volumes.hostPath'", + "Namespace": "builtin.kubernetes.KSV023", + "Query": "data.builtin.kubernetes.KSV023.deny", + "Resolution": "Do not set 'spec.volumes[*].hostPath'.", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0023" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 12, + "EndLine": 138, + "Code": { + "Lines": [ + { + "Number": 12, + "Content": "spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 13, + "Content": " progressDeadlineSeconds: 600", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 14, + "Content": " replicas: 1", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 15, + "Content": " revisionHistoryLimit: 10", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 16, + "Content": " selector:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 17, + "Content": " matchLabels:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 18, + "Content": " app: website-alexpires-me", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mapp\u001b[0m: website-alexpires-me", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 19, + "Content": " strategy:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 20, + "Content": " rollingUpdate:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mrollingUpdate\u001b[0m:", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 21, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0104", + "Title": "Seccomp policies disabled", + "Description": "A program inside the container can bypass Seccomp protection policies.", + "Message": "container \"website\" of deployment \"website-app\" in \"website\" namespace should specify a seccomp profile", + "Namespace": "builtin.kubernetes.KSV104", + "Query": "data.builtin.kubernetes.KSV104.deny", + "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", + "Severity": "MEDIUM", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", + "References": [ + "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", + "https://avd.aquasec.com/misconfig/ksv-0104" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 36, + "EndLine": 101, + "Code": { + "Lines": [ + { + "Number": 36, + "Content": " - image: nginx:stable-alpine", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: nginx:stable-alpine", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 37, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " livenessProbe:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " failureThreshold: 3", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m3", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " httpGet:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mhttpGet\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " path: /", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mpath\u001b[0m: /", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 42, + "Content": " port: 8080", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mport\u001b[0m: \u001b[38;5;37m8080", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 43, + "Content": " scheme: HTTP", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mscheme\u001b[0m: HTTP", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 44, + "Content": " initialDelaySeconds: 5", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33minitialDelaySeconds\u001b[0m: \u001b[38;5;37m5", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 45, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + }, + { + "Type": "Kubernetes Security Check", + "ID": "KSV-0118", + "Title": "Default security context configured", + "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", + "Message": "deployment website-app in website namespace is using the default security context, which allows root privileges", + "Namespace": "builtin.kubernetes.KSV118", + "Query": "data.builtin.kubernetes.KSV118.deny", + "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", + "Severity": "HIGH", + "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", + "References": [ + "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", + "https://avd.aquasec.com/misconfig/ksv-0118" + ], + "Status": "FAIL", + "CauseMetadata": { + "Provider": "Kubernetes", + "Service": "general", + "StartLine": 33, + "EndLine": 138, + "Code": { + "Lines": [ + { + "Number": 33, + "Content": " spec:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", + "FirstCause": true, + "LastCause": false + }, + { + "Number": 34, + "Content": " automountServiceAccountToken: true", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 35, + "Content": " containers:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 36, + "Content": " - image: nginx:stable-alpine", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: nginx:stable-alpine", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 37, + "Content": " imagePullPolicy: Always", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 38, + "Content": " livenessProbe:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 39, + "Content": " failureThreshold: 3", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m3", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 40, + "Content": " httpGet:", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": "\u001b[0m \u001b[38;5;33mhttpGet\u001b[0m:", + "FirstCause": false, + "LastCause": false + }, + { + "Number": 41, + "Content": " path: /", + "IsCause": true, + "Annotation": "", + "Truncated": false, + "Highlighted": " \u001b[38;5;33mpath\u001b[0m: /", + "FirstCause": false, + "LastCause": true + }, + { + "Number": 42, + "Content": "", + "IsCause": false, + "Annotation": "", + "Truncated": true, + "FirstCause": false, + "LastCause": false + } + ] + } + } + } + ] + } + ] + }, + { + "Namespace": "website", + "Kind": "Ingress", + "Name": "website-ingress", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Ingress/website-ingress", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "website", + "Kind": "Service", + "Name": "website-alexpires-me", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Service/website-alexpires-me", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "website", + "Kind": "ServiceAccount", + "Name": "default", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/default", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "website", + "Kind": "ServiceAccount", + "Name": "website-app-sa", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ServiceAccount/website-app-sa", + "Class": "config", + "Type": "kubernetes", + "MisconfSummary": { + "Successes": 57, + "Failures": 0 + } + } + ] + }, + { + "Namespace": "cert-manager", + "Kind": "Deployment", + "Name": "cert-manager", + "Metadata": [ + { + "Size": 67373056, + "OS": { + "Family": "debian", + "Name": "12.5" + }, + "ImageID": "sha256:3d272ec03f9932dd3a2df7942d2476313d091442653a94d7d4a2664514ec8b81", + "DiffIDs": [ + "sha256:3d6fa0469044370439d20eaf7e0d25450e01335a93c13ba46e368d7785914c0c", + "sha256:49626df344c912cfe9f8d8fcd635d301bd41127cd326914212cf2443a96cf421", + "sha256:945d17be9a3e27af5ca1c671792bf1a8f2c3f4d13d3994665d95f084ed4f8a60", + "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368", + "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc", + "sha256:ac805962e47900b616b2f4b4584a34ac7b07d64ac1fd2c077478cf65311addcc", + "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b", + "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1", + "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849", + "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3", + "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217", + "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718", + "sha256:51c1e33e14008c93d157bf0f308494a7d0a421ce0693a232f92ef6e43eb29f90", + "sha256:a7c10d30cf1ad3b67244a936515e38af0ece441e690e766e3eeca4227fc55f69" + ], + "RepoTags": [ + "quay.io/jetstack/cert-manager-controller:v1.14.5" + ], + "RepoDigests": [ + "quay.io/jetstack/cert-manager-controller@sha256:9c0527cab629b61bd60c20f0c25615a8593314d3504add968b42bc5b891b253a" + ], + "Reference": "quay.io/jetstack/cert-manager-controller:v1.14.5", + "ImageConfig": { + "architecture": "amd64", + "created": "2024-04-25T10:51:17.011016371Z", + "history": [ + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "2024-04-25T10:51:16.10172853Z", + "created_by": "LABEL org.opencontainers.image.source=https://github.com/cert-manager/cert-manager", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-04-25T10:51:16.10172853Z", + "created_by": "USER 1000", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-04-25T10:51:16.10172853Z", + "created_by": "COPY controller /app/cmd/controller/controller # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-04-25T10:51:16.585230632Z", + "created_by": "COPY cert-manager.license /licenses/LICENSE # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-04-25T10:51:17.011016371Z", + "created_by": "COPY cert-manager.licenses_notice /licenses/LICENSES # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-04-25T10:51:17.011016371Z", + "created_by": "ENTRYPOINT [\"/app/cmd/controller/controller\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:3d6fa0469044370439d20eaf7e0d25450e01335a93c13ba46e368d7785914c0c", + "sha256:49626df344c912cfe9f8d8fcd635d301bd41127cd326914212cf2443a96cf421", + "sha256:945d17be9a3e27af5ca1c671792bf1a8f2c3f4d13d3994665d95f084ed4f8a60", + "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368", + "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc", + "sha256:ac805962e47900b616b2f4b4584a34ac7b07d64ac1fd2c077478cf65311addcc", + "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b", + "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1", + "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849", + "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3", + "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217", + "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718", + "sha256:51c1e33e14008c93d157bf0f308494a7d0a421ce0693a232f92ef6e43eb29f90", + "sha256:a7c10d30cf1ad3b67244a936515e38af0ece441e690e766e3eeca4227fc55f69" + ] + }, + "config": { + "Entrypoint": [ + "/app/cmd/controller/controller" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt" + ], + "Labels": { + "org.opencontainers.image.source": "https://github.com/cert-manager/cert-manager" + }, + "User": "1000", + "WorkingDir": "/" + } + }, + "Layers": [ + { + "Size": 327680, + "Digest": "sha256:286c61c9a31ace5fa0b8832c8e8e30d66bf32138f2f787463235aa0071f714ea", + "DiffID": "sha256:3d6fa0469044370439d20eaf7e0d25450e01335a93c13ba46e368d7785914c0c" + }, + { + "Size": 40960, + "Digest": "sha256:2bdf44d7aa71bf3a0da2de0563ad0e3882948d699b4991edf8c0ab44e7f26ae3", + "DiffID": "sha256:49626df344c912cfe9f8d8fcd635d301bd41127cd326914212cf2443a96cf421" + }, + { + "Size": 2396160, + "Digest": "sha256:452e9eed7ecfd0c2b44ac6fda20cee66ab98aec38ba30aa868e02445be7c8bb0", + "DiffID": "sha256:945d17be9a3e27af5ca1c671792bf1a8f2c3f4d13d3994665d95f084ed4f8a60" + }, + { + "Size": 1536, + "Digest": "sha256:0f8b424aa0b96c1c388a5fd4d90735604459256336853082afb61733438872b5", + "DiffID": "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368" + }, + { + "Size": 2560, + "Digest": "sha256:d557676654e572af3e3173c90e7874644207fda32cd87e9d3d66b5d7b98a7b21", + "DiffID": "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc" + }, + { + "Size": 2560, + "Digest": "sha256:c8022d07192eddbb2a548ba83be5e412f7ba863bbba158d133c9653bb8a47768", + "DiffID": "sha256:ac805962e47900b616b2f4b4584a34ac7b07d64ac1fd2c077478cf65311addcc" + }, + { + "Size": 2560, + "Digest": "sha256:d858cbc252ade14879807ff8dbc3043a26bbdb92087da98cda831ee040b172b3", + "DiffID": "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b" + }, + { + "Size": 1536, + "Digest": "sha256:1069fc2daed1aceff7232f4b8ab21200dd3d8b04f61be9da86977a34a105dfdc", + "DiffID": "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1" + }, + { + "Size": 10240, + "Digest": "sha256:b40161cd83fc5d470d6abe50e87aa288481b6b89137012881d74187cfbf9f502", + "DiffID": "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849" + }, + { + "Size": 3072, + "Digest": "sha256:3f4e2c5863480125882d92060440a5250766bce764fee10acdbac18c872e4dc7", + "DiffID": "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3" + }, + { + "Size": 238592, + "Digest": "sha256:80a8c047508ae5cd6a591060fc43422cb8e3aea1bd908d913e8f0146e2297fea", + "DiffID": "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217" + }, + { + "Size": 64339456, + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + { + "Size": 3584, + "Digest": "sha256:33838fd697f026879464ebe9f5ae6e0bec5289f689e97cf734da7837d33487f4", + "DiffID": "sha256:51c1e33e14008c93d157bf0f308494a7d0a421ce0693a232f92ef6e43eb29f90" + }, + { + "Size": 2560, + "Digest": "sha256:dc114723bba03499030a454579abd5a5e68f2a10374a8917f82411b8dfd9ffc1", + "DiffID": "sha256:a7c10d30cf1ad3b67244a936515e38af0ece441e690e766e3eeca4227fc55f69" + } + ] + } + ], + "Results": [ + { + "Target": "quay.io/jetstack/cert-manager-controller:v1.14.5 (debian 12.5)", + "Class": "os-pkgs", + "Type": "debian", + "Packages": [ + { + "ID": "base-files@12.4+deb12u5", + "Name": "base-files", + "Identifier": { + "PURL": "pkg:deb/debian/base-files@12.4%2Bdeb12u5?arch=amd64\u0026distro=debian-12.5", + "UID": "a027b06af87a4cc3" + }, + "Version": "12.4+deb12u5", + "Arch": "amd64", + "SrcName": "base-files", + "SrcVersion": "12.4+deb12u5", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:286c61c9a31ace5fa0b8832c8e8e30d66bf32138f2f787463235aa0071f714ea", + "DiffID": "sha256:3d6fa0469044370439d20eaf7e0d25450e01335a93c13ba46e368d7785914c0c" + }, + "InstalledFiles": [ + "/usr/lib/os-release", + "/usr/share/base-files/dot.bashrc", + "/usr/share/base-files/dot.profile", + "/usr/share/base-files/dot.profile.md5sums", + "/usr/share/base-files/info.dir", + "/usr/share/base-files/motd", + "/usr/share/base-files/profile", + "/usr/share/base-files/profile.md5sums", + "/usr/share/base-files/staff-group-for-usr-local", + "/usr/share/common-licenses/Apache-2.0", + "/usr/share/common-licenses/Artistic", + "/usr/share/common-licenses/BSD", + "/usr/share/common-licenses/CC0-1.0", + "/usr/share/common-licenses/GFDL-1.2", + "/usr/share/common-licenses/GFDL-1.3", + "/usr/share/common-licenses/GPL-1", + "/usr/share/common-licenses/GPL-2", + "/usr/share/common-licenses/GPL-3", + "/usr/share/common-licenses/LGPL-2", + "/usr/share/common-licenses/LGPL-2.1", + "/usr/share/common-licenses/LGPL-3", + "/usr/share/common-licenses/MPL-1.1", + "/usr/share/common-licenses/MPL-2.0", + "/usr/share/doc/base-files/README", + "/usr/share/doc/base-files/README.FHS", + "/usr/share/doc/base-files/changelog.gz", + "/usr/share/doc/base-files/copyright", + "/usr/share/lintian/overrides/base-files" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "netbase@6.4", + "Name": "netbase", + "Identifier": { + "PURL": "pkg:deb/debian/netbase@6.4?arch=all\u0026distro=debian-12.5", + "UID": "64adcbea2e4e887c" + }, + "Version": "6.4", + "Arch": "all", + "SrcName": "netbase", + "SrcVersion": "6.4", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:2bdf44d7aa71bf3a0da2de0563ad0e3882948d699b4991edf8c0ab44e7f26ae3", + "DiffID": "sha256:49626df344c912cfe9f8d8fcd635d301bd41127cd326914212cf2443a96cf421" + }, + "InstalledFiles": [ + "/usr/share/doc/netbase/changelog.gz", + "/usr/share/doc/netbase/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "tzdata@2024a-0+deb12u1", + "Name": "tzdata", + "Identifier": { + "PURL": "pkg:deb/debian/tzdata@2024a-0%2Bdeb12u1?arch=all\u0026distro=debian-12.5", + "UID": "c32ff64571217b4a" + }, + "Version": "2024a", + "Release": "0+deb12u1", + "Arch": "all", + "SrcName": "tzdata", + "SrcVersion": "2024a", + "SrcRelease": "0+deb12u1", + "Licenses": [ + "public-domain" + ], + "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:452e9eed7ecfd0c2b44ac6fda20cee66ab98aec38ba30aa868e02445be7c8bb0", + "DiffID": "sha256:945d17be9a3e27af5ca1c671792bf1a8f2c3f4d13d3994665d95f084ed4f8a60" + }, + "InstalledFiles": [ + "/usr/share/doc/tzdata/README.Debian", + "/usr/share/doc/tzdata/changelog.Debian.gz", + "/usr/share/doc/tzdata/changelog.gz", + "/usr/share/doc/tzdata/copyright", + "/usr/share/lintian/overrides/tzdata", + "/usr/share/zoneinfo/Africa/Abidjan", + "/usr/share/zoneinfo/Africa/Accra", + "/usr/share/zoneinfo/Africa/Addis_Ababa", + "/usr/share/zoneinfo/Africa/Algiers", + "/usr/share/zoneinfo/Africa/Asmara", + "/usr/share/zoneinfo/Africa/Bamako", + "/usr/share/zoneinfo/Africa/Bangui", + "/usr/share/zoneinfo/Africa/Banjul", + "/usr/share/zoneinfo/Africa/Bissau", + "/usr/share/zoneinfo/Africa/Blantyre", + "/usr/share/zoneinfo/Africa/Brazzaville", + "/usr/share/zoneinfo/Africa/Bujumbura", + "/usr/share/zoneinfo/Africa/Cairo", + "/usr/share/zoneinfo/Africa/Casablanca", + "/usr/share/zoneinfo/Africa/Ceuta", + "/usr/share/zoneinfo/Africa/Conakry", + "/usr/share/zoneinfo/Africa/Dakar", + "/usr/share/zoneinfo/Africa/Dar_es_Salaam", + "/usr/share/zoneinfo/Africa/Djibouti", + "/usr/share/zoneinfo/Africa/Douala", + "/usr/share/zoneinfo/Africa/El_Aaiun", + "/usr/share/zoneinfo/Africa/Freetown", + "/usr/share/zoneinfo/Africa/Gaborone", + "/usr/share/zoneinfo/Africa/Harare", + "/usr/share/zoneinfo/Africa/Johannesburg", + "/usr/share/zoneinfo/Africa/Juba", + "/usr/share/zoneinfo/Africa/Kampala", + "/usr/share/zoneinfo/Africa/Khartoum", + "/usr/share/zoneinfo/Africa/Kigali", + "/usr/share/zoneinfo/Africa/Kinshasa", + "/usr/share/zoneinfo/Africa/Lagos", + "/usr/share/zoneinfo/Africa/Libreville", + "/usr/share/zoneinfo/Africa/Lome", + "/usr/share/zoneinfo/Africa/Luanda", + "/usr/share/zoneinfo/Africa/Lubumbashi", + "/usr/share/zoneinfo/Africa/Lusaka", + "/usr/share/zoneinfo/Africa/Malabo", + "/usr/share/zoneinfo/Africa/Maputo", + "/usr/share/zoneinfo/Africa/Maseru", + "/usr/share/zoneinfo/Africa/Mbabane", + "/usr/share/zoneinfo/Africa/Mogadishu", + "/usr/share/zoneinfo/Africa/Monrovia", + "/usr/share/zoneinfo/Africa/Nairobi", + "/usr/share/zoneinfo/Africa/Ndjamena", + "/usr/share/zoneinfo/Africa/Niamey", + "/usr/share/zoneinfo/Africa/Nouakchott", + "/usr/share/zoneinfo/Africa/Ouagadougou", + "/usr/share/zoneinfo/Africa/Porto-Novo", + "/usr/share/zoneinfo/Africa/Sao_Tome", + "/usr/share/zoneinfo/Africa/Tripoli", + "/usr/share/zoneinfo/Africa/Tunis", + "/usr/share/zoneinfo/Africa/Windhoek", + "/usr/share/zoneinfo/America/Adak", + "/usr/share/zoneinfo/America/Anchorage", + "/usr/share/zoneinfo/America/Anguilla", + "/usr/share/zoneinfo/America/Antigua", + "/usr/share/zoneinfo/America/Araguaina", + "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", + "/usr/share/zoneinfo/America/Argentina/Catamarca", + "/usr/share/zoneinfo/America/Argentina/Cordoba", + "/usr/share/zoneinfo/America/Argentina/Jujuy", + "/usr/share/zoneinfo/America/Argentina/La_Rioja", + "/usr/share/zoneinfo/America/Argentina/Mendoza", + "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", + "/usr/share/zoneinfo/America/Argentina/Salta", + "/usr/share/zoneinfo/America/Argentina/San_Juan", + "/usr/share/zoneinfo/America/Argentina/San_Luis", + "/usr/share/zoneinfo/America/Argentina/Tucuman", + "/usr/share/zoneinfo/America/Argentina/Ushuaia", + "/usr/share/zoneinfo/America/Aruba", + "/usr/share/zoneinfo/America/Asuncion", + "/usr/share/zoneinfo/America/Atikokan", + "/usr/share/zoneinfo/America/Bahia", + "/usr/share/zoneinfo/America/Bahia_Banderas", + "/usr/share/zoneinfo/America/Barbados", + "/usr/share/zoneinfo/America/Belem", + "/usr/share/zoneinfo/America/Belize", + "/usr/share/zoneinfo/America/Blanc-Sablon", + "/usr/share/zoneinfo/America/Boa_Vista", + "/usr/share/zoneinfo/America/Bogota", + "/usr/share/zoneinfo/America/Boise", + "/usr/share/zoneinfo/America/Cambridge_Bay", + "/usr/share/zoneinfo/America/Campo_Grande", + "/usr/share/zoneinfo/America/Cancun", + "/usr/share/zoneinfo/America/Caracas", + "/usr/share/zoneinfo/America/Cayenne", + "/usr/share/zoneinfo/America/Cayman", + "/usr/share/zoneinfo/America/Chicago", + "/usr/share/zoneinfo/America/Chihuahua", + "/usr/share/zoneinfo/America/Ciudad_Juarez", + "/usr/share/zoneinfo/America/Costa_Rica", + "/usr/share/zoneinfo/America/Creston", + "/usr/share/zoneinfo/America/Cuiaba", + "/usr/share/zoneinfo/America/Curacao", + "/usr/share/zoneinfo/America/Danmarkshavn", + "/usr/share/zoneinfo/America/Dawson", + "/usr/share/zoneinfo/America/Dawson_Creek", + "/usr/share/zoneinfo/America/Denver", + "/usr/share/zoneinfo/America/Detroit", + "/usr/share/zoneinfo/America/Dominica", + "/usr/share/zoneinfo/America/Edmonton", + "/usr/share/zoneinfo/America/Eirunepe", + "/usr/share/zoneinfo/America/El_Salvador", + "/usr/share/zoneinfo/America/Fort_Nelson", + "/usr/share/zoneinfo/America/Fortaleza", + "/usr/share/zoneinfo/America/Glace_Bay", + "/usr/share/zoneinfo/America/Goose_Bay", + "/usr/share/zoneinfo/America/Grand_Turk", + "/usr/share/zoneinfo/America/Grenada", + "/usr/share/zoneinfo/America/Guadeloupe", + "/usr/share/zoneinfo/America/Guatemala", + "/usr/share/zoneinfo/America/Guayaquil", + "/usr/share/zoneinfo/America/Guyana", + "/usr/share/zoneinfo/America/Halifax", + "/usr/share/zoneinfo/America/Havana", + "/usr/share/zoneinfo/America/Hermosillo", + "/usr/share/zoneinfo/America/Indiana/Indianapolis", + "/usr/share/zoneinfo/America/Indiana/Knox", + "/usr/share/zoneinfo/America/Indiana/Marengo", + "/usr/share/zoneinfo/America/Indiana/Petersburg", + "/usr/share/zoneinfo/America/Indiana/Tell_City", + "/usr/share/zoneinfo/America/Indiana/Vevay", + "/usr/share/zoneinfo/America/Indiana/Vincennes", + "/usr/share/zoneinfo/America/Indiana/Winamac", + "/usr/share/zoneinfo/America/Inuvik", + "/usr/share/zoneinfo/America/Iqaluit", + "/usr/share/zoneinfo/America/Jamaica", + "/usr/share/zoneinfo/America/Juneau", + "/usr/share/zoneinfo/America/Kentucky/Louisville", + "/usr/share/zoneinfo/America/Kentucky/Monticello", + "/usr/share/zoneinfo/America/La_Paz", + "/usr/share/zoneinfo/America/Lima", + "/usr/share/zoneinfo/America/Los_Angeles", + "/usr/share/zoneinfo/America/Maceio", + "/usr/share/zoneinfo/America/Managua", + "/usr/share/zoneinfo/America/Manaus", + "/usr/share/zoneinfo/America/Martinique", + "/usr/share/zoneinfo/America/Matamoros", + "/usr/share/zoneinfo/America/Mazatlan", + "/usr/share/zoneinfo/America/Menominee", + "/usr/share/zoneinfo/America/Merida", + "/usr/share/zoneinfo/America/Metlakatla", + "/usr/share/zoneinfo/America/Mexico_City", + "/usr/share/zoneinfo/America/Miquelon", + "/usr/share/zoneinfo/America/Moncton", + "/usr/share/zoneinfo/America/Monterrey", + "/usr/share/zoneinfo/America/Montevideo", + "/usr/share/zoneinfo/America/Montserrat", + "/usr/share/zoneinfo/America/Nassau", + "/usr/share/zoneinfo/America/New_York", + "/usr/share/zoneinfo/America/Nome", + "/usr/share/zoneinfo/America/Noronha", + "/usr/share/zoneinfo/America/North_Dakota/Beulah", + "/usr/share/zoneinfo/America/North_Dakota/Center", + "/usr/share/zoneinfo/America/North_Dakota/New_Salem", + "/usr/share/zoneinfo/America/Nuuk", + "/usr/share/zoneinfo/America/Ojinaga", + "/usr/share/zoneinfo/America/Panama", + "/usr/share/zoneinfo/America/Paramaribo", + "/usr/share/zoneinfo/America/Phoenix", + "/usr/share/zoneinfo/America/Port-au-Prince", + "/usr/share/zoneinfo/America/Port_of_Spain", + "/usr/share/zoneinfo/America/Porto_Velho", + "/usr/share/zoneinfo/America/Puerto_Rico", + "/usr/share/zoneinfo/America/Punta_Arenas", + "/usr/share/zoneinfo/America/Rankin_Inlet", + "/usr/share/zoneinfo/America/Recife", + "/usr/share/zoneinfo/America/Regina", + "/usr/share/zoneinfo/America/Resolute", + "/usr/share/zoneinfo/America/Rio_Branco", + "/usr/share/zoneinfo/America/Santarem", + "/usr/share/zoneinfo/America/Santiago", + "/usr/share/zoneinfo/America/Santo_Domingo", + "/usr/share/zoneinfo/America/Sao_Paulo", + "/usr/share/zoneinfo/America/Scoresbysund", + "/usr/share/zoneinfo/America/Sitka", + "/usr/share/zoneinfo/America/St_Johns", + "/usr/share/zoneinfo/America/St_Kitts", + "/usr/share/zoneinfo/America/St_Lucia", + "/usr/share/zoneinfo/America/St_Thomas", + "/usr/share/zoneinfo/America/St_Vincent", + "/usr/share/zoneinfo/America/Swift_Current", + "/usr/share/zoneinfo/America/Tegucigalpa", + "/usr/share/zoneinfo/America/Thule", + "/usr/share/zoneinfo/America/Tijuana", + "/usr/share/zoneinfo/America/Toronto", + "/usr/share/zoneinfo/America/Tortola", + "/usr/share/zoneinfo/America/Vancouver", + "/usr/share/zoneinfo/America/Whitehorse", + "/usr/share/zoneinfo/America/Winnipeg", + "/usr/share/zoneinfo/America/Yakutat", + "/usr/share/zoneinfo/Antarctica/Casey", + "/usr/share/zoneinfo/Antarctica/Davis", + "/usr/share/zoneinfo/Antarctica/DumontDUrville", + "/usr/share/zoneinfo/Antarctica/Macquarie", + "/usr/share/zoneinfo/Antarctica/Mawson", + "/usr/share/zoneinfo/Antarctica/McMurdo", + "/usr/share/zoneinfo/Antarctica/Palmer", + "/usr/share/zoneinfo/Antarctica/Rothera", + "/usr/share/zoneinfo/Antarctica/Syowa", + "/usr/share/zoneinfo/Antarctica/Troll", + "/usr/share/zoneinfo/Antarctica/Vostok", + "/usr/share/zoneinfo/Asia/Aden", + "/usr/share/zoneinfo/Asia/Almaty", + "/usr/share/zoneinfo/Asia/Amman", + "/usr/share/zoneinfo/Asia/Anadyr", + "/usr/share/zoneinfo/Asia/Aqtau", + "/usr/share/zoneinfo/Asia/Aqtobe", + "/usr/share/zoneinfo/Asia/Ashgabat", + "/usr/share/zoneinfo/Asia/Atyrau", + "/usr/share/zoneinfo/Asia/Baghdad", + "/usr/share/zoneinfo/Asia/Bahrain", + "/usr/share/zoneinfo/Asia/Baku", + "/usr/share/zoneinfo/Asia/Bangkok", + "/usr/share/zoneinfo/Asia/Barnaul", + "/usr/share/zoneinfo/Asia/Beirut", + "/usr/share/zoneinfo/Asia/Bishkek", + "/usr/share/zoneinfo/Asia/Brunei", + "/usr/share/zoneinfo/Asia/Chita", + "/usr/share/zoneinfo/Asia/Choibalsan", + "/usr/share/zoneinfo/Asia/Colombo", + "/usr/share/zoneinfo/Asia/Damascus", + "/usr/share/zoneinfo/Asia/Dhaka", + "/usr/share/zoneinfo/Asia/Dili", + "/usr/share/zoneinfo/Asia/Dubai", + "/usr/share/zoneinfo/Asia/Dushanbe", + "/usr/share/zoneinfo/Asia/Famagusta", + "/usr/share/zoneinfo/Asia/Gaza", + "/usr/share/zoneinfo/Asia/Hebron", + "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", + "/usr/share/zoneinfo/Asia/Hong_Kong", + "/usr/share/zoneinfo/Asia/Hovd", + "/usr/share/zoneinfo/Asia/Irkutsk", + "/usr/share/zoneinfo/Asia/Jakarta", + "/usr/share/zoneinfo/Asia/Jayapura", + "/usr/share/zoneinfo/Asia/Jerusalem", + "/usr/share/zoneinfo/Asia/Kabul", + "/usr/share/zoneinfo/Asia/Kamchatka", + "/usr/share/zoneinfo/Asia/Karachi", + "/usr/share/zoneinfo/Asia/Kathmandu", + "/usr/share/zoneinfo/Asia/Khandyga", + "/usr/share/zoneinfo/Asia/Kolkata", + "/usr/share/zoneinfo/Asia/Krasnoyarsk", + "/usr/share/zoneinfo/Asia/Kuala_Lumpur", + "/usr/share/zoneinfo/Asia/Kuching", + "/usr/share/zoneinfo/Asia/Kuwait", + "/usr/share/zoneinfo/Asia/Macau", + "/usr/share/zoneinfo/Asia/Magadan", + "/usr/share/zoneinfo/Asia/Makassar", + "/usr/share/zoneinfo/Asia/Manila", + "/usr/share/zoneinfo/Asia/Muscat", + "/usr/share/zoneinfo/Asia/Nicosia", + "/usr/share/zoneinfo/Asia/Novokuznetsk", + "/usr/share/zoneinfo/Asia/Novosibirsk", + "/usr/share/zoneinfo/Asia/Omsk", + "/usr/share/zoneinfo/Asia/Oral", + "/usr/share/zoneinfo/Asia/Phnom_Penh", + "/usr/share/zoneinfo/Asia/Pontianak", + "/usr/share/zoneinfo/Asia/Pyongyang", + "/usr/share/zoneinfo/Asia/Qatar", + "/usr/share/zoneinfo/Asia/Qostanay", + "/usr/share/zoneinfo/Asia/Qyzylorda", + "/usr/share/zoneinfo/Asia/Riyadh", + "/usr/share/zoneinfo/Asia/Sakhalin", + "/usr/share/zoneinfo/Asia/Samarkand", + "/usr/share/zoneinfo/Asia/Seoul", + "/usr/share/zoneinfo/Asia/Shanghai", + "/usr/share/zoneinfo/Asia/Singapore", + "/usr/share/zoneinfo/Asia/Srednekolymsk", + "/usr/share/zoneinfo/Asia/Taipei", + "/usr/share/zoneinfo/Asia/Tashkent", + "/usr/share/zoneinfo/Asia/Tbilisi", + "/usr/share/zoneinfo/Asia/Tehran", + "/usr/share/zoneinfo/Asia/Thimphu", + "/usr/share/zoneinfo/Asia/Tokyo", + "/usr/share/zoneinfo/Asia/Tomsk", + "/usr/share/zoneinfo/Asia/Ulaanbaatar", + "/usr/share/zoneinfo/Asia/Urumqi", + "/usr/share/zoneinfo/Asia/Ust-Nera", + "/usr/share/zoneinfo/Asia/Vientiane", + "/usr/share/zoneinfo/Asia/Vladivostok", + "/usr/share/zoneinfo/Asia/Yakutsk", + "/usr/share/zoneinfo/Asia/Yangon", + "/usr/share/zoneinfo/Asia/Yekaterinburg", + "/usr/share/zoneinfo/Asia/Yerevan", + "/usr/share/zoneinfo/Atlantic/Azores", + "/usr/share/zoneinfo/Atlantic/Bermuda", + "/usr/share/zoneinfo/Atlantic/Canary", + "/usr/share/zoneinfo/Atlantic/Cape_Verde", + "/usr/share/zoneinfo/Atlantic/Faroe", + "/usr/share/zoneinfo/Atlantic/Madeira", + "/usr/share/zoneinfo/Atlantic/Reykjavik", + "/usr/share/zoneinfo/Atlantic/South_Georgia", + "/usr/share/zoneinfo/Atlantic/St_Helena", + "/usr/share/zoneinfo/Atlantic/Stanley", + "/usr/share/zoneinfo/Australia/Adelaide", + "/usr/share/zoneinfo/Australia/Brisbane", + "/usr/share/zoneinfo/Australia/Broken_Hill", + "/usr/share/zoneinfo/Australia/Darwin", + "/usr/share/zoneinfo/Australia/Eucla", + "/usr/share/zoneinfo/Australia/Hobart", + "/usr/share/zoneinfo/Australia/Lindeman", + "/usr/share/zoneinfo/Australia/Lord_Howe", + "/usr/share/zoneinfo/Australia/Melbourne", + "/usr/share/zoneinfo/Australia/Perth", + "/usr/share/zoneinfo/Australia/Sydney", + "/usr/share/zoneinfo/CET", + "/usr/share/zoneinfo/CST6CDT", + "/usr/share/zoneinfo/EET", + "/usr/share/zoneinfo/EST", + "/usr/share/zoneinfo/EST5EDT", + "/usr/share/zoneinfo/Etc/GMT", + "/usr/share/zoneinfo/Etc/GMT+1", + "/usr/share/zoneinfo/Etc/GMT+10", + "/usr/share/zoneinfo/Etc/GMT+11", + "/usr/share/zoneinfo/Etc/GMT+12", + "/usr/share/zoneinfo/Etc/GMT+2", + "/usr/share/zoneinfo/Etc/GMT+3", + "/usr/share/zoneinfo/Etc/GMT+4", + "/usr/share/zoneinfo/Etc/GMT+5", + "/usr/share/zoneinfo/Etc/GMT+6", + "/usr/share/zoneinfo/Etc/GMT+7", + "/usr/share/zoneinfo/Etc/GMT+8", + "/usr/share/zoneinfo/Etc/GMT+9", + "/usr/share/zoneinfo/Etc/GMT-1", + "/usr/share/zoneinfo/Etc/GMT-10", + "/usr/share/zoneinfo/Etc/GMT-11", + "/usr/share/zoneinfo/Etc/GMT-12", + "/usr/share/zoneinfo/Etc/GMT-13", + "/usr/share/zoneinfo/Etc/GMT-14", + "/usr/share/zoneinfo/Etc/GMT-2", + "/usr/share/zoneinfo/Etc/GMT-3", + "/usr/share/zoneinfo/Etc/GMT-4", + "/usr/share/zoneinfo/Etc/GMT-5", + "/usr/share/zoneinfo/Etc/GMT-6", + "/usr/share/zoneinfo/Etc/GMT-7", + "/usr/share/zoneinfo/Etc/GMT-8", + "/usr/share/zoneinfo/Etc/GMT-9", + "/usr/share/zoneinfo/Etc/UTC", + "/usr/share/zoneinfo/Europe/Amsterdam", + "/usr/share/zoneinfo/Europe/Andorra", + "/usr/share/zoneinfo/Europe/Astrakhan", + "/usr/share/zoneinfo/Europe/Athens", + "/usr/share/zoneinfo/Europe/Belgrade", + "/usr/share/zoneinfo/Europe/Berlin", + "/usr/share/zoneinfo/Europe/Brussels", + "/usr/share/zoneinfo/Europe/Bucharest", + "/usr/share/zoneinfo/Europe/Budapest", + "/usr/share/zoneinfo/Europe/Chisinau", + "/usr/share/zoneinfo/Europe/Copenhagen", + "/usr/share/zoneinfo/Europe/Dublin", + "/usr/share/zoneinfo/Europe/Gibraltar", + "/usr/share/zoneinfo/Europe/Guernsey", + "/usr/share/zoneinfo/Europe/Helsinki", + "/usr/share/zoneinfo/Europe/Isle_of_Man", + "/usr/share/zoneinfo/Europe/Istanbul", + "/usr/share/zoneinfo/Europe/Jersey", + "/usr/share/zoneinfo/Europe/Kaliningrad", + "/usr/share/zoneinfo/Europe/Kirov", + "/usr/share/zoneinfo/Europe/Kyiv", + "/usr/share/zoneinfo/Europe/Lisbon", + "/usr/share/zoneinfo/Europe/Ljubljana", + "/usr/share/zoneinfo/Europe/London", + "/usr/share/zoneinfo/Europe/Luxembourg", + "/usr/share/zoneinfo/Europe/Madrid", + "/usr/share/zoneinfo/Europe/Malta", + "/usr/share/zoneinfo/Europe/Minsk", + "/usr/share/zoneinfo/Europe/Monaco", + "/usr/share/zoneinfo/Europe/Moscow", + "/usr/share/zoneinfo/Europe/Oslo", + "/usr/share/zoneinfo/Europe/Paris", + "/usr/share/zoneinfo/Europe/Prague", + "/usr/share/zoneinfo/Europe/Riga", + "/usr/share/zoneinfo/Europe/Rome", + "/usr/share/zoneinfo/Europe/Samara", + "/usr/share/zoneinfo/Europe/Sarajevo", + "/usr/share/zoneinfo/Europe/Saratov", + "/usr/share/zoneinfo/Europe/Simferopol", + "/usr/share/zoneinfo/Europe/Skopje", + "/usr/share/zoneinfo/Europe/Sofia", + "/usr/share/zoneinfo/Europe/Stockholm", + "/usr/share/zoneinfo/Europe/Tallinn", + "/usr/share/zoneinfo/Europe/Tirane", + "/usr/share/zoneinfo/Europe/Ulyanovsk", + "/usr/share/zoneinfo/Europe/Vaduz", + "/usr/share/zoneinfo/Europe/Vienna", + "/usr/share/zoneinfo/Europe/Vilnius", + "/usr/share/zoneinfo/Europe/Volgograd", + "/usr/share/zoneinfo/Europe/Warsaw", + "/usr/share/zoneinfo/Europe/Zagreb", + "/usr/share/zoneinfo/Europe/Zurich", + "/usr/share/zoneinfo/Factory", + "/usr/share/zoneinfo/HST", + "/usr/share/zoneinfo/Indian/Antananarivo", + "/usr/share/zoneinfo/Indian/Chagos", + "/usr/share/zoneinfo/Indian/Christmas", + "/usr/share/zoneinfo/Indian/Cocos", + "/usr/share/zoneinfo/Indian/Comoro", + "/usr/share/zoneinfo/Indian/Kerguelen", + "/usr/share/zoneinfo/Indian/Mahe", + "/usr/share/zoneinfo/Indian/Maldives", + "/usr/share/zoneinfo/Indian/Mauritius", + "/usr/share/zoneinfo/Indian/Mayotte", + "/usr/share/zoneinfo/Indian/Reunion", + "/usr/share/zoneinfo/MET", + "/usr/share/zoneinfo/MST", + "/usr/share/zoneinfo/MST7MDT", + "/usr/share/zoneinfo/PST8PDT", + "/usr/share/zoneinfo/Pacific/Apia", + "/usr/share/zoneinfo/Pacific/Auckland", + "/usr/share/zoneinfo/Pacific/Bougainville", + "/usr/share/zoneinfo/Pacific/Chatham", + "/usr/share/zoneinfo/Pacific/Chuuk", + "/usr/share/zoneinfo/Pacific/Easter", + "/usr/share/zoneinfo/Pacific/Efate", + "/usr/share/zoneinfo/Pacific/Fakaofo", + "/usr/share/zoneinfo/Pacific/Fiji", + "/usr/share/zoneinfo/Pacific/Funafuti", + "/usr/share/zoneinfo/Pacific/Galapagos", + "/usr/share/zoneinfo/Pacific/Gambier", + "/usr/share/zoneinfo/Pacific/Guadalcanal", + "/usr/share/zoneinfo/Pacific/Guam", + "/usr/share/zoneinfo/Pacific/Honolulu", + "/usr/share/zoneinfo/Pacific/Kanton", + "/usr/share/zoneinfo/Pacific/Kiritimati", + "/usr/share/zoneinfo/Pacific/Kosrae", + "/usr/share/zoneinfo/Pacific/Kwajalein", + "/usr/share/zoneinfo/Pacific/Majuro", + "/usr/share/zoneinfo/Pacific/Marquesas", + "/usr/share/zoneinfo/Pacific/Midway", + "/usr/share/zoneinfo/Pacific/Nauru", + "/usr/share/zoneinfo/Pacific/Niue", + "/usr/share/zoneinfo/Pacific/Norfolk", + "/usr/share/zoneinfo/Pacific/Noumea", + "/usr/share/zoneinfo/Pacific/Pago_Pago", + "/usr/share/zoneinfo/Pacific/Palau", + "/usr/share/zoneinfo/Pacific/Pitcairn", + "/usr/share/zoneinfo/Pacific/Pohnpei", + "/usr/share/zoneinfo/Pacific/Port_Moresby", + "/usr/share/zoneinfo/Pacific/Rarotonga", + "/usr/share/zoneinfo/Pacific/Saipan", + "/usr/share/zoneinfo/Pacific/Tahiti", + "/usr/share/zoneinfo/Pacific/Tarawa", + "/usr/share/zoneinfo/Pacific/Tongatapu", + "/usr/share/zoneinfo/Pacific/Wake", + "/usr/share/zoneinfo/Pacific/Wallis", + "/usr/share/zoneinfo/WET", + "/usr/share/zoneinfo/iso3166.tab", + "/usr/share/zoneinfo/leap-seconds.list", + "/usr/share/zoneinfo/leapseconds", + "/usr/share/zoneinfo/right/Africa/Abidjan", + "/usr/share/zoneinfo/right/Africa/Accra", + "/usr/share/zoneinfo/right/Africa/Addis_Ababa", + "/usr/share/zoneinfo/right/Africa/Algiers", + "/usr/share/zoneinfo/right/Africa/Asmara", + "/usr/share/zoneinfo/right/Africa/Bamako", + "/usr/share/zoneinfo/right/Africa/Bangui", + "/usr/share/zoneinfo/right/Africa/Banjul", + "/usr/share/zoneinfo/right/Africa/Bissau", + "/usr/share/zoneinfo/right/Africa/Blantyre", + "/usr/share/zoneinfo/right/Africa/Brazzaville", + "/usr/share/zoneinfo/right/Africa/Bujumbura", + "/usr/share/zoneinfo/right/Africa/Cairo", + "/usr/share/zoneinfo/right/Africa/Casablanca", + "/usr/share/zoneinfo/right/Africa/Ceuta", + "/usr/share/zoneinfo/right/Africa/Conakry", + "/usr/share/zoneinfo/right/Africa/Dakar", + "/usr/share/zoneinfo/right/Africa/Dar_es_Salaam", + "/usr/share/zoneinfo/right/Africa/Djibouti", + "/usr/share/zoneinfo/right/Africa/Douala", + "/usr/share/zoneinfo/right/Africa/El_Aaiun", + "/usr/share/zoneinfo/right/Africa/Freetown", + "/usr/share/zoneinfo/right/Africa/Gaborone", + "/usr/share/zoneinfo/right/Africa/Harare", + "/usr/share/zoneinfo/right/Africa/Johannesburg", + "/usr/share/zoneinfo/right/Africa/Juba", + "/usr/share/zoneinfo/right/Africa/Kampala", + "/usr/share/zoneinfo/right/Africa/Khartoum", + "/usr/share/zoneinfo/right/Africa/Kigali", + "/usr/share/zoneinfo/right/Africa/Kinshasa", + "/usr/share/zoneinfo/right/Africa/Lagos", + "/usr/share/zoneinfo/right/Africa/Libreville", + "/usr/share/zoneinfo/right/Africa/Lome", + "/usr/share/zoneinfo/right/Africa/Luanda", + "/usr/share/zoneinfo/right/Africa/Lubumbashi", + "/usr/share/zoneinfo/right/Africa/Lusaka", + "/usr/share/zoneinfo/right/Africa/Malabo", + "/usr/share/zoneinfo/right/Africa/Maputo", + "/usr/share/zoneinfo/right/Africa/Maseru", + "/usr/share/zoneinfo/right/Africa/Mbabane", + "/usr/share/zoneinfo/right/Africa/Mogadishu", + "/usr/share/zoneinfo/right/Africa/Monrovia", + "/usr/share/zoneinfo/right/Africa/Nairobi", + "/usr/share/zoneinfo/right/Africa/Ndjamena", + "/usr/share/zoneinfo/right/Africa/Niamey", + "/usr/share/zoneinfo/right/Africa/Nouakchott", + "/usr/share/zoneinfo/right/Africa/Ouagadougou", + "/usr/share/zoneinfo/right/Africa/Porto-Novo", + "/usr/share/zoneinfo/right/Africa/Sao_Tome", + "/usr/share/zoneinfo/right/Africa/Tripoli", + "/usr/share/zoneinfo/right/Africa/Tunis", + "/usr/share/zoneinfo/right/Africa/Windhoek", + "/usr/share/zoneinfo/right/America/Adak", + "/usr/share/zoneinfo/right/America/Anchorage", + "/usr/share/zoneinfo/right/America/Anguilla", + "/usr/share/zoneinfo/right/America/Antigua", + "/usr/share/zoneinfo/right/America/Araguaina", + "/usr/share/zoneinfo/right/America/Argentina/Buenos_Aires", + "/usr/share/zoneinfo/right/America/Argentina/Catamarca", + "/usr/share/zoneinfo/right/America/Argentina/Cordoba", + "/usr/share/zoneinfo/right/America/Argentina/Jujuy", + "/usr/share/zoneinfo/right/America/Argentina/La_Rioja", + "/usr/share/zoneinfo/right/America/Argentina/Mendoza", + "/usr/share/zoneinfo/right/America/Argentina/Rio_Gallegos", + "/usr/share/zoneinfo/right/America/Argentina/Salta", + "/usr/share/zoneinfo/right/America/Argentina/San_Juan", + "/usr/share/zoneinfo/right/America/Argentina/San_Luis", + "/usr/share/zoneinfo/right/America/Argentina/Tucuman", + "/usr/share/zoneinfo/right/America/Argentina/Ushuaia", + "/usr/share/zoneinfo/right/America/Aruba", + "/usr/share/zoneinfo/right/America/Asuncion", + "/usr/share/zoneinfo/right/America/Atikokan", + "/usr/share/zoneinfo/right/America/Bahia", + "/usr/share/zoneinfo/right/America/Bahia_Banderas", + "/usr/share/zoneinfo/right/America/Barbados", + "/usr/share/zoneinfo/right/America/Belem", + "/usr/share/zoneinfo/right/America/Belize", + "/usr/share/zoneinfo/right/America/Blanc-Sablon", + "/usr/share/zoneinfo/right/America/Boa_Vista", + "/usr/share/zoneinfo/right/America/Bogota", + "/usr/share/zoneinfo/right/America/Boise", + "/usr/share/zoneinfo/right/America/Cambridge_Bay", + "/usr/share/zoneinfo/right/America/Campo_Grande", + "/usr/share/zoneinfo/right/America/Cancun", + "/usr/share/zoneinfo/right/America/Caracas", + "/usr/share/zoneinfo/right/America/Cayenne", + "/usr/share/zoneinfo/right/America/Cayman", + "/usr/share/zoneinfo/right/America/Chicago", + "/usr/share/zoneinfo/right/America/Chihuahua", + "/usr/share/zoneinfo/right/America/Ciudad_Juarez", + "/usr/share/zoneinfo/right/America/Costa_Rica", + "/usr/share/zoneinfo/right/America/Creston", + "/usr/share/zoneinfo/right/America/Cuiaba", + "/usr/share/zoneinfo/right/America/Curacao", + "/usr/share/zoneinfo/right/America/Danmarkshavn", + "/usr/share/zoneinfo/right/America/Dawson", + "/usr/share/zoneinfo/right/America/Dawson_Creek", + "/usr/share/zoneinfo/right/America/Denver", + "/usr/share/zoneinfo/right/America/Detroit", + "/usr/share/zoneinfo/right/America/Dominica", + "/usr/share/zoneinfo/right/America/Edmonton", + "/usr/share/zoneinfo/right/America/Eirunepe", + "/usr/share/zoneinfo/right/America/El_Salvador", + "/usr/share/zoneinfo/right/America/Fort_Nelson", + "/usr/share/zoneinfo/right/America/Fortaleza", + "/usr/share/zoneinfo/right/America/Glace_Bay", + "/usr/share/zoneinfo/right/America/Goose_Bay", + "/usr/share/zoneinfo/right/America/Grand_Turk", + "/usr/share/zoneinfo/right/America/Grenada", + "/usr/share/zoneinfo/right/America/Guadeloupe", + "/usr/share/zoneinfo/right/America/Guatemala", + "/usr/share/zoneinfo/right/America/Guayaquil", + "/usr/share/zoneinfo/right/America/Guyana", + "/usr/share/zoneinfo/right/America/Halifax", + "/usr/share/zoneinfo/right/America/Havana", + "/usr/share/zoneinfo/right/America/Hermosillo", + "/usr/share/zoneinfo/right/America/Indiana/Indianapolis", + "/usr/share/zoneinfo/right/America/Indiana/Knox", + "/usr/share/zoneinfo/right/America/Indiana/Marengo", + "/usr/share/zoneinfo/right/America/Indiana/Petersburg", + "/usr/share/zoneinfo/right/America/Indiana/Tell_City", + "/usr/share/zoneinfo/right/America/Indiana/Vevay", + "/usr/share/zoneinfo/right/America/Indiana/Vincennes", + "/usr/share/zoneinfo/right/America/Indiana/Winamac", + "/usr/share/zoneinfo/right/America/Inuvik", + "/usr/share/zoneinfo/right/America/Iqaluit", + "/usr/share/zoneinfo/right/America/Jamaica", + "/usr/share/zoneinfo/right/America/Juneau", + "/usr/share/zoneinfo/right/America/Kentucky/Louisville", + "/usr/share/zoneinfo/right/America/Kentucky/Monticello", + "/usr/share/zoneinfo/right/America/La_Paz", + "/usr/share/zoneinfo/right/America/Lima", + "/usr/share/zoneinfo/right/America/Los_Angeles", + "/usr/share/zoneinfo/right/America/Maceio", + "/usr/share/zoneinfo/right/America/Managua", + "/usr/share/zoneinfo/right/America/Manaus", + "/usr/share/zoneinfo/right/America/Martinique", + "/usr/share/zoneinfo/right/America/Matamoros", + "/usr/share/zoneinfo/right/America/Mazatlan", + "/usr/share/zoneinfo/right/America/Menominee", + "/usr/share/zoneinfo/right/America/Merida", + "/usr/share/zoneinfo/right/America/Metlakatla", + "/usr/share/zoneinfo/right/America/Mexico_City", + "/usr/share/zoneinfo/right/America/Miquelon", + "/usr/share/zoneinfo/right/America/Moncton", + "/usr/share/zoneinfo/right/America/Monterrey", + "/usr/share/zoneinfo/right/America/Montevideo", + "/usr/share/zoneinfo/right/America/Montserrat", + "/usr/share/zoneinfo/right/America/Nassau", + "/usr/share/zoneinfo/right/America/New_York", + "/usr/share/zoneinfo/right/America/Nome", + "/usr/share/zoneinfo/right/America/Noronha", + "/usr/share/zoneinfo/right/America/North_Dakota/Beulah", + "/usr/share/zoneinfo/right/America/North_Dakota/Center", + "/usr/share/zoneinfo/right/America/North_Dakota/New_Salem", + "/usr/share/zoneinfo/right/America/Nuuk", + "/usr/share/zoneinfo/right/America/Ojinaga", + "/usr/share/zoneinfo/right/America/Panama", + "/usr/share/zoneinfo/right/America/Paramaribo", + "/usr/share/zoneinfo/right/America/Phoenix", + "/usr/share/zoneinfo/right/America/Port-au-Prince", + "/usr/share/zoneinfo/right/America/Port_of_Spain", + "/usr/share/zoneinfo/right/America/Porto_Velho", + "/usr/share/zoneinfo/right/America/Puerto_Rico", + "/usr/share/zoneinfo/right/America/Punta_Arenas", + "/usr/share/zoneinfo/right/America/Rankin_Inlet", + "/usr/share/zoneinfo/right/America/Recife", + "/usr/share/zoneinfo/right/America/Regina", + "/usr/share/zoneinfo/right/America/Resolute", + "/usr/share/zoneinfo/right/America/Rio_Branco", + "/usr/share/zoneinfo/right/America/Santarem", + "/usr/share/zoneinfo/right/America/Santiago", + "/usr/share/zoneinfo/right/America/Santo_Domingo", + "/usr/share/zoneinfo/right/America/Sao_Paulo", + "/usr/share/zoneinfo/right/America/Scoresbysund", + "/usr/share/zoneinfo/right/America/Sitka", + "/usr/share/zoneinfo/right/America/St_Johns", + "/usr/share/zoneinfo/right/America/St_Kitts", + "/usr/share/zoneinfo/right/America/St_Lucia", + "/usr/share/zoneinfo/right/America/St_Thomas", + "/usr/share/zoneinfo/right/America/St_Vincent", + "/usr/share/zoneinfo/right/America/Swift_Current", + "/usr/share/zoneinfo/right/America/Tegucigalpa", + "/usr/share/zoneinfo/right/America/Thule", + "/usr/share/zoneinfo/right/America/Tijuana", + "/usr/share/zoneinfo/right/America/Toronto", + "/usr/share/zoneinfo/right/America/Tortola", + "/usr/share/zoneinfo/right/America/Vancouver", + "/usr/share/zoneinfo/right/America/Whitehorse", + "/usr/share/zoneinfo/right/America/Winnipeg", + "/usr/share/zoneinfo/right/America/Yakutat", + "/usr/share/zoneinfo/right/Antarctica/Casey", + "/usr/share/zoneinfo/right/Antarctica/Davis", + "/usr/share/zoneinfo/right/Antarctica/DumontDUrville", + "/usr/share/zoneinfo/right/Antarctica/Macquarie", + "/usr/share/zoneinfo/right/Antarctica/Mawson", + "/usr/share/zoneinfo/right/Antarctica/McMurdo", + "/usr/share/zoneinfo/right/Antarctica/Palmer", + "/usr/share/zoneinfo/right/Antarctica/Rothera", + "/usr/share/zoneinfo/right/Antarctica/Syowa", + "/usr/share/zoneinfo/right/Antarctica/Troll", + "/usr/share/zoneinfo/right/Antarctica/Vostok", + "/usr/share/zoneinfo/right/Asia/Aden", + "/usr/share/zoneinfo/right/Asia/Almaty", + "/usr/share/zoneinfo/right/Asia/Amman", + "/usr/share/zoneinfo/right/Asia/Anadyr", + "/usr/share/zoneinfo/right/Asia/Aqtau", + "/usr/share/zoneinfo/right/Asia/Aqtobe", + "/usr/share/zoneinfo/right/Asia/Ashgabat", + "/usr/share/zoneinfo/right/Asia/Atyrau", + "/usr/share/zoneinfo/right/Asia/Baghdad", + "/usr/share/zoneinfo/right/Asia/Bahrain", + "/usr/share/zoneinfo/right/Asia/Baku", + "/usr/share/zoneinfo/right/Asia/Bangkok", + "/usr/share/zoneinfo/right/Asia/Barnaul", + "/usr/share/zoneinfo/right/Asia/Beirut", + "/usr/share/zoneinfo/right/Asia/Bishkek", + "/usr/share/zoneinfo/right/Asia/Brunei", + "/usr/share/zoneinfo/right/Asia/Chita", + "/usr/share/zoneinfo/right/Asia/Choibalsan", + "/usr/share/zoneinfo/right/Asia/Colombo", + "/usr/share/zoneinfo/right/Asia/Damascus", + "/usr/share/zoneinfo/right/Asia/Dhaka", + "/usr/share/zoneinfo/right/Asia/Dili", + "/usr/share/zoneinfo/right/Asia/Dubai", + "/usr/share/zoneinfo/right/Asia/Dushanbe", + "/usr/share/zoneinfo/right/Asia/Famagusta", + "/usr/share/zoneinfo/right/Asia/Gaza", + "/usr/share/zoneinfo/right/Asia/Hebron", + "/usr/share/zoneinfo/right/Asia/Ho_Chi_Minh", + "/usr/share/zoneinfo/right/Asia/Hong_Kong", + "/usr/share/zoneinfo/right/Asia/Hovd", + "/usr/share/zoneinfo/right/Asia/Irkutsk", + "/usr/share/zoneinfo/right/Asia/Jakarta", + "/usr/share/zoneinfo/right/Asia/Jayapura", + "/usr/share/zoneinfo/right/Asia/Jerusalem", + "/usr/share/zoneinfo/right/Asia/Kabul", + "/usr/share/zoneinfo/right/Asia/Kamchatka", + "/usr/share/zoneinfo/right/Asia/Karachi", + "/usr/share/zoneinfo/right/Asia/Kathmandu", + "/usr/share/zoneinfo/right/Asia/Khandyga", + "/usr/share/zoneinfo/right/Asia/Kolkata", + "/usr/share/zoneinfo/right/Asia/Krasnoyarsk", + "/usr/share/zoneinfo/right/Asia/Kuala_Lumpur", + "/usr/share/zoneinfo/right/Asia/Kuching", + "/usr/share/zoneinfo/right/Asia/Kuwait", + "/usr/share/zoneinfo/right/Asia/Macau", + "/usr/share/zoneinfo/right/Asia/Magadan", + "/usr/share/zoneinfo/right/Asia/Makassar", + "/usr/share/zoneinfo/right/Asia/Manila", + "/usr/share/zoneinfo/right/Asia/Muscat", + "/usr/share/zoneinfo/right/Asia/Nicosia", + "/usr/share/zoneinfo/right/Asia/Novokuznetsk", + "/usr/share/zoneinfo/right/Asia/Novosibirsk", + "/usr/share/zoneinfo/right/Asia/Omsk", + "/usr/share/zoneinfo/right/Asia/Oral", + "/usr/share/zoneinfo/right/Asia/Phnom_Penh", + "/usr/share/zoneinfo/right/Asia/Pontianak", + "/usr/share/zoneinfo/right/Asia/Pyongyang", + "/usr/share/zoneinfo/right/Asia/Qatar", + "/usr/share/zoneinfo/right/Asia/Qostanay", + "/usr/share/zoneinfo/right/Asia/Qyzylorda", + "/usr/share/zoneinfo/right/Asia/Riyadh", + "/usr/share/zoneinfo/right/Asia/Sakhalin", + "/usr/share/zoneinfo/right/Asia/Samarkand", + "/usr/share/zoneinfo/right/Asia/Seoul", + "/usr/share/zoneinfo/right/Asia/Shanghai", + "/usr/share/zoneinfo/right/Asia/Singapore", + "/usr/share/zoneinfo/right/Asia/Srednekolymsk", + "/usr/share/zoneinfo/right/Asia/Taipei", + "/usr/share/zoneinfo/right/Asia/Tashkent", + "/usr/share/zoneinfo/right/Asia/Tbilisi", + "/usr/share/zoneinfo/right/Asia/Tehran", + "/usr/share/zoneinfo/right/Asia/Thimphu", + "/usr/share/zoneinfo/right/Asia/Tokyo", + "/usr/share/zoneinfo/right/Asia/Tomsk", + "/usr/share/zoneinfo/right/Asia/Ulaanbaatar", + "/usr/share/zoneinfo/right/Asia/Urumqi", + "/usr/share/zoneinfo/right/Asia/Ust-Nera", + "/usr/share/zoneinfo/right/Asia/Vientiane", + "/usr/share/zoneinfo/right/Asia/Vladivostok", + "/usr/share/zoneinfo/right/Asia/Yakutsk", + "/usr/share/zoneinfo/right/Asia/Yangon", + "/usr/share/zoneinfo/right/Asia/Yekaterinburg", + "/usr/share/zoneinfo/right/Asia/Yerevan", + "/usr/share/zoneinfo/right/Atlantic/Azores", + "/usr/share/zoneinfo/right/Atlantic/Bermuda", + "/usr/share/zoneinfo/right/Atlantic/Canary", + "/usr/share/zoneinfo/right/Atlantic/Cape_Verde", + "/usr/share/zoneinfo/right/Atlantic/Faroe", + "/usr/share/zoneinfo/right/Atlantic/Madeira", + "/usr/share/zoneinfo/right/Atlantic/Reykjavik", + "/usr/share/zoneinfo/right/Atlantic/South_Georgia", + "/usr/share/zoneinfo/right/Atlantic/St_Helena", + "/usr/share/zoneinfo/right/Atlantic/Stanley", + "/usr/share/zoneinfo/right/Australia/Adelaide", + "/usr/share/zoneinfo/right/Australia/Brisbane", + "/usr/share/zoneinfo/right/Australia/Broken_Hill", + "/usr/share/zoneinfo/right/Australia/Darwin", + "/usr/share/zoneinfo/right/Australia/Eucla", + "/usr/share/zoneinfo/right/Australia/Hobart", + "/usr/share/zoneinfo/right/Australia/Lindeman", + "/usr/share/zoneinfo/right/Australia/Lord_Howe", + "/usr/share/zoneinfo/right/Australia/Melbourne", + "/usr/share/zoneinfo/right/Australia/Perth", + "/usr/share/zoneinfo/right/Australia/Sydney", + "/usr/share/zoneinfo/right/CET", + "/usr/share/zoneinfo/right/CST6CDT", + "/usr/share/zoneinfo/right/EET", + "/usr/share/zoneinfo/right/EST", + "/usr/share/zoneinfo/right/EST5EDT", + "/usr/share/zoneinfo/right/Etc/GMT", + "/usr/share/zoneinfo/right/Etc/GMT+1", + "/usr/share/zoneinfo/right/Etc/GMT+10", + "/usr/share/zoneinfo/right/Etc/GMT+11", + "/usr/share/zoneinfo/right/Etc/GMT+12", + "/usr/share/zoneinfo/right/Etc/GMT+2", + "/usr/share/zoneinfo/right/Etc/GMT+3", + "/usr/share/zoneinfo/right/Etc/GMT+4", + "/usr/share/zoneinfo/right/Etc/GMT+5", + "/usr/share/zoneinfo/right/Etc/GMT+6", + "/usr/share/zoneinfo/right/Etc/GMT+7", + "/usr/share/zoneinfo/right/Etc/GMT+8", + "/usr/share/zoneinfo/right/Etc/GMT+9", + "/usr/share/zoneinfo/right/Etc/GMT-1", + "/usr/share/zoneinfo/right/Etc/GMT-10", + "/usr/share/zoneinfo/right/Etc/GMT-11", + "/usr/share/zoneinfo/right/Etc/GMT-12", + "/usr/share/zoneinfo/right/Etc/GMT-13", + "/usr/share/zoneinfo/right/Etc/GMT-14", + "/usr/share/zoneinfo/right/Etc/GMT-2", + "/usr/share/zoneinfo/right/Etc/GMT-3", + "/usr/share/zoneinfo/right/Etc/GMT-4", + "/usr/share/zoneinfo/right/Etc/GMT-5", + "/usr/share/zoneinfo/right/Etc/GMT-6", + "/usr/share/zoneinfo/right/Etc/GMT-7", + "/usr/share/zoneinfo/right/Etc/GMT-8", + "/usr/share/zoneinfo/right/Etc/GMT-9", + "/usr/share/zoneinfo/right/Etc/UTC", + "/usr/share/zoneinfo/right/Europe/Amsterdam", + "/usr/share/zoneinfo/right/Europe/Andorra", + "/usr/share/zoneinfo/right/Europe/Astrakhan", + "/usr/share/zoneinfo/right/Europe/Athens", + "/usr/share/zoneinfo/right/Europe/Belgrade", + "/usr/share/zoneinfo/right/Europe/Berlin", + "/usr/share/zoneinfo/right/Europe/Brussels", + "/usr/share/zoneinfo/right/Europe/Bucharest", + "/usr/share/zoneinfo/right/Europe/Budapest", + "/usr/share/zoneinfo/right/Europe/Chisinau", + "/usr/share/zoneinfo/right/Europe/Copenhagen", + "/usr/share/zoneinfo/right/Europe/Dublin", + "/usr/share/zoneinfo/right/Europe/Gibraltar", + "/usr/share/zoneinfo/right/Europe/Guernsey", + "/usr/share/zoneinfo/right/Europe/Helsinki", + "/usr/share/zoneinfo/right/Europe/Isle_of_Man", + "/usr/share/zoneinfo/right/Europe/Istanbul", + "/usr/share/zoneinfo/right/Europe/Jersey", + "/usr/share/zoneinfo/right/Europe/Kaliningrad", + "/usr/share/zoneinfo/right/Europe/Kirov", + "/usr/share/zoneinfo/right/Europe/Kyiv", + "/usr/share/zoneinfo/right/Europe/Lisbon", + "/usr/share/zoneinfo/right/Europe/Ljubljana", + "/usr/share/zoneinfo/right/Europe/London", + "/usr/share/zoneinfo/right/Europe/Luxembourg", + "/usr/share/zoneinfo/right/Europe/Madrid", + "/usr/share/zoneinfo/right/Europe/Malta", + "/usr/share/zoneinfo/right/Europe/Minsk", + "/usr/share/zoneinfo/right/Europe/Monaco", + "/usr/share/zoneinfo/right/Europe/Moscow", + "/usr/share/zoneinfo/right/Europe/Oslo", + "/usr/share/zoneinfo/right/Europe/Paris", + "/usr/share/zoneinfo/right/Europe/Prague", + "/usr/share/zoneinfo/right/Europe/Riga", + "/usr/share/zoneinfo/right/Europe/Rome", + "/usr/share/zoneinfo/right/Europe/Samara", + "/usr/share/zoneinfo/right/Europe/Sarajevo", + "/usr/share/zoneinfo/right/Europe/Saratov", + "/usr/share/zoneinfo/right/Europe/Simferopol", + "/usr/share/zoneinfo/right/Europe/Skopje", + "/usr/share/zoneinfo/right/Europe/Sofia", + "/usr/share/zoneinfo/right/Europe/Stockholm", + "/usr/share/zoneinfo/right/Europe/Tallinn", + "/usr/share/zoneinfo/right/Europe/Tirane", + "/usr/share/zoneinfo/right/Europe/Ulyanovsk", + "/usr/share/zoneinfo/right/Europe/Vaduz", + "/usr/share/zoneinfo/right/Europe/Vienna", + "/usr/share/zoneinfo/right/Europe/Vilnius", + "/usr/share/zoneinfo/right/Europe/Volgograd", + "/usr/share/zoneinfo/right/Europe/Warsaw", + "/usr/share/zoneinfo/right/Europe/Zagreb", + "/usr/share/zoneinfo/right/Europe/Zurich", + "/usr/share/zoneinfo/right/Factory", + "/usr/share/zoneinfo/right/HST", + "/usr/share/zoneinfo/right/Indian/Antananarivo", + "/usr/share/zoneinfo/right/Indian/Chagos", + "/usr/share/zoneinfo/right/Indian/Christmas", + "/usr/share/zoneinfo/right/Indian/Cocos", + "/usr/share/zoneinfo/right/Indian/Comoro", + "/usr/share/zoneinfo/right/Indian/Kerguelen", + "/usr/share/zoneinfo/right/Indian/Mahe", + "/usr/share/zoneinfo/right/Indian/Maldives", + "/usr/share/zoneinfo/right/Indian/Mauritius", + "/usr/share/zoneinfo/right/Indian/Mayotte", + "/usr/share/zoneinfo/right/Indian/Reunion", + "/usr/share/zoneinfo/right/MET", + "/usr/share/zoneinfo/right/MST", + "/usr/share/zoneinfo/right/MST7MDT", + "/usr/share/zoneinfo/right/PST8PDT", + "/usr/share/zoneinfo/right/Pacific/Apia", + "/usr/share/zoneinfo/right/Pacific/Auckland", + "/usr/share/zoneinfo/right/Pacific/Bougainville", + "/usr/share/zoneinfo/right/Pacific/Chatham", + "/usr/share/zoneinfo/right/Pacific/Chuuk", + "/usr/share/zoneinfo/right/Pacific/Easter", + "/usr/share/zoneinfo/right/Pacific/Efate", + "/usr/share/zoneinfo/right/Pacific/Fakaofo", + "/usr/share/zoneinfo/right/Pacific/Fiji", + "/usr/share/zoneinfo/right/Pacific/Funafuti", + "/usr/share/zoneinfo/right/Pacific/Galapagos", + "/usr/share/zoneinfo/right/Pacific/Gambier", + "/usr/share/zoneinfo/right/Pacific/Guadalcanal", + "/usr/share/zoneinfo/right/Pacific/Guam", + "/usr/share/zoneinfo/right/Pacific/Honolulu", + "/usr/share/zoneinfo/right/Pacific/Kanton", + "/usr/share/zoneinfo/right/Pacific/Kiritimati", + "/usr/share/zoneinfo/right/Pacific/Kosrae", + "/usr/share/zoneinfo/right/Pacific/Kwajalein", + "/usr/share/zoneinfo/right/Pacific/Majuro", + "/usr/share/zoneinfo/right/Pacific/Marquesas", + "/usr/share/zoneinfo/right/Pacific/Midway", + "/usr/share/zoneinfo/right/Pacific/Nauru", + "/usr/share/zoneinfo/right/Pacific/Niue", + "/usr/share/zoneinfo/right/Pacific/Norfolk", + "/usr/share/zoneinfo/right/Pacific/Noumea", + "/usr/share/zoneinfo/right/Pacific/Pago_Pago", + "/usr/share/zoneinfo/right/Pacific/Palau", + "/usr/share/zoneinfo/right/Pacific/Pitcairn", + "/usr/share/zoneinfo/right/Pacific/Pohnpei", + "/usr/share/zoneinfo/right/Pacific/Port_Moresby", + "/usr/share/zoneinfo/right/Pacific/Rarotonga", + "/usr/share/zoneinfo/right/Pacific/Saipan", + "/usr/share/zoneinfo/right/Pacific/Tahiti", + "/usr/share/zoneinfo/right/Pacific/Tarawa", + "/usr/share/zoneinfo/right/Pacific/Tongatapu", + "/usr/share/zoneinfo/right/Pacific/Wake", + "/usr/share/zoneinfo/right/Pacific/Wallis", + "/usr/share/zoneinfo/right/WET", + "/usr/share/zoneinfo/tzdata.zi", + "/usr/share/zoneinfo/zone.tab", + "/usr/share/zoneinfo/zone1970.tab" + ], + "AnalyzedBy": "dpkg" + } + ] + }, + { + "Target": "app/cmd/controller/controller", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "stdlib@v1.21.9", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "Version": "v1.21.9", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "../../", + "Name": "../../", + "Identifier": { + "UID": "de1afe16c16f3588" + }, + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "cloud.google.com/go/compute/metadata@v0.2.3", + "Name": "cloud.google.com/go/compute/metadata", + "Identifier": { + "PURL": "pkg:golang/cloud.google.com/go/compute/metadata@v0.2.3", + "UID": "6184dbb5225aaf0e" + }, + "Version": "v0.2.3", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.9.1", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/azcore", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azcore@v1.9.1", + "UID": "adb5084aa737b22c" + }, + "Version": "v1.9.1", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.4.0", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/azidentity", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azidentity@v1.4.0", + "UID": "3a24e7a4b81c6d6" + }, + "Version": "v1.4.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/internal@v1.5.1", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/internal", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/internal@v1.5.1", + "UID": "fed59cf9edb6df3d" + }, + "Version": "v1.5.1", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns@v1.2.0", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns@v1.2.0", + "UID": "22777d5f4033bf72" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/go-ntlmssp@v0.0.0-20221128193559-754e69321358", + "Name": "github.com/Azure/go-ntlmssp", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/go-ntlmssp@v0.0.0-20221128193559-754e69321358", + "UID": "fa8edb00e0957101" + }, + "Version": "v0.0.0-20221128193559-754e69321358", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/AzureAD/microsoft-authentication-library-for-go@v1.1.1", + "Name": "github.com/AzureAD/microsoft-authentication-library-for-go", + "Identifier": { + "PURL": "pkg:golang/github.com/azuread/microsoft-authentication-library-for-go@v1.1.1", + "UID": "bf8e6a15f7a59a27" + }, + "Version": "v1.1.1", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Venafi/vcert/v5@v5.3.0", + "Name": "github.com/Venafi/vcert/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/venafi/vcert/v5@v5.3.0", + "UID": "7a167574d8a4add" + }, + "Version": "v5.3.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/akamai/AkamaiOPEN-edgegrid-golang@v1.2.2", + "Name": "github.com/akamai/AkamaiOPEN-edgegrid-golang", + "Identifier": { + "PURL": "pkg:golang/github.com/akamai/akamaiopen-edgegrid-golang@v1.2.2", + "UID": "b3e0d49740ba2f70" + }, + "Version": "v1.2.2", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go@v1.49.13", + "Name": "github.com/aws/aws-sdk-go", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go@v1.49.13", + "UID": "606c1ee030bd7388" + }, + "Version": "v1.49.13", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/beorn7/perks@v1.0.1", + "Name": "github.com/beorn7/perks", + "Identifier": { + "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", + "UID": "87358bf73fbab2a5" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/blang/semver/v4@v4.0.0", + "Name": "github.com/blang/semver/v4", + "Identifier": { + "PURL": "pkg:golang/github.com/blang/semver/v4@v4.0.0", + "UID": "ee086fd93a35c198" + }, + "Version": "v4.0.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cenkalti/backoff/v3@v3.2.2", + "Name": "github.com/cenkalti/backoff/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/cenkalti/backoff/v3@v3.2.2", + "UID": "ad19c8e4124c2596" + }, + "Version": "v3.2.2", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cenkalti/backoff/v4@v4.2.1", + "Name": "github.com/cenkalti/backoff/v4", + "Identifier": { + "PURL": "pkg:golang/github.com/cenkalti/backoff/v4@v4.2.1", + "UID": "b2974e6980295feb" + }, + "Version": "v4.2.1", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cert-manager/cert-manager/controller-binary", + "Name": "github.com/cert-manager/cert-manager/controller-binary", + "Identifier": { + "PURL": "pkg:golang/github.com/cert-manager/cert-manager/controller-binary", + "UID": "3d413a2e4d4ec86e" + }, + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cespare/xxhash/v2@v2.2.0", + "Name": "github.com/cespare/xxhash/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.2.0", + "UID": "3861f4515e2f3da3" + }, + "Version": "v2.2.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/coreos/go-semver@v0.3.1", + "Name": "github.com/coreos/go-semver", + "Identifier": { + "PURL": "pkg:golang/github.com/coreos/go-semver@v0.3.1", + "UID": "1d0478bdb8e089c9" + }, + "Version": "v0.3.1", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/coreos/go-systemd/v22@v22.5.0", + "Name": "github.com/coreos/go-systemd/v22", + "Identifier": { + "PURL": "pkg:golang/github.com/coreos/go-systemd/v22@v22.5.0", + "UID": "c133a621bb528410" + }, + "Version": "v22.5.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cpu/goacmedns@v0.1.1", + "Name": "github.com/cpu/goacmedns", + "Identifier": { + "PURL": "pkg:golang/github.com/cpu/goacmedns@v0.1.1", + "UID": "1b0514d009d22f42" + }, + "Version": "v0.1.1", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "Name": "github.com/davecgh/go-spew", + "Identifier": { + "PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "UID": "71bb34b9845c423d" + }, + "Version": "v1.1.2-0.20180830191138-d8f796af33cc", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/digitalocean/godo@v1.107.0", + "Name": "github.com/digitalocean/godo", + "Identifier": { + "PURL": "pkg:golang/github.com/digitalocean/godo@v1.107.0", + "UID": "206736ca0b2c66c1" + }, + "Version": "v1.107.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/emicklei/go-restful/v3@v3.11.0", + "Name": "github.com/emicklei/go-restful/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/emicklei/go-restful/v3@v3.11.0", + "UID": "63dac7ff84becab9" + }, + "Version": "v3.11.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/felixge/httpsnoop@v1.0.4", + "Name": "github.com/felixge/httpsnoop", + "Identifier": { + "PURL": "pkg:golang/github.com/felixge/httpsnoop@v1.0.4", + "UID": "d960b7ec0d7eedbe" + }, + "Version": "v1.0.4", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-asn1-ber/asn1-ber@v1.5.5", + "Name": "github.com/go-asn1-ber/asn1-ber", + "Identifier": { + "PURL": "pkg:golang/github.com/go-asn1-ber/asn1-ber@v1.5.5", + "UID": "d129d9fafd5a5741" + }, + "Version": "v1.5.5", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-jose/go-jose/v3@v3.0.3", + "Name": "github.com/go-jose/go-jose/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/go-jose/go-jose/v3@v3.0.3", + "UID": "373516391f2c053d" + }, + "Version": "v3.0.3", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-ldap/ldap/v3@v3.4.6", + "Name": "github.com/go-ldap/ldap/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/go-ldap/ldap/v3@v3.4.6", + "UID": "3d18fb04c423fb38" + }, + "Version": "v3.4.6", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/logr@v1.4.1", + "Name": "github.com/go-logr/logr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/logr@v1.4.1", + "UID": "3f48192f26f4c1e0" + }, + "Version": "v1.4.1", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/stdr@v1.2.2", + "Name": "github.com/go-logr/stdr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/stdr@v1.2.2", + "UID": "194f42d2992ace21" + }, + "Version": "v1.2.2", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/zapr@v1.3.0", + "Name": "github.com/go-logr/zapr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/zapr@v1.3.0", + "UID": "b9f03a01fe8f5ce9" + }, + "Version": "v1.3.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/jsonpointer@v0.20.2", + "Name": "github.com/go-openapi/jsonpointer", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/jsonpointer@v0.20.2", + "UID": "d083c176e443858b" + }, + "Version": "v0.20.2", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/jsonreference@v0.20.4", + "Name": "github.com/go-openapi/jsonreference", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/jsonreference@v0.20.4", + "UID": "ef7194a05df7f9d6" + }, + "Version": "v0.20.4", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag@v0.22.7", + "Name": "github.com/go-openapi/swag", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag@v0.22.7", + "UID": "c7e1cb408f4584c5" + }, + "Version": "v0.22.7", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gogo/protobuf@v1.3.2", + "Name": "github.com/gogo/protobuf", + "Identifier": { + "PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2", + "UID": "e6b4681ee484082d" + }, + "Version": "v1.3.2", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang-jwt/jwt/v5@v5.0.0", + "Name": "github.com/golang-jwt/jwt/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/golang-jwt/jwt/v5@v5.0.0", + "UID": "f2e87551a6c076a5" + }, + "Version": "v5.0.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", + "Name": "github.com/golang/groupcache", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", + "UID": "758e21253ffbca9" + }, + "Version": "v0.0.0-20210331224755-41bb18bfe9da", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/protobuf@v1.5.3", + "Name": "github.com/golang/protobuf", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/protobuf@v1.5.3", + "UID": "b076e5e09591d8f" + }, + "Version": "v1.5.3", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/snappy@v0.0.4", + "Name": "github.com/golang/snappy", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/snappy@v0.0.4", + "UID": "7e078c592c4b0322" + }, + "Version": "v0.0.4", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/gnostic-models@v0.6.8", + "Name": "github.com/google/gnostic-models", + "Identifier": { + "PURL": "pkg:golang/github.com/google/gnostic-models@v0.6.8", + "UID": "8a7c6a6cdec8309f" + }, + "Version": "v0.6.8", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/go-cmp@v0.6.0", + "Name": "github.com/google/go-cmp", + "Identifier": { + "PURL": "pkg:golang/github.com/google/go-cmp@v0.6.0", + "UID": "54b39525e7b92c0d" + }, + "Version": "v0.6.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/go-querystring@v1.1.0", + "Name": "github.com/google/go-querystring", + "Identifier": { + "PURL": "pkg:golang/github.com/google/go-querystring@v1.1.0", + "UID": "e19993adab7620c7" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/gofuzz@v1.2.0", + "Name": "github.com/google/gofuzz", + "Identifier": { + "PURL": "pkg:golang/github.com/google/gofuzz@v1.2.0", + "UID": "1fac4cc5a7a7f64a" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/s2a-go@v0.1.7", + "Name": "github.com/google/s2a-go", + "Identifier": { + "PURL": "pkg:golang/github.com/google/s2a-go@v0.1.7", + "UID": "5a0b4c7f9b1ed76" + }, + "Version": "v0.1.7", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/uuid@v1.5.0", + "Name": "github.com/google/uuid", + "Identifier": { + "PURL": "pkg:golang/github.com/google/uuid@v1.5.0", + "UID": "7f879838e5ad5034" + }, + "Version": "v1.5.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/googleapis/enterprise-certificate-proxy@v0.3.2", + "Name": "github.com/googleapis/enterprise-certificate-proxy", + "Identifier": { + "PURL": "pkg:golang/github.com/googleapis/enterprise-certificate-proxy@v0.3.2", + "UID": "d26a675653271353" + }, + "Version": "v0.3.2", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/googleapis/gax-go/v2@v2.12.0", + "Name": "github.com/googleapis/gax-go/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/googleapis/gax-go/v2@v2.12.0", + "UID": "9acae0a552bcb8bc" + }, + "Version": "v2.12.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/grpc-ecosystem/go-grpc-prometheus@v1.2.0", + "Name": "github.com/grpc-ecosystem/go-grpc-prometheus", + "Identifier": { + "PURL": "pkg:golang/github.com/grpc-ecosystem/go-grpc-prometheus@v1.2.0", + "UID": "45e8215b10cf05ce" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/grpc-ecosystem/grpc-gateway/v2@v2.18.1", + "Name": "github.com/grpc-ecosystem/grpc-gateway/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/grpc-ecosystem/grpc-gateway/v2@v2.18.1", + "UID": "280851d8bc6bfc6c" + }, + "Version": "v2.18.1", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/errwrap@v1.1.0", + "Name": "github.com/hashicorp/errwrap", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/errwrap@v1.1.0", + "UID": "5d1f31f82ed706f3" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-cleanhttp@v0.5.2", + "Name": "github.com/hashicorp/go-cleanhttp", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-cleanhttp@v0.5.2", + "UID": "5801c4e499a74427" + }, + "Version": "v0.5.2", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-multierror@v1.1.1", + "Name": "github.com/hashicorp/go-multierror", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-multierror@v1.1.1", + "UID": "accefdc013dd4949" + }, + "Version": "v1.1.1", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-retryablehttp@v0.7.5", + "Name": "github.com/hashicorp/go-retryablehttp", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-retryablehttp@v0.7.5", + "UID": "28e78537240ba17f" + }, + "Version": "v0.7.5", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-rootcerts@v1.0.2", + "Name": "github.com/hashicorp/go-rootcerts", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-rootcerts@v1.0.2", + "UID": "3292fb2ded472dd2" + }, + "Version": "v1.0.2", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.8", + "Name": "github.com/hashicorp/go-secure-stdlib/parseutil", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.8", + "UID": "83c60fdbff112cc2" + }, + "Version": "v0.1.8", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2", + "Name": "github.com/hashicorp/go-secure-stdlib/strutil", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2", + "UID": "e379de6b44a84e06" + }, + "Version": "v0.1.2", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-sockaddr@v1.0.6", + "Name": "github.com/hashicorp/go-sockaddr", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-sockaddr@v1.0.6", + "UID": "2da38f23dc0649fa" + }, + "Version": "v1.0.6", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/hcl@v1.0.1-vault-5", + "Name": "github.com/hashicorp/hcl", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/hcl@v1.0.1-vault-5", + "UID": "1ac47ba1b7e97835" + }, + "Version": "v1.0.1-vault-5", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/vault/api@v1.10.0", + "Name": "github.com/hashicorp/vault/api", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/vault/api@v1.10.0", + "UID": "758e0d8b44ffd49a" + }, + "Version": "v1.10.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/vault/sdk@v0.10.2", + "Name": "github.com/hashicorp/vault/sdk", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/vault/sdk@v0.10.2", + "UID": "613805a9dd8bbbae" + }, + "Version": "v0.10.2", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/imdario/mergo@v0.3.16", + "Name": "github.com/imdario/mergo", + "Identifier": { + "PURL": "pkg:golang/github.com/imdario/mergo@v0.3.16", + "UID": "53ff5d2e2fa5996d" + }, + "Version": "v0.3.16", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jmespath/go-jmespath@v0.4.1-0.20220621161143-b0104c826a24", + "Name": "github.com/jmespath/go-jmespath", + "Identifier": { + "PURL": "pkg:golang/github.com/jmespath/go-jmespath@v0.4.1-0.20220621161143-b0104c826a24", + "UID": "6bed7fa4081794e2" + }, + "Version": "v0.4.1-0.20220621161143-b0104c826a24", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/josharian/intern@v1.0.0", + "Name": "github.com/josharian/intern", + "Identifier": { + "PURL": "pkg:golang/github.com/josharian/intern@v1.0.0", + "UID": "45a23162a0822329" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/json-iterator/go@v1.1.12", + "Name": "github.com/json-iterator/go", + "Identifier": { + "PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12", + "UID": "223b96cdf6a71119" + }, + "Version": "v1.1.12", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/kr/pretty@v0.3.1", + "Name": "github.com/kr/pretty", + "Identifier": { + "PURL": "pkg:golang/github.com/kr/pretty@v0.3.1", + "UID": "3c2d28ace45256a3" + }, + "Version": "v0.3.1", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/kr/text@v0.2.0", + "Name": "github.com/kr/text", + "Identifier": { + "PURL": "pkg:golang/github.com/kr/text@v0.2.0", + "UID": "6ba44309ba29ec88" + }, + "Version": "v0.2.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/kylelemons/godebug@v1.1.0", + "Name": "github.com/kylelemons/godebug", + "Identifier": { + "PURL": "pkg:golang/github.com/kylelemons/godebug@v1.1.0", + "UID": "a86d2f2f4f246156" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mailru/easyjson@v0.7.7", + "Name": "github.com/mailru/easyjson", + "Identifier": { + "PURL": "pkg:golang/github.com/mailru/easyjson@v0.7.7", + "UID": "a5491098e3cbccf5" + }, + "Version": "v0.7.7", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/matttproud/golang_protobuf_extensions/v2@v2.0.0", + "Name": "github.com/matttproud/golang_protobuf_extensions/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/matttproud/golang_protobuf_extensions/v2@v2.0.0", + "UID": "b5a44b9d1c6294f1" + }, + "Version": "v2.0.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/miekg/dns@v1.1.57", + "Name": "github.com/miekg/dns", + "Identifier": { + "PURL": "pkg:golang/github.com/miekg/dns@v1.1.57", + "UID": "d495a0c4ce11ad3a" + }, + "Version": "v1.1.57", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mitchellh/go-homedir@v1.1.0", + "Name": "github.com/mitchellh/go-homedir", + "Identifier": { + "PURL": "pkg:golang/github.com/mitchellh/go-homedir@v1.1.0", + "UID": "bc8f751bc72d580a" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mitchellh/mapstructure@v1.5.0", + "Name": "github.com/mitchellh/mapstructure", + "Identifier": { + "PURL": "pkg:golang/github.com/mitchellh/mapstructure@v1.5.0", + "UID": "4f54f236d4dc2313" + }, + "Version": "v1.5.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "Name": "github.com/modern-go/concurrent", + "Identifier": { + "PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "UID": "e89115163961c6ef" + }, + "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/modern-go/reflect2@v1.0.2", + "Name": "github.com/modern-go/reflect2", + "Identifier": { + "PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.2", + "UID": "1fca3983966c588b" + }, + "Version": "v1.0.2", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "Name": "github.com/munnerz/goautoneg", + "Identifier": { + "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "UID": "d0016464c51c3b0d" + }, + "Version": "v0.0.0-20191010083416-a7dc8b61c822", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/patrickmn/go-cache@v2.1.0+incompatible", + "Name": "github.com/patrickmn/go-cache", + "Identifier": { + "PURL": "pkg:golang/github.com/patrickmn/go-cache@v2.1.0%2Bincompatible", + "UID": "d3d65881a29d92ab" + }, + "Version": "v2.1.0+incompatible", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pavlo-v-chernykh/keystore-go/v4@v4.5.0", + "Name": "github.com/pavlo-v-chernykh/keystore-go/v4", + "Identifier": { + "PURL": "pkg:golang/github.com/pavlo-v-chernykh/keystore-go/v4@v4.5.0", + "UID": "71e6d9e17b4784b3" + }, + "Version": "v4.5.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pierrec/lz4@v2.6.1+incompatible", + "Name": "github.com/pierrec/lz4", + "Identifier": { + "PURL": "pkg:golang/github.com/pierrec/lz4@v2.6.1%2Bincompatible", + "UID": "5385bb95c0ec991c" + }, + "Version": "v2.6.1+incompatible", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pkg/browser@v0.0.0-20210911075715-681adbf594b8", + "Name": "github.com/pkg/browser", + "Identifier": { + "PURL": "pkg:golang/github.com/pkg/browser@v0.0.0-20210911075715-681adbf594b8", + "UID": "8729f43896363e5a" + }, + "Version": "v0.0.0-20210911075715-681adbf594b8", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pkg/errors@v0.9.1", + "Name": "github.com/pkg/errors", + "Identifier": { + "PURL": "pkg:golang/github.com/pkg/errors@v0.9.1", + "UID": "d94c1278e904aa0f" + }, + "Version": "v0.9.1", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_golang@v1.18.0", + "Name": "github.com/prometheus/client_golang", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.18.0", + "UID": "22c2d88bc03e3200" + }, + "Version": "v1.18.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_model@v0.5.0", + "Name": "github.com/prometheus/client_model", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_model@v0.5.0", + "UID": "c499d6bf760ac096" + }, + "Version": "v0.5.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/common@v0.45.0", + "Name": "github.com/prometheus/common", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/common@v0.45.0", + "UID": "e3fb58abeb182bd4" + }, + "Version": "v0.45.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/procfs@v0.12.0", + "Name": "github.com/prometheus/procfs", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/procfs@v0.12.0", + "UID": "8852c3f50889c68e" + }, + "Version": "v0.12.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/rogpeppe/go-internal@v1.12.0", + "Name": "github.com/rogpeppe/go-internal", + "Identifier": { + "PURL": "pkg:golang/github.com/rogpeppe/go-internal@v1.12.0", + "UID": "11e2d55a801d4aed" + }, + "Version": "v1.12.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/ryanuber/go-glob@v1.0.0", + "Name": "github.com/ryanuber/go-glob", + "Identifier": { + "PURL": "pkg:golang/github.com/ryanuber/go-glob@v1.0.0", + "UID": "8046613387d35e29" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/sirupsen/logrus@v1.9.3", + "Name": "github.com/sirupsen/logrus", + "Identifier": { + "PURL": "pkg:golang/github.com/sirupsen/logrus@v1.9.3", + "UID": "e333932de5a0737d" + }, + "Version": "v1.9.3", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/sosodev/duration@v1.2.0", + "Name": "github.com/sosodev/duration", + "Identifier": { + "PURL": "pkg:golang/github.com/sosodev/duration@v1.2.0", + "UID": "22290ff139a2ae6" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/cobra@v1.8.0", + "Name": "github.com/spf13/cobra", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/cobra@v1.8.0", + "UID": "ca9fe2f7ce95ef0c" + }, + "Version": "v1.8.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/pflag@v1.0.5", + "Name": "github.com/spf13/pflag", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.5", + "UID": "1227c848d7c08941" + }, + "Version": "v1.0.5", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/youmark/pkcs8@v0.0.0-20201027041543-1326539a0a0a", + "Name": "github.com/youmark/pkcs8", + "Identifier": { + "PURL": "pkg:golang/github.com/youmark/pkcs8@v0.0.0-20201027041543-1326539a0a0a", + "UID": "db1b0e66309d5828" + }, + "Version": "v0.0.0-20201027041543-1326539a0a0a", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.etcd.io/etcd/api/v3@v3.5.11", + "Name": "go.etcd.io/etcd/api/v3", + "Identifier": { + "PURL": "pkg:golang/go.etcd.io/etcd/api/v3@v3.5.11", + "UID": "2d4e24920c41c356" + }, + "Version": "v3.5.11", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.etcd.io/etcd/client/pkg/v3@v3.5.11", + "Name": "go.etcd.io/etcd/client/pkg/v3", + "Identifier": { + "PURL": "pkg:golang/go.etcd.io/etcd/client/pkg/v3@v3.5.11", + "UID": "7578eba5e8484c0b" + }, + "Version": "v3.5.11", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.etcd.io/etcd/client/v3@v3.5.11", + "Name": "go.etcd.io/etcd/client/v3", + "Identifier": { + "PURL": "pkg:golang/go.etcd.io/etcd/client/v3@v3.5.11", + "UID": "9a3ef074059cf5fa" + }, + "Version": "v3.5.11", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opencensus.io@v0.24.0", + "Name": "go.opencensus.io", + "Identifier": { + "PURL": "pkg:golang/go.opencensus.io@v0.24.0", + "UID": "c7166444cf1bb6e7" + }, + "Version": "v0.24.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.46.1", + "Name": "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.46.1", + "UID": "61cabe9bbefbe519" + }, + "Version": "v0.46.1", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.46.1", + "Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.46.1", + "UID": "78b00331a041bf11" + }, + "Version": "v0.46.1", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel@v1.21.0", + "Name": "go.opentelemetry.io/otel", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel@v1.21.0", + "UID": "37d61c488341b72d" + }, + "Version": "v1.21.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.21.0", + "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.21.0", + "UID": "41499d863aa94a8c" + }, + "Version": "v1.21.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.21.0", + "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.21.0", + "UID": "33eab2924be67587" + }, + "Version": "v1.21.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/metric@v1.21.0", + "Name": "go.opentelemetry.io/otel/metric", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/metric@v1.21.0", + "UID": "477dcff201530a6c" + }, + "Version": "v1.21.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/sdk@v1.21.0", + "Name": "go.opentelemetry.io/otel/sdk", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/sdk@v1.21.0", + "UID": "c7b17f2a3d58275f" + }, + "Version": "v1.21.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/trace@v1.21.0", + "Name": "go.opentelemetry.io/otel/trace", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/trace@v1.21.0", + "UID": "15041b7ca33550a8" + }, + "Version": "v1.21.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/proto/otlp@v1.0.0", + "Name": "go.opentelemetry.io/proto/otlp", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/proto/otlp@v1.0.0", + "UID": "943c0620e209a1d5" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/multierr@v1.11.0", + "Name": "go.uber.org/multierr", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/multierr@v1.11.0", + "UID": "c734498054f6a951" + }, + "Version": "v1.11.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/zap@v1.26.0", + "Name": "go.uber.org/zap", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/zap@v1.26.0", + "UID": "dc950a8f9bed7be6" + }, + "Version": "v1.26.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/crypto@v0.22.0", + "Name": "golang.org/x/crypto", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.22.0", + "UID": "5e14ca585b062f40" + }, + "Version": "v0.22.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/net@v0.24.0", + "Name": "golang.org/x/net", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.24.0", + "UID": "3dd087610d725263" + }, + "Version": "v0.24.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/oauth2@v0.15.0", + "Name": "golang.org/x/oauth2", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/oauth2@v0.15.0", + "UID": "e7c0ced0e24d4259" + }, + "Version": "v0.15.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sync@v0.5.0", + "Name": "golang.org/x/sync", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sync@v0.5.0", + "UID": "53e55d13a98a948" + }, + "Version": "v0.5.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sys@v0.19.0", + "Name": "golang.org/x/sys", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sys@v0.19.0", + "UID": "b3f4f35ed893a933" + }, + "Version": "v0.19.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/term@v0.19.0", + "Name": "golang.org/x/term", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/term@v0.19.0", + "UID": "9f6a8800524b2c77" + }, + "Version": "v0.19.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/text@v0.14.0", + "Name": "golang.org/x/text", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/text@v0.14.0", + "UID": "69887f6c848b4561" + }, + "Version": "v0.14.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/time@v0.5.0", + "Name": "golang.org/x/time", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/time@v0.5.0", + "UID": "e4d5c3456429d151" + }, + "Version": "v0.5.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/api@v0.154.0", + "Name": "google.golang.org/api", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/api@v0.154.0", + "UID": "2d0cb857884164ff" + }, + "Version": "v0.154.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/genproto/googleapis/api@v0.0.0-20240102182953-50ed04b92917", + "Name": "google.golang.org/genproto/googleapis/api", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/genproto/googleapis/api@v0.0.0-20240102182953-50ed04b92917", + "UID": "8f135aaab691d7ca" + }, + "Version": "v0.0.0-20240102182953-50ed04b92917", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/genproto/googleapis/rpc@v0.0.0-20240102182953-50ed04b92917", + "Name": "google.golang.org/genproto/googleapis/rpc", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/genproto/googleapis/rpc@v0.0.0-20240102182953-50ed04b92917", + "UID": "6c088cce25d827ce" + }, + "Version": "v0.0.0-20240102182953-50ed04b92917", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/grpc@v1.60.1", + "Name": "google.golang.org/grpc", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/grpc@v1.60.1", + "UID": "3b775a1a9b723c5f" + }, + "Version": "v1.60.1", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/protobuf@v1.33.0", + "Name": "google.golang.org/protobuf", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/protobuf@v1.33.0", + "UID": "b6b6a24a7bbcde73" + }, + "Version": "v1.33.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/inf.v0@v0.9.1", + "Name": "gopkg.in/inf.v0", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/inf.v0@v0.9.1", + "UID": "1f0b2021ba7d6f43" + }, + "Version": "v0.9.1", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/ini.v1@v1.67.0", + "Name": "gopkg.in/ini.v1", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/ini.v1@v1.67.0", + "UID": "7aaadc35baa0e63e" + }, + "Version": "v1.67.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v2@v2.4.0", + "Name": "gopkg.in/yaml.v2", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", + "UID": "bf72a021aa7ca005" + }, + "Version": "v2.4.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v3@v3.0.1", + "Name": "gopkg.in/yaml.v3", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", + "UID": "9702445cfb9e2049" + }, + "Version": "v3.0.1", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/api@v0.29.0", + "Name": "k8s.io/api", + "Identifier": { + "PURL": "pkg:golang/k8s.io/api@v0.29.0", + "UID": "278d95fba053c868" + }, + "Version": "v0.29.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/apiextensions-apiserver@v0.29.0", + "Name": "k8s.io/apiextensions-apiserver", + "Identifier": { + "PURL": "pkg:golang/k8s.io/apiextensions-apiserver@v0.29.0", + "UID": "bcb44e1e63094410" + }, + "Version": "v0.29.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/apimachinery@v0.29.0", + "Name": "k8s.io/apimachinery", + "Identifier": { + "PURL": "pkg:golang/k8s.io/apimachinery@v0.29.0", + "UID": "39de2f586ea55bac" + }, + "Version": "v0.29.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/apiserver@v0.29.0", + "Name": "k8s.io/apiserver", + "Identifier": { + "PURL": "pkg:golang/k8s.io/apiserver@v0.29.0", + "UID": "43b70b02d81d0d63" + }, + "Version": "v0.29.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/client-go@v0.29.0", + "Name": "k8s.io/client-go", + "Identifier": { + "PURL": "pkg:golang/k8s.io/client-go@v0.29.0", + "UID": "c434fafdb5a1c7ce" + }, + "Version": "v0.29.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/component-base@v0.29.0", + "Name": "k8s.io/component-base", + "Identifier": { + "PURL": "pkg:golang/k8s.io/component-base@v0.29.0", + "UID": "77587dc539808776" + }, + "Version": "v0.29.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/klog/v2@v2.110.1", + "Name": "k8s.io/klog/v2", + "Identifier": { + "PURL": "pkg:golang/k8s.io/klog/v2@v2.110.1", + "UID": "dc0a29adf634827b" + }, + "Version": "v2.110.1", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/kube-openapi@v0.0.0-20240103051144-eec4567ac022", + "Name": "k8s.io/kube-openapi", + "Identifier": { + "PURL": "pkg:golang/k8s.io/kube-openapi@v0.0.0-20240103051144-eec4567ac022", + "UID": "e030f9e9ceb0e0a2" + }, + "Version": "v0.0.0-20240103051144-eec4567ac022", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/utils@v0.0.0-20240102154912-e7106e64919e", + "Name": "k8s.io/utils", + "Identifier": { + "PURL": "pkg:golang/k8s.io/utils@v0.0.0-20240102154912-e7106e64919e", + "UID": "dc79ed9998c991aa" + }, + "Version": "v0.0.0-20240102154912-e7106e64919e", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/apiserver-network-proxy/konnectivity-client@v0.29.0", + "Name": "sigs.k8s.io/apiserver-network-proxy/konnectivity-client", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/apiserver-network-proxy/konnectivity-client@v0.29.0", + "UID": "c6171ea3cc584341" + }, + "Version": "v0.29.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/gateway-api@v1.0.0", + "Name": "sigs.k8s.io/gateway-api", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/gateway-api@v1.0.0", + "UID": "1cad5e565953c35b" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", + "Name": "sigs.k8s.io/json", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", + "UID": "64e2ddea624d801a" + }, + "Version": "v0.0.0-20221116044647-bc3834ca7abd", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/structured-merge-diff/v4@v4.4.1", + "Name": "sigs.k8s.io/structured-merge-diff/v4", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/structured-merge-diff/v4@v4.4.1", + "UID": "f17831a24d9717ea" + }, + "Version": "v4.4.1", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/yaml@v1.4.0", + "Name": "sigs.k8s.io/yaml", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/yaml@v1.4.0", + "UID": "ef6d918b3a755417" + }, + "Version": "v1.4.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "software.sslmate.com/src/go-pkcs12@v0.4.0", + "Name": "software.sslmate.com/src/go-pkcs12", + "Identifier": { + "PURL": "pkg:golang/software.sslmate.com/src/go-pkcs12@v0.4.0", + "UID": "18c957070ecf74c1" + }, + "Version": "v0.4.0", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2024-35255", + "VendorIDs": [ + "GHSA-m5vv-6r4h-3vj9" + ], + "PkgID": "github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.4.0", + "PkgName": "github.com/Azure/azure-sdk-for-go/sdk/azidentity", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azidentity@v1.4.0", + "UID": "3a24e7a4b81c6d6" + }, + "InstalledVersion": "v1.4.0", + "FixedVersion": "1.6.0-beta.4.0.20240610221955-50774cd97099", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35255", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:1605c38610e61dcf04c8d24ca0f41a21743105453a31d8cf9e75cbb90d232ad0", + "Title": "azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity", + "Description": "Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", + "V3Score": 5.5, + "V40Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-35255", + "https://github.com/Azure/azure-sdk-for-go/commit/50774cd9709905523136fb05e8c85a50e8984499", + "https://github.com/Azure/azure-sdk-for-java/commit/5bf020d6ea056de40e2738e3647a4e06f902c18d", + "https://github.com/Azure/azure-sdk-for-js/commit/c6aa75d312ae463e744163cedfd8fc480cc8d492", + "https://github.com/Azure/azure-sdk-for-net/commit/9279a4f38bf69b457cfb9b354f210e0a540a5c53", + "https://github.com/Azure/azure-sdk-for-python/commit/cb065acd7d0f957327dc4f02d1646d4e51a94178", + "https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4806#issuecomment-2178960340", + "https://github.com/advisories/GHSA-m5vv-6r4h-3vj9", + "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255", + "https://nvd.nist.gov/vuln/detail/CVE-2024-35255", + "https://www.cve.org/CVERecord?id=CVE-2024-35255" + ], + "PublishedDate": "2024-06-11T17:16:03.55Z", + "LastModifiedDate": "2024-11-21T09:20:01.923Z" + }, + { + "VulnerabilityID": "CVE-2026-32952", + "VendorIDs": [ + "GHSA-pjcq-xvwq-hhpj" + ], + "PkgID": "github.com/Azure/go-ntlmssp@v0.0.0-20221128193559-754e69321358", + "PkgName": "github.com/Azure/go-ntlmssp", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/azure/go-ntlmssp@v0.0.0-20221128193559-754e69321358", + "UID": "fa8edb00e0957101" + }, + "InstalledVersion": "v0.0.0-20221128193559-754e69321358", + "FixedVersion": "0.1.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32952", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:0ba31604bb1cf5496d34080b5ed0f6965435f7385083938175ff907422cb2706", + "Title": "go-ntlmssp: go-ntlmssp: Denial of Service via malicious NTLM challenge", + "Description": "go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1 patches the issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32952", + "https://github.com/Azure/go-ntlmssp", + "https://github.com/Azure/go-ntlmssp/releases/tag/v0.1.1", + "https://github.com/Azure/go-ntlmssp/security/advisories/GHSA-pjcq-xvwq-hhpj", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32952", + "https://www.cve.org/CVERecord?id=CVE-2026-32952" + ], + "PublishedDate": "2026-04-24T03:16:07.833Z", + "LastModifiedDate": "2026-05-21T18:22:06.247Z" + }, + { + "VulnerabilityID": "CVE-2026-34986", + "VendorIDs": [ + "GHSA-78h2-9frx-2jm8" + ], + "PkgID": "github.com/go-jose/go-jose/v3@v3.0.3", + "PkgName": "github.com/go-jose/go-jose/v3", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/go-jose/go-jose/v3@v3.0.3", + "UID": "373516391f2c053d" + }, + "InstalledVersion": "v3.0.3", + "FixedVersion": "3.0.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34986", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:e6c89074c69d5c59bf715943c6aa9aaebd738d629b935862ecd1616b553c6f93", + "Title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object", + "Description": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-248" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "ghsa": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:10135", + "https://access.redhat.com/security/cve/CVE-2026-34986", + "https://bugzilla.redhat.com/2455470", + "https://bugzilla.redhat.com/show_bug.cgi?id=2455470", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34986", + "https://errata.almalinux.org/9/ALSA-2026-10135.html", + "https://errata.rockylinux.org/RLSA-2026:10135", + "https://github.com/go-jose/go-jose", + "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8", + "https://linux.oracle.com/cve/CVE-2026-34986.html", + "https://linux.oracle.com/errata/ELSA-2026-10135.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-34986", + "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants", + "https://www.cve.org/CVERecord?id=CVE-2026-34986" + ], + "PublishedDate": "2026-04-06T17:17:11.87Z", + "LastModifiedDate": "2026-05-04T15:20:44.337Z" + }, + { + "VulnerabilityID": "CVE-2025-27144", + "VendorIDs": [ + "GHSA-c6gw-w398-hv78" + ], + "PkgID": "github.com/go-jose/go-jose/v3@v3.0.3", + "PkgName": "github.com/go-jose/go-jose/v3", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/go-jose/go-jose/v3@v3.0.3", + "UID": "373516391f2c053d" + }, + "InstalledVersion": "v3.0.3", + "FixedVersion": "3.0.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-27144", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:dece0c88ca5f13b83041c846ce72cdd9f6be23f557838ab4913300b9120cb172", + "Title": "go-jose: Go JOSE's Parsing Vulnerable to Denial of Service", + "Description": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", + "V40Score": 6.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7397", + "https://access.redhat.com/security/cve/CVE-2025-27144", + "https://bugzilla.redhat.com/2347423", + "https://bugzilla.redhat.com/show_bug.cgi?id=2347423", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27144", + "https://errata.almalinux.org/9/ALSA-2025-7397.html", + "https://errata.rockylinux.org/RLSA-2025:7397", + "https://github.com/go-jose/go-jose", + "https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22", + "https://github.com/go-jose/go-jose/releases/tag/v4.0.5", + "https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78", + "https://github.com/golang/go/issues/71490", + "https://go.dev/issue/71490", + "https://linux.oracle.com/cve/CVE-2025-27144.html", + "https://linux.oracle.com/errata/ELSA-2025-7467.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-27144", + "https://www.cve.org/CVERecord?id=CVE-2025-27144" + ], + "PublishedDate": "2025-02-24T23:15:11.427Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-30204", + "VendorIDs": [ + "GHSA-mh63-6h87-95cp" + ], + "PkgID": "github.com/golang-jwt/jwt/v5@v5.0.0", + "PkgName": "github.com/golang-jwt/jwt/v5", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/golang-jwt/jwt/v5@v5.0.0", + "UID": "f2e87551a6c076a5" + }, + "InstalledVersion": "v5.0.0", + "FixedVersion": "5.2.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-30204", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:a9664a5c00f70aaff63ae6825b48baf439f344bac67505498a4d782788017806", + "Title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing", + "Description": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-405" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V3Score": 7.5, + "V40Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7425", + "https://access.redhat.com/security/cve/CVE-2025-30204", + "https://bugzilla.redhat.com/2354195", + "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204", + "https://errata.almalinux.org/9/ALSA-2025-7425.html", + "https://errata.rockylinux.org/RLSA-2025:3411", + "https://github.com/golang-jwt/jwt", + "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3", + "https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb", + "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp", + "https://linux.oracle.com/cve/CVE-2025-30204.html", + "https://linux.oracle.com/errata/ELSA-2025-7967.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-30204", + "https://pkg.go.dev/vuln/GO-2025-3553", + "https://security.netapp.com/advisory/ntap-20250404-0002", + "https://security.netapp.com/advisory/ntap-20250404-0002/", + "https://www.cve.org/CVERecord?id=CVE-2025-30204" + ], + "PublishedDate": "2025-03-21T22:15:26.42Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-6104", + "VendorIDs": [ + "GHSA-v6v8-xj6m-xwqh" + ], + "PkgID": "github.com/hashicorp/go-retryablehttp@v0.7.5", + "PkgName": "github.com/hashicorp/go-retryablehttp", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-retryablehttp@v0.7.5", + "UID": "28e78537240ba17f" + }, + "InstalledVersion": "v0.7.5", + "FixedVersion": "0.7.7", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-6104", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:d17a9a64403ac7870aa81fa54d6538df559ab8e5c3009f7abf774b799e201d95", + "Title": "go-retryablehttp: url might write sensitive information to log file", + "Description": "go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-532" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "nvd": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:9115", + "https://access.redhat.com/security/cve/CVE-2024-6104", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2292668", + "https://bugzilla.redhat.com/2292787", + "https://bugzilla.redhat.com/2294000", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262921", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268021", + "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", + "https://bugzilla.redhat.com/show_bug.cgi?id=2292668", + "https://bugzilla.redhat.com/show_bug.cgi?id=2294000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295010", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24784", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3727", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37298", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6104", + "https://discuss.hashicorp.com/c/security", + "https://discuss.hashicorp.com/t/hcsec-2024-12-go-retryablehttp-can-leak-basic-auth-credentials-to-log-files/68027", + "https://errata.almalinux.org/9/ALSA-2024-9115.html", + "https://errata.rockylinux.org/RLSA-2024:5258", + "https://github.com/advisories/GHSA-v6v8-xj6m-xwqh", + "https://github.com/hashicorp/go-retryablehttp", + "https://github.com/hashicorp/go-retryablehttp/commit/a99f07beb3c5faaa0a283617e6eb6bcf25f5049a", + "https://github.com/hashicorp/go-retryablehttp/pull/158", + "https://linux.oracle.com/cve/CVE-2024-6104.html", + "https://linux.oracle.com/errata/ELSA-2024-9115.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-6104", + "https://www.cve.org/CVERecord?id=CVE-2024-6104" + ], + "PublishedDate": "2024-06-24T17:15:11.087Z", + "LastModifiedDate": "2024-11-21T09:48:58.263Z" + }, + { + "VulnerabilityID": "CVE-2026-24051", + "VendorIDs": [ + "GHSA-9h8m-3fm2-qjrq" + ], + "PkgID": "go.opentelemetry.io/otel/sdk@v1.21.0", + "PkgName": "go.opentelemetry.io/otel/sdk", + "PkgIdentifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/sdk@v1.21.0", + "UID": "c7b17f2a3d58275f" + }, + "InstalledVersion": "v1.21.0", + "FixedVersion": "1.40.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24051", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:e71df8e48f11b55314833eb1478af69e0543a5700cb31ed32b5de0f72da7939c", + "Title": "OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking", + "Description": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking (Untrusted Search Paths) on macOS/Darwin systems. The resource detection code in sdk/resource/host_id.go executes the ioreg system command using a search path. An attacker with the ability to locally modify the PATH environment variable can achieve Arbitrary Code Execution (ACE) within the context of the application. A fix was released with v1.40.0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-426" + ], + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://github.com/open-telemetry/opentelemetry-go", + "https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53", + "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-9h8m-3fm2-qjrq", + "https://nvd.nist.gov/vuln/detail/CVE-2026-24051", + "https://pkg.go.dev/vuln/GO-2026-4394" + ], + "PublishedDate": "2026-02-02T23:16:07.963Z", + "LastModifiedDate": "2026-02-27T20:32:10.693Z" + }, + { + "VulnerabilityID": "CVE-2026-39883", + "VendorIDs": [ + "GHSA-hfvc-g4fc-pqhx" + ], + "PkgID": "go.opentelemetry.io/otel/sdk@v1.21.0", + "PkgName": "go.opentelemetry.io/otel/sdk", + "PkgIdentifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/sdk@v1.21.0", + "UID": "c7b17f2a3d58275f" + }, + "InstalledVersion": "v1.21.0", + "FixedVersion": "1.43.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39883", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:9da49c9fa07fdb73cf5c51b2bd05d1562ddb4a213627e1c0e71066a36a5a3d5e", + "Title": "opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking", + "Description": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This vulnerability is fixed in 1.43.0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-426" + ], + "VendorSeverity": { + "ghsa": 3, + "nvd": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", + "V40Score": 7.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0", + "https://github.com/open-telemetry/opentelemetry-go", + "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-hfvc-g4fc-pqhx", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39883" + ], + "PublishedDate": "2026-04-08T21:17:00.697Z", + "LastModifiedDate": "2026-04-10T21:16:27.12Z" + }, + { + "VulnerabilityID": "CVE-2024-45337", + "VendorIDs": [ + "GHSA-v778-237x-gjrc" + ], + "PkgID": "golang.org/x/crypto@v0.22.0", + "PkgName": "golang.org/x/crypto", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.22.0", + "UID": "5e14ca585b062f40" + }, + "InstalledVersion": "v0.22.0", + "FixedVersion": "0.31.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45337", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:7cd04fdef460c37237dc860487f572bc151e055ab248d389f723926e74ada509", + "Title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto", + "Description": "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.", + "Severity": "CRITICAL", + "VendorSeverity": { + "amazon": 3, + "azure": 4, + "cbl-mariner": 4, + "ghsa": 4, + "redhat": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", + "V3Score": 8.2 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/12/11/2", + "https://access.redhat.com/security/cve/CVE-2024-45337", + "https://github.com/golang/crypto", + "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909", + "https://go-review.googlesource.com/c/crypto/+/635315/", + "https://go.dev/cl/635315", + "https://go.dev/issue/70779", + "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2024-45337", + "https://pkg.go.dev/vuln/GO-2024-3321", + "https://security.netapp.com/advisory/ntap-20250131-0007", + "https://security.netapp.com/advisory/ntap-20250131-0007/", + "https://ubuntu.com/security/notices/USN-7839-1", + "https://ubuntu.com/security/notices/USN-7839-2", + "https://www.cve.org/CVERecord?id=CVE-2024-45337" + ], + "PublishedDate": "2024-12-12T02:02:07.97Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22869", + "VendorIDs": [ + "GHSA-hcg3-q754-cr77" + ], + "PkgID": "golang.org/x/crypto@v0.22.0", + "PkgName": "golang.org/x/crypto", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.22.0", + "UID": "5e14ca585b062f40" + }, + "InstalledVersion": "v0.22.0", + "FixedVersion": "0.35.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22869", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:010b05ddc64dcca3c5f8d50e49f05557e3ce13e662db7917ecb248eea9c325f1", + "Title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh", + "Description": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:3833", + "https://access.redhat.com/security/cve/CVE-2025-22869", + "https://bugzilla.redhat.com/2348367", + "https://bugzilla.redhat.com/show_bug.cgi?id=2348367", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869", + "https://errata.almalinux.org/9/ALSA-2025-3833.html", + "https://errata.rockylinux.org/RLSA-2025:7416", + "https://github.com/golang/crypto", + "https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22", + "https://go-review.googlesource.com/c/crypto/+/652135", + "https://go.dev/cl/652135", + "https://go.dev/issue/71931", + "https://linux.oracle.com/cve/CVE-2025-22869.html", + "https://linux.oracle.com/errata/ELSA-2025-7484.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22869", + "https://pkg.go.dev/vuln/GO-2025-3487", + "https://security.netapp.com/advisory/ntap-20250411-0010", + "https://security.netapp.com/advisory/ntap-20250411-0010/", + "https://www.cve.org/CVERecord?id=CVE-2025-22869" + ], + "PublishedDate": "2025-02-26T08:14:24.997Z", + "LastModifiedDate": "2025-05-01T19:28:20.74Z" + }, + { + "VulnerabilityID": "CVE-2025-47914", + "VendorIDs": [ + "GHSA-f6x5-jh6r-wrfv" + ], + "PkgID": "golang.org/x/crypto@v0.22.0", + "PkgName": "golang.org/x/crypto", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.22.0", + "UID": "5e14ca585b062f40" + }, + "InstalledVersion": "v0.22.0", + "FixedVersion": "0.45.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47914", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:0e869f1080f4f6d88d692c1b18db205d1e882c66fe6a86d0db8f327f10ebb5ff", + "Title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages", + "Description": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "amazon": 2, + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-47914", + "https://go.dev/cl/721960", + "https://go.dev/issue/76364", + "https://go.googlesource.com/crypto", + "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47914", + "https://pkg.go.dev/vuln/GO-2025-4135", + "https://www.cve.org/CVERecord?id=CVE-2025-47914" + ], + "PublishedDate": "2025-11-19T21:15:50.517Z", + "LastModifiedDate": "2025-12-11T19:36:41.373Z" + }, + { + "VulnerabilityID": "CVE-2025-58181", + "VendorIDs": [ + "GHSA-j5w8-q4qc-rx2x" + ], + "PkgID": "golang.org/x/crypto@v0.22.0", + "PkgName": "golang.org/x/crypto", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.22.0", + "UID": "5e14ca585b062f40" + }, + "InstalledVersion": "v0.22.0", + "FixedVersion": "0.45.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58181", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:c3e71a8462e1ef3beb8f2f60b28c6bff9453013c21e350abcbed168df0aa7b1a", + "Title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication", + "Description": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-58181", + "https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c", + "https://github.com/golang/go/issues/76363", + "https://go.dev/cl/721961", + "https://go.dev/issue/76363", + "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA", + "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA?pli=1", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58181", + "https://pkg.go.dev/vuln/GO-2025-4134", + "https://ubuntu.com/security/notices/USN-7956-1", + "https://www.cve.org/CVERecord?id=CVE-2025-58181" + ], + "PublishedDate": "2025-11-19T21:15:50.85Z", + "LastModifiedDate": "2025-12-11T19:29:24.9Z" + }, + { + "VulnerabilityID": "CVE-2025-22870", + "VendorIDs": [ + "GHSA-qxp5-gwg8-xv66" + ], + "PkgID": "golang.org/x/net@v0.24.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.24.0", + "UID": "3dd087610d725263" + }, + "InstalledVersion": "v0.24.0", + "FixedVersion": "0.36.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:77570f66d268e4a416376470a7ef414a37a936feda35d9edadd37515e6c57135", + "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", + "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-115" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/03/07/2", + "https://access.redhat.com/security/cve/CVE-2025-22870", + "https://github.com/golang/go/issues/71984", + "https://go-review.googlesource.com/q/project:net", + "https://go.dev/cl/654697", + "https://go.dev/issue/71984", + "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", + "https://pkg.go.dev/vuln/GO-2025-3503", + "https://security.netapp.com/advisory/ntap-20250509-0007", + "https://security.netapp.com/advisory/ntap-20250509-0007/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22870" + ], + "PublishedDate": "2025-03-12T19:15:38.31Z", + "LastModifiedDate": "2026-04-16T23:16:32.86Z" + }, + { + "VulnerabilityID": "CVE-2025-22872", + "VendorIDs": [ + "GHSA-vvgc-356p-c3xw" + ], + "PkgID": "golang.org/x/net@v0.24.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.24.0", + "UID": "3dd087610d725263" + }, + "InstalledVersion": "v0.24.0", + "FixedVersion": "0.38.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:515f671899047b7d27d0366fd78c870fc2857e5c98cc9c78074f8f8358a9b5e9", + "Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net", + "Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", + "V40Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22872", + "https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9", + "https://github.com/advisories/GHSA-vvgc-356p-c3xw", + "https://go.dev/cl/662715", + "https://go.dev/issue/73070", + "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22872", + "https://pkg.go.dev/vuln/GO-2025-3595", + "https://security.netapp.com/advisory/ntap-20250516-0007", + "https://security.netapp.com/advisory/ntap-20250516-0007/", + "https://ubuntu.com/security/notices/USN-8089-1", + "https://ubuntu.com/security/notices/USN-8089-2", + "https://ubuntu.com/security/notices/USN-8089-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22872" + ], + "PublishedDate": "2025-04-16T18:16:04.183Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22868", + "VendorIDs": [ + "GHSA-6v2p-p543-phr9" + ], + "PkgID": "golang.org/x/oauth2@v0.15.0", + "PkgName": "golang.org/x/oauth2", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/oauth2@v0.15.0", + "UID": "e7c0ced0e24d4259" + }, + "InstalledVersion": "v0.15.0", + "FixedVersion": "0.27.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22868", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:ab59231f61e5b7f8872a88fcbd687e98b2594cb8a5b54bda0e63ea219e9d0f93", + "Title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws", + "Description": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1286" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2347423", + "https://bugzilla.redhat.com/show_bug.cgi?id=2348366", + "https://bugzilla.redhat.com/show_bug.cgi?id=2352914", + "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22868", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27144", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29786", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204", + "https://errata.rockylinux.org/RLSA-2025:7479", + "https://go.dev/cl/652155", + "https://go.dev/issue/71490", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22868", + "https://pkg.go.dev/vuln/GO-2025-3488", + "https://www.cve.org/CVERecord?id=CVE-2025-22868" + ], + "PublishedDate": "2025-02-26T08:14:24.897Z", + "LastModifiedDate": "2025-05-01T19:27:10.43Z" + }, + { + "VulnerabilityID": "CVE-2026-33186", + "VendorIDs": [ + "GHSA-p77j-4mvh-x3m3" + ], + "PkgID": "google.golang.org/grpc@v1.60.1", + "PkgName": "google.golang.org/grpc", + "PkgIdentifier": { + "PURL": "pkg:golang/google.golang.org/grpc@v1.60.1", + "UID": "3b775a1a9b723c5f" + }, + "InstalledVersion": "v1.60.1", + "FixedVersion": "1.79.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33186", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:9f1d25c1ddcca113ac39b648ae3ec391955b85d6e27316e5df131fd4ce4f9434", + "Title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation", + "Description": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-285" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 4, + "photon": 4, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-33186", + "https://github.com/grpc/grpc-go", + "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33186", + "https://www.cve.org/CVERecord?id=CVE-2026-33186" + ], + "PublishedDate": "2026-03-20T23:16:45.18Z", + "LastModifiedDate": "2026-04-10T20:49:17.737Z" + }, + { + "VulnerabilityID": "CVE-2024-24790", + "VendorIDs": [ + "GO-2024-2887" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.21.11, 1.22.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24790", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:476fdaa1f0501c3c9bb45ac2c18146548029f60d3b89f73b3527bb71d0e51411", + "Title": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses", + "Description": "The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.", + "Severity": "CRITICAL", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 4, + "nvd": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 6.7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/06/04/1", + "https://access.redhat.com/errata/RHSA-2025:7256", + "https://access.redhat.com/security/cve/CVE-2024-24790", + "https://bugzilla.redhat.com/2237777", + "https://bugzilla.redhat.com/2237778", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2292787", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/2315719", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", + "https://errata.almalinux.org/9/ALSA-2025-7256.html", + "https://errata.rockylinux.org/RLSA-2025:7256", + "https://github.com/golang/go/commit/051bdf3fd12a40307606ff9381138039c5f452f0 (1.21)", + "https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca (1.22)", + "https://github.com/golang/go/issues/67680", + "https://go.dev/cl/590316", + "https://go.dev/issue/67680", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", + "https://linux.oracle.com/cve/CVE-2024-24790.html", + "https://linux.oracle.com/errata/ELSA-2025-7256.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24790", + "https://pkg.go.dev/vuln/GO-2024-2887", + "https://security.netapp.com/advisory/ntap-20240905-0002/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24790" + ], + "PublishedDate": "2024-06-05T16:15:10.56Z", + "LastModifiedDate": "2024-11-21T08:59:42.813Z" + }, + { + "VulnerabilityID": "CVE-2025-68121", + "VendorIDs": [ + "GO-2026-4337" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a2a09ba43988c010498e23b5b2132e66686e7f02467d0e51b3ec1dde85c8e022", + "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", + "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 4, + "cbl-mariner": 2, + "nvd": 4, + "oracle-oval": 3, + "photon": 4, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-68121", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://github.com/golang/go/issues/77113", + "https://go.dev/cl/737700", + "https://go.dev/issue/77217", + "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-68121.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", + "https://pkg.go.dev/vuln/GO-2026-4337", + "https://www.cve.org/CVERecord?id=CVE-2025-68121" + ], + "PublishedDate": "2026-02-05T18:16:10.857Z", + "LastModifiedDate": "2026-04-29T14:16:16.17Z" + }, + { + "VulnerabilityID": "CVE-2024-34156", + "VendorIDs": [ + "GO-2024-3106" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.22.7, 1.23.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34156", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b6d21e982bda4aa2ce32b8d5df84001a1e7d93e8bb8b141841aca4309878840c", + "Title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion", + "Description": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:3773", + "https://access.redhat.com/security/cve/CVE-2024-34156", + "https://bugzilla.redhat.com/2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.almalinux.org/9/ALSA-2025-3773.html", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7)", + "https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1)", + "https://go.dev/cl/611239", + "https://go.dev/issue/69139", + "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", + "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", + "https://linux.oracle.com/cve/CVE-2024-34156.html", + "https://linux.oracle.com/errata/ELSA-2025-3773.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-34156", + "https://pkg.go.dev/vuln/GO-2024-3106", + "https://security.netapp.com/advisory/ntap-20240926-0004/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-34156" + ], + "PublishedDate": "2024-09-06T21:15:12.02Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61726", + "VendorIDs": [ + "GO-2026-4341" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2df6be654bcd3a359ec0852ef32e8b69a51b2e3d38b16c1f67db107df92f2c71", + "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", + "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 3, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-61726", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://go.dev/cl/736712", + "https://go.dev/issue/77101", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61726.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", + "https://pkg.go.dev/vuln/GO-2026-4341", + "https://www.cve.org/CVERecord?id=CVE-2025-61726" + ], + "PublishedDate": "2026-01-28T20:16:09.713Z", + "LastModifiedDate": "2026-02-06T18:47:34.52Z" + }, + { + "VulnerabilityID": "CVE-2025-61729", + "VendorIDs": [ + "GO-2025-4155" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:468181ef47e8e6655b118b9f71650128eada63c625dd3fb0e2c7fdff21306d27", + "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", + "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 1, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3928", + "https://access.redhat.com/security/cve/CVE-2025-61729", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3928.html", + "https://errata.rockylinux.org/RLSA-2026:3928", + "https://go.dev/cl/725920", + "https://go.dev/issue/76445", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://linux.oracle.com/cve/CVE-2025-61729.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", + "https://pkg.go.dev/vuln/GO-2025-4155", + "https://www.cve.org/CVERecord?id=CVE-2025-61729" + ], + "PublishedDate": "2025-12-02T19:15:51.447Z", + "LastModifiedDate": "2025-12-19T18:25:28.283Z" + }, + { + "VulnerabilityID": "CVE-2026-25679", + "VendorIDs": [ + "GO-2026-4601" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b5539086965d7a86d71dac71f32ac5bd4bb9375a1ae62eaaa7e564153f3e5218", + "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", + "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-425" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9044", + "https://access.redhat.com/security/cve/CVE-2026-25679", + "https://bugzilla.redhat.com/2445356", + "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", + "https://errata.almalinux.org/9/ALSA-2026-9044.html", + "https://errata.rockylinux.org/RLSA-2026:8841", + "https://go.dev/cl/752180", + "https://go.dev/issue/77578", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://linux.oracle.com/cve/CVE-2026-25679.html", + "https://linux.oracle.com/errata/ELSA-2026-9044.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", + "https://pkg.go.dev/vuln/GO-2026-4601", + "https://www.cve.org/CVERecord?id=CVE-2026-25679" + ], + "PublishedDate": "2026-03-06T22:16:00.72Z", + "LastModifiedDate": "2026-04-21T14:43:03.8Z" + }, + { + "VulnerabilityID": "CVE-2026-32280", + "VendorIDs": [ + "GO-2026-4947" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:23852d8c0f0c2342b9f4687e5e4ff186ec933704c84924b078f227f2977c97ee", + "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", + "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32280", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/758320", + "https://go.dev/issue/78282", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32280.html", + "https://linux.oracle.com/errata/ELSA-2026-16875.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", + "https://pkg.go.dev/vuln/GO-2026-4947", + "https://www.cve.org/CVERecord?id=CVE-2026-32280" + ], + "PublishedDate": "2026-04-08T02:16:03.247Z", + "LastModifiedDate": "2026-04-16T19:16:42.18Z" + }, + { + "VulnerabilityID": "CVE-2026-32281", + "VendorIDs": [ + "GO-2026-4946" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d0dba8542e6c8354ec5b4c006fe7826a210fe89856b4ab100203a8a31541bed1", + "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", + "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32281", + "https://go.dev/cl/758061", + "https://go.dev/issue/78281", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", + "https://pkg.go.dev/vuln/GO-2026-4946", + "https://www.cve.org/CVERecord?id=CVE-2026-32281" + ], + "PublishedDate": "2026-04-08T02:16:03.35Z", + "LastModifiedDate": "2026-04-16T19:15:57.75Z" + }, + { + "VulnerabilityID": "CVE-2026-32283", + "VendorIDs": [ + "GO-2026-4870" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:595eae3a310ad2344278ec605f2090e472e10e7d0dcaad83ad3e5986d6f449b3", + "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", + "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32283", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763767", + "https://go.dev/issue/78334", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32283.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", + "https://pkg.go.dev/vuln/GO-2026-4870", + "https://www.cve.org/CVERecord?id=CVE-2026-32283" + ], + "PublishedDate": "2026-04-08T02:16:03.58Z", + "LastModifiedDate": "2026-04-16T19:12:10.54Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2dfed5af0b7ab633b41eef16d24194d1bc8c1b17a702070c1dc000ef656132a6", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:46a2c6019e6986ce199b1d9373abb44747c15aeadc4ebb2735d8971e44d5f48f", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c68606a8788145cde047431f42fcde450d9d4defd0adff6fad86d92dfccbc1eb", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a23b62fd1fc86f547127cc0c9113bfbe1dd79a0160c5b075c5fbf933c333e714", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:0a9d34084568ec55b3f302d10cb2f60cdedcc2529c874ec55ccd11546e3d1927", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2024-24789", + "VendorIDs": [ + "GO-2024-2888" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.21.11, 1.22.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24789", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6c059878d38ecca78f93c7d0f174b6769c0817821881633d932a8b3ddaafe0b6", + "Title": "golang: archive/zip: Incorrect handling of certain ZIP files", + "Description": "The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/06/04/1", + "https://access.redhat.com/errata/RHSA-2024:9115", + "https://access.redhat.com/security/cve/CVE-2024-24789", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2292668", + "https://bugzilla.redhat.com/2292787", + "https://bugzilla.redhat.com/2294000", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144983", + "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", + "https://bugzilla.redhat.com/show_bug.cgi?id=2292668", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4122", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3727", + "https://errata.almalinux.org/9/ALSA-2024-9115.html", + "https://errata.rockylinux.org/RLSA-2024:9102", + "https://github.com/golang/go/commit/c8e40338cf00f3c1d86c8fb23863ad67a4c72bcc (1.21)", + "https://github.com/golang/go/commit/cf501ac0c5fe351a8582d20b43562027927906e7 (1.22)", + "https://github.com/golang/go/issues/66869", + "https://go.dev/cl/585397", + "https://go.dev/issue/66869", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", + "https://linux.oracle.com/cve/CVE-2024-24789.html", + "https://linux.oracle.com/errata/ELSA-2024-9115.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24789", + "https://pkg.go.dev/vuln/GO-2024-2888", + "https://security.netapp.com/advisory/ntap-20250131-0008/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24789" + ], + "PublishedDate": "2024-06-05T16:15:10.47Z", + "LastModifiedDate": "2025-01-31T15:15:12.74Z" + }, + { + "VulnerabilityID": "CVE-2024-24791", + "VendorIDs": [ + "GO-2024-2963" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.21.12, 1.22.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24791", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2d689e6d31eb2469f7cac432b5564de5fc9ea697e042f85266b9a8ab85944fc7", + "Title": "net/http: Denial of service due to improper 100-continue handling in net/http", + "Description": "The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an \"Expect: 100-continue\" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending \"Expect: 100-continue\" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7256", + "https://access.redhat.com/security/cve/CVE-2024-24791", + "https://bugzilla.redhat.com/2237777", + "https://bugzilla.redhat.com/2237778", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2292787", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/2315719", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", + "https://errata.almalinux.org/9/ALSA-2025-7256.html", + "https://errata.rockylinux.org/RLSA-2025:7256", + "https://go.dev/cl/591255", + "https://go.dev/issue/67555", + "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ", + "https://linux.oracle.com/cve/CVE-2024-24791.html", + "https://linux.oracle.com/errata/ELSA-2025-7256.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24791", + "https://pkg.go.dev/vuln/GO-2024-2963", + "https://security.netapp.com/advisory/ntap-20241004-0004/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24791" + ], + "PublishedDate": "2024-07-02T22:15:04.833Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-34155", + "VendorIDs": [ + "GO-2024-3105" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.22.7, 1.23.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34155", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3e72d758cd16bd52890f329e4ad86114d3534225f94056823d36989816c38d6c", + "Title": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion", + "Description": "Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:9459", + "https://access.redhat.com/security/cve/CVE-2024-34155", + "https://bugzilla.redhat.com/2310527", + "https://bugzilla.redhat.com/2310528", + "https://bugzilla.redhat.com/2310529", + "https://bugzilla.redhat.com/2315691", + "https://bugzilla.redhat.com/2315887", + "https://bugzilla.redhat.com/2317458", + "https://bugzilla.redhat.com/2317467", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", + "https://errata.almalinux.org/9/ALSA-2024-9459.html", + "https://errata.rockylinux.org/RLSA-2024:8039", + "https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1)", + "https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7)", + "https://go.dev/cl/611238", + "https://go.dev/issue/69138", + "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", + "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", + "https://linux.oracle.com/cve/CVE-2024-34155.html", + "https://linux.oracle.com/errata/ELSA-2024-9459.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-34155", + "https://pkg.go.dev/vuln/GO-2024-3105", + "https://security.netapp.com/advisory/ntap-20240926-0005/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-34155" + ], + "PublishedDate": "2024-09-06T21:15:11.947Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-34158", + "VendorIDs": [ + "GO-2024-3107" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.22.7, 1.23.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34158", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e1b0afbaabca139372915daa3348128dc1967184df39360856a6906a26671c42", + "Title": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion", + "Description": "Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7118", + "https://access.redhat.com/security/cve/CVE-2024-34158", + "https://bugzilla.redhat.com/2262921", + "https://bugzilla.redhat.com/2310529", + "https://bugzilla.redhat.com/2315719", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", + "https://errata.almalinux.org/9/ALSA-2025-7118.html", + "https://errata.rockylinux.org/RLSA-2024:8039", + "https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1)", + "https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7)", + "https://go.dev/cl/611240", + "https://go.dev/issue/69141", + "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", + "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", + "https://linux.oracle.com/cve/CVE-2024-34158.html", + "https://linux.oracle.com/errata/ELSA-2025-7118.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-34158", + "https://pkg.go.dev/vuln/GO-2024-3107", + "https://security.netapp.com/advisory/ntap-20241004-0003/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-34158" + ], + "PublishedDate": "2024-09-06T21:15:12.083Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-45336", + "VendorIDs": [ + "GO-2025-3420" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c37beb0a6102dd45b0c2a84d9b9674bdfe3baece0972b2dff3efda0aaacbf39c", + "Title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", + "Description": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:3772", + "https://access.redhat.com/security/cve/CVE-2024-45336", + "https://bugzilla.redhat.com/2341750", + "https://bugzilla.redhat.com/2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.almalinux.org/8/ALSA-2025-3772.html", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/issues/70530", + "https://go.dev/cl/643100", + "https://go.dev/issue/70530", + "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI", + "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", + "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", + "https://linux.oracle.com/cve/CVE-2024-45336.html", + "https://linux.oracle.com/errata/ELSA-2025-7592.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-45336", + "https://pkg.go.dev/vuln/GO-2025-3420", + "https://security.netapp.com/advisory/ntap-20250221-0003/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2024-45336" + ], + "PublishedDate": "2025-01-28T02:15:28.807Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-0913", + "VendorIDs": [ + "GO-2025-3750" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9a78c13cd83980405e861fcc9404730281d66d651c5378e8a73314ec79f36b94", + "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", + "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://go.dev/cl/672396", + "https://go.dev/issue/73702", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", + "https://pkg.go.dev/vuln/GO-2025-3750" + ], + "PublishedDate": "2025-06-11T18:15:24.627Z", + "LastModifiedDate": "2025-08-08T14:53:03.55Z" + }, + { + "VulnerabilityID": "CVE-2025-22866", + "VendorIDs": [ + "GO-2025-3447" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2de7e49b573a103eec1a87e1a190da757b6165ed0f32f36790e80db6d8ebe5a3", + "Title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", + "Description": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22866", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12)", + "https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6)", + "https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)", + "https://github.com/golang/go/issues/71383", + "https://go.dev/cl/643735", + "https://go.dev/issue/71383", + "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", + "https://linux.oracle.com/cve/CVE-2025-22866.html", + "https://linux.oracle.com/errata/ELSA-2025-7466.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22866", + "https://pkg.go.dev/vuln/GO-2025-3447", + "https://security.netapp.com/advisory/ntap-20250221-0002/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22866" + ], + "PublishedDate": "2025-02-06T17:15:21.41Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22870", + "VendorIDs": [ + "GHSA-qxp5-gwg8-xv66", + "GO-2025-3503" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.23.7, 1.24.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:13b1417c820d5e1afb08e2e5d7b2b39bc6924913cd9c98006ba71deb0be39dbb", + "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", + "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-115" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/03/07/2", + "https://access.redhat.com/security/cve/CVE-2025-22870", + "https://github.com/golang/go/issues/71984", + "https://go-review.googlesource.com/q/project:net", + "https://go.dev/cl/654697", + "https://go.dev/issue/71984", + "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", + "https://pkg.go.dev/vuln/GO-2025-3503", + "https://security.netapp.com/advisory/ntap-20250509-0007", + "https://security.netapp.com/advisory/ntap-20250509-0007/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22870" + ], + "PublishedDate": "2025-03-12T19:15:38.31Z", + "LastModifiedDate": "2026-04-16T23:16:32.86Z" + }, + { + "VulnerabilityID": "CVE-2025-22871", + "VendorIDs": [ + "GO-2025-3563" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.23.8, 1.24.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:272e62a31e953968f67290e9af2b08c3926832d649189277b6d6c9431e3d231c", + "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", + "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 3, + "ghsa": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/04/4", + "https://access.redhat.com/errata/RHSA-2025:9635", + "https://access.redhat.com/security/cve/CVE-2025-22871", + "https://bugzilla.redhat.com/2358493", + "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", + "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", + "https://errata.almalinux.org/9/ALSA-2025-9635.html", + "https://errata.rockylinux.org/RLSA-2025:9635", + "https://github.com/roadrunner-server/roadrunner", + "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", + "https://github.com/roadrunner-server/roadrunner/issues/2166", + "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", + "https://go.dev/cl/652998", + "https://go.dev/issue/71988", + "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", + "https://linux.oracle.com/cve/CVE-2025-22871.html", + "https://linux.oracle.com/errata/ELSA-2025-9845.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", + "https://pkg.go.dev/vuln/GO-2025-3563", + "https://www.cve.org/CVERecord?id=CVE-2025-22871" + ], + "PublishedDate": "2025-04-08T20:15:20.183Z", + "LastModifiedDate": "2026-05-12T13:16:39.897Z" + }, + { + "VulnerabilityID": "CVE-2025-22873", + "VendorIDs": [ + "GO-2026-4403" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.23.9, 1.24.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:077aa457cc3831246c41ef49723526417884836b99a5235e86327d249e6e317a", + "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", + "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-23" + ], + "VendorSeverity": { + "amazon": 2, + "bitnami": 1, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "V3Score": 3.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/06/2", + "https://access.redhat.com/security/cve/CVE-2025-22873", + "https://go.dev/cl/670036", + "https://go.dev/issue/73555", + "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", + "https://pkg.go.dev/vuln/GO-2026-4403", + "https://www.cve.org/CVERecord?id=CVE-2025-22873" + ], + "PublishedDate": "2026-02-04T23:15:54.22Z", + "LastModifiedDate": "2026-02-10T15:16:40.057Z" + }, + { + "VulnerabilityID": "CVE-2025-4673", + "VendorIDs": [ + "GO-2025-3751" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:fbb067c121e37ed079e80d9ef3d5c30c3f03063e08f8c54a4c0f5a7cbffc0b59", + "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", + "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:15887", + "https://access.redhat.com/security/cve/CVE-2025-4673", + "https://bugzilla.redhat.com/2373305", + "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", + "https://errata.almalinux.org/9/ALSA-2025-15887.html", + "https://errata.rockylinux.org/RLSA-2025:15887", + "https://go.dev/cl/679257", + "https://go.dev/issue/73816", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://linux.oracle.com/cve/CVE-2025-4673.html", + "https://linux.oracle.com/errata/ELSA-2025-10677.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", + "https://pkg.go.dev/vuln/GO-2025-3751", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-4673" + ], + "PublishedDate": "2025-06-11T17:15:42.993Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-47906", + "VendorIDs": [ + "GO-2025-3956" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2f4bca150cb7cac6faa7e13d731976d2dbc276b7b0eb4bb3fb9e16848d805596", + "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", + "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:22005", + "https://access.redhat.com/security/cve/CVE-2025-47906", + "https://bugzilla.redhat.com/2396546", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", + "https://errata.almalinux.org/9/ALSA-2025-22005.html", + "https://errata.rockylinux.org/RLSA-2025:22005", + "https://go.dev/cl/691775", + "https://go.dev/issue/74466", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47906.html", + "https://linux.oracle.com/errata/ELSA-2025-22668.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", + "https://pkg.go.dev/vuln/GO-2025-3956", + "https://www.cve.org/CVERecord?id=CVE-2025-47906" + ], + "PublishedDate": "2025-09-18T19:15:37.66Z", + "LastModifiedDate": "2026-01-27T19:56:17.707Z" + }, + { + "VulnerabilityID": "CVE-2025-47907", + "VendorIDs": [ + "GO-2025-3849" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c39315a308836b86f2b976314ae40e362c994508599d595a7199e82aef6bb904", + "Title": "database/sql: Postgres Scan Race Condition", + "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:20909", + "https://access.redhat.com/security/cve/CVE-2025-47907", + "https://bugzilla.redhat.com/2387083", + "https://bugzilla.redhat.com/2393152", + "https://errata.almalinux.org/9/ALSA-2025-20909.html", + "https://go.dev/cl/693735", + "https://go.dev/issue/74831", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47907.html", + "https://linux.oracle.com/errata/ELSA-2025-20983.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", + "https://pkg.go.dev/vuln/GO-2025-3849", + "https://www.cve.org/CVERecord?id=CVE-2025-47907" + ], + "PublishedDate": "2025-08-07T16:15:30.357Z", + "LastModifiedDate": "2026-01-29T19:11:50.67Z" + }, + { + "VulnerabilityID": "CVE-2025-47912", + "VendorIDs": [ + "GO-2025-4010" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8b119f1338f4b5c0417019f628c6f606707d479ffe60d8c3f8946ab3bffb2c60", + "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", + "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-47912", + "https://go.dev/cl/709857", + "https://go.dev/issue/75678", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", + "https://pkg.go.dev/vuln/GO-2025-4010", + "https://www.cve.org/CVERecord?id=CVE-2025-47912" + ], + "PublishedDate": "2025-10-29T23:16:18.187Z", + "LastModifiedDate": "2026-01-29T13:57:18.69Z" + }, + { + "VulnerabilityID": "CVE-2025-58183", + "VendorIDs": [ + "GO-2025-4014" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:31b924af6a301f5242fd965e019e1144b533466100a09bd34f2b37546f097aaa", + "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", + "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/errata/RHSA-2026:1381", + "https://access.redhat.com/security/cve/CVE-2025-58183", + "https://bugzilla.redhat.com/2407258", + "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", + "https://errata.almalinux.org/9/ALSA-2026-1381.html", + "https://errata.rockylinux.org/RLSA-2025:23326", + "https://go.dev/cl/709861", + "https://go.dev/issue/75677", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://linux.oracle.com/cve/CVE-2025-58183.html", + "https://linux.oracle.com/errata/ELSA-2026-50076.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", + "https://pkg.go.dev/vuln/GO-2025-4014", + "https://www.cve.org/CVERecord?id=CVE-2025-58183" + ], + "PublishedDate": "2025-10-29T23:16:19.357Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-58185", + "VendorIDs": [ + "GO-2025-4011" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2d4457a5122f21cfb48667433c524de03826bad48354f709fdd14d49416eeb9a", + "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", + "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58185", + "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", + "https://go.dev/cl/709856", + "https://go.dev/issue/75671", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", + "https://pkg.go.dev/vuln/GO-2025-4011", + "https://www.cve.org/CVERecord?id=CVE-2025-58185" + ], + "PublishedDate": "2025-10-29T23:16:19.45Z", + "LastModifiedDate": "2026-02-06T20:26:41.997Z" + }, + { + "VulnerabilityID": "CVE-2025-58187", + "VendorIDs": [ + "GO-2025-4007" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.9, 1.25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b0a88df2215fafa37e63f6c8ef7fd6bbc1b11059720105aed3e6f5a7647d4ccc", + "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", + "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58187", + "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", + "https://go.dev/cl/709854", + "https://go.dev/issue/75681", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", + "https://pkg.go.dev/vuln/GO-2025-4007", + "https://www.cve.org/CVERecord?id=CVE-2025-58187" + ], + "PublishedDate": "2025-10-29T23:16:19.643Z", + "LastModifiedDate": "2026-01-29T16:02:27.08Z" + }, + { + "VulnerabilityID": "CVE-2025-58188", + "VendorIDs": [ + "GO-2025-4013" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:087429ebc3e65ce85d444d6979dd9e1f1a7cda95125c20eb1a64b6a78ae0e308", + "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", + "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58188", + "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", + "https://go.dev/cl/709853", + "https://go.dev/issue/75675", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", + "https://pkg.go.dev/vuln/GO-2025-4013", + "https://www.cve.org/CVERecord?id=CVE-2025-58188" + ], + "PublishedDate": "2025-10-29T23:16:19.74Z", + "LastModifiedDate": "2026-01-29T15:55:11.97Z" + }, + { + "VulnerabilityID": "CVE-2025-58189", + "VendorIDs": [ + "GO-2025-4008" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:44a8a1ee2375a8ad0aa89ed74041f18a680d58912138a5e0189f4f572c51d917", + "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", + "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-532" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58189", + "https://go.dev/cl/707776", + "https://go.dev/issue/75652", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", + "https://pkg.go.dev/vuln/GO-2025-4008", + "https://www.cve.org/CVERecord?id=CVE-2025-58189" + ], + "PublishedDate": "2025-10-29T23:16:19.833Z", + "LastModifiedDate": "2026-01-29T15:49:24.543Z" + }, + { + "VulnerabilityID": "CVE-2025-61723", + "VendorIDs": [ + "GO-2025-4009" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c7337bb6d081ea297e5a6489248298e1a2a81613c3d5ccc87f261b9d6a78fa69", + "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", + "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61723", + "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", + "https://go.dev/cl/709858", + "https://go.dev/issue/75676", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", + "https://pkg.go.dev/vuln/GO-2025-4009", + "https://www.cve.org/CVERecord?id=CVE-2025-61723" + ], + "PublishedDate": "2025-10-29T23:16:19.927Z", + "LastModifiedDate": "2026-01-29T15:49:05.343Z" + }, + { + "VulnerabilityID": "CVE-2025-61724", + "VendorIDs": [ + "GO-2025-4015" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b5b06eeebf98a2054c48afc5dd777fe12f1096c9c47ba4aecf7912b88c6b06b6", + "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", + "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61724", + "https://go.dev/cl/709859", + "https://go.dev/issue/75716", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", + "https://pkg.go.dev/vuln/GO-2025-4015", + "https://www.cve.org/CVERecord?id=CVE-2025-61724" + ], + "PublishedDate": "2025-10-29T23:16:20.02Z", + "LastModifiedDate": "2026-01-29T15:30:53.69Z" + }, + { + "VulnerabilityID": "CVE-2025-61725", + "VendorIDs": [ + "GO-2025-4006" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:64f32487ca8d0bea1d236187b03829b56a349ffb6400085c1dc9585e0434b456", + "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", + "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61725", + "https://go.dev/cl/709860", + "https://go.dev/issue/75680", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", + "https://pkg.go.dev/vuln/GO-2025-4006", + "https://www.cve.org/CVERecord?id=CVE-2025-61725" + ], + "PublishedDate": "2025-10-29T23:16:20.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61727", + "VendorIDs": [ + "GO-2025-4175" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7254c2400a8869438e2934e27c270176ec8a99471d7483966792b91121bca57c", + "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", + "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61727", + "https://go.dev/cl/723900", + "https://go.dev/issue/76442", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", + "https://pkg.go.dev/vuln/GO-2025-4175", + "https://www.cve.org/CVERecord?id=CVE-2025-61727" + ], + "PublishedDate": "2025-12-03T20:16:25.607Z", + "LastModifiedDate": "2025-12-18T20:15:10.957Z" + }, + { + "VulnerabilityID": "CVE-2025-61728", + "VendorIDs": [ + "GO-2026-4342" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7d6cf962b00a65a664818b9794d821af4d33a13a0de81ca899051c493610dc6f", + "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", + "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/15/4", + "https://access.redhat.com/errata/RHSA-2026:3753", + "https://access.redhat.com/security/cve/CVE-2025-61728", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434431", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3753.html", + "https://errata.rockylinux.org/RLSA-2026:3337", + "https://go.dev/cl/736713", + "https://go.dev/issue/77102", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61728.html", + "https://linux.oracle.com/errata/ELSA-2026-4672.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", + "https://pkg.go.dev/vuln/GO-2026-4342", + "https://www.cve.org/CVERecord?id=CVE-2025-61728" + ], + "PublishedDate": "2026-01-28T20:16:09.83Z", + "LastModifiedDate": "2026-02-06T18:45:10.42Z" + }, + { + "VulnerabilityID": "CVE-2025-61730", + "VendorIDs": [ + "GO-2026-4340" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:80dcbc7234ca9441a6dfd8bea1e8352dc5f860f8d52e53b93ee42bf725f14faf", + "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", + "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "bitnami": 2, + "cbl-mariner": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61730", + "https://go.dev/cl/724120", + "https://go.dev/issue/76443", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", + "https://pkg.go.dev/vuln/GO-2026-4340", + "https://www.cve.org/CVERecord?id=CVE-2025-61730" + ], + "PublishedDate": "2026-01-28T20:16:09.94Z", + "LastModifiedDate": "2026-02-03T20:36:41.3Z" + }, + { + "VulnerabilityID": "CVE-2026-27142", + "VendorIDs": [ + "GO-2026-4603" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a4c595778eb9c879456ce84cc279c06b5cbbf6d50193c08eb7c99eb8f2357d34", + "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", + "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27142", + "https://go.dev/cl/752081", + "https://go.dev/issue/77954", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", + "https://pkg.go.dev/vuln/GO-2026-4603", + "https://www.cve.org/CVERecord?id=CVE-2026-27142" + ], + "PublishedDate": "2026-03-06T22:16:01.177Z", + "LastModifiedDate": "2026-04-21T14:30:01.38Z" + }, + { + "VulnerabilityID": "CVE-2026-32282", + "VendorIDs": [ + "GO-2026-4864" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f0dbfbdec22cde7e7ca9192bd2b2d0ce610d30b62bd8f19c5f03c8fcb65ffb62", + "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", + "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32282", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763761", + "https://go.dev/issue/78293", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32282.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", + "https://pkg.go.dev/vuln/GO-2026-4864", + "https://www.cve.org/CVERecord?id=CVE-2026-32282" + ], + "PublishedDate": "2026-04-08T02:16:03.467Z", + "LastModifiedDate": "2026-04-16T19:15:39.4Z" + }, + { + "VulnerabilityID": "CVE-2026-32288", + "VendorIDs": [ + "GO-2026-4869" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8d0b9a6f9f44335ba5c5285471c5b29a99cdf36fa07262575027d258200f1d78", + "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", + "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32288", + "https://go.dev/cl/763766", + "https://go.dev/issue/78301", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", + "https://pkg.go.dev/vuln/GO-2026-4869", + "https://www.cve.org/CVERecord?id=CVE-2026-32288" + ], + "PublishedDate": "2026-04-08T02:16:03.707Z", + "LastModifiedDate": "2026-04-16T19:08:52.24Z" + }, + { + "VulnerabilityID": "CVE-2026-32289", + "VendorIDs": [ + "GO-2026-4865" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3cdbb1cd82e98f475a864c1862581c6711ee308e5729237ec1632829af357657", + "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", + "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32289", + "https://go.dev/cl/763762", + "https://go.dev/issue/78331", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", + "https://pkg.go.dev/vuln/GO-2026-4865", + "https://www.cve.org/CVERecord?id=CVE-2026-32289" + ], + "PublishedDate": "2026-04-08T02:16:03.82Z", + "LastModifiedDate": "2026-04-16T19:06:57.367Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:65a098e51170a6ef7fd29f2c7f6975db1a0536639195756581826d0fdba7e199", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6c2646447518e818dae25afde2026b796806b930b2307a8e51c31e6f92e60e8e", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "8edc96ccfbd9e6cc" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", + "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:901fb823fdaeedef70e2121dd92da55e0472f1888a738b18c0b8d7076462a3cf", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + } + ] + }, + { + "Namespace": "cert-manager", + "Kind": "Deployment", + "Name": "cert-manager-cainjector", + "Metadata": [ + { + "Size": 42694656, + "OS": { + "Family": "debian", + "Name": "12.5" + }, + "ImageID": "sha256:67fe8c356b499e00c2844b58a67c20193a1a7e8de8cccc5651f3d47af7a8877c", + "DiffIDs": [ + "sha256:3d6fa0469044370439d20eaf7e0d25450e01335a93c13ba46e368d7785914c0c", + "sha256:49626df344c912cfe9f8d8fcd635d301bd41127cd326914212cf2443a96cf421", + "sha256:945d17be9a3e27af5ca1c671792bf1a8f2c3f4d13d3994665d95f084ed4f8a60", + "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368", + "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc", + "sha256:ac805962e47900b616b2f4b4584a34ac7b07d64ac1fd2c077478cf65311addcc", + "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b", + "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1", + "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849", + "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3", + "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217", + "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b", + "sha256:51c1e33e14008c93d157bf0f308494a7d0a421ce0693a232f92ef6e43eb29f90", + "sha256:a7c10d30cf1ad3b67244a936515e38af0ece441e690e766e3eeca4227fc55f69" + ], + "RepoTags": [ + "quay.io/jetstack/cert-manager-cainjector:v1.14.5" + ], + "RepoDigests": [ + "quay.io/jetstack/cert-manager-cainjector@sha256:4ffda7facb4da16dab20a88e7607b75ebdab4e6c9069a840216a89f47261ee0b" + ], + "Reference": "quay.io/jetstack/cert-manager-cainjector:v1.14.5", + "ImageConfig": { + "architecture": "amd64", + "created": "2024-04-25T10:51:16.664840837Z", + "history": [ + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "2024-04-25T10:51:15.492583843Z", + "created_by": "LABEL org.opencontainers.image.source=https://github.com/cert-manager/cert-manager", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-04-25T10:51:15.492583843Z", + "created_by": "USER 1000", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-04-25T10:51:15.492583843Z", + "created_by": "COPY cainjector /app/cmd/cainjector/cainjector # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-04-25T10:51:16.230346564Z", + "created_by": "COPY cert-manager.license /licenses/LICENSE # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-04-25T10:51:16.664840837Z", + "created_by": "COPY cert-manager.licenses_notice /licenses/LICENSES # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-04-25T10:51:16.664840837Z", + "created_by": "ENTRYPOINT [\"/app/cmd/cainjector/cainjector\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:3d6fa0469044370439d20eaf7e0d25450e01335a93c13ba46e368d7785914c0c", + "sha256:49626df344c912cfe9f8d8fcd635d301bd41127cd326914212cf2443a96cf421", + "sha256:945d17be9a3e27af5ca1c671792bf1a8f2c3f4d13d3994665d95f084ed4f8a60", + "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368", + "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc", + "sha256:ac805962e47900b616b2f4b4584a34ac7b07d64ac1fd2c077478cf65311addcc", + "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b", + "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1", + "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849", + "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3", + "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217", + "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b", + "sha256:51c1e33e14008c93d157bf0f308494a7d0a421ce0693a232f92ef6e43eb29f90", + "sha256:a7c10d30cf1ad3b67244a936515e38af0ece441e690e766e3eeca4227fc55f69" + ] + }, + "config": { + "Entrypoint": [ + "/app/cmd/cainjector/cainjector" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt" + ], + "Labels": { + "org.opencontainers.image.source": "https://github.com/cert-manager/cert-manager" + }, + "User": "1000", + "WorkingDir": "/" + } + }, + "Layers": [ + { + "Size": 327680, + "Digest": "sha256:286c61c9a31ace5fa0b8832c8e8e30d66bf32138f2f787463235aa0071f714ea", + "DiffID": "sha256:3d6fa0469044370439d20eaf7e0d25450e01335a93c13ba46e368d7785914c0c" + }, + { + "Size": 40960, + "Digest": "sha256:2bdf44d7aa71bf3a0da2de0563ad0e3882948d699b4991edf8c0ab44e7f26ae3", + "DiffID": "sha256:49626df344c912cfe9f8d8fcd635d301bd41127cd326914212cf2443a96cf421" + }, + { + "Size": 2396160, + "Digest": "sha256:452e9eed7ecfd0c2b44ac6fda20cee66ab98aec38ba30aa868e02445be7c8bb0", + "DiffID": "sha256:945d17be9a3e27af5ca1c671792bf1a8f2c3f4d13d3994665d95f084ed4f8a60" + }, + { + "Size": 1536, + "Digest": "sha256:0f8b424aa0b96c1c388a5fd4d90735604459256336853082afb61733438872b5", + "DiffID": "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368" + }, + { + "Size": 2560, + "Digest": "sha256:d557676654e572af3e3173c90e7874644207fda32cd87e9d3d66b5d7b98a7b21", + "DiffID": "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc" + }, + { + "Size": 2560, + "Digest": "sha256:c8022d07192eddbb2a548ba83be5e412f7ba863bbba158d133c9653bb8a47768", + "DiffID": "sha256:ac805962e47900b616b2f4b4584a34ac7b07d64ac1fd2c077478cf65311addcc" + }, + { + "Size": 2560, + "Digest": "sha256:d858cbc252ade14879807ff8dbc3043a26bbdb92087da98cda831ee040b172b3", + "DiffID": "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b" + }, + { + "Size": 1536, + "Digest": "sha256:1069fc2daed1aceff7232f4b8ab21200dd3d8b04f61be9da86977a34a105dfdc", + "DiffID": "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1" + }, + { + "Size": 10240, + "Digest": "sha256:b40161cd83fc5d470d6abe50e87aa288481b6b89137012881d74187cfbf9f502", + "DiffID": "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849" + }, + { + "Size": 3072, + "Digest": "sha256:3f4e2c5863480125882d92060440a5250766bce764fee10acdbac18c872e4dc7", + "DiffID": "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3" + }, + { + "Size": 238592, + "Digest": "sha256:80a8c047508ae5cd6a591060fc43422cb8e3aea1bd908d913e8f0146e2297fea", + "DiffID": "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217" + }, + { + "Size": 39661056, + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + { + "Size": 3584, + "Digest": "sha256:33838fd697f026879464ebe9f5ae6e0bec5289f689e97cf734da7837d33487f4", + "DiffID": "sha256:51c1e33e14008c93d157bf0f308494a7d0a421ce0693a232f92ef6e43eb29f90" + }, + { + "Size": 2560, + "Digest": "sha256:dc114723bba03499030a454579abd5a5e68f2a10374a8917f82411b8dfd9ffc1", + "DiffID": "sha256:a7c10d30cf1ad3b67244a936515e38af0ece441e690e766e3eeca4227fc55f69" + } + ] + } + ], + "Results": [ + { + "Target": "quay.io/jetstack/cert-manager-cainjector:v1.14.5 (debian 12.5)", + "Class": "os-pkgs", + "Type": "debian", + "Packages": [ + { + "ID": "base-files@12.4+deb12u5", + "Name": "base-files", + "Identifier": { + "PURL": "pkg:deb/debian/base-files@12.4%2Bdeb12u5?arch=amd64\u0026distro=debian-12.5", + "UID": "a027b06af87a4cc3" + }, + "Version": "12.4+deb12u5", + "Arch": "amd64", + "SrcName": "base-files", + "SrcVersion": "12.4+deb12u5", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:286c61c9a31ace5fa0b8832c8e8e30d66bf32138f2f787463235aa0071f714ea", + "DiffID": "sha256:3d6fa0469044370439d20eaf7e0d25450e01335a93c13ba46e368d7785914c0c" + }, + "InstalledFiles": [ + "/usr/lib/os-release", + "/usr/share/base-files/dot.bashrc", + "/usr/share/base-files/dot.profile", + "/usr/share/base-files/dot.profile.md5sums", + "/usr/share/base-files/info.dir", + "/usr/share/base-files/motd", + "/usr/share/base-files/profile", + "/usr/share/base-files/profile.md5sums", + "/usr/share/base-files/staff-group-for-usr-local", + "/usr/share/common-licenses/Apache-2.0", + "/usr/share/common-licenses/Artistic", + "/usr/share/common-licenses/BSD", + "/usr/share/common-licenses/CC0-1.0", + "/usr/share/common-licenses/GFDL-1.2", + "/usr/share/common-licenses/GFDL-1.3", + "/usr/share/common-licenses/GPL-1", + "/usr/share/common-licenses/GPL-2", + "/usr/share/common-licenses/GPL-3", + "/usr/share/common-licenses/LGPL-2", + "/usr/share/common-licenses/LGPL-2.1", + "/usr/share/common-licenses/LGPL-3", + "/usr/share/common-licenses/MPL-1.1", + "/usr/share/common-licenses/MPL-2.0", + "/usr/share/doc/base-files/README", + "/usr/share/doc/base-files/README.FHS", + "/usr/share/doc/base-files/changelog.gz", + "/usr/share/doc/base-files/copyright", + "/usr/share/lintian/overrides/base-files" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "netbase@6.4", + "Name": "netbase", + "Identifier": { + "PURL": "pkg:deb/debian/netbase@6.4?arch=all\u0026distro=debian-12.5", + "UID": "64adcbea2e4e887c" + }, + "Version": "6.4", + "Arch": "all", + "SrcName": "netbase", + "SrcVersion": "6.4", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:2bdf44d7aa71bf3a0da2de0563ad0e3882948d699b4991edf8c0ab44e7f26ae3", + "DiffID": "sha256:49626df344c912cfe9f8d8fcd635d301bd41127cd326914212cf2443a96cf421" + }, + "InstalledFiles": [ + "/usr/share/doc/netbase/changelog.gz", + "/usr/share/doc/netbase/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "tzdata@2024a-0+deb12u1", + "Name": "tzdata", + "Identifier": { + "PURL": "pkg:deb/debian/tzdata@2024a-0%2Bdeb12u1?arch=all\u0026distro=debian-12.5", + "UID": "c32ff64571217b4a" + }, + "Version": "2024a", + "Release": "0+deb12u1", + "Arch": "all", + "SrcName": "tzdata", + "SrcVersion": "2024a", + "SrcRelease": "0+deb12u1", + "Licenses": [ + "public-domain" + ], + "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:452e9eed7ecfd0c2b44ac6fda20cee66ab98aec38ba30aa868e02445be7c8bb0", + "DiffID": "sha256:945d17be9a3e27af5ca1c671792bf1a8f2c3f4d13d3994665d95f084ed4f8a60" + }, + "InstalledFiles": [ + "/usr/share/doc/tzdata/README.Debian", + "/usr/share/doc/tzdata/changelog.Debian.gz", + "/usr/share/doc/tzdata/changelog.gz", + "/usr/share/doc/tzdata/copyright", + "/usr/share/lintian/overrides/tzdata", + "/usr/share/zoneinfo/Africa/Abidjan", + "/usr/share/zoneinfo/Africa/Accra", + "/usr/share/zoneinfo/Africa/Addis_Ababa", + "/usr/share/zoneinfo/Africa/Algiers", + "/usr/share/zoneinfo/Africa/Asmara", + "/usr/share/zoneinfo/Africa/Bamako", + "/usr/share/zoneinfo/Africa/Bangui", + "/usr/share/zoneinfo/Africa/Banjul", + "/usr/share/zoneinfo/Africa/Bissau", + "/usr/share/zoneinfo/Africa/Blantyre", + "/usr/share/zoneinfo/Africa/Brazzaville", + "/usr/share/zoneinfo/Africa/Bujumbura", + "/usr/share/zoneinfo/Africa/Cairo", + "/usr/share/zoneinfo/Africa/Casablanca", + "/usr/share/zoneinfo/Africa/Ceuta", + "/usr/share/zoneinfo/Africa/Conakry", + "/usr/share/zoneinfo/Africa/Dakar", + "/usr/share/zoneinfo/Africa/Dar_es_Salaam", + "/usr/share/zoneinfo/Africa/Djibouti", + "/usr/share/zoneinfo/Africa/Douala", + "/usr/share/zoneinfo/Africa/El_Aaiun", + "/usr/share/zoneinfo/Africa/Freetown", + "/usr/share/zoneinfo/Africa/Gaborone", + "/usr/share/zoneinfo/Africa/Harare", + "/usr/share/zoneinfo/Africa/Johannesburg", + "/usr/share/zoneinfo/Africa/Juba", + "/usr/share/zoneinfo/Africa/Kampala", + "/usr/share/zoneinfo/Africa/Khartoum", + "/usr/share/zoneinfo/Africa/Kigali", + "/usr/share/zoneinfo/Africa/Kinshasa", + "/usr/share/zoneinfo/Africa/Lagos", + "/usr/share/zoneinfo/Africa/Libreville", + "/usr/share/zoneinfo/Africa/Lome", + "/usr/share/zoneinfo/Africa/Luanda", + "/usr/share/zoneinfo/Africa/Lubumbashi", + "/usr/share/zoneinfo/Africa/Lusaka", + "/usr/share/zoneinfo/Africa/Malabo", + "/usr/share/zoneinfo/Africa/Maputo", + "/usr/share/zoneinfo/Africa/Maseru", + "/usr/share/zoneinfo/Africa/Mbabane", + "/usr/share/zoneinfo/Africa/Mogadishu", + "/usr/share/zoneinfo/Africa/Monrovia", + "/usr/share/zoneinfo/Africa/Nairobi", + "/usr/share/zoneinfo/Africa/Ndjamena", + "/usr/share/zoneinfo/Africa/Niamey", + "/usr/share/zoneinfo/Africa/Nouakchott", + "/usr/share/zoneinfo/Africa/Ouagadougou", + "/usr/share/zoneinfo/Africa/Porto-Novo", + "/usr/share/zoneinfo/Africa/Sao_Tome", + "/usr/share/zoneinfo/Africa/Tripoli", + "/usr/share/zoneinfo/Africa/Tunis", + "/usr/share/zoneinfo/Africa/Windhoek", + "/usr/share/zoneinfo/America/Adak", + "/usr/share/zoneinfo/America/Anchorage", + "/usr/share/zoneinfo/America/Anguilla", + "/usr/share/zoneinfo/America/Antigua", + "/usr/share/zoneinfo/America/Araguaina", + "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", + "/usr/share/zoneinfo/America/Argentina/Catamarca", + "/usr/share/zoneinfo/America/Argentina/Cordoba", + "/usr/share/zoneinfo/America/Argentina/Jujuy", + "/usr/share/zoneinfo/America/Argentina/La_Rioja", + "/usr/share/zoneinfo/America/Argentina/Mendoza", + "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", + "/usr/share/zoneinfo/America/Argentina/Salta", + "/usr/share/zoneinfo/America/Argentina/San_Juan", + "/usr/share/zoneinfo/America/Argentina/San_Luis", + "/usr/share/zoneinfo/America/Argentina/Tucuman", + "/usr/share/zoneinfo/America/Argentina/Ushuaia", + "/usr/share/zoneinfo/America/Aruba", + "/usr/share/zoneinfo/America/Asuncion", + "/usr/share/zoneinfo/America/Atikokan", + "/usr/share/zoneinfo/America/Bahia", + "/usr/share/zoneinfo/America/Bahia_Banderas", + "/usr/share/zoneinfo/America/Barbados", + "/usr/share/zoneinfo/America/Belem", + "/usr/share/zoneinfo/America/Belize", + "/usr/share/zoneinfo/America/Blanc-Sablon", + "/usr/share/zoneinfo/America/Boa_Vista", + "/usr/share/zoneinfo/America/Bogota", + "/usr/share/zoneinfo/America/Boise", + "/usr/share/zoneinfo/America/Cambridge_Bay", + "/usr/share/zoneinfo/America/Campo_Grande", + "/usr/share/zoneinfo/America/Cancun", + "/usr/share/zoneinfo/America/Caracas", + "/usr/share/zoneinfo/America/Cayenne", + "/usr/share/zoneinfo/America/Cayman", + "/usr/share/zoneinfo/America/Chicago", + "/usr/share/zoneinfo/America/Chihuahua", + "/usr/share/zoneinfo/America/Ciudad_Juarez", + "/usr/share/zoneinfo/America/Costa_Rica", + "/usr/share/zoneinfo/America/Creston", + "/usr/share/zoneinfo/America/Cuiaba", + "/usr/share/zoneinfo/America/Curacao", + "/usr/share/zoneinfo/America/Danmarkshavn", + "/usr/share/zoneinfo/America/Dawson", + "/usr/share/zoneinfo/America/Dawson_Creek", + "/usr/share/zoneinfo/America/Denver", + "/usr/share/zoneinfo/America/Detroit", + "/usr/share/zoneinfo/America/Dominica", + "/usr/share/zoneinfo/America/Edmonton", + "/usr/share/zoneinfo/America/Eirunepe", + "/usr/share/zoneinfo/America/El_Salvador", + "/usr/share/zoneinfo/America/Fort_Nelson", + "/usr/share/zoneinfo/America/Fortaleza", + "/usr/share/zoneinfo/America/Glace_Bay", + "/usr/share/zoneinfo/America/Goose_Bay", + "/usr/share/zoneinfo/America/Grand_Turk", + "/usr/share/zoneinfo/America/Grenada", + "/usr/share/zoneinfo/America/Guadeloupe", + "/usr/share/zoneinfo/America/Guatemala", + "/usr/share/zoneinfo/America/Guayaquil", + "/usr/share/zoneinfo/America/Guyana", + "/usr/share/zoneinfo/America/Halifax", + "/usr/share/zoneinfo/America/Havana", + "/usr/share/zoneinfo/America/Hermosillo", + "/usr/share/zoneinfo/America/Indiana/Indianapolis", + "/usr/share/zoneinfo/America/Indiana/Knox", + "/usr/share/zoneinfo/America/Indiana/Marengo", + "/usr/share/zoneinfo/America/Indiana/Petersburg", + "/usr/share/zoneinfo/America/Indiana/Tell_City", + "/usr/share/zoneinfo/America/Indiana/Vevay", + "/usr/share/zoneinfo/America/Indiana/Vincennes", + "/usr/share/zoneinfo/America/Indiana/Winamac", + "/usr/share/zoneinfo/America/Inuvik", + "/usr/share/zoneinfo/America/Iqaluit", + "/usr/share/zoneinfo/America/Jamaica", + "/usr/share/zoneinfo/America/Juneau", + "/usr/share/zoneinfo/America/Kentucky/Louisville", + "/usr/share/zoneinfo/America/Kentucky/Monticello", + "/usr/share/zoneinfo/America/La_Paz", + "/usr/share/zoneinfo/America/Lima", + "/usr/share/zoneinfo/America/Los_Angeles", + "/usr/share/zoneinfo/America/Maceio", + "/usr/share/zoneinfo/America/Managua", + "/usr/share/zoneinfo/America/Manaus", + "/usr/share/zoneinfo/America/Martinique", + "/usr/share/zoneinfo/America/Matamoros", + "/usr/share/zoneinfo/America/Mazatlan", + "/usr/share/zoneinfo/America/Menominee", + "/usr/share/zoneinfo/America/Merida", + "/usr/share/zoneinfo/America/Metlakatla", + "/usr/share/zoneinfo/America/Mexico_City", + "/usr/share/zoneinfo/America/Miquelon", + "/usr/share/zoneinfo/America/Moncton", + "/usr/share/zoneinfo/America/Monterrey", + "/usr/share/zoneinfo/America/Montevideo", + "/usr/share/zoneinfo/America/Montserrat", + "/usr/share/zoneinfo/America/Nassau", + "/usr/share/zoneinfo/America/New_York", + "/usr/share/zoneinfo/America/Nome", + "/usr/share/zoneinfo/America/Noronha", + "/usr/share/zoneinfo/America/North_Dakota/Beulah", + "/usr/share/zoneinfo/America/North_Dakota/Center", + "/usr/share/zoneinfo/America/North_Dakota/New_Salem", + "/usr/share/zoneinfo/America/Nuuk", + "/usr/share/zoneinfo/America/Ojinaga", + "/usr/share/zoneinfo/America/Panama", + "/usr/share/zoneinfo/America/Paramaribo", + "/usr/share/zoneinfo/America/Phoenix", + "/usr/share/zoneinfo/America/Port-au-Prince", + "/usr/share/zoneinfo/America/Port_of_Spain", + "/usr/share/zoneinfo/America/Porto_Velho", + "/usr/share/zoneinfo/America/Puerto_Rico", + "/usr/share/zoneinfo/America/Punta_Arenas", + "/usr/share/zoneinfo/America/Rankin_Inlet", + "/usr/share/zoneinfo/America/Recife", + "/usr/share/zoneinfo/America/Regina", + "/usr/share/zoneinfo/America/Resolute", + "/usr/share/zoneinfo/America/Rio_Branco", + "/usr/share/zoneinfo/America/Santarem", + "/usr/share/zoneinfo/America/Santiago", + "/usr/share/zoneinfo/America/Santo_Domingo", + "/usr/share/zoneinfo/America/Sao_Paulo", + "/usr/share/zoneinfo/America/Scoresbysund", + "/usr/share/zoneinfo/America/Sitka", + "/usr/share/zoneinfo/America/St_Johns", + "/usr/share/zoneinfo/America/St_Kitts", + "/usr/share/zoneinfo/America/St_Lucia", + "/usr/share/zoneinfo/America/St_Thomas", + "/usr/share/zoneinfo/America/St_Vincent", + "/usr/share/zoneinfo/America/Swift_Current", + "/usr/share/zoneinfo/America/Tegucigalpa", + "/usr/share/zoneinfo/America/Thule", + "/usr/share/zoneinfo/America/Tijuana", + "/usr/share/zoneinfo/America/Toronto", + "/usr/share/zoneinfo/America/Tortola", + "/usr/share/zoneinfo/America/Vancouver", + "/usr/share/zoneinfo/America/Whitehorse", + "/usr/share/zoneinfo/America/Winnipeg", + "/usr/share/zoneinfo/America/Yakutat", + "/usr/share/zoneinfo/Antarctica/Casey", + "/usr/share/zoneinfo/Antarctica/Davis", + "/usr/share/zoneinfo/Antarctica/DumontDUrville", + "/usr/share/zoneinfo/Antarctica/Macquarie", + "/usr/share/zoneinfo/Antarctica/Mawson", + "/usr/share/zoneinfo/Antarctica/McMurdo", + "/usr/share/zoneinfo/Antarctica/Palmer", + "/usr/share/zoneinfo/Antarctica/Rothera", + "/usr/share/zoneinfo/Antarctica/Syowa", + "/usr/share/zoneinfo/Antarctica/Troll", + "/usr/share/zoneinfo/Antarctica/Vostok", + "/usr/share/zoneinfo/Asia/Aden", + "/usr/share/zoneinfo/Asia/Almaty", + "/usr/share/zoneinfo/Asia/Amman", + "/usr/share/zoneinfo/Asia/Anadyr", + "/usr/share/zoneinfo/Asia/Aqtau", + "/usr/share/zoneinfo/Asia/Aqtobe", + "/usr/share/zoneinfo/Asia/Ashgabat", + "/usr/share/zoneinfo/Asia/Atyrau", + "/usr/share/zoneinfo/Asia/Baghdad", + "/usr/share/zoneinfo/Asia/Bahrain", + "/usr/share/zoneinfo/Asia/Baku", + "/usr/share/zoneinfo/Asia/Bangkok", + "/usr/share/zoneinfo/Asia/Barnaul", + "/usr/share/zoneinfo/Asia/Beirut", + "/usr/share/zoneinfo/Asia/Bishkek", + "/usr/share/zoneinfo/Asia/Brunei", + "/usr/share/zoneinfo/Asia/Chita", + "/usr/share/zoneinfo/Asia/Choibalsan", + "/usr/share/zoneinfo/Asia/Colombo", + "/usr/share/zoneinfo/Asia/Damascus", + "/usr/share/zoneinfo/Asia/Dhaka", + "/usr/share/zoneinfo/Asia/Dili", + "/usr/share/zoneinfo/Asia/Dubai", + "/usr/share/zoneinfo/Asia/Dushanbe", + "/usr/share/zoneinfo/Asia/Famagusta", + "/usr/share/zoneinfo/Asia/Gaza", + "/usr/share/zoneinfo/Asia/Hebron", + "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", + "/usr/share/zoneinfo/Asia/Hong_Kong", + "/usr/share/zoneinfo/Asia/Hovd", + "/usr/share/zoneinfo/Asia/Irkutsk", + "/usr/share/zoneinfo/Asia/Jakarta", + "/usr/share/zoneinfo/Asia/Jayapura", + "/usr/share/zoneinfo/Asia/Jerusalem", + "/usr/share/zoneinfo/Asia/Kabul", + "/usr/share/zoneinfo/Asia/Kamchatka", + "/usr/share/zoneinfo/Asia/Karachi", + "/usr/share/zoneinfo/Asia/Kathmandu", + "/usr/share/zoneinfo/Asia/Khandyga", + "/usr/share/zoneinfo/Asia/Kolkata", + "/usr/share/zoneinfo/Asia/Krasnoyarsk", + "/usr/share/zoneinfo/Asia/Kuala_Lumpur", + "/usr/share/zoneinfo/Asia/Kuching", + "/usr/share/zoneinfo/Asia/Kuwait", + "/usr/share/zoneinfo/Asia/Macau", + "/usr/share/zoneinfo/Asia/Magadan", + "/usr/share/zoneinfo/Asia/Makassar", + "/usr/share/zoneinfo/Asia/Manila", + "/usr/share/zoneinfo/Asia/Muscat", + "/usr/share/zoneinfo/Asia/Nicosia", + "/usr/share/zoneinfo/Asia/Novokuznetsk", + "/usr/share/zoneinfo/Asia/Novosibirsk", + "/usr/share/zoneinfo/Asia/Omsk", + "/usr/share/zoneinfo/Asia/Oral", + "/usr/share/zoneinfo/Asia/Phnom_Penh", + "/usr/share/zoneinfo/Asia/Pontianak", + "/usr/share/zoneinfo/Asia/Pyongyang", + "/usr/share/zoneinfo/Asia/Qatar", + "/usr/share/zoneinfo/Asia/Qostanay", + "/usr/share/zoneinfo/Asia/Qyzylorda", + "/usr/share/zoneinfo/Asia/Riyadh", + "/usr/share/zoneinfo/Asia/Sakhalin", + "/usr/share/zoneinfo/Asia/Samarkand", + "/usr/share/zoneinfo/Asia/Seoul", + "/usr/share/zoneinfo/Asia/Shanghai", + "/usr/share/zoneinfo/Asia/Singapore", + "/usr/share/zoneinfo/Asia/Srednekolymsk", + "/usr/share/zoneinfo/Asia/Taipei", + "/usr/share/zoneinfo/Asia/Tashkent", + "/usr/share/zoneinfo/Asia/Tbilisi", + "/usr/share/zoneinfo/Asia/Tehran", + "/usr/share/zoneinfo/Asia/Thimphu", + "/usr/share/zoneinfo/Asia/Tokyo", + "/usr/share/zoneinfo/Asia/Tomsk", + "/usr/share/zoneinfo/Asia/Ulaanbaatar", + "/usr/share/zoneinfo/Asia/Urumqi", + "/usr/share/zoneinfo/Asia/Ust-Nera", + "/usr/share/zoneinfo/Asia/Vientiane", + "/usr/share/zoneinfo/Asia/Vladivostok", + "/usr/share/zoneinfo/Asia/Yakutsk", + "/usr/share/zoneinfo/Asia/Yangon", + "/usr/share/zoneinfo/Asia/Yekaterinburg", + "/usr/share/zoneinfo/Asia/Yerevan", + "/usr/share/zoneinfo/Atlantic/Azores", + "/usr/share/zoneinfo/Atlantic/Bermuda", + "/usr/share/zoneinfo/Atlantic/Canary", + "/usr/share/zoneinfo/Atlantic/Cape_Verde", + "/usr/share/zoneinfo/Atlantic/Faroe", + "/usr/share/zoneinfo/Atlantic/Madeira", + "/usr/share/zoneinfo/Atlantic/Reykjavik", + "/usr/share/zoneinfo/Atlantic/South_Georgia", + "/usr/share/zoneinfo/Atlantic/St_Helena", + "/usr/share/zoneinfo/Atlantic/Stanley", + "/usr/share/zoneinfo/Australia/Adelaide", + "/usr/share/zoneinfo/Australia/Brisbane", + "/usr/share/zoneinfo/Australia/Broken_Hill", + "/usr/share/zoneinfo/Australia/Darwin", + "/usr/share/zoneinfo/Australia/Eucla", + "/usr/share/zoneinfo/Australia/Hobart", + "/usr/share/zoneinfo/Australia/Lindeman", + "/usr/share/zoneinfo/Australia/Lord_Howe", + "/usr/share/zoneinfo/Australia/Melbourne", + "/usr/share/zoneinfo/Australia/Perth", + "/usr/share/zoneinfo/Australia/Sydney", + "/usr/share/zoneinfo/CET", + "/usr/share/zoneinfo/CST6CDT", + "/usr/share/zoneinfo/EET", + "/usr/share/zoneinfo/EST", + "/usr/share/zoneinfo/EST5EDT", + "/usr/share/zoneinfo/Etc/GMT", + "/usr/share/zoneinfo/Etc/GMT+1", + "/usr/share/zoneinfo/Etc/GMT+10", + "/usr/share/zoneinfo/Etc/GMT+11", + "/usr/share/zoneinfo/Etc/GMT+12", + "/usr/share/zoneinfo/Etc/GMT+2", + "/usr/share/zoneinfo/Etc/GMT+3", + "/usr/share/zoneinfo/Etc/GMT+4", + "/usr/share/zoneinfo/Etc/GMT+5", + "/usr/share/zoneinfo/Etc/GMT+6", + "/usr/share/zoneinfo/Etc/GMT+7", + "/usr/share/zoneinfo/Etc/GMT+8", + "/usr/share/zoneinfo/Etc/GMT+9", + "/usr/share/zoneinfo/Etc/GMT-1", + "/usr/share/zoneinfo/Etc/GMT-10", + "/usr/share/zoneinfo/Etc/GMT-11", + "/usr/share/zoneinfo/Etc/GMT-12", + "/usr/share/zoneinfo/Etc/GMT-13", + "/usr/share/zoneinfo/Etc/GMT-14", + "/usr/share/zoneinfo/Etc/GMT-2", + "/usr/share/zoneinfo/Etc/GMT-3", + "/usr/share/zoneinfo/Etc/GMT-4", + "/usr/share/zoneinfo/Etc/GMT-5", + "/usr/share/zoneinfo/Etc/GMT-6", + "/usr/share/zoneinfo/Etc/GMT-7", + "/usr/share/zoneinfo/Etc/GMT-8", + "/usr/share/zoneinfo/Etc/GMT-9", + "/usr/share/zoneinfo/Etc/UTC", + "/usr/share/zoneinfo/Europe/Amsterdam", + "/usr/share/zoneinfo/Europe/Andorra", + "/usr/share/zoneinfo/Europe/Astrakhan", + "/usr/share/zoneinfo/Europe/Athens", + "/usr/share/zoneinfo/Europe/Belgrade", + "/usr/share/zoneinfo/Europe/Berlin", + "/usr/share/zoneinfo/Europe/Brussels", + "/usr/share/zoneinfo/Europe/Bucharest", + "/usr/share/zoneinfo/Europe/Budapest", + "/usr/share/zoneinfo/Europe/Chisinau", + "/usr/share/zoneinfo/Europe/Copenhagen", + "/usr/share/zoneinfo/Europe/Dublin", + "/usr/share/zoneinfo/Europe/Gibraltar", + "/usr/share/zoneinfo/Europe/Guernsey", + "/usr/share/zoneinfo/Europe/Helsinki", + "/usr/share/zoneinfo/Europe/Isle_of_Man", + "/usr/share/zoneinfo/Europe/Istanbul", + "/usr/share/zoneinfo/Europe/Jersey", + "/usr/share/zoneinfo/Europe/Kaliningrad", + "/usr/share/zoneinfo/Europe/Kirov", + "/usr/share/zoneinfo/Europe/Kyiv", + "/usr/share/zoneinfo/Europe/Lisbon", + "/usr/share/zoneinfo/Europe/Ljubljana", + "/usr/share/zoneinfo/Europe/London", + "/usr/share/zoneinfo/Europe/Luxembourg", + "/usr/share/zoneinfo/Europe/Madrid", + "/usr/share/zoneinfo/Europe/Malta", + "/usr/share/zoneinfo/Europe/Minsk", + "/usr/share/zoneinfo/Europe/Monaco", + "/usr/share/zoneinfo/Europe/Moscow", + "/usr/share/zoneinfo/Europe/Oslo", + "/usr/share/zoneinfo/Europe/Paris", + "/usr/share/zoneinfo/Europe/Prague", + "/usr/share/zoneinfo/Europe/Riga", + "/usr/share/zoneinfo/Europe/Rome", + "/usr/share/zoneinfo/Europe/Samara", + "/usr/share/zoneinfo/Europe/Sarajevo", + "/usr/share/zoneinfo/Europe/Saratov", + "/usr/share/zoneinfo/Europe/Simferopol", + "/usr/share/zoneinfo/Europe/Skopje", + "/usr/share/zoneinfo/Europe/Sofia", + "/usr/share/zoneinfo/Europe/Stockholm", + "/usr/share/zoneinfo/Europe/Tallinn", + "/usr/share/zoneinfo/Europe/Tirane", + "/usr/share/zoneinfo/Europe/Ulyanovsk", + "/usr/share/zoneinfo/Europe/Vaduz", + "/usr/share/zoneinfo/Europe/Vienna", + "/usr/share/zoneinfo/Europe/Vilnius", + "/usr/share/zoneinfo/Europe/Volgograd", + "/usr/share/zoneinfo/Europe/Warsaw", + "/usr/share/zoneinfo/Europe/Zagreb", + "/usr/share/zoneinfo/Europe/Zurich", + "/usr/share/zoneinfo/Factory", + "/usr/share/zoneinfo/HST", + "/usr/share/zoneinfo/Indian/Antananarivo", + "/usr/share/zoneinfo/Indian/Chagos", + "/usr/share/zoneinfo/Indian/Christmas", + "/usr/share/zoneinfo/Indian/Cocos", + "/usr/share/zoneinfo/Indian/Comoro", + "/usr/share/zoneinfo/Indian/Kerguelen", + "/usr/share/zoneinfo/Indian/Mahe", + "/usr/share/zoneinfo/Indian/Maldives", + "/usr/share/zoneinfo/Indian/Mauritius", + "/usr/share/zoneinfo/Indian/Mayotte", + "/usr/share/zoneinfo/Indian/Reunion", + "/usr/share/zoneinfo/MET", + "/usr/share/zoneinfo/MST", + "/usr/share/zoneinfo/MST7MDT", + "/usr/share/zoneinfo/PST8PDT", + "/usr/share/zoneinfo/Pacific/Apia", + "/usr/share/zoneinfo/Pacific/Auckland", + "/usr/share/zoneinfo/Pacific/Bougainville", + "/usr/share/zoneinfo/Pacific/Chatham", + "/usr/share/zoneinfo/Pacific/Chuuk", + "/usr/share/zoneinfo/Pacific/Easter", + "/usr/share/zoneinfo/Pacific/Efate", + "/usr/share/zoneinfo/Pacific/Fakaofo", + "/usr/share/zoneinfo/Pacific/Fiji", + "/usr/share/zoneinfo/Pacific/Funafuti", + "/usr/share/zoneinfo/Pacific/Galapagos", + "/usr/share/zoneinfo/Pacific/Gambier", + "/usr/share/zoneinfo/Pacific/Guadalcanal", + "/usr/share/zoneinfo/Pacific/Guam", + "/usr/share/zoneinfo/Pacific/Honolulu", + "/usr/share/zoneinfo/Pacific/Kanton", + "/usr/share/zoneinfo/Pacific/Kiritimati", + "/usr/share/zoneinfo/Pacific/Kosrae", + "/usr/share/zoneinfo/Pacific/Kwajalein", + "/usr/share/zoneinfo/Pacific/Majuro", + "/usr/share/zoneinfo/Pacific/Marquesas", + "/usr/share/zoneinfo/Pacific/Midway", + "/usr/share/zoneinfo/Pacific/Nauru", + "/usr/share/zoneinfo/Pacific/Niue", + "/usr/share/zoneinfo/Pacific/Norfolk", + "/usr/share/zoneinfo/Pacific/Noumea", + "/usr/share/zoneinfo/Pacific/Pago_Pago", + "/usr/share/zoneinfo/Pacific/Palau", + "/usr/share/zoneinfo/Pacific/Pitcairn", + "/usr/share/zoneinfo/Pacific/Pohnpei", + "/usr/share/zoneinfo/Pacific/Port_Moresby", + "/usr/share/zoneinfo/Pacific/Rarotonga", + "/usr/share/zoneinfo/Pacific/Saipan", + "/usr/share/zoneinfo/Pacific/Tahiti", + "/usr/share/zoneinfo/Pacific/Tarawa", + "/usr/share/zoneinfo/Pacific/Tongatapu", + "/usr/share/zoneinfo/Pacific/Wake", + "/usr/share/zoneinfo/Pacific/Wallis", + "/usr/share/zoneinfo/WET", + "/usr/share/zoneinfo/iso3166.tab", + "/usr/share/zoneinfo/leap-seconds.list", + "/usr/share/zoneinfo/leapseconds", + "/usr/share/zoneinfo/right/Africa/Abidjan", + "/usr/share/zoneinfo/right/Africa/Accra", + "/usr/share/zoneinfo/right/Africa/Addis_Ababa", + "/usr/share/zoneinfo/right/Africa/Algiers", + "/usr/share/zoneinfo/right/Africa/Asmara", + "/usr/share/zoneinfo/right/Africa/Bamako", + "/usr/share/zoneinfo/right/Africa/Bangui", + "/usr/share/zoneinfo/right/Africa/Banjul", + "/usr/share/zoneinfo/right/Africa/Bissau", + "/usr/share/zoneinfo/right/Africa/Blantyre", + "/usr/share/zoneinfo/right/Africa/Brazzaville", + "/usr/share/zoneinfo/right/Africa/Bujumbura", + "/usr/share/zoneinfo/right/Africa/Cairo", + "/usr/share/zoneinfo/right/Africa/Casablanca", + "/usr/share/zoneinfo/right/Africa/Ceuta", + "/usr/share/zoneinfo/right/Africa/Conakry", + "/usr/share/zoneinfo/right/Africa/Dakar", + "/usr/share/zoneinfo/right/Africa/Dar_es_Salaam", + "/usr/share/zoneinfo/right/Africa/Djibouti", + "/usr/share/zoneinfo/right/Africa/Douala", + "/usr/share/zoneinfo/right/Africa/El_Aaiun", + "/usr/share/zoneinfo/right/Africa/Freetown", + "/usr/share/zoneinfo/right/Africa/Gaborone", + "/usr/share/zoneinfo/right/Africa/Harare", + "/usr/share/zoneinfo/right/Africa/Johannesburg", + "/usr/share/zoneinfo/right/Africa/Juba", + "/usr/share/zoneinfo/right/Africa/Kampala", + "/usr/share/zoneinfo/right/Africa/Khartoum", + "/usr/share/zoneinfo/right/Africa/Kigali", + "/usr/share/zoneinfo/right/Africa/Kinshasa", + "/usr/share/zoneinfo/right/Africa/Lagos", + "/usr/share/zoneinfo/right/Africa/Libreville", + "/usr/share/zoneinfo/right/Africa/Lome", + "/usr/share/zoneinfo/right/Africa/Luanda", + "/usr/share/zoneinfo/right/Africa/Lubumbashi", + "/usr/share/zoneinfo/right/Africa/Lusaka", + "/usr/share/zoneinfo/right/Africa/Malabo", + "/usr/share/zoneinfo/right/Africa/Maputo", + "/usr/share/zoneinfo/right/Africa/Maseru", + "/usr/share/zoneinfo/right/Africa/Mbabane", + "/usr/share/zoneinfo/right/Africa/Mogadishu", + "/usr/share/zoneinfo/right/Africa/Monrovia", + "/usr/share/zoneinfo/right/Africa/Nairobi", + "/usr/share/zoneinfo/right/Africa/Ndjamena", + "/usr/share/zoneinfo/right/Africa/Niamey", + "/usr/share/zoneinfo/right/Africa/Nouakchott", + "/usr/share/zoneinfo/right/Africa/Ouagadougou", + "/usr/share/zoneinfo/right/Africa/Porto-Novo", + "/usr/share/zoneinfo/right/Africa/Sao_Tome", + "/usr/share/zoneinfo/right/Africa/Tripoli", + "/usr/share/zoneinfo/right/Africa/Tunis", + "/usr/share/zoneinfo/right/Africa/Windhoek", + "/usr/share/zoneinfo/right/America/Adak", + "/usr/share/zoneinfo/right/America/Anchorage", + "/usr/share/zoneinfo/right/America/Anguilla", + "/usr/share/zoneinfo/right/America/Antigua", + "/usr/share/zoneinfo/right/America/Araguaina", + "/usr/share/zoneinfo/right/America/Argentina/Buenos_Aires", + "/usr/share/zoneinfo/right/America/Argentina/Catamarca", + "/usr/share/zoneinfo/right/America/Argentina/Cordoba", + "/usr/share/zoneinfo/right/America/Argentina/Jujuy", + "/usr/share/zoneinfo/right/America/Argentina/La_Rioja", + "/usr/share/zoneinfo/right/America/Argentina/Mendoza", + "/usr/share/zoneinfo/right/America/Argentina/Rio_Gallegos", + "/usr/share/zoneinfo/right/America/Argentina/Salta", + "/usr/share/zoneinfo/right/America/Argentina/San_Juan", + "/usr/share/zoneinfo/right/America/Argentina/San_Luis", + "/usr/share/zoneinfo/right/America/Argentina/Tucuman", + "/usr/share/zoneinfo/right/America/Argentina/Ushuaia", + "/usr/share/zoneinfo/right/America/Aruba", + "/usr/share/zoneinfo/right/America/Asuncion", + "/usr/share/zoneinfo/right/America/Atikokan", + "/usr/share/zoneinfo/right/America/Bahia", + "/usr/share/zoneinfo/right/America/Bahia_Banderas", + "/usr/share/zoneinfo/right/America/Barbados", + "/usr/share/zoneinfo/right/America/Belem", + "/usr/share/zoneinfo/right/America/Belize", + "/usr/share/zoneinfo/right/America/Blanc-Sablon", + "/usr/share/zoneinfo/right/America/Boa_Vista", + "/usr/share/zoneinfo/right/America/Bogota", + "/usr/share/zoneinfo/right/America/Boise", + "/usr/share/zoneinfo/right/America/Cambridge_Bay", + "/usr/share/zoneinfo/right/America/Campo_Grande", + "/usr/share/zoneinfo/right/America/Cancun", + "/usr/share/zoneinfo/right/America/Caracas", + "/usr/share/zoneinfo/right/America/Cayenne", + "/usr/share/zoneinfo/right/America/Cayman", + "/usr/share/zoneinfo/right/America/Chicago", + "/usr/share/zoneinfo/right/America/Chihuahua", + "/usr/share/zoneinfo/right/America/Ciudad_Juarez", + "/usr/share/zoneinfo/right/America/Costa_Rica", + "/usr/share/zoneinfo/right/America/Creston", + "/usr/share/zoneinfo/right/America/Cuiaba", + "/usr/share/zoneinfo/right/America/Curacao", + "/usr/share/zoneinfo/right/America/Danmarkshavn", + "/usr/share/zoneinfo/right/America/Dawson", + "/usr/share/zoneinfo/right/America/Dawson_Creek", + "/usr/share/zoneinfo/right/America/Denver", + "/usr/share/zoneinfo/right/America/Detroit", + "/usr/share/zoneinfo/right/America/Dominica", + "/usr/share/zoneinfo/right/America/Edmonton", + "/usr/share/zoneinfo/right/America/Eirunepe", + "/usr/share/zoneinfo/right/America/El_Salvador", + "/usr/share/zoneinfo/right/America/Fort_Nelson", + "/usr/share/zoneinfo/right/America/Fortaleza", + "/usr/share/zoneinfo/right/America/Glace_Bay", + "/usr/share/zoneinfo/right/America/Goose_Bay", + "/usr/share/zoneinfo/right/America/Grand_Turk", + "/usr/share/zoneinfo/right/America/Grenada", + "/usr/share/zoneinfo/right/America/Guadeloupe", + "/usr/share/zoneinfo/right/America/Guatemala", + "/usr/share/zoneinfo/right/America/Guayaquil", + "/usr/share/zoneinfo/right/America/Guyana", + "/usr/share/zoneinfo/right/America/Halifax", + "/usr/share/zoneinfo/right/America/Havana", + "/usr/share/zoneinfo/right/America/Hermosillo", + "/usr/share/zoneinfo/right/America/Indiana/Indianapolis", + "/usr/share/zoneinfo/right/America/Indiana/Knox", + "/usr/share/zoneinfo/right/America/Indiana/Marengo", + "/usr/share/zoneinfo/right/America/Indiana/Petersburg", + "/usr/share/zoneinfo/right/America/Indiana/Tell_City", + "/usr/share/zoneinfo/right/America/Indiana/Vevay", + "/usr/share/zoneinfo/right/America/Indiana/Vincennes", + "/usr/share/zoneinfo/right/America/Indiana/Winamac", + "/usr/share/zoneinfo/right/America/Inuvik", + "/usr/share/zoneinfo/right/America/Iqaluit", + "/usr/share/zoneinfo/right/America/Jamaica", + "/usr/share/zoneinfo/right/America/Juneau", + "/usr/share/zoneinfo/right/America/Kentucky/Louisville", + "/usr/share/zoneinfo/right/America/Kentucky/Monticello", + "/usr/share/zoneinfo/right/America/La_Paz", + "/usr/share/zoneinfo/right/America/Lima", + "/usr/share/zoneinfo/right/America/Los_Angeles", + "/usr/share/zoneinfo/right/America/Maceio", + "/usr/share/zoneinfo/right/America/Managua", + "/usr/share/zoneinfo/right/America/Manaus", + "/usr/share/zoneinfo/right/America/Martinique", + "/usr/share/zoneinfo/right/America/Matamoros", + "/usr/share/zoneinfo/right/America/Mazatlan", + "/usr/share/zoneinfo/right/America/Menominee", + "/usr/share/zoneinfo/right/America/Merida", + "/usr/share/zoneinfo/right/America/Metlakatla", + "/usr/share/zoneinfo/right/America/Mexico_City", + "/usr/share/zoneinfo/right/America/Miquelon", + "/usr/share/zoneinfo/right/America/Moncton", + "/usr/share/zoneinfo/right/America/Monterrey", + "/usr/share/zoneinfo/right/America/Montevideo", + "/usr/share/zoneinfo/right/America/Montserrat", + "/usr/share/zoneinfo/right/America/Nassau", + "/usr/share/zoneinfo/right/America/New_York", + "/usr/share/zoneinfo/right/America/Nome", + "/usr/share/zoneinfo/right/America/Noronha", + "/usr/share/zoneinfo/right/America/North_Dakota/Beulah", + "/usr/share/zoneinfo/right/America/North_Dakota/Center", + "/usr/share/zoneinfo/right/America/North_Dakota/New_Salem", + "/usr/share/zoneinfo/right/America/Nuuk", + "/usr/share/zoneinfo/right/America/Ojinaga", + "/usr/share/zoneinfo/right/America/Panama", + "/usr/share/zoneinfo/right/America/Paramaribo", + "/usr/share/zoneinfo/right/America/Phoenix", + "/usr/share/zoneinfo/right/America/Port-au-Prince", + "/usr/share/zoneinfo/right/America/Port_of_Spain", + "/usr/share/zoneinfo/right/America/Porto_Velho", + "/usr/share/zoneinfo/right/America/Puerto_Rico", + "/usr/share/zoneinfo/right/America/Punta_Arenas", + "/usr/share/zoneinfo/right/America/Rankin_Inlet", + "/usr/share/zoneinfo/right/America/Recife", + "/usr/share/zoneinfo/right/America/Regina", + "/usr/share/zoneinfo/right/America/Resolute", + "/usr/share/zoneinfo/right/America/Rio_Branco", + "/usr/share/zoneinfo/right/America/Santarem", + "/usr/share/zoneinfo/right/America/Santiago", + "/usr/share/zoneinfo/right/America/Santo_Domingo", + "/usr/share/zoneinfo/right/America/Sao_Paulo", + "/usr/share/zoneinfo/right/America/Scoresbysund", + "/usr/share/zoneinfo/right/America/Sitka", + "/usr/share/zoneinfo/right/America/St_Johns", + "/usr/share/zoneinfo/right/America/St_Kitts", + "/usr/share/zoneinfo/right/America/St_Lucia", + "/usr/share/zoneinfo/right/America/St_Thomas", + "/usr/share/zoneinfo/right/America/St_Vincent", + "/usr/share/zoneinfo/right/America/Swift_Current", + "/usr/share/zoneinfo/right/America/Tegucigalpa", + "/usr/share/zoneinfo/right/America/Thule", + "/usr/share/zoneinfo/right/America/Tijuana", + "/usr/share/zoneinfo/right/America/Toronto", + "/usr/share/zoneinfo/right/America/Tortola", + "/usr/share/zoneinfo/right/America/Vancouver", + "/usr/share/zoneinfo/right/America/Whitehorse", + "/usr/share/zoneinfo/right/America/Winnipeg", + "/usr/share/zoneinfo/right/America/Yakutat", + "/usr/share/zoneinfo/right/Antarctica/Casey", + "/usr/share/zoneinfo/right/Antarctica/Davis", + "/usr/share/zoneinfo/right/Antarctica/DumontDUrville", + "/usr/share/zoneinfo/right/Antarctica/Macquarie", + "/usr/share/zoneinfo/right/Antarctica/Mawson", + "/usr/share/zoneinfo/right/Antarctica/McMurdo", + "/usr/share/zoneinfo/right/Antarctica/Palmer", + "/usr/share/zoneinfo/right/Antarctica/Rothera", + "/usr/share/zoneinfo/right/Antarctica/Syowa", + "/usr/share/zoneinfo/right/Antarctica/Troll", + "/usr/share/zoneinfo/right/Antarctica/Vostok", + "/usr/share/zoneinfo/right/Asia/Aden", + "/usr/share/zoneinfo/right/Asia/Almaty", + "/usr/share/zoneinfo/right/Asia/Amman", + "/usr/share/zoneinfo/right/Asia/Anadyr", + "/usr/share/zoneinfo/right/Asia/Aqtau", + "/usr/share/zoneinfo/right/Asia/Aqtobe", + "/usr/share/zoneinfo/right/Asia/Ashgabat", + "/usr/share/zoneinfo/right/Asia/Atyrau", + "/usr/share/zoneinfo/right/Asia/Baghdad", + "/usr/share/zoneinfo/right/Asia/Bahrain", + "/usr/share/zoneinfo/right/Asia/Baku", + "/usr/share/zoneinfo/right/Asia/Bangkok", + "/usr/share/zoneinfo/right/Asia/Barnaul", + "/usr/share/zoneinfo/right/Asia/Beirut", + "/usr/share/zoneinfo/right/Asia/Bishkek", + "/usr/share/zoneinfo/right/Asia/Brunei", + "/usr/share/zoneinfo/right/Asia/Chita", + "/usr/share/zoneinfo/right/Asia/Choibalsan", + "/usr/share/zoneinfo/right/Asia/Colombo", + "/usr/share/zoneinfo/right/Asia/Damascus", + "/usr/share/zoneinfo/right/Asia/Dhaka", + "/usr/share/zoneinfo/right/Asia/Dili", + "/usr/share/zoneinfo/right/Asia/Dubai", + "/usr/share/zoneinfo/right/Asia/Dushanbe", + "/usr/share/zoneinfo/right/Asia/Famagusta", + "/usr/share/zoneinfo/right/Asia/Gaza", + "/usr/share/zoneinfo/right/Asia/Hebron", + "/usr/share/zoneinfo/right/Asia/Ho_Chi_Minh", + "/usr/share/zoneinfo/right/Asia/Hong_Kong", + "/usr/share/zoneinfo/right/Asia/Hovd", + "/usr/share/zoneinfo/right/Asia/Irkutsk", + "/usr/share/zoneinfo/right/Asia/Jakarta", + "/usr/share/zoneinfo/right/Asia/Jayapura", + "/usr/share/zoneinfo/right/Asia/Jerusalem", + "/usr/share/zoneinfo/right/Asia/Kabul", + "/usr/share/zoneinfo/right/Asia/Kamchatka", + "/usr/share/zoneinfo/right/Asia/Karachi", + "/usr/share/zoneinfo/right/Asia/Kathmandu", + "/usr/share/zoneinfo/right/Asia/Khandyga", + "/usr/share/zoneinfo/right/Asia/Kolkata", + "/usr/share/zoneinfo/right/Asia/Krasnoyarsk", + "/usr/share/zoneinfo/right/Asia/Kuala_Lumpur", + "/usr/share/zoneinfo/right/Asia/Kuching", + "/usr/share/zoneinfo/right/Asia/Kuwait", + "/usr/share/zoneinfo/right/Asia/Macau", + "/usr/share/zoneinfo/right/Asia/Magadan", + "/usr/share/zoneinfo/right/Asia/Makassar", + "/usr/share/zoneinfo/right/Asia/Manila", + "/usr/share/zoneinfo/right/Asia/Muscat", + "/usr/share/zoneinfo/right/Asia/Nicosia", + "/usr/share/zoneinfo/right/Asia/Novokuznetsk", + "/usr/share/zoneinfo/right/Asia/Novosibirsk", + "/usr/share/zoneinfo/right/Asia/Omsk", + "/usr/share/zoneinfo/right/Asia/Oral", + "/usr/share/zoneinfo/right/Asia/Phnom_Penh", + "/usr/share/zoneinfo/right/Asia/Pontianak", + "/usr/share/zoneinfo/right/Asia/Pyongyang", + "/usr/share/zoneinfo/right/Asia/Qatar", + "/usr/share/zoneinfo/right/Asia/Qostanay", + "/usr/share/zoneinfo/right/Asia/Qyzylorda", + "/usr/share/zoneinfo/right/Asia/Riyadh", + "/usr/share/zoneinfo/right/Asia/Sakhalin", + "/usr/share/zoneinfo/right/Asia/Samarkand", + "/usr/share/zoneinfo/right/Asia/Seoul", + "/usr/share/zoneinfo/right/Asia/Shanghai", + "/usr/share/zoneinfo/right/Asia/Singapore", + "/usr/share/zoneinfo/right/Asia/Srednekolymsk", + "/usr/share/zoneinfo/right/Asia/Taipei", + "/usr/share/zoneinfo/right/Asia/Tashkent", + "/usr/share/zoneinfo/right/Asia/Tbilisi", + "/usr/share/zoneinfo/right/Asia/Tehran", + "/usr/share/zoneinfo/right/Asia/Thimphu", + "/usr/share/zoneinfo/right/Asia/Tokyo", + "/usr/share/zoneinfo/right/Asia/Tomsk", + "/usr/share/zoneinfo/right/Asia/Ulaanbaatar", + "/usr/share/zoneinfo/right/Asia/Urumqi", + "/usr/share/zoneinfo/right/Asia/Ust-Nera", + "/usr/share/zoneinfo/right/Asia/Vientiane", + "/usr/share/zoneinfo/right/Asia/Vladivostok", + "/usr/share/zoneinfo/right/Asia/Yakutsk", + "/usr/share/zoneinfo/right/Asia/Yangon", + "/usr/share/zoneinfo/right/Asia/Yekaterinburg", + "/usr/share/zoneinfo/right/Asia/Yerevan", + "/usr/share/zoneinfo/right/Atlantic/Azores", + "/usr/share/zoneinfo/right/Atlantic/Bermuda", + "/usr/share/zoneinfo/right/Atlantic/Canary", + "/usr/share/zoneinfo/right/Atlantic/Cape_Verde", + "/usr/share/zoneinfo/right/Atlantic/Faroe", + "/usr/share/zoneinfo/right/Atlantic/Madeira", + "/usr/share/zoneinfo/right/Atlantic/Reykjavik", + "/usr/share/zoneinfo/right/Atlantic/South_Georgia", + "/usr/share/zoneinfo/right/Atlantic/St_Helena", + "/usr/share/zoneinfo/right/Atlantic/Stanley", + "/usr/share/zoneinfo/right/Australia/Adelaide", + "/usr/share/zoneinfo/right/Australia/Brisbane", + "/usr/share/zoneinfo/right/Australia/Broken_Hill", + "/usr/share/zoneinfo/right/Australia/Darwin", + "/usr/share/zoneinfo/right/Australia/Eucla", + "/usr/share/zoneinfo/right/Australia/Hobart", + "/usr/share/zoneinfo/right/Australia/Lindeman", + "/usr/share/zoneinfo/right/Australia/Lord_Howe", + "/usr/share/zoneinfo/right/Australia/Melbourne", + "/usr/share/zoneinfo/right/Australia/Perth", + "/usr/share/zoneinfo/right/Australia/Sydney", + "/usr/share/zoneinfo/right/CET", + "/usr/share/zoneinfo/right/CST6CDT", + "/usr/share/zoneinfo/right/EET", + "/usr/share/zoneinfo/right/EST", + "/usr/share/zoneinfo/right/EST5EDT", + "/usr/share/zoneinfo/right/Etc/GMT", + "/usr/share/zoneinfo/right/Etc/GMT+1", + "/usr/share/zoneinfo/right/Etc/GMT+10", + "/usr/share/zoneinfo/right/Etc/GMT+11", + "/usr/share/zoneinfo/right/Etc/GMT+12", + "/usr/share/zoneinfo/right/Etc/GMT+2", + "/usr/share/zoneinfo/right/Etc/GMT+3", + "/usr/share/zoneinfo/right/Etc/GMT+4", + "/usr/share/zoneinfo/right/Etc/GMT+5", + "/usr/share/zoneinfo/right/Etc/GMT+6", + "/usr/share/zoneinfo/right/Etc/GMT+7", + "/usr/share/zoneinfo/right/Etc/GMT+8", + "/usr/share/zoneinfo/right/Etc/GMT+9", + "/usr/share/zoneinfo/right/Etc/GMT-1", + "/usr/share/zoneinfo/right/Etc/GMT-10", + "/usr/share/zoneinfo/right/Etc/GMT-11", + "/usr/share/zoneinfo/right/Etc/GMT-12", + "/usr/share/zoneinfo/right/Etc/GMT-13", + "/usr/share/zoneinfo/right/Etc/GMT-14", + "/usr/share/zoneinfo/right/Etc/GMT-2", + "/usr/share/zoneinfo/right/Etc/GMT-3", + "/usr/share/zoneinfo/right/Etc/GMT-4", + "/usr/share/zoneinfo/right/Etc/GMT-5", + "/usr/share/zoneinfo/right/Etc/GMT-6", + "/usr/share/zoneinfo/right/Etc/GMT-7", + "/usr/share/zoneinfo/right/Etc/GMT-8", + "/usr/share/zoneinfo/right/Etc/GMT-9", + "/usr/share/zoneinfo/right/Etc/UTC", + "/usr/share/zoneinfo/right/Europe/Amsterdam", + "/usr/share/zoneinfo/right/Europe/Andorra", + "/usr/share/zoneinfo/right/Europe/Astrakhan", + "/usr/share/zoneinfo/right/Europe/Athens", + "/usr/share/zoneinfo/right/Europe/Belgrade", + "/usr/share/zoneinfo/right/Europe/Berlin", + "/usr/share/zoneinfo/right/Europe/Brussels", + "/usr/share/zoneinfo/right/Europe/Bucharest", + "/usr/share/zoneinfo/right/Europe/Budapest", + "/usr/share/zoneinfo/right/Europe/Chisinau", + "/usr/share/zoneinfo/right/Europe/Copenhagen", + "/usr/share/zoneinfo/right/Europe/Dublin", + "/usr/share/zoneinfo/right/Europe/Gibraltar", + "/usr/share/zoneinfo/right/Europe/Guernsey", + "/usr/share/zoneinfo/right/Europe/Helsinki", + "/usr/share/zoneinfo/right/Europe/Isle_of_Man", + "/usr/share/zoneinfo/right/Europe/Istanbul", + "/usr/share/zoneinfo/right/Europe/Jersey", + "/usr/share/zoneinfo/right/Europe/Kaliningrad", + "/usr/share/zoneinfo/right/Europe/Kirov", + "/usr/share/zoneinfo/right/Europe/Kyiv", + "/usr/share/zoneinfo/right/Europe/Lisbon", + "/usr/share/zoneinfo/right/Europe/Ljubljana", + "/usr/share/zoneinfo/right/Europe/London", + "/usr/share/zoneinfo/right/Europe/Luxembourg", + "/usr/share/zoneinfo/right/Europe/Madrid", + "/usr/share/zoneinfo/right/Europe/Malta", + "/usr/share/zoneinfo/right/Europe/Minsk", + "/usr/share/zoneinfo/right/Europe/Monaco", + "/usr/share/zoneinfo/right/Europe/Moscow", + "/usr/share/zoneinfo/right/Europe/Oslo", + "/usr/share/zoneinfo/right/Europe/Paris", + "/usr/share/zoneinfo/right/Europe/Prague", + "/usr/share/zoneinfo/right/Europe/Riga", + "/usr/share/zoneinfo/right/Europe/Rome", + "/usr/share/zoneinfo/right/Europe/Samara", + "/usr/share/zoneinfo/right/Europe/Sarajevo", + "/usr/share/zoneinfo/right/Europe/Saratov", + "/usr/share/zoneinfo/right/Europe/Simferopol", + "/usr/share/zoneinfo/right/Europe/Skopje", + "/usr/share/zoneinfo/right/Europe/Sofia", + "/usr/share/zoneinfo/right/Europe/Stockholm", + "/usr/share/zoneinfo/right/Europe/Tallinn", + "/usr/share/zoneinfo/right/Europe/Tirane", + "/usr/share/zoneinfo/right/Europe/Ulyanovsk", + "/usr/share/zoneinfo/right/Europe/Vaduz", + "/usr/share/zoneinfo/right/Europe/Vienna", + "/usr/share/zoneinfo/right/Europe/Vilnius", + "/usr/share/zoneinfo/right/Europe/Volgograd", + "/usr/share/zoneinfo/right/Europe/Warsaw", + "/usr/share/zoneinfo/right/Europe/Zagreb", + "/usr/share/zoneinfo/right/Europe/Zurich", + "/usr/share/zoneinfo/right/Factory", + "/usr/share/zoneinfo/right/HST", + "/usr/share/zoneinfo/right/Indian/Antananarivo", + "/usr/share/zoneinfo/right/Indian/Chagos", + "/usr/share/zoneinfo/right/Indian/Christmas", + "/usr/share/zoneinfo/right/Indian/Cocos", + "/usr/share/zoneinfo/right/Indian/Comoro", + "/usr/share/zoneinfo/right/Indian/Kerguelen", + "/usr/share/zoneinfo/right/Indian/Mahe", + "/usr/share/zoneinfo/right/Indian/Maldives", + "/usr/share/zoneinfo/right/Indian/Mauritius", + "/usr/share/zoneinfo/right/Indian/Mayotte", + "/usr/share/zoneinfo/right/Indian/Reunion", + "/usr/share/zoneinfo/right/MET", + "/usr/share/zoneinfo/right/MST", + "/usr/share/zoneinfo/right/MST7MDT", + "/usr/share/zoneinfo/right/PST8PDT", + "/usr/share/zoneinfo/right/Pacific/Apia", + "/usr/share/zoneinfo/right/Pacific/Auckland", + "/usr/share/zoneinfo/right/Pacific/Bougainville", + "/usr/share/zoneinfo/right/Pacific/Chatham", + "/usr/share/zoneinfo/right/Pacific/Chuuk", + "/usr/share/zoneinfo/right/Pacific/Easter", + "/usr/share/zoneinfo/right/Pacific/Efate", + "/usr/share/zoneinfo/right/Pacific/Fakaofo", + "/usr/share/zoneinfo/right/Pacific/Fiji", + "/usr/share/zoneinfo/right/Pacific/Funafuti", + "/usr/share/zoneinfo/right/Pacific/Galapagos", + "/usr/share/zoneinfo/right/Pacific/Gambier", + "/usr/share/zoneinfo/right/Pacific/Guadalcanal", + "/usr/share/zoneinfo/right/Pacific/Guam", + "/usr/share/zoneinfo/right/Pacific/Honolulu", + "/usr/share/zoneinfo/right/Pacific/Kanton", + "/usr/share/zoneinfo/right/Pacific/Kiritimati", + "/usr/share/zoneinfo/right/Pacific/Kosrae", + "/usr/share/zoneinfo/right/Pacific/Kwajalein", + "/usr/share/zoneinfo/right/Pacific/Majuro", + "/usr/share/zoneinfo/right/Pacific/Marquesas", + "/usr/share/zoneinfo/right/Pacific/Midway", + "/usr/share/zoneinfo/right/Pacific/Nauru", + "/usr/share/zoneinfo/right/Pacific/Niue", + "/usr/share/zoneinfo/right/Pacific/Norfolk", + "/usr/share/zoneinfo/right/Pacific/Noumea", + "/usr/share/zoneinfo/right/Pacific/Pago_Pago", + "/usr/share/zoneinfo/right/Pacific/Palau", + "/usr/share/zoneinfo/right/Pacific/Pitcairn", + "/usr/share/zoneinfo/right/Pacific/Pohnpei", + "/usr/share/zoneinfo/right/Pacific/Port_Moresby", + "/usr/share/zoneinfo/right/Pacific/Rarotonga", + "/usr/share/zoneinfo/right/Pacific/Saipan", + "/usr/share/zoneinfo/right/Pacific/Tahiti", + "/usr/share/zoneinfo/right/Pacific/Tarawa", + "/usr/share/zoneinfo/right/Pacific/Tongatapu", + "/usr/share/zoneinfo/right/Pacific/Wake", + "/usr/share/zoneinfo/right/Pacific/Wallis", + "/usr/share/zoneinfo/right/WET", + "/usr/share/zoneinfo/tzdata.zi", + "/usr/share/zoneinfo/zone.tab", + "/usr/share/zoneinfo/zone1970.tab" + ], + "AnalyzedBy": "dpkg" + } + ] + }, + { + "Target": "app/cmd/cainjector/cainjector", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "stdlib@v1.21.9", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "Version": "v1.21.9", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "../../", + "Name": "../../", + "Identifier": { + "UID": "585e3c2b0bf6f892" + }, + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/beorn7/perks@v1.0.1", + "Name": "github.com/beorn7/perks", + "Identifier": { + "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", + "UID": "ea9c649a2b7e06d7" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/blang/semver/v4@v4.0.0", + "Name": "github.com/blang/semver/v4", + "Identifier": { + "PURL": "pkg:golang/github.com/blang/semver/v4@v4.0.0", + "UID": "b31d593a26c9fac6" + }, + "Version": "v4.0.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cert-manager/cert-manager/cainjector-binary", + "Name": "github.com/cert-manager/cert-manager/cainjector-binary", + "Identifier": { + "PURL": "pkg:golang/github.com/cert-manager/cert-manager/cainjector-binary", + "UID": "9b38958129f5e534" + }, + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cespare/xxhash/v2@v2.2.0", + "Name": "github.com/cespare/xxhash/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.2.0", + "UID": "4783837cb2931795" + }, + "Version": "v2.2.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "Name": "github.com/davecgh/go-spew", + "Identifier": { + "PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "UID": "c040176c7f7a7d03" + }, + "Version": "v1.1.2-0.20180830191138-d8f796af33cc", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/emicklei/go-restful/v3@v3.11.0", + "Name": "github.com/emicklei/go-restful/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/emicklei/go-restful/v3@v3.11.0", + "UID": "f49b5b8a7b412a83" + }, + "Version": "v3.11.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/evanphx/json-patch/v5@v5.7.0", + "Name": "github.com/evanphx/json-patch/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/evanphx/json-patch/v5@v5.7.0", + "UID": "52a575b3ce5085f5" + }, + "Version": "v5.7.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/fsnotify/fsnotify@v1.7.0", + "Name": "github.com/fsnotify/fsnotify", + "Identifier": { + "PURL": "pkg:golang/github.com/fsnotify/fsnotify@v1.7.0", + "UID": "84e89d27a842f928" + }, + "Version": "v1.7.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/logr@v1.4.1", + "Name": "github.com/go-logr/logr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/logr@v1.4.1", + "UID": "43aa8d478ea3f2f2" + }, + "Version": "v1.4.1", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/zapr@v1.3.0", + "Name": "github.com/go-logr/zapr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/zapr@v1.3.0", + "UID": "f284ea699703f1eb" + }, + "Version": "v1.3.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/jsonpointer@v0.20.2", + "Name": "github.com/go-openapi/jsonpointer", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/jsonpointer@v0.20.2", + "UID": "c0e02c373cd78a4d" + }, + "Version": "v0.20.2", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/jsonreference@v0.20.4", + "Name": "github.com/go-openapi/jsonreference", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/jsonreference@v0.20.4", + "UID": "7d18a033865712f8" + }, + "Version": "v0.20.4", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag@v0.22.7", + "Name": "github.com/go-openapi/swag", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag@v0.22.7", + "UID": "d0ba37698f5b5ccb" + }, + "Version": "v0.22.7", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gogo/protobuf@v1.3.2", + "Name": "github.com/gogo/protobuf", + "Identifier": { + "PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2", + "UID": "76f1ba1c1cd8ebf" + }, + "Version": "v1.3.2", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", + "Name": "github.com/golang/groupcache", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", + "UID": "df84a8b2e9200c53" + }, + "Version": "v0.0.0-20210331224755-41bb18bfe9da", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/protobuf@v1.5.3", + "Name": "github.com/golang/protobuf", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/protobuf@v1.5.3", + "UID": "ba66aa9d5e6c906d" + }, + "Version": "v1.5.3", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/gnostic-models@v0.6.8", + "Name": "github.com/google/gnostic-models", + "Identifier": { + "PURL": "pkg:golang/github.com/google/gnostic-models@v0.6.8", + "UID": "5dbbff756c093651" + }, + "Version": "v0.6.8", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/go-cmp@v0.6.0", + "Name": "github.com/google/go-cmp", + "Identifier": { + "PURL": "pkg:golang/github.com/google/go-cmp@v0.6.0", + "UID": "87f0814d18e95fb" + }, + "Version": "v0.6.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/gofuzz@v1.2.0", + "Name": "github.com/google/gofuzz", + "Identifier": { + "PURL": "pkg:golang/github.com/google/gofuzz@v1.2.0", + "UID": "d7efe9a5c0ab848c" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/uuid@v1.5.0", + "Name": "github.com/google/uuid", + "Identifier": { + "PURL": "pkg:golang/github.com/google/uuid@v1.5.0", + "UID": "e670f1ac342f3f1a" + }, + "Version": "v1.5.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/imdario/mergo@v0.3.16", + "Name": "github.com/imdario/mergo", + "Identifier": { + "PURL": "pkg:golang/github.com/imdario/mergo@v0.3.16", + "UID": "9d4f0edd474e2b7b" + }, + "Version": "v0.3.16", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/josharian/intern@v1.0.0", + "Name": "github.com/josharian/intern", + "Identifier": { + "PURL": "pkg:golang/github.com/josharian/intern@v1.0.0", + "UID": "34c66735c0171d1b" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/json-iterator/go@v1.1.12", + "Name": "github.com/json-iterator/go", + "Identifier": { + "PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12", + "UID": "238e6fc00cb49b7b" + }, + "Version": "v1.1.12", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mailru/easyjson@v0.7.7", + "Name": "github.com/mailru/easyjson", + "Identifier": { + "PURL": "pkg:golang/github.com/mailru/easyjson@v0.7.7", + "UID": "c7b3a610e560abf7" + }, + "Version": "v0.7.7", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/matttproud/golang_protobuf_extensions/v2@v2.0.0", + "Name": "github.com/matttproud/golang_protobuf_extensions/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/matttproud/golang_protobuf_extensions/v2@v2.0.0", + "UID": "5e89f3ee955e13b3" + }, + "Version": "v2.0.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "Name": "github.com/modern-go/concurrent", + "Identifier": { + "PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "UID": "b869900c83767d81" + }, + "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/modern-go/reflect2@v1.0.2", + "Name": "github.com/modern-go/reflect2", + "Identifier": { + "PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.2", + "UID": "b9c21f0d3d1b4b15" + }, + "Version": "v1.0.2", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "Name": "github.com/munnerz/goautoneg", + "Identifier": { + "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "UID": "dc1c5c3b144ee52f" + }, + "Version": "v0.0.0-20191010083416-a7dc8b61c822", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pkg/errors@v0.9.1", + "Name": "github.com/pkg/errors", + "Identifier": { + "PURL": "pkg:golang/github.com/pkg/errors@v0.9.1", + "UID": "f297e125173e85d1" + }, + "Version": "v0.9.1", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_golang@v1.18.0", + "Name": "github.com/prometheus/client_golang", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.18.0", + "UID": "f09592b6066cf346" + }, + "Version": "v1.18.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_model@v0.5.0", + "Name": "github.com/prometheus/client_model", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_model@v0.5.0", + "UID": "83270ad055930f64" + }, + "Version": "v0.5.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/common@v0.45.0", + "Name": "github.com/prometheus/common", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/common@v0.45.0", + "UID": "861cbd6000a0fbae" + }, + "Version": "v0.45.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/procfs@v0.12.0", + "Name": "github.com/prometheus/procfs", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/procfs@v0.12.0", + "UID": "ca1ee438cc4b8028" + }, + "Version": "v0.12.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/cobra@v1.8.0", + "Name": "github.com/spf13/cobra", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/cobra@v1.8.0", + "UID": "d351cae1ececde62" + }, + "Version": "v1.8.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/pflag@v1.0.5", + "Name": "github.com/spf13/pflag", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.5", + "UID": "ed0d5b70c7dc764b" + }, + "Version": "v1.0.5", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/multierr@v1.11.0", + "Name": "go.uber.org/multierr", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/multierr@v1.11.0", + "UID": "3718117b5eb8bca3" + }, + "Version": "v1.11.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/zap@v1.26.0", + "Name": "go.uber.org/zap", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/zap@v1.26.0", + "UID": "dcd7717be0b2e48" + }, + "Version": "v1.26.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/exp@v0.0.0-20231226003508-02704c960a9b", + "Name": "golang.org/x/exp", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/exp@v0.0.0-20231226003508-02704c960a9b", + "UID": "c90a8399138f3995" + }, + "Version": "v0.0.0-20231226003508-02704c960a9b", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/net@v0.24.0", + "Name": "golang.org/x/net", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.24.0", + "UID": "38038b84884e0275" + }, + "Version": "v0.24.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/oauth2@v0.15.0", + "Name": "golang.org/x/oauth2", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/oauth2@v0.15.0", + "UID": "ad0fa44a78e55797" + }, + "Version": "v0.15.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sys@v0.19.0", + "Name": "golang.org/x/sys", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sys@v0.19.0", + "UID": "54f2c712666ba349" + }, + "Version": "v0.19.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/term@v0.19.0", + "Name": "golang.org/x/term", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/term@v0.19.0", + "UID": "eb7f12fbf280e6d5" + }, + "Version": "v0.19.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/text@v0.14.0", + "Name": "golang.org/x/text", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/text@v0.14.0", + "UID": "d03d38ef3842625f" + }, + "Version": "v0.14.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/time@v0.5.0", + "Name": "golang.org/x/time", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/time@v0.5.0", + "UID": "317701560070c453" + }, + "Version": "v0.5.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gomodules.xyz/jsonpatch/v2@v2.4.0", + "Name": "gomodules.xyz/jsonpatch/v2", + "Identifier": { + "PURL": "pkg:golang/gomodules.xyz/jsonpatch/v2@v2.4.0", + "UID": "4c95c2bcc1b34a31" + }, + "Version": "v2.4.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/protobuf@v1.33.0", + "Name": "google.golang.org/protobuf", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/protobuf@v1.33.0", + "UID": "d9c29ade73d9eb65" + }, + "Version": "v1.33.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/inf.v0@v0.9.1", + "Name": "gopkg.in/inf.v0", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/inf.v0@v0.9.1", + "UID": "6dcbaed342ffca2d" + }, + "Version": "v0.9.1", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v2@v2.4.0", + "Name": "gopkg.in/yaml.v2", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", + "UID": "56139e367c6bd42b" + }, + "Version": "v2.4.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v3@v3.0.1", + "Name": "gopkg.in/yaml.v3", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", + "UID": "1ac44e62f817cea7" + }, + "Version": "v3.0.1", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/api@v0.29.0", + "Name": "k8s.io/api", + "Identifier": { + "PURL": "pkg:golang/k8s.io/api@v0.29.0", + "UID": "be5029bf8145fa96" + }, + "Version": "v0.29.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/apiextensions-apiserver@v0.29.0", + "Name": "k8s.io/apiextensions-apiserver", + "Identifier": { + "PURL": "pkg:golang/k8s.io/apiextensions-apiserver@v0.29.0", + "UID": "d0c0342ef88520ce" + }, + "Version": "v0.29.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/apimachinery@v0.29.0", + "Name": "k8s.io/apimachinery", + "Identifier": { + "PURL": "pkg:golang/k8s.io/apimachinery@v0.29.0", + "UID": "425d7c21f60a22a2" + }, + "Version": "v0.29.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/client-go@v0.29.0", + "Name": "k8s.io/client-go", + "Identifier": { + "PURL": "pkg:golang/k8s.io/client-go@v0.29.0", + "UID": "df886b69bd6d7830" + }, + "Version": "v0.29.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/component-base@v0.29.0", + "Name": "k8s.io/component-base", + "Identifier": { + "PURL": "pkg:golang/k8s.io/component-base@v0.29.0", + "UID": "2018b800e61c6fc4" + }, + "Version": "v0.29.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/klog/v2@v2.110.1", + "Name": "k8s.io/klog/v2", + "Identifier": { + "PURL": "pkg:golang/k8s.io/klog/v2@v2.110.1", + "UID": "dc4c9b146454637d" + }, + "Version": "v2.110.1", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/kube-aggregator@v0.29.0", + "Name": "k8s.io/kube-aggregator", + "Identifier": { + "PURL": "pkg:golang/k8s.io/kube-aggregator@v0.29.0", + "UID": "172f4e4b153a80c8" + }, + "Version": "v0.29.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/kube-openapi@v0.0.0-20240103051144-eec4567ac022", + "Name": "k8s.io/kube-openapi", + "Identifier": { + "PURL": "pkg:golang/k8s.io/kube-openapi@v0.0.0-20240103051144-eec4567ac022", + "UID": "be8e8eccb6d19da0" + }, + "Version": "v0.0.0-20240103051144-eec4567ac022", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/utils@v0.0.0-20240102154912-e7106e64919e", + "Name": "k8s.io/utils", + "Identifier": { + "PURL": "pkg:golang/k8s.io/utils@v0.0.0-20240102154912-e7106e64919e", + "UID": "834bd3cd20472f28" + }, + "Version": "v0.0.0-20240102154912-e7106e64919e", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/controller-runtime@v0.16.3", + "Name": "sigs.k8s.io/controller-runtime", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/controller-runtime@v0.16.3", + "UID": "27bba8446924be91" + }, + "Version": "v0.16.3", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/gateway-api@v1.0.0", + "Name": "sigs.k8s.io/gateway-api", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/gateway-api@v1.0.0", + "UID": "4a0180b6a3afb895" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", + "Name": "sigs.k8s.io/json", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", + "UID": "b7a668522d7ba140" + }, + "Version": "v0.0.0-20221116044647-bc3834ca7abd", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/structured-merge-diff/v4@v4.4.1", + "Name": "sigs.k8s.io/structured-merge-diff/v4", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/structured-merge-diff/v4@v4.4.1", + "UID": "a77ce80bb0ebb8d4" + }, + "Version": "v4.4.1", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/yaml@v1.4.0", + "Name": "sigs.k8s.io/yaml", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/yaml@v1.4.0", + "UID": "1ee52aa2448d32a5" + }, + "Version": "v1.4.0", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2025-22870", + "VendorIDs": [ + "GHSA-qxp5-gwg8-xv66" + ], + "PkgID": "golang.org/x/net@v0.24.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.24.0", + "UID": "38038b84884e0275" + }, + "InstalledVersion": "v0.24.0", + "FixedVersion": "0.36.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:9bde9e4f9639f7b78888b87e79a82d30718f86f0860e20b3af094f769c12d0a5", + "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", + "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-115" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/03/07/2", + "https://access.redhat.com/security/cve/CVE-2025-22870", + "https://github.com/golang/go/issues/71984", + "https://go-review.googlesource.com/q/project:net", + "https://go.dev/cl/654697", + "https://go.dev/issue/71984", + "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", + "https://pkg.go.dev/vuln/GO-2025-3503", + "https://security.netapp.com/advisory/ntap-20250509-0007", + "https://security.netapp.com/advisory/ntap-20250509-0007/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22870" + ], + "PublishedDate": "2025-03-12T19:15:38.31Z", + "LastModifiedDate": "2026-04-16T23:16:32.86Z" + }, + { + "VulnerabilityID": "CVE-2025-22872", + "VendorIDs": [ + "GHSA-vvgc-356p-c3xw" + ], + "PkgID": "golang.org/x/net@v0.24.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.24.0", + "UID": "38038b84884e0275" + }, + "InstalledVersion": "v0.24.0", + "FixedVersion": "0.38.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:64ee41b0093948a0367bd081bd764718d6e77bf1d0c86ccfa129d0490b560055", + "Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net", + "Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", + "V40Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22872", + "https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9", + "https://github.com/advisories/GHSA-vvgc-356p-c3xw", + "https://go.dev/cl/662715", + "https://go.dev/issue/73070", + "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22872", + "https://pkg.go.dev/vuln/GO-2025-3595", + "https://security.netapp.com/advisory/ntap-20250516-0007", + "https://security.netapp.com/advisory/ntap-20250516-0007/", + "https://ubuntu.com/security/notices/USN-8089-1", + "https://ubuntu.com/security/notices/USN-8089-2", + "https://ubuntu.com/security/notices/USN-8089-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22872" + ], + "PublishedDate": "2025-04-16T18:16:04.183Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22868", + "VendorIDs": [ + "GHSA-6v2p-p543-phr9" + ], + "PkgID": "golang.org/x/oauth2@v0.15.0", + "PkgName": "golang.org/x/oauth2", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/oauth2@v0.15.0", + "UID": "ad0fa44a78e55797" + }, + "InstalledVersion": "v0.15.0", + "FixedVersion": "0.27.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22868", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:732b8345bb146ccf5d20c081355cc9d3a9ec03af890924ed1491f46a1a8a953b", + "Title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws", + "Description": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1286" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2347423", + "https://bugzilla.redhat.com/show_bug.cgi?id=2348366", + "https://bugzilla.redhat.com/show_bug.cgi?id=2352914", + "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22868", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27144", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29786", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204", + "https://errata.rockylinux.org/RLSA-2025:7479", + "https://go.dev/cl/652155", + "https://go.dev/issue/71490", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22868", + "https://pkg.go.dev/vuln/GO-2025-3488", + "https://www.cve.org/CVERecord?id=CVE-2025-22868" + ], + "PublishedDate": "2025-02-26T08:14:24.897Z", + "LastModifiedDate": "2025-05-01T19:27:10.43Z" + }, + { + "VulnerabilityID": "CVE-2024-24790", + "VendorIDs": [ + "GO-2024-2887" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.21.11, 1.22.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24790", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7234b3cf0f7f9e1565309b90aa7085cb8c9b5a9636d94dd5ffd0c16a7da9e48f", + "Title": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses", + "Description": "The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.", + "Severity": "CRITICAL", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 4, + "nvd": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 6.7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/06/04/1", + "https://access.redhat.com/errata/RHSA-2025:7256", + "https://access.redhat.com/security/cve/CVE-2024-24790", + "https://bugzilla.redhat.com/2237777", + "https://bugzilla.redhat.com/2237778", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2292787", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/2315719", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", + "https://errata.almalinux.org/9/ALSA-2025-7256.html", + "https://errata.rockylinux.org/RLSA-2025:7256", + "https://github.com/golang/go/commit/051bdf3fd12a40307606ff9381138039c5f452f0 (1.21)", + "https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca (1.22)", + "https://github.com/golang/go/issues/67680", + "https://go.dev/cl/590316", + "https://go.dev/issue/67680", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", + "https://linux.oracle.com/cve/CVE-2024-24790.html", + "https://linux.oracle.com/errata/ELSA-2025-7256.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24790", + "https://pkg.go.dev/vuln/GO-2024-2887", + "https://security.netapp.com/advisory/ntap-20240905-0002/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24790" + ], + "PublishedDate": "2024-06-05T16:15:10.56Z", + "LastModifiedDate": "2024-11-21T08:59:42.813Z" + }, + { + "VulnerabilityID": "CVE-2025-68121", + "VendorIDs": [ + "GO-2026-4337" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:256079eeb4096da77da1bc4e706270817f72de6586edd20b0a120b318f594513", + "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", + "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 4, + "cbl-mariner": 2, + "nvd": 4, + "oracle-oval": 3, + "photon": 4, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-68121", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://github.com/golang/go/issues/77113", + "https://go.dev/cl/737700", + "https://go.dev/issue/77217", + "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-68121.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", + "https://pkg.go.dev/vuln/GO-2026-4337", + "https://www.cve.org/CVERecord?id=CVE-2025-68121" + ], + "PublishedDate": "2026-02-05T18:16:10.857Z", + "LastModifiedDate": "2026-04-29T14:16:16.17Z" + }, + { + "VulnerabilityID": "CVE-2024-34156", + "VendorIDs": [ + "GO-2024-3106" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.22.7, 1.23.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34156", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b71faa4a1fc06278d6847fd5426cce37cdd39ce78ce9c2dcb2b5ad6861d0aed5", + "Title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion", + "Description": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:3773", + "https://access.redhat.com/security/cve/CVE-2024-34156", + "https://bugzilla.redhat.com/2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.almalinux.org/9/ALSA-2025-3773.html", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7)", + "https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1)", + "https://go.dev/cl/611239", + "https://go.dev/issue/69139", + "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", + "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", + "https://linux.oracle.com/cve/CVE-2024-34156.html", + "https://linux.oracle.com/errata/ELSA-2025-3773.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-34156", + "https://pkg.go.dev/vuln/GO-2024-3106", + "https://security.netapp.com/advisory/ntap-20240926-0004/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-34156" + ], + "PublishedDate": "2024-09-06T21:15:12.02Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61726", + "VendorIDs": [ + "GO-2026-4341" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3be83f7a6a1fa992b142b5737dc549620f49bbf08b3d97fbf3d212f028ca647d", + "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", + "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 3, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-61726", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://go.dev/cl/736712", + "https://go.dev/issue/77101", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61726.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", + "https://pkg.go.dev/vuln/GO-2026-4341", + "https://www.cve.org/CVERecord?id=CVE-2025-61726" + ], + "PublishedDate": "2026-01-28T20:16:09.713Z", + "LastModifiedDate": "2026-02-06T18:47:34.52Z" + }, + { + "VulnerabilityID": "CVE-2025-61729", + "VendorIDs": [ + "GO-2025-4155" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:0835e8380182589b4d76fb64dcd2ec50ef1c11f74832639133d7d66809a7047a", + "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", + "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 1, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3928", + "https://access.redhat.com/security/cve/CVE-2025-61729", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3928.html", + "https://errata.rockylinux.org/RLSA-2026:3928", + "https://go.dev/cl/725920", + "https://go.dev/issue/76445", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://linux.oracle.com/cve/CVE-2025-61729.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", + "https://pkg.go.dev/vuln/GO-2025-4155", + "https://www.cve.org/CVERecord?id=CVE-2025-61729" + ], + "PublishedDate": "2025-12-02T19:15:51.447Z", + "LastModifiedDate": "2025-12-19T18:25:28.283Z" + }, + { + "VulnerabilityID": "CVE-2026-25679", + "VendorIDs": [ + "GO-2026-4601" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c1beca055dc0443b3f57fccf6f1d7e11f8d8c64a9caf6f6d851a1ef0d3302598", + "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", + "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-425" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9044", + "https://access.redhat.com/security/cve/CVE-2026-25679", + "https://bugzilla.redhat.com/2445356", + "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", + "https://errata.almalinux.org/9/ALSA-2026-9044.html", + "https://errata.rockylinux.org/RLSA-2026:8841", + "https://go.dev/cl/752180", + "https://go.dev/issue/77578", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://linux.oracle.com/cve/CVE-2026-25679.html", + "https://linux.oracle.com/errata/ELSA-2026-9044.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", + "https://pkg.go.dev/vuln/GO-2026-4601", + "https://www.cve.org/CVERecord?id=CVE-2026-25679" + ], + "PublishedDate": "2026-03-06T22:16:00.72Z", + "LastModifiedDate": "2026-04-21T14:43:03.8Z" + }, + { + "VulnerabilityID": "CVE-2026-32280", + "VendorIDs": [ + "GO-2026-4947" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c5a42aac2307d747e0757f72e5358b94c1419c01e4f6db1a55a71eb1b866f6cf", + "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", + "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32280", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/758320", + "https://go.dev/issue/78282", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32280.html", + "https://linux.oracle.com/errata/ELSA-2026-16875.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", + "https://pkg.go.dev/vuln/GO-2026-4947", + "https://www.cve.org/CVERecord?id=CVE-2026-32280" + ], + "PublishedDate": "2026-04-08T02:16:03.247Z", + "LastModifiedDate": "2026-04-16T19:16:42.18Z" + }, + { + "VulnerabilityID": "CVE-2026-32281", + "VendorIDs": [ + "GO-2026-4946" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b2764271f98fa5b6e76e8fd54f49e75f53cc9da104cbc1ccf160868af453a89b", + "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", + "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32281", + "https://go.dev/cl/758061", + "https://go.dev/issue/78281", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", + "https://pkg.go.dev/vuln/GO-2026-4946", + "https://www.cve.org/CVERecord?id=CVE-2026-32281" + ], + "PublishedDate": "2026-04-08T02:16:03.35Z", + "LastModifiedDate": "2026-04-16T19:15:57.75Z" + }, + { + "VulnerabilityID": "CVE-2026-32283", + "VendorIDs": [ + "GO-2026-4870" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4d16e011220767200bb70a086e3103ac37ad1cebeef50367c8b3c2e9ce8a4fd3", + "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", + "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32283", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763767", + "https://go.dev/issue/78334", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32283.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", + "https://pkg.go.dev/vuln/GO-2026-4870", + "https://www.cve.org/CVERecord?id=CVE-2026-32283" + ], + "PublishedDate": "2026-04-08T02:16:03.58Z", + "LastModifiedDate": "2026-04-16T19:12:10.54Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9af64d47d128ac99a44d82049020b87b606917bf1ae0ebbc9bd71b1ebc49be6c", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b70c1e4d7ba1fae0121e80d0964844157afa0ca9bc907f047cb293688099149b", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5698b7c38ccaffedb34115d4f9679fe76a9695c5a57a2f71c72944d3d6a725d9", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1a77c63fcedc29e005d0d9e85aa8b7b106f79eb642348f4d0f85274dc666779c", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3dcadf87ec42abea576c5e36b5c6933f5e31d1bdc6b69b1618c6802c39cfaf28", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2024-24789", + "VendorIDs": [ + "GO-2024-2888" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.21.11, 1.22.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24789", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ce9730ecd0a468a0cc634f7ceebc5d36212a5dce9a9eb80a66820e958aafadac", + "Title": "golang: archive/zip: Incorrect handling of certain ZIP files", + "Description": "The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/06/04/1", + "https://access.redhat.com/errata/RHSA-2024:9115", + "https://access.redhat.com/security/cve/CVE-2024-24789", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2292668", + "https://bugzilla.redhat.com/2292787", + "https://bugzilla.redhat.com/2294000", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144983", + "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", + "https://bugzilla.redhat.com/show_bug.cgi?id=2292668", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4122", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3727", + "https://errata.almalinux.org/9/ALSA-2024-9115.html", + "https://errata.rockylinux.org/RLSA-2024:9102", + "https://github.com/golang/go/commit/c8e40338cf00f3c1d86c8fb23863ad67a4c72bcc (1.21)", + "https://github.com/golang/go/commit/cf501ac0c5fe351a8582d20b43562027927906e7 (1.22)", + "https://github.com/golang/go/issues/66869", + "https://go.dev/cl/585397", + "https://go.dev/issue/66869", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", + "https://linux.oracle.com/cve/CVE-2024-24789.html", + "https://linux.oracle.com/errata/ELSA-2024-9115.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24789", + "https://pkg.go.dev/vuln/GO-2024-2888", + "https://security.netapp.com/advisory/ntap-20250131-0008/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24789" + ], + "PublishedDate": "2024-06-05T16:15:10.47Z", + "LastModifiedDate": "2025-01-31T15:15:12.74Z" + }, + { + "VulnerabilityID": "CVE-2024-24791", + "VendorIDs": [ + "GO-2024-2963" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.21.12, 1.22.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24791", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:990f3c281586ec2e546cbece76954920322bd73a7bad08bd470e038f32ef776a", + "Title": "net/http: Denial of service due to improper 100-continue handling in net/http", + "Description": "The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an \"Expect: 100-continue\" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending \"Expect: 100-continue\" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7256", + "https://access.redhat.com/security/cve/CVE-2024-24791", + "https://bugzilla.redhat.com/2237777", + "https://bugzilla.redhat.com/2237778", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2292787", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/2315719", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", + "https://errata.almalinux.org/9/ALSA-2025-7256.html", + "https://errata.rockylinux.org/RLSA-2025:7256", + "https://go.dev/cl/591255", + "https://go.dev/issue/67555", + "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ", + "https://linux.oracle.com/cve/CVE-2024-24791.html", + "https://linux.oracle.com/errata/ELSA-2025-7256.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24791", + "https://pkg.go.dev/vuln/GO-2024-2963", + "https://security.netapp.com/advisory/ntap-20241004-0004/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24791" + ], + "PublishedDate": "2024-07-02T22:15:04.833Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-34155", + "VendorIDs": [ + "GO-2024-3105" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.22.7, 1.23.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34155", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5be261d6ce064b3e85c9c83b0ac72d038db8c8a77cc7df212603e302545b6076", + "Title": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion", + "Description": "Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:9459", + "https://access.redhat.com/security/cve/CVE-2024-34155", + "https://bugzilla.redhat.com/2310527", + "https://bugzilla.redhat.com/2310528", + "https://bugzilla.redhat.com/2310529", + "https://bugzilla.redhat.com/2315691", + "https://bugzilla.redhat.com/2315887", + "https://bugzilla.redhat.com/2317458", + "https://bugzilla.redhat.com/2317467", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", + "https://errata.almalinux.org/9/ALSA-2024-9459.html", + "https://errata.rockylinux.org/RLSA-2024:8039", + "https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1)", + "https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7)", + "https://go.dev/cl/611238", + "https://go.dev/issue/69138", + "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", + "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", + "https://linux.oracle.com/cve/CVE-2024-34155.html", + "https://linux.oracle.com/errata/ELSA-2024-9459.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-34155", + "https://pkg.go.dev/vuln/GO-2024-3105", + "https://security.netapp.com/advisory/ntap-20240926-0005/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-34155" + ], + "PublishedDate": "2024-09-06T21:15:11.947Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-34158", + "VendorIDs": [ + "GO-2024-3107" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.22.7, 1.23.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34158", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:efef31a2510650fc1aa7d559d1232b8ed3daee04f4a37d2a9e94a553ede99589", + "Title": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion", + "Description": "Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7118", + "https://access.redhat.com/security/cve/CVE-2024-34158", + "https://bugzilla.redhat.com/2262921", + "https://bugzilla.redhat.com/2310529", + "https://bugzilla.redhat.com/2315719", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", + "https://errata.almalinux.org/9/ALSA-2025-7118.html", + "https://errata.rockylinux.org/RLSA-2024:8039", + "https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1)", + "https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7)", + "https://go.dev/cl/611240", + "https://go.dev/issue/69141", + "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", + "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", + "https://linux.oracle.com/cve/CVE-2024-34158.html", + "https://linux.oracle.com/errata/ELSA-2025-7118.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-34158", + "https://pkg.go.dev/vuln/GO-2024-3107", + "https://security.netapp.com/advisory/ntap-20241004-0003/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-34158" + ], + "PublishedDate": "2024-09-06T21:15:12.083Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-45336", + "VendorIDs": [ + "GO-2025-3420" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bf1c48834e7cd14c6e753df41ecad30e094c6dca2d1d1d143d4dca33b9885203", + "Title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", + "Description": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:3772", + "https://access.redhat.com/security/cve/CVE-2024-45336", + "https://bugzilla.redhat.com/2341750", + "https://bugzilla.redhat.com/2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.almalinux.org/8/ALSA-2025-3772.html", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/issues/70530", + "https://go.dev/cl/643100", + "https://go.dev/issue/70530", + "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI", + "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", + "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", + "https://linux.oracle.com/cve/CVE-2024-45336.html", + "https://linux.oracle.com/errata/ELSA-2025-7592.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-45336", + "https://pkg.go.dev/vuln/GO-2025-3420", + "https://security.netapp.com/advisory/ntap-20250221-0003/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2024-45336" + ], + "PublishedDate": "2025-01-28T02:15:28.807Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-0913", + "VendorIDs": [ + "GO-2025-3750" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:acd863159b8b0ccca59b0a98872b23327e0dade14bf7cc6e5ee3ebf147e882a6", + "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", + "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://go.dev/cl/672396", + "https://go.dev/issue/73702", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", + "https://pkg.go.dev/vuln/GO-2025-3750" + ], + "PublishedDate": "2025-06-11T18:15:24.627Z", + "LastModifiedDate": "2025-08-08T14:53:03.55Z" + }, + { + "VulnerabilityID": "CVE-2025-22866", + "VendorIDs": [ + "GO-2025-3447" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8a77482a942944bd164d1e28b5c9acf7494271e91e76ea8b6512d4ad8e532faa", + "Title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", + "Description": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22866", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12)", + "https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6)", + "https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)", + "https://github.com/golang/go/issues/71383", + "https://go.dev/cl/643735", + "https://go.dev/issue/71383", + "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", + "https://linux.oracle.com/cve/CVE-2025-22866.html", + "https://linux.oracle.com/errata/ELSA-2025-7466.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22866", + "https://pkg.go.dev/vuln/GO-2025-3447", + "https://security.netapp.com/advisory/ntap-20250221-0002/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22866" + ], + "PublishedDate": "2025-02-06T17:15:21.41Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22870", + "VendorIDs": [ + "GHSA-qxp5-gwg8-xv66", + "GO-2025-3503" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.23.7, 1.24.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:51a11a4fad7b33c79f53d996ef6802f8bdf840a1d24682a361e953c0a6f201a3", + "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", + "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-115" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/03/07/2", + "https://access.redhat.com/security/cve/CVE-2025-22870", + "https://github.com/golang/go/issues/71984", + "https://go-review.googlesource.com/q/project:net", + "https://go.dev/cl/654697", + "https://go.dev/issue/71984", + "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", + "https://pkg.go.dev/vuln/GO-2025-3503", + "https://security.netapp.com/advisory/ntap-20250509-0007", + "https://security.netapp.com/advisory/ntap-20250509-0007/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22870" + ], + "PublishedDate": "2025-03-12T19:15:38.31Z", + "LastModifiedDate": "2026-04-16T23:16:32.86Z" + }, + { + "VulnerabilityID": "CVE-2025-22871", + "VendorIDs": [ + "GO-2025-3563" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.23.8, 1.24.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bb047db1816be9653f23c623d85eeb9ca6f92213e3811e0e7188d61636bfe1cb", + "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", + "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 3, + "ghsa": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/04/4", + "https://access.redhat.com/errata/RHSA-2025:9635", + "https://access.redhat.com/security/cve/CVE-2025-22871", + "https://bugzilla.redhat.com/2358493", + "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", + "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", + "https://errata.almalinux.org/9/ALSA-2025-9635.html", + "https://errata.rockylinux.org/RLSA-2025:9635", + "https://github.com/roadrunner-server/roadrunner", + "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", + "https://github.com/roadrunner-server/roadrunner/issues/2166", + "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", + "https://go.dev/cl/652998", + "https://go.dev/issue/71988", + "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", + "https://linux.oracle.com/cve/CVE-2025-22871.html", + "https://linux.oracle.com/errata/ELSA-2025-9845.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", + "https://pkg.go.dev/vuln/GO-2025-3563", + "https://www.cve.org/CVERecord?id=CVE-2025-22871" + ], + "PublishedDate": "2025-04-08T20:15:20.183Z", + "LastModifiedDate": "2026-05-12T13:16:39.897Z" + }, + { + "VulnerabilityID": "CVE-2025-22873", + "VendorIDs": [ + "GO-2026-4403" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.23.9, 1.24.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:14ceafd0b9a4b9d7a3f7f41caf946ae0774b077f62503cb1863913d2fd201140", + "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", + "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-23" + ], + "VendorSeverity": { + "amazon": 2, + "bitnami": 1, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "V3Score": 3.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/06/2", + "https://access.redhat.com/security/cve/CVE-2025-22873", + "https://go.dev/cl/670036", + "https://go.dev/issue/73555", + "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", + "https://pkg.go.dev/vuln/GO-2026-4403", + "https://www.cve.org/CVERecord?id=CVE-2025-22873" + ], + "PublishedDate": "2026-02-04T23:15:54.22Z", + "LastModifiedDate": "2026-02-10T15:16:40.057Z" + }, + { + "VulnerabilityID": "CVE-2025-4673", + "VendorIDs": [ + "GO-2025-3751" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b50f6f2b9418e14b6634bfcd6175b6a6cc8985868dbf548bd751057567bb6922", + "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", + "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:15887", + "https://access.redhat.com/security/cve/CVE-2025-4673", + "https://bugzilla.redhat.com/2373305", + "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", + "https://errata.almalinux.org/9/ALSA-2025-15887.html", + "https://errata.rockylinux.org/RLSA-2025:15887", + "https://go.dev/cl/679257", + "https://go.dev/issue/73816", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://linux.oracle.com/cve/CVE-2025-4673.html", + "https://linux.oracle.com/errata/ELSA-2025-10677.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", + "https://pkg.go.dev/vuln/GO-2025-3751", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-4673" + ], + "PublishedDate": "2025-06-11T17:15:42.993Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-47906", + "VendorIDs": [ + "GO-2025-3956" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:28ca26b0d6c47970b09c076f9f85b3ceeed2746d922adc2059e73905bfd431f7", + "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", + "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:22005", + "https://access.redhat.com/security/cve/CVE-2025-47906", + "https://bugzilla.redhat.com/2396546", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", + "https://errata.almalinux.org/9/ALSA-2025-22005.html", + "https://errata.rockylinux.org/RLSA-2025:22005", + "https://go.dev/cl/691775", + "https://go.dev/issue/74466", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47906.html", + "https://linux.oracle.com/errata/ELSA-2025-22668.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", + "https://pkg.go.dev/vuln/GO-2025-3956", + "https://www.cve.org/CVERecord?id=CVE-2025-47906" + ], + "PublishedDate": "2025-09-18T19:15:37.66Z", + "LastModifiedDate": "2026-01-27T19:56:17.707Z" + }, + { + "VulnerabilityID": "CVE-2025-47907", + "VendorIDs": [ + "GO-2025-3849" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2c052f86042a3fdb2fc64ef2461839eca1e7a4bca629f998b1f0d0e8cd7fea96", + "Title": "database/sql: Postgres Scan Race Condition", + "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:20909", + "https://access.redhat.com/security/cve/CVE-2025-47907", + "https://bugzilla.redhat.com/2387083", + "https://bugzilla.redhat.com/2393152", + "https://errata.almalinux.org/9/ALSA-2025-20909.html", + "https://go.dev/cl/693735", + "https://go.dev/issue/74831", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47907.html", + "https://linux.oracle.com/errata/ELSA-2025-20983.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", + "https://pkg.go.dev/vuln/GO-2025-3849", + "https://www.cve.org/CVERecord?id=CVE-2025-47907" + ], + "PublishedDate": "2025-08-07T16:15:30.357Z", + "LastModifiedDate": "2026-01-29T19:11:50.67Z" + }, + { + "VulnerabilityID": "CVE-2025-47912", + "VendorIDs": [ + "GO-2025-4010" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e9d1ce79227c0fbc41f0f092e89fd6f43659965ab8b49a8532c0c0291a43e90c", + "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", + "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-47912", + "https://go.dev/cl/709857", + "https://go.dev/issue/75678", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", + "https://pkg.go.dev/vuln/GO-2025-4010", + "https://www.cve.org/CVERecord?id=CVE-2025-47912" + ], + "PublishedDate": "2025-10-29T23:16:18.187Z", + "LastModifiedDate": "2026-01-29T13:57:18.69Z" + }, + { + "VulnerabilityID": "CVE-2025-58183", + "VendorIDs": [ + "GO-2025-4014" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d11826d46434775872220da63a28642cd5bf2ab8fb4bf06ced313dad93c30856", + "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", + "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/errata/RHSA-2026:1381", + "https://access.redhat.com/security/cve/CVE-2025-58183", + "https://bugzilla.redhat.com/2407258", + "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", + "https://errata.almalinux.org/9/ALSA-2026-1381.html", + "https://errata.rockylinux.org/RLSA-2025:23326", + "https://go.dev/cl/709861", + "https://go.dev/issue/75677", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://linux.oracle.com/cve/CVE-2025-58183.html", + "https://linux.oracle.com/errata/ELSA-2026-50076.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", + "https://pkg.go.dev/vuln/GO-2025-4014", + "https://www.cve.org/CVERecord?id=CVE-2025-58183" + ], + "PublishedDate": "2025-10-29T23:16:19.357Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-58185", + "VendorIDs": [ + "GO-2025-4011" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:cec60347f8b9906a4892e6008c445a0cdc37ff8966aa0928cea252481bf1de51", + "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", + "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58185", + "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", + "https://go.dev/cl/709856", + "https://go.dev/issue/75671", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", + "https://pkg.go.dev/vuln/GO-2025-4011", + "https://www.cve.org/CVERecord?id=CVE-2025-58185" + ], + "PublishedDate": "2025-10-29T23:16:19.45Z", + "LastModifiedDate": "2026-02-06T20:26:41.997Z" + }, + { + "VulnerabilityID": "CVE-2025-58187", + "VendorIDs": [ + "GO-2025-4007" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.9, 1.25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:38a71c3b092ea50bcbe6788f57211bd50d6662f95b5e3e9a98bc3a00a3e0c20c", + "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", + "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58187", + "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", + "https://go.dev/cl/709854", + "https://go.dev/issue/75681", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", + "https://pkg.go.dev/vuln/GO-2025-4007", + "https://www.cve.org/CVERecord?id=CVE-2025-58187" + ], + "PublishedDate": "2025-10-29T23:16:19.643Z", + "LastModifiedDate": "2026-01-29T16:02:27.08Z" + }, + { + "VulnerabilityID": "CVE-2025-58188", + "VendorIDs": [ + "GO-2025-4013" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3495fbeb4f33acb188fa6203b2b17bf77ffee88e665069892a750c7b53124305", + "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", + "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58188", + "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", + "https://go.dev/cl/709853", + "https://go.dev/issue/75675", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", + "https://pkg.go.dev/vuln/GO-2025-4013", + "https://www.cve.org/CVERecord?id=CVE-2025-58188" + ], + "PublishedDate": "2025-10-29T23:16:19.74Z", + "LastModifiedDate": "2026-01-29T15:55:11.97Z" + }, + { + "VulnerabilityID": "CVE-2025-58189", + "VendorIDs": [ + "GO-2025-4008" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:032d7bb70ce8ce4f8cf25dd62d785ae1cdaf6e61986bb7f1afbf88cdc6a08288", + "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", + "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-532" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58189", + "https://go.dev/cl/707776", + "https://go.dev/issue/75652", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", + "https://pkg.go.dev/vuln/GO-2025-4008", + "https://www.cve.org/CVERecord?id=CVE-2025-58189" + ], + "PublishedDate": "2025-10-29T23:16:19.833Z", + "LastModifiedDate": "2026-01-29T15:49:24.543Z" + }, + { + "VulnerabilityID": "CVE-2025-61723", + "VendorIDs": [ + "GO-2025-4009" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:64a9a6b882af4a58b2493055d7c508a46c8ef90f8fd2047a31642812ce893f95", + "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", + "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61723", + "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", + "https://go.dev/cl/709858", + "https://go.dev/issue/75676", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", + "https://pkg.go.dev/vuln/GO-2025-4009", + "https://www.cve.org/CVERecord?id=CVE-2025-61723" + ], + "PublishedDate": "2025-10-29T23:16:19.927Z", + "LastModifiedDate": "2026-01-29T15:49:05.343Z" + }, + { + "VulnerabilityID": "CVE-2025-61724", + "VendorIDs": [ + "GO-2025-4015" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5174e24130eafbf163e4651bc782f49f90721f699dea06d4c273fea4b88229a9", + "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", + "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61724", + "https://go.dev/cl/709859", + "https://go.dev/issue/75716", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", + "https://pkg.go.dev/vuln/GO-2025-4015", + "https://www.cve.org/CVERecord?id=CVE-2025-61724" + ], + "PublishedDate": "2025-10-29T23:16:20.02Z", + "LastModifiedDate": "2026-01-29T15:30:53.69Z" + }, + { + "VulnerabilityID": "CVE-2025-61725", + "VendorIDs": [ + "GO-2025-4006" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9036085003255d87d1ff846c019203db76778da8b3228168e04b4ca4b69ecd1c", + "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", + "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61725", + "https://go.dev/cl/709860", + "https://go.dev/issue/75680", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", + "https://pkg.go.dev/vuln/GO-2025-4006", + "https://www.cve.org/CVERecord?id=CVE-2025-61725" + ], + "PublishedDate": "2025-10-29T23:16:20.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61727", + "VendorIDs": [ + "GO-2025-4175" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c11f30623742fd9775b0aa4d8e4ff3953b04db3f0d29896d54fe0b584a0d7a93", + "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", + "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61727", + "https://go.dev/cl/723900", + "https://go.dev/issue/76442", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", + "https://pkg.go.dev/vuln/GO-2025-4175", + "https://www.cve.org/CVERecord?id=CVE-2025-61727" + ], + "PublishedDate": "2025-12-03T20:16:25.607Z", + "LastModifiedDate": "2025-12-18T20:15:10.957Z" + }, + { + "VulnerabilityID": "CVE-2025-61728", + "VendorIDs": [ + "GO-2026-4342" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:15b35221a46d63d85df5c8643fa0ac7b08f9933eb0a927b7aa3a3ac0dea8ffba", + "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", + "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/15/4", + "https://access.redhat.com/errata/RHSA-2026:3753", + "https://access.redhat.com/security/cve/CVE-2025-61728", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434431", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3753.html", + "https://errata.rockylinux.org/RLSA-2026:3337", + "https://go.dev/cl/736713", + "https://go.dev/issue/77102", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61728.html", + "https://linux.oracle.com/errata/ELSA-2026-4672.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", + "https://pkg.go.dev/vuln/GO-2026-4342", + "https://www.cve.org/CVERecord?id=CVE-2025-61728" + ], + "PublishedDate": "2026-01-28T20:16:09.83Z", + "LastModifiedDate": "2026-02-06T18:45:10.42Z" + }, + { + "VulnerabilityID": "CVE-2025-61730", + "VendorIDs": [ + "GO-2026-4340" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a796cc7b26013c744e810f96bfdde7025988c90199b6c5edc3fa96f370ae467a", + "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", + "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "bitnami": 2, + "cbl-mariner": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61730", + "https://go.dev/cl/724120", + "https://go.dev/issue/76443", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", + "https://pkg.go.dev/vuln/GO-2026-4340", + "https://www.cve.org/CVERecord?id=CVE-2025-61730" + ], + "PublishedDate": "2026-01-28T20:16:09.94Z", + "LastModifiedDate": "2026-02-03T20:36:41.3Z" + }, + { + "VulnerabilityID": "CVE-2026-27142", + "VendorIDs": [ + "GO-2026-4603" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:23c996f61e07b6a68e80a3a8f5351d81301678dfbdd7243dd4e6c5377d994932", + "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", + "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27142", + "https://go.dev/cl/752081", + "https://go.dev/issue/77954", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", + "https://pkg.go.dev/vuln/GO-2026-4603", + "https://www.cve.org/CVERecord?id=CVE-2026-27142" + ], + "PublishedDate": "2026-03-06T22:16:01.177Z", + "LastModifiedDate": "2026-04-21T14:30:01.38Z" + }, + { + "VulnerabilityID": "CVE-2026-32282", + "VendorIDs": [ + "GO-2026-4864" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4b9b087ed66137a271352b22ca93c2aa1062b5d084f7cdca55b3dd4eaf7d89ac", + "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", + "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32282", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763761", + "https://go.dev/issue/78293", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32282.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", + "https://pkg.go.dev/vuln/GO-2026-4864", + "https://www.cve.org/CVERecord?id=CVE-2026-32282" + ], + "PublishedDate": "2026-04-08T02:16:03.467Z", + "LastModifiedDate": "2026-04-16T19:15:39.4Z" + }, + { + "VulnerabilityID": "CVE-2026-32288", + "VendorIDs": [ + "GO-2026-4869" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1d077bd69dcc110a9e1764309a92e9c3bdd04c73f5bd89bd6496592e532a1d6b", + "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", + "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32288", + "https://go.dev/cl/763766", + "https://go.dev/issue/78301", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", + "https://pkg.go.dev/vuln/GO-2026-4869", + "https://www.cve.org/CVERecord?id=CVE-2026-32288" + ], + "PublishedDate": "2026-04-08T02:16:03.707Z", + "LastModifiedDate": "2026-04-16T19:08:52.24Z" + }, + { + "VulnerabilityID": "CVE-2026-32289", + "VendorIDs": [ + "GO-2026-4865" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a67370f1a50cf41311461571a8405b8302f2f961c80cbfd5343b4638bf54e112", + "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", + "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32289", + "https://go.dev/cl/763762", + "https://go.dev/issue/78331", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", + "https://pkg.go.dev/vuln/GO-2026-4865", + "https://www.cve.org/CVERecord?id=CVE-2026-32289" + ], + "PublishedDate": "2026-04-08T02:16:03.82Z", + "LastModifiedDate": "2026-04-16T19:06:57.367Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c129460825c7c7cc45ebccfca178367a2427a9d72bcdf04f797dfa613a487d34", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:15f2a17965fd0611eeadf639d20901b8b742c9f4d7cc7bf3d5f189bec64e2f1b", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "a54ac219820d7cae" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", + "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ac2e4d90724fe7625ff1e574abaf5b04be94b5d2d8a3425e03d5d9328d3cc952", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + } + ] + }, + { + "Namespace": "cert-manager", + "Kind": "Deployment", + "Name": "cert-manager-webhook", + "Metadata": [ + { + "Size": 55117824, + "OS": { + "Family": "debian", + "Name": "12.5" + }, + "ImageID": "sha256:f37c09a3d900e0303e84a261ef3f8dc10d5380f14d589bca5ca52a8ea6ac1ce2", + "DiffIDs": [ + "sha256:3d6fa0469044370439d20eaf7e0d25450e01335a93c13ba46e368d7785914c0c", + "sha256:49626df344c912cfe9f8d8fcd635d301bd41127cd326914212cf2443a96cf421", + "sha256:945d17be9a3e27af5ca1c671792bf1a8f2c3f4d13d3994665d95f084ed4f8a60", + "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368", + "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc", + "sha256:ac805962e47900b616b2f4b4584a34ac7b07d64ac1fd2c077478cf65311addcc", + "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b", + "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1", + "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849", + "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3", + "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217", + "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d", + "sha256:51c1e33e14008c93d157bf0f308494a7d0a421ce0693a232f92ef6e43eb29f90", + "sha256:a7c10d30cf1ad3b67244a936515e38af0ece441e690e766e3eeca4227fc55f69" + ], + "RepoTags": [ + "quay.io/jetstack/cert-manager-webhook:v1.14.5" + ], + "RepoDigests": [ + "quay.io/jetstack/cert-manager-webhook@sha256:ef419261a209c5409fb1539dbd45c805d05936e955b4530b8ec4ac780577f151" + ], + "Reference": "quay.io/jetstack/cert-manager-webhook:v1.14.5", + "ImageConfig": { + "architecture": "amd64", + "created": "2024-04-25T10:51:16.605914556Z", + "history": [ + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "2024-04-25T10:51:15.704426359Z", + "created_by": "LABEL org.opencontainers.image.source=https://github.com/cert-manager/cert-manager", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-04-25T10:51:15.704426359Z", + "created_by": "USER 1000", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-04-25T10:51:15.704426359Z", + "created_by": "COPY webhook /app/cmd/webhook/webhook # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-04-25T10:51:16.186456226Z", + "created_by": "COPY cert-manager.license /licenses/LICENSE # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-04-25T10:51:16.605914556Z", + "created_by": "COPY cert-manager.licenses_notice /licenses/LICENSES # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-04-25T10:51:16.605914556Z", + "created_by": "ENTRYPOINT [\"/app/cmd/webhook/webhook\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:3d6fa0469044370439d20eaf7e0d25450e01335a93c13ba46e368d7785914c0c", + "sha256:49626df344c912cfe9f8d8fcd635d301bd41127cd326914212cf2443a96cf421", + "sha256:945d17be9a3e27af5ca1c671792bf1a8f2c3f4d13d3994665d95f084ed4f8a60", + "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368", + "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc", + "sha256:ac805962e47900b616b2f4b4584a34ac7b07d64ac1fd2c077478cf65311addcc", + "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b", + "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1", + "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849", + "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3", + "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217", + "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d", + "sha256:51c1e33e14008c93d157bf0f308494a7d0a421ce0693a232f92ef6e43eb29f90", + "sha256:a7c10d30cf1ad3b67244a936515e38af0ece441e690e766e3eeca4227fc55f69" + ] + }, + "config": { + "Entrypoint": [ + "/app/cmd/webhook/webhook" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt" + ], + "Labels": { + "org.opencontainers.image.source": "https://github.com/cert-manager/cert-manager" + }, + "User": "1000", + "WorkingDir": "/" + } + }, + "Layers": [ + { + "Size": 327680, + "Digest": "sha256:286c61c9a31ace5fa0b8832c8e8e30d66bf32138f2f787463235aa0071f714ea", + "DiffID": "sha256:3d6fa0469044370439d20eaf7e0d25450e01335a93c13ba46e368d7785914c0c" + }, + { + "Size": 40960, + "Digest": "sha256:2bdf44d7aa71bf3a0da2de0563ad0e3882948d699b4991edf8c0ab44e7f26ae3", + "DiffID": "sha256:49626df344c912cfe9f8d8fcd635d301bd41127cd326914212cf2443a96cf421" + }, + { + "Size": 2396160, + "Digest": "sha256:452e9eed7ecfd0c2b44ac6fda20cee66ab98aec38ba30aa868e02445be7c8bb0", + "DiffID": "sha256:945d17be9a3e27af5ca1c671792bf1a8f2c3f4d13d3994665d95f084ed4f8a60" + }, + { + "Size": 1536, + "Digest": "sha256:0f8b424aa0b96c1c388a5fd4d90735604459256336853082afb61733438872b5", + "DiffID": "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368" + }, + { + "Size": 2560, + "Digest": "sha256:d557676654e572af3e3173c90e7874644207fda32cd87e9d3d66b5d7b98a7b21", + "DiffID": "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc" + }, + { + "Size": 2560, + "Digest": "sha256:c8022d07192eddbb2a548ba83be5e412f7ba863bbba158d133c9653bb8a47768", + "DiffID": "sha256:ac805962e47900b616b2f4b4584a34ac7b07d64ac1fd2c077478cf65311addcc" + }, + { + "Size": 2560, + "Digest": "sha256:d858cbc252ade14879807ff8dbc3043a26bbdb92087da98cda831ee040b172b3", + "DiffID": "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b" + }, + { + "Size": 1536, + "Digest": "sha256:1069fc2daed1aceff7232f4b8ab21200dd3d8b04f61be9da86977a34a105dfdc", + "DiffID": "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1" + }, + { + "Size": 10240, + "Digest": "sha256:b40161cd83fc5d470d6abe50e87aa288481b6b89137012881d74187cfbf9f502", + "DiffID": "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849" + }, + { + "Size": 3072, + "Digest": "sha256:3f4e2c5863480125882d92060440a5250766bce764fee10acdbac18c872e4dc7", + "DiffID": "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3" + }, + { + "Size": 238592, + "Digest": "sha256:80a8c047508ae5cd6a591060fc43422cb8e3aea1bd908d913e8f0146e2297fea", + "DiffID": "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217" + }, + { + "Size": 52084224, + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + { + "Size": 3584, + "Digest": "sha256:33838fd697f026879464ebe9f5ae6e0bec5289f689e97cf734da7837d33487f4", + "DiffID": "sha256:51c1e33e14008c93d157bf0f308494a7d0a421ce0693a232f92ef6e43eb29f90" + }, + { + "Size": 2560, + "Digest": "sha256:dc114723bba03499030a454579abd5a5e68f2a10374a8917f82411b8dfd9ffc1", + "DiffID": "sha256:a7c10d30cf1ad3b67244a936515e38af0ece441e690e766e3eeca4227fc55f69" + } + ] + } + ], + "Results": [ + { + "Target": "quay.io/jetstack/cert-manager-webhook:v1.14.5 (debian 12.5)", + "Class": "os-pkgs", + "Type": "debian", + "Packages": [ + { + "ID": "base-files@12.4+deb12u5", + "Name": "base-files", + "Identifier": { + "PURL": "pkg:deb/debian/base-files@12.4%2Bdeb12u5?arch=amd64\u0026distro=debian-12.5", + "UID": "a027b06af87a4cc3" + }, + "Version": "12.4+deb12u5", + "Arch": "amd64", + "SrcName": "base-files", + "SrcVersion": "12.4+deb12u5", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:286c61c9a31ace5fa0b8832c8e8e30d66bf32138f2f787463235aa0071f714ea", + "DiffID": "sha256:3d6fa0469044370439d20eaf7e0d25450e01335a93c13ba46e368d7785914c0c" + }, + "InstalledFiles": [ + "/usr/lib/os-release", + "/usr/share/base-files/dot.bashrc", + "/usr/share/base-files/dot.profile", + "/usr/share/base-files/dot.profile.md5sums", + "/usr/share/base-files/info.dir", + "/usr/share/base-files/motd", + "/usr/share/base-files/profile", + "/usr/share/base-files/profile.md5sums", + "/usr/share/base-files/staff-group-for-usr-local", + "/usr/share/common-licenses/Apache-2.0", + "/usr/share/common-licenses/Artistic", + "/usr/share/common-licenses/BSD", + "/usr/share/common-licenses/CC0-1.0", + "/usr/share/common-licenses/GFDL-1.2", + "/usr/share/common-licenses/GFDL-1.3", + "/usr/share/common-licenses/GPL-1", + "/usr/share/common-licenses/GPL-2", + "/usr/share/common-licenses/GPL-3", + "/usr/share/common-licenses/LGPL-2", + "/usr/share/common-licenses/LGPL-2.1", + "/usr/share/common-licenses/LGPL-3", + "/usr/share/common-licenses/MPL-1.1", + "/usr/share/common-licenses/MPL-2.0", + "/usr/share/doc/base-files/README", + "/usr/share/doc/base-files/README.FHS", + "/usr/share/doc/base-files/changelog.gz", + "/usr/share/doc/base-files/copyright", + "/usr/share/lintian/overrides/base-files" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "netbase@6.4", + "Name": "netbase", + "Identifier": { + "PURL": "pkg:deb/debian/netbase@6.4?arch=all\u0026distro=debian-12.5", + "UID": "64adcbea2e4e887c" + }, + "Version": "6.4", + "Arch": "all", + "SrcName": "netbase", + "SrcVersion": "6.4", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:2bdf44d7aa71bf3a0da2de0563ad0e3882948d699b4991edf8c0ab44e7f26ae3", + "DiffID": "sha256:49626df344c912cfe9f8d8fcd635d301bd41127cd326914212cf2443a96cf421" + }, + "InstalledFiles": [ + "/usr/share/doc/netbase/changelog.gz", + "/usr/share/doc/netbase/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "tzdata@2024a-0+deb12u1", + "Name": "tzdata", + "Identifier": { + "PURL": "pkg:deb/debian/tzdata@2024a-0%2Bdeb12u1?arch=all\u0026distro=debian-12.5", + "UID": "c32ff64571217b4a" + }, + "Version": "2024a", + "Release": "0+deb12u1", + "Arch": "all", + "SrcName": "tzdata", + "SrcVersion": "2024a", + "SrcRelease": "0+deb12u1", + "Licenses": [ + "public-domain" + ], + "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:452e9eed7ecfd0c2b44ac6fda20cee66ab98aec38ba30aa868e02445be7c8bb0", + "DiffID": "sha256:945d17be9a3e27af5ca1c671792bf1a8f2c3f4d13d3994665d95f084ed4f8a60" + }, + "InstalledFiles": [ + "/usr/share/doc/tzdata/README.Debian", + "/usr/share/doc/tzdata/changelog.Debian.gz", + "/usr/share/doc/tzdata/changelog.gz", + "/usr/share/doc/tzdata/copyright", + "/usr/share/lintian/overrides/tzdata", + "/usr/share/zoneinfo/Africa/Abidjan", + "/usr/share/zoneinfo/Africa/Accra", + "/usr/share/zoneinfo/Africa/Addis_Ababa", + "/usr/share/zoneinfo/Africa/Algiers", + "/usr/share/zoneinfo/Africa/Asmara", + "/usr/share/zoneinfo/Africa/Bamako", + "/usr/share/zoneinfo/Africa/Bangui", + "/usr/share/zoneinfo/Africa/Banjul", + "/usr/share/zoneinfo/Africa/Bissau", + "/usr/share/zoneinfo/Africa/Blantyre", + "/usr/share/zoneinfo/Africa/Brazzaville", + "/usr/share/zoneinfo/Africa/Bujumbura", + "/usr/share/zoneinfo/Africa/Cairo", + "/usr/share/zoneinfo/Africa/Casablanca", + "/usr/share/zoneinfo/Africa/Ceuta", + "/usr/share/zoneinfo/Africa/Conakry", + "/usr/share/zoneinfo/Africa/Dakar", + "/usr/share/zoneinfo/Africa/Dar_es_Salaam", + "/usr/share/zoneinfo/Africa/Djibouti", + "/usr/share/zoneinfo/Africa/Douala", + "/usr/share/zoneinfo/Africa/El_Aaiun", + "/usr/share/zoneinfo/Africa/Freetown", + "/usr/share/zoneinfo/Africa/Gaborone", + "/usr/share/zoneinfo/Africa/Harare", + "/usr/share/zoneinfo/Africa/Johannesburg", + "/usr/share/zoneinfo/Africa/Juba", + "/usr/share/zoneinfo/Africa/Kampala", + "/usr/share/zoneinfo/Africa/Khartoum", + "/usr/share/zoneinfo/Africa/Kigali", + "/usr/share/zoneinfo/Africa/Kinshasa", + "/usr/share/zoneinfo/Africa/Lagos", + "/usr/share/zoneinfo/Africa/Libreville", + "/usr/share/zoneinfo/Africa/Lome", + "/usr/share/zoneinfo/Africa/Luanda", + "/usr/share/zoneinfo/Africa/Lubumbashi", + "/usr/share/zoneinfo/Africa/Lusaka", + "/usr/share/zoneinfo/Africa/Malabo", + "/usr/share/zoneinfo/Africa/Maputo", + "/usr/share/zoneinfo/Africa/Maseru", + "/usr/share/zoneinfo/Africa/Mbabane", + "/usr/share/zoneinfo/Africa/Mogadishu", + "/usr/share/zoneinfo/Africa/Monrovia", + "/usr/share/zoneinfo/Africa/Nairobi", + "/usr/share/zoneinfo/Africa/Ndjamena", + "/usr/share/zoneinfo/Africa/Niamey", + "/usr/share/zoneinfo/Africa/Nouakchott", + "/usr/share/zoneinfo/Africa/Ouagadougou", + "/usr/share/zoneinfo/Africa/Porto-Novo", + "/usr/share/zoneinfo/Africa/Sao_Tome", + "/usr/share/zoneinfo/Africa/Tripoli", + "/usr/share/zoneinfo/Africa/Tunis", + "/usr/share/zoneinfo/Africa/Windhoek", + "/usr/share/zoneinfo/America/Adak", + "/usr/share/zoneinfo/America/Anchorage", + "/usr/share/zoneinfo/America/Anguilla", + "/usr/share/zoneinfo/America/Antigua", + "/usr/share/zoneinfo/America/Araguaina", + "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", + "/usr/share/zoneinfo/America/Argentina/Catamarca", + "/usr/share/zoneinfo/America/Argentina/Cordoba", + "/usr/share/zoneinfo/America/Argentina/Jujuy", + "/usr/share/zoneinfo/America/Argentina/La_Rioja", + "/usr/share/zoneinfo/America/Argentina/Mendoza", + "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", + "/usr/share/zoneinfo/America/Argentina/Salta", + "/usr/share/zoneinfo/America/Argentina/San_Juan", + "/usr/share/zoneinfo/America/Argentina/San_Luis", + "/usr/share/zoneinfo/America/Argentina/Tucuman", + "/usr/share/zoneinfo/America/Argentina/Ushuaia", + "/usr/share/zoneinfo/America/Aruba", + "/usr/share/zoneinfo/America/Asuncion", + "/usr/share/zoneinfo/America/Atikokan", + "/usr/share/zoneinfo/America/Bahia", + "/usr/share/zoneinfo/America/Bahia_Banderas", + "/usr/share/zoneinfo/America/Barbados", + "/usr/share/zoneinfo/America/Belem", + "/usr/share/zoneinfo/America/Belize", + "/usr/share/zoneinfo/America/Blanc-Sablon", + "/usr/share/zoneinfo/America/Boa_Vista", + "/usr/share/zoneinfo/America/Bogota", + "/usr/share/zoneinfo/America/Boise", + "/usr/share/zoneinfo/America/Cambridge_Bay", + "/usr/share/zoneinfo/America/Campo_Grande", + "/usr/share/zoneinfo/America/Cancun", + "/usr/share/zoneinfo/America/Caracas", + "/usr/share/zoneinfo/America/Cayenne", + "/usr/share/zoneinfo/America/Cayman", + "/usr/share/zoneinfo/America/Chicago", + "/usr/share/zoneinfo/America/Chihuahua", + "/usr/share/zoneinfo/America/Ciudad_Juarez", + "/usr/share/zoneinfo/America/Costa_Rica", + "/usr/share/zoneinfo/America/Creston", + "/usr/share/zoneinfo/America/Cuiaba", + "/usr/share/zoneinfo/America/Curacao", + "/usr/share/zoneinfo/America/Danmarkshavn", + "/usr/share/zoneinfo/America/Dawson", + "/usr/share/zoneinfo/America/Dawson_Creek", + "/usr/share/zoneinfo/America/Denver", + "/usr/share/zoneinfo/America/Detroit", + "/usr/share/zoneinfo/America/Dominica", + "/usr/share/zoneinfo/America/Edmonton", + "/usr/share/zoneinfo/America/Eirunepe", + "/usr/share/zoneinfo/America/El_Salvador", + "/usr/share/zoneinfo/America/Fort_Nelson", + "/usr/share/zoneinfo/America/Fortaleza", + "/usr/share/zoneinfo/America/Glace_Bay", + "/usr/share/zoneinfo/America/Goose_Bay", + "/usr/share/zoneinfo/America/Grand_Turk", + "/usr/share/zoneinfo/America/Grenada", + "/usr/share/zoneinfo/America/Guadeloupe", + "/usr/share/zoneinfo/America/Guatemala", + "/usr/share/zoneinfo/America/Guayaquil", + "/usr/share/zoneinfo/America/Guyana", + "/usr/share/zoneinfo/America/Halifax", + "/usr/share/zoneinfo/America/Havana", + "/usr/share/zoneinfo/America/Hermosillo", + "/usr/share/zoneinfo/America/Indiana/Indianapolis", + "/usr/share/zoneinfo/America/Indiana/Knox", + "/usr/share/zoneinfo/America/Indiana/Marengo", + "/usr/share/zoneinfo/America/Indiana/Petersburg", + "/usr/share/zoneinfo/America/Indiana/Tell_City", + "/usr/share/zoneinfo/America/Indiana/Vevay", + "/usr/share/zoneinfo/America/Indiana/Vincennes", + "/usr/share/zoneinfo/America/Indiana/Winamac", + "/usr/share/zoneinfo/America/Inuvik", + "/usr/share/zoneinfo/America/Iqaluit", + "/usr/share/zoneinfo/America/Jamaica", + "/usr/share/zoneinfo/America/Juneau", + "/usr/share/zoneinfo/America/Kentucky/Louisville", + "/usr/share/zoneinfo/America/Kentucky/Monticello", + "/usr/share/zoneinfo/America/La_Paz", + "/usr/share/zoneinfo/America/Lima", + "/usr/share/zoneinfo/America/Los_Angeles", + "/usr/share/zoneinfo/America/Maceio", + "/usr/share/zoneinfo/America/Managua", + "/usr/share/zoneinfo/America/Manaus", + "/usr/share/zoneinfo/America/Martinique", + "/usr/share/zoneinfo/America/Matamoros", + "/usr/share/zoneinfo/America/Mazatlan", + "/usr/share/zoneinfo/America/Menominee", + "/usr/share/zoneinfo/America/Merida", + "/usr/share/zoneinfo/America/Metlakatla", + "/usr/share/zoneinfo/America/Mexico_City", + "/usr/share/zoneinfo/America/Miquelon", + "/usr/share/zoneinfo/America/Moncton", + "/usr/share/zoneinfo/America/Monterrey", + "/usr/share/zoneinfo/America/Montevideo", + "/usr/share/zoneinfo/America/Montserrat", + "/usr/share/zoneinfo/America/Nassau", + "/usr/share/zoneinfo/America/New_York", + "/usr/share/zoneinfo/America/Nome", + "/usr/share/zoneinfo/America/Noronha", + "/usr/share/zoneinfo/America/North_Dakota/Beulah", + "/usr/share/zoneinfo/America/North_Dakota/Center", + "/usr/share/zoneinfo/America/North_Dakota/New_Salem", + "/usr/share/zoneinfo/America/Nuuk", + "/usr/share/zoneinfo/America/Ojinaga", + "/usr/share/zoneinfo/America/Panama", + "/usr/share/zoneinfo/America/Paramaribo", + "/usr/share/zoneinfo/America/Phoenix", + "/usr/share/zoneinfo/America/Port-au-Prince", + "/usr/share/zoneinfo/America/Port_of_Spain", + "/usr/share/zoneinfo/America/Porto_Velho", + "/usr/share/zoneinfo/America/Puerto_Rico", + "/usr/share/zoneinfo/America/Punta_Arenas", + "/usr/share/zoneinfo/America/Rankin_Inlet", + "/usr/share/zoneinfo/America/Recife", + "/usr/share/zoneinfo/America/Regina", + "/usr/share/zoneinfo/America/Resolute", + "/usr/share/zoneinfo/America/Rio_Branco", + "/usr/share/zoneinfo/America/Santarem", + "/usr/share/zoneinfo/America/Santiago", + "/usr/share/zoneinfo/America/Santo_Domingo", + "/usr/share/zoneinfo/America/Sao_Paulo", + "/usr/share/zoneinfo/America/Scoresbysund", + "/usr/share/zoneinfo/America/Sitka", + "/usr/share/zoneinfo/America/St_Johns", + "/usr/share/zoneinfo/America/St_Kitts", + "/usr/share/zoneinfo/America/St_Lucia", + "/usr/share/zoneinfo/America/St_Thomas", + "/usr/share/zoneinfo/America/St_Vincent", + "/usr/share/zoneinfo/America/Swift_Current", + "/usr/share/zoneinfo/America/Tegucigalpa", + "/usr/share/zoneinfo/America/Thule", + "/usr/share/zoneinfo/America/Tijuana", + "/usr/share/zoneinfo/America/Toronto", + "/usr/share/zoneinfo/America/Tortola", + "/usr/share/zoneinfo/America/Vancouver", + "/usr/share/zoneinfo/America/Whitehorse", + "/usr/share/zoneinfo/America/Winnipeg", + "/usr/share/zoneinfo/America/Yakutat", + "/usr/share/zoneinfo/Antarctica/Casey", + "/usr/share/zoneinfo/Antarctica/Davis", + "/usr/share/zoneinfo/Antarctica/DumontDUrville", + "/usr/share/zoneinfo/Antarctica/Macquarie", + "/usr/share/zoneinfo/Antarctica/Mawson", + "/usr/share/zoneinfo/Antarctica/McMurdo", + "/usr/share/zoneinfo/Antarctica/Palmer", + "/usr/share/zoneinfo/Antarctica/Rothera", + "/usr/share/zoneinfo/Antarctica/Syowa", + "/usr/share/zoneinfo/Antarctica/Troll", + "/usr/share/zoneinfo/Antarctica/Vostok", + "/usr/share/zoneinfo/Asia/Aden", + "/usr/share/zoneinfo/Asia/Almaty", + "/usr/share/zoneinfo/Asia/Amman", + "/usr/share/zoneinfo/Asia/Anadyr", + "/usr/share/zoneinfo/Asia/Aqtau", + "/usr/share/zoneinfo/Asia/Aqtobe", + "/usr/share/zoneinfo/Asia/Ashgabat", + "/usr/share/zoneinfo/Asia/Atyrau", + "/usr/share/zoneinfo/Asia/Baghdad", + "/usr/share/zoneinfo/Asia/Bahrain", + "/usr/share/zoneinfo/Asia/Baku", + "/usr/share/zoneinfo/Asia/Bangkok", + "/usr/share/zoneinfo/Asia/Barnaul", + "/usr/share/zoneinfo/Asia/Beirut", + "/usr/share/zoneinfo/Asia/Bishkek", + "/usr/share/zoneinfo/Asia/Brunei", + "/usr/share/zoneinfo/Asia/Chita", + "/usr/share/zoneinfo/Asia/Choibalsan", + "/usr/share/zoneinfo/Asia/Colombo", + "/usr/share/zoneinfo/Asia/Damascus", + "/usr/share/zoneinfo/Asia/Dhaka", + "/usr/share/zoneinfo/Asia/Dili", + "/usr/share/zoneinfo/Asia/Dubai", + "/usr/share/zoneinfo/Asia/Dushanbe", + "/usr/share/zoneinfo/Asia/Famagusta", + "/usr/share/zoneinfo/Asia/Gaza", + "/usr/share/zoneinfo/Asia/Hebron", + "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", + "/usr/share/zoneinfo/Asia/Hong_Kong", + "/usr/share/zoneinfo/Asia/Hovd", + "/usr/share/zoneinfo/Asia/Irkutsk", + "/usr/share/zoneinfo/Asia/Jakarta", + "/usr/share/zoneinfo/Asia/Jayapura", + "/usr/share/zoneinfo/Asia/Jerusalem", + "/usr/share/zoneinfo/Asia/Kabul", + "/usr/share/zoneinfo/Asia/Kamchatka", + "/usr/share/zoneinfo/Asia/Karachi", + "/usr/share/zoneinfo/Asia/Kathmandu", + "/usr/share/zoneinfo/Asia/Khandyga", + "/usr/share/zoneinfo/Asia/Kolkata", + "/usr/share/zoneinfo/Asia/Krasnoyarsk", + "/usr/share/zoneinfo/Asia/Kuala_Lumpur", + "/usr/share/zoneinfo/Asia/Kuching", + "/usr/share/zoneinfo/Asia/Kuwait", + "/usr/share/zoneinfo/Asia/Macau", + "/usr/share/zoneinfo/Asia/Magadan", + "/usr/share/zoneinfo/Asia/Makassar", + "/usr/share/zoneinfo/Asia/Manila", + "/usr/share/zoneinfo/Asia/Muscat", + "/usr/share/zoneinfo/Asia/Nicosia", + "/usr/share/zoneinfo/Asia/Novokuznetsk", + "/usr/share/zoneinfo/Asia/Novosibirsk", + "/usr/share/zoneinfo/Asia/Omsk", + "/usr/share/zoneinfo/Asia/Oral", + "/usr/share/zoneinfo/Asia/Phnom_Penh", + "/usr/share/zoneinfo/Asia/Pontianak", + "/usr/share/zoneinfo/Asia/Pyongyang", + "/usr/share/zoneinfo/Asia/Qatar", + "/usr/share/zoneinfo/Asia/Qostanay", + "/usr/share/zoneinfo/Asia/Qyzylorda", + "/usr/share/zoneinfo/Asia/Riyadh", + "/usr/share/zoneinfo/Asia/Sakhalin", + "/usr/share/zoneinfo/Asia/Samarkand", + "/usr/share/zoneinfo/Asia/Seoul", + "/usr/share/zoneinfo/Asia/Shanghai", + "/usr/share/zoneinfo/Asia/Singapore", + "/usr/share/zoneinfo/Asia/Srednekolymsk", + "/usr/share/zoneinfo/Asia/Taipei", + "/usr/share/zoneinfo/Asia/Tashkent", + "/usr/share/zoneinfo/Asia/Tbilisi", + "/usr/share/zoneinfo/Asia/Tehran", + "/usr/share/zoneinfo/Asia/Thimphu", + "/usr/share/zoneinfo/Asia/Tokyo", + "/usr/share/zoneinfo/Asia/Tomsk", + "/usr/share/zoneinfo/Asia/Ulaanbaatar", + "/usr/share/zoneinfo/Asia/Urumqi", + "/usr/share/zoneinfo/Asia/Ust-Nera", + "/usr/share/zoneinfo/Asia/Vientiane", + "/usr/share/zoneinfo/Asia/Vladivostok", + "/usr/share/zoneinfo/Asia/Yakutsk", + "/usr/share/zoneinfo/Asia/Yangon", + "/usr/share/zoneinfo/Asia/Yekaterinburg", + "/usr/share/zoneinfo/Asia/Yerevan", + "/usr/share/zoneinfo/Atlantic/Azores", + "/usr/share/zoneinfo/Atlantic/Bermuda", + "/usr/share/zoneinfo/Atlantic/Canary", + "/usr/share/zoneinfo/Atlantic/Cape_Verde", + "/usr/share/zoneinfo/Atlantic/Faroe", + "/usr/share/zoneinfo/Atlantic/Madeira", + "/usr/share/zoneinfo/Atlantic/Reykjavik", + "/usr/share/zoneinfo/Atlantic/South_Georgia", + "/usr/share/zoneinfo/Atlantic/St_Helena", + "/usr/share/zoneinfo/Atlantic/Stanley", + "/usr/share/zoneinfo/Australia/Adelaide", + "/usr/share/zoneinfo/Australia/Brisbane", + "/usr/share/zoneinfo/Australia/Broken_Hill", + "/usr/share/zoneinfo/Australia/Darwin", + "/usr/share/zoneinfo/Australia/Eucla", + "/usr/share/zoneinfo/Australia/Hobart", + "/usr/share/zoneinfo/Australia/Lindeman", + "/usr/share/zoneinfo/Australia/Lord_Howe", + "/usr/share/zoneinfo/Australia/Melbourne", + "/usr/share/zoneinfo/Australia/Perth", + "/usr/share/zoneinfo/Australia/Sydney", + "/usr/share/zoneinfo/CET", + "/usr/share/zoneinfo/CST6CDT", + "/usr/share/zoneinfo/EET", + "/usr/share/zoneinfo/EST", + "/usr/share/zoneinfo/EST5EDT", + "/usr/share/zoneinfo/Etc/GMT", + "/usr/share/zoneinfo/Etc/GMT+1", + "/usr/share/zoneinfo/Etc/GMT+10", + "/usr/share/zoneinfo/Etc/GMT+11", + "/usr/share/zoneinfo/Etc/GMT+12", + "/usr/share/zoneinfo/Etc/GMT+2", + "/usr/share/zoneinfo/Etc/GMT+3", + "/usr/share/zoneinfo/Etc/GMT+4", + "/usr/share/zoneinfo/Etc/GMT+5", + "/usr/share/zoneinfo/Etc/GMT+6", + "/usr/share/zoneinfo/Etc/GMT+7", + "/usr/share/zoneinfo/Etc/GMT+8", + "/usr/share/zoneinfo/Etc/GMT+9", + "/usr/share/zoneinfo/Etc/GMT-1", + "/usr/share/zoneinfo/Etc/GMT-10", + "/usr/share/zoneinfo/Etc/GMT-11", + "/usr/share/zoneinfo/Etc/GMT-12", + "/usr/share/zoneinfo/Etc/GMT-13", + "/usr/share/zoneinfo/Etc/GMT-14", + "/usr/share/zoneinfo/Etc/GMT-2", + "/usr/share/zoneinfo/Etc/GMT-3", + "/usr/share/zoneinfo/Etc/GMT-4", + "/usr/share/zoneinfo/Etc/GMT-5", + "/usr/share/zoneinfo/Etc/GMT-6", + "/usr/share/zoneinfo/Etc/GMT-7", + "/usr/share/zoneinfo/Etc/GMT-8", + "/usr/share/zoneinfo/Etc/GMT-9", + "/usr/share/zoneinfo/Etc/UTC", + "/usr/share/zoneinfo/Europe/Amsterdam", + "/usr/share/zoneinfo/Europe/Andorra", + "/usr/share/zoneinfo/Europe/Astrakhan", + "/usr/share/zoneinfo/Europe/Athens", + "/usr/share/zoneinfo/Europe/Belgrade", + "/usr/share/zoneinfo/Europe/Berlin", + "/usr/share/zoneinfo/Europe/Brussels", + "/usr/share/zoneinfo/Europe/Bucharest", + "/usr/share/zoneinfo/Europe/Budapest", + "/usr/share/zoneinfo/Europe/Chisinau", + "/usr/share/zoneinfo/Europe/Copenhagen", + "/usr/share/zoneinfo/Europe/Dublin", + "/usr/share/zoneinfo/Europe/Gibraltar", + "/usr/share/zoneinfo/Europe/Guernsey", + "/usr/share/zoneinfo/Europe/Helsinki", + "/usr/share/zoneinfo/Europe/Isle_of_Man", + "/usr/share/zoneinfo/Europe/Istanbul", + "/usr/share/zoneinfo/Europe/Jersey", + "/usr/share/zoneinfo/Europe/Kaliningrad", + "/usr/share/zoneinfo/Europe/Kirov", + "/usr/share/zoneinfo/Europe/Kyiv", + "/usr/share/zoneinfo/Europe/Lisbon", + "/usr/share/zoneinfo/Europe/Ljubljana", + "/usr/share/zoneinfo/Europe/London", + "/usr/share/zoneinfo/Europe/Luxembourg", + "/usr/share/zoneinfo/Europe/Madrid", + "/usr/share/zoneinfo/Europe/Malta", + "/usr/share/zoneinfo/Europe/Minsk", + "/usr/share/zoneinfo/Europe/Monaco", + "/usr/share/zoneinfo/Europe/Moscow", + "/usr/share/zoneinfo/Europe/Oslo", + "/usr/share/zoneinfo/Europe/Paris", + "/usr/share/zoneinfo/Europe/Prague", + "/usr/share/zoneinfo/Europe/Riga", + "/usr/share/zoneinfo/Europe/Rome", + "/usr/share/zoneinfo/Europe/Samara", + "/usr/share/zoneinfo/Europe/Sarajevo", + "/usr/share/zoneinfo/Europe/Saratov", + "/usr/share/zoneinfo/Europe/Simferopol", + "/usr/share/zoneinfo/Europe/Skopje", + "/usr/share/zoneinfo/Europe/Sofia", + "/usr/share/zoneinfo/Europe/Stockholm", + "/usr/share/zoneinfo/Europe/Tallinn", + "/usr/share/zoneinfo/Europe/Tirane", + "/usr/share/zoneinfo/Europe/Ulyanovsk", + "/usr/share/zoneinfo/Europe/Vaduz", + "/usr/share/zoneinfo/Europe/Vienna", + "/usr/share/zoneinfo/Europe/Vilnius", + "/usr/share/zoneinfo/Europe/Volgograd", + "/usr/share/zoneinfo/Europe/Warsaw", + "/usr/share/zoneinfo/Europe/Zagreb", + "/usr/share/zoneinfo/Europe/Zurich", + "/usr/share/zoneinfo/Factory", + "/usr/share/zoneinfo/HST", + "/usr/share/zoneinfo/Indian/Antananarivo", + "/usr/share/zoneinfo/Indian/Chagos", + "/usr/share/zoneinfo/Indian/Christmas", + "/usr/share/zoneinfo/Indian/Cocos", + "/usr/share/zoneinfo/Indian/Comoro", + "/usr/share/zoneinfo/Indian/Kerguelen", + "/usr/share/zoneinfo/Indian/Mahe", + "/usr/share/zoneinfo/Indian/Maldives", + "/usr/share/zoneinfo/Indian/Mauritius", + "/usr/share/zoneinfo/Indian/Mayotte", + "/usr/share/zoneinfo/Indian/Reunion", + "/usr/share/zoneinfo/MET", + "/usr/share/zoneinfo/MST", + "/usr/share/zoneinfo/MST7MDT", + "/usr/share/zoneinfo/PST8PDT", + "/usr/share/zoneinfo/Pacific/Apia", + "/usr/share/zoneinfo/Pacific/Auckland", + "/usr/share/zoneinfo/Pacific/Bougainville", + "/usr/share/zoneinfo/Pacific/Chatham", + "/usr/share/zoneinfo/Pacific/Chuuk", + "/usr/share/zoneinfo/Pacific/Easter", + "/usr/share/zoneinfo/Pacific/Efate", + "/usr/share/zoneinfo/Pacific/Fakaofo", + "/usr/share/zoneinfo/Pacific/Fiji", + "/usr/share/zoneinfo/Pacific/Funafuti", + "/usr/share/zoneinfo/Pacific/Galapagos", + "/usr/share/zoneinfo/Pacific/Gambier", + "/usr/share/zoneinfo/Pacific/Guadalcanal", + "/usr/share/zoneinfo/Pacific/Guam", + "/usr/share/zoneinfo/Pacific/Honolulu", + "/usr/share/zoneinfo/Pacific/Kanton", + "/usr/share/zoneinfo/Pacific/Kiritimati", + "/usr/share/zoneinfo/Pacific/Kosrae", + "/usr/share/zoneinfo/Pacific/Kwajalein", + "/usr/share/zoneinfo/Pacific/Majuro", + "/usr/share/zoneinfo/Pacific/Marquesas", + "/usr/share/zoneinfo/Pacific/Midway", + "/usr/share/zoneinfo/Pacific/Nauru", + "/usr/share/zoneinfo/Pacific/Niue", + "/usr/share/zoneinfo/Pacific/Norfolk", + "/usr/share/zoneinfo/Pacific/Noumea", + "/usr/share/zoneinfo/Pacific/Pago_Pago", + "/usr/share/zoneinfo/Pacific/Palau", + "/usr/share/zoneinfo/Pacific/Pitcairn", + "/usr/share/zoneinfo/Pacific/Pohnpei", + "/usr/share/zoneinfo/Pacific/Port_Moresby", + "/usr/share/zoneinfo/Pacific/Rarotonga", + "/usr/share/zoneinfo/Pacific/Saipan", + "/usr/share/zoneinfo/Pacific/Tahiti", + "/usr/share/zoneinfo/Pacific/Tarawa", + "/usr/share/zoneinfo/Pacific/Tongatapu", + "/usr/share/zoneinfo/Pacific/Wake", + "/usr/share/zoneinfo/Pacific/Wallis", + "/usr/share/zoneinfo/WET", + "/usr/share/zoneinfo/iso3166.tab", + "/usr/share/zoneinfo/leap-seconds.list", + "/usr/share/zoneinfo/leapseconds", + "/usr/share/zoneinfo/right/Africa/Abidjan", + "/usr/share/zoneinfo/right/Africa/Accra", + "/usr/share/zoneinfo/right/Africa/Addis_Ababa", + "/usr/share/zoneinfo/right/Africa/Algiers", + "/usr/share/zoneinfo/right/Africa/Asmara", + "/usr/share/zoneinfo/right/Africa/Bamako", + "/usr/share/zoneinfo/right/Africa/Bangui", + "/usr/share/zoneinfo/right/Africa/Banjul", + "/usr/share/zoneinfo/right/Africa/Bissau", + "/usr/share/zoneinfo/right/Africa/Blantyre", + "/usr/share/zoneinfo/right/Africa/Brazzaville", + "/usr/share/zoneinfo/right/Africa/Bujumbura", + "/usr/share/zoneinfo/right/Africa/Cairo", + "/usr/share/zoneinfo/right/Africa/Casablanca", + "/usr/share/zoneinfo/right/Africa/Ceuta", + "/usr/share/zoneinfo/right/Africa/Conakry", + "/usr/share/zoneinfo/right/Africa/Dakar", + "/usr/share/zoneinfo/right/Africa/Dar_es_Salaam", + "/usr/share/zoneinfo/right/Africa/Djibouti", + "/usr/share/zoneinfo/right/Africa/Douala", + "/usr/share/zoneinfo/right/Africa/El_Aaiun", + "/usr/share/zoneinfo/right/Africa/Freetown", + "/usr/share/zoneinfo/right/Africa/Gaborone", + "/usr/share/zoneinfo/right/Africa/Harare", + "/usr/share/zoneinfo/right/Africa/Johannesburg", + "/usr/share/zoneinfo/right/Africa/Juba", + "/usr/share/zoneinfo/right/Africa/Kampala", + "/usr/share/zoneinfo/right/Africa/Khartoum", + "/usr/share/zoneinfo/right/Africa/Kigali", + "/usr/share/zoneinfo/right/Africa/Kinshasa", + "/usr/share/zoneinfo/right/Africa/Lagos", + "/usr/share/zoneinfo/right/Africa/Libreville", + "/usr/share/zoneinfo/right/Africa/Lome", + "/usr/share/zoneinfo/right/Africa/Luanda", + "/usr/share/zoneinfo/right/Africa/Lubumbashi", + "/usr/share/zoneinfo/right/Africa/Lusaka", + "/usr/share/zoneinfo/right/Africa/Malabo", + "/usr/share/zoneinfo/right/Africa/Maputo", + "/usr/share/zoneinfo/right/Africa/Maseru", + "/usr/share/zoneinfo/right/Africa/Mbabane", + "/usr/share/zoneinfo/right/Africa/Mogadishu", + "/usr/share/zoneinfo/right/Africa/Monrovia", + "/usr/share/zoneinfo/right/Africa/Nairobi", + "/usr/share/zoneinfo/right/Africa/Ndjamena", + "/usr/share/zoneinfo/right/Africa/Niamey", + "/usr/share/zoneinfo/right/Africa/Nouakchott", + "/usr/share/zoneinfo/right/Africa/Ouagadougou", + "/usr/share/zoneinfo/right/Africa/Porto-Novo", + "/usr/share/zoneinfo/right/Africa/Sao_Tome", + "/usr/share/zoneinfo/right/Africa/Tripoli", + "/usr/share/zoneinfo/right/Africa/Tunis", + "/usr/share/zoneinfo/right/Africa/Windhoek", + "/usr/share/zoneinfo/right/America/Adak", + "/usr/share/zoneinfo/right/America/Anchorage", + "/usr/share/zoneinfo/right/America/Anguilla", + "/usr/share/zoneinfo/right/America/Antigua", + "/usr/share/zoneinfo/right/America/Araguaina", + "/usr/share/zoneinfo/right/America/Argentina/Buenos_Aires", + "/usr/share/zoneinfo/right/America/Argentina/Catamarca", + "/usr/share/zoneinfo/right/America/Argentina/Cordoba", + "/usr/share/zoneinfo/right/America/Argentina/Jujuy", + "/usr/share/zoneinfo/right/America/Argentina/La_Rioja", + "/usr/share/zoneinfo/right/America/Argentina/Mendoza", + "/usr/share/zoneinfo/right/America/Argentina/Rio_Gallegos", + "/usr/share/zoneinfo/right/America/Argentina/Salta", + "/usr/share/zoneinfo/right/America/Argentina/San_Juan", + "/usr/share/zoneinfo/right/America/Argentina/San_Luis", + "/usr/share/zoneinfo/right/America/Argentina/Tucuman", + "/usr/share/zoneinfo/right/America/Argentina/Ushuaia", + "/usr/share/zoneinfo/right/America/Aruba", + "/usr/share/zoneinfo/right/America/Asuncion", + "/usr/share/zoneinfo/right/America/Atikokan", + "/usr/share/zoneinfo/right/America/Bahia", + "/usr/share/zoneinfo/right/America/Bahia_Banderas", + "/usr/share/zoneinfo/right/America/Barbados", + "/usr/share/zoneinfo/right/America/Belem", + "/usr/share/zoneinfo/right/America/Belize", + "/usr/share/zoneinfo/right/America/Blanc-Sablon", + "/usr/share/zoneinfo/right/America/Boa_Vista", + "/usr/share/zoneinfo/right/America/Bogota", + "/usr/share/zoneinfo/right/America/Boise", + "/usr/share/zoneinfo/right/America/Cambridge_Bay", + "/usr/share/zoneinfo/right/America/Campo_Grande", + "/usr/share/zoneinfo/right/America/Cancun", + "/usr/share/zoneinfo/right/America/Caracas", + "/usr/share/zoneinfo/right/America/Cayenne", + "/usr/share/zoneinfo/right/America/Cayman", + "/usr/share/zoneinfo/right/America/Chicago", + "/usr/share/zoneinfo/right/America/Chihuahua", + "/usr/share/zoneinfo/right/America/Ciudad_Juarez", + "/usr/share/zoneinfo/right/America/Costa_Rica", + "/usr/share/zoneinfo/right/America/Creston", + "/usr/share/zoneinfo/right/America/Cuiaba", + "/usr/share/zoneinfo/right/America/Curacao", + "/usr/share/zoneinfo/right/America/Danmarkshavn", + "/usr/share/zoneinfo/right/America/Dawson", + "/usr/share/zoneinfo/right/America/Dawson_Creek", + "/usr/share/zoneinfo/right/America/Denver", + "/usr/share/zoneinfo/right/America/Detroit", + "/usr/share/zoneinfo/right/America/Dominica", + "/usr/share/zoneinfo/right/America/Edmonton", + "/usr/share/zoneinfo/right/America/Eirunepe", + "/usr/share/zoneinfo/right/America/El_Salvador", + "/usr/share/zoneinfo/right/America/Fort_Nelson", + "/usr/share/zoneinfo/right/America/Fortaleza", + "/usr/share/zoneinfo/right/America/Glace_Bay", + "/usr/share/zoneinfo/right/America/Goose_Bay", + "/usr/share/zoneinfo/right/America/Grand_Turk", + "/usr/share/zoneinfo/right/America/Grenada", + "/usr/share/zoneinfo/right/America/Guadeloupe", + "/usr/share/zoneinfo/right/America/Guatemala", + "/usr/share/zoneinfo/right/America/Guayaquil", + "/usr/share/zoneinfo/right/America/Guyana", + "/usr/share/zoneinfo/right/America/Halifax", + "/usr/share/zoneinfo/right/America/Havana", + "/usr/share/zoneinfo/right/America/Hermosillo", + "/usr/share/zoneinfo/right/America/Indiana/Indianapolis", + "/usr/share/zoneinfo/right/America/Indiana/Knox", + "/usr/share/zoneinfo/right/America/Indiana/Marengo", + "/usr/share/zoneinfo/right/America/Indiana/Petersburg", + "/usr/share/zoneinfo/right/America/Indiana/Tell_City", + "/usr/share/zoneinfo/right/America/Indiana/Vevay", + "/usr/share/zoneinfo/right/America/Indiana/Vincennes", + "/usr/share/zoneinfo/right/America/Indiana/Winamac", + "/usr/share/zoneinfo/right/America/Inuvik", + "/usr/share/zoneinfo/right/America/Iqaluit", + "/usr/share/zoneinfo/right/America/Jamaica", + "/usr/share/zoneinfo/right/America/Juneau", + "/usr/share/zoneinfo/right/America/Kentucky/Louisville", + "/usr/share/zoneinfo/right/America/Kentucky/Monticello", + "/usr/share/zoneinfo/right/America/La_Paz", + "/usr/share/zoneinfo/right/America/Lima", + "/usr/share/zoneinfo/right/America/Los_Angeles", + "/usr/share/zoneinfo/right/America/Maceio", + "/usr/share/zoneinfo/right/America/Managua", + "/usr/share/zoneinfo/right/America/Manaus", + "/usr/share/zoneinfo/right/America/Martinique", + "/usr/share/zoneinfo/right/America/Matamoros", + "/usr/share/zoneinfo/right/America/Mazatlan", + "/usr/share/zoneinfo/right/America/Menominee", + "/usr/share/zoneinfo/right/America/Merida", + "/usr/share/zoneinfo/right/America/Metlakatla", + "/usr/share/zoneinfo/right/America/Mexico_City", + "/usr/share/zoneinfo/right/America/Miquelon", + "/usr/share/zoneinfo/right/America/Moncton", + "/usr/share/zoneinfo/right/America/Monterrey", + "/usr/share/zoneinfo/right/America/Montevideo", + "/usr/share/zoneinfo/right/America/Montserrat", + "/usr/share/zoneinfo/right/America/Nassau", + "/usr/share/zoneinfo/right/America/New_York", + "/usr/share/zoneinfo/right/America/Nome", + "/usr/share/zoneinfo/right/America/Noronha", + "/usr/share/zoneinfo/right/America/North_Dakota/Beulah", + "/usr/share/zoneinfo/right/America/North_Dakota/Center", + "/usr/share/zoneinfo/right/America/North_Dakota/New_Salem", + "/usr/share/zoneinfo/right/America/Nuuk", + "/usr/share/zoneinfo/right/America/Ojinaga", + "/usr/share/zoneinfo/right/America/Panama", + "/usr/share/zoneinfo/right/America/Paramaribo", + "/usr/share/zoneinfo/right/America/Phoenix", + "/usr/share/zoneinfo/right/America/Port-au-Prince", + "/usr/share/zoneinfo/right/America/Port_of_Spain", + "/usr/share/zoneinfo/right/America/Porto_Velho", + "/usr/share/zoneinfo/right/America/Puerto_Rico", + "/usr/share/zoneinfo/right/America/Punta_Arenas", + "/usr/share/zoneinfo/right/America/Rankin_Inlet", + "/usr/share/zoneinfo/right/America/Recife", + "/usr/share/zoneinfo/right/America/Regina", + "/usr/share/zoneinfo/right/America/Resolute", + "/usr/share/zoneinfo/right/America/Rio_Branco", + "/usr/share/zoneinfo/right/America/Santarem", + "/usr/share/zoneinfo/right/America/Santiago", + "/usr/share/zoneinfo/right/America/Santo_Domingo", + "/usr/share/zoneinfo/right/America/Sao_Paulo", + "/usr/share/zoneinfo/right/America/Scoresbysund", + "/usr/share/zoneinfo/right/America/Sitka", + "/usr/share/zoneinfo/right/America/St_Johns", + "/usr/share/zoneinfo/right/America/St_Kitts", + "/usr/share/zoneinfo/right/America/St_Lucia", + "/usr/share/zoneinfo/right/America/St_Thomas", + "/usr/share/zoneinfo/right/America/St_Vincent", + "/usr/share/zoneinfo/right/America/Swift_Current", + "/usr/share/zoneinfo/right/America/Tegucigalpa", + "/usr/share/zoneinfo/right/America/Thule", + "/usr/share/zoneinfo/right/America/Tijuana", + "/usr/share/zoneinfo/right/America/Toronto", + "/usr/share/zoneinfo/right/America/Tortola", + "/usr/share/zoneinfo/right/America/Vancouver", + "/usr/share/zoneinfo/right/America/Whitehorse", + "/usr/share/zoneinfo/right/America/Winnipeg", + "/usr/share/zoneinfo/right/America/Yakutat", + "/usr/share/zoneinfo/right/Antarctica/Casey", + "/usr/share/zoneinfo/right/Antarctica/Davis", + "/usr/share/zoneinfo/right/Antarctica/DumontDUrville", + "/usr/share/zoneinfo/right/Antarctica/Macquarie", + "/usr/share/zoneinfo/right/Antarctica/Mawson", + "/usr/share/zoneinfo/right/Antarctica/McMurdo", + "/usr/share/zoneinfo/right/Antarctica/Palmer", + "/usr/share/zoneinfo/right/Antarctica/Rothera", + "/usr/share/zoneinfo/right/Antarctica/Syowa", + "/usr/share/zoneinfo/right/Antarctica/Troll", + "/usr/share/zoneinfo/right/Antarctica/Vostok", + "/usr/share/zoneinfo/right/Asia/Aden", + "/usr/share/zoneinfo/right/Asia/Almaty", + "/usr/share/zoneinfo/right/Asia/Amman", + "/usr/share/zoneinfo/right/Asia/Anadyr", + "/usr/share/zoneinfo/right/Asia/Aqtau", + "/usr/share/zoneinfo/right/Asia/Aqtobe", + "/usr/share/zoneinfo/right/Asia/Ashgabat", + "/usr/share/zoneinfo/right/Asia/Atyrau", + "/usr/share/zoneinfo/right/Asia/Baghdad", + "/usr/share/zoneinfo/right/Asia/Bahrain", + "/usr/share/zoneinfo/right/Asia/Baku", + "/usr/share/zoneinfo/right/Asia/Bangkok", + "/usr/share/zoneinfo/right/Asia/Barnaul", + "/usr/share/zoneinfo/right/Asia/Beirut", + "/usr/share/zoneinfo/right/Asia/Bishkek", + "/usr/share/zoneinfo/right/Asia/Brunei", + "/usr/share/zoneinfo/right/Asia/Chita", + "/usr/share/zoneinfo/right/Asia/Choibalsan", + "/usr/share/zoneinfo/right/Asia/Colombo", + "/usr/share/zoneinfo/right/Asia/Damascus", + "/usr/share/zoneinfo/right/Asia/Dhaka", + "/usr/share/zoneinfo/right/Asia/Dili", + "/usr/share/zoneinfo/right/Asia/Dubai", + "/usr/share/zoneinfo/right/Asia/Dushanbe", + "/usr/share/zoneinfo/right/Asia/Famagusta", + "/usr/share/zoneinfo/right/Asia/Gaza", + "/usr/share/zoneinfo/right/Asia/Hebron", + "/usr/share/zoneinfo/right/Asia/Ho_Chi_Minh", + "/usr/share/zoneinfo/right/Asia/Hong_Kong", + "/usr/share/zoneinfo/right/Asia/Hovd", + "/usr/share/zoneinfo/right/Asia/Irkutsk", + "/usr/share/zoneinfo/right/Asia/Jakarta", + "/usr/share/zoneinfo/right/Asia/Jayapura", + "/usr/share/zoneinfo/right/Asia/Jerusalem", + "/usr/share/zoneinfo/right/Asia/Kabul", + "/usr/share/zoneinfo/right/Asia/Kamchatka", + "/usr/share/zoneinfo/right/Asia/Karachi", + "/usr/share/zoneinfo/right/Asia/Kathmandu", + "/usr/share/zoneinfo/right/Asia/Khandyga", + "/usr/share/zoneinfo/right/Asia/Kolkata", + "/usr/share/zoneinfo/right/Asia/Krasnoyarsk", + "/usr/share/zoneinfo/right/Asia/Kuala_Lumpur", + "/usr/share/zoneinfo/right/Asia/Kuching", + "/usr/share/zoneinfo/right/Asia/Kuwait", + "/usr/share/zoneinfo/right/Asia/Macau", + "/usr/share/zoneinfo/right/Asia/Magadan", + "/usr/share/zoneinfo/right/Asia/Makassar", + "/usr/share/zoneinfo/right/Asia/Manila", + "/usr/share/zoneinfo/right/Asia/Muscat", + "/usr/share/zoneinfo/right/Asia/Nicosia", + "/usr/share/zoneinfo/right/Asia/Novokuznetsk", + "/usr/share/zoneinfo/right/Asia/Novosibirsk", + "/usr/share/zoneinfo/right/Asia/Omsk", + "/usr/share/zoneinfo/right/Asia/Oral", + "/usr/share/zoneinfo/right/Asia/Phnom_Penh", + "/usr/share/zoneinfo/right/Asia/Pontianak", + "/usr/share/zoneinfo/right/Asia/Pyongyang", + "/usr/share/zoneinfo/right/Asia/Qatar", + "/usr/share/zoneinfo/right/Asia/Qostanay", + "/usr/share/zoneinfo/right/Asia/Qyzylorda", + "/usr/share/zoneinfo/right/Asia/Riyadh", + "/usr/share/zoneinfo/right/Asia/Sakhalin", + "/usr/share/zoneinfo/right/Asia/Samarkand", + "/usr/share/zoneinfo/right/Asia/Seoul", + "/usr/share/zoneinfo/right/Asia/Shanghai", + "/usr/share/zoneinfo/right/Asia/Singapore", + "/usr/share/zoneinfo/right/Asia/Srednekolymsk", + "/usr/share/zoneinfo/right/Asia/Taipei", + "/usr/share/zoneinfo/right/Asia/Tashkent", + "/usr/share/zoneinfo/right/Asia/Tbilisi", + "/usr/share/zoneinfo/right/Asia/Tehran", + "/usr/share/zoneinfo/right/Asia/Thimphu", + "/usr/share/zoneinfo/right/Asia/Tokyo", + "/usr/share/zoneinfo/right/Asia/Tomsk", + "/usr/share/zoneinfo/right/Asia/Ulaanbaatar", + "/usr/share/zoneinfo/right/Asia/Urumqi", + "/usr/share/zoneinfo/right/Asia/Ust-Nera", + "/usr/share/zoneinfo/right/Asia/Vientiane", + "/usr/share/zoneinfo/right/Asia/Vladivostok", + "/usr/share/zoneinfo/right/Asia/Yakutsk", + "/usr/share/zoneinfo/right/Asia/Yangon", + "/usr/share/zoneinfo/right/Asia/Yekaterinburg", + "/usr/share/zoneinfo/right/Asia/Yerevan", + "/usr/share/zoneinfo/right/Atlantic/Azores", + "/usr/share/zoneinfo/right/Atlantic/Bermuda", + "/usr/share/zoneinfo/right/Atlantic/Canary", + "/usr/share/zoneinfo/right/Atlantic/Cape_Verde", + "/usr/share/zoneinfo/right/Atlantic/Faroe", + "/usr/share/zoneinfo/right/Atlantic/Madeira", + "/usr/share/zoneinfo/right/Atlantic/Reykjavik", + "/usr/share/zoneinfo/right/Atlantic/South_Georgia", + "/usr/share/zoneinfo/right/Atlantic/St_Helena", + "/usr/share/zoneinfo/right/Atlantic/Stanley", + "/usr/share/zoneinfo/right/Australia/Adelaide", + "/usr/share/zoneinfo/right/Australia/Brisbane", + "/usr/share/zoneinfo/right/Australia/Broken_Hill", + "/usr/share/zoneinfo/right/Australia/Darwin", + "/usr/share/zoneinfo/right/Australia/Eucla", + "/usr/share/zoneinfo/right/Australia/Hobart", + "/usr/share/zoneinfo/right/Australia/Lindeman", + "/usr/share/zoneinfo/right/Australia/Lord_Howe", + "/usr/share/zoneinfo/right/Australia/Melbourne", + "/usr/share/zoneinfo/right/Australia/Perth", + "/usr/share/zoneinfo/right/Australia/Sydney", + "/usr/share/zoneinfo/right/CET", + "/usr/share/zoneinfo/right/CST6CDT", + "/usr/share/zoneinfo/right/EET", + "/usr/share/zoneinfo/right/EST", + "/usr/share/zoneinfo/right/EST5EDT", + "/usr/share/zoneinfo/right/Etc/GMT", + "/usr/share/zoneinfo/right/Etc/GMT+1", + "/usr/share/zoneinfo/right/Etc/GMT+10", + "/usr/share/zoneinfo/right/Etc/GMT+11", + "/usr/share/zoneinfo/right/Etc/GMT+12", + "/usr/share/zoneinfo/right/Etc/GMT+2", + "/usr/share/zoneinfo/right/Etc/GMT+3", + "/usr/share/zoneinfo/right/Etc/GMT+4", + "/usr/share/zoneinfo/right/Etc/GMT+5", + "/usr/share/zoneinfo/right/Etc/GMT+6", + "/usr/share/zoneinfo/right/Etc/GMT+7", + "/usr/share/zoneinfo/right/Etc/GMT+8", + "/usr/share/zoneinfo/right/Etc/GMT+9", + "/usr/share/zoneinfo/right/Etc/GMT-1", + "/usr/share/zoneinfo/right/Etc/GMT-10", + "/usr/share/zoneinfo/right/Etc/GMT-11", + "/usr/share/zoneinfo/right/Etc/GMT-12", + "/usr/share/zoneinfo/right/Etc/GMT-13", + "/usr/share/zoneinfo/right/Etc/GMT-14", + "/usr/share/zoneinfo/right/Etc/GMT-2", + "/usr/share/zoneinfo/right/Etc/GMT-3", + "/usr/share/zoneinfo/right/Etc/GMT-4", + "/usr/share/zoneinfo/right/Etc/GMT-5", + "/usr/share/zoneinfo/right/Etc/GMT-6", + "/usr/share/zoneinfo/right/Etc/GMT-7", + "/usr/share/zoneinfo/right/Etc/GMT-8", + "/usr/share/zoneinfo/right/Etc/GMT-9", + "/usr/share/zoneinfo/right/Etc/UTC", + "/usr/share/zoneinfo/right/Europe/Amsterdam", + "/usr/share/zoneinfo/right/Europe/Andorra", + "/usr/share/zoneinfo/right/Europe/Astrakhan", + "/usr/share/zoneinfo/right/Europe/Athens", + "/usr/share/zoneinfo/right/Europe/Belgrade", + "/usr/share/zoneinfo/right/Europe/Berlin", + "/usr/share/zoneinfo/right/Europe/Brussels", + "/usr/share/zoneinfo/right/Europe/Bucharest", + "/usr/share/zoneinfo/right/Europe/Budapest", + "/usr/share/zoneinfo/right/Europe/Chisinau", + "/usr/share/zoneinfo/right/Europe/Copenhagen", + "/usr/share/zoneinfo/right/Europe/Dublin", + "/usr/share/zoneinfo/right/Europe/Gibraltar", + "/usr/share/zoneinfo/right/Europe/Guernsey", + "/usr/share/zoneinfo/right/Europe/Helsinki", + "/usr/share/zoneinfo/right/Europe/Isle_of_Man", + "/usr/share/zoneinfo/right/Europe/Istanbul", + "/usr/share/zoneinfo/right/Europe/Jersey", + "/usr/share/zoneinfo/right/Europe/Kaliningrad", + "/usr/share/zoneinfo/right/Europe/Kirov", + "/usr/share/zoneinfo/right/Europe/Kyiv", + "/usr/share/zoneinfo/right/Europe/Lisbon", + "/usr/share/zoneinfo/right/Europe/Ljubljana", + "/usr/share/zoneinfo/right/Europe/London", + "/usr/share/zoneinfo/right/Europe/Luxembourg", + "/usr/share/zoneinfo/right/Europe/Madrid", + "/usr/share/zoneinfo/right/Europe/Malta", + "/usr/share/zoneinfo/right/Europe/Minsk", + "/usr/share/zoneinfo/right/Europe/Monaco", + "/usr/share/zoneinfo/right/Europe/Moscow", + "/usr/share/zoneinfo/right/Europe/Oslo", + "/usr/share/zoneinfo/right/Europe/Paris", + "/usr/share/zoneinfo/right/Europe/Prague", + "/usr/share/zoneinfo/right/Europe/Riga", + "/usr/share/zoneinfo/right/Europe/Rome", + "/usr/share/zoneinfo/right/Europe/Samara", + "/usr/share/zoneinfo/right/Europe/Sarajevo", + "/usr/share/zoneinfo/right/Europe/Saratov", + "/usr/share/zoneinfo/right/Europe/Simferopol", + "/usr/share/zoneinfo/right/Europe/Skopje", + "/usr/share/zoneinfo/right/Europe/Sofia", + "/usr/share/zoneinfo/right/Europe/Stockholm", + "/usr/share/zoneinfo/right/Europe/Tallinn", + "/usr/share/zoneinfo/right/Europe/Tirane", + "/usr/share/zoneinfo/right/Europe/Ulyanovsk", + "/usr/share/zoneinfo/right/Europe/Vaduz", + "/usr/share/zoneinfo/right/Europe/Vienna", + "/usr/share/zoneinfo/right/Europe/Vilnius", + "/usr/share/zoneinfo/right/Europe/Volgograd", + "/usr/share/zoneinfo/right/Europe/Warsaw", + "/usr/share/zoneinfo/right/Europe/Zagreb", + "/usr/share/zoneinfo/right/Europe/Zurich", + "/usr/share/zoneinfo/right/Factory", + "/usr/share/zoneinfo/right/HST", + "/usr/share/zoneinfo/right/Indian/Antananarivo", + "/usr/share/zoneinfo/right/Indian/Chagos", + "/usr/share/zoneinfo/right/Indian/Christmas", + "/usr/share/zoneinfo/right/Indian/Cocos", + "/usr/share/zoneinfo/right/Indian/Comoro", + "/usr/share/zoneinfo/right/Indian/Kerguelen", + "/usr/share/zoneinfo/right/Indian/Mahe", + "/usr/share/zoneinfo/right/Indian/Maldives", + "/usr/share/zoneinfo/right/Indian/Mauritius", + "/usr/share/zoneinfo/right/Indian/Mayotte", + "/usr/share/zoneinfo/right/Indian/Reunion", + "/usr/share/zoneinfo/right/MET", + "/usr/share/zoneinfo/right/MST", + "/usr/share/zoneinfo/right/MST7MDT", + "/usr/share/zoneinfo/right/PST8PDT", + "/usr/share/zoneinfo/right/Pacific/Apia", + "/usr/share/zoneinfo/right/Pacific/Auckland", + "/usr/share/zoneinfo/right/Pacific/Bougainville", + "/usr/share/zoneinfo/right/Pacific/Chatham", + "/usr/share/zoneinfo/right/Pacific/Chuuk", + "/usr/share/zoneinfo/right/Pacific/Easter", + "/usr/share/zoneinfo/right/Pacific/Efate", + "/usr/share/zoneinfo/right/Pacific/Fakaofo", + "/usr/share/zoneinfo/right/Pacific/Fiji", + "/usr/share/zoneinfo/right/Pacific/Funafuti", + "/usr/share/zoneinfo/right/Pacific/Galapagos", + "/usr/share/zoneinfo/right/Pacific/Gambier", + "/usr/share/zoneinfo/right/Pacific/Guadalcanal", + "/usr/share/zoneinfo/right/Pacific/Guam", + "/usr/share/zoneinfo/right/Pacific/Honolulu", + "/usr/share/zoneinfo/right/Pacific/Kanton", + "/usr/share/zoneinfo/right/Pacific/Kiritimati", + "/usr/share/zoneinfo/right/Pacific/Kosrae", + "/usr/share/zoneinfo/right/Pacific/Kwajalein", + "/usr/share/zoneinfo/right/Pacific/Majuro", + "/usr/share/zoneinfo/right/Pacific/Marquesas", + "/usr/share/zoneinfo/right/Pacific/Midway", + "/usr/share/zoneinfo/right/Pacific/Nauru", + "/usr/share/zoneinfo/right/Pacific/Niue", + "/usr/share/zoneinfo/right/Pacific/Norfolk", + "/usr/share/zoneinfo/right/Pacific/Noumea", + "/usr/share/zoneinfo/right/Pacific/Pago_Pago", + "/usr/share/zoneinfo/right/Pacific/Palau", + "/usr/share/zoneinfo/right/Pacific/Pitcairn", + "/usr/share/zoneinfo/right/Pacific/Pohnpei", + "/usr/share/zoneinfo/right/Pacific/Port_Moresby", + "/usr/share/zoneinfo/right/Pacific/Rarotonga", + "/usr/share/zoneinfo/right/Pacific/Saipan", + "/usr/share/zoneinfo/right/Pacific/Tahiti", + "/usr/share/zoneinfo/right/Pacific/Tarawa", + "/usr/share/zoneinfo/right/Pacific/Tongatapu", + "/usr/share/zoneinfo/right/Pacific/Wake", + "/usr/share/zoneinfo/right/Pacific/Wallis", + "/usr/share/zoneinfo/right/WET", + "/usr/share/zoneinfo/tzdata.zi", + "/usr/share/zoneinfo/zone.tab", + "/usr/share/zoneinfo/zone1970.tab" + ], + "AnalyzedBy": "dpkg" + } + ] + }, + { + "Target": "app/cmd/webhook/webhook", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "stdlib@v1.21.9", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "Version": "v1.21.9", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "../../", + "Name": "../../", + "Identifier": { + "UID": "cbe3469b8d13950c" + }, + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/go-ntlmssp@v0.0.0-20221128193559-754e69321358", + "Name": "github.com/Azure/go-ntlmssp", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/go-ntlmssp@v0.0.0-20221128193559-754e69321358", + "UID": "46b12919e66d1f4d" + }, + "Version": "v0.0.0-20221128193559-754e69321358", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/antlr/antlr4/runtime/Go/antlr/v4@v4.0.0-20230305170008-8188dc5388df", + "Name": "github.com/antlr/antlr4/runtime/Go/antlr/v4", + "Identifier": { + "PURL": "pkg:golang/github.com/antlr/antlr4/runtime/go/antlr/v4@v4.0.0-20230305170008-8188dc5388df", + "UID": "af913f55ec9c765d" + }, + "Version": "v4.0.0-20230305170008-8188dc5388df", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/beorn7/perks@v1.0.1", + "Name": "github.com/beorn7/perks", + "Identifier": { + "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", + "UID": "e075a1434fd048d5" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/blang/semver/v4@v4.0.0", + "Name": "github.com/blang/semver/v4", + "Identifier": { + "PURL": "pkg:golang/github.com/blang/semver/v4@v4.0.0", + "UID": "d453ee4309150d24" + }, + "Version": "v4.0.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cenkalti/backoff/v4@v4.2.1", + "Name": "github.com/cenkalti/backoff/v4", + "Identifier": { + "PURL": "pkg:golang/github.com/cenkalti/backoff/v4@v4.2.1", + "UID": "87e9b53fe3899563" + }, + "Version": "v4.2.1", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cert-manager/cert-manager/webhook-binary", + "Name": "github.com/cert-manager/cert-manager/webhook-binary", + "Identifier": { + "PURL": "pkg:golang/github.com/cert-manager/cert-manager/webhook-binary", + "UID": "34ec461880221930" + }, + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cespare/xxhash/v2@v2.2.0", + "Name": "github.com/cespare/xxhash/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.2.0", + "UID": "5d2fdbbb64ef2e87" + }, + "Version": "v2.2.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "Name": "github.com/davecgh/go-spew", + "Identifier": { + "PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "UID": "9b8587fb00d72c21" + }, + "Version": "v1.1.2-0.20180830191138-d8f796af33cc", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/emicklei/go-restful/v3@v3.11.0", + "Name": "github.com/emicklei/go-restful/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/emicklei/go-restful/v3@v3.11.0", + "UID": "38940df4aa2eeb21" + }, + "Version": "v3.11.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/felixge/httpsnoop@v1.0.4", + "Name": "github.com/felixge/httpsnoop", + "Identifier": { + "PURL": "pkg:golang/github.com/felixge/httpsnoop@v1.0.4", + "UID": "59a5279d3fc93906" + }, + "Version": "v1.0.4", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-asn1-ber/asn1-ber@v1.5.5", + "Name": "github.com/go-asn1-ber/asn1-ber", + "Identifier": { + "PURL": "pkg:golang/github.com/go-asn1-ber/asn1-ber@v1.5.5", + "UID": "1c66d29be6521841" + }, + "Version": "v1.5.5", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-ldap/ldap/v3@v3.4.6", + "Name": "github.com/go-ldap/ldap/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/go-ldap/ldap/v3@v3.4.6", + "UID": "1a67ca00ee03fe70" + }, + "Version": "v3.4.6", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/logr@v1.4.1", + "Name": "github.com/go-logr/logr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/logr@v1.4.1", + "UID": "4ac79209f3d263ec" + }, + "Version": "v1.4.1", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/stdr@v1.2.2", + "Name": "github.com/go-logr/stdr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/stdr@v1.2.2", + "UID": "126226392ad6531" + }, + "Version": "v1.2.2", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/zapr@v1.3.0", + "Name": "github.com/go-logr/zapr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/zapr@v1.3.0", + "UID": "acd76a6ad561d639" + }, + "Version": "v1.3.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/jsonpointer@v0.20.2", + "Name": "github.com/go-openapi/jsonpointer", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/jsonpointer@v0.20.2", + "UID": "7cacce3cfde00e9b" + }, + "Version": "v0.20.2", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/jsonreference@v0.20.4", + "Name": "github.com/go-openapi/jsonreference", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/jsonreference@v0.20.4", + "UID": "da8bfa8913c967a2" + }, + "Version": "v0.20.4", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag@v0.22.7", + "Name": "github.com/go-openapi/swag", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag@v0.22.7", + "UID": "9f572ca2ff715721" + }, + "Version": "v0.22.7", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gogo/protobuf@v1.3.2", + "Name": "github.com/gogo/protobuf", + "Identifier": { + "PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2", + "UID": "6817c71c31ffd2f9" + }, + "Version": "v1.3.2", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/protobuf@v1.5.3", + "Name": "github.com/golang/protobuf", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/protobuf@v1.5.3", + "UID": "4313385f167c2037" + }, + "Version": "v1.5.3", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/cel-go@v0.17.7", + "Name": "github.com/google/cel-go", + "Identifier": { + "PURL": "pkg:golang/github.com/google/cel-go@v0.17.7", + "UID": "54e5b84bcee66f3d" + }, + "Version": "v0.17.7", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/gnostic-models@v0.6.8", + "Name": "github.com/google/gnostic-models", + "Identifier": { + "PURL": "pkg:golang/github.com/google/gnostic-models@v0.6.8", + "UID": "c0f959de30597f77" + }, + "Version": "v0.6.8", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/go-cmp@v0.6.0", + "Name": "github.com/google/go-cmp", + "Identifier": { + "PURL": "pkg:golang/github.com/google/go-cmp@v0.6.0", + "UID": "1d7e283f0e50ce1d" + }, + "Version": "v0.6.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/gofuzz@v1.2.0", + "Name": "github.com/google/gofuzz", + "Identifier": { + "PURL": "pkg:golang/github.com/google/gofuzz@v1.2.0", + "UID": "af98cccff2bc45fe" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/uuid@v1.5.0", + "Name": "github.com/google/uuid", + "Identifier": { + "PURL": "pkg:golang/github.com/google/uuid@v1.5.0", + "UID": "3183f6914f8fe2a0" + }, + "Version": "v1.5.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/grpc-ecosystem/grpc-gateway/v2@v2.18.1", + "Name": "github.com/grpc-ecosystem/grpc-gateway/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/grpc-ecosystem/grpc-gateway/v2@v2.18.1", + "UID": "d7a59ccbfd2dab28" + }, + "Version": "v2.18.1", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/imdario/mergo@v0.3.16", + "Name": "github.com/imdario/mergo", + "Identifier": { + "PURL": "pkg:golang/github.com/imdario/mergo@v0.3.16", + "UID": "77b9a7070a5db731" + }, + "Version": "v0.3.16", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/josharian/intern@v1.0.0", + "Name": "github.com/josharian/intern", + "Identifier": { + "PURL": "pkg:golang/github.com/josharian/intern@v1.0.0", + "UID": "5383d64de6d747c9" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/json-iterator/go@v1.1.12", + "Name": "github.com/json-iterator/go", + "Identifier": { + "PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12", + "UID": "87a1fa3a1585f6dd" + }, + "Version": "v1.1.12", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mailru/easyjson@v0.7.7", + "Name": "github.com/mailru/easyjson", + "Identifier": { + "PURL": "pkg:golang/github.com/mailru/easyjson@v0.7.7", + "UID": "94aa2688c0b368f1" + }, + "Version": "v0.7.7", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/matttproud/golang_protobuf_extensions/v2@v2.0.0", + "Name": "github.com/matttproud/golang_protobuf_extensions/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/matttproud/golang_protobuf_extensions/v2@v2.0.0", + "UID": "92283e11717c5295" + }, + "Version": "v2.0.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "Name": "github.com/modern-go/concurrent", + "Identifier": { + "PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "UID": "ea697799b0e0acff" + }, + "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/modern-go/reflect2@v1.0.2", + "Name": "github.com/modern-go/reflect2", + "Identifier": { + "PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.2", + "UID": "85bb678da1fda75f" + }, + "Version": "v1.0.2", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "Name": "github.com/munnerz/goautoneg", + "Identifier": { + "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "UID": "494ed8356a524811" + }, + "Version": "v0.0.0-20191010083416-a7dc8b61c822", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_golang@v1.18.0", + "Name": "github.com/prometheus/client_golang", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.18.0", + "UID": "8ac3037b9227f34" + }, + "Version": "v1.18.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_model@v0.5.0", + "Name": "github.com/prometheus/client_model", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_model@v0.5.0", + "UID": "87452009911882ea" + }, + "Version": "v0.5.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/common@v0.45.0", + "Name": "github.com/prometheus/common", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/common@v0.45.0", + "UID": "703f757fa17ca548" + }, + "Version": "v0.45.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/procfs@v0.12.0", + "Name": "github.com/prometheus/procfs", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/procfs@v0.12.0", + "UID": "6f1595d86220fa66" + }, + "Version": "v0.12.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/cobra@v1.8.0", + "Name": "github.com/spf13/cobra", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/cobra@v1.8.0", + "UID": "ec756b42b7b8410" + }, + "Version": "v1.8.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/pflag@v1.0.5", + "Name": "github.com/spf13/pflag", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.5", + "UID": "93b9595d6b572801" + }, + "Version": "v1.0.5", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/stoewer/go-strcase@v1.3.0", + "Name": "github.com/stoewer/go-strcase", + "Identifier": { + "PURL": "pkg:golang/github.com/stoewer/go-strcase@v1.3.0", + "UID": "9de2666b7373afcd" + }, + "Version": "v1.3.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.46.1", + "Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.46.1", + "UID": "88f66d467c87be0d" + }, + "Version": "v0.46.1", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel@v1.21.0", + "Name": "go.opentelemetry.io/otel", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel@v1.21.0", + "UID": "95fc6f1553a25e79" + }, + "Version": "v1.21.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.21.0", + "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.21.0", + "UID": "44a0c49795328ce0" + }, + "Version": "v1.21.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.21.0", + "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.21.0", + "UID": "a41f1336f0103827" + }, + "Version": "v1.21.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/metric@v1.21.0", + "Name": "go.opentelemetry.io/otel/metric", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/metric@v1.21.0", + "UID": "bb9ce7417a941fb0" + }, + "Version": "v1.21.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/sdk@v1.21.0", + "Name": "go.opentelemetry.io/otel/sdk", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/sdk@v1.21.0", + "UID": "2f4ad0ce2f5f0b0f" + }, + "Version": "v1.21.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/trace@v1.21.0", + "Name": "go.opentelemetry.io/otel/trace", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/trace@v1.21.0", + "UID": "a417461a8880d21c" + }, + "Version": "v1.21.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/proto/otlp@v1.0.0", + "Name": "go.opentelemetry.io/proto/otlp", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/proto/otlp@v1.0.0", + "UID": "37e3209f026b9c2d" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/multierr@v1.11.0", + "Name": "go.uber.org/multierr", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/multierr@v1.11.0", + "UID": "58a5683997ba4bf5" + }, + "Version": "v1.11.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/zap@v1.26.0", + "Name": "go.uber.org/zap", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/zap@v1.26.0", + "UID": "7125050fdac6ff16" + }, + "Version": "v1.26.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/crypto@v0.22.0", + "Name": "golang.org/x/crypto", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.22.0", + "UID": "93378542a2b4094" + }, + "Version": "v0.22.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/exp@v0.0.0-20231226003508-02704c960a9b", + "Name": "golang.org/x/exp", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/exp@v0.0.0-20231226003508-02704c960a9b", + "UID": "c8cac81d76beb2c3" + }, + "Version": "v0.0.0-20231226003508-02704c960a9b", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/net@v0.24.0", + "Name": "golang.org/x/net", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.24.0", + "UID": "9362a8ed9dae9887" + }, + "Version": "v0.24.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/oauth2@v0.15.0", + "Name": "golang.org/x/oauth2", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/oauth2@v0.15.0", + "UID": "9f62332e8c2b70b9" + }, + "Version": "v0.15.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sync@v0.5.0", + "Name": "golang.org/x/sync", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sync@v0.5.0", + "UID": "e72ba0f6763ab680" + }, + "Version": "v0.5.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sys@v0.19.0", + "Name": "golang.org/x/sys", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sys@v0.19.0", + "UID": "c13054532fe44eeb" + }, + "Version": "v0.19.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/term@v0.19.0", + "Name": "golang.org/x/term", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/term@v0.19.0", + "UID": "6c76a496d5480487" + }, + "Version": "v0.19.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/text@v0.14.0", + "Name": "golang.org/x/text", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/text@v0.14.0", + "UID": "634c7c1bc8c4b995" + }, + "Version": "v0.14.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/time@v0.5.0", + "Name": "golang.org/x/time", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/time@v0.5.0", + "UID": "133d1a35b9d9ecc1" + }, + "Version": "v0.5.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gomodules.xyz/jsonpatch/v2@v2.4.0", + "Name": "gomodules.xyz/jsonpatch/v2", + "Identifier": { + "PURL": "pkg:golang/gomodules.xyz/jsonpatch/v2@v2.4.0", + "UID": "59d03678c6c49707" + }, + "Version": "v2.4.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/genproto/googleapis/api@v0.0.0-20240102182953-50ed04b92917", + "Name": "google.golang.org/genproto/googleapis/api", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/genproto/googleapis/api@v0.0.0-20240102182953-50ed04b92917", + "UID": "d381e18d8608e162" + }, + "Version": "v0.0.0-20240102182953-50ed04b92917", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/genproto/googleapis/rpc@v0.0.0-20240102182953-50ed04b92917", + "Name": "google.golang.org/genproto/googleapis/rpc", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/genproto/googleapis/rpc@v0.0.0-20240102182953-50ed04b92917", + "UID": "d5d724c8c01ddb0e" + }, + "Version": "v0.0.0-20240102182953-50ed04b92917", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/grpc@v1.60.1", + "Name": "google.golang.org/grpc", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/grpc@v1.60.1", + "UID": "805fa757f72f9d63" + }, + "Version": "v1.60.1", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/protobuf@v1.33.0", + "Name": "google.golang.org/protobuf", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/protobuf@v1.33.0", + "UID": "695df51d1af7fab" + }, + "Version": "v1.33.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/inf.v0@v0.9.1", + "Name": "gopkg.in/inf.v0", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/inf.v0@v0.9.1", + "UID": "f475afea338db10f" + }, + "Version": "v0.9.1", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v2@v2.4.0", + "Name": "gopkg.in/yaml.v2", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", + "UID": "40457f45117de255" + }, + "Version": "v2.4.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v3@v3.0.1", + "Name": "gopkg.in/yaml.v3", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", + "UID": "e16b4023db5ca8d5" + }, + "Version": "v3.0.1", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/api@v0.29.0", + "Name": "k8s.io/api", + "Identifier": { + "PURL": "pkg:golang/k8s.io/api@v0.29.0", + "UID": "e757f88ef2f669e4" + }, + "Version": "v0.29.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/apiextensions-apiserver@v0.29.0", + "Name": "k8s.io/apiextensions-apiserver", + "Identifier": { + "PURL": "pkg:golang/k8s.io/apiextensions-apiserver@v0.29.0", + "UID": "d39506b13caa5f30" + }, + "Version": "v0.29.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/apimachinery@v0.29.0", + "Name": "k8s.io/apimachinery", + "Identifier": { + "PURL": "pkg:golang/k8s.io/apimachinery@v0.29.0", + "UID": "6ac9987275c1f6a0" + }, + "Version": "v0.29.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/apiserver@v0.29.0", + "Name": "k8s.io/apiserver", + "Identifier": { + "PURL": "pkg:golang/k8s.io/apiserver@v0.29.0", + "UID": "2028a82b40caaf4f" + }, + "Version": "v0.29.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/client-go@v0.29.0", + "Name": "k8s.io/client-go", + "Identifier": { + "PURL": "pkg:golang/k8s.io/client-go@v0.29.0", + "UID": "57aea639087c47ba" + }, + "Version": "v0.29.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/component-base@v0.29.0", + "Name": "k8s.io/component-base", + "Identifier": { + "PURL": "pkg:golang/k8s.io/component-base@v0.29.0", + "UID": "33c98f512e5d35b6" + }, + "Version": "v0.29.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/klog/v2@v2.110.1", + "Name": "k8s.io/klog/v2", + "Identifier": { + "PURL": "pkg:golang/k8s.io/klog/v2@v2.110.1", + "UID": "a17560f4578edca7" + }, + "Version": "v2.110.1", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/kube-openapi@v0.0.0-20240103051144-eec4567ac022", + "Name": "k8s.io/kube-openapi", + "Identifier": { + "PURL": "pkg:golang/k8s.io/kube-openapi@v0.0.0-20240103051144-eec4567ac022", + "UID": "e39956b9507404f6" + }, + "Version": "v0.0.0-20240103051144-eec4567ac022", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/utils@v0.0.0-20240102154912-e7106e64919e", + "Name": "k8s.io/utils", + "Identifier": { + "PURL": "pkg:golang/k8s.io/utils@v0.0.0-20240102154912-e7106e64919e", + "UID": "326508c0594eb74e" + }, + "Version": "v0.0.0-20240102154912-e7106e64919e", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/apiserver-network-proxy/konnectivity-client@v0.29.0", + "Name": "sigs.k8s.io/apiserver-network-proxy/konnectivity-client", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/apiserver-network-proxy/konnectivity-client@v0.29.0", + "UID": "4daa3353e04a57b1" + }, + "Version": "v0.29.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/gateway-api@v1.0.0", + "Name": "sigs.k8s.io/gateway-api", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/gateway-api@v1.0.0", + "UID": "a25e569ee346c147" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", + "Name": "sigs.k8s.io/json", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", + "UID": "8bc154ea66ab0abe" + }, + "Version": "v0.0.0-20221116044647-bc3834ca7abd", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/structured-merge-diff/v4@v4.4.1", + "Name": "sigs.k8s.io/structured-merge-diff/v4", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/structured-merge-diff/v4@v4.4.1", + "UID": "98783f21e4d9e0da" + }, + "Version": "v4.4.1", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/yaml@v1.4.0", + "Name": "sigs.k8s.io/yaml", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/yaml@v1.4.0", + "UID": "b906661b6f2834d7" + }, + "Version": "v1.4.0", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2026-32952", + "VendorIDs": [ + "GHSA-pjcq-xvwq-hhpj" + ], + "PkgID": "github.com/Azure/go-ntlmssp@v0.0.0-20221128193559-754e69321358", + "PkgName": "github.com/Azure/go-ntlmssp", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/azure/go-ntlmssp@v0.0.0-20221128193559-754e69321358", + "UID": "46b12919e66d1f4d" + }, + "InstalledVersion": "v0.0.0-20221128193559-754e69321358", + "FixedVersion": "0.1.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32952", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:9c320282db2d420a569c389f7212295a23cbd9d4cbf814ed5fe6cd3b5aa64aac", + "Title": "go-ntlmssp: go-ntlmssp: Denial of Service via malicious NTLM challenge", + "Description": "go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1 patches the issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32952", + "https://github.com/Azure/go-ntlmssp", + "https://github.com/Azure/go-ntlmssp/releases/tag/v0.1.1", + "https://github.com/Azure/go-ntlmssp/security/advisories/GHSA-pjcq-xvwq-hhpj", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32952", + "https://www.cve.org/CVERecord?id=CVE-2026-32952" + ], + "PublishedDate": "2026-04-24T03:16:07.833Z", + "LastModifiedDate": "2026-05-21T18:22:06.247Z" + }, + { + "VulnerabilityID": "CVE-2026-24051", + "VendorIDs": [ + "GHSA-9h8m-3fm2-qjrq" + ], + "PkgID": "go.opentelemetry.io/otel/sdk@v1.21.0", + "PkgName": "go.opentelemetry.io/otel/sdk", + "PkgIdentifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/sdk@v1.21.0", + "UID": "2f4ad0ce2f5f0b0f" + }, + "InstalledVersion": "v1.21.0", + "FixedVersion": "1.40.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24051", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:8ef6f88d6b2f46a832e2d98979541f7812a7d01389fd2393a77fa3287865d821", + "Title": "OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking", + "Description": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking (Untrusted Search Paths) on macOS/Darwin systems. The resource detection code in sdk/resource/host_id.go executes the ioreg system command using a search path. An attacker with the ability to locally modify the PATH environment variable can achieve Arbitrary Code Execution (ACE) within the context of the application. A fix was released with v1.40.0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-426" + ], + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://github.com/open-telemetry/opentelemetry-go", + "https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53", + "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-9h8m-3fm2-qjrq", + "https://nvd.nist.gov/vuln/detail/CVE-2026-24051", + "https://pkg.go.dev/vuln/GO-2026-4394" + ], + "PublishedDate": "2026-02-02T23:16:07.963Z", + "LastModifiedDate": "2026-02-27T20:32:10.693Z" + }, + { + "VulnerabilityID": "CVE-2026-39883", + "VendorIDs": [ + "GHSA-hfvc-g4fc-pqhx" + ], + "PkgID": "go.opentelemetry.io/otel/sdk@v1.21.0", + "PkgName": "go.opentelemetry.io/otel/sdk", + "PkgIdentifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/sdk@v1.21.0", + "UID": "2f4ad0ce2f5f0b0f" + }, + "InstalledVersion": "v1.21.0", + "FixedVersion": "1.43.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39883", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:ee2bd99cd46a171e899d16bed01607b274f0823a0799b822fa31fb4cb8c46890", + "Title": "opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking", + "Description": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This vulnerability is fixed in 1.43.0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-426" + ], + "VendorSeverity": { + "ghsa": 3, + "nvd": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", + "V40Score": 7.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0", + "https://github.com/open-telemetry/opentelemetry-go", + "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-hfvc-g4fc-pqhx", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39883" + ], + "PublishedDate": "2026-04-08T21:17:00.697Z", + "LastModifiedDate": "2026-04-10T21:16:27.12Z" + }, + { + "VulnerabilityID": "CVE-2024-45337", + "VendorIDs": [ + "GHSA-v778-237x-gjrc" + ], + "PkgID": "golang.org/x/crypto@v0.22.0", + "PkgName": "golang.org/x/crypto", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.22.0", + "UID": "93378542a2b4094" + }, + "InstalledVersion": "v0.22.0", + "FixedVersion": "0.31.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45337", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:dfd8734ddda69c16191a86f1f3eacbe57ef8580e0ad42639071d2a8a3932bba1", + "Title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto", + "Description": "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.", + "Severity": "CRITICAL", + "VendorSeverity": { + "amazon": 3, + "azure": 4, + "cbl-mariner": 4, + "ghsa": 4, + "redhat": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", + "V3Score": 8.2 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/12/11/2", + "https://access.redhat.com/security/cve/CVE-2024-45337", + "https://github.com/golang/crypto", + "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909", + "https://go-review.googlesource.com/c/crypto/+/635315/", + "https://go.dev/cl/635315", + "https://go.dev/issue/70779", + "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2024-45337", + "https://pkg.go.dev/vuln/GO-2024-3321", + "https://security.netapp.com/advisory/ntap-20250131-0007", + "https://security.netapp.com/advisory/ntap-20250131-0007/", + "https://ubuntu.com/security/notices/USN-7839-1", + "https://ubuntu.com/security/notices/USN-7839-2", + "https://www.cve.org/CVERecord?id=CVE-2024-45337" + ], + "PublishedDate": "2024-12-12T02:02:07.97Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22869", + "VendorIDs": [ + "GHSA-hcg3-q754-cr77" + ], + "PkgID": "golang.org/x/crypto@v0.22.0", + "PkgName": "golang.org/x/crypto", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.22.0", + "UID": "93378542a2b4094" + }, + "InstalledVersion": "v0.22.0", + "FixedVersion": "0.35.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22869", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:8896d698b612c9bd73b387e0aa0cbba921f4f56bf89bd89772dac44b27654831", + "Title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh", + "Description": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:3833", + "https://access.redhat.com/security/cve/CVE-2025-22869", + "https://bugzilla.redhat.com/2348367", + "https://bugzilla.redhat.com/show_bug.cgi?id=2348367", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869", + "https://errata.almalinux.org/9/ALSA-2025-3833.html", + "https://errata.rockylinux.org/RLSA-2025:7416", + "https://github.com/golang/crypto", + "https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22", + "https://go-review.googlesource.com/c/crypto/+/652135", + "https://go.dev/cl/652135", + "https://go.dev/issue/71931", + "https://linux.oracle.com/cve/CVE-2025-22869.html", + "https://linux.oracle.com/errata/ELSA-2025-7484.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22869", + "https://pkg.go.dev/vuln/GO-2025-3487", + "https://security.netapp.com/advisory/ntap-20250411-0010", + "https://security.netapp.com/advisory/ntap-20250411-0010/", + "https://www.cve.org/CVERecord?id=CVE-2025-22869" + ], + "PublishedDate": "2025-02-26T08:14:24.997Z", + "LastModifiedDate": "2025-05-01T19:28:20.74Z" + }, + { + "VulnerabilityID": "CVE-2025-47914", + "VendorIDs": [ + "GHSA-f6x5-jh6r-wrfv" + ], + "PkgID": "golang.org/x/crypto@v0.22.0", + "PkgName": "golang.org/x/crypto", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.22.0", + "UID": "93378542a2b4094" + }, + "InstalledVersion": "v0.22.0", + "FixedVersion": "0.45.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47914", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:a593ce7ecd469b57c2fda539785f0ba628477a1157624f1693c5cbe79e14f2f6", + "Title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages", + "Description": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "amazon": 2, + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-47914", + "https://go.dev/cl/721960", + "https://go.dev/issue/76364", + "https://go.googlesource.com/crypto", + "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47914", + "https://pkg.go.dev/vuln/GO-2025-4135", + "https://www.cve.org/CVERecord?id=CVE-2025-47914" + ], + "PublishedDate": "2025-11-19T21:15:50.517Z", + "LastModifiedDate": "2025-12-11T19:36:41.373Z" + }, + { + "VulnerabilityID": "CVE-2025-58181", + "VendorIDs": [ + "GHSA-j5w8-q4qc-rx2x" + ], + "PkgID": "golang.org/x/crypto@v0.22.0", + "PkgName": "golang.org/x/crypto", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.22.0", + "UID": "93378542a2b4094" + }, + "InstalledVersion": "v0.22.0", + "FixedVersion": "0.45.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58181", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:a4293a0387990ca5c561593bcc8674c7ace6a587e554d51af98b3f7750fea204", + "Title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication", + "Description": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-58181", + "https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c", + "https://github.com/golang/go/issues/76363", + "https://go.dev/cl/721961", + "https://go.dev/issue/76363", + "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA", + "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA?pli=1", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58181", + "https://pkg.go.dev/vuln/GO-2025-4134", + "https://ubuntu.com/security/notices/USN-7956-1", + "https://www.cve.org/CVERecord?id=CVE-2025-58181" + ], + "PublishedDate": "2025-11-19T21:15:50.85Z", + "LastModifiedDate": "2025-12-11T19:29:24.9Z" + }, + { + "VulnerabilityID": "CVE-2025-22870", + "VendorIDs": [ + "GHSA-qxp5-gwg8-xv66" + ], + "PkgID": "golang.org/x/net@v0.24.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.24.0", + "UID": "9362a8ed9dae9887" + }, + "InstalledVersion": "v0.24.0", + "FixedVersion": "0.36.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:b8580e667d3e648d8605b4b6ff69be47779b86baecd877ac88852112e51a13b1", + "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", + "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-115" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/03/07/2", + "https://access.redhat.com/security/cve/CVE-2025-22870", + "https://github.com/golang/go/issues/71984", + "https://go-review.googlesource.com/q/project:net", + "https://go.dev/cl/654697", + "https://go.dev/issue/71984", + "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", + "https://pkg.go.dev/vuln/GO-2025-3503", + "https://security.netapp.com/advisory/ntap-20250509-0007", + "https://security.netapp.com/advisory/ntap-20250509-0007/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22870" + ], + "PublishedDate": "2025-03-12T19:15:38.31Z", + "LastModifiedDate": "2026-04-16T23:16:32.86Z" + }, + { + "VulnerabilityID": "CVE-2025-22872", + "VendorIDs": [ + "GHSA-vvgc-356p-c3xw" + ], + "PkgID": "golang.org/x/net@v0.24.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.24.0", + "UID": "9362a8ed9dae9887" + }, + "InstalledVersion": "v0.24.0", + "FixedVersion": "0.38.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:1ca32bc86271812d168151f9f31f5f47713fbd9f53645a8327d450f1227a96b2", + "Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net", + "Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", + "V40Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22872", + "https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9", + "https://github.com/advisories/GHSA-vvgc-356p-c3xw", + "https://go.dev/cl/662715", + "https://go.dev/issue/73070", + "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22872", + "https://pkg.go.dev/vuln/GO-2025-3595", + "https://security.netapp.com/advisory/ntap-20250516-0007", + "https://security.netapp.com/advisory/ntap-20250516-0007/", + "https://ubuntu.com/security/notices/USN-8089-1", + "https://ubuntu.com/security/notices/USN-8089-2", + "https://ubuntu.com/security/notices/USN-8089-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22872" + ], + "PublishedDate": "2025-04-16T18:16:04.183Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22868", + "VendorIDs": [ + "GHSA-6v2p-p543-phr9" + ], + "PkgID": "golang.org/x/oauth2@v0.15.0", + "PkgName": "golang.org/x/oauth2", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/oauth2@v0.15.0", + "UID": "9f62332e8c2b70b9" + }, + "InstalledVersion": "v0.15.0", + "FixedVersion": "0.27.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22868", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:388650ad97f4d0c70e434efc757d6ce5e7595a03090af87b1c976f7a6246a67d", + "Title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws", + "Description": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1286" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2347423", + "https://bugzilla.redhat.com/show_bug.cgi?id=2348366", + "https://bugzilla.redhat.com/show_bug.cgi?id=2352914", + "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22868", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27144", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29786", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204", + "https://errata.rockylinux.org/RLSA-2025:7479", + "https://go.dev/cl/652155", + "https://go.dev/issue/71490", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22868", + "https://pkg.go.dev/vuln/GO-2025-3488", + "https://www.cve.org/CVERecord?id=CVE-2025-22868" + ], + "PublishedDate": "2025-02-26T08:14:24.897Z", + "LastModifiedDate": "2025-05-01T19:27:10.43Z" + }, + { + "VulnerabilityID": "CVE-2026-33186", + "VendorIDs": [ + "GHSA-p77j-4mvh-x3m3" + ], + "PkgID": "google.golang.org/grpc@v1.60.1", + "PkgName": "google.golang.org/grpc", + "PkgIdentifier": { + "PURL": "pkg:golang/google.golang.org/grpc@v1.60.1", + "UID": "805fa757f72f9d63" + }, + "InstalledVersion": "v1.60.1", + "FixedVersion": "1.79.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33186", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:abb32c2586c61b9144b54cd5d962733e90c4a97d1ee930d30bccc4389535eb06", + "Title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation", + "Description": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-285" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 4, + "photon": 4, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-33186", + "https://github.com/grpc/grpc-go", + "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33186", + "https://www.cve.org/CVERecord?id=CVE-2026-33186" + ], + "PublishedDate": "2026-03-20T23:16:45.18Z", + "LastModifiedDate": "2026-04-10T20:49:17.737Z" + }, + { + "VulnerabilityID": "CVE-2024-24790", + "VendorIDs": [ + "GO-2024-2887" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.21.11, 1.22.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24790", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:18769fcc5c4b7fbae9e9f0285b5abb0bc8bd68ccc70640ce4ddb13c57834a541", + "Title": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses", + "Description": "The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.", + "Severity": "CRITICAL", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 4, + "nvd": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 6.7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/06/04/1", + "https://access.redhat.com/errata/RHSA-2025:7256", + "https://access.redhat.com/security/cve/CVE-2024-24790", + "https://bugzilla.redhat.com/2237777", + "https://bugzilla.redhat.com/2237778", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2292787", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/2315719", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", + "https://errata.almalinux.org/9/ALSA-2025-7256.html", + "https://errata.rockylinux.org/RLSA-2025:7256", + "https://github.com/golang/go/commit/051bdf3fd12a40307606ff9381138039c5f452f0 (1.21)", + "https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca (1.22)", + "https://github.com/golang/go/issues/67680", + "https://go.dev/cl/590316", + "https://go.dev/issue/67680", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", + "https://linux.oracle.com/cve/CVE-2024-24790.html", + "https://linux.oracle.com/errata/ELSA-2025-7256.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24790", + "https://pkg.go.dev/vuln/GO-2024-2887", + "https://security.netapp.com/advisory/ntap-20240905-0002/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24790" + ], + "PublishedDate": "2024-06-05T16:15:10.56Z", + "LastModifiedDate": "2024-11-21T08:59:42.813Z" + }, + { + "VulnerabilityID": "CVE-2025-68121", + "VendorIDs": [ + "GO-2026-4337" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c56f256e7733c69b7d408510285a4d81572d6f49ebcf1d8fb4a606bf3f754dd8", + "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", + "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 4, + "cbl-mariner": 2, + "nvd": 4, + "oracle-oval": 3, + "photon": 4, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-68121", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://github.com/golang/go/issues/77113", + "https://go.dev/cl/737700", + "https://go.dev/issue/77217", + "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-68121.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", + "https://pkg.go.dev/vuln/GO-2026-4337", + "https://www.cve.org/CVERecord?id=CVE-2025-68121" + ], + "PublishedDate": "2026-02-05T18:16:10.857Z", + "LastModifiedDate": "2026-04-29T14:16:16.17Z" + }, + { + "VulnerabilityID": "CVE-2024-34156", + "VendorIDs": [ + "GO-2024-3106" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.22.7, 1.23.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34156", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4818625fac3b9094f807b21b29aebcfcd0255f60a643bee35a9abe38ecfd98de", + "Title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion", + "Description": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:3773", + "https://access.redhat.com/security/cve/CVE-2024-34156", + "https://bugzilla.redhat.com/2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.almalinux.org/9/ALSA-2025-3773.html", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7)", + "https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1)", + "https://go.dev/cl/611239", + "https://go.dev/issue/69139", + "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", + "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", + "https://linux.oracle.com/cve/CVE-2024-34156.html", + "https://linux.oracle.com/errata/ELSA-2025-3773.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-34156", + "https://pkg.go.dev/vuln/GO-2024-3106", + "https://security.netapp.com/advisory/ntap-20240926-0004/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-34156" + ], + "PublishedDate": "2024-09-06T21:15:12.02Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61726", + "VendorIDs": [ + "GO-2026-4341" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a0febe353d3db101e926c3228a92ab2b69441f985884c3966ed7ceb7729d4866", + "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", + "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 3, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-61726", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://go.dev/cl/736712", + "https://go.dev/issue/77101", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61726.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", + "https://pkg.go.dev/vuln/GO-2026-4341", + "https://www.cve.org/CVERecord?id=CVE-2025-61726" + ], + "PublishedDate": "2026-01-28T20:16:09.713Z", + "LastModifiedDate": "2026-02-06T18:47:34.52Z" + }, + { + "VulnerabilityID": "CVE-2025-61729", + "VendorIDs": [ + "GO-2025-4155" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:528c9bf30c46440e36700520de7f35932c8f74984d4ff7d23806a1675135d4ed", + "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", + "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 1, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3928", + "https://access.redhat.com/security/cve/CVE-2025-61729", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3928.html", + "https://errata.rockylinux.org/RLSA-2026:3928", + "https://go.dev/cl/725920", + "https://go.dev/issue/76445", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://linux.oracle.com/cve/CVE-2025-61729.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", + "https://pkg.go.dev/vuln/GO-2025-4155", + "https://www.cve.org/CVERecord?id=CVE-2025-61729" + ], + "PublishedDate": "2025-12-02T19:15:51.447Z", + "LastModifiedDate": "2025-12-19T18:25:28.283Z" + }, + { + "VulnerabilityID": "CVE-2026-25679", + "VendorIDs": [ + "GO-2026-4601" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:85649ad28de0c072a5fa04c699887957a2e70909c9397b7e763d7b6ca05a904b", + "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", + "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-425" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9044", + "https://access.redhat.com/security/cve/CVE-2026-25679", + "https://bugzilla.redhat.com/2445356", + "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", + "https://errata.almalinux.org/9/ALSA-2026-9044.html", + "https://errata.rockylinux.org/RLSA-2026:8841", + "https://go.dev/cl/752180", + "https://go.dev/issue/77578", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://linux.oracle.com/cve/CVE-2026-25679.html", + "https://linux.oracle.com/errata/ELSA-2026-9044.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", + "https://pkg.go.dev/vuln/GO-2026-4601", + "https://www.cve.org/CVERecord?id=CVE-2026-25679" + ], + "PublishedDate": "2026-03-06T22:16:00.72Z", + "LastModifiedDate": "2026-04-21T14:43:03.8Z" + }, + { + "VulnerabilityID": "CVE-2026-32280", + "VendorIDs": [ + "GO-2026-4947" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:de566d483fda9482d469ed23f0b40e5d933daced1e7be84cc3274e8189a53558", + "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", + "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32280", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/758320", + "https://go.dev/issue/78282", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32280.html", + "https://linux.oracle.com/errata/ELSA-2026-16875.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", + "https://pkg.go.dev/vuln/GO-2026-4947", + "https://www.cve.org/CVERecord?id=CVE-2026-32280" + ], + "PublishedDate": "2026-04-08T02:16:03.247Z", + "LastModifiedDate": "2026-04-16T19:16:42.18Z" + }, + { + "VulnerabilityID": "CVE-2026-32281", + "VendorIDs": [ + "GO-2026-4946" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:728de18f898d692f6736a9b558d23e1a3ef620a37dd99f4dade3a031bee629ac", + "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", + "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32281", + "https://go.dev/cl/758061", + "https://go.dev/issue/78281", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", + "https://pkg.go.dev/vuln/GO-2026-4946", + "https://www.cve.org/CVERecord?id=CVE-2026-32281" + ], + "PublishedDate": "2026-04-08T02:16:03.35Z", + "LastModifiedDate": "2026-04-16T19:15:57.75Z" + }, + { + "VulnerabilityID": "CVE-2026-32283", + "VendorIDs": [ + "GO-2026-4870" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:23cfab8e177207474620e25b4eaeb29122eef8389c3cb1a8fb2e551bab66a446", + "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", + "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32283", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763767", + "https://go.dev/issue/78334", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32283.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", + "https://pkg.go.dev/vuln/GO-2026-4870", + "https://www.cve.org/CVERecord?id=CVE-2026-32283" + ], + "PublishedDate": "2026-04-08T02:16:03.58Z", + "LastModifiedDate": "2026-04-16T19:12:10.54Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ecd2df380a6ceac93db39a1e14e36c212c50e12423ca2c6b232de532f141122b", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2048dc9d88b1d7b3668409c92d2f5f246fe0cd9ebef94b15d9ea1c56806caf26", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:52e07251a62c9fc9487b06596badc9b6b364c14bde7824f14cd746b0bb26987c", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9052c2ab6218164b5e6447667afe5edf93895215ee817926ce22dfc4da33d389", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:312684bc6a7b0d43ce39fc5f5110b9a660ddf890cb321449df790bb39814a45d", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2024-24789", + "VendorIDs": [ + "GO-2024-2888" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.21.11, 1.22.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24789", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:123ac61005d47546c0b3198043741c86af4beea49dff4af284861461c6b44cd7", + "Title": "golang: archive/zip: Incorrect handling of certain ZIP files", + "Description": "The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/06/04/1", + "https://access.redhat.com/errata/RHSA-2024:9115", + "https://access.redhat.com/security/cve/CVE-2024-24789", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2292668", + "https://bugzilla.redhat.com/2292787", + "https://bugzilla.redhat.com/2294000", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144983", + "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", + "https://bugzilla.redhat.com/show_bug.cgi?id=2292668", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4122", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3727", + "https://errata.almalinux.org/9/ALSA-2024-9115.html", + "https://errata.rockylinux.org/RLSA-2024:9102", + "https://github.com/golang/go/commit/c8e40338cf00f3c1d86c8fb23863ad67a4c72bcc (1.21)", + "https://github.com/golang/go/commit/cf501ac0c5fe351a8582d20b43562027927906e7 (1.22)", + "https://github.com/golang/go/issues/66869", + "https://go.dev/cl/585397", + "https://go.dev/issue/66869", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", + "https://linux.oracle.com/cve/CVE-2024-24789.html", + "https://linux.oracle.com/errata/ELSA-2024-9115.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24789", + "https://pkg.go.dev/vuln/GO-2024-2888", + "https://security.netapp.com/advisory/ntap-20250131-0008/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24789" + ], + "PublishedDate": "2024-06-05T16:15:10.47Z", + "LastModifiedDate": "2025-01-31T15:15:12.74Z" + }, + { + "VulnerabilityID": "CVE-2024-24791", + "VendorIDs": [ + "GO-2024-2963" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.21.12, 1.22.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24791", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a150ebd984d1d78bbc6b8d7459b3247bfd1da815da94299799c49f5e65587b33", + "Title": "net/http: Denial of service due to improper 100-continue handling in net/http", + "Description": "The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an \"Expect: 100-continue\" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending \"Expect: 100-continue\" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7256", + "https://access.redhat.com/security/cve/CVE-2024-24791", + "https://bugzilla.redhat.com/2237777", + "https://bugzilla.redhat.com/2237778", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2292787", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/2315719", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", + "https://errata.almalinux.org/9/ALSA-2025-7256.html", + "https://errata.rockylinux.org/RLSA-2025:7256", + "https://go.dev/cl/591255", + "https://go.dev/issue/67555", + "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ", + "https://linux.oracle.com/cve/CVE-2024-24791.html", + "https://linux.oracle.com/errata/ELSA-2025-7256.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24791", + "https://pkg.go.dev/vuln/GO-2024-2963", + "https://security.netapp.com/advisory/ntap-20241004-0004/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24791" + ], + "PublishedDate": "2024-07-02T22:15:04.833Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-34155", + "VendorIDs": [ + "GO-2024-3105" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.22.7, 1.23.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34155", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:531f92d2fec542bf0e5e74a8764ba58b6f6c9ad31cac702b881d6c4cd4796b2c", + "Title": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion", + "Description": "Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:9459", + "https://access.redhat.com/security/cve/CVE-2024-34155", + "https://bugzilla.redhat.com/2310527", + "https://bugzilla.redhat.com/2310528", + "https://bugzilla.redhat.com/2310529", + "https://bugzilla.redhat.com/2315691", + "https://bugzilla.redhat.com/2315887", + "https://bugzilla.redhat.com/2317458", + "https://bugzilla.redhat.com/2317467", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", + "https://errata.almalinux.org/9/ALSA-2024-9459.html", + "https://errata.rockylinux.org/RLSA-2024:8039", + "https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1)", + "https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7)", + "https://go.dev/cl/611238", + "https://go.dev/issue/69138", + "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", + "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", + "https://linux.oracle.com/cve/CVE-2024-34155.html", + "https://linux.oracle.com/errata/ELSA-2024-9459.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-34155", + "https://pkg.go.dev/vuln/GO-2024-3105", + "https://security.netapp.com/advisory/ntap-20240926-0005/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-34155" + ], + "PublishedDate": "2024-09-06T21:15:11.947Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-34158", + "VendorIDs": [ + "GO-2024-3107" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.22.7, 1.23.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34158", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a27f06185b0093198811d55118b387de2309b64ac6c0ee529631e343defdfd44", + "Title": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion", + "Description": "Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7118", + "https://access.redhat.com/security/cve/CVE-2024-34158", + "https://bugzilla.redhat.com/2262921", + "https://bugzilla.redhat.com/2310529", + "https://bugzilla.redhat.com/2315719", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", + "https://errata.almalinux.org/9/ALSA-2025-7118.html", + "https://errata.rockylinux.org/RLSA-2024:8039", + "https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1)", + "https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7)", + "https://go.dev/cl/611240", + "https://go.dev/issue/69141", + "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", + "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", + "https://linux.oracle.com/cve/CVE-2024-34158.html", + "https://linux.oracle.com/errata/ELSA-2025-7118.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-34158", + "https://pkg.go.dev/vuln/GO-2024-3107", + "https://security.netapp.com/advisory/ntap-20241004-0003/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-34158" + ], + "PublishedDate": "2024-09-06T21:15:12.083Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-45336", + "VendorIDs": [ + "GO-2025-3420" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f096cee810a2b1c6e3057cde37e9a4dc43d0fa2c9cf9c26df2094a5c0bcb22fe", + "Title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", + "Description": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:3772", + "https://access.redhat.com/security/cve/CVE-2024-45336", + "https://bugzilla.redhat.com/2341750", + "https://bugzilla.redhat.com/2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.almalinux.org/8/ALSA-2025-3772.html", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/issues/70530", + "https://go.dev/cl/643100", + "https://go.dev/issue/70530", + "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI", + "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", + "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", + "https://linux.oracle.com/cve/CVE-2024-45336.html", + "https://linux.oracle.com/errata/ELSA-2025-7592.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-45336", + "https://pkg.go.dev/vuln/GO-2025-3420", + "https://security.netapp.com/advisory/ntap-20250221-0003/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2024-45336" + ], + "PublishedDate": "2025-01-28T02:15:28.807Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-0913", + "VendorIDs": [ + "GO-2025-3750" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4cb585c9c43f732f6c57876f9acb59ccdab45e3cea81c810cbeef88603b19707", + "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", + "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://go.dev/cl/672396", + "https://go.dev/issue/73702", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", + "https://pkg.go.dev/vuln/GO-2025-3750" + ], + "PublishedDate": "2025-06-11T18:15:24.627Z", + "LastModifiedDate": "2025-08-08T14:53:03.55Z" + }, + { + "VulnerabilityID": "CVE-2025-22866", + "VendorIDs": [ + "GO-2025-3447" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:82059a878f49c67af96a81b534eade7bad1916020763c6b8805dab1f3888d33e", + "Title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", + "Description": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22866", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12)", + "https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6)", + "https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)", + "https://github.com/golang/go/issues/71383", + "https://go.dev/cl/643735", + "https://go.dev/issue/71383", + "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", + "https://linux.oracle.com/cve/CVE-2025-22866.html", + "https://linux.oracle.com/errata/ELSA-2025-7466.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22866", + "https://pkg.go.dev/vuln/GO-2025-3447", + "https://security.netapp.com/advisory/ntap-20250221-0002/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22866" + ], + "PublishedDate": "2025-02-06T17:15:21.41Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22870", + "VendorIDs": [ + "GHSA-qxp5-gwg8-xv66", + "GO-2025-3503" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.23.7, 1.24.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2a9f3b80095293f7f5e29890cb9b9a9fe4a1e677db280f144f24be2ff94f2be9", + "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", + "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-115" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/03/07/2", + "https://access.redhat.com/security/cve/CVE-2025-22870", + "https://github.com/golang/go/issues/71984", + "https://go-review.googlesource.com/q/project:net", + "https://go.dev/cl/654697", + "https://go.dev/issue/71984", + "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", + "https://pkg.go.dev/vuln/GO-2025-3503", + "https://security.netapp.com/advisory/ntap-20250509-0007", + "https://security.netapp.com/advisory/ntap-20250509-0007/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22870" + ], + "PublishedDate": "2025-03-12T19:15:38.31Z", + "LastModifiedDate": "2026-04-16T23:16:32.86Z" + }, + { + "VulnerabilityID": "CVE-2025-22871", + "VendorIDs": [ + "GO-2025-3563" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.23.8, 1.24.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a78fce3cfe606bf829d783f458e4bac7d1e67dfd2ff933f38a2711a5bbf9225c", + "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", + "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 3, + "ghsa": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/04/4", + "https://access.redhat.com/errata/RHSA-2025:9635", + "https://access.redhat.com/security/cve/CVE-2025-22871", + "https://bugzilla.redhat.com/2358493", + "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", + "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", + "https://errata.almalinux.org/9/ALSA-2025-9635.html", + "https://errata.rockylinux.org/RLSA-2025:9635", + "https://github.com/roadrunner-server/roadrunner", + "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", + "https://github.com/roadrunner-server/roadrunner/issues/2166", + "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", + "https://go.dev/cl/652998", + "https://go.dev/issue/71988", + "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", + "https://linux.oracle.com/cve/CVE-2025-22871.html", + "https://linux.oracle.com/errata/ELSA-2025-9845.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", + "https://pkg.go.dev/vuln/GO-2025-3563", + "https://www.cve.org/CVERecord?id=CVE-2025-22871" + ], + "PublishedDate": "2025-04-08T20:15:20.183Z", + "LastModifiedDate": "2026-05-12T13:16:39.897Z" + }, + { + "VulnerabilityID": "CVE-2025-22873", + "VendorIDs": [ + "GO-2026-4403" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.23.9, 1.24.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:df67f60b40065a7bc1857bba01c58101540d517b399a84c50f8f74d6c519cc84", + "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", + "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-23" + ], + "VendorSeverity": { + "amazon": 2, + "bitnami": 1, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "V3Score": 3.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/06/2", + "https://access.redhat.com/security/cve/CVE-2025-22873", + "https://go.dev/cl/670036", + "https://go.dev/issue/73555", + "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", + "https://pkg.go.dev/vuln/GO-2026-4403", + "https://www.cve.org/CVERecord?id=CVE-2025-22873" + ], + "PublishedDate": "2026-02-04T23:15:54.22Z", + "LastModifiedDate": "2026-02-10T15:16:40.057Z" + }, + { + "VulnerabilityID": "CVE-2025-4673", + "VendorIDs": [ + "GO-2025-3751" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1bd0152d6e9dc912457821567b508778c3b869c13c2c3015d5b366ad60a3164f", + "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", + "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:15887", + "https://access.redhat.com/security/cve/CVE-2025-4673", + "https://bugzilla.redhat.com/2373305", + "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", + "https://errata.almalinux.org/9/ALSA-2025-15887.html", + "https://errata.rockylinux.org/RLSA-2025:15887", + "https://go.dev/cl/679257", + "https://go.dev/issue/73816", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://linux.oracle.com/cve/CVE-2025-4673.html", + "https://linux.oracle.com/errata/ELSA-2025-10677.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", + "https://pkg.go.dev/vuln/GO-2025-3751", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-4673" + ], + "PublishedDate": "2025-06-11T17:15:42.993Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-47906", + "VendorIDs": [ + "GO-2025-3956" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ccd0b8f2b76067503c3819ee16bbb7bbef1d2bed71e57cffa44d3f106a8f34cb", + "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", + "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:22005", + "https://access.redhat.com/security/cve/CVE-2025-47906", + "https://bugzilla.redhat.com/2396546", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", + "https://errata.almalinux.org/9/ALSA-2025-22005.html", + "https://errata.rockylinux.org/RLSA-2025:22005", + "https://go.dev/cl/691775", + "https://go.dev/issue/74466", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47906.html", + "https://linux.oracle.com/errata/ELSA-2025-22668.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", + "https://pkg.go.dev/vuln/GO-2025-3956", + "https://www.cve.org/CVERecord?id=CVE-2025-47906" + ], + "PublishedDate": "2025-09-18T19:15:37.66Z", + "LastModifiedDate": "2026-01-27T19:56:17.707Z" + }, + { + "VulnerabilityID": "CVE-2025-47907", + "VendorIDs": [ + "GO-2025-3849" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:939136e02a8eafc8b2e14122927da9590b9beb1875642fba172e4040be5d9caf", + "Title": "database/sql: Postgres Scan Race Condition", + "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:20909", + "https://access.redhat.com/security/cve/CVE-2025-47907", + "https://bugzilla.redhat.com/2387083", + "https://bugzilla.redhat.com/2393152", + "https://errata.almalinux.org/9/ALSA-2025-20909.html", + "https://go.dev/cl/693735", + "https://go.dev/issue/74831", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47907.html", + "https://linux.oracle.com/errata/ELSA-2025-20983.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", + "https://pkg.go.dev/vuln/GO-2025-3849", + "https://www.cve.org/CVERecord?id=CVE-2025-47907" + ], + "PublishedDate": "2025-08-07T16:15:30.357Z", + "LastModifiedDate": "2026-01-29T19:11:50.67Z" + }, + { + "VulnerabilityID": "CVE-2025-47912", + "VendorIDs": [ + "GO-2025-4010" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b9980f2dcaadbab5ff6dffef56db4613cc0648fa7d648ebd8f7f2138fcfa8d7c", + "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", + "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-47912", + "https://go.dev/cl/709857", + "https://go.dev/issue/75678", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", + "https://pkg.go.dev/vuln/GO-2025-4010", + "https://www.cve.org/CVERecord?id=CVE-2025-47912" + ], + "PublishedDate": "2025-10-29T23:16:18.187Z", + "LastModifiedDate": "2026-01-29T13:57:18.69Z" + }, + { + "VulnerabilityID": "CVE-2025-58183", + "VendorIDs": [ + "GO-2025-4014" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b72f8b5499d583f730d210a7c7f943bc054aa75d905324dfc921836105791e41", + "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", + "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/errata/RHSA-2026:1381", + "https://access.redhat.com/security/cve/CVE-2025-58183", + "https://bugzilla.redhat.com/2407258", + "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", + "https://errata.almalinux.org/9/ALSA-2026-1381.html", + "https://errata.rockylinux.org/RLSA-2025:23326", + "https://go.dev/cl/709861", + "https://go.dev/issue/75677", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://linux.oracle.com/cve/CVE-2025-58183.html", + "https://linux.oracle.com/errata/ELSA-2026-50076.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", + "https://pkg.go.dev/vuln/GO-2025-4014", + "https://www.cve.org/CVERecord?id=CVE-2025-58183" + ], + "PublishedDate": "2025-10-29T23:16:19.357Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-58185", + "VendorIDs": [ + "GO-2025-4011" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:666412277f40f9eea36e2fe4ebba27552d90ef4d3ee0c0ad1b7ea3b9f99c44ac", + "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", + "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58185", + "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", + "https://go.dev/cl/709856", + "https://go.dev/issue/75671", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", + "https://pkg.go.dev/vuln/GO-2025-4011", + "https://www.cve.org/CVERecord?id=CVE-2025-58185" + ], + "PublishedDate": "2025-10-29T23:16:19.45Z", + "LastModifiedDate": "2026-02-06T20:26:41.997Z" + }, + { + "VulnerabilityID": "CVE-2025-58187", + "VendorIDs": [ + "GO-2025-4007" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.9, 1.25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:58fdcd9740b6b5dd930d13366f814a859f11577bb32d9e30f346874146022d38", + "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", + "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58187", + "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", + "https://go.dev/cl/709854", + "https://go.dev/issue/75681", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", + "https://pkg.go.dev/vuln/GO-2025-4007", + "https://www.cve.org/CVERecord?id=CVE-2025-58187" + ], + "PublishedDate": "2025-10-29T23:16:19.643Z", + "LastModifiedDate": "2026-01-29T16:02:27.08Z" + }, + { + "VulnerabilityID": "CVE-2025-58188", + "VendorIDs": [ + "GO-2025-4013" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:69ef62013f74b1a4d9db03a2ba5981abc7d888fab1d47c6339382b13448c0701", + "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", + "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58188", + "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", + "https://go.dev/cl/709853", + "https://go.dev/issue/75675", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", + "https://pkg.go.dev/vuln/GO-2025-4013", + "https://www.cve.org/CVERecord?id=CVE-2025-58188" + ], + "PublishedDate": "2025-10-29T23:16:19.74Z", + "LastModifiedDate": "2026-01-29T15:55:11.97Z" + }, + { + "VulnerabilityID": "CVE-2025-58189", + "VendorIDs": [ + "GO-2025-4008" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1e2b601f5efca5d4208d7a279a8e3a79a1e8d36994ddf31c62d41928f9f3c16b", + "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", + "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-532" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58189", + "https://go.dev/cl/707776", + "https://go.dev/issue/75652", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", + "https://pkg.go.dev/vuln/GO-2025-4008", + "https://www.cve.org/CVERecord?id=CVE-2025-58189" + ], + "PublishedDate": "2025-10-29T23:16:19.833Z", + "LastModifiedDate": "2026-01-29T15:49:24.543Z" + }, + { + "VulnerabilityID": "CVE-2025-61723", + "VendorIDs": [ + "GO-2025-4009" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:cc09a407862fcd7c0eb4ab15201bac652ac312713de22f4a6ba1626c39ac3cc7", + "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", + "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61723", + "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", + "https://go.dev/cl/709858", + "https://go.dev/issue/75676", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", + "https://pkg.go.dev/vuln/GO-2025-4009", + "https://www.cve.org/CVERecord?id=CVE-2025-61723" + ], + "PublishedDate": "2025-10-29T23:16:19.927Z", + "LastModifiedDate": "2026-01-29T15:49:05.343Z" + }, + { + "VulnerabilityID": "CVE-2025-61724", + "VendorIDs": [ + "GO-2025-4015" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bbaf1b575bb88275362736ba854da89d854113584c86b185df2673e822ff6dba", + "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", + "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61724", + "https://go.dev/cl/709859", + "https://go.dev/issue/75716", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", + "https://pkg.go.dev/vuln/GO-2025-4015", + "https://www.cve.org/CVERecord?id=CVE-2025-61724" + ], + "PublishedDate": "2025-10-29T23:16:20.02Z", + "LastModifiedDate": "2026-01-29T15:30:53.69Z" + }, + { + "VulnerabilityID": "CVE-2025-61725", + "VendorIDs": [ + "GO-2025-4006" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:319f867f86ed4c53771a04500db20918ac2ffa5c40187f4158dea2d6590eaf80", + "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", + "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61725", + "https://go.dev/cl/709860", + "https://go.dev/issue/75680", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", + "https://pkg.go.dev/vuln/GO-2025-4006", + "https://www.cve.org/CVERecord?id=CVE-2025-61725" + ], + "PublishedDate": "2025-10-29T23:16:20.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61727", + "VendorIDs": [ + "GO-2025-4175" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3e27847b787860b878bc29539d7a225cc1a3f349fffc1613641d3713a97e0730", + "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", + "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61727", + "https://go.dev/cl/723900", + "https://go.dev/issue/76442", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", + "https://pkg.go.dev/vuln/GO-2025-4175", + "https://www.cve.org/CVERecord?id=CVE-2025-61727" + ], + "PublishedDate": "2025-12-03T20:16:25.607Z", + "LastModifiedDate": "2025-12-18T20:15:10.957Z" + }, + { + "VulnerabilityID": "CVE-2025-61728", + "VendorIDs": [ + "GO-2026-4342" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ab12694f823e5cf7c370f44f428cff3c79f391d3bc08dd1ddabb699dbb21a462", + "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", + "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/15/4", + "https://access.redhat.com/errata/RHSA-2026:3753", + "https://access.redhat.com/security/cve/CVE-2025-61728", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434431", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3753.html", + "https://errata.rockylinux.org/RLSA-2026:3337", + "https://go.dev/cl/736713", + "https://go.dev/issue/77102", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61728.html", + "https://linux.oracle.com/errata/ELSA-2026-4672.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", + "https://pkg.go.dev/vuln/GO-2026-4342", + "https://www.cve.org/CVERecord?id=CVE-2025-61728" + ], + "PublishedDate": "2026-01-28T20:16:09.83Z", + "LastModifiedDate": "2026-02-06T18:45:10.42Z" + }, + { + "VulnerabilityID": "CVE-2025-61730", + "VendorIDs": [ + "GO-2026-4340" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7e0a41fe4ac50376d020dfe364092a639ad0c0d173497623133b49eb584f0029", + "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", + "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "bitnami": 2, + "cbl-mariner": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61730", + "https://go.dev/cl/724120", + "https://go.dev/issue/76443", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", + "https://pkg.go.dev/vuln/GO-2026-4340", + "https://www.cve.org/CVERecord?id=CVE-2025-61730" + ], + "PublishedDate": "2026-01-28T20:16:09.94Z", + "LastModifiedDate": "2026-02-03T20:36:41.3Z" + }, + { + "VulnerabilityID": "CVE-2026-27142", + "VendorIDs": [ + "GO-2026-4603" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ced173f1d9b27922fae13e85fb7dd4368b5842416de9449208842173c7780771", + "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", + "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27142", + "https://go.dev/cl/752081", + "https://go.dev/issue/77954", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", + "https://pkg.go.dev/vuln/GO-2026-4603", + "https://www.cve.org/CVERecord?id=CVE-2026-27142" + ], + "PublishedDate": "2026-03-06T22:16:01.177Z", + "LastModifiedDate": "2026-04-21T14:30:01.38Z" + }, + { + "VulnerabilityID": "CVE-2026-32282", + "VendorIDs": [ + "GO-2026-4864" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b34a58d33f470419bfd68eb9aa9ba687659735039cbb014d2bbcbf5588d10102", + "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", + "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32282", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763761", + "https://go.dev/issue/78293", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32282.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", + "https://pkg.go.dev/vuln/GO-2026-4864", + "https://www.cve.org/CVERecord?id=CVE-2026-32282" + ], + "PublishedDate": "2026-04-08T02:16:03.467Z", + "LastModifiedDate": "2026-04-16T19:15:39.4Z" + }, + { + "VulnerabilityID": "CVE-2026-32288", + "VendorIDs": [ + "GO-2026-4869" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:0eec42a927b7ca036f3653c022f0a86fac684a0dcd2205c331b8d03fbf4f2577", + "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", + "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32288", + "https://go.dev/cl/763766", + "https://go.dev/issue/78301", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", + "https://pkg.go.dev/vuln/GO-2026-4869", + "https://www.cve.org/CVERecord?id=CVE-2026-32288" + ], + "PublishedDate": "2026-04-08T02:16:03.707Z", + "LastModifiedDate": "2026-04-16T19:08:52.24Z" + }, + { + "VulnerabilityID": "CVE-2026-32289", + "VendorIDs": [ + "GO-2026-4865" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:0b26551f57bf9d6dba2502bbe0e7e399427bef6c649cf5febb9e8e0cb84652ef", + "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", + "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32289", + "https://go.dev/cl/763762", + "https://go.dev/issue/78331", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", + "https://pkg.go.dev/vuln/GO-2026-4865", + "https://www.cve.org/CVERecord?id=CVE-2026-32289" + ], + "PublishedDate": "2026-04-08T02:16:03.82Z", + "LastModifiedDate": "2026-04-16T19:06:57.367Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3c69f23b30799f71a4e3d797691e2d9c579b30bc1fb47133470171104800f798", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e9f7f7128be0efda429e3c393ab9264967a425cc14aec234545d6be2e31ce7b9", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.21.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.9", + "UID": "d50878e2b1eec03c" + }, + "InstalledVersion": "v1.21.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", + "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6be76a7ae8bb0732a2b3cd82c055721b66841df79ce0df81753a19b2a71b28ed", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + } + ] + }, + { + "Namespace": "gitea", + "Kind": "Deployment", + "Name": "gitea-app", + "Metadata": [ + { + "Size": 171248640, + "OS": { + "Family": "alpine", + "Name": "3.22.3" + }, + "ImageID": "sha256:476b83ba1f90ded1b192380f9829cd1e8d4f9f598c106a9c4bab227f7b6c514d", + "DiffIDs": [ + "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987", + "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808", + "sha256:b7a7b0163293e904ca5e7bd4f54f2781f76caeb9491443f8004f5d97ef7966f8", + "sha256:f7c3af9faa206d117caf130dcfc6e6da110a28a3fd6e7c312b129221b4bbe45e", + "sha256:74c27b3d18269e3a9d528d266687e466819ce89978ff05df70c6e87a91654f35", + "sha256:aa13c4c29cb82195e3b16195db4207ca1deb4ccbf379df709325c8d38a458714", + "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f", + "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0", + "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" + ], + "RepoTags": [ + "gitea/gitea:1.25-rootless" + ], + "RepoDigests": [ + "gitea/gitea@sha256:be0b89adf2fc8657df508303d919c3be33e6413605882919f702177d62960c9a" + ], + "Reference": "gitea/gitea:1.25-rootless", + "ImageConfig": { + "architecture": "amd64", + "created": "2026-03-13T02:05:03.204367046Z", + "history": [ + { + "created": "2026-01-28T01:18:40.620234319Z", + "created_by": "ADD alpine-minirootfs-3.22.3-x86_64.tar.gz / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-01-28T01:18:40.620234319Z", + "created_by": "CMD [\"/bin/sh\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-03-13T01:50:44.591432219Z", + "created_by": "LABEL maintainer=maintainers@gitea.io", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-03-13T01:50:44.591432219Z", + "created_by": "EXPOSE [2222/tcp 3000/tcp]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-03-13T01:50:44.591432219Z", + "created_by": "RUN /bin/sh -c apk --no-cache add bash ca-certificates dumb-init gettext git curl gnupg openssh-keygen \u0026\u0026 rm -rf /var/cache/apk/* # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-03-13T01:50:45.596842761Z", + "created_by": "RUN /bin/sh -c addgroup -S -g 1000 git \u0026\u0026 adduser -S -H -D -h /var/lib/gitea/git -s /bin/bash -u 1000 -G git git # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-03-13T01:50:45.816497055Z", + "created_by": "RUN /bin/sh -c mkdir -p /var/lib/gitea /etc/gitea # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-03-13T01:50:46.233554216Z", + "created_by": "RUN /bin/sh -c chown git:git /var/lib/gitea /etc/gitea # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-03-13T02:05:03.107243602Z", + "created_by": "COPY /tmp/local / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-03-13T02:05:03.180061895Z", + "created_by": "COPY --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-03-13T02:05:03.197596547Z", + "created_by": "COPY --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-03-13T02:05:03.197596547Z", + "created_by": "USER 1000:1000", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-03-13T02:05:03.197596547Z", + "created_by": "ENV GITEA_WORK_DIR=/var/lib/gitea", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-03-13T02:05:03.197596547Z", + "created_by": "ENV GITEA_CUSTOM=/var/lib/gitea/custom", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-03-13T02:05:03.197596547Z", + "created_by": "ENV GITEA_TEMP=/tmp/gitea", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-03-13T02:05:03.197596547Z", + "created_by": "ENV TMPDIR=/tmp/gitea", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-03-13T02:05:03.197596547Z", + "created_by": "ENV GITEA_APP_INI=/etc/gitea/app.ini", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-03-13T02:05:03.197596547Z", + "created_by": "ENV HOME=/var/lib/gitea/git", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-03-13T02:05:03.197596547Z", + "created_by": "VOLUME [/var/lib/gitea /etc/gitea]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-03-13T02:05:03.204367046Z", + "created_by": "WORKDIR /var/lib/gitea", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-03-13T02:05:03.204367046Z", + "created_by": "ENTRYPOINT [\"/usr/bin/dumb-init\" \"--\" \"/usr/local/bin/docker-entrypoint.sh\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-03-13T02:05:03.204367046Z", + "created_by": "CMD []", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987", + "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808", + "sha256:b7a7b0163293e904ca5e7bd4f54f2781f76caeb9491443f8004f5d97ef7966f8", + "sha256:f7c3af9faa206d117caf130dcfc6e6da110a28a3fd6e7c312b129221b4bbe45e", + "sha256:74c27b3d18269e3a9d528d266687e466819ce89978ff05df70c6e87a91654f35", + "sha256:aa13c4c29cb82195e3b16195db4207ca1deb4ccbf379df709325c8d38a458714", + "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f", + "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0", + "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" + ] + }, + "config": { + "Entrypoint": [ + "/usr/bin/dumb-init", + "--", + "/usr/local/bin/docker-entrypoint.sh" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "GITEA_WORK_DIR=/var/lib/gitea", + "GITEA_CUSTOM=/var/lib/gitea/custom", + "GITEA_TEMP=/tmp/gitea", + "TMPDIR=/tmp/gitea", + "GITEA_APP_INI=/etc/gitea/app.ini", + "HOME=/var/lib/gitea/git" + ], + "Labels": { + "maintainer": "maintainers@gitea.io", + "org.opencontainers.image.created": "2026-03-13T01:50:36.229Z", + "org.opencontainers.image.description": "Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD", + "org.opencontainers.image.licenses": "MIT", + "org.opencontainers.image.revision": "f913d90ab664c1deccdfbe8c563abb13e897d62b", + "org.opencontainers.image.source": "https://github.com/go-gitea/gitea", + "org.opencontainers.image.title": "gitea", + "org.opencontainers.image.url": "https://github.com/go-gitea/gitea", + "org.opencontainers.image.version": "1.25.5-rootless" + }, + "User": "1000:1000", + "Volumes": { + "/etc/gitea": {}, + "/var/lib/gitea": {} + }, + "WorkingDir": "/var/lib/gitea", + "ExposedPorts": { + "2222/tcp": {}, + "3000/tcp": {} + }, + "ArgsEscaped": true + } + }, + "Layers": [ + { + "Size": 8607232, + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + { + "Size": 35396608, + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + { + "Size": 9728, + "Digest": "sha256:026cb0df68c6b584098e008de6e94e5122693f511724ffcc6b1e06665f5a49ce", + "DiffID": "sha256:b7a7b0163293e904ca5e7bd4f54f2781f76caeb9491443f8004f5d97ef7966f8" + }, + { + "Size": 3584, + "Digest": "sha256:17bb4f92cc3a79943bfc0c1eac46331bbbcbf4417d93b445fc7e70b4fc1621ca", + "DiffID": "sha256:f7c3af9faa206d117caf130dcfc6e6da110a28a3fd6e7c312b129221b4bbe45e" + }, + { + "Size": 3584, + "Digest": "sha256:b4b6cbff235b6e2b885766e99571600723ebdf71d08a1dae6eedf9f5a0e24eb7", + "DiffID": "sha256:74c27b3d18269e3a9d528d266687e466819ce89978ff05df70c6e87a91654f35" + }, + { + "Size": 10752, + "Digest": "sha256:0b839ac7942e18ba2e486eb7eb68f175a105f5032975152e974e6067480cfee8", + "DiffID": "sha256:aa13c4c29cb82195e3b16195db4207ca1deb4ccbf379df709325c8d38a458714" + }, + { + "Size": 114008576, + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + { + "Size": 13207552, + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + { + "Size": 1024, + "Digest": "sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1", + "DiffID": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" + } + ] + } + ], + "Results": [ + { + "Target": "gitea/gitea:1.25-rootless (alpine 3.22.3)", + "Class": "os-pkgs", + "Type": "alpine", + "Packages": [ + { + "ID": "alpine-baselayout@3.7.0-r0", + "Name": "alpine-baselayout", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout@3.7.0-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "5d7e59cb3cf460c9" + }, + "Version": "3.7.0-r0", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.7.0-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-baselayout-data@3.7.0-r0", + "busybox-binsh@1.37.0-r20" + ], + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "Digest": "sha1:29f99748eea1ffe01f70b34024dc45c46d211f8d", + "InstalledFiles": [ + "etc/motd", + "etc/crontabs/root", + "etc/modprobe.d/aliases.conf", + "etc/modprobe.d/blacklist.conf", + "etc/modprobe.d/i386.conf", + "etc/profile.d/20locale.sh", + "etc/profile.d/README", + "etc/profile.d/color_prompt.sh.disabled", + "usr/lib/sysctl.d/00-alpine.conf", + "var/lock", + "var/run", + "var/spool/mail", + "var/spool/cron/crontabs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-baselayout-data@3.7.0-r0", + "Name": "alpine-baselayout-data", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.7.0-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "ab78613e89e34197" + }, + "Version": "3.7.0-r0", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.7.0-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "Digest": "sha1:73f5ef65f8333a1784102df973c076d5a7d5b5fe", + "InstalledFiles": [ + "etc/fstab", + "etc/group", + "etc/hostname", + "etc/hosts", + "etc/inittab", + "etc/modules", + "etc/mtab", + "etc/nsswitch.conf", + "etc/passwd", + "etc/profile", + "etc/protocols", + "etc/services", + "etc/shadow", + "etc/shells", + "etc/sysctl.conf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-keys@2.5-r0", + "Name": "alpine-keys", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-keys@2.5-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "82fba6933d3c7e01" + }, + "Version": "2.5-r0", + "Arch": "x86_64", + "SrcName": "alpine-keys", + "SrcVersion": "2.5-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "Digest": "sha1:b175e48144ebad03d6ba11d45b25aafc2de310c1", + "InstalledFiles": [ + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/loongarch64/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", + "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-release@3.22.3-r0", + "Name": "alpine-release", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-release@3.22.3-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "558236c4b75545a0" + }, + "Version": "3.22.3-r0", + "Arch": "x86_64", + "SrcName": "alpine-base", + "SrcVersion": "3.22.3-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-keys@2.5-r0" + ], + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "Digest": "sha1:4e3e3b4ce2653fc796f9608418f31687e6296a7b", + "InstalledFiles": [ + "etc/alpine-release", + "etc/issue", + "etc/os-release", + "etc/secfixes.d/alpine", + "usr/lib/os-release" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "apk-tools@2.14.9-r3", + "Name": "apk-tools", + "Identifier": { + "PURL": "pkg:apk/alpine/apk-tools@2.14.9-r3?arch=x86_64\u0026distro=3.22.3", + "UID": "8806c59682a9c33b" + }, + "Version": "2.14.9-r3", + "Arch": "x86_64", + "SrcName": "apk-tools", + "SrcVersion": "2.14.9-r3", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "ca-certificates-bundle@20250911-r0", + "libapk2@2.14.9-r3", + "libcrypto3@3.5.5-r0", + "musl@1.2.5-r10", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "Digest": "sha1:992f5e39b0d45f326c9ed2e9b1fe737809c23ed9", + "InstalledFiles": [ + "sbin/apk" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "bash@5.2.37-r0", + "Name": "bash", + "Identifier": { + "PURL": "pkg:apk/alpine/bash@5.2.37-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "e34f62a2b52d4560" + }, + "Version": "5.2.37-r0", + "Arch": "x86_64", + "SrcName": "bash", + "SrcVersion": "5.2.37-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r20", + "musl@1.2.5-r10", + "readline@8.2.13-r1" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:e2e7691628b43701a0fe7228b8d986a7aeb58aa9", + "InstalledFiles": [ + "bin/bash", + "etc/bash/bashrc", + "etc/profile.d/00-bashrc.sh", + "usr/lib/bash/accept", + "usr/lib/bash/basename", + "usr/lib/bash/csv", + "usr/lib/bash/cut", + "usr/lib/bash/dirname", + "usr/lib/bash/dsv", + "usr/lib/bash/fdflags", + "usr/lib/bash/finfo", + "usr/lib/bash/getconf", + "usr/lib/bash/head", + "usr/lib/bash/id", + "usr/lib/bash/ln", + "usr/lib/bash/logname", + "usr/lib/bash/mkdir", + "usr/lib/bash/mkfifo", + "usr/lib/bash/mktemp", + "usr/lib/bash/mypid", + "usr/lib/bash/pathchk", + "usr/lib/bash/print", + "usr/lib/bash/printenv", + "usr/lib/bash/push", + "usr/lib/bash/realpath", + "usr/lib/bash/rm", + "usr/lib/bash/rmdir", + "usr/lib/bash/seq", + "usr/lib/bash/setpgid", + "usr/lib/bash/sleep", + "usr/lib/bash/stat", + "usr/lib/bash/strftime", + "usr/lib/bash/sync", + "usr/lib/bash/tee", + "usr/lib/bash/truefalse", + "usr/lib/bash/tty", + "usr/lib/bash/uname", + "usr/lib/bash/unlink", + "usr/lib/bash/whoami" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "brotli-libs@1.1.0-r2", + "Name": "brotli-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/brotli-libs@1.1.0-r2?arch=x86_64\u0026distro=3.22.3", + "UID": "da69ac3787a8a478" + }, + "Version": "1.1.0-r2", + "Arch": "x86_64", + "SrcName": "brotli", + "SrcVersion": "1.1.0-r2", + "Licenses": [ + "MIT" + ], + "Maintainer": "prspkt \u003cprspkt@protonmail.com\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:889fa02c5f7cdd90283ce2b68959e9c44e5dfbf2", + "InstalledFiles": [ + "usr/lib/libbrotlicommon.so.1", + "usr/lib/libbrotlicommon.so.1.1.0", + "usr/lib/libbrotlidec.so.1", + "usr/lib/libbrotlidec.so.1.1.0", + "usr/lib/libbrotlienc.so.1", + "usr/lib/libbrotlienc.so.1.1.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox@1.37.0-r20", + "Name": "busybox", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox@1.37.0-r20?arch=x86_64\u0026distro=3.22.3", + "UID": "329f63ee83a55d44" + }, + "Version": "1.37.0-r20", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r20", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "Digest": "sha1:3e9d75288280b3c492e91f30e126c2400d1701b3", + "InstalledFiles": [ + "bin/busybox", + "etc/securetty", + "etc/busybox-paths.d/busybox", + "etc/logrotate.d/acpid", + "etc/network/if-up.d/dad", + "etc/udhcpc/udhcpc.conf", + "usr/share/udhcpc/default.script" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox-binsh@1.37.0-r20", + "Name": "busybox-binsh", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r20?arch=x86_64\u0026distro=3.22.3", + "UID": "82cca645a20a4c54" + }, + "Version": "1.37.0-r20", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r20", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "busybox@1.37.0-r20" + ], + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "Digest": "sha1:acd495b3054831a7a33137aa5a2ba6193a08a2d2", + "InstalledFiles": [ + "bin/sh" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "c-ares@1.34.6-r0", + "Name": "c-ares", + "Identifier": { + "PURL": "pkg:apk/alpine/c-ares@1.34.6-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "ddba0e5c7c762900" + }, + "Version": "1.34.6-r0", + "Arch": "x86_64", + "SrcName": "c-ares", + "SrcVersion": "1.34.6-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:157fc2522aff3f3f0faa2cb3d16ac9aff8b8ed9a", + "InstalledFiles": [ + "usr/lib/libcares.so.2", + "usr/lib/libcares.so.2.19.5" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates@20250911-r0", + "Name": "ca-certificates", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates@20250911-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "ad809ce3b6df4e46" + }, + "Version": "20250911-r0", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20250911-r0", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r20", + "libcrypto3@3.5.5-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:04905c8ed0de23926e7f151791fb17503e6ebf16", + "InstalledFiles": [ + "etc/ca-certificates.conf", + "etc/apk/protected_paths.d/ca-certificates.list", + "etc/ca-certificates/update.d/certhash", + "usr/bin/c_rehash", + "usr/sbin/update-ca-certificates", + "usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", + "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", + "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", + "usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", + "usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", + "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", + "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", + "usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", + "usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", + "usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", + "usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", + "usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", + "usr/share/ca-certificates/mozilla/Certigna.crt", + "usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-01.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-02.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-01.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-02.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_2_2023.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_2_2023.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", + "usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", + "usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", + "usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", + "usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", + "usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", + "usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", + "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", + "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", + "usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", + "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", + "usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", + "usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/Izenpe.com.crt", + "usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", + "usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", + "usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", + "usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", + "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", + "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", + "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", + "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", + "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", + "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", + "usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", + "usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", + "usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", + "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", + "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", + "usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", + "usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", + "usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", + "usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", + "usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", + "usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", + "usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", + "usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", + "usr/share/ca-certificates/mozilla/SwissSign_RSA_TLS_Root_CA_2022_-_1.crt", + "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", + "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", + "usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", + "usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", + "usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", + "usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", + "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", + "usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", + "usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_TLS_ECC_Root_CA.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_TLS_RSA_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", + "usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", + "usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", + "usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", + "usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", + "usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", + "usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", + "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", + "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", + "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", + "usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", + "usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates-bundle@20250911-r0", + "Name": "ca-certificates-bundle", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates-bundle@20250911-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "a0566429a9621a8b" + }, + "Version": "20250911-r0", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20250911-r0", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "Digest": "sha1:8c7ee968419fcd92d5342cde0c5540a695a4ac2d", + "InstalledFiles": [ + "etc/ssl/cert.pem", + "etc/ssl/certs/ca-certificates.crt", + "etc/ssl1.1/cert.pem", + "etc/ssl1.1/certs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "curl@8.14.1-r2", + "Name": "curl", + "Identifier": { + "PURL": "pkg:apk/alpine/curl@8.14.1-r2?arch=x86_64\u0026distro=3.22.3", + "UID": "9401601091acd8a8" + }, + "Version": "8.14.1-r2", + "Arch": "x86_64", + "SrcName": "curl", + "SrcVersion": "8.14.1-r2", + "Licenses": [ + "curl" + ], + "Maintainer": "fossdd \u003cfossdd@pwned.life\u003e", + "DependsOn": [ + "libcurl@8.14.1-r2", + "musl@1.2.5-r10", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:e34713fe1adcd194fb3982f97d1d194a413759d4", + "InstalledFiles": [ + "usr/bin/curl", + "usr/bin/wcurl" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "dumb-init@1.2.5-r3", + "Name": "dumb-init", + "Identifier": { + "PURL": "pkg:apk/alpine/dumb-init@1.2.5-r3?arch=x86_64\u0026distro=3.22.3", + "UID": "fe96bfb9df359b25" + }, + "Version": "1.2.5-r3", + "Arch": "x86_64", + "SrcName": "dumb-init", + "SrcVersion": "1.2.5-r3", + "Licenses": [ + "MIT" + ], + "Maintainer": "Celeste \u003ccielesti@protonmail.com\u003e", + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:2be141d88c68977d1e379cb1400f29022610037f", + "InstalledFiles": [ + "usr/bin/dumb-init" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "gdbm@1.24-r0", + "Name": "gdbm", + "Identifier": { + "PURL": "pkg:apk/alpine/gdbm@1.24-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "52df25146f8073db" + }, + "Version": "1.24-r0", + "Arch": "x86_64", + "SrcName": "gdbm", + "SrcVersion": "1.24-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:248e0fcce23357408afa5b82137e97b781ecb790", + "InstalledFiles": [ + "usr/lib/libgdbm.so.6", + "usr/lib/libgdbm.so.6.0.0", + "usr/lib/libgdbm_compat.so.4", + "usr/lib/libgdbm_compat.so.4.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "gettext@0.24.1-r0", + "Name": "gettext", + "Identifier": { + "PURL": "pkg:apk/alpine/gettext@0.24.1-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "8a47e1d84a52437c" + }, + "Version": "0.24.1-r0", + "Arch": "x86_64", + "SrcName": "gettext", + "SrcVersion": "0.24.1-r0", + "Licenses": [ + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "MIT" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "gettext-envsubst@0.24.1-r0", + "gettext-libs@0.24.1-r0", + "libgomp@14.2.0-r6", + "libintl@0.24.1-r0", + "libunistring@1.3-r0", + "libxml2@2.13.9-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:a77a397b7571adccdae71a87d817e60f504b7af8", + "InstalledFiles": [ + "usr/bin/autopoint", + "usr/bin/gettext", + "usr/bin/gettext.sh", + "usr/bin/gettextize", + "usr/bin/msgattrib", + "usr/bin/msgcat", + "usr/bin/msgcmp", + "usr/bin/msgcomm", + "usr/bin/msgconv", + "usr/bin/msgen", + "usr/bin/msgexec", + "usr/bin/msgfilter", + "usr/bin/msgfmt", + "usr/bin/msggrep", + "usr/bin/msginit", + "usr/bin/msgmerge", + "usr/bin/msgunfmt", + "usr/bin/msguniq", + "usr/bin/ngettext", + "usr/bin/recode-sr-latin", + "usr/bin/xgettext", + "usr/lib/libgettextlib-0.24.1.so", + "usr/lib/libgettextsrc-0.24.1.so", + "usr/libexec/gettext/cldr-plurals", + "usr/libexec/gettext/hostname", + "usr/libexec/gettext/project-id", + "usr/libexec/gettext/urlget", + "usr/libexec/gettext/user-email", + "usr/share/gettext-0.24.1/its/docbook.loc", + "usr/share/gettext-0.24.1/its/docbook4.its", + "usr/share/gettext-0.24.1/its/docbook5.its", + "usr/share/gettext-0.24.1/its/glade.loc", + "usr/share/gettext-0.24.1/its/glade1.its", + "usr/share/gettext-0.24.1/its/glade2.its", + "usr/share/gettext-0.24.1/its/gsettings.its", + "usr/share/gettext-0.24.1/its/gsettings.loc", + "usr/share/gettext-0.24.1/its/gtkbuilder.its", + "usr/share/gettext-0.24.1/its/metainfo.its", + "usr/share/gettext-0.24.1/its/metainfo.loc" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "gettext-envsubst@0.24.1-r0", + "Name": "gettext-envsubst", + "Identifier": { + "PURL": "pkg:apk/alpine/gettext-envsubst@0.24.1-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "b352b94f7858e5f0" + }, + "Version": "0.24.1-r0", + "Arch": "x86_64", + "SrcName": "gettext", + "SrcVersion": "0.24.1-r0", + "Licenses": [ + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "MIT" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "libintl@0.24.1-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:8e48d4e81518696607a4fae33aae16ea1a0e8c1b", + "InstalledFiles": [ + "usr/bin/envsubst" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "gettext-libs@0.24.1-r0", + "Name": "gettext-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/gettext-libs@0.24.1-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "95c6d45fb0f8725f" + }, + "Version": "0.24.1-r0", + "Arch": "x86_64", + "SrcName": "gettext", + "SrcVersion": "0.24.1-r0", + "Licenses": [ + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "MIT" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "libintl@0.24.1-r0", + "libncursesw@6.5_p20250503-r0", + "libunistring@1.3-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:c4922cab28004729190f90c85d0ad943e8b3bea6", + "InstalledFiles": [ + "usr/lib/libgettextpo.so.0", + "usr/lib/libgettextpo.so.0.5.13", + "usr/lib/libtextstyle.so.0", + "usr/lib/libtextstyle.so.0.2.4" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "git@2.49.1-r0", + "Name": "git", + "Identifier": { + "PURL": "pkg:apk/alpine/git@2.49.1-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "67deb3b770d1970b" + }, + "Version": "2.49.1-r0", + "Arch": "x86_64", + "SrcName": "git", + "SrcVersion": "2.49.1-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcurl@8.14.1-r2", + "libexpat@2.7.4-r0", + "musl@1.2.5-r10", + "pcre2@10.46-r0", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:e00bb845ffcc73292eb04812da536feb5252a0b2", + "InstalledFiles": [ + "usr/bin/git", + "usr/bin/git-receive-pack", + "usr/bin/git-shell", + "usr/bin/git-upload-archive", + "usr/bin/git-upload-pack", + "usr/libexec/git-core/git", + "usr/libexec/git-core/git-add", + "usr/libexec/git-core/git-am", + "usr/libexec/git-core/git-annotate", + "usr/libexec/git-core/git-apply", + "usr/libexec/git-core/git-archive", + "usr/libexec/git-core/git-backfill", + "usr/libexec/git-core/git-bisect", + "usr/libexec/git-core/git-blame", + "usr/libexec/git-core/git-branch", + "usr/libexec/git-core/git-bugreport", + "usr/libexec/git-core/git-bundle", + "usr/libexec/git-core/git-cat-file", + "usr/libexec/git-core/git-check-attr", + "usr/libexec/git-core/git-check-ignore", + "usr/libexec/git-core/git-check-mailmap", + "usr/libexec/git-core/git-check-ref-format", + "usr/libexec/git-core/git-checkout", + "usr/libexec/git-core/git-checkout--worker", + "usr/libexec/git-core/git-checkout-index", + "usr/libexec/git-core/git-cherry", + "usr/libexec/git-core/git-cherry-pick", + "usr/libexec/git-core/git-clean", + "usr/libexec/git-core/git-clone", + "usr/libexec/git-core/git-column", + "usr/libexec/git-core/git-commit", + "usr/libexec/git-core/git-commit-graph", + "usr/libexec/git-core/git-commit-tree", + "usr/libexec/git-core/git-config", + "usr/libexec/git-core/git-count-objects", + "usr/libexec/git-core/git-credential", + "usr/libexec/git-core/git-credential-cache", + "usr/libexec/git-core/git-credential-cache--daemon", + "usr/libexec/git-core/git-credential-store", + "usr/libexec/git-core/git-describe", + "usr/libexec/git-core/git-diagnose", + "usr/libexec/git-core/git-diff", + "usr/libexec/git-core/git-diff-files", + "usr/libexec/git-core/git-diff-index", + "usr/libexec/git-core/git-diff-tree", + "usr/libexec/git-core/git-difftool", + "usr/libexec/git-core/git-difftool--helper", + "usr/libexec/git-core/git-fast-export", + "usr/libexec/git-core/git-fetch", + "usr/libexec/git-core/git-fetch-pack", + "usr/libexec/git-core/git-filter-branch", + "usr/libexec/git-core/git-fmt-merge-msg", + "usr/libexec/git-core/git-for-each-ref", + "usr/libexec/git-core/git-for-each-repo", + "usr/libexec/git-core/git-format-patch", + "usr/libexec/git-core/git-fsck", + "usr/libexec/git-core/git-fsck-objects", + "usr/libexec/git-core/git-fsmonitor--daemon", + "usr/libexec/git-core/git-gc", + "usr/libexec/git-core/git-get-tar-commit-id", + "usr/libexec/git-core/git-grep", + "usr/libexec/git-core/git-hash-object", + "usr/libexec/git-core/git-help", + "usr/libexec/git-core/git-hook", + "usr/libexec/git-core/git-http-fetch", + "usr/libexec/git-core/git-http-push", + "usr/libexec/git-core/git-index-pack", + "usr/libexec/git-core/git-init", + "usr/libexec/git-core/git-init-db", + "usr/libexec/git-core/git-interpret-trailers", + "usr/libexec/git-core/git-log", + "usr/libexec/git-core/git-ls-files", + "usr/libexec/git-core/git-ls-remote", + "usr/libexec/git-core/git-ls-tree", + "usr/libexec/git-core/git-mailinfo", + "usr/libexec/git-core/git-mailsplit", + "usr/libexec/git-core/git-maintenance", + "usr/libexec/git-core/git-merge", + "usr/libexec/git-core/git-merge-base", + "usr/libexec/git-core/git-merge-file", + "usr/libexec/git-core/git-merge-index", + "usr/libexec/git-core/git-merge-octopus", + "usr/libexec/git-core/git-merge-one-file", + "usr/libexec/git-core/git-merge-ours", + "usr/libexec/git-core/git-merge-recursive", + "usr/libexec/git-core/git-merge-resolve", + "usr/libexec/git-core/git-merge-subtree", + "usr/libexec/git-core/git-merge-tree", + "usr/libexec/git-core/git-mergetool", + "usr/libexec/git-core/git-mergetool--lib", + "usr/libexec/git-core/git-mktag", + "usr/libexec/git-core/git-mktree", + "usr/libexec/git-core/git-multi-pack-index", + "usr/libexec/git-core/git-mv", + "usr/libexec/git-core/git-name-rev", + "usr/libexec/git-core/git-notes", + "usr/libexec/git-core/git-pack-objects", + "usr/libexec/git-core/git-pack-redundant", + "usr/libexec/git-core/git-pack-refs", + "usr/libexec/git-core/git-patch-id", + "usr/libexec/git-core/git-prune", + "usr/libexec/git-core/git-prune-packed", + "usr/libexec/git-core/git-pull", + "usr/libexec/git-core/git-push", + "usr/libexec/git-core/git-quiltimport", + "usr/libexec/git-core/git-range-diff", + "usr/libexec/git-core/git-read-tree", + "usr/libexec/git-core/git-rebase", + "usr/libexec/git-core/git-receive-pack", + "usr/libexec/git-core/git-reflog", + "usr/libexec/git-core/git-refs", + "usr/libexec/git-core/git-remote", + "usr/libexec/git-core/git-remote-ext", + "usr/libexec/git-core/git-remote-fd", + "usr/libexec/git-core/git-remote-ftp", + "usr/libexec/git-core/git-remote-ftps", + "usr/libexec/git-core/git-remote-http", + "usr/libexec/git-core/git-remote-https", + "usr/libexec/git-core/git-repack", + "usr/libexec/git-core/git-replace", + "usr/libexec/git-core/git-replay", + "usr/libexec/git-core/git-request-pull", + "usr/libexec/git-core/git-rerere", + "usr/libexec/git-core/git-reset", + "usr/libexec/git-core/git-restore", + "usr/libexec/git-core/git-rev-list", + "usr/libexec/git-core/git-rev-parse", + "usr/libexec/git-core/git-revert", + "usr/libexec/git-core/git-rm", + "usr/libexec/git-core/git-send-pack", + "usr/libexec/git-core/git-sh-i18n", + "usr/libexec/git-core/git-sh-i18n--envsubst", + "usr/libexec/git-core/git-sh-setup", + "usr/libexec/git-core/git-shortlog", + "usr/libexec/git-core/git-show", + "usr/libexec/git-core/git-show-branch", + "usr/libexec/git-core/git-show-index", + "usr/libexec/git-core/git-show-ref", + "usr/libexec/git-core/git-sparse-checkout", + "usr/libexec/git-core/git-stage", + "usr/libexec/git-core/git-stash", + "usr/libexec/git-core/git-status", + "usr/libexec/git-core/git-stripspace", + "usr/libexec/git-core/git-submodule", + "usr/libexec/git-core/git-submodule--helper", + "usr/libexec/git-core/git-switch", + "usr/libexec/git-core/git-symbolic-ref", + "usr/libexec/git-core/git-tag", + "usr/libexec/git-core/git-unpack-file", + "usr/libexec/git-core/git-unpack-objects", + "usr/libexec/git-core/git-update-index", + "usr/libexec/git-core/git-update-ref", + "usr/libexec/git-core/git-update-server-info", + "usr/libexec/git-core/git-upload-archive", + "usr/libexec/git-core/git-upload-pack", + "usr/libexec/git-core/git-var", + "usr/libexec/git-core/git-verify-commit", + "usr/libexec/git-core/git-verify-pack", + "usr/libexec/git-core/git-verify-tag", + "usr/libexec/git-core/git-version", + "usr/libexec/git-core/git-web--browse", + "usr/libexec/git-core/git-whatchanged", + "usr/libexec/git-core/git-worktree", + "usr/libexec/git-core/git-write-tree", + "usr/libexec/git-core/mergetools/araxis", + "usr/libexec/git-core/mergetools/bc", + "usr/libexec/git-core/mergetools/codecompare", + "usr/libexec/git-core/mergetools/deltawalker", + "usr/libexec/git-core/mergetools/diffmerge", + "usr/libexec/git-core/mergetools/diffuse", + "usr/libexec/git-core/mergetools/ecmerge", + "usr/libexec/git-core/mergetools/emerge", + "usr/libexec/git-core/mergetools/examdiff", + "usr/libexec/git-core/mergetools/guiffy", + "usr/libexec/git-core/mergetools/gvimdiff", + "usr/libexec/git-core/mergetools/kdiff3", + "usr/libexec/git-core/mergetools/kompare", + "usr/libexec/git-core/mergetools/meld", + "usr/libexec/git-core/mergetools/nvimdiff", + "usr/libexec/git-core/mergetools/opendiff", + "usr/libexec/git-core/mergetools/smerge", + "usr/libexec/git-core/mergetools/tkdiff", + "usr/libexec/git-core/mergetools/tortoisemerge", + "usr/libexec/git-core/mergetools/vimdiff", + "usr/libexec/git-core/mergetools/vscode", + "usr/libexec/git-core/mergetools/winmerge", + "usr/libexec/git-core/mergetools/xxdiff" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "git-init-template@2.49.1-r0", + "Name": "git-init-template", + "Identifier": { + "PURL": "pkg:apk/alpine/git-init-template@2.49.1-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "d472fd7a80f6fd7e" + }, + "Version": "2.49.1-r0", + "Arch": "x86_64", + "SrcName": "git", + "SrcVersion": "2.49.1-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:fb088b46ca75b28e1cfd815182b41fc5d82ea3cc", + "InstalledFiles": [ + "usr/share/git-core/templates/description", + "usr/share/git-core/templates/hooks/applypatch-msg.sample", + "usr/share/git-core/templates/hooks/commit-msg.sample", + "usr/share/git-core/templates/hooks/post-update.sample", + "usr/share/git-core/templates/hooks/pre-applypatch.sample", + "usr/share/git-core/templates/hooks/pre-commit.sample", + "usr/share/git-core/templates/hooks/pre-merge-commit.sample", + "usr/share/git-core/templates/hooks/pre-push.sample", + "usr/share/git-core/templates/hooks/pre-rebase.sample", + "usr/share/git-core/templates/hooks/pre-receive.sample", + "usr/share/git-core/templates/hooks/prepare-commit-msg.sample", + "usr/share/git-core/templates/hooks/push-to-checkout.sample", + "usr/share/git-core/templates/hooks/sendemail-validate.sample", + "usr/share/git-core/templates/hooks/update.sample", + "usr/share/git-core/templates/info/exclude" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "gmp@6.3.0-r3", + "Name": "gmp", + "Identifier": { + "PURL": "pkg:apk/alpine/gmp@6.3.0-r3?arch=x86_64\u0026distro=3.22.3", + "UID": "c7fc9df6028d68fb" + }, + "Version": "6.3.0-r3", + "Arch": "x86_64", + "SrcName": "gmp", + "SrcVersion": "6.3.0-r3", + "Licenses": [ + "LGPL-3.0-or-later", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:85d27e1f746bd18a063e35cdc54446521aa0c0d9", + "InstalledFiles": [ + "usr/lib/libgmp.so.10", + "usr/lib/libgmp.so.10.5.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "gnupg@2.4.9-r0", + "Name": "gnupg", + "Identifier": { + "PURL": "pkg:apk/alpine/gnupg@2.4.9-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "d367a557b4a3bc97" + }, + "Version": "2.4.9-r0", + "Arch": "x86_64", + "SrcName": "gnupg", + "SrcVersion": "2.4.9-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "gnupg-dirmngr@2.4.9-r0", + "gnupg-utils@2.4.9-r0", + "gnupg-wks-client@2.4.9-r0", + "gpg-agent@2.4.9-r0", + "gpg-wks-server@2.4.9-r0", + "gpg@2.4.9-r0", + "gpgsm@2.4.9-r0", + "gpgv@2.4.9-r0" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:955c97b34e112cabe7983d67a2253bc81c69fa87", + "AnalyzedBy": "apk" + }, + { + "ID": "gnupg-dirmngr@2.4.9-r0", + "Name": "gnupg-dirmngr", + "Identifier": { + "PURL": "pkg:apk/alpine/gnupg-dirmngr@2.4.9-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "625f0b6eac94c1c5" + }, + "Version": "2.4.9-r0", + "Arch": "x86_64", + "SrcName": "gnupg", + "SrcVersion": "2.4.9-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "gnupg-gpgconf@2.4.9-r0", + "gnutls@3.8.12-r0", + "libassuan@2.5.7-r0", + "libgcrypt@1.10.3-r1", + "libgpg-error@1.55-r0", + "libksba@1.6.7-r0", + "libldap@2.6.8-r0", + "musl@1.2.5-r10", + "npth@1.8-r0" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:a9c3a340e84ad28a905043e43e3468ef8e948cce", + "InstalledFiles": [ + "usr/bin/dirmngr", + "usr/bin/dirmngr-client", + "usr/libexec/dirmngr_ldap", + "usr/share/gnupg/sks-keyservers.netCA.pem" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "gnupg-gpgconf@2.4.9-r0", + "Name": "gnupg-gpgconf", + "Identifier": { + "PURL": "pkg:apk/alpine/gnupg-gpgconf@2.4.9-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "6e9b3778956025e6" + }, + "Version": "2.4.9-r0", + "Arch": "x86_64", + "SrcName": "gnupg", + "SrcVersion": "2.4.9-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libassuan@2.5.7-r0", + "libgcrypt@1.10.3-r1", + "libgpg-error@1.55-r0", + "musl@1.2.5-r10", + "pinentry@1.3.1-r0" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:42477a7332cfab68681745f70b9ef8d1820db9a4", + "InstalledFiles": [ + "usr/bin/gpg-connect-agent", + "usr/bin/gpgconf", + "usr/share/gnupg/distsigkey.gpg" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "gnupg-keyboxd@2.4.9-r0", + "Name": "gnupg-keyboxd", + "Identifier": { + "PURL": "pkg:apk/alpine/gnupg-keyboxd@2.4.9-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "161a9c6e89795cf0" + }, + "Version": "2.4.9-r0", + "Arch": "x86_64", + "SrcName": "gnupg", + "SrcVersion": "2.4.9-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libassuan@2.5.7-r0", + "libgcrypt@1.10.3-r1", + "libgpg-error@1.55-r0", + "libksba@1.6.7-r0", + "musl@1.2.5-r10", + "npth@1.8-r0", + "sqlite-libs@3.49.2-r1" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:ed938b8081b029da7fa77bb13515ea5e052a4cb9", + "InstalledFiles": [ + "usr/libexec/keyboxd" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "gnupg-utils@2.4.9-r0", + "Name": "gnupg-utils", + "Identifier": { + "PURL": "pkg:apk/alpine/gnupg-utils@2.4.9-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "33e3a05fa753c98a" + }, + "Version": "2.4.9-r0", + "Arch": "x86_64", + "SrcName": "gnupg", + "SrcVersion": "2.4.9-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libassuan@2.5.7-r0", + "libbz2@1.0.8-r6", + "libgcrypt@1.10.3-r1", + "libgpg-error@1.55-r0", + "libksba@1.6.7-r0", + "musl@1.2.5-r10", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:af7d7a1f4e04e507f6c42fce6ab7862e13685199", + "InstalledFiles": [ + "usr/bin/gpg-card", + "usr/bin/gpg-mail-tube", + "usr/bin/gpgparsemail", + "usr/bin/gpgsplit", + "usr/bin/gpgtar", + "usr/bin/kbxutil", + "usr/bin/watchgnupg", + "usr/libexec/gpg-auth", + "usr/libexec/gpg-pair-tool", + "usr/sbin/addgnupghome", + "usr/sbin/applygnupgdefaults" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "gnupg-wks-client@2.4.9-r0", + "Name": "gnupg-wks-client", + "Identifier": { + "PURL": "pkg:apk/alpine/gnupg-wks-client@2.4.9-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "360b79408926e25c" + }, + "Version": "2.4.9-r0", + "Arch": "x86_64", + "SrcName": "gnupg", + "SrcVersion": "2.4.9-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "gnupg-dirmngr@2.4.9-r0", + "gpg-agent@2.4.9-r0", + "gpg@2.4.9-r0", + "libassuan@2.5.7-r0", + "libgcrypt@1.10.3-r1", + "libgpg-error@1.55-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:01fc4a3219bd5ac7535c56f1ec137ee1c19b5842", + "InstalledFiles": [ + "usr/bin/gpg-wks-client", + "usr/libexec/gpg-wks-client" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "gnutls@3.8.12-r0", + "Name": "gnutls", + "Identifier": { + "PURL": "pkg:apk/alpine/gnutls@3.8.12-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "67fc64258c96d1b" + }, + "Version": "3.8.12-r0", + "Arch": "x86_64", + "SrcName": "gnutls", + "SrcVersion": "3.8.12-r0", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "gmp@6.3.0-r3", + "libidn2@2.3.7-r0", + "libtasn1@4.21.0-r0", + "libunistring@1.3-r0", + "musl@1.2.5-r10", + "nettle@3.10.2-r0", + "p11-kit@0.25.5-r2", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:709f21fa9e8b1952d27c68cd4201e92b2e15d43d", + "InstalledFiles": [ + "usr/lib/libgnutls.so.30", + "usr/lib/libgnutls.so.30.41.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "gpg@2.4.9-r0", + "Name": "gpg", + "Identifier": { + "PURL": "pkg:apk/alpine/gpg@2.4.9-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "f4f976e9b62952fe" + }, + "Version": "2.4.9-r0", + "Arch": "x86_64", + "SrcName": "gnupg", + "SrcVersion": "2.4.9-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "gnupg-dirmngr@2.4.9-r0", + "gnupg-gpgconf@2.4.9-r0", + "gnupg-keyboxd@2.4.9-r0", + "libassuan@2.5.7-r0", + "libbz2@1.0.8-r6", + "libgcrypt@1.10.3-r1", + "libgpg-error@1.55-r0", + "musl@1.2.5-r10", + "npth@1.8-r0", + "sqlite-libs@3.49.2-r1", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:b0707ece8f005a4907e4a6ecfedfa48bf6ec0f73", + "InstalledFiles": [ + "usr/bin/gpg", + "usr/bin/gpg2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "gpg-agent@2.4.9-r0", + "Name": "gpg-agent", + "Identifier": { + "PURL": "pkg:apk/alpine/gpg-agent@2.4.9-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "dc4a41374594da89" + }, + "Version": "2.4.9-r0", + "Arch": "x86_64", + "SrcName": "gnupg", + "SrcVersion": "2.4.9-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "gnupg-gpgconf@2.4.9-r0", + "libassuan@2.5.7-r0", + "libgcrypt@1.10.3-r1", + "libgpg-error@1.55-r0", + "musl@1.2.5-r10", + "npth@1.8-r0" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:0fb7ceede84c703cf249fe67f63415e6dc1bcd80", + "InstalledFiles": [ + "usr/bin/gpg-agent", + "usr/libexec/gpg-check-pattern", + "usr/libexec/gpg-preset-passphrase", + "usr/libexec/gpg-protect-tool", + "usr/share/gnupg/help.txt" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "gpg-wks-server@2.4.9-r0", + "Name": "gpg-wks-server", + "Identifier": { + "PURL": "pkg:apk/alpine/gpg-wks-server@2.4.9-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "e02e3f328708e669" + }, + "Version": "2.4.9-r0", + "Arch": "x86_64", + "SrcName": "gnupg", + "SrcVersion": "2.4.9-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "gpg-agent@2.4.9-r0", + "gpg@2.4.9-r0", + "libgcrypt@1.10.3-r1", + "libgpg-error@1.55-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:87ba87d6337d62306b4b94ac9be7fc1c94f793e5", + "InstalledFiles": [ + "usr/bin/gpg-wks-server" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "gpgsm@2.4.9-r0", + "Name": "gpgsm", + "Identifier": { + "PURL": "pkg:apk/alpine/gpgsm@2.4.9-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "8a344af68ac904d6" + }, + "Version": "2.4.9-r0", + "Arch": "x86_64", + "SrcName": "gnupg", + "SrcVersion": "2.4.9-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "gnupg-gpgconf@2.4.9-r0", + "libassuan@2.5.7-r0", + "libgcrypt@1.10.3-r1", + "libgpg-error@1.55-r0", + "libksba@1.6.7-r0", + "musl@1.2.5-r10", + "npth@1.8-r0" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:109b68a29686a3c45592b6040a00f54eba174a6a", + "InstalledFiles": [ + "usr/bin/gpgsm" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "gpgv@2.4.9-r0", + "Name": "gpgv", + "Identifier": { + "PURL": "pkg:apk/alpine/gpgv@2.4.9-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "b24b251655758a54" + }, + "Version": "2.4.9-r0", + "Arch": "x86_64", + "SrcName": "gnupg", + "SrcVersion": "2.4.9-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libassuan@2.5.7-r0", + "libbz2@1.0.8-r6", + "libgcrypt@1.10.3-r1", + "libgpg-error@1.55-r0", + "musl@1.2.5-r10", + "npth@1.8-r0", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:464566ebd2fd660bfeb91176bbdaf3dace4f42e1", + "InstalledFiles": [ + "usr/bin/gpgv", + "usr/bin/gpgv2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libapk2@2.14.9-r3", + "Name": "libapk2", + "Identifier": { + "PURL": "pkg:apk/alpine/libapk2@2.14.9-r3?arch=x86_64\u0026distro=3.22.3", + "UID": "a914b9d20e57673a" + }, + "Version": "2.14.9-r3", + "Arch": "x86_64", + "SrcName": "apk-tools", + "SrcVersion": "2.14.9-r3", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "ca-certificates-bundle@20250911-r0", + "libcrypto3@3.5.5-r0", + "libssl3@3.5.5-r0", + "musl@1.2.5-r10", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "Digest": "sha1:902fd71646d6e087e472c67b0f634c043a2195bc", + "InstalledFiles": [ + "usr/lib/libapk.so.2.14.9" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libassuan@2.5.7-r0", + "Name": "libassuan", + "Identifier": { + "PURL": "pkg:apk/alpine/libassuan@2.5.7-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "99ec2f81c1478242" + }, + "Version": "2.5.7-r0", + "Arch": "x86_64", + "SrcName": "libassuan", + "SrcVersion": "2.5.7-r0", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libgpg-error@1.55-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:3b1d9ed6d84eccbc9c7e3e00f53196df212966b8", + "InstalledFiles": [ + "usr/lib/libassuan.so.0", + "usr/lib/libassuan.so.0.8.7" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libbz2@1.0.8-r6", + "Name": "libbz2", + "Identifier": { + "PURL": "pkg:apk/alpine/libbz2@1.0.8-r6?arch=x86_64\u0026distro=3.22.3", + "UID": "723292282ebbd061" + }, + "Version": "1.0.8-r6", + "Arch": "x86_64", + "SrcName": "bzip2", + "SrcVersion": "1.0.8-r6", + "Licenses": [ + "bzip-2-1.0.6" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:1c8732214d0947cdbca8b7905576c0d0bc3deb3b", + "InstalledFiles": [ + "usr/lib/libbz2.so.1", + "usr/lib/libbz2.so.1.0.8" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcrypto3@3.5.5-r0", + "Name": "libcrypto3", + "Identifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "ed0ef3c0494f7b12" + }, + "Version": "3.5.5-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.5.5-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "Digest": "sha1:69f2e10ba246c41930285851af67ce5af75ecbe5", + "InstalledFiles": [ + "etc/ssl/ct_log_list.cnf", + "etc/ssl/ct_log_list.cnf.dist", + "etc/ssl/openssl.cnf", + "etc/ssl/openssl.cnf.dist", + "usr/lib/libcrypto.so.3", + "usr/lib/engines-3/afalg.so", + "usr/lib/engines-3/capi.so", + "usr/lib/engines-3/loader_attic.so", + "usr/lib/engines-3/padlock.so", + "usr/lib/ossl-modules/legacy.so" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcurl@8.14.1-r2", + "Name": "libcurl", + "Identifier": { + "PURL": "pkg:apk/alpine/libcurl@8.14.1-r2?arch=x86_64\u0026distro=3.22.3", + "UID": "86bea2fc744fdc14" + }, + "Version": "8.14.1-r2", + "Arch": "x86_64", + "SrcName": "curl", + "SrcVersion": "8.14.1-r2", + "Licenses": [ + "curl" + ], + "Maintainer": "fossdd \u003cfossdd@pwned.life\u003e", + "DependsOn": [ + "brotli-libs@1.1.0-r2", + "c-ares@1.34.6-r0", + "ca-certificates-bundle@20250911-r0", + "libcrypto3@3.5.5-r0", + "libidn2@2.3.7-r0", + "libpsl@0.21.5-r3", + "libssl3@3.5.5-r0", + "musl@1.2.5-r10", + "nghttp2-libs@1.65.0-r0", + "zlib@1.3.1-r2", + "zstd-libs@1.5.7-r0" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:d0c265e4db3a95d6e31e13e5ea29dd20b19ea768", + "InstalledFiles": [ + "usr/lib/libcurl.so.4", + "usr/lib/libcurl.so.4.8.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libexpat@2.7.4-r0", + "Name": "libexpat", + "Identifier": { + "PURL": "pkg:apk/alpine/libexpat@2.7.4-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "3880c6da81ca34e8" + }, + "Version": "2.7.4-r0", + "Arch": "x86_64", + "SrcName": "expat", + "SrcVersion": "2.7.4-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:17199f1cef3f187f2bffd689e2085284b95885d9", + "InstalledFiles": [ + "usr/lib/libexpat.so.1", + "usr/lib/libexpat.so.1.11.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libffi@3.4.8-r0", + "Name": "libffi", + "Identifier": { + "PURL": "pkg:apk/alpine/libffi@3.4.8-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "8338231f91849d33" + }, + "Version": "3.4.8-r0", + "Arch": "x86_64", + "SrcName": "libffi", + "SrcVersion": "3.4.8-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:e5d01118f5ad008bb2df07635af364933b4ff20f", + "InstalledFiles": [ + "usr/lib/libffi.so.8", + "usr/lib/libffi.so.8.1.4" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libgcrypt@1.10.3-r1", + "Name": "libgcrypt", + "Identifier": { + "PURL": "pkg:apk/alpine/libgcrypt@1.10.3-r1?arch=x86_64\u0026distro=3.22.3", + "UID": "d16b260610062e29" + }, + "Version": "1.10.3-r1", + "Arch": "x86_64", + "SrcName": "libgcrypt", + "SrcVersion": "1.10.3-r1", + "Licenses": [ + "LGPL-2.1-or-later", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libgpg-error@1.55-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:d9bca23bad50499a7a459e19e50256dbf1c0f5aa", + "InstalledFiles": [ + "usr/lib/libgcrypt.so.20", + "usr/lib/libgcrypt.so.20.4.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libgomp@14.2.0-r6", + "Name": "libgomp", + "Identifier": { + "PURL": "pkg:apk/alpine/libgomp@14.2.0-r6?arch=x86_64\u0026distro=3.22.3", + "UID": "465d8155c1b59fb0" + }, + "Version": "14.2.0-r6", + "Arch": "x86_64", + "SrcName": "gcc", + "SrcVersion": "14.2.0-r6", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:7a22cab723a2deab744718c41eb10fe5601646b1", + "InstalledFiles": [ + "usr/lib/libgomp.so.1", + "usr/lib/libgomp.so.1.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libgpg-error@1.55-r0", + "Name": "libgpg-error", + "Identifier": { + "PURL": "pkg:apk/alpine/libgpg-error@1.55-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "6f51fc1a3225ebd7" + }, + "Version": "1.55-r0", + "Arch": "x86_64", + "SrcName": "libgpg-error", + "SrcVersion": "1.55-r0", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:f02c0ba1c71291307b6f92de33f0ee4ef4f78339", + "InstalledFiles": [ + "usr/bin/gpg-error", + "usr/lib/libgpg-error.so.0", + "usr/lib/libgpg-error.so.0.39.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libidn2@2.3.7-r0", + "Name": "libidn2", + "Identifier": { + "PURL": "pkg:apk/alpine/libidn2@2.3.7-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "62dfaa175b3f84e5" + }, + "Version": "2.3.7-r0", + "Arch": "x86_64", + "SrcName": "libidn2", + "SrcVersion": "2.3.7-r0", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libunistring@1.3-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:e2e93b247187a15a2164f4b7e5f4a725a3b5d488", + "InstalledFiles": [ + "usr/lib/libidn2.so.0", + "usr/lib/libidn2.so.0.4.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libintl@0.24.1-r0", + "Name": "libintl", + "Identifier": { + "PURL": "pkg:apk/alpine/libintl@0.24.1-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "5335e41c5d85c80" + }, + "Version": "0.24.1-r0", + "Arch": "x86_64", + "SrcName": "gettext", + "SrcVersion": "0.24.1-r0", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:8f44275c3149194ffa1b7bae29469289f758ed3d", + "InstalledFiles": [ + "usr/lib/libintl.so.8", + "usr/lib/libintl.so.8.4.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libksba@1.6.7-r0", + "Name": "libksba", + "Identifier": { + "PURL": "pkg:apk/alpine/libksba@1.6.7-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "2915c9af8ec519dc" + }, + "Version": "1.6.7-r0", + "Arch": "x86_64", + "SrcName": "libksba", + "SrcVersion": "1.6.7-r0", + "Licenses": [ + "LGPL-3.0-only", + "GPL-2.0-only", + "GPL-3.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libgpg-error@1.55-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:24b41953b7165e9327c9e392e085951da427bd3d", + "InstalledFiles": [ + "usr/lib/libksba.so.8", + "usr/lib/libksba.so.8.14.7" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libldap@2.6.8-r0", + "Name": "libldap", + "Identifier": { + "PURL": "pkg:apk/alpine/libldap@2.6.8-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "da145041bc2d7d47" + }, + "Version": "2.6.8-r0", + "Arch": "x86_64", + "SrcName": "openldap", + "SrcVersion": "2.6.8-r0", + "Licenses": [ + "OLDAP-2.8" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcrypto3@3.5.5-r0", + "libsasl@2.1.28-r8", + "libssl3@3.5.5-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:7d8736383926aa215da508f88cafb428fd4fa20f", + "InstalledFiles": [ + "etc/openldap/ldap.conf", + "usr/lib/liblber.so.2", + "usr/lib/liblber.so.2.0.200", + "usr/lib/libldap.so.2", + "usr/lib/libldap.so.2.0.200" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libncursesw@6.5_p20250503-r0", + "Name": "libncursesw", + "Identifier": { + "PURL": "pkg:apk/alpine/libncursesw@6.5_p20250503-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "e6be237484e23875" + }, + "Version": "6.5_p20250503-r0", + "Arch": "x86_64", + "SrcName": "ncurses", + "SrcVersion": "6.5_p20250503-r0", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10", + "ncurses-terminfo-base@6.5_p20250503-r0" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:42901f1528399d67e07e14085ee53f1a369b240a", + "InstalledFiles": [ + "usr/lib/libncursesw.so.6", + "usr/lib/libncursesw.so.6.5" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libpsl@0.21.5-r3", + "Name": "libpsl", + "Identifier": { + "PURL": "pkg:apk/alpine/libpsl@0.21.5-r3?arch=x86_64\u0026distro=3.22.3", + "UID": "e3d3e0725ec78534" + }, + "Version": "0.21.5-r3", + "Arch": "x86_64", + "SrcName": "libpsl", + "SrcVersion": "0.21.5-r3", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libidn2@2.3.7-r0", + "libunistring@1.3-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:351ae123ebf705f090c43fc793996dba2fa21ebb", + "InstalledFiles": [ + "usr/lib/libpsl.so.5", + "usr/lib/libpsl.so.5.3.5" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libsasl@2.1.28-r8", + "Name": "libsasl", + "Identifier": { + "PURL": "pkg:apk/alpine/libsasl@2.1.28-r8?arch=x86_64\u0026distro=3.22.3", + "UID": "6b674155e4c14e5" + }, + "Version": "2.1.28-r8", + "Arch": "x86_64", + "SrcName": "cyrus-sasl", + "SrcVersion": "2.1.28-r8", + "Licenses": [ + "BSD-3-Clause-Attribution", + "BSD-4-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "gdbm@1.24-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:6318f8a8d76801400f56b8aaefa9fc6654565cda", + "InstalledFiles": [ + "usr/lib/libsasl2.so.3", + "usr/lib/libsasl2.so.3.0.0", + "usr/lib/sasl2/libanonymous.so", + "usr/lib/sasl2/libanonymous.so.3", + "usr/lib/sasl2/libanonymous.so.3.0.0", + "usr/lib/sasl2/libplain.so", + "usr/lib/sasl2/libplain.so.3", + "usr/lib/sasl2/libplain.so.3.0.0", + "usr/lib/sasl2/libsasldb.so", + "usr/lib/sasl2/libsasldb.so.3", + "usr/lib/sasl2/libsasldb.so.3.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libssl3@3.5.5-r0", + "Name": "libssl3", + "Identifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "1bea070325a2bc82" + }, + "Version": "3.5.5-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.5.5-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcrypto3@3.5.5-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "Digest": "sha1:cccea10b0bf05b03f19640b4a35dbd4326d34073", + "InstalledFiles": [ + "usr/lib/libssl.so.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libtasn1@4.21.0-r0", + "Name": "libtasn1", + "Identifier": { + "PURL": "pkg:apk/alpine/libtasn1@4.21.0-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "11d7d4e927554a96" + }, + "Version": "4.21.0-r0", + "Arch": "x86_64", + "SrcName": "libtasn1", + "SrcVersion": "4.21.0-r0", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:a20a0138f828954be57c16ac4263918bf1b1fa36", + "InstalledFiles": [ + "usr/lib/libtasn1.so.6", + "usr/lib/libtasn1.so.6.6.5" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libunistring@1.3-r0", + "Name": "libunistring", + "Identifier": { + "PURL": "pkg:apk/alpine/libunistring@1.3-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "c85bd5adae736524" + }, + "Version": "1.3-r0", + "Arch": "x86_64", + "SrcName": "libunistring", + "SrcVersion": "1.3-r0", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:9472d9ab2b634a61ad5edc9b4754fdb1e34bdef9", + "InstalledFiles": [ + "usr/lib/libunistring.so.5", + "usr/lib/libunistring.so.5.2.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libxml2@2.13.9-r0", + "Name": "libxml2", + "Identifier": { + "PURL": "pkg:apk/alpine/libxml2@2.13.9-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "c0b0bc9143ed75ae" + }, + "Version": "2.13.9-r0", + "Arch": "x86_64", + "SrcName": "libxml2", + "SrcVersion": "2.13.9-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10", + "xz-libs@5.8.1-r0", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:6ddad9a7b827ee30cd620f78e10a693464853d82", + "InstalledFiles": [ + "usr/lib/libxml2.so.2", + "usr/lib/libxml2.so.2.13.9" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl@1.2.5-r10", + "Name": "musl", + "Identifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r10?arch=x86_64\u0026distro=3.22.3", + "UID": "55e7e479f5580f45" + }, + "Version": "1.2.5-r10", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.5-r10", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "Digest": "sha1:59283b61db830a0a0309c98f4db906a2d8fa342b", + "InstalledFiles": [ + "lib/ld-musl-x86_64.so.1", + "lib/libc.musl-x86_64.so.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl-utils@1.2.5-r10", + "Name": "musl-utils", + "Identifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r10?arch=x86_64\u0026distro=3.22.3", + "UID": "73256102bfd5faee" + }, + "Version": "1.2.5-r10", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.5-r10", + "Licenses": [ + "MIT", + "BSD-2-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10", + "scanelf@1.3.8-r1" + ], + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "Digest": "sha1:7e60d0820813baa8ac266bee158394c0a69f104a", + "InstalledFiles": [ + "sbin/ldconfig", + "usr/bin/getconf", + "usr/bin/getent", + "usr/bin/iconv", + "usr/bin/ldd" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ncurses-terminfo-base@6.5_p20250503-r0", + "Name": "ncurses-terminfo-base", + "Identifier": { + "PURL": "pkg:apk/alpine/ncurses-terminfo-base@6.5_p20250503-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "894c1596a3cf9412" + }, + "Version": "6.5_p20250503-r0", + "Arch": "x86_64", + "SrcName": "ncurses", + "SrcVersion": "6.5_p20250503-r0", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:fea2cc088f02df2feb5da718e70123647f0ef8f7", + "InstalledFiles": [ + "etc/terminfo/a/alacritty", + "etc/terminfo/a/ansi", + "etc/terminfo/d/dumb", + "etc/terminfo/g/gnome", + "etc/terminfo/g/gnome-256color", + "etc/terminfo/k/konsole", + "etc/terminfo/k/konsole-256color", + "etc/terminfo/k/konsole-linux", + "etc/terminfo/l/linux", + "etc/terminfo/p/putty", + "etc/terminfo/p/putty-256color", + "etc/terminfo/r/rxvt", + "etc/terminfo/r/rxvt-256color", + "etc/terminfo/s/screen", + "etc/terminfo/s/screen-256color", + "etc/terminfo/s/st-0.6", + "etc/terminfo/s/st-0.7", + "etc/terminfo/s/st-0.8", + "etc/terminfo/s/st-0.8.5", + "etc/terminfo/s/st-16color", + "etc/terminfo/s/st-256color", + "etc/terminfo/s/st-direct", + "etc/terminfo/s/sun", + "etc/terminfo/t/terminator", + "etc/terminfo/t/terminology", + "etc/terminfo/t/terminology-0.6.1", + "etc/terminfo/t/terminology-1.0.0", + "etc/terminfo/t/terminology-1.8.1", + "etc/terminfo/t/tmux", + "etc/terminfo/t/tmux-256color", + "etc/terminfo/v/vt100", + "etc/terminfo/v/vt102", + "etc/terminfo/v/vt200", + "etc/terminfo/v/vt220", + "etc/terminfo/v/vt52", + "etc/terminfo/v/vte", + "etc/terminfo/v/vte-256color", + "etc/terminfo/x/xterm", + "etc/terminfo/x/xterm-256color", + "etc/terminfo/x/xterm-color", + "etc/terminfo/x/xterm-xfree86" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "nettle@3.10.2-r0", + "Name": "nettle", + "Identifier": { + "PURL": "pkg:apk/alpine/nettle@3.10.2-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "d7016a30888c7b4c" + }, + "Version": "3.10.2-r0", + "Arch": "x86_64", + "SrcName": "nettle", + "SrcVersion": "3.10.2-r0", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-3.0-or-later" + ], + "Maintainer": "Patrycja Rosa \u003calpine@ptrcnull.me\u003e", + "DependsOn": [ + "gmp@6.3.0-r3", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:21d72934d1697ae0138cadc28a140b9a3880768e", + "InstalledFiles": [ + "usr/lib/libhogweed.so.6", + "usr/lib/libhogweed.so.6.11", + "usr/lib/libnettle.so.8", + "usr/lib/libnettle.so.8.11" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "nghttp2-libs@1.65.0-r0", + "Name": "nghttp2-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/nghttp2-libs@1.65.0-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "9a7f544dd9c7674" + }, + "Version": "1.65.0-r0", + "Arch": "x86_64", + "SrcName": "nghttp2", + "SrcVersion": "1.65.0-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:25feb492160beba9dd4bea4a169a65fd2eccc493", + "InstalledFiles": [ + "usr/lib/libnghttp2.so.14", + "usr/lib/libnghttp2.so.14.28.4" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "npth@1.8-r0", + "Name": "npth", + "Identifier": { + "PURL": "pkg:apk/alpine/npth@1.8-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "73135ebdb90cc0ab" + }, + "Version": "1.8-r0", + "Arch": "x86_64", + "SrcName": "npth", + "SrcVersion": "1.8-r0", + "Licenses": [ + "LGPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:45c2d6ed25cdc77d9e450e8e641805bf12e14bd2", + "InstalledFiles": [ + "usr/lib/libnpth.so.0", + "usr/lib/libnpth.so.0.3.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "openssh-keygen@10.0_p1-r10", + "Name": "openssh-keygen", + "Identifier": { + "PURL": "pkg:apk/alpine/openssh-keygen@10.0_p1-r10?arch=x86_64\u0026distro=3.22.3", + "UID": "5cc9c3878b3b4135" + }, + "Version": "10.0_p1-r10", + "Arch": "x86_64", + "SrcName": "openssh", + "SrcVersion": "10.0_p1-r10", + "Licenses": [ + "SSH-OpenSSH" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcrypto3@3.5.5-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:6872859bfccc9800f978efefdc8ab1a11cef7405", + "InstalledFiles": [ + "usr/bin/ssh-keygen" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "p11-kit@0.25.5-r2", + "Name": "p11-kit", + "Identifier": { + "PURL": "pkg:apk/alpine/p11-kit@0.25.5-r2?arch=x86_64\u0026distro=3.22.3", + "UID": "fb995d433d340301" + }, + "Version": "0.25.5-r2", + "Arch": "x86_64", + "SrcName": "p11-kit", + "SrcVersion": "0.25.5-r2", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Patrycja Rosa \u003calpine@ptrcnull.me\u003e", + "DependsOn": [ + "libffi@3.4.8-r0", + "libtasn1@4.21.0-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:755b408e886fdbf4428612a6f47dfadf9a8513f7", + "InstalledFiles": [ + "etc/pkcs11/pkcs11.conf.example", + "usr/bin/p11-kit", + "usr/lib/libp11-kit.so.0", + "usr/lib/libp11-kit.so.0.4.1", + "usr/libexec/p11-kit/p11-kit-remote", + "usr/libexec/p11-kit/trust-extract-compat" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "pcre2@10.46-r0", + "Name": "pcre2", + "Identifier": { + "PURL": "pkg:apk/alpine/pcre2@10.46-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "5122fda3f4fd0f49" + }, + "Version": "10.46-r0", + "Arch": "x86_64", + "SrcName": "pcre2", + "SrcVersion": "10.46-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:8237724bdc50c57c16e64eb0d522d85abc500d10", + "InstalledFiles": [ + "usr/lib/libpcre2-8.so.0", + "usr/lib/libpcre2-8.so.0.14.0", + "usr/lib/libpcre2-posix.so.3", + "usr/lib/libpcre2-posix.so.3.0.6" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "pinentry@1.3.1-r0", + "Name": "pinentry", + "Identifier": { + "PURL": "pkg:apk/alpine/pinentry@1.3.1-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "b44d7d7e47279be" + }, + "Version": "1.3.1-r0", + "Arch": "x86_64", + "SrcName": "pinentry", + "SrcVersion": "1.3.1-r0", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r20", + "libassuan@2.5.7-r0", + "libgpg-error@1.55-r0", + "libncursesw@6.5_p20250503-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:f8fb731ee4d791e846261457bdd2ae485cd0f8ff", + "InstalledFiles": [ + "usr/bin/pinentry-curses" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "readline@8.2.13-r1", + "Name": "readline", + "Identifier": { + "PURL": "pkg:apk/alpine/readline@8.2.13-r1?arch=x86_64\u0026distro=3.22.3", + "UID": "37d71f5ec630233b" + }, + "Version": "8.2.13-r1", + "Arch": "x86_64", + "SrcName": "readline", + "SrcVersion": "8.2.13-r1", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Celeste \u003ccielesti@protonmail.com\u003e", + "DependsOn": [ + "libncursesw@6.5_p20250503-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:d305640121793fd79a7636ed10fcc6cb10155e38", + "InstalledFiles": [ + "etc/inputrc", + "usr/lib/libreadline.so.8", + "usr/lib/libreadline.so.8.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "scanelf@1.3.8-r1", + "Name": "scanelf", + "Identifier": { + "PURL": "pkg:apk/alpine/scanelf@1.3.8-r1?arch=x86_64\u0026distro=3.22.3", + "UID": "be156a8575875ef7" + }, + "Version": "1.3.8-r1", + "Arch": "x86_64", + "SrcName": "pax-utils", + "SrcVersion": "1.3.8-r1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "Digest": "sha1:bd6dd1c820d476bcdf8ee38f003bcf2a73323b13", + "InstalledFiles": [ + "usr/bin/scanelf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "sqlite-libs@3.49.2-r1", + "Name": "sqlite-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/sqlite-libs@3.49.2-r1?arch=x86_64\u0026distro=3.22.3", + "UID": "a525f82829f5678f" + }, + "Version": "3.49.2-r1", + "Arch": "x86_64", + "SrcName": "sqlite", + "SrcVersion": "3.49.2-r1", + "Licenses": [ + "blessing" + ], + "Maintainer": "Celeste \u003ccielesti@protonmail.com\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:cb31ad275293ff9e705f41d1c8626e771a589e45", + "InstalledFiles": [ + "usr/lib/libsqlite3.so.0", + "usr/lib/libsqlite3.so.3.49.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ssl_client@1.37.0-r20", + "Name": "ssl_client", + "Identifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r20?arch=x86_64\u0026distro=3.22.3", + "UID": "9f2fd2c2f40578a7" + }, + "Version": "1.37.0-r20", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r20", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "libcrypto3@3.5.5-r0", + "libssl3@3.5.5-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "Digest": "sha1:8bdfbaab4c99a5d77844ca989971c87161126784", + "InstalledFiles": [ + "usr/bin/ssl_client" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "xz-libs@5.8.1-r0", + "Name": "xz-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/xz-libs@5.8.1-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "8bd18e17467b35f2" + }, + "Version": "5.8.1-r0", + "Arch": "x86_64", + "SrcName": "xz", + "SrcVersion": "5.8.1-r0", + "Licenses": [ + "GPL-2.0-or-later", + "0BSD", + "Public-Domain", + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:fdcdb7d0dc44dd546165ae313122b01d6a20f931", + "InstalledFiles": [ + "usr/lib/liblzma.so.5", + "usr/lib/liblzma.so.5.8.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "zlib@1.3.1-r2", + "Name": "zlib", + "Identifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.22.3", + "UID": "23095b6210429e11" + }, + "Version": "1.3.1-r2", + "Arch": "x86_64", + "SrcName": "zlib", + "SrcVersion": "1.3.1-r2", + "Licenses": [ + "Zlib" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "Digest": "sha1:bf7d90d89e5429c18167b91ab8d7e6256cfc7fdf", + "InstalledFiles": [ + "usr/lib/libz.so.1", + "usr/lib/libz.so.1.3.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "zstd-libs@1.5.7-r0", + "Name": "zstd-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/zstd-libs@1.5.7-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "cd528bce493c7221" + }, + "Version": "1.5.7-r0", + "Arch": "x86_64", + "SrcName": "zstd", + "SrcVersion": "1.5.7-r0", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "Digest": "sha1:50c83112b5619f48d36d69190a4cb7c71f15c7d2", + "InstalledFiles": [ + "usr/lib/libzstd.so.1", + "usr/lib/libzstd.so.1.5.7" + ], + "AnalyzedBy": "apk" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2026-33845", + "PkgID": "gnutls@3.8.12-r0", + "PkgName": "gnutls", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/gnutls@3.8.12-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "67fc64258c96d1b" + }, + "InstalledVersion": "3.8.12-r0", + "FixedVersion": "3.8.13-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33845", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:bdf79e241138d8d4c75b799d86031560fb0542a1054688b4f0ebde2b9659d756", + "Title": "gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment", + "Description": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-191" + ], + "VendorSeverity": { + "azure": 3, + "nvd": 4, + "photon": 4, + "redhat": 3, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:13274", + "https://access.redhat.com/security/cve/CVE-2026-33845", + "https://bugzilla.redhat.com/show_bug.cgi?id=2450624", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33845", + "https://ubuntu.com/security/notices/USN-8284-1", + "https://www.cve.org/CVERecord?id=CVE-2026-33845", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-3" + ], + "PublishedDate": "2026-04-30T18:16:28.003Z", + "LastModifiedDate": "2026-05-05T03:03:19.247Z" + }, + { + "VulnerabilityID": "CVE-2026-42010", + "PkgID": "gnutls@3.8.12-r0", + "PkgName": "gnutls", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/gnutls@3.8.12-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "67fc64258c96d1b" + }, + "InstalledVersion": "3.8.12-r0", + "FixedVersion": "3.8.13-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42010", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:264cce4c3c12bac722771060fb8cc862abd80807a7512da45827058b0f8deb60", + "Title": "gnutls: gnutls: Authentication Bypass via NUL Character in Username", + "Description": "A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-626" + ], + "VendorSeverity": { + "nvd": 4, + "photon": 4, + "redhat": 3, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:13274", + "https://access.redhat.com/security/cve/CVE-2026-42010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2467289", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42010", + "https://ubuntu.com/security/notices/USN-8284-1", + "https://www.cve.org/CVERecord?id=CVE-2026-42010", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-4" + ], + "PublishedDate": "2026-05-07T12:16:17.977Z", + "LastModifiedDate": "2026-05-14T23:16:36.52Z" + }, + { + "VulnerabilityID": "CVE-2026-33846", + "PkgID": "gnutls@3.8.12-r0", + "PkgName": "gnutls", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/gnutls@3.8.12-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "67fc64258c96d1b" + }, + "InstalledVersion": "3.8.12-r0", + "FixedVersion": "3.8.13-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33846", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:9da6cfd5dd6c1291eb82d319871ff4ff31641281f819d3a2899042a5a55e3235", + "Title": "gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly", + "Description": "A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-130" + ], + "VendorSeverity": { + "redhat": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:13274", + "https://access.redhat.com/security/cve/CVE-2026-33846", + "https://bugzilla.redhat.com/show_bug.cgi?id=2450625", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33846", + "https://ubuntu.com/security/notices/USN-8284-1", + "https://www.cve.org/CVERecord?id=CVE-2026-33846", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-1" + ], + "PublishedDate": "2026-05-04T10:15:59.69Z", + "LastModifiedDate": "2026-05-04T15:22:52.85Z" + }, + { + "VulnerabilityID": "CVE-2026-3833", + "PkgID": "gnutls@3.8.12-r0", + "PkgName": "gnutls", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/gnutls@3.8.12-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "67fc64258c96d1b" + }, + "InstalledVersion": "3.8.12-r0", + "FixedVersion": "3.8.13-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3833", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:23836401c8781c0f0d260142609cba6466b439f51b51743d978fe24543140e69", + "Title": "gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison", + "Description": "A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-178" + ], + "VendorSeverity": { + "nvd": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:13274", + "https://access.redhat.com/security/cve/CVE-2026-3833", + "https://bugzilla.redhat.com/show_bug.cgi?id=2445763", + "https://gitlab.com/gnutls/gnutls/-/issues/1803", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3833", + "https://ubuntu.com/security/notices/USN-8284-1", + "https://www.cve.org/CVERecord?id=CVE-2026-3833", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-5" + ], + "PublishedDate": "2026-04-30T18:16:30.577Z", + "LastModifiedDate": "2026-05-07T02:09:04.47Z" + }, + { + "VulnerabilityID": "CVE-2026-42009", + "PkgID": "gnutls@3.8.12-r0", + "PkgName": "gnutls", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/gnutls@3.8.12-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "67fc64258c96d1b" + }, + "InstalledVersion": "3.8.12-r0", + "FixedVersion": "3.8.13-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42009", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:9624632bbae6a6f0f55a8dd2f10d7776fdfd362c2c37ee70c91985f49f3f6e1e", + "Title": "gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability", + "Description": "A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-475" + ], + "VendorSeverity": { + "redhat": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-42009", + "https://bugzilla.redhat.com/show_bug.cgi?id=2467279", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42009", + "https://ubuntu.com/security/notices/USN-8284-1", + "https://www.cve.org/CVERecord?id=CVE-2026-42009", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-2" + ], + "PublishedDate": "2026-05-18T13:16:32.707Z", + "LastModifiedDate": "2026-05-18T19:32:38.777Z" + }, + { + "VulnerabilityID": "CVE-2026-42011", + "PkgID": "gnutls@3.8.12-r0", + "PkgName": "gnutls", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/gnutls@3.8.12-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "67fc64258c96d1b" + }, + "InstalledVersion": "3.8.12-r0", + "FixedVersion": "3.8.13-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42011", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:0ca22261bdf7a67b2907ab666f9229014861384d1431546a60cc048722eb8f8b", + "Title": "gnutls: gnutls: Security bypass due to incorrect name constraint handling", + "Description": "A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:13274", + "https://access.redhat.com/security/cve/CVE-2026-42011", + "https://bugzilla.redhat.com/show_bug.cgi?id=2467437", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42011", + "https://ubuntu.com/security/notices/USN-8284-1", + "https://www.cve.org/CVERecord?id=CVE-2026-42011", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-6" + ], + "PublishedDate": "2026-05-07T15:16:09.76Z", + "LastModifiedDate": "2026-05-14T23:16:36.667Z" + }, + { + "VulnerabilityID": "CVE-2026-42012", + "PkgID": "gnutls@3.8.12-r0", + "PkgName": "gnutls", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/gnutls@3.8.12-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "67fc64258c96d1b" + }, + "InstalledVersion": "3.8.12-r0", + "FixedVersion": "3.8.13-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42012", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ba5bd6e65ad3196aff668ee8f1a04949052f4fee917f7a09a26035d2064a3d89", + "Description": "Certificates containing URI or SRV Subject Alternative Names would fall back to checking DNS hostnames against Common Name, allowing potential misuse of such certificates beyond their original purpose.", + "Severity": "MEDIUM", + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "https://ubuntu.com/security/notices/USN-8284-1", + "https://www.cve.org/CVERecord?id=CVE-2026-42012", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-7" + ] + }, + { + "VulnerabilityID": "CVE-2026-42013", + "PkgID": "gnutls@3.8.12-r0", + "PkgName": "gnutls", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/gnutls@3.8.12-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "67fc64258c96d1b" + }, + "InstalledVersion": "3.8.12-r0", + "FixedVersion": "3.8.13-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42013", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:9394da35d85c1e48bb1cd4ca357d490af46212f171ccd85b02894f34c1512985", + "Description": "Validation of certificates with oversized Subject Alternative Names would fall back to checking DNS hostnames against Common Name.", + "Severity": "MEDIUM", + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "https://ubuntu.com/security/notices/USN-8284-1", + "https://www.cve.org/CVERecord?id=CVE-2026-42013", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-8" + ] + }, + { + "VulnerabilityID": "CVE-2026-42014", + "PkgID": "gnutls@3.8.12-r0", + "PkgName": "gnutls", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/gnutls@3.8.12-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "67fc64258c96d1b" + }, + "InstalledVersion": "3.8.12-r0", + "FixedVersion": "3.8.13-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42014", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:728884f160b267fa6632b1e0748519ca2bcfdefc97075627ed6f7b110b3160da", + "Description": "Changing the Security Officer PIN with gnutls_pkcs11_token_set_pin() with oldpin == NULL for a token lacking a protected authentication path led to a use-after-free.", + "Severity": "MEDIUM", + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "https://ubuntu.com/security/notices/USN-8284-1", + "https://www.cve.org/CVERecord?id=CVE-2026-42014", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-9" + ] + }, + { + "VulnerabilityID": "CVE-2026-42015", + "PkgID": "gnutls@3.8.12-r0", + "PkgName": "gnutls", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/gnutls@3.8.12-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "67fc64258c96d1b" + }, + "InstalledVersion": "3.8.12-r0", + "FixedVersion": "3.8.13-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42015", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:f552beac406e6b1c99c5c1c4fb0455f2248388d7f7e590bebe6bc9254a6cf242", + "Description": "Appending to a PKCS#12 bag that already contained 32 elements could write past the bag's internal array.", + "Severity": "MEDIUM", + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "https://ubuntu.com/security/notices/USN-8284-1", + "https://www.cve.org/CVERecord?id=CVE-2026-42015", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-11" + ] + }, + { + "VulnerabilityID": "CVE-2026-5260", + "PkgID": "gnutls@3.8.12-r0", + "PkgName": "gnutls", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/gnutls@3.8.12-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "67fc64258c96d1b" + }, + "InstalledVersion": "3.8.12-r0", + "FixedVersion": "3.8.13-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5260", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:06faf058c768a40b4757da46b9e49c174d956cb3729a4d03d708d53f64360d87", + "Description": "For a server using an RSA key backed by a PKCS#11 token, a client sending an extremely short premaster secret during an RSA key exchange could trigger a short heap overread.", + "Severity": "MEDIUM", + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "https://ubuntu.com/security/notices/USN-8284-1", + "https://www.cve.org/CVERecord?id=CVE-2026-5260", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-10" + ] + }, + { + "VulnerabilityID": "CVE-2026-5419", + "PkgID": "gnutls@3.8.12-r0", + "PkgName": "gnutls", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/gnutls@3.8.12-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "67fc64258c96d1b" + }, + "InstalledVersion": "3.8.12-r0", + "FixedVersion": "3.8.13-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5419", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:8bb75fc6489f3872b8c3244319d02fffe646ebc31cfefd3c3a558af18cd4b5dc", + "Description": "The PKCS#7 padding check performed during decryption was not constant-time, potentially leaking information about the padding bytes through timing differences.", + "Severity": "MEDIUM", + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "https://ubuntu.com/security/notices/USN-8284-1", + "https://www.cve.org/CVERecord?id=CVE-2026-5419", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-13" + ] + }, + { + "VulnerabilityID": "CVE-2026-31789", + "PkgID": "libcrypto3@3.5.5-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "ed0ef3c0494f7b12" + }, + "InstalledVersion": "3.5.5-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:d2ecf2fc357c3d929e01a1749f12baaadd3e8683ad277d19c0f16e27900f7c77", + "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", + "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "nvd": 4, + "photon": 4, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 5.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31789", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-j79m-9jxq-788r", + "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", + "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", + "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", + "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", + "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31789", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.617Z", + "LastModifiedDate": "2026-05-12T13:17:34.57Z" + }, + { + "VulnerabilityID": "CVE-2026-28387", + "PkgID": "libcrypto3@3.5.5-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "ed0ef3c0494f7b12" + }, + "InstalledVersion": "3.5.5-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:9b0ad412153160963a83a17f90f3cfb063a1ed815e5f4036f82004c40edb6153", + "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", + "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28387", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", + "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", + "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", + "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", + "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28387", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.7Z", + "LastModifiedDate": "2026-05-12T13:17:33.27Z" + }, + { + "VulnerabilityID": "CVE-2026-28388", + "PkgID": "libcrypto3@3.5.5-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "ed0ef3c0494f7b12" + }, + "InstalledVersion": "3.5.5-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:09cef8b6c53adc1bbdef396dac41e0773faf2bb570a4c502852c5d04f4b3096c", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", + "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28388", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", + "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", + "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", + "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", + "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28388", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.863Z", + "LastModifiedDate": "2026-05-12T13:17:33.453Z" + }, + { + "VulnerabilityID": "CVE-2026-28389", + "PkgID": "libcrypto3@3.5.5-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "ed0ef3c0494f7b12" + }, + "InstalledVersion": "3.5.5-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:a0a233624da77ad604d827bdcbe04acc23a825ffa322cdb7f3307137f5b75f6a", + "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28389", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/advisories/GHSA-7x88-9hgc-69gf", + "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", + "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", + "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", + "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", + "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28389", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.03Z", + "LastModifiedDate": "2026-05-12T13:17:33.637Z" + }, + { + "VulnerabilityID": "CVE-2026-28390", + "PkgID": "libcrypto3@3.5.5-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "ed0ef3c0494f7b12" + }, + "InstalledVersion": "3.5.5-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:16c2cc152cd01d493300539eecfd1010538012b4810327399711cb9f339a0fd0", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28390", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", + "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", + "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", + "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", + "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28390", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.19Z", + "LastModifiedDate": "2026-05-12T13:17:33.81Z" + }, + { + "VulnerabilityID": "CVE-2026-2673", + "PkgID": "libcrypto3@3.5.5-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "ed0ef3c0494f7b12" + }, + "InstalledVersion": "3.5.5-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2673", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:cb5dab7426ea33c7ed5038d2d09a6faabdc6e60df94846b6830126e53deea196", + "Title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group", + "Description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-757" + ], + "VendorSeverity": { + "amazon": 1, + "julia": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/13/3", + "https://access.redhat.com/security/cve/CVE-2026-2673", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-wj64-gh9j-xm82", + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", + "https://openssl-library.org/news/secadv/20260313.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-2673" + ], + "PublishedDate": "2026-03-13T19:54:34.033Z", + "LastModifiedDate": "2026-05-18T20:16:37.763Z" + }, + { + "VulnerabilityID": "CVE-2026-31790", + "PkgID": "libcrypto3@3.5.5-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "ed0ef3c0494f7b12" + }, + "InstalledVersion": "3.5.5-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:0eb9cb7f3dfae1e2fcd5ea7b70f78eeab1875c50b05ac2ee693452ea8bb916ca", + "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", + "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31790", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", + "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", + "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", + "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", + "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", + "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31790", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.77Z", + "LastModifiedDate": "2026-05-12T13:17:34.75Z" + }, + { + "VulnerabilityID": "CVE-2026-32776", + "PkgID": "libexpat@2.7.4-r0", + "PkgName": "libexpat", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libexpat@2.7.4-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "3880c6da81ca34e8" + }, + "InstalledVersion": "2.7.4-r0", + "FixedVersion": "2.7.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32776", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:0cc612974c9b74e93b306a08845e73ef5f8bfd2e58d73833a57f228a910419df", + "Title": "libexpat: libexpat: Denial of Service due to NULL pointer dereference", + "Description": "libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.2 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32776", + "https://github.com/libexpat/libexpat/pull/1158", + "https://github.com/libexpat/libexpat/pull/1159", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32776", + "https://www.cve.org/CVERecord?id=CVE-2026-32776" + ], + "PublishedDate": "2026-03-16T14:19:44.6Z", + "LastModifiedDate": "2026-03-17T15:52:09.023Z" + }, + { + "VulnerabilityID": "CVE-2026-32777", + "PkgID": "libexpat@2.7.4-r0", + "PkgName": "libexpat", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libexpat@2.7.4-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "3880c6da81ca34e8" + }, + "InstalledVersion": "2.7.4-r0", + "FixedVersion": "2.7.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32777", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:93951fc94218dcb7c35789ced16d777705cd26ae66060d7e825fe3ffa75acbd8", + "Title": "libexpat: libexpat: Denial of Service via infinite loop in DTD content parsing", + "Description": "libexpat before 2.7.5 allows an infinite loop while parsing DTD content.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32777", + "https://github.com/libexpat/libexpat/issues/1161", + "https://github.com/libexpat/libexpat/pull/1159", + "https://github.com/libexpat/libexpat/pull/1162", + "https://issues.oss-fuzz.com/issues/486993411", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32777", + "https://www.cve.org/CVERecord?id=CVE-2026-32777" + ], + "PublishedDate": "2026-03-16T14:19:44.78Z", + "LastModifiedDate": "2026-03-17T15:52:34.357Z" + }, + { + "VulnerabilityID": "CVE-2026-32778", + "PkgID": "libexpat@2.7.4-r0", + "PkgName": "libexpat", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libexpat@2.7.4-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "3880c6da81ca34e8" + }, + "InstalledVersion": "2.7.4-r0", + "FixedVersion": "2.7.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32778", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:5d2091ef346c5e39af796766cb7af175f6d503dd6744d635548d2b12944a66f6", + "Title": "libexpat: libexpat: Denial of Service via NULL pointer dereference after out-of-memory condition", + "Description": "libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32778", + "https://github.com/libexpat/libexpat/pull/1159", + "https://github.com/libexpat/libexpat/pull/1163", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32778", + "https://www.cve.org/CVERecord?id=CVE-2026-32778" + ], + "PublishedDate": "2026-03-16T14:19:44.97Z", + "LastModifiedDate": "2026-03-17T15:52:53.16Z" + }, + { + "VulnerabilityID": "CVE-2026-31789", + "PkgID": "libssl3@3.5.5-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "1bea070325a2bc82" + }, + "InstalledVersion": "3.5.5-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:be634179647d2d6bf28bd7650859577d3856be24ca1e407408b075af498be6f5", + "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", + "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "nvd": 4, + "photon": 4, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 5.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31789", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-j79m-9jxq-788r", + "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", + "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", + "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", + "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", + "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31789", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.617Z", + "LastModifiedDate": "2026-05-12T13:17:34.57Z" + }, + { + "VulnerabilityID": "CVE-2026-28387", + "PkgID": "libssl3@3.5.5-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "1bea070325a2bc82" + }, + "InstalledVersion": "3.5.5-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:049ea0fd359bbb21b9ec368226288bc864c03f3947393386c75becb97c8f9b0c", + "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", + "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28387", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", + "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", + "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", + "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", + "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28387", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.7Z", + "LastModifiedDate": "2026-05-12T13:17:33.27Z" + }, + { + "VulnerabilityID": "CVE-2026-28388", + "PkgID": "libssl3@3.5.5-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "1bea070325a2bc82" + }, + "InstalledVersion": "3.5.5-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:3e6aa5f4563a463c85e4da935432615145301baa1db2d407fa23a05acb843d60", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", + "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28388", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", + "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", + "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", + "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", + "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28388", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.863Z", + "LastModifiedDate": "2026-05-12T13:17:33.453Z" + }, + { + "VulnerabilityID": "CVE-2026-28389", + "PkgID": "libssl3@3.5.5-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "1bea070325a2bc82" + }, + "InstalledVersion": "3.5.5-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ddc36e8bac9281fc869c307d239c9e08d5cc96f81b43389a1fad958738ce108b", + "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28389", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/advisories/GHSA-7x88-9hgc-69gf", + "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", + "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", + "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", + "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", + "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28389", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.03Z", + "LastModifiedDate": "2026-05-12T13:17:33.637Z" + }, + { + "VulnerabilityID": "CVE-2026-28390", + "PkgID": "libssl3@3.5.5-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "1bea070325a2bc82" + }, + "InstalledVersion": "3.5.5-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:8b9bab504c4ea9f3882f4deebbb91277243933f4b3dff33673bd65d46ecf1649", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28390", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", + "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", + "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", + "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", + "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28390", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.19Z", + "LastModifiedDate": "2026-05-12T13:17:33.81Z" + }, + { + "VulnerabilityID": "CVE-2026-2673", + "PkgID": "libssl3@3.5.5-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "1bea070325a2bc82" + }, + "InstalledVersion": "3.5.5-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2673", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:5fc45d73145f34ca02e0e99914e1b435eb08c49a5dff44c4dc431a09953fee44", + "Title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group", + "Description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-757" + ], + "VendorSeverity": { + "amazon": 1, + "julia": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/13/3", + "https://access.redhat.com/security/cve/CVE-2026-2673", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-wj64-gh9j-xm82", + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", + "https://openssl-library.org/news/secadv/20260313.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-2673" + ], + "PublishedDate": "2026-03-13T19:54:34.033Z", + "LastModifiedDate": "2026-05-18T20:16:37.763Z" + }, + { + "VulnerabilityID": "CVE-2026-31790", + "PkgID": "libssl3@3.5.5-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "1bea070325a2bc82" + }, + "InstalledVersion": "3.5.5-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:9270ffa7e75a9db08122818b50397c6efb37d67692422c588fd0555622889608", + "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", + "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31790", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", + "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", + "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", + "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", + "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", + "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31790", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.77Z", + "LastModifiedDate": "2026-05-12T13:17:34.75Z" + }, + { + "VulnerabilityID": "CVE-2026-40200", + "PkgID": "musl@1.2.5-r10", + "PkgName": "musl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r10?arch=x86_64\u0026distro=3.22.3", + "UID": "55e7e479f5580f45" + }, + "InstalledVersion": "1.2.5-r10", + "FixedVersion": "1.2.5-r12", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:43afa579712c03c64f9c2272098fb76d56d5391f1ebf34ff8a2c63ef6493de2f", + "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", + "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-670" + ], + "VendorSeverity": { + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/10/13", + "https://access.redhat.com/security/cve/CVE-2026-40200", + "https://musl.libc.org/releases.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", + "https://www.cve.org/CVERecord?id=CVE-2026-40200", + "https://www.openwall.com/lists/oss-security/2026/04/10/13" + ], + "PublishedDate": "2026-04-10T17:17:14.107Z", + "LastModifiedDate": "2026-04-27T19:18:46.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6042", + "PkgID": "musl@1.2.5-r10", + "PkgName": "musl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r10?arch=x86_64\u0026distro=3.22.3", + "UID": "55e7e479f5580f45" + }, + "InstalledVersion": "1.2.5-r10", + "FixedVersion": "1.2.5-r11", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:1d95c99a8b94850cd81b35e0f28e89e8d88ff9d26f3e8866077cb0cfc863e1aa", + "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", + "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-404", + "CWE-407" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/09/19", + "https://access.redhat.com/security/cve/CVE-2026-6042", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", + "https://vuldb.com/submit/796352", + "https://vuldb.com/vuln/356620", + "https://vuldb.com/vuln/356620/cti", + "https://www.cve.org/CVERecord?id=CVE-2026-6042", + "https://www.openwall.com/lists/oss-security/2026/04/02/10", + "https://www.openwall.com/lists/oss-security/2026/04/03/2" + ], + "PublishedDate": "2026-04-10T09:16:25.45Z", + "LastModifiedDate": "2026-04-24T18:01:13.913Z" + }, + { + "VulnerabilityID": "CVE-2026-40200", + "PkgID": "musl-utils@1.2.5-r10", + "PkgName": "musl-utils", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r10?arch=x86_64\u0026distro=3.22.3", + "UID": "73256102bfd5faee" + }, + "InstalledVersion": "1.2.5-r10", + "FixedVersion": "1.2.5-r12", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ab510d0f412ca4e0a46924139c6d6d61cf73f74c2a6cdca7022b4061b138202c", + "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", + "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-670" + ], + "VendorSeverity": { + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/10/13", + "https://access.redhat.com/security/cve/CVE-2026-40200", + "https://musl.libc.org/releases.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", + "https://www.cve.org/CVERecord?id=CVE-2026-40200", + "https://www.openwall.com/lists/oss-security/2026/04/10/13" + ], + "PublishedDate": "2026-04-10T17:17:14.107Z", + "LastModifiedDate": "2026-04-27T19:18:46.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6042", + "PkgID": "musl-utils@1.2.5-r10", + "PkgName": "musl-utils", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r10?arch=x86_64\u0026distro=3.22.3", + "UID": "73256102bfd5faee" + }, + "InstalledVersion": "1.2.5-r10", + "FixedVersion": "1.2.5-r11", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ccdacb7232308bac553c7d4624d5104564ab17aef11af4bbd38e0f79d0fd3be2", + "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", + "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-404", + "CWE-407" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/09/19", + "https://access.redhat.com/security/cve/CVE-2026-6042", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", + "https://vuldb.com/submit/796352", + "https://vuldb.com/vuln/356620", + "https://vuldb.com/vuln/356620/cti", + "https://www.cve.org/CVERecord?id=CVE-2026-6042", + "https://www.openwall.com/lists/oss-security/2026/04/02/10", + "https://www.openwall.com/lists/oss-security/2026/04/03/2" + ], + "PublishedDate": "2026-04-10T09:16:25.45Z", + "LastModifiedDate": "2026-04-24T18:01:13.913Z" + }, + { + "VulnerabilityID": "CVE-2026-27135", + "PkgID": "nghttp2-libs@1.65.0-r0", + "PkgName": "nghttp2-libs", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/nghttp2-libs@1.65.0-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "9a7f544dd9c7674" + }, + "InstalledVersion": "1.65.0-r0", + "FixedVersion": "1.68.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27135", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:802df03a9353ea29ea8733367af7701142c9a652bbab793272db18002050aee6", + "Title": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination", + "Description": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-617" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/20/3", + "https://access.redhat.com/errata/RHSA-2026:7896", + "https://access.redhat.com/security/cve/CVE-2026-27135", + "https://bugzilla.redhat.com/2441268", + "https://bugzilla.redhat.com/2442922", + "https://bugzilla.redhat.com/2448754", + "https://bugzilla.redhat.com/2453151", + "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", + "https://errata.almalinux.org/9/ALSA-2026-7896.html", + "https://errata.rockylinux.org/RLSA-2026:7668", + "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1", + "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6", + "https://linux.oracle.com/cve/CVE-2026-27135.html", + "https://linux.oracle.com/errata/ELSA-2026-8339.html", + "https://lists.debian.org/debian-lts-announce/2026/05/msg00025.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27135", + "https://ubuntu.com/security/notices/USN-8233-1", + "https://ubuntu.com/security/notices/USN-8233-2", + "https://www.cve.org/CVERecord?id=CVE-2026-27135" + ], + "PublishedDate": "2026-03-18T18:16:26.723Z", + "LastModifiedDate": "2026-05-13T22:16:42.337Z" + }, + { + "VulnerabilityID": "CVE-2026-34743", + "PkgID": "xz-libs@5.8.1-r0", + "PkgName": "xz-libs", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/xz-libs@5.8.1-r0?arch=x86_64\u0026distro=3.22.3", + "UID": "8bd18e17467b35f2" + }, + "InstalledVersion": "5.8.1-r0", + "FixedVersion": "5.8.3-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", + "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34743", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:211ea29ca499d86ee48931936edc92682a7aed1406746fb43d43240ba5722546", + "Title": "xz: XZ Utils: Denial of Service via buffer overflow in index decoding", + "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/31/13", + "https://access.redhat.com/security/cve/CVE-2026-34743", + "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", + "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", + "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", + "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", + "https://www.cve.org/CVERecord?id=CVE-2026-34743" + ], + "PublishedDate": "2026-04-02T19:21:33.187Z", + "LastModifiedDate": "2026-04-15T17:33:17.68Z" + }, + { + "VulnerabilityID": "CVE-2026-22184", + "PkgID": "zlib@1.3.1-r2", + "PkgName": "zlib", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.22.3", + "UID": "23095b6210429e11" + }, + "InstalledVersion": "1.3.1-r2", + "FixedVersion": "1.3.2-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22184", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:e7d4426f62c0daddea1e5dbc5ddea15667bc07e867676a895f8c54a60d36a617", + "Title": "zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility", + "Description": "zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "nvd": 3, + "redhat": 3 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 8.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-22184", + "https://github.com/madler/zlib", + "https://github.com/madler/zlib/issues/1142", + "https://nvd.nist.gov/vuln/detail/CVE-2026-22184", + "https://seclists.org/fulldisclosure/2026/Jan/3", + "https://www.cve.org/CVERecord?id=CVE-2026-22184", + "https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname", + "https://zlib.net/" + ], + "PublishedDate": "2026-01-07T21:16:01.563Z", + "LastModifiedDate": "2026-03-18T16:26:31.14Z" + }, + { + "VulnerabilityID": "CVE-2026-27171", + "PkgID": "zlib@1.3.1-r2", + "PkgName": "zlib", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.22.3", + "UID": "23095b6210429e11" + }, + "InstalledVersion": "1.3.1-r2", + "FixedVersion": "1.3.2-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", + "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:c46dc11f46382d99d09b989c40591aada072802649b54e6cda41d56b73a3b33d", + "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", + "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1284" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 1, + "cbl-mariner": 1, + "julia": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://access.redhat.com/security/cve/CVE-2026-27171", + "https://github.com/advisories/GHSA-h858-mf2m-8jf4", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "https://ostif.org/zlib-audit-complete", + "https://ostif.org/zlib-audit-complete/", + "https://www.cve.org/CVERecord?id=CVE-2026-27171" + ], + "PublishedDate": "2026-02-18T04:16:01.263Z", + "LastModifiedDate": "2026-03-25T21:27:04.603Z" + } + ] + }, + { + "Target": "app/gitea/gitea", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "code.gitea.io/gitea@v1.25.5", + "Name": "code.gitea.io/gitea", + "Identifier": { + "PURL": "pkg:golang/code.gitea.io/gitea@v1.25.5", + "UID": "ee9ef9432b153018" + }, + "Version": "v1.25.5", + "Relationship": "root", + "DependsOn": [ + "cloud.google.com/go/compute/metadata@v0.8.0", + "code.gitea.io/actions-proto-go@v0.4.1", + "code.gitea.io/sdk/gitea@v0.22.0", + "codeberg.org/gusted/mcaptcha@v0.0.0-20220723083913-4f3072e1d570", + "connectrpc.com/connect@v1.18.1", + "dario.cat/mergo@v1.0.2", + "filippo.io/edwards25519@v1.1.0", + "gitea.com/gitea/act@v0.261.7-0.20251003180512-ac6e4b751763", + "gitea.com/gitea/go-xsd-duration@v0.0.0-20220703122237-02e73435a078", + "gitea.com/go-chi/binding@v0.0.0-20240430071103-39a851e106ed", + "gitea.com/go-chi/cache@v0.2.1", + "gitea.com/go-chi/captcha@v0.0.0-20240315150714-fb487f629098", + "gitea.com/go-chi/session@v0.0.0-20240316035857-16768d98ec96", + "gitea.com/lunny/dingtalk_webhook@v0.0.0-20171025031554-e3534c89ef96", + "gitea.com/lunny/levelqueue@v0.4.2-0.20230414023320-3c0159fe0fe4", + "github.com/42wim/httpsig@v1.2.3", + "github.com/42wim/sshsig@v0.0.0-20250502153856-5100632e8920", + "github.com/6543/go-version@v1.3.1", + "github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.19.0", + "github.com/Azure/azure-sdk-for-go/sdk/internal@v1.11.2", + "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob@v1.6.2", + "github.com/Azure/go-ntlmssp@v0.0.0-20221128193559-754e69321358", + "github.com/DataDog/zstd@v1.5.7", + "github.com/Necoro/html2text@v0.0.0-20250804200300-7bf1ce1c7347", + "github.com/ProtonMail/go-crypto@v1.3.0", + "github.com/RoaringBitmap/roaring/v2@v2.10.0", + "github.com/STARRY-S/zip@v0.2.3", + "github.com/SaveTheRbtz/zstd-seekable-format-go/pkg@v0.8.0", + "github.com/alecthomas/chroma/v2@v2.20.0", + "github.com/andybalholm/brotli@v1.2.0", + "github.com/anmitsu/go-shlex@v0.0.0-20200514113438-38f4b401e2be", + "github.com/aws/aws-sdk-go-v2/credentials@v1.18.10", + "github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.6", + "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.6", + "github.com/aws/aws-sdk-go-v2/service/codecommit@v1.32.2", + "github.com/aws/aws-sdk-go-v2@v1.38.3", + "github.com/aws/smithy-go@v1.23.0", + "github.com/aymerick/douceur@v0.2.0", + "github.com/beorn7/perks@v1.0.1", + "github.com/bits-and-blooms/bitset@v1.24.0", + "github.com/blakesmith/ar@v0.0.0-20190502131153-809d4375e1fb", + "github.com/blevesearch/bleve/v2@v2.5.3", + "github.com/blevesearch/bleve_index_api@v1.2.9", + "github.com/blevesearch/geo@v0.2.4", + "github.com/blevesearch/go-porterstemmer@v1.0.3", + "github.com/blevesearch/gtreap@v0.1.1", + "github.com/blevesearch/mmap-go@v1.0.4", + "github.com/blevesearch/scorch_segment_api/v2@v2.3.11", + "github.com/blevesearch/segment@v0.9.1", + "github.com/blevesearch/snowballstem@v0.9.0", + "github.com/blevesearch/upsidedown_store_api@v1.0.2", + "github.com/blevesearch/vellum@v1.1.0", + "github.com/blevesearch/zapx/v11@v11.4.2", + "github.com/blevesearch/zapx/v12@v12.4.2", + "github.com/blevesearch/zapx/v13@v13.4.2", + "github.com/blevesearch/zapx/v14@v14.4.2", + "github.com/blevesearch/zapx/v15@v15.4.2", + "github.com/blevesearch/zapx/v16@v16.2.4", + "github.com/bmatcuk/doublestar/v4@v4.9.1", + "github.com/bodgit/plumbing@v1.3.0", + "github.com/bodgit/sevenzip@v1.6.1", + "github.com/bodgit/windows@v1.0.1", + "github.com/bohde/codel@v0.2.0", + "github.com/boombuler/barcode@v1.1.0", + "github.com/bradfitz/gomemcache@v0.0.0-20250403215159-8d39553ac7cf", + "github.com/buildkite/terminal-to-html/v3@v3.16.8", + "github.com/caddyserver/certmagic@v0.24.0", + "github.com/caddyserver/zerossl@v0.1.3", + "github.com/cention-sany/utf7@v0.0.0-20170124080048-26cad61bd60a", + "github.com/cespare/xxhash/v2@v2.3.0", + "github.com/charmbracelet/git-lfs-transfer@v0.1.1-0.20251013092601-6327009efd21", + "github.com/chi-middleware/proxy@v1.1.1", + "github.com/cloudflare/circl@v1.6.3", + "github.com/couchbase/go-couchbase@v0.1.1", + "github.com/couchbase/gomemcached@v0.3.3", + "github.com/couchbase/goutils@v0.1.2", + "github.com/cpuguy83/go-md2man/v2@v2.0.7", + "github.com/cyphar/filepath-securejoin@v0.4.1", + "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "github.com/dgryski/go-rendezvous@v0.0.0-20200823014737-9f7001d12a5f", + "github.com/dimiro1/reply@v0.0.0-20200315094148-d0136a4c9e21", + "github.com/djherbis/buffer@v1.2.0", + "github.com/djherbis/nio/v3@v3.0.1", + "github.com/dlclark/regexp2@v1.11.5", + "github.com/dsnet/compress@v0.0.2-0.20230904184137-39efe44ab707", + "github.com/dustin/go-humanize@v1.0.1", + "github.com/editorconfig/editorconfig-core-go/v2@v2.6.3", + "github.com/emersion/go-imap@v1.2.1", + "github.com/emersion/go-sasl@v0.0.0-20241020182733-b788ff22d5a6", + "github.com/emirpasic/gods@v1.18.1", + "github.com/ethantkoenig/rupture@v1.0.1", + "github.com/fatih/color@v1.18.0", + "github.com/felixge/fgprof@v0.9.5", + "github.com/fsnotify/fsnotify@v1.9.0", + "github.com/fxamacker/cbor/v2@v2.9.0", + "github.com/git-lfs/pktline@v0.0.0-20230103162542-ca444d533ef1", + "github.com/gliderlabs/ssh@v0.3.8", + "github.com/go-ap/activitypub@v0.0.0-20250810115208-cb73b20a1742", + "github.com/go-ap/errors@v0.0.0-20250527110557-c8db454e53fd", + "github.com/go-ap/jsonld@v0.0.0-20221030091449-f2a191312c73", + "github.com/go-asn1-ber/asn1-ber@v1.5.8-0.20250403174932-29230038a667", + "github.com/go-chi/chi/v5@v5.2.3", + "github.com/go-chi/cors@v1.2.2", + "github.com/go-co-op/gocron@v1.37.0", + "github.com/go-enry/go-enry/v2@v2.9.2", + "github.com/go-fed/httpsig@v1.1.1-0.20201223112313-55836744818e", + "github.com/go-git/gcfg@v1.5.1-0.20230307220236-3a3c6141e376", + "github.com/go-git/go-billy/v5@v5.6.2", + "github.com/go-git/go-git/v5@v5.16.5", + "github.com/go-ini/ini@v1.67.0", + "github.com/go-ldap/ldap/v3@v3.4.11", + "github.com/go-redsync/redsync/v4@v4.13.0", + "github.com/go-sql-driver/mysql@v1.9.3", + "github.com/go-webauthn/webauthn@v0.13.4", + "github.com/go-webauthn/x@v0.1.24", + "github.com/goccy/go-json@v0.10.5", + "github.com/gogs/chardet@v0.0.0-20211120154057-b7413eaefb8f", + "github.com/gogs/go-gogs-client@v0.0.0-20210131175652-1d7215cd8d85", + "github.com/golang-jwt/jwt/v4@v4.5.2", + "github.com/golang-jwt/jwt/v5@v5.3.0", + "github.com/golang-sql/civil@v0.0.0-20220223132316-b832511892a9", + "github.com/golang-sql/sqlexp@v0.1.0", + "github.com/golang/groupcache@v0.0.0-20241129210726-2c02b8208cf8", + "github.com/golang/protobuf@v1.5.4", + "github.com/golang/snappy@v1.0.0", + "github.com/google/btree@v1.1.3", + "github.com/google/flatbuffers@v25.2.10+incompatible", + "github.com/google/go-github/v74@v74.0.0", + "github.com/google/go-querystring@v1.1.0", + "github.com/google/go-tpm@v0.9.5", + "github.com/google/licenseclassifier/v2@v2.0.0", + "github.com/google/pprof@v0.0.0-20250820193118-f64d9cf942d6", + "github.com/google/uuid@v1.6.0", + "github.com/gorilla/css@v1.0.1", + "github.com/gorilla/feeds@v1.2.0", + "github.com/gorilla/mux@v1.8.1", + "github.com/gorilla/securecookie@v1.1.2", + "github.com/gorilla/sessions@v1.4.0", + "github.com/hashicorp/errwrap@v1.1.0", + "github.com/hashicorp/go-cleanhttp@v0.5.2", + "github.com/hashicorp/go-multierror@v1.1.1", + "github.com/hashicorp/go-retryablehttp@v0.7.8", + "github.com/hashicorp/golang-lru/v2@v2.0.7", + "github.com/huandu/xstrings@v1.5.0", + "github.com/jbenet/go-context@v0.0.0-20150711004518-d14ea06fba99", + "github.com/jhillyerd/enmime@v1.3.0", + "github.com/josharian/intern@v1.0.0", + "github.com/json-iterator/go@v1.1.12", + "github.com/kballard/go-shellquote@v0.0.0-20180428030007-95032a82bc51", + "github.com/kevinburke/ssh_config@v1.4.0", + "github.com/klauspost/compress@v1.18.0", + "github.com/klauspost/cpuid/v2@v2.3.0", + "github.com/klauspost/pgzip@v1.2.6", + "github.com/lib/pq@v1.10.9", + "github.com/libdns/libdns@v1.1.1", + "github.com/mailru/easyjson@v0.9.0", + "github.com/markbates/going@v1.0.3", + "github.com/markbates/goth@v1.82.0", + "github.com/mattn/go-colorable@v0.1.14", + "github.com/mattn/go-isatty@v0.0.20", + "github.com/mattn/go-runewidth@v0.0.16", + "github.com/mattn/go-shellwords@v1.0.12", + "github.com/mattn/go-sqlite3@v1.14.32", + "github.com/meilisearch/meilisearch-go@v0.33.2", + "github.com/mholt/acmez/v3@v3.1.2", + "github.com/mholt/archives@v0.1.5-0.20251009205813-e30ac6010726", + "github.com/microcosm-cc/bluemonday@v1.0.27", + "github.com/microsoft/go-mssqldb@v1.9.3", + "github.com/miekg/dns@v1.1.68", + "github.com/mikelolasagasti/xz@v1.0.1", + "github.com/minio/crc64nvme@v1.1.1", + "github.com/minio/md5-simd@v1.1.2", + "github.com/minio/minio-go/v7@v7.0.95", + "github.com/minio/minlz@v1.0.1", + "github.com/mitchellh/mapstructure@v1.5.0", + "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "github.com/modern-go/reflect2@v1.0.2", + "github.com/mrjones/oauth@v0.0.0-20190623134757-126b35219450", + "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "github.com/niklasfasching/go-org@v1.9.1", + "github.com/nwaples/rardecode/v2@v2.2.0", + "github.com/olekukonko/cat@v0.0.0-20250817074551-3280053e4e00", + "github.com/olekukonko/errors@v1.1.0", + "github.com/olekukonko/ll@v0.1.0", + "github.com/olekukonko/tablewriter@v1.0.9", + "github.com/olivere/elastic/v7@v7.0.32", + "github.com/opencontainers/go-digest@v1.0.0", + "github.com/opencontainers/image-spec@v1.1.1", + "github.com/philhofer/fwd@v1.2.0", + "github.com/pierrec/lz4/v4@v4.1.22", + "github.com/pjbgf/sha1cd@v0.4.0", + "github.com/pkg/errors@v0.9.1", + "github.com/pmezard/go-difflib@v1.0.1-0.20181226105442-5d4384ee4fb2", + "github.com/pquerna/otp@v1.5.0", + "github.com/prometheus/client_golang@v1.23.0", + "github.com/prometheus/client_model@v0.6.2", + "github.com/prometheus/common@v0.65.0", + "github.com/prometheus/procfs@v0.17.0", + "github.com/redis/go-redis/v9@v9.12.1", + "github.com/rhysd/actionlint@v1.7.7", + "github.com/rivo/uniseg@v0.4.7", + "github.com/robfig/cron/v3@v3.0.1", + "github.com/rs/xid@v1.6.0", + "github.com/russross/blackfriday/v2@v2.1.0", + "github.com/santhosh-tekuri/jsonschema/v5@v5.3.1", + "github.com/sassoftware/go-rpmutils@v0.4.0", + "github.com/sergi/go-diff@v1.4.0", + "github.com/sirupsen/logrus@v1.9.3", + "github.com/skeema/knownhosts@v1.3.1", + "github.com/sorairolake/lzip-go@v0.3.8", + "github.com/spf13/afero@v1.15.0", + "github.com/ssor/bom@v0.0.0-20170718123548-6386211fdfcf", + "github.com/stretchr/testify@v1.11.1", + "github.com/syndtr/goleveldb@v1.0.0", + "github.com/tinylib/msgp@v1.4.0", + "github.com/tstranex/u2f@v1.0.0", + "github.com/ulikunitz/xz@v0.5.15", + "github.com/unknwon/com@v1.0.1", + "github.com/urfave/cli-docs/v3@v3.0.0-alpha6", + "github.com/urfave/cli/v3@v3.4.1", + "github.com/valyala/fastjson@v1.6.4", + "github.com/wneessen/go-mail@v0.7.2", + "github.com/x448/float16@v0.8.4", + "github.com/xanzy/ssh-agent@v0.3.3", + "github.com/xi2/xz@v0.0.0-20171230120015-48954b6210f8", + "github.com/yohcop/openid-go@v1.0.1", + "github.com/yuin/goldmark-highlighting/v2@v2.0.0-20230729083705-37449abec8cc", + "github.com/yuin/goldmark-meta@v1.1.0", + "github.com/yuin/goldmark@v1.7.13", + "github.com/zeebo/blake3@v0.2.4", + "gitlab.com/gitlab-org/api/client-go@v0.142.4", + "go.etcd.io/bbolt@v1.4.3", + "go.uber.org/atomic@v1.11.0", + "go.uber.org/multierr@v1.11.0", + "go.uber.org/zap/exp@v0.3.0", + "go.uber.org/zap@v1.27.0", + "go4.org@v0.0.0-20230225012048-214862532bf5", + "golang.org/x/crypto@v0.45.0", + "golang.org/x/image@v0.30.0", + "golang.org/x/mod@v0.29.0", + "golang.org/x/net@v0.47.0", + "golang.org/x/oauth2@v0.30.0", + "golang.org/x/sync@v0.18.0", + "golang.org/x/sys@v0.38.0", + "golang.org/x/text@v0.31.0", + "golang.org/x/time@v0.12.0", + "google.golang.org/genproto/googleapis/rpc@v0.0.0-20250826171959-ef028d996bc1", + "google.golang.org/grpc@v1.75.0", + "google.golang.org/protobuf@v1.36.8", + "gopkg.in/ini.v1@v1.67.0", + "gopkg.in/warnings.v0@v0.1.2", + "gopkg.in/yaml.v2@v2.4.0", + "gopkg.in/yaml.v3@v3.0.1", + "mvdan.cc/xurls/v2@v2.6.0", + "stdlib@v1.25.8", + "strk.kbt.io/projects/go/libravatar@v0.0.0-20191008002943-06d1c002b251", + "xorm.io/builder@v0.3.13", + "xorm.io/xorm@v1.3.10" + ], + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "stdlib@v1.25.8", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "48e381d4b7a397b1" + }, + "Version": "v1.25.8", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "cloud.google.com/go/compute/metadata@v0.8.0", + "Name": "cloud.google.com/go/compute/metadata", + "Identifier": { + "PURL": "pkg:golang/cloud.google.com/go/compute/metadata@v0.8.0", + "UID": "a1374c3f58da8f2" + }, + "Version": "v0.8.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "code.gitea.io/actions-proto-go@v0.4.1", + "Name": "code.gitea.io/actions-proto-go", + "Identifier": { + "PURL": "pkg:golang/code.gitea.io/actions-proto-go@v0.4.1", + "UID": "e7d10fcb2ed9beb6" + }, + "Version": "v0.4.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "code.gitea.io/sdk/gitea@v0.22.0", + "Name": "code.gitea.io/sdk/gitea", + "Identifier": { + "PURL": "pkg:golang/code.gitea.io/sdk/gitea@v0.22.0", + "UID": "d1cc0c27e4f8f93f" + }, + "Version": "v0.22.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "codeberg.org/gusted/mcaptcha@v0.0.0-20220723083913-4f3072e1d570", + "Name": "codeberg.org/gusted/mcaptcha", + "Identifier": { + "PURL": "pkg:golang/codeberg.org/gusted/mcaptcha@v0.0.0-20220723083913-4f3072e1d570", + "UID": "86b6f6e56145d90c" + }, + "Version": "v0.0.0-20220723083913-4f3072e1d570", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "connectrpc.com/connect@v1.18.1", + "Name": "connectrpc.com/connect", + "Identifier": { + "PURL": "pkg:golang/connectrpc.com/connect@v1.18.1", + "UID": "bb90c3ef117523ad" + }, + "Version": "v1.18.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "dario.cat/mergo@v1.0.2", + "Name": "dario.cat/mergo", + "Identifier": { + "PURL": "pkg:golang/dario.cat/mergo@v1.0.2", + "UID": "931b76ee6604dbca" + }, + "Version": "v1.0.2", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "filippo.io/edwards25519@v1.1.0", + "Name": "filippo.io/edwards25519", + "Identifier": { + "PURL": "pkg:golang/filippo.io/edwards25519@v1.1.0", + "UID": "81960def009390a4" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gitea.com/gitea/act@v0.261.7-0.20251003180512-ac6e4b751763", + "Name": "gitea.com/gitea/act", + "Identifier": { + "PURL": "pkg:golang/gitea.com/gitea/act@v0.261.7-0.20251003180512-ac6e4b751763", + "UID": "1c3d762b179616e3" + }, + "Version": "v0.261.7-0.20251003180512-ac6e4b751763", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gitea.com/gitea/go-xsd-duration@v0.0.0-20220703122237-02e73435a078", + "Name": "gitea.com/gitea/go-xsd-duration", + "Identifier": { + "PURL": "pkg:golang/gitea.com/gitea/go-xsd-duration@v0.0.0-20220703122237-02e73435a078", + "UID": "11f0beead28b3d99" + }, + "Version": "v0.0.0-20220703122237-02e73435a078", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gitea.com/go-chi/binding@v0.0.0-20240430071103-39a851e106ed", + "Name": "gitea.com/go-chi/binding", + "Identifier": { + "PURL": "pkg:golang/gitea.com/go-chi/binding@v0.0.0-20240430071103-39a851e106ed", + "UID": "12aa68bc2c369c5c" + }, + "Version": "v0.0.0-20240430071103-39a851e106ed", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gitea.com/go-chi/cache@v0.2.1", + "Name": "gitea.com/go-chi/cache", + "Identifier": { + "PURL": "pkg:golang/gitea.com/go-chi/cache@v0.2.1", + "UID": "b0f7913bbccfba39" + }, + "Version": "v0.2.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gitea.com/go-chi/captcha@v0.0.0-20240315150714-fb487f629098", + "Name": "gitea.com/go-chi/captcha", + "Identifier": { + "PURL": "pkg:golang/gitea.com/go-chi/captcha@v0.0.0-20240315150714-fb487f629098", + "UID": "1541aae19f3e388e" + }, + "Version": "v0.0.0-20240315150714-fb487f629098", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gitea.com/go-chi/session@v0.0.0-20240316035857-16768d98ec96", + "Name": "gitea.com/go-chi/session", + "Identifier": { + "PURL": "pkg:golang/gitea.com/go-chi/session@v0.0.0-20240316035857-16768d98ec96", + "UID": "9a89165ee887d9dd" + }, + "Version": "v0.0.0-20240316035857-16768d98ec96", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gitea.com/lunny/dingtalk_webhook@v0.0.0-20171025031554-e3534c89ef96", + "Name": "gitea.com/lunny/dingtalk_webhook", + "Identifier": { + "PURL": "pkg:golang/gitea.com/lunny/dingtalk_webhook@v0.0.0-20171025031554-e3534c89ef96", + "UID": "277bf731faa6664" + }, + "Version": "v0.0.0-20171025031554-e3534c89ef96", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gitea.com/lunny/levelqueue@v0.4.2-0.20230414023320-3c0159fe0fe4", + "Name": "gitea.com/lunny/levelqueue", + "Identifier": { + "PURL": "pkg:golang/gitea.com/lunny/levelqueue@v0.4.2-0.20230414023320-3c0159fe0fe4", + "UID": "4000bf38b639f59d" + }, + "Version": "v0.4.2-0.20230414023320-3c0159fe0fe4", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/42wim/httpsig@v1.2.3", + "Name": "github.com/42wim/httpsig", + "Identifier": { + "PURL": "pkg:golang/github.com/42wim/httpsig@v1.2.3", + "UID": "fa253ca68fffb508" + }, + "Version": "v1.2.3", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/42wim/sshsig@v0.0.0-20250502153856-5100632e8920", + "Name": "github.com/42wim/sshsig", + "Identifier": { + "PURL": "pkg:golang/github.com/42wim/sshsig@v0.0.0-20250502153856-5100632e8920", + "UID": "88941c4f39f2218e" + }, + "Version": "v0.0.0-20250502153856-5100632e8920", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/6543/go-version@v1.3.1", + "Name": "github.com/6543/go-version", + "Identifier": { + "PURL": "pkg:golang/github.com/6543/go-version@v1.3.1", + "UID": "5968a06875d2e10a" + }, + "Version": "v1.3.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.19.0", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/azcore", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azcore@v1.19.0", + "UID": "f4e76d20650770bb" + }, + "Version": "v1.19.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/internal@v1.11.2", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/internal", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/internal@v1.11.2", + "UID": "3d76a60401cec655" + }, + "Version": "v1.11.2", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob@v1.6.2", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/storage/azblob@v1.6.2", + "UID": "5d90f750159f77c1" + }, + "Version": "v1.6.2", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/go-ntlmssp@v0.0.0-20221128193559-754e69321358", + "Name": "github.com/Azure/go-ntlmssp", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/go-ntlmssp@v0.0.0-20221128193559-754e69321358", + "UID": "89db9f082fcddcb4" + }, + "Version": "v0.0.0-20221128193559-754e69321358", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/DataDog/zstd@v1.5.7", + "Name": "github.com/DataDog/zstd", + "Identifier": { + "PURL": "pkg:golang/github.com/datadog/zstd@v1.5.7", + "UID": "701dc2de3a15122a" + }, + "Version": "v1.5.7", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Necoro/html2text@v0.0.0-20250804200300-7bf1ce1c7347", + "Name": "github.com/Necoro/html2text", + "Identifier": { + "PURL": "pkg:golang/github.com/necoro/html2text@v0.0.0-20250804200300-7bf1ce1c7347", + "UID": "d68a480b0db7827f" + }, + "Version": "v0.0.0-20250804200300-7bf1ce1c7347", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/ProtonMail/go-crypto@v1.3.0", + "Name": "github.com/ProtonMail/go-crypto", + "Identifier": { + "PURL": "pkg:golang/github.com/protonmail/go-crypto@v1.3.0", + "UID": "1debc130e8e4abda" + }, + "Version": "v1.3.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/RoaringBitmap/roaring/v2@v2.10.0", + "Name": "github.com/RoaringBitmap/roaring/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/roaringbitmap/roaring/v2@v2.10.0", + "UID": "b709874801eea9f4" + }, + "Version": "v2.10.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/STARRY-S/zip@v0.2.3", + "Name": "github.com/STARRY-S/zip", + "Identifier": { + "PURL": "pkg:golang/github.com/starry-s/zip@v0.2.3", + "UID": "c15698ff9922f9d7" + }, + "Version": "v0.2.3", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/SaveTheRbtz/zstd-seekable-format-go/pkg@v0.8.0", + "Name": "github.com/SaveTheRbtz/zstd-seekable-format-go/pkg", + "Identifier": { + "PURL": "pkg:golang/github.com/savetherbtz/zstd-seekable-format-go/pkg@v0.8.0", + "UID": "cdccc7229a055094" + }, + "Version": "v0.8.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/alecthomas/chroma/v2@v2.20.0", + "Name": "github.com/alecthomas/chroma/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/alecthomas/chroma/v2@v2.20.0", + "UID": "bf7447923fb18a08" + }, + "Version": "v2.20.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/andybalholm/brotli@v1.2.0", + "Name": "github.com/andybalholm/brotli", + "Identifier": { + "PURL": "pkg:golang/github.com/andybalholm/brotli@v1.2.0", + "UID": "c8a2557ebc0c78c0" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/anmitsu/go-shlex@v0.0.0-20200514113438-38f4b401e2be", + "Name": "github.com/anmitsu/go-shlex", + "Identifier": { + "PURL": "pkg:golang/github.com/anmitsu/go-shlex@v0.0.0-20200514113438-38f4b401e2be", + "UID": "64bf08fcda7c059e" + }, + "Version": "v0.0.0-20200514113438-38f4b401e2be", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2@v1.38.3", + "Name": "github.com/aws/aws-sdk-go-v2", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2@v1.38.3", + "UID": "c6b3ca3ece72dc7" + }, + "Version": "v1.38.3", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/credentials@v1.18.10", + "Name": "github.com/aws/aws-sdk-go-v2/credentials", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/credentials@v1.18.10", + "UID": "59d11dbca8c179eb" + }, + "Version": "v1.18.10", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.6", + "Name": "github.com/aws/aws-sdk-go-v2/internal/configsources", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.6", + "UID": "5ab86077bc4dedbc" + }, + "Version": "v1.4.6", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.6", + "Name": "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.6", + "UID": "c422f5124ba33bbe" + }, + "Version": "v2.7.6", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/codecommit@v1.32.2", + "Name": "github.com/aws/aws-sdk-go-v2/service/codecommit", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/codecommit@v1.32.2", + "UID": "5992d55a25669ad8" + }, + "Version": "v1.32.2", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/smithy-go@v1.23.0", + "Name": "github.com/aws/smithy-go", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/smithy-go@v1.23.0", + "UID": "cf485a487b450159" + }, + "Version": "v1.23.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aymerick/douceur@v0.2.0", + "Name": "github.com/aymerick/douceur", + "Identifier": { + "PURL": "pkg:golang/github.com/aymerick/douceur@v0.2.0", + "UID": "8d05df4e9f659af3" + }, + "Version": "v0.2.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/beorn7/perks@v1.0.1", + "Name": "github.com/beorn7/perks", + "Identifier": { + "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", + "UID": "59949fd7aa86cd5c" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/bits-and-blooms/bitset@v1.24.0", + "Name": "github.com/bits-and-blooms/bitset", + "Identifier": { + "PURL": "pkg:golang/github.com/bits-and-blooms/bitset@v1.24.0", + "UID": "f1d261715287bd5" + }, + "Version": "v1.24.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/blakesmith/ar@v0.0.0-20190502131153-809d4375e1fb", + "Name": "github.com/blakesmith/ar", + "Identifier": { + "PURL": "pkg:golang/github.com/blakesmith/ar@v0.0.0-20190502131153-809d4375e1fb", + "UID": "bbc5f68e5b8f94bf" + }, + "Version": "v0.0.0-20190502131153-809d4375e1fb", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/blevesearch/bleve/v2@v2.5.3", + "Name": "github.com/blevesearch/bleve/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/blevesearch/bleve/v2@v2.5.3", + "UID": "4b0badda3220b460" + }, + "Version": "v2.5.3", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/blevesearch/bleve_index_api@v1.2.9", + "Name": "github.com/blevesearch/bleve_index_api", + "Identifier": { + "PURL": "pkg:golang/github.com/blevesearch/bleve_index_api@v1.2.9", + "UID": "e96336b7d9e5de41" + }, + "Version": "v1.2.9", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/blevesearch/geo@v0.2.4", + "Name": "github.com/blevesearch/geo", + "Identifier": { + "PURL": "pkg:golang/github.com/blevesearch/geo@v0.2.4", + "UID": "e41c5edff739225f" + }, + "Version": "v0.2.4", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/blevesearch/go-porterstemmer@v1.0.3", + "Name": "github.com/blevesearch/go-porterstemmer", + "Identifier": { + "PURL": "pkg:golang/github.com/blevesearch/go-porterstemmer@v1.0.3", + "UID": "90dce8dcad02a53a" + }, + "Version": "v1.0.3", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/blevesearch/gtreap@v0.1.1", + "Name": "github.com/blevesearch/gtreap", + "Identifier": { + "PURL": "pkg:golang/github.com/blevesearch/gtreap@v0.1.1", + "UID": "11f175438f27cd5" + }, + "Version": "v0.1.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/blevesearch/mmap-go@v1.0.4", + "Name": "github.com/blevesearch/mmap-go", + "Identifier": { + "PURL": "pkg:golang/github.com/blevesearch/mmap-go@v1.0.4", + "UID": "41f60e68aa1909fb" + }, + "Version": "v1.0.4", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/blevesearch/scorch_segment_api/v2@v2.3.11", + "Name": "github.com/blevesearch/scorch_segment_api/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/blevesearch/scorch_segment_api/v2@v2.3.11", + "UID": "1e5a2321da3197bd" + }, + "Version": "v2.3.11", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/blevesearch/segment@v0.9.1", + "Name": "github.com/blevesearch/segment", + "Identifier": { + "PURL": "pkg:golang/github.com/blevesearch/segment@v0.9.1", + "UID": "ec1d5a1cfbcc7eb9" + }, + "Version": "v0.9.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/blevesearch/snowballstem@v0.9.0", + "Name": "github.com/blevesearch/snowballstem", + "Identifier": { + "PURL": "pkg:golang/github.com/blevesearch/snowballstem@v0.9.0", + "UID": "75ebb74450b5cf29" + }, + "Version": "v0.9.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/blevesearch/upsidedown_store_api@v1.0.2", + "Name": "github.com/blevesearch/upsidedown_store_api", + "Identifier": { + "PURL": "pkg:golang/github.com/blevesearch/upsidedown_store_api@v1.0.2", + "UID": "a9056ff3c17e826c" + }, + "Version": "v1.0.2", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/blevesearch/vellum@v1.1.0", + "Name": "github.com/blevesearch/vellum", + "Identifier": { + "PURL": "pkg:golang/github.com/blevesearch/vellum@v1.1.0", + "UID": "aca6f5f651b89045" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/blevesearch/zapx/v11@v11.4.2", + "Name": "github.com/blevesearch/zapx/v11", + "Identifier": { + "PURL": "pkg:golang/github.com/blevesearch/zapx/v11@v11.4.2", + "UID": "b372607eddba6496" + }, + "Version": "v11.4.2", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/blevesearch/zapx/v12@v12.4.2", + "Name": "github.com/blevesearch/zapx/v12", + "Identifier": { + "PURL": "pkg:golang/github.com/blevesearch/zapx/v12@v12.4.2", + "UID": "7ca270076f5db225" + }, + "Version": "v12.4.2", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/blevesearch/zapx/v13@v13.4.2", + "Name": "github.com/blevesearch/zapx/v13", + "Identifier": { + "PURL": "pkg:golang/github.com/blevesearch/zapx/v13@v13.4.2", + "UID": "b29e59d72edbda88" + }, + "Version": "v13.4.2", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/blevesearch/zapx/v14@v14.4.2", + "Name": "github.com/blevesearch/zapx/v14", + "Identifier": { + "PURL": "pkg:golang/github.com/blevesearch/zapx/v14@v14.4.2", + "UID": "39918f56fdf26790" + }, + "Version": "v14.4.2", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/blevesearch/zapx/v15@v15.4.2", + "Name": "github.com/blevesearch/zapx/v15", + "Identifier": { + "PURL": "pkg:golang/github.com/blevesearch/zapx/v15@v15.4.2", + "UID": "5e4203896f47c5d7" + }, + "Version": "v15.4.2", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/blevesearch/zapx/v16@v16.2.4", + "Name": "github.com/blevesearch/zapx/v16", + "Identifier": { + "PURL": "pkg:golang/github.com/blevesearch/zapx/v16@v16.2.4", + "UID": "4fb6c837bc06a5b9" + }, + "Version": "v16.2.4", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/bmatcuk/doublestar/v4@v4.9.1", + "Name": "github.com/bmatcuk/doublestar/v4", + "Identifier": { + "PURL": "pkg:golang/github.com/bmatcuk/doublestar/v4@v4.9.1", + "UID": "9d93a58c72b700f5" + }, + "Version": "v4.9.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/bodgit/plumbing@v1.3.0", + "Name": "github.com/bodgit/plumbing", + "Identifier": { + "PURL": "pkg:golang/github.com/bodgit/plumbing@v1.3.0", + "UID": "17bc5892826d6c1d" + }, + "Version": "v1.3.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/bodgit/sevenzip@v1.6.1", + "Name": "github.com/bodgit/sevenzip", + "Identifier": { + "PURL": "pkg:golang/github.com/bodgit/sevenzip@v1.6.1", + "UID": "6a1765a102b75ce4" + }, + "Version": "v1.6.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/bodgit/windows@v1.0.1", + "Name": "github.com/bodgit/windows", + "Identifier": { + "PURL": "pkg:golang/github.com/bodgit/windows@v1.0.1", + "UID": "9dc97aadf21a31c6" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/bohde/codel@v0.2.0", + "Name": "github.com/bohde/codel", + "Identifier": { + "PURL": "pkg:golang/github.com/bohde/codel@v0.2.0", + "UID": "a6017cd3f762c6a4" + }, + "Version": "v0.2.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/boombuler/barcode@v1.1.0", + "Name": "github.com/boombuler/barcode", + "Identifier": { + "PURL": "pkg:golang/github.com/boombuler/barcode@v1.1.0", + "UID": "ee840fdce8a9faa" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/bradfitz/gomemcache@v0.0.0-20250403215159-8d39553ac7cf", + "Name": "github.com/bradfitz/gomemcache", + "Identifier": { + "PURL": "pkg:golang/github.com/bradfitz/gomemcache@v0.0.0-20250403215159-8d39553ac7cf", + "UID": "68198f1ee3374cca" + }, + "Version": "v0.0.0-20250403215159-8d39553ac7cf", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/buildkite/terminal-to-html/v3@v3.16.8", + "Name": "github.com/buildkite/terminal-to-html/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/buildkite/terminal-to-html/v3@v3.16.8", + "UID": "f284a2008b6cfd98" + }, + "Version": "v3.16.8", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/caddyserver/certmagic@v0.24.0", + "Name": "github.com/caddyserver/certmagic", + "Identifier": { + "PURL": "pkg:golang/github.com/caddyserver/certmagic@v0.24.0", + "UID": "f29c69c9a807138f" + }, + "Version": "v0.24.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/caddyserver/zerossl@v0.1.3", + "Name": "github.com/caddyserver/zerossl", + "Identifier": { + "PURL": "pkg:golang/github.com/caddyserver/zerossl@v0.1.3", + "UID": "feaad9405f23dbed" + }, + "Version": "v0.1.3", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cention-sany/utf7@v0.0.0-20170124080048-26cad61bd60a", + "Name": "github.com/cention-sany/utf7", + "Identifier": { + "PURL": "pkg:golang/github.com/cention-sany/utf7@v0.0.0-20170124080048-26cad61bd60a", + "UID": "bf0bd4839f073fe8" + }, + "Version": "v0.0.0-20170124080048-26cad61bd60a", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cespare/xxhash/v2@v2.3.0", + "Name": "github.com/cespare/xxhash/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0", + "UID": "5f16bc7a7758cd8d" + }, + "Version": "v2.3.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/charmbracelet/git-lfs-transfer@v0.1.1-0.20251013092601-6327009efd21", + "Name": "github.com/charmbracelet/git-lfs-transfer", + "Identifier": { + "PURL": "pkg:golang/github.com/charmbracelet/git-lfs-transfer@v0.1.1-0.20251013092601-6327009efd21", + "UID": "2956e175a5df4a69" + }, + "Version": "v0.1.1-0.20251013092601-6327009efd21", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/chi-middleware/proxy@v1.1.1", + "Name": "github.com/chi-middleware/proxy", + "Identifier": { + "PURL": "pkg:golang/github.com/chi-middleware/proxy@v1.1.1", + "UID": "46a4f6b9b50f329a" + }, + "Version": "v1.1.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cloudflare/circl@v1.6.3", + "Name": "github.com/cloudflare/circl", + "Identifier": { + "PURL": "pkg:golang/github.com/cloudflare/circl@v1.6.3", + "UID": "da92f3bfe44246ad" + }, + "Version": "v1.6.3", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/couchbase/go-couchbase@v0.1.1", + "Name": "github.com/couchbase/go-couchbase", + "Identifier": { + "PURL": "pkg:golang/github.com/couchbase/go-couchbase@v0.1.1", + "UID": "bb2bf9982fbc414f" + }, + "Version": "v0.1.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/couchbase/gomemcached@v0.3.3", + "Name": "github.com/couchbase/gomemcached", + "Identifier": { + "PURL": "pkg:golang/github.com/couchbase/gomemcached@v0.3.3", + "UID": "d40d8bf989b62fdb" + }, + "Version": "v0.3.3", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/couchbase/goutils@v0.1.2", + "Name": "github.com/couchbase/goutils", + "Identifier": { + "PURL": "pkg:golang/github.com/couchbase/goutils@v0.1.2", + "UID": "92b7fe2e0bdaf36" + }, + "Version": "v0.1.2", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cpuguy83/go-md2man/v2@v2.0.7", + "Name": "github.com/cpuguy83/go-md2man/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/cpuguy83/go-md2man/v2@v2.0.7", + "UID": "5625eb6e48d02555" + }, + "Version": "v2.0.7", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cyphar/filepath-securejoin@v0.4.1", + "Name": "github.com/cyphar/filepath-securejoin", + "Identifier": { + "PURL": "pkg:golang/github.com/cyphar/filepath-securejoin@v0.4.1", + "UID": "ca519a256d79d9a6" + }, + "Version": "v0.4.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "Name": "github.com/davecgh/go-spew", + "Identifier": { + "PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "UID": "756beb4e27c6cbb8" + }, + "Version": "v1.1.2-0.20180830191138-d8f796af33cc", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/dgryski/go-rendezvous@v0.0.0-20200823014737-9f7001d12a5f", + "Name": "github.com/dgryski/go-rendezvous", + "Identifier": { + "PURL": "pkg:golang/github.com/dgryski/go-rendezvous@v0.0.0-20200823014737-9f7001d12a5f", + "UID": "6389067d0e340633" + }, + "Version": "v0.0.0-20200823014737-9f7001d12a5f", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/dimiro1/reply@v0.0.0-20200315094148-d0136a4c9e21", + "Name": "github.com/dimiro1/reply", + "Identifier": { + "PURL": "pkg:golang/github.com/dimiro1/reply@v0.0.0-20200315094148-d0136a4c9e21", + "UID": "d3a6f66151f2b8e3" + }, + "Version": "v0.0.0-20200315094148-d0136a4c9e21", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/djherbis/buffer@v1.2.0", + "Name": "github.com/djherbis/buffer", + "Identifier": { + "PURL": "pkg:golang/github.com/djherbis/buffer@v1.2.0", + "UID": "7917ab0ec08d18bc" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/djherbis/nio/v3@v3.0.1", + "Name": "github.com/djherbis/nio/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/djherbis/nio/v3@v3.0.1", + "UID": "e10a2bf701b5b422" + }, + "Version": "v3.0.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/dlclark/regexp2@v1.11.5", + "Name": "github.com/dlclark/regexp2", + "Identifier": { + "PURL": "pkg:golang/github.com/dlclark/regexp2@v1.11.5", + "UID": "5269d628f733eb06" + }, + "Version": "v1.11.5", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/dsnet/compress@v0.0.2-0.20230904184137-39efe44ab707", + "Name": "github.com/dsnet/compress", + "Identifier": { + "PURL": "pkg:golang/github.com/dsnet/compress@v0.0.2-0.20230904184137-39efe44ab707", + "UID": "351d189b19033141" + }, + "Version": "v0.0.2-0.20230904184137-39efe44ab707", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/dustin/go-humanize@v1.0.1", + "Name": "github.com/dustin/go-humanize", + "Identifier": { + "PURL": "pkg:golang/github.com/dustin/go-humanize@v1.0.1", + "UID": "d44766e4cad2b386" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/editorconfig/editorconfig-core-go/v2@v2.6.3", + "Name": "github.com/editorconfig/editorconfig-core-go/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/editorconfig/editorconfig-core-go/v2@v2.6.3", + "UID": "bf422f232c334188" + }, + "Version": "v2.6.3", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/emersion/go-imap@v1.2.1", + "Name": "github.com/emersion/go-imap", + "Identifier": { + "PURL": "pkg:golang/github.com/emersion/go-imap@v1.2.1", + "UID": "73690b7057fa7f24" + }, + "Version": "v1.2.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/emersion/go-sasl@v0.0.0-20241020182733-b788ff22d5a6", + "Name": "github.com/emersion/go-sasl", + "Identifier": { + "PURL": "pkg:golang/github.com/emersion/go-sasl@v0.0.0-20241020182733-b788ff22d5a6", + "UID": "8f825e4de02df8c1" + }, + "Version": "v0.0.0-20241020182733-b788ff22d5a6", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/emirpasic/gods@v1.18.1", + "Name": "github.com/emirpasic/gods", + "Identifier": { + "PURL": "pkg:golang/github.com/emirpasic/gods@v1.18.1", + "UID": "bb4f93acbb2aebe9" + }, + "Version": "v1.18.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/ethantkoenig/rupture@v1.0.1", + "Name": "github.com/ethantkoenig/rupture", + "Identifier": { + "PURL": "pkg:golang/github.com/ethantkoenig/rupture@v1.0.1", + "UID": "873ff08486403b7b" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/fatih/color@v1.18.0", + "Name": "github.com/fatih/color", + "Identifier": { + "PURL": "pkg:golang/github.com/fatih/color@v1.18.0", + "UID": "3267bac4ab3acf4a" + }, + "Version": "v1.18.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/felixge/fgprof@v0.9.5", + "Name": "github.com/felixge/fgprof", + "Identifier": { + "PURL": "pkg:golang/github.com/felixge/fgprof@v0.9.5", + "UID": "afbf431486955ca9" + }, + "Version": "v0.9.5", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/fsnotify/fsnotify@v1.9.0", + "Name": "github.com/fsnotify/fsnotify", + "Identifier": { + "PURL": "pkg:golang/github.com/fsnotify/fsnotify@v1.9.0", + "UID": "3d6d432a4c95adee" + }, + "Version": "v1.9.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/fxamacker/cbor/v2@v2.9.0", + "Name": "github.com/fxamacker/cbor/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/fxamacker/cbor/v2@v2.9.0", + "UID": "c3df033c11af1336" + }, + "Version": "v2.9.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/git-lfs/pktline@v0.0.0-20230103162542-ca444d533ef1", + "Name": "github.com/git-lfs/pktline", + "Identifier": { + "PURL": "pkg:golang/github.com/git-lfs/pktline@v0.0.0-20230103162542-ca444d533ef1", + "UID": "5892bf7e6c534549" + }, + "Version": "v0.0.0-20230103162542-ca444d533ef1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gliderlabs/ssh@v0.3.8", + "Name": "github.com/gliderlabs/ssh", + "Identifier": { + "PURL": "pkg:golang/github.com/gliderlabs/ssh@v0.3.8", + "UID": "d6944f8b9c15014a" + }, + "Version": "v0.3.8", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-ap/activitypub@v0.0.0-20250810115208-cb73b20a1742", + "Name": "github.com/go-ap/activitypub", + "Identifier": { + "PURL": "pkg:golang/github.com/go-ap/activitypub@v0.0.0-20250810115208-cb73b20a1742", + "UID": "74f555f627d50dc6" + }, + "Version": "v0.0.0-20250810115208-cb73b20a1742", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-ap/errors@v0.0.0-20250527110557-c8db454e53fd", + "Name": "github.com/go-ap/errors", + "Identifier": { + "PURL": "pkg:golang/github.com/go-ap/errors@v0.0.0-20250527110557-c8db454e53fd", + "UID": "bd0382596c38d3ea" + }, + "Version": "v0.0.0-20250527110557-c8db454e53fd", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-ap/jsonld@v0.0.0-20221030091449-f2a191312c73", + "Name": "github.com/go-ap/jsonld", + "Identifier": { + "PURL": "pkg:golang/github.com/go-ap/jsonld@v0.0.0-20221030091449-f2a191312c73", + "UID": "f352ea46ca733308" + }, + "Version": "v0.0.0-20221030091449-f2a191312c73", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-asn1-ber/asn1-ber@v1.5.8-0.20250403174932-29230038a667", + "Name": "github.com/go-asn1-ber/asn1-ber", + "Identifier": { + "PURL": "pkg:golang/github.com/go-asn1-ber/asn1-ber@v1.5.8-0.20250403174932-29230038a667", + "UID": "cb8026144c824c05" + }, + "Version": "v1.5.8-0.20250403174932-29230038a667", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-chi/chi/v5@v5.2.3", + "Name": "github.com/go-chi/chi/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/go-chi/chi/v5@v5.2.3", + "UID": "3ce7ed70f7059d75" + }, + "Version": "v5.2.3", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-chi/cors@v1.2.2", + "Name": "github.com/go-chi/cors", + "Identifier": { + "PURL": "pkg:golang/github.com/go-chi/cors@v1.2.2", + "UID": "f5cb6d7a497dcd1c" + }, + "Version": "v1.2.2", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-co-op/gocron@v1.37.0", + "Name": "github.com/go-co-op/gocron", + "Identifier": { + "PURL": "pkg:golang/github.com/go-co-op/gocron@v1.37.0", + "UID": "91902bae9eada84a" + }, + "Version": "v1.37.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-enry/go-enry/v2@v2.9.2", + "Name": "github.com/go-enry/go-enry/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/go-enry/go-enry/v2@v2.9.2", + "UID": "719131dbe907b120" + }, + "Version": "v2.9.2", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-fed/httpsig@v1.1.1-0.20201223112313-55836744818e", + "Name": "github.com/go-fed/httpsig", + "Identifier": { + "PURL": "pkg:golang/github.com/go-fed/httpsig@v1.1.1-0.20201223112313-55836744818e", + "UID": "3cc79f2671a014ef" + }, + "Version": "v1.1.1-0.20201223112313-55836744818e", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-git/gcfg@v1.5.1-0.20230307220236-3a3c6141e376", + "Name": "github.com/go-git/gcfg", + "Identifier": { + "PURL": "pkg:golang/github.com/go-git/gcfg@v1.5.1-0.20230307220236-3a3c6141e376", + "UID": "1752d3461b2a3c8c" + }, + "Version": "v1.5.1-0.20230307220236-3a3c6141e376", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-git/go-billy/v5@v5.6.2", + "Name": "github.com/go-git/go-billy/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/go-git/go-billy/v5@v5.6.2", + "UID": "b26c271ca2b04f93" + }, + "Version": "v5.6.2", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-git/go-git/v5@v5.16.5", + "Name": "github.com/go-git/go-git/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/go-git/go-git/v5@v5.16.5", + "UID": "19d984b6d8e0b0e5" + }, + "Version": "v5.16.5", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-ini/ini@v1.67.0", + "Name": "github.com/go-ini/ini", + "Identifier": { + "PURL": "pkg:golang/github.com/go-ini/ini@v1.67.0", + "UID": "9b50a5d2df154e60" + }, + "Version": "v1.67.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-ldap/ldap/v3@v3.4.11", + "Name": "github.com/go-ldap/ldap/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/go-ldap/ldap/v3@v3.4.11", + "UID": "e1172f156af8b41a" + }, + "Version": "v3.4.11", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-redsync/redsync/v4@v4.13.0", + "Name": "github.com/go-redsync/redsync/v4", + "Identifier": { + "PURL": "pkg:golang/github.com/go-redsync/redsync/v4@v4.13.0", + "UID": "a39934f401f20d6f" + }, + "Version": "v4.13.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-sql-driver/mysql@v1.9.3", + "Name": "github.com/go-sql-driver/mysql", + "Identifier": { + "PURL": "pkg:golang/github.com/go-sql-driver/mysql@v1.9.3", + "UID": "30aca95dcc344a8c" + }, + "Version": "v1.9.3", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-webauthn/webauthn@v0.13.4", + "Name": "github.com/go-webauthn/webauthn", + "Identifier": { + "PURL": "pkg:golang/github.com/go-webauthn/webauthn@v0.13.4", + "UID": "27d5f4e1cecffef9" + }, + "Version": "v0.13.4", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-webauthn/x@v0.1.24", + "Name": "github.com/go-webauthn/x", + "Identifier": { + "PURL": "pkg:golang/github.com/go-webauthn/x@v0.1.24", + "UID": "346fda911e146b15" + }, + "Version": "v0.1.24", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/goccy/go-json@v0.10.5", + "Name": "github.com/goccy/go-json", + "Identifier": { + "PURL": "pkg:golang/github.com/goccy/go-json@v0.10.5", + "UID": "d0dcb83148419c6f" + }, + "Version": "v0.10.5", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gogs/chardet@v0.0.0-20211120154057-b7413eaefb8f", + "Name": "github.com/gogs/chardet", + "Identifier": { + "PURL": "pkg:golang/github.com/gogs/chardet@v0.0.0-20211120154057-b7413eaefb8f", + "UID": "600c6a5d21c3aa34" + }, + "Version": "v0.0.0-20211120154057-b7413eaefb8f", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gogs/go-gogs-client@v0.0.0-20210131175652-1d7215cd8d85", + "Name": "github.com/gogs/go-gogs-client", + "Identifier": { + "PURL": "pkg:golang/github.com/gogs/go-gogs-client@v0.0.0-20210131175652-1d7215cd8d85", + "UID": "345beb1995cdc70b" + }, + "Version": "v0.0.0-20210131175652-1d7215cd8d85", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang-jwt/jwt/v4@v4.5.2", + "Name": "github.com/golang-jwt/jwt/v4", + "Identifier": { + "PURL": "pkg:golang/github.com/golang-jwt/jwt/v4@v4.5.2", + "UID": "9776503ec3676a4e" + }, + "Version": "v4.5.2", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang-jwt/jwt/v5@v5.3.0", + "Name": "github.com/golang-jwt/jwt/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/golang-jwt/jwt/v5@v5.3.0", + "UID": "a5269811bd709f1b" + }, + "Version": "v5.3.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang-sql/civil@v0.0.0-20220223132316-b832511892a9", + "Name": "github.com/golang-sql/civil", + "Identifier": { + "PURL": "pkg:golang/github.com/golang-sql/civil@v0.0.0-20220223132316-b832511892a9", + "UID": "b3a7dd665d3e5161" + }, + "Version": "v0.0.0-20220223132316-b832511892a9", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang-sql/sqlexp@v0.1.0", + "Name": "github.com/golang-sql/sqlexp", + "Identifier": { + "PURL": "pkg:golang/github.com/golang-sql/sqlexp@v0.1.0", + "UID": "c049db56715848cc" + }, + "Version": "v0.1.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/groupcache@v0.0.0-20241129210726-2c02b8208cf8", + "Name": "github.com/golang/groupcache", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/groupcache@v0.0.0-20241129210726-2c02b8208cf8", + "UID": "edbc9c754d1fe5f" + }, + "Version": "v0.0.0-20241129210726-2c02b8208cf8", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/protobuf@v1.5.4", + "Name": "github.com/golang/protobuf", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/protobuf@v1.5.4", + "UID": "340a3ab4d24f17c2" + }, + "Version": "v1.5.4", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/snappy@v1.0.0", + "Name": "github.com/golang/snappy", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/snappy@v1.0.0", + "UID": "d532f688a97303e3" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/btree@v1.1.3", + "Name": "github.com/google/btree", + "Identifier": { + "PURL": "pkg:golang/github.com/google/btree@v1.1.3", + "UID": "c28fd74e1e8ba3d4" + }, + "Version": "v1.1.3", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/flatbuffers@v25.2.10+incompatible", + "Name": "github.com/google/flatbuffers", + "Identifier": { + "PURL": "pkg:golang/github.com/google/flatbuffers@v25.2.10%2Bincompatible", + "UID": "4dc4b6260e208a9b" + }, + "Version": "v25.2.10+incompatible", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/go-github/v74@v74.0.0", + "Name": "github.com/google/go-github/v74", + "Identifier": { + "PURL": "pkg:golang/github.com/google/go-github/v74@v74.0.0", + "UID": "fc59501262a7f7c7" + }, + "Version": "v74.0.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/go-querystring@v1.1.0", + "Name": "github.com/google/go-querystring", + "Identifier": { + "PURL": "pkg:golang/github.com/google/go-querystring@v1.1.0", + "UID": "fdfcfe93cd67c826" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/go-tpm@v0.9.5", + "Name": "github.com/google/go-tpm", + "Identifier": { + "PURL": "pkg:golang/github.com/google/go-tpm@v0.9.5", + "UID": "f75acf1b27a916f3" + }, + "Version": "v0.9.5", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/licenseclassifier/v2@v2.0.0", + "Name": "github.com/google/licenseclassifier/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/google/licenseclassifier/v2@v2.0.0", + "UID": "767649745b849fdf" + }, + "Version": "v2.0.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/pprof@v0.0.0-20250820193118-f64d9cf942d6", + "Name": "github.com/google/pprof", + "Identifier": { + "PURL": "pkg:golang/github.com/google/pprof@v0.0.0-20250820193118-f64d9cf942d6", + "UID": "3fa4c630fc8f4dbc" + }, + "Version": "v0.0.0-20250820193118-f64d9cf942d6", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/uuid@v1.6.0", + "Name": "github.com/google/uuid", + "Identifier": { + "PURL": "pkg:golang/github.com/google/uuid@v1.6.0", + "UID": "8c8cc436863d2c7e" + }, + "Version": "v1.6.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gorilla/css@v1.0.1", + "Name": "github.com/gorilla/css", + "Identifier": { + "PURL": "pkg:golang/github.com/gorilla/css@v1.0.1", + "UID": "6f622f15dbc5b4c1" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gorilla/feeds@v1.2.0", + "Name": "github.com/gorilla/feeds", + "Identifier": { + "PURL": "pkg:golang/github.com/gorilla/feeds@v1.2.0", + "UID": "d9ab964a7f2ad25d" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gorilla/mux@v1.8.1", + "Name": "github.com/gorilla/mux", + "Identifier": { + "PURL": "pkg:golang/github.com/gorilla/mux@v1.8.1", + "UID": "749bc43d277d65e5" + }, + "Version": "v1.8.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gorilla/securecookie@v1.1.2", + "Name": "github.com/gorilla/securecookie", + "Identifier": { + "PURL": "pkg:golang/github.com/gorilla/securecookie@v1.1.2", + "UID": "f8c7c4a52724f371" + }, + "Version": "v1.1.2", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gorilla/sessions@v1.4.0", + "Name": "github.com/gorilla/sessions", + "Identifier": { + "PURL": "pkg:golang/github.com/gorilla/sessions@v1.4.0", + "UID": "13411e79b9107b5a" + }, + "Version": "v1.4.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/errwrap@v1.1.0", + "Name": "github.com/hashicorp/errwrap", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/errwrap@v1.1.0", + "UID": "99150288ed2f7502" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-cleanhttp@v0.5.2", + "Name": "github.com/hashicorp/go-cleanhttp", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-cleanhttp@v0.5.2", + "UID": "9dceb42b739c5c32" + }, + "Version": "v0.5.2", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-multierror@v1.1.1", + "Name": "github.com/hashicorp/go-multierror", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-multierror@v1.1.1", + "UID": "2e2205ae400e9e2c" + }, + "Version": "v1.1.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-retryablehttp@v0.7.8", + "Name": "github.com/hashicorp/go-retryablehttp", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-retryablehttp@v0.7.8", + "UID": "51aff31f0bf036c9" + }, + "Version": "v0.7.8", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/golang-lru/v2@v2.0.7", + "Name": "github.com/hashicorp/golang-lru/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/golang-lru/v2@v2.0.7", + "UID": "3d7230f08ac97925" + }, + "Version": "v2.0.7", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/huandu/xstrings@v1.5.0", + "Name": "github.com/huandu/xstrings", + "Identifier": { + "PURL": "pkg:golang/github.com/huandu/xstrings@v1.5.0", + "UID": "fc730a2e8fdc95df" + }, + "Version": "v1.5.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jbenet/go-context@v0.0.0-20150711004518-d14ea06fba99", + "Name": "github.com/jbenet/go-context", + "Identifier": { + "PURL": "pkg:golang/github.com/jbenet/go-context@v0.0.0-20150711004518-d14ea06fba99", + "UID": "38f3c474922312f6" + }, + "Version": "v0.0.0-20150711004518-d14ea06fba99", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jhillyerd/enmime@v1.3.0", + "Name": "github.com/jhillyerd/enmime", + "Identifier": { + "PURL": "pkg:golang/github.com/jhillyerd/enmime@v1.3.0", + "UID": "438dc7d3f2694148" + }, + "Version": "v1.3.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/josharian/intern@v1.0.0", + "Name": "github.com/josharian/intern", + "Identifier": { + "PURL": "pkg:golang/github.com/josharian/intern@v1.0.0", + "UID": "683d62df42b25580" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/json-iterator/go@v1.1.12", + "Name": "github.com/json-iterator/go", + "Identifier": { + "PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12", + "UID": "6b5fe979748b1454" + }, + "Version": "v1.1.12", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/kballard/go-shellquote@v0.0.0-20180428030007-95032a82bc51", + "Name": "github.com/kballard/go-shellquote", + "Identifier": { + "PURL": "pkg:golang/github.com/kballard/go-shellquote@v0.0.0-20180428030007-95032a82bc51", + "UID": "46b223931d2610be" + }, + "Version": "v0.0.0-20180428030007-95032a82bc51", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/kevinburke/ssh_config@v1.4.0", + "Name": "github.com/kevinburke/ssh_config", + "Identifier": { + "PURL": "pkg:golang/github.com/kevinburke/ssh_config@v1.4.0", + "UID": "40312f870fa29ea1" + }, + "Version": "v1.4.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/klauspost/compress@v1.18.0", + "Name": "github.com/klauspost/compress", + "Identifier": { + "PURL": "pkg:golang/github.com/klauspost/compress@v1.18.0", + "UID": "e9593a261542048f" + }, + "Version": "v1.18.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/klauspost/cpuid/v2@v2.3.0", + "Name": "github.com/klauspost/cpuid/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/klauspost/cpuid/v2@v2.3.0", + "UID": "d3178f29042e061d" + }, + "Version": "v2.3.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/klauspost/pgzip@v1.2.6", + "Name": "github.com/klauspost/pgzip", + "Identifier": { + "PURL": "pkg:golang/github.com/klauspost/pgzip@v1.2.6", + "UID": "be981cef4960f202" + }, + "Version": "v1.2.6", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/lib/pq@v1.10.9", + "Name": "github.com/lib/pq", + "Identifier": { + "PURL": "pkg:golang/github.com/lib/pq@v1.10.9", + "UID": "98c1b380d34f5874" + }, + "Version": "v1.10.9", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/libdns/libdns@v1.1.1", + "Name": "github.com/libdns/libdns", + "Identifier": { + "PURL": "pkg:golang/github.com/libdns/libdns@v1.1.1", + "UID": "a3c4b881340baa7f" + }, + "Version": "v1.1.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mailru/easyjson@v0.9.0", + "Name": "github.com/mailru/easyjson", + "Identifier": { + "PURL": "pkg:golang/github.com/mailru/easyjson@v0.9.0", + "UID": "5d388e95f2fb59d8" + }, + "Version": "v0.9.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/markbates/going@v1.0.3", + "Name": "github.com/markbates/going", + "Identifier": { + "PURL": "pkg:golang/github.com/markbates/going@v1.0.3", + "UID": "ab8266f09f71283b" + }, + "Version": "v1.0.3", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/markbates/goth@v1.82.0", + "Name": "github.com/markbates/goth", + "Identifier": { + "PURL": "pkg:golang/github.com/markbates/goth@v1.82.0", + "UID": "976b3ebdf5190c6" + }, + "Version": "v1.82.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mattn/go-colorable@v0.1.14", + "Name": "github.com/mattn/go-colorable", + "Identifier": { + "PURL": "pkg:golang/github.com/mattn/go-colorable@v0.1.14", + "UID": "c16cf45c06e79acf" + }, + "Version": "v0.1.14", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mattn/go-isatty@v0.0.20", + "Name": "github.com/mattn/go-isatty", + "Identifier": { + "PURL": "pkg:golang/github.com/mattn/go-isatty@v0.0.20", + "UID": "2f5421b35bf75eab" + }, + "Version": "v0.0.20", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mattn/go-runewidth@v0.0.16", + "Name": "github.com/mattn/go-runewidth", + "Identifier": { + "PURL": "pkg:golang/github.com/mattn/go-runewidth@v0.0.16", + "UID": "730b4c1aa6ab9a2c" + }, + "Version": "v0.0.16", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mattn/go-shellwords@v1.0.12", + "Name": "github.com/mattn/go-shellwords", + "Identifier": { + "PURL": "pkg:golang/github.com/mattn/go-shellwords@v1.0.12", + "UID": "651d43a59d70bb03" + }, + "Version": "v1.0.12", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mattn/go-sqlite3@v1.14.32", + "Name": "github.com/mattn/go-sqlite3", + "Identifier": { + "PURL": "pkg:golang/github.com/mattn/go-sqlite3@v1.14.32", + "UID": "d812557c824c0278" + }, + "Version": "v1.14.32", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/meilisearch/meilisearch-go@v0.33.2", + "Name": "github.com/meilisearch/meilisearch-go", + "Identifier": { + "PURL": "pkg:golang/github.com/meilisearch/meilisearch-go@v0.33.2", + "UID": "7bdf2519fd05b261" + }, + "Version": "v0.33.2", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mholt/acmez/v3@v3.1.2", + "Name": "github.com/mholt/acmez/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/mholt/acmez/v3@v3.1.2", + "UID": "3d703958381f87b5" + }, + "Version": "v3.1.2", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mholt/archives@v0.1.5-0.20251009205813-e30ac6010726", + "Name": "github.com/mholt/archives", + "Identifier": { + "PURL": "pkg:golang/github.com/mholt/archives@v0.1.5-0.20251009205813-e30ac6010726", + "UID": "b4bec91e6f0464b1" + }, + "Version": "v0.1.5-0.20251009205813-e30ac6010726", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/microcosm-cc/bluemonday@v1.0.27", + "Name": "github.com/microcosm-cc/bluemonday", + "Identifier": { + "PURL": "pkg:golang/github.com/microcosm-cc/bluemonday@v1.0.27", + "UID": "c3081e460ee872b" + }, + "Version": "v1.0.27", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/microsoft/go-mssqldb@v1.9.3", + "Name": "github.com/microsoft/go-mssqldb", + "Identifier": { + "PURL": "pkg:golang/github.com/microsoft/go-mssqldb@v1.9.3", + "UID": "867425ab113e0b58" + }, + "Version": "v1.9.3", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/miekg/dns@v1.1.68", + "Name": "github.com/miekg/dns", + "Identifier": { + "PURL": "pkg:golang/github.com/miekg/dns@v1.1.68", + "UID": "21c28a435c08b0c7" + }, + "Version": "v1.1.68", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mikelolasagasti/xz@v1.0.1", + "Name": "github.com/mikelolasagasti/xz", + "Identifier": { + "PURL": "pkg:golang/github.com/mikelolasagasti/xz@v1.0.1", + "UID": "2ed169776af7fbc6" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/minio/crc64nvme@v1.1.1", + "Name": "github.com/minio/crc64nvme", + "Identifier": { + "PURL": "pkg:golang/github.com/minio/crc64nvme@v1.1.1", + "UID": "91523945c88cf673" + }, + "Version": "v1.1.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/minio/md5-simd@v1.1.2", + "Name": "github.com/minio/md5-simd", + "Identifier": { + "PURL": "pkg:golang/github.com/minio/md5-simd@v1.1.2", + "UID": "52e869d999bd1a00" + }, + "Version": "v1.1.2", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/minio/minio-go/v7@v7.0.95", + "Name": "github.com/minio/minio-go/v7", + "Identifier": { + "PURL": "pkg:golang/github.com/minio/minio-go/v7@v7.0.95", + "UID": "b74c6f09172ed964" + }, + "Version": "v7.0.95", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/minio/minlz@v1.0.1", + "Name": "github.com/minio/minlz", + "Identifier": { + "PURL": "pkg:golang/github.com/minio/minlz@v1.0.1", + "UID": "70986ca2657d5626" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mitchellh/mapstructure@v1.5.0", + "Name": "github.com/mitchellh/mapstructure", + "Identifier": { + "PURL": "pkg:golang/github.com/mitchellh/mapstructure@v1.5.0", + "UID": "eba2e637f6073fe6" + }, + "Version": "v1.5.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "Name": "github.com/modern-go/concurrent", + "Identifier": { + "PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "UID": "6305581188e51b76" + }, + "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/modern-go/reflect2@v1.0.2", + "Name": "github.com/modern-go/reflect2", + "Identifier": { + "PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.2", + "UID": "fbe5ef02230e6de" + }, + "Version": "v1.0.2", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mrjones/oauth@v0.0.0-20190623134757-126b35219450", + "Name": "github.com/mrjones/oauth", + "Identifier": { + "PURL": "pkg:golang/github.com/mrjones/oauth@v0.0.0-20190623134757-126b35219450", + "UID": "ea2ebc4184e6e6a8" + }, + "Version": "v0.0.0-20190623134757-126b35219450", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "Name": "github.com/munnerz/goautoneg", + "Identifier": { + "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "UID": "de98a7e62139db3c" + }, + "Version": "v0.0.0-20191010083416-a7dc8b61c822", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/niklasfasching/go-org@v1.9.1", + "Name": "github.com/niklasfasching/go-org", + "Identifier": { + "PURL": "pkg:golang/github.com/niklasfasching/go-org@v1.9.1", + "UID": "50a2ce6a4d90e986" + }, + "Version": "v1.9.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/nwaples/rardecode/v2@v2.2.0", + "Name": "github.com/nwaples/rardecode/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/nwaples/rardecode/v2@v2.2.0", + "UID": "bc82081f58df82fa" + }, + "Version": "v2.2.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/olekukonko/cat@v0.0.0-20250817074551-3280053e4e00", + "Name": "github.com/olekukonko/cat", + "Identifier": { + "PURL": "pkg:golang/github.com/olekukonko/cat@v0.0.0-20250817074551-3280053e4e00", + "UID": "7f639fb6ffb974ca" + }, + "Version": "v0.0.0-20250817074551-3280053e4e00", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/olekukonko/errors@v1.1.0", + "Name": "github.com/olekukonko/errors", + "Identifier": { + "PURL": "pkg:golang/github.com/olekukonko/errors@v1.1.0", + "UID": "9c2e2e875cf8622b" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/olekukonko/ll@v0.1.0", + "Name": "github.com/olekukonko/ll", + "Identifier": { + "PURL": "pkg:golang/github.com/olekukonko/ll@v0.1.0", + "UID": "aef0ba04369cab32" + }, + "Version": "v0.1.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/olekukonko/tablewriter@v1.0.9", + "Name": "github.com/olekukonko/tablewriter", + "Identifier": { + "PURL": "pkg:golang/github.com/olekukonko/tablewriter@v1.0.9", + "UID": "ebbc3c0e0d0d202e" + }, + "Version": "v1.0.9", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/olivere/elastic/v7@v7.0.32", + "Name": "github.com/olivere/elastic/v7", + "Identifier": { + "PURL": "pkg:golang/github.com/olivere/elastic/v7@v7.0.32", + "UID": "a7a747869de845e0" + }, + "Version": "v7.0.32", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/opencontainers/go-digest@v1.0.0", + "Name": "github.com/opencontainers/go-digest", + "Identifier": { + "PURL": "pkg:golang/github.com/opencontainers/go-digest@v1.0.0", + "UID": "cef9935fb56bb114" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/opencontainers/image-spec@v1.1.1", + "Name": "github.com/opencontainers/image-spec", + "Identifier": { + "PURL": "pkg:golang/github.com/opencontainers/image-spec@v1.1.1", + "UID": "dad715a0f107d65a" + }, + "Version": "v1.1.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/philhofer/fwd@v1.2.0", + "Name": "github.com/philhofer/fwd", + "Identifier": { + "PURL": "pkg:golang/github.com/philhofer/fwd@v1.2.0", + "UID": "d41105b52ec6ab29" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pierrec/lz4/v4@v4.1.22", + "Name": "github.com/pierrec/lz4/v4", + "Identifier": { + "PURL": "pkg:golang/github.com/pierrec/lz4/v4@v4.1.22", + "UID": "8a086cb9d35763f0" + }, + "Version": "v4.1.22", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pjbgf/sha1cd@v0.4.0", + "Name": "github.com/pjbgf/sha1cd", + "Identifier": { + "PURL": "pkg:golang/github.com/pjbgf/sha1cd@v0.4.0", + "UID": "d31211086459f93" + }, + "Version": "v0.4.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pkg/errors@v0.9.1", + "Name": "github.com/pkg/errors", + "Identifier": { + "PURL": "pkg:golang/github.com/pkg/errors@v0.9.1", + "UID": "630373933ae4be8e" + }, + "Version": "v0.9.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pmezard/go-difflib@v1.0.1-0.20181226105442-5d4384ee4fb2", + "Name": "github.com/pmezard/go-difflib", + "Identifier": { + "PURL": "pkg:golang/github.com/pmezard/go-difflib@v1.0.1-0.20181226105442-5d4384ee4fb2", + "UID": "5c4e5147c9d7f474" + }, + "Version": "v1.0.1-0.20181226105442-5d4384ee4fb2", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pquerna/otp@v1.5.0", + "Name": "github.com/pquerna/otp", + "Identifier": { + "PURL": "pkg:golang/github.com/pquerna/otp@v1.5.0", + "UID": "d7ea19c9d40abaa4" + }, + "Version": "v1.5.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_golang@v1.23.0", + "Name": "github.com/prometheus/client_golang", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.23.0", + "UID": "a855b0d0450649b0" + }, + "Version": "v1.23.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_model@v0.6.2", + "Name": "github.com/prometheus/client_model", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_model@v0.6.2", + "UID": "bf6f406a5a1b6a00" + }, + "Version": "v0.6.2", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/common@v0.65.0", + "Name": "github.com/prometheus/common", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/common@v0.65.0", + "UID": "a1f86cf77d168074" + }, + "Version": "v0.65.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/procfs@v0.17.0", + "Name": "github.com/prometheus/procfs", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/procfs@v0.17.0", + "UID": "80eba20cb2dd3bc6" + }, + "Version": "v0.17.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/redis/go-redis/v9@v9.12.1", + "Name": "github.com/redis/go-redis/v9", + "Identifier": { + "PURL": "pkg:golang/github.com/redis/go-redis/v9@v9.12.1", + "UID": "52212cb78249e7e9" + }, + "Version": "v9.12.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/rhysd/actionlint@v1.7.7", + "Name": "github.com/rhysd/actionlint", + "Identifier": { + "PURL": "pkg:golang/github.com/rhysd/actionlint@v1.7.7", + "UID": "f1f1f12dd2a1f843" + }, + "Version": "v1.7.7", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/rivo/uniseg@v0.4.7", + "Name": "github.com/rivo/uniseg", + "Identifier": { + "PURL": "pkg:golang/github.com/rivo/uniseg@v0.4.7", + "UID": "92b705614a85ed3a" + }, + "Version": "v0.4.7", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/robfig/cron/v3@v3.0.1", + "Name": "github.com/robfig/cron/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/robfig/cron/v3@v3.0.1", + "UID": "e9476a1ba8da1e3d" + }, + "Version": "v3.0.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/rs/xid@v1.6.0", + "Name": "github.com/rs/xid", + "Identifier": { + "PURL": "pkg:golang/github.com/rs/xid@v1.6.0", + "UID": "6f237e952d57ba52" + }, + "Version": "v1.6.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/russross/blackfriday/v2@v2.1.0", + "Name": "github.com/russross/blackfriday/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/russross/blackfriday/v2@v2.1.0", + "UID": "1965da1e0269c38" + }, + "Version": "v2.1.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/santhosh-tekuri/jsonschema/v5@v5.3.1", + "Name": "github.com/santhosh-tekuri/jsonschema/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/santhosh-tekuri/jsonschema/v5@v5.3.1", + "UID": "883591b47af86c84" + }, + "Version": "v5.3.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/sassoftware/go-rpmutils@v0.4.0", + "Name": "github.com/sassoftware/go-rpmutils", + "Identifier": { + "PURL": "pkg:golang/github.com/sassoftware/go-rpmutils@v0.4.0", + "UID": "ddfe2bd426ee695f" + }, + "Version": "v0.4.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/sergi/go-diff@v1.4.0", + "Name": "github.com/sergi/go-diff", + "Identifier": { + "PURL": "pkg:golang/github.com/sergi/go-diff@v1.4.0", + "UID": "228ee6daeb9eb27c" + }, + "Version": "v1.4.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/sirupsen/logrus@v1.9.3", + "Name": "github.com/sirupsen/logrus", + "Identifier": { + "PURL": "pkg:golang/github.com/sirupsen/logrus@v1.9.3", + "UID": "1c5350ce10229010" + }, + "Version": "v1.9.3", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/skeema/knownhosts@v1.3.1", + "Name": "github.com/skeema/knownhosts", + "Identifier": { + "PURL": "pkg:golang/github.com/skeema/knownhosts@v1.3.1", + "UID": "112a16619e000685" + }, + "Version": "v1.3.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/sorairolake/lzip-go@v0.3.8", + "Name": "github.com/sorairolake/lzip-go", + "Identifier": { + "PURL": "pkg:golang/github.com/sorairolake/lzip-go@v0.3.8", + "UID": "a4ea81b766d21218" + }, + "Version": "v0.3.8", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/afero@v1.15.0", + "Name": "github.com/spf13/afero", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/afero@v1.15.0", + "UID": "dafc9067f97a7f50" + }, + "Version": "v1.15.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/ssor/bom@v0.0.0-20170718123548-6386211fdfcf", + "Name": "github.com/ssor/bom", + "Identifier": { + "PURL": "pkg:golang/github.com/ssor/bom@v0.0.0-20170718123548-6386211fdfcf", + "UID": "de98add724d0f7af" + }, + "Version": "v0.0.0-20170718123548-6386211fdfcf", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/stretchr/testify@v1.11.1", + "Name": "github.com/stretchr/testify", + "Identifier": { + "PURL": "pkg:golang/github.com/stretchr/testify@v1.11.1", + "UID": "3d7fd043e7928a6" + }, + "Version": "v1.11.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/syndtr/goleveldb@v1.0.0", + "Name": "github.com/syndtr/goleveldb", + "Identifier": { + "PURL": "pkg:golang/github.com/syndtr/goleveldb@v1.0.0", + "UID": "4143ac8552ecc6a" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/tinylib/msgp@v1.4.0", + "Name": "github.com/tinylib/msgp", + "Identifier": { + "PURL": "pkg:golang/github.com/tinylib/msgp@v1.4.0", + "UID": "9afd4d890adb7da4" + }, + "Version": "v1.4.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/tstranex/u2f@v1.0.0", + "Name": "github.com/tstranex/u2f", + "Identifier": { + "PURL": "pkg:golang/github.com/tstranex/u2f@v1.0.0", + "UID": "1ec13501ebf37f0a" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/ulikunitz/xz@v0.5.15", + "Name": "github.com/ulikunitz/xz", + "Identifier": { + "PURL": "pkg:golang/github.com/ulikunitz/xz@v0.5.15", + "UID": "589091b7da9a1bab" + }, + "Version": "v0.5.15", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/unknwon/com@v1.0.1", + "Name": "github.com/unknwon/com", + "Identifier": { + "PURL": "pkg:golang/github.com/unknwon/com@v1.0.1", + "UID": "1415a07c6059fe3e" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/urfave/cli-docs/v3@v3.0.0-alpha6", + "Name": "github.com/urfave/cli-docs/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/urfave/cli-docs/v3@v3.0.0-alpha6", + "UID": "91cc1d20b3286434" + }, + "Version": "v3.0.0-alpha6", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/urfave/cli/v3@v3.4.1", + "Name": "github.com/urfave/cli/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/urfave/cli/v3@v3.4.1", + "UID": "e538b3a8e33d40e6" + }, + "Version": "v3.4.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/valyala/fastjson@v1.6.4", + "Name": "github.com/valyala/fastjson", + "Identifier": { + "PURL": "pkg:golang/github.com/valyala/fastjson@v1.6.4", + "UID": "a86484f75ce841a1" + }, + "Version": "v1.6.4", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/wneessen/go-mail@v0.7.2", + "Name": "github.com/wneessen/go-mail", + "Identifier": { + "PURL": "pkg:golang/github.com/wneessen/go-mail@v0.7.2", + "UID": "f94565e816fb3904" + }, + "Version": "v0.7.2", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/x448/float16@v0.8.4", + "Name": "github.com/x448/float16", + "Identifier": { + "PURL": "pkg:golang/github.com/x448/float16@v0.8.4", + "UID": "26da15d581047392" + }, + "Version": "v0.8.4", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/xanzy/ssh-agent@v0.3.3", + "Name": "github.com/xanzy/ssh-agent", + "Identifier": { + "PURL": "pkg:golang/github.com/xanzy/ssh-agent@v0.3.3", + "UID": "a681331c1410154f" + }, + "Version": "v0.3.3", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/xi2/xz@v0.0.0-20171230120015-48954b6210f8", + "Name": "github.com/xi2/xz", + "Identifier": { + "PURL": "pkg:golang/github.com/xi2/xz@v0.0.0-20171230120015-48954b6210f8", + "UID": "ae1836dded0e6b85" + }, + "Version": "v0.0.0-20171230120015-48954b6210f8", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/yohcop/openid-go@v1.0.1", + "Name": "github.com/yohcop/openid-go", + "Identifier": { + "PURL": "pkg:golang/github.com/yohcop/openid-go@v1.0.1", + "UID": "99b23f6617d53037" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/yuin/goldmark@v1.7.13", + "Name": "github.com/yuin/goldmark", + "Identifier": { + "PURL": "pkg:golang/github.com/yuin/goldmark@v1.7.13", + "UID": "e0c4cd07007fc1b5" + }, + "Version": "v1.7.13", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/yuin/goldmark-highlighting/v2@v2.0.0-20230729083705-37449abec8cc", + "Name": "github.com/yuin/goldmark-highlighting/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/yuin/goldmark-highlighting/v2@v2.0.0-20230729083705-37449abec8cc", + "UID": "2b9f4ed0815c8f1c" + }, + "Version": "v2.0.0-20230729083705-37449abec8cc", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/yuin/goldmark-meta@v1.1.0", + "Name": "github.com/yuin/goldmark-meta", + "Identifier": { + "PURL": "pkg:golang/github.com/yuin/goldmark-meta@v1.1.0", + "UID": "548380fabffe9129" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/zeebo/blake3@v0.2.4", + "Name": "github.com/zeebo/blake3", + "Identifier": { + "PURL": "pkg:golang/github.com/zeebo/blake3@v0.2.4", + "UID": "ae0224140088738b" + }, + "Version": "v0.2.4", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gitlab.com/gitlab-org/api/client-go@v0.142.4", + "Name": "gitlab.com/gitlab-org/api/client-go", + "Identifier": { + "PURL": "pkg:golang/gitlab.com/gitlab-org/api/client-go@v0.142.4", + "UID": "2c36a1fe0e5f84c7" + }, + "Version": "v0.142.4", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.etcd.io/bbolt@v1.4.3", + "Name": "go.etcd.io/bbolt", + "Identifier": { + "PURL": "pkg:golang/go.etcd.io/bbolt@v1.4.3", + "UID": "63f997ce564ddd15" + }, + "Version": "v1.4.3", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/atomic@v1.11.0", + "Name": "go.uber.org/atomic", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/atomic@v1.11.0", + "UID": "cc20ac8bfb4b1665" + }, + "Version": "v1.11.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/multierr@v1.11.0", + "Name": "go.uber.org/multierr", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/multierr@v1.11.0", + "UID": "c57afca7ad2449b0" + }, + "Version": "v1.11.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/zap@v1.27.0", + "Name": "go.uber.org/zap", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/zap@v1.27.0", + "UID": "b422d88c86059b2a" + }, + "Version": "v1.27.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/zap/exp@v0.3.0", + "Name": "go.uber.org/zap/exp", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/zap/exp@v0.3.0", + "UID": "ef542e6d7f415eda" + }, + "Version": "v0.3.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go4.org@v0.0.0-20230225012048-214862532bf5", + "Name": "go4.org", + "Identifier": { + "PURL": "pkg:golang/go4.org@v0.0.0-20230225012048-214862532bf5", + "UID": "9b1c5946e54e85be" + }, + "Version": "v0.0.0-20230225012048-214862532bf5", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/crypto@v0.45.0", + "Name": "golang.org/x/crypto", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.45.0", + "UID": "1f440c2c2fa951e7" + }, + "Version": "v0.45.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/image@v0.30.0", + "Name": "golang.org/x/image", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/image@v0.30.0", + "UID": "9b2532576c73aebf" + }, + "Version": "v0.30.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/mod@v0.29.0", + "Name": "golang.org/x/mod", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/mod@v0.29.0", + "UID": "1247e1f6196001e0" + }, + "Version": "v0.29.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/net@v0.47.0", + "Name": "golang.org/x/net", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.47.0", + "UID": "5de9c3342d9820b4" + }, + "Version": "v0.47.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/oauth2@v0.30.0", + "Name": "golang.org/x/oauth2", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/oauth2@v0.30.0", + "UID": "8599f6247242b74d" + }, + "Version": "v0.30.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sync@v0.18.0", + "Name": "golang.org/x/sync", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sync@v0.18.0", + "UID": "675ef8dd6c383af3" + }, + "Version": "v0.18.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sys@v0.38.0", + "Name": "golang.org/x/sys", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sys@v0.38.0", + "UID": "a879bab7c8848b13" + }, + "Version": "v0.38.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/text@v0.31.0", + "Name": "golang.org/x/text", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/text@v0.31.0", + "UID": "2395d72b1df0ba47" + }, + "Version": "v0.31.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/time@v0.12.0", + "Name": "golang.org/x/time", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/time@v0.12.0", + "UID": "623a235a883c9107" + }, + "Version": "v0.12.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/genproto/googleapis/rpc@v0.0.0-20250826171959-ef028d996bc1", + "Name": "google.golang.org/genproto/googleapis/rpc", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/genproto/googleapis/rpc@v0.0.0-20250826171959-ef028d996bc1", + "UID": "1b0f095ccbeb12cf" + }, + "Version": "v0.0.0-20250826171959-ef028d996bc1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/grpc@v1.75.0", + "Name": "google.golang.org/grpc", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/grpc@v1.75.0", + "UID": "c8f4871c465ee2e0" + }, + "Version": "v1.75.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/protobuf@v1.36.8", + "Name": "google.golang.org/protobuf", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/protobuf@v1.36.8", + "UID": "9238da984147a719" + }, + "Version": "v1.36.8", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/ini.v1@v1.67.0", + "Name": "gopkg.in/ini.v1", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/ini.v1@v1.67.0", + "UID": "58404be1b22dc8ff" + }, + "Version": "v1.67.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/warnings.v0@v0.1.2", + "Name": "gopkg.in/warnings.v0", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/warnings.v0@v0.1.2", + "UID": "2f1c893bd7c1260f" + }, + "Version": "v0.1.2", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v2@v2.4.0", + "Name": "gopkg.in/yaml.v2", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", + "UID": "55354a85c7b90f74" + }, + "Version": "v2.4.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v3@v3.0.1", + "Name": "gopkg.in/yaml.v3", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", + "UID": "2f53344b8637529c" + }, + "Version": "v3.0.1", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "mvdan.cc/xurls/v2@v2.6.0", + "Name": "mvdan.cc/xurls/v2", + "Identifier": { + "PURL": "pkg:golang/mvdan.cc/xurls/v2@v2.6.0", + "UID": "eb2cf88580067ccb" + }, + "Version": "v2.6.0", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "strk.kbt.io/projects/go/libravatar@v0.0.0-20191008002943-06d1c002b251", + "Name": "strk.kbt.io/projects/go/libravatar", + "Identifier": { + "PURL": "pkg:golang/strk.kbt.io/projects/go/libravatar@v0.0.0-20191008002943-06d1c002b251", + "UID": "4160f80d94cebd73" + }, + "Version": "v0.0.0-20191008002943-06d1c002b251", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "xorm.io/builder@v0.3.13", + "Name": "xorm.io/builder", + "Identifier": { + "PURL": "pkg:golang/xorm.io/builder@v0.3.13", + "UID": "f2afd6ba8607dbb4" + }, + "Version": "v0.3.13", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "xorm.io/xorm@v1.3.10", + "Name": "xorm.io/xorm", + "Identifier": { + "PURL": "pkg:golang/xorm.io/xorm@v1.3.10", + "UID": "10238fd85d61c61b" + }, + "Version": "v1.3.10", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2026-32952", + "VendorIDs": [ + "GHSA-pjcq-xvwq-hhpj" + ], + "PkgID": "github.com/Azure/go-ntlmssp@v0.0.0-20221128193559-754e69321358", + "PkgName": "github.com/Azure/go-ntlmssp", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/azure/go-ntlmssp@v0.0.0-20221128193559-754e69321358", + "UID": "89db9f082fcddcb4" + }, + "InstalledVersion": "v0.0.0-20221128193559-754e69321358", + "FixedVersion": "0.1.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32952", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:efff73654d1d85cf440c39f4374cc462d3c6046bc6c1e3f664ae0c8a77340af4", + "Title": "go-ntlmssp: go-ntlmssp: Denial of Service via malicious NTLM challenge", + "Description": "go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1 patches the issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32952", + "https://github.com/Azure/go-ntlmssp", + "https://github.com/Azure/go-ntlmssp/releases/tag/v0.1.1", + "https://github.com/Azure/go-ntlmssp/security/advisories/GHSA-pjcq-xvwq-hhpj", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32952", + "https://www.cve.org/CVERecord?id=CVE-2026-32952" + ], + "PublishedDate": "2026-04-24T03:16:07.833Z", + "LastModifiedDate": "2026-05-21T18:22:06.247Z" + }, + { + "VulnerabilityID": "CVE-2026-44973", + "VendorIDs": [ + "GHSA-qw64-3x98-g7q2" + ], + "PkgID": "github.com/go-git/go-billy/v5@v5.6.2", + "PkgName": "github.com/go-git/go-billy/v5", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/go-git/go-billy/v5@v5.6.2", + "UID": "b26c271ca2b04f93" + }, + "InstalledVersion": "v5.6.2", + "FixedVersion": "5.9.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44973", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:b70b4da5dd2a4b814e74e409dd56ecddb0ee60a705bac6742dda82d15ea8d4a9", + "Title": "go-billy has path traversal vulnerabilities", + "Description": "### Impact\nMultiple path traversal issues exist across different components of `go-billy`. Insufficient path sanitization and boundary enforcement may allow crafted paths (e.g., using `..`) to escape intended base directories.\n\nWhile go-billy was not originally designed to provide a strong security boundary, some of these issues were inconsistent across some of the built-in implementations. This results in scenarios where applications relying on `go-billy` for some level of isolation may inadvertently expose access to unintended filesystem locations.\n\nThe `osfs.ChrootOS` implementation is notably affected by this vulnerability and is now deprecated in `v5`, removed at `v6`. Users are recommended to move on to `osfs.BoundOS` instead: `osfs.New(path, WithBoundOS())`.\n\nUsers requiring stronger security boundary enforcement are recommended to upgrade to `v6`, where the `osfs` implementation are backed by the [traversal-resistant](https://go.dev/blog/osroot) primitive [os.Root](https://pkg.go.dev/os#Root).\n\n### Patches\nUsers should upgrade to a patched version in order to mitigate this vulnerability. Versions prior to `v5` are likely to be affected, users are recommended to upgrade to a supported `go-billy` version.\n\n### Credits\nThanks to @faran66 and @vnykmshr for finding and separately reporting this issue privately to the go-git project. 🙇", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 8.1 + } + }, + "References": [ + "https://github.com/go-git/go-billy", + "https://github.com/go-git/go-billy/releases/tag/v5.9.0", + "https://github.com/go-git/go-billy/releases/tag/v6.0.0-alpha.1", + "https://github.com/go-git/go-billy/security/advisories/GHSA-qw64-3x98-g7q2" + ] + }, + { + "VulnerabilityID": "CVE-2026-44740", + "VendorIDs": [ + "GHSA-m3xc-h892-ggx6" + ], + "PkgID": "github.com/go-git/go-billy/v5@v5.6.2", + "PkgName": "github.com/go-git/go-billy/v5", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/go-git/go-billy/v5@v5.6.2", + "UID": "b26c271ca2b04f93" + }, + "InstalledVersion": "v5.6.2", + "FixedVersion": "5.9.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44740", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:88246ec9989697e665e8ce73174cbc0127722373fba30b567bf75165719c56ee", + "Title": "go-billy: Lack of depth and cycle detection in symlink resolution may lead to infinite loops and resource exhaustion", + "Description": "### Impact\nMultiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption.\n\nThese issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or defensive handling of unexpected states when processing untrusted repository data and filesystem structures.\n\n### Patches\nUsers should upgrade to a patched version in order to mitigate this vulnerability. Versions prior to `v5` are likely to be affected, users are recommended to upgrade to a supported `go-billy` version.\n\n### Credits\nThanks to @faran66 for finding and reporting this issue privately to the go-git project. 🙇", + "Severity": "MEDIUM", + "VendorSeverity": { + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://github.com/go-git/go-billy", + "https://github.com/go-git/go-billy/releases/tag/v5.9.0", + "https://github.com/go-git/go-billy/releases/tag/v6.0.0-alpha.1", + "https://github.com/go-git/go-billy/security/advisories/GHSA-m3xc-h892-ggx6" + ] + }, + { + "VulnerabilityID": "CVE-2026-45022", + "VendorIDs": [ + "GHSA-389r-gv7p-r3rp" + ], + "PkgID": "github.com/go-git/go-git/v5@v5.16.5", + "PkgName": "github.com/go-git/go-git/v5", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/go-git/go-git/v5@v5.16.5", + "UID": "19d984b6d8e0b0e5" + }, + "InstalledVersion": "v5.16.5", + "FixedVersion": "5.19.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-45022", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:41a9b492965232c43eb711ac3ac7a2dcccb68886c5ff001b2e4efc2c6fbf10fc", + "Title": "go-git's improper parsing of specially crafted objects may lead to inconsistent interpretation compared to upstream Git", + "Description": "### Impact\n`go-git` may parse malformed Git objects in a way that differs from upstream Git. When `commit` or `tag` objects contain ambiguous or malformed headers, `go-git`’s decoded representation may expose values differently from how Git itself would interpret or reject the same object.\n\nAdditionally, `go-git`’s commit signing and verification logic operates over commit data reconstructed from `go-git`’s parsed representation rather than the original raw object bytes. As a result, `go-git` may sign or verify a commit payload that is not byte-for-byte equivalent to the object stored in the repository.\n\nThis can cause a signature to appear valid for a commit whose displayed or effective metadata differs from the object that was intended to be signed.\n\n### Patches\nUsers should upgrade to a patched version in order to mitigate this vulnerability. Versions prior to v5 are likely to be affected, users are recommended to upgrade to a supported `go-git` version.\n\n### Credit\n\nThanks to @bugbunny-research (https://bugbunny.ai/) for reporting this to `sigstore/gitsign`, and to @wlynch, @patzielinski and @adityasaky for coordinating the disclosure with the `go-git` project. :bow: :1st_place_medal: \n\nThanks to @wayphinder for reporting this to the `go-git` project. :bow:", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N", + "V40Score": 7 + } + }, + "References": [ + "https://github.com/go-git/go-git", + "https://github.com/go-git/go-git/security/advisories/GHSA-389r-gv7p-r3rp" + ] + }, + { + "VulnerabilityID": "CVE-2026-34165", + "VendorIDs": [ + "GHSA-jhf3-xxhw-2wpp" + ], + "PkgID": "github.com/go-git/go-git/v5@v5.16.5", + "PkgName": "github.com/go-git/go-git/v5", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/go-git/go-git/v5@v5.16.5", + "UID": "19d984b6d8e0b0e5" + }, + "InstalledVersion": "v5.16.5", + "FixedVersion": "5.17.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34165", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:02058a2aea2669d514647177be68c9a0c23446452f807ea48e78bcf3d94e1160", + "Title": "github.com/go-git/go-git/v5: go-git: Denial of Service via crafted .idx file", + "Description": "go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a denial-of-service (DoS) condition. Exploitation requires write access to the local repository's .git directory, it order to create or alter existing .idx files. This issue has been patched in version 5.17.1.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-191", + "CWE-770" + ], + "VendorSeverity": { + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-34165", + "https://github.com/go-git/go-git", + "https://github.com/go-git/go-git/releases/tag/v5.17.1", + "https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp", + "https://nvd.nist.gov/vuln/detail/CVE-2026-34165", + "https://www.cve.org/CVERecord?id=CVE-2026-34165" + ], + "PublishedDate": "2026-03-31T15:16:17.343Z", + "LastModifiedDate": "2026-04-02T16:49:16.047Z" + }, + { + "VulnerabilityID": "CVE-2026-41506", + "VendorIDs": [ + "GHSA-3xc5-wrhm-f963" + ], + "PkgID": "github.com/go-git/go-git/v5@v5.16.5", + "PkgName": "github.com/go-git/go-git/v5", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/go-git/go-git/v5@v5.16.5", + "UID": "19d984b6d8e0b0e5" + }, + "InstalledVersion": "v5.16.5", + "FixedVersion": "5.18.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41506", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:353ce0145752fe89ea72fcb6bea51996b47dd1381724df57b122f43aba3a64c6", + "Title": "golang: github.com/go-git/go-git: go-git: Information disclosure of HTTP authentication credentials via redirects", + "Description": "go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha.2.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-522" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", + "V3Score": 4.7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-41506", + "https://github.com/go-git/go-git", + "https://github.com/go-git/go-git/releases/tag/v5.18.0", + "https://github.com/go-git/go-git/releases/tag/v6.0.0-alpha.2", + "https://github.com/go-git/go-git/security/advisories/GHSA-3xc5-wrhm-f963", + "https://nvd.nist.gov/vuln/detail/CVE-2026-41506", + "https://www.cve.org/CVERecord?id=CVE-2026-41506" + ], + "PublishedDate": "2026-05-08T14:16:33.983Z", + "LastModifiedDate": "2026-05-12T14:33:02.04Z" + }, + { + "VulnerabilityID": "CVE-2026-45571", + "VendorIDs": [ + "GHSA-crhj-59gh-8x96" + ], + "PkgID": "github.com/go-git/go-git/v5@v5.16.5", + "PkgName": "github.com/go-git/go-git/v5", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/go-git/go-git/v5@v5.16.5", + "UID": "19d984b6d8e0b0e5" + }, + "InstalledVersion": "v5.16.5", + "FixedVersion": "5.19.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-45571", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:47c8e6807a26888f798607bc21f8c3563e6d942e16fc9a18143b2f564af41c13", + "Title": "go-git: Crafted repositories may modify main and submodule .git directories", + "Description": "### Impact\nA path validation issue in `go-git` could allow crafted repository data to affect files outside the intended checkout target, including the repository's `.git` directory.\n\nThese validations were introduced in upstream Git years ago, so the vulnerability arose from go-git drifting from those checks. Some attack vectors were platform-specific: certain payloads affected only Windows users, others affected only macOS users, and some applied across all supported platforms.\n\nUsing non-descendant `go-billy` filesystem instances, or different filesystem types, for the `Storer` and `Worktree` may provide some isolation against `.git` directory manipulation. For example, users that store the `.git` directory through `memfs` while using `osfs` for the worktree are not affected by this vulnerability in the main repository, because repository metadata is not materialized inside the worktree filesystem.\n\nHowever, this isolation does not necessarily apply when the repository contains submodules, since submodule dotgit directories may still be represented or materialized within the worktree context.\n\nIt is important to note that exploitation requires a maliciously crafted repository payload. Users should always exercise caution when interacting with repositories or Git servers they do not trust.\n\n### Patches\nUsers should upgrade to a patched version in order to mitigate this vulnerability. Versions prior to `v5` are likely to be affected, users are recommended to upgrade to a supported go-git version.\n\n### Credits\nThanks to @kodareef5, @AyushParkara and @N0zoM1z0 for reporting this to the go-git project in three separate reports. 🙇", + "Severity": "MEDIUM", + "VendorSeverity": { + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "https://github.com/go-git/go-git", + "https://github.com/go-git/go-git/security/advisories/GHSA-crhj-59gh-8x96" + ] + }, + { + "VulnerabilityID": "CVE-2026-33809", + "VendorIDs": [ + "GHSA-44p7-9xx4-hf2g" + ], + "PkgID": "golang.org/x/image@v0.30.0", + "PkgName": "golang.org/x/image", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/image@v0.30.0", + "UID": "9b2532576c73aebf" + }, + "InstalledVersion": "v0.30.0", + "FixedVersion": "0.38.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33809", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:f2f409313c25ffd2b0a0d6e87e96f89f4e2cef3cdc2dd5857cd3c9bbd0b68a23", + "Title": "golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file", + "Description": "A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-434" + ], + "VendorSeverity": { + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-33809", + "https://cs.opensource.google/go/x/image", + "https://go.dev/cl/757660", + "https://go.dev/issue/78267", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33809", + "https://pkg.go.dev/vuln/GO-2026-4815", + "https://www.cve.org/CVERecord?id=CVE-2026-33809" + ], + "PublishedDate": "2026-03-25T19:16:51.83Z", + "LastModifiedDate": "2026-04-21T16:30:41.977Z" + }, + { + "VulnerabilityID": "CVE-2026-33186", + "VendorIDs": [ + "GHSA-p77j-4mvh-x3m3" + ], + "PkgID": "google.golang.org/grpc@v1.75.0", + "PkgName": "google.golang.org/grpc", + "PkgIdentifier": { + "PURL": "pkg:golang/google.golang.org/grpc@v1.75.0", + "UID": "c8f4871c465ee2e0" + }, + "InstalledVersion": "v1.75.0", + "FixedVersion": "1.79.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33186", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:21922d46e544244690e95a8c056701ed2b2139df7308bd610bc652cdb4953b0f", + "Title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation", + "Description": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-285" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 4, + "photon": 4, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-33186", + "https://github.com/grpc/grpc-go", + "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33186", + "https://www.cve.org/CVERecord?id=CVE-2026-33186" + ], + "PublishedDate": "2026-03-20T23:16:45.18Z", + "LastModifiedDate": "2026-04-10T20:49:17.737Z" + }, + { + "VulnerabilityID": "CVE-2026-32280", + "VendorIDs": [ + "GO-2026-4947" + ], + "PkgID": "stdlib@v1.25.8", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "48e381d4b7a397b1" + }, + "InstalledVersion": "v1.25.8", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e9a19d5f0ed173203e1a784840500eb5b12f82b241ddb1eb558e695141ad11d2", + "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", + "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32280", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/758320", + "https://go.dev/issue/78282", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32280.html", + "https://linux.oracle.com/errata/ELSA-2026-16875.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", + "https://pkg.go.dev/vuln/GO-2026-4947", + "https://www.cve.org/CVERecord?id=CVE-2026-32280" + ], + "PublishedDate": "2026-04-08T02:16:03.247Z", + "LastModifiedDate": "2026-04-16T19:16:42.18Z" + }, + { + "VulnerabilityID": "CVE-2026-32281", + "VendorIDs": [ + "GO-2026-4946" + ], + "PkgID": "stdlib@v1.25.8", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "48e381d4b7a397b1" + }, + "InstalledVersion": "v1.25.8", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d7d5fa4689a76f4b0d91cbca3b62f32b767b6f33512e2fbebdfc1e7b53a82a7a", + "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", + "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32281", + "https://go.dev/cl/758061", + "https://go.dev/issue/78281", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", + "https://pkg.go.dev/vuln/GO-2026-4946", + "https://www.cve.org/CVERecord?id=CVE-2026-32281" + ], + "PublishedDate": "2026-04-08T02:16:03.35Z", + "LastModifiedDate": "2026-04-16T19:15:57.75Z" + }, + { + "VulnerabilityID": "CVE-2026-32283", + "VendorIDs": [ + "GO-2026-4870" + ], + "PkgID": "stdlib@v1.25.8", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "48e381d4b7a397b1" + }, + "InstalledVersion": "v1.25.8", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2b5238b9056910719b7df5720f6860adf8f0b462ab1a240d54ec389b7c34cfa2", + "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", + "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32283", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763767", + "https://go.dev/issue/78334", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32283.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", + "https://pkg.go.dev/vuln/GO-2026-4870", + "https://www.cve.org/CVERecord?id=CVE-2026-32283" + ], + "PublishedDate": "2026-04-08T02:16:03.58Z", + "LastModifiedDate": "2026-04-16T19:12:10.54Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.25.8", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "48e381d4b7a397b1" + }, + "InstalledVersion": "v1.25.8", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b063afe974298a065db22ffb6b25e47ce358bbfdac44406cd6e7bd77e981f7e9", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.25.8", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "48e381d4b7a397b1" + }, + "InstalledVersion": "v1.25.8", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b01754f20d1dc52d29d0b721bf31f8a121fd35d8e609520775d743095fbe962e", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.25.8", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "48e381d4b7a397b1" + }, + "InstalledVersion": "v1.25.8", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b19c5e3608c5809aee15d843e0a3de8ac165f0839803a5db4cc3b2d8a8c7bb5c", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.25.8", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "48e381d4b7a397b1" + }, + "InstalledVersion": "v1.25.8", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d6dbf5dbc8c48414636229df213e28b37c407bd396ad43e0233c40de023f2ad7", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.25.8", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "48e381d4b7a397b1" + }, + "InstalledVersion": "v1.25.8", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:17c581332d9dd388983ea1900991df3743bbe4d2c4a990db6dcab5754806ace0", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2026-32282", + "VendorIDs": [ + "GO-2026-4864" + ], + "PkgID": "stdlib@v1.25.8", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "48e381d4b7a397b1" + }, + "InstalledVersion": "v1.25.8", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5aa8adec631e2c849a25ac12e6e65851f86f43f28a7a4033a1938fc983d41255", + "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", + "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32282", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763761", + "https://go.dev/issue/78293", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32282.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", + "https://pkg.go.dev/vuln/GO-2026-4864", + "https://www.cve.org/CVERecord?id=CVE-2026-32282" + ], + "PublishedDate": "2026-04-08T02:16:03.467Z", + "LastModifiedDate": "2026-04-16T19:15:39.4Z" + }, + { + "VulnerabilityID": "CVE-2026-32288", + "VendorIDs": [ + "GO-2026-4869" + ], + "PkgID": "stdlib@v1.25.8", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "48e381d4b7a397b1" + }, + "InstalledVersion": "v1.25.8", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:08c234c55feb2cafd1430140e206663f2c312b0dee0dc38ce5c630ea802e038e", + "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", + "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32288", + "https://go.dev/cl/763766", + "https://go.dev/issue/78301", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", + "https://pkg.go.dev/vuln/GO-2026-4869", + "https://www.cve.org/CVERecord?id=CVE-2026-32288" + ], + "PublishedDate": "2026-04-08T02:16:03.707Z", + "LastModifiedDate": "2026-04-16T19:08:52.24Z" + }, + { + "VulnerabilityID": "CVE-2026-32289", + "VendorIDs": [ + "GO-2026-4865" + ], + "PkgID": "stdlib@v1.25.8", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "48e381d4b7a397b1" + }, + "InstalledVersion": "v1.25.8", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:13915bffa5b89706d24917807f5767baf88802bcf570cb4a91c3725e63443694", + "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", + "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32289", + "https://go.dev/cl/763762", + "https://go.dev/issue/78331", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", + "https://pkg.go.dev/vuln/GO-2026-4865", + "https://www.cve.org/CVERecord?id=CVE-2026-32289" + ], + "PublishedDate": "2026-04-08T02:16:03.82Z", + "LastModifiedDate": "2026-04-16T19:06:57.367Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.25.8", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "48e381d4b7a397b1" + }, + "InstalledVersion": "v1.25.8", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b907ba39afc3a8ef73679c18900ada732dece3c10d40d6bbd5ed1b7ef72f50e3", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.25.8", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "48e381d4b7a397b1" + }, + "InstalledVersion": "v1.25.8", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b079e2cdd32720d3068d713dea424c221011250bcb434ab7dd393145c3521405", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.25.8", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "48e381d4b7a397b1" + }, + "InstalledVersion": "v1.25.8", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", + "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1e362cca596b7bf74a0377e56aaf3ae61a830cbfb4720910069b74940ec619b9", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + }, + { + "Target": "usr/local/bin/environment-to-ini", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "stdlib@v1.25.8", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "912b40e30cb9ace0" + }, + "Version": "v1.25.8", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "code.gitea.io/gitea", + "Name": "code.gitea.io/gitea", + "Identifier": { + "PURL": "pkg:golang/code.gitea.io/gitea", + "UID": "ee34e164d344cd99" + }, + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/42wim/httpsig@v1.2.3", + "Name": "github.com/42wim/httpsig", + "Identifier": { + "PURL": "pkg:golang/github.com/42wim/httpsig@v1.2.3", + "UID": "1364469af026f631" + }, + "Version": "v1.2.3", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cespare/xxhash/v2@v2.3.0", + "Name": "github.com/cespare/xxhash/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0", + "UID": "48bbd16df0a0e334" + }, + "Version": "v2.3.0", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/dgryski/go-rendezvous@v0.0.0-20200823014737-9f7001d12a5f", + "Name": "github.com/dgryski/go-rendezvous", + "Identifier": { + "PURL": "pkg:golang/github.com/dgryski/go-rendezvous@v0.0.0-20200823014737-9f7001d12a5f", + "UID": "79101bf75f4312ce" + }, + "Version": "v0.0.0-20200823014737-9f7001d12a5f", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/dustin/go-humanize@v1.0.1", + "Name": "github.com/dustin/go-humanize", + "Identifier": { + "PURL": "pkg:golang/github.com/dustin/go-humanize@v1.0.1", + "UID": "7310dd411f501d17" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang-jwt/jwt/v5@v5.3.0", + "Name": "github.com/golang-jwt/jwt/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/golang-jwt/jwt/v5@v5.3.0", + "UID": "e9fb684cdb2473be" + }, + "Version": "v5.3.0", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/snappy@v1.0.0", + "Name": "github.com/golang/snappy", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/snappy@v1.0.0", + "UID": "bde5663b1a7e5b5a" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/pprof@v0.0.0-20250820193118-f64d9cf942d6", + "Name": "github.com/google/pprof", + "Identifier": { + "PURL": "pkg:golang/github.com/google/pprof@v0.0.0-20250820193118-f64d9cf942d6", + "UID": "683ccbbeeb09effd" + }, + "Version": "v0.0.0-20250820193118-f64d9cf942d6", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/json-iterator/go@v1.1.12", + "Name": "github.com/json-iterator/go", + "Identifier": { + "PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12", + "UID": "d2a661718cc9b041" + }, + "Version": "v1.1.12", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/kballard/go-shellquote@v0.0.0-20180428030007-95032a82bc51", + "Name": "github.com/kballard/go-shellquote", + "Identifier": { + "PURL": "pkg:golang/github.com/kballard/go-shellquote@v0.0.0-20180428030007-95032a82bc51", + "UID": "82ddf88129710983" + }, + "Version": "v0.0.0-20180428030007-95032a82bc51", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mattn/go-isatty@v0.0.20", + "Name": "github.com/mattn/go-isatty", + "Identifier": { + "PURL": "pkg:golang/github.com/mattn/go-isatty@v0.0.20", + "UID": "ca7670589870f76e" + }, + "Version": "v0.0.20", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "Name": "github.com/modern-go/concurrent", + "Identifier": { + "PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "UID": "30359a11e0f879a3" + }, + "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/modern-go/reflect2@v1.0.2", + "Name": "github.com/modern-go/reflect2", + "Identifier": { + "PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.2", + "UID": "281901c7cf9c200b" + }, + "Version": "v1.0.2", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/redis/go-redis/v9@v9.12.1", + "Name": "github.com/redis/go-redis/v9", + "Identifier": { + "PURL": "pkg:golang/github.com/redis/go-redis/v9@v9.12.1", + "UID": "3c58e0188554f478" + }, + "Version": "v9.12.1", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/syndtr/goleveldb@v1.0.0", + "Name": "github.com/syndtr/goleveldb", + "Identifier": { + "PURL": "pkg:golang/github.com/syndtr/goleveldb@v1.0.0", + "UID": "d9eaeca2446ee9f3" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/urfave/cli/v3@v3.4.1", + "Name": "github.com/urfave/cli/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/urfave/cli/v3@v3.4.1", + "UID": "bb6076dc2df4dd77" + }, + "Version": "v3.4.1", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/crypto@v0.45.0", + "Name": "golang.org/x/crypto", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.45.0", + "UID": "4b7dace885adfe3e" + }, + "Version": "v0.45.0", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sys@v0.38.0", + "Name": "golang.org/x/sys", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sys@v0.38.0", + "UID": "e4444b45f316b6c2" + }, + "Version": "v0.38.0", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/text@v0.31.0", + "Name": "golang.org/x/text", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/text@v0.31.0", + "UID": "339dc2208c235e72" + }, + "Version": "v0.31.0", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/ini.v1@v1.67.0", + "Name": "gopkg.in/ini.v1", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/ini.v1@v1.67.0", + "UID": "8ef3045981e6415e" + }, + "Version": "v1.67.0", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v3@v3.0.1", + "Name": "gopkg.in/yaml.v3", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", + "UID": "4adaf895b0d059bd" + }, + "Version": "v3.0.1", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2026-32280", + "VendorIDs": [ + "GO-2026-4947" + ], + "PkgID": "stdlib@v1.25.8", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "912b40e30cb9ace0" + }, + "InstalledVersion": "v1.25.8", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:838013b814294632e1ab54ce7322d87b0393ab0edd26a456cc194588c6f3bbb0", + "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", + "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32280", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/758320", + "https://go.dev/issue/78282", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32280.html", + "https://linux.oracle.com/errata/ELSA-2026-16875.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", + "https://pkg.go.dev/vuln/GO-2026-4947", + "https://www.cve.org/CVERecord?id=CVE-2026-32280" + ], + "PublishedDate": "2026-04-08T02:16:03.247Z", + "LastModifiedDate": "2026-04-16T19:16:42.18Z" + }, + { + "VulnerabilityID": "CVE-2026-32281", + "VendorIDs": [ + "GO-2026-4946" + ], + "PkgID": "stdlib@v1.25.8", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "912b40e30cb9ace0" + }, + "InstalledVersion": "v1.25.8", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:0161ff024d84c79ba021e7563281bcda3c10f6e4c9728302679c2e5a7f37cb88", + "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", + "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32281", + "https://go.dev/cl/758061", + "https://go.dev/issue/78281", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", + "https://pkg.go.dev/vuln/GO-2026-4946", + "https://www.cve.org/CVERecord?id=CVE-2026-32281" + ], + "PublishedDate": "2026-04-08T02:16:03.35Z", + "LastModifiedDate": "2026-04-16T19:15:57.75Z" + }, + { + "VulnerabilityID": "CVE-2026-32283", + "VendorIDs": [ + "GO-2026-4870" + ], + "PkgID": "stdlib@v1.25.8", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "912b40e30cb9ace0" + }, + "InstalledVersion": "v1.25.8", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5c2bffe448edca66a773f104349e7c7656d3d0ce05b79367a30b5330202fb837", + "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", + "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32283", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763767", + "https://go.dev/issue/78334", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32283.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", + "https://pkg.go.dev/vuln/GO-2026-4870", + "https://www.cve.org/CVERecord?id=CVE-2026-32283" + ], + "PublishedDate": "2026-04-08T02:16:03.58Z", + "LastModifiedDate": "2026-04-16T19:12:10.54Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.25.8", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "912b40e30cb9ace0" + }, + "InstalledVersion": "v1.25.8", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d7d58b21193400a1bcf4c20d8eb17d4d3a4279a1e524174baf09c0c8c9c4621f", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.25.8", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "912b40e30cb9ace0" + }, + "InstalledVersion": "v1.25.8", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:261f4e7277d8d9093eba02451363fa616f722d7fd59c882d0064a24bc5d690fd", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.25.8", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "912b40e30cb9ace0" + }, + "InstalledVersion": "v1.25.8", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:264a5f2acb22932e033e6fdbe296426c5e703a2e4dd6fde2966813e6c07e6840", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.25.8", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "912b40e30cb9ace0" + }, + "InstalledVersion": "v1.25.8", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:426743724c080c7f02bb2580b7210cfb725ff61fe3daa540d266faad816bff81", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.25.8", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "912b40e30cb9ace0" + }, + "InstalledVersion": "v1.25.8", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a555697ecde202d92cb784c9f2cd4832ed91f63d5edc3672661aed001b2921bf", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2026-32282", + "VendorIDs": [ + "GO-2026-4864" + ], + "PkgID": "stdlib@v1.25.8", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "912b40e30cb9ace0" + }, + "InstalledVersion": "v1.25.8", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:cb50d1c4ba644c18b2a0e1a88a879a30f3bed3da21f66f8092ae103625aa2aa9", + "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", + "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32282", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763761", + "https://go.dev/issue/78293", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32282.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", + "https://pkg.go.dev/vuln/GO-2026-4864", + "https://www.cve.org/CVERecord?id=CVE-2026-32282" + ], + "PublishedDate": "2026-04-08T02:16:03.467Z", + "LastModifiedDate": "2026-04-16T19:15:39.4Z" + }, + { + "VulnerabilityID": "CVE-2026-32288", + "VendorIDs": [ + "GO-2026-4869" + ], + "PkgID": "stdlib@v1.25.8", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "912b40e30cb9ace0" + }, + "InstalledVersion": "v1.25.8", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ea36c7ed2cce028b75bdbecbdd4897500454a5e956d0f5bae4f220f351cf86c1", + "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", + "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32288", + "https://go.dev/cl/763766", + "https://go.dev/issue/78301", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", + "https://pkg.go.dev/vuln/GO-2026-4869", + "https://www.cve.org/CVERecord?id=CVE-2026-32288" + ], + "PublishedDate": "2026-04-08T02:16:03.707Z", + "LastModifiedDate": "2026-04-16T19:08:52.24Z" + }, + { + "VulnerabilityID": "CVE-2026-32289", + "VendorIDs": [ + "GO-2026-4865" + ], + "PkgID": "stdlib@v1.25.8", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "912b40e30cb9ace0" + }, + "InstalledVersion": "v1.25.8", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:65db8303502f49e35aab7e2ea739de5516499f87396ee691f46f922ff33bcd8c", + "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", + "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32289", + "https://go.dev/cl/763762", + "https://go.dev/issue/78331", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", + "https://pkg.go.dev/vuln/GO-2026-4865", + "https://www.cve.org/CVERecord?id=CVE-2026-32289" + ], + "PublishedDate": "2026-04-08T02:16:03.82Z", + "LastModifiedDate": "2026-04-16T19:06:57.367Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.25.8", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "912b40e30cb9ace0" + }, + "InstalledVersion": "v1.25.8", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b3b7a9da64d22d497e75660256092cfdb0846a55c41066c17ca3827664b4d30a", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.25.8", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "912b40e30cb9ace0" + }, + "InstalledVersion": "v1.25.8", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:147c43ae078e8b83e38b5d20225a970338d9309f0a23d87dccc11601d50a2642", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.25.8", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.8", + "UID": "912b40e30cb9ace0" + }, + "InstalledVersion": "v1.25.8", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", + "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5893df144df5962be6771e177458445bc413e6e5dc76d0fdcdc6ab8a06821d01", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + } + ] + }, + { + "Namespace": "gitea", + "Kind": "Deployment", + "Name": "mariadb", + "Metadata": [ + { + "Size": 401847808, + "OS": { + "Family": "ubuntu", + "Name": "20.04", + "EOSL": true + }, + "ImageID": "sha256:895b6c8829c35f8081afd5229fe4a2e179a646fd96b807e5fb784cd09fd2483b", + "DiffIDs": [ + "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20", + "sha256:e5e0f54fc85f7dd4bb1311ea35493d640d9719c2facc78564a3c2eaae0ebc462", + "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227", + "sha256:b03ce6585035a7adcce2a273ac32c43e38ab714d791e5e1a67078c836ccc375b", + "sha256:992908eeb145870620987b7a9ecd1538fab185fe01e3a9ec38766480c7dc0f10", + "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d", + "sha256:7cf9fe3aa27d644bd193db2cdd9319617e8bdcded73f5bf257a1495d8b57ea92", + "sha256:1c44195f988bba0f2987beb739f7285d767671f28dbb816fc259c9b1c21d0cf9" + ], + "RepoTags": [ + "mariadb:10.7.8" + ], + "RepoDigests": [ + "mariadb@sha256:9a48ac9f196f3d4fd6fea2cab59a49df9e7ca459bf14b2f7b85a0e38a5454571" + ], + "Reference": "mariadb:10.7.8", + "ImageConfig": { + "architecture": "amd64", + "container": "8b22bdca404ecc0b289883de74130ad53c4db8207f83e1a3eba910d5c9a18969", + "created": "2023-04-18T02:26:04.354855496Z", + "docker_version": "20.10.23", + "history": [ + { + "created": "2023-04-13T13:05:13.496726073Z", + "created_by": "/bin/sh -c #(nop) ARG RELEASE", + "empty_layer": true + }, + { + "created": "2023-04-13T13:05:13.557712287Z", + "created_by": "/bin/sh -c #(nop) ARG LAUNCHPAD_BUILD_ARCH", + "empty_layer": true + }, + { + "created": "2023-04-13T13:05:13.637326115Z", + "created_by": "/bin/sh -c #(nop) LABEL org.opencontainers.image.ref.name=ubuntu", + "empty_layer": true + }, + { + "created": "2023-04-13T13:05:13.704319522Z", + "created_by": "/bin/sh -c #(nop) LABEL org.opencontainers.image.version=20.04", + "empty_layer": true + }, + { + "created": "2023-04-13T13:05:15.451478418Z", + "created_by": "/bin/sh -c #(nop) ADD file:d05d1c0936b046937bd5755876db2f8da3ed8ccbcf464bb56c312fbc7ed78589 in / " + }, + { + "created": "2023-04-13T13:05:15.714908196Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]", + "empty_layer": true + }, + { + "created": "2023-04-18T02:25:16.913240864Z", + "created_by": "/bin/sh -c groupadd -r mysql \u0026\u0026 useradd -r -g mysql mysql" + }, + { + "created": "2023-04-18T02:25:16.997468606Z", + "created_by": "/bin/sh -c #(nop) ENV GOSU_VERSION=1.14", + "empty_layer": true + }, + { + "created": "2023-04-18T02:25:17.08103298Z", + "created_by": "/bin/sh -c #(nop) ARG GPG_KEYS=177F4010FE56CA3336300305F1656F24C74CD1D8", + "empty_layer": true + }, + { + "created": "2023-04-18T02:25:35.975629558Z", + "created_by": "|1 GPG_KEYS=177F4010FE56CA3336300305F1656F24C74CD1D8 /bin/sh -c set -eux; \tapt-get update; \tDEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \t\tca-certificates \t\tgpg \t\tgpgv \t\tlibjemalloc2 \t\tpwgen \t\ttzdata \t\txz-utils \t\tzstd ; \tsavedAptMark=\"$(apt-mark showmanual)\"; \tapt-get install -y --no-install-recommends \t\tdirmngr \t\tgpg-agent \t\twget; \trm -rf /var/lib/apt/lists/*; \tdpkgArch=\"$(dpkg --print-architecture | awk -F- '{ print $NF }')\"; \twget -q -O /usr/local/bin/gosu \"https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch\"; \twget -q -O /usr/local/bin/gosu.asc \"https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc\"; \tGNUPGHOME=\"$(mktemp -d)\"; \texport GNUPGHOME; \tgpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \tfor key in $GPG_KEYS; do \t\tgpg --batch --keyserver keyserver.ubuntu.com --recv-keys \"$key\"; \tdone; \tgpg --batch --export \"$GPG_KEYS\" \u003e /etc/apt/trusted.gpg.d/mariadb.gpg; \tif command -v gpgconf \u003e/dev/null; then \t\tgpgconf --kill all; \tfi; \tgpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \tgpgconf --kill all; \trm -rf \"$GNUPGHOME\" /usr/local/bin/gosu.asc; \tapt-mark auto '.*' \u003e /dev/null; \t[ -z \"$savedAptMark\" ] ||\tapt-mark manual $savedAptMark \u003e/dev/null; \tapt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \tchmod +x /usr/local/bin/gosu; \tgosu --version; \tgosu nobody true" + }, + { + "created": "2023-04-18T02:25:36.54142562Z", + "created_by": "|1 GPG_KEYS=177F4010FE56CA3336300305F1656F24C74CD1D8 /bin/sh -c mkdir /docker-entrypoint-initdb.d" + }, + { + "created": "2023-04-18T02:25:36.622581314Z", + "created_by": "/bin/sh -c #(nop) ENV LANG=C.UTF-8", + "empty_layer": true + }, + { + "created": "2023-04-18T02:25:36.704840537Z", + "created_by": "/bin/sh -c #(nop) LABEL org.opencontainers.image.authors=MariaDB Community org.opencontainers.image.title=MariaDB Database org.opencontainers.image.description=MariaDB Database for relational SQL org.opencontainers.image.documentation=https://hub.docker.com/_/mariadb/ org.opencontainers.image.base.name=docker.io/library/ubuntu:focal org.opencontainers.image.licenses=GPL-2.0 org.opencontainers.image.source=https://github.com/MariaDB/mariadb-docker org.opencontainers.image.vendor=MariaDB Community org.opencontainers.image.version=10.7.8 org.opencontainers.image.url=https://github.com/MariaDB/mariadb-docker", + "empty_layer": true + }, + { + "created": "2023-04-18T02:25:36.790323935Z", + "created_by": "/bin/sh -c #(nop) ARG MARIADB_MAJOR=10.7", + "empty_layer": true + }, + { + "created": "2023-04-18T02:25:36.876741874Z", + "created_by": "/bin/sh -c #(nop) ENV MARIADB_MAJOR=10.7", + "empty_layer": true + }, + { + "created": "2023-04-18T02:25:36.965346145Z", + "created_by": "/bin/sh -c #(nop) ARG MARIADB_VERSION=1:10.7.8+maria~ubu2004", + "empty_layer": true + }, + { + "created": "2023-04-18T02:25:37.049419355Z", + "created_by": "/bin/sh -c #(nop) ENV MARIADB_VERSION=1:10.7.8+maria~ubu2004", + "empty_layer": true + }, + { + "created": "2023-04-18T02:25:37.132419958Z", + "created_by": "/bin/sh -c #(nop) ARG REPOSITORY=http://archive.mariadb.org/mariadb-10.7.8/repo/ubuntu/ focal main", + "empty_layer": true + }, + { + "created": "2023-04-18T02:25:37.636803336Z", + "created_by": "|2 GPG_KEYS=177F4010FE56CA3336300305F1656F24C74CD1D8 REPOSITORY=http://archive.mariadb.org/mariadb-10.7.8/repo/ubuntu/ focal main /bin/sh -c set -e;\techo \"deb ${REPOSITORY}\" \u003e /etc/apt/sources.list.d/mariadb.list; \t{ \t\techo 'Package: *'; \t\techo 'Pin: release o=MariaDB'; \t\techo 'Pin-Priority: 999'; \t} \u003e /etc/apt/preferences.d/mariadb" + }, + { + "created": "2023-04-18T02:26:03.284314995Z", + "created_by": "|2 GPG_KEYS=177F4010FE56CA3336300305F1656F24C74CD1D8 REPOSITORY=http://archive.mariadb.org/mariadb-10.7.8/repo/ubuntu/ focal main /bin/sh -c set -ex; \t{ \t\techo \"mariadb-server-$MARIADB_MAJOR\" mysql-server/root_password password 'unused'; \t\techo \"mariadb-server-$MARIADB_MAJOR\" mysql-server/root_password_again password 'unused'; \t} | debconf-set-selections; \tapt-get update; \tapt-get install -y --no-install-recommends mariadb-server=\"$MARIADB_VERSION\" mariadb-backup socat \t; \trm -rf /var/lib/apt/lists/*; \trm -rf /var/lib/mysql; \tmkdir -p /var/lib/mysql /var/run/mysqld; \tchown -R mysql:mysql /var/lib/mysql /var/run/mysqld; \tchmod 777 /var/run/mysqld; \tfind /etc/mysql/ -name '*.cnf' -print0 \t\t| xargs -0 grep -lZE '^(bind-address|log|user\\s)' \t\t| xargs -rt -0 sed -Ei 's/^(bind-address|log|user\\s)/#\u0026/'; \tprintf \"[mariadb]\\nhost-cache-size=0\\nskip-name-resolve\\n\" \u003e /etc/mysql/mariadb.conf.d/05-skipcache.cnf; \tif [ -L /etc/mysql/my.cnf ]; then \t\tsed -i -e '/includedir/ {N;s/\\(.*\\)\\n\\(.*\\)/\\n\\2\\n\\1/}' /etc/mysql/mariadb.cnf; \tfi" + }, + { + "created": "2023-04-18T02:26:03.894441855Z", + "created_by": "/bin/sh -c #(nop) VOLUME [/var/lib/mysql]", + "empty_layer": true + }, + { + "created": "2023-04-18T02:26:03.995686971Z", + "created_by": "/bin/sh -c #(nop) COPY file:cee75098a882f7d33ad2c4c4325b29adc56fc66450e6cee3711d5a1af1bda714 in /usr/local/bin/healthcheck.sh " + }, + { + "created": "2023-04-18T02:26:04.091124973Z", + "created_by": "/bin/sh -c #(nop) COPY file:ebdfbcbc74dda1874f1c75d86e1c32733edb402d13440b2b7140a952010bc21f in /usr/local/bin/ " + }, + { + "created": "2023-04-18T02:26:04.176557383Z", + "created_by": "/bin/sh -c #(nop) ENTRYPOINT [\"docker-entrypoint.sh\"]", + "empty_layer": true + }, + { + "created": "2023-04-18T02:26:04.26544875Z", + "created_by": "/bin/sh -c #(nop) EXPOSE 3306", + "empty_layer": true + }, + { + "created": "2023-04-18T02:26:04.354855496Z", + "created_by": "/bin/sh -c #(nop) CMD [\"mariadbd\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20", + "sha256:e5e0f54fc85f7dd4bb1311ea35493d640d9719c2facc78564a3c2eaae0ebc462", + "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227", + "sha256:b03ce6585035a7adcce2a273ac32c43e38ab714d791e5e1a67078c836ccc375b", + "sha256:992908eeb145870620987b7a9ecd1538fab185fe01e3a9ec38766480c7dc0f10", + "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d", + "sha256:7cf9fe3aa27d644bd193db2cdd9319617e8bdcded73f5bf257a1495d8b57ea92", + "sha256:1c44195f988bba0f2987beb739f7285d767671f28dbb816fc259c9b1c21d0cf9" + ] + }, + "config": { + "Cmd": [ + "mariadbd" + ], + "Entrypoint": [ + "docker-entrypoint.sh" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "GOSU_VERSION=1.14", + "LANG=C.UTF-8", + "MARIADB_MAJOR=10.7", + "MARIADB_VERSION=1:10.7.8+maria~ubu2004" + ], + "Image": "sha256:debc8f5123f31a10ce40605b47621d700f71022f610514046e34b9530cf8415b", + "Labels": { + "org.opencontainers.image.authors": "MariaDB Community", + "org.opencontainers.image.base.name": "docker.io/library/ubuntu:focal", + "org.opencontainers.image.description": "MariaDB Database for relational SQL", + "org.opencontainers.image.documentation": "https://hub.docker.com/_/mariadb/", + "org.opencontainers.image.licenses": "GPL-2.0", + "org.opencontainers.image.ref.name": "ubuntu", + "org.opencontainers.image.source": "https://github.com/MariaDB/mariadb-docker", + "org.opencontainers.image.title": "MariaDB Database", + "org.opencontainers.image.url": "https://github.com/MariaDB/mariadb-docker", + "org.opencontainers.image.vendor": "MariaDB Community", + "org.opencontainers.image.version": "10.7.8" + }, + "Volumes": { + "/var/lib/mysql": {} + }, + "ExposedPorts": { + "3306/tcp": {} + } + } + }, + "Layers": [ + { + "Size": 75160576, + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + { + "Size": 338432, + "Digest": "sha256:b8bc823a83fdf1329ae53f092d8f3641a60f92ee9f69e8785f5a3fd046eee30f", + "DiffID": "sha256:e5e0f54fc85f7dd4bb1311ea35493d640d9719c2facc78564a3c2eaae0ebc462" + }, + { + "Size": 19365376, + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + { + "Size": 2048, + "Digest": "sha256:b5660ff630580a5fee05c112e916f0bbca3234820aea68e604a23dba51f23d65", + "DiffID": "sha256:b03ce6585035a7adcce2a273ac32c43e38ab714d791e5e1a67078c836ccc375b" + }, + { + "Size": 5120, + "Digest": "sha256:8b13582f0741982078be0add491f4d0662adad57d09a34a8abb34b7bc5be8896", + "DiffID": "sha256:992908eeb145870620987b7a9ecd1538fab185fe01e3a9ec38766480c7dc0f10" + }, + { + "Size": 306940928, + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + { + "Size": 12288, + "Digest": "sha256:6e4fbbea63e0936e45c5f62878243de963a19e359da68f8c9c9a189fd8568420", + "DiffID": "sha256:7cf9fe3aa27d644bd193db2cdd9319617e8bdcded73f5bf257a1495d8b57ea92" + }, + { + "Size": 23040, + "Digest": "sha256:d3da1767155997ce7c8d108928c0ef1e3f3395a12cb611f0858d12a80c8af674", + "DiffID": "sha256:1c44195f988bba0f2987beb739f7285d767671f28dbb816fc259c9b1c21d0cf9" + } + ] + } + ], + "Results": [ + { + "Target": "mariadb:10.7.8 (ubuntu 20.04)", + "Class": "os-pkgs", + "Type": "ubuntu", + "Packages": [ + { + "ID": "adduser@3.118ubuntu2", + "Name": "adduser", + "Identifier": { + "PURL": "pkg:deb/ubuntu/adduser@3.118ubuntu2?arch=all\u0026distro=ubuntu-20.04", + "UID": "1305e599e05e2743" + }, + "Version": "3.118ubuntu2", + "Arch": "all", + "SrcName": "adduser", + "SrcVersion": "3.118ubuntu2", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Core Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.73", + "passwd@1:4.8.1-1ubuntu5.20.04.4" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/sbin/adduser", + "/usr/sbin/deluser", + "/usr/share/adduser/adduser.conf", + "/usr/share/doc/adduser/TODO", + "/usr/share/doc/adduser/changelog.gz", + "/usr/share/doc/adduser/copyright", + "/usr/share/doc/adduser/examples/INSTALL", + "/usr/share/doc/adduser/examples/README.gz", + "/usr/share/doc/adduser/examples/adduser.local", + "/usr/share/doc/adduser/examples/adduser.local.conf", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/adduser.conf", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/bash.bashrc", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/profile", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel.other/index.html", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_logout", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_profile", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bashrc", + "/usr/share/man/da/man5/adduser.conf.5.gz", + "/usr/share/man/da/man5/deluser.conf.5.gz", + "/usr/share/man/da/man8/adduser.8.gz", + "/usr/share/man/da/man8/deluser.8.gz", + "/usr/share/man/de/man5/adduser.conf.5.gz", + "/usr/share/man/de/man5/deluser.conf.5.gz", + "/usr/share/man/de/man8/adduser.8.gz", + "/usr/share/man/de/man8/deluser.8.gz", + "/usr/share/man/es/man5/adduser.conf.5.gz", + "/usr/share/man/es/man5/deluser.conf.5.gz", + "/usr/share/man/es/man8/adduser.8.gz", + "/usr/share/man/es/man8/deluser.8.gz", + "/usr/share/man/fr/man5/adduser.conf.5.gz", + "/usr/share/man/fr/man5/deluser.conf.5.gz", + "/usr/share/man/fr/man8/adduser.8.gz", + "/usr/share/man/fr/man8/deluser.8.gz", + "/usr/share/man/it/man5/adduser.conf.5.gz", + "/usr/share/man/it/man5/deluser.conf.5.gz", + "/usr/share/man/it/man8/adduser.8.gz", + "/usr/share/man/it/man8/deluser.8.gz", + "/usr/share/man/man5/adduser.conf.5.gz", + "/usr/share/man/man5/deluser.conf.5.gz", + "/usr/share/man/man8/adduser.8.gz", + "/usr/share/man/man8/deluser.8.gz", + "/usr/share/man/pl/man5/adduser.conf.5.gz", + "/usr/share/man/pl/man5/deluser.conf.5.gz", + "/usr/share/man/pl/man8/adduser.8.gz", + "/usr/share/man/pl/man8/deluser.8.gz", + "/usr/share/man/pt/man5/adduser.conf.5.gz", + "/usr/share/man/pt/man5/deluser.conf.5.gz", + "/usr/share/man/pt/man8/adduser.8.gz", + "/usr/share/man/pt/man8/deluser.8.gz", + "/usr/share/man/ru/man5/adduser.conf.5.gz", + "/usr/share/man/ru/man5/deluser.conf.5.gz", + "/usr/share/man/ru/man8/adduser.8.gz", + "/usr/share/man/ru/man8/deluser.8.gz", + "/usr/share/man/sv/man5/adduser.conf.5.gz", + "/usr/share/man/sv/man5/deluser.conf.5.gz", + "/usr/share/man/sv/man8/adduser.8.gz", + "/usr/share/man/sv/man8/deluser.8.gz", + "/usr/share/perl5/Debian/AdduserCommon.pm" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "apt@2.0.9", + "Name": "apt", + "Identifier": { + "PURL": "pkg:deb/ubuntu/apt@2.0.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a4e6a5232e3c5d53" + }, + "Version": "2.0.9", + "Arch": "amd64", + "SrcName": "apt", + "SrcVersion": "2.0.9", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "adduser@3.118ubuntu2", + "gpgv@2.2.19-3ubuntu2.2", + "libapt-pkg6.0@2.0.9", + "libc6@2.31-0ubuntu9.9", + "libgcc-s1@10.3.0-1ubuntu1~20.04", + "libgnutls30@3.6.13-2ubuntu1.8", + "libseccomp2@2.5.1-1ubuntu1~20.04.2", + "libstdc++6@10.3.0-1ubuntu1~20.04", + "libsystemd0@245.4-4ubuntu3.21", + "ubuntu-keyring@2020.02.11.4" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/systemd/system/apt-daily-upgrade.service", + "/lib/systemd/system/apt-daily-upgrade.timer", + "/lib/systemd/system/apt-daily.service", + "/lib/systemd/system/apt-daily.timer", + "/usr/bin/apt", + "/usr/bin/apt-cache", + "/usr/bin/apt-cdrom", + "/usr/bin/apt-config", + "/usr/bin/apt-get", + "/usr/bin/apt-key", + "/usr/bin/apt-mark", + "/usr/lib/apt/apt-helper", + "/usr/lib/apt/apt.systemd.daily", + "/usr/lib/apt/methods/cdrom", + "/usr/lib/apt/methods/copy", + "/usr/lib/apt/methods/file", + "/usr/lib/apt/methods/ftp", + "/usr/lib/apt/methods/gpgv", + "/usr/lib/apt/methods/http", + "/usr/lib/apt/methods/mirror", + "/usr/lib/apt/methods/rred", + "/usr/lib/apt/methods/rsh", + "/usr/lib/apt/methods/store", + "/usr/lib/apt/solvers/dump", + "/usr/lib/dpkg/methods/apt/desc.apt", + "/usr/lib/dpkg/methods/apt/install", + "/usr/lib/dpkg/methods/apt/names", + "/usr/lib/dpkg/methods/apt/setup", + "/usr/lib/dpkg/methods/apt/update", + "/usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0", + "/usr/share/bash-completion/completions/apt", + "/usr/share/bug/apt/script", + "/usr/share/doc/apt/copyright", + "/usr/share/doc/apt/examples/apt.conf", + "/usr/share/doc/apt/examples/configure-index", + "/usr/share/doc/apt/examples/preferences", + "/usr/share/doc/apt/examples/sources.list", + "/usr/share/lintian/overrides/apt", + "/usr/share/locale/ar/LC_MESSAGES/apt.mo", + "/usr/share/locale/ast/LC_MESSAGES/apt.mo", + "/usr/share/locale/bg/LC_MESSAGES/apt.mo", + "/usr/share/locale/bs/LC_MESSAGES/apt.mo", + "/usr/share/locale/ca/LC_MESSAGES/apt.mo", + "/usr/share/locale/cs/LC_MESSAGES/apt.mo", + "/usr/share/locale/cy/LC_MESSAGES/apt.mo", + "/usr/share/locale/da/LC_MESSAGES/apt.mo", + "/usr/share/locale/de/LC_MESSAGES/apt.mo", + "/usr/share/locale/dz/LC_MESSAGES/apt.mo", + "/usr/share/locale/el/LC_MESSAGES/apt.mo", + "/usr/share/locale/es/LC_MESSAGES/apt.mo", + "/usr/share/locale/eu/LC_MESSAGES/apt.mo", + "/usr/share/locale/fi/LC_MESSAGES/apt.mo", + "/usr/share/locale/fr/LC_MESSAGES/apt.mo", + "/usr/share/locale/gl/LC_MESSAGES/apt.mo", + "/usr/share/locale/hu/LC_MESSAGES/apt.mo", + "/usr/share/locale/it/LC_MESSAGES/apt.mo", + "/usr/share/locale/ja/LC_MESSAGES/apt.mo", + "/usr/share/locale/km/LC_MESSAGES/apt.mo", + "/usr/share/locale/ko/LC_MESSAGES/apt.mo", + "/usr/share/locale/ku/LC_MESSAGES/apt.mo", + "/usr/share/locale/lt/LC_MESSAGES/apt.mo", + "/usr/share/locale/mr/LC_MESSAGES/apt.mo", + "/usr/share/locale/nb/LC_MESSAGES/apt.mo", + "/usr/share/locale/ne/LC_MESSAGES/apt.mo", + "/usr/share/locale/nl/LC_MESSAGES/apt.mo", + "/usr/share/locale/nn/LC_MESSAGES/apt.mo", + "/usr/share/locale/pl/LC_MESSAGES/apt.mo", + "/usr/share/locale/pt/LC_MESSAGES/apt.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/apt.mo", + "/usr/share/locale/ro/LC_MESSAGES/apt.mo", + "/usr/share/locale/ru/LC_MESSAGES/apt.mo", + "/usr/share/locale/sk/LC_MESSAGES/apt.mo", + "/usr/share/locale/sl/LC_MESSAGES/apt.mo", + "/usr/share/locale/sv/LC_MESSAGES/apt.mo", + "/usr/share/locale/th/LC_MESSAGES/apt.mo", + "/usr/share/locale/tl/LC_MESSAGES/apt.mo", + "/usr/share/locale/tr/LC_MESSAGES/apt.mo", + "/usr/share/locale/uk/LC_MESSAGES/apt.mo", + "/usr/share/locale/vi/LC_MESSAGES/apt.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/apt.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/apt.mo", + "/usr/share/man/de/man1/apt-transport-http.1.gz", + "/usr/share/man/de/man1/apt-transport-https.1.gz", + "/usr/share/man/de/man1/apt-transport-mirror.1.gz", + "/usr/share/man/de/man5/apt.conf.5.gz", + "/usr/share/man/de/man5/apt_auth.conf.5.gz", + "/usr/share/man/de/man5/apt_preferences.5.gz", + "/usr/share/man/de/man5/sources.list.5.gz", + "/usr/share/man/de/man8/apt-cache.8.gz", + "/usr/share/man/de/man8/apt-cdrom.8.gz", + "/usr/share/man/de/man8/apt-config.8.gz", + "/usr/share/man/de/man8/apt-get.8.gz", + "/usr/share/man/de/man8/apt-key.8.gz", + "/usr/share/man/de/man8/apt-mark.8.gz", + "/usr/share/man/de/man8/apt-secure.8.gz", + "/usr/share/man/de/man8/apt.8.gz", + "/usr/share/man/es/man5/apt_preferences.5.gz", + "/usr/share/man/es/man8/apt-cache.8.gz", + "/usr/share/man/es/man8/apt-cdrom.8.gz", + "/usr/share/man/es/man8/apt-config.8.gz", + "/usr/share/man/fr/man1/apt-transport-http.1.gz", + "/usr/share/man/fr/man1/apt-transport-https.1.gz", + "/usr/share/man/fr/man1/apt-transport-mirror.1.gz", + "/usr/share/man/fr/man5/apt.conf.5.gz", + "/usr/share/man/fr/man5/apt_auth.conf.5.gz", + "/usr/share/man/fr/man5/apt_preferences.5.gz", + "/usr/share/man/fr/man5/sources.list.5.gz", + "/usr/share/man/fr/man8/apt-cache.8.gz", + "/usr/share/man/fr/man8/apt-cdrom.8.gz", + "/usr/share/man/fr/man8/apt-config.8.gz", + "/usr/share/man/fr/man8/apt-get.8.gz", + "/usr/share/man/fr/man8/apt-key.8.gz", + "/usr/share/man/fr/man8/apt-mark.8.gz", + "/usr/share/man/fr/man8/apt-secure.8.gz", + "/usr/share/man/fr/man8/apt.8.gz", + "/usr/share/man/it/man5/apt.conf.5.gz", + "/usr/share/man/it/man5/apt_preferences.5.gz", + "/usr/share/man/it/man5/sources.list.5.gz", + "/usr/share/man/it/man8/apt-cache.8.gz", + "/usr/share/man/it/man8/apt-cdrom.8.gz", + "/usr/share/man/it/man8/apt-config.8.gz", + "/usr/share/man/it/man8/apt-get.8.gz", + "/usr/share/man/it/man8/apt-key.8.gz", + "/usr/share/man/it/man8/apt-mark.8.gz", + "/usr/share/man/it/man8/apt-secure.8.gz", + "/usr/share/man/it/man8/apt.8.gz", + "/usr/share/man/ja/man5/apt.conf.5.gz", + "/usr/share/man/ja/man5/apt_preferences.5.gz", + "/usr/share/man/ja/man5/sources.list.5.gz", + "/usr/share/man/ja/man8/apt-cache.8.gz", + "/usr/share/man/ja/man8/apt-cdrom.8.gz", + "/usr/share/man/ja/man8/apt-config.8.gz", + "/usr/share/man/ja/man8/apt-get.8.gz", + "/usr/share/man/ja/man8/apt-key.8.gz", + "/usr/share/man/ja/man8/apt-mark.8.gz", + "/usr/share/man/ja/man8/apt-secure.8.gz", + "/usr/share/man/ja/man8/apt.8.gz", + "/usr/share/man/man1/apt-transport-http.1.gz", + "/usr/share/man/man1/apt-transport-https.1.gz", + "/usr/share/man/man1/apt-transport-mirror.1.gz", + "/usr/share/man/man5/apt.conf.5.gz", + "/usr/share/man/man5/apt_auth.conf.5.gz", + "/usr/share/man/man5/apt_preferences.5.gz", + "/usr/share/man/man5/sources.list.5.gz", + "/usr/share/man/man7/apt-patterns.7.gz", + "/usr/share/man/man8/apt-cache.8.gz", + "/usr/share/man/man8/apt-cdrom.8.gz", + "/usr/share/man/man8/apt-config.8.gz", + "/usr/share/man/man8/apt-get.8.gz", + "/usr/share/man/man8/apt-key.8.gz", + "/usr/share/man/man8/apt-mark.8.gz", + "/usr/share/man/man8/apt-secure.8.gz", + "/usr/share/man/man8/apt.8.gz", + "/usr/share/man/nl/man1/apt-transport-http.1.gz", + "/usr/share/man/nl/man1/apt-transport-https.1.gz", + "/usr/share/man/nl/man1/apt-transport-mirror.1.gz", + "/usr/share/man/nl/man5/apt.conf.5.gz", + "/usr/share/man/nl/man5/apt_auth.conf.5.gz", + "/usr/share/man/nl/man5/apt_preferences.5.gz", + "/usr/share/man/nl/man5/sources.list.5.gz", + "/usr/share/man/nl/man8/apt-cache.8.gz", + "/usr/share/man/nl/man8/apt-cdrom.8.gz", + "/usr/share/man/nl/man8/apt-config.8.gz", + "/usr/share/man/nl/man8/apt-get.8.gz", + "/usr/share/man/nl/man8/apt-key.8.gz", + "/usr/share/man/nl/man8/apt-mark.8.gz", + "/usr/share/man/nl/man8/apt-secure.8.gz", + "/usr/share/man/nl/man8/apt.8.gz", + "/usr/share/man/pl/man5/apt_preferences.5.gz", + "/usr/share/man/pl/man8/apt-cache.8.gz", + "/usr/share/man/pl/man8/apt-cdrom.8.gz", + "/usr/share/man/pl/man8/apt-config.8.gz", + "/usr/share/man/pt/man1/apt-transport-http.1.gz", + "/usr/share/man/pt/man1/apt-transport-https.1.gz", + "/usr/share/man/pt/man1/apt-transport-mirror.1.gz", + "/usr/share/man/pt/man5/apt.conf.5.gz", + "/usr/share/man/pt/man5/apt_auth.conf.5.gz", + "/usr/share/man/pt/man5/apt_preferences.5.gz", + "/usr/share/man/pt/man5/sources.list.5.gz", + "/usr/share/man/pt/man8/apt-cache.8.gz", + "/usr/share/man/pt/man8/apt-cdrom.8.gz", + "/usr/share/man/pt/man8/apt-config.8.gz", + "/usr/share/man/pt/man8/apt-get.8.gz", + "/usr/share/man/pt/man8/apt-key.8.gz", + "/usr/share/man/pt/man8/apt-mark.8.gz", + "/usr/share/man/pt/man8/apt-secure.8.gz", + "/usr/share/man/pt/man8/apt.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "base-files@11ubuntu5.7", + "Name": "base-files", + "Identifier": { + "PURL": "pkg:deb/ubuntu/base-files@11ubuntu5.7?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a5180b5a90fc72da" + }, + "Version": "11ubuntu5.7", + "Arch": "amd64", + "SrcName": "base-files", + "SrcVersion": "11ubuntu5.7", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libcrypt1@1:4.4.10-10ubuntu4" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/systemd/system/motd-news.service", + "/lib/systemd/system/motd-news.timer", + "/usr/bin/locale-check", + "/usr/lib/os-release", + "/usr/share/base-files/dot.bashrc", + "/usr/share/base-files/dot.profile", + "/usr/share/base-files/dot.profile.md5sums", + "/usr/share/base-files/info.dir", + "/usr/share/base-files/motd", + "/usr/share/base-files/networks", + "/usr/share/base-files/profile", + "/usr/share/base-files/profile.md5sums", + "/usr/share/base-files/staff-group-for-usr-local", + "/usr/share/common-licenses/Apache-2.0", + "/usr/share/common-licenses/Artistic", + "/usr/share/common-licenses/BSD", + "/usr/share/common-licenses/CC0-1.0", + "/usr/share/common-licenses/GFDL-1.2", + "/usr/share/common-licenses/GFDL-1.3", + "/usr/share/common-licenses/GPL-1", + "/usr/share/common-licenses/GPL-2", + "/usr/share/common-licenses/GPL-3", + "/usr/share/common-licenses/LGPL-2", + "/usr/share/common-licenses/LGPL-2.1", + "/usr/share/common-licenses/LGPL-3", + "/usr/share/common-licenses/MPL-1.1", + "/usr/share/common-licenses/MPL-2.0", + "/usr/share/doc/base-files/README", + "/usr/share/doc/base-files/README.FHS", + "/usr/share/doc/base-files/changelog.gz", + "/usr/share/doc/base-files/copyright", + "/usr/share/lintian/overrides/base-files" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "base-passwd@3.5.47", + "Name": "base-passwd", + "Identifier": { + "PURL": "pkg:deb/ubuntu/base-passwd@3.5.47?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "39e258627f1fe698" + }, + "Version": "3.5.47", + "Arch": "amd64", + "SrcName": "base-passwd", + "SrcVersion": "3.5.47", + "Licenses": [ + "GPL-2.0-only", + "PD" + ], + "Maintainer": "Colin Watson \u003ccjwatson@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libdebconfclient0@0.251ubuntu1" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/sbin/update-passwd", + "/usr/share/base-passwd/group.master", + "/usr/share/base-passwd/passwd.master", + "/usr/share/doc-base/users-and-groups", + "/usr/share/doc/base-passwd/README", + "/usr/share/doc/base-passwd/changelog.gz", + "/usr/share/doc/base-passwd/copyright", + "/usr/share/doc/base-passwd/users-and-groups.html", + "/usr/share/doc/base-passwd/users-and-groups.txt.gz", + "/usr/share/lintian/overrides/base-passwd", + "/usr/share/man/de/man8/update-passwd.8.gz", + "/usr/share/man/es/man8/update-passwd.8.gz", + "/usr/share/man/fr/man8/update-passwd.8.gz", + "/usr/share/man/ja/man8/update-passwd.8.gz", + "/usr/share/man/man8/update-passwd.8.gz", + "/usr/share/man/pl/man8/update-passwd.8.gz", + "/usr/share/man/ru/man8/update-passwd.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "bash@5.0-6ubuntu1.2", + "Name": "bash", + "Identifier": { + "PURL": "pkg:deb/ubuntu/bash@5.0-6ubuntu1.2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "63630bb56302d371" + }, + "Version": "5.0", + "Release": "6ubuntu1.2", + "Arch": "amd64", + "SrcName": "bash", + "SrcVersion": "5.0", + "SrcRelease": "6ubuntu1.2", + "Licenses": [ + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "base-files@11ubuntu5.7", + "debianutils@4.9.1" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/bin/bash", + "/usr/bin/bashbug", + "/usr/bin/clear_console", + "/usr/share/doc/bash/COMPAT.gz", + "/usr/share/doc/bash/INTRO.gz", + "/usr/share/doc/bash/NEWS.gz", + "/usr/share/doc/bash/POSIX.gz", + "/usr/share/doc/bash/RBASH", + "/usr/share/doc/bash/README.Debian.gz", + "/usr/share/doc/bash/README.abs-guide", + "/usr/share/doc/bash/README.commands.gz", + "/usr/share/doc/bash/README.gz", + "/usr/share/doc/bash/changelog.Debian.gz", + "/usr/share/doc/bash/copyright", + "/usr/share/doc/bash/inputrc.arrows", + "/usr/share/lintian/overrides/bash", + "/usr/share/man/man1/bash.1.gz", + "/usr/share/man/man1/bashbug.1.gz", + "/usr/share/man/man1/clear_console.1.gz", + "/usr/share/man/man1/rbash.1.gz", + "/usr/share/man/man7/bash-builtins.7.gz", + "/usr/share/menu/bash" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "bsdutils@1:2.34-0.1ubuntu9.3", + "Name": "bsdutils", + "Identifier": { + "PURL": "pkg:deb/ubuntu/bsdutils@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "c2f19fe3db589c3b" + }, + "Version": "2.34", + "Release": "0.1ubuntu9.3", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.34", + "SrcRelease": "0.1ubuntu9.3", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "public-domain", + "BSD-4-Clause", + "MIT", + "BSD-2-Clause", + "BSD-3-Clause", + "LGPL-2.0-or-later", + "LGPL-2.1-or-later", + "GPL-3.0-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/bin/logger", + "/usr/bin/renice", + "/usr/bin/script", + "/usr/bin/scriptreplay", + "/usr/bin/wall", + "/usr/share/bash-completion/completions/logger", + "/usr/share/bash-completion/completions/renice", + "/usr/share/bash-completion/completions/script", + "/usr/share/bash-completion/completions/scriptreplay", + "/usr/share/bash-completion/completions/wall", + "/usr/share/doc/bsdutils/changelog.Debian.gz", + "/usr/share/doc/bsdutils/copyright", + "/usr/share/lintian/overrides/bsdutils", + "/usr/share/man/man1/logger.1.gz", + "/usr/share/man/man1/renice.1.gz", + "/usr/share/man/man1/script.1.gz", + "/usr/share/man/man1/scriptreplay.1.gz", + "/usr/share/man/man1/wall.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "bzip2@1.0.8-2", + "Name": "bzip2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/bzip2@1.0.8-2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "8421c1f7cecd080f" + }, + "Version": "1.0.8", + "Release": "2", + "Arch": "amd64", + "SrcName": "bzip2", + "SrcVersion": "1.0.8", + "SrcRelease": "2", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libbz2-1.0@1.0.8-2", + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/bin/bunzip2", + "/bin/bzcat", + "/bin/bzdiff", + "/bin/bzexe", + "/bin/bzgrep", + "/bin/bzip2", + "/bin/bzip2recover", + "/bin/bzmore", + "/usr/share/doc/bzip2/copyright", + "/usr/share/man/man1/bzdiff.1.gz", + "/usr/share/man/man1/bzexe.1.gz", + "/usr/share/man/man1/bzgrep.1.gz", + "/usr/share/man/man1/bzip2.1.gz", + "/usr/share/man/man1/bzmore.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "ca-certificates@20211016ubuntu0.20.04.1", + "Name": "ca-certificates", + "Identifier": { + "PURL": "pkg:deb/ubuntu/ca-certificates@20211016ubuntu0.20.04.1?arch=all\u0026distro=ubuntu-20.04", + "UID": "ef025fc6e4caa49c" + }, + "Version": "20211016ubuntu0.20.04.1", + "Arch": "all", + "SrcName": "ca-certificates", + "SrcVersion": "20211016ubuntu0.20.04.1", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "MPL-2.0" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.73", + "openssl@1.1.1f-1ubuntu2.17" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "InstalledFiles": [ + "/usr/sbin/update-ca-certificates", + "/usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", + "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", + "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", + "/usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", + "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", + "/usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", + "/usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", + "/usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", + "/usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", + "/usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Certigna.crt", + "/usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", + "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", + "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", + "/usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", + "/usr/share/ca-certificates/mozilla/Cybertrust_Global_Root.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", + "/usr/share/ca-certificates/mozilla/E-Tugra_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/EC-ACC.crt", + "/usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", + "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", + "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G4.crt", + "/usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", + "/usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R2.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", + "/usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", + "/usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", + "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt", + "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", + "/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_1.crt", + "/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", + "/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", + "/usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", + "/usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", + "/usr/share/ca-certificates/mozilla/Izenpe.com.crt", + "/usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", + "/usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", + "/usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", + "/usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", + "/usr/share/ca-certificates/mozilla/Network_Solutions_Certificate_Authority.crt", + "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", + "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", + "/usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", + "/usr/share/ca-certificates/mozilla/SecureSign_RootCA11.crt", + "/usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", + "/usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", + "/usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", + "/usr/share/ca-certificates/mozilla/Security_Communication_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Staat_der_Nederlanden_EV_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", + "/usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", + "/usr/share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt", + "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", + "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", + "/usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", + "/usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", + "/usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", + "/usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", + "/usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", + "/usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", + "/usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", + "/usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", + "/usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", + "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", + "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", + "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", + "/usr/share/doc/ca-certificates/README.Debian", + "/usr/share/doc/ca-certificates/changelog.gz", + "/usr/share/doc/ca-certificates/copyright", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/Makefile", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/README", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/ca-certificates-local.triggers", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/changelog", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/compat", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/control", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/copyright", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/postrm", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/rules", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/source/format", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Local_Root_CA.crt", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Makefile", + "/usr/share/man/man8/update-ca-certificates.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "coreutils@8.30-3ubuntu2", + "Name": "coreutils", + "Identifier": { + "PURL": "pkg:deb/ubuntu/coreutils@8.30-3ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "186bbd0abf222082" + }, + "Version": "8.30", + "Release": "3ubuntu2", + "Arch": "amd64", + "SrcName": "coreutils", + "SrcVersion": "8.30", + "SrcRelease": "3ubuntu2", + "Licenses": [ + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/bin/cat", + "/bin/chgrp", + "/bin/chmod", + "/bin/chown", + "/bin/cp", + "/bin/date", + "/bin/dd", + "/bin/df", + "/bin/dir", + "/bin/echo", + "/bin/false", + "/bin/ln", + "/bin/ls", + "/bin/mkdir", + "/bin/mknod", + "/bin/mktemp", + "/bin/mv", + "/bin/pwd", + "/bin/readlink", + "/bin/rm", + "/bin/rmdir", + "/bin/sleep", + "/bin/stty", + "/bin/sync", + "/bin/touch", + "/bin/true", + "/bin/uname", + "/bin/vdir", + "/usr/bin/[", + "/usr/bin/arch", + "/usr/bin/b2sum", + "/usr/bin/base32", + "/usr/bin/base64", + "/usr/bin/basename", + "/usr/bin/chcon", + "/usr/bin/cksum", + "/usr/bin/comm", + "/usr/bin/csplit", + "/usr/bin/cut", + "/usr/bin/dircolors", + "/usr/bin/dirname", + "/usr/bin/du", + "/usr/bin/env", + "/usr/bin/expand", + "/usr/bin/expr", + "/usr/bin/factor", + "/usr/bin/fmt", + "/usr/bin/fold", + "/usr/bin/groups", + "/usr/bin/head", + "/usr/bin/hostid", + "/usr/bin/id", + "/usr/bin/install", + "/usr/bin/join", + "/usr/bin/link", + "/usr/bin/logname", + "/usr/bin/md5sum", + "/usr/bin/mkfifo", + "/usr/bin/nice", + "/usr/bin/nl", + "/usr/bin/nohup", + "/usr/bin/nproc", + "/usr/bin/numfmt", + "/usr/bin/od", + "/usr/bin/paste", + "/usr/bin/pathchk", + "/usr/bin/pinky", + "/usr/bin/pr", + "/usr/bin/printenv", + "/usr/bin/printf", + "/usr/bin/ptx", + "/usr/bin/realpath", + "/usr/bin/runcon", + "/usr/bin/seq", + "/usr/bin/sha1sum", + "/usr/bin/sha224sum", + "/usr/bin/sha256sum", + "/usr/bin/sha384sum", + "/usr/bin/sha512sum", + "/usr/bin/shred", + "/usr/bin/shuf", + "/usr/bin/sort", + "/usr/bin/split", + "/usr/bin/stat", + "/usr/bin/stdbuf", + "/usr/bin/sum", + "/usr/bin/tac", + "/usr/bin/tail", + "/usr/bin/tee", + "/usr/bin/test", + "/usr/bin/timeout", + "/usr/bin/tr", + "/usr/bin/truncate", + "/usr/bin/tsort", + "/usr/bin/tty", + "/usr/bin/unexpand", + "/usr/bin/uniq", + "/usr/bin/unlink", + "/usr/bin/users", + "/usr/bin/wc", + "/usr/bin/who", + "/usr/bin/whoami", + "/usr/bin/yes", + "/usr/lib/x86_64-linux-gnu/coreutils/libstdbuf.so", + "/usr/sbin/chroot", + "/usr/share/doc/coreutils/AUTHORS", + "/usr/share/doc/coreutils/NEWS.Debian.gz", + "/usr/share/doc/coreutils/NEWS.gz", + "/usr/share/doc/coreutils/README.Debian", + "/usr/share/doc/coreutils/README.gz", + "/usr/share/doc/coreutils/THANKS.gz", + "/usr/share/doc/coreutils/TODO.gz", + "/usr/share/doc/coreutils/changelog.Debian.gz", + "/usr/share/doc/coreutils/copyright", + "/usr/share/info/coreutils.info.gz", + "/usr/share/man/man1/arch.1.gz", + "/usr/share/man/man1/b2sum.1.gz", + "/usr/share/man/man1/base32.1.gz", + "/usr/share/man/man1/base64.1.gz", + "/usr/share/man/man1/basename.1.gz", + "/usr/share/man/man1/cat.1.gz", + "/usr/share/man/man1/chcon.1.gz", + "/usr/share/man/man1/chgrp.1.gz", + "/usr/share/man/man1/chmod.1.gz", + "/usr/share/man/man1/chown.1.gz", + "/usr/share/man/man1/cksum.1.gz", + "/usr/share/man/man1/comm.1.gz", + "/usr/share/man/man1/cp.1.gz", + "/usr/share/man/man1/csplit.1.gz", + "/usr/share/man/man1/cut.1.gz", + "/usr/share/man/man1/date.1.gz", + "/usr/share/man/man1/dd.1.gz", + "/usr/share/man/man1/df.1.gz", + "/usr/share/man/man1/dir.1.gz", + "/usr/share/man/man1/dircolors.1.gz", + "/usr/share/man/man1/dirname.1.gz", + "/usr/share/man/man1/du.1.gz", + "/usr/share/man/man1/echo.1.gz", + "/usr/share/man/man1/env.1.gz", + "/usr/share/man/man1/expand.1.gz", + "/usr/share/man/man1/expr.1.gz", + "/usr/share/man/man1/factor.1.gz", + "/usr/share/man/man1/false.1.gz", + "/usr/share/man/man1/fmt.1.gz", + "/usr/share/man/man1/fold.1.gz", + "/usr/share/man/man1/groups.1.gz", + "/usr/share/man/man1/head.1.gz", + "/usr/share/man/man1/hostid.1.gz", + "/usr/share/man/man1/id.1.gz", + "/usr/share/man/man1/install.1.gz", + "/usr/share/man/man1/join.1.gz", + "/usr/share/man/man1/link.1.gz", + "/usr/share/man/man1/ln.1.gz", + "/usr/share/man/man1/logname.1.gz", + "/usr/share/man/man1/ls.1.gz", + "/usr/share/man/man1/md5sum.1.gz", + "/usr/share/man/man1/mkdir.1.gz", + "/usr/share/man/man1/mkfifo.1.gz", + "/usr/share/man/man1/mknod.1.gz", + "/usr/share/man/man1/mktemp.1.gz", + "/usr/share/man/man1/mv.1.gz", + "/usr/share/man/man1/nice.1.gz", + "/usr/share/man/man1/nl.1.gz", + "/usr/share/man/man1/nohup.1.gz", + "/usr/share/man/man1/nproc.1.gz", + "/usr/share/man/man1/numfmt.1.gz", + "/usr/share/man/man1/od.1.gz", + "/usr/share/man/man1/paste.1.gz", + "/usr/share/man/man1/pathchk.1.gz", + "/usr/share/man/man1/pinky.1.gz", + "/usr/share/man/man1/pr.1.gz", + "/usr/share/man/man1/printenv.1.gz", + "/usr/share/man/man1/printf.1.gz", + "/usr/share/man/man1/ptx.1.gz", + "/usr/share/man/man1/pwd.1.gz", + "/usr/share/man/man1/readlink.1.gz", + "/usr/share/man/man1/realpath.1.gz", + "/usr/share/man/man1/rm.1.gz", + "/usr/share/man/man1/rmdir.1.gz", + "/usr/share/man/man1/runcon.1.gz", + "/usr/share/man/man1/seq.1.gz", + "/usr/share/man/man1/sha1sum.1.gz", + "/usr/share/man/man1/sha224sum.1.gz", + "/usr/share/man/man1/sha256sum.1.gz", + "/usr/share/man/man1/sha384sum.1.gz", + "/usr/share/man/man1/sha512sum.1.gz", + "/usr/share/man/man1/shred.1.gz", + "/usr/share/man/man1/shuf.1.gz", + "/usr/share/man/man1/sleep.1.gz", + "/usr/share/man/man1/sort.1.gz", + "/usr/share/man/man1/split.1.gz", + "/usr/share/man/man1/stat.1.gz", + "/usr/share/man/man1/stdbuf.1.gz", + "/usr/share/man/man1/stty.1.gz", + "/usr/share/man/man1/sum.1.gz", + "/usr/share/man/man1/sync.1.gz", + "/usr/share/man/man1/tac.1.gz", + "/usr/share/man/man1/tail.1.gz", + "/usr/share/man/man1/tee.1.gz", + "/usr/share/man/man1/test.1.gz", + "/usr/share/man/man1/timeout.1.gz", + "/usr/share/man/man1/touch.1.gz", + "/usr/share/man/man1/tr.1.gz", + "/usr/share/man/man1/true.1.gz", + "/usr/share/man/man1/truncate.1.gz", + "/usr/share/man/man1/tsort.1.gz", + "/usr/share/man/man1/tty.1.gz", + "/usr/share/man/man1/uname.1.gz", + "/usr/share/man/man1/unexpand.1.gz", + "/usr/share/man/man1/uniq.1.gz", + "/usr/share/man/man1/unlink.1.gz", + "/usr/share/man/man1/users.1.gz", + "/usr/share/man/man1/vdir.1.gz", + "/usr/share/man/man1/wc.1.gz", + "/usr/share/man/man1/who.1.gz", + "/usr/share/man/man1/whoami.1.gz", + "/usr/share/man/man1/yes.1.gz", + "/usr/share/man/man8/chroot.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "dash@0.5.10.2-6", + "Name": "dash", + "Identifier": { + "PURL": "pkg:deb/ubuntu/dash@0.5.10.2-6?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "339907d4c6dfa92b" + }, + "Version": "0.5.10.2", + "Release": "6", + "Arch": "amd64", + "SrcName": "dash", + "SrcVersion": "0.5.10.2", + "SrcRelease": "6", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.73", + "debianutils@4.9.1", + "dpkg@1.19.7ubuntu3.2" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/bin/dash", + "/usr/share/doc/dash/NEWS.Debian.gz", + "/usr/share/doc/dash/README.Debian.diet", + "/usr/share/doc/dash/README.source", + "/usr/share/doc/dash/changelog.Debian.gz", + "/usr/share/doc/dash/copyright", + "/usr/share/lintian/overrides/dash", + "/usr/share/man/man1/dash.1.gz", + "/usr/share/menu/dash" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "debconf@1.5.73", + "Name": "debconf", + "Identifier": { + "PURL": "pkg:deb/ubuntu/debconf@1.5.73?arch=all\u0026distro=ubuntu-20.04", + "UID": "e57d99b341400824" + }, + "Version": "1.5.73", + "Arch": "all", + "SrcName": "debconf", + "SrcVersion": "1.5.73", + "Licenses": [ + "BSD-2-Clause" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/bin/debconf", + "/usr/bin/debconf-apt-progress", + "/usr/bin/debconf-communicate", + "/usr/bin/debconf-copydb", + "/usr/bin/debconf-escape", + "/usr/bin/debconf-set-selections", + "/usr/bin/debconf-show", + "/usr/sbin/dpkg-preconfigure", + "/usr/sbin/dpkg-reconfigure", + "/usr/share/bash-completion/completions/debconf", + "/usr/share/debconf/confmodule", + "/usr/share/debconf/confmodule.sh", + "/usr/share/debconf/debconf.conf", + "/usr/share/debconf/fix_db.pl", + "/usr/share/debconf/frontend", + "/usr/share/debconf/transition_db.pl", + "/usr/share/doc/debconf/NEWS.Debian.gz", + "/usr/share/doc/debconf/README.Debian", + "/usr/share/doc/debconf/changelog.gz", + "/usr/share/doc/debconf/copyright", + "/usr/share/lintian/overrides/debconf", + "/usr/share/man/man1/debconf-apt-progress.1.gz", + "/usr/share/man/man1/debconf-communicate.1.gz", + "/usr/share/man/man1/debconf-copydb.1.gz", + "/usr/share/man/man1/debconf-escape.1.gz", + "/usr/share/man/man1/debconf-set-selections.1.gz", + "/usr/share/man/man1/debconf-show.1.gz", + "/usr/share/man/man1/debconf.1.gz", + "/usr/share/man/man8/dpkg-preconfigure.8.gz", + "/usr/share/man/man8/dpkg-reconfigure.8.gz", + "/usr/share/perl5/Debconf/AutoSelect.pm", + "/usr/share/perl5/Debconf/Base.pm", + "/usr/share/perl5/Debconf/Client/ConfModule.pm", + "/usr/share/perl5/Debconf/ConfModule.pm", + "/usr/share/perl5/Debconf/Config.pm", + "/usr/share/perl5/Debconf/Db.pm", + "/usr/share/perl5/Debconf/DbDriver.pm", + "/usr/share/perl5/Debconf/DbDriver/Backup.pm", + "/usr/share/perl5/Debconf/DbDriver/Cache.pm", + "/usr/share/perl5/Debconf/DbDriver/Copy.pm", + "/usr/share/perl5/Debconf/DbDriver/Debug.pm", + "/usr/share/perl5/Debconf/DbDriver/DirTree.pm", + "/usr/share/perl5/Debconf/DbDriver/Directory.pm", + "/usr/share/perl5/Debconf/DbDriver/File.pm", + "/usr/share/perl5/Debconf/DbDriver/LDAP.pm", + "/usr/share/perl5/Debconf/DbDriver/PackageDir.pm", + "/usr/share/perl5/Debconf/DbDriver/Pipe.pm", + "/usr/share/perl5/Debconf/DbDriver/Stack.pm", + "/usr/share/perl5/Debconf/Element.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Error.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Note.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Password.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Progress.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Select.pm", + "/usr/share/perl5/Debconf/Element/Dialog/String.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Text.pm", + "/usr/share/perl5/Debconf/Element/Editor/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Editor/Error.pm", + "/usr/share/perl5/Debconf/Element/Editor/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Editor/Note.pm", + "/usr/share/perl5/Debconf/Element/Editor/Password.pm", + "/usr/share/perl5/Debconf/Element/Editor/Progress.pm", + "/usr/share/perl5/Debconf/Element/Editor/Select.pm", + "/usr/share/perl5/Debconf/Element/Editor/String.pm", + "/usr/share/perl5/Debconf/Element/Editor/Text.pm", + "/usr/share/perl5/Debconf/Element/Gnome.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Error.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Note.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Password.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Progress.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Select.pm", + "/usr/share/perl5/Debconf/Element/Gnome/String.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Text.pm", + "/usr/share/perl5/Debconf/Element/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Error.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Note.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Password.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Progress.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Select.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/String.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Text.pm", + "/usr/share/perl5/Debconf/Element/Select.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Error.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Note.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Password.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Progress.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Select.pm", + "/usr/share/perl5/Debconf/Element/Teletype/String.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Text.pm", + "/usr/share/perl5/Debconf/Element/Web/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Web/Error.pm", + "/usr/share/perl5/Debconf/Element/Web/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Web/Note.pm", + "/usr/share/perl5/Debconf/Element/Web/Password.pm", + "/usr/share/perl5/Debconf/Element/Web/Progress.pm", + "/usr/share/perl5/Debconf/Element/Web/Select.pm", + "/usr/share/perl5/Debconf/Element/Web/String.pm", + "/usr/share/perl5/Debconf/Element/Web/Text.pm", + "/usr/share/perl5/Debconf/Encoding.pm", + "/usr/share/perl5/Debconf/Format.pm", + "/usr/share/perl5/Debconf/Format/822.pm", + "/usr/share/perl5/Debconf/FrontEnd.pm", + "/usr/share/perl5/Debconf/FrontEnd/Dialog.pm", + "/usr/share/perl5/Debconf/FrontEnd/Editor.pm", + "/usr/share/perl5/Debconf/FrontEnd/Gnome.pm", + "/usr/share/perl5/Debconf/FrontEnd/Kde.pm", + "/usr/share/perl5/Debconf/FrontEnd/Noninteractive.pm", + "/usr/share/perl5/Debconf/FrontEnd/Passthrough.pm", + "/usr/share/perl5/Debconf/FrontEnd/Readline.pm", + "/usr/share/perl5/Debconf/FrontEnd/ScreenSize.pm", + "/usr/share/perl5/Debconf/FrontEnd/Teletype.pm", + "/usr/share/perl5/Debconf/FrontEnd/Text.pm", + "/usr/share/perl5/Debconf/FrontEnd/Web.pm", + "/usr/share/perl5/Debconf/Gettext.pm", + "/usr/share/perl5/Debconf/Iterator.pm", + "/usr/share/perl5/Debconf/Log.pm", + "/usr/share/perl5/Debconf/Path.pm", + "/usr/share/perl5/Debconf/Priority.pm", + "/usr/share/perl5/Debconf/Question.pm", + "/usr/share/perl5/Debconf/Template.pm", + "/usr/share/perl5/Debconf/Template/Transient.pm", + "/usr/share/perl5/Debconf/TmpFile.pm", + "/usr/share/perl5/Debian/DebConf/Client/ConfModule.pm", + "/usr/share/pixmaps/debian-logo.png" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "debianutils@4.9.1", + "Name": "debianutils", + "Identifier": { + "PURL": "pkg:deb/ubuntu/debianutils@4.9.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "33c033894c33c0a9" + }, + "Version": "4.9.1", + "Arch": "amd64", + "SrcName": "debianutils", + "SrcVersion": "4.9.1", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/bin/run-parts", + "/bin/tempfile", + "/bin/which", + "/sbin/installkernel", + "/usr/bin/ischroot", + "/usr/bin/savelog", + "/usr/sbin/add-shell", + "/usr/sbin/remove-shell", + "/usr/share/debianutils/shells", + "/usr/share/doc/debianutils/README.shells.gz", + "/usr/share/doc/debianutils/changelog.gz", + "/usr/share/doc/debianutils/copyright", + "/usr/share/man/de/man1/tempfile.1.gz", + "/usr/share/man/de/man1/which.1.gz", + "/usr/share/man/de/man8/add-shell.8.gz", + "/usr/share/man/de/man8/installkernel.8.gz", + "/usr/share/man/de/man8/remove-shell.8.gz", + "/usr/share/man/de/man8/run-parts.8.gz", + "/usr/share/man/de/man8/savelog.8.gz", + "/usr/share/man/es/man1/tempfile.1.gz", + "/usr/share/man/es/man1/which.1.gz", + "/usr/share/man/es/man8/add-shell.8.gz", + "/usr/share/man/es/man8/installkernel.8.gz", + "/usr/share/man/es/man8/remove-shell.8.gz", + "/usr/share/man/es/man8/run-parts.8.gz", + "/usr/share/man/es/man8/savelog.8.gz", + "/usr/share/man/fr/man1/tempfile.1.gz", + "/usr/share/man/fr/man1/which.1.gz", + "/usr/share/man/fr/man8/add-shell.8.gz", + "/usr/share/man/fr/man8/installkernel.8.gz", + "/usr/share/man/fr/man8/remove-shell.8.gz", + "/usr/share/man/fr/man8/run-parts.8.gz", + "/usr/share/man/fr/man8/savelog.8.gz", + "/usr/share/man/it/man1/tempfile.1.gz", + "/usr/share/man/it/man1/which.1.gz", + "/usr/share/man/it/man8/add-shell.8.gz", + "/usr/share/man/it/man8/installkernel.8.gz", + "/usr/share/man/it/man8/remove-shell.8.gz", + "/usr/share/man/it/man8/run-parts.8.gz", + "/usr/share/man/it/man8/savelog.8.gz", + "/usr/share/man/ja/man1/tempfile.1.gz", + "/usr/share/man/ja/man1/which.1.gz", + "/usr/share/man/ja/man8/add-shell.8.gz", + "/usr/share/man/ja/man8/installkernel.8.gz", + "/usr/share/man/ja/man8/remove-shell.8.gz", + "/usr/share/man/ja/man8/run-parts.8.gz", + "/usr/share/man/ja/man8/savelog.8.gz", + "/usr/share/man/man1/ischroot.1.gz", + "/usr/share/man/man1/tempfile.1.gz", + "/usr/share/man/man1/which.1.gz", + "/usr/share/man/man8/add-shell.8.gz", + "/usr/share/man/man8/installkernel.8.gz", + "/usr/share/man/man8/remove-shell.8.gz", + "/usr/share/man/man8/run-parts.8.gz", + "/usr/share/man/man8/savelog.8.gz", + "/usr/share/man/pl/man1/tempfile.1.gz", + "/usr/share/man/pl/man1/which.1.gz", + "/usr/share/man/pl/man8/add-shell.8.gz", + "/usr/share/man/pl/man8/installkernel.8.gz", + "/usr/share/man/pl/man8/remove-shell.8.gz", + "/usr/share/man/pl/man8/run-parts.8.gz", + "/usr/share/man/pl/man8/savelog.8.gz", + "/usr/share/man/sl/man1/tempfile.1.gz", + "/usr/share/man/sl/man1/which.1.gz", + "/usr/share/man/sl/man8/add-shell.8.gz", + "/usr/share/man/sl/man8/installkernel.8.gz", + "/usr/share/man/sl/man8/remove-shell.8.gz", + "/usr/share/man/sl/man8/run-parts.8.gz", + "/usr/share/man/sl/man8/savelog.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "diffutils@1:3.7-3", + "Name": "diffutils", + "Identifier": { + "PURL": "pkg:deb/ubuntu/diffutils@3.7-3?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "20a16873c3eab51c" + }, + "Version": "3.7", + "Release": "3", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "diffutils", + "SrcVersion": "3.7", + "SrcRelease": "3", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-or-later", + "GFDL-1.3-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/bin/cmp", + "/usr/bin/diff", + "/usr/bin/diff3", + "/usr/bin/sdiff", + "/usr/share/doc/diffutils/NEWS.gz", + "/usr/share/doc/diffutils/changelog.Debian.gz", + "/usr/share/doc/diffutils/copyright", + "/usr/share/info/diffutils.info.gz", + "/usr/share/man/man1/cmp.1.gz", + "/usr/share/man/man1/diff.1.gz", + "/usr/share/man/man1/diff3.1.gz", + "/usr/share/man/man1/sdiff.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "dpkg@1.19.7ubuntu3.2", + "Name": "dpkg", + "Identifier": { + "PURL": "pkg:deb/ubuntu/dpkg@1.19.7ubuntu3.2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "ee837475a82dbbe7" + }, + "Version": "1.19.7ubuntu3.2", + "Arch": "amd64", + "SrcName": "dpkg", + "SrcVersion": "1.19.7ubuntu3.2", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "BSD-2-Clause", + "public-domain-s-s-d", + "public-domain-md5" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "tar@1.30+dfsg-7ubuntu0.20.04.3" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/sbin/start-stop-daemon", + "/usr/bin/dpkg", + "/usr/bin/dpkg-deb", + "/usr/bin/dpkg-divert", + "/usr/bin/dpkg-maintscript-helper", + "/usr/bin/dpkg-query", + "/usr/bin/dpkg-split", + "/usr/bin/dpkg-statoverride", + "/usr/bin/dpkg-trigger", + "/usr/bin/update-alternatives", + "/usr/share/bug/dpkg", + "/usr/share/doc/dpkg/AUTHORS", + "/usr/share/doc/dpkg/README.feature-removal-schedule.gz", + "/usr/share/doc/dpkg/THANKS.gz", + "/usr/share/doc/dpkg/changelog.Debian.gz", + "/usr/share/doc/dpkg/copyright", + "/usr/share/doc/dpkg/usertags.gz", + "/usr/share/dpkg/abitable", + "/usr/share/dpkg/cputable", + "/usr/share/dpkg/ostable", + "/usr/share/dpkg/tupletable", + "/usr/share/lintian/overrides/dpkg", + "/usr/share/lintian/profiles/dpkg/main.profile", + "/usr/share/locale/ast/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/bs/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ca/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/cs/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/da/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/de/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/dz/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/el/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/eo/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/es/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/et/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/eu/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/fr/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/gl/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/hu/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/id/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/it/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ja/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/km/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ko/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ku/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/lt/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/mr/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/nb/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ne/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/nl/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/nn/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/pa/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/pl/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/pt/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ro/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ru/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/sk/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/sv/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/th/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/tl/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/tr/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/vi/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/dpkg.mo", + "/usr/share/man/de/man1/dpkg-deb.1.gz", + "/usr/share/man/de/man1/dpkg-divert.1.gz", + "/usr/share/man/de/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/de/man1/dpkg-query.1.gz", + "/usr/share/man/de/man1/dpkg-split.1.gz", + "/usr/share/man/de/man1/dpkg-statoverride.1.gz", + "/usr/share/man/de/man1/dpkg-trigger.1.gz", + "/usr/share/man/de/man1/dpkg.1.gz", + "/usr/share/man/de/man1/update-alternatives.1.gz", + "/usr/share/man/de/man5/dpkg.cfg.5.gz", + "/usr/share/man/de/man8/start-stop-daemon.8.gz", + "/usr/share/man/es/man1/dpkg-split.1.gz", + "/usr/share/man/es/man1/update-alternatives.1.gz", + "/usr/share/man/fr/man1/dpkg-deb.1.gz", + "/usr/share/man/fr/man1/dpkg-divert.1.gz", + "/usr/share/man/fr/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/fr/man1/dpkg-query.1.gz", + "/usr/share/man/fr/man1/dpkg-split.1.gz", + "/usr/share/man/fr/man1/dpkg-statoverride.1.gz", + "/usr/share/man/fr/man1/dpkg-trigger.1.gz", + "/usr/share/man/fr/man1/dpkg.1.gz", + "/usr/share/man/fr/man1/update-alternatives.1.gz", + "/usr/share/man/fr/man5/dpkg.cfg.5.gz", + "/usr/share/man/fr/man8/start-stop-daemon.8.gz", + "/usr/share/man/it/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/it/man1/dpkg-split.1.gz", + "/usr/share/man/it/man1/update-alternatives.1.gz", + "/usr/share/man/ja/man1/dpkg-split.1.gz", + "/usr/share/man/ja/man1/update-alternatives.1.gz", + "/usr/share/man/man1/dpkg-deb.1.gz", + "/usr/share/man/man1/dpkg-divert.1.gz", + "/usr/share/man/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/man1/dpkg-query.1.gz", + "/usr/share/man/man1/dpkg-split.1.gz", + "/usr/share/man/man1/dpkg-statoverride.1.gz", + "/usr/share/man/man1/dpkg-trigger.1.gz", + "/usr/share/man/man1/dpkg.1.gz", + "/usr/share/man/man1/update-alternatives.1.gz", + "/usr/share/man/man5/dpkg.cfg.5.gz", + "/usr/share/man/man8/start-stop-daemon.8.gz", + "/usr/share/man/nl/man1/dpkg-deb.1.gz", + "/usr/share/man/nl/man1/dpkg-divert.1.gz", + "/usr/share/man/nl/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/nl/man1/dpkg-query.1.gz", + "/usr/share/man/nl/man1/dpkg-split.1.gz", + "/usr/share/man/nl/man1/dpkg-statoverride.1.gz", + "/usr/share/man/nl/man1/dpkg-trigger.1.gz", + "/usr/share/man/nl/man1/dpkg.1.gz", + "/usr/share/man/nl/man1/update-alternatives.1.gz", + "/usr/share/man/nl/man5/dpkg.cfg.5.gz", + "/usr/share/man/nl/man8/start-stop-daemon.8.gz", + "/usr/share/man/pl/man1/dpkg-split.1.gz", + "/usr/share/man/pl/man1/update-alternatives.1.gz", + "/usr/share/man/sv/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/sv/man1/dpkg-split.1.gz", + "/usr/share/man/sv/man1/dpkg-trigger.1.gz", + "/usr/share/man/sv/man1/update-alternatives.1.gz", + "/usr/share/polkit-1/actions/org.dpkg.pkexec.update-alternatives.policy" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "e2fsprogs@1.45.5-2ubuntu1.1", + "Name": "e2fsprogs", + "Identifier": { + "PURL": "pkg:deb/ubuntu/e2fsprogs@1.45.5-2ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "837d9bdbf71f5a70" + }, + "Version": "1.45.5", + "Release": "2ubuntu1.1", + "Arch": "amd64", + "SrcName": "e2fsprogs", + "SrcVersion": "1.45.5", + "SrcRelease": "2ubuntu1.1", + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "logsave@1.45.5-2ubuntu1.1" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/systemd/system/e2scrub@.service", + "/lib/systemd/system/e2scrub_all.service", + "/lib/systemd/system/e2scrub_all.timer", + "/lib/systemd/system/e2scrub_fail@.service", + "/lib/systemd/system/e2scrub_reap.service", + "/lib/udev/rules.d/96-e2scrub.rules", + "/sbin/badblocks", + "/sbin/debugfs", + "/sbin/dumpe2fs", + "/sbin/e2fsck", + "/sbin/e2image", + "/sbin/e2scrub", + "/sbin/e2scrub_all", + "/sbin/e2undo", + "/sbin/mke2fs", + "/sbin/resize2fs", + "/sbin/tune2fs", + "/usr/bin/chattr", + "/usr/bin/lsattr", + "/usr/lib/x86_64-linux-gnu/e2fsprogs/e2scrub_all_cron", + "/usr/lib/x86_64-linux-gnu/e2fsprogs/e2scrub_fail", + "/usr/sbin/e2freefrag", + "/usr/sbin/e4crypt", + "/usr/sbin/e4defrag", + "/usr/sbin/filefrag", + "/usr/sbin/mklost+found", + "/usr/share/doc/e2fsprogs/NEWS.gz", + "/usr/share/doc/e2fsprogs/README", + "/usr/share/doc/e2fsprogs/copyright", + "/usr/share/lintian/overrides/e2fsprogs", + "/usr/share/man/man1/chattr.1.gz", + "/usr/share/man/man1/lsattr.1.gz", + "/usr/share/man/man5/e2fsck.conf.5.gz", + "/usr/share/man/man5/ext4.5.gz", + "/usr/share/man/man5/mke2fs.conf.5.gz", + "/usr/share/man/man8/badblocks.8.gz", + "/usr/share/man/man8/debugfs.8.gz", + "/usr/share/man/man8/dumpe2fs.8.gz", + "/usr/share/man/man8/e2freefrag.8.gz", + "/usr/share/man/man8/e2fsck.8.gz", + "/usr/share/man/man8/e2image.8.gz", + "/usr/share/man/man8/e2label.8.gz", + "/usr/share/man/man8/e2mmpstatus.8.gz", + "/usr/share/man/man8/e2scrub.8.gz", + "/usr/share/man/man8/e2scrub_all.8.gz", + "/usr/share/man/man8/e2undo.8.gz", + "/usr/share/man/man8/e4crypt.8.gz", + "/usr/share/man/man8/e4defrag.8.gz", + "/usr/share/man/man8/filefrag.8.gz", + "/usr/share/man/man8/mke2fs.8.gz", + "/usr/share/man/man8/mklost+found.8.gz", + "/usr/share/man/man8/resize2fs.8.gz", + "/usr/share/man/man8/tune2fs.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "fdisk@2.34-0.1ubuntu9.3", + "Name": "fdisk", + "Identifier": { + "PURL": "pkg:deb/ubuntu/fdisk@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e93cc0834325a9d6" + }, + "Version": "2.34", + "Release": "0.1ubuntu9.3", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.34", + "SrcRelease": "0.1ubuntu9.3", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "public-domain", + "BSD-4-Clause", + "MIT", + "BSD-2-Clause", + "BSD-3-Clause", + "LGPL-2.0-or-later", + "LGPL-2.1-or-later", + "GPL-3.0-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libfdisk1@2.34-0.1ubuntu9.3", + "libmount1@2.34-0.1ubuntu9.3", + "libncursesw6@6.2-0ubuntu2", + "libsmartcols1@2.34-0.1ubuntu9.3", + "libtinfo6@6.2-0ubuntu2" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/sbin/cfdisk", + "/sbin/fdisk", + "/sbin/sfdisk", + "/usr/share/bash-completion/completions/cfdisk", + "/usr/share/bash-completion/completions/fdisk", + "/usr/share/bash-completion/completions/sfdisk", + "/usr/share/doc/fdisk/copyright", + "/usr/share/man/man8/cfdisk.8.gz", + "/usr/share/man/man8/fdisk.8.gz", + "/usr/share/man/man8/sfdisk.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "findutils@4.7.0-1ubuntu1", + "Name": "findutils", + "Identifier": { + "PURL": "pkg:deb/ubuntu/findutils@4.7.0-1ubuntu1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "cf6c12ae56df7c0c" + }, + "Version": "4.7.0", + "Release": "1ubuntu1", + "Arch": "amd64", + "SrcName": "findutils", + "SrcVersion": "4.7.0", + "SrcRelease": "1ubuntu1", + "Licenses": [ + "GPL-3.0-only", + "GFDL-1.3-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/bin/find", + "/usr/bin/xargs", + "/usr/share/doc-base/findutils", + "/usr/share/doc/findutils/NEWS.Debian.gz", + "/usr/share/doc/findutils/NEWS.gz", + "/usr/share/doc/findutils/README.gz", + "/usr/share/doc/findutils/TODO", + "/usr/share/doc/findutils/changelog.Debian.gz", + "/usr/share/doc/findutils/copyright", + "/usr/share/info/find-maint.info.gz", + "/usr/share/info/find.info-1.gz", + "/usr/share/info/find.info-2.gz", + "/usr/share/info/find.info.gz", + "/usr/share/man/man1/find.1.gz", + "/usr/share/man/man1/xargs.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "galera-4@26.4.14-ubu2004", + "Name": "galera-4", + "Identifier": { + "PURL": "pkg:deb/ubuntu/galera-4@26.4.14-ubu2004?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "75c6738053f429f6" + }, + "Version": "26.4.14", + "Release": "ubu2004", + "Arch": "amd64", + "SrcName": "galera-4", + "SrcVersion": "26.4.14", + "SrcRelease": "ubu2004", + "Licenses": [ + "GPL-2.0-only", + "other", + "GFDL-1.1-or-later", + "CC-BY-SA-3.0", + "GFDL-1.2-only" + ], + "Maintainer": "Codership Oy \u003cinfo@codership.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libgcc-s1@10.3.0-1ubuntu1~20.04", + "libssl1.1@1.1.1f-1ubuntu2.17", + "libstdc++6@10.3.0-1ubuntu1~20.04" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/lib/libgalera_smm.so", + "/usr/share/doc/galera-4/AUTHORS", + "/usr/share/doc/galera-4/README.gz", + "/usr/share/doc/galera-4/changelog.Debian.gz", + "/usr/share/doc/galera-4/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "gawk@1:5.0.1+dfsg-1", + "Name": "gawk", + "Identifier": { + "PURL": "pkg:deb/ubuntu/gawk@5.0.1%2Bdfsg-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "e7d9fd5e0ccccae5" + }, + "Version": "5.0.1+dfsg", + "Release": "1", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "gawk", + "SrcVersion": "5.0.1+dfsg", + "SrcRelease": "1", + "SrcEpoch": 1, + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/bin/gawk", + "/usr/include/gawkapi.h", + "/usr/lib/x86_64-linux-gnu/awk/grcat", + "/usr/lib/x86_64-linux-gnu/awk/pwcat", + "/usr/lib/x86_64-linux-gnu/gawk/filefuncs.so", + "/usr/lib/x86_64-linux-gnu/gawk/fnmatch.so", + "/usr/lib/x86_64-linux-gnu/gawk/fork.so", + "/usr/lib/x86_64-linux-gnu/gawk/inplace.so", + "/usr/lib/x86_64-linux-gnu/gawk/intdiv.so", + "/usr/lib/x86_64-linux-gnu/gawk/ordchr.so", + "/usr/lib/x86_64-linux-gnu/gawk/readdir.so", + "/usr/lib/x86_64-linux-gnu/gawk/readfile.so", + "/usr/lib/x86_64-linux-gnu/gawk/revoutput.so", + "/usr/lib/x86_64-linux-gnu/gawk/revtwoway.so", + "/usr/lib/x86_64-linux-gnu/gawk/rwarray.so", + "/usr/lib/x86_64-linux-gnu/gawk/time.so", + "/usr/share/awk/assert.awk", + "/usr/share/awk/bits2str.awk", + "/usr/share/awk/cliff_rand.awk", + "/usr/share/awk/ctime.awk", + "/usr/share/awk/ftrans.awk", + "/usr/share/awk/getopt.awk", + "/usr/share/awk/gettime.awk", + "/usr/share/awk/group.awk", + "/usr/share/awk/have_mpfr.awk", + "/usr/share/awk/inplace.awk", + "/usr/share/awk/intdiv0.awk", + "/usr/share/awk/join.awk", + "/usr/share/awk/libintl.awk", + "/usr/share/awk/noassign.awk", + "/usr/share/awk/ns_passwd.awk", + "/usr/share/awk/ord.awk", + "/usr/share/awk/passwd.awk", + "/usr/share/awk/processarray.awk", + "/usr/share/awk/quicksort.awk", + "/usr/share/awk/readable.awk", + "/usr/share/awk/readfile.awk", + "/usr/share/awk/rewind.awk", + "/usr/share/awk/round.awk", + "/usr/share/awk/shellquote.awk", + "/usr/share/awk/strtonum.awk", + "/usr/share/awk/walkarray.awk", + "/usr/share/awk/zerofile.awk", + "/usr/share/doc/gawk/AUTHORS", + "/usr/share/doc/gawk/NEWS.gz", + "/usr/share/doc/gawk/POSIX.STD", + "/usr/share/doc/gawk/README", + "/usr/share/doc/gawk/changelog.Debian.gz", + "/usr/share/doc/gawk/copyright", + "/usr/share/doc/gawk/examples/data/class_data1", + "/usr/share/doc/gawk/examples/data/class_data2", + "/usr/share/doc/gawk/examples/data/guide-mellow.po", + "/usr/share/doc/gawk/examples/data/guide.po", + "/usr/share/doc/gawk/examples/data/inventory-shipped", + "/usr/share/doc/gawk/examples/data/mail-list", + "/usr/share/doc/gawk/examples/lib/assert.awk", + "/usr/share/doc/gawk/examples/lib/bits2str.awk", + "/usr/share/doc/gawk/examples/lib/cliff_rand.awk", + "/usr/share/doc/gawk/examples/lib/ctime.awk", + "/usr/share/doc/gawk/examples/lib/ftrans.awk", + "/usr/share/doc/gawk/examples/lib/getopt.awk", + "/usr/share/doc/gawk/examples/lib/gettime.awk", + "/usr/share/doc/gawk/examples/lib/grcat.c", + "/usr/share/doc/gawk/examples/lib/groupawk.in", + "/usr/share/doc/gawk/examples/lib/have_mpfr.awk", + "/usr/share/doc/gawk/examples/lib/inplace.awk", + "/usr/share/doc/gawk/examples/lib/intdiv0.awk", + "/usr/share/doc/gawk/examples/lib/join.awk", + "/usr/share/doc/gawk/examples/lib/libintl.awk", + "/usr/share/doc/gawk/examples/lib/noassign.awk", + "/usr/share/doc/gawk/examples/lib/ns_passwd.awk", + "/usr/share/doc/gawk/examples/lib/ord.awk", + "/usr/share/doc/gawk/examples/lib/passwdawk.in", + "/usr/share/doc/gawk/examples/lib/processarray.awk", + "/usr/share/doc/gawk/examples/lib/pwcat.c", + "/usr/share/doc/gawk/examples/lib/quicksort.awk", + "/usr/share/doc/gawk/examples/lib/readable.awk", + "/usr/share/doc/gawk/examples/lib/readfile.awk", + "/usr/share/doc/gawk/examples/lib/rewind.awk", + "/usr/share/doc/gawk/examples/lib/round.awk", + "/usr/share/doc/gawk/examples/lib/shellquote.awk", + "/usr/share/doc/gawk/examples/lib/strtonum.awk", + "/usr/share/doc/gawk/examples/lib/walkarray.awk", + "/usr/share/doc/gawk/examples/lib/zerofile.awk", + "/usr/share/doc/gawk/examples/misc/addresses.csv", + "/usr/share/doc/gawk/examples/misc/arraymax.awk", + "/usr/share/doc/gawk/examples/misc/arraymax.data", + "/usr/share/doc/gawk/examples/misc/findpat.awk", + "/usr/share/doc/gawk/examples/misc/findpat.data", + "/usr/share/doc/gawk/examples/misc/simple-csv.awk", + "/usr/share/doc/gawk/examples/network/PostAgent.sh", + "/usr/share/doc/gawk/examples/network/coreserv.awk", + "/usr/share/doc/gawk/examples/network/eliza.awk", + "/usr/share/doc/gawk/examples/network/fingerclient.awk", + "/usr/share/doc/gawk/examples/network/geturl.awk", + "/usr/share/doc/gawk/examples/network/hello-serv.awk", + "/usr/share/doc/gawk/examples/network/maze.awk", + "/usr/share/doc/gawk/examples/network/mobag.awk", + "/usr/share/doc/gawk/examples/network/panic.awk", + "/usr/share/doc/gawk/examples/network/protbase.awk", + "/usr/share/doc/gawk/examples/network/protbase.request", + "/usr/share/doc/gawk/examples/network/protbase.result", + "/usr/share/doc/gawk/examples/network/remconf.awk", + "/usr/share/doc/gawk/examples/network/statist.awk", + "/usr/share/doc/gawk/examples/network/stoxdata.txt", + "/usr/share/doc/gawk/examples/network/stoxpred.awk", + "/usr/share/doc/gawk/examples/network/testserv.awk", + "/usr/share/doc/gawk/examples/network/urlchk.awk", + "/usr/share/doc/gawk/examples/network/webgrab.awk", + "/usr/share/doc/gawk/examples/prog/alarm.awk", + "/usr/share/doc/gawk/examples/prog/anagram.awk", + "/usr/share/doc/gawk/examples/prog/awksed.awk", + "/usr/share/doc/gawk/examples/prog/cut.awk", + "/usr/share/doc/gawk/examples/prog/dupword.awk", + "/usr/share/doc/gawk/examples/prog/egrep.awk", + "/usr/share/doc/gawk/examples/prog/extract.awk", + "/usr/share/doc/gawk/examples/prog/guide.awk", + "/usr/share/doc/gawk/examples/prog/histsort.awk", + "/usr/share/doc/gawk/examples/prog/id.awk", + "/usr/share/doc/gawk/examples/prog/igawk.sh", + "/usr/share/doc/gawk/examples/prog/indirectcall.awk", + "/usr/share/doc/gawk/examples/prog/labels.awk", + "/usr/share/doc/gawk/examples/prog/pi.awk", + "/usr/share/doc/gawk/examples/prog/split.awk", + "/usr/share/doc/gawk/examples/prog/tee.awk", + "/usr/share/doc/gawk/examples/prog/testbits.awk", + "/usr/share/doc/gawk/examples/prog/translate.awk", + "/usr/share/doc/gawk/examples/prog/uniq.awk", + "/usr/share/doc/gawk/examples/prog/wc.awk", + "/usr/share/doc/gawk/examples/prog/wordfreq.awk", + "/usr/share/man/man1/gawk.1.gz", + "/usr/share/man/man3/filefuncs.3am.gz", + "/usr/share/man/man3/fnmatch.3am.gz", + "/usr/share/man/man3/fork.3am.gz", + "/usr/share/man/man3/inplace.3am.gz", + "/usr/share/man/man3/ordchr.3am.gz", + "/usr/share/man/man3/readdir.3am.gz", + "/usr/share/man/man3/readfile.3am.gz", + "/usr/share/man/man3/revoutput.3am.gz", + "/usr/share/man/man3/revtwoway.3am.gz", + "/usr/share/man/man3/rwarray.3am.gz", + "/usr/share/man/man3/time.3am.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "gcc-10-base@10.3.0-1ubuntu1~20.04", + "Name": "gcc-10-base", + "Identifier": { + "PURL": "pkg:deb/ubuntu/gcc-10-base@10.3.0-1ubuntu1~20.04?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "df235c8a65403143" + }, + "Version": "10.3.0", + "Release": "1ubuntu1~20.04", + "Arch": "amd64", + "SrcName": "gcc-10", + "SrcVersion": "10.3.0", + "SrcRelease": "1ubuntu1~20.04", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-3.0-only", + "GFDL-1.2-only", + "GPL-2.0-only", + "Artistic-2.0", + "LGPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Core developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/share/doc/gcc-10-base/README.Debian.amd64.gz", + "/usr/share/doc/gcc-10-base/TODO.Debian", + "/usr/share/doc/gcc-10-base/changelog.Debian.gz", + "/usr/share/doc/gcc-10-base/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "gpg@2.2.19-3ubuntu2.2", + "Name": "gpg", + "Identifier": { + "PURL": "pkg:deb/ubuntu/gpg@2.2.19-3ubuntu2.2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "c3f3b0f55f5d5301" + }, + "Version": "2.2.19", + "Release": "3ubuntu2.2", + "Arch": "amd64", + "SrcName": "gnupg2", + "SrcVersion": "2.2.19", + "SrcRelease": "3ubuntu2.2", + "Licenses": [ + "GPL-3.0-or-later", + "permissive", + "LGPL-2.1-or-later", + "MIT", + "BSD-3-Clause", + "LGPL-3.0-or-later", + "RFC-Reference", + "TinySCHEME", + "CC0-1.0", + "GPL-3.0-only", + "LGPL-3.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "gpgconf@2.2.19-3ubuntu2.2", + "libassuan0@2.5.3-7ubuntu2", + "libbz2-1.0@1.0.8-2", + "libc6@2.31-0ubuntu9.9", + "libgcrypt20@1.8.5-5ubuntu1.1", + "libgpg-error0@1.37-1", + "libreadline8@8.0-4", + "libsqlite3-0@3.31.1-4ubuntu0.5", + "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "InstalledFiles": [ + "/usr/bin/gpg", + "/usr/share/doc/gpg/copyright", + "/usr/share/man/man1/gpg.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "gpgconf@2.2.19-3ubuntu2.2", + "Name": "gpgconf", + "Identifier": { + "PURL": "pkg:deb/ubuntu/gpgconf@2.2.19-3ubuntu2.2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "fc417bd7bd03106c" + }, + "Version": "2.2.19", + "Release": "3ubuntu2.2", + "Arch": "amd64", + "SrcName": "gnupg2", + "SrcVersion": "2.2.19", + "SrcRelease": "3ubuntu2.2", + "Licenses": [ + "GPL-3.0-or-later", + "permissive", + "LGPL-2.1-or-later", + "MIT", + "BSD-3-Clause", + "LGPL-3.0-or-later", + "RFC-Reference", + "TinySCHEME", + "CC0-1.0", + "GPL-3.0-only", + "LGPL-3.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libassuan0@2.5.3-7ubuntu2", + "libc6@2.31-0ubuntu9.9", + "libgcrypt20@1.8.5-5ubuntu1.1", + "libgpg-error0@1.37-1", + "libreadline8@8.0-4" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "InstalledFiles": [ + "/usr/bin/gpg-connect-agent", + "/usr/bin/gpgconf", + "/usr/share/doc/gpgconf/NEWS.Debian.gz", + "/usr/share/doc/gpgconf/changelog.Debian.gz", + "/usr/share/doc/gpgconf/copyright", + "/usr/share/doc/gpgconf/examples/gpgconf.conf", + "/usr/share/gnupg/distsigkey.gpg", + "/usr/share/man/man1/gpg-connect-agent.1.gz", + "/usr/share/man/man1/gpgconf.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "gpgv@2.2.19-3ubuntu2.2", + "Name": "gpgv", + "Identifier": { + "PURL": "pkg:deb/ubuntu/gpgv@2.2.19-3ubuntu2.2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "94c47271b8f35208" + }, + "Version": "2.2.19", + "Release": "3ubuntu2.2", + "Arch": "amd64", + "SrcName": "gnupg2", + "SrcVersion": "2.2.19", + "SrcRelease": "3ubuntu2.2", + "Licenses": [ + "GPL-3.0-or-later", + "permissive", + "LGPL-2.1-or-later", + "MIT", + "BSD-3-Clause", + "LGPL-3.0-or-later", + "RFC-Reference", + "TinySCHEME", + "CC0-1.0", + "GPL-3.0-only", + "LGPL-3.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libbz2-1.0@1.0.8-2", + "libc6@2.31-0ubuntu9.9", + "libgcrypt20@1.8.5-5ubuntu1.1", + "libgpg-error0@1.37-1", + "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/bin/gpgv", + "/usr/share/doc/gpgv/NEWS.Debian.gz", + "/usr/share/doc/gpgv/changelog.Debian.gz", + "/usr/share/doc/gpgv/copyright", + "/usr/share/man/man1/gpgv.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "grep@3.4-1", + "Name": "grep", + "Identifier": { + "PURL": "pkg:deb/ubuntu/grep@3.4-1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "7a64eb88e96b3c53" + }, + "Version": "3.4", + "Release": "1", + "Arch": "amd64", + "SrcName": "grep", + "SrcVersion": "3.4", + "SrcRelease": "1", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "dpkg@1.19.7ubuntu3.2" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/bin/egrep", + "/bin/fgrep", + "/bin/grep", + "/usr/bin/rgrep", + "/usr/share/doc/grep/AUTHORS", + "/usr/share/doc/grep/NEWS.gz", + "/usr/share/doc/grep/README", + "/usr/share/doc/grep/THANKS.gz", + "/usr/share/doc/grep/TODO.gz", + "/usr/share/doc/grep/changelog.Debian.gz", + "/usr/share/doc/grep/copyright", + "/usr/share/info/grep.info.gz", + "/usr/share/man/man1/grep.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "gzip@1.10-0ubuntu4.1", + "Name": "gzip", + "Identifier": { + "PURL": "pkg:deb/ubuntu/gzip@1.10-0ubuntu4.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e900beb6c8058551" + }, + "Version": "1.10", + "Release": "0ubuntu4.1", + "Arch": "amd64", + "SrcName": "gzip", + "SrcVersion": "1.10", + "SrcRelease": "0ubuntu4.1", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "dpkg@1.19.7ubuntu3.2" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/bin/gunzip", + "/bin/gzexe", + "/bin/gzip", + "/bin/uncompress", + "/bin/zcat", + "/bin/zcmp", + "/bin/zdiff", + "/bin/zegrep", + "/bin/zfgrep", + "/bin/zforce", + "/bin/zgrep", + "/bin/zless", + "/bin/zmore", + "/bin/znew", + "/usr/share/doc/gzip/NEWS.gz", + "/usr/share/doc/gzip/README.gz", + "/usr/share/doc/gzip/TODO", + "/usr/share/doc/gzip/changelog.Debian.gz", + "/usr/share/doc/gzip/copyright", + "/usr/share/info/gzip.info.gz", + "/usr/share/man/man1/gzexe.1.gz", + "/usr/share/man/man1/gzip.1.gz", + "/usr/share/man/man1/zdiff.1.gz", + "/usr/share/man/man1/zforce.1.gz", + "/usr/share/man/man1/zgrep.1.gz", + "/usr/share/man/man1/zless.1.gz", + "/usr/share/man/man1/zmore.1.gz", + "/usr/share/man/man1/znew.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "hostname@3.23", + "Name": "hostname", + "Identifier": { + "PURL": "pkg:deb/ubuntu/hostname@3.23?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "293246be199a9132" + }, + "Version": "3.23", + "Arch": "amd64", + "SrcName": "hostname", + "SrcVersion": "3.23", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/bin/hostname", + "/usr/share/doc/hostname/changelog.gz", + "/usr/share/doc/hostname/copyright", + "/usr/share/man/man1/hostname.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "init-system-helpers@1.57", + "Name": "init-system-helpers", + "Identifier": { + "PURL": "pkg:deb/ubuntu/init-system-helpers@1.57?arch=all\u0026distro=ubuntu-20.04", + "UID": "f62a7ab2bd759edf" + }, + "Version": "1.57", + "Arch": "all", + "SrcName": "init-system-helpers", + "SrcVersion": "1.57", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "perl-base@5.30.0-9ubuntu0.3" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/bin/deb-systemd-helper", + "/usr/bin/deb-systemd-invoke", + "/usr/sbin/invoke-rc.d", + "/usr/sbin/service", + "/usr/sbin/update-rc.d", + "/usr/share/bug/init-system-helpers/control", + "/usr/share/doc/init-system-helpers/README.invoke-rc.d.gz", + "/usr/share/doc/init-system-helpers/README.policy-rc.d.gz", + "/usr/share/doc/init-system-helpers/changelog.gz", + "/usr/share/doc/init-system-helpers/copyright", + "/usr/share/lintian/overrides/init-system-helpers", + "/usr/share/man/man1/deb-systemd-helper.1p.gz", + "/usr/share/man/man1/deb-systemd-invoke.1p.gz", + "/usr/share/man/man8/invoke-rc.d.8.gz", + "/usr/share/man/man8/service.8.gz", + "/usr/share/man/man8/update-rc.d.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "iproute2@5.5.0-1ubuntu1", + "Name": "iproute2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/iproute2@5.5.0-1ubuntu1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "8bf7bfdbafc1af2e" + }, + "Version": "5.5.0", + "Release": "1ubuntu1", + "Arch": "amd64", + "SrcName": "iproute2", + "SrcVersion": "5.5.0", + "SrcRelease": "1ubuntu1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.73", + "libbsd0@0.10.0-1", + "libc6@2.31-0ubuntu9.9", + "libcap2-bin@1:2.32-1", + "libcap2@1:2.32-1", + "libdb5.3@5.3.28+dfsg1-0.6ubuntu2", + "libelf1@0.176-1.1build1", + "libmnl0@1.0.4-2", + "libselinux1@3.0-1build2", + "libxtables12@1.8.4-3ubuntu2" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/bin/ip", + "/bin/ss", + "/sbin/bridge", + "/sbin/devlink", + "/sbin/rtacct", + "/sbin/rtmon", + "/sbin/tc", + "/sbin/tipc", + "/usr/bin/lnstat", + "/usr/bin/nstat", + "/usr/bin/rdma", + "/usr/bin/routef", + "/usr/bin/routel", + "/usr/include/iproute2/bpf_elf.h", + "/usr/lib/tc/experimental.dist", + "/usr/lib/tc/m_xt.so", + "/usr/lib/tc/normal.dist", + "/usr/lib/tc/pareto.dist", + "/usr/lib/tc/paretonormal.dist", + "/usr/lib/tc/q_atm.so", + "/usr/sbin/arpd", + "/usr/sbin/genl", + "/usr/share/bash-completion/completions/tc", + "/usr/share/doc/iproute2/README.Debian", + "/usr/share/doc/iproute2/changelog.Debian.gz", + "/usr/share/doc/iproute2/copyright", + "/usr/share/man/man3/libnetlink.3.gz", + "/usr/share/man/man7/tc-hfsc.7.gz", + "/usr/share/man/man8/arpd.8.gz", + "/usr/share/man/man8/bridge.8.gz", + "/usr/share/man/man8/devlink-dev.8.gz", + "/usr/share/man/man8/devlink-health.8.gz", + "/usr/share/man/man8/devlink-monitor.8.gz", + "/usr/share/man/man8/devlink-port.8.gz", + "/usr/share/man/man8/devlink-region.8.gz", + "/usr/share/man/man8/devlink-resource.8.gz", + "/usr/share/man/man8/devlink-sb.8.gz", + "/usr/share/man/man8/devlink-trap.8.gz", + "/usr/share/man/man8/devlink.8.gz", + "/usr/share/man/man8/genl.8.gz", + "/usr/share/man/man8/ifcfg.8.gz", + "/usr/share/man/man8/ip-address.8.gz", + "/usr/share/man/man8/ip-addrlabel.8.gz", + "/usr/share/man/man8/ip-fou.8.gz", + "/usr/share/man/man8/ip-l2tp.8.gz", + "/usr/share/man/man8/ip-link.8.gz", + "/usr/share/man/man8/ip-macsec.8.gz", + "/usr/share/man/man8/ip-maddress.8.gz", + "/usr/share/man/man8/ip-monitor.8.gz", + "/usr/share/man/man8/ip-mroute.8.gz", + "/usr/share/man/man8/ip-neighbour.8.gz", + "/usr/share/man/man8/ip-netconf.8.gz", + "/usr/share/man/man8/ip-netns.8.gz", + "/usr/share/man/man8/ip-nexthop.8.gz", + "/usr/share/man/man8/ip-ntable.8.gz", + "/usr/share/man/man8/ip-route.8.gz", + "/usr/share/man/man8/ip-rule.8.gz", + "/usr/share/man/man8/ip-sr.8.gz", + "/usr/share/man/man8/ip-tcp_metrics.8.gz", + "/usr/share/man/man8/ip-token.8.gz", + "/usr/share/man/man8/ip-tunnel.8.gz", + "/usr/share/man/man8/ip-vrf.8.gz", + "/usr/share/man/man8/ip-xfrm.8.gz", + "/usr/share/man/man8/ip.8.gz", + "/usr/share/man/man8/lnstat.8.gz", + "/usr/share/man/man8/rdma-dev.8.gz", + "/usr/share/man/man8/rdma-link.8.gz", + "/usr/share/man/man8/rdma-resource.8.gz", + "/usr/share/man/man8/rdma-statistic.8.gz", + "/usr/share/man/man8/rdma-system.8.gz", + "/usr/share/man/man8/rdma.8.gz", + "/usr/share/man/man8/routel.8.gz", + "/usr/share/man/man8/rtacct.8.gz", + "/usr/share/man/man8/rtmon.8.gz", + "/usr/share/man/man8/rtpr.8.gz", + "/usr/share/man/man8/ss.8.gz", + "/usr/share/man/man8/tc-actions.8.gz", + "/usr/share/man/man8/tc-basic.8.gz", + "/usr/share/man/man8/tc-bfifo.8.gz", + "/usr/share/man/man8/tc-bpf.8.gz", + "/usr/share/man/man8/tc-cake.8.gz", + "/usr/share/man/man8/tc-cbq-details.8.gz", + "/usr/share/man/man8/tc-cbq.8.gz", + "/usr/share/man/man8/tc-cbs.8.gz", + "/usr/share/man/man8/tc-cgroup.8.gz", + "/usr/share/man/man8/tc-choke.8.gz", + "/usr/share/man/man8/tc-codel.8.gz", + "/usr/share/man/man8/tc-connmark.8.gz", + "/usr/share/man/man8/tc-csum.8.gz", + "/usr/share/man/man8/tc-ctinfo.8.gz", + "/usr/share/man/man8/tc-drr.8.gz", + "/usr/share/man/man8/tc-ematch.8.gz", + "/usr/share/man/man8/tc-etf.8.gz", + "/usr/share/man/man8/tc-flow.8.gz", + "/usr/share/man/man8/tc-flower.8.gz", + "/usr/share/man/man8/tc-fq.8.gz", + "/usr/share/man/man8/tc-fq_codel.8.gz", + "/usr/share/man/man8/tc-fw.8.gz", + "/usr/share/man/man8/tc-hfsc.8.gz", + "/usr/share/man/man8/tc-htb.8.gz", + "/usr/share/man/man8/tc-ife.8.gz", + "/usr/share/man/man8/tc-matchall.8.gz", + "/usr/share/man/man8/tc-mirred.8.gz", + "/usr/share/man/man8/tc-mpls.8.gz", + "/usr/share/man/man8/tc-mqprio.8.gz", + "/usr/share/man/man8/tc-nat.8.gz", + "/usr/share/man/man8/tc-netem.8.gz", + "/usr/share/man/man8/tc-pedit.8.gz", + "/usr/share/man/man8/tc-pfifo_fast.8.gz", + "/usr/share/man/man8/tc-pie.8.gz", + "/usr/share/man/man8/tc-police.8.gz", + "/usr/share/man/man8/tc-prio.8.gz", + "/usr/share/man/man8/tc-red.8.gz", + "/usr/share/man/man8/tc-route.8.gz", + "/usr/share/man/man8/tc-sample.8.gz", + "/usr/share/man/man8/tc-sfb.8.gz", + "/usr/share/man/man8/tc-sfq.8.gz", + "/usr/share/man/man8/tc-simple.8.gz", + "/usr/share/man/man8/tc-skbedit.8.gz", + "/usr/share/man/man8/tc-skbmod.8.gz", + "/usr/share/man/man8/tc-skbprio.8.gz", + "/usr/share/man/man8/tc-stab.8.gz", + "/usr/share/man/man8/tc-taprio.8.gz", + "/usr/share/man/man8/tc-tbf.8.gz", + "/usr/share/man/man8/tc-tcindex.8.gz", + "/usr/share/man/man8/tc-tunnel_key.8.gz", + "/usr/share/man/man8/tc-u32.8.gz", + "/usr/share/man/man8/tc-vlan.8.gz", + "/usr/share/man/man8/tc-xt.8.gz", + "/usr/share/man/man8/tc.8.gz", + "/usr/share/man/man8/tipc-bearer.8.gz", + "/usr/share/man/man8/tipc-link.8.gz", + "/usr/share/man/man8/tipc-media.8.gz", + "/usr/share/man/man8/tipc-nametable.8.gz", + "/usr/share/man/man8/tipc-node.8.gz", + "/usr/share/man/man8/tipc-peer.8.gz", + "/usr/share/man/man8/tipc-socket.8.gz", + "/usr/share/man/man8/tipc.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libacl1@2.2.53-6", + "Name": "libacl1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libacl1@2.2.53-6?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "ec9a773bcdb37f83" + }, + "Version": "2.2.53", + "Release": "6", + "Arch": "amd64", + "SrcName": "acl", + "SrcVersion": "2.2.53", + "SrcRelease": "6", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.0-or-later", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libacl.so.1.1.2253", + "/usr/share/doc/libacl1/changelog.Debian.gz", + "/usr/share/doc/libacl1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libaio1@0.3.112-5", + "Name": "libaio1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libaio1@0.3.112-5?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "fbe69978497c82ad" + }, + "Version": "0.3.112", + "Release": "5", + "Arch": "amd64", + "SrcName": "libaio", + "SrcVersion": "0.3.112", + "SrcRelease": "5", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libaio.so.1.0.1", + "/usr/share/doc/libaio1/changelog.Debian.gz", + "/usr/share/doc/libaio1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libapt-pkg6.0@2.0.9", + "Name": "libapt-pkg6.0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libapt-pkg6.0@2.0.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "dbbcdbf32458636f" + }, + "Version": "2.0.9", + "Arch": "amd64", + "SrcName": "apt", + "SrcVersion": "2.0.9", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libbz2-1.0@1.0.8-2", + "libc6@2.31-0ubuntu9.9", + "libgcc-s1@10.3.0-1ubuntu1~20.04", + "libgcrypt20@1.8.5-5ubuntu1.1", + "liblz4-1@1.9.2-2ubuntu0.20.04.1", + "liblzma5@5.2.4-1ubuntu1.1", + "libstdc++6@10.3.0-1ubuntu1~20.04", + "libsystemd0@245.4-4ubuntu3.21", + "libudev1@245.4-4ubuntu3.21", + "libzstd1@1.4.4+dfsg-3ubuntu0.1", + "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libapt-pkg.so.6.0.0", + "/usr/share/doc/libapt-pkg6.0/NEWS.Debian.gz", + "/usr/share/doc/libapt-pkg6.0/changelog.gz", + "/usr/share/doc/libapt-pkg6.0/copyright", + "/usr/share/locale/ar/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/ast/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/bg/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/bs/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/ca/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/cs/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/cy/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/da/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/de/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/dz/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/el/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/es/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/eu/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/fi/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/fr/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/gl/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/hu/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/it/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/ja/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/km/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/ko/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/ku/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/lt/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/mr/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/nb/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/ne/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/nl/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/nn/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/pl/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/pt/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/ro/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/ru/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/sk/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/sl/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/sv/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/th/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/tl/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/tr/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/uk/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/vi/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/libapt-pkg6.0.mo" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libassuan0@2.5.3-7ubuntu2", + "Name": "libassuan0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libassuan0@2.5.3-7ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "c29dfbde852c14ee" + }, + "Version": "2.5.3", + "Release": "7ubuntu2", + "Arch": "amd64", + "SrcName": "libassuan", + "SrcVersion": "2.5.3", + "SrcRelease": "7ubuntu2", + "Licenses": [ + "LGPL-2.1-or-later", + "GAP~FSF", + "LGPL-3.0-or-later", + "LGPL-3.0-only", + "GPL-2+ with libtool exception", + "GPL-2.0-only", + "GPL-3.0-or-later", + "GPL-3.0-only", + "GAP", + "GPL-2.0-or-later", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libgpg-error0@1.37-1" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libassuan.so.0.8.3", + "/usr/share/doc/libassuan0/changelog.Debian.gz", + "/usr/share/doc/libassuan0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libattr1@1:2.4.48-5", + "Name": "libattr1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libattr1@2.4.48-5?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "9898a89fadd05f28" + }, + "Version": "2.4.48", + "Release": "5", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "attr", + "SrcVersion": "2.4.48", + "SrcRelease": "5", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.0-or-later", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libattr.so.1.1.2448", + "/usr/share/doc/libattr1/changelog.Debian.gz", + "/usr/share/doc/libattr1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libaudit-common@1:2.8.5-2ubuntu6", + "Name": "libaudit-common", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libaudit-common@2.8.5-2ubuntu6?arch=all\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "f4ed5d0e78145801" + }, + "Version": "2.8.5", + "Release": "2ubuntu6", + "Epoch": 1, + "Arch": "all", + "SrcName": "audit", + "SrcVersion": "2.8.5", + "SrcRelease": "2ubuntu6", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.1-only", + "GPL-1.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/share/doc/libaudit-common/changelog.Debian.gz", + "/usr/share/doc/libaudit-common/copyright", + "/usr/share/man/man5/libaudit.conf.5.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libaudit1@1:2.8.5-2ubuntu6", + "Name": "libaudit1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libaudit1@2.8.5-2ubuntu6?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "cf583359012b0cc0" + }, + "Version": "2.8.5", + "Release": "2ubuntu6", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "audit", + "SrcVersion": "2.8.5", + "SrcRelease": "2ubuntu6", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.1-only", + "GPL-1.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit-common@1:2.8.5-2ubuntu6", + "libc6@2.31-0ubuntu9.9", + "libcap-ng0@0.7.9-2.1build1" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libaudit.so.1.0.0", + "/usr/share/doc/libaudit1/changelog.Debian.gz", + "/usr/share/doc/libaudit1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libblkid1@2.34-0.1ubuntu9.3", + "Name": "libblkid1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libblkid1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "97537d4ff7af8af0" + }, + "Version": "2.34", + "Release": "0.1ubuntu9.3", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.34", + "SrcRelease": "0.1ubuntu9.3", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "public-domain", + "BSD-4-Clause", + "MIT", + "BSD-2-Clause", + "BSD-3-Clause", + "LGPL-2.0-or-later", + "LGPL-2.1-or-later", + "GPL-3.0-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libblkid.so.1.1.0", + "/usr/share/doc/libblkid1/changelog.Debian.gz", + "/usr/share/doc/libblkid1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libbsd0@0.10.0-1", + "Name": "libbsd0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libbsd0@0.10.0-1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a3df79191315c8dc" + }, + "Version": "0.10.0", + "Release": "1", + "Arch": "amd64", + "SrcName": "libbsd", + "SrcVersion": "0.10.0", + "SrcRelease": "1", + "Licenses": [ + "BSD-3-Clause", + "BSD-4-clause-Niels-Provos", + "BSD-4-clause-Christopher-G-Demetriou", + "BSD-3-clause-Regents", + "BSD-2-Clause-NetBSD", + "BSD-3-clause-author", + "BSD-3-clause-John-Birrell", + "BSD-5-clause-Peter-Wemm", + "BSD-2-Clause", + "BSD-2-clause-verbatim", + "BSD-2-clause-author", + "ISC", + "ISC-Original", + "MIT", + "public-domain-Colin-Plumb", + "public-domain", + "Beerware" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libbsd.so.0.10.0", + "/usr/share/doc/libbsd0/changelog.Debian.gz", + "/usr/share/doc/libbsd0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libbz2-1.0@1.0.8-2", + "Name": "libbz2-1.0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libbz2-1.0@1.0.8-2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "25645d614e464d4" + }, + "Version": "1.0.8", + "Release": "2", + "Arch": "amd64", + "SrcName": "bzip2", + "SrcVersion": "1.0.8", + "SrcRelease": "2", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libbz2.so.1.0.4", + "/usr/share/doc/libbz2-1.0/changelog.Debian.gz", + "/usr/share/doc/libbz2-1.0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libc-bin@2.31-0ubuntu9.9", + "Name": "libc-bin", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e0f705ec068d1f26" + }, + "Version": "2.31", + "Release": "0ubuntu9.9", + "Arch": "amd64", + "SrcName": "glibc", + "SrcVersion": "2.31", + "SrcRelease": "0ubuntu9.9", + "Licenses": [ + "LGPL-2.1-only", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/sbin/ldconfig", + "/sbin/ldconfig.real", + "/usr/bin/catchsegv", + "/usr/bin/getconf", + "/usr/bin/getent", + "/usr/bin/iconv", + "/usr/bin/ldd", + "/usr/bin/locale", + "/usr/bin/localedef", + "/usr/bin/pldd", + "/usr/bin/tzselect", + "/usr/bin/zdump", + "/usr/lib/locale/C.UTF-8/LC_ADDRESS", + "/usr/lib/locale/C.UTF-8/LC_COLLATE", + "/usr/lib/locale/C.UTF-8/LC_CTYPE", + "/usr/lib/locale/C.UTF-8/LC_IDENTIFICATION", + "/usr/lib/locale/C.UTF-8/LC_MEASUREMENT", + "/usr/lib/locale/C.UTF-8/LC_MESSAGES/SYS_LC_MESSAGES", + "/usr/lib/locale/C.UTF-8/LC_MONETARY", + "/usr/lib/locale/C.UTF-8/LC_NAME", + "/usr/lib/locale/C.UTF-8/LC_NUMERIC", + "/usr/lib/locale/C.UTF-8/LC_PAPER", + "/usr/lib/locale/C.UTF-8/LC_TELEPHONE", + "/usr/lib/locale/C.UTF-8/LC_TIME", + "/usr/sbin/iconvconfig", + "/usr/sbin/zic", + "/usr/share/doc/libc-bin/copyright", + "/usr/share/libc-bin/nsswitch.conf", + "/usr/share/lintian/overrides/libc-bin", + "/usr/share/man/man1/catchsegv.1.gz", + "/usr/share/man/man1/getconf.1.gz", + "/usr/share/man/man1/tzselect.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libc6@2.31-0ubuntu9.9", + "Name": "libc6", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "6938ab7eef7e556c" + }, + "Version": "2.31", + "Release": "0ubuntu9.9", + "Arch": "amd64", + "SrcName": "glibc", + "SrcVersion": "2.31", + "SrcRelease": "0ubuntu9.9", + "Licenses": [ + "LGPL-2.1-only", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libcrypt1@1:4.4.10-10ubuntu4", + "libgcc-s1@10.3.0-1ubuntu1~20.04" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/ld-2.31.so", + "/lib/x86_64-linux-gnu/libBrokenLocale-2.31.so", + "/lib/x86_64-linux-gnu/libSegFault.so", + "/lib/x86_64-linux-gnu/libanl-2.31.so", + "/lib/x86_64-linux-gnu/libc-2.31.so", + "/lib/x86_64-linux-gnu/libdl-2.31.so", + "/lib/x86_64-linux-gnu/libm-2.31.so", + "/lib/x86_64-linux-gnu/libmemusage.so", + "/lib/x86_64-linux-gnu/libmvec-2.31.so", + "/lib/x86_64-linux-gnu/libnsl-2.31.so", + "/lib/x86_64-linux-gnu/libnss_compat-2.31.so", + "/lib/x86_64-linux-gnu/libnss_dns-2.31.so", + "/lib/x86_64-linux-gnu/libnss_files-2.31.so", + "/lib/x86_64-linux-gnu/libnss_hesiod-2.31.so", + "/lib/x86_64-linux-gnu/libnss_nis-2.31.so", + "/lib/x86_64-linux-gnu/libnss_nisplus-2.31.so", + "/lib/x86_64-linux-gnu/libpcprofile.so", + "/lib/x86_64-linux-gnu/libpthread-2.31.so", + "/lib/x86_64-linux-gnu/libresolv-2.31.so", + "/lib/x86_64-linux-gnu/librt-2.31.so", + "/lib/x86_64-linux-gnu/libthread_db-1.0.so", + "/lib/x86_64-linux-gnu/libutil-2.31.so", + "/usr/lib/x86_64-linux-gnu/audit/sotruss-lib.so", + "/usr/lib/x86_64-linux-gnu/gconv/ANSI_X3.110.so", + "/usr/lib/x86_64-linux-gnu/gconv/ARMSCII-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/ASMO_449.so", + "/usr/lib/x86_64-linux-gnu/gconv/BIG5.so", + "/usr/lib/x86_64-linux-gnu/gconv/BIG5HKSCS.so", + "/usr/lib/x86_64-linux-gnu/gconv/BRF.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP10007.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1125.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1250.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1251.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1252.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1253.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1254.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1255.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1256.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1257.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1258.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP737.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP770.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP771.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP772.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP773.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP774.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP775.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP932.so", + "/usr/lib/x86_64-linux-gnu/gconv/CSN_369103.so", + "/usr/lib/x86_64-linux-gnu/gconv/CWI.so", + "/usr/lib/x86_64-linux-gnu/gconv/DEC-MCS.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-CA-FR.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-S.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FR.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IS-FRISS.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IT.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-PT.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-UK.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-US.so", + "/usr/lib/x86_64-linux-gnu/gconv/ECMA-CYRILLIC.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-CN.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-JISX0213.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP-MS.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-KR.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-TW.so", + "/usr/lib/x86_64-linux-gnu/gconv/GB18030.so", + "/usr/lib/x86_64-linux-gnu/gconv/GBBIG5.so", + "/usr/lib/x86_64-linux-gnu/gconv/GBGBK.so", + "/usr/lib/x86_64-linux-gnu/gconv/GBK.so", + "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-ACADEMY.so", + "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-PS.so", + "/usr/lib/x86_64-linux-gnu/gconv/GOST_19768-74.so", + "/usr/lib/x86_64-linux-gnu/gconv/GREEK-CCITT.so", + "/usr/lib/x86_64-linux-gnu/gconv/GREEK7-OLD.so", + "/usr/lib/x86_64-linux-gnu/gconv/GREEK7.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-GREEK8.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN8.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN9.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-THAI8.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-TURKISH8.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM037.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM038.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1004.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1008.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1008_420.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1025.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1026.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1046.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1047.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1097.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1112.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1122.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1123.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1124.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1129.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1130.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1132.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1133.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1137.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1140.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1141.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1142.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1143.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1144.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1145.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1146.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1147.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1148.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1149.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1153.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1154.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1155.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1156.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1157.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1158.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1160.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1161.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1162.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1163.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1164.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1166.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1167.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM12712.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1364.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1371.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1388.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1390.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1399.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM16804.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM256.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM273.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM274.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM275.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM277.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM278.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM280.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM281.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM284.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM285.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM290.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM297.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM420.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM423.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM424.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM437.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4517.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4899.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4909.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4971.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM500.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM5347.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM803.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM850.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM851.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM852.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM855.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM856.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM857.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM858.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM860.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM861.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM862.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM863.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM864.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM865.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM866.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM866NAV.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM868.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM869.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM870.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM871.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM874.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM875.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM880.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM891.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM901.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM902.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM903.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM9030.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM904.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM905.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM9066.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM918.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM921.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM922.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM930.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM932.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM933.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM935.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM937.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM939.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM943.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM9448.so", + "/usr/lib/x86_64-linux-gnu/gconv/IEC_P27-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/INIS-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/INIS-CYRILLIC.so", + "/usr/lib/x86_64-linux-gnu/gconv/INIS.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISIRI-3342.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN-EXT.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP-3.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-KR.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-197.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-209.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO646.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-10.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-11.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-13.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-14.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-15.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-16.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-2.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-3.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-4.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-5.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-6.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-7.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9E.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_10367-BOX.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_11548-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_2033.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427-EXT.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_5428.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937-2.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937.so", + "/usr/lib/x86_64-linux-gnu/gconv/JOHAB.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-R.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-RU.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-T.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-U.so", + "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-CENTRALEUROPE.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-IS.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-SAMI.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-UK.so", + "/usr/lib/x86_64-linux-gnu/gconv/MACINTOSH.so", + "/usr/lib/x86_64-linux-gnu/gconv/MIK.so", + "/usr/lib/x86_64-linux-gnu/gconv/NATS-DANO.so", + "/usr/lib/x86_64-linux-gnu/gconv/NATS-SEFI.so", + "/usr/lib/x86_64-linux-gnu/gconv/PT154.so", + "/usr/lib/x86_64-linux-gnu/gconv/RK1048.so", + "/usr/lib/x86_64-linux-gnu/gconv/SAMI-WS2.so", + "/usr/lib/x86_64-linux-gnu/gconv/SHIFT_JISX0213.so", + "/usr/lib/x86_64-linux-gnu/gconv/SJIS.so", + "/usr/lib/x86_64-linux-gnu/gconv/T.61.so", + "/usr/lib/x86_64-linux-gnu/gconv/TCVN5712-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/TIS-620.so", + "/usr/lib/x86_64-linux-gnu/gconv/TSCII.so", + "/usr/lib/x86_64-linux-gnu/gconv/UHC.so", + "/usr/lib/x86_64-linux-gnu/gconv/UNICODE.so", + "/usr/lib/x86_64-linux-gnu/gconv/UTF-16.so", + "/usr/lib/x86_64-linux-gnu/gconv/UTF-32.so", + "/usr/lib/x86_64-linux-gnu/gconv/UTF-7.so", + "/usr/lib/x86_64-linux-gnu/gconv/VISCII.so", + "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules", + "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache", + "/usr/lib/x86_64-linux-gnu/gconv/libCNS.so", + "/usr/lib/x86_64-linux-gnu/gconv/libGB.so", + "/usr/lib/x86_64-linux-gnu/gconv/libISOIR165.so", + "/usr/lib/x86_64-linux-gnu/gconv/libJIS.so", + "/usr/lib/x86_64-linux-gnu/gconv/libJISX0213.so", + "/usr/lib/x86_64-linux-gnu/gconv/libKSC.so", + "/usr/share/doc/libc6/NEWS.Debian.gz", + "/usr/share/doc/libc6/NEWS.gz", + "/usr/share/doc/libc6/README.Debian.gz", + "/usr/share/doc/libc6/README.hesiod.gz", + "/usr/share/doc/libc6/changelog.Debian.gz", + "/usr/share/doc/libc6/copyright", + "/usr/share/lintian/overrides/libc6" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcap-ng0@0.7.9-2.1build1", + "Name": "libcap-ng0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libcap-ng0@0.7.9-2.1build1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e6957a49e8589507" + }, + "Version": "0.7.9", + "Release": "2.1build1", + "Arch": "amd64", + "SrcName": "libcap-ng", + "SrcVersion": "0.7.9", + "SrcRelease": "2.1build1", + "Licenses": [ + "LGPL-2.1-only", + "GPL-2.0-only", + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0", + "/usr/share/doc/libcap-ng0/changelog.Debian.gz", + "/usr/share/doc/libcap-ng0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcap2@1:2.32-1", + "Name": "libcap2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libcap2@2.32-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "f3ac8127b4642fab" + }, + "Version": "2.32", + "Release": "1", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "libcap2", + "SrcVersion": "2.32", + "SrcRelease": "1", + "SrcEpoch": 1, + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only", + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libcap.so.2.32", + "/usr/share/doc/libcap2/changelog.Debian.gz", + "/usr/share/doc/libcap2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcap2-bin@1:2.32-1", + "Name": "libcap2-bin", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libcap2-bin@2.32-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "e90e2456a8d78be" + }, + "Version": "2.32", + "Release": "1", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "libcap2", + "SrcVersion": "2.32", + "SrcRelease": "1", + "SrcEpoch": 1, + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only", + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libcap2@1:2.32-1" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/sbin/capsh", + "/sbin/getcap", + "/sbin/getpcaps", + "/sbin/setcap", + "/usr/share/doc/libcap2-bin/README.Debian", + "/usr/share/doc/libcap2-bin/copyright", + "/usr/share/lintian/overrides/libcap2-bin", + "/usr/share/man/man1/capsh.1.gz", + "/usr/share/man/man1/getpcaps.1.gz", + "/usr/share/man/man5/capability.conf.5.gz", + "/usr/share/man/man8/getcap.8.gz", + "/usr/share/man/man8/getpcaps.8.gz", + "/usr/share/man/man8/pam_cap.8.gz", + "/usr/share/man/man8/setcap.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcom-err2@1.45.5-2ubuntu1.1", + "Name": "libcom-err2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libcom-err2@1.45.5-2ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "36e525f208a3e1fd" + }, + "Version": "1.45.5", + "Release": "2ubuntu1.1", + "Arch": "amd64", + "SrcName": "e2fsprogs", + "SrcVersion": "1.45.5", + "SrcRelease": "2ubuntu1.1", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libcom_err.so.2.1", + "/usr/share/doc/libcom-err2/changelog.Debian.gz", + "/usr/share/doc/libcom-err2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libconfig-inifiles-perl@3.000002-1", + "Name": "libconfig-inifiles-perl", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libconfig-inifiles-perl@3.000002-1?arch=all\u0026distro=ubuntu-20.04", + "UID": "cd3bc5c431f610b3" + }, + "Version": "3.000002", + "Release": "1", + "Arch": "all", + "SrcName": "libconfig-inifiles-perl", + "SrcVersion": "3.000002", + "SrcRelease": "1", + "Licenses": [ + "Artistic-2.0", + "GPL-1.0-or-later", + "MIT", + "GPL-3.0-or-later", + "GPL-1.0-only", + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/share/doc/libconfig-inifiles-perl/changelog.Debian.gz", + "/usr/share/doc/libconfig-inifiles-perl/copyright", + "/usr/share/man/man3/Config::IniFiles.3pm.gz", + "/usr/share/perl5/Config/IniFiles.pm" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcrypt1@1:4.4.10-10ubuntu4", + "Name": "libcrypt1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libcrypt1@4.4.10-10ubuntu4?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "e08bb2dc0672c92e" + }, + "Version": "4.4.10", + "Release": "10ubuntu4", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "libxcrypt", + "SrcVersion": "4.4.10", + "SrcRelease": "10ubuntu4", + "SrcEpoch": 1, + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libcrypt.so.1.1.0", + "/usr/share/doc/libcrypt1/changelog.Debian.gz", + "/usr/share/doc/libcrypt1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libdb5.3@5.3.28+dfsg1-0.6ubuntu2", + "Name": "libdb5.3", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libdb5.3@5.3.28%2Bdfsg1-0.6ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "3b12cbcbfee838db" + }, + "Version": "5.3.28+dfsg1", + "Release": "0.6ubuntu2", + "Arch": "amd64", + "SrcName": "db5.3", + "SrcVersion": "5.3.28+dfsg1", + "SrcRelease": "0.6ubuntu2", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libdb-5.3.so", + "/usr/share/doc/libdb5.3/build_signature_amd64.txt", + "/usr/share/doc/libdb5.3/changelog.Debian.gz", + "/usr/share/doc/libdb5.3/copyright", + "/usr/share/lintian/overrides/libdb5.3" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libdbi-perl@1.643-1ubuntu0.1", + "Name": "libdbi-perl", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libdbi-perl@1.643-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "d12390ca45ce189d" + }, + "Version": "1.643", + "Release": "1ubuntu0.1", + "Arch": "amd64", + "SrcName": "libdbi-perl", + "SrcVersion": "1.643", + "SrcRelease": "1ubuntu0.1", + "Licenses": [ + "Artistic-2.0", + "GPL-1.0-or-later", + "GPL-1.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "perl@5.30.0-9ubuntu0.3" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/bin/dbilogstrip", + "/usr/bin/dbiprof", + "/usr/bin/dbiproxy", + "/usr/bin/dh_perl_dbi", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/Bundle/DBI.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/DBM.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/ExampleP.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/File.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/File/Developers.pod", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/File/HowTo.pod", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/File/Roadmap.pod", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Policy/Base.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Policy/classic.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Policy/pedantic.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Policy/rush.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Transport/Base.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Transport/corostream.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Transport/null.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Transport/pipeone.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Transport/stream.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Mem.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/NullP.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Proxy.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Sponge.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Changes.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Const/GetInfo/ANSI.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Const/GetInfo/ODBC.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Const/GetInfoReturn.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Const/GetInfoType.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/DBD.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/DBD/Metadata.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/DBD/SqlEngine.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/DBD/SqlEngine/Developers.pod", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/DBD/SqlEngine/HowTo.pod", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Execute.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Request.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Response.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Serializer/Base.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Serializer/DataDumper.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Serializer/Storable.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Transport/Base.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Transport/pipeone.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Transport/stream.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Profile.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/ProfileData.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/ProfileDumper.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/ProfileDumper/Apache.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/ProfileSubs.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/ProxyServer.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/PurePerl.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/SQL/Nano.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Util/CacheMemory.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Util/_accessor.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/W32ODBC.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/Win32/DBIODBC.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/DBI.so", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/DBIXS.h", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/Driver.xst", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/Driver_xst.h", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/dbd_xsh.h", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/dbi_sql.h", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/dbipport.h", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/dbivport.h", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/dbixs_rev.h", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/dbixs_rev.pl", + "/usr/share/doc/libdbi-perl/NEWS.Developer.gz", + "/usr/share/doc/libdbi-perl/README.Debian", + "/usr/share/doc/libdbi-perl/changelog.Debian.gz", + "/usr/share/doc/libdbi-perl/copyright", + "/usr/share/doc/libdbi-perl/examples/corogofer.pl", + "/usr/share/doc/libdbi-perl/examples/perl_dbi_nulls_test.pl", + "/usr/share/doc/libdbi-perl/examples/profile.pl", + "/usr/share/doc/libdbi-perl/examples/test.pl", + "/usr/share/libdbi-perl/perl-dbdabi.make", + "/usr/share/lintian/overrides/libdbi-perl", + "/usr/share/man/man1/dbilogstrip.1p.gz", + "/usr/share/man/man1/dbiprof.1p.gz", + "/usr/share/man/man1/dbiproxy.1p.gz", + "/usr/share/man/man1/dh_perl_dbi.1.gz", + "/usr/share/man/man3/Bundle::DBI.3pm.gz", + "/usr/share/man/man3/DBD::DBM.3pm.gz", + "/usr/share/man/man3/DBD::File.3pm.gz", + "/usr/share/man/man3/DBD::File::Developers.3pm.gz", + "/usr/share/man/man3/DBD::File::HowTo.3pm.gz", + "/usr/share/man/man3/DBD::File::Roadmap.3pm.gz", + "/usr/share/man/man3/DBD::Gofer.3pm.gz", + "/usr/share/man/man3/DBD::Gofer::Policy::Base.3pm.gz", + "/usr/share/man/man3/DBD::Gofer::Policy::classic.3pm.gz", + "/usr/share/man/man3/DBD::Gofer::Policy::pedantic.3pm.gz", + "/usr/share/man/man3/DBD::Gofer::Policy::rush.3pm.gz", + "/usr/share/man/man3/DBD::Gofer::Transport::Base.3pm.gz", + "/usr/share/man/man3/DBD::Gofer::Transport::corostream.3pm.gz", + "/usr/share/man/man3/DBD::Gofer::Transport::null.3pm.gz", + "/usr/share/man/man3/DBD::Gofer::Transport::pipeone.3pm.gz", + "/usr/share/man/man3/DBD::Gofer::Transport::stream.3pm.gz", + "/usr/share/man/man3/DBD::Mem.3pm.gz", + "/usr/share/man/man3/DBD::Proxy.3pm.gz", + "/usr/share/man/man3/DBD::Sponge.3pm.gz", + "/usr/share/man/man3/DBI.3pm.gz", + "/usr/share/man/man3/DBI::Const::GetInfo::ANSI.3pm.gz", + "/usr/share/man/man3/DBI::Const::GetInfo::ODBC.3pm.gz", + "/usr/share/man/man3/DBI::Const::GetInfoReturn.3pm.gz", + "/usr/share/man/man3/DBI::Const::GetInfoType.3pm.gz", + "/usr/share/man/man3/DBI::DBD.3pm.gz", + "/usr/share/man/man3/DBI::DBD::Metadata.3pm.gz", + "/usr/share/man/man3/DBI::DBD::SqlEngine.3pm.gz", + "/usr/share/man/man3/DBI::DBD::SqlEngine::Developers.3pm.gz", + "/usr/share/man/man3/DBI::DBD::SqlEngine::HowTo.3pm.gz", + "/usr/share/man/man3/DBI::Gofer::Execute.3pm.gz", + "/usr/share/man/man3/DBI::Gofer::Request.3pm.gz", + "/usr/share/man/man3/DBI::Gofer::Response.3pm.gz", + "/usr/share/man/man3/DBI::Gofer::Serializer::Base.3pm.gz", + "/usr/share/man/man3/DBI::Gofer::Serializer::DataDumper.3pm.gz", + "/usr/share/man/man3/DBI::Gofer::Serializer::Storable.3pm.gz", + "/usr/share/man/man3/DBI::Gofer::Transport::Base.3pm.gz", + "/usr/share/man/man3/DBI::Gofer::Transport::pipeone.3pm.gz", + "/usr/share/man/man3/DBI::Gofer::Transport::stream.3pm.gz", + "/usr/share/man/man3/DBI::Profile.3pm.gz", + "/usr/share/man/man3/DBI::ProfileData.3pm.gz", + "/usr/share/man/man3/DBI::ProfileDumper.3pm.gz", + "/usr/share/man/man3/DBI::ProfileDumper::Apache.3pm.gz", + "/usr/share/man/man3/DBI::ProfileSubs.3pm.gz", + "/usr/share/man/man3/DBI::ProxyServer.3pm.gz", + "/usr/share/man/man3/DBI::PurePerl.3pm.gz", + "/usr/share/man/man3/DBI::SQL::Nano.3pm.gz", + "/usr/share/man/man3/DBI::Util::CacheMemory.3pm.gz", + "/usr/share/man/man3/DBI::W32ODBC.3pm.gz", + "/usr/share/man/man3/Win32::DBIODBC.3pm.gz", + "/usr/share/perl5/Debian/Debhelper/Sequence/perl_dbi.pm" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libdebconfclient0@0.251ubuntu1", + "Name": "libdebconfclient0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libdebconfclient0@0.251ubuntu1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "2e3d9c7fd6546037" + }, + "Version": "0.251ubuntu1", + "Arch": "amd64", + "SrcName": "cdebconf", + "SrcVersion": "0.251ubuntu1", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libdebconfclient.so.0.0.0", + "/usr/share/doc/libdebconfclient0/changelog.gz", + "/usr/share/doc/libdebconfclient0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libelf1@0.176-1.1build1", + "Name": "libelf1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libelf1@0.176-1.1build1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a3374c93655a9823" + }, + "Version": "0.176", + "Release": "1.1build1", + "Arch": "amd64", + "SrcName": "elfutils", + "SrcVersion": "0.176", + "SrcRelease": "1.1build1", + "Licenses": [ + "GPL-2.0-only", + "GPL-3.0-only", + "LGPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libelf-0.176.so", + "/usr/share/doc/libelf1/changelog.Debian.gz", + "/usr/share/doc/libelf1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libext2fs2@1.45.5-2ubuntu1.1", + "Name": "libext2fs2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libext2fs2@1.45.5-2ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "534dde847f051859" + }, + "Version": "1.45.5", + "Release": "2ubuntu1.1", + "Arch": "amd64", + "SrcName": "e2fsprogs", + "SrcVersion": "1.45.5", + "SrcRelease": "2ubuntu1.1", + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libe2p.so.2.3", + "/lib/x86_64-linux-gnu/libext2fs.so.2.4", + "/usr/share/doc/libext2fs2/changelog.Debian.gz", + "/usr/share/doc/libext2fs2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libfdisk1@2.34-0.1ubuntu9.3", + "Name": "libfdisk1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libfdisk1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "d7ae8926642fd1bc" + }, + "Version": "2.34", + "Release": "0.1ubuntu9.3", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.34", + "SrcRelease": "0.1ubuntu9.3", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "public-domain", + "BSD-4-Clause", + "MIT", + "BSD-2-Clause", + "BSD-3-Clause", + "LGPL-2.0-or-later", + "LGPL-2.1-or-later", + "GPL-3.0-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libblkid1@2.34-0.1ubuntu9.3", + "libc6@2.31-0ubuntu9.9", + "libuuid1@2.34-0.1ubuntu9.3" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libfdisk.so.1.1.0", + "/usr/share/doc/libfdisk1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libffi7@3.3-4", + "Name": "libffi7", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libffi7@3.3-4?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "9cb3138802972730" + }, + "Version": "3.3", + "Release": "4", + "Arch": "amd64", + "SrcName": "libffi", + "SrcVersion": "3.3", + "SrcRelease": "4", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libffi.so.7.1.0", + "/usr/share/doc/libffi7/changelog.Debian.gz", + "/usr/share/doc/libffi7/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgcc-s1@10.3.0-1ubuntu1~20.04", + "Name": "libgcc-s1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libgcc-s1@10.3.0-1ubuntu1~20.04?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "307d7f89e43985bb" + }, + "Version": "10.3.0", + "Release": "1ubuntu1~20.04", + "Arch": "amd64", + "SrcName": "gcc-10", + "SrcVersion": "10.3.0", + "SrcRelease": "1ubuntu1~20.04", + "Maintainer": "Ubuntu Core developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "gcc-10-base@10.3.0-1ubuntu1~20.04", + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libgcc_s.so.1", + "/usr/share/lintian/overrides/libgcc-s1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgcrypt20@1.8.5-5ubuntu1.1", + "Name": "libgcrypt20", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libgcrypt20@1.8.5-5ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "736a4f36c99fbc42" + }, + "Version": "1.8.5", + "Release": "5ubuntu1.1", + "Arch": "amd64", + "SrcName": "libgcrypt20", + "SrcVersion": "1.8.5", + "SrcRelease": "5ubuntu1.1", + "Licenses": [ + "LGPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libgpg-error0@1.37-1" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgcrypt.so.20.2.5", + "/usr/share/doc/libgcrypt20/AUTHORS.gz", + "/usr/share/doc/libgcrypt20/NEWS.gz", + "/usr/share/doc/libgcrypt20/README.gz", + "/usr/share/doc/libgcrypt20/THANKS.gz", + "/usr/share/doc/libgcrypt20/changelog.Debian.gz", + "/usr/share/doc/libgcrypt20/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgdbm-compat4@1.18.1-5", + "Name": "libgdbm-compat4", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libgdbm-compat4@1.18.1-5?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "90f68a4641003772" + }, + "Version": "1.18.1", + "Release": "5", + "Arch": "amd64", + "SrcName": "gdbm", + "SrcVersion": "1.18.1", + "SrcRelease": "5", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-2.0-or-later", + "GFDL-1.3-no-invariants-or-later", + "GPL-3.0-only", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libgdbm6@1.18.1-5" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgdbm_compat.so.4.0.0", + "/usr/share/doc/libgdbm-compat4/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgdbm6@1.18.1-5", + "Name": "libgdbm6", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libgdbm6@1.18.1-5?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "7194f66c9d05cbb6" + }, + "Version": "1.18.1", + "Release": "5", + "Arch": "amd64", + "SrcName": "gdbm", + "SrcVersion": "1.18.1", + "SrcRelease": "5", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-2.0-or-later", + "GFDL-1.3-no-invariants-or-later", + "GPL-3.0-only", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgdbm.so.6.0.0", + "/usr/share/doc/libgdbm6/changelog.Debian.gz", + "/usr/share/doc/libgdbm6/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgmp10@2:6.2.0+dfsg-4ubuntu0.1", + "Name": "libgmp10", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libgmp10@6.2.0%2Bdfsg-4ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=2", + "UID": "986ac56e16e89784" + }, + "Version": "6.2.0+dfsg", + "Release": "4ubuntu0.1", + "Epoch": 2, + "Arch": "amd64", + "SrcName": "gmp", + "SrcVersion": "6.2.0+dfsg", + "SrcRelease": "4ubuntu0.1", + "SrcEpoch": 2, + "Licenses": [ + "LGPL-3.0-only", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgmp.so.10.4.0", + "/usr/share/doc/libgmp10/README.Debian", + "/usr/share/doc/libgmp10/changelog.Debian.gz", + "/usr/share/doc/libgmp10/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgnutls30@3.6.13-2ubuntu1.8", + "Name": "libgnutls30", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libgnutls30@3.6.13-2ubuntu1.8?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "601976e667e60bf5" + }, + "Version": "3.6.13", + "Release": "2ubuntu1.8", + "Arch": "amd64", + "SrcName": "gnutls28", + "SrcVersion": "3.6.13", + "SrcRelease": "2ubuntu1.8", + "Licenses": [ + "LGPL-2.1-only", + "LGPL-2.0-or-later", + "LGPL-3.0-only", + "GPL-2.0-or-later", + "GPL-3.0-only", + "GFDL-1.3-only", + "CC0-1.0", + "MIT", + "Apache-2.0", + "LGPL-3.0-or-later", + "LGPL-2.1-or-later", + "GPL-3.0-or-later", + "BSD-3-Clause" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libgmp10@2:6.2.0+dfsg-4ubuntu0.1", + "libhogweed5@3.5.1+really3.5.1-2ubuntu0.2", + "libidn2-0@2.2.0-2", + "libnettle7@3.5.1+really3.5.1-2ubuntu0.2", + "libp11-kit0@0.23.20-1ubuntu0.1", + "libtasn1-6@4.16.0-2", + "libunistring2@0.9.10-2" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgnutls.so.30.27.0", + "/usr/share/doc/libgnutls30/AUTHORS.gz", + "/usr/share/doc/libgnutls30/NEWS.Debian.gz", + "/usr/share/doc/libgnutls30/NEWS.gz", + "/usr/share/doc/libgnutls30/README.md.gz", + "/usr/share/doc/libgnutls30/THANKS.gz", + "/usr/share/doc/libgnutls30/changelog.Debian.gz", + "/usr/share/doc/libgnutls30/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgpg-error0@1.37-1", + "Name": "libgpg-error0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libgpg-error0@1.37-1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "119f68f873331ca8" + }, + "Version": "1.37", + "Release": "1", + "Arch": "amd64", + "SrcName": "libgpg-error", + "SrcVersion": "1.37", + "SrcRelease": "1", + "Licenses": [ + "LGPL-2.1-or-later", + "BSD-3-Clause", + "g10-permissive", + "GPL-3.0-or-later", + "LGPL-2.1-only", + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libgpg-error.so.0.28.0", + "/usr/share/doc/libgpg-error0/README.gz", + "/usr/share/doc/libgpg-error0/changelog.Debian.gz", + "/usr/share/doc/libgpg-error0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libhogweed5@3.5.1+really3.5.1-2ubuntu0.2", + "Name": "libhogweed5", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libhogweed5@3.5.1%2Breally3.5.1-2ubuntu0.2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "5173cc2e9efda0fe" + }, + "Version": "3.5.1+really3.5.1", + "Release": "2ubuntu0.2", + "Arch": "amd64", + "SrcName": "nettle", + "SrcVersion": "3.5.1+really3.5.1", + "SrcRelease": "2ubuntu0.2", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libgmp10@2:6.2.0+dfsg-4ubuntu0.1", + "libnettle7@3.5.1+really3.5.1-2ubuntu0.2" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libhogweed.so.5.0" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libidn2-0@2.2.0-2", + "Name": "libidn2-0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libidn2-0@2.2.0-2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a4d22b46c8b443be" + }, + "Version": "2.2.0", + "Release": "2", + "Arch": "amd64", + "SrcName": "libidn2", + "SrcVersion": "2.2.0", + "SrcRelease": "2", + "Licenses": [ + "GPL-3.0-or-later", + "LGPL-3.0-or-later", + "GPL-2.0-or-later", + "Unicode", + "GPL-3.0-only", + "GPL-2.0-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libunistring2@0.9.10-2" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libidn2.so.0.3.6", + "/usr/share/doc/libidn2-0/AUTHORS", + "/usr/share/doc/libidn2-0/NEWS.gz", + "/usr/share/doc/libidn2-0/README.md.gz", + "/usr/share/doc/libidn2-0/changelog.Debian.gz", + "/usr/share/doc/libidn2-0/copyright", + "/usr/share/lintian/overrides/libidn2-0" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libjemalloc2@5.2.1-1ubuntu1", + "Name": "libjemalloc2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libjemalloc2@5.2.1-1ubuntu1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "dfa342d22c9cd4aa" + }, + "Version": "5.2.1", + "Release": "1ubuntu1", + "Arch": "amd64", + "SrcName": "jemalloc", + "SrcVersion": "5.2.1", + "SrcRelease": "1ubuntu1", + "Licenses": [ + "BSD-2-Clause", + "BSD-2-Clause-Chemeris", + "BSD-3-Clause-Google", + "MIT", + "BSD-3-Clause-Hiroshima-University", + "BSD-3-Clause" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libgcc-s1@10.3.0-1ubuntu1~20.04", + "libstdc++6@10.3.0-1ubuntu1~20.04" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libjemalloc.so.2", + "/usr/share/doc/libjemalloc2/README", + "/usr/share/doc/libjemalloc2/changelog.Debian.gz", + "/usr/share/doc/libjemalloc2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "liblz4-1@1.9.2-2ubuntu0.20.04.1", + "Name": "liblz4-1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/liblz4-1@1.9.2-2ubuntu0.20.04.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "360de62e84e688a2" + }, + "Version": "1.9.2", + "Release": "2ubuntu0.20.04.1", + "Arch": "amd64", + "SrcName": "lz4", + "SrcVersion": "1.9.2", + "SrcRelease": "2ubuntu0.20.04.1", + "Licenses": [ + "BSD-2-Clause", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/liblz4.so.1.9.2", + "/usr/share/doc/liblz4-1/changelog.Debian.gz", + "/usr/share/doc/liblz4-1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "liblzma5@5.2.4-1ubuntu1.1", + "Name": "liblzma5", + "Identifier": { + "PURL": "pkg:deb/ubuntu/liblzma5@5.2.4-1ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "c2ae5f7a21c980c7" + }, + "Version": "5.2.4", + "Release": "1ubuntu1.1", + "Arch": "amd64", + "SrcName": "xz-utils", + "SrcVersion": "5.2.4", + "SrcRelease": "1ubuntu1.1", + "Licenses": [ + "PD", + "probably-PD", + "GPL-2.0-or-later", + "LGPL-2.1-or-later", + "permissive-fsf", + "Autoconf", + "permissive-nowarranty", + "GPL-2.0-only", + "none", + "config-h", + "LGPL-2.0-only", + "LGPL-2.1-only", + "noderivs", + "PD-debian", + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/liblzma.so.5.2.4", + "/usr/share/doc/liblzma5/AUTHORS", + "/usr/share/doc/liblzma5/NEWS.gz", + "/usr/share/doc/liblzma5/THANKS", + "/usr/share/doc/liblzma5/changelog.Debian.gz", + "/usr/share/doc/liblzma5/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libmariadb3@1:10.7.8+maria~ubu2004", + "Name": "libmariadb3", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libmariadb3@10.7.8%2Bmaria~ubu2004?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "3b5ea273e7b67371" + }, + "Version": "10.7.8+maria~ubu2004", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "mariadb-10.7", + "SrcVersion": "10.7.8+maria~ubu2004", + "SrcEpoch": 1, + "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libssl1.1@1.1.1f-1ubuntu2.17", + "mariadb-common@1:10.7.8+maria~ubu2004", + "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libmariadb.so.3", + "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/caching_sha2_password.so", + "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/client_ed25519.so", + "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/dialog.so", + "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/mysql_clear_password.so", + "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/sha256_password.so", + "/usr/share/doc/libmariadb3/changelog.gz", + "/usr/share/doc/libmariadb3/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libmnl0@1.0.4-2", + "Name": "libmnl0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libmnl0@1.0.4-2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "f052539b06152f0c" + }, + "Version": "1.0.4", + "Release": "2", + "Arch": "amd64", + "SrcName": "libmnl", + "SrcVersion": "1.0.4", + "SrcRelease": "2", + "Licenses": [ + "LGPL-2.1-only", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libmnl.so.0.2.0", + "/usr/share/doc/libmnl0/changelog.Debian.gz", + "/usr/share/doc/libmnl0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libmount1@2.34-0.1ubuntu9.3", + "Name": "libmount1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libmount1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "149aad062a67d915" + }, + "Version": "2.34", + "Release": "0.1ubuntu9.3", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.34", + "SrcRelease": "0.1ubuntu9.3", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "public-domain", + "BSD-4-Clause", + "MIT", + "BSD-2-Clause", + "BSD-3-Clause", + "LGPL-2.0-or-later", + "LGPL-2.1-or-later", + "GPL-3.0-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libblkid1@2.34-0.1ubuntu9.3", + "libc6@2.31-0ubuntu9.9", + "libselinux1@3.0-1build2" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libmount.so.1.1.0", + "/usr/share/doc/libmount1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libmpfr6@4.0.2-1", + "Name": "libmpfr6", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libmpfr6@4.0.2-1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "cbee374cc2146325" + }, + "Version": "4.0.2", + "Release": "1", + "Arch": "amd64", + "SrcName": "mpfr4", + "SrcVersion": "4.0.2", + "SrcRelease": "1", + "Licenses": [ + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libgmp10@2:6.2.0+dfsg-4ubuntu0.1" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libmpfr.so.6.0.2", + "/usr/share/doc/libmpfr6/AUTHORS", + "/usr/share/doc/libmpfr6/BUGS", + "/usr/share/doc/libmpfr6/NEWS.gz", + "/usr/share/doc/libmpfr6/README", + "/usr/share/doc/libmpfr6/TODO.gz", + "/usr/share/doc/libmpfr6/changelog.Debian.gz", + "/usr/share/doc/libmpfr6/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libncurses6@6.2-0ubuntu2", + "Name": "libncurses6", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libncurses6@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "daf9ae3f810ae3f0" + }, + "Version": "6.2", + "Release": "0ubuntu2", + "Arch": "amd64", + "SrcName": "ncurses", + "SrcVersion": "6.2", + "SrcRelease": "0ubuntu2", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libtinfo6@6.2-0ubuntu2" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libncurses.so.6.2", + "/usr/lib/x86_64-linux-gnu/libform.so.6.2", + "/usr/lib/x86_64-linux-gnu/libmenu.so.6.2", + "/usr/lib/x86_64-linux-gnu/libpanel.so.6.2" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libncursesw6@6.2-0ubuntu2", + "Name": "libncursesw6", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libncursesw6@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "dca50c9cdd5fdd35" + }, + "Version": "6.2", + "Release": "0ubuntu2", + "Arch": "amd64", + "SrcName": "ncurses", + "SrcVersion": "6.2", + "SrcRelease": "0ubuntu2", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libtinfo6@6.2-0ubuntu2" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libncursesw.so.6.2", + "/usr/lib/x86_64-linux-gnu/libformw.so.6.2", + "/usr/lib/x86_64-linux-gnu/libmenuw.so.6.2", + "/usr/lib/x86_64-linux-gnu/libpanelw.so.6.2" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libnettle7@3.5.1+really3.5.1-2ubuntu0.2", + "Name": "libnettle7", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libnettle7@3.5.1%2Breally3.5.1-2ubuntu0.2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "2056b6e9d75f6357" + }, + "Version": "3.5.1+really3.5.1", + "Release": "2ubuntu0.2", + "Arch": "amd64", + "SrcName": "nettle", + "SrcVersion": "3.5.1+really3.5.1", + "SrcRelease": "2ubuntu0.2", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "other", + "GPL-2.0-or-later", + "GPL-2.0-with-autoconf-exception+", + "public-domain", + "GPL-2.0-only", + "GAP" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libnettle.so.7.0", + "/usr/share/doc/libnettle7/NEWS.gz", + "/usr/share/doc/libnettle7/README", + "/usr/share/doc/libnettle7/changelog.Debian.gz", + "/usr/share/doc/libnettle7/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libp11-kit0@0.23.20-1ubuntu0.1", + "Name": "libp11-kit0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libp11-kit0@0.23.20-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "10976beda344eb50" + }, + "Version": "0.23.20", + "Release": "1ubuntu0.1", + "Arch": "amd64", + "SrcName": "p11-kit", + "SrcVersion": "0.23.20", + "SrcRelease": "1ubuntu0.1", + "Licenses": [ + "BSD-3-Clause", + "permissive-like-automake-output", + "ISC", + "ISC+IBM", + "same-as-rest-of-p11kit" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libffi7@3.3-4" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libp11-kit.so.0.3.0", + "/usr/share/doc/libp11-kit0/changelog.Debian.gz", + "/usr/share/doc/libp11-kit0/copyright", + "/usr/share/doc/libp11-kit0/examples/pkcs11.conf.example" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam-modules@1.3.1-5ubuntu4.6", + "Name": "libpam-modules", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libpam-modules@1.3.1-5ubuntu4.6?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "8238c76ab6208fd" + }, + "Version": "1.3.1", + "Release": "5ubuntu4.6", + "Arch": "amd64", + "SrcName": "pam", + "SrcVersion": "1.3.1", + "SrcRelease": "5ubuntu4.6", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/security/pam_access.so", + "/lib/x86_64-linux-gnu/security/pam_debug.so", + "/lib/x86_64-linux-gnu/security/pam_deny.so", + "/lib/x86_64-linux-gnu/security/pam_echo.so", + "/lib/x86_64-linux-gnu/security/pam_env.so", + "/lib/x86_64-linux-gnu/security/pam_exec.so", + "/lib/x86_64-linux-gnu/security/pam_extrausers.so", + "/lib/x86_64-linux-gnu/security/pam_faildelay.so", + "/lib/x86_64-linux-gnu/security/pam_faillock.so", + "/lib/x86_64-linux-gnu/security/pam_filter.so", + "/lib/x86_64-linux-gnu/security/pam_ftp.so", + "/lib/x86_64-linux-gnu/security/pam_group.so", + "/lib/x86_64-linux-gnu/security/pam_issue.so", + "/lib/x86_64-linux-gnu/security/pam_keyinit.so", + "/lib/x86_64-linux-gnu/security/pam_lastlog.so", + "/lib/x86_64-linux-gnu/security/pam_limits.so", + "/lib/x86_64-linux-gnu/security/pam_listfile.so", + "/lib/x86_64-linux-gnu/security/pam_localuser.so", + "/lib/x86_64-linux-gnu/security/pam_loginuid.so", + "/lib/x86_64-linux-gnu/security/pam_mail.so", + "/lib/x86_64-linux-gnu/security/pam_mkhomedir.so", + "/lib/x86_64-linux-gnu/security/pam_motd.so", + "/lib/x86_64-linux-gnu/security/pam_namespace.so", + "/lib/x86_64-linux-gnu/security/pam_nologin.so", + "/lib/x86_64-linux-gnu/security/pam_permit.so", + "/lib/x86_64-linux-gnu/security/pam_pwhistory.so", + "/lib/x86_64-linux-gnu/security/pam_rhosts.so", + "/lib/x86_64-linux-gnu/security/pam_rootok.so", + "/lib/x86_64-linux-gnu/security/pam_securetty.so", + "/lib/x86_64-linux-gnu/security/pam_selinux.so", + "/lib/x86_64-linux-gnu/security/pam_sepermit.so", + "/lib/x86_64-linux-gnu/security/pam_shells.so", + "/lib/x86_64-linux-gnu/security/pam_stress.so", + "/lib/x86_64-linux-gnu/security/pam_succeed_if.so", + "/lib/x86_64-linux-gnu/security/pam_tally.so", + "/lib/x86_64-linux-gnu/security/pam_tally2.so", + "/lib/x86_64-linux-gnu/security/pam_time.so", + "/lib/x86_64-linux-gnu/security/pam_timestamp.so", + "/lib/x86_64-linux-gnu/security/pam_tty_audit.so", + "/lib/x86_64-linux-gnu/security/pam_umask.so", + "/lib/x86_64-linux-gnu/security/pam_unix.so", + "/lib/x86_64-linux-gnu/security/pam_userdb.so", + "/lib/x86_64-linux-gnu/security/pam_warn.so", + "/lib/x86_64-linux-gnu/security/pam_wheel.so", + "/lib/x86_64-linux-gnu/security/pam_xauth.so", + "/usr/share/doc/libpam-modules/copyright", + "/usr/share/doc/libpam-modules/examples/upperLOWER.c", + "/usr/share/lintian/overrides/libpam-modules", + "/usr/share/man/man5/access.conf.5.gz", + "/usr/share/man/man5/faillock.conf.5.gz", + "/usr/share/man/man5/group.conf.5.gz", + "/usr/share/man/man5/limits.conf.5.gz", + "/usr/share/man/man5/namespace.conf.5.gz", + "/usr/share/man/man5/pam_env.conf.5.gz", + "/usr/share/man/man5/sepermit.conf.5.gz", + "/usr/share/man/man5/time.conf.5.gz", + "/usr/share/man/man5/update-motd.5.gz", + "/usr/share/man/man7/pam_env.7.gz", + "/usr/share/man/man7/pam_selinux.7.gz", + "/usr/share/man/man8/pam_access.8.gz", + "/usr/share/man/man8/pam_debug.8.gz", + "/usr/share/man/man8/pam_deny.8.gz", + "/usr/share/man/man8/pam_echo.8.gz", + "/usr/share/man/man8/pam_exec.8.gz", + "/usr/share/man/man8/pam_extrausers.8.gz", + "/usr/share/man/man8/pam_faildelay.8.gz", + "/usr/share/man/man8/pam_faillock.8.gz", + "/usr/share/man/man8/pam_filter.8.gz", + "/usr/share/man/man8/pam_ftp.8.gz", + "/usr/share/man/man8/pam_group.8.gz", + "/usr/share/man/man8/pam_issue.8.gz", + "/usr/share/man/man8/pam_keyinit.8.gz", + "/usr/share/man/man8/pam_lastlog.8.gz", + "/usr/share/man/man8/pam_limits.8.gz", + "/usr/share/man/man8/pam_listfile.8.gz", + "/usr/share/man/man8/pam_localuser.8.gz", + "/usr/share/man/man8/pam_loginuid.8.gz", + "/usr/share/man/man8/pam_mail.8.gz", + "/usr/share/man/man8/pam_mkhomedir.8.gz", + "/usr/share/man/man8/pam_motd.8.gz", + "/usr/share/man/man8/pam_namespace.8.gz", + "/usr/share/man/man8/pam_nologin.8.gz", + "/usr/share/man/man8/pam_permit.8.gz", + "/usr/share/man/man8/pam_pwhistory.8.gz", + "/usr/share/man/man8/pam_rhosts.8.gz", + "/usr/share/man/man8/pam_rootok.8.gz", + "/usr/share/man/man8/pam_securetty.8.gz", + "/usr/share/man/man8/pam_sepermit.8.gz", + "/usr/share/man/man8/pam_shells.8.gz", + "/usr/share/man/man8/pam_succeed_if.8.gz", + "/usr/share/man/man8/pam_tally.8.gz", + "/usr/share/man/man8/pam_tally2.8.gz", + "/usr/share/man/man8/pam_time.8.gz", + "/usr/share/man/man8/pam_timestamp.8.gz", + "/usr/share/man/man8/pam_tty_audit.8.gz", + "/usr/share/man/man8/pam_umask.8.gz", + "/usr/share/man/man8/pam_unix.8.gz", + "/usr/share/man/man8/pam_userdb.8.gz", + "/usr/share/man/man8/pam_warn.8.gz", + "/usr/share/man/man8/pam_wheel.8.gz", + "/usr/share/man/man8/pam_xauth.8.gz", + "/usr/share/pam-configs/mkhomedir" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam-modules-bin@1.3.1-5ubuntu4.6", + "Name": "libpam-modules-bin", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libpam-modules-bin@1.3.1-5ubuntu4.6?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "92c88fd5e3403ef2" + }, + "Version": "1.3.1", + "Release": "5ubuntu4.6", + "Arch": "amd64", + "SrcName": "pam", + "SrcVersion": "1.3.1", + "SrcRelease": "5ubuntu4.6", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit1@1:2.8.5-2ubuntu6", + "libc6@2.31-0ubuntu9.9", + "libcrypt1@1:4.4.10-10ubuntu4", + "libpam0g@1.3.1-5ubuntu4.6", + "libselinux1@3.0-1build2" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/sbin/mkhomedir_helper", + "/sbin/pam_extrausers_chkpwd", + "/sbin/pam_extrausers_update", + "/sbin/pam_tally", + "/sbin/pam_tally2", + "/sbin/unix_chkpwd", + "/sbin/unix_update", + "/usr/sbin/faillock", + "/usr/sbin/pam_timestamp_check", + "/usr/share/doc/libpam-modules-bin/copyright", + "/usr/share/lintian/overrides/libpam-modules-bin", + "/usr/share/man/man8/faillock.8.gz", + "/usr/share/man/man8/mkhomedir_helper.8.gz", + "/usr/share/man/man8/pam_timestamp_check.8.gz", + "/usr/share/man/man8/unix_chkpwd.8.gz", + "/usr/share/man/man8/unix_update.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam-runtime@1.3.1-5ubuntu4.6", + "Name": "libpam-runtime", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libpam-runtime@1.3.1-5ubuntu4.6?arch=all\u0026distro=ubuntu-20.04", + "UID": "815077e96d38fc4a" + }, + "Version": "1.3.1", + "Release": "5ubuntu4.6", + "Arch": "all", + "SrcName": "pam", + "SrcVersion": "1.3.1", + "SrcRelease": "5ubuntu4.6", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.73", + "libpam-modules@1.3.1-5ubuntu4.6" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/sbin/pam-auth-update", + "/usr/sbin/pam_getenv", + "/usr/share/doc/libpam-runtime/copyright", + "/usr/share/lintian/overrides/libpam-runtime", + "/usr/share/man/man5/pam.conf.5.gz", + "/usr/share/man/man7/PAM.7.gz", + "/usr/share/man/man8/pam-auth-update.8.gz", + "/usr/share/man/man8/pam_getenv.8.gz", + "/usr/share/pam-configs/unix", + "/usr/share/pam/common-account", + "/usr/share/pam/common-account.md5sums", + "/usr/share/pam/common-auth", + "/usr/share/pam/common-auth.md5sums", + "/usr/share/pam/common-password", + "/usr/share/pam/common-password.md5sums", + "/usr/share/pam/common-session", + "/usr/share/pam/common-session-noninteractive", + "/usr/share/pam/common-session-noninteractive.md5sums", + "/usr/share/pam/common-session.md5sums" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam0g@1.3.1-5ubuntu4.6", + "Name": "libpam0g", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libpam0g@1.3.1-5ubuntu4.6?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "65460bc2f0872763" + }, + "Version": "1.3.1", + "Release": "5ubuntu4.6", + "Arch": "amd64", + "SrcName": "pam", + "SrcVersion": "1.3.1", + "SrcRelease": "5ubuntu4.6", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.73", + "libaudit1@1:2.8.5-2ubuntu6", + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libpam.so.0.84.2", + "/lib/x86_64-linux-gnu/libpam_misc.so.0.82.1", + "/lib/x86_64-linux-gnu/libpamc.so.0.82.1", + "/usr/share/doc/libpam0g/Debian-PAM-MiniPolicy.gz", + "/usr/share/doc/libpam0g/NEWS.Debian.gz", + "/usr/share/doc/libpam0g/README", + "/usr/share/doc/libpam0g/README.Debian", + "/usr/share/doc/libpam0g/TODO.Debian", + "/usr/share/doc/libpam0g/changelog.Debian.gz", + "/usr/share/doc/libpam0g/copyright", + "/usr/share/lintian/overrides/libpam0g" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpcre2-8-0@10.34-7ubuntu0.1", + "Name": "libpcre2-8-0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libpcre2-8-0@10.34-7ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a2ff44836db84cd4" + }, + "Version": "10.34", + "Release": "7ubuntu0.1", + "Arch": "amd64", + "SrcName": "pcre2", + "SrcVersion": "10.34", + "SrcRelease": "7ubuntu0.1", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.9.0", + "/usr/share/doc/libpcre2-8-0/README.Debian", + "/usr/share/doc/libpcre2-8-0/changelog.Debian.gz", + "/usr/share/doc/libpcre2-8-0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpcre3@2:8.39-12ubuntu0.1", + "Name": "libpcre3", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libpcre3@8.39-12ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=2", + "UID": "27d387d3c4e2fd01" + }, + "Version": "8.39", + "Release": "12ubuntu0.1", + "Epoch": 2, + "Arch": "amd64", + "SrcName": "pcre3", + "SrcVersion": "8.39", + "SrcRelease": "12ubuntu0.1", + "SrcEpoch": 2, + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libpcre.so.3.13.3", + "/usr/lib/x86_64-linux-gnu/libpcreposix.so.3.13.3", + "/usr/share/doc/libpcre3/AUTHORS", + "/usr/share/doc/libpcre3/NEWS.gz", + "/usr/share/doc/libpcre3/README.Debian", + "/usr/share/doc/libpcre3/README.gz", + "/usr/share/doc/libpcre3/changelog.Debian.gz", + "/usr/share/doc/libpcre3/copyright", + "/usr/share/man/man3/pcrepattern.3.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libperl5.30@5.30.0-9ubuntu0.3", + "Name": "libperl5.30", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libperl5.30@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a3acb4d09929d454" + }, + "Version": "5.30.0", + "Release": "9ubuntu0.3", + "Arch": "amd64", + "SrcName": "perl", + "SrcVersion": "5.30.0", + "SrcRelease": "9ubuntu0.3", + "Licenses": [ + "GPL-1.0-or-later", + "Artistic-2.0", + "MIT", + "REGCOMP", + "GPL-2.0-with-bison-exception+", + "Unicode", + "BZIP", + "Zlib", + "GPL-2.0-or-later", + "RRA-KEEP-THIS-NOTICE", + "BSD-3-clause-with-weird-numbering", + "CC0-1.0", + "TEXT-TABS", + "BSD-4-clause-POWERDOG", + "BSD-3-clause-GENERIC", + "BSD-3-Clause", + "SDBM-PUBLIC-DOMAIN", + "DONT-CHANGE-THE-GPL", + "Artistic-dist", + "LGPL-2.1-only", + "GPL-1.0-only", + "GPL-2.0-only", + "Artistic-2", + "HSIEH-DERIVATIVE", + "HSIEH-BSD" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libbz2-1.0@1.0.8-2", + "libc6@2.31-0ubuntu9.9", + "libcrypt1@1:4.4.10-10ubuntu4", + "libdb5.3@5.3.28+dfsg1-0.6ubuntu2", + "libgdbm-compat4@1.18.1-5", + "libgdbm6@1.18.1-5", + "perl-modules-5.30@5.30.0-9ubuntu0.3", + "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/bin/cpan5.30-x86_64-linux-gnu", + "/usr/bin/perl5.30-x86_64-linux-gnu", + "/usr/lib/x86_64-linux-gnu/libperl.so.5.30.0", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/B.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/B/Concise.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/B/Showlex.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/B/Terse.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/B/Xref.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/EXTERN.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/INTERN.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/XSUB.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/av.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/bitcount.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/charclass_invlists.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/config.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/cop.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/cv.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/dosish.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/dquote_inline.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/ebcdic_tables.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/embed.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/embedvar.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/fakesdio.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/feature.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/form.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/git_version.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/gv.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/handy.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/hv.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/hv_func.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/hv_macro.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/inline.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/intrpvar.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/invlist_inline.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/iperlsys.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/keywords.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/l1_char_class_tab.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/malloc_ctl.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/metaconfig.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/mg.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/mg_data.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/mg_raw.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/mg_vtable.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/mydtrace.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/nostdio.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/op.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/op_reg_common.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/opcode.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/opnames.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/overload.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/pad.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/parser.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/patchlevel-debian.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/patchlevel.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perl.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perl_inc_macro.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perl_langinfo.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perlapi.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perlio.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perliol.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perlsdio.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perlvars.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perly.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/pp.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/pp_proto.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/proto.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/reentr.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/regcharclass.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/regcomp.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/regexp.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/regnodes.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/sbox32_hash.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/scope.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/stadtx_hash.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/sv.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/thread.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/time64.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/time64_config.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/uconfig.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/uni_keywords.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/unicode_constants.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/unixish.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/utf8.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/utfebcdic.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/util.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/uudmap.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/vutil.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/warnings.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/zaphod32_hash.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Compress/Raw/Bzip2.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Compress/Raw/Zlib.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Config.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Config.pod", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Config_git.pl", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Config_heavy.pl", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Cwd.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/DB_File.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Data/Dumper.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Devel/PPPort.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Devel/Peek.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Digest/MD5.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Digest/SHA.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/DynaLoader.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Alias.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Byte.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/CJKConstants.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/CN.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/CN/HZ.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Config.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/EBCDIC.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Encoder.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Encoding.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/GSM0338.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Guess.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/JP.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/JP/H2Z.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/JP/JIS7.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/KR.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/KR/2022_KR.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/MIME/Header.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/MIME/Header/ISO_2022_JP.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/MIME/Name.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Symbol.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/TW.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Unicode.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Unicode/UTF7.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Errno.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Fcntl.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/DosGlob.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Glob.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/AmigaOS.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/Cygwin.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/Epoc.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/Functions.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/Mac.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/OS2.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/Unix.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/VMS.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/Win32.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Filter/Util/Call.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/GDBM_File.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Hash/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Hash/Util/FieldHash.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/I18N/Langinfo.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Dir.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/File.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Handle.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Pipe.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Poll.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Seekable.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Select.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Socket.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Socket/INET.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Socket/UNIX.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IPC/Msg.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IPC/Semaphore.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IPC/SharedMem.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IPC/SysV.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/List/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/List/Util/XS.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/MIME/Base64.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/MIME/QuotedPrint.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Math/BigInt/FastCalc.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/NDBM_File.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/O.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/ODBM_File.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Opcode.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/POSIX.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/POSIX.pod", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/PerlIO/encoding.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/PerlIO/mmap.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/PerlIO/scalar.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/PerlIO/via.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/SDBM_File.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Scalar/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Socket.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Storable.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Sub/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Sys/Hostname.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Sys/Syslog.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Tie/Hash/NamedCapture.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Time/HiRes.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Time/Piece.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Time/Seconds.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Unicode/Collate.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Unicode/Collate/Locale.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Unicode/Normalize.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/_h2ph_pre.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/bitsperlong.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/ioctl.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/ioctls.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/posix_types.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/socket.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/sockios.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/termbits.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/termios.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/bitsperlong.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/ioctl.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/ioctls.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/posix_types.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/posix_types_32.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/posix_types_64.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/posix_types_x32.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/socket.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/sockios.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/termbits.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/termios.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/unistd.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/unistd_32.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/unistd_64.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/unistd_x32.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/attributes.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/B/B.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Compress/Raw/Bzip2/Bzip2.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Compress/Raw/Zlib/Zlib.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Cwd/Cwd.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/DB_File/DB_File.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Data/Dumper/Dumper.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Devel/Peek/Peek.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Digest/MD5/MD5.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Digest/SHA/SHA.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/Byte/Byte.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/CN/CN.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/EBCDIC/EBCDIC.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/Encode.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/JP/JP.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/KR/KR.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/Symbol/Symbol.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/TW/TW.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/Unicode/Unicode.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Fcntl/Fcntl.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/File/DosGlob/DosGlob.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/File/Glob/Glob.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Filter/Util/Call/Call.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/GDBM_File/GDBM_File.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Hash/Util/FieldHash/FieldHash.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Hash/Util/Util.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/I18N/Langinfo/Langinfo.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/IO/IO.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/IPC/SysV/SysV.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/List/Util/Util.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/MIME/Base64/Base64.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Math/BigInt/FastCalc/FastCalc.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/NDBM_File/NDBM_File.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/ODBM_File/ODBM_File.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Opcode/Opcode.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/POSIX/POSIX.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/PerlIO/encoding/encoding.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/PerlIO/mmap/mmap.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/PerlIO/scalar/scalar.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/PerlIO/via/via.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/SDBM_File/SDBM_File.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Socket/Socket.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Storable/Storable.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Sys/Hostname/Hostname.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Sys/Syslog/Syslog.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Tie/Hash/NamedCapture/NamedCapture.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Time/HiRes/HiRes.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Time/Piece/Piece.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Unicode/Collate/Collate.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Unicode/Normalize/Normalize.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/attributes/attributes.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/mro/mro.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/re/re.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/threads/shared/shared.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/threads/threads.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/byteswap.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/endian.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/endianness.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/ioctl-types.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/ioctls.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/long-double.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/pthreadtypes-arch.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/pthreadtypes.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/select.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/select2.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/sigaction.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/sigcontext.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/sigevent-consts.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/siginfo-arch.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/siginfo-consts-arch.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/siginfo-consts.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/signal_ext.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/signum-generic.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/signum.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/sigstack.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/sigthread.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/sockaddr.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/socket-constants.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/socket.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/socket2.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/socket_type.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/ss_flags.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/stdint-intn.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/struct_mutex.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/struct_rwlock.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/syscall.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/syslog-ldbl.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/syslog-path.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/syslog.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/thread-shared-types.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/time64.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/timesize.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/__sigset_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/__sigval_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/clock_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/clockid_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/sig_atomic_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/sigevent_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/siginfo_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/sigset_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/sigval_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/stack_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/struct_iovec.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/struct_osockaddr.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/struct_rusage.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/struct_sigstack.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/struct_timespec.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/struct_timeval.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/time_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/timer_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/typesizes.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/uintn-identity.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/waitflags.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/waitstatus.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/wordsize.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/encoding.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/endian.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/errno.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/features.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/gnu/stubs-64.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/gnu/stubs.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/lib.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/linux/ioctl.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/linux/posix_types.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/linux/stddef.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/mro.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/ops.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/re.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/signal.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/stdarg.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/stdc-predef.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/stddef.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/cdefs.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/ioctl.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/select.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/socket.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/syscall.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/syslog.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/time.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/ttydefaults.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/types.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/ucontext.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/wait.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/syscall.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sysexits.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/syslimits.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/syslog.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/threads.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/threads/shared.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/wait.ph", + "/usr/lib/x86_64-linux-gnu/perl/debian-config-data-5.30.0/README", + "/usr/lib/x86_64-linux-gnu/perl/debian-config-data-5.30.0/config.sh.debug.gz", + "/usr/lib/x86_64-linux-gnu/perl/debian-config-data-5.30.0/config.sh.shared.gz", + "/usr/lib/x86_64-linux-gnu/perl/debian-config-data-5.30.0/config.sh.static.gz", + "/usr/share/doc/libperl5.30/changelog.Debian.gz", + "/usr/share/doc/libperl5.30/copyright", + "/usr/share/man/man1/cpan5.30-x86_64-linux-gnu.1.gz", + "/usr/share/man/man1/perl5.30-x86_64-linux-gnu.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpmem1@1.8-1ubuntu1", + "Name": "libpmem1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libpmem1@1.8-1ubuntu1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "b5e316fd5e28e714" + }, + "Version": "1.8", + "Release": "1ubuntu1", + "Arch": "amd64", + "SrcName": "pmdk", + "SrcVersion": "1.8", + "SrcRelease": "1ubuntu1", + "Licenses": [ + "BSD-3-Clause", + "CDDL-1.0" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libpmem.so.1.0.0", + "/usr/share/doc/libpmem1/NEWS.Debian.gz", + "/usr/share/doc/libpmem1/changelog.Debian.gz", + "/usr/share/doc/libpmem1/copyright", + "/usr/share/man/man5/poolset.5.gz", + "/usr/share/pmdk/pmdk.magic" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpopt0@1.16-14", + "Name": "libpopt0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libpopt0@1.16-14?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "6a08802bc0d6d486" + }, + "Version": "1.16", + "Release": "14", + "Arch": "amd64", + "SrcName": "popt", + "SrcVersion": "1.16", + "SrcRelease": "14", + "Licenses": [ + "X-Consortium", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libpopt.so.0.0.0", + "/usr/share/doc/libpopt0/README", + "/usr/share/doc/libpopt0/changelog.Debian.gz", + "/usr/share/doc/libpopt0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libprocps8@2:3.3.16-1ubuntu2.3", + "Name": "libprocps8", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libprocps8@3.3.16-1ubuntu2.3?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=2", + "UID": "75a220dc5c5b9715" + }, + "Version": "3.3.16", + "Release": "1ubuntu2.3", + "Epoch": 2, + "Arch": "amd64", + "SrcName": "procps", + "SrcVersion": "3.3.16", + "SrcRelease": "1ubuntu2.3", + "SrcEpoch": 2, + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.0-or-later", + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libsystemd0@245.4-4ubuntu3.21" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libprocps.so.8.0.2", + "/usr/share/doc/libprocps8/NEWS.Debian.gz", + "/usr/share/doc/libprocps8/changelog.Debian.gz", + "/usr/share/doc/libprocps8/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libreadline5@5.2+dfsg-3build3", + "Name": "libreadline5", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libreadline5@5.2%2Bdfsg-3build3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "234af31bdc63d43c" + }, + "Version": "5.2+dfsg", + "Release": "3build3", + "Arch": "amd64", + "SrcName": "readline5", + "SrcVersion": "5.2+dfsg", + "SrcRelease": "3build3", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libtinfo6@6.2-0ubuntu2", + "readline-common@8.0-4" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libhistory.so.5.2", + "/lib/x86_64-linux-gnu/libreadline.so.5.2", + "/usr/share/doc/libreadline5/README.Debian", + "/usr/share/doc/libreadline5/USAGE", + "/usr/share/doc/libreadline5/changelog.Debian.gz", + "/usr/share/doc/libreadline5/copyright", + "/usr/share/doc/libreadline5/examples/Inputrc", + "/usr/share/doc/libreadline5/inputrc.arrows" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libreadline8@8.0-4", + "Name": "libreadline8", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libreadline8@8.0-4?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "f9e655d4edc2d8e2" + }, + "Version": "8.0", + "Release": "4", + "Arch": "amd64", + "SrcName": "readline", + "SrcVersion": "8.0", + "SrcRelease": "4", + "Licenses": [ + "GPL-3.0-only", + "GFDL-1.3-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libtinfo6@6.2-0ubuntu2", + "readline-common@8.0-4" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libhistory.so.8.0", + "/lib/x86_64-linux-gnu/libreadline.so.8.0", + "/usr/share/doc/libreadline8/README.Debian", + "/usr/share/doc/libreadline8/USAGE", + "/usr/share/doc/libreadline8/changelog.Debian.gz", + "/usr/share/doc/libreadline8/copyright", + "/usr/share/doc/libreadline8/examples/Inputrc", + "/usr/share/doc/libreadline8/inputrc.arrows" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libseccomp2@2.5.1-1ubuntu1~20.04.2", + "Name": "libseccomp2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libseccomp2@2.5.1-1ubuntu1~20.04.2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "db3912914568b1ad" + }, + "Version": "2.5.1", + "Release": "1ubuntu1~20.04.2", + "Arch": "amd64", + "SrcName": "libseccomp", + "SrcVersion": "2.5.1", + "SrcRelease": "1ubuntu1~20.04.2", + "Licenses": [ + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libseccomp.so.2.5.1", + "/usr/share/doc/libseccomp2/changelog.Debian.gz", + "/usr/share/doc/libseccomp2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libselinux1@3.0-1build2", + "Name": "libselinux1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libselinux1@3.0-1build2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a9c070ddf7ca5ca6" + }, + "Version": "3.0", + "Release": "1build2", + "Arch": "amd64", + "SrcName": "libselinux", + "SrcVersion": "3.0", + "SrcRelease": "1build2", + "Licenses": [ + "LGPL-2.1-only", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libpcre2-8-0@10.34-7ubuntu0.1" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libselinux.so.1", + "/usr/share/doc/libselinux1/changelog.Debian.gz", + "/usr/share/doc/libselinux1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsemanage-common@3.0-1build2", + "Name": "libsemanage-common", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libsemanage-common@3.0-1build2?arch=all\u0026distro=ubuntu-20.04", + "UID": "f8b9732e3155b5b4" + }, + "Version": "3.0", + "Release": "1build2", + "Arch": "all", + "SrcName": "libsemanage", + "SrcVersion": "3.0", + "SrcRelease": "1build2", + "Licenses": [ + "LGPL-2.0-or-later", + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/share/doc/libsemanage-common/changelog.Debian.gz", + "/usr/share/doc/libsemanage-common/copyright", + "/usr/share/man/man5/semanage.conf.5.gz", + "/usr/share/man/ru/man5/semanage.conf.5.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsemanage1@3.0-1build2", + "Name": "libsemanage1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libsemanage1@3.0-1build2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "eeefe3ed36f03f79" + }, + "Version": "3.0", + "Release": "1build2", + "Arch": "amd64", + "SrcName": "libsemanage", + "SrcVersion": "3.0", + "SrcRelease": "1build2", + "Licenses": [ + "LGPL-2.0-or-later", + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit1@1:2.8.5-2ubuntu6", + "libbz2-1.0@1.0.8-2", + "libc6@2.31-0ubuntu9.9", + "libselinux1@3.0-1build2", + "libsemanage-common@3.0-1build2", + "libsepol1@3.0-1ubuntu0.1" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsemanage.so.1", + "/usr/share/doc/libsemanage1/changelog.Debian.gz", + "/usr/share/doc/libsemanage1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsepol1@3.0-1ubuntu0.1", + "Name": "libsepol1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libsepol1@3.0-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "2c4a00b1d72fefc9" + }, + "Version": "3.0", + "Release": "1ubuntu0.1", + "Arch": "amd64", + "SrcName": "libsepol", + "SrcVersion": "3.0", + "SrcRelease": "1ubuntu0.1", + "Licenses": [ + "LGPL-2.0-or-later", + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libsepol.so.1", + "/usr/share/doc/libsepol1/changelog.Debian.gz", + "/usr/share/doc/libsepol1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsigsegv2@2.12-2", + "Name": "libsigsegv2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libsigsegv2@2.12-2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "7e770d77096955f1" + }, + "Version": "2.12", + "Release": "2", + "Arch": "amd64", + "SrcName": "libsigsegv", + "SrcVersion": "2.12", + "SrcRelease": "2", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-with-autoconf-exception+", + "GPL-2.0-only", + "permissive-fsf", + "permissive-other" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsigsegv.so.2.0.5", + "/usr/share/doc/libsigsegv2/NEWS.gz", + "/usr/share/doc/libsigsegv2/README.gz", + "/usr/share/doc/libsigsegv2/changelog.Debian.gz", + "/usr/share/doc/libsigsegv2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsmartcols1@2.34-0.1ubuntu9.3", + "Name": "libsmartcols1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libsmartcols1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e0fe2b0ba0e3d931" + }, + "Version": "2.34", + "Release": "0.1ubuntu9.3", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.34", + "SrcRelease": "0.1ubuntu9.3", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "public-domain", + "BSD-4-Clause", + "MIT", + "BSD-2-Clause", + "BSD-3-Clause", + "LGPL-2.0-or-later", + "LGPL-2.1-or-later", + "GPL-3.0-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libsmartcols.so.1.1.0", + "/usr/share/doc/libsmartcols1/changelog.Debian.gz", + "/usr/share/doc/libsmartcols1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsqlite3-0@3.31.1-4ubuntu0.5", + "Name": "libsqlite3-0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libsqlite3-0@3.31.1-4ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a3370ed119e5344f" + }, + "Version": "3.31.1", + "Release": "4ubuntu0.5", + "Arch": "amd64", + "SrcName": "sqlite3", + "SrcVersion": "3.31.1", + "SrcRelease": "4ubuntu0.5", + "Licenses": [ + "public-domain", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsqlite3.so.0.8.6", + "/usr/share/doc/libsqlite3-0/README.Debian", + "/usr/share/doc/libsqlite3-0/changelog.Debian.gz", + "/usr/share/doc/libsqlite3-0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libss2@1.45.5-2ubuntu1.1", + "Name": "libss2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libss2@1.45.5-2ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "3e46290b129f0387" + }, + "Version": "1.45.5", + "Release": "2ubuntu1.1", + "Arch": "amd64", + "SrcName": "e2fsprogs", + "SrcVersion": "1.45.5", + "SrcRelease": "2ubuntu1.1", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libcom-err2@1.45.5-2ubuntu1.1" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libss.so.2.0", + "/usr/share/doc/libss2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libssl1.1@1.1.1f-1ubuntu2.17", + "Name": "libssl1.1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libssl1.1@1.1.1f-1ubuntu2.17?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "b87ebee76c1b0f05" + }, + "Version": "1.1.1f", + "Release": "1ubuntu2.17", + "Arch": "amd64", + "SrcName": "openssl", + "SrcVersion": "1.1.1f", + "SrcRelease": "1ubuntu2.17", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.73", + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/engines-1.1/afalg.so", + "/usr/lib/x86_64-linux-gnu/engines-1.1/capi.so", + "/usr/lib/x86_64-linux-gnu/engines-1.1/padlock.so", + "/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1", + "/usr/lib/x86_64-linux-gnu/libssl.so.1.1", + "/usr/share/doc/libssl1.1/NEWS.Debian.gz", + "/usr/share/doc/libssl1.1/changelog.Debian.gz", + "/usr/share/doc/libssl1.1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libstdc++6@10.3.0-1ubuntu1~20.04", + "Name": "libstdc++6", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libstdc%2B%2B6@10.3.0-1ubuntu1~20.04?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "fcbb911f1af25c92" + }, + "Version": "10.3.0", + "Release": "1ubuntu1~20.04", + "Arch": "amd64", + "SrcName": "gcc-10", + "SrcVersion": "10.3.0", + "SrcRelease": "1ubuntu1~20.04", + "Maintainer": "Ubuntu Core developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "gcc-10-base@10.3.0-1ubuntu1~20.04", + "libc6@2.31-0ubuntu9.9", + "libgcc-s1@10.3.0-1ubuntu1~20.04" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.28", + "/usr/share/gcc/python/libstdcxx/__init__.py", + "/usr/share/gcc/python/libstdcxx/v6/__init__.py", + "/usr/share/gcc/python/libstdcxx/v6/printers.py", + "/usr/share/gcc/python/libstdcxx/v6/xmethods.py", + "/usr/share/gdb/auto-load/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.28-gdb.py" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsystemd0@245.4-4ubuntu3.21", + "Name": "libsystemd0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libsystemd0@245.4-4ubuntu3.21?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "2ca4bda860660f7" + }, + "Version": "245.4", + "Release": "4ubuntu3.21", + "Arch": "amd64", + "SrcName": "systemd", + "SrcVersion": "245.4", + "SrcRelease": "4ubuntu3.21", + "Licenses": [ + "LGPL-2.1-or-later", + "CC0-1.0", + "GPL-2.0-only", + "GPL-2 with Linux-syscall-note exception", + "MIT", + "public-domain", + "GPL-2.0-or-later", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libsystemd.so.0.28.0", + "/usr/share/doc/libsystemd0/changelog.Debian.gz", + "/usr/share/doc/libsystemd0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libtasn1-6@4.16.0-2", + "Name": "libtasn1-6", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libtasn1-6@4.16.0-2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "1f3fac8fa7795921" + }, + "Version": "4.16.0", + "Release": "2", + "Arch": "amd64", + "SrcName": "libtasn1-6", + "SrcVersion": "4.16.0", + "SrcRelease": "2", + "Licenses": [ + "LGPL-2.0-or-later", + "LGPL-2.1-only", + "GPL-3.0-only", + "GFDL-1.3-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libtasn1.so.6.6.0", + "/usr/share/doc/libtasn1-6/AUTHORS", + "/usr/share/doc/libtasn1-6/README.md", + "/usr/share/doc/libtasn1-6/THANKS", + "/usr/share/doc/libtasn1-6/changelog.Debian.gz", + "/usr/share/doc/libtasn1-6/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libtinfo6@6.2-0ubuntu2", + "Name": "libtinfo6", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libtinfo6@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a7882c12b2088277" + }, + "Version": "6.2", + "Release": "0ubuntu2", + "Arch": "amd64", + "SrcName": "ncurses", + "SrcVersion": "6.2", + "SrcRelease": "0ubuntu2", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libtinfo.so.6.2", + "/usr/lib/x86_64-linux-gnu/libtic.so.6.2", + "/usr/share/doc/libtinfo6/FAQ", + "/usr/share/doc/libtinfo6/TODO.Debian", + "/usr/share/doc/libtinfo6/changelog.Debian.gz", + "/usr/share/doc/libtinfo6/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libudev1@245.4-4ubuntu3.21", + "Name": "libudev1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libudev1@245.4-4ubuntu3.21?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "f95ec49e3ef20df4" + }, + "Version": "245.4", + "Release": "4ubuntu3.21", + "Arch": "amd64", + "SrcName": "systemd", + "SrcVersion": "245.4", + "SrcRelease": "4ubuntu3.21", + "Licenses": [ + "LGPL-2.1-or-later", + "CC0-1.0", + "GPL-2.0-only", + "GPL-2 with Linux-syscall-note exception", + "MIT", + "public-domain", + "GPL-2.0-or-later", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libudev.so.1.6.17", + "/usr/share/doc/libudev1/changelog.Debian.gz", + "/usr/share/doc/libudev1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libunistring2@0.9.10-2", + "Name": "libunistring2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libunistring2@0.9.10-2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "d67bce3ae373329f" + }, + "Version": "0.9.10", + "Release": "2", + "Arch": "amd64", + "SrcName": "libunistring", + "SrcVersion": "0.9.10", + "SrcRelease": "2", + "Licenses": [ + "LGPL-3.0-or-later", + "GPL-2.0-or-later", + "FreeSoftware", + "GPL-2+ with distribution exception", + "GPL-3.0-or-later", + "GFDL-1.2-or-later", + "MIT", + "LGPL-3.0-only", + "GPL-3.0-only", + "GPL-2.0-only", + "GFDL-1.2-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libunistring.so.2.1.0", + "/usr/share/doc/libunistring2/changelog.Debian.gz", + "/usr/share/doc/libunistring2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libuuid1@2.34-0.1ubuntu9.3", + "Name": "libuuid1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libuuid1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "51a8ab06722bbc14" + }, + "Version": "2.34", + "Release": "0.1ubuntu9.3", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.34", + "SrcRelease": "0.1ubuntu9.3", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "public-domain", + "BSD-4-Clause", + "MIT", + "BSD-2-Clause", + "BSD-3-Clause", + "LGPL-2.0-or-later", + "LGPL-2.1-or-later", + "GPL-3.0-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libuuid.so.1.3.0", + "/usr/share/doc/libuuid1/changelog.Debian.gz", + "/usr/share/doc/libuuid1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libwrap0@7.6.q-30", + "Name": "libwrap0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libwrap0@7.6.q-30?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "5018efec0f7a250d" + }, + "Version": "7.6.q", + "Release": "30", + "Arch": "amd64", + "SrcName": "tcp-wrappers", + "SrcVersion": "7.6.q", + "SrcRelease": "30", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libwrap.so.0.7.6", + "/usr/share/doc/libwrap0/README.Debian", + "/usr/share/doc/libwrap0/README.gz", + "/usr/share/doc/libwrap0/changelog.Debian.gz", + "/usr/share/doc/libwrap0/copyright", + "/usr/share/man/man5/hosts_access.5.gz", + "/usr/share/man/man5/hosts_options.5.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libxtables12@1.8.4-3ubuntu2", + "Name": "libxtables12", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libxtables12@1.8.4-3ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e8e30686839cc4b5" + }, + "Version": "1.8.4", + "Release": "3ubuntu2", + "Arch": "amd64", + "SrcName": "iptables", + "SrcVersion": "1.8.4", + "SrcRelease": "3ubuntu2", + "Licenses": [ + "GPL-2.0-only", + "Artistic-2.0", + "GPL-2.0-or-later", + "custom" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libxtables.so.12.2.0", + "/usr/share/doc/libxtables12/NEWS.Debian.gz", + "/usr/share/doc/libxtables12/changelog.Debian.gz", + "/usr/share/doc/libxtables12/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libzstd1@1.4.4+dfsg-3ubuntu0.1", + "Name": "libzstd1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libzstd1@1.4.4%2Bdfsg-3ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "f4f84047570c3dd6" + }, + "Version": "1.4.4+dfsg", + "Release": "3ubuntu0.1", + "Arch": "amd64", + "SrcName": "libzstd", + "SrcVersion": "1.4.4+dfsg", + "SrcRelease": "3ubuntu0.1", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only", + "Zlib", + "GPL-2.0-or-later", + "MIT" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libzstd.so.1.4.4", + "/usr/share/doc/libzstd1/changelog.Debian.gz", + "/usr/share/doc/libzstd1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "login@1:4.8.1-1ubuntu5.20.04.4", + "Name": "login", + "Identifier": { + "PURL": "pkg:deb/ubuntu/login@4.8.1-1ubuntu5.20.04.4?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "a79aae34849faa64" + }, + "Version": "4.8.1", + "Release": "1ubuntu5.20.04.4", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "shadow", + "SrcVersion": "4.8.1", + "SrcRelease": "1ubuntu5.20.04.4", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/bin/login", + "/usr/bin/faillog", + "/usr/bin/lastlog", + "/usr/bin/newgrp", + "/usr/sbin/nologin", + "/usr/share/apport/package-hooks/source_shadow.py", + "/usr/share/doc/login/NEWS.Debian.gz", + "/usr/share/doc/login/changelog.Debian.gz", + "/usr/share/doc/login/copyright", + "/usr/share/lintian/overrides/login", + "/usr/share/man/cs/man5/faillog.5.gz", + "/usr/share/man/cs/man8/faillog.8.gz", + "/usr/share/man/cs/man8/lastlog.8.gz", + "/usr/share/man/cs/man8/nologin.8.gz", + "/usr/share/man/da/man1/newgrp.1.gz", + "/usr/share/man/da/man1/sg.1.gz", + "/usr/share/man/da/man8/nologin.8.gz", + "/usr/share/man/de/man1/login.1.gz", + "/usr/share/man/de/man1/newgrp.1.gz", + "/usr/share/man/de/man1/sg.1.gz", + "/usr/share/man/de/man5/faillog.5.gz", + "/usr/share/man/de/man5/login.defs.5.gz", + "/usr/share/man/de/man8/faillog.8.gz", + "/usr/share/man/de/man8/lastlog.8.gz", + "/usr/share/man/de/man8/nologin.8.gz", + "/usr/share/man/fr/man1/login.1.gz", + "/usr/share/man/fr/man1/newgrp.1.gz", + "/usr/share/man/fr/man1/sg.1.gz", + "/usr/share/man/fr/man5/faillog.5.gz", + "/usr/share/man/fr/man5/login.defs.5.gz", + "/usr/share/man/fr/man8/faillog.8.gz", + "/usr/share/man/fr/man8/lastlog.8.gz", + "/usr/share/man/fr/man8/nologin.8.gz", + "/usr/share/man/hu/man1/login.1.gz", + "/usr/share/man/hu/man1/newgrp.1.gz", + "/usr/share/man/hu/man8/lastlog.8.gz", + "/usr/share/man/id/man1/login.1.gz", + "/usr/share/man/it/man1/login.1.gz", + "/usr/share/man/it/man1/newgrp.1.gz", + "/usr/share/man/it/man1/sg.1.gz", + "/usr/share/man/it/man5/faillog.5.gz", + "/usr/share/man/it/man5/login.defs.5.gz", + "/usr/share/man/it/man8/faillog.8.gz", + "/usr/share/man/it/man8/lastlog.8.gz", + "/usr/share/man/it/man8/nologin.8.gz", + "/usr/share/man/ja/man1/login.1.gz", + "/usr/share/man/ja/man1/newgrp.1.gz", + "/usr/share/man/ja/man5/faillog.5.gz", + "/usr/share/man/ja/man5/login.defs.5.gz", + "/usr/share/man/ja/man8/faillog.8.gz", + "/usr/share/man/ja/man8/lastlog.8.gz", + "/usr/share/man/ko/man1/login.1.gz", + "/usr/share/man/man1/login.1.gz", + "/usr/share/man/man1/newgrp.1.gz", + "/usr/share/man/man1/sg.1.gz", + "/usr/share/man/man5/faillog.5.gz", + "/usr/share/man/man5/login.defs.5.gz", + "/usr/share/man/man8/faillog.8.gz", + "/usr/share/man/man8/lastlog.8.gz", + "/usr/share/man/man8/nologin.8.gz", + "/usr/share/man/pl/man1/newgrp.1.gz", + "/usr/share/man/pl/man1/sg.1.gz", + "/usr/share/man/pl/man5/faillog.5.gz", + "/usr/share/man/pl/man8/faillog.8.gz", + "/usr/share/man/pl/man8/lastlog.8.gz", + "/usr/share/man/ru/man1/login.1.gz", + "/usr/share/man/ru/man1/newgrp.1.gz", + "/usr/share/man/ru/man1/sg.1.gz", + "/usr/share/man/ru/man5/faillog.5.gz", + "/usr/share/man/ru/man5/login.defs.5.gz", + "/usr/share/man/ru/man8/faillog.8.gz", + "/usr/share/man/ru/man8/lastlog.8.gz", + "/usr/share/man/ru/man8/nologin.8.gz", + "/usr/share/man/sv/man1/newgrp.1.gz", + "/usr/share/man/sv/man1/sg.1.gz", + "/usr/share/man/sv/man5/faillog.5.gz", + "/usr/share/man/sv/man8/faillog.8.gz", + "/usr/share/man/sv/man8/lastlog.8.gz", + "/usr/share/man/sv/man8/nologin.8.gz", + "/usr/share/man/tr/man1/login.1.gz", + "/usr/share/man/zh_CN/man1/login.1.gz", + "/usr/share/man/zh_CN/man1/newgrp.1.gz", + "/usr/share/man/zh_CN/man1/sg.1.gz", + "/usr/share/man/zh_CN/man5/faillog.5.gz", + "/usr/share/man/zh_CN/man5/login.defs.5.gz", + "/usr/share/man/zh_CN/man8/faillog.8.gz", + "/usr/share/man/zh_CN/man8/lastlog.8.gz", + "/usr/share/man/zh_CN/man8/nologin.8.gz", + "/usr/share/man/zh_TW/man1/newgrp.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "logsave@1.45.5-2ubuntu1.1", + "Name": "logsave", + "Identifier": { + "PURL": "pkg:deb/ubuntu/logsave@1.45.5-2ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "8308a2b238c2c56" + }, + "Version": "1.45.5", + "Release": "2ubuntu1.1", + "Arch": "amd64", + "SrcName": "e2fsprogs", + "SrcVersion": "1.45.5", + "SrcRelease": "2ubuntu1.1", + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/sbin/logsave", + "/usr/share/doc/logsave/changelog.Debian.gz", + "/usr/share/doc/logsave/copyright", + "/usr/share/man/man8/logsave.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "lsb-base@11.1.0ubuntu2", + "Name": "lsb-base", + "Identifier": { + "PURL": "pkg:deb/ubuntu/lsb-base@11.1.0ubuntu2?arch=all\u0026distro=ubuntu-20.04", + "UID": "b3b9f72789fe717e" + }, + "Version": "11.1.0ubuntu2", + "Arch": "all", + "SrcName": "lsb", + "SrcVersion": "11.1.0ubuntu2", + "Licenses": [ + "GPL-2.0-only", + "BSD-3-Clause" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/lsb/init-functions", + "/lib/lsb/init-functions.d/00-verbose", + "/lib/lsb/init-functions.d/50-ubuntu-logging", + "/usr/share/doc/lsb-base/NEWS.Debian.gz", + "/usr/share/doc/lsb-base/README.Debian.gz", + "/usr/share/doc/lsb-base/changelog.gz", + "/usr/share/doc/lsb-base/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "lsof@4.93.2+dfsg-1ubuntu0.20.04.1", + "Name": "lsof", + "Identifier": { + "PURL": "pkg:deb/ubuntu/lsof@4.93.2%2Bdfsg-1ubuntu0.20.04.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "3ca8feeece8ad23d" + }, + "Version": "4.93.2+dfsg", + "Release": "1ubuntu0.20.04.1", + "Arch": "amd64", + "SrcName": "lsof", + "SrcVersion": "4.93.2+dfsg", + "SrcRelease": "1ubuntu0.20.04.1", + "Licenses": [ + "Purdue", + "BSD-4-Clause", + "GPL-2.0-or-later", + "LGPL-2.0-or-later", + "Sendmail", + "LGPL-2.0-only", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libselinux1@3.0-1build2" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/bin/lsof", + "/usr/share/doc/lsof/00FAQ.gz", + "/usr/share/doc/lsof/00LSOF-L", + "/usr/share/doc/lsof/00QUICKSTART.gz", + "/usr/share/doc/lsof/README.Debian", + "/usr/share/doc/lsof/changelog.Debian.gz", + "/usr/share/doc/lsof/copyright", + "/usr/share/doc/lsof/examples/00MANIFEST", + "/usr/share/doc/lsof/examples/00README", + "/usr/share/doc/lsof/examples/big_brother.perl5.gz", + "/usr/share/doc/lsof/examples/count_pf.perl", + "/usr/share/doc/lsof/examples/count_pf.perl5", + "/usr/share/doc/lsof/examples/identd.perl5", + "/usr/share/doc/lsof/examples/idrlogin.perl.gz", + "/usr/share/doc/lsof/examples/idrlogin.perl5.gz", + "/usr/share/doc/lsof/examples/list_NULf.perl5.gz", + "/usr/share/doc/lsof/examples/list_fields.awk.gz", + "/usr/share/doc/lsof/examples/list_fields.perl.gz", + "/usr/share/doc/lsof/examples/shared.perl5.gz", + "/usr/share/doc/lsof/examples/sort_res.perl5", + "/usr/share/doc/lsof/examples/watch_a_file.perl", + "/usr/share/doc/lsof/examples/xusers.awk", + "/usr/share/man/man8/lsof.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mariadb-backup@1:10.7.8+maria~ubu2004", + "Name": "mariadb-backup", + "Identifier": { + "PURL": "pkg:deb/ubuntu/mariadb-backup@10.7.8%2Bmaria~ubu2004?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "a46abd81895bde74" + }, + "Version": "10.7.8+maria~ubu2004", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "mariadb-10.7", + "SrcVersion": "10.7.8+maria~ubu2004", + "SrcEpoch": 1, + "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaio1@0.3.112-5", + "libc6@2.31-0ubuntu9.9", + "libcrypt1@1:4.4.10-10ubuntu4", + "libpcre2-8-0@10.34-7ubuntu0.1", + "libpmem1@1.8-1ubuntu1", + "libssl1.1@1.1.1f-1ubuntu2.17", + "libstdc++6@10.3.0-1ubuntu1~20.04", + "libsystemd0@245.4-4ubuntu3.21", + "mariadb-client-core-10.7@1:10.7.8+maria~ubu2004", + "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/bin/mariadb-backup", + "/usr/bin/mbstream", + "/usr/share/doc/mariadb-backup/changelog.gz", + "/usr/share/doc/mariadb-backup/copyright", + "/usr/share/man/man1/mariabackup.1.gz", + "/usr/share/man/man1/mbstream.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mariadb-client-10.7@1:10.7.8+maria~ubu2004", + "Name": "mariadb-client-10.7", + "Identifier": { + "PURL": "pkg:deb/ubuntu/mariadb-client-10.7@10.7.8%2Bmaria~ubu2004?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "ce20d725795d726c" + }, + "Version": "10.7.8+maria~ubu2004", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "mariadb-10.7", + "SrcVersion": "10.7.8+maria~ubu2004", + "SrcEpoch": 1, + "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debianutils@4.9.1", + "libc6@2.31-0ubuntu9.9", + "libconfig-inifiles-perl@3.000002-1", + "libssl1.1@1.1.1f-1ubuntu2.17", + "libstdc++6@10.3.0-1ubuntu1~20.04", + "mariadb-client-core-10.7@1:10.7.8+maria~ubu2004", + "mariadb-common@1:10.7.8+maria~ubu2004", + "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/bin/innotop", + "/usr/bin/mariadb-access", + "/usr/bin/mariadb-admin", + "/usr/bin/mariadb-binlog", + "/usr/bin/mariadb-conv", + "/usr/bin/mariadb-convert-table-format", + "/usr/bin/mariadb-dump", + "/usr/bin/mariadb-dumpslow", + "/usr/bin/mariadb-find-rows", + "/usr/bin/mariadb-fix-extensions", + "/usr/bin/mariadb-hotcopy", + "/usr/bin/mariadb-import", + "/usr/bin/mariadb-plugin", + "/usr/bin/mariadb-report", + "/usr/bin/mariadb-secure-installation", + "/usr/bin/mariadb-setpermission", + "/usr/bin/mariadb-show", + "/usr/bin/mariadb-slap", + "/usr/bin/mariadb-tzinfo-to-sql", + "/usr/bin/mariadb-waitpid", + "/usr/bin/msql2mysql", + "/usr/bin/mytop", + "/usr/bin/perror", + "/usr/bin/replace", + "/usr/bin/resolve_stack_dump", + "/usr/share/doc/mariadb-client-10.7/README.Debian", + "/usr/share/doc/mariadb-client-10.7/README.md", + "/usr/share/doc/mariadb-client-10.7/changelog.gz", + "/usr/share/doc/mariadb-client-10.7/changelog.innotop.gz", + "/usr/share/doc/mariadb-client-10.7/copyright", + "/usr/share/man/man1/innotop.1.gz", + "/usr/share/man/man1/mariadb-conv.1.gz", + "/usr/share/man/man1/mariadb-report.1.gz", + "/usr/share/man/man1/msql2mysql.1.gz", + "/usr/share/man/man1/mysql_convert_table_format.1.gz", + "/usr/share/man/man1/mysql_find_rows.1.gz", + "/usr/share/man/man1/mysql_fix_extensions.1.gz", + "/usr/share/man/man1/mysql_plugin.1.gz", + "/usr/share/man/man1/mysql_secure_installation.1.gz", + "/usr/share/man/man1/mysql_setpermission.1.gz", + "/usr/share/man/man1/mysql_tzinfo_to_sql.1.gz", + "/usr/share/man/man1/mysql_waitpid.1.gz", + "/usr/share/man/man1/mysqlaccess.1.gz", + "/usr/share/man/man1/mysqladmin.1.gz", + "/usr/share/man/man1/mysqlbinlog.1.gz", + "/usr/share/man/man1/mysqldump.1.gz", + "/usr/share/man/man1/mysqldumpslow.1.gz", + "/usr/share/man/man1/mysqlhotcopy.1.gz", + "/usr/share/man/man1/mysqlimport.1.gz", + "/usr/share/man/man1/mysqlshow.1.gz", + "/usr/share/man/man1/mysqlslap.1.gz", + "/usr/share/man/man1/mytop.1.gz", + "/usr/share/man/man1/perror.1.gz", + "/usr/share/man/man1/replace.1.gz", + "/usr/share/man/man1/resolve_stack_dump.1.gz", + "/usr/share/menu/mariadb-client-10.7" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mariadb-client-core-10.7@1:10.7.8+maria~ubu2004", + "Name": "mariadb-client-core-10.7", + "Identifier": { + "PURL": "pkg:deb/ubuntu/mariadb-client-core-10.7@10.7.8%2Bmaria~ubu2004?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "d75d249eff74841" + }, + "Version": "10.7.8+maria~ubu2004", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "mariadb-10.7", + "SrcVersion": "10.7.8+maria~ubu2004", + "SrcEpoch": 1, + "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libmariadb3@1:10.7.8+maria~ubu2004", + "libncurses6@6.2-0ubuntu2", + "libreadline5@5.2+dfsg-3build3", + "libssl1.1@1.1.1f-1ubuntu2.17", + "libstdc++6@10.3.0-1ubuntu1~20.04", + "libtinfo6@6.2-0ubuntu2", + "mariadb-common@1:10.7.8+maria~ubu2004", + "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/bin/mariadb", + "/usr/bin/mariadb-check", + "/usr/bin/my_print_defaults", + "/usr/share/doc/mariadb-client-core-10.7/changelog.gz", + "/usr/share/doc/mariadb-client-core-10.7/copyright", + "/usr/share/man/man1/my_print_defaults.1.gz", + "/usr/share/man/man1/mysql.1.gz", + "/usr/share/man/man1/mysqlcheck.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mariadb-common@1:10.7.8+maria~ubu2004", + "Name": "mariadb-common", + "Identifier": { + "PURL": "pkg:deb/ubuntu/mariadb-common@10.7.8%2Bmaria~ubu2004?arch=all\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "328c7a59af1dc0f8" + }, + "Version": "10.7.8+maria~ubu2004", + "Epoch": 1, + "Arch": "all", + "SrcName": "mariadb-10.7", + "SrcVersion": "10.7.8+maria~ubu2004", + "SrcEpoch": 1, + "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "mysql-common@1:10.7.8+maria~ubu2004" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/share/doc/mariadb-common/changelog.gz", + "/usr/share/doc/mariadb-common/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mariadb-server@1:10.7.8+maria~ubu2004", + "Name": "mariadb-server", + "Identifier": { + "PURL": "pkg:deb/ubuntu/mariadb-server@10.7.8%2Bmaria~ubu2004?arch=all\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "cec014dd99a06d48" + }, + "Version": "10.7.8+maria~ubu2004", + "Epoch": 1, + "Arch": "all", + "SrcName": "mariadb-10.7", + "SrcVersion": "10.7.8+maria~ubu2004", + "SrcEpoch": 1, + "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "mariadb-server-10.7@1:10.7.8+maria~ubu2004" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/share/doc/mariadb-server/changelog.gz", + "/usr/share/doc/mariadb-server/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mariadb-server-10.7@1:10.7.8+maria~ubu2004", + "Name": "mariadb-server-10.7", + "Identifier": { + "PURL": "pkg:deb/ubuntu/mariadb-server-10.7@10.7.8%2Bmaria~ubu2004?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "a0491ccb107eab6a" + }, + "Version": "10.7.8+maria~ubu2004", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "mariadb-10.7", + "SrcVersion": "10.7.8+maria~ubu2004", + "SrcEpoch": 1, + "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.73", + "galera-4@26.4.14-ubu2004", + "gawk@1:5.0.1+dfsg-1", + "iproute2@5.5.0-1ubuntu1", + "libc6@2.31-0ubuntu9.9", + "libdbi-perl@1.643-1ubuntu0.1", + "libpam0g@1.3.1-5ubuntu4.6", + "libssl1.1@1.1.1f-1ubuntu2.17", + "libstdc++6@10.3.0-1ubuntu1~20.04", + "lsb-base@11.1.0ubuntu2", + "lsof@4.93.2+dfsg-1ubuntu0.20.04.1", + "mariadb-client-10.7@1:10.7.8+maria~ubu2004", + "mariadb-server-core-10.7@1:10.7.8+maria~ubu2004", + "passwd@1:4.8.1-1ubuntu5.20.04.4", + "perl@5.30.0-9ubuntu0.3", + "procps@2:3.3.16-1ubuntu2.3", + "psmisc@23.3-1", + "rsync@3.1.3-8ubuntu0.5", + "socat@1.7.3.3-2", + "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/lib/systemd/system/mariadb-extra.socket", + "/lib/systemd/system/mariadb-extra@.socket", + "/lib/systemd/system/mariadb.service", + "/lib/systemd/system/mariadb.socket", + "/lib/systemd/system/mariadb@.service", + "/lib/systemd/system/mariadb@.socket", + "/lib/systemd/system/mariadb@bootstrap.service.d/use_galera_new_cluster.conf", + "/lib/x86_64-linux-gnu/security/pam_user_map.so", + "/usr/bin/aria_chk", + "/usr/bin/aria_dump_log", + "/usr/bin/aria_ftdump", + "/usr/bin/aria_pack", + "/usr/bin/aria_read_log", + "/usr/bin/galera_new_cluster", + "/usr/bin/galera_recovery", + "/usr/bin/mariadb-service-convert", + "/usr/bin/mariadbd-multi", + "/usr/bin/mariadbd-safe", + "/usr/bin/mariadbd-safe-helper", + "/usr/bin/myisam_ftdump", + "/usr/bin/myisamchk", + "/usr/bin/myisamlog", + "/usr/bin/myisampack", + "/usr/bin/wsrep_sst_common", + "/usr/bin/wsrep_sst_mariabackup", + "/usr/bin/wsrep_sst_mysqldump", + "/usr/bin/wsrep_sst_rsync", + "/usr/lib/mysql/plugin/auth_ed25519.so", + "/usr/lib/mysql/plugin/auth_pam.so", + "/usr/lib/mysql/plugin/auth_pam_tool_dir/auth_pam_tool", + "/usr/lib/mysql/plugin/auth_pam_v1.so", + "/usr/lib/mysql/plugin/disks.so", + "/usr/lib/mysql/plugin/file_key_management.so", + "/usr/lib/mysql/plugin/ha_archive.so", + "/usr/lib/mysql/plugin/ha_blackhole.so", + "/usr/lib/mysql/plugin/ha_federated.so", + "/usr/lib/mysql/plugin/ha_federatedx.so", + "/usr/lib/mysql/plugin/ha_sphinx.so", + "/usr/lib/mysql/plugin/handlersocket.so", + "/usr/lib/mysql/plugin/locales.so", + "/usr/lib/mysql/plugin/metadata_lock_info.so", + "/usr/lib/mysql/plugin/password_reuse_check.so", + "/usr/lib/mysql/plugin/query_cache_info.so", + "/usr/lib/mysql/plugin/query_response_time.so", + "/usr/lib/mysql/plugin/server_audit.so", + "/usr/lib/mysql/plugin/simple_password_check.so", + "/usr/lib/mysql/plugin/sql_errlog.so", + "/usr/lib/mysql/plugin/type_mysql_json.so", + "/usr/lib/mysql/plugin/wsrep_info.so", + "/usr/share/apport/package-hooks/source_mariadb-10.7.py", + "/usr/share/doc/mariadb-server-10.7/README.Debian.gz", + "/usr/share/doc/mariadb-server-10.7/changelog.gz", + "/usr/share/doc/mariadb-server-10.7/copyright", + "/usr/share/doc/mariadb-server-10.7/mariadbd.sym.gz", + "/usr/share/man/man1/aria_chk.1.gz", + "/usr/share/man/man1/aria_dump_log.1.gz", + "/usr/share/man/man1/aria_ftdump.1.gz", + "/usr/share/man/man1/aria_pack.1.gz", + "/usr/share/man/man1/aria_read_log.1.gz", + "/usr/share/man/man1/galera_new_cluster.1.gz", + "/usr/share/man/man1/galera_recovery.1.gz", + "/usr/share/man/man1/mariadb-service-convert.1.gz", + "/usr/share/man/man1/myisam_ftdump.1.gz", + "/usr/share/man/man1/myisamchk.1.gz", + "/usr/share/man/man1/myisamlog.1.gz", + "/usr/share/man/man1/myisampack.1.gz", + "/usr/share/man/man1/mysqld_multi.1.gz", + "/usr/share/man/man1/mysqld_safe.1.gz", + "/usr/share/man/man1/mysqld_safe_helper.1.gz", + "/usr/share/man/man1/wsrep_sst_common.1.gz", + "/usr/share/man/man1/wsrep_sst_mariabackup.1.gz", + "/usr/share/man/man1/wsrep_sst_mysqldump.1.gz", + "/usr/share/man/man1/wsrep_sst_rsync.1.gz", + "/usr/share/man/man1/wsrep_sst_rsync_wan.1.gz", + "/usr/share/mysql/debian-start.inc.sh", + "/usr/share/mysql/echo_stderr", + "/usr/share/mysql/errmsg-utf8.txt", + "/usr/share/mysql/wsrep.cnf", + "/usr/share/mysql/wsrep_notify" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mariadb-server-core-10.7@1:10.7.8+maria~ubu2004", + "Name": "mariadb-server-core-10.7", + "Identifier": { + "PURL": "pkg:deb/ubuntu/mariadb-server-core-10.7@10.7.8%2Bmaria~ubu2004?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "919704cfe08b9b7b" + }, + "Version": "10.7.8+maria~ubu2004", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "mariadb-10.7", + "SrcVersion": "10.7.8+maria~ubu2004", + "SrcEpoch": 1, + "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaio1@0.3.112-5", + "libc6@2.31-0ubuntu9.9", + "libcrypt1@1:4.4.10-10ubuntu4", + "libpcre2-8-0@10.34-7ubuntu0.1", + "libpmem1@1.8-1ubuntu1", + "libssl1.1@1.1.1f-1ubuntu2.17", + "libstdc++6@10.3.0-1ubuntu1~20.04", + "libsystemd0@245.4-4ubuntu3.21", + "mariadb-common@1:10.7.8+maria~ubu2004", + "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/bin/innochecksum", + "/usr/bin/mariadb-install-db", + "/usr/bin/mariadb-upgrade", + "/usr/bin/resolveip", + "/usr/sbin/mariadbd", + "/usr/share/doc/mariadb-server-core-10.7/changelog.gz", + "/usr/share/doc/mariadb-server-core-10.7/copyright", + "/usr/share/man/man1/innochecksum.1.gz", + "/usr/share/man/man1/mysql_install_db.1.gz", + "/usr/share/man/man1/mysql_upgrade.1.gz", + "/usr/share/man/man1/resolveip.1.gz", + "/usr/share/man/man8/mysqld.8.gz", + "/usr/share/mysql/bulgarian/errmsg.sys", + "/usr/share/mysql/charsets/Index.xml", + "/usr/share/mysql/charsets/README", + "/usr/share/mysql/charsets/armscii8.xml", + "/usr/share/mysql/charsets/ascii.xml", + "/usr/share/mysql/charsets/cp1250.xml", + "/usr/share/mysql/charsets/cp1251.xml", + "/usr/share/mysql/charsets/cp1256.xml", + "/usr/share/mysql/charsets/cp1257.xml", + "/usr/share/mysql/charsets/cp850.xml", + "/usr/share/mysql/charsets/cp852.xml", + "/usr/share/mysql/charsets/cp866.xml", + "/usr/share/mysql/charsets/dec8.xml", + "/usr/share/mysql/charsets/geostd8.xml", + "/usr/share/mysql/charsets/greek.xml", + "/usr/share/mysql/charsets/hebrew.xml", + "/usr/share/mysql/charsets/hp8.xml", + "/usr/share/mysql/charsets/keybcs2.xml", + "/usr/share/mysql/charsets/koi8r.xml", + "/usr/share/mysql/charsets/koi8u.xml", + "/usr/share/mysql/charsets/latin1.xml", + "/usr/share/mysql/charsets/latin2.xml", + "/usr/share/mysql/charsets/latin5.xml", + "/usr/share/mysql/charsets/latin7.xml", + "/usr/share/mysql/charsets/macce.xml", + "/usr/share/mysql/charsets/macroman.xml", + "/usr/share/mysql/charsets/swe7.xml", + "/usr/share/mysql/chinese/errmsg.sys", + "/usr/share/mysql/czech/errmsg.sys", + "/usr/share/mysql/danish/errmsg.sys", + "/usr/share/mysql/dutch/errmsg.sys", + "/usr/share/mysql/english/errmsg.sys", + "/usr/share/mysql/estonian/errmsg.sys", + "/usr/share/mysql/fill_help_tables.sql", + "/usr/share/mysql/french/errmsg.sys", + "/usr/share/mysql/german/errmsg.sys", + "/usr/share/mysql/greek/errmsg.sys", + "/usr/share/mysql/hindi/errmsg.sys", + "/usr/share/mysql/hungarian/errmsg.sys", + "/usr/share/mysql/italian/errmsg.sys", + "/usr/share/mysql/japanese/errmsg.sys", + "/usr/share/mysql/korean/errmsg.sys", + "/usr/share/mysql/maria_add_gis_sp_bootstrap.sql", + "/usr/share/mysql/mysql_performance_tables.sql", + "/usr/share/mysql/mysql_sys_schema.sql", + "/usr/share/mysql/mysql_system_tables.sql", + "/usr/share/mysql/mysql_system_tables_data.sql", + "/usr/share/mysql/mysql_test_data_timezone.sql", + "/usr/share/mysql/mysql_test_db.sql", + "/usr/share/mysql/norwegian-ny/errmsg.sys", + "/usr/share/mysql/norwegian/errmsg.sys", + "/usr/share/mysql/polish/errmsg.sys", + "/usr/share/mysql/portuguese/errmsg.sys", + "/usr/share/mysql/romanian/errmsg.sys", + "/usr/share/mysql/russian/errmsg.sys", + "/usr/share/mysql/serbian/errmsg.sys", + "/usr/share/mysql/slovak/errmsg.sys", + "/usr/share/mysql/spanish/errmsg.sys", + "/usr/share/mysql/swedish/errmsg.sys", + "/usr/share/mysql/ukrainian/errmsg.sys" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mawk@1.3.4.20200120-2", + "Name": "mawk", + "Identifier": { + "PURL": "pkg:deb/ubuntu/mawk@1.3.4.20200120-2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "7247efd69179ae3d" + }, + "Version": "1.3.4.20200120", + "Release": "2", + "Arch": "amd64", + "SrcName": "mawk", + "SrcVersion": "1.3.4.20200120", + "SrcRelease": "2", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/bin/mawk", + "/usr/share/doc/mawk/ACKNOWLEDGMENT", + "/usr/share/doc/mawk/README", + "/usr/share/doc/mawk/changelog.Debian.gz", + "/usr/share/doc/mawk/copyright", + "/usr/share/doc/mawk/examples/ct_length.awk", + "/usr/share/doc/mawk/examples/decl.awk", + "/usr/share/doc/mawk/examples/deps.awk", + "/usr/share/doc/mawk/examples/eatc.awk", + "/usr/share/doc/mawk/examples/gdecl.awk", + "/usr/share/doc/mawk/examples/hcal", + "/usr/share/doc/mawk/examples/hical", + "/usr/share/doc/mawk/examples/nocomment.awk", + "/usr/share/doc/mawk/examples/primes.awk", + "/usr/share/doc/mawk/examples/qsort.awk", + "/usr/share/man/man1/mawk.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mount@2.34-0.1ubuntu9.3", + "Name": "mount", + "Identifier": { + "PURL": "pkg:deb/ubuntu/mount@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "5dec57b54f278111" + }, + "Version": "2.34", + "Release": "0.1ubuntu9.3", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.34", + "SrcRelease": "0.1ubuntu9.3", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "public-domain", + "BSD-4-Clause", + "MIT", + "BSD-2-Clause", + "BSD-3-Clause", + "LGPL-2.0-or-later", + "LGPL-2.1-or-later", + "GPL-3.0-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "util-linux@2.34-0.1ubuntu9.3" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/bin/mount", + "/bin/umount", + "/sbin/losetup", + "/sbin/swapoff", + "/sbin/swapon", + "/usr/share/bash-completion/completions/losetup", + "/usr/share/bash-completion/completions/mount", + "/usr/share/bash-completion/completions/swapoff", + "/usr/share/bash-completion/completions/swapon", + "/usr/share/bash-completion/completions/umount", + "/usr/share/doc/mount/NEWS.Debian.gz", + "/usr/share/doc/mount/copyright", + "/usr/share/doc/mount/examples/mount.fstab", + "/usr/share/lintian/overrides/mount", + "/usr/share/man/man5/fstab.5.gz", + "/usr/share/man/man8/losetup.8.gz", + "/usr/share/man/man8/mount.8.gz", + "/usr/share/man/man8/swapon.8.gz", + "/usr/share/man/man8/umount.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mysql-common@1:10.7.8+maria~ubu2004", + "Name": "mysql-common", + "Identifier": { + "PURL": "pkg:deb/ubuntu/mysql-common@10.7.8%2Bmaria~ubu2004?arch=all\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "7a316d77b6050a6b" + }, + "Version": "10.7.8+maria~ubu2004", + "Epoch": 1, + "Arch": "all", + "SrcName": "mariadb-10.7", + "SrcVersion": "10.7.8+maria~ubu2004", + "SrcEpoch": 1, + "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/share/doc/mysql-common/changelog.gz", + "/usr/share/doc/mysql-common/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "ncurses-base@6.2-0ubuntu2", + "Name": "ncurses-base", + "Identifier": { + "PURL": "pkg:deb/ubuntu/ncurses-base@6.2-0ubuntu2?arch=all\u0026distro=ubuntu-20.04", + "UID": "11c3ebabbf3b213f" + }, + "Version": "6.2", + "Release": "0ubuntu2", + "Arch": "all", + "SrcName": "ncurses", + "SrcVersion": "6.2", + "SrcRelease": "0ubuntu2", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/terminfo/E/Eterm", + "/lib/terminfo/a/ansi", + "/lib/terminfo/c/cons25", + "/lib/terminfo/c/cons25-debian", + "/lib/terminfo/c/cygwin", + "/lib/terminfo/d/dumb", + "/lib/terminfo/h/hurd", + "/lib/terminfo/l/linux", + "/lib/terminfo/m/mach", + "/lib/terminfo/m/mach-bold", + "/lib/terminfo/m/mach-color", + "/lib/terminfo/m/mach-gnu", + "/lib/terminfo/m/mach-gnu-color", + "/lib/terminfo/p/pcansi", + "/lib/terminfo/r/rxvt", + "/lib/terminfo/r/rxvt-basic", + "/lib/terminfo/r/rxvt-unicode", + "/lib/terminfo/r/rxvt-unicode-256color", + "/lib/terminfo/s/screen", + "/lib/terminfo/s/screen-256color", + "/lib/terminfo/s/screen-256color-bce", + "/lib/terminfo/s/screen-bce", + "/lib/terminfo/s/screen-s", + "/lib/terminfo/s/screen-w", + "/lib/terminfo/s/screen.xterm-256color", + "/lib/terminfo/s/sun", + "/lib/terminfo/t/tmux", + "/lib/terminfo/t/tmux-256color", + "/lib/terminfo/v/vt100", + "/lib/terminfo/v/vt102", + "/lib/terminfo/v/vt220", + "/lib/terminfo/v/vt52", + "/lib/terminfo/w/wsvt25", + "/lib/terminfo/w/wsvt25m", + "/lib/terminfo/x/xterm", + "/lib/terminfo/x/xterm-256color", + "/lib/terminfo/x/xterm-color", + "/lib/terminfo/x/xterm-mono", + "/lib/terminfo/x/xterm-r5", + "/lib/terminfo/x/xterm-r6", + "/lib/terminfo/x/xterm-vt220", + "/lib/terminfo/x/xterm-xfree86", + "/usr/share/doc/ncurses-base/changelog.Debian.gz", + "/usr/share/doc/ncurses-base/copyright", + "/usr/share/lintian/overrides/ncurses-base", + "/usr/share/tabset/std", + "/usr/share/tabset/stdcrt", + "/usr/share/tabset/vt100", + "/usr/share/tabset/vt300" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "ncurses-bin@6.2-0ubuntu2", + "Name": "ncurses-bin", + "Identifier": { + "PURL": "pkg:deb/ubuntu/ncurses-bin@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "f840bf3c896244a7" + }, + "Version": "6.2", + "Release": "0ubuntu2", + "Arch": "amd64", + "SrcName": "ncurses", + "SrcVersion": "6.2", + "SrcRelease": "0ubuntu2", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/bin/clear", + "/usr/bin/infocmp", + "/usr/bin/tabs", + "/usr/bin/tic", + "/usr/bin/toe", + "/usr/bin/tput", + "/usr/bin/tset", + "/usr/share/doc/ncurses-bin/copyright", + "/usr/share/man/man1/captoinfo.1.gz", + "/usr/share/man/man1/clear.1.gz", + "/usr/share/man/man1/infocmp.1.gz", + "/usr/share/man/man1/infotocap.1.gz", + "/usr/share/man/man1/tabs.1.gz", + "/usr/share/man/man1/tic.1.gz", + "/usr/share/man/man1/toe.1.gz", + "/usr/share/man/man1/tput.1.gz", + "/usr/share/man/man1/tset.1.gz", + "/usr/share/man/man5/scr_dump.5.gz", + "/usr/share/man/man5/term.5.gz", + "/usr/share/man/man5/terminfo.5.gz", + "/usr/share/man/man5/user_caps.5.gz", + "/usr/share/man/man7/term.7.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "openssl@1.1.1f-1ubuntu2.17", + "Name": "openssl", + "Identifier": { + "PURL": "pkg:deb/ubuntu/openssl@1.1.1f-1ubuntu2.17?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "d05522de581addaf" + }, + "Version": "1.1.1f", + "Release": "1ubuntu2.17", + "Arch": "amd64", + "SrcName": "openssl", + "SrcVersion": "1.1.1f", + "SrcRelease": "1ubuntu2.17", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libssl1.1@1.1.1f-1ubuntu2.17" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "InstalledFiles": [ + "/usr/bin/c_rehash", + "/usr/bin/openssl", + "/usr/lib/ssl/misc/CA.pl", + "/usr/lib/ssl/misc/tsget.pl", + "/usr/share/doc/openssl/FAQ", + "/usr/share/doc/openssl/HOWTO/certificates.txt.gz", + "/usr/share/doc/openssl/HOWTO/keys.txt", + "/usr/share/doc/openssl/NEWS.Debian.gz", + "/usr/share/doc/openssl/NEWS.gz", + "/usr/share/doc/openssl/README", + "/usr/share/doc/openssl/README.Debian", + "/usr/share/doc/openssl/README.ENGINE.gz", + "/usr/share/doc/openssl/README.optimization", + "/usr/share/doc/openssl/fingerprints.txt", + "/usr/share/lintian/overrides/openssl", + "/usr/share/man/man1/CA.pl.1ssl.gz", + "/usr/share/man/man1/asn1parse.1ssl.gz", + "/usr/share/man/man1/ca.1ssl.gz", + "/usr/share/man/man1/ciphers.1ssl.gz", + "/usr/share/man/man1/cms.1ssl.gz", + "/usr/share/man/man1/crl.1ssl.gz", + "/usr/share/man/man1/crl2pkcs7.1ssl.gz", + "/usr/share/man/man1/dgst.1ssl.gz", + "/usr/share/man/man1/dhparam.1ssl.gz", + "/usr/share/man/man1/dsa.1ssl.gz", + "/usr/share/man/man1/dsaparam.1ssl.gz", + "/usr/share/man/man1/ec.1ssl.gz", + "/usr/share/man/man1/ecparam.1ssl.gz", + "/usr/share/man/man1/enc.1ssl.gz", + "/usr/share/man/man1/engine.1ssl.gz", + "/usr/share/man/man1/errstr.1ssl.gz", + "/usr/share/man/man1/gendsa.1ssl.gz", + "/usr/share/man/man1/genpkey.1ssl.gz", + "/usr/share/man/man1/genrsa.1ssl.gz", + "/usr/share/man/man1/list.1ssl.gz", + "/usr/share/man/man1/nseq.1ssl.gz", + "/usr/share/man/man1/ocsp.1ssl.gz", + "/usr/share/man/man1/openssl.1ssl.gz", + "/usr/share/man/man1/passwd.1ssl.gz", + "/usr/share/man/man1/pkcs12.1ssl.gz", + "/usr/share/man/man1/pkcs7.1ssl.gz", + "/usr/share/man/man1/pkcs8.1ssl.gz", + "/usr/share/man/man1/pkey.1ssl.gz", + "/usr/share/man/man1/pkeyparam.1ssl.gz", + "/usr/share/man/man1/pkeyutl.1ssl.gz", + "/usr/share/man/man1/prime.1ssl.gz", + "/usr/share/man/man1/rand.1ssl.gz", + "/usr/share/man/man1/rehash.1ssl.gz", + "/usr/share/man/man1/req.1ssl.gz", + "/usr/share/man/man1/rsa.1ssl.gz", + "/usr/share/man/man1/rsautl.1ssl.gz", + "/usr/share/man/man1/s_client.1ssl.gz", + "/usr/share/man/man1/s_server.1ssl.gz", + "/usr/share/man/man1/s_time.1ssl.gz", + "/usr/share/man/man1/sess_id.1ssl.gz", + "/usr/share/man/man1/smime.1ssl.gz", + "/usr/share/man/man1/speed.1ssl.gz", + "/usr/share/man/man1/spkac.1ssl.gz", + "/usr/share/man/man1/srp.1ssl.gz", + "/usr/share/man/man1/storeutl.1ssl.gz", + "/usr/share/man/man1/ts.1ssl.gz", + "/usr/share/man/man1/tsget.1ssl.gz", + "/usr/share/man/man1/verify.1ssl.gz", + "/usr/share/man/man1/version.1ssl.gz", + "/usr/share/man/man1/x509.1ssl.gz", + "/usr/share/man/man5/config.5ssl.gz", + "/usr/share/man/man5/x509v3_config.5ssl.gz", + "/usr/share/man/man7/Ed25519.7ssl.gz", + "/usr/share/man/man7/RAND.7ssl.gz", + "/usr/share/man/man7/RAND_DRBG.7ssl.gz", + "/usr/share/man/man7/RSA-PSS.7ssl.gz", + "/usr/share/man/man7/SM2.7ssl.gz", + "/usr/share/man/man7/X25519.7ssl.gz", + "/usr/share/man/man7/bio.7ssl.gz", + "/usr/share/man/man7/crypto.7ssl.gz", + "/usr/share/man/man7/ct.7ssl.gz", + "/usr/share/man/man7/des_modes.7ssl.gz", + "/usr/share/man/man7/evp.7ssl.gz", + "/usr/share/man/man7/ossl_store-file.7ssl.gz", + "/usr/share/man/man7/ossl_store.7ssl.gz", + "/usr/share/man/man7/passphrase-encoding.7ssl.gz", + "/usr/share/man/man7/proxy-certificates.7ssl.gz", + "/usr/share/man/man7/scrypt.7ssl.gz", + "/usr/share/man/man7/ssl.7ssl.gz", + "/usr/share/man/man7/x509.7ssl.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "passwd@1:4.8.1-1ubuntu5.20.04.4", + "Name": "passwd", + "Identifier": { + "PURL": "pkg:deb/ubuntu/passwd@4.8.1-1ubuntu5.20.04.4?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "d3a91d4da26b7b0b" + }, + "Version": "4.8.1", + "Release": "1ubuntu5.20.04.4", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "shadow", + "SrcVersion": "4.8.1", + "SrcRelease": "1ubuntu5.20.04.4", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit1@1:2.8.5-2ubuntu6", + "libc6@2.31-0ubuntu9.9", + "libcrypt1@1:4.4.10-10ubuntu4", + "libpam-modules@1.3.1-5ubuntu4.6", + "libpam0g@1.3.1-5ubuntu4.6", + "libselinux1@3.0-1build2", + "libsemanage1@3.0-1build2" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/sbin/shadowconfig", + "/usr/bin/chage", + "/usr/bin/chfn", + "/usr/bin/chsh", + "/usr/bin/expiry", + "/usr/bin/gpasswd", + "/usr/bin/passwd", + "/usr/lib/tmpfiles.d/passwd.conf", + "/usr/sbin/chgpasswd", + "/usr/sbin/chpasswd", + "/usr/sbin/cppw", + "/usr/sbin/groupadd", + "/usr/sbin/groupdel", + "/usr/sbin/groupmems", + "/usr/sbin/groupmod", + "/usr/sbin/grpck", + "/usr/sbin/grpconv", + "/usr/sbin/grpunconv", + "/usr/sbin/newusers", + "/usr/sbin/pwck", + "/usr/sbin/pwconv", + "/usr/sbin/pwunconv", + "/usr/sbin/useradd", + "/usr/sbin/userdel", + "/usr/sbin/usermod", + "/usr/sbin/vipw", + "/usr/share/doc/passwd/NEWS.Debian.gz", + "/usr/share/doc/passwd/README.Debian", + "/usr/share/doc/passwd/TODO.Debian", + "/usr/share/doc/passwd/changelog.Debian.gz", + "/usr/share/doc/passwd/copyright", + "/usr/share/doc/passwd/examples/passwd.expire.cron", + "/usr/share/lintian/overrides/passwd", + "/usr/share/man/cs/man1/expiry.1.gz", + "/usr/share/man/cs/man1/gpasswd.1.gz", + "/usr/share/man/cs/man5/gshadow.5.gz", + "/usr/share/man/cs/man5/passwd.5.gz", + "/usr/share/man/cs/man5/shadow.5.gz", + "/usr/share/man/cs/man8/groupadd.8.gz", + "/usr/share/man/cs/man8/groupdel.8.gz", + "/usr/share/man/cs/man8/groupmod.8.gz", + "/usr/share/man/cs/man8/grpck.8.gz", + "/usr/share/man/cs/man8/vipw.8.gz", + "/usr/share/man/da/man1/chfn.1.gz", + "/usr/share/man/da/man5/gshadow.5.gz", + "/usr/share/man/da/man8/groupdel.8.gz", + "/usr/share/man/da/man8/vipw.8.gz", + "/usr/share/man/de/man1/chage.1.gz", + "/usr/share/man/de/man1/chfn.1.gz", + "/usr/share/man/de/man1/chsh.1.gz", + "/usr/share/man/de/man1/expiry.1.gz", + "/usr/share/man/de/man1/gpasswd.1.gz", + "/usr/share/man/de/man1/passwd.1.gz", + "/usr/share/man/de/man5/gshadow.5.gz", + "/usr/share/man/de/man5/passwd.5.gz", + "/usr/share/man/de/man5/shadow.5.gz", + "/usr/share/man/de/man8/chpasswd.8.gz", + "/usr/share/man/de/man8/groupadd.8.gz", + "/usr/share/man/de/man8/groupdel.8.gz", + "/usr/share/man/de/man8/groupmems.8.gz", + "/usr/share/man/de/man8/groupmod.8.gz", + "/usr/share/man/de/man8/grpck.8.gz", + "/usr/share/man/de/man8/newusers.8.gz", + "/usr/share/man/de/man8/pwck.8.gz", + "/usr/share/man/de/man8/pwconv.8.gz", + "/usr/share/man/de/man8/useradd.8.gz", + "/usr/share/man/de/man8/userdel.8.gz", + "/usr/share/man/de/man8/usermod.8.gz", + "/usr/share/man/de/man8/vipw.8.gz", + "/usr/share/man/fi/man1/chfn.1.gz", + "/usr/share/man/fi/man1/chsh.1.gz", + "/usr/share/man/fr/man1/chage.1.gz", + "/usr/share/man/fr/man1/chfn.1.gz", + "/usr/share/man/fr/man1/chsh.1.gz", + "/usr/share/man/fr/man1/expiry.1.gz", + "/usr/share/man/fr/man1/gpasswd.1.gz", + "/usr/share/man/fr/man1/passwd.1.gz", + "/usr/share/man/fr/man5/gshadow.5.gz", + "/usr/share/man/fr/man5/passwd.5.gz", + "/usr/share/man/fr/man5/shadow.5.gz", + "/usr/share/man/fr/man8/chpasswd.8.gz", + "/usr/share/man/fr/man8/groupadd.8.gz", + "/usr/share/man/fr/man8/groupdel.8.gz", + "/usr/share/man/fr/man8/groupmems.8.gz", + "/usr/share/man/fr/man8/groupmod.8.gz", + "/usr/share/man/fr/man8/grpck.8.gz", + "/usr/share/man/fr/man8/newusers.8.gz", + "/usr/share/man/fr/man8/pwck.8.gz", + "/usr/share/man/fr/man8/pwconv.8.gz", + "/usr/share/man/fr/man8/useradd.8.gz", + "/usr/share/man/fr/man8/userdel.8.gz", + "/usr/share/man/fr/man8/usermod.8.gz", + "/usr/share/man/fr/man8/vipw.8.gz", + "/usr/share/man/hu/man1/chsh.1.gz", + "/usr/share/man/hu/man1/gpasswd.1.gz", + "/usr/share/man/hu/man1/passwd.1.gz", + "/usr/share/man/hu/man5/passwd.5.gz", + "/usr/share/man/id/man1/chsh.1.gz", + "/usr/share/man/id/man8/useradd.8.gz", + "/usr/share/man/it/man1/chage.1.gz", + "/usr/share/man/it/man1/chfn.1.gz", + "/usr/share/man/it/man1/chsh.1.gz", + "/usr/share/man/it/man1/expiry.1.gz", + "/usr/share/man/it/man1/gpasswd.1.gz", + "/usr/share/man/it/man1/passwd.1.gz", + "/usr/share/man/it/man5/gshadow.5.gz", + "/usr/share/man/it/man5/passwd.5.gz", + "/usr/share/man/it/man5/shadow.5.gz", + "/usr/share/man/it/man8/chpasswd.8.gz", + "/usr/share/man/it/man8/groupadd.8.gz", + "/usr/share/man/it/man8/groupdel.8.gz", + "/usr/share/man/it/man8/groupmems.8.gz", + "/usr/share/man/it/man8/groupmod.8.gz", + "/usr/share/man/it/man8/grpck.8.gz", + "/usr/share/man/it/man8/newusers.8.gz", + "/usr/share/man/it/man8/pwck.8.gz", + "/usr/share/man/it/man8/pwconv.8.gz", + "/usr/share/man/it/man8/useradd.8.gz", + "/usr/share/man/it/man8/userdel.8.gz", + "/usr/share/man/it/man8/usermod.8.gz", + "/usr/share/man/it/man8/vipw.8.gz", + "/usr/share/man/ja/man1/chage.1.gz", + "/usr/share/man/ja/man1/chfn.1.gz", + "/usr/share/man/ja/man1/chsh.1.gz", + "/usr/share/man/ja/man1/expiry.1.gz", + "/usr/share/man/ja/man1/gpasswd.1.gz", + "/usr/share/man/ja/man1/passwd.1.gz", + "/usr/share/man/ja/man5/passwd.5.gz", + "/usr/share/man/ja/man5/shadow.5.gz", + "/usr/share/man/ja/man8/chpasswd.8.gz", + "/usr/share/man/ja/man8/groupadd.8.gz", + "/usr/share/man/ja/man8/groupdel.8.gz", + "/usr/share/man/ja/man8/groupmod.8.gz", + "/usr/share/man/ja/man8/grpck.8.gz", + "/usr/share/man/ja/man8/newusers.8.gz", + "/usr/share/man/ja/man8/pwck.8.gz", + "/usr/share/man/ja/man8/pwconv.8.gz", + "/usr/share/man/ja/man8/useradd.8.gz", + "/usr/share/man/ja/man8/userdel.8.gz", + "/usr/share/man/ja/man8/usermod.8.gz", + "/usr/share/man/ja/man8/vipw.8.gz", + "/usr/share/man/ko/man1/chfn.1.gz", + "/usr/share/man/ko/man1/chsh.1.gz", + "/usr/share/man/ko/man5/passwd.5.gz", + "/usr/share/man/ko/man8/vipw.8.gz", + "/usr/share/man/man1/chage.1.gz", + "/usr/share/man/man1/chfn.1.gz", + "/usr/share/man/man1/chsh.1.gz", + "/usr/share/man/man1/expiry.1.gz", + "/usr/share/man/man1/gpasswd.1.gz", + "/usr/share/man/man1/passwd.1.gz", + "/usr/share/man/man5/gshadow.5.gz", + "/usr/share/man/man5/passwd.5.gz", + "/usr/share/man/man5/shadow.5.gz", + "/usr/share/man/man5/subgid.5.gz", + "/usr/share/man/man5/subuid.5.gz", + "/usr/share/man/man8/chgpasswd.8.gz", + "/usr/share/man/man8/chpasswd.8.gz", + "/usr/share/man/man8/cppw.8.gz", + "/usr/share/man/man8/groupadd.8.gz", + "/usr/share/man/man8/groupdel.8.gz", + "/usr/share/man/man8/groupmems.8.gz", + "/usr/share/man/man8/groupmod.8.gz", + "/usr/share/man/man8/grpck.8.gz", + "/usr/share/man/man8/newusers.8.gz", + "/usr/share/man/man8/pwck.8.gz", + "/usr/share/man/man8/pwconv.8.gz", + "/usr/share/man/man8/useradd.8.gz", + "/usr/share/man/man8/userdel.8.gz", + "/usr/share/man/man8/usermod.8.gz", + "/usr/share/man/man8/vipw.8.gz", + "/usr/share/man/pl/man1/chage.1.gz", + "/usr/share/man/pl/man1/chsh.1.gz", + "/usr/share/man/pl/man1/expiry.1.gz", + "/usr/share/man/pl/man8/groupadd.8.gz", + "/usr/share/man/pl/man8/groupdel.8.gz", + "/usr/share/man/pl/man8/groupmems.8.gz", + "/usr/share/man/pl/man8/groupmod.8.gz", + "/usr/share/man/pl/man8/grpck.8.gz", + "/usr/share/man/pl/man8/userdel.8.gz", + "/usr/share/man/pl/man8/usermod.8.gz", + "/usr/share/man/pl/man8/vipw.8.gz", + "/usr/share/man/pt_BR/man1/gpasswd.1.gz", + "/usr/share/man/pt_BR/man5/passwd.5.gz", + "/usr/share/man/pt_BR/man5/shadow.5.gz", + "/usr/share/man/pt_BR/man8/groupadd.8.gz", + "/usr/share/man/pt_BR/man8/groupdel.8.gz", + "/usr/share/man/pt_BR/man8/groupmod.8.gz", + "/usr/share/man/ru/man1/chage.1.gz", + "/usr/share/man/ru/man1/chfn.1.gz", + "/usr/share/man/ru/man1/chsh.1.gz", + "/usr/share/man/ru/man1/expiry.1.gz", + "/usr/share/man/ru/man1/gpasswd.1.gz", + "/usr/share/man/ru/man1/passwd.1.gz", + "/usr/share/man/ru/man5/gshadow.5.gz", + "/usr/share/man/ru/man5/passwd.5.gz", + "/usr/share/man/ru/man5/shadow.5.gz", + "/usr/share/man/ru/man8/chpasswd.8.gz", + "/usr/share/man/ru/man8/groupadd.8.gz", + "/usr/share/man/ru/man8/groupdel.8.gz", + "/usr/share/man/ru/man8/groupmems.8.gz", + "/usr/share/man/ru/man8/groupmod.8.gz", + "/usr/share/man/ru/man8/grpck.8.gz", + "/usr/share/man/ru/man8/newusers.8.gz", + "/usr/share/man/ru/man8/pwck.8.gz", + "/usr/share/man/ru/man8/pwconv.8.gz", + "/usr/share/man/ru/man8/useradd.8.gz", + "/usr/share/man/ru/man8/userdel.8.gz", + "/usr/share/man/ru/man8/usermod.8.gz", + "/usr/share/man/ru/man8/vipw.8.gz", + "/usr/share/man/sv/man1/chage.1.gz", + "/usr/share/man/sv/man1/chsh.1.gz", + "/usr/share/man/sv/man1/expiry.1.gz", + "/usr/share/man/sv/man1/passwd.1.gz", + "/usr/share/man/sv/man5/gshadow.5.gz", + "/usr/share/man/sv/man5/passwd.5.gz", + "/usr/share/man/sv/man8/groupadd.8.gz", + "/usr/share/man/sv/man8/groupdel.8.gz", + "/usr/share/man/sv/man8/groupmems.8.gz", + "/usr/share/man/sv/man8/groupmod.8.gz", + "/usr/share/man/sv/man8/grpck.8.gz", + "/usr/share/man/sv/man8/pwck.8.gz", + "/usr/share/man/sv/man8/userdel.8.gz", + "/usr/share/man/sv/man8/vipw.8.gz", + "/usr/share/man/tr/man1/chage.1.gz", + "/usr/share/man/tr/man1/chfn.1.gz", + "/usr/share/man/tr/man1/passwd.1.gz", + "/usr/share/man/tr/man5/passwd.5.gz", + "/usr/share/man/tr/man5/shadow.5.gz", + "/usr/share/man/tr/man8/groupadd.8.gz", + "/usr/share/man/tr/man8/groupdel.8.gz", + "/usr/share/man/tr/man8/groupmod.8.gz", + "/usr/share/man/tr/man8/useradd.8.gz", + "/usr/share/man/tr/man8/userdel.8.gz", + "/usr/share/man/tr/man8/usermod.8.gz", + "/usr/share/man/zh_CN/man1/chage.1.gz", + "/usr/share/man/zh_CN/man1/chfn.1.gz", + "/usr/share/man/zh_CN/man1/chsh.1.gz", + "/usr/share/man/zh_CN/man1/expiry.1.gz", + "/usr/share/man/zh_CN/man1/gpasswd.1.gz", + "/usr/share/man/zh_CN/man1/passwd.1.gz", + "/usr/share/man/zh_CN/man5/gshadow.5.gz", + "/usr/share/man/zh_CN/man5/passwd.5.gz", + "/usr/share/man/zh_CN/man5/shadow.5.gz", + "/usr/share/man/zh_CN/man8/chpasswd.8.gz", + "/usr/share/man/zh_CN/man8/groupadd.8.gz", + "/usr/share/man/zh_CN/man8/groupdel.8.gz", + "/usr/share/man/zh_CN/man8/groupmems.8.gz", + "/usr/share/man/zh_CN/man8/groupmod.8.gz", + "/usr/share/man/zh_CN/man8/grpck.8.gz", + "/usr/share/man/zh_CN/man8/newusers.8.gz", + "/usr/share/man/zh_CN/man8/pwck.8.gz", + "/usr/share/man/zh_CN/man8/pwconv.8.gz", + "/usr/share/man/zh_CN/man8/useradd.8.gz", + "/usr/share/man/zh_CN/man8/userdel.8.gz", + "/usr/share/man/zh_CN/man8/usermod.8.gz", + "/usr/share/man/zh_CN/man8/vipw.8.gz", + "/usr/share/man/zh_TW/man1/chfn.1.gz", + "/usr/share/man/zh_TW/man1/chsh.1.gz", + "/usr/share/man/zh_TW/man5/passwd.5.gz", + "/usr/share/man/zh_TW/man8/chpasswd.8.gz", + "/usr/share/man/zh_TW/man8/groupadd.8.gz", + "/usr/share/man/zh_TW/man8/groupdel.8.gz", + "/usr/share/man/zh_TW/man8/groupmod.8.gz", + "/usr/share/man/zh_TW/man8/useradd.8.gz", + "/usr/share/man/zh_TW/man8/userdel.8.gz", + "/usr/share/man/zh_TW/man8/usermod.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "perl@5.30.0-9ubuntu0.3", + "Name": "perl", + "Identifier": { + "PURL": "pkg:deb/ubuntu/perl@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e4ac000ef35e9648" + }, + "Version": "5.30.0", + "Release": "9ubuntu0.3", + "Arch": "amd64", + "SrcName": "perl", + "SrcVersion": "5.30.0", + "SrcRelease": "9ubuntu0.3", + "Licenses": [ + "GPL-1.0-or-later", + "Artistic-2.0", + "MIT", + "REGCOMP", + "GPL-2.0-with-bison-exception+", + "Unicode", + "BZIP", + "Zlib", + "GPL-2.0-or-later", + "RRA-KEEP-THIS-NOTICE", + "BSD-3-clause-with-weird-numbering", + "CC0-1.0", + "TEXT-TABS", + "BSD-4-clause-POWERDOG", + "BSD-3-clause-GENERIC", + "BSD-3-Clause", + "SDBM-PUBLIC-DOMAIN", + "DONT-CHANGE-THE-GPL", + "Artistic-dist", + "LGPL-2.1-only", + "GPL-1.0-only", + "GPL-2.0-only", + "Artistic-2", + "HSIEH-DERIVATIVE", + "HSIEH-BSD" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libperl5.30@5.30.0-9ubuntu0.3", + "perl-base@5.30.0-9ubuntu0.3", + "perl-modules-5.30@5.30.0-9ubuntu0.3" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/bin/corelist", + "/usr/bin/cpan", + "/usr/bin/enc2xs", + "/usr/bin/encguess", + "/usr/bin/h2ph", + "/usr/bin/h2xs", + "/usr/bin/instmodsh", + "/usr/bin/json_pp", + "/usr/bin/libnetcfg", + "/usr/bin/perlbug", + "/usr/bin/perldoc", + "/usr/bin/perlivp", + "/usr/bin/perlthanks", + "/usr/bin/piconv", + "/usr/bin/pl2pm", + "/usr/bin/pod2html", + "/usr/bin/pod2man", + "/usr/bin/pod2text", + "/usr/bin/pod2usage", + "/usr/bin/podchecker", + "/usr/bin/podselect", + "/usr/bin/prove", + "/usr/bin/ptar", + "/usr/bin/ptardiff", + "/usr/bin/ptargrep", + "/usr/bin/shasum", + "/usr/bin/splain", + "/usr/bin/xsubpp", + "/usr/bin/zipdetails", + "/usr/share/doc/perl/README.Debian", + "/usr/share/doc/perl/copyright", + "/usr/share/lintian/overrides/perl", + "/usr/share/man/man1/corelist.1.gz", + "/usr/share/man/man1/cpan.1.gz", + "/usr/share/man/man1/enc2xs.1.gz", + "/usr/share/man/man1/encguess.1.gz", + "/usr/share/man/man1/h2ph.1.gz", + "/usr/share/man/man1/h2xs.1.gz", + "/usr/share/man/man1/instmodsh.1.gz", + "/usr/share/man/man1/json_pp.1.gz", + "/usr/share/man/man1/libnetcfg.1.gz", + "/usr/share/man/man1/perlbug.1.gz", + "/usr/share/man/man1/perlivp.1.gz", + "/usr/share/man/man1/piconv.1.gz", + "/usr/share/man/man1/pl2pm.1.gz", + "/usr/share/man/man1/pod2html.1.gz", + "/usr/share/man/man1/pod2man.1.gz", + "/usr/share/man/man1/pod2text.1.gz", + "/usr/share/man/man1/pod2usage.1.gz", + "/usr/share/man/man1/podchecker.1.gz", + "/usr/share/man/man1/podselect.1.gz", + "/usr/share/man/man1/prove.1.gz", + "/usr/share/man/man1/ptar.1.gz", + "/usr/share/man/man1/ptardiff.1.gz", + "/usr/share/man/man1/ptargrep.1.gz", + "/usr/share/man/man1/shasum.1.gz", + "/usr/share/man/man1/splain.1.gz", + "/usr/share/man/man1/xsubpp.1.gz", + "/usr/share/man/man1/zipdetails.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "perl-base@5.30.0-9ubuntu0.3", + "Name": "perl-base", + "Identifier": { + "PURL": "pkg:deb/ubuntu/perl-base@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "2289117557075356" + }, + "Version": "5.30.0", + "Release": "9ubuntu0.3", + "Arch": "amd64", + "SrcName": "perl", + "SrcVersion": "5.30.0", + "SrcRelease": "9ubuntu0.3", + "Licenses": [ + "GPL-1.0-or-later", + "Artistic-2.0", + "MIT", + "REGCOMP", + "GPL-2.0-with-bison-exception+", + "Unicode", + "BZIP", + "Zlib", + "GPL-2.0-or-later", + "RRA-KEEP-THIS-NOTICE", + "BSD-3-clause-with-weird-numbering", + "CC0-1.0", + "TEXT-TABS", + "BSD-4-clause-POWERDOG", + "BSD-3-clause-GENERIC", + "BSD-3-Clause", + "SDBM-PUBLIC-DOMAIN", + "DONT-CHANGE-THE-GPL", + "Artistic-dist", + "LGPL-2.1-only", + "GPL-1.0-only", + "GPL-2.0-only", + "Artistic-2", + "HSIEH-DERIVATIVE", + "HSIEH-BSD" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/bin/perl", + "/usr/bin/perl5.30.0", + "/usr/lib/x86_64-linux-gnu/perl-base/AutoLoader.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Carp.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Carp/Heavy.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Config.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Config_git.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/Config_heavy.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/Cwd.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/DynaLoader.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Errno.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Exporter.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Exporter/Heavy.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Fcntl.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Basename.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Glob.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Path.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec/Unix.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Temp.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/FileHandle.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Getopt/Long.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Hash/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/File.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Handle.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Pipe.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Seekable.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Select.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/INET.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/IP.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/UNIX.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open2.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/List/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/POSIX.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Scalar/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/SelectSaver.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Socket.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Symbol.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Text/ParseWords.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Text/Tabs.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Text/Wrap.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Tie/Hash.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/XSLoader.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/attributes.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/Cwd/Cwd.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/Fcntl/Fcntl.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/File/Glob/Glob.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/Hash/Util/Util.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/IO/IO.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/List/Util/Util.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/POSIX/POSIX.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/Socket/Socket.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/attributes/attributes.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/re/re.so", + "/usr/lib/x86_64-linux-gnu/perl-base/base.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/bytes.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/bytes_heavy.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/constant.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/feature.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/fields.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/integer.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/lib.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/locale.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/overload.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/overloading.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/parent.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/re.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/strict.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/Heavy.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Age.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bmg.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Cf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Digit.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Ea.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/EqUIdeo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Fold.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/GCB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Gc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Hst.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InPC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InSC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Isc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jg.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lower.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFCQC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFDQC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCCF.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCQC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKDQC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Na1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NameAlia.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nv.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/PerlDeci.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/SB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Sc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Scx.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Tc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Title.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Uc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Upper.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Vo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/WB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlLB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlSCX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/NA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V100.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V11.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V110.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V120.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V20.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V30.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V31.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V32.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V40.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V41.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V50.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V51.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V52.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V60.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V61.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V70.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V80.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V90.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Alpha/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/B.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/BN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/CS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/EN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ES.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ET.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/L.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/NSM.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ON.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/R.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/WS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiM/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Blk/NB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/C.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/O.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CE/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CI/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCF/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCM/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWKCF/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWL/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWT/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWU/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Cased/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/A.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/ATAR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/B.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/BR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/DB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NK.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/OV.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/VR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CompEx/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/DI/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dash/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dep/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dia/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Com.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Enc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Fin.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Font.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Init.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Iso.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Med.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nar.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/NonCanon.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sqr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sub.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sup.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Vert.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/A.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/H.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/Na.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/W.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ext/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/CN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/EX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LV.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LVT.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/PP.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/SM.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/XX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/C.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/L.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/LC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ll.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/M.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Me.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nd.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/No.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/P.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pd.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pe.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Po.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ps.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/S.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sk.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/So.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Z.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Zs.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrBase/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrExt/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hex/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hst/NA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hyphen/T.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDS/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ideo/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/10_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/11_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/7_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/8_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/9_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Bottom.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Left.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/LeftAndR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/NA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Overstru.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Right.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Top.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndBo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndL2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndLe.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndRi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/VisualOr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Avagraha.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Bindu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Cantilla.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona4.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona5.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona6.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona7.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consonan.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Invisibl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Nukta.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Number.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Other.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/PureKill.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Syllable.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/ToneMark.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Virama.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Visarga.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Vowel.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelDep.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelInd.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Ain.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Alef.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Beh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Dal.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/FarsiYeh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Feh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Gaf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Hah.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/HanifiRo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Kaf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Lam.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/NoJoinin.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Qaf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Reh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Sad.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Seen.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Waw.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Yeh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/C.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/D.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/L.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/R.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/T.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/U.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AI.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CJ.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CM.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/EB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/EX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/GL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/ID.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/OP.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PO.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/QU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/SA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/XX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lower/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Math/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/M.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Di.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/None.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Nu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/11.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/12.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/13.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/14.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/15.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/16.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/17.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/18.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/19.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_16.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_4.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_6.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_8.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/200.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2_3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/300.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_16.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_4.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/400.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/500.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/600.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/700.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/800.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/900.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PCM/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PatSyn/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Alnum.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Assigned.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Blank.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Graph.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PerlWord.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PosixPun.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Print.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/SpacePer.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Title.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Word.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/XPosixPu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlAny.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCh2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCha.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlFol.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIsI.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlNch.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlNon.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPat.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPr2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPro.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlQuo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/QMark/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/AT.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/CL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/EX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/FO.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LE.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LO.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/NU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/SC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/ST.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/Sp.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/UP.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/XX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SD/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/STerm/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Arab.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Armn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Beng.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cprt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cyrl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Deva.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Dupl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Geor.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Glag.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gong.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gonm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gran.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Grek.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gujr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Guru.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Han.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hang.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hira.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Kana.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Knda.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Latn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Limb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Linb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mlym.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mong.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mult.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Orya.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Sinh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Syrc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Taml.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Telu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zinh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zyyy.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Adlm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Arab.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Armn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Beng.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bhks.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bopo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cakm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cham.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Copt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cprt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cyrl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Deva.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Dupl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Ethi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Geor.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Glag.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gong.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gonm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gran.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Grek.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gujr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Guru.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Han.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hang.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hebr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hira.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmng.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmnp.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kana.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khar.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khmr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khoj.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Knda.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kthi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lana.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lao.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Latn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Limb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lina.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Linb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mlym.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mong.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mult.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mymr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Nand.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Orya.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Phlp.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Rohg.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Shrd.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sind.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sinh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Syrc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tagb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Takr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Talu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Taml.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Telu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Thaa.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tibt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tirh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Xsux.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Yi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zinh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zyyy.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zzzz.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Term/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/UIdeo/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Upper/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/R.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/U.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/EX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/Extend.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/FO.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/HL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/KA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/LE.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/ML.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/NU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/WSegSpac.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/XX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDS/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/utf8.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/utf8_heavy.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/vars.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/warnings.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/warnings/register.pm", + "/usr/share/doc/perl-base/changelog.Debian.gz", + "/usr/share/doc/perl-base/copyright", + "/usr/share/doc/perl/AUTHORS.gz", + "/usr/share/doc/perl/Documentation", + "/usr/share/lintian/overrides/perl-base", + "/usr/share/man/man1/perl.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "perl-modules-5.30@5.30.0-9ubuntu0.3", + "Name": "perl-modules-5.30", + "Identifier": { + "PURL": "pkg:deb/ubuntu/perl-modules-5.30@5.30.0-9ubuntu0.3?arch=all\u0026distro=ubuntu-20.04", + "UID": "23ac15a776adbce9" + }, + "Version": "5.30.0", + "Release": "9ubuntu0.3", + "Arch": "all", + "SrcName": "perl", + "SrcVersion": "5.30.0", + "SrcRelease": "9ubuntu0.3", + "Licenses": [ + "GPL-1.0-or-later", + "Artistic-2.0", + "MIT", + "REGCOMP", + "GPL-2.0-with-bison-exception+", + "Unicode", + "BZIP", + "Zlib", + "GPL-2.0-or-later", + "RRA-KEEP-THIS-NOTICE", + "BSD-3-clause-with-weird-numbering", + "CC0-1.0", + "TEXT-TABS", + "BSD-4-clause-POWERDOG", + "BSD-3-clause-GENERIC", + "BSD-3-Clause", + "SDBM-PUBLIC-DOMAIN", + "DONT-CHANGE-THE-GPL", + "Artistic-dist", + "LGPL-2.1-only", + "GPL-1.0-only", + "GPL-2.0-only", + "Artistic-2", + "HSIEH-DERIVATIVE", + "HSIEH-BSD" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "perl-base@5.30.0-9ubuntu0.3" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/share/doc/perl-modules-5.30/README.Debian", + "/usr/share/doc/perl-modules-5.30/copyright", + "/usr/share/lintian/overrides/perl-modules-5.30", + "/usr/share/perl/5.30.0/AnyDBM_File.pm", + "/usr/share/perl/5.30.0/App/Cpan.pm", + "/usr/share/perl/5.30.0/App/Prove.pm", + "/usr/share/perl/5.30.0/App/Prove/State.pm", + "/usr/share/perl/5.30.0/App/Prove/State/Result.pm", + "/usr/share/perl/5.30.0/App/Prove/State/Result/Test.pm", + "/usr/share/perl/5.30.0/Archive/Tar.pm", + "/usr/share/perl/5.30.0/Archive/Tar/Constant.pm", + "/usr/share/perl/5.30.0/Archive/Tar/File.pm", + "/usr/share/perl/5.30.0/Attribute/Handlers.pm", + "/usr/share/perl/5.30.0/AutoLoader.pm", + "/usr/share/perl/5.30.0/AutoSplit.pm", + "/usr/share/perl/5.30.0/B/Deparse.pm", + "/usr/share/perl/5.30.0/B/Op_private.pm", + "/usr/share/perl/5.30.0/Benchmark.pm", + "/usr/share/perl/5.30.0/CORE.pod", + "/usr/share/perl/5.30.0/CPAN.pm", + "/usr/share/perl/5.30.0/CPAN/API/HOWTO.pod", + "/usr/share/perl/5.30.0/CPAN/Author.pm", + "/usr/share/perl/5.30.0/CPAN/Bundle.pm", + "/usr/share/perl/5.30.0/CPAN/CacheMgr.pm", + "/usr/share/perl/5.30.0/CPAN/Complete.pm", + "/usr/share/perl/5.30.0/CPAN/Debug.pm", + "/usr/share/perl/5.30.0/CPAN/DeferredCode.pm", + "/usr/share/perl/5.30.0/CPAN/Distribution.pm", + "/usr/share/perl/5.30.0/CPAN/Distroprefs.pm", + "/usr/share/perl/5.30.0/CPAN/Distrostatus.pm", + "/usr/share/perl/5.30.0/CPAN/Exception/RecursiveDependency.pm", + "/usr/share/perl/5.30.0/CPAN/Exception/blocked_urllist.pm", + "/usr/share/perl/5.30.0/CPAN/Exception/yaml_not_installed.pm", + "/usr/share/perl/5.30.0/CPAN/Exception/yaml_process_error.pm", + "/usr/share/perl/5.30.0/CPAN/FTP.pm", + "/usr/share/perl/5.30.0/CPAN/FTP/netrc.pm", + "/usr/share/perl/5.30.0/CPAN/FirstTime.pm", + "/usr/share/perl/5.30.0/CPAN/HTTP/Client.pm", + "/usr/share/perl/5.30.0/CPAN/HTTP/Credentials.pm", + "/usr/share/perl/5.30.0/CPAN/HandleConfig.pm", + "/usr/share/perl/5.30.0/CPAN/Index.pm", + "/usr/share/perl/5.30.0/CPAN/InfoObj.pm", + "/usr/share/perl/5.30.0/CPAN/Kwalify.pm", + "/usr/share/perl/5.30.0/CPAN/Kwalify/distroprefs.dd", + "/usr/share/perl/5.30.0/CPAN/Kwalify/distroprefs.yml", + "/usr/share/perl/5.30.0/CPAN/LWP/UserAgent.pm", + "/usr/share/perl/5.30.0/CPAN/Meta.pm", + "/usr/share/perl/5.30.0/CPAN/Meta/Converter.pm", + "/usr/share/perl/5.30.0/CPAN/Meta/Feature.pm", + "/usr/share/perl/5.30.0/CPAN/Meta/History.pm", + "/usr/share/perl/5.30.0/CPAN/Meta/History/Meta_1_0.pod", + "/usr/share/perl/5.30.0/CPAN/Meta/History/Meta_1_1.pod", + "/usr/share/perl/5.30.0/CPAN/Meta/History/Meta_1_2.pod", + "/usr/share/perl/5.30.0/CPAN/Meta/History/Meta_1_3.pod", + "/usr/share/perl/5.30.0/CPAN/Meta/History/Meta_1_4.pod", + "/usr/share/perl/5.30.0/CPAN/Meta/Merge.pm", + "/usr/share/perl/5.30.0/CPAN/Meta/Prereqs.pm", + "/usr/share/perl/5.30.0/CPAN/Meta/Requirements.pm", + "/usr/share/perl/5.30.0/CPAN/Meta/Spec.pm", + "/usr/share/perl/5.30.0/CPAN/Meta/Validator.pm", + "/usr/share/perl/5.30.0/CPAN/Meta/YAML.pm", + "/usr/share/perl/5.30.0/CPAN/Mirrors.pm", + "/usr/share/perl/5.30.0/CPAN/Module.pm", + "/usr/share/perl/5.30.0/CPAN/Nox.pm", + "/usr/share/perl/5.30.0/CPAN/Plugin.pm", + "/usr/share/perl/5.30.0/CPAN/Plugin/Specfile.pm", + "/usr/share/perl/5.30.0/CPAN/Prompt.pm", + "/usr/share/perl/5.30.0/CPAN/Queue.pm", + "/usr/share/perl/5.30.0/CPAN/Shell.pm", + "/usr/share/perl/5.30.0/CPAN/Tarzip.pm", + "/usr/share/perl/5.30.0/CPAN/URL.pm", + "/usr/share/perl/5.30.0/CPAN/Version.pm", + "/usr/share/perl/5.30.0/Carp.pm", + "/usr/share/perl/5.30.0/Carp/Heavy.pm", + "/usr/share/perl/5.30.0/Class/Struct.pm", + "/usr/share/perl/5.30.0/Compress/Zlib.pm", + "/usr/share/perl/5.30.0/Config/Extensions.pm", + "/usr/share/perl/5.30.0/Config/Perl/V.pm", + "/usr/share/perl/5.30.0/DB.pm", + "/usr/share/perl/5.30.0/DBM_Filter.pm", + "/usr/share/perl/5.30.0/DBM_Filter/compress.pm", + "/usr/share/perl/5.30.0/DBM_Filter/encode.pm", + "/usr/share/perl/5.30.0/DBM_Filter/int32.pm", + "/usr/share/perl/5.30.0/DBM_Filter/null.pm", + "/usr/share/perl/5.30.0/DBM_Filter/utf8.pm", + "/usr/share/perl/5.30.0/Devel/SelfStubber.pm", + "/usr/share/perl/5.30.0/Digest.pm", + "/usr/share/perl/5.30.0/Digest/base.pm", + "/usr/share/perl/5.30.0/Digest/file.pm", + "/usr/share/perl/5.30.0/DirHandle.pm", + "/usr/share/perl/5.30.0/Dumpvalue.pm", + "/usr/share/perl/5.30.0/Encode/Changes.e2x", + "/usr/share/perl/5.30.0/Encode/ConfigLocal_PM.e2x", + "/usr/share/perl/5.30.0/Encode/Makefile_PL.e2x", + "/usr/share/perl/5.30.0/Encode/PerlIO.pod", + "/usr/share/perl/5.30.0/Encode/README.e2x", + "/usr/share/perl/5.30.0/Encode/Supported.pod", + "/usr/share/perl/5.30.0/Encode/_PM.e2x", + "/usr/share/perl/5.30.0/Encode/_T.e2x", + "/usr/share/perl/5.30.0/Encode/encode.h", + "/usr/share/perl/5.30.0/English.pm", + "/usr/share/perl/5.30.0/Env.pm", + "/usr/share/perl/5.30.0/Exporter.pm", + "/usr/share/perl/5.30.0/Exporter/Heavy.pm", + "/usr/share/perl/5.30.0/ExtUtils/CBuilder.pm", + "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Base.pm", + "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/Unix.pm", + "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/VMS.pm", + "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/Windows.pm", + "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/Windows/BCC.pm", + "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/Windows/GCC.pm", + "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/Windows/MSVC.pm", + "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/aix.pm", + "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/android.pm", + "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/cygwin.pm", + "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/darwin.pm", + "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/dec_osf.pm", + "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/os2.pm", + "/usr/share/perl/5.30.0/ExtUtils/Command.pm", + "/usr/share/perl/5.30.0/ExtUtils/Command/MM.pm", + "/usr/share/perl/5.30.0/ExtUtils/Constant.pm", + "/usr/share/perl/5.30.0/ExtUtils/Constant/Base.pm", + "/usr/share/perl/5.30.0/ExtUtils/Constant/ProxySubs.pm", + "/usr/share/perl/5.30.0/ExtUtils/Constant/Utils.pm", + "/usr/share/perl/5.30.0/ExtUtils/Constant/XS.pm", + "/usr/share/perl/5.30.0/ExtUtils/Embed.pm", + "/usr/share/perl/5.30.0/ExtUtils/Install.pm", + "/usr/share/perl/5.30.0/ExtUtils/Installed.pm", + "/usr/share/perl/5.30.0/ExtUtils/Liblist.pm", + "/usr/share/perl/5.30.0/ExtUtils/Liblist/Kid.pm", + "/usr/share/perl/5.30.0/ExtUtils/MANIFEST.SKIP", + "/usr/share/perl/5.30.0/ExtUtils/MM.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_AIX.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_Any.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_BeOS.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_Cygwin.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_DOS.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_Darwin.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_MacOS.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_NW5.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_OS2.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_QNX.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_UWIN.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_Unix.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_VMS.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_VOS.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_Win32.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_Win95.pm", + "/usr/share/perl/5.30.0/ExtUtils/MY.pm", + "/usr/share/perl/5.30.0/ExtUtils/MakeMaker.pm", + "/usr/share/perl/5.30.0/ExtUtils/MakeMaker/Config.pm", + "/usr/share/perl/5.30.0/ExtUtils/MakeMaker/FAQ.pod", + "/usr/share/perl/5.30.0/ExtUtils/MakeMaker/Locale.pm", + "/usr/share/perl/5.30.0/ExtUtils/MakeMaker/Tutorial.pod", + "/usr/share/perl/5.30.0/ExtUtils/MakeMaker/version.pm", + "/usr/share/perl/5.30.0/ExtUtils/Manifest.pm", + "/usr/share/perl/5.30.0/ExtUtils/Miniperl.pm", + "/usr/share/perl/5.30.0/ExtUtils/Mkbootstrap.pm", + "/usr/share/perl/5.30.0/ExtUtils/Mksymlists.pm", + "/usr/share/perl/5.30.0/ExtUtils/Packlist.pm", + "/usr/share/perl/5.30.0/ExtUtils/ParseXS.pm", + "/usr/share/perl/5.30.0/ExtUtils/ParseXS.pod", + "/usr/share/perl/5.30.0/ExtUtils/ParseXS/Constants.pm", + "/usr/share/perl/5.30.0/ExtUtils/ParseXS/CountLines.pm", + "/usr/share/perl/5.30.0/ExtUtils/ParseXS/Eval.pm", + "/usr/share/perl/5.30.0/ExtUtils/ParseXS/Utilities.pm", + "/usr/share/perl/5.30.0/ExtUtils/Typemaps.pm", + "/usr/share/perl/5.30.0/ExtUtils/Typemaps/Cmd.pm", + "/usr/share/perl/5.30.0/ExtUtils/Typemaps/InputMap.pm", + "/usr/share/perl/5.30.0/ExtUtils/Typemaps/OutputMap.pm", + "/usr/share/perl/5.30.0/ExtUtils/Typemaps/Type.pm", + "/usr/share/perl/5.30.0/ExtUtils/testlib.pm", + "/usr/share/perl/5.30.0/ExtUtils/typemap", + "/usr/share/perl/5.30.0/ExtUtils/xsubpp", + "/usr/share/perl/5.30.0/Fatal.pm", + "/usr/share/perl/5.30.0/File/Basename.pm", + "/usr/share/perl/5.30.0/File/Compare.pm", + "/usr/share/perl/5.30.0/File/Copy.pm", + "/usr/share/perl/5.30.0/File/Fetch.pm", + "/usr/share/perl/5.30.0/File/Find.pm", + "/usr/share/perl/5.30.0/File/GlobMapper.pm", + "/usr/share/perl/5.30.0/File/Path.pm", + "/usr/share/perl/5.30.0/File/Temp.pm", + "/usr/share/perl/5.30.0/File/stat.pm", + "/usr/share/perl/5.30.0/FileCache.pm", + "/usr/share/perl/5.30.0/FileHandle.pm", + "/usr/share/perl/5.30.0/Filter/Simple.pm", + "/usr/share/perl/5.30.0/FindBin.pm", + "/usr/share/perl/5.30.0/Getopt/Long.pm", + "/usr/share/perl/5.30.0/Getopt/Std.pm", + "/usr/share/perl/5.30.0/HTTP/Tiny.pm", + "/usr/share/perl/5.30.0/I18N/Collate.pm", + "/usr/share/perl/5.30.0/I18N/LangTags.pm", + "/usr/share/perl/5.30.0/I18N/LangTags/Detect.pm", + "/usr/share/perl/5.30.0/I18N/LangTags/List.pm", + "/usr/share/perl/5.30.0/IO/Compress/Adapter/Bzip2.pm", + "/usr/share/perl/5.30.0/IO/Compress/Adapter/Deflate.pm", + "/usr/share/perl/5.30.0/IO/Compress/Adapter/Identity.pm", + "/usr/share/perl/5.30.0/IO/Compress/Base.pm", + "/usr/share/perl/5.30.0/IO/Compress/Base/Common.pm", + "/usr/share/perl/5.30.0/IO/Compress/Bzip2.pm", + "/usr/share/perl/5.30.0/IO/Compress/Deflate.pm", + "/usr/share/perl/5.30.0/IO/Compress/FAQ.pod", + "/usr/share/perl/5.30.0/IO/Compress/Gzip.pm", + "/usr/share/perl/5.30.0/IO/Compress/Gzip/Constants.pm", + "/usr/share/perl/5.30.0/IO/Compress/RawDeflate.pm", + "/usr/share/perl/5.30.0/IO/Compress/Zip.pm", + "/usr/share/perl/5.30.0/IO/Compress/Zip/Constants.pm", + "/usr/share/perl/5.30.0/IO/Compress/Zlib/Constants.pm", + "/usr/share/perl/5.30.0/IO/Compress/Zlib/Extra.pm", + "/usr/share/perl/5.30.0/IO/Socket/IP.pm", + "/usr/share/perl/5.30.0/IO/Uncompress/Adapter/Bunzip2.pm", + "/usr/share/perl/5.30.0/IO/Uncompress/Adapter/Identity.pm", + "/usr/share/perl/5.30.0/IO/Uncompress/Adapter/Inflate.pm", + "/usr/share/perl/5.30.0/IO/Uncompress/AnyInflate.pm", + "/usr/share/perl/5.30.0/IO/Uncompress/AnyUncompress.pm", + "/usr/share/perl/5.30.0/IO/Uncompress/Base.pm", + "/usr/share/perl/5.30.0/IO/Uncompress/Bunzip2.pm", + "/usr/share/perl/5.30.0/IO/Uncompress/Gunzip.pm", + "/usr/share/perl/5.30.0/IO/Uncompress/Inflate.pm", + "/usr/share/perl/5.30.0/IO/Uncompress/RawInflate.pm", + "/usr/share/perl/5.30.0/IO/Uncompress/Unzip.pm", + "/usr/share/perl/5.30.0/IO/Zlib.pm", + "/usr/share/perl/5.30.0/IPC/Cmd.pm", + "/usr/share/perl/5.30.0/IPC/Open2.pm", + "/usr/share/perl/5.30.0/IPC/Open3.pm", + "/usr/share/perl/5.30.0/Internals.pod", + "/usr/share/perl/5.30.0/JSON/PP.pm", + "/usr/share/perl/5.30.0/JSON/PP/Boolean.pm", + "/usr/share/perl/5.30.0/Locale/Maketext.pm", + "/usr/share/perl/5.30.0/Locale/Maketext.pod", + "/usr/share/perl/5.30.0/Locale/Maketext/Cookbook.pod", + "/usr/share/perl/5.30.0/Locale/Maketext/Guts.pm", + "/usr/share/perl/5.30.0/Locale/Maketext/GutsLoader.pm", + "/usr/share/perl/5.30.0/Locale/Maketext/Simple.pm", + "/usr/share/perl/5.30.0/Locale/Maketext/TPJ13.pod", + "/usr/share/perl/5.30.0/Math/BigFloat.pm", + "/usr/share/perl/5.30.0/Math/BigFloat/Trace.pm", + "/usr/share/perl/5.30.0/Math/BigInt.pm", + "/usr/share/perl/5.30.0/Math/BigInt/Calc.pm", + "/usr/share/perl/5.30.0/Math/BigInt/Lib.pm", + "/usr/share/perl/5.30.0/Math/BigInt/Trace.pm", + "/usr/share/perl/5.30.0/Math/BigRat.pm", + "/usr/share/perl/5.30.0/Math/Complex.pm", + "/usr/share/perl/5.30.0/Math/Trig.pm", + "/usr/share/perl/5.30.0/Memoize.pm", + "/usr/share/perl/5.30.0/Memoize/AnyDBM_File.pm", + "/usr/share/perl/5.30.0/Memoize/Expire.pm", + "/usr/share/perl/5.30.0/Memoize/ExpireFile.pm", + "/usr/share/perl/5.30.0/Memoize/ExpireTest.pm", + "/usr/share/perl/5.30.0/Memoize/NDBM_File.pm", + "/usr/share/perl/5.30.0/Memoize/SDBM_File.pm", + "/usr/share/perl/5.30.0/Memoize/Storable.pm", + "/usr/share/perl/5.30.0/Module/CoreList.pm", + "/usr/share/perl/5.30.0/Module/CoreList.pod", + "/usr/share/perl/5.30.0/Module/CoreList/Utils.pm", + "/usr/share/perl/5.30.0/Module/Load.pm", + "/usr/share/perl/5.30.0/Module/Load/Conditional.pm", + "/usr/share/perl/5.30.0/Module/Loaded.pm", + "/usr/share/perl/5.30.0/Module/Metadata.pm", + "/usr/share/perl/5.30.0/NEXT.pm", + "/usr/share/perl/5.30.0/Net/Cmd.pm", + "/usr/share/perl/5.30.0/Net/Config.pm", + "/usr/share/perl/5.30.0/Net/Domain.pm", + "/usr/share/perl/5.30.0/Net/FTP.pm", + "/usr/share/perl/5.30.0/Net/FTP/A.pm", + "/usr/share/perl/5.30.0/Net/FTP/E.pm", + "/usr/share/perl/5.30.0/Net/FTP/I.pm", + "/usr/share/perl/5.30.0/Net/FTP/L.pm", + "/usr/share/perl/5.30.0/Net/FTP/dataconn.pm", + "/usr/share/perl/5.30.0/Net/NNTP.pm", + "/usr/share/perl/5.30.0/Net/Netrc.pm", + "/usr/share/perl/5.30.0/Net/POP3.pm", + "/usr/share/perl/5.30.0/Net/Ping.pm", + "/usr/share/perl/5.30.0/Net/SMTP.pm", + "/usr/share/perl/5.30.0/Net/Time.pm", + "/usr/share/perl/5.30.0/Net/hostent.pm", + "/usr/share/perl/5.30.0/Net/libnetFAQ.pod", + "/usr/share/perl/5.30.0/Net/netent.pm", + "/usr/share/perl/5.30.0/Net/protoent.pm", + "/usr/share/perl/5.30.0/Net/servent.pm", + "/usr/share/perl/5.30.0/Params/Check.pm", + "/usr/share/perl/5.30.0/Parse/CPAN/Meta.pm", + "/usr/share/perl/5.30.0/Perl/OSType.pm", + "/usr/share/perl/5.30.0/PerlIO.pm", + "/usr/share/perl/5.30.0/PerlIO/via/QuotedPrint.pm", + "/usr/share/perl/5.30.0/Pod/Checker.pm", + "/usr/share/perl/5.30.0/Pod/Escapes.pm", + "/usr/share/perl/5.30.0/Pod/Find.pm", + "/usr/share/perl/5.30.0/Pod/Functions.pm", + "/usr/share/perl/5.30.0/Pod/Html.pm", + "/usr/share/perl/5.30.0/Pod/InputObjects.pm", + "/usr/share/perl/5.30.0/Pod/Man.pm", + "/usr/share/perl/5.30.0/Pod/ParseLink.pm", + "/usr/share/perl/5.30.0/Pod/ParseUtils.pm", + "/usr/share/perl/5.30.0/Pod/Parser.pm", + "/usr/share/perl/5.30.0/Pod/Perldoc.pm", + "/usr/share/perl/5.30.0/Pod/Perldoc/BaseTo.pm", + "/usr/share/perl/5.30.0/Pod/Perldoc/GetOptsOO.pm", + "/usr/share/perl/5.30.0/Pod/Perldoc/ToANSI.pm", + "/usr/share/perl/5.30.0/Pod/Perldoc/ToChecker.pm", + "/usr/share/perl/5.30.0/Pod/Perldoc/ToMan.pm", + "/usr/share/perl/5.30.0/Pod/Perldoc/ToNroff.pm", + "/usr/share/perl/5.30.0/Pod/Perldoc/ToPod.pm", + "/usr/share/perl/5.30.0/Pod/Perldoc/ToRtf.pm", + "/usr/share/perl/5.30.0/Pod/Perldoc/ToTerm.pm", + "/usr/share/perl/5.30.0/Pod/Perldoc/ToText.pm", + "/usr/share/perl/5.30.0/Pod/Perldoc/ToTk.pm", + "/usr/share/perl/5.30.0/Pod/Perldoc/ToXml.pm", + "/usr/share/perl/5.30.0/Pod/PlainText.pm", + "/usr/share/perl/5.30.0/Pod/Select.pm", + "/usr/share/perl/5.30.0/Pod/Simple.pm", + "/usr/share/perl/5.30.0/Pod/Simple.pod", + "/usr/share/perl/5.30.0/Pod/Simple/BlackBox.pm", + "/usr/share/perl/5.30.0/Pod/Simple/Checker.pm", + "/usr/share/perl/5.30.0/Pod/Simple/Debug.pm", + "/usr/share/perl/5.30.0/Pod/Simple/DumpAsText.pm", + "/usr/share/perl/5.30.0/Pod/Simple/DumpAsXML.pm", + "/usr/share/perl/5.30.0/Pod/Simple/HTML.pm", + "/usr/share/perl/5.30.0/Pod/Simple/HTMLBatch.pm", + "/usr/share/perl/5.30.0/Pod/Simple/HTMLLegacy.pm", + "/usr/share/perl/5.30.0/Pod/Simple/LinkSection.pm", + "/usr/share/perl/5.30.0/Pod/Simple/Methody.pm", + "/usr/share/perl/5.30.0/Pod/Simple/Progress.pm", + "/usr/share/perl/5.30.0/Pod/Simple/PullParser.pm", + "/usr/share/perl/5.30.0/Pod/Simple/PullParserEndToken.pm", + "/usr/share/perl/5.30.0/Pod/Simple/PullParserStartToken.pm", + "/usr/share/perl/5.30.0/Pod/Simple/PullParserTextToken.pm", + "/usr/share/perl/5.30.0/Pod/Simple/PullParserToken.pm", + "/usr/share/perl/5.30.0/Pod/Simple/RTF.pm", + "/usr/share/perl/5.30.0/Pod/Simple/Search.pm", + "/usr/share/perl/5.30.0/Pod/Simple/SimpleTree.pm", + "/usr/share/perl/5.30.0/Pod/Simple/Subclassing.pod", + "/usr/share/perl/5.30.0/Pod/Simple/Text.pm", + "/usr/share/perl/5.30.0/Pod/Simple/TextContent.pm", + "/usr/share/perl/5.30.0/Pod/Simple/TiedOutFH.pm", + "/usr/share/perl/5.30.0/Pod/Simple/Transcode.pm", + "/usr/share/perl/5.30.0/Pod/Simple/TranscodeDumb.pm", + "/usr/share/perl/5.30.0/Pod/Simple/TranscodeSmart.pm", + "/usr/share/perl/5.30.0/Pod/Simple/XHTML.pm", + "/usr/share/perl/5.30.0/Pod/Simple/XMLOutStream.pm", + "/usr/share/perl/5.30.0/Pod/Text.pm", + "/usr/share/perl/5.30.0/Pod/Text/Color.pm", + "/usr/share/perl/5.30.0/Pod/Text/Overstrike.pm", + "/usr/share/perl/5.30.0/Pod/Text/Termcap.pm", + "/usr/share/perl/5.30.0/Pod/Usage.pm", + "/usr/share/perl/5.30.0/Safe.pm", + "/usr/share/perl/5.30.0/Search/Dict.pm", + "/usr/share/perl/5.30.0/SelectSaver.pm", + "/usr/share/perl/5.30.0/SelfLoader.pm", + "/usr/share/perl/5.30.0/Symbol.pm", + "/usr/share/perl/5.30.0/TAP/Base.pm", + "/usr/share/perl/5.30.0/TAP/Formatter/Base.pm", + "/usr/share/perl/5.30.0/TAP/Formatter/Color.pm", + "/usr/share/perl/5.30.0/TAP/Formatter/Console.pm", + "/usr/share/perl/5.30.0/TAP/Formatter/Console/ParallelSession.pm", + "/usr/share/perl/5.30.0/TAP/Formatter/Console/Session.pm", + "/usr/share/perl/5.30.0/TAP/Formatter/File.pm", + "/usr/share/perl/5.30.0/TAP/Formatter/File/Session.pm", + "/usr/share/perl/5.30.0/TAP/Formatter/Session.pm", + "/usr/share/perl/5.30.0/TAP/Harness.pm", + "/usr/share/perl/5.30.0/TAP/Harness/Beyond.pod", + "/usr/share/perl/5.30.0/TAP/Harness/Env.pm", + "/usr/share/perl/5.30.0/TAP/Object.pm", + "/usr/share/perl/5.30.0/TAP/Parser.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Aggregator.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Grammar.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Iterator.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Iterator/Array.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Iterator/Process.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Iterator/Stream.pm", + "/usr/share/perl/5.30.0/TAP/Parser/IteratorFactory.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Multiplexer.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Result.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Result/Bailout.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Result/Comment.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Result/Plan.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Result/Pragma.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Result/Test.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Result/Unknown.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Result/Version.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Result/YAML.pm", + "/usr/share/perl/5.30.0/TAP/Parser/ResultFactory.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Scheduler.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Scheduler/Job.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Scheduler/Spinner.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Source.pm", + "/usr/share/perl/5.30.0/TAP/Parser/SourceHandler.pm", + "/usr/share/perl/5.30.0/TAP/Parser/SourceHandler/Executable.pm", + "/usr/share/perl/5.30.0/TAP/Parser/SourceHandler/File.pm", + "/usr/share/perl/5.30.0/TAP/Parser/SourceHandler/Handle.pm", + "/usr/share/perl/5.30.0/TAP/Parser/SourceHandler/Perl.pm", + "/usr/share/perl/5.30.0/TAP/Parser/SourceHandler/RawTAP.pm", + "/usr/share/perl/5.30.0/TAP/Parser/YAMLish/Reader.pm", + "/usr/share/perl/5.30.0/TAP/Parser/YAMLish/Writer.pm", + "/usr/share/perl/5.30.0/Term/ANSIColor.pm", + "/usr/share/perl/5.30.0/Term/Cap.pm", + "/usr/share/perl/5.30.0/Term/Complete.pm", + "/usr/share/perl/5.30.0/Term/ReadLine.pm", + "/usr/share/perl/5.30.0/Test.pm", + "/usr/share/perl/5.30.0/Test/Builder.pm", + "/usr/share/perl/5.30.0/Test/Builder/Formatter.pm", + "/usr/share/perl/5.30.0/Test/Builder/IO/Scalar.pm", + "/usr/share/perl/5.30.0/Test/Builder/Module.pm", + "/usr/share/perl/5.30.0/Test/Builder/Tester.pm", + "/usr/share/perl/5.30.0/Test/Builder/Tester/Color.pm", + "/usr/share/perl/5.30.0/Test/Builder/TodoDiag.pm", + "/usr/share/perl/5.30.0/Test/Harness.pm", + "/usr/share/perl/5.30.0/Test/More.pm", + "/usr/share/perl/5.30.0/Test/Simple.pm", + "/usr/share/perl/5.30.0/Test/Tester.pm", + "/usr/share/perl/5.30.0/Test/Tester/Capture.pm", + "/usr/share/perl/5.30.0/Test/Tester/CaptureRunner.pm", + "/usr/share/perl/5.30.0/Test/Tester/Delegate.pm", + "/usr/share/perl/5.30.0/Test/Tutorial.pod", + "/usr/share/perl/5.30.0/Test/use/ok.pm", + "/usr/share/perl/5.30.0/Test2.pm", + "/usr/share/perl/5.30.0/Test2/API.pm", + "/usr/share/perl/5.30.0/Test2/API/Breakage.pm", + "/usr/share/perl/5.30.0/Test2/API/Context.pm", + "/usr/share/perl/5.30.0/Test2/API/Instance.pm", + "/usr/share/perl/5.30.0/Test2/API/Stack.pm", + "/usr/share/perl/5.30.0/Test2/Event.pm", + "/usr/share/perl/5.30.0/Test2/Event/Bail.pm", + "/usr/share/perl/5.30.0/Test2/Event/Diag.pm", + "/usr/share/perl/5.30.0/Test2/Event/Encoding.pm", + "/usr/share/perl/5.30.0/Test2/Event/Exception.pm", + "/usr/share/perl/5.30.0/Test2/Event/Fail.pm", + "/usr/share/perl/5.30.0/Test2/Event/Generic.pm", + "/usr/share/perl/5.30.0/Test2/Event/Note.pm", + "/usr/share/perl/5.30.0/Test2/Event/Ok.pm", + "/usr/share/perl/5.30.0/Test2/Event/Pass.pm", + "/usr/share/perl/5.30.0/Test2/Event/Plan.pm", + "/usr/share/perl/5.30.0/Test2/Event/Skip.pm", + "/usr/share/perl/5.30.0/Test2/Event/Subtest.pm", + "/usr/share/perl/5.30.0/Test2/Event/TAP/Version.pm", + "/usr/share/perl/5.30.0/Test2/Event/V2.pm", + "/usr/share/perl/5.30.0/Test2/Event/Waiting.pm", + "/usr/share/perl/5.30.0/Test2/EventFacet.pm", + "/usr/share/perl/5.30.0/Test2/EventFacet/About.pm", + "/usr/share/perl/5.30.0/Test2/EventFacet/Amnesty.pm", + "/usr/share/perl/5.30.0/Test2/EventFacet/Assert.pm", + "/usr/share/perl/5.30.0/Test2/EventFacet/Control.pm", + "/usr/share/perl/5.30.0/Test2/EventFacet/Error.pm", + "/usr/share/perl/5.30.0/Test2/EventFacet/Hub.pm", + "/usr/share/perl/5.30.0/Test2/EventFacet/Info.pm", + "/usr/share/perl/5.30.0/Test2/EventFacet/Info/Table.pm", + "/usr/share/perl/5.30.0/Test2/EventFacet/Meta.pm", + "/usr/share/perl/5.30.0/Test2/EventFacet/Parent.pm", + "/usr/share/perl/5.30.0/Test2/EventFacet/Plan.pm", + "/usr/share/perl/5.30.0/Test2/EventFacet/Render.pm", + "/usr/share/perl/5.30.0/Test2/EventFacet/Trace.pm", + "/usr/share/perl/5.30.0/Test2/Formatter.pm", + "/usr/share/perl/5.30.0/Test2/Formatter/TAP.pm", + "/usr/share/perl/5.30.0/Test2/Hub.pm", + "/usr/share/perl/5.30.0/Test2/Hub/Interceptor.pm", + "/usr/share/perl/5.30.0/Test2/Hub/Interceptor/Terminator.pm", + "/usr/share/perl/5.30.0/Test2/Hub/Subtest.pm", + "/usr/share/perl/5.30.0/Test2/IPC.pm", + "/usr/share/perl/5.30.0/Test2/IPC/Driver.pm", + "/usr/share/perl/5.30.0/Test2/IPC/Driver/Files.pm", + "/usr/share/perl/5.30.0/Test2/Tools/Tiny.pm", + "/usr/share/perl/5.30.0/Test2/Transition.pod", + "/usr/share/perl/5.30.0/Test2/Util.pm", + "/usr/share/perl/5.30.0/Test2/Util/ExternalMeta.pm", + "/usr/share/perl/5.30.0/Test2/Util/Facets2Legacy.pm", + "/usr/share/perl/5.30.0/Test2/Util/HashBase.pm", + "/usr/share/perl/5.30.0/Test2/Util/Trace.pm", + "/usr/share/perl/5.30.0/Text/Abbrev.pm", + "/usr/share/perl/5.30.0/Text/Balanced.pm", + "/usr/share/perl/5.30.0/Text/ParseWords.pm", + "/usr/share/perl/5.30.0/Text/Tabs.pm", + "/usr/share/perl/5.30.0/Text/Wrap.pm", + "/usr/share/perl/5.30.0/Thread.pm", + "/usr/share/perl/5.30.0/Thread/Queue.pm", + "/usr/share/perl/5.30.0/Thread/Semaphore.pm", + "/usr/share/perl/5.30.0/Tie/Array.pm", + "/usr/share/perl/5.30.0/Tie/File.pm", + "/usr/share/perl/5.30.0/Tie/Handle.pm", + "/usr/share/perl/5.30.0/Tie/Hash.pm", + "/usr/share/perl/5.30.0/Tie/Memoize.pm", + "/usr/share/perl/5.30.0/Tie/RefHash.pm", + "/usr/share/perl/5.30.0/Tie/Scalar.pm", + "/usr/share/perl/5.30.0/Tie/StdHandle.pm", + "/usr/share/perl/5.30.0/Tie/SubstrHash.pm", + "/usr/share/perl/5.30.0/Time/Local.pm", + "/usr/share/perl/5.30.0/Time/gmtime.pm", + "/usr/share/perl/5.30.0/Time/localtime.pm", + "/usr/share/perl/5.30.0/Time/tm.pm", + "/usr/share/perl/5.30.0/UNIVERSAL.pm", + "/usr/share/perl/5.30.0/Unicode/Collate/CJK/Big5.pm", + "/usr/share/perl/5.30.0/Unicode/Collate/CJK/GB2312.pm", + "/usr/share/perl/5.30.0/Unicode/Collate/CJK/JISX0208.pm", + "/usr/share/perl/5.30.0/Unicode/Collate/CJK/Korean.pm", + "/usr/share/perl/5.30.0/Unicode/Collate/CJK/Pinyin.pm", + "/usr/share/perl/5.30.0/Unicode/Collate/CJK/Stroke.pm", + "/usr/share/perl/5.30.0/Unicode/Collate/CJK/Zhuyin.pm", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/af.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ar.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/as.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/az.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/be.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/bn.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ca.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/cs.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/cu.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/cy.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/da.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/de_at_ph.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/de_phone.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/dsb.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ee.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/eo.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/es.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/es_trad.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/et.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/fa.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/fi.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/fi_phone.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/fil.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/fo.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/fr_ca.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/gu.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ha.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/haw.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/he.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/hi.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/hr.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/hu.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/hy.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ig.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/is.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ja.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/kk.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/kl.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/kn.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ko.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/kok.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/lkt.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ln.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/lt.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/lv.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/mk.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ml.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/mr.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/mt.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/nb.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/nn.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/nso.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/om.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/or.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/pa.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/pl.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ro.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/sa.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/se.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/si.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/si_dict.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/sk.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/sl.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/sq.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/sr.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/sv.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/sv_refo.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ta.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/te.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/th.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/tn.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/to.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/tr.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ug_cyrl.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/uk.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ur.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/vi.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/vo.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/wae.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/wo.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/yo.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/zh.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/zh_big5.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/zh_gb.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/zh_pin.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/zh_strk.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/zh_zhu.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/allkeys.txt", + "/usr/share/perl/5.30.0/Unicode/Collate/keys.txt", + "/usr/share/perl/5.30.0/Unicode/UCD.pm", + "/usr/share/perl/5.30.0/User/grent.pm", + "/usr/share/perl/5.30.0/User/pwent.pm", + "/usr/share/perl/5.30.0/XSLoader.pm", + "/usr/share/perl/5.30.0/_charnames.pm", + "/usr/share/perl/5.30.0/autodie.pm", + "/usr/share/perl/5.30.0/autodie/Scope/Guard.pm", + "/usr/share/perl/5.30.0/autodie/Scope/GuardStack.pm", + "/usr/share/perl/5.30.0/autodie/Util.pm", + "/usr/share/perl/5.30.0/autodie/exception.pm", + "/usr/share/perl/5.30.0/autodie/exception/system.pm", + "/usr/share/perl/5.30.0/autodie/hints.pm", + "/usr/share/perl/5.30.0/autodie/skip.pm", + "/usr/share/perl/5.30.0/autouse.pm", + "/usr/share/perl/5.30.0/base.pm", + "/usr/share/perl/5.30.0/bigint.pm", + "/usr/share/perl/5.30.0/bignum.pm", + "/usr/share/perl/5.30.0/bigrat.pm", + "/usr/share/perl/5.30.0/blib.pm", + "/usr/share/perl/5.30.0/bytes.pm", + "/usr/share/perl/5.30.0/bytes_heavy.pl", + "/usr/share/perl/5.30.0/charnames.pm", + "/usr/share/perl/5.30.0/constant.pm", + "/usr/share/perl/5.30.0/deprecate.pm", + "/usr/share/perl/5.30.0/diagnostics.pm", + "/usr/share/perl/5.30.0/dumpvar.pl", + "/usr/share/perl/5.30.0/encoding/warnings.pm", + "/usr/share/perl/5.30.0/experimental.pm", + "/usr/share/perl/5.30.0/feature.pm", + "/usr/share/perl/5.30.0/fields.pm", + "/usr/share/perl/5.30.0/filetest.pm", + "/usr/share/perl/5.30.0/if.pm", + "/usr/share/perl/5.30.0/integer.pm", + "/usr/share/perl/5.30.0/less.pm", + "/usr/share/perl/5.30.0/locale.pm", + "/usr/share/perl/5.30.0/meta_notation.pm", + "/usr/share/perl/5.30.0/ok.pm", + "/usr/share/perl/5.30.0/open.pm", + "/usr/share/perl/5.30.0/overload.pm", + "/usr/share/perl/5.30.0/overload/numbers.pm", + "/usr/share/perl/5.30.0/overloading.pm", + "/usr/share/perl/5.30.0/parent.pm", + "/usr/share/perl/5.30.0/perl5db.pl", + "/usr/share/perl/5.30.0/perlfaq.pm", + "/usr/share/perl/5.30.0/pod/perldiag.pod", + "/usr/share/perl/5.30.0/sigtrap.pm", + "/usr/share/perl/5.30.0/sort.pm", + "/usr/share/perl/5.30.0/strict.pm", + "/usr/share/perl/5.30.0/subs.pm", + "/usr/share/perl/5.30.0/unicore/Blocks.txt", + "/usr/share/perl/5.30.0/unicore/CombiningClass.pl", + "/usr/share/perl/5.30.0/unicore/Decomposition.pl", + "/usr/share/perl/5.30.0/unicore/Heavy.pl", + "/usr/share/perl/5.30.0/unicore/Name.pl", + "/usr/share/perl/5.30.0/unicore/Name.pm", + "/usr/share/perl/5.30.0/unicore/NamedSequences.txt", + "/usr/share/perl/5.30.0/unicore/SpecialCasing.txt", + "/usr/share/perl/5.30.0/unicore/To/Age.pl", + "/usr/share/perl/5.30.0/unicore/To/Bc.pl", + "/usr/share/perl/5.30.0/unicore/To/Bmg.pl", + "/usr/share/perl/5.30.0/unicore/To/Bpb.pl", + "/usr/share/perl/5.30.0/unicore/To/Bpt.pl", + "/usr/share/perl/5.30.0/unicore/To/Cf.pl", + "/usr/share/perl/5.30.0/unicore/To/Digit.pl", + "/usr/share/perl/5.30.0/unicore/To/Ea.pl", + "/usr/share/perl/5.30.0/unicore/To/EqUIdeo.pl", + "/usr/share/perl/5.30.0/unicore/To/Fold.pl", + "/usr/share/perl/5.30.0/unicore/To/GCB.pl", + "/usr/share/perl/5.30.0/unicore/To/Gc.pl", + "/usr/share/perl/5.30.0/unicore/To/Hst.pl", + "/usr/share/perl/5.30.0/unicore/To/InPC.pl", + "/usr/share/perl/5.30.0/unicore/To/InSC.pl", + "/usr/share/perl/5.30.0/unicore/To/Isc.pl", + "/usr/share/perl/5.30.0/unicore/To/Jg.pl", + "/usr/share/perl/5.30.0/unicore/To/Jt.pl", + "/usr/share/perl/5.30.0/unicore/To/Lb.pl", + "/usr/share/perl/5.30.0/unicore/To/Lc.pl", + "/usr/share/perl/5.30.0/unicore/To/Lower.pl", + "/usr/share/perl/5.30.0/unicore/To/NFCQC.pl", + "/usr/share/perl/5.30.0/unicore/To/NFDQC.pl", + "/usr/share/perl/5.30.0/unicore/To/NFKCCF.pl", + "/usr/share/perl/5.30.0/unicore/To/NFKCQC.pl", + "/usr/share/perl/5.30.0/unicore/To/NFKDQC.pl", + "/usr/share/perl/5.30.0/unicore/To/Na1.pl", + "/usr/share/perl/5.30.0/unicore/To/NameAlia.pl", + "/usr/share/perl/5.30.0/unicore/To/Nt.pl", + "/usr/share/perl/5.30.0/unicore/To/Nv.pl", + "/usr/share/perl/5.30.0/unicore/To/PerlDeci.pl", + "/usr/share/perl/5.30.0/unicore/To/SB.pl", + "/usr/share/perl/5.30.0/unicore/To/Sc.pl", + "/usr/share/perl/5.30.0/unicore/To/Scx.pl", + "/usr/share/perl/5.30.0/unicore/To/Tc.pl", + "/usr/share/perl/5.30.0/unicore/To/Title.pl", + "/usr/share/perl/5.30.0/unicore/To/Uc.pl", + "/usr/share/perl/5.30.0/unicore/To/Upper.pl", + "/usr/share/perl/5.30.0/unicore/To/Vo.pl", + "/usr/share/perl/5.30.0/unicore/To/WB.pl", + "/usr/share/perl/5.30.0/unicore/To/_PerlLB.pl", + "/usr/share/perl/5.30.0/unicore/To/_PerlSCX.pl", + "/usr/share/perl/5.30.0/unicore/UCD.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/NA.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V100.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V11.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V110.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V120.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V20.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V30.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V31.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V32.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V40.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V41.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V50.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V51.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V52.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V60.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V61.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V70.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V80.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V90.pl", + "/usr/share/perl/5.30.0/unicore/lib/Alpha/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bc/AL.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bc/AN.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bc/B.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bc/BN.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bc/CS.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bc/EN.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bc/ES.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bc/ET.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bc/L.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bc/NSM.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bc/ON.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bc/R.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bc/WS.pl", + "/usr/share/perl/5.30.0/unicore/lib/BidiC/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/BidiM/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Blk/NB.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bpt/C.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bpt/N.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bpt/O.pl", + "/usr/share/perl/5.30.0/unicore/lib/CE/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/CI/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/CWCF/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/CWCM/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/CWKCF/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/CWL/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/CWT/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/CWU/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Cased/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ccc/A.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ccc/AL.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ccc/AR.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ccc/ATAR.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ccc/B.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ccc/BR.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ccc/DB.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ccc/NK.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ccc/NR.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ccc/OV.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ccc/VR.pl", + "/usr/share/perl/5.30.0/unicore/lib/CompEx/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/DI/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dash/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dep/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dia/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dt/Com.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dt/Enc.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dt/Fin.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dt/Font.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dt/Init.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dt/Iso.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dt/Med.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dt/Nar.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dt/Nb.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dt/NonCanon.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dt/Sqr.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dt/Sub.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dt/Sup.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dt/Vert.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ea/A.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ea/H.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ea/N.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ea/Na.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ea/W.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ext/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/GCB/CN.pl", + "/usr/share/perl/5.30.0/unicore/lib/GCB/EX.pl", + "/usr/share/perl/5.30.0/unicore/lib/GCB/LV.pl", + "/usr/share/perl/5.30.0/unicore/lib/GCB/LVT.pl", + "/usr/share/perl/5.30.0/unicore/lib/GCB/PP.pl", + "/usr/share/perl/5.30.0/unicore/lib/GCB/SM.pl", + "/usr/share/perl/5.30.0/unicore/lib/GCB/XX.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/C.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Cf.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Cn.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/L.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/LC.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Ll.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Lm.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Lo.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Lu.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/M.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Mc.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Me.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Mn.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/N.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Nd.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Nl.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/No.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/P.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Pc.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Pd.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Pe.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Pf.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Pi.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Po.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Ps.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/S.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Sc.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Sk.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Sm.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/So.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Z.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Zs.pl", + "/usr/share/perl/5.30.0/unicore/lib/GrBase/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/GrExt/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Hex/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Hst/NA.pl", + "/usr/share/perl/5.30.0/unicore/lib/Hyphen/T.pl", + "/usr/share/perl/5.30.0/unicore/lib/IDC/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/IDS/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ideo/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/10_0.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/11_0.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/12_0.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/12_1.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/2_0.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/2_1.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/3_0.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/3_1.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/3_2.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/4_0.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/4_1.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/5_0.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/5_1.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/5_2.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/6_0.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/6_1.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/6_2.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/6_3.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/7_0.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/8_0.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/9_0.pl", + "/usr/share/perl/5.30.0/unicore/lib/InPC/Bottom.pl", + "/usr/share/perl/5.30.0/unicore/lib/InPC/Left.pl", + "/usr/share/perl/5.30.0/unicore/lib/InPC/LeftAndR.pl", + "/usr/share/perl/5.30.0/unicore/lib/InPC/NA.pl", + "/usr/share/perl/5.30.0/unicore/lib/InPC/Overstru.pl", + "/usr/share/perl/5.30.0/unicore/lib/InPC/Right.pl", + "/usr/share/perl/5.30.0/unicore/lib/InPC/Top.pl", + "/usr/share/perl/5.30.0/unicore/lib/InPC/TopAndBo.pl", + "/usr/share/perl/5.30.0/unicore/lib/InPC/TopAndL2.pl", + "/usr/share/perl/5.30.0/unicore/lib/InPC/TopAndLe.pl", + "/usr/share/perl/5.30.0/unicore/lib/InPC/TopAndRi.pl", + "/usr/share/perl/5.30.0/unicore/lib/InPC/VisualOr.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Avagraha.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Bindu.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Cantilla.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Consona2.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Consona3.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Consona4.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Consona5.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Consona6.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Consona7.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Consonan.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Invisibl.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Nukta.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Number.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Other.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/PureKill.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Syllable.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/ToneMark.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Virama.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Visarga.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Vowel.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/VowelDep.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/VowelInd.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Ain.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Alef.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Beh.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Dal.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/FarsiYeh.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Feh.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Gaf.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Hah.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/HanifiRo.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Kaf.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Lam.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/NoJoinin.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Qaf.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Reh.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Sad.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Seen.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Waw.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Yeh.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jt/C.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jt/D.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jt/L.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jt/R.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jt/T.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jt/U.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/AI.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/AL.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/BA.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/BB.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/CJ.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/CL.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/CM.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/EB.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/EX.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/GL.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/ID.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/IN.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/IS.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/NS.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/NU.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/OP.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/PO.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/PR.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/QU.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/SA.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/XX.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lower/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Math/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/NFCQC/M.pl", + "/usr/share/perl/5.30.0/unicore/lib/NFCQC/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/NFDQC/N.pl", + "/usr/share/perl/5.30.0/unicore/lib/NFDQC/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/NFKCQC/N.pl", + "/usr/share/perl/5.30.0/unicore/lib/NFKCQC/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/NFKDQC/N.pl", + "/usr/share/perl/5.30.0/unicore/lib/NFKDQC/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nt/Di.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nt/None.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nt/Nu.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/0.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/1.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/10.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/100.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/1000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/10000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/100000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/11.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/12.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/13.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/14.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/15.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/16.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/17.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/18.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/19.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/1_16.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/1_2.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/1_3.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/1_4.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/1_6.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/1_8.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/2.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/20.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/200.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/2000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/20000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/2_3.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/3.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/30.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/300.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/3000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/30000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/3_16.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/3_4.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/4.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/40.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/400.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/4000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/40000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/5.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/50.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/500.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/5000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/50000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/6.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/60.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/600.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/6000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/60000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/7.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/70.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/700.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/7000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/70000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/8.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/80.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/800.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/8000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/80000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/9.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/90.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/900.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/9000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/90000.pl", + "/usr/share/perl/5.30.0/unicore/lib/PCM/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/PatSyn/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/Alnum.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/Assigned.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/Blank.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/Graph.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/PerlWord.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/PosixPun.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/Print.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/SpacePer.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/Title.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/Word.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/XPosixPu.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlAny.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlCh2.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlCha.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlFol.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlIDC.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlIDS.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlIsI.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlNch.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlNon.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlPat.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlPr2.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlPro.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlQuo.pl", + "/usr/share/perl/5.30.0/unicore/lib/QMark/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/SB/AT.pl", + "/usr/share/perl/5.30.0/unicore/lib/SB/CL.pl", + "/usr/share/perl/5.30.0/unicore/lib/SB/EX.pl", + "/usr/share/perl/5.30.0/unicore/lib/SB/FO.pl", + "/usr/share/perl/5.30.0/unicore/lib/SB/LE.pl", + "/usr/share/perl/5.30.0/unicore/lib/SB/LO.pl", + "/usr/share/perl/5.30.0/unicore/lib/SB/NU.pl", + "/usr/share/perl/5.30.0/unicore/lib/SB/SC.pl", + "/usr/share/perl/5.30.0/unicore/lib/SB/ST.pl", + "/usr/share/perl/5.30.0/unicore/lib/SB/Sp.pl", + "/usr/share/perl/5.30.0/unicore/lib/SB/UP.pl", + "/usr/share/perl/5.30.0/unicore/lib/SB/XX.pl", + "/usr/share/perl/5.30.0/unicore/lib/SD/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/STerm/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Arab.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Armn.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Beng.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Cprt.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Cyrl.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Deva.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Dupl.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Geor.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Glag.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Gong.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Gonm.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Gran.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Grek.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Gujr.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Guru.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Han.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Hang.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Hira.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Kana.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Knda.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Latn.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Limb.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Linb.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Mlym.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Mong.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Mult.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Orya.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Sinh.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Syrc.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Taml.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Telu.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Zinh.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Zyyy.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Adlm.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Arab.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Armn.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Beng.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Bhks.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Bopo.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Cakm.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Cham.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Copt.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Cprt.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Cyrl.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Deva.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Dupl.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Ethi.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Geor.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Glag.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Gong.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Gonm.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Gran.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Grek.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Gujr.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Guru.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Han.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Hang.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Hebr.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Hira.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Hmng.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Hmnp.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Kana.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Khar.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Khmr.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Khoj.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Knda.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Kthi.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Lana.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Lao.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Latn.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Limb.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Lina.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Linb.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Mlym.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Mong.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Mult.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Mymr.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Nand.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Orya.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Phlp.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Rohg.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Shrd.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Sind.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Sinh.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Syrc.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Tagb.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Takr.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Talu.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Taml.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Telu.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Thaa.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Tibt.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Tirh.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Xsux.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Yi.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Zinh.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Zyyy.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Zzzz.pl", + "/usr/share/perl/5.30.0/unicore/lib/Term/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/UIdeo/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Upper/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Vo/R.pl", + "/usr/share/perl/5.30.0/unicore/lib/Vo/Tr.pl", + "/usr/share/perl/5.30.0/unicore/lib/Vo/Tu.pl", + "/usr/share/perl/5.30.0/unicore/lib/Vo/U.pl", + "/usr/share/perl/5.30.0/unicore/lib/WB/EX.pl", + "/usr/share/perl/5.30.0/unicore/lib/WB/Extend.pl", + "/usr/share/perl/5.30.0/unicore/lib/WB/FO.pl", + "/usr/share/perl/5.30.0/unicore/lib/WB/HL.pl", + "/usr/share/perl/5.30.0/unicore/lib/WB/KA.pl", + "/usr/share/perl/5.30.0/unicore/lib/WB/LE.pl", + "/usr/share/perl/5.30.0/unicore/lib/WB/MB.pl", + "/usr/share/perl/5.30.0/unicore/lib/WB/ML.pl", + "/usr/share/perl/5.30.0/unicore/lib/WB/MN.pl", + "/usr/share/perl/5.30.0/unicore/lib/WB/NU.pl", + "/usr/share/perl/5.30.0/unicore/lib/WB/WSegSpac.pl", + "/usr/share/perl/5.30.0/unicore/lib/WB/XX.pl", + "/usr/share/perl/5.30.0/unicore/lib/XIDC/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/XIDS/Y.pl", + "/usr/share/perl/5.30.0/unicore/uni_keywords.pl", + "/usr/share/perl/5.30.0/unicore/version", + "/usr/share/perl/5.30.0/utf8.pm", + "/usr/share/perl/5.30.0/utf8_heavy.pl", + "/usr/share/perl/5.30.0/vars.pm", + "/usr/share/perl/5.30.0/version.pm", + "/usr/share/perl/5.30.0/version.pod", + "/usr/share/perl/5.30.0/version/Internals.pod", + "/usr/share/perl/5.30.0/version/regex.pm", + "/usr/share/perl/5.30.0/vmsish.pm", + "/usr/share/perl/5.30.0/warnings.pm", + "/usr/share/perl/5.30.0/warnings/register.pm" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "procps@2:3.3.16-1ubuntu2.3", + "Name": "procps", + "Identifier": { + "PURL": "pkg:deb/ubuntu/procps@3.3.16-1ubuntu2.3?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=2", + "UID": "2e438941f5c4c412" + }, + "Version": "3.3.16", + "Release": "1ubuntu2.3", + "Epoch": 2, + "Arch": "amd64", + "SrcName": "procps", + "SrcVersion": "3.3.16", + "SrcRelease": "1ubuntu2.3", + "SrcEpoch": 2, + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.0-or-later", + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "init-system-helpers@1.57", + "libc6@2.31-0ubuntu9.9", + "libncurses6@6.2-0ubuntu2", + "libncursesw6@6.2-0ubuntu2", + "libprocps8@2:3.3.16-1ubuntu2.3", + "libtinfo6@6.2-0ubuntu2", + "lsb-base@11.1.0ubuntu2" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/bin/kill", + "/bin/ps", + "/sbin/sysctl", + "/usr/bin/free", + "/usr/bin/pgrep", + "/usr/bin/pmap", + "/usr/bin/pwdx", + "/usr/bin/skill", + "/usr/bin/slabtop", + "/usr/bin/tload", + "/usr/bin/top", + "/usr/bin/uptime", + "/usr/bin/vmstat", + "/usr/bin/w.procps", + "/usr/bin/watch", + "/usr/lib/sysctl.d/protect-links.conf", + "/usr/share/bug/procps/presubj", + "/usr/share/doc/procps/FAQ.gz", + "/usr/share/doc/procps/README.Debian", + "/usr/share/doc/procps/TODO.gz", + "/usr/share/doc/procps/bugs.md", + "/usr/share/doc/procps/copyright", + "/usr/share/doc/procps/examples/sysctl.conf", + "/usr/share/lintian/overrides/procps", + "/usr/share/man/de/man1/w.1.gz", + "/usr/share/man/man1/free.1.gz", + "/usr/share/man/man1/kill.1.gz", + "/usr/share/man/man1/pgrep.1.gz", + "/usr/share/man/man1/pmap.1.gz", + "/usr/share/man/man1/procps.1.gz", + "/usr/share/man/man1/ps.1.gz", + "/usr/share/man/man1/pwdx.1.gz", + "/usr/share/man/man1/skill.1.gz", + "/usr/share/man/man1/slabtop.1.gz", + "/usr/share/man/man1/tload.1.gz", + "/usr/share/man/man1/top.1.gz", + "/usr/share/man/man1/uptime.1.gz", + "/usr/share/man/man1/w.procps.1.gz", + "/usr/share/man/man1/watch.1.gz", + "/usr/share/man/man3/openproc.3.gz", + "/usr/share/man/man3/readproc.3.gz", + "/usr/share/man/man3/readproctab.3.gz", + "/usr/share/man/man5/sysctl.conf.5.gz", + "/usr/share/man/man8/sysctl.8.gz", + "/usr/share/man/man8/vmstat.8.gz", + "/usr/share/menu/procps" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "psmisc@23.3-1", + "Name": "psmisc", + "Identifier": { + "PURL": "pkg:deb/ubuntu/psmisc@23.3-1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "d4b50a8f897d1f4" + }, + "Version": "23.3", + "Release": "1", + "Arch": "amd64", + "SrcName": "psmisc", + "SrcVersion": "23.3", + "SrcRelease": "1", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libselinux1@3.0-1build2", + "libtinfo6@6.2-0ubuntu2" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/bin/fuser", + "/usr/bin/killall", + "/usr/bin/peekfd", + "/usr/bin/prtstat", + "/usr/bin/pslog", + "/usr/bin/pstree", + "/usr/share/doc/psmisc/README.Debian", + "/usr/share/doc/psmisc/README.md", + "/usr/share/doc/psmisc/changelog.Debian.gz", + "/usr/share/doc/psmisc/copyright", + "/usr/share/man/man1/fuser.1.gz", + "/usr/share/man/man1/killall.1.gz", + "/usr/share/man/man1/peekfd.1.gz", + "/usr/share/man/man1/prtstat.1.gz", + "/usr/share/man/man1/pslog.1.gz", + "/usr/share/man/man1/pstree.1.gz", + "/usr/share/menu/psmisc", + "/usr/share/pixmaps/pstree16.xpm", + "/usr/share/pixmaps/pstree32.xpm" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "pwgen@2.08-2", + "Name": "pwgen", + "Identifier": { + "PURL": "pkg:deb/ubuntu/pwgen@2.08-2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "4a7a5c2fdec829c3" + }, + "Version": "2.08", + "Release": "2", + "Arch": "amd64", + "SrcName": "pwgen", + "SrcVersion": "2.08", + "SrcRelease": "2", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "InstalledFiles": [ + "/usr/bin/pwgen", + "/usr/share/doc/pwgen/changelog.Debian.gz", + "/usr/share/doc/pwgen/copyright", + "/usr/share/man/man1/pwgen.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "readline-common@8.0-4", + "Name": "readline-common", + "Identifier": { + "PURL": "pkg:deb/ubuntu/readline-common@8.0-4?arch=all\u0026distro=ubuntu-20.04", + "UID": "f219905ad569d7cb" + }, + "Version": "8.0", + "Release": "4", + "Arch": "all", + "SrcName": "readline", + "SrcVersion": "8.0", + "SrcRelease": "4", + "Licenses": [ + "GPL-3.0-only", + "GFDL-1.3-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "dpkg@1.19.7ubuntu3.2" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "InstalledFiles": [ + "/usr/share/doc/readline-common/changelog.Debian.gz", + "/usr/share/doc/readline-common/copyright", + "/usr/share/doc/readline-common/inputrc.arrows", + "/usr/share/info/rluserman.info.gz", + "/usr/share/lintian/overrides/readline-common", + "/usr/share/man/man3/history.3readline.gz", + "/usr/share/man/man3/readline.3readline.gz", + "/usr/share/readline/inputrc" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "rsync@3.1.3-8ubuntu0.5", + "Name": "rsync", + "Identifier": { + "PURL": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "9f4dd363bd033b68" + }, + "Version": "3.1.3", + "Release": "8ubuntu0.5", + "Arch": "amd64", + "SrcName": "rsync", + "SrcVersion": "3.1.3", + "SrcRelease": "8ubuntu0.5", + "Licenses": [ + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libacl1@2.2.53-6", + "libc6@2.31-0ubuntu9.9", + "libpopt0@1.16-14", + "lsb-base@11.1.0ubuntu2" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/lib/systemd/system/rsync.service", + "/usr/bin/rsync", + "/usr/share/doc/rsync/NEWS.Debian.gz", + "/usr/share/doc/rsync/README.Debian", + "/usr/share/doc/rsync/changelog.Debian.gz", + "/usr/share/doc/rsync/copyright", + "/usr/share/doc/rsync/examples/logrotate.conf.rsync", + "/usr/share/doc/rsync/examples/rsyncd.conf", + "/usr/share/lintian/overrides/rsync", + "/usr/share/man/man1/rsync.1.gz", + "/usr/share/man/man5/rsyncd.conf.5.gz", + "/usr/share/rsync/scripts/atomic-rsync", + "/usr/share/rsync/scripts/cull_options", + "/usr/share/rsync/scripts/cvs2includes", + "/usr/share/rsync/scripts/file-attr-restore", + "/usr/share/rsync/scripts/files-to-excludes", + "/usr/share/rsync/scripts/git-set-file-times", + "/usr/share/rsync/scripts/logfilter", + "/usr/share/rsync/scripts/lsh", + "/usr/share/rsync/scripts/mnt-excl", + "/usr/share/rsync/scripts/munge-symlinks", + "/usr/share/rsync/scripts/rrsync", + "/usr/share/rsync/scripts/rsyncstats" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "sed@4.7-1", + "Name": "sed", + "Identifier": { + "PURL": "pkg:deb/ubuntu/sed@4.7-1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "7b2d46e37a3b9f9f" + }, + "Version": "4.7", + "Release": "1", + "Arch": "amd64", + "SrcName": "sed", + "SrcVersion": "4.7", + "SrcRelease": "1", + "Licenses": [ + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/bin/sed", + "/usr/share/doc/sed/AUTHORS", + "/usr/share/doc/sed/BUGS.gz", + "/usr/share/doc/sed/NEWS.gz", + "/usr/share/doc/sed/README", + "/usr/share/doc/sed/THANKS.gz", + "/usr/share/doc/sed/changelog.Debian.gz", + "/usr/share/doc/sed/copyright", + "/usr/share/doc/sed/examples/dc.sed.gz", + "/usr/share/doc/sed/sedfaq.txt.gz", + "/usr/share/info/sed.info.gz", + "/usr/share/man/man1/sed.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "sensible-utils@0.0.12+nmu1", + "Name": "sensible-utils", + "Identifier": { + "PURL": "pkg:deb/ubuntu/sensible-utils@0.0.12%2Bnmu1?arch=all\u0026distro=ubuntu-20.04", + "UID": "ead6f16917c55499" + }, + "Version": "0.0.12+nmu1", + "Arch": "all", + "SrcName": "sensible-utils", + "SrcVersion": "0.0.12+nmu1", + "Licenses": [ + "GPL-2.0-or-later", + "All-permissive", + "configure", + "installsh", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/bin/select-editor", + "/usr/bin/sensible-browser", + "/usr/bin/sensible-editor", + "/usr/bin/sensible-pager", + "/usr/lib/mime/packages/sensible-utils", + "/usr/share/doc/sensible-utils/changelog.gz", + "/usr/share/doc/sensible-utils/copyright", + "/usr/share/man/cs/man1/sensible-editor.1.gz", + "/usr/share/man/de/man1/sensible-editor.1.gz", + "/usr/share/man/es/man1/sensible-editor.1.gz", + "/usr/share/man/fr/man1/sensible-editor.1.gz", + "/usr/share/man/it/man1/sensible-editor.1.gz", + "/usr/share/man/ja/man1/sensible-editor.1.gz", + "/usr/share/man/man1/select-editor.1.gz", + "/usr/share/man/man1/sensible-browser.1.gz", + "/usr/share/man/man1/sensible-editor.1.gz", + "/usr/share/man/man1/sensible-pager.1.gz", + "/usr/share/man/pl/man1/sensible-editor.1.gz", + "/usr/share/man/pt/man1/sensible-editor.1.gz", + "/usr/share/sensible-utils/bin/gettext" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "socat@1.7.3.3-2", + "Name": "socat", + "Identifier": { + "PURL": "pkg:deb/ubuntu/socat@1.7.3.3-2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "5a107641e68652a2" + }, + "Version": "1.7.3.3", + "Release": "2", + "Arch": "amd64", + "SrcName": "socat", + "SrcVersion": "1.7.3.3", + "SrcRelease": "2", + "Licenses": [ + "GPL-2.0-only", + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libssl1.1@1.1.1f-1ubuntu2.17", + "libwrap0@7.6.q-30" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/bin/filan", + "/usr/bin/procan", + "/usr/bin/socat", + "/usr/share/doc-base/socat", + "/usr/share/doc/socat/BUGREPORTS", + "/usr/share/doc/socat/DEVELOPMENT.gz", + "/usr/share/doc/socat/EXAMPLES.gz", + "/usr/share/doc/socat/FAQ", + "/usr/share/doc/socat/NEWS.Debian.gz", + "/usr/share/doc/socat/PORTING", + "/usr/share/doc/socat/README.Debian", + "/usr/share/doc/socat/README.FIPS", + "/usr/share/doc/socat/README.gz", + "/usr/share/doc/socat/SECURITY", + "/usr/share/doc/socat/changelog.Debian.gz", + "/usr/share/doc/socat/copyright", + "/usr/share/doc/socat/dest-unreach.css", + "/usr/share/doc/socat/examples/daemon.sh", + "/usr/share/doc/socat/examples/ftp.sh", + "/usr/share/doc/socat/examples/mail.sh", + "/usr/share/doc/socat/examples/proxy.sh", + "/usr/share/doc/socat/examples/proxyecho.sh", + "/usr/share/doc/socat/examples/readline-test.sh", + "/usr/share/doc/socat/examples/readline.sh", + "/usr/share/doc/socat/examples/socks4a-echo.sh", + "/usr/share/doc/socat/examples/socks4echo.sh", + "/usr/share/doc/socat/examples/test.sh", + "/usr/share/doc/socat/index.html", + "/usr/share/doc/socat/socat-genericsocket.html", + "/usr/share/doc/socat/socat-multicast.html", + "/usr/share/doc/socat/socat-openssltunnel.html", + "/usr/share/doc/socat/socat-tun.html", + "/usr/share/doc/socat/socat.html", + "/usr/share/doc/socat/xio.help.gz", + "/usr/share/lintian/overrides/socat", + "/usr/share/man/man1/socat.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "sysvinit-utils@2.96-2.1ubuntu1", + "Name": "sysvinit-utils", + "Identifier": { + "PURL": "pkg:deb/ubuntu/sysvinit-utils@2.96-2.1ubuntu1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "4abc2fedcb9de463" + }, + "Version": "2.96", + "Release": "2.1ubuntu1", + "Arch": "amd64", + "SrcName": "sysvinit", + "SrcVersion": "2.96", + "SrcRelease": "2.1ubuntu1", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "init-system-helpers@1.57", + "libc6@2.31-0ubuntu9.9", + "lsb-base@11.1.0ubuntu2", + "util-linux@2.34-0.1ubuntu9.3" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/init/init-d-script", + "/lib/init/vars.sh", + "/sbin/fstab-decode", + "/sbin/killall5", + "/usr/share/doc/sysvinit-utils/copyright", + "/usr/share/man/man5/init-d-script.5.gz", + "/usr/share/man/man8/fstab-decode.8.gz", + "/usr/share/man/man8/killall5.8.gz", + "/usr/share/man/man8/pidof.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "tar@1.30+dfsg-7ubuntu0.20.04.3", + "Name": "tar", + "Identifier": { + "PURL": "pkg:deb/ubuntu/tar@1.30%2Bdfsg-7ubuntu0.20.04.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "9e3a2b3027b922ad" + }, + "Version": "1.30+dfsg", + "Release": "7ubuntu0.20.04.3", + "Arch": "amd64", + "SrcName": "tar", + "SrcVersion": "1.30+dfsg", + "SrcRelease": "7ubuntu0.20.04.3", + "Licenses": [ + "GPL-3.0-only", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/bin/tar", + "/usr/lib/mime/packages/tar", + "/usr/sbin/rmt-tar", + "/usr/sbin/tarcat", + "/usr/share/doc/tar/AUTHORS", + "/usr/share/doc/tar/NEWS.gz", + "/usr/share/doc/tar/README.Debian", + "/usr/share/doc/tar/THANKS.gz", + "/usr/share/doc/tar/changelog.Debian.gz", + "/usr/share/doc/tar/copyright", + "/usr/share/man/man1/tar.1.gz", + "/usr/share/man/man1/tarcat.1.gz", + "/usr/share/man/man8/rmt-tar.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "tzdata@2023c-0ubuntu0.20.04.0", + "Name": "tzdata", + "Identifier": { + "PURL": "pkg:deb/ubuntu/tzdata@2023c-0ubuntu0.20.04.0?arch=all\u0026distro=ubuntu-20.04", + "UID": "89e162f2934a9272" + }, + "Version": "2023c", + "Release": "0ubuntu0.20.04.0", + "Arch": "all", + "SrcName": "tzdata", + "SrcVersion": "2023c", + "SrcRelease": "0ubuntu0.20.04.0", + "Licenses": [ + "ICU" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.73" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "InstalledFiles": [ + "/usr/sbin/tzconfig", + "/usr/share/doc/tzdata/README.Debian", + "/usr/share/doc/tzdata/changelog.Debian.gz", + "/usr/share/doc/tzdata/copyright", + "/usr/share/zoneinfo-icu/44/be/metaZones.res", + "/usr/share/zoneinfo-icu/44/be/timezoneTypes.res", + "/usr/share/zoneinfo-icu/44/be/windowsZones.res", + "/usr/share/zoneinfo-icu/44/be/zoneinfo64.res", + "/usr/share/zoneinfo-icu/44/le/metaZones.res", + "/usr/share/zoneinfo-icu/44/le/timezoneTypes.res", + "/usr/share/zoneinfo-icu/44/le/windowsZones.res", + "/usr/share/zoneinfo-icu/44/le/zoneinfo64.res", + "/usr/share/zoneinfo/Africa/Abidjan", + "/usr/share/zoneinfo/Africa/Algiers", + "/usr/share/zoneinfo/Africa/Bissau", + "/usr/share/zoneinfo/Africa/Cairo", + "/usr/share/zoneinfo/Africa/Casablanca", + "/usr/share/zoneinfo/Africa/Ceuta", + "/usr/share/zoneinfo/Africa/El_Aaiun", + "/usr/share/zoneinfo/Africa/Johannesburg", + "/usr/share/zoneinfo/Africa/Juba", + "/usr/share/zoneinfo/Africa/Khartoum", + "/usr/share/zoneinfo/Africa/Lagos", + "/usr/share/zoneinfo/Africa/Maputo", + "/usr/share/zoneinfo/Africa/Monrovia", + "/usr/share/zoneinfo/Africa/Nairobi", + "/usr/share/zoneinfo/Africa/Ndjamena", + "/usr/share/zoneinfo/Africa/Sao_Tome", + "/usr/share/zoneinfo/Africa/Tripoli", + "/usr/share/zoneinfo/Africa/Tunis", + "/usr/share/zoneinfo/Africa/Windhoek", + "/usr/share/zoneinfo/America/Adak", + "/usr/share/zoneinfo/America/Anchorage", + "/usr/share/zoneinfo/America/Araguaina", + "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", + "/usr/share/zoneinfo/America/Argentina/Catamarca", + "/usr/share/zoneinfo/America/Argentina/Cordoba", + "/usr/share/zoneinfo/America/Argentina/Jujuy", + "/usr/share/zoneinfo/America/Argentina/La_Rioja", + "/usr/share/zoneinfo/America/Argentina/Mendoza", + "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", + "/usr/share/zoneinfo/America/Argentina/Salta", + "/usr/share/zoneinfo/America/Argentina/San_Juan", + "/usr/share/zoneinfo/America/Argentina/San_Luis", + "/usr/share/zoneinfo/America/Argentina/Tucuman", + "/usr/share/zoneinfo/America/Argentina/Ushuaia", + "/usr/share/zoneinfo/America/Asuncion", + "/usr/share/zoneinfo/America/Bahia", + "/usr/share/zoneinfo/America/Bahia_Banderas", + "/usr/share/zoneinfo/America/Barbados", + "/usr/share/zoneinfo/America/Belem", + "/usr/share/zoneinfo/America/Belize", + "/usr/share/zoneinfo/America/Boa_Vista", + "/usr/share/zoneinfo/America/Bogota", + "/usr/share/zoneinfo/America/Boise", + "/usr/share/zoneinfo/America/Cambridge_Bay", + "/usr/share/zoneinfo/America/Campo_Grande", + "/usr/share/zoneinfo/America/Cancun", + "/usr/share/zoneinfo/America/Caracas", + "/usr/share/zoneinfo/America/Cayenne", + "/usr/share/zoneinfo/America/Chicago", + "/usr/share/zoneinfo/America/Chihuahua", + "/usr/share/zoneinfo/America/Ciudad_Juarez", + "/usr/share/zoneinfo/America/Costa_Rica", + "/usr/share/zoneinfo/America/Cuiaba", + "/usr/share/zoneinfo/America/Danmarkshavn", + "/usr/share/zoneinfo/America/Dawson", + "/usr/share/zoneinfo/America/Dawson_Creek", + "/usr/share/zoneinfo/America/Denver", + "/usr/share/zoneinfo/America/Detroit", + "/usr/share/zoneinfo/America/Edmonton", + "/usr/share/zoneinfo/America/Eirunepe", + "/usr/share/zoneinfo/America/El_Salvador", + "/usr/share/zoneinfo/America/Fort_Nelson", + "/usr/share/zoneinfo/America/Fortaleza", + "/usr/share/zoneinfo/America/Glace_Bay", + "/usr/share/zoneinfo/America/Goose_Bay", + "/usr/share/zoneinfo/America/Grand_Turk", + "/usr/share/zoneinfo/America/Guatemala", + "/usr/share/zoneinfo/America/Guayaquil", + "/usr/share/zoneinfo/America/Guyana", + "/usr/share/zoneinfo/America/Halifax", + "/usr/share/zoneinfo/America/Havana", + "/usr/share/zoneinfo/America/Hermosillo", + "/usr/share/zoneinfo/America/Indiana/Indianapolis", + "/usr/share/zoneinfo/America/Indiana/Knox", + "/usr/share/zoneinfo/America/Indiana/Marengo", + "/usr/share/zoneinfo/America/Indiana/Petersburg", + "/usr/share/zoneinfo/America/Indiana/Tell_City", + "/usr/share/zoneinfo/America/Indiana/Vevay", + "/usr/share/zoneinfo/America/Indiana/Vincennes", + "/usr/share/zoneinfo/America/Indiana/Winamac", + "/usr/share/zoneinfo/America/Inuvik", + "/usr/share/zoneinfo/America/Iqaluit", + "/usr/share/zoneinfo/America/Jamaica", + "/usr/share/zoneinfo/America/Juneau", + "/usr/share/zoneinfo/America/Kentucky/Louisville", + "/usr/share/zoneinfo/America/Kentucky/Monticello", + "/usr/share/zoneinfo/America/La_Paz", + "/usr/share/zoneinfo/America/Lima", + "/usr/share/zoneinfo/America/Los_Angeles", + "/usr/share/zoneinfo/America/Maceio", + "/usr/share/zoneinfo/America/Managua", + "/usr/share/zoneinfo/America/Manaus", + "/usr/share/zoneinfo/America/Martinique", + "/usr/share/zoneinfo/America/Matamoros", + "/usr/share/zoneinfo/America/Mazatlan", + "/usr/share/zoneinfo/America/Menominee", + "/usr/share/zoneinfo/America/Merida", + "/usr/share/zoneinfo/America/Metlakatla", + "/usr/share/zoneinfo/America/Mexico_City", + "/usr/share/zoneinfo/America/Miquelon", + "/usr/share/zoneinfo/America/Moncton", + "/usr/share/zoneinfo/America/Monterrey", + "/usr/share/zoneinfo/America/Montevideo", + "/usr/share/zoneinfo/America/New_York", + "/usr/share/zoneinfo/America/Nome", + "/usr/share/zoneinfo/America/Noronha", + "/usr/share/zoneinfo/America/North_Dakota/Beulah", + "/usr/share/zoneinfo/America/North_Dakota/Center", + "/usr/share/zoneinfo/America/North_Dakota/New_Salem", + "/usr/share/zoneinfo/America/Nuuk", + "/usr/share/zoneinfo/America/Ojinaga", + "/usr/share/zoneinfo/America/Panama", + "/usr/share/zoneinfo/America/Paramaribo", + "/usr/share/zoneinfo/America/Phoenix", + "/usr/share/zoneinfo/America/Port-au-Prince", + "/usr/share/zoneinfo/America/Porto_Velho", + "/usr/share/zoneinfo/America/Puerto_Rico", + "/usr/share/zoneinfo/America/Punta_Arenas", + "/usr/share/zoneinfo/America/Rankin_Inlet", + "/usr/share/zoneinfo/America/Recife", + "/usr/share/zoneinfo/America/Regina", + "/usr/share/zoneinfo/America/Resolute", + "/usr/share/zoneinfo/America/Rio_Branco", + "/usr/share/zoneinfo/America/Santarem", + "/usr/share/zoneinfo/America/Santiago", + "/usr/share/zoneinfo/America/Santo_Domingo", + "/usr/share/zoneinfo/America/Sao_Paulo", + "/usr/share/zoneinfo/America/Scoresbysund", + "/usr/share/zoneinfo/America/Sitka", + "/usr/share/zoneinfo/America/St_Johns", + "/usr/share/zoneinfo/America/Swift_Current", + "/usr/share/zoneinfo/America/Tegucigalpa", + "/usr/share/zoneinfo/America/Thule", + "/usr/share/zoneinfo/America/Tijuana", + "/usr/share/zoneinfo/America/Toronto", + "/usr/share/zoneinfo/America/Vancouver", + "/usr/share/zoneinfo/America/Whitehorse", + "/usr/share/zoneinfo/America/Winnipeg", + "/usr/share/zoneinfo/America/Yakutat", + "/usr/share/zoneinfo/Antarctica/Casey", + "/usr/share/zoneinfo/Antarctica/Davis", + "/usr/share/zoneinfo/Antarctica/Macquarie", + "/usr/share/zoneinfo/Antarctica/Mawson", + "/usr/share/zoneinfo/Antarctica/Palmer", + "/usr/share/zoneinfo/Antarctica/Rothera", + "/usr/share/zoneinfo/Antarctica/Troll", + "/usr/share/zoneinfo/Asia/Almaty", + "/usr/share/zoneinfo/Asia/Amman", + "/usr/share/zoneinfo/Asia/Anadyr", + "/usr/share/zoneinfo/Asia/Aqtau", + "/usr/share/zoneinfo/Asia/Aqtobe", + "/usr/share/zoneinfo/Asia/Ashgabat", + "/usr/share/zoneinfo/Asia/Atyrau", + "/usr/share/zoneinfo/Asia/Baghdad", + "/usr/share/zoneinfo/Asia/Baku", + "/usr/share/zoneinfo/Asia/Bangkok", + "/usr/share/zoneinfo/Asia/Barnaul", + "/usr/share/zoneinfo/Asia/Beirut", + "/usr/share/zoneinfo/Asia/Bishkek", + "/usr/share/zoneinfo/Asia/Chita", + "/usr/share/zoneinfo/Asia/Choibalsan", + "/usr/share/zoneinfo/Asia/Colombo", + "/usr/share/zoneinfo/Asia/Damascus", + "/usr/share/zoneinfo/Asia/Dhaka", + "/usr/share/zoneinfo/Asia/Dili", + "/usr/share/zoneinfo/Asia/Dubai", + "/usr/share/zoneinfo/Asia/Dushanbe", + "/usr/share/zoneinfo/Asia/Famagusta", + "/usr/share/zoneinfo/Asia/Gaza", + "/usr/share/zoneinfo/Asia/Hebron", + "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", + "/usr/share/zoneinfo/Asia/Hong_Kong", + "/usr/share/zoneinfo/Asia/Hovd", + "/usr/share/zoneinfo/Asia/Irkutsk", + "/usr/share/zoneinfo/Asia/Jakarta", + "/usr/share/zoneinfo/Asia/Jayapura", + "/usr/share/zoneinfo/Asia/Jerusalem", + "/usr/share/zoneinfo/Asia/Kabul", + "/usr/share/zoneinfo/Asia/Kamchatka", + "/usr/share/zoneinfo/Asia/Karachi", + "/usr/share/zoneinfo/Asia/Kathmandu", + "/usr/share/zoneinfo/Asia/Khandyga", + "/usr/share/zoneinfo/Asia/Kolkata", + "/usr/share/zoneinfo/Asia/Krasnoyarsk", + "/usr/share/zoneinfo/Asia/Kuching", + "/usr/share/zoneinfo/Asia/Macau", + "/usr/share/zoneinfo/Asia/Magadan", + "/usr/share/zoneinfo/Asia/Makassar", + "/usr/share/zoneinfo/Asia/Manila", + "/usr/share/zoneinfo/Asia/Nicosia", + "/usr/share/zoneinfo/Asia/Novokuznetsk", + "/usr/share/zoneinfo/Asia/Novosibirsk", + "/usr/share/zoneinfo/Asia/Omsk", + "/usr/share/zoneinfo/Asia/Oral", + "/usr/share/zoneinfo/Asia/Pontianak", + "/usr/share/zoneinfo/Asia/Pyongyang", + "/usr/share/zoneinfo/Asia/Qatar", + "/usr/share/zoneinfo/Asia/Qostanay", + "/usr/share/zoneinfo/Asia/Qyzylorda", + "/usr/share/zoneinfo/Asia/Riyadh", + "/usr/share/zoneinfo/Asia/Sakhalin", + "/usr/share/zoneinfo/Asia/Samarkand", + "/usr/share/zoneinfo/Asia/Seoul", + "/usr/share/zoneinfo/Asia/Shanghai", + "/usr/share/zoneinfo/Asia/Singapore", + "/usr/share/zoneinfo/Asia/Srednekolymsk", + "/usr/share/zoneinfo/Asia/Taipei", + "/usr/share/zoneinfo/Asia/Tashkent", + "/usr/share/zoneinfo/Asia/Tbilisi", + "/usr/share/zoneinfo/Asia/Tehran", + "/usr/share/zoneinfo/Asia/Thimphu", + "/usr/share/zoneinfo/Asia/Tokyo", + "/usr/share/zoneinfo/Asia/Tomsk", + "/usr/share/zoneinfo/Asia/Ulaanbaatar", + "/usr/share/zoneinfo/Asia/Urumqi", + "/usr/share/zoneinfo/Asia/Ust-Nera", + "/usr/share/zoneinfo/Asia/Vladivostok", + "/usr/share/zoneinfo/Asia/Yakutsk", + "/usr/share/zoneinfo/Asia/Yangon", + "/usr/share/zoneinfo/Asia/Yekaterinburg", + "/usr/share/zoneinfo/Asia/Yerevan", + "/usr/share/zoneinfo/Atlantic/Azores", + "/usr/share/zoneinfo/Atlantic/Bermuda", + "/usr/share/zoneinfo/Atlantic/Canary", + "/usr/share/zoneinfo/Atlantic/Cape_Verde", + "/usr/share/zoneinfo/Atlantic/Faroe", + "/usr/share/zoneinfo/Atlantic/Madeira", + "/usr/share/zoneinfo/Atlantic/South_Georgia", + "/usr/share/zoneinfo/Atlantic/Stanley", + "/usr/share/zoneinfo/Australia/Adelaide", + "/usr/share/zoneinfo/Australia/Brisbane", + "/usr/share/zoneinfo/Australia/Broken_Hill", + "/usr/share/zoneinfo/Australia/Darwin", + "/usr/share/zoneinfo/Australia/Eucla", + "/usr/share/zoneinfo/Australia/Hobart", + "/usr/share/zoneinfo/Australia/Lindeman", + "/usr/share/zoneinfo/Australia/Lord_Howe", + "/usr/share/zoneinfo/Australia/Melbourne", + "/usr/share/zoneinfo/Australia/Perth", + "/usr/share/zoneinfo/Australia/Sydney", + "/usr/share/zoneinfo/CET", + "/usr/share/zoneinfo/CST6CDT", + "/usr/share/zoneinfo/EET", + "/usr/share/zoneinfo/EST", + "/usr/share/zoneinfo/EST5EDT", + "/usr/share/zoneinfo/Etc/GMT", + "/usr/share/zoneinfo/Etc/GMT+1", + "/usr/share/zoneinfo/Etc/GMT+10", + "/usr/share/zoneinfo/Etc/GMT+11", + "/usr/share/zoneinfo/Etc/GMT+12", + "/usr/share/zoneinfo/Etc/GMT+2", + "/usr/share/zoneinfo/Etc/GMT+3", + "/usr/share/zoneinfo/Etc/GMT+4", + "/usr/share/zoneinfo/Etc/GMT+5", + "/usr/share/zoneinfo/Etc/GMT+6", + "/usr/share/zoneinfo/Etc/GMT+7", + "/usr/share/zoneinfo/Etc/GMT+8", + "/usr/share/zoneinfo/Etc/GMT+9", + "/usr/share/zoneinfo/Etc/GMT-1", + "/usr/share/zoneinfo/Etc/GMT-10", + "/usr/share/zoneinfo/Etc/GMT-11", + "/usr/share/zoneinfo/Etc/GMT-12", + "/usr/share/zoneinfo/Etc/GMT-13", + "/usr/share/zoneinfo/Etc/GMT-14", + "/usr/share/zoneinfo/Etc/GMT-2", + "/usr/share/zoneinfo/Etc/GMT-3", + "/usr/share/zoneinfo/Etc/GMT-4", + "/usr/share/zoneinfo/Etc/GMT-5", + "/usr/share/zoneinfo/Etc/GMT-6", + "/usr/share/zoneinfo/Etc/GMT-7", + "/usr/share/zoneinfo/Etc/GMT-8", + "/usr/share/zoneinfo/Etc/GMT-9", + "/usr/share/zoneinfo/Etc/UTC", + "/usr/share/zoneinfo/Europe/Andorra", + "/usr/share/zoneinfo/Europe/Astrakhan", + "/usr/share/zoneinfo/Europe/Athens", + "/usr/share/zoneinfo/Europe/Belgrade", + "/usr/share/zoneinfo/Europe/Berlin", + "/usr/share/zoneinfo/Europe/Brussels", + "/usr/share/zoneinfo/Europe/Bucharest", + "/usr/share/zoneinfo/Europe/Budapest", + "/usr/share/zoneinfo/Europe/Chisinau", + "/usr/share/zoneinfo/Europe/Dublin", + "/usr/share/zoneinfo/Europe/Gibraltar", + "/usr/share/zoneinfo/Europe/Helsinki", + "/usr/share/zoneinfo/Europe/Istanbul", + "/usr/share/zoneinfo/Europe/Kaliningrad", + "/usr/share/zoneinfo/Europe/Kirov", + "/usr/share/zoneinfo/Europe/Kyiv", + "/usr/share/zoneinfo/Europe/Lisbon", + "/usr/share/zoneinfo/Europe/London", + "/usr/share/zoneinfo/Europe/Madrid", + "/usr/share/zoneinfo/Europe/Malta", + "/usr/share/zoneinfo/Europe/Minsk", + "/usr/share/zoneinfo/Europe/Moscow", + "/usr/share/zoneinfo/Europe/Paris", + "/usr/share/zoneinfo/Europe/Prague", + "/usr/share/zoneinfo/Europe/Riga", + "/usr/share/zoneinfo/Europe/Rome", + "/usr/share/zoneinfo/Europe/Samara", + "/usr/share/zoneinfo/Europe/Saratov", + "/usr/share/zoneinfo/Europe/Simferopol", + "/usr/share/zoneinfo/Europe/Sofia", + "/usr/share/zoneinfo/Europe/Tallinn", + "/usr/share/zoneinfo/Europe/Tirane", + "/usr/share/zoneinfo/Europe/Ulyanovsk", + "/usr/share/zoneinfo/Europe/Vienna", + "/usr/share/zoneinfo/Europe/Vilnius", + "/usr/share/zoneinfo/Europe/Volgograd", + "/usr/share/zoneinfo/Europe/Warsaw", + "/usr/share/zoneinfo/Europe/Zurich", + "/usr/share/zoneinfo/Factory", + "/usr/share/zoneinfo/HST", + "/usr/share/zoneinfo/Indian/Chagos", + "/usr/share/zoneinfo/Indian/Maldives", + "/usr/share/zoneinfo/Indian/Mauritius", + "/usr/share/zoneinfo/MET", + "/usr/share/zoneinfo/MST", + "/usr/share/zoneinfo/MST7MDT", + "/usr/share/zoneinfo/PST8PDT", + "/usr/share/zoneinfo/Pacific/Apia", + "/usr/share/zoneinfo/Pacific/Auckland", + "/usr/share/zoneinfo/Pacific/Bougainville", + "/usr/share/zoneinfo/Pacific/Chatham", + "/usr/share/zoneinfo/Pacific/Easter", + "/usr/share/zoneinfo/Pacific/Efate", + "/usr/share/zoneinfo/Pacific/Fakaofo", + "/usr/share/zoneinfo/Pacific/Fiji", + "/usr/share/zoneinfo/Pacific/Galapagos", + "/usr/share/zoneinfo/Pacific/Gambier", + "/usr/share/zoneinfo/Pacific/Guadalcanal", + "/usr/share/zoneinfo/Pacific/Guam", + "/usr/share/zoneinfo/Pacific/Honolulu", + "/usr/share/zoneinfo/Pacific/Kanton", + "/usr/share/zoneinfo/Pacific/Kiritimati", + "/usr/share/zoneinfo/Pacific/Kosrae", + "/usr/share/zoneinfo/Pacific/Kwajalein", + "/usr/share/zoneinfo/Pacific/Marquesas", + "/usr/share/zoneinfo/Pacific/Nauru", + "/usr/share/zoneinfo/Pacific/Niue", + "/usr/share/zoneinfo/Pacific/Norfolk", + "/usr/share/zoneinfo/Pacific/Noumea", + "/usr/share/zoneinfo/Pacific/Pago_Pago", + "/usr/share/zoneinfo/Pacific/Palau", + "/usr/share/zoneinfo/Pacific/Pitcairn", + "/usr/share/zoneinfo/Pacific/Port_Moresby", + "/usr/share/zoneinfo/Pacific/Rarotonga", + "/usr/share/zoneinfo/Pacific/Tahiti", + "/usr/share/zoneinfo/Pacific/Tarawa", + "/usr/share/zoneinfo/Pacific/Tongatapu", + "/usr/share/zoneinfo/WET", + "/usr/share/zoneinfo/iso3166.tab", + "/usr/share/zoneinfo/leap-seconds.list", + "/usr/share/zoneinfo/leapseconds", + "/usr/share/zoneinfo/posix/Africa/Abidjan", + "/usr/share/zoneinfo/posix/Africa/Algiers", + "/usr/share/zoneinfo/posix/Africa/Bissau", + "/usr/share/zoneinfo/posix/Africa/Cairo", + "/usr/share/zoneinfo/posix/Africa/Casablanca", + "/usr/share/zoneinfo/posix/Africa/Ceuta", + "/usr/share/zoneinfo/posix/Africa/El_Aaiun", + "/usr/share/zoneinfo/posix/Africa/Johannesburg", + "/usr/share/zoneinfo/posix/Africa/Juba", + "/usr/share/zoneinfo/posix/Africa/Khartoum", + "/usr/share/zoneinfo/posix/Africa/Lagos", + "/usr/share/zoneinfo/posix/Africa/Maputo", + "/usr/share/zoneinfo/posix/Africa/Monrovia", + "/usr/share/zoneinfo/posix/Africa/Nairobi", + "/usr/share/zoneinfo/posix/Africa/Ndjamena", + "/usr/share/zoneinfo/posix/Africa/Sao_Tome", + "/usr/share/zoneinfo/posix/Africa/Tripoli", + "/usr/share/zoneinfo/posix/Africa/Tunis", + "/usr/share/zoneinfo/posix/Africa/Windhoek", + "/usr/share/zoneinfo/posix/America/Adak", + "/usr/share/zoneinfo/posix/America/Anchorage", + "/usr/share/zoneinfo/posix/America/Araguaina", + "/usr/share/zoneinfo/posix/America/Argentina/Buenos_Aires", + "/usr/share/zoneinfo/posix/America/Argentina/Catamarca", + "/usr/share/zoneinfo/posix/America/Argentina/Cordoba", + "/usr/share/zoneinfo/posix/America/Argentina/Jujuy", + "/usr/share/zoneinfo/posix/America/Argentina/La_Rioja", + "/usr/share/zoneinfo/posix/America/Argentina/Mendoza", + "/usr/share/zoneinfo/posix/America/Argentina/Rio_Gallegos", + "/usr/share/zoneinfo/posix/America/Argentina/Salta", + "/usr/share/zoneinfo/posix/America/Argentina/San_Juan", + "/usr/share/zoneinfo/posix/America/Argentina/San_Luis", + "/usr/share/zoneinfo/posix/America/Argentina/Tucuman", + "/usr/share/zoneinfo/posix/America/Argentina/Ushuaia", + "/usr/share/zoneinfo/posix/America/Asuncion", + "/usr/share/zoneinfo/posix/America/Bahia", + "/usr/share/zoneinfo/posix/America/Bahia_Banderas", + "/usr/share/zoneinfo/posix/America/Barbados", + "/usr/share/zoneinfo/posix/America/Belem", + "/usr/share/zoneinfo/posix/America/Belize", + "/usr/share/zoneinfo/posix/America/Boa_Vista", + "/usr/share/zoneinfo/posix/America/Bogota", + "/usr/share/zoneinfo/posix/America/Boise", + "/usr/share/zoneinfo/posix/America/Cambridge_Bay", + "/usr/share/zoneinfo/posix/America/Campo_Grande", + "/usr/share/zoneinfo/posix/America/Cancun", + "/usr/share/zoneinfo/posix/America/Caracas", + "/usr/share/zoneinfo/posix/America/Cayenne", + "/usr/share/zoneinfo/posix/America/Chicago", + "/usr/share/zoneinfo/posix/America/Chihuahua", + "/usr/share/zoneinfo/posix/America/Ciudad_Juarez", + "/usr/share/zoneinfo/posix/America/Costa_Rica", + "/usr/share/zoneinfo/posix/America/Cuiaba", + "/usr/share/zoneinfo/posix/America/Danmarkshavn", + "/usr/share/zoneinfo/posix/America/Dawson", + "/usr/share/zoneinfo/posix/America/Dawson_Creek", + "/usr/share/zoneinfo/posix/America/Denver", + "/usr/share/zoneinfo/posix/America/Detroit", + "/usr/share/zoneinfo/posix/America/Edmonton", + "/usr/share/zoneinfo/posix/America/Eirunepe", + "/usr/share/zoneinfo/posix/America/El_Salvador", + "/usr/share/zoneinfo/posix/America/Fort_Nelson", + "/usr/share/zoneinfo/posix/America/Fortaleza", + "/usr/share/zoneinfo/posix/America/Glace_Bay", + "/usr/share/zoneinfo/posix/America/Goose_Bay", + "/usr/share/zoneinfo/posix/America/Grand_Turk", + "/usr/share/zoneinfo/posix/America/Guatemala", + "/usr/share/zoneinfo/posix/America/Guayaquil", + "/usr/share/zoneinfo/posix/America/Guyana", + "/usr/share/zoneinfo/posix/America/Halifax", + "/usr/share/zoneinfo/posix/America/Havana", + "/usr/share/zoneinfo/posix/America/Hermosillo", + "/usr/share/zoneinfo/posix/America/Indiana/Indianapolis", + "/usr/share/zoneinfo/posix/America/Indiana/Knox", + "/usr/share/zoneinfo/posix/America/Indiana/Marengo", + "/usr/share/zoneinfo/posix/America/Indiana/Petersburg", + "/usr/share/zoneinfo/posix/America/Indiana/Tell_City", + "/usr/share/zoneinfo/posix/America/Indiana/Vevay", + "/usr/share/zoneinfo/posix/America/Indiana/Vincennes", + "/usr/share/zoneinfo/posix/America/Indiana/Winamac", + "/usr/share/zoneinfo/posix/America/Inuvik", + "/usr/share/zoneinfo/posix/America/Iqaluit", + "/usr/share/zoneinfo/posix/America/Jamaica", + "/usr/share/zoneinfo/posix/America/Juneau", + "/usr/share/zoneinfo/posix/America/Kentucky/Louisville", + "/usr/share/zoneinfo/posix/America/Kentucky/Monticello", + "/usr/share/zoneinfo/posix/America/La_Paz", + "/usr/share/zoneinfo/posix/America/Lima", + "/usr/share/zoneinfo/posix/America/Los_Angeles", + "/usr/share/zoneinfo/posix/America/Maceio", + "/usr/share/zoneinfo/posix/America/Managua", + "/usr/share/zoneinfo/posix/America/Manaus", + "/usr/share/zoneinfo/posix/America/Martinique", + "/usr/share/zoneinfo/posix/America/Matamoros", + "/usr/share/zoneinfo/posix/America/Mazatlan", + "/usr/share/zoneinfo/posix/America/Menominee", + "/usr/share/zoneinfo/posix/America/Merida", + "/usr/share/zoneinfo/posix/America/Metlakatla", + "/usr/share/zoneinfo/posix/America/Mexico_City", + "/usr/share/zoneinfo/posix/America/Miquelon", + "/usr/share/zoneinfo/posix/America/Moncton", + "/usr/share/zoneinfo/posix/America/Monterrey", + "/usr/share/zoneinfo/posix/America/Montevideo", + "/usr/share/zoneinfo/posix/America/New_York", + "/usr/share/zoneinfo/posix/America/Nome", + "/usr/share/zoneinfo/posix/America/Noronha", + "/usr/share/zoneinfo/posix/America/North_Dakota/Beulah", + "/usr/share/zoneinfo/posix/America/North_Dakota/Center", + "/usr/share/zoneinfo/posix/America/North_Dakota/New_Salem", + "/usr/share/zoneinfo/posix/America/Nuuk", + "/usr/share/zoneinfo/posix/America/Ojinaga", + "/usr/share/zoneinfo/posix/America/Panama", + "/usr/share/zoneinfo/posix/America/Paramaribo", + "/usr/share/zoneinfo/posix/America/Phoenix", + "/usr/share/zoneinfo/posix/America/Port-au-Prince", + "/usr/share/zoneinfo/posix/America/Porto_Velho", + "/usr/share/zoneinfo/posix/America/Puerto_Rico", + "/usr/share/zoneinfo/posix/America/Punta_Arenas", + "/usr/share/zoneinfo/posix/America/Rankin_Inlet", + "/usr/share/zoneinfo/posix/America/Recife", + "/usr/share/zoneinfo/posix/America/Regina", + "/usr/share/zoneinfo/posix/America/Resolute", + "/usr/share/zoneinfo/posix/America/Rio_Branco", + "/usr/share/zoneinfo/posix/America/Santarem", + "/usr/share/zoneinfo/posix/America/Santiago", + "/usr/share/zoneinfo/posix/America/Santo_Domingo", + "/usr/share/zoneinfo/posix/America/Sao_Paulo", + "/usr/share/zoneinfo/posix/America/Scoresbysund", + "/usr/share/zoneinfo/posix/America/Sitka", + "/usr/share/zoneinfo/posix/America/St_Johns", + "/usr/share/zoneinfo/posix/America/Swift_Current", + "/usr/share/zoneinfo/posix/America/Tegucigalpa", + "/usr/share/zoneinfo/posix/America/Thule", + "/usr/share/zoneinfo/posix/America/Tijuana", + "/usr/share/zoneinfo/posix/America/Toronto", + "/usr/share/zoneinfo/posix/America/Vancouver", + "/usr/share/zoneinfo/posix/America/Whitehorse", + "/usr/share/zoneinfo/posix/America/Winnipeg", + "/usr/share/zoneinfo/posix/America/Yakutat", + "/usr/share/zoneinfo/posix/Antarctica/Casey", + "/usr/share/zoneinfo/posix/Antarctica/Davis", + "/usr/share/zoneinfo/posix/Antarctica/Macquarie", + "/usr/share/zoneinfo/posix/Antarctica/Mawson", + "/usr/share/zoneinfo/posix/Antarctica/Palmer", + "/usr/share/zoneinfo/posix/Antarctica/Rothera", + "/usr/share/zoneinfo/posix/Antarctica/Troll", + "/usr/share/zoneinfo/posix/Asia/Almaty", + "/usr/share/zoneinfo/posix/Asia/Amman", + "/usr/share/zoneinfo/posix/Asia/Anadyr", + "/usr/share/zoneinfo/posix/Asia/Aqtau", + "/usr/share/zoneinfo/posix/Asia/Aqtobe", + "/usr/share/zoneinfo/posix/Asia/Ashgabat", + "/usr/share/zoneinfo/posix/Asia/Atyrau", + "/usr/share/zoneinfo/posix/Asia/Baghdad", + "/usr/share/zoneinfo/posix/Asia/Baku", + "/usr/share/zoneinfo/posix/Asia/Bangkok", + "/usr/share/zoneinfo/posix/Asia/Barnaul", + "/usr/share/zoneinfo/posix/Asia/Beirut", + "/usr/share/zoneinfo/posix/Asia/Bishkek", + "/usr/share/zoneinfo/posix/Asia/Chita", + "/usr/share/zoneinfo/posix/Asia/Choibalsan", + "/usr/share/zoneinfo/posix/Asia/Colombo", + "/usr/share/zoneinfo/posix/Asia/Damascus", + "/usr/share/zoneinfo/posix/Asia/Dhaka", + "/usr/share/zoneinfo/posix/Asia/Dili", + "/usr/share/zoneinfo/posix/Asia/Dubai", + "/usr/share/zoneinfo/posix/Asia/Dushanbe", + "/usr/share/zoneinfo/posix/Asia/Famagusta", + "/usr/share/zoneinfo/posix/Asia/Gaza", + "/usr/share/zoneinfo/posix/Asia/Hebron", + "/usr/share/zoneinfo/posix/Asia/Ho_Chi_Minh", + "/usr/share/zoneinfo/posix/Asia/Hong_Kong", + "/usr/share/zoneinfo/posix/Asia/Hovd", + "/usr/share/zoneinfo/posix/Asia/Irkutsk", + "/usr/share/zoneinfo/posix/Asia/Jakarta", + "/usr/share/zoneinfo/posix/Asia/Jayapura", + "/usr/share/zoneinfo/posix/Asia/Jerusalem", + "/usr/share/zoneinfo/posix/Asia/Kabul", + "/usr/share/zoneinfo/posix/Asia/Kamchatka", + "/usr/share/zoneinfo/posix/Asia/Karachi", + "/usr/share/zoneinfo/posix/Asia/Kathmandu", + "/usr/share/zoneinfo/posix/Asia/Khandyga", + "/usr/share/zoneinfo/posix/Asia/Kolkata", + "/usr/share/zoneinfo/posix/Asia/Krasnoyarsk", + "/usr/share/zoneinfo/posix/Asia/Kuching", + "/usr/share/zoneinfo/posix/Asia/Macau", + "/usr/share/zoneinfo/posix/Asia/Magadan", + "/usr/share/zoneinfo/posix/Asia/Makassar", + "/usr/share/zoneinfo/posix/Asia/Manila", + "/usr/share/zoneinfo/posix/Asia/Nicosia", + "/usr/share/zoneinfo/posix/Asia/Novokuznetsk", + "/usr/share/zoneinfo/posix/Asia/Novosibirsk", + "/usr/share/zoneinfo/posix/Asia/Omsk", + "/usr/share/zoneinfo/posix/Asia/Oral", + "/usr/share/zoneinfo/posix/Asia/Pontianak", + "/usr/share/zoneinfo/posix/Asia/Pyongyang", + "/usr/share/zoneinfo/posix/Asia/Qatar", + "/usr/share/zoneinfo/posix/Asia/Qostanay", + "/usr/share/zoneinfo/posix/Asia/Qyzylorda", + "/usr/share/zoneinfo/posix/Asia/Riyadh", + "/usr/share/zoneinfo/posix/Asia/Sakhalin", + "/usr/share/zoneinfo/posix/Asia/Samarkand", + "/usr/share/zoneinfo/posix/Asia/Seoul", + "/usr/share/zoneinfo/posix/Asia/Shanghai", + "/usr/share/zoneinfo/posix/Asia/Singapore", + "/usr/share/zoneinfo/posix/Asia/Srednekolymsk", + "/usr/share/zoneinfo/posix/Asia/Taipei", + "/usr/share/zoneinfo/posix/Asia/Tashkent", + "/usr/share/zoneinfo/posix/Asia/Tbilisi", + "/usr/share/zoneinfo/posix/Asia/Tehran", + "/usr/share/zoneinfo/posix/Asia/Thimphu", + "/usr/share/zoneinfo/posix/Asia/Tokyo", + "/usr/share/zoneinfo/posix/Asia/Tomsk", + "/usr/share/zoneinfo/posix/Asia/Ulaanbaatar", + "/usr/share/zoneinfo/posix/Asia/Urumqi", + "/usr/share/zoneinfo/posix/Asia/Ust-Nera", + "/usr/share/zoneinfo/posix/Asia/Vladivostok", + "/usr/share/zoneinfo/posix/Asia/Yakutsk", + "/usr/share/zoneinfo/posix/Asia/Yangon", + "/usr/share/zoneinfo/posix/Asia/Yekaterinburg", + "/usr/share/zoneinfo/posix/Asia/Yerevan", + "/usr/share/zoneinfo/posix/Atlantic/Azores", + "/usr/share/zoneinfo/posix/Atlantic/Bermuda", + "/usr/share/zoneinfo/posix/Atlantic/Canary", + "/usr/share/zoneinfo/posix/Atlantic/Cape_Verde", + "/usr/share/zoneinfo/posix/Atlantic/Faroe", + "/usr/share/zoneinfo/posix/Atlantic/Madeira", + "/usr/share/zoneinfo/posix/Atlantic/South_Georgia", + "/usr/share/zoneinfo/posix/Atlantic/Stanley", + "/usr/share/zoneinfo/posix/Australia/Adelaide", + "/usr/share/zoneinfo/posix/Australia/Brisbane", + "/usr/share/zoneinfo/posix/Australia/Broken_Hill", + "/usr/share/zoneinfo/posix/Australia/Darwin", + "/usr/share/zoneinfo/posix/Australia/Eucla", + "/usr/share/zoneinfo/posix/Australia/Hobart", + "/usr/share/zoneinfo/posix/Australia/Lindeman", + "/usr/share/zoneinfo/posix/Australia/Lord_Howe", + "/usr/share/zoneinfo/posix/Australia/Melbourne", + "/usr/share/zoneinfo/posix/Australia/Perth", + "/usr/share/zoneinfo/posix/Australia/Sydney", + "/usr/share/zoneinfo/posix/CET", + "/usr/share/zoneinfo/posix/CST6CDT", + "/usr/share/zoneinfo/posix/EET", + "/usr/share/zoneinfo/posix/EST", + "/usr/share/zoneinfo/posix/EST5EDT", + "/usr/share/zoneinfo/posix/Etc/GMT", + "/usr/share/zoneinfo/posix/Etc/GMT+1", + "/usr/share/zoneinfo/posix/Etc/GMT+10", + "/usr/share/zoneinfo/posix/Etc/GMT+11", + "/usr/share/zoneinfo/posix/Etc/GMT+12", + "/usr/share/zoneinfo/posix/Etc/GMT+2", + "/usr/share/zoneinfo/posix/Etc/GMT+3", + "/usr/share/zoneinfo/posix/Etc/GMT+4", + "/usr/share/zoneinfo/posix/Etc/GMT+5", + "/usr/share/zoneinfo/posix/Etc/GMT+6", + "/usr/share/zoneinfo/posix/Etc/GMT+7", + "/usr/share/zoneinfo/posix/Etc/GMT+8", + "/usr/share/zoneinfo/posix/Etc/GMT+9", + "/usr/share/zoneinfo/posix/Etc/GMT-1", + "/usr/share/zoneinfo/posix/Etc/GMT-10", + "/usr/share/zoneinfo/posix/Etc/GMT-11", + "/usr/share/zoneinfo/posix/Etc/GMT-12", + "/usr/share/zoneinfo/posix/Etc/GMT-13", + "/usr/share/zoneinfo/posix/Etc/GMT-14", + "/usr/share/zoneinfo/posix/Etc/GMT-2", + "/usr/share/zoneinfo/posix/Etc/GMT-3", + "/usr/share/zoneinfo/posix/Etc/GMT-4", + "/usr/share/zoneinfo/posix/Etc/GMT-5", + "/usr/share/zoneinfo/posix/Etc/GMT-6", + "/usr/share/zoneinfo/posix/Etc/GMT-7", + "/usr/share/zoneinfo/posix/Etc/GMT-8", + "/usr/share/zoneinfo/posix/Etc/GMT-9", + "/usr/share/zoneinfo/posix/Etc/UTC", + "/usr/share/zoneinfo/posix/Europe/Andorra", + "/usr/share/zoneinfo/posix/Europe/Astrakhan", + "/usr/share/zoneinfo/posix/Europe/Athens", + "/usr/share/zoneinfo/posix/Europe/Belgrade", + "/usr/share/zoneinfo/posix/Europe/Berlin", + "/usr/share/zoneinfo/posix/Europe/Brussels", + "/usr/share/zoneinfo/posix/Europe/Bucharest", + "/usr/share/zoneinfo/posix/Europe/Budapest", + "/usr/share/zoneinfo/posix/Europe/Chisinau", + "/usr/share/zoneinfo/posix/Europe/Dublin", + "/usr/share/zoneinfo/posix/Europe/Gibraltar", + "/usr/share/zoneinfo/posix/Europe/Helsinki", + "/usr/share/zoneinfo/posix/Europe/Istanbul", + "/usr/share/zoneinfo/posix/Europe/Kaliningrad", + "/usr/share/zoneinfo/posix/Europe/Kirov", + "/usr/share/zoneinfo/posix/Europe/Kyiv", + "/usr/share/zoneinfo/posix/Europe/Lisbon", + "/usr/share/zoneinfo/posix/Europe/London", + "/usr/share/zoneinfo/posix/Europe/Madrid", + "/usr/share/zoneinfo/posix/Europe/Malta", + "/usr/share/zoneinfo/posix/Europe/Minsk", + "/usr/share/zoneinfo/posix/Europe/Moscow", + "/usr/share/zoneinfo/posix/Europe/Paris", + "/usr/share/zoneinfo/posix/Europe/Prague", + "/usr/share/zoneinfo/posix/Europe/Riga", + "/usr/share/zoneinfo/posix/Europe/Rome", + "/usr/share/zoneinfo/posix/Europe/Samara", + "/usr/share/zoneinfo/posix/Europe/Saratov", + "/usr/share/zoneinfo/posix/Europe/Simferopol", + "/usr/share/zoneinfo/posix/Europe/Sofia", + "/usr/share/zoneinfo/posix/Europe/Tallinn", + "/usr/share/zoneinfo/posix/Europe/Tirane", + "/usr/share/zoneinfo/posix/Europe/Ulyanovsk", + "/usr/share/zoneinfo/posix/Europe/Vienna", + "/usr/share/zoneinfo/posix/Europe/Vilnius", + "/usr/share/zoneinfo/posix/Europe/Volgograd", + "/usr/share/zoneinfo/posix/Europe/Warsaw", + "/usr/share/zoneinfo/posix/Europe/Zurich", + "/usr/share/zoneinfo/posix/Factory", + "/usr/share/zoneinfo/posix/HST", + "/usr/share/zoneinfo/posix/Indian/Chagos", + "/usr/share/zoneinfo/posix/Indian/Maldives", + "/usr/share/zoneinfo/posix/Indian/Mauritius", + "/usr/share/zoneinfo/posix/MET", + "/usr/share/zoneinfo/posix/MST", + "/usr/share/zoneinfo/posix/MST7MDT", + "/usr/share/zoneinfo/posix/PST8PDT", + "/usr/share/zoneinfo/posix/Pacific/Apia", + "/usr/share/zoneinfo/posix/Pacific/Auckland", + "/usr/share/zoneinfo/posix/Pacific/Bougainville", + "/usr/share/zoneinfo/posix/Pacific/Chatham", + "/usr/share/zoneinfo/posix/Pacific/Easter", + "/usr/share/zoneinfo/posix/Pacific/Efate", + "/usr/share/zoneinfo/posix/Pacific/Fakaofo", + "/usr/share/zoneinfo/posix/Pacific/Fiji", + "/usr/share/zoneinfo/posix/Pacific/Galapagos", + "/usr/share/zoneinfo/posix/Pacific/Gambier", + "/usr/share/zoneinfo/posix/Pacific/Guadalcanal", + "/usr/share/zoneinfo/posix/Pacific/Guam", + "/usr/share/zoneinfo/posix/Pacific/Honolulu", + "/usr/share/zoneinfo/posix/Pacific/Kanton", + "/usr/share/zoneinfo/posix/Pacific/Kiritimati", + "/usr/share/zoneinfo/posix/Pacific/Kosrae", + "/usr/share/zoneinfo/posix/Pacific/Kwajalein", + "/usr/share/zoneinfo/posix/Pacific/Marquesas", + "/usr/share/zoneinfo/posix/Pacific/Nauru", + "/usr/share/zoneinfo/posix/Pacific/Niue", + "/usr/share/zoneinfo/posix/Pacific/Norfolk", + "/usr/share/zoneinfo/posix/Pacific/Noumea", + "/usr/share/zoneinfo/posix/Pacific/Pago_Pago", + "/usr/share/zoneinfo/posix/Pacific/Palau", + "/usr/share/zoneinfo/posix/Pacific/Pitcairn", + "/usr/share/zoneinfo/posix/Pacific/Port_Moresby", + "/usr/share/zoneinfo/posix/Pacific/Rarotonga", + "/usr/share/zoneinfo/posix/Pacific/Tahiti", + "/usr/share/zoneinfo/posix/Pacific/Tarawa", + "/usr/share/zoneinfo/posix/Pacific/Tongatapu", + "/usr/share/zoneinfo/posix/WET", + "/usr/share/zoneinfo/right/Africa/Abidjan", + "/usr/share/zoneinfo/right/Africa/Algiers", + "/usr/share/zoneinfo/right/Africa/Bissau", + "/usr/share/zoneinfo/right/Africa/Cairo", + "/usr/share/zoneinfo/right/Africa/Casablanca", + "/usr/share/zoneinfo/right/Africa/Ceuta", + "/usr/share/zoneinfo/right/Africa/El_Aaiun", + "/usr/share/zoneinfo/right/Africa/Johannesburg", + "/usr/share/zoneinfo/right/Africa/Juba", + "/usr/share/zoneinfo/right/Africa/Khartoum", + "/usr/share/zoneinfo/right/Africa/Lagos", + "/usr/share/zoneinfo/right/Africa/Maputo", + "/usr/share/zoneinfo/right/Africa/Monrovia", + "/usr/share/zoneinfo/right/Africa/Nairobi", + "/usr/share/zoneinfo/right/Africa/Ndjamena", + "/usr/share/zoneinfo/right/Africa/Sao_Tome", + "/usr/share/zoneinfo/right/Africa/Tripoli", + "/usr/share/zoneinfo/right/Africa/Tunis", + "/usr/share/zoneinfo/right/Africa/Windhoek", + "/usr/share/zoneinfo/right/America/Adak", + "/usr/share/zoneinfo/right/America/Anchorage", + "/usr/share/zoneinfo/right/America/Araguaina", + "/usr/share/zoneinfo/right/America/Argentina/Buenos_Aires", + "/usr/share/zoneinfo/right/America/Argentina/Catamarca", + "/usr/share/zoneinfo/right/America/Argentina/Cordoba", + "/usr/share/zoneinfo/right/America/Argentina/Jujuy", + "/usr/share/zoneinfo/right/America/Argentina/La_Rioja", + "/usr/share/zoneinfo/right/America/Argentina/Mendoza", + "/usr/share/zoneinfo/right/America/Argentina/Rio_Gallegos", + "/usr/share/zoneinfo/right/America/Argentina/Salta", + "/usr/share/zoneinfo/right/America/Argentina/San_Juan", + "/usr/share/zoneinfo/right/America/Argentina/San_Luis", + "/usr/share/zoneinfo/right/America/Argentina/Tucuman", + "/usr/share/zoneinfo/right/America/Argentina/Ushuaia", + "/usr/share/zoneinfo/right/America/Asuncion", + "/usr/share/zoneinfo/right/America/Bahia", + "/usr/share/zoneinfo/right/America/Bahia_Banderas", + "/usr/share/zoneinfo/right/America/Barbados", + "/usr/share/zoneinfo/right/America/Belem", + "/usr/share/zoneinfo/right/America/Belize", + "/usr/share/zoneinfo/right/America/Boa_Vista", + "/usr/share/zoneinfo/right/America/Bogota", + "/usr/share/zoneinfo/right/America/Boise", + "/usr/share/zoneinfo/right/America/Cambridge_Bay", + "/usr/share/zoneinfo/right/America/Campo_Grande", + "/usr/share/zoneinfo/right/America/Cancun", + "/usr/share/zoneinfo/right/America/Caracas", + "/usr/share/zoneinfo/right/America/Cayenne", + "/usr/share/zoneinfo/right/America/Chicago", + "/usr/share/zoneinfo/right/America/Chihuahua", + "/usr/share/zoneinfo/right/America/Ciudad_Juarez", + "/usr/share/zoneinfo/right/America/Costa_Rica", + "/usr/share/zoneinfo/right/America/Cuiaba", + "/usr/share/zoneinfo/right/America/Danmarkshavn", + "/usr/share/zoneinfo/right/America/Dawson", + "/usr/share/zoneinfo/right/America/Dawson_Creek", + "/usr/share/zoneinfo/right/America/Denver", + "/usr/share/zoneinfo/right/America/Detroit", + "/usr/share/zoneinfo/right/America/Edmonton", + "/usr/share/zoneinfo/right/America/Eirunepe", + "/usr/share/zoneinfo/right/America/El_Salvador", + "/usr/share/zoneinfo/right/America/Fort_Nelson", + "/usr/share/zoneinfo/right/America/Fortaleza", + "/usr/share/zoneinfo/right/America/Glace_Bay", + "/usr/share/zoneinfo/right/America/Goose_Bay", + "/usr/share/zoneinfo/right/America/Grand_Turk", + "/usr/share/zoneinfo/right/America/Guatemala", + "/usr/share/zoneinfo/right/America/Guayaquil", + "/usr/share/zoneinfo/right/America/Guyana", + "/usr/share/zoneinfo/right/America/Halifax", + "/usr/share/zoneinfo/right/America/Havana", + "/usr/share/zoneinfo/right/America/Hermosillo", + "/usr/share/zoneinfo/right/America/Indiana/Indianapolis", + "/usr/share/zoneinfo/right/America/Indiana/Knox", + "/usr/share/zoneinfo/right/America/Indiana/Marengo", + "/usr/share/zoneinfo/right/America/Indiana/Petersburg", + "/usr/share/zoneinfo/right/America/Indiana/Tell_City", + "/usr/share/zoneinfo/right/America/Indiana/Vevay", + "/usr/share/zoneinfo/right/America/Indiana/Vincennes", + "/usr/share/zoneinfo/right/America/Indiana/Winamac", + "/usr/share/zoneinfo/right/America/Inuvik", + "/usr/share/zoneinfo/right/America/Iqaluit", + "/usr/share/zoneinfo/right/America/Jamaica", + "/usr/share/zoneinfo/right/America/Juneau", + "/usr/share/zoneinfo/right/America/Kentucky/Louisville", + "/usr/share/zoneinfo/right/America/Kentucky/Monticello", + "/usr/share/zoneinfo/right/America/La_Paz", + "/usr/share/zoneinfo/right/America/Lima", + "/usr/share/zoneinfo/right/America/Los_Angeles", + "/usr/share/zoneinfo/right/America/Maceio", + "/usr/share/zoneinfo/right/America/Managua", + "/usr/share/zoneinfo/right/America/Manaus", + "/usr/share/zoneinfo/right/America/Martinique", + "/usr/share/zoneinfo/right/America/Matamoros", + "/usr/share/zoneinfo/right/America/Mazatlan", + "/usr/share/zoneinfo/right/America/Menominee", + "/usr/share/zoneinfo/right/America/Merida", + "/usr/share/zoneinfo/right/America/Metlakatla", + "/usr/share/zoneinfo/right/America/Mexico_City", + "/usr/share/zoneinfo/right/America/Miquelon", + "/usr/share/zoneinfo/right/America/Moncton", + "/usr/share/zoneinfo/right/America/Monterrey", + "/usr/share/zoneinfo/right/America/Montevideo", + "/usr/share/zoneinfo/right/America/New_York", + "/usr/share/zoneinfo/right/America/Nome", + "/usr/share/zoneinfo/right/America/Noronha", + "/usr/share/zoneinfo/right/America/North_Dakota/Beulah", + "/usr/share/zoneinfo/right/America/North_Dakota/Center", + "/usr/share/zoneinfo/right/America/North_Dakota/New_Salem", + "/usr/share/zoneinfo/right/America/Nuuk", + "/usr/share/zoneinfo/right/America/Ojinaga", + "/usr/share/zoneinfo/right/America/Panama", + "/usr/share/zoneinfo/right/America/Paramaribo", + "/usr/share/zoneinfo/right/America/Phoenix", + "/usr/share/zoneinfo/right/America/Port-au-Prince", + "/usr/share/zoneinfo/right/America/Porto_Velho", + "/usr/share/zoneinfo/right/America/Puerto_Rico", + "/usr/share/zoneinfo/right/America/Punta_Arenas", + "/usr/share/zoneinfo/right/America/Rankin_Inlet", + "/usr/share/zoneinfo/right/America/Recife", + "/usr/share/zoneinfo/right/America/Regina", + "/usr/share/zoneinfo/right/America/Resolute", + "/usr/share/zoneinfo/right/America/Rio_Branco", + "/usr/share/zoneinfo/right/America/Santarem", + "/usr/share/zoneinfo/right/America/Santiago", + "/usr/share/zoneinfo/right/America/Santo_Domingo", + "/usr/share/zoneinfo/right/America/Sao_Paulo", + "/usr/share/zoneinfo/right/America/Scoresbysund", + "/usr/share/zoneinfo/right/America/Sitka", + "/usr/share/zoneinfo/right/America/St_Johns", + "/usr/share/zoneinfo/right/America/Swift_Current", + "/usr/share/zoneinfo/right/America/Tegucigalpa", + "/usr/share/zoneinfo/right/America/Thule", + "/usr/share/zoneinfo/right/America/Tijuana", + "/usr/share/zoneinfo/right/America/Toronto", + "/usr/share/zoneinfo/right/America/Vancouver", + "/usr/share/zoneinfo/right/America/Whitehorse", + "/usr/share/zoneinfo/right/America/Winnipeg", + "/usr/share/zoneinfo/right/America/Yakutat", + "/usr/share/zoneinfo/right/Antarctica/Casey", + "/usr/share/zoneinfo/right/Antarctica/Davis", + "/usr/share/zoneinfo/right/Antarctica/Macquarie", + "/usr/share/zoneinfo/right/Antarctica/Mawson", + "/usr/share/zoneinfo/right/Antarctica/Palmer", + "/usr/share/zoneinfo/right/Antarctica/Rothera", + "/usr/share/zoneinfo/right/Antarctica/Troll", + "/usr/share/zoneinfo/right/Asia/Almaty", + "/usr/share/zoneinfo/right/Asia/Amman", + "/usr/share/zoneinfo/right/Asia/Anadyr", + "/usr/share/zoneinfo/right/Asia/Aqtau", + "/usr/share/zoneinfo/right/Asia/Aqtobe", + "/usr/share/zoneinfo/right/Asia/Ashgabat", + "/usr/share/zoneinfo/right/Asia/Atyrau", + "/usr/share/zoneinfo/right/Asia/Baghdad", + "/usr/share/zoneinfo/right/Asia/Baku", + "/usr/share/zoneinfo/right/Asia/Bangkok", + "/usr/share/zoneinfo/right/Asia/Barnaul", + "/usr/share/zoneinfo/right/Asia/Beirut", + "/usr/share/zoneinfo/right/Asia/Bishkek", + "/usr/share/zoneinfo/right/Asia/Chita", + "/usr/share/zoneinfo/right/Asia/Choibalsan", + "/usr/share/zoneinfo/right/Asia/Colombo", + "/usr/share/zoneinfo/right/Asia/Damascus", + "/usr/share/zoneinfo/right/Asia/Dhaka", + "/usr/share/zoneinfo/right/Asia/Dili", + "/usr/share/zoneinfo/right/Asia/Dubai", + "/usr/share/zoneinfo/right/Asia/Dushanbe", + "/usr/share/zoneinfo/right/Asia/Famagusta", + "/usr/share/zoneinfo/right/Asia/Gaza", + "/usr/share/zoneinfo/right/Asia/Hebron", + "/usr/share/zoneinfo/right/Asia/Ho_Chi_Minh", + "/usr/share/zoneinfo/right/Asia/Hong_Kong", + "/usr/share/zoneinfo/right/Asia/Hovd", + "/usr/share/zoneinfo/right/Asia/Irkutsk", + "/usr/share/zoneinfo/right/Asia/Jakarta", + "/usr/share/zoneinfo/right/Asia/Jayapura", + "/usr/share/zoneinfo/right/Asia/Jerusalem", + "/usr/share/zoneinfo/right/Asia/Kabul", + "/usr/share/zoneinfo/right/Asia/Kamchatka", + "/usr/share/zoneinfo/right/Asia/Karachi", + "/usr/share/zoneinfo/right/Asia/Kathmandu", + "/usr/share/zoneinfo/right/Asia/Khandyga", + "/usr/share/zoneinfo/right/Asia/Kolkata", + "/usr/share/zoneinfo/right/Asia/Krasnoyarsk", + "/usr/share/zoneinfo/right/Asia/Kuching", + "/usr/share/zoneinfo/right/Asia/Macau", + "/usr/share/zoneinfo/right/Asia/Magadan", + "/usr/share/zoneinfo/right/Asia/Makassar", + "/usr/share/zoneinfo/right/Asia/Manila", + "/usr/share/zoneinfo/right/Asia/Nicosia", + "/usr/share/zoneinfo/right/Asia/Novokuznetsk", + "/usr/share/zoneinfo/right/Asia/Novosibirsk", + "/usr/share/zoneinfo/right/Asia/Omsk", + "/usr/share/zoneinfo/right/Asia/Oral", + "/usr/share/zoneinfo/right/Asia/Pontianak", + "/usr/share/zoneinfo/right/Asia/Pyongyang", + "/usr/share/zoneinfo/right/Asia/Qatar", + "/usr/share/zoneinfo/right/Asia/Qostanay", + "/usr/share/zoneinfo/right/Asia/Qyzylorda", + "/usr/share/zoneinfo/right/Asia/Riyadh", + "/usr/share/zoneinfo/right/Asia/Sakhalin", + "/usr/share/zoneinfo/right/Asia/Samarkand", + "/usr/share/zoneinfo/right/Asia/Seoul", + "/usr/share/zoneinfo/right/Asia/Shanghai", + "/usr/share/zoneinfo/right/Asia/Singapore", + "/usr/share/zoneinfo/right/Asia/Srednekolymsk", + "/usr/share/zoneinfo/right/Asia/Taipei", + "/usr/share/zoneinfo/right/Asia/Tashkent", + "/usr/share/zoneinfo/right/Asia/Tbilisi", + "/usr/share/zoneinfo/right/Asia/Tehran", + "/usr/share/zoneinfo/right/Asia/Thimphu", + "/usr/share/zoneinfo/right/Asia/Tokyo", + "/usr/share/zoneinfo/right/Asia/Tomsk", + "/usr/share/zoneinfo/right/Asia/Ulaanbaatar", + "/usr/share/zoneinfo/right/Asia/Urumqi", + "/usr/share/zoneinfo/right/Asia/Ust-Nera", + "/usr/share/zoneinfo/right/Asia/Vladivostok", + "/usr/share/zoneinfo/right/Asia/Yakutsk", + "/usr/share/zoneinfo/right/Asia/Yangon", + "/usr/share/zoneinfo/right/Asia/Yekaterinburg", + "/usr/share/zoneinfo/right/Asia/Yerevan", + "/usr/share/zoneinfo/right/Atlantic/Azores", + "/usr/share/zoneinfo/right/Atlantic/Bermuda", + "/usr/share/zoneinfo/right/Atlantic/Canary", + "/usr/share/zoneinfo/right/Atlantic/Cape_Verde", + "/usr/share/zoneinfo/right/Atlantic/Faroe", + "/usr/share/zoneinfo/right/Atlantic/Madeira", + "/usr/share/zoneinfo/right/Atlantic/South_Georgia", + "/usr/share/zoneinfo/right/Atlantic/Stanley", + "/usr/share/zoneinfo/right/Australia/Adelaide", + "/usr/share/zoneinfo/right/Australia/Brisbane", + "/usr/share/zoneinfo/right/Australia/Broken_Hill", + "/usr/share/zoneinfo/right/Australia/Darwin", + "/usr/share/zoneinfo/right/Australia/Eucla", + "/usr/share/zoneinfo/right/Australia/Hobart", + "/usr/share/zoneinfo/right/Australia/Lindeman", + "/usr/share/zoneinfo/right/Australia/Lord_Howe", + "/usr/share/zoneinfo/right/Australia/Melbourne", + "/usr/share/zoneinfo/right/Australia/Perth", + "/usr/share/zoneinfo/right/Australia/Sydney", + "/usr/share/zoneinfo/right/CET", + "/usr/share/zoneinfo/right/CST6CDT", + "/usr/share/zoneinfo/right/EET", + "/usr/share/zoneinfo/right/EST", + "/usr/share/zoneinfo/right/EST5EDT", + "/usr/share/zoneinfo/right/Etc/GMT", + "/usr/share/zoneinfo/right/Etc/GMT+1", + "/usr/share/zoneinfo/right/Etc/GMT+10", + "/usr/share/zoneinfo/right/Etc/GMT+11", + "/usr/share/zoneinfo/right/Etc/GMT+12", + "/usr/share/zoneinfo/right/Etc/GMT+2", + "/usr/share/zoneinfo/right/Etc/GMT+3", + "/usr/share/zoneinfo/right/Etc/GMT+4", + "/usr/share/zoneinfo/right/Etc/GMT+5", + "/usr/share/zoneinfo/right/Etc/GMT+6", + "/usr/share/zoneinfo/right/Etc/GMT+7", + "/usr/share/zoneinfo/right/Etc/GMT+8", + "/usr/share/zoneinfo/right/Etc/GMT+9", + "/usr/share/zoneinfo/right/Etc/GMT-1", + "/usr/share/zoneinfo/right/Etc/GMT-10", + "/usr/share/zoneinfo/right/Etc/GMT-11", + "/usr/share/zoneinfo/right/Etc/GMT-12", + "/usr/share/zoneinfo/right/Etc/GMT-13", + "/usr/share/zoneinfo/right/Etc/GMT-14", + "/usr/share/zoneinfo/right/Etc/GMT-2", + "/usr/share/zoneinfo/right/Etc/GMT-3", + "/usr/share/zoneinfo/right/Etc/GMT-4", + "/usr/share/zoneinfo/right/Etc/GMT-5", + "/usr/share/zoneinfo/right/Etc/GMT-6", + "/usr/share/zoneinfo/right/Etc/GMT-7", + "/usr/share/zoneinfo/right/Etc/GMT-8", + "/usr/share/zoneinfo/right/Etc/GMT-9", + "/usr/share/zoneinfo/right/Etc/UTC", + "/usr/share/zoneinfo/right/Europe/Andorra", + "/usr/share/zoneinfo/right/Europe/Astrakhan", + "/usr/share/zoneinfo/right/Europe/Athens", + "/usr/share/zoneinfo/right/Europe/Belgrade", + "/usr/share/zoneinfo/right/Europe/Berlin", + "/usr/share/zoneinfo/right/Europe/Brussels", + "/usr/share/zoneinfo/right/Europe/Bucharest", + "/usr/share/zoneinfo/right/Europe/Budapest", + "/usr/share/zoneinfo/right/Europe/Chisinau", + "/usr/share/zoneinfo/right/Europe/Dublin", + "/usr/share/zoneinfo/right/Europe/Gibraltar", + "/usr/share/zoneinfo/right/Europe/Helsinki", + "/usr/share/zoneinfo/right/Europe/Istanbul", + "/usr/share/zoneinfo/right/Europe/Kaliningrad", + "/usr/share/zoneinfo/right/Europe/Kirov", + "/usr/share/zoneinfo/right/Europe/Kyiv", + "/usr/share/zoneinfo/right/Europe/Lisbon", + "/usr/share/zoneinfo/right/Europe/London", + "/usr/share/zoneinfo/right/Europe/Madrid", + "/usr/share/zoneinfo/right/Europe/Malta", + "/usr/share/zoneinfo/right/Europe/Minsk", + "/usr/share/zoneinfo/right/Europe/Moscow", + "/usr/share/zoneinfo/right/Europe/Paris", + "/usr/share/zoneinfo/right/Europe/Prague", + "/usr/share/zoneinfo/right/Europe/Riga", + "/usr/share/zoneinfo/right/Europe/Rome", + "/usr/share/zoneinfo/right/Europe/Samara", + "/usr/share/zoneinfo/right/Europe/Saratov", + "/usr/share/zoneinfo/right/Europe/Simferopol", + "/usr/share/zoneinfo/right/Europe/Sofia", + "/usr/share/zoneinfo/right/Europe/Tallinn", + "/usr/share/zoneinfo/right/Europe/Tirane", + "/usr/share/zoneinfo/right/Europe/Ulyanovsk", + "/usr/share/zoneinfo/right/Europe/Vienna", + "/usr/share/zoneinfo/right/Europe/Vilnius", + "/usr/share/zoneinfo/right/Europe/Volgograd", + "/usr/share/zoneinfo/right/Europe/Warsaw", + "/usr/share/zoneinfo/right/Europe/Zurich", + "/usr/share/zoneinfo/right/Factory", + "/usr/share/zoneinfo/right/HST", + "/usr/share/zoneinfo/right/Indian/Chagos", + "/usr/share/zoneinfo/right/Indian/Maldives", + "/usr/share/zoneinfo/right/Indian/Mauritius", + "/usr/share/zoneinfo/right/MET", + "/usr/share/zoneinfo/right/MST", + "/usr/share/zoneinfo/right/MST7MDT", + "/usr/share/zoneinfo/right/PST8PDT", + "/usr/share/zoneinfo/right/Pacific/Apia", + "/usr/share/zoneinfo/right/Pacific/Auckland", + "/usr/share/zoneinfo/right/Pacific/Bougainville", + "/usr/share/zoneinfo/right/Pacific/Chatham", + "/usr/share/zoneinfo/right/Pacific/Easter", + "/usr/share/zoneinfo/right/Pacific/Efate", + "/usr/share/zoneinfo/right/Pacific/Fakaofo", + "/usr/share/zoneinfo/right/Pacific/Fiji", + "/usr/share/zoneinfo/right/Pacific/Galapagos", + "/usr/share/zoneinfo/right/Pacific/Gambier", + "/usr/share/zoneinfo/right/Pacific/Guadalcanal", + "/usr/share/zoneinfo/right/Pacific/Guam", + "/usr/share/zoneinfo/right/Pacific/Honolulu", + "/usr/share/zoneinfo/right/Pacific/Kanton", + "/usr/share/zoneinfo/right/Pacific/Kiritimati", + "/usr/share/zoneinfo/right/Pacific/Kosrae", + "/usr/share/zoneinfo/right/Pacific/Kwajalein", + "/usr/share/zoneinfo/right/Pacific/Marquesas", + "/usr/share/zoneinfo/right/Pacific/Nauru", + "/usr/share/zoneinfo/right/Pacific/Niue", + "/usr/share/zoneinfo/right/Pacific/Norfolk", + "/usr/share/zoneinfo/right/Pacific/Noumea", + "/usr/share/zoneinfo/right/Pacific/Pago_Pago", + "/usr/share/zoneinfo/right/Pacific/Palau", + "/usr/share/zoneinfo/right/Pacific/Pitcairn", + "/usr/share/zoneinfo/right/Pacific/Port_Moresby", + "/usr/share/zoneinfo/right/Pacific/Rarotonga", + "/usr/share/zoneinfo/right/Pacific/Tahiti", + "/usr/share/zoneinfo/right/Pacific/Tarawa", + "/usr/share/zoneinfo/right/Pacific/Tongatapu", + "/usr/share/zoneinfo/right/WET", + "/usr/share/zoneinfo/tzdata.zi", + "/usr/share/zoneinfo/zone.tab", + "/usr/share/zoneinfo/zone1970.tab" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "ubuntu-keyring@2020.02.11.4", + "Name": "ubuntu-keyring", + "Identifier": { + "PURL": "pkg:deb/ubuntu/ubuntu-keyring@2020.02.11.4?arch=all\u0026distro=ubuntu-20.04", + "UID": "171f129b474e838b" + }, + "Version": "2020.02.11.4", + "Arch": "all", + "SrcName": "ubuntu-keyring", + "SrcVersion": "2020.02.11.4", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Dimitri John Ledkov \u003cdimitri.ledkov@canonical.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg", + "/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg", + "/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg", + "/usr/share/doc/ubuntu-keyring/changelog.gz", + "/usr/share/doc/ubuntu-keyring/copyright", + "/usr/share/keyrings/ubuntu-archive-keyring.gpg", + "/usr/share/keyrings/ubuntu-archive-removed-keys.gpg", + "/usr/share/keyrings/ubuntu-cloudimage-keyring.gpg", + "/usr/share/keyrings/ubuntu-cloudimage-removed-keys.gpg", + "/usr/share/keyrings/ubuntu-master-keyring.gpg" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "util-linux@2.34-0.1ubuntu9.3", + "Name": "util-linux", + "Identifier": { + "PURL": "pkg:deb/ubuntu/util-linux@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "7e27c675dec861ed" + }, + "Version": "2.34", + "Release": "0.1ubuntu9.3", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.34", + "SrcRelease": "0.1ubuntu9.3", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "public-domain", + "BSD-4-Clause", + "MIT", + "BSD-2-Clause", + "BSD-3-Clause", + "LGPL-2.0-or-later", + "LGPL-2.1-or-later", + "GPL-3.0-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "login@1:4.8.1-1ubuntu5.20.04.4" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/bin/dmesg", + "/bin/findmnt", + "/bin/lsblk", + "/bin/more", + "/bin/mountpoint", + "/bin/su", + "/bin/wdctl", + "/lib/systemd/system/fstrim.service", + "/lib/systemd/system/fstrim.timer", + "/lib/udev/hwclock-set", + "/sbin/agetty", + "/sbin/blkdiscard", + "/sbin/blkid", + "/sbin/blkzone", + "/sbin/blockdev", + "/sbin/chcpu", + "/sbin/ctrlaltdel", + "/sbin/findfs", + "/sbin/fsck", + "/sbin/fsck.cramfs", + "/sbin/fsck.minix", + "/sbin/fsfreeze", + "/sbin/fstrim", + "/sbin/hwclock", + "/sbin/isosize", + "/sbin/mkfs", + "/sbin/mkfs.bfs", + "/sbin/mkfs.cramfs", + "/sbin/mkfs.minix", + "/sbin/mkswap", + "/sbin/pivot_root", + "/sbin/raw", + "/sbin/runuser", + "/sbin/sulogin", + "/sbin/swaplabel", + "/sbin/switch_root", + "/sbin/wipefs", + "/sbin/zramctl", + "/usr/bin/addpart", + "/usr/bin/choom", + "/usr/bin/chrt", + "/usr/bin/delpart", + "/usr/bin/fallocate", + "/usr/bin/fincore", + "/usr/bin/flock", + "/usr/bin/getopt", + "/usr/bin/ionice", + "/usr/bin/ipcmk", + "/usr/bin/ipcrm", + "/usr/bin/ipcs", + "/usr/bin/last", + "/usr/bin/lscpu", + "/usr/bin/lsipc", + "/usr/bin/lslocks", + "/usr/bin/lslogins", + "/usr/bin/lsmem", + "/usr/bin/lsns", + "/usr/bin/mcookie", + "/usr/bin/mesg", + "/usr/bin/namei", + "/usr/bin/nsenter", + "/usr/bin/partx", + "/usr/bin/prlimit", + "/usr/bin/rename.ul", + "/usr/bin/resizepart", + "/usr/bin/rev", + "/usr/bin/setarch", + "/usr/bin/setpriv", + "/usr/bin/setsid", + "/usr/bin/setterm", + "/usr/bin/taskset", + "/usr/bin/unshare", + "/usr/bin/utmpdump", + "/usr/bin/whereis", + "/usr/lib/mime/packages/util-linux", + "/usr/sbin/chmem", + "/usr/sbin/fdformat", + "/usr/sbin/ldattach", + "/usr/sbin/readprofile", + "/usr/sbin/rtcwake", + "/usr/share/bash-completion/completions/addpart", + "/usr/share/bash-completion/completions/blkdiscard", + "/usr/share/bash-completion/completions/blkid", + "/usr/share/bash-completion/completions/blkzone", + "/usr/share/bash-completion/completions/blockdev", + "/usr/share/bash-completion/completions/chcpu", + "/usr/share/bash-completion/completions/chmem", + "/usr/share/bash-completion/completions/chrt", + "/usr/share/bash-completion/completions/ctrlaltdel", + "/usr/share/bash-completion/completions/delpart", + "/usr/share/bash-completion/completions/dmesg", + "/usr/share/bash-completion/completions/fallocate", + "/usr/share/bash-completion/completions/fdformat", + "/usr/share/bash-completion/completions/fincore", + "/usr/share/bash-completion/completions/findfs", + "/usr/share/bash-completion/completions/findmnt", + "/usr/share/bash-completion/completions/flock", + "/usr/share/bash-completion/completions/fsck", + "/usr/share/bash-completion/completions/fsck.cramfs", + "/usr/share/bash-completion/completions/fsck.minix", + "/usr/share/bash-completion/completions/fsfreeze", + "/usr/share/bash-completion/completions/fstrim", + "/usr/share/bash-completion/completions/getopt", + "/usr/share/bash-completion/completions/hwclock", + "/usr/share/bash-completion/completions/ionice", + "/usr/share/bash-completion/completions/ipcmk", + "/usr/share/bash-completion/completions/ipcrm", + "/usr/share/bash-completion/completions/ipcs", + "/usr/share/bash-completion/completions/isosize", + "/usr/share/bash-completion/completions/last", + "/usr/share/bash-completion/completions/ldattach", + "/usr/share/bash-completion/completions/lsblk", + "/usr/share/bash-completion/completions/lscpu", + "/usr/share/bash-completion/completions/lsipc", + "/usr/share/bash-completion/completions/lslocks", + "/usr/share/bash-completion/completions/lslogins", + "/usr/share/bash-completion/completions/lsmem", + "/usr/share/bash-completion/completions/lsns", + "/usr/share/bash-completion/completions/mcookie", + "/usr/share/bash-completion/completions/mesg", + "/usr/share/bash-completion/completions/mkfs", + "/usr/share/bash-completion/completions/mkfs.bfs", + "/usr/share/bash-completion/completions/mkfs.cramfs", + "/usr/share/bash-completion/completions/mkfs.minix", + "/usr/share/bash-completion/completions/mkswap", + "/usr/share/bash-completion/completions/more", + "/usr/share/bash-completion/completions/mountpoint", + "/usr/share/bash-completion/completions/namei", + "/usr/share/bash-completion/completions/nsenter", + "/usr/share/bash-completion/completions/partx", + "/usr/share/bash-completion/completions/pivot_root", + "/usr/share/bash-completion/completions/prlimit", + "/usr/share/bash-completion/completions/raw", + "/usr/share/bash-completion/completions/readprofile", + "/usr/share/bash-completion/completions/resizepart", + "/usr/share/bash-completion/completions/rev", + "/usr/share/bash-completion/completions/rtcwake", + "/usr/share/bash-completion/completions/setarch", + "/usr/share/bash-completion/completions/setpriv", + "/usr/share/bash-completion/completions/setsid", + "/usr/share/bash-completion/completions/setterm", + "/usr/share/bash-completion/completions/su", + "/usr/share/bash-completion/completions/swaplabel", + "/usr/share/bash-completion/completions/taskset", + "/usr/share/bash-completion/completions/unshare", + "/usr/share/bash-completion/completions/utmpdump", + "/usr/share/bash-completion/completions/wdctl", + "/usr/share/bash-completion/completions/whereis", + "/usr/share/bash-completion/completions/wipefs", + "/usr/share/bash-completion/completions/zramctl", + "/usr/share/doc/util-linux/00-about-docs.txt", + "/usr/share/doc/util-linux/AUTHORS.gz", + "/usr/share/doc/util-linux/NEWS.Debian.gz", + "/usr/share/doc/util-linux/PAM-configuration.txt", + "/usr/share/doc/util-linux/README.Debian", + "/usr/share/doc/util-linux/blkid.txt", + "/usr/share/doc/util-linux/cal.txt", + "/usr/share/doc/util-linux/col.txt", + "/usr/share/doc/util-linux/copyright", + "/usr/share/doc/util-linux/deprecated.txt", + "/usr/share/doc/util-linux/examples/filesystems", + "/usr/share/doc/util-linux/examples/fstab", + "/usr/share/doc/util-linux/examples/fstab.example2", + "/usr/share/doc/util-linux/examples/getopt-parse.bash", + "/usr/share/doc/util-linux/examples/getopt-parse.tcsh", + "/usr/share/doc/util-linux/examples/motd", + "/usr/share/doc/util-linux/examples/securetty", + "/usr/share/doc/util-linux/examples/shells", + "/usr/share/doc/util-linux/examples/udev-raw.rules", + "/usr/share/doc/util-linux/getopt.txt", + "/usr/share/doc/util-linux/getopt_changelog.txt", + "/usr/share/doc/util-linux/howto-build-sys.txt", + "/usr/share/doc/util-linux/howto-compilation.txt", + "/usr/share/doc/util-linux/howto-contribute.txt.gz", + "/usr/share/doc/util-linux/howto-debug.txt", + "/usr/share/doc/util-linux/howto-man-page.txt.gz", + "/usr/share/doc/util-linux/howto-pull-request.txt.gz", + "/usr/share/doc/util-linux/howto-tests.txt", + "/usr/share/doc/util-linux/howto-usage-function.txt.gz", + "/usr/share/doc/util-linux/hwclock.txt", + "/usr/share/doc/util-linux/modems-with-agetty.txt", + "/usr/share/doc/util-linux/mount.txt", + "/usr/share/doc/util-linux/parse-date.txt.gz", + "/usr/share/doc/util-linux/pg.txt", + "/usr/share/doc/util-linux/poeigl.txt.gz", + "/usr/share/doc/util-linux/release-schedule.txt", + "/usr/share/doc/util-linux/releases/v2.13-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.14-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.15-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.16-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.17-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.18-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.19-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.20-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.21-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.22-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.23-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.24-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.25-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.26-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.27-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.28-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.29-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.30-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.31-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.32-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.33-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.34-ReleaseNotes.gz", + "/usr/share/lintian/overrides/util-linux", + "/usr/share/man/man1/choom.1.gz", + "/usr/share/man/man1/chrt.1.gz", + "/usr/share/man/man1/dmesg.1.gz", + "/usr/share/man/man1/fallocate.1.gz", + "/usr/share/man/man1/fincore.1.gz", + "/usr/share/man/man1/flock.1.gz", + "/usr/share/man/man1/getopt.1.gz", + "/usr/share/man/man1/ionice.1.gz", + "/usr/share/man/man1/ipcmk.1.gz", + "/usr/share/man/man1/ipcrm.1.gz", + "/usr/share/man/man1/ipcs.1.gz", + "/usr/share/man/man1/last.1.gz", + "/usr/share/man/man1/lscpu.1.gz", + "/usr/share/man/man1/lsipc.1.gz", + "/usr/share/man/man1/lslogins.1.gz", + "/usr/share/man/man1/lsmem.1.gz", + "/usr/share/man/man1/mcookie.1.gz", + "/usr/share/man/man1/mesg.1.gz", + "/usr/share/man/man1/more.1.gz", + "/usr/share/man/man1/mountpoint.1.gz", + "/usr/share/man/man1/namei.1.gz", + "/usr/share/man/man1/nsenter.1.gz", + "/usr/share/man/man1/prlimit.1.gz", + "/usr/share/man/man1/rename.ul.1.gz", + "/usr/share/man/man1/rev.1.gz", + "/usr/share/man/man1/runuser.1.gz", + "/usr/share/man/man1/setpriv.1.gz", + "/usr/share/man/man1/setsid.1.gz", + "/usr/share/man/man1/setterm.1.gz", + "/usr/share/man/man1/su.1.gz", + "/usr/share/man/man1/taskset.1.gz", + "/usr/share/man/man1/unshare.1.gz", + "/usr/share/man/man1/utmpdump.1.gz", + "/usr/share/man/man1/whereis.1.gz", + "/usr/share/man/man5/adjtime_config.5.gz", + "/usr/share/man/man5/hwclock.5.gz", + "/usr/share/man/man5/terminal-colors.d.5.gz", + "/usr/share/man/man8/addpart.8.gz", + "/usr/share/man/man8/agetty.8.gz", + "/usr/share/man/man8/blkdiscard.8.gz", + "/usr/share/man/man8/blkid.8.gz", + "/usr/share/man/man8/blkzone.8.gz", + "/usr/share/man/man8/blockdev.8.gz", + "/usr/share/man/man8/chcpu.8.gz", + "/usr/share/man/man8/chmem.8.gz", + "/usr/share/man/man8/ctrlaltdel.8.gz", + "/usr/share/man/man8/delpart.8.gz", + "/usr/share/man/man8/fdformat.8.gz", + "/usr/share/man/man8/findfs.8.gz", + "/usr/share/man/man8/findmnt.8.gz", + "/usr/share/man/man8/fsck.8.gz", + "/usr/share/man/man8/fsck.cramfs.8.gz", + "/usr/share/man/man8/fsck.minix.8.gz", + "/usr/share/man/man8/fsfreeze.8.gz", + "/usr/share/man/man8/fstrim.8.gz", + "/usr/share/man/man8/hwclock.8.gz", + "/usr/share/man/man8/isosize.8.gz", + "/usr/share/man/man8/ldattach.8.gz", + "/usr/share/man/man8/lsblk.8.gz", + "/usr/share/man/man8/lslocks.8.gz", + "/usr/share/man/man8/lsns.8.gz", + "/usr/share/man/man8/mkfs.8.gz", + "/usr/share/man/man8/mkfs.bfs.8.gz", + "/usr/share/man/man8/mkfs.cramfs.8.gz", + "/usr/share/man/man8/mkfs.minix.8.gz", + "/usr/share/man/man8/mkswap.8.gz", + "/usr/share/man/man8/partx.8.gz", + "/usr/share/man/man8/pivot_root.8.gz", + "/usr/share/man/man8/raw.8.gz", + "/usr/share/man/man8/readprofile.8.gz", + "/usr/share/man/man8/resizepart.8.gz", + "/usr/share/man/man8/rtcwake.8.gz", + "/usr/share/man/man8/setarch.8.gz", + "/usr/share/man/man8/sulogin.8.gz", + "/usr/share/man/man8/swaplabel.8.gz", + "/usr/share/man/man8/switch_root.8.gz", + "/usr/share/man/man8/wdctl.8.gz", + "/usr/share/man/man8/wipefs.8.gz", + "/usr/share/man/man8/zramctl.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "xz-utils@5.2.4-1ubuntu1.1", + "Name": "xz-utils", + "Identifier": { + "PURL": "pkg:deb/ubuntu/xz-utils@5.2.4-1ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "974d966ce8465f86" + }, + "Version": "5.2.4", + "Release": "1ubuntu1.1", + "Arch": "amd64", + "SrcName": "xz-utils", + "SrcVersion": "5.2.4", + "SrcRelease": "1ubuntu1.1", + "Licenses": [ + "PD", + "probably-PD", + "GPL-2.0-or-later", + "LGPL-2.1-or-later", + "permissive-fsf", + "Autoconf", + "permissive-nowarranty", + "GPL-2.0-only", + "none", + "config-h", + "LGPL-2.0-only", + "LGPL-2.1-only", + "noderivs", + "PD-debian", + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "liblzma5@5.2.4-1ubuntu1.1" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "InstalledFiles": [ + "/usr/bin/lzmainfo", + "/usr/bin/xz", + "/usr/bin/xzdiff", + "/usr/bin/xzgrep", + "/usr/bin/xzless", + "/usr/bin/xzmore", + "/usr/share/doc/xz-utils/README.Debian", + "/usr/share/doc/xz-utils/README.gz", + "/usr/share/doc/xz-utils/copyright", + "/usr/share/doc/xz-utils/extra/7z2lzma/7z2lzma.bash", + "/usr/share/doc/xz-utils/extra/scanlzma/scanlzma.c", + "/usr/share/doc/xz-utils/faq.txt.gz", + "/usr/share/doc/xz-utils/history.txt.gz", + "/usr/share/man/man1/lzmainfo.1.gz", + "/usr/share/man/man1/xz.1.gz", + "/usr/share/man/man1/xzdiff.1.gz", + "/usr/share/man/man1/xzgrep.1.gz", + "/usr/share/man/man1/xzless.1.gz", + "/usr/share/man/man1/xzmore.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "zlib1g@1:1.2.11.dfsg-2ubuntu1.5", + "Name": "zlib1g", + "Identifier": { + "PURL": "pkg:deb/ubuntu/zlib1g@1.2.11.dfsg-2ubuntu1.5?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "cfc4093dfe4613c8" + }, + "Version": "1.2.11.dfsg", + "Release": "2ubuntu1.5", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "zlib", + "SrcVersion": "1.2.11.dfsg", + "SrcRelease": "2ubuntu1.5", + "SrcEpoch": 1, + "Licenses": [ + "Zlib" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libz.so.1.2.11", + "/usr/share/doc/zlib1g/changelog.Debian.gz", + "/usr/share/doc/zlib1g/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "zstd@1.4.4+dfsg-3ubuntu0.1", + "Name": "zstd", + "Identifier": { + "PURL": "pkg:deb/ubuntu/zstd@1.4.4%2Bdfsg-3ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "c241c66ea148cdc1" + }, + "Version": "1.4.4+dfsg", + "Release": "3ubuntu0.1", + "Arch": "amd64", + "SrcName": "libzstd", + "SrcVersion": "1.4.4+dfsg", + "SrcRelease": "3ubuntu0.1", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only", + "Zlib", + "GPL-2.0-or-later", + "MIT" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libgcc-s1@10.3.0-1ubuntu1~20.04", + "liblz4-1@1.9.2-2ubuntu0.20.04.1", + "liblzma5@5.2.4-1ubuntu1.1", + "libstdc++6@10.3.0-1ubuntu1~20.04", + "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "InstalledFiles": [ + "/usr/bin/pzstd", + "/usr/bin/zstd", + "/usr/bin/zstdgrep", + "/usr/bin/zstdless", + "/usr/share/doc/zstd/CODE_OF_CONDUCT.md", + "/usr/share/doc/zstd/CONTRIBUTING.md", + "/usr/share/doc/zstd/README.md.gz", + "/usr/share/doc/zstd/TESTING.md", + "/usr/share/doc/zstd/changelog.Debian.gz", + "/usr/share/doc/zstd/copyright", + "/usr/share/man/man1/pzstd.1.gz", + "/usr/share/man/man1/unzstd.1.gz", + "/usr/share/man/man1/zstd.1.gz", + "/usr/share/man/man1/zstdcat.1.gz", + "/usr/share/man/man1/zstdgrep.1.gz", + "/usr/share/man/man1/zstdless.1.gz", + "/usr/share/man/man1/zstdmt.1.gz" + ], + "AnalyzedBy": "dpkg" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2024-28085", + "PkgID": "bsdutils@1:2.34-0.1ubuntu9.3", + "PkgName": "bsdutils", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/bsdutils@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "c2f19fe3db589c3b" + }, + "InstalledVersion": "1:2.34-0.1ubuntu9.3", + "FixedVersion": "2.34-0.1ubuntu9.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:dcc86debc2625a2205e72ae130e4acb371c763f9526934b0f197a308b03528ba", + "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", + "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "azure": 1, + "cbl-mariner": 1, + "photon": 1, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2024/Mar/35", + "http://www.openwall.com/lists/oss-security/2024/03/27/5", + "http://www.openwall.com/lists/oss-security/2024/03/27/6", + "http://www.openwall.com/lists/oss-security/2024/03/27/7", + "http://www.openwall.com/lists/oss-security/2024/03/27/8", + "http://www.openwall.com/lists/oss-security/2024/03/27/9", + "http://www.openwall.com/lists/oss-security/2024/03/28/1", + "http://www.openwall.com/lists/oss-security/2024/03/28/2", + "http://www.openwall.com/lists/oss-security/2024/03/28/3", + "https://access.redhat.com/security/cve/CVE-2024-28085", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", + "https://github.com/skyler-ferrante/CVE-2024-28085", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", + "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", + "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", + "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", + "https://security.netapp.com/advisory/ntap-20240531-0003/", + "https://ubuntu.com/security/notices/USN-6719-1", + "https://ubuntu.com/security/notices/USN-6719-2", + "https://www.cve.org/CVERecord?id=CVE-2024-28085", + "https://www.openwall.com/lists/oss-security/2024/03/27/5" + ], + "PublishedDate": "2024-03-27T19:15:48.367Z", + "LastModifiedDate": "2026-05-12T12:16:33.7Z" + }, + { + "VulnerabilityID": "CVE-2024-28085", + "PkgID": "fdisk@2.34-0.1ubuntu9.3", + "PkgName": "fdisk", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/fdisk@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e93cc0834325a9d6" + }, + "InstalledVersion": "2.34-0.1ubuntu9.3", + "FixedVersion": "2.34-0.1ubuntu9.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:8c6d839b16d74a99a59a1c5e87c95b3646588a7a0c3049e1be96153369d3f7cc", + "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", + "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "azure": 1, + "cbl-mariner": 1, + "photon": 1, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2024/Mar/35", + "http://www.openwall.com/lists/oss-security/2024/03/27/5", + "http://www.openwall.com/lists/oss-security/2024/03/27/6", + "http://www.openwall.com/lists/oss-security/2024/03/27/7", + "http://www.openwall.com/lists/oss-security/2024/03/27/8", + "http://www.openwall.com/lists/oss-security/2024/03/27/9", + "http://www.openwall.com/lists/oss-security/2024/03/28/1", + "http://www.openwall.com/lists/oss-security/2024/03/28/2", + "http://www.openwall.com/lists/oss-security/2024/03/28/3", + "https://access.redhat.com/security/cve/CVE-2024-28085", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", + "https://github.com/skyler-ferrante/CVE-2024-28085", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", + "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", + "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", + "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", + "https://security.netapp.com/advisory/ntap-20240531-0003/", + "https://ubuntu.com/security/notices/USN-6719-1", + "https://ubuntu.com/security/notices/USN-6719-2", + "https://www.cve.org/CVERecord?id=CVE-2024-28085", + "https://www.openwall.com/lists/oss-security/2024/03/27/5" + ], + "PublishedDate": "2024-03-27T19:15:48.367Z", + "LastModifiedDate": "2026-05-12T12:16:33.7Z" + }, + { + "VulnerabilityID": "CVE-2023-4156", + "PkgID": "gawk@1:5.0.1+dfsg-1", + "PkgName": "gawk", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/gawk@5.0.1%2Bdfsg-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "e7d9fd5e0ccccae5" + }, + "InstalledVersion": "1:5.0.1+dfsg-1", + "FixedVersion": "1:5.0.1+dfsg-1ubuntu0.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-4156", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:a5586142305ed8f70b5c5b8742c0eda9264fc5ad7e521a2f24bc30b4b64403cc", + "Title": "gawk: heap out of bound read in builtin.c", + "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "amazon": 1, + "cbl-mariner": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "V3Score": 7.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930", + "https://git.savannah.gnu.org/gitweb/?p=gawk.git;a=commitdiff;h=e709eb829448ce040087a3fc5481db6bfcaae212 (gawk-5.2.0)", + "https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00000.html", + "https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00023.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "https://ubuntu.com/security/notices/USN-6373-1", + "https://www.cve.org/CVERecord?id=CVE-2023-4156" + ], + "PublishedDate": "2023-09-25T18:15:11.013Z", + "LastModifiedDate": "2024-11-21T08:34:30.16Z" + }, + { + "VulnerabilityID": "CVE-2025-30258", + "PkgID": "gpg@2.2.19-3ubuntu2.2", + "PkgName": "gpg", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/gpg@2.2.19-3ubuntu2.2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "c3f3b0f55f5d5301" + }, + "InstalledVersion": "2.2.19-3ubuntu2.2", + "FixedVersion": "2.2.19-3ubuntu2.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:50bd8b9ac64aae0c6357ec1b119ba46be2753a04929fa5b368def5c3face3ade", + "Title": "gnupg: verification DoS due to a malicious subkey in the keyring", + "Description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "V3Score": 2.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-30258", + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "https://ubuntu.com/security/notices/USN-7412-1", + "https://ubuntu.com/security/notices/USN-7412-3", + "https://www.cve.org/CVERecord?id=CVE-2025-30258" + ], + "PublishedDate": "2025-03-19T20:15:20.14Z", + "LastModifiedDate": "2025-10-16T16:53:07.557Z" + }, + { + "VulnerabilityID": "CVE-2025-30258", + "PkgID": "gpgconf@2.2.19-3ubuntu2.2", + "PkgName": "gpgconf", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/gpgconf@2.2.19-3ubuntu2.2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "fc417bd7bd03106c" + }, + "InstalledVersion": "2.2.19-3ubuntu2.2", + "FixedVersion": "2.2.19-3ubuntu2.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:67958bf0bc9cf0c596f07ea49621022d056aabf5c0f3483160f6bcf0ee04b33b", + "Title": "gnupg: verification DoS due to a malicious subkey in the keyring", + "Description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "V3Score": 2.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-30258", + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "https://ubuntu.com/security/notices/USN-7412-1", + "https://ubuntu.com/security/notices/USN-7412-3", + "https://www.cve.org/CVERecord?id=CVE-2025-30258" + ], + "PublishedDate": "2025-03-19T20:15:20.14Z", + "LastModifiedDate": "2025-10-16T16:53:07.557Z" + }, + { + "VulnerabilityID": "CVE-2025-30258", + "PkgID": "gpgv@2.2.19-3ubuntu2.2", + "PkgName": "gpgv", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/gpgv@2.2.19-3ubuntu2.2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "94c47271b8f35208" + }, + "InstalledVersion": "2.2.19-3ubuntu2.2", + "FixedVersion": "2.2.19-3ubuntu2.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:d0a360b33ea7a53f366e8c6b8fa3910517df123cad4e0649ee9a3c6ad95b8ab1", + "Title": "gnupg: verification DoS due to a malicious subkey in the keyring", + "Description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "V3Score": 2.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-30258", + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "https://ubuntu.com/security/notices/USN-7412-1", + "https://ubuntu.com/security/notices/USN-7412-3", + "https://www.cve.org/CVERecord?id=CVE-2025-30258" + ], + "PublishedDate": "2025-03-19T20:15:20.14Z", + "LastModifiedDate": "2025-10-16T16:53:07.557Z" + }, + { + "VulnerabilityID": "CVE-2024-28085", + "PkgID": "libblkid1@2.34-0.1ubuntu9.3", + "PkgName": "libblkid1", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libblkid1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "97537d4ff7af8af0" + }, + "InstalledVersion": "2.34-0.1ubuntu9.3", + "FixedVersion": "2.34-0.1ubuntu9.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:2bc304354120fa98c9e0875a3d760707d9b4fcea877568abf9b330193b15ce10", + "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", + "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "azure": 1, + "cbl-mariner": 1, + "photon": 1, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2024/Mar/35", + "http://www.openwall.com/lists/oss-security/2024/03/27/5", + "http://www.openwall.com/lists/oss-security/2024/03/27/6", + "http://www.openwall.com/lists/oss-security/2024/03/27/7", + "http://www.openwall.com/lists/oss-security/2024/03/27/8", + "http://www.openwall.com/lists/oss-security/2024/03/27/9", + "http://www.openwall.com/lists/oss-security/2024/03/28/1", + "http://www.openwall.com/lists/oss-security/2024/03/28/2", + "http://www.openwall.com/lists/oss-security/2024/03/28/3", + "https://access.redhat.com/security/cve/CVE-2024-28085", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", + "https://github.com/skyler-ferrante/CVE-2024-28085", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", + "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", + "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", + "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", + "https://security.netapp.com/advisory/ntap-20240531-0003/", + "https://ubuntu.com/security/notices/USN-6719-1", + "https://ubuntu.com/security/notices/USN-6719-2", + "https://www.cve.org/CVERecord?id=CVE-2024-28085", + "https://www.openwall.com/lists/oss-security/2024/03/27/5" + ], + "PublishedDate": "2024-03-27T19:15:48.367Z", + "LastModifiedDate": "2026-05-12T12:16:33.7Z" + }, + { + "VulnerabilityID": "CVE-2024-2961", + "PkgID": "libc-bin@2.31-0ubuntu9.9", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e0f705ec068d1f26" + }, + "InstalledVersion": "2.31-0ubuntu9.9", + "FixedVersion": "2.31-0ubuntu9.15", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-2961", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:1f2b6349b89ac60d1388c9bd6ee6f113b4a2c859ea30810d8efed362d102cc57", + "Title": "glibc: Out of bounds write in iconv may lead to remote code execution", + "Description": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/04/17/9", + "http://www.openwall.com/lists/oss-security/2024/04/18/4", + "http://www.openwall.com/lists/oss-security/2024/04/24/2", + "http://www.openwall.com/lists/oss-security/2024/05/27/1", + "http://www.openwall.com/lists/oss-security/2024/05/27/2", + "http://www.openwall.com/lists/oss-security/2024/05/27/3", + "http://www.openwall.com/lists/oss-security/2024/05/27/4", + "http://www.openwall.com/lists/oss-security/2024/05/27/5", + "http://www.openwall.com/lists/oss-security/2024/05/27/6", + "http://www.openwall.com/lists/oss-security/2024/07/22/5", + "https://access.redhat.com/errata/RHSA-2024:3339", + "https://access.redhat.com/security/cve/CVE-2024-2961", + "https://bugzilla.redhat.com/2273404", + "https://bugzilla.redhat.com/2277202", + "https://bugzilla.redhat.com/2277204", + "https://bugzilla.redhat.com/2277205", + "https://bugzilla.redhat.com/2277206", + "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", + "https://errata.almalinux.org/9/ALSA-2024-3339.html", + "https://errata.rockylinux.org/RLSA-2024:3339", + "https://linux.oracle.com/cve/CVE-2024-2961.html", + "https://linux.oracle.com/errata/ELSA-2024-3588.html", + "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-2961", + "https://security.netapp.com/advisory/ntap-20240531-0002/", + "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004", + "https://ubuntu.com/security/notices/USN-6737-1", + "https://ubuntu.com/security/notices/USN-6737-2", + "https://ubuntu.com/security/notices/USN-6762-1", + "https://www.ambionics.io/blog/iconv-cve-2024-2961-p1", + "https://www.ambionics.io/blog/iconv-cve-2024-2961-p2", + "https://www.ambionics.io/blog/iconv-cve-2024-2961-p3", + "https://www.cve.org/CVERecord?id=CVE-2024-2961", + "https://www.openwall.com/lists/oss-security/2024/04/17/9" + ], + "PublishedDate": "2024-04-17T18:15:15.833Z", + "LastModifiedDate": "2026-05-12T12:16:34.22Z" + }, + { + "VulnerabilityID": "CVE-2024-33599", + "PkgID": "libc-bin@2.31-0ubuntu9.9", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e0f705ec068d1f26" + }, + "InstalledVersion": "2.31-0ubuntu9.9", + "FixedVersion": "2.31-0ubuntu9.16", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33599", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:a0e7d6b2813e32d617abe362bd6a5fba363f14cb80e9966d8178c3a1db196b9d", + "Title": "glibc: stack-based buffer overflow in netgroup cache", + "Description": "nscd: Stack-based buffer overflow in netgroup cache\n\nIf the Name Service Cache Daemon's (nscd) fixed size cache is exhausted\nby client requests then a subsequent client request for netgroup data\nmay result in a stack-based buffer overflow. This flaw was introduced\nin glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-121" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 7.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/07/22/5", + "https://access.redhat.com/errata/RHSA-2024:3339", + "https://access.redhat.com/security/cve/CVE-2024-33599", + "https://bugzilla.redhat.com/2273404", + "https://bugzilla.redhat.com/2277202", + "https://bugzilla.redhat.com/2277204", + "https://bugzilla.redhat.com/2277205", + "https://bugzilla.redhat.com/2277206", + "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", + "https://errata.almalinux.org/9/ALSA-2024-3339.html", + "https://errata.rockylinux.org/RLSA-2024:3339", + "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", + "https://linux.oracle.com/cve/CVE-2024-33599.html", + "https://linux.oracle.com/errata/ELSA-2024-3588.html", + "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-33599", + "https://security.netapp.com/advisory/ntap-20240524-0011/", + "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005", + "https://ubuntu.com/security/notices/USN-6804-1", + "https://www.cve.org/CVERecord?id=CVE-2024-33599", + "https://www.openwall.com/lists/oss-security/2024/04/24/2" + ], + "PublishedDate": "2024-05-06T20:15:11.437Z", + "LastModifiedDate": "2026-05-12T12:16:34.477Z" + }, + { + "VulnerabilityID": "CVE-2024-33600", + "PkgID": "libc-bin@2.31-0ubuntu9.9", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e0f705ec068d1f26" + }, + "InstalledVersion": "2.31-0ubuntu9.9", + "FixedVersion": "2.31-0ubuntu9.16", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33600", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:efebe046bdb4ad4a453378598d50cc2e9b87f6fd8d5938cae1581dde3532546c", + "Title": "glibc: null pointer dereferences after failed netgroup cache insertion", + "Description": "nscd: Null pointer crashes after notfound response\n\nIf the Name Service Cache Daemon's (nscd) cache fails to add a not-found\nnetgroup response to the cache, the client request can result in a null\npointer dereference. This flaw was introduced in glibc 2.15 when the\ncache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/07/22/5", + "https://access.redhat.com/errata/RHSA-2024:3339", + "https://access.redhat.com/security/cve/CVE-2024-33600", + "https://bugzilla.redhat.com/2273404", + "https://bugzilla.redhat.com/2277202", + "https://bugzilla.redhat.com/2277204", + "https://bugzilla.redhat.com/2277205", + "https://bugzilla.redhat.com/2277206", + "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", + "https://errata.almalinux.org/9/ALSA-2024-3339.html", + "https://errata.rockylinux.org/RLSA-2024:3339", + "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", + "https://linux.oracle.com/cve/CVE-2024-33600.html", + "https://linux.oracle.com/errata/ELSA-2024-3588.html", + "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-33600", + "https://security.netapp.com/advisory/ntap-20240524-0013/", + "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006", + "https://ubuntu.com/security/notices/USN-6804-1", + "https://www.cve.org/CVERecord?id=CVE-2024-33600", + "https://www.openwall.com/lists/oss-security/2024/04/24/2" + ], + "PublishedDate": "2024-05-06T20:15:11.523Z", + "LastModifiedDate": "2026-05-12T12:16:34.687Z" + }, + { + "VulnerabilityID": "CVE-2024-33601", + "PkgID": "libc-bin@2.31-0ubuntu9.9", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e0f705ec068d1f26" + }, + "InstalledVersion": "2.31-0ubuntu9.9", + "FixedVersion": "2.31-0ubuntu9.16", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33601", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:3cfa8d003e22285ea0551a5bcce8137199273c64b3b3fc0348bcdab5b2a46dc3", + "Title": "glibc: netgroup cache may terminate daemon on memory allocation failure", + "Description": "nscd: netgroup cache may terminate daemon on memory allocation failure\n\nThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients. The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-617" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/07/22/5", + "https://access.redhat.com/errata/RHSA-2024:3339", + "https://access.redhat.com/security/cve/CVE-2024-33601", + "https://bugzilla.redhat.com/2273404", + "https://bugzilla.redhat.com/2277202", + "https://bugzilla.redhat.com/2277204", + "https://bugzilla.redhat.com/2277205", + "https://bugzilla.redhat.com/2277206", + "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", + "https://errata.almalinux.org/9/ALSA-2024-3339.html", + "https://errata.rockylinux.org/RLSA-2024:3339", + "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", + "https://linux.oracle.com/cve/CVE-2024-33601.html", + "https://linux.oracle.com/errata/ELSA-2024-3588.html", + "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-33601", + "https://security.netapp.com/advisory/ntap-20240524-0014/", + "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007", + "https://ubuntu.com/security/notices/USN-6804-1", + "https://www.cve.org/CVERecord?id=CVE-2024-33601", + "https://www.openwall.com/lists/oss-security/2024/04/24/2" + ], + "PublishedDate": "2024-05-06T20:15:11.603Z", + "LastModifiedDate": "2026-05-12T12:16:34.87Z" + }, + { + "VulnerabilityID": "CVE-2024-33602", + "PkgID": "libc-bin@2.31-0ubuntu9.9", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e0f705ec068d1f26" + }, + "InstalledVersion": "2.31-0ubuntu9.9", + "FixedVersion": "2.31-0ubuntu9.16", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33602", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:9ae2ecfe27586e7c26fcb978b7d1e9b91cf7a5706c5d50d0d8785cc7da6ed685", + "Title": "glibc: netgroup cache assumes NSS callback uses in-buffer strings", + "Description": "nscd: netgroup cache assumes NSS callback uses in-buffer strings\n\nThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory\nwhen the NSS callback does not store all strings in the provided buffer.\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-466" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/07/22/5", + "https://access.redhat.com/errata/RHSA-2024:3339", + "https://access.redhat.com/security/cve/CVE-2024-33602", + "https://bugzilla.redhat.com/2273404", + "https://bugzilla.redhat.com/2277202", + "https://bugzilla.redhat.com/2277204", + "https://bugzilla.redhat.com/2277205", + "https://bugzilla.redhat.com/2277206", + "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", + "https://errata.almalinux.org/9/ALSA-2024-3339.html", + "https://errata.rockylinux.org/RLSA-2024:3339", + "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", + "https://linux.oracle.com/cve/CVE-2024-33602.html", + "https://linux.oracle.com/errata/ELSA-2024-3588.html", + "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-33602", + "https://security.netapp.com/advisory/ntap-20240524-0012/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=31680", + "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008", + "https://ubuntu.com/security/notices/USN-6804-1", + "https://www.cve.org/CVERecord?id=CVE-2024-33602", + "https://www.openwall.com/lists/oss-security/2024/04/24/2" + ], + "PublishedDate": "2024-05-06T20:15:11.68Z", + "LastModifiedDate": "2026-05-12T12:16:35.07Z" + }, + { + "VulnerabilityID": "CVE-2025-0395", + "PkgID": "libc-bin@2.31-0ubuntu9.9", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e0f705ec068d1f26" + }, + "InstalledVersion": "2.31-0ubuntu9.9", + "FixedVersion": "2.31-0ubuntu9.17", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0395", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:85e15b000ca9835a279b8ce1f6891d26a97feaf6cfa9a2811b3badc4bbeaa744", + "Title": "glibc: buffer overflow in the GNU C Library's assert()", + "Description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-131" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 1, + "cbl-mariner": 1, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/01/22/4", + "http://www.openwall.com/lists/oss-security/2025/01/23/2", + "http://www.openwall.com/lists/oss-security/2025/04/13/1", + "http://www.openwall.com/lists/oss-security/2025/04/24/7", + "https://access.redhat.com/errata/RHSA-2025:4244", + "https://access.redhat.com/security/cve/CVE-2025-0395", + "https://bugzilla.redhat.com/2339460", + "https://bugzilla.redhat.com/show_bug.cgi?id=2339460", + "https://cert-portal.siemens.com/productcert/html/ssa-398330.html", + "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0395", + "https://errata.almalinux.org/9/ALSA-2025-4244.html", + "https://errata.rockylinux.org/RLSA-2025:4244", + "https://linux.oracle.com/cve/CVE-2025-0395.html", + "https://linux.oracle.com/errata/ELSA-2025-4244.html", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00039.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-0395", + "https://security.netapp.com/advisory/ntap-20250228-0006/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32582", + "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001", + "https://sourceware.org/pipermail/libc-announce/2025/000044.html", + "https://ubuntu.com/security/notices/USN-7259-1", + "https://ubuntu.com/security/notices/USN-7259-2", + "https://ubuntu.com/security/notices/USN-7259-3", + "https://www.cve.org/CVERecord?id=CVE-2025-0395", + "https://www.openwall.com/lists/oss-security/2025/01/22/4" + ], + "PublishedDate": "2025-01-22T13:15:20.933Z", + "LastModifiedDate": "2026-05-12T13:16:27.947Z" + }, + { + "VulnerabilityID": "CVE-2025-4802", + "PkgID": "libc-bin@2.31-0ubuntu9.9", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e0f705ec068d1f26" + }, + "InstalledVersion": "2.31-0ubuntu9.9", + "FixedVersion": "2.31-0ubuntu9.18", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4802", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:6382b637e2a5ac61bb24bf8bc5964288d1772cd670d2af4c8cd108aa17f1f7b0", + "Title": "glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH", + "Description": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-426" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/16/7", + "http://www.openwall.com/lists/oss-security/2025/05/17/2", + "https://access.redhat.com/errata/RHSA-2025:8655", + "https://access.redhat.com/security/cve/CVE-2025-4802", + "https://bugzilla.redhat.com/2367468", + "https://bugzilla.redhat.com/show_bug.cgi?id=2367468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802", + "https://errata.almalinux.org/9/ALSA-2025-8655.html", + "https://errata.rockylinux.org/RLSA-2025:8655", + "https://inbox.sourceware.org/libc-announce/3ac997b0-28a5-4129-af53-675efe4c2dec@redhat.com/T/#u", + "https://linux.oracle.com/cve/CVE-2025-4802.html", + "https://linux.oracle.com/errata/ELSA-2025-8686.html", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00033.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4802", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32976", + "https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e", + "https://sourceware.org/cgit/glibc/commit/?id=5451fa962cd0a90a0e2ec1d8910a559ace02bba0", + "https://ubuntu.com/security/notices/USN-7541-1", + "https://www.cve.org/CVERecord?id=CVE-2025-4802", + "https://www.openwall.com/lists/oss-security/2025/05/16/7", + "https://www.openwall.com/lists/oss-security/2025/05/17/2" + ], + "PublishedDate": "2025-05-16T20:15:22.28Z", + "LastModifiedDate": "2025-11-03T20:19:11.153Z" + }, + { + "VulnerabilityID": "CVE-2024-2961", + "PkgID": "libc6@2.31-0ubuntu9.9", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "6938ab7eef7e556c" + }, + "InstalledVersion": "2.31-0ubuntu9.9", + "FixedVersion": "2.31-0ubuntu9.15", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-2961", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:a4483c5c905c58cca72650a0ccd0f013b853cc842c0ad49280823a315385b0f8", + "Title": "glibc: Out of bounds write in iconv may lead to remote code execution", + "Description": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/04/17/9", + "http://www.openwall.com/lists/oss-security/2024/04/18/4", + "http://www.openwall.com/lists/oss-security/2024/04/24/2", + "http://www.openwall.com/lists/oss-security/2024/05/27/1", + "http://www.openwall.com/lists/oss-security/2024/05/27/2", + "http://www.openwall.com/lists/oss-security/2024/05/27/3", + "http://www.openwall.com/lists/oss-security/2024/05/27/4", + "http://www.openwall.com/lists/oss-security/2024/05/27/5", + "http://www.openwall.com/lists/oss-security/2024/05/27/6", + "http://www.openwall.com/lists/oss-security/2024/07/22/5", + "https://access.redhat.com/errata/RHSA-2024:3339", + "https://access.redhat.com/security/cve/CVE-2024-2961", + "https://bugzilla.redhat.com/2273404", + "https://bugzilla.redhat.com/2277202", + "https://bugzilla.redhat.com/2277204", + "https://bugzilla.redhat.com/2277205", + "https://bugzilla.redhat.com/2277206", + "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", + "https://errata.almalinux.org/9/ALSA-2024-3339.html", + "https://errata.rockylinux.org/RLSA-2024:3339", + "https://linux.oracle.com/cve/CVE-2024-2961.html", + "https://linux.oracle.com/errata/ELSA-2024-3588.html", + "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-2961", + "https://security.netapp.com/advisory/ntap-20240531-0002/", + "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004", + "https://ubuntu.com/security/notices/USN-6737-1", + "https://ubuntu.com/security/notices/USN-6737-2", + "https://ubuntu.com/security/notices/USN-6762-1", + "https://www.ambionics.io/blog/iconv-cve-2024-2961-p1", + "https://www.ambionics.io/blog/iconv-cve-2024-2961-p2", + "https://www.ambionics.io/blog/iconv-cve-2024-2961-p3", + "https://www.cve.org/CVERecord?id=CVE-2024-2961", + "https://www.openwall.com/lists/oss-security/2024/04/17/9" + ], + "PublishedDate": "2024-04-17T18:15:15.833Z", + "LastModifiedDate": "2026-05-12T12:16:34.22Z" + }, + { + "VulnerabilityID": "CVE-2024-33599", + "PkgID": "libc6@2.31-0ubuntu9.9", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "6938ab7eef7e556c" + }, + "InstalledVersion": "2.31-0ubuntu9.9", + "FixedVersion": "2.31-0ubuntu9.16", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33599", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:ba8e58b689de97b9e613def5aff744e895d3fedb00caf73b27f3085b02392a63", + "Title": "glibc: stack-based buffer overflow in netgroup cache", + "Description": "nscd: Stack-based buffer overflow in netgroup cache\n\nIf the Name Service Cache Daemon's (nscd) fixed size cache is exhausted\nby client requests then a subsequent client request for netgroup data\nmay result in a stack-based buffer overflow. This flaw was introduced\nin glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-121" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 7.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/07/22/5", + "https://access.redhat.com/errata/RHSA-2024:3339", + "https://access.redhat.com/security/cve/CVE-2024-33599", + "https://bugzilla.redhat.com/2273404", + "https://bugzilla.redhat.com/2277202", + "https://bugzilla.redhat.com/2277204", + "https://bugzilla.redhat.com/2277205", + "https://bugzilla.redhat.com/2277206", + "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", + "https://errata.almalinux.org/9/ALSA-2024-3339.html", + "https://errata.rockylinux.org/RLSA-2024:3339", + "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", + "https://linux.oracle.com/cve/CVE-2024-33599.html", + "https://linux.oracle.com/errata/ELSA-2024-3588.html", + "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-33599", + "https://security.netapp.com/advisory/ntap-20240524-0011/", + "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005", + "https://ubuntu.com/security/notices/USN-6804-1", + "https://www.cve.org/CVERecord?id=CVE-2024-33599", + "https://www.openwall.com/lists/oss-security/2024/04/24/2" + ], + "PublishedDate": "2024-05-06T20:15:11.437Z", + "LastModifiedDate": "2026-05-12T12:16:34.477Z" + }, + { + "VulnerabilityID": "CVE-2024-33600", + "PkgID": "libc6@2.31-0ubuntu9.9", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "6938ab7eef7e556c" + }, + "InstalledVersion": "2.31-0ubuntu9.9", + "FixedVersion": "2.31-0ubuntu9.16", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33600", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:17b234455a979b22bac53ca8114639e70dd26978b4d5e40875069e3441de23aa", + "Title": "glibc: null pointer dereferences after failed netgroup cache insertion", + "Description": "nscd: Null pointer crashes after notfound response\n\nIf the Name Service Cache Daemon's (nscd) cache fails to add a not-found\nnetgroup response to the cache, the client request can result in a null\npointer dereference. This flaw was introduced in glibc 2.15 when the\ncache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/07/22/5", + "https://access.redhat.com/errata/RHSA-2024:3339", + "https://access.redhat.com/security/cve/CVE-2024-33600", + "https://bugzilla.redhat.com/2273404", + "https://bugzilla.redhat.com/2277202", + "https://bugzilla.redhat.com/2277204", + "https://bugzilla.redhat.com/2277205", + "https://bugzilla.redhat.com/2277206", + "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", + "https://errata.almalinux.org/9/ALSA-2024-3339.html", + "https://errata.rockylinux.org/RLSA-2024:3339", + "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", + "https://linux.oracle.com/cve/CVE-2024-33600.html", + "https://linux.oracle.com/errata/ELSA-2024-3588.html", + "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-33600", + "https://security.netapp.com/advisory/ntap-20240524-0013/", + "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006", + "https://ubuntu.com/security/notices/USN-6804-1", + "https://www.cve.org/CVERecord?id=CVE-2024-33600", + "https://www.openwall.com/lists/oss-security/2024/04/24/2" + ], + "PublishedDate": "2024-05-06T20:15:11.523Z", + "LastModifiedDate": "2026-05-12T12:16:34.687Z" + }, + { + "VulnerabilityID": "CVE-2024-33601", + "PkgID": "libc6@2.31-0ubuntu9.9", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "6938ab7eef7e556c" + }, + "InstalledVersion": "2.31-0ubuntu9.9", + "FixedVersion": "2.31-0ubuntu9.16", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33601", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:6f15f413c0efd0602a23f01c4c2cc251ebb66e853063810e34e7667e480a6a0c", + "Title": "glibc: netgroup cache may terminate daemon on memory allocation failure", + "Description": "nscd: netgroup cache may terminate daemon on memory allocation failure\n\nThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients. The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-617" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/07/22/5", + "https://access.redhat.com/errata/RHSA-2024:3339", + "https://access.redhat.com/security/cve/CVE-2024-33601", + "https://bugzilla.redhat.com/2273404", + "https://bugzilla.redhat.com/2277202", + "https://bugzilla.redhat.com/2277204", + "https://bugzilla.redhat.com/2277205", + "https://bugzilla.redhat.com/2277206", + "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", + "https://errata.almalinux.org/9/ALSA-2024-3339.html", + "https://errata.rockylinux.org/RLSA-2024:3339", + "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", + "https://linux.oracle.com/cve/CVE-2024-33601.html", + "https://linux.oracle.com/errata/ELSA-2024-3588.html", + "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-33601", + "https://security.netapp.com/advisory/ntap-20240524-0014/", + "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007", + "https://ubuntu.com/security/notices/USN-6804-1", + "https://www.cve.org/CVERecord?id=CVE-2024-33601", + "https://www.openwall.com/lists/oss-security/2024/04/24/2" + ], + "PublishedDate": "2024-05-06T20:15:11.603Z", + "LastModifiedDate": "2026-05-12T12:16:34.87Z" + }, + { + "VulnerabilityID": "CVE-2024-33602", + "PkgID": "libc6@2.31-0ubuntu9.9", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "6938ab7eef7e556c" + }, + "InstalledVersion": "2.31-0ubuntu9.9", + "FixedVersion": "2.31-0ubuntu9.16", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33602", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:a36507878d8eebf931b3feaa4fa907fc7f18bd0aadec0f0cef7247a2c3267333", + "Title": "glibc: netgroup cache assumes NSS callback uses in-buffer strings", + "Description": "nscd: netgroup cache assumes NSS callback uses in-buffer strings\n\nThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory\nwhen the NSS callback does not store all strings in the provided buffer.\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-466" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/07/22/5", + "https://access.redhat.com/errata/RHSA-2024:3339", + "https://access.redhat.com/security/cve/CVE-2024-33602", + "https://bugzilla.redhat.com/2273404", + "https://bugzilla.redhat.com/2277202", + "https://bugzilla.redhat.com/2277204", + "https://bugzilla.redhat.com/2277205", + "https://bugzilla.redhat.com/2277206", + "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", + "https://errata.almalinux.org/9/ALSA-2024-3339.html", + "https://errata.rockylinux.org/RLSA-2024:3339", + "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", + "https://linux.oracle.com/cve/CVE-2024-33602.html", + "https://linux.oracle.com/errata/ELSA-2024-3588.html", + "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-33602", + "https://security.netapp.com/advisory/ntap-20240524-0012/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=31680", + "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008", + "https://ubuntu.com/security/notices/USN-6804-1", + "https://www.cve.org/CVERecord?id=CVE-2024-33602", + "https://www.openwall.com/lists/oss-security/2024/04/24/2" + ], + "PublishedDate": "2024-05-06T20:15:11.68Z", + "LastModifiedDate": "2026-05-12T12:16:35.07Z" + }, + { + "VulnerabilityID": "CVE-2025-0395", + "PkgID": "libc6@2.31-0ubuntu9.9", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "6938ab7eef7e556c" + }, + "InstalledVersion": "2.31-0ubuntu9.9", + "FixedVersion": "2.31-0ubuntu9.17", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0395", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:25646668e82b3be8e55b17cceaf3d35499ed8da2c4075e14cbaa3e1dbf758b35", + "Title": "glibc: buffer overflow in the GNU C Library's assert()", + "Description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-131" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 1, + "cbl-mariner": 1, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/01/22/4", + "http://www.openwall.com/lists/oss-security/2025/01/23/2", + "http://www.openwall.com/lists/oss-security/2025/04/13/1", + "http://www.openwall.com/lists/oss-security/2025/04/24/7", + "https://access.redhat.com/errata/RHSA-2025:4244", + "https://access.redhat.com/security/cve/CVE-2025-0395", + "https://bugzilla.redhat.com/2339460", + "https://bugzilla.redhat.com/show_bug.cgi?id=2339460", + "https://cert-portal.siemens.com/productcert/html/ssa-398330.html", + "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0395", + "https://errata.almalinux.org/9/ALSA-2025-4244.html", + "https://errata.rockylinux.org/RLSA-2025:4244", + "https://linux.oracle.com/cve/CVE-2025-0395.html", + "https://linux.oracle.com/errata/ELSA-2025-4244.html", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00039.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-0395", + "https://security.netapp.com/advisory/ntap-20250228-0006/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32582", + "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001", + "https://sourceware.org/pipermail/libc-announce/2025/000044.html", + "https://ubuntu.com/security/notices/USN-7259-1", + "https://ubuntu.com/security/notices/USN-7259-2", + "https://ubuntu.com/security/notices/USN-7259-3", + "https://www.cve.org/CVERecord?id=CVE-2025-0395", + "https://www.openwall.com/lists/oss-security/2025/01/22/4" + ], + "PublishedDate": "2025-01-22T13:15:20.933Z", + "LastModifiedDate": "2026-05-12T13:16:27.947Z" + }, + { + "VulnerabilityID": "CVE-2025-4802", + "PkgID": "libc6@2.31-0ubuntu9.9", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "6938ab7eef7e556c" + }, + "InstalledVersion": "2.31-0ubuntu9.9", + "FixedVersion": "2.31-0ubuntu9.18", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4802", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:04a137b9e7256443c0e3870e0e442da747c4cb0130e5a4d342fbe5c3935667c1", + "Title": "glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH", + "Description": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-426" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/16/7", + "http://www.openwall.com/lists/oss-security/2025/05/17/2", + "https://access.redhat.com/errata/RHSA-2025:8655", + "https://access.redhat.com/security/cve/CVE-2025-4802", + "https://bugzilla.redhat.com/2367468", + "https://bugzilla.redhat.com/show_bug.cgi?id=2367468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802", + "https://errata.almalinux.org/9/ALSA-2025-8655.html", + "https://errata.rockylinux.org/RLSA-2025:8655", + "https://inbox.sourceware.org/libc-announce/3ac997b0-28a5-4129-af53-675efe4c2dec@redhat.com/T/#u", + "https://linux.oracle.com/cve/CVE-2025-4802.html", + "https://linux.oracle.com/errata/ELSA-2025-8686.html", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00033.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4802", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32976", + "https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e", + "https://sourceware.org/cgit/glibc/commit/?id=5451fa962cd0a90a0e2ec1d8910a559ace02bba0", + "https://ubuntu.com/security/notices/USN-7541-1", + "https://www.cve.org/CVERecord?id=CVE-2025-4802", + "https://www.openwall.com/lists/oss-security/2025/05/16/7", + "https://www.openwall.com/lists/oss-security/2025/05/17/2" + ], + "PublishedDate": "2025-05-16T20:15:22.28Z", + "LastModifiedDate": "2025-11-03T20:19:11.153Z" + }, + { + "VulnerabilityID": "CVE-2023-2603", + "PkgID": "libcap2@1:2.32-1", + "PkgName": "libcap2", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libcap2@2.32-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "f3ac8127b4642fab" + }, + "InstalledVersion": "1:2.32-1", + "FixedVersion": "1:2.32-1ubuntu0.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2603", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:1b3dac737ee463f4476c95ca96f0adfdebc0dbd9971dd2cb4a9d2bbaf607d5aa", + "Title": "libcap: Integer Overflow in _libcap_strdup()", + "Description": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "alma": 2, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:5071", + "https://access.redhat.com/security/cve/CVE-2023-2603", + "https://bugzilla.redhat.com/2209113", + "https://bugzilla.redhat.com/2209114", + "https://bugzilla.redhat.com/show_bug.cgi?id=2209113", + "https://bugzilla.redhat.com/show_bug.cgi?id=2209114", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2602", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2603", + "https://errata.almalinux.org/9/ALSA-2023-5071.html", + "https://errata.rockylinux.org/RLSA-2023:4524", + "https://linux.oracle.com/cve/CVE-2023-2603.html", + "https://linux.oracle.com/errata/ELSA-2023-5071.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2603", + "https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe", + "https://ubuntu.com/security/notices/USN-6166-1", + "https://ubuntu.com/security/notices/USN-6166-2", + "https://www.cve.org/CVERecord?id=CVE-2023-2603", + "https://www.openwall.com/lists/oss-security/2023/05/15/4", + "https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf" + ], + "PublishedDate": "2023-06-06T20:15:13.187Z", + "LastModifiedDate": "2025-12-02T21:15:51.163Z" + }, + { + "VulnerabilityID": "CVE-2025-1390", + "PkgID": "libcap2@1:2.32-1", + "PkgName": "libcap2", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libcap2@2.32-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "f3ac8127b4642fab" + }, + "InstalledVersion": "1:2.32-1", + "FixedVersion": "1:2.32-1ubuntu0.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:8446c0d98f147a632b0f8b18c4ff9c0e714945af931829fbb2754df903a5152b", + "Title": "libcap: pam_cap: Fix potential configuration parsing error", + "Description": "The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-284" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1390", + "https://bugzilla.openanolis.cn/show_bug.cgi?id=18804", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1390", + "https://ubuntu.com/security/notices/USN-7287-1", + "https://www.cve.org/CVERecord?id=CVE-2025-1390" + ], + "PublishedDate": "2025-02-18T03:15:10.447Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2023-2603", + "PkgID": "libcap2-bin@1:2.32-1", + "PkgName": "libcap2-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libcap2-bin@2.32-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "e90e2456a8d78be" + }, + "InstalledVersion": "1:2.32-1", + "FixedVersion": "1:2.32-1ubuntu0.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2603", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:50cf6604bf4a3ad601aff7496250206abf136607ce27b2daadd7ab0171d8e185", + "Title": "libcap: Integer Overflow in _libcap_strdup()", + "Description": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "alma": 2, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:5071", + "https://access.redhat.com/security/cve/CVE-2023-2603", + "https://bugzilla.redhat.com/2209113", + "https://bugzilla.redhat.com/2209114", + "https://bugzilla.redhat.com/show_bug.cgi?id=2209113", + "https://bugzilla.redhat.com/show_bug.cgi?id=2209114", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2602", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2603", + "https://errata.almalinux.org/9/ALSA-2023-5071.html", + "https://errata.rockylinux.org/RLSA-2023:4524", + "https://linux.oracle.com/cve/CVE-2023-2603.html", + "https://linux.oracle.com/errata/ELSA-2023-5071.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2603", + "https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe", + "https://ubuntu.com/security/notices/USN-6166-1", + "https://ubuntu.com/security/notices/USN-6166-2", + "https://www.cve.org/CVERecord?id=CVE-2023-2603", + "https://www.openwall.com/lists/oss-security/2023/05/15/4", + "https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf" + ], + "PublishedDate": "2023-06-06T20:15:13.187Z", + "LastModifiedDate": "2025-12-02T21:15:51.163Z" + }, + { + "VulnerabilityID": "CVE-2025-1390", + "PkgID": "libcap2-bin@1:2.32-1", + "PkgName": "libcap2-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libcap2-bin@2.32-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "e90e2456a8d78be" + }, + "InstalledVersion": "1:2.32-1", + "FixedVersion": "1:2.32-1ubuntu0.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:1ec65cfbf2954b014fdbb47ced333986079f68d2aeffbb65570e6fc58963eee9", + "Title": "libcap: pam_cap: Fix potential configuration parsing error", + "Description": "The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-284" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1390", + "https://bugzilla.openanolis.cn/show_bug.cgi?id=18804", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1390", + "https://ubuntu.com/security/notices/USN-7287-1", + "https://www.cve.org/CVERecord?id=CVE-2025-1390" + ], + "PublishedDate": "2025-02-18T03:15:10.447Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2020-21047", + "PkgID": "libelf1@0.176-1.1build1", + "PkgName": "libelf1", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libelf1@0.176-1.1build1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a3374c93655a9823" + }, + "InstalledVersion": "0.176-1.1build1", + "FixedVersion": "0.176-1.1ubuntu0.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-21047", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:54a621d5128ff9d0541636414038349a61eb16b968995815f3d016300795e2b3", + "Title": "The libcpu component which is used by libasm of elfutils version 0.177 ...", + "Description": "The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "amazon": 2, + "nvd": 2, + "photon": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://lists.debian.org/debian-lts-announce/2023/09/msg00026.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=25068", + "https://sourceware.org/git/?p=elfutils.git%3Ba=commitdiff%3Bh=99dc63b10b3878616b85df2dfd2e4e7103e414b8", + "https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=99dc63b10b3878616b85df2dfd2e4e7103e414b8", + "https://ubuntu.com/security/notices/USN-6322-1", + "https://www.cve.org/CVERecord?id=CVE-2020-21047" + ], + "PublishedDate": "2023-08-22T19:16:09.657Z", + "LastModifiedDate": "2024-11-21T05:12:23.31Z" + }, + { + "VulnerabilityID": "CVE-2024-28085", + "PkgID": "libfdisk1@2.34-0.1ubuntu9.3", + "PkgName": "libfdisk1", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libfdisk1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "d7ae8926642fd1bc" + }, + "InstalledVersion": "2.34-0.1ubuntu9.3", + "FixedVersion": "2.34-0.1ubuntu9.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:ca592a8a34aed4eef0e38e48edfed53d50f668db29c82e2e9cea90241071fe89", + "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", + "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "azure": 1, + "cbl-mariner": 1, + "photon": 1, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2024/Mar/35", + "http://www.openwall.com/lists/oss-security/2024/03/27/5", + "http://www.openwall.com/lists/oss-security/2024/03/27/6", + "http://www.openwall.com/lists/oss-security/2024/03/27/7", + "http://www.openwall.com/lists/oss-security/2024/03/27/8", + "http://www.openwall.com/lists/oss-security/2024/03/27/9", + "http://www.openwall.com/lists/oss-security/2024/03/28/1", + "http://www.openwall.com/lists/oss-security/2024/03/28/2", + "http://www.openwall.com/lists/oss-security/2024/03/28/3", + "https://access.redhat.com/security/cve/CVE-2024-28085", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", + "https://github.com/skyler-ferrante/CVE-2024-28085", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", + "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", + "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", + "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", + "https://security.netapp.com/advisory/ntap-20240531-0003/", + "https://ubuntu.com/security/notices/USN-6719-1", + "https://ubuntu.com/security/notices/USN-6719-2", + "https://www.cve.org/CVERecord?id=CVE-2024-28085", + "https://www.openwall.com/lists/oss-security/2024/03/27/5" + ], + "PublishedDate": "2024-03-27T19:15:48.367Z", + "LastModifiedDate": "2026-05-12T12:16:33.7Z" + }, + { + "VulnerabilityID": "CVE-2023-5981", + "PkgID": "libgnutls30@3.6.13-2ubuntu1.8", + "PkgName": "libgnutls30", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libgnutls30@3.6.13-2ubuntu1.8?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "601976e667e60bf5" + }, + "InstalledVersion": "3.6.13-2ubuntu1.8", + "FixedVersion": "3.6.13-2ubuntu1.9", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-5981", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:b7a5bdd6870d925e64b2a011129e45d04c0d9b4aaa99ac8fadabdc1f39ce4e4d", + "Title": "gnutls: timing side-channel in the RSA-PSK authentication", + "Description": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-208", + "CWE-203" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/01/19/3", + "https://access.redhat.com/errata/RHSA-2024:0155", + "https://access.redhat.com/errata/RHSA-2024:0319", + "https://access.redhat.com/errata/RHSA-2024:0399", + "https://access.redhat.com/errata/RHSA-2024:0451", + "https://access.redhat.com/errata/RHSA-2024:0533", + "https://access.redhat.com/errata/RHSA-2024:1383", + "https://access.redhat.com/errata/RHSA-2024:2094", + "https://access.redhat.com/security/cve/CVE-2023-5981", + "https://bugzilla.redhat.com/2248445", + "https://bugzilla.redhat.com/2258412", + "https://bugzilla.redhat.com/2258544", + "https://bugzilla.redhat.com/show_bug.cgi?id=2248445", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5981", + "https://errata.almalinux.org/9/ALSA-2024-0533.html", + "https://errata.rockylinux.org/RLSA-2024:0155", + "https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23", + "https://linux.oracle.com/cve/CVE-2023-5981.html", + "https://linux.oracle.com/errata/ELSA-2024-12336.html", + "https://lists.debian.org/debian-lts-announce/2023/11/msg00016.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/", + "https://lists.gnupg.org/pipermail/gnutls-help/2023-November/004837.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-5981", + "https://ubuntu.com/security/notices/USN-6499-1", + "https://ubuntu.com/security/notices/USN-6499-2", + "https://www.cve.org/CVERecord?id=CVE-2023-5981" + ], + "PublishedDate": "2023-11-28T12:15:07.04Z", + "LastModifiedDate": "2026-03-25T20:01:09.507Z" + }, + { + "VulnerabilityID": "CVE-2024-0553", + "PkgID": "libgnutls30@3.6.13-2ubuntu1.8", + "PkgName": "libgnutls30", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libgnutls30@3.6.13-2ubuntu1.8?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "601976e667e60bf5" + }, + "InstalledVersion": "3.6.13-2ubuntu1.8", + "FixedVersion": "3.6.13-2ubuntu1.10", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-0553", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:1df6c7342f33be1d73a447e14069958ed1c973b417b3d949fe608e486ab9453f", + "Title": "gnutls: incomplete fix for CVE-2023-5981", + "Description": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-203" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/01/19/3", + "https://access.redhat.com/errata/RHSA-2024:0533", + "https://access.redhat.com/errata/RHSA-2024:0627", + "https://access.redhat.com/errata/RHSA-2024:0796", + "https://access.redhat.com/errata/RHSA-2024:1082", + "https://access.redhat.com/errata/RHSA-2024:1108", + "https://access.redhat.com/errata/RHSA-2024:1383", + "https://access.redhat.com/errata/RHSA-2024:2094", + "https://access.redhat.com/security/cve/CVE-2024-0553", + "https://bugzilla.redhat.com/2248445", + "https://bugzilla.redhat.com/2258412", + "https://bugzilla.redhat.com/2258544", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258412", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0553", + "https://errata.almalinux.org/9/ALSA-2024-0533.html", + "https://errata.rockylinux.org/RLSA-2024:0627", + "https://gitlab.com/gnutls/gnutls/-/issues/1522", + "https://gnutls.org/security-new.html#GNUTLS-SA-2024-01-14", + "https://linux.oracle.com/cve/CVE-2024-0553.html", + "https://linux.oracle.com/errata/ELSA-2024-12336.html", + "https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/", + "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-0553", + "https://security.netapp.com/advisory/ntap-20240202-0011/", + "https://ubuntu.com/security/notices/USN-6593-1", + "https://www.cve.org/CVERecord?id=CVE-2024-0553" + ], + "PublishedDate": "2024-01-16T12:15:45.557Z", + "LastModifiedDate": "2026-03-24T12:16:10.683Z" + }, + { + "VulnerabilityID": "CVE-2024-12243", + "PkgID": "libgnutls30@3.6.13-2ubuntu1.8", + "PkgName": "libgnutls30", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libgnutls30@3.6.13-2ubuntu1.8?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "601976e667e60bf5" + }, + "InstalledVersion": "3.6.13-2ubuntu1.8", + "FixedVersion": "3.6.13-2ubuntu1.12", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12243", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:053a1bc135949797afd708491f67c8f9481bf892687df14212de00002f053e38", + "Title": "gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS", + "Description": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:4051", + "https://access.redhat.com/errata/RHSA-2025:7076", + "https://access.redhat.com/errata/RHSA-2025:8020", + "https://access.redhat.com/errata/RHSA-2025:8385", + "https://access.redhat.com/security/cve/CVE-2024-12243", + "https://bugzilla.redhat.com/2344615", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344615", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12243", + "https://errata.almalinux.org/9/ALSA-2025-7076.html", + "https://errata.rockylinux.org/RLSA-2025:7076", + "https://gitlab.com/gnutls/gnutls/-/issues/1553", + "https://gitlab.com/gnutls/libtasn1/-/issues/52", + "https://linux.oracle.com/cve/CVE-2024-12243.html", + "https://linux.oracle.com/errata/ELSA-2025-7076.html", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00027.html", + "https://lists.gnupg.org/pipermail/gnutls-help/2025-February/004875.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-12243", + "https://security.netapp.com/advisory/ntap-20250523-0002/", + "https://ubuntu.com/security/notices/USN-7281-1", + "https://www.cve.org/CVERecord?id=CVE-2024-12243", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-02-07" + ], + "PublishedDate": "2025-02-10T16:15:37.423Z", + "LastModifiedDate": "2026-05-12T12:16:17.007Z" + }, + { + "VulnerabilityID": "CVE-2024-28834", + "PkgID": "libgnutls30@3.6.13-2ubuntu1.8", + "PkgName": "libgnutls30", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libgnutls30@3.6.13-2ubuntu1.8?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "601976e667e60bf5" + }, + "InstalledVersion": "3.6.13-2ubuntu1.8", + "FixedVersion": "3.6.13-2ubuntu1.11", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28834", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:ad1200dea4e8c648e5db545bbfd27658dc9ab16f6305f99f949ec7463cf05ad7", + "Title": "gnutls: vulnerable to Minerva side-channel information leak", + "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-327" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/22/1", + "http://www.openwall.com/lists/oss-security/2024/03/22/2", + "https://access.redhat.com/errata/RHSA-2024:1784", + "https://access.redhat.com/errata/RHSA-2024:1879", + "https://access.redhat.com/errata/RHSA-2024:1997", + "https://access.redhat.com/errata/RHSA-2024:2044", + "https://access.redhat.com/errata/RHSA-2024:2570", + "https://access.redhat.com/errata/RHSA-2024:2889", + "https://access.redhat.com/security/cve/CVE-2024-28834", + "https://bugzilla.redhat.com/2269084", + "https://bugzilla.redhat.com/2269228", + "https://bugzilla.redhat.com/show_bug.cgi?id=2269084", + "https://bugzilla.redhat.com/show_bug.cgi?id=2269228", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28834", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28835", + "https://errata.almalinux.org/9/ALSA-2024-2570.html", + "https://errata.rockylinux.org/RLSA-2024:2570", + "https://linux.oracle.com/cve/CVE-2024-28834.html", + "https://linux.oracle.com/errata/ELSA-2024-2570.html", + "https://lists.debian.org/debian-lts-announce/2024/09/msg00019.html", + "https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html", + "https://minerva.crocs.fi.muni.cz/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-28834", + "https://people.redhat.com/~hkario/marvin/", + "https://security.netapp.com/advisory/ntap-20240524-0004/", + "https://ubuntu.com/security/notices/USN-6733-1", + "https://ubuntu.com/security/notices/USN-6733-2", + "https://www.cve.org/CVERecord?id=CVE-2024-28834", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2023-12-04" + ], + "PublishedDate": "2024-03-21T14:15:07.547Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-28085", + "PkgID": "libmount1@2.34-0.1ubuntu9.3", + "PkgName": "libmount1", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libmount1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "149aad062a67d915" + }, + "InstalledVersion": "2.34-0.1ubuntu9.3", + "FixedVersion": "2.34-0.1ubuntu9.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:d58cd328ba4a3a8620b7b3c682a503228a03967b24d01d65c1d2a1f183919ecd", + "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", + "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "azure": 1, + "cbl-mariner": 1, + "photon": 1, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2024/Mar/35", + "http://www.openwall.com/lists/oss-security/2024/03/27/5", + "http://www.openwall.com/lists/oss-security/2024/03/27/6", + "http://www.openwall.com/lists/oss-security/2024/03/27/7", + "http://www.openwall.com/lists/oss-security/2024/03/27/8", + "http://www.openwall.com/lists/oss-security/2024/03/27/9", + "http://www.openwall.com/lists/oss-security/2024/03/28/1", + "http://www.openwall.com/lists/oss-security/2024/03/28/2", + "http://www.openwall.com/lists/oss-security/2024/03/28/3", + "https://access.redhat.com/security/cve/CVE-2024-28085", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", + "https://github.com/skyler-ferrante/CVE-2024-28085", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", + "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", + "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", + "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", + "https://security.netapp.com/advisory/ntap-20240531-0003/", + "https://ubuntu.com/security/notices/USN-6719-1", + "https://ubuntu.com/security/notices/USN-6719-2", + "https://www.cve.org/CVERecord?id=CVE-2024-28085", + "https://www.openwall.com/lists/oss-security/2024/03/27/5" + ], + "PublishedDate": "2024-03-27T19:15:48.367Z", + "LastModifiedDate": "2026-05-12T12:16:33.7Z" + }, + { + "VulnerabilityID": "CVE-2023-29491", + "PkgID": "libncurses6@6.2-0ubuntu2", + "PkgName": "libncurses6", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libncurses6@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "daf9ae3f810ae3f0" + }, + "InstalledVersion": "6.2-0ubuntu2", + "FixedVersion": "6.2-0ubuntu2.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:c17ef77e3337af3e0c82132a6e10585d996ce4ebaa3abdac8b912046b6e1a383", + "Title": "ncurses: Local users can trigger security-relevant memory corruption via malformed data", + "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", + "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", + "http://www.openwall.com/lists/oss-security/2023/04/19/10", + "http://www.openwall.com/lists/oss-security/2023/04/19/11", + "https://access.redhat.com/errata/RHSA-2023:6698", + "https://access.redhat.com/security/cve/CVE-2023-29491", + "https://bugzilla.redhat.com/2191704", + "https://errata.almalinux.org/9/ALSA-2023-6698.html", + "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", + "https://linux.oracle.com/cve/CVE-2023-29491.html", + "https://linux.oracle.com/errata/ELSA-2023-6698.html", + "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", + "https://security.netapp.com/advisory/ntap-20230517-0009/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845", + "https://ubuntu.com/security/notices/USN-6099-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29491", + "https://www.openwall.com/lists/oss-security/2023/04/12/5", + "https://www.openwall.com/lists/oss-security/2023/04/13/4" + ], + "PublishedDate": "2023-04-14T01:15:08.57Z", + "LastModifiedDate": "2025-11-04T19:15:42.307Z" + }, + { + "VulnerabilityID": "CVE-2023-29491", + "PkgID": "libncursesw6@6.2-0ubuntu2", + "PkgName": "libncursesw6", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libncursesw6@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "dca50c9cdd5fdd35" + }, + "InstalledVersion": "6.2-0ubuntu2", + "FixedVersion": "6.2-0ubuntu2.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:300f996cb37a8b19355d852145b2afc1698895332f75bfb67a4ff9f41e7e4a70", + "Title": "ncurses: Local users can trigger security-relevant memory corruption via malformed data", + "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", + "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", + "http://www.openwall.com/lists/oss-security/2023/04/19/10", + "http://www.openwall.com/lists/oss-security/2023/04/19/11", + "https://access.redhat.com/errata/RHSA-2023:6698", + "https://access.redhat.com/security/cve/CVE-2023-29491", + "https://bugzilla.redhat.com/2191704", + "https://errata.almalinux.org/9/ALSA-2023-6698.html", + "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", + "https://linux.oracle.com/cve/CVE-2023-29491.html", + "https://linux.oracle.com/errata/ELSA-2023-6698.html", + "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", + "https://security.netapp.com/advisory/ntap-20230517-0009/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845", + "https://ubuntu.com/security/notices/USN-6099-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29491", + "https://www.openwall.com/lists/oss-security/2023/04/12/5", + "https://www.openwall.com/lists/oss-security/2023/04/13/4" + ], + "PublishedDate": "2023-04-14T01:15:08.57Z", + "LastModifiedDate": "2025-11-04T19:15:42.307Z" + }, + { + "VulnerabilityID": "CVE-2024-22365", + "PkgID": "libpam-modules@1.3.1-5ubuntu4.6", + "PkgName": "libpam-modules", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libpam-modules@1.3.1-5ubuntu4.6?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "8238c76ab6208fd" + }, + "InstalledVersion": "1.3.1-5ubuntu4.6", + "FixedVersion": "1.3.1-5ubuntu4.7", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:a03f2ae9a99b374e08cc99118b1f0a1db05124c307c5e0c4fd5522304a1d61db", + "Title": "pam: allowing unprivileged user to block another user namespace", + "Description": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-664" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 1, + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/01/18/3", + "https://access.redhat.com/errata/RHSA-2024:2438", + "https://access.redhat.com/security/cve/CVE-2024-22365", + "https://bugzilla.redhat.com/2257722", + "https://bugzilla.redhat.com/show_bug.cgi?id=2257722", + "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", + "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22365", + "https://errata.almalinux.org/9/ALSA-2024-2438.html", + "https://errata.rockylinux.org/RLSA-2024:3163", + "https://github.com/linux-pam/linux-pam", + "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb", + "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0", + "https://linux.oracle.com/cve/CVE-2024-22365.html", + "https://linux.oracle.com/errata/ELSA-2024-3163.html", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-22365", + "https://ubuntu.com/security/notices/USN-6588-1", + "https://ubuntu.com/security/notices/USN-6588-2", + "https://www.cve.org/CVERecord?id=CVE-2024-22365", + "https://www.openwall.com/lists/oss-security/2024/01/18/3" + ], + "PublishedDate": "2024-02-06T08:15:52.203Z", + "LastModifiedDate": "2026-05-12T12:16:17.363Z" + }, + { + "VulnerabilityID": "CVE-2024-22365", + "PkgID": "libpam-modules-bin@1.3.1-5ubuntu4.6", + "PkgName": "libpam-modules-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libpam-modules-bin@1.3.1-5ubuntu4.6?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "92c88fd5e3403ef2" + }, + "InstalledVersion": "1.3.1-5ubuntu4.6", + "FixedVersion": "1.3.1-5ubuntu4.7", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:1e515484b616575eb85086cba33c1316a74b048f516f8cc823056666c60a60f5", + "Title": "pam: allowing unprivileged user to block another user namespace", + "Description": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-664" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 1, + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/01/18/3", + "https://access.redhat.com/errata/RHSA-2024:2438", + "https://access.redhat.com/security/cve/CVE-2024-22365", + "https://bugzilla.redhat.com/2257722", + "https://bugzilla.redhat.com/show_bug.cgi?id=2257722", + "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", + "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22365", + "https://errata.almalinux.org/9/ALSA-2024-2438.html", + "https://errata.rockylinux.org/RLSA-2024:3163", + "https://github.com/linux-pam/linux-pam", + "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb", + "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0", + "https://linux.oracle.com/cve/CVE-2024-22365.html", + "https://linux.oracle.com/errata/ELSA-2024-3163.html", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-22365", + "https://ubuntu.com/security/notices/USN-6588-1", + "https://ubuntu.com/security/notices/USN-6588-2", + "https://www.cve.org/CVERecord?id=CVE-2024-22365", + "https://www.openwall.com/lists/oss-security/2024/01/18/3" + ], + "PublishedDate": "2024-02-06T08:15:52.203Z", + "LastModifiedDate": "2026-05-12T12:16:17.363Z" + }, + { + "VulnerabilityID": "CVE-2024-22365", + "PkgID": "libpam-runtime@1.3.1-5ubuntu4.6", + "PkgName": "libpam-runtime", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libpam-runtime@1.3.1-5ubuntu4.6?arch=all\u0026distro=ubuntu-20.04", + "UID": "815077e96d38fc4a" + }, + "InstalledVersion": "1.3.1-5ubuntu4.6", + "FixedVersion": "1.3.1-5ubuntu4.7", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:a606e3839ff7ec9ec9e605b5b0d975838b3a372cb16312ef45bfe5dbeef3554e", + "Title": "pam: allowing unprivileged user to block another user namespace", + "Description": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-664" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 1, + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/01/18/3", + "https://access.redhat.com/errata/RHSA-2024:2438", + "https://access.redhat.com/security/cve/CVE-2024-22365", + "https://bugzilla.redhat.com/2257722", + "https://bugzilla.redhat.com/show_bug.cgi?id=2257722", + "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", + "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22365", + "https://errata.almalinux.org/9/ALSA-2024-2438.html", + "https://errata.rockylinux.org/RLSA-2024:3163", + "https://github.com/linux-pam/linux-pam", + "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb", + "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0", + "https://linux.oracle.com/cve/CVE-2024-22365.html", + "https://linux.oracle.com/errata/ELSA-2024-3163.html", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-22365", + "https://ubuntu.com/security/notices/USN-6588-1", + "https://ubuntu.com/security/notices/USN-6588-2", + "https://www.cve.org/CVERecord?id=CVE-2024-22365", + "https://www.openwall.com/lists/oss-security/2024/01/18/3" + ], + "PublishedDate": "2024-02-06T08:15:52.203Z", + "LastModifiedDate": "2026-05-12T12:16:17.363Z" + }, + { + "VulnerabilityID": "CVE-2024-22365", + "PkgID": "libpam0g@1.3.1-5ubuntu4.6", + "PkgName": "libpam0g", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libpam0g@1.3.1-5ubuntu4.6?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "65460bc2f0872763" + }, + "InstalledVersion": "1.3.1-5ubuntu4.6", + "FixedVersion": "1.3.1-5ubuntu4.7", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:3b1a8c54fc9d867d0adc15cda701f3f0ffaace3d8cad138262619870974f91f0", + "Title": "pam: allowing unprivileged user to block another user namespace", + "Description": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-664" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 1, + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/01/18/3", + "https://access.redhat.com/errata/RHSA-2024:2438", + "https://access.redhat.com/security/cve/CVE-2024-22365", + "https://bugzilla.redhat.com/2257722", + "https://bugzilla.redhat.com/show_bug.cgi?id=2257722", + "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", + "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22365", + "https://errata.almalinux.org/9/ALSA-2024-2438.html", + "https://errata.rockylinux.org/RLSA-2024:3163", + "https://github.com/linux-pam/linux-pam", + "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb", + "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0", + "https://linux.oracle.com/cve/CVE-2024-22365.html", + "https://linux.oracle.com/errata/ELSA-2024-3163.html", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-22365", + "https://ubuntu.com/security/notices/USN-6588-1", + "https://ubuntu.com/security/notices/USN-6588-2", + "https://www.cve.org/CVERecord?id=CVE-2024-22365", + "https://www.openwall.com/lists/oss-security/2024/01/18/3" + ], + "PublishedDate": "2024-02-06T08:15:52.203Z", + "LastModifiedDate": "2026-05-12T12:16:17.363Z" + }, + { + "VulnerabilityID": "CVE-2023-31484", + "PkgID": "libperl5.30@5.30.0-9ubuntu0.3", + "PkgName": "libperl5.30", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libperl5.30@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a3acb4d09929d454" + }, + "InstalledVersion": "5.30.0-9ubuntu0.3", + "FixedVersion": "5.30.0-9ubuntu0.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31484", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:35cbc69f39d5cc2eb7edbeaa87027fa6a982b93a0e70308cd765782db965f9c5", + "Title": "perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS", + "Description": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/04/29/1", + "http://www.openwall.com/lists/oss-security/2023/05/03/3", + "http://www.openwall.com/lists/oss-security/2023/05/03/5", + "http://www.openwall.com/lists/oss-security/2023/05/07/2", + "https://access.redhat.com/errata/RHSA-2023:6539", + "https://access.redhat.com/security/cve/CVE-2023-31484", + "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/", + "https://bugzilla.redhat.com/2218667", + "https://bugzilla.redhat.com/show_bug.cgi?id=2218667", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31484", + "https://errata.almalinux.org/9/ALSA-2023-6539.html", + "https://errata.rockylinux.org/RLSA-2023:6539", + "https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 (2.35-TRIAL)", + "https://github.com/andk/cpanpm/pull/175", + "https://linux.oracle.com/cve/CVE-2023-31484.html", + "https://linux.oracle.com/errata/ELSA-2026-0079.html", + "https://lists.debian.org/debian-lts-announce/2024/10/msg00017.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/", + "https://metacpan.org/dist/CPAN/changes", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31484", + "https://security.netapp.com/advisory/ntap-20240621-0007/", + "https://ubuntu.com/security/notices/USN-6112-1", + "https://ubuntu.com/security/notices/USN-6112-2", + "https://www.cve.org/CVERecord?id=CVE-2023-31484", + "https://www.openwall.com/lists/oss-security/2023/04/18/14" + ], + "PublishedDate": "2023-04-29T00:15:09Z", + "LastModifiedDate": "2025-11-03T22:16:19.47Z" + }, + { + "VulnerabilityID": "CVE-2023-47038", + "PkgID": "libperl5.30@5.30.0-9ubuntu0.3", + "PkgName": "libperl5.30", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libperl5.30@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a3acb4d09929d454" + }, + "InstalledVersion": "5.30.0-9ubuntu0.3", + "FixedVersion": "5.30.0-9ubuntu0.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-47038", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:8aaee366230042651d6d28762fe976621fc6a1e4e77cbbb1a504531d1f4f3a89", + "Title": "perl: Write past buffer end via illegal user-defined Unicode property", + "Description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "nvd": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2228", + "https://access.redhat.com/errata/RHSA-2024:3128", + "https://access.redhat.com/security/cve/CVE-2023-47038", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746", + "https://bugzilla.redhat.com/2249523", + "https://bugzilla.redhat.com/show_bug.cgi?id=2249523", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47038", + "https://errata.almalinux.org/9/ALSA-2024-2228.html", + "https://errata.rockylinux.org/RLSA-2024:2228", + "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010", + "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6", + "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3", + "https://github.com/aquasecurity/trivy/discussions/8400", + "https://linux.oracle.com/cve/CVE-2023-47038.html", + "https://linux.oracle.com/errata/ELSA-2024-3128.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMDZZ4SCEW6FRWZDMXGAKZ35THTAWFG6/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-47038", + "https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property", + "https://ubuntu.com/security/CVE-2023-47100", + "https://ubuntu.com/security/notices/USN-6517-1", + "https://www.cve.org/CVERecord?id=CVE-2023-47038", + "https://www.suse.com/security/cve/CVE-2023-47100.html" + ], + "PublishedDate": "2023-12-18T14:15:08.933Z", + "LastModifiedDate": "2025-11-04T19:16:05.573Z" + }, + { + "VulnerabilityID": "CVE-2024-28085", + "PkgID": "libsmartcols1@2.34-0.1ubuntu9.3", + "PkgName": "libsmartcols1", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libsmartcols1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e0fe2b0ba0e3d931" + }, + "InstalledVersion": "2.34-0.1ubuntu9.3", + "FixedVersion": "2.34-0.1ubuntu9.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:73f04dd6b4e03922d44eb3bc8d6ba47d23909833555cf6698863f5d900d161d6", + "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", + "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "azure": 1, + "cbl-mariner": 1, + "photon": 1, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2024/Mar/35", + "http://www.openwall.com/lists/oss-security/2024/03/27/5", + "http://www.openwall.com/lists/oss-security/2024/03/27/6", + "http://www.openwall.com/lists/oss-security/2024/03/27/7", + "http://www.openwall.com/lists/oss-security/2024/03/27/8", + "http://www.openwall.com/lists/oss-security/2024/03/27/9", + "http://www.openwall.com/lists/oss-security/2024/03/28/1", + "http://www.openwall.com/lists/oss-security/2024/03/28/2", + "http://www.openwall.com/lists/oss-security/2024/03/28/3", + "https://access.redhat.com/security/cve/CVE-2024-28085", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", + "https://github.com/skyler-ferrante/CVE-2024-28085", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", + "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", + "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", + "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", + "https://security.netapp.com/advisory/ntap-20240531-0003/", + "https://ubuntu.com/security/notices/USN-6719-1", + "https://ubuntu.com/security/notices/USN-6719-2", + "https://www.cve.org/CVERecord?id=CVE-2024-28085", + "https://www.openwall.com/lists/oss-security/2024/03/27/5" + ], + "PublishedDate": "2024-03-27T19:15:48.367Z", + "LastModifiedDate": "2026-05-12T12:16:33.7Z" + }, + { + "VulnerabilityID": "CVE-2023-7104", + "PkgID": "libsqlite3-0@3.31.1-4ubuntu0.5", + "PkgName": "libsqlite3-0", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libsqlite3-0@3.31.1-4ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a3370ed119e5344f" + }, + "InstalledVersion": "3.31.1-4ubuntu0.5", + "FixedVersion": "3.31.1-4ubuntu0.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-7104", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:a7ef5fdd30f5253a93ae8132db5595e51c01c28bfc92f346ae8e8df81740218c", + "Title": "sqlite: heap-buffer-overflow at sessionfuzz", + "Description": "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122", + "CWE-119" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:0465", + "https://access.redhat.com/security/cve/CVE-2023-7104", + "https://bugzilla.redhat.com/2256194", + "https://bugzilla.redhat.com/show_bug.cgi?id=2256194", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7104", + "https://errata.almalinux.org/9/ALSA-2024-0465.html", + "https://errata.rockylinux.org/RLSA-2024:0465", + "https://linux.oracle.com/cve/CVE-2023-7104.html", + "https://linux.oracle.com/errata/ELSA-2024-0465.html", + "https://lists.debian.org/debian-lts-announce/2024/09/msg00050.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-7104", + "https://security.netapp.com/advisory/ntap-20240112-0008/", + "https://sqlite.org/forum/forumpost/5bcbf4571c", + "https://sqlite.org/src/info/0e4e7a05c4204b47", + "https://ubuntu.com/security/notices/USN-6566-1", + "https://ubuntu.com/security/notices/USN-6566-2", + "https://vuldb.com/?ctiid.248999", + "https://vuldb.com/?id.248999", + "https://www.cve.org/CVERecord?id=CVE-2023-7104" + ], + "PublishedDate": "2023-12-29T10:15:13.89Z", + "LastModifiedDate": "2025-11-03T22:16:33.307Z" + }, + { + "VulnerabilityID": "CVE-2025-29088", + "PkgID": "libsqlite3-0@3.31.1-4ubuntu0.5", + "PkgName": "libsqlite3-0", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libsqlite3-0@3.31.1-4ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a3370ed119e5344f" + }, + "InstalledVersion": "3.31.1-4ubuntu0.5", + "FixedVersion": "3.31.1-4ubuntu0.7", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-29088", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:3821036529667ae99046d5980ef6b28ba44f9dc66cb6b60c703e89b0215c9b69", + "Title": "sqlite: Denial of Service in SQLite", + "Description": "In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-29088", + "https://gist.github.com/ylwango613/d3883fb9f6ba8a78086356779ce88248", + "https://github.com/sqlite/sqlite/commit/56d2fd008b108109f489339f5fd55212bb50afd4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-29088", + "https://sqlite.org/forum/forumpost/48f365daec", + "https://sqlite.org/releaselog/3_49_1.html", + "https://ubuntu.com/security/notices/USN-7528-1", + "https://ubuntu.com/security/notices/USN-7679-1", + "https://www.cve.org/CVERecord?id=CVE-2025-29088", + "https://www.sqlite.org/cves.html" + ], + "PublishedDate": "2025-04-10T14:15:27.163Z", + "LastModifiedDate": "2025-09-30T16:59:27.32Z" + }, + { + "VulnerabilityID": "CVE-2023-2650", + "PkgID": "libssl1.1@1.1.1f-1ubuntu2.17", + "PkgName": "libssl1.1", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libssl1.1@1.1.1f-1ubuntu2.17?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "b87ebee76c1b0f05" + }, + "InstalledVersion": "1.1.1f-1ubuntu2.17", + "FixedVersion": "1.1.1f-1ubuntu2.19", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2650", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:03bc9ea1810b09c88e08bb4950d3535f09ceba2f6c477a08030579ebf0936fd2", + "Title": "openssl: Possible DoS translating ASN.1 object identifiers", + "Description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/05/30/1", + "https://access.redhat.com/errata/RHSA-2023:6330", + "https://access.redhat.com/security/cve/CVE-2023-2650", + "https://bugzilla.redhat.com/1858038", + "https://bugzilla.redhat.com/2207947", + "https://errata.almalinux.org/9/ALSA-2023-6330.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a", + "https://github.com/advisories/GHSA-gqxg-9vfr-p9cg", + "https://linux.oracle.com/cve/CVE-2023-2650.html", + "https://linux.oracle.com/errata/ELSA-2023-6330.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2650", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230703-0001/", + "https://security.netapp.com/advisory/ntap-20231027-0009/", + "https://ubuntu.com/security/notices/USN-6119-1", + "https://ubuntu.com/security/notices/USN-6188-1", + "https://ubuntu.com/security/notices/USN-6672-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-2650", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230530.txt" + ], + "PublishedDate": "2023-05-30T14:15:09.683Z", + "LastModifiedDate": "2025-03-19T16:15:21.89Z" + }, + { + "VulnerabilityID": "CVE-2024-12133", + "PkgID": "libtasn1-6@4.16.0-2", + "PkgName": "libtasn1-6", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libtasn1-6@4.16.0-2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "1f3fac8fa7795921" + }, + "InstalledVersion": "4.16.0-2", + "FixedVersion": "4.16.0-2ubuntu0.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12133", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:cbdd707e25661c3cfe25b7a620ec346f4c9f8334bfb694ba5bfaee373639a856", + "Title": "libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS", + "Description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/02/06/6", + "https://access.redhat.com/errata/RHSA-2025:17347", + "https://access.redhat.com/errata/RHSA-2025:4049", + "https://access.redhat.com/errata/RHSA-2025:7077", + "https://access.redhat.com/errata/RHSA-2025:8021", + "https://access.redhat.com/errata/RHSA-2025:8385", + "https://access.redhat.com/security/cve/CVE-2024-12133", + "https://bugzilla.redhat.com/2344611", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344611", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12133", + "https://errata.almalinux.org/9/ALSA-2025-7077.html", + "https://errata.rockylinux.org/RLSA-2025:7077", + "https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md", + "https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md?ref_type=heads", + "https://gitlab.com/gnutls/libtasn1/-/issues/52", + "https://linux.oracle.com/cve/CVE-2024-12133.html", + "https://linux.oracle.com/errata/ELSA-2025-7077.html", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00025.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-12133", + "https://security.netapp.com/advisory/ntap-20250523-0003/", + "https://ubuntu.com/security/notices/USN-7275-1", + "https://ubuntu.com/security/notices/USN-7275-2", + "https://www.cve.org/CVERecord?id=CVE-2024-12133" + ], + "PublishedDate": "2025-02-10T16:15:37.26Z", + "LastModifiedDate": "2026-05-12T12:16:16.793Z" + }, + { + "VulnerabilityID": "CVE-2023-29491", + "PkgID": "libtinfo6@6.2-0ubuntu2", + "PkgName": "libtinfo6", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libtinfo6@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a7882c12b2088277" + }, + "InstalledVersion": "6.2-0ubuntu2", + "FixedVersion": "6.2-0ubuntu2.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:7f9e7b78ef03929beda03dc515dbafd02fd6fcb3576d4289eca9975628470cb8", + "Title": "ncurses: Local users can trigger security-relevant memory corruption via malformed data", + "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", + "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", + "http://www.openwall.com/lists/oss-security/2023/04/19/10", + "http://www.openwall.com/lists/oss-security/2023/04/19/11", + "https://access.redhat.com/errata/RHSA-2023:6698", + "https://access.redhat.com/security/cve/CVE-2023-29491", + "https://bugzilla.redhat.com/2191704", + "https://errata.almalinux.org/9/ALSA-2023-6698.html", + "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", + "https://linux.oracle.com/cve/CVE-2023-29491.html", + "https://linux.oracle.com/errata/ELSA-2023-6698.html", + "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", + "https://security.netapp.com/advisory/ntap-20230517-0009/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845", + "https://ubuntu.com/security/notices/USN-6099-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29491", + "https://www.openwall.com/lists/oss-security/2023/04/12/5", + "https://www.openwall.com/lists/oss-security/2023/04/13/4" + ], + "PublishedDate": "2023-04-14T01:15:08.57Z", + "LastModifiedDate": "2025-11-04T19:15:42.307Z" + }, + { + "VulnerabilityID": "CVE-2024-28085", + "PkgID": "libuuid1@2.34-0.1ubuntu9.3", + "PkgName": "libuuid1", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libuuid1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "51a8ab06722bbc14" + }, + "InstalledVersion": "2.34-0.1ubuntu9.3", + "FixedVersion": "2.34-0.1ubuntu9.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:d67929107a1932cbad609c90607fde6329b6348e5b651ea005ee4ed00313ac26", + "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", + "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "azure": 1, + "cbl-mariner": 1, + "photon": 1, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2024/Mar/35", + "http://www.openwall.com/lists/oss-security/2024/03/27/5", + "http://www.openwall.com/lists/oss-security/2024/03/27/6", + "http://www.openwall.com/lists/oss-security/2024/03/27/7", + "http://www.openwall.com/lists/oss-security/2024/03/27/8", + "http://www.openwall.com/lists/oss-security/2024/03/27/9", + "http://www.openwall.com/lists/oss-security/2024/03/28/1", + "http://www.openwall.com/lists/oss-security/2024/03/28/2", + "http://www.openwall.com/lists/oss-security/2024/03/28/3", + "https://access.redhat.com/security/cve/CVE-2024-28085", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", + "https://github.com/skyler-ferrante/CVE-2024-28085", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", + "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", + "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", + "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", + "https://security.netapp.com/advisory/ntap-20240531-0003/", + "https://ubuntu.com/security/notices/USN-6719-1", + "https://ubuntu.com/security/notices/USN-6719-2", + "https://www.cve.org/CVERecord?id=CVE-2024-28085", + "https://www.openwall.com/lists/oss-security/2024/03/27/5" + ], + "PublishedDate": "2024-03-27T19:15:48.367Z", + "LastModifiedDate": "2026-05-12T12:16:33.7Z" + }, + { + "VulnerabilityID": "CVE-2024-28085", + "PkgID": "mount@2.34-0.1ubuntu9.3", + "PkgName": "mount", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/mount@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "5dec57b54f278111" + }, + "InstalledVersion": "2.34-0.1ubuntu9.3", + "FixedVersion": "2.34-0.1ubuntu9.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:ceb0714dc862dd302222c985a047b427dda610e90eb58d9b954bf6e7049f0090", + "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", + "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "azure": 1, + "cbl-mariner": 1, + "photon": 1, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2024/Mar/35", + "http://www.openwall.com/lists/oss-security/2024/03/27/5", + "http://www.openwall.com/lists/oss-security/2024/03/27/6", + "http://www.openwall.com/lists/oss-security/2024/03/27/7", + "http://www.openwall.com/lists/oss-security/2024/03/27/8", + "http://www.openwall.com/lists/oss-security/2024/03/27/9", + "http://www.openwall.com/lists/oss-security/2024/03/28/1", + "http://www.openwall.com/lists/oss-security/2024/03/28/2", + "http://www.openwall.com/lists/oss-security/2024/03/28/3", + "https://access.redhat.com/security/cve/CVE-2024-28085", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", + "https://github.com/skyler-ferrante/CVE-2024-28085", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", + "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", + "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", + "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", + "https://security.netapp.com/advisory/ntap-20240531-0003/", + "https://ubuntu.com/security/notices/USN-6719-1", + "https://ubuntu.com/security/notices/USN-6719-2", + "https://www.cve.org/CVERecord?id=CVE-2024-28085", + "https://www.openwall.com/lists/oss-security/2024/03/27/5" + ], + "PublishedDate": "2024-03-27T19:15:48.367Z", + "LastModifiedDate": "2026-05-12T12:16:33.7Z" + }, + { + "VulnerabilityID": "CVE-2023-29491", + "PkgID": "ncurses-base@6.2-0ubuntu2", + "PkgName": "ncurses-base", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/ncurses-base@6.2-0ubuntu2?arch=all\u0026distro=ubuntu-20.04", + "UID": "11c3ebabbf3b213f" + }, + "InstalledVersion": "6.2-0ubuntu2", + "FixedVersion": "6.2-0ubuntu2.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:7698d8c3a532211a152f70974ef4d923f583a6f4ed2f1bdf0d344e2f7f961c41", + "Title": "ncurses: Local users can trigger security-relevant memory corruption via malformed data", + "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", + "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", + "http://www.openwall.com/lists/oss-security/2023/04/19/10", + "http://www.openwall.com/lists/oss-security/2023/04/19/11", + "https://access.redhat.com/errata/RHSA-2023:6698", + "https://access.redhat.com/security/cve/CVE-2023-29491", + "https://bugzilla.redhat.com/2191704", + "https://errata.almalinux.org/9/ALSA-2023-6698.html", + "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", + "https://linux.oracle.com/cve/CVE-2023-29491.html", + "https://linux.oracle.com/errata/ELSA-2023-6698.html", + "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", + "https://security.netapp.com/advisory/ntap-20230517-0009/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845", + "https://ubuntu.com/security/notices/USN-6099-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29491", + "https://www.openwall.com/lists/oss-security/2023/04/12/5", + "https://www.openwall.com/lists/oss-security/2023/04/13/4" + ], + "PublishedDate": "2023-04-14T01:15:08.57Z", + "LastModifiedDate": "2025-11-04T19:15:42.307Z" + }, + { + "VulnerabilityID": "CVE-2023-29491", + "PkgID": "ncurses-bin@6.2-0ubuntu2", + "PkgName": "ncurses-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/ncurses-bin@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "f840bf3c896244a7" + }, + "InstalledVersion": "6.2-0ubuntu2", + "FixedVersion": "6.2-0ubuntu2.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:aadc18fa84a45be374f61b8f9e978f891dd907bb47c91d2d29980e4c4b923ccd", + "Title": "ncurses: Local users can trigger security-relevant memory corruption via malformed data", + "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", + "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", + "http://www.openwall.com/lists/oss-security/2023/04/19/10", + "http://www.openwall.com/lists/oss-security/2023/04/19/11", + "https://access.redhat.com/errata/RHSA-2023:6698", + "https://access.redhat.com/security/cve/CVE-2023-29491", + "https://bugzilla.redhat.com/2191704", + "https://errata.almalinux.org/9/ALSA-2023-6698.html", + "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", + "https://linux.oracle.com/cve/CVE-2023-29491.html", + "https://linux.oracle.com/errata/ELSA-2023-6698.html", + "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", + "https://security.netapp.com/advisory/ntap-20230517-0009/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845", + "https://ubuntu.com/security/notices/USN-6099-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29491", + "https://www.openwall.com/lists/oss-security/2023/04/12/5", + "https://www.openwall.com/lists/oss-security/2023/04/13/4" + ], + "PublishedDate": "2023-04-14T01:15:08.57Z", + "LastModifiedDate": "2025-11-04T19:15:42.307Z" + }, + { + "VulnerabilityID": "CVE-2023-2650", + "PkgID": "openssl@1.1.1f-1ubuntu2.17", + "PkgName": "openssl", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/openssl@1.1.1f-1ubuntu2.17?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "d05522de581addaf" + }, + "InstalledVersion": "1.1.1f-1ubuntu2.17", + "FixedVersion": "1.1.1f-1ubuntu2.19", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2650", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:abf1c7876d89ebc6e675c79849155ece11c2aa148b727e64d58150ac7a322a20", + "Title": "openssl: Possible DoS translating ASN.1 object identifiers", + "Description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/05/30/1", + "https://access.redhat.com/errata/RHSA-2023:6330", + "https://access.redhat.com/security/cve/CVE-2023-2650", + "https://bugzilla.redhat.com/1858038", + "https://bugzilla.redhat.com/2207947", + "https://errata.almalinux.org/9/ALSA-2023-6330.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a", + "https://github.com/advisories/GHSA-gqxg-9vfr-p9cg", + "https://linux.oracle.com/cve/CVE-2023-2650.html", + "https://linux.oracle.com/errata/ELSA-2023-6330.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2650", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230703-0001/", + "https://security.netapp.com/advisory/ntap-20231027-0009/", + "https://ubuntu.com/security/notices/USN-6119-1", + "https://ubuntu.com/security/notices/USN-6188-1", + "https://ubuntu.com/security/notices/USN-6672-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-2650", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230530.txt" + ], + "PublishedDate": "2023-05-30T14:15:09.683Z", + "LastModifiedDate": "2025-03-19T16:15:21.89Z" + }, + { + "VulnerabilityID": "CVE-2023-31484", + "PkgID": "perl@5.30.0-9ubuntu0.3", + "PkgName": "perl", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/perl@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e4ac000ef35e9648" + }, + "InstalledVersion": "5.30.0-9ubuntu0.3", + "FixedVersion": "5.30.0-9ubuntu0.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31484", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:c581e71dd9498d31833e08451482d794b9dca4fbe0d984e84d2ca045579597d1", + "Title": "perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS", + "Description": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/04/29/1", + "http://www.openwall.com/lists/oss-security/2023/05/03/3", + "http://www.openwall.com/lists/oss-security/2023/05/03/5", + "http://www.openwall.com/lists/oss-security/2023/05/07/2", + "https://access.redhat.com/errata/RHSA-2023:6539", + "https://access.redhat.com/security/cve/CVE-2023-31484", + "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/", + "https://bugzilla.redhat.com/2218667", + "https://bugzilla.redhat.com/show_bug.cgi?id=2218667", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31484", + "https://errata.almalinux.org/9/ALSA-2023-6539.html", + "https://errata.rockylinux.org/RLSA-2023:6539", + "https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 (2.35-TRIAL)", + "https://github.com/andk/cpanpm/pull/175", + "https://linux.oracle.com/cve/CVE-2023-31484.html", + "https://linux.oracle.com/errata/ELSA-2026-0079.html", + "https://lists.debian.org/debian-lts-announce/2024/10/msg00017.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/", + "https://metacpan.org/dist/CPAN/changes", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31484", + "https://security.netapp.com/advisory/ntap-20240621-0007/", + "https://ubuntu.com/security/notices/USN-6112-1", + "https://ubuntu.com/security/notices/USN-6112-2", + "https://www.cve.org/CVERecord?id=CVE-2023-31484", + "https://www.openwall.com/lists/oss-security/2023/04/18/14" + ], + "PublishedDate": "2023-04-29T00:15:09Z", + "LastModifiedDate": "2025-11-03T22:16:19.47Z" + }, + { + "VulnerabilityID": "CVE-2023-47038", + "PkgID": "perl@5.30.0-9ubuntu0.3", + "PkgName": "perl", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/perl@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e4ac000ef35e9648" + }, + "InstalledVersion": "5.30.0-9ubuntu0.3", + "FixedVersion": "5.30.0-9ubuntu0.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-47038", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:e321f1290d681502c27e967380483e41f8d097b5dd5887156e08fc782011a769", + "Title": "perl: Write past buffer end via illegal user-defined Unicode property", + "Description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "nvd": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2228", + "https://access.redhat.com/errata/RHSA-2024:3128", + "https://access.redhat.com/security/cve/CVE-2023-47038", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746", + "https://bugzilla.redhat.com/2249523", + "https://bugzilla.redhat.com/show_bug.cgi?id=2249523", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47038", + "https://errata.almalinux.org/9/ALSA-2024-2228.html", + "https://errata.rockylinux.org/RLSA-2024:2228", + "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010", + "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6", + "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3", + "https://github.com/aquasecurity/trivy/discussions/8400", + "https://linux.oracle.com/cve/CVE-2023-47038.html", + "https://linux.oracle.com/errata/ELSA-2024-3128.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMDZZ4SCEW6FRWZDMXGAKZ35THTAWFG6/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-47038", + "https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property", + "https://ubuntu.com/security/CVE-2023-47100", + "https://ubuntu.com/security/notices/USN-6517-1", + "https://www.cve.org/CVERecord?id=CVE-2023-47038", + "https://www.suse.com/security/cve/CVE-2023-47100.html" + ], + "PublishedDate": "2023-12-18T14:15:08.933Z", + "LastModifiedDate": "2025-11-04T19:16:05.573Z" + }, + { + "VulnerabilityID": "CVE-2023-31484", + "PkgID": "perl-base@5.30.0-9ubuntu0.3", + "PkgName": "perl-base", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/perl-base@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "2289117557075356" + }, + "InstalledVersion": "5.30.0-9ubuntu0.3", + "FixedVersion": "5.30.0-9ubuntu0.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31484", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:83aa268dbcedb9eba21938b2c8331b13b67a149ad18591ec3c3fcd68e8df14f2", + "Title": "perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS", + "Description": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/04/29/1", + "http://www.openwall.com/lists/oss-security/2023/05/03/3", + "http://www.openwall.com/lists/oss-security/2023/05/03/5", + "http://www.openwall.com/lists/oss-security/2023/05/07/2", + "https://access.redhat.com/errata/RHSA-2023:6539", + "https://access.redhat.com/security/cve/CVE-2023-31484", + "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/", + "https://bugzilla.redhat.com/2218667", + "https://bugzilla.redhat.com/show_bug.cgi?id=2218667", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31484", + "https://errata.almalinux.org/9/ALSA-2023-6539.html", + "https://errata.rockylinux.org/RLSA-2023:6539", + "https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 (2.35-TRIAL)", + "https://github.com/andk/cpanpm/pull/175", + "https://linux.oracle.com/cve/CVE-2023-31484.html", + "https://linux.oracle.com/errata/ELSA-2026-0079.html", + "https://lists.debian.org/debian-lts-announce/2024/10/msg00017.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/", + "https://metacpan.org/dist/CPAN/changes", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31484", + "https://security.netapp.com/advisory/ntap-20240621-0007/", + "https://ubuntu.com/security/notices/USN-6112-1", + "https://ubuntu.com/security/notices/USN-6112-2", + "https://www.cve.org/CVERecord?id=CVE-2023-31484", + "https://www.openwall.com/lists/oss-security/2023/04/18/14" + ], + "PublishedDate": "2023-04-29T00:15:09Z", + "LastModifiedDate": "2025-11-03T22:16:19.47Z" + }, + { + "VulnerabilityID": "CVE-2023-47038", + "PkgID": "perl-base@5.30.0-9ubuntu0.3", + "PkgName": "perl-base", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/perl-base@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "2289117557075356" + }, + "InstalledVersion": "5.30.0-9ubuntu0.3", + "FixedVersion": "5.30.0-9ubuntu0.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-47038", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:6219a076250c5b9f87e1722ca07ac6a7c46d0b4bf60900f0813deb110a1da954", + "Title": "perl: Write past buffer end via illegal user-defined Unicode property", + "Description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "nvd": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2228", + "https://access.redhat.com/errata/RHSA-2024:3128", + "https://access.redhat.com/security/cve/CVE-2023-47038", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746", + "https://bugzilla.redhat.com/2249523", + "https://bugzilla.redhat.com/show_bug.cgi?id=2249523", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47038", + "https://errata.almalinux.org/9/ALSA-2024-2228.html", + "https://errata.rockylinux.org/RLSA-2024:2228", + "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010", + "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6", + "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3", + "https://github.com/aquasecurity/trivy/discussions/8400", + "https://linux.oracle.com/cve/CVE-2023-47038.html", + "https://linux.oracle.com/errata/ELSA-2024-3128.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMDZZ4SCEW6FRWZDMXGAKZ35THTAWFG6/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-47038", + "https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property", + "https://ubuntu.com/security/CVE-2023-47100", + "https://ubuntu.com/security/notices/USN-6517-1", + "https://www.cve.org/CVERecord?id=CVE-2023-47038", + "https://www.suse.com/security/cve/CVE-2023-47100.html" + ], + "PublishedDate": "2023-12-18T14:15:08.933Z", + "LastModifiedDate": "2025-11-04T19:16:05.573Z" + }, + { + "VulnerabilityID": "CVE-2023-31484", + "PkgID": "perl-modules-5.30@5.30.0-9ubuntu0.3", + "PkgName": "perl-modules-5.30", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/perl-modules-5.30@5.30.0-9ubuntu0.3?arch=all\u0026distro=ubuntu-20.04", + "UID": "23ac15a776adbce9" + }, + "InstalledVersion": "5.30.0-9ubuntu0.3", + "FixedVersion": "5.30.0-9ubuntu0.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31484", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:9723ee8d6e5e76f2d08cf46e4e841f620af3780a50c4fc2fcca4c6c81b3e1d24", + "Title": "perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS", + "Description": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/04/29/1", + "http://www.openwall.com/lists/oss-security/2023/05/03/3", + "http://www.openwall.com/lists/oss-security/2023/05/03/5", + "http://www.openwall.com/lists/oss-security/2023/05/07/2", + "https://access.redhat.com/errata/RHSA-2023:6539", + "https://access.redhat.com/security/cve/CVE-2023-31484", + "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/", + "https://bugzilla.redhat.com/2218667", + "https://bugzilla.redhat.com/show_bug.cgi?id=2218667", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31484", + "https://errata.almalinux.org/9/ALSA-2023-6539.html", + "https://errata.rockylinux.org/RLSA-2023:6539", + "https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 (2.35-TRIAL)", + "https://github.com/andk/cpanpm/pull/175", + "https://linux.oracle.com/cve/CVE-2023-31484.html", + "https://linux.oracle.com/errata/ELSA-2026-0079.html", + "https://lists.debian.org/debian-lts-announce/2024/10/msg00017.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/", + "https://metacpan.org/dist/CPAN/changes", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31484", + "https://security.netapp.com/advisory/ntap-20240621-0007/", + "https://ubuntu.com/security/notices/USN-6112-1", + "https://ubuntu.com/security/notices/USN-6112-2", + "https://www.cve.org/CVERecord?id=CVE-2023-31484", + "https://www.openwall.com/lists/oss-security/2023/04/18/14" + ], + "PublishedDate": "2023-04-29T00:15:09Z", + "LastModifiedDate": "2025-11-03T22:16:19.47Z" + }, + { + "VulnerabilityID": "CVE-2023-47038", + "PkgID": "perl-modules-5.30@5.30.0-9ubuntu0.3", + "PkgName": "perl-modules-5.30", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/perl-modules-5.30@5.30.0-9ubuntu0.3?arch=all\u0026distro=ubuntu-20.04", + "UID": "23ac15a776adbce9" + }, + "InstalledVersion": "5.30.0-9ubuntu0.3", + "FixedVersion": "5.30.0-9ubuntu0.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-47038", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:060d5145657351635861c52c235e66c3f393fb2fd0879840c8e17754f355504d", + "Title": "perl: Write past buffer end via illegal user-defined Unicode property", + "Description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "nvd": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2228", + "https://access.redhat.com/errata/RHSA-2024:3128", + "https://access.redhat.com/security/cve/CVE-2023-47038", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746", + "https://bugzilla.redhat.com/2249523", + "https://bugzilla.redhat.com/show_bug.cgi?id=2249523", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47038", + "https://errata.almalinux.org/9/ALSA-2024-2228.html", + "https://errata.rockylinux.org/RLSA-2024:2228", + "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010", + "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6", + "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3", + "https://github.com/aquasecurity/trivy/discussions/8400", + "https://linux.oracle.com/cve/CVE-2023-47038.html", + "https://linux.oracle.com/errata/ELSA-2024-3128.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMDZZ4SCEW6FRWZDMXGAKZ35THTAWFG6/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-47038", + "https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property", + "https://ubuntu.com/security/CVE-2023-47100", + "https://ubuntu.com/security/notices/USN-6517-1", + "https://www.cve.org/CVERecord?id=CVE-2023-47038", + "https://www.suse.com/security/cve/CVE-2023-47100.html" + ], + "PublishedDate": "2023-12-18T14:15:08.933Z", + "LastModifiedDate": "2025-11-04T19:16:05.573Z" + }, + { + "VulnerabilityID": "CVE-2024-12085", + "PkgID": "rsync@3.1.3-8ubuntu0.5", + "PkgName": "rsync", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "9f4dd363bd033b68" + }, + "InstalledVersion": "3.1.3-8ubuntu0.5", + "FixedVersion": "3.1.3-8ubuntu0.8", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12085", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:82ddf8beab0a68e5a1eaf9a1da587e80bd48217229ec1d3c16af160b632b3060", + "Title": "rsync: Info Leak via Uninitialized Stack Contents", + "Description": "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-908" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHBA-2025:6470", + "https://access.redhat.com/errata/RHSA-2025:0324", + "https://access.redhat.com/errata/RHSA-2025:0325", + "https://access.redhat.com/errata/RHSA-2025:0637", + "https://access.redhat.com/errata/RHSA-2025:0688", + "https://access.redhat.com/errata/RHSA-2025:0714", + "https://access.redhat.com/errata/RHSA-2025:0774", + "https://access.redhat.com/errata/RHSA-2025:0787", + "https://access.redhat.com/errata/RHSA-2025:0790", + "https://access.redhat.com/errata/RHSA-2025:0849", + "https://access.redhat.com/errata/RHSA-2025:0884", + "https://access.redhat.com/errata/RHSA-2025:0885", + "https://access.redhat.com/errata/RHSA-2025:1120", + "https://access.redhat.com/errata/RHSA-2025:1123", + "https://access.redhat.com/errata/RHSA-2025:1128", + "https://access.redhat.com/errata/RHSA-2025:1225", + "https://access.redhat.com/errata/RHSA-2025:1227", + "https://access.redhat.com/errata/RHSA-2025:1242", + "https://access.redhat.com/errata/RHSA-2025:1451", + "https://access.redhat.com/errata/RHSA-2025:21885", + "https://access.redhat.com/errata/RHSA-2025:2701", + "https://access.redhat.com/security/cve/CVE-2024-12085", + "https://bugzilla.redhat.com/2330539", + "https://bugzilla.redhat.com/show_bug.cgi?id=2330539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12085", + "https://errata.almalinux.org/9/ALSA-2025-0324.html", + "https://errata.rockylinux.org/RLSA-2025:0324", + "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj", + "https://kb.cert.org/vince/comm/case/2083/", + "https://kb.cert.org/vuls/id/952657", + "https://linux.oracle.com/cve/CVE-2024-12085.html", + "https://linux.oracle.com/errata/ELSA-2025-0714.html", + "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-12085", + "https://security.netapp.com/advisory/ntap-20250131-0002/", + "https://ubuntu.com/security/notices/USN-7206-1", + "https://ubuntu.com/security/notices/USN-7206-3", + "https://www.cve.org/CVERecord?id=CVE-2024-12085", + "https://www.kb.cert.org/vuls/id/952657" + ], + "PublishedDate": "2025-01-14T18:15:25.123Z", + "LastModifiedDate": "2026-04-14T22:16:24.497Z" + }, + { + "VulnerabilityID": "CVE-2024-12086", + "PkgID": "rsync@3.1.3-8ubuntu0.5", + "PkgName": "rsync", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "9f4dd363bd033b68" + }, + "InstalledVersion": "3.1.3-8ubuntu0.5", + "FixedVersion": "3.1.3-8ubuntu0.8", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12086", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:20ba46ddc7c0f2657d494d1ee7ce27baf776c56cd1a85c9f33b0e1b1b4051cea", + "Title": "rsync: rsync server leaks arbitrary client files", + "Description": "A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-390" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHBA-2025:6470", + "https://access.redhat.com/errata/RHSA-2026:19368", + "https://access.redhat.com/security/cve/CVE-2024-12086", + "https://bugzilla.redhat.com/show_bug.cgi?id=2330577", + "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj", + "https://kb.cert.org/vince/comm/case/2083/", + "https://kb.cert.org/vuls/id/952657", + "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-12086", + "https://security.netapp.com/advisory/ntap-20250131-0002/", + "https://ubuntu.com/security/notices/USN-7206-1", + "https://ubuntu.com/security/notices/USN-7206-3", + "https://www.cve.org/CVERecord?id=CVE-2024-12086", + "https://www.kb.cert.org/vuls/id/952657" + ], + "PublishedDate": "2025-01-14T18:15:25.297Z", + "LastModifiedDate": "2026-05-20T04:16:31.217Z" + }, + { + "VulnerabilityID": "CVE-2024-12087", + "PkgID": "rsync@3.1.3-8ubuntu0.5", + "PkgName": "rsync", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "9f4dd363bd033b68" + }, + "InstalledVersion": "3.1.3-8ubuntu0.5", + "FixedVersion": "3.1.3-8ubuntu0.8", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12087", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:a94e14429b5d76dc4e62f5b39f13fef6e6e0d4b533a00519d43e42b0558618e1", + "Title": "rsync: Path traversal vulnerability in rsync", + "Description": "A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHBA-2025:6470", + "https://access.redhat.com/errata/RHSA-2025:23154", + "https://access.redhat.com/errata/RHSA-2025:23235", + "https://access.redhat.com/errata/RHSA-2025:23407", + "https://access.redhat.com/errata/RHSA-2025:23415", + "https://access.redhat.com/errata/RHSA-2025:23416", + "https://access.redhat.com/errata/RHSA-2025:23842", + "https://access.redhat.com/errata/RHSA-2025:23853", + "https://access.redhat.com/errata/RHSA-2025:23854", + "https://access.redhat.com/errata/RHSA-2025:23858", + "https://access.redhat.com/errata/RHSA-2025:2600", + "https://access.redhat.com/errata/RHSA-2025:7050", + "https://access.redhat.com/errata/RHSA-2025:8385", + "https://access.redhat.com/security/cve/CVE-2024-12087", + "https://bugzilla.redhat.com/2330672", + "https://bugzilla.redhat.com/2330676", + "https://bugzilla.redhat.com/2332968", + "https://bugzilla.redhat.com/show_bug.cgi?id=2330672", + "https://bugzilla.redhat.com/show_bug.cgi?id=2330676", + "https://bugzilla.redhat.com/show_bug.cgi?id=2332968", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12087", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12088", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12747", + "https://errata.almalinux.org/9/ALSA-2025-7050.html", + "https://errata.rockylinux.org/RLSA-2025:7050", + "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj", + "https://kb.cert.org/vince/comm/case/2083/", + "https://kb.cert.org/vuls/id/952657", + "https://linux.oracle.com/cve/CVE-2024-12087.html", + "https://linux.oracle.com/errata/ELSA-2025-7050.html", + "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-12087", + "https://security.netapp.com/advisory/ntap-20250131-0002/", + "https://ubuntu.com/security/notices/USN-7206-1", + "https://ubuntu.com/security/notices/USN-7206-3", + "https://www.cve.org/CVERecord?id=CVE-2024-12087", + "https://www.kb.cert.org/vuls/id/952657" + ], + "PublishedDate": "2025-01-14T18:15:25.467Z", + "LastModifiedDate": "2026-04-14T22:16:26.837Z" + }, + { + "VulnerabilityID": "CVE-2024-12088", + "PkgID": "rsync@3.1.3-8ubuntu0.5", + "PkgName": "rsync", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "9f4dd363bd033b68" + }, + "InstalledVersion": "3.1.3-8ubuntu0.5", + "FixedVersion": "3.1.3-8ubuntu0.8", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12088", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:d044336f5b9f5c962b2389d6b4dec877a8248ba29dcfb58e789b22ecef4ddab2", + "Title": "rsync: --safe-links option bypass leads to path traversal", + "Description": "A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHBA-2025:6470", + "https://access.redhat.com/errata/RHSA-2025:2600", + "https://access.redhat.com/errata/RHSA-2025:7050", + "https://access.redhat.com/errata/RHSA-2025:8385", + "https://access.redhat.com/security/cve/CVE-2024-12088", + "https://bugzilla.redhat.com/2330672", + "https://bugzilla.redhat.com/2330676", + "https://bugzilla.redhat.com/2332968", + "https://bugzilla.redhat.com/show_bug.cgi?id=2330672", + "https://bugzilla.redhat.com/show_bug.cgi?id=2330676", + "https://bugzilla.redhat.com/show_bug.cgi?id=2332968", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12087", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12088", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12747", + "https://errata.almalinux.org/9/ALSA-2025-7050.html", + "https://errata.rockylinux.org/RLSA-2025:7050", + "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj", + "https://kb.cert.org/vince/comm/case/2083/", + "https://kb.cert.org/vuls/id/952657", + "https://linux.oracle.com/cve/CVE-2024-12088.html", + "https://linux.oracle.com/errata/ELSA-2025-7050.html", + "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-12088", + "https://security.netapp.com/advisory/ntap-20250131-0002/", + "https://ubuntu.com/security/notices/USN-7206-1", + "https://ubuntu.com/security/notices/USN-7206-3", + "https://www.cve.org/CVERecord?id=CVE-2024-12088", + "https://www.kb.cert.org/vuls/id/952657" + ], + "PublishedDate": "2025-01-14T18:15:25.643Z", + "LastModifiedDate": "2026-04-14T22:16:27.247Z" + }, + { + "VulnerabilityID": "CVE-2024-12747", + "PkgID": "rsync@3.1.3-8ubuntu0.5", + "PkgName": "rsync", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "9f4dd363bd033b68" + }, + "InstalledVersion": "3.1.3-8ubuntu0.5", + "FixedVersion": "3.1.3-8ubuntu0.8", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12747", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:d474ba9aec1fd9fa7a30fb58023d7271df57b174348b7b46b4347024e07e5c7a", + "Title": "rsync: Race Condition in rsync Handling Symbolic Links", + "Description": "A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 5.6 + } + }, + "References": [ + "https://access.redhat.com/errata/RHBA-2025:6470", + "https://access.redhat.com/errata/RHSA-2025:2600", + "https://access.redhat.com/errata/RHSA-2025:7050", + "https://access.redhat.com/errata/RHSA-2025:8385", + "https://access.redhat.com/security/cve/CVE-2024-12747", + "https://bugzilla.redhat.com/2330672", + "https://bugzilla.redhat.com/2330676", + "https://bugzilla.redhat.com/2332968", + "https://bugzilla.redhat.com/show_bug.cgi?id=2330672", + "https://bugzilla.redhat.com/show_bug.cgi?id=2330676", + "https://bugzilla.redhat.com/show_bug.cgi?id=2332968", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12087", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12088", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12747", + "https://errata.almalinux.org/9/ALSA-2025-7050.html", + "https://errata.rockylinux.org/RLSA-2025:7050", + "https://kb.cert.org/vince/comm/case/2083/", + "https://kb.cert.org/vuls/id/952657", + "https://linux.oracle.com/cve/CVE-2024-12747.html", + "https://linux.oracle.com/errata/ELSA-2025-7050.html", + "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-12747", + "https://security.netapp.com/advisory/ntap-20250131-0002/", + "https://ubuntu.com/security/notices/USN-7206-1", + "https://ubuntu.com/security/notices/USN-7206-3", + "https://www.cve.org/CVERecord?id=CVE-2024-12747", + "https://www.kb.cert.org/vuls/id/952657" + ], + "PublishedDate": "2025-01-14T18:15:25.83Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2023-39804", + "PkgID": "tar@1.30+dfsg-7ubuntu0.20.04.3", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/tar@1.30%2Bdfsg-7ubuntu0.20.04.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "9e3a2b3027b922ad" + }, + "InstalledVersion": "1.30+dfsg-7ubuntu0.20.04.3", + "FixedVersion": "1.30+dfsg-7ubuntu0.20.04.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39804", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:f77174d302da2e8fbf6e8be732c14315efdc788cc572912263e2749399652450", + "Title": "tar: Incorrectly handled extension attributes in PAX archives can lead to a crash", + "Description": "In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 1, + "cbl-mariner": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-39804", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058079", + "https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4", + "https://git.savannah.gnu.org/cgit/tar.git/tree/src/xheader.c?h=release_1_34#n1723", + "https://lists.debian.org/debian-lts-announce/2024/03/msg00008.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-39804", + "https://ubuntu.com/security/notices/USN-6543-1", + "https://www.cve.org/CVERecord?id=CVE-2023-39804" + ], + "PublishedDate": "2024-03-27T04:15:08.897Z", + "LastModifiedDate": "2025-11-04T19:15:55.43Z" + }, + { + "VulnerabilityID": "CVE-2024-28085", + "PkgID": "util-linux@2.34-0.1ubuntu9.3", + "PkgName": "util-linux", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/util-linux@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "7e27c675dec861ed" + }, + "InstalledVersion": "2.34-0.1ubuntu9.3", + "FixedVersion": "2.34-0.1ubuntu9.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:04d44a51ed719412d0116319893d8420281b00a6054cca1ccc7df684a5dfe2d5", + "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", + "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "azure": 1, + "cbl-mariner": 1, + "photon": 1, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2024/Mar/35", + "http://www.openwall.com/lists/oss-security/2024/03/27/5", + "http://www.openwall.com/lists/oss-security/2024/03/27/6", + "http://www.openwall.com/lists/oss-security/2024/03/27/7", + "http://www.openwall.com/lists/oss-security/2024/03/27/8", + "http://www.openwall.com/lists/oss-security/2024/03/27/9", + "http://www.openwall.com/lists/oss-security/2024/03/28/1", + "http://www.openwall.com/lists/oss-security/2024/03/28/2", + "http://www.openwall.com/lists/oss-security/2024/03/28/3", + "https://access.redhat.com/security/cve/CVE-2024-28085", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", + "https://github.com/skyler-ferrante/CVE-2024-28085", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", + "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", + "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", + "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", + "https://security.netapp.com/advisory/ntap-20240531-0003/", + "https://ubuntu.com/security/notices/USN-6719-1", + "https://ubuntu.com/security/notices/USN-6719-2", + "https://www.cve.org/CVERecord?id=CVE-2024-28085", + "https://www.openwall.com/lists/oss-security/2024/03/27/5" + ], + "PublishedDate": "2024-03-27T19:15:48.367Z", + "LastModifiedDate": "2026-05-12T12:16:33.7Z" + } + ] + }, + { + "Target": "usr/local/bin/gosu", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "github.com/tianon/gosu", + "Name": "github.com/tianon/gosu", + "Identifier": { + "PURL": "pkg:golang/github.com/tianon/gosu", + "UID": "f8be0ac9ee9f0640" + }, + "Relationship": "root", + "DependsOn": [ + "github.com/opencontainers/runc@v1.0.1", + "golang.org/x/sys@v0.0.0-20210817142637-7d9622a276b7", + "stdlib@v1.16.7" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "stdlib@v1.16.7", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "Version": "v1.16.7", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/opencontainers/runc@v1.0.1", + "Name": "github.com/opencontainers/runc", + "Identifier": { + "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", + "UID": "393c951d0b8eb33d" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sys@v0.0.0-20210817142637-7d9622a276b7", + "Name": "golang.org/x/sys", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sys@v0.0.0-20210817142637-7d9622a276b7", + "UID": "9f8e6d3b2db2ec49" + }, + "Version": "v0.0.0-20210817142637-7d9622a276b7", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-27561", + "VendorIDs": [ + "GHSA-vpvm-3wq2-2wvm" + ], + "PkgID": "github.com/opencontainers/runc@v1.0.1", + "PkgName": "github.com/opencontainers/runc", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", + "UID": "393c951d0b8eb33d" + }, + "InstalledVersion": "v1.0.1", + "FixedVersion": "1.1.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:6803b92b4954fcff324a846c6596339a7f6eec534d769c2ea6d16ddae676df64", + "Title": "runc: volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6380", + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://bugzilla.redhat.com/2029439", + "https://bugzilla.redhat.com/2175721", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2182883", + "https://bugzilla.redhat.com/2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6380.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/opencontainers/runc", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://security.netapp.com/advisory/ntap-20241206-0004", + "https://security.netapp.com/advisory/ntap-20241206-0004/", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:11.33Z", + "LastModifiedDate": "2024-12-06T14:15:19.037Z" + }, + { + "VulnerabilityID": "CVE-2024-21626", + "VendorIDs": [ + "GHSA-xr7r-f8xq-vfvv" + ], + "PkgID": "github.com/opencontainers/runc@v1.0.1", + "PkgName": "github.com/opencontainers/runc", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", + "UID": "393c951d0b8eb33d" + }, + "InstalledVersion": "v1.0.1", + "FixedVersion": "1.1.12", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-21626", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:c25ce5d902cd400e0e1e8612784e5451080a86de1b3e2892fa915e277c48937f", + "Title": "runc: file descriptor leak", + "Description": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem (\"attack 2\"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run (\"attack 1\"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes (\"attack 3a\" and \"attack 3b\"). runc 1.1.12 includes patches for this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-403", + "CWE-668" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 8.6 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 8.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 8.6 + } + }, + "References": [ + "http://packetstormsecurity.com/files/176993/runc-1.1.11-File-Descriptor-Leak-Privilege-Escalation.html", + "http://www.openwall.com/lists/oss-security/2024/02/01/1", + "http://www.openwall.com/lists/oss-security/2024/02/02/3", + "https://access.redhat.com/errata/RHSA-2024:0670", + "https://access.redhat.com/security/cve/CVE-2024-21626", + "https://bugzilla.redhat.com/2258725", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21626", + "https://errata.almalinux.org/9/ALSA-2024-0670.html", + "https://errata.rockylinux.org/RLSA-2024:0752", + "https://github.com/opencontainers/runc", + "https://github.com/opencontainers/runc/commit/02120488a4c0fc487d1ed2867e901eeed7ce8ecf", + "https://github.com/opencontainers/runc/releases/tag/v1.1.12", + "https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv", + "https://linux.oracle.com/cve/CVE-2024-21626.html", + "https://linux.oracle.com/errata/ELSA-2024-17931.html", + "https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NLXNE23Q5ESQUAI22Z7A63JX2WMPJ2J", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NLXNE23Q5ESQUAI22Z7A63JX2WMPJ2J/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYMO3BANINS6RGFQFKPRG4FIOJ7GWYTL", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYMO3BANINS6RGFQFKPRG4FIOJ7GWYTL/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-21626", + "https://ubuntu.com/security/notices/USN-6619-1", + "https://www.cve.org/CVERecord?id=CVE-2024-21626", + "https://www.vicarius.io/vsociety/posts/leaky-vessels-part-1-cve-2024-21626" + ], + "PublishedDate": "2024-01-31T22:15:53.78Z", + "LastModifiedDate": "2024-11-21T08:54:45.18Z" + }, + { + "VulnerabilityID": "CVE-2025-31133", + "VendorIDs": [ + "GHSA-9493-h29p-rfm2" + ], + "PkgID": "github.com/opencontainers/runc@v1.0.1", + "PkgName": "github.com/opencontainers/runc", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", + "UID": "393c951d0b8eb33d" + }, + "InstalledVersion": "v1.0.1", + "FixedVersion": "1.2.8, 1.3.3, 1.4.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-31133", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:13665e3c39489164fa3631f04801910a84728adfd0322b4726c0fe6cd7302163", + "Title": "runc: container escape via 'masked path' abuse due to mount race conditions", + "Description": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-61", + "CWE-363" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", + "V40Score": 7.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 8.2 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:20957", + "https://access.redhat.com/security/cve/CVE-2025-31133", + "https://bugzilla.redhat.com/2404705", + "https://bugzilla.redhat.com/2404708", + "https://bugzilla.redhat.com/2404715", + "https://bugzilla.redhat.com/show_bug.cgi?id=2404705", + "https://bugzilla.redhat.com/show_bug.cgi?id=2404708", + "https://bugzilla.redhat.com/show_bug.cgi?id=2404715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31133", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52565", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881", + "https://errata.almalinux.org/9/ALSA-2025-20957.html", + "https://errata.rockylinux.org/RLSA-2025:20957", + "https://github.com/opencontainers/runc", + "https://github.com/opencontainers/runc/commit/1a30a8f3d921acbbb6a4bb7e99da2c05f8d48522", + "https://github.com/opencontainers/runc/commit/5d7b2424072449872d1cd0c937f2ca25f418eb66", + "https://github.com/opencontainers/runc/commit/8476df83b534a2522b878c0507b3491def48db9f", + "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64", + "https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2", + "https://linux.oracle.com/cve/CVE-2025-31133.html", + "https://linux.oracle.com/errata/ELSA-2025-21232.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-31133", + "https://ubuntu.com/security/notices/USN-7851-1", + "https://www.cve.org/CVERecord?id=CVE-2025-31133" + ], + "PublishedDate": "2025-11-06T19:15:41.343Z", + "LastModifiedDate": "2025-12-03T18:30:15.43Z" + }, + { + "VulnerabilityID": "CVE-2025-52565", + "VendorIDs": [ + "GHSA-qw9x-cqr3-wc7r" + ], + "PkgID": "github.com/opencontainers/runc@v1.0.1", + "PkgName": "github.com/opencontainers/runc", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", + "UID": "393c951d0b8eb33d" + }, + "InstalledVersion": "v1.0.1", + "FixedVersion": "1.2.8, 1.3.3, 1.4.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-52565", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:9bf5ac549932065f84ac95fb64379b2b2ecf56ce45a1c21b9abdd74427ab4cf8", + "Title": "runc: container escape with malicious config due to /dev/console mount and related races", + "Description": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-61", + "CWE-363" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", + "V40Score": 7.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 8.2 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:20957", + "https://access.redhat.com/security/cve/CVE-2025-52565", + "https://bugzilla.redhat.com/2404705", + "https://bugzilla.redhat.com/2404708", + "https://bugzilla.redhat.com/2404715", + "https://bugzilla.redhat.com/show_bug.cgi?id=2404705", + "https://bugzilla.redhat.com/show_bug.cgi?id=2404708", + "https://bugzilla.redhat.com/show_bug.cgi?id=2404715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31133", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52565", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881", + "https://errata.almalinux.org/9/ALSA-2025-20957.html", + "https://errata.rockylinux.org/RLSA-2025:20957", + "https://github.com/opencontainers/runc", + "https://github.com/opencontainers/runc/commit/01de9d65dc72f67b256ef03f9bfb795a2bf143b4", + "https://github.com/opencontainers/runc/commit/398955bccb7f20565c224a3064d331c19e422398", + "https://github.com/opencontainers/runc/commit/531ef794e4ecd628006a865ad334a048ee2b4b2e", + "https://github.com/opencontainers/runc/commit/9be1dbf4ac67d9840a043ebd2df5c68f36705d1d", + "https://github.com/opencontainers/runc/commit/aee7d3fe355dd02939d44155e308ea0052e0d53a", + "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64", + "https://github.com/opencontainers/runc/commit/de87203e625cd7a27141fb5f2ad00a320c69c5e8", + "https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480", + "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r", + "https://linux.oracle.com/cve/CVE-2025-52565.html", + "https://linux.oracle.com/errata/ELSA-2025-21232.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-52565", + "https://ubuntu.com/security/notices/USN-7851-1", + "https://www.cve.org/CVERecord?id=CVE-2025-52565" + ], + "PublishedDate": "2025-11-06T20:15:49.24Z", + "LastModifiedDate": "2025-12-03T18:33:33.357Z" + }, + { + "VulnerabilityID": "CVE-2025-52881", + "VendorIDs": [ + "GHSA-cgrx-mc8f-2prm" + ], + "PkgID": "github.com/opencontainers/runc@v1.0.1", + "PkgName": "github.com/opencontainers/runc", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", + "UID": "393c951d0b8eb33d" + }, + "InstalledVersion": "v1.0.1", + "FixedVersion": "1.2.8, 1.3.3, 1.4.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-52881", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:251926c142387b6deacfca4536b5807557c1cec0bc296211e140b48524ebfc11", + "Title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects", + "Description": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-61", + "CWE-363" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", + "V40Score": 7.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 8.2 + } + }, + "References": [ + "http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322", + "http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3", + "https://access.redhat.com/errata/RHSA-2025:22011", + "https://access.redhat.com/security/cve/CVE-2025-52881", + "https://bugzilla.redhat.com/2404715", + "https://bugzilla.redhat.com/2407258", + "https://bugzilla.redhat.com/show_bug.cgi?id=2404715", + "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", + "https://errata.almalinux.org/9/ALSA-2025-22011.html", + "https://errata.rockylinux.org/RLSA-2025:22011", + "https://github.com/opencontainers/runc", + "https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md", + "https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557", + "https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d", + "https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58", + "https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6", + "https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f", + "https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544", + "https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db", + "https://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322", + "https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28", + "https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2", + "https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165", + "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64", + "https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1", + "https://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3", + "https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51", + "https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480", + "https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2", + "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm", + "https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw", + "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r", + "https://github.com/opencontainers/selinux/pull/237", + "https://github.com/opencontainers/selinux/releases/tag/v1.13.0", + "https://linux.oracle.com/cve/CVE-2025-52881.html", + "https://linux.oracle.com/errata/ELSA-2025-23543.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-52881", + "https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs", + "https://ubuntu.com/security/notices/USN-7851-1", + "https://www.cve.org/CVERecord?id=CVE-2025-52881", + "https://youtu.be/tGseJW_uBB8", + "https://youtu.be/y1PaBzxwRWQ" + ], + "PublishedDate": "2025-11-06T21:15:42.817Z", + "LastModifiedDate": "2025-12-03T18:37:17.917Z" + }, + { + "VulnerabilityID": "CVE-2021-43784", + "VendorIDs": [ + "GHSA-v95c-p5hm-xq8f" + ], + "PkgID": "github.com/opencontainers/runc@v1.0.1", + "PkgName": "github.com/opencontainers/runc", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", + "UID": "393c951d0b8eb33d" + }, + "InstalledVersion": "v1.0.1", + "FixedVersion": "1.0.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-43784", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:ce6650dbfa114abae5db2c90134ba032100d7765e550d12747025a7def687277", + "Title": "runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration", + "Description": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "alma": 2, + "cbl-mariner": 2, + "ghsa": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", + "V3Score": 6 + }, + "nvd": { + "V2Vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 6, + "V3Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6380", + "https://access.redhat.com/security/cve/CVE-2021-43784", + "https://bugs.chromium.org/p/project-zero/issues/detail?id=2241", + "https://bugzilla.redhat.com/2029439", + "https://bugzilla.redhat.com/2175721", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2182883", + "https://bugzilla.redhat.com/2182884", + "https://errata.almalinux.org/9/ALSA-2023-6380.html", + "https://github.com/opencontainers/runc", + "https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554", + "https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae", + "https://github.com/opencontainers/runc/commit/dde509df4e28cec33b3c99c6cda3d4fd5beafc77", + "https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed", + "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f", + "https://linux.oracle.com/cve/CVE-2021-43784.html", + "https://linux.oracle.com/errata/ELSA-2023-6380.html", + "https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html", + "https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-43784", + "https://pkg.go.dev/vuln/GO-2022-0274", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2021-43784", + "https://www.openwall.com/lists/oss-security/2021/12/06/1" + ], + "PublishedDate": "2021-12-06T18:15:08.24Z", + "LastModifiedDate": "2024-11-21T06:29:46.873Z" + }, + { + "VulnerabilityID": "CVE-2022-29162", + "VendorIDs": [ + "GHSA-f3fp-gc8g-vw66" + ], + "PkgID": "github.com/opencontainers/runc@v1.0.1", + "PkgName": "github.com/opencontainers/runc", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", + "UID": "393c951d0b8eb33d" + }, + "InstalledVersion": "v1.0.1", + "FixedVersion": "1.1.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-29162", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:cfba7434a916e00b5f196ad3952fed146bd82230b5ad485f6966013113393fe7", + "Title": "runc: incorrect handling of inheritable capabilities", + "Description": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-276" + ], + "VendorSeverity": { + "alma": 1, + "amazon": 1, + "cbl-mariner": 3, + "ghsa": 2, + "nvd": 3, + "oracle-oval": 1, + "photon": 3, + "redhat": 1, + "rocky": 1, + "ubuntu": 1 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.9 + }, + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "github.com/opencontainers/runc", + "https://access.redhat.com/errata/RHSA-2022:8090", + "https://access.redhat.com/security/cve/CVE-2022-29162", + "https://bugzilla.redhat.com/2086398", + "https://bugzilla.redhat.com/show_bug.cgi?id=2086398", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29162", + "https://errata.almalinux.org/9/ALSA-2022-8090.html", + "https://errata.rockylinux.org/RLSA-2022:8090", + "https://github.com/opencontainers/runc/commit/98fe566c527479195ce3c8167136d2a555fe6b65", + "https://github.com/opencontainers/runc/commit/d04de3a9b72d7a2455c1885fc75eb36d02cd17b5", + "https://github.com/opencontainers/runc/releases/tag/v1.1.2", + "https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66", + "https://linux.oracle.com/cve/CVE-2022-29162.html", + "https://linux.oracle.com/errata/ELSA-2022-8090.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y", + "https://nvd.nist.gov/vuln/detail/CVE-2022-29162", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2022-29162", + "https://www.openwall.com/lists/oss-security/2022/05/12/1" + ], + "PublishedDate": "2022-05-17T21:15:08.32Z", + "LastModifiedDate": "2024-11-21T06:58:36.893Z" + }, + { + "VulnerabilityID": "CVE-2023-28642", + "VendorIDs": [ + "GHSA-g2j6-57v7-gm8c" + ], + "PkgID": "github.com/opencontainers/runc@v1.0.1", + "PkgName": "github.com/opencontainers/runc", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", + "UID": "393c951d0b8eb33d" + }, + "InstalledVersion": "v1.0.1", + "FixedVersion": "1.1.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28642", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:baeba50ed00bccb64eeb21147c04cd162d5df57787d2e22415bbefd1dd60fe57", + "Title": "runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration", + "Description": "runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.\n\n", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-281", + "CWE-59" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "cbl-mariner": 3, + "ghsa": 2, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6380", + "https://access.redhat.com/security/cve/CVE-2023-28642", + "https://bugzilla.redhat.com/2029439", + "https://bugzilla.redhat.com/2175721", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2182883", + "https://bugzilla.redhat.com/2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6380.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/advisories/GHSA-g2j6-57v7-gm8c", + "https://github.com/opencontainers/runc", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c", + "https://linux.oracle.com/cve/CVE-2023-28642.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-28642", + "https://security.netapp.com/advisory/ntap-20241206-0005", + "https://security.netapp.com/advisory/ntap-20241206-0005/", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-28642" + ], + "PublishedDate": "2023-03-29T19:15:22.397Z", + "LastModifiedDate": "2024-12-06T14:15:19.25Z" + }, + { + "VulnerabilityID": "CVE-2024-45310", + "VendorIDs": [ + "GHSA-jfvp-7x6p-h2pv" + ], + "PkgID": "github.com/opencontainers/runc@v1.0.1", + "PkgName": "github.com/opencontainers/runc", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", + "UID": "393c951d0b8eb33d" + }, + "InstalledVersion": "v1.0.1", + "FixedVersion": "1.1.14, 1.2.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45310", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:05aef3760112253d5b156ed1f3879105aad792c9f20daa3384b68b553898fc69", + "Title": "runc: runc can be tricked into creating empty files/directories on host", + "Description": "runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with `os.MkdirAll`. While this could be used to create empty files, existing files would not be truncated. An attacker must have the ability to start containers using some kind of custom volume configuration. Containers using user namespaces are still affected, but the scope of places an attacker can create inodes can be significantly reduced. Sufficiently strict LSM policies (SELinux/Apparmor) can also in principle block this attack -- we suspect the industry standard SELinux policy may restrict this attack's scope but the exact scope of protection hasn't been analysed. This is exploitable using runc directly as well as through Docker and Kubernetes. The issue is fixed in runc v1.1.14 and v1.2.0-rc3.\n\nSome workarounds are available. Using user namespaces restricts this attack fairly significantly such that the attacker can only create inodes in directories that the remapped root user/group has write access to. Unless the root user is remapped to an actual\nuser on the host (such as with rootless containers that don't use `/etc/sub[ug]id`), this in practice means that an attacker would only be able to create inodes in world-writable directories. A strict enough SELinux or AppArmor policy could in principle also restrict the scope if a specific label is applied to the runc runtime, though neither the extent to which the standard existing policies block this attack nor what exact policies are needed to sufficiently restrict this attack have been thoroughly tested.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-61", + "CWE-363" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 1, + "cbl-mariner": 1, + "ghsa": 2, + "nvd": 1, + "photon": 1, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/U:Green", + "V3Score": 3.6, + "V40Score": 4.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "V3Score": 3.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "V3Score": 3.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/09/03/1", + "https://access.redhat.com/security/cve/CVE-2024-45310", + "https://github.com/opencontainers/runc", + "https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7", + "https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e", + "https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf", + "https://github.com/opencontainers/runc/pull/4359", + "https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv", + "https://nvd.nist.gov/vuln/detail/CVE-2024-45310", + "https://security.netapp.com/advisory/ntap-20250221-0008", + "https://security.netapp.com/advisory/ntap-20250221-0008/", + "https://www.cve.org/CVERecord?id=CVE-2024-45310", + "https://www.openwall.com/lists/oss-security/2024/09/03/1" + ], + "PublishedDate": "2024-09-03T19:15:15.243Z", + "LastModifiedDate": "2025-11-25T14:07:27.74Z" + }, + { + "VulnerabilityID": "CVE-2022-29526", + "VendorIDs": [ + "GHSA-p782-xgp4-8hr8" + ], + "PkgID": "golang.org/x/sys@v0.0.0-20210817142637-7d9622a276b7", + "PkgName": "golang.org/x/sys", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/sys@v0.0.0-20210817142637-7d9622a276b7", + "UID": "9f8e6d3b2db2ec49" + }, + "InstalledVersion": "v0.0.0-20210817142637-7d9622a276b7", + "FixedVersion": "0.0.0-20220412211240-33da011f77ad", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-29526", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:7077e32ac241117b3be3937a652d44c8dbce7d5c7d6e69a4862ac48590d170fe", + "Title": "golang: syscall: faccessat checks wrong group", + "Description": "Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-269" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "ghsa": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.2 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-29526", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24675", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28327", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30629", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://errata.rockylinux.org/RLSA-2022:5799", + "https://github.com/golang/go", + "https://github.com/golang/go/commit/f66925e854e71e0c54b581885380a490d7afa30c", + "https://github.com/golang/go/issues/52313", + "https://go.dev/cl/399539", + "https://go.dev/cl/400074", + "https://go.dev/issue/52313", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU", + "https://linux.oracle.com/cve/CVE-2022-29526.html", + "https://linux.oracle.com/errata/ELSA-2022-5337.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR", + "https://nvd.nist.gov/vuln/detail/CVE-2022-29526", + "https://pkg.go.dev/vuln/GO-2022-0493", + "https://security.gentoo.org/glsa/202208-02", + "https://security.netapp.com/advisory/ntap-20220729-0001", + "https://security.netapp.com/advisory/ntap-20220729-0001/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://www.cve.org/CVERecord?id=CVE-2022-29526" + ], + "PublishedDate": "2022-06-23T17:15:12.747Z", + "LastModifiedDate": "2024-11-21T06:59:15.563Z" + }, + { + "VulnerabilityID": "CVE-2022-23806", + "VendorIDs": [ + "GO-2021-0319" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.16.14, 1.17.7", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-23806", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9cbae64c748e8eed132183466377c2865dc249f54dcbac4af51ac00967729870", + "Title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements", + "Description": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-252" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 4, + "bitnami": 4, + "cbl-mariner": 4, + "nvd": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "V3Score": 9.1 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38297.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39293.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41771.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41772.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23772.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23773.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23806.json", + "https://access.redhat.com/security/cve/CVE-2022-23806", + "https://errata.almalinux.org/8/ALSA-2022-1819.html", + "https://go.dev/cl/382455", + "https://go.dev/issue/50974", + "https://go.googlesource.com/go/+/7f9494c277a471f6f47f4af3036285c0b1419816", + "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", + "https://linux.oracle.com/cve/CVE-2022-23806.html", + "https://linux.oracle.com/errata/ELSA-2022-1819.html", + "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html", + "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html", + "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-23806", + "https://pkg.go.dev/vuln/GO-2021-0319", + "https://security.gentoo.org/glsa/202208-02", + "https://security.netapp.com/advisory/ntap-20220225-0006/", + "https://www.cve.org/CVERecord?id=CVE-2022-23806", + "https://www.oracle.com/security-alerts/cpujul2022.html" + ], + "PublishedDate": "2022-02-11T01:15:07.747Z", + "LastModifiedDate": "2024-11-21T06:49:17.407Z" + }, + { + "VulnerabilityID": "CVE-2023-24538", + "VendorIDs": [ + "GO-2023-1703" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.8, 1.20.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24538", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ba13741997a8cf16d0f4e20a7dbf2704e4688620e6c0ed7ed38a3acc9aee0cb3", + "Title": "golang: html/template: backticks not treated as string delimiters", + "Description": "Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. \"var a = {{.}}\"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-94" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 4, + "bitnami": 4, + "cbl-mariner": 4, + "nvd": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24538", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/20374d1d759bc4e17486bde1cb9dca5be37d9e52 (go1.20.3)", + "https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b (go1.19.8)", + "https://github.com/golang/go/issues/59234", + "https://go.dev/cl/482079", + "https://go.dev/issue/59234", + "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", + "https://linux.oracle.com/cve/CVE-2023-24538.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24538", + "https://pkg.go.dev/vuln/GO-2023-1703", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20241115-0007/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24538" + ], + "PublishedDate": "2023-04-06T16:15:07.8Z", + "LastModifiedDate": "2025-02-12T17:15:14.19Z" + }, + { + "VulnerabilityID": "CVE-2023-24540", + "VendorIDs": [ + "GO-2023-1752" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.9, 1.20.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24540", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d4aaf45671e59cbf1bdc0301ecea3ed227cf55fb7677fc0c815b8baa80d27d4e", + "Title": "golang: html/template: improper handling of JavaScript whitespace", + "Description": "Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-77" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 4, + "nvd": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 3, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24540", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/4a28cad66655ee01c6e944271e23c33cab021765 (go1.20.4)", + "https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 (go1.19.9)", + "https://github.com/golang/go/issues/59721", + "https://go.dev/cl/491616", + "https://go.dev/issue/59721", + "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", + "https://linux.oracle.com/cve/CVE-2023-24540.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24540", + "https://pkg.go.dev/vuln/GO-2023-1752", + "https://security.netapp.com/advisory/ntap-20241115-0008/", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24540" + ], + "PublishedDate": "2023-05-11T16:15:09.687Z", + "LastModifiedDate": "2025-01-24T17:15:10.893Z" + }, + { + "VulnerabilityID": "CVE-2024-24790", + "VendorIDs": [ + "GO-2024-2887" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.21.11, 1.22.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24790", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:60b31dc984c9612b6f157002820f95fb662b3614c6914369ecd1c2810aad0eb1", + "Title": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses", + "Description": "The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.", + "Severity": "CRITICAL", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 4, + "nvd": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 6.7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/06/04/1", + "https://access.redhat.com/errata/RHSA-2025:7256", + "https://access.redhat.com/security/cve/CVE-2024-24790", + "https://bugzilla.redhat.com/2237777", + "https://bugzilla.redhat.com/2237778", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2292787", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/2315719", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", + "https://errata.almalinux.org/9/ALSA-2025-7256.html", + "https://errata.rockylinux.org/RLSA-2025:7256", + "https://github.com/golang/go/commit/051bdf3fd12a40307606ff9381138039c5f452f0 (1.21)", + "https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca (1.22)", + "https://github.com/golang/go/issues/67680", + "https://go.dev/cl/590316", + "https://go.dev/issue/67680", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", + "https://linux.oracle.com/cve/CVE-2024-24790.html", + "https://linux.oracle.com/errata/ELSA-2025-7256.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24790", + "https://pkg.go.dev/vuln/GO-2024-2887", + "https://security.netapp.com/advisory/ntap-20240905-0002/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24790" + ], + "PublishedDate": "2024-06-05T16:15:10.56Z", + "LastModifiedDate": "2024-11-21T08:59:42.813Z" + }, + { + "VulnerabilityID": "CVE-2025-68121", + "VendorIDs": [ + "GO-2026-4337" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c459470ee439dc9e6152908a75cb25dfdef47c1168eee506295be62533fb1bd4", + "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", + "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 4, + "cbl-mariner": 2, + "nvd": 4, + "oracle-oval": 3, + "photon": 4, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-68121", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://github.com/golang/go/issues/77113", + "https://go.dev/cl/737700", + "https://go.dev/issue/77217", + "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-68121.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", + "https://pkg.go.dev/vuln/GO-2026-4337", + "https://www.cve.org/CVERecord?id=CVE-2025-68121" + ], + "PublishedDate": "2026-02-05T18:16:10.857Z", + "LastModifiedDate": "2026-04-29T14:16:16.17Z" + }, + { + "VulnerabilityID": "CVE-2021-39293", + "VendorIDs": [ + "GO-2022-0273" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.16.8, 1.17.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-39293", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:99569ae912f003f3c8086b9059682006ff5586edfbec582a405e4c98b3a27db3", + "Title": "golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)", + "Description": "In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38297.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39293.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41771.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41772.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23772.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23773.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23806.json", + "https://access.redhat.com/security/cve/CVE-2021-39293", + "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf", + "https://errata.almalinux.org/8/ALSA-2022-1819.html", + "https://go.dev/cl/343434", + "https://go.dev/issue/47801", + "https://go.googlesource.com/go/+/bacbc33439b124ffd7392c91a5f5d96eca8c0c0b", + "https://groups.google.com/g/golang-announce/c/dx9d7IOseHw", + "https://linux.oracle.com/cve/CVE-2021-39293.html", + "https://linux.oracle.com/errata/ELSA-2022-1819.html", + "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-39293", + "https://pkg.go.dev/vuln/GO-2022-0273", + "https://security.netapp.com/advisory/ntap-20220217-0009/", + "https://www.cve.org/CVERecord?id=CVE-2021-39293" + ], + "PublishedDate": "2022-01-24T01:15:07.92Z", + "LastModifiedDate": "2024-11-21T06:19:08.18Z" + }, + { + "VulnerabilityID": "CVE-2021-41771", + "VendorIDs": [ + "GO-2021-0263" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.16.10, 1.17.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-41771", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:62b6e7e510f71e5bf6592f72bcb0d5669c5c4b112e1e009d732383e996fbc9ca", + "Title": "golang: debug/macho: invalid dynamic symbol table command can cause panic", + "Description": "ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38297.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39293.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41771.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41772.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23772.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23773.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23806.json", + "https://access.redhat.com/security/cve/CVE-2021-41771", + "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", + "https://errata.almalinux.org/8/ALSA-2022-1819.html", + "https://go.dev/cl/367075", + "https://go.dev/issue/48990", + "https://go.googlesource.com/go/+/61536ec03063b4951163bd09609c86d82631fa27", + "https://groups.google.com/g/golang-announce/c/0fM21h43arc", + "https://linux.oracle.com/cve/CVE-2021-41771.html", + "https://linux.oracle.com/errata/ELSA-2022-1819.html", + "https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html", + "https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html", + "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OFS3M3OFB24SWPTIAPARKGPUMQVUY6Z/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ON7BQRRJZBOR5TJHURBAB3WLF4YXFC6Z/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-41771", + "https://pkg.go.dev/vuln/GO-2021-0263", + "https://security.gentoo.org/glsa/202208-02", + "https://security.netapp.com/advisory/ntap-20211210-0003/", + "https://www.cve.org/CVERecord?id=CVE-2021-41771", + "https://www.oracle.com/security-alerts/cpujul2022.html" + ], + "PublishedDate": "2021-11-08T06:15:08.057Z", + "LastModifiedDate": "2024-11-21T06:26:44.027Z" + }, + { + "VulnerabilityID": "CVE-2021-41772", + "VendorIDs": [ + "GO-2021-0264" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.16.10, 1.17.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-41772", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3825f9aae9819a3f9386596ac617c1878dc1ede5412bdbf94b63705ac13e35be", + "Title": "golang: archive/zip: Reader.Open panics on empty string", + "Description": "Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-20" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38297.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39293.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41771.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41772.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23772.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23773.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23806.json", + "https://access.redhat.com/security/cve/CVE-2021-41772", + "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", + "https://errata.almalinux.org/8/ALSA-2022-1819.html", + "https://go.dev/cl/349770", + "https://go.dev/issue/48085", + "https://go.googlesource.com/go/+/b24687394b55a93449e2be4e6892ead58ea9a10f", + "https://groups.google.com/g/golang-announce/c/0fM21h43arc", + "https://linux.oracle.com/cve/CVE-2021-41772.html", + "https://linux.oracle.com/errata/ELSA-2022-1819.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OFS3M3OFB24SWPTIAPARKGPUMQVUY6Z/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ON7BQRRJZBOR5TJHURBAB3WLF4YXFC6Z/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-41772", + "https://pkg.go.dev/vuln/GO-2021-0264", + "https://security.gentoo.org/glsa/202208-02", + "https://security.netapp.com/advisory/ntap-20211210-0003/", + "https://www.cve.org/CVERecord?id=CVE-2021-41772", + "https://www.oracle.com/security-alerts/cpujul2022.html" + ], + "PublishedDate": "2021-11-08T06:15:08.107Z", + "LastModifiedDate": "2024-11-21T06:26:44.223Z" + }, + { + "VulnerabilityID": "CVE-2021-44716", + "VendorIDs": [ + "GHSA-vc3p-29h2-gpcp", + "GO-2022-0288" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.16.12, 1.17.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-44716", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5c90dfbb0e5e652218c2a09559411dd43eb276a3f461b75f4d37c2613075182d", + "Title": "golang: net/http: limit growth of header canonicalization cache", + "Description": "net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-44716", + "https://bugzilla.redhat.com/show_bug.cgi?id=2030801", + "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44716", + "https://errata.rockylinux.org/RLSA-2022:0001", + "https://github.com/golang/go/commit/48d948963c5ce7add72af5665a871caff6c1d35a (go1.17.5)", + "https://github.com/golang/net/commit/491a49abca63de5e07ef554052d180a1b5fe2d70", + "https://go.dev/cl/369794", + "https://go.dev/issue/50058", + "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", + "https://groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ", + "https://linux.oracle.com/cve/CVE-2021-44716.html", + "https://linux.oracle.com/errata/ELSA-2022-0001.html", + "https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html", + "https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html", + "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-44716", + "https://pkg.go.dev/vuln/GO-2022-0288", + "https://security.gentoo.org/glsa/202208-02", + "https://security.netapp.com/advisory/ntap-20220121-0002", + "https://security.netapp.com/advisory/ntap-20220121-0002/", + "https://www.cve.org/CVERecord?id=CVE-2021-44716" + ], + "PublishedDate": "2022-01-01T05:15:08.307Z", + "LastModifiedDate": "2024-11-21T06:31:26.96Z" + }, + { + "VulnerabilityID": "CVE-2022-23772", + "VendorIDs": [ + "GO-2021-0317" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.16.14, 1.17.7", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-23772", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1cf6103b28c2858c5460e4a73846c144b45e7b3e667d5e979dcb28ef7de5211c", + "Title": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString", + "Description": "Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38297.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39293.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41771.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41772.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23772.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23773.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23806.json", + "https://access.redhat.com/security/cve/CVE-2022-23772", + "https://errata.almalinux.org/8/ALSA-2022-1819.html", + "https://go.dev/cl/379537", + "https://go.dev/issue/50699", + "https://go.googlesource.com/go/+/ad345c265916bbf6c646865e4642eafce6d39e78", + "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", + "https://linux.oracle.com/cve/CVE-2022-23772.html", + "https://linux.oracle.com/errata/ELSA-2022-1819.html", + "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html", + "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-23772", + "https://pkg.go.dev/vuln/GO-2021-0317", + "https://security.gentoo.org/glsa/202208-02", + "https://security.netapp.com/advisory/ntap-20220225-0006/", + "https://www.cve.org/CVERecord?id=CVE-2022-23772", + "https://www.oracle.com/security-alerts/cpujul2022.html" + ], + "PublishedDate": "2022-02-11T01:15:07.657Z", + "LastModifiedDate": "2024-11-21T06:49:15.127Z" + }, + { + "VulnerabilityID": "CVE-2022-24675", + "VendorIDs": [ + "GO-2022-0433" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.9, 1.18.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-24675", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9965f691f18dbfea9d6fc41f3749753b748639835c59b8f630cc483973b1a302", + "Title": "golang: encoding/pem: fix stack overflow in Decode", + "Description": "encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-24675", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", + "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24675", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28327", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30629", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://errata.rockylinux.org/RLSA-2022:5799", + "https://go.dev/cl/399820", + "https://go.dev/issue/51853", + "https://go.googlesource.com/go/+/45c3387d777caf28f4b992ad9a6216e3085bb8fe", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/oecdBNLOml8", + "https://linux.oracle.com/cve/CVE-2022-24675.html", + "https://linux.oracle.com/errata/ELSA-2022-5337.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-24675", + "https://pkg.go.dev/vuln/GO-2022-0433", + "https://security.gentoo.org/glsa/202208-02", + "https://security.netapp.com/advisory/ntap-20220915-0010/", + "https://www.cve.org/CVERecord?id=CVE-2022-24675" + ], + "PublishedDate": "2022-04-20T10:15:07.93Z", + "LastModifiedDate": "2024-11-21T06:50:50.78Z" + }, + { + "VulnerabilityID": "CVE-2022-24921", + "VendorIDs": [ + "GO-2021-0347" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.16.15, 1.17.8", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-24921", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:58676bdef07a0196016da531117327096b1c27806e8e2c817df010bd79704904", + "Title": "golang: regexp: stack exhaustion via a deeply nested expression", + "Description": "regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-24921", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", + "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24675", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28327", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30629", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://errata.rockylinux.org/RLSA-2022:5799", + "https://go.dev/cl/384616", + "https://go.dev/issue/51112", + "https://go.googlesource.com/go/+/452f24ae94f38afa3704d4361d91d51218405c0a", + "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk", + "https://linux.oracle.com/cve/CVE-2022-24921.html", + "https://linux.oracle.com/errata/ELSA-2022-9363.html", + "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html", + "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html", + "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-24921", + "https://pkg.go.dev/vuln/GO-2021-0347", + "https://security.gentoo.org/glsa/202208-02", + "https://security.netapp.com/advisory/ntap-20220325-0010/", + "https://www.cve.org/CVERecord?id=CVE-2022-24921" + ], + "PublishedDate": "2022-03-05T20:15:08.323Z", + "LastModifiedDate": "2024-11-21T06:51:23.59Z" + }, + { + "VulnerabilityID": "CVE-2022-27664", + "VendorIDs": [ + "GHSA-69cg-p879-7622", + "GO-2022-0969" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.18.6, 1.19.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:87afd35453b7aa9bb00f993eeee667bf03cdd6a21e02000b3b7d20175d4e128d", + "Title": "golang: net/http: handle server errors after sending GOAWAY", + "Description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-27664", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", + "https://cs.opensource.google/go/x/net", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:7129", + "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)", + "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)", + "https://github.com/golang/go/issues/54658", + "https://go.dev/cl/428735", + "https://go.dev/issue/54658", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-27664.html", + "https://linux.oracle.com/errata/ELSA-2024-0121.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", + "https://pkg.go.dev/vuln/GO-2022-0969", + "https://security.gentoo.org/glsa/202209-26", + "https://security.netapp.com/advisory/ntap-20220923-0004", + "https://security.netapp.com/advisory/ntap-20220923-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://ubuntu.com/security/notices/USN-8089-1", + "https://ubuntu.com/security/notices/USN-8089-2", + "https://ubuntu.com/security/notices/USN-8089-3", + "https://www.cve.org/CVERecord?id=CVE-2022-27664" + ], + "PublishedDate": "2022-09-06T18:15:12.747Z", + "LastModifiedDate": "2024-11-21T06:56:07.703Z" + }, + { + "VulnerabilityID": "CVE-2022-28131", + "VendorIDs": [ + "GO-2022-0521" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.12, 1.18.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-28131", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ead4cef14ebdd659423a18f57136db99211cefeefbbaec63afaf32291516bcf4", + "Title": "golang: encoding/xml: stack exhaustion in Decoder.Skip", + "Description": "Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:8057", + "https://access.redhat.com/security/cve/CVE-2022-28131", + "https://bugzilla.redhat.com/2044628", + "https://bugzilla.redhat.com/2045880", + "https://bugzilla.redhat.com/2050648", + "https://bugzilla.redhat.com/2050742", + "https://bugzilla.redhat.com/2050743", + "https://bugzilla.redhat.com/2065290", + "https://bugzilla.redhat.com/2107342", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107376", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2107390", + "https://bugzilla.redhat.com/2107392", + "https://bugzilla.redhat.com/show_bug.cgi?id=2044628", + "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", + "https://bugzilla.redhat.com/show_bug.cgi?id=2050648", + "https://bugzilla.redhat.com/show_bug.cgi?id=2050742", + "https://bugzilla.redhat.com/show_bug.cgi?id=2050743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2055349", + "https://bugzilla.redhat.com/show_bug.cgi?id=2065290", + "https://bugzilla.redhat.com/show_bug.cgi?id=2104367", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23648", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21673", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21698", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21702", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21703", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21713", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://errata.almalinux.org/9/ALSA-2022-8057.html", + "https://errata.rockylinux.org/RLSA-2022:8057", + "https://github.com/golang/go/commit/90f040ec510dd678b7860d70ca77e5682f4c7e96", + "https://go.dev/cl/417062", + "https://go.dev/issue/53614", + "https://go.googlesource.com/go/+/08c46ed43d80bbb67cb904944ea3417989be4af3", + "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", + "https://linux.oracle.com/cve/CVE-2022-28131.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-28131", + "https://pkg.go.dev/vuln/GO-2022-0521", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://www.cve.org/CVERecord?id=CVE-2022-28131" + ], + "PublishedDate": "2022-08-10T20:15:32.767Z", + "LastModifiedDate": "2024-11-21T06:56:48.57Z" + }, + { + "VulnerabilityID": "CVE-2022-28327", + "VendorIDs": [ + "GO-2022-0435" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.9, 1.18.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-28327", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ca44594540f3dc4840863e4b27396c86bd908785967fd032f9733724e8d50689", + "Title": "golang: crypto/elliptic: panic caused by oversized scalar", + "Description": "The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.", + "Severity": "HIGH", + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-28327", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", + "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24675", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28327", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30629", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://errata.rockylinux.org/RLSA-2022:5799", + "https://go.dev/cl/397135", + "https://go.dev/issue/52075", + "https://go.googlesource.com/go/+/37065847d87df92b5eb246c88ba2085efcf0b331", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/oecdBNLOml8", + "https://linux.oracle.com/cve/CVE-2022-28327.html", + "https://linux.oracle.com/errata/ELSA-2022-5337.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NY6GEAJMNKKMU5H46QO4D7D6A24KSPXE/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-28327", + "https://pkg.go.dev/vuln/GO-2022-0435", + "https://security.gentoo.org/glsa/202208-02", + "https://security.netapp.com/advisory/ntap-20220915-0010/", + "https://www.cve.org/CVERecord?id=CVE-2022-28327" + ], + "PublishedDate": "2022-04-20T10:15:08.03Z", + "LastModifiedDate": "2024-11-21T06:57:10.2Z" + }, + { + "VulnerabilityID": "CVE-2022-2879", + "VendorIDs": [ + "GO-2022-1037" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.18.7, 1.19.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2879", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:42766c2a9617363abd27436b723c3109e43d2704e429be31044fc32f144582e0", + "Title": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers", + "Description": "Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2204", + "https://access.redhat.com/security/cve/CVE-2022-2879", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132867", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2149311", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://errata.almalinux.org/9/ALSA-2023-2204.html", + "https://errata.rockylinux.org/RLSA-2023:0328", + "https://github.com/golang/go/commit/0a723816cd205576945fa57fbdde7e6532d59d08 (go1.18.7)", + "https://github.com/golang/go/commit/4fa773cdefd20be093c84f731be7d4febf5536fa (go1.19.2)", + "https://github.com/golang/go/issues/54853", + "https://github.com/vbatts/tar-split/releases/tag/v0.12.1", + "https://go.dev/cl/439355", + "https://go.dev/issue/54853", + "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", + "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", + "https://linux.oracle.com/cve/CVE-2022-2879.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-2879", + "https://pkg.go.dev/vuln/GO-2022-1037", + "https://security.gentoo.org/glsa/202311-09", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://www.cve.org/CVERecord?id=CVE-2022-2879" + ], + "PublishedDate": "2022-10-14T15:15:17.647Z", + "LastModifiedDate": "2024-11-21T07:01:51.487Z" + }, + { + "VulnerabilityID": "CVE-2022-2880", + "VendorIDs": [ + "GO-2022-1038" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.18.7, 1.19.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2880", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b2c717c2361d4d5cb8762f5a4f94004ee958ddaaa08f0f1ad3c97b3e02f07ead", + "Title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters", + "Description": "Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-444" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-2880", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2149311", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2023:0328", + "https://github.com/golang/go/commit/9d2c73a9fd69e45876509bb3bdb2af99bf77da1e (go1.18.7)", + "https://github.com/golang/go/commit/f6d844510d5f1e3b3098eba255d9b633d45eac3b (go1.19.2)", + "https://github.com/golang/go/issues/54663", + "https://go.dev/cl/432976", + "https://go.dev/issue/54663", + "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", + "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", + "https://linux.oracle.com/cve/CVE-2022-2880.html", + "https://linux.oracle.com/errata/ELSA-2024-3254.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-2880", + "https://pkg.go.dev/vuln/GO-2022-1038", + "https://security.gentoo.org/glsa/202311-09", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://www.cve.org/CVERecord?id=CVE-2022-2880" + ], + "PublishedDate": "2022-10-14T15:15:18.09Z", + "LastModifiedDate": "2024-11-21T07:01:51.61Z" + }, + { + "VulnerabilityID": "CVE-2022-29804", + "VendorIDs": [ + "GO-2022-0533" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.11, 1.18.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-29804", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:70ca816504b69e64be8ff94c09e0b504417317fc89d55a0f3ec0f68304727cd8", + "Title": "ELSA-2022-17957: ol8addon security update (IMPORTANT)", + "Description": "Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/401595", + "https://go.dev/issue/52476", + "https://go.googlesource.com/go/+/9cd1818a7d019c02fa4898b3e45a323e35033290", + "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", + "https://linux.oracle.com/cve/CVE-2022-29804.html", + "https://linux.oracle.com/errata/ELSA-2022-17957.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-29804", + "https://pkg.go.dev/vuln/GO-2022-0533" + ], + "PublishedDate": "2022-08-10T20:15:34.89Z", + "LastModifiedDate": "2024-11-21T06:59:42.8Z" + }, + { + "VulnerabilityID": "CVE-2022-30580", + "VendorIDs": [ + "GO-2022-0532" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.11, 1.18.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30580", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:342b9814a7093362462314331ae3dfc7388f6bc5f092e07f82a7d4ca59dbd74a", + "Title": "golang: os/exec: Code injection in Cmd.Start", + "Description": "Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either \"..com\" or \"..exe\" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-94" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-30580", + "https://go.dev/cl/403759", + "https://go.dev/issue/52574", + "https://go.googlesource.com/go/+/960ffa98ce73ef2c2060c84c7ac28d37a83f345e", + "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", + "https://linux.oracle.com/cve/CVE-2022-30580.html", + "https://linux.oracle.com/errata/ELSA-2022-17957.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-30580", + "https://pkg.go.dev/vuln/GO-2022-0532", + "https://www.cve.org/CVERecord?id=CVE-2022-30580" + ], + "PublishedDate": "2022-08-10T20:15:40.227Z", + "LastModifiedDate": "2026-03-06T18:16:11.913Z" + }, + { + "VulnerabilityID": "CVE-2022-30630", + "VendorIDs": [ + "GO-2022-0527" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.12, 1.18.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30630", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7a023b35951286e85c4038b39893da626d510cb9cfb0b26620be0ff44b6df68c", + "Title": "golang: io/fs: stack exhaustion in Glob", + "Description": "Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2180", + "https://access.redhat.com/security/cve/CVE-2022-30630", + "https://bugzilla.redhat.com/2107342", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://errata.almalinux.org/9/ALSA-2024-2180.html", + "https://errata.rockylinux.org/RLSA-2022:8250", + "https://github.com/golang/go/commit/315e80d293b684ac2902819e58f618f1b5a14d49 (1.18)", + "https://go.dev/cl/417065", + "https://go.dev/issue/53415", + "https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59", + "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", + "https://linux.oracle.com/cve/CVE-2022-30630.html", + "https://linux.oracle.com/errata/ELSA-2024-2180.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-30630", + "https://pkg.go.dev/vuln/GO-2022-0527", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://www.cve.org/CVERecord?id=CVE-2022-30630" + ], + "PublishedDate": "2022-08-10T20:15:40.977Z", + "LastModifiedDate": "2026-03-06T18:16:13.45Z" + }, + { + "VulnerabilityID": "CVE-2022-30631", + "VendorIDs": [ + "GO-2022-0524" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.12, 1.18.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30631", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7cb7508b8641ecd44b0922ebe4aa2c7a93061572a27376a8ce60df24b74adfbe", + "Title": "golang: compress/gzip: stack exhaustion in Reader.Read", + "Description": "Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2180", + "https://access.redhat.com/security/cve/CVE-2022-30631", + "https://bugzilla.redhat.com/2107342", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://errata.almalinux.org/9/ALSA-2024-2180.html", + "https://errata.rockylinux.org/RLSA-2022:8250", + "https://github.com/golang/go/commit/8e27a8ac4c001c27713810b75925aa3794049c48 (1.18)", + "https://go.dev/cl/417067", + "https://go.dev/issue/53168", + "https://go.googlesource.com/go/+/b2b8872c876201eac2d0707276c6999ff3eb185e", + "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", + "https://linux.oracle.com/cve/CVE-2022-30631.html", + "https://linux.oracle.com/errata/ELSA-2024-2180.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-30631", + "https://pkg.go.dev/vuln/GO-2022-0524", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://www.cve.org/CVERecord?id=CVE-2022-30631" + ], + "PublishedDate": "2022-08-10T20:15:41.373Z", + "LastModifiedDate": "2025-10-20T18:15:36.863Z" + }, + { + "VulnerabilityID": "CVE-2022-30632", + "VendorIDs": [ + "GO-2022-0522" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.12, 1.18.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30632", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f27af4e81eeb8da72d20085930b838365f5f8642343bec4db07151b7f43f3d64", + "Title": "golang: path/filepath: stack exhaustion in Glob", + "Description": "Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2180", + "https://access.redhat.com/security/cve/CVE-2022-30632", + "https://bugzilla.redhat.com/2107342", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://errata.almalinux.org/9/ALSA-2024-2180.html", + "https://errata.rockylinux.org/RLSA-2022:8250", + "https://github.com/golang/go/commit/5ebd862b1714dad1544bd10a24c47cdb53ad7f46 (1.18)", + "https://go.dev/cl/417066", + "https://go.dev/issue/53416", + "https://go.googlesource.com/go/+/ac68c6c683409f98250d34ad282b9e1b0c9095ef", + "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", + "https://linux.oracle.com/cve/CVE-2022-30632.html", + "https://linux.oracle.com/errata/ELSA-2024-2180.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-30632", + "https://pkg.go.dev/vuln/GO-2022-0522", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://www.cve.org/CVERecord?id=CVE-2022-30632" + ], + "PublishedDate": "2022-08-10T20:15:41.877Z", + "LastModifiedDate": "2024-11-21T07:03:04.097Z" + }, + { + "VulnerabilityID": "CVE-2022-30633", + "VendorIDs": [ + "GO-2022-0523" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.12, 1.18.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30633", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c8cabc3f0806d68609c66a4a661740b76b4d5e91bedbfe163918efd0a1dde75e", + "Title": "golang: encoding/xml: stack exhaustion in Unmarshal", + "Description": "Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:8057", + "https://access.redhat.com/security/cve/CVE-2022-30633", + "https://bugzilla.redhat.com/2044628", + "https://bugzilla.redhat.com/2045880", + "https://bugzilla.redhat.com/2050648", + "https://bugzilla.redhat.com/2050742", + "https://bugzilla.redhat.com/2050743", + "https://bugzilla.redhat.com/2065290", + "https://bugzilla.redhat.com/2107342", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107376", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2107390", + "https://bugzilla.redhat.com/2107392", + "https://bugzilla.redhat.com/show_bug.cgi?id=2044628", + "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", + "https://bugzilla.redhat.com/show_bug.cgi?id=2050648", + "https://bugzilla.redhat.com/show_bug.cgi?id=2050742", + "https://bugzilla.redhat.com/show_bug.cgi?id=2050743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2055349", + "https://bugzilla.redhat.com/show_bug.cgi?id=2065290", + "https://bugzilla.redhat.com/show_bug.cgi?id=2104367", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23648", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21673", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21698", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21702", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21703", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21713", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://errata.almalinux.org/9/ALSA-2022-8057.html", + "https://errata.rockylinux.org/RLSA-2022:8057", + "https://github.com/golang/go/commit/2924ced71d16297320e8ff18829c2038e6ad8d9b (1.18)", + "https://go.dev/cl/417061", + "https://go.dev/issue/53611", + "https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08", + "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", + "https://linux.oracle.com/cve/CVE-2022-30633.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-30633", + "https://pkg.go.dev/vuln/GO-2022-0523", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://www.cve.org/CVERecord?id=CVE-2022-30633" + ], + "PublishedDate": "2022-08-10T20:15:42.21Z", + "LastModifiedDate": "2026-03-06T18:16:13.833Z" + }, + { + "VulnerabilityID": "CVE-2022-30634", + "VendorIDs": [ + "GO-2022-0477" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.11, 1.18.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30634", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:26f822c19ebc8bcbecfb72bc8129009d326719638096c4296044e824d0504f92", + "Title": "ELSA-2022-17957: ol8addon security update (IMPORTANT)", + "Description": "Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 \u003c\u003c 32 - 1 bytes.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/402257", + "https://go.dev/issue/52561", + "https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863", + "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", + "https://linux.oracle.com/cve/CVE-2022-30634.html", + "https://linux.oracle.com/errata/ELSA-2022-17957.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-30634", + "https://pkg.go.dev/vuln/GO-2022-0477" + ], + "PublishedDate": "2022-07-15T20:15:08.597Z", + "LastModifiedDate": "2024-11-21T07:03:04.353Z" + }, + { + "VulnerabilityID": "CVE-2022-30635", + "VendorIDs": [ + "GO-2022-0526" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.12, 1.18.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30635", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:21be5ea0594f60724b6511f5ab6f7dd3bcbee7de5051043f873110782bb49da7", + "Title": "golang: encoding/gob: stack exhaustion in Decoder.Decode", + "Description": "Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-30635", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:8250", + "https://github.com/golang/go/commit/fb979a50823e5a0575cf6166b3f17a13364cbf81 (1.18)", + "https://go.dev/cl/417064", + "https://go.dev/issue/53615", + "https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7", + "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", + "https://linux.oracle.com/cve/CVE-2022-30635.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", + "https://pkg.go.dev/vuln/GO-2022-0526", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://www.cve.org/CVERecord?id=CVE-2022-30635" + ], + "PublishedDate": "2022-08-10T20:15:42.64Z", + "LastModifiedDate": "2026-03-06T18:16:14.177Z" + }, + { + "VulnerabilityID": "CVE-2022-32189", + "VendorIDs": [ + "GO-2022-0537" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.13, 1.18.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32189", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:0b9e226d42faf8c63037263f1ab92fd4e9e3fa1aba61630b6db7fa1f5c28f33d", + "Title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service", + "Description": "A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 1, + "rocky": 1, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-32189", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=2059869", + "https://bugzilla.redhat.com/show_bug.cgi?id=2059870", + "https://bugzilla.redhat.com/show_bug.cgi?id=2060061", + "https://bugzilla.redhat.com/show_bug.cgi?id=2062597", + "https://bugzilla.redhat.com/show_bug.cgi?id=2064087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2088459", + "https://bugzilla.redhat.com/show_bug.cgi?id=2105961", + "https://bugzilla.redhat.com/show_bug.cgi?id=2110864", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2123055", + "https://bugzilla.redhat.com/show_bug.cgi?id=2123210", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:7950", + "https://github.com/golang/go/commit/9240558e4f342fc6e98fec22de17c04b45089349 (1.18)", + "https://go.dev/cl/417774", + "https://go.dev/issue/53871", + "https://go.googlesource.com/go/+/055113ef364337607e3e72ed7d48df67fde6fc66", + "https://groups.google.com/g/golang-announce/c/YqYYG87xB10", + "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU", + "https://linux.oracle.com/cve/CVE-2022-32189.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32189", + "https://pkg.go.dev/vuln/GO-2022-0537", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://www.cve.org/CVERecord?id=CVE-2022-32189" + ], + "PublishedDate": "2022-08-10T20:15:47.507Z", + "LastModifiedDate": "2024-11-21T07:05:53.513Z" + }, + { + "VulnerabilityID": "CVE-2022-41715", + "VendorIDs": [ + "GO-2022-1039" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.18.7, 1.19.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41715", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2b3b2b59280e67cf4591a1c7e1eccf50c52bb1444faf79abc4a8ae4453ed17f0", + "Title": "golang: regexp/syntax: limit memory used by parsing regexps", + "Description": "Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2592", + "https://access.redhat.com/security/cve/CVE-2022-41715", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2149311", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://errata.almalinux.org/9/ALSA-2023-2592.html", + "https://errata.rockylinux.org/RLSA-2023:0328", + "https://github.com/golang/go/commit/645abfe529dc325e16daa17210640c2907d1c17a (go1.19.2)", + "https://github.com/golang/go/commit/e9017c2416ad0ef642f5e0c2eab2dbf3cba4d997 (go1.18.7)", + "https://github.com/golang/go/issues/55949", + "https://go.dev/cl/439356", + "https://go.dev/issue/55949", + "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", + "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", + "https://linux.oracle.com/cve/CVE-2022-41715.html", + "https://linux.oracle.com/errata/ELSA-2024-3254.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41715", + "https://pkg.go.dev/vuln/GO-2022-1039", + "https://security.gentoo.org/glsa/202311-09", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://www.cve.org/CVERecord?id=CVE-2022-41715" + ], + "PublishedDate": "2022-10-14T15:16:20.78Z", + "LastModifiedDate": "2024-11-21T07:23:43.367Z" + }, + { + "VulnerabilityID": "CVE-2022-41716", + "VendorIDs": [ + "GO-2022-1095" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.18.8, 1.19.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41716", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7b94f78ee26c9699e11eff028fbede52a2dadcb657f32b7db932a056fb086c63", + "Title": "Due to unsanitized NUL values, attackers may be able to maliciously se ...", + "Description": "Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string \"A=B\\x00C=D\" sets the variables \"A=B\" and \"C=D\".", + "Severity": "HIGH", + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/446916", + "https://go.dev/issue/56284", + "https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ", + "https://linux.oracle.com/cve/CVE-2022-41716.html", + "https://linux.oracle.com/errata/ELSA-2023-18908.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41716", + "https://pkg.go.dev/vuln/GO-2022-1095", + "https://security.netapp.com/advisory/ntap-20230120-0007/" + ], + "PublishedDate": "2022-11-02T16:15:11.15Z", + "LastModifiedDate": "2024-11-21T07:23:43.507Z" + }, + { + "VulnerabilityID": "CVE-2022-41720", + "VendorIDs": [ + "GO-2022-1143" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.18.9, 1.19.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41720", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4c0b38e344d59b3fe15077bf550dda699b9138a28e432240a4e748fba5e7d678", + "Title": "golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows", + "Description": "On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS(\"C:/tmp\").Open(\"COM1\") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS(\"\") has changed. Previously, an empty root was treated equivalently to \"/\", so os.DirFS(\"\").Open(\"tmp\") would open the path \"/tmp\". This now returns an error.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41720", + "https://go.dev/cl/455716", + "https://go.dev/issue/56694", + "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-41720.html", + "https://linux.oracle.com/errata/ELSA-2023-18908.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41720", + "https://pkg.go.dev/vuln/GO-2022-1143", + "https://www.cve.org/CVERecord?id=CVE-2022-41720" + ], + "PublishedDate": "2022-12-07T17:15:10.293Z", + "LastModifiedDate": "2025-04-23T16:15:25.373Z" + }, + { + "VulnerabilityID": "CVE-2022-41722", + "VendorIDs": [ + "GO-2023-1568" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.6, 1.20.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41722", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5c1818eb503635e192d7073b8a815be223ecbd563c2221de2f1ad7a5ec46acd3", + "Title": "golang: path/filepath: path-filepath filepath.Clean path traversal", + "Description": "A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as \"a/../c:/b\" into the valid path \"c:\\b\". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path \".\\c:\\b\".", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41722", + "https://go.dev/cl/468123", + "https://go.dev/issue/57274", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41722", + "https://pkg.go.dev/vuln/GO-2023-1568", + "https://www.cve.org/CVERecord?id=CVE-2022-41722" + ], + "PublishedDate": "2023-02-28T18:15:09.887Z", + "LastModifiedDate": "2024-11-21T07:23:44.303Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "VendorIDs": [ + "GHSA-vvpx-j8f3-3w6h", + "GO-2023-1571" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.6, 1.20.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5d07c115f59a9ae3c92d1aaa91771e45d9dbe4be27e9a7564a1ee4b628cdfbe5", + "Title": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://linux.oracle.com/cve/CVE-2022-41723.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230331-0010/", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://ubuntu.com/security/notices/USN-8089-1", + "https://ubuntu.com/security/notices/USN-8089-2", + "https://ubuntu.com/security/notices/USN-8089-3", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.couchbase.com/alerts", + "https://www.couchbase.com/alerts/", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:09.98Z", + "LastModifiedDate": "2025-05-05T16:15:20.433Z" + }, + { + "VulnerabilityID": "CVE-2022-41724", + "VendorIDs": [ + "GO-2023-1570" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.6, 1.20.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41724", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:fcf971526bbc647e429c4795eeb0e396758ac0a88e1d643a5424effad7fe02dd", + "Title": "golang: crypto/tls: large handshake records may cause panics", + "Description": "Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth \u003e= RequestClientCert).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2022-41724", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://go.dev/cl/468125", + "https://go.dev/issue/58001", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://linux.oracle.com/cve/CVE-2022-41724.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41724", + "https://pkg.go.dev/vuln/GO-2023-1570", + "https://security.gentoo.org/glsa/202311-09", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2022-41724" + ], + "PublishedDate": "2023-02-28T18:15:10.043Z", + "LastModifiedDate": "2024-11-21T07:23:44.603Z" + }, + { + "VulnerabilityID": "CVE-2022-41725", + "VendorIDs": [ + "GO-2023-1569" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.6, 1.20.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41725", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:78f833dac11e22b716598b9aab6ebd699f872e59ed5daaaec29d62262442702e", + "Title": "golang: net/http, mime/multipart: denial of service from excessive resource consumption", + "Description": "A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing \"up to maxMemory bytes +10MB (reserved for non-file parts) in memory\". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, \"If stored on disk, the File's underlying concrete type will be an *os.File.\". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2022-41725", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/5c55ac9bf1e5f779220294c843526536605f42ab [1.19]", + "https://go.dev/cl/468124", + "https://go.dev/issue/58006", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://linux.oracle.com/cve/CVE-2022-41725.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41725", + "https://pkg.go.dev/vuln/GO-2023-1569", + "https://security.gentoo.org/glsa/202311-09", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2022-41725" + ], + "PublishedDate": "2023-02-28T18:15:10.12Z", + "LastModifiedDate": "2024-11-21T07:23:44.733Z" + }, + { + "VulnerabilityID": "CVE-2023-24534", + "VendorIDs": [ + "GO-2023-1704" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.8, 1.20.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24534", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4ef6a8e9761fd2694eba1ef38494db1cf4e96102c188166298a2d551a6b67cae", + "Title": "golang: net/http, net/textproto: denial of service from excessive memory allocation", + "Description": "HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24534", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/3991f6c41c7dfd167e889234c0cf1d840475e93c (go1.20.3)", + "https://github.com/golang/go/commit/d6759e7a059f4208f07aa781402841d7ddaaef96 (go1.19.8)", + "https://go.dev/cl/481994", + "https://go.dev/issue/58975", + "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", + "https://linux.oracle.com/cve/CVE-2023-24534.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24534", + "https://pkg.go.dev/vuln/GO-2023-1704", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230526-0007/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24534" + ], + "PublishedDate": "2023-04-06T16:15:07.657Z", + "LastModifiedDate": "2025-02-12T18:15:19.837Z" + }, + { + "VulnerabilityID": "CVE-2023-24536", + "VendorIDs": [ + "GO-2023-1705" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.8, 1.20.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24536", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:38c1cc86fff275157c1d02a8131aa92eab0d7fba6b02b3d8bf31934c4ee2d5c2", + "Title": "golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption", + "Description": "Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24536", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/7917b5f31204528ea72e0629f0b7d52b35b27538 (go.1.19.8)", + "https://github.com/golang/go/commit/bf8c7c575c8a552d9d79deb29e80854dc88528d0 (go1.20.3)", + "https://go.dev/cl/482075", + "https://go.dev/cl/482076", + "https://go.dev/cl/482077", + "https://go.dev/issue/59153", + "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", + "https://linux.oracle.com/cve/CVE-2023-24536.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24536", + "https://pkg.go.dev/vuln/GO-2023-1705", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230526-0007/", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24536" + ], + "PublishedDate": "2023-04-06T16:15:07.71Z", + "LastModifiedDate": "2025-02-12T18:15:20.083Z" + }, + { + "VulnerabilityID": "CVE-2023-24537", + "VendorIDs": [ + "GO-2023-1702" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.8, 1.20.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24537", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:830fbec9d37c8045eaf6e00967380bc594f593ce9fecabbe39323ffbc9e2aea6", + "Title": "golang: go/parser: Infinite loop in parsing", + "Description": "Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24537", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/126a1d02da82f93ede7ce0bd8d3c51ef627f2104 (go1.19.8)", + "https://github.com/golang/go/commit/e7c4b07ecf6b367f1afc9cc48cde963829dd0aab (go1.20.3)", + "https://github.com/golang/go/issues/59180", + "https://go.dev/cl/482078", + "https://go.dev/issue/59180", + "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", + "https://linux.oracle.com/cve/CVE-2023-24537.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24537", + "https://pkg.go.dev/vuln/GO-2023-1702", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20241129-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24537" + ], + "PublishedDate": "2023-04-06T16:15:07.753Z", + "LastModifiedDate": "2025-02-12T17:15:13.973Z" + }, + { + "VulnerabilityID": "CVE-2023-24539", + "VendorIDs": [ + "GO-2023-1751" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.9, 1.20.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24539", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:72e9653f27e79605c69824822f4aa24b74e1ae44d2ef5ecbe201d134291eb64b", + "Title": "golang: html/template: improper sanitization of CSS values", + "Description": "Angle brackets (\u003c\u003e) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-74", + "CWE-94" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24539", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/090590fdccc8442728aa31601927da1bf2ef1288 (go1.20.4)", + "https://github.com/golang/go/commit/e49282327b05192e46086bf25fd3ac691205fe80 (go1.19.9)", + "https://github.com/golang/go/issues/59720", + "https://go.dev/cl/491615", + "https://go.dev/issue/59720", + "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", + "https://linux.oracle.com/cve/CVE-2023-24539.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24539", + "https://pkg.go.dev/vuln/GO-2023-1751", + "https://security.netapp.com/advisory/ntap-20241129-0005/", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24539" + ], + "PublishedDate": "2023-05-11T16:15:09.6Z", + "LastModifiedDate": "2025-01-24T17:15:10.67Z" + }, + { + "VulnerabilityID": "CVE-2023-29400", + "VendorIDs": [ + "GO-2023-1753" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.9, 1.20.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29400", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e2d71cac62575ad4343cb8f83ca96c12f8d8dd2e5fbff9a32f6b80b39a77101a", + "Title": "golang: html/template: improper handling of empty HTML attributes", + "Description": "Templates containing actions in unquoted HTML attributes (e.g. \"attr={{.}}\") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-74", + "CWE-94" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-29400", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/337dd75343145b74ed2073d793322eb4103b56ad (go1.20.4)", + "https://github.com/golang/go/commit/9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5 (go1.19.9)", + "https://github.com/golang/go/issues/59722", + "https://go.dev/cl/491617", + "https://go.dev/issue/59722", + "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", + "https://linux.oracle.com/cve/CVE-2023-29400.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29400", + "https://pkg.go.dev/vuln/GO-2023-1753", + "https://security.netapp.com/advisory/ntap-20241213-0005/", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29400" + ], + "PublishedDate": "2023-05-11T16:15:09.85Z", + "LastModifiedDate": "2025-01-24T17:15:12.747Z" + }, + { + "VulnerabilityID": "CVE-2023-29403", + "VendorIDs": [ + "GO-2023-1840" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.10, 1.20.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29403", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:76e5afe10c7625d790f1819b62886af77e4b932ac7643b576d1f1b518ec55c55", + "Title": "golang: runtime: unexpected behavior of setuid/setgid binaries", + "Description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-668" + ], + "VendorSeverity": { + "alma": 4, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 4, + "photon": 3, + "redhat": 3, + "rocky": 4, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3923", + "https://access.redhat.com/security/cve/CVE-2023-29403", + "https://bugzilla.redhat.com/2216965", + "https://bugzilla.redhat.com/2217562", + "https://bugzilla.redhat.com/2217565", + "https://bugzilla.redhat.com/2217569", + "https://bugzilla.redhat.com/show_bug.cgi?id=2216965", + "https://bugzilla.redhat.com/show_bug.cgi?id=2217562", + "https://bugzilla.redhat.com/show_bug.cgi?id=2217565", + "https://bugzilla.redhat.com/show_bug.cgi?id=2217569", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29402", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29403", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29405", + "https://errata.almalinux.org/9/ALSA-2023-3923.html", + "https://errata.rockylinux.org/RLSA-2023:3923", + "https://github.com/golang/go/commit/36144ba429ef2650940c72e7a0b932af3612d420 (go1.20.5)", + "https://github.com/golang/go/commit/a7b1cd452ddc69a6606c2f35ac5786dc892e62cb (go1.19.10)", + "https://github.com/golang/go/issues/60272", + "https://go.dev/cl/501223", + "https://go.dev/issue/60272", + "https://groups.google.com/g/golang-announce/c/q5135a9d924", + "https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ", + "https://linux.oracle.com/cve/CVE-2023-29403.html", + "https://linux.oracle.com/errata/ELSA-2023-3923.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZ2O6YCO2IZMZJELQGZYR2WAUNEDLYV6/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBS3IIK6ADV24C5ULQU55QLT2UE762ZX/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29403", + "https://pkg.go.dev/vuln/GO-2023-1840", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20241220-0009/", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29403" + ], + "PublishedDate": "2023-06-08T21:15:16.927Z", + "LastModifiedDate": "2025-01-06T20:15:25.82Z" + }, + { + "VulnerabilityID": "CVE-2023-39325", + "VendorIDs": [ + "GHSA-4374-p667-p6c8", + "GO-2023-2102" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.20.10, 1.21.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39325", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:12d710ff6a5075c72b494e08e169e02cd1c2ed22e45fd24abfb2cfa14fd9b172", + "Title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", + "Description": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "redhat": 3, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "golang.org/x/net", + "https://access.redhat.com/errata/RHSA-2023:6077", + "https://access.redhat.com/security/cve/CVE-2023-39325", + "https://access.redhat.com/security/cve/CVE-2023-44487", + "https://bugzilla.redhat.com/2242803", + "https://bugzilla.redhat.com/2243296", + "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243296", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487", + "https://errata.almalinux.org/9/ALSA-2023-6077.html", + "https://errata.rockylinux.org/RLSA-2023:6077", + "https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21]", + "https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20]", + "https://github.com/golang/go/issues/63417", + "https://go.dev/cl/534215", + "https://go.dev/cl/534235", + "https://go.dev/issue/63417", + "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", + "https://linux.oracle.com/cve/CVE-2023-39325.html", + "https://linux.oracle.com/errata/ELSA-2023-5867.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", + "https://pkg.go.dev/vuln/GO-2023-2102", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20231110-0008", + "https://security.netapp.com/advisory/ntap-20231110-0008/", + "https://ubuntu.com/security/notices/USN-6574-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", + "https://www.cve.org/CVERecord?id=CVE-2023-39325" + ], + "PublishedDate": "2023-10-11T22:15:09.88Z", + "LastModifiedDate": "2024-11-21T08:15:09.627Z" + }, + { + "VulnerabilityID": "CVE-2023-45283", + "VendorIDs": [ + "GO-2023-2185" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.20.11, 1.21.4, 1.20.12, 1.21.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:165df9d6435c3737e8c3e12db298e7001717a445f4bd71eff2bb88f5cf3b3977", + "Title": "The filepath package does not recognize paths with a \\??\\ prefix as sp ...", + "Description": "The filepath package does not recognize paths with a \\??\\ prefix as special. On Windows, a path beginning with \\??\\ is a Root Local Device path equivalent to a path beginning with \\\\?\\. Paths with a \\??\\ prefix may be used to access arbitrary locations on the system. For example, the path \\??\\c:\\x is equivalent to the more common path c:\\x. Before fix, Clean could convert a rooted path such as \\a\\..\\??\\b into the root local device path \\??\\b. Clean will now convert this to .\\??\\b. Similarly, Join(\\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \\??\\b. Join will now convert this to \\.\\??\\b. In addition, with fix, IsAbs now correctly reports paths beginning with \\??\\ as absolute, and VolumeName correctly reports the \\??\\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \\?, resulting in filepath.Clean(\\?\\c:) returning \\?\\c: rather than \\?\\c:\\ (among other effects). The previous behavior has been restored.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "amazon": 2, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "photon": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/12/05/2", + "https://go.dev/cl/540277", + "https://go.dev/cl/541175", + "https://go.dev/issue/63713", + "https://go.dev/issue/64028", + "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY", + "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45283", + "https://pkg.go.dev/vuln/GO-2023-2185", + "https://security.netapp.com/advisory/ntap-20231214-0008/" + ], + "PublishedDate": "2023-11-09T17:15:08.757Z", + "LastModifiedDate": "2024-11-21T08:26:41.567Z" + }, + { + "VulnerabilityID": "CVE-2023-45287", + "VendorIDs": [ + "GO-2023-2375" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.20.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45287", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f6e3e75c0ccdf7442b7c5d25bfd468d263fb887c52373604bd239f39aa272704", + "Title": "golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.", + "Description": "Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-203" + ], + "VendorSeverity": { + "alma": 2, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2272", + "https://access.redhat.com/security/cve/CVE-2023-45287", + "https://bugzilla.redhat.com/2253193", + "https://bugzilla.redhat.com/2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", + "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", + "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", + "https://errata.almalinux.org/9/ALSA-2024-2272.html", + "https://errata.rockylinux.org/RLSA-2024:2988", + "https://go.dev/cl/326012/26", + "https://go.dev/issue/20654", + "https://groups.google.com/g/golang-announce/c/QMK8IQALDvA", + "https://linux.oracle.com/cve/CVE-2023-45287.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45287", + "https://people.redhat.com/~hkario/marvin/", + "https://pkg.go.dev/vuln/GO-2023-2375", + "https://security.netapp.com/advisory/ntap-20240112-0005/", + "https://www.cve.org/CVERecord?id=CVE-2023-45287" + ], + "PublishedDate": "2023-12-05T17:15:08.57Z", + "LastModifiedDate": "2024-11-21T08:26:42.25Z" + }, + { + "VulnerabilityID": "CVE-2023-45288", + "VendorIDs": [ + "GHSA-4v7x-pqxf-cx7m", + "GO-2024-2687" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.21.9, 1.22.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:33e3e6cec2e0a8a14801eeb1d8716f05423232c7f15daf971ef304384e9c0e93", + "Title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", + "Description": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/04/03/16", + "http://www.openwall.com/lists/oss-security/2024/04/05/4", + "https://access.redhat.com/errata/RHSA-2024:2724", + "https://access.redhat.com/security/cve/CVE-2023-45288", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268018", + "https://bugzilla.redhat.com/2268019", + "https://bugzilla.redhat.com/2268273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://errata.almalinux.org/9/ALSA-2024-2724.html", + "https://errata.rockylinux.org/RLSA-2024:2724", + "https://go.dev/cl/576155", + "https://go.dev/issue/65051", + "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M", + "https://kb.cert.org/vuls/id/421644", + "https://linux.oracle.com/cve/CVE-2023-45288.html", + "https://linux.oracle.com/errata/ELSA-2024-3346.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/", + "https://nowotarski.info/http2-continuation-flood-technical-details", + "https://nowotarski.info/http2-continuation-flood/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45288", + "https://pkg.go.dev/vuln/GO-2024-2687", + "https://security.netapp.com/advisory/ntap-20240419-0009", + "https://security.netapp.com/advisory/ntap-20240419-0009/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2023-45288", + "https://www.kb.cert.org/vuls/id/421644" + ], + "PublishedDate": "2024-04-04T21:15:16.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-34156", + "VendorIDs": [ + "GO-2024-3106" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.22.7, 1.23.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34156", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bdcaa72a77b65cfd3f0147d8b775934cd536f804cefec54d833409673b1321df", + "Title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion", + "Description": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:3773", + "https://access.redhat.com/security/cve/CVE-2024-34156", + "https://bugzilla.redhat.com/2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.almalinux.org/9/ALSA-2025-3773.html", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7)", + "https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1)", + "https://go.dev/cl/611239", + "https://go.dev/issue/69139", + "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", + "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", + "https://linux.oracle.com/cve/CVE-2024-34156.html", + "https://linux.oracle.com/errata/ELSA-2025-3773.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-34156", + "https://pkg.go.dev/vuln/GO-2024-3106", + "https://security.netapp.com/advisory/ntap-20240926-0004/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-34156" + ], + "PublishedDate": "2024-09-06T21:15:12.02Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61726", + "VendorIDs": [ + "GO-2026-4341" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9ffda6afe921799e41373fb5ceb7374cd72eef03510d02a6a098521764d408f8", + "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", + "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 3, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-61726", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://go.dev/cl/736712", + "https://go.dev/issue/77101", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61726.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", + "https://pkg.go.dev/vuln/GO-2026-4341", + "https://www.cve.org/CVERecord?id=CVE-2025-61726" + ], + "PublishedDate": "2026-01-28T20:16:09.713Z", + "LastModifiedDate": "2026-02-06T18:47:34.52Z" + }, + { + "VulnerabilityID": "CVE-2025-61729", + "VendorIDs": [ + "GO-2025-4155" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b435c4f50c1fc7deecad6df9c48227db683e3da32eead6d16c174b13683048f1", + "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", + "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 1, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3928", + "https://access.redhat.com/security/cve/CVE-2025-61729", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3928.html", + "https://errata.rockylinux.org/RLSA-2026:3928", + "https://go.dev/cl/725920", + "https://go.dev/issue/76445", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://linux.oracle.com/cve/CVE-2025-61729.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", + "https://pkg.go.dev/vuln/GO-2025-4155", + "https://www.cve.org/CVERecord?id=CVE-2025-61729" + ], + "PublishedDate": "2025-12-02T19:15:51.447Z", + "LastModifiedDate": "2025-12-19T18:25:28.283Z" + }, + { + "VulnerabilityID": "CVE-2026-25679", + "VendorIDs": [ + "GO-2026-4601" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6ee63655d232783a957627b31a9c2be2f11ae29a5ebfaf8880756565584e4c89", + "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", + "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-425" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9044", + "https://access.redhat.com/security/cve/CVE-2026-25679", + "https://bugzilla.redhat.com/2445356", + "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", + "https://errata.almalinux.org/9/ALSA-2026-9044.html", + "https://errata.rockylinux.org/RLSA-2026:8841", + "https://go.dev/cl/752180", + "https://go.dev/issue/77578", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://linux.oracle.com/cve/CVE-2026-25679.html", + "https://linux.oracle.com/errata/ELSA-2026-9044.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", + "https://pkg.go.dev/vuln/GO-2026-4601", + "https://www.cve.org/CVERecord?id=CVE-2026-25679" + ], + "PublishedDate": "2026-03-06T22:16:00.72Z", + "LastModifiedDate": "2026-04-21T14:43:03.8Z" + }, + { + "VulnerabilityID": "CVE-2026-32280", + "VendorIDs": [ + "GO-2026-4947" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2f13f7c4dac3ce333bf8bf9d62d636c3bae4d8aeb95f06c433b729e6fd6312bb", + "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", + "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32280", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/758320", + "https://go.dev/issue/78282", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32280.html", + "https://linux.oracle.com/errata/ELSA-2026-16875.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", + "https://pkg.go.dev/vuln/GO-2026-4947", + "https://www.cve.org/CVERecord?id=CVE-2026-32280" + ], + "PublishedDate": "2026-04-08T02:16:03.247Z", + "LastModifiedDate": "2026-04-16T19:16:42.18Z" + }, + { + "VulnerabilityID": "CVE-2026-32281", + "VendorIDs": [ + "GO-2026-4946" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:14e2962bfcc4c6f26c1101e787b2f26b98d8fbab641b21e3d5dcfe0b993a8a64", + "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", + "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32281", + "https://go.dev/cl/758061", + "https://go.dev/issue/78281", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", + "https://pkg.go.dev/vuln/GO-2026-4946", + "https://www.cve.org/CVERecord?id=CVE-2026-32281" + ], + "PublishedDate": "2026-04-08T02:16:03.35Z", + "LastModifiedDate": "2026-04-16T19:15:57.75Z" + }, + { + "VulnerabilityID": "CVE-2026-32283", + "VendorIDs": [ + "GO-2026-4870" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3a70f3bf90c64722e30f9842c041ef3418f7395073fe425e6c234de028f3272c", + "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", + "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32283", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763767", + "https://go.dev/issue/78334", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32283.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", + "https://pkg.go.dev/vuln/GO-2026-4870", + "https://www.cve.org/CVERecord?id=CVE-2026-32283" + ], + "PublishedDate": "2026-04-08T02:16:03.58Z", + "LastModifiedDate": "2026-04-16T19:12:10.54Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5d493121e766550a8bab956bf2c54b2f69aefd525cdbf3cba053bf90a4f72fc8", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3fa6302a4c4910efc40ab28d954f71a44ba458dee644bf8655b556bd3b8693e3", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ac084dc68ec056a40664808035b454458215fd1f8efec3299325c96cb229218b", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2f31defc56731108f7ff6ff598a6da131dd3a11964c92132ba07596c2f04dfed", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:881cdb92f6c2ff8c4c6b419047daa15c282752b216c0687077d9df22c056a096", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2021-44717", + "VendorIDs": [ + "GO-2022-0289" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.16.12, 1.17.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-44717", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f3915de774619f28cdf3f5915d9e3550d2bc575964605f1425fc22b544c59bc0", + "Title": "golang: syscall: don't close fd 0 on ForkExec error", + "Description": "Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-404" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + }, + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V2Score": 5.8, + "V3Score": 4.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-44717", + "https://bugzilla.redhat.com/show_bug.cgi?id=2030801", + "https://bugzilla.redhat.com/show_bug.cgi?id=2030806", + "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44716", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44717", + "https://errata.rockylinux.org/RLSA-2021:5160", + "https://github.com/golang/go/commit/44a3fb49d99cc8a4de4925b69650f97bb07faf1d (go1.17.5)", + "https://github.com/golang/go/issues/50057", + "https://go.dev/cl/370576", + "https://go.dev/cl/370577", + "https://go.dev/cl/370795", + "https://go.dev/issue/50057", + "https://go.googlesource.com/go/+/a76511f3a40ea69ee4f5cd86e735e1c8a84f0aa2", + "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", + "https://groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ", + "https://linux.oracle.com/cve/CVE-2021-44717.html", + "https://linux.oracle.com/errata/ELSA-2021-5160.html", + "https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html", + "https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html", + "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-44717", + "https://pkg.go.dev/vuln/GO-2022-0289", + "https://security.gentoo.org/glsa/202208-02", + "https://www.cve.org/CVERecord?id=CVE-2021-44717" + ], + "PublishedDate": "2022-01-01T05:15:08.367Z", + "LastModifiedDate": "2024-11-21T06:31:27.117Z" + }, + { + "VulnerabilityID": "CVE-2022-1705", + "VendorIDs": [ + "GO-2022-0525" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.12, 1.18.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1705", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3cd3a66542b1cd87133e944a9c0fca7a603a58ab7934ce035b042b153c86bf47", + "Title": "golang: net/http: improper sanitization of Transfer-Encoding header", + "Description": "Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-444" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-1705", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:8250", + "https://github.com/golang/go/commit/e5017a93fcde94f09836200bca55324af037ee5f", + "https://go.dev/cl/409874", + "https://go.dev/cl/410714", + "https://go.dev/issue/53188", + "https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f", + "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", + "https://linux.oracle.com/cve/CVE-2022-1705.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-1705", + "https://pkg.go.dev/vuln/GO-2022-0525", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://www.cve.org/CVERecord?id=CVE-2022-1705" + ], + "PublishedDate": "2022-08-10T20:15:25.353Z", + "LastModifiedDate": "2026-03-06T18:16:10.133Z" + }, + { + "VulnerabilityID": "CVE-2022-1962", + "VendorIDs": [ + "GO-2022-0515" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.12, 1.18.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1962", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5013335449f280a81fb5c3c9aeb2c6001d21b3c949fc34e8bc44459ac881fe04", + "Title": "golang: go/parser: stack exhaustion in all Parse* functions", + "Description": "Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:8057", + "https://access.redhat.com/security/cve/CVE-2022-1962", + "https://bugzilla.redhat.com/2044628", + "https://bugzilla.redhat.com/2045880", + "https://bugzilla.redhat.com/2050648", + "https://bugzilla.redhat.com/2050742", + "https://bugzilla.redhat.com/2050743", + "https://bugzilla.redhat.com/2065290", + "https://bugzilla.redhat.com/2107342", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107376", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2107390", + "https://bugzilla.redhat.com/2107392", + "https://bugzilla.redhat.com/show_bug.cgi?id=2044628", + "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", + "https://bugzilla.redhat.com/show_bug.cgi?id=2050648", + "https://bugzilla.redhat.com/show_bug.cgi?id=2050742", + "https://bugzilla.redhat.com/show_bug.cgi?id=2050743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2055349", + "https://bugzilla.redhat.com/show_bug.cgi?id=2065290", + "https://bugzilla.redhat.com/show_bug.cgi?id=2104367", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23648", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21673", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21698", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21702", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21703", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21713", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://errata.almalinux.org/9/ALSA-2022-8057.html", + "https://errata.rockylinux.org/RLSA-2022:8057", + "https://github.com/golang/go/commit/695be961d57508da5a82217f7415200a11845879", + "https://go.dev/cl/417063", + "https://go.dev/issue/53616", + "https://go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879", + "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", + "https://linux.oracle.com/cve/CVE-2022-1962.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", + "https://pkg.go.dev/vuln/GO-2022-0515", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://www.cve.org/CVERecord?id=CVE-2022-1962" + ], + "PublishedDate": "2022-08-10T20:15:26.25Z", + "LastModifiedDate": "2026-03-06T20:16:09.373Z" + }, + { + "VulnerabilityID": "CVE-2022-29526", + "VendorIDs": [ + "GHSA-p782-xgp4-8hr8", + "GO-2022-0493" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.10, 1.18.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-29526", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9708d907ace5d079cf43b525dd6cc48ade871e3826cb19d33936d8d93a256d72", + "Title": "golang: syscall: faccessat checks wrong group", + "Description": "Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-269" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "ghsa": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.2 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-29526", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24675", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28327", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30629", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://errata.rockylinux.org/RLSA-2022:5799", + "https://github.com/golang/go", + "https://github.com/golang/go/commit/f66925e854e71e0c54b581885380a490d7afa30c", + "https://github.com/golang/go/issues/52313", + "https://go.dev/cl/399539", + "https://go.dev/cl/400074", + "https://go.dev/issue/52313", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU", + "https://linux.oracle.com/cve/CVE-2022-29526.html", + "https://linux.oracle.com/errata/ELSA-2022-5337.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR", + "https://nvd.nist.gov/vuln/detail/CVE-2022-29526", + "https://pkg.go.dev/vuln/GO-2022-0493", + "https://security.gentoo.org/glsa/202208-02", + "https://security.netapp.com/advisory/ntap-20220729-0001", + "https://security.netapp.com/advisory/ntap-20220729-0001/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://www.cve.org/CVERecord?id=CVE-2022-29526" + ], + "PublishedDate": "2022-06-23T17:15:12.747Z", + "LastModifiedDate": "2024-11-21T06:59:15.563Z" + }, + { + "VulnerabilityID": "CVE-2022-32148", + "VendorIDs": [ + "GO-2022-0520" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.12, 1.18.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32148", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:27df03e5cd15a51661ee796e22cbd5dd8c5ffc60be9bce740b351d726f49d115", + "Title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", + "Description": "Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-32148", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:8250", + "https://github.com/golang/go/commit/ebea1e3353fa766025aa5190b9c7cc05cf069187 (1.18)", + "https://go.dev/cl/412857", + "https://go.dev/issue/53423", + "https://go.googlesource.com/go/+/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a", + "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", + "https://linux.oracle.com/cve/CVE-2022-32148.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32148", + "https://pkg.go.dev/vuln/GO-2022-0520", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://www.cve.org/CVERecord?id=CVE-2022-32148" + ], + "PublishedDate": "2022-08-10T20:15:47.133Z", + "LastModifiedDate": "2026-03-06T20:16:10.927Z" + }, + { + "VulnerabilityID": "CVE-2022-41717", + "VendorIDs": [ + "GHSA-xrjj-mj9h-534m", + "GO-2022-1144" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.18.9, 1.19.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41717", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d8e1483200f49c5b02562d1d5c4f8253ee92920ab045a68904b217132eb98758", + "Title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests", + "Description": "An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "ghsa": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6420", + "https://access.redhat.com/security/cve/CVE-2022-41717", + "https://bugzilla.redhat.com/2131146", + "https://bugzilla.redhat.com/2131147", + "https://bugzilla.redhat.com/2131148", + "https://bugzilla.redhat.com/2138014", + "https://bugzilla.redhat.com/2138015", + "https://bugzilla.redhat.com/2148252", + "https://bugzilla.redhat.com/2158420", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2121445", + "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", + "https://bugzilla.redhat.com/show_bug.cgi?id=2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=2168256", + "https://cs.opensource.google/go/x/net", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2989", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41717", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0778", + "https://errata.almalinux.org/9/ALSA-2023-6420.html", + "https://errata.rockylinux.org/RLSA-2023:2802", + "https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27 (go1.19.4)", + "https://github.com/golang/go/commit/76cad4edc29d28432a7a0aa27e87385d3d7db7a1 (go1.18.9)", + "https://go.dev/cl/455635", + "https://go.dev/cl/455717", + "https://go.dev/issue/56350", + "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU", + "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-41717.html", + "https://linux.oracle.com/errata/ELSA-2023-6420.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41717", + "https://pkg.go.dev/vuln/GO-2022-1144", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230120-0008/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://www.cve.org/CVERecord?id=CVE-2022-41717" + ], + "PublishedDate": "2022-12-08T20:15:10.33Z", + "LastModifiedDate": "2024-11-21T07:23:43.713Z" + }, + { + "VulnerabilityID": "CVE-2023-24532", + "VendorIDs": [ + "GO-2023-1621" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.7, 1.20.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24532", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bafcaa013819d6566c66aa96159651af7606fb6c60c218507dd6d939d94af43b", + "Title": "golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results", + "Description": "The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-682" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-24532", + "https://go.dev/cl/471255", + "https://go.dev/issue/58647", + "https://groups.google.com/g/golang-announce/c/3-TpUx48iQY", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24532", + "https://pkg.go.dev/vuln/GO-2023-1621", + "https://security.netapp.com/advisory/ntap-20230331-0011/", + "https://www.cve.org/CVERecord?id=CVE-2023-24532" + ], + "PublishedDate": "2023-03-08T20:15:09.413Z", + "LastModifiedDate": "2024-11-21T07:48:04.383Z" + }, + { + "VulnerabilityID": "CVE-2023-29406", + "VendorIDs": [ + "GO-2023-1878" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.11, 1.20.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29406", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:55a5565d6ceb101d96d8d128191d5aa5cab53d19ff3ba05ea9761fcf388c3e7e", + "Title": "golang: net/http: insufficient sanitization of Host header", + "Description": "The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-436" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-29406", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2242871", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:7202", + "https://github.com/golang/go/commit/312920c00aac9897b2a0693e752390b5b0711a5a (go1.20.6)", + "https://github.com/golang/go/commit/5fa6923b1ea891400153d04ddf1545e23b40041b (go1.19.11)", + "https://github.com/golang/go/issues/60374", + "https://go.dev/cl/506996", + "https://go.dev/issue/60374", + "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0", + "https://linux.oracle.com/cve/CVE-2023-29406.html", + "https://linux.oracle.com/errata/ELSA-2023-7202.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29406", + "https://pkg.go.dev/vuln/GO-2023-1878", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230814-0002/", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29406" + ], + "PublishedDate": "2023-07-11T20:15:10.643Z", + "LastModifiedDate": "2024-11-21T07:56:59.913Z" + }, + { + "VulnerabilityID": "CVE-2023-29409", + "VendorIDs": [ + "GO-2023-1987" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.12, 1.20.7, 1.21.0-rc.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29409", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ec065511e36172b45d84be88ce411e08f67c47a15ce94eda1f5c9d698de1a2d7", + "Title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys", + "Description": "Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to \u003c= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:7766", + "https://access.redhat.com/security/cve/CVE-2023-29409", + "https://bugzilla.redhat.com/2228743", + "https://bugzilla.redhat.com/2237773", + "https://bugzilla.redhat.com/2237776", + "https://bugzilla.redhat.com/2237777", + "https://bugzilla.redhat.com/2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", + "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", + "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", + "https://errata.almalinux.org/9/ALSA-2023-7766.html", + "https://errata.rockylinux.org/RLSA-2024:2988", + "https://go.dev/cl/515257", + "https://go.dev/issue/61460", + "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ", + "https://linux.oracle.com/cve/CVE-2023-29409.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29409", + "https://pkg.go.dev/vuln/GO-2023-1987", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230831-0010/", + "https://www.cve.org/CVERecord?id=CVE-2023-29409" + ], + "PublishedDate": "2023-08-02T20:15:11.94Z", + "LastModifiedDate": "2024-11-21T07:57:00.287Z" + }, + { + "VulnerabilityID": "CVE-2023-39318", + "VendorIDs": [ + "GO-2023-2041" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.20.8, 1.21.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39318", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3c7d75ca72905eb28d783c82764f9e7992cd0dc08bcb2f9346fc1e4fe2a82b85", + "Title": "golang: html/template: improper handling of HTML-like comments within script contexts", + "Description": "The html/template package does not properly handle HTML-like \"\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2160", + "https://access.redhat.com/security/cve/CVE-2023-39318", + "https://bugzilla.redhat.com/2237773", + "https://bugzilla.redhat.com/2237776", + "https://bugzilla.redhat.com/2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", + "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", + "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", + "https://errata.almalinux.org/9/ALSA-2024-2160.html", + "https://errata.rockylinux.org/RLSA-2024:2988", + "https://github.com/golang/go/commit/023b542edf38e2a1f87fcefb9f75ff2f99401b4c (go1.20.8)", + "https://github.com/golang/go/commit/b0e1d3ea26e8e8fce7726690c9ef0597e60739fb (go1.21.1)", + "https://go.dev/cl/526156", + "https://go.dev/issue/62196", + "https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM", + "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", + "https://linux.oracle.com/cve/CVE-2023-39318.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-39318", + "https://pkg.go.dev/vuln/GO-2023-2041", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20231020-0009/", + "https://ubuntu.com/security/notices/USN-6574-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://vuln.go.dev/ID/GO-2023-2041.json", + "https://www.cve.org/CVERecord?id=CVE-2023-39318" + ], + "PublishedDate": "2023-09-08T17:15:27.823Z", + "LastModifiedDate": "2024-11-21T08:15:08.737Z" + }, + { + "VulnerabilityID": "CVE-2023-39319", + "VendorIDs": [ + "GO-2023-2043" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.20.8, 1.21.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39319", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bb45f155fd7caffa1c2d3d0fbba06c06cd3e628d2f5bfa847b32cce406b1b48b", + "Title": "golang: html/template: improper handling of special tags within script contexts", + "Description": "The html/template package does not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2160", + "https://access.redhat.com/security/cve/CVE-2023-39319", + "https://bugzilla.redhat.com/2237773", + "https://bugzilla.redhat.com/2237776", + "https://bugzilla.redhat.com/2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", + "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", + "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", + "https://errata.almalinux.org/9/ALSA-2024-2160.html", + "https://errata.rockylinux.org/RLSA-2024:2988", + "https://github.com/golang/go/commit/2070531d2f53df88e312edace6c8dfc9686ab2f5 (go1.20.8)", + "https://github.com/golang/go/commit/bbd043ff0d6d59f1a9232d31ecd5eacf6507bf6a (go1.21.1)", + "https://go.dev/cl/526157", + "https://go.dev/issue/62197", + "https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM", + "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", + "https://linux.oracle.com/cve/CVE-2023-39319.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-39319", + "https://pkg.go.dev/vuln/GO-2023-2043", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20231020-0009/", + "https://ubuntu.com/security/notices/USN-6574-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://vuln.go.dev/ID/GO-2023-2043.json", + "https://www.cve.org/CVERecord?id=CVE-2023-39319" + ], + "PublishedDate": "2023-09-08T17:15:27.91Z", + "LastModifiedDate": "2024-11-21T08:15:08.89Z" + }, + { + "VulnerabilityID": "CVE-2023-39326", + "VendorIDs": [ + "GO-2023-2382" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.20.12, 1.21.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39326", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ae2aebc72a72a7e2a72eb25adc4b59b78b249c4dde261544c4b4d72199e2ae38", + "Title": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests", + "Description": "A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2272", + "https://access.redhat.com/security/cve/CVE-2023-39326", + "https://bugzilla.redhat.com/2253193", + "https://bugzilla.redhat.com/2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", + "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", + "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", + "https://errata.almalinux.org/9/ALSA-2024-2272.html", + "https://errata.rockylinux.org/RLSA-2024:2988", + "https://github.com/golang/go/commit/6446af942e2e2b161c4ec1b60d9703a2b55dc4dd (go1.20.12)", + "https://github.com/golang/go/commit/ec8c526e4be720e94b98ca509e6364f0efaf28f7 (go1.21.5)", + "https://go.dev/cl/547335", + "https://go.dev/issue/64433", + "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", + "https://linux.oracle.com/cve/CVE-2023-39326.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIU6HOGV6RRIKWM57LOXQA75BGZSIH6G/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-39326", + "https://pkg.go.dev/vuln/GO-2023-2382", + "https://ubuntu.com/security/notices/USN-6574-1", + "https://www.cve.org/CVERecord?id=CVE-2023-39326" + ], + "PublishedDate": "2023-12-06T17:15:07.147Z", + "LastModifiedDate": "2024-11-21T08:15:09.89Z" + }, + { + "VulnerabilityID": "CVE-2023-45284", + "VendorIDs": [ + "GO-2023-2186" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.20.11, 1.21.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45284", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1a0ebbd8ffc902c7e6695b3c2c230ff18263440c45725cf22bb23d7916599564", + "Title": "On Windows, The IsLocal function does not correctly detect reserved de ...", + "Description": "On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as \"COM1 \", and reserved names \"COM\" and \"LPT\" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "photon": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/540277", + "https://go.dev/issue/63713", + "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45284", + "https://pkg.go.dev/vuln/GO-2023-2186" + ], + "PublishedDate": "2023-11-09T17:15:08.813Z", + "LastModifiedDate": "2024-11-21T08:26:41.737Z" + }, + { + "VulnerabilityID": "CVE-2023-45289", + "VendorIDs": [ + "GO-2024-2600" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7240ce9aa087588f666e7b7f3c6989a0b30a2b67c4cb3a04eb35af0f83f3325e", + "Title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", + "Description": "When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:2724", + "https://access.redhat.com/security/cve/CVE-2023-45289", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268018", + "https://bugzilla.redhat.com/2268019", + "https://bugzilla.redhat.com/2268273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://errata.almalinux.org/9/ALSA-2024-2724.html", + "https://errata.rockylinux.org/RLSA-2024:2724", + "https://github.com/golang/go/commit/20586c0dbe03d144f914155f879fa5ee287591a1 (go1.21.8)", + "https://github.com/golang/go/commit/3a855208e3efed2e9d7c20ad023f1fa78afcc0be (go1.22.1)", + "https://github.com/golang/go/issues/65065", + "https://go.dev/cl/569340", + "https://go.dev/issue/65065", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2023-45289.html", + "https://linux.oracle.com/errata/ELSA-2024-3346.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", + "https://pkg.go.dev/vuln/GO-2024-2600", + "https://security.netapp.com/advisory/ntap-20240329-0006/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://www.cve.org/CVERecord?id=CVE-2023-45289" + ], + "PublishedDate": "2024-03-05T23:15:07.137Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2023-45290", + "VendorIDs": [ + "GO-2024-2599" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45290", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bc286a66f570ecb062d5ab156f03d2e5690bdff35c40d4078236978230eccb60", + "Title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", + "Description": "When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:9135", + "https://access.redhat.com/security/cve/CVE-2023-45290", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268022", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://errata.almalinux.org/9/ALSA-2024-9135.html", + "https://errata.rockylinux.org/RLSA-2024:9135", + "https://github.com/golang/go/commit/041a47712e765e94f86d841c3110c840e76d8f82 (go1.22.1)", + "https://github.com/golang/go/commit/bf80213b121074f4ad9b449410a4d13bae5e9be0 (go1.21.8)", + "https://github.com/golang/go/issues/65383", + "https://go.dev/cl/569341", + "https://go.dev/issue/65383", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2023-45290.html", + "https://linux.oracle.com/errata/ELSA-2024-8038.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45290", + "https://pkg.go.dev/vuln/GO-2024-2599", + "https://security.netapp.com/advisory/ntap-20240329-0004", + "https://security.netapp.com/advisory/ntap-20240329-0004/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2023-45290" + ], + "PublishedDate": "2024-03-05T23:15:07.21Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-24783", + "VendorIDs": [ + "GO-2024-2598" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24783", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b3101838f2bc40a624b23862b46b726e02c12a68e5c1af31222e76869f71fecf", + "Title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", + "Description": "Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:6195", + "https://access.redhat.com/security/cve/CVE-2024-24783", + "https://bugzilla.redhat.com/2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://errata.almalinux.org/9/ALSA-2024-6195.html", + "https://errata.rockylinux.org/RLSA-2024:2724", + "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp", + "https://github.com/golang/go/commit/337b8e9cbfa749d9d5c899e0dc358e2208d5e54f (go1.22.1)", + "https://github.com/golang/go/commit/be5b52bea674190ef7de272664be6c7ae93ec5a0 (go1.21.8)", + "https://github.com/golang/go/issues/65390", + "https://go.dev/cl/569339", + "https://go.dev/issue/65390", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2024-24783.html", + "https://linux.oracle.com/errata/ELSA-2024-6969.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24783", + "https://pkg.go.dev/vuln/GO-2024-2598", + "https://security.netapp.com/advisory/ntap-20240329-0005", + "https://security.netapp.com/advisory/ntap-20240329-0005/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24783" + ], + "PublishedDate": "2024-03-05T23:15:07.683Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-24784", + "VendorIDs": [ + "GO-2024-2609" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24784", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c2c15fde57f2dd529cad85660f5b192916f1340998779461ce41e33fea341987", + "Title": "golang: net/mail: comments in display names are incorrectly handled", + "Description": "The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:2562", + "https://access.redhat.com/security/cve/CVE-2024-24784", + "https://bugzilla.redhat.com/2262921", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268018", + "https://bugzilla.redhat.com/2268019", + "https://bugzilla.redhat.com/2268021", + "https://bugzilla.redhat.com/2268022", + "https://bugzilla.redhat.com/2268273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262921", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268021", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24784", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", + "https://errata.almalinux.org/9/ALSA-2024-2562.html", + "https://errata.rockylinux.org/RLSA-2024:2562", + "https://github.com/golang/go/commit/263c059b09fdd40d9dd945f2ecb20c89ea28efe5 (go1.21.8)", + "https://github.com/golang/go/commit/5330cd225ba54c7dc78c1b46dcdf61a4671a632c (go1.22.1)", + "https://github.com/golang/go/issues/65083", + "https://go.dev/cl/555596", + "https://go.dev/issue/65083", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2024-24784.html", + "https://linux.oracle.com/errata/ELSA-2024-6969.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24784", + "https://pkg.go.dev/vuln/GO-2024-2609", + "https://security.netapp.com/advisory/ntap-20240329-0007/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24784" + ], + "PublishedDate": "2024-03-05T23:15:07.733Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-24785", + "VendorIDs": [ + "GO-2024-2610" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24785", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:713e37b2951b5b8b8dc030ffed78b41649e8e2b7f2d015ef64db5d8e8b889591", + "Title": "golang: html/template: errors returned from MarshalJSON methods may break template escaping", + "Description": "If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:9135", + "https://access.redhat.com/security/cve/CVE-2024-24785", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268022", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://errata.almalinux.org/9/ALSA-2024-9135.html", + "https://errata.rockylinux.org/RLSA-2024:9135", + "https://github.com/golang/go/commit/056b0edcb8c152152021eebf4cf42adbfbe77992 (go1.22.1)", + "https://github.com/golang/go/commit/3643147a29352ca2894fd5d0d2069bc4b4335a7e (go1.21.8)", + "https://github.com/golang/go/issues/65697", + "https://go.dev/cl/564196", + "https://go.dev/issue/65697", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2024-24785.html", + "https://linux.oracle.com/errata/ELSA-2026-3428.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24785", + "https://pkg.go.dev/vuln/GO-2024-2610", + "https://security.netapp.com/advisory/ntap-20240329-0008/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://vuln.go.dev/ID/GO-2024-2610.json", + "https://www.cve.org/CVERecord?id=CVE-2024-24785" + ], + "PublishedDate": "2024-03-05T23:15:07.777Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-24789", + "VendorIDs": [ + "GO-2024-2888" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.21.11, 1.22.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24789", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7729a47f99c6a6f90adfc0dc1792f13a03e22f8f54df9581ddb0e68d2a950ecd", + "Title": "golang: archive/zip: Incorrect handling of certain ZIP files", + "Description": "The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/06/04/1", + "https://access.redhat.com/errata/RHSA-2024:9115", + "https://access.redhat.com/security/cve/CVE-2024-24789", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2292668", + "https://bugzilla.redhat.com/2292787", + "https://bugzilla.redhat.com/2294000", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144983", + "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", + "https://bugzilla.redhat.com/show_bug.cgi?id=2292668", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4122", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3727", + "https://errata.almalinux.org/9/ALSA-2024-9115.html", + "https://errata.rockylinux.org/RLSA-2024:9102", + "https://github.com/golang/go/commit/c8e40338cf00f3c1d86c8fb23863ad67a4c72bcc (1.21)", + "https://github.com/golang/go/commit/cf501ac0c5fe351a8582d20b43562027927906e7 (1.22)", + "https://github.com/golang/go/issues/66869", + "https://go.dev/cl/585397", + "https://go.dev/issue/66869", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", + "https://linux.oracle.com/cve/CVE-2024-24789.html", + "https://linux.oracle.com/errata/ELSA-2024-9115.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24789", + "https://pkg.go.dev/vuln/GO-2024-2888", + "https://security.netapp.com/advisory/ntap-20250131-0008/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24789" + ], + "PublishedDate": "2024-06-05T16:15:10.47Z", + "LastModifiedDate": "2025-01-31T15:15:12.74Z" + }, + { + "VulnerabilityID": "CVE-2024-24791", + "VendorIDs": [ + "GO-2024-2963" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.21.12, 1.22.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24791", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1340cf8d1aacfff2212daaef053cfd71ce02c142ceaff31fbf1013b17f95cef9", + "Title": "net/http: Denial of service due to improper 100-continue handling in net/http", + "Description": "The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an \"Expect: 100-continue\" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending \"Expect: 100-continue\" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7256", + "https://access.redhat.com/security/cve/CVE-2024-24791", + "https://bugzilla.redhat.com/2237777", + "https://bugzilla.redhat.com/2237778", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2292787", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/2315719", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", + "https://errata.almalinux.org/9/ALSA-2025-7256.html", + "https://errata.rockylinux.org/RLSA-2025:7256", + "https://go.dev/cl/591255", + "https://go.dev/issue/67555", + "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ", + "https://linux.oracle.com/cve/CVE-2024-24791.html", + "https://linux.oracle.com/errata/ELSA-2025-7256.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24791", + "https://pkg.go.dev/vuln/GO-2024-2963", + "https://security.netapp.com/advisory/ntap-20241004-0004/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24791" + ], + "PublishedDate": "2024-07-02T22:15:04.833Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-34155", + "VendorIDs": [ + "GO-2024-3105" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.22.7, 1.23.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34155", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:05ef7c7347c7db2b9bb17045b7d28fca7be773add5ca8abb3a16a5a51a42445f", + "Title": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion", + "Description": "Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:9459", + "https://access.redhat.com/security/cve/CVE-2024-34155", + "https://bugzilla.redhat.com/2310527", + "https://bugzilla.redhat.com/2310528", + "https://bugzilla.redhat.com/2310529", + "https://bugzilla.redhat.com/2315691", + "https://bugzilla.redhat.com/2315887", + "https://bugzilla.redhat.com/2317458", + "https://bugzilla.redhat.com/2317467", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", + "https://errata.almalinux.org/9/ALSA-2024-9459.html", + "https://errata.rockylinux.org/RLSA-2024:8039", + "https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1)", + "https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7)", + "https://go.dev/cl/611238", + "https://go.dev/issue/69138", + "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", + "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", + "https://linux.oracle.com/cve/CVE-2024-34155.html", + "https://linux.oracle.com/errata/ELSA-2024-9459.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-34155", + "https://pkg.go.dev/vuln/GO-2024-3105", + "https://security.netapp.com/advisory/ntap-20240926-0005/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-34155" + ], + "PublishedDate": "2024-09-06T21:15:11.947Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-34158", + "VendorIDs": [ + "GO-2024-3107" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.22.7, 1.23.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34158", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a68dda0de4ec86c4e8a264b8f27e15b8177d1222063c907636ba820ae641a948", + "Title": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion", + "Description": "Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7118", + "https://access.redhat.com/security/cve/CVE-2024-34158", + "https://bugzilla.redhat.com/2262921", + "https://bugzilla.redhat.com/2310529", + "https://bugzilla.redhat.com/2315719", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", + "https://errata.almalinux.org/9/ALSA-2025-7118.html", + "https://errata.rockylinux.org/RLSA-2024:8039", + "https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1)", + "https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7)", + "https://go.dev/cl/611240", + "https://go.dev/issue/69141", + "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", + "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", + "https://linux.oracle.com/cve/CVE-2024-34158.html", + "https://linux.oracle.com/errata/ELSA-2025-7118.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-34158", + "https://pkg.go.dev/vuln/GO-2024-3107", + "https://security.netapp.com/advisory/ntap-20241004-0003/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-34158" + ], + "PublishedDate": "2024-09-06T21:15:12.083Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-45336", + "VendorIDs": [ + "GO-2025-3420" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:65325ca53709d2a4a1ee76f49c59aac20bd16e88d47ea0582dbf823a7873405e", + "Title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", + "Description": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:3772", + "https://access.redhat.com/security/cve/CVE-2024-45336", + "https://bugzilla.redhat.com/2341750", + "https://bugzilla.redhat.com/2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.almalinux.org/8/ALSA-2025-3772.html", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/issues/70530", + "https://go.dev/cl/643100", + "https://go.dev/issue/70530", + "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI", + "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", + "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", + "https://linux.oracle.com/cve/CVE-2024-45336.html", + "https://linux.oracle.com/errata/ELSA-2025-7592.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-45336", + "https://pkg.go.dev/vuln/GO-2025-3420", + "https://security.netapp.com/advisory/ntap-20250221-0003/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2024-45336" + ], + "PublishedDate": "2025-01-28T02:15:28.807Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-0913", + "VendorIDs": [ + "GO-2025-3750" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b87af4df90f90c65e5fef0db8cda1c3702200724ff28c7cfbaca2c7786060295", + "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", + "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://go.dev/cl/672396", + "https://go.dev/issue/73702", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", + "https://pkg.go.dev/vuln/GO-2025-3750" + ], + "PublishedDate": "2025-06-11T18:15:24.627Z", + "LastModifiedDate": "2025-08-08T14:53:03.55Z" + }, + { + "VulnerabilityID": "CVE-2025-22866", + "VendorIDs": [ + "GO-2025-3447" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:258bf93f0929c32ac94547437025a98a62834eef3fe548a5edce473cf3c19412", + "Title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", + "Description": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22866", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12)", + "https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6)", + "https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)", + "https://github.com/golang/go/issues/71383", + "https://go.dev/cl/643735", + "https://go.dev/issue/71383", + "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", + "https://linux.oracle.com/cve/CVE-2025-22866.html", + "https://linux.oracle.com/errata/ELSA-2025-7466.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22866", + "https://pkg.go.dev/vuln/GO-2025-3447", + "https://security.netapp.com/advisory/ntap-20250221-0002/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22866" + ], + "PublishedDate": "2025-02-06T17:15:21.41Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22870", + "VendorIDs": [ + "GHSA-qxp5-gwg8-xv66", + "GO-2025-3503" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.23.7, 1.24.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5b5550d8d9f10001a2808329e62d447e0d9e03f826fff76af2ffb15af4240ef0", + "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", + "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-115" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/03/07/2", + "https://access.redhat.com/security/cve/CVE-2025-22870", + "https://github.com/golang/go/issues/71984", + "https://go-review.googlesource.com/q/project:net", + "https://go.dev/cl/654697", + "https://go.dev/issue/71984", + "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", + "https://pkg.go.dev/vuln/GO-2025-3503", + "https://security.netapp.com/advisory/ntap-20250509-0007", + "https://security.netapp.com/advisory/ntap-20250509-0007/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22870" + ], + "PublishedDate": "2025-03-12T19:15:38.31Z", + "LastModifiedDate": "2026-04-16T23:16:32.86Z" + }, + { + "VulnerabilityID": "CVE-2025-22871", + "VendorIDs": [ + "GO-2025-3563" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.23.8, 1.24.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6858011badccfe4078bac8e2f4aab450902640e84e399945c6b16fee1805bfd0", + "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", + "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 3, + "ghsa": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/04/4", + "https://access.redhat.com/errata/RHSA-2025:9635", + "https://access.redhat.com/security/cve/CVE-2025-22871", + "https://bugzilla.redhat.com/2358493", + "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", + "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", + "https://errata.almalinux.org/9/ALSA-2025-9635.html", + "https://errata.rockylinux.org/RLSA-2025:9635", + "https://github.com/roadrunner-server/roadrunner", + "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", + "https://github.com/roadrunner-server/roadrunner/issues/2166", + "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", + "https://go.dev/cl/652998", + "https://go.dev/issue/71988", + "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", + "https://linux.oracle.com/cve/CVE-2025-22871.html", + "https://linux.oracle.com/errata/ELSA-2025-9845.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", + "https://pkg.go.dev/vuln/GO-2025-3563", + "https://www.cve.org/CVERecord?id=CVE-2025-22871" + ], + "PublishedDate": "2025-04-08T20:15:20.183Z", + "LastModifiedDate": "2026-05-12T13:16:39.897Z" + }, + { + "VulnerabilityID": "CVE-2025-22873", + "VendorIDs": [ + "GO-2026-4403" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.23.9, 1.24.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c1293b90729ecaf702a01a0f37bb2c813b5c5b7aefc49def44efa8af582eb910", + "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", + "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-23" + ], + "VendorSeverity": { + "amazon": 2, + "bitnami": 1, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "V3Score": 3.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/06/2", + "https://access.redhat.com/security/cve/CVE-2025-22873", + "https://go.dev/cl/670036", + "https://go.dev/issue/73555", + "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", + "https://pkg.go.dev/vuln/GO-2026-4403", + "https://www.cve.org/CVERecord?id=CVE-2025-22873" + ], + "PublishedDate": "2026-02-04T23:15:54.22Z", + "LastModifiedDate": "2026-02-10T15:16:40.057Z" + }, + { + "VulnerabilityID": "CVE-2025-4673", + "VendorIDs": [ + "GO-2025-3751" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:04950be515e97208f8858f80763c111618cbb49f93c738babcb40c569677ba38", + "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", + "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:15887", + "https://access.redhat.com/security/cve/CVE-2025-4673", + "https://bugzilla.redhat.com/2373305", + "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", + "https://errata.almalinux.org/9/ALSA-2025-15887.html", + "https://errata.rockylinux.org/RLSA-2025:15887", + "https://go.dev/cl/679257", + "https://go.dev/issue/73816", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://linux.oracle.com/cve/CVE-2025-4673.html", + "https://linux.oracle.com/errata/ELSA-2025-10677.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", + "https://pkg.go.dev/vuln/GO-2025-3751", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-4673" + ], + "PublishedDate": "2025-06-11T17:15:42.993Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-47906", + "VendorIDs": [ + "GO-2025-3956" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c91525bcd5643394fe3e9779e299a8eab3559de97044221894f2ecbb6c5c83fe", + "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", + "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:22005", + "https://access.redhat.com/security/cve/CVE-2025-47906", + "https://bugzilla.redhat.com/2396546", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", + "https://errata.almalinux.org/9/ALSA-2025-22005.html", + "https://errata.rockylinux.org/RLSA-2025:22005", + "https://go.dev/cl/691775", + "https://go.dev/issue/74466", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47906.html", + "https://linux.oracle.com/errata/ELSA-2025-22668.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", + "https://pkg.go.dev/vuln/GO-2025-3956", + "https://www.cve.org/CVERecord?id=CVE-2025-47906" + ], + "PublishedDate": "2025-09-18T19:15:37.66Z", + "LastModifiedDate": "2026-01-27T19:56:17.707Z" + }, + { + "VulnerabilityID": "CVE-2025-47907", + "VendorIDs": [ + "GO-2025-3849" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:44a134cdbbf06250470ed0522690f43de09fa40d68a03e0fd92b0a85cdc6f100", + "Title": "database/sql: Postgres Scan Race Condition", + "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:20909", + "https://access.redhat.com/security/cve/CVE-2025-47907", + "https://bugzilla.redhat.com/2387083", + "https://bugzilla.redhat.com/2393152", + "https://errata.almalinux.org/9/ALSA-2025-20909.html", + "https://go.dev/cl/693735", + "https://go.dev/issue/74831", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47907.html", + "https://linux.oracle.com/errata/ELSA-2025-20983.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", + "https://pkg.go.dev/vuln/GO-2025-3849", + "https://www.cve.org/CVERecord?id=CVE-2025-47907" + ], + "PublishedDate": "2025-08-07T16:15:30.357Z", + "LastModifiedDate": "2026-01-29T19:11:50.67Z" + }, + { + "VulnerabilityID": "CVE-2025-47912", + "VendorIDs": [ + "GO-2025-4010" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:68b5939d4cdb1194b5b55b14ce2246f3637a3e6e30d7671c17d1a01fa4130bd0", + "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", + "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-47912", + "https://go.dev/cl/709857", + "https://go.dev/issue/75678", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", + "https://pkg.go.dev/vuln/GO-2025-4010", + "https://www.cve.org/CVERecord?id=CVE-2025-47912" + ], + "PublishedDate": "2025-10-29T23:16:18.187Z", + "LastModifiedDate": "2026-01-29T13:57:18.69Z" + }, + { + "VulnerabilityID": "CVE-2025-58183", + "VendorIDs": [ + "GO-2025-4014" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ce6d0bc7680092205141ce6ee1116888e2e043a31dff7a9c00f43f97981e6e69", + "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", + "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/errata/RHSA-2026:1381", + "https://access.redhat.com/security/cve/CVE-2025-58183", + "https://bugzilla.redhat.com/2407258", + "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", + "https://errata.almalinux.org/9/ALSA-2026-1381.html", + "https://errata.rockylinux.org/RLSA-2025:23326", + "https://go.dev/cl/709861", + "https://go.dev/issue/75677", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://linux.oracle.com/cve/CVE-2025-58183.html", + "https://linux.oracle.com/errata/ELSA-2026-50076.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", + "https://pkg.go.dev/vuln/GO-2025-4014", + "https://www.cve.org/CVERecord?id=CVE-2025-58183" + ], + "PublishedDate": "2025-10-29T23:16:19.357Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-58185", + "VendorIDs": [ + "GO-2025-4011" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f5cf5f81e613eb1dfa52b88d392d64c2075fe7e4320a31d8b5a2b12220065829", + "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", + "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58185", + "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", + "https://go.dev/cl/709856", + "https://go.dev/issue/75671", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", + "https://pkg.go.dev/vuln/GO-2025-4011", + "https://www.cve.org/CVERecord?id=CVE-2025-58185" + ], + "PublishedDate": "2025-10-29T23:16:19.45Z", + "LastModifiedDate": "2026-02-06T20:26:41.997Z" + }, + { + "VulnerabilityID": "CVE-2025-58187", + "VendorIDs": [ + "GO-2025-4007" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.9, 1.25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bbcba2352edd6d942d7123f021a28cf563577da314fdde33990ff2bf8fed8fb1", + "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", + "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58187", + "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", + "https://go.dev/cl/709854", + "https://go.dev/issue/75681", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", + "https://pkg.go.dev/vuln/GO-2025-4007", + "https://www.cve.org/CVERecord?id=CVE-2025-58187" + ], + "PublishedDate": "2025-10-29T23:16:19.643Z", + "LastModifiedDate": "2026-01-29T16:02:27.08Z" + }, + { + "VulnerabilityID": "CVE-2025-58188", + "VendorIDs": [ + "GO-2025-4013" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bee973e1ccbf3bd422399a7a5656b226f862ca1b0d1c099df7a02906ed337de4", + "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", + "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58188", + "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", + "https://go.dev/cl/709853", + "https://go.dev/issue/75675", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", + "https://pkg.go.dev/vuln/GO-2025-4013", + "https://www.cve.org/CVERecord?id=CVE-2025-58188" + ], + "PublishedDate": "2025-10-29T23:16:19.74Z", + "LastModifiedDate": "2026-01-29T15:55:11.97Z" + }, + { + "VulnerabilityID": "CVE-2025-58189", + "VendorIDs": [ + "GO-2025-4008" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:00da960d62aabcc580c3480402caedc2ba66ad9b7af790d53ac2fdc1592d8c62", + "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", + "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-532" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58189", + "https://go.dev/cl/707776", + "https://go.dev/issue/75652", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", + "https://pkg.go.dev/vuln/GO-2025-4008", + "https://www.cve.org/CVERecord?id=CVE-2025-58189" + ], + "PublishedDate": "2025-10-29T23:16:19.833Z", + "LastModifiedDate": "2026-01-29T15:49:24.543Z" + }, + { + "VulnerabilityID": "CVE-2025-61723", + "VendorIDs": [ + "GO-2025-4009" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1738df9520b519789d56e37ec8f7635857bbe98fe65e909d720daad3009cbeae", + "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", + "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61723", + "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", + "https://go.dev/cl/709858", + "https://go.dev/issue/75676", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", + "https://pkg.go.dev/vuln/GO-2025-4009", + "https://www.cve.org/CVERecord?id=CVE-2025-61723" + ], + "PublishedDate": "2025-10-29T23:16:19.927Z", + "LastModifiedDate": "2026-01-29T15:49:05.343Z" + }, + { + "VulnerabilityID": "CVE-2025-61724", + "VendorIDs": [ + "GO-2025-4015" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f39764349d5d15a275aa1f5e729f0ef85e32e2c9013520238139a2a0fa336c57", + "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", + "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61724", + "https://go.dev/cl/709859", + "https://go.dev/issue/75716", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", + "https://pkg.go.dev/vuln/GO-2025-4015", + "https://www.cve.org/CVERecord?id=CVE-2025-61724" + ], + "PublishedDate": "2025-10-29T23:16:20.02Z", + "LastModifiedDate": "2026-01-29T15:30:53.69Z" + }, + { + "VulnerabilityID": "CVE-2025-61725", + "VendorIDs": [ + "GO-2025-4006" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:86dba3886dda4f257f8ed37e9135a833eb6558d43cdf03a5e881b1789c1c9747", + "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", + "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61725", + "https://go.dev/cl/709860", + "https://go.dev/issue/75680", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", + "https://pkg.go.dev/vuln/GO-2025-4006", + "https://www.cve.org/CVERecord?id=CVE-2025-61725" + ], + "PublishedDate": "2025-10-29T23:16:20.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61727", + "VendorIDs": [ + "GO-2025-4175" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3f84dfe8a7541f46eaf48731e2f88c425d948ef5f68da5c8e0a0d497b344e92d", + "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", + "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61727", + "https://go.dev/cl/723900", + "https://go.dev/issue/76442", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", + "https://pkg.go.dev/vuln/GO-2025-4175", + "https://www.cve.org/CVERecord?id=CVE-2025-61727" + ], + "PublishedDate": "2025-12-03T20:16:25.607Z", + "LastModifiedDate": "2025-12-18T20:15:10.957Z" + }, + { + "VulnerabilityID": "CVE-2025-61728", + "VendorIDs": [ + "GO-2026-4342" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:053d2524af94a204c04caf2398b8847cd157f8763afab7c117823d56427ecb48", + "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", + "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/15/4", + "https://access.redhat.com/errata/RHSA-2026:3753", + "https://access.redhat.com/security/cve/CVE-2025-61728", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434431", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3753.html", + "https://errata.rockylinux.org/RLSA-2026:3337", + "https://go.dev/cl/736713", + "https://go.dev/issue/77102", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61728.html", + "https://linux.oracle.com/errata/ELSA-2026-4672.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", + "https://pkg.go.dev/vuln/GO-2026-4342", + "https://www.cve.org/CVERecord?id=CVE-2025-61728" + ], + "PublishedDate": "2026-01-28T20:16:09.83Z", + "LastModifiedDate": "2026-02-06T18:45:10.42Z" + }, + { + "VulnerabilityID": "CVE-2025-61730", + "VendorIDs": [ + "GO-2026-4340" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b9ee830a115cc19c2ceac762bb6084d4a2d6ab4c2ffd22557059df5d480f513d", + "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", + "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "bitnami": 2, + "cbl-mariner": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61730", + "https://go.dev/cl/724120", + "https://go.dev/issue/76443", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", + "https://pkg.go.dev/vuln/GO-2026-4340", + "https://www.cve.org/CVERecord?id=CVE-2025-61730" + ], + "PublishedDate": "2026-01-28T20:16:09.94Z", + "LastModifiedDate": "2026-02-03T20:36:41.3Z" + }, + { + "VulnerabilityID": "CVE-2026-27142", + "VendorIDs": [ + "GO-2026-4603" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6fddd0ccb942b6635289b13a2e5fc7f8cfcf7e88556a0f1af7d7ddc4415ddf11", + "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", + "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27142", + "https://go.dev/cl/752081", + "https://go.dev/issue/77954", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", + "https://pkg.go.dev/vuln/GO-2026-4603", + "https://www.cve.org/CVERecord?id=CVE-2026-27142" + ], + "PublishedDate": "2026-03-06T22:16:01.177Z", + "LastModifiedDate": "2026-04-21T14:30:01.38Z" + }, + { + "VulnerabilityID": "CVE-2026-32282", + "VendorIDs": [ + "GO-2026-4864" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:cb3c313b174dc07bc2ec3e3f0a2ede18eb93cd9b5f8aa7dbe34cd4ab666d6590", + "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", + "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32282", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763761", + "https://go.dev/issue/78293", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32282.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", + "https://pkg.go.dev/vuln/GO-2026-4864", + "https://www.cve.org/CVERecord?id=CVE-2026-32282" + ], + "PublishedDate": "2026-04-08T02:16:03.467Z", + "LastModifiedDate": "2026-04-16T19:15:39.4Z" + }, + { + "VulnerabilityID": "CVE-2026-32288", + "VendorIDs": [ + "GO-2026-4869" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bff6319f0195a747007b15235b0cee1c5bf25826ce03a4e6068cc3047061132c", + "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", + "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32288", + "https://go.dev/cl/763766", + "https://go.dev/issue/78301", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", + "https://pkg.go.dev/vuln/GO-2026-4869", + "https://www.cve.org/CVERecord?id=CVE-2026-32288" + ], + "PublishedDate": "2026-04-08T02:16:03.707Z", + "LastModifiedDate": "2026-04-16T19:08:52.24Z" + }, + { + "VulnerabilityID": "CVE-2026-32289", + "VendorIDs": [ + "GO-2026-4865" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:afb3468447b09de481871673ffefd4a4431c7d946a92f25b4e9a88d083b202da", + "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", + "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32289", + "https://go.dev/cl/763762", + "https://go.dev/issue/78331", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", + "https://pkg.go.dev/vuln/GO-2026-4865", + "https://www.cve.org/CVERecord?id=CVE-2026-32289" + ], + "PublishedDate": "2026-04-08T02:16:03.82Z", + "LastModifiedDate": "2026-04-16T19:06:57.367Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d20f93a1f12bde8dfe7a1cd125bc7a1e1f8fb9eafdfc7f9d06890f248b62c077", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f1b23859f09ef74a55dc825f4478cd99ec293ed3ec6b5b5eeff4e28117c764ce", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4b024e76e5bc69b3939f6dc0c27ab2674dc1bb108622cf26c56a09489de644c2", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "Deployment", + "Name": "coredns", + "Metadata": [ + { + "Size": 53617152, + "ImageID": "sha256:ead0a4a53df89fd173874b46093b6e62d8c72967bbf606d672c9e8c9b601a4fc", + "DiffIDs": [ + "sha256:6a4a177e62f374d68e6889ffa22b644db056e1d47ee4085c88408fa1d153871d", + "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + ], + "RepoTags": [ + "coredns/coredns:1.10.1" + ], + "RepoDigests": [ + "coredns/coredns@sha256:a0ead06651cf580044aeb0a0feba63591858fb2e43ade8c9dea45a6a89ae7e5e" + ], + "Reference": "coredns/coredns:1.10.1", + "ImageConfig": { + "architecture": "amd64", + "created": "2023-02-06T18:31:00.426815885Z", + "history": [ + { + "created": "2023-02-06T18:31:00.19534776Z", + "created_by": "COPY /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2023-02-06T18:31:00.426815885Z", + "created_by": "ADD coredns /coredns # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2023-02-06T18:31:00.426815885Z", + "created_by": "EXPOSE map[53/tcp:{} 53/udp:{}]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2023-02-06T18:31:00.426815885Z", + "created_by": "ENTRYPOINT [\"/coredns\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:6a4a177e62f374d68e6889ffa22b644db056e1d47ee4085c88408fa1d153871d", + "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + ] + }, + "config": { + "Entrypoint": [ + "/coredns" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ], + "WorkingDir": "/", + "ExposedPorts": { + "53/tcp": {}, + "53/udp": {} + } + } + }, + "Layers": [ + { + "Size": 203776, + "Digest": "sha256:25b7032c281a433b92d09930f3a03c0f7382c27eb69ae7f35addf2e3853dbba7", + "DiffID": "sha256:6a4a177e62f374d68e6889ffa22b644db056e1d47ee4085c88408fa1d153871d" + }, + { + "Size": 53413376, + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + } + ] + } + ], + "Results": [ + { + "Target": "coredns", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "github.com/coredns/coredns", + "Name": "github.com/coredns/coredns", + "Identifier": { + "PURL": "pkg:golang/github.com/coredns/coredns", + "UID": "b62db72f37da0b3" + }, + "Relationship": "root", + "DependsOn": [ + "cloud.google.com/go/compute/metadata@v0.2.3", + "github.com/Azure/azure-sdk-for-go@v68.0.0+incompatible", + "github.com/Azure/go-autorest/autorest/adal@v0.9.18", + "github.com/Azure/go-autorest/autorest/azure/auth@v0.5.12", + "github.com/Azure/go-autorest/autorest/azure/cli@v0.4.5", + "github.com/Azure/go-autorest/autorest/date@v0.3.0", + "github.com/Azure/go-autorest/autorest/to@v0.2.0", + "github.com/Azure/go-autorest/autorest@v0.11.28", + "github.com/Azure/go-autorest/logger@v0.2.1", + "github.com/Azure/go-autorest/tracing@v0.6.0", + "github.com/DataDog/datadog-agent/pkg/obfuscate@v0.0.0-20211129110424-6491aa3bf583", + "github.com/DataDog/datadog-agent/pkg/remoteconfig/state@v0.42.0-rc.1", + "github.com/DataDog/datadog-go/v5@v5.0.2", + "github.com/DataDog/datadog-go@v4.8.2+incompatible", + "github.com/DataDog/go-tuf@v0.3.0--fix-localmeta-fork", + "github.com/DataDog/sketches-go@v1.2.1", + "github.com/antonmedv/expr@v1.12.0", + "github.com/apparentlymart/go-cidr@v1.1.0", + "github.com/aws/aws-sdk-go@v1.44.194", + "github.com/beorn7/perks@v1.0.1", + "github.com/cespare/xxhash/v2@v2.1.2", + "github.com/coredns/caddy@v1.1.1", + "github.com/coreos/go-semver@v0.3.0", + "github.com/coreos/go-systemd/v22@v22.3.2", + "github.com/davecgh/go-spew@v1.1.1", + "github.com/dgraph-io/ristretto@v0.1.0", + "github.com/dimchansky/utfbom@v1.1.1", + "github.com/dnstap/golang-dnstap@v0.4.0", + "github.com/dustin/go-humanize@v1.0.0", + "github.com/emicklei/go-restful/v3@v3.9.0", + "github.com/farsightsec/golang-framestream@v0.3.0", + "github.com/flynn/go-shlex@v0.0.0-20150515145356-3f9db97f8568", + "github.com/go-logr/logr@v1.2.3", + "github.com/go-openapi/jsonpointer@v0.19.5", + "github.com/go-openapi/jsonreference@v0.20.0", + "github.com/go-openapi/swag@v0.19.14", + "github.com/gogo/protobuf@v1.3.2", + "github.com/golang-jwt/jwt/v4@v4.2.0", + "github.com/golang/glog@v0.0.0-20160126235308-23def4e6c14b", + "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", + "github.com/golang/protobuf@v1.5.2", + "github.com/google/gnostic@v0.5.7-v3refs", + "github.com/google/go-cmp@v0.5.9", + "github.com/google/gofuzz@v1.2.0", + "github.com/google/uuid@v1.3.0", + "github.com/googleapis/enterprise-certificate-proxy@v0.2.1", + "github.com/googleapis/gax-go/v2@v2.7.0", + "github.com/grpc-ecosystem/grpc-opentracing@v0.0.0-20180507213350-8e809c8a8645", + "github.com/imdario/mergo@v0.3.12", + "github.com/infobloxopen/go-trees@v0.0.0-20200715205103-96a057b8dfb9", + "github.com/jmespath/go-jmespath@v0.4.0", + "github.com/josharian/intern@v1.0.0", + "github.com/json-iterator/go@v1.1.12", + "github.com/mailru/easyjson@v0.7.7", + "github.com/matttproud/golang_protobuf_extensions@v1.0.4", + "github.com/miekg/dns@v1.1.50", + "github.com/mitchellh/go-homedir@v1.1.0", + "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "github.com/modern-go/reflect2@v1.0.2", + "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "github.com/opentracing-contrib/go-observer@v0.0.0-20170622124052-a52f23424492", + "github.com/opentracing/opentracing-go@v1.2.0", + "github.com/openzipkin-contrib/zipkin-go-opentracing@v0.5.0", + "github.com/openzipkin/zipkin-go@v0.4.1", + "github.com/oschwald/geoip2-golang@v1.8.0", + "github.com/oschwald/maxminddb-golang@v1.10.0", + "github.com/philhofer/fwd@v1.1.1", + "github.com/pkg/errors@v0.9.1", + "github.com/prometheus/client_golang@v1.14.0", + "github.com/prometheus/client_model@v0.3.0", + "github.com/prometheus/common@v0.39.0", + "github.com/prometheus/procfs@v0.8.0", + "github.com/secure-systems-lab/go-securesystemslib@v0.4.0", + "github.com/spf13/pflag@v1.0.5", + "github.com/tinylib/msgp@v1.1.6", + "go.etcd.io/etcd/api/v3@v3.5.7", + "go.etcd.io/etcd/client/pkg/v3@v3.5.7", + "go.etcd.io/etcd/client/v3@v3.5.7", + "go.opencensus.io@v0.24.0", + "go.uber.org/atomic@v1.9.0", + "go.uber.org/multierr@v1.6.0", + "go.uber.org/zap@v1.17.0", + "golang.org/x/crypto@v0.0.0-20221010152910-d6f0a8c073c2", + "golang.org/x/net@v0.4.0", + "golang.org/x/oauth2@v0.3.0", + "golang.org/x/sys@v0.4.0", + "golang.org/x/term@v0.3.0", + "golang.org/x/text@v0.5.0", + "golang.org/x/time@v0.0.0-20220210224613-90d013bbcef8", + "golang.org/x/xerrors@v0.0.0-20220907171357-04be3eba64a2", + "google.golang.org/api@v0.109.0", + "google.golang.org/genproto@v0.0.0-20221227171554-f9683d7f8bef", + "google.golang.org/grpc@v1.52.3", + "google.golang.org/protobuf@v1.28.1", + "gopkg.in/DataDog/dd-trace-go.v1@v1.47.0", + "gopkg.in/inf.v0@v0.9.1", + "gopkg.in/yaml.v2@v2.4.0", + "gopkg.in/yaml.v3@v3.0.1", + "k8s.io/api@v0.26.1", + "k8s.io/apimachinery@v0.26.1", + "k8s.io/client-go@v0.26.1", + "k8s.io/klog/v2@v2.90.0", + "k8s.io/kube-openapi@v0.0.0-20221012153701-172d655c2280", + "k8s.io/utils@v0.0.0-20221107191617-1a15be271d1d", + "sigs.k8s.io/json@v0.0.0-20220713155537-f223a00ba0e2", + "sigs.k8s.io/structured-merge-diff/v4@v4.2.3", + "sigs.k8s.io/yaml@v1.3.0", + "stdlib@v1.20" + ], + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "stdlib@v1.20", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "Version": "v1.20", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "cloud.google.com/go/compute/metadata@v0.2.3", + "Name": "cloud.google.com/go/compute/metadata", + "Identifier": { + "PURL": "pkg:golang/cloud.google.com/go/compute/metadata@v0.2.3", + "UID": "40e7df92b55c7174" + }, + "Version": "v0.2.3", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go@v68.0.0+incompatible", + "Name": "github.com/Azure/azure-sdk-for-go", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go@v68.0.0%2Bincompatible", + "UID": "89dc7a6f0e41dbb" + }, + "Version": "v68.0.0+incompatible", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/go-autorest/autorest@v0.11.28", + "Name": "github.com/Azure/go-autorest/autorest", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/go-autorest/autorest@v0.11.28", + "UID": "ebf17b77057c452d" + }, + "Version": "v0.11.28", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/go-autorest/autorest/adal@v0.9.18", + "Name": "github.com/Azure/go-autorest/autorest/adal", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/go-autorest/autorest/adal@v0.9.18", + "UID": "30c7d48822125e75" + }, + "Version": "v0.9.18", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/go-autorest/autorest/azure/auth@v0.5.12", + "Name": "github.com/Azure/go-autorest/autorest/azure/auth", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/go-autorest/autorest/azure/auth@v0.5.12", + "UID": "9888652de048a07" + }, + "Version": "v0.5.12", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/go-autorest/autorest/azure/cli@v0.4.5", + "Name": "github.com/Azure/go-autorest/autorest/azure/cli", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/go-autorest/autorest/azure/cli@v0.4.5", + "UID": "bc7fda8387130e01" + }, + "Version": "v0.4.5", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/go-autorest/autorest/date@v0.3.0", + "Name": "github.com/Azure/go-autorest/autorest/date", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/go-autorest/autorest/date@v0.3.0", + "UID": "77d1071b03fa440b" + }, + "Version": "v0.3.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/go-autorest/autorest/to@v0.2.0", + "Name": "github.com/Azure/go-autorest/autorest/to", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/go-autorest/autorest/to@v0.2.0", + "UID": "f23eb029b8bd352e" + }, + "Version": "v0.2.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/go-autorest/logger@v0.2.1", + "Name": "github.com/Azure/go-autorest/logger", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/go-autorest/logger@v0.2.1", + "UID": "1c1b79d9e6a8b68d" + }, + "Version": "v0.2.1", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/go-autorest/tracing@v0.6.0", + "Name": "github.com/Azure/go-autorest/tracing", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/go-autorest/tracing@v0.6.0", + "UID": "460ae50c31da97f0" + }, + "Version": "v0.6.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/DataDog/datadog-agent/pkg/obfuscate@v0.0.0-20211129110424-6491aa3bf583", + "Name": "github.com/DataDog/datadog-agent/pkg/obfuscate", + "Identifier": { + "PURL": "pkg:golang/github.com/datadog/datadog-agent/pkg/obfuscate@v0.0.0-20211129110424-6491aa3bf583", + "UID": "fc91580e9b0c3a87" + }, + "Version": "v0.0.0-20211129110424-6491aa3bf583", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/DataDog/datadog-agent/pkg/remoteconfig/state@v0.42.0-rc.1", + "Name": "github.com/DataDog/datadog-agent/pkg/remoteconfig/state", + "Identifier": { + "PURL": "pkg:golang/github.com/datadog/datadog-agent/pkg/remoteconfig/state@v0.42.0-rc.1", + "UID": "56a86becaf94a3ee" + }, + "Version": "v0.42.0-rc.1", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/DataDog/datadog-go@v4.8.2+incompatible", + "Name": "github.com/DataDog/datadog-go", + "Identifier": { + "PURL": "pkg:golang/github.com/datadog/datadog-go@v4.8.2%2Bincompatible", + "UID": "c28ce4c3c3db4c2a" + }, + "Version": "v4.8.2+incompatible", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/DataDog/datadog-go/v5@v5.0.2", + "Name": "github.com/DataDog/datadog-go/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/datadog/datadog-go/v5@v5.0.2", + "UID": "88617249dc9cf4ac" + }, + "Version": "v5.0.2", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/DataDog/go-tuf@v0.3.0--fix-localmeta-fork", + "Name": "github.com/DataDog/go-tuf", + "Identifier": { + "PURL": "pkg:golang/github.com/datadog/go-tuf@v0.3.0--fix-localmeta-fork", + "UID": "38d118b2ec11c543" + }, + "Version": "v0.3.0--fix-localmeta-fork", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/DataDog/sketches-go@v1.2.1", + "Name": "github.com/DataDog/sketches-go", + "Identifier": { + "PURL": "pkg:golang/github.com/datadog/sketches-go@v1.2.1", + "UID": "4fb014cac45cf6a4" + }, + "Version": "v1.2.1", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/antonmedv/expr@v1.12.0", + "Name": "github.com/antonmedv/expr", + "Identifier": { + "PURL": "pkg:golang/github.com/antonmedv/expr@v1.12.0", + "UID": "ed7346a1ceef590c" + }, + "Version": "v1.12.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/apparentlymart/go-cidr@v1.1.0", + "Name": "github.com/apparentlymart/go-cidr", + "Identifier": { + "PURL": "pkg:golang/github.com/apparentlymart/go-cidr@v1.1.0", + "UID": "e67a78672b2f7c3a" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go@v1.44.194", + "Name": "github.com/aws/aws-sdk-go", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go@v1.44.194", + "UID": "b284a1b1b344e726" + }, + "Version": "v1.44.194", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/beorn7/perks@v1.0.1", + "Name": "github.com/beorn7/perks", + "Identifier": { + "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", + "UID": "ed2d59ce5503e0af" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cespare/xxhash/v2@v2.1.2", + "Name": "github.com/cespare/xxhash/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.1.2", + "UID": "c67d0802c761660f" + }, + "Version": "v2.1.2", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/coredns/caddy@v1.1.1", + "Name": "github.com/coredns/caddy", + "Identifier": { + "PURL": "pkg:golang/github.com/coredns/caddy@v1.1.1", + "UID": "97d63c5e9bec3e8d" + }, + "Version": "v1.1.1", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/coreos/go-semver@v0.3.0", + "Name": "github.com/coreos/go-semver", + "Identifier": { + "PURL": "pkg:golang/github.com/coreos/go-semver@v0.3.0", + "UID": "14c7ae5f90df00aa" + }, + "Version": "v0.3.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/coreos/go-systemd/v22@v22.3.2", + "Name": "github.com/coreos/go-systemd/v22", + "Identifier": { + "PURL": "pkg:golang/github.com/coreos/go-systemd/v22@v22.3.2", + "UID": "2504f71e209cb426" + }, + "Version": "v22.3.2", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/davecgh/go-spew@v1.1.1", + "Name": "github.com/davecgh/go-spew", + "Identifier": { + "PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.1", + "UID": "d673d275319c6a1d" + }, + "Version": "v1.1.1", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/dgraph-io/ristretto@v0.1.0", + "Name": "github.com/dgraph-io/ristretto", + "Identifier": { + "PURL": "pkg:golang/github.com/dgraph-io/ristretto@v0.1.0", + "UID": "64d074cf4902dfce" + }, + "Version": "v0.1.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/dimchansky/utfbom@v1.1.1", + "Name": "github.com/dimchansky/utfbom", + "Identifier": { + "PURL": "pkg:golang/github.com/dimchansky/utfbom@v1.1.1", + "UID": "c90020b4e5559b2b" + }, + "Version": "v1.1.1", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/dnstap/golang-dnstap@v0.4.0", + "Name": "github.com/dnstap/golang-dnstap", + "Identifier": { + "PURL": "pkg:golang/github.com/dnstap/golang-dnstap@v0.4.0", + "UID": "735f7eb0f59e35ee" + }, + "Version": "v0.4.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/dustin/go-humanize@v1.0.0", + "Name": "github.com/dustin/go-humanize", + "Identifier": { + "PURL": "pkg:golang/github.com/dustin/go-humanize@v1.0.0", + "UID": "56571c0e7976f774" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/emicklei/go-restful/v3@v3.9.0", + "Name": "github.com/emicklei/go-restful/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/emicklei/go-restful/v3@v3.9.0", + "UID": "5ada931948b7c9" + }, + "Version": "v3.9.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/farsightsec/golang-framestream@v0.3.0", + "Name": "github.com/farsightsec/golang-framestream", + "Identifier": { + "PURL": "pkg:golang/github.com/farsightsec/golang-framestream@v0.3.0", + "UID": "7516aa501168aee3" + }, + "Version": "v0.3.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/flynn/go-shlex@v0.0.0-20150515145356-3f9db97f8568", + "Name": "github.com/flynn/go-shlex", + "Identifier": { + "PURL": "pkg:golang/github.com/flynn/go-shlex@v0.0.0-20150515145356-3f9db97f8568", + "UID": "228eb21bc0f83523" + }, + "Version": "v0.0.0-20150515145356-3f9db97f8568", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/logr@v1.2.3", + "Name": "github.com/go-logr/logr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/logr@v1.2.3", + "UID": "42d891e2b557eafa" + }, + "Version": "v1.2.3", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/jsonpointer@v0.19.5", + "Name": "github.com/go-openapi/jsonpointer", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/jsonpointer@v0.19.5", + "UID": "8969399c694942ea" + }, + "Version": "v0.19.5", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/jsonreference@v0.20.0", + "Name": "github.com/go-openapi/jsonreference", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/jsonreference@v0.20.0", + "UID": "6b9c8bf8d689e73d" + }, + "Version": "v0.20.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag@v0.19.14", + "Name": "github.com/go-openapi/swag", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag@v0.19.14", + "UID": "af9f7052a4a2d6f1" + }, + "Version": "v0.19.14", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gogo/protobuf@v1.3.2", + "Name": "github.com/gogo/protobuf", + "Identifier": { + "PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2", + "UID": "272364e50043f4d3" + }, + "Version": "v1.3.2", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang-jwt/jwt/v4@v4.2.0", + "Name": "github.com/golang-jwt/jwt/v4", + "Identifier": { + "PURL": "pkg:golang/github.com/golang-jwt/jwt/v4@v4.2.0", + "UID": "a0436ebc5a39db0a" + }, + "Version": "v4.2.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/glog@v0.0.0-20160126235308-23def4e6c14b", + "Name": "github.com/golang/glog", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/glog@v0.0.0-20160126235308-23def4e6c14b", + "UID": "4c5035812177d7a1" + }, + "Version": "v0.0.0-20160126235308-23def4e6c14b", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", + "Name": "github.com/golang/groupcache", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", + "UID": "ba0a75d4bee7fa63" + }, + "Version": "v0.0.0-20210331224755-41bb18bfe9da", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/protobuf@v1.5.2", + "Name": "github.com/golang/protobuf", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/protobuf@v1.5.2", + "UID": "444057d29b74a75e" + }, + "Version": "v1.5.2", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/gnostic@v0.5.7-v3refs", + "Name": "github.com/google/gnostic", + "Identifier": { + "PURL": "pkg:golang/github.com/google/gnostic@v0.5.7-v3refs", + "UID": "b60c65ef1c536d4a" + }, + "Version": "v0.5.7-v3refs", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/go-cmp@v0.5.9", + "Name": "github.com/google/go-cmp", + "Identifier": { + "PURL": "pkg:golang/github.com/google/go-cmp@v0.5.9", + "UID": "8b1cf3399c0449b2" + }, + "Version": "v0.5.9", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/gofuzz@v1.2.0", + "Name": "github.com/google/gofuzz", + "Identifier": { + "PURL": "pkg:golang/github.com/google/gofuzz@v1.2.0", + "UID": "f2a738b54888522c" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/uuid@v1.3.0", + "Name": "github.com/google/uuid", + "Identifier": { + "PURL": "pkg:golang/github.com/google/uuid@v1.3.0", + "UID": "f3503841a6842204" + }, + "Version": "v1.3.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/googleapis/enterprise-certificate-proxy@v0.2.1", + "Name": "github.com/googleapis/enterprise-certificate-proxy", + "Identifier": { + "PURL": "pkg:golang/github.com/googleapis/enterprise-certificate-proxy@v0.2.1", + "UID": "7c2328e46ac2b714" + }, + "Version": "v0.2.1", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/googleapis/gax-go/v2@v2.7.0", + "Name": "github.com/googleapis/gax-go/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/googleapis/gax-go/v2@v2.7.0", + "UID": "616de5a35e095119" + }, + "Version": "v2.7.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/grpc-ecosystem/grpc-opentracing@v0.0.0-20180507213350-8e809c8a8645", + "Name": "github.com/grpc-ecosystem/grpc-opentracing", + "Identifier": { + "PURL": "pkg:golang/github.com/grpc-ecosystem/grpc-opentracing@v0.0.0-20180507213350-8e809c8a8645", + "UID": "c5313ec904dbee38" + }, + "Version": "v0.0.0-20180507213350-8e809c8a8645", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/imdario/mergo@v0.3.12", + "Name": "github.com/imdario/mergo", + "Identifier": { + "PURL": "pkg:golang/github.com/imdario/mergo@v0.3.12", + "UID": "e32ec750a019133f" + }, + "Version": "v0.3.12", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/infobloxopen/go-trees@v0.0.0-20200715205103-96a057b8dfb9", + "Name": "github.com/infobloxopen/go-trees", + "Identifier": { + "PURL": "pkg:golang/github.com/infobloxopen/go-trees@v0.0.0-20200715205103-96a057b8dfb9", + "UID": "a62a274e18b713e7" + }, + "Version": "v0.0.0-20200715205103-96a057b8dfb9", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jmespath/go-jmespath@v0.4.0", + "Name": "github.com/jmespath/go-jmespath", + "Identifier": { + "PURL": "pkg:golang/github.com/jmespath/go-jmespath@v0.4.0", + "UID": "481e93b248907cfe" + }, + "Version": "v0.4.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/josharian/intern@v1.0.0", + "Name": "github.com/josharian/intern", + "Identifier": { + "PURL": "pkg:golang/github.com/josharian/intern@v1.0.0", + "UID": "1b8737e6ae5b1ac3" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/json-iterator/go@v1.1.12", + "Name": "github.com/json-iterator/go", + "Identifier": { + "PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12", + "UID": "c304cb176cadb01f" + }, + "Version": "v1.1.12", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mailru/easyjson@v0.7.7", + "Name": "github.com/mailru/easyjson", + "Identifier": { + "PURL": "pkg:golang/github.com/mailru/easyjson@v0.7.7", + "UID": "2aadc7d33b0153ff" + }, + "Version": "v0.7.7", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/matttproud/golang_protobuf_extensions@v1.0.4", + "Name": "github.com/matttproud/golang_protobuf_extensions", + "Identifier": { + "PURL": "pkg:golang/github.com/matttproud/golang_protobuf_extensions@v1.0.4", + "UID": "4047ce534ef14433" + }, + "Version": "v1.0.4", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/miekg/dns@v1.1.50", + "Name": "github.com/miekg/dns", + "Identifier": { + "PURL": "pkg:golang/github.com/miekg/dns@v1.1.50", + "UID": "a52c7fbb2fb5a86f" + }, + "Version": "v1.1.50", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mitchellh/go-homedir@v1.1.0", + "Name": "github.com/mitchellh/go-homedir", + "Identifier": { + "PURL": "pkg:golang/github.com/mitchellh/go-homedir@v1.1.0", + "UID": "652413b1a3803534" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "Name": "github.com/modern-go/concurrent", + "Identifier": { + "PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "UID": "f1872d5873ff7a89" + }, + "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/modern-go/reflect2@v1.0.2", + "Name": "github.com/modern-go/reflect2", + "Identifier": { + "PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.2", + "UID": "79a485af668b0675" + }, + "Version": "v1.0.2", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "Name": "github.com/munnerz/goautoneg", + "Identifier": { + "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "UID": "85c6914d15bf56b" + }, + "Version": "v0.0.0-20191010083416-a7dc8b61c822", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/opentracing-contrib/go-observer@v0.0.0-20170622124052-a52f23424492", + "Name": "github.com/opentracing-contrib/go-observer", + "Identifier": { + "PURL": "pkg:golang/github.com/opentracing-contrib/go-observer@v0.0.0-20170622124052-a52f23424492", + "UID": "af2e427d5fdb447d" + }, + "Version": "v0.0.0-20170622124052-a52f23424492", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/opentracing/opentracing-go@v1.2.0", + "Name": "github.com/opentracing/opentracing-go", + "Identifier": { + "PURL": "pkg:golang/github.com/opentracing/opentracing-go@v1.2.0", + "UID": "5b84cb309313d88c" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/openzipkin-contrib/zipkin-go-opentracing@v0.5.0", + "Name": "github.com/openzipkin-contrib/zipkin-go-opentracing", + "Identifier": { + "PURL": "pkg:golang/github.com/openzipkin-contrib/zipkin-go-opentracing@v0.5.0", + "UID": "46b9ff34c77e62d3" + }, + "Version": "v0.5.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/openzipkin/zipkin-go@v0.4.1", + "Name": "github.com/openzipkin/zipkin-go", + "Identifier": { + "PURL": "pkg:golang/github.com/openzipkin/zipkin-go@v0.4.1", + "UID": "7d7991913ae60ebc" + }, + "Version": "v0.4.1", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/oschwald/geoip2-golang@v1.8.0", + "Name": "github.com/oschwald/geoip2-golang", + "Identifier": { + "PURL": "pkg:golang/github.com/oschwald/geoip2-golang@v1.8.0", + "UID": "e82fac3de874cd80" + }, + "Version": "v1.8.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/oschwald/maxminddb-golang@v1.10.0", + "Name": "github.com/oschwald/maxminddb-golang", + "Identifier": { + "PURL": "pkg:golang/github.com/oschwald/maxminddb-golang@v1.10.0", + "UID": "4cbdbc41ccb06315" + }, + "Version": "v1.10.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/philhofer/fwd@v1.1.1", + "Name": "github.com/philhofer/fwd", + "Identifier": { + "PURL": "pkg:golang/github.com/philhofer/fwd@v1.1.1", + "UID": "b2341ed794e2167a" + }, + "Version": "v1.1.1", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pkg/errors@v0.9.1", + "Name": "github.com/pkg/errors", + "Identifier": { + "PURL": "pkg:golang/github.com/pkg/errors@v0.9.1", + "UID": "d9103528f8ab4195" + }, + "Version": "v0.9.1", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_golang@v1.14.0", + "Name": "github.com/prometheus/client_golang", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.14.0", + "UID": "452c38c95e215e1b" + }, + "Version": "v1.14.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_model@v0.3.0", + "Name": "github.com/prometheus/client_model", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_model@v0.3.0", + "UID": "da9338f7ff78d7cc" + }, + "Version": "v0.3.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/common@v0.39.0", + "Name": "github.com/prometheus/common", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/common@v0.39.0", + "UID": "95f5213efd64d198" + }, + "Version": "v0.39.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/procfs@v0.8.0", + "Name": "github.com/prometheus/procfs", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/procfs@v0.8.0", + "UID": "4da8aae406816037" + }, + "Version": "v0.8.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/secure-systems-lab/go-securesystemslib@v0.4.0", + "Name": "github.com/secure-systems-lab/go-securesystemslib", + "Identifier": { + "PURL": "pkg:golang/github.com/secure-systems-lab/go-securesystemslib@v0.4.0", + "UID": "4c14b2341a68e90" + }, + "Version": "v0.4.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/pflag@v1.0.5", + "Name": "github.com/spf13/pflag", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.5", + "UID": "e9018954bb1fcc9f" + }, + "Version": "v1.0.5", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/tinylib/msgp@v1.1.6", + "Name": "github.com/tinylib/msgp", + "Identifier": { + "PURL": "pkg:golang/github.com/tinylib/msgp@v1.1.6", + "UID": "da3a75186e666ec6" + }, + "Version": "v1.1.6", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.etcd.io/etcd/api/v3@v3.5.7", + "Name": "go.etcd.io/etcd/api/v3", + "Identifier": { + "PURL": "pkg:golang/go.etcd.io/etcd/api/v3@v3.5.7", + "UID": "4f2686e35ef561d2" + }, + "Version": "v3.5.7", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.etcd.io/etcd/client/pkg/v3@v3.5.7", + "Name": "go.etcd.io/etcd/client/pkg/v3", + "Identifier": { + "PURL": "pkg:golang/go.etcd.io/etcd/client/pkg/v3@v3.5.7", + "UID": "caef276825ce292" + }, + "Version": "v3.5.7", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.etcd.io/etcd/client/v3@v3.5.7", + "Name": "go.etcd.io/etcd/client/v3", + "Identifier": { + "PURL": "pkg:golang/go.etcd.io/etcd/client/v3@v3.5.7", + "UID": "36f188811aff6e89" + }, + "Version": "v3.5.7", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opencensus.io@v0.24.0", + "Name": "go.opencensus.io", + "Identifier": { + "PURL": "pkg:golang/go.opencensus.io@v0.24.0", + "UID": "2a05c94785a21d51" + }, + "Version": "v0.24.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/atomic@v1.9.0", + "Name": "go.uber.org/atomic", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/atomic@v1.9.0", + "UID": "2b4302cdebe9c535" + }, + "Version": "v1.9.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/multierr@v1.6.0", + "Name": "go.uber.org/multierr", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/multierr@v1.6.0", + "UID": "32c1b040b1551524" + }, + "Version": "v1.6.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/zap@v1.17.0", + "Name": "go.uber.org/zap", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/zap@v1.17.0", + "UID": "8bcfe1637ece248e" + }, + "Version": "v1.17.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/crypto@v0.0.0-20221010152910-d6f0a8c073c2", + "Name": "golang.org/x/crypto", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.0.0-20221010152910-d6f0a8c073c2", + "UID": "57cfb22d6de356dd" + }, + "Version": "v0.0.0-20221010152910-d6f0a8c073c2", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/net@v0.4.0", + "Name": "golang.org/x/net", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.4.0", + "UID": "90a87ca4c9a5b5b2" + }, + "Version": "v0.4.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/oauth2@v0.3.0", + "Name": "golang.org/x/oauth2", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/oauth2@v0.3.0", + "UID": "2e14f7e924c34a2d" + }, + "Version": "v0.3.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sys@v0.4.0", + "Name": "golang.org/x/sys", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sys@v0.4.0", + "UID": "5aab9f5c7ba5ed0" + }, + "Version": "v0.4.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/term@v0.3.0", + "Name": "golang.org/x/term", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/term@v0.3.0", + "UID": "a5e2b9aca3d6a494" + }, + "Version": "v0.3.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/text@v0.5.0", + "Name": "golang.org/x/text", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/text@v0.5.0", + "UID": "8128046374103a2a" + }, + "Version": "v0.5.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/time@v0.0.0-20220210224613-90d013bbcef8", + "Name": "golang.org/x/time", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/time@v0.0.0-20220210224613-90d013bbcef8", + "UID": "5c6c573ff087d264" + }, + "Version": "v0.0.0-20220210224613-90d013bbcef8", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/xerrors@v0.0.0-20220907171357-04be3eba64a2", + "Name": "golang.org/x/xerrors", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/xerrors@v0.0.0-20220907171357-04be3eba64a2", + "UID": "9983ce545227c56f" + }, + "Version": "v0.0.0-20220907171357-04be3eba64a2", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/api@v0.109.0", + "Name": "google.golang.org/api", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/api@v0.109.0", + "UID": "5f0ef80a5138df23" + }, + "Version": "v0.109.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/genproto@v0.0.0-20221227171554-f9683d7f8bef", + "Name": "google.golang.org/genproto", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/genproto@v0.0.0-20221227171554-f9683d7f8bef", + "UID": "bd7ef60107ee48f7" + }, + "Version": "v0.0.0-20221227171554-f9683d7f8bef", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/grpc@v1.52.3", + "Name": "google.golang.org/grpc", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/grpc@v1.52.3", + "UID": "c5945c89e3ea5ba0" + }, + "Version": "v1.52.3", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/protobuf@v1.28.1", + "Name": "google.golang.org/protobuf", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/protobuf@v1.28.1", + "UID": "dca4acce715bb108" + }, + "Version": "v1.28.1", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/DataDog/dd-trace-go.v1@v1.47.0", + "Name": "gopkg.in/DataDog/dd-trace-go.v1", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/datadog/dd-trace-go.v1@v1.47.0", + "UID": "7311beb9b4a13417" + }, + "Version": "v1.47.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/inf.v0@v0.9.1", + "Name": "gopkg.in/inf.v0", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/inf.v0@v0.9.1", + "UID": "cc0cd5c6a8bddc5" + }, + "Version": "v0.9.1", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v2@v2.4.0", + "Name": "gopkg.in/yaml.v2", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", + "UID": "31119b4641da59cf" + }, + "Version": "v2.4.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v3@v3.0.1", + "Name": "gopkg.in/yaml.v3", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", + "UID": "3320351793603727" + }, + "Version": "v3.0.1", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/api@v0.26.1", + "Name": "k8s.io/api", + "Identifier": { + "PURL": "pkg:golang/k8s.io/api@v0.26.1", + "UID": "9087b63b2107bd4" + }, + "Version": "v0.26.1", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/apimachinery@v0.26.1", + "Name": "k8s.io/apimachinery", + "Identifier": { + "PURL": "pkg:golang/k8s.io/apimachinery@v0.26.1", + "UID": "4eee8c937889ad0d" + }, + "Version": "v0.26.1", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/client-go@v0.26.1", + "Name": "k8s.io/client-go", + "Identifier": { + "PURL": "pkg:golang/k8s.io/client-go@v0.26.1", + "UID": "c53ae8d0b95a04b" + }, + "Version": "v0.26.1", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/klog/v2@v2.90.0", + "Name": "k8s.io/klog/v2", + "Identifier": { + "PURL": "pkg:golang/k8s.io/klog/v2@v2.90.0", + "UID": "ef7b4b24cca5ee7c" + }, + "Version": "v2.90.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/kube-openapi@v0.0.0-20221012153701-172d655c2280", + "Name": "k8s.io/kube-openapi", + "Identifier": { + "PURL": "pkg:golang/k8s.io/kube-openapi@v0.0.0-20221012153701-172d655c2280", + "UID": "6ca0c8aceae3714f" + }, + "Version": "v0.0.0-20221012153701-172d655c2280", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/utils@v0.0.0-20221107191617-1a15be271d1d", + "Name": "k8s.io/utils", + "Identifier": { + "PURL": "pkg:golang/k8s.io/utils@v0.0.0-20221107191617-1a15be271d1d", + "UID": "3fecc9882ba74ba1" + }, + "Version": "v0.0.0-20221107191617-1a15be271d1d", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/json@v0.0.0-20220713155537-f223a00ba0e2", + "Name": "sigs.k8s.io/json", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/json@v0.0.0-20220713155537-f223a00ba0e2", + "UID": "f9eaa8923e5b1c56" + }, + "Version": "v0.0.0-20220713155537-f223a00ba0e2", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/structured-merge-diff/v4@v4.2.3", + "Name": "sigs.k8s.io/structured-merge-diff/v4", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/structured-merge-diff/v4@v4.2.3", + "UID": "455d90c7b072085b" + }, + "Version": "v4.2.3", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/yaml@v1.3.0", + "Name": "sigs.k8s.io/yaml", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/yaml@v1.3.0", + "UID": "8feaf0a724280a87" + }, + "Version": "v1.3.0", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2025-30204", + "VendorIDs": [ + "GHSA-mh63-6h87-95cp" + ], + "PkgID": "github.com/golang-jwt/jwt/v4@v4.2.0", + "PkgName": "github.com/golang-jwt/jwt/v4", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/golang-jwt/jwt/v4@v4.2.0", + "UID": "a0436ebc5a39db0a" + }, + "InstalledVersion": "v4.2.0", + "FixedVersion": "4.5.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-30204", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:4bf91a438b40d356527e074344b2049401e053f11b2c608278790ed70dc58840", + "Title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing", + "Description": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-405" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V3Score": 7.5, + "V40Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7425", + "https://access.redhat.com/security/cve/CVE-2025-30204", + "https://bugzilla.redhat.com/2354195", + "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204", + "https://errata.almalinux.org/9/ALSA-2025-7425.html", + "https://errata.rockylinux.org/RLSA-2025:3411", + "https://github.com/golang-jwt/jwt", + "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3", + "https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb", + "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp", + "https://linux.oracle.com/cve/CVE-2025-30204.html", + "https://linux.oracle.com/errata/ELSA-2025-7967.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-30204", + "https://pkg.go.dev/vuln/GO-2025-3553", + "https://security.netapp.com/advisory/ntap-20250404-0002", + "https://security.netapp.com/advisory/ntap-20250404-0002/", + "https://www.cve.org/CVERecord?id=CVE-2025-30204" + ], + "PublishedDate": "2025-03-21T22:15:26.42Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-45339", + "VendorIDs": [ + "GHSA-6wxm-mpqj-6jpf" + ], + "PkgID": "github.com/golang/glog@v0.0.0-20160126235308-23def4e6c14b", + "PkgName": "github.com/golang/glog", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/golang/glog@v0.0.0-20160126235308-23def4e6c14b", + "UID": "4c5035812177d7a1" + }, + "InstalledVersion": "v0.0.0-20160126235308-23def4e6c14b", + "FixedVersion": "1.2.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45339", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:14455e717ef6e4193682fd8370e48cfef256f2125ade9a0181a3a8304cec1ca1", + "Title": "github.com/golang/glog: Vulnerability when creating log files in github.com/golang/glog", + "Description": "When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists.", + "Severity": "MEDIUM", + "VendorSeverity": { + "azure": 3, + "cbl-mariner": 3, + "ghsa": 2, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U", + "V3Score": 7.1, + "V40Score": 4.1 + }, + "redhat": { + "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-45339", + "https://github.com/golang/glog", + "https://github.com/golang/glog/pull/74", + "https://github.com/golang/glog/pull/74/commits/b8741656e406e66d6992bc2c9575e460ecaa0ec2", + "https://groups.google.com/g/golang-announce/c/H-Q4ouHWyKs", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00019.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-45339", + "https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File", + "https://pkg.go.dev/vuln/GO-2025-3372", + "https://www.cve.org/CVERecord?id=CVE-2024-45339" + ], + "PublishedDate": "2025-01-28T02:15:28.927Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-45337", + "VendorIDs": [ + "GHSA-v778-237x-gjrc" + ], + "PkgID": "golang.org/x/crypto@v0.0.0-20221010152910-d6f0a8c073c2", + "PkgName": "golang.org/x/crypto", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.0.0-20221010152910-d6f0a8c073c2", + "UID": "57cfb22d6de356dd" + }, + "InstalledVersion": "v0.0.0-20221010152910-d6f0a8c073c2", + "FixedVersion": "0.31.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45337", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:1e093cc24528cfdf9bee2f0164015f1bee332b5288a7062df764724d1566e2f9", + "Title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto", + "Description": "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.", + "Severity": "CRITICAL", + "VendorSeverity": { + "amazon": 3, + "azure": 4, + "cbl-mariner": 4, + "ghsa": 4, + "redhat": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", + "V3Score": 8.2 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/12/11/2", + "https://access.redhat.com/security/cve/CVE-2024-45337", + "https://github.com/golang/crypto", + "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909", + "https://go-review.googlesource.com/c/crypto/+/635315/", + "https://go.dev/cl/635315", + "https://go.dev/issue/70779", + "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2024-45337", + "https://pkg.go.dev/vuln/GO-2024-3321", + "https://security.netapp.com/advisory/ntap-20250131-0007", + "https://security.netapp.com/advisory/ntap-20250131-0007/", + "https://ubuntu.com/security/notices/USN-7839-1", + "https://ubuntu.com/security/notices/USN-7839-2", + "https://www.cve.org/CVERecord?id=CVE-2024-45337" + ], + "PublishedDate": "2024-12-12T02:02:07.97Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22869", + "VendorIDs": [ + "GHSA-hcg3-q754-cr77" + ], + "PkgID": "golang.org/x/crypto@v0.0.0-20221010152910-d6f0a8c073c2", + "PkgName": "golang.org/x/crypto", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.0.0-20221010152910-d6f0a8c073c2", + "UID": "57cfb22d6de356dd" + }, + "InstalledVersion": "v0.0.0-20221010152910-d6f0a8c073c2", + "FixedVersion": "0.35.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22869", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:359e7defaafabce0b4a5245e534331ba7ee2fb04b601c6a02e0337ba8128c5da", + "Title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh", + "Description": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:3833", + "https://access.redhat.com/security/cve/CVE-2025-22869", + "https://bugzilla.redhat.com/2348367", + "https://bugzilla.redhat.com/show_bug.cgi?id=2348367", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869", + "https://errata.almalinux.org/9/ALSA-2025-3833.html", + "https://errata.rockylinux.org/RLSA-2025:7416", + "https://github.com/golang/crypto", + "https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22", + "https://go-review.googlesource.com/c/crypto/+/652135", + "https://go.dev/cl/652135", + "https://go.dev/issue/71931", + "https://linux.oracle.com/cve/CVE-2025-22869.html", + "https://linux.oracle.com/errata/ELSA-2025-7484.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22869", + "https://pkg.go.dev/vuln/GO-2025-3487", + "https://security.netapp.com/advisory/ntap-20250411-0010", + "https://security.netapp.com/advisory/ntap-20250411-0010/", + "https://www.cve.org/CVERecord?id=CVE-2025-22869" + ], + "PublishedDate": "2025-02-26T08:14:24.997Z", + "LastModifiedDate": "2025-05-01T19:28:20.74Z" + }, + { + "VulnerabilityID": "CVE-2023-48795", + "VendorIDs": [ + "GHSA-45x7-px36-x8w8" + ], + "PkgID": "golang.org/x/crypto@v0.0.0-20221010152910-d6f0a8c073c2", + "PkgName": "golang.org/x/crypto", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.0.0-20221010152910-d6f0a8c073c2", + "UID": "57cfb22d6de356dd" + }, + "InstalledVersion": "v0.0.0-20221010152910-d6f0a8c073c2", + "FixedVersion": "0.17.0, 0.0.0-20231218163308-9d2ee975ef9f", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-48795", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:83c3d170bac8ab5a00ed617d41cba5dc93314f6490b800c49866cfaa6c0a2a24", + "Title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", + "Description": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-354" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html", + "http://seclists.org/fulldisclosure/2024/Mar/21", + "http://www.openwall.com/lists/oss-security/2023/12/18/3", + "http://www.openwall.com/lists/oss-security/2023/12/19/5", + "http://www.openwall.com/lists/oss-security/2023/12/20/3", + "http://www.openwall.com/lists/oss-security/2024/03/06/3", + "http://www.openwall.com/lists/oss-security/2024/04/17/8", + "https://access.redhat.com/errata/RHSA-2024:1150", + "https://access.redhat.com/security/cve/CVE-2023-48795", + "https://access.redhat.com/security/cve/cve-2023-48795", + "https://access.redhat.com/solutions/7071748", + "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack", + "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/", + "https://bugs.gentoo.org/920280", + "https://bugzilla.redhat.com/2254210", + "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", + "https://bugzilla.suse.com/show_bug.cgi?id=1217950", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-364175.html", + "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", + "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", + "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", + "https://crates.io/crates/thrussh/versions", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", + "https://errata.almalinux.org/9/ALSA-2024-1150.html", + "https://errata.rockylinux.org/RLSA-2024:0628", + "https://filezilla-project.org/versions.php", + "https://forum.netgate.com/topic/184941/terrapin-ssh-attack", + "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6", + "https://github.com/NixOS/nixpkgs/pull/275249", + "https://github.com/PowerShell/Win32-OpenSSH/issues/2189", + "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta", + "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0", + "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1", + "https://github.com/advisories/GHSA-45x7-px36-x8w8", + "https://github.com/apache/mina-sshd/issues/445", + "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab", + "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22", + "https://github.com/cyd01/KiTTY/issues/520", + "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6", + "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42", + "https://github.com/erlang/otp/releases/tag/OTP-26.2.1", + "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d", + "https://github.com/hierynomus/sshj/issues/916", + "https://github.com/janmojzis/tinyssh/issues/81", + "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5", + "https://github.com/libssh2/libssh2/pull/1291", + "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25", + "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3", + "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15", + "https://github.com/mwiede/jsch/issues/457", + "https://github.com/mwiede/jsch/pull/461", + "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16", + "https://github.com/openssh/openssh-portable/commits/master", + "https://github.com/paramiko/paramiko/issues/2337", + "https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773", + "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES", + "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES", + "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES", + "https://github.com/proftpd/proftpd/issues/456", + "https://github.com/rapier1/hpn-ssh/releases", + "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst", + "https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55", + "https://github.com/ronf/asyncssh/tags", + "https://github.com/ssh-mitm/ssh-mitm/issues/165", + "https://github.com/warp-tech/russh", + "https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951", + "https://github.com/warp-tech/russh/releases/tag/v0.40.2", + "https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8", + "https://gitlab.com/libssh/libssh-mirror/-/tags", + "https://go.dev/cl/550715", + "https://go.dev/issue/64784", + "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ", + "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg", + "https://help.panic.com/releasenotes/transmit5", + "https://help.panic.com/releasenotes/transmit5/", + "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795", + "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/", + "https://linux.oracle.com/cve/CVE-2023-48795.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", + "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html", + "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html", + "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html", + "https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html", + "https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", + "https://matt.ucc.asn.au/dropbear/CHANGES", + "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC", + "https://news.ycombinator.com/item?id=38684904", + "https://news.ycombinator.com/item?id=38685286", + "https://news.ycombinator.com/item?id=38732005", + "https://nova.app/releases/#v11.8", + "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", + "https://oryx-embedded.com/download/#changelog", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002", + "https://roumenpetrov.info/secsh/#news20231220", + "https://security-tracker.debian.org/tracker/CVE-2023-48795", + "https://security-tracker.debian.org/tracker/source-package/libssh2", + "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg", + "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2", + "https://security.gentoo.org/glsa/202312-16", + "https://security.gentoo.org/glsa/202312-17", + "https://security.netapp.com/advisory/ntap-20240105-0004", + "https://security.netapp.com/advisory/ntap-20240105-0004/", + "https://support.apple.com/kb/HT214084", + "https://terrapin-attack.com/", + "https://thorntech.com/cve-2023-48795-and-sftp-gateway", + "https://thorntech.com/cve-2023-48795-and-sftp-gateway/", + "https://twitter.com/TrueSkrillor/status/1736774389725565005", + "https://ubuntu.com/security/CVE-2023-48795", + "https://ubuntu.com/security/notices/USN-6560-1", + "https://ubuntu.com/security/notices/USN-6560-2", + "https://ubuntu.com/security/notices/USN-6561-1", + "https://ubuntu.com/security/notices/USN-6585-1", + "https://ubuntu.com/security/notices/USN-6589-1", + "https://ubuntu.com/security/notices/USN-6598-1", + "https://ubuntu.com/security/notices/USN-6738-1", + "https://ubuntu.com/security/notices/USN-7051-1", + "https://ubuntu.com/security/notices/USN-7292-1", + "https://ubuntu.com/security/notices/USN-7297-1", + "https://winscp.net/eng/docs/history#6.2.2", + "https://www.bitvise.com/ssh-client-version-history#933", + "https://www.bitvise.com/ssh-server-version-history", + "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", + "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update", + "https://www.cve.org/CVERecord?id=CVE-2023-48795", + "https://www.debian.org/security/2023/dsa-5586", + "https://www.debian.org/security/2023/dsa-5588", + "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc", + "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508", + "https://www.netsarang.com/en/xshell-update-history", + "https://www.netsarang.com/en/xshell-update-history/", + "https://www.openssh.com/openbsd.html", + "https://www.openssh.com/txt/release-9.6", + "https://www.openwall.com/lists/oss-security/2023/12/18/2", + "https://www.openwall.com/lists/oss-security/2023/12/18/3", + "https://www.openwall.com/lists/oss-security/2023/12/20/3", + "https://www.paramiko.org/changelog.html", + "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed", + "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/", + "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795", + "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/", + "https://www.terrapin-attack.com", + "https://www.theregister.com/2023/12/20/terrapin_attack_ssh", + "https://www.vandyke.com/products/securecrt/history.txt", + "https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit", + "https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability" + ], + "PublishedDate": "2023-12-18T16:15:10.897Z", + "LastModifiedDate": "2026-05-12T11:16:15.01Z" + }, + { + "VulnerabilityID": "CVE-2025-47914", + "VendorIDs": [ + "GHSA-f6x5-jh6r-wrfv" + ], + "PkgID": "golang.org/x/crypto@v0.0.0-20221010152910-d6f0a8c073c2", + "PkgName": "golang.org/x/crypto", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.0.0-20221010152910-d6f0a8c073c2", + "UID": "57cfb22d6de356dd" + }, + "InstalledVersion": "v0.0.0-20221010152910-d6f0a8c073c2", + "FixedVersion": "0.45.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47914", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:55989b03586dabcb1df7e3e3625778566de6feb96346e837296c79932a952b11", + "Title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages", + "Description": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "amazon": 2, + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-47914", + "https://go.dev/cl/721960", + "https://go.dev/issue/76364", + "https://go.googlesource.com/crypto", + "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47914", + "https://pkg.go.dev/vuln/GO-2025-4135", + "https://www.cve.org/CVERecord?id=CVE-2025-47914" + ], + "PublishedDate": "2025-11-19T21:15:50.517Z", + "LastModifiedDate": "2025-12-11T19:36:41.373Z" + }, + { + "VulnerabilityID": "CVE-2025-58181", + "VendorIDs": [ + "GHSA-j5w8-q4qc-rx2x" + ], + "PkgID": "golang.org/x/crypto@v0.0.0-20221010152910-d6f0a8c073c2", + "PkgName": "golang.org/x/crypto", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.0.0-20221010152910-d6f0a8c073c2", + "UID": "57cfb22d6de356dd" + }, + "InstalledVersion": "v0.0.0-20221010152910-d6f0a8c073c2", + "FixedVersion": "0.45.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58181", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:106821e33c48343d25b2ba561403dc5c2d3dd5b73c6e71ef6befa20319fa2256", + "Title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication", + "Description": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-58181", + "https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c", + "https://github.com/golang/go/issues/76363", + "https://go.dev/cl/721961", + "https://go.dev/issue/76363", + "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA", + "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA?pli=1", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58181", + "https://pkg.go.dev/vuln/GO-2025-4134", + "https://ubuntu.com/security/notices/USN-7956-1", + "https://www.cve.org/CVERecord?id=CVE-2025-58181" + ], + "PublishedDate": "2025-11-19T21:15:50.85Z", + "LastModifiedDate": "2025-12-11T19:29:24.9Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "VendorIDs": [ + "GHSA-vvpx-j8f3-3w6h" + ], + "PkgID": "golang.org/x/net@v0.4.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.4.0", + "UID": "90a87ca4c9a5b5b2" + }, + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:02ebf86e6a379ad7db41d040b1996ab946e77051174028170bfbc4e50e949215", + "Title": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://linux.oracle.com/cve/CVE-2022-41723.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230331-0010/", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://ubuntu.com/security/notices/USN-8089-1", + "https://ubuntu.com/security/notices/USN-8089-2", + "https://ubuntu.com/security/notices/USN-8089-3", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.couchbase.com/alerts", + "https://www.couchbase.com/alerts/", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:09.98Z", + "LastModifiedDate": "2025-05-05T16:15:20.433Z" + }, + { + "VulnerabilityID": "CVE-2023-39325", + "VendorIDs": [ + "GHSA-4374-p667-p6c8" + ], + "PkgID": "golang.org/x/net@v0.4.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.4.0", + "UID": "90a87ca4c9a5b5b2" + }, + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.17.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39325", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:5d5b8b3c2deef48bc5e88997722842ca5c4cf4b6a5f6ac2bf6add55051cb60b5", + "Title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", + "Description": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "redhat": 3, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "golang.org/x/net", + "https://access.redhat.com/errata/RHSA-2023:6077", + "https://access.redhat.com/security/cve/CVE-2023-39325", + "https://access.redhat.com/security/cve/CVE-2023-44487", + "https://bugzilla.redhat.com/2242803", + "https://bugzilla.redhat.com/2243296", + "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243296", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487", + "https://errata.almalinux.org/9/ALSA-2023-6077.html", + "https://errata.rockylinux.org/RLSA-2023:6077", + "https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21]", + "https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20]", + "https://github.com/golang/go/issues/63417", + "https://go.dev/cl/534215", + "https://go.dev/cl/534235", + "https://go.dev/issue/63417", + "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", + "https://linux.oracle.com/cve/CVE-2023-39325.html", + "https://linux.oracle.com/errata/ELSA-2023-5867.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", + "https://pkg.go.dev/vuln/GO-2023-2102", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20231110-0008", + "https://security.netapp.com/advisory/ntap-20231110-0008/", + "https://ubuntu.com/security/notices/USN-6574-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", + "https://www.cve.org/CVERecord?id=CVE-2023-39325" + ], + "PublishedDate": "2023-10-11T22:15:09.88Z", + "LastModifiedDate": "2024-11-21T08:15:09.627Z" + }, + { + "VulnerabilityID": "CVE-2023-3978", + "VendorIDs": [ + "GHSA-2wrh-6pvc-2jm9" + ], + "PkgID": "golang.org/x/net@v0.4.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.4.0", + "UID": "90a87ca4c9a5b5b2" + }, + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.13.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3978", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:7275542aa6c747089a79bea3dcbf569605f26257e6da248ae8c95eab714f89e7", + "Title": "golang.org/x/net/html: Cross site scripting", + "Description": "Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "nvd": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-3978", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://go.dev/cl/514896", + "https://go.dev/issue/61615", + "https://linux.oracle.com/cve/CVE-2023-3978.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3978", + "https://pkg.go.dev/vuln/GO-2023-1988", + "https://ubuntu.com/security/notices/USN-8089-1", + "https://ubuntu.com/security/notices/USN-8089-2", + "https://ubuntu.com/security/notices/USN-8089-3", + "https://www.cve.org/CVERecord?id=CVE-2023-3978" + ], + "PublishedDate": "2023-08-02T20:15:12.097Z", + "LastModifiedDate": "2024-11-21T08:18:27.68Z" + }, + { + "VulnerabilityID": "CVE-2023-44487", + "VendorIDs": [ + "GHSA-qppj-fm5r-hxr3" + ], + "PkgID": "golang.org/x/net@v0.4.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.4.0", + "UID": "90a87ca4c9a5b5b2" + }, + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.17.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-44487", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:2012086540e3d515e362348aac009308e56d0dddfb64455d7a01dc1591ef77df", + "Title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)", + "Description": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 2, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:H", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:A", + "V3Score": 5.3, + "V40Score": 6.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/10/10/6", + "http://www.openwall.com/lists/oss-security/2023/10/10/7", + "http://www.openwall.com/lists/oss-security/2023/10/13/4", + "http://www.openwall.com/lists/oss-security/2023/10/13/9", + "http://www.openwall.com/lists/oss-security/2023/10/18/4", + "http://www.openwall.com/lists/oss-security/2023/10/18/8", + "http://www.openwall.com/lists/oss-security/2023/10/19/6", + "http://www.openwall.com/lists/oss-security/2023/10/20/8", + "http://www.openwall.com/lists/oss-security/2025/08/13/6", + "https://access.redhat.com/errata/RHSA-2023:6746", + "https://access.redhat.com/security/cve/CVE-2023-44487", + "https://access.redhat.com/security/cve/cve-2023-44487", + "https://akka.io/security/akka-http-cve-2023-44487.html", + "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size", + "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/", + "https://aws.amazon.com/security/security-bulletins/AWS-2023-011", + "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/", + "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack", + "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/", + "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack", + "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/", + "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty", + "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/", + "https://blog.powerdns.com/2024/02/16/powerdns-dnsdist-1.9.0-released", + "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack", + "https://blog.vespa.ai/cve-2023-44487", + "https://blog.vespa.ai/cve-2023-44487/", + "https://bugzilla.proxmox.com/show_bug.cgi?id=4988", + "https://bugzilla.redhat.com/2242803", + "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", + "https://bugzilla.suse.com/show_bug.cgi?id=1216123", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-341067.html", + "https://cert-portal.siemens.com/productcert/html/ssa-784301.html", + "https://cert-portal.siemens.com/productcert/html/ssa-832273.html", + "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", + "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9", + "https://chaos.social/@icing/111210915918780532", + "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps", + "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/", + "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack", + "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487", + "https://devblogs.microsoft.com/dotnet/october-2023-updates/", + "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715", + "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve", + "https://errata.almalinux.org/9/ALSA-2023-6746.html", + "https://errata.rockylinux.org/RLSA-2023:5838", + "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764", + "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088", + "https://github.com/Azure/AKS/issues/3947", + "https://github.com/Kong/kong/discussions/11741", + "https://github.com/advisories/GHSA-qppj-fm5r-hxr3", + "https://github.com/advisories/GHSA-vx74-f528-fxqg", + "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p", + "https://github.com/akka/akka-http/issues/4323", + "https://github.com/akka/akka-http/pull/4324", + "https://github.com/akka/akka-http/pull/4325", + "https://github.com/alibaba/tengine/issues/1872", + "https://github.com/apache/apisix/issues/10320", + "https://github.com/apache/httpd-site/pull/10", + "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113", + "https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628", + "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2", + "https://github.com/apache/trafficserver/pull/10564", + "https://github.com/apple/swift-nio-http2", + "https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3", + "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487", + "https://github.com/bcdannyboy/CVE-2023-44487", + "https://github.com/caddyserver/caddy/issues/5877", + "https://github.com/caddyserver/caddy/releases/tag/v2.7.5", + "https://github.com/dotnet/announcements/issues/277", + "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73", + "https://github.com/eclipse/jetty.project/issues/10679", + "https://github.com/envoyproxy/envoy/pull/30055", + "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76", + "https://github.com/etcd-io/etcd/issues/16740", + "https://github.com/facebook/proxygen/pull/466", + "https://github.com/golang/go/issues/63417", + "https://github.com/grpc/grpc-go/pull/6703", + "https://github.com/grpc/grpc-go/releases", + "https://github.com/grpc/grpc/releases/tag/v1.59.2", + "https://github.com/h2o/h2o/pull/3291", + "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf", + "https://github.com/haproxy/haproxy/issues/2312", + "https://github.com/hyperium/hyper/issues/3337", + "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244", + "https://github.com/junkurihara/rust-rpxy/issues/97", + "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1", + "https://github.com/kazu-yamamoto/http2/issues/93", + "https://github.com/kubernetes/ingress-nginx/blob/4b5c5efe2508dc915a48c54de7f23912ff2ec695/changelog/controller-1.9.3.md?plain=1#L15", + "https://github.com/kubernetes/kubernetes/pull/121120", + "https://github.com/line/armeria/pull/5232", + "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632", + "https://github.com/micrictor/http2-rst-stream", + "https://github.com/microsoft/CBL-Mariner/pull/6381", + "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61", + "https://github.com/nghttp2/nghttp2/pull/1961", + "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0", + "https://github.com/ninenines/cowboy/issues/1615", + "https://github.com/nodejs/node/pull/50121", + "https://github.com/openresty/openresty/issues/930", + "https://github.com/opensearch-project/data-prepper/issues/3474", + "https://github.com/oqtane/oqtane.framework/discussions/3367", + "https://github.com/projectcontour/contour/pull/5826", + "https://github.com/tempesta-tech/tempesta/issues/1986", + "https://github.com/varnishcache/varnish-cache/issues/3996", + "https://go.dev/cl/534215", + "https://go.dev/cl/534235", + "https://go.dev/issue/63417", + "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo", + "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", + "https://istio.io/latest/news/security/istio-security-2023-004", + "https://istio.io/latest/news/security/istio-security-2023-004/", + "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487", + "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/", + "https://linux.oracle.com/cve/CVE-2023-44487.html", + "https://linux.oracle.com/errata/ELSA-2024-1444.html", + "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q", + "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", + "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html", + "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html", + "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html", + "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html", + "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html", + "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/", + "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html", + "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html", + "https://mailman.powerdns.com/pipermail/dnsdist/2023-October/001409.html", + "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html", + "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2", + "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/", + "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487", + "https://my.f5.com/manage/s/article/K000137106", + "https://netty.io/news/2023/10/10/4-1-100-Final.html", + "https://news.ycombinator.com/item?id=37830987", + "https://news.ycombinator.com/item?id=37830998", + "https://news.ycombinator.com/item?id=37831062", + "https://news.ycombinator.com/item?id=37837043", + "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases", + "https://nvd.nist.gov/vuln/detail/CVE-2023-44487", + "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response", + "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/", + "https://pkg.go.dev/vuln/GO-2023-2102", + "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected", + "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20231016-0001", + "https://security.netapp.com/advisory/ntap-20231016-0001/", + "https://security.netapp.com/advisory/ntap-20240426-0007", + "https://security.netapp.com/advisory/ntap-20240426-0007/", + "https://security.netapp.com/advisory/ntap-20240621-0006", + "https://security.netapp.com/advisory/ntap-20240621-0006/", + "https://security.netapp.com/advisory/ntap-20240621-0007", + "https://security.netapp.com/advisory/ntap-20240621-0007/", + "https://security.paloaltonetworks.com/CVE-2023-44487", + "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14", + "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12", + "https://tomcat.apache.org/security-8.html", + "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94", + "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81", + "https://ubuntu.com/security/CVE-2023-44487", + "https://ubuntu.com/security/notices/USN-6427-1", + "https://ubuntu.com/security/notices/USN-6427-2", + "https://ubuntu.com/security/notices/USN-6438-1", + "https://ubuntu.com/security/notices/USN-6505-1", + "https://ubuntu.com/security/notices/USN-6574-1", + "https://ubuntu.com/security/notices/USN-6754-1", + "https://ubuntu.com/security/notices/USN-6994-1", + "https://ubuntu.com/security/notices/USN-7067-1", + "https://ubuntu.com/security/notices/USN-7410-1", + "https://ubuntu.com/security/notices/USN-7469-1", + "https://ubuntu.com/security/notices/USN-7469-2", + "https://ubuntu.com/security/notices/USN-7469-3", + "https://ubuntu.com/security/notices/USN-7469-4", + "https://ubuntu.com/security/notices/USN-7892-1", + "https://varnish-cache.org/releases/rel6.0.12.html#rel6-0-12", + "https://varnish-cache.org/releases/rel7.3.1.html#rel7-3-1", + "https://varnish-cache.org/releases/rel7.4.2.html#rel7-4-2", + "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records", + "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/", + "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", + "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487", + "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", + "https://www.cve.org/CVERecord?id=CVE-2023-44487", + "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event", + "https://www.debian.org/security/2023/dsa-5521", + "https://www.debian.org/security/2023/dsa-5522", + "https://www.debian.org/security/2023/dsa-5540", + "https://www.debian.org/security/2023/dsa-5549", + "https://www.debian.org/security/2023/dsa-5558", + "https://www.debian.org/security/2023/dsa-5570", + "https://www.eclipse.org/lists/jetty-announce/msg00181.html", + "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487", + "https://www.mail-archive.com/haproxy@formilux.org/msg44134.html", + "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487", + "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/", + "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products", + "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", + "https://www.openwall.com/lists/oss-security/2023/10/10/6", + "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack", + "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday", + "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/", + "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause" + ], + "PublishedDate": "2023-10-10T14:15:10.883Z", + "LastModifiedDate": "2026-05-12T15:10:32.26Z" + }, + { + "VulnerabilityID": "CVE-2023-45288", + "VendorIDs": [ + "GHSA-4v7x-pqxf-cx7m" + ], + "PkgID": "golang.org/x/net@v0.4.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.4.0", + "UID": "90a87ca4c9a5b5b2" + }, + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.23.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45288", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:bb01cc93c0a07064cf3d25e892042c2aab4b54bc73223e8738fd29e75fbf24e9", + "Title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", + "Description": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/04/03/16", + "http://www.openwall.com/lists/oss-security/2024/04/05/4", + "https://access.redhat.com/errata/RHSA-2024:2724", + "https://access.redhat.com/security/cve/CVE-2023-45288", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268018", + "https://bugzilla.redhat.com/2268019", + "https://bugzilla.redhat.com/2268273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://errata.almalinux.org/9/ALSA-2024-2724.html", + "https://errata.rockylinux.org/RLSA-2024:2724", + "https://go.dev/cl/576155", + "https://go.dev/issue/65051", + "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M", + "https://kb.cert.org/vuls/id/421644", + "https://linux.oracle.com/cve/CVE-2023-45288.html", + "https://linux.oracle.com/errata/ELSA-2024-3346.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/", + "https://nowotarski.info/http2-continuation-flood-technical-details", + "https://nowotarski.info/http2-continuation-flood/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45288", + "https://pkg.go.dev/vuln/GO-2024-2687", + "https://security.netapp.com/advisory/ntap-20240419-0009", + "https://security.netapp.com/advisory/ntap-20240419-0009/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2023-45288", + "https://www.kb.cert.org/vuls/id/421644" + ], + "PublishedDate": "2024-04-04T21:15:16.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22870", + "VendorIDs": [ + "GHSA-qxp5-gwg8-xv66" + ], + "PkgID": "golang.org/x/net@v0.4.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.4.0", + "UID": "90a87ca4c9a5b5b2" + }, + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.36.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:b18adfccfa6bc74a289674c4531534e3b44ffd9eb1cd37d0e8370c8430c4d324", + "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", + "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-115" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/03/07/2", + "https://access.redhat.com/security/cve/CVE-2025-22870", + "https://github.com/golang/go/issues/71984", + "https://go-review.googlesource.com/q/project:net", + "https://go.dev/cl/654697", + "https://go.dev/issue/71984", + "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", + "https://pkg.go.dev/vuln/GO-2025-3503", + "https://security.netapp.com/advisory/ntap-20250509-0007", + "https://security.netapp.com/advisory/ntap-20250509-0007/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22870" + ], + "PublishedDate": "2025-03-12T19:15:38.31Z", + "LastModifiedDate": "2026-04-16T23:16:32.86Z" + }, + { + "VulnerabilityID": "CVE-2025-22872", + "VendorIDs": [ + "GHSA-vvgc-356p-c3xw" + ], + "PkgID": "golang.org/x/net@v0.4.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.4.0", + "UID": "90a87ca4c9a5b5b2" + }, + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.38.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:38989026cf764a78fe51921e3294bcb93decec13e26d12ce5be20f5f6c0bee19", + "Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net", + "Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", + "V40Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22872", + "https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9", + "https://github.com/advisories/GHSA-vvgc-356p-c3xw", + "https://go.dev/cl/662715", + "https://go.dev/issue/73070", + "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22872", + "https://pkg.go.dev/vuln/GO-2025-3595", + "https://security.netapp.com/advisory/ntap-20250516-0007", + "https://security.netapp.com/advisory/ntap-20250516-0007/", + "https://ubuntu.com/security/notices/USN-8089-1", + "https://ubuntu.com/security/notices/USN-8089-2", + "https://ubuntu.com/security/notices/USN-8089-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22872" + ], + "PublishedDate": "2025-04-16T18:16:04.183Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22868", + "VendorIDs": [ + "GHSA-6v2p-p543-phr9" + ], + "PkgID": "golang.org/x/oauth2@v0.3.0", + "PkgName": "golang.org/x/oauth2", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/oauth2@v0.3.0", + "UID": "2e14f7e924c34a2d" + }, + "InstalledVersion": "v0.3.0", + "FixedVersion": "0.27.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22868", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:a0281dbcff2fc70b5975ff9b4363293eef18a3abd36bbb78ee090a803bb83d67", + "Title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws", + "Description": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1286" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2347423", + "https://bugzilla.redhat.com/show_bug.cgi?id=2348366", + "https://bugzilla.redhat.com/show_bug.cgi?id=2352914", + "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22868", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27144", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29786", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204", + "https://errata.rockylinux.org/RLSA-2025:7479", + "https://go.dev/cl/652155", + "https://go.dev/issue/71490", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22868", + "https://pkg.go.dev/vuln/GO-2025-3488", + "https://www.cve.org/CVERecord?id=CVE-2025-22868" + ], + "PublishedDate": "2025-02-26T08:14:24.897Z", + "LastModifiedDate": "2025-05-01T19:27:10.43Z" + }, + { + "VulnerabilityID": "CVE-2026-33186", + "VendorIDs": [ + "GHSA-p77j-4mvh-x3m3" + ], + "PkgID": "google.golang.org/grpc@v1.52.3", + "PkgName": "google.golang.org/grpc", + "PkgIdentifier": { + "PURL": "pkg:golang/google.golang.org/grpc@v1.52.3", + "UID": "c5945c89e3ea5ba0" + }, + "InstalledVersion": "v1.52.3", + "FixedVersion": "1.79.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33186", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:3d2147c87702ccc5333e1f9dd106424efc4e47ffd76a5ab980e077282d350a23", + "Title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation", + "Description": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-285" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 4, + "photon": 4, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-33186", + "https://github.com/grpc/grpc-go", + "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33186", + "https://www.cve.org/CVERecord?id=CVE-2026-33186" + ], + "PublishedDate": "2026-03-20T23:16:45.18Z", + "LastModifiedDate": "2026-04-10T20:49:17.737Z" + }, + { + "VulnerabilityID": "GHSA-m425-mq94-257g", + "PkgID": "google.golang.org/grpc@v1.52.3", + "PkgName": "google.golang.org/grpc", + "PkgIdentifier": { + "PURL": "pkg:golang/google.golang.org/grpc@v1.52.3", + "UID": "c5945c89e3ea5ba0" + }, + "InstalledVersion": "v1.52.3", + "FixedVersion": "1.56.3, 1.57.1, 1.58.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-m425-mq94-257g", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:b450187c7b1cc8b22306139dc53d4f078374e7080b2b7d9f5b9b04a67217d344", + "Title": "gRPC-Go HTTP/2 Rapid Reset vulnerability", + "Description": "### Impact\nIn affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit.\n\n### Patches\nThis vulnerability was addressed by #6703 and has been included in patch releases: 1.56.3, 1.57.1, 1.58.3. It is also included in the latest release, 1.59.0.\n\nAlong with applying the patch, users should also ensure they are using the `grpc.MaxConcurrentStreams` server option to apply a limit to the server's resources used for any single connection.\n\n### Workarounds\nNone.\n\n### References\n#6703\n", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/grpc/grpc-go", + "https://github.com/grpc/grpc-go/commit/f2180b4d5403d2210b30b93098eb7da31c05c721", + "https://github.com/grpc/grpc-go/pull/6703", + "https://github.com/grpc/grpc-go/security/advisories/GHSA-m425-mq94-257g", + "https://nvd.nist.gov/vuln/detail/CVE-2023-44487" + ], + "PublishedDate": "2023-10-25T21:17:37Z", + "LastModifiedDate": "2024-07-19T16:32:30Z" + }, + { + "VulnerabilityID": "CVE-2024-24786", + "VendorIDs": [ + "GHSA-8r3f-844c-mc37" + ], + "PkgID": "google.golang.org/protobuf@v1.28.1", + "PkgName": "google.golang.org/protobuf", + "PkgIdentifier": { + "PURL": "pkg:golang/google.golang.org/protobuf@v1.28.1", + "UID": "dca4acce715bb108" + }, + "InstalledVersion": "v1.28.1", + "FixedVersion": "1.33.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24786", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:e2aea706ddd973de2ae6710c3e231d1130e80b8c24edae3dbccac70539587e5e", + "Title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", + "Description": "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U", + "V3Score": 7.5, + "V40Score": 6.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:2550", + "https://access.redhat.com/security/cve/CVE-2024-24786", + "https://bugzilla.redhat.com/2268046", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786", + "https://errata.almalinux.org/9/ALSA-2024-2550.html", + "https://errata.rockylinux.org/RLSA-2024:2550", + "https://github.com/protocolbuffers/protobuf-go", + "https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023", + "https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0", + "https://go-review.googlesource.com/c/protobuf/+/569356", + "https://go.dev/cl/569356", + "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", + "https://linux.oracle.com/cve/CVE-2024-24786.html", + "https://linux.oracle.com/errata/ELSA-2024-4246.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", + "https://pkg.go.dev/vuln/GO-2024-2611", + "https://security.netapp.com/advisory/ntap-20240517-0002", + "https://security.netapp.com/advisory/ntap-20240517-0002/", + "https://ubuntu.com/security/notices/USN-6746-1", + "https://ubuntu.com/security/notices/USN-6746-2", + "https://www.cve.org/CVERecord?id=CVE-2024-24786" + ], + "PublishedDate": "2024-03-05T23:15:07.82Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2023-24538", + "VendorIDs": [ + "GO-2023-1703" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.19.8, 1.20.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24538", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d59bbc715e1784172b144d38415694ba5e39e65967007307e6e3ce91b12105e2", + "Title": "golang: html/template: backticks not treated as string delimiters", + "Description": "Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. \"var a = {{.}}\"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-94" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 4, + "bitnami": 4, + "cbl-mariner": 4, + "nvd": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24538", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/20374d1d759bc4e17486bde1cb9dca5be37d9e52 (go1.20.3)", + "https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b (go1.19.8)", + "https://github.com/golang/go/issues/59234", + "https://go.dev/cl/482079", + "https://go.dev/issue/59234", + "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", + "https://linux.oracle.com/cve/CVE-2023-24538.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24538", + "https://pkg.go.dev/vuln/GO-2023-1703", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20241115-0007/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24538" + ], + "PublishedDate": "2023-04-06T16:15:07.8Z", + "LastModifiedDate": "2025-02-12T17:15:14.19Z" + }, + { + "VulnerabilityID": "CVE-2023-24540", + "VendorIDs": [ + "GO-2023-1752" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.19.9, 1.20.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24540", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3a4aba208e9d0dbd5ad607fec66389719f75b59ef527122ef4202057671fe689", + "Title": "golang: html/template: improper handling of JavaScript whitespace", + "Description": "Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-77" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 4, + "nvd": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 3, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24540", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/4a28cad66655ee01c6e944271e23c33cab021765 (go1.20.4)", + "https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 (go1.19.9)", + "https://github.com/golang/go/issues/59721", + "https://go.dev/cl/491616", + "https://go.dev/issue/59721", + "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", + "https://linux.oracle.com/cve/CVE-2023-24540.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24540", + "https://pkg.go.dev/vuln/GO-2023-1752", + "https://security.netapp.com/advisory/ntap-20241115-0008/", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24540" + ], + "PublishedDate": "2023-05-11T16:15:09.687Z", + "LastModifiedDate": "2025-01-24T17:15:10.893Z" + }, + { + "VulnerabilityID": "CVE-2024-24790", + "VendorIDs": [ + "GO-2024-2887" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.21.11, 1.22.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24790", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:eadc05c5789bf85ee638dc158a4f3e80a84d5f699e513414c52bd2d8f01365c1", + "Title": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses", + "Description": "The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.", + "Severity": "CRITICAL", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 4, + "nvd": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 6.7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/06/04/1", + "https://access.redhat.com/errata/RHSA-2025:7256", + "https://access.redhat.com/security/cve/CVE-2024-24790", + "https://bugzilla.redhat.com/2237777", + "https://bugzilla.redhat.com/2237778", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2292787", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/2315719", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", + "https://errata.almalinux.org/9/ALSA-2025-7256.html", + "https://errata.rockylinux.org/RLSA-2025:7256", + "https://github.com/golang/go/commit/051bdf3fd12a40307606ff9381138039c5f452f0 (1.21)", + "https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca (1.22)", + "https://github.com/golang/go/issues/67680", + "https://go.dev/cl/590316", + "https://go.dev/issue/67680", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", + "https://linux.oracle.com/cve/CVE-2024-24790.html", + "https://linux.oracle.com/errata/ELSA-2025-7256.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24790", + "https://pkg.go.dev/vuln/GO-2024-2887", + "https://security.netapp.com/advisory/ntap-20240905-0002/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24790" + ], + "PublishedDate": "2024-06-05T16:15:10.56Z", + "LastModifiedDate": "2024-11-21T08:59:42.813Z" + }, + { + "VulnerabilityID": "CVE-2025-68121", + "VendorIDs": [ + "GO-2026-4337" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2e64036c687b6783f4436dba8eb6a1085c495e8cb60631ea806b97b1fa3239b4", + "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", + "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 4, + "cbl-mariner": 2, + "nvd": 4, + "oracle-oval": 3, + "photon": 4, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-68121", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://github.com/golang/go/issues/77113", + "https://go.dev/cl/737700", + "https://go.dev/issue/77217", + "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-68121.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", + "https://pkg.go.dev/vuln/GO-2026-4337", + "https://www.cve.org/CVERecord?id=CVE-2025-68121" + ], + "PublishedDate": "2026-02-05T18:16:10.857Z", + "LastModifiedDate": "2026-04-29T14:16:16.17Z" + }, + { + "VulnerabilityID": "CVE-2022-41722", + "VendorIDs": [ + "GO-2023-1568" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.19.6, 1.20.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41722", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f00917acb7126076493e654bc39e8d93e88894ec18b118554ef040c12d6c4f3f", + "Title": "golang: path/filepath: path-filepath filepath.Clean path traversal", + "Description": "A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as \"a/../c:/b\" into the valid path \"c:\\b\". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path \".\\c:\\b\".", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41722", + "https://go.dev/cl/468123", + "https://go.dev/issue/57274", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41722", + "https://pkg.go.dev/vuln/GO-2023-1568", + "https://www.cve.org/CVERecord?id=CVE-2022-41722" + ], + "PublishedDate": "2023-02-28T18:15:09.887Z", + "LastModifiedDate": "2024-11-21T07:23:44.303Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "VendorIDs": [ + "GHSA-vvpx-j8f3-3w6h", + "GO-2023-1571" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.19.6, 1.20.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1450ec5b88bcfebbcd6fc956a149f6e7169b142c6de40ea36c22946645537774", + "Title": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://linux.oracle.com/cve/CVE-2022-41723.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230331-0010/", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://ubuntu.com/security/notices/USN-8089-1", + "https://ubuntu.com/security/notices/USN-8089-2", + "https://ubuntu.com/security/notices/USN-8089-3", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.couchbase.com/alerts", + "https://www.couchbase.com/alerts/", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:09.98Z", + "LastModifiedDate": "2025-05-05T16:15:20.433Z" + }, + { + "VulnerabilityID": "CVE-2022-41724", + "VendorIDs": [ + "GO-2023-1570" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.19.6, 1.20.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41724", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:23ba4cc9f8dcb84294f805da6e1fd30e7ba5ef7c8d6bddf1b388d9b83c4941d1", + "Title": "golang: crypto/tls: large handshake records may cause panics", + "Description": "Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth \u003e= RequestClientCert).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2022-41724", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://go.dev/cl/468125", + "https://go.dev/issue/58001", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://linux.oracle.com/cve/CVE-2022-41724.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41724", + "https://pkg.go.dev/vuln/GO-2023-1570", + "https://security.gentoo.org/glsa/202311-09", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2022-41724" + ], + "PublishedDate": "2023-02-28T18:15:10.043Z", + "LastModifiedDate": "2024-11-21T07:23:44.603Z" + }, + { + "VulnerabilityID": "CVE-2022-41725", + "VendorIDs": [ + "GO-2023-1569" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.19.6, 1.20.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41725", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:fa54eede844ac4993ae8eff4792a2e9db97bf03f9cd516409d1e70a87b22fa7f", + "Title": "golang: net/http, mime/multipart: denial of service from excessive resource consumption", + "Description": "A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing \"up to maxMemory bytes +10MB (reserved for non-file parts) in memory\". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, \"If stored on disk, the File's underlying concrete type will be an *os.File.\". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2022-41725", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/5c55ac9bf1e5f779220294c843526536605f42ab [1.19]", + "https://go.dev/cl/468124", + "https://go.dev/issue/58006", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://linux.oracle.com/cve/CVE-2022-41725.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41725", + "https://pkg.go.dev/vuln/GO-2023-1569", + "https://security.gentoo.org/glsa/202311-09", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2022-41725" + ], + "PublishedDate": "2023-02-28T18:15:10.12Z", + "LastModifiedDate": "2024-11-21T07:23:44.733Z" + }, + { + "VulnerabilityID": "CVE-2023-24534", + "VendorIDs": [ + "GO-2023-1704" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.19.8, 1.20.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24534", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d3eda123d6bd3bfd812904af7cde925c4b1a6d12143f7b43cea352dc37f04e15", + "Title": "golang: net/http, net/textproto: denial of service from excessive memory allocation", + "Description": "HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24534", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/3991f6c41c7dfd167e889234c0cf1d840475e93c (go1.20.3)", + "https://github.com/golang/go/commit/d6759e7a059f4208f07aa781402841d7ddaaef96 (go1.19.8)", + "https://go.dev/cl/481994", + "https://go.dev/issue/58975", + "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", + "https://linux.oracle.com/cve/CVE-2023-24534.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24534", + "https://pkg.go.dev/vuln/GO-2023-1704", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230526-0007/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24534" + ], + "PublishedDate": "2023-04-06T16:15:07.657Z", + "LastModifiedDate": "2025-02-12T18:15:19.837Z" + }, + { + "VulnerabilityID": "CVE-2023-24536", + "VendorIDs": [ + "GO-2023-1705" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.19.8, 1.20.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24536", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9d221f5d5e247bdcaafdea6926bbce2a7fc9f840bd07d76024ac3f23af8d94c0", + "Title": "golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption", + "Description": "Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24536", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/7917b5f31204528ea72e0629f0b7d52b35b27538 (go.1.19.8)", + "https://github.com/golang/go/commit/bf8c7c575c8a552d9d79deb29e80854dc88528d0 (go1.20.3)", + "https://go.dev/cl/482075", + "https://go.dev/cl/482076", + "https://go.dev/cl/482077", + "https://go.dev/issue/59153", + "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", + "https://linux.oracle.com/cve/CVE-2023-24536.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24536", + "https://pkg.go.dev/vuln/GO-2023-1705", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230526-0007/", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24536" + ], + "PublishedDate": "2023-04-06T16:15:07.71Z", + "LastModifiedDate": "2025-02-12T18:15:20.083Z" + }, + { + "VulnerabilityID": "CVE-2023-24537", + "VendorIDs": [ + "GO-2023-1702" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.19.8, 1.20.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24537", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b7834dbbb31f9244e2824b6f286ac2cab1ad546bfc221dbd5a34f6c86636cfbf", + "Title": "golang: go/parser: Infinite loop in parsing", + "Description": "Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24537", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/126a1d02da82f93ede7ce0bd8d3c51ef627f2104 (go1.19.8)", + "https://github.com/golang/go/commit/e7c4b07ecf6b367f1afc9cc48cde963829dd0aab (go1.20.3)", + "https://github.com/golang/go/issues/59180", + "https://go.dev/cl/482078", + "https://go.dev/issue/59180", + "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", + "https://linux.oracle.com/cve/CVE-2023-24537.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24537", + "https://pkg.go.dev/vuln/GO-2023-1702", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20241129-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24537" + ], + "PublishedDate": "2023-04-06T16:15:07.753Z", + "LastModifiedDate": "2025-02-12T17:15:13.973Z" + }, + { + "VulnerabilityID": "CVE-2023-24539", + "VendorIDs": [ + "GO-2023-1751" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.19.9, 1.20.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24539", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ad37a681c622742275844b9e30d0becdc55096094310427645f07d58a69bbe96", + "Title": "golang: html/template: improper sanitization of CSS values", + "Description": "Angle brackets (\u003c\u003e) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-74", + "CWE-94" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24539", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/090590fdccc8442728aa31601927da1bf2ef1288 (go1.20.4)", + "https://github.com/golang/go/commit/e49282327b05192e46086bf25fd3ac691205fe80 (go1.19.9)", + "https://github.com/golang/go/issues/59720", + "https://go.dev/cl/491615", + "https://go.dev/issue/59720", + "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", + "https://linux.oracle.com/cve/CVE-2023-24539.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24539", + "https://pkg.go.dev/vuln/GO-2023-1751", + "https://security.netapp.com/advisory/ntap-20241129-0005/", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24539" + ], + "PublishedDate": "2023-05-11T16:15:09.6Z", + "LastModifiedDate": "2025-01-24T17:15:10.67Z" + }, + { + "VulnerabilityID": "CVE-2023-29400", + "VendorIDs": [ + "GO-2023-1753" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.19.9, 1.20.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29400", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e485d1faf10793c1784ec6a5c75e5a8a9a985e6cd6cd8321a00c28084dbb8398", + "Title": "golang: html/template: improper handling of empty HTML attributes", + "Description": "Templates containing actions in unquoted HTML attributes (e.g. \"attr={{.}}\") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-74", + "CWE-94" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-29400", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/337dd75343145b74ed2073d793322eb4103b56ad (go1.20.4)", + "https://github.com/golang/go/commit/9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5 (go1.19.9)", + "https://github.com/golang/go/issues/59722", + "https://go.dev/cl/491617", + "https://go.dev/issue/59722", + "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", + "https://linux.oracle.com/cve/CVE-2023-29400.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29400", + "https://pkg.go.dev/vuln/GO-2023-1753", + "https://security.netapp.com/advisory/ntap-20241213-0005/", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29400" + ], + "PublishedDate": "2023-05-11T16:15:09.85Z", + "LastModifiedDate": "2025-01-24T17:15:12.747Z" + }, + { + "VulnerabilityID": "CVE-2023-29403", + "VendorIDs": [ + "GO-2023-1840" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.19.10, 1.20.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29403", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:05c6e1942b4b20650ac2dc31424393ae37de6ce2c0c89cec239d7894383d6976", + "Title": "golang: runtime: unexpected behavior of setuid/setgid binaries", + "Description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-668" + ], + "VendorSeverity": { + "alma": 4, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 4, + "photon": 3, + "redhat": 3, + "rocky": 4, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3923", + "https://access.redhat.com/security/cve/CVE-2023-29403", + "https://bugzilla.redhat.com/2216965", + "https://bugzilla.redhat.com/2217562", + "https://bugzilla.redhat.com/2217565", + "https://bugzilla.redhat.com/2217569", + "https://bugzilla.redhat.com/show_bug.cgi?id=2216965", + "https://bugzilla.redhat.com/show_bug.cgi?id=2217562", + "https://bugzilla.redhat.com/show_bug.cgi?id=2217565", + "https://bugzilla.redhat.com/show_bug.cgi?id=2217569", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29402", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29403", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29405", + "https://errata.almalinux.org/9/ALSA-2023-3923.html", + "https://errata.rockylinux.org/RLSA-2023:3923", + "https://github.com/golang/go/commit/36144ba429ef2650940c72e7a0b932af3612d420 (go1.20.5)", + "https://github.com/golang/go/commit/a7b1cd452ddc69a6606c2f35ac5786dc892e62cb (go1.19.10)", + "https://github.com/golang/go/issues/60272", + "https://go.dev/cl/501223", + "https://go.dev/issue/60272", + "https://groups.google.com/g/golang-announce/c/q5135a9d924", + "https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ", + "https://linux.oracle.com/cve/CVE-2023-29403.html", + "https://linux.oracle.com/errata/ELSA-2023-3923.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZ2O6YCO2IZMZJELQGZYR2WAUNEDLYV6/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBS3IIK6ADV24C5ULQU55QLT2UE762ZX/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29403", + "https://pkg.go.dev/vuln/GO-2023-1840", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20241220-0009/", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29403" + ], + "PublishedDate": "2023-06-08T21:15:16.927Z", + "LastModifiedDate": "2025-01-06T20:15:25.82Z" + }, + { + "VulnerabilityID": "CVE-2023-39325", + "VendorIDs": [ + "GHSA-4374-p667-p6c8", + "GO-2023-2102" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.20.10, 1.21.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39325", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:67cfdb097e45b62a263909aa65897b211a252af88a8a3557da869f9a5f99fbdb", + "Title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", + "Description": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "redhat": 3, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "golang.org/x/net", + "https://access.redhat.com/errata/RHSA-2023:6077", + "https://access.redhat.com/security/cve/CVE-2023-39325", + "https://access.redhat.com/security/cve/CVE-2023-44487", + "https://bugzilla.redhat.com/2242803", + "https://bugzilla.redhat.com/2243296", + "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243296", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487", + "https://errata.almalinux.org/9/ALSA-2023-6077.html", + "https://errata.rockylinux.org/RLSA-2023:6077", + "https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21]", + "https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20]", + "https://github.com/golang/go/issues/63417", + "https://go.dev/cl/534215", + "https://go.dev/cl/534235", + "https://go.dev/issue/63417", + "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", + "https://linux.oracle.com/cve/CVE-2023-39325.html", + "https://linux.oracle.com/errata/ELSA-2023-5867.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", + "https://pkg.go.dev/vuln/GO-2023-2102", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20231110-0008", + "https://security.netapp.com/advisory/ntap-20231110-0008/", + "https://ubuntu.com/security/notices/USN-6574-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", + "https://www.cve.org/CVERecord?id=CVE-2023-39325" + ], + "PublishedDate": "2023-10-11T22:15:09.88Z", + "LastModifiedDate": "2024-11-21T08:15:09.627Z" + }, + { + "VulnerabilityID": "CVE-2023-45283", + "VendorIDs": [ + "GO-2023-2185" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.20.11, 1.21.4, 1.20.12, 1.21.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:44b6a2cdc290ca9914b14d7d4d12661509f47e2642509751884b8b0972c1603c", + "Title": "The filepath package does not recognize paths with a \\??\\ prefix as sp ...", + "Description": "The filepath package does not recognize paths with a \\??\\ prefix as special. On Windows, a path beginning with \\??\\ is a Root Local Device path equivalent to a path beginning with \\\\?\\. Paths with a \\??\\ prefix may be used to access arbitrary locations on the system. For example, the path \\??\\c:\\x is equivalent to the more common path c:\\x. Before fix, Clean could convert a rooted path such as \\a\\..\\??\\b into the root local device path \\??\\b. Clean will now convert this to .\\??\\b. Similarly, Join(\\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \\??\\b. Join will now convert this to \\.\\??\\b. In addition, with fix, IsAbs now correctly reports paths beginning with \\??\\ as absolute, and VolumeName correctly reports the \\??\\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \\?, resulting in filepath.Clean(\\?\\c:) returning \\?\\c: rather than \\?\\c:\\ (among other effects). The previous behavior has been restored.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "amazon": 2, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "photon": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/12/05/2", + "https://go.dev/cl/540277", + "https://go.dev/cl/541175", + "https://go.dev/issue/63713", + "https://go.dev/issue/64028", + "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY", + "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45283", + "https://pkg.go.dev/vuln/GO-2023-2185", + "https://security.netapp.com/advisory/ntap-20231214-0008/" + ], + "PublishedDate": "2023-11-09T17:15:08.757Z", + "LastModifiedDate": "2024-11-21T08:26:41.567Z" + }, + { + "VulnerabilityID": "CVE-2023-45288", + "VendorIDs": [ + "GHSA-4v7x-pqxf-cx7m", + "GO-2024-2687" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.21.9, 1.22.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6152ab42d03e71959bd291094d7fc0cd9e8847046ea7a751791999f1b0c6d846", + "Title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", + "Description": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/04/03/16", + "http://www.openwall.com/lists/oss-security/2024/04/05/4", + "https://access.redhat.com/errata/RHSA-2024:2724", + "https://access.redhat.com/security/cve/CVE-2023-45288", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268018", + "https://bugzilla.redhat.com/2268019", + "https://bugzilla.redhat.com/2268273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://errata.almalinux.org/9/ALSA-2024-2724.html", + "https://errata.rockylinux.org/RLSA-2024:2724", + "https://go.dev/cl/576155", + "https://go.dev/issue/65051", + "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M", + "https://kb.cert.org/vuls/id/421644", + "https://linux.oracle.com/cve/CVE-2023-45288.html", + "https://linux.oracle.com/errata/ELSA-2024-3346.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/", + "https://nowotarski.info/http2-continuation-flood-technical-details", + "https://nowotarski.info/http2-continuation-flood/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45288", + "https://pkg.go.dev/vuln/GO-2024-2687", + "https://security.netapp.com/advisory/ntap-20240419-0009", + "https://security.netapp.com/advisory/ntap-20240419-0009/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2023-45288", + "https://www.kb.cert.org/vuls/id/421644" + ], + "PublishedDate": "2024-04-04T21:15:16.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-34156", + "VendorIDs": [ + "GO-2024-3106" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.22.7, 1.23.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34156", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:eba67e03e9aada70f06c121d7fff30e0ff4ab2dce6ea58a03abed22727968d1b", + "Title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion", + "Description": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:3773", + "https://access.redhat.com/security/cve/CVE-2024-34156", + "https://bugzilla.redhat.com/2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.almalinux.org/9/ALSA-2025-3773.html", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7)", + "https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1)", + "https://go.dev/cl/611239", + "https://go.dev/issue/69139", + "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", + "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", + "https://linux.oracle.com/cve/CVE-2024-34156.html", + "https://linux.oracle.com/errata/ELSA-2025-3773.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-34156", + "https://pkg.go.dev/vuln/GO-2024-3106", + "https://security.netapp.com/advisory/ntap-20240926-0004/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-34156" + ], + "PublishedDate": "2024-09-06T21:15:12.02Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61726", + "VendorIDs": [ + "GO-2026-4341" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:77f9f45fdbae5040b5ea22dc357e5c83a6d13ed554c78d6f4bef9757454d39c9", + "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", + "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 3, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-61726", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://go.dev/cl/736712", + "https://go.dev/issue/77101", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61726.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", + "https://pkg.go.dev/vuln/GO-2026-4341", + "https://www.cve.org/CVERecord?id=CVE-2025-61726" + ], + "PublishedDate": "2026-01-28T20:16:09.713Z", + "LastModifiedDate": "2026-02-06T18:47:34.52Z" + }, + { + "VulnerabilityID": "CVE-2025-61729", + "VendorIDs": [ + "GO-2025-4155" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e901cbbda71512a2075a8bb04b0d3bba7ca5b604479a0509437ef8d82f58168f", + "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", + "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 1, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3928", + "https://access.redhat.com/security/cve/CVE-2025-61729", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3928.html", + "https://errata.rockylinux.org/RLSA-2026:3928", + "https://go.dev/cl/725920", + "https://go.dev/issue/76445", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://linux.oracle.com/cve/CVE-2025-61729.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", + "https://pkg.go.dev/vuln/GO-2025-4155", + "https://www.cve.org/CVERecord?id=CVE-2025-61729" + ], + "PublishedDate": "2025-12-02T19:15:51.447Z", + "LastModifiedDate": "2025-12-19T18:25:28.283Z" + }, + { + "VulnerabilityID": "CVE-2026-25679", + "VendorIDs": [ + "GO-2026-4601" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1f2b7547367c55cc2a9963601256771a5652d769457be9befd9467c8506aaa60", + "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", + "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-425" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9044", + "https://access.redhat.com/security/cve/CVE-2026-25679", + "https://bugzilla.redhat.com/2445356", + "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", + "https://errata.almalinux.org/9/ALSA-2026-9044.html", + "https://errata.rockylinux.org/RLSA-2026:8841", + "https://go.dev/cl/752180", + "https://go.dev/issue/77578", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://linux.oracle.com/cve/CVE-2026-25679.html", + "https://linux.oracle.com/errata/ELSA-2026-9044.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", + "https://pkg.go.dev/vuln/GO-2026-4601", + "https://www.cve.org/CVERecord?id=CVE-2026-25679" + ], + "PublishedDate": "2026-03-06T22:16:00.72Z", + "LastModifiedDate": "2026-04-21T14:43:03.8Z" + }, + { + "VulnerabilityID": "CVE-2026-32280", + "VendorIDs": [ + "GO-2026-4947" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6fc5fa68b5fe369bb5a0d85e61a313feac842a106caff8647cfab8a6d24e5f95", + "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", + "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32280", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/758320", + "https://go.dev/issue/78282", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32280.html", + "https://linux.oracle.com/errata/ELSA-2026-16875.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", + "https://pkg.go.dev/vuln/GO-2026-4947", + "https://www.cve.org/CVERecord?id=CVE-2026-32280" + ], + "PublishedDate": "2026-04-08T02:16:03.247Z", + "LastModifiedDate": "2026-04-16T19:16:42.18Z" + }, + { + "VulnerabilityID": "CVE-2026-32281", + "VendorIDs": [ + "GO-2026-4946" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3e485dc855e7e490665d0dae45de39d95f50f1defbf1c287a1c368dfee4a4c75", + "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", + "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32281", + "https://go.dev/cl/758061", + "https://go.dev/issue/78281", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", + "https://pkg.go.dev/vuln/GO-2026-4946", + "https://www.cve.org/CVERecord?id=CVE-2026-32281" + ], + "PublishedDate": "2026-04-08T02:16:03.35Z", + "LastModifiedDate": "2026-04-16T19:15:57.75Z" + }, + { + "VulnerabilityID": "CVE-2026-32283", + "VendorIDs": [ + "GO-2026-4870" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d612bc4fa5eb5185dff410041963df6c68202e68a5d1be80a077816421e1b4b8", + "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", + "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32283", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763767", + "https://go.dev/issue/78334", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32283.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", + "https://pkg.go.dev/vuln/GO-2026-4870", + "https://www.cve.org/CVERecord?id=CVE-2026-32283" + ], + "PublishedDate": "2026-04-08T02:16:03.58Z", + "LastModifiedDate": "2026-04-16T19:12:10.54Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d7e82490b5cc909a98ab89fc999e166f7c5cc09c66cae876d6b32212f26a21ca", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:11b006492709143ef82d5a537215ca74de0c23089100d4bbd55a61b57a843262", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:40a907d338f1e8788266347a567488b537ce5bc0ce7f9111f0681f75988f7534", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e107e12593298515cdbb599d863dcf0962127bc746e7b278bfbd198ca51a1f66", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d945ef631c6080fe2656c79f71147fc8255a945f38b62d7fb7f41613860fd694", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2023-24532", + "VendorIDs": [ + "GO-2023-1621" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.19.7, 1.20.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24532", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2d95b0cfb42d8a996eddfc36598e3d3c2324e52b6fa9d459f130038ff387044c", + "Title": "golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results", + "Description": "The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-682" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-24532", + "https://go.dev/cl/471255", + "https://go.dev/issue/58647", + "https://groups.google.com/g/golang-announce/c/3-TpUx48iQY", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24532", + "https://pkg.go.dev/vuln/GO-2023-1621", + "https://security.netapp.com/advisory/ntap-20230331-0011/", + "https://www.cve.org/CVERecord?id=CVE-2023-24532" + ], + "PublishedDate": "2023-03-08T20:15:09.413Z", + "LastModifiedDate": "2024-11-21T07:48:04.383Z" + }, + { + "VulnerabilityID": "CVE-2023-29406", + "VendorIDs": [ + "GO-2023-1878" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.19.11, 1.20.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29406", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ea3bace34e969279606b6d1d5b5bbd238065cff2b1a2a6ed13c1f47c8e21ea7e", + "Title": "golang: net/http: insufficient sanitization of Host header", + "Description": "The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-436" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-29406", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2242871", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:7202", + "https://github.com/golang/go/commit/312920c00aac9897b2a0693e752390b5b0711a5a (go1.20.6)", + "https://github.com/golang/go/commit/5fa6923b1ea891400153d04ddf1545e23b40041b (go1.19.11)", + "https://github.com/golang/go/issues/60374", + "https://go.dev/cl/506996", + "https://go.dev/issue/60374", + "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0", + "https://linux.oracle.com/cve/CVE-2023-29406.html", + "https://linux.oracle.com/errata/ELSA-2023-7202.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29406", + "https://pkg.go.dev/vuln/GO-2023-1878", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230814-0002/", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29406" + ], + "PublishedDate": "2023-07-11T20:15:10.643Z", + "LastModifiedDate": "2024-11-21T07:56:59.913Z" + }, + { + "VulnerabilityID": "CVE-2023-29409", + "VendorIDs": [ + "GO-2023-1987" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.19.12, 1.20.7, 1.21.0-rc.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29409", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:73deed3e34a1ed1433cfa8046506210b7183fdacd5718d2db88df5a925ea7d88", + "Title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys", + "Description": "Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to \u003c= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:7766", + "https://access.redhat.com/security/cve/CVE-2023-29409", + "https://bugzilla.redhat.com/2228743", + "https://bugzilla.redhat.com/2237773", + "https://bugzilla.redhat.com/2237776", + "https://bugzilla.redhat.com/2237777", + "https://bugzilla.redhat.com/2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", + "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", + "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", + "https://errata.almalinux.org/9/ALSA-2023-7766.html", + "https://errata.rockylinux.org/RLSA-2024:2988", + "https://go.dev/cl/515257", + "https://go.dev/issue/61460", + "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ", + "https://linux.oracle.com/cve/CVE-2023-29409.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29409", + "https://pkg.go.dev/vuln/GO-2023-1987", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230831-0010/", + "https://www.cve.org/CVERecord?id=CVE-2023-29409" + ], + "PublishedDate": "2023-08-02T20:15:11.94Z", + "LastModifiedDate": "2024-11-21T07:57:00.287Z" + }, + { + "VulnerabilityID": "CVE-2023-39318", + "VendorIDs": [ + "GO-2023-2041" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.20.8, 1.21.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39318", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d06344db7fe057bb732278939563bc75dc42e692d83e0c59418f1774074fbd2b", + "Title": "golang: html/template: improper handling of HTML-like comments within script contexts", + "Description": "The html/template package does not properly handle HTML-like \"\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2160", + "https://access.redhat.com/security/cve/CVE-2023-39318", + "https://bugzilla.redhat.com/2237773", + "https://bugzilla.redhat.com/2237776", + "https://bugzilla.redhat.com/2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", + "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", + "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", + "https://errata.almalinux.org/9/ALSA-2024-2160.html", + "https://errata.rockylinux.org/RLSA-2024:2988", + "https://github.com/golang/go/commit/023b542edf38e2a1f87fcefb9f75ff2f99401b4c (go1.20.8)", + "https://github.com/golang/go/commit/b0e1d3ea26e8e8fce7726690c9ef0597e60739fb (go1.21.1)", + "https://go.dev/cl/526156", + "https://go.dev/issue/62196", + "https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM", + "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", + "https://linux.oracle.com/cve/CVE-2023-39318.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-39318", + "https://pkg.go.dev/vuln/GO-2023-2041", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20231020-0009/", + "https://ubuntu.com/security/notices/USN-6574-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://vuln.go.dev/ID/GO-2023-2041.json", + "https://www.cve.org/CVERecord?id=CVE-2023-39318" + ], + "PublishedDate": "2023-09-08T17:15:27.823Z", + "LastModifiedDate": "2024-11-21T08:15:08.737Z" + }, + { + "VulnerabilityID": "CVE-2023-39319", + "VendorIDs": [ + "GO-2023-2043" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.20.8, 1.21.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39319", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:90853f2b8da7b67fe3c5c7a0268c1101ec9d4132a1c7822b08eae1070dcb5997", + "Title": "golang: html/template: improper handling of special tags within script contexts", + "Description": "The html/template package does not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2160", + "https://access.redhat.com/security/cve/CVE-2023-39319", + "https://bugzilla.redhat.com/2237773", + "https://bugzilla.redhat.com/2237776", + "https://bugzilla.redhat.com/2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", + "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", + "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", + "https://errata.almalinux.org/9/ALSA-2024-2160.html", + "https://errata.rockylinux.org/RLSA-2024:2988", + "https://github.com/golang/go/commit/2070531d2f53df88e312edace6c8dfc9686ab2f5 (go1.20.8)", + "https://github.com/golang/go/commit/bbd043ff0d6d59f1a9232d31ecd5eacf6507bf6a (go1.21.1)", + "https://go.dev/cl/526157", + "https://go.dev/issue/62197", + "https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM", + "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", + "https://linux.oracle.com/cve/CVE-2023-39319.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-39319", + "https://pkg.go.dev/vuln/GO-2023-2043", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20231020-0009/", + "https://ubuntu.com/security/notices/USN-6574-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://vuln.go.dev/ID/GO-2023-2043.json", + "https://www.cve.org/CVERecord?id=CVE-2023-39319" + ], + "PublishedDate": "2023-09-08T17:15:27.91Z", + "LastModifiedDate": "2024-11-21T08:15:08.89Z" + }, + { + "VulnerabilityID": "CVE-2023-39326", + "VendorIDs": [ + "GO-2023-2382" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.20.12, 1.21.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39326", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c99ad590fd664a18edc8895cad73c926e5ee41302668d5124674fb87086c6edd", + "Title": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests", + "Description": "A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2272", + "https://access.redhat.com/security/cve/CVE-2023-39326", + "https://bugzilla.redhat.com/2253193", + "https://bugzilla.redhat.com/2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", + "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", + "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", + "https://errata.almalinux.org/9/ALSA-2024-2272.html", + "https://errata.rockylinux.org/RLSA-2024:2988", + "https://github.com/golang/go/commit/6446af942e2e2b161c4ec1b60d9703a2b55dc4dd (go1.20.12)", + "https://github.com/golang/go/commit/ec8c526e4be720e94b98ca509e6364f0efaf28f7 (go1.21.5)", + "https://go.dev/cl/547335", + "https://go.dev/issue/64433", + "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", + "https://linux.oracle.com/cve/CVE-2023-39326.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIU6HOGV6RRIKWM57LOXQA75BGZSIH6G/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-39326", + "https://pkg.go.dev/vuln/GO-2023-2382", + "https://ubuntu.com/security/notices/USN-6574-1", + "https://www.cve.org/CVERecord?id=CVE-2023-39326" + ], + "PublishedDate": "2023-12-06T17:15:07.147Z", + "LastModifiedDate": "2024-11-21T08:15:09.89Z" + }, + { + "VulnerabilityID": "CVE-2023-45284", + "VendorIDs": [ + "GO-2023-2186" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.20.11, 1.21.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45284", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:28e01f466e0def344f7b91a245b41c454544467aa4aa115f800f7ed44aed7bc3", + "Title": "On Windows, The IsLocal function does not correctly detect reserved de ...", + "Description": "On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as \"COM1 \", and reserved names \"COM\" and \"LPT\" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "photon": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/540277", + "https://go.dev/issue/63713", + "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45284", + "https://pkg.go.dev/vuln/GO-2023-2186" + ], + "PublishedDate": "2023-11-09T17:15:08.813Z", + "LastModifiedDate": "2024-11-21T08:26:41.737Z" + }, + { + "VulnerabilityID": "CVE-2023-45289", + "VendorIDs": [ + "GO-2024-2600" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:aa2846b37786db8965607176624b786819f99a86e62d295cbcbe9928560c6e89", + "Title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", + "Description": "When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:2724", + "https://access.redhat.com/security/cve/CVE-2023-45289", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268018", + "https://bugzilla.redhat.com/2268019", + "https://bugzilla.redhat.com/2268273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://errata.almalinux.org/9/ALSA-2024-2724.html", + "https://errata.rockylinux.org/RLSA-2024:2724", + "https://github.com/golang/go/commit/20586c0dbe03d144f914155f879fa5ee287591a1 (go1.21.8)", + "https://github.com/golang/go/commit/3a855208e3efed2e9d7c20ad023f1fa78afcc0be (go1.22.1)", + "https://github.com/golang/go/issues/65065", + "https://go.dev/cl/569340", + "https://go.dev/issue/65065", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2023-45289.html", + "https://linux.oracle.com/errata/ELSA-2024-3346.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", + "https://pkg.go.dev/vuln/GO-2024-2600", + "https://security.netapp.com/advisory/ntap-20240329-0006/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://www.cve.org/CVERecord?id=CVE-2023-45289" + ], + "PublishedDate": "2024-03-05T23:15:07.137Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2023-45290", + "VendorIDs": [ + "GO-2024-2599" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45290", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:431ced200b22b615a696af874a78d1c24054ebd030ad017450f2da71b65ded44", + "Title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", + "Description": "When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:9135", + "https://access.redhat.com/security/cve/CVE-2023-45290", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268022", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://errata.almalinux.org/9/ALSA-2024-9135.html", + "https://errata.rockylinux.org/RLSA-2024:9135", + "https://github.com/golang/go/commit/041a47712e765e94f86d841c3110c840e76d8f82 (go1.22.1)", + "https://github.com/golang/go/commit/bf80213b121074f4ad9b449410a4d13bae5e9be0 (go1.21.8)", + "https://github.com/golang/go/issues/65383", + "https://go.dev/cl/569341", + "https://go.dev/issue/65383", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2023-45290.html", + "https://linux.oracle.com/errata/ELSA-2024-8038.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45290", + "https://pkg.go.dev/vuln/GO-2024-2599", + "https://security.netapp.com/advisory/ntap-20240329-0004", + "https://security.netapp.com/advisory/ntap-20240329-0004/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2023-45290" + ], + "PublishedDate": "2024-03-05T23:15:07.21Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-24783", + "VendorIDs": [ + "GO-2024-2598" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24783", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b31b41171d4b9009f81d18bcc5541a6e3cc596cedbba8974901ae2e68c75fe42", + "Title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", + "Description": "Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:6195", + "https://access.redhat.com/security/cve/CVE-2024-24783", + "https://bugzilla.redhat.com/2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://errata.almalinux.org/9/ALSA-2024-6195.html", + "https://errata.rockylinux.org/RLSA-2024:2724", + "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp", + "https://github.com/golang/go/commit/337b8e9cbfa749d9d5c899e0dc358e2208d5e54f (go1.22.1)", + "https://github.com/golang/go/commit/be5b52bea674190ef7de272664be6c7ae93ec5a0 (go1.21.8)", + "https://github.com/golang/go/issues/65390", + "https://go.dev/cl/569339", + "https://go.dev/issue/65390", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2024-24783.html", + "https://linux.oracle.com/errata/ELSA-2024-6969.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24783", + "https://pkg.go.dev/vuln/GO-2024-2598", + "https://security.netapp.com/advisory/ntap-20240329-0005", + "https://security.netapp.com/advisory/ntap-20240329-0005/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24783" + ], + "PublishedDate": "2024-03-05T23:15:07.683Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-24784", + "VendorIDs": [ + "GO-2024-2609" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24784", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1e3d32aa2db998066382ac3b02b464d459e1898a86651d08b7fed5cd8057fb1d", + "Title": "golang: net/mail: comments in display names are incorrectly handled", + "Description": "The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:2562", + "https://access.redhat.com/security/cve/CVE-2024-24784", + "https://bugzilla.redhat.com/2262921", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268018", + "https://bugzilla.redhat.com/2268019", + "https://bugzilla.redhat.com/2268021", + "https://bugzilla.redhat.com/2268022", + "https://bugzilla.redhat.com/2268273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262921", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268021", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24784", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", + "https://errata.almalinux.org/9/ALSA-2024-2562.html", + "https://errata.rockylinux.org/RLSA-2024:2562", + "https://github.com/golang/go/commit/263c059b09fdd40d9dd945f2ecb20c89ea28efe5 (go1.21.8)", + "https://github.com/golang/go/commit/5330cd225ba54c7dc78c1b46dcdf61a4671a632c (go1.22.1)", + "https://github.com/golang/go/issues/65083", + "https://go.dev/cl/555596", + "https://go.dev/issue/65083", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2024-24784.html", + "https://linux.oracle.com/errata/ELSA-2024-6969.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24784", + "https://pkg.go.dev/vuln/GO-2024-2609", + "https://security.netapp.com/advisory/ntap-20240329-0007/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24784" + ], + "PublishedDate": "2024-03-05T23:15:07.733Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-24785", + "VendorIDs": [ + "GO-2024-2610" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24785", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:19f3ca3c79ba55894735e17fb9e78641296ad53efbe51b0fe499ea0d08f0257a", + "Title": "golang: html/template: errors returned from MarshalJSON methods may break template escaping", + "Description": "If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:9135", + "https://access.redhat.com/security/cve/CVE-2024-24785", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268022", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://errata.almalinux.org/9/ALSA-2024-9135.html", + "https://errata.rockylinux.org/RLSA-2024:9135", + "https://github.com/golang/go/commit/056b0edcb8c152152021eebf4cf42adbfbe77992 (go1.22.1)", + "https://github.com/golang/go/commit/3643147a29352ca2894fd5d0d2069bc4b4335a7e (go1.21.8)", + "https://github.com/golang/go/issues/65697", + "https://go.dev/cl/564196", + "https://go.dev/issue/65697", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2024-24785.html", + "https://linux.oracle.com/errata/ELSA-2026-3428.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24785", + "https://pkg.go.dev/vuln/GO-2024-2610", + "https://security.netapp.com/advisory/ntap-20240329-0008/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://vuln.go.dev/ID/GO-2024-2610.json", + "https://www.cve.org/CVERecord?id=CVE-2024-24785" + ], + "PublishedDate": "2024-03-05T23:15:07.777Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-24789", + "VendorIDs": [ + "GO-2024-2888" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.21.11, 1.22.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24789", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2291c23a767dc92534aeda1eb4e8430011c22697d3f1bbe1da472d08fd2e2de1", + "Title": "golang: archive/zip: Incorrect handling of certain ZIP files", + "Description": "The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/06/04/1", + "https://access.redhat.com/errata/RHSA-2024:9115", + "https://access.redhat.com/security/cve/CVE-2024-24789", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2292668", + "https://bugzilla.redhat.com/2292787", + "https://bugzilla.redhat.com/2294000", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144983", + "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", + "https://bugzilla.redhat.com/show_bug.cgi?id=2292668", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4122", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3727", + "https://errata.almalinux.org/9/ALSA-2024-9115.html", + "https://errata.rockylinux.org/RLSA-2024:9102", + "https://github.com/golang/go/commit/c8e40338cf00f3c1d86c8fb23863ad67a4c72bcc (1.21)", + "https://github.com/golang/go/commit/cf501ac0c5fe351a8582d20b43562027927906e7 (1.22)", + "https://github.com/golang/go/issues/66869", + "https://go.dev/cl/585397", + "https://go.dev/issue/66869", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", + "https://linux.oracle.com/cve/CVE-2024-24789.html", + "https://linux.oracle.com/errata/ELSA-2024-9115.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24789", + "https://pkg.go.dev/vuln/GO-2024-2888", + "https://security.netapp.com/advisory/ntap-20250131-0008/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24789" + ], + "PublishedDate": "2024-06-05T16:15:10.47Z", + "LastModifiedDate": "2025-01-31T15:15:12.74Z" + }, + { + "VulnerabilityID": "CVE-2024-24791", + "VendorIDs": [ + "GO-2024-2963" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.21.12, 1.22.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24791", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e81e9dfffdfe01dee83b2baa47ba187d8ad08ac89059e4bf19e79c5e3a9e9b59", + "Title": "net/http: Denial of service due to improper 100-continue handling in net/http", + "Description": "The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an \"Expect: 100-continue\" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending \"Expect: 100-continue\" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7256", + "https://access.redhat.com/security/cve/CVE-2024-24791", + "https://bugzilla.redhat.com/2237777", + "https://bugzilla.redhat.com/2237778", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2292787", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/2315719", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", + "https://errata.almalinux.org/9/ALSA-2025-7256.html", + "https://errata.rockylinux.org/RLSA-2025:7256", + "https://go.dev/cl/591255", + "https://go.dev/issue/67555", + "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ", + "https://linux.oracle.com/cve/CVE-2024-24791.html", + "https://linux.oracle.com/errata/ELSA-2025-7256.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24791", + "https://pkg.go.dev/vuln/GO-2024-2963", + "https://security.netapp.com/advisory/ntap-20241004-0004/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24791" + ], + "PublishedDate": "2024-07-02T22:15:04.833Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-34155", + "VendorIDs": [ + "GO-2024-3105" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.22.7, 1.23.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34155", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8d0ea999f216e275ce0f79df94bbaf05d432af22ee744a1928acb690e084e350", + "Title": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion", + "Description": "Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:9459", + "https://access.redhat.com/security/cve/CVE-2024-34155", + "https://bugzilla.redhat.com/2310527", + "https://bugzilla.redhat.com/2310528", + "https://bugzilla.redhat.com/2310529", + "https://bugzilla.redhat.com/2315691", + "https://bugzilla.redhat.com/2315887", + "https://bugzilla.redhat.com/2317458", + "https://bugzilla.redhat.com/2317467", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", + "https://errata.almalinux.org/9/ALSA-2024-9459.html", + "https://errata.rockylinux.org/RLSA-2024:8039", + "https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1)", + "https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7)", + "https://go.dev/cl/611238", + "https://go.dev/issue/69138", + "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", + "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", + "https://linux.oracle.com/cve/CVE-2024-34155.html", + "https://linux.oracle.com/errata/ELSA-2024-9459.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-34155", + "https://pkg.go.dev/vuln/GO-2024-3105", + "https://security.netapp.com/advisory/ntap-20240926-0005/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-34155" + ], + "PublishedDate": "2024-09-06T21:15:11.947Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-34158", + "VendorIDs": [ + "GO-2024-3107" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.22.7, 1.23.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34158", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:94e55c76d2183a6e39acdf27ba1ef903eaf5bd4f88dbf43423f4202b9d85db1f", + "Title": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion", + "Description": "Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7118", + "https://access.redhat.com/security/cve/CVE-2024-34158", + "https://bugzilla.redhat.com/2262921", + "https://bugzilla.redhat.com/2310529", + "https://bugzilla.redhat.com/2315719", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", + "https://errata.almalinux.org/9/ALSA-2025-7118.html", + "https://errata.rockylinux.org/RLSA-2024:8039", + "https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1)", + "https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7)", + "https://go.dev/cl/611240", + "https://go.dev/issue/69141", + "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", + "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", + "https://linux.oracle.com/cve/CVE-2024-34158.html", + "https://linux.oracle.com/errata/ELSA-2025-7118.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-34158", + "https://pkg.go.dev/vuln/GO-2024-3107", + "https://security.netapp.com/advisory/ntap-20241004-0003/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-34158" + ], + "PublishedDate": "2024-09-06T21:15:12.083Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-45336", + "VendorIDs": [ + "GO-2025-3420" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c5133c8b05d3c8b38b644648d714dcd2d4329acee3d910478cf00901dfdb9cfa", + "Title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", + "Description": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:3772", + "https://access.redhat.com/security/cve/CVE-2024-45336", + "https://bugzilla.redhat.com/2341750", + "https://bugzilla.redhat.com/2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.almalinux.org/8/ALSA-2025-3772.html", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/issues/70530", + "https://go.dev/cl/643100", + "https://go.dev/issue/70530", + "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI", + "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", + "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", + "https://linux.oracle.com/cve/CVE-2024-45336.html", + "https://linux.oracle.com/errata/ELSA-2025-7592.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-45336", + "https://pkg.go.dev/vuln/GO-2025-3420", + "https://security.netapp.com/advisory/ntap-20250221-0003/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2024-45336" + ], + "PublishedDate": "2025-01-28T02:15:28.807Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-0913", + "VendorIDs": [ + "GO-2025-3750" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:813b40915153ccbe85e93542b343fe34b85012ce8879b41948ba38d8efbdf5d5", + "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", + "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://go.dev/cl/672396", + "https://go.dev/issue/73702", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", + "https://pkg.go.dev/vuln/GO-2025-3750" + ], + "PublishedDate": "2025-06-11T18:15:24.627Z", + "LastModifiedDate": "2025-08-08T14:53:03.55Z" + }, + { + "VulnerabilityID": "CVE-2025-22866", + "VendorIDs": [ + "GO-2025-3447" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:77f86765528adb03b1f775d6ac89c20f7ffa83fcc5128f5b14456bc35102a749", + "Title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", + "Description": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22866", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12)", + "https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6)", + "https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)", + "https://github.com/golang/go/issues/71383", + "https://go.dev/cl/643735", + "https://go.dev/issue/71383", + "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", + "https://linux.oracle.com/cve/CVE-2025-22866.html", + "https://linux.oracle.com/errata/ELSA-2025-7466.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22866", + "https://pkg.go.dev/vuln/GO-2025-3447", + "https://security.netapp.com/advisory/ntap-20250221-0002/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22866" + ], + "PublishedDate": "2025-02-06T17:15:21.41Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22870", + "VendorIDs": [ + "GHSA-qxp5-gwg8-xv66", + "GO-2025-3503" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.23.7, 1.24.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:772bb2e56aab5c095bcf2c048fe2a6b6638248e36cf8c4ef43858b0433a266c7", + "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", + "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-115" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/03/07/2", + "https://access.redhat.com/security/cve/CVE-2025-22870", + "https://github.com/golang/go/issues/71984", + "https://go-review.googlesource.com/q/project:net", + "https://go.dev/cl/654697", + "https://go.dev/issue/71984", + "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", + "https://pkg.go.dev/vuln/GO-2025-3503", + "https://security.netapp.com/advisory/ntap-20250509-0007", + "https://security.netapp.com/advisory/ntap-20250509-0007/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22870" + ], + "PublishedDate": "2025-03-12T19:15:38.31Z", + "LastModifiedDate": "2026-04-16T23:16:32.86Z" + }, + { + "VulnerabilityID": "CVE-2025-22871", + "VendorIDs": [ + "GO-2025-3563" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.23.8, 1.24.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:0f047058bc84b11b3c6c2e33c6e3d9b1d0720b9a45fc40f1e4f15561ce892754", + "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", + "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 3, + "ghsa": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/04/4", + "https://access.redhat.com/errata/RHSA-2025:9635", + "https://access.redhat.com/security/cve/CVE-2025-22871", + "https://bugzilla.redhat.com/2358493", + "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", + "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", + "https://errata.almalinux.org/9/ALSA-2025-9635.html", + "https://errata.rockylinux.org/RLSA-2025:9635", + "https://github.com/roadrunner-server/roadrunner", + "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", + "https://github.com/roadrunner-server/roadrunner/issues/2166", + "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", + "https://go.dev/cl/652998", + "https://go.dev/issue/71988", + "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", + "https://linux.oracle.com/cve/CVE-2025-22871.html", + "https://linux.oracle.com/errata/ELSA-2025-9845.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", + "https://pkg.go.dev/vuln/GO-2025-3563", + "https://www.cve.org/CVERecord?id=CVE-2025-22871" + ], + "PublishedDate": "2025-04-08T20:15:20.183Z", + "LastModifiedDate": "2026-05-12T13:16:39.897Z" + }, + { + "VulnerabilityID": "CVE-2025-22873", + "VendorIDs": [ + "GO-2026-4403" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.23.9, 1.24.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6bb8c24f857f23e043985ec6f09242ee3681b3430853af63099f6b73a93b86b1", + "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", + "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-23" + ], + "VendorSeverity": { + "amazon": 2, + "bitnami": 1, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "V3Score": 3.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/06/2", + "https://access.redhat.com/security/cve/CVE-2025-22873", + "https://go.dev/cl/670036", + "https://go.dev/issue/73555", + "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", + "https://pkg.go.dev/vuln/GO-2026-4403", + "https://www.cve.org/CVERecord?id=CVE-2025-22873" + ], + "PublishedDate": "2026-02-04T23:15:54.22Z", + "LastModifiedDate": "2026-02-10T15:16:40.057Z" + }, + { + "VulnerabilityID": "CVE-2025-4673", + "VendorIDs": [ + "GO-2025-3751" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2fa39b37a2c35a7d569e4e7acfb5fc755f1e58c5517d208f0f49cface6d75d80", + "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", + "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:15887", + "https://access.redhat.com/security/cve/CVE-2025-4673", + "https://bugzilla.redhat.com/2373305", + "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", + "https://errata.almalinux.org/9/ALSA-2025-15887.html", + "https://errata.rockylinux.org/RLSA-2025:15887", + "https://go.dev/cl/679257", + "https://go.dev/issue/73816", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://linux.oracle.com/cve/CVE-2025-4673.html", + "https://linux.oracle.com/errata/ELSA-2025-10677.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", + "https://pkg.go.dev/vuln/GO-2025-3751", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-4673" + ], + "PublishedDate": "2025-06-11T17:15:42.993Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-47906", + "VendorIDs": [ + "GO-2025-3956" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9bdaea9dbc3788cce4b32ff32848f3b953abc92a8cd76719e51851eb4832209a", + "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", + "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:22005", + "https://access.redhat.com/security/cve/CVE-2025-47906", + "https://bugzilla.redhat.com/2396546", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", + "https://errata.almalinux.org/9/ALSA-2025-22005.html", + "https://errata.rockylinux.org/RLSA-2025:22005", + "https://go.dev/cl/691775", + "https://go.dev/issue/74466", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47906.html", + "https://linux.oracle.com/errata/ELSA-2025-22668.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", + "https://pkg.go.dev/vuln/GO-2025-3956", + "https://www.cve.org/CVERecord?id=CVE-2025-47906" + ], + "PublishedDate": "2025-09-18T19:15:37.66Z", + "LastModifiedDate": "2026-01-27T19:56:17.707Z" + }, + { + "VulnerabilityID": "CVE-2025-47907", + "VendorIDs": [ + "GO-2025-3849" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8a7777591a9f6ca36ba932c3debb690a68181a218ac32fac0df1cbd50f93397b", + "Title": "database/sql: Postgres Scan Race Condition", + "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:20909", + "https://access.redhat.com/security/cve/CVE-2025-47907", + "https://bugzilla.redhat.com/2387083", + "https://bugzilla.redhat.com/2393152", + "https://errata.almalinux.org/9/ALSA-2025-20909.html", + "https://go.dev/cl/693735", + "https://go.dev/issue/74831", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47907.html", + "https://linux.oracle.com/errata/ELSA-2025-20983.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", + "https://pkg.go.dev/vuln/GO-2025-3849", + "https://www.cve.org/CVERecord?id=CVE-2025-47907" + ], + "PublishedDate": "2025-08-07T16:15:30.357Z", + "LastModifiedDate": "2026-01-29T19:11:50.67Z" + }, + { + "VulnerabilityID": "CVE-2025-47912", + "VendorIDs": [ + "GO-2025-4010" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:83cbe5a24421123452023de238572cb8ab9c00df7e76ab2f23d3d9d298fe04ab", + "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", + "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-47912", + "https://go.dev/cl/709857", + "https://go.dev/issue/75678", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", + "https://pkg.go.dev/vuln/GO-2025-4010", + "https://www.cve.org/CVERecord?id=CVE-2025-47912" + ], + "PublishedDate": "2025-10-29T23:16:18.187Z", + "LastModifiedDate": "2026-01-29T13:57:18.69Z" + }, + { + "VulnerabilityID": "CVE-2025-58183", + "VendorIDs": [ + "GO-2025-4014" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3d7a30ab2067439f8e4ac7fcbb56da84cd0b67e0eb5dee3cff760c994c9b8cb7", + "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", + "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/errata/RHSA-2026:1381", + "https://access.redhat.com/security/cve/CVE-2025-58183", + "https://bugzilla.redhat.com/2407258", + "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", + "https://errata.almalinux.org/9/ALSA-2026-1381.html", + "https://errata.rockylinux.org/RLSA-2025:23326", + "https://go.dev/cl/709861", + "https://go.dev/issue/75677", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://linux.oracle.com/cve/CVE-2025-58183.html", + "https://linux.oracle.com/errata/ELSA-2026-50076.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", + "https://pkg.go.dev/vuln/GO-2025-4014", + "https://www.cve.org/CVERecord?id=CVE-2025-58183" + ], + "PublishedDate": "2025-10-29T23:16:19.357Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-58185", + "VendorIDs": [ + "GO-2025-4011" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:51decae7d0edf8d3d80cafdc3e4dbca25dad10bec6e00a62a41cc11429ffed20", + "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", + "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58185", + "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", + "https://go.dev/cl/709856", + "https://go.dev/issue/75671", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", + "https://pkg.go.dev/vuln/GO-2025-4011", + "https://www.cve.org/CVERecord?id=CVE-2025-58185" + ], + "PublishedDate": "2025-10-29T23:16:19.45Z", + "LastModifiedDate": "2026-02-06T20:26:41.997Z" + }, + { + "VulnerabilityID": "CVE-2025-58187", + "VendorIDs": [ + "GO-2025-4007" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.24.9, 1.25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4c07664475ad95c3980bb0b06eb024754b81d2dd97b9866a65f5fcc3794133f1", + "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", + "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58187", + "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", + "https://go.dev/cl/709854", + "https://go.dev/issue/75681", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", + "https://pkg.go.dev/vuln/GO-2025-4007", + "https://www.cve.org/CVERecord?id=CVE-2025-58187" + ], + "PublishedDate": "2025-10-29T23:16:19.643Z", + "LastModifiedDate": "2026-01-29T16:02:27.08Z" + }, + { + "VulnerabilityID": "CVE-2025-58188", + "VendorIDs": [ + "GO-2025-4013" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:71d13511d25f9270ac562a8d652773ef35beb469a51f8ec9a3e0c946d42e2bc0", + "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", + "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58188", + "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", + "https://go.dev/cl/709853", + "https://go.dev/issue/75675", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", + "https://pkg.go.dev/vuln/GO-2025-4013", + "https://www.cve.org/CVERecord?id=CVE-2025-58188" + ], + "PublishedDate": "2025-10-29T23:16:19.74Z", + "LastModifiedDate": "2026-01-29T15:55:11.97Z" + }, + { + "VulnerabilityID": "CVE-2025-58189", + "VendorIDs": [ + "GO-2025-4008" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bc1af84fd94d0d3cab009b9d97c07194d6536788531faed8aa644fc924411d39", + "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", + "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-532" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58189", + "https://go.dev/cl/707776", + "https://go.dev/issue/75652", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", + "https://pkg.go.dev/vuln/GO-2025-4008", + "https://www.cve.org/CVERecord?id=CVE-2025-58189" + ], + "PublishedDate": "2025-10-29T23:16:19.833Z", + "LastModifiedDate": "2026-01-29T15:49:24.543Z" + }, + { + "VulnerabilityID": "CVE-2025-61723", + "VendorIDs": [ + "GO-2025-4009" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:25288e28ecaf1ed07f58174624c90065ebe6f874a8f81123fa949358d55f306a", + "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", + "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61723", + "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", + "https://go.dev/cl/709858", + "https://go.dev/issue/75676", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", + "https://pkg.go.dev/vuln/GO-2025-4009", + "https://www.cve.org/CVERecord?id=CVE-2025-61723" + ], + "PublishedDate": "2025-10-29T23:16:19.927Z", + "LastModifiedDate": "2026-01-29T15:49:05.343Z" + }, + { + "VulnerabilityID": "CVE-2025-61724", + "VendorIDs": [ + "GO-2025-4015" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7260730f163b48142032ad66132f60a65ecda81a5231e2dbed568ca851e75e15", + "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", + "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61724", + "https://go.dev/cl/709859", + "https://go.dev/issue/75716", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", + "https://pkg.go.dev/vuln/GO-2025-4015", + "https://www.cve.org/CVERecord?id=CVE-2025-61724" + ], + "PublishedDate": "2025-10-29T23:16:20.02Z", + "LastModifiedDate": "2026-01-29T15:30:53.69Z" + }, + { + "VulnerabilityID": "CVE-2025-61725", + "VendorIDs": [ + "GO-2025-4006" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4626c23dfdd831854d5eeff03c22ece80190119dabc7e5be66c37cbbe9159e9d", + "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", + "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61725", + "https://go.dev/cl/709860", + "https://go.dev/issue/75680", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", + "https://pkg.go.dev/vuln/GO-2025-4006", + "https://www.cve.org/CVERecord?id=CVE-2025-61725" + ], + "PublishedDate": "2025-10-29T23:16:20.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61727", + "VendorIDs": [ + "GO-2025-4175" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:417e58a69435a4c32bb4165f76044538dc9b672c552a761996635b55b3fafa13", + "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", + "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61727", + "https://go.dev/cl/723900", + "https://go.dev/issue/76442", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", + "https://pkg.go.dev/vuln/GO-2025-4175", + "https://www.cve.org/CVERecord?id=CVE-2025-61727" + ], + "PublishedDate": "2025-12-03T20:16:25.607Z", + "LastModifiedDate": "2025-12-18T20:15:10.957Z" + }, + { + "VulnerabilityID": "CVE-2025-61728", + "VendorIDs": [ + "GO-2026-4342" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:91924d1ba26219581a0a4302fe3bd303da513f6cbde113a3b0aaa1bf621e127d", + "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", + "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/15/4", + "https://access.redhat.com/errata/RHSA-2026:3753", + "https://access.redhat.com/security/cve/CVE-2025-61728", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434431", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3753.html", + "https://errata.rockylinux.org/RLSA-2026:3337", + "https://go.dev/cl/736713", + "https://go.dev/issue/77102", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61728.html", + "https://linux.oracle.com/errata/ELSA-2026-4672.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", + "https://pkg.go.dev/vuln/GO-2026-4342", + "https://www.cve.org/CVERecord?id=CVE-2025-61728" + ], + "PublishedDate": "2026-01-28T20:16:09.83Z", + "LastModifiedDate": "2026-02-06T18:45:10.42Z" + }, + { + "VulnerabilityID": "CVE-2025-61730", + "VendorIDs": [ + "GO-2026-4340" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e298be8f5dbd672b6ff395b09ef49bb1931d8d91344d24dccd013f1339721644", + "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", + "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "bitnami": 2, + "cbl-mariner": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61730", + "https://go.dev/cl/724120", + "https://go.dev/issue/76443", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", + "https://pkg.go.dev/vuln/GO-2026-4340", + "https://www.cve.org/CVERecord?id=CVE-2025-61730" + ], + "PublishedDate": "2026-01-28T20:16:09.94Z", + "LastModifiedDate": "2026-02-03T20:36:41.3Z" + }, + { + "VulnerabilityID": "CVE-2026-27142", + "VendorIDs": [ + "GO-2026-4603" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:063d728233b2c2f8d3d95da0c633d49d630c2718488b4eeccdf677f5aa5f6d70", + "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", + "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27142", + "https://go.dev/cl/752081", + "https://go.dev/issue/77954", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", + "https://pkg.go.dev/vuln/GO-2026-4603", + "https://www.cve.org/CVERecord?id=CVE-2026-27142" + ], + "PublishedDate": "2026-03-06T22:16:01.177Z", + "LastModifiedDate": "2026-04-21T14:30:01.38Z" + }, + { + "VulnerabilityID": "CVE-2026-32282", + "VendorIDs": [ + "GO-2026-4864" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7ac3acd43c3f5a008a36ccb6012a1695dda52ca2dc4c398044d7992afdbf6d57", + "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", + "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32282", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763761", + "https://go.dev/issue/78293", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32282.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", + "https://pkg.go.dev/vuln/GO-2026-4864", + "https://www.cve.org/CVERecord?id=CVE-2026-32282" + ], + "PublishedDate": "2026-04-08T02:16:03.467Z", + "LastModifiedDate": "2026-04-16T19:15:39.4Z" + }, + { + "VulnerabilityID": "CVE-2026-32288", + "VendorIDs": [ + "GO-2026-4869" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:76030144cacc1640467cb0712c6d1f57c42b9c796b3bcbb067fa3c10743571be", + "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", + "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32288", + "https://go.dev/cl/763766", + "https://go.dev/issue/78301", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", + "https://pkg.go.dev/vuln/GO-2026-4869", + "https://www.cve.org/CVERecord?id=CVE-2026-32288" + ], + "PublishedDate": "2026-04-08T02:16:03.707Z", + "LastModifiedDate": "2026-04-16T19:08:52.24Z" + }, + { + "VulnerabilityID": "CVE-2026-32289", + "VendorIDs": [ + "GO-2026-4865" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:32f47b55e3750d505f66421df87a86ad7f9d79c5af63f839b7cde85d0130fe9d", + "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", + "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32289", + "https://go.dev/cl/763762", + "https://go.dev/issue/78331", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", + "https://pkg.go.dev/vuln/GO-2026-4865", + "https://www.cve.org/CVERecord?id=CVE-2026-32289" + ], + "PublishedDate": "2026-04-08T02:16:03.82Z", + "LastModifiedDate": "2026-04-16T19:06:57.367Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3cf978cdd38051732e1a60d1d8058a903c86e921954edce339e503bc04529761", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e89110d08022c028f9c1f0909a76a4a70368f62e6196bd221ffcfe5a6161fdf7", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.20", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.20", + "UID": "14578b2201a6c352" + }, + "InstalledVersion": "v1.20", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", + "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7c839e73cf4c8172e7eab2715dbb8956ed2f517545bb98373920359e0661ef98", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "Deployment", + "Name": "hostpath-provisioner", + "Metadata": [ + { + "Size": 38462976, + "ImageID": "sha256:8a5982865ab3a663fb30ecbc7c0fd1ed1f395fabe4be2385d8a1a1bebc3a9d18", + "DiffIDs": [ + "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + ], + "RepoTags": [ + "cdkbot/hostpath-provisioner:1.5.0" + ], + "RepoDigests": [ + "cdkbot/hostpath-provisioner@sha256:ac51e50e32b70e47077fe90928a7fe4d3fc8dd49192db4932c2643c49729c2eb" + ], + "Reference": "cdkbot/hostpath-provisioner:1.5.0", + "ImageConfig": { + "architecture": "amd64", + "created": "2023-11-24T15:02:44.113520697+03:00", + "history": [ + { + "created": "2023-11-24T15:02:44.113520697+03:00", + "created_by": "COPY /hostpath-provisioner /hostpath-provisioner # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2023-11-24T15:02:44.113520697+03:00", + "created_by": "CMD [\"/hostpath-provisioner\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + ] + }, + "config": { + "Cmd": [ + "/hostpath-provisioner" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ], + "WorkingDir": "/", + "ArgsEscaped": true + } + }, + "Layers": [ + { + "Size": 38462976, + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + } + ] + } + ], + "Results": [ + { + "Target": "hostpath-provisioner", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "github.com/juju-solutions/hostpath-provisioner", + "Name": "github.com/juju-solutions/hostpath-provisioner", + "Identifier": { + "PURL": "pkg:golang/github.com/juju-solutions/hostpath-provisioner", + "UID": "a53253256e52557c" + }, + "Relationship": "root", + "DependsOn": [ + "github.com/beorn7/perks@v1.0.1", + "github.com/cespare/xxhash/v2@v2.2.0", + "github.com/davecgh/go-spew@v1.1.1", + "github.com/emicklei/go-restful/v3@v3.11.0", + "github.com/go-logr/logr@v1.3.0", + "github.com/go-openapi/jsonpointer@v0.20.0", + "github.com/go-openapi/jsonreference@v0.20.2", + "github.com/go-openapi/swag@v0.22.4", + "github.com/gogo/protobuf@v1.3.2", + "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", + "github.com/golang/protobuf@v1.5.3", + "github.com/google/gnostic-models@v0.6.9-0.20230804172637-c7be7c783f49", + "github.com/google/gnostic@v0.7.0", + "github.com/google/go-cmp@v0.6.0", + "github.com/google/gofuzz@v1.2.0", + "github.com/google/uuid@v1.4.0", + "github.com/imdario/mergo@v0.3.16", + "github.com/josharian/intern@v1.0.0", + "github.com/json-iterator/go@v1.1.12", + "github.com/mailru/easyjson@v0.7.7", + "github.com/matttproud/golang_protobuf_extensions/v2@v2.0.0", + "github.com/miekg/dns@v1.1.57", + "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "github.com/modern-go/reflect2@v1.0.2", + "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "github.com/prometheus/client_golang@v1.17.0", + "github.com/prometheus/client_model@v0.5.0", + "github.com/prometheus/common@v0.45.0", + "github.com/prometheus/procfs@v0.12.0", + "github.com/spf13/pflag@v1.0.5", + "golang.org/x/net@v0.18.0", + "golang.org/x/oauth2@v0.14.0", + "golang.org/x/sys@v0.14.0", + "golang.org/x/term@v0.14.0", + "golang.org/x/text@v0.14.0", + "golang.org/x/time@v0.4.0", + "google.golang.org/protobuf@v1.31.0", + "gopkg.in/inf.v0@v0.9.1", + "gopkg.in/yaml.v2@v2.4.0", + "gopkg.in/yaml.v3@v3.0.1", + "k8s.io/api@v0.27.8", + "k8s.io/apimachinery@v0.27.8", + "k8s.io/client-go@v0.27.8", + "k8s.io/klog/v2@v2.110.1", + "k8s.io/kube-openapi@v0.0.0-20231113174909-778a5567bc1e", + "k8s.io/utils@v0.0.0-20231121161247-cf03d44ff3cf", + "sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", + "sigs.k8s.io/sig-storage-lib-external-provisioner/v9@v9.0.3", + "sigs.k8s.io/structured-merge-diff/v4@v4.4.1", + "sigs.k8s.io/yaml@v1.4.0", + "stdlib@v1.21.4" + ], + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "stdlib@v1.21.4", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "Version": "v1.21.4", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/beorn7/perks@v1.0.1", + "Name": "github.com/beorn7/perks", + "Identifier": { + "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", + "UID": "b37d56416c08e3b7" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cespare/xxhash/v2@v2.2.0", + "Name": "github.com/cespare/xxhash/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.2.0", + "UID": "dde2f8486161c5d" + }, + "Version": "v2.2.0", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/davecgh/go-spew@v1.1.1", + "Name": "github.com/davecgh/go-spew", + "Identifier": { + "PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.1", + "UID": "c8d29bd635723889" + }, + "Version": "v1.1.1", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/emicklei/go-restful/v3@v3.11.0", + "Name": "github.com/emicklei/go-restful/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/emicklei/go-restful/v3@v3.11.0", + "UID": "3a5a54a7944880c7" + }, + "Version": "v3.11.0", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/logr@v1.3.0", + "Name": "github.com/go-logr/logr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/logr@v1.3.0", + "UID": "241233e523337b7d" + }, + "Version": "v1.3.0", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/jsonpointer@v0.20.0", + "Name": "github.com/go-openapi/jsonpointer", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/jsonpointer@v0.20.0", + "UID": "dae3c89392eb7b7c" + }, + "Version": "v0.20.0", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/jsonreference@v0.20.2", + "Name": "github.com/go-openapi/jsonreference", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/jsonreference@v0.20.2", + "UID": "641c6f2cdead4f7" + }, + "Version": "v0.20.2", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag@v0.22.4", + "Name": "github.com/go-openapi/swag", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag@v0.22.4", + "UID": "ba2044afcf6b5c1" + }, + "Version": "v0.22.4", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gogo/protobuf@v1.3.2", + "Name": "github.com/gogo/protobuf", + "Identifier": { + "PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2", + "UID": "a8e07de17d06475f" + }, + "Version": "v1.3.2", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", + "Name": "github.com/golang/groupcache", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", + "UID": "babfdc33561baf8b" + }, + "Version": "v0.0.0-20210331224755-41bb18bfe9da", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/protobuf@v1.5.3", + "Name": "github.com/golang/protobuf", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/protobuf@v1.5.3", + "UID": "6bb8375cd1f87021" + }, + "Version": "v1.5.3", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/gnostic@v0.7.0", + "Name": "github.com/google/gnostic", + "Identifier": { + "PURL": "pkg:golang/github.com/google/gnostic@v0.7.0", + "UID": "d9fb32986e5ef272" + }, + "Version": "v0.7.0", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/gnostic-models@v0.6.9-0.20230804172637-c7be7c783f49", + "Name": "github.com/google/gnostic-models", + "Identifier": { + "PURL": "pkg:golang/github.com/google/gnostic-models@v0.6.9-0.20230804172637-c7be7c783f49", + "UID": "ce3a62b499631f6f" + }, + "Version": "v0.6.9-0.20230804172637-c7be7c783f49", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/go-cmp@v0.6.0", + "Name": "github.com/google/go-cmp", + "Identifier": { + "PURL": "pkg:golang/github.com/google/go-cmp@v0.6.0", + "UID": "c7aebcdde44bdd23" + }, + "Version": "v0.6.0", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/gofuzz@v1.2.0", + "Name": "github.com/google/gofuzz", + "Identifier": { + "PURL": "pkg:golang/github.com/google/gofuzz@v1.2.0", + "UID": "d9039c7a004c1a58" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/uuid@v1.4.0", + "Name": "github.com/google/uuid", + "Identifier": { + "PURL": "pkg:golang/github.com/google/uuid@v1.4.0", + "UID": "458ea5c7d01dd84e" + }, + "Version": "v1.4.0", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/imdario/mergo@v0.3.16", + "Name": "github.com/imdario/mergo", + "Identifier": { + "PURL": "pkg:golang/github.com/imdario/mergo@v0.3.16", + "UID": "d8a1e7cec42c49ef" + }, + "Version": "v0.3.16", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/josharian/intern@v1.0.0", + "Name": "github.com/josharian/intern", + "Identifier": { + "PURL": "pkg:golang/github.com/josharian/intern@v1.0.0", + "UID": "a5fe3871cd24938f" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/json-iterator/go@v1.1.12", + "Name": "github.com/json-iterator/go", + "Identifier": { + "PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12", + "UID": "62cdc3c17a3a7317" + }, + "Version": "v1.1.12", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mailru/easyjson@v0.7.7", + "Name": "github.com/mailru/easyjson", + "Identifier": { + "PURL": "pkg:golang/github.com/mailru/easyjson@v0.7.7", + "UID": "19379f8ce256689b" + }, + "Version": "v0.7.7", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/matttproud/golang_protobuf_extensions/v2@v2.0.0", + "Name": "github.com/matttproud/golang_protobuf_extensions/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/matttproud/golang_protobuf_extensions/v2@v2.0.0", + "UID": "487546c4925ff3eb" + }, + "Version": "v2.0.0", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/miekg/dns@v1.1.57", + "Name": "github.com/miekg/dns", + "Identifier": { + "PURL": "pkg:golang/github.com/miekg/dns@v1.1.57", + "UID": "58f85808309a6bec" + }, + "Version": "v1.1.57", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "Name": "github.com/modern-go/concurrent", + "Identifier": { + "PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "UID": "5bad8bc5b86d3ab5" + }, + "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/modern-go/reflect2@v1.0.2", + "Name": "github.com/modern-go/reflect2", + "Identifier": { + "PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.2", + "UID": "57fe4c1a39f6042d" + }, + "Version": "v1.0.2", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "Name": "github.com/munnerz/goautoneg", + "Identifier": { + "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "UID": "cfb66ac14866c113" + }, + "Version": "v0.0.0-20191010083416-a7dc8b61c822", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_golang@v1.17.0", + "Name": "github.com/prometheus/client_golang", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.17.0", + "UID": "b66d092e830ec000" + }, + "Version": "v1.17.0", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_model@v0.5.0", + "Name": "github.com/prometheus/client_model", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_model@v0.5.0", + "UID": "115ae7eaee9385d4" + }, + "Version": "v0.5.0", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/common@v0.45.0", + "Name": "github.com/prometheus/common", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/common@v0.45.0", + "UID": "443da62fcae92dfe" + }, + "Version": "v0.45.0", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/procfs@v0.12.0", + "Name": "github.com/prometheus/procfs", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/procfs@v0.12.0", + "UID": "20137dc0252d389c" + }, + "Version": "v0.12.0", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/pflag@v1.0.5", + "Name": "github.com/spf13/pflag", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.5", + "UID": "3425350620c8647b" + }, + "Version": "v1.0.5", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/net@v0.18.0", + "Name": "golang.org/x/net", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.18.0", + "UID": "6166b3abc7d767f0" + }, + "Version": "v0.18.0", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/oauth2@v0.14.0", + "Name": "golang.org/x/oauth2", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/oauth2@v0.14.0", + "UID": "bf39b99c4814bd1e" + }, + "Version": "v0.14.0", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sys@v0.14.0", + "Name": "golang.org/x/sys", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sys@v0.14.0", + "UID": "da158971f86f6ee3" + }, + "Version": "v0.14.0", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/term@v0.14.0", + "Name": "golang.org/x/term", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/term@v0.14.0", + "UID": "840e448552c52a50" + }, + "Version": "v0.14.0", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/text@v0.14.0", + "Name": "golang.org/x/text", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/text@v0.14.0", + "UID": "e838d45a91c414c7" + }, + "Version": "v0.14.0", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/time@v0.4.0", + "Name": "golang.org/x/time", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/time@v0.4.0", + "UID": "a3d0a1f7bbfc5248" + }, + "Version": "v0.4.0", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/protobuf@v1.31.0", + "Name": "google.golang.org/protobuf", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/protobuf@v1.31.0", + "UID": "47a522248564d8e2" + }, + "Version": "v1.31.0", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/inf.v0@v0.9.1", + "Name": "gopkg.in/inf.v0", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/inf.v0@v0.9.1", + "UID": "9bdd52762b56d601" + }, + "Version": "v0.9.1", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v2@v2.4.0", + "Name": "gopkg.in/yaml.v2", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", + "UID": "2c6d26d74d064127" + }, + "Version": "v2.4.0", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v3@v3.0.1", + "Name": "gopkg.in/yaml.v3", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", + "UID": "d6c9a1096fcf94af" + }, + "Version": "v3.0.1", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/api@v0.27.8", + "Name": "k8s.io/api", + "Identifier": { + "PURL": "pkg:golang/k8s.io/api@v0.27.8", + "UID": "44a2e793d900e707" + }, + "Version": "v0.27.8", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/apimachinery@v0.27.8", + "Name": "k8s.io/apimachinery", + "Identifier": { + "PURL": "pkg:golang/k8s.io/apimachinery@v0.27.8", + "UID": "57d3e9da14f07e81" + }, + "Version": "v0.27.8", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/client-go@v0.27.8", + "Name": "k8s.io/client-go", + "Identifier": { + "PURL": "pkg:golang/k8s.io/client-go@v0.27.8", + "UID": "5430313fcc16d66a" + }, + "Version": "v0.27.8", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/klog/v2@v2.110.1", + "Name": "k8s.io/klog/v2", + "Identifier": { + "PURL": "pkg:golang/k8s.io/klog/v2@v2.110.1", + "UID": "3e0d14ee24f9e31d" + }, + "Version": "v2.110.1", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/kube-openapi@v0.0.0-20231113174909-778a5567bc1e", + "Name": "k8s.io/kube-openapi", + "Identifier": { + "PURL": "pkg:golang/k8s.io/kube-openapi@v0.0.0-20231113174909-778a5567bc1e", + "UID": "e7e64fba1506ed61" + }, + "Version": "v0.0.0-20231113174909-778a5567bc1e", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/utils@v0.0.0-20231121161247-cf03d44ff3cf", + "Name": "k8s.io/utils", + "Identifier": { + "PURL": "pkg:golang/k8s.io/utils@v0.0.0-20231121161247-cf03d44ff3cf", + "UID": "8b85bcaf8b4978c9" + }, + "Version": "v0.0.0-20231121161247-cf03d44ff3cf", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", + "Name": "sigs.k8s.io/json", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", + "UID": "34c2393ef90a83f8" + }, + "Version": "v0.0.0-20221116044647-bc3834ca7abd", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/sig-storage-lib-external-provisioner/v9@v9.0.3", + "Name": "sigs.k8s.io/sig-storage-lib-external-provisioner/v9", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/sig-storage-lib-external-provisioner/v9@v9.0.3", + "UID": "ea7570393642bcf7" + }, + "Version": "v9.0.3", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/structured-merge-diff/v4@v4.4.1", + "Name": "sigs.k8s.io/structured-merge-diff/v4", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/structured-merge-diff/v4@v4.4.1", + "UID": "2c968e2b8282c818" + }, + "Version": "v4.4.1", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/yaml@v1.4.0", + "Name": "sigs.k8s.io/yaml", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/yaml@v1.4.0", + "UID": "bc212fda08a70041" + }, + "Version": "v1.4.0", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-45288", + "VendorIDs": [ + "GHSA-4v7x-pqxf-cx7m" + ], + "PkgID": "golang.org/x/net@v0.18.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.18.0", + "UID": "6166b3abc7d767f0" + }, + "InstalledVersion": "v0.18.0", + "FixedVersion": "0.23.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45288", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:7bf935d9c1838d35eb8b91612602fb11dcacf27ea44204dc3e47346b32ecbd2e", + "Title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", + "Description": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/04/03/16", + "http://www.openwall.com/lists/oss-security/2024/04/05/4", + "https://access.redhat.com/errata/RHSA-2024:2724", + "https://access.redhat.com/security/cve/CVE-2023-45288", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268018", + "https://bugzilla.redhat.com/2268019", + "https://bugzilla.redhat.com/2268273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://errata.almalinux.org/9/ALSA-2024-2724.html", + "https://errata.rockylinux.org/RLSA-2024:2724", + "https://go.dev/cl/576155", + "https://go.dev/issue/65051", + "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M", + "https://kb.cert.org/vuls/id/421644", + "https://linux.oracle.com/cve/CVE-2023-45288.html", + "https://linux.oracle.com/errata/ELSA-2024-3346.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/", + "https://nowotarski.info/http2-continuation-flood-technical-details", + "https://nowotarski.info/http2-continuation-flood/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45288", + "https://pkg.go.dev/vuln/GO-2024-2687", + "https://security.netapp.com/advisory/ntap-20240419-0009", + "https://security.netapp.com/advisory/ntap-20240419-0009/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2023-45288", + "https://www.kb.cert.org/vuls/id/421644" + ], + "PublishedDate": "2024-04-04T21:15:16.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22870", + "VendorIDs": [ + "GHSA-qxp5-gwg8-xv66" + ], + "PkgID": "golang.org/x/net@v0.18.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.18.0", + "UID": "6166b3abc7d767f0" + }, + "InstalledVersion": "v0.18.0", + "FixedVersion": "0.36.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:2c9f742e7b88d3e39169af0e6f38722fb76dd2a1928835c9ff084295db23d583", + "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", + "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-115" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/03/07/2", + "https://access.redhat.com/security/cve/CVE-2025-22870", + "https://github.com/golang/go/issues/71984", + "https://go-review.googlesource.com/q/project:net", + "https://go.dev/cl/654697", + "https://go.dev/issue/71984", + "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", + "https://pkg.go.dev/vuln/GO-2025-3503", + "https://security.netapp.com/advisory/ntap-20250509-0007", + "https://security.netapp.com/advisory/ntap-20250509-0007/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22870" + ], + "PublishedDate": "2025-03-12T19:15:38.31Z", + "LastModifiedDate": "2026-04-16T23:16:32.86Z" + }, + { + "VulnerabilityID": "CVE-2025-22872", + "VendorIDs": [ + "GHSA-vvgc-356p-c3xw" + ], + "PkgID": "golang.org/x/net@v0.18.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.18.0", + "UID": "6166b3abc7d767f0" + }, + "InstalledVersion": "v0.18.0", + "FixedVersion": "0.38.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:4f857a0d94c5970a15d040f7056c55f8d5efad736758fb44f84f6169d5c57889", + "Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net", + "Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", + "V40Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22872", + "https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9", + "https://github.com/advisories/GHSA-vvgc-356p-c3xw", + "https://go.dev/cl/662715", + "https://go.dev/issue/73070", + "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22872", + "https://pkg.go.dev/vuln/GO-2025-3595", + "https://security.netapp.com/advisory/ntap-20250516-0007", + "https://security.netapp.com/advisory/ntap-20250516-0007/", + "https://ubuntu.com/security/notices/USN-8089-1", + "https://ubuntu.com/security/notices/USN-8089-2", + "https://ubuntu.com/security/notices/USN-8089-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22872" + ], + "PublishedDate": "2025-04-16T18:16:04.183Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22868", + "VendorIDs": [ + "GHSA-6v2p-p543-phr9" + ], + "PkgID": "golang.org/x/oauth2@v0.14.0", + "PkgName": "golang.org/x/oauth2", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/oauth2@v0.14.0", + "UID": "bf39b99c4814bd1e" + }, + "InstalledVersion": "v0.14.0", + "FixedVersion": "0.27.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22868", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:3912f0f5c5c7642fad0b5ab12f284f6f154849db71fba5950d05c8f48b7a0def", + "Title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws", + "Description": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1286" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2347423", + "https://bugzilla.redhat.com/show_bug.cgi?id=2348366", + "https://bugzilla.redhat.com/show_bug.cgi?id=2352914", + "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22868", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27144", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29786", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204", + "https://errata.rockylinux.org/RLSA-2025:7479", + "https://go.dev/cl/652155", + "https://go.dev/issue/71490", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22868", + "https://pkg.go.dev/vuln/GO-2025-3488", + "https://www.cve.org/CVERecord?id=CVE-2025-22868" + ], + "PublishedDate": "2025-02-26T08:14:24.897Z", + "LastModifiedDate": "2025-05-01T19:27:10.43Z" + }, + { + "VulnerabilityID": "CVE-2024-24786", + "VendorIDs": [ + "GHSA-8r3f-844c-mc37" + ], + "PkgID": "google.golang.org/protobuf@v1.31.0", + "PkgName": "google.golang.org/protobuf", + "PkgIdentifier": { + "PURL": "pkg:golang/google.golang.org/protobuf@v1.31.0", + "UID": "47a522248564d8e2" + }, + "InstalledVersion": "v1.31.0", + "FixedVersion": "1.33.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24786", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:8bb77aebcc3b25adb87293038c218048b452d92a4e8ff1bc1ee7d0f9260042f3", + "Title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", + "Description": "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U", + "V3Score": 7.5, + "V40Score": 6.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:2550", + "https://access.redhat.com/security/cve/CVE-2024-24786", + "https://bugzilla.redhat.com/2268046", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786", + "https://errata.almalinux.org/9/ALSA-2024-2550.html", + "https://errata.rockylinux.org/RLSA-2024:2550", + "https://github.com/protocolbuffers/protobuf-go", + "https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023", + "https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0", + "https://go-review.googlesource.com/c/protobuf/+/569356", + "https://go.dev/cl/569356", + "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", + "https://linux.oracle.com/cve/CVE-2024-24786.html", + "https://linux.oracle.com/errata/ELSA-2024-4246.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", + "https://pkg.go.dev/vuln/GO-2024-2611", + "https://security.netapp.com/advisory/ntap-20240517-0002", + "https://security.netapp.com/advisory/ntap-20240517-0002/", + "https://ubuntu.com/security/notices/USN-6746-1", + "https://ubuntu.com/security/notices/USN-6746-2", + "https://www.cve.org/CVERecord?id=CVE-2024-24786" + ], + "PublishedDate": "2024-03-05T23:15:07.82Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-24790", + "VendorIDs": [ + "GO-2024-2887" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.21.11, 1.22.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24790", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:88f7ec1eb9856ca3c5090f86d48734bc274dd173254f8f53084a2d947f38823b", + "Title": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses", + "Description": "The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.", + "Severity": "CRITICAL", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 4, + "nvd": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 6.7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/06/04/1", + "https://access.redhat.com/errata/RHSA-2025:7256", + "https://access.redhat.com/security/cve/CVE-2024-24790", + "https://bugzilla.redhat.com/2237777", + "https://bugzilla.redhat.com/2237778", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2292787", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/2315719", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", + "https://errata.almalinux.org/9/ALSA-2025-7256.html", + "https://errata.rockylinux.org/RLSA-2025:7256", + "https://github.com/golang/go/commit/051bdf3fd12a40307606ff9381138039c5f452f0 (1.21)", + "https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca (1.22)", + "https://github.com/golang/go/issues/67680", + "https://go.dev/cl/590316", + "https://go.dev/issue/67680", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", + "https://linux.oracle.com/cve/CVE-2024-24790.html", + "https://linux.oracle.com/errata/ELSA-2025-7256.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24790", + "https://pkg.go.dev/vuln/GO-2024-2887", + "https://security.netapp.com/advisory/ntap-20240905-0002/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24790" + ], + "PublishedDate": "2024-06-05T16:15:10.56Z", + "LastModifiedDate": "2024-11-21T08:59:42.813Z" + }, + { + "VulnerabilityID": "CVE-2025-68121", + "VendorIDs": [ + "GO-2026-4337" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f0cffd7fd30e1cbda89eb6dee9cc336f91e9b0cf35867daa4f85fc94b2b1dfae", + "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", + "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 4, + "cbl-mariner": 2, + "nvd": 4, + "oracle-oval": 3, + "photon": 4, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-68121", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://github.com/golang/go/issues/77113", + "https://go.dev/cl/737700", + "https://go.dev/issue/77217", + "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-68121.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", + "https://pkg.go.dev/vuln/GO-2026-4337", + "https://www.cve.org/CVERecord?id=CVE-2025-68121" + ], + "PublishedDate": "2026-02-05T18:16:10.857Z", + "LastModifiedDate": "2026-04-29T14:16:16.17Z" + }, + { + "VulnerabilityID": "CVE-2023-45288", + "VendorIDs": [ + "GHSA-4v7x-pqxf-cx7m", + "GO-2024-2687" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.21.9, 1.22.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f61b25ba7c881784695c070c4bf61fffd0a7df889bb90ffa1c047ebd17f4d200", + "Title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", + "Description": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/04/03/16", + "http://www.openwall.com/lists/oss-security/2024/04/05/4", + "https://access.redhat.com/errata/RHSA-2024:2724", + "https://access.redhat.com/security/cve/CVE-2023-45288", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268018", + "https://bugzilla.redhat.com/2268019", + "https://bugzilla.redhat.com/2268273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://errata.almalinux.org/9/ALSA-2024-2724.html", + "https://errata.rockylinux.org/RLSA-2024:2724", + "https://go.dev/cl/576155", + "https://go.dev/issue/65051", + "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M", + "https://kb.cert.org/vuls/id/421644", + "https://linux.oracle.com/cve/CVE-2023-45288.html", + "https://linux.oracle.com/errata/ELSA-2024-3346.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/", + "https://nowotarski.info/http2-continuation-flood-technical-details", + "https://nowotarski.info/http2-continuation-flood/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45288", + "https://pkg.go.dev/vuln/GO-2024-2687", + "https://security.netapp.com/advisory/ntap-20240419-0009", + "https://security.netapp.com/advisory/ntap-20240419-0009/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2023-45288", + "https://www.kb.cert.org/vuls/id/421644" + ], + "PublishedDate": "2024-04-04T21:15:16.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-34156", + "VendorIDs": [ + "GO-2024-3106" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.22.7, 1.23.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34156", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:0d8b78350d19ac6205aabb2a409a5553b56efc677c84472011134e6db8fbca63", + "Title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion", + "Description": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:3773", + "https://access.redhat.com/security/cve/CVE-2024-34156", + "https://bugzilla.redhat.com/2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.almalinux.org/9/ALSA-2025-3773.html", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7)", + "https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1)", + "https://go.dev/cl/611239", + "https://go.dev/issue/69139", + "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", + "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", + "https://linux.oracle.com/cve/CVE-2024-34156.html", + "https://linux.oracle.com/errata/ELSA-2025-3773.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-34156", + "https://pkg.go.dev/vuln/GO-2024-3106", + "https://security.netapp.com/advisory/ntap-20240926-0004/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-34156" + ], + "PublishedDate": "2024-09-06T21:15:12.02Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61726", + "VendorIDs": [ + "GO-2026-4341" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6bbd1e4dfcc24e3af68c452d1c6edf40cfdd49af8f5fde6cf1102afa6a0ee32c", + "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", + "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 3, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-61726", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://go.dev/cl/736712", + "https://go.dev/issue/77101", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61726.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", + "https://pkg.go.dev/vuln/GO-2026-4341", + "https://www.cve.org/CVERecord?id=CVE-2025-61726" + ], + "PublishedDate": "2026-01-28T20:16:09.713Z", + "LastModifiedDate": "2026-02-06T18:47:34.52Z" + }, + { + "VulnerabilityID": "CVE-2025-61729", + "VendorIDs": [ + "GO-2025-4155" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:cd6dca9492a6f7cc9c22810db4cf89adf752e5bf25f711162313f9a7b756ea1b", + "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", + "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 1, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3928", + "https://access.redhat.com/security/cve/CVE-2025-61729", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3928.html", + "https://errata.rockylinux.org/RLSA-2026:3928", + "https://go.dev/cl/725920", + "https://go.dev/issue/76445", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://linux.oracle.com/cve/CVE-2025-61729.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", + "https://pkg.go.dev/vuln/GO-2025-4155", + "https://www.cve.org/CVERecord?id=CVE-2025-61729" + ], + "PublishedDate": "2025-12-02T19:15:51.447Z", + "LastModifiedDate": "2025-12-19T18:25:28.283Z" + }, + { + "VulnerabilityID": "CVE-2026-25679", + "VendorIDs": [ + "GO-2026-4601" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8c32daa355d6937bc9c2bdc4ed4f4474938932aa31df75886329f8b8cb2109f7", + "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", + "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-425" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9044", + "https://access.redhat.com/security/cve/CVE-2026-25679", + "https://bugzilla.redhat.com/2445356", + "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", + "https://errata.almalinux.org/9/ALSA-2026-9044.html", + "https://errata.rockylinux.org/RLSA-2026:8841", + "https://go.dev/cl/752180", + "https://go.dev/issue/77578", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://linux.oracle.com/cve/CVE-2026-25679.html", + "https://linux.oracle.com/errata/ELSA-2026-9044.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", + "https://pkg.go.dev/vuln/GO-2026-4601", + "https://www.cve.org/CVERecord?id=CVE-2026-25679" + ], + "PublishedDate": "2026-03-06T22:16:00.72Z", + "LastModifiedDate": "2026-04-21T14:43:03.8Z" + }, + { + "VulnerabilityID": "CVE-2026-32280", + "VendorIDs": [ + "GO-2026-4947" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d31be94b5d196c3772c4fe4657d010e2156a6274d0e3ee01ca37e30416f1b1ab", + "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", + "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32280", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/758320", + "https://go.dev/issue/78282", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32280.html", + "https://linux.oracle.com/errata/ELSA-2026-16875.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", + "https://pkg.go.dev/vuln/GO-2026-4947", + "https://www.cve.org/CVERecord?id=CVE-2026-32280" + ], + "PublishedDate": "2026-04-08T02:16:03.247Z", + "LastModifiedDate": "2026-04-16T19:16:42.18Z" + }, + { + "VulnerabilityID": "CVE-2026-32281", + "VendorIDs": [ + "GO-2026-4946" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bfae458e0cc12d1cbfd5e5652864f602f7dbd10426876e774e212a40780c6249", + "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", + "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32281", + "https://go.dev/cl/758061", + "https://go.dev/issue/78281", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", + "https://pkg.go.dev/vuln/GO-2026-4946", + "https://www.cve.org/CVERecord?id=CVE-2026-32281" + ], + "PublishedDate": "2026-04-08T02:16:03.35Z", + "LastModifiedDate": "2026-04-16T19:15:57.75Z" + }, + { + "VulnerabilityID": "CVE-2026-32283", + "VendorIDs": [ + "GO-2026-4870" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d28b8dbbfaf8cc0eb81a424729f047f617c3ff0d00dd5b8230707d34a8ff5eea", + "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", + "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32283", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763767", + "https://go.dev/issue/78334", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32283.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", + "https://pkg.go.dev/vuln/GO-2026-4870", + "https://www.cve.org/CVERecord?id=CVE-2026-32283" + ], + "PublishedDate": "2026-04-08T02:16:03.58Z", + "LastModifiedDate": "2026-04-16T19:12:10.54Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c18048cdf3bb97a4563b7ee21d1813bf965a399d8a68d5656c8e35ccc29f75f4", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:dceb5b3d807dddce4ffc5d7d2ecdbbc4ccfbbf3866bb9b75780462702313eea9", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e08ef269cc2e92dcb1d85ab9a583c1167cc5dfaba1a7dedd1821b064618c5c66", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:75292f5d09b05283b5aff1d0c3e6ce777f6096427d1379926c0c84ea8a6b9aa6", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ba9f72d8f28e5bd5ef66466aab6e892fe2f57f6f156b9709f0976c47353dde72", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2023-39326", + "VendorIDs": [ + "GO-2023-2382" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.20.12, 1.21.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39326", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:da37524b9e2c5e792d1d5a9a2b70e00b6b1f6de59a236ad3c997d9cfdee5370f", + "Title": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests", + "Description": "A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2272", + "https://access.redhat.com/security/cve/CVE-2023-39326", + "https://bugzilla.redhat.com/2253193", + "https://bugzilla.redhat.com/2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", + "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", + "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", + "https://errata.almalinux.org/9/ALSA-2024-2272.html", + "https://errata.rockylinux.org/RLSA-2024:2988", + "https://github.com/golang/go/commit/6446af942e2e2b161c4ec1b60d9703a2b55dc4dd (go1.20.12)", + "https://github.com/golang/go/commit/ec8c526e4be720e94b98ca509e6364f0efaf28f7 (go1.21.5)", + "https://go.dev/cl/547335", + "https://go.dev/issue/64433", + "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", + "https://linux.oracle.com/cve/CVE-2023-39326.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIU6HOGV6RRIKWM57LOXQA75BGZSIH6G/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-39326", + "https://pkg.go.dev/vuln/GO-2023-2382", + "https://ubuntu.com/security/notices/USN-6574-1", + "https://www.cve.org/CVERecord?id=CVE-2023-39326" + ], + "PublishedDate": "2023-12-06T17:15:07.147Z", + "LastModifiedDate": "2024-11-21T08:15:09.89Z" + }, + { + "VulnerabilityID": "CVE-2023-45289", + "VendorIDs": [ + "GO-2024-2600" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bd16f091159a68ab3d357ce29ee43e66974605b9995c184347b579d09b70579c", + "Title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", + "Description": "When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:2724", + "https://access.redhat.com/security/cve/CVE-2023-45289", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268018", + "https://bugzilla.redhat.com/2268019", + "https://bugzilla.redhat.com/2268273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://errata.almalinux.org/9/ALSA-2024-2724.html", + "https://errata.rockylinux.org/RLSA-2024:2724", + "https://github.com/golang/go/commit/20586c0dbe03d144f914155f879fa5ee287591a1 (go1.21.8)", + "https://github.com/golang/go/commit/3a855208e3efed2e9d7c20ad023f1fa78afcc0be (go1.22.1)", + "https://github.com/golang/go/issues/65065", + "https://go.dev/cl/569340", + "https://go.dev/issue/65065", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2023-45289.html", + "https://linux.oracle.com/errata/ELSA-2024-3346.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", + "https://pkg.go.dev/vuln/GO-2024-2600", + "https://security.netapp.com/advisory/ntap-20240329-0006/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://www.cve.org/CVERecord?id=CVE-2023-45289" + ], + "PublishedDate": "2024-03-05T23:15:07.137Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2023-45290", + "VendorIDs": [ + "GO-2024-2599" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45290", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1b5ce95a98885f0f198293f69138d314f54e82e326f7f3008a6135448e1db608", + "Title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", + "Description": "When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:9135", + "https://access.redhat.com/security/cve/CVE-2023-45290", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268022", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://errata.almalinux.org/9/ALSA-2024-9135.html", + "https://errata.rockylinux.org/RLSA-2024:9135", + "https://github.com/golang/go/commit/041a47712e765e94f86d841c3110c840e76d8f82 (go1.22.1)", + "https://github.com/golang/go/commit/bf80213b121074f4ad9b449410a4d13bae5e9be0 (go1.21.8)", + "https://github.com/golang/go/issues/65383", + "https://go.dev/cl/569341", + "https://go.dev/issue/65383", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2023-45290.html", + "https://linux.oracle.com/errata/ELSA-2024-8038.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45290", + "https://pkg.go.dev/vuln/GO-2024-2599", + "https://security.netapp.com/advisory/ntap-20240329-0004", + "https://security.netapp.com/advisory/ntap-20240329-0004/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2023-45290" + ], + "PublishedDate": "2024-03-05T23:15:07.21Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-24783", + "VendorIDs": [ + "GO-2024-2598" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24783", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:90bf865c3a8ccea09fa476c341a19771ced7a011f32283821fbf73a08292d7bf", + "Title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", + "Description": "Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:6195", + "https://access.redhat.com/security/cve/CVE-2024-24783", + "https://bugzilla.redhat.com/2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://errata.almalinux.org/9/ALSA-2024-6195.html", + "https://errata.rockylinux.org/RLSA-2024:2724", + "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp", + "https://github.com/golang/go/commit/337b8e9cbfa749d9d5c899e0dc358e2208d5e54f (go1.22.1)", + "https://github.com/golang/go/commit/be5b52bea674190ef7de272664be6c7ae93ec5a0 (go1.21.8)", + "https://github.com/golang/go/issues/65390", + "https://go.dev/cl/569339", + "https://go.dev/issue/65390", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2024-24783.html", + "https://linux.oracle.com/errata/ELSA-2024-6969.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24783", + "https://pkg.go.dev/vuln/GO-2024-2598", + "https://security.netapp.com/advisory/ntap-20240329-0005", + "https://security.netapp.com/advisory/ntap-20240329-0005/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24783" + ], + "PublishedDate": "2024-03-05T23:15:07.683Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-24784", + "VendorIDs": [ + "GO-2024-2609" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24784", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5dad41e94c59c8af26cd469ba34b36d2c612523c3cf76d2aca67e2187aa392c8", + "Title": "golang: net/mail: comments in display names are incorrectly handled", + "Description": "The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:2562", + "https://access.redhat.com/security/cve/CVE-2024-24784", + "https://bugzilla.redhat.com/2262921", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268018", + "https://bugzilla.redhat.com/2268019", + "https://bugzilla.redhat.com/2268021", + "https://bugzilla.redhat.com/2268022", + "https://bugzilla.redhat.com/2268273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262921", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268021", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24784", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", + "https://errata.almalinux.org/9/ALSA-2024-2562.html", + "https://errata.rockylinux.org/RLSA-2024:2562", + "https://github.com/golang/go/commit/263c059b09fdd40d9dd945f2ecb20c89ea28efe5 (go1.21.8)", + "https://github.com/golang/go/commit/5330cd225ba54c7dc78c1b46dcdf61a4671a632c (go1.22.1)", + "https://github.com/golang/go/issues/65083", + "https://go.dev/cl/555596", + "https://go.dev/issue/65083", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2024-24784.html", + "https://linux.oracle.com/errata/ELSA-2024-6969.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24784", + "https://pkg.go.dev/vuln/GO-2024-2609", + "https://security.netapp.com/advisory/ntap-20240329-0007/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24784" + ], + "PublishedDate": "2024-03-05T23:15:07.733Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-24785", + "VendorIDs": [ + "GO-2024-2610" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24785", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:624da2e29874caba3a832d8d18ebabef31897538e99f3deeb696b7900099495b", + "Title": "golang: html/template: errors returned from MarshalJSON methods may break template escaping", + "Description": "If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:9135", + "https://access.redhat.com/security/cve/CVE-2024-24785", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268022", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://errata.almalinux.org/9/ALSA-2024-9135.html", + "https://errata.rockylinux.org/RLSA-2024:9135", + "https://github.com/golang/go/commit/056b0edcb8c152152021eebf4cf42adbfbe77992 (go1.22.1)", + "https://github.com/golang/go/commit/3643147a29352ca2894fd5d0d2069bc4b4335a7e (go1.21.8)", + "https://github.com/golang/go/issues/65697", + "https://go.dev/cl/564196", + "https://go.dev/issue/65697", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2024-24785.html", + "https://linux.oracle.com/errata/ELSA-2026-3428.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24785", + "https://pkg.go.dev/vuln/GO-2024-2610", + "https://security.netapp.com/advisory/ntap-20240329-0008/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://vuln.go.dev/ID/GO-2024-2610.json", + "https://www.cve.org/CVERecord?id=CVE-2024-24785" + ], + "PublishedDate": "2024-03-05T23:15:07.777Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-24789", + "VendorIDs": [ + "GO-2024-2888" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.21.11, 1.22.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24789", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:449783ac9bbd77e99cafe8688633086615830e0f064fe110964eab488954d6c9", + "Title": "golang: archive/zip: Incorrect handling of certain ZIP files", + "Description": "The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/06/04/1", + "https://access.redhat.com/errata/RHSA-2024:9115", + "https://access.redhat.com/security/cve/CVE-2024-24789", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2292668", + "https://bugzilla.redhat.com/2292787", + "https://bugzilla.redhat.com/2294000", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144983", + "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", + "https://bugzilla.redhat.com/show_bug.cgi?id=2292668", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4122", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3727", + "https://errata.almalinux.org/9/ALSA-2024-9115.html", + "https://errata.rockylinux.org/RLSA-2024:9102", + "https://github.com/golang/go/commit/c8e40338cf00f3c1d86c8fb23863ad67a4c72bcc (1.21)", + "https://github.com/golang/go/commit/cf501ac0c5fe351a8582d20b43562027927906e7 (1.22)", + "https://github.com/golang/go/issues/66869", + "https://go.dev/cl/585397", + "https://go.dev/issue/66869", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", + "https://linux.oracle.com/cve/CVE-2024-24789.html", + "https://linux.oracle.com/errata/ELSA-2024-9115.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24789", + "https://pkg.go.dev/vuln/GO-2024-2888", + "https://security.netapp.com/advisory/ntap-20250131-0008/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24789" + ], + "PublishedDate": "2024-06-05T16:15:10.47Z", + "LastModifiedDate": "2025-01-31T15:15:12.74Z" + }, + { + "VulnerabilityID": "CVE-2024-24791", + "VendorIDs": [ + "GO-2024-2963" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.21.12, 1.22.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24791", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ba82ff5f84c447668e9ba48880a3c80e51b9b11d684162e337cbe9b0802a680a", + "Title": "net/http: Denial of service due to improper 100-continue handling in net/http", + "Description": "The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an \"Expect: 100-continue\" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending \"Expect: 100-continue\" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7256", + "https://access.redhat.com/security/cve/CVE-2024-24791", + "https://bugzilla.redhat.com/2237777", + "https://bugzilla.redhat.com/2237778", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2292787", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/2315719", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", + "https://errata.almalinux.org/9/ALSA-2025-7256.html", + "https://errata.rockylinux.org/RLSA-2025:7256", + "https://go.dev/cl/591255", + "https://go.dev/issue/67555", + "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ", + "https://linux.oracle.com/cve/CVE-2024-24791.html", + "https://linux.oracle.com/errata/ELSA-2025-7256.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24791", + "https://pkg.go.dev/vuln/GO-2024-2963", + "https://security.netapp.com/advisory/ntap-20241004-0004/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24791" + ], + "PublishedDate": "2024-07-02T22:15:04.833Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-34155", + "VendorIDs": [ + "GO-2024-3105" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.22.7, 1.23.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34155", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:70f20b719dcdb020aaa82e1e492d4af8d34ce4eb0f2164a15ae5dd30977a87a5", + "Title": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion", + "Description": "Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:9459", + "https://access.redhat.com/security/cve/CVE-2024-34155", + "https://bugzilla.redhat.com/2310527", + "https://bugzilla.redhat.com/2310528", + "https://bugzilla.redhat.com/2310529", + "https://bugzilla.redhat.com/2315691", + "https://bugzilla.redhat.com/2315887", + "https://bugzilla.redhat.com/2317458", + "https://bugzilla.redhat.com/2317467", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", + "https://errata.almalinux.org/9/ALSA-2024-9459.html", + "https://errata.rockylinux.org/RLSA-2024:8039", + "https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1)", + "https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7)", + "https://go.dev/cl/611238", + "https://go.dev/issue/69138", + "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", + "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", + "https://linux.oracle.com/cve/CVE-2024-34155.html", + "https://linux.oracle.com/errata/ELSA-2024-9459.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-34155", + "https://pkg.go.dev/vuln/GO-2024-3105", + "https://security.netapp.com/advisory/ntap-20240926-0005/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-34155" + ], + "PublishedDate": "2024-09-06T21:15:11.947Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-34158", + "VendorIDs": [ + "GO-2024-3107" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.22.7, 1.23.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34158", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4f1ee40664cc240bc8bbf074bdc3abea0e02d8dafc4cf63b1f136ea68fc692fd", + "Title": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion", + "Description": "Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7118", + "https://access.redhat.com/security/cve/CVE-2024-34158", + "https://bugzilla.redhat.com/2262921", + "https://bugzilla.redhat.com/2310529", + "https://bugzilla.redhat.com/2315719", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", + "https://errata.almalinux.org/9/ALSA-2025-7118.html", + "https://errata.rockylinux.org/RLSA-2024:8039", + "https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1)", + "https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7)", + "https://go.dev/cl/611240", + "https://go.dev/issue/69141", + "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", + "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", + "https://linux.oracle.com/cve/CVE-2024-34158.html", + "https://linux.oracle.com/errata/ELSA-2025-7118.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-34158", + "https://pkg.go.dev/vuln/GO-2024-3107", + "https://security.netapp.com/advisory/ntap-20241004-0003/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-34158" + ], + "PublishedDate": "2024-09-06T21:15:12.083Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-45336", + "VendorIDs": [ + "GO-2025-3420" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8caf910f46b9a3f93bf90d73da3e4cbbddbfc5b2a10edd0e10db2e883e16838d", + "Title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", + "Description": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:3772", + "https://access.redhat.com/security/cve/CVE-2024-45336", + "https://bugzilla.redhat.com/2341750", + "https://bugzilla.redhat.com/2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.almalinux.org/8/ALSA-2025-3772.html", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/issues/70530", + "https://go.dev/cl/643100", + "https://go.dev/issue/70530", + "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI", + "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", + "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", + "https://linux.oracle.com/cve/CVE-2024-45336.html", + "https://linux.oracle.com/errata/ELSA-2025-7592.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-45336", + "https://pkg.go.dev/vuln/GO-2025-3420", + "https://security.netapp.com/advisory/ntap-20250221-0003/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2024-45336" + ], + "PublishedDate": "2025-01-28T02:15:28.807Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-0913", + "VendorIDs": [ + "GO-2025-3750" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:03785c33fc0859902086a5552c22817b9d516cb964dd701534e283f96fb8e1b9", + "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", + "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://go.dev/cl/672396", + "https://go.dev/issue/73702", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", + "https://pkg.go.dev/vuln/GO-2025-3750" + ], + "PublishedDate": "2025-06-11T18:15:24.627Z", + "LastModifiedDate": "2025-08-08T14:53:03.55Z" + }, + { + "VulnerabilityID": "CVE-2025-22866", + "VendorIDs": [ + "GO-2025-3447" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6b5680acf5f945a7a2fb63a4f03baeefbe484a263fa9586431f1414e122acd06", + "Title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", + "Description": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22866", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12)", + "https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6)", + "https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)", + "https://github.com/golang/go/issues/71383", + "https://go.dev/cl/643735", + "https://go.dev/issue/71383", + "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", + "https://linux.oracle.com/cve/CVE-2025-22866.html", + "https://linux.oracle.com/errata/ELSA-2025-7466.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22866", + "https://pkg.go.dev/vuln/GO-2025-3447", + "https://security.netapp.com/advisory/ntap-20250221-0002/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22866" + ], + "PublishedDate": "2025-02-06T17:15:21.41Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22870", + "VendorIDs": [ + "GHSA-qxp5-gwg8-xv66", + "GO-2025-3503" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.23.7, 1.24.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b7c1171d439f752f17c215f45696818bbaae3952611168e1c6eea6eb4e456421", + "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", + "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-115" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/03/07/2", + "https://access.redhat.com/security/cve/CVE-2025-22870", + "https://github.com/golang/go/issues/71984", + "https://go-review.googlesource.com/q/project:net", + "https://go.dev/cl/654697", + "https://go.dev/issue/71984", + "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", + "https://pkg.go.dev/vuln/GO-2025-3503", + "https://security.netapp.com/advisory/ntap-20250509-0007", + "https://security.netapp.com/advisory/ntap-20250509-0007/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22870" + ], + "PublishedDate": "2025-03-12T19:15:38.31Z", + "LastModifiedDate": "2026-04-16T23:16:32.86Z" + }, + { + "VulnerabilityID": "CVE-2025-22871", + "VendorIDs": [ + "GO-2025-3563" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.23.8, 1.24.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5ad2d3ad489b9a8152a1a621b7fbd4b82c4f3db864ec0617a112b41fba13e648", + "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", + "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 3, + "ghsa": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/04/4", + "https://access.redhat.com/errata/RHSA-2025:9635", + "https://access.redhat.com/security/cve/CVE-2025-22871", + "https://bugzilla.redhat.com/2358493", + "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", + "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", + "https://errata.almalinux.org/9/ALSA-2025-9635.html", + "https://errata.rockylinux.org/RLSA-2025:9635", + "https://github.com/roadrunner-server/roadrunner", + "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", + "https://github.com/roadrunner-server/roadrunner/issues/2166", + "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", + "https://go.dev/cl/652998", + "https://go.dev/issue/71988", + "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", + "https://linux.oracle.com/cve/CVE-2025-22871.html", + "https://linux.oracle.com/errata/ELSA-2025-9845.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", + "https://pkg.go.dev/vuln/GO-2025-3563", + "https://www.cve.org/CVERecord?id=CVE-2025-22871" + ], + "PublishedDate": "2025-04-08T20:15:20.183Z", + "LastModifiedDate": "2026-05-12T13:16:39.897Z" + }, + { + "VulnerabilityID": "CVE-2025-22873", + "VendorIDs": [ + "GO-2026-4403" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.23.9, 1.24.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d8af583a0ce720ca2f0a83e28b8a16fa6cc3fab639283a1195dff43b80f2549a", + "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", + "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-23" + ], + "VendorSeverity": { + "amazon": 2, + "bitnami": 1, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "V3Score": 3.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/06/2", + "https://access.redhat.com/security/cve/CVE-2025-22873", + "https://go.dev/cl/670036", + "https://go.dev/issue/73555", + "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", + "https://pkg.go.dev/vuln/GO-2026-4403", + "https://www.cve.org/CVERecord?id=CVE-2025-22873" + ], + "PublishedDate": "2026-02-04T23:15:54.22Z", + "LastModifiedDate": "2026-02-10T15:16:40.057Z" + }, + { + "VulnerabilityID": "CVE-2025-4673", + "VendorIDs": [ + "GO-2025-3751" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9f1ca9908e4c8a038819038f9ede8b8f856d29f070e80e4bc6acdcef71ddd38f", + "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", + "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:15887", + "https://access.redhat.com/security/cve/CVE-2025-4673", + "https://bugzilla.redhat.com/2373305", + "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", + "https://errata.almalinux.org/9/ALSA-2025-15887.html", + "https://errata.rockylinux.org/RLSA-2025:15887", + "https://go.dev/cl/679257", + "https://go.dev/issue/73816", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://linux.oracle.com/cve/CVE-2025-4673.html", + "https://linux.oracle.com/errata/ELSA-2025-10677.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", + "https://pkg.go.dev/vuln/GO-2025-3751", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-4673" + ], + "PublishedDate": "2025-06-11T17:15:42.993Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-47906", + "VendorIDs": [ + "GO-2025-3956" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b98f644f7549edb6ce5a6b00b8f262188202288fb2dc5d83436ec7b6f92fac24", + "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", + "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:22005", + "https://access.redhat.com/security/cve/CVE-2025-47906", + "https://bugzilla.redhat.com/2396546", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", + "https://errata.almalinux.org/9/ALSA-2025-22005.html", + "https://errata.rockylinux.org/RLSA-2025:22005", + "https://go.dev/cl/691775", + "https://go.dev/issue/74466", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47906.html", + "https://linux.oracle.com/errata/ELSA-2025-22668.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", + "https://pkg.go.dev/vuln/GO-2025-3956", + "https://www.cve.org/CVERecord?id=CVE-2025-47906" + ], + "PublishedDate": "2025-09-18T19:15:37.66Z", + "LastModifiedDate": "2026-01-27T19:56:17.707Z" + }, + { + "VulnerabilityID": "CVE-2025-47907", + "VendorIDs": [ + "GO-2025-3849" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:53cf4843a799751651c14831ba832b7f35de02f8117ae0272606ef873ce67557", + "Title": "database/sql: Postgres Scan Race Condition", + "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:20909", + "https://access.redhat.com/security/cve/CVE-2025-47907", + "https://bugzilla.redhat.com/2387083", + "https://bugzilla.redhat.com/2393152", + "https://errata.almalinux.org/9/ALSA-2025-20909.html", + "https://go.dev/cl/693735", + "https://go.dev/issue/74831", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47907.html", + "https://linux.oracle.com/errata/ELSA-2025-20983.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", + "https://pkg.go.dev/vuln/GO-2025-3849", + "https://www.cve.org/CVERecord?id=CVE-2025-47907" + ], + "PublishedDate": "2025-08-07T16:15:30.357Z", + "LastModifiedDate": "2026-01-29T19:11:50.67Z" + }, + { + "VulnerabilityID": "CVE-2025-47912", + "VendorIDs": [ + "GO-2025-4010" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:210edc8fa75fd24c18f6c6d49fa2fbc56dd3d2985200903a8af8a9ff4afc4b98", + "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", + "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-47912", + "https://go.dev/cl/709857", + "https://go.dev/issue/75678", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", + "https://pkg.go.dev/vuln/GO-2025-4010", + "https://www.cve.org/CVERecord?id=CVE-2025-47912" + ], + "PublishedDate": "2025-10-29T23:16:18.187Z", + "LastModifiedDate": "2026-01-29T13:57:18.69Z" + }, + { + "VulnerabilityID": "CVE-2025-58183", + "VendorIDs": [ + "GO-2025-4014" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4e042c8a0461b9ab3834379fbf694e7bacafa6d9be1c928b26199369c5fbe3fe", + "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", + "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/errata/RHSA-2026:1381", + "https://access.redhat.com/security/cve/CVE-2025-58183", + "https://bugzilla.redhat.com/2407258", + "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", + "https://errata.almalinux.org/9/ALSA-2026-1381.html", + "https://errata.rockylinux.org/RLSA-2025:23326", + "https://go.dev/cl/709861", + "https://go.dev/issue/75677", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://linux.oracle.com/cve/CVE-2025-58183.html", + "https://linux.oracle.com/errata/ELSA-2026-50076.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", + "https://pkg.go.dev/vuln/GO-2025-4014", + "https://www.cve.org/CVERecord?id=CVE-2025-58183" + ], + "PublishedDate": "2025-10-29T23:16:19.357Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-58185", + "VendorIDs": [ + "GO-2025-4011" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3e5b5849481473f16b02d21e71c40bec5e9ef3fbb2eceba710b7b4ee8efac274", + "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", + "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58185", + "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", + "https://go.dev/cl/709856", + "https://go.dev/issue/75671", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", + "https://pkg.go.dev/vuln/GO-2025-4011", + "https://www.cve.org/CVERecord?id=CVE-2025-58185" + ], + "PublishedDate": "2025-10-29T23:16:19.45Z", + "LastModifiedDate": "2026-02-06T20:26:41.997Z" + }, + { + "VulnerabilityID": "CVE-2025-58187", + "VendorIDs": [ + "GO-2025-4007" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.24.9, 1.25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:92506bdaf4016bc7529c2cc1e25341678459740f7185ac37d0eddc167caa62cc", + "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", + "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58187", + "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", + "https://go.dev/cl/709854", + "https://go.dev/issue/75681", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", + "https://pkg.go.dev/vuln/GO-2025-4007", + "https://www.cve.org/CVERecord?id=CVE-2025-58187" + ], + "PublishedDate": "2025-10-29T23:16:19.643Z", + "LastModifiedDate": "2026-01-29T16:02:27.08Z" + }, + { + "VulnerabilityID": "CVE-2025-58188", + "VendorIDs": [ + "GO-2025-4013" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:da41ee956818e1a6983893c517ab4d90013b7340e08d108964d3a5bd9f4ea9c6", + "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", + "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58188", + "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", + "https://go.dev/cl/709853", + "https://go.dev/issue/75675", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", + "https://pkg.go.dev/vuln/GO-2025-4013", + "https://www.cve.org/CVERecord?id=CVE-2025-58188" + ], + "PublishedDate": "2025-10-29T23:16:19.74Z", + "LastModifiedDate": "2026-01-29T15:55:11.97Z" + }, + { + "VulnerabilityID": "CVE-2025-58189", + "VendorIDs": [ + "GO-2025-4008" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:0d65f2faed1e73121b63613226ceeb12d96cc615f881cc93abdbb87112db62ee", + "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", + "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-532" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58189", + "https://go.dev/cl/707776", + "https://go.dev/issue/75652", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", + "https://pkg.go.dev/vuln/GO-2025-4008", + "https://www.cve.org/CVERecord?id=CVE-2025-58189" + ], + "PublishedDate": "2025-10-29T23:16:19.833Z", + "LastModifiedDate": "2026-01-29T15:49:24.543Z" + }, + { + "VulnerabilityID": "CVE-2025-61723", + "VendorIDs": [ + "GO-2025-4009" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d96d682d8ca3160f59e669e076f9ffda5354e7d1b681ef608371761960353d55", + "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", + "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61723", + "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", + "https://go.dev/cl/709858", + "https://go.dev/issue/75676", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", + "https://pkg.go.dev/vuln/GO-2025-4009", + "https://www.cve.org/CVERecord?id=CVE-2025-61723" + ], + "PublishedDate": "2025-10-29T23:16:19.927Z", + "LastModifiedDate": "2026-01-29T15:49:05.343Z" + }, + { + "VulnerabilityID": "CVE-2025-61724", + "VendorIDs": [ + "GO-2025-4015" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1573ddfdbbd8a12077edb2aadc7f6447f80df0b17bc1341f0d0b12aacc637420", + "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", + "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61724", + "https://go.dev/cl/709859", + "https://go.dev/issue/75716", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", + "https://pkg.go.dev/vuln/GO-2025-4015", + "https://www.cve.org/CVERecord?id=CVE-2025-61724" + ], + "PublishedDate": "2025-10-29T23:16:20.02Z", + "LastModifiedDate": "2026-01-29T15:30:53.69Z" + }, + { + "VulnerabilityID": "CVE-2025-61725", + "VendorIDs": [ + "GO-2025-4006" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:807c8567e2e9f1649cb4349cc75f01043b23108a1dd7b9e0bc56e3f71f53f10c", + "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", + "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61725", + "https://go.dev/cl/709860", + "https://go.dev/issue/75680", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", + "https://pkg.go.dev/vuln/GO-2025-4006", + "https://www.cve.org/CVERecord?id=CVE-2025-61725" + ], + "PublishedDate": "2025-10-29T23:16:20.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61727", + "VendorIDs": [ + "GO-2025-4175" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e86eeba00a00e6c770754adc0109469c612f66e72f326149e7f39cc863e32ee3", + "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", + "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61727", + "https://go.dev/cl/723900", + "https://go.dev/issue/76442", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", + "https://pkg.go.dev/vuln/GO-2025-4175", + "https://www.cve.org/CVERecord?id=CVE-2025-61727" + ], + "PublishedDate": "2025-12-03T20:16:25.607Z", + "LastModifiedDate": "2025-12-18T20:15:10.957Z" + }, + { + "VulnerabilityID": "CVE-2025-61728", + "VendorIDs": [ + "GO-2026-4342" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a715f06b50f9bd610dc0d35e2052785181c4fa8eb56d743625c910fadf419b22", + "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", + "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/15/4", + "https://access.redhat.com/errata/RHSA-2026:3753", + "https://access.redhat.com/security/cve/CVE-2025-61728", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434431", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3753.html", + "https://errata.rockylinux.org/RLSA-2026:3337", + "https://go.dev/cl/736713", + "https://go.dev/issue/77102", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61728.html", + "https://linux.oracle.com/errata/ELSA-2026-4672.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", + "https://pkg.go.dev/vuln/GO-2026-4342", + "https://www.cve.org/CVERecord?id=CVE-2025-61728" + ], + "PublishedDate": "2026-01-28T20:16:09.83Z", + "LastModifiedDate": "2026-02-06T18:45:10.42Z" + }, + { + "VulnerabilityID": "CVE-2025-61730", + "VendorIDs": [ + "GO-2026-4340" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5daa1d005a3eb11c9e03f5ce6b44347ffd73f072dc0bda00730850ac890f54da", + "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", + "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "bitnami": 2, + "cbl-mariner": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61730", + "https://go.dev/cl/724120", + "https://go.dev/issue/76443", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", + "https://pkg.go.dev/vuln/GO-2026-4340", + "https://www.cve.org/CVERecord?id=CVE-2025-61730" + ], + "PublishedDate": "2026-01-28T20:16:09.94Z", + "LastModifiedDate": "2026-02-03T20:36:41.3Z" + }, + { + "VulnerabilityID": "CVE-2026-27142", + "VendorIDs": [ + "GO-2026-4603" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c03abe566764149ad0bd7eed852975477f453503355fd19b6264714dd3fcfafc", + "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", + "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27142", + "https://go.dev/cl/752081", + "https://go.dev/issue/77954", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", + "https://pkg.go.dev/vuln/GO-2026-4603", + "https://www.cve.org/CVERecord?id=CVE-2026-27142" + ], + "PublishedDate": "2026-03-06T22:16:01.177Z", + "LastModifiedDate": "2026-04-21T14:30:01.38Z" + }, + { + "VulnerabilityID": "CVE-2026-32282", + "VendorIDs": [ + "GO-2026-4864" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9f375ba06f2db40ddf760f71b27eb38eb8c0806ec9219386179409810e7e5afc", + "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", + "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32282", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763761", + "https://go.dev/issue/78293", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32282.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", + "https://pkg.go.dev/vuln/GO-2026-4864", + "https://www.cve.org/CVERecord?id=CVE-2026-32282" + ], + "PublishedDate": "2026-04-08T02:16:03.467Z", + "LastModifiedDate": "2026-04-16T19:15:39.4Z" + }, + { + "VulnerabilityID": "CVE-2026-32288", + "VendorIDs": [ + "GO-2026-4869" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:04dc2e11af7f267d2e19d3cf5a01646d6d004c7aa99db053db40b8ce87ca0e80", + "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", + "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32288", + "https://go.dev/cl/763766", + "https://go.dev/issue/78301", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", + "https://pkg.go.dev/vuln/GO-2026-4869", + "https://www.cve.org/CVERecord?id=CVE-2026-32288" + ], + "PublishedDate": "2026-04-08T02:16:03.707Z", + "LastModifiedDate": "2026-04-16T19:08:52.24Z" + }, + { + "VulnerabilityID": "CVE-2026-32289", + "VendorIDs": [ + "GO-2026-4865" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c73c6635a7490cec4cc8316b5ebbe9263b5ca37ed7b1751c8ed2fa171efcdbe2", + "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", + "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32289", + "https://go.dev/cl/763762", + "https://go.dev/issue/78331", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", + "https://pkg.go.dev/vuln/GO-2026-4865", + "https://www.cve.org/CVERecord?id=CVE-2026-32289" + ], + "PublishedDate": "2026-04-08T02:16:03.82Z", + "LastModifiedDate": "2026-04-16T19:06:57.367Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:0a13c78a871c468c9c000ef73489f995741d2cee0ed2022ab9a942c1445442e3", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:56e3756223fdd92c39d2b9da865e9899850d53a3f5ea5ac96d70219a08ae7e5f", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.21.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.21.4", + "UID": "d364216c61456e6a" + }, + "InstalledVersion": "v1.21.4", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", + "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5dd6447e702e960bb3efeb06851b8de0f653cf7545edf41dcb19c511d9b552ba", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + } + ] + }, + { + "Namespace": "m3uproxy", + "Kind": "Deployment", + "Name": "m3uproxy", + "Metadata": [ + { + "Size": 171802112, + "OS": { + "Family": "alpine", + "Name": "3.22.1" + }, + "ImageID": "sha256:879beb147d4da23c34c4fd2d68c51f516c749314f7b0bffe27d4ea2d72803495", + "DiffIDs": [ + "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35", + "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9", + "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694", + "sha256:dd2dcbdf70426ec069676f8d050fefdc7dabb4d9582458d08d104ab49a4cc91b", + "sha256:597e548b3624574eaaca9e8acafc23c26fdec4ba0011a3162d0be1d333a45318", + "sha256:0b0a50d3b5b0f6981272c465104eb9d1fd9d31325348eb5d05668c11ae9e22b7", + "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18", + "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" + ], + "RepoTags": [ + "a13labs/m3uproxy:latest" + ], + "RepoDigests": [ + "a13labs/m3uproxy@sha256:830fa57fe59cd18f4656bb2c46d47355da2f1a2557098110e3ac52d60fd30b6b" + ], + "Reference": "a13labs/m3uproxy:latest", + "ImageConfig": { + "architecture": "amd64", + "created": "2025-09-07T18:52:25.746443655Z", + "history": [ + { + "created": "2025-07-15T11:01:16Z", + "created_by": "ADD alpine-minirootfs-3.22.1-x86_64.tar.gz / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-07-15T11:01:16Z", + "created_by": "CMD [\"/bin/sh\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-09-07T18:52:23.020538492Z", + "created_by": "COPY /app/m3uproxy /app/m3uproxy # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-09-07T18:52:23.046260219Z", + "created_by": "COPY /app/m3uproxy-cli /app/m3uproxy-cli # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-09-07T18:52:23.057825012Z", + "created_by": "COPY /app/conf /app/conf # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-09-07T18:52:23.067201341Z", + "created_by": "COPY /app/scripts/entrypoint.sh /app/entrypoint.sh # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-09-07T18:52:23.43507988Z", + "created_by": "COPY /app/player.zip /app/assets/player.zip # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-09-07T18:52:25.729295883Z", + "created_by": "RUN /bin/sh -c apk --no-cache add ca-certificates ffmpeg bash \u0026\u0026 mkdir -p /app/cache # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-09-07T18:52:25.746443655Z", + "created_by": "WORKDIR /app", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-09-07T18:52:25.746443655Z", + "created_by": "EXPOSE map[8080/tcp:{}]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-09-07T18:52:25.746443655Z", + "created_by": "CMD [\"/app/entrypoint.sh\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35", + "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9", + "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694", + "sha256:dd2dcbdf70426ec069676f8d050fefdc7dabb4d9582458d08d104ab49a4cc91b", + "sha256:597e548b3624574eaaca9e8acafc23c26fdec4ba0011a3162d0be1d333a45318", + "sha256:0b0a50d3b5b0f6981272c465104eb9d1fd9d31325348eb5d05668c11ae9e22b7", + "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18", + "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" + ] + }, + "config": { + "Cmd": [ + "/app/entrypoint.sh" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ], + "Labels": { + "org.opencontainers.image.created": "2025-09-07T18:51:37.868Z", + "org.opencontainers.image.description": "A simple M3U streams proxy.", + "org.opencontainers.image.licenses": "MIT", + "org.opencontainers.image.revision": "b8db63703575ae29a95fb6599f2447b0d1de1bcb", + "org.opencontainers.image.source": "https://github.com/a13labs/m3uproxy", + "org.opencontainers.image.title": "m3uproxy", + "org.opencontainers.image.url": "https://github.com/a13labs/m3uproxy", + "org.opencontainers.image.version": "0.0.30" + }, + "WorkingDir": "/app", + "ExposedPorts": { + "8080/tcp": {} + }, + "ArgsEscaped": true + } + }, + "Layers": [ + { + "Size": 8596480, + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + { + "Size": 16915456, + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + { + "Size": 11891200, + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + { + "Size": 4608, + "Digest": "sha256:8aa8374db3c7f12172875626cd522adec6d023c93f65a0fbb59b1f510e0259f5", + "DiffID": "sha256:dd2dcbdf70426ec069676f8d050fefdc7dabb4d9582458d08d104ab49a4cc91b" + }, + { + "Size": 4096, + "Digest": "sha256:a67065a52c1a982f0496ec43e56b0e367c17e5d57d7161734e6dde8d804e3914", + "DiffID": "sha256:597e548b3624574eaaca9e8acafc23c26fdec4ba0011a3162d0be1d333a45318" + }, + { + "Size": 1025024, + "Digest": "sha256:81925f9feab22674a0aa895bc9654edbb579c7824dc8f3923b527c68a77f3870", + "DiffID": "sha256:0b0a50d3b5b0f6981272c465104eb9d1fd9d31325348eb5d05668c11ae9e22b7" + }, + { + "Size": 133364224, + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + { + "Size": 1024, + "Digest": "sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1", + "DiffID": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" + } + ] + } + ], + "Results": [ + { + "Target": "a13labs/m3uproxy:latest (alpine 3.22.1)", + "Class": "os-pkgs", + "Type": "alpine", + "Packages": [ + { + "ID": "alpine-baselayout@3.7.0-r0", + "Name": "alpine-baselayout", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout@3.7.0-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "e1b004c7909e5e42" + }, + "Version": "3.7.0-r0", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.7.0-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-baselayout-data@3.7.0-r0", + "busybox-binsh@1.37.0-r18" + ], + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:29f99748eea1ffe01f70b34024dc45c46d211f8d", + "InstalledFiles": [ + "etc/motd", + "etc/crontabs/root", + "etc/modprobe.d/aliases.conf", + "etc/modprobe.d/blacklist.conf", + "etc/modprobe.d/i386.conf", + "etc/profile.d/20locale.sh", + "etc/profile.d/README", + "etc/profile.d/color_prompt.sh.disabled", + "usr/lib/sysctl.d/00-alpine.conf", + "var/lock", + "var/run", + "var/spool/mail", + "var/spool/cron/crontabs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-baselayout-data@3.7.0-r0", + "Name": "alpine-baselayout-data", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.7.0-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "ab78613e89e34197" + }, + "Version": "3.7.0-r0", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.7.0-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:73f5ef65f8333a1784102df973c076d5a7d5b5fe", + "InstalledFiles": [ + "etc/fstab", + "etc/group", + "etc/hostname", + "etc/hosts", + "etc/inittab", + "etc/modules", + "etc/mtab", + "etc/nsswitch.conf", + "etc/passwd", + "etc/profile", + "etc/protocols", + "etc/services", + "etc/shadow", + "etc/shells", + "etc/sysctl.conf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-keys@2.5-r0", + "Name": "alpine-keys", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-keys@2.5-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "82fba6933d3c7e01" + }, + "Version": "2.5-r0", + "Arch": "x86_64", + "SrcName": "alpine-keys", + "SrcVersion": "2.5-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:b175e48144ebad03d6ba11d45b25aafc2de310c1", + "InstalledFiles": [ + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/loongarch64/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", + "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-release@3.22.1-r0", + "Name": "alpine-release", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-release@3.22.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "b919f62743ce52a6" + }, + "Version": "3.22.1-r0", + "Arch": "x86_64", + "SrcName": "alpine-base", + "SrcVersion": "3.22.1-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-keys@2.5-r0" + ], + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:20af3bbd2f59403c19b22576e458428bf8c09c12", + "InstalledFiles": [ + "etc/alpine-release", + "etc/issue", + "etc/os-release", + "etc/secfixes.d/alpine", + "usr/lib/os-release" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alsa-lib@1.2.14-r0", + "Name": "alsa-lib", + "Identifier": { + "PURL": "pkg:apk/alpine/alsa-lib@1.2.14-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "b44bd32890ed9ca6" + }, + "Version": "1.2.14-r0", + "Arch": "x86_64", + "SrcName": "alsa-lib", + "SrcVersion": "1.2.14-r0", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:78767e048658238059fbf96ee592852a4068254e", + "InstalledFiles": [ + "usr/bin/aserver", + "usr/lib/libasound.so.2", + "usr/lib/libasound.so.2.0.0", + "usr/lib/libatopology.so.2", + "usr/lib/libatopology.so.2.0.0", + "usr/share/alsa/alsa.conf", + "usr/share/alsa/cards/AACI.conf", + "usr/share/alsa/cards/ATIIXP-MODEM.conf", + "usr/share/alsa/cards/ATIIXP-SPDMA.conf", + "usr/share/alsa/cards/ATIIXP.conf", + "usr/share/alsa/cards/AU8810.conf", + "usr/share/alsa/cards/AU8820.conf", + "usr/share/alsa/cards/AU8830.conf", + "usr/share/alsa/cards/Audigy.conf", + "usr/share/alsa/cards/Audigy2.conf", + "usr/share/alsa/cards/Aureon51.conf", + "usr/share/alsa/cards/Aureon71.conf", + "usr/share/alsa/cards/CA0106.conf", + "usr/share/alsa/cards/CMI8338-SWIEC.conf", + "usr/share/alsa/cards/CMI8338.conf", + "usr/share/alsa/cards/CMI8738-MC6.conf", + "usr/share/alsa/cards/CMI8738-MC8.conf", + "usr/share/alsa/cards/CMI8788.conf", + "usr/share/alsa/cards/CS46xx.conf", + "usr/share/alsa/cards/EMU10K1.conf", + "usr/share/alsa/cards/EMU10K1X.conf", + "usr/share/alsa/cards/ENS1370.conf", + "usr/share/alsa/cards/ENS1371.conf", + "usr/share/alsa/cards/ES1968.conf", + "usr/share/alsa/cards/Echo_Echo3G.conf", + "usr/share/alsa/cards/FM801.conf", + "usr/share/alsa/cards/FWSpeakers.conf", + "usr/share/alsa/cards/FireWave.conf", + "usr/share/alsa/cards/GUS.conf", + "usr/share/alsa/cards/HDA-Intel.conf", + "usr/share/alsa/cards/HdmiLpeAudio.conf", + "usr/share/alsa/cards/ICE1712.conf", + "usr/share/alsa/cards/ICE1724.conf", + "usr/share/alsa/cards/ICH-MODEM.conf", + "usr/share/alsa/cards/ICH.conf", + "usr/share/alsa/cards/ICH4.conf", + "usr/share/alsa/cards/Loopback.conf", + "usr/share/alsa/cards/Maestro3.conf", + "usr/share/alsa/cards/NFORCE.conf", + "usr/share/alsa/cards/PC-Speaker.conf", + "usr/share/alsa/cards/PMac.conf", + "usr/share/alsa/cards/PMacToonie.conf", + "usr/share/alsa/cards/PS3.conf", + "usr/share/alsa/cards/RME9636.conf", + "usr/share/alsa/cards/RME9652.conf", + "usr/share/alsa/cards/SB-XFi.conf", + "usr/share/alsa/cards/SI7018.conf", + "usr/share/alsa/cards/TRID4DWAVENX.conf", + "usr/share/alsa/cards/USB-Audio.conf", + "usr/share/alsa/cards/VIA686A.conf", + "usr/share/alsa/cards/VIA8233.conf", + "usr/share/alsa/cards/VIA8233A.conf", + "usr/share/alsa/cards/VIA8237.conf", + "usr/share/alsa/cards/VX222.conf", + "usr/share/alsa/cards/VXPocket.conf", + "usr/share/alsa/cards/VXPocket440.conf", + "usr/share/alsa/cards/YMF744.conf", + "usr/share/alsa/cards/aliases.conf", + "usr/share/alsa/cards/pistachio-card.conf", + "usr/share/alsa/cards/vc4-hdmi.conf", + "usr/share/alsa/ctl/default.conf", + "usr/share/alsa/pcm/center_lfe.conf", + "usr/share/alsa/pcm/default.conf", + "usr/share/alsa/pcm/dmix.conf", + "usr/share/alsa/pcm/dpl.conf", + "usr/share/alsa/pcm/dsnoop.conf", + "usr/share/alsa/pcm/front.conf", + "usr/share/alsa/pcm/hdmi.conf", + "usr/share/alsa/pcm/iec958.conf", + "usr/share/alsa/pcm/modem.conf", + "usr/share/alsa/pcm/rear.conf", + "usr/share/alsa/pcm/side.conf", + "usr/share/alsa/pcm/surround21.conf", + "usr/share/alsa/pcm/surround40.conf", + "usr/share/alsa/pcm/surround41.conf", + "usr/share/alsa/pcm/surround50.conf", + "usr/share/alsa/pcm/surround51.conf", + "usr/share/alsa/pcm/surround71.conf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "aom-libs@3.12.1-r0", + "Name": "aom-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/aom-libs@3.12.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "a57838e0d527f49c" + }, + "Version": "3.12.1-r0", + "Arch": "x86_64", + "SrcName": "aom", + "SrcVersion": "3.12.1-r0", + "Licenses": [ + "BSD-2-Clause", + "custom" + ], + "Maintainer": "Oleg Titov \u003coleg.titov@gmail.com\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:e91d6c62643fd698b33834963d893547520ca622", + "InstalledFiles": [ + "usr/lib/libaom.so.3", + "usr/lib/libaom.so.3.12.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "apk-tools@2.14.9-r2", + "Name": "apk-tools", + "Identifier": { + "PURL": "pkg:apk/alpine/apk-tools@2.14.9-r2?arch=x86_64\u0026distro=3.22.1", + "UID": "adde765a3a34534e" + }, + "Version": "2.14.9-r2", + "Arch": "x86_64", + "SrcName": "apk-tools", + "SrcVersion": "2.14.9-r2", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "ca-certificates-bundle@20250619-r0", + "libapk2@2.14.9-r2", + "libcrypto3@3.5.1-r0", + "musl@1.2.5-r10", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:2a8910d00ac31df2e1ccd94127488ea3a06e2d48", + "InstalledFiles": [ + "sbin/apk" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "bash@5.2.37-r0", + "Name": "bash", + "Identifier": { + "PURL": "pkg:apk/alpine/bash@5.2.37-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "f62bb3d72621b61b" + }, + "Version": "5.2.37-r0", + "Arch": "x86_64", + "SrcName": "bash", + "SrcVersion": "5.2.37-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r18", + "musl@1.2.5-r10", + "readline@8.2.13-r1" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:e2e7691628b43701a0fe7228b8d986a7aeb58aa9", + "InstalledFiles": [ + "bin/bash", + "etc/bash/bashrc", + "etc/profile.d/00-bashrc.sh", + "usr/lib/bash/accept", + "usr/lib/bash/basename", + "usr/lib/bash/csv", + "usr/lib/bash/cut", + "usr/lib/bash/dirname", + "usr/lib/bash/dsv", + "usr/lib/bash/fdflags", + "usr/lib/bash/finfo", + "usr/lib/bash/getconf", + "usr/lib/bash/head", + "usr/lib/bash/id", + "usr/lib/bash/ln", + "usr/lib/bash/logname", + "usr/lib/bash/mkdir", + "usr/lib/bash/mkfifo", + "usr/lib/bash/mktemp", + "usr/lib/bash/mypid", + "usr/lib/bash/pathchk", + "usr/lib/bash/print", + "usr/lib/bash/printenv", + "usr/lib/bash/push", + "usr/lib/bash/realpath", + "usr/lib/bash/rm", + "usr/lib/bash/rmdir", + "usr/lib/bash/seq", + "usr/lib/bash/setpgid", + "usr/lib/bash/sleep", + "usr/lib/bash/stat", + "usr/lib/bash/strftime", + "usr/lib/bash/sync", + "usr/lib/bash/tee", + "usr/lib/bash/truefalse", + "usr/lib/bash/tty", + "usr/lib/bash/uname", + "usr/lib/bash/unlink", + "usr/lib/bash/whoami" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "brotli-libs@1.1.0-r2", + "Name": "brotli-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/brotli-libs@1.1.0-r2?arch=x86_64\u0026distro=3.22.1", + "UID": "da69ac3787a8a478" + }, + "Version": "1.1.0-r2", + "Arch": "x86_64", + "SrcName": "brotli", + "SrcVersion": "1.1.0-r2", + "Licenses": [ + "MIT" + ], + "Maintainer": "prspkt \u003cprspkt@protonmail.com\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:889fa02c5f7cdd90283ce2b68959e9c44e5dfbf2", + "InstalledFiles": [ + "usr/lib/libbrotlicommon.so.1", + "usr/lib/libbrotlicommon.so.1.1.0", + "usr/lib/libbrotlidec.so.1", + "usr/lib/libbrotlidec.so.1.1.0", + "usr/lib/libbrotlienc.so.1", + "usr/lib/libbrotlienc.so.1.1.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox@1.37.0-r18", + "Name": "busybox", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox@1.37.0-r18?arch=x86_64\u0026distro=3.22.1", + "UID": "3da78128164dbbc4" + }, + "Version": "1.37.0-r18", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r18", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:21558d4968f31dcc377c0f27dae9bb0f32bb25d2", + "InstalledFiles": [ + "bin/busybox", + "etc/securetty", + "etc/busybox-paths.d/busybox", + "etc/logrotate.d/acpid", + "etc/network/if-up.d/dad", + "etc/udhcpc/udhcpc.conf", + "usr/share/udhcpc/default.script" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox-binsh@1.37.0-r18", + "Name": "busybox-binsh", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r18?arch=x86_64\u0026distro=3.22.1", + "UID": "c66405e3f8ffde54" + }, + "Version": "1.37.0-r18", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r18", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "busybox@1.37.0-r18" + ], + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:4bcdab5f9122afb4de71bfe8b1125c0c02796793", + "InstalledFiles": [ + "bin/sh" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates@20250619-r0", + "Name": "ca-certificates", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates@20250619-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "854fde5eb11f246f" + }, + "Version": "20250619-r0", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20250619-r0", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r18", + "libcrypto3@3.5.1-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:3b7c32ecd4342d100cf04ca9a4a27702896461e3", + "InstalledFiles": [ + "etc/ca-certificates.conf", + "etc/apk/protected_paths.d/ca-certificates.list", + "etc/ca-certificates/update.d/certhash", + "usr/bin/c_rehash", + "usr/sbin/update-ca-certificates", + "usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", + "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", + "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", + "usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", + "usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", + "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", + "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", + "usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", + "usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", + "usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", + "usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", + "usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", + "usr/share/ca-certificates/mozilla/Certigna.crt", + "usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-01.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-02.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-01.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-02.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_2_2023.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_2_2023.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", + "usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", + "usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", + "usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", + "usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", + "usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", + "usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", + "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", + "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", + "usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", + "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", + "usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", + "usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/Izenpe.com.crt", + "usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", + "usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", + "usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", + "usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", + "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", + "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", + "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", + "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", + "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", + "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", + "usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", + "usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", + "usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", + "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", + "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", + "usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", + "usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", + "usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", + "usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", + "usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", + "usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", + "usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", + "usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", + "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", + "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", + "usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", + "usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", + "usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", + "usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", + "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", + "usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", + "usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", + "usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", + "usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", + "usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", + "usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", + "usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", + "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", + "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", + "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", + "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", + "usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", + "usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates-bundle@20250619-r0", + "Name": "ca-certificates-bundle", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates-bundle@20250619-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "dad0d13eb03c8270" + }, + "Version": "20250619-r0", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20250619-r0", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:32be9117f1879f48b44823fbbd2d9e26a6a9a500", + "InstalledFiles": [ + "etc/ssl/cert.pem", + "etc/ssl/certs/ca-certificates.crt", + "etc/ssl1.1/cert.pem", + "etc/ssl1.1/certs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "cjson@1.7.18-r1", + "Name": "cjson", + "Identifier": { + "PURL": "pkg:apk/alpine/cjson@1.7.18-r1?arch=x86_64\u0026distro=3.22.1", + "UID": "93f520d50c2b1445" + }, + "Version": "1.7.18-r1", + "Arch": "x86_64", + "SrcName": "cjson", + "SrcVersion": "1.7.18-r1", + "Licenses": [ + "MIT" + ], + "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:ccce25f36fea419804c9fb59e52fbcb4abb396eb", + "InstalledFiles": [ + "usr/lib/libcjson.so.1", + "usr/lib/libcjson.so.1.7.18" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "dbus-libs@1.16.2-r1", + "Name": "dbus-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/dbus-libs@1.16.2-r1?arch=x86_64\u0026distro=3.22.1", + "UID": "65fe7f7eaea482a8" + }, + "Version": "1.16.2-r1", + "Arch": "x86_64", + "SrcName": "dbus", + "SrcVersion": "1.16.2-r1", + "Licenses": [ + "AFL-2.1", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:0890976ca17a33dede33013561523b49f123810c", + "InstalledFiles": [ + "usr/lib/libdbus-1.so.3", + "usr/lib/libdbus-1.so.3.38.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ffmpeg@6.1.2-r2", + "Name": "ffmpeg", + "Identifier": { + "PURL": "pkg:apk/alpine/ffmpeg@6.1.2-r2?arch=x86_64\u0026distro=3.22.1", + "UID": "d1ca681eff3d8b6d" + }, + "Version": "6.1.2-r2", + "Arch": "x86_64", + "SrcName": "ffmpeg", + "SrcVersion": "6.1.2-r2", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "ffmpeg-libavcodec@6.1.2-r2", + "ffmpeg-libavdevice@6.1.2-r2", + "ffmpeg-libavfilter@6.1.2-r2", + "ffmpeg-libavformat@6.1.2-r2", + "ffmpeg-libavutil@6.1.2-r2", + "ffmpeg-libpostproc@6.1.2-r2", + "ffmpeg-libswresample@6.1.2-r2", + "ffmpeg-libswscale@6.1.2-r2", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:492342de466f1aeb5964f1f4342ea9f30de74513", + "InstalledFiles": [ + "usr/bin/ffmpeg", + "usr/bin/ffprobe", + "usr/bin/qt-faststart", + "usr/share/ffmpeg/ffprobe.xsd", + "usr/share/ffmpeg/libvpx-1080p.ffpreset", + "usr/share/ffmpeg/libvpx-1080p50_60.ffpreset", + "usr/share/ffmpeg/libvpx-360p.ffpreset", + "usr/share/ffmpeg/libvpx-720p.ffpreset", + "usr/share/ffmpeg/libvpx-720p50_60.ffpreset" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ffmpeg-libavcodec@6.1.2-r2", + "Name": "ffmpeg-libavcodec", + "Identifier": { + "PURL": "pkg:apk/alpine/ffmpeg-libavcodec@6.1.2-r2?arch=x86_64\u0026distro=3.22.1", + "UID": "e5ed44d91064dacb" + }, + "Version": "6.1.2-r2", + "Arch": "x86_64", + "SrcName": "ffmpeg", + "SrcVersion": "6.1.2-r2", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "aom-libs@3.12.1-r0", + "ffmpeg-libavutil@6.1.2-r2", + "ffmpeg-libswresample@6.1.2-r2", + "lame-libs@3.100-r5", + "libSvtAv1Enc@2.3.0-r0", + "libdav1d@1.5.1-r0", + "libjxl@0.10.3-r2", + "libtheora@1.1.1-r18", + "libva@2.22.0-r1", + "libvorbis@1.3.7-r2", + "libvpx@1.15.0-r0", + "libwebp@1.5.0-r0", + "libwebpmux@1.5.0-r0", + "musl@1.2.5-r10", + "onevpl-libs@2023.3.1-r2", + "opus@1.5.2-r1", + "rav1e-libs@0.7.1-r0", + "x264-libs@0.164.3108-r0", + "x265-libs@3.6-r0", + "xvidcore@1.3.7-r2", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:3e2966a56be26d7f5c92ffa9d643f14f60aabe84", + "InstalledFiles": [ + "usr/lib/libavcodec.so.60", + "usr/lib/libavcodec.so.60.31.102" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ffmpeg-libavdevice@6.1.2-r2", + "Name": "ffmpeg-libavdevice", + "Identifier": { + "PURL": "pkg:apk/alpine/ffmpeg-libavdevice@6.1.2-r2?arch=x86_64\u0026distro=3.22.1", + "UID": "70803b8e66f2e4ce" + }, + "Version": "6.1.2-r2", + "Arch": "x86_64", + "SrcName": "ffmpeg", + "SrcVersion": "6.1.2-r2", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alsa-lib@1.2.14-r0", + "ffmpeg-libavcodec@6.1.2-r2", + "ffmpeg-libavfilter@6.1.2-r2", + "ffmpeg-libavformat@6.1.2-r2", + "ffmpeg-libavutil@6.1.2-r2", + "libdrm@2.4.124-r0", + "libpulse@17.0-r5", + "libxcb@1.17.0-r0", + "musl@1.2.5-r10", + "sdl2-compat@2.32.56-r0", + "v4l-utils-libs@1.28.1-r1" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:e06358482f161e7d8f943e1a48a24acbc54c54a1", + "InstalledFiles": [ + "usr/lib/libavdevice.so.60", + "usr/lib/libavdevice.so.60.3.100" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ffmpeg-libavfilter@6.1.2-r2", + "Name": "ffmpeg-libavfilter", + "Identifier": { + "PURL": "pkg:apk/alpine/ffmpeg-libavfilter@6.1.2-r2?arch=x86_64\u0026distro=3.22.1", + "UID": "466c7033174a2418" + }, + "Version": "6.1.2-r2", + "Arch": "x86_64", + "SrcName": "ffmpeg", + "SrcVersion": "6.1.2-r2", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "ffmpeg-libavcodec@6.1.2-r2", + "ffmpeg-libavformat@6.1.2-r2", + "ffmpeg-libavutil@6.1.2-r2", + "ffmpeg-libpostproc@6.1.2-r2", + "ffmpeg-libswresample@6.1.2-r2", + "ffmpeg-libswscale@6.1.2-r2", + "fontconfig@2.15.0-r3", + "freetype@2.13.3-r0", + "fribidi@1.0.16-r1", + "harfbuzz@11.2.1-r0", + "libass@0.17.3-r0", + "libplacebo@6.338.2-r3", + "libva@2.22.0-r1", + "libzmq@4.3.5-r2", + "lilv-libs@0.24.26-r0", + "musl@1.2.5-r10", + "onevpl-libs@2023.3.1-r2", + "vidstab@1.1.1-r0", + "zimg@3.0.5-r3" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:9904e42e74096c296ddfc50af33a4c91493b3063", + "InstalledFiles": [ + "usr/lib/libavfilter.so.9", + "usr/lib/libavfilter.so.9.12.100" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ffmpeg-libavformat@6.1.2-r2", + "Name": "ffmpeg-libavformat", + "Identifier": { + "PURL": "pkg:apk/alpine/ffmpeg-libavformat@6.1.2-r2?arch=x86_64\u0026distro=3.22.1", + "UID": "265c5401a59f5d24" + }, + "Version": "6.1.2-r2", + "Arch": "x86_64", + "SrcName": "ffmpeg", + "SrcVersion": "6.1.2-r2", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "ffmpeg-libavcodec@6.1.2-r2", + "ffmpeg-libavutil@6.1.2-r2", + "libbluray@1.3.4-r1", + "libbz2@1.0.8-r6", + "libcrypto3@3.5.1-r0", + "libopenmpt@0.7.15-r0", + "librist@0.2.10-r1", + "libsrt@1.5.3-r1", + "libssh@0.11.2-r0", + "libssl3@3.5.1-r0", + "libxml2@2.13.8-r0", + "libzmq@4.3.5-r2", + "musl@1.2.5-r10", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:f15642b0118f1918511577b2d5383799f801d347", + "InstalledFiles": [ + "usr/lib/libavformat.so.60", + "usr/lib/libavformat.so.60.16.100" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ffmpeg-libavutil@6.1.2-r2", + "Name": "ffmpeg-libavutil", + "Identifier": { + "PURL": "pkg:apk/alpine/ffmpeg-libavutil@6.1.2-r2?arch=x86_64\u0026distro=3.22.1", + "UID": "b41b47b3e7d93bc5" + }, + "Version": "6.1.2-r2", + "Arch": "x86_64", + "SrcName": "ffmpeg", + "SrcVersion": "6.1.2-r2", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcrypto3@3.5.1-r0", + "libdrm@2.4.124-r0", + "libva@2.22.0-r1", + "libvdpau@1.5-r4", + "libx11@1.8.11-r0", + "musl@1.2.5-r10", + "onevpl-libs@2023.3.1-r2" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:723f928d4f1caf8f8b652ff3f6e5e39f904a786d", + "InstalledFiles": [ + "usr/lib/libavutil.so.58", + "usr/lib/libavutil.so.58.29.100" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ffmpeg-libpostproc@6.1.2-r2", + "Name": "ffmpeg-libpostproc", + "Identifier": { + "PURL": "pkg:apk/alpine/ffmpeg-libpostproc@6.1.2-r2?arch=x86_64\u0026distro=3.22.1", + "UID": "ee05b603ec483cff" + }, + "Version": "6.1.2-r2", + "Arch": "x86_64", + "SrcName": "ffmpeg", + "SrcVersion": "6.1.2-r2", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "ffmpeg-libavutil@6.1.2-r2", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:80dc50f3a2afb9ee39e89511a803351f73657cc3", + "InstalledFiles": [ + "usr/lib/libpostproc.so.57", + "usr/lib/libpostproc.so.57.3.100" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ffmpeg-libswresample@6.1.2-r2", + "Name": "ffmpeg-libswresample", + "Identifier": { + "PURL": "pkg:apk/alpine/ffmpeg-libswresample@6.1.2-r2?arch=x86_64\u0026distro=3.22.1", + "UID": "5b978893cb236500" + }, + "Version": "6.1.2-r2", + "Arch": "x86_64", + "SrcName": "ffmpeg", + "SrcVersion": "6.1.2-r2", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "ffmpeg-libavutil@6.1.2-r2", + "musl@1.2.5-r10", + "soxr@0.1.3-r7" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:5e61829e7c7995eb31cae6988cdb3b6b6660f3b3", + "InstalledFiles": [ + "usr/lib/libswresample.so.4", + "usr/lib/libswresample.so.4.12.100" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ffmpeg-libswscale@6.1.2-r2", + "Name": "ffmpeg-libswscale", + "Identifier": { + "PURL": "pkg:apk/alpine/ffmpeg-libswscale@6.1.2-r2?arch=x86_64\u0026distro=3.22.1", + "UID": "81ff89bcccefc8a3" + }, + "Version": "6.1.2-r2", + "Arch": "x86_64", + "SrcName": "ffmpeg", + "SrcVersion": "6.1.2-r2", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "ffmpeg-libavutil@6.1.2-r2", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:bbc326b76337451146bdb5d25dcf24f3d58d7bbf", + "InstalledFiles": [ + "usr/lib/libswscale.so.7", + "usr/lib/libswscale.so.7.5.100" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "fontconfig@2.15.0-r3", + "Name": "fontconfig", + "Identifier": { + "PURL": "pkg:apk/alpine/fontconfig@2.15.0-r3?arch=x86_64\u0026distro=3.22.1", + "UID": "fbbf679eb09d7bca" + }, + "Version": "2.15.0-r3", + "Arch": "x86_64", + "SrcName": "fontconfig", + "SrcVersion": "2.15.0-r3", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r18", + "freetype@2.13.3-r0", + "libexpat@2.7.1-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:f8a4adf353c174e5287521b7893ce54b4c5f4d86", + "InstalledFiles": [ + "etc/fonts/fonts.conf", + "etc/fonts/conf.d/10-hinting-slight.conf", + "etc/fonts/conf.d/10-scale-bitmap-fonts.conf", + "etc/fonts/conf.d/10-sub-pixel-none.conf", + "etc/fonts/conf.d/10-yes-antialias.conf", + "etc/fonts/conf.d/11-lcdfilter-default.conf", + "etc/fonts/conf.d/20-unhint-small-vera.conf", + "etc/fonts/conf.d/30-metric-aliases.conf", + "etc/fonts/conf.d/40-nonlatin.conf", + "etc/fonts/conf.d/45-generic.conf", + "etc/fonts/conf.d/45-latin.conf", + "etc/fonts/conf.d/48-spacing.conf", + "etc/fonts/conf.d/49-sansserif.conf", + "etc/fonts/conf.d/50-user.conf", + "etc/fonts/conf.d/51-local.conf", + "etc/fonts/conf.d/60-generic.conf", + "etc/fonts/conf.d/60-latin.conf", + "etc/fonts/conf.d/65-fonts-persian.conf", + "etc/fonts/conf.d/65-nonlatin.conf", + "etc/fonts/conf.d/69-unifont.conf", + "etc/fonts/conf.d/80-delicious.conf", + "etc/fonts/conf.d/90-synthetic.conf", + "etc/fonts/conf.d/README", + "usr/bin/fc-cache", + "usr/bin/fc-cat", + "usr/bin/fc-conflist", + "usr/bin/fc-list", + "usr/bin/fc-match", + "usr/bin/fc-pattern", + "usr/bin/fc-query", + "usr/bin/fc-scan", + "usr/bin/fc-validate", + "usr/lib/libfontconfig.so.1", + "usr/lib/libfontconfig.so.1.12.1", + "usr/share/fontconfig/conf.avail/05-reset-dirs-sample.conf", + "usr/share/fontconfig/conf.avail/09-autohint-if-no-hinting.conf", + "usr/share/fontconfig/conf.avail/10-autohint.conf", + "usr/share/fontconfig/conf.avail/10-hinting-full.conf", + "usr/share/fontconfig/conf.avail/10-hinting-medium.conf", + "usr/share/fontconfig/conf.avail/10-hinting-none.conf", + "usr/share/fontconfig/conf.avail/10-hinting-slight.conf", + "usr/share/fontconfig/conf.avail/10-no-antialias.conf", + "usr/share/fontconfig/conf.avail/10-scale-bitmap-fonts.conf", + "usr/share/fontconfig/conf.avail/10-sub-pixel-bgr.conf", + "usr/share/fontconfig/conf.avail/10-sub-pixel-none.conf", + "usr/share/fontconfig/conf.avail/10-sub-pixel-rgb.conf", + "usr/share/fontconfig/conf.avail/10-sub-pixel-vbgr.conf", + "usr/share/fontconfig/conf.avail/10-sub-pixel-vrgb.conf", + "usr/share/fontconfig/conf.avail/10-unhinted.conf", + "usr/share/fontconfig/conf.avail/10-yes-antialias.conf", + "usr/share/fontconfig/conf.avail/11-lcdfilter-default.conf", + "usr/share/fontconfig/conf.avail/11-lcdfilter-legacy.conf", + "usr/share/fontconfig/conf.avail/11-lcdfilter-light.conf", + "usr/share/fontconfig/conf.avail/11-lcdfilter-none.conf", + "usr/share/fontconfig/conf.avail/20-unhint-small-vera.conf", + "usr/share/fontconfig/conf.avail/25-unhint-nonlatin.conf", + "usr/share/fontconfig/conf.avail/30-metric-aliases.conf", + "usr/share/fontconfig/conf.avail/35-lang-normalize.conf", + "usr/share/fontconfig/conf.avail/40-nonlatin.conf", + "usr/share/fontconfig/conf.avail/45-generic.conf", + "usr/share/fontconfig/conf.avail/45-latin.conf", + "usr/share/fontconfig/conf.avail/48-spacing.conf", + "usr/share/fontconfig/conf.avail/49-sansserif.conf", + "usr/share/fontconfig/conf.avail/50-user.conf", + "usr/share/fontconfig/conf.avail/51-local.conf", + "usr/share/fontconfig/conf.avail/60-generic.conf", + "usr/share/fontconfig/conf.avail/60-latin.conf", + "usr/share/fontconfig/conf.avail/65-fonts-persian.conf", + "usr/share/fontconfig/conf.avail/65-khmer.conf", + "usr/share/fontconfig/conf.avail/65-nonlatin.conf", + "usr/share/fontconfig/conf.avail/69-unifont.conf", + "usr/share/fontconfig/conf.avail/70-no-bitmaps.conf", + "usr/share/fontconfig/conf.avail/70-yes-bitmaps.conf", + "usr/share/fontconfig/conf.avail/80-delicious.conf", + "usr/share/fontconfig/conf.avail/90-synthetic.conf", + "usr/share/xml/fontconfig/fonts.dtd" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "freetype@2.13.3-r0", + "Name": "freetype", + "Identifier": { + "PURL": "pkg:apk/alpine/freetype@2.13.3-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "a8c78f3bc3b3e08a" + }, + "Version": "2.13.3-r0", + "Arch": "x86_64", + "SrcName": "freetype", + "SrcVersion": "2.13.3-r0", + "Licenses": [ + "FTL", + "GPL-2.0-or-later" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "brotli-libs@1.1.0-r2", + "libbz2@1.0.8-r6", + "libpng@1.6.47-r0", + "musl@1.2.5-r10", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:bf31020f338d745eda4d86c72190cbe0b5d58bbf", + "InstalledFiles": [ + "usr/lib/libfreetype.so.6", + "usr/lib/libfreetype.so.6.20.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "fribidi@1.0.16-r1", + "Name": "fribidi", + "Identifier": { + "PURL": "pkg:apk/alpine/fribidi@1.0.16-r1?arch=x86_64\u0026distro=3.22.1", + "UID": "99e685a068e3f0d6" + }, + "Version": "1.0.16-r1", + "Arch": "x86_64", + "SrcName": "fribidi", + "SrcVersion": "1.0.16-r1", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Celeste \u003ccielesti@protonmail.com\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:976d40d9a6f4c37f5edc9d6a5c90eee860ab33c4", + "InstalledFiles": [ + "usr/bin/fribidi", + "usr/lib/libfribidi.so.0", + "usr/lib/libfribidi.so.0.4.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "giflib@5.2.2-r1", + "Name": "giflib", + "Identifier": { + "PURL": "pkg:apk/alpine/giflib@5.2.2-r1?arch=x86_64\u0026distro=3.22.1", + "UID": "7d9c79c46a24584b" + }, + "Version": "5.2.2-r1", + "Arch": "x86_64", + "SrcName": "giflib", + "SrcVersion": "5.2.2-r1", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:3e2274b34db77db02f605cf242c696438d5587cc", + "InstalledFiles": [ + "usr/lib/libgif.so.7", + "usr/lib/libgif.so.7.2.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "glib@2.84.4-r0", + "Name": "glib", + "Identifier": { + "PURL": "pkg:apk/alpine/glib@2.84.4-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "97acd79b8c3414dc" + }, + "Version": "2.84.4-r0", + "Arch": "x86_64", + "SrcName": "glib", + "SrcVersion": "2.84.4-r0", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "team/gnome \u003cpabloyoyoista@postmarketos.org\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r18", + "libffi@3.4.8-r0", + "libintl@0.24.1-r0", + "libmount@2.41-r9", + "musl@1.2.5-r10", + "pcre2@10.43-r1", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:fcad0997b4cb10ff97e2d88b0b37120fa08070c7", + "InstalledFiles": [ + "usr/bin/gapplication", + "usr/bin/gdbus", + "usr/bin/gi-compile-repository", + "usr/bin/gi-decompile-typelib", + "usr/bin/gi-inspect-typelib", + "usr/bin/gio", + "usr/bin/gio-querymodules", + "usr/bin/glib-compile-schemas", + "usr/bin/gsettings", + "usr/lib/libgio-2.0.so.0", + "usr/lib/libgio-2.0.so.0.8400.4", + "usr/lib/libgirepository-2.0.so.0", + "usr/lib/libgirepository-2.0.so.0.8400.4", + "usr/lib/libglib-2.0.so.0", + "usr/lib/libglib-2.0.so.0.8400.4", + "usr/lib/libgmodule-2.0.so.0", + "usr/lib/libgmodule-2.0.so.0.8400.4", + "usr/lib/libgobject-2.0.so.0", + "usr/lib/libgobject-2.0.so.0.8400.4", + "usr/lib/libgthread-2.0.so.0", + "usr/lib/libgthread-2.0.so.0.8400.4", + "usr/lib/girepository-1.0/GIRepository-3.0.typelib", + "usr/lib/girepository-1.0/GLib-2.0.typelib", + "usr/lib/girepository-1.0/GLibUnix-2.0.typelib", + "usr/lib/girepository-1.0/GModule-2.0.typelib", + "usr/lib/girepository-1.0/GObject-2.0.typelib", + "usr/lib/girepository-1.0/Gio-2.0.typelib", + "usr/lib/girepository-1.0/GioUnix-2.0.typelib", + "usr/libexec/gio-launch-desktop" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "glslang-libs@1.4.309.0-r0", + "Name": "glslang-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/glslang-libs@1.4.309.0-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "23cb78973eb2fdbd" + }, + "Version": "1.4.309.0-r0", + "Arch": "x86_64", + "SrcName": "glslang", + "SrcVersion": "1.4.309.0-r0", + "Licenses": [ + "BSD-3-Clause", + "BSD-2-Clause", + "MIT", + "Apache-2.0", + "GPL-3.0-or-later" + ], + "Maintainer": "Simon Zeni \u003csimon@bl4ckb0ne.ca\u003e", + "DependsOn": [ + "libstdc++@14.2.0-r6", + "musl@1.2.5-r10", + "spirv-tools@1.4.313.0-r0" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:760f638aebdf76192c8038dc156c1f666312f9d6", + "InstalledFiles": [ + "usr/lib/libSPIRV.so.15", + "usr/lib/libSPIRV.so.15.2.0", + "usr/lib/libSPVRemapper.so.15", + "usr/lib/libSPVRemapper.so.15.2.0", + "usr/lib/libglslang-default-resource-limits.so.15", + "usr/lib/libglslang-default-resource-limits.so.15.2.0", + "usr/lib/libglslang.so.15", + "usr/lib/libglslang.so.15.2.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "graphite2@1.3.14-r6", + "Name": "graphite2", + "Identifier": { + "PURL": "pkg:apk/alpine/graphite2@1.3.14-r6?arch=x86_64\u0026distro=3.22.1", + "UID": "83cb7342420e1a92" + }, + "Version": "1.3.14-r6", + "Arch": "x86_64", + "SrcName": "graphite2", + "SrcVersion": "1.3.14-r6", + "Licenses": [ + "LGPL-2.1-or-later", + "MPL-1.1" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:b3c23f25373bbed90c06e1c93c04f7cde4837a2d", + "InstalledFiles": [ + "usr/lib/libgraphite2.so.3", + "usr/lib/libgraphite2.so.3.2.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "harfbuzz@11.2.1-r0", + "Name": "harfbuzz", + "Identifier": { + "PURL": "pkg:apk/alpine/harfbuzz@11.2.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "ff21ad88e39d89d7" + }, + "Version": "11.2.1-r0", + "Arch": "x86_64", + "SrcName": "harfbuzz", + "SrcVersion": "11.2.1-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "freetype@2.13.3-r0", + "glib@2.84.4-r0", + "graphite2@1.3.14-r6", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:caade18d8ed5bc0e5a5e6fe8e5f389604b519328", + "InstalledFiles": [ + "usr/lib/libharfbuzz.so.0", + "usr/lib/libharfbuzz.so.0.61121.0", + "usr/lib/girepository-1.0/HarfBuzz-0.0.typelib" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "hwdata-pci@0.395-r0", + "Name": "hwdata-pci", + "Identifier": { + "PURL": "pkg:apk/alpine/hwdata-pci@0.395-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "f889a40741a95d66" + }, + "Version": "0.395-r0", + "Arch": "x86_64", + "SrcName": "hwdata", + "SrcVersion": "0.395-r0", + "Licenses": [ + "GPL-2.0-or-later", + "XFree-86-1.1" + ], + "Maintainer": "Simon Zeni \u003csimon@bl4ckb0ne.ca\u003e", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:3b98bc1e6b77d744018ce83ef8eb4f5d673ead0f", + "InstalledFiles": [ + "usr/share/hwdata/pci.ids" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "imath@3.1.12-r0", + "Name": "imath", + "Identifier": { + "PURL": "pkg:apk/alpine/imath@3.1.12-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "35bb3ce914ebf619" + }, + "Version": "3.1.12-r0", + "Arch": "x86_64", + "SrcName": "imath", + "SrcVersion": "3.1.12-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Krassy Boykinov \u003ckboykinov@teamcentrixx.com\u003e", + "DependsOn": [ + "libstdc++@14.2.0-r6", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:d2d3778f82bc8211e140fa773bb331ba758738d6", + "InstalledFiles": [ + "usr/lib/libImath-3_1.so.29", + "usr/lib/libImath-3_1.so.29.11.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "lame-libs@3.100-r5", + "Name": "lame-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/lame-libs@3.100-r5?arch=x86_64\u0026distro=3.22.1", + "UID": "84eb35ecd836e15a" + }, + "Version": "3.100-r5", + "Arch": "x86_64", + "SrcName": "lame", + "SrcVersion": "3.100-r5", + "Licenses": [ + "LGPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:74044d63bfb1fd2455e5ae84c1b9efd8ab8d1f17", + "InstalledFiles": [ + "usr/lib/libmp3lame.so.0", + "usr/lib/libmp3lame.so.0.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "lcms2@2.16-r0", + "Name": "lcms2", + "Identifier": { + "PURL": "pkg:apk/alpine/lcms2@2.16-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "37892de0d9654e69" + }, + "Version": "2.16-r0", + "Arch": "x86_64", + "SrcName": "lcms2", + "SrcVersion": "2.16-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:141310f5165a9e8f7f6e7673e2737c0369ff7a8a", + "InstalledFiles": [ + "usr/lib/liblcms2.so.2", + "usr/lib/liblcms2.so.2.0.16" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libSvtAv1Enc@2.3.0-r0", + "Name": "libSvtAv1Enc", + "Identifier": { + "PURL": "pkg:apk/alpine/libsvtav1enc@2.3.0-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "38b005e0765eeea" + }, + "Version": "2.3.0-r0", + "Arch": "x86_64", + "SrcName": "svt-av1", + "SrcVersion": "2.3.0-r0", + "Licenses": [ + "BSD-3-Clause-Clear" + ], + "Maintainer": "Oleg Titov \u003coleg.titov@gmail.com\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:a967a1360c0a5accb93b1ef7055bb6ca6de0601c", + "InstalledFiles": [ + "usr/lib/libSvtAv1Enc.so.2", + "usr/lib/libSvtAv1Enc.so.2.3.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libapk2@2.14.9-r2", + "Name": "libapk2", + "Identifier": { + "PURL": "pkg:apk/alpine/libapk2@2.14.9-r2?arch=x86_64\u0026distro=3.22.1", + "UID": "fc5150123bb2dd6a" + }, + "Version": "2.14.9-r2", + "Arch": "x86_64", + "SrcName": "apk-tools", + "SrcVersion": "2.14.9-r2", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "ca-certificates-bundle@20250619-r0", + "libcrypto3@3.5.1-r0", + "libssl3@3.5.1-r0", + "musl@1.2.5-r10", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:d3a20797fcda1b5742c119ffc146c1e110ed418e", + "InstalledFiles": [ + "usr/lib/libapk.so.2.14.9" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libass@0.17.3-r0", + "Name": "libass", + "Identifier": { + "PURL": "pkg:apk/alpine/libass@0.17.3-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "1cd3fda25201e5db" + }, + "Version": "0.17.3-r0", + "Arch": "x86_64", + "SrcName": "libass", + "SrcVersion": "0.17.3-r0", + "Licenses": [ + "ISC" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "fontconfig@2.15.0-r3", + "freetype@2.13.3-r0", + "fribidi@1.0.16-r1", + "harfbuzz@11.2.1-r0", + "libunibreak@6.1-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:e77ee5214f686dd94d0e38468203aafa5db8707f", + "InstalledFiles": [ + "usr/lib/libass.so.9", + "usr/lib/libass.so.9.3.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libasyncns@0.8-r4", + "Name": "libasyncns", + "Identifier": { + "PURL": "pkg:apk/alpine/libasyncns@0.8-r4?arch=x86_64\u0026distro=3.22.1", + "UID": "dcfbf5bc8def9135" + }, + "Version": "0.8-r4", + "Arch": "x86_64", + "SrcName": "libasyncns", + "SrcVersion": "0.8-r4", + "Licenses": [ + "LGPL-2.0-or-later" + ], + "Maintainer": "Celeste \u003ccielesti@protonmail.com\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:df01e91b1b7419ccbda3b589581739a42a1148b8", + "InstalledFiles": [ + "usr/lib/libasyncns.so.0", + "usr/lib/libasyncns.so.0.3.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libblkid@2.41-r9", + "Name": "libblkid", + "Identifier": { + "PURL": "pkg:apk/alpine/libblkid@2.41-r9?arch=x86_64\u0026distro=3.22.1", + "UID": "b6bab395577e9c31" + }, + "Version": "2.41-r9", + "Arch": "x86_64", + "SrcName": "util-linux", + "SrcVersion": "2.41-r9", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libeconf@0.6.3-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:da7a104ebe1e7f00b56527f1423fcd8193ef1aab", + "InstalledFiles": [ + "usr/lib/libblkid.so.1", + "usr/lib/libblkid.so.1.1.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libbluray@1.3.4-r1", + "Name": "libbluray", + "Identifier": { + "PURL": "pkg:apk/alpine/libbluray@1.3.4-r1?arch=x86_64\u0026distro=3.22.1", + "UID": "9a57b71f00918228" + }, + "Version": "1.3.4-r1", + "Arch": "x86_64", + "SrcName": "libbluray", + "SrcVersion": "1.3.4-r1", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Timo Teräs \u003ctimo.teras@iki.fi\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:b27480d977caa780fcebac4aeb7506fad3577c41", + "InstalledFiles": [ + "usr/bin/bd_info", + "usr/bin/bd_list_titles", + "usr/bin/bd_splice", + "usr/lib/libbluray.so.2", + "usr/lib/libbluray.so.2.4.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libbsd@0.12.2-r0", + "Name": "libbsd", + "Identifier": { + "PURL": "pkg:apk/alpine/libbsd@0.12.2-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "f87b6b8c1bdedefd" + }, + "Version": "0.12.2-r0", + "Arch": "x86_64", + "SrcName": "libbsd", + "SrcVersion": "0.12.2-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libmd@1.1.0-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:8c3724586ce305e5e6552acf4b89004f7fc05dd9", + "InstalledFiles": [ + "usr/lib/libbsd.so.0", + "usr/lib/libbsd.so.0.12.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libbz2@1.0.8-r6", + "Name": "libbz2", + "Identifier": { + "PURL": "pkg:apk/alpine/libbz2@1.0.8-r6?arch=x86_64\u0026distro=3.22.1", + "UID": "723292282ebbd061" + }, + "Version": "1.0.8-r6", + "Arch": "x86_64", + "SrcName": "bzip2", + "SrcVersion": "1.0.8-r6", + "Licenses": [ + "bzip-2-1.0.6" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:1c8732214d0947cdbca8b7905576c0d0bc3deb3b", + "InstalledFiles": [ + "usr/lib/libbz2.so.1", + "usr/lib/libbz2.so.1.0.8" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcrypto3@3.5.1-r0", + "Name": "libcrypto3", + "Identifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d1c0fc0b189b35f2" + }, + "Version": "3.5.1-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.5.1-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:cdc005cdb0f91d9f652d17b337b5b9ad0ffa2012", + "InstalledFiles": [ + "etc/ssl/ct_log_list.cnf", + "etc/ssl/ct_log_list.cnf.dist", + "etc/ssl/openssl.cnf", + "etc/ssl/openssl.cnf.dist", + "usr/lib/libcrypto.so.3", + "usr/lib/engines-3/afalg.so", + "usr/lib/engines-3/capi.so", + "usr/lib/engines-3/loader_attic.so", + "usr/lib/engines-3/padlock.so", + "usr/lib/ossl-modules/legacy.so" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libdav1d@1.5.1-r0", + "Name": "libdav1d", + "Identifier": { + "PURL": "pkg:apk/alpine/libdav1d@1.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "3c665267f5ccec62" + }, + "Version": "1.5.1-r0", + "Arch": "x86_64", + "SrcName": "dav1d", + "SrcVersion": "1.5.1-r0", + "Licenses": [ + "BSD-2-Clause" + ], + "Maintainer": "Bart Ribbers \u003cbribbers@disroot.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:77ae2dcc6ce1090ad524fe1c4b1d70e34e330db7", + "InstalledFiles": [ + "usr/lib/libdav1d.so.7", + "usr/lib/libdav1d.so.7.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libdeflate@1.23-r0", + "Name": "libdeflate", + "Identifier": { + "PURL": "pkg:apk/alpine/libdeflate@1.23-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "da980bde61ff1bc6" + }, + "Version": "1.23-r0", + "Arch": "x86_64", + "SrcName": "libdeflate", + "SrcVersion": "1.23-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Holger Jaekel \u003cholger.jaekel@gmx.de\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:21dec753a78ca26b92bf183d786aac61a8eca622", + "InstalledFiles": [ + "usr/lib/libdeflate.so.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libdovi@3.3.1-r1", + "Name": "libdovi", + "Identifier": { + "PURL": "pkg:apk/alpine/libdovi@3.3.1-r1?arch=x86_64\u0026distro=3.22.1", + "UID": "e2b542938ef3bd26" + }, + "Version": "3.3.1-r1", + "Arch": "x86_64", + "SrcName": "libdovi", + "SrcVersion": "3.3.1-r1", + "Licenses": [ + "MIT" + ], + "Maintainer": "Krassy Boykinov \u003ckboykinov@teamcentrixx.com\u003e", + "DependsOn": [ + "libgcc@14.2.0-r6", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:e187efbef72d47ee378237b147f0a054332879e9", + "InstalledFiles": [ + "usr/lib/libdovi.so.3", + "usr/lib/libdovi.so.3.3.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libdrm@2.4.124-r0", + "Name": "libdrm", + "Identifier": { + "PURL": "pkg:apk/alpine/libdrm@2.4.124-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "264f3083bdba6e86" + }, + "Version": "2.4.124-r0", + "Arch": "x86_64", + "SrcName": "libdrm", + "SrcVersion": "2.4.124-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libpciaccess@0.18.1-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:09a85a6a02e935299576de4377c6438635b46c72", + "InstalledFiles": [ + "usr/lib/libdrm.so.2", + "usr/lib/libdrm.so.2.124.0", + "usr/lib/libdrm_amdgpu.so.1", + "usr/lib/libdrm_amdgpu.so.1.124.0", + "usr/lib/libdrm_etnaviv.so.1", + "usr/lib/libdrm_etnaviv.so.1.124.0", + "usr/lib/libdrm_exynos.so.1", + "usr/lib/libdrm_exynos.so.1.124.0", + "usr/lib/libdrm_freedreno.so.1", + "usr/lib/libdrm_freedreno.so.1.124.0", + "usr/lib/libdrm_intel.so.1", + "usr/lib/libdrm_intel.so.1.124.0", + "usr/lib/libdrm_nouveau.so.2", + "usr/lib/libdrm_nouveau.so.2.124.0", + "usr/lib/libdrm_omap.so.1", + "usr/lib/libdrm_omap.so.1.124.0", + "usr/lib/libdrm_radeon.so.1", + "usr/lib/libdrm_radeon.so.1.124.0", + "usr/lib/libdrm_tegra.so.0", + "usr/lib/libdrm_tegra.so.0.124.0", + "usr/share/libdrm/amdgpu.ids" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libeconf@0.6.3-r0", + "Name": "libeconf", + "Identifier": { + "PURL": "pkg:apk/alpine/libeconf@0.6.3-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d4dedf76559a1a23" + }, + "Version": "0.6.3-r0", + "Arch": "x86_64", + "SrcName": "libeconf", + "SrcVersion": "0.6.3-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:194e60221ae9601f42f6c7a859ef8f447857415d", + "InstalledFiles": [ + "usr/bin/econftool", + "usr/lib/libeconf.so.0", + "usr/lib/libeconf.so.0.6.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libexpat@2.7.1-r0", + "Name": "libexpat", + "Identifier": { + "PURL": "pkg:apk/alpine/libexpat@2.7.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "3f5e1118b4fa3f46" + }, + "Version": "2.7.1-r0", + "Arch": "x86_64", + "SrcName": "expat", + "SrcVersion": "2.7.1-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:249bf47cc6f2a67a4307f21daddb103a5108ded5", + "InstalledFiles": [ + "usr/lib/libexpat.so.1", + "usr/lib/libexpat.so.1.10.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libffi@3.4.8-r0", + "Name": "libffi", + "Identifier": { + "PURL": "pkg:apk/alpine/libffi@3.4.8-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "8338231f91849d33" + }, + "Version": "3.4.8-r0", + "Arch": "x86_64", + "SrcName": "libffi", + "SrcVersion": "3.4.8-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:e5d01118f5ad008bb2df07635af364933b4ff20f", + "InstalledFiles": [ + "usr/lib/libffi.so.8", + "usr/lib/libffi.so.8.1.4" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libflac@1.4.3-r1", + "Name": "libflac", + "Identifier": { + "PURL": "pkg:apk/alpine/libflac@1.4.3-r1?arch=x86_64\u0026distro=3.22.1", + "UID": "54ffcd689fe3a9bb" + }, + "Version": "1.4.3-r1", + "Arch": "x86_64", + "SrcName": "flac", + "SrcVersion": "1.4.3-r1", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libogg@1.3.5-r5", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:cd1c9bda715cb675f5385f43afb7b80eb04077f1", + "InstalledFiles": [ + "usr/lib/libFLAC.so.12", + "usr/lib/libFLAC.so.12.1.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libgcc@14.2.0-r6", + "Name": "libgcc", + "Identifier": { + "PURL": "pkg:apk/alpine/libgcc@14.2.0-r6?arch=x86_64\u0026distro=3.22.1", + "UID": "41a80f62e6ea827d" + }, + "Version": "14.2.0-r6", + "Arch": "x86_64", + "SrcName": "gcc", + "SrcVersion": "14.2.0-r6", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:6945911dc2b13485e97460d9df2716ad1a0aa32d", + "InstalledFiles": [ + "usr/lib/libgcc_s.so.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libgomp@14.2.0-r6", + "Name": "libgomp", + "Identifier": { + "PURL": "pkg:apk/alpine/libgomp@14.2.0-r6?arch=x86_64\u0026distro=3.22.1", + "UID": "465d8155c1b59fb0" + }, + "Version": "14.2.0-r6", + "Arch": "x86_64", + "SrcName": "gcc", + "SrcVersion": "14.2.0-r6", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:7a22cab723a2deab744718c41eb10fe5601646b1", + "InstalledFiles": [ + "usr/lib/libgomp.so.1", + "usr/lib/libgomp.so.1.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libhwy@1.0.7-r1", + "Name": "libhwy", + "Identifier": { + "PURL": "pkg:apk/alpine/libhwy@1.0.7-r1?arch=x86_64\u0026distro=3.22.1", + "UID": "4d626c6f23c88adc" + }, + "Version": "1.0.7-r1", + "Arch": "x86_64", + "SrcName": "highway", + "SrcVersion": "1.0.7-r1", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Alex Xu (Hello71) \u003calex_y_xu@yahoo.ca\u003e", + "DependsOn": [ + "libgcc@14.2.0-r6", + "libstdc++@14.2.0-r6", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:75c297146d6c5527e31bebf15342eb037d7ae6f3", + "InstalledFiles": [ + "usr/lib/libhwy.so.1", + "usr/lib/libhwy.so.1.0.7" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libintl@0.24.1-r0", + "Name": "libintl", + "Identifier": { + "PURL": "pkg:apk/alpine/libintl@0.24.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "5335e41c5d85c80" + }, + "Version": "0.24.1-r0", + "Arch": "x86_64", + "SrcName": "gettext", + "SrcVersion": "0.24.1-r0", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:8f44275c3149194ffa1b7bae29469289f758ed3d", + "InstalledFiles": [ + "usr/lib/libintl.so.8", + "usr/lib/libintl.so.8.4.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libjpeg-turbo@3.1.0-r0", + "Name": "libjpeg-turbo", + "Identifier": { + "PURL": "pkg:apk/alpine/libjpeg-turbo@3.1.0-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "e95b13144780a0f2" + }, + "Version": "3.1.0-r0", + "Arch": "x86_64", + "SrcName": "libjpeg-turbo", + "SrcVersion": "3.1.0-r0", + "Licenses": [ + "BSD-3-Clause", + "IJG", + "Zlib" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:1afd9c6c695403a3b67000f0099d8a302eb3aed9", + "InstalledFiles": [ + "usr/lib/libjpeg.so.8", + "usr/lib/libjpeg.so.8.3.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libjxl@0.10.3-r2", + "Name": "libjxl", + "Identifier": { + "PURL": "pkg:apk/alpine/libjxl@0.10.3-r2?arch=x86_64\u0026distro=3.22.1", + "UID": "11a432964da0cfc1" + }, + "Version": "0.10.3-r2", + "Arch": "x86_64", + "SrcName": "libjxl", + "SrcVersion": "0.10.3-r2", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Alex Xu (Hello71) \u003calex_y_xu@yahoo.ca\u003e", + "DependsOn": [ + "brotli-libs@1.1.0-r2", + "giflib@5.2.2-r1", + "lcms2@2.16-r0", + "libgcc@14.2.0-r6", + "libhwy@1.0.7-r1", + "libjpeg-turbo@3.1.0-r0", + "libpng@1.6.47-r0", + "libstdc++@14.2.0-r6", + "musl@1.2.5-r10", + "openexr-libopenexr@3.3.2-r0" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:1f7f820642a91b74080480fe32fc50e3974776cd", + "InstalledFiles": [ + "usr/lib/libjxl.so.0.10", + "usr/lib/libjxl.so.0.10.3", + "usr/lib/libjxl_cms.so.0.10", + "usr/lib/libjxl_cms.so.0.10.3", + "usr/lib/libjxl_extras_codec.so.0.10", + "usr/lib/libjxl_extras_codec.so.0.10.3", + "usr/lib/libjxl_threads.so.0.10", + "usr/lib/libjxl_threads.so.0.10.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libltdl@2.5.4-r1", + "Name": "libltdl", + "Identifier": { + "PURL": "pkg:apk/alpine/libltdl@2.5.4-r1?arch=x86_64\u0026distro=3.22.1", + "UID": "98f9450bdf76e116" + }, + "Version": "2.5.4-r1", + "Arch": "x86_64", + "SrcName": "libtool", + "SrcVersion": "2.5.4-r1", + "Licenses": [ + "LGPL-2.0-or-later", + "GPL-2.0-or-later" + ], + "Maintainer": "Celeste \u003ccielesti@protonmail.com\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:6970bf366a42daff8b7dca40583e6039a90fc9c3", + "InstalledFiles": [ + "usr/lib/libltdl.so", + "usr/lib/libltdl.so.7", + "usr/lib/libltdl.so.7.3.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libmd@1.1.0-r0", + "Name": "libmd", + "Identifier": { + "PURL": "pkg:apk/alpine/libmd@1.1.0-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "af650d454a3544f2" + }, + "Version": "1.1.0-r0", + "Arch": "x86_64", + "SrcName": "libmd", + "SrcVersion": "1.1.0-r0", + "Licenses": [ + "BSD-3-Clause", + "BSD-2-Clause", + "ISC", + "Beerware", + "Public", + "Domain" + ], + "Maintainer": "omni \u003comni+alpine@hack.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:65a135e641ef9b082f98f70ba100e8617a319042", + "InstalledFiles": [ + "usr/lib/libmd.so.0", + "usr/lib/libmd.so.0.1.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libmount@2.41-r9", + "Name": "libmount", + "Identifier": { + "PURL": "pkg:apk/alpine/libmount@2.41-r9?arch=x86_64\u0026distro=3.22.1", + "UID": "4a0984bbdba43fb1" + }, + "Version": "2.41-r9", + "Arch": "x86_64", + "SrcName": "util-linux", + "SrcVersion": "2.41-r9", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libblkid@2.41-r9", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:9abc2e49772236dab2bbf506488ebdd500d4c1d6", + "InstalledFiles": [ + "usr/lib/libmount.so.1", + "usr/lib/libmount.so.1.1.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libncursesw@6.5_p20250503-r0", + "Name": "libncursesw", + "Identifier": { + "PURL": "pkg:apk/alpine/libncursesw@6.5_p20250503-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "e6be237484e23875" + }, + "Version": "6.5_p20250503-r0", + "Arch": "x86_64", + "SrcName": "ncurses", + "SrcVersion": "6.5_p20250503-r0", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10", + "ncurses-terminfo-base@6.5_p20250503-r0" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:42901f1528399d67e07e14085ee53f1a369b240a", + "InstalledFiles": [ + "usr/lib/libncursesw.so.6", + "usr/lib/libncursesw.so.6.5" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libogg@1.3.5-r5", + "Name": "libogg", + "Identifier": { + "PURL": "pkg:apk/alpine/libogg@1.3.5-r5?arch=x86_64\u0026distro=3.22.1", + "UID": "41d9c41a5625d3c7" + }, + "Version": "1.3.5-r5", + "Arch": "x86_64", + "SrcName": "libogg", + "SrcVersion": "1.3.5-r5", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:b168d44ff7f94007b756c83e00794d5bc969644f", + "InstalledFiles": [ + "usr/lib/libogg.so.0", + "usr/lib/libogg.so.0.8.5" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libopenmpt@0.7.15-r0", + "Name": "libopenmpt", + "Identifier": { + "PURL": "pkg:apk/alpine/libopenmpt@0.7.15-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "db01fc988593c613" + }, + "Version": "0.7.15-r0", + "Arch": "x86_64", + "SrcName": "libopenmpt", + "SrcVersion": "0.7.15-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "knuxify \u003cknuxify@gmail.com\u003e", + "DependsOn": [ + "libgcc@14.2.0-r6", + "libstdc++@14.2.0-r6", + "libvorbis@1.3.7-r2", + "mpg123-libs@1.32.10-r0", + "musl@1.2.5-r10", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:11a241087258caa95080cba8eedc53b61c8fec67", + "InstalledFiles": [ + "usr/lib/libopenmpt.so.0", + "usr/lib/libopenmpt.so.0.4.4" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libpciaccess@0.18.1-r0", + "Name": "libpciaccess", + "Identifier": { + "PURL": "pkg:apk/alpine/libpciaccess@0.18.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "c8054f627183027b" + }, + "Version": "0.18.1-r0", + "Arch": "x86_64", + "SrcName": "libpciaccess", + "SrcVersion": "0.18.1-r0", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "hwdata-pci@0.395-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:801b4af5da9bcd3b01d512a5ca8eafb3257e6e7a", + "InstalledFiles": [ + "usr/lib/libpciaccess.so.0", + "usr/lib/libpciaccess.so.0.11.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libplacebo@6.338.2-r3", + "Name": "libplacebo", + "Identifier": { + "PURL": "pkg:apk/alpine/libplacebo@6.338.2-r3?arch=x86_64\u0026distro=3.22.1", + "UID": "3d3c44157c83e002" + }, + "Version": "6.338.2-r3", + "Arch": "x86_64", + "SrcName": "libplacebo", + "SrcVersion": "6.338.2-r3", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Simon Zeni \u003csimon@bl4ckb0ne.ca\u003e", + "DependsOn": [ + "glslang-libs@1.4.309.0-r0", + "lcms2@2.16-r0", + "libdovi@3.3.1-r1", + "libgcc@14.2.0-r6", + "libstdc++@14.2.0-r6", + "musl@1.2.5-r10", + "shaderc@2024.4-r0", + "vulkan-loader@1.4.313.0-r0" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:4f8594fac1a21f2918f1b7a2f0b1ac3ab6bfc0f5", + "InstalledFiles": [ + "usr/lib/libplacebo.so.338" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libpng@1.6.47-r0", + "Name": "libpng", + "Identifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.47-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "e3b6a2717c0ec76d" + }, + "Version": "1.6.47-r0", + "Arch": "x86_64", + "SrcName": "libpng", + "SrcVersion": "1.6.47-r0", + "Licenses": [ + "Libpng" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:40a4d0e8c5e7cb6f8858b30a4ff9da1770b32604", + "InstalledFiles": [ + "usr/lib/libpng16.so.16", + "usr/lib/libpng16.so.16.47.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libpulse@17.0-r5", + "Name": "libpulse", + "Identifier": { + "PURL": "pkg:apk/alpine/libpulse@17.0-r5?arch=x86_64\u0026distro=3.22.1", + "UID": "b03d4ae95e5d53db" + }, + "Version": "17.0-r5", + "Arch": "x86_64", + "SrcName": "pulseaudio", + "SrcVersion": "17.0-r5", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Pablo Correa Gomez \u003cpabloyoyoista@postmarketos.org\u003e", + "DependsOn": [ + "dbus-libs@1.16.2-r1", + "libasyncns@0.8-r4", + "libintl@0.24.1-r0", + "libltdl@2.5.4-r1", + "libsndfile@1.2.2-r2", + "libx11@1.8.11-r0", + "libxcb@1.17.0-r0", + "musl@1.2.5-r10", + "orc@0.4.40-r1", + "soxr@0.1.3-r7", + "speexdsp@1.2.1-r2", + "tdb-libs@1.4.12-r0" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:26afa10395c4b79010d3ce3910dcd6cda3277418", + "InstalledFiles": [ + "etc/pulse/client.conf", + "usr/lib/libpulse-simple.so.0", + "usr/lib/libpulse-simple.so.0.1.1", + "usr/lib/libpulse.so.0", + "usr/lib/libpulse.so.0.24.3", + "usr/lib/pulseaudio/libpulsecommon-17.0.so", + "usr/lib/pulseaudio/libpulsecore-17.0.so", + "usr/lib/pulseaudio/libpulsedsp.so" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "librist@0.2.10-r1", + "Name": "librist", + "Identifier": { + "PURL": "pkg:apk/alpine/librist@0.2.10-r1?arch=x86_64\u0026distro=3.22.1", + "UID": "b6f7f7ee700914d4" + }, + "Version": "0.2.10-r1", + "Arch": "x86_64", + "SrcName": "librist", + "SrcVersion": "0.2.10-r1", + "Licenses": [ + "BSD-2-Clause" + ], + "Maintainer": "Kevin Wang \u003ckevin@muxable.com\u003e", + "DependsOn": [ + "cjson@1.7.18-r1", + "mbedtls@3.6.4-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:d9af57e9045971bab0f0106c939e8474b36dd940", + "InstalledFiles": [ + "usr/lib/librist.so.4", + "usr/lib/librist.so.4.3.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libsharpyuv@1.5.0-r0", + "Name": "libsharpyuv", + "Identifier": { + "PURL": "pkg:apk/alpine/libsharpyuv@1.5.0-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "6df87ed44310fe1b" + }, + "Version": "1.5.0-r0", + "Arch": "x86_64", + "SrcName": "libwebp", + "SrcVersion": "1.5.0-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:e8bf6a7b6110eaed365ba0b5a38b81e94d48d2bb", + "InstalledFiles": [ + "usr/lib/libsharpyuv.so.0", + "usr/lib/libsharpyuv.so.0.1.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libsndfile@1.2.2-r2", + "Name": "libsndfile", + "Identifier": { + "PURL": "pkg:apk/alpine/libsndfile@1.2.2-r2?arch=x86_64\u0026distro=3.22.1", + "UID": "bc9e0f27ba28c45b" + }, + "Version": "1.2.2-r2", + "Arch": "x86_64", + "SrcName": "libsndfile", + "SrcVersion": "1.2.2-r2", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alsa-lib@1.2.14-r0", + "lame-libs@3.100-r5", + "libflac@1.4.3-r1", + "libogg@1.3.5-r5", + "libvorbis@1.3.7-r2", + "mpg123-libs@1.32.10-r0", + "musl@1.2.5-r10", + "opus@1.5.2-r1" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:74ef7633ec0e66b551757bb34fda7a24bed98f91", + "InstalledFiles": [ + "usr/bin/sndfile-cmp", + "usr/bin/sndfile-concat", + "usr/bin/sndfile-convert", + "usr/bin/sndfile-deinterleave", + "usr/bin/sndfile-info", + "usr/bin/sndfile-interleave", + "usr/bin/sndfile-metadata-get", + "usr/bin/sndfile-metadata-set", + "usr/bin/sndfile-play", + "usr/bin/sndfile-salvage", + "usr/lib/libsndfile.so.1", + "usr/lib/libsndfile.so.1.0.37" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libsodium@1.0.20-r0", + "Name": "libsodium", + "Identifier": { + "PURL": "pkg:apk/alpine/libsodium@1.0.20-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d13383d8fc4236f0" + }, + "Version": "1.0.20-r0", + "Arch": "x86_64", + "SrcName": "libsodium", + "SrcVersion": "1.0.20-r0", + "Licenses": [ + "ISC" + ], + "Maintainer": "Stuart Cardall \u003cdeveloper@it-offshore.co.uk\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:3b2df4cca664705b64f0051a4988904a3ba68c5c", + "InstalledFiles": [ + "usr/lib/libsodium.so.26", + "usr/lib/libsodium.so.26.2.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libsrt@1.5.3-r1", + "Name": "libsrt", + "Identifier": { + "PURL": "pkg:apk/alpine/libsrt@1.5.3-r1?arch=x86_64\u0026distro=3.22.1", + "UID": "a43f45e26335c73" + }, + "Version": "1.5.3-r1", + "Arch": "x86_64", + "SrcName": "libsrt", + "SrcVersion": "1.5.3-r1", + "Licenses": [ + "MPL-2.0" + ], + "Maintainer": "Yohann DANELLO \u003cyohann.danello@crans.org\u003e", + "DependsOn": [ + "libcrypto3@3.5.1-r0", + "libgcc@14.2.0-r6", + "libstdc++@14.2.0-r6", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:faa8d62e6444f572925468c2d52ced81a7e873ad", + "InstalledFiles": [ + "usr/lib/libsrt.so.1.5", + "usr/lib/libsrt.so.1.5.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libssh@0.11.2-r0", + "Name": "libssh", + "Identifier": { + "PURL": "pkg:apk/alpine/libssh@0.11.2-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "4655d1342032fe93" + }, + "Version": "0.11.2-r0", + "Arch": "x86_64", + "SrcName": "libssh", + "SrcVersion": "0.11.2-r0", + "Licenses": [ + "LGPL-2.1-or-later", + "BSD-2-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcrypto3@3.5.1-r0", + "musl@1.2.5-r10", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:e881b27ec5156153b63f141a426f3869d859e50a", + "InstalledFiles": [ + "usr/lib/libssh.so.4", + "usr/lib/libssh.so.4.10.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libssl3@3.5.1-r0", + "Name": "libssl3", + "Identifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "bba7017a0fcca05c" + }, + "Version": "3.5.1-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.5.1-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcrypto3@3.5.1-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:fc89917981adb0b33a5ccf84e4168e4256b5065b", + "InstalledFiles": [ + "usr/lib/libssl.so.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libstdc++@14.2.0-r6", + "Name": "libstdc++", + "Identifier": { + "PURL": "pkg:apk/alpine/libstdc%2B%2B@14.2.0-r6?arch=x86_64\u0026distro=3.22.1", + "UID": "5dce1d8e581537ac" + }, + "Version": "14.2.0-r6", + "Arch": "x86_64", + "SrcName": "gcc", + "SrcVersion": "14.2.0-r6", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", + "DependsOn": [ + "libgcc@14.2.0-r6", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:edf5cac1e98ffe4fb3609f48ded83b35bec14c9d", + "InstalledFiles": [ + "usr/lib/libstdc++.so.6", + "usr/lib/libstdc++.so.6.0.33" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libtheora@1.1.1-r18", + "Name": "libtheora", + "Identifier": { + "PURL": "pkg:apk/alpine/libtheora@1.1.1-r18?arch=x86_64\u0026distro=3.22.1", + "UID": "6bd81239841dc789" + }, + "Version": "1.1.1-r18", + "Arch": "x86_64", + "SrcName": "libtheora", + "SrcVersion": "1.1.1-r18", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libogg@1.3.5-r5", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:733abff8a3a1e9e1d9896314818c54a99ef1cbfc", + "InstalledFiles": [ + "usr/lib/libtheora.so.0", + "usr/lib/libtheora.so.0.3.10", + "usr/lib/libtheoradec.so.1", + "usr/lib/libtheoradec.so.1.1.4", + "usr/lib/libtheoraenc.so.1", + "usr/lib/libtheoraenc.so.1.1.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libunibreak@6.1-r0", + "Name": "libunibreak", + "Identifier": { + "PURL": "pkg:apk/alpine/libunibreak@6.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "5280ed8babbac5f5" + }, + "Version": "6.1-r0", + "Arch": "x86_64", + "SrcName": "libunibreak", + "SrcVersion": "6.1-r0", + "Licenses": [ + "Zlib" + ], + "Maintainer": "Krassy Boykinov \u003ckboykinov@teamcentrixx.com\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:c3eb8d63c0bd5954921f82a7caea22af85aa3d46", + "InstalledFiles": [ + "usr/lib/libunibreak.so.6", + "usr/lib/libunibreak.so.6.0.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libva@2.22.0-r1", + "Name": "libva", + "Identifier": { + "PURL": "pkg:apk/alpine/libva@2.22.0-r1?arch=x86_64\u0026distro=3.22.1", + "UID": "12ec6c4146a0065a" + }, + "Version": "2.22.0-r1", + "Arch": "x86_64", + "SrcName": "libva", + "SrcVersion": "2.22.0-r1", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libdrm@2.4.124-r0", + "libx11@1.8.11-r0", + "libxcb@1.17.0-r0", + "libxext@1.3.6-r2", + "libxfixes@6.0.1-r4", + "musl@1.2.5-r10", + "wayland-libs-client@1.23.1-r3" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:a7c242a3168d0c241c2bb0d32cce96a026654a7e", + "InstalledFiles": [ + "usr/lib/libva-drm.so.2", + "usr/lib/libva-drm.so.2.2200.0", + "usr/lib/libva-wayland.so.2", + "usr/lib/libva-wayland.so.2.2200.0", + "usr/lib/libva-x11.so.2", + "usr/lib/libva-x11.so.2.2200.0", + "usr/lib/libva.so.2", + "usr/lib/libva.so.2.2200.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libvdpau@1.5-r4", + "Name": "libvdpau", + "Identifier": { + "PURL": "pkg:apk/alpine/libvdpau@1.5-r4?arch=x86_64\u0026distro=3.22.1", + "UID": "375f8563a40ed4e3" + }, + "Version": "1.5-r4", + "Arch": "x86_64", + "SrcName": "libvdpau", + "SrcVersion": "1.5-r4", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libx11@1.8.11-r0", + "libxext@1.3.6-r2", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:e0b0f8ea1bb3de0766b1881a1a6b6d48ce0fb7f3", + "InstalledFiles": [ + "etc/vdpau_wrapper.cfg", + "usr/lib/libvdpau.so.1", + "usr/lib/libvdpau.so.1.0.0", + "usr/lib/vdpau/libvdpau_trace.so", + "usr/lib/vdpau/libvdpau_trace.so.1", + "usr/lib/vdpau/libvdpau_trace.so.1.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libvorbis@1.3.7-r2", + "Name": "libvorbis", + "Identifier": { + "PURL": "pkg:apk/alpine/libvorbis@1.3.7-r2?arch=x86_64\u0026distro=3.22.1", + "UID": "f7be6badf96359dc" + }, + "Version": "1.3.7-r2", + "Arch": "x86_64", + "SrcName": "libvorbis", + "SrcVersion": "1.3.7-r2", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libogg@1.3.5-r5", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:e71e2d64675fe9500854bdb5237b53c410a4b4c8", + "InstalledFiles": [ + "usr/lib/libvorbis.so.0", + "usr/lib/libvorbis.so.0.4.9", + "usr/lib/libvorbisenc.so.2", + "usr/lib/libvorbisenc.so.2.0.12", + "usr/lib/libvorbisfile.so.3", + "usr/lib/libvorbisfile.so.3.3.8" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libvpx@1.15.0-r0", + "Name": "libvpx", + "Identifier": { + "PURL": "pkg:apk/alpine/libvpx@1.15.0-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "b7c3eecb2cb60c0b" + }, + "Version": "1.15.0-r0", + "Arch": "x86_64", + "SrcName": "libvpx", + "SrcVersion": "1.15.0-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:e680e51b3787cd6510bf4e0dca2afd2a9454e857", + "InstalledFiles": [ + "usr/lib/libvpx.so.9", + "usr/lib/libvpx.so.9.1", + "usr/lib/libvpx.so.9.1.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libwebp@1.5.0-r0", + "Name": "libwebp", + "Identifier": { + "PURL": "pkg:apk/alpine/libwebp@1.5.0-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "f79d7132e70d7690" + }, + "Version": "1.5.0-r0", + "Arch": "x86_64", + "SrcName": "libwebp", + "SrcVersion": "1.5.0-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libsharpyuv@1.5.0-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:b493c8c7e5838ebd63dd68c5414bff9ebef45942", + "InstalledFiles": [ + "usr/lib/libwebp.so.7", + "usr/lib/libwebp.so.7.1.10" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libwebpmux@1.5.0-r0", + "Name": "libwebpmux", + "Identifier": { + "PURL": "pkg:apk/alpine/libwebpmux@1.5.0-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "2c7c718c14f98d9f" + }, + "Version": "1.5.0-r0", + "Arch": "x86_64", + "SrcName": "libwebp", + "SrcVersion": "1.5.0-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libwebp@1.5.0-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:edc7bd50a5f3a146ef11c8e370564ea52a300123", + "InstalledFiles": [ + "usr/lib/libwebpmux.so.3", + "usr/lib/libwebpmux.so.3.1.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libx11@1.8.11-r0", + "Name": "libx11", + "Identifier": { + "PURL": "pkg:apk/alpine/libx11@1.8.11-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "4e43a457eb13191" + }, + "Version": "1.8.11-r0", + "Arch": "x86_64", + "SrcName": "libx11", + "SrcVersion": "1.8.11-r0", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libxcb@1.17.0-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:65356d06ac940f03c80adacfedb2d4b4a95a1a03", + "InstalledFiles": [ + "usr/lib/libX11-xcb.so.1", + "usr/lib/libX11-xcb.so.1.0.0", + "usr/lib/libX11.so.6", + "usr/lib/libX11.so.6.4.0", + "usr/share/X11/XErrorDB", + "usr/share/X11/Xcms.txt", + "usr/share/X11/locale/compose.dir", + "usr/share/X11/locale/locale.alias", + "usr/share/X11/locale/locale.dir", + "usr/share/X11/locale/C/Compose", + "usr/share/X11/locale/C/XI18N_OBJS", + "usr/share/X11/locale/C/XLC_LOCALE", + "usr/share/X11/locale/am_ET.UTF-8/Compose", + "usr/share/X11/locale/am_ET.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/am_ET.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/armscii-8/Compose", + "usr/share/X11/locale/armscii-8/XI18N_OBJS", + "usr/share/X11/locale/armscii-8/XLC_LOCALE", + "usr/share/X11/locale/cs_CZ.UTF-8/Compose", + "usr/share/X11/locale/cs_CZ.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/cs_CZ.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/el_GR.UTF-8/Compose", + "usr/share/X11/locale/el_GR.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/el_GR.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/en_US.UTF-8/Compose", + "usr/share/X11/locale/en_US.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/en_US.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/fi_FI.UTF-8/Compose", + "usr/share/X11/locale/fi_FI.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/fi_FI.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/georgian-academy/Compose", + "usr/share/X11/locale/georgian-academy/XI18N_OBJS", + "usr/share/X11/locale/georgian-academy/XLC_LOCALE", + "usr/share/X11/locale/georgian-ps/Compose", + "usr/share/X11/locale/georgian-ps/XI18N_OBJS", + "usr/share/X11/locale/georgian-ps/XLC_LOCALE", + "usr/share/X11/locale/ibm-cp1133/Compose", + "usr/share/X11/locale/ibm-cp1133/XI18N_OBJS", + "usr/share/X11/locale/ibm-cp1133/XLC_LOCALE", + "usr/share/X11/locale/iscii-dev/Compose", + "usr/share/X11/locale/iscii-dev/XI18N_OBJS", + "usr/share/X11/locale/iscii-dev/XLC_LOCALE", + "usr/share/X11/locale/isiri-3342/Compose", + "usr/share/X11/locale/isiri-3342/XI18N_OBJS", + "usr/share/X11/locale/isiri-3342/XLC_LOCALE", + "usr/share/X11/locale/iso8859-1/Compose", + "usr/share/X11/locale/iso8859-1/XI18N_OBJS", + "usr/share/X11/locale/iso8859-1/XLC_LOCALE", + "usr/share/X11/locale/iso8859-10/Compose", + "usr/share/X11/locale/iso8859-10/XI18N_OBJS", + "usr/share/X11/locale/iso8859-10/XLC_LOCALE", + "usr/share/X11/locale/iso8859-11/Compose", + "usr/share/X11/locale/iso8859-11/XI18N_OBJS", + "usr/share/X11/locale/iso8859-11/XLC_LOCALE", + "usr/share/X11/locale/iso8859-13/Compose", + "usr/share/X11/locale/iso8859-13/XI18N_OBJS", + "usr/share/X11/locale/iso8859-13/XLC_LOCALE", + "usr/share/X11/locale/iso8859-14/Compose", + "usr/share/X11/locale/iso8859-14/XI18N_OBJS", + "usr/share/X11/locale/iso8859-14/XLC_LOCALE", + "usr/share/X11/locale/iso8859-15/Compose", + "usr/share/X11/locale/iso8859-15/XI18N_OBJS", + "usr/share/X11/locale/iso8859-15/XLC_LOCALE", + "usr/share/X11/locale/iso8859-2/Compose", + "usr/share/X11/locale/iso8859-2/XI18N_OBJS", + "usr/share/X11/locale/iso8859-2/XLC_LOCALE", + "usr/share/X11/locale/iso8859-3/Compose", + "usr/share/X11/locale/iso8859-3/XI18N_OBJS", + "usr/share/X11/locale/iso8859-3/XLC_LOCALE", + "usr/share/X11/locale/iso8859-4/Compose", + "usr/share/X11/locale/iso8859-4/XI18N_OBJS", + "usr/share/X11/locale/iso8859-4/XLC_LOCALE", + "usr/share/X11/locale/iso8859-5/Compose", + "usr/share/X11/locale/iso8859-5/XI18N_OBJS", + "usr/share/X11/locale/iso8859-5/XLC_LOCALE", + "usr/share/X11/locale/iso8859-6/Compose", + "usr/share/X11/locale/iso8859-6/XI18N_OBJS", + "usr/share/X11/locale/iso8859-6/XLC_LOCALE", + "usr/share/X11/locale/iso8859-7/Compose", + "usr/share/X11/locale/iso8859-7/XI18N_OBJS", + "usr/share/X11/locale/iso8859-7/XLC_LOCALE", + "usr/share/X11/locale/iso8859-8/Compose", + "usr/share/X11/locale/iso8859-8/XI18N_OBJS", + "usr/share/X11/locale/iso8859-8/XLC_LOCALE", + "usr/share/X11/locale/iso8859-9/Compose", + "usr/share/X11/locale/iso8859-9/XI18N_OBJS", + "usr/share/X11/locale/iso8859-9/XLC_LOCALE", + "usr/share/X11/locale/iso8859-9e/Compose", + "usr/share/X11/locale/iso8859-9e/XI18N_OBJS", + "usr/share/X11/locale/iso8859-9e/XLC_LOCALE", + "usr/share/X11/locale/ja/Compose", + "usr/share/X11/locale/ja/XI18N_OBJS", + "usr/share/X11/locale/ja/XLC_LOCALE", + "usr/share/X11/locale/ja.JIS/Compose", + "usr/share/X11/locale/ja.JIS/XI18N_OBJS", + "usr/share/X11/locale/ja.JIS/XLC_LOCALE", + "usr/share/X11/locale/ja.SJIS/Compose", + "usr/share/X11/locale/ja.SJIS/XI18N_OBJS", + "usr/share/X11/locale/ja.SJIS/XLC_LOCALE", + "usr/share/X11/locale/ja_JP.UTF-8/Compose", + "usr/share/X11/locale/ja_JP.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/ja_JP.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/km_KH.UTF-8/Compose", + "usr/share/X11/locale/km_KH.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/km_KH.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/ko/Compose", + "usr/share/X11/locale/ko/XI18N_OBJS", + "usr/share/X11/locale/ko/XLC_LOCALE", + "usr/share/X11/locale/ko_KR.UTF-8/Compose", + "usr/share/X11/locale/ko_KR.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/ko_KR.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/koi8-c/Compose", + "usr/share/X11/locale/koi8-c/XI18N_OBJS", + "usr/share/X11/locale/koi8-c/XLC_LOCALE", + "usr/share/X11/locale/koi8-r/Compose", + "usr/share/X11/locale/koi8-r/XI18N_OBJS", + "usr/share/X11/locale/koi8-r/XLC_LOCALE", + "usr/share/X11/locale/koi8-u/Compose", + "usr/share/X11/locale/koi8-u/XI18N_OBJS", + "usr/share/X11/locale/koi8-u/XLC_LOCALE", + "usr/share/X11/locale/microsoft-cp1251/Compose", + "usr/share/X11/locale/microsoft-cp1251/XI18N_OBJS", + "usr/share/X11/locale/microsoft-cp1251/XLC_LOCALE", + "usr/share/X11/locale/microsoft-cp1255/Compose", + "usr/share/X11/locale/microsoft-cp1255/XI18N_OBJS", + "usr/share/X11/locale/microsoft-cp1255/XLC_LOCALE", + "usr/share/X11/locale/microsoft-cp1256/Compose", + "usr/share/X11/locale/microsoft-cp1256/XI18N_OBJS", + "usr/share/X11/locale/microsoft-cp1256/XLC_LOCALE", + "usr/share/X11/locale/mulelao-1/Compose", + "usr/share/X11/locale/mulelao-1/XI18N_OBJS", + "usr/share/X11/locale/mulelao-1/XLC_LOCALE", + "usr/share/X11/locale/nokhchi-1/Compose", + "usr/share/X11/locale/nokhchi-1/XI18N_OBJS", + "usr/share/X11/locale/nokhchi-1/XLC_LOCALE", + "usr/share/X11/locale/pt_BR.UTF-8/Compose", + "usr/share/X11/locale/pt_BR.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/pt_BR.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/pt_PT.UTF-8/Compose", + "usr/share/X11/locale/pt_PT.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/pt_PT.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/ru_RU.UTF-8/Compose", + "usr/share/X11/locale/ru_RU.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/ru_RU.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/sr_RS.UTF-8/Compose", + "usr/share/X11/locale/sr_RS.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/sr_RS.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/tatar-cyr/Compose", + "usr/share/X11/locale/tatar-cyr/XI18N_OBJS", + "usr/share/X11/locale/tatar-cyr/XLC_LOCALE", + "usr/share/X11/locale/th_TH/Compose", + "usr/share/X11/locale/th_TH/XI18N_OBJS", + "usr/share/X11/locale/th_TH/XLC_LOCALE", + "usr/share/X11/locale/th_TH.UTF-8/Compose", + "usr/share/X11/locale/th_TH.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/th_TH.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/tscii-0/Compose", + "usr/share/X11/locale/tscii-0/XI18N_OBJS", + "usr/share/X11/locale/tscii-0/XLC_LOCALE", + "usr/share/X11/locale/vi_VN.tcvn/Compose", + "usr/share/X11/locale/vi_VN.tcvn/XI18N_OBJS", + "usr/share/X11/locale/vi_VN.tcvn/XLC_LOCALE", + "usr/share/X11/locale/vi_VN.viscii/Compose", + "usr/share/X11/locale/vi_VN.viscii/XI18N_OBJS", + "usr/share/X11/locale/vi_VN.viscii/XLC_LOCALE", + "usr/share/X11/locale/zh_CN/Compose", + "usr/share/X11/locale/zh_CN/XI18N_OBJS", + "usr/share/X11/locale/zh_CN/XLC_LOCALE", + "usr/share/X11/locale/zh_CN.UTF-8/Compose", + "usr/share/X11/locale/zh_CN.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/zh_CN.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/zh_CN.gb18030/Compose", + "usr/share/X11/locale/zh_CN.gb18030/XI18N_OBJS", + "usr/share/X11/locale/zh_CN.gb18030/XLC_LOCALE", + "usr/share/X11/locale/zh_CN.gbk/Compose", + "usr/share/X11/locale/zh_CN.gbk/XI18N_OBJS", + "usr/share/X11/locale/zh_CN.gbk/XLC_LOCALE", + "usr/share/X11/locale/zh_HK.UTF-8/Compose", + "usr/share/X11/locale/zh_HK.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/zh_HK.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/zh_HK.big5/Compose", + "usr/share/X11/locale/zh_HK.big5/XI18N_OBJS", + "usr/share/X11/locale/zh_HK.big5/XLC_LOCALE", + "usr/share/X11/locale/zh_HK.big5hkscs/Compose", + "usr/share/X11/locale/zh_HK.big5hkscs/XI18N_OBJS", + "usr/share/X11/locale/zh_HK.big5hkscs/XLC_LOCALE", + "usr/share/X11/locale/zh_TW/Compose", + "usr/share/X11/locale/zh_TW/XI18N_OBJS", + "usr/share/X11/locale/zh_TW/XLC_LOCALE", + "usr/share/X11/locale/zh_TW.UTF-8/Compose", + "usr/share/X11/locale/zh_TW.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/zh_TW.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/zh_TW.big5/Compose", + "usr/share/X11/locale/zh_TW.big5/XI18N_OBJS", + "usr/share/X11/locale/zh_TW.big5/XLC_LOCALE" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libxau@1.0.12-r0", + "Name": "libxau", + "Identifier": { + "PURL": "pkg:apk/alpine/libxau@1.0.12-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "f316d58177763d31" + }, + "Version": "1.0.12-r0", + "Arch": "x86_64", + "SrcName": "libxau", + "SrcVersion": "1.0.12-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:0b1fc4b588f11e15acb33344849a797b1b76b196", + "InstalledFiles": [ + "usr/lib/libXau.so.6", + "usr/lib/libXau.so.6.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libxcb@1.17.0-r0", + "Name": "libxcb", + "Identifier": { + "PURL": "pkg:apk/alpine/libxcb@1.17.0-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "3caf7544e25261b1" + }, + "Version": "1.17.0-r0", + "Arch": "x86_64", + "SrcName": "libxcb", + "SrcVersion": "1.17.0-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libxau@1.0.12-r0", + "libxdmcp@1.1.5-r1", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:1bce85e6488dabca4ddef7578f29d14647d252ae", + "InstalledFiles": [ + "usr/lib/libxcb-composite.so.0", + "usr/lib/libxcb-composite.so.0.0.0", + "usr/lib/libxcb-damage.so.0", + "usr/lib/libxcb-damage.so.0.0.0", + "usr/lib/libxcb-dbe.so.0", + "usr/lib/libxcb-dbe.so.0.0.0", + "usr/lib/libxcb-dpms.so.0", + "usr/lib/libxcb-dpms.so.0.0.0", + "usr/lib/libxcb-dri2.so.0", + "usr/lib/libxcb-dri2.so.0.0.0", + "usr/lib/libxcb-dri3.so.0", + "usr/lib/libxcb-dri3.so.0.1.0", + "usr/lib/libxcb-glx.so.0", + "usr/lib/libxcb-glx.so.0.0.0", + "usr/lib/libxcb-present.so.0", + "usr/lib/libxcb-present.so.0.0.0", + "usr/lib/libxcb-randr.so.0", + "usr/lib/libxcb-randr.so.0.1.0", + "usr/lib/libxcb-record.so.0", + "usr/lib/libxcb-record.so.0.0.0", + "usr/lib/libxcb-render.so.0", + "usr/lib/libxcb-render.so.0.0.0", + "usr/lib/libxcb-res.so.0", + "usr/lib/libxcb-res.so.0.0.0", + "usr/lib/libxcb-screensaver.so.0", + "usr/lib/libxcb-screensaver.so.0.0.0", + "usr/lib/libxcb-shape.so.0", + "usr/lib/libxcb-shape.so.0.0.0", + "usr/lib/libxcb-shm.so.0", + "usr/lib/libxcb-shm.so.0.0.0", + "usr/lib/libxcb-sync.so.1", + "usr/lib/libxcb-sync.so.1.0.0", + "usr/lib/libxcb-xf86dri.so.0", + "usr/lib/libxcb-xf86dri.so.0.0.0", + "usr/lib/libxcb-xfixes.so.0", + "usr/lib/libxcb-xfixes.so.0.0.0", + "usr/lib/libxcb-xinerama.so.0", + "usr/lib/libxcb-xinerama.so.0.0.0", + "usr/lib/libxcb-xinput.so.0", + "usr/lib/libxcb-xinput.so.0.1.0", + "usr/lib/libxcb-xkb.so.1", + "usr/lib/libxcb-xkb.so.1.0.0", + "usr/lib/libxcb-xtest.so.0", + "usr/lib/libxcb-xtest.so.0.0.0", + "usr/lib/libxcb-xv.so.0", + "usr/lib/libxcb-xv.so.0.0.0", + "usr/lib/libxcb-xvmc.so.0", + "usr/lib/libxcb-xvmc.so.0.0.0", + "usr/lib/libxcb.so.1", + "usr/lib/libxcb.so.1.1.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libxdmcp@1.1.5-r1", + "Name": "libxdmcp", + "Identifier": { + "PURL": "pkg:apk/alpine/libxdmcp@1.1.5-r1?arch=x86_64\u0026distro=3.22.1", + "UID": "5fbdc4eba65a3276" + }, + "Version": "1.1.5-r1", + "Arch": "x86_64", + "SrcName": "libxdmcp", + "SrcVersion": "1.1.5-r1", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libbsd@0.12.2-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:93b3045edc2bc6b6c9bff981705293a465c9c3b6", + "InstalledFiles": [ + "usr/lib/libXdmcp.so.6", + "usr/lib/libXdmcp.so.6.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libxext@1.3.6-r2", + "Name": "libxext", + "Identifier": { + "PURL": "pkg:apk/alpine/libxext@1.3.6-r2?arch=x86_64\u0026distro=3.22.1", + "UID": "256f99c308ce7622" + }, + "Version": "1.3.6-r2", + "Arch": "x86_64", + "SrcName": "libxext", + "SrcVersion": "1.3.6-r2", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libx11@1.8.11-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:0c16fb7e4b6352c59985ddf17099df039df36bbe", + "InstalledFiles": [ + "usr/lib/libXext.so.6", + "usr/lib/libXext.so.6.4.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libxfixes@6.0.1-r4", + "Name": "libxfixes", + "Identifier": { + "PURL": "pkg:apk/alpine/libxfixes@6.0.1-r4?arch=x86_64\u0026distro=3.22.1", + "UID": "ff38dac5765788" + }, + "Version": "6.0.1-r4", + "Arch": "x86_64", + "SrcName": "libxfixes", + "SrcVersion": "6.0.1-r4", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libx11@1.8.11-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:c0a8f886165929ed128380e9faf8e894c5aa5462", + "InstalledFiles": [ + "usr/lib/libXfixes.so.3", + "usr/lib/libXfixes.so.3.1.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libxml2@2.13.8-r0", + "Name": "libxml2", + "Identifier": { + "PURL": "pkg:apk/alpine/libxml2@2.13.8-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d157fbe9fab04a71" + }, + "Version": "2.13.8-r0", + "Arch": "x86_64", + "SrcName": "libxml2", + "SrcVersion": "2.13.8-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10", + "xz-libs@5.8.1-r0", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:0b927e56e207430656606848bfc2b87d56e47144", + "InstalledFiles": [ + "usr/lib/libxml2.so.2", + "usr/lib/libxml2.so.2.13.8" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libzmq@4.3.5-r2", + "Name": "libzmq", + "Identifier": { + "PURL": "pkg:apk/alpine/libzmq@4.3.5-r2?arch=x86_64\u0026distro=3.22.1", + "UID": "640d4863c07f4753" + }, + "Version": "4.3.5-r2", + "Arch": "x86_64", + "SrcName": "zeromq", + "SrcVersion": "4.3.5-r2", + "Licenses": [ + "MPL-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libgcc@14.2.0-r6", + "libsodium@1.0.20-r0", + "libstdc++@14.2.0-r6", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:ed8f67b1864f055872e951d0c30d51c217c499e1", + "InstalledFiles": [ + "usr/lib/libzmq.so.5", + "usr/lib/libzmq.so.5.2.5" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "lilv-libs@0.24.26-r0", + "Name": "lilv-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/lilv-libs@0.24.26-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "5b057c4db55f61d8" + }, + "Version": "0.24.26-r0", + "Arch": "x86_64", + "SrcName": "lilv", + "SrcVersion": "0.24.26-r0", + "Licenses": [ + "ISC" + ], + "Maintainer": "David Demelier \u003cmarkand@malikania.fr\u003e", + "DependsOn": [ + "musl@1.2.5-r10", + "serd-libs@0.32.4-r0", + "sord-libs@0.16.18-r0", + "sratom@0.6.18-r0", + "zix-libs@0.6.2-r0" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:c473fdf3abe428db511357acd31cdfabe8f4d9b1", + "InstalledFiles": [ + "usr/lib/liblilv-0.so.0", + "usr/lib/liblilv-0.so.0.24.26" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "mbedtls@3.6.4-r0", + "Name": "mbedtls", + "Identifier": { + "PURL": "pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "fd9fb762c16491f4" + }, + "Version": "3.6.4-r0", + "Arch": "x86_64", + "SrcName": "mbedtls", + "SrcVersion": "3.6.4-r0", + "Licenses": [ + "Apache-2.0", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:a09cf007d6047636cddb41623f796edaef93ce68", + "InstalledFiles": [ + "usr/lib/libmbedcrypto.so.16", + "usr/lib/libmbedcrypto.so.3.6.4", + "usr/lib/libmbedtls.so.21", + "usr/lib/libmbedtls.so.3.6.4", + "usr/lib/libmbedx509.so.3.6.4", + "usr/lib/libmbedx509.so.7" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "mpg123-libs@1.32.10-r0", + "Name": "mpg123-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/mpg123-libs@1.32.10-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "70065c214c3e1e19" + }, + "Version": "1.32.10-r0", + "Arch": "x86_64", + "SrcName": "mpg123", + "SrcVersion": "1.32.10-r0", + "Licenses": [ + "LGPL-2.1-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:6fb13a2ff0bf13e67dc416f63012a3dc4d1b388f", + "InstalledFiles": [ + "usr/lib/libmpg123.so.0", + "usr/lib/libmpg123.so.0.48.3", + "usr/lib/libout123.so.0", + "usr/lib/libout123.so.0.5.1", + "usr/lib/libsyn123.so.0", + "usr/lib/libsyn123.so.0.2.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl@1.2.5-r10", + "Name": "musl", + "Identifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r10?arch=x86_64\u0026distro=3.22.1", + "UID": "55e7e479f5580f45" + }, + "Version": "1.2.5-r10", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.5-r10", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:59283b61db830a0a0309c98f4db906a2d8fa342b", + "InstalledFiles": [ + "lib/ld-musl-x86_64.so.1", + "lib/libc.musl-x86_64.so.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl-utils@1.2.5-r10", + "Name": "musl-utils", + "Identifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r10?arch=x86_64\u0026distro=3.22.1", + "UID": "73256102bfd5faee" + }, + "Version": "1.2.5-r10", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.5-r10", + "Licenses": [ + "MIT", + "BSD-2-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10", + "scanelf@1.3.8-r1" + ], + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:7e60d0820813baa8ac266bee158394c0a69f104a", + "InstalledFiles": [ + "sbin/ldconfig", + "usr/bin/getconf", + "usr/bin/getent", + "usr/bin/iconv", + "usr/bin/ldd" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ncurses-terminfo-base@6.5_p20250503-r0", + "Name": "ncurses-terminfo-base", + "Identifier": { + "PURL": "pkg:apk/alpine/ncurses-terminfo-base@6.5_p20250503-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "894c1596a3cf9412" + }, + "Version": "6.5_p20250503-r0", + "Arch": "x86_64", + "SrcName": "ncurses", + "SrcVersion": "6.5_p20250503-r0", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:fea2cc088f02df2feb5da718e70123647f0ef8f7", + "InstalledFiles": [ + "etc/terminfo/a/alacritty", + "etc/terminfo/a/ansi", + "etc/terminfo/d/dumb", + "etc/terminfo/g/gnome", + "etc/terminfo/g/gnome-256color", + "etc/terminfo/k/konsole", + "etc/terminfo/k/konsole-256color", + "etc/terminfo/k/konsole-linux", + "etc/terminfo/l/linux", + "etc/terminfo/p/putty", + "etc/terminfo/p/putty-256color", + "etc/terminfo/r/rxvt", + "etc/terminfo/r/rxvt-256color", + "etc/terminfo/s/screen", + "etc/terminfo/s/screen-256color", + "etc/terminfo/s/st-0.6", + "etc/terminfo/s/st-0.7", + "etc/terminfo/s/st-0.8", + "etc/terminfo/s/st-0.8.5", + "etc/terminfo/s/st-16color", + "etc/terminfo/s/st-256color", + "etc/terminfo/s/st-direct", + "etc/terminfo/s/sun", + "etc/terminfo/t/terminator", + "etc/terminfo/t/terminology", + "etc/terminfo/t/terminology-0.6.1", + "etc/terminfo/t/terminology-1.0.0", + "etc/terminfo/t/terminology-1.8.1", + "etc/terminfo/t/tmux", + "etc/terminfo/t/tmux-256color", + "etc/terminfo/v/vt100", + "etc/terminfo/v/vt102", + "etc/terminfo/v/vt200", + "etc/terminfo/v/vt220", + "etc/terminfo/v/vt52", + "etc/terminfo/v/vte", + "etc/terminfo/v/vte-256color", + "etc/terminfo/x/xterm", + "etc/terminfo/x/xterm-256color", + "etc/terminfo/x/xterm-color", + "etc/terminfo/x/xterm-xfree86" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "numactl@2.0.18-r0", + "Name": "numactl", + "Identifier": { + "PURL": "pkg:apk/alpine/numactl@2.0.18-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "3c885693f1a7427e" + }, + "Version": "2.0.18-r0", + "Arch": "x86_64", + "SrcName": "numactl", + "SrcVersion": "2.0.18-r0", + "Licenses": [ + "LGPL-2.1-only" + ], + "Maintainer": "Daniel Sabogal \u003cdsabogalcc@gmail.com\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:4cf3db7db6738f08a16ab05d10aefe621a564a13", + "InstalledFiles": [ + "usr/lib/libnuma.so.1", + "usr/lib/libnuma.so.1.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "onevpl-libs@2023.3.1-r2", + "Name": "onevpl-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/onevpl-libs@2023.3.1-r2?arch=x86_64\u0026distro=3.22.1", + "UID": "30c7ccb581540253" + }, + "Version": "2023.3.1-r2", + "Arch": "x86_64", + "SrcName": "onevpl", + "SrcVersion": "2023.3.1-r2", + "Licenses": [ + "MIT" + ], + "Maintainer": "Krassy Boykinov \u003ckboykinov@teamcentrixx.com\u003e", + "DependsOn": [ + "libgcc@14.2.0-r6", + "libstdc++@14.2.0-r6", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:ecbcde31409026999dc154ddab6a3dedab77225f", + "InstalledFiles": [ + "usr/lib/libvpl.so.2", + "usr/lib/libvpl.so.2.9" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "openexr-libiex@3.3.2-r0", + "Name": "openexr-libiex", + "Identifier": { + "PURL": "pkg:apk/alpine/openexr-libiex@3.3.2-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "cdfd616d63baaa93" + }, + "Version": "3.3.2-r0", + "Arch": "x86_64", + "SrcName": "openexr", + "SrcVersion": "3.3.2-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Mark Riedesel \u003cmark+alpine@klowner.com\u003e", + "DependsOn": [ + "libgcc@14.2.0-r6", + "libstdc++@14.2.0-r6", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:8d5e760f5a09a28ee61778965aec042c7f45c902", + "InstalledFiles": [ + "usr/lib/libIex-3_3.so.32", + "usr/lib/libIex-3_3.so.32.3.3.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "openexr-libilmthread@3.3.2-r0", + "Name": "openexr-libilmthread", + "Identifier": { + "PURL": "pkg:apk/alpine/openexr-libilmthread@3.3.2-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "10a5ce8857a62438" + }, + "Version": "3.3.2-r0", + "Arch": "x86_64", + "SrcName": "openexr", + "SrcVersion": "3.3.2-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Mark Riedesel \u003cmark+alpine@klowner.com\u003e", + "DependsOn": [ + "libgcc@14.2.0-r6", + "libstdc++@14.2.0-r6", + "musl@1.2.5-r10", + "openexr-libiex@3.3.2-r0" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:1225087ab126d99506e0254cc4c5fe61f4ac3674", + "InstalledFiles": [ + "usr/lib/libIlmThread-3_3.so.32", + "usr/lib/libIlmThread-3_3.so.32.3.3.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "openexr-libopenexr@3.3.2-r0", + "Name": "openexr-libopenexr", + "Identifier": { + "PURL": "pkg:apk/alpine/openexr-libopenexr@3.3.2-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "c36eb059c4b7492d" + }, + "Version": "3.3.2-r0", + "Arch": "x86_64", + "SrcName": "openexr", + "SrcVersion": "3.3.2-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Mark Riedesel \u003cmark+alpine@klowner.com\u003e", + "DependsOn": [ + "imath@3.1.12-r0", + "libgcc@14.2.0-r6", + "libstdc++@14.2.0-r6", + "musl@1.2.5-r10", + "openexr-libiex@3.3.2-r0", + "openexr-libilmthread@3.3.2-r0", + "openexr-libopenexrcore@3.3.2-r0" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:edc0b9680d83ea250eaa5400dd146ecd479e01e5", + "InstalledFiles": [ + "usr/lib/libOpenEXR-3_3.so.32", + "usr/lib/libOpenEXR-3_3.so.32.3.3.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "openexr-libopenexrcore@3.3.2-r0", + "Name": "openexr-libopenexrcore", + "Identifier": { + "PURL": "pkg:apk/alpine/openexr-libopenexrcore@3.3.2-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "7854bb25ca2dab72" + }, + "Version": "3.3.2-r0", + "Arch": "x86_64", + "SrcName": "openexr", + "SrcVersion": "3.3.2-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Mark Riedesel \u003cmark+alpine@klowner.com\u003e", + "DependsOn": [ + "libdeflate@1.23-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:22aeb8074b8f3e6d1244eb6b84da4e17b3f0a80d", + "InstalledFiles": [ + "usr/lib/libOpenEXRCore-3_3.so.32", + "usr/lib/libOpenEXRCore-3_3.so.32.3.3.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "opus@1.5.2-r1", + "Name": "opus", + "Identifier": { + "PURL": "pkg:apk/alpine/opus@1.5.2-r1?arch=x86_64\u0026distro=3.22.1", + "UID": "adba5282ef27d4d2" + }, + "Version": "1.5.2-r1", + "Arch": "x86_64", + "SrcName": "opus", + "SrcVersion": "1.5.2-r1", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:c63abe84baa398cc5b1c8ad016918d4329b708bb", + "InstalledFiles": [ + "usr/lib/libopus.so.0", + "usr/lib/libopus.so.0.10.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "orc@0.4.40-r1", + "Name": "orc", + "Identifier": { + "PURL": "pkg:apk/alpine/orc@0.4.40-r1?arch=x86_64\u0026distro=3.22.1", + "UID": "ce424ac67d05a3d5" + }, + "Version": "0.4.40-r1", + "Arch": "x86_64", + "SrcName": "orc", + "SrcVersion": "0.4.40-r1", + "Licenses": [ + "BSD-2-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:b6bfb5e4dc21d791861e4c4a11702c6344078c6b", + "InstalledFiles": [ + "usr/lib/liborc-0.4.so.0", + "usr/lib/liborc-0.4.so.0.40.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "pcre2@10.43-r1", + "Name": "pcre2", + "Identifier": { + "PURL": "pkg:apk/alpine/pcre2@10.43-r1?arch=x86_64\u0026distro=3.22.1", + "UID": "286dcfd16f9648c3" + }, + "Version": "10.43-r1", + "Arch": "x86_64", + "SrcName": "pcre2", + "SrcVersion": "10.43-r1", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:b3ef6da02d09ea70001e9770b314b6adf3586c7a", + "InstalledFiles": [ + "usr/lib/libpcre2-8.so.0", + "usr/lib/libpcre2-8.so.0.12.0", + "usr/lib/libpcre2-posix.so.3", + "usr/lib/libpcre2-posix.so.3.0.5" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "rav1e-libs@0.7.1-r0", + "Name": "rav1e-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/rav1e-libs@0.7.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "fc985aa0b2eef854" + }, + "Version": "0.7.1-r0", + "Arch": "x86_64", + "SrcName": "rav1e", + "SrcVersion": "0.7.1-r0", + "Licenses": [ + "BSD-2-Clause", + "custom" + ], + "Maintainer": "Oleg Titov \u003coleg.titov@gmail.com\u003e", + "DependsOn": [ + "libgcc@14.2.0-r6", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:5d64139ca90da77d86e9ff6e11c75d82b10a2319", + "InstalledFiles": [ + "usr/lib/librav1e.so.0.7", + "usr/lib/librav1e.so.0.7.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "readline@8.2.13-r1", + "Name": "readline", + "Identifier": { + "PURL": "pkg:apk/alpine/readline@8.2.13-r1?arch=x86_64\u0026distro=3.22.1", + "UID": "37d71f5ec630233b" + }, + "Version": "8.2.13-r1", + "Arch": "x86_64", + "SrcName": "readline", + "SrcVersion": "8.2.13-r1", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Celeste \u003ccielesti@protonmail.com\u003e", + "DependsOn": [ + "libncursesw@6.5_p20250503-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:d305640121793fd79a7636ed10fcc6cb10155e38", + "InstalledFiles": [ + "etc/inputrc", + "usr/lib/libreadline.so.8", + "usr/lib/libreadline.so.8.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "scanelf@1.3.8-r1", + "Name": "scanelf", + "Identifier": { + "PURL": "pkg:apk/alpine/scanelf@1.3.8-r1?arch=x86_64\u0026distro=3.22.1", + "UID": "be156a8575875ef7" + }, + "Version": "1.3.8-r1", + "Arch": "x86_64", + "SrcName": "pax-utils", + "SrcVersion": "1.3.8-r1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:bd6dd1c820d476bcdf8ee38f003bcf2a73323b13", + "InstalledFiles": [ + "usr/bin/scanelf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "sdl2-compat@2.32.56-r0", + "Name": "sdl2-compat", + "Identifier": { + "PURL": "pkg:apk/alpine/sdl2-compat@2.32.56-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "cbf7fcda86c2eeba" + }, + "Version": "2.32.56-r0", + "Arch": "x86_64", + "SrcName": "sdl2-compat", + "SrcVersion": "2.32.56-r0", + "Licenses": [ + "Zlib" + ], + "Maintainer": "fossdd \u003cfossdd@pwned.life\u003e", + "DependsOn": [ + "musl@1.2.5-r10", + "sdl3@3.2.16-r0" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:88501c8077a06e7a4bf7bd9df9807651671c8b86", + "InstalledFiles": [ + "usr/lib/libSDL2-2.0.so.0", + "usr/lib/libSDL2-2.0.so.0.3200.56" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "sdl3@3.2.16-r0", + "Name": "sdl3", + "Identifier": { + "PURL": "pkg:apk/alpine/sdl3@3.2.16-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "f2cd1287a58879a0" + }, + "Version": "3.2.16-r0", + "Arch": "x86_64", + "SrcName": "sdl3", + "SrcVersion": "3.2.16-r0", + "Licenses": [ + "Zlib" + ], + "Maintainer": "Simon Zeni \u003csimon@bl4ckb0ne.ca\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:845b90008b7a4b5034142406bcd55f0a24232d9f", + "InstalledFiles": [ + "usr/lib/libSDL3.so.0", + "usr/lib/libSDL3.so.0.2.16" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "serd-libs@0.32.4-r0", + "Name": "serd-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/serd-libs@0.32.4-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "83ade4869c48e765" + }, + "Version": "0.32.4-r0", + "Arch": "x86_64", + "SrcName": "serd", + "SrcVersion": "0.32.4-r0", + "Licenses": [ + "ISC" + ], + "Maintainer": "David Demelier \u003cmarkand@malikania.fr\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:bd0858718d309370e3b0f318b97c967463502710", + "InstalledFiles": [ + "usr/lib/libserd-0.so.0", + "usr/lib/libserd-0.so.0.32.4" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "shaderc@2024.4-r0", + "Name": "shaderc", + "Identifier": { + "PURL": "pkg:apk/alpine/shaderc@2024.4-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "a08ec1e6674176ec" + }, + "Version": "2024.4-r0", + "Arch": "x86_64", + "SrcName": "shaderc", + "SrcVersion": "2024.4-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Simon Zeni \u003csimon@bl4ckb0ne.ca\u003e", + "DependsOn": [ + "glslang-libs@1.4.309.0-r0", + "libgcc@14.2.0-r6", + "libstdc++@14.2.0-r6", + "musl@1.2.5-r10", + "spirv-tools@1.4.313.0-r0" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:de6e3cae196219c80e8982261759e2ff528e97bc", + "InstalledFiles": [ + "usr/bin/glslc", + "usr/lib/libshaderc_shared.so.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "sord-libs@0.16.18-r0", + "Name": "sord-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/sord-libs@0.16.18-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "c6282dde530d39a9" + }, + "Version": "0.16.18-r0", + "Arch": "x86_64", + "SrcName": "sord", + "SrcVersion": "0.16.18-r0", + "Licenses": [ + "ISC" + ], + "Maintainer": "David Demelier \u003cmarkand@malikania.fr\u003e", + "DependsOn": [ + "musl@1.2.5-r10", + "serd-libs@0.32.4-r0", + "zix-libs@0.6.2-r0" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:b48db46612779b6a9be5cb3af165d5373a5b745c", + "InstalledFiles": [ + "usr/lib/libsord-0.so.0", + "usr/lib/libsord-0.so.0.16.18" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "soxr@0.1.3-r7", + "Name": "soxr", + "Identifier": { + "PURL": "pkg:apk/alpine/soxr@0.1.3-r7?arch=x86_64\u0026distro=3.22.1", + "UID": "279cea8fe7557214" + }, + "Version": "0.1.3-r7", + "Arch": "x86_64", + "SrcName": "soxr", + "SrcVersion": "0.1.3-r7", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", + "DependsOn": [ + "libgomp@14.2.0-r6", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:16bb3ea5933a59f13f92d1f465171d6536253562", + "InstalledFiles": [ + "usr/lib/libsoxr-lsr.so.0", + "usr/lib/libsoxr-lsr.so.0.1.9", + "usr/lib/libsoxr.so.0", + "usr/lib/libsoxr.so.0.1.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "speexdsp@1.2.1-r2", + "Name": "speexdsp", + "Identifier": { + "PURL": "pkg:apk/alpine/speexdsp@1.2.1-r2?arch=x86_64\u0026distro=3.22.1", + "UID": "dad5b9c7c312d2f7" + }, + "Version": "1.2.1-r2", + "Arch": "x86_64", + "SrcName": "speexdsp", + "SrcVersion": "1.2.1-r2", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:8cfae83eccab259534a079b99e9f55d3c02381d0", + "InstalledFiles": [ + "usr/lib/libspeexdsp.so.1", + "usr/lib/libspeexdsp.so.1.5.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "spirv-tools@1.4.313.0-r0", + "Name": "spirv-tools", + "Identifier": { + "PURL": "pkg:apk/alpine/spirv-tools@1.4.313.0-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "e1f71a0eb1f840c7" + }, + "Version": "1.4.313.0-r0", + "Arch": "x86_64", + "SrcName": "spirv-tools", + "SrcVersion": "1.4.313.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Simon Zeni \u003csimon@bl4ckb0ne.ca\u003e", + "DependsOn": [ + "libstdc++@14.2.0-r6", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:529d4e6685ae605340e6e45bdb032cc5327ce68a", + "InstalledFiles": [ + "usr/bin/spirv-as", + "usr/bin/spirv-cfg", + "usr/bin/spirv-dis", + "usr/bin/spirv-lesspipe.sh", + "usr/bin/spirv-link", + "usr/bin/spirv-lint", + "usr/bin/spirv-objdump", + "usr/bin/spirv-opt", + "usr/bin/spirv-reduce", + "usr/bin/spirv-val", + "usr/lib/libSPIRV-Tools-diff.so", + "usr/lib/libSPIRV-Tools-link.so", + "usr/lib/libSPIRV-Tools-lint.so", + "usr/lib/libSPIRV-Tools-opt.so", + "usr/lib/libSPIRV-Tools-reduce.so", + "usr/lib/libSPIRV-Tools-shared.so", + "usr/lib/libSPIRV-Tools.so" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "sratom@0.6.18-r0", + "Name": "sratom", + "Identifier": { + "PURL": "pkg:apk/alpine/sratom@0.6.18-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "2bdef87fa45c89f" + }, + "Version": "0.6.18-r0", + "Arch": "x86_64", + "SrcName": "sratom", + "SrcVersion": "0.6.18-r0", + "Licenses": [ + "ISC" + ], + "Maintainer": "David Demelier \u003cmarkand@malikania.fr\u003e", + "DependsOn": [ + "musl@1.2.5-r10", + "serd-libs@0.32.4-r0", + "sord-libs@0.16.18-r0" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:d04868e23bab2ac601678268b5a897d763500efc", + "InstalledFiles": [ + "usr/lib/libsratom-0.so.0", + "usr/lib/libsratom-0.so.0.6.18" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ssl_client@1.37.0-r18", + "Name": "ssl_client", + "Identifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r18?arch=x86_64\u0026distro=3.22.1", + "UID": "24ada6e59ed92743" + }, + "Version": "1.37.0-r18", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r18", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "libcrypto3@3.5.1-r0", + "libssl3@3.5.1-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:7fa2e0f5a78d7061d18653bc5e38cb83c42d2f3a", + "InstalledFiles": [ + "usr/bin/ssl_client" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "tdb-libs@1.4.12-r0", + "Name": "tdb-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/tdb-libs@1.4.12-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "1ea01a44df9b1720" + }, + "Version": "1.4.12-r0", + "Arch": "x86_64", + "SrcName": "tdb", + "SrcVersion": "1.4.12-r0", + "Licenses": [ + "LGPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:b13ec109b8310e7735717c35996fcfe3f760516e", + "InstalledFiles": [ + "usr/lib/libtdb.so.1", + "usr/lib/libtdb.so.1.4.12" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "v4l-utils-libs@1.28.1-r1", + "Name": "v4l-utils-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/v4l-utils-libs@1.28.1-r1?arch=x86_64\u0026distro=3.22.1", + "UID": "a1413bd07970e59f" + }, + "Version": "1.28.1-r1", + "Arch": "x86_64", + "SrcName": "v4l-utils", + "SrcVersion": "1.28.1-r1", + "Licenses": [ + "LGPL-2.0-or-later" + ], + "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", + "DependsOn": [ + "libjpeg-turbo@3.1.0-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:0a0a8c823b9a8afbfc3070349a19fa1af3b0990c", + "InstalledFiles": [ + "usr/lib/libv4l1.so.0", + "usr/lib/libv4l1.so.0.0.0", + "usr/lib/libv4l2.so.0", + "usr/lib/libv4l2.so.0.0.0", + "usr/lib/libv4l2rds.so.0", + "usr/lib/libv4l2rds.so.0.0.0", + "usr/lib/libv4lconvert.so.0", + "usr/lib/libv4lconvert.so.0.0.0", + "usr/lib/libv4l/ov511-decomp", + "usr/lib/libv4l/ov518-decomp", + "usr/lib/libv4l/v4l1compat.so", + "usr/lib/libv4l/v4l2convert.so", + "usr/lib/libv4l/plugins/libv4l-mplane.so" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "vidstab@1.1.1-r0", + "Name": "vidstab", + "Identifier": { + "PURL": "pkg:apk/alpine/vidstab@1.1.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "9f3489bf5937dee1" + }, + "Version": "1.1.1-r0", + "Arch": "x86_64", + "SrcName": "vidstab", + "SrcVersion": "1.1.1-r0", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Bart Ribbers \u003cbribbers@disroot.org\u003e", + "DependsOn": [ + "libgomp@14.2.0-r6", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:446c2c17e1406d1490fe18b6782fb24b406dbab4", + "InstalledFiles": [ + "usr/lib/libvidstab.so.1.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "vulkan-loader@1.4.313.0-r0", + "Name": "vulkan-loader", + "Identifier": { + "PURL": "pkg:apk/alpine/vulkan-loader@1.4.313.0-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "712f70d4023f6b42" + }, + "Version": "1.4.313.0-r0", + "Arch": "x86_64", + "SrcName": "vulkan-loader", + "SrcVersion": "1.4.313.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Simon Zeni \u003csimon@bl4ckb0ne.ca\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:ff5dff6998e9912a5ac8fbd92951a927d7530823", + "InstalledFiles": [ + "usr/lib/libvulkan.so.1", + "usr/lib/libvulkan.so.1.4.313" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "wayland-libs-client@1.23.1-r3", + "Name": "wayland-libs-client", + "Identifier": { + "PURL": "pkg:apk/alpine/wayland-libs-client@1.23.1-r3?arch=x86_64\u0026distro=3.22.1", + "UID": "c75592ea31efaa50" + }, + "Version": "1.23.1-r3", + "Arch": "x86_64", + "SrcName": "wayland", + "SrcVersion": "1.23.1-r3", + "Licenses": [ + "MIT" + ], + "Maintainer": "Peter Shkenev \u003csanturysim@gmail.com\u003e", + "DependsOn": [ + "libffi@3.4.8-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:ea0f307c796d5b52e9996c072aa933db00e4fc25", + "InstalledFiles": [ + "usr/lib/libwayland-client.so.0", + "usr/lib/libwayland-client.so.0.23.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "x264-libs@0.164.3108-r0", + "Name": "x264-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/x264-libs@0.164.3108-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "e1c4c5322a975f30" + }, + "Version": "0.164.3108-r0", + "Arch": "x86_64", + "SrcName": "x264", + "SrcVersion": "0.164.3108-r0", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:29f301cb84137811e40bc5ebda2a31e8a13e0f12", + "InstalledFiles": [ + "usr/lib/libx264.so.164" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "x265-libs@3.6-r0", + "Name": "x265-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/x265-libs@3.6-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "2e0b049afaf8eff0" + }, + "Version": "3.6-r0", + "Arch": "x86_64", + "SrcName": "x265", + "SrcVersion": "3.6-r0", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libstdc++@14.2.0-r6", + "musl@1.2.5-r10", + "numactl@2.0.18-r0" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:e3c0ce1f33d509174d2fe6cc0be7d5959f0d488f", + "InstalledFiles": [ + "usr/lib/libx265.so.209" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "xvidcore@1.3.7-r2", + "Name": "xvidcore", + "Identifier": { + "PURL": "pkg:apk/alpine/xvidcore@1.3.7-r2?arch=x86_64\u0026distro=3.22.1", + "UID": "97e9305976b03af5" + }, + "Version": "1.3.7-r2", + "Arch": "x86_64", + "SrcName": "xvidcore", + "SrcVersion": "1.3.7-r2", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:1624be47f94fb6f2506170a2a74e52f75bd26c06", + "InstalledFiles": [ + "usr/lib/libxvidcore.so.4", + "usr/lib/libxvidcore.so.4.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "xz-libs@5.8.1-r0", + "Name": "xz-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/xz-libs@5.8.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "8bd18e17467b35f2" + }, + "Version": "5.8.1-r0", + "Arch": "x86_64", + "SrcName": "xz", + "SrcVersion": "5.8.1-r0", + "Licenses": [ + "GPL-2.0-or-later", + "0BSD", + "Public-Domain", + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:fdcdb7d0dc44dd546165ae313122b01d6a20f931", + "InstalledFiles": [ + "usr/lib/liblzma.so.5", + "usr/lib/liblzma.so.5.8.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "zimg@3.0.5-r3", + "Name": "zimg", + "Identifier": { + "PURL": "pkg:apk/alpine/zimg@3.0.5-r3?arch=x86_64\u0026distro=3.22.1", + "UID": "342b4007301215ac" + }, + "Version": "3.0.5-r3", + "Arch": "x86_64", + "SrcName": "zimg", + "SrcVersion": "3.0.5-r3", + "Licenses": [ + "WTFPL" + ], + "Maintainer": "Patrycja Rosa \u003calpine@ptrcnull.me\u003e", + "DependsOn": [ + "libgcc@14.2.0-r6", + "libstdc++@14.2.0-r6", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:65f09609dfce68494573a1dd2098d3bc1f871de8", + "InstalledFiles": [ + "usr/lib/libzimg.so.2", + "usr/lib/libzimg.so.2.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "zix-libs@0.6.2-r0", + "Name": "zix-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/zix-libs@0.6.2-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "7b1f5f25bcde443a" + }, + "Version": "0.6.2-r0", + "Arch": "x86_64", + "SrcName": "zix", + "SrcVersion": "0.6.2-r0", + "Licenses": [ + "ISC" + ], + "Maintainer": "David Demelier \u003cmarkand@malikania.fr\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "Digest": "sha1:9f5f2ea24f8a9917e45d8dd640a1a95e47c748ac", + "InstalledFiles": [ + "usr/lib/libzix-0.so.0", + "usr/lib/libzix-0.so.0.6.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "zlib@1.3.1-r2", + "Name": "zlib", + "Identifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.22.1", + "UID": "23095b6210429e11" + }, + "Version": "1.3.1-r2", + "Arch": "x86_64", + "SrcName": "zlib", + "SrcVersion": "1.3.1-r2", + "Licenses": [ + "Zlib" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:bf7d90d89e5429c18167b91ab8d7e6256cfc7fdf", + "InstalledFiles": [ + "usr/lib/libz.so.1", + "usr/lib/libz.so.1.3.1" + ], + "AnalyzedBy": "apk" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2024-58251", + "PkgID": "busybox@1.37.0-r18", + "PkgName": "busybox", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox@1.37.0-r18?arch=x86_64\u0026distro=3.22.1", + "UID": "3da78128164dbbc4" + }, + "InstalledVersion": "1.37.0-r18", + "FixedVersion": "1.37.0-r20", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:44426e3e02c1ad173d8897fd4b46a1ddcf0c921036e699e838936dfc6ad35059", + "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", + "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/23/6", + "https://bugs.busybox.net/show_bug.cgi?id=15922", + "https://www.busybox.net", + "https://www.busybox.net/downloads/", + "https://www.cve.org/CVERecord?id=CVE-2024-58251" + ], + "PublishedDate": "2025-04-23T18:16:03.057Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-58251", + "PkgID": "busybox-binsh@1.37.0-r18", + "PkgName": "busybox-binsh", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r18?arch=x86_64\u0026distro=3.22.1", + "UID": "c66405e3f8ffde54" + }, + "InstalledVersion": "1.37.0-r18", + "FixedVersion": "1.37.0-r20", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:101c58323064811982af6420b392fac541257c05506da621b78daffa05b9f80f", + "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", + "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/23/6", + "https://bugs.busybox.net/show_bug.cgi?id=15922", + "https://www.busybox.net", + "https://www.busybox.net/downloads/", + "https://www.cve.org/CVERecord?id=CVE-2024-58251" + ], + "PublishedDate": "2025-04-23T18:16:03.057Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-57052", + "PkgID": "cjson@1.7.18-r1", + "PkgName": "cjson", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/cjson@1.7.18-r1?arch=x86_64\u0026distro=3.22.1", + "UID": "93f520d50c2b1445" + }, + "InstalledVersion": "1.7.18-r1", + "FixedVersion": "1.7.19-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-57052", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:85db3c576fd4c9ddeee2dcbbabaed6cf8048a00456603d155c979c4b445e3071", + "Title": "cJSON: out-of-bounds access in decode_array_index_from_pointer() in cJSON_Utils.c via crafted JSON pointer strings", + "Description": "cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125", + "CWE-129" + ], + "VendorSeverity": { + "redhat": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-57052", + "https://github.com/DaveGamble/cJSON/commit/74e1ff4994aa4139126967f6d289b675b4b36fef", + "https://github.com/DaveGamble/cJSON/pull/957", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00019.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-57052", + "https://ubuntu.com/security/notices/USN-7973-1", + "https://www.cve.org/CVERecord?id=CVE-2025-57052", + "https://x-0r.com/posts/cJSON-Array-Index-Parsing-Vulnerability" + ], + "PublishedDate": "2025-09-03T15:15:38.25Z", + "LastModifiedDate": "2025-11-03T19:16:12.46Z" + }, + { + "VulnerabilityID": "CVE-2026-41254", + "PkgID": "lcms2@2.16-r0", + "PkgName": "lcms2", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/lcms2@2.16-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "37892de0d9654e69" + }, + "InstalledVersion": "2.16-r0", + "FixedVersion": "2.19-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41254", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:2bf9c1bfc727df905c1bad479d6c1a347c9cb33f880e20db07564b6c0e5a0f06", + "Title": "Little CMS: lcms2: mm2/Little-CMS: Little CMS: Information disclosure or denial of service via integer overflow in CubeSize", + "Description": "Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-696", + "CWE-190" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "nvd": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 6.1 + } + }, + "References": [ + "https://abhinavagarwal07.github.io/posts/lcms2-cubesize-overflow/", + "https://access.redhat.com/security/cve/CVE-2026-41254", + "https://github.com/mm2/Little-CMS/commit/da6110b1d14abc394633a388209abd5ebedd7ab0", + "https://github.com/mm2/Little-CMS/commit/e0641b1828d0a1af5ecb1b11fe22f24fceefd4bc", + "https://github.com/mm2/Little-CMS/security/advisories/GHSA-4xp6-rcgg-m9qq", + "https://lists.debian.org/debian-lts-announce/2026/05/msg00014.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-41254", + "https://ubuntu.com/security/notices/USN-8209-1", + "https://www.cve.org/CVERecord?id=CVE-2026-41254", + "https://www.openwall.com/lists/oss-security/2026/04/17/16" + ], + "PublishedDate": "2026-04-18T07:16:10.807Z", + "LastModifiedDate": "2026-05-07T18:16:19.3Z" + }, + { + "VulnerabilityID": "CVE-2026-31789", + "PkgID": "libcrypto3@3.5.1-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d1c0fc0b189b35f2" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:61a955f305d08dc7cdf6911e9334752655a166797ad7d2f2de6ccbbeb562c517", + "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", + "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "nvd": 4, + "photon": 4, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 5.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31789", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-j79m-9jxq-788r", + "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", + "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", + "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", + "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", + "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31789", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.617Z", + "LastModifiedDate": "2026-05-12T13:17:34.57Z" + }, + { + "VulnerabilityID": "CVE-2025-15467", + "PkgID": "libcrypto3@3.5.1-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d1c0fc0b189b35f2" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:66f890174c4eafe27262cc7cdf727cf862a47d293588b08bd6e9988d8be40674", + "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", + "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 4, + "julia": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6", + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-15467", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", + "https://github.com/guiimoraes/CVE-2025-15467", + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://linux.oracle.com/cve/CVE-2025-15467.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-15467" + ], + "PublishedDate": "2026-01-27T16:16:14.257Z", + "LastModifiedDate": "2026-05-07T18:12:43.253Z" + }, + { + "VulnerabilityID": "CVE-2025-69421", + "PkgID": "libcrypto3@3.5.1-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d1c0fc0b189b35f2" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:965f3fc5e9cb65c84b0dde0e9aadd25dd04821c68022cf49e3f3c95bd3dd575e", + "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", + "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-69421", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://linux.oracle.com/cve/CVE-2025-69421.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69421" + ], + "PublishedDate": "2026-01-27T16:16:34.437Z", + "LastModifiedDate": "2026-05-12T13:17:26.71Z" + }, + { + "VulnerabilityID": "CVE-2026-28387", + "PkgID": "libcrypto3@3.5.1-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d1c0fc0b189b35f2" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:c1b103957265fac1aa5ab998743320a9d4381119d75c8ae16de127688b14237d", + "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", + "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28387", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", + "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", + "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", + "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", + "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28387", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.7Z", + "LastModifiedDate": "2026-05-12T13:17:33.27Z" + }, + { + "VulnerabilityID": "CVE-2026-28388", + "PkgID": "libcrypto3@3.5.1-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d1c0fc0b189b35f2" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:016902b64d5014ac01de1ddb59ad685822c3d6f4476b7756cba6d5a0c6629475", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", + "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28388", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", + "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", + "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", + "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", + "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28388", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.863Z", + "LastModifiedDate": "2026-05-12T13:17:33.453Z" + }, + { + "VulnerabilityID": "CVE-2026-28389", + "PkgID": "libcrypto3@3.5.1-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d1c0fc0b189b35f2" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:04f7c798493ba35260ac5031f9b4f915c075a11bf4c70c7d8dacd0d8c584cf7d", + "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28389", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/advisories/GHSA-7x88-9hgc-69gf", + "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", + "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", + "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", + "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", + "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28389", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.03Z", + "LastModifiedDate": "2026-05-12T13:17:33.637Z" + }, + { + "VulnerabilityID": "CVE-2026-28390", + "PkgID": "libcrypto3@3.5.1-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d1c0fc0b189b35f2" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:a9f24bcbd588a6d0b452e9e33e8e22683444e6cd1ece9a06d144cce6e07c5f0d", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28390", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", + "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", + "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", + "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", + "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28390", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.19Z", + "LastModifiedDate": "2026-05-12T13:17:33.81Z" + }, + { + "VulnerabilityID": "CVE-2025-11187", + "PkgID": "libcrypto3@3.5.1-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d1c0fc0b189b35f2" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11187", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:7f3e385fe0f5f888d80223201d5454f510523bbd53b543c7fc3f9b3fbb5fd542", + "Title": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file", + "Description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476", + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "julia": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-11187", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-hpc7-gcqm-58fv", + "https://github.com/metadust/CVE-2025-11187", + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://linux.oracle.com/cve/CVE-2025-11187.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-11187" + ], + "PublishedDate": "2026-01-27T16:16:14.093Z", + "LastModifiedDate": "2026-03-20T14:16:13.89Z" + }, + { + "VulnerabilityID": "CVE-2025-69419", + "PkgID": "libcrypto3@3.5.1-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d1c0fc0b189b35f2" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:80a04902af38c24ad935142ea58b184e8a6507b30291badee24ce50bd990c379", + "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", + "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4472", + "https://access.redhat.com/security/cve/CVE-2025-69419", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-4472.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-x77r-97gw-wh89", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://linux.oracle.com/cve/CVE-2025-69419.html", + "https://linux.oracle.com/errata/ELSA-2026-50131.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69419" + ], + "PublishedDate": "2026-01-27T16:16:34.113Z", + "LastModifiedDate": "2026-05-12T13:17:26.19Z" + }, + { + "VulnerabilityID": "CVE-2025-9230", + "PkgID": "libcrypto3@3.5.1-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d1c0fc0b189b35f2" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.4-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:d75205c36d8e4df3ee96c1d60e51a5cd5a18ce1a97a6f941256a6ce1aa510310", + "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", + "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://access.redhat.com/errata/RHSA-2026:2776", + "https://access.redhat.com/security/cve/CVE-2025-9230", + "https://bugzilla.redhat.com/2396054", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", + "https://errata.almalinux.org/9/ALSA-2026-2776.html", + "https://errata.rockylinux.org/RLSA-2025:21255", + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://linux.oracle.com/cve/CVE-2025-9230.html", + "https://linux.oracle.com/errata/ELSA-2026-50114.html", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9230" + ], + "PublishedDate": "2025-09-30T14:15:41.05Z", + "LastModifiedDate": "2026-05-12T13:17:29.767Z" + }, + { + "VulnerabilityID": "CVE-2025-9231", + "PkgID": "libcrypto3@3.5.1-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d1c0fc0b189b35f2" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.4-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:1a16068bd40ade8ea0090a1d426775c09b6872bead2ad860c45ca66004a83627", + "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-385" + ], + "VendorSeverity": { + "amazon": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "http://www.openwall.com/lists/oss-security/2026/05/11/11", + "https://access.redhat.com/security/cve/CVE-2025-9231", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", + "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", + "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", + "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", + "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9231" + ], + "PublishedDate": "2025-09-30T14:15:41.19Z", + "LastModifiedDate": "2026-05-12T13:17:29.927Z" + }, + { + "VulnerabilityID": "CVE-2026-2673", + "PkgID": "libcrypto3@3.5.1-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d1c0fc0b189b35f2" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2673", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:39c5c0c089635ce2c63ef7a1a3de69047e0c4e7182ee97f60e7d4a788323e0ed", + "Title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group", + "Description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-757" + ], + "VendorSeverity": { + "amazon": 1, + "julia": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/13/3", + "https://access.redhat.com/security/cve/CVE-2026-2673", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-wj64-gh9j-xm82", + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", + "https://openssl-library.org/news/secadv/20260313.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-2673" + ], + "PublishedDate": "2026-03-13T19:54:34.033Z", + "LastModifiedDate": "2026-05-18T20:16:37.763Z" + }, + { + "VulnerabilityID": "CVE-2026-31790", + "PkgID": "libcrypto3@3.5.1-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d1c0fc0b189b35f2" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:e5e68f80618acd33c9fc5a44625be0cfefb3450e502d075800cfbdfac089b0bf", + "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", + "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31790", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", + "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", + "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", + "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", + "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", + "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31790", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.77Z", + "LastModifiedDate": "2026-05-12T13:17:34.75Z" + }, + { + "VulnerabilityID": "CVE-2025-59375", + "PkgID": "libexpat@2.7.1-r0", + "PkgName": "libexpat", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libexpat@2.7.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "3f5e1118b4fa3f46" + }, + "InstalledVersion": "2.7.1-r0", + "FixedVersion": "2.7.2-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-59375", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:47a95dcd734dc978385c14e7e3a71e0e61870d8fe28c8b891da7386093ac82c2", + "Title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing", + "Description": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/16/2", + "http://www.openwall.com/lists/oss-security/2026/05/01/5", + "https://access.redhat.com/errata/RHSA-2025:22175", + "https://access.redhat.com/security/cve/CVE-2025-59375", + "https://bugzilla.redhat.com/2395108", + "https://bugzilla.redhat.com/show_bug.cgi?id=2395108", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375", + "https://errata.almalinux.org/9/ALSA-2025-22175.html", + "https://errata.rockylinux.org/RLSA-2025:22175", + "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74", + "https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes", + "https://github.com/libexpat/libexpat/issues/1018", + "https://github.com/libexpat/libexpat/pull/1034", + "https://issues.oss-fuzz.com/issues/439133977", + "https://linux.oracle.com/cve/CVE-2025-59375.html", + "https://linux.oracle.com/errata/ELSA-2026-3407.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-59375", + "https://ubuntu.com/security/notices/USN-8022-1", + "https://www.cve.org/CVERecord?id=CVE-2025-59375", + "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375", + "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375" + ], + "PublishedDate": "2025-09-15T03:15:40.92Z", + "LastModifiedDate": "2026-05-12T13:17:22.64Z" + }, + { + "VulnerabilityID": "CVE-2026-25210", + "PkgID": "libexpat@2.7.1-r0", + "PkgName": "libexpat", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libexpat@2.7.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "3f5e1118b4fa3f46" + }, + "InstalledVersion": "2.7.1-r0", + "FixedVersion": "2.7.4-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25210", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:4c67c731df9312adcf71304673c9fc654d153ebc02795c6c16052536d41b1ea4", + "Title": "libexpat: libexpat: Information disclosure and data integrity issues due to integer overflow in buffer reallocation", + "Description": "In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "nvd": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", + "V3Score": 6.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-25210", + "https://github.com/libexpat/libexpat/pull/1075", + "https://github.com/libexpat/libexpat/pull/1075/commits/9c2d990389e6abe2e44527eeaa8b39f16fe859c7", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25210", + "https://ubuntu.com/security/notices/USN-8022-1", + "https://ubuntu.com/security/notices/USN-8022-2", + "https://ubuntu.com/security/notices/USN-8023-1", + "https://www.cve.org/CVERecord?id=CVE-2026-25210" + ], + "PublishedDate": "2026-01-30T07:16:15.57Z", + "LastModifiedDate": "2026-03-10T18:17:12.78Z" + }, + { + "VulnerabilityID": "CVE-2026-32776", + "PkgID": "libexpat@2.7.1-r0", + "PkgName": "libexpat", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libexpat@2.7.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "3f5e1118b4fa3f46" + }, + "InstalledVersion": "2.7.1-r0", + "FixedVersion": "2.7.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32776", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:f5fafb2287e60f3dc39a8f5347de91f965c15be779d875612beb4082acfe7c56", + "Title": "libexpat: libexpat: Denial of Service due to NULL pointer dereference", + "Description": "libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.2 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32776", + "https://github.com/libexpat/libexpat/pull/1158", + "https://github.com/libexpat/libexpat/pull/1159", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32776", + "https://www.cve.org/CVERecord?id=CVE-2026-32776" + ], + "PublishedDate": "2026-03-16T14:19:44.6Z", + "LastModifiedDate": "2026-03-17T15:52:09.023Z" + }, + { + "VulnerabilityID": "CVE-2026-32777", + "PkgID": "libexpat@2.7.1-r0", + "PkgName": "libexpat", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libexpat@2.7.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "3f5e1118b4fa3f46" + }, + "InstalledVersion": "2.7.1-r0", + "FixedVersion": "2.7.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32777", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:b1f70f92f590b618fd59105133b5e64599c6467aff455b46840237d24c815bc3", + "Title": "libexpat: libexpat: Denial of Service via infinite loop in DTD content parsing", + "Description": "libexpat before 2.7.5 allows an infinite loop while parsing DTD content.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32777", + "https://github.com/libexpat/libexpat/issues/1161", + "https://github.com/libexpat/libexpat/pull/1159", + "https://github.com/libexpat/libexpat/pull/1162", + "https://issues.oss-fuzz.com/issues/486993411", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32777", + "https://www.cve.org/CVERecord?id=CVE-2026-32777" + ], + "PublishedDate": "2026-03-16T14:19:44.78Z", + "LastModifiedDate": "2026-03-17T15:52:34.357Z" + }, + { + "VulnerabilityID": "CVE-2026-32778", + "PkgID": "libexpat@2.7.1-r0", + "PkgName": "libexpat", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libexpat@2.7.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "3f5e1118b4fa3f46" + }, + "InstalledVersion": "2.7.1-r0", + "FixedVersion": "2.7.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32778", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:cda34989eddfc80e09b4c6bd7fedd934f16eb48fc3b407376dc64ce3c5069094", + "Title": "libexpat: libexpat: Denial of Service via NULL pointer dereference after out-of-memory condition", + "Description": "libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32778", + "https://github.com/libexpat/libexpat/pull/1159", + "https://github.com/libexpat/libexpat/pull/1163", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32778", + "https://www.cve.org/CVERecord?id=CVE-2026-32778" + ], + "PublishedDate": "2026-03-16T14:19:44.97Z", + "LastModifiedDate": "2026-03-17T15:52:53.16Z" + }, + { + "VulnerabilityID": "CVE-2025-64720", + "PkgID": "libpng@1.6.47-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.47-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "e3b6a2717c0ec76d" + }, + "InstalledVersion": "1.6.47-r0", + "FixedVersion": "1.6.51-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64720", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:89ba8047de90184bf9349c387b68fdc9c06b0b862713cb75a8e834df7a9591b5", + "Title": "libpng: LIBPNG buffer overflow", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:0933", + "https://access.redhat.com/security/cve/CVE-2025-64720", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416904", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416907", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418711", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293", + "https://errata.almalinux.org/9/ALSA-2026-0933.html", + "https://errata.rockylinux.org/RLSA-2026:0238", + "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643", + "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643 (v1.6.51)", + "https://github.com/pnggroup/libpng/issues/686", + "https://github.com/pnggroup/libpng/pull/751", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww", + "https://linux.oracle.com/cve/CVE-2025-64720.html", + "https://linux.oracle.com/errata/ELSA-2026-0932.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-64720", + "https://ubuntu.com/security/notices/USN-7924-1", + "https://www.cve.org/CVERecord?id=CVE-2025-64720", + "https://www.openwall.com/lists/oss-security/2025/11/22/1" + ], + "PublishedDate": "2025-11-25T00:15:47.46Z", + "LastModifiedDate": "2025-11-26T18:35:18.253Z" + }, + { + "VulnerabilityID": "CVE-2025-65018", + "PkgID": "libpng@1.6.47-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.47-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "e3b6a2717c0ec76d" + }, + "InstalledVersion": "1.6.47-r0", + "FixedVersion": "1.6.51-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-65018", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:cd62ab93d1992f9714fdac65f7b6cde27bb8e34e9eaa61ef5d980da684e338a3", + "Title": "libpng: LIBPNG heap buffer overflow", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-122", + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:0933", + "https://access.redhat.com/security/cve/CVE-2025-65018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416904", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416907", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418711", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293", + "https://errata.almalinux.org/9/ALSA-2026-0933.html", + "https://errata.rockylinux.org/RLSA-2026:0238", + "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d", + "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d (v1.6.51)", + "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea", + "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea (v1.6.51)", + "https://github.com/pnggroup/libpng/issues/755", + "https://github.com/pnggroup/libpng/pull/757", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g", + "https://linux.oracle.com/cve/CVE-2025-65018.html", + "https://linux.oracle.com/errata/ELSA-2026-0932.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-65018", + "https://ubuntu.com/security/notices/USN-7924-1", + "https://www.cve.org/CVERecord?id=CVE-2025-65018", + "https://www.openwall.com/lists/oss-security/2025/11/22/1" + ], + "PublishedDate": "2025-11-25T00:15:47.61Z", + "LastModifiedDate": "2025-11-26T18:34:53.65Z" + }, + { + "VulnerabilityID": "CVE-2025-66293", + "PkgID": "libpng@1.6.47-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.47-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "e3b6a2717c0ec76d" + }, + "InstalledVersion": "1.6.47-r0", + "FixedVersion": "1.6.53-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-66293", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:53cd2c9b86c1a37a56785b479a0e4860cae144cb7dab7298a8227c1a9715f4e0", + "Title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/12/03/6", + "http://www.openwall.com/lists/oss-security/2025/12/03/7", + "http://www.openwall.com/lists/oss-security/2025/12/03/8", + "https://access.redhat.com/errata/RHSA-2026:0238", + "https://access.redhat.com/security/cve/CVE-2025-66293", + "https://bugzilla.redhat.com/2416904", + "https://bugzilla.redhat.com/2416907", + "https://bugzilla.redhat.com/2418711", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416904", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416907", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418711", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293", + "https://errata.almalinux.org/9/ALSA-2026-0238.html", + "https://errata.rockylinux.org/RLSA-2026:0238", + "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1", + "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a", + "https://github.com/pnggroup/libpng/issues/764", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f", + "https://linux.oracle.com/cve/CVE-2025-66293.html", + "https://linux.oracle.com/errata/ELSA-2026-0241.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-66293", + "https://ubuntu.com/security/notices/USN-7963-1", + "https://ubuntu.com/security/notices/USN-8035-1", + "https://www.cve.org/CVERecord?id=CVE-2025-66293" + ], + "PublishedDate": "2025-12-03T21:15:53.06Z", + "LastModifiedDate": "2025-12-16T19:12:50.35Z" + }, + { + "VulnerabilityID": "CVE-2026-22695", + "PkgID": "libpng@1.6.47-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.47-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "e3b6a2717c0ec76d" + }, + "InstalledVersion": "1.6.47-r0", + "FixedVersion": "1.6.54-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22695", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:20c24f50b535b0cebaae67286d586645520f35e70a94764297026285e2a16f45", + "Title": "libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "V3Score": 7.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3405", + "https://access.redhat.com/security/cve/CVE-2026-22695", + "https://bugzilla.redhat.com/2428824", + "https://bugzilla.redhat.com/2428825", + "https://bugzilla.redhat.com/2438542", + "https://bugzilla.redhat.com/show_bug.cgi?id=2428824", + "https://bugzilla.redhat.com/show_bug.cgi?id=2428825", + "https://bugzilla.redhat.com/show_bug.cgi?id=2438542", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646", + "https://errata.almalinux.org/9/ALSA-2026-3405.html", + "https://errata.rockylinux.org/RLSA-2026:3405", + "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea", + "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2", + "https://github.com/pnggroup/libpng/issues/778", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp", + "https://linux.oracle.com/cve/CVE-2026-22695.html", + "https://linux.oracle.com/errata/ELSA-2026-4728.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-22695", + "https://ubuntu.com/security/notices/USN-7963-1", + "https://ubuntu.com/security/notices/USN-8035-1", + "https://www.cve.org/CVERecord?id=CVE-2026-22695", + "https://www.openwall.com/lists/oss-security/2026/01/12/7" + ], + "PublishedDate": "2026-01-12T23:15:52.597Z", + "LastModifiedDate": "2026-01-21T18:58:55.787Z" + }, + { + "VulnerabilityID": "CVE-2026-22801", + "PkgID": "libpng@1.6.47-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.47-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "e3b6a2717c0ec76d" + }, + "InstalledVersion": "1.6.47-r0", + "FixedVersion": "1.6.54-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22801", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:bfbd41cb4f348f87584257428ad82583541deb202fc3a10dbfb21a6de71fcebb", + "Title": "libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125", + "CWE-190" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 6.6 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3405", + "https://access.redhat.com/security/cve/CVE-2026-22801", + "https://bugzilla.redhat.com/2428824", + "https://bugzilla.redhat.com/2428825", + "https://bugzilla.redhat.com/2438542", + "https://bugzilla.redhat.com/show_bug.cgi?id=2428824", + "https://bugzilla.redhat.com/show_bug.cgi?id=2428825", + "https://bugzilla.redhat.com/show_bug.cgi?id=2438542", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646", + "https://errata.almalinux.org/9/ALSA-2026-3405.html", + "https://errata.rockylinux.org/RLSA-2026:3405", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8", + "https://linux.oracle.com/cve/CVE-2026-22801.html", + "https://linux.oracle.com/errata/ELSA-2026-4728.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-22801", + "https://ubuntu.com/security/notices/USN-7963-1", + "https://ubuntu.com/security/notices/USN-8035-1", + "https://www.cve.org/CVERecord?id=CVE-2026-22801", + "https://www.openwall.com/lists/oss-security/2026/01/12/7" + ], + "PublishedDate": "2026-01-12T23:15:52.907Z", + "LastModifiedDate": "2026-01-21T18:58:18.27Z" + }, + { + "VulnerabilityID": "CVE-2026-25646", + "PkgID": "libpng@1.6.47-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.47-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "e3b6a2717c0ec76d" + }, + "InstalledVersion": "1.6.47-r0", + "FixedVersion": "1.6.55-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25646", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:896b52ceeca8b00f49cfa8fcb69f06b81a96257fbd73c8496f227df870144b3b", + "Title": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-122", + "CWE-126" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/02/09/7", + "https://access.redhat.com/errata/RHSA-2026:3405", + "https://access.redhat.com/security/cve/CVE-2026-25646", + "https://bugzilla.redhat.com/2428824", + "https://bugzilla.redhat.com/2428825", + "https://bugzilla.redhat.com/2438542", + "https://bugzilla.redhat.com/show_bug.cgi?id=2428824", + "https://bugzilla.redhat.com/show_bug.cgi?id=2428825", + "https://bugzilla.redhat.com/show_bug.cgi?id=2438542", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646", + "https://errata.almalinux.org/9/ALSA-2026-3405.html", + "https://errata.rockylinux.org/RLSA-2026:3405", + "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3", + "https://linux.oracle.com/cve/CVE-2026-25646.html", + "https://linux.oracle.com/errata/ELSA-2026-7032.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25646", + "https://ubuntu.com/security/notices/USN-8035-1", + "https://ubuntu.com/security/notices/USN-8039-1", + "https://ubuntu.com/security/notices/USN-8081-1", + "https://www.cve.org/CVERecord?id=CVE-2026-25646" + ], + "PublishedDate": "2026-02-10T18:16:37.817Z", + "LastModifiedDate": "2026-02-13T20:43:44.69Z" + }, + { + "VulnerabilityID": "CVE-2025-64505", + "PkgID": "libpng@1.6.47-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.47-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "e3b6a2717c0ec76d" + }, + "InstalledVersion": "1.6.47-r0", + "FixedVersion": "1.6.51-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64505", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:09e58162f85fe77d14ff3edbb670f880d6f8b024741770c539b587b85e42da3a", + "Title": "libpng: LIBPNG heap buffer overflow via malformed palette index", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-64505", + "https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37", + "https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37 (v1.6.51)", + "https://github.com/pnggroup/libpng/pull/748", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42", + "https://nvd.nist.gov/vuln/detail/CVE-2025-64505", + "https://ubuntu.com/security/notices/USN-7924-1", + "https://ubuntu.com/security/notices/USN-8081-1", + "https://www.cve.org/CVERecord?id=CVE-2025-64505", + "https://www.openwall.com/lists/oss-security/2025/11/22/1" + ], + "PublishedDate": "2025-11-25T00:15:47.133Z", + "LastModifiedDate": "2025-11-26T18:28:32.22Z" + }, + { + "VulnerabilityID": "CVE-2025-64506", + "PkgID": "libpng@1.6.47-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.47-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "e3b6a2717c0ec76d" + }, + "InstalledVersion": "1.6.47-r0", + "FixedVersion": "1.6.51-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64506", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:be63768c2b8660f68dd99397d69e189ba93d31c161435e7b5c71c3e9a2cd1f77", + "Title": "libpng: LIBPNG heap buffer over-read", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-64506", + "https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821", + "https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821 (v1.6.51)", + "https://github.com/pnggroup/libpng/pull/749", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6", + "https://nvd.nist.gov/vuln/detail/CVE-2025-64506", + "https://ubuntu.com/security/notices/USN-7924-1", + "https://www.cve.org/CVERecord?id=CVE-2025-64506", + "https://www.openwall.com/lists/oss-security/2025/11/22/1" + ], + "PublishedDate": "2025-11-25T00:15:47.3Z", + "LastModifiedDate": "2025-11-26T18:34:38.24Z" + }, + { + "VulnerabilityID": "CVE-2026-33416", + "PkgID": "libpng@1.6.47-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.47-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "e3b6a2717c0ec76d" + }, + "InstalledVersion": "1.6.47-r0", + "FixedVersion": "1.6.56-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33416", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:9f7d989650a1292db4e2c6b73befe2dc284a57fbe4c9777a03bfd491f8833062", + "Title": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, sharing a single allocation across two structs with independent lifetimes. The `trans_alpha` aliasing has been present since at least libpng 1.0, and the `palette` aliasing since at least 1.2.1. Both affect all prior release lines `png_set_tRNS` sets `png_ptr-\u003etrans_alpha = info_ptr-\u003etrans_alpha` (256-byte buffer) and `png_set_PLTE` sets `info_ptr-\u003epalette = png_ptr-\u003epalette` (768-byte buffer). In both cases, calling `png_free_data` (with `PNG_FREE_TRNS` or `PNG_FREE_PLTE`) frees the buffer through `info_ptr` while the corresponding `png_ptr` pointer remains dangling. Subsequent row-transform functions dereference and, in some code paths, write to the freed memory. A second call to `png_set_tRNS` or `png_set_PLTE` has the same effect, because both functions call `png_free_data` internally before reallocating the `info_ptr` buffer. Version 1.6.56 fixes the issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9693", + "https://access.redhat.com/security/cve/CVE-2026-33416", + "https://bugzilla.redhat.com/show_bug.cgi?id=2451805", + "https://bugzilla.redhat.com/show_bug.cgi?id=2451819", + "https://bugzilla.redhat.com/show_bug.cgi?id=2455897", + "https://bugzilla.redhat.com/show_bug.cgi?id=2455901", + "https://bugzilla.redhat.com/show_bug.cgi?id=2455908", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5731", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5732", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5734", + "https://errata.almalinux.org/9/ALSA-2026-9693.html", + "https://errata.rockylinux.org/RLSA-2026:8459", + "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb", + "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667", + "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25", + "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1", + "https://github.com/pnggroup/libpng/pull/824", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j", + "https://linux.oracle.com/cve/CVE-2026-33416.html", + "https://linux.oracle.com/errata/ELSA-2026-9693.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33416", + "https://ubuntu.com/security/notices/USN-8251-1", + "https://www.cve.org/CVERecord?id=CVE-2026-33416" + ], + "PublishedDate": "2026-03-26T17:16:38.443Z", + "LastModifiedDate": "2026-04-02T20:28:33.973Z" + }, + { + "VulnerabilityID": "CVE-2026-33636", + "PkgID": "libpng@1.6.47-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.47-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "e3b6a2717c0ec76d" + }, + "InstalledVersion": "1.6.47-r0", + "FixedVersion": "1.6.56-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33636", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:85c4bb85ae06060102b2ed8d32fe4d930f7e31818c9d57c05387052f17e636d9", + "Title": "libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the final iteration dereferences pointers before the start of the row buffer (OOB read) and writes expanded pixel data to the same underflowed positions (OOB write). This is reachable via normal decoding of attacker-controlled PNG input if Neon is enabled. Version 1.6.56 fixes the issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 7.6 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9693", + "https://access.redhat.com/security/cve/CVE-2026-33636", + "https://bugzilla.redhat.com/show_bug.cgi?id=2451819", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636", + "https://errata.almalinux.org/9/ALSA-2026-9693.html", + "https://errata.rockylinux.org/RLSA-2026:14791", + "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869", + "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2", + "https://linux.oracle.com/cve/CVE-2026-33636.html", + "https://linux.oracle.com/errata/ELSA-2026-9693.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33636", + "https://ubuntu.com/security/notices/USN-8251-1", + "https://www.cve.org/CVERecord?id=CVE-2026-33636" + ], + "PublishedDate": "2026-03-26T17:16:41.477Z", + "LastModifiedDate": "2026-04-02T18:42:02.667Z" + }, + { + "VulnerabilityID": "CVE-2026-34757", + "PkgID": "libpng@1.6.47-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.47-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "e3b6a2717c0ec76d" + }, + "InstalledVersion": "1.6.47-r0", + "FixedVersion": "1.6.57-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34757", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:191f1fc83b177480d326cff62c24dff23b2fd858f44d430dadc5bd7ec31b6e11", + "Title": "libpng: libpng: Information disclosure and data corruption via use-after-free vulnerability", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST back into the corresponding setter on the same png_struct/png_info pair causes the setter to read from freed memory and copy its contents into the replacement buffer. The setter frees the internal buffer before copying from the caller-supplied pointer, which now dangles. The freed region may contain stale data (producing silently corrupted chunk metadata) or data from subsequent heap allocations (leaking unrelated heap contents into the chunk struct). This vulnerability is fixed in 1.6.57.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-34757", + "https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a", + "https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc", + "https://github.com/pnggroup/libpng/issues/836", + "https://github.com/pnggroup/libpng/issues/837", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645", + "https://lists.debian.org/debian-lts-announce/2026/05/msg00017.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-34757", + "https://ubuntu.com/security/notices/USN-8251-1", + "https://www.cve.org/CVERecord?id=CVE-2026-34757" + ], + "PublishedDate": "2026-04-09T15:16:11.003Z", + "LastModifiedDate": "2026-05-13T23:07:51.863Z" + }, + { + "VulnerabilityID": "CVE-2025-69277", + "PkgID": "libsodium@1.0.20-r0", + "PkgName": "libsodium", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libsodium@1.0.20-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d13383d8fc4236f0" + }, + "InstalledVersion": "1.0.20-r0", + "FixedVersion": "1.0.20-r1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69277", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:9ffce9cbf57968b84ffec320cec3acfe4139bfc418076dd36f0268ff041186a6", + "Title": "libsodium: pynacl: libsodium: Improper validation of elliptic curve points could lead to data integrity or information disclosure.", + "Description": "libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-184" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", + "V3Score": 4.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", + "V3Score": 4.5 + } + }, + "References": [ + "https://00f.net/2025/12/30/libsodium-vulnerability", + "https://00f.net/2025/12/30/libsodium-vulnerability/", + "https://access.redhat.com/security/cve/CVE-2025-69277", + "https://github.com/FriendsOfPHP/security-advisories/blob/master/paragonie/sodium_compat/2025-12-30.yaml", + "https://github.com/hdwallet-io/python-hdwallet/pull/124", + "https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae", + "https://github.com/paragonie/sodium_compat", + "https://github.com/paragonie/sodium_compat/commit/2cb48f26130919f92f30650bdcc30e6f4ebe45ac", + "https://github.com/paragonie/sodium_compat/commit/4714da6efdc782c06690bc72ce34fae7941c2d9f", + "https://github.com/pyca/pynacl/commit/96314884d88d1089ff5f336dba61d7abbcddbbf7", + "https://github.com/pyca/pynacl/commit/ecf41f55a3d8f1e10ce89c61c4b4d67f3f4467cf", + "https://github.com/pyca/pynacl/issues/920", + "https://ianix.com/pub/ed25519-deployment.html", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00004.html", + "https://news.ycombinator.com/item?id=46435614", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69277", + "https://ubuntu.com/security/notices/USN-7949-1", + "https://www.cve.org/CVERecord?id=CVE-2025-69277" + ], + "PublishedDate": "2025-12-31T06:15:41.513Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2026-31789", + "PkgID": "libssl3@3.5.1-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "bba7017a0fcca05c" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:e43a59e88ab23eb5024bdf3cb0c416a3ed020931e517ddbfb21e2ca93dba467b", + "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", + "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "nvd": 4, + "photon": 4, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 5.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31789", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-j79m-9jxq-788r", + "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", + "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", + "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", + "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", + "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31789", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.617Z", + "LastModifiedDate": "2026-05-12T13:17:34.57Z" + }, + { + "VulnerabilityID": "CVE-2025-15467", + "PkgID": "libssl3@3.5.1-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "bba7017a0fcca05c" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:80ea5bbc6dec6b88f1277d1de53b0479c31924f07acdf46ac7538e8a0dc91c47", + "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", + "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 4, + "julia": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6", + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-15467", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", + "https://github.com/guiimoraes/CVE-2025-15467", + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://linux.oracle.com/cve/CVE-2025-15467.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-15467" + ], + "PublishedDate": "2026-01-27T16:16:14.257Z", + "LastModifiedDate": "2026-05-07T18:12:43.253Z" + }, + { + "VulnerabilityID": "CVE-2025-69421", + "PkgID": "libssl3@3.5.1-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "bba7017a0fcca05c" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:b412dd8f792aa31b86895486c25f263730d7f43ee09919a60c424a00d08d7482", + "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", + "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-69421", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://linux.oracle.com/cve/CVE-2025-69421.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69421" + ], + "PublishedDate": "2026-01-27T16:16:34.437Z", + "LastModifiedDate": "2026-05-12T13:17:26.71Z" + }, + { + "VulnerabilityID": "CVE-2026-28387", + "PkgID": "libssl3@3.5.1-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "bba7017a0fcca05c" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:83e1ab3f238ce205ff905ec10fba474ea7a5311e5c6c1eb0c79531d252215c52", + "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", + "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28387", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", + "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", + "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", + "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", + "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28387", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.7Z", + "LastModifiedDate": "2026-05-12T13:17:33.27Z" + }, + { + "VulnerabilityID": "CVE-2026-28388", + "PkgID": "libssl3@3.5.1-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "bba7017a0fcca05c" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:0dd2b285db12e9007da0bdd7424a0c522d5e0a1ad5f663025d255856493dca93", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", + "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28388", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", + "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", + "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", + "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", + "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28388", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.863Z", + "LastModifiedDate": "2026-05-12T13:17:33.453Z" + }, + { + "VulnerabilityID": "CVE-2026-28389", + "PkgID": "libssl3@3.5.1-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "bba7017a0fcca05c" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:2518a02b2e79098ae2e2d1b5e195f4e87bd3fb7cd5609f011c9cf96a856bd139", + "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28389", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/advisories/GHSA-7x88-9hgc-69gf", + "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", + "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", + "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", + "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", + "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28389", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.03Z", + "LastModifiedDate": "2026-05-12T13:17:33.637Z" + }, + { + "VulnerabilityID": "CVE-2026-28390", + "PkgID": "libssl3@3.5.1-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "bba7017a0fcca05c" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:e3d6ba5fc766fd0dcad84462a3454664d8bfc5d73618da27ace2463ce3b7510f", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28390", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", + "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", + "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", + "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", + "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28390", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.19Z", + "LastModifiedDate": "2026-05-12T13:17:33.81Z" + }, + { + "VulnerabilityID": "CVE-2025-11187", + "PkgID": "libssl3@3.5.1-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "bba7017a0fcca05c" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11187", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:844373c3015f48dd939a991339a10c354e61df8e94f54e858460b40652c67f58", + "Title": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file", + "Description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476", + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "julia": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-11187", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-hpc7-gcqm-58fv", + "https://github.com/metadust/CVE-2025-11187", + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://linux.oracle.com/cve/CVE-2025-11187.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-11187" + ], + "PublishedDate": "2026-01-27T16:16:14.093Z", + "LastModifiedDate": "2026-03-20T14:16:13.89Z" + }, + { + "VulnerabilityID": "CVE-2025-69419", + "PkgID": "libssl3@3.5.1-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "bba7017a0fcca05c" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:26ee5822a5cba9f08f2c506b7405da48485332454d0397e872253e7367f73e1a", + "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", + "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4472", + "https://access.redhat.com/security/cve/CVE-2025-69419", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-4472.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-x77r-97gw-wh89", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://linux.oracle.com/cve/CVE-2025-69419.html", + "https://linux.oracle.com/errata/ELSA-2026-50131.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69419" + ], + "PublishedDate": "2026-01-27T16:16:34.113Z", + "LastModifiedDate": "2026-05-12T13:17:26.19Z" + }, + { + "VulnerabilityID": "CVE-2025-9230", + "PkgID": "libssl3@3.5.1-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "bba7017a0fcca05c" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.4-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:3393a31fd9a462c566438dd64b9ffb645a6967ae64c39dfa39570d14aebb1817", + "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", + "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://access.redhat.com/errata/RHSA-2026:2776", + "https://access.redhat.com/security/cve/CVE-2025-9230", + "https://bugzilla.redhat.com/2396054", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", + "https://errata.almalinux.org/9/ALSA-2026-2776.html", + "https://errata.rockylinux.org/RLSA-2025:21255", + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://linux.oracle.com/cve/CVE-2025-9230.html", + "https://linux.oracle.com/errata/ELSA-2026-50114.html", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9230" + ], + "PublishedDate": "2025-09-30T14:15:41.05Z", + "LastModifiedDate": "2026-05-12T13:17:29.767Z" + }, + { + "VulnerabilityID": "CVE-2025-9231", + "PkgID": "libssl3@3.5.1-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "bba7017a0fcca05c" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.4-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:99563b830cfd15c814112071ef81ed8ca3427acc2ec353831798a97694b52d3e", + "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-385" + ], + "VendorSeverity": { + "amazon": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "http://www.openwall.com/lists/oss-security/2026/05/11/11", + "https://access.redhat.com/security/cve/CVE-2025-9231", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", + "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", + "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", + "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", + "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9231" + ], + "PublishedDate": "2025-09-30T14:15:41.19Z", + "LastModifiedDate": "2026-05-12T13:17:29.927Z" + }, + { + "VulnerabilityID": "CVE-2026-2673", + "PkgID": "libssl3@3.5.1-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "bba7017a0fcca05c" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2673", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:3de0bf83fb89d607e2b913af7a97bd345789be340d25fd56336afe0b634ef3b4", + "Title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group", + "Description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-757" + ], + "VendorSeverity": { + "amazon": 1, + "julia": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/13/3", + "https://access.redhat.com/security/cve/CVE-2026-2673", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-wj64-gh9j-xm82", + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", + "https://openssl-library.org/news/secadv/20260313.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-2673" + ], + "PublishedDate": "2026-03-13T19:54:34.033Z", + "LastModifiedDate": "2026-05-18T20:16:37.763Z" + }, + { + "VulnerabilityID": "CVE-2026-31790", + "PkgID": "libssl3@3.5.1-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "bba7017a0fcca05c" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:b0bfc4a0769fe2e6e6cd5016e1c088d980b563686e160cf2a840cac9922ea948", + "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", + "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31790", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", + "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", + "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", + "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", + "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", + "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31790", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.77Z", + "LastModifiedDate": "2026-05-12T13:17:34.75Z" + }, + { + "VulnerabilityID": "CVE-2025-49794", + "PkgID": "libxml2@2.13.8-r0", + "PkgName": "libxml2", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libxml2@2.13.8-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d157fbe9fab04a71" + }, + "InstalledVersion": "2.13.8-r0", + "FixedVersion": "2.13.9-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-49794", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:5619b802496b5a5bff2d89f4279f1959588a051ab9dee07987e137ccad19d241", + "Title": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)", + "Description": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-825" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 4, + "cbl-mariner": 4, + "oracle-oval": 3, + "photon": 4, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "V3Score": 9.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:10630", + "https://access.redhat.com/errata/RHSA-2025:10698", + "https://access.redhat.com/errata/RHSA-2025:10699", + "https://access.redhat.com/errata/RHSA-2025:11580", + "https://access.redhat.com/errata/RHSA-2025:12098", + "https://access.redhat.com/errata/RHSA-2025:12099", + "https://access.redhat.com/errata/RHSA-2025:12199", + "https://access.redhat.com/errata/RHSA-2025:12237", + "https://access.redhat.com/errata/RHSA-2025:12239", + "https://access.redhat.com/errata/RHSA-2025:12240", + "https://access.redhat.com/errata/RHSA-2025:12241", + "https://access.redhat.com/errata/RHSA-2025:13335", + "https://access.redhat.com/errata/RHSA-2025:15397", + "https://access.redhat.com/errata/RHSA-2025:15827", + "https://access.redhat.com/errata/RHSA-2025:15828", + "https://access.redhat.com/errata/RHSA-2025:18217", + "https://access.redhat.com/errata/RHSA-2025:18218", + "https://access.redhat.com/errata/RHSA-2025:18219", + "https://access.redhat.com/errata/RHSA-2025:18240", + "https://access.redhat.com/errata/RHSA-2025:19020", + "https://access.redhat.com/errata/RHSA-2025:19041", + "https://access.redhat.com/errata/RHSA-2025:19046", + "https://access.redhat.com/errata/RHSA-2025:19894", + "https://access.redhat.com/errata/RHSA-2025:21913", + "https://access.redhat.com/errata/RHSA-2026:0934", + "https://access.redhat.com/errata/RHSA-2026:7519", + "https://access.redhat.com/security/cve/CVE-2025-49794", + "https://bugzilla.redhat.com/2372373", + "https://bugzilla.redhat.com/2372385", + "https://bugzilla.redhat.com/2372406", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372373", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372385", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372406", + "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6021", + "https://errata.almalinux.org/9/ALSA-2025-10699.html", + "https://errata.rockylinux.org/RLSA-2025:10699", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931", + "https://linux.oracle.com/cve/CVE-2025-49794.html", + "https://linux.oracle.com/errata/ELSA-2025-12240.html", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-49794", + "https://ubuntu.com/security/notices/USN-7694-1", + "https://www.cve.org/CVERecord?id=CVE-2025-49794" + ], + "PublishedDate": "2025-06-16T16:15:18.997Z", + "LastModifiedDate": "2026-05-12T13:17:20.283Z" + }, + { + "VulnerabilityID": "CVE-2025-49795", + "PkgID": "libxml2@2.13.8-r0", + "PkgName": "libxml2", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libxml2@2.13.8-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d157fbe9fab04a71" + }, + "InstalledVersion": "2.13.8-r0", + "FixedVersion": "2.13.9-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-49795", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:e7a2caf290b703c7f73f5f614b9c69c592956c86f7499f5180d610ab51c05115", + "Title": "libxml: Null pointer dereference leads to Denial of service (DoS)", + "Description": "A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-825" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:10630", + "https://access.redhat.com/errata/RHSA-2025:19020", + "https://access.redhat.com/errata/RHSA-2026:7519", + "https://access.redhat.com/security/cve/CVE-2025-49795", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372373", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372385", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6021", + "https://errata.rockylinux.org/RLSA-2025:10630", + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/24d7e15914588cb45e7fb41cbe4fcf785e1a4861 (master)", + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/499bcb78ab389f60c2fd634ce410d4bb85c18765 (master)", + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/c24909ba2601848825b49a60f988222da3019667 (2.14)", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/932", + "https://linux.oracle.com/cve/CVE-2025-49795.html", + "https://linux.oracle.com/errata/ELSA-2025-10630.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-49795", + "https://www.cve.org/CVERecord?id=CVE-2025-49795" + ], + "PublishedDate": "2025-06-16T16:15:19.203Z", + "LastModifiedDate": "2026-04-19T20:16:21.54Z" + }, + { + "VulnerabilityID": "CVE-2025-49796", + "PkgID": "libxml2@2.13.8-r0", + "PkgName": "libxml2", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libxml2@2.13.8-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d157fbe9fab04a71" + }, + "InstalledVersion": "2.13.8-r0", + "FixedVersion": "2.13.9-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-49796", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:7f542290951949e805740ecf5ae61d77a01a3d6d991d1a3dff9518d8450b7462", + "Title": "libxml: Type confusion leads to Denial of service (DoS)", + "Description": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 4, + "cbl-mariner": 4, + "oracle-oval": 3, + "photon": 4, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "V3Score": 9.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:10630", + "https://access.redhat.com/errata/RHSA-2025:10698", + "https://access.redhat.com/errata/RHSA-2025:10699", + "https://access.redhat.com/errata/RHSA-2025:11580", + "https://access.redhat.com/errata/RHSA-2025:12098", + "https://access.redhat.com/errata/RHSA-2025:12099", + "https://access.redhat.com/errata/RHSA-2025:12199", + "https://access.redhat.com/errata/RHSA-2025:12237", + "https://access.redhat.com/errata/RHSA-2025:12239", + "https://access.redhat.com/errata/RHSA-2025:12240", + "https://access.redhat.com/errata/RHSA-2025:12241", + "https://access.redhat.com/errata/RHSA-2025:13267", + "https://access.redhat.com/errata/RHSA-2025:13335", + "https://access.redhat.com/errata/RHSA-2025:15397", + "https://access.redhat.com/errata/RHSA-2025:15827", + "https://access.redhat.com/errata/RHSA-2025:15828", + "https://access.redhat.com/errata/RHSA-2025:18217", + "https://access.redhat.com/errata/RHSA-2025:18218", + "https://access.redhat.com/errata/RHSA-2025:18219", + "https://access.redhat.com/errata/RHSA-2025:18240", + "https://access.redhat.com/errata/RHSA-2025:19020", + "https://access.redhat.com/errata/RHSA-2025:19041", + "https://access.redhat.com/errata/RHSA-2025:19046", + "https://access.redhat.com/errata/RHSA-2025:19894", + "https://access.redhat.com/errata/RHSA-2025:21913", + "https://access.redhat.com/errata/RHSA-2026:0934", + "https://access.redhat.com/errata/RHSA-2026:7519", + "https://access.redhat.com/security/cve/CVE-2025-49796", + "https://bugzilla.redhat.com/2372373", + "https://bugzilla.redhat.com/2372385", + "https://bugzilla.redhat.com/2372406", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372373", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372385", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372406", + "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6021", + "https://errata.almalinux.org/9/ALSA-2025-10699.html", + "https://errata.rockylinux.org/RLSA-2025:10699", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933", + "https://linux.oracle.com/cve/CVE-2025-49796.html", + "https://linux.oracle.com/errata/ELSA-2025-12240.html", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-49796", + "https://ubuntu.com/security/notices/USN-7694-1", + "https://www.cve.org/CVERecord?id=CVE-2025-49796" + ], + "PublishedDate": "2025-06-16T16:15:19.37Z", + "LastModifiedDate": "2026-05-12T13:17:20.66Z" + }, + { + "VulnerabilityID": "CVE-2025-6021", + "PkgID": "libxml2@2.13.8-r0", + "PkgName": "libxml2", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libxml2@2.13.8-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d157fbe9fab04a71" + }, + "InstalledVersion": "2.13.8-r0", + "FixedVersion": "2.13.9-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-6021", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:de20ae4d61be7017962e46cbd5a0f0f1bc3bf527ac867db7fc1ebe55bf318882", + "Title": "libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2", + "Description": "A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "bitnami": 3, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:10630", + "https://access.redhat.com/errata/RHSA-2025:10698", + "https://access.redhat.com/errata/RHSA-2025:10699", + "https://access.redhat.com/errata/RHSA-2025:11580", + "https://access.redhat.com/errata/RHSA-2025:11673", + "https://access.redhat.com/errata/RHSA-2025:12098", + "https://access.redhat.com/errata/RHSA-2025:12099", + "https://access.redhat.com/errata/RHSA-2025:12199", + "https://access.redhat.com/errata/RHSA-2025:12237", + "https://access.redhat.com/errata/RHSA-2025:12239", + "https://access.redhat.com/errata/RHSA-2025:12240", + "https://access.redhat.com/errata/RHSA-2025:12241", + "https://access.redhat.com/errata/RHSA-2025:13267", + "https://access.redhat.com/errata/RHSA-2025:13289", + "https://access.redhat.com/errata/RHSA-2025:13325", + "https://access.redhat.com/errata/RHSA-2025:13335", + "https://access.redhat.com/errata/RHSA-2025:13336", + "https://access.redhat.com/errata/RHSA-2025:14059", + "https://access.redhat.com/errata/RHSA-2025:14396", + "https://access.redhat.com/errata/RHSA-2025:15308", + "https://access.redhat.com/errata/RHSA-2025:15672", + "https://access.redhat.com/errata/RHSA-2025:19020", + "https://access.redhat.com/errata/RHSA-2026:7519", + "https://access.redhat.com/security/cve/CVE-2025-6021", + "https://bugzilla.redhat.com/2372373", + "https://bugzilla.redhat.com/2372385", + "https://bugzilla.redhat.com/2372406", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372373", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372385", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372406", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6021", + "https://errata.almalinux.org/9/ALSA-2025-10699.html", + "https://errata.rockylinux.org/RLSA-2025:10699", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/926", + "https://linux.oracle.com/cve/CVE-2025-6021.html", + "https://linux.oracle.com/errata/ELSA-2025-12240.html", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-6021", + "https://ubuntu.com/security/notices/USN-7694-1", + "https://www.cve.org/CVERecord?id=CVE-2025-6021" + ], + "PublishedDate": "2025-06-12T13:15:25.59Z", + "LastModifiedDate": "2026-05-12T13:17:27.99Z" + }, + { + "VulnerabilityID": "CVE-2026-25835", + "PkgID": "mbedtls@3.6.4-r0", + "PkgName": "mbedtls", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "fd9fb762c16491f4" + }, + "InstalledVersion": "3.6.4-r0", + "FixedVersion": "3.6.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25835", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:fe224ae5328b3d5b343b9ee9fcdecdaa118ef9b299a3a10b286b3afb0a9d903e", + "Title": "Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a ...", + "Description": "Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-335" + ], + "VendorSeverity": { + "julia": 3 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.7 + } + }, + "References": [ + "https://mbed-tls.readthedocs.io/en/latest/security-advisories/", + "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-rng-cloning/" + ], + "PublishedDate": "2026-04-01T19:16:28.663Z", + "LastModifiedDate": "2026-04-06T14:29:47Z" + }, + { + "VulnerabilityID": "CVE-2025-54764", + "PkgID": "mbedtls@3.6.4-r0", + "PkgName": "mbedtls", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "fd9fb762c16491f4" + }, + "InstalledVersion": "3.6.4-r0", + "FixedVersion": "3.6.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-54764", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:d0491a35b5431e70b4309f981ba7dbbc6535f6ba13e76b1703e72f0a614930be", + "Title": "Mbed TLS before 3.6.5 allows a local timing attack against certain RSA ...", + "Description": "Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-208" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "https://github.com/Mbed-TLS/mbedtls/compare/246d86b941ef2d2bdeabd7035efe7200bc609b91..30f073236922fe4e528fdf82eb442babb50516fa", + "https://github.com/Mbed-TLS/mbedtls/compare/246d86b941ef2d2bdeabd7035efe7200bc609b91..a08faf90700e46f6aa2a6e3fee8a6a71ddb816ce", + "https://github.com/Mbed-TLS/mbedtls/compare/8f4779c6fa40374f88404787bebad85cc7e9969b..eb346801263ba4612b5e29633bd55fe18943ca65", + "https://github.com/Mbed-TLS/mbedtls/compare/9b54f934588bc373f3c3f5d45b5a3ad0ae003082..99270322ffac3546f813b1069fd6efb667cdce3f", + "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-ssbleed-mstep/", + "https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/", + "https://www.cve.org/CVERecord?id=CVE-2025-54764" + ], + "PublishedDate": "2025-10-20T22:15:37.06Z", + "LastModifiedDate": "2025-10-31T15:09:59.62Z" + }, + { + "VulnerabilityID": "CVE-2025-59438", + "PkgID": "mbedtls@3.6.4-r0", + "PkgName": "mbedtls", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "fd9fb762c16491f4" + }, + "InstalledVersion": "3.6.4-r0", + "FixedVersion": "3.6.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-59438", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:9f6240710d82b7dd066112eff7e57dbc69a41baf591e9833ab6f9945a9008ef2", + "Title": "Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.", + "Description": "Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-208" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-invalid-padding-error/", + "https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/", + "https://www.cve.org/CVERecord?id=CVE-2025-59438" + ], + "PublishedDate": "2025-10-21T15:15:39.103Z", + "LastModifiedDate": "2025-10-23T12:35:35.187Z" + }, + { + "VulnerabilityID": "CVE-2026-25834", + "PkgID": "mbedtls@3.6.4-r0", + "PkgName": "mbedtls", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "fd9fb762c16491f4" + }, + "InstalledVersion": "3.6.4-r0", + "FixedVersion": "3.6.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25834", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:94cbccc927454496757ab7eba02f13046592de395c96fbee42c2177f4d6f9abd", + "Title": "mbedtls: Mbed TLS: Algorithm downgrade vulnerability", + "Description": "Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295", + "CWE-327" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-25834", + "https://mbed-tls.readthedocs.io/en/latest/security-advisories/", + "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-sigalg-injection/", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25834", + "https://www.cve.org/CVERecord?id=CVE-2026-25834" + ], + "PublishedDate": "2026-04-01T18:16:28.127Z", + "LastModifiedDate": "2026-04-06T14:17:14.727Z" + }, + { + "VulnerabilityID": "CVE-2026-40200", + "PkgID": "musl@1.2.5-r10", + "PkgName": "musl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r10?arch=x86_64\u0026distro=3.22.1", + "UID": "55e7e479f5580f45" + }, + "InstalledVersion": "1.2.5-r10", + "FixedVersion": "1.2.5-r12", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:32f07fc8acc8067f153891712efa3c4dc2378f1eec0866b3923617d537e486cd", + "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", + "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-670" + ], + "VendorSeverity": { + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/10/13", + "https://access.redhat.com/security/cve/CVE-2026-40200", + "https://musl.libc.org/releases.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", + "https://www.cve.org/CVERecord?id=CVE-2026-40200", + "https://www.openwall.com/lists/oss-security/2026/04/10/13" + ], + "PublishedDate": "2026-04-10T17:17:14.107Z", + "LastModifiedDate": "2026-04-27T19:18:46.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6042", + "PkgID": "musl@1.2.5-r10", + "PkgName": "musl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r10?arch=x86_64\u0026distro=3.22.1", + "UID": "55e7e479f5580f45" + }, + "InstalledVersion": "1.2.5-r10", + "FixedVersion": "1.2.5-r11", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:2afc541de1333f8be4041e2151dcf11e22e589886e171f62a8c4d39738350473", + "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", + "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-404", + "CWE-407" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/09/19", + "https://access.redhat.com/security/cve/CVE-2026-6042", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", + "https://vuldb.com/submit/796352", + "https://vuldb.com/vuln/356620", + "https://vuldb.com/vuln/356620/cti", + "https://www.cve.org/CVERecord?id=CVE-2026-6042", + "https://www.openwall.com/lists/oss-security/2026/04/02/10", + "https://www.openwall.com/lists/oss-security/2026/04/03/2" + ], + "PublishedDate": "2026-04-10T09:16:25.45Z", + "LastModifiedDate": "2026-04-24T18:01:13.913Z" + }, + { + "VulnerabilityID": "CVE-2026-40200", + "PkgID": "musl-utils@1.2.5-r10", + "PkgName": "musl-utils", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r10?arch=x86_64\u0026distro=3.22.1", + "UID": "73256102bfd5faee" + }, + "InstalledVersion": "1.2.5-r10", + "FixedVersion": "1.2.5-r12", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ce1237873e387342e1a346e876f5ee2f669dbda156eb48292a4b5bb695beecc7", + "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", + "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-670" + ], + "VendorSeverity": { + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/10/13", + "https://access.redhat.com/security/cve/CVE-2026-40200", + "https://musl.libc.org/releases.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", + "https://www.cve.org/CVERecord?id=CVE-2026-40200", + "https://www.openwall.com/lists/oss-security/2026/04/10/13" + ], + "PublishedDate": "2026-04-10T17:17:14.107Z", + "LastModifiedDate": "2026-04-27T19:18:46.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6042", + "PkgID": "musl-utils@1.2.5-r10", + "PkgName": "musl-utils", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r10?arch=x86_64\u0026distro=3.22.1", + "UID": "73256102bfd5faee" + }, + "InstalledVersion": "1.2.5-r10", + "FixedVersion": "1.2.5-r11", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:50a75a2bcafe2d01f8540b41f62fdbe1c6b119012f3295c99bbf51ba084f3fe1", + "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", + "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-404", + "CWE-407" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/09/19", + "https://access.redhat.com/security/cve/CVE-2026-6042", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", + "https://vuldb.com/submit/796352", + "https://vuldb.com/vuln/356620", + "https://vuldb.com/vuln/356620/cti", + "https://www.cve.org/CVERecord?id=CVE-2026-6042", + "https://www.openwall.com/lists/oss-security/2026/04/02/10", + "https://www.openwall.com/lists/oss-security/2026/04/03/2" + ], + "PublishedDate": "2026-04-10T09:16:25.45Z", + "LastModifiedDate": "2026-04-24T18:01:13.913Z" + }, + { + "VulnerabilityID": "CVE-2025-58050", + "PkgID": "pcre2@10.43-r1", + "PkgName": "pcre2", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/pcre2@10.43-r1?arch=x86_64\u0026distro=3.22.1", + "UID": "286dcfd16f9648c3" + }, + "InstalledVersion": "10.43-r1", + "FixedVersion": "10.46-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58050", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:62478b9b49a8059f2fe125d42da065b25c168f399c2c3b16e0eeb4bd32b53e5d", + "Title": "pcre2: PCRE2: heap-buffer-overflow read in match_ref due to missing boundary restoration in SCS", + "Description": "The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-122", + "CWE-125", + "CWE-787" + ], + "VendorSeverity": { + "julia": 2, + "nvd": 4, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:L", + "V40Score": 6.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-58050", + "https://github.com/PCRE2Project/pcre2/commit/a141712e5967d448c7ce13090ab530c8e3d82254", + "https://github.com/PCRE2Project/pcre2/releases/tag/pcre2-10.46", + "https://github.com/PCRE2Project/pcre2/security/advisories/GHSA-c2gv-xgf5-5cc2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58050", + "https://ubuntu.com/security/notices/USN-7777-1", + "https://www.cve.org/CVERecord?id=CVE-2025-58050" + ], + "PublishedDate": "2025-08-27T19:15:37.56Z", + "LastModifiedDate": "2025-09-09T15:27:39.573Z" + }, + { + "VulnerabilityID": "CVE-2024-58251", + "PkgID": "ssl_client@1.37.0-r18", + "PkgName": "ssl_client", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r18?arch=x86_64\u0026distro=3.22.1", + "UID": "24ada6e59ed92743" + }, + "InstalledVersion": "1.37.0-r18", + "FixedVersion": "1.37.0-r20", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:5cf8db6e291078255b54f92483c51ff776e7e19365ceaf6e5f278e20e7f0d6a0", + "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", + "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/23/6", + "https://bugs.busybox.net/show_bug.cgi?id=15922", + "https://www.busybox.net", + "https://www.busybox.net/downloads/", + "https://www.cve.org/CVERecord?id=CVE-2024-58251" + ], + "PublishedDate": "2025-04-23T18:16:03.057Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2026-34743", + "PkgID": "xz-libs@5.8.1-r0", + "PkgName": "xz-libs", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/xz-libs@5.8.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "8bd18e17467b35f2" + }, + "InstalledVersion": "5.8.1-r0", + "FixedVersion": "5.8.3-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", + "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34743", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:383cc927609138c7e73c67cee779152e6bac1c696c27c5540c1490d5d4fb468d", + "Title": "xz: XZ Utils: Denial of Service via buffer overflow in index decoding", + "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/31/13", + "https://access.redhat.com/security/cve/CVE-2026-34743", + "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", + "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", + "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", + "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", + "https://www.cve.org/CVERecord?id=CVE-2026-34743" + ], + "PublishedDate": "2026-04-02T19:21:33.187Z", + "LastModifiedDate": "2026-04-15T17:33:17.68Z" + }, + { + "VulnerabilityID": "CVE-2026-22184", + "PkgID": "zlib@1.3.1-r2", + "PkgName": "zlib", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.22.1", + "UID": "23095b6210429e11" + }, + "InstalledVersion": "1.3.1-r2", + "FixedVersion": "1.3.2-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22184", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:a2692ba9a588413e2fdd4093df3fa3c8c5e4abfbf4204a5bf916dd4d1bfd6759", + "Title": "zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility", + "Description": "zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "nvd": 3, + "redhat": 3 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 8.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-22184", + "https://github.com/madler/zlib", + "https://github.com/madler/zlib/issues/1142", + "https://nvd.nist.gov/vuln/detail/CVE-2026-22184", + "https://seclists.org/fulldisclosure/2026/Jan/3", + "https://www.cve.org/CVERecord?id=CVE-2026-22184", + "https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname", + "https://zlib.net/" + ], + "PublishedDate": "2026-01-07T21:16:01.563Z", + "LastModifiedDate": "2026-03-18T16:26:31.14Z" + }, + { + "VulnerabilityID": "CVE-2026-27171", + "PkgID": "zlib@1.3.1-r2", + "PkgName": "zlib", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.22.1", + "UID": "23095b6210429e11" + }, + "InstalledVersion": "1.3.1-r2", + "FixedVersion": "1.3.2-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:b82ef2c6312fabb5760940297ff062c6578a76126bab5fec7de24dc6716b6566", + "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", + "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1284" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 1, + "cbl-mariner": 1, + "julia": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://access.redhat.com/security/cve/CVE-2026-27171", + "https://github.com/advisories/GHSA-h858-mf2m-8jf4", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "https://ostif.org/zlib-audit-complete", + "https://ostif.org/zlib-audit-complete/", + "https://www.cve.org/CVERecord?id=CVE-2026-27171" + ], + "PublishedDate": "2026-02-18T04:16:01.263Z", + "LastModifiedDate": "2026-03-25T21:27:04.603Z" + } + ] + }, + { + "Target": "app/m3uproxy", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "stdlib@v1.24.0", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "Version": "v1.24.0", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/a13labs/m3uproxy", + "Name": "github.com/a13labs/m3uproxy", + "Identifier": { + "PURL": "pkg:golang/github.com/a13labs/m3uproxy", + "UID": "e82f25e8ebf9f697" + }, + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/andybalholm/brotli@v1.1.1", + "Name": "github.com/andybalholm/brotli", + "Identifier": { + "PURL": "pkg:golang/github.com/andybalholm/brotli@v1.1.1", + "UID": "aa21bb14c4db0ed5" + }, + "Version": "v1.1.1", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/elnormous/contenttype@v1.0.4", + "Name": "github.com/elnormous/contenttype", + "Identifier": { + "PURL": "pkg:golang/github.com/elnormous/contenttype@v1.0.4", + "UID": "b39c7440c0c72ca6" + }, + "Version": "v1.0.4", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang-jwt/jwt/v5@v5.2.2", + "Name": "github.com/golang-jwt/jwt/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/golang-jwt/jwt/v5@v5.2.2", + "UID": "60c4aee87dd7e365" + }, + "Version": "v5.2.2", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gorilla/mux@v1.8.1", + "Name": "github.com/gorilla/mux", + "Identifier": { + "PURL": "pkg:golang/github.com/gorilla/mux@v1.8.1", + "UID": "3eb0f1da81c9a6d3" + }, + "Version": "v1.8.1", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/klauspost/compress@v1.18.0", + "Name": "github.com/klauspost/compress", + "Identifier": { + "PURL": "pkg:golang/github.com/klauspost/compress@v1.18.0", + "UID": "f7dc88e03d48242d" + }, + "Version": "v1.18.0", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/oschwald/geoip2-golang@v1.11.0", + "Name": "github.com/oschwald/geoip2-golang", + "Identifier": { + "PURL": "pkg:golang/github.com/oschwald/geoip2-golang@v1.11.0", + "UID": "50840e6e6e5c39" + }, + "Version": "v1.11.0", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/oschwald/maxminddb-golang@v1.13.0", + "Name": "github.com/oschwald/maxminddb-golang", + "Identifier": { + "PURL": "pkg:golang/github.com/oschwald/maxminddb-golang@v1.13.0", + "UID": "92493563d0441048" + }, + "Version": "v1.13.0", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/sirupsen/logrus@v1.9.3", + "Name": "github.com/sirupsen/logrus", + "Identifier": { + "PURL": "pkg:golang/github.com/sirupsen/logrus@v1.9.3", + "UID": "459fb477a256bc9a" + }, + "Version": "v1.9.3", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/cobra@v1.8.1", + "Name": "github.com/spf13/cobra", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/cobra@v1.8.1", + "UID": "ca6997cd33fe5e87" + }, + "Version": "v1.8.1", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/pflag@v1.0.5", + "Name": "github.com/spf13/pflag", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.5", + "UID": "91607759da97b0c6" + }, + "Version": "v1.0.5", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/unki2aut/go-xsd-types@v0.0.0-20200220223938-30e5405398f8", + "Name": "github.com/unki2aut/go-xsd-types", + "Identifier": { + "PURL": "pkg:golang/github.com/unki2aut/go-xsd-types@v0.0.0-20200220223938-30e5405398f8", + "UID": "5ec43ffe612284c7" + }, + "Version": "v0.0.0-20200220223938-30e5405398f8", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/valyala/bytebufferpool@v1.0.0", + "Name": "github.com/valyala/bytebufferpool", + "Identifier": { + "PURL": "pkg:golang/github.com/valyala/bytebufferpool@v1.0.0", + "UID": "4e6e6c311a90edfe" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/valyala/fasthttp@v1.60.0", + "Name": "github.com/valyala/fasthttp", + "Identifier": { + "PURL": "pkg:golang/github.com/valyala/fasthttp@v1.60.0", + "UID": "25a63296535f58be" + }, + "Version": "v1.60.0", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/net@v0.38.0", + "Name": "golang.org/x/net", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.38.0", + "UID": "f7a8718f20faf776" + }, + "Version": "v0.38.0", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sys@v0.31.0", + "Name": "golang.org/x/sys", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sys@v0.31.0", + "UID": "c62d9fb9c5818707" + }, + "Version": "v0.31.0", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/text@v0.23.0", + "Name": "golang.org/x/text", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/text@v0.23.0", + "UID": "a97e78ba9de0c52e" + }, + "Version": "v0.23.0", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2025-68121", + "VendorIDs": [ + "GO-2026-4337" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:65609583a3c1102cd3ecf73c562514e5f58dc8a2c095c5c913b0e26c002603f6", + "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", + "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 4, + "cbl-mariner": 2, + "nvd": 4, + "oracle-oval": 3, + "photon": 4, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-68121", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://github.com/golang/go/issues/77113", + "https://go.dev/cl/737700", + "https://go.dev/issue/77217", + "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-68121.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", + "https://pkg.go.dev/vuln/GO-2026-4337", + "https://www.cve.org/CVERecord?id=CVE-2025-68121" + ], + "PublishedDate": "2026-02-05T18:16:10.857Z", + "LastModifiedDate": "2026-04-29T14:16:16.17Z" + }, + { + "VulnerabilityID": "CVE-2025-22874", + "VendorIDs": [ + "GO-2025-3749" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22874", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1c2d7048c5f2a36b74a4e8e02372379c40d585dfd6c08918ee1444fb1182f806", + "Title": "crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509", + "Description": "Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.", + "Severity": "HIGH", + "VendorSeverity": { + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "redhat": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22874", + "https://go.dev/cl/670375", + "https://go.dev/issue/73612", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22874", + "https://pkg.go.dev/vuln/GO-2025-3749", + "https://www.cve.org/CVERecord?id=CVE-2025-22874" + ], + "PublishedDate": "2025-06-11T17:15:42.167Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61726", + "VendorIDs": [ + "GO-2026-4341" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:0d3b909e4296e46f8257f1b95d0a4df7d8ffa4f290a752be61301f0bcb03a8c8", + "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", + "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 3, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-61726", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://go.dev/cl/736712", + "https://go.dev/issue/77101", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61726.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", + "https://pkg.go.dev/vuln/GO-2026-4341", + "https://www.cve.org/CVERecord?id=CVE-2025-61726" + ], + "PublishedDate": "2026-01-28T20:16:09.713Z", + "LastModifiedDate": "2026-02-06T18:47:34.52Z" + }, + { + "VulnerabilityID": "CVE-2025-61729", + "VendorIDs": [ + "GO-2025-4155" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:99970e3664e99ddc9bf2f50c827c32544977a2265ea807e2a5df8a9df3410258", + "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", + "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 1, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3928", + "https://access.redhat.com/security/cve/CVE-2025-61729", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3928.html", + "https://errata.rockylinux.org/RLSA-2026:3928", + "https://go.dev/cl/725920", + "https://go.dev/issue/76445", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://linux.oracle.com/cve/CVE-2025-61729.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", + "https://pkg.go.dev/vuln/GO-2025-4155", + "https://www.cve.org/CVERecord?id=CVE-2025-61729" + ], + "PublishedDate": "2025-12-02T19:15:51.447Z", + "LastModifiedDate": "2025-12-19T18:25:28.283Z" + }, + { + "VulnerabilityID": "CVE-2026-25679", + "VendorIDs": [ + "GO-2026-4601" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a4dfc198d480876c9ffe40782e9895cda84c0c2a65808f6a68438110342d43e8", + "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", + "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-425" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9044", + "https://access.redhat.com/security/cve/CVE-2026-25679", + "https://bugzilla.redhat.com/2445356", + "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", + "https://errata.almalinux.org/9/ALSA-2026-9044.html", + "https://errata.rockylinux.org/RLSA-2026:8841", + "https://go.dev/cl/752180", + "https://go.dev/issue/77578", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://linux.oracle.com/cve/CVE-2026-25679.html", + "https://linux.oracle.com/errata/ELSA-2026-9044.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", + "https://pkg.go.dev/vuln/GO-2026-4601", + "https://www.cve.org/CVERecord?id=CVE-2026-25679" + ], + "PublishedDate": "2026-03-06T22:16:00.72Z", + "LastModifiedDate": "2026-04-21T14:43:03.8Z" + }, + { + "VulnerabilityID": "CVE-2026-32280", + "VendorIDs": [ + "GO-2026-4947" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:894c885a2daa89a312dc78b3a5273d31f8a015ff354dee9757b5a457c284e91d", + "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", + "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32280", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/758320", + "https://go.dev/issue/78282", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32280.html", + "https://linux.oracle.com/errata/ELSA-2026-16875.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", + "https://pkg.go.dev/vuln/GO-2026-4947", + "https://www.cve.org/CVERecord?id=CVE-2026-32280" + ], + "PublishedDate": "2026-04-08T02:16:03.247Z", + "LastModifiedDate": "2026-04-16T19:16:42.18Z" + }, + { + "VulnerabilityID": "CVE-2026-32281", + "VendorIDs": [ + "GO-2026-4946" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:450874959519c58b34b3009c1c5d7a7dbc1fd5fc6e5c7f742a425acc53c18f01", + "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", + "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32281", + "https://go.dev/cl/758061", + "https://go.dev/issue/78281", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", + "https://pkg.go.dev/vuln/GO-2026-4946", + "https://www.cve.org/CVERecord?id=CVE-2026-32281" + ], + "PublishedDate": "2026-04-08T02:16:03.35Z", + "LastModifiedDate": "2026-04-16T19:15:57.75Z" + }, + { + "VulnerabilityID": "CVE-2026-32283", + "VendorIDs": [ + "GO-2026-4870" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4eed36f53c0244e01fcce449dc1eeb366b34c1de08b1764b510986d362427007", + "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", + "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32283", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763767", + "https://go.dev/issue/78334", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32283.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", + "https://pkg.go.dev/vuln/GO-2026-4870", + "https://www.cve.org/CVERecord?id=CVE-2026-32283" + ], + "PublishedDate": "2026-04-08T02:16:03.58Z", + "LastModifiedDate": "2026-04-16T19:12:10.54Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1b0791d4a45ee4b88dfd253ad2aa711e28d864f6cdd20da4eef19e519f7c0f5f", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4c7b7e3cf7e3fe1ffc5603637cd6ad4c4c08333080d9db4baeb42cf08298e401", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4dda448053c5224f6f1a4a78923c5181f8f1715165a7e0b763e434bdd0518bce", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:70e036f33704ee31fef244083923e01a2a7d026e04022aa42bfc022e8a62929d", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:511acf869e9bb6f0fecef9ad37575b0e45e63a134d2452f080a438501ed79b26", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2025-0913", + "VendorIDs": [ + "GO-2025-3750" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a465d8da16659b70614c2b0a32a3081c331a19ae277bff8c677eaafa84ce3b29", + "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", + "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://go.dev/cl/672396", + "https://go.dev/issue/73702", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", + "https://pkg.go.dev/vuln/GO-2025-3750" + ], + "PublishedDate": "2025-06-11T18:15:24.627Z", + "LastModifiedDate": "2025-08-08T14:53:03.55Z" + }, + { + "VulnerabilityID": "CVE-2025-22870", + "VendorIDs": [ + "GHSA-qxp5-gwg8-xv66", + "GO-2025-3503" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.23.7, 1.24.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:08d19842b24eeb3732d1212f70ac78ac802b3b371fc3d6657113f50bb6cd91a2", + "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", + "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-115" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/03/07/2", + "https://access.redhat.com/security/cve/CVE-2025-22870", + "https://github.com/golang/go/issues/71984", + "https://go-review.googlesource.com/q/project:net", + "https://go.dev/cl/654697", + "https://go.dev/issue/71984", + "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", + "https://pkg.go.dev/vuln/GO-2025-3503", + "https://security.netapp.com/advisory/ntap-20250509-0007", + "https://security.netapp.com/advisory/ntap-20250509-0007/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22870" + ], + "PublishedDate": "2025-03-12T19:15:38.31Z", + "LastModifiedDate": "2026-04-16T23:16:32.86Z" + }, + { + "VulnerabilityID": "CVE-2025-22871", + "VendorIDs": [ + "GO-2025-3563" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.23.8, 1.24.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1de48d5090e9f1cf3e65fbaba8b8c9b25c81062c208e68d88fc169126c0da996", + "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", + "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 3, + "ghsa": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/04/4", + "https://access.redhat.com/errata/RHSA-2025:9635", + "https://access.redhat.com/security/cve/CVE-2025-22871", + "https://bugzilla.redhat.com/2358493", + "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", + "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", + "https://errata.almalinux.org/9/ALSA-2025-9635.html", + "https://errata.rockylinux.org/RLSA-2025:9635", + "https://github.com/roadrunner-server/roadrunner", + "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", + "https://github.com/roadrunner-server/roadrunner/issues/2166", + "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", + "https://go.dev/cl/652998", + "https://go.dev/issue/71988", + "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", + "https://linux.oracle.com/cve/CVE-2025-22871.html", + "https://linux.oracle.com/errata/ELSA-2025-9845.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", + "https://pkg.go.dev/vuln/GO-2025-3563", + "https://www.cve.org/CVERecord?id=CVE-2025-22871" + ], + "PublishedDate": "2025-04-08T20:15:20.183Z", + "LastModifiedDate": "2026-05-12T13:16:39.897Z" + }, + { + "VulnerabilityID": "CVE-2025-22873", + "VendorIDs": [ + "GO-2026-4403" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.23.9, 1.24.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3cbe7dafd3c723b4d88294b71ea7bda49eeb8b957aac56f30674e33b9424d1d0", + "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", + "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-23" + ], + "VendorSeverity": { + "amazon": 2, + "bitnami": 1, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "V3Score": 3.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/06/2", + "https://access.redhat.com/security/cve/CVE-2025-22873", + "https://go.dev/cl/670036", + "https://go.dev/issue/73555", + "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", + "https://pkg.go.dev/vuln/GO-2026-4403", + "https://www.cve.org/CVERecord?id=CVE-2025-22873" + ], + "PublishedDate": "2026-02-04T23:15:54.22Z", + "LastModifiedDate": "2026-02-10T15:16:40.057Z" + }, + { + "VulnerabilityID": "CVE-2025-4673", + "VendorIDs": [ + "GO-2025-3751" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3e0cc6d3b80b138067d335af1e98893d34762bda534ef44c61d0cc57a1eba00e", + "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", + "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:15887", + "https://access.redhat.com/security/cve/CVE-2025-4673", + "https://bugzilla.redhat.com/2373305", + "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", + "https://errata.almalinux.org/9/ALSA-2025-15887.html", + "https://errata.rockylinux.org/RLSA-2025:15887", + "https://go.dev/cl/679257", + "https://go.dev/issue/73816", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://linux.oracle.com/cve/CVE-2025-4673.html", + "https://linux.oracle.com/errata/ELSA-2025-10677.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", + "https://pkg.go.dev/vuln/GO-2025-3751", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-4673" + ], + "PublishedDate": "2025-06-11T17:15:42.993Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-47906", + "VendorIDs": [ + "GO-2025-3956" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:45d36eb7e367894a52e35771e75c15dde4f576a16c0ba3ab2f7cf4bddddbb92d", + "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", + "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:22005", + "https://access.redhat.com/security/cve/CVE-2025-47906", + "https://bugzilla.redhat.com/2396546", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", + "https://errata.almalinux.org/9/ALSA-2025-22005.html", + "https://errata.rockylinux.org/RLSA-2025:22005", + "https://go.dev/cl/691775", + "https://go.dev/issue/74466", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47906.html", + "https://linux.oracle.com/errata/ELSA-2025-22668.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", + "https://pkg.go.dev/vuln/GO-2025-3956", + "https://www.cve.org/CVERecord?id=CVE-2025-47906" + ], + "PublishedDate": "2025-09-18T19:15:37.66Z", + "LastModifiedDate": "2026-01-27T19:56:17.707Z" + }, + { + "VulnerabilityID": "CVE-2025-47907", + "VendorIDs": [ + "GO-2025-3849" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a6e4fc6e10ccd252c6442afb6f6042834c691432701e4456495b53b6b72ebd9f", + "Title": "database/sql: Postgres Scan Race Condition", + "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:20909", + "https://access.redhat.com/security/cve/CVE-2025-47907", + "https://bugzilla.redhat.com/2387083", + "https://bugzilla.redhat.com/2393152", + "https://errata.almalinux.org/9/ALSA-2025-20909.html", + "https://go.dev/cl/693735", + "https://go.dev/issue/74831", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47907.html", + "https://linux.oracle.com/errata/ELSA-2025-20983.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", + "https://pkg.go.dev/vuln/GO-2025-3849", + "https://www.cve.org/CVERecord?id=CVE-2025-47907" + ], + "PublishedDate": "2025-08-07T16:15:30.357Z", + "LastModifiedDate": "2026-01-29T19:11:50.67Z" + }, + { + "VulnerabilityID": "CVE-2025-47912", + "VendorIDs": [ + "GO-2025-4010" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c3ef3f73294473347bade3fe54ff81bb1c7707582ff8ec8642a7804eb71d783a", + "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", + "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-47912", + "https://go.dev/cl/709857", + "https://go.dev/issue/75678", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", + "https://pkg.go.dev/vuln/GO-2025-4010", + "https://www.cve.org/CVERecord?id=CVE-2025-47912" + ], + "PublishedDate": "2025-10-29T23:16:18.187Z", + "LastModifiedDate": "2026-01-29T13:57:18.69Z" + }, + { + "VulnerabilityID": "CVE-2025-58183", + "VendorIDs": [ + "GO-2025-4014" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5eb2bd4bb2e394d321a1f5d71e3e9be6629c9384b221c6d3dadffc2b09c36567", + "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", + "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/errata/RHSA-2026:1381", + "https://access.redhat.com/security/cve/CVE-2025-58183", + "https://bugzilla.redhat.com/2407258", + "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", + "https://errata.almalinux.org/9/ALSA-2026-1381.html", + "https://errata.rockylinux.org/RLSA-2025:23326", + "https://go.dev/cl/709861", + "https://go.dev/issue/75677", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://linux.oracle.com/cve/CVE-2025-58183.html", + "https://linux.oracle.com/errata/ELSA-2026-50076.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", + "https://pkg.go.dev/vuln/GO-2025-4014", + "https://www.cve.org/CVERecord?id=CVE-2025-58183" + ], + "PublishedDate": "2025-10-29T23:16:19.357Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-58185", + "VendorIDs": [ + "GO-2025-4011" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1926bcffb74ecb99a43495fa59617d6f85fa4f02867eb45ea7da68335a382949", + "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", + "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58185", + "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", + "https://go.dev/cl/709856", + "https://go.dev/issue/75671", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", + "https://pkg.go.dev/vuln/GO-2025-4011", + "https://www.cve.org/CVERecord?id=CVE-2025-58185" + ], + "PublishedDate": "2025-10-29T23:16:19.45Z", + "LastModifiedDate": "2026-02-06T20:26:41.997Z" + }, + { + "VulnerabilityID": "CVE-2025-58187", + "VendorIDs": [ + "GO-2025-4007" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.9, 1.25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5ff8e998b0cc41c9d9e0537b8937a25725a3779c05caef5508eb80d70bd3db0d", + "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", + "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58187", + "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", + "https://go.dev/cl/709854", + "https://go.dev/issue/75681", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", + "https://pkg.go.dev/vuln/GO-2025-4007", + "https://www.cve.org/CVERecord?id=CVE-2025-58187" + ], + "PublishedDate": "2025-10-29T23:16:19.643Z", + "LastModifiedDate": "2026-01-29T16:02:27.08Z" + }, + { + "VulnerabilityID": "CVE-2025-58188", + "VendorIDs": [ + "GO-2025-4013" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:084ff6b88696845df2bbe3411f592730affab0e3fe22de78aa47659f612f2051", + "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", + "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58188", + "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", + "https://go.dev/cl/709853", + "https://go.dev/issue/75675", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", + "https://pkg.go.dev/vuln/GO-2025-4013", + "https://www.cve.org/CVERecord?id=CVE-2025-58188" + ], + "PublishedDate": "2025-10-29T23:16:19.74Z", + "LastModifiedDate": "2026-01-29T15:55:11.97Z" + }, + { + "VulnerabilityID": "CVE-2025-58189", + "VendorIDs": [ + "GO-2025-4008" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4426b40f2ae35922550f333855c69f823f939ef6967604f1a768a36dc46fcecf", + "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", + "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-532" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58189", + "https://go.dev/cl/707776", + "https://go.dev/issue/75652", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", + "https://pkg.go.dev/vuln/GO-2025-4008", + "https://www.cve.org/CVERecord?id=CVE-2025-58189" + ], + "PublishedDate": "2025-10-29T23:16:19.833Z", + "LastModifiedDate": "2026-01-29T15:49:24.543Z" + }, + { + "VulnerabilityID": "CVE-2025-61723", + "VendorIDs": [ + "GO-2025-4009" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d56542f2b9ba9fdf396e183fc8f2fd5735f0fe3c80ea655811d6c69a1557c862", + "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", + "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61723", + "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", + "https://go.dev/cl/709858", + "https://go.dev/issue/75676", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", + "https://pkg.go.dev/vuln/GO-2025-4009", + "https://www.cve.org/CVERecord?id=CVE-2025-61723" + ], + "PublishedDate": "2025-10-29T23:16:19.927Z", + "LastModifiedDate": "2026-01-29T15:49:05.343Z" + }, + { + "VulnerabilityID": "CVE-2025-61724", + "VendorIDs": [ + "GO-2025-4015" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e17b0d92a0006e67b59ae7b8cbecb82ca014df7291be6c3d7e7319d46d29624f", + "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", + "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61724", + "https://go.dev/cl/709859", + "https://go.dev/issue/75716", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", + "https://pkg.go.dev/vuln/GO-2025-4015", + "https://www.cve.org/CVERecord?id=CVE-2025-61724" + ], + "PublishedDate": "2025-10-29T23:16:20.02Z", + "LastModifiedDate": "2026-01-29T15:30:53.69Z" + }, + { + "VulnerabilityID": "CVE-2025-61725", + "VendorIDs": [ + "GO-2025-4006" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ec6002aac82cbc4a3957e80f4960fc18f0afe4e4f162a4b7bdd94aae74010485", + "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", + "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61725", + "https://go.dev/cl/709860", + "https://go.dev/issue/75680", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", + "https://pkg.go.dev/vuln/GO-2025-4006", + "https://www.cve.org/CVERecord?id=CVE-2025-61725" + ], + "PublishedDate": "2025-10-29T23:16:20.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61727", + "VendorIDs": [ + "GO-2025-4175" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a9005eb274a3da19ad1d7bc033a3ff298d0fff62f243f1bc6750d8ed57ea6ed6", + "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", + "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61727", + "https://go.dev/cl/723900", + "https://go.dev/issue/76442", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", + "https://pkg.go.dev/vuln/GO-2025-4175", + "https://www.cve.org/CVERecord?id=CVE-2025-61727" + ], + "PublishedDate": "2025-12-03T20:16:25.607Z", + "LastModifiedDate": "2025-12-18T20:15:10.957Z" + }, + { + "VulnerabilityID": "CVE-2025-61728", + "VendorIDs": [ + "GO-2026-4342" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2ff8710812fd184f57370e0f96de732dad11fbd1936598e149bd5dc21d59efee", + "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", + "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/15/4", + "https://access.redhat.com/errata/RHSA-2026:3753", + "https://access.redhat.com/security/cve/CVE-2025-61728", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434431", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3753.html", + "https://errata.rockylinux.org/RLSA-2026:3337", + "https://go.dev/cl/736713", + "https://go.dev/issue/77102", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61728.html", + "https://linux.oracle.com/errata/ELSA-2026-4672.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", + "https://pkg.go.dev/vuln/GO-2026-4342", + "https://www.cve.org/CVERecord?id=CVE-2025-61728" + ], + "PublishedDate": "2026-01-28T20:16:09.83Z", + "LastModifiedDate": "2026-02-06T18:45:10.42Z" + }, + { + "VulnerabilityID": "CVE-2025-61730", + "VendorIDs": [ + "GO-2026-4340" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:11ddfe222bb3b62ec53b8cb54143dc07d69b639d2da055b65741c6de1df8f830", + "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", + "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "bitnami": 2, + "cbl-mariner": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61730", + "https://go.dev/cl/724120", + "https://go.dev/issue/76443", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", + "https://pkg.go.dev/vuln/GO-2026-4340", + "https://www.cve.org/CVERecord?id=CVE-2025-61730" + ], + "PublishedDate": "2026-01-28T20:16:09.94Z", + "LastModifiedDate": "2026-02-03T20:36:41.3Z" + }, + { + "VulnerabilityID": "CVE-2026-27142", + "VendorIDs": [ + "GO-2026-4603" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:35b4eaaf41e187807c08ee8edca675ca37a1d89bf5930e622dc9d6afec4e1427", + "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", + "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27142", + "https://go.dev/cl/752081", + "https://go.dev/issue/77954", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", + "https://pkg.go.dev/vuln/GO-2026-4603", + "https://www.cve.org/CVERecord?id=CVE-2026-27142" + ], + "PublishedDate": "2026-03-06T22:16:01.177Z", + "LastModifiedDate": "2026-04-21T14:30:01.38Z" + }, + { + "VulnerabilityID": "CVE-2026-32282", + "VendorIDs": [ + "GO-2026-4864" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:73c7868fa52286a7cb1830ce94fa2ef4e498c68e0c9e8a6d75cf0347e4945578", + "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", + "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32282", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763761", + "https://go.dev/issue/78293", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32282.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", + "https://pkg.go.dev/vuln/GO-2026-4864", + "https://www.cve.org/CVERecord?id=CVE-2026-32282" + ], + "PublishedDate": "2026-04-08T02:16:03.467Z", + "LastModifiedDate": "2026-04-16T19:15:39.4Z" + }, + { + "VulnerabilityID": "CVE-2026-32288", + "VendorIDs": [ + "GO-2026-4869" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8e550396038349ecbe3bc934d1fb297c3a24a4b53473f8aa16113c498ce715b7", + "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", + "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32288", + "https://go.dev/cl/763766", + "https://go.dev/issue/78301", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", + "https://pkg.go.dev/vuln/GO-2026-4869", + "https://www.cve.org/CVERecord?id=CVE-2026-32288" + ], + "PublishedDate": "2026-04-08T02:16:03.707Z", + "LastModifiedDate": "2026-04-16T19:08:52.24Z" + }, + { + "VulnerabilityID": "CVE-2026-32289", + "VendorIDs": [ + "GO-2026-4865" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c732c9153c3a9ebfa8a30aa36ac65b167ddae0d36aa5642b6a0aa298362d0c54", + "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", + "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32289", + "https://go.dev/cl/763762", + "https://go.dev/issue/78331", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", + "https://pkg.go.dev/vuln/GO-2026-4865", + "https://www.cve.org/CVERecord?id=CVE-2026-32289" + ], + "PublishedDate": "2026-04-08T02:16:03.82Z", + "LastModifiedDate": "2026-04-16T19:06:57.367Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:61708ba8269ff9283b6d76a9d0e5b27dae15ccde2bd8c67b5419d4e03a18efd9", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ec38297b5cffcfac8d4c100d27b8a8c48c4357ba648e59b66360efd0d49820d5", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "d8e498cd18912e2c" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", + "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f1f8b92069bcbfcdd598648949164194c8b8c213b601f579c4a9384550289e8c", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + }, + { + "Target": "app/m3uproxy-cli", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "stdlib@v1.24.0", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "Version": "v1.24.0", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/a13labs/m3uproxy", + "Name": "github.com/a13labs/m3uproxy", + "Identifier": { + "PURL": "pkg:golang/github.com/a13labs/m3uproxy", + "UID": "43deb43cf675a76c" + }, + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/cobra@v1.8.1", + "Name": "github.com/spf13/cobra", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/cobra@v1.8.1", + "UID": "77fdda28177155f0" + }, + "Version": "v1.8.1", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/pflag@v1.0.5", + "Name": "github.com/spf13/pflag", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.5", + "UID": "a2f013c6d2492a69" + }, + "Version": "v1.0.5", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2025-68121", + "VendorIDs": [ + "GO-2026-4337" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:fbac25abb02c9a507983e541be3f260baeef92d21c0b57c4602da456a40ccd61", + "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", + "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 4, + "cbl-mariner": 2, + "nvd": 4, + "oracle-oval": 3, + "photon": 4, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-68121", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://github.com/golang/go/issues/77113", + "https://go.dev/cl/737700", + "https://go.dev/issue/77217", + "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-68121.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", + "https://pkg.go.dev/vuln/GO-2026-4337", + "https://www.cve.org/CVERecord?id=CVE-2025-68121" + ], + "PublishedDate": "2026-02-05T18:16:10.857Z", + "LastModifiedDate": "2026-04-29T14:16:16.17Z" + }, + { + "VulnerabilityID": "CVE-2025-22874", + "VendorIDs": [ + "GO-2025-3749" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22874", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:aa5987b5b18772ba9a6c763b6006a0ed32e94433b8e8cf82a9e9dcd3417f19a0", + "Title": "crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509", + "Description": "Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.", + "Severity": "HIGH", + "VendorSeverity": { + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "redhat": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22874", + "https://go.dev/cl/670375", + "https://go.dev/issue/73612", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22874", + "https://pkg.go.dev/vuln/GO-2025-3749", + "https://www.cve.org/CVERecord?id=CVE-2025-22874" + ], + "PublishedDate": "2025-06-11T17:15:42.167Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61726", + "VendorIDs": [ + "GO-2026-4341" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3e001ff441ee4865f85d04d59ab14e593de90444156ec2d3a4f515b6b10c43c4", + "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", + "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 3, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-61726", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://go.dev/cl/736712", + "https://go.dev/issue/77101", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61726.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", + "https://pkg.go.dev/vuln/GO-2026-4341", + "https://www.cve.org/CVERecord?id=CVE-2025-61726" + ], + "PublishedDate": "2026-01-28T20:16:09.713Z", + "LastModifiedDate": "2026-02-06T18:47:34.52Z" + }, + { + "VulnerabilityID": "CVE-2025-61729", + "VendorIDs": [ + "GO-2025-4155" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c0d82433b4af91c9a6f25649267dafcf7cfe2f7169d50ef5658d1c1bde579191", + "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", + "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 1, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3928", + "https://access.redhat.com/security/cve/CVE-2025-61729", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3928.html", + "https://errata.rockylinux.org/RLSA-2026:3928", + "https://go.dev/cl/725920", + "https://go.dev/issue/76445", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://linux.oracle.com/cve/CVE-2025-61729.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", + "https://pkg.go.dev/vuln/GO-2025-4155", + "https://www.cve.org/CVERecord?id=CVE-2025-61729" + ], + "PublishedDate": "2025-12-02T19:15:51.447Z", + "LastModifiedDate": "2025-12-19T18:25:28.283Z" + }, + { + "VulnerabilityID": "CVE-2026-25679", + "VendorIDs": [ + "GO-2026-4601" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:18dce9195bacaa7a9b28b15bb851fd47b475e4e7d99931529dd556a1050c8d8d", + "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", + "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-425" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9044", + "https://access.redhat.com/security/cve/CVE-2026-25679", + "https://bugzilla.redhat.com/2445356", + "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", + "https://errata.almalinux.org/9/ALSA-2026-9044.html", + "https://errata.rockylinux.org/RLSA-2026:8841", + "https://go.dev/cl/752180", + "https://go.dev/issue/77578", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://linux.oracle.com/cve/CVE-2026-25679.html", + "https://linux.oracle.com/errata/ELSA-2026-9044.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", + "https://pkg.go.dev/vuln/GO-2026-4601", + "https://www.cve.org/CVERecord?id=CVE-2026-25679" + ], + "PublishedDate": "2026-03-06T22:16:00.72Z", + "LastModifiedDate": "2026-04-21T14:43:03.8Z" + }, + { + "VulnerabilityID": "CVE-2026-32280", + "VendorIDs": [ + "GO-2026-4947" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4a0f74a8c1486265e9d44ead77ce2014a56863b68662fd1c9b8f1eeb50118855", + "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", + "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32280", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/758320", + "https://go.dev/issue/78282", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32280.html", + "https://linux.oracle.com/errata/ELSA-2026-16875.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", + "https://pkg.go.dev/vuln/GO-2026-4947", + "https://www.cve.org/CVERecord?id=CVE-2026-32280" + ], + "PublishedDate": "2026-04-08T02:16:03.247Z", + "LastModifiedDate": "2026-04-16T19:16:42.18Z" + }, + { + "VulnerabilityID": "CVE-2026-32281", + "VendorIDs": [ + "GO-2026-4946" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9b7e4d050412a68ace70e17cb53a8a22c84253b698171db18704752477953a17", + "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", + "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32281", + "https://go.dev/cl/758061", + "https://go.dev/issue/78281", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", + "https://pkg.go.dev/vuln/GO-2026-4946", + "https://www.cve.org/CVERecord?id=CVE-2026-32281" + ], + "PublishedDate": "2026-04-08T02:16:03.35Z", + "LastModifiedDate": "2026-04-16T19:15:57.75Z" + }, + { + "VulnerabilityID": "CVE-2026-32283", + "VendorIDs": [ + "GO-2026-4870" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7f9146101a80da5b3edb9c494a7230b39f8d36bb877decaa2d4dffcf25eff6f7", + "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", + "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32283", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763767", + "https://go.dev/issue/78334", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32283.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", + "https://pkg.go.dev/vuln/GO-2026-4870", + "https://www.cve.org/CVERecord?id=CVE-2026-32283" + ], + "PublishedDate": "2026-04-08T02:16:03.58Z", + "LastModifiedDate": "2026-04-16T19:12:10.54Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ecb9723d162dccfffb1bffa75cd832564f5d2db51aa91da967028c170ab26d9c", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:eb6247f67a2a363dc09ce03ae1f42fa838700aab09a6e77d3e5f2a77c0c08508", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:43e8f6eca08cf98a4582965b2a51a56cd2340feb94a846b87757f632e12e7e85", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:678b21486f095a29ffa06cab824448b3481b28d607060d85e6b4482a87154032", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:145d465d6ec6c41f3591817511ac91f92c361b91284b4e9cb94fe9c4111dbedb", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2025-0913", + "VendorIDs": [ + "GO-2025-3750" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:14e3559fa69db9ab44fc77e8f5df050b6e470e6f62e4c6174cf81dc90f9ba974", + "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", + "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://go.dev/cl/672396", + "https://go.dev/issue/73702", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", + "https://pkg.go.dev/vuln/GO-2025-3750" + ], + "PublishedDate": "2025-06-11T18:15:24.627Z", + "LastModifiedDate": "2025-08-08T14:53:03.55Z" + }, + { + "VulnerabilityID": "CVE-2025-22870", + "VendorIDs": [ + "GHSA-qxp5-gwg8-xv66", + "GO-2025-3503" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.23.7, 1.24.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:717f776616c32d76723cfcf69cf2859251c68a19d322fe5affce91964231a0c7", + "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", + "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-115" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/03/07/2", + "https://access.redhat.com/security/cve/CVE-2025-22870", + "https://github.com/golang/go/issues/71984", + "https://go-review.googlesource.com/q/project:net", + "https://go.dev/cl/654697", + "https://go.dev/issue/71984", + "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", + "https://pkg.go.dev/vuln/GO-2025-3503", + "https://security.netapp.com/advisory/ntap-20250509-0007", + "https://security.netapp.com/advisory/ntap-20250509-0007/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22870" + ], + "PublishedDate": "2025-03-12T19:15:38.31Z", + "LastModifiedDate": "2026-04-16T23:16:32.86Z" + }, + { + "VulnerabilityID": "CVE-2025-22871", + "VendorIDs": [ + "GO-2025-3563" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.23.8, 1.24.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:de8abcce0137efb655f8f19a38f9a1f6d55769a02bfbe3cae20d1493e95e7061", + "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", + "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 3, + "ghsa": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/04/4", + "https://access.redhat.com/errata/RHSA-2025:9635", + "https://access.redhat.com/security/cve/CVE-2025-22871", + "https://bugzilla.redhat.com/2358493", + "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", + "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", + "https://errata.almalinux.org/9/ALSA-2025-9635.html", + "https://errata.rockylinux.org/RLSA-2025:9635", + "https://github.com/roadrunner-server/roadrunner", + "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", + "https://github.com/roadrunner-server/roadrunner/issues/2166", + "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", + "https://go.dev/cl/652998", + "https://go.dev/issue/71988", + "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", + "https://linux.oracle.com/cve/CVE-2025-22871.html", + "https://linux.oracle.com/errata/ELSA-2025-9845.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", + "https://pkg.go.dev/vuln/GO-2025-3563", + "https://www.cve.org/CVERecord?id=CVE-2025-22871" + ], + "PublishedDate": "2025-04-08T20:15:20.183Z", + "LastModifiedDate": "2026-05-12T13:16:39.897Z" + }, + { + "VulnerabilityID": "CVE-2025-22873", + "VendorIDs": [ + "GO-2026-4403" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.23.9, 1.24.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a493997dea8b81ebe8d034fbf7229f7f126f53f2772f8615fee2478783ec5f7e", + "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", + "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-23" + ], + "VendorSeverity": { + "amazon": 2, + "bitnami": 1, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "V3Score": 3.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/06/2", + "https://access.redhat.com/security/cve/CVE-2025-22873", + "https://go.dev/cl/670036", + "https://go.dev/issue/73555", + "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", + "https://pkg.go.dev/vuln/GO-2026-4403", + "https://www.cve.org/CVERecord?id=CVE-2025-22873" + ], + "PublishedDate": "2026-02-04T23:15:54.22Z", + "LastModifiedDate": "2026-02-10T15:16:40.057Z" + }, + { + "VulnerabilityID": "CVE-2025-4673", + "VendorIDs": [ + "GO-2025-3751" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c6949a3b8fdd364bc51be9fb819c02a2b6aa0cfab481f47bb7f81391cfa9680d", + "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", + "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:15887", + "https://access.redhat.com/security/cve/CVE-2025-4673", + "https://bugzilla.redhat.com/2373305", + "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", + "https://errata.almalinux.org/9/ALSA-2025-15887.html", + "https://errata.rockylinux.org/RLSA-2025:15887", + "https://go.dev/cl/679257", + "https://go.dev/issue/73816", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://linux.oracle.com/cve/CVE-2025-4673.html", + "https://linux.oracle.com/errata/ELSA-2025-10677.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", + "https://pkg.go.dev/vuln/GO-2025-3751", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-4673" + ], + "PublishedDate": "2025-06-11T17:15:42.993Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-47906", + "VendorIDs": [ + "GO-2025-3956" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7f4f227afe5f9b7628aa6c7d42dbbe77a4347afdd3e85d4a99cd0133b381970f", + "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", + "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:22005", + "https://access.redhat.com/security/cve/CVE-2025-47906", + "https://bugzilla.redhat.com/2396546", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", + "https://errata.almalinux.org/9/ALSA-2025-22005.html", + "https://errata.rockylinux.org/RLSA-2025:22005", + "https://go.dev/cl/691775", + "https://go.dev/issue/74466", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47906.html", + "https://linux.oracle.com/errata/ELSA-2025-22668.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", + "https://pkg.go.dev/vuln/GO-2025-3956", + "https://www.cve.org/CVERecord?id=CVE-2025-47906" + ], + "PublishedDate": "2025-09-18T19:15:37.66Z", + "LastModifiedDate": "2026-01-27T19:56:17.707Z" + }, + { + "VulnerabilityID": "CVE-2025-47907", + "VendorIDs": [ + "GO-2025-3849" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e11c372d76c60b84e415ccf50ff96248104c4776090e36a6bbdf3bdf31f85839", + "Title": "database/sql: Postgres Scan Race Condition", + "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:20909", + "https://access.redhat.com/security/cve/CVE-2025-47907", + "https://bugzilla.redhat.com/2387083", + "https://bugzilla.redhat.com/2393152", + "https://errata.almalinux.org/9/ALSA-2025-20909.html", + "https://go.dev/cl/693735", + "https://go.dev/issue/74831", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47907.html", + "https://linux.oracle.com/errata/ELSA-2025-20983.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", + "https://pkg.go.dev/vuln/GO-2025-3849", + "https://www.cve.org/CVERecord?id=CVE-2025-47907" + ], + "PublishedDate": "2025-08-07T16:15:30.357Z", + "LastModifiedDate": "2026-01-29T19:11:50.67Z" + }, + { + "VulnerabilityID": "CVE-2025-47912", + "VendorIDs": [ + "GO-2025-4010" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:face088446f3df012712c6c89a339dd15ce032c359d25f2630571b85efaa2fa9", + "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", + "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-47912", + "https://go.dev/cl/709857", + "https://go.dev/issue/75678", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", + "https://pkg.go.dev/vuln/GO-2025-4010", + "https://www.cve.org/CVERecord?id=CVE-2025-47912" + ], + "PublishedDate": "2025-10-29T23:16:18.187Z", + "LastModifiedDate": "2026-01-29T13:57:18.69Z" + }, + { + "VulnerabilityID": "CVE-2025-58183", + "VendorIDs": [ + "GO-2025-4014" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:87a7a369757e3b9a804eb0cb2edcc13e3fce327f0255041ad6058f87b570431f", + "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", + "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/errata/RHSA-2026:1381", + "https://access.redhat.com/security/cve/CVE-2025-58183", + "https://bugzilla.redhat.com/2407258", + "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", + "https://errata.almalinux.org/9/ALSA-2026-1381.html", + "https://errata.rockylinux.org/RLSA-2025:23326", + "https://go.dev/cl/709861", + "https://go.dev/issue/75677", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://linux.oracle.com/cve/CVE-2025-58183.html", + "https://linux.oracle.com/errata/ELSA-2026-50076.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", + "https://pkg.go.dev/vuln/GO-2025-4014", + "https://www.cve.org/CVERecord?id=CVE-2025-58183" + ], + "PublishedDate": "2025-10-29T23:16:19.357Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-58185", + "VendorIDs": [ + "GO-2025-4011" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7e2799a1412409911152595e8bd69925a3c36e7576bb626a987b7ac2513775d6", + "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", + "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58185", + "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", + "https://go.dev/cl/709856", + "https://go.dev/issue/75671", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", + "https://pkg.go.dev/vuln/GO-2025-4011", + "https://www.cve.org/CVERecord?id=CVE-2025-58185" + ], + "PublishedDate": "2025-10-29T23:16:19.45Z", + "LastModifiedDate": "2026-02-06T20:26:41.997Z" + }, + { + "VulnerabilityID": "CVE-2025-58187", + "VendorIDs": [ + "GO-2025-4007" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.9, 1.25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:03957168aed607e69765663e7bacec042f249ec78bfe1e97eb9c7a6a41ab7e31", + "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", + "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58187", + "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", + "https://go.dev/cl/709854", + "https://go.dev/issue/75681", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", + "https://pkg.go.dev/vuln/GO-2025-4007", + "https://www.cve.org/CVERecord?id=CVE-2025-58187" + ], + "PublishedDate": "2025-10-29T23:16:19.643Z", + "LastModifiedDate": "2026-01-29T16:02:27.08Z" + }, + { + "VulnerabilityID": "CVE-2025-58188", + "VendorIDs": [ + "GO-2025-4013" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:404fc244b1683893db2c6fdcb36179d1793a77bf989171881d77d9bcea053719", + "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", + "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58188", + "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", + "https://go.dev/cl/709853", + "https://go.dev/issue/75675", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", + "https://pkg.go.dev/vuln/GO-2025-4013", + "https://www.cve.org/CVERecord?id=CVE-2025-58188" + ], + "PublishedDate": "2025-10-29T23:16:19.74Z", + "LastModifiedDate": "2026-01-29T15:55:11.97Z" + }, + { + "VulnerabilityID": "CVE-2025-58189", + "VendorIDs": [ + "GO-2025-4008" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:95d9879797a1465d90cf731e7b325f35477025ef1c00b4e57d9c5b1299ab0fd7", + "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", + "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-532" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58189", + "https://go.dev/cl/707776", + "https://go.dev/issue/75652", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", + "https://pkg.go.dev/vuln/GO-2025-4008", + "https://www.cve.org/CVERecord?id=CVE-2025-58189" + ], + "PublishedDate": "2025-10-29T23:16:19.833Z", + "LastModifiedDate": "2026-01-29T15:49:24.543Z" + }, + { + "VulnerabilityID": "CVE-2025-61723", + "VendorIDs": [ + "GO-2025-4009" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:32b2929f15af00e6ae112e4006a9669579d2e460e288c9393a8a04f4dacfbb30", + "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", + "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61723", + "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", + "https://go.dev/cl/709858", + "https://go.dev/issue/75676", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", + "https://pkg.go.dev/vuln/GO-2025-4009", + "https://www.cve.org/CVERecord?id=CVE-2025-61723" + ], + "PublishedDate": "2025-10-29T23:16:19.927Z", + "LastModifiedDate": "2026-01-29T15:49:05.343Z" + }, + { + "VulnerabilityID": "CVE-2025-61724", + "VendorIDs": [ + "GO-2025-4015" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a541e53d698e78e8f9a2d826369936799168dfb36160f0a68d261ffedfac8d46", + "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", + "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61724", + "https://go.dev/cl/709859", + "https://go.dev/issue/75716", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", + "https://pkg.go.dev/vuln/GO-2025-4015", + "https://www.cve.org/CVERecord?id=CVE-2025-61724" + ], + "PublishedDate": "2025-10-29T23:16:20.02Z", + "LastModifiedDate": "2026-01-29T15:30:53.69Z" + }, + { + "VulnerabilityID": "CVE-2025-61725", + "VendorIDs": [ + "GO-2025-4006" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:fd45d9824687058455dfd85503f1e3cb6d15bcb87d407a6d7c8d1708a70b53c3", + "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", + "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61725", + "https://go.dev/cl/709860", + "https://go.dev/issue/75680", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", + "https://pkg.go.dev/vuln/GO-2025-4006", + "https://www.cve.org/CVERecord?id=CVE-2025-61725" + ], + "PublishedDate": "2025-10-29T23:16:20.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61727", + "VendorIDs": [ + "GO-2025-4175" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9fb1d27247822288e34ac76d0f825aacf33084ae3cb34ce2b9798eb71b18b852", + "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", + "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61727", + "https://go.dev/cl/723900", + "https://go.dev/issue/76442", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", + "https://pkg.go.dev/vuln/GO-2025-4175", + "https://www.cve.org/CVERecord?id=CVE-2025-61727" + ], + "PublishedDate": "2025-12-03T20:16:25.607Z", + "LastModifiedDate": "2025-12-18T20:15:10.957Z" + }, + { + "VulnerabilityID": "CVE-2025-61728", + "VendorIDs": [ + "GO-2026-4342" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:36635ce6da88608bd289d58d014f6884c5810897d6c8c3ee969a9175fde6b53b", + "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", + "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/15/4", + "https://access.redhat.com/errata/RHSA-2026:3753", + "https://access.redhat.com/security/cve/CVE-2025-61728", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434431", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3753.html", + "https://errata.rockylinux.org/RLSA-2026:3337", + "https://go.dev/cl/736713", + "https://go.dev/issue/77102", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61728.html", + "https://linux.oracle.com/errata/ELSA-2026-4672.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", + "https://pkg.go.dev/vuln/GO-2026-4342", + "https://www.cve.org/CVERecord?id=CVE-2025-61728" + ], + "PublishedDate": "2026-01-28T20:16:09.83Z", + "LastModifiedDate": "2026-02-06T18:45:10.42Z" + }, + { + "VulnerabilityID": "CVE-2025-61730", + "VendorIDs": [ + "GO-2026-4340" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d4e17988ed3e2de0ced4c39f9cbe761cc1607d815406eaceac26e37868867d3b", + "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", + "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "bitnami": 2, + "cbl-mariner": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61730", + "https://go.dev/cl/724120", + "https://go.dev/issue/76443", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", + "https://pkg.go.dev/vuln/GO-2026-4340", + "https://www.cve.org/CVERecord?id=CVE-2025-61730" + ], + "PublishedDate": "2026-01-28T20:16:09.94Z", + "LastModifiedDate": "2026-02-03T20:36:41.3Z" + }, + { + "VulnerabilityID": "CVE-2026-27142", + "VendorIDs": [ + "GO-2026-4603" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e702650c51171694124bc498fc34fc5c50835aa1e8c7b912be99fd7325d44b93", + "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", + "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27142", + "https://go.dev/cl/752081", + "https://go.dev/issue/77954", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", + "https://pkg.go.dev/vuln/GO-2026-4603", + "https://www.cve.org/CVERecord?id=CVE-2026-27142" + ], + "PublishedDate": "2026-03-06T22:16:01.177Z", + "LastModifiedDate": "2026-04-21T14:30:01.38Z" + }, + { + "VulnerabilityID": "CVE-2026-32282", + "VendorIDs": [ + "GO-2026-4864" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4758cd4bf2e5ce48ddb2568fde21fca967cef3f52d475f3576ee12610a3d5697", + "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", + "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32282", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763761", + "https://go.dev/issue/78293", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32282.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", + "https://pkg.go.dev/vuln/GO-2026-4864", + "https://www.cve.org/CVERecord?id=CVE-2026-32282" + ], + "PublishedDate": "2026-04-08T02:16:03.467Z", + "LastModifiedDate": "2026-04-16T19:15:39.4Z" + }, + { + "VulnerabilityID": "CVE-2026-32288", + "VendorIDs": [ + "GO-2026-4869" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:117344d0a968378231743d4a6287031b7f8e8d2568ad4616cd25a8b66b341b3f", + "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", + "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32288", + "https://go.dev/cl/763766", + "https://go.dev/issue/78301", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", + "https://pkg.go.dev/vuln/GO-2026-4869", + "https://www.cve.org/CVERecord?id=CVE-2026-32288" + ], + "PublishedDate": "2026-04-08T02:16:03.707Z", + "LastModifiedDate": "2026-04-16T19:08:52.24Z" + }, + { + "VulnerabilityID": "CVE-2026-32289", + "VendorIDs": [ + "GO-2026-4865" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:01a1732855fd357407fed60243b1e453c7fae9dae007a017d2f1384684d271a7", + "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", + "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32289", + "https://go.dev/cl/763762", + "https://go.dev/issue/78331", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", + "https://pkg.go.dev/vuln/GO-2026-4865", + "https://www.cve.org/CVERecord?id=CVE-2026-32289" + ], + "PublishedDate": "2026-04-08T02:16:03.82Z", + "LastModifiedDate": "2026-04-16T19:06:57.367Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:80fb167a7b7090045b03f986c6cb4d558e489c826553356f444ed6f021434288", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:77eaa6b9975a6ad0215702dcf457032e9c745f866d44c3ccb4d636546bd33703", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.24.0", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.0", + "UID": "5c95850c72f6e0cb" + }, + "InstalledVersion": "v1.24.0", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", + "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2e78e6ad436e7f73f0851b5d38780a3bc38bee64aa8b07b2b9916a72bbca7be2", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + } + ] + }, + { + "Namespace": "m3uproxy", + "Kind": "Deployment", + "Name": "proxy-pt", + "Metadata": [ + { + "Size": 100374016, + "OS": { + "Family": "alpine", + "Name": "3.20.3", + "EOSL": true + }, + "ImageID": "sha256:373cc84d6ce9052d80e22a8c80f1c2a80a66eb5982a2dcc020af13e7d5520439", + "DiffIDs": [ + "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33", + "sha256:8cf796425b7c1aeb4db19c2affb3e8d833cbad96e0b47d693b2ff19276400368", + "sha256:799b24214ac2010c522653a3ba544da09a3ea51fb09fda7f60ca77b378b7a451", + "sha256:1e9ddb120aa5a56687ddde743fba8a3da4c427a38935482869582e94c6b73ae8", + "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746", + "sha256:1636f1be3bfe0cb31548ddfc2af2d6a2a3f43b039e8eeebedce33033bbeb5efb", + "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a", + "sha256:2f00568f63073659c16e501b74cc9a288bf09def94387087e5866ffab2958516" + ], + "RepoTags": [ + "linuxserver/wireguard:1.0.20210914-r4-ls54" + ], + "RepoDigests": [ + "linuxserver/wireguard@sha256:366b3fb35663fcc58991a7681c2d714465b61de0e99f0ed32d1903213ef900de" + ], + "Reference": "linuxserver/wireguard:1.0.20210914-r4-ls54", + "ImageConfig": { + "architecture": "amd64", + "created": "2024-10-03T11:28:28.684432957Z", + "history": [ + { + "created": "2024-09-28T13:38:40.331226732Z", + "created_by": "COPY /root-out/ / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-09-28T13:38:40.40557434Z", + "created_by": "ARG BUILD_DATE=2024-09-28T13:36:59+00:00", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-09-28T13:38:40.40557434Z", + "created_by": "ARG VERSION=2a6ecb14-ls14", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-09-28T13:38:40.40557434Z", + "created_by": "ARG MODS_VERSION=v3", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-09-28T13:38:40.40557434Z", + "created_by": "ARG PKG_INST_VERSION=v1", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-09-28T13:38:40.40557434Z", + "created_by": "ARG LSIOWN_VERSION=v1", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-09-28T13:38:40.40557434Z", + "created_by": "LABEL build_version=Linuxserver.io version:- 2a6ecb14-ls14 Build-date:- 2024-09-28T13:36:59+00:00", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-09-28T13:38:40.40557434Z", + "created_by": "LABEL maintainer=TheLamer", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-09-28T13:38:40.40557434Z", + "created_by": "ADD --chmod=755 https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/docker-mods.v3 /docker-mods # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-09-28T13:38:40.449099667Z", + "created_by": "ADD --chmod=755 https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/package-install.v1 /etc/s6-overlay/s6-rc.d/init-mods-package-install/run # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-09-28T13:38:40.480697404Z", + "created_by": "ADD --chmod=755 https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/lsiown.v1 /usr/bin/lsiown # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-09-28T13:38:40.480697404Z", + "created_by": "ENV PS1=$(whoami)@$(hostname):$(pwd)\\$ HOME=/root TERM=xterm S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 S6_VERBOSITY=1 S6_STAGE2_HOOK=/docker-mods VIRTUAL_ENV=/lsiopy PATH=/lsiopy/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-09-28T13:38:42.461191Z", + "created_by": "RUN |5 BUILD_DATE=2024-09-28T13:36:59+00:00 VERSION=2a6ecb14-ls14 MODS_VERSION=v3 PKG_INST_VERSION=v1 LSIOWN_VERSION=v1 /bin/sh -c echo \"**** install runtime packages ****\" \u0026\u0026 apk add --no-cache alpine-release bash ca-certificates catatonit coreutils curl findutils jq netcat-openbsd procps-ng shadow tzdata \u0026\u0026 echo \"**** create abc user and make our folders ****\" \u0026\u0026 groupmod -g 1000 users \u0026\u0026 useradd -u 911 -U -d /config -s /bin/false abc \u0026\u0026 usermod -G users abc \u0026\u0026 mkdir -p /app /config /defaults /lsiopy \u0026\u0026 echo \"**** cleanup ****\" \u0026\u0026 rm -rf /tmp/* # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-09-28T13:38:42.53035672Z", + "created_by": "COPY root/ / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-09-28T13:38:42.53035672Z", + "created_by": "ENTRYPOINT [\"/init\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-10-03T11:28:28.643277213Z", + "created_by": "ENV LSIO_FIRST_PARTY=true", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-10-03T11:28:28.643277213Z", + "created_by": "ARG BUILD_DATE=2024-10-03T11:27:04+00:00", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-10-03T11:28:28.643277213Z", + "created_by": "ARG VERSION=1.0.20210914-r4-ls54", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-10-03T11:28:28.643277213Z", + "created_by": "ARG WIREGUARD_RELEASE", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-10-03T11:28:28.643277213Z", + "created_by": "LABEL build_version=Linuxserver.io version:- 1.0.20210914-r4-ls54 Build-date:- 2024-10-03T11:27:04+00:00", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-10-03T11:28:28.643277213Z", + "created_by": "LABEL maintainer=thespad", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-10-03T11:28:28.643277213Z", + "created_by": "RUN |3 BUILD_DATE=2024-10-03T11:27:04+00:00 VERSION=1.0.20210914-r4-ls54 WIREGUARD_RELEASE= /bin/sh -c echo \"**** install dependencies ****\" \u0026\u0026 apk add --no-cache bc coredns grep iproute2 iptables iptables-legacy ip6tables iputils kmod libcap-utils libqrencode-tools net-tools openresolv wireguard-tools \u0026\u0026 echo \"wireguard\" \u003e\u003e /etc/modules \u0026\u0026 cd /sbin \u0026\u0026 for i in ! !-save !-restore; do rm -rf iptables$(echo \"${i}\" | cut -c2-) \u0026\u0026 rm -rf ip6tables$(echo \"${i}\" | cut -c2-) \u0026\u0026 ln -s iptables-legacy$(echo \"${i}\" | cut -c2-) iptables$(echo \"${i}\" | cut -c2-) \u0026\u0026 ln -s ip6tables-legacy$(echo \"${i}\" | cut -c2-) ip6tables$(echo \"${i}\" | cut -c2-); done \u0026\u0026 sed -i 's|\\[\\[ $proto == -4 \\]\\] \u0026\u0026 cmd sysctl -q net\\.ipv4\\.conf\\.all\\.src_valid_mark=1|[[ $proto == -4 ]] \\\u0026\\\u0026 [[ $(sysctl -n net.ipv4.conf.all.src_valid_mark) != 1 ]] \\\u0026\\\u0026 cmd sysctl -q net.ipv4.conf.all.src_valid_mark=1|' /usr/bin/wg-quick \u0026\u0026 rm -rf /etc/wireguard \u0026\u0026 ln -s /config/wg_confs /etc/wireguard \u0026\u0026 printf \"Linuxserver.io version: ${VERSION}\\nBuild-date: ${BUILD_DATE}\" \u003e /build_version \u0026\u0026 echo \"**** clean up ****\" \u0026\u0026 rm -rf /tmp/* # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-10-03T11:28:28.684432957Z", + "created_by": "COPY /root / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-10-03T11:28:28.684432957Z", + "created_by": "EXPOSE map[51820/udp:{}]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33", + "sha256:8cf796425b7c1aeb4db19c2affb3e8d833cbad96e0b47d693b2ff19276400368", + "sha256:799b24214ac2010c522653a3ba544da09a3ea51fb09fda7f60ca77b378b7a451", + "sha256:1e9ddb120aa5a56687ddde743fba8a3da4c427a38935482869582e94c6b73ae8", + "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746", + "sha256:1636f1be3bfe0cb31548ddfc2af2d6a2a3f43b039e8eeebedce33033bbeb5efb", + "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a", + "sha256:2f00568f63073659c16e501b74cc9a288bf09def94387087e5866ffab2958516" + ] + }, + "config": { + "Entrypoint": [ + "/init" + ], + "Env": [ + "PATH=/lsiopy/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "PS1=$(whoami)@$(hostname):$(pwd)\\$ ", + "HOME=/root", + "TERM=xterm", + "S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0", + "S6_VERBOSITY=1", + "S6_STAGE2_HOOK=/docker-mods", + "VIRTUAL_ENV=/lsiopy", + "LSIO_FIRST_PARTY=true" + ], + "Labels": { + "build_version": "Linuxserver.io version:- 1.0.20210914-r4-ls54 Build-date:- 2024-10-03T11:27:04+00:00", + "maintainer": "thespad", + "org.opencontainers.image.authors": "linuxserver.io", + "org.opencontainers.image.created": "2024-10-03T11:27:04+00:00", + "org.opencontainers.image.description": "[WireGuard®](https://www.wireguard.com/) is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.", + "org.opencontainers.image.documentation": "https://docs.linuxserver.io/images/docker-wireguard", + "org.opencontainers.image.licenses": "GPL-3.0-only", + "org.opencontainers.image.ref.name": "b4f31ddcf8373009a86a723b3ec2e3662c82b535", + "org.opencontainers.image.revision": "b4f31ddcf8373009a86a723b3ec2e3662c82b535", + "org.opencontainers.image.source": "https://github.com/linuxserver/docker-wireguard", + "org.opencontainers.image.title": "Wireguard", + "org.opencontainers.image.url": "https://github.com/linuxserver/docker-wireguard/packages", + "org.opencontainers.image.vendor": "linuxserver.io", + "org.opencontainers.image.version": "1.0.20210914-r4-ls54" + }, + "WorkingDir": "/", + "ExposedPorts": { + "51820/udp": {} + } + } + }, + "Layers": [ + { + "Size": 13608960, + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + { + "Size": 27136, + "Digest": "sha256:df25a931801a3f099815b275c9959fb0ab6affd88255040d202d9317338dea43", + "DiffID": "sha256:8cf796425b7c1aeb4db19c2affb3e8d833cbad96e0b47d693b2ff19276400368" + }, + { + "Size": 8192, + "Digest": "sha256:ab0ddebe54a67a1fcdf3f9536a9e869be50b5205d556c8a646496a8e1ca6a048", + "DiffID": "sha256:799b24214ac2010c522653a3ba544da09a3ea51fb09fda7f60ca77b378b7a451" + }, + { + "Size": 3584, + "Digest": "sha256:19f39f464468ce65076a4d16a10067f5c016e48ed60b7576328a4b89d79b9ed7", + "DiffID": "sha256:1e9ddb120aa5a56687ddde743fba8a3da4c427a38935482869582e94c6b73ae8" + }, + { + "Size": 14794240, + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + { + "Size": 74240, + "Digest": "sha256:339ecd878087fb7b73b438de330b942245fe18c8275fc5bedc34e1542b91eca9", + "DiffID": "sha256:1636f1be3bfe0cb31548ddfc2af2d6a2a3f43b039e8eeebedce33033bbeb5efb" + }, + { + "Size": 71812608, + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + { + "Size": 45056, + "Digest": "sha256:fcae2373559cdc79d2a5f9e0cde437c82fddde7061e711dd5b1cf66de0a76f22", + "DiffID": "sha256:2f00568f63073659c16e501b74cc9a288bf09def94387087e5866ffab2958516" + } + ] + } + ], + "Results": [ + { + "Target": "linuxserver/wireguard:1.0.20210914-r4-ls54 (alpine 3.20.3)", + "Class": "os-pkgs", + "Type": "alpine", + "Packages": [ + { + "ID": "alpine-baselayout@3.6.5-r0", + "Name": "alpine-baselayout", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout@3.6.5-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "f831425e4ab9f6ea" + }, + "Version": "3.6.5-r0", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.6.5-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-baselayout-data@3.6.5-r0", + "busybox-binsh@1.36.1-r29" + ], + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "Digest": "sha1:a8a719fa3db7c6cb005e681086438ef1d1e76d6c", + "InstalledFiles": [ + "etc/motd", + "etc/crontabs/root", + "etc/modprobe.d/aliases.conf", + "etc/modprobe.d/blacklist.conf", + "etc/modprobe.d/i386.conf", + "etc/modprobe.d/kms.conf", + "etc/profile.d/20locale.sh", + "etc/profile.d/README", + "etc/profile.d/color_prompt.sh.disabled", + "lib/sysctl.d/00-alpine.conf", + "var/run", + "var/spool/mail", + "var/spool/cron/crontabs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-baselayout-data@3.6.5-r0", + "Name": "alpine-baselayout-data", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.6.5-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "85afdab525a9fa9b" + }, + "Version": "3.6.5-r0", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.6.5-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "Digest": "sha1:ee68a6fb02f7e62304b428b0404a2fc1e2fc353d", + "InstalledFiles": [ + "etc/fstab", + "etc/group", + "etc/hostname", + "etc/hosts", + "etc/inittab", + "etc/modules", + "etc/mtab", + "etc/nsswitch.conf", + "etc/passwd", + "etc/profile", + "etc/protocols", + "etc/services", + "etc/shadow", + "etc/shells", + "etc/sysctl.conf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-keys@2.4-r1", + "Name": "alpine-keys", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64\u0026distro=3.20.3", + "UID": "b576915115d327d5" + }, + "Version": "2.4-r1", + "Arch": "x86_64", + "SrcName": "alpine-keys", + "SrcVersion": "2.4-r1", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "Digest": "sha1:78ab5150a3919e474204e0f91972d1cf0a344f9d", + "InstalledFiles": [ + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-release@3.20.3-r0", + "Name": "alpine-release", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-release@3.20.3-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "77afb69bae9a106b" + }, + "Version": "3.20.3-r0", + "Arch": "x86_64", + "SrcName": "alpine-base", + "SrcVersion": "3.20.3-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-keys@2.4-r1" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:c56929e1a65a8322cff95f5766591fafd09aed9e", + "InstalledFiles": [ + "etc/alpine-release", + "etc/issue", + "etc/os-release", + "etc/secfixes.d/alpine" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "apk-tools@2.14.4-r0", + "Name": "apk-tools", + "Identifier": { + "PURL": "pkg:apk/alpine/apk-tools@2.14.4-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "53f26058667c8622" + }, + "Version": "2.14.4-r0", + "Arch": "x86_64", + "SrcName": "apk-tools", + "SrcVersion": "2.14.4-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "ca-certificates-bundle@20240705-r0", + "libcrypto3@3.3.2-r0", + "libssl3@3.3.2-r0", + "musl@1.2.5-r0", + "zlib@1.3.1-r1" + ], + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "Digest": "sha1:a8c5ec2451b123ac57e39b0cb6ceccdaf26d5099", + "InstalledFiles": [ + "lib/libapk.so.2.14.0", + "sbin/apk" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "bash@5.2.26-r0", + "Name": "bash", + "Identifier": { + "PURL": "pkg:apk/alpine/bash@5.2.26-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "fd910c89ac2ef2b5" + }, + "Version": "5.2.26-r0", + "Arch": "x86_64", + "SrcName": "bash", + "SrcVersion": "5.2.26-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.36.1-r29", + "musl@1.2.5-r0", + "readline@8.2.10-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:4fbc9b6abbbb735f61cbd80d59b40d75d5a2c853", + "InstalledFiles": [ + "bin/bash", + "etc/bash/bashrc", + "etc/profile.d/00-bashrc.sh", + "usr/lib/bash/accept", + "usr/lib/bash/basename", + "usr/lib/bash/csv", + "usr/lib/bash/cut", + "usr/lib/bash/dirname", + "usr/lib/bash/dsv", + "usr/lib/bash/fdflags", + "usr/lib/bash/finfo", + "usr/lib/bash/getconf", + "usr/lib/bash/head", + "usr/lib/bash/id", + "usr/lib/bash/ln", + "usr/lib/bash/logname", + "usr/lib/bash/mkdir", + "usr/lib/bash/mkfifo", + "usr/lib/bash/mktemp", + "usr/lib/bash/mypid", + "usr/lib/bash/pathchk", + "usr/lib/bash/print", + "usr/lib/bash/printenv", + "usr/lib/bash/push", + "usr/lib/bash/realpath", + "usr/lib/bash/rm", + "usr/lib/bash/rmdir", + "usr/lib/bash/seq", + "usr/lib/bash/setpgid", + "usr/lib/bash/sleep", + "usr/lib/bash/stat", + "usr/lib/bash/strftime", + "usr/lib/bash/sync", + "usr/lib/bash/tee", + "usr/lib/bash/truefalse", + "usr/lib/bash/tty", + "usr/lib/bash/uname", + "usr/lib/bash/unlink", + "usr/lib/bash/whoami" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "bc@1.07.1-r4", + "Name": "bc", + "Identifier": { + "PURL": "pkg:apk/alpine/bc@1.07.1-r4?arch=x86_64\u0026distro=3.20.3", + "UID": "23a0fb72a9dd6e2" + }, + "Version": "1.07.1-r4", + "Arch": "x86_64", + "SrcName": "bc", + "SrcVersion": "1.07.1-r4", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0", + "readline@8.2.10-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:5845bbf3f89b03778a7629ce23dc9d692bafa364", + "InstalledFiles": [ + "usr/bin/bc", + "usr/bin/dc" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "brotli-libs@1.1.0-r2", + "Name": "brotli-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/brotli-libs@1.1.0-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "5d43ec95bd9b8f91" + }, + "Version": "1.1.0-r2", + "Arch": "x86_64", + "SrcName": "brotli", + "SrcVersion": "1.1.0-r2", + "Licenses": [ + "MIT" + ], + "Maintainer": "prspkt \u003cprspkt@protonmail.com\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:bc58ba1128a8703ca7ab3d7097a07bf095d9ddcd", + "InstalledFiles": [ + "usr/lib/libbrotlicommon.so.1", + "usr/lib/libbrotlicommon.so.1.1.0", + "usr/lib/libbrotlidec.so.1", + "usr/lib/libbrotlidec.so.1.1.0", + "usr/lib/libbrotlienc.so.1", + "usr/lib/libbrotlienc.so.1.1.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox@1.36.1-r29", + "Name": "busybox", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox@1.36.1-r29?arch=x86_64\u0026distro=3.20.3", + "UID": "9dbf157a22e0026b" + }, + "Version": "1.36.1-r29", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.36.1-r29", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "Digest": "sha1:c98f2584c17556181e8098247177ea68d69b0c9c", + "InstalledFiles": [ + "bin/busybox", + "etc/securetty", + "etc/busybox-paths.d/busybox", + "etc/logrotate.d/acpid", + "etc/network/if-up.d/dad", + "etc/udhcpc/udhcpc.conf", + "usr/share/udhcpc/default.script" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox-binsh@1.36.1-r29", + "Name": "busybox-binsh", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.36.1-r29?arch=x86_64\u0026distro=3.20.3", + "UID": "4c63f123e59f14cd" + }, + "Version": "1.36.1-r29", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.36.1-r29", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "busybox@1.36.1-r29" + ], + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "Digest": "sha1:8758e1e06605e5818449aff862e105b80b6f34bf", + "InstalledFiles": [ + "bin/sh" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "c-ares@1.33.1-r0", + "Name": "c-ares", + "Identifier": { + "PURL": "pkg:apk/alpine/c-ares@1.33.1-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "4248b5f3df939df6" + }, + "Version": "1.33.1-r0", + "Arch": "x86_64", + "SrcName": "c-ares", + "SrcVersion": "1.33.1-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:53a5a70bfac8242c69a0c0e46fbdf16648e4cfd7", + "InstalledFiles": [ + "usr/lib/libcares.so.2", + "usr/lib/libcares.so.2.18.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates@20240705-r0", + "Name": "ca-certificates", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates@20240705-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "17625b661ccac1a8" + }, + "Version": "20240705-r0", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20240705-r0", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.36.1-r29", + "libcrypto3@3.3.2-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:f87752f100dc5cd7cd220fb0acc7ef2a8dce64ec", + "InstalledFiles": [ + "etc/ca-certificates.conf", + "etc/apk/protected_paths.d/ca-certificates.list", + "etc/ca-certificates/update.d/certhash", + "usr/bin/c_rehash", + "usr/sbin/update-ca-certificates", + "usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", + "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", + "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", + "usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", + "usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", + "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", + "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", + "usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", + "usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", + "usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", + "usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", + "usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", + "usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", + "usr/share/ca-certificates/mozilla/Certigna.crt", + "usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-01.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-02.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-01.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-02.crt", + "usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", + "usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", + "usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", + "usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G4.crt", + "usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", + "usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", + "usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", + "usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", + "usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", + "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", + "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", + "usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", + "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", + "usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", + "usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/Izenpe.com.crt", + "usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", + "usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", + "usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", + "usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", + "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", + "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", + "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", + "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", + "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", + "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", + "usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", + "usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", + "usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", + "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", + "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", + "usr/share/ca-certificates/mozilla/SecureSign_RootCA11.crt", + "usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", + "usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", + "usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", + "usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", + "usr/share/ca-certificates/mozilla/Security_Communication_RootCA3.crt", + "usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", + "usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", + "usr/share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt", + "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", + "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", + "usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", + "usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", + "usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", + "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", + "usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", + "usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", + "usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", + "usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", + "usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", + "usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", + "usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", + "usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", + "usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", + "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", + "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", + "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", + "usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", + "usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates-bundle@20240705-r0", + "Name": "ca-certificates-bundle", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates-bundle@20240705-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "3eee7d032ad5ff1a" + }, + "Version": "20240705-r0", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20240705-r0", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "Digest": "sha1:a927e8d0fd49c6cff7692a115ce237ed1bd62894", + "InstalledFiles": [ + "etc/ssl/cert.pem", + "etc/ssl/certs/ca-certificates.crt", + "etc/ssl1.1/cert.pem", + "etc/ssl1.1/certs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "catatonit@0.2.0-r0", + "Name": "catatonit", + "Identifier": { + "PURL": "pkg:apk/alpine/catatonit@0.2.0-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "def5b7093e46f779" + }, + "Version": "0.2.0-r0", + "Arch": "x86_64", + "SrcName": "catatonit", + "SrcVersion": "0.2.0-r0", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Michał Polański \u003cmichal@polanski.me\u003e", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:a70336616355d8a7a3958e9047690f9c4803e158", + "InstalledFiles": [ + "usr/bin/catatonit", + "usr/libexec/podman/catatonit" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "coredns@1.11.1-r9", + "Name": "coredns", + "Identifier": { + "PURL": "pkg:apk/alpine/coredns@1.11.1-r9?arch=x86_64\u0026distro=3.20.3", + "UID": "b4571c5dd52cb45d" + }, + "Version": "1.11.1-r9", + "Arch": "x86_64", + "SrcName": "coredns", + "SrcVersion": "1.11.1-r9", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Mark Pashmfouroush \u003cmark@markpash.me\u003e", + "DependsOn": [ + "busybox-binsh@1.36.1-r29", + "musl@1.2.5-r0", + "unbound-libs@1.20.0-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:8bcef7f97e9d63be2e0e8369bb12336148aa9c49", + "InstalledFiles": [ + "etc/logrotate.d/coredns", + "usr/bin/coredns" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "coreutils@9.5-r1", + "Name": "coreutils", + "Identifier": { + "PURL": "pkg:apk/alpine/coreutils@9.5-r1?arch=x86_64\u0026distro=3.20.3", + "UID": "9b1e19fe4f22a77e" + }, + "Version": "9.5-r1", + "Arch": "x86_64", + "SrcName": "coreutils", + "SrcVersion": "9.5-r1", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.36.1-r29", + "coreutils-env@9.5-r1", + "coreutils-fmt@9.5-r1", + "coreutils-sha512sum@9.5-r1", + "libacl@2.3.2-r0", + "libattr@2.5.2-r0", + "libcrypto3@3.3.2-r0", + "musl@1.2.5-r0", + "utmps-libs@0.1.2.2-r1" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:db95b051914f9628b6dfa966ae44e2c3f7166a34", + "InstalledFiles": [ + "bin/base64", + "bin/cat", + "bin/chgrp", + "bin/chmod", + "bin/chown", + "bin/cp", + "bin/date", + "bin/dd", + "bin/df", + "bin/echo", + "bin/false", + "bin/ln", + "bin/ls", + "bin/mkdir", + "bin/mknod", + "bin/mktemp", + "bin/mv", + "bin/nice", + "bin/printenv", + "bin/pwd", + "bin/rm", + "bin/rmdir", + "bin/sleep", + "bin/stat", + "bin/stty", + "bin/sync", + "bin/touch", + "bin/true", + "bin/uname", + "usr/bin/[", + "usr/bin/b2sum", + "usr/bin/base32", + "usr/bin/basename", + "usr/bin/basenc", + "usr/bin/chcon", + "usr/bin/cksum", + "usr/bin/comm", + "usr/bin/coreutils", + "usr/bin/csplit", + "usr/bin/cut", + "usr/bin/dir", + "usr/bin/dircolors", + "usr/bin/dirname", + "usr/bin/du", + "usr/bin/expand", + "usr/bin/expr", + "usr/bin/factor", + "usr/bin/fold", + "usr/bin/head", + "usr/bin/hostid", + "usr/bin/id", + "usr/bin/install", + "usr/bin/join", + "usr/bin/link", + "usr/bin/logname", + "usr/bin/md5sum", + "usr/bin/mkfifo", + "usr/bin/nl", + "usr/bin/nohup", + "usr/bin/nproc", + "usr/bin/numfmt", + "usr/bin/od", + "usr/bin/paste", + "usr/bin/pathchk", + "usr/bin/pinky", + "usr/bin/pr", + "usr/bin/printf", + "usr/bin/ptx", + "usr/bin/readlink", + "usr/bin/realpath", + "usr/bin/runcon", + "usr/bin/seq", + "usr/bin/sha1sum", + "usr/bin/sha224sum", + "usr/bin/sha256sum", + "usr/bin/sha384sum", + "usr/bin/shred", + "usr/bin/shuf", + "usr/bin/sort", + "usr/bin/split", + "usr/bin/stdbuf", + "usr/bin/sum", + "usr/bin/tac", + "usr/bin/tail", + "usr/bin/tee", + "usr/bin/test", + "usr/bin/timeout", + "usr/bin/tr", + "usr/bin/truncate", + "usr/bin/tsort", + "usr/bin/tty", + "usr/bin/unexpand", + "usr/bin/uniq", + "usr/bin/unlink", + "usr/bin/users", + "usr/bin/vdir", + "usr/bin/wc", + "usr/bin/who", + "usr/bin/whoami", + "usr/bin/yes", + "usr/libexec/coreutils/libstdbuf.so", + "usr/sbin/chroot" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "coreutils-env@9.5-r1", + "Name": "coreutils-env", + "Identifier": { + "PURL": "pkg:apk/alpine/coreutils-env@9.5-r1?arch=x86_64\u0026distro=3.20.3", + "UID": "ada6b68ffa41274d" + }, + "Version": "9.5-r1", + "Arch": "x86_64", + "SrcName": "coreutils", + "SrcVersion": "9.5-r1", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:cdda6e18d01984c0cfd3a4f18be2772f7c92b6e5", + "InstalledFiles": [ + "usr/bin/env" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "coreutils-fmt@9.5-r1", + "Name": "coreutils-fmt", + "Identifier": { + "PURL": "pkg:apk/alpine/coreutils-fmt@9.5-r1?arch=x86_64\u0026distro=3.20.3", + "UID": "310e73e52c943d35" + }, + "Version": "9.5-r1", + "Arch": "x86_64", + "SrcName": "coreutils", + "SrcVersion": "9.5-r1", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:63bdcf190a57d58c3f9dd1d7c2932b9927086b76", + "InstalledFiles": [ + "usr/bin/fmt" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "coreutils-sha512sum@9.5-r1", + "Name": "coreutils-sha512sum", + "Identifier": { + "PURL": "pkg:apk/alpine/coreutils-sha512sum@9.5-r1?arch=x86_64\u0026distro=3.20.3", + "UID": "b7d05cd9913379f3" + }, + "Version": "9.5-r1", + "Arch": "x86_64", + "SrcName": "coreutils", + "SrcVersion": "9.5-r1", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcrypto3@3.3.2-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:11a4c5db93f9d6f84b54b7f3b1f6227db8d35420", + "InstalledFiles": [ + "usr/bin/sha512sum" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "curl@8.9.1-r2", + "Name": "curl", + "Identifier": { + "PURL": "pkg:apk/alpine/curl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "3590c6e28b7cc208" + }, + "Version": "8.9.1-r2", + "Arch": "x86_64", + "SrcName": "curl", + "SrcVersion": "8.9.1-r2", + "Licenses": [ + "curl" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcurl@8.9.1-r2", + "musl@1.2.5-r0", + "zlib@1.3.1-r1" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:2a4b115a7fd1c8180708f71ae319308ffb1eee0d", + "InstalledFiles": [ + "usr/bin/curl" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "findutils@4.9.0-r5", + "Name": "findutils", + "Identifier": { + "PURL": "pkg:apk/alpine/findutils@4.9.0-r5?arch=x86_64\u0026distro=3.20.3", + "UID": "895d07a512653278" + }, + "Version": "4.9.0-r5", + "Arch": "x86_64", + "SrcName": "findutils", + "SrcVersion": "4.9.0-r5", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Michael Mason \u003cms13sp@gmail.com\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:9f33bd1b173b7164905b88cb5f31b8cd208031bf", + "InstalledFiles": [ + "usr/bin/find", + "usr/bin/xargs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "grep@3.11-r0", + "Name": "grep", + "Identifier": { + "PURL": "pkg:apk/alpine/grep@3.11-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "27e3ce194d349dd2" + }, + "Version": "3.11-r0", + "Arch": "x86_64", + "SrcName": "grep", + "SrcVersion": "3.11-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0", + "pcre2@10.43-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:af0146702fdff30812908c4a6ea007da0e66e54f", + "InstalledFiles": [ + "bin/egrep", + "bin/fgrep", + "bin/grep" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "iproute2@6.9.0-r0", + "Name": "iproute2", + "Identifier": { + "PURL": "pkg:apk/alpine/iproute2@6.9.0-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "dbf5c47b541c8fb3" + }, + "Version": "6.9.0-r0", + "Arch": "x86_64", + "SrcName": "iproute2", + "SrcVersion": "6.9.0-r0", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.36.1-r29", + "iproute2-minimal@6.9.0-r0", + "iproute2-ss@6.9.0-r0", + "iproute2-tc@6.9.0-r0", + "libcap2@2.70-r0", + "libmnl@1.0.5-r2", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:c61e61589360afecd6134600fb8da0dd4afd3deb", + "InstalledFiles": [ + "sbin/bridge", + "sbin/ctstat", + "sbin/genl", + "sbin/ifstat", + "sbin/lnstat", + "sbin/nstat", + "sbin/routel", + "sbin/rtacct", + "sbin/rtmon", + "sbin/rtstat" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "iproute2-minimal@6.9.0-r0", + "Name": "iproute2-minimal", + "Identifier": { + "PURL": "pkg:apk/alpine/iproute2-minimal@6.9.0-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "19c3070ab9981b5d" + }, + "Version": "6.9.0-r0", + "Arch": "x86_64", + "SrcName": "iproute2", + "SrcVersion": "6.9.0-r0", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcap2@2.70-r0", + "libelf@0.191-r0", + "libmnl@1.0.5-r2", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:bbed2277bad93f8cb2f265814225c5a9a148b222", + "InstalledFiles": [ + "sbin/ip", + "usr/share/iproute2/bpf_pinning", + "usr/share/iproute2/ematch_map", + "usr/share/iproute2/group", + "usr/share/iproute2/nl_protos", + "usr/share/iproute2/rt_dsfield", + "usr/share/iproute2/rt_protos", + "usr/share/iproute2/rt_realms", + "usr/share/iproute2/rt_scopes", + "usr/share/iproute2/rt_tables" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "iproute2-ss@6.9.0-r0", + "Name": "iproute2-ss", + "Identifier": { + "PURL": "pkg:apk/alpine/iproute2-ss@6.9.0-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "ce3157d6b7f793c7" + }, + "Version": "6.9.0-r0", + "Arch": "x86_64", + "SrcName": "iproute2", + "SrcVersion": "6.9.0-r0", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcap2@2.70-r0", + "libmnl@1.0.5-r2", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:5c562a5e764b55c92ad3f363980b442fbf7db2e2", + "InstalledFiles": [ + "sbin/ss" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "iproute2-tc@6.9.0-r0", + "Name": "iproute2-tc", + "Identifier": { + "PURL": "pkg:apk/alpine/iproute2-tc@6.9.0-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "1dbfc76aa5be1ed3" + }, + "Version": "6.9.0-r0", + "Arch": "x86_64", + "SrcName": "iproute2", + "SrcVersion": "6.9.0-r0", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcap2@2.70-r0", + "libelf@0.191-r0", + "libmnl@1.0.5-r2", + "libxtables@1.8.10-r3", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:bd55f18d1e0e626ebc32a6db124ff015fcc0fcad", + "InstalledFiles": [ + "sbin/tc", + "usr/lib/tc/experimental.dist", + "usr/lib/tc/normal.dist", + "usr/lib/tc/pareto.dist", + "usr/lib/tc/paretonormal.dist" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "iptables@1.8.10-r3", + "Name": "iptables", + "Identifier": { + "PURL": "pkg:apk/alpine/iptables@1.8.10-r3?arch=x86_64\u0026distro=3.20.3", + "UID": "9f102aa6e7718fb6" + }, + "Version": "1.8.10-r3", + "Arch": "x86_64", + "SrcName": "iptables", + "SrcVersion": "1.8.10-r3", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.36.1-r29", + "libmnl@1.0.5-r2", + "libnftnl@1.2.6-r0", + "libxtables@1.8.10-r3", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:a4bc81e3f91510205018e0166d4ce93507f572c8", + "InstalledFiles": [ + "etc/ethertypes", + "sbin/arptables", + "sbin/arptables-nft", + "sbin/arptables-nft-restore", + "sbin/arptables-nft-save", + "sbin/arptables-restore", + "sbin/arptables-save", + "sbin/ebtables", + "sbin/ebtables-nft", + "sbin/ebtables-nft-restore", + "sbin/ebtables-nft-save", + "sbin/ebtables-restore", + "sbin/ebtables-save", + "sbin/ebtables-translate", + "sbin/ip6tables", + "sbin/ip6tables-apply", + "sbin/ip6tables-nft", + "sbin/ip6tables-nft-restore", + "sbin/ip6tables-nft-save", + "sbin/ip6tables-restore", + "sbin/ip6tables-restore-translate", + "sbin/ip6tables-save", + "sbin/ip6tables-translate", + "sbin/iptables", + "sbin/iptables-apply", + "sbin/iptables-nft", + "sbin/iptables-nft-restore", + "sbin/iptables-nft-save", + "sbin/iptables-restore", + "sbin/iptables-restore-translate", + "sbin/iptables-save", + "sbin/iptables-translate", + "sbin/xtables-monitor", + "sbin/xtables-nft-multi", + "usr/lib/xtables/libarpt_mangle.so", + "usr/lib/xtables/libebt_802_3.so", + "usr/lib/xtables/libebt_among.so", + "usr/lib/xtables/libebt_arp.so", + "usr/lib/xtables/libebt_arpreply.so", + "usr/lib/xtables/libebt_dnat.so", + "usr/lib/xtables/libebt_ip.so", + "usr/lib/xtables/libebt_ip6.so", + "usr/lib/xtables/libebt_log.so", + "usr/lib/xtables/libebt_mark.so", + "usr/lib/xtables/libebt_mark_m.so", + "usr/lib/xtables/libebt_nflog.so", + "usr/lib/xtables/libebt_pkttype.so", + "usr/lib/xtables/libebt_redirect.so", + "usr/lib/xtables/libebt_snat.so", + "usr/lib/xtables/libebt_stp.so", + "usr/lib/xtables/libebt_vlan.so", + "usr/lib/xtables/libip6t_DNPT.so", + "usr/lib/xtables/libip6t_HL.so", + "usr/lib/xtables/libip6t_NETMAP.so", + "usr/lib/xtables/libip6t_REJECT.so", + "usr/lib/xtables/libip6t_SNPT.so", + "usr/lib/xtables/libip6t_ah.so", + "usr/lib/xtables/libip6t_dst.so", + "usr/lib/xtables/libip6t_eui64.so", + "usr/lib/xtables/libip6t_frag.so", + "usr/lib/xtables/libip6t_hbh.so", + "usr/lib/xtables/libip6t_hl.so", + "usr/lib/xtables/libip6t_icmp6.so", + "usr/lib/xtables/libip6t_ipv6header.so", + "usr/lib/xtables/libip6t_mh.so", + "usr/lib/xtables/libip6t_rt.so", + "usr/lib/xtables/libip6t_srh.so", + "usr/lib/xtables/libipt_CLUSTERIP.so", + "usr/lib/xtables/libipt_ECN.so", + "usr/lib/xtables/libipt_NETMAP.so", + "usr/lib/xtables/libipt_REJECT.so", + "usr/lib/xtables/libipt_TTL.so", + "usr/lib/xtables/libipt_ULOG.so", + "usr/lib/xtables/libipt_ah.so", + "usr/lib/xtables/libipt_icmp.so", + "usr/lib/xtables/libipt_realm.so", + "usr/lib/xtables/libipt_ttl.so", + "usr/lib/xtables/libxt_AUDIT.so", + "usr/lib/xtables/libxt_CHECKSUM.so", + "usr/lib/xtables/libxt_CLASSIFY.so", + "usr/lib/xtables/libxt_CONNMARK.so", + "usr/lib/xtables/libxt_CONNSECMARK.so", + "usr/lib/xtables/libxt_CT.so", + "usr/lib/xtables/libxt_DNAT.so", + "usr/lib/xtables/libxt_DSCP.so", + "usr/lib/xtables/libxt_HMARK.so", + "usr/lib/xtables/libxt_IDLETIMER.so", + "usr/lib/xtables/libxt_LED.so", + "usr/lib/xtables/libxt_LOG.so", + "usr/lib/xtables/libxt_MARK.so", + "usr/lib/xtables/libxt_MASQUERADE.so", + "usr/lib/xtables/libxt_NAT.so", + "usr/lib/xtables/libxt_NFLOG.so", + "usr/lib/xtables/libxt_NFQUEUE.so", + "usr/lib/xtables/libxt_NOTRACK.so", + "usr/lib/xtables/libxt_RATEEST.so", + "usr/lib/xtables/libxt_REDIRECT.so", + "usr/lib/xtables/libxt_SECMARK.so", + "usr/lib/xtables/libxt_SET.so", + "usr/lib/xtables/libxt_SNAT.so", + "usr/lib/xtables/libxt_SYNPROXY.so", + "usr/lib/xtables/libxt_TCPMSS.so", + "usr/lib/xtables/libxt_TCPOPTSTRIP.so", + "usr/lib/xtables/libxt_TEE.so", + "usr/lib/xtables/libxt_TOS.so", + "usr/lib/xtables/libxt_TPROXY.so", + "usr/lib/xtables/libxt_TRACE.so", + "usr/lib/xtables/libxt_addrtype.so", + "usr/lib/xtables/libxt_bpf.so", + "usr/lib/xtables/libxt_cgroup.so", + "usr/lib/xtables/libxt_cluster.so", + "usr/lib/xtables/libxt_comment.so", + "usr/lib/xtables/libxt_connbytes.so", + "usr/lib/xtables/libxt_connlimit.so", + "usr/lib/xtables/libxt_connmark.so", + "usr/lib/xtables/libxt_conntrack.so", + "usr/lib/xtables/libxt_cpu.so", + "usr/lib/xtables/libxt_dccp.so", + "usr/lib/xtables/libxt_devgroup.so", + "usr/lib/xtables/libxt_dscp.so", + "usr/lib/xtables/libxt_ecn.so", + "usr/lib/xtables/libxt_esp.so", + "usr/lib/xtables/libxt_hashlimit.so", + "usr/lib/xtables/libxt_helper.so", + "usr/lib/xtables/libxt_ipcomp.so", + "usr/lib/xtables/libxt_iprange.so", + "usr/lib/xtables/libxt_ipvs.so", + "usr/lib/xtables/libxt_length.so", + "usr/lib/xtables/libxt_limit.so", + "usr/lib/xtables/libxt_mac.so", + "usr/lib/xtables/libxt_mark.so", + "usr/lib/xtables/libxt_multiport.so", + "usr/lib/xtables/libxt_nfacct.so", + "usr/lib/xtables/libxt_osf.so", + "usr/lib/xtables/libxt_owner.so", + "usr/lib/xtables/libxt_physdev.so", + "usr/lib/xtables/libxt_pkttype.so", + "usr/lib/xtables/libxt_policy.so", + "usr/lib/xtables/libxt_quota.so", + "usr/lib/xtables/libxt_rateest.so", + "usr/lib/xtables/libxt_recent.so", + "usr/lib/xtables/libxt_rpfilter.so", + "usr/lib/xtables/libxt_sctp.so", + "usr/lib/xtables/libxt_set.so", + "usr/lib/xtables/libxt_socket.so", + "usr/lib/xtables/libxt_standard.so", + "usr/lib/xtables/libxt_state.so", + "usr/lib/xtables/libxt_statistic.so", + "usr/lib/xtables/libxt_string.so", + "usr/lib/xtables/libxt_tcp.so", + "usr/lib/xtables/libxt_tcpmss.so", + "usr/lib/xtables/libxt_time.so", + "usr/lib/xtables/libxt_tos.so", + "usr/lib/xtables/libxt_u32.so", + "usr/lib/xtables/libxt_udp.so", + "usr/share/xtables/iptables.xslt" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "iptables-legacy@1.8.10-r3", + "Name": "iptables-legacy", + "Identifier": { + "PURL": "pkg:apk/alpine/iptables-legacy@1.8.10-r3?arch=x86_64\u0026distro=3.20.3", + "UID": "21184db795b7fbff" + }, + "Version": "1.8.10-r3", + "Arch": "x86_64", + "SrcName": "iptables", + "SrcVersion": "1.8.10-r3", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libip4tc@1.8.10-r3", + "libip6tc@1.8.10-r3", + "libxtables@1.8.10-r3", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:7455abb73317d7e992f8590cac0166922d7f96b4", + "InstalledFiles": [ + "sbin/ip6tables-legacy", + "sbin/ip6tables-legacy-restore", + "sbin/ip6tables-legacy-save", + "sbin/iptables-legacy", + "sbin/iptables-legacy-restore", + "sbin/iptables-legacy-save", + "sbin/xtables-legacy-multi", + "usr/bin/iptables-xml" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "iputils@20240117-r0", + "Name": "iputils", + "Identifier": { + "PURL": "pkg:apk/alpine/iputils@20240117-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "5c4776212e1969ec" + }, + "Version": "20240117-r0", + "Arch": "x86_64", + "SrcName": "iputils", + "SrcVersion": "20240117-r0", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "iputils-arping@20240117-r0", + "iputils-clockdiff@20240117-r0", + "iputils-ping@20240117-r0", + "iputils-tracepath@20240117-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:b39e39ae31e5cd4633267f337741c32834ea1293", + "AnalyzedBy": "apk" + }, + { + "ID": "iputils-arping@20240117-r0", + "Name": "iputils-arping", + "Identifier": { + "PURL": "pkg:apk/alpine/iputils-arping@20240117-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "b3ff37a971d0df9b" + }, + "Version": "20240117-r0", + "Arch": "x86_64", + "SrcName": "iputils", + "SrcVersion": "20240117-r0", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcap2@2.70-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:dc4a98cc56e312ee02c7ed28ae86d682f05f9ac9", + "InstalledFiles": [ + "usr/sbin/arping" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "iputils-clockdiff@20240117-r0", + "Name": "iputils-clockdiff", + "Identifier": { + "PURL": "pkg:apk/alpine/iputils-clockdiff@20240117-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "ce3e815897ad006a" + }, + "Version": "20240117-r0", + "Arch": "x86_64", + "SrcName": "iputils", + "SrcVersion": "20240117-r0", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcap2@2.70-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:d7e78c70bf179f70f129758c2e4c59e91228aca5", + "InstalledFiles": [ + "usr/sbin/clockdiff" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "iputils-ping@20240117-r0", + "Name": "iputils-ping", + "Identifier": { + "PURL": "pkg:apk/alpine/iputils-ping@20240117-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "88fd811ce687ea71" + }, + "Version": "20240117-r0", + "Arch": "x86_64", + "SrcName": "iputils", + "SrcVersion": "20240117-r0", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcap2@2.70-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:ea41b4dc2da620da895c18d8dbf791b70e2a6bd1", + "InstalledFiles": [ + "bin/ping", + "bin/ping6" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "iputils-tracepath@20240117-r0", + "Name": "iputils-tracepath", + "Identifier": { + "PURL": "pkg:apk/alpine/iputils-tracepath@20240117-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "b5f8bd1ce890fdd9" + }, + "Version": "20240117-r0", + "Arch": "x86_64", + "SrcName": "iputils", + "SrcVersion": "20240117-r0", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:04ab8a74626348da18b329a8aaf12d41bdfe34bb", + "InstalledFiles": [ + "usr/sbin/tracepath", + "usr/sbin/tracepath6" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "jq@1.7.1-r0", + "Name": "jq", + "Identifier": { + "PURL": "pkg:apk/alpine/jq@1.7.1-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "a85e7d55b2203540" + }, + "Version": "1.7.1-r0", + "Arch": "x86_64", + "SrcName": "jq", + "SrcVersion": "1.7.1-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Patrycja Rosa \u003calpine@ptrcnull.me\u003e", + "DependsOn": [ + "musl@1.2.5-r0", + "oniguruma@6.9.9-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:db874e07e38cd4863d8cf235966dbb713eb0bc4c", + "InstalledFiles": [ + "usr/bin/jq", + "usr/lib/libjq.so.1", + "usr/lib/libjq.so.1.0.4" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "kmod@32-r0", + "Name": "kmod", + "Identifier": { + "PURL": "pkg:apk/alpine/kmod@32-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "399102bb7b20c1a6" + }, + "Version": "32-r0", + "Arch": "x86_64", + "SrcName": "kmod", + "SrcVersion": "32-r0", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.36.1-r29", + "libcrypto3@3.3.2-r0", + "musl@1.2.5-r0", + "xz-libs@5.6.2-r0", + "zlib@1.3.1-r1", + "zstd-libs@1.5.6-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:2c573c8376a20498a8e870af2aaf02e462caf785", + "InstalledFiles": [ + "bin/depmod", + "bin/insmod", + "bin/kmod", + "bin/lsmod", + "bin/modinfo", + "bin/modprobe", + "bin/rmmod", + "sbin/depmod", + "sbin/insmod", + "sbin/lsmod", + "sbin/modinfo", + "sbin/modprobe", + "sbin/rmmod" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libacl@2.3.2-r0", + "Name": "libacl", + "Identifier": { + "PURL": "pkg:apk/alpine/libacl@2.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "3aef225ef60a107f" + }, + "Version": "2.3.2-r0", + "Arch": "x86_64", + "SrcName": "acl", + "SrcVersion": "2.3.2-r0", + "Licenses": [ + "LGPL-2.1-or-later", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:eac92152414664eed36c39ea29c97360b1194867", + "InstalledFiles": [ + "lib/libacl.so.1", + "lib/libacl.so.1.1.2302" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libattr@2.5.2-r0", + "Name": "libattr", + "Identifier": { + "PURL": "pkg:apk/alpine/libattr@2.5.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "687b918a456213c8" + }, + "Version": "2.5.2-r0", + "Arch": "x86_64", + "SrcName": "attr", + "SrcVersion": "2.5.2-r0", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:358e2a6078f8cf6625bc58d181380f42fdfc342b", + "InstalledFiles": [ + "lib/libattr.so.1", + "lib/libattr.so.1.1.2502" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libbsd@0.12.2-r0", + "Name": "libbsd", + "Identifier": { + "PURL": "pkg:apk/alpine/libbsd@0.12.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "172597f0b99393b" + }, + "Version": "0.12.2-r0", + "Arch": "x86_64", + "SrcName": "libbsd", + "SrcVersion": "0.12.2-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libmd@1.1.0-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:77cdd05ac1f7daa54b2331c822265cf6542c8f6f", + "InstalledFiles": [ + "usr/lib/libbsd.so.0", + "usr/lib/libbsd.so.0.12.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcap-getcap@2.70-r0", + "Name": "libcap-getcap", + "Identifier": { + "PURL": "pkg:apk/alpine/libcap-getcap@2.70-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "2e9f7399f8a4acb1" + }, + "Version": "2.70-r0", + "Arch": "x86_64", + "SrcName": "libcap", + "SrcVersion": "2.70-r0", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcap2@2.70-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:9f5949c3759156dd0c4ddd51b77c7eeb1827a522", + "InstalledFiles": [ + "usr/sbin/getcap" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcap-setcap@2.70-r0", + "Name": "libcap-setcap", + "Identifier": { + "PURL": "pkg:apk/alpine/libcap-setcap@2.70-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "7ead01c20c7fdb89" + }, + "Version": "2.70-r0", + "Arch": "x86_64", + "SrcName": "libcap", + "SrcVersion": "2.70-r0", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcap2@2.70-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:1b481865bb62ccad132e974eed1b2bcf91974a84", + "InstalledFiles": [ + "usr/sbin/setcap" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcap-utils@2.70-r0", + "Name": "libcap-utils", + "Identifier": { + "PURL": "pkg:apk/alpine/libcap-utils@2.70-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "2af2246a4520124f" + }, + "Version": "2.70-r0", + "Arch": "x86_64", + "SrcName": "libcap", + "SrcVersion": "2.70-r0", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcap-getcap@2.70-r0", + "libcap-setcap@2.70-r0", + "libcap2@2.70-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:9d0846422786d2955f9a2e6b8bd082753daefedd", + "InstalledFiles": [ + "usr/sbin/capsh", + "usr/sbin/getpcaps" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcap2@2.70-r0", + "Name": "libcap2", + "Identifier": { + "PURL": "pkg:apk/alpine/libcap2@2.70-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "fdb8fa1749c0da49" + }, + "Version": "2.70-r0", + "Arch": "x86_64", + "SrcName": "libcap", + "SrcVersion": "2.70-r0", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:36d62e0793057eade6594a1dfd7e0fe6fdbc26e1", + "InstalledFiles": [ + "usr/lib/libcap.so.2", + "usr/lib/libcap.so.2.70", + "usr/lib/libpsx.so.2", + "usr/lib/libpsx.so.2.70" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcrypto3@3.3.2-r0", + "Name": "libcrypto3", + "Identifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "1f07265a9a4c81e3" + }, + "Version": "3.3.2-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.3.2-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "Digest": "sha1:9bf0618d6c5fa68e03e5c2bb47d179320f7576ba", + "InstalledFiles": [ + "etc/ssl/ct_log_list.cnf", + "etc/ssl/ct_log_list.cnf.dist", + "etc/ssl/openssl.cnf", + "etc/ssl/openssl.cnf.dist", + "lib/libcrypto.so.3", + "usr/lib/libcrypto.so.3", + "usr/lib/engines-3/afalg.so", + "usr/lib/engines-3/capi.so", + "usr/lib/engines-3/loader_attic.so", + "usr/lib/engines-3/padlock.so", + "usr/lib/ossl-modules/legacy.so" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcurl@8.9.1-r2", + "Name": "libcurl", + "Identifier": { + "PURL": "pkg:apk/alpine/libcurl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "2ba374c8fc8f948f" + }, + "Version": "8.9.1-r2", + "Arch": "x86_64", + "SrcName": "curl", + "SrcVersion": "8.9.1-r2", + "Licenses": [ + "curl" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "brotli-libs@1.1.0-r2", + "c-ares@1.33.1-r0", + "ca-certificates@20240705-r0", + "libcrypto3@3.3.2-r0", + "libidn2@2.3.7-r0", + "libpsl@0.21.5-r1", + "libssl3@3.3.2-r0", + "musl@1.2.5-r0", + "nghttp2-libs@1.62.1-r0", + "zlib@1.3.1-r1", + "zstd-libs@1.5.6-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:a09d55380a33f12aa82f49e3fae0e53f7e433587", + "InstalledFiles": [ + "usr/lib/libcurl.so.4", + "usr/lib/libcurl.so.4.8.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libelf@0.191-r0", + "Name": "libelf", + "Identifier": { + "PURL": "pkg:apk/alpine/libelf@0.191-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "7d393dcfda903529" + }, + "Version": "0.191-r0", + "Arch": "x86_64", + "SrcName": "elfutils", + "SrcVersion": "0.191-r0", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-2.0-or-later", + "LGPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0", + "zlib@1.3.1-r1", + "zstd-libs@1.5.6-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:981d29d25f7ebd2043c571afebfb59675245c9bf", + "InstalledFiles": [ + "usr/lib/libelf-0.191.so", + "usr/lib/libelf.so.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libevent@2.1.12-r7", + "Name": "libevent", + "Identifier": { + "PURL": "pkg:apk/alpine/libevent@2.1.12-r7?arch=x86_64\u0026distro=3.20.3", + "UID": "8ec3d0ad20194f50" + }, + "Version": "2.1.12-r7", + "Arch": "x86_64", + "SrcName": "libevent", + "SrcVersion": "2.1.12-r7", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcrypto3@3.3.2-r0", + "libssl3@3.3.2-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:7c30b99dcb6359ecb8167c46c3a2a28a9e33aca5", + "InstalledFiles": [ + "usr/lib/libevent-2.1.so.7", + "usr/lib/libevent-2.1.so.7.0.1", + "usr/lib/libevent_core-2.1.so.7", + "usr/lib/libevent_core-2.1.so.7.0.1", + "usr/lib/libevent_extra-2.1.so.7", + "usr/lib/libevent_extra-2.1.so.7.0.1", + "usr/lib/libevent_openssl-2.1.so.7", + "usr/lib/libevent_openssl-2.1.so.7.0.1", + "usr/lib/libevent_pthreads-2.1.so.7", + "usr/lib/libevent_pthreads-2.1.so.7.0.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libidn2@2.3.7-r0", + "Name": "libidn2", + "Identifier": { + "PURL": "pkg:apk/alpine/libidn2@2.3.7-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "a36f92905da9a0" + }, + "Version": "2.3.7-r0", + "Arch": "x86_64", + "SrcName": "libidn2", + "SrcVersion": "2.3.7-r0", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libunistring@1.2-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:02629e610eec8b3f8fc422bec27b3b2359d5c962", + "InstalledFiles": [ + "usr/lib/libidn2.so.0", + "usr/lib/libidn2.so.0.4.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libintl@0.22.5-r0", + "Name": "libintl", + "Identifier": { + "PURL": "pkg:apk/alpine/libintl@0.22.5-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "b2aa65e57d55fe51" + }, + "Version": "0.22.5-r0", + "Arch": "x86_64", + "SrcName": "gettext", + "SrcVersion": "0.22.5-r0", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:e4653097ace0aed3ee1d0189be1155684458880d", + "InstalledFiles": [ + "usr/lib/libintl.so.8", + "usr/lib/libintl.so.8.4.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libip4tc@1.8.10-r3", + "Name": "libip4tc", + "Identifier": { + "PURL": "pkg:apk/alpine/libip4tc@1.8.10-r3?arch=x86_64\u0026distro=3.20.3", + "UID": "4b93dfc0c4c88429" + }, + "Version": "1.8.10-r3", + "Arch": "x86_64", + "SrcName": "iptables", + "SrcVersion": "1.8.10-r3", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:d27e94f20872901b4c22fd0c0966c7ca3fd67716", + "InstalledFiles": [ + "usr/lib/libip4tc.so.2", + "usr/lib/libip4tc.so.2.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libip6tc@1.8.10-r3", + "Name": "libip6tc", + "Identifier": { + "PURL": "pkg:apk/alpine/libip6tc@1.8.10-r3?arch=x86_64\u0026distro=3.20.3", + "UID": "f38fbd2df9cd613" + }, + "Version": "1.8.10-r3", + "Arch": "x86_64", + "SrcName": "iptables", + "SrcVersion": "1.8.10-r3", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:07b3cf845fdad8da6cb26c1318a1e73c1486a3e2", + "InstalledFiles": [ + "usr/lib/libip6tc.so.2", + "usr/lib/libip6tc.so.2.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libmd@1.1.0-r0", + "Name": "libmd", + "Identifier": { + "PURL": "pkg:apk/alpine/libmd@1.1.0-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "965d6d33e5a44093" + }, + "Version": "1.1.0-r0", + "Arch": "x86_64", + "SrcName": "libmd", + "SrcVersion": "1.1.0-r0", + "Licenses": [ + "BSD-3-Clause", + "BSD-2-Clause", + "ISC", + "Beerware", + "Public", + "Domain" + ], + "Maintainer": "omni \u003comni+alpine@hack.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:9f88c37987a5d25c3e536e0aaab3ecea413e4d94", + "InstalledFiles": [ + "usr/lib/libmd.so.0", + "usr/lib/libmd.so.0.1.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libmnl@1.0.5-r2", + "Name": "libmnl", + "Identifier": { + "PURL": "pkg:apk/alpine/libmnl@1.0.5-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "f254bead19a6f1a1" + }, + "Version": "1.0.5-r2", + "Arch": "x86_64", + "SrcName": "libmnl", + "SrcVersion": "1.0.5-r2", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:c8f07f901cbe6e64dd1c0346056483aa5bf6494b", + "InstalledFiles": [ + "usr/lib/libmnl.so.0", + "usr/lib/libmnl.so.0.2.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libncursesw@6.4_p20240420-r1", + "Name": "libncursesw", + "Identifier": { + "PURL": "pkg:apk/alpine/libncursesw@6.4_p20240420-r1?arch=x86_64\u0026distro=3.20.3", + "UID": "380e2483755d26ce" + }, + "Version": "6.4_p20240420-r1", + "Arch": "x86_64", + "SrcName": "ncurses", + "SrcVersion": "6.4_p20240420-r1", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0", + "ncurses-terminfo-base@6.4_p20240420-r1" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:ea11d954db1aef9ade8abe50bf3870c994a39c70", + "InstalledFiles": [ + "usr/lib/libncursesw.so.6", + "usr/lib/libncursesw.so.6.4" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libnftnl@1.2.6-r0", + "Name": "libnftnl", + "Identifier": { + "PURL": "pkg:apk/alpine/libnftnl@1.2.6-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "cdc849f7051784d0" + }, + "Version": "1.2.6-r0", + "Arch": "x86_64", + "SrcName": "libnftnl", + "SrcVersion": "1.2.6-r0", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", + "DependsOn": [ + "libmnl@1.0.5-r2", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:fb069ebafae8c7cc06a6dbed27724714d5cfa57b", + "InstalledFiles": [ + "usr/lib/libnftnl.so.11", + "usr/lib/libnftnl.so.11.6.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libpng@1.6.44-r0", + "Name": "libpng", + "Identifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e29ba48026f32d89" + }, + "Version": "1.6.44-r0", + "Arch": "x86_64", + "SrcName": "libpng", + "SrcVersion": "1.6.44-r0", + "Licenses": [ + "Libpng" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0", + "zlib@1.3.1-r1" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:3fc66dc77509d5afcd2aac36cb2f92108fdfcc23", + "InstalledFiles": [ + "usr/lib/libpng16.so.16", + "usr/lib/libpng16.so.16.44.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libproc2@4.0.4-r0", + "Name": "libproc2", + "Identifier": { + "PURL": "pkg:apk/alpine/libproc2@4.0.4-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "70ae2163926d9037" + }, + "Version": "4.0.4-r0", + "Arch": "x86_64", + "SrcName": "procps-ng", + "SrcVersion": "4.0.4-r0", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:9cca2d1b39191864fe89116bf9c3b3aab5d0ccb9", + "InstalledFiles": [ + "lib/libproc2.so.0", + "lib/libproc2.so.0.0.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libpsl@0.21.5-r1", + "Name": "libpsl", + "Identifier": { + "PURL": "pkg:apk/alpine/libpsl@0.21.5-r1?arch=x86_64\u0026distro=3.20.3", + "UID": "8760b1e6c7f9e61c" + }, + "Version": "0.21.5-r1", + "Arch": "x86_64", + "SrcName": "libpsl", + "SrcVersion": "0.21.5-r1", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libidn2@2.3.7-r0", + "libunistring@1.2-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:1f1e660c761dadb2614c0f573ea6ef2be8649206", + "InstalledFiles": [ + "usr/lib/libpsl.so.5", + "usr/lib/libpsl.so.5.3.5" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libqrencode@4.1.1-r2", + "Name": "libqrencode", + "Identifier": { + "PURL": "pkg:apk/alpine/libqrencode@4.1.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "6a6294b6dbd10ecf" + }, + "Version": "4.1.1-r2", + "Arch": "x86_64", + "SrcName": "libqrencode", + "SrcVersion": "4.1.1-r2", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:8ab385c2b299cdcf51e0a72c848edc9428b4c0a0", + "InstalledFiles": [ + "usr/lib/libqrencode.so.4", + "usr/lib/libqrencode.so.4.1.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libqrencode-tools@4.1.1-r2", + "Name": "libqrencode-tools", + "Identifier": { + "PURL": "pkg:apk/alpine/libqrencode-tools@4.1.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "2b353137288f0b74" + }, + "Version": "4.1.1-r2", + "Arch": "x86_64", + "SrcName": "libqrencode", + "SrcVersion": "4.1.1-r2", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libpng@1.6.44-r0", + "libqrencode@4.1.1-r2", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:de64bbf0ee1af6f8ef7626d5ec235726f3a37411", + "InstalledFiles": [ + "usr/bin/qrencode" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libssl3@3.3.2-r0", + "Name": "libssl3", + "Identifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "c6ddd7b4b8d1fc36" + }, + "Version": "3.3.2-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.3.2-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcrypto3@3.3.2-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "Digest": "sha1:f81052a84c5e1028fe4db48e94c94ab1a826a898", + "InstalledFiles": [ + "lib/libssl.so.3", + "usr/lib/libssl.so.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libunistring@1.2-r0", + "Name": "libunistring", + "Identifier": { + "PURL": "pkg:apk/alpine/libunistring@1.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "ae41cff06c3deb9e" + }, + "Version": "1.2-r0", + "Arch": "x86_64", + "SrcName": "libunistring", + "SrcVersion": "1.2-r0", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:1ff86ed40752102a6c84ece085ae89ac88c74c5a", + "InstalledFiles": [ + "usr/lib/libunistring.so.5", + "usr/lib/libunistring.so.5.1.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libxtables@1.8.10-r3", + "Name": "libxtables", + "Identifier": { + "PURL": "pkg:apk/alpine/libxtables@1.8.10-r3?arch=x86_64\u0026distro=3.20.3", + "UID": "ac7531315c20e326" + }, + "Version": "1.8.10-r3", + "Arch": "x86_64", + "SrcName": "iptables", + "SrcVersion": "1.8.10-r3", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:3f331bf2d5660c02a82152f272b8d11c3744221d", + "InstalledFiles": [ + "usr/lib/libxtables.so.12", + "usr/lib/libxtables.so.12.7.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "linux-pam@1.6.0-r0", + "Name": "linux-pam", + "Identifier": { + "PURL": "pkg:apk/alpine/linux-pam@1.6.0-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e75124828b58d10e" + }, + "Version": "1.6.0-r0", + "Arch": "x86_64", + "SrcName": "linux-pam", + "SrcVersion": "1.6.0-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0", + "utmps-libs@0.1.2.2-r1" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:3e55a9b590f857dd12a1fca8b31d9db184fc74f0", + "InstalledFiles": [ + "etc/environment", + "etc/pam.d/base-account", + "etc/pam.d/base-auth", + "etc/pam.d/base-password", + "etc/pam.d/base-session", + "etc/pam.d/base-session-noninteractive", + "etc/pam.d/login", + "etc/pam.d/other", + "etc/pam.d/su", + "etc/security/access.conf", + "etc/security/faillock.conf", + "etc/security/group.conf", + "etc/security/limits.conf", + "etc/security/namespace.conf", + "etc/security/namespace.init", + "etc/security/pam_env.conf", + "etc/security/pwhistory.conf", + "etc/security/time.conf", + "lib/libpam.so.0", + "lib/libpam.so.0.85.1", + "lib/libpam_misc.so.0", + "lib/libpam_misc.so.0.82.1", + "lib/libpamc.so.0", + "lib/libpamc.so.0.82.1", + "lib/security/pam_access.so", + "lib/security/pam_canonicalize_user.so", + "lib/security/pam_debug.so", + "lib/security/pam_deny.so", + "lib/security/pam_echo.so", + "lib/security/pam_env.so", + "lib/security/pam_exec.so", + "lib/security/pam_faildelay.so", + "lib/security/pam_faillock.so", + "lib/security/pam_filter.so", + "lib/security/pam_ftp.so", + "lib/security/pam_group.so", + "lib/security/pam_issue.so", + "lib/security/pam_keyinit.so", + "lib/security/pam_limits.so", + "lib/security/pam_listfile.so", + "lib/security/pam_localuser.so", + "lib/security/pam_loginuid.so", + "lib/security/pam_mail.so", + "lib/security/pam_mkhomedir.so", + "lib/security/pam_motd.so", + "lib/security/pam_namespace.so", + "lib/security/pam_nologin.so", + "lib/security/pam_permit.so", + "lib/security/pam_pwhistory.so", + "lib/security/pam_rootok.so", + "lib/security/pam_securetty.so", + "lib/security/pam_setquota.so", + "lib/security/pam_shells.so", + "lib/security/pam_stress.so", + "lib/security/pam_succeed_if.so", + "lib/security/pam_time.so", + "lib/security/pam_timestamp.so", + "lib/security/pam_umask.so", + "lib/security/pam_unix.so", + "lib/security/pam_usertype.so", + "lib/security/pam_warn.so", + "lib/security/pam_wheel.so", + "lib/security/pam_xauth.so", + "lib/security/pam_filter/upperLOWER", + "sbin/faillock", + "sbin/mkhomedir_helper", + "sbin/pam_namespace_helper", + "sbin/pam_timestamp_check", + "sbin/pwhistory_helper", + "sbin/unix_chkpwd", + "sbin/unix_update" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "mii-tool@2.10-r3", + "Name": "mii-tool", + "Identifier": { + "PURL": "pkg:apk/alpine/mii-tool@2.10-r3?arch=x86_64\u0026distro=3.20.3", + "UID": "f018b55be68ae905" + }, + "Version": "2.10-r3", + "Arch": "x86_64", + "SrcName": "net-tools", + "SrcVersion": "2.10-r3", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:49238c70fc68ee52895c53b4943cd323efd4e29d", + "InstalledFiles": [ + "sbin/mii-tool" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl@1.2.5-r0", + "Name": "musl", + "Identifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "d76e86ca8c96b6ac" + }, + "Version": "1.2.5-r0", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.5-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "Digest": "sha1:3d2da235e1c31f7045e9382a48cbbfa5c7375c86", + "InstalledFiles": [ + "lib/ld-musl-x86_64.so.1", + "lib/libc.musl-x86_64.so.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl-utils@1.2.5-r0", + "Name": "musl-utils", + "Identifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "a313fc68c87a2f4d" + }, + "Version": "1.2.5-r0", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.5-r0", + "Licenses": [ + "MIT", + "BSD-2-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0", + "scanelf@1.3.7-r2" + ], + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "Digest": "sha1:e11671e426dc2d8189155906d007c39be1eb1367", + "InstalledFiles": [ + "sbin/ldconfig", + "usr/bin/getconf", + "usr/bin/getent", + "usr/bin/iconv", + "usr/bin/ldd" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ncurses-terminfo-base@6.4_p20240420-r1", + "Name": "ncurses-terminfo-base", + "Identifier": { + "PURL": "pkg:apk/alpine/ncurses-terminfo-base@6.4_p20240420-r1?arch=x86_64\u0026distro=3.20.3", + "UID": "fb917cecc9ff879e" + }, + "Version": "6.4_p20240420-r1", + "Arch": "x86_64", + "SrcName": "ncurses", + "SrcVersion": "6.4_p20240420-r1", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:b94ecaed3ab420de295b36edb80b60ce311c4239", + "InstalledFiles": [ + "etc/terminfo/a/alacritty", + "etc/terminfo/a/ansi", + "etc/terminfo/d/dumb", + "etc/terminfo/g/gnome", + "etc/terminfo/g/gnome-256color", + "etc/terminfo/k/konsole", + "etc/terminfo/k/konsole-256color", + "etc/terminfo/k/konsole-linux", + "etc/terminfo/l/linux", + "etc/terminfo/p/putty", + "etc/terminfo/p/putty-256color", + "etc/terminfo/r/rxvt", + "etc/terminfo/r/rxvt-256color", + "etc/terminfo/s/screen", + "etc/terminfo/s/screen-256color", + "etc/terminfo/s/st-0.6", + "etc/terminfo/s/st-0.7", + "etc/terminfo/s/st-0.8", + "etc/terminfo/s/st-16color", + "etc/terminfo/s/st-256color", + "etc/terminfo/s/st-direct", + "etc/terminfo/s/sun", + "etc/terminfo/t/terminator", + "etc/terminfo/t/terminology", + "etc/terminfo/t/terminology-0.6.1", + "etc/terminfo/t/terminology-1.0.0", + "etc/terminfo/t/terminology-1.8.1", + "etc/terminfo/t/tmux", + "etc/terminfo/t/tmux-256color", + "etc/terminfo/v/vt100", + "etc/terminfo/v/vt102", + "etc/terminfo/v/vt200", + "etc/terminfo/v/vt220", + "etc/terminfo/v/vt52", + "etc/terminfo/v/vte", + "etc/terminfo/v/vte-256color", + "etc/terminfo/x/xterm", + "etc/terminfo/x/xterm-256color", + "etc/terminfo/x/xterm-color", + "etc/terminfo/x/xterm-xfree86" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "net-tools@2.10-r3", + "Name": "net-tools", + "Identifier": { + "PURL": "pkg:apk/alpine/net-tools@2.10-r3?arch=x86_64\u0026distro=3.20.3", + "UID": "6902e73bb63d23c2" + }, + "Version": "2.10-r3", + "Arch": "x86_64", + "SrcName": "net-tools", + "SrcVersion": "2.10-r3", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "mii-tool@2.10-r3", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:7477f3fc0aab7592d8fab926630b0b14171f7702", + "InstalledFiles": [ + "bin/dnsdomainname", + "bin/domainname", + "bin/hostname", + "bin/netstat", + "bin/nisdomainname", + "bin/route", + "bin/ypdomainname", + "sbin/arp", + "sbin/ifconfig", + "sbin/ipmaddr", + "sbin/iptunnel", + "sbin/nameif", + "sbin/plipconfig", + "sbin/rarp", + "sbin/slattach" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "netcat-openbsd@1.226-r0", + "Name": "netcat-openbsd", + "Identifier": { + "PURL": "pkg:apk/alpine/netcat-openbsd@1.226-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "9a32d2978a7cdc46" + }, + "Version": "1.226-r0", + "Arch": "x86_64", + "SrcName": "netcat-openbsd", + "SrcVersion": "1.226-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Leonardo Arena \u003crnalrd@alpinelinux.org\u003e", + "DependsOn": [ + "libbsd@0.12.2-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:05e1a042c544d3117b1dc96391e1b6d543e269fe", + "InstalledFiles": [ + "usr/bin/nc" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "nghttp2-libs@1.62.1-r0", + "Name": "nghttp2-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/nghttp2-libs@1.62.1-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "42b2705c1dbc8035" + }, + "Version": "1.62.1-r0", + "Arch": "x86_64", + "SrcName": "nghttp2", + "SrcVersion": "1.62.1-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:2c38b5b57527b4b61a9e954543ade9367c9663f9", + "InstalledFiles": [ + "usr/lib/libnghttp2.so.14", + "usr/lib/libnghttp2.so.14.28.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "oniguruma@6.9.9-r0", + "Name": "oniguruma", + "Identifier": { + "PURL": "pkg:apk/alpine/oniguruma@6.9.9-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "ab491550022f752b" + }, + "Version": "6.9.9-r0", + "Arch": "x86_64", + "SrcName": "oniguruma", + "SrcVersion": "6.9.9-r0", + "Licenses": [ + "BSD-2-Clause" + ], + "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:2c29b1278471ca8cc10785dfd7a1a4c84444fe05", + "InstalledFiles": [ + "usr/lib/libonig.so.5", + "usr/lib/libonig.so.5.4.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "openresolv@3.13.2-r0", + "Name": "openresolv", + "Identifier": { + "PURL": "pkg:apk/alpine/openresolv@3.13.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "50f378b73a425ca" + }, + "Version": "3.13.2-r0", + "Arch": "x86_64", + "SrcName": "openresolv", + "SrcVersion": "3.13.2-r0", + "Licenses": [ + "BSD-2-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:cbe9ba4c51769f47315127ce2a17c3317583d3ce", + "InstalledFiles": [ + "etc/resolvconf.conf", + "lib/resolvconf/dnsmasq", + "lib/resolvconf/libc", + "lib/resolvconf/named", + "lib/resolvconf/pdns_recursor", + "lib/resolvconf/pdnsd", + "lib/resolvconf/unbound", + "lib/resolvconf/libc.d/avahi-daemon", + "lib/resolvconf/libc.d/mdnsd", + "sbin/resolvconf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "pcre2@10.43-r0", + "Name": "pcre2", + "Identifier": { + "PURL": "pkg:apk/alpine/pcre2@10.43-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "fe49afecbfd3c35b" + }, + "Version": "10.43-r0", + "Arch": "x86_64", + "SrcName": "pcre2", + "SrcVersion": "10.43-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:447266b2ae4cb2b6ac25f42b07486a496dc71d25", + "InstalledFiles": [ + "usr/lib/libpcre2-8.so.0", + "usr/lib/libpcre2-8.so.0.12.0", + "usr/lib/libpcre2-posix.so.3", + "usr/lib/libpcre2-posix.so.3.0.5" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "procps-ng@4.0.4-r0", + "Name": "procps-ng", + "Identifier": { + "PURL": "pkg:apk/alpine/procps-ng@4.0.4-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "5b6d07cf92054959" + }, + "Version": "4.0.4-r0", + "Arch": "x86_64", + "SrcName": "procps-ng", + "SrcVersion": "4.0.4-r0", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libintl@0.22.5-r0", + "libncursesw@6.4_p20240420-r1", + "libproc2@4.0.4-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:1ba8b62fcd9d1b49b8362bc58c2d24695d194076", + "InstalledFiles": [ + "bin/pidof", + "bin/pidwait", + "bin/ps", + "bin/slabtop", + "bin/tload", + "bin/vmstat", + "bin/w", + "bin/watch", + "sbin/sysctl", + "usr/bin/free", + "usr/bin/pgrep", + "usr/bin/pkill", + "usr/bin/pmap", + "usr/bin/pwdx", + "usr/bin/top", + "usr/bin/uptime" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "protobuf-c@1.5.0-r0", + "Name": "protobuf-c", + "Identifier": { + "PURL": "pkg:apk/alpine/protobuf-c@1.5.0-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "9c236bd89ac9e4cd" + }, + "Version": "1.5.0-r0", + "Arch": "x86_64", + "SrcName": "protobuf-c", + "SrcVersion": "1.5.0-r0", + "Licenses": [ + "BSD-2-Clause" + ], + "Maintainer": "Leonardo Arena \u003crnalrd@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:70e92079dc99f9cb2ed013b321f72a35e1b4b893", + "InstalledFiles": [ + "usr/lib/libprotobuf-c.so.1", + "usr/lib/libprotobuf-c.so.1.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "readline@8.2.10-r0", + "Name": "readline", + "Identifier": { + "PURL": "pkg:apk/alpine/readline@8.2.10-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "8545917dc127fb65" + }, + "Version": "8.2.10-r0", + "Arch": "x86_64", + "SrcName": "readline", + "SrcVersion": "8.2.10-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libncursesw@6.4_p20240420-r1", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:4a9a680cad09eaf9918906e628376c4ad8269731", + "InstalledFiles": [ + "etc/inputrc", + "usr/lib/libreadline.so.8", + "usr/lib/libreadline.so.8.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "scanelf@1.3.7-r2", + "Name": "scanelf", + "Identifier": { + "PURL": "pkg:apk/alpine/scanelf@1.3.7-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "d28800ba35f564bd" + }, + "Version": "1.3.7-r2", + "Arch": "x86_64", + "SrcName": "pax-utils", + "SrcVersion": "1.3.7-r2", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "Digest": "sha1:c84b0b49111485cb08744822f9b34a9fa9524fcc", + "InstalledFiles": [ + "usr/bin/scanelf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "shadow@4.15.1-r0", + "Name": "shadow", + "Identifier": { + "PURL": "pkg:apk/alpine/shadow@4.15.1-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "607e65e775be821f" + }, + "Version": "4.15.1-r0", + "Arch": "x86_64", + "SrcName": "shadow", + "SrcVersion": "4.15.1-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Stuart Cardall \u003cdeveloper@it-offshore.co.uk\u003e", + "DependsOn": [ + "busybox-binsh@1.36.1-r29", + "libbsd@0.12.2-r0", + "linux-pam@1.6.0-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:bc531fce90f73500eee767bf67a26ec6c0cadded", + "InstalledFiles": [ + "bin/groups", + "etc/login.defs", + "etc/pam.d/chfn", + "etc/pam.d/chpasswd", + "etc/pam.d/chsh", + "etc/pam.d/groupmems", + "etc/pam.d/newusers", + "etc/pam.d/shadow-utils", + "usr/bin/chage", + "usr/bin/chfn", + "usr/bin/chsh", + "usr/bin/expiry", + "usr/bin/gpasswd", + "usr/bin/passwd", + "usr/sbin/chgpasswd", + "usr/sbin/chpasswd", + "usr/sbin/groupadd", + "usr/sbin/groupdel", + "usr/sbin/groupmems", + "usr/sbin/groupmod", + "usr/sbin/grpck", + "usr/sbin/logoutd", + "usr/sbin/newusers", + "usr/sbin/pwck", + "usr/sbin/useradd", + "usr/sbin/userdel", + "usr/sbin/usermod", + "usr/sbin/vigr", + "usr/sbin/vipw" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "skalibs@2.14.1.1-r0", + "Name": "skalibs", + "Identifier": { + "PURL": "pkg:apk/alpine/skalibs@2.14.1.1-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "6116e2b7ad3fa0a" + }, + "Version": "2.14.1.1-r0", + "Arch": "x86_64", + "SrcName": "skalibs", + "SrcVersion": "2.14.1.1-r0", + "Licenses": [ + "ISC" + ], + "Maintainer": "Laurent Bercot \u003cska-devel@skarnet.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:e9f4cc78e767f77e9b76d4ca1be2c95891d660da", + "InstalledFiles": [ + "lib/libskarnet.so.2.14", + "lib/libskarnet.so.2.14.1.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ssl_client@1.36.1-r29", + "Name": "ssl_client", + "Identifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.36.1-r29?arch=x86_64\u0026distro=3.20.3", + "UID": "98ff5cbbbcd05de1" + }, + "Version": "1.36.1-r29", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.36.1-r29", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "libcrypto3@3.3.2-r0", + "libssl3@3.3.2-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "Digest": "sha1:7e2867092a0edee7436f70e4430b6b7dde363094", + "InstalledFiles": [ + "usr/bin/ssl_client" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "tzdata@2024b-r0", + "Name": "tzdata", + "Identifier": { + "PURL": "pkg:apk/alpine/tzdata@2024b-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "f2d144c7f989a952" + }, + "Version": "2024b-r0", + "Arch": "x86_64", + "SrcName": "tzdata", + "SrcVersion": "2024b-r0", + "Licenses": [ + "Public-Domain" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:78fa61c4d1307cb88216bd8a6a45236f1d2ed6eb", + "InstalledFiles": [ + "usr/share/zoneinfo/CET", + "usr/share/zoneinfo/CST6CDT", + "usr/share/zoneinfo/Cuba", + "usr/share/zoneinfo/EET", + "usr/share/zoneinfo/EST", + "usr/share/zoneinfo/EST5EDT", + "usr/share/zoneinfo/Egypt", + "usr/share/zoneinfo/Eire", + "usr/share/zoneinfo/Factory", + "usr/share/zoneinfo/GB", + "usr/share/zoneinfo/GB-Eire", + "usr/share/zoneinfo/GMT", + "usr/share/zoneinfo/GMT+0", + "usr/share/zoneinfo/GMT-0", + "usr/share/zoneinfo/GMT0", + "usr/share/zoneinfo/Greenwich", + "usr/share/zoneinfo/HST", + "usr/share/zoneinfo/Hongkong", + "usr/share/zoneinfo/Iceland", + "usr/share/zoneinfo/Iran", + "usr/share/zoneinfo/Israel", + "usr/share/zoneinfo/Jamaica", + "usr/share/zoneinfo/Japan", + "usr/share/zoneinfo/Kwajalein", + "usr/share/zoneinfo/Libya", + "usr/share/zoneinfo/MET", + "usr/share/zoneinfo/MST", + "usr/share/zoneinfo/MST7MDT", + "usr/share/zoneinfo/NZ", + "usr/share/zoneinfo/NZ-CHAT", + "usr/share/zoneinfo/Navajo", + "usr/share/zoneinfo/PRC", + "usr/share/zoneinfo/PST8PDT", + "usr/share/zoneinfo/Poland", + "usr/share/zoneinfo/Portugal", + "usr/share/zoneinfo/ROC", + "usr/share/zoneinfo/ROK", + "usr/share/zoneinfo/Singapore", + "usr/share/zoneinfo/Turkey", + "usr/share/zoneinfo/UCT", + "usr/share/zoneinfo/UTC", + "usr/share/zoneinfo/Universal", + "usr/share/zoneinfo/W-SU", + "usr/share/zoneinfo/WET", + "usr/share/zoneinfo/Zulu", + "usr/share/zoneinfo/iso3166.tab", + "usr/share/zoneinfo/leap-seconds.list", + "usr/share/zoneinfo/posixrules", + "usr/share/zoneinfo/zone.tab", + "usr/share/zoneinfo/zone1970.tab", + "usr/share/zoneinfo/Africa/Abidjan", + "usr/share/zoneinfo/Africa/Accra", + "usr/share/zoneinfo/Africa/Addis_Ababa", + "usr/share/zoneinfo/Africa/Algiers", + "usr/share/zoneinfo/Africa/Asmara", + "usr/share/zoneinfo/Africa/Asmera", + "usr/share/zoneinfo/Africa/Bamako", + "usr/share/zoneinfo/Africa/Bangui", + "usr/share/zoneinfo/Africa/Banjul", + "usr/share/zoneinfo/Africa/Bissau", + "usr/share/zoneinfo/Africa/Blantyre", + "usr/share/zoneinfo/Africa/Brazzaville", + "usr/share/zoneinfo/Africa/Bujumbura", + "usr/share/zoneinfo/Africa/Cairo", + "usr/share/zoneinfo/Africa/Casablanca", + "usr/share/zoneinfo/Africa/Ceuta", + "usr/share/zoneinfo/Africa/Conakry", + "usr/share/zoneinfo/Africa/Dakar", + "usr/share/zoneinfo/Africa/Dar_es_Salaam", + "usr/share/zoneinfo/Africa/Djibouti", + "usr/share/zoneinfo/Africa/Douala", + "usr/share/zoneinfo/Africa/El_Aaiun", + "usr/share/zoneinfo/Africa/Freetown", + "usr/share/zoneinfo/Africa/Gaborone", + "usr/share/zoneinfo/Africa/Harare", + "usr/share/zoneinfo/Africa/Johannesburg", + "usr/share/zoneinfo/Africa/Juba", + "usr/share/zoneinfo/Africa/Kampala", + "usr/share/zoneinfo/Africa/Khartoum", + "usr/share/zoneinfo/Africa/Kigali", + "usr/share/zoneinfo/Africa/Kinshasa", + "usr/share/zoneinfo/Africa/Lagos", + "usr/share/zoneinfo/Africa/Libreville", + "usr/share/zoneinfo/Africa/Lome", + "usr/share/zoneinfo/Africa/Luanda", + "usr/share/zoneinfo/Africa/Lubumbashi", + "usr/share/zoneinfo/Africa/Lusaka", + "usr/share/zoneinfo/Africa/Malabo", + "usr/share/zoneinfo/Africa/Maputo", + "usr/share/zoneinfo/Africa/Maseru", + "usr/share/zoneinfo/Africa/Mbabane", + "usr/share/zoneinfo/Africa/Mogadishu", + "usr/share/zoneinfo/Africa/Monrovia", + "usr/share/zoneinfo/Africa/Nairobi", + "usr/share/zoneinfo/Africa/Ndjamena", + "usr/share/zoneinfo/Africa/Niamey", + "usr/share/zoneinfo/Africa/Nouakchott", + "usr/share/zoneinfo/Africa/Ouagadougou", + "usr/share/zoneinfo/Africa/Porto-Novo", + "usr/share/zoneinfo/Africa/Sao_Tome", + "usr/share/zoneinfo/Africa/Timbuktu", + "usr/share/zoneinfo/Africa/Tripoli", + "usr/share/zoneinfo/Africa/Tunis", + "usr/share/zoneinfo/Africa/Windhoek", + "usr/share/zoneinfo/America/Adak", + "usr/share/zoneinfo/America/Anchorage", + "usr/share/zoneinfo/America/Anguilla", + "usr/share/zoneinfo/America/Antigua", + "usr/share/zoneinfo/America/Araguaina", + "usr/share/zoneinfo/America/Aruba", + "usr/share/zoneinfo/America/Asuncion", + "usr/share/zoneinfo/America/Atikokan", + "usr/share/zoneinfo/America/Atka", + "usr/share/zoneinfo/America/Bahia", + "usr/share/zoneinfo/America/Bahia_Banderas", + "usr/share/zoneinfo/America/Barbados", + "usr/share/zoneinfo/America/Belem", + "usr/share/zoneinfo/America/Belize", + "usr/share/zoneinfo/America/Blanc-Sablon", + "usr/share/zoneinfo/America/Boa_Vista", + "usr/share/zoneinfo/America/Bogota", + "usr/share/zoneinfo/America/Boise", + "usr/share/zoneinfo/America/Buenos_Aires", + "usr/share/zoneinfo/America/Cambridge_Bay", + "usr/share/zoneinfo/America/Campo_Grande", + "usr/share/zoneinfo/America/Cancun", + "usr/share/zoneinfo/America/Caracas", + "usr/share/zoneinfo/America/Catamarca", + "usr/share/zoneinfo/America/Cayenne", + "usr/share/zoneinfo/America/Cayman", + "usr/share/zoneinfo/America/Chicago", + "usr/share/zoneinfo/America/Chihuahua", + "usr/share/zoneinfo/America/Ciudad_Juarez", + "usr/share/zoneinfo/America/Coral_Harbour", + "usr/share/zoneinfo/America/Cordoba", + "usr/share/zoneinfo/America/Costa_Rica", + "usr/share/zoneinfo/America/Creston", + "usr/share/zoneinfo/America/Cuiaba", + "usr/share/zoneinfo/America/Curacao", + "usr/share/zoneinfo/America/Danmarkshavn", + "usr/share/zoneinfo/America/Dawson", + "usr/share/zoneinfo/America/Dawson_Creek", + "usr/share/zoneinfo/America/Denver", + "usr/share/zoneinfo/America/Detroit", + "usr/share/zoneinfo/America/Dominica", + "usr/share/zoneinfo/America/Edmonton", + "usr/share/zoneinfo/America/Eirunepe", + "usr/share/zoneinfo/America/El_Salvador", + "usr/share/zoneinfo/America/Ensenada", + "usr/share/zoneinfo/America/Fort_Nelson", + "usr/share/zoneinfo/America/Fort_Wayne", + "usr/share/zoneinfo/America/Fortaleza", + "usr/share/zoneinfo/America/Glace_Bay", + "usr/share/zoneinfo/America/Godthab", + "usr/share/zoneinfo/America/Goose_Bay", + "usr/share/zoneinfo/America/Grand_Turk", + "usr/share/zoneinfo/America/Grenada", + "usr/share/zoneinfo/America/Guadeloupe", + "usr/share/zoneinfo/America/Guatemala", + "usr/share/zoneinfo/America/Guayaquil", + "usr/share/zoneinfo/America/Guyana", + "usr/share/zoneinfo/America/Halifax", + "usr/share/zoneinfo/America/Havana", + "usr/share/zoneinfo/America/Hermosillo", + "usr/share/zoneinfo/America/Indianapolis", + "usr/share/zoneinfo/America/Inuvik", + "usr/share/zoneinfo/America/Iqaluit", + "usr/share/zoneinfo/America/Jamaica", + "usr/share/zoneinfo/America/Jujuy", + "usr/share/zoneinfo/America/Juneau", + "usr/share/zoneinfo/America/Knox_IN", + "usr/share/zoneinfo/America/Kralendijk", + "usr/share/zoneinfo/America/La_Paz", + "usr/share/zoneinfo/America/Lima", + "usr/share/zoneinfo/America/Los_Angeles", + "usr/share/zoneinfo/America/Louisville", + "usr/share/zoneinfo/America/Lower_Princes", + "usr/share/zoneinfo/America/Maceio", + "usr/share/zoneinfo/America/Managua", + "usr/share/zoneinfo/America/Manaus", + "usr/share/zoneinfo/America/Marigot", + "usr/share/zoneinfo/America/Martinique", + "usr/share/zoneinfo/America/Matamoros", + "usr/share/zoneinfo/America/Mazatlan", + "usr/share/zoneinfo/America/Mendoza", + "usr/share/zoneinfo/America/Menominee", + "usr/share/zoneinfo/America/Merida", + "usr/share/zoneinfo/America/Metlakatla", + "usr/share/zoneinfo/America/Mexico_City", + "usr/share/zoneinfo/America/Miquelon", + "usr/share/zoneinfo/America/Moncton", + "usr/share/zoneinfo/America/Monterrey", + "usr/share/zoneinfo/America/Montevideo", + "usr/share/zoneinfo/America/Montreal", + "usr/share/zoneinfo/America/Montserrat", + "usr/share/zoneinfo/America/Nassau", + "usr/share/zoneinfo/America/New_York", + "usr/share/zoneinfo/America/Nipigon", + "usr/share/zoneinfo/America/Nome", + "usr/share/zoneinfo/America/Noronha", + "usr/share/zoneinfo/America/Nuuk", + "usr/share/zoneinfo/America/Ojinaga", + "usr/share/zoneinfo/America/Panama", + "usr/share/zoneinfo/America/Pangnirtung", + "usr/share/zoneinfo/America/Paramaribo", + "usr/share/zoneinfo/America/Phoenix", + "usr/share/zoneinfo/America/Port-au-Prince", + "usr/share/zoneinfo/America/Port_of_Spain", + "usr/share/zoneinfo/America/Porto_Acre", + "usr/share/zoneinfo/America/Porto_Velho", + "usr/share/zoneinfo/America/Puerto_Rico", + "usr/share/zoneinfo/America/Punta_Arenas", + "usr/share/zoneinfo/America/Rainy_River", + "usr/share/zoneinfo/America/Rankin_Inlet", + "usr/share/zoneinfo/America/Recife", + "usr/share/zoneinfo/America/Regina", + "usr/share/zoneinfo/America/Resolute", + "usr/share/zoneinfo/America/Rio_Branco", + "usr/share/zoneinfo/America/Rosario", + "usr/share/zoneinfo/America/Santa_Isabel", + "usr/share/zoneinfo/America/Santarem", + "usr/share/zoneinfo/America/Santiago", + "usr/share/zoneinfo/America/Santo_Domingo", + "usr/share/zoneinfo/America/Sao_Paulo", + "usr/share/zoneinfo/America/Scoresbysund", + "usr/share/zoneinfo/America/Shiprock", + "usr/share/zoneinfo/America/Sitka", + "usr/share/zoneinfo/America/St_Barthelemy", + "usr/share/zoneinfo/America/St_Johns", + "usr/share/zoneinfo/America/St_Kitts", + "usr/share/zoneinfo/America/St_Lucia", + "usr/share/zoneinfo/America/St_Thomas", + "usr/share/zoneinfo/America/St_Vincent", + "usr/share/zoneinfo/America/Swift_Current", + "usr/share/zoneinfo/America/Tegucigalpa", + "usr/share/zoneinfo/America/Thule", + "usr/share/zoneinfo/America/Thunder_Bay", + "usr/share/zoneinfo/America/Tijuana", + "usr/share/zoneinfo/America/Toronto", + "usr/share/zoneinfo/America/Tortola", + "usr/share/zoneinfo/America/Vancouver", + "usr/share/zoneinfo/America/Virgin", + "usr/share/zoneinfo/America/Whitehorse", + "usr/share/zoneinfo/America/Winnipeg", + "usr/share/zoneinfo/America/Yakutat", + "usr/share/zoneinfo/America/Yellowknife", + "usr/share/zoneinfo/America/Argentina/Buenos_Aires", + "usr/share/zoneinfo/America/Argentina/Catamarca", + "usr/share/zoneinfo/America/Argentina/ComodRivadavia", + "usr/share/zoneinfo/America/Argentina/Cordoba", + "usr/share/zoneinfo/America/Argentina/Jujuy", + "usr/share/zoneinfo/America/Argentina/La_Rioja", + "usr/share/zoneinfo/America/Argentina/Mendoza", + "usr/share/zoneinfo/America/Argentina/Rio_Gallegos", + "usr/share/zoneinfo/America/Argentina/Salta", + "usr/share/zoneinfo/America/Argentina/San_Juan", + "usr/share/zoneinfo/America/Argentina/San_Luis", + "usr/share/zoneinfo/America/Argentina/Tucuman", + "usr/share/zoneinfo/America/Argentina/Ushuaia", + "usr/share/zoneinfo/America/Indiana/Indianapolis", + "usr/share/zoneinfo/America/Indiana/Knox", + "usr/share/zoneinfo/America/Indiana/Marengo", + "usr/share/zoneinfo/America/Indiana/Petersburg", + "usr/share/zoneinfo/America/Indiana/Tell_City", + "usr/share/zoneinfo/America/Indiana/Vevay", + "usr/share/zoneinfo/America/Indiana/Vincennes", + "usr/share/zoneinfo/America/Indiana/Winamac", + "usr/share/zoneinfo/America/Kentucky/Louisville", + "usr/share/zoneinfo/America/Kentucky/Monticello", + "usr/share/zoneinfo/America/North_Dakota/Beulah", + "usr/share/zoneinfo/America/North_Dakota/Center", + "usr/share/zoneinfo/America/North_Dakota/New_Salem", + "usr/share/zoneinfo/Antarctica/Casey", + "usr/share/zoneinfo/Antarctica/Davis", + "usr/share/zoneinfo/Antarctica/DumontDUrville", + "usr/share/zoneinfo/Antarctica/Macquarie", + "usr/share/zoneinfo/Antarctica/Mawson", + "usr/share/zoneinfo/Antarctica/McMurdo", + "usr/share/zoneinfo/Antarctica/Palmer", + "usr/share/zoneinfo/Antarctica/Rothera", + "usr/share/zoneinfo/Antarctica/South_Pole", + "usr/share/zoneinfo/Antarctica/Syowa", + "usr/share/zoneinfo/Antarctica/Troll", + "usr/share/zoneinfo/Antarctica/Vostok", + "usr/share/zoneinfo/Arctic/Longyearbyen", + "usr/share/zoneinfo/Asia/Aden", + "usr/share/zoneinfo/Asia/Almaty", + "usr/share/zoneinfo/Asia/Amman", + "usr/share/zoneinfo/Asia/Anadyr", + "usr/share/zoneinfo/Asia/Aqtau", + "usr/share/zoneinfo/Asia/Aqtobe", + "usr/share/zoneinfo/Asia/Ashgabat", + "usr/share/zoneinfo/Asia/Ashkhabad", + "usr/share/zoneinfo/Asia/Atyrau", + "usr/share/zoneinfo/Asia/Baghdad", + "usr/share/zoneinfo/Asia/Bahrain", + "usr/share/zoneinfo/Asia/Baku", + "usr/share/zoneinfo/Asia/Bangkok", + "usr/share/zoneinfo/Asia/Barnaul", + "usr/share/zoneinfo/Asia/Beirut", + "usr/share/zoneinfo/Asia/Bishkek", + "usr/share/zoneinfo/Asia/Brunei", + "usr/share/zoneinfo/Asia/Calcutta", + "usr/share/zoneinfo/Asia/Chita", + "usr/share/zoneinfo/Asia/Choibalsan", + "usr/share/zoneinfo/Asia/Chongqing", + "usr/share/zoneinfo/Asia/Chungking", + "usr/share/zoneinfo/Asia/Colombo", + "usr/share/zoneinfo/Asia/Dacca", + "usr/share/zoneinfo/Asia/Damascus", + "usr/share/zoneinfo/Asia/Dhaka", + "usr/share/zoneinfo/Asia/Dili", + "usr/share/zoneinfo/Asia/Dubai", + "usr/share/zoneinfo/Asia/Dushanbe", + "usr/share/zoneinfo/Asia/Famagusta", + "usr/share/zoneinfo/Asia/Gaza", + "usr/share/zoneinfo/Asia/Harbin", + "usr/share/zoneinfo/Asia/Hebron", + "usr/share/zoneinfo/Asia/Ho_Chi_Minh", + "usr/share/zoneinfo/Asia/Hong_Kong", + "usr/share/zoneinfo/Asia/Hovd", + "usr/share/zoneinfo/Asia/Irkutsk", + "usr/share/zoneinfo/Asia/Istanbul", + "usr/share/zoneinfo/Asia/Jakarta", + "usr/share/zoneinfo/Asia/Jayapura", + "usr/share/zoneinfo/Asia/Jerusalem", + "usr/share/zoneinfo/Asia/Kabul", + "usr/share/zoneinfo/Asia/Kamchatka", + "usr/share/zoneinfo/Asia/Karachi", + "usr/share/zoneinfo/Asia/Kashgar", + "usr/share/zoneinfo/Asia/Kathmandu", + "usr/share/zoneinfo/Asia/Katmandu", + "usr/share/zoneinfo/Asia/Khandyga", + "usr/share/zoneinfo/Asia/Kolkata", + "usr/share/zoneinfo/Asia/Krasnoyarsk", + "usr/share/zoneinfo/Asia/Kuala_Lumpur", + "usr/share/zoneinfo/Asia/Kuching", + "usr/share/zoneinfo/Asia/Kuwait", + "usr/share/zoneinfo/Asia/Macao", + "usr/share/zoneinfo/Asia/Macau", + "usr/share/zoneinfo/Asia/Magadan", + "usr/share/zoneinfo/Asia/Makassar", + "usr/share/zoneinfo/Asia/Manila", + "usr/share/zoneinfo/Asia/Muscat", + "usr/share/zoneinfo/Asia/Nicosia", + "usr/share/zoneinfo/Asia/Novokuznetsk", + "usr/share/zoneinfo/Asia/Novosibirsk", + "usr/share/zoneinfo/Asia/Omsk", + "usr/share/zoneinfo/Asia/Oral", + "usr/share/zoneinfo/Asia/Phnom_Penh", + "usr/share/zoneinfo/Asia/Pontianak", + "usr/share/zoneinfo/Asia/Pyongyang", + "usr/share/zoneinfo/Asia/Qatar", + "usr/share/zoneinfo/Asia/Qostanay", + "usr/share/zoneinfo/Asia/Qyzylorda", + "usr/share/zoneinfo/Asia/Rangoon", + "usr/share/zoneinfo/Asia/Riyadh", + "usr/share/zoneinfo/Asia/Saigon", + "usr/share/zoneinfo/Asia/Sakhalin", + "usr/share/zoneinfo/Asia/Samarkand", + "usr/share/zoneinfo/Asia/Seoul", + "usr/share/zoneinfo/Asia/Shanghai", + "usr/share/zoneinfo/Asia/Singapore", + "usr/share/zoneinfo/Asia/Srednekolymsk", + "usr/share/zoneinfo/Asia/Taipei", + "usr/share/zoneinfo/Asia/Tashkent", + "usr/share/zoneinfo/Asia/Tbilisi", + "usr/share/zoneinfo/Asia/Tehran", + "usr/share/zoneinfo/Asia/Tel_Aviv", + "usr/share/zoneinfo/Asia/Thimbu", + "usr/share/zoneinfo/Asia/Thimphu", + "usr/share/zoneinfo/Asia/Tokyo", + "usr/share/zoneinfo/Asia/Tomsk", + "usr/share/zoneinfo/Asia/Ujung_Pandang", + "usr/share/zoneinfo/Asia/Ulaanbaatar", + "usr/share/zoneinfo/Asia/Ulan_Bator", + "usr/share/zoneinfo/Asia/Urumqi", + "usr/share/zoneinfo/Asia/Ust-Nera", + "usr/share/zoneinfo/Asia/Vientiane", + "usr/share/zoneinfo/Asia/Vladivostok", + "usr/share/zoneinfo/Asia/Yakutsk", + "usr/share/zoneinfo/Asia/Yangon", + "usr/share/zoneinfo/Asia/Yekaterinburg", + "usr/share/zoneinfo/Asia/Yerevan", + "usr/share/zoneinfo/Atlantic/Azores", + "usr/share/zoneinfo/Atlantic/Bermuda", + "usr/share/zoneinfo/Atlantic/Canary", + "usr/share/zoneinfo/Atlantic/Cape_Verde", + "usr/share/zoneinfo/Atlantic/Faeroe", + "usr/share/zoneinfo/Atlantic/Faroe", + "usr/share/zoneinfo/Atlantic/Jan_Mayen", + "usr/share/zoneinfo/Atlantic/Madeira", + "usr/share/zoneinfo/Atlantic/Reykjavik", + "usr/share/zoneinfo/Atlantic/South_Georgia", + "usr/share/zoneinfo/Atlantic/St_Helena", + "usr/share/zoneinfo/Atlantic/Stanley", + "usr/share/zoneinfo/Australia/ACT", + "usr/share/zoneinfo/Australia/Adelaide", + "usr/share/zoneinfo/Australia/Brisbane", + "usr/share/zoneinfo/Australia/Broken_Hill", + "usr/share/zoneinfo/Australia/Canberra", + "usr/share/zoneinfo/Australia/Currie", + "usr/share/zoneinfo/Australia/Darwin", + "usr/share/zoneinfo/Australia/Eucla", + "usr/share/zoneinfo/Australia/Hobart", + "usr/share/zoneinfo/Australia/LHI", + "usr/share/zoneinfo/Australia/Lindeman", + "usr/share/zoneinfo/Australia/Lord_Howe", + "usr/share/zoneinfo/Australia/Melbourne", + "usr/share/zoneinfo/Australia/NSW", + "usr/share/zoneinfo/Australia/North", + "usr/share/zoneinfo/Australia/Perth", + "usr/share/zoneinfo/Australia/Queensland", + "usr/share/zoneinfo/Australia/South", + "usr/share/zoneinfo/Australia/Sydney", + "usr/share/zoneinfo/Australia/Tasmania", + "usr/share/zoneinfo/Australia/Victoria", + "usr/share/zoneinfo/Australia/West", + "usr/share/zoneinfo/Australia/Yancowinna", + "usr/share/zoneinfo/Brazil/Acre", + "usr/share/zoneinfo/Brazil/DeNoronha", + "usr/share/zoneinfo/Brazil/East", + "usr/share/zoneinfo/Brazil/West", + "usr/share/zoneinfo/Canada/Atlantic", + "usr/share/zoneinfo/Canada/Central", + "usr/share/zoneinfo/Canada/Eastern", + "usr/share/zoneinfo/Canada/Mountain", + "usr/share/zoneinfo/Canada/Newfoundland", + "usr/share/zoneinfo/Canada/Pacific", + "usr/share/zoneinfo/Canada/Saskatchewan", + "usr/share/zoneinfo/Canada/Yukon", + "usr/share/zoneinfo/Chile/Continental", + "usr/share/zoneinfo/Chile/EasterIsland", + "usr/share/zoneinfo/Etc/GMT", + "usr/share/zoneinfo/Etc/GMT+0", + "usr/share/zoneinfo/Etc/GMT+1", + "usr/share/zoneinfo/Etc/GMT+10", + "usr/share/zoneinfo/Etc/GMT+11", + "usr/share/zoneinfo/Etc/GMT+12", + "usr/share/zoneinfo/Etc/GMT+2", + "usr/share/zoneinfo/Etc/GMT+3", + "usr/share/zoneinfo/Etc/GMT+4", + "usr/share/zoneinfo/Etc/GMT+5", + "usr/share/zoneinfo/Etc/GMT+6", + "usr/share/zoneinfo/Etc/GMT+7", + "usr/share/zoneinfo/Etc/GMT+8", + "usr/share/zoneinfo/Etc/GMT+9", + "usr/share/zoneinfo/Etc/GMT-0", + "usr/share/zoneinfo/Etc/GMT-1", + "usr/share/zoneinfo/Etc/GMT-10", + "usr/share/zoneinfo/Etc/GMT-11", + "usr/share/zoneinfo/Etc/GMT-12", + "usr/share/zoneinfo/Etc/GMT-13", + "usr/share/zoneinfo/Etc/GMT-14", + "usr/share/zoneinfo/Etc/GMT-2", + "usr/share/zoneinfo/Etc/GMT-3", + "usr/share/zoneinfo/Etc/GMT-4", + "usr/share/zoneinfo/Etc/GMT-5", + "usr/share/zoneinfo/Etc/GMT-6", + "usr/share/zoneinfo/Etc/GMT-7", + "usr/share/zoneinfo/Etc/GMT-8", + "usr/share/zoneinfo/Etc/GMT-9", + "usr/share/zoneinfo/Etc/GMT0", + "usr/share/zoneinfo/Etc/Greenwich", + "usr/share/zoneinfo/Etc/UCT", + "usr/share/zoneinfo/Etc/UTC", + "usr/share/zoneinfo/Etc/Universal", + "usr/share/zoneinfo/Etc/Zulu", + "usr/share/zoneinfo/Europe/Amsterdam", + "usr/share/zoneinfo/Europe/Andorra", + "usr/share/zoneinfo/Europe/Astrakhan", + "usr/share/zoneinfo/Europe/Athens", + "usr/share/zoneinfo/Europe/Belfast", + "usr/share/zoneinfo/Europe/Belgrade", + "usr/share/zoneinfo/Europe/Berlin", + "usr/share/zoneinfo/Europe/Bratislava", + "usr/share/zoneinfo/Europe/Brussels", + "usr/share/zoneinfo/Europe/Bucharest", + "usr/share/zoneinfo/Europe/Budapest", + "usr/share/zoneinfo/Europe/Busingen", + "usr/share/zoneinfo/Europe/Chisinau", + "usr/share/zoneinfo/Europe/Copenhagen", + "usr/share/zoneinfo/Europe/Dublin", + "usr/share/zoneinfo/Europe/Gibraltar", + "usr/share/zoneinfo/Europe/Guernsey", + "usr/share/zoneinfo/Europe/Helsinki", + "usr/share/zoneinfo/Europe/Isle_of_Man", + "usr/share/zoneinfo/Europe/Istanbul", + "usr/share/zoneinfo/Europe/Jersey", + "usr/share/zoneinfo/Europe/Kaliningrad", + "usr/share/zoneinfo/Europe/Kiev", + "usr/share/zoneinfo/Europe/Kirov", + "usr/share/zoneinfo/Europe/Kyiv", + "usr/share/zoneinfo/Europe/Lisbon", + "usr/share/zoneinfo/Europe/Ljubljana", + "usr/share/zoneinfo/Europe/London", + "usr/share/zoneinfo/Europe/Luxembourg", + "usr/share/zoneinfo/Europe/Madrid", + "usr/share/zoneinfo/Europe/Malta", + "usr/share/zoneinfo/Europe/Mariehamn", + "usr/share/zoneinfo/Europe/Minsk", + "usr/share/zoneinfo/Europe/Monaco", + "usr/share/zoneinfo/Europe/Moscow", + "usr/share/zoneinfo/Europe/Nicosia", + "usr/share/zoneinfo/Europe/Oslo", + "usr/share/zoneinfo/Europe/Paris", + "usr/share/zoneinfo/Europe/Podgorica", + "usr/share/zoneinfo/Europe/Prague", + "usr/share/zoneinfo/Europe/Riga", + "usr/share/zoneinfo/Europe/Rome", + "usr/share/zoneinfo/Europe/Samara", + "usr/share/zoneinfo/Europe/San_Marino", + "usr/share/zoneinfo/Europe/Sarajevo", + "usr/share/zoneinfo/Europe/Saratov", + "usr/share/zoneinfo/Europe/Simferopol", + "usr/share/zoneinfo/Europe/Skopje", + "usr/share/zoneinfo/Europe/Sofia", + "usr/share/zoneinfo/Europe/Stockholm", + "usr/share/zoneinfo/Europe/Tallinn", + "usr/share/zoneinfo/Europe/Tirane", + "usr/share/zoneinfo/Europe/Tiraspol", + "usr/share/zoneinfo/Europe/Ulyanovsk", + "usr/share/zoneinfo/Europe/Uzhgorod", + "usr/share/zoneinfo/Europe/Vaduz", + "usr/share/zoneinfo/Europe/Vatican", + "usr/share/zoneinfo/Europe/Vienna", + "usr/share/zoneinfo/Europe/Vilnius", + "usr/share/zoneinfo/Europe/Volgograd", + "usr/share/zoneinfo/Europe/Warsaw", + "usr/share/zoneinfo/Europe/Zagreb", + "usr/share/zoneinfo/Europe/Zaporozhye", + "usr/share/zoneinfo/Europe/Zurich", + "usr/share/zoneinfo/Indian/Antananarivo", + "usr/share/zoneinfo/Indian/Chagos", + "usr/share/zoneinfo/Indian/Christmas", + "usr/share/zoneinfo/Indian/Cocos", + "usr/share/zoneinfo/Indian/Comoro", + "usr/share/zoneinfo/Indian/Kerguelen", + "usr/share/zoneinfo/Indian/Mahe", + "usr/share/zoneinfo/Indian/Maldives", + "usr/share/zoneinfo/Indian/Mauritius", + "usr/share/zoneinfo/Indian/Mayotte", + "usr/share/zoneinfo/Indian/Reunion", + "usr/share/zoneinfo/Mexico/BajaNorte", + "usr/share/zoneinfo/Mexico/BajaSur", + "usr/share/zoneinfo/Mexico/General", + "usr/share/zoneinfo/Pacific/Apia", + "usr/share/zoneinfo/Pacific/Auckland", + "usr/share/zoneinfo/Pacific/Bougainville", + "usr/share/zoneinfo/Pacific/Chatham", + "usr/share/zoneinfo/Pacific/Chuuk", + "usr/share/zoneinfo/Pacific/Easter", + "usr/share/zoneinfo/Pacific/Efate", + "usr/share/zoneinfo/Pacific/Enderbury", + "usr/share/zoneinfo/Pacific/Fakaofo", + "usr/share/zoneinfo/Pacific/Fiji", + "usr/share/zoneinfo/Pacific/Funafuti", + "usr/share/zoneinfo/Pacific/Galapagos", + "usr/share/zoneinfo/Pacific/Gambier", + "usr/share/zoneinfo/Pacific/Guadalcanal", + "usr/share/zoneinfo/Pacific/Guam", + "usr/share/zoneinfo/Pacific/Honolulu", + "usr/share/zoneinfo/Pacific/Johnston", + "usr/share/zoneinfo/Pacific/Kanton", + "usr/share/zoneinfo/Pacific/Kiritimati", + "usr/share/zoneinfo/Pacific/Kosrae", + "usr/share/zoneinfo/Pacific/Kwajalein", + "usr/share/zoneinfo/Pacific/Majuro", + "usr/share/zoneinfo/Pacific/Marquesas", + "usr/share/zoneinfo/Pacific/Midway", + "usr/share/zoneinfo/Pacific/Nauru", + "usr/share/zoneinfo/Pacific/Niue", + "usr/share/zoneinfo/Pacific/Norfolk", + "usr/share/zoneinfo/Pacific/Noumea", + "usr/share/zoneinfo/Pacific/Pago_Pago", + "usr/share/zoneinfo/Pacific/Palau", + "usr/share/zoneinfo/Pacific/Pitcairn", + "usr/share/zoneinfo/Pacific/Pohnpei", + "usr/share/zoneinfo/Pacific/Ponape", + "usr/share/zoneinfo/Pacific/Port_Moresby", + "usr/share/zoneinfo/Pacific/Rarotonga", + "usr/share/zoneinfo/Pacific/Saipan", + "usr/share/zoneinfo/Pacific/Samoa", + "usr/share/zoneinfo/Pacific/Tahiti", + "usr/share/zoneinfo/Pacific/Tarawa", + "usr/share/zoneinfo/Pacific/Tongatapu", + "usr/share/zoneinfo/Pacific/Truk", + "usr/share/zoneinfo/Pacific/Wake", + "usr/share/zoneinfo/Pacific/Wallis", + "usr/share/zoneinfo/Pacific/Yap", + "usr/share/zoneinfo/US/Alaska", + "usr/share/zoneinfo/US/Aleutian", + "usr/share/zoneinfo/US/Arizona", + "usr/share/zoneinfo/US/Central", + "usr/share/zoneinfo/US/East-Indiana", + "usr/share/zoneinfo/US/Eastern", + "usr/share/zoneinfo/US/Hawaii", + "usr/share/zoneinfo/US/Indiana-Starke", + "usr/share/zoneinfo/US/Michigan", + "usr/share/zoneinfo/US/Mountain", + "usr/share/zoneinfo/US/Pacific", + "usr/share/zoneinfo/US/Samoa" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "unbound-libs@1.20.0-r0", + "Name": "unbound-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/unbound-libs@1.20.0-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "3b561481a45e3738" + }, + "Version": "1.20.0-r0", + "Arch": "x86_64", + "SrcName": "unbound", + "SrcVersion": "1.20.0-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", + "DependsOn": [ + "libcrypto3@3.3.2-r0", + "libevent@2.1.12-r7", + "libssl3@3.3.2-r0", + "musl@1.2.5-r0", + "protobuf-c@1.5.0-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:958a772ca06cb74759e760fc803f8aa12e723c6a", + "InstalledFiles": [ + "usr/lib/libunbound.so.8", + "usr/lib/libunbound.so.8.1.27" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "utmps-libs@0.1.2.2-r1", + "Name": "utmps-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/utmps-libs@0.1.2.2-r1?arch=x86_64\u0026distro=3.20.3", + "UID": "fc6db068f10560d3" + }, + "Version": "0.1.2.2-r1", + "Arch": "x86_64", + "SrcName": "utmps", + "SrcVersion": "0.1.2.2-r1", + "Licenses": [ + "ISC" + ], + "Maintainer": "Laurent Bercot \u003cska-devel@skarnet.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0", + "skalibs@2.14.1.1-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:b9878c4ee776fd97a317a468c157317fe8c1091b", + "InstalledFiles": [ + "lib/libutmps.so.0.1", + "lib/libutmps.so.0.1.2.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "wireguard-tools@1.0.20210914-r4", + "Name": "wireguard-tools", + "Identifier": { + "PURL": "pkg:apk/alpine/wireguard-tools@1.0.20210914-r4?arch=x86_64\u0026distro=3.20.3", + "UID": "c9e05a3374082f34" + }, + "Version": "1.0.20210914-r4", + "Arch": "x86_64", + "SrcName": "wireguard-tools", + "SrcVersion": "1.0.20210914-r4", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Stuart Cardall \u003cdeveloper@it-offshore.co.uk\u003e", + "DependsOn": [ + "wireguard-tools-wg-quick@1.0.20210914-r4", + "wireguard-tools-wg@1.0.20210914-r4" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:d5359c52411ae44c023a64ae8b82dfb5ce45d6ba", + "AnalyzedBy": "apk" + }, + { + "ID": "wireguard-tools-wg@1.0.20210914-r4", + "Name": "wireguard-tools-wg", + "Identifier": { + "PURL": "pkg:apk/alpine/wireguard-tools-wg@1.0.20210914-r4?arch=x86_64\u0026distro=3.20.3", + "UID": "55c956455e4b6589" + }, + "Version": "1.0.20210914-r4", + "Arch": "x86_64", + "SrcName": "wireguard-tools", + "SrcVersion": "1.0.20210914-r4", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Stuart Cardall \u003cdeveloper@it-offshore.co.uk\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:aca8005854e38a252338d9f5b0059136fb973641", + "InstalledFiles": [ + "usr/bin/wg" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "wireguard-tools-wg-quick@1.0.20210914-r4", + "Name": "wireguard-tools-wg-quick", + "Identifier": { + "PURL": "pkg:apk/alpine/wireguard-tools-wg-quick@1.0.20210914-r4?arch=x86_64\u0026distro=3.20.3", + "UID": "50de1d6f23943b31" + }, + "Version": "1.0.20210914-r4", + "Arch": "x86_64", + "SrcName": "wireguard-tools", + "SrcVersion": "1.0.20210914-r4", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Stuart Cardall \u003cdeveloper@it-offshore.co.uk\u003e", + "DependsOn": [ + "bash@5.2.26-r0", + "iproute2@6.9.0-r0", + "openresolv@3.13.2-r0", + "wireguard-tools-wg@1.0.20210914-r4" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:080736c18bc2a84ae794533298119bc6c5901524", + "InstalledFiles": [ + "usr/bin/wg-quick" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "xz-libs@5.6.2-r0", + "Name": "xz-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/xz-libs@5.6.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e1c0785d9b1550b7" + }, + "Version": "5.6.2-r0", + "Arch": "x86_64", + "SrcName": "xz", + "SrcVersion": "5.6.2-r0", + "Licenses": [ + "GPL-2.0-or-later", + "0BSD", + "Public-Domain", + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:d59b22ae174c5a75d84c1c558e25de93d9c792b0", + "InstalledFiles": [ + "usr/lib/liblzma.so.5", + "usr/lib/liblzma.so.5.6.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "zlib@1.3.1-r1", + "Name": "zlib", + "Identifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r1?arch=x86_64\u0026distro=3.20.3", + "UID": "d805a98dcdd1a894" + }, + "Version": "1.3.1-r1", + "Arch": "x86_64", + "SrcName": "zlib", + "SrcVersion": "1.3.1-r1", + "Licenses": [ + "Zlib" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "Digest": "sha1:9ba6f253e2982e0e6e71cb4187e3d6b6c4bbae99", + "InstalledFiles": [ + "lib/libz.so.1", + "lib/libz.so.1.3.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "zstd-libs@1.5.6-r0", + "Name": "zstd-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/zstd-libs@1.5.6-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "d210b79fe91a7abc" + }, + "Version": "1.5.6-r0", + "Arch": "x86_64", + "SrcName": "zstd", + "SrcVersion": "1.5.6-r0", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:4d60614645192deddc80e6e568fe535b38c315c1", + "InstalledFiles": [ + "usr/lib/libzstd.so.1", + "usr/lib/libzstd.so.1.5.6" + ], + "AnalyzedBy": "apk" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2024-58251", + "PkgID": "busybox@1.36.1-r29", + "PkgName": "busybox", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox@1.36.1-r29?arch=x86_64\u0026distro=3.20.3", + "UID": "9dbf157a22e0026b" + }, + "InstalledVersion": "1.36.1-r29", + "FixedVersion": "1.36.1-r31", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:5086af9baccab29110ed4ac7906e86f130b3dbde9f278c93a13fc49a62d7b3e3", + "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", + "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/23/6", + "https://bugs.busybox.net/show_bug.cgi?id=15922", + "https://www.busybox.net", + "https://www.busybox.net/downloads/", + "https://www.cve.org/CVERecord?id=CVE-2024-58251" + ], + "PublishedDate": "2025-04-23T18:16:03.057Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-58251", + "PkgID": "busybox-binsh@1.36.1-r29", + "PkgName": "busybox-binsh", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.36.1-r29?arch=x86_64\u0026distro=3.20.3", + "UID": "4c63f123e59f14cd" + }, + "InstalledVersion": "1.36.1-r29", + "FixedVersion": "1.36.1-r31", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:6bc1b30c1986a156941cd7864b7588efb425619039a18ac9a5c75f68c293f7fa", + "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", + "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/23/6", + "https://bugs.busybox.net/show_bug.cgi?id=15922", + "https://www.busybox.net", + "https://www.busybox.net/downloads/", + "https://www.cve.org/CVERecord?id=CVE-2024-58251" + ], + "PublishedDate": "2025-04-23T18:16:03.057Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-8096", + "PkgID": "curl@8.9.1-r2", + "PkgName": "curl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/curl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "3590c6e28b7cc208" + }, + "InstalledVersion": "8.9.1-r2", + "FixedVersion": "8.10.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-8096", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:d03da98932292dd508963d668b00e68539efa6efc9b496507fe4835e664f457d", + "Title": "curl: OCSP stapling bypass with GnuTLS", + "Description": "When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/09/11/1", + "https://access.redhat.com/security/cve/CVE-2024-8096", + "https://curl.se/docs/CVE-2024-8096.html", + "https://curl.se/docs/CVE-2024-8096.json", + "https://github.com/advisories/GHSA-gv3v-x3f3-7fxm", + "https://hackerone.com/reports/2669852", + "https://lists.debian.org/debian-lts-announce/2024/11/msg00008.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-8096", + "https://security.netapp.com/advisory/ntap-20241011-0005", + "https://security.netapp.com/advisory/ntap-20241011-0005/", + "https://ubuntu.com/security/notices/USN-7012-1", + "https://www.cve.org/CVERecord?id=CVE-2024-8096" + ], + "PublishedDate": "2024-09-11T10:15:02.883Z", + "LastModifiedDate": "2025-07-30T19:42:16.87Z" + }, + { + "VulnerabilityID": "CVE-2024-9681", + "PkgID": "curl@8.9.1-r2", + "PkgName": "curl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/curl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "3590c6e28b7cc208" + }, + "InstalledVersion": "8.9.1-r2", + "FixedVersion": "8.11.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-9681", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:729c20311539029a0777d1c1846c128667583c37d329f659686846ddbf720950", + "Title": "curl: HSTS subdomain overwrites parent cache entry", + "Description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-697" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "V3Score": 3.9 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://access.redhat.com/security/cve/CVE-2024-9681", + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://github.com/advisories/GHSA-g337-g667-mjvw", + "https://hackerone.com/reports/2764830", + "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "https://security.netapp.com/advisory/ntap-20241213-0006", + "https://security.netapp.com/advisory/ntap-20241213-0006/", + "https://ubuntu.com/security/notices/USN-7104-1", + "https://www.cve.org/CVERecord?id=CVE-2024-9681" + ], + "PublishedDate": "2024-11-06T08:15:03.74Z", + "LastModifiedDate": "2025-11-03T21:18:48.67Z" + }, + { + "VulnerabilityID": "CVE-2025-4947", + "PkgID": "curl@8.9.1-r2", + "PkgName": "curl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/curl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "3590c6e28b7cc208" + }, + "InstalledVersion": "8.9.1-r2", + "FixedVersion": "8.14.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4947", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:eaa2d3e3f014a56a62b89e73c38d659c5f436cfa0285b63acd4f503c0f2d27bb", + "Title": "libcurl: curl: QUIC certificate check skip with wolfSSL", + "Description": "libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/28/4", + "https://access.redhat.com/security/cve/CVE-2025-4947", + "https://curl.se/docs/CVE-2025-4947.html", + "https://curl.se/docs/CVE-2025-4947.json", + "https://github.com/advisories/GHSA-ppfq-jg49-mqj4", + "https://hackerone.com/reports/3150884", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4947", + "https://www.cve.org/CVERecord?id=CVE-2025-4947" + ], + "PublishedDate": "2025-05-28T07:15:24.78Z", + "LastModifiedDate": "2025-06-26T15:08:21.52Z" + }, + { + "VulnerabilityID": "CVE-2025-5025", + "PkgID": "curl@8.9.1-r2", + "PkgName": "curl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/curl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "3590c6e28b7cc208" + }, + "InstalledVersion": "8.9.1-r2", + "FixedVersion": "8.14.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5025", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:3c9aa6cdb4585e79d9966f754bd654daa7220a21af6fa50aaf58a694055c10a5", + "Title": "curl: libcurl: QUIC Certificate Pinning Bypass", + "Description": "libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/28/5", + "https://access.redhat.com/security/cve/CVE-2025-5025", + "https://curl.se/docs/CVE-2025-5025.html", + "https://curl.se/docs/CVE-2025-5025.json", + "https://github.com/advisories/GHSA-x8ch-h5vv-q6cm", + "https://hackerone.com/reports/3153497", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5025", + "https://www.cve.org/CVERecord?id=CVE-2025-5025" + ], + "PublishedDate": "2025-05-28T07:15:24.91Z", + "LastModifiedDate": "2025-07-30T19:41:37.987Z" + }, + { + "VulnerabilityID": "CVE-2025-5399", + "PkgID": "curl@8.9.1-r2", + "PkgName": "curl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/curl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "3590c6e28b7cc208" + }, + "InstalledVersion": "8.9.1-r2", + "FixedVersion": "8.14.1-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5399", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:1ea64a010f0303dd04251d86f35f2f89fbb44c892e4c8f07990990bf8eea51e5", + "Title": "curl: libcurl: WebSocket endless loop", + "Description": "Due to a mistake in libcurl's WebSocket code, a malicious server can send a\nparticularly crafted packet which makes libcurl get trapped in an endless\nbusy-loop.\n\nThere is no other way for the application to escape or exit this loop other\nthan killing the thread/process.\n\nThis might be used to DoS libcurl-using application.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "alma": 2, + "julia": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/06/04/2", + "https://access.redhat.com/errata/RHSA-2025:16046", + "https://access.redhat.com/security/cve/CVE-2025-5399", + "https://bugzilla.redhat.com/2359885", + "https://bugzilla.redhat.com/2359888", + "https://bugzilla.redhat.com/2359892", + "https://bugzilla.redhat.com/2359894", + "https://bugzilla.redhat.com/2359895", + "https://bugzilla.redhat.com/2359899", + "https://bugzilla.redhat.com/2359900", + "https://bugzilla.redhat.com/2359902", + "https://bugzilla.redhat.com/2359903", + "https://bugzilla.redhat.com/2359911", + "https://bugzilla.redhat.com/2359918", + "https://bugzilla.redhat.com/2359920", + "https://bugzilla.redhat.com/2359924", + "https://bugzilla.redhat.com/2359928", + "https://bugzilla.redhat.com/2359930", + "https://bugzilla.redhat.com/2359932", + "https://bugzilla.redhat.com/2359934", + "https://bugzilla.redhat.com/2359938", + "https://bugzilla.redhat.com/2359940", + "https://bugzilla.redhat.com/2359943", + "https://bugzilla.redhat.com/2359944", + "https://bugzilla.redhat.com/2359945", + "https://bugzilla.redhat.com/2359947", + "https://bugzilla.redhat.com/2359950", + "https://bugzilla.redhat.com/2359963", + "https://bugzilla.redhat.com/2359964", + "https://bugzilla.redhat.com/2359972", + "https://bugzilla.redhat.com/2370920", + "https://bugzilla.redhat.com/2380264", + "https://bugzilla.redhat.com/2380273", + "https://bugzilla.redhat.com/2380274", + "https://bugzilla.redhat.com/2380278", + "https://bugzilla.redhat.com/2380280", + "https://bugzilla.redhat.com/2380283", + "https://bugzilla.redhat.com/2380284", + "https://bugzilla.redhat.com/2380290", + "https://bugzilla.redhat.com/2380291", + "https://bugzilla.redhat.com/2380295", + "https://bugzilla.redhat.com/2380298", + "https://bugzilla.redhat.com/2380306", + "https://bugzilla.redhat.com/2380308", + "https://bugzilla.redhat.com/2380309", + "https://bugzilla.redhat.com/2380310", + "https://bugzilla.redhat.com/2380312", + "https://bugzilla.redhat.com/2380313", + "https://bugzilla.redhat.com/2380320", + "https://bugzilla.redhat.com/2380321", + "https://bugzilla.redhat.com/2380322", + "https://bugzilla.redhat.com/2380326", + "https://bugzilla.redhat.com/2380327", + "https://bugzilla.redhat.com/2380334", + "https://bugzilla.redhat.com/2380335", + "https://bugzilla.redhat.com/show_bug.cgi?id=2338999", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359885", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359888", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359892", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359894", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359895", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359899", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359900", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359902", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359903", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359911", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359920", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359924", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359928", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359930", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359932", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359934", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359938", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359940", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359943", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359944", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359945", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359947", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359950", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359963", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359964", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359972", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370920", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380264", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380274", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380280", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380283", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380284", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380290", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380291", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380295", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380298", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380306", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380308", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380309", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380312", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380313", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380320", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380321", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380322", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380326", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380327", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380334", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380335", + "https://curl.se/docs/CVE-2025-5399.html", + "https://curl.se/docs/CVE-2025-5399.json", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21574", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21575", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21577", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21579", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21580", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21581", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21584", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21585", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21588", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30681", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30682", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30683", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30684", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30685", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30687", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30688", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30693", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30695", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30696", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30699", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30703", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30704", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30721", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30722", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50077", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50078", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50079", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50080", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50081", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50082", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50083", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50084", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50085", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50086", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50087", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50088", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50093", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50094", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50096", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50097", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50098", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50099", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50100", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50101", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50102", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50104", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5399", + "https://errata.almalinux.org/9/ALSA-2025-16046.html", + "https://errata.rockylinux.org/RLSA-2025:15699", + "https://github.com/advisories/GHSA-8h93-38hx-vv92", + "https://hackerone.com/reports/3168039", + "https://linux.oracle.com/cve/CVE-2025-5399.html", + "https://linux.oracle.com/errata/ELSA-2025-16046.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5399", + "https://www.cve.org/CVERecord?id=CVE-2025-5399", + "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixMSQL" + ], + "PublishedDate": "2025-06-07T08:15:20.687Z", + "LastModifiedDate": "2025-07-30T19:41:33.457Z" + }, + { + "VulnerabilityID": "CVE-2025-9086", + "PkgID": "curl@8.9.1-r2", + "PkgName": "curl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/curl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "3590c6e28b7cc208" + }, + "InstalledVersion": "8.9.1-r2", + "FixedVersion": "8.14.1-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9086", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:69503a3727f3efc5db3d40e81d09f4889afb0a2a94e5a90720bf4c54319c0c6d", + "Title": "curl: libcurl: Curl out of bounds read for cookie path", + "Description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 1, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://access.redhat.com/errata/RHSA-2026:1350", + "https://access.redhat.com/security/cve/CVE-2025-9086", + "https://bugzilla.redhat.com/2394750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2394750", + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086", + "https://errata.almalinux.org/9/ALSA-2026-1350.html", + "https://errata.rockylinux.org/RLSA-2026:1350", + "https://github.com/advisories/GHSA-v676-f8gm-92r9", + "https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6", + "https://hackerone.com/reports/3294999", + "https://linux.oracle.com/cve/CVE-2025-9086.html", + "https://linux.oracle.com/errata/ELSA-2026-1825.html", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "https://ubuntu.com/security/notices/USN-8062-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9086" + ], + "PublishedDate": "2025-09-12T06:15:44.1Z", + "LastModifiedDate": "2026-01-20T14:58:01.347Z" + }, + { + "VulnerabilityID": "CVE-2026-4878", + "PkgID": "libcap-getcap@2.70-r0", + "PkgName": "libcap-getcap", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcap-getcap@2.70-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "2e9f7399f8a4acb1" + }, + "InstalledVersion": "2.70-r0", + "FixedVersion": "2.78-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4878", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:0c3b148570e0fc8d15a454cb319724a4aa8a265f2a308929304014f84e3b84a2", + "Title": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()", + "Description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-367" + ], + "VendorSeverity": { + "alma": 3, + "azure": 2, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/07/14", + "http://www.openwall.com/lists/oss-security/2026/04/07/4", + "http://www.openwall.com/lists/oss-security/2026/04/08/9", + "http://www.openwall.com/lists/oss-security/2026/04/09/5", + "http://www.openwall.com/lists/oss-security/2026/04/09/6", + "https://access.redhat.com/errata/RHSA-2026:12423", + "https://access.redhat.com/errata/RHSA-2026:12441", + "https://access.redhat.com/errata/RHSA-2026:13285", + "https://access.redhat.com/errata/RHSA-2026:14162", + "https://access.redhat.com/errata/RHSA-2026:14937", + "https://access.redhat.com/errata/RHSA-2026:19130", + "https://access.redhat.com/errata/RHSA-2026:19346", + "https://access.redhat.com/errata/RHSA-2026:19456", + "https://access.redhat.com/errata/RHSA-2026:19458", + "https://access.redhat.com/errata/RHSA-2026:7473", + "https://access.redhat.com/security/cve/CVE-2026-4878", + "https://bugzilla.redhat.com/2451615", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447554", + "https://bugzilla.redhat.com/show_bug.cgi?id=2451615", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4878", + "https://errata.almalinux.org/9/ALSA-2026-12441.html", + "https://errata.rockylinux.org/RLSA-2026:12441", + "https://github.com/AndrewGMorgan/libcap_mirror/security/advisories/GHSA-f78v-p5hx-m7hh", + "https://linux.oracle.com/cve/CVE-2026-4878.html", + "https://linux.oracle.com/errata/ELSA-2026-13285.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-4878", + "https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.x4zn8j3lss6r", + "https://ubuntu.com/security/notices/USN-8193-1", + "https://www.cve.org/CVERecord?id=CVE-2026-4878" + ], + "PublishedDate": "2026-04-09T16:16:31.987Z", + "LastModifiedDate": "2026-05-20T05:16:21.907Z" + }, + { + "VulnerabilityID": "CVE-2026-4878", + "PkgID": "libcap-setcap@2.70-r0", + "PkgName": "libcap-setcap", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcap-setcap@2.70-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "7ead01c20c7fdb89" + }, + "InstalledVersion": "2.70-r0", + "FixedVersion": "2.78-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4878", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:8d5360b4d5dd40e56107211b1a4c8efc96c4e0395dfb3fbbb353f95ba9dce23b", + "Title": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()", + "Description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-367" + ], + "VendorSeverity": { + "alma": 3, + "azure": 2, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/07/14", + "http://www.openwall.com/lists/oss-security/2026/04/07/4", + "http://www.openwall.com/lists/oss-security/2026/04/08/9", + "http://www.openwall.com/lists/oss-security/2026/04/09/5", + "http://www.openwall.com/lists/oss-security/2026/04/09/6", + "https://access.redhat.com/errata/RHSA-2026:12423", + "https://access.redhat.com/errata/RHSA-2026:12441", + "https://access.redhat.com/errata/RHSA-2026:13285", + "https://access.redhat.com/errata/RHSA-2026:14162", + "https://access.redhat.com/errata/RHSA-2026:14937", + "https://access.redhat.com/errata/RHSA-2026:19130", + "https://access.redhat.com/errata/RHSA-2026:19346", + "https://access.redhat.com/errata/RHSA-2026:19456", + "https://access.redhat.com/errata/RHSA-2026:19458", + "https://access.redhat.com/errata/RHSA-2026:7473", + "https://access.redhat.com/security/cve/CVE-2026-4878", + "https://bugzilla.redhat.com/2451615", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447554", + "https://bugzilla.redhat.com/show_bug.cgi?id=2451615", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4878", + "https://errata.almalinux.org/9/ALSA-2026-12441.html", + "https://errata.rockylinux.org/RLSA-2026:12441", + "https://github.com/AndrewGMorgan/libcap_mirror/security/advisories/GHSA-f78v-p5hx-m7hh", + "https://linux.oracle.com/cve/CVE-2026-4878.html", + "https://linux.oracle.com/errata/ELSA-2026-13285.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-4878", + "https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.x4zn8j3lss6r", + "https://ubuntu.com/security/notices/USN-8193-1", + "https://www.cve.org/CVERecord?id=CVE-2026-4878" + ], + "PublishedDate": "2026-04-09T16:16:31.987Z", + "LastModifiedDate": "2026-05-20T05:16:21.907Z" + }, + { + "VulnerabilityID": "CVE-2026-4878", + "PkgID": "libcap-utils@2.70-r0", + "PkgName": "libcap-utils", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcap-utils@2.70-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "2af2246a4520124f" + }, + "InstalledVersion": "2.70-r0", + "FixedVersion": "2.78-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4878", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:3d8a1c9e9be89abab84cdf220c4e8cc1c080e4749f82a4390bf8d8d634a6c725", + "Title": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()", + "Description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-367" + ], + "VendorSeverity": { + "alma": 3, + "azure": 2, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/07/14", + "http://www.openwall.com/lists/oss-security/2026/04/07/4", + "http://www.openwall.com/lists/oss-security/2026/04/08/9", + "http://www.openwall.com/lists/oss-security/2026/04/09/5", + "http://www.openwall.com/lists/oss-security/2026/04/09/6", + "https://access.redhat.com/errata/RHSA-2026:12423", + "https://access.redhat.com/errata/RHSA-2026:12441", + "https://access.redhat.com/errata/RHSA-2026:13285", + "https://access.redhat.com/errata/RHSA-2026:14162", + "https://access.redhat.com/errata/RHSA-2026:14937", + "https://access.redhat.com/errata/RHSA-2026:19130", + "https://access.redhat.com/errata/RHSA-2026:19346", + "https://access.redhat.com/errata/RHSA-2026:19456", + "https://access.redhat.com/errata/RHSA-2026:19458", + "https://access.redhat.com/errata/RHSA-2026:7473", + "https://access.redhat.com/security/cve/CVE-2026-4878", + "https://bugzilla.redhat.com/2451615", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447554", + "https://bugzilla.redhat.com/show_bug.cgi?id=2451615", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4878", + "https://errata.almalinux.org/9/ALSA-2026-12441.html", + "https://errata.rockylinux.org/RLSA-2026:12441", + "https://github.com/AndrewGMorgan/libcap_mirror/security/advisories/GHSA-f78v-p5hx-m7hh", + "https://linux.oracle.com/cve/CVE-2026-4878.html", + "https://linux.oracle.com/errata/ELSA-2026-13285.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-4878", + "https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.x4zn8j3lss6r", + "https://ubuntu.com/security/notices/USN-8193-1", + "https://www.cve.org/CVERecord?id=CVE-2026-4878" + ], + "PublishedDate": "2026-04-09T16:16:31.987Z", + "LastModifiedDate": "2026-05-20T05:16:21.907Z" + }, + { + "VulnerabilityID": "CVE-2026-4878", + "PkgID": "libcap2@2.70-r0", + "PkgName": "libcap2", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcap2@2.70-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "fdb8fa1749c0da49" + }, + "InstalledVersion": "2.70-r0", + "FixedVersion": "2.78-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4878", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:635b077196e89cf29fe6649789b439761731b8e63a0fc1f0077b473cc0ac0232", + "Title": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()", + "Description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-367" + ], + "VendorSeverity": { + "alma": 3, + "azure": 2, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/07/14", + "http://www.openwall.com/lists/oss-security/2026/04/07/4", + "http://www.openwall.com/lists/oss-security/2026/04/08/9", + "http://www.openwall.com/lists/oss-security/2026/04/09/5", + "http://www.openwall.com/lists/oss-security/2026/04/09/6", + "https://access.redhat.com/errata/RHSA-2026:12423", + "https://access.redhat.com/errata/RHSA-2026:12441", + "https://access.redhat.com/errata/RHSA-2026:13285", + "https://access.redhat.com/errata/RHSA-2026:14162", + "https://access.redhat.com/errata/RHSA-2026:14937", + "https://access.redhat.com/errata/RHSA-2026:19130", + "https://access.redhat.com/errata/RHSA-2026:19346", + "https://access.redhat.com/errata/RHSA-2026:19456", + "https://access.redhat.com/errata/RHSA-2026:19458", + "https://access.redhat.com/errata/RHSA-2026:7473", + "https://access.redhat.com/security/cve/CVE-2026-4878", + "https://bugzilla.redhat.com/2451615", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447554", + "https://bugzilla.redhat.com/show_bug.cgi?id=2451615", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4878", + "https://errata.almalinux.org/9/ALSA-2026-12441.html", + "https://errata.rockylinux.org/RLSA-2026:12441", + "https://github.com/AndrewGMorgan/libcap_mirror/security/advisories/GHSA-f78v-p5hx-m7hh", + "https://linux.oracle.com/cve/CVE-2026-4878.html", + "https://linux.oracle.com/errata/ELSA-2026-13285.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-4878", + "https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.x4zn8j3lss6r", + "https://ubuntu.com/security/notices/USN-8193-1", + "https://www.cve.org/CVERecord?id=CVE-2026-4878" + ], + "PublishedDate": "2026-04-09T16:16:31.987Z", + "LastModifiedDate": "2026-05-20T05:16:21.907Z" + }, + { + "VulnerabilityID": "CVE-2026-31789", + "PkgID": "libcrypto3@3.3.2-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "1f07265a9a4c81e3" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:50b22a44cf146aed76aae9fbd8f2e457781b0677c9582a2d3c916936cd56c03f", + "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", + "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "nvd": 4, + "photon": 4, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 5.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31789", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-j79m-9jxq-788r", + "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", + "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", + "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", + "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", + "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31789", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.617Z", + "LastModifiedDate": "2026-05-12T13:17:34.57Z" + }, + { + "VulnerabilityID": "CVE-2024-12797", + "PkgID": "libcrypto3@3.3.2-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "1f07265a9a4c81e3" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.3-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12797", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:76243d702514a2991c5107d3fa2114a85ff2a3911b49c2a7ee9603aaa20a1285", + "Title": "openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected", + "Description": "Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a\nserver may fail to notice that the server was not authenticated, because\nhandshakes don't abort as expected when the SSL_VERIFY_PEER verification mode\nis set.\n\nImpact summary: TLS and DTLS connections using raw public keys may be\nvulnerable to man-in-middle attacks when server authentication failure is not\ndetected by clients.\n\nRPKs are disabled by default in both TLS clients and TLS servers. The issue\nonly arises when TLS clients explicitly enable RPK use by the server, and the\nserver, likewise, enables sending of an RPK instead of an X.509 certificate\nchain. The affected clients are those that then rely on the handshake to\nfail when the server's RPK fails to match one of the expected public keys,\nby setting the verification mode to SSL_VERIFY_PEER.\n\nClients that enable server-side raw public keys can still find out that raw\npublic key verification failed by calling SSL_get_verify_result(), and those\nthat do, and take appropriate action, are not affected. This issue was\nintroduced in the initial implementation of RPK support in OpenSSL 3.2.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-392" + ], + "VendorSeverity": { + "alma": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 1, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/02/11/3", + "http://www.openwall.com/lists/oss-security/2025/02/11/4", + "https://access.redhat.com/errata/RHSA-2025:1330", + "https://access.redhat.com/security/cve/CVE-2024-12797", + "https://bugzilla.redhat.com/2342757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2342757", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12797", + "https://errata.almalinux.org/9/ALSA-2025-1330.html", + "https://errata.rockylinux.org/RLSA-2025:1330", + "https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9", + "https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7", + "https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699", + "https://github.com/pyca/cryptography", + "https://github.com/pyca/cryptography/security/advisories/GHSA-79v4-65xg-pq4g", + "https://linux.oracle.com/cve/CVE-2024-12797.html", + "https://linux.oracle.com/errata/ELSA-2025-1330.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-12797", + "https://openssl-library.org/news/secadv/20250211.txt", + "https://security.netapp.com/advisory/ntap-20250214-0001/", + "https://ubuntu.com/security/notices/USN-7264-1", + "https://www.cve.org/CVERecord?id=CVE-2024-12797" + ], + "PublishedDate": "2025-02-11T16:15:38.827Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-15467", + "PkgID": "libcrypto3@3.3.2-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "1f07265a9a4c81e3" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:2af0077040dc2bc64b52d8cc2b4cc3ad80e07ae5b7de40593e3936f119c1d9ca", + "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", + "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 4, + "julia": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6", + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-15467", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", + "https://github.com/guiimoraes/CVE-2025-15467", + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://linux.oracle.com/cve/CVE-2025-15467.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-15467" + ], + "PublishedDate": "2026-01-27T16:16:14.257Z", + "LastModifiedDate": "2026-05-07T18:12:43.253Z" + }, + { + "VulnerabilityID": "CVE-2025-69421", + "PkgID": "libcrypto3@3.3.2-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "1f07265a9a4c81e3" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:174734f9e5c7e5ab4a6c6c413d0ff5e1ffef49f9ca4fa90822e27cfa378616b9", + "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", + "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-69421", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://linux.oracle.com/cve/CVE-2025-69421.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69421" + ], + "PublishedDate": "2026-01-27T16:16:34.437Z", + "LastModifiedDate": "2026-05-12T13:17:26.71Z" + }, + { + "VulnerabilityID": "CVE-2026-28387", + "PkgID": "libcrypto3@3.3.2-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "1f07265a9a4c81e3" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:2947dbbe3d602a7f1e10fe5292bd388b00a0b525e3f9195c85956ad019c4a95b", + "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", + "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28387", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", + "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", + "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", + "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", + "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28387", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.7Z", + "LastModifiedDate": "2026-05-12T13:17:33.27Z" + }, + { + "VulnerabilityID": "CVE-2026-28388", + "PkgID": "libcrypto3@3.3.2-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "1f07265a9a4c81e3" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:cf76010796e77e865567ddddd933de884e2404fff383161c180e95b5d5f94fd4", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", + "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28388", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", + "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", + "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", + "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", + "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28388", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.863Z", + "LastModifiedDate": "2026-05-12T13:17:33.453Z" + }, + { + "VulnerabilityID": "CVE-2026-28389", + "PkgID": "libcrypto3@3.3.2-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "1f07265a9a4c81e3" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:23b82e1cd848348c2017666c96d03949cf4ae60881ea8e6d677432a1409a8fca", + "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28389", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/advisories/GHSA-7x88-9hgc-69gf", + "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", + "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", + "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", + "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", + "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28389", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.03Z", + "LastModifiedDate": "2026-05-12T13:17:33.637Z" + }, + { + "VulnerabilityID": "CVE-2026-28390", + "PkgID": "libcrypto3@3.3.2-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "1f07265a9a4c81e3" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:8d6fdc015784f396d2b02a393c557169c9b9c0d608d6582827f1d7040609bcb0", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28390", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", + "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", + "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", + "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", + "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28390", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.19Z", + "LastModifiedDate": "2026-05-12T13:17:33.81Z" + }, + { + "VulnerabilityID": "CVE-2025-69419", + "PkgID": "libcrypto3@3.3.2-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "1f07265a9a4c81e3" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:beddf5664e29c0fcc1f947bd20eb4c3495efb2e6f1635c80db697c04c6f3241f", + "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", + "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4472", + "https://access.redhat.com/security/cve/CVE-2025-69419", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-4472.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-x77r-97gw-wh89", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://linux.oracle.com/cve/CVE-2025-69419.html", + "https://linux.oracle.com/errata/ELSA-2026-50131.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69419" + ], + "PublishedDate": "2026-01-27T16:16:34.113Z", + "LastModifiedDate": "2026-05-12T13:17:26.19Z" + }, + { + "VulnerabilityID": "CVE-2025-9230", + "PkgID": "libcrypto3@3.3.2-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "1f07265a9a4c81e3" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:571e9f1afd0f2aae95b1baa5b7c9a6f184f78a980029071dac0ffcf24fcf074f", + "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", + "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://access.redhat.com/errata/RHSA-2026:2776", + "https://access.redhat.com/security/cve/CVE-2025-9230", + "https://bugzilla.redhat.com/2396054", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", + "https://errata.almalinux.org/9/ALSA-2026-2776.html", + "https://errata.rockylinux.org/RLSA-2025:21255", + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://linux.oracle.com/cve/CVE-2025-9230.html", + "https://linux.oracle.com/errata/ELSA-2026-50114.html", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9230" + ], + "PublishedDate": "2025-09-30T14:15:41.05Z", + "LastModifiedDate": "2026-05-12T13:17:29.767Z" + }, + { + "VulnerabilityID": "CVE-2025-9231", + "PkgID": "libcrypto3@3.3.2-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "1f07265a9a4c81e3" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:fc571513e320f7d8d81a1f6d2ccd046f6fbcf9d27edde0dcf97cb249b63973af", + "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-385" + ], + "VendorSeverity": { + "amazon": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "http://www.openwall.com/lists/oss-security/2026/05/11/11", + "https://access.redhat.com/security/cve/CVE-2025-9231", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", + "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", + "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", + "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", + "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9231" + ], + "PublishedDate": "2025-09-30T14:15:41.19Z", + "LastModifiedDate": "2026-05-12T13:17:29.927Z" + }, + { + "VulnerabilityID": "CVE-2026-31790", + "PkgID": "libcrypto3@3.3.2-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "1f07265a9a4c81e3" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:2c7cfa700eb04aaa899a020a8692effa01b20f06f6a4419e8aad0708e3e2a4b7", + "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", + "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31790", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", + "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", + "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", + "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", + "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", + "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31790", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.77Z", + "LastModifiedDate": "2026-05-12T13:17:34.75Z" + }, + { + "VulnerabilityID": "CVE-2024-8096", + "PkgID": "libcurl@8.9.1-r2", + "PkgName": "libcurl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcurl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "2ba374c8fc8f948f" + }, + "InstalledVersion": "8.9.1-r2", + "FixedVersion": "8.10.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-8096", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:53c44a7d6b5d47fb1bc6eccf444ab8c9b0892e66bab84406697d30cb52985fe7", + "Title": "curl: OCSP stapling bypass with GnuTLS", + "Description": "When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/09/11/1", + "https://access.redhat.com/security/cve/CVE-2024-8096", + "https://curl.se/docs/CVE-2024-8096.html", + "https://curl.se/docs/CVE-2024-8096.json", + "https://github.com/advisories/GHSA-gv3v-x3f3-7fxm", + "https://hackerone.com/reports/2669852", + "https://lists.debian.org/debian-lts-announce/2024/11/msg00008.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-8096", + "https://security.netapp.com/advisory/ntap-20241011-0005", + "https://security.netapp.com/advisory/ntap-20241011-0005/", + "https://ubuntu.com/security/notices/USN-7012-1", + "https://www.cve.org/CVERecord?id=CVE-2024-8096" + ], + "PublishedDate": "2024-09-11T10:15:02.883Z", + "LastModifiedDate": "2025-07-30T19:42:16.87Z" + }, + { + "VulnerabilityID": "CVE-2024-9681", + "PkgID": "libcurl@8.9.1-r2", + "PkgName": "libcurl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcurl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "2ba374c8fc8f948f" + }, + "InstalledVersion": "8.9.1-r2", + "FixedVersion": "8.11.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-9681", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ad89ef2ade3f4e5594d83f07f9f19b30987b3255c891a80114f4147c42bc5ac3", + "Title": "curl: HSTS subdomain overwrites parent cache entry", + "Description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-697" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "V3Score": 3.9 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://access.redhat.com/security/cve/CVE-2024-9681", + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://github.com/advisories/GHSA-g337-g667-mjvw", + "https://hackerone.com/reports/2764830", + "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "https://security.netapp.com/advisory/ntap-20241213-0006", + "https://security.netapp.com/advisory/ntap-20241213-0006/", + "https://ubuntu.com/security/notices/USN-7104-1", + "https://www.cve.org/CVERecord?id=CVE-2024-9681" + ], + "PublishedDate": "2024-11-06T08:15:03.74Z", + "LastModifiedDate": "2025-11-03T21:18:48.67Z" + }, + { + "VulnerabilityID": "CVE-2025-4947", + "PkgID": "libcurl@8.9.1-r2", + "PkgName": "libcurl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcurl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "2ba374c8fc8f948f" + }, + "InstalledVersion": "8.9.1-r2", + "FixedVersion": "8.14.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4947", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:4356e654aa130320842fafdcea2b28718798fd84a33e67bc127f31a4cb435cbc", + "Title": "libcurl: curl: QUIC certificate check skip with wolfSSL", + "Description": "libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/28/4", + "https://access.redhat.com/security/cve/CVE-2025-4947", + "https://curl.se/docs/CVE-2025-4947.html", + "https://curl.se/docs/CVE-2025-4947.json", + "https://github.com/advisories/GHSA-ppfq-jg49-mqj4", + "https://hackerone.com/reports/3150884", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4947", + "https://www.cve.org/CVERecord?id=CVE-2025-4947" + ], + "PublishedDate": "2025-05-28T07:15:24.78Z", + "LastModifiedDate": "2025-06-26T15:08:21.52Z" + }, + { + "VulnerabilityID": "CVE-2025-5025", + "PkgID": "libcurl@8.9.1-r2", + "PkgName": "libcurl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcurl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "2ba374c8fc8f948f" + }, + "InstalledVersion": "8.9.1-r2", + "FixedVersion": "8.14.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5025", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:fce71c9fdcdfd44fa4324612dd8d92817e4637ec757d7182ed78aa9fc3d505a8", + "Title": "curl: libcurl: QUIC Certificate Pinning Bypass", + "Description": "libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/28/5", + "https://access.redhat.com/security/cve/CVE-2025-5025", + "https://curl.se/docs/CVE-2025-5025.html", + "https://curl.se/docs/CVE-2025-5025.json", + "https://github.com/advisories/GHSA-x8ch-h5vv-q6cm", + "https://hackerone.com/reports/3153497", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5025", + "https://www.cve.org/CVERecord?id=CVE-2025-5025" + ], + "PublishedDate": "2025-05-28T07:15:24.91Z", + "LastModifiedDate": "2025-07-30T19:41:37.987Z" + }, + { + "VulnerabilityID": "CVE-2025-5399", + "PkgID": "libcurl@8.9.1-r2", + "PkgName": "libcurl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcurl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "2ba374c8fc8f948f" + }, + "InstalledVersion": "8.9.1-r2", + "FixedVersion": "8.14.1-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5399", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:d67df0860ef3b6911e4664099e77163353cdbaf44821e04f3590aff576617c7c", + "Title": "curl: libcurl: WebSocket endless loop", + "Description": "Due to a mistake in libcurl's WebSocket code, a malicious server can send a\nparticularly crafted packet which makes libcurl get trapped in an endless\nbusy-loop.\n\nThere is no other way for the application to escape or exit this loop other\nthan killing the thread/process.\n\nThis might be used to DoS libcurl-using application.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "alma": 2, + "julia": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/06/04/2", + "https://access.redhat.com/errata/RHSA-2025:16046", + "https://access.redhat.com/security/cve/CVE-2025-5399", + "https://bugzilla.redhat.com/2359885", + "https://bugzilla.redhat.com/2359888", + "https://bugzilla.redhat.com/2359892", + "https://bugzilla.redhat.com/2359894", + "https://bugzilla.redhat.com/2359895", + "https://bugzilla.redhat.com/2359899", + "https://bugzilla.redhat.com/2359900", + "https://bugzilla.redhat.com/2359902", + "https://bugzilla.redhat.com/2359903", + "https://bugzilla.redhat.com/2359911", + "https://bugzilla.redhat.com/2359918", + "https://bugzilla.redhat.com/2359920", + "https://bugzilla.redhat.com/2359924", + "https://bugzilla.redhat.com/2359928", + "https://bugzilla.redhat.com/2359930", + "https://bugzilla.redhat.com/2359932", + "https://bugzilla.redhat.com/2359934", + "https://bugzilla.redhat.com/2359938", + "https://bugzilla.redhat.com/2359940", + "https://bugzilla.redhat.com/2359943", + "https://bugzilla.redhat.com/2359944", + "https://bugzilla.redhat.com/2359945", + "https://bugzilla.redhat.com/2359947", + "https://bugzilla.redhat.com/2359950", + "https://bugzilla.redhat.com/2359963", + "https://bugzilla.redhat.com/2359964", + "https://bugzilla.redhat.com/2359972", + "https://bugzilla.redhat.com/2370920", + "https://bugzilla.redhat.com/2380264", + "https://bugzilla.redhat.com/2380273", + "https://bugzilla.redhat.com/2380274", + "https://bugzilla.redhat.com/2380278", + "https://bugzilla.redhat.com/2380280", + "https://bugzilla.redhat.com/2380283", + "https://bugzilla.redhat.com/2380284", + "https://bugzilla.redhat.com/2380290", + "https://bugzilla.redhat.com/2380291", + "https://bugzilla.redhat.com/2380295", + "https://bugzilla.redhat.com/2380298", + "https://bugzilla.redhat.com/2380306", + "https://bugzilla.redhat.com/2380308", + "https://bugzilla.redhat.com/2380309", + "https://bugzilla.redhat.com/2380310", + "https://bugzilla.redhat.com/2380312", + "https://bugzilla.redhat.com/2380313", + "https://bugzilla.redhat.com/2380320", + "https://bugzilla.redhat.com/2380321", + "https://bugzilla.redhat.com/2380322", + "https://bugzilla.redhat.com/2380326", + "https://bugzilla.redhat.com/2380327", + "https://bugzilla.redhat.com/2380334", + "https://bugzilla.redhat.com/2380335", + "https://bugzilla.redhat.com/show_bug.cgi?id=2338999", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359885", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359888", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359892", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359894", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359895", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359899", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359900", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359902", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359903", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359911", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359920", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359924", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359928", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359930", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359932", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359934", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359938", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359940", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359943", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359944", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359945", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359947", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359950", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359963", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359964", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359972", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370920", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380264", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380274", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380280", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380283", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380284", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380290", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380291", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380295", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380298", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380306", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380308", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380309", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380312", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380313", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380320", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380321", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380322", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380326", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380327", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380334", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380335", + "https://curl.se/docs/CVE-2025-5399.html", + "https://curl.se/docs/CVE-2025-5399.json", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21574", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21575", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21577", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21579", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21580", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21581", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21584", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21585", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21588", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30681", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30682", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30683", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30684", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30685", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30687", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30688", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30693", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30695", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30696", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30699", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30703", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30704", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30721", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30722", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50077", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50078", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50079", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50080", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50081", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50082", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50083", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50084", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50085", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50086", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50087", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50088", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50093", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50094", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50096", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50097", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50098", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50099", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50100", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50101", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50102", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50104", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5399", + "https://errata.almalinux.org/9/ALSA-2025-16046.html", + "https://errata.rockylinux.org/RLSA-2025:15699", + "https://github.com/advisories/GHSA-8h93-38hx-vv92", + "https://hackerone.com/reports/3168039", + "https://linux.oracle.com/cve/CVE-2025-5399.html", + "https://linux.oracle.com/errata/ELSA-2025-16046.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5399", + "https://www.cve.org/CVERecord?id=CVE-2025-5399", + "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixMSQL" + ], + "PublishedDate": "2025-06-07T08:15:20.687Z", + "LastModifiedDate": "2025-07-30T19:41:33.457Z" + }, + { + "VulnerabilityID": "CVE-2025-9086", + "PkgID": "libcurl@8.9.1-r2", + "PkgName": "libcurl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcurl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "2ba374c8fc8f948f" + }, + "InstalledVersion": "8.9.1-r2", + "FixedVersion": "8.14.1-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9086", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:1c46cb8ff7069fc21bb20542d74278ec83a9594fc214f598b73c9cd04e87799e", + "Title": "curl: libcurl: Curl out of bounds read for cookie path", + "Description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 1, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://access.redhat.com/errata/RHSA-2026:1350", + "https://access.redhat.com/security/cve/CVE-2025-9086", + "https://bugzilla.redhat.com/2394750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2394750", + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086", + "https://errata.almalinux.org/9/ALSA-2026-1350.html", + "https://errata.rockylinux.org/RLSA-2026:1350", + "https://github.com/advisories/GHSA-v676-f8gm-92r9", + "https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6", + "https://hackerone.com/reports/3294999", + "https://linux.oracle.com/cve/CVE-2025-9086.html", + "https://linux.oracle.com/errata/ELSA-2026-1825.html", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "https://ubuntu.com/security/notices/USN-8062-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9086" + ], + "PublishedDate": "2025-09-12T06:15:44.1Z", + "LastModifiedDate": "2026-01-20T14:58:01.347Z" + }, + { + "VulnerabilityID": "CVE-2025-64720", + "PkgID": "libpng@1.6.44-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e29ba48026f32d89" + }, + "InstalledVersion": "1.6.44-r0", + "FixedVersion": "1.6.53-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64720", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:04666bb95f53b42d9637a877dfe34942a8290f633ba0570ee28589a5decb3562", + "Title": "libpng: LIBPNG buffer overflow", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:0933", + "https://access.redhat.com/security/cve/CVE-2025-64720", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416904", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416907", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418711", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293", + "https://errata.almalinux.org/9/ALSA-2026-0933.html", + "https://errata.rockylinux.org/RLSA-2026:0238", + "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643", + "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643 (v1.6.51)", + "https://github.com/pnggroup/libpng/issues/686", + "https://github.com/pnggroup/libpng/pull/751", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww", + "https://linux.oracle.com/cve/CVE-2025-64720.html", + "https://linux.oracle.com/errata/ELSA-2026-0932.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-64720", + "https://ubuntu.com/security/notices/USN-7924-1", + "https://www.cve.org/CVERecord?id=CVE-2025-64720", + "https://www.openwall.com/lists/oss-security/2025/11/22/1" + ], + "PublishedDate": "2025-11-25T00:15:47.46Z", + "LastModifiedDate": "2025-11-26T18:35:18.253Z" + }, + { + "VulnerabilityID": "CVE-2025-65018", + "PkgID": "libpng@1.6.44-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e29ba48026f32d89" + }, + "InstalledVersion": "1.6.44-r0", + "FixedVersion": "1.6.53-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-65018", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:86f925624b42a3bcc476777af730a9e3665744f5010a9ed80a145c9ef97ad3f6", + "Title": "libpng: LIBPNG heap buffer overflow", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-122", + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:0933", + "https://access.redhat.com/security/cve/CVE-2025-65018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416904", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416907", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418711", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293", + "https://errata.almalinux.org/9/ALSA-2026-0933.html", + "https://errata.rockylinux.org/RLSA-2026:0238", + "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d", + "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d (v1.6.51)", + "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea", + "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea (v1.6.51)", + "https://github.com/pnggroup/libpng/issues/755", + "https://github.com/pnggroup/libpng/pull/757", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g", + "https://linux.oracle.com/cve/CVE-2025-65018.html", + "https://linux.oracle.com/errata/ELSA-2026-0932.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-65018", + "https://ubuntu.com/security/notices/USN-7924-1", + "https://www.cve.org/CVERecord?id=CVE-2025-65018", + "https://www.openwall.com/lists/oss-security/2025/11/22/1" + ], + "PublishedDate": "2025-11-25T00:15:47.61Z", + "LastModifiedDate": "2025-11-26T18:34:53.65Z" + }, + { + "VulnerabilityID": "CVE-2025-66293", + "PkgID": "libpng@1.6.44-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e29ba48026f32d89" + }, + "InstalledVersion": "1.6.44-r0", + "FixedVersion": "1.6.53-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-66293", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:04d987a12397922ab23429cefdd18b90b65c29e35c2f0bf654aa3a72a68f4492", + "Title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/12/03/6", + "http://www.openwall.com/lists/oss-security/2025/12/03/7", + "http://www.openwall.com/lists/oss-security/2025/12/03/8", + "https://access.redhat.com/errata/RHSA-2026:0238", + "https://access.redhat.com/security/cve/CVE-2025-66293", + "https://bugzilla.redhat.com/2416904", + "https://bugzilla.redhat.com/2416907", + "https://bugzilla.redhat.com/2418711", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416904", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416907", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418711", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293", + "https://errata.almalinux.org/9/ALSA-2026-0238.html", + "https://errata.rockylinux.org/RLSA-2026:0238", + "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1", + "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a", + "https://github.com/pnggroup/libpng/issues/764", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f", + "https://linux.oracle.com/cve/CVE-2025-66293.html", + "https://linux.oracle.com/errata/ELSA-2026-0241.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-66293", + "https://ubuntu.com/security/notices/USN-7963-1", + "https://ubuntu.com/security/notices/USN-8035-1", + "https://www.cve.org/CVERecord?id=CVE-2025-66293" + ], + "PublishedDate": "2025-12-03T21:15:53.06Z", + "LastModifiedDate": "2025-12-16T19:12:50.35Z" + }, + { + "VulnerabilityID": "CVE-2026-22695", + "PkgID": "libpng@1.6.44-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e29ba48026f32d89" + }, + "InstalledVersion": "1.6.44-r0", + "FixedVersion": "1.6.54-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22695", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:36c2a4f2b70a0b9b1661e638ba26377d62fa536fc51de4c79cb68a7ba2a8cc30", + "Title": "libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "V3Score": 7.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3405", + "https://access.redhat.com/security/cve/CVE-2026-22695", + "https://bugzilla.redhat.com/2428824", + "https://bugzilla.redhat.com/2428825", + "https://bugzilla.redhat.com/2438542", + "https://bugzilla.redhat.com/show_bug.cgi?id=2428824", + "https://bugzilla.redhat.com/show_bug.cgi?id=2428825", + "https://bugzilla.redhat.com/show_bug.cgi?id=2438542", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646", + "https://errata.almalinux.org/9/ALSA-2026-3405.html", + "https://errata.rockylinux.org/RLSA-2026:3405", + "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea", + "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2", + "https://github.com/pnggroup/libpng/issues/778", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp", + "https://linux.oracle.com/cve/CVE-2026-22695.html", + "https://linux.oracle.com/errata/ELSA-2026-4728.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-22695", + "https://ubuntu.com/security/notices/USN-7963-1", + "https://ubuntu.com/security/notices/USN-8035-1", + "https://www.cve.org/CVERecord?id=CVE-2026-22695", + "https://www.openwall.com/lists/oss-security/2026/01/12/7" + ], + "PublishedDate": "2026-01-12T23:15:52.597Z", + "LastModifiedDate": "2026-01-21T18:58:55.787Z" + }, + { + "VulnerabilityID": "CVE-2026-22801", + "PkgID": "libpng@1.6.44-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e29ba48026f32d89" + }, + "InstalledVersion": "1.6.44-r0", + "FixedVersion": "1.6.54-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22801", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:9a9a8e3cb9cf88bff61c9305c689f57738bf4b95d33ceb6be0d3b72a6c46ace4", + "Title": "libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125", + "CWE-190" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 6.6 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3405", + "https://access.redhat.com/security/cve/CVE-2026-22801", + "https://bugzilla.redhat.com/2428824", + "https://bugzilla.redhat.com/2428825", + "https://bugzilla.redhat.com/2438542", + "https://bugzilla.redhat.com/show_bug.cgi?id=2428824", + "https://bugzilla.redhat.com/show_bug.cgi?id=2428825", + "https://bugzilla.redhat.com/show_bug.cgi?id=2438542", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646", + "https://errata.almalinux.org/9/ALSA-2026-3405.html", + "https://errata.rockylinux.org/RLSA-2026:3405", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8", + "https://linux.oracle.com/cve/CVE-2026-22801.html", + "https://linux.oracle.com/errata/ELSA-2026-4728.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-22801", + "https://ubuntu.com/security/notices/USN-7963-1", + "https://ubuntu.com/security/notices/USN-8035-1", + "https://www.cve.org/CVERecord?id=CVE-2026-22801", + "https://www.openwall.com/lists/oss-security/2026/01/12/7" + ], + "PublishedDate": "2026-01-12T23:15:52.907Z", + "LastModifiedDate": "2026-01-21T18:58:18.27Z" + }, + { + "VulnerabilityID": "CVE-2026-25646", + "PkgID": "libpng@1.6.44-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e29ba48026f32d89" + }, + "InstalledVersion": "1.6.44-r0", + "FixedVersion": "1.6.55-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25646", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:85e41518a186f195db1bbfcdd98c897d6f187b31a23b89258328ced00d1e91d1", + "Title": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-122", + "CWE-126" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/02/09/7", + "https://access.redhat.com/errata/RHSA-2026:3405", + "https://access.redhat.com/security/cve/CVE-2026-25646", + "https://bugzilla.redhat.com/2428824", + "https://bugzilla.redhat.com/2428825", + "https://bugzilla.redhat.com/2438542", + "https://bugzilla.redhat.com/show_bug.cgi?id=2428824", + "https://bugzilla.redhat.com/show_bug.cgi?id=2428825", + "https://bugzilla.redhat.com/show_bug.cgi?id=2438542", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646", + "https://errata.almalinux.org/9/ALSA-2026-3405.html", + "https://errata.rockylinux.org/RLSA-2026:3405", + "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3", + "https://linux.oracle.com/cve/CVE-2026-25646.html", + "https://linux.oracle.com/errata/ELSA-2026-7032.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25646", + "https://ubuntu.com/security/notices/USN-8035-1", + "https://ubuntu.com/security/notices/USN-8039-1", + "https://ubuntu.com/security/notices/USN-8081-1", + "https://www.cve.org/CVERecord?id=CVE-2026-25646" + ], + "PublishedDate": "2026-02-10T18:16:37.817Z", + "LastModifiedDate": "2026-02-13T20:43:44.69Z" + }, + { + "VulnerabilityID": "CVE-2025-64505", + "PkgID": "libpng@1.6.44-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e29ba48026f32d89" + }, + "InstalledVersion": "1.6.44-r0", + "FixedVersion": "1.6.53-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64505", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:78e074ffd25d850c85fe6e6abc43c84ecec3d3f3b4153a3e371153f3694ce6cf", + "Title": "libpng: LIBPNG heap buffer overflow via malformed palette index", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-64505", + "https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37", + "https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37 (v1.6.51)", + "https://github.com/pnggroup/libpng/pull/748", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42", + "https://nvd.nist.gov/vuln/detail/CVE-2025-64505", + "https://ubuntu.com/security/notices/USN-7924-1", + "https://ubuntu.com/security/notices/USN-8081-1", + "https://www.cve.org/CVERecord?id=CVE-2025-64505", + "https://www.openwall.com/lists/oss-security/2025/11/22/1" + ], + "PublishedDate": "2025-11-25T00:15:47.133Z", + "LastModifiedDate": "2025-11-26T18:28:32.22Z" + }, + { + "VulnerabilityID": "CVE-2025-64506", + "PkgID": "libpng@1.6.44-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e29ba48026f32d89" + }, + "InstalledVersion": "1.6.44-r0", + "FixedVersion": "1.6.53-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64506", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:0fc39b69047b3f7bc637e716eca9c85001c852edb562b2d6c3a15ef15cf0efc3", + "Title": "libpng: LIBPNG heap buffer over-read", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-64506", + "https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821", + "https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821 (v1.6.51)", + "https://github.com/pnggroup/libpng/pull/749", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6", + "https://nvd.nist.gov/vuln/detail/CVE-2025-64506", + "https://ubuntu.com/security/notices/USN-7924-1", + "https://www.cve.org/CVERecord?id=CVE-2025-64506", + "https://www.openwall.com/lists/oss-security/2025/11/22/1" + ], + "PublishedDate": "2025-11-25T00:15:47.3Z", + "LastModifiedDate": "2025-11-26T18:34:38.24Z" + }, + { + "VulnerabilityID": "CVE-2026-33416", + "PkgID": "libpng@1.6.44-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e29ba48026f32d89" + }, + "InstalledVersion": "1.6.44-r0", + "FixedVersion": "1.6.56-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33416", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:269acfff291a9aa56bb4397f191d0e37906d9bc5eb133fc9073cbbf6aab99ee4", + "Title": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, sharing a single allocation across two structs with independent lifetimes. The `trans_alpha` aliasing has been present since at least libpng 1.0, and the `palette` aliasing since at least 1.2.1. Both affect all prior release lines `png_set_tRNS` sets `png_ptr-\u003etrans_alpha = info_ptr-\u003etrans_alpha` (256-byte buffer) and `png_set_PLTE` sets `info_ptr-\u003epalette = png_ptr-\u003epalette` (768-byte buffer). In both cases, calling `png_free_data` (with `PNG_FREE_TRNS` or `PNG_FREE_PLTE`) frees the buffer through `info_ptr` while the corresponding `png_ptr` pointer remains dangling. Subsequent row-transform functions dereference and, in some code paths, write to the freed memory. A second call to `png_set_tRNS` or `png_set_PLTE` has the same effect, because both functions call `png_free_data` internally before reallocating the `info_ptr` buffer. Version 1.6.56 fixes the issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9693", + "https://access.redhat.com/security/cve/CVE-2026-33416", + "https://bugzilla.redhat.com/show_bug.cgi?id=2451805", + "https://bugzilla.redhat.com/show_bug.cgi?id=2451819", + "https://bugzilla.redhat.com/show_bug.cgi?id=2455897", + "https://bugzilla.redhat.com/show_bug.cgi?id=2455901", + "https://bugzilla.redhat.com/show_bug.cgi?id=2455908", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5731", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5732", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5734", + "https://errata.almalinux.org/9/ALSA-2026-9693.html", + "https://errata.rockylinux.org/RLSA-2026:8459", + "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb", + "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667", + "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25", + "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1", + "https://github.com/pnggroup/libpng/pull/824", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j", + "https://linux.oracle.com/cve/CVE-2026-33416.html", + "https://linux.oracle.com/errata/ELSA-2026-9693.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33416", + "https://ubuntu.com/security/notices/USN-8251-1", + "https://www.cve.org/CVERecord?id=CVE-2026-33416" + ], + "PublishedDate": "2026-03-26T17:16:38.443Z", + "LastModifiedDate": "2026-04-02T20:28:33.973Z" + }, + { + "VulnerabilityID": "CVE-2026-33636", + "PkgID": "libpng@1.6.44-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e29ba48026f32d89" + }, + "InstalledVersion": "1.6.44-r0", + "FixedVersion": "1.6.56-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33636", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:d1798360723eacea8651a6ac09b94e12f167c01d095c31534ebfcd1448ce7e83", + "Title": "libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the final iteration dereferences pointers before the start of the row buffer (OOB read) and writes expanded pixel data to the same underflowed positions (OOB write). This is reachable via normal decoding of attacker-controlled PNG input if Neon is enabled. Version 1.6.56 fixes the issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 7.6 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9693", + "https://access.redhat.com/security/cve/CVE-2026-33636", + "https://bugzilla.redhat.com/show_bug.cgi?id=2451819", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636", + "https://errata.almalinux.org/9/ALSA-2026-9693.html", + "https://errata.rockylinux.org/RLSA-2026:14791", + "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869", + "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2", + "https://linux.oracle.com/cve/CVE-2026-33636.html", + "https://linux.oracle.com/errata/ELSA-2026-9693.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33636", + "https://ubuntu.com/security/notices/USN-8251-1", + "https://www.cve.org/CVERecord?id=CVE-2026-33636" + ], + "PublishedDate": "2026-03-26T17:16:41.477Z", + "LastModifiedDate": "2026-04-02T18:42:02.667Z" + }, + { + "VulnerabilityID": "CVE-2026-34757", + "PkgID": "libpng@1.6.44-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e29ba48026f32d89" + }, + "InstalledVersion": "1.6.44-r0", + "FixedVersion": "1.6.57-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34757", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:8cbe2d00ff1387ed30628b4c0f5a887c6918973f33799a6fd61a2f93f742abbc", + "Title": "libpng: libpng: Information disclosure and data corruption via use-after-free vulnerability", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST back into the corresponding setter on the same png_struct/png_info pair causes the setter to read from freed memory and copy its contents into the replacement buffer. The setter frees the internal buffer before copying from the caller-supplied pointer, which now dangles. The freed region may contain stale data (producing silently corrupted chunk metadata) or data from subsequent heap allocations (leaking unrelated heap contents into the chunk struct). This vulnerability is fixed in 1.6.57.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-34757", + "https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a", + "https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc", + "https://github.com/pnggroup/libpng/issues/836", + "https://github.com/pnggroup/libpng/issues/837", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645", + "https://lists.debian.org/debian-lts-announce/2026/05/msg00017.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-34757", + "https://ubuntu.com/security/notices/USN-8251-1", + "https://www.cve.org/CVERecord?id=CVE-2026-34757" + ], + "PublishedDate": "2026-04-09T15:16:11.003Z", + "LastModifiedDate": "2026-05-13T23:07:51.863Z" + }, + { + "VulnerabilityID": "CVE-2026-31789", + "PkgID": "libssl3@3.3.2-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "c6ddd7b4b8d1fc36" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:3192f6e7ad34cbbd5041d70e667f0914365e935741108b37e9db8ce9a8b0b446", + "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", + "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "nvd": 4, + "photon": 4, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 5.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31789", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-j79m-9jxq-788r", + "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", + "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", + "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", + "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", + "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31789", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.617Z", + "LastModifiedDate": "2026-05-12T13:17:34.57Z" + }, + { + "VulnerabilityID": "CVE-2024-12797", + "PkgID": "libssl3@3.3.2-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "c6ddd7b4b8d1fc36" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.3-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12797", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:e8b334e54f7abec2f2f14f0152ec3e01d5b24c3d2c8edcbe87234338a769279f", + "Title": "openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected", + "Description": "Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a\nserver may fail to notice that the server was not authenticated, because\nhandshakes don't abort as expected when the SSL_VERIFY_PEER verification mode\nis set.\n\nImpact summary: TLS and DTLS connections using raw public keys may be\nvulnerable to man-in-middle attacks when server authentication failure is not\ndetected by clients.\n\nRPKs are disabled by default in both TLS clients and TLS servers. The issue\nonly arises when TLS clients explicitly enable RPK use by the server, and the\nserver, likewise, enables sending of an RPK instead of an X.509 certificate\nchain. The affected clients are those that then rely on the handshake to\nfail when the server's RPK fails to match one of the expected public keys,\nby setting the verification mode to SSL_VERIFY_PEER.\n\nClients that enable server-side raw public keys can still find out that raw\npublic key verification failed by calling SSL_get_verify_result(), and those\nthat do, and take appropriate action, are not affected. This issue was\nintroduced in the initial implementation of RPK support in OpenSSL 3.2.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-392" + ], + "VendorSeverity": { + "alma": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 1, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/02/11/3", + "http://www.openwall.com/lists/oss-security/2025/02/11/4", + "https://access.redhat.com/errata/RHSA-2025:1330", + "https://access.redhat.com/security/cve/CVE-2024-12797", + "https://bugzilla.redhat.com/2342757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2342757", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12797", + "https://errata.almalinux.org/9/ALSA-2025-1330.html", + "https://errata.rockylinux.org/RLSA-2025:1330", + "https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9", + "https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7", + "https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699", + "https://github.com/pyca/cryptography", + "https://github.com/pyca/cryptography/security/advisories/GHSA-79v4-65xg-pq4g", + "https://linux.oracle.com/cve/CVE-2024-12797.html", + "https://linux.oracle.com/errata/ELSA-2025-1330.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-12797", + "https://openssl-library.org/news/secadv/20250211.txt", + "https://security.netapp.com/advisory/ntap-20250214-0001/", + "https://ubuntu.com/security/notices/USN-7264-1", + "https://www.cve.org/CVERecord?id=CVE-2024-12797" + ], + "PublishedDate": "2025-02-11T16:15:38.827Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-15467", + "PkgID": "libssl3@3.3.2-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "c6ddd7b4b8d1fc36" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:3e4b9631d37814c8165d5cb05cf2f04ad428535d8259103309b8e848ecc52f78", + "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", + "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 4, + "julia": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6", + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-15467", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", + "https://github.com/guiimoraes/CVE-2025-15467", + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://linux.oracle.com/cve/CVE-2025-15467.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-15467" + ], + "PublishedDate": "2026-01-27T16:16:14.257Z", + "LastModifiedDate": "2026-05-07T18:12:43.253Z" + }, + { + "VulnerabilityID": "CVE-2025-69421", + "PkgID": "libssl3@3.3.2-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "c6ddd7b4b8d1fc36" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ea6b0a9d64210b3ae7a2c3c9edc7e4456d00ce56676c5361b2df3cfdb6531b23", + "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", + "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-69421", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://linux.oracle.com/cve/CVE-2025-69421.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69421" + ], + "PublishedDate": "2026-01-27T16:16:34.437Z", + "LastModifiedDate": "2026-05-12T13:17:26.71Z" + }, + { + "VulnerabilityID": "CVE-2026-28387", + "PkgID": "libssl3@3.3.2-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "c6ddd7b4b8d1fc36" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:84adba333700bc4765c878b821cab1238e683cd6025f41190a6d101cd3a63839", + "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", + "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28387", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", + "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", + "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", + "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", + "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28387", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.7Z", + "LastModifiedDate": "2026-05-12T13:17:33.27Z" + }, + { + "VulnerabilityID": "CVE-2026-28388", + "PkgID": "libssl3@3.3.2-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "c6ddd7b4b8d1fc36" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:92f3a1d31fbb98645ce72c3dc55966dd583316cce6a99208a1bfae4f47ab35a0", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", + "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28388", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", + "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", + "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", + "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", + "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28388", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.863Z", + "LastModifiedDate": "2026-05-12T13:17:33.453Z" + }, + { + "VulnerabilityID": "CVE-2026-28389", + "PkgID": "libssl3@3.3.2-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "c6ddd7b4b8d1fc36" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:4eb5b3bb6f305566c5b3f981164095e9fdf939fc9bf2159110f35a2697a6ef3e", + "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28389", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/advisories/GHSA-7x88-9hgc-69gf", + "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", + "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", + "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", + "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", + "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28389", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.03Z", + "LastModifiedDate": "2026-05-12T13:17:33.637Z" + }, + { + "VulnerabilityID": "CVE-2026-28390", + "PkgID": "libssl3@3.3.2-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "c6ddd7b4b8d1fc36" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:773fde7e774ab8a52786717be3e989c0b90a1b1993a95c8f9aa0174719dda535", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28390", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", + "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", + "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", + "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", + "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28390", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.19Z", + "LastModifiedDate": "2026-05-12T13:17:33.81Z" + }, + { + "VulnerabilityID": "CVE-2025-69419", + "PkgID": "libssl3@3.3.2-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "c6ddd7b4b8d1fc36" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:d8dcb9892c8a0702ecd8c040e1c2e582ae19dbf0354078321256d9fad0f628a9", + "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", + "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4472", + "https://access.redhat.com/security/cve/CVE-2025-69419", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-4472.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-x77r-97gw-wh89", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://linux.oracle.com/cve/CVE-2025-69419.html", + "https://linux.oracle.com/errata/ELSA-2026-50131.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69419" + ], + "PublishedDate": "2026-01-27T16:16:34.113Z", + "LastModifiedDate": "2026-05-12T13:17:26.19Z" + }, + { + "VulnerabilityID": "CVE-2025-9230", + "PkgID": "libssl3@3.3.2-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "c6ddd7b4b8d1fc36" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:9ec7e2f99720ef8080aa90597d7c48f748af6d55adeeaa42ab60933fddd9d13a", + "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", + "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://access.redhat.com/errata/RHSA-2026:2776", + "https://access.redhat.com/security/cve/CVE-2025-9230", + "https://bugzilla.redhat.com/2396054", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", + "https://errata.almalinux.org/9/ALSA-2026-2776.html", + "https://errata.rockylinux.org/RLSA-2025:21255", + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://linux.oracle.com/cve/CVE-2025-9230.html", + "https://linux.oracle.com/errata/ELSA-2026-50114.html", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9230" + ], + "PublishedDate": "2025-09-30T14:15:41.05Z", + "LastModifiedDate": "2026-05-12T13:17:29.767Z" + }, + { + "VulnerabilityID": "CVE-2025-9231", + "PkgID": "libssl3@3.3.2-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "c6ddd7b4b8d1fc36" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:1b755f8cff5cfbfd8ff0cfde0572183551f69923dee1f45be52a929f451bfbcd", + "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-385" + ], + "VendorSeverity": { + "amazon": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "http://www.openwall.com/lists/oss-security/2026/05/11/11", + "https://access.redhat.com/security/cve/CVE-2025-9231", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", + "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", + "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", + "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", + "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9231" + ], + "PublishedDate": "2025-09-30T14:15:41.19Z", + "LastModifiedDate": "2026-05-12T13:17:29.927Z" + }, + { + "VulnerabilityID": "CVE-2026-31790", + "PkgID": "libssl3@3.3.2-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "c6ddd7b4b8d1fc36" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:86dbb7f3c64a42ce7056e3cb8a41c1fef658945041a797af1e797686a1ac24c8", + "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", + "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31790", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", + "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", + "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", + "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", + "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", + "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31790", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.77Z", + "LastModifiedDate": "2026-05-12T13:17:34.75Z" + }, + { + "VulnerabilityID": "CVE-2025-26519", + "PkgID": "musl@1.2.5-r0", + "PkgName": "musl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "d76e86ca8c96b6ac" + }, + "InstalledVersion": "1.2.5-r0", + "FixedVersion": "1.2.5-r1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-26519", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:a727aa52cbae014532be6b432c52d4bc6f278c46952fc210526842c880c7d88d", + "Title": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...", + "Description": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "nvd": 3 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/02/13/2", + "http://www.openwall.com/lists/oss-security/2025/02/13/3", + "http://www.openwall.com/lists/oss-security/2025/02/13/4", + "http://www.openwall.com/lists/oss-security/2025/02/13/5", + "http://www.openwall.com/lists/oss-security/2025/02/14/5", + "http://www.openwall.com/lists/oss-security/2025/02/14/6", + "https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da", + "https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659", + "https://www.openwall.com/lists/oss-security/2025/02/13/2" + ], + "PublishedDate": "2025-02-14T04:15:09.05Z", + "LastModifiedDate": "2025-12-10T20:03:59.273Z" + }, + { + "VulnerabilityID": "CVE-2026-40200", + "PkgID": "musl@1.2.5-r0", + "PkgName": "musl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "d76e86ca8c96b6ac" + }, + "InstalledVersion": "1.2.5-r0", + "FixedVersion": "1.2.5-r3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:240b4b1b174030ab0bc7b47f7acb1c00fd1ed5ceaf9c644fd1d57998f29a9eb8", + "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", + "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-670" + ], + "VendorSeverity": { + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/10/13", + "https://access.redhat.com/security/cve/CVE-2026-40200", + "https://musl.libc.org/releases.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", + "https://www.cve.org/CVERecord?id=CVE-2026-40200", + "https://www.openwall.com/lists/oss-security/2026/04/10/13" + ], + "PublishedDate": "2026-04-10T17:17:14.107Z", + "LastModifiedDate": "2026-04-27T19:18:46.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6042", + "PkgID": "musl@1.2.5-r0", + "PkgName": "musl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "d76e86ca8c96b6ac" + }, + "InstalledVersion": "1.2.5-r0", + "FixedVersion": "1.2.5-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:4225097f346fb36e5e66ffc15adff5168cd762c2a51f67dd889aee22ad839594", + "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", + "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-404", + "CWE-407" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/09/19", + "https://access.redhat.com/security/cve/CVE-2026-6042", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", + "https://vuldb.com/submit/796352", + "https://vuldb.com/vuln/356620", + "https://vuldb.com/vuln/356620/cti", + "https://www.cve.org/CVERecord?id=CVE-2026-6042", + "https://www.openwall.com/lists/oss-security/2026/04/02/10", + "https://www.openwall.com/lists/oss-security/2026/04/03/2" + ], + "PublishedDate": "2026-04-10T09:16:25.45Z", + "LastModifiedDate": "2026-04-24T18:01:13.913Z" + }, + { + "VulnerabilityID": "CVE-2025-26519", + "PkgID": "musl-utils@1.2.5-r0", + "PkgName": "musl-utils", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "a313fc68c87a2f4d" + }, + "InstalledVersion": "1.2.5-r0", + "FixedVersion": "1.2.5-r1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-26519", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:cf18e324e2464871d5e1c1fe0e1af0fba498ed096111bab7cc2aa3c071eb319f", + "Title": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...", + "Description": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "nvd": 3 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/02/13/2", + "http://www.openwall.com/lists/oss-security/2025/02/13/3", + "http://www.openwall.com/lists/oss-security/2025/02/13/4", + "http://www.openwall.com/lists/oss-security/2025/02/13/5", + "http://www.openwall.com/lists/oss-security/2025/02/14/5", + "http://www.openwall.com/lists/oss-security/2025/02/14/6", + "https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da", + "https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659", + "https://www.openwall.com/lists/oss-security/2025/02/13/2" + ], + "PublishedDate": "2025-02-14T04:15:09.05Z", + "LastModifiedDate": "2025-12-10T20:03:59.273Z" + }, + { + "VulnerabilityID": "CVE-2026-40200", + "PkgID": "musl-utils@1.2.5-r0", + "PkgName": "musl-utils", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "a313fc68c87a2f4d" + }, + "InstalledVersion": "1.2.5-r0", + "FixedVersion": "1.2.5-r3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:62a59bae1df40f0ae3d8f5a8718ffcfa79bf1a9b60ddbf4bb4bd7f8a6eec76a4", + "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", + "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-670" + ], + "VendorSeverity": { + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/10/13", + "https://access.redhat.com/security/cve/CVE-2026-40200", + "https://musl.libc.org/releases.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", + "https://www.cve.org/CVERecord?id=CVE-2026-40200", + "https://www.openwall.com/lists/oss-security/2026/04/10/13" + ], + "PublishedDate": "2026-04-10T17:17:14.107Z", + "LastModifiedDate": "2026-04-27T19:18:46.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6042", + "PkgID": "musl-utils@1.2.5-r0", + "PkgName": "musl-utils", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "a313fc68c87a2f4d" + }, + "InstalledVersion": "1.2.5-r0", + "FixedVersion": "1.2.5-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:99236924f1de4590f536151146e93a73979976e94f5efca2132b6daf3a1111b8", + "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", + "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-404", + "CWE-407" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/09/19", + "https://access.redhat.com/security/cve/CVE-2026-6042", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", + "https://vuldb.com/submit/796352", + "https://vuldb.com/vuln/356620", + "https://vuldb.com/vuln/356620/cti", + "https://www.cve.org/CVERecord?id=CVE-2026-6042", + "https://www.openwall.com/lists/oss-security/2026/04/02/10", + "https://www.openwall.com/lists/oss-security/2026/04/03/2" + ], + "PublishedDate": "2026-04-10T09:16:25.45Z", + "LastModifiedDate": "2026-04-24T18:01:13.913Z" + }, + { + "VulnerabilityID": "CVE-2024-58251", + "PkgID": "ssl_client@1.36.1-r29", + "PkgName": "ssl_client", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.36.1-r29?arch=x86_64\u0026distro=3.20.3", + "UID": "98ff5cbbbcd05de1" + }, + "InstalledVersion": "1.36.1-r29", + "FixedVersion": "1.36.1-r31", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:fd3dcaefe79eeb607142505e9afa1284bc3ef9d44b47444d630bcbc7154022b2", + "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", + "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/23/6", + "https://bugs.busybox.net/show_bug.cgi?id=15922", + "https://www.busybox.net", + "https://www.busybox.net/downloads/", + "https://www.cve.org/CVERecord?id=CVE-2024-58251" + ], + "PublishedDate": "2025-04-23T18:16:03.057Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-5994", + "PkgID": "unbound-libs@1.20.0-r0", + "PkgName": "unbound-libs", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/unbound-libs@1.20.0-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "3b561481a45e3738" + }, + "InstalledVersion": "1.20.0-r0", + "FixedVersion": "1.20.0-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5994", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:53dd13085d6fe62b0f9526d029cea91a70c8c2d72be113aaaf0c39c65b24488a", + "Title": "unbound: Unbound Cache poisoning", + "Description": "A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along with queries to upstream name servers, i.e., at least one of the 'send-client-subnet', 'client-subnet-zone' or 'client-subnet-always-forward' options is used. Resolvers supporting ECS need to segregate outgoing queries to accommodate for different outgoing ECS information. This re-opens up resolvers to a birthday paradox attack (Rebirthday Attack) that tries to match the DNS transaction ID in order to cache non-ECS poisonous replies.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-349" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:11849", + "https://access.redhat.com/security/cve/CVE-2025-5994", + "https://bugzilla.redhat.com/2380949", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380949", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5994", + "https://errata.almalinux.org/9/ALSA-2025-11849.html", + "https://errata.rockylinux.org/RLSA-2025:11849", + "https://linux.oracle.com/cve/CVE-2025-5994.html", + "https://linux.oracle.com/errata/ELSA-2025-12064.html", + "https://lists.debian.org/debian-lts-announce/2025/08/msg00019.html", + "https://nlnetlabs.nl/downloads/unbound/CVE-2025-5994.txt", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5994", + "https://ubuntu.com/security/notices/USN-7666-1", + "https://www.cve.org/CVERecord?id=CVE-2025-5994" + ], + "PublishedDate": "2025-07-16T15:15:33.49Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-8508", + "PkgID": "unbound-libs@1.20.0-r0", + "PkgName": "unbound-libs", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/unbound-libs@1.20.0-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "3b561481a45e3738" + }, + "InstalledVersion": "1.20.0-r0", + "FixedVersion": "1.20.0-r1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-8508", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:31c274f0cab65582a62c51c117e3f46d61a787ae829728b66a62d2723376ab9b", + "Title": "unbound: Unbounded name compression could lead to Denial of Service", + "Description": "NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-606", + "CWE-1284" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/10/04/5", + "https://access.redhat.com/errata/RHSA-2024:11232", + "https://access.redhat.com/security/cve/CVE-2024-8508", + "https://bugzilla.redhat.com/2316321", + "https://bugzilla.redhat.com/show_bug.cgi?id=2316321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8508", + "https://errata.almalinux.org/9/ALSA-2024-11232.html", + "https://errata.rockylinux.org/RLSA-2025:8197", + "https://linux.oracle.com/cve/CVE-2024-8508.html", + "https://linux.oracle.com/errata/ELSA-2025-8197.html", + "https://lists.debian.org/debian-lts-announce/2024/11/msg00009.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-8508", + "https://ubuntu.com/security/notices/USN-7080-1", + "https://www.cve.org/CVERecord?id=CVE-2024-8508", + "https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-8508.txt" + ], + "PublishedDate": "2024-10-03T17:15:15.323Z", + "LastModifiedDate": "2024-12-17T19:28:03.767Z" + }, + { + "VulnerabilityID": "CVE-2025-11411", + "PkgID": "unbound-libs@1.20.0-r0", + "PkgName": "unbound-libs", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/unbound-libs@1.20.0-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "3b561481a45e3738" + }, + "InstalledVersion": "1.20.0-r0", + "FixedVersion": "1.20.0-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11411", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:017265aeb5be1ca7e0051e04b4e126617b7df4c51fb372903187b73e4879d26f", + "Title": "unbound: Unbound domain hijacking via promiscuous records", + "Description": "NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are used to update the resolver's knowledge of the zone's name servers. A malicious actor can exploit the possible poisonous effect by injecting NS RRSets (and possibly their respective address records) in a reply. This could be done for example by trying to spoof a packet or fragmentation attacks. Unbound would then proceed to update the NS RRSet data it already has since the new data has enough trust for it, i.e., in-zone data for the delegation point. Unbound 1.24.1 includes a fix that scrubs unsolicited NS RRSets (and their respective address records) from replies mitigating the possible poison effect. Unbound 1.24.2 includes an additional fix that scrubs unsolicited NS RRSets (and their respective address records) from YXDOMAIN and non-referral nodata replies, further mitigating the possible poison effect.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-349" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/11/26/4", + "https://access.redhat.com/security/cve/CVE-2025-11411", + "https://lists.debian.org/debian-lts-announce/2025/11/msg00008.html", + "https://lists.debian.org/debian-lts-announce/2025/11/msg00032.html", + "https://nlnetlabs.nl/news/2025/Nov/26/unbound-1.24.2-released/", + "https://nvd.nist.gov/vuln/detail/CVE-2025-11411", + "https://ubuntu.com/security/notices/USN-7855-1", + "https://ubuntu.com/security/notices/USN-7855-2", + "https://www.cve.org/CVERecord?id=CVE-2025-11411", + "https://www.nlnetlabs.nl/downloads/unbound/CVE-2025-11411.txt" + ], + "PublishedDate": "2025-10-22T13:15:29.21Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-31115", + "PkgID": "xz-libs@5.6.2-r0", + "PkgName": "xz-libs", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/xz-libs@5.6.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e1c0785d9b1550b7" + }, + "InstalledVersion": "5.6.2-r0", + "FixedVersion": "5.6.2-r1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-31115", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:f8e0b716ad5eb291eb7fbe7916e31f6e148c45ea2aed8a81301be807a2c74381", + "Title": "xz: XZ has a heap-use-after-free bug in threaded .xz decoder", + "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null pointer plus an offset. Applications and libraries that use the lzma_stream_decoder_mt function are affected. The bug has been fixed in XZ Utils 5.8.1, and the fix has been committed to the v5.4, v5.6, v5.8, and master branches in the xz Git repository. No new release packages will be made from the old stable branches, but a standalone patch is available that applies to all affected releases.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-366", + "CWE-416", + "CWE-476", + "CWE-826" + ], + "VendorSeverity": { + "azure": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/03/1", + "http://www.openwall.com/lists/oss-security/2025/04/03/2", + "http://www.openwall.com/lists/oss-security/2025/04/03/3", + "https://access.redhat.com/security/cve/CVE-2025-31115", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357249", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31115", + "https://errata.rockylinux.org/RLSA-2025:7524", + "https://github.com/tukaani-project/xz/commit/d5a2ffe41bb77b918a8c96084885d4dbe4bf6480", + "https://github.com/tukaani-project/xz/security/advisories/GHSA-6cc8-p5mm-29w2", + "https://linux.oracle.com/cve/CVE-2025-31115.html", + "https://linux.oracle.com/errata/ELSA-2025-7524.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-31115", + "https://tukaani.org/xz/xz-cve-2025-31115.patch", + "https://ubuntu.com/security/notices/USN-7414-1", + "https://www.cve.org/CVERecord?id=CVE-2025-31115" + ], + "PublishedDate": "2025-04-03T17:15:30.54Z", + "LastModifiedDate": "2026-05-12T13:16:40.627Z" + }, + { + "VulnerabilityID": "CVE-2026-34743", + "PkgID": "xz-libs@5.6.2-r0", + "PkgName": "xz-libs", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/xz-libs@5.6.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e1c0785d9b1550b7" + }, + "InstalledVersion": "5.6.2-r0", + "FixedVersion": "5.8.3-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34743", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:4570b773257acd5519a44989ea96ea2101a4ee89c804ce616cb5dc3915e091c0", + "Title": "xz: XZ Utils: Denial of Service via buffer overflow in index decoding", + "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/31/13", + "https://access.redhat.com/security/cve/CVE-2026-34743", + "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", + "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", + "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", + "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", + "https://www.cve.org/CVERecord?id=CVE-2026-34743" + ], + "PublishedDate": "2026-04-02T19:21:33.187Z", + "LastModifiedDate": "2026-04-15T17:33:17.68Z" + }, + { + "VulnerabilityID": "CVE-2026-22184", + "PkgID": "zlib@1.3.1-r1", + "PkgName": "zlib", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r1?arch=x86_64\u0026distro=3.20.3", + "UID": "d805a98dcdd1a894" + }, + "InstalledVersion": "1.3.1-r1", + "FixedVersion": "1.3.2-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22184", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:9d24c6ec2447be94b0317a9e843d58818d4cb3cd10bbf10a9933851fb7ac9e41", + "Title": "zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility", + "Description": "zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "nvd": 3, + "redhat": 3 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 8.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-22184", + "https://github.com/madler/zlib", + "https://github.com/madler/zlib/issues/1142", + "https://nvd.nist.gov/vuln/detail/CVE-2026-22184", + "https://seclists.org/fulldisclosure/2026/Jan/3", + "https://www.cve.org/CVERecord?id=CVE-2026-22184", + "https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname", + "https://zlib.net/" + ], + "PublishedDate": "2026-01-07T21:16:01.563Z", + "LastModifiedDate": "2026-03-18T16:26:31.14Z" + }, + { + "VulnerabilityID": "CVE-2026-27171", + "PkgID": "zlib@1.3.1-r1", + "PkgName": "zlib", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r1?arch=x86_64\u0026distro=3.20.3", + "UID": "d805a98dcdd1a894" + }, + "InstalledVersion": "1.3.1-r1", + "FixedVersion": "1.3.2-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:30eb18a082f4f8ba43eea88a3c709ed9a8e58ebab438c6ce5f962a8690a63e9a", + "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", + "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1284" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 1, + "cbl-mariner": 1, + "julia": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://access.redhat.com/security/cve/CVE-2026-27171", + "https://github.com/advisories/GHSA-h858-mf2m-8jf4", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "https://ostif.org/zlib-audit-complete", + "https://ostif.org/zlib-audit-complete/", + "https://www.cve.org/CVERecord?id=CVE-2026-27171" + ], + "PublishedDate": "2026-02-18T04:16:01.263Z", + "LastModifiedDate": "2026-03-25T21:27:04.603Z" + } + ] + } + ] + }, + { + "Namespace": "m3uproxy", + "Kind": "Deployment", + "Name": "proxy-pt", + "Metadata": [ + { + "Size": 152998912, + "OS": { + "Family": "ubuntu", + "Name": "23.10", + "EOSL": true + }, + "ImageID": "sha256:34b6bbbcf74bffac279dc2c6e42a403fcf0963589870c7cf73e4116762d886b5", + "DiffIDs": [ + "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c", + "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207", + "sha256:f590a84ac2286242e45259579f97e2131afc87e915afb97db679f4b7243e3533" + ], + "RepoTags": [ + "ubuntu/squid:6.1-23.10_edge" + ], + "RepoDigests": [ + "ubuntu/squid@sha256:fbc0312a9b7069c28a8505aa9a34fd92dd8f8542f95b5a35ad8225c8032f4ecd" + ], + "Reference": "ubuntu/squid:6.1-23.10_edge", + "ImageConfig": { + "architecture": "amd64", + "container": "3fe65e8d480682fa921f43f86d769fe645114e099e11516864c8e808c5d3f8b9", + "created": "2024-06-10T12:03:05.791205674Z", + "docker_version": "24.0.7", + "history": [ + { + "created": "2024-05-30T04:40:48.646512179Z", + "created_by": "/bin/sh -c #(nop) ARG RELEASE", + "empty_layer": true + }, + { + "created": "2024-05-30T04:40:48.670133508Z", + "created_by": "/bin/sh -c #(nop) ARG LAUNCHPAD_BUILD_ARCH", + "empty_layer": true + }, + { + "created": "2024-05-30T04:40:48.688533113Z", + "created_by": "/bin/sh -c #(nop) LABEL org.opencontainers.image.ref.name=ubuntu", + "empty_layer": true + }, + { + "created": "2024-05-30T04:40:48.720654592Z", + "created_by": "/bin/sh -c #(nop) LABEL org.opencontainers.image.version=23.10", + "empty_layer": true + }, + { + "created": "2024-05-30T04:40:50.619872861Z", + "created_by": "/bin/sh -c #(nop) ADD file:432d92758637d8e71c4a18c3b453d3c8130fd1fa31fd3cb9e60ecd32cdd17e07 in / " + }, + { + "created": "2024-05-30T04:40:50.784239043Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]", + "empty_layer": true + }, + { + "created": "2024-06-10T12:02:48.788510088Z", + "created_by": "/bin/sh -c #(nop) ENV TZ=UTC", + "empty_layer": true + }, + { + "created": "2024-06-10T12:02:48.819660632Z", + "created_by": "/bin/sh -c #(nop) LABEL maintainer=Ubuntu Server team \u003cubuntu-server@lists.ubuntu.com\u003e", + "empty_layer": true + }, + { + "created": "2024-06-10T12:03:05.353733772Z", + "created_by": "|0 /bin/sh -c set -eux; \tapt-get update; \tDEBIAN_FRONTEND=noninteractive apt-get full-upgrade -y; \tDEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \t\tsquid ca-certificates tzdata; \tDEBIAN_FRONTEND=noninteractive apt-get remove --purge --auto-remove -y; \trm -rf /var/lib/apt/lists/*; \tsed -i 's/^#http_access allow localnet$/http_access allow localnet/' /etc/squid/conf.d/debian.conf; \techo \"# Set max_filedescriptors to avoid using system's RLIMIT_NOFILE. See LP: #1978272\" \u003e /etc/squid/conf.d/rock.conf; \techo 'max_filedescriptors 1024' \u003e\u003e /etc/squid/conf.d/rock.conf; \trm -f /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/private/ssl-cert-snakeoil.key; \t/usr/sbin/squid --version; \tmkdir -p /usr/share/rocks; \t(echo \"# os-release\" \u0026\u0026 cat /etc/os-release \u0026\u0026 echo \"# dpkg-query\" \u0026\u0026 dpkg-query -f '${db:Status-Abbrev},${binary:Package},${Version},${source:Package},${Source:Version}\\n' -W) \u003e /usr/share/rocks/dpkg.query" + }, + { + "created": "2024-06-10T12:03:05.659890596Z", + "created_by": "/bin/sh -c #(nop) EXPOSE 3128", + "empty_layer": true + }, + { + "created": "2024-06-10T12:03:05.691728028Z", + "created_by": "/bin/sh -c #(nop) VOLUME [/var/log/squid /var/spool/squid]", + "empty_layer": true + }, + { + "created": "2024-06-10T12:03:05.716512286Z", + "created_by": "/bin/sh -c #(nop) COPY file:92a37a48347cc9af6f7e07752e4a63d99e143811e53197c6e1b1c56ab4297227 in /usr/local/bin/entrypoint.sh " + }, + { + "created": "2024-06-10T12:03:05.758304777Z", + "created_by": "/bin/sh -c #(nop) ENTRYPOINT [\"entrypoint.sh\"]", + "empty_layer": true + }, + { + "created": "2024-06-10T12:03:05.791205674Z", + "created_by": "/bin/sh -c #(nop) CMD [\"-f\" \"/etc/squid/squid.conf\" \"-NYC\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c", + "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207", + "sha256:f590a84ac2286242e45259579f97e2131afc87e915afb97db679f4b7243e3533" + ] + }, + "config": { + "Cmd": [ + "-f", + "/etc/squid/squid.conf", + "-NYC" + ], + "Entrypoint": [ + "entrypoint.sh" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "TZ=UTC" + ], + "Image": "sha256:d7f28d160f4052cce082d6902a12db577c20fec31fe22aab52bd21618e4f5683", + "Labels": { + "maintainer": "Ubuntu Server team \u003cubuntu-server@lists.ubuntu.com\u003e", + "org.opencontainers.image.ref.name": "ubuntu", + "org.opencontainers.image.version": "23.10" + }, + "Volumes": { + "/var/log/squid": {}, + "/var/spool/squid": {} + }, + "ExposedPorts": { + "3128/tcp": {} + } + } + }, + "Layers": [ + { + "Size": 73580032, + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + { + "Size": 79414272, + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + { + "Size": 4608, + "Digest": "sha256:60992b49e2a2450d9912621df4edd1409b2229f17d0435ffeed45834ee4fc585", + "DiffID": "sha256:f590a84ac2286242e45259579f97e2131afc87e915afb97db679f4b7243e3533" + } + ] + } + ], + "Results": [ + { + "Target": "ubuntu/squid:6.1-23.10_edge (ubuntu 23.10)", + "Class": "os-pkgs", + "Type": "ubuntu", + "Packages": [ + { + "ID": "adduser@3.137ubuntu1", + "Name": "adduser", + "Identifier": { + "PURL": "pkg:deb/ubuntu/adduser@3.137ubuntu1?arch=all\u0026distro=ubuntu-23.10", + "UID": "29afaa61cb48d379" + }, + "Version": "3.137ubuntu1", + "Arch": "all", + "SrcName": "adduser", + "SrcVersion": "3.137ubuntu1", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "passwd@1:4.13+dfsg1-1ubuntu1.1" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/usr/sbin/adduser", + "/usr/sbin/deluser", + "/usr/share/doc/adduser/NEWS.Debian.gz", + "/usr/share/doc/adduser/README.gz", + "/usr/share/doc/adduser/TODO", + "/usr/share/doc/adduser/changelog.gz", + "/usr/share/doc/adduser/copyright", + "/usr/share/doc/adduser/examples/INSTALL", + "/usr/share/doc/adduser/examples/README", + "/usr/share/doc/adduser/examples/adduser.conf", + "/usr/share/doc/adduser/examples/adduser.local", + "/usr/share/doc/adduser/examples/adduser.local.conf", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/bash.bashrc", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/profile", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel.other/index.html", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_logout", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_profile", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bashrc", + "/usr/share/doc/adduser/examples/deluser.conf", + "/usr/share/man/de/man5/adduser.conf.5.gz", + "/usr/share/man/de/man5/deluser.conf.5.gz", + "/usr/share/man/fr/man5/adduser.conf.5.gz", + "/usr/share/man/fr/man5/deluser.conf.5.gz", + "/usr/share/man/man5/adduser.conf.5.gz", + "/usr/share/man/man5/deluser.conf.5.gz", + "/usr/share/man/man8/adduser.8.gz", + "/usr/share/man/man8/adduser.local.8.gz", + "/usr/share/man/man8/deluser.8.gz", + "/usr/share/man/nl/man5/adduser.conf.5.gz", + "/usr/share/man/nl/man5/deluser.conf.5.gz", + "/usr/share/man/pt/man5/adduser.conf.5.gz", + "/usr/share/man/pt/man5/deluser.conf.5.gz", + "/usr/share/perl5/Debian/AdduserCommon.pm", + "/usr/share/perl5/Debian/AdduserLogging.pm", + "/usr/share/perl5/Debian/AdduserRetvalues.pm" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "apt@2.7.3ubuntu0.1", + "Name": "apt", + "Identifier": { + "PURL": "pkg:deb/ubuntu/apt@2.7.3ubuntu0.1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "cab488ccc228becb" + }, + "Version": "2.7.3ubuntu0.1", + "Arch": "amd64", + "SrcName": "apt", + "SrcVersion": "2.7.3ubuntu0.1", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "BSD-3-Clause", + "MIT" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "adduser@3.137ubuntu1", + "base-passwd@3.6.1", + "gpgv@2.2.40-1.1ubuntu1", + "libapt-pkg6.0@2.7.3ubuntu0.1", + "libc6@2.38-1ubuntu6.3", + "libgcc-s1@13.2.0-4ubuntu3", + "libgnutls30@3.8.1-4ubuntu1.3", + "libseccomp2@2.5.4-1ubuntu3", + "libstdc++6@13.2.0-4ubuntu3", + "libsystemd0@253.5-1ubuntu6.1", + "ubuntu-keyring@2021.03.26" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/lib/systemd/system/apt-daily-upgrade.service", + "/lib/systemd/system/apt-daily-upgrade.timer", + "/lib/systemd/system/apt-daily.service", + "/lib/systemd/system/apt-daily.timer", + "/usr/bin/apt", + "/usr/bin/apt-cache", + "/usr/bin/apt-cdrom", + "/usr/bin/apt-config", + "/usr/bin/apt-get", + "/usr/bin/apt-key", + "/usr/bin/apt-mark", + "/usr/lib/apt/apt-helper", + "/usr/lib/apt/apt.systemd.daily", + "/usr/lib/apt/methods/cdrom", + "/usr/lib/apt/methods/copy", + "/usr/lib/apt/methods/file", + "/usr/lib/apt/methods/ftp", + "/usr/lib/apt/methods/gpgv", + "/usr/lib/apt/methods/http", + "/usr/lib/apt/methods/mirror", + "/usr/lib/apt/methods/rred", + "/usr/lib/apt/methods/rsh", + "/usr/lib/apt/methods/store", + "/usr/lib/apt/solvers/dump", + "/usr/lib/dpkg/methods/apt/desc.apt", + "/usr/lib/dpkg/methods/apt/install", + "/usr/lib/dpkg/methods/apt/names", + "/usr/lib/dpkg/methods/apt/setup", + "/usr/lib/dpkg/methods/apt/update", + "/usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0", + "/usr/share/bash-completion/completions/apt", + "/usr/share/bug/apt/script", + "/usr/share/doc/apt/README.md.gz", + "/usr/share/doc/apt/copyright", + "/usr/share/doc/apt/examples/apt.conf", + "/usr/share/doc/apt/examples/configure-index", + "/usr/share/doc/apt/examples/preferences", + "/usr/share/doc/apt/examples/sources.list", + "/usr/share/lintian/overrides/apt", + "/usr/share/locale/ar/LC_MESSAGES/apt.mo", + "/usr/share/locale/ast/LC_MESSAGES/apt.mo", + "/usr/share/locale/bg/LC_MESSAGES/apt.mo", + "/usr/share/locale/bs/LC_MESSAGES/apt.mo", + "/usr/share/locale/ca/LC_MESSAGES/apt.mo", + "/usr/share/locale/cs/LC_MESSAGES/apt.mo", + "/usr/share/locale/cy/LC_MESSAGES/apt.mo", + "/usr/share/locale/da/LC_MESSAGES/apt.mo", + "/usr/share/locale/de/LC_MESSAGES/apt.mo", + "/usr/share/locale/dz/LC_MESSAGES/apt.mo", + "/usr/share/locale/el/LC_MESSAGES/apt.mo", + "/usr/share/locale/es/LC_MESSAGES/apt.mo", + "/usr/share/locale/eu/LC_MESSAGES/apt.mo", + "/usr/share/locale/fi/LC_MESSAGES/apt.mo", + "/usr/share/locale/fr/LC_MESSAGES/apt.mo", + "/usr/share/locale/gl/LC_MESSAGES/apt.mo", + "/usr/share/locale/hu/LC_MESSAGES/apt.mo", + "/usr/share/locale/it/LC_MESSAGES/apt.mo", + "/usr/share/locale/ja/LC_MESSAGES/apt.mo", + "/usr/share/locale/km/LC_MESSAGES/apt.mo", + "/usr/share/locale/ko/LC_MESSAGES/apt.mo", + "/usr/share/locale/ku/LC_MESSAGES/apt.mo", + "/usr/share/locale/lt/LC_MESSAGES/apt.mo", + "/usr/share/locale/mr/LC_MESSAGES/apt.mo", + "/usr/share/locale/nb/LC_MESSAGES/apt.mo", + "/usr/share/locale/ne/LC_MESSAGES/apt.mo", + "/usr/share/locale/nl/LC_MESSAGES/apt.mo", + "/usr/share/locale/nn/LC_MESSAGES/apt.mo", + "/usr/share/locale/pl/LC_MESSAGES/apt.mo", + "/usr/share/locale/pt/LC_MESSAGES/apt.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/apt.mo", + "/usr/share/locale/ro/LC_MESSAGES/apt.mo", + "/usr/share/locale/ru/LC_MESSAGES/apt.mo", + "/usr/share/locale/sk/LC_MESSAGES/apt.mo", + "/usr/share/locale/sl/LC_MESSAGES/apt.mo", + "/usr/share/locale/sv/LC_MESSAGES/apt.mo", + "/usr/share/locale/th/LC_MESSAGES/apt.mo", + "/usr/share/locale/tl/LC_MESSAGES/apt.mo", + "/usr/share/locale/tr/LC_MESSAGES/apt.mo", + "/usr/share/locale/uk/LC_MESSAGES/apt.mo", + "/usr/share/locale/vi/LC_MESSAGES/apt.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/apt.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/apt.mo", + "/usr/share/man/de/man1/apt-transport-http.1.gz", + "/usr/share/man/de/man1/apt-transport-https.1.gz", + "/usr/share/man/de/man1/apt-transport-mirror.1.gz", + "/usr/share/man/de/man5/apt.conf.5.gz", + "/usr/share/man/de/man5/apt_auth.conf.5.gz", + "/usr/share/man/de/man5/apt_preferences.5.gz", + "/usr/share/man/de/man5/sources.list.5.gz", + "/usr/share/man/de/man7/apt-patterns.7.gz", + "/usr/share/man/de/man8/apt-cache.8.gz", + "/usr/share/man/de/man8/apt-cdrom.8.gz", + "/usr/share/man/de/man8/apt-config.8.gz", + "/usr/share/man/de/man8/apt-get.8.gz", + "/usr/share/man/de/man8/apt-mark.8.gz", + "/usr/share/man/de/man8/apt-secure.8.gz", + "/usr/share/man/de/man8/apt.8.gz", + "/usr/share/man/es/man5/apt_preferences.5.gz", + "/usr/share/man/es/man8/apt-cache.8.gz", + "/usr/share/man/es/man8/apt-cdrom.8.gz", + "/usr/share/man/es/man8/apt-config.8.gz", + "/usr/share/man/fr/man1/apt-transport-http.1.gz", + "/usr/share/man/fr/man1/apt-transport-https.1.gz", + "/usr/share/man/fr/man1/apt-transport-mirror.1.gz", + "/usr/share/man/fr/man5/apt.conf.5.gz", + "/usr/share/man/fr/man5/apt_auth.conf.5.gz", + "/usr/share/man/fr/man5/apt_preferences.5.gz", + "/usr/share/man/fr/man5/sources.list.5.gz", + "/usr/share/man/fr/man8/apt-cache.8.gz", + "/usr/share/man/fr/man8/apt-cdrom.8.gz", + "/usr/share/man/fr/man8/apt-config.8.gz", + "/usr/share/man/fr/man8/apt-get.8.gz", + "/usr/share/man/fr/man8/apt-mark.8.gz", + "/usr/share/man/fr/man8/apt-secure.8.gz", + "/usr/share/man/fr/man8/apt.8.gz", + "/usr/share/man/it/man5/apt.conf.5.gz", + "/usr/share/man/it/man5/apt_preferences.5.gz", + "/usr/share/man/it/man8/apt-cache.8.gz", + "/usr/share/man/it/man8/apt-cdrom.8.gz", + "/usr/share/man/it/man8/apt-config.8.gz", + "/usr/share/man/it/man8/apt-mark.8.gz", + "/usr/share/man/it/man8/apt-secure.8.gz", + "/usr/share/man/it/man8/apt.8.gz", + "/usr/share/man/ja/man5/apt.conf.5.gz", + "/usr/share/man/ja/man5/apt_preferences.5.gz", + "/usr/share/man/ja/man8/apt-cache.8.gz", + "/usr/share/man/ja/man8/apt-cdrom.8.gz", + "/usr/share/man/ja/man8/apt-config.8.gz", + "/usr/share/man/ja/man8/apt-mark.8.gz", + "/usr/share/man/ja/man8/apt-secure.8.gz", + "/usr/share/man/ja/man8/apt.8.gz", + "/usr/share/man/man1/apt-transport-http.1.gz", + "/usr/share/man/man1/apt-transport-https.1.gz", + "/usr/share/man/man1/apt-transport-mirror.1.gz", + "/usr/share/man/man5/apt.conf.5.gz", + "/usr/share/man/man5/apt_auth.conf.5.gz", + "/usr/share/man/man5/apt_preferences.5.gz", + "/usr/share/man/man5/sources.list.5.gz", + "/usr/share/man/man7/apt-patterns.7.gz", + "/usr/share/man/man8/apt-cache.8.gz", + "/usr/share/man/man8/apt-cdrom.8.gz", + "/usr/share/man/man8/apt-config.8.gz", + "/usr/share/man/man8/apt-get.8.gz", + "/usr/share/man/man8/apt-key.8.gz", + "/usr/share/man/man8/apt-mark.8.gz", + "/usr/share/man/man8/apt-secure.8.gz", + "/usr/share/man/man8/apt.8.gz", + "/usr/share/man/nl/man1/apt-transport-http.1.gz", + "/usr/share/man/nl/man1/apt-transport-https.1.gz", + "/usr/share/man/nl/man1/apt-transport-mirror.1.gz", + "/usr/share/man/nl/man5/apt.conf.5.gz", + "/usr/share/man/nl/man5/apt_auth.conf.5.gz", + "/usr/share/man/nl/man5/apt_preferences.5.gz", + "/usr/share/man/nl/man5/sources.list.5.gz", + "/usr/share/man/nl/man7/apt-patterns.7.gz", + "/usr/share/man/nl/man8/apt-cache.8.gz", + "/usr/share/man/nl/man8/apt-cdrom.8.gz", + "/usr/share/man/nl/man8/apt-config.8.gz", + "/usr/share/man/nl/man8/apt-get.8.gz", + "/usr/share/man/nl/man8/apt-key.8.gz", + "/usr/share/man/nl/man8/apt-mark.8.gz", + "/usr/share/man/nl/man8/apt-secure.8.gz", + "/usr/share/man/nl/man8/apt.8.gz", + "/usr/share/man/pl/man5/apt_preferences.5.gz", + "/usr/share/man/pl/man8/apt-cache.8.gz", + "/usr/share/man/pl/man8/apt-cdrom.8.gz", + "/usr/share/man/pl/man8/apt-config.8.gz", + "/usr/share/man/pt/man1/apt-transport-http.1.gz", + "/usr/share/man/pt/man1/apt-transport-https.1.gz", + "/usr/share/man/pt/man1/apt-transport-mirror.1.gz", + "/usr/share/man/pt/man5/apt.conf.5.gz", + "/usr/share/man/pt/man5/apt_auth.conf.5.gz", + "/usr/share/man/pt/man5/apt_preferences.5.gz", + "/usr/share/man/pt/man5/sources.list.5.gz", + "/usr/share/man/pt/man7/apt-patterns.7.gz", + "/usr/share/man/pt/man8/apt-cache.8.gz", + "/usr/share/man/pt/man8/apt-cdrom.8.gz", + "/usr/share/man/pt/man8/apt-config.8.gz", + "/usr/share/man/pt/man8/apt-get.8.gz", + "/usr/share/man/pt/man8/apt-key.8.gz", + "/usr/share/man/pt/man8/apt-mark.8.gz", + "/usr/share/man/pt/man8/apt-secure.8.gz", + "/usr/share/man/pt/man8/apt.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "base-files@13ubuntu2.1", + "Name": "base-files", + "Identifier": { + "PURL": "pkg:deb/ubuntu/base-files@13ubuntu2.1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "a27d50c900a6d75a" + }, + "Version": "13ubuntu2.1", + "Arch": "amd64", + "SrcName": "base-files", + "SrcVersion": "13ubuntu2.1", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3", + "libcrypt1@1:4.4.36-2" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/lib/systemd/system/motd-news.service", + "/lib/systemd/system/motd-news.timer", + "/usr/bin/locale-check", + "/usr/lib/os-release", + "/usr/share/base-files/dot.bashrc", + "/usr/share/base-files/dot.profile", + "/usr/share/base-files/dot.profile.md5sums", + "/usr/share/base-files/info.dir", + "/usr/share/base-files/motd", + "/usr/share/base-files/networks", + "/usr/share/base-files/profile", + "/usr/share/base-files/profile.md5sums", + "/usr/share/base-files/staff-group-for-usr-local", + "/usr/share/common-licenses/Apache-2.0", + "/usr/share/common-licenses/Artistic", + "/usr/share/common-licenses/BSD", + "/usr/share/common-licenses/CC0-1.0", + "/usr/share/common-licenses/GFDL-1.2", + "/usr/share/common-licenses/GFDL-1.3", + "/usr/share/common-licenses/GPL-1", + "/usr/share/common-licenses/GPL-2", + "/usr/share/common-licenses/GPL-3", + "/usr/share/common-licenses/LGPL-2", + "/usr/share/common-licenses/LGPL-2.1", + "/usr/share/common-licenses/LGPL-3", + "/usr/share/common-licenses/MPL-1.1", + "/usr/share/common-licenses/MPL-2.0", + "/usr/share/doc/base-files/README", + "/usr/share/doc/base-files/README.FHS", + "/usr/share/doc/base-files/changelog.gz", + "/usr/share/doc/base-files/copyright", + "/usr/share/dot.bashrc", + "/usr/share/dot.profile", + "/usr/share/dot.profile.md5sums", + "/usr/share/info.dir", + "/usr/share/lintian/overrides/base-files", + "/usr/share/motd", + "/usr/share/networks", + "/usr/share/pixmaps/ubuntu-logo-text-dark.png", + "/usr/share/pixmaps/ubuntu-logo-text.png", + "/usr/share/pixmaps/ubuntu-logo.svg", + "/usr/share/profile", + "/usr/share/profile.md5sums", + "/usr/share/staff-group-for-usr-local" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "base-passwd@3.6.1", + "Name": "base-passwd", + "Identifier": { + "PURL": "pkg:deb/ubuntu/base-passwd@3.6.1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "42c01a2817d0f948" + }, + "Version": "3.6.1", + "Arch": "amd64", + "SrcName": "base-passwd", + "SrcVersion": "3.6.1", + "Licenses": [ + "GPL-2.0-only", + "public-domain" + ], + "Maintainer": "Colin Watson \u003ccjwatson@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3", + "libdebconfclient0@0.270ubuntu1", + "libselinux1@3.5-1" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/sbin/update-passwd", + "/usr/share/base-passwd/group.master", + "/usr/share/base-passwd/passwd.master", + "/usr/share/doc-base/base-passwd.users-and-groups", + "/usr/share/doc/base-passwd/README", + "/usr/share/doc/base-passwd/changelog.gz", + "/usr/share/doc/base-passwd/copyright", + "/usr/share/doc/base-passwd/users-and-groups.html", + "/usr/share/doc/base-passwd/users-and-groups.txt.gz", + "/usr/share/lintian/overrides/base-passwd", + "/usr/share/man/de/man8/update-passwd.8.gz", + "/usr/share/man/es/man8/update-passwd.8.gz", + "/usr/share/man/fr/man8/update-passwd.8.gz", + "/usr/share/man/ja/man8/update-passwd.8.gz", + "/usr/share/man/man8/update-passwd.8.gz", + "/usr/share/man/pl/man8/update-passwd.8.gz", + "/usr/share/man/ru/man8/update-passwd.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "bash@5.2.15-2ubuntu1", + "Name": "bash", + "Identifier": { + "PURL": "pkg:deb/ubuntu/bash@5.2.15-2ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "a08a526b702ead60" + }, + "Version": "5.2.15", + "Release": "2ubuntu1", + "Arch": "amd64", + "SrcName": "bash", + "SrcVersion": "5.2.15", + "SrcRelease": "2ubuntu1", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "GPL-2.0-or-later", + "GPL-2.0-only", + "GFDL-1.3-no-invariants-only", + "GFDL-1.3-only", + "Latex2e", + "BSD-4-Clause-UC", + "MIT", + "permissive" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "base-files@13ubuntu2.1", + "debianutils@5.8-1" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/bin/bash", + "/usr/bin/bashbug", + "/usr/bin/clear_console", + "/usr/share/debianutils/shells.d/bash", + "/usr/share/doc/bash/COMPAT.gz", + "/usr/share/doc/bash/INTRO.gz", + "/usr/share/doc/bash/NEWS.gz", + "/usr/share/doc/bash/POSIX.gz", + "/usr/share/doc/bash/RBASH", + "/usr/share/doc/bash/README.Debian.gz", + "/usr/share/doc/bash/README.abs-guide", + "/usr/share/doc/bash/README.commands.gz", + "/usr/share/doc/bash/README.gz", + "/usr/share/doc/bash/changelog.Debian.gz", + "/usr/share/doc/bash/copyright", + "/usr/share/doc/bash/inputrc.arrows", + "/usr/share/lintian/overrides/bash", + "/usr/share/man/man1/bash.1.gz", + "/usr/share/man/man1/bashbug.1.gz", + "/usr/share/man/man1/clear_console.1.gz", + "/usr/share/man/man1/rbash.1.gz", + "/usr/share/man/man7/bash-builtins.7.gz", + "/usr/share/menu/bash" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "bsdutils@1:2.39.1-4ubuntu2.2", + "Name": "bsdutils", + "Identifier": { + "PURL": "pkg:deb/ubuntu/bsdutils@2.39.1-4ubuntu2.2?arch=amd64\u0026distro=ubuntu-23.10\u0026epoch=1", + "UID": "cf5c850ec400000c" + }, + "Version": "2.39.1", + "Release": "4ubuntu2.2", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.39.1", + "SrcRelease": "4ubuntu2.2", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "LGPL-2.1-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/bin/logger", + "/usr/bin/renice", + "/usr/bin/script", + "/usr/bin/scriptlive", + "/usr/bin/scriptreplay", + "/usr/bin/wall", + "/usr/share/bash-completion/completions/logger", + "/usr/share/bash-completion/completions/renice", + "/usr/share/bash-completion/completions/script", + "/usr/share/bash-completion/completions/scriptlive", + "/usr/share/bash-completion/completions/scriptreplay", + "/usr/share/bash-completion/completions/wall", + "/usr/share/doc/bsdutils/changelog.Debian.gz", + "/usr/share/doc/bsdutils/copyright", + "/usr/share/lintian/overrides/bsdutils", + "/usr/share/man/man1/logger.1.gz", + "/usr/share/man/man1/renice.1.gz", + "/usr/share/man/man1/script.1.gz", + "/usr/share/man/man1/scriptlive.1.gz", + "/usr/share/man/man1/scriptreplay.1.gz", + "/usr/share/man/man1/wall.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "ca-certificates@20230311ubuntu1", + "Name": "ca-certificates", + "Identifier": { + "PURL": "pkg:deb/ubuntu/ca-certificates@20230311ubuntu1?arch=all\u0026distro=ubuntu-23.10", + "UID": "82c1d4b51764260a" + }, + "Version": "20230311ubuntu1", + "Arch": "all", + "SrcName": "ca-certificates", + "SrcVersion": "20230311ubuntu1", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "MPL-2.0" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.82", + "openssl@3.0.10-1ubuntu2.3" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/usr/sbin/update-ca-certificates", + "/usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", + "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", + "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", + "/usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", + "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", + "/usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", + "/usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068_2.crt", + "/usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", + "/usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", + "/usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", + "/usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", + "/usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", + "/usr/share/ca-certificates/mozilla/Certigna.crt", + "/usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", + "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", + "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", + "/usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", + "/usr/share/ca-certificates/mozilla/E-Tugra_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/E-Tugra_Global_Root_CA_ECC_v3.crt", + "/usr/share/ca-certificates/mozilla/E-Tugra_Global_Root_CA_RSA_v3.crt", + "/usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", + "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", + "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G4.crt", + "/usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", + "/usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", + "/usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", + "/usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", + "/usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", + "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", + "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", + "/usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", + "/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_1.crt", + "/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", + "/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", + "/usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", + "/usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", + "/usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", + "/usr/share/ca-certificates/mozilla/Izenpe.com.crt", + "/usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", + "/usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", + "/usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", + "/usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", + "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", + "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", + "/usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", + "/usr/share/ca-certificates/mozilla/SecureSign_RootCA11.crt", + "/usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", + "/usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", + "/usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", + "/usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", + "/usr/share/ca-certificates/mozilla/Security_Communication_RootCA3.crt", + "/usr/share/ca-certificates/mozilla/Security_Communication_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", + "/usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", + "/usr/share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt", + "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", + "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", + "/usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", + "/usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", + "/usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", + "/usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", + "/usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", + "/usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", + "/usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", + "/usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", + "/usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", + "/usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", + "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", + "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", + "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", + "/usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt", + "/usr/share/doc/ca-certificates/README.Debian", + "/usr/share/doc/ca-certificates/changelog.gz", + "/usr/share/doc/ca-certificates/copyright", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/Makefile", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/README", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/ca-certificates-local.triggers", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/changelog", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/compat", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/control", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/copyright", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/postrm", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/rules", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/source/format", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Local_Root_CA.crt", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Makefile", + "/usr/share/man/man8/update-ca-certificates.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "coreutils@9.1-1ubuntu2.23.10.1", + "Name": "coreutils", + "Identifier": { + "PURL": "pkg:deb/ubuntu/coreutils@9.1-1ubuntu2.23.10.1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "b60503b506a79722" + }, + "Version": "9.1", + "Release": "1ubuntu2.23.10.1", + "Arch": "amd64", + "SrcName": "coreutils", + "SrcVersion": "9.1", + "SrcRelease": "1ubuntu2.23.10.1", + "Licenses": [ + "GPL-3.0-or-later", + "BSD-4-Clause-UC", + "GPL-3.0-only", + "ISC", + "FSFULLR", + "GFDL-1.3-no-invariants-only", + "GFDL-1.3-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/bin/cat", + "/bin/chgrp", + "/bin/chmod", + "/bin/chown", + "/bin/cp", + "/bin/date", + "/bin/dd", + "/bin/df", + "/bin/dir", + "/bin/echo", + "/bin/false", + "/bin/ln", + "/bin/ls", + "/bin/mkdir", + "/bin/mknod", + "/bin/mktemp", + "/bin/mv", + "/bin/pwd", + "/bin/readlink", + "/bin/rm", + "/bin/rmdir", + "/bin/sleep", + "/bin/stty", + "/bin/sync", + "/bin/touch", + "/bin/true", + "/bin/uname", + "/bin/vdir", + "/usr/bin/[", + "/usr/bin/arch", + "/usr/bin/b2sum", + "/usr/bin/base32", + "/usr/bin/base64", + "/usr/bin/basename", + "/usr/bin/basenc", + "/usr/bin/chcon", + "/usr/bin/cksum", + "/usr/bin/comm", + "/usr/bin/csplit", + "/usr/bin/cut", + "/usr/bin/dircolors", + "/usr/bin/dirname", + "/usr/bin/du", + "/usr/bin/env", + "/usr/bin/expand", + "/usr/bin/expr", + "/usr/bin/factor", + "/usr/bin/fmt", + "/usr/bin/fold", + "/usr/bin/groups", + "/usr/bin/head", + "/usr/bin/hostid", + "/usr/bin/id", + "/usr/bin/install", + "/usr/bin/join", + "/usr/bin/link", + "/usr/bin/logname", + "/usr/bin/md5sum", + "/usr/bin/mkfifo", + "/usr/bin/nice", + "/usr/bin/nl", + "/usr/bin/nohup", + "/usr/bin/nproc", + "/usr/bin/numfmt", + "/usr/bin/od", + "/usr/bin/paste", + "/usr/bin/pathchk", + "/usr/bin/pinky", + "/usr/bin/pr", + "/usr/bin/printenv", + "/usr/bin/printf", + "/usr/bin/ptx", + "/usr/bin/realpath", + "/usr/bin/runcon", + "/usr/bin/seq", + "/usr/bin/sha1sum", + "/usr/bin/sha224sum", + "/usr/bin/sha256sum", + "/usr/bin/sha384sum", + "/usr/bin/sha512sum", + "/usr/bin/shred", + "/usr/bin/shuf", + "/usr/bin/sort", + "/usr/bin/split", + "/usr/bin/stat", + "/usr/bin/stdbuf", + "/usr/bin/sum", + "/usr/bin/tac", + "/usr/bin/tail", + "/usr/bin/tee", + "/usr/bin/test", + "/usr/bin/timeout", + "/usr/bin/tr", + "/usr/bin/truncate", + "/usr/bin/tsort", + "/usr/bin/tty", + "/usr/bin/unexpand", + "/usr/bin/uniq", + "/usr/bin/unlink", + "/usr/bin/users", + "/usr/bin/wc", + "/usr/bin/who", + "/usr/bin/whoami", + "/usr/bin/yes", + "/usr/libexec/coreutils/libstdbuf.so", + "/usr/sbin/chroot", + "/usr/share/doc/coreutils/AUTHORS", + "/usr/share/doc/coreutils/NEWS.Debian.gz", + "/usr/share/doc/coreutils/NEWS.gz", + "/usr/share/doc/coreutils/README.Debian", + "/usr/share/doc/coreutils/README.gz", + "/usr/share/doc/coreutils/THANKS.gz", + "/usr/share/doc/coreutils/TODO.gz", + "/usr/share/doc/coreutils/changelog.Debian.gz", + "/usr/share/doc/coreutils/copyright", + "/usr/share/info/coreutils.info.gz", + "/usr/share/man/man1/arch.1.gz", + "/usr/share/man/man1/b2sum.1.gz", + "/usr/share/man/man1/base32.1.gz", + "/usr/share/man/man1/base64.1.gz", + "/usr/share/man/man1/basename.1.gz", + "/usr/share/man/man1/basenc.1.gz", + "/usr/share/man/man1/cat.1.gz", + "/usr/share/man/man1/chcon.1.gz", + "/usr/share/man/man1/chgrp.1.gz", + "/usr/share/man/man1/chmod.1.gz", + "/usr/share/man/man1/chown.1.gz", + "/usr/share/man/man1/cksum.1.gz", + "/usr/share/man/man1/comm.1.gz", + "/usr/share/man/man1/cp.1.gz", + "/usr/share/man/man1/csplit.1.gz", + "/usr/share/man/man1/cut.1.gz", + "/usr/share/man/man1/date.1.gz", + "/usr/share/man/man1/dd.1.gz", + "/usr/share/man/man1/df.1.gz", + "/usr/share/man/man1/dir.1.gz", + "/usr/share/man/man1/dircolors.1.gz", + "/usr/share/man/man1/dirname.1.gz", + "/usr/share/man/man1/du.1.gz", + "/usr/share/man/man1/echo.1.gz", + "/usr/share/man/man1/env.1.gz", + "/usr/share/man/man1/expand.1.gz", + "/usr/share/man/man1/expr.1.gz", + "/usr/share/man/man1/factor.1.gz", + "/usr/share/man/man1/false.1.gz", + "/usr/share/man/man1/fmt.1.gz", + "/usr/share/man/man1/fold.1.gz", + "/usr/share/man/man1/groups.1.gz", + "/usr/share/man/man1/head.1.gz", + "/usr/share/man/man1/hostid.1.gz", + "/usr/share/man/man1/id.1.gz", + "/usr/share/man/man1/install.1.gz", + "/usr/share/man/man1/join.1.gz", + "/usr/share/man/man1/link.1.gz", + "/usr/share/man/man1/ln.1.gz", + "/usr/share/man/man1/logname.1.gz", + "/usr/share/man/man1/ls.1.gz", + "/usr/share/man/man1/md5sum.1.gz", + "/usr/share/man/man1/mkdir.1.gz", + "/usr/share/man/man1/mkfifo.1.gz", + "/usr/share/man/man1/mknod.1.gz", + "/usr/share/man/man1/mktemp.1.gz", + "/usr/share/man/man1/mv.1.gz", + "/usr/share/man/man1/nice.1.gz", + "/usr/share/man/man1/nl.1.gz", + "/usr/share/man/man1/nohup.1.gz", + "/usr/share/man/man1/nproc.1.gz", + "/usr/share/man/man1/numfmt.1.gz", + "/usr/share/man/man1/od.1.gz", + "/usr/share/man/man1/paste.1.gz", + "/usr/share/man/man1/pathchk.1.gz", + "/usr/share/man/man1/pinky.1.gz", + "/usr/share/man/man1/pr.1.gz", + "/usr/share/man/man1/printenv.1.gz", + "/usr/share/man/man1/printf.1.gz", + "/usr/share/man/man1/ptx.1.gz", + "/usr/share/man/man1/pwd.1.gz", + "/usr/share/man/man1/readlink.1.gz", + "/usr/share/man/man1/realpath.1.gz", + "/usr/share/man/man1/rm.1.gz", + "/usr/share/man/man1/rmdir.1.gz", + "/usr/share/man/man1/runcon.1.gz", + "/usr/share/man/man1/seq.1.gz", + "/usr/share/man/man1/sha1sum.1.gz", + "/usr/share/man/man1/sha224sum.1.gz", + "/usr/share/man/man1/sha256sum.1.gz", + "/usr/share/man/man1/sha384sum.1.gz", + "/usr/share/man/man1/sha512sum.1.gz", + "/usr/share/man/man1/shred.1.gz", + "/usr/share/man/man1/shuf.1.gz", + "/usr/share/man/man1/sleep.1.gz", + "/usr/share/man/man1/sort.1.gz", + "/usr/share/man/man1/split.1.gz", + "/usr/share/man/man1/stat.1.gz", + "/usr/share/man/man1/stdbuf.1.gz", + "/usr/share/man/man1/stty.1.gz", + "/usr/share/man/man1/sum.1.gz", + "/usr/share/man/man1/sync.1.gz", + "/usr/share/man/man1/tac.1.gz", + "/usr/share/man/man1/tail.1.gz", + "/usr/share/man/man1/tee.1.gz", + "/usr/share/man/man1/test.1.gz", + "/usr/share/man/man1/timeout.1.gz", + "/usr/share/man/man1/touch.1.gz", + "/usr/share/man/man1/tr.1.gz", + "/usr/share/man/man1/true.1.gz", + "/usr/share/man/man1/truncate.1.gz", + "/usr/share/man/man1/tsort.1.gz", + "/usr/share/man/man1/tty.1.gz", + "/usr/share/man/man1/uname.1.gz", + "/usr/share/man/man1/unexpand.1.gz", + "/usr/share/man/man1/uniq.1.gz", + "/usr/share/man/man1/unlink.1.gz", + "/usr/share/man/man1/users.1.gz", + "/usr/share/man/man1/vdir.1.gz", + "/usr/share/man/man1/wc.1.gz", + "/usr/share/man/man1/who.1.gz", + "/usr/share/man/man1/whoami.1.gz", + "/usr/share/man/man1/yes.1.gz", + "/usr/share/man/man8/chroot.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "cron@3.0pl1-163ubuntu1", + "Name": "cron", + "Identifier": { + "PURL": "pkg:deb/ubuntu/cron@3.0pl1-163ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "a8b149a5e4ffe681" + }, + "Version": "3.0pl1", + "Release": "163ubuntu1", + "Arch": "amd64", + "SrcName": "cron", + "SrcVersion": "3.0pl1", + "SrcRelease": "163ubuntu1", + "Licenses": [ + "Paul-Vixie's-license", + "GPL-2.0-or-later", + "ISC", + "Artistic-2.0", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3", + "libpam-runtime@1.5.2-6ubuntu1.1", + "libpam0g@1.5.2-6ubuntu1.1", + "libselinux1@3.5-1", + "sensible-utils@0.0.20" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/lib/systemd/system/cron.service", + "/usr/bin/crontab", + "/usr/sbin/cron", + "/usr/share/bug/cron/control", + "/usr/share/bug/cron/script", + "/usr/share/doc/cron/FEATURES", + "/usr/share/doc/cron/NEWS.Debian.gz", + "/usr/share/doc/cron/README", + "/usr/share/doc/cron/README.Debian", + "/usr/share/doc/cron/README.anacron", + "/usr/share/doc/cron/THANKS", + "/usr/share/doc/cron/TODO.Debian", + "/usr/share/doc/cron/changelog.Debian.gz", + "/usr/share/doc/cron/copyright", + "/usr/share/doc/cron/examples/cron-stats.pl", + "/usr/share/doc/cron/examples/cron-tasks-review.sh", + "/usr/share/doc/cron/examples/crontab2english.pl", + "/usr/share/man/man1/crontab.1.gz", + "/usr/share/man/man5/crontab.5.gz", + "/usr/share/man/man8/cron.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "cron-daemon-common@3.0pl1-163ubuntu1", + "Name": "cron-daemon-common", + "Identifier": { + "PURL": "pkg:deb/ubuntu/cron-daemon-common@3.0pl1-163ubuntu1?arch=all\u0026distro=ubuntu-23.10", + "UID": "6873c68c7fdce523" + }, + "Version": "3.0pl1", + "Release": "163ubuntu1", + "Arch": "all", + "SrcName": "cron", + "SrcVersion": "3.0pl1", + "SrcRelease": "163ubuntu1", + "Licenses": [ + "Paul-Vixie's-license", + "GPL-2.0-or-later", + "ISC", + "Artistic-2.0", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "adduser@3.137ubuntu1" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/usr/share/doc/cron-daemon-common/changelog.Debian.gz", + "/usr/share/doc/cron-daemon-common/copyright", + "/usr/share/lintian/overrides/cron-daemon-common" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "dash@0.5.12-6ubuntu1", + "Name": "dash", + "Identifier": { + "PURL": "pkg:deb/ubuntu/dash@0.5.12-6ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "9af40653eb1f4fbc" + }, + "Version": "0.5.12", + "Release": "6ubuntu1", + "Arch": "amd64", + "SrcName": "dash", + "SrcVersion": "0.5.12", + "SrcRelease": "6ubuntu1", + "Licenses": [ + "BSD-3-Clause", + "public-domain", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debianutils@5.8-1", + "dpkg@1.22.0ubuntu1.1" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/bin/dash", + "/usr/share/debianutils/shells.d/dash", + "/usr/share/doc/dash/NEWS.Debian.gz", + "/usr/share/doc/dash/README.Debian.diet", + "/usr/share/doc/dash/README.source", + "/usr/share/doc/dash/changelog.Debian.gz", + "/usr/share/doc/dash/copyright", + "/usr/share/lintian/overrides/dash", + "/usr/share/man/man1/dash.1.gz", + "/usr/share/menu/dash" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "debconf@1.5.82", + "Name": "debconf", + "Identifier": { + "PURL": "pkg:deb/ubuntu/debconf@1.5.82?arch=all\u0026distro=ubuntu-23.10", + "UID": "7c128688623e452f" + }, + "Version": "1.5.82", + "Arch": "all", + "SrcName": "debconf", + "SrcVersion": "1.5.82", + "Licenses": [ + "BSD-2-Clause" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/bin/debconf", + "/usr/bin/debconf-apt-progress", + "/usr/bin/debconf-communicate", + "/usr/bin/debconf-copydb", + "/usr/bin/debconf-escape", + "/usr/bin/debconf-set-selections", + "/usr/bin/debconf-show", + "/usr/sbin/dpkg-preconfigure", + "/usr/sbin/dpkg-reconfigure", + "/usr/share/bash-completion/completions/debconf", + "/usr/share/debconf/confmodule", + "/usr/share/debconf/confmodule.sh", + "/usr/share/debconf/debconf.conf", + "/usr/share/debconf/fix_db.pl", + "/usr/share/debconf/frontend", + "/usr/share/doc/debconf/NEWS.Debian.gz", + "/usr/share/doc/debconf/README.Debian", + "/usr/share/doc/debconf/changelog.gz", + "/usr/share/doc/debconf/copyright", + "/usr/share/lintian/overrides/debconf", + "/usr/share/man/man1/debconf-apt-progress.1.gz", + "/usr/share/man/man1/debconf-communicate.1.gz", + "/usr/share/man/man1/debconf-copydb.1.gz", + "/usr/share/man/man1/debconf-escape.1.gz", + "/usr/share/man/man1/debconf-set-selections.1.gz", + "/usr/share/man/man1/debconf-show.1.gz", + "/usr/share/man/man1/debconf.1.gz", + "/usr/share/man/man8/dpkg-preconfigure.8.gz", + "/usr/share/man/man8/dpkg-reconfigure.8.gz", + "/usr/share/perl5/Debconf/AutoSelect.pm", + "/usr/share/perl5/Debconf/Base.pm", + "/usr/share/perl5/Debconf/Client/ConfModule.pm", + "/usr/share/perl5/Debconf/ConfModule.pm", + "/usr/share/perl5/Debconf/Config.pm", + "/usr/share/perl5/Debconf/Db.pm", + "/usr/share/perl5/Debconf/DbDriver.pm", + "/usr/share/perl5/Debconf/DbDriver/Backup.pm", + "/usr/share/perl5/Debconf/DbDriver/Cache.pm", + "/usr/share/perl5/Debconf/DbDriver/Copy.pm", + "/usr/share/perl5/Debconf/DbDriver/Debug.pm", + "/usr/share/perl5/Debconf/DbDriver/DirTree.pm", + "/usr/share/perl5/Debconf/DbDriver/Directory.pm", + "/usr/share/perl5/Debconf/DbDriver/File.pm", + "/usr/share/perl5/Debconf/DbDriver/LDAP.pm", + "/usr/share/perl5/Debconf/DbDriver/PackageDir.pm", + "/usr/share/perl5/Debconf/DbDriver/Pipe.pm", + "/usr/share/perl5/Debconf/DbDriver/Stack.pm", + "/usr/share/perl5/Debconf/Element.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Error.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Note.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Password.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Progress.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Select.pm", + "/usr/share/perl5/Debconf/Element/Dialog/String.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Text.pm", + "/usr/share/perl5/Debconf/Element/Editor/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Editor/Error.pm", + "/usr/share/perl5/Debconf/Element/Editor/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Editor/Note.pm", + "/usr/share/perl5/Debconf/Element/Editor/Password.pm", + "/usr/share/perl5/Debconf/Element/Editor/Progress.pm", + "/usr/share/perl5/Debconf/Element/Editor/Select.pm", + "/usr/share/perl5/Debconf/Element/Editor/String.pm", + "/usr/share/perl5/Debconf/Element/Editor/Text.pm", + "/usr/share/perl5/Debconf/Element/Gnome.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Error.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Note.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Password.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Progress.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Select.pm", + "/usr/share/perl5/Debconf/Element/Gnome/String.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Text.pm", + "/usr/share/perl5/Debconf/Element/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Error.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Note.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Password.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Progress.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Select.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/String.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Text.pm", + "/usr/share/perl5/Debconf/Element/Select.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Error.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Note.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Password.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Progress.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Select.pm", + "/usr/share/perl5/Debconf/Element/Teletype/String.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Text.pm", + "/usr/share/perl5/Debconf/Element/Web/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Web/Error.pm", + "/usr/share/perl5/Debconf/Element/Web/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Web/Note.pm", + "/usr/share/perl5/Debconf/Element/Web/Password.pm", + "/usr/share/perl5/Debconf/Element/Web/Progress.pm", + "/usr/share/perl5/Debconf/Element/Web/Select.pm", + "/usr/share/perl5/Debconf/Element/Web/String.pm", + "/usr/share/perl5/Debconf/Element/Web/Text.pm", + "/usr/share/perl5/Debconf/Encoding.pm", + "/usr/share/perl5/Debconf/Format.pm", + "/usr/share/perl5/Debconf/Format/822.pm", + "/usr/share/perl5/Debconf/FrontEnd.pm", + "/usr/share/perl5/Debconf/FrontEnd/Dialog.pm", + "/usr/share/perl5/Debconf/FrontEnd/Editor.pm", + "/usr/share/perl5/Debconf/FrontEnd/Gnome.pm", + "/usr/share/perl5/Debconf/FrontEnd/Kde.pm", + "/usr/share/perl5/Debconf/FrontEnd/Noninteractive.pm", + "/usr/share/perl5/Debconf/FrontEnd/Passthrough.pm", + "/usr/share/perl5/Debconf/FrontEnd/Readline.pm", + "/usr/share/perl5/Debconf/FrontEnd/ScreenSize.pm", + "/usr/share/perl5/Debconf/FrontEnd/Teletype.pm", + "/usr/share/perl5/Debconf/FrontEnd/Text.pm", + "/usr/share/perl5/Debconf/FrontEnd/Web.pm", + "/usr/share/perl5/Debconf/Gettext.pm", + "/usr/share/perl5/Debconf/Iterator.pm", + "/usr/share/perl5/Debconf/Log.pm", + "/usr/share/perl5/Debconf/Path.pm", + "/usr/share/perl5/Debconf/Priority.pm", + "/usr/share/perl5/Debconf/Question.pm", + "/usr/share/perl5/Debconf/Template.pm", + "/usr/share/perl5/Debconf/Template/Transient.pm", + "/usr/share/perl5/Debconf/TmpFile.pm", + "/usr/share/perl5/Debian/DebConf/Client/ConfModule.pm", + "/usr/share/pixmaps/debian-logo.png" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "debianutils@5.8-1", + "Name": "debianutils", + "Identifier": { + "PURL": "pkg:deb/ubuntu/debianutils@5.8-1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "2bfb326eef7dbf5b" + }, + "Version": "5.8", + "Release": "1", + "Arch": "amd64", + "SrcName": "debianutils", + "SrcVersion": "5.8", + "SrcRelease": "1", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "public-domain", + "SMAIL-GPL" + ], + "Maintainer": "Bastian Germann \u003cbage@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/bin/run-parts", + "/bin/tempfile", + "/sbin/installkernel", + "/usr/bin/ischroot", + "/usr/bin/savelog", + "/usr/bin/which.debianutils", + "/usr/sbin/add-shell", + "/usr/sbin/remove-shell", + "/usr/sbin/update-shells", + "/usr/share/debianutils/shells", + "/usr/share/doc/debianutils/README.shells.gz", + "/usr/share/doc/debianutils/changelog.Debian.gz", + "/usr/share/doc/debianutils/changelog.gz", + "/usr/share/doc/debianutils/copyright", + "/usr/share/man/de/man1/which.debianutils.1.gz", + "/usr/share/man/de/man8/add-shell.8.gz", + "/usr/share/man/de/man8/installkernel.8.gz", + "/usr/share/man/de/man8/remove-shell.8.gz", + "/usr/share/man/de/man8/run-parts.8.gz", + "/usr/share/man/de/man8/savelog.8.gz", + "/usr/share/man/es/man1/which.debianutils.1.gz", + "/usr/share/man/es/man8/add-shell.8.gz", + "/usr/share/man/es/man8/installkernel.8.gz", + "/usr/share/man/es/man8/remove-shell.8.gz", + "/usr/share/man/es/man8/run-parts.8.gz", + "/usr/share/man/es/man8/savelog.8.gz", + "/usr/share/man/fr/man1/which.debianutils.1.gz", + "/usr/share/man/fr/man8/add-shell.8.gz", + "/usr/share/man/fr/man8/installkernel.8.gz", + "/usr/share/man/fr/man8/remove-shell.8.gz", + "/usr/share/man/fr/man8/run-parts.8.gz", + "/usr/share/man/fr/man8/savelog.8.gz", + "/usr/share/man/it/man1/which.debianutils.1.gz", + "/usr/share/man/it/man8/add-shell.8.gz", + "/usr/share/man/it/man8/installkernel.8.gz", + "/usr/share/man/it/man8/remove-shell.8.gz", + "/usr/share/man/it/man8/run-parts.8.gz", + "/usr/share/man/it/man8/savelog.8.gz", + "/usr/share/man/ja/man1/which.debianutils.1.gz", + "/usr/share/man/ja/man8/add-shell.8.gz", + "/usr/share/man/ja/man8/installkernel.8.gz", + "/usr/share/man/ja/man8/remove-shell.8.gz", + "/usr/share/man/ja/man8/run-parts.8.gz", + "/usr/share/man/ja/man8/savelog.8.gz", + "/usr/share/man/man1/ischroot.1.gz", + "/usr/share/man/man1/tempfile.1.gz", + "/usr/share/man/man1/which.debianutils.1.gz", + "/usr/share/man/man8/add-shell.8.gz", + "/usr/share/man/man8/installkernel.8.gz", + "/usr/share/man/man8/remove-shell.8.gz", + "/usr/share/man/man8/run-parts.8.gz", + "/usr/share/man/man8/savelog.8.gz", + "/usr/share/man/man8/update-shells.8.gz", + "/usr/share/man/pl/man1/which.debianutils.1.gz", + "/usr/share/man/pl/man8/add-shell.8.gz", + "/usr/share/man/pl/man8/installkernel.8.gz", + "/usr/share/man/pl/man8/remove-shell.8.gz", + "/usr/share/man/pl/man8/run-parts.8.gz", + "/usr/share/man/pl/man8/savelog.8.gz", + "/usr/share/man/pt/man1/which.1.gz", + "/usr/share/man/pt/man8/add-shell.8.gz", + "/usr/share/man/pt/man8/installkernel.8.gz", + "/usr/share/man/pt/man8/remove-shell.8.gz", + "/usr/share/man/pt/man8/run-parts.8.gz", + "/usr/share/man/pt/man8/savelog.8.gz", + "/usr/share/man/sl/man1/which.debianutils.1.gz", + "/usr/share/man/sl/man8/add-shell.8.gz", + "/usr/share/man/sl/man8/installkernel.8.gz", + "/usr/share/man/sl/man8/remove-shell.8.gz", + "/usr/share/man/sl/man8/run-parts.8.gz", + "/usr/share/man/sl/man8/savelog.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "diffutils@1:3.8-4", + "Name": "diffutils", + "Identifier": { + "PURL": "pkg:deb/ubuntu/diffutils@3.8-4?arch=amd64\u0026distro=ubuntu-23.10\u0026epoch=1", + "UID": "fb1e939c69a9266d" + }, + "Version": "3.8", + "Release": "4", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "diffutils", + "SrcVersion": "3.8", + "SrcRelease": "4", + "SrcEpoch": 1, + "Licenses": [ + "GPL-3.0-or-later", + "FSFULLR", + "LGPL-2.1-or-later", + "GPL-3.0-with-autoconf-exception+", + "GPL-3.0-only", + "GPL-3+ with texinfo exception", + "LGPL-2.0-or-later", + "GPL-2.0-or-later", + "X11", + "FSFAP", + "GFDL-1.3-no-invariants-only", + "LGPL-3.0-or-later", + "LGPL-3.0-only", + "public-domain", + "LGPL-2.0-only", + "LGPL-2.1-only", + "GPL-2.0-only", + "GFDL-1.3-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/bin/cmp", + "/usr/bin/diff", + "/usr/bin/diff3", + "/usr/bin/sdiff", + "/usr/share/doc/diffutils/NEWS.gz", + "/usr/share/doc/diffutils/changelog.Debian.gz", + "/usr/share/doc/diffutils/copyright", + "/usr/share/info/diffutils.info.gz", + "/usr/share/man/man1/cmp.1.gz", + "/usr/share/man/man1/diff.1.gz", + "/usr/share/man/man1/diff3.1.gz", + "/usr/share/man/man1/sdiff.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "dpkg@1.22.0ubuntu1.1", + "Name": "dpkg", + "Identifier": { + "PURL": "pkg:deb/ubuntu/dpkg@1.22.0ubuntu1.1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "d494dd4367156fd7" + }, + "Version": "1.22.0ubuntu1.1", + "Arch": "amd64", + "SrcName": "dpkg", + "SrcVersion": "1.22.0ubuntu1.1", + "Licenses": [ + "GPL-2.0-or-later", + "public-domain-s-s-d", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "tar@1.34+dfsg-1.2ubuntu1.1" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/lib/systemd/system/dpkg-db-backup.service", + "/lib/systemd/system/dpkg-db-backup.timer", + "/sbin/start-stop-daemon", + "/usr/bin/dpkg", + "/usr/bin/dpkg-deb", + "/usr/bin/dpkg-divert", + "/usr/bin/dpkg-maintscript-helper", + "/usr/bin/dpkg-query", + "/usr/bin/dpkg-realpath", + "/usr/bin/dpkg-split", + "/usr/bin/dpkg-statoverride", + "/usr/bin/dpkg-trigger", + "/usr/bin/update-alternatives", + "/usr/libexec/dpkg/dpkg-db-backup", + "/usr/libexec/dpkg/dpkg-db-keeper", + "/usr/share/bug/dpkg", + "/usr/share/doc/dpkg/AUTHORS", + "/usr/share/doc/dpkg/README.api", + "/usr/share/doc/dpkg/README.bug-usertags.gz", + "/usr/share/doc/dpkg/README.feature-removal-schedule.gz", + "/usr/share/doc/dpkg/THANKS.gz", + "/usr/share/doc/dpkg/changelog.gz", + "/usr/share/doc/dpkg/copyright", + "/usr/share/dpkg/abitable", + "/usr/share/dpkg/cputable", + "/usr/share/dpkg/ostable", + "/usr/share/dpkg/sh/dpkg-error.sh", + "/usr/share/dpkg/tupletable", + "/usr/share/lintian/overrides/dpkg", + "/usr/share/lintian/profiles/dpkg/main.profile", + "/usr/share/locale/ast/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/bs/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ca/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/cs/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/da/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/de/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/dz/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/el/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/eo/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/es/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/et/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/eu/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/fr/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/gl/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/hu/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/id/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/it/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ja/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/km/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ko/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ku/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/lt/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/mr/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/nb/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ne/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/nl/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/nn/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/oc/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/pa/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/pl/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/pt/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ro/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ru/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/sk/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/sv/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/th/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/tl/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/tr/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/vi/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/dpkg.mo", + "/usr/share/man/de/man1/dpkg-deb.1.gz", + "/usr/share/man/de/man1/dpkg-divert.1.gz", + "/usr/share/man/de/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/de/man1/dpkg-query.1.gz", + "/usr/share/man/de/man1/dpkg-realpath.1.gz", + "/usr/share/man/de/man1/dpkg-split.1.gz", + "/usr/share/man/de/man1/dpkg-statoverride.1.gz", + "/usr/share/man/de/man1/dpkg-trigger.1.gz", + "/usr/share/man/de/man1/dpkg.1.gz", + "/usr/share/man/de/man1/update-alternatives.1.gz", + "/usr/share/man/de/man5/dpkg.cfg.5.gz", + "/usr/share/man/de/man8/start-stop-daemon.8.gz", + "/usr/share/man/es/man5/dpkg.cfg.5.gz", + "/usr/share/man/fr/man1/dpkg-deb.1.gz", + "/usr/share/man/fr/man1/dpkg-divert.1.gz", + "/usr/share/man/fr/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/fr/man1/dpkg-query.1.gz", + "/usr/share/man/fr/man1/dpkg-realpath.1.gz", + "/usr/share/man/fr/man1/dpkg-split.1.gz", + "/usr/share/man/fr/man1/dpkg-statoverride.1.gz", + "/usr/share/man/fr/man1/dpkg-trigger.1.gz", + "/usr/share/man/fr/man1/dpkg.1.gz", + "/usr/share/man/fr/man1/update-alternatives.1.gz", + "/usr/share/man/fr/man5/dpkg.cfg.5.gz", + "/usr/share/man/fr/man8/start-stop-daemon.8.gz", + "/usr/share/man/hu/man5/dpkg.cfg.5.gz", + "/usr/share/man/it/man5/dpkg.cfg.5.gz", + "/usr/share/man/ja/man5/dpkg.cfg.5.gz", + "/usr/share/man/man1/dpkg-deb.1.gz", + "/usr/share/man/man1/dpkg-divert.1.gz", + "/usr/share/man/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/man1/dpkg-query.1.gz", + "/usr/share/man/man1/dpkg-realpath.1.gz", + "/usr/share/man/man1/dpkg-split.1.gz", + "/usr/share/man/man1/dpkg-statoverride.1.gz", + "/usr/share/man/man1/dpkg-trigger.1.gz", + "/usr/share/man/man1/dpkg.1.gz", + "/usr/share/man/man1/update-alternatives.1.gz", + "/usr/share/man/man5/dpkg.cfg.5.gz", + "/usr/share/man/man8/start-stop-daemon.8.gz", + "/usr/share/man/nl/man1/dpkg-deb.1.gz", + "/usr/share/man/nl/man1/dpkg-divert.1.gz", + "/usr/share/man/nl/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/nl/man1/dpkg-query.1.gz", + "/usr/share/man/nl/man1/dpkg-realpath.1.gz", + "/usr/share/man/nl/man1/dpkg-split.1.gz", + "/usr/share/man/nl/man1/dpkg-statoverride.1.gz", + "/usr/share/man/nl/man1/dpkg-trigger.1.gz", + "/usr/share/man/nl/man1/dpkg.1.gz", + "/usr/share/man/nl/man1/update-alternatives.1.gz", + "/usr/share/man/nl/man5/dpkg.cfg.5.gz", + "/usr/share/man/nl/man8/start-stop-daemon.8.gz", + "/usr/share/man/pl/man5/dpkg.cfg.5.gz", + "/usr/share/man/pt/man1/dpkg-deb.1.gz", + "/usr/share/man/pt/man1/dpkg-divert.1.gz", + "/usr/share/man/pt/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/pt/man1/dpkg-query.1.gz", + "/usr/share/man/pt/man1/dpkg-realpath.1.gz", + "/usr/share/man/pt/man1/dpkg-split.1.gz", + "/usr/share/man/pt/man1/dpkg-statoverride.1.gz", + "/usr/share/man/pt/man1/dpkg-trigger.1.gz", + "/usr/share/man/pt/man1/dpkg.1.gz", + "/usr/share/man/pt/man1/update-alternatives.1.gz", + "/usr/share/man/pt/man5/dpkg.cfg.5.gz", + "/usr/share/man/pt/man8/start-stop-daemon.8.gz", + "/usr/share/man/sv/man1/dpkg-deb.1.gz", + "/usr/share/man/sv/man1/dpkg-divert.1.gz", + "/usr/share/man/sv/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/sv/man1/dpkg-query.1.gz", + "/usr/share/man/sv/man1/dpkg-realpath.1.gz", + "/usr/share/man/sv/man1/dpkg-split.1.gz", + "/usr/share/man/sv/man1/dpkg-statoverride.1.gz", + "/usr/share/man/sv/man1/dpkg-trigger.1.gz", + "/usr/share/man/sv/man1/dpkg.1.gz", + "/usr/share/man/sv/man1/update-alternatives.1.gz", + "/usr/share/man/sv/man5/dpkg.cfg.5.gz", + "/usr/share/man/sv/man8/start-stop-daemon.8.gz", + "/usr/share/polkit-1/actions/org.dpkg.pkexec.update-alternatives.policy" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "e2fsprogs@1.47.0-2ubuntu1", + "Name": "e2fsprogs", + "Identifier": { + "PURL": "pkg:deb/ubuntu/e2fsprogs@1.47.0-2ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "93f65def7a88bc18" + }, + "Version": "1.47.0", + "Release": "2ubuntu1", + "Arch": "amd64", + "SrcName": "e2fsprogs", + "SrcVersion": "1.47.0", + "SrcRelease": "2ubuntu1", + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.0-only", + "BSD-3-Clause", + "Apache-2.0", + "ISC", + "GPL-2.0-or-later", + "MIT-US-export", + "Kazlib", + "Latex2e", + "GPL-2+ with Texinfo exception" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "logsave@1.47.0-2ubuntu1" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/lib/systemd/system/e2scrub@.service", + "/lib/systemd/system/e2scrub_all.service", + "/lib/systemd/system/e2scrub_all.timer", + "/lib/systemd/system/e2scrub_fail@.service", + "/lib/systemd/system/e2scrub_reap.service", + "/lib/udev/rules.d/96-e2scrub.rules", + "/sbin/badblocks", + "/sbin/debugfs", + "/sbin/dumpe2fs", + "/sbin/e2fsck", + "/sbin/e2image", + "/sbin/e2scrub", + "/sbin/e2scrub_all", + "/sbin/e2undo", + "/sbin/mke2fs", + "/sbin/resize2fs", + "/sbin/tune2fs", + "/usr/bin/chattr", + "/usr/bin/lsattr", + "/usr/lib/x86_64-linux-gnu/e2fsprogs/e2scrub_all_cron", + "/usr/lib/x86_64-linux-gnu/e2fsprogs/e2scrub_fail", + "/usr/sbin/e2freefrag", + "/usr/sbin/e4crypt", + "/usr/sbin/e4defrag", + "/usr/sbin/filefrag", + "/usr/sbin/mklost+found", + "/usr/share/doc/e2fsprogs/NEWS.gz", + "/usr/share/doc/e2fsprogs/README", + "/usr/share/doc/e2fsprogs/copyright", + "/usr/share/lintian/overrides/e2fsprogs", + "/usr/share/man/man1/chattr.1.gz", + "/usr/share/man/man1/lsattr.1.gz", + "/usr/share/man/man5/e2fsck.conf.5.gz", + "/usr/share/man/man5/ext4.5.gz", + "/usr/share/man/man5/mke2fs.conf.5.gz", + "/usr/share/man/man8/badblocks.8.gz", + "/usr/share/man/man8/debugfs.8.gz", + "/usr/share/man/man8/dumpe2fs.8.gz", + "/usr/share/man/man8/e2freefrag.8.gz", + "/usr/share/man/man8/e2fsck.8.gz", + "/usr/share/man/man8/e2image.8.gz", + "/usr/share/man/man8/e2label.8.gz", + "/usr/share/man/man8/e2mmpstatus.8.gz", + "/usr/share/man/man8/e2scrub.8.gz", + "/usr/share/man/man8/e2scrub_all.8.gz", + "/usr/share/man/man8/e2undo.8.gz", + "/usr/share/man/man8/e4crypt.8.gz", + "/usr/share/man/man8/e4defrag.8.gz", + "/usr/share/man/man8/filefrag.8.gz", + "/usr/share/man/man8/mke2fs.8.gz", + "/usr/share/man/man8/mklost+found.8.gz", + "/usr/share/man/man8/resize2fs.8.gz", + "/usr/share/man/man8/tune2fs.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "findutils@4.9.0-5", + "Name": "findutils", + "Identifier": { + "PURL": "pkg:deb/ubuntu/findutils@4.9.0-5?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "eb60580587b05254" + }, + "Version": "4.9.0", + "Release": "5", + "Arch": "amd64", + "SrcName": "findutils", + "SrcVersion": "4.9.0", + "SrcRelease": "5", + "Licenses": [ + "GFDL-1.3-no-invariants-or-later", + "GPL-3.0-or-later", + "FSFAP", + "GPL-3+ with Autoconf-data exception", + "FSFULLR", + "GPL-2+ with Autoconf-data exception", + "GPL-2.0-or-later", + "X11", + "public-domain", + "GPL with automake exception", + "LGPL-2.1-or-later", + "LGPL-2.0-or-later", + "LGPL-3.0-or-later", + "BSD-3-clause and/or GPL-3+", + "GPL-3+ with Bison-2.2 exception", + "LGPL-3.0-only", + "ISC and/or LGPL-2.1+", + "BSD-3-Clause", + "GFDL-1.3-only", + "GPL-2.0-only", + "GPL-3.0-only", + "ISC", + "LGPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/bin/find", + "/usr/bin/xargs", + "/usr/share/doc-base/findutils.findutils", + "/usr/share/doc/findutils/NEWS.Debian.gz", + "/usr/share/doc/findutils/NEWS.gz", + "/usr/share/doc/findutils/README.gz", + "/usr/share/doc/findutils/TODO", + "/usr/share/doc/findutils/changelog.Debian.gz", + "/usr/share/doc/findutils/copyright", + "/usr/share/info/find-maint.info.gz", + "/usr/share/info/find.info-1.gz", + "/usr/share/info/find.info-2.gz", + "/usr/share/info/find.info.gz", + "/usr/share/man/man1/find.1.gz", + "/usr/share/man/man1/xargs.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "gcc-13-base@13.2.0-4ubuntu3", + "Name": "gcc-13-base", + "Identifier": { + "PURL": "pkg:deb/ubuntu/gcc-13-base@13.2.0-4ubuntu3?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "b5e02b596bb76b4c" + }, + "Version": "13.2.0", + "Release": "4ubuntu3", + "Arch": "amd64", + "SrcName": "gcc-13", + "SrcVersion": "13.2.0", + "SrcRelease": "4ubuntu3", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-3.0-only", + "GFDL-1.2-only", + "GPL-2.0-only", + "Artistic-2.0", + "LGPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Core developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/share/doc/gcc-13-base/README.Debian.amd64.gz", + "/usr/share/doc/gcc-13-base/TODO.Debian", + "/usr/share/doc/gcc-13-base/changelog.Debian.gz", + "/usr/share/doc/gcc-13-base/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "gpgv@2.2.40-1.1ubuntu1", + "Name": "gpgv", + "Identifier": { + "PURL": "pkg:deb/ubuntu/gpgv@2.2.40-1.1ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "9a4f54e83006f6c0" + }, + "Version": "2.2.40", + "Release": "1.1ubuntu1", + "Arch": "amd64", + "SrcName": "gnupg2", + "SrcVersion": "2.2.40", + "SrcRelease": "1.1ubuntu1", + "Licenses": [ + "GPL-3.0-or-later", + "permissive", + "LGPL-2.1-or-later", + "MIT", + "BSD-3-Clause", + "LGPL-3.0-or-later", + "RFC-Reference", + "TinySCHEME", + "CC0-1.0", + "GPL-3.0-only", + "LGPL-3.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libbz2-1.0@1.0.8-5build1", + "libc6@2.38-1ubuntu6.3", + "libgcrypt20@1.10.2-3ubuntu1", + "libgpg-error0@1.47-2", + "zlib1g@1:1.2.13.dfsg-1ubuntu5" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/bin/gpgv", + "/usr/share/doc/gpgv/NEWS.Debian.gz", + "/usr/share/doc/gpgv/changelog.Debian.gz", + "/usr/share/doc/gpgv/copyright", + "/usr/share/man/man1/gpgv.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "grep@3.11-2", + "Name": "grep", + "Identifier": { + "PURL": "pkg:deb/ubuntu/grep@3.11-2?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "6acdd681813578f7" + }, + "Version": "3.11", + "Release": "2", + "Arch": "amd64", + "SrcName": "grep", + "SrcVersion": "3.11", + "SrcRelease": "2", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/bin/egrep", + "/bin/fgrep", + "/bin/grep", + "/usr/bin/rgrep", + "/usr/share/doc/grep/AUTHORS", + "/usr/share/doc/grep/NEWS.Debian.gz", + "/usr/share/doc/grep/NEWS.gz", + "/usr/share/doc/grep/README", + "/usr/share/doc/grep/THANKS.gz", + "/usr/share/doc/grep/TODO.gz", + "/usr/share/doc/grep/changelog.Debian.gz", + "/usr/share/doc/grep/copyright", + "/usr/share/info/grep.info.gz", + "/usr/share/man/man1/grep.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "gzip@1.12-1ubuntu1", + "Name": "gzip", + "Identifier": { + "PURL": "pkg:deb/ubuntu/gzip@1.12-1ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "7ba5615b2bdf3f2f" + }, + "Version": "1.12", + "Release": "1ubuntu1", + "Arch": "amd64", + "SrcName": "gzip", + "SrcVersion": "1.12", + "SrcRelease": "1ubuntu1", + "Licenses": [ + "GPL-3.0-or-later", + "GFDL-1.3+-no-invariant", + "FSF-manpages", + "GPL-3.0-only", + "GFDL-3" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "dpkg@1.22.0ubuntu1.1" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/bin/gunzip", + "/bin/gzexe", + "/bin/gzip", + "/bin/uncompress", + "/bin/zcat", + "/bin/zcmp", + "/bin/zdiff", + "/bin/zegrep", + "/bin/zfgrep", + "/bin/zforce", + "/bin/zgrep", + "/bin/zless", + "/bin/zmore", + "/bin/znew", + "/usr/share/doc/gzip/NEWS.gz", + "/usr/share/doc/gzip/README.gz", + "/usr/share/doc/gzip/TODO", + "/usr/share/doc/gzip/changelog.Debian.gz", + "/usr/share/doc/gzip/copyright", + "/usr/share/info/gzip.info.gz", + "/usr/share/man/man1/gzexe.1.gz", + "/usr/share/man/man1/gzip.1.gz", + "/usr/share/man/man1/zdiff.1.gz", + "/usr/share/man/man1/zforce.1.gz", + "/usr/share/man/man1/zgrep.1.gz", + "/usr/share/man/man1/zless.1.gz", + "/usr/share/man/man1/zmore.1.gz", + "/usr/share/man/man1/znew.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "hostname@3.23+nmu1ubuntu1", + "Name": "hostname", + "Identifier": { + "PURL": "pkg:deb/ubuntu/hostname@3.23%2Bnmu1ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "7460255cb8aeb4f5" + }, + "Version": "3.23+nmu1ubuntu1", + "Arch": "amd64", + "SrcName": "hostname", + "SrcVersion": "3.23+nmu1ubuntu1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/bin/hostname", + "/usr/share/doc/hostname/changelog.gz", + "/usr/share/doc/hostname/copyright", + "/usr/share/man/man1/hostname.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "init-system-helpers@1.65.2ubuntu1", + "Name": "init-system-helpers", + "Identifier": { + "PURL": "pkg:deb/ubuntu/init-system-helpers@1.65.2ubuntu1?arch=all\u0026distro=ubuntu-23.10", + "UID": "efdd542c03a3784d" + }, + "Version": "1.65.2ubuntu1", + "Arch": "all", + "SrcName": "init-system-helpers", + "SrcVersion": "1.65.2ubuntu1", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/bin/deb-systemd-helper", + "/usr/bin/deb-systemd-invoke", + "/usr/sbin/invoke-rc.d", + "/usr/sbin/service", + "/usr/sbin/update-rc.d", + "/usr/share/bug/init-system-helpers/control", + "/usr/share/doc/init-system-helpers/README.invoke-rc.d.gz", + "/usr/share/doc/init-system-helpers/README.policy-rc.d.gz", + "/usr/share/doc/init-system-helpers/changelog.gz", + "/usr/share/doc/init-system-helpers/copyright", + "/usr/share/man/man1/deb-systemd-helper.1p.gz", + "/usr/share/man/man1/deb-systemd-invoke.1p.gz", + "/usr/share/man/man8/invoke-rc.d.8.gz", + "/usr/share/man/man8/service.8.gz", + "/usr/share/man/man8/update-rc.d.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libacl1@2.3.1-3", + "Name": "libacl1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libacl1@2.3.1-3?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "16eaf4ba78d1ba24" + }, + "Version": "2.3.1", + "Release": "3", + "Arch": "amd64", + "SrcName": "acl", + "SrcVersion": "2.3.1", + "SrcRelease": "3", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.0-or-later", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libacl.so.1.1.2301", + "/usr/share/doc/libacl1/changelog.Debian.gz", + "/usr/share/doc/libacl1/copyright", + "/usr/share/lintian/overrides/libacl1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libapt-pkg6.0@2.7.3ubuntu0.1", + "Name": "libapt-pkg6.0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libapt-pkg6.0@2.7.3ubuntu0.1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "326de5eaff5b9ca9" + }, + "Version": "2.7.3ubuntu0.1", + "Arch": "amd64", + "SrcName": "apt", + "SrcVersion": "2.7.3ubuntu0.1", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "BSD-3-Clause", + "MIT" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libbz2-1.0@1.0.8-5build1", + "libc6@2.38-1ubuntu6.3", + "libgcc-s1@13.2.0-4ubuntu3", + "libgcrypt20@1.10.2-3ubuntu1", + "liblz4-1@1.9.4-1", + "liblzma5@5.4.1-0.2", + "libstdc++6@13.2.0-4ubuntu3", + "libsystemd0@253.5-1ubuntu6.1", + "libudev1@253.5-1ubuntu6.1", + "libxxhash0@0.8.1-1", + "libzstd1@1.5.5+dfsg2-1ubuntu2", + "zlib1g@1:1.2.13.dfsg-1ubuntu5" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libapt-pkg.so.6.0.0", + "/usr/share/doc/libapt-pkg6.0/NEWS.Debian.gz", + "/usr/share/doc/libapt-pkg6.0/changelog.gz", + "/usr/share/doc/libapt-pkg6.0/copyright", + "/usr/share/locale/ar/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/ast/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/bg/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/bs/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/ca/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/cs/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/cy/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/da/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/de/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/dz/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/el/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/es/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/eu/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/fi/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/fr/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/gl/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/hu/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/it/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/ja/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/km/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/ko/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/ku/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/lt/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/mr/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/nb/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/ne/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/nl/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/nn/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/pl/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/pt/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/ro/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/ru/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/sk/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/sl/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/sv/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/th/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/tl/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/tr/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/uk/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/vi/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/libapt-pkg6.0.mo" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libattr1@1:2.5.1-4", + "Name": "libattr1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libattr1@2.5.1-4?arch=amd64\u0026distro=ubuntu-23.10\u0026epoch=1", + "UID": "eba7f45ea60648ef" + }, + "Version": "2.5.1", + "Release": "4", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "attr", + "SrcVersion": "2.5.1", + "SrcRelease": "4", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.0-or-later", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libattr.so.1.1.2501", + "/usr/share/doc/libattr1/changelog.Debian.gz", + "/usr/share/doc/libattr1/copyright", + "/usr/share/lintian/overrides/libattr1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libaudit-common@1:3.1.1-1", + "Name": "libaudit-common", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libaudit-common@3.1.1-1?arch=all\u0026distro=ubuntu-23.10\u0026epoch=1", + "UID": "d5d2b5d6d82eb5e0" + }, + "Version": "3.1.1", + "Release": "1", + "Epoch": 1, + "Arch": "all", + "SrcName": "audit", + "SrcVersion": "3.1.1", + "SrcRelease": "1", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.1-only", + "GPL-1.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/share/doc/libaudit-common/changelog.Debian.gz", + "/usr/share/doc/libaudit-common/copyright", + "/usr/share/man/man5/libaudit.conf.5.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libaudit1@1:3.1.1-1", + "Name": "libaudit1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libaudit1@3.1.1-1?arch=amd64\u0026distro=ubuntu-23.10\u0026epoch=1", + "UID": "22ffab6ad06e1b24" + }, + "Version": "3.1.1", + "Release": "1", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "audit", + "SrcVersion": "3.1.1", + "SrcRelease": "1", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.1-only", + "GPL-1.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit-common@1:3.1.1-1", + "libc6@2.38-1ubuntu6.3", + "libcap-ng0@0.8.3-1build2" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libaudit.so.1.0.0", + "/usr/share/doc/libaudit1/changelog.Debian.gz", + "/usr/share/doc/libaudit1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libblkid1@2.39.1-4ubuntu2.2", + "Name": "libblkid1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libblkid1@2.39.1-4ubuntu2.2?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "f3d6437c5f894a84" + }, + "Version": "2.39.1", + "Release": "4ubuntu2.2", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.39.1", + "SrcRelease": "4ubuntu2.2", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "LGPL-2.1-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libblkid.so.1.1.0", + "/usr/share/doc/libblkid1/changelog.Debian.gz", + "/usr/share/doc/libblkid1/copyright", + "/usr/share/lintian/overrides/libblkid1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libbz2-1.0@1.0.8-5build1", + "Name": "libbz2-1.0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libbz2-1.0@1.0.8-5build1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "c0fea80fd44d3485" + }, + "Version": "1.0.8", + "Release": "5build1", + "Arch": "amd64", + "SrcName": "bzip2", + "SrcVersion": "1.0.8", + "SrcRelease": "5build1", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libbz2.so.1.0.4", + "/usr/share/doc/libbz2-1.0/changelog.Debian.gz", + "/usr/share/doc/libbz2-1.0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libc-bin@2.38-1ubuntu6.3", + "Name": "libc-bin", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libc-bin@2.38-1ubuntu6.3?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "fad6e8575bbba0cc" + }, + "Version": "2.38", + "Release": "1ubuntu6.3", + "Arch": "amd64", + "SrcName": "glibc", + "SrcVersion": "2.38", + "SrcRelease": "1ubuntu6.3", + "Licenses": [ + "LGPL-2.1-only", + "GPL-2.0-only", + "GFDL-1.3-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/sbin/ldconfig", + "/sbin/ldconfig.real", + "/usr/bin/getconf", + "/usr/bin/getent", + "/usr/bin/iconv", + "/usr/bin/ldd", + "/usr/bin/locale", + "/usr/bin/localedef", + "/usr/bin/pldd", + "/usr/bin/tzselect", + "/usr/bin/zdump", + "/usr/lib/locale/C.utf8/LC_ADDRESS", + "/usr/lib/locale/C.utf8/LC_COLLATE", + "/usr/lib/locale/C.utf8/LC_CTYPE", + "/usr/lib/locale/C.utf8/LC_IDENTIFICATION", + "/usr/lib/locale/C.utf8/LC_MEASUREMENT", + "/usr/lib/locale/C.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "/usr/lib/locale/C.utf8/LC_MONETARY", + "/usr/lib/locale/C.utf8/LC_NAME", + "/usr/lib/locale/C.utf8/LC_NUMERIC", + "/usr/lib/locale/C.utf8/LC_PAPER", + "/usr/lib/locale/C.utf8/LC_TELEPHONE", + "/usr/lib/locale/C.utf8/LC_TIME", + "/usr/sbin/iconvconfig", + "/usr/sbin/zic", + "/usr/share/doc/libc-bin/copyright", + "/usr/share/libc-bin/nsswitch.conf", + "/usr/share/lintian/overrides/libc-bin", + "/usr/share/man/man1/getconf.1.gz", + "/usr/share/man/man1/tzselect.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libc6@2.38-1ubuntu6.3", + "Name": "libc6", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libc6@2.38-1ubuntu6.3?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "4fc4121121ebc6af" + }, + "Version": "2.38", + "Release": "1ubuntu6.3", + "Arch": "amd64", + "SrcName": "glibc", + "SrcVersion": "2.38", + "SrcRelease": "1ubuntu6.3", + "Licenses": [ + "LGPL-2.1-only", + "GPL-2.0-only", + "GFDL-1.3-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libgcc-s1@13.2.0-4ubuntu3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2", + "/lib/x86_64-linux-gnu/libBrokenLocale.so.1", + "/lib/x86_64-linux-gnu/libanl.so.1", + "/lib/x86_64-linux-gnu/libc.so.6", + "/lib/x86_64-linux-gnu/libc_malloc_debug.so.0", + "/lib/x86_64-linux-gnu/libdl.so.2", + "/lib/x86_64-linux-gnu/libm.so.6", + "/lib/x86_64-linux-gnu/libmemusage.so", + "/lib/x86_64-linux-gnu/libmvec.so.1", + "/lib/x86_64-linux-gnu/libnsl.so.1", + "/lib/x86_64-linux-gnu/libnss_compat.so.2", + "/lib/x86_64-linux-gnu/libnss_dns.so.2", + "/lib/x86_64-linux-gnu/libnss_files.so.2", + "/lib/x86_64-linux-gnu/libnss_hesiod.so.2", + "/lib/x86_64-linux-gnu/libpcprofile.so", + "/lib/x86_64-linux-gnu/libpthread.so.0", + "/lib/x86_64-linux-gnu/libresolv.so.2", + "/lib/x86_64-linux-gnu/librt.so.1", + "/lib/x86_64-linux-gnu/libthread_db.so.1", + "/lib/x86_64-linux-gnu/libutil.so.1", + "/usr/lib/x86_64-linux-gnu/gconv/ANSI_X3.110.so", + "/usr/lib/x86_64-linux-gnu/gconv/ARMSCII-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/ASMO_449.so", + "/usr/lib/x86_64-linux-gnu/gconv/BIG5.so", + "/usr/lib/x86_64-linux-gnu/gconv/BIG5HKSCS.so", + "/usr/lib/x86_64-linux-gnu/gconv/BRF.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP10007.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1125.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1250.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1251.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1252.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1253.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1254.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1255.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1256.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1257.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1258.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP737.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP770.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP771.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP772.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP773.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP774.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP775.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP932.so", + "/usr/lib/x86_64-linux-gnu/gconv/CSN_369103.so", + "/usr/lib/x86_64-linux-gnu/gconv/CWI.so", + "/usr/lib/x86_64-linux-gnu/gconv/DEC-MCS.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-CA-FR.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-S.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FR.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IS-FRISS.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IT.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-PT.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-UK.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-US.so", + "/usr/lib/x86_64-linux-gnu/gconv/ECMA-CYRILLIC.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-CN.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-JISX0213.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP-MS.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-KR.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-TW.so", + "/usr/lib/x86_64-linux-gnu/gconv/GB18030.so", + "/usr/lib/x86_64-linux-gnu/gconv/GBBIG5.so", + "/usr/lib/x86_64-linux-gnu/gconv/GBGBK.so", + "/usr/lib/x86_64-linux-gnu/gconv/GBK.so", + "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-ACADEMY.so", + "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-PS.so", + "/usr/lib/x86_64-linux-gnu/gconv/GOST_19768-74.so", + "/usr/lib/x86_64-linux-gnu/gconv/GREEK-CCITT.so", + "/usr/lib/x86_64-linux-gnu/gconv/GREEK7-OLD.so", + "/usr/lib/x86_64-linux-gnu/gconv/GREEK7.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-GREEK8.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN8.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN9.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-THAI8.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-TURKISH8.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM037.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM038.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1004.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1008.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1008_420.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1025.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1026.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1046.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1047.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1097.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1112.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1122.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1123.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1124.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1129.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1130.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1132.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1133.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1137.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1140.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1141.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1142.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1143.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1144.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1145.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1146.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1147.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1148.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1149.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1153.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1154.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1155.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1156.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1157.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1158.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1160.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1161.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1162.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1163.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1164.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1166.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1167.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM12712.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1364.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1371.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1388.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1390.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1399.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM16804.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM256.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM273.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM274.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM275.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM277.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM278.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM280.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM281.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM284.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM285.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM290.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM297.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM420.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM423.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM424.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM437.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4517.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4899.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4909.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4971.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM500.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM5347.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM803.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM850.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM851.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM852.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM855.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM856.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM857.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM858.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM860.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM861.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM862.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM863.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM864.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM865.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM866.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM866NAV.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM868.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM869.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM870.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM871.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM874.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM875.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM880.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM891.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM901.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM902.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM903.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM9030.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM904.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM905.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM9066.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM918.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM921.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM922.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM930.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM932.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM933.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM935.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM937.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM939.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM943.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM9448.so", + "/usr/lib/x86_64-linux-gnu/gconv/IEC_P27-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/INIS-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/INIS-CYRILLIC.so", + "/usr/lib/x86_64-linux-gnu/gconv/INIS.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISIRI-3342.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN-EXT.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP-3.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-KR.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-197.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-209.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO646.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-10.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-11.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-13.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-14.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-15.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-16.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-2.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-3.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-4.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-5.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-6.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-7.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9E.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_10367-BOX.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_11548-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_2033.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427-EXT.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_5428.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937-2.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937.so", + "/usr/lib/x86_64-linux-gnu/gconv/JOHAB.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-R.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-RU.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-T.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-U.so", + "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-CENTRALEUROPE.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-IS.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-SAMI.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-UK.so", + "/usr/lib/x86_64-linux-gnu/gconv/MACINTOSH.so", + "/usr/lib/x86_64-linux-gnu/gconv/MIK.so", + "/usr/lib/x86_64-linux-gnu/gconv/NATS-DANO.so", + "/usr/lib/x86_64-linux-gnu/gconv/NATS-SEFI.so", + "/usr/lib/x86_64-linux-gnu/gconv/PT154.so", + "/usr/lib/x86_64-linux-gnu/gconv/RK1048.so", + "/usr/lib/x86_64-linux-gnu/gconv/SAMI-WS2.so", + "/usr/lib/x86_64-linux-gnu/gconv/SHIFT_JISX0213.so", + "/usr/lib/x86_64-linux-gnu/gconv/SJIS.so", + "/usr/lib/x86_64-linux-gnu/gconv/T.61.so", + "/usr/lib/x86_64-linux-gnu/gconv/TCVN5712-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/TIS-620.so", + "/usr/lib/x86_64-linux-gnu/gconv/TSCII.so", + "/usr/lib/x86_64-linux-gnu/gconv/UHC.so", + "/usr/lib/x86_64-linux-gnu/gconv/UNICODE.so", + "/usr/lib/x86_64-linux-gnu/gconv/UTF-16.so", + "/usr/lib/x86_64-linux-gnu/gconv/UTF-32.so", + "/usr/lib/x86_64-linux-gnu/gconv/UTF-7.so", + "/usr/lib/x86_64-linux-gnu/gconv/VISCII.so", + "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules", + "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache", + "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.d/gconv-modules-extra.conf", + "/usr/lib/x86_64-linux-gnu/gconv/libCNS.so", + "/usr/lib/x86_64-linux-gnu/gconv/libGB.so", + "/usr/lib/x86_64-linux-gnu/gconv/libISOIR165.so", + "/usr/lib/x86_64-linux-gnu/gconv/libJIS.so", + "/usr/lib/x86_64-linux-gnu/gconv/libJISX0213.so", + "/usr/lib/x86_64-linux-gnu/gconv/libKSC.so", + "/usr/share/doc/libc6/NEWS.Debian.gz", + "/usr/share/doc/libc6/NEWS.gz", + "/usr/share/doc/libc6/README.Debian.gz", + "/usr/share/doc/libc6/README.hesiod.gz", + "/usr/share/doc/libc6/changelog.Debian.gz", + "/usr/share/doc/libc6/copyright", + "/usr/share/lintian/overrides/libc6" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcap-ng0@0.8.3-1build2", + "Name": "libcap-ng0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libcap-ng0@0.8.3-1build2?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "38441adb98520431" + }, + "Version": "0.8.3", + "Release": "1build2", + "Arch": "amd64", + "SrcName": "libcap-ng", + "SrcVersion": "0.8.3", + "SrcRelease": "1build2", + "Licenses": [ + "LGPL-2.1-or-later", + "GPL-2.0-or-later", + "GPL-3.0-only", + "LGPL-2.1-only", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0", + "/lib/x86_64-linux-gnu/libdrop_ambient.so.0.0.0", + "/usr/share/doc/libcap-ng0/changelog.Debian.gz", + "/usr/share/doc/libcap-ng0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcap2@1:2.66-4ubuntu1", + "Name": "libcap2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libcap2@2.66-4ubuntu1?arch=amd64\u0026distro=ubuntu-23.10\u0026epoch=1", + "UID": "2ddc702741b5ad8c" + }, + "Version": "2.66", + "Release": "4ubuntu1", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "libcap2", + "SrcVersion": "2.66", + "SrcRelease": "4ubuntu1", + "SrcEpoch": 1, + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only", + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libcap.so.2.66", + "/lib/x86_64-linux-gnu/libpsx.so.2.66", + "/usr/share/doc/libcap2/changelog.Debian.gz", + "/usr/share/doc/libcap2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcom-err2@1.47.0-2ubuntu1", + "Name": "libcom-err2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libcom-err2@1.47.0-2ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "38b3b3db8bb42252" + }, + "Version": "1.47.0", + "Release": "2ubuntu1", + "Arch": "amd64", + "SrcName": "e2fsprogs", + "SrcVersion": "1.47.0", + "SrcRelease": "2ubuntu1", + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.0-only", + "BSD-3-Clause", + "Apache-2.0", + "ISC", + "GPL-2.0-or-later", + "MIT-US-export", + "Kazlib", + "Latex2e", + "GPL-2+ with Texinfo exception" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libcom_err.so.2.1", + "/usr/share/doc/libcom-err2/changelog.Debian.gz", + "/usr/share/doc/libcom-err2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcrypt1@1:4.4.36-2", + "Name": "libcrypt1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libcrypt1@4.4.36-2?arch=amd64\u0026distro=ubuntu-23.10\u0026epoch=1", + "UID": "90f9fcc2e677477d" + }, + "Version": "4.4.36", + "Release": "2", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "libxcrypt", + "SrcVersion": "4.4.36", + "SrcRelease": "2", + "SrcEpoch": 1, + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libcrypt.so.1.1.0", + "/usr/share/doc/libcrypt1/changelog.Debian.gz", + "/usr/share/doc/libcrypt1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libdb5.3@5.3.28+dfsg2-2", + "Name": "libdb5.3", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libdb5.3@5.3.28%2Bdfsg2-2?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "aa8a7594bb2b2ac9" + }, + "Version": "5.3.28+dfsg2", + "Release": "2", + "Arch": "amd64", + "SrcName": "db5.3", + "SrcVersion": "5.3.28+dfsg2", + "SrcRelease": "2", + "Licenses": [ + "Sleepycat", + "BSD-3-Clause", + "MS-PL", + "GPL-2.0-or-later", + "Artistic-2.0", + "X11", + "MIT-old", + "TCL-like", + "BSD-3-clause-fjord", + "GPL-3.0-only", + "Zlib" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libdb-5.3.so", + "/usr/share/doc/libdb5.3/build_signature_amd64.txt", + "/usr/share/doc/libdb5.3/changelog.Debian.gz", + "/usr/share/doc/libdb5.3/copyright", + "/usr/share/lintian/overrides/libdb5.3" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libdbi-perl@1.643-4", + "Name": "libdbi-perl", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libdbi-perl@1.643-4?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "6dab2081ef40695f" + }, + "Version": "1.643", + "Release": "4", + "Arch": "amd64", + "SrcName": "libdbi-perl", + "SrcVersion": "1.643", + "SrcRelease": "4", + "Licenses": [ + "Artistic-2.0", + "GPL-1.0-or-later", + "GPL-1.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3", + "perl@5.36.0-9ubuntu1.1" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/usr/bin/dbilogstrip", + "/usr/bin/dbiprof", + "/usr/bin/dbiproxy", + "/usr/bin/dh_perl_dbi", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/Bundle/DBI.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/DBM.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/ExampleP.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/File.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/File/Developers.pod", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/File/HowTo.pod", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/File/Roadmap.pod", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/Gofer.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/Gofer/Policy/Base.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/Gofer/Policy/classic.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/Gofer/Policy/pedantic.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/Gofer/Policy/rush.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/Gofer/Transport/Base.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/Gofer/Transport/corostream.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/Gofer/Transport/null.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/Gofer/Transport/pipeone.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/Gofer/Transport/stream.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/Mem.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/NullP.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/Proxy.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/Sponge.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Changes.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Const/GetInfo/ANSI.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Const/GetInfo/ODBC.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Const/GetInfoReturn.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Const/GetInfoType.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/DBD.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/DBD/Metadata.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/DBD/SqlEngine.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/DBD/SqlEngine/Developers.pod", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/DBD/SqlEngine/HowTo.pod", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Gofer/Execute.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Gofer/Request.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Gofer/Response.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Gofer/Serializer/Base.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Gofer/Serializer/DataDumper.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Gofer/Serializer/Storable.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Gofer/Transport/Base.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Gofer/Transport/pipeone.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Gofer/Transport/stream.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Profile.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/ProfileData.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/ProfileDumper.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/ProfileDumper/Apache.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/ProfileSubs.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/ProxyServer.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/PurePerl.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/SQL/Nano.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Util/CacheMemory.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Util/_accessor.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/W32ODBC.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/Win32/DBIODBC.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/auto/DBI/DBI.so", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/auto/DBI/DBIXS.h", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/auto/DBI/Driver.xst", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/auto/DBI/Driver_xst.h", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/auto/DBI/dbd_xsh.h", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/auto/DBI/dbi_sql.h", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/auto/DBI/dbipport.h", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/auto/DBI/dbivport.h", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/auto/DBI/dbixs_rev.h", + "/usr/lib/x86_64-linux-gnu/perl5/5.36/dbixs_rev.pl", + "/usr/share/doc/libdbi-perl/NEWS.Developer.gz", + "/usr/share/doc/libdbi-perl/README.Debian", + "/usr/share/doc/libdbi-perl/changelog.Debian.gz", + "/usr/share/doc/libdbi-perl/copyright", + "/usr/share/doc/libdbi-perl/examples/corogofer.pl", + "/usr/share/doc/libdbi-perl/examples/perl_dbi_nulls_test.pl", + "/usr/share/doc/libdbi-perl/examples/profile.pl", + "/usr/share/doc/libdbi-perl/examples/test.pl", + "/usr/share/libdbi-perl/perl-dbdabi.make", + "/usr/share/man/man1/dbilogstrip.1p.gz", + "/usr/share/man/man1/dbiprof.1p.gz", + "/usr/share/man/man1/dbiproxy.1p.gz", + "/usr/share/man/man1/dh_perl_dbi.1.gz", + "/usr/share/man/man3/Bundle::DBI.3pm.gz", + "/usr/share/man/man3/DBD::DBM.3pm.gz", + "/usr/share/man/man3/DBD::File.3pm.gz", + "/usr/share/man/man3/DBD::File::Developers.3pm.gz", + "/usr/share/man/man3/DBD::File::HowTo.3pm.gz", + "/usr/share/man/man3/DBD::File::Roadmap.3pm.gz", + "/usr/share/man/man3/DBD::Gofer.3pm.gz", + "/usr/share/man/man3/DBD::Gofer::Policy::Base.3pm.gz", + "/usr/share/man/man3/DBD::Gofer::Policy::classic.3pm.gz", + "/usr/share/man/man3/DBD::Gofer::Policy::pedantic.3pm.gz", + "/usr/share/man/man3/DBD::Gofer::Policy::rush.3pm.gz", + "/usr/share/man/man3/DBD::Gofer::Transport::Base.3pm.gz", + "/usr/share/man/man3/DBD::Gofer::Transport::corostream.3pm.gz", + "/usr/share/man/man3/DBD::Gofer::Transport::null.3pm.gz", + "/usr/share/man/man3/DBD::Gofer::Transport::pipeone.3pm.gz", + "/usr/share/man/man3/DBD::Gofer::Transport::stream.3pm.gz", + "/usr/share/man/man3/DBD::Mem.3pm.gz", + "/usr/share/man/man3/DBD::Proxy.3pm.gz", + "/usr/share/man/man3/DBD::Sponge.3pm.gz", + "/usr/share/man/man3/DBI.3pm.gz", + "/usr/share/man/man3/DBI::Const::GetInfo::ANSI.3pm.gz", + "/usr/share/man/man3/DBI::Const::GetInfo::ODBC.3pm.gz", + "/usr/share/man/man3/DBI::Const::GetInfoReturn.3pm.gz", + "/usr/share/man/man3/DBI::Const::GetInfoType.3pm.gz", + "/usr/share/man/man3/DBI::DBD.3pm.gz", + "/usr/share/man/man3/DBI::DBD::Metadata.3pm.gz", + "/usr/share/man/man3/DBI::DBD::SqlEngine.3pm.gz", + "/usr/share/man/man3/DBI::DBD::SqlEngine::Developers.3pm.gz", + "/usr/share/man/man3/DBI::DBD::SqlEngine::HowTo.3pm.gz", + "/usr/share/man/man3/DBI::Gofer::Execute.3pm.gz", + "/usr/share/man/man3/DBI::Gofer::Request.3pm.gz", + "/usr/share/man/man3/DBI::Gofer::Response.3pm.gz", + "/usr/share/man/man3/DBI::Gofer::Serializer::Base.3pm.gz", + "/usr/share/man/man3/DBI::Gofer::Serializer::DataDumper.3pm.gz", + "/usr/share/man/man3/DBI::Gofer::Serializer::Storable.3pm.gz", + "/usr/share/man/man3/DBI::Gofer::Transport::Base.3pm.gz", + "/usr/share/man/man3/DBI::Gofer::Transport::pipeone.3pm.gz", + "/usr/share/man/man3/DBI::Gofer::Transport::stream.3pm.gz", + "/usr/share/man/man3/DBI::Profile.3pm.gz", + "/usr/share/man/man3/DBI::ProfileData.3pm.gz", + "/usr/share/man/man3/DBI::ProfileDumper.3pm.gz", + "/usr/share/man/man3/DBI::ProfileDumper::Apache.3pm.gz", + "/usr/share/man/man3/DBI::ProfileSubs.3pm.gz", + "/usr/share/man/man3/DBI::ProxyServer.3pm.gz", + "/usr/share/man/man3/DBI::PurePerl.3pm.gz", + "/usr/share/man/man3/DBI::SQL::Nano.3pm.gz", + "/usr/share/man/man3/DBI::Util::CacheMemory.3pm.gz", + "/usr/share/man/man3/DBI::W32ODBC.3pm.gz", + "/usr/share/man/man3/Win32::DBIODBC.3pm.gz", + "/usr/share/perl5/Debian/Debhelper/Sequence/perl_dbi.pm" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libdebconfclient0@0.270ubuntu1", + "Name": "libdebconfclient0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libdebconfclient0@0.270ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "10e0b7cbdb8c3a8d" + }, + "Version": "0.270ubuntu1", + "Arch": "amd64", + "SrcName": "cdebconf", + "SrcVersion": "0.270ubuntu1", + "Licenses": [ + "BSD-2-Clause", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libdebconfclient.so.0.0.0", + "/usr/share/doc/libdebconfclient0/changelog.gz", + "/usr/share/doc/libdebconfclient0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libecap3@1.0.1-3.4ubuntu1", + "Name": "libecap3", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libecap3@1.0.1-3.4ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "e269d5c95ff07622" + }, + "Version": "1.0.1", + "Release": "3.4ubuntu1", + "Arch": "amd64", + "SrcName": "libecap", + "SrcVersion": "1.0.1", + "SrcRelease": "3.4ubuntu1", + "Licenses": [ + "BSD-2-Clause", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3", + "libgcc-s1@13.2.0-4ubuntu3", + "libstdc++6@13.2.0-4ubuntu3", + "sgml-base@1.31" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libecap.so.3.0.0", + "/usr/share/doc/libecap3/CREDITS", + "/usr/share/doc/libecap3/README", + "/usr/share/doc/libecap3/changelog.Debian.gz", + "/usr/share/doc/libecap3/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libext2fs2@1.47.0-2ubuntu1", + "Name": "libext2fs2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libext2fs2@1.47.0-2ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "754e922383a27a6b" + }, + "Version": "1.47.0", + "Release": "2ubuntu1", + "Arch": "amd64", + "SrcName": "e2fsprogs", + "SrcVersion": "1.47.0", + "SrcRelease": "2ubuntu1", + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.0-only", + "BSD-3-Clause", + "Apache-2.0", + "ISC", + "GPL-2.0-or-later", + "MIT-US-export", + "Kazlib", + "Latex2e", + "GPL-2+ with Texinfo exception" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libe2p.so.2.3", + "/lib/x86_64-linux-gnu/libext2fs.so.2.4", + "/usr/share/doc/libext2fs2/changelog.Debian.gz", + "/usr/share/doc/libext2fs2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libffi8@3.4.4-1", + "Name": "libffi8", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libffi8@3.4.4-1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "855ddd54f59a9822" + }, + "Version": "3.4.4", + "Release": "1", + "Arch": "amd64", + "SrcName": "libffi", + "SrcVersion": "3.4.4", + "SrcRelease": "1", + "Licenses": [ + "MIT", + "X11", + "GPL-2.0-or-later", + "GPL-3.0-or-later", + "MPL-1.1", + "LGPL-2.1-or-later", + "public-domain" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libffi.so.8.1.2", + "/usr/share/doc/libffi8/changelog.Debian.gz", + "/usr/share/doc/libffi8/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgcc-s1@13.2.0-4ubuntu3", + "Name": "libgcc-s1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libgcc-s1@13.2.0-4ubuntu3?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "15efe2181684b94f" + }, + "Version": "13.2.0", + "Release": "4ubuntu3", + "Arch": "amd64", + "SrcName": "gcc-13", + "SrcVersion": "13.2.0", + "SrcRelease": "4ubuntu3", + "Maintainer": "Ubuntu Core developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "gcc-13-base@13.2.0-4ubuntu3", + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libgcc_s.so.1", + "/usr/share/lintian/overrides/libgcc-s1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgcrypt20@1.10.2-3ubuntu1", + "Name": "libgcrypt20", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libgcrypt20@1.10.2-3ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "bf4ebf91c92a96fd" + }, + "Version": "1.10.2", + "Release": "3ubuntu1", + "Arch": "amd64", + "SrcName": "libgcrypt20", + "SrcVersion": "1.10.2", + "SrcRelease": "3ubuntu1", + "Licenses": [ + "LGPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3", + "libgpg-error0@1.47-2" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgcrypt.so.20.4.2", + "/usr/share/doc/libgcrypt20/AUTHORS.gz", + "/usr/share/doc/libgcrypt20/NEWS.gz", + "/usr/share/doc/libgcrypt20/README.gz", + "/usr/share/doc/libgcrypt20/THANKS.gz", + "/usr/share/doc/libgcrypt20/changelog.Debian.gz", + "/usr/share/doc/libgcrypt20/copyright", + "/usr/share/libgcrypt20/clean-up-unmanaged-libraries" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgdbm-compat4@1.23-3", + "Name": "libgdbm-compat4", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libgdbm-compat4@1.23-3?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "f02a10184776514" + }, + "Version": "1.23", + "Release": "3", + "Arch": "amd64", + "SrcName": "gdbm", + "SrcVersion": "1.23", + "SrcRelease": "3", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-2.0-or-later", + "GFDL-1.3-no-invariants-or-later", + "GPL-3.0-only", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3", + "libgdbm6@1.23-3" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgdbm_compat.so.4.0.0", + "/usr/share/doc/libgdbm-compat4/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgdbm6@1.23-3", + "Name": "libgdbm6", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libgdbm6@1.23-3?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "26b389044a9a311f" + }, + "Version": "1.23", + "Release": "3", + "Arch": "amd64", + "SrcName": "gdbm", + "SrcVersion": "1.23", + "SrcRelease": "3", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-2.0-or-later", + "GFDL-1.3-no-invariants-or-later", + "GPL-3.0-only", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgdbm.so.6.0.0", + "/usr/share/doc/libgdbm6/changelog.Debian.gz", + "/usr/share/doc/libgdbm6/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgmp10@2:6.3.0+dfsg-2ubuntu4", + "Name": "libgmp10", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libgmp10@6.3.0%2Bdfsg-2ubuntu4?arch=amd64\u0026distro=ubuntu-23.10\u0026epoch=2", + "UID": "8aaf1a146f4d3256" + }, + "Version": "6.3.0+dfsg", + "Release": "2ubuntu4", + "Epoch": 2, + "Arch": "amd64", + "SrcName": "gmp", + "SrcVersion": "6.3.0+dfsg", + "SrcRelease": "2ubuntu4", + "SrcEpoch": 2, + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-or-later", + "GPL-3+ with Bison exception", + "GPL-2.0-only", + "GPL-3.0-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgmp.so.10.5.0", + "/usr/share/doc/libgmp10/README.Debian", + "/usr/share/doc/libgmp10/changelog.Debian.gz", + "/usr/share/doc/libgmp10/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgnutls30@3.8.1-4ubuntu1.3", + "Name": "libgnutls30", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libgnutls30@3.8.1-4ubuntu1.3?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "18f9ae706e86834d" + }, + "Version": "3.8.1", + "Release": "4ubuntu1.3", + "Arch": "amd64", + "SrcName": "gnutls28", + "SrcVersion": "3.8.1", + "SrcRelease": "4ubuntu1.3", + "Licenses": [ + "LGPL-2.1-only", + "LGPL-2.0-or-later", + "LGPL-3.0-only", + "GPL-2.0-or-later", + "GPL-3.0-only", + "GFDL-1.3-only", + "CC0-1.0", + "MIT", + "Apache-2.0", + "LGPL-3.0-or-later", + "LGPL-2.1-or-later", + "GPL-3.0-or-later", + "BSD-3-Clause" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3", + "libgmp10@2:6.3.0+dfsg-2ubuntu4", + "libhogweed6@3.9.1-2", + "libidn2-0@2.3.4-1", + "libnettle8@3.9.1-2", + "libp11-kit0@0.25.0-4ubuntu1", + "libtasn1-6@4.19.0-3", + "libunistring2@1.0-2" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgnutls.so.30.36.0", + "/usr/share/doc/libgnutls30/AUTHORS.gz", + "/usr/share/doc/libgnutls30/NEWS.Debian.gz", + "/usr/share/doc/libgnutls30/NEWS.gz", + "/usr/share/doc/libgnutls30/README.md.gz", + "/usr/share/doc/libgnutls30/THANKS.gz", + "/usr/share/doc/libgnutls30/changelog.Debian.gz", + "/usr/share/doc/libgnutls30/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgpg-error0@1.47-2", + "Name": "libgpg-error0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libgpg-error0@1.47-2?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "60a38e5e5f8b6de" + }, + "Version": "1.47", + "Release": "2", + "Arch": "amd64", + "SrcName": "libgpg-error", + "SrcVersion": "1.47", + "SrcRelease": "2", + "Licenses": [ + "LGPL-2.1-or-later", + "BSD-3-Clause", + "g10-permissive", + "GPL-3.0-or-later", + "LGPL-2.1-only", + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libgpg-error.so.0.34.0", + "/usr/share/doc/libgpg-error0/README.gz", + "/usr/share/doc/libgpg-error0/changelog.Debian.gz", + "/usr/share/doc/libgpg-error0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgssapi-krb5-2@1.20.1-3ubuntu1", + "Name": "libgssapi-krb5-2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-3ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "6d077c72bd6b2980" + }, + "Version": "1.20.1", + "Release": "3ubuntu1", + "Arch": "amd64", + "SrcName": "krb5", + "SrcVersion": "1.20.1", + "SrcRelease": "3ubuntu1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3", + "libcom-err2@1.47.0-2ubuntu1", + "libk5crypto3@1.20.1-3ubuntu1", + "libkrb5-3@1.20.1-3ubuntu1", + "libkrb5support0@1.20.1-3ubuntu1" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2", + "/usr/share/doc/libgssapi-krb5-2/copyright", + "/usr/share/lintian/overrides/libgssapi-krb5-2" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libhogweed6@3.9.1-2", + "Name": "libhogweed6", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libhogweed6@3.9.1-2?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "b731c82f847dcc48" + }, + "Version": "3.9.1", + "Release": "2", + "Arch": "amd64", + "SrcName": "nettle", + "SrcVersion": "3.9.1", + "SrcRelease": "2", + "Licenses": [ + "LGPL-3.0-or-later", + "GPL-2.0-or-later", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "MIT", + "GPL-3.0-with-autoconf-exception+", + "public-domain", + "GPL-2.0-only", + "GAP" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3", + "libgmp10@2:6.3.0+dfsg-2ubuntu4", + "libnettle8@3.9.1-2" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libhogweed.so.6.8", + "/usr/share/doc/libhogweed6/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libidn2-0@2.3.4-1", + "Name": "libidn2-0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libidn2-0@2.3.4-1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "a4a3edee5024b351" + }, + "Version": "2.3.4", + "Release": "1", + "Arch": "amd64", + "SrcName": "libidn2", + "SrcVersion": "2.3.4", + "SrcRelease": "1", + "Licenses": [ + "GPL-3.0-or-later", + "LGPL-3.0-or-later", + "GPL-2.0-or-later", + "Unicode", + "GPL-3.0-only", + "GPL-2.0-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3", + "libunistring2@1.0-2" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libidn2.so.0.3.8", + "/usr/share/doc/libidn2-0/AUTHORS", + "/usr/share/doc/libidn2-0/NEWS.gz", + "/usr/share/doc/libidn2-0/README.md.gz", + "/usr/share/doc/libidn2-0/changelog.Debian.gz", + "/usr/share/doc/libidn2-0/copyright", + "/usr/share/lintian/overrides/libidn2-0" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libk5crypto3@1.20.1-3ubuntu1", + "Name": "libk5crypto3", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libk5crypto3@1.20.1-3ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "632a744983beba71" + }, + "Version": "1.20.1", + "Release": "3ubuntu1", + "Arch": "amd64", + "SrcName": "krb5", + "SrcVersion": "1.20.1", + "SrcRelease": "3ubuntu1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3", + "libkrb5support0@1.20.1-3ubuntu1" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libk5crypto.so.3.1", + "/usr/share/doc/libk5crypto3/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libkeyutils1@1.6.3-2", + "Name": "libkeyutils1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libkeyutils1@1.6.3-2?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "1c55ad9c31335ff5" + }, + "Version": "1.6.3", + "Release": "2", + "Arch": "amd64", + "SrcName": "keyutils", + "SrcVersion": "1.6.3", + "SrcRelease": "2", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libkeyutils.so.1.10", + "/usr/share/doc/libkeyutils1/changelog.Debian.gz", + "/usr/share/doc/libkeyutils1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libkrb5-3@1.20.1-3ubuntu1", + "Name": "libkrb5-3", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libkrb5-3@1.20.1-3ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "a4910ceaddec919d" + }, + "Version": "1.20.1", + "Release": "3ubuntu1", + "Arch": "amd64", + "SrcName": "krb5", + "SrcVersion": "1.20.1", + "SrcRelease": "3ubuntu1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3", + "libcom-err2@1.47.0-2ubuntu1", + "libk5crypto3@1.20.1-3ubuntu1", + "libkeyutils1@1.6.3-2", + "libkrb5support0@1.20.1-3ubuntu1", + "libssl3@3.0.10-1ubuntu2.3" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/krb5/plugins/preauth/spake.so", + "/usr/lib/x86_64-linux-gnu/libkrb5.so.3.3", + "/usr/share/doc/libkrb5-3/README.Debian", + "/usr/share/doc/libkrb5-3/README.gz", + "/usr/share/doc/libkrb5-3/copyright", + "/usr/share/lintian/overrides/libkrb5-3" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libkrb5support0@1.20.1-3ubuntu1", + "Name": "libkrb5support0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libkrb5support0@1.20.1-3ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "85231a5169d735e0" + }, + "Version": "1.20.1", + "Release": "3ubuntu1", + "Arch": "amd64", + "SrcName": "krb5", + "SrcVersion": "1.20.1", + "SrcRelease": "3ubuntu1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libkrb5support.so.0.1", + "/usr/share/doc/libkrb5support0/changelog.Debian.gz", + "/usr/share/doc/libkrb5support0/copyright", + "/usr/share/lintian/overrides/libkrb5support0" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libldap2@2.6.6+dfsg-1~exp1ubuntu1", + "Name": "libldap2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libldap2@2.6.6%2Bdfsg-1~exp1ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "c583ba6ba041bafd" + }, + "Version": "2.6.6+dfsg", + "Release": "1~exp1ubuntu1", + "Arch": "amd64", + "SrcName": "openldap", + "SrcVersion": "2.6.6+dfsg", + "SrcRelease": "1~exp1ubuntu1", + "Licenses": [ + "OpenLDAP-2.8", + "FSF-unlimited", + "GPL-2.0-with-autoconf-exception+", + "GPL-3.0-with-autoconf-exception+", + "GPL-2+ with Libtool exception", + "GPL-3+ with Libtool exception", + "GPL-3.0-or-later", + "GPL-2.0-or-later", + "UMich", + "F5", + "JCG", + "MIT-XC", + "NeoSoft-permissive", + "BSD-3-Clause", + "Beerware", + "public-domain", + "BSD-4-clause-California", + "BSD-3-clause-variant", + "Expat-ISC", + "Expat-UNM", + "MIT", + "BSD-3-clause-California", + "GPL-2.0-only", + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3", + "libgnutls30@3.8.1-4ubuntu1.3", + "libsasl2-2@2.1.28+dfsg1-3" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/liblber.so.2.0.200", + "/usr/lib/x86_64-linux-gnu/libldap.so.2.0.200", + "/usr/share/doc/libldap2/README.Debian", + "/usr/share/doc/libldap2/changelog.Debian.gz", + "/usr/share/doc/libldap2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libltdl7@2.4.7-7", + "Name": "libltdl7", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libltdl7@2.4.7-7?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "8788bfe81eb02163" + }, + "Version": "2.4.7", + "Release": "7", + "Arch": "amd64", + "SrcName": "libtool", + "SrcVersion": "2.4.7", + "SrcRelease": "7", + "Licenses": [ + "GPL-2.0-or-later", + "GFDL-1.3-no-invariants-or-later", + "GPL-2.0-only", + "GFDL-1.3-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libltdl.so.7.3.2", + "/usr/share/doc/libltdl7/NEWS.gz", + "/usr/share/doc/libltdl7/README", + "/usr/share/doc/libltdl7/changelog.Debian.gz", + "/usr/share/doc/libltdl7/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "liblz4-1@1.9.4-1", + "Name": "liblz4-1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/liblz4-1@1.9.4-1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "766095b6ae1b68fd" + }, + "Version": "1.9.4", + "Release": "1", + "Arch": "amd64", + "SrcName": "lz4", + "SrcVersion": "1.9.4", + "SrcRelease": "1", + "Licenses": [ + "BSD-2-Clause", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/liblz4.so.1.9.4", + "/usr/share/doc/liblz4-1/changelog.Debian.gz", + "/usr/share/doc/liblz4-1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "liblzma5@5.4.1-0.2", + "Name": "liblzma5", + "Identifier": { + "PURL": "pkg:deb/ubuntu/liblzma5@5.4.1-0.2?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "2fc40a8e9352256c" + }, + "Version": "5.4.1", + "Release": "0.2", + "Arch": "amd64", + "SrcName": "xz-utils", + "SrcVersion": "5.4.1", + "SrcRelease": "0.2", + "Licenses": [ + "PD", + "probably-PD", + "GPL-2.0-or-later", + "LGPL-2.1-or-later", + "permissive-fsf", + "Autoconf", + "permissive-nowarranty", + "GPL-2.0-only", + "none", + "config-h", + "LGPL-2.0-only", + "LGPL-2.1-only", + "noderivs", + "PD-debian", + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/liblzma.so.5.4.1", + "/usr/share/doc/liblzma5/AUTHORS", + "/usr/share/doc/liblzma5/NEWS.gz", + "/usr/share/doc/liblzma5/THANKS", + "/usr/share/doc/liblzma5/changelog.Debian.gz", + "/usr/share/doc/liblzma5/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libmd0@1.1.0-1", + "Name": "libmd0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libmd0@1.1.0-1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "dc433606c70a310d" + }, + "Version": "1.1.0", + "Release": "1", + "Arch": "amd64", + "SrcName": "libmd", + "SrcVersion": "1.1.0", + "SrcRelease": "1", + "Licenses": [ + "BSD-3-Clause", + "BSD-3-clause-Aaron-D-Gifford", + "BSD-2-Clause", + "BSD-2-Clause-NetBSD", + "ISC", + "Beerware", + "public-domain-md4", + "public-domain-md5", + "public-domain-sha1" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libmd.so.0.1.0", + "/usr/share/doc/libmd0/changelog.Debian.gz", + "/usr/share/doc/libmd0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libmount1@2.39.1-4ubuntu2.2", + "Name": "libmount1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libmount1@2.39.1-4ubuntu2.2?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "4c8002821ce1b3ab" + }, + "Version": "2.39.1", + "Release": "4ubuntu2.2", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.39.1", + "SrcRelease": "4ubuntu2.2", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "LGPL-2.1-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libblkid1@2.39.1-4ubuntu2.2", + "libc6@2.38-1ubuntu6.3", + "libselinux1@3.5-1" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libmount.so.1.1.0", + "/usr/share/doc/libmount1/copyright", + "/usr/share/lintian/overrides/libmount1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libncursesw6@6.4+20230625-2", + "Name": "libncursesw6", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libncursesw6@6.4%2B20230625-2?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "f86415d3af725f9c" + }, + "Version": "6.4+20230625", + "Release": "2", + "Arch": "amd64", + "SrcName": "ncurses", + "SrcVersion": "6.4+20230625", + "SrcRelease": "2", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3", + "libtinfo6@6.4+20230625-2" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libncursesw.so.6.4", + "/usr/lib/x86_64-linux-gnu/libformw.so.6.4", + "/usr/lib/x86_64-linux-gnu/libmenuw.so.6.4", + "/usr/lib/x86_64-linux-gnu/libpanelw.so.6.4" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libnettle8@3.9.1-2", + "Name": "libnettle8", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libnettle8@3.9.1-2?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "75353efb7c11e4c" + }, + "Version": "3.9.1", + "Release": "2", + "Arch": "amd64", + "SrcName": "nettle", + "SrcVersion": "3.9.1", + "SrcRelease": "2", + "Licenses": [ + "LGPL-3.0-or-later", + "GPL-2.0-or-later", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "MIT", + "GPL-3.0-with-autoconf-exception+", + "public-domain", + "GPL-2.0-only", + "GAP" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libnettle.so.8.8", + "/usr/share/doc/libnettle8/NEWS.gz", + "/usr/share/doc/libnettle8/README", + "/usr/share/doc/libnettle8/changelog.Debian.gz", + "/usr/share/doc/libnettle8/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libp11-kit0@0.25.0-4ubuntu1", + "Name": "libp11-kit0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libp11-kit0@0.25.0-4ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "3d6a3fef204d7417" + }, + "Version": "0.25.0", + "Release": "4ubuntu1", + "Arch": "amd64", + "SrcName": "p11-kit", + "SrcVersion": "0.25.0", + "SrcRelease": "4ubuntu1", + "Licenses": [ + "BSD-3-Clause", + "permissive-like-automake-output", + "ISC", + "ISC+IBM", + "LGPL-2.1-or-later", + "Apache-2.0", + "same-as-rest-of-p11kit", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3", + "libffi8@3.4.4-1" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libp11-kit.so.0.3.0", + "/usr/share/doc/libp11-kit0/changelog.Debian.gz", + "/usr/share/doc/libp11-kit0/copyright", + "/usr/share/doc/libp11-kit0/examples/pkcs11.conf.example" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam-modules@1.5.2-6ubuntu1.1", + "Name": "libpam-modules", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libpam-modules@1.5.2-6ubuntu1.1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "60e8a8420a420fd3" + }, + "Version": "1.5.2", + "Release": "6ubuntu1.1", + "Arch": "amd64", + "SrcName": "pam", + "SrcVersion": "1.5.2", + "SrcRelease": "6ubuntu1.1", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "BSD-tcp_wrappers", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "public-domain", + "Beerware" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/security/pam_access.so", + "/lib/x86_64-linux-gnu/security/pam_debug.so", + "/lib/x86_64-linux-gnu/security/pam_deny.so", + "/lib/x86_64-linux-gnu/security/pam_echo.so", + "/lib/x86_64-linux-gnu/security/pam_env.so", + "/lib/x86_64-linux-gnu/security/pam_exec.so", + "/lib/x86_64-linux-gnu/security/pam_extrausers.so", + "/lib/x86_64-linux-gnu/security/pam_faildelay.so", + "/lib/x86_64-linux-gnu/security/pam_faillock.so", + "/lib/x86_64-linux-gnu/security/pam_filter.so", + "/lib/x86_64-linux-gnu/security/pam_ftp.so", + "/lib/x86_64-linux-gnu/security/pam_group.so", + "/lib/x86_64-linux-gnu/security/pam_issue.so", + "/lib/x86_64-linux-gnu/security/pam_keyinit.so", + "/lib/x86_64-linux-gnu/security/pam_lastlog.so", + "/lib/x86_64-linux-gnu/security/pam_limits.so", + "/lib/x86_64-linux-gnu/security/pam_listfile.so", + "/lib/x86_64-linux-gnu/security/pam_localuser.so", + "/lib/x86_64-linux-gnu/security/pam_loginuid.so", + "/lib/x86_64-linux-gnu/security/pam_mail.so", + "/lib/x86_64-linux-gnu/security/pam_mkhomedir.so", + "/lib/x86_64-linux-gnu/security/pam_motd.so", + "/lib/x86_64-linux-gnu/security/pam_namespace.so", + "/lib/x86_64-linux-gnu/security/pam_nologin.so", + "/lib/x86_64-linux-gnu/security/pam_permit.so", + "/lib/x86_64-linux-gnu/security/pam_pwhistory.so", + "/lib/x86_64-linux-gnu/security/pam_rhosts.so", + "/lib/x86_64-linux-gnu/security/pam_rootok.so", + "/lib/x86_64-linux-gnu/security/pam_securetty.so", + "/lib/x86_64-linux-gnu/security/pam_selinux.so", + "/lib/x86_64-linux-gnu/security/pam_sepermit.so", + "/lib/x86_64-linux-gnu/security/pam_setquota.so", + "/lib/x86_64-linux-gnu/security/pam_shells.so", + "/lib/x86_64-linux-gnu/security/pam_stress.so", + "/lib/x86_64-linux-gnu/security/pam_succeed_if.so", + "/lib/x86_64-linux-gnu/security/pam_time.so", + "/lib/x86_64-linux-gnu/security/pam_timestamp.so", + "/lib/x86_64-linux-gnu/security/pam_tty_audit.so", + "/lib/x86_64-linux-gnu/security/pam_umask.so", + "/lib/x86_64-linux-gnu/security/pam_unix.so", + "/lib/x86_64-linux-gnu/security/pam_userdb.so", + "/lib/x86_64-linux-gnu/security/pam_usertype.so", + "/lib/x86_64-linux-gnu/security/pam_warn.so", + "/lib/x86_64-linux-gnu/security/pam_wheel.so", + "/lib/x86_64-linux-gnu/security/pam_xauth.so", + "/usr/share/doc/libpam-modules/copyright", + "/usr/share/doc/libpam-modules/examples/upperLOWER.c", + "/usr/share/lintian/overrides/libpam-modules", + "/usr/share/man/man5/access.conf.5.gz", + "/usr/share/man/man5/faillock.conf.5.gz", + "/usr/share/man/man5/group.conf.5.gz", + "/usr/share/man/man5/limits.conf.5.gz", + "/usr/share/man/man5/namespace.conf.5.gz", + "/usr/share/man/man5/pam_env.conf.5.gz", + "/usr/share/man/man5/sepermit.conf.5.gz", + "/usr/share/man/man5/time.conf.5.gz", + "/usr/share/man/man5/update-motd.5.gz", + "/usr/share/man/man7/pam_env.7.gz", + "/usr/share/man/man7/pam_selinux.7.gz", + "/usr/share/man/man8/pam_access.8.gz", + "/usr/share/man/man8/pam_debug.8.gz", + "/usr/share/man/man8/pam_deny.8.gz", + "/usr/share/man/man8/pam_echo.8.gz", + "/usr/share/man/man8/pam_exec.8.gz", + "/usr/share/man/man8/pam_extrausers.8.gz", + "/usr/share/man/man8/pam_faildelay.8.gz", + "/usr/share/man/man8/pam_faillock.8.gz", + "/usr/share/man/man8/pam_filter.8.gz", + "/usr/share/man/man8/pam_ftp.8.gz", + "/usr/share/man/man8/pam_group.8.gz", + "/usr/share/man/man8/pam_issue.8.gz", + "/usr/share/man/man8/pam_keyinit.8.gz", + "/usr/share/man/man8/pam_lastlog.8.gz", + "/usr/share/man/man8/pam_limits.8.gz", + "/usr/share/man/man8/pam_listfile.8.gz", + "/usr/share/man/man8/pam_localuser.8.gz", + "/usr/share/man/man8/pam_loginuid.8.gz", + "/usr/share/man/man8/pam_mail.8.gz", + "/usr/share/man/man8/pam_mkhomedir.8.gz", + "/usr/share/man/man8/pam_motd.8.gz", + "/usr/share/man/man8/pam_namespace.8.gz", + "/usr/share/man/man8/pam_nologin.8.gz", + "/usr/share/man/man8/pam_permit.8.gz", + "/usr/share/man/man8/pam_pwhistory.8.gz", + "/usr/share/man/man8/pam_rhosts.8.gz", + "/usr/share/man/man8/pam_rootok.8.gz", + "/usr/share/man/man8/pam_securetty.8.gz", + "/usr/share/man/man8/pam_sepermit.8.gz", + "/usr/share/man/man8/pam_setquota.8.gz", + "/usr/share/man/man8/pam_shells.8.gz", + "/usr/share/man/man8/pam_stress.8.gz", + "/usr/share/man/man8/pam_succeed_if.8.gz", + "/usr/share/man/man8/pam_time.8.gz", + "/usr/share/man/man8/pam_timestamp.8.gz", + "/usr/share/man/man8/pam_tty_audit.8.gz", + "/usr/share/man/man8/pam_umask.8.gz", + "/usr/share/man/man8/pam_unix.8.gz", + "/usr/share/man/man8/pam_userdb.8.gz", + "/usr/share/man/man8/pam_usertype.8.gz", + "/usr/share/man/man8/pam_warn.8.gz", + "/usr/share/man/man8/pam_wheel.8.gz", + "/usr/share/man/man8/pam_xauth.8.gz", + "/usr/share/pam-configs/mkhomedir" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam-modules-bin@1.5.2-6ubuntu1.1", + "Name": "libpam-modules-bin", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libpam-modules-bin@1.5.2-6ubuntu1.1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "4b7d58c0ab3934e6" + }, + "Version": "1.5.2", + "Release": "6ubuntu1.1", + "Arch": "amd64", + "SrcName": "pam", + "SrcVersion": "1.5.2", + "SrcRelease": "6ubuntu1.1", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "BSD-tcp_wrappers", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "public-domain", + "Beerware" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit1@1:3.1.1-1", + "libc6@2.38-1ubuntu6.3", + "libcrypt1@1:4.4.36-2", + "libpam0g@1.5.2-6ubuntu1.1", + "libselinux1@3.5-1" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/sbin/mkhomedir_helper", + "/sbin/pam_extrausers_chkpwd", + "/sbin/pam_extrausers_update", + "/sbin/pam_namespace_helper", + "/sbin/pwhistory_helper", + "/sbin/unix_chkpwd", + "/sbin/unix_update", + "/usr/lib/systemd/system/pam_namespace.service", + "/usr/sbin/faillock", + "/usr/sbin/pam_timestamp_check", + "/usr/share/doc/libpam-modules-bin/copyright", + "/usr/share/lintian/overrides/libpam-modules-bin", + "/usr/share/man/man5/environment.5.gz", + "/usr/share/man/man8/faillock.8.gz", + "/usr/share/man/man8/mkhomedir_helper.8.gz", + "/usr/share/man/man8/pam_namespace_helper.8.gz", + "/usr/share/man/man8/pam_timestamp_check.8.gz", + "/usr/share/man/man8/pwhistory_helper.8.gz", + "/usr/share/man/man8/unix_chkpwd.8.gz", + "/usr/share/man/man8/unix_update.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam-runtime@1.5.2-6ubuntu1.1", + "Name": "libpam-runtime", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libpam-runtime@1.5.2-6ubuntu1.1?arch=all\u0026distro=ubuntu-23.10", + "UID": "b18a41e489975d6b" + }, + "Version": "1.5.2", + "Release": "6ubuntu1.1", + "Arch": "all", + "SrcName": "pam", + "SrcVersion": "1.5.2", + "SrcRelease": "6ubuntu1.1", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "BSD-tcp_wrappers", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "public-domain", + "Beerware" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.82", + "libpam-modules@1.5.2-6ubuntu1.1" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/sbin/pam-auth-update", + "/usr/sbin/pam_getenv", + "/usr/share/doc/libpam-runtime/copyright", + "/usr/share/lintian/overrides/libpam-runtime", + "/usr/share/man/man5/pam.conf.5.gz", + "/usr/share/man/man7/PAM.7.gz", + "/usr/share/man/man8/pam-auth-update.8.gz", + "/usr/share/man/man8/pam_getenv.8.gz", + "/usr/share/pam-configs/unix", + "/usr/share/pam/common-account", + "/usr/share/pam/common-account.md5sums", + "/usr/share/pam/common-auth", + "/usr/share/pam/common-auth.md5sums", + "/usr/share/pam/common-password", + "/usr/share/pam/common-password.md5sums", + "/usr/share/pam/common-session", + "/usr/share/pam/common-session-noninteractive", + "/usr/share/pam/common-session-noninteractive.md5sums", + "/usr/share/pam/common-session.md5sums" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam0g@1.5.2-6ubuntu1.1", + "Name": "libpam0g", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libpam0g@1.5.2-6ubuntu1.1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "b240bd30f04779f5" + }, + "Version": "1.5.2", + "Release": "6ubuntu1.1", + "Arch": "amd64", + "SrcName": "pam", + "SrcVersion": "1.5.2", + "SrcRelease": "6ubuntu1.1", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "BSD-tcp_wrappers", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "public-domain", + "Beerware" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.82", + "libaudit1@1:3.1.1-1", + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libpam.so.0.85.1", + "/lib/x86_64-linux-gnu/libpam_misc.so.0.82.1", + "/lib/x86_64-linux-gnu/libpamc.so.0.82.1", + "/usr/share/doc/libpam0g/Debian-PAM-MiniPolicy.gz", + "/usr/share/doc/libpam0g/NEWS.Debian.gz", + "/usr/share/doc/libpam0g/README", + "/usr/share/doc/libpam0g/README.Debian", + "/usr/share/doc/libpam0g/TODO.Debian", + "/usr/share/doc/libpam0g/changelog.Debian.gz", + "/usr/share/doc/libpam0g/copyright", + "/usr/share/lintian/overrides/libpam0g" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpcre2-8-0@10.42-4", + "Name": "libpcre2-8-0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libpcre2-8-0@10.42-4?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "15c3261727579ccf" + }, + "Version": "10.42", + "Release": "4", + "Arch": "amd64", + "SrcName": "pcre2", + "SrcVersion": "10.42", + "SrcRelease": "4", + "Licenses": [ + "BSD-3-clause-Cambridge with BINARY LIBRARY-LIKE PACKAGES exception", + "BSD-3-Clause", + "X11", + "BSD-2-Clause", + "public-domain" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.11.2", + "/usr/share/doc/libpcre2-8-0/README.Debian", + "/usr/share/doc/libpcre2-8-0/changelog.Debian.gz", + "/usr/share/doc/libpcre2-8-0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libperl5.36@5.36.0-9ubuntu1.1", + "Name": "libperl5.36", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libperl5.36@5.36.0-9ubuntu1.1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "9e906117082a8005" + }, + "Version": "5.36.0", + "Release": "9ubuntu1.1", + "Arch": "amd64", + "SrcName": "perl", + "SrcVersion": "5.36.0", + "SrcRelease": "9ubuntu1.1", + "Licenses": [ + "GPL-1.0-or-later", + "Artistic-2.0", + "MIT", + "REGCOMP", + "GPL-2.0-with-bison-exception+", + "Unicode", + "BZIP", + "Zlib", + "GPL-2.0-or-later", + "RRA-KEEP-THIS-NOTICE", + "BSD-3-clause-with-weird-numbering", + "CC0-1.0", + "TEXT-TABS", + "BSD-4-clause-POWERDOG", + "BSD-3-clause-GENERIC", + "BSD-3-Clause", + "SDBM-PUBLIC-DOMAIN", + "DONT-CHANGE-THE-GPL", + "Artistic-dist", + "LGPL-2.1-only", + "GPL-1.0-only", + "GPL-2.0-only", + "Artistic-2", + "HSIEH-DERIVATIVE", + "HSIEH-BSD" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libbz2-1.0@1.0.8-5build1", + "libc6@2.38-1ubuntu6.3", + "libcrypt1@1:4.4.36-2", + "libdb5.3@5.3.28+dfsg2-2", + "libgdbm-compat4@1.23-3", + "libgdbm6@1.23-3", + "perl-modules-5.36@5.36.0-9ubuntu1.1", + "zlib1g@1:1.2.13.dfsg-1ubuntu5" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/usr/bin/cpan5.36-x86_64-linux-gnu", + "/usr/bin/perl5.36-x86_64-linux-gnu", + "/usr/lib/x86_64-linux-gnu/libperl.so.5.36.0", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/B.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/B/Concise.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/B/Showlex.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/B/Terse.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/B/Xref.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/EXTERN.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/INTERN.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/XSUB.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/av.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/bitcount.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/charclass_invlists.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/config.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/cop.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/cv.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/dosish.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/ebcdic_tables.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/embed.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/embedvar.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/fakesdio.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/feature.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/form.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/git_version.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/gv.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/handy.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/hv.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/hv_func.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/hv_macro.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/inline.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/intrpvar.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/invlist_inline.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/iperlsys.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/keywords.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/l1_char_class_tab.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/malloc_ctl.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/metaconfig.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/mg.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/mg_data.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/mg_raw.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/mg_vtable.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/mydtrace.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/nostdio.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/op.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/op_reg_common.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/opcode.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/opnames.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/overload.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/pad.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/parser.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/patchlevel-debian.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/patchlevel.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/perl.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/perl_inc_macro.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/perl_langinfo.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/perl_siphash.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/perlapi.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/perlio.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/perliol.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/perlsdio.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/perlvars.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/perly.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/pp.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/pp_proto.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/proto.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/reentr.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/regcharclass.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/regcomp.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/regexp.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/regnodes.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/sbox32_hash.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/scope.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/sv.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/sv_inline.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/thread.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/time64.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/time64_config.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/uconfig.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/uni_keywords.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/unicode_constants.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/unixish.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/utf8.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/utfebcdic.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/util.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/uudmap.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/vutil.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/warnings.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/zaphod32_hash.h", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Compress/Raw/Bzip2.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Compress/Raw/Zlib.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Config.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Config.pod", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Config_git.pl", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Config_heavy.pl", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Cwd.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/DB_File.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Data/Dumper.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Devel/PPPort.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Devel/Peek.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Digest/MD5.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Digest/SHA.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/DynaLoader.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/Alias.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/Byte.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/CJKConstants.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/CN.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/CN/HZ.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/Config.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/EBCDIC.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/Encoder.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/Encoding.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/GSM0338.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/Guess.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/JP.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/JP/H2Z.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/JP/JIS7.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/KR.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/KR/2022_KR.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/MIME/Header.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/MIME/Header/ISO_2022_JP.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/MIME/Name.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/Symbol.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/TW.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/Unicode.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/Unicode/UTF7.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Errno.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Fcntl.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/File/DosGlob.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/File/Glob.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/File/Spec.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/File/Spec/AmigaOS.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/File/Spec/Cygwin.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/File/Spec/Epoc.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/File/Spec/Functions.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/File/Spec/Mac.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/File/Spec/OS2.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/File/Spec/Unix.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/File/Spec/VMS.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/File/Spec/Win32.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Filter/Util/Call.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/GDBM_File.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Hash/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Hash/Util/FieldHash.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/I18N/Langinfo.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IO.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IO/Dir.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IO/File.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IO/Handle.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IO/Pipe.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IO/Poll.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IO/Seekable.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IO/Select.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IO/Socket.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IO/Socket/INET.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IO/Socket/UNIX.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IPC/Msg.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IPC/Semaphore.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IPC/SharedMem.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IPC/SysV.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/List/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/List/Util/XS.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/MIME/Base64.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/MIME/QuotedPrint.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Math/BigInt/FastCalc.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/NDBM_File.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/O.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/ODBM_File.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Opcode.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/POSIX.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/POSIX.pod", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/PerlIO/encoding.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/PerlIO/mmap.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/PerlIO/scalar.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/PerlIO/via.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/SDBM_File.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Scalar/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Socket.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Storable.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Sub/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Sys/Hostname.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Sys/Syslog.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Time/HiRes.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Time/Piece.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Time/Seconds.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Unicode/Collate.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Unicode/Collate/Locale.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Unicode/Normalize.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/_h2ph_pre.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm-generic/bitsperlong.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm-generic/ioctl.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm-generic/ioctls.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm-generic/posix_types.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm-generic/socket.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm-generic/sockios.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm-generic/termbits-common.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm-generic/termbits.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm-generic/termios.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/bitsperlong.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/ioctl.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/ioctls.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/posix_types.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/posix_types_32.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/posix_types_64.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/posix_types_x32.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/socket.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/sockios.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/termbits.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/termios.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/unistd.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/unistd_32.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/unistd_64.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/unistd_x32.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/attributes.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/B/B.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Compress/Raw/Bzip2/Bzip2.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Compress/Raw/Zlib/Zlib.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Cwd/Cwd.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/DB_File/DB_File.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Data/Dumper/Dumper.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Devel/Peek/Peek.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Digest/MD5/MD5.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Digest/SHA/SHA.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Encode/Byte/Byte.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Encode/CN/CN.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Encode/EBCDIC/EBCDIC.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Encode/Encode.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Encode/JP/JP.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Encode/KR/KR.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Encode/Symbol/Symbol.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Encode/TW/TW.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Encode/Unicode/Unicode.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Fcntl/Fcntl.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/File/DosGlob/DosGlob.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/File/Glob/Glob.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Filter/Util/Call/Call.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/GDBM_File/GDBM_File.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Hash/Util/FieldHash/FieldHash.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Hash/Util/Util.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/I18N/Langinfo/Langinfo.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/IO/IO.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/IPC/SysV/SysV.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/List/Util/Util.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/MIME/Base64/Base64.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Math/BigInt/FastCalc/FastCalc.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/NDBM_File/NDBM_File.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/ODBM_File/ODBM_File.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Opcode/Opcode.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/POSIX/POSIX.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/PerlIO/encoding/encoding.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/PerlIO/mmap/mmap.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/PerlIO/scalar/scalar.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/PerlIO/via/via.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/SDBM_File/SDBM_File.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Socket/Socket.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Storable/Storable.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Sys/Hostname/Hostname.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Sys/Syslog/Syslog.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Time/HiRes/HiRes.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Time/Piece/Piece.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Unicode/Collate/Collate.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Unicode/Normalize/Normalize.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/attributes/attributes.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/mro/mro.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/re/re.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/threads/shared/shared.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/threads/threads.so", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/atomic_wide_counter.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/byteswap.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/confname.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/endian.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/endianness.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/environments.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/floatn-common.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/floatn.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/getopt_core.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/getopt_posix.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/ioctl-types.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/ioctls.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/long-double.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/posix_opt.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/pthreadtypes-arch.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/pthreadtypes.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/select-decl.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/select.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/select2.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/sigaction.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/sigcontext.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/sigevent-consts.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/siginfo-arch.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/siginfo-consts-arch.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/siginfo-consts.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/signal_ext.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/signum-arch.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/signum-generic.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/sigstack.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/sigstksz.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/sigthread.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/sockaddr.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/socket-constants.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/socket.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/socket2.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/socket_type.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/ss_flags.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/stdint-intn.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/struct_mutex.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/struct_rwlock.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/syscall.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/syslog-decl.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/syslog-ldbl.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/syslog-path.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/syslog.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/thread-shared-types.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/time64.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/timesize.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/__sigset_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/__sigval_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/clock_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/clockid_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/idtype_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/sig_atomic_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/sigevent_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/siginfo_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/sigset_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/sigval_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/stack_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/struct_iovec.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/struct_osockaddr.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/struct_rusage.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/struct_sigstack.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/struct_timespec.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/struct_timeval.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/time_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/timer_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/typesizes.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/uintn-identity.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/unistd-decl.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/unistd.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/unistd_ext.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/waitflags.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/waitstatus.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/wordsize.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/encoding.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/endian.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/errno.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/features-time64.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/features.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/gnu/stubs-64.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/gnu/stubs.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/lib.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/linux/ioctl.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/linux/posix_types.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/linux/stddef.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/mro.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/ops.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/re.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/signal.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/stdarg.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/stdc-predef.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/stddef.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/sys/cdefs.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/sys/ioctl.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/sys/select.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/sys/socket.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/sys/syscall.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/sys/syslog.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/sys/time.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/sys/ttydefaults.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/sys/types.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/sys/ucontext.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/sys/wait.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/syscall.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/sysexits.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/syslimits.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/syslog.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/threads.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/threads/shared.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/unistd.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.36.0/wait.ph", + "/usr/lib/x86_64-linux-gnu/perl/debian-config-data-5.36.0/README", + "/usr/lib/x86_64-linux-gnu/perl/debian-config-data-5.36.0/config.sh.debug.gz", + "/usr/lib/x86_64-linux-gnu/perl/debian-config-data-5.36.0/config.sh.shared.gz", + "/usr/lib/x86_64-linux-gnu/perl/debian-config-data-5.36.0/config.sh.static.gz", + "/usr/share/doc/libperl5.36/changelog.Debian.gz", + "/usr/share/doc/libperl5.36/copyright", + "/usr/share/lintian/overrides/libperl5.36", + "/usr/share/man/man1/cpan5.36-x86_64-linux-gnu.1.gz", + "/usr/share/man/man1/perl5.36-x86_64-linux-gnu.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpopt0@1.19+dfsg-1", + "Name": "libpopt0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libpopt0@1.19%2Bdfsg-1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "bc1d644ab7b7423a" + }, + "Version": "1.19+dfsg", + "Release": "1", + "Arch": "amd64", + "SrcName": "popt", + "SrcVersion": "1.19+dfsg", + "SrcRelease": "1", + "Licenses": [ + "MIT", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libpopt.so.0.0.2", + "/usr/share/doc/libpopt0/README", + "/usr/share/doc/libpopt0/changelog.Debian.gz", + "/usr/share/doc/libpopt0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libproc2-0@2:4.0.3-1ubuntu1.23.10.1", + "Name": "libproc2-0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libproc2-0@4.0.3-1ubuntu1.23.10.1?arch=amd64\u0026distro=ubuntu-23.10\u0026epoch=2", + "UID": "34fd03306b454b88" + }, + "Version": "4.0.3", + "Release": "1ubuntu1.23.10.1", + "Epoch": 2, + "Arch": "amd64", + "SrcName": "procps", + "SrcVersion": "4.0.3", + "SrcRelease": "1ubuntu1.23.10.1", + "SrcEpoch": 2, + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.0-or-later", + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3", + "libsystemd0@253.5-1ubuntu6.1" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libproc2.so.0.0.1", + "/usr/share/doc/libproc2-0/NEWS.Debian.gz", + "/usr/share/doc/libproc2-0/changelog.Debian.gz", + "/usr/share/doc/libproc2-0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsasl2-2@2.1.28+dfsg1-3", + "Name": "libsasl2-2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libsasl2-2@2.1.28%2Bdfsg1-3?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "7c4ee7581fe6d586" + }, + "Version": "2.1.28+dfsg1", + "Release": "3", + "Arch": "amd64", + "SrcName": "cyrus-sasl2", + "SrcVersion": "2.1.28+dfsg1", + "SrcRelease": "3", + "Licenses": [ + "BSD-3-Clause-Attribution", + "BSD-3-Clause", + "BSD-2-Clause", + "GPL-3.0-or-later", + "GPL-3.0-only", + "BSD-4-Clause-UC", + "RSA-MD", + "text://BSD-3-Clause-Attribution and IBM-as-is", + "BSD-3-clause-JANET", + "BSD-3-clause-PADL", + "MIT-OpenVision", + "OpenLDAP", + "FSFULLR", + "MIT-CMU", + "MIT-Export", + "BSD-2.2-clause", + "text://IBM-as-is" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3", + "libsasl2-modules-db@2.1.28+dfsg1-3", + "libssl3@3.0.10-1ubuntu2.3" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsasl2.so.2.0.25", + "/usr/share/doc/libsasl2-2/README.Debian", + "/usr/share/doc/libsasl2-2/copyright", + "/usr/share/man/man5/libsasl.5.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsasl2-modules-db@2.1.28+dfsg1-3", + "Name": "libsasl2-modules-db", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libsasl2-modules-db@2.1.28%2Bdfsg1-3?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "43c1a29a34ea3d8a" + }, + "Version": "2.1.28+dfsg1", + "Release": "3", + "Arch": "amd64", + "SrcName": "cyrus-sasl2", + "SrcVersion": "2.1.28+dfsg1", + "SrcRelease": "3", + "Licenses": [ + "BSD-3-Clause-Attribution", + "BSD-3-Clause", + "BSD-2-Clause", + "GPL-3.0-or-later", + "GPL-3.0-only", + "BSD-4-Clause-UC", + "RSA-MD", + "text://BSD-3-Clause-Attribution and IBM-as-is", + "BSD-3-clause-JANET", + "BSD-3-clause-PADL", + "MIT-OpenVision", + "OpenLDAP", + "FSFULLR", + "MIT-CMU", + "MIT-Export", + "BSD-2.2-clause", + "text://IBM-as-is" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3", + "libdb5.3@5.3.28+dfsg2-2" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/sasl2/libsasldb.so.2.0.25", + "/usr/share/doc/libsasl2-modules-db/changelog.Debian.gz", + "/usr/share/doc/libsasl2-modules-db/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libseccomp2@2.5.4-1ubuntu3", + "Name": "libseccomp2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libseccomp2@2.5.4-1ubuntu3?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "ebeb6a98937ad179" + }, + "Version": "2.5.4", + "Release": "1ubuntu3", + "Arch": "amd64", + "SrcName": "libseccomp", + "SrcVersion": "2.5.4", + "SrcRelease": "1ubuntu3", + "Licenses": [ + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libseccomp.so.2.5.4", + "/usr/share/doc/libseccomp2/changelog.Debian.gz", + "/usr/share/doc/libseccomp2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libselinux1@3.5-1", + "Name": "libselinux1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libselinux1@3.5-1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "bdf3c260a102db44" + }, + "Version": "3.5", + "Release": "1", + "Arch": "amd64", + "SrcName": "libselinux", + "SrcVersion": "3.5", + "SrcRelease": "1", + "Licenses": [ + "public-domain", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3", + "libpcre2-8-0@10.42-4" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libselinux.so.1", + "/usr/share/doc/libselinux1/changelog.Debian.gz", + "/usr/share/doc/libselinux1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsemanage-common@3.5-1", + "Name": "libsemanage-common", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libsemanage-common@3.5-1?arch=all\u0026distro=ubuntu-23.10", + "UID": "506ffbcb7f2426a" + }, + "Version": "3.5", + "Release": "1", + "Arch": "all", + "SrcName": "libsemanage", + "SrcVersion": "3.5", + "SrcRelease": "1", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.1-only", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/share/doc/libsemanage-common/changelog.Debian.gz", + "/usr/share/doc/libsemanage-common/copyright", + "/usr/share/man/man5/semanage.conf.5.gz", + "/usr/share/man/ru/man5/semanage.conf.5.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsemanage2@3.5-1", + "Name": "libsemanage2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libsemanage2@3.5-1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "4187ad7685b9bc2b" + }, + "Version": "3.5", + "Release": "1", + "Arch": "amd64", + "SrcName": "libsemanage", + "SrcVersion": "3.5", + "SrcRelease": "1", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.1-only", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit1@1:3.1.1-1", + "libbz2-1.0@1.0.8-5build1", + "libc6@2.38-1ubuntu6.3", + "libselinux1@3.5-1", + "libsemanage-common@3.5-1", + "libsepol2@3.5-1" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsemanage.so.2", + "/usr/share/doc/libsemanage2/changelog.Debian.gz", + "/usr/share/doc/libsemanage2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsepol2@3.5-1", + "Name": "libsepol2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libsepol2@3.5-1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "819c50c320b4ed14" + }, + "Version": "3.5", + "Release": "1", + "Arch": "amd64", + "SrcName": "libsepol", + "SrcVersion": "3.5", + "SrcRelease": "1", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.1-only", + "Zlib", + "GPL-2.0-only", + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libsepol.so.2", + "/usr/share/doc/libsepol2/changelog.Debian.gz", + "/usr/share/doc/libsepol2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsmartcols1@2.39.1-4ubuntu2.2", + "Name": "libsmartcols1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libsmartcols1@2.39.1-4ubuntu2.2?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "b1087ab9a0339358" + }, + "Version": "2.39.1", + "Release": "4ubuntu2.2", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.39.1", + "SrcRelease": "4ubuntu2.2", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "LGPL-2.1-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsmartcols.so.1.1.0", + "/usr/share/doc/libsmartcols1/changelog.Debian.gz", + "/usr/share/doc/libsmartcols1/copyright", + "/usr/share/lintian/overrides/libsmartcols1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libss2@1.47.0-2ubuntu1", + "Name": "libss2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libss2@1.47.0-2ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "dace0e4e98f3ffb5" + }, + "Version": "1.47.0", + "Release": "2ubuntu1", + "Arch": "amd64", + "SrcName": "e2fsprogs", + "SrcVersion": "1.47.0", + "SrcRelease": "2ubuntu1", + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.0-only", + "BSD-3-Clause", + "Apache-2.0", + "ISC", + "GPL-2.0-or-later", + "MIT-US-export", + "Kazlib", + "Latex2e", + "GPL-2+ with Texinfo exception" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3", + "libcom-err2@1.47.0-2ubuntu1" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libss.so.2.0", + "/usr/share/doc/libss2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libssl3@3.0.10-1ubuntu2.3", + "Name": "libssl3", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libssl3@3.0.10-1ubuntu2.3?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "a644291ac82ff6da" + }, + "Version": "3.0.10", + "Release": "1ubuntu2.3", + "Arch": "amd64", + "SrcName": "openssl", + "SrcVersion": "3.0.10", + "SrcRelease": "1ubuntu2.3", + "Licenses": [ + "Apache-2.0", + "Artistic-2.0", + "GPL-1.0-or-later", + "GPL-1.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.82", + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/engines-3/afalg.so", + "/usr/lib/x86_64-linux-gnu/engines-3/loader_attic.so", + "/usr/lib/x86_64-linux-gnu/engines-3/padlock.so", + "/usr/lib/x86_64-linux-gnu/libcrypto.so.3", + "/usr/lib/x86_64-linux-gnu/libssl.so.3", + "/usr/lib/x86_64-linux-gnu/ossl-modules/legacy.so", + "/usr/share/doc/libssl3/changelog.Debian.gz", + "/usr/share/doc/libssl3/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libstdc++6@13.2.0-4ubuntu3", + "Name": "libstdc++6", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libstdc%2B%2B6@13.2.0-4ubuntu3?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "c932b61337e4970f" + }, + "Version": "13.2.0", + "Release": "4ubuntu3", + "Arch": "amd64", + "SrcName": "gcc-13", + "SrcVersion": "13.2.0", + "SrcRelease": "4ubuntu3", + "Maintainer": "Ubuntu Core developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "gcc-13-base@13.2.0-4ubuntu3", + "libc6@2.38-1ubuntu6.3", + "libgcc-s1@13.2.0-4ubuntu3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.32", + "/usr/share/gcc/python/libstdcxx/__init__.py", + "/usr/share/gcc/python/libstdcxx/v6/__init__.py", + "/usr/share/gcc/python/libstdcxx/v6/printers.py", + "/usr/share/gcc/python/libstdcxx/v6/xmethods.py", + "/usr/share/gdb/auto-load/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.32-gdb.py" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsystemd0@253.5-1ubuntu6.1", + "Name": "libsystemd0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libsystemd0@253.5-1ubuntu6.1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "313035d53fbc16f0" + }, + "Version": "253.5", + "Release": "1ubuntu6.1", + "Arch": "amd64", + "SrcName": "systemd", + "SrcVersion": "253.5", + "SrcRelease": "1ubuntu6.1", + "Licenses": [ + "LGPL-2.1-or-later", + "CC0-1.0", + "GPL-2 with Linux-syscall-note exception", + "MIT", + "public-domain", + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3", + "libcap2@1:2.66-4ubuntu1", + "libgcrypt20@1.10.2-3ubuntu1", + "liblz4-1@1.9.4-1", + "liblzma5@5.4.1-0.2", + "libzstd1@1.5.5+dfsg2-1ubuntu2" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.36.0", + "/usr/share/doc/libsystemd0/NEWS.Debian.gz", + "/usr/share/doc/libsystemd0/changelog.Debian.gz", + "/usr/share/doc/libsystemd0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libtasn1-6@4.19.0-3", + "Name": "libtasn1-6", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libtasn1-6@4.19.0-3?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "8b7961ca06867055" + }, + "Version": "4.19.0", + "Release": "3", + "Arch": "amd64", + "SrcName": "libtasn1-6", + "SrcVersion": "4.19.0", + "SrcRelease": "3", + "Licenses": [ + "LGPL-2.0-or-later", + "LGPL-2.1-only", + "GPL-3.0-only", + "GFDL-1.3-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libtasn1.so.6.6.3", + "/usr/share/doc/libtasn1-6/AUTHORS", + "/usr/share/doc/libtasn1-6/README.md", + "/usr/share/doc/libtasn1-6/THANKS", + "/usr/share/doc/libtasn1-6/changelog.Debian.gz", + "/usr/share/doc/libtasn1-6/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libtdb1@1.4.9-2", + "Name": "libtdb1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libtdb1@1.4.9-2?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "c01c4b0a8e4e730c" + }, + "Version": "1.4.9", + "Release": "2", + "Arch": "amd64", + "SrcName": "tdb", + "SrcVersion": "1.4.9", + "SrcRelease": "2", + "Licenses": [ + "LGPL-3.0-or-later", + "GPL-3.0-or-later", + "PostgreSQL", + "ISC", + "BSD-3-Clause", + "LGPL-3.0-only", + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libtdb.so.1.4.9", + "/usr/share/doc/libtdb1/changelog.Debian.gz", + "/usr/share/doc/libtdb1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libtinfo6@6.4+20230625-2", + "Name": "libtinfo6", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libtinfo6@6.4%2B20230625-2?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "b96445f770c5b00" + }, + "Version": "6.4+20230625", + "Release": "2", + "Arch": "amd64", + "SrcName": "ncurses", + "SrcVersion": "6.4+20230625", + "SrcRelease": "2", + "Licenses": [ + "MIT/X11", + "X11", + "BSD-3-Clause" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libtinfo.so.6.4", + "/usr/lib/x86_64-linux-gnu/libtic.so.6.4", + "/usr/share/doc/libtinfo6/changelog.Debian.gz", + "/usr/share/doc/libtinfo6/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libudev1@253.5-1ubuntu6.1", + "Name": "libudev1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libudev1@253.5-1ubuntu6.1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "572aaa0b7a82a0f6" + }, + "Version": "253.5", + "Release": "1ubuntu6.1", + "Arch": "amd64", + "SrcName": "systemd", + "SrcVersion": "253.5", + "SrcRelease": "1ubuntu6.1", + "Licenses": [ + "LGPL-2.1-or-later", + "CC0-1.0", + "GPL-2 with Linux-syscall-note exception", + "MIT", + "public-domain", + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3", + "libcap2@1:2.66-4ubuntu1" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libudev.so.1.7.6", + "/usr/share/doc/libudev1/NEWS.Debian.gz", + "/usr/share/doc/libudev1/changelog.Debian.gz", + "/usr/share/doc/libudev1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libunistring2@1.0-2", + "Name": "libunistring2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libunistring2@1.0-2?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "cde8f9b721c0647f" + }, + "Version": "1.0", + "Release": "2", + "Arch": "amd64", + "SrcName": "libunistring", + "SrcVersion": "1.0", + "SrcRelease": "2", + "Licenses": [ + "LGPL-3.0-or-later", + "GPL-2.0-or-later", + "FreeSoftware", + "GPL-3.0-or-later", + "GFDL-1.2-or-later", + "GPL-2+ with distribution exception", + "MIT", + "LGPL-3.0-only", + "GPL-3.0-only", + "GPL-2.0-only", + "GFDL-1.2-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libunistring.so.2.2.0", + "/usr/share/doc/libunistring2/changelog.Debian.gz", + "/usr/share/doc/libunistring2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libuuid1@2.39.1-4ubuntu2.2", + "Name": "libuuid1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libuuid1@2.39.1-4ubuntu2.2?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "ef7eab139c557e1f" + }, + "Version": "2.39.1", + "Release": "4ubuntu2.2", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.39.1", + "SrcRelease": "4ubuntu2.2", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "LGPL-2.1-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libuuid.so.1.3.0", + "/usr/share/doc/libuuid1/changelog.Debian.gz", + "/usr/share/doc/libuuid1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libxxhash0@0.8.1-1", + "Name": "libxxhash0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libxxhash0@0.8.1-1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "bf6683444d919998" + }, + "Version": "0.8.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "xxhash", + "SrcVersion": "0.8.1", + "SrcRelease": "1", + "Licenses": [ + "BSD-2-Clause", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libxxhash.so.0.8.1", + "/usr/share/doc/libxxhash0/changelog.Debian.gz", + "/usr/share/doc/libxxhash0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libzstd1@1.5.5+dfsg2-1ubuntu2", + "Name": "libzstd1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libzstd1@1.5.5%2Bdfsg2-1ubuntu2?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "33bdf7c00c71d8b1" + }, + "Version": "1.5.5+dfsg2", + "Release": "1ubuntu2", + "Arch": "amd64", + "SrcName": "libzstd", + "SrcVersion": "1.5.5+dfsg2", + "SrcRelease": "1ubuntu2", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only", + "Zlib", + "MIT" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libzstd.so.1.5.5", + "/usr/share/doc/libzstd1/changelog.Debian.gz", + "/usr/share/doc/libzstd1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "login@1:4.13+dfsg1-1ubuntu1.1", + "Name": "login", + "Identifier": { + "PURL": "pkg:deb/ubuntu/login@4.13%2Bdfsg1-1ubuntu1.1?arch=amd64\u0026distro=ubuntu-23.10\u0026epoch=1", + "UID": "e32b693ebc55c989" + }, + "Version": "4.13+dfsg1", + "Release": "1ubuntu1.1", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "shadow", + "SrcVersion": "4.13+dfsg1", + "SrcRelease": "1ubuntu1.1", + "SrcEpoch": 1, + "Licenses": [ + "BSD-3-Clause", + "GPL-1.0-only", + "GPL-2.0-or-later", + "public-domain", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/bin/login", + "/usr/bin/faillog", + "/usr/bin/lastlog", + "/usr/bin/newgrp", + "/usr/sbin/nologin", + "/usr/share/apport/package-hooks/source_shadow.py", + "/usr/share/doc/login/NEWS.Debian.gz", + "/usr/share/doc/login/changelog.Debian.gz", + "/usr/share/doc/login/copyright", + "/usr/share/lintian/overrides/login", + "/usr/share/man/cs/man5/faillog.5.gz", + "/usr/share/man/cs/man8/faillog.8.gz", + "/usr/share/man/cs/man8/lastlog.8.gz", + "/usr/share/man/cs/man8/nologin.8.gz", + "/usr/share/man/da/man1/newgrp.1.gz", + "/usr/share/man/da/man1/sg.1.gz", + "/usr/share/man/da/man8/nologin.8.gz", + "/usr/share/man/de/man1/login.1.gz", + "/usr/share/man/de/man1/newgrp.1.gz", + "/usr/share/man/de/man1/sg.1.gz", + "/usr/share/man/de/man5/faillog.5.gz", + "/usr/share/man/de/man5/login.defs.5.gz", + "/usr/share/man/de/man8/faillog.8.gz", + "/usr/share/man/de/man8/lastlog.8.gz", + "/usr/share/man/de/man8/nologin.8.gz", + "/usr/share/man/fr/man1/login.1.gz", + "/usr/share/man/fr/man1/newgrp.1.gz", + "/usr/share/man/fr/man1/sg.1.gz", + "/usr/share/man/fr/man5/faillog.5.gz", + "/usr/share/man/fr/man5/login.defs.5.gz", + "/usr/share/man/fr/man8/faillog.8.gz", + "/usr/share/man/fr/man8/lastlog.8.gz", + "/usr/share/man/fr/man8/nologin.8.gz", + "/usr/share/man/hu/man1/login.1.gz", + "/usr/share/man/hu/man1/newgrp.1.gz", + "/usr/share/man/hu/man8/lastlog.8.gz", + "/usr/share/man/id/man1/login.1.gz", + "/usr/share/man/it/man1/login.1.gz", + "/usr/share/man/it/man1/newgrp.1.gz", + "/usr/share/man/it/man1/sg.1.gz", + "/usr/share/man/it/man5/faillog.5.gz", + "/usr/share/man/it/man5/login.defs.5.gz", + "/usr/share/man/it/man8/faillog.8.gz", + "/usr/share/man/it/man8/lastlog.8.gz", + "/usr/share/man/it/man8/nologin.8.gz", + "/usr/share/man/ja/man1/login.1.gz", + "/usr/share/man/ja/man1/newgrp.1.gz", + "/usr/share/man/ja/man5/faillog.5.gz", + "/usr/share/man/ja/man5/login.defs.5.gz", + "/usr/share/man/ja/man8/faillog.8.gz", + "/usr/share/man/ja/man8/lastlog.8.gz", + "/usr/share/man/ko/man1/login.1.gz", + "/usr/share/man/man1/login.1.gz", + "/usr/share/man/man1/newgrp.1.gz", + "/usr/share/man/man1/sg.1.gz", + "/usr/share/man/man5/faillog.5.gz", + "/usr/share/man/man5/login.defs.5.gz", + "/usr/share/man/man8/faillog.8.gz", + "/usr/share/man/man8/lastlog.8.gz", + "/usr/share/man/man8/nologin.8.gz", + "/usr/share/man/pl/man1/newgrp.1.gz", + "/usr/share/man/pl/man1/sg.1.gz", + "/usr/share/man/pl/man5/faillog.5.gz", + "/usr/share/man/pl/man8/faillog.8.gz", + "/usr/share/man/pl/man8/lastlog.8.gz", + "/usr/share/man/ru/man1/login.1.gz", + "/usr/share/man/ru/man1/newgrp.1.gz", + "/usr/share/man/ru/man1/sg.1.gz", + "/usr/share/man/ru/man5/faillog.5.gz", + "/usr/share/man/ru/man5/login.defs.5.gz", + "/usr/share/man/ru/man8/faillog.8.gz", + "/usr/share/man/ru/man8/lastlog.8.gz", + "/usr/share/man/ru/man8/nologin.8.gz", + "/usr/share/man/sv/man1/newgrp.1.gz", + "/usr/share/man/sv/man1/sg.1.gz", + "/usr/share/man/sv/man5/faillog.5.gz", + "/usr/share/man/sv/man8/faillog.8.gz", + "/usr/share/man/sv/man8/lastlog.8.gz", + "/usr/share/man/sv/man8/nologin.8.gz", + "/usr/share/man/tr/man1/login.1.gz", + "/usr/share/man/uk/man1/login.1.gz", + "/usr/share/man/uk/man1/newgrp.1.gz", + "/usr/share/man/uk/man1/sg.1.gz", + "/usr/share/man/uk/man5/faillog.5.gz", + "/usr/share/man/uk/man5/login.defs.5.gz", + "/usr/share/man/uk/man8/faillog.8.gz", + "/usr/share/man/uk/man8/lastlog.8.gz", + "/usr/share/man/uk/man8/nologin.8.gz", + "/usr/share/man/zh_CN/man1/login.1.gz", + "/usr/share/man/zh_CN/man1/newgrp.1.gz", + "/usr/share/man/zh_CN/man1/sg.1.gz", + "/usr/share/man/zh_CN/man5/faillog.5.gz", + "/usr/share/man/zh_CN/man5/login.defs.5.gz", + "/usr/share/man/zh_CN/man8/faillog.8.gz", + "/usr/share/man/zh_CN/man8/lastlog.8.gz", + "/usr/share/man/zh_CN/man8/nologin.8.gz", + "/usr/share/man/zh_TW/man1/newgrp.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "logrotate@3.21.0-1", + "Name": "logrotate", + "Identifier": { + "PURL": "pkg:deb/ubuntu/logrotate@3.21.0-1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "46d2b3d6fb52a7d1" + }, + "Version": "3.21.0", + "Release": "1", + "Arch": "amd64", + "SrcName": "logrotate", + "SrcVersion": "3.21.0", + "SrcRelease": "1", + "Licenses": [ + "GPL-2.0-only", + "GPL-3.0-or-later", + "BSD-3-Clause", + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "cron@3.0pl1-163ubuntu1", + "libacl1@2.3.1-3", + "libc6@2.38-1ubuntu6.3", + "libpopt0@1.19+dfsg-1", + "libselinux1@3.5-1" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/lib/systemd/system/logrotate.service", + "/lib/systemd/system/logrotate.timer", + "/usr/sbin/logrotate", + "/usr/share/bug/logrotate/script", + "/usr/share/doc/logrotate/NEWS.Debian.gz", + "/usr/share/doc/logrotate/changelog.Debian.gz", + "/usr/share/doc/logrotate/copyright", + "/usr/share/man/man8/logrotate.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "logsave@1.47.0-2ubuntu1", + "Name": "logsave", + "Identifier": { + "PURL": "pkg:deb/ubuntu/logsave@1.47.0-2ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "e37cd5a38f37774c" + }, + "Version": "1.47.0", + "Release": "2ubuntu1", + "Arch": "amd64", + "SrcName": "e2fsprogs", + "SrcVersion": "1.47.0", + "SrcRelease": "2ubuntu1", + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.0-only", + "BSD-3-Clause", + "Apache-2.0", + "ISC", + "GPL-2.0-or-later", + "MIT-US-export", + "Kazlib", + "Latex2e", + "GPL-2+ with Texinfo exception" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/sbin/logsave", + "/usr/share/doc/logsave/changelog.Debian.gz", + "/usr/share/doc/logsave/copyright", + "/usr/share/man/man8/logsave.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mawk@1.3.4.20230730-1", + "Name": "mawk", + "Identifier": { + "PURL": "pkg:deb/ubuntu/mawk@1.3.4.20230730-1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "e175dfe215c6a36c" + }, + "Version": "1.3.4.20230730", + "Release": "1", + "Arch": "amd64", + "SrcName": "mawk", + "SrcVersion": "1.3.4.20230730", + "SrcRelease": "1", + "Licenses": [ + "GPL-2.0-only", + "X11", + "CC-BY-3.0" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/bin/mawk", + "/usr/share/doc/mawk/ACKNOWLEDGMENT", + "/usr/share/doc/mawk/README", + "/usr/share/doc/mawk/changelog.Debian.gz", + "/usr/share/doc/mawk/copyright", + "/usr/share/doc/mawk/examples/ct_length.awk", + "/usr/share/doc/mawk/examples/decl.awk", + "/usr/share/doc/mawk/examples/deps.awk", + "/usr/share/doc/mawk/examples/eatc.awk", + "/usr/share/doc/mawk/examples/gdecl.awk", + "/usr/share/doc/mawk/examples/hcal", + "/usr/share/doc/mawk/examples/hical", + "/usr/share/doc/mawk/examples/nocomment.awk", + "/usr/share/doc/mawk/examples/primes.awk", + "/usr/share/doc/mawk/examples/qsort.awk", + "/usr/share/man/man1/mawk.1.gz", + "/usr/share/man/man7/mawk-arrays.7.gz", + "/usr/share/man/man7/mawk-code.7.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mount@2.39.1-4ubuntu2.2", + "Name": "mount", + "Identifier": { + "PURL": "pkg:deb/ubuntu/mount@2.39.1-4ubuntu2.2?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "63613bfda1742dec" + }, + "Version": "2.39.1", + "Release": "4ubuntu2.2", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.39.1", + "SrcRelease": "4ubuntu2.2", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "LGPL-2.1-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/bin/mount", + "/bin/umount", + "/sbin/losetup", + "/sbin/swapoff", + "/sbin/swapon", + "/usr/share/bash-completion/completions/losetup", + "/usr/share/bash-completion/completions/mount", + "/usr/share/bash-completion/completions/swapoff", + "/usr/share/bash-completion/completions/swapon", + "/usr/share/bash-completion/completions/umount", + "/usr/share/doc/mount/copyright", + "/usr/share/doc/mount/examples/filesystems", + "/usr/share/doc/mount/examples/fstab", + "/usr/share/doc/mount/examples/mount.fstab", + "/usr/share/doc/mount/mount.txt", + "/usr/share/lintian/overrides/mount", + "/usr/share/man/man5/fstab.5.gz", + "/usr/share/man/man8/losetup.8.gz", + "/usr/share/man/man8/mount.8.gz", + "/usr/share/man/man8/swapon.8.gz", + "/usr/share/man/man8/umount.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "ncurses-base@6.4+20230625-2", + "Name": "ncurses-base", + "Identifier": { + "PURL": "pkg:deb/ubuntu/ncurses-base@6.4%2B20230625-2?arch=all\u0026distro=ubuntu-23.10", + "UID": "6076efaa0dbca4a8" + }, + "Version": "6.4+20230625", + "Release": "2", + "Arch": "all", + "SrcName": "ncurses", + "SrcVersion": "6.4+20230625", + "SrcRelease": "2", + "Licenses": [ + "MIT/X11", + "X11", + "BSD-3-Clause" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/share/doc/ncurses-base/FAQ", + "/usr/share/doc/ncurses-base/TODO.Debian", + "/usr/share/doc/ncurses-base/changelog.Debian.gz", + "/usr/share/doc/ncurses-base/copyright", + "/usr/share/lintian/overrides/ncurses-base", + "/usr/share/tabset/std", + "/usr/share/tabset/stdcrt", + "/usr/share/tabset/vt100", + "/usr/share/tabset/vt300", + "/usr/share/terminfo/E/Eterm", + "/usr/share/terminfo/a/ansi", + "/usr/share/terminfo/c/cons25", + "/usr/share/terminfo/c/cygwin", + "/usr/share/terminfo/d/dumb", + "/usr/share/terminfo/h/hurd", + "/usr/share/terminfo/l/linux", + "/usr/share/terminfo/m/mach", + "/usr/share/terminfo/m/mach-bold", + "/usr/share/terminfo/m/mach-color", + "/usr/share/terminfo/m/mach-gnu", + "/usr/share/terminfo/m/mach-gnu-color", + "/usr/share/terminfo/p/pcansi", + "/usr/share/terminfo/r/rxvt", + "/usr/share/terminfo/r/rxvt-basic", + "/usr/share/terminfo/r/rxvt-unicode", + "/usr/share/terminfo/r/rxvt-unicode-256color", + "/usr/share/terminfo/s/screen", + "/usr/share/terminfo/s/screen-256color", + "/usr/share/terminfo/s/screen-256color-bce", + "/usr/share/terminfo/s/screen-bce", + "/usr/share/terminfo/s/screen-s", + "/usr/share/terminfo/s/screen-w", + "/usr/share/terminfo/s/screen.xterm-256color", + "/usr/share/terminfo/s/sun", + "/usr/share/terminfo/t/tmux", + "/usr/share/terminfo/t/tmux-256color", + "/usr/share/terminfo/v/vt100", + "/usr/share/terminfo/v/vt102", + "/usr/share/terminfo/v/vt220", + "/usr/share/terminfo/v/vt52", + "/usr/share/terminfo/w/wsvt25", + "/usr/share/terminfo/w/wsvt25m", + "/usr/share/terminfo/x/xterm", + "/usr/share/terminfo/x/xterm-256color", + "/usr/share/terminfo/x/xterm-color", + "/usr/share/terminfo/x/xterm-mono", + "/usr/share/terminfo/x/xterm-r5", + "/usr/share/terminfo/x/xterm-r6", + "/usr/share/terminfo/x/xterm-vt220", + "/usr/share/terminfo/x/xterm-xfree86" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "ncurses-bin@6.4+20230625-2", + "Name": "ncurses-bin", + "Identifier": { + "PURL": "pkg:deb/ubuntu/ncurses-bin@6.4%2B20230625-2?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "c4f2b5d4182cef4f" + }, + "Version": "6.4+20230625", + "Release": "2", + "Arch": "amd64", + "SrcName": "ncurses", + "SrcVersion": "6.4+20230625", + "SrcRelease": "2", + "Licenses": [ + "MIT/X11", + "X11", + "BSD-3-Clause" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/bin/clear", + "/usr/bin/infocmp", + "/usr/bin/tabs", + "/usr/bin/tic", + "/usr/bin/toe", + "/usr/bin/tput", + "/usr/bin/tset", + "/usr/share/doc/ncurses-bin/copyright", + "/usr/share/man/man1/captoinfo.1.gz", + "/usr/share/man/man1/clear.1.gz", + "/usr/share/man/man1/infocmp.1.gz", + "/usr/share/man/man1/infotocap.1.gz", + "/usr/share/man/man1/tabs.1.gz", + "/usr/share/man/man1/tic.1.gz", + "/usr/share/man/man1/toe.1.gz", + "/usr/share/man/man1/tput.1.gz", + "/usr/share/man/man1/tset.1.gz", + "/usr/share/man/man5/scr_dump.5.gz", + "/usr/share/man/man5/term.5.gz", + "/usr/share/man/man5/terminfo.5.gz", + "/usr/share/man/man5/user_caps.5.gz", + "/usr/share/man/man7/term.7.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "netbase@6.4", + "Name": "netbase", + "Identifier": { + "PURL": "pkg:deb/ubuntu/netbase@6.4?arch=all\u0026distro=ubuntu-23.10", + "UID": "f5de852302697395" + }, + "Version": "6.4", + "Arch": "all", + "SrcName": "netbase", + "SrcVersion": "6.4", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/usr/share/doc/netbase/changelog.gz", + "/usr/share/doc/netbase/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "openssl@3.0.10-1ubuntu2.3", + "Name": "openssl", + "Identifier": { + "PURL": "pkg:deb/ubuntu/openssl@3.0.10-1ubuntu2.3?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "dacb5c30ff7f34f" + }, + "Version": "3.0.10", + "Release": "1ubuntu2.3", + "Arch": "amd64", + "SrcName": "openssl", + "SrcVersion": "3.0.10", + "SrcRelease": "1ubuntu2.3", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3", + "libssl3@3.0.10-1ubuntu2.3" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/usr/bin/c_rehash", + "/usr/bin/openssl", + "/usr/lib/ssl/misc/CA.pl", + "/usr/lib/ssl/misc/tsget.pl", + "/usr/share/doc/openssl/FAQ.md", + "/usr/share/doc/openssl/HOWTO/certificates.txt.gz", + "/usr/share/doc/openssl/HOWTO/keys.txt", + "/usr/share/doc/openssl/NEWS.Debian.gz", + "/usr/share/doc/openssl/NEWS.md.gz", + "/usr/share/doc/openssl/README-ENGINES.md.gz", + "/usr/share/doc/openssl/README.Debian", + "/usr/share/doc/openssl/README.md.gz", + "/usr/share/doc/openssl/README.optimization", + "/usr/share/doc/openssl/fingerprints.txt", + "/usr/share/lintian/overrides/openssl", + "/usr/share/man/man1/CA.pl.1ssl.gz", + "/usr/share/man/man1/openssl-asn1parse.1ssl.gz", + "/usr/share/man/man1/openssl-ca.1ssl.gz", + "/usr/share/man/man1/openssl-ciphers.1ssl.gz", + "/usr/share/man/man1/openssl-cmds.1ssl.gz", + "/usr/share/man/man1/openssl-cmp.1ssl.gz", + "/usr/share/man/man1/openssl-cms.1ssl.gz", + "/usr/share/man/man1/openssl-crl.1ssl.gz", + "/usr/share/man/man1/openssl-crl2pkcs7.1ssl.gz", + "/usr/share/man/man1/openssl-dgst.1ssl.gz", + "/usr/share/man/man1/openssl-dhparam.1ssl.gz", + "/usr/share/man/man1/openssl-dsa.1ssl.gz", + "/usr/share/man/man1/openssl-dsaparam.1ssl.gz", + "/usr/share/man/man1/openssl-ec.1ssl.gz", + "/usr/share/man/man1/openssl-ecparam.1ssl.gz", + "/usr/share/man/man1/openssl-enc.1ssl.gz", + "/usr/share/man/man1/openssl-engine.1ssl.gz", + "/usr/share/man/man1/openssl-errstr.1ssl.gz", + "/usr/share/man/man1/openssl-fipsinstall.1ssl.gz", + "/usr/share/man/man1/openssl-format-options.1ssl.gz", + "/usr/share/man/man1/openssl-gendsa.1ssl.gz", + "/usr/share/man/man1/openssl-genpkey.1ssl.gz", + "/usr/share/man/man1/openssl-genrsa.1ssl.gz", + "/usr/share/man/man1/openssl-info.1ssl.gz", + "/usr/share/man/man1/openssl-kdf.1ssl.gz", + "/usr/share/man/man1/openssl-list.1ssl.gz", + "/usr/share/man/man1/openssl-mac.1ssl.gz", + "/usr/share/man/man1/openssl-namedisplay-options.1ssl.gz", + "/usr/share/man/man1/openssl-nseq.1ssl.gz", + "/usr/share/man/man1/openssl-ocsp.1ssl.gz", + "/usr/share/man/man1/openssl-passphrase-options.1ssl.gz", + "/usr/share/man/man1/openssl-passwd.1ssl.gz", + "/usr/share/man/man1/openssl-pkcs12.1ssl.gz", + "/usr/share/man/man1/openssl-pkcs7.1ssl.gz", + "/usr/share/man/man1/openssl-pkcs8.1ssl.gz", + "/usr/share/man/man1/openssl-pkey.1ssl.gz", + "/usr/share/man/man1/openssl-pkeyparam.1ssl.gz", + "/usr/share/man/man1/openssl-pkeyutl.1ssl.gz", + "/usr/share/man/man1/openssl-prime.1ssl.gz", + "/usr/share/man/man1/openssl-rand.1ssl.gz", + "/usr/share/man/man1/openssl-rehash.1ssl.gz", + "/usr/share/man/man1/openssl-req.1ssl.gz", + "/usr/share/man/man1/openssl-rsa.1ssl.gz", + "/usr/share/man/man1/openssl-rsautl.1ssl.gz", + "/usr/share/man/man1/openssl-s_client.1ssl.gz", + "/usr/share/man/man1/openssl-s_server.1ssl.gz", + "/usr/share/man/man1/openssl-s_time.1ssl.gz", + "/usr/share/man/man1/openssl-sess_id.1ssl.gz", + "/usr/share/man/man1/openssl-smime.1ssl.gz", + "/usr/share/man/man1/openssl-speed.1ssl.gz", + "/usr/share/man/man1/openssl-spkac.1ssl.gz", + "/usr/share/man/man1/openssl-srp.1ssl.gz", + "/usr/share/man/man1/openssl-storeutl.1ssl.gz", + "/usr/share/man/man1/openssl-ts.1ssl.gz", + "/usr/share/man/man1/openssl-verification-options.1ssl.gz", + "/usr/share/man/man1/openssl-verify.1ssl.gz", + "/usr/share/man/man1/openssl-version.1ssl.gz", + "/usr/share/man/man1/openssl-x509.1ssl.gz", + "/usr/share/man/man1/openssl.1ssl.gz", + "/usr/share/man/man1/tsget.1ssl.gz", + "/usr/share/man/man5/config.5ssl.gz", + "/usr/share/man/man5/fips_config.5ssl.gz", + "/usr/share/man/man5/x509v3_config.5ssl.gz", + "/usr/share/man/man7/EVP_ASYM_CIPHER-RSA.7ssl.gz", + "/usr/share/man/man7/EVP_ASYM_CIPHER-SM2.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-AES.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-ARIA.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-BLOWFISH.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-CAMELLIA.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-CAST.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-CHACHA.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-DES.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-IDEA.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-NULL.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-RC2.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-RC4.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-RC5.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-SEED.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-SM4.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-HKDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-KB.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-KRB5KDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-PBKDF1.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-PBKDF2.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-PKCS12KDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-SCRYPT.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-SS.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-SSHKDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-TLS13_KDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-TLS1_PRF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-X942-ASN1.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-X942-CONCAT.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-X963.7ssl.gz", + "/usr/share/man/man7/EVP_KEM-RSA.7ssl.gz", + "/usr/share/man/man7/EVP_KEYEXCH-DH.7ssl.gz", + "/usr/share/man/man7/EVP_KEYEXCH-ECDH.7ssl.gz", + "/usr/share/man/man7/EVP_KEYEXCH-X25519.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-BLAKE2.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-CMAC.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-GMAC.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-HMAC.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-KMAC.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-Poly1305.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-Siphash.7ssl.gz", + "/usr/share/man/man7/EVP_MD-BLAKE2.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MD2.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MD4.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MD5-SHA1.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MD5.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MDC2.7ssl.gz", + "/usr/share/man/man7/EVP_MD-NULL.7ssl.gz", + "/usr/share/man/man7/EVP_MD-RIPEMD160.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SHA1.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SHA2.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SHA3.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SHAKE.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SM3.7ssl.gz", + "/usr/share/man/man7/EVP_MD-WHIRLPOOL.7ssl.gz", + "/usr/share/man/man7/EVP_MD-common.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-DH.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-DSA.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-EC.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-FFC.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-HMAC.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-RSA.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-SM2.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-X25519.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-CTR-DRBG.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-HASH-DRBG.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-HMAC-DRBG.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-SEED-SRC.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-TEST-RAND.7ssl.gz", + "/usr/share/man/man7/EVP_RAND.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-DSA.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-ECDSA.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-ED25519.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-HMAC.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-RSA.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-FIPS.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-base.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-default.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-legacy.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-null.7ssl.gz", + "/usr/share/man/man7/RAND.7ssl.gz", + "/usr/share/man/man7/RSA-PSS.7ssl.gz", + "/usr/share/man/man7/X25519.7ssl.gz", + "/usr/share/man/man7/bio.7ssl.gz", + "/usr/share/man/man7/crypto.7ssl.gz", + "/usr/share/man/man7/ct.7ssl.gz", + "/usr/share/man/man7/des_modes.7ssl.gz", + "/usr/share/man/man7/evp.7ssl.gz", + "/usr/share/man/man7/fips_module.7ssl.gz", + "/usr/share/man/man7/life_cycle-cipher.7ssl.gz", + "/usr/share/man/man7/life_cycle-digest.7ssl.gz", + "/usr/share/man/man7/life_cycle-kdf.7ssl.gz", + "/usr/share/man/man7/life_cycle-mac.7ssl.gz", + "/usr/share/man/man7/life_cycle-pkey.7ssl.gz", + "/usr/share/man/man7/life_cycle-rand.7ssl.gz", + "/usr/share/man/man7/migration_guide.7ssl.gz", + "/usr/share/man/man7/openssl-core.h.7ssl.gz", + "/usr/share/man/man7/openssl-core_dispatch.h.7ssl.gz", + "/usr/share/man/man7/openssl-core_names.h.7ssl.gz", + "/usr/share/man/man7/openssl-env.7ssl.gz", + "/usr/share/man/man7/openssl-glossary.7ssl.gz", + "/usr/share/man/man7/openssl-threads.7ssl.gz", + "/usr/share/man/man7/openssl_user_macros.7ssl.gz", + "/usr/share/man/man7/ossl_store-file.7ssl.gz", + "/usr/share/man/man7/ossl_store.7ssl.gz", + "/usr/share/man/man7/passphrase-encoding.7ssl.gz", + "/usr/share/man/man7/property.7ssl.gz", + "/usr/share/man/man7/provider-asym_cipher.7ssl.gz", + "/usr/share/man/man7/provider-base.7ssl.gz", + "/usr/share/man/man7/provider-cipher.7ssl.gz", + "/usr/share/man/man7/provider-decoder.7ssl.gz", + "/usr/share/man/man7/provider-digest.7ssl.gz", + "/usr/share/man/man7/provider-encoder.7ssl.gz", + "/usr/share/man/man7/provider-kdf.7ssl.gz", + "/usr/share/man/man7/provider-kem.7ssl.gz", + "/usr/share/man/man7/provider-keyexch.7ssl.gz", + "/usr/share/man/man7/provider-keymgmt.7ssl.gz", + "/usr/share/man/man7/provider-mac.7ssl.gz", + "/usr/share/man/man7/provider-object.7ssl.gz", + "/usr/share/man/man7/provider-rand.7ssl.gz", + "/usr/share/man/man7/provider-signature.7ssl.gz", + "/usr/share/man/man7/provider-storemgmt.7ssl.gz", + "/usr/share/man/man7/provider.7ssl.gz", + "/usr/share/man/man7/proxy-certificates.7ssl.gz", + "/usr/share/man/man7/ssl.7ssl.gz", + "/usr/share/man/man7/x509.7ssl.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "passwd@1:4.13+dfsg1-1ubuntu1.1", + "Name": "passwd", + "Identifier": { + "PURL": "pkg:deb/ubuntu/passwd@4.13%2Bdfsg1-1ubuntu1.1?arch=amd64\u0026distro=ubuntu-23.10\u0026epoch=1", + "UID": "4e7d69e554075421" + }, + "Version": "4.13+dfsg1", + "Release": "1ubuntu1.1", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "shadow", + "SrcVersion": "4.13+dfsg1", + "SrcRelease": "1ubuntu1.1", + "SrcEpoch": 1, + "Licenses": [ + "BSD-3-Clause", + "GPL-1.0-only", + "GPL-2.0-or-later", + "public-domain", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit1@1:3.1.1-1", + "libc6@2.38-1ubuntu6.3", + "libcrypt1@1:4.4.36-2", + "libpam-modules@1.5.2-6ubuntu1.1", + "libpam0g@1.5.2-6ubuntu1.1", + "libselinux1@3.5-1", + "libsemanage2@3.5-1" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/sbin/shadowconfig", + "/usr/bin/chage", + "/usr/bin/chfn", + "/usr/bin/chsh", + "/usr/bin/expiry", + "/usr/bin/gpasswd", + "/usr/bin/passwd", + "/usr/lib/tmpfiles.d/passwd.conf", + "/usr/sbin/chgpasswd", + "/usr/sbin/chpasswd", + "/usr/sbin/cppw", + "/usr/sbin/groupadd", + "/usr/sbin/groupdel", + "/usr/sbin/groupmems", + "/usr/sbin/groupmod", + "/usr/sbin/grpck", + "/usr/sbin/grpconv", + "/usr/sbin/grpunconv", + "/usr/sbin/newusers", + "/usr/sbin/pwck", + "/usr/sbin/pwconv", + "/usr/sbin/pwunconv", + "/usr/sbin/useradd", + "/usr/sbin/userdel", + "/usr/sbin/usermod", + "/usr/sbin/vipw", + "/usr/share/doc/passwd/NEWS.Debian.gz", + "/usr/share/doc/passwd/README.Debian", + "/usr/share/doc/passwd/TODO.Debian", + "/usr/share/doc/passwd/changelog.Debian.gz", + "/usr/share/doc/passwd/copyright", + "/usr/share/doc/passwd/examples/passwd.expire.cron", + "/usr/share/lintian/overrides/passwd", + "/usr/share/man/cs/man1/expiry.1.gz", + "/usr/share/man/cs/man1/gpasswd.1.gz", + "/usr/share/man/cs/man5/gshadow.5.gz", + "/usr/share/man/cs/man5/passwd.5.gz", + "/usr/share/man/cs/man5/shadow.5.gz", + "/usr/share/man/cs/man8/groupadd.8.gz", + "/usr/share/man/cs/man8/groupdel.8.gz", + "/usr/share/man/cs/man8/groupmod.8.gz", + "/usr/share/man/cs/man8/grpck.8.gz", + "/usr/share/man/cs/man8/vipw.8.gz", + "/usr/share/man/da/man1/chfn.1.gz", + "/usr/share/man/da/man5/gshadow.5.gz", + "/usr/share/man/da/man8/groupdel.8.gz", + "/usr/share/man/da/man8/vipw.8.gz", + "/usr/share/man/de/man1/chage.1.gz", + "/usr/share/man/de/man1/chfn.1.gz", + "/usr/share/man/de/man1/chsh.1.gz", + "/usr/share/man/de/man1/expiry.1.gz", + "/usr/share/man/de/man1/gpasswd.1.gz", + "/usr/share/man/de/man1/passwd.1.gz", + "/usr/share/man/de/man5/gshadow.5.gz", + "/usr/share/man/de/man5/passwd.5.gz", + "/usr/share/man/de/man5/shadow.5.gz", + "/usr/share/man/de/man8/chgpasswd.8.gz", + "/usr/share/man/de/man8/chpasswd.8.gz", + "/usr/share/man/de/man8/groupadd.8.gz", + "/usr/share/man/de/man8/groupdel.8.gz", + "/usr/share/man/de/man8/groupmems.8.gz", + "/usr/share/man/de/man8/groupmod.8.gz", + "/usr/share/man/de/man8/grpck.8.gz", + "/usr/share/man/de/man8/newusers.8.gz", + "/usr/share/man/de/man8/pwck.8.gz", + "/usr/share/man/de/man8/pwconv.8.gz", + "/usr/share/man/de/man8/useradd.8.gz", + "/usr/share/man/de/man8/userdel.8.gz", + "/usr/share/man/de/man8/usermod.8.gz", + "/usr/share/man/de/man8/vipw.8.gz", + "/usr/share/man/fi/man1/chfn.1.gz", + "/usr/share/man/fi/man1/chsh.1.gz", + "/usr/share/man/fr/man1/chage.1.gz", + "/usr/share/man/fr/man1/chfn.1.gz", + "/usr/share/man/fr/man1/chsh.1.gz", + "/usr/share/man/fr/man1/expiry.1.gz", + "/usr/share/man/fr/man1/gpasswd.1.gz", + "/usr/share/man/fr/man1/passwd.1.gz", + "/usr/share/man/fr/man5/gshadow.5.gz", + "/usr/share/man/fr/man5/passwd.5.gz", + "/usr/share/man/fr/man5/shadow.5.gz", + "/usr/share/man/fr/man5/subgid.5.gz", + "/usr/share/man/fr/man5/subuid.5.gz", + "/usr/share/man/fr/man8/chgpasswd.8.gz", + "/usr/share/man/fr/man8/chpasswd.8.gz", + "/usr/share/man/fr/man8/groupadd.8.gz", + "/usr/share/man/fr/man8/groupdel.8.gz", + "/usr/share/man/fr/man8/groupmems.8.gz", + "/usr/share/man/fr/man8/groupmod.8.gz", + "/usr/share/man/fr/man8/grpck.8.gz", + "/usr/share/man/fr/man8/newusers.8.gz", + "/usr/share/man/fr/man8/pwck.8.gz", + "/usr/share/man/fr/man8/pwconv.8.gz", + "/usr/share/man/fr/man8/useradd.8.gz", + "/usr/share/man/fr/man8/userdel.8.gz", + "/usr/share/man/fr/man8/usermod.8.gz", + "/usr/share/man/fr/man8/vipw.8.gz", + "/usr/share/man/hu/man1/chsh.1.gz", + "/usr/share/man/hu/man1/gpasswd.1.gz", + "/usr/share/man/hu/man1/passwd.1.gz", + "/usr/share/man/hu/man5/passwd.5.gz", + "/usr/share/man/id/man1/chsh.1.gz", + "/usr/share/man/id/man8/useradd.8.gz", + "/usr/share/man/it/man1/chage.1.gz", + "/usr/share/man/it/man1/chfn.1.gz", + "/usr/share/man/it/man1/chsh.1.gz", + "/usr/share/man/it/man1/expiry.1.gz", + "/usr/share/man/it/man1/gpasswd.1.gz", + "/usr/share/man/it/man1/passwd.1.gz", + "/usr/share/man/it/man5/gshadow.5.gz", + "/usr/share/man/it/man5/passwd.5.gz", + "/usr/share/man/it/man5/shadow.5.gz", + "/usr/share/man/it/man8/chgpasswd.8.gz", + "/usr/share/man/it/man8/chpasswd.8.gz", + "/usr/share/man/it/man8/groupadd.8.gz", + "/usr/share/man/it/man8/groupdel.8.gz", + "/usr/share/man/it/man8/groupmems.8.gz", + "/usr/share/man/it/man8/groupmod.8.gz", + "/usr/share/man/it/man8/grpck.8.gz", + "/usr/share/man/it/man8/newusers.8.gz", + "/usr/share/man/it/man8/pwck.8.gz", + "/usr/share/man/it/man8/pwconv.8.gz", + "/usr/share/man/it/man8/useradd.8.gz", + "/usr/share/man/it/man8/userdel.8.gz", + "/usr/share/man/it/man8/usermod.8.gz", + "/usr/share/man/it/man8/vipw.8.gz", + "/usr/share/man/ja/man1/chage.1.gz", + "/usr/share/man/ja/man1/chfn.1.gz", + "/usr/share/man/ja/man1/chsh.1.gz", + "/usr/share/man/ja/man1/expiry.1.gz", + "/usr/share/man/ja/man1/gpasswd.1.gz", + "/usr/share/man/ja/man1/passwd.1.gz", + "/usr/share/man/ja/man5/passwd.5.gz", + "/usr/share/man/ja/man5/shadow.5.gz", + "/usr/share/man/ja/man8/chpasswd.8.gz", + "/usr/share/man/ja/man8/groupadd.8.gz", + "/usr/share/man/ja/man8/groupdel.8.gz", + "/usr/share/man/ja/man8/groupmod.8.gz", + "/usr/share/man/ja/man8/grpck.8.gz", + "/usr/share/man/ja/man8/newusers.8.gz", + "/usr/share/man/ja/man8/pwck.8.gz", + "/usr/share/man/ja/man8/pwconv.8.gz", + "/usr/share/man/ja/man8/useradd.8.gz", + "/usr/share/man/ja/man8/userdel.8.gz", + "/usr/share/man/ja/man8/usermod.8.gz", + "/usr/share/man/ja/man8/vipw.8.gz", + "/usr/share/man/ko/man1/chfn.1.gz", + "/usr/share/man/ko/man1/chsh.1.gz", + "/usr/share/man/ko/man5/passwd.5.gz", + "/usr/share/man/ko/man8/vipw.8.gz", + "/usr/share/man/man1/chage.1.gz", + "/usr/share/man/man1/chfn.1.gz", + "/usr/share/man/man1/chsh.1.gz", + "/usr/share/man/man1/expiry.1.gz", + "/usr/share/man/man1/gpasswd.1.gz", + "/usr/share/man/man1/passwd.1.gz", + "/usr/share/man/man5/gshadow.5.gz", + "/usr/share/man/man5/passwd.5.gz", + "/usr/share/man/man5/shadow.5.gz", + "/usr/share/man/man5/subgid.5.gz", + "/usr/share/man/man5/subuid.5.gz", + "/usr/share/man/man8/chgpasswd.8.gz", + "/usr/share/man/man8/chpasswd.8.gz", + "/usr/share/man/man8/cppw.8.gz", + "/usr/share/man/man8/groupadd.8.gz", + "/usr/share/man/man8/groupdel.8.gz", + "/usr/share/man/man8/groupmems.8.gz", + "/usr/share/man/man8/groupmod.8.gz", + "/usr/share/man/man8/grpck.8.gz", + "/usr/share/man/man8/newusers.8.gz", + "/usr/share/man/man8/pwck.8.gz", + "/usr/share/man/man8/pwconv.8.gz", + "/usr/share/man/man8/useradd.8.gz", + "/usr/share/man/man8/userdel.8.gz", + "/usr/share/man/man8/usermod.8.gz", + "/usr/share/man/man8/vipw.8.gz", + "/usr/share/man/pl/man1/chage.1.gz", + "/usr/share/man/pl/man1/chsh.1.gz", + "/usr/share/man/pl/man1/expiry.1.gz", + "/usr/share/man/pl/man8/groupadd.8.gz", + "/usr/share/man/pl/man8/groupdel.8.gz", + "/usr/share/man/pl/man8/groupmems.8.gz", + "/usr/share/man/pl/man8/groupmod.8.gz", + "/usr/share/man/pl/man8/grpck.8.gz", + "/usr/share/man/pl/man8/userdel.8.gz", + "/usr/share/man/pl/man8/usermod.8.gz", + "/usr/share/man/pl/man8/vipw.8.gz", + "/usr/share/man/pt_BR/man1/gpasswd.1.gz", + "/usr/share/man/pt_BR/man5/passwd.5.gz", + "/usr/share/man/pt_BR/man5/shadow.5.gz", + "/usr/share/man/pt_BR/man8/groupadd.8.gz", + "/usr/share/man/pt_BR/man8/groupdel.8.gz", + "/usr/share/man/pt_BR/man8/groupmod.8.gz", + "/usr/share/man/ru/man1/chage.1.gz", + "/usr/share/man/ru/man1/chfn.1.gz", + "/usr/share/man/ru/man1/chsh.1.gz", + "/usr/share/man/ru/man1/expiry.1.gz", + "/usr/share/man/ru/man1/gpasswd.1.gz", + "/usr/share/man/ru/man1/passwd.1.gz", + "/usr/share/man/ru/man5/gshadow.5.gz", + "/usr/share/man/ru/man5/passwd.5.gz", + "/usr/share/man/ru/man5/shadow.5.gz", + "/usr/share/man/ru/man8/chgpasswd.8.gz", + "/usr/share/man/ru/man8/chpasswd.8.gz", + "/usr/share/man/ru/man8/groupadd.8.gz", + "/usr/share/man/ru/man8/groupdel.8.gz", + "/usr/share/man/ru/man8/groupmems.8.gz", + "/usr/share/man/ru/man8/groupmod.8.gz", + "/usr/share/man/ru/man8/grpck.8.gz", + "/usr/share/man/ru/man8/newusers.8.gz", + "/usr/share/man/ru/man8/pwck.8.gz", + "/usr/share/man/ru/man8/pwconv.8.gz", + "/usr/share/man/ru/man8/useradd.8.gz", + "/usr/share/man/ru/man8/userdel.8.gz", + "/usr/share/man/ru/man8/usermod.8.gz", + "/usr/share/man/ru/man8/vipw.8.gz", + "/usr/share/man/sv/man1/chage.1.gz", + "/usr/share/man/sv/man1/chsh.1.gz", + "/usr/share/man/sv/man1/expiry.1.gz", + "/usr/share/man/sv/man1/passwd.1.gz", + "/usr/share/man/sv/man5/gshadow.5.gz", + "/usr/share/man/sv/man5/passwd.5.gz", + "/usr/share/man/sv/man8/groupadd.8.gz", + "/usr/share/man/sv/man8/groupdel.8.gz", + "/usr/share/man/sv/man8/groupmems.8.gz", + "/usr/share/man/sv/man8/groupmod.8.gz", + "/usr/share/man/sv/man8/grpck.8.gz", + "/usr/share/man/sv/man8/pwck.8.gz", + "/usr/share/man/sv/man8/userdel.8.gz", + "/usr/share/man/sv/man8/vipw.8.gz", + "/usr/share/man/tr/man1/chage.1.gz", + "/usr/share/man/tr/man1/chfn.1.gz", + "/usr/share/man/tr/man1/passwd.1.gz", + "/usr/share/man/tr/man5/passwd.5.gz", + "/usr/share/man/tr/man5/shadow.5.gz", + "/usr/share/man/tr/man8/groupadd.8.gz", + "/usr/share/man/tr/man8/groupdel.8.gz", + "/usr/share/man/tr/man8/groupmod.8.gz", + "/usr/share/man/tr/man8/useradd.8.gz", + "/usr/share/man/tr/man8/userdel.8.gz", + "/usr/share/man/tr/man8/usermod.8.gz", + "/usr/share/man/uk/man1/chage.1.gz", + "/usr/share/man/uk/man1/chfn.1.gz", + "/usr/share/man/uk/man1/chsh.1.gz", + "/usr/share/man/uk/man1/expiry.1.gz", + "/usr/share/man/uk/man1/gpasswd.1.gz", + "/usr/share/man/uk/man1/passwd.1.gz", + "/usr/share/man/uk/man5/gshadow.5.gz", + "/usr/share/man/uk/man5/passwd.5.gz", + "/usr/share/man/uk/man5/shadow.5.gz", + "/usr/share/man/uk/man8/chgpasswd.8.gz", + "/usr/share/man/uk/man8/chpasswd.8.gz", + "/usr/share/man/uk/man8/groupadd.8.gz", + "/usr/share/man/uk/man8/groupdel.8.gz", + "/usr/share/man/uk/man8/groupmems.8.gz", + "/usr/share/man/uk/man8/groupmod.8.gz", + "/usr/share/man/uk/man8/grpck.8.gz", + "/usr/share/man/uk/man8/newusers.8.gz", + "/usr/share/man/uk/man8/pwck.8.gz", + "/usr/share/man/uk/man8/pwconv.8.gz", + "/usr/share/man/uk/man8/useradd.8.gz", + "/usr/share/man/uk/man8/userdel.8.gz", + "/usr/share/man/uk/man8/usermod.8.gz", + "/usr/share/man/uk/man8/vipw.8.gz", + "/usr/share/man/zh_CN/man1/chage.1.gz", + "/usr/share/man/zh_CN/man1/chfn.1.gz", + "/usr/share/man/zh_CN/man1/chsh.1.gz", + "/usr/share/man/zh_CN/man1/expiry.1.gz", + "/usr/share/man/zh_CN/man1/gpasswd.1.gz", + "/usr/share/man/zh_CN/man1/passwd.1.gz", + "/usr/share/man/zh_CN/man5/gshadow.5.gz", + "/usr/share/man/zh_CN/man5/passwd.5.gz", + "/usr/share/man/zh_CN/man5/shadow.5.gz", + "/usr/share/man/zh_CN/man8/chgpasswd.8.gz", + "/usr/share/man/zh_CN/man8/chpasswd.8.gz", + "/usr/share/man/zh_CN/man8/groupadd.8.gz", + "/usr/share/man/zh_CN/man8/groupdel.8.gz", + "/usr/share/man/zh_CN/man8/groupmems.8.gz", + "/usr/share/man/zh_CN/man8/groupmod.8.gz", + "/usr/share/man/zh_CN/man8/grpck.8.gz", + "/usr/share/man/zh_CN/man8/newusers.8.gz", + "/usr/share/man/zh_CN/man8/pwck.8.gz", + "/usr/share/man/zh_CN/man8/pwconv.8.gz", + "/usr/share/man/zh_CN/man8/useradd.8.gz", + "/usr/share/man/zh_CN/man8/userdel.8.gz", + "/usr/share/man/zh_CN/man8/usermod.8.gz", + "/usr/share/man/zh_CN/man8/vipw.8.gz", + "/usr/share/man/zh_TW/man1/chfn.1.gz", + "/usr/share/man/zh_TW/man1/chsh.1.gz", + "/usr/share/man/zh_TW/man5/passwd.5.gz", + "/usr/share/man/zh_TW/man8/chpasswd.8.gz", + "/usr/share/man/zh_TW/man8/groupadd.8.gz", + "/usr/share/man/zh_TW/man8/groupdel.8.gz", + "/usr/share/man/zh_TW/man8/groupmod.8.gz", + "/usr/share/man/zh_TW/man8/useradd.8.gz", + "/usr/share/man/zh_TW/man8/userdel.8.gz", + "/usr/share/man/zh_TW/man8/usermod.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "perl@5.36.0-9ubuntu1.1", + "Name": "perl", + "Identifier": { + "PURL": "pkg:deb/ubuntu/perl@5.36.0-9ubuntu1.1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "1bcdacf903742782" + }, + "Version": "5.36.0", + "Release": "9ubuntu1.1", + "Arch": "amd64", + "SrcName": "perl", + "SrcVersion": "5.36.0", + "SrcRelease": "9ubuntu1.1", + "Licenses": [ + "GPL-1.0-or-later", + "Artistic-2.0", + "MIT", + "REGCOMP", + "GPL-2.0-with-bison-exception+", + "Unicode", + "BZIP", + "Zlib", + "GPL-2.0-or-later", + "RRA-KEEP-THIS-NOTICE", + "BSD-3-clause-with-weird-numbering", + "CC0-1.0", + "TEXT-TABS", + "BSD-4-clause-POWERDOG", + "BSD-3-clause-GENERIC", + "BSD-3-Clause", + "SDBM-PUBLIC-DOMAIN", + "DONT-CHANGE-THE-GPL", + "Artistic-dist", + "LGPL-2.1-only", + "GPL-1.0-only", + "GPL-2.0-only", + "Artistic-2", + "HSIEH-DERIVATIVE", + "HSIEH-BSD" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libperl5.36@5.36.0-9ubuntu1.1", + "perl-base@5.36.0-9ubuntu1.1", + "perl-modules-5.36@5.36.0-9ubuntu1.1" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/usr/bin/corelist", + "/usr/bin/cpan", + "/usr/bin/enc2xs", + "/usr/bin/encguess", + "/usr/bin/h2ph", + "/usr/bin/h2xs", + "/usr/bin/instmodsh", + "/usr/bin/json_pp", + "/usr/bin/libnetcfg", + "/usr/bin/perlbug", + "/usr/bin/perldoc", + "/usr/bin/perlivp", + "/usr/bin/perlthanks", + "/usr/bin/piconv", + "/usr/bin/pl2pm", + "/usr/bin/pod2html", + "/usr/bin/pod2man", + "/usr/bin/pod2text", + "/usr/bin/pod2usage", + "/usr/bin/podchecker", + "/usr/bin/prove", + "/usr/bin/ptar", + "/usr/bin/ptardiff", + "/usr/bin/ptargrep", + "/usr/bin/shasum", + "/usr/bin/splain", + "/usr/bin/streamzip", + "/usr/bin/xsubpp", + "/usr/bin/zipdetails", + "/usr/share/doc/perl/README.Debian", + "/usr/share/doc/perl/copyright", + "/usr/share/lintian/overrides/perl", + "/usr/share/man/man1/corelist.1.gz", + "/usr/share/man/man1/cpan.1.gz", + "/usr/share/man/man1/enc2xs.1.gz", + "/usr/share/man/man1/encguess.1.gz", + "/usr/share/man/man1/h2ph.1.gz", + "/usr/share/man/man1/h2xs.1.gz", + "/usr/share/man/man1/instmodsh.1.gz", + "/usr/share/man/man1/json_pp.1.gz", + "/usr/share/man/man1/libnetcfg.1.gz", + "/usr/share/man/man1/perlbug.1.gz", + "/usr/share/man/man1/perlivp.1.gz", + "/usr/share/man/man1/piconv.1.gz", + "/usr/share/man/man1/pl2pm.1.gz", + "/usr/share/man/man1/pod2html.1.gz", + "/usr/share/man/man1/pod2man.1.gz", + "/usr/share/man/man1/pod2text.1.gz", + "/usr/share/man/man1/pod2usage.1.gz", + "/usr/share/man/man1/podchecker.1.gz", + "/usr/share/man/man1/prove.1.gz", + "/usr/share/man/man1/ptar.1.gz", + "/usr/share/man/man1/ptardiff.1.gz", + "/usr/share/man/man1/ptargrep.1.gz", + "/usr/share/man/man1/shasum.1.gz", + "/usr/share/man/man1/splain.1.gz", + "/usr/share/man/man1/streamzip.1.gz", + "/usr/share/man/man1/xsubpp.1.gz", + "/usr/share/man/man1/zipdetails.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "perl-base@5.36.0-9ubuntu1.1", + "Name": "perl-base", + "Identifier": { + "PURL": "pkg:deb/ubuntu/perl-base@5.36.0-9ubuntu1.1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "cc217ef2a5896c5d" + }, + "Version": "5.36.0", + "Release": "9ubuntu1.1", + "Arch": "amd64", + "SrcName": "perl", + "SrcVersion": "5.36.0", + "SrcRelease": "9ubuntu1.1", + "Licenses": [ + "GPL-1.0-or-later", + "Artistic-2.0", + "MIT", + "REGCOMP", + "GPL-2.0-with-bison-exception+", + "Unicode", + "BZIP", + "Zlib", + "GPL-2.0-or-later", + "RRA-KEEP-THIS-NOTICE", + "BSD-3-clause-with-weird-numbering", + "CC0-1.0", + "TEXT-TABS", + "BSD-4-clause-POWERDOG", + "BSD-3-clause-GENERIC", + "BSD-3-Clause", + "SDBM-PUBLIC-DOMAIN", + "DONT-CHANGE-THE-GPL", + "Artistic-dist", + "LGPL-2.1-only", + "GPL-1.0-only", + "GPL-2.0-only", + "Artistic-2", + "HSIEH-DERIVATIVE", + "HSIEH-BSD" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/bin/perl", + "/usr/bin/perl5.36.0", + "/usr/lib/x86_64-linux-gnu/perl-base/AutoLoader.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Carp.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Carp/Heavy.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Config.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Config_git.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/Config_heavy.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/Cwd.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/DynaLoader.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Errno.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Exporter.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Exporter/Heavy.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Fcntl.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Basename.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Glob.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Path.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec/Unix.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Temp.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/FileHandle.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Getopt/Long.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Hash/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/File.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Handle.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Pipe.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Seekable.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Select.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/INET.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/IP.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/UNIX.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open2.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/List/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/POSIX.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Scalar/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/SelectSaver.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Socket.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Symbol.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Text/ParseWords.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Text/Tabs.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Text/Wrap.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Tie/Hash.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/XSLoader.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/attributes.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/Cwd/Cwd.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/Fcntl/Fcntl.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/File/Glob/Glob.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/Hash/Util/Util.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/IO/IO.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/List/Util/Util.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/POSIX/POSIX.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/Socket/Socket.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/attributes/attributes.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/re/re.so", + "/usr/lib/x86_64-linux-gnu/perl-base/base.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/builtin.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/bytes.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/bytes_heavy.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/constant.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/feature.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/fields.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/integer.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/lib.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/locale.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/overload.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/overloading.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/parent.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/re.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/strict.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Age.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bmg.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Cf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Ea.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/EqUIdeo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/GCB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Gc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Hst.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Identif2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Identifi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InPC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InSC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Isc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jg.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFCQC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFDQC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCCF.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCQC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKDQC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Na1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NameAlia.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nv.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/PerlDeci.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/SB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Sc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Scx.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Tc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Uc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Vo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/WB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlLB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlSCX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/NA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V100.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V11.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V110.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V120.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V130.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V140.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V20.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V30.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V31.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V32.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V40.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V41.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V50.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V51.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V52.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V60.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V61.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V70.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V80.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V90.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Alpha/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/B.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/BN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/CS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/EN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ES.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ET.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/L.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/NSM.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ON.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/R.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/WS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiM/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Blk/NB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/C.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/O.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CE/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CI/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCF/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCM/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWKCF/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWL/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWT/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWU/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Cased/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/A.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/ATAR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/B.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/BR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/DB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NK.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/OV.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/VR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CompEx/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/DI/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dash/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dep/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dia/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Com.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Enc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Fin.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Font.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Init.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Iso.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Med.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nar.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/NonCanon.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sqr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sub.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sup.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Vert.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EBase/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EComp/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EPres/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/A.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/H.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/Na.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/W.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Emoji/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ext/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/ExtPict/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/CN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/EX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LV.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LVT.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/PP.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/SM.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/XX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/C.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/L.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/LC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ll.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/M.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Me.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nd.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/No.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/P.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pd.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pe.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Po.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ps.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/S.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sk.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/So.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Z.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Zs.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrBase/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrExt/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hex/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hst/NA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hyphen/T.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDS/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdStatus/Allowed.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdStatus/Restrict.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/DefaultI.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Exclusio.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Inclusio.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/LimitedU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotChara.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotNFKC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotXID.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Obsolete.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Recommen.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Technica.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Uncommon.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ideo/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/10_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/11_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/13_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/14_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/7_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/8_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/9_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Bottom.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/BottomAn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Left.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/LeftAndR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/NA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Overstru.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Right.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Top.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndBo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndL2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndLe.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndRi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/VisualOr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Avagraha.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Bindu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Cantilla.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona4.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona5.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona6.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona7.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona8.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consonan.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Invisibl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Nukta.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Number.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Other.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/PureKill.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Syllable.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/ToneMark.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Virama.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Visarga.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Vowel.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelDep.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelInd.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Ain.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Alef.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Beh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Dal.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/FarsiYeh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Feh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Gaf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Hah.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/HanifiRo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Kaf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Lam.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/NoJoinin.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Noon.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Qaf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Reh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Sad.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Seen.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Tah.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Waw.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Yeh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/C.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/D.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/L.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/R.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/T.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/U.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AI.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CJ.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CM.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/EX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/GL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/ID.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/OP.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PO.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/QU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/SA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/XX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lower/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Math/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/M.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Di.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/None.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Nu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/11.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/12.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/13.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/14.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/15.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/16.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/17.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/18.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/19.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_16.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_4.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_6.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_8.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/200.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2_3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/300.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_16.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_4.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/400.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/500.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/600.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/700.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/800.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/900.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PCM/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PatSyn/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Alnum.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Assigned.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Blank.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Graph.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PerlWord.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PosixPun.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Print.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/SpacePer.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Title.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Word.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/XPosixPu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlAny.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCh2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCha.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlFol.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIsI.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlNch.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPat.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPr2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPro.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlQuo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/QMark/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/AT.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/CL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/EX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/FO.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LE.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LO.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/NU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/SC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/ST.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/Sp.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/UP.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/XX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SD/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/STerm/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Arab.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Beng.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cprt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cyrl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Deva.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Dupl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Geor.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Glag.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gong.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gonm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gran.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Grek.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gujr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Guru.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Han.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hang.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hira.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Kana.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Knda.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Latn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Limb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Linb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mlym.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mong.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mult.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Orya.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Sinh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Syrc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Taml.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Telu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zinh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zyyy.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Adlm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Arab.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Armn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Beng.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bhks.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bopo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cakm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cham.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Copt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cprt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cyrl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Deva.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Diak.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Dupl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Ethi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Geor.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Glag.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gong.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gonm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gran.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Grek.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gujr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Guru.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Han.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hang.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hebr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hira.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmng.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmnp.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kana.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khar.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khmr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khoj.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Knda.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kthi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lana.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lao.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Latn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Limb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lina.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Linb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mlym.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mong.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mult.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mymr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Nand.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Nko.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Orya.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Phlp.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Rohg.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Shrd.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sind.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sinh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Syrc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tagb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Takr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Talu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Taml.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tang.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Telu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Thaa.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tibt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tirh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Vith.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Xsux.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Yezi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Yi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zinh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zyyy.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zzzz.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Term/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/UIdeo/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Upper/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/VS/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/R.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/U.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/EX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/Extend.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/FO.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/HL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/KA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/LE.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/ML.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/NU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/WSegSpac.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/XX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDS/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/utf8.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/vars.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/warnings.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/warnings/register.pm", + "/usr/share/doc/perl-base/changelog.Debian.gz", + "/usr/share/doc/perl-base/copyright", + "/usr/share/doc/perl/AUTHORS.gz", + "/usr/share/doc/perl/Documentation", + "/usr/share/lintian/overrides/perl-base", + "/usr/share/man/man1/perl.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "perl-modules-5.36@5.36.0-9ubuntu1.1", + "Name": "perl-modules-5.36", + "Identifier": { + "PURL": "pkg:deb/ubuntu/perl-modules-5.36@5.36.0-9ubuntu1.1?arch=all\u0026distro=ubuntu-23.10", + "UID": "b83fdc2e07aac91b" + }, + "Version": "5.36.0", + "Release": "9ubuntu1.1", + "Arch": "all", + "SrcName": "perl", + "SrcVersion": "5.36.0", + "SrcRelease": "9ubuntu1.1", + "Licenses": [ + "GPL-1.0-or-later", + "Artistic-2.0", + "MIT", + "REGCOMP", + "GPL-2.0-with-bison-exception+", + "Unicode", + "BZIP", + "Zlib", + "GPL-2.0-or-later", + "RRA-KEEP-THIS-NOTICE", + "BSD-3-clause-with-weird-numbering", + "CC0-1.0", + "TEXT-TABS", + "BSD-4-clause-POWERDOG", + "BSD-3-clause-GENERIC", + "BSD-3-Clause", + "SDBM-PUBLIC-DOMAIN", + "DONT-CHANGE-THE-GPL", + "Artistic-dist", + "LGPL-2.1-only", + "GPL-1.0-only", + "GPL-2.0-only", + "Artistic-2", + "HSIEH-DERIVATIVE", + "HSIEH-BSD" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "perl-base@5.36.0-9ubuntu1.1" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/usr/share/doc/perl-modules-5.36/README.Debian", + "/usr/share/doc/perl-modules-5.36/copyright", + "/usr/share/perl/5.36.0/AnyDBM_File.pm", + "/usr/share/perl/5.36.0/App/Cpan.pm", + "/usr/share/perl/5.36.0/App/Prove.pm", + "/usr/share/perl/5.36.0/App/Prove/State.pm", + "/usr/share/perl/5.36.0/App/Prove/State/Result.pm", + "/usr/share/perl/5.36.0/App/Prove/State/Result/Test.pm", + "/usr/share/perl/5.36.0/Archive/Tar.pm", + "/usr/share/perl/5.36.0/Archive/Tar/Constant.pm", + "/usr/share/perl/5.36.0/Archive/Tar/File.pm", + "/usr/share/perl/5.36.0/Attribute/Handlers.pm", + "/usr/share/perl/5.36.0/AutoLoader.pm", + "/usr/share/perl/5.36.0/AutoSplit.pm", + "/usr/share/perl/5.36.0/B/Deparse.pm", + "/usr/share/perl/5.36.0/B/Op_private.pm", + "/usr/share/perl/5.36.0/Benchmark.pm", + "/usr/share/perl/5.36.0/CORE.pod", + "/usr/share/perl/5.36.0/CPAN.pm", + "/usr/share/perl/5.36.0/CPAN/API/HOWTO.pod", + "/usr/share/perl/5.36.0/CPAN/Author.pm", + "/usr/share/perl/5.36.0/CPAN/Bundle.pm", + "/usr/share/perl/5.36.0/CPAN/CacheMgr.pm", + "/usr/share/perl/5.36.0/CPAN/Complete.pm", + "/usr/share/perl/5.36.0/CPAN/Debug.pm", + "/usr/share/perl/5.36.0/CPAN/DeferredCode.pm", + "/usr/share/perl/5.36.0/CPAN/Distribution.pm", + "/usr/share/perl/5.36.0/CPAN/Distroprefs.pm", + "/usr/share/perl/5.36.0/CPAN/Distrostatus.pm", + "/usr/share/perl/5.36.0/CPAN/Exception/RecursiveDependency.pm", + "/usr/share/perl/5.36.0/CPAN/Exception/blocked_urllist.pm", + "/usr/share/perl/5.36.0/CPAN/Exception/yaml_not_installed.pm", + "/usr/share/perl/5.36.0/CPAN/Exception/yaml_process_error.pm", + "/usr/share/perl/5.36.0/CPAN/FTP.pm", + "/usr/share/perl/5.36.0/CPAN/FTP/netrc.pm", + "/usr/share/perl/5.36.0/CPAN/FirstTime.pm", + "/usr/share/perl/5.36.0/CPAN/HTTP/Client.pm", + "/usr/share/perl/5.36.0/CPAN/HTTP/Credentials.pm", + "/usr/share/perl/5.36.0/CPAN/HandleConfig.pm", + "/usr/share/perl/5.36.0/CPAN/Index.pm", + "/usr/share/perl/5.36.0/CPAN/InfoObj.pm", + "/usr/share/perl/5.36.0/CPAN/Kwalify.pm", + "/usr/share/perl/5.36.0/CPAN/Kwalify/distroprefs.dd", + "/usr/share/perl/5.36.0/CPAN/Kwalify/distroprefs.yml", + "/usr/share/perl/5.36.0/CPAN/LWP/UserAgent.pm", + "/usr/share/perl/5.36.0/CPAN/Meta.pm", + "/usr/share/perl/5.36.0/CPAN/Meta/Converter.pm", + "/usr/share/perl/5.36.0/CPAN/Meta/Feature.pm", + "/usr/share/perl/5.36.0/CPAN/Meta/History.pm", + "/usr/share/perl/5.36.0/CPAN/Meta/History/Meta_1_0.pod", + "/usr/share/perl/5.36.0/CPAN/Meta/History/Meta_1_1.pod", + "/usr/share/perl/5.36.0/CPAN/Meta/History/Meta_1_2.pod", + "/usr/share/perl/5.36.0/CPAN/Meta/History/Meta_1_3.pod", + "/usr/share/perl/5.36.0/CPAN/Meta/History/Meta_1_4.pod", + "/usr/share/perl/5.36.0/CPAN/Meta/Merge.pm", + "/usr/share/perl/5.36.0/CPAN/Meta/Prereqs.pm", + "/usr/share/perl/5.36.0/CPAN/Meta/Requirements.pm", + "/usr/share/perl/5.36.0/CPAN/Meta/Spec.pm", + "/usr/share/perl/5.36.0/CPAN/Meta/Validator.pm", + "/usr/share/perl/5.36.0/CPAN/Meta/YAML.pm", + "/usr/share/perl/5.36.0/CPAN/Mirrors.pm", + "/usr/share/perl/5.36.0/CPAN/Module.pm", + "/usr/share/perl/5.36.0/CPAN/Nox.pm", + "/usr/share/perl/5.36.0/CPAN/Plugin.pm", + "/usr/share/perl/5.36.0/CPAN/Plugin/Specfile.pm", + "/usr/share/perl/5.36.0/CPAN/Prompt.pm", + "/usr/share/perl/5.36.0/CPAN/Queue.pm", + "/usr/share/perl/5.36.0/CPAN/Shell.pm", + "/usr/share/perl/5.36.0/CPAN/Tarzip.pm", + "/usr/share/perl/5.36.0/CPAN/URL.pm", + "/usr/share/perl/5.36.0/CPAN/Version.pm", + "/usr/share/perl/5.36.0/Carp.pm", + "/usr/share/perl/5.36.0/Carp/Heavy.pm", + "/usr/share/perl/5.36.0/Class/Struct.pm", + "/usr/share/perl/5.36.0/Compress/Zlib.pm", + "/usr/share/perl/5.36.0/Config/Extensions.pm", + "/usr/share/perl/5.36.0/Config/Perl/V.pm", + "/usr/share/perl/5.36.0/DB.pm", + "/usr/share/perl/5.36.0/DBM_Filter.pm", + "/usr/share/perl/5.36.0/DBM_Filter/compress.pm", + "/usr/share/perl/5.36.0/DBM_Filter/encode.pm", + "/usr/share/perl/5.36.0/DBM_Filter/int32.pm", + "/usr/share/perl/5.36.0/DBM_Filter/null.pm", + "/usr/share/perl/5.36.0/DBM_Filter/utf8.pm", + "/usr/share/perl/5.36.0/Devel/SelfStubber.pm", + "/usr/share/perl/5.36.0/Digest.pm", + "/usr/share/perl/5.36.0/Digest/base.pm", + "/usr/share/perl/5.36.0/Digest/file.pm", + "/usr/share/perl/5.36.0/DirHandle.pm", + "/usr/share/perl/5.36.0/Dumpvalue.pm", + "/usr/share/perl/5.36.0/Encode/Changes.e2x", + "/usr/share/perl/5.36.0/Encode/ConfigLocal_PM.e2x", + "/usr/share/perl/5.36.0/Encode/Makefile_PL.e2x", + "/usr/share/perl/5.36.0/Encode/PerlIO.pod", + "/usr/share/perl/5.36.0/Encode/README.e2x", + "/usr/share/perl/5.36.0/Encode/Supported.pod", + "/usr/share/perl/5.36.0/Encode/_PM.e2x", + "/usr/share/perl/5.36.0/Encode/_T.e2x", + "/usr/share/perl/5.36.0/Encode/encode.h", + "/usr/share/perl/5.36.0/English.pm", + "/usr/share/perl/5.36.0/Env.pm", + "/usr/share/perl/5.36.0/Exporter.pm", + "/usr/share/perl/5.36.0/Exporter/Heavy.pm", + "/usr/share/perl/5.36.0/ExtUtils/CBuilder.pm", + "/usr/share/perl/5.36.0/ExtUtils/CBuilder/Base.pm", + "/usr/share/perl/5.36.0/ExtUtils/CBuilder/Platform/Unix.pm", + "/usr/share/perl/5.36.0/ExtUtils/CBuilder/Platform/VMS.pm", + "/usr/share/perl/5.36.0/ExtUtils/CBuilder/Platform/Windows.pm", + "/usr/share/perl/5.36.0/ExtUtils/CBuilder/Platform/Windows/BCC.pm", + "/usr/share/perl/5.36.0/ExtUtils/CBuilder/Platform/Windows/GCC.pm", + "/usr/share/perl/5.36.0/ExtUtils/CBuilder/Platform/Windows/MSVC.pm", + "/usr/share/perl/5.36.0/ExtUtils/CBuilder/Platform/aix.pm", + "/usr/share/perl/5.36.0/ExtUtils/CBuilder/Platform/android.pm", + "/usr/share/perl/5.36.0/ExtUtils/CBuilder/Platform/cygwin.pm", + "/usr/share/perl/5.36.0/ExtUtils/CBuilder/Platform/darwin.pm", + "/usr/share/perl/5.36.0/ExtUtils/CBuilder/Platform/dec_osf.pm", + "/usr/share/perl/5.36.0/ExtUtils/CBuilder/Platform/os2.pm", + "/usr/share/perl/5.36.0/ExtUtils/Command.pm", + "/usr/share/perl/5.36.0/ExtUtils/Command/MM.pm", + "/usr/share/perl/5.36.0/ExtUtils/Constant.pm", + "/usr/share/perl/5.36.0/ExtUtils/Constant/Base.pm", + "/usr/share/perl/5.36.0/ExtUtils/Constant/ProxySubs.pm", + "/usr/share/perl/5.36.0/ExtUtils/Constant/Utils.pm", + "/usr/share/perl/5.36.0/ExtUtils/Constant/XS.pm", + "/usr/share/perl/5.36.0/ExtUtils/Embed.pm", + "/usr/share/perl/5.36.0/ExtUtils/Install.pm", + "/usr/share/perl/5.36.0/ExtUtils/Installed.pm", + "/usr/share/perl/5.36.0/ExtUtils/Liblist.pm", + "/usr/share/perl/5.36.0/ExtUtils/Liblist/Kid.pm", + "/usr/share/perl/5.36.0/ExtUtils/MANIFEST.SKIP", + "/usr/share/perl/5.36.0/ExtUtils/MM.pm", + "/usr/share/perl/5.36.0/ExtUtils/MM_AIX.pm", + "/usr/share/perl/5.36.0/ExtUtils/MM_Any.pm", + "/usr/share/perl/5.36.0/ExtUtils/MM_BeOS.pm", + "/usr/share/perl/5.36.0/ExtUtils/MM_Cygwin.pm", + "/usr/share/perl/5.36.0/ExtUtils/MM_DOS.pm", + "/usr/share/perl/5.36.0/ExtUtils/MM_Darwin.pm", + "/usr/share/perl/5.36.0/ExtUtils/MM_MacOS.pm", + "/usr/share/perl/5.36.0/ExtUtils/MM_NW5.pm", + "/usr/share/perl/5.36.0/ExtUtils/MM_OS2.pm", + "/usr/share/perl/5.36.0/ExtUtils/MM_OS390.pm", + "/usr/share/perl/5.36.0/ExtUtils/MM_QNX.pm", + "/usr/share/perl/5.36.0/ExtUtils/MM_UWIN.pm", + "/usr/share/perl/5.36.0/ExtUtils/MM_Unix.pm", + "/usr/share/perl/5.36.0/ExtUtils/MM_VMS.pm", + "/usr/share/perl/5.36.0/ExtUtils/MM_VOS.pm", + "/usr/share/perl/5.36.0/ExtUtils/MM_Win32.pm", + "/usr/share/perl/5.36.0/ExtUtils/MM_Win95.pm", + "/usr/share/perl/5.36.0/ExtUtils/MY.pm", + "/usr/share/perl/5.36.0/ExtUtils/MakeMaker.pm", + "/usr/share/perl/5.36.0/ExtUtils/MakeMaker/Config.pm", + "/usr/share/perl/5.36.0/ExtUtils/MakeMaker/FAQ.pod", + "/usr/share/perl/5.36.0/ExtUtils/MakeMaker/Locale.pm", + "/usr/share/perl/5.36.0/ExtUtils/MakeMaker/Tutorial.pod", + "/usr/share/perl/5.36.0/ExtUtils/MakeMaker/version.pm", + "/usr/share/perl/5.36.0/ExtUtils/Manifest.pm", + "/usr/share/perl/5.36.0/ExtUtils/Miniperl.pm", + "/usr/share/perl/5.36.0/ExtUtils/Mkbootstrap.pm", + "/usr/share/perl/5.36.0/ExtUtils/Mksymlists.pm", + "/usr/share/perl/5.36.0/ExtUtils/PL2Bat.pm", + "/usr/share/perl/5.36.0/ExtUtils/Packlist.pm", + "/usr/share/perl/5.36.0/ExtUtils/ParseXS.pm", + "/usr/share/perl/5.36.0/ExtUtils/ParseXS.pod", + "/usr/share/perl/5.36.0/ExtUtils/ParseXS/Constants.pm", + "/usr/share/perl/5.36.0/ExtUtils/ParseXS/CountLines.pm", + "/usr/share/perl/5.36.0/ExtUtils/ParseXS/Eval.pm", + "/usr/share/perl/5.36.0/ExtUtils/ParseXS/Utilities.pm", + "/usr/share/perl/5.36.0/ExtUtils/Typemaps.pm", + "/usr/share/perl/5.36.0/ExtUtils/Typemaps/Cmd.pm", + "/usr/share/perl/5.36.0/ExtUtils/Typemaps/InputMap.pm", + "/usr/share/perl/5.36.0/ExtUtils/Typemaps/OutputMap.pm", + "/usr/share/perl/5.36.0/ExtUtils/Typemaps/Type.pm", + "/usr/share/perl/5.36.0/ExtUtils/testlib.pm", + "/usr/share/perl/5.36.0/ExtUtils/typemap", + "/usr/share/perl/5.36.0/ExtUtils/xsubpp", + "/usr/share/perl/5.36.0/Fatal.pm", + "/usr/share/perl/5.36.0/File/Basename.pm", + "/usr/share/perl/5.36.0/File/Compare.pm", + "/usr/share/perl/5.36.0/File/Copy.pm", + "/usr/share/perl/5.36.0/File/Fetch.pm", + "/usr/share/perl/5.36.0/File/Find.pm", + "/usr/share/perl/5.36.0/File/GlobMapper.pm", + "/usr/share/perl/5.36.0/File/Path.pm", + "/usr/share/perl/5.36.0/File/Temp.pm", + "/usr/share/perl/5.36.0/File/stat.pm", + "/usr/share/perl/5.36.0/FileCache.pm", + "/usr/share/perl/5.36.0/FileHandle.pm", + "/usr/share/perl/5.36.0/Filter/Simple.pm", + "/usr/share/perl/5.36.0/FindBin.pm", + "/usr/share/perl/5.36.0/Getopt/Long.pm", + "/usr/share/perl/5.36.0/Getopt/Std.pm", + "/usr/share/perl/5.36.0/HTTP/Tiny.pm", + "/usr/share/perl/5.36.0/I18N/Collate.pm", + "/usr/share/perl/5.36.0/I18N/LangTags.pm", + "/usr/share/perl/5.36.0/I18N/LangTags/Detect.pm", + "/usr/share/perl/5.36.0/I18N/LangTags/List.pm", + "/usr/share/perl/5.36.0/IO/Compress/Adapter/Bzip2.pm", + "/usr/share/perl/5.36.0/IO/Compress/Adapter/Deflate.pm", + "/usr/share/perl/5.36.0/IO/Compress/Adapter/Identity.pm", + "/usr/share/perl/5.36.0/IO/Compress/Base.pm", + "/usr/share/perl/5.36.0/IO/Compress/Base/Common.pm", + "/usr/share/perl/5.36.0/IO/Compress/Bzip2.pm", + "/usr/share/perl/5.36.0/IO/Compress/Deflate.pm", + "/usr/share/perl/5.36.0/IO/Compress/FAQ.pod", + "/usr/share/perl/5.36.0/IO/Compress/Gzip.pm", + "/usr/share/perl/5.36.0/IO/Compress/Gzip/Constants.pm", + "/usr/share/perl/5.36.0/IO/Compress/RawDeflate.pm", + "/usr/share/perl/5.36.0/IO/Compress/Zip.pm", + "/usr/share/perl/5.36.0/IO/Compress/Zip/Constants.pm", + "/usr/share/perl/5.36.0/IO/Compress/Zlib/Constants.pm", + "/usr/share/perl/5.36.0/IO/Compress/Zlib/Extra.pm", + "/usr/share/perl/5.36.0/IO/Socket/IP.pm", + "/usr/share/perl/5.36.0/IO/Uncompress/Adapter/Bunzip2.pm", + "/usr/share/perl/5.36.0/IO/Uncompress/Adapter/Identity.pm", + "/usr/share/perl/5.36.0/IO/Uncompress/Adapter/Inflate.pm", + "/usr/share/perl/5.36.0/IO/Uncompress/AnyInflate.pm", + "/usr/share/perl/5.36.0/IO/Uncompress/AnyUncompress.pm", + "/usr/share/perl/5.36.0/IO/Uncompress/Base.pm", + "/usr/share/perl/5.36.0/IO/Uncompress/Bunzip2.pm", + "/usr/share/perl/5.36.0/IO/Uncompress/Gunzip.pm", + "/usr/share/perl/5.36.0/IO/Uncompress/Inflate.pm", + "/usr/share/perl/5.36.0/IO/Uncompress/RawInflate.pm", + "/usr/share/perl/5.36.0/IO/Uncompress/Unzip.pm", + "/usr/share/perl/5.36.0/IO/Zlib.pm", + "/usr/share/perl/5.36.0/IPC/Cmd.pm", + "/usr/share/perl/5.36.0/IPC/Open2.pm", + "/usr/share/perl/5.36.0/IPC/Open3.pm", + "/usr/share/perl/5.36.0/Internals.pod", + "/usr/share/perl/5.36.0/JSON/PP.pm", + "/usr/share/perl/5.36.0/JSON/PP/Boolean.pm", + "/usr/share/perl/5.36.0/Locale/Maketext.pm", + "/usr/share/perl/5.36.0/Locale/Maketext.pod", + "/usr/share/perl/5.36.0/Locale/Maketext/Cookbook.pod", + "/usr/share/perl/5.36.0/Locale/Maketext/Guts.pm", + "/usr/share/perl/5.36.0/Locale/Maketext/GutsLoader.pm", + "/usr/share/perl/5.36.0/Locale/Maketext/Simple.pm", + "/usr/share/perl/5.36.0/Locale/Maketext/TPJ13.pod", + "/usr/share/perl/5.36.0/Math/BigFloat.pm", + "/usr/share/perl/5.36.0/Math/BigFloat/Trace.pm", + "/usr/share/perl/5.36.0/Math/BigInt.pm", + "/usr/share/perl/5.36.0/Math/BigInt/Calc.pm", + "/usr/share/perl/5.36.0/Math/BigInt/Lib.pm", + "/usr/share/perl/5.36.0/Math/BigInt/Trace.pm", + "/usr/share/perl/5.36.0/Math/BigRat.pm", + "/usr/share/perl/5.36.0/Math/BigRat/Trace.pm", + "/usr/share/perl/5.36.0/Math/Complex.pm", + "/usr/share/perl/5.36.0/Math/Trig.pm", + "/usr/share/perl/5.36.0/Memoize.pm", + "/usr/share/perl/5.36.0/Memoize/AnyDBM_File.pm", + "/usr/share/perl/5.36.0/Memoize/Expire.pm", + "/usr/share/perl/5.36.0/Memoize/ExpireFile.pm", + "/usr/share/perl/5.36.0/Memoize/ExpireTest.pm", + "/usr/share/perl/5.36.0/Memoize/NDBM_File.pm", + "/usr/share/perl/5.36.0/Memoize/SDBM_File.pm", + "/usr/share/perl/5.36.0/Memoize/Storable.pm", + "/usr/share/perl/5.36.0/Module/CoreList.pm", + "/usr/share/perl/5.36.0/Module/CoreList.pod", + "/usr/share/perl/5.36.0/Module/CoreList/Utils.pm", + "/usr/share/perl/5.36.0/Module/Load.pm", + "/usr/share/perl/5.36.0/Module/Load/Conditional.pm", + "/usr/share/perl/5.36.0/Module/Loaded.pm", + "/usr/share/perl/5.36.0/Module/Metadata.pm", + "/usr/share/perl/5.36.0/NEXT.pm", + "/usr/share/perl/5.36.0/Net/Cmd.pm", + "/usr/share/perl/5.36.0/Net/Config.pm", + "/usr/share/perl/5.36.0/Net/Domain.pm", + "/usr/share/perl/5.36.0/Net/FTP.pm", + "/usr/share/perl/5.36.0/Net/FTP/A.pm", + "/usr/share/perl/5.36.0/Net/FTP/E.pm", + "/usr/share/perl/5.36.0/Net/FTP/I.pm", + "/usr/share/perl/5.36.0/Net/FTP/L.pm", + "/usr/share/perl/5.36.0/Net/FTP/dataconn.pm", + "/usr/share/perl/5.36.0/Net/NNTP.pm", + "/usr/share/perl/5.36.0/Net/Netrc.pm", + "/usr/share/perl/5.36.0/Net/POP3.pm", + "/usr/share/perl/5.36.0/Net/Ping.pm", + "/usr/share/perl/5.36.0/Net/SMTP.pm", + "/usr/share/perl/5.36.0/Net/Time.pm", + "/usr/share/perl/5.36.0/Net/hostent.pm", + "/usr/share/perl/5.36.0/Net/libnetFAQ.pod", + "/usr/share/perl/5.36.0/Net/netent.pm", + "/usr/share/perl/5.36.0/Net/protoent.pm", + "/usr/share/perl/5.36.0/Net/servent.pm", + "/usr/share/perl/5.36.0/Params/Check.pm", + "/usr/share/perl/5.36.0/Parse/CPAN/Meta.pm", + "/usr/share/perl/5.36.0/Perl/OSType.pm", + "/usr/share/perl/5.36.0/PerlIO.pm", + "/usr/share/perl/5.36.0/PerlIO/via/QuotedPrint.pm", + "/usr/share/perl/5.36.0/Pod/Checker.pm", + "/usr/share/perl/5.36.0/Pod/Escapes.pm", + "/usr/share/perl/5.36.0/Pod/Functions.pm", + "/usr/share/perl/5.36.0/Pod/Html.pm", + "/usr/share/perl/5.36.0/Pod/Html/Util.pm", + "/usr/share/perl/5.36.0/Pod/Man.pm", + "/usr/share/perl/5.36.0/Pod/ParseLink.pm", + "/usr/share/perl/5.36.0/Pod/Perldoc.pm", + "/usr/share/perl/5.36.0/Pod/Perldoc/BaseTo.pm", + "/usr/share/perl/5.36.0/Pod/Perldoc/GetOptsOO.pm", + "/usr/share/perl/5.36.0/Pod/Perldoc/ToANSI.pm", + "/usr/share/perl/5.36.0/Pod/Perldoc/ToChecker.pm", + "/usr/share/perl/5.36.0/Pod/Perldoc/ToMan.pm", + "/usr/share/perl/5.36.0/Pod/Perldoc/ToNroff.pm", + "/usr/share/perl/5.36.0/Pod/Perldoc/ToPod.pm", + "/usr/share/perl/5.36.0/Pod/Perldoc/ToRtf.pm", + "/usr/share/perl/5.36.0/Pod/Perldoc/ToTerm.pm", + "/usr/share/perl/5.36.0/Pod/Perldoc/ToText.pm", + "/usr/share/perl/5.36.0/Pod/Perldoc/ToTk.pm", + "/usr/share/perl/5.36.0/Pod/Perldoc/ToXml.pm", + "/usr/share/perl/5.36.0/Pod/Simple.pm", + "/usr/share/perl/5.36.0/Pod/Simple.pod", + "/usr/share/perl/5.36.0/Pod/Simple/BlackBox.pm", + "/usr/share/perl/5.36.0/Pod/Simple/Checker.pm", + "/usr/share/perl/5.36.0/Pod/Simple/Debug.pm", + "/usr/share/perl/5.36.0/Pod/Simple/DumpAsText.pm", + "/usr/share/perl/5.36.0/Pod/Simple/DumpAsXML.pm", + "/usr/share/perl/5.36.0/Pod/Simple/HTML.pm", + "/usr/share/perl/5.36.0/Pod/Simple/HTMLBatch.pm", + "/usr/share/perl/5.36.0/Pod/Simple/HTMLLegacy.pm", + "/usr/share/perl/5.36.0/Pod/Simple/JustPod.pm", + "/usr/share/perl/5.36.0/Pod/Simple/LinkSection.pm", + "/usr/share/perl/5.36.0/Pod/Simple/Methody.pm", + "/usr/share/perl/5.36.0/Pod/Simple/Progress.pm", + "/usr/share/perl/5.36.0/Pod/Simple/PullParser.pm", + "/usr/share/perl/5.36.0/Pod/Simple/PullParserEndToken.pm", + "/usr/share/perl/5.36.0/Pod/Simple/PullParserStartToken.pm", + "/usr/share/perl/5.36.0/Pod/Simple/PullParserTextToken.pm", + "/usr/share/perl/5.36.0/Pod/Simple/PullParserToken.pm", + "/usr/share/perl/5.36.0/Pod/Simple/RTF.pm", + "/usr/share/perl/5.36.0/Pod/Simple/Search.pm", + "/usr/share/perl/5.36.0/Pod/Simple/SimpleTree.pm", + "/usr/share/perl/5.36.0/Pod/Simple/Subclassing.pod", + "/usr/share/perl/5.36.0/Pod/Simple/Text.pm", + "/usr/share/perl/5.36.0/Pod/Simple/TextContent.pm", + "/usr/share/perl/5.36.0/Pod/Simple/TiedOutFH.pm", + "/usr/share/perl/5.36.0/Pod/Simple/Transcode.pm", + "/usr/share/perl/5.36.0/Pod/Simple/TranscodeDumb.pm", + "/usr/share/perl/5.36.0/Pod/Simple/TranscodeSmart.pm", + "/usr/share/perl/5.36.0/Pod/Simple/XHTML.pm", + "/usr/share/perl/5.36.0/Pod/Simple/XMLOutStream.pm", + "/usr/share/perl/5.36.0/Pod/Text.pm", + "/usr/share/perl/5.36.0/Pod/Text/Color.pm", + "/usr/share/perl/5.36.0/Pod/Text/Overstrike.pm", + "/usr/share/perl/5.36.0/Pod/Text/Termcap.pm", + "/usr/share/perl/5.36.0/Pod/Usage.pm", + "/usr/share/perl/5.36.0/Safe.pm", + "/usr/share/perl/5.36.0/Search/Dict.pm", + "/usr/share/perl/5.36.0/SelectSaver.pm", + "/usr/share/perl/5.36.0/SelfLoader.pm", + "/usr/share/perl/5.36.0/Symbol.pm", + "/usr/share/perl/5.36.0/TAP/Base.pm", + "/usr/share/perl/5.36.0/TAP/Formatter/Base.pm", + "/usr/share/perl/5.36.0/TAP/Formatter/Color.pm", + "/usr/share/perl/5.36.0/TAP/Formatter/Console.pm", + "/usr/share/perl/5.36.0/TAP/Formatter/Console/ParallelSession.pm", + "/usr/share/perl/5.36.0/TAP/Formatter/Console/Session.pm", + "/usr/share/perl/5.36.0/TAP/Formatter/File.pm", + "/usr/share/perl/5.36.0/TAP/Formatter/File/Session.pm", + "/usr/share/perl/5.36.0/TAP/Formatter/Session.pm", + "/usr/share/perl/5.36.0/TAP/Harness.pm", + "/usr/share/perl/5.36.0/TAP/Harness/Beyond.pod", + "/usr/share/perl/5.36.0/TAP/Harness/Env.pm", + "/usr/share/perl/5.36.0/TAP/Object.pm", + "/usr/share/perl/5.36.0/TAP/Parser.pm", + "/usr/share/perl/5.36.0/TAP/Parser/Aggregator.pm", + "/usr/share/perl/5.36.0/TAP/Parser/Grammar.pm", + "/usr/share/perl/5.36.0/TAP/Parser/Iterator.pm", + "/usr/share/perl/5.36.0/TAP/Parser/Iterator/Array.pm", + "/usr/share/perl/5.36.0/TAP/Parser/Iterator/Process.pm", + "/usr/share/perl/5.36.0/TAP/Parser/Iterator/Stream.pm", + "/usr/share/perl/5.36.0/TAP/Parser/IteratorFactory.pm", + "/usr/share/perl/5.36.0/TAP/Parser/Multiplexer.pm", + "/usr/share/perl/5.36.0/TAP/Parser/Result.pm", + "/usr/share/perl/5.36.0/TAP/Parser/Result/Bailout.pm", + "/usr/share/perl/5.36.0/TAP/Parser/Result/Comment.pm", + "/usr/share/perl/5.36.0/TAP/Parser/Result/Plan.pm", + "/usr/share/perl/5.36.0/TAP/Parser/Result/Pragma.pm", + "/usr/share/perl/5.36.0/TAP/Parser/Result/Test.pm", + "/usr/share/perl/5.36.0/TAP/Parser/Result/Unknown.pm", + "/usr/share/perl/5.36.0/TAP/Parser/Result/Version.pm", + "/usr/share/perl/5.36.0/TAP/Parser/Result/YAML.pm", + "/usr/share/perl/5.36.0/TAP/Parser/ResultFactory.pm", + "/usr/share/perl/5.36.0/TAP/Parser/Scheduler.pm", + "/usr/share/perl/5.36.0/TAP/Parser/Scheduler/Job.pm", + "/usr/share/perl/5.36.0/TAP/Parser/Scheduler/Spinner.pm", + "/usr/share/perl/5.36.0/TAP/Parser/Source.pm", + "/usr/share/perl/5.36.0/TAP/Parser/SourceHandler.pm", + "/usr/share/perl/5.36.0/TAP/Parser/SourceHandler/Executable.pm", + "/usr/share/perl/5.36.0/TAP/Parser/SourceHandler/File.pm", + "/usr/share/perl/5.36.0/TAP/Parser/SourceHandler/Handle.pm", + "/usr/share/perl/5.36.0/TAP/Parser/SourceHandler/Perl.pm", + "/usr/share/perl/5.36.0/TAP/Parser/SourceHandler/RawTAP.pm", + "/usr/share/perl/5.36.0/TAP/Parser/YAMLish/Reader.pm", + "/usr/share/perl/5.36.0/TAP/Parser/YAMLish/Writer.pm", + "/usr/share/perl/5.36.0/Term/ANSIColor.pm", + "/usr/share/perl/5.36.0/Term/Cap.pm", + "/usr/share/perl/5.36.0/Term/Complete.pm", + "/usr/share/perl/5.36.0/Term/ReadLine.pm", + "/usr/share/perl/5.36.0/Test.pm", + "/usr/share/perl/5.36.0/Test/Builder.pm", + "/usr/share/perl/5.36.0/Test/Builder/Formatter.pm", + "/usr/share/perl/5.36.0/Test/Builder/IO/Scalar.pm", + "/usr/share/perl/5.36.0/Test/Builder/Module.pm", + "/usr/share/perl/5.36.0/Test/Builder/Tester.pm", + "/usr/share/perl/5.36.0/Test/Builder/Tester/Color.pm", + "/usr/share/perl/5.36.0/Test/Builder/TodoDiag.pm", + "/usr/share/perl/5.36.0/Test/Harness.pm", + "/usr/share/perl/5.36.0/Test/More.pm", + "/usr/share/perl/5.36.0/Test/Simple.pm", + "/usr/share/perl/5.36.0/Test/Tester.pm", + "/usr/share/perl/5.36.0/Test/Tester/Capture.pm", + "/usr/share/perl/5.36.0/Test/Tester/CaptureRunner.pm", + "/usr/share/perl/5.36.0/Test/Tester/Delegate.pm", + "/usr/share/perl/5.36.0/Test/Tutorial.pod", + "/usr/share/perl/5.36.0/Test/use/ok.pm", + "/usr/share/perl/5.36.0/Test2.pm", + "/usr/share/perl/5.36.0/Test2/API.pm", + "/usr/share/perl/5.36.0/Test2/API/Breakage.pm", + "/usr/share/perl/5.36.0/Test2/API/Context.pm", + "/usr/share/perl/5.36.0/Test2/API/Instance.pm", + "/usr/share/perl/5.36.0/Test2/API/InterceptResult.pm", + "/usr/share/perl/5.36.0/Test2/API/InterceptResult/Event.pm", + "/usr/share/perl/5.36.0/Test2/API/InterceptResult/Facet.pm", + "/usr/share/perl/5.36.0/Test2/API/InterceptResult/Hub.pm", + "/usr/share/perl/5.36.0/Test2/API/InterceptResult/Squasher.pm", + "/usr/share/perl/5.36.0/Test2/API/Stack.pm", + "/usr/share/perl/5.36.0/Test2/Event.pm", + "/usr/share/perl/5.36.0/Test2/Event/Bail.pm", + "/usr/share/perl/5.36.0/Test2/Event/Diag.pm", + "/usr/share/perl/5.36.0/Test2/Event/Encoding.pm", + "/usr/share/perl/5.36.0/Test2/Event/Exception.pm", + "/usr/share/perl/5.36.0/Test2/Event/Fail.pm", + "/usr/share/perl/5.36.0/Test2/Event/Generic.pm", + "/usr/share/perl/5.36.0/Test2/Event/Note.pm", + "/usr/share/perl/5.36.0/Test2/Event/Ok.pm", + "/usr/share/perl/5.36.0/Test2/Event/Pass.pm", + "/usr/share/perl/5.36.0/Test2/Event/Plan.pm", + "/usr/share/perl/5.36.0/Test2/Event/Skip.pm", + "/usr/share/perl/5.36.0/Test2/Event/Subtest.pm", + "/usr/share/perl/5.36.0/Test2/Event/TAP/Version.pm", + "/usr/share/perl/5.36.0/Test2/Event/V2.pm", + "/usr/share/perl/5.36.0/Test2/Event/Waiting.pm", + "/usr/share/perl/5.36.0/Test2/EventFacet.pm", + "/usr/share/perl/5.36.0/Test2/EventFacet/About.pm", + "/usr/share/perl/5.36.0/Test2/EventFacet/Amnesty.pm", + "/usr/share/perl/5.36.0/Test2/EventFacet/Assert.pm", + "/usr/share/perl/5.36.0/Test2/EventFacet/Control.pm", + "/usr/share/perl/5.36.0/Test2/EventFacet/Error.pm", + "/usr/share/perl/5.36.0/Test2/EventFacet/Hub.pm", + "/usr/share/perl/5.36.0/Test2/EventFacet/Info.pm", + "/usr/share/perl/5.36.0/Test2/EventFacet/Info/Table.pm", + "/usr/share/perl/5.36.0/Test2/EventFacet/Meta.pm", + "/usr/share/perl/5.36.0/Test2/EventFacet/Parent.pm", + "/usr/share/perl/5.36.0/Test2/EventFacet/Plan.pm", + "/usr/share/perl/5.36.0/Test2/EventFacet/Render.pm", + "/usr/share/perl/5.36.0/Test2/EventFacet/Trace.pm", + "/usr/share/perl/5.36.0/Test2/Formatter.pm", + "/usr/share/perl/5.36.0/Test2/Formatter/TAP.pm", + "/usr/share/perl/5.36.0/Test2/Hub.pm", + "/usr/share/perl/5.36.0/Test2/Hub/Interceptor.pm", + "/usr/share/perl/5.36.0/Test2/Hub/Interceptor/Terminator.pm", + "/usr/share/perl/5.36.0/Test2/Hub/Subtest.pm", + "/usr/share/perl/5.36.0/Test2/IPC.pm", + "/usr/share/perl/5.36.0/Test2/IPC/Driver.pm", + "/usr/share/perl/5.36.0/Test2/IPC/Driver/Files.pm", + "/usr/share/perl/5.36.0/Test2/Tools/Tiny.pm", + "/usr/share/perl/5.36.0/Test2/Transition.pod", + "/usr/share/perl/5.36.0/Test2/Util.pm", + "/usr/share/perl/5.36.0/Test2/Util/ExternalMeta.pm", + "/usr/share/perl/5.36.0/Test2/Util/Facets2Legacy.pm", + "/usr/share/perl/5.36.0/Test2/Util/HashBase.pm", + "/usr/share/perl/5.36.0/Test2/Util/Trace.pm", + "/usr/share/perl/5.36.0/Text/Abbrev.pm", + "/usr/share/perl/5.36.0/Text/Balanced.pm", + "/usr/share/perl/5.36.0/Text/ParseWords.pm", + "/usr/share/perl/5.36.0/Text/Tabs.pm", + "/usr/share/perl/5.36.0/Text/Wrap.pm", + "/usr/share/perl/5.36.0/Thread.pm", + "/usr/share/perl/5.36.0/Thread/Queue.pm", + "/usr/share/perl/5.36.0/Thread/Semaphore.pm", + "/usr/share/perl/5.36.0/Tie/Array.pm", + "/usr/share/perl/5.36.0/Tie/File.pm", + "/usr/share/perl/5.36.0/Tie/Handle.pm", + "/usr/share/perl/5.36.0/Tie/Hash.pm", + "/usr/share/perl/5.36.0/Tie/Hash/NamedCapture.pm", + "/usr/share/perl/5.36.0/Tie/Memoize.pm", + "/usr/share/perl/5.36.0/Tie/RefHash.pm", + "/usr/share/perl/5.36.0/Tie/Scalar.pm", + "/usr/share/perl/5.36.0/Tie/StdHandle.pm", + "/usr/share/perl/5.36.0/Tie/SubstrHash.pm", + "/usr/share/perl/5.36.0/Time/Local.pm", + "/usr/share/perl/5.36.0/Time/gmtime.pm", + "/usr/share/perl/5.36.0/Time/localtime.pm", + "/usr/share/perl/5.36.0/Time/tm.pm", + "/usr/share/perl/5.36.0/UNIVERSAL.pm", + "/usr/share/perl/5.36.0/Unicode/Collate/CJK/Big5.pm", + "/usr/share/perl/5.36.0/Unicode/Collate/CJK/GB2312.pm", + "/usr/share/perl/5.36.0/Unicode/Collate/CJK/JISX0208.pm", + "/usr/share/perl/5.36.0/Unicode/Collate/CJK/Korean.pm", + "/usr/share/perl/5.36.0/Unicode/Collate/CJK/Pinyin.pm", + "/usr/share/perl/5.36.0/Unicode/Collate/CJK/Stroke.pm", + "/usr/share/perl/5.36.0/Unicode/Collate/CJK/Zhuyin.pm", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/af.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/ar.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/as.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/az.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/be.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/bn.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/ca.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/cs.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/cu.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/cy.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/da.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/de_at_ph.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/de_phone.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/dsb.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/ee.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/eo.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/es.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/es_trad.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/et.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/fa.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/fi.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/fi_phone.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/fil.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/fo.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/fr_ca.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/gu.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/ha.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/haw.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/he.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/hi.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/hr.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/hu.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/hy.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/ig.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/is.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/ja.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/kk.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/kl.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/kn.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/ko.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/kok.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/lkt.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/ln.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/lt.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/lv.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/mk.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/ml.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/mr.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/mt.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/nb.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/nn.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/nso.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/om.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/or.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/pa.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/pl.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/ro.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/sa.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/se.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/si.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/si_dict.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/sk.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/sl.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/sq.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/sr.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/sv.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/sv_refo.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/ta.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/te.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/th.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/tn.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/to.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/tr.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/ug_cyrl.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/uk.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/ur.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/vi.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/vo.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/wae.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/wo.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/yo.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/zh.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/zh_big5.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/zh_gb.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/zh_pin.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/zh_strk.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/Locale/zh_zhu.pl", + "/usr/share/perl/5.36.0/Unicode/Collate/allkeys.txt", + "/usr/share/perl/5.36.0/Unicode/Collate/keys.txt", + "/usr/share/perl/5.36.0/Unicode/UCD.pm", + "/usr/share/perl/5.36.0/User/grent.pm", + "/usr/share/perl/5.36.0/User/pwent.pm", + "/usr/share/perl/5.36.0/XSLoader.pm", + "/usr/share/perl/5.36.0/_charnames.pm", + "/usr/share/perl/5.36.0/autodie.pm", + "/usr/share/perl/5.36.0/autodie/Scope/Guard.pm", + "/usr/share/perl/5.36.0/autodie/Scope/GuardStack.pm", + "/usr/share/perl/5.36.0/autodie/Util.pm", + "/usr/share/perl/5.36.0/autodie/exception.pm", + "/usr/share/perl/5.36.0/autodie/exception/system.pm", + "/usr/share/perl/5.36.0/autodie/hints.pm", + "/usr/share/perl/5.36.0/autodie/skip.pm", + "/usr/share/perl/5.36.0/autouse.pm", + "/usr/share/perl/5.36.0/base.pm", + "/usr/share/perl/5.36.0/bigfloat.pm", + "/usr/share/perl/5.36.0/bigint.pm", + "/usr/share/perl/5.36.0/bignum.pm", + "/usr/share/perl/5.36.0/bigrat.pm", + "/usr/share/perl/5.36.0/blib.pm", + "/usr/share/perl/5.36.0/builtin.pm", + "/usr/share/perl/5.36.0/bytes.pm", + "/usr/share/perl/5.36.0/bytes_heavy.pl", + "/usr/share/perl/5.36.0/charnames.pm", + "/usr/share/perl/5.36.0/constant.pm", + "/usr/share/perl/5.36.0/deprecate.pm", + "/usr/share/perl/5.36.0/diagnostics.pm", + "/usr/share/perl/5.36.0/dumpvar.pl", + "/usr/share/perl/5.36.0/encoding/warnings.pm", + "/usr/share/perl/5.36.0/experimental.pm", + "/usr/share/perl/5.36.0/feature.pm", + "/usr/share/perl/5.36.0/fields.pm", + "/usr/share/perl/5.36.0/filetest.pm", + "/usr/share/perl/5.36.0/if.pm", + "/usr/share/perl/5.36.0/integer.pm", + "/usr/share/perl/5.36.0/less.pm", + "/usr/share/perl/5.36.0/locale.pm", + "/usr/share/perl/5.36.0/meta_notation.pm", + "/usr/share/perl/5.36.0/ok.pm", + "/usr/share/perl/5.36.0/open.pm", + "/usr/share/perl/5.36.0/overload.pm", + "/usr/share/perl/5.36.0/overload/numbers.pm", + "/usr/share/perl/5.36.0/overloading.pm", + "/usr/share/perl/5.36.0/parent.pm", + "/usr/share/perl/5.36.0/perl5db.pl", + "/usr/share/perl/5.36.0/perlfaq.pm", + "/usr/share/perl/5.36.0/pod/perldiag.pod", + "/usr/share/perl/5.36.0/sigtrap.pm", + "/usr/share/perl/5.36.0/sort.pm", + "/usr/share/perl/5.36.0/strict.pm", + "/usr/share/perl/5.36.0/subs.pm", + "/usr/share/perl/5.36.0/unicore/Blocks.txt", + "/usr/share/perl/5.36.0/unicore/CombiningClass.pl", + "/usr/share/perl/5.36.0/unicore/Decomposition.pl", + "/usr/share/perl/5.36.0/unicore/Name.pl", + "/usr/share/perl/5.36.0/unicore/Name.pm", + "/usr/share/perl/5.36.0/unicore/NamedSequences.txt", + "/usr/share/perl/5.36.0/unicore/SpecialCasing.txt", + "/usr/share/perl/5.36.0/unicore/To/Age.pl", + "/usr/share/perl/5.36.0/unicore/To/Bc.pl", + "/usr/share/perl/5.36.0/unicore/To/Bmg.pl", + "/usr/share/perl/5.36.0/unicore/To/Bpb.pl", + "/usr/share/perl/5.36.0/unicore/To/Bpt.pl", + "/usr/share/perl/5.36.0/unicore/To/Cf.pl", + "/usr/share/perl/5.36.0/unicore/To/Ea.pl", + "/usr/share/perl/5.36.0/unicore/To/EqUIdeo.pl", + "/usr/share/perl/5.36.0/unicore/To/GCB.pl", + "/usr/share/perl/5.36.0/unicore/To/Gc.pl", + "/usr/share/perl/5.36.0/unicore/To/Hst.pl", + "/usr/share/perl/5.36.0/unicore/To/Identif2.pl", + "/usr/share/perl/5.36.0/unicore/To/Identifi.pl", + "/usr/share/perl/5.36.0/unicore/To/InPC.pl", + "/usr/share/perl/5.36.0/unicore/To/InSC.pl", + "/usr/share/perl/5.36.0/unicore/To/Isc.pl", + "/usr/share/perl/5.36.0/unicore/To/Jg.pl", + "/usr/share/perl/5.36.0/unicore/To/Jt.pl", + "/usr/share/perl/5.36.0/unicore/To/Lb.pl", + "/usr/share/perl/5.36.0/unicore/To/Lc.pl", + "/usr/share/perl/5.36.0/unicore/To/NFCQC.pl", + "/usr/share/perl/5.36.0/unicore/To/NFDQC.pl", + "/usr/share/perl/5.36.0/unicore/To/NFKCCF.pl", + "/usr/share/perl/5.36.0/unicore/To/NFKCQC.pl", + "/usr/share/perl/5.36.0/unicore/To/NFKDQC.pl", + "/usr/share/perl/5.36.0/unicore/To/Na1.pl", + "/usr/share/perl/5.36.0/unicore/To/NameAlia.pl", + "/usr/share/perl/5.36.0/unicore/To/Nt.pl", + "/usr/share/perl/5.36.0/unicore/To/Nv.pl", + "/usr/share/perl/5.36.0/unicore/To/PerlDeci.pl", + "/usr/share/perl/5.36.0/unicore/To/SB.pl", + "/usr/share/perl/5.36.0/unicore/To/Sc.pl", + "/usr/share/perl/5.36.0/unicore/To/Scx.pl", + "/usr/share/perl/5.36.0/unicore/To/Tc.pl", + "/usr/share/perl/5.36.0/unicore/To/Uc.pl", + "/usr/share/perl/5.36.0/unicore/To/Vo.pl", + "/usr/share/perl/5.36.0/unicore/To/WB.pl", + "/usr/share/perl/5.36.0/unicore/To/_PerlLB.pl", + "/usr/share/perl/5.36.0/unicore/To/_PerlSCX.pl", + "/usr/share/perl/5.36.0/unicore/UCD.pl", + "/usr/share/perl/5.36.0/unicore/lib/Age/NA.pl", + "/usr/share/perl/5.36.0/unicore/lib/Age/V100.pl", + "/usr/share/perl/5.36.0/unicore/lib/Age/V11.pl", + "/usr/share/perl/5.36.0/unicore/lib/Age/V110.pl", + "/usr/share/perl/5.36.0/unicore/lib/Age/V120.pl", + "/usr/share/perl/5.36.0/unicore/lib/Age/V130.pl", + "/usr/share/perl/5.36.0/unicore/lib/Age/V140.pl", + "/usr/share/perl/5.36.0/unicore/lib/Age/V20.pl", + "/usr/share/perl/5.36.0/unicore/lib/Age/V30.pl", + "/usr/share/perl/5.36.0/unicore/lib/Age/V31.pl", + "/usr/share/perl/5.36.0/unicore/lib/Age/V32.pl", + "/usr/share/perl/5.36.0/unicore/lib/Age/V40.pl", + "/usr/share/perl/5.36.0/unicore/lib/Age/V41.pl", + "/usr/share/perl/5.36.0/unicore/lib/Age/V50.pl", + "/usr/share/perl/5.36.0/unicore/lib/Age/V51.pl", + "/usr/share/perl/5.36.0/unicore/lib/Age/V52.pl", + "/usr/share/perl/5.36.0/unicore/lib/Age/V60.pl", + "/usr/share/perl/5.36.0/unicore/lib/Age/V61.pl", + "/usr/share/perl/5.36.0/unicore/lib/Age/V70.pl", + "/usr/share/perl/5.36.0/unicore/lib/Age/V80.pl", + "/usr/share/perl/5.36.0/unicore/lib/Age/V90.pl", + "/usr/share/perl/5.36.0/unicore/lib/Alpha/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/Bc/AL.pl", + "/usr/share/perl/5.36.0/unicore/lib/Bc/AN.pl", + "/usr/share/perl/5.36.0/unicore/lib/Bc/B.pl", + "/usr/share/perl/5.36.0/unicore/lib/Bc/BN.pl", + "/usr/share/perl/5.36.0/unicore/lib/Bc/CS.pl", + "/usr/share/perl/5.36.0/unicore/lib/Bc/EN.pl", + "/usr/share/perl/5.36.0/unicore/lib/Bc/ES.pl", + "/usr/share/perl/5.36.0/unicore/lib/Bc/ET.pl", + "/usr/share/perl/5.36.0/unicore/lib/Bc/L.pl", + "/usr/share/perl/5.36.0/unicore/lib/Bc/NSM.pl", + "/usr/share/perl/5.36.0/unicore/lib/Bc/ON.pl", + "/usr/share/perl/5.36.0/unicore/lib/Bc/R.pl", + "/usr/share/perl/5.36.0/unicore/lib/Bc/WS.pl", + "/usr/share/perl/5.36.0/unicore/lib/BidiC/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/BidiM/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/Blk/NB.pl", + "/usr/share/perl/5.36.0/unicore/lib/Bpt/C.pl", + "/usr/share/perl/5.36.0/unicore/lib/Bpt/N.pl", + "/usr/share/perl/5.36.0/unicore/lib/Bpt/O.pl", + "/usr/share/perl/5.36.0/unicore/lib/CE/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/CI/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/CWCF/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/CWCM/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/CWKCF/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/CWL/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/CWT/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/CWU/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/Cased/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/Ccc/A.pl", + "/usr/share/perl/5.36.0/unicore/lib/Ccc/AL.pl", + "/usr/share/perl/5.36.0/unicore/lib/Ccc/AR.pl", + "/usr/share/perl/5.36.0/unicore/lib/Ccc/ATAR.pl", + "/usr/share/perl/5.36.0/unicore/lib/Ccc/B.pl", + "/usr/share/perl/5.36.0/unicore/lib/Ccc/BR.pl", + "/usr/share/perl/5.36.0/unicore/lib/Ccc/DB.pl", + "/usr/share/perl/5.36.0/unicore/lib/Ccc/NK.pl", + "/usr/share/perl/5.36.0/unicore/lib/Ccc/NR.pl", + "/usr/share/perl/5.36.0/unicore/lib/Ccc/OV.pl", + "/usr/share/perl/5.36.0/unicore/lib/Ccc/VR.pl", + "/usr/share/perl/5.36.0/unicore/lib/CompEx/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/DI/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/Dash/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/Dep/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/Dia/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/Dt/Com.pl", + "/usr/share/perl/5.36.0/unicore/lib/Dt/Enc.pl", + "/usr/share/perl/5.36.0/unicore/lib/Dt/Fin.pl", + "/usr/share/perl/5.36.0/unicore/lib/Dt/Font.pl", + "/usr/share/perl/5.36.0/unicore/lib/Dt/Init.pl", + "/usr/share/perl/5.36.0/unicore/lib/Dt/Iso.pl", + "/usr/share/perl/5.36.0/unicore/lib/Dt/Med.pl", + "/usr/share/perl/5.36.0/unicore/lib/Dt/Nar.pl", + "/usr/share/perl/5.36.0/unicore/lib/Dt/Nb.pl", + "/usr/share/perl/5.36.0/unicore/lib/Dt/NonCanon.pl", + "/usr/share/perl/5.36.0/unicore/lib/Dt/Sqr.pl", + "/usr/share/perl/5.36.0/unicore/lib/Dt/Sub.pl", + "/usr/share/perl/5.36.0/unicore/lib/Dt/Sup.pl", + "/usr/share/perl/5.36.0/unicore/lib/Dt/Vert.pl", + "/usr/share/perl/5.36.0/unicore/lib/EBase/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/EComp/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/EPres/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/Ea/A.pl", + "/usr/share/perl/5.36.0/unicore/lib/Ea/H.pl", + "/usr/share/perl/5.36.0/unicore/lib/Ea/N.pl", + "/usr/share/perl/5.36.0/unicore/lib/Ea/Na.pl", + "/usr/share/perl/5.36.0/unicore/lib/Ea/W.pl", + "/usr/share/perl/5.36.0/unicore/lib/Emoji/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/Ext/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/ExtPict/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/GCB/CN.pl", + "/usr/share/perl/5.36.0/unicore/lib/GCB/EX.pl", + "/usr/share/perl/5.36.0/unicore/lib/GCB/LV.pl", + "/usr/share/perl/5.36.0/unicore/lib/GCB/LVT.pl", + "/usr/share/perl/5.36.0/unicore/lib/GCB/PP.pl", + "/usr/share/perl/5.36.0/unicore/lib/GCB/SM.pl", + "/usr/share/perl/5.36.0/unicore/lib/GCB/XX.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/C.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/Cf.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/Cn.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/L.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/LC.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/Ll.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/Lm.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/Lo.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/Lu.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/M.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/Mc.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/Me.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/Mn.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/N.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/Nd.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/Nl.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/No.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/P.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/Pc.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/Pd.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/Pe.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/Pf.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/Pi.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/Po.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/Ps.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/S.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/Sc.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/Sk.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/Sm.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/So.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/Z.pl", + "/usr/share/perl/5.36.0/unicore/lib/Gc/Zs.pl", + "/usr/share/perl/5.36.0/unicore/lib/GrBase/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/GrExt/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/Hex/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/Hst/NA.pl", + "/usr/share/perl/5.36.0/unicore/lib/Hyphen/T.pl", + "/usr/share/perl/5.36.0/unicore/lib/IDC/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/IDS/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/IdStatus/Allowed.pl", + "/usr/share/perl/5.36.0/unicore/lib/IdStatus/Restrict.pl", + "/usr/share/perl/5.36.0/unicore/lib/IdType/DefaultI.pl", + "/usr/share/perl/5.36.0/unicore/lib/IdType/Exclusio.pl", + "/usr/share/perl/5.36.0/unicore/lib/IdType/Inclusio.pl", + "/usr/share/perl/5.36.0/unicore/lib/IdType/LimitedU.pl", + "/usr/share/perl/5.36.0/unicore/lib/IdType/NotChara.pl", + "/usr/share/perl/5.36.0/unicore/lib/IdType/NotNFKC.pl", + "/usr/share/perl/5.36.0/unicore/lib/IdType/NotXID.pl", + "/usr/share/perl/5.36.0/unicore/lib/IdType/Obsolete.pl", + "/usr/share/perl/5.36.0/unicore/lib/IdType/Recommen.pl", + "/usr/share/perl/5.36.0/unicore/lib/IdType/Technica.pl", + "/usr/share/perl/5.36.0/unicore/lib/IdType/Uncommon.pl", + "/usr/share/perl/5.36.0/unicore/lib/Ideo/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/In/10_0.pl", + "/usr/share/perl/5.36.0/unicore/lib/In/11_0.pl", + "/usr/share/perl/5.36.0/unicore/lib/In/12_0.pl", + "/usr/share/perl/5.36.0/unicore/lib/In/12_1.pl", + "/usr/share/perl/5.36.0/unicore/lib/In/13_0.pl", + "/usr/share/perl/5.36.0/unicore/lib/In/14_0.pl", + "/usr/share/perl/5.36.0/unicore/lib/In/2_0.pl", + "/usr/share/perl/5.36.0/unicore/lib/In/2_1.pl", + "/usr/share/perl/5.36.0/unicore/lib/In/3_0.pl", + "/usr/share/perl/5.36.0/unicore/lib/In/3_1.pl", + "/usr/share/perl/5.36.0/unicore/lib/In/3_2.pl", + "/usr/share/perl/5.36.0/unicore/lib/In/4_0.pl", + "/usr/share/perl/5.36.0/unicore/lib/In/4_1.pl", + "/usr/share/perl/5.36.0/unicore/lib/In/5_0.pl", + "/usr/share/perl/5.36.0/unicore/lib/In/5_1.pl", + "/usr/share/perl/5.36.0/unicore/lib/In/5_2.pl", + "/usr/share/perl/5.36.0/unicore/lib/In/6_0.pl", + "/usr/share/perl/5.36.0/unicore/lib/In/6_1.pl", + "/usr/share/perl/5.36.0/unicore/lib/In/6_2.pl", + "/usr/share/perl/5.36.0/unicore/lib/In/6_3.pl", + "/usr/share/perl/5.36.0/unicore/lib/In/7_0.pl", + "/usr/share/perl/5.36.0/unicore/lib/In/8_0.pl", + "/usr/share/perl/5.36.0/unicore/lib/In/9_0.pl", + "/usr/share/perl/5.36.0/unicore/lib/InPC/Bottom.pl", + "/usr/share/perl/5.36.0/unicore/lib/InPC/BottomAn.pl", + "/usr/share/perl/5.36.0/unicore/lib/InPC/Left.pl", + "/usr/share/perl/5.36.0/unicore/lib/InPC/LeftAndR.pl", + "/usr/share/perl/5.36.0/unicore/lib/InPC/NA.pl", + "/usr/share/perl/5.36.0/unicore/lib/InPC/Overstru.pl", + "/usr/share/perl/5.36.0/unicore/lib/InPC/Right.pl", + "/usr/share/perl/5.36.0/unicore/lib/InPC/Top.pl", + "/usr/share/perl/5.36.0/unicore/lib/InPC/TopAndBo.pl", + "/usr/share/perl/5.36.0/unicore/lib/InPC/TopAndL2.pl", + "/usr/share/perl/5.36.0/unicore/lib/InPC/TopAndLe.pl", + "/usr/share/perl/5.36.0/unicore/lib/InPC/TopAndRi.pl", + "/usr/share/perl/5.36.0/unicore/lib/InPC/VisualOr.pl", + "/usr/share/perl/5.36.0/unicore/lib/InSC/Avagraha.pl", + "/usr/share/perl/5.36.0/unicore/lib/InSC/Bindu.pl", + "/usr/share/perl/5.36.0/unicore/lib/InSC/Cantilla.pl", + "/usr/share/perl/5.36.0/unicore/lib/InSC/Consona2.pl", + "/usr/share/perl/5.36.0/unicore/lib/InSC/Consona3.pl", + "/usr/share/perl/5.36.0/unicore/lib/InSC/Consona4.pl", + "/usr/share/perl/5.36.0/unicore/lib/InSC/Consona5.pl", + "/usr/share/perl/5.36.0/unicore/lib/InSC/Consona6.pl", + "/usr/share/perl/5.36.0/unicore/lib/InSC/Consona7.pl", + "/usr/share/perl/5.36.0/unicore/lib/InSC/Consona8.pl", + "/usr/share/perl/5.36.0/unicore/lib/InSC/Consonan.pl", + "/usr/share/perl/5.36.0/unicore/lib/InSC/Invisibl.pl", + "/usr/share/perl/5.36.0/unicore/lib/InSC/Nukta.pl", + "/usr/share/perl/5.36.0/unicore/lib/InSC/Number.pl", + "/usr/share/perl/5.36.0/unicore/lib/InSC/Other.pl", + "/usr/share/perl/5.36.0/unicore/lib/InSC/PureKill.pl", + "/usr/share/perl/5.36.0/unicore/lib/InSC/Syllable.pl", + "/usr/share/perl/5.36.0/unicore/lib/InSC/ToneMark.pl", + "/usr/share/perl/5.36.0/unicore/lib/InSC/Virama.pl", + "/usr/share/perl/5.36.0/unicore/lib/InSC/Visarga.pl", + "/usr/share/perl/5.36.0/unicore/lib/InSC/Vowel.pl", + "/usr/share/perl/5.36.0/unicore/lib/InSC/VowelDep.pl", + "/usr/share/perl/5.36.0/unicore/lib/InSC/VowelInd.pl", + "/usr/share/perl/5.36.0/unicore/lib/Jg/Ain.pl", + "/usr/share/perl/5.36.0/unicore/lib/Jg/Alef.pl", + "/usr/share/perl/5.36.0/unicore/lib/Jg/Beh.pl", + "/usr/share/perl/5.36.0/unicore/lib/Jg/Dal.pl", + "/usr/share/perl/5.36.0/unicore/lib/Jg/FarsiYeh.pl", + "/usr/share/perl/5.36.0/unicore/lib/Jg/Feh.pl", + "/usr/share/perl/5.36.0/unicore/lib/Jg/Gaf.pl", + "/usr/share/perl/5.36.0/unicore/lib/Jg/Hah.pl", + "/usr/share/perl/5.36.0/unicore/lib/Jg/HanifiRo.pl", + "/usr/share/perl/5.36.0/unicore/lib/Jg/Kaf.pl", + "/usr/share/perl/5.36.0/unicore/lib/Jg/Lam.pl", + "/usr/share/perl/5.36.0/unicore/lib/Jg/NoJoinin.pl", + "/usr/share/perl/5.36.0/unicore/lib/Jg/Noon.pl", + "/usr/share/perl/5.36.0/unicore/lib/Jg/Qaf.pl", + "/usr/share/perl/5.36.0/unicore/lib/Jg/Reh.pl", + "/usr/share/perl/5.36.0/unicore/lib/Jg/Sad.pl", + "/usr/share/perl/5.36.0/unicore/lib/Jg/Seen.pl", + "/usr/share/perl/5.36.0/unicore/lib/Jg/Tah.pl", + "/usr/share/perl/5.36.0/unicore/lib/Jg/Waw.pl", + "/usr/share/perl/5.36.0/unicore/lib/Jg/Yeh.pl", + "/usr/share/perl/5.36.0/unicore/lib/Jt/C.pl", + "/usr/share/perl/5.36.0/unicore/lib/Jt/D.pl", + "/usr/share/perl/5.36.0/unicore/lib/Jt/L.pl", + "/usr/share/perl/5.36.0/unicore/lib/Jt/R.pl", + "/usr/share/perl/5.36.0/unicore/lib/Jt/T.pl", + "/usr/share/perl/5.36.0/unicore/lib/Jt/U.pl", + "/usr/share/perl/5.36.0/unicore/lib/Lb/AI.pl", + "/usr/share/perl/5.36.0/unicore/lib/Lb/AL.pl", + "/usr/share/perl/5.36.0/unicore/lib/Lb/BA.pl", + "/usr/share/perl/5.36.0/unicore/lib/Lb/BB.pl", + "/usr/share/perl/5.36.0/unicore/lib/Lb/CJ.pl", + "/usr/share/perl/5.36.0/unicore/lib/Lb/CL.pl", + "/usr/share/perl/5.36.0/unicore/lib/Lb/CM.pl", + "/usr/share/perl/5.36.0/unicore/lib/Lb/EX.pl", + "/usr/share/perl/5.36.0/unicore/lib/Lb/GL.pl", + "/usr/share/perl/5.36.0/unicore/lib/Lb/ID.pl", + "/usr/share/perl/5.36.0/unicore/lib/Lb/IN.pl", + "/usr/share/perl/5.36.0/unicore/lib/Lb/IS.pl", + "/usr/share/perl/5.36.0/unicore/lib/Lb/NS.pl", + "/usr/share/perl/5.36.0/unicore/lib/Lb/NU.pl", + "/usr/share/perl/5.36.0/unicore/lib/Lb/OP.pl", + "/usr/share/perl/5.36.0/unicore/lib/Lb/PO.pl", + "/usr/share/perl/5.36.0/unicore/lib/Lb/PR.pl", + "/usr/share/perl/5.36.0/unicore/lib/Lb/QU.pl", + "/usr/share/perl/5.36.0/unicore/lib/Lb/SA.pl", + "/usr/share/perl/5.36.0/unicore/lib/Lb/XX.pl", + "/usr/share/perl/5.36.0/unicore/lib/Lower/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/Math/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/NFCQC/M.pl", + "/usr/share/perl/5.36.0/unicore/lib/NFCQC/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/NFDQC/N.pl", + "/usr/share/perl/5.36.0/unicore/lib/NFDQC/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/NFKCQC/N.pl", + "/usr/share/perl/5.36.0/unicore/lib/NFKCQC/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/NFKDQC/N.pl", + "/usr/share/perl/5.36.0/unicore/lib/NFKDQC/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nt/Di.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nt/None.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nt/Nu.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/0.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/1.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/10.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/100.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/1000.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/10000.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/100000.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/11.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/12.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/13.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/14.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/15.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/16.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/17.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/18.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/19.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/1_16.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/1_2.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/1_3.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/1_4.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/1_6.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/1_8.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/2.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/20.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/200.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/2000.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/20000.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/2_3.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/3.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/30.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/300.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/3000.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/30000.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/3_16.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/3_4.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/4.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/40.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/400.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/4000.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/40000.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/5.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/50.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/500.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/5000.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/50000.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/6.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/60.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/600.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/6000.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/60000.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/7.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/70.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/700.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/7000.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/70000.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/8.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/80.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/800.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/8000.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/80000.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/9.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/90.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/900.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/9000.pl", + "/usr/share/perl/5.36.0/unicore/lib/Nv/90000.pl", + "/usr/share/perl/5.36.0/unicore/lib/PCM/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/PatSyn/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/Perl/Alnum.pl", + "/usr/share/perl/5.36.0/unicore/lib/Perl/Assigned.pl", + "/usr/share/perl/5.36.0/unicore/lib/Perl/Blank.pl", + "/usr/share/perl/5.36.0/unicore/lib/Perl/Graph.pl", + "/usr/share/perl/5.36.0/unicore/lib/Perl/PerlWord.pl", + "/usr/share/perl/5.36.0/unicore/lib/Perl/PosixPun.pl", + "/usr/share/perl/5.36.0/unicore/lib/Perl/Print.pl", + "/usr/share/perl/5.36.0/unicore/lib/Perl/SpacePer.pl", + "/usr/share/perl/5.36.0/unicore/lib/Perl/Title.pl", + "/usr/share/perl/5.36.0/unicore/lib/Perl/Word.pl", + "/usr/share/perl/5.36.0/unicore/lib/Perl/XPosixPu.pl", + "/usr/share/perl/5.36.0/unicore/lib/Perl/_PerlAny.pl", + "/usr/share/perl/5.36.0/unicore/lib/Perl/_PerlCh2.pl", + "/usr/share/perl/5.36.0/unicore/lib/Perl/_PerlCha.pl", + "/usr/share/perl/5.36.0/unicore/lib/Perl/_PerlFol.pl", + "/usr/share/perl/5.36.0/unicore/lib/Perl/_PerlIDC.pl", + "/usr/share/perl/5.36.0/unicore/lib/Perl/_PerlIDS.pl", + "/usr/share/perl/5.36.0/unicore/lib/Perl/_PerlIsI.pl", + "/usr/share/perl/5.36.0/unicore/lib/Perl/_PerlNch.pl", + "/usr/share/perl/5.36.0/unicore/lib/Perl/_PerlPat.pl", + "/usr/share/perl/5.36.0/unicore/lib/Perl/_PerlPr2.pl", + "/usr/share/perl/5.36.0/unicore/lib/Perl/_PerlPro.pl", + "/usr/share/perl/5.36.0/unicore/lib/Perl/_PerlQuo.pl", + "/usr/share/perl/5.36.0/unicore/lib/QMark/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/SB/AT.pl", + "/usr/share/perl/5.36.0/unicore/lib/SB/CL.pl", + "/usr/share/perl/5.36.0/unicore/lib/SB/EX.pl", + "/usr/share/perl/5.36.0/unicore/lib/SB/FO.pl", + "/usr/share/perl/5.36.0/unicore/lib/SB/LE.pl", + "/usr/share/perl/5.36.0/unicore/lib/SB/LO.pl", + "/usr/share/perl/5.36.0/unicore/lib/SB/NU.pl", + "/usr/share/perl/5.36.0/unicore/lib/SB/SC.pl", + "/usr/share/perl/5.36.0/unicore/lib/SB/ST.pl", + "/usr/share/perl/5.36.0/unicore/lib/SB/Sp.pl", + "/usr/share/perl/5.36.0/unicore/lib/SB/UP.pl", + "/usr/share/perl/5.36.0/unicore/lib/SB/XX.pl", + "/usr/share/perl/5.36.0/unicore/lib/SD/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/STerm/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Arab.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Beng.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Cprt.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Cyrl.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Deva.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Dupl.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Geor.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Glag.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Gong.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Gonm.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Gran.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Grek.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Gujr.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Guru.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Han.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Hang.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Hira.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Kana.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Knda.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Latn.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Limb.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Linb.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Mlym.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Mong.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Mult.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Orya.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Sinh.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Syrc.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Taml.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Telu.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Zinh.pl", + "/usr/share/perl/5.36.0/unicore/lib/Sc/Zyyy.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Adlm.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Arab.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Armn.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Beng.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Bhks.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Bopo.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Cakm.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Cham.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Copt.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Cprt.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Cyrl.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Deva.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Diak.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Dupl.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Ethi.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Geor.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Glag.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Gong.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Gonm.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Gran.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Grek.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Gujr.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Guru.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Han.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Hang.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Hebr.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Hira.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Hmng.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Hmnp.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Kana.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Khar.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Khmr.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Khoj.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Knda.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Kthi.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Lana.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Lao.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Latn.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Limb.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Lina.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Linb.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Mlym.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Mong.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Mult.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Mymr.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Nand.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Nko.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Orya.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Phlp.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Rohg.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Shrd.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Sind.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Sinh.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Syrc.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Tagb.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Takr.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Talu.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Taml.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Tang.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Telu.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Thaa.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Tibt.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Tirh.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Vith.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Xsux.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Yezi.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Yi.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Zinh.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Zyyy.pl", + "/usr/share/perl/5.36.0/unicore/lib/Scx/Zzzz.pl", + "/usr/share/perl/5.36.0/unicore/lib/Term/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/UIdeo/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/Upper/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/VS/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/Vo/R.pl", + "/usr/share/perl/5.36.0/unicore/lib/Vo/Tr.pl", + "/usr/share/perl/5.36.0/unicore/lib/Vo/Tu.pl", + "/usr/share/perl/5.36.0/unicore/lib/Vo/U.pl", + "/usr/share/perl/5.36.0/unicore/lib/WB/EX.pl", + "/usr/share/perl/5.36.0/unicore/lib/WB/Extend.pl", + "/usr/share/perl/5.36.0/unicore/lib/WB/FO.pl", + "/usr/share/perl/5.36.0/unicore/lib/WB/HL.pl", + "/usr/share/perl/5.36.0/unicore/lib/WB/KA.pl", + "/usr/share/perl/5.36.0/unicore/lib/WB/LE.pl", + "/usr/share/perl/5.36.0/unicore/lib/WB/MB.pl", + "/usr/share/perl/5.36.0/unicore/lib/WB/ML.pl", + "/usr/share/perl/5.36.0/unicore/lib/WB/MN.pl", + "/usr/share/perl/5.36.0/unicore/lib/WB/NU.pl", + "/usr/share/perl/5.36.0/unicore/lib/WB/WSegSpac.pl", + "/usr/share/perl/5.36.0/unicore/lib/WB/XX.pl", + "/usr/share/perl/5.36.0/unicore/lib/XIDC/Y.pl", + "/usr/share/perl/5.36.0/unicore/lib/XIDS/Y.pl", + "/usr/share/perl/5.36.0/unicore/uni_keywords.pl", + "/usr/share/perl/5.36.0/unicore/version", + "/usr/share/perl/5.36.0/utf8.pm", + "/usr/share/perl/5.36.0/vars.pm", + "/usr/share/perl/5.36.0/version.pm", + "/usr/share/perl/5.36.0/version.pod", + "/usr/share/perl/5.36.0/version/Internals.pod", + "/usr/share/perl/5.36.0/version/regex.pm", + "/usr/share/perl/5.36.0/vmsish.pm", + "/usr/share/perl/5.36.0/warnings.pm", + "/usr/share/perl/5.36.0/warnings/register.pm" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "procps@2:4.0.3-1ubuntu1.23.10.1", + "Name": "procps", + "Identifier": { + "PURL": "pkg:deb/ubuntu/procps@4.0.3-1ubuntu1.23.10.1?arch=amd64\u0026distro=ubuntu-23.10\u0026epoch=2", + "UID": "fcff75a13ceb8ff6" + }, + "Version": "4.0.3", + "Release": "1ubuntu1.23.10.1", + "Epoch": 2, + "Arch": "amd64", + "SrcName": "procps", + "SrcVersion": "4.0.3", + "SrcRelease": "1ubuntu1.23.10.1", + "SrcEpoch": 2, + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.0-or-later", + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "init-system-helpers@1.65.2ubuntu1", + "libc6@2.38-1ubuntu6.3", + "libncursesw6@6.4+20230625-2", + "libproc2-0@2:4.0.3-1ubuntu1.23.10.1", + "libtinfo6@6.4+20230625-2" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/bin/kill", + "/bin/ps", + "/sbin/sysctl", + "/usr/bin/free", + "/usr/bin/pgrep", + "/usr/bin/pidwait", + "/usr/bin/pmap", + "/usr/bin/pwdx", + "/usr/bin/skill", + "/usr/bin/slabtop", + "/usr/bin/tload", + "/usr/bin/top", + "/usr/bin/uptime", + "/usr/bin/vmstat", + "/usr/bin/w", + "/usr/bin/watch", + "/usr/lib/sysctl.d/99-protect-links.conf", + "/usr/share/bug/procps/presubj", + "/usr/share/doc/procps/FAQ.gz", + "/usr/share/doc/procps/README.Debian", + "/usr/share/doc/procps/bugs.md", + "/usr/share/doc/procps/copyright", + "/usr/share/doc/procps/examples/sysctl.conf", + "/usr/share/lintian/overrides/procps", + "/usr/share/man/de/man1/free.1.gz", + "/usr/share/man/de/man1/kill.1.gz", + "/usr/share/man/de/man1/pgrep.1.gz", + "/usr/share/man/de/man1/pidof.1.gz", + "/usr/share/man/de/man1/pmap.1.gz", + "/usr/share/man/de/man1/ps.1.gz", + "/usr/share/man/de/man1/pwdx.1.gz", + "/usr/share/man/de/man1/skill.1.gz", + "/usr/share/man/de/man1/slabtop.1.gz", + "/usr/share/man/de/man1/tload.1.gz", + "/usr/share/man/de/man1/uptime.1.gz", + "/usr/share/man/de/man1/w.1.gz", + "/usr/share/man/de/man1/watch.1.gz", + "/usr/share/man/de/man5/sysctl.conf.5.gz", + "/usr/share/man/de/man8/sysctl.8.gz", + "/usr/share/man/de/man8/vmstat.8.gz", + "/usr/share/man/fr/man1/free.1.gz", + "/usr/share/man/fr/man1/kill.1.gz", + "/usr/share/man/fr/man1/pmap.1.gz", + "/usr/share/man/fr/man1/ps.1.gz", + "/usr/share/man/fr/man1/pwdx.1.gz", + "/usr/share/man/fr/man1/skill.1.gz", + "/usr/share/man/fr/man1/slabtop.1.gz", + "/usr/share/man/fr/man1/tload.1.gz", + "/usr/share/man/fr/man1/uptime.1.gz", + "/usr/share/man/fr/man1/w.1.gz", + "/usr/share/man/fr/man1/watch.1.gz", + "/usr/share/man/fr/man5/sysctl.conf.5.gz", + "/usr/share/man/fr/man8/sysctl.8.gz", + "/usr/share/man/fr/man8/vmstat.8.gz", + "/usr/share/man/man1/free.1.gz", + "/usr/share/man/man1/kill.1.gz", + "/usr/share/man/man1/pgrep.1.gz", + "/usr/share/man/man1/pmap.1.gz", + "/usr/share/man/man1/ps.1.gz", + "/usr/share/man/man1/pwdx.1.gz", + "/usr/share/man/man1/skill.1.gz", + "/usr/share/man/man1/slabtop.1.gz", + "/usr/share/man/man1/tload.1.gz", + "/usr/share/man/man1/top.1.gz", + "/usr/share/man/man1/uptime.1.gz", + "/usr/share/man/man1/w.1.gz", + "/usr/share/man/man1/watch.1.gz", + "/usr/share/man/man3/procps.3.gz", + "/usr/share/man/man3/procps_misc.3.gz", + "/usr/share/man/man3/procps_pids.3.gz", + "/usr/share/man/man5/sysctl.conf.5.gz", + "/usr/share/man/man8/sysctl.8.gz", + "/usr/share/man/man8/vmstat.8.gz", + "/usr/share/man/pl/man1/free.1.gz", + "/usr/share/man/pl/man1/pgrep.1.gz", + "/usr/share/man/pl/man1/pmap.1.gz", + "/usr/share/man/pl/man1/uptime.1.gz", + "/usr/share/man/pl/man3/procps.3.gz", + "/usr/share/man/pl/man3/procps_misc.3.gz", + "/usr/share/man/pl/man3/procps_pids.3.gz", + "/usr/share/man/pl/man8/vmstat.8.gz", + "/usr/share/man/pt_BR/man1/free.1.gz", + "/usr/share/man/pt_BR/man1/kill.1.gz", + "/usr/share/man/pt_BR/man1/pmap.1.gz", + "/usr/share/man/pt_BR/man1/pwdx.1.gz", + "/usr/share/man/pt_BR/man1/skill.1.gz", + "/usr/share/man/pt_BR/man1/slabtop.1.gz", + "/usr/share/man/pt_BR/man1/tload.1.gz", + "/usr/share/man/pt_BR/man1/uptime.1.gz", + "/usr/share/man/pt_BR/man1/w.1.gz", + "/usr/share/man/pt_BR/man1/watch.1.gz", + "/usr/share/man/pt_BR/man5/sysctl.conf.5.gz", + "/usr/share/man/pt_BR/man8/sysctl.8.gz", + "/usr/share/man/pt_BR/man8/vmstat.8.gz", + "/usr/share/man/sv/man1/free.1.gz", + "/usr/share/man/sv/man1/kill.1.gz", + "/usr/share/man/sv/man1/pgrep.1.gz", + "/usr/share/man/sv/man1/pidof.1.gz", + "/usr/share/man/sv/man1/pmap.1.gz", + "/usr/share/man/sv/man1/ps.1.gz", + "/usr/share/man/sv/man1/pwdx.1.gz", + "/usr/share/man/sv/man1/skill.1.gz", + "/usr/share/man/sv/man1/slabtop.1.gz", + "/usr/share/man/sv/man1/tload.1.gz", + "/usr/share/man/sv/man1/top.1.gz", + "/usr/share/man/sv/man1/uptime.1.gz", + "/usr/share/man/sv/man1/w.1.gz", + "/usr/share/man/sv/man1/watch.1.gz", + "/usr/share/man/sv/man3/procps.3.gz", + "/usr/share/man/sv/man3/procps_misc.3.gz", + "/usr/share/man/sv/man3/procps_pids.3.gz", + "/usr/share/man/sv/man5/sysctl.conf.5.gz", + "/usr/share/man/sv/man8/sysctl.8.gz", + "/usr/share/man/sv/man8/vmstat.8.gz", + "/usr/share/man/uk/man1/free.1.gz", + "/usr/share/man/uk/man1/kill.1.gz", + "/usr/share/man/uk/man1/pgrep.1.gz", + "/usr/share/man/uk/man1/pidof.1.gz", + "/usr/share/man/uk/man1/pmap.1.gz", + "/usr/share/man/uk/man1/ps.1.gz", + "/usr/share/man/uk/man1/pwdx.1.gz", + "/usr/share/man/uk/man1/skill.1.gz", + "/usr/share/man/uk/man1/slabtop.1.gz", + "/usr/share/man/uk/man1/tload.1.gz", + "/usr/share/man/uk/man1/top.1.gz", + "/usr/share/man/uk/man1/uptime.1.gz", + "/usr/share/man/uk/man1/w.1.gz", + "/usr/share/man/uk/man1/watch.1.gz", + "/usr/share/man/uk/man3/procps.3.gz", + "/usr/share/man/uk/man3/procps_misc.3.gz", + "/usr/share/man/uk/man3/procps_pids.3.gz", + "/usr/share/man/uk/man5/sysctl.conf.5.gz", + "/usr/share/man/uk/man8/sysctl.8.gz", + "/usr/share/man/uk/man8/vmstat.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "sed@4.9-1", + "Name": "sed", + "Identifier": { + "PURL": "pkg:deb/ubuntu/sed@4.9-1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "6f9cf0fa7782e210" + }, + "Version": "4.9", + "Release": "1", + "Arch": "amd64", + "SrcName": "sed", + "SrcVersion": "4.9", + "SrcRelease": "1", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only", + "X11", + "GFDL-1.3-no-invariants-or-later", + "GFDL-1.3-only", + "ISC", + "BSD-4-Clause-UC", + "BSL-1", + "pcre" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/bin/sed", + "/usr/share/doc/sed/AUTHORS", + "/usr/share/doc/sed/BUGS.gz", + "/usr/share/doc/sed/NEWS.gz", + "/usr/share/doc/sed/README", + "/usr/share/doc/sed/THANKS.gz", + "/usr/share/doc/sed/changelog.Debian.gz", + "/usr/share/doc/sed/copyright", + "/usr/share/doc/sed/examples/dc.sed", + "/usr/share/doc/sed/sedfaq.txt.gz", + "/usr/share/info/sed.info.gz", + "/usr/share/man/man1/sed.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "sensible-utils@0.0.20", + "Name": "sensible-utils", + "Identifier": { + "PURL": "pkg:deb/ubuntu/sensible-utils@0.0.20?arch=all\u0026distro=ubuntu-23.10", + "UID": "27f913c6200324e6" + }, + "Version": "0.0.20", + "Arch": "all", + "SrcName": "sensible-utils", + "SrcVersion": "0.0.20", + "Licenses": [ + "GPL-2.0-or-later", + "All-permissive", + "configure", + "installsh", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/bin/select-editor", + "/usr/bin/sensible-browser", + "/usr/bin/sensible-editor", + "/usr/bin/sensible-pager", + "/usr/bin/sensible-terminal", + "/usr/lib/mime/packages/sensible-utils", + "/usr/share/doc/sensible-utils/changelog.gz", + "/usr/share/doc/sensible-utils/copyright", + "/usr/share/man/de/man1/select-editor.1.gz", + "/usr/share/man/de/man1/sensible-browser.1.gz", + "/usr/share/man/de/man1/sensible-pager.1.gz", + "/usr/share/man/fr/man1/select-editor.1.gz", + "/usr/share/man/fr/man1/sensible-browser.1.gz", + "/usr/share/man/fr/man1/sensible-editor.1.gz", + "/usr/share/man/fr/man1/sensible-pager.1.gz", + "/usr/share/man/man1/select-editor.1.gz", + "/usr/share/man/man1/sensible-browser.1.gz", + "/usr/share/man/man1/sensible-editor.1.gz", + "/usr/share/man/man1/sensible-pager.1.gz", + "/usr/share/man/man1/sensible-terminal.1.gz", + "/usr/share/man/pt/man1/select-editor.1.gz", + "/usr/share/man/pt/man1/sensible-browser.1.gz", + "/usr/share/man/pt/man1/sensible-pager.1.gz", + "/usr/share/sensible-utils/bin/gettext" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "sgml-base@1.31", + "Name": "sgml-base", + "Identifier": { + "PURL": "pkg:deb/ubuntu/sgml-base@1.31?arch=all\u0026distro=ubuntu-23.10", + "UID": "d74efaf2a0d360c5" + }, + "Version": "1.31", + "Arch": "all", + "SrcName": "sgml-base", + "SrcVersion": "1.31", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/usr/sbin/install-sgmlcatalog", + "/usr/sbin/update-catalog", + "/usr/share/doc/sgml-base/NEWS.Debian.gz", + "/usr/share/doc/sgml-base/README.Debian", + "/usr/share/doc/sgml-base/TODO", + "/usr/share/doc/sgml-base/changelog.gz", + "/usr/share/doc/sgml-base/copyright", + "/usr/share/doc/sgml-base/examples/postinst", + "/usr/share/doc/sgml-base/examples/postrm", + "/usr/share/doc/sgml-base/examples/prerm", + "/usr/share/lintian/overrides/sgml-base", + "/usr/share/man/man8/install-sgmlcatalog.8.gz", + "/usr/share/man/man8/update-catalog.8.gz", + "/usr/share/sgml-base/catalog.centralized", + "/usr/share/sgml-base/catalog.super", + "/usr/share/sgml-base/transitional.cat" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "squid@6.1-2ubuntu1.3", + "Name": "squid", + "Identifier": { + "PURL": "pkg:deb/ubuntu/squid@6.1-2ubuntu1.3?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "7d58078041a76e79" + }, + "Version": "6.1", + "Release": "2ubuntu1.3", + "Arch": "amd64", + "SrcName": "squid", + "SrcVersion": "6.1", + "SrcRelease": "2ubuntu1.3", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3", + "libcap2@1:2.66-4ubuntu1", + "libcom-err2@1.47.0-2ubuntu1", + "libcrypt1@1:4.4.36-2", + "libdbi-perl@1.643-4", + "libecap3@1.0.1-3.4ubuntu1", + "libgcc-s1@13.2.0-4ubuntu3", + "libgnutls30@3.8.1-4ubuntu1.3", + "libgssapi-krb5-2@1.20.1-3ubuntu1", + "libkrb5-3@1.20.1-3ubuntu1", + "libldap2@2.6.6+dfsg-1~exp1ubuntu1", + "libltdl7@2.4.7-7", + "libnettle8@3.9.1-2", + "libpam0g@1.5.2-6ubuntu1.1", + "libsasl2-2@2.1.28+dfsg1-3", + "libstdc++6@13.2.0-4ubuntu3", + "libsystemd0@253.5-1ubuntu6.1", + "libtdb1@1.4.9-2", + "logrotate@3.21.0-1", + "netbase@6.4", + "squid-common@6.1-2ubuntu1.3", + "ssl-cert@1.1.2ubuntu1" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/lib/systemd/system/squid.service", + "/usr/lib/squid/basic_db_auth", + "/usr/lib/squid/basic_fake_auth", + "/usr/lib/squid/basic_getpwnam_auth", + "/usr/lib/squid/basic_ldap_auth", + "/usr/lib/squid/basic_ncsa_auth", + "/usr/lib/squid/basic_pam_auth", + "/usr/lib/squid/basic_pop3_auth", + "/usr/lib/squid/basic_radius_auth", + "/usr/lib/squid/basic_sasl_auth", + "/usr/lib/squid/basic_smb_auth", + "/usr/lib/squid/basic_smb_auth.sh", + "/usr/lib/squid/cert_tool", + "/usr/lib/squid/digest_file_auth", + "/usr/lib/squid/digest_ldap_auth", + "/usr/lib/squid/diskd", + "/usr/lib/squid/ext_file_userip_acl", + "/usr/lib/squid/ext_kerberos_ldap_group_acl", + "/usr/lib/squid/ext_ldap_group_acl", + "/usr/lib/squid/ext_session_acl", + "/usr/lib/squid/ext_sql_session_acl", + "/usr/lib/squid/ext_time_quota_acl", + "/usr/lib/squid/ext_unix_group_acl", + "/usr/lib/squid/ext_wbinfo_group_acl", + "/usr/lib/squid/helper-mux", + "/usr/lib/squid/log_db_daemon", + "/usr/lib/squid/log_file_daemon", + "/usr/lib/squid/negotiate_kerberos_auth", + "/usr/lib/squid/negotiate_kerberos_auth_test", + "/usr/lib/squid/negotiate_wrapper_auth", + "/usr/lib/squid/ntlm_fake_auth", + "/usr/lib/squid/ntlm_smb_lm_auth", + "/usr/lib/squid/pinger", + "/usr/lib/squid/security_fake_certverify", + "/usr/lib/squid/storeid_file_rewrite", + "/usr/lib/squid/unlinkd", + "/usr/lib/squid/url_fake_rewrite", + "/usr/lib/squid/url_fake_rewrite.sh", + "/usr/lib/tmpfiles.d/squid.conf", + "/usr/sbin/squid", + "/usr/share/doc/squid/NEWS.Debian.gz", + "/usr/share/doc/squid/README.Debian", + "/usr/share/doc/squid/changelog.Debian.gz", + "/usr/share/doc/squid/copyright", + "/usr/share/man/man8/basic_db_auth.8.gz", + "/usr/share/man/man8/basic_getpwnam_auth.8.gz", + "/usr/share/man/man8/basic_ldap_auth.8.gz", + "/usr/share/man/man8/basic_ncsa_auth.8.gz", + "/usr/share/man/man8/basic_pam_auth.8.gz", + "/usr/share/man/man8/basic_pop3_auth.8.gz", + "/usr/share/man/man8/basic_radius_auth.8.gz", + "/usr/share/man/man8/basic_sasl_auth.8.gz", + "/usr/share/man/man8/digest_file_auth.8.gz", + "/usr/share/man/man8/ext_file_userip_acl.8.gz", + "/usr/share/man/man8/ext_ldap_group_acl.8.gz", + "/usr/share/man/man8/ext_session_acl.8.gz", + "/usr/share/man/man8/ext_sql_session_acl.8.gz", + "/usr/share/man/man8/ext_time_quota_acl.8.gz", + "/usr/share/man/man8/ext_unix_group_acl.8.gz", + "/usr/share/man/man8/ext_wbinfo_group_acl.8.gz", + "/usr/share/man/man8/log_db_daemon.8.gz", + "/usr/share/man/man8/negotiate_kerberos_auth.8.gz", + "/usr/share/man/man8/security_fake_certverify.8.gz", + "/usr/share/man/man8/squid.8.gz", + "/usr/share/man/man8/storeid_file_rewrite.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "squid-common@6.1-2ubuntu1.3", + "Name": "squid-common", + "Identifier": { + "PURL": "pkg:deb/ubuntu/squid-common@6.1-2ubuntu1.3?arch=all\u0026distro=ubuntu-23.10", + "UID": "799b8bc83634fc04" + }, + "Version": "6.1", + "Release": "2ubuntu1.3", + "Arch": "all", + "SrcName": "squid", + "SrcVersion": "6.1", + "SrcRelease": "2ubuntu1.3", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "squid-langpack@20220130-1" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/usr/share/doc/squid-common/CONTRIBUTORS.gz", + "/usr/share/doc/squid-common/CREDITS.gz", + "/usr/share/doc/squid-common/NEWS.Debian.gz", + "/usr/share/doc/squid-common/QUICKSTART", + "/usr/share/doc/squid-common/README", + "/usr/share/doc/squid-common/RELEASENOTES.html", + "/usr/share/doc/squid-common/SPONSORS.gz", + "/usr/share/doc/squid-common/changelog.Debian.gz", + "/usr/share/doc/squid-common/copyright", + "/usr/share/doc/squid-common/squid.conf.documented.gz", + "/usr/share/squid/icons/SN.png", + "/usr/share/squid/icons/silk/application.png", + "/usr/share/squid/icons/silk/arrow_up.png", + "/usr/share/squid/icons/silk/bomb.png", + "/usr/share/squid/icons/silk/box.png", + "/usr/share/squid/icons/silk/bricks.png", + "/usr/share/squid/icons/silk/bullet_red.png", + "/usr/share/squid/icons/silk/cd.png", + "/usr/share/squid/icons/silk/chart_line.png", + "/usr/share/squid/icons/silk/compress.png", + "/usr/share/squid/icons/silk/computer_link.png", + "/usr/share/squid/icons/silk/css.png", + "/usr/share/squid/icons/silk/cup.png", + "/usr/share/squid/icons/silk/database.png", + "/usr/share/squid/icons/silk/database_table.png", + "/usr/share/squid/icons/silk/drive_disk.png", + "/usr/share/squid/icons/silk/film.png", + "/usr/share/squid/icons/silk/film_key.png", + "/usr/share/squid/icons/silk/folder.png", + "/usr/share/squid/icons/silk/folder_table.png", + "/usr/share/squid/icons/silk/image.png", + "/usr/share/squid/icons/silk/information.png", + "/usr/share/squid/icons/silk/layers.png", + "/usr/share/squid/icons/silk/layout.png", + "/usr/share/squid/icons/silk/link.png", + "/usr/share/squid/icons/silk/music.png", + "/usr/share/squid/icons/silk/package.png", + "/usr/share/squid/icons/silk/package_go.png", + "/usr/share/squid/icons/silk/page_code.png", + "/usr/share/squid/icons/silk/page_excel.png", + "/usr/share/squid/icons/silk/page_green.png", + "/usr/share/squid/icons/silk/page_white.png", + "/usr/share/squid/icons/silk/page_white_acrobat.png", + "/usr/share/squid/icons/silk/page_white_c.png", + "/usr/share/squid/icons/silk/page_white_cplusplus.png", + "/usr/share/squid/icons/silk/page_white_flash.png", + "/usr/share/squid/icons/silk/page_white_magnify.png", + "/usr/share/squid/icons/silk/page_white_picture.png", + "/usr/share/squid/icons/silk/page_white_powerpoint.png", + "/usr/share/squid/icons/silk/page_white_stack.png", + "/usr/share/squid/icons/silk/page_white_text.png", + "/usr/share/squid/icons/silk/page_white_word.png", + "/usr/share/squid/icons/silk/page_white_zip.png", + "/usr/share/squid/icons/silk/page_world.png", + "/usr/share/squid/icons/silk/photo.png", + "/usr/share/squid/icons/silk/picture.png", + "/usr/share/squid/icons/silk/plugin.png", + "/usr/share/squid/icons/silk/plugin_add.png", + "/usr/share/squid/icons/silk/script.png", + "/usr/share/squid/icons/silk/script_gear.png", + "/usr/share/squid/icons/silk/script_palette.png", + "/usr/share/squid/mib.txt", + "/usr/share/squid/mime.conf" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "squid-langpack@20220130-1", + "Name": "squid-langpack", + "Identifier": { + "PURL": "pkg:deb/ubuntu/squid-langpack@20220130-1?arch=all\u0026distro=ubuntu-23.10", + "UID": "641a90f042701335" + }, + "Version": "20220130", + "Release": "1", + "Arch": "all", + "SrcName": "squid-langpack", + "SrcVersion": "20220130", + "SrcRelease": "1", + "Licenses": [ + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/usr/share/doc/squid-langpack/changelog.Debian.gz", + "/usr/share/doc/squid-langpack/copyright", + "/usr/share/squid-langpack/af/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/af/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/af/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/af/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/af/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/af/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/af/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/af/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/af/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/af/ERR_DIR_LISTING", + "/usr/share/squid-langpack/af/ERR_DNS_FAIL", + "/usr/share/squid-langpack/af/ERR_ESI", + "/usr/share/squid-langpack/af/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/af/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/af/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/af/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/af/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/af/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/af/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/af/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/af/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/af/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/af/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/af/ERR_INVALID_REQ", + "/usr/share/squid-langpack/af/ERR_INVALID_RESP", + "/usr/share/squid-langpack/af/ERR_INVALID_URL", + "/usr/share/squid-langpack/af/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/af/ERR_NO_RELAY", + "/usr/share/squid-langpack/af/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/af/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/af/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/af/ERR_READ_ERROR", + "/usr/share/squid-langpack/af/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/af/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/af/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/af/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/af/ERR_TOO_BIG", + "/usr/share/squid-langpack/af/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/af/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/af/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/af/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/af/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/af/error-details.txt", + "/usr/share/squid-langpack/ar/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/ar/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/ar/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/ar/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/ar/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/ar/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/ar/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/ar/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/ar/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/ar/ERR_DIR_LISTING", + "/usr/share/squid-langpack/ar/ERR_DNS_FAIL", + "/usr/share/squid-langpack/ar/ERR_ESI", + "/usr/share/squid-langpack/ar/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/ar/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/ar/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/ar/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/ar/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/ar/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/ar/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/ar/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/ar/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/ar/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/ar/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/ar/ERR_INVALID_REQ", + "/usr/share/squid-langpack/ar/ERR_INVALID_RESP", + "/usr/share/squid-langpack/ar/ERR_INVALID_URL", + "/usr/share/squid-langpack/ar/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/ar/ERR_NO_RELAY", + "/usr/share/squid-langpack/ar/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/ar/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/ar/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/ar/ERR_READ_ERROR", + "/usr/share/squid-langpack/ar/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/ar/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/ar/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/ar/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/ar/ERR_TOO_BIG", + "/usr/share/squid-langpack/ar/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/ar/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/ar/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/ar/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/ar/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/ar/error-details.txt", + "/usr/share/squid-langpack/az/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/az/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/az/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/az/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/az/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/az/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/az/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/az/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/az/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/az/ERR_DIR_LISTING", + "/usr/share/squid-langpack/az/ERR_DNS_FAIL", + "/usr/share/squid-langpack/az/ERR_ESI", + "/usr/share/squid-langpack/az/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/az/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/az/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/az/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/az/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/az/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/az/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/az/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/az/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/az/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/az/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/az/ERR_INVALID_REQ", + "/usr/share/squid-langpack/az/ERR_INVALID_RESP", + "/usr/share/squid-langpack/az/ERR_INVALID_URL", + "/usr/share/squid-langpack/az/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/az/ERR_NO_RELAY", + "/usr/share/squid-langpack/az/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/az/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/az/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/az/ERR_READ_ERROR", + "/usr/share/squid-langpack/az/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/az/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/az/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/az/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/az/ERR_TOO_BIG", + "/usr/share/squid-langpack/az/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/az/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/az/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/az/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/az/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/az/error-details.txt", + "/usr/share/squid-langpack/bg/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/bg/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/bg/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/bg/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/bg/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/bg/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/bg/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/bg/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/bg/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/bg/ERR_DIR_LISTING", + "/usr/share/squid-langpack/bg/ERR_DNS_FAIL", + "/usr/share/squid-langpack/bg/ERR_ESI", + "/usr/share/squid-langpack/bg/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/bg/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/bg/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/bg/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/bg/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/bg/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/bg/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/bg/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/bg/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/bg/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/bg/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/bg/ERR_INVALID_REQ", + "/usr/share/squid-langpack/bg/ERR_INVALID_RESP", + "/usr/share/squid-langpack/bg/ERR_INVALID_URL", + "/usr/share/squid-langpack/bg/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/bg/ERR_NO_RELAY", + "/usr/share/squid-langpack/bg/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/bg/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/bg/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/bg/ERR_READ_ERROR", + "/usr/share/squid-langpack/bg/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/bg/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/bg/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/bg/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/bg/ERR_TOO_BIG", + "/usr/share/squid-langpack/bg/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/bg/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/bg/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/bg/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/bg/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/bg/error-details.txt", + "/usr/share/squid-langpack/ca/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/ca/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/ca/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/ca/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/ca/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/ca/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/ca/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/ca/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/ca/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/ca/ERR_DIR_LISTING", + "/usr/share/squid-langpack/ca/ERR_DNS_FAIL", + "/usr/share/squid-langpack/ca/ERR_ESI", + "/usr/share/squid-langpack/ca/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/ca/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/ca/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/ca/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/ca/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/ca/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/ca/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/ca/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/ca/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/ca/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/ca/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/ca/ERR_INVALID_REQ", + "/usr/share/squid-langpack/ca/ERR_INVALID_RESP", + "/usr/share/squid-langpack/ca/ERR_INVALID_URL", + "/usr/share/squid-langpack/ca/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/ca/ERR_NO_RELAY", + "/usr/share/squid-langpack/ca/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/ca/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/ca/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/ca/ERR_READ_ERROR", + "/usr/share/squid-langpack/ca/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/ca/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/ca/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/ca/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/ca/ERR_TOO_BIG", + "/usr/share/squid-langpack/ca/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/ca/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/ca/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/ca/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/ca/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/ca/error-details.txt", + "/usr/share/squid-langpack/cs/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/cs/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/cs/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/cs/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/cs/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/cs/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/cs/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/cs/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/cs/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/cs/ERR_DIR_LISTING", + "/usr/share/squid-langpack/cs/ERR_DNS_FAIL", + "/usr/share/squid-langpack/cs/ERR_ESI", + "/usr/share/squid-langpack/cs/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/cs/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/cs/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/cs/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/cs/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/cs/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/cs/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/cs/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/cs/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/cs/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/cs/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/cs/ERR_INVALID_REQ", + "/usr/share/squid-langpack/cs/ERR_INVALID_RESP", + "/usr/share/squid-langpack/cs/ERR_INVALID_URL", + "/usr/share/squid-langpack/cs/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/cs/ERR_NO_RELAY", + "/usr/share/squid-langpack/cs/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/cs/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/cs/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/cs/ERR_READ_ERROR", + "/usr/share/squid-langpack/cs/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/cs/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/cs/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/cs/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/cs/ERR_TOO_BIG", + "/usr/share/squid-langpack/cs/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/cs/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/cs/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/cs/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/cs/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/cs/error-details.txt", + "/usr/share/squid-langpack/da/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/da/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/da/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/da/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/da/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/da/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/da/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/da/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/da/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/da/ERR_DIR_LISTING", + "/usr/share/squid-langpack/da/ERR_DNS_FAIL", + "/usr/share/squid-langpack/da/ERR_ESI", + "/usr/share/squid-langpack/da/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/da/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/da/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/da/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/da/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/da/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/da/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/da/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/da/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/da/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/da/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/da/ERR_INVALID_REQ", + "/usr/share/squid-langpack/da/ERR_INVALID_RESP", + "/usr/share/squid-langpack/da/ERR_INVALID_URL", + "/usr/share/squid-langpack/da/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/da/ERR_NO_RELAY", + "/usr/share/squid-langpack/da/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/da/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/da/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/da/ERR_READ_ERROR", + "/usr/share/squid-langpack/da/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/da/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/da/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/da/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/da/ERR_TOO_BIG", + "/usr/share/squid-langpack/da/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/da/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/da/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/da/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/da/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/da/error-details.txt", + "/usr/share/squid-langpack/de/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/de/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/de/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/de/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/de/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/de/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/de/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/de/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/de/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/de/ERR_DIR_LISTING", + "/usr/share/squid-langpack/de/ERR_DNS_FAIL", + "/usr/share/squid-langpack/de/ERR_ESI", + "/usr/share/squid-langpack/de/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/de/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/de/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/de/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/de/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/de/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/de/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/de/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/de/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/de/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/de/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/de/ERR_INVALID_REQ", + "/usr/share/squid-langpack/de/ERR_INVALID_RESP", + "/usr/share/squid-langpack/de/ERR_INVALID_URL", + "/usr/share/squid-langpack/de/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/de/ERR_NO_RELAY", + "/usr/share/squid-langpack/de/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/de/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/de/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/de/ERR_READ_ERROR", + "/usr/share/squid-langpack/de/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/de/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/de/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/de/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/de/ERR_TOO_BIG", + "/usr/share/squid-langpack/de/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/de/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/de/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/de/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/de/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/de/error-details.txt", + "/usr/share/squid-langpack/el/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/el/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/el/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/el/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/el/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/el/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/el/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/el/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/el/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/el/ERR_DIR_LISTING", + "/usr/share/squid-langpack/el/ERR_DNS_FAIL", + "/usr/share/squid-langpack/el/ERR_ESI", + "/usr/share/squid-langpack/el/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/el/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/el/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/el/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/el/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/el/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/el/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/el/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/el/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/el/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/el/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/el/ERR_INVALID_REQ", + "/usr/share/squid-langpack/el/ERR_INVALID_RESP", + "/usr/share/squid-langpack/el/ERR_INVALID_URL", + "/usr/share/squid-langpack/el/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/el/ERR_NO_RELAY", + "/usr/share/squid-langpack/el/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/el/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/el/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/el/ERR_READ_ERROR", + "/usr/share/squid-langpack/el/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/el/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/el/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/el/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/el/ERR_TOO_BIG", + "/usr/share/squid-langpack/el/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/el/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/el/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/el/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/el/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/el/error-details.txt", + "/usr/share/squid-langpack/en/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/en/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/en/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/en/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/en/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/en/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/en/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/en/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/en/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/en/ERR_DIR_LISTING", + "/usr/share/squid-langpack/en/ERR_DNS_FAIL", + "/usr/share/squid-langpack/en/ERR_ESI", + "/usr/share/squid-langpack/en/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/en/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/en/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/en/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/en/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/en/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/en/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/en/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/en/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/en/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/en/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/en/ERR_INVALID_REQ", + "/usr/share/squid-langpack/en/ERR_INVALID_RESP", + "/usr/share/squid-langpack/en/ERR_INVALID_URL", + "/usr/share/squid-langpack/en/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/en/ERR_NO_RELAY", + "/usr/share/squid-langpack/en/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/en/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/en/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/en/ERR_READ_ERROR", + "/usr/share/squid-langpack/en/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/en/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/en/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/en/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/en/ERR_TOO_BIG", + "/usr/share/squid-langpack/en/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/en/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/en/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/en/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/en/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/en/error-details.txt", + "/usr/share/squid-langpack/es/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/es/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/es/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/es/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/es/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/es/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/es/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/es/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/es/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/es/ERR_DIR_LISTING", + "/usr/share/squid-langpack/es/ERR_DNS_FAIL", + "/usr/share/squid-langpack/es/ERR_ESI", + "/usr/share/squid-langpack/es/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/es/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/es/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/es/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/es/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/es/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/es/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/es/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/es/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/es/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/es/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/es/ERR_INVALID_REQ", + "/usr/share/squid-langpack/es/ERR_INVALID_RESP", + "/usr/share/squid-langpack/es/ERR_INVALID_URL", + "/usr/share/squid-langpack/es/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/es/ERR_NO_RELAY", + "/usr/share/squid-langpack/es/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/es/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/es/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/es/ERR_READ_ERROR", + "/usr/share/squid-langpack/es/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/es/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/es/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/es/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/es/ERR_TOO_BIG", + "/usr/share/squid-langpack/es/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/es/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/es/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/es/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/es/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/es/error-details.txt", + "/usr/share/squid-langpack/et/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/et/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/et/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/et/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/et/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/et/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/et/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/et/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/et/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/et/ERR_DIR_LISTING", + "/usr/share/squid-langpack/et/ERR_DNS_FAIL", + "/usr/share/squid-langpack/et/ERR_ESI", + "/usr/share/squid-langpack/et/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/et/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/et/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/et/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/et/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/et/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/et/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/et/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/et/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/et/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/et/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/et/ERR_INVALID_REQ", + "/usr/share/squid-langpack/et/ERR_INVALID_RESP", + "/usr/share/squid-langpack/et/ERR_INVALID_URL", + "/usr/share/squid-langpack/et/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/et/ERR_NO_RELAY", + "/usr/share/squid-langpack/et/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/et/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/et/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/et/ERR_READ_ERROR", + "/usr/share/squid-langpack/et/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/et/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/et/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/et/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/et/ERR_TOO_BIG", + "/usr/share/squid-langpack/et/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/et/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/et/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/et/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/et/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/et/error-details.txt", + "/usr/share/squid-langpack/fa/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/fa/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/fa/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/fa/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/fa/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/fa/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/fa/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/fa/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/fa/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/fa/ERR_DIR_LISTING", + "/usr/share/squid-langpack/fa/ERR_DNS_FAIL", + "/usr/share/squid-langpack/fa/ERR_ESI", + "/usr/share/squid-langpack/fa/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/fa/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/fa/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/fa/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/fa/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/fa/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/fa/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/fa/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/fa/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/fa/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/fa/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/fa/ERR_INVALID_REQ", + "/usr/share/squid-langpack/fa/ERR_INVALID_RESP", + "/usr/share/squid-langpack/fa/ERR_INVALID_URL", + "/usr/share/squid-langpack/fa/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/fa/ERR_NO_RELAY", + "/usr/share/squid-langpack/fa/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/fa/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/fa/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/fa/ERR_READ_ERROR", + "/usr/share/squid-langpack/fa/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/fa/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/fa/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/fa/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/fa/ERR_TOO_BIG", + "/usr/share/squid-langpack/fa/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/fa/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/fa/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/fa/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/fa/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/fa/error-details.txt", + "/usr/share/squid-langpack/fi/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/fi/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/fi/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/fi/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/fi/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/fi/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/fi/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/fi/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/fi/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/fi/ERR_DIR_LISTING", + "/usr/share/squid-langpack/fi/ERR_DNS_FAIL", + "/usr/share/squid-langpack/fi/ERR_ESI", + "/usr/share/squid-langpack/fi/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/fi/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/fi/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/fi/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/fi/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/fi/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/fi/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/fi/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/fi/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/fi/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/fi/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/fi/ERR_INVALID_REQ", + "/usr/share/squid-langpack/fi/ERR_INVALID_RESP", + "/usr/share/squid-langpack/fi/ERR_INVALID_URL", + "/usr/share/squid-langpack/fi/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/fi/ERR_NO_RELAY", + "/usr/share/squid-langpack/fi/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/fi/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/fi/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/fi/ERR_READ_ERROR", + "/usr/share/squid-langpack/fi/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/fi/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/fi/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/fi/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/fi/ERR_TOO_BIG", + "/usr/share/squid-langpack/fi/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/fi/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/fi/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/fi/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/fi/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/fi/error-details.txt", + "/usr/share/squid-langpack/fr/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/fr/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/fr/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/fr/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/fr/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/fr/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/fr/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/fr/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/fr/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/fr/ERR_DIR_LISTING", + "/usr/share/squid-langpack/fr/ERR_DNS_FAIL", + "/usr/share/squid-langpack/fr/ERR_ESI", + "/usr/share/squid-langpack/fr/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/fr/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/fr/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/fr/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/fr/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/fr/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/fr/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/fr/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/fr/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/fr/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/fr/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/fr/ERR_INVALID_REQ", + "/usr/share/squid-langpack/fr/ERR_INVALID_RESP", + "/usr/share/squid-langpack/fr/ERR_INVALID_URL", + "/usr/share/squid-langpack/fr/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/fr/ERR_NO_RELAY", + "/usr/share/squid-langpack/fr/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/fr/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/fr/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/fr/ERR_READ_ERROR", + "/usr/share/squid-langpack/fr/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/fr/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/fr/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/fr/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/fr/ERR_TOO_BIG", + "/usr/share/squid-langpack/fr/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/fr/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/fr/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/fr/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/fr/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/fr/error-details.txt", + "/usr/share/squid-langpack/he/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/he/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/he/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/he/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/he/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/he/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/he/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/he/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/he/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/he/ERR_DIR_LISTING", + "/usr/share/squid-langpack/he/ERR_DNS_FAIL", + "/usr/share/squid-langpack/he/ERR_ESI", + "/usr/share/squid-langpack/he/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/he/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/he/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/he/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/he/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/he/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/he/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/he/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/he/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/he/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/he/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/he/ERR_INVALID_REQ", + "/usr/share/squid-langpack/he/ERR_INVALID_RESP", + "/usr/share/squid-langpack/he/ERR_INVALID_URL", + "/usr/share/squid-langpack/he/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/he/ERR_NO_RELAY", + "/usr/share/squid-langpack/he/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/he/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/he/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/he/ERR_READ_ERROR", + "/usr/share/squid-langpack/he/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/he/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/he/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/he/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/he/ERR_TOO_BIG", + "/usr/share/squid-langpack/he/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/he/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/he/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/he/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/he/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/he/error-details.txt", + "/usr/share/squid-langpack/hu/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/hu/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/hu/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/hu/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/hu/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/hu/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/hu/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/hu/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/hu/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/hu/ERR_DIR_LISTING", + "/usr/share/squid-langpack/hu/ERR_DNS_FAIL", + "/usr/share/squid-langpack/hu/ERR_ESI", + "/usr/share/squid-langpack/hu/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/hu/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/hu/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/hu/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/hu/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/hu/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/hu/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/hu/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/hu/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/hu/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/hu/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/hu/ERR_INVALID_REQ", + "/usr/share/squid-langpack/hu/ERR_INVALID_RESP", + "/usr/share/squid-langpack/hu/ERR_INVALID_URL", + "/usr/share/squid-langpack/hu/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/hu/ERR_NO_RELAY", + "/usr/share/squid-langpack/hu/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/hu/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/hu/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/hu/ERR_READ_ERROR", + "/usr/share/squid-langpack/hu/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/hu/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/hu/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/hu/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/hu/ERR_TOO_BIG", + "/usr/share/squid-langpack/hu/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/hu/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/hu/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/hu/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/hu/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/hu/error-details.txt", + "/usr/share/squid-langpack/hy/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/hy/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/hy/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/hy/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/hy/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/hy/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/hy/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/hy/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/hy/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/hy/ERR_DIR_LISTING", + "/usr/share/squid-langpack/hy/ERR_DNS_FAIL", + "/usr/share/squid-langpack/hy/ERR_ESI", + "/usr/share/squid-langpack/hy/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/hy/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/hy/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/hy/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/hy/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/hy/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/hy/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/hy/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/hy/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/hy/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/hy/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/hy/ERR_INVALID_REQ", + "/usr/share/squid-langpack/hy/ERR_INVALID_RESP", + "/usr/share/squid-langpack/hy/ERR_INVALID_URL", + "/usr/share/squid-langpack/hy/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/hy/ERR_NO_RELAY", + "/usr/share/squid-langpack/hy/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/hy/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/hy/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/hy/ERR_READ_ERROR", + "/usr/share/squid-langpack/hy/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/hy/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/hy/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/hy/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/hy/ERR_TOO_BIG", + "/usr/share/squid-langpack/hy/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/hy/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/hy/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/hy/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/hy/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/hy/error-details.txt", + "/usr/share/squid-langpack/id/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/id/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/id/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/id/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/id/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/id/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/id/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/id/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/id/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/id/ERR_DIR_LISTING", + "/usr/share/squid-langpack/id/ERR_DNS_FAIL", + "/usr/share/squid-langpack/id/ERR_ESI", + "/usr/share/squid-langpack/id/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/id/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/id/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/id/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/id/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/id/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/id/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/id/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/id/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/id/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/id/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/id/ERR_INVALID_REQ", + "/usr/share/squid-langpack/id/ERR_INVALID_RESP", + "/usr/share/squid-langpack/id/ERR_INVALID_URL", + "/usr/share/squid-langpack/id/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/id/ERR_NO_RELAY", + "/usr/share/squid-langpack/id/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/id/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/id/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/id/ERR_READ_ERROR", + "/usr/share/squid-langpack/id/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/id/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/id/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/id/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/id/ERR_TOO_BIG", + "/usr/share/squid-langpack/id/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/id/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/id/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/id/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/id/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/id/error-details.txt", + "/usr/share/squid-langpack/it/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/it/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/it/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/it/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/it/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/it/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/it/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/it/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/it/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/it/ERR_DIR_LISTING", + "/usr/share/squid-langpack/it/ERR_DNS_FAIL", + "/usr/share/squid-langpack/it/ERR_ESI", + "/usr/share/squid-langpack/it/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/it/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/it/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/it/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/it/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/it/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/it/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/it/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/it/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/it/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/it/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/it/ERR_INVALID_REQ", + "/usr/share/squid-langpack/it/ERR_INVALID_RESP", + "/usr/share/squid-langpack/it/ERR_INVALID_URL", + "/usr/share/squid-langpack/it/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/it/ERR_NO_RELAY", + "/usr/share/squid-langpack/it/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/it/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/it/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/it/ERR_READ_ERROR", + "/usr/share/squid-langpack/it/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/it/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/it/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/it/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/it/ERR_TOO_BIG", + "/usr/share/squid-langpack/it/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/it/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/it/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/it/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/it/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/it/error-details.txt", + "/usr/share/squid-langpack/ja/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/ja/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/ja/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/ja/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/ja/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/ja/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/ja/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/ja/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/ja/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/ja/ERR_DIR_LISTING", + "/usr/share/squid-langpack/ja/ERR_DNS_FAIL", + "/usr/share/squid-langpack/ja/ERR_ESI", + "/usr/share/squid-langpack/ja/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/ja/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/ja/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/ja/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/ja/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/ja/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/ja/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/ja/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/ja/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/ja/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/ja/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/ja/ERR_INVALID_REQ", + "/usr/share/squid-langpack/ja/ERR_INVALID_RESP", + "/usr/share/squid-langpack/ja/ERR_INVALID_URL", + "/usr/share/squid-langpack/ja/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/ja/ERR_NO_RELAY", + "/usr/share/squid-langpack/ja/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/ja/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/ja/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/ja/ERR_READ_ERROR", + "/usr/share/squid-langpack/ja/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/ja/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/ja/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/ja/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/ja/ERR_TOO_BIG", + "/usr/share/squid-langpack/ja/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/ja/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/ja/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/ja/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/ja/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/ja/error-details.txt", + "/usr/share/squid-langpack/ka/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/ka/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/ka/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/ka/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/ka/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/ka/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/ka/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/ka/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/ka/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/ka/ERR_DIR_LISTING", + "/usr/share/squid-langpack/ka/ERR_DNS_FAIL", + "/usr/share/squid-langpack/ka/ERR_ESI", + "/usr/share/squid-langpack/ka/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/ka/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/ka/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/ka/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/ka/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/ka/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/ka/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/ka/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/ka/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/ka/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/ka/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/ka/ERR_INVALID_REQ", + "/usr/share/squid-langpack/ka/ERR_INVALID_RESP", + "/usr/share/squid-langpack/ka/ERR_INVALID_URL", + "/usr/share/squid-langpack/ka/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/ka/ERR_NO_RELAY", + "/usr/share/squid-langpack/ka/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/ka/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/ka/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/ka/ERR_READ_ERROR", + "/usr/share/squid-langpack/ka/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/ka/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/ka/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/ka/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/ka/ERR_TOO_BIG", + "/usr/share/squid-langpack/ka/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/ka/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/ka/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/ka/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/ka/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/ka/error-details.txt", + "/usr/share/squid-langpack/ko/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/ko/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/ko/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/ko/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/ko/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/ko/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/ko/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/ko/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/ko/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/ko/ERR_DIR_LISTING", + "/usr/share/squid-langpack/ko/ERR_DNS_FAIL", + "/usr/share/squid-langpack/ko/ERR_ESI", + "/usr/share/squid-langpack/ko/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/ko/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/ko/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/ko/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/ko/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/ko/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/ko/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/ko/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/ko/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/ko/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/ko/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/ko/ERR_INVALID_REQ", + "/usr/share/squid-langpack/ko/ERR_INVALID_RESP", + "/usr/share/squid-langpack/ko/ERR_INVALID_URL", + "/usr/share/squid-langpack/ko/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/ko/ERR_NO_RELAY", + "/usr/share/squid-langpack/ko/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/ko/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/ko/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/ko/ERR_READ_ERROR", + "/usr/share/squid-langpack/ko/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/ko/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/ko/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/ko/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/ko/ERR_TOO_BIG", + "/usr/share/squid-langpack/ko/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/ko/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/ko/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/ko/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/ko/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/ko/error-details.txt", + "/usr/share/squid-langpack/lt/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/lt/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/lt/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/lt/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/lt/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/lt/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/lt/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/lt/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/lt/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/lt/ERR_DIR_LISTING", + "/usr/share/squid-langpack/lt/ERR_DNS_FAIL", + "/usr/share/squid-langpack/lt/ERR_ESI", + "/usr/share/squid-langpack/lt/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/lt/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/lt/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/lt/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/lt/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/lt/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/lt/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/lt/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/lt/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/lt/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/lt/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/lt/ERR_INVALID_REQ", + "/usr/share/squid-langpack/lt/ERR_INVALID_RESP", + "/usr/share/squid-langpack/lt/ERR_INVALID_URL", + "/usr/share/squid-langpack/lt/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/lt/ERR_NO_RELAY", + "/usr/share/squid-langpack/lt/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/lt/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/lt/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/lt/ERR_READ_ERROR", + "/usr/share/squid-langpack/lt/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/lt/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/lt/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/lt/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/lt/ERR_TOO_BIG", + "/usr/share/squid-langpack/lt/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/lt/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/lt/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/lt/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/lt/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/lt/error-details.txt", + "/usr/share/squid-langpack/lv/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/lv/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/lv/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/lv/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/lv/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/lv/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/lv/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/lv/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/lv/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/lv/ERR_DIR_LISTING", + "/usr/share/squid-langpack/lv/ERR_DNS_FAIL", + "/usr/share/squid-langpack/lv/ERR_ESI", + "/usr/share/squid-langpack/lv/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/lv/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/lv/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/lv/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/lv/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/lv/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/lv/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/lv/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/lv/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/lv/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/lv/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/lv/ERR_INVALID_REQ", + "/usr/share/squid-langpack/lv/ERR_INVALID_RESP", + "/usr/share/squid-langpack/lv/ERR_INVALID_URL", + "/usr/share/squid-langpack/lv/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/lv/ERR_NO_RELAY", + "/usr/share/squid-langpack/lv/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/lv/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/lv/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/lv/ERR_READ_ERROR", + "/usr/share/squid-langpack/lv/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/lv/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/lv/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/lv/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/lv/ERR_TOO_BIG", + "/usr/share/squid-langpack/lv/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/lv/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/lv/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/lv/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/lv/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/lv/error-details.txt", + "/usr/share/squid-langpack/ms/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/ms/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/ms/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/ms/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/ms/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/ms/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/ms/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/ms/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/ms/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/ms/ERR_DIR_LISTING", + "/usr/share/squid-langpack/ms/ERR_DNS_FAIL", + "/usr/share/squid-langpack/ms/ERR_ESI", + "/usr/share/squid-langpack/ms/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/ms/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/ms/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/ms/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/ms/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/ms/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/ms/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/ms/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/ms/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/ms/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/ms/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/ms/ERR_INVALID_REQ", + "/usr/share/squid-langpack/ms/ERR_INVALID_RESP", + "/usr/share/squid-langpack/ms/ERR_INVALID_URL", + "/usr/share/squid-langpack/ms/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/ms/ERR_NO_RELAY", + "/usr/share/squid-langpack/ms/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/ms/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/ms/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/ms/ERR_READ_ERROR", + "/usr/share/squid-langpack/ms/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/ms/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/ms/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/ms/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/ms/ERR_TOO_BIG", + "/usr/share/squid-langpack/ms/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/ms/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/ms/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/ms/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/ms/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/ms/error-details.txt", + "/usr/share/squid-langpack/nl/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/nl/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/nl/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/nl/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/nl/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/nl/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/nl/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/nl/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/nl/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/nl/ERR_DIR_LISTING", + "/usr/share/squid-langpack/nl/ERR_DNS_FAIL", + "/usr/share/squid-langpack/nl/ERR_ESI", + "/usr/share/squid-langpack/nl/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/nl/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/nl/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/nl/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/nl/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/nl/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/nl/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/nl/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/nl/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/nl/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/nl/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/nl/ERR_INVALID_REQ", + "/usr/share/squid-langpack/nl/ERR_INVALID_RESP", + "/usr/share/squid-langpack/nl/ERR_INVALID_URL", + "/usr/share/squid-langpack/nl/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/nl/ERR_NO_RELAY", + "/usr/share/squid-langpack/nl/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/nl/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/nl/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/nl/ERR_READ_ERROR", + "/usr/share/squid-langpack/nl/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/nl/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/nl/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/nl/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/nl/ERR_TOO_BIG", + "/usr/share/squid-langpack/nl/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/nl/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/nl/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/nl/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/nl/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/nl/error-details.txt", + "/usr/share/squid-langpack/oc/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/oc/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/oc/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/oc/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/oc/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/oc/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/oc/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/oc/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/oc/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/oc/ERR_DIR_LISTING", + "/usr/share/squid-langpack/oc/ERR_DNS_FAIL", + "/usr/share/squid-langpack/oc/ERR_ESI", + "/usr/share/squid-langpack/oc/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/oc/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/oc/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/oc/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/oc/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/oc/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/oc/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/oc/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/oc/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/oc/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/oc/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/oc/ERR_INVALID_REQ", + "/usr/share/squid-langpack/oc/ERR_INVALID_RESP", + "/usr/share/squid-langpack/oc/ERR_INVALID_URL", + "/usr/share/squid-langpack/oc/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/oc/ERR_NO_RELAY", + "/usr/share/squid-langpack/oc/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/oc/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/oc/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/oc/ERR_READ_ERROR", + "/usr/share/squid-langpack/oc/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/oc/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/oc/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/oc/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/oc/ERR_TOO_BIG", + "/usr/share/squid-langpack/oc/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/oc/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/oc/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/oc/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/oc/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/oc/error-details.txt", + "/usr/share/squid-langpack/pl/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/pl/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/pl/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/pl/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/pl/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/pl/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/pl/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/pl/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/pl/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/pl/ERR_DIR_LISTING", + "/usr/share/squid-langpack/pl/ERR_DNS_FAIL", + "/usr/share/squid-langpack/pl/ERR_ESI", + "/usr/share/squid-langpack/pl/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/pl/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/pl/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/pl/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/pl/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/pl/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/pl/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/pl/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/pl/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/pl/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/pl/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/pl/ERR_INVALID_REQ", + "/usr/share/squid-langpack/pl/ERR_INVALID_RESP", + "/usr/share/squid-langpack/pl/ERR_INVALID_URL", + "/usr/share/squid-langpack/pl/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/pl/ERR_NO_RELAY", + "/usr/share/squid-langpack/pl/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/pl/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/pl/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/pl/ERR_READ_ERROR", + "/usr/share/squid-langpack/pl/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/pl/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/pl/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/pl/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/pl/ERR_TOO_BIG", + "/usr/share/squid-langpack/pl/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/pl/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/pl/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/pl/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/pl/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/pl/error-details.txt", + "/usr/share/squid-langpack/pt-br/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/pt-br/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/pt-br/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/pt-br/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/pt-br/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/pt-br/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/pt-br/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/pt-br/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/pt-br/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/pt-br/ERR_DIR_LISTING", + "/usr/share/squid-langpack/pt-br/ERR_DNS_FAIL", + "/usr/share/squid-langpack/pt-br/ERR_ESI", + "/usr/share/squid-langpack/pt-br/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/pt-br/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/pt-br/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/pt-br/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/pt-br/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/pt-br/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/pt-br/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/pt-br/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/pt-br/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/pt-br/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/pt-br/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/pt-br/ERR_INVALID_REQ", + "/usr/share/squid-langpack/pt-br/ERR_INVALID_RESP", + "/usr/share/squid-langpack/pt-br/ERR_INVALID_URL", + "/usr/share/squid-langpack/pt-br/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/pt-br/ERR_NO_RELAY", + "/usr/share/squid-langpack/pt-br/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/pt-br/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/pt-br/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/pt-br/ERR_READ_ERROR", + "/usr/share/squid-langpack/pt-br/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/pt-br/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/pt-br/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/pt-br/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/pt-br/ERR_TOO_BIG", + "/usr/share/squid-langpack/pt-br/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/pt-br/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/pt-br/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/pt-br/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/pt-br/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/pt-br/error-details.txt", + "/usr/share/squid-langpack/pt/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/pt/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/pt/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/pt/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/pt/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/pt/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/pt/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/pt/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/pt/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/pt/ERR_DIR_LISTING", + "/usr/share/squid-langpack/pt/ERR_DNS_FAIL", + "/usr/share/squid-langpack/pt/ERR_ESI", + "/usr/share/squid-langpack/pt/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/pt/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/pt/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/pt/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/pt/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/pt/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/pt/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/pt/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/pt/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/pt/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/pt/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/pt/ERR_INVALID_REQ", + "/usr/share/squid-langpack/pt/ERR_INVALID_RESP", + "/usr/share/squid-langpack/pt/ERR_INVALID_URL", + "/usr/share/squid-langpack/pt/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/pt/ERR_NO_RELAY", + "/usr/share/squid-langpack/pt/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/pt/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/pt/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/pt/ERR_READ_ERROR", + "/usr/share/squid-langpack/pt/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/pt/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/pt/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/pt/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/pt/ERR_TOO_BIG", + "/usr/share/squid-langpack/pt/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/pt/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/pt/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/pt/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/pt/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/pt/error-details.txt", + "/usr/share/squid-langpack/ro/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/ro/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/ro/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/ro/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/ro/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/ro/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/ro/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/ro/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/ro/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/ro/ERR_DIR_LISTING", + "/usr/share/squid-langpack/ro/ERR_DNS_FAIL", + "/usr/share/squid-langpack/ro/ERR_ESI", + "/usr/share/squid-langpack/ro/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/ro/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/ro/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/ro/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/ro/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/ro/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/ro/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/ro/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/ro/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/ro/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/ro/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/ro/ERR_INVALID_REQ", + "/usr/share/squid-langpack/ro/ERR_INVALID_RESP", + "/usr/share/squid-langpack/ro/ERR_INVALID_URL", + "/usr/share/squid-langpack/ro/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/ro/ERR_NO_RELAY", + "/usr/share/squid-langpack/ro/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/ro/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/ro/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/ro/ERR_READ_ERROR", + "/usr/share/squid-langpack/ro/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/ro/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/ro/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/ro/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/ro/ERR_TOO_BIG", + "/usr/share/squid-langpack/ro/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/ro/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/ro/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/ro/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/ro/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/ro/error-details.txt", + "/usr/share/squid-langpack/ru/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/ru/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/ru/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/ru/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/ru/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/ru/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/ru/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/ru/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/ru/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/ru/ERR_DIR_LISTING", + "/usr/share/squid-langpack/ru/ERR_DNS_FAIL", + "/usr/share/squid-langpack/ru/ERR_ESI", + "/usr/share/squid-langpack/ru/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/ru/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/ru/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/ru/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/ru/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/ru/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/ru/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/ru/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/ru/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/ru/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/ru/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/ru/ERR_INVALID_REQ", + "/usr/share/squid-langpack/ru/ERR_INVALID_RESP", + "/usr/share/squid-langpack/ru/ERR_INVALID_URL", + "/usr/share/squid-langpack/ru/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/ru/ERR_NO_RELAY", + "/usr/share/squid-langpack/ru/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/ru/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/ru/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/ru/ERR_READ_ERROR", + "/usr/share/squid-langpack/ru/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/ru/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/ru/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/ru/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/ru/ERR_TOO_BIG", + "/usr/share/squid-langpack/ru/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/ru/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/ru/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/ru/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/ru/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/ru/error-details.txt", + "/usr/share/squid-langpack/sk/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/sk/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/sk/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/sk/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/sk/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/sk/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/sk/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/sk/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/sk/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/sk/ERR_DIR_LISTING", + "/usr/share/squid-langpack/sk/ERR_DNS_FAIL", + "/usr/share/squid-langpack/sk/ERR_ESI", + "/usr/share/squid-langpack/sk/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/sk/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/sk/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/sk/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/sk/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/sk/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/sk/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/sk/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/sk/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/sk/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/sk/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/sk/ERR_INVALID_REQ", + "/usr/share/squid-langpack/sk/ERR_INVALID_RESP", + "/usr/share/squid-langpack/sk/ERR_INVALID_URL", + "/usr/share/squid-langpack/sk/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/sk/ERR_NO_RELAY", + "/usr/share/squid-langpack/sk/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/sk/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/sk/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/sk/ERR_READ_ERROR", + "/usr/share/squid-langpack/sk/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/sk/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/sk/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/sk/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/sk/ERR_TOO_BIG", + "/usr/share/squid-langpack/sk/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/sk/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/sk/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/sk/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/sk/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/sk/error-details.txt", + "/usr/share/squid-langpack/sl/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/sl/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/sl/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/sl/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/sl/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/sl/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/sl/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/sl/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/sl/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/sl/ERR_DIR_LISTING", + "/usr/share/squid-langpack/sl/ERR_DNS_FAIL", + "/usr/share/squid-langpack/sl/ERR_ESI", + "/usr/share/squid-langpack/sl/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/sl/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/sl/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/sl/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/sl/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/sl/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/sl/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/sl/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/sl/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/sl/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/sl/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/sl/ERR_INVALID_REQ", + "/usr/share/squid-langpack/sl/ERR_INVALID_RESP", + "/usr/share/squid-langpack/sl/ERR_INVALID_URL", + "/usr/share/squid-langpack/sl/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/sl/ERR_NO_RELAY", + "/usr/share/squid-langpack/sl/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/sl/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/sl/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/sl/ERR_READ_ERROR", + "/usr/share/squid-langpack/sl/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/sl/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/sl/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/sl/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/sl/ERR_TOO_BIG", + "/usr/share/squid-langpack/sl/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/sl/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/sl/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/sl/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/sl/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/sl/error-details.txt", + "/usr/share/squid-langpack/sr-cyrl/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/sr-cyrl/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/sr-cyrl/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/sr-cyrl/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/sr-cyrl/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/sr-cyrl/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/sr-cyrl/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/sr-cyrl/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/sr-cyrl/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/sr-cyrl/ERR_DIR_LISTING", + "/usr/share/squid-langpack/sr-cyrl/ERR_DNS_FAIL", + "/usr/share/squid-langpack/sr-cyrl/ERR_ESI", + "/usr/share/squid-langpack/sr-cyrl/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/sr-cyrl/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/sr-cyrl/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/sr-cyrl/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/sr-cyrl/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/sr-cyrl/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/sr-cyrl/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/sr-cyrl/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/sr-cyrl/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/sr-cyrl/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/sr-cyrl/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/sr-cyrl/ERR_INVALID_REQ", + "/usr/share/squid-langpack/sr-cyrl/ERR_INVALID_RESP", + "/usr/share/squid-langpack/sr-cyrl/ERR_INVALID_URL", + "/usr/share/squid-langpack/sr-cyrl/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/sr-cyrl/ERR_NO_RELAY", + "/usr/share/squid-langpack/sr-cyrl/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/sr-cyrl/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/sr-cyrl/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/sr-cyrl/ERR_READ_ERROR", + "/usr/share/squid-langpack/sr-cyrl/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/sr-cyrl/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/sr-cyrl/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/sr-cyrl/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/sr-cyrl/ERR_TOO_BIG", + "/usr/share/squid-langpack/sr-cyrl/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/sr-cyrl/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/sr-cyrl/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/sr-cyrl/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/sr-cyrl/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/sr-cyrl/error-details.txt", + "/usr/share/squid-langpack/sr-latn/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/sr-latn/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/sr-latn/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/sr-latn/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/sr-latn/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/sr-latn/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/sr-latn/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/sr-latn/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/sr-latn/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/sr-latn/ERR_DIR_LISTING", + "/usr/share/squid-langpack/sr-latn/ERR_DNS_FAIL", + "/usr/share/squid-langpack/sr-latn/ERR_ESI", + "/usr/share/squid-langpack/sr-latn/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/sr-latn/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/sr-latn/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/sr-latn/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/sr-latn/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/sr-latn/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/sr-latn/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/sr-latn/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/sr-latn/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/sr-latn/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/sr-latn/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/sr-latn/ERR_INVALID_REQ", + "/usr/share/squid-langpack/sr-latn/ERR_INVALID_RESP", + "/usr/share/squid-langpack/sr-latn/ERR_INVALID_URL", + "/usr/share/squid-langpack/sr-latn/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/sr-latn/ERR_NO_RELAY", + "/usr/share/squid-langpack/sr-latn/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/sr-latn/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/sr-latn/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/sr-latn/ERR_READ_ERROR", + "/usr/share/squid-langpack/sr-latn/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/sr-latn/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/sr-latn/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/sr-latn/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/sr-latn/ERR_TOO_BIG", + "/usr/share/squid-langpack/sr-latn/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/sr-latn/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/sr-latn/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/sr-latn/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/sr-latn/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/sr-latn/error-details.txt", + "/usr/share/squid-langpack/sv/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/sv/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/sv/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/sv/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/sv/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/sv/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/sv/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/sv/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/sv/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/sv/ERR_DIR_LISTING", + "/usr/share/squid-langpack/sv/ERR_DNS_FAIL", + "/usr/share/squid-langpack/sv/ERR_ESI", + "/usr/share/squid-langpack/sv/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/sv/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/sv/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/sv/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/sv/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/sv/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/sv/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/sv/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/sv/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/sv/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/sv/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/sv/ERR_INVALID_REQ", + "/usr/share/squid-langpack/sv/ERR_INVALID_RESP", + "/usr/share/squid-langpack/sv/ERR_INVALID_URL", + "/usr/share/squid-langpack/sv/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/sv/ERR_NO_RELAY", + "/usr/share/squid-langpack/sv/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/sv/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/sv/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/sv/ERR_READ_ERROR", + "/usr/share/squid-langpack/sv/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/sv/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/sv/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/sv/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/sv/ERR_TOO_BIG", + "/usr/share/squid-langpack/sv/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/sv/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/sv/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/sv/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/sv/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/sv/error-details.txt", + "/usr/share/squid-langpack/templates/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/templates/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/templates/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/templates/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/templates/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/templates/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/templates/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/templates/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/templates/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/templates/ERR_DIR_LISTING", + "/usr/share/squid-langpack/templates/ERR_DNS_FAIL", + "/usr/share/squid-langpack/templates/ERR_ESI", + "/usr/share/squid-langpack/templates/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/templates/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/templates/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/templates/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/templates/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/templates/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/templates/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/templates/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/templates/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/templates/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/templates/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/templates/ERR_INVALID_REQ", + "/usr/share/squid-langpack/templates/ERR_INVALID_RESP", + "/usr/share/squid-langpack/templates/ERR_INVALID_URL", + "/usr/share/squid-langpack/templates/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/templates/ERR_NO_RELAY", + "/usr/share/squid-langpack/templates/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/templates/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/templates/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/templates/ERR_READ_ERROR", + "/usr/share/squid-langpack/templates/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/templates/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/templates/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/templates/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/templates/ERR_TOO_BIG", + "/usr/share/squid-langpack/templates/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/templates/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/templates/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/templates/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/templates/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/templates/error-details.txt", + "/usr/share/squid-langpack/templates/generic", + "/usr/share/squid-langpack/th/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/th/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/th/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/th/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/th/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/th/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/th/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/th/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/th/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/th/ERR_DIR_LISTING", + "/usr/share/squid-langpack/th/ERR_DNS_FAIL", + "/usr/share/squid-langpack/th/ERR_ESI", + "/usr/share/squid-langpack/th/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/th/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/th/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/th/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/th/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/th/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/th/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/th/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/th/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/th/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/th/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/th/ERR_INVALID_REQ", + "/usr/share/squid-langpack/th/ERR_INVALID_RESP", + "/usr/share/squid-langpack/th/ERR_INVALID_URL", + "/usr/share/squid-langpack/th/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/th/ERR_NO_RELAY", + "/usr/share/squid-langpack/th/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/th/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/th/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/th/ERR_READ_ERROR", + "/usr/share/squid-langpack/th/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/th/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/th/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/th/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/th/ERR_TOO_BIG", + "/usr/share/squid-langpack/th/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/th/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/th/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/th/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/th/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/th/error-details.txt", + "/usr/share/squid-langpack/tr/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/tr/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/tr/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/tr/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/tr/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/tr/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/tr/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/tr/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/tr/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/tr/ERR_DIR_LISTING", + "/usr/share/squid-langpack/tr/ERR_DNS_FAIL", + "/usr/share/squid-langpack/tr/ERR_ESI", + "/usr/share/squid-langpack/tr/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/tr/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/tr/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/tr/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/tr/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/tr/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/tr/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/tr/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/tr/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/tr/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/tr/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/tr/ERR_INVALID_REQ", + "/usr/share/squid-langpack/tr/ERR_INVALID_RESP", + "/usr/share/squid-langpack/tr/ERR_INVALID_URL", + "/usr/share/squid-langpack/tr/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/tr/ERR_NO_RELAY", + "/usr/share/squid-langpack/tr/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/tr/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/tr/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/tr/ERR_READ_ERROR", + "/usr/share/squid-langpack/tr/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/tr/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/tr/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/tr/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/tr/ERR_TOO_BIG", + "/usr/share/squid-langpack/tr/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/tr/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/tr/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/tr/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/tr/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/tr/error-details.txt", + "/usr/share/squid-langpack/uk/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/uk/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/uk/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/uk/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/uk/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/uk/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/uk/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/uk/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/uk/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/uk/ERR_DIR_LISTING", + "/usr/share/squid-langpack/uk/ERR_DNS_FAIL", + "/usr/share/squid-langpack/uk/ERR_ESI", + "/usr/share/squid-langpack/uk/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/uk/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/uk/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/uk/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/uk/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/uk/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/uk/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/uk/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/uk/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/uk/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/uk/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/uk/ERR_INVALID_REQ", + "/usr/share/squid-langpack/uk/ERR_INVALID_RESP", + "/usr/share/squid-langpack/uk/ERR_INVALID_URL", + "/usr/share/squid-langpack/uk/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/uk/ERR_NO_RELAY", + "/usr/share/squid-langpack/uk/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/uk/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/uk/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/uk/ERR_READ_ERROR", + "/usr/share/squid-langpack/uk/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/uk/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/uk/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/uk/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/uk/ERR_TOO_BIG", + "/usr/share/squid-langpack/uk/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/uk/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/uk/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/uk/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/uk/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/uk/error-details.txt", + "/usr/share/squid-langpack/uz/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/uz/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/uz/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/uz/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/uz/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/uz/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/uz/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/uz/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/uz/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/uz/ERR_DIR_LISTING", + "/usr/share/squid-langpack/uz/ERR_DNS_FAIL", + "/usr/share/squid-langpack/uz/ERR_ESI", + "/usr/share/squid-langpack/uz/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/uz/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/uz/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/uz/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/uz/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/uz/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/uz/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/uz/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/uz/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/uz/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/uz/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/uz/ERR_INVALID_REQ", + "/usr/share/squid-langpack/uz/ERR_INVALID_RESP", + "/usr/share/squid-langpack/uz/ERR_INVALID_URL", + "/usr/share/squid-langpack/uz/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/uz/ERR_NO_RELAY", + "/usr/share/squid-langpack/uz/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/uz/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/uz/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/uz/ERR_READ_ERROR", + "/usr/share/squid-langpack/uz/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/uz/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/uz/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/uz/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/uz/ERR_TOO_BIG", + "/usr/share/squid-langpack/uz/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/uz/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/uz/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/uz/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/uz/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/uz/error-details.txt", + "/usr/share/squid-langpack/vi/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/vi/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/vi/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/vi/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/vi/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/vi/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/vi/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/vi/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/vi/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/vi/ERR_DIR_LISTING", + "/usr/share/squid-langpack/vi/ERR_DNS_FAIL", + "/usr/share/squid-langpack/vi/ERR_ESI", + "/usr/share/squid-langpack/vi/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/vi/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/vi/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/vi/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/vi/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/vi/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/vi/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/vi/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/vi/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/vi/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/vi/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/vi/ERR_INVALID_REQ", + "/usr/share/squid-langpack/vi/ERR_INVALID_RESP", + "/usr/share/squid-langpack/vi/ERR_INVALID_URL", + "/usr/share/squid-langpack/vi/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/vi/ERR_NO_RELAY", + "/usr/share/squid-langpack/vi/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/vi/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/vi/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/vi/ERR_READ_ERROR", + "/usr/share/squid-langpack/vi/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/vi/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/vi/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/vi/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/vi/ERR_TOO_BIG", + "/usr/share/squid-langpack/vi/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/vi/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/vi/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/vi/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/vi/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/vi/error-details.txt", + "/usr/share/squid-langpack/zh-hans/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/zh-hans/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/zh-hans/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/zh-hans/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/zh-hans/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/zh-hans/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/zh-hans/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/zh-hans/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/zh-hans/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/zh-hans/ERR_DIR_LISTING", + "/usr/share/squid-langpack/zh-hans/ERR_DNS_FAIL", + "/usr/share/squid-langpack/zh-hans/ERR_ESI", + "/usr/share/squid-langpack/zh-hans/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/zh-hans/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/zh-hans/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/zh-hans/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/zh-hans/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/zh-hans/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/zh-hans/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/zh-hans/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/zh-hans/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/zh-hans/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/zh-hans/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/zh-hans/ERR_INVALID_REQ", + "/usr/share/squid-langpack/zh-hans/ERR_INVALID_RESP", + "/usr/share/squid-langpack/zh-hans/ERR_INVALID_URL", + "/usr/share/squid-langpack/zh-hans/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/zh-hans/ERR_NO_RELAY", + "/usr/share/squid-langpack/zh-hans/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/zh-hans/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/zh-hans/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/zh-hans/ERR_READ_ERROR", + "/usr/share/squid-langpack/zh-hans/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/zh-hans/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/zh-hans/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/zh-hans/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/zh-hans/ERR_TOO_BIG", + "/usr/share/squid-langpack/zh-hans/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/zh-hans/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/zh-hans/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/zh-hans/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/zh-hans/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/zh-hans/error-details.txt", + "/usr/share/squid-langpack/zh-hant/ERR_ACCESS_DENIED", + "/usr/share/squid-langpack/zh-hant/ERR_ACL_TIME_QUOTA_EXCEEDED", + "/usr/share/squid-langpack/zh-hant/ERR_AGENT_CONFIGURE", + "/usr/share/squid-langpack/zh-hant/ERR_AGENT_WPAD", + "/usr/share/squid-langpack/zh-hant/ERR_CACHE_ACCESS_DENIED", + "/usr/share/squid-langpack/zh-hant/ERR_CACHE_MGR_ACCESS_DENIED", + "/usr/share/squid-langpack/zh-hant/ERR_CANNOT_FORWARD", + "/usr/share/squid-langpack/zh-hant/ERR_CONFLICT_HOST", + "/usr/share/squid-langpack/zh-hant/ERR_CONNECT_FAIL", + "/usr/share/squid-langpack/zh-hant/ERR_DIR_LISTING", + "/usr/share/squid-langpack/zh-hant/ERR_DNS_FAIL", + "/usr/share/squid-langpack/zh-hant/ERR_ESI", + "/usr/share/squid-langpack/zh-hant/ERR_FORWARDING_DENIED", + "/usr/share/squid-langpack/zh-hant/ERR_FTP_DISABLED", + "/usr/share/squid-langpack/zh-hant/ERR_FTP_FAILURE", + "/usr/share/squid-langpack/zh-hant/ERR_FTP_FORBIDDEN", + "/usr/share/squid-langpack/zh-hant/ERR_FTP_NOT_FOUND", + "/usr/share/squid-langpack/zh-hant/ERR_FTP_PUT_CREATED", + "/usr/share/squid-langpack/zh-hant/ERR_FTP_PUT_ERROR", + "/usr/share/squid-langpack/zh-hant/ERR_FTP_PUT_MODIFIED", + "/usr/share/squid-langpack/zh-hant/ERR_FTP_UNAVAILABLE", + "/usr/share/squid-langpack/zh-hant/ERR_GATEWAY_FAILURE", + "/usr/share/squid-langpack/zh-hant/ERR_ICAP_FAILURE", + "/usr/share/squid-langpack/zh-hant/ERR_INVALID_REQ", + "/usr/share/squid-langpack/zh-hant/ERR_INVALID_RESP", + "/usr/share/squid-langpack/zh-hant/ERR_INVALID_URL", + "/usr/share/squid-langpack/zh-hant/ERR_LIFETIME_EXP", + "/usr/share/squid-langpack/zh-hant/ERR_NO_RELAY", + "/usr/share/squid-langpack/zh-hant/ERR_ONLY_IF_CACHED_MISS", + "/usr/share/squid-langpack/zh-hant/ERR_PRECONDITION_FAILED", + "/usr/share/squid-langpack/zh-hant/ERR_PROTOCOL_UNKNOWN", + "/usr/share/squid-langpack/zh-hant/ERR_READ_ERROR", + "/usr/share/squid-langpack/zh-hant/ERR_READ_TIMEOUT", + "/usr/share/squid-langpack/zh-hant/ERR_SECURE_CONNECT_FAIL", + "/usr/share/squid-langpack/zh-hant/ERR_SHUTTING_DOWN", + "/usr/share/squid-langpack/zh-hant/ERR_SOCKET_FAILURE", + "/usr/share/squid-langpack/zh-hant/ERR_TOO_BIG", + "/usr/share/squid-langpack/zh-hant/ERR_UNSUP_HTTPVERSION", + "/usr/share/squid-langpack/zh-hant/ERR_UNSUP_REQ", + "/usr/share/squid-langpack/zh-hant/ERR_URN_RESOLVE", + "/usr/share/squid-langpack/zh-hant/ERR_WRITE_ERROR", + "/usr/share/squid-langpack/zh-hant/ERR_ZERO_SIZE_OBJECT", + "/usr/share/squid-langpack/zh-hant/error-details.txt" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "ssl-cert@1.1.2ubuntu1", + "Name": "ssl-cert", + "Identifier": { + "PURL": "pkg:deb/ubuntu/ssl-cert@1.1.2ubuntu1?arch=all\u0026distro=ubuntu-23.10", + "UID": "4824ac50bab9f39c" + }, + "Version": "1.1.2ubuntu1", + "Arch": "all", + "SrcName": "ssl-cert", + "SrcVersion": "1.1.2ubuntu1", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "adduser@3.137ubuntu1", + "debconf@1.5.82", + "openssl@3.0.10-1ubuntu2.3" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/lib/systemd/system/ssl-cert.service", + "/usr/sbin/make-ssl-cert", + "/usr/share/doc/ssl-cert/README", + "/usr/share/doc/ssl-cert/changelog.gz", + "/usr/share/doc/ssl-cert/copyright", + "/usr/share/lintian/overrides/ssl-cert", + "/usr/share/man/man8/make-ssl-cert.8.gz", + "/usr/share/ssl-cert/ssleay.cnf" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "sysvinit-utils@3.07-1ubuntu1", + "Name": "sysvinit-utils", + "Identifier": { + "PURL": "pkg:deb/ubuntu/sysvinit-utils@3.07-1ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "402f4bbfc9e12f38" + }, + "Version": "3.07", + "Release": "1ubuntu1", + "Arch": "amd64", + "SrcName": "sysvinit", + "SrcVersion": "3.07", + "SrcRelease": "1ubuntu1", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-3.0-only", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/lib/init/init-d-script", + "/lib/init/vars.sh", + "/lib/lsb/init-functions", + "/lib/lsb/init-functions.d/00-verbose", + "/lib/lsb/init-functions.d/50-ubuntu-logging", + "/sbin/fstab-decode", + "/sbin/killall5", + "/usr/share/doc/sysvinit-utils/changelog.Debian.gz", + "/usr/share/doc/sysvinit-utils/copyright", + "/usr/share/man/man5/init-d-script.5.gz", + "/usr/share/man/man8/fstab-decode.8.gz", + "/usr/share/man/man8/killall5.8.gz", + "/usr/share/man/man8/pidof.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "tar@1.34+dfsg-1.2ubuntu1.1", + "Name": "tar", + "Identifier": { + "PURL": "pkg:deb/ubuntu/tar@1.34%2Bdfsg-1.2ubuntu1.1?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "2b20e625deefbe93" + }, + "Version": "1.34+dfsg", + "Release": "1.2ubuntu1.1", + "Arch": "amd64", + "SrcName": "tar", + "SrcVersion": "1.34+dfsg", + "SrcRelease": "1.2ubuntu1.1", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "LGPL-3.0-or-later", + "LGPL-3.0-only", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/bin/tar", + "/usr/lib/mime/packages/tar", + "/usr/sbin/rmt-tar", + "/usr/sbin/tarcat", + "/usr/share/doc/tar/AUTHORS", + "/usr/share/doc/tar/NEWS.gz", + "/usr/share/doc/tar/README.Debian", + "/usr/share/doc/tar/THANKS.gz", + "/usr/share/doc/tar/changelog.Debian.gz", + "/usr/share/doc/tar/copyright", + "/usr/share/man/man1/tar.1.gz", + "/usr/share/man/man1/tarcat.1.gz", + "/usr/share/man/man8/rmt-tar.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "tzdata@2024a-0ubuntu0.23.10", + "Name": "tzdata", + "Identifier": { + "PURL": "pkg:deb/ubuntu/tzdata@2024a-0ubuntu0.23.10?arch=all\u0026distro=ubuntu-23.10", + "UID": "60d79e9200dc59d5" + }, + "Version": "2024a", + "Release": "0ubuntu0.23.10", + "Arch": "all", + "SrcName": "tzdata", + "SrcVersion": "2024a", + "SrcRelease": "0ubuntu0.23.10", + "Licenses": [ + "public-domain", + "ICU" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.82" + ], + "Layer": { + "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", + "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" + }, + "InstalledFiles": [ + "/usr/share/doc/tzdata/NEWS.gz", + "/usr/share/doc/tzdata/README.Debian", + "/usr/share/doc/tzdata/changelog.Debian.gz", + "/usr/share/doc/tzdata/copyright", + "/usr/share/lintian/overrides/tzdata", + "/usr/share/zoneinfo/Africa/Abidjan", + "/usr/share/zoneinfo/Africa/Accra", + "/usr/share/zoneinfo/Africa/Addis_Ababa", + "/usr/share/zoneinfo/Africa/Algiers", + "/usr/share/zoneinfo/Africa/Asmara", + "/usr/share/zoneinfo/Africa/Bamako", + "/usr/share/zoneinfo/Africa/Bangui", + "/usr/share/zoneinfo/Africa/Banjul", + "/usr/share/zoneinfo/Africa/Bissau", + "/usr/share/zoneinfo/Africa/Blantyre", + "/usr/share/zoneinfo/Africa/Brazzaville", + "/usr/share/zoneinfo/Africa/Bujumbura", + "/usr/share/zoneinfo/Africa/Cairo", + "/usr/share/zoneinfo/Africa/Casablanca", + "/usr/share/zoneinfo/Africa/Ceuta", + "/usr/share/zoneinfo/Africa/Conakry", + "/usr/share/zoneinfo/Africa/Dakar", + "/usr/share/zoneinfo/Africa/Dar_es_Salaam", + "/usr/share/zoneinfo/Africa/Djibouti", + "/usr/share/zoneinfo/Africa/Douala", + "/usr/share/zoneinfo/Africa/El_Aaiun", + "/usr/share/zoneinfo/Africa/Freetown", + "/usr/share/zoneinfo/Africa/Gaborone", + "/usr/share/zoneinfo/Africa/Harare", + "/usr/share/zoneinfo/Africa/Johannesburg", + "/usr/share/zoneinfo/Africa/Juba", + "/usr/share/zoneinfo/Africa/Kampala", + "/usr/share/zoneinfo/Africa/Khartoum", + "/usr/share/zoneinfo/Africa/Kigali", + "/usr/share/zoneinfo/Africa/Kinshasa", + "/usr/share/zoneinfo/Africa/Lagos", + "/usr/share/zoneinfo/Africa/Libreville", + "/usr/share/zoneinfo/Africa/Lome", + "/usr/share/zoneinfo/Africa/Luanda", + "/usr/share/zoneinfo/Africa/Lubumbashi", + "/usr/share/zoneinfo/Africa/Lusaka", + "/usr/share/zoneinfo/Africa/Malabo", + "/usr/share/zoneinfo/Africa/Maputo", + "/usr/share/zoneinfo/Africa/Maseru", + "/usr/share/zoneinfo/Africa/Mbabane", + "/usr/share/zoneinfo/Africa/Mogadishu", + "/usr/share/zoneinfo/Africa/Monrovia", + "/usr/share/zoneinfo/Africa/Nairobi", + "/usr/share/zoneinfo/Africa/Ndjamena", + "/usr/share/zoneinfo/Africa/Niamey", + "/usr/share/zoneinfo/Africa/Nouakchott", + "/usr/share/zoneinfo/Africa/Ouagadougou", + "/usr/share/zoneinfo/Africa/Porto-Novo", + "/usr/share/zoneinfo/Africa/Sao_Tome", + "/usr/share/zoneinfo/Africa/Tripoli", + "/usr/share/zoneinfo/Africa/Tunis", + "/usr/share/zoneinfo/Africa/Windhoek", + "/usr/share/zoneinfo/America/Adak", + "/usr/share/zoneinfo/America/Anchorage", + "/usr/share/zoneinfo/America/Anguilla", + "/usr/share/zoneinfo/America/Antigua", + "/usr/share/zoneinfo/America/Araguaina", + "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", + "/usr/share/zoneinfo/America/Argentina/Catamarca", + "/usr/share/zoneinfo/America/Argentina/Cordoba", + "/usr/share/zoneinfo/America/Argentina/Jujuy", + "/usr/share/zoneinfo/America/Argentina/La_Rioja", + "/usr/share/zoneinfo/America/Argentina/Mendoza", + "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", + "/usr/share/zoneinfo/America/Argentina/Salta", + "/usr/share/zoneinfo/America/Argentina/San_Juan", + "/usr/share/zoneinfo/America/Argentina/San_Luis", + "/usr/share/zoneinfo/America/Argentina/Tucuman", + "/usr/share/zoneinfo/America/Argentina/Ushuaia", + "/usr/share/zoneinfo/America/Aruba", + "/usr/share/zoneinfo/America/Asuncion", + "/usr/share/zoneinfo/America/Atikokan", + "/usr/share/zoneinfo/America/Bahia", + "/usr/share/zoneinfo/America/Bahia_Banderas", + "/usr/share/zoneinfo/America/Barbados", + "/usr/share/zoneinfo/America/Belem", + "/usr/share/zoneinfo/America/Belize", + "/usr/share/zoneinfo/America/Blanc-Sablon", + "/usr/share/zoneinfo/America/Boa_Vista", + "/usr/share/zoneinfo/America/Bogota", + "/usr/share/zoneinfo/America/Boise", + "/usr/share/zoneinfo/America/Cambridge_Bay", + "/usr/share/zoneinfo/America/Campo_Grande", + "/usr/share/zoneinfo/America/Cancun", + "/usr/share/zoneinfo/America/Caracas", + "/usr/share/zoneinfo/America/Cayenne", + "/usr/share/zoneinfo/America/Cayman", + "/usr/share/zoneinfo/America/Chicago", + "/usr/share/zoneinfo/America/Chihuahua", + "/usr/share/zoneinfo/America/Ciudad_Juarez", + "/usr/share/zoneinfo/America/Costa_Rica", + "/usr/share/zoneinfo/America/Creston", + "/usr/share/zoneinfo/America/Cuiaba", + "/usr/share/zoneinfo/America/Curacao", + "/usr/share/zoneinfo/America/Danmarkshavn", + "/usr/share/zoneinfo/America/Dawson", + "/usr/share/zoneinfo/America/Dawson_Creek", + "/usr/share/zoneinfo/America/Denver", + "/usr/share/zoneinfo/America/Detroit", + "/usr/share/zoneinfo/America/Dominica", + "/usr/share/zoneinfo/America/Edmonton", + "/usr/share/zoneinfo/America/Eirunepe", + "/usr/share/zoneinfo/America/El_Salvador", + "/usr/share/zoneinfo/America/Fort_Nelson", + "/usr/share/zoneinfo/America/Fortaleza", + "/usr/share/zoneinfo/America/Glace_Bay", + "/usr/share/zoneinfo/America/Goose_Bay", + "/usr/share/zoneinfo/America/Grand_Turk", + "/usr/share/zoneinfo/America/Grenada", + "/usr/share/zoneinfo/America/Guadeloupe", + "/usr/share/zoneinfo/America/Guatemala", + "/usr/share/zoneinfo/America/Guayaquil", + "/usr/share/zoneinfo/America/Guyana", + "/usr/share/zoneinfo/America/Halifax", + "/usr/share/zoneinfo/America/Havana", + "/usr/share/zoneinfo/America/Hermosillo", + "/usr/share/zoneinfo/America/Indiana/Indianapolis", + "/usr/share/zoneinfo/America/Indiana/Knox", + "/usr/share/zoneinfo/America/Indiana/Marengo", + "/usr/share/zoneinfo/America/Indiana/Petersburg", + "/usr/share/zoneinfo/America/Indiana/Tell_City", + "/usr/share/zoneinfo/America/Indiana/Vevay", + "/usr/share/zoneinfo/America/Indiana/Vincennes", + "/usr/share/zoneinfo/America/Indiana/Winamac", + "/usr/share/zoneinfo/America/Inuvik", + "/usr/share/zoneinfo/America/Iqaluit", + "/usr/share/zoneinfo/America/Jamaica", + "/usr/share/zoneinfo/America/Juneau", + "/usr/share/zoneinfo/America/Kentucky/Louisville", + "/usr/share/zoneinfo/America/Kentucky/Monticello", + "/usr/share/zoneinfo/America/La_Paz", + "/usr/share/zoneinfo/America/Lima", + "/usr/share/zoneinfo/America/Los_Angeles", + "/usr/share/zoneinfo/America/Maceio", + "/usr/share/zoneinfo/America/Managua", + "/usr/share/zoneinfo/America/Manaus", + "/usr/share/zoneinfo/America/Martinique", + "/usr/share/zoneinfo/America/Matamoros", + "/usr/share/zoneinfo/America/Mazatlan", + "/usr/share/zoneinfo/America/Menominee", + "/usr/share/zoneinfo/America/Merida", + "/usr/share/zoneinfo/America/Metlakatla", + "/usr/share/zoneinfo/America/Mexico_City", + "/usr/share/zoneinfo/America/Miquelon", + "/usr/share/zoneinfo/America/Moncton", + "/usr/share/zoneinfo/America/Monterrey", + "/usr/share/zoneinfo/America/Montevideo", + "/usr/share/zoneinfo/America/Montserrat", + "/usr/share/zoneinfo/America/Nassau", + "/usr/share/zoneinfo/America/New_York", + "/usr/share/zoneinfo/America/Nome", + "/usr/share/zoneinfo/America/Noronha", + "/usr/share/zoneinfo/America/North_Dakota/Beulah", + "/usr/share/zoneinfo/America/North_Dakota/Center", + "/usr/share/zoneinfo/America/North_Dakota/New_Salem", + "/usr/share/zoneinfo/America/Nuuk", + "/usr/share/zoneinfo/America/Ojinaga", + "/usr/share/zoneinfo/America/Panama", + "/usr/share/zoneinfo/America/Paramaribo", + "/usr/share/zoneinfo/America/Phoenix", + "/usr/share/zoneinfo/America/Port-au-Prince", + "/usr/share/zoneinfo/America/Port_of_Spain", + "/usr/share/zoneinfo/America/Porto_Velho", + "/usr/share/zoneinfo/America/Puerto_Rico", + "/usr/share/zoneinfo/America/Punta_Arenas", + "/usr/share/zoneinfo/America/Rankin_Inlet", + "/usr/share/zoneinfo/America/Recife", + "/usr/share/zoneinfo/America/Regina", + "/usr/share/zoneinfo/America/Resolute", + "/usr/share/zoneinfo/America/Rio_Branco", + "/usr/share/zoneinfo/America/Santarem", + "/usr/share/zoneinfo/America/Santiago", + "/usr/share/zoneinfo/America/Santo_Domingo", + "/usr/share/zoneinfo/America/Sao_Paulo", + "/usr/share/zoneinfo/America/Scoresbysund", + "/usr/share/zoneinfo/America/Sitka", + "/usr/share/zoneinfo/America/St_Johns", + "/usr/share/zoneinfo/America/St_Kitts", + "/usr/share/zoneinfo/America/St_Lucia", + "/usr/share/zoneinfo/America/St_Thomas", + "/usr/share/zoneinfo/America/St_Vincent", + "/usr/share/zoneinfo/America/Swift_Current", + "/usr/share/zoneinfo/America/Tegucigalpa", + "/usr/share/zoneinfo/America/Thule", + "/usr/share/zoneinfo/America/Tijuana", + "/usr/share/zoneinfo/America/Toronto", + "/usr/share/zoneinfo/America/Tortola", + "/usr/share/zoneinfo/America/Vancouver", + "/usr/share/zoneinfo/America/Whitehorse", + "/usr/share/zoneinfo/America/Winnipeg", + "/usr/share/zoneinfo/America/Yakutat", + "/usr/share/zoneinfo/Antarctica/Casey", + "/usr/share/zoneinfo/Antarctica/Davis", + "/usr/share/zoneinfo/Antarctica/DumontDUrville", + "/usr/share/zoneinfo/Antarctica/Macquarie", + "/usr/share/zoneinfo/Antarctica/Mawson", + "/usr/share/zoneinfo/Antarctica/McMurdo", + "/usr/share/zoneinfo/Antarctica/Palmer", + "/usr/share/zoneinfo/Antarctica/Rothera", + "/usr/share/zoneinfo/Antarctica/Syowa", + "/usr/share/zoneinfo/Antarctica/Troll", + "/usr/share/zoneinfo/Antarctica/Vostok", + "/usr/share/zoneinfo/Asia/Aden", + "/usr/share/zoneinfo/Asia/Almaty", + "/usr/share/zoneinfo/Asia/Amman", + "/usr/share/zoneinfo/Asia/Anadyr", + "/usr/share/zoneinfo/Asia/Aqtau", + "/usr/share/zoneinfo/Asia/Aqtobe", + "/usr/share/zoneinfo/Asia/Ashgabat", + "/usr/share/zoneinfo/Asia/Atyrau", + "/usr/share/zoneinfo/Asia/Baghdad", + "/usr/share/zoneinfo/Asia/Bahrain", + "/usr/share/zoneinfo/Asia/Baku", + "/usr/share/zoneinfo/Asia/Bangkok", + "/usr/share/zoneinfo/Asia/Barnaul", + "/usr/share/zoneinfo/Asia/Beirut", + "/usr/share/zoneinfo/Asia/Bishkek", + "/usr/share/zoneinfo/Asia/Brunei", + "/usr/share/zoneinfo/Asia/Chita", + "/usr/share/zoneinfo/Asia/Choibalsan", + "/usr/share/zoneinfo/Asia/Colombo", + "/usr/share/zoneinfo/Asia/Damascus", + "/usr/share/zoneinfo/Asia/Dhaka", + "/usr/share/zoneinfo/Asia/Dili", + "/usr/share/zoneinfo/Asia/Dubai", + "/usr/share/zoneinfo/Asia/Dushanbe", + "/usr/share/zoneinfo/Asia/Famagusta", + "/usr/share/zoneinfo/Asia/Gaza", + "/usr/share/zoneinfo/Asia/Hebron", + "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", + "/usr/share/zoneinfo/Asia/Hong_Kong", + "/usr/share/zoneinfo/Asia/Hovd", + "/usr/share/zoneinfo/Asia/Irkutsk", + "/usr/share/zoneinfo/Asia/Jakarta", + "/usr/share/zoneinfo/Asia/Jayapura", + "/usr/share/zoneinfo/Asia/Jerusalem", + "/usr/share/zoneinfo/Asia/Kabul", + "/usr/share/zoneinfo/Asia/Kamchatka", + "/usr/share/zoneinfo/Asia/Karachi", + "/usr/share/zoneinfo/Asia/Kathmandu", + "/usr/share/zoneinfo/Asia/Khandyga", + "/usr/share/zoneinfo/Asia/Kolkata", + "/usr/share/zoneinfo/Asia/Krasnoyarsk", + "/usr/share/zoneinfo/Asia/Kuala_Lumpur", + "/usr/share/zoneinfo/Asia/Kuching", + "/usr/share/zoneinfo/Asia/Kuwait", + "/usr/share/zoneinfo/Asia/Macau", + "/usr/share/zoneinfo/Asia/Magadan", + "/usr/share/zoneinfo/Asia/Makassar", + "/usr/share/zoneinfo/Asia/Manila", + "/usr/share/zoneinfo/Asia/Muscat", + "/usr/share/zoneinfo/Asia/Nicosia", + "/usr/share/zoneinfo/Asia/Novokuznetsk", + "/usr/share/zoneinfo/Asia/Novosibirsk", + "/usr/share/zoneinfo/Asia/Omsk", + "/usr/share/zoneinfo/Asia/Oral", + "/usr/share/zoneinfo/Asia/Phnom_Penh", + "/usr/share/zoneinfo/Asia/Pontianak", + "/usr/share/zoneinfo/Asia/Pyongyang", + "/usr/share/zoneinfo/Asia/Qatar", + "/usr/share/zoneinfo/Asia/Qostanay", + "/usr/share/zoneinfo/Asia/Qyzylorda", + "/usr/share/zoneinfo/Asia/Riyadh", + "/usr/share/zoneinfo/Asia/Sakhalin", + "/usr/share/zoneinfo/Asia/Samarkand", + "/usr/share/zoneinfo/Asia/Seoul", + "/usr/share/zoneinfo/Asia/Shanghai", + "/usr/share/zoneinfo/Asia/Singapore", + "/usr/share/zoneinfo/Asia/Srednekolymsk", + "/usr/share/zoneinfo/Asia/Taipei", + "/usr/share/zoneinfo/Asia/Tashkent", + "/usr/share/zoneinfo/Asia/Tbilisi", + "/usr/share/zoneinfo/Asia/Tehran", + "/usr/share/zoneinfo/Asia/Thimphu", + "/usr/share/zoneinfo/Asia/Tokyo", + "/usr/share/zoneinfo/Asia/Tomsk", + "/usr/share/zoneinfo/Asia/Ulaanbaatar", + "/usr/share/zoneinfo/Asia/Urumqi", + "/usr/share/zoneinfo/Asia/Ust-Nera", + "/usr/share/zoneinfo/Asia/Vientiane", + "/usr/share/zoneinfo/Asia/Vladivostok", + "/usr/share/zoneinfo/Asia/Yakutsk", + "/usr/share/zoneinfo/Asia/Yangon", + "/usr/share/zoneinfo/Asia/Yekaterinburg", + "/usr/share/zoneinfo/Asia/Yerevan", + "/usr/share/zoneinfo/Atlantic/Azores", + "/usr/share/zoneinfo/Atlantic/Bermuda", + "/usr/share/zoneinfo/Atlantic/Canary", + "/usr/share/zoneinfo/Atlantic/Cape_Verde", + "/usr/share/zoneinfo/Atlantic/Faroe", + "/usr/share/zoneinfo/Atlantic/Madeira", + "/usr/share/zoneinfo/Atlantic/Reykjavik", + "/usr/share/zoneinfo/Atlantic/South_Georgia", + "/usr/share/zoneinfo/Atlantic/St_Helena", + "/usr/share/zoneinfo/Atlantic/Stanley", + "/usr/share/zoneinfo/Australia/Adelaide", + "/usr/share/zoneinfo/Australia/Brisbane", + "/usr/share/zoneinfo/Australia/Broken_Hill", + "/usr/share/zoneinfo/Australia/Darwin", + "/usr/share/zoneinfo/Australia/Eucla", + "/usr/share/zoneinfo/Australia/Hobart", + "/usr/share/zoneinfo/Australia/Lindeman", + "/usr/share/zoneinfo/Australia/Lord_Howe", + "/usr/share/zoneinfo/Australia/Melbourne", + "/usr/share/zoneinfo/Australia/Perth", + "/usr/share/zoneinfo/Australia/Sydney", + "/usr/share/zoneinfo/CET", + "/usr/share/zoneinfo/CST6CDT", + "/usr/share/zoneinfo/EET", + "/usr/share/zoneinfo/EST", + "/usr/share/zoneinfo/EST5EDT", + "/usr/share/zoneinfo/Etc/GMT", + "/usr/share/zoneinfo/Etc/GMT+1", + "/usr/share/zoneinfo/Etc/GMT+10", + "/usr/share/zoneinfo/Etc/GMT+11", + "/usr/share/zoneinfo/Etc/GMT+12", + "/usr/share/zoneinfo/Etc/GMT+2", + "/usr/share/zoneinfo/Etc/GMT+3", + "/usr/share/zoneinfo/Etc/GMT+4", + "/usr/share/zoneinfo/Etc/GMT+5", + "/usr/share/zoneinfo/Etc/GMT+6", + "/usr/share/zoneinfo/Etc/GMT+7", + "/usr/share/zoneinfo/Etc/GMT+8", + "/usr/share/zoneinfo/Etc/GMT+9", + "/usr/share/zoneinfo/Etc/GMT-1", + "/usr/share/zoneinfo/Etc/GMT-10", + "/usr/share/zoneinfo/Etc/GMT-11", + "/usr/share/zoneinfo/Etc/GMT-12", + "/usr/share/zoneinfo/Etc/GMT-13", + "/usr/share/zoneinfo/Etc/GMT-14", + "/usr/share/zoneinfo/Etc/GMT-2", + "/usr/share/zoneinfo/Etc/GMT-3", + "/usr/share/zoneinfo/Etc/GMT-4", + "/usr/share/zoneinfo/Etc/GMT-5", + "/usr/share/zoneinfo/Etc/GMT-6", + "/usr/share/zoneinfo/Etc/GMT-7", + "/usr/share/zoneinfo/Etc/GMT-8", + "/usr/share/zoneinfo/Etc/GMT-9", + "/usr/share/zoneinfo/Etc/UTC", + "/usr/share/zoneinfo/Europe/Amsterdam", + "/usr/share/zoneinfo/Europe/Andorra", + "/usr/share/zoneinfo/Europe/Astrakhan", + "/usr/share/zoneinfo/Europe/Athens", + "/usr/share/zoneinfo/Europe/Belgrade", + "/usr/share/zoneinfo/Europe/Berlin", + "/usr/share/zoneinfo/Europe/Brussels", + "/usr/share/zoneinfo/Europe/Bucharest", + "/usr/share/zoneinfo/Europe/Budapest", + "/usr/share/zoneinfo/Europe/Chisinau", + "/usr/share/zoneinfo/Europe/Copenhagen", + "/usr/share/zoneinfo/Europe/Dublin", + "/usr/share/zoneinfo/Europe/Gibraltar", + "/usr/share/zoneinfo/Europe/Guernsey", + "/usr/share/zoneinfo/Europe/Helsinki", + "/usr/share/zoneinfo/Europe/Isle_of_Man", + "/usr/share/zoneinfo/Europe/Istanbul", + "/usr/share/zoneinfo/Europe/Jersey", + "/usr/share/zoneinfo/Europe/Kaliningrad", + "/usr/share/zoneinfo/Europe/Kirov", + "/usr/share/zoneinfo/Europe/Kyiv", + "/usr/share/zoneinfo/Europe/Lisbon", + "/usr/share/zoneinfo/Europe/Ljubljana", + "/usr/share/zoneinfo/Europe/London", + "/usr/share/zoneinfo/Europe/Luxembourg", + "/usr/share/zoneinfo/Europe/Madrid", + "/usr/share/zoneinfo/Europe/Malta", + "/usr/share/zoneinfo/Europe/Minsk", + "/usr/share/zoneinfo/Europe/Monaco", + "/usr/share/zoneinfo/Europe/Moscow", + "/usr/share/zoneinfo/Europe/Oslo", + "/usr/share/zoneinfo/Europe/Paris", + "/usr/share/zoneinfo/Europe/Prague", + "/usr/share/zoneinfo/Europe/Riga", + "/usr/share/zoneinfo/Europe/Rome", + "/usr/share/zoneinfo/Europe/Samara", + "/usr/share/zoneinfo/Europe/Sarajevo", + "/usr/share/zoneinfo/Europe/Saratov", + "/usr/share/zoneinfo/Europe/Simferopol", + "/usr/share/zoneinfo/Europe/Skopje", + "/usr/share/zoneinfo/Europe/Sofia", + "/usr/share/zoneinfo/Europe/Stockholm", + "/usr/share/zoneinfo/Europe/Tallinn", + "/usr/share/zoneinfo/Europe/Tirane", + "/usr/share/zoneinfo/Europe/Ulyanovsk", + "/usr/share/zoneinfo/Europe/Vaduz", + "/usr/share/zoneinfo/Europe/Vienna", + "/usr/share/zoneinfo/Europe/Vilnius", + "/usr/share/zoneinfo/Europe/Volgograd", + "/usr/share/zoneinfo/Europe/Warsaw", + "/usr/share/zoneinfo/Europe/Zagreb", + "/usr/share/zoneinfo/Europe/Zurich", + "/usr/share/zoneinfo/Factory", + "/usr/share/zoneinfo/HST", + "/usr/share/zoneinfo/Indian/Antananarivo", + "/usr/share/zoneinfo/Indian/Chagos", + "/usr/share/zoneinfo/Indian/Christmas", + "/usr/share/zoneinfo/Indian/Cocos", + "/usr/share/zoneinfo/Indian/Comoro", + "/usr/share/zoneinfo/Indian/Kerguelen", + "/usr/share/zoneinfo/Indian/Mahe", + "/usr/share/zoneinfo/Indian/Maldives", + "/usr/share/zoneinfo/Indian/Mauritius", + "/usr/share/zoneinfo/Indian/Mayotte", + "/usr/share/zoneinfo/Indian/Reunion", + "/usr/share/zoneinfo/MET", + "/usr/share/zoneinfo/MST", + "/usr/share/zoneinfo/MST7MDT", + "/usr/share/zoneinfo/PST8PDT", + "/usr/share/zoneinfo/Pacific/Apia", + "/usr/share/zoneinfo/Pacific/Auckland", + "/usr/share/zoneinfo/Pacific/Bougainville", + "/usr/share/zoneinfo/Pacific/Chatham", + "/usr/share/zoneinfo/Pacific/Chuuk", + "/usr/share/zoneinfo/Pacific/Easter", + "/usr/share/zoneinfo/Pacific/Efate", + "/usr/share/zoneinfo/Pacific/Fakaofo", + "/usr/share/zoneinfo/Pacific/Fiji", + "/usr/share/zoneinfo/Pacific/Funafuti", + "/usr/share/zoneinfo/Pacific/Galapagos", + "/usr/share/zoneinfo/Pacific/Gambier", + "/usr/share/zoneinfo/Pacific/Guadalcanal", + "/usr/share/zoneinfo/Pacific/Guam", + "/usr/share/zoneinfo/Pacific/Honolulu", + "/usr/share/zoneinfo/Pacific/Kanton", + "/usr/share/zoneinfo/Pacific/Kiritimati", + "/usr/share/zoneinfo/Pacific/Kosrae", + "/usr/share/zoneinfo/Pacific/Kwajalein", + "/usr/share/zoneinfo/Pacific/Majuro", + "/usr/share/zoneinfo/Pacific/Marquesas", + "/usr/share/zoneinfo/Pacific/Midway", + "/usr/share/zoneinfo/Pacific/Nauru", + "/usr/share/zoneinfo/Pacific/Niue", + "/usr/share/zoneinfo/Pacific/Norfolk", + "/usr/share/zoneinfo/Pacific/Noumea", + "/usr/share/zoneinfo/Pacific/Pago_Pago", + "/usr/share/zoneinfo/Pacific/Palau", + "/usr/share/zoneinfo/Pacific/Pitcairn", + "/usr/share/zoneinfo/Pacific/Pohnpei", + "/usr/share/zoneinfo/Pacific/Port_Moresby", + "/usr/share/zoneinfo/Pacific/Rarotonga", + "/usr/share/zoneinfo/Pacific/Saipan", + "/usr/share/zoneinfo/Pacific/Tahiti", + "/usr/share/zoneinfo/Pacific/Tarawa", + "/usr/share/zoneinfo/Pacific/Tongatapu", + "/usr/share/zoneinfo/Pacific/Wake", + "/usr/share/zoneinfo/Pacific/Wallis", + "/usr/share/zoneinfo/WET", + "/usr/share/zoneinfo/iso3166.tab", + "/usr/share/zoneinfo/leap-seconds.list", + "/usr/share/zoneinfo/leapseconds", + "/usr/share/zoneinfo/tzdata.zi", + "/usr/share/zoneinfo/zone.tab", + "/usr/share/zoneinfo/zone1970.tab", + "/usr/share/zoneinfo/zonenow.tab" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "ubuntu-keyring@2021.03.26", + "Name": "ubuntu-keyring", + "Identifier": { + "PURL": "pkg:deb/ubuntu/ubuntu-keyring@2021.03.26?arch=all\u0026distro=ubuntu-23.10", + "UID": "ed65333322cf716c" + }, + "Version": "2021.03.26", + "Arch": "all", + "SrcName": "ubuntu-keyring", + "SrcVersion": "2021.03.26", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Dimitri John Ledkov \u003cdimitri.ledkov@canonical.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg", + "/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg", + "/usr/share/doc/ubuntu-keyring/changelog.gz", + "/usr/share/doc/ubuntu-keyring/copyright", + "/usr/share/keyrings/ubuntu-archive-keyring.gpg", + "/usr/share/keyrings/ubuntu-archive-removed-keys.gpg", + "/usr/share/keyrings/ubuntu-cloudimage-keyring.gpg", + "/usr/share/keyrings/ubuntu-cloudimage-removed-keys.gpg", + "/usr/share/keyrings/ubuntu-master-keyring.gpg" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "usrmerge@35ubuntu1", + "Name": "usrmerge", + "Identifier": { + "PURL": "pkg:deb/ubuntu/usrmerge@35ubuntu1?arch=all\u0026distro=ubuntu-23.10", + "UID": "f1f0ef19465d6c2c" + }, + "Version": "35ubuntu1", + "Arch": "all", + "SrcName": "usrmerge", + "SrcVersion": "35ubuntu1", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "perl-base@5.36.0-9ubuntu1.1" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/usr/lib/usrmerge/convert-etc-shells", + "/usr/lib/usrmerge/convert-usrmerge", + "/usr/lib/usrmerge/lib/Fatal.pm", + "/usr/lib/usrmerge/lib/File/Find.pm", + "/usr/lib/usrmerge/lib/File/Find/Rule.pm", + "/usr/lib/usrmerge/lib/Number/Compare.pm", + "/usr/lib/usrmerge/lib/Text/Glob.pm", + "/usr/lib/usrmerge/lib/Tie/RefHash.pm", + "/usr/lib/usrmerge/lib/autodie.pm", + "/usr/lib/usrmerge/lib/autodie/Scope/Guard.pm", + "/usr/lib/usrmerge/lib/autodie/Scope/GuardStack.pm", + "/usr/lib/usrmerge/lib/autodie/Util.pm", + "/usr/lib/usrmerge/lib/if.pm", + "/usr/share/doc/usrmerge/README.Debian", + "/usr/share/doc/usrmerge/changelog.gz", + "/usr/share/doc/usrmerge/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "util-linux@2.39.1-4ubuntu2.2", + "Name": "util-linux", + "Identifier": { + "PURL": "pkg:deb/ubuntu/util-linux@2.39.1-4ubuntu2.2?arch=amd64\u0026distro=ubuntu-23.10", + "UID": "8bb52e05aa89d483" + }, + "Version": "2.39.1", + "Release": "4ubuntu2.2", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.39.1", + "SrcRelease": "4ubuntu2.2", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "LGPL-2.1-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/bin/dmesg", + "/bin/findmnt", + "/bin/lsblk", + "/bin/more", + "/bin/mountpoint", + "/bin/su", + "/bin/wdctl", + "/lib/systemd/system/fstrim.service", + "/lib/systemd/system/fstrim.timer", + "/sbin/agetty", + "/sbin/blkdiscard", + "/sbin/blkid", + "/sbin/blkzone", + "/sbin/blockdev", + "/sbin/chcpu", + "/sbin/ctrlaltdel", + "/sbin/findfs", + "/sbin/fsck", + "/sbin/fsck.cramfs", + "/sbin/fsck.minix", + "/sbin/fsfreeze", + "/sbin/fstrim", + "/sbin/isosize", + "/sbin/mkfs", + "/sbin/mkfs.bfs", + "/sbin/mkfs.cramfs", + "/sbin/mkfs.minix", + "/sbin/mkswap", + "/sbin/pivot_root", + "/sbin/runuser", + "/sbin/sulogin", + "/sbin/swaplabel", + "/sbin/switch_root", + "/sbin/wipefs", + "/sbin/zramctl", + "/usr/bin/addpart", + "/usr/bin/choom", + "/usr/bin/chrt", + "/usr/bin/delpart", + "/usr/bin/fallocate", + "/usr/bin/flock", + "/usr/bin/getopt", + "/usr/bin/hardlink", + "/usr/bin/ionice", + "/usr/bin/ipcmk", + "/usr/bin/ipcrm", + "/usr/bin/ipcs", + "/usr/bin/last", + "/usr/bin/lscpu", + "/usr/bin/lsipc", + "/usr/bin/lslocks", + "/usr/bin/lslogins", + "/usr/bin/lsmem", + "/usr/bin/lsns", + "/usr/bin/mcookie", + "/usr/bin/mesg", + "/usr/bin/namei", + "/usr/bin/nsenter", + "/usr/bin/partx", + "/usr/bin/prlimit", + "/usr/bin/rename.ul", + "/usr/bin/resizepart", + "/usr/bin/rev", + "/usr/bin/setarch", + "/usr/bin/setpriv", + "/usr/bin/setsid", + "/usr/bin/setterm", + "/usr/bin/taskset", + "/usr/bin/uclampset", + "/usr/bin/unshare", + "/usr/bin/utmpdump", + "/usr/bin/whereis", + "/usr/lib/mime/packages/util-linux", + "/usr/sbin/chmem", + "/usr/sbin/ldattach", + "/usr/sbin/readprofile", + "/usr/sbin/rtcwake", + "/usr/share/bash-completion/completions/addpart", + "/usr/share/bash-completion/completions/blkdiscard", + "/usr/share/bash-completion/completions/blkid", + "/usr/share/bash-completion/completions/blkzone", + "/usr/share/bash-completion/completions/blockdev", + "/usr/share/bash-completion/completions/chcpu", + "/usr/share/bash-completion/completions/chmem", + "/usr/share/bash-completion/completions/chrt", + "/usr/share/bash-completion/completions/ctrlaltdel", + "/usr/share/bash-completion/completions/delpart", + "/usr/share/bash-completion/completions/dmesg", + "/usr/share/bash-completion/completions/fallocate", + "/usr/share/bash-completion/completions/findfs", + "/usr/share/bash-completion/completions/findmnt", + "/usr/share/bash-completion/completions/flock", + "/usr/share/bash-completion/completions/fsck", + "/usr/share/bash-completion/completions/fsck.cramfs", + "/usr/share/bash-completion/completions/fsck.minix", + "/usr/share/bash-completion/completions/fsfreeze", + "/usr/share/bash-completion/completions/fstrim", + "/usr/share/bash-completion/completions/getopt", + "/usr/share/bash-completion/completions/hardlink", + "/usr/share/bash-completion/completions/ionice", + "/usr/share/bash-completion/completions/ipcmk", + "/usr/share/bash-completion/completions/ipcrm", + "/usr/share/bash-completion/completions/ipcs", + "/usr/share/bash-completion/completions/isosize", + "/usr/share/bash-completion/completions/last", + "/usr/share/bash-completion/completions/ldattach", + "/usr/share/bash-completion/completions/lsblk", + "/usr/share/bash-completion/completions/lscpu", + "/usr/share/bash-completion/completions/lsipc", + "/usr/share/bash-completion/completions/lslocks", + "/usr/share/bash-completion/completions/lslogins", + "/usr/share/bash-completion/completions/lsmem", + "/usr/share/bash-completion/completions/lsns", + "/usr/share/bash-completion/completions/mcookie", + "/usr/share/bash-completion/completions/mesg", + "/usr/share/bash-completion/completions/mkfs", + "/usr/share/bash-completion/completions/mkfs.bfs", + "/usr/share/bash-completion/completions/mkfs.cramfs", + "/usr/share/bash-completion/completions/mkfs.minix", + "/usr/share/bash-completion/completions/mkswap", + "/usr/share/bash-completion/completions/more", + "/usr/share/bash-completion/completions/mountpoint", + "/usr/share/bash-completion/completions/namei", + "/usr/share/bash-completion/completions/nsenter", + "/usr/share/bash-completion/completions/partx", + "/usr/share/bash-completion/completions/pivot_root", + "/usr/share/bash-completion/completions/prlimit", + "/usr/share/bash-completion/completions/readprofile", + "/usr/share/bash-completion/completions/resizepart", + "/usr/share/bash-completion/completions/rev", + "/usr/share/bash-completion/completions/rtcwake", + "/usr/share/bash-completion/completions/setarch", + "/usr/share/bash-completion/completions/setpriv", + "/usr/share/bash-completion/completions/setsid", + "/usr/share/bash-completion/completions/setterm", + "/usr/share/bash-completion/completions/su", + "/usr/share/bash-completion/completions/swaplabel", + "/usr/share/bash-completion/completions/taskset", + "/usr/share/bash-completion/completions/uclampset", + "/usr/share/bash-completion/completions/unshare", + "/usr/share/bash-completion/completions/utmpdump", + "/usr/share/bash-completion/completions/wdctl", + "/usr/share/bash-completion/completions/whereis", + "/usr/share/bash-completion/completions/wipefs", + "/usr/share/bash-completion/completions/zramctl", + "/usr/share/doc/util-linux/00-about-docs.txt", + "/usr/share/doc/util-linux/AUTHORS.gz", + "/usr/share/doc/util-linux/PAM-configuration.txt", + "/usr/share/doc/util-linux/README.Debian", + "/usr/share/doc/util-linux/blkid.txt", + "/usr/share/doc/util-linux/cal.txt", + "/usr/share/doc/util-linux/col.txt", + "/usr/share/doc/util-linux/copyright", + "/usr/share/doc/util-linux/deprecated.txt", + "/usr/share/doc/util-linux/examples/getopt-example.bash", + "/usr/share/doc/util-linux/examples/getopt-example.tcsh", + "/usr/share/doc/util-linux/getopt.txt", + "/usr/share/doc/util-linux/getopt_changelog.txt", + "/usr/share/doc/util-linux/howto-build-sys.txt", + "/usr/share/doc/util-linux/howto-compilation.txt", + "/usr/share/doc/util-linux/howto-contribute.txt.gz", + "/usr/share/doc/util-linux/howto-debug.txt", + "/usr/share/doc/util-linux/howto-man-page.txt", + "/usr/share/doc/util-linux/howto-pull-request.txt.gz", + "/usr/share/doc/util-linux/howto-tests.txt", + "/usr/share/doc/util-linux/howto-usage-function.txt.gz", + "/usr/share/doc/util-linux/hwclock.txt", + "/usr/share/doc/util-linux/modems-with-agetty.txt", + "/usr/share/doc/util-linux/mount.txt", + "/usr/share/doc/util-linux/parse-date.txt.gz", + "/usr/share/doc/util-linux/pg.txt", + "/usr/share/doc/util-linux/poeigl.txt.gz", + "/usr/share/doc/util-linux/release-schedule.txt", + "/usr/share/doc/util-linux/releases/v2.13-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.14-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.15-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.16-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.17-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.18-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.19-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.20-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.21-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.22-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.23-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.24-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.25-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.26-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.27-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.28-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.29-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.30-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.31-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.32-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.33-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.34-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.35-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.36-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.37-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.38-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.39-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.39.1-ReleaseNotes.gz", + "/usr/share/lintian/overrides/util-linux", + "/usr/share/man/man1/choom.1.gz", + "/usr/share/man/man1/chrt.1.gz", + "/usr/share/man/man1/dmesg.1.gz", + "/usr/share/man/man1/fallocate.1.gz", + "/usr/share/man/man1/flock.1.gz", + "/usr/share/man/man1/getopt.1.gz", + "/usr/share/man/man1/hardlink.1.gz", + "/usr/share/man/man1/ionice.1.gz", + "/usr/share/man/man1/ipcmk.1.gz", + "/usr/share/man/man1/ipcrm.1.gz", + "/usr/share/man/man1/ipcs.1.gz", + "/usr/share/man/man1/last.1.gz", + "/usr/share/man/man1/lscpu.1.gz", + "/usr/share/man/man1/lsipc.1.gz", + "/usr/share/man/man1/lslogins.1.gz", + "/usr/share/man/man1/lsmem.1.gz", + "/usr/share/man/man1/mcookie.1.gz", + "/usr/share/man/man1/mesg.1.gz", + "/usr/share/man/man1/more.1.gz", + "/usr/share/man/man1/mountpoint.1.gz", + "/usr/share/man/man1/namei.1.gz", + "/usr/share/man/man1/nsenter.1.gz", + "/usr/share/man/man1/prlimit.1.gz", + "/usr/share/man/man1/rename.ul.1.gz", + "/usr/share/man/man1/rev.1.gz", + "/usr/share/man/man1/runuser.1.gz", + "/usr/share/man/man1/setpriv.1.gz", + "/usr/share/man/man1/setsid.1.gz", + "/usr/share/man/man1/setterm.1.gz", + "/usr/share/man/man1/su.1.gz", + "/usr/share/man/man1/taskset.1.gz", + "/usr/share/man/man1/uclampset.1.gz", + "/usr/share/man/man1/unshare.1.gz", + "/usr/share/man/man1/utmpdump.1.gz", + "/usr/share/man/man1/whereis.1.gz", + "/usr/share/man/man5/adjtime_config.5.gz", + "/usr/share/man/man5/terminal-colors.d.5.gz", + "/usr/share/man/man8/addpart.8.gz", + "/usr/share/man/man8/agetty.8.gz", + "/usr/share/man/man8/blkdiscard.8.gz", + "/usr/share/man/man8/blkid.8.gz", + "/usr/share/man/man8/blkzone.8.gz", + "/usr/share/man/man8/blockdev.8.gz", + "/usr/share/man/man8/chcpu.8.gz", + "/usr/share/man/man8/chmem.8.gz", + "/usr/share/man/man8/ctrlaltdel.8.gz", + "/usr/share/man/man8/delpart.8.gz", + "/usr/share/man/man8/findfs.8.gz", + "/usr/share/man/man8/findmnt.8.gz", + "/usr/share/man/man8/fsck.8.gz", + "/usr/share/man/man8/fsck.cramfs.8.gz", + "/usr/share/man/man8/fsck.minix.8.gz", + "/usr/share/man/man8/fsfreeze.8.gz", + "/usr/share/man/man8/fstrim.8.gz", + "/usr/share/man/man8/isosize.8.gz", + "/usr/share/man/man8/ldattach.8.gz", + "/usr/share/man/man8/lsblk.8.gz", + "/usr/share/man/man8/lslocks.8.gz", + "/usr/share/man/man8/lsns.8.gz", + "/usr/share/man/man8/mkfs.8.gz", + "/usr/share/man/man8/mkfs.bfs.8.gz", + "/usr/share/man/man8/mkfs.cramfs.8.gz", + "/usr/share/man/man8/mkfs.minix.8.gz", + "/usr/share/man/man8/mkswap.8.gz", + "/usr/share/man/man8/partx.8.gz", + "/usr/share/man/man8/pivot_root.8.gz", + "/usr/share/man/man8/readprofile.8.gz", + "/usr/share/man/man8/resizepart.8.gz", + "/usr/share/man/man8/rtcwake.8.gz", + "/usr/share/man/man8/setarch.8.gz", + "/usr/share/man/man8/sulogin.8.gz", + "/usr/share/man/man8/swaplabel.8.gz", + "/usr/share/man/man8/switch_root.8.gz", + "/usr/share/man/man8/wdctl.8.gz", + "/usr/share/man/man8/wipefs.8.gz", + "/usr/share/man/man8/zramctl.8.gz", + "/usr/share/util-linux/logcheck/ignore.d.server/util-linux" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "zlib1g@1:1.2.13.dfsg-1ubuntu5", + "Name": "zlib1g", + "Identifier": { + "PURL": "pkg:deb/ubuntu/zlib1g@1.2.13.dfsg-1ubuntu5?arch=amd64\u0026distro=ubuntu-23.10\u0026epoch=1", + "UID": "27b0bae609ffe633" + }, + "Version": "1.2.13.dfsg", + "Release": "1ubuntu5", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "zlib", + "SrcVersion": "1.2.13.dfsg", + "SrcRelease": "1ubuntu5", + "SrcEpoch": 1, + "Licenses": [ + "Zlib" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.38-1ubuntu6.3" + ], + "Layer": { + "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", + "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libz.so.1.2.13", + "/usr/share/doc/zlib1g/changelog.Debian.gz", + "/usr/share/doc/zlib1g/copyright" + ], + "AnalyzedBy": "dpkg" + } + ] + } + ] + }, + { + "Namespace": "mail", + "Kind": "Deployment", + "Name": "dovecot", + "Metadata": [ + { + "Size": 167236608, + "OS": { + "Family": "debian", + "Name": "13.4" + }, + "ImageID": "sha256:a3bb47681871d3bdd14dc31e6b134410199c1b29ee02b022706bab8d926a9ef9", + "DiffIDs": [ + "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99", + "sha256:e87034ddc3d44965bdc6c6fc008e810a9e0c611f47fa98617f8b4c0e04715a8d", + "sha256:638fbed063a686d6d4713769f7b9998f245700f3e04e1f22f5b0d881ec63ba39", + "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac", + "sha256:7dd813e9fcbc6b1f64ff6f7f0e77b395e6c1c5fee872452952c0d6f7a25b693c", + "sha256:f037e73b55e93f127e127f79dfb71b5916b8006b2f708eda5ca5137806600e1f", + "sha256:b8a6a2cb5ab9503fb00186b035ab1c08cdd3a47fdf85c4d035d86e0d4eeaf600", + "sha256:2fcf2b98475c2c7b51ed7a6ddce91e12f3f5f39054a795906bd003bf15eec0e4", + "sha256:abeeeea2bec24edc166ef52da37a169d5008932180c2e6f7d198e015e6ff3a6d", + "sha256:68d47cccb7f5793b88ffee6060ec2d83caef1a40d37686c61b8d02f90326f2e7", + "sha256:aa5f46fdedef8cd4e7c8dfdfca3b8352b558436782032a2ef958c1087d235bf8", + "sha256:8e4a2e57441bdbbcffae2aa3f79541e1b7464dd2fc7da1fd52b0b053e09bdf08", + "sha256:c3b33899724cc4679ba456aa71a8a94add23330d16c3d627b8b9e7661523b6bf", + "sha256:8d6e3163d361c31eff1e44e1ebe279f24def10d77c0862af1348c48bb0ecaf80" + ], + "RepoTags": [ + "dovecot/dovecot:latest" + ], + "RepoDigests": [ + "dovecot/dovecot@sha256:8da979a284cfea75af416ae710b7310b075f84736db5d1f31390e2dbdd41cd3e" + ], + "Reference": "dovecot/dovecot:latest", + "ImageConfig": { + "architecture": "amd64", + "created": "2026-05-12T19:37:52.861338678Z", + "history": [ + { + "created": "2026-05-05T00:00:00Z", + "created_by": "# debian.sh --arch 'amd64' out/ 'trixie' '@1777939200'", + "comment": "debuerreotype 0.17" + }, + { + "created": "2026-05-12T19:37:26.834036894Z", + "created_by": "LABEL org.opencontainers.image.authors=dovecot@dovecot.org", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:26.834036894Z", + "created_by": "ENV container=docker LC_ALL=C.UTF-8 TZ=UTC PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/dovecot/bin:/dovecot/sbin", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:26.834036894Z", + "created_by": "ENV DEBIAN_FRONTEND=noninteractive", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:26.834036894Z", + "created_by": "ARG VMAIL_UID=1000", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:26.834036894Z", + "created_by": "ARG VMAIL_GID=1000", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:26.834036894Z", + "created_by": "ARG CONFIG_VERSION=1.0.0", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:26.834036894Z", + "created_by": "COPY /dovecot /dovecot # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-12T19:37:26.938817835Z", + "created_by": "ADD config/1.0.0/dovecot-lib.conf /etc/ld.so.conf.d/dovecot-lib.conf # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-12T19:37:34.683526256Z", + "created_by": "RUN |3 VMAIL_UID=1000 VMAIL_GID=1000 CONFIG_VERSION=1.0.0 /bin/sh -c apt-get -y update \u0026\u0026 apt-get -y install --no-install-recommends tini pkg-config ssl-cert ucf libldap2 libldap-common openssl libsodium23 libbz2-1.0 libcrypt1 libexttextcat-2.0-0 libexttextcat-data liblua5.3-0 libpam-runtime libpam-modules-bin libpam-modules libpam0g lua-json lua-lpeg lua-posix liblz4-1 liblzma5 libssl3 libstemmer0d libtirpc3 libunwind8 libwrap0 libzstd1 zlib1g libgssapi-krb5-2 libkrb5-3 libxapian30 libmariadb3 libpq5 libexpat1 libsqlite3-0 libicu76 libcap2 libcap2-bin libsasl2-2 libsasl2-modules libpcre2-32-0 netcat-traditional ca-certificates \u0026\u0026 rm -rf /etc/dovecot \u0026\u0026 rm -rf /var/lib/apt/lists \u0026\u0026 groupadd -g $VMAIL_GID vmail \u0026\u0026 useradd -u $VMAIL_UID -g vmail -G ssl-cert -d /nonexistent -s /bin/sh vmail \u0026\u0026 passwd -l vmail \u0026\u0026 mkdir -p /run \u0026\u0026 chmod 1777 /run \u0026\u0026 mkdir /etc/dovecot \u0026\u0026 mkdir /etc/dovecot/vendor.d \u0026\u0026 mkdir /etc/dovecot/conf.d \u0026\u0026 mkdir /etc/dovecot/ssl \u0026\u0026 mkdir /srv/vmail -p \u0026\u0026 mkdir /var/lib/dovecot # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-12T19:37:34.70226157Z", + "created_by": "ADD config/1.0.0/auth.conf /etc/dovecot/conf.d/auth.conf # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-12T19:37:34.709685745Z", + "created_by": "ADD config/1.0.0/ssl.conf /etc/dovecot/conf.d/ssl.conf # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-12T19:37:34.716891961Z", + "created_by": "ADD config/1.0.0/fts.conf /etc/dovecot/conf.d/fts.conf # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-12T19:37:34.724067Z", + "created_by": "ADD config/1.0.0/mail.conf /etc/dovecot/conf.d/mail.conf # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-12T19:37:34.731010688Z", + "created_by": "ADD config/1.0.0/metrics.conf /etc/dovecot/conf.d/metrics.conf # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-12T19:37:34.738139978Z", + "created_by": "ADD config/1.0.0/mail_log.conf /etc/dovecot/conf.d/mail_log.conf # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-12T19:37:34.744527344Z", + "created_by": "ADD config/1.0.0/dovecot.conf /etc/dovecot/dovecot.conf # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-12T19:37:48.491773566Z", + "created_by": "USER root", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:48.491773566Z", + "created_by": "LABEL org.opencontainers.image.authors=dovecot@dovecot.org", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:48.491773566Z", + "created_by": "ENV container=docker LC_ALL=C.UTF-8 TZ=UTC PATH=/bin/sbin:/usr/bin:/usr/sbin:/dovecot/bin:/dovecot/sbin", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:48.491773566Z", + "created_by": "ENV DEBIAN_FRONTEND=noninteractive", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:48.491773566Z", + "created_by": "ARG CONFIG_VERSION=1.0.0", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:48.491773566Z", + "created_by": "RUN |1 CONFIG_VERSION=1.0.0 /bin/sh -c chown vmail:vmail /var/lib/dovecot \u0026\u0026 chown vmail:vmail /srv/vmail \u0026\u0026 chmod 0770 /var/lib/dovecot \u0026\u0026 chmod 0700 /srv/vmail \u0026\u0026 make-ssl-cert generate-default-snakeoil \u0026\u0026 ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/dovecot/ssl/tls.crt \u0026\u0026 ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/dovecot/ssl/tls.key \u0026\u0026 chown root:vmail /etc/dovecot/ssl/tls.key \u0026\u0026 chmod 0440 /etc/dovecot/ssl/tls.key \u0026\u0026 setcap cap_sys_chroot+ep /dovecot/libexec/dovecot/script-login \u0026\u0026 setcap cap_sys_chroot+ep /dovecot/libexec/dovecot/imap-urlauth-login \u0026\u0026 setcap cap_sys_chroot+ep /dovecot/libexec/dovecot/submission-login \u0026\u0026 setcap cap_sys_chroot+ep /dovecot/libexec/dovecot/managesieve-login \u0026\u0026 setcap cap_sys_chroot+ep /dovecot/libexec/dovecot/pop3-login \u0026\u0026 setcap cap_sys_chroot+ep /dovecot/libexec/dovecot/imap-login \u0026\u0026 setcap cap_sys_chroot+ep /dovecot/libexec/dovecot/lmtp \u0026\u0026 setcap cap_sys_chroot+ep /dovecot/libexec/dovecot/anvil \u0026\u0026 setcap cap_sys_chroot+ep /dovecot/libexec/dovecot/managesieve-login # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-12T19:37:48.500842582Z", + "created_by": "ADD config/1.0.0/rootless.conf /etc/dovecot/vendor.d/rootless.conf # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-12T19:37:48.500842582Z", + "created_by": "EXPOSE [31024/tcp]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:48.500842582Z", + "created_by": "EXPOSE [31110/tcp]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:48.500842582Z", + "created_by": "EXPOSE [31143/tcp]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:48.500842582Z", + "created_by": "EXPOSE [31587/tcp]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:48.500842582Z", + "created_by": "EXPOSE [31993/tcp]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:48.500842582Z", + "created_by": "EXPOSE [31995/tcp]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:48.500842582Z", + "created_by": "EXPOSE [34190/tcp]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:48.500842582Z", + "created_by": "EXPOSE [8080/tcp]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:48.500842582Z", + "created_by": "EXPOSE [9090/tcp]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:48.500842582Z", + "created_by": "USER vmail", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:48.500842582Z", + "created_by": "VOLUME [/srv/vmail]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:48.500842582Z", + "created_by": "ENTRYPOINT [\"/usr/bin/tini\" \"--\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:48.500842582Z", + "created_by": "CMD [\"/dovecot/sbin/dovecot\" \"-F\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:52.861338678Z", + "created_by": "LABEL org.opencontainers.image.authors=dovecot@dovecot.org", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:52.861338678Z", + "created_by": "ENV container=docker LC_ALL=C.UTF-8 TZ=UTC PATH=/bin/sbin:/usr/bin:/usr/sbin:/dovecot/bin:/dovecot/sbin:/dovecot/bin:/dovecot/sbin", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:52.861338678Z", + "created_by": "ENV DEBIAN_FRONTEND=noninteractive", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:52.861338678Z", + "created_by": "ARG CONFIG_VERSION=1.0.0", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:52.861338678Z", + "created_by": "USER root", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:52.861338678Z", + "created_by": "RUN |1 CONFIG_VERSION=1.0.0 /bin/sh -c apt remove --allow-remove-essential -yq bash pkg-config util-linux procps sensible-utils perl-base ncurses-bin gzip sed libcap2-bin \u0026\u0026 ln -srf /bin/true /usr/share/debconf/frontend \u0026\u0026 dpkg --remove --ignore-depends=dpkg --ignore-depends=base-files --force-remove-essential tar mawk \u0026\u0026 ln -srf /bin/true /bin/tar \u0026\u0026 dpkg --remove --force-remove-essential --force-depends apt sqv dpkg diffutils findutils init-system-helpers sysvinit-utils coreutils mount grep debian-utils libc-bin # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-12T19:37:52.861338678Z", + "created_by": "EXPOSE [31024/tcp]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:52.861338678Z", + "created_by": "EXPOSE [31110/tcp]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:52.861338678Z", + "created_by": "EXPOSE [31143/tcp]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:52.861338678Z", + "created_by": "EXPOSE [31587/tcp]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:52.861338678Z", + "created_by": "EXPOSE [31993/tcp]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:52.861338678Z", + "created_by": "EXPOSE [31995/tcp]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:52.861338678Z", + "created_by": "EXPOSE [34190/tcp]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:52.861338678Z", + "created_by": "EXPOSE [8080/tcp]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:52.861338678Z", + "created_by": "EXPOSE [9090/tcp]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:52.861338678Z", + "created_by": "USER vmail", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:52.861338678Z", + "created_by": "VOLUME [/srv/vmail]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:52.861338678Z", + "created_by": "ENTRYPOINT [\"/usr/bin/tini\" \"--\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-12T19:37:52.861338678Z", + "created_by": "CMD [\"/dovecot/sbin/dovecot\" \"-F\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99", + "sha256:e87034ddc3d44965bdc6c6fc008e810a9e0c611f47fa98617f8b4c0e04715a8d", + "sha256:638fbed063a686d6d4713769f7b9998f245700f3e04e1f22f5b0d881ec63ba39", + "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac", + "sha256:7dd813e9fcbc6b1f64ff6f7f0e77b395e6c1c5fee872452952c0d6f7a25b693c", + "sha256:f037e73b55e93f127e127f79dfb71b5916b8006b2f708eda5ca5137806600e1f", + "sha256:b8a6a2cb5ab9503fb00186b035ab1c08cdd3a47fdf85c4d035d86e0d4eeaf600", + "sha256:2fcf2b98475c2c7b51ed7a6ddce91e12f3f5f39054a795906bd003bf15eec0e4", + "sha256:abeeeea2bec24edc166ef52da37a169d5008932180c2e6f7d198e015e6ff3a6d", + "sha256:68d47cccb7f5793b88ffee6060ec2d83caef1a40d37686c61b8d02f90326f2e7", + "sha256:aa5f46fdedef8cd4e7c8dfdfca3b8352b558436782032a2ef958c1087d235bf8", + "sha256:8e4a2e57441bdbbcffae2aa3f79541e1b7464dd2fc7da1fd52b0b053e09bdf08", + "sha256:c3b33899724cc4679ba456aa71a8a94add23330d16c3d627b8b9e7661523b6bf", + "sha256:8d6e3163d361c31eff1e44e1ebe279f24def10d77c0862af1348c48bb0ecaf80" + ] + }, + "config": { + "Cmd": [ + "/dovecot/sbin/dovecot", + "-F" + ], + "Entrypoint": [ + "/usr/bin/tini", + "--" + ], + "Env": [ + "PATH=/bin/sbin:/usr/bin:/usr/sbin:/dovecot/bin:/dovecot/sbin:/dovecot/bin:/dovecot/sbin", + "container=docker", + "LC_ALL=C.UTF-8", + "TZ=UTC", + "DEBIAN_FRONTEND=noninteractive" + ], + "Labels": { + "org.opencontainers.image.authors": "dovecot@dovecot.org", + "org.opencontainers.image.description": "Dovecot IMAP server 2.4.4 running in confined mode", + "org.opencontainers.image.licenses": "CC-BY-SA-4.0", + "org.opencontainers.image.source": "https://github.com/dovecot/docker", + "org.opencontainers.image.title": "Dovecot IMAP server 2.4.4" + }, + "User": "vmail", + "Volumes": { + "/srv/vmail": {} + }, + "ExposedPorts": { + "31024/tcp": {}, + "31110/tcp": {}, + "31143/tcp": {}, + "31587/tcp": {}, + "31993/tcp": {}, + "31995/tcp": {}, + "34190/tcp": {}, + "8080/tcp": {}, + "9090/tcp": {} + }, + "ArgsEscaped": true + } + }, + "Layers": [ + { + "Size": 81039360, + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + { + "Size": 26336256, + "Digest": "sha256:8a7ff124c3ca490282b28e94b95c5e180ae5cd11f1699b0c4793cf9349707cec", + "DiffID": "sha256:e87034ddc3d44965bdc6c6fc008e810a9e0c611f47fa98617f8b4c0e04715a8d" + }, + { + "Size": 3072, + "Digest": "sha256:70d914bf585080909c35015e7cd0706746b578967788bd670994b46f453cbf41", + "DiffID": "sha256:638fbed063a686d6d4713769f7b9998f245700f3e04e1f22f5b0d881ec63ba39" + }, + { + "Size": 58836992, + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + { + "Size": 3584, + "Digest": "sha256:2e59565e4d3c17bd7fff07dfb2152195aaba50983f4a54405a272ecef17bca09", + "DiffID": "sha256:7dd813e9fcbc6b1f64ff6f7f0e77b395e6c1c5fee872452952c0d6f7a25b693c" + }, + { + "Size": 3584, + "Digest": "sha256:a1685168e8f104f02f5d0bbf2089d9dfc7e12faacc84dfd83dcc359c0cc748ae", + "DiffID": "sha256:f037e73b55e93f127e127f79dfb71b5916b8006b2f708eda5ca5137806600e1f" + }, + { + "Size": 3584, + "Digest": "sha256:8675a10f66d84812bc6e1b0fe0ccac9f78cb1d53af5c3a8c63c8215aea0cceb9", + "DiffID": "sha256:b8a6a2cb5ab9503fb00186b035ab1c08cdd3a47fdf85c4d035d86e0d4eeaf600" + }, + { + "Size": 3584, + "Digest": "sha256:c32f35a41a1051482347c0b386af4d3fd5cc36a989b1ca5f6a7f02708da66cd0", + "DiffID": "sha256:2fcf2b98475c2c7b51ed7a6ddce91e12f3f5f39054a795906bd003bf15eec0e4" + }, + { + "Size": 4608, + "Digest": "sha256:eebc3c0f00169719a9a4076187b7e7e0d8bdc1fe938a6d3c0f7ce3a909cf4393", + "DiffID": "sha256:abeeeea2bec24edc166ef52da37a169d5008932180c2e6f7d198e015e6ff3a6d" + }, + { + "Size": 3584, + "Digest": "sha256:b67f5ff10161bfc9bc601a7e6c9b2101116f46d83094c0b5f3dac7f4e57a3ffb", + "DiffID": "sha256:68d47cccb7f5793b88ffee6060ec2d83caef1a40d37686c61b8d02f90326f2e7" + }, + { + "Size": 4096, + "Digest": "sha256:86b3fa6b8fbb76e1f4968ada7f503cfb21942e51b30e03fb0351cc23db2510c2", + "DiffID": "sha256:aa5f46fdedef8cd4e7c8dfdfca3b8352b558436782032a2ef958c1087d235bf8" + }, + { + "Size": 420864, + "Digest": "sha256:d09a871e9dff41cb59c599fff561601ce0bdeb9b4ce15775c34ff7e9851f3588", + "DiffID": "sha256:8e4a2e57441bdbbcffae2aa3f79541e1b7464dd2fc7da1fd52b0b053e09bdf08" + }, + { + "Size": 4096, + "Digest": "sha256:ccd3dc1be4618670ee52c95afda829bfcfe9cb2f91d54e7b0572c6b0ea2f49b2", + "DiffID": "sha256:c3b33899724cc4679ba456aa71a8a94add23330d16c3d627b8b9e7661523b6bf" + }, + { + "Size": 569344, + "Digest": "sha256:982d68d32045503d2066f7aa075a716c4b4b6fbe73bbc94cff530109280ef508", + "DiffID": "sha256:8d6e3163d361c31eff1e44e1ebe279f24def10d77c0862af1348c48bb0ecaf80" + } + ] + } + ], + "Results": [ + { + "Target": "dovecot/dovecot:latest (debian 13.4)", + "Class": "os-pkgs", + "Type": "debian", + "Packages": [ + { + "ID": "adduser@3.152", + "Name": "adduser", + "Identifier": { + "PURL": "pkg:deb/debian/adduser@3.152?arch=all\u0026distro=debian-13.4", + "UID": "17a3839c9950603e" + }, + "Version": "3.152", + "Arch": "all", + "SrcName": "adduser", + "SrcVersion": "3.152", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Debian Adduser Developers \u003cadduser@packages.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "passwd@1:4.17.4-2" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/sbin/adduser", + "/usr/sbin/deluser", + "/usr/share/doc/adduser/NEWS.Debian.gz", + "/usr/share/doc/adduser/README.gz", + "/usr/share/doc/adduser/TODO", + "/usr/share/doc/adduser/changelog.gz", + "/usr/share/doc/adduser/copyright", + "/usr/share/doc/adduser/examples/INSTALL", + "/usr/share/doc/adduser/examples/README", + "/usr/share/doc/adduser/examples/adduser.conf", + "/usr/share/doc/adduser/examples/adduser.local", + "/usr/share/doc/adduser/examples/adduser.local.conf", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/bash.bashrc", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/profile", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel.other/index.html", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_logout", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_profile", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bashrc", + "/usr/share/doc/adduser/examples/deluser.conf", + "/usr/share/man/da/man5/deluser.conf.5.gz", + "/usr/share/man/de/man5/adduser.conf.5.gz", + "/usr/share/man/de/man5/deluser.conf.5.gz", + "/usr/share/man/de/man8/adduser.8.gz", + "/usr/share/man/de/man8/adduser.local.8.gz", + "/usr/share/man/de/man8/deluser.8.gz", + "/usr/share/man/es/man5/deluser.conf.5.gz", + "/usr/share/man/fr/man5/adduser.conf.5.gz", + "/usr/share/man/fr/man5/deluser.conf.5.gz", + "/usr/share/man/fr/man8/adduser.8.gz", + "/usr/share/man/fr/man8/deluser.8.gz", + "/usr/share/man/it/man5/deluser.conf.5.gz", + "/usr/share/man/man5/adduser.conf.5.gz", + "/usr/share/man/man5/deluser.conf.5.gz", + "/usr/share/man/man8/adduser.8.gz", + "/usr/share/man/man8/adduser.local.8.gz", + "/usr/share/man/man8/deluser.8.gz", + "/usr/share/man/nl/man5/adduser.conf.5.gz", + "/usr/share/man/nl/man5/deluser.conf.5.gz", + "/usr/share/man/nl/man8/adduser.8.gz", + "/usr/share/man/nl/man8/adduser.local.8.gz", + "/usr/share/man/nl/man8/deluser.8.gz", + "/usr/share/man/pl/man5/deluser.conf.5.gz", + "/usr/share/man/pt/man5/adduser.conf.5.gz", + "/usr/share/man/pt/man5/deluser.conf.5.gz", + "/usr/share/man/pt/man8/adduser.8.gz", + "/usr/share/man/pt/man8/adduser.local.8.gz", + "/usr/share/man/pt/man8/deluser.8.gz", + "/usr/share/man/ro/man5/adduser.conf.5.gz", + "/usr/share/man/ro/man5/deluser.conf.5.gz", + "/usr/share/man/ro/man8/adduser.8.gz", + "/usr/share/man/ro/man8/adduser.local.8.gz", + "/usr/share/man/ro/man8/deluser.8.gz", + "/usr/share/man/ru/man5/deluser.conf.5.gz", + "/usr/share/man/sv/man5/deluser.conf.5.gz", + "/usr/share/perl5/Debian/AdduserCommon.pm", + "/usr/share/perl5/Debian/AdduserLogging.pm", + "/usr/share/perl5/Debian/AdduserRetvalues.pm" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "base-files@13.8+deb13u4", + "Name": "base-files", + "Identifier": { + "PURL": "pkg:deb/debian/base-files@13.8%2Bdeb13u4?arch=amd64\u0026distro=debian-13.4", + "UID": "ed2be89a1b54024a" + }, + "Version": "13.8+deb13u4", + "Arch": "amd64", + "SrcName": "base-files", + "SrcVersion": "13.8+deb13u4", + "Licenses": [ + "GPL-2.0-or-later", + "verbatim" + ], + "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/os-release", + "/usr/share/base-files/dot.bashrc", + "/usr/share/base-files/dot.profile", + "/usr/share/base-files/dot.profile.md5sums", + "/usr/share/base-files/info.dir", + "/usr/share/base-files/motd", + "/usr/share/base-files/profile", + "/usr/share/base-files/profile.md5sums", + "/usr/share/base-files/staff-group-for-usr-local", + "/usr/share/common-licenses/Apache-2.0", + "/usr/share/common-licenses/Artistic", + "/usr/share/common-licenses/BSD", + "/usr/share/common-licenses/CC0-1.0", + "/usr/share/common-licenses/GFDL-1.2", + "/usr/share/common-licenses/GFDL-1.3", + "/usr/share/common-licenses/GPL-1", + "/usr/share/common-licenses/GPL-2", + "/usr/share/common-licenses/GPL-3", + "/usr/share/common-licenses/LGPL-2", + "/usr/share/common-licenses/LGPL-2.1", + "/usr/share/common-licenses/LGPL-3", + "/usr/share/common-licenses/MPL-1.1", + "/usr/share/common-licenses/MPL-2.0", + "/usr/share/doc/base-files/NEWS.Debian.gz", + "/usr/share/doc/base-files/README", + "/usr/share/doc/base-files/README.FHS", + "/usr/share/doc/base-files/changelog.gz", + "/usr/share/doc/base-files/copyright", + "/usr/share/lintian/overrides/base-files" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "base-passwd@3.6.7", + "Name": "base-passwd", + "Identifier": { + "PURL": "pkg:deb/debian/base-passwd@3.6.7?arch=amd64\u0026distro=debian-13.4", + "UID": "928e6d832cf7ebbd" + }, + "Version": "3.6.7", + "Arch": "amd64", + "SrcName": "base-passwd", + "SrcVersion": "3.6.7", + "Licenses": [ + "GPL-2.0-only", + "public-domain" + ], + "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libdebconfclient0@0.280", + "libselinux1@3.8.1-1" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/sbin/update-passwd", + "/usr/share/base-passwd/group.master", + "/usr/share/base-passwd/passwd.master", + "/usr/share/doc-base/base-passwd.users-and-groups", + "/usr/share/doc/base-passwd/README", + "/usr/share/doc/base-passwd/changelog.gz", + "/usr/share/doc/base-passwd/copyright", + "/usr/share/doc/base-passwd/users-and-groups.html", + "/usr/share/doc/base-passwd/users-and-groups.txt.gz", + "/usr/share/lintian/overrides/base-passwd", + "/usr/share/man/de/man8/update-passwd.8.gz", + "/usr/share/man/es/man8/update-passwd.8.gz", + "/usr/share/man/fr/man8/update-passwd.8.gz", + "/usr/share/man/ja/man8/update-passwd.8.gz", + "/usr/share/man/man8/update-passwd.8.gz", + "/usr/share/man/pl/man8/update-passwd.8.gz", + "/usr/share/man/ro/man8/update-passwd.8.gz", + "/usr/share/man/ru/man8/update-passwd.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "bsdutils@1:2.41-5", + "Name": "bsdutils", + "Identifier": { + "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", + "UID": "5843733a461e6ce1" + }, + "Version": "2.41", + "Release": "5", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/bin/logger", + "/usr/bin/renice", + "/usr/bin/script", + "/usr/bin/scriptlive", + "/usr/bin/scriptreplay", + "/usr/bin/wall", + "/usr/share/bash-completion/completions/logger", + "/usr/share/bash-completion/completions/renice", + "/usr/share/bash-completion/completions/script", + "/usr/share/bash-completion/completions/scriptlive", + "/usr/share/bash-completion/completions/scriptreplay", + "/usr/share/bash-completion/completions/wall", + "/usr/share/doc/bsdutils/NEWS.Debian.gz", + "/usr/share/doc/bsdutils/changelog.Debian.gz", + "/usr/share/doc/bsdutils/changelog.gz", + "/usr/share/doc/bsdutils/copyright", + "/usr/share/lintian/overrides/bsdutils", + "/usr/share/man/man1/logger.1.gz", + "/usr/share/man/man1/renice.1.gz", + "/usr/share/man/man1/script.1.gz", + "/usr/share/man/man1/scriptlive.1.gz", + "/usr/share/man/man1/scriptreplay.1.gz", + "/usr/share/man/man1/wall.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "ca-certificates@20250419", + "Name": "ca-certificates", + "Identifier": { + "PURL": "pkg:deb/debian/ca-certificates@20250419?arch=all\u0026distro=debian-13.4", + "UID": "7698a50965fda942" + }, + "Version": "20250419", + "Arch": "all", + "SrcName": "ca-certificates", + "SrcVersion": "20250419", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "MPL-2.0" + ], + "Maintainer": "Julien Cristau \u003cjcristau@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.91", + "openssl@3.5.5-1~deb13u2" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/sbin/update-ca-certificates", + "/usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", + "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", + "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", + "/usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", + "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", + "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", + "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", + "/usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", + "/usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", + "/usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", + "/usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", + "/usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", + "/usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", + "/usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", + "/usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", + "/usr/share/ca-certificates/mozilla/Certigna.crt", + "/usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", + "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", + "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", + "/usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-01.crt", + "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-02.crt", + "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-01.crt", + "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-02.crt", + "/usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_2_2023.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_2_2023.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", + "/usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", + "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", + "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", + "/usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", + "/usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", + "/usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", + "/usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", + "/usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", + "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", + "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", + "/usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", + "/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", + "/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", + "/usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", + "/usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", + "/usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", + "/usr/share/ca-certificates/mozilla/Izenpe.com.crt", + "/usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", + "/usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", + "/usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", + "/usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", + "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", + "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", + "/usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", + "/usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", + "/usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", + "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", + "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", + "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", + "/usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", + "/usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", + "/usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", + "/usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", + "/usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", + "/usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", + "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", + "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", + "/usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", + "/usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", + "/usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", + "/usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", + "/usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", + "/usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", + "/usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", + "/usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", + "/usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", + "/usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", + "/usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", + "/usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", + "/usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", + "/usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", + "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", + "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", + "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", + "/usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt", + "/usr/share/doc/ca-certificates/README.Debian", + "/usr/share/doc/ca-certificates/changelog.gz", + "/usr/share/doc/ca-certificates/copyright", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/Makefile", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/README", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/ca-certificates-local.triggers", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/changelog", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/compat", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/control", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/copyright", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/postrm", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/rules", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/source/format", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Local_Root_CA.crt", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Makefile", + "/usr/share/man/man8/update-ca-certificates.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "dash@0.5.12-12", + "Name": "dash", + "Identifier": { + "PURL": "pkg:deb/debian/dash@0.5.12-12?arch=amd64\u0026distro=debian-13.4", + "UID": "4990b2098a2a3724" + }, + "Version": "0.5.12", + "Release": "12", + "Arch": "amd64", + "SrcName": "dash", + "SrcVersion": "0.5.12", + "SrcRelease": "12", + "Licenses": [ + "BSD-3-Clause", + "public-domain", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Andrej Shadura \u003candrewsh@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debianutils@5.23.2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/bin/dash", + "/usr/share/debianutils/shells.d/dash", + "/usr/share/doc/dash/README.Debian.diet", + "/usr/share/doc/dash/README.source", + "/usr/share/doc/dash/changelog.Debian.gz", + "/usr/share/doc/dash/changelog.gz", + "/usr/share/doc/dash/copyright", + "/usr/share/lintian/overrides/dash", + "/usr/share/man/man1/dash.1.gz", + "/usr/share/menu/dash" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "debconf@1.5.91", + "Name": "debconf", + "Identifier": { + "PURL": "pkg:deb/debian/debconf@1.5.91?arch=all\u0026distro=debian-13.4", + "UID": "f7c8b7ba83ed5cfe" + }, + "Version": "1.5.91", + "Arch": "all", + "SrcName": "debconf", + "SrcVersion": "1.5.91", + "Licenses": [ + "BSD-2-Clause" + ], + "Maintainer": "Debconf Developers \u003cdebconf-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/bin/debconf", + "/usr/bin/debconf-apt-progress", + "/usr/bin/debconf-communicate", + "/usr/bin/debconf-copydb", + "/usr/bin/debconf-escape", + "/usr/bin/debconf-set-selections", + "/usr/bin/debconf-show", + "/usr/sbin/dpkg-preconfigure", + "/usr/sbin/dpkg-reconfigure", + "/usr/share/bash-completion/completions/debconf", + "/usr/share/debconf/confmodule", + "/usr/share/debconf/confmodule.sh", + "/usr/share/debconf/debconf.conf", + "/usr/share/debconf/fix_db.pl", + "/usr/share/debconf/frontend", + "/usr/share/doc/debconf/README.Debian", + "/usr/share/doc/debconf/changelog.gz", + "/usr/share/doc/debconf/copyright", + "/usr/share/lintian/overrides/debconf", + "/usr/share/man/man1/debconf-apt-progress.1.gz", + "/usr/share/man/man1/debconf-communicate.1.gz", + "/usr/share/man/man1/debconf-copydb.1.gz", + "/usr/share/man/man1/debconf-escape.1.gz", + "/usr/share/man/man1/debconf-set-selections.1.gz", + "/usr/share/man/man1/debconf-show.1.gz", + "/usr/share/man/man1/debconf.1.gz", + "/usr/share/man/man8/dpkg-preconfigure.8.gz", + "/usr/share/man/man8/dpkg-reconfigure.8.gz", + "/usr/share/perl5/Debconf/AutoSelect.pm", + "/usr/share/perl5/Debconf/Base.pm", + "/usr/share/perl5/Debconf/Client/ConfModule.pm", + "/usr/share/perl5/Debconf/ConfModule.pm", + "/usr/share/perl5/Debconf/Config.pm", + "/usr/share/perl5/Debconf/Db.pm", + "/usr/share/perl5/Debconf/DbDriver.pm", + "/usr/share/perl5/Debconf/DbDriver/Backup.pm", + "/usr/share/perl5/Debconf/DbDriver/Cache.pm", + "/usr/share/perl5/Debconf/DbDriver/Copy.pm", + "/usr/share/perl5/Debconf/DbDriver/Debug.pm", + "/usr/share/perl5/Debconf/DbDriver/DirTree.pm", + "/usr/share/perl5/Debconf/DbDriver/Directory.pm", + "/usr/share/perl5/Debconf/DbDriver/File.pm", + "/usr/share/perl5/Debconf/DbDriver/LDAP.pm", + "/usr/share/perl5/Debconf/DbDriver/PackageDir.pm", + "/usr/share/perl5/Debconf/DbDriver/Pipe.pm", + "/usr/share/perl5/Debconf/DbDriver/Stack.pm", + "/usr/share/perl5/Debconf/Element.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Error.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Note.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Password.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Progress.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Select.pm", + "/usr/share/perl5/Debconf/Element/Dialog/String.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Text.pm", + "/usr/share/perl5/Debconf/Element/Editor/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Editor/Error.pm", + "/usr/share/perl5/Debconf/Element/Editor/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Editor/Note.pm", + "/usr/share/perl5/Debconf/Element/Editor/Password.pm", + "/usr/share/perl5/Debconf/Element/Editor/Progress.pm", + "/usr/share/perl5/Debconf/Element/Editor/Select.pm", + "/usr/share/perl5/Debconf/Element/Editor/String.pm", + "/usr/share/perl5/Debconf/Element/Editor/Text.pm", + "/usr/share/perl5/Debconf/Element/Gnome.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Error.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Note.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Password.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Progress.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Select.pm", + "/usr/share/perl5/Debconf/Element/Gnome/String.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Text.pm", + "/usr/share/perl5/Debconf/Element/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Error.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Note.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Password.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Progress.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Select.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/String.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Text.pm", + "/usr/share/perl5/Debconf/Element/Select.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Error.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Note.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Password.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Progress.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Select.pm", + "/usr/share/perl5/Debconf/Element/Teletype/String.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Text.pm", + "/usr/share/perl5/Debconf/Element/Web/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Web/Error.pm", + "/usr/share/perl5/Debconf/Element/Web/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Web/Note.pm", + "/usr/share/perl5/Debconf/Element/Web/Password.pm", + "/usr/share/perl5/Debconf/Element/Web/Progress.pm", + "/usr/share/perl5/Debconf/Element/Web/Select.pm", + "/usr/share/perl5/Debconf/Element/Web/String.pm", + "/usr/share/perl5/Debconf/Element/Web/Text.pm", + "/usr/share/perl5/Debconf/Encoding.pm", + "/usr/share/perl5/Debconf/Format.pm", + "/usr/share/perl5/Debconf/Format/822.pm", + "/usr/share/perl5/Debconf/FrontEnd.pm", + "/usr/share/perl5/Debconf/FrontEnd/Dialog.pm", + "/usr/share/perl5/Debconf/FrontEnd/Editor.pm", + "/usr/share/perl5/Debconf/FrontEnd/Gnome.pm", + "/usr/share/perl5/Debconf/FrontEnd/Kde.pm", + "/usr/share/perl5/Debconf/FrontEnd/Noninteractive.pm", + "/usr/share/perl5/Debconf/FrontEnd/Passthrough.pm", + "/usr/share/perl5/Debconf/FrontEnd/Readline.pm", + "/usr/share/perl5/Debconf/FrontEnd/ScreenSize.pm", + "/usr/share/perl5/Debconf/FrontEnd/Teletype.pm", + "/usr/share/perl5/Debconf/FrontEnd/Text.pm", + "/usr/share/perl5/Debconf/FrontEnd/Web.pm", + "/usr/share/perl5/Debconf/Gettext.pm", + "/usr/share/perl5/Debconf/Iterator.pm", + "/usr/share/perl5/Debconf/Log.pm", + "/usr/share/perl5/Debconf/Path.pm", + "/usr/share/perl5/Debconf/Priority.pm", + "/usr/share/perl5/Debconf/Question.pm", + "/usr/share/perl5/Debconf/Template.pm", + "/usr/share/perl5/Debconf/Template/Transient.pm", + "/usr/share/perl5/Debconf/TmpFile.pm", + "/usr/share/perl5/Debian/DebConf/Client/ConfModule.pm", + "/usr/share/pixmaps/debian-logo.png" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "debian-archive-keyring@2025.1", + "Name": "debian-archive-keyring", + "Identifier": { + "PURL": "pkg:deb/debian/debian-archive-keyring@2025.1?arch=all\u0026distro=debian-13.4", + "UID": "a22d861380b1187c" + }, + "Version": "2025.1", + "Arch": "all", + "SrcName": "debian-archive-keyring", + "SrcVersion": "2025.1", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Debian Release Team \u003cpackages@release.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/share/doc/debian-archive-keyring/NEWS.Debian.gz", + "/usr/share/doc/debian-archive-keyring/README", + "/usr/share/doc/debian-archive-keyring/changelog.gz", + "/usr/share/doc/debian-archive-keyring/copyright", + "/usr/share/keyrings/debian-archive-bookworm-automatic.pgp", + "/usr/share/keyrings/debian-archive-bookworm-security-automatic.pgp", + "/usr/share/keyrings/debian-archive-bookworm-stable.pgp", + "/usr/share/keyrings/debian-archive-bullseye-automatic.pgp", + "/usr/share/keyrings/debian-archive-bullseye-security-automatic.pgp", + "/usr/share/keyrings/debian-archive-bullseye-stable.pgp", + "/usr/share/keyrings/debian-archive-keyring.pgp", + "/usr/share/keyrings/debian-archive-removed-keys.pgp", + "/usr/share/keyrings/debian-archive-trixie-automatic.pgp", + "/usr/share/keyrings/debian-archive-trixie-security-automatic.pgp", + "/usr/share/keyrings/debian-archive-trixie-stable.pgp" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "debianutils@5.23.2", + "Name": "debianutils", + "Identifier": { + "PURL": "pkg:deb/debian/debianutils@5.23.2?arch=amd64\u0026distro=debian-13.4", + "UID": "3c5d0b66afafddbb" + }, + "Version": "5.23.2", + "Arch": "amd64", + "SrcName": "debianutils", + "SrcVersion": "5.23.2", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "public-domain", + "SMAIL-GPL" + ], + "Maintainer": "Ileana Dumitrescu \u003cileanadumitrescu95@gmail.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/bin/ischroot", + "/usr/bin/run-parts", + "/usr/bin/savelog", + "/usr/bin/tempfile", + "/usr/bin/which.debianutils", + "/usr/sbin/add-shell", + "/usr/sbin/installkernel", + "/usr/sbin/remove-shell", + "/usr/sbin/update-shells", + "/usr/share/debianutils/shells", + "/usr/share/doc/debianutils/README.shells", + "/usr/share/doc/debianutils/changelog.gz", + "/usr/share/doc/debianutils/copyright", + "/usr/share/man/de/man1/which.debianutils.1.gz", + "/usr/share/man/de/man8/add-shell.8.gz", + "/usr/share/man/de/man8/installkernel.8.gz", + "/usr/share/man/de/man8/remove-shell.8.gz", + "/usr/share/man/de/man8/run-parts.8.gz", + "/usr/share/man/de/man8/savelog.8.gz", + "/usr/share/man/es/man1/which.debianutils.1.gz", + "/usr/share/man/es/man8/add-shell.8.gz", + "/usr/share/man/es/man8/installkernel.8.gz", + "/usr/share/man/es/man8/remove-shell.8.gz", + "/usr/share/man/es/man8/run-parts.8.gz", + "/usr/share/man/es/man8/savelog.8.gz", + "/usr/share/man/fr/man1/which.debianutils.1.gz", + "/usr/share/man/fr/man8/add-shell.8.gz", + "/usr/share/man/fr/man8/installkernel.8.gz", + "/usr/share/man/fr/man8/remove-shell.8.gz", + "/usr/share/man/fr/man8/run-parts.8.gz", + "/usr/share/man/fr/man8/savelog.8.gz", + "/usr/share/man/it/man1/which.debianutils.1.gz", + "/usr/share/man/it/man8/add-shell.8.gz", + "/usr/share/man/it/man8/installkernel.8.gz", + "/usr/share/man/it/man8/remove-shell.8.gz", + "/usr/share/man/it/man8/run-parts.8.gz", + "/usr/share/man/it/man8/savelog.8.gz", + "/usr/share/man/ja/man1/which.debianutils.1.gz", + "/usr/share/man/ja/man8/add-shell.8.gz", + "/usr/share/man/ja/man8/installkernel.8.gz", + "/usr/share/man/ja/man8/remove-shell.8.gz", + "/usr/share/man/ja/man8/run-parts.8.gz", + "/usr/share/man/ja/man8/savelog.8.gz", + "/usr/share/man/man1/ischroot.1.gz", + "/usr/share/man/man1/tempfile.1.gz", + "/usr/share/man/man1/which.debianutils.1.gz", + "/usr/share/man/man8/add-shell.8.gz", + "/usr/share/man/man8/installkernel.8.gz", + "/usr/share/man/man8/remove-shell.8.gz", + "/usr/share/man/man8/run-parts.8.gz", + "/usr/share/man/man8/savelog.8.gz", + "/usr/share/man/man8/update-shells.8.gz", + "/usr/share/man/pl/man1/which.debianutils.1.gz", + "/usr/share/man/pl/man8/add-shell.8.gz", + "/usr/share/man/pl/man8/installkernel.8.gz", + "/usr/share/man/pl/man8/remove-shell.8.gz", + "/usr/share/man/pl/man8/run-parts.8.gz", + "/usr/share/man/pl/man8/savelog.8.gz", + "/usr/share/man/pt/man1/which.debianutils.1.gz", + "/usr/share/man/pt/man8/add-shell.8.gz", + "/usr/share/man/pt/man8/installkernel.8.gz", + "/usr/share/man/pt/man8/remove-shell.8.gz", + "/usr/share/man/pt/man8/run-parts.8.gz", + "/usr/share/man/pt/man8/savelog.8.gz", + "/usr/share/man/sl/man1/which.debianutils.1.gz", + "/usr/share/man/sl/man8/add-shell.8.gz", + "/usr/share/man/sl/man8/installkernel.8.gz", + "/usr/share/man/sl/man8/remove-shell.8.gz", + "/usr/share/man/sl/man8/run-parts.8.gz", + "/usr/share/man/sl/man8/savelog.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "gcc-14-base@14.2.0-19", + "Name": "gcc-14-base", + "Identifier": { + "PURL": "pkg:deb/debian/gcc-14-base@14.2.0-19?arch=amd64\u0026distro=debian-13.4", + "UID": "371c061d08215a1b" + }, + "Version": "14.2.0", + "Release": "19", + "Arch": "amd64", + "SrcName": "gcc-14", + "SrcVersion": "14.2.0", + "SrcRelease": "19", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-3.0-only", + "GFDL-1.2-only", + "Artistic-2.0", + "LGPL-2.0-or-later" + ], + "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/share/doc/gcc-14-base/README.Debian.amd64.gz", + "/usr/share/doc/gcc-14-base/TODO.Debian", + "/usr/share/doc/gcc-14-base/changelog.Debian.gz", + "/usr/share/doc/gcc-14-base/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "hostname@3.25", + "Name": "hostname", + "Identifier": { + "PURL": "pkg:deb/debian/hostname@3.25?arch=amd64\u0026distro=debian-13.4", + "UID": "641772722328aedf" + }, + "Version": "3.25", + "Arch": "amd64", + "SrcName": "hostname", + "SrcVersion": "3.25", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Michael Meskes \u003cmeskes@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/bin/hostname", + "/usr/share/doc/hostname/changelog.gz", + "/usr/share/doc/hostname/copyright", + "/usr/share/man/man1/hostname.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libacl1@2.3.2-2+b1", + "Name": "libacl1", + "Identifier": { + "PURL": "pkg:deb/debian/libacl1@2.3.2-2%2Bb1?arch=amd64\u0026distro=debian-13.4", + "UID": "3de9b16851b7cdc0" + }, + "Version": "2.3.2", + "Release": "2+b1", + "Arch": "amd64", + "SrcName": "acl", + "SrcVersion": "2.3.2", + "SrcRelease": "2", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.0-or-later", + "LGPL-2.1-only" + ], + "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libacl.so.1.1.2302", + "/usr/share/doc/libacl1/changelog.Debian.amd64.gz", + "/usr/share/doc/libacl1/changelog.Debian.gz", + "/usr/share/doc/libacl1/changelog.gz", + "/usr/share/doc/libacl1/copyright", + "/usr/share/lintian/overrides/libacl1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libapt-pkg7.0@3.0.3", + "Name": "libapt-pkg7.0", + "Identifier": { + "PURL": "pkg:deb/debian/libapt-pkg7.0@3.0.3?arch=amd64\u0026distro=debian-13.4", + "UID": "62525e41beef1908" + }, + "Version": "3.0.3", + "Arch": "amd64", + "SrcName": "apt", + "SrcVersion": "3.0.3", + "Licenses": [ + "GPL-2.0-or-later", + "curl", + "BSD-3-Clause", + "MIT", + "GPL-2.0-only" + ], + "Maintainer": "APT Development Team \u003cdeity@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libbz2-1.0@1.0.8-6", + "libc6@2.41-12+deb13u2", + "libgcc-s1@14.2.0-19", + "liblz4-1@1.10.0-4", + "liblzma5@5.8.1-1", + "libssl3t64@3.5.5-1~deb13u2", + "libstdc++6@14.2.0-19", + "libsystemd0@257.9-1~deb13u1", + "libudev1@257.9-1~deb13u1", + "libxxhash0@0.8.3-2", + "libzstd1@1.5.7+dfsg-1", + "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libapt-pkg.so.7.0.0", + "/usr/share/doc/libapt-pkg7.0/NEWS.Debian.gz", + "/usr/share/doc/libapt-pkg7.0/changelog.gz", + "/usr/share/doc/libapt-pkg7.0/copyright", + "/usr/share/locale/ar/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ast/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/bg/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/bs/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ca/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/cs/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/cy/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/da/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/de/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/dz/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/el/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/es/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/eu/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/fi/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/fr/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/gl/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/hu/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/it/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ja/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/km/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ko/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ku/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/lt/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/mr/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/nb/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ne/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/nl/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/nn/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/pl/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/pt/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ro/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ru/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/sk/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/sl/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/sv/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/th/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/tl/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/tr/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/uk/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/vi/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/libapt-pkg7.0.mo" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libattr1@1:2.5.2-3", + "Name": "libattr1", + "Identifier": { + "PURL": "pkg:deb/debian/libattr1@2.5.2-3?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", + "UID": "b0e1266f81063f7" + }, + "Version": "2.5.2", + "Release": "3", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "attr", + "SrcVersion": "2.5.2", + "SrcRelease": "3", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.0-or-later", + "LGPL-2.1-only" + ], + "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libattr.so.1.1.2502", + "/usr/share/doc/libattr1/changelog.Debian.gz", + "/usr/share/doc/libattr1/changelog.gz", + "/usr/share/doc/libattr1/copyright", + "/usr/share/lintian/overrides/libattr1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libaudit-common@1:4.0.2-2", + "Name": "libaudit-common", + "Identifier": { + "PURL": "pkg:deb/debian/libaudit-common@4.0.2-2?arch=all\u0026distro=debian-13.4\u0026epoch=1", + "UID": "d20cd9a11d8e018d" + }, + "Version": "4.0.2", + "Release": "2", + "Epoch": 1, + "Arch": "all", + "SrcName": "audit", + "SrcVersion": "4.0.2", + "SrcRelease": "2", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.1-only", + "GPL-1.0-only" + ], + "Maintainer": "Laurent Bigonville \u003cbigon@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/share/doc/libaudit-common/changelog.Debian.gz", + "/usr/share/doc/libaudit-common/changelog.gz", + "/usr/share/doc/libaudit-common/copyright", + "/usr/share/man/man5/libaudit.conf.5.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libaudit1@1:4.0.2-2+b2", + "Name": "libaudit1", + "Identifier": { + "PURL": "pkg:deb/debian/libaudit1@4.0.2-2%2Bb2?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", + "UID": "bfee89653d19f275" + }, + "Version": "4.0.2", + "Release": "2+b2", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "audit", + "SrcVersion": "4.0.2", + "SrcRelease": "2", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.1-only", + "GPL-1.0-only" + ], + "Maintainer": "Laurent Bigonville \u003cbigon@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit-common@1:4.0.2-2", + "libc6@2.41-12+deb13u2", + "libcap-ng0@0.8.5-4+b1" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libaudit.so.1.0.0", + "/usr/share/doc/libaudit1/changelog.Debian.amd64.gz", + "/usr/share/doc/libaudit1/changelog.Debian.gz", + "/usr/share/doc/libaudit1/changelog.gz", + "/usr/share/doc/libaudit1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libblkid1@2.41-5", + "Name": "libblkid1", + "Identifier": { + "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.4", + "UID": "c1af86eefb8cc018" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libblkid.so.1.1.0", + "/usr/share/doc/libblkid1/NEWS.Debian.gz", + "/usr/share/doc/libblkid1/changelog.Debian.gz", + "/usr/share/doc/libblkid1/changelog.gz", + "/usr/share/doc/libblkid1/copyright", + "/usr/share/lintian/overrides/libblkid1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libbsd0@0.12.2-2", + "Name": "libbsd0", + "Identifier": { + "PURL": "pkg:deb/debian/libbsd0@0.12.2-2?arch=amd64\u0026distro=debian-13.4", + "UID": "7031e5c6b2f996a7" + }, + "Version": "0.12.2", + "Release": "2", + "Arch": "amd64", + "SrcName": "libbsd", + "SrcVersion": "0.12.2", + "SrcRelease": "2", + "Licenses": [ + "BSD-3-Clause", + "BSD-3-clause-Regents", + "BSD-2-Clause-NetBSD", + "BSD-3-clause-author", + "BSD-3-clause-John-Birrell", + "BSD-5-clause-Peter-Wemm", + "BSD-2-Clause", + "BSD-2-clause-verbatim", + "BSD-2-clause-author", + "ISC", + "ISC-Original", + "MIT", + "public-domain", + "Beerware" + ], + "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libmd0@1.1.0-2+b1" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libbsd.so.0.12.2", + "/usr/share/doc/libbsd0/changelog.Debian.gz", + "/usr/share/doc/libbsd0/changelog.gz", + "/usr/share/doc/libbsd0/copyright", + "/usr/share/lintian/overrides/libbsd0" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libbz2-1.0@1.0.8-6", + "Name": "libbz2-1.0", + "Identifier": { + "PURL": "pkg:deb/debian/libbz2-1.0@1.0.8-6?arch=amd64\u0026distro=debian-13.4", + "UID": "26acdf11d0e1ba65" + }, + "Version": "1.0.8", + "Release": "6", + "Arch": "amd64", + "SrcName": "bzip2", + "SrcVersion": "1.0.8", + "SrcRelease": "6", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only" + ], + "Maintainer": "Anibal Monsalve Salazar \u003canibal@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libbz2.so.1.0.4", + "/usr/share/doc/libbz2-1.0/changelog.Debian.gz", + "/usr/share/doc/libbz2-1.0/changelog.gz", + "/usr/share/doc/libbz2-1.0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libc6@2.41-12+deb13u2", + "Name": "libc6", + "Identifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u2?arch=amd64\u0026distro=debian-13.4", + "UID": "f8217b10d3b7623a" + }, + "Version": "2.41", + "Release": "12+deb13u2", + "Arch": "amd64", + "SrcName": "glibc", + "SrcVersion": "2.41", + "SrcRelease": "12+deb13u2", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.0-or-later", + "LGPL-2.1+-with-link-exception", + "LGPL-3.0-or-later", + "GPL-2.0-or-later", + "GPL-2+-with-link-exception", + "GPL-2.0-only", + "GPL-3.0-or-later", + "FSFAP", + "Carnegie", + "Inner-Net", + "MIT-like-Lord", + "BSD-like-Spencer", + "PCRE", + "BSD-3-clause-Carnegie", + "Unicode-DFS-2016", + "BSL-1.0", + "SunPro", + "CORE-MATH", + "BSD-3-clause-Berkeley", + "BSD-3-clause-WIDE", + "BSD-2-Clause", + "BSD-3-clause-Oracle", + "DEC", + "IBM", + "ISC", + "Univ-Coimbra", + "public-domain", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libgcc-s1@14.2.0-19" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/gconv/ANSI_X3.110.so", + "/usr/lib/x86_64-linux-gnu/gconv/ARMSCII-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/ASMO_449.so", + "/usr/lib/x86_64-linux-gnu/gconv/BIG5.so", + "/usr/lib/x86_64-linux-gnu/gconv/BIG5HKSCS.so", + "/usr/lib/x86_64-linux-gnu/gconv/BRF.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP10007.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1125.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1250.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1251.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1252.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1253.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1254.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1255.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1256.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1257.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1258.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP737.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP770.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP771.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP772.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP773.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP774.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP775.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP932.so", + "/usr/lib/x86_64-linux-gnu/gconv/CSN_369103.so", + "/usr/lib/x86_64-linux-gnu/gconv/CWI.so", + "/usr/lib/x86_64-linux-gnu/gconv/DEC-MCS.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-CA-FR.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-S.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FR.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IS-FRISS.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IT.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-PT.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-UK.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-US.so", + "/usr/lib/x86_64-linux-gnu/gconv/ECMA-CYRILLIC.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-CN.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-JISX0213.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP-MS.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-KR.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-TW.so", + "/usr/lib/x86_64-linux-gnu/gconv/GB18030.so", + "/usr/lib/x86_64-linux-gnu/gconv/GBBIG5.so", + "/usr/lib/x86_64-linux-gnu/gconv/GBGBK.so", + "/usr/lib/x86_64-linux-gnu/gconv/GBK.so", + "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-ACADEMY.so", + "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-PS.so", + "/usr/lib/x86_64-linux-gnu/gconv/GOST_19768-74.so", + "/usr/lib/x86_64-linux-gnu/gconv/GREEK-CCITT.so", + "/usr/lib/x86_64-linux-gnu/gconv/GREEK7-OLD.so", + "/usr/lib/x86_64-linux-gnu/gconv/GREEK7.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-GREEK8.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN8.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN9.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-THAI8.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-TURKISH8.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM037.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM038.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1004.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1008.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1008_420.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1025.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1026.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1046.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1047.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1097.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1112.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1122.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1123.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1124.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1129.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1130.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1132.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1133.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1137.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1140.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1141.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1142.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1143.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1144.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1145.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1146.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1147.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1148.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1149.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1153.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1154.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1155.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1156.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1157.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1158.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1160.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1161.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1162.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1163.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1164.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1166.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1167.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM12712.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1364.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1371.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1388.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1390.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1399.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM16804.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM256.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM273.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM274.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM275.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM277.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM278.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM280.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM281.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM284.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM285.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM290.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM297.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM420.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM423.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM424.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM437.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4517.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4899.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4909.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4971.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM500.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM5347.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM803.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM850.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM851.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM852.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM855.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM856.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM857.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM858.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM860.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM861.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM862.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM863.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM864.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM865.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM866.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM866NAV.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM868.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM869.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM870.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM871.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM874.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM875.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM880.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM891.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM901.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM902.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM903.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM9030.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM904.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM905.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM9066.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM918.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM921.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM922.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM930.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM932.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM933.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM935.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM937.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM939.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM943.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM9448.so", + "/usr/lib/x86_64-linux-gnu/gconv/IEC_P27-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/INIS-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/INIS-CYRILLIC.so", + "/usr/lib/x86_64-linux-gnu/gconv/INIS.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISIRI-3342.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN-EXT.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP-3.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-KR.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-197.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-209.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO646.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-10.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-11.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-13.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-14.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-15.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-16.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-2.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-3.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-4.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-5.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-6.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-7.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9E.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_10367-BOX.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_11548-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_2033.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427-EXT.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_5428.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937-2.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937.so", + "/usr/lib/x86_64-linux-gnu/gconv/JOHAB.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-R.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-RU.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-T.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-U.so", + "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-CENTRALEUROPE.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-IS.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-SAMI.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-UK.so", + "/usr/lib/x86_64-linux-gnu/gconv/MACINTOSH.so", + "/usr/lib/x86_64-linux-gnu/gconv/MIK.so", + "/usr/lib/x86_64-linux-gnu/gconv/NATS-DANO.so", + "/usr/lib/x86_64-linux-gnu/gconv/NATS-SEFI.so", + "/usr/lib/x86_64-linux-gnu/gconv/PT154.so", + "/usr/lib/x86_64-linux-gnu/gconv/RK1048.so", + "/usr/lib/x86_64-linux-gnu/gconv/SAMI-WS2.so", + "/usr/lib/x86_64-linux-gnu/gconv/SHIFT_JISX0213.so", + "/usr/lib/x86_64-linux-gnu/gconv/SJIS.so", + "/usr/lib/x86_64-linux-gnu/gconv/T.61.so", + "/usr/lib/x86_64-linux-gnu/gconv/TCVN5712-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/TIS-620.so", + "/usr/lib/x86_64-linux-gnu/gconv/TSCII.so", + "/usr/lib/x86_64-linux-gnu/gconv/UHC.so", + "/usr/lib/x86_64-linux-gnu/gconv/UNICODE.so", + "/usr/lib/x86_64-linux-gnu/gconv/UTF-16.so", + "/usr/lib/x86_64-linux-gnu/gconv/UTF-32.so", + "/usr/lib/x86_64-linux-gnu/gconv/UTF-7.so", + "/usr/lib/x86_64-linux-gnu/gconv/VISCII.so", + "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules", + "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache", + "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.d/gconv-modules-extra.conf", + "/usr/lib/x86_64-linux-gnu/gconv/libCNS.so", + "/usr/lib/x86_64-linux-gnu/gconv/libGB.so", + "/usr/lib/x86_64-linux-gnu/gconv/libISOIR165.so", + "/usr/lib/x86_64-linux-gnu/gconv/libJIS.so", + "/usr/lib/x86_64-linux-gnu/gconv/libJISX0213.so", + "/usr/lib/x86_64-linux-gnu/gconv/libKSC.so", + "/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2", + "/usr/lib/x86_64-linux-gnu/libBrokenLocale.so.1", + "/usr/lib/x86_64-linux-gnu/libanl.so.1", + "/usr/lib/x86_64-linux-gnu/libc.so.6", + "/usr/lib/x86_64-linux-gnu/libc_malloc_debug.so.0", + "/usr/lib/x86_64-linux-gnu/libdl.so.2", + "/usr/lib/x86_64-linux-gnu/libm.so.6", + "/usr/lib/x86_64-linux-gnu/libmemusage.so", + "/usr/lib/x86_64-linux-gnu/libmvec.so.1", + "/usr/lib/x86_64-linux-gnu/libnsl.so.1", + "/usr/lib/x86_64-linux-gnu/libnss_compat.so.2", + "/usr/lib/x86_64-linux-gnu/libnss_dns.so.2", + "/usr/lib/x86_64-linux-gnu/libnss_files.so.2", + "/usr/lib/x86_64-linux-gnu/libnss_hesiod.so.2", + "/usr/lib/x86_64-linux-gnu/libpcprofile.so", + "/usr/lib/x86_64-linux-gnu/libpthread.so.0", + "/usr/lib/x86_64-linux-gnu/libresolv.so.2", + "/usr/lib/x86_64-linux-gnu/librt.so.1", + "/usr/lib/x86_64-linux-gnu/libthread_db.so.1", + "/usr/lib/x86_64-linux-gnu/libutil.so.1", + "/usr/share/doc/libc6/NEWS.Debian.gz", + "/usr/share/doc/libc6/NEWS.gz", + "/usr/share/doc/libc6/README.Debian.gz", + "/usr/share/doc/libc6/README.hesiod.gz", + "/usr/share/doc/libc6/changelog.Debian.gz", + "/usr/share/doc/libc6/changelog.gz", + "/usr/share/doc/libc6/copyright", + "/usr/share/lintian/overrides/libc6" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcap-ng0@0.8.5-4+b1", + "Name": "libcap-ng0", + "Identifier": { + "PURL": "pkg:deb/debian/libcap-ng0@0.8.5-4%2Bb1?arch=amd64\u0026distro=debian-13.4", + "UID": "5c9befb3e6389825" + }, + "Version": "0.8.5", + "Release": "4+b1", + "Arch": "amd64", + "SrcName": "libcap-ng", + "SrcVersion": "0.8.5", + "SrcRelease": "4", + "Licenses": [ + "LGPL-2.1-or-later", + "GPL-2.0-or-later", + "GPL-3.0-only", + "LGPL-2.1-only", + "GPL-2.0-only" + ], + "Maintainer": "Håvard F. Aasen \u003chavard.f.aasen@pfft.no\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/libdrop_ambient.so.0.0.0", + "/usr/share/doc/libcap-ng0/changelog.Debian.amd64.gz", + "/usr/share/doc/libcap-ng0/changelog.Debian.gz", + "/usr/share/doc/libcap-ng0/changelog.gz", + "/usr/share/doc/libcap-ng0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcap2@1:2.75-10+b8", + "Name": "libcap2", + "Identifier": { + "PURL": "pkg:deb/debian/libcap2@2.75-10%2Bb8?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", + "UID": "7062e9c4f309915f" + }, + "Version": "2.75", + "Release": "10+b8", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "libcap2", + "SrcVersion": "2.75", + "SrcRelease": "10", + "SrcEpoch": 1, + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only", + "GPL-2.0-or-later" + ], + "Maintainer": "Christian Kastner \u003cckk@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libcap.so.2.75", + "/usr/lib/x86_64-linux-gnu/libpsx.so.2.75", + "/usr/share/doc/libcap2/changelog.Debian.amd64.gz", + "/usr/share/doc/libcap2/changelog.Debian.gz", + "/usr/share/doc/libcap2/changelog.gz", + "/usr/share/doc/libcap2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcom-err2@1.47.2-3+b10", + "Name": "libcom-err2", + "Identifier": { + "PURL": "pkg:deb/debian/libcom-err2@1.47.2-3%2Bb10?arch=amd64\u0026distro=debian-13.4", + "UID": "bfe3e78d10af37a0" + }, + "Version": "1.47.2", + "Release": "3+b10", + "Arch": "amd64", + "SrcName": "e2fsprogs", + "SrcVersion": "1.47.2", + "SrcRelease": "3", + "Licenses": [ + "GPL-2.0-only", + "GPL-2.0-or-later", + "0BSD", + "MIT", + "BSD-3-Clause-Variant", + "BSD-3-Clause", + "BSD-4-Clause-CMU", + "LGPL-2.0-only", + "Apache-2.0", + "ISC", + "MIT-US-export", + "Kazlib", + "Latex2e", + "GPL-2+ with Texinfo exception" + ], + "Maintainer": "Theodore Y. Ts'o \u003ctytso@mit.edu\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libcom_err.so.2.1", + "/usr/share/doc/libcom-err2/changelog.Debian.amd64.gz", + "/usr/share/doc/libcom-err2/changelog.Debian.gz", + "/usr/share/doc/libcom-err2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcrypt1@1:4.4.38-1", + "Name": "libcrypt1", + "Identifier": { + "PURL": "pkg:deb/debian/libcrypt1@4.4.38-1?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", + "UID": "c3820f15bf4e7a13" + }, + "Version": "4.4.38", + "Release": "1", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "libxcrypt", + "SrcVersion": "4.4.38", + "SrcRelease": "1", + "SrcEpoch": 1, + "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0", + "/usr/share/doc/libcrypt1/changelog.Debian.gz", + "/usr/share/doc/libcrypt1/changelog.gz", + "/usr/share/doc/libcrypt1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libdb5.3t64@5.3.28+dfsg2-9", + "Name": "libdb5.3t64", + "Identifier": { + "PURL": "pkg:deb/debian/libdb5.3t64@5.3.28%2Bdfsg2-9?arch=amd64\u0026distro=debian-13.4", + "UID": "3b9d2f17799986c8" + }, + "Version": "5.3.28+dfsg2", + "Release": "9", + "Arch": "amd64", + "SrcName": "db5.3", + "SrcVersion": "5.3.28+dfsg2", + "SrcRelease": "9", + "Licenses": [ + "Sleepycat", + "BSD-3-Clause", + "MS-PL", + "GPL-2.0-or-later", + "Artistic-2.0", + "X11", + "MIT-old", + "TCL-like", + "BSD-3-clause-fjord", + "GPL-3.0-only", + "Zlib" + ], + "Maintainer": "Debian QA Group \u003cpackages@qa.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libdb-5.3.so", + "/usr/share/doc/libdb5.3t64/build_signature_amd64.txt", + "/usr/share/doc/libdb5.3t64/changelog.Debian.gz", + "/usr/share/doc/libdb5.3t64/copyright", + "/usr/share/lintian/overrides/libdb5.3t64" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libdebconfclient0@0.280", + "Name": "libdebconfclient0", + "Identifier": { + "PURL": "pkg:deb/debian/libdebconfclient0@0.280?arch=amd64\u0026distro=debian-13.4", + "UID": "6134dc231a5060f1" + }, + "Version": "0.280", + "Arch": "amd64", + "SrcName": "cdebconf", + "SrcVersion": "0.280", + "Licenses": [ + "BSD-2-Clause", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Debian Install System Team \u003cdebian-boot@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libdebconfclient.so.0.0.0", + "/usr/share/doc/libdebconfclient0/changelog.gz", + "/usr/share/doc/libdebconfclient0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libexpat1@2.7.1-2", + "Name": "libexpat1", + "Identifier": { + "PURL": "pkg:deb/debian/libexpat1@2.7.1-2?arch=amd64\u0026distro=debian-13.4", + "UID": "98d5e2cecc41711d" + }, + "Version": "2.7.1", + "Release": "2", + "Arch": "amd64", + "SrcName": "expat", + "SrcVersion": "2.7.1", + "SrcRelease": "2", + "Licenses": [ + "MIT" + ], + "Maintainer": "Laszlo Boszormenyi (GCS) \u003cgcs@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libexpat.so.1.10.2", + "/usr/lib/x86_64-linux-gnu/libexpatw.so.1.10.2", + "/usr/share/doc/libexpat1/AUTHORS", + "/usr/share/doc/libexpat1/changelog.Debian.gz", + "/usr/share/doc/libexpat1/changelog.gz", + "/usr/share/doc/libexpat1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libexttextcat-2.0-0@3.4.7-1+b1", + "Name": "libexttextcat-2.0-0", + "Identifier": { + "PURL": "pkg:deb/debian/libexttextcat-2.0-0@3.4.7-1%2Bb1?arch=amd64\u0026distro=debian-13.4", + "UID": "1ffbb42f6dc496af" + }, + "Version": "3.4.7", + "Release": "1+b1", + "Arch": "amd64", + "SrcName": "libexttextcat", + "SrcVersion": "3.4.7", + "SrcRelease": "1", + "Maintainer": "Debian LibreOffice Maintainers \u003cdebian-openoffice@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libexttextcat-data@3.4.7-1" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libexttextcat-2.0.so.0.0.0", + "/usr/share/doc/libexttextcat-2.0-0/README", + "/usr/share/doc/libexttextcat-2.0-0/TODO", + "/usr/share/doc/libexttextcat-2.0-0/changelog.Debian.amd64.gz", + "/usr/share/doc/libexttextcat-2.0-0/changelog.Debian.gz", + "/usr/share/doc/libexttextcat-2.0-0/changelog.gz", + "/usr/share/doc/libexttextcat-2.0-0/copyright", + "/usr/share/lintian/overrides/libexttextcat-2.0-0" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libexttextcat-data@3.4.7-1", + "Name": "libexttextcat-data", + "Identifier": { + "PURL": "pkg:deb/debian/libexttextcat-data@3.4.7-1?arch=all\u0026distro=debian-13.4", + "UID": "a87e2acedb0528e8" + }, + "Version": "3.4.7", + "Release": "1", + "Arch": "all", + "SrcName": "libexttextcat", + "SrcVersion": "3.4.7", + "SrcRelease": "1", + "Maintainer": "Debian LibreOffice Maintainers \u003cdebian-openoffice@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/share/doc/libexttextcat-data/README", + "/usr/share/doc/libexttextcat-data/TODO", + "/usr/share/doc/libexttextcat-data/changelog.Debian.gz", + "/usr/share/doc/libexttextcat-data/changelog.gz", + "/usr/share/doc/libexttextcat-data/copyright", + "/usr/share/libexttextcat/ab.lm", + "/usr/share/libexttextcat/ace.lm", + "/usr/share/libexttextcat/ada.lm", + "/usr/share/libexttextcat/af.lm", + "/usr/share/libexttextcat/ak.lm", + "/usr/share/libexttextcat/alt.lm", + "/usr/share/libexttextcat/am.lm", + "/usr/share/libexttextcat/ar.lm", + "/usr/share/libexttextcat/arn.lm", + "/usr/share/libexttextcat/ast.lm", + "/usr/share/libexttextcat/ay.lm", + "/usr/share/libexttextcat/az-Cyrl.lm", + "/usr/share/libexttextcat/az.lm", + "/usr/share/libexttextcat/ban.lm", + "/usr/share/libexttextcat/be.lm", + "/usr/share/libexttextcat/bem.lm", + "/usr/share/libexttextcat/bg.lm", + "/usr/share/libexttextcat/bho.lm", + "/usr/share/libexttextcat/bi.lm", + "/usr/share/libexttextcat/bik.lm", + "/usr/share/libexttextcat/bm.lm", + "/usr/share/libexttextcat/bn.lm", + "/usr/share/libexttextcat/bo.lm", + "/usr/share/libexttextcat/br.lm", + "/usr/share/libexttextcat/bs.lm", + "/usr/share/libexttextcat/buc.lm", + "/usr/share/libexttextcat/ca.lm", + "/usr/share/libexttextcat/ckb.lm", + "/usr/share/libexttextcat/cs.lm", + "/usr/share/libexttextcat/cv.lm", + "/usr/share/libexttextcat/cy.lm", + "/usr/share/libexttextcat/da.lm", + "/usr/share/libexttextcat/de.lm", + "/usr/share/libexttextcat/dv.lm", + "/usr/share/libexttextcat/dz.lm", + "/usr/share/libexttextcat/ee.lm", + "/usr/share/libexttextcat/el.lm", + "/usr/share/libexttextcat/emk-Latn.lm", + "/usr/share/libexttextcat/en.lm", + "/usr/share/libexttextcat/eo.lm", + "/usr/share/libexttextcat/es.lm", + "/usr/share/libexttextcat/et.lm", + "/usr/share/libexttextcat/eu.lm", + "/usr/share/libexttextcat/fa.lm", + "/usr/share/libexttextcat/fi.lm", + "/usr/share/libexttextcat/fj.lm", + "/usr/share/libexttextcat/fkv.lm", + "/usr/share/libexttextcat/fo.lm", + "/usr/share/libexttextcat/fon.lm", + "/usr/share/libexttextcat/fpdb.conf", + "/usr/share/libexttextcat/fr.lm", + "/usr/share/libexttextcat/fur.lm", + "/usr/share/libexttextcat/fy.lm", + "/usr/share/libexttextcat/ga.lm", + "/usr/share/libexttextcat/gd.lm", + "/usr/share/libexttextcat/gl.lm", + "/usr/share/libexttextcat/grc.lm", + "/usr/share/libexttextcat/gu.lm", + "/usr/share/libexttextcat/gug.lm", + "/usr/share/libexttextcat/gv.lm", + "/usr/share/libexttextcat/ha-NG.lm", + "/usr/share/libexttextcat/haw.lm", + "/usr/share/libexttextcat/he.lm", + "/usr/share/libexttextcat/hi.lm", + "/usr/share/libexttextcat/hil.lm", + "/usr/share/libexttextcat/hr.lm", + "/usr/share/libexttextcat/hsb.lm", + "/usr/share/libexttextcat/ht.lm", + "/usr/share/libexttextcat/hu.lm", + "/usr/share/libexttextcat/hy.lm", + "/usr/share/libexttextcat/ia.lm", + "/usr/share/libexttextcat/id.lm", + "/usr/share/libexttextcat/ilo.lm", + "/usr/share/libexttextcat/is.lm", + "/usr/share/libexttextcat/it.lm", + "/usr/share/libexttextcat/ja.lm", + "/usr/share/libexttextcat/ka.lm", + "/usr/share/libexttextcat/kbd.lm", + "/usr/share/libexttextcat/kk.lm", + "/usr/share/libexttextcat/kl.lm", + "/usr/share/libexttextcat/km.lm", + "/usr/share/libexttextcat/kn.lm", + "/usr/share/libexttextcat/kng.lm", + "/usr/share/libexttextcat/ko.lm", + "/usr/share/libexttextcat/koi.lm", + "/usr/share/libexttextcat/ktu.lm", + "/usr/share/libexttextcat/ky.lm", + "/usr/share/libexttextcat/la.lm", + "/usr/share/libexttextcat/lb.lm", + "/usr/share/libexttextcat/lg.lm", + "/usr/share/libexttextcat/lij.lm", + "/usr/share/libexttextcat/lld.lm", + "/usr/share/libexttextcat/ln.lm", + "/usr/share/libexttextcat/lo.lm", + "/usr/share/libexttextcat/lt.lm", + "/usr/share/libexttextcat/lv.lm", + "/usr/share/libexttextcat/mai.lm", + "/usr/share/libexttextcat/mi.lm", + "/usr/share/libexttextcat/min.lm", + "/usr/share/libexttextcat/mk.lm", + "/usr/share/libexttextcat/ml.lm", + "/usr/share/libexttextcat/mn.lm", + "/usr/share/libexttextcat/mos.lm", + "/usr/share/libexttextcat/mr.lm", + "/usr/share/libexttextcat/ms.lm", + "/usr/share/libexttextcat/mt.lm", + "/usr/share/libexttextcat/my.lm", + "/usr/share/libexttextcat/nb.lm", + "/usr/share/libexttextcat/nds.lm", + "/usr/share/libexttextcat/ne.lm", + "/usr/share/libexttextcat/nio.lm", + "/usr/share/libexttextcat/nl.lm", + "/usr/share/libexttextcat/nn.lm", + "/usr/share/libexttextcat/nr.lm", + "/usr/share/libexttextcat/nso.lm", + "/usr/share/libexttextcat/ny.lm", + "/usr/share/libexttextcat/oc.lm", + "/usr/share/libexttextcat/om.lm", + "/usr/share/libexttextcat/pa.lm", + "/usr/share/libexttextcat/pap.lm", + "/usr/share/libexttextcat/pl.lm", + "/usr/share/libexttextcat/plt.lm", + "/usr/share/libexttextcat/pt.lm", + "/usr/share/libexttextcat/quh.lm", + "/usr/share/libexttextcat/quz.lm", + "/usr/share/libexttextcat/rm.lm", + "/usr/share/libexttextcat/ro.lm", + "/usr/share/libexttextcat/ru.lm", + "/usr/share/libexttextcat/rue.lm", + "/usr/share/libexttextcat/rw.lm", + "/usr/share/libexttextcat/sa.lm", + "/usr/share/libexttextcat/sc.lm", + "/usr/share/libexttextcat/sco.lm", + "/usr/share/libexttextcat/sd.lm", + "/usr/share/libexttextcat/se.lm", + "/usr/share/libexttextcat/sg.lm", + "/usr/share/libexttextcat/shs.lm", + "/usr/share/libexttextcat/si.lm", + "/usr/share/libexttextcat/sk.lm", + "/usr/share/libexttextcat/skr.lm", + "/usr/share/libexttextcat/sl.lm", + "/usr/share/libexttextcat/so.lm", + "/usr/share/libexttextcat/sq.lm", + "/usr/share/libexttextcat/sr-Cyrl.lm", + "/usr/share/libexttextcat/sr-Latn.lm", + "/usr/share/libexttextcat/ss.lm", + "/usr/share/libexttextcat/st.lm", + "/usr/share/libexttextcat/sun.lm", + "/usr/share/libexttextcat/sv.lm", + "/usr/share/libexttextcat/sw.lm", + "/usr/share/libexttextcat/swb.lm", + "/usr/share/libexttextcat/ta.lm", + "/usr/share/libexttextcat/tet.lm", + "/usr/share/libexttextcat/tg.lm", + "/usr/share/libexttextcat/th.lm", + "/usr/share/libexttextcat/ti.lm", + "/usr/share/libexttextcat/tk.lm", + "/usr/share/libexttextcat/tl.lm", + "/usr/share/libexttextcat/tn.lm", + "/usr/share/libexttextcat/tpi.lm", + "/usr/share/libexttextcat/tr.lm", + "/usr/share/libexttextcat/ts.lm", + "/usr/share/libexttextcat/tt.lm", + "/usr/share/libexttextcat/ty.lm", + "/usr/share/libexttextcat/tzm-Latn.lm", + "/usr/share/libexttextcat/ug.lm", + "/usr/share/libexttextcat/uk.lm", + "/usr/share/libexttextcat/ur.lm", + "/usr/share/libexttextcat/uz-Cyrl.lm", + "/usr/share/libexttextcat/uz.lm", + "/usr/share/libexttextcat/ve.lm", + "/usr/share/libexttextcat/vec.lm", + "/usr/share/libexttextcat/vep.lm", + "/usr/share/libexttextcat/vi.lm", + "/usr/share/libexttextcat/wa.lm", + "/usr/share/libexttextcat/xh.lm", + "/usr/share/libexttextcat/yi.lm", + "/usr/share/libexttextcat/yo.lm", + "/usr/share/libexttextcat/zh-Hans.lm", + "/usr/share/libexttextcat/zh-Hant.lm", + "/usr/share/libexttextcat/zu.lm" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgcc-s1@14.2.0-19", + "Name": "libgcc-s1", + "Identifier": { + "PURL": "pkg:deb/debian/libgcc-s1@14.2.0-19?arch=amd64\u0026distro=debian-13.4", + "UID": "a97fe3f5b073b23f" + }, + "Version": "14.2.0", + "Release": "19", + "Arch": "amd64", + "SrcName": "gcc-14", + "SrcVersion": "14.2.0", + "SrcRelease": "19", + "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "gcc-14-base@14.2.0-19", + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgcc_s.so.1", + "/usr/share/lintian/overrides/libgcc-s1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgmp10@2:6.3.0+dfsg-3", + "Name": "libgmp10", + "Identifier": { + "PURL": "pkg:deb/debian/libgmp10@6.3.0%2Bdfsg-3?arch=amd64\u0026distro=debian-13.4\u0026epoch=2", + "UID": "c040282e0fb7d8ba" + }, + "Version": "6.3.0+dfsg", + "Release": "3", + "Epoch": 2, + "Arch": "amd64", + "SrcName": "gmp", + "SrcVersion": "6.3.0+dfsg", + "SrcRelease": "3", + "SrcEpoch": 2, + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-or-later", + "GPL-3+ with Bison exception", + "GPL-2.0-only", + "GPL-3.0-only", + "LGPL-3.0-only" + ], + "Maintainer": "Debian Science Maintainers \u003cdebian-science-maintainers@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgmp.so.10.5.0", + "/usr/share/doc/libgmp10/README.Debian", + "/usr/share/doc/libgmp10/changelog.Debian.gz", + "/usr/share/doc/libgmp10/changelog.gz", + "/usr/share/doc/libgmp10/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgssapi-krb5-2@1.21.3-5", + "Name": "libgssapi-krb5-2", + "Identifier": { + "PURL": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64\u0026distro=debian-13.4", + "UID": "933c7fd5d2ea42cb" + }, + "Version": "1.21.3", + "Release": "5", + "Arch": "amd64", + "SrcName": "krb5", + "SrcVersion": "1.21.3", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libcom-err2@1.47.2-3+b10", + "libk5crypto3@1.21.3-5", + "libkrb5-3@1.21.3-5", + "libkrb5support0@1.21.3-5" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2", + "/usr/share/doc/libgssapi-krb5-2/changelog.Debian.gz", + "/usr/share/doc/libgssapi-krb5-2/copyright", + "/usr/share/lintian/overrides/libgssapi-krb5-2" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libhogweed6t64@3.10.1-1", + "Name": "libhogweed6t64", + "Identifier": { + "PURL": "pkg:deb/debian/libhogweed6t64@3.10.1-1?arch=amd64\u0026distro=debian-13.4", + "UID": "ffa72001b48dc1b4" + }, + "Version": "3.10.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "nettle", + "SrcVersion": "3.10.1", + "SrcRelease": "1", + "Licenses": [ + "LGPL-3.0-or-later", + "GPL-2.0-or-later", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "MIT", + "GPL-3.0-with-autoconf-exception+", + "public-domain", + "GPL-2.0-only", + "GAP" + ], + "Maintainer": "Magnus Holmgren \u003cholmgren@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libgmp10@2:6.3.0+dfsg-3", + "libnettle8t64@3.10.1-1" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libhogweed.so.6.10", + "/usr/share/doc/libhogweed6t64/changelog.Debian.gz", + "/usr/share/doc/libhogweed6t64/changelog.gz", + "/usr/share/doc/libhogweed6t64/copyright", + "/usr/share/lintian/overrides/libhogweed6t64" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libicu76@76.1-4", + "Name": "libicu76", + "Identifier": { + "PURL": "pkg:deb/debian/libicu76@76.1-4?arch=amd64\u0026distro=debian-13.4", + "UID": "c667cc199f35704f" + }, + "Version": "76.1", + "Release": "4", + "Arch": "amd64", + "SrcName": "icu", + "SrcVersion": "76.1", + "SrcRelease": "4", + "Licenses": [ + "MIT", + "GPL-3.0-only" + ], + "Maintainer": "Laszlo Boszormenyi (GCS) \u003cgcs@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libgcc-s1@14.2.0-19", + "libstdc++6@14.2.0-19" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libicudata.so.76.1", + "/usr/lib/x86_64-linux-gnu/libicui18n.so.76.1", + "/usr/lib/x86_64-linux-gnu/libicuio.so.76.1", + "/usr/lib/x86_64-linux-gnu/libicutest.so.76.1", + "/usr/lib/x86_64-linux-gnu/libicutu.so.76.1", + "/usr/lib/x86_64-linux-gnu/libicuuc.so.76.1", + "/usr/share/doc/libicu76/changelog.Debian.gz", + "/usr/share/doc/libicu76/copyright", + "/usr/share/lintian/overrides/libicu76" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libk5crypto3@1.21.3-5", + "Name": "libk5crypto3", + "Identifier": { + "PURL": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64\u0026distro=debian-13.4", + "UID": "befbda97f4b45427" + }, + "Version": "1.21.3", + "Release": "5", + "Arch": "amd64", + "SrcName": "krb5", + "SrcVersion": "1.21.3", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libkrb5support0@1.21.3-5" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libk5crypto.so.3.1", + "/usr/share/doc/libk5crypto3/changelog.Debian.gz", + "/usr/share/doc/libk5crypto3/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libkeyutils1@1.6.3-6", + "Name": "libkeyutils1", + "Identifier": { + "PURL": "pkg:deb/debian/libkeyutils1@1.6.3-6?arch=amd64\u0026distro=debian-13.4", + "UID": "29549d4bade0bd95" + }, + "Version": "1.6.3", + "Release": "6", + "Arch": "amd64", + "SrcName": "keyutils", + "SrcVersion": "1.6.3", + "SrcRelease": "6", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.0-only" + ], + "Maintainer": "Christian Kastner \u003cckk@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libkeyutils.so.1.10", + "/usr/share/doc/libkeyutils1/changelog.Debian.gz", + "/usr/share/doc/libkeyutils1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libkrb5-3@1.21.3-5", + "Name": "libkrb5-3", + "Identifier": { + "PURL": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64\u0026distro=debian-13.4", + "UID": "240163a62e427931" + }, + "Version": "1.21.3", + "Release": "5", + "Arch": "amd64", + "SrcName": "krb5", + "SrcVersion": "1.21.3", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libcom-err2@1.47.2-3+b10", + "libk5crypto3@1.21.3-5", + "libkeyutils1@1.6.3-6", + "libkrb5support0@1.21.3-5", + "libssl3t64@3.5.5-1~deb13u2" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/krb5/plugins/preauth/spake.so", + "/usr/lib/x86_64-linux-gnu/libkrb5.so.3.3", + "/usr/share/doc/libkrb5-3/README.Debian", + "/usr/share/doc/libkrb5-3/README.gz", + "/usr/share/doc/libkrb5-3/changelog.Debian.gz", + "/usr/share/doc/libkrb5-3/copyright", + "/usr/share/lintian/overrides/libkrb5-3" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libkrb5support0@1.21.3-5", + "Name": "libkrb5support0", + "Identifier": { + "PURL": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64\u0026distro=debian-13.4", + "UID": "717b5dd3fe7611cb" + }, + "Version": "1.21.3", + "Release": "5", + "Arch": "amd64", + "SrcName": "krb5", + "SrcVersion": "1.21.3", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libkrb5support.so.0.1", + "/usr/share/doc/libkrb5support0/changelog.Debian.gz", + "/usr/share/doc/libkrb5support0/copyright", + "/usr/share/lintian/overrides/libkrb5support0" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "liblastlog2-2@2.41-5", + "Name": "liblastlog2-2", + "Identifier": { + "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.4", + "UID": "79a1595d548be91" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libsqlite3-0@3.46.1-7+deb13u1" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/liblastlog2.so.2.0.0", + "/usr/share/doc/liblastlog2-2/NEWS.Debian.gz", + "/usr/share/doc/liblastlog2-2/changelog.Debian.gz", + "/usr/share/doc/liblastlog2-2/changelog.gz", + "/usr/share/doc/liblastlog2-2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libldap-common@2.6.10+dfsg-1", + "Name": "libldap-common", + "Identifier": { + "PURL": "pkg:deb/debian/libldap-common@2.6.10%2Bdfsg-1?arch=all\u0026distro=debian-13.4", + "UID": "8215983bfd1750e9" + }, + "Version": "2.6.10+dfsg", + "Release": "1", + "Arch": "all", + "SrcName": "openldap", + "SrcVersion": "2.6.10+dfsg", + "SrcRelease": "1", + "Licenses": [ + "OpenLDAP-2.8", + "FSF-unlimited", + "GPL-2.0-with-autoconf-exception+", + "GPL-3.0-with-autoconf-exception+", + "GPL-2+ with Libtool exception", + "GPL-3+ with Libtool exception", + "GPL-3.0-or-later", + "GPL-2.0-or-later", + "UMich", + "F5", + "JCG", + "MIT-XC", + "NeoSoft-permissive", + "BSD-3-Clause", + "Beerware", + "public-domain", + "BSD-4-clause-California", + "BSD-3-clause-variant", + "Expat-ISC", + "Expat-UNM", + "MIT", + "BSD-3-clause-California", + "GPL-2.0-only", + "GPL-3.0-only" + ], + "Maintainer": "Debian OpenLDAP Maintainers \u003cpkg-openldap-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/share/doc/libldap-common/NEWS.Debian.gz", + "/usr/share/doc/libldap-common/changelog.Debian.gz", + "/usr/share/doc/libldap-common/changelog.gz", + "/usr/share/doc/libldap-common/copyright", + "/usr/share/man/man5/ldap.conf.5.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libldap2@2.6.10+dfsg-1", + "Name": "libldap2", + "Identifier": { + "PURL": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64\u0026distro=debian-13.4", + "UID": "f4fe585e335e4f4b" + }, + "Version": "2.6.10+dfsg", + "Release": "1", + "Arch": "amd64", + "SrcName": "openldap", + "SrcVersion": "2.6.10+dfsg", + "SrcRelease": "1", + "Licenses": [ + "OpenLDAP-2.8", + "FSF-unlimited", + "GPL-2.0-with-autoconf-exception+", + "GPL-3.0-with-autoconf-exception+", + "GPL-2+ with Libtool exception", + "GPL-3+ with Libtool exception", + "GPL-3.0-or-later", + "GPL-2.0-or-later", + "UMich", + "F5", + "JCG", + "MIT-XC", + "NeoSoft-permissive", + "BSD-3-Clause", + "Beerware", + "public-domain", + "BSD-4-clause-California", + "BSD-3-clause-variant", + "Expat-ISC", + "Expat-UNM", + "MIT", + "BSD-3-clause-California", + "GPL-2.0-only", + "GPL-3.0-only" + ], + "Maintainer": "Debian OpenLDAP Maintainers \u003cpkg-openldap-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libsasl2-2@2.1.28+dfsg1-9", + "libssl3t64@3.5.5-1~deb13u2" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/liblber.so.2.0.200", + "/usr/lib/x86_64-linux-gnu/libldap.so.2.0.200", + "/usr/share/doc/libldap2/NEWS.Debian.gz", + "/usr/share/doc/libldap2/changelog.Debian.gz", + "/usr/share/doc/libldap2/changelog.gz", + "/usr/share/doc/libldap2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "liblua5.3-0@5.3.6-2+b4", + "Name": "liblua5.3-0", + "Identifier": { + "PURL": "pkg:deb/debian/liblua5.3-0@5.3.6-2%2Bb4?arch=amd64\u0026distro=debian-13.4", + "UID": "d8059e18bdf63c5c" + }, + "Version": "5.3.6", + "Release": "2+b4", + "Arch": "amd64", + "SrcName": "lua5.3", + "SrcVersion": "5.3.6", + "SrcRelease": "2", + "Licenses": [ + "MIT" + ], + "Maintainer": "Debian Lua Team \u003cpkg-lua-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libstdc++6@14.2.0-19" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/liblua5.3-c++.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3.so.0.0.0", + "/usr/share/doc/liblua5.3-0/changelog.Debian.amd64.gz", + "/usr/share/doc/liblua5.3-0/changelog.Debian.gz", + "/usr/share/doc/liblua5.3-0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "liblz4-1@1.10.0-4", + "Name": "liblz4-1", + "Identifier": { + "PURL": "pkg:deb/debian/liblz4-1@1.10.0-4?arch=amd64\u0026distro=debian-13.4", + "UID": "1f382acd2b3024e4" + }, + "Version": "1.10.0", + "Release": "4", + "Arch": "amd64", + "SrcName": "lz4", + "SrcVersion": "1.10.0", + "SrcRelease": "4", + "Licenses": [ + "GPL-2.0-or-later", + "BSD-2-Clause", + "GPL-2.0-only" + ], + "Maintainer": "Nobuhiro Iwamatsu \u003ciwamatsu@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libxxhash0@0.8.3-2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/liblz4.so.1.10.0", + "/usr/share/doc/liblz4-1/changelog.Debian.gz", + "/usr/share/doc/liblz4-1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "liblzma5@5.8.1-1", + "Name": "liblzma5", + "Identifier": { + "PURL": "pkg:deb/debian/liblzma5@5.8.1-1?arch=amd64\u0026distro=debian-13.4", + "UID": "a1f09431b82b8b89" + }, + "Version": "5.8.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "xz-utils", + "SrcVersion": "5.8.1", + "SrcRelease": "1", + "Licenses": [ + "0BSD", + "GPL-2.0-or-later", + "LGPL-2.1-or-later", + "FSFULLR", + "GPL-3.0-or-later-WITH-Autoconf-exception-macro", + "none", + "PD", + "permissive-nowarranty", + "FSFUL", + "noderivs", + "PD-debian", + "LGPL-2.1-only", + "GPL-2.0-only", + "GPL-3.0-only" + ], + "Maintainer": "Sebastian Andrzej Siewior \u003csebastian@breakpoint.cc\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/liblzma.so.5.8.1", + "/usr/share/doc/liblzma5/AUTHORS", + "/usr/share/doc/liblzma5/NEWS.gz", + "/usr/share/doc/liblzma5/THANKS.gz", + "/usr/share/doc/liblzma5/changelog.Debian.gz", + "/usr/share/doc/liblzma5/changelog.gz", + "/usr/share/doc/liblzma5/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libmariadb3@1:11.8.6-0+deb13u1", + "Name": "libmariadb3", + "Identifier": { + "PURL": "pkg:deb/debian/libmariadb3@11.8.6-0%2Bdeb13u1?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", + "UID": "4d265211e78a4918" + }, + "Version": "11.8.6", + "Release": "0+deb13u1", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "mariadb", + "SrcVersion": "11.8.6", + "SrcRelease": "0+deb13u1", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-only", + "GPL-2.0-or-later", + "public-domain", + "BSD-3-Clause", + "LGPL-2.1-or-later", + "BSD-2-Clause", + "LGPL-2.0-only", + "unlimited-free-doc", + "GPL-2.0-with-bison-exception+", + "SWsoft", + "Artistic-2.0", + "LGPL-2.0-or-later", + "zlib-acknowledgement", + "LGPL-2.1-only" + ], + "Maintainer": "Debian MySQL Maintainers \u003cpkg-mysql-maint@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libssl3t64@3.5.5-1~deb13u2", + "mariadb-common@1:11.8.6-0+deb13u1", + "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libmariadb.so.3", + "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/caching_sha2_password.so", + "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/client_ed25519.so", + "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/dialog.so", + "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/mysql_clear_password.so", + "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/parsec.so", + "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/sha256_password.so", + "/usr/share/doc/libmariadb3/changelog.Debian.gz", + "/usr/share/doc/libmariadb3/copyright", + "/usr/share/lintian/overrides/libmariadb3" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libmd0@1.1.0-2+b1", + "Name": "libmd0", + "Identifier": { + "PURL": "pkg:deb/debian/libmd0@1.1.0-2%2Bb1?arch=amd64\u0026distro=debian-13.4", + "UID": "3ee34609579513b1" + }, + "Version": "1.1.0", + "Release": "2+b1", + "Arch": "amd64", + "SrcName": "libmd", + "SrcVersion": "1.1.0", + "SrcRelease": "2", + "Licenses": [ + "BSD-3-Clause", + "BSD-3-clause-Aaron-D-Gifford", + "BSD-2-Clause", + "BSD-2-Clause-NetBSD", + "ISC", + "Beerware", + "public-domain-md4", + "public-domain-md5", + "public-domain-sha1" + ], + "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libmd.so.0.1.0", + "/usr/share/doc/libmd0/changelog.Debian.amd64.gz", + "/usr/share/doc/libmd0/changelog.Debian.gz", + "/usr/share/doc/libmd0/changelog.gz", + "/usr/share/doc/libmd0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libmount1@2.41-5", + "Name": "libmount1", + "Identifier": { + "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.4", + "UID": "5581a0d7033537c" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libblkid1@2.41-5", + "libc6@2.41-12+deb13u2", + "libselinux1@3.8.1-1" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libmount.so.1.1.0", + "/usr/share/doc/libmount1/NEWS.Debian.gz", + "/usr/share/doc/libmount1/changelog.Debian.gz", + "/usr/share/doc/libmount1/changelog.gz", + "/usr/share/doc/libmount1/copyright", + "/usr/share/lintian/overrides/libmount1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libncursesw6@6.5+20250216-2", + "Name": "libncursesw6", + "Identifier": { + "PURL": "pkg:deb/debian/libncursesw6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.4", + "UID": "217bb0c4e6d77677" + }, + "Version": "6.5+20250216", + "Release": "2", + "Arch": "amd64", + "SrcName": "ncurses", + "SrcVersion": "6.5+20250216", + "SrcRelease": "2", + "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libtinfo6@6.5+20250216-2" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libformw.so.6.5", + "/usr/lib/x86_64-linux-gnu/libmenuw.so.6.5", + "/usr/lib/x86_64-linux-gnu/libncursesw.so.6.5", + "/usr/lib/x86_64-linux-gnu/libpanelw.so.6.5" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libnettle8t64@3.10.1-1", + "Name": "libnettle8t64", + "Identifier": { + "PURL": "pkg:deb/debian/libnettle8t64@3.10.1-1?arch=amd64\u0026distro=debian-13.4", + "UID": "fabc57a9eb23fa48" + }, + "Version": "3.10.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "nettle", + "SrcVersion": "3.10.1", + "SrcRelease": "1", + "Licenses": [ + "LGPL-3.0-or-later", + "GPL-2.0-or-later", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "MIT", + "GPL-3.0-with-autoconf-exception+", + "public-domain", + "GPL-2.0-only", + "GAP" + ], + "Maintainer": "Magnus Holmgren \u003cholmgren@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libnettle.so.8.10", + "/usr/share/doc/libnettle8t64/NEWS.gz", + "/usr/share/doc/libnettle8t64/README", + "/usr/share/doc/libnettle8t64/changelog.Debian.gz", + "/usr/share/doc/libnettle8t64/changelog.gz", + "/usr/share/doc/libnettle8t64/copyright", + "/usr/share/lintian/overrides/libnettle8t64" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam-modules@1.7.0-5", + "Name": "libpam-modules", + "Identifier": { + "PURL": "pkg:deb/debian/libpam-modules@1.7.0-5?arch=amd64\u0026distro=debian-13.4", + "UID": "274a704398461ef0" + }, + "Version": "1.7.0", + "Release": "5", + "Arch": "amd64", + "SrcName": "pam", + "SrcVersion": "1.7.0", + "SrcRelease": "5", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-1.0-only", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "BSD-tcp_wrappers", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "public-domain", + "Beerware" + ], + "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/security/pam_access.so", + "/usr/lib/x86_64-linux-gnu/security/pam_canonicalize_user.so", + "/usr/lib/x86_64-linux-gnu/security/pam_debug.so", + "/usr/lib/x86_64-linux-gnu/security/pam_deny.so", + "/usr/lib/x86_64-linux-gnu/security/pam_echo.so", + "/usr/lib/x86_64-linux-gnu/security/pam_env.so", + "/usr/lib/x86_64-linux-gnu/security/pam_exec.so", + "/usr/lib/x86_64-linux-gnu/security/pam_faildelay.so", + "/usr/lib/x86_64-linux-gnu/security/pam_faillock.so", + "/usr/lib/x86_64-linux-gnu/security/pam_filter.so", + "/usr/lib/x86_64-linux-gnu/security/pam_ftp.so", + "/usr/lib/x86_64-linux-gnu/security/pam_group.so", + "/usr/lib/x86_64-linux-gnu/security/pam_issue.so", + "/usr/lib/x86_64-linux-gnu/security/pam_keyinit.so", + "/usr/lib/x86_64-linux-gnu/security/pam_limits.so", + "/usr/lib/x86_64-linux-gnu/security/pam_listfile.so", + "/usr/lib/x86_64-linux-gnu/security/pam_localuser.so", + "/usr/lib/x86_64-linux-gnu/security/pam_loginuid.so", + "/usr/lib/x86_64-linux-gnu/security/pam_mail.so", + "/usr/lib/x86_64-linux-gnu/security/pam_mkhomedir.so", + "/usr/lib/x86_64-linux-gnu/security/pam_motd.so", + "/usr/lib/x86_64-linux-gnu/security/pam_namespace.so", + "/usr/lib/x86_64-linux-gnu/security/pam_nologin.so", + "/usr/lib/x86_64-linux-gnu/security/pam_permit.so", + "/usr/lib/x86_64-linux-gnu/security/pam_pwhistory.so", + "/usr/lib/x86_64-linux-gnu/security/pam_rhosts.so", + "/usr/lib/x86_64-linux-gnu/security/pam_rootok.so", + "/usr/lib/x86_64-linux-gnu/security/pam_securetty.so", + "/usr/lib/x86_64-linux-gnu/security/pam_selinux.so", + "/usr/lib/x86_64-linux-gnu/security/pam_sepermit.so", + "/usr/lib/x86_64-linux-gnu/security/pam_setquota.so", + "/usr/lib/x86_64-linux-gnu/security/pam_shells.so", + "/usr/lib/x86_64-linux-gnu/security/pam_stress.so", + "/usr/lib/x86_64-linux-gnu/security/pam_succeed_if.so", + "/usr/lib/x86_64-linux-gnu/security/pam_time.so", + "/usr/lib/x86_64-linux-gnu/security/pam_timestamp.so", + "/usr/lib/x86_64-linux-gnu/security/pam_tty_audit.so", + "/usr/lib/x86_64-linux-gnu/security/pam_umask.so", + "/usr/lib/x86_64-linux-gnu/security/pam_unix.so", + "/usr/lib/x86_64-linux-gnu/security/pam_userdb.so", + "/usr/lib/x86_64-linux-gnu/security/pam_usertype.so", + "/usr/lib/x86_64-linux-gnu/security/pam_warn.so", + "/usr/lib/x86_64-linux-gnu/security/pam_wheel.so", + "/usr/lib/x86_64-linux-gnu/security/pam_xauth.so", + "/usr/share/doc/libpam-modules/NEWS.Debian.gz", + "/usr/share/doc/libpam-modules/changelog.Debian.gz", + "/usr/share/doc/libpam-modules/changelog.gz", + "/usr/share/doc/libpam-modules/copyright", + "/usr/share/doc/libpam-modules/examples/upperLOWER.c", + "/usr/share/lintian/overrides/libpam-modules", + "/usr/share/pam-configs/mkhomedir" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam-modules-bin@1.7.0-5", + "Name": "libpam-modules-bin", + "Identifier": { + "PURL": "pkg:deb/debian/libpam-modules-bin@1.7.0-5?arch=amd64\u0026distro=debian-13.4", + "UID": "cb3babc72139f40e" + }, + "Version": "1.7.0", + "Release": "5", + "Arch": "amd64", + "SrcName": "pam", + "SrcVersion": "1.7.0", + "SrcRelease": "5", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-1.0-only", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "BSD-tcp_wrappers", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "public-domain", + "Beerware" + ], + "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit1@1:4.0.2-2+b2", + "libc6@2.41-12+deb13u2", + "libcrypt1@1:4.4.38-1", + "libpam0g@1.7.0-5", + "libselinux1@3.8.1-1", + "libsystemd0@257.9-1~deb13u1" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/systemd/system/pam_namespace.service", + "/usr/sbin/faillock", + "/usr/sbin/mkhomedir_helper", + "/usr/sbin/pam_namespace_helper", + "/usr/sbin/pam_timestamp_check", + "/usr/sbin/pwhistory_helper", + "/usr/sbin/unix_chkpwd", + "/usr/sbin/unix_update", + "/usr/share/doc/libpam-modules-bin/changelog.Debian.gz", + "/usr/share/doc/libpam-modules-bin/changelog.gz", + "/usr/share/doc/libpam-modules-bin/copyright", + "/usr/share/lintian/overrides/libpam-modules-bin" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam-runtime@1.7.0-5", + "Name": "libpam-runtime", + "Identifier": { + "PURL": "pkg:deb/debian/libpam-runtime@1.7.0-5?arch=all\u0026distro=debian-13.4", + "UID": "1d4f3eaf1c0f9548" + }, + "Version": "1.7.0", + "Release": "5", + "Arch": "all", + "SrcName": "pam", + "SrcVersion": "1.7.0", + "SrcRelease": "5", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-1.0-only", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "BSD-tcp_wrappers", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "public-domain", + "Beerware" + ], + "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.91", + "libpam-modules@1.7.0-5" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/sbin/pam-auth-update", + "/usr/sbin/pam_getenv", + "/usr/share/doc/libpam-runtime/changelog.Debian.gz", + "/usr/share/doc/libpam-runtime/changelog.gz", + "/usr/share/doc/libpam-runtime/copyright", + "/usr/share/lintian/overrides/libpam-runtime", + "/usr/share/locale/af/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/am/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ar/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/as/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/az/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/be/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/bg/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/bn/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/bn_IN/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/bs/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ca/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/cs/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/cy/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/da/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/de/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/de_CH/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/el/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/eo/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/es/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/et/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/eu/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/fa/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/fi/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/fr/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ga/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/gl/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/gu/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/he/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/hi/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/hr/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/hu/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ia/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/id/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/is/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/it/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ja/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ka/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/kk/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/km/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/kn/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ko/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/kw_GB/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ky/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/lt/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/lv/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/mk/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ml/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/mn/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/mr/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ms/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/my/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/nb/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ne/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/nl/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/nn/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/or/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/pa/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/pl/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/pt/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ro/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ru/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/si/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sk/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sl/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sq/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sr/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sr@latin/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sv/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ta/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/te/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/tg/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/th/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/tr/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/uk/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ur/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/vi/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/yo/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/zh_HK/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/zu/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/man/man5/access.conf.5.gz", + "/usr/share/man/man5/faillock.conf.5.gz", + "/usr/share/man/man5/group.conf.5.gz", + "/usr/share/man/man5/limits.conf.5.gz", + "/usr/share/man/man5/namespace.conf.5.gz", + "/usr/share/man/man5/pam.conf.5.gz", + "/usr/share/man/man5/pam_env.conf.5.gz", + "/usr/share/man/man5/pwhistory.conf.5.gz", + "/usr/share/man/man5/sepermit.conf.5.gz", + "/usr/share/man/man5/time.conf.5.gz", + "/usr/share/man/man7/PAM.7.gz", + "/usr/share/man/man8/faillock.8.gz", + "/usr/share/man/man8/mkhomedir_helper.8.gz", + "/usr/share/man/man8/pam-auth-update.8.gz", + "/usr/share/man/man8/pam_access.8.gz", + "/usr/share/man/man8/pam_canonicalize_user.8.gz", + "/usr/share/man/man8/pam_debug.8.gz", + "/usr/share/man/man8/pam_deny.8.gz", + "/usr/share/man/man8/pam_echo.8.gz", + "/usr/share/man/man8/pam_env.8.gz", + "/usr/share/man/man8/pam_exec.8.gz", + "/usr/share/man/man8/pam_faildelay.8.gz", + "/usr/share/man/man8/pam_faillock.8.gz", + "/usr/share/man/man8/pam_filter.8.gz", + "/usr/share/man/man8/pam_ftp.8.gz", + "/usr/share/man/man8/pam_getenv.8.gz", + "/usr/share/man/man8/pam_group.8.gz", + "/usr/share/man/man8/pam_issue.8.gz", + "/usr/share/man/man8/pam_keyinit.8.gz", + "/usr/share/man/man8/pam_limits.8.gz", + "/usr/share/man/man8/pam_listfile.8.gz", + "/usr/share/man/man8/pam_localuser.8.gz", + "/usr/share/man/man8/pam_loginuid.8.gz", + "/usr/share/man/man8/pam_mail.8.gz", + "/usr/share/man/man8/pam_mkhomedir.8.gz", + "/usr/share/man/man8/pam_motd.8.gz", + "/usr/share/man/man8/pam_namespace.8.gz", + "/usr/share/man/man8/pam_namespace_helper.8.gz", + "/usr/share/man/man8/pam_nologin.8.gz", + "/usr/share/man/man8/pam_permit.8.gz", + "/usr/share/man/man8/pam_pwhistory.8.gz", + "/usr/share/man/man8/pam_rhosts.8.gz", + "/usr/share/man/man8/pam_rootok.8.gz", + "/usr/share/man/man8/pam_securetty.8.gz", + "/usr/share/man/man8/pam_selinux.8.gz", + "/usr/share/man/man8/pam_sepermit.8.gz", + "/usr/share/man/man8/pam_setquota.8.gz", + "/usr/share/man/man8/pam_shells.8.gz", + "/usr/share/man/man8/pam_stress.8.gz", + "/usr/share/man/man8/pam_succeed_if.8.gz", + "/usr/share/man/man8/pam_time.8.gz", + "/usr/share/man/man8/pam_timestamp.8.gz", + "/usr/share/man/man8/pam_timestamp_check.8.gz", + "/usr/share/man/man8/pam_tty_audit.8.gz", + "/usr/share/man/man8/pam_umask.8.gz", + "/usr/share/man/man8/pam_unix.8.gz", + "/usr/share/man/man8/pam_userdb.8.gz", + "/usr/share/man/man8/pam_usertype.8.gz", + "/usr/share/man/man8/pam_warn.8.gz", + "/usr/share/man/man8/pam_wheel.8.gz", + "/usr/share/man/man8/pam_xauth.8.gz", + "/usr/share/man/man8/pwhistory_helper.8.gz", + "/usr/share/man/man8/unix_chkpwd.8.gz", + "/usr/share/man/man8/unix_update.8.gz", + "/usr/share/pam-configs/unix", + "/usr/share/pam/common-account", + "/usr/share/pam/common-account.md5sums", + "/usr/share/pam/common-auth", + "/usr/share/pam/common-auth.md5sums", + "/usr/share/pam/common-password", + "/usr/share/pam/common-password.md5sums", + "/usr/share/pam/common-session", + "/usr/share/pam/common-session-noninteractive", + "/usr/share/pam/common-session-noninteractive.md5sums", + "/usr/share/pam/common-session.md5sums" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam0g@1.7.0-5", + "Name": "libpam0g", + "Identifier": { + "PURL": "pkg:deb/debian/libpam0g@1.7.0-5?arch=amd64\u0026distro=debian-13.4", + "UID": "aee6047a56bfd738" + }, + "Version": "1.7.0", + "Release": "5", + "Arch": "amd64", + "SrcName": "pam", + "SrcVersion": "1.7.0", + "SrcRelease": "5", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-1.0-only", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "BSD-tcp_wrappers", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "public-domain", + "Beerware" + ], + "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.91", + "libaudit1@1:4.0.2-2+b2", + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libpam.so.0.85.1", + "/usr/lib/x86_64-linux-gnu/libpam_misc.so.0.82.1", + "/usr/lib/x86_64-linux-gnu/libpamc.so.0.82.1", + "/usr/share/doc/libpam0g/Debian-PAM-MiniPolicy.gz", + "/usr/share/doc/libpam0g/README", + "/usr/share/doc/libpam0g/README.Debian", + "/usr/share/doc/libpam0g/TODO.Debian", + "/usr/share/doc/libpam0g/changelog.Debian.gz", + "/usr/share/doc/libpam0g/changelog.gz", + "/usr/share/doc/libpam0g/copyright", + "/usr/share/lintian/overrides/libpam0g" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpcre2-32-0@10.46-1~deb13u1", + "Name": "libpcre2-32-0", + "Identifier": { + "PURL": "pkg:deb/debian/libpcre2-32-0@10.46-1~deb13u1?arch=amd64\u0026distro=debian-13.4", + "UID": "3ccdbcfda1a4dcf5" + }, + "Version": "10.46", + "Release": "1~deb13u1", + "Arch": "amd64", + "SrcName": "pcre2", + "SrcVersion": "10.46", + "SrcRelease": "1~deb13u1", + "Licenses": [ + "BSD-3-clause-Cambridge with BINARY LIBRARY-LIKE PACKAGES exception", + "BSD-3-Clause", + "X11", + "BSD-2-Clause", + "public-domain" + ], + "Maintainer": "Matthew Vernon \u003cmatthew@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libpcre2-32.so.0.14.0", + "/usr/share/doc/libpcre2-32-0/changelog.Debian.gz", + "/usr/share/doc/libpcre2-32-0/changelog.gz", + "/usr/share/doc/libpcre2-32-0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpcre2-8-0@10.46-1~deb13u1", + "Name": "libpcre2-8-0", + "Identifier": { + "PURL": "pkg:deb/debian/libpcre2-8-0@10.46-1~deb13u1?arch=amd64\u0026distro=debian-13.4", + "UID": "7a082037c8a89871" + }, + "Version": "10.46", + "Release": "1~deb13u1", + "Arch": "amd64", + "SrcName": "pcre2", + "SrcVersion": "10.46", + "SrcRelease": "1~deb13u1", + "Licenses": [ + "BSD-3-clause-Cambridge with BINARY LIBRARY-LIKE PACKAGES exception", + "BSD-3-Clause", + "X11", + "BSD-2-Clause", + "public-domain" + ], + "Maintainer": "Matthew Vernon \u003cmatthew@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.14.0", + "/usr/share/doc/libpcre2-8-0/README.Debian", + "/usr/share/doc/libpcre2-8-0/changelog.Debian.gz", + "/usr/share/doc/libpcre2-8-0/changelog.gz", + "/usr/share/doc/libpcre2-8-0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpkgconf3@1.8.1-4", + "Name": "libpkgconf3", + "Identifier": { + "PURL": "pkg:deb/debian/libpkgconf3@1.8.1-4?arch=amd64\u0026distro=debian-13.4", + "UID": "10eadce7ba3299dd" + }, + "Version": "1.8.1", + "Release": "4", + "Arch": "amd64", + "SrcName": "pkgconf", + "SrcVersion": "1.8.1", + "SrcRelease": "4", + "Licenses": [ + "ISC", + "BSD-4-Clause", + "BSD-2-Clause", + "X11", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Andrej Shadura \u003candrewsh@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libpkgconf.so.3.0.0", + "/usr/share/doc/libpkgconf3/changelog.Debian.gz", + "/usr/share/doc/libpkgconf3/changelog.gz", + "/usr/share/doc/libpkgconf3/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpq5@17.9-0+deb13u1", + "Name": "libpq5", + "Identifier": { + "PURL": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64\u0026distro=debian-13.4", + "UID": "d45387f5f2192a66" + }, + "Version": "17.9", + "Release": "0+deb13u1", + "Arch": "amd64", + "SrcName": "postgresql-17", + "SrcVersion": "17.9", + "SrcRelease": "0+deb13u1", + "Licenses": [ + "PostgreSQL", + "Custom-regex", + "TCL", + "Custom-pg_dump", + "BSD-3-Clause", + "Custom-Unicode", + "double-metaphone", + "GPL-1.0-only", + "Artistic-2.0", + "nagaysau-ishii", + "BSD-2-Clause" + ], + "Maintainer": "Debian PostgreSQL Maintainers \u003cteam+postgresql@tracker.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libgssapi-krb5-2@1.21.3-5", + "libldap2@2.6.10+dfsg-1", + "libssl3t64@3.5.5-1~deb13u2" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libpq.so.5.17", + "/usr/share/doc/libpq5/changelog.Debian.gz", + "/usr/share/doc/libpq5/changelog.gz", + "/usr/share/doc/libpq5/copyright", + "/usr/share/locale/cs/LC_MESSAGES/libpq5-17.mo", + "/usr/share/locale/de/LC_MESSAGES/libpq5-17.mo", + "/usr/share/locale/el/LC_MESSAGES/libpq5-17.mo", + "/usr/share/locale/es/LC_MESSAGES/libpq5-17.mo", + "/usr/share/locale/fr/LC_MESSAGES/libpq5-17.mo", + "/usr/share/locale/he/LC_MESSAGES/libpq5-17.mo", + "/usr/share/locale/it/LC_MESSAGES/libpq5-17.mo", + "/usr/share/locale/ja/LC_MESSAGES/libpq5-17.mo", + "/usr/share/locale/ka/LC_MESSAGES/libpq5-17.mo", + "/usr/share/locale/ko/LC_MESSAGES/libpq5-17.mo", + "/usr/share/locale/pl/LC_MESSAGES/libpq5-17.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/libpq5-17.mo", + "/usr/share/locale/ru/LC_MESSAGES/libpq5-17.mo", + "/usr/share/locale/sv/LC_MESSAGES/libpq5-17.mo", + "/usr/share/locale/tr/LC_MESSAGES/libpq5-17.mo", + "/usr/share/locale/uk/LC_MESSAGES/libpq5-17.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/libpq5-17.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/libpq5-17.mo" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libproc2-0@2:4.0.4-9", + "Name": "libproc2-0", + "Identifier": { + "PURL": "pkg:deb/debian/libproc2-0@4.0.4-9?arch=amd64\u0026distro=debian-13.4\u0026epoch=2", + "UID": "de8b42fec44d460" + }, + "Version": "4.0.4", + "Release": "9", + "Epoch": 2, + "Arch": "amd64", + "SrcName": "procps", + "SrcVersion": "4.0.4", + "SrcRelease": "9", + "SrcEpoch": 2, + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.0-or-later", + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Craig Small \u003ccsmall@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libsystemd0@257.9-1~deb13u1" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libproc2.so.0.0.2", + "/usr/share/doc/libproc2-0/NEWS.Debian.gz", + "/usr/share/doc/libproc2-0/changelog.Debian.gz", + "/usr/share/doc/libproc2-0/changelog.gz", + "/usr/share/doc/libproc2-0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsasl2-2@2.1.28+dfsg1-9", + "Name": "libsasl2-2", + "Identifier": { + "PURL": "pkg:deb/debian/libsasl2-2@2.1.28%2Bdfsg1-9?arch=amd64\u0026distro=debian-13.4", + "UID": "d349d120aebe1a4a" + }, + "Version": "2.1.28+dfsg1", + "Release": "9", + "Arch": "amd64", + "SrcName": "cyrus-sasl2", + "SrcVersion": "2.1.28+dfsg1", + "SrcRelease": "9", + "Licenses": [ + "BSD-3-Clause-Attribution", + "BSD-3-Clause", + "BSD-2-Clause", + "GPL-3.0-or-later", + "GPL-3.0-only", + "BSD-4-Clause-UC", + "RSA-MD", + "text://BSD-3-Clause-Attribution and IBM-as-is", + "BSD-3-clause-JANET", + "BSD-3-clause-PADL", + "MIT-OpenVision", + "OpenLDAP", + "FSFULLR", + "MIT-CMU", + "MIT-Export", + "BSD-2.2-clause", + "text://IBM-as-is" + ], + "Maintainer": "Debian Cyrus Team \u003cteam+cyrus@tracker.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libsasl2-modules-db@2.1.28+dfsg1-9", + "libssl3t64@3.5.5-1~deb13u2" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsasl2.so.2.0.25", + "/usr/share/doc/libsasl2-2/README.Debian", + "/usr/share/doc/libsasl2-2/changelog.Debian.gz", + "/usr/share/doc/libsasl2-2/copyright", + "/usr/share/man/man5/libsasl.5.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsasl2-modules@2.1.28+dfsg1-9", + "Name": "libsasl2-modules", + "Identifier": { + "PURL": "pkg:deb/debian/libsasl2-modules@2.1.28%2Bdfsg1-9?arch=amd64\u0026distro=debian-13.4", + "UID": "afee75876194a103" + }, + "Version": "2.1.28+dfsg1", + "Release": "9", + "Arch": "amd64", + "SrcName": "cyrus-sasl2", + "SrcVersion": "2.1.28+dfsg1", + "SrcRelease": "9", + "Licenses": [ + "BSD-3-Clause-Attribution", + "BSD-3-Clause", + "BSD-2-Clause", + "GPL-3.0-or-later", + "GPL-3.0-only", + "BSD-4-Clause-UC", + "RSA-MD", + "text://BSD-3-Clause-Attribution and IBM-as-is", + "BSD-3-clause-JANET", + "BSD-3-clause-PADL", + "MIT-OpenVision", + "OpenLDAP", + "FSFULLR", + "MIT-CMU", + "MIT-Export", + "BSD-2.2-clause", + "text://IBM-as-is" + ], + "Maintainer": "Debian Cyrus Team \u003cteam+cyrus@tracker.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libssl3t64@3.5.5-1~deb13u2" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/sasl2/libanonymous.so.2.0.25", + "/usr/lib/x86_64-linux-gnu/sasl2/libcrammd5.so.2.0.25", + "/usr/lib/x86_64-linux-gnu/sasl2/libdigestmd5.so.2.0.25", + "/usr/lib/x86_64-linux-gnu/sasl2/liblogin.so.2.0.25", + "/usr/lib/x86_64-linux-gnu/sasl2/libntlm.so.2.0.25", + "/usr/lib/x86_64-linux-gnu/sasl2/libplain.so.2.0.25", + "/usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2.0.25", + "/usr/share/doc/libsasl2-modules/changelog.Debian.gz", + "/usr/share/doc/libsasl2-modules/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsasl2-modules-db@2.1.28+dfsg1-9", + "Name": "libsasl2-modules-db", + "Identifier": { + "PURL": "pkg:deb/debian/libsasl2-modules-db@2.1.28%2Bdfsg1-9?arch=amd64\u0026distro=debian-13.4", + "UID": "54b8cabd3f873c1e" + }, + "Version": "2.1.28+dfsg1", + "Release": "9", + "Arch": "amd64", + "SrcName": "cyrus-sasl2", + "SrcVersion": "2.1.28+dfsg1", + "SrcRelease": "9", + "Licenses": [ + "BSD-3-Clause-Attribution", + "BSD-3-Clause", + "BSD-2-Clause", + "GPL-3.0-or-later", + "GPL-3.0-only", + "BSD-4-Clause-UC", + "RSA-MD", + "text://BSD-3-Clause-Attribution and IBM-as-is", + "BSD-3-clause-JANET", + "BSD-3-clause-PADL", + "MIT-OpenVision", + "OpenLDAP", + "FSFULLR", + "MIT-CMU", + "MIT-Export", + "BSD-2.2-clause", + "text://IBM-as-is" + ], + "Maintainer": "Debian Cyrus Team \u003cteam+cyrus@tracker.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libdb5.3t64@5.3.28+dfsg2-9" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/sasl2/libsasldb.so.2.0.25", + "/usr/share/doc/libsasl2-modules-db/changelog.Debian.gz", + "/usr/share/doc/libsasl2-modules-db/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libseccomp2@2.6.0-2", + "Name": "libseccomp2", + "Identifier": { + "PURL": "pkg:deb/debian/libseccomp2@2.6.0-2?arch=amd64\u0026distro=debian-13.4", + "UID": "ab6f2d2340eb8e87" + }, + "Version": "2.6.0", + "Release": "2", + "Arch": "amd64", + "SrcName": "libseccomp", + "SrcVersion": "2.6.0", + "SrcRelease": "2", + "Licenses": [ + "LGPL-2.1-only" + ], + "Maintainer": "Kees Cook \u003ckees@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libseccomp.so.2.6.0", + "/usr/share/doc/libseccomp2/changelog.Debian.gz", + "/usr/share/doc/libseccomp2/changelog.gz", + "/usr/share/doc/libseccomp2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libselinux1@3.8.1-1", + "Name": "libselinux1", + "Identifier": { + "PURL": "pkg:deb/debian/libselinux1@3.8.1-1?arch=amd64\u0026distro=debian-13.4", + "UID": "1186c98eeffb1e1c" + }, + "Version": "3.8.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "libselinux", + "SrcVersion": "3.8.1", + "SrcRelease": "1", + "Licenses": [ + "public-domain", + "GPL-2.0-only" + ], + "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libpcre2-8-0@10.46-1~deb13u1" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/tmpfiles.d/libselinux1.conf", + "/usr/lib/x86_64-linux-gnu/libselinux.so.1", + "/usr/share/doc/libselinux1/changelog.Debian.gz", + "/usr/share/doc/libselinux1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsemanage-common@3.8.1-1", + "Name": "libsemanage-common", + "Identifier": { + "PURL": "pkg:deb/debian/libsemanage-common@3.8.1-1?arch=all\u0026distro=debian-13.4", + "UID": "ecc6b54d8bc6318c" + }, + "Version": "3.8.1", + "Release": "1", + "Arch": "all", + "SrcName": "libsemanage", + "SrcVersion": "3.8.1", + "SrcRelease": "1", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.1-only", + "GPL-2.0-only" + ], + "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/share/doc/libsemanage-common/changelog.Debian.gz", + "/usr/share/doc/libsemanage-common/copyright", + "/usr/share/man/man5/semanage.conf.5.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsemanage2@3.8.1-1", + "Name": "libsemanage2", + "Identifier": { + "PURL": "pkg:deb/debian/libsemanage2@3.8.1-1?arch=amd64\u0026distro=debian-13.4", + "UID": "5ed937538fa20cb" + }, + "Version": "3.8.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "libsemanage", + "SrcVersion": "3.8.1", + "SrcRelease": "1", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.1-only", + "GPL-2.0-only" + ], + "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit1@1:4.0.2-2+b2", + "libbz2-1.0@1.0.8-6", + "libc6@2.41-12+deb13u2", + "libselinux1@3.8.1-1", + "libsemanage-common@3.8.1-1", + "libsepol2@3.8.1-1" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsemanage.so.2", + "/usr/share/doc/libsemanage2/changelog.Debian.gz", + "/usr/share/doc/libsemanage2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsepol2@3.8.1-1", + "Name": "libsepol2", + "Identifier": { + "PURL": "pkg:deb/debian/libsepol2@3.8.1-1?arch=amd64\u0026distro=debian-13.4", + "UID": "f93073011a044623" + }, + "Version": "3.8.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "libsepol", + "SrcVersion": "3.8.1", + "SrcRelease": "1", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.1-only", + "Zlib", + "GPL-2.0-only", + "GPL-2.0-or-later" + ], + "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsepol.so.2", + "/usr/share/doc/libsepol2/changelog.Debian.gz", + "/usr/share/doc/libsepol2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsmartcols1@2.41-5", + "Name": "libsmartcols1", + "Identifier": { + "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.4", + "UID": "cfae7d67f8245164" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsmartcols.so.1.1.0", + "/usr/share/doc/libsmartcols1/NEWS.Debian.gz", + "/usr/share/doc/libsmartcols1/changelog.Debian.gz", + "/usr/share/doc/libsmartcols1/changelog.gz", + "/usr/share/doc/libsmartcols1/copyright", + "/usr/share/lintian/overrides/libsmartcols1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsodium23@1.0.18-1+deb13u1", + "Name": "libsodium23", + "Identifier": { + "PURL": "pkg:deb/debian/libsodium23@1.0.18-1%2Bdeb13u1?arch=amd64\u0026distro=debian-13.4", + "UID": "878b5bd61316003b" + }, + "Version": "1.0.18", + "Release": "1+deb13u1", + "Arch": "amd64", + "SrcName": "libsodium", + "SrcVersion": "1.0.18", + "SrcRelease": "1+deb13u1", + "Licenses": [ + "ISC", + "BSD-2-Clause", + "public-domain", + "CC0-1.0", + "MIT", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Laszlo Boszormenyi (GCS) \u003cgcs@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsodium.so.23.3.0", + "/usr/share/doc/libsodium23/AUTHORS.gz", + "/usr/share/doc/libsodium23/README.markdown", + "/usr/share/doc/libsodium23/THANKS", + "/usr/share/doc/libsodium23/changelog.Debian.gz", + "/usr/share/doc/libsodium23/changelog.gz", + "/usr/share/doc/libsodium23/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsqlite3-0@3.46.1-7+deb13u1", + "Name": "libsqlite3-0", + "Identifier": { + "PURL": "pkg:deb/debian/libsqlite3-0@3.46.1-7%2Bdeb13u1?arch=amd64\u0026distro=debian-13.4", + "UID": "2af22a336130a144" + }, + "Version": "3.46.1", + "Release": "7+deb13u1", + "Arch": "amd64", + "SrcName": "sqlite3", + "SrcVersion": "3.46.1", + "SrcRelease": "7+deb13u1", + "Licenses": [ + "public-domain", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Laszlo Boszormenyi (GCS) \u003cgcs@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsqlite3.so.0.8.6", + "/usr/share/doc/libsqlite3-0/README.Debian", + "/usr/share/doc/libsqlite3-0/changelog.Debian.gz", + "/usr/share/doc/libsqlite3-0/changelog.gz", + "/usr/share/doc/libsqlite3-0/changelog.html.gz", + "/usr/share/doc/libsqlite3-0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libssl3t64@3.5.5-1~deb13u2", + "Name": "libssl3t64", + "Identifier": { + "PURL": "pkg:deb/debian/libssl3t64@3.5.5-1~deb13u2?arch=amd64\u0026distro=debian-13.4", + "UID": "69d5db99a391af5b" + }, + "Version": "3.5.5", + "Release": "1~deb13u2", + "Arch": "amd64", + "SrcName": "openssl", + "SrcVersion": "3.5.5", + "SrcRelease": "1~deb13u2", + "Licenses": [ + "Apache-2.0", + "Artistic-2.0", + "GPL-1.0-or-later", + "GPL-1.0-only" + ], + "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libzstd1@1.5.7+dfsg-1", + "openssl-provider-legacy@3.5.5-1~deb13u2", + "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/engines-3/afalg.so", + "/usr/lib/x86_64-linux-gnu/engines-3/loader_attic.so", + "/usr/lib/x86_64-linux-gnu/engines-3/padlock.so", + "/usr/lib/x86_64-linux-gnu/libcrypto.so.3", + "/usr/lib/x86_64-linux-gnu/libssl.so.3", + "/usr/share/doc/libssl3t64/NEWS.Debian.gz", + "/usr/share/doc/libssl3t64/changelog.Debian.gz", + "/usr/share/doc/libssl3t64/changelog.gz", + "/usr/share/doc/libssl3t64/copyright", + "/usr/share/lintian/overrides/libssl3t64" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libstdc++6@14.2.0-19", + "Name": "libstdc++6", + "Identifier": { + "PURL": "pkg:deb/debian/libstdc%2B%2B6@14.2.0-19?arch=amd64\u0026distro=debian-13.4", + "UID": "f4443de5dff6ee89" + }, + "Version": "14.2.0", + "Release": "19", + "Arch": "amd64", + "SrcName": "gcc-14", + "SrcVersion": "14.2.0", + "SrcRelease": "19", + "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "gcc-14-base@14.2.0-19", + "libc6@2.41-12+deb13u2", + "libgcc-s1@14.2.0-19" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.33", + "/usr/share/gcc/python/libstdcxx/__init__.py", + "/usr/share/gcc/python/libstdcxx/v6/__init__.py", + "/usr/share/gcc/python/libstdcxx/v6/printers.py", + "/usr/share/gcc/python/libstdcxx/v6/xmethods.py", + "/usr/share/gdb/auto-load/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.33-gdb.py" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libstemmer0d@2.2.0-4+b2", + "Name": "libstemmer0d", + "Identifier": { + "PURL": "pkg:deb/debian/libstemmer0d@2.2.0-4%2Bb2?arch=amd64\u0026distro=debian-13.4", + "UID": "24d70f4aa57cd51a" + }, + "Version": "2.2.0", + "Release": "4+b2", + "Arch": "amd64", + "SrcName": "snowball", + "SrcVersion": "2.2.0", + "SrcRelease": "4", + "Licenses": [ + "BSD-3-snowball" + ], + "Maintainer": "Stefano Rivera \u003cstefanor@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libstemmer.so.0d.0.0", + "/usr/share/doc/libstemmer0d/AUTHORS", + "/usr/share/doc/libstemmer0d/README.Debian", + "/usr/share/doc/libstemmer0d/TODO", + "/usr/share/doc/libstemmer0d/changelog.Debian.amd64.gz", + "/usr/share/doc/libstemmer0d/changelog.Debian.gz", + "/usr/share/doc/libstemmer0d/copyright", + "/usr/share/doc/libstemmer0d/examples/stemwords.c", + "/usr/share/doc/libstemmer0d/libstemmer_c_README.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsystemd0@257.9-1~deb13u1", + "Name": "libsystemd0", + "Identifier": { + "PURL": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64\u0026distro=debian-13.4", + "UID": "b50b08c7bba67f5" + }, + "Version": "257.9", + "Release": "1~deb13u1", + "Arch": "amd64", + "SrcName": "systemd", + "SrcVersion": "257.9", + "SrcRelease": "1~deb13u1", + "Licenses": [ + "LGPL-2.1-or-later", + "CC0-1.0", + "GPL-2 with Linux-syscall-note exception", + "MIT", + "public-domain", + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libcap2@1:2.75-10+b8" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", + "/usr/share/doc/libsystemd0/NEWS.Debian.gz", + "/usr/share/doc/libsystemd0/changelog.Debian.gz", + "/usr/share/doc/libsystemd0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libtinfo6@6.5+20250216-2", + "Name": "libtinfo6", + "Identifier": { + "PURL": "pkg:deb/debian/libtinfo6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.4", + "UID": "5286a1335bb605c5" + }, + "Version": "6.5+20250216", + "Release": "2", + "Arch": "amd64", + "SrcName": "ncurses", + "SrcVersion": "6.5+20250216", + "SrcRelease": "2", + "Licenses": [ + "MIT/X11", + "X11", + "BSD-3-Clause" + ], + "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libtic.so.6.5", + "/usr/lib/x86_64-linux-gnu/libtinfo.so.6.5", + "/usr/share/doc/libtinfo6/changelog.Debian.gz", + "/usr/share/doc/libtinfo6/changelog.gz", + "/usr/share/doc/libtinfo6/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libtirpc-common@1.3.6+ds-1", + "Name": "libtirpc-common", + "Identifier": { + "PURL": "pkg:deb/debian/libtirpc-common@1.3.6%2Bds-1?arch=all\u0026distro=debian-13.4", + "UID": "99bb237786d30eac" + }, + "Version": "1.3.6+ds", + "Release": "1", + "Arch": "all", + "SrcName": "libtirpc", + "SrcVersion": "1.3.6+ds", + "SrcRelease": "1", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only", + "__AUTO_PERMISSIVE__", + "BSD-2-Clause", + "BSD-4-Clause", + "LGPL-2.1-or-later", + "PERMISSIVE", + "LGPL-2.1-only" + ], + "Maintainer": "Josue Ortega \u003cjosue@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/share/doc/libtirpc-common/NEWS.Debian.gz", + "/usr/share/doc/libtirpc-common/changelog.Debian.gz", + "/usr/share/doc/libtirpc-common/changelog.gz", + "/usr/share/doc/libtirpc-common/copyright", + "/usr/share/man/man5/netconfig.5.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libtirpc3t64@1.3.6+ds-1", + "Name": "libtirpc3t64", + "Identifier": { + "PURL": "pkg:deb/debian/libtirpc3t64@1.3.6%2Bds-1?arch=amd64\u0026distro=debian-13.4", + "UID": "2436c47fcfbbd8b7" + }, + "Version": "1.3.6+ds", + "Release": "1", + "Arch": "amd64", + "SrcName": "libtirpc", + "SrcVersion": "1.3.6+ds", + "SrcRelease": "1", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only", + "__AUTO_PERMISSIVE__", + "BSD-2-Clause", + "BSD-4-Clause", + "LGPL-2.1-or-later", + "PERMISSIVE", + "LGPL-2.1-only" + ], + "Maintainer": "Josue Ortega \u003cjosue@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libgssapi-krb5-2@1.21.3-5", + "libtirpc-common@1.3.6+ds-1" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libtirpc.so.3.0.0", + "/usr/share/doc/libtirpc3t64/NEWS.Debian.gz", + "/usr/share/doc/libtirpc3t64/changelog.Debian.gz", + "/usr/share/doc/libtirpc3t64/changelog.gz", + "/usr/share/doc/libtirpc3t64/copyright", + "/usr/share/lintian/overrides/libtirpc3t64" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libudev1@257.9-1~deb13u1", + "Name": "libudev1", + "Identifier": { + "PURL": "pkg:deb/debian/libudev1@257.9-1~deb13u1?arch=amd64\u0026distro=debian-13.4", + "UID": "9b08ae719b1cb01e" + }, + "Version": "257.9", + "Release": "1~deb13u1", + "Arch": "amd64", + "SrcName": "systemd", + "SrcVersion": "257.9", + "SrcRelease": "1~deb13u1", + "Licenses": [ + "LGPL-2.1-or-later", + "CC0-1.0", + "GPL-2 with Linux-syscall-note exception", + "MIT", + "public-domain", + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libcap2@1:2.75-10+b8" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libudev.so.1.7.10", + "/usr/share/doc/libudev1/NEWS.Debian.gz", + "/usr/share/doc/libudev1/changelog.Debian.gz", + "/usr/share/doc/libudev1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libunwind8@1.8.1-0.1", + "Name": "libunwind8", + "Identifier": { + "PURL": "pkg:deb/debian/libunwind8@1.8.1-0.1?arch=amd64\u0026distro=debian-13.4", + "UID": "5f4bffcabb5feac2" + }, + "Version": "1.8.1", + "Release": "0.1", + "Arch": "amd64", + "SrcName": "libunwind", + "SrcVersion": "1.8.1", + "SrcRelease": "0.1", + "Licenses": [ + "MIT", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Adrian Bunk \u003cbunk@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "liblzma5@5.8.1-1" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libunwind-coredump.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/libunwind-ptrace.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/libunwind-x86_64.so.8.1.0", + "/usr/lib/x86_64-linux-gnu/libunwind.so.8.1.0", + "/usr/share/doc/libunwind8/changelog.Debian.gz", + "/usr/share/doc/libunwind8/changelog.gz", + "/usr/share/doc/libunwind8/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libuuid1@2.41-5", + "Name": "libuuid1", + "Identifier": { + "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.4", + "UID": "4a57eaeae20e47" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libuuid.so.1.3.0", + "/usr/share/doc/libuuid1/NEWS.Debian.gz", + "/usr/share/doc/libuuid1/changelog.Debian.gz", + "/usr/share/doc/libuuid1/changelog.gz", + "/usr/share/doc/libuuid1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libwrap0@7.6.q-36", + "Name": "libwrap0", + "Identifier": { + "PURL": "pkg:deb/debian/libwrap0@7.6.q-36?arch=amd64\u0026distro=debian-13.4", + "UID": "8e7a99f0c3aed30a" + }, + "Version": "7.6.q", + "Release": "36", + "Arch": "amd64", + "SrcName": "tcp-wrappers", + "SrcVersion": "7.6.q", + "SrcRelease": "36", + "Licenses": [ + "TCP-wrappers", + "BSD-3-Clause", + "SSH" + ], + "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libwrap.so.0.7.6", + "/usr/share/doc/libwrap0/README.Debian", + "/usr/share/doc/libwrap0/README.gz", + "/usr/share/doc/libwrap0/changelog.Debian.gz", + "/usr/share/doc/libwrap0/changelog.gz", + "/usr/share/doc/libwrap0/copyright", + "/usr/share/man/man5/hosts_access.5.gz", + "/usr/share/man/man5/hosts_options.5.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libxapian30@1.4.29-3", + "Name": "libxapian30", + "Identifier": { + "PURL": "pkg:deb/debian/libxapian30@1.4.29-3?arch=amd64\u0026distro=debian-13.4", + "UID": "4d7aef8d1727100b" + }, + "Version": "1.4.29", + "Release": "3", + "Arch": "amd64", + "SrcName": "xapian-core", + "SrcVersion": "1.4.29", + "SrcRelease": "3", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Olly Betts \u003colly@survex.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libgcc-s1@14.2.0-19", + "libstdc++6@14.2.0-19", + "libuuid1@2.41-5", + "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libxapian.so.30.14.1", + "/usr/share/doc/libxapian30/TODO.Debian", + "/usr/share/doc/libxapian30/changelog.Debian.gz", + "/usr/share/doc/libxapian30/changelog.gz", + "/usr/share/doc/libxapian30/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libxxhash0@0.8.3-2", + "Name": "libxxhash0", + "Identifier": { + "PURL": "pkg:deb/debian/libxxhash0@0.8.3-2?arch=amd64\u0026distro=debian-13.4", + "UID": "dc933a4365692bcd" + }, + "Version": "0.8.3", + "Release": "2", + "Arch": "amd64", + "SrcName": "xxhash", + "SrcVersion": "0.8.3", + "SrcRelease": "2", + "Licenses": [ + "BSD-2-Clause", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Josue Ortega \u003cjosue@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libxxhash.so.0.8.3", + "/usr/share/doc/libxxhash0/changelog.Debian.gz", + "/usr/share/doc/libxxhash0/changelog.gz", + "/usr/share/doc/libxxhash0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libzstd1@1.5.7+dfsg-1", + "Name": "libzstd1", + "Identifier": { + "PURL": "pkg:deb/debian/libzstd1@1.5.7%2Bdfsg-1?arch=amd64\u0026distro=debian-13.4", + "UID": "889edd5879fa68a" + }, + "Version": "1.5.7+dfsg", + "Release": "1", + "Arch": "amd64", + "SrcName": "libzstd", + "SrcVersion": "1.5.7+dfsg", + "SrcRelease": "1", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only", + "Zlib", + "MIT" + ], + "Maintainer": "RPM packaging team \u003cteam+pkg-rpm@tracker.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libzstd.so.1.5.7", + "/usr/share/doc/libzstd1/changelog.Debian.gz", + "/usr/share/doc/libzstd1/changelog.gz", + "/usr/share/doc/libzstd1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "login@1:4.16.0-2+really2.41-5", + "Name": "login", + "Identifier": { + "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", + "UID": "35a636a49ab503ca" + }, + "Version": "4.16.0-2+really2.41", + "Release": "5", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit1@1:4.0.2-2+b2", + "libc6@2.41-12+deb13u2", + "libcrypt1@1:4.4.38-1", + "libpam-modules@1.7.0-5", + "libpam-runtime@1.7.0-5", + "libpam0g@1.7.0-5" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/bin/login", + "/usr/bin/newgrp", + "/usr/sbin/nologin", + "/usr/share/bash-completion/completions/newgrp", + "/usr/share/doc/login/NEWS.Debian.gz", + "/usr/share/doc/login/changelog.Debian.gz", + "/usr/share/doc/login/changelog.gz", + "/usr/share/doc/login/copyright", + "/usr/share/lintian/overrides/login", + "/usr/share/man/de/man1/login.1.gz", + "/usr/share/man/de/man8/nologin.8.gz", + "/usr/share/man/fr/man1/login.1.gz", + "/usr/share/man/man1/login.1.gz", + "/usr/share/man/man1/newgrp.1.gz", + "/usr/share/man/man8/nologin.8.gz", + "/usr/share/man/pl/man1/login.1.gz", + "/usr/share/man/pl/man1/newgrp.1.gz", + "/usr/share/man/pl/man8/nologin.8.gz", + "/usr/share/man/ro/man1/login.1.gz", + "/usr/share/man/ro/man1/newgrp.1.gz", + "/usr/share/man/ro/man8/nologin.8.gz", + "/usr/share/man/sr/man1/login.1.gz", + "/usr/share/man/sr/man8/nologin.8.gz", + "/usr/share/man/uk/man1/login.1.gz", + "/usr/share/man/uk/man1/newgrp.1.gz", + "/usr/share/man/uk/man8/nologin.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "login.defs@1:4.17.4-2", + "Name": "login.defs", + "Identifier": { + "PURL": "pkg:deb/debian/login.defs@4.17.4-2?arch=all\u0026distro=debian-13.4\u0026epoch=1", + "UID": "b6a337588c67d5a3" + }, + "Version": "4.17.4", + "Release": "2", + "Epoch": 1, + "Arch": "all", + "SrcName": "shadow", + "SrcVersion": "4.17.4", + "SrcRelease": "2", + "SrcEpoch": 1, + "Licenses": [ + "BSD-3-Clause", + "GPL-1.0-only", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/share/doc/login.defs/NEWS.Debian.gz", + "/usr/share/doc/login.defs/changelog.Debian.gz", + "/usr/share/doc/login.defs/changelog.gz", + "/usr/share/doc/login.defs/copyright", + "/usr/share/man/de/man5/login.defs.5.gz", + "/usr/share/man/fr/man5/login.defs.5.gz", + "/usr/share/man/it/man5/login.defs.5.gz", + "/usr/share/man/ja/man5/login.defs.5.gz", + "/usr/share/man/man5/login.defs.5.gz", + "/usr/share/man/ru/man5/login.defs.5.gz", + "/usr/share/man/uk/man5/login.defs.5.gz", + "/usr/share/man/zh_CN/man5/login.defs.5.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "lua-bit32@5.3.0-6", + "Name": "lua-bit32", + "Identifier": { + "PURL": "pkg:deb/debian/lua-bit32@5.3.0-6?arch=amd64\u0026distro=debian-13.4", + "UID": "c53c1879550eb8af" + }, + "Version": "5.3.0", + "Release": "6", + "Arch": "amd64", + "SrcName": "lua-bit32", + "SrcVersion": "5.3.0", + "SrcRelease": "6", + "Licenses": [ + "MIT" + ], + "Maintainer": "Debian QA Group \u003cpackages@qa.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/liblua5.1-bit32.so.0.0.0", + "/usr/share/doc/lua-bit32/changelog.Debian.gz", + "/usr/share/doc/lua-bit32/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "lua-json@1.3.4-3", + "Name": "lua-json", + "Identifier": { + "PURL": "pkg:deb/debian/lua-json@1.3.4-3?arch=all\u0026distro=debian-13.4", + "UID": "b243d7a1844f36a5" + }, + "Version": "1.3.4", + "Release": "3", + "Arch": "all", + "SrcName": "lua-json", + "SrcVersion": "1.3.4", + "SrcRelease": "3", + "Licenses": [ + "MIT" + ], + "Maintainer": "The Debian Lua Team \u003cpkg-lua-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "lua-lpeg@1.1.0-2" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/share/doc/lua-json/LuaJSON.txt.gz", + "/usr/share/doc/lua-json/README.md", + "/usr/share/doc/lua-json/ReleaseNotes-0.10.txt.gz", + "/usr/share/doc/lua-json/ReleaseNotes-0.9.1.txt", + "/usr/share/doc/lua-json/ReleaseNotes-0.9.txt", + "/usr/share/doc/lua-json/ReleaseNotes-1.0.1.txt", + "/usr/share/doc/lua-json/ReleaseNotes-1.0.2.txt", + "/usr/share/doc/lua-json/ReleaseNotes-1.0.3.txt", + "/usr/share/doc/lua-json/ReleaseNotes-1.0.txt", + "/usr/share/doc/lua-json/ReleaseNotes-1.1.1.txt", + "/usr/share/doc/lua-json/ReleaseNotes-1.1.2.txt", + "/usr/share/doc/lua-json/ReleaseNotes-1.1.txt", + "/usr/share/doc/lua-json/ReleaseNotes-1.2.1.txt", + "/usr/share/doc/lua-json/ReleaseNotes-1.2.2.txt", + "/usr/share/doc/lua-json/ReleaseNotes-1.2.txt", + "/usr/share/doc/lua-json/ReleaseNotes-1.3.1.txt", + "/usr/share/doc/lua-json/ReleaseNotes-1.3.2.txt", + "/usr/share/doc/lua-json/ReleaseNotes-1.3.3.txt", + "/usr/share/doc/lua-json/ReleaseNotes-1.3.4.txt", + "/usr/share/doc/lua-json/ReleaseNotes-1.3.txt", + "/usr/share/doc/lua-json/changelog.Debian.gz", + "/usr/share/doc/lua-json/copyright", + "/usr/share/lua/5.1/json.lua", + "/usr/share/lua/5.1/json/decode.lua", + "/usr/share/lua/5.1/json/decode/composite.lua", + "/usr/share/lua/5.1/json/decode/number.lua", + "/usr/share/lua/5.1/json/decode/others.lua", + "/usr/share/lua/5.1/json/decode/state.lua", + "/usr/share/lua/5.1/json/decode/strings.lua", + "/usr/share/lua/5.1/json/decode/util.lua", + "/usr/share/lua/5.1/json/encode.lua", + "/usr/share/lua/5.1/json/encode/array.lua", + "/usr/share/lua/5.1/json/encode/calls.lua", + "/usr/share/lua/5.1/json/encode/number.lua", + "/usr/share/lua/5.1/json/encode/object.lua", + "/usr/share/lua/5.1/json/encode/others.lua", + "/usr/share/lua/5.1/json/encode/output.lua", + "/usr/share/lua/5.1/json/encode/output_utility.lua", + "/usr/share/lua/5.1/json/encode/strings.lua", + "/usr/share/lua/5.1/json/util.lua" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "lua-lpeg@1.1.0-2", + "Name": "lua-lpeg", + "Identifier": { + "PURL": "pkg:deb/debian/lua-lpeg@1.1.0-2?arch=amd64\u0026distro=debian-13.4", + "UID": "d22d199396f9f5aa" + }, + "Version": "1.1.0", + "Release": "2", + "Arch": "amd64", + "SrcName": "lua-lpeg", + "SrcVersion": "1.1.0", + "SrcRelease": "2", + "Licenses": [ + "MIT/X" + ], + "Maintainer": "Debian Lua Team \u003cpkg-lua-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/liblua5.1-lpeg.so.2.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-lpeg.so.2.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-lpeg.so.2.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-lpeg.so.2.0.0", + "/usr/share/doc/lua-lpeg/changelog.Debian.gz", + "/usr/share/doc/lua-lpeg/changelog.gz", + "/usr/share/doc/lua-lpeg/copyright", + "/usr/share/lua/5.1/re.lua" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "lua-posix@36.3-1", + "Name": "lua-posix", + "Identifier": { + "PURL": "pkg:deb/debian/lua-posix@36.3-1?arch=amd64\u0026distro=debian-13.4", + "UID": "cf2334e85205c3df" + }, + "Version": "36.3", + "Release": "1", + "Arch": "amd64", + "SrcName": "lua-posix", + "SrcVersion": "36.3", + "SrcRelease": "1", + "Licenses": [ + "MIT", + "BSD-3-Clause" + ], + "Maintainer": "Debian Lua Team \u003cpkg-lua-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libcrypt1@1:4.4.38-1", + "lua-bit32@5.3.0-6" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-ctype.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-dirent.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-errno.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-fcntl.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-fnmatch.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-glob.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-grp.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-libgen.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-poll.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-pwd.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-sched.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-signal.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-stdio.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-stdlib.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-sys-msg.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-sys-resource.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-sys-socket.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-sys-stat.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-sys-statvfs.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-sys-time.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-sys-times.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-sys-utsname.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-sys-wait.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-syslog.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-termio.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-time.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-unistd.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-utime.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-ctype.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-dirent.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-errno.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-fcntl.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-fnmatch.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-glob.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-grp.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-libgen.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-poll.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-pwd.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-sched.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-signal.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-stdio.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-stdlib.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-sys-msg.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-sys-resource.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-sys-socket.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-sys-stat.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-sys-statvfs.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-sys-time.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-sys-times.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-sys-utsname.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-sys-wait.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-syslog.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-termio.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-time.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-unistd.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-utime.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-ctype.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-dirent.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-errno.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-fcntl.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-fnmatch.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-glob.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-grp.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-libgen.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-poll.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-pwd.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-sched.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-signal.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-stdio.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-stdlib.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-sys-msg.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-sys-resource.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-sys-socket.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-sys-stat.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-sys-statvfs.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-sys-time.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-sys-times.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-sys-utsname.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-sys-wait.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-syslog.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-termio.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-time.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-unistd.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-utime.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-ctype.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-dirent.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-errno.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-fcntl.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-fnmatch.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-glob.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-grp.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-libgen.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-poll.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-pwd.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-sched.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-signal.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-stdio.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-stdlib.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-sys-msg.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-sys-resource.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-sys-socket.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-sys-stat.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-sys-statvfs.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-sys-time.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-sys-times.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-sys-utsname.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-sys-wait.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-syslog.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-termio.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-time.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-unistd.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-utime.so.0.0.0", + "/usr/share/doc/lua-posix/changelog.Debian.gz", + "/usr/share/doc/lua-posix/copyright", + "/usr/share/lintian/overrides/lua-posix", + "/usr/share/lua/5.1/posix/_base.lua", + "/usr/share/lua/5.1/posix/_bitwise.lua", + "/usr/share/lua/5.1/posix/_strict.lua", + "/usr/share/lua/5.1/posix/compat.lua", + "/usr/share/lua/5.1/posix/deprecated.lua", + "/usr/share/lua/5.1/posix/init.lua", + "/usr/share/lua/5.1/posix/sys.lua", + "/usr/share/lua/5.1/posix/util.lua", + "/usr/share/lua/5.1/posix/version.lua" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mariadb-common@1:11.8.6-0+deb13u1", + "Name": "mariadb-common", + "Identifier": { + "PURL": "pkg:deb/debian/mariadb-common@11.8.6-0%2Bdeb13u1?arch=all\u0026distro=debian-13.4\u0026epoch=1", + "UID": "403ed3ff54967cb9" + }, + "Version": "11.8.6", + "Release": "0+deb13u1", + "Epoch": 1, + "Arch": "all", + "SrcName": "mariadb", + "SrcVersion": "11.8.6", + "SrcRelease": "0+deb13u1", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-only", + "GPL-2.0-or-later", + "public-domain", + "BSD-3-Clause", + "LGPL-2.1-or-later", + "BSD-2-Clause", + "LGPL-2.0-only", + "unlimited-free-doc", + "GPL-2.0-with-bison-exception+", + "SWsoft", + "Artistic-2.0", + "LGPL-2.0-or-later", + "zlib-acknowledgement", + "LGPL-2.1-only" + ], + "Maintainer": "Debian MySQL Maintainers \u003cpkg-mysql-maint@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "mysql-common@5.8+1.1.1" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/share/doc/mariadb-common/changelog.Debian.gz", + "/usr/share/doc/mariadb-common/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mysql-common@5.8+1.1.1", + "Name": "mysql-common", + "Identifier": { + "PURL": "pkg:deb/debian/mysql-common@5.8%2B1.1.1?arch=all\u0026distro=debian-13.4", + "UID": "d1d9e3e56824646c" + }, + "Version": "5.8+1.1.1", + "Arch": "all", + "SrcName": "mysql-defaults", + "SrcVersion": "1.1.1", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Debian MySQL Maintainers \u003cpkg-mysql-maint@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/share/doc/mysql-common/changelog.gz", + "/usr/share/doc/mysql-common/copyright", + "/usr/share/doc/mysql-common/frozen-mode/README", + "/usr/share/doc/mysql-common/frozen-mode/downgrade", + "/usr/share/lintian/overrides/mysql-common", + "/usr/share/mysql-common/configure-symlinks" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "ncurses-base@6.5+20250216-2", + "Name": "ncurses-base", + "Identifier": { + "PURL": "pkg:deb/debian/ncurses-base@6.5%2B20250216-2?arch=all\u0026distro=debian-13.4", + "UID": "767a0231348a5cb5" + }, + "Version": "6.5+20250216", + "Release": "2", + "Arch": "all", + "SrcName": "ncurses", + "SrcVersion": "6.5+20250216", + "SrcRelease": "2", + "Licenses": [ + "MIT/X11", + "X11", + "BSD-3-Clause" + ], + "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/share/doc/ncurses-base/FAQ", + "/usr/share/doc/ncurses-base/TODO.Debian", + "/usr/share/doc/ncurses-base/changelog.Debian.gz", + "/usr/share/doc/ncurses-base/changelog.gz", + "/usr/share/doc/ncurses-base/copyright", + "/usr/share/lintian/overrides/ncurses-base", + "/usr/share/tabset/std", + "/usr/share/tabset/stdcrt", + "/usr/share/tabset/vt100", + "/usr/share/tabset/vt300", + "/usr/share/terminfo/E/Eterm", + "/usr/share/terminfo/a/ansi", + "/usr/share/terminfo/c/cons25", + "/usr/share/terminfo/c/cygwin", + "/usr/share/terminfo/d/dumb", + "/usr/share/terminfo/h/hurd", + "/usr/share/terminfo/l/linux", + "/usr/share/terminfo/m/mach", + "/usr/share/terminfo/m/mach-bold", + "/usr/share/terminfo/m/mach-color", + "/usr/share/terminfo/m/mach-gnu", + "/usr/share/terminfo/m/mach-gnu-color", + "/usr/share/terminfo/p/pcansi", + "/usr/share/terminfo/r/rxvt", + "/usr/share/terminfo/r/rxvt-basic", + "/usr/share/terminfo/r/rxvt-unicode", + "/usr/share/terminfo/r/rxvt-unicode-256color", + "/usr/share/terminfo/s/screen", + "/usr/share/terminfo/s/screen-256color", + "/usr/share/terminfo/s/screen-256color-bce", + "/usr/share/terminfo/s/screen-bce", + "/usr/share/terminfo/s/screen-s", + "/usr/share/terminfo/s/screen-w", + "/usr/share/terminfo/s/screen.xterm-256color", + "/usr/share/terminfo/s/sun", + "/usr/share/terminfo/t/tmux", + "/usr/share/terminfo/t/tmux-256color", + "/usr/share/terminfo/v/vt100", + "/usr/share/terminfo/v/vt102", + "/usr/share/terminfo/v/vt220", + "/usr/share/terminfo/v/vt52", + "/usr/share/terminfo/w/wsvt25", + "/usr/share/terminfo/w/wsvt25m", + "/usr/share/terminfo/x/xterm", + "/usr/share/terminfo/x/xterm-256color", + "/usr/share/terminfo/x/xterm-color", + "/usr/share/terminfo/x/xterm-mono", + "/usr/share/terminfo/x/xterm-r5", + "/usr/share/terminfo/x/xterm-r6", + "/usr/share/terminfo/x/xterm-vt220", + "/usr/share/terminfo/x/xterm-xfree86" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "netcat-traditional@1.10-50", + "Name": "netcat-traditional", + "Identifier": { + "PURL": "pkg:deb/debian/netcat-traditional@1.10-50?arch=amd64\u0026distro=debian-13.4", + "UID": "7ff724373cc7edab" + }, + "Version": "1.10", + "Release": "50", + "Arch": "amd64", + "SrcName": "netcat", + "SrcVersion": "1.10", + "SrcRelease": "50", + "Maintainer": "Anibal Monsalve Salazar \u003canibal@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/bin/nc.traditional", + "/usr/share/doc/netcat-traditional/README.Debian", + "/usr/share/doc/netcat-traditional/README.gz", + "/usr/share/doc/netcat-traditional/changelog.Debian.gz", + "/usr/share/doc/netcat-traditional/changelog.gz", + "/usr/share/doc/netcat-traditional/copyright", + "/usr/share/doc/netcat-traditional/examples/contrib/ncmeter", + "/usr/share/doc/netcat-traditional/examples/data/Makefile", + "/usr/share/doc/netcat-traditional/examples/data/README", + "/usr/share/doc/netcat-traditional/examples/data/data.c", + "/usr/share/doc/netcat-traditional/examples/data/dns-any.d", + "/usr/share/doc/netcat-traditional/examples/data/nfs-0.d", + "/usr/share/doc/netcat-traditional/examples/data/pm.d", + "/usr/share/doc/netcat-traditional/examples/data/pmap-dump.d", + "/usr/share/doc/netcat-traditional/examples/data/pmap-mnt.d", + "/usr/share/doc/netcat-traditional/examples/data/rip.d", + "/usr/share/doc/netcat-traditional/examples/data/rservice.c", + "/usr/share/doc/netcat-traditional/examples/data/showmount.d", + "/usr/share/doc/netcat-traditional/examples/data/xor.c", + "/usr/share/doc/netcat-traditional/examples/scripts/README", + "/usr/share/doc/netcat-traditional/examples/scripts/alta", + "/usr/share/doc/netcat-traditional/examples/scripts/bsh", + "/usr/share/doc/netcat-traditional/examples/scripts/dist.sh", + "/usr/share/doc/netcat-traditional/examples/scripts/irc", + "/usr/share/doc/netcat-traditional/examples/scripts/iscan", + "/usr/share/doc/netcat-traditional/examples/scripts/ncp", + "/usr/share/doc/netcat-traditional/examples/scripts/probe", + "/usr/share/doc/netcat-traditional/examples/scripts/web", + "/usr/share/doc/netcat-traditional/examples/scripts/webproxy", + "/usr/share/doc/netcat-traditional/examples/scripts/webrelay", + "/usr/share/doc/netcat-traditional/examples/scripts/websearch", + "/usr/share/man/man1/nc.traditional.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "openssl@3.5.5-1~deb13u2", + "Name": "openssl", + "Identifier": { + "PURL": "pkg:deb/debian/openssl@3.5.5-1~deb13u2?arch=amd64\u0026distro=debian-13.4", + "UID": "e9ce784b0d96ddbd" + }, + "Version": "3.5.5", + "Release": "1~deb13u2", + "Arch": "amd64", + "SrcName": "openssl", + "SrcVersion": "3.5.5", + "SrcRelease": "1~deb13u2", + "Licenses": [ + "Apache-2.0", + "Artistic-2.0", + "GPL-1.0-or-later", + "GPL-1.0-only" + ], + "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libssl3t64@3.5.5-1~deb13u2" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/bin/c_rehash", + "/usr/bin/openssl", + "/usr/lib/ssl/misc/CA.pl", + "/usr/lib/ssl/misc/tsget.pl", + "/usr/share/doc/openssl/HOWTO/certificates.txt.gz", + "/usr/share/doc/openssl/HOWTO/documenting-functions-and-macros.md.gz", + "/usr/share/doc/openssl/HOWTO/keys.txt.gz", + "/usr/share/doc/openssl/NEWS.md.gz", + "/usr/share/doc/openssl/README-ENGINES.md.gz", + "/usr/share/doc/openssl/README-PROVIDERS.md.gz", + "/usr/share/doc/openssl/README-QUIC.md.gz", + "/usr/share/doc/openssl/README.Debian", + "/usr/share/doc/openssl/README.md.gz", + "/usr/share/doc/openssl/changelog.Debian.gz", + "/usr/share/doc/openssl/changelog.gz", + "/usr/share/doc/openssl/copyright", + "/usr/share/doc/openssl/fingerprints.txt", + "/usr/share/lintian/overrides/openssl", + "/usr/share/man/man1/CA.pl.1ssl.gz", + "/usr/share/man/man1/openssl-asn1parse.1ssl.gz", + "/usr/share/man/man1/openssl-ca.1ssl.gz", + "/usr/share/man/man1/openssl-ciphers.1ssl.gz", + "/usr/share/man/man1/openssl-cmds.1ssl.gz", + "/usr/share/man/man1/openssl-cmp.1ssl.gz", + "/usr/share/man/man1/openssl-cms.1ssl.gz", + "/usr/share/man/man1/openssl-crl.1ssl.gz", + "/usr/share/man/man1/openssl-crl2pkcs7.1ssl.gz", + "/usr/share/man/man1/openssl-dgst.1ssl.gz", + "/usr/share/man/man1/openssl-dhparam.1ssl.gz", + "/usr/share/man/man1/openssl-dsa.1ssl.gz", + "/usr/share/man/man1/openssl-dsaparam.1ssl.gz", + "/usr/share/man/man1/openssl-ec.1ssl.gz", + "/usr/share/man/man1/openssl-ecparam.1ssl.gz", + "/usr/share/man/man1/openssl-enc.1ssl.gz", + "/usr/share/man/man1/openssl-engine.1ssl.gz", + "/usr/share/man/man1/openssl-errstr.1ssl.gz", + "/usr/share/man/man1/openssl-fipsinstall.1ssl.gz", + "/usr/share/man/man1/openssl-format-options.1ssl.gz", + "/usr/share/man/man1/openssl-gendsa.1ssl.gz", + "/usr/share/man/man1/openssl-genpkey.1ssl.gz", + "/usr/share/man/man1/openssl-genrsa.1ssl.gz", + "/usr/share/man/man1/openssl-info.1ssl.gz", + "/usr/share/man/man1/openssl-kdf.1ssl.gz", + "/usr/share/man/man1/openssl-list.1ssl.gz", + "/usr/share/man/man1/openssl-mac.1ssl.gz", + "/usr/share/man/man1/openssl-namedisplay-options.1ssl.gz", + "/usr/share/man/man1/openssl-nseq.1ssl.gz", + "/usr/share/man/man1/openssl-ocsp.1ssl.gz", + "/usr/share/man/man1/openssl-passphrase-options.1ssl.gz", + "/usr/share/man/man1/openssl-passwd.1ssl.gz", + "/usr/share/man/man1/openssl-pkcs12.1ssl.gz", + "/usr/share/man/man1/openssl-pkcs7.1ssl.gz", + "/usr/share/man/man1/openssl-pkcs8.1ssl.gz", + "/usr/share/man/man1/openssl-pkey.1ssl.gz", + "/usr/share/man/man1/openssl-pkeyparam.1ssl.gz", + "/usr/share/man/man1/openssl-pkeyutl.1ssl.gz", + "/usr/share/man/man1/openssl-prime.1ssl.gz", + "/usr/share/man/man1/openssl-rand.1ssl.gz", + "/usr/share/man/man1/openssl-rehash.1ssl.gz", + "/usr/share/man/man1/openssl-req.1ssl.gz", + "/usr/share/man/man1/openssl-rsa.1ssl.gz", + "/usr/share/man/man1/openssl-rsautl.1ssl.gz", + "/usr/share/man/man1/openssl-s_client.1ssl.gz", + "/usr/share/man/man1/openssl-s_server.1ssl.gz", + "/usr/share/man/man1/openssl-s_time.1ssl.gz", + "/usr/share/man/man1/openssl-sess_id.1ssl.gz", + "/usr/share/man/man1/openssl-skeyutl.1ssl.gz", + "/usr/share/man/man1/openssl-smime.1ssl.gz", + "/usr/share/man/man1/openssl-speed.1ssl.gz", + "/usr/share/man/man1/openssl-spkac.1ssl.gz", + "/usr/share/man/man1/openssl-srp.1ssl.gz", + "/usr/share/man/man1/openssl-storeutl.1ssl.gz", + "/usr/share/man/man1/openssl-ts.1ssl.gz", + "/usr/share/man/man1/openssl-verification-options.1ssl.gz", + "/usr/share/man/man1/openssl-verify.1ssl.gz", + "/usr/share/man/man1/openssl-version.1ssl.gz", + "/usr/share/man/man1/openssl-x509.1ssl.gz", + "/usr/share/man/man1/openssl.1ssl.gz", + "/usr/share/man/man1/tsget.1ssl.gz", + "/usr/share/man/man5/config.5ssl.gz", + "/usr/share/man/man5/fips_config.5ssl.gz", + "/usr/share/man/man5/x509v3_config.5ssl.gz", + "/usr/share/man/man7/EVP_ASYM_CIPHER-RSA.7ssl.gz", + "/usr/share/man/man7/EVP_ASYM_CIPHER-SM2.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-AES.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-ARIA.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-BLOWFISH.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-CAMELLIA.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-CAST.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-CHACHA.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-DES.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-IDEA.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-NULL.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-RC2.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-RC4.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-RC5.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-SEED.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-SM4.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-ARGON2.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-HKDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-HMAC-DRBG.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-KB.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-KRB5KDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-PBKDF1.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-PBKDF2.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-PKCS12KDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-PVKKDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-SCRYPT.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-SS.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-SSHKDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-TLS13_KDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-TLS1_PRF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-X942-ASN1.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-X942-CONCAT.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-X963.7ssl.gz", + "/usr/share/man/man7/EVP_KEM-EC.7ssl.gz", + "/usr/share/man/man7/EVP_KEM-ML-KEM.7ssl.gz", + "/usr/share/man/man7/EVP_KEM-RSA.7ssl.gz", + "/usr/share/man/man7/EVP_KEM-X25519.7ssl.gz", + "/usr/share/man/man7/EVP_KEYEXCH-DH.7ssl.gz", + "/usr/share/man/man7/EVP_KEYEXCH-ECDH.7ssl.gz", + "/usr/share/man/man7/EVP_KEYEXCH-X25519.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-BLAKE2.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-CMAC.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-GMAC.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-HMAC.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-KMAC.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-Poly1305.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-Siphash.7ssl.gz", + "/usr/share/man/man7/EVP_MD-BLAKE2.7ssl.gz", + "/usr/share/man/man7/EVP_MD-KECCAK.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MD2.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MD4.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MD5-SHA1.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MD5.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MDC2.7ssl.gz", + "/usr/share/man/man7/EVP_MD-NULL.7ssl.gz", + "/usr/share/man/man7/EVP_MD-RIPEMD160.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SHA1.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SHA2.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SHA3.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SHAKE.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SM3.7ssl.gz", + "/usr/share/man/man7/EVP_MD-WHIRLPOOL.7ssl.gz", + "/usr/share/man/man7/EVP_MD-common.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-DH.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-DSA.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-EC.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-FFC.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-HMAC.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-ML-DSA.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-ML-KEM.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-RSA.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-SLH-DSA.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-SM2.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-X25519.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-CRNG-TEST.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-CTR-DRBG.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-HASH-DRBG.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-HMAC-DRBG.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-JITTER.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-SEED-SRC.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-TEST-RAND.7ssl.gz", + "/usr/share/man/man7/EVP_RAND.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-DSA.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-ECDSA.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-ED25519.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-HMAC.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-ML-DSA.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-RSA.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-SLH-DSA.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-FIPS.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-base.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-default.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-legacy.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-null.7ssl.gz", + "/usr/share/man/man7/OSSL_STORE-winstore.7ssl.gz", + "/usr/share/man/man7/RAND.7ssl.gz", + "/usr/share/man/man7/RSA-PSS.7ssl.gz", + "/usr/share/man/man7/X25519.7ssl.gz", + "/usr/share/man/man7/bio.7ssl.gz", + "/usr/share/man/man7/ct.7ssl.gz", + "/usr/share/man/man7/des_modes.7ssl.gz", + "/usr/share/man/man7/evp.7ssl.gz", + "/usr/share/man/man7/fips_module.7ssl.gz", + "/usr/share/man/man7/life_cycle-cipher.7ssl.gz", + "/usr/share/man/man7/life_cycle-digest.7ssl.gz", + "/usr/share/man/man7/life_cycle-kdf.7ssl.gz", + "/usr/share/man/man7/life_cycle-mac.7ssl.gz", + "/usr/share/man/man7/life_cycle-pkey.7ssl.gz", + "/usr/share/man/man7/life_cycle-rand.7ssl.gz", + "/usr/share/man/man7/openssl-core.h.7ssl.gz", + "/usr/share/man/man7/openssl-core_dispatch.h.7ssl.gz", + "/usr/share/man/man7/openssl-core_names.h.7ssl.gz", + "/usr/share/man/man7/openssl-env.7ssl.gz", + "/usr/share/man/man7/openssl-glossary.7ssl.gz", + "/usr/share/man/man7/openssl-qlog.7ssl.gz", + "/usr/share/man/man7/openssl-quic-concurrency.7ssl.gz", + "/usr/share/man/man7/openssl-quic.7ssl.gz", + "/usr/share/man/man7/openssl-threads.7ssl.gz", + "/usr/share/man/man7/openssl_user_macros.7ssl.gz", + "/usr/share/man/man7/ossl-guide-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-libcrypto-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-libraries-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-libssl-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-migration.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-client-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-client-non-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-multi-stream.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-server-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-server-non-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-tls-client-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-tls-client-non-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-tls-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-tls-server-block.7ssl.gz", + "/usr/share/man/man7/ossl_store-file.7ssl.gz", + "/usr/share/man/man7/ossl_store.7ssl.gz", + "/usr/share/man/man7/passphrase-encoding.7ssl.gz", + "/usr/share/man/man7/property.7ssl.gz", + "/usr/share/man/man7/provider-asym_cipher.7ssl.gz", + "/usr/share/man/man7/provider-base.7ssl.gz", + "/usr/share/man/man7/provider-cipher.7ssl.gz", + "/usr/share/man/man7/provider-decoder.7ssl.gz", + "/usr/share/man/man7/provider-digest.7ssl.gz", + "/usr/share/man/man7/provider-encoder.7ssl.gz", + "/usr/share/man/man7/provider-kdf.7ssl.gz", + "/usr/share/man/man7/provider-kem.7ssl.gz", + "/usr/share/man/man7/provider-keyexch.7ssl.gz", + "/usr/share/man/man7/provider-keymgmt.7ssl.gz", + "/usr/share/man/man7/provider-mac.7ssl.gz", + "/usr/share/man/man7/provider-object.7ssl.gz", + "/usr/share/man/man7/provider-rand.7ssl.gz", + "/usr/share/man/man7/provider-signature.7ssl.gz", + "/usr/share/man/man7/provider-skeymgmt.7ssl.gz", + "/usr/share/man/man7/provider-storemgmt.7ssl.gz", + "/usr/share/man/man7/provider.7ssl.gz", + "/usr/share/man/man7/proxy-certificates.7ssl.gz", + "/usr/share/man/man7/x509.7ssl.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "openssl-provider-legacy@3.5.5-1~deb13u2", + "Name": "openssl-provider-legacy", + "Identifier": { + "PURL": "pkg:deb/debian/openssl-provider-legacy@3.5.5-1~deb13u2?arch=amd64\u0026distro=debian-13.4", + "UID": "28ae5dc4d1707f9a" + }, + "Version": "3.5.5", + "Release": "1~deb13u2", + "Arch": "amd64", + "SrcName": "openssl", + "SrcVersion": "3.5.5", + "SrcRelease": "1~deb13u2", + "Licenses": [ + "Apache-2.0", + "Artistic-2.0", + "GPL-1.0-or-later", + "GPL-1.0-only" + ], + "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libssl3t64@3.5.5-1~deb13u2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/ossl-modules/legacy.so", + "/usr/share/doc/openssl-provider-legacy/changelog.Debian.gz", + "/usr/share/doc/openssl-provider-legacy/changelog.gz", + "/usr/share/doc/openssl-provider-legacy/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "passwd@1:4.17.4-2", + "Name": "passwd", + "Identifier": { + "PURL": "pkg:deb/debian/passwd@4.17.4-2?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", + "UID": "97a8e708d58db4b1" + }, + "Version": "4.17.4", + "Release": "2", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "shadow", + "SrcVersion": "4.17.4", + "SrcRelease": "2", + "SrcEpoch": 1, + "Licenses": [ + "BSD-3-Clause", + "GPL-1.0-only", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "base-passwd@3.6.7", + "libacl1@2.3.2-2+b1", + "libattr1@1:2.5.2-3", + "libaudit1@1:4.0.2-2+b2", + "libbsd0@0.12.2-2", + "libc6@2.41-12+deb13u2", + "libcrypt1@1:4.4.38-1", + "libpam-modules@1.7.0-5", + "libpam0g@1.7.0-5", + "libselinux1@3.8.1-1", + "libsemanage2@3.8.1-1", + "login.defs@1:4.17.4-2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/bin/chage", + "/usr/bin/chfn", + "/usr/bin/chsh", + "/usr/bin/expiry", + "/usr/bin/gpasswd", + "/usr/bin/passwd", + "/usr/lib/tmpfiles.d/passwd.conf", + "/usr/sbin/chgpasswd", + "/usr/sbin/chpasswd", + "/usr/sbin/groupadd", + "/usr/sbin/groupdel", + "/usr/sbin/groupmod", + "/usr/sbin/grpck", + "/usr/sbin/grpconv", + "/usr/sbin/grpunconv", + "/usr/sbin/newusers", + "/usr/sbin/pwck", + "/usr/sbin/pwconv", + "/usr/sbin/pwunconv", + "/usr/sbin/shadowconfig", + "/usr/sbin/useradd", + "/usr/sbin/userdel", + "/usr/sbin/usermod", + "/usr/sbin/vipw", + "/usr/share/doc/passwd/NEWS.Debian.gz", + "/usr/share/doc/passwd/README.Debian", + "/usr/share/doc/passwd/TODO.Debian", + "/usr/share/doc/passwd/changelog.Debian.gz", + "/usr/share/doc/passwd/changelog.gz", + "/usr/share/doc/passwd/copyright", + "/usr/share/doc/passwd/examples/passwd.expire.cron", + "/usr/share/lintian/overrides/passwd", + "/usr/share/locale/bs/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ca/LC_MESSAGES/shadow.mo", + "/usr/share/locale/cs/LC_MESSAGES/shadow.mo", + "/usr/share/locale/da/LC_MESSAGES/shadow.mo", + "/usr/share/locale/de/LC_MESSAGES/shadow.mo", + "/usr/share/locale/dz/LC_MESSAGES/shadow.mo", + "/usr/share/locale/el/LC_MESSAGES/shadow.mo", + "/usr/share/locale/es/LC_MESSAGES/shadow.mo", + "/usr/share/locale/eu/LC_MESSAGES/shadow.mo", + "/usr/share/locale/fi/LC_MESSAGES/shadow.mo", + "/usr/share/locale/fr/LC_MESSAGES/shadow.mo", + "/usr/share/locale/gl/LC_MESSAGES/shadow.mo", + "/usr/share/locale/he/LC_MESSAGES/shadow.mo", + "/usr/share/locale/hu/LC_MESSAGES/shadow.mo", + "/usr/share/locale/id/LC_MESSAGES/shadow.mo", + "/usr/share/locale/it/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ja/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ka/LC_MESSAGES/shadow.mo", + "/usr/share/locale/kk/LC_MESSAGES/shadow.mo", + "/usr/share/locale/km/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ko/LC_MESSAGES/shadow.mo", + "/usr/share/locale/nb/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ne/LC_MESSAGES/shadow.mo", + "/usr/share/locale/nl/LC_MESSAGES/shadow.mo", + "/usr/share/locale/nn/LC_MESSAGES/shadow.mo", + "/usr/share/locale/pl/LC_MESSAGES/shadow.mo", + "/usr/share/locale/pt/LC_MESSAGES/shadow.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ro/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ru/LC_MESSAGES/shadow.mo", + "/usr/share/locale/sk/LC_MESSAGES/shadow.mo", + "/usr/share/locale/sq/LC_MESSAGES/shadow.mo", + "/usr/share/locale/sv/LC_MESSAGES/shadow.mo", + "/usr/share/locale/tl/LC_MESSAGES/shadow.mo", + "/usr/share/locale/tr/LC_MESSAGES/shadow.mo", + "/usr/share/locale/uk/LC_MESSAGES/shadow.mo", + "/usr/share/locale/vi/LC_MESSAGES/shadow.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/shadow.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/shadow.mo", + "/usr/share/man/cs/man1/expiry.1.gz", + "/usr/share/man/cs/man1/gpasswd.1.gz", + "/usr/share/man/cs/man5/gshadow.5.gz", + "/usr/share/man/cs/man5/passwd.5.gz", + "/usr/share/man/cs/man5/shadow.5.gz", + "/usr/share/man/cs/man8/groupadd.8.gz", + "/usr/share/man/cs/man8/groupdel.8.gz", + "/usr/share/man/cs/man8/groupmod.8.gz", + "/usr/share/man/cs/man8/grpck.8.gz", + "/usr/share/man/cs/man8/vipw.8.gz", + "/usr/share/man/da/man1/chfn.1.gz", + "/usr/share/man/da/man5/gshadow.5.gz", + "/usr/share/man/da/man8/groupdel.8.gz", + "/usr/share/man/da/man8/vipw.8.gz", + "/usr/share/man/de/man1/chage.1.gz", + "/usr/share/man/de/man1/chfn.1.gz", + "/usr/share/man/de/man1/chsh.1.gz", + "/usr/share/man/de/man1/expiry.1.gz", + "/usr/share/man/de/man1/gpasswd.1.gz", + "/usr/share/man/de/man1/passwd.1.gz", + "/usr/share/man/de/man5/gshadow.5.gz", + "/usr/share/man/de/man5/passwd.5.gz", + "/usr/share/man/de/man5/shadow.5.gz", + "/usr/share/man/de/man8/chgpasswd.8.gz", + "/usr/share/man/de/man8/chpasswd.8.gz", + "/usr/share/man/de/man8/groupadd.8.gz", + "/usr/share/man/de/man8/groupdel.8.gz", + "/usr/share/man/de/man8/groupmod.8.gz", + "/usr/share/man/de/man8/grpck.8.gz", + "/usr/share/man/de/man8/newusers.8.gz", + "/usr/share/man/de/man8/pwck.8.gz", + "/usr/share/man/de/man8/pwconv.8.gz", + "/usr/share/man/de/man8/useradd.8.gz", + "/usr/share/man/de/man8/userdel.8.gz", + "/usr/share/man/de/man8/usermod.8.gz", + "/usr/share/man/de/man8/vipw.8.gz", + "/usr/share/man/fi/man1/chfn.1.gz", + "/usr/share/man/fi/man1/chsh.1.gz", + "/usr/share/man/fr/man1/chage.1.gz", + "/usr/share/man/fr/man1/chfn.1.gz", + "/usr/share/man/fr/man1/chsh.1.gz", + "/usr/share/man/fr/man1/expiry.1.gz", + "/usr/share/man/fr/man1/gpasswd.1.gz", + "/usr/share/man/fr/man1/passwd.1.gz", + "/usr/share/man/fr/man5/gshadow.5.gz", + "/usr/share/man/fr/man5/passwd.5.gz", + "/usr/share/man/fr/man5/shadow.5.gz", + "/usr/share/man/fr/man5/subgid.5.gz", + "/usr/share/man/fr/man5/subuid.5.gz", + "/usr/share/man/fr/man8/chgpasswd.8.gz", + "/usr/share/man/fr/man8/chpasswd.8.gz", + "/usr/share/man/fr/man8/groupadd.8.gz", + "/usr/share/man/fr/man8/groupdel.8.gz", + "/usr/share/man/fr/man8/groupmod.8.gz", + "/usr/share/man/fr/man8/grpck.8.gz", + "/usr/share/man/fr/man8/newusers.8.gz", + "/usr/share/man/fr/man8/pwck.8.gz", + "/usr/share/man/fr/man8/pwconv.8.gz", + "/usr/share/man/fr/man8/useradd.8.gz", + "/usr/share/man/fr/man8/userdel.8.gz", + "/usr/share/man/fr/man8/usermod.8.gz", + "/usr/share/man/fr/man8/vipw.8.gz", + "/usr/share/man/hu/man1/chsh.1.gz", + "/usr/share/man/hu/man1/gpasswd.1.gz", + "/usr/share/man/hu/man1/passwd.1.gz", + "/usr/share/man/hu/man5/passwd.5.gz", + "/usr/share/man/id/man1/chsh.1.gz", + "/usr/share/man/id/man8/useradd.8.gz", + "/usr/share/man/it/man1/chage.1.gz", + "/usr/share/man/it/man1/chfn.1.gz", + "/usr/share/man/it/man1/chsh.1.gz", + "/usr/share/man/it/man1/expiry.1.gz", + "/usr/share/man/it/man1/gpasswd.1.gz", + "/usr/share/man/it/man1/passwd.1.gz", + "/usr/share/man/it/man5/gshadow.5.gz", + "/usr/share/man/it/man5/passwd.5.gz", + "/usr/share/man/it/man5/shadow.5.gz", + "/usr/share/man/it/man8/chgpasswd.8.gz", + "/usr/share/man/it/man8/chpasswd.8.gz", + "/usr/share/man/it/man8/groupadd.8.gz", + "/usr/share/man/it/man8/groupdel.8.gz", + "/usr/share/man/it/man8/groupmod.8.gz", + "/usr/share/man/it/man8/grpck.8.gz", + "/usr/share/man/it/man8/newusers.8.gz", + "/usr/share/man/it/man8/pwck.8.gz", + "/usr/share/man/it/man8/pwconv.8.gz", + "/usr/share/man/it/man8/useradd.8.gz", + "/usr/share/man/it/man8/userdel.8.gz", + "/usr/share/man/it/man8/usermod.8.gz", + "/usr/share/man/it/man8/vipw.8.gz", + "/usr/share/man/ja/man1/chage.1.gz", + "/usr/share/man/ja/man1/chfn.1.gz", + "/usr/share/man/ja/man1/chsh.1.gz", + "/usr/share/man/ja/man1/expiry.1.gz", + "/usr/share/man/ja/man1/gpasswd.1.gz", + "/usr/share/man/ja/man1/passwd.1.gz", + "/usr/share/man/ja/man5/passwd.5.gz", + "/usr/share/man/ja/man5/shadow.5.gz", + "/usr/share/man/ja/man8/chpasswd.8.gz", + "/usr/share/man/ja/man8/groupadd.8.gz", + "/usr/share/man/ja/man8/groupdel.8.gz", + "/usr/share/man/ja/man8/groupmod.8.gz", + "/usr/share/man/ja/man8/grpck.8.gz", + "/usr/share/man/ja/man8/newusers.8.gz", + "/usr/share/man/ja/man8/pwck.8.gz", + "/usr/share/man/ja/man8/pwconv.8.gz", + "/usr/share/man/ja/man8/useradd.8.gz", + "/usr/share/man/ja/man8/userdel.8.gz", + "/usr/share/man/ja/man8/usermod.8.gz", + "/usr/share/man/ja/man8/vipw.8.gz", + "/usr/share/man/ko/man1/chfn.1.gz", + "/usr/share/man/ko/man1/chsh.1.gz", + "/usr/share/man/ko/man5/passwd.5.gz", + "/usr/share/man/ko/man8/vipw.8.gz", + "/usr/share/man/man1/chage.1.gz", + "/usr/share/man/man1/chfn.1.gz", + "/usr/share/man/man1/chsh.1.gz", + "/usr/share/man/man1/expiry.1.gz", + "/usr/share/man/man1/gpasswd.1.gz", + "/usr/share/man/man1/passwd.1.gz", + "/usr/share/man/man5/gshadow.5.gz", + "/usr/share/man/man5/passwd.5.gz", + "/usr/share/man/man5/shadow.5.gz", + "/usr/share/man/man5/subgid.5.gz", + "/usr/share/man/man5/subuid.5.gz", + "/usr/share/man/man8/chgpasswd.8.gz", + "/usr/share/man/man8/chpasswd.8.gz", + "/usr/share/man/man8/groupadd.8.gz", + "/usr/share/man/man8/groupdel.8.gz", + "/usr/share/man/man8/groupmod.8.gz", + "/usr/share/man/man8/grpck.8.gz", + "/usr/share/man/man8/newusers.8.gz", + "/usr/share/man/man8/pwck.8.gz", + "/usr/share/man/man8/pwconv.8.gz", + "/usr/share/man/man8/shadowconfig.8.gz", + "/usr/share/man/man8/useradd.8.gz", + "/usr/share/man/man8/userdel.8.gz", + "/usr/share/man/man8/usermod.8.gz", + "/usr/share/man/man8/vipw.8.gz", + "/usr/share/man/pl/man1/chage.1.gz", + "/usr/share/man/pl/man1/chsh.1.gz", + "/usr/share/man/pl/man1/expiry.1.gz", + "/usr/share/man/pl/man8/groupadd.8.gz", + "/usr/share/man/pl/man8/groupdel.8.gz", + "/usr/share/man/pl/man8/groupmod.8.gz", + "/usr/share/man/pl/man8/grpck.8.gz", + "/usr/share/man/pl/man8/userdel.8.gz", + "/usr/share/man/pl/man8/usermod.8.gz", + "/usr/share/man/pl/man8/vipw.8.gz", + "/usr/share/man/pt_BR/man1/gpasswd.1.gz", + "/usr/share/man/pt_BR/man5/passwd.5.gz", + "/usr/share/man/pt_BR/man5/shadow.5.gz", + "/usr/share/man/pt_BR/man8/groupadd.8.gz", + "/usr/share/man/pt_BR/man8/groupdel.8.gz", + "/usr/share/man/pt_BR/man8/groupmod.8.gz", + "/usr/share/man/ru/man1/chage.1.gz", + "/usr/share/man/ru/man1/chfn.1.gz", + "/usr/share/man/ru/man1/chsh.1.gz", + "/usr/share/man/ru/man1/expiry.1.gz", + "/usr/share/man/ru/man1/gpasswd.1.gz", + "/usr/share/man/ru/man1/passwd.1.gz", + "/usr/share/man/ru/man5/gshadow.5.gz", + "/usr/share/man/ru/man5/passwd.5.gz", + "/usr/share/man/ru/man5/shadow.5.gz", + "/usr/share/man/ru/man8/chgpasswd.8.gz", + "/usr/share/man/ru/man8/chpasswd.8.gz", + "/usr/share/man/ru/man8/groupadd.8.gz", + "/usr/share/man/ru/man8/groupdel.8.gz", + "/usr/share/man/ru/man8/groupmod.8.gz", + "/usr/share/man/ru/man8/grpck.8.gz", + "/usr/share/man/ru/man8/newusers.8.gz", + "/usr/share/man/ru/man8/pwck.8.gz", + "/usr/share/man/ru/man8/pwconv.8.gz", + "/usr/share/man/ru/man8/useradd.8.gz", + "/usr/share/man/ru/man8/userdel.8.gz", + "/usr/share/man/ru/man8/usermod.8.gz", + "/usr/share/man/ru/man8/vipw.8.gz", + "/usr/share/man/sv/man1/chage.1.gz", + "/usr/share/man/sv/man1/chsh.1.gz", + "/usr/share/man/sv/man1/expiry.1.gz", + "/usr/share/man/sv/man1/passwd.1.gz", + "/usr/share/man/sv/man5/gshadow.5.gz", + "/usr/share/man/sv/man5/passwd.5.gz", + "/usr/share/man/sv/man8/groupadd.8.gz", + "/usr/share/man/sv/man8/groupdel.8.gz", + "/usr/share/man/sv/man8/groupmod.8.gz", + "/usr/share/man/sv/man8/grpck.8.gz", + "/usr/share/man/sv/man8/pwck.8.gz", + "/usr/share/man/sv/man8/userdel.8.gz", + "/usr/share/man/sv/man8/vipw.8.gz", + "/usr/share/man/tr/man1/chage.1.gz", + "/usr/share/man/tr/man1/chfn.1.gz", + "/usr/share/man/tr/man1/passwd.1.gz", + "/usr/share/man/tr/man5/passwd.5.gz", + "/usr/share/man/tr/man5/shadow.5.gz", + "/usr/share/man/tr/man8/groupadd.8.gz", + "/usr/share/man/tr/man8/groupdel.8.gz", + "/usr/share/man/tr/man8/groupmod.8.gz", + "/usr/share/man/tr/man8/useradd.8.gz", + "/usr/share/man/tr/man8/userdel.8.gz", + "/usr/share/man/tr/man8/usermod.8.gz", + "/usr/share/man/uk/man1/chage.1.gz", + "/usr/share/man/uk/man1/chfn.1.gz", + "/usr/share/man/uk/man1/chsh.1.gz", + "/usr/share/man/uk/man1/expiry.1.gz", + "/usr/share/man/uk/man1/gpasswd.1.gz", + "/usr/share/man/uk/man1/passwd.1.gz", + "/usr/share/man/uk/man5/gshadow.5.gz", + "/usr/share/man/uk/man5/passwd.5.gz", + "/usr/share/man/uk/man5/shadow.5.gz", + "/usr/share/man/uk/man8/chgpasswd.8.gz", + "/usr/share/man/uk/man8/chpasswd.8.gz", + "/usr/share/man/uk/man8/groupadd.8.gz", + "/usr/share/man/uk/man8/groupdel.8.gz", + "/usr/share/man/uk/man8/groupmod.8.gz", + "/usr/share/man/uk/man8/grpck.8.gz", + "/usr/share/man/uk/man8/newusers.8.gz", + "/usr/share/man/uk/man8/pwck.8.gz", + "/usr/share/man/uk/man8/pwconv.8.gz", + "/usr/share/man/uk/man8/useradd.8.gz", + "/usr/share/man/uk/man8/userdel.8.gz", + "/usr/share/man/uk/man8/usermod.8.gz", + "/usr/share/man/uk/man8/vipw.8.gz", + "/usr/share/man/zh_CN/man1/chage.1.gz", + "/usr/share/man/zh_CN/man1/chfn.1.gz", + "/usr/share/man/zh_CN/man1/chsh.1.gz", + "/usr/share/man/zh_CN/man1/expiry.1.gz", + "/usr/share/man/zh_CN/man1/gpasswd.1.gz", + "/usr/share/man/zh_CN/man1/passwd.1.gz", + "/usr/share/man/zh_CN/man5/gshadow.5.gz", + "/usr/share/man/zh_CN/man5/passwd.5.gz", + "/usr/share/man/zh_CN/man5/shadow.5.gz", + "/usr/share/man/zh_CN/man8/chgpasswd.8.gz", + "/usr/share/man/zh_CN/man8/chpasswd.8.gz", + "/usr/share/man/zh_CN/man8/groupadd.8.gz", + "/usr/share/man/zh_CN/man8/groupdel.8.gz", + "/usr/share/man/zh_CN/man8/groupmod.8.gz", + "/usr/share/man/zh_CN/man8/grpck.8.gz", + "/usr/share/man/zh_CN/man8/newusers.8.gz", + "/usr/share/man/zh_CN/man8/pwck.8.gz", + "/usr/share/man/zh_CN/man8/pwconv.8.gz", + "/usr/share/man/zh_CN/man8/useradd.8.gz", + "/usr/share/man/zh_CN/man8/userdel.8.gz", + "/usr/share/man/zh_CN/man8/usermod.8.gz", + "/usr/share/man/zh_CN/man8/vipw.8.gz", + "/usr/share/man/zh_TW/man1/chfn.1.gz", + "/usr/share/man/zh_TW/man1/chsh.1.gz", + "/usr/share/man/zh_TW/man5/passwd.5.gz", + "/usr/share/man/zh_TW/man8/chpasswd.8.gz", + "/usr/share/man/zh_TW/man8/groupadd.8.gz", + "/usr/share/man/zh_TW/man8/groupdel.8.gz", + "/usr/share/man/zh_TW/man8/groupmod.8.gz", + "/usr/share/man/zh_TW/man8/useradd.8.gz", + "/usr/share/man/zh_TW/man8/userdel.8.gz", + "/usr/share/man/zh_TW/man8/usermod.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "pkgconf@1.8.1-4", + "Name": "pkgconf", + "Identifier": { + "PURL": "pkg:deb/debian/pkgconf@1.8.1-4?arch=amd64\u0026distro=debian-13.4", + "UID": "9eaecff43b7da66d" + }, + "Version": "1.8.1", + "Release": "4", + "Arch": "amd64", + "SrcName": "pkgconf", + "SrcVersion": "1.8.1", + "SrcRelease": "4", + "Licenses": [ + "ISC", + "BSD-4-Clause", + "BSD-2-Clause", + "X11", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Andrej Shadura \u003candrewsh@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "pkgconf-bin@1.8.1-4" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/share/aclocal/pkg.m4", + "/usr/share/doc/pkgconf/changelog.Debian.gz", + "/usr/share/doc/pkgconf/changelog.gz", + "/usr/share/doc/pkgconf/copyright", + "/usr/share/lintian/overrides/pkgconf", + "/usr/share/man/man1/pkgconf.1.gz", + "/usr/share/man/man5/pc.5.gz", + "/usr/share/man/man5/pkgconf-personality.5.gz", + "/usr/share/man/man7/pkg.m4.7.gz", + "/usr/share/pkgconfig/personality.d/x86_64-linux-gnu.personality" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "pkgconf-bin@1.8.1-4", + "Name": "pkgconf-bin", + "Identifier": { + "PURL": "pkg:deb/debian/pkgconf-bin@1.8.1-4?arch=amd64\u0026distro=debian-13.4", + "UID": "ebf926e2f851fea7" + }, + "Version": "1.8.1", + "Release": "4", + "Arch": "amd64", + "SrcName": "pkgconf", + "SrcVersion": "1.8.1", + "SrcRelease": "4", + "Licenses": [ + "ISC", + "BSD-4-Clause", + "BSD-2-Clause", + "X11", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Andrej Shadura \u003candrewsh@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2", + "libpkgconf3@1.8.1-4" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/bin/pkgconf", + "/usr/share/doc/pkgconf-bin/AUTHORS", + "/usr/share/doc/pkgconf-bin/README.md.gz", + "/usr/share/doc/pkgconf-bin/changelog.Debian.gz", + "/usr/share/doc/pkgconf-bin/changelog.gz", + "/usr/share/doc/pkgconf-bin/copyright", + "/usr/share/lintian/overrides/pkgconf-bin" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "ssl-cert@1.1.3", + "Name": "ssl-cert", + "Identifier": { + "PURL": "pkg:deb/debian/ssl-cert@1.1.3?arch=all\u0026distro=debian-13.4", + "UID": "d8cd559e8194d0d" + }, + "Version": "1.1.3", + "Arch": "all", + "SrcName": "ssl-cert", + "SrcVersion": "1.1.3", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Debian Apache Maintainers \u003cdebian-apache@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "adduser@3.152", + "debconf@1.5.91", + "openssl@3.5.5-1~deb13u2" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/sbin/make-ssl-cert", + "/usr/share/doc/ssl-cert/README", + "/usr/share/doc/ssl-cert/changelog.gz", + "/usr/share/doc/ssl-cert/copyright", + "/usr/share/lintian/overrides/ssl-cert", + "/usr/share/man/man8/make-ssl-cert.8.gz", + "/usr/share/ssl-cert/ssleay.cnf" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "tini@0.19.0-3+b6", + "Name": "tini", + "Identifier": { + "PURL": "pkg:deb/debian/tini@0.19.0-3%2Bb6?arch=amd64\u0026distro=debian-13.4", + "UID": "c9fa58318c8ae6ee" + }, + "Version": "0.19.0", + "Release": "3+b6", + "Arch": "amd64", + "SrcName": "tini", + "SrcVersion": "0.19.0", + "SrcRelease": "3", + "Licenses": [ + "MIT" + ], + "Maintainer": "ChangZhuo Chen (陳昌倬) \u003cczchen@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "InstalledFiles": [ + "/usr/bin/tini", + "/usr/bin/tini-static", + "/usr/share/doc/tini/changelog.Debian.amd64.gz", + "/usr/share/doc/tini/changelog.Debian.gz", + "/usr/share/doc/tini/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "tzdata@2026a-0+deb13u1", + "Name": "tzdata", + "Identifier": { + "PURL": "pkg:deb/debian/tzdata@2026a-0%2Bdeb13u1?arch=all\u0026distro=debian-13.4", + "UID": "86ca7fb62175fe5b" + }, + "Version": "2026a", + "Release": "0+deb13u1", + "Arch": "all", + "SrcName": "tzdata", + "SrcVersion": "2026a", + "SrcRelease": "0+deb13u1", + "Licenses": [ + "public-domain" + ], + "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.91" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/share/doc/tzdata/NEWS.Debian.gz", + "/usr/share/doc/tzdata/README.Debian", + "/usr/share/doc/tzdata/changelog.Debian.gz", + "/usr/share/doc/tzdata/changelog.gz", + "/usr/share/doc/tzdata/copyright", + "/usr/share/lintian/overrides/tzdata", + "/usr/share/zoneinfo/Africa/Abidjan", + "/usr/share/zoneinfo/Africa/Accra", + "/usr/share/zoneinfo/Africa/Addis_Ababa", + "/usr/share/zoneinfo/Africa/Algiers", + "/usr/share/zoneinfo/Africa/Asmara", + "/usr/share/zoneinfo/Africa/Bamako", + "/usr/share/zoneinfo/Africa/Bangui", + "/usr/share/zoneinfo/Africa/Banjul", + "/usr/share/zoneinfo/Africa/Bissau", + "/usr/share/zoneinfo/Africa/Blantyre", + "/usr/share/zoneinfo/Africa/Brazzaville", + "/usr/share/zoneinfo/Africa/Bujumbura", + "/usr/share/zoneinfo/Africa/Cairo", + "/usr/share/zoneinfo/Africa/Casablanca", + "/usr/share/zoneinfo/Africa/Ceuta", + "/usr/share/zoneinfo/Africa/Conakry", + "/usr/share/zoneinfo/Africa/Dakar", + "/usr/share/zoneinfo/Africa/Dar_es_Salaam", + "/usr/share/zoneinfo/Africa/Djibouti", + "/usr/share/zoneinfo/Africa/Douala", + "/usr/share/zoneinfo/Africa/El_Aaiun", + "/usr/share/zoneinfo/Africa/Freetown", + "/usr/share/zoneinfo/Africa/Gaborone", + "/usr/share/zoneinfo/Africa/Harare", + "/usr/share/zoneinfo/Africa/Johannesburg", + "/usr/share/zoneinfo/Africa/Juba", + "/usr/share/zoneinfo/Africa/Kampala", + "/usr/share/zoneinfo/Africa/Khartoum", + "/usr/share/zoneinfo/Africa/Kigali", + "/usr/share/zoneinfo/Africa/Kinshasa", + "/usr/share/zoneinfo/Africa/Lagos", + "/usr/share/zoneinfo/Africa/Libreville", + "/usr/share/zoneinfo/Africa/Lome", + "/usr/share/zoneinfo/Africa/Luanda", + "/usr/share/zoneinfo/Africa/Lubumbashi", + "/usr/share/zoneinfo/Africa/Lusaka", + "/usr/share/zoneinfo/Africa/Malabo", + "/usr/share/zoneinfo/Africa/Maputo", + "/usr/share/zoneinfo/Africa/Maseru", + "/usr/share/zoneinfo/Africa/Mbabane", + "/usr/share/zoneinfo/Africa/Mogadishu", + "/usr/share/zoneinfo/Africa/Monrovia", + "/usr/share/zoneinfo/Africa/Nairobi", + "/usr/share/zoneinfo/Africa/Ndjamena", + "/usr/share/zoneinfo/Africa/Niamey", + "/usr/share/zoneinfo/Africa/Nouakchott", + "/usr/share/zoneinfo/Africa/Ouagadougou", + "/usr/share/zoneinfo/Africa/Porto-Novo", + "/usr/share/zoneinfo/Africa/Sao_Tome", + "/usr/share/zoneinfo/Africa/Tripoli", + "/usr/share/zoneinfo/Africa/Tunis", + "/usr/share/zoneinfo/Africa/Windhoek", + "/usr/share/zoneinfo/America/Adak", + "/usr/share/zoneinfo/America/Anchorage", + "/usr/share/zoneinfo/America/Anguilla", + "/usr/share/zoneinfo/America/Antigua", + "/usr/share/zoneinfo/America/Araguaina", + "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", + "/usr/share/zoneinfo/America/Argentina/Catamarca", + "/usr/share/zoneinfo/America/Argentina/Cordoba", + "/usr/share/zoneinfo/America/Argentina/Jujuy", + "/usr/share/zoneinfo/America/Argentina/La_Rioja", + "/usr/share/zoneinfo/America/Argentina/Mendoza", + "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", + "/usr/share/zoneinfo/America/Argentina/Salta", + "/usr/share/zoneinfo/America/Argentina/San_Juan", + "/usr/share/zoneinfo/America/Argentina/San_Luis", + "/usr/share/zoneinfo/America/Argentina/Tucuman", + "/usr/share/zoneinfo/America/Argentina/Ushuaia", + "/usr/share/zoneinfo/America/Aruba", + "/usr/share/zoneinfo/America/Asuncion", + "/usr/share/zoneinfo/America/Atikokan", + "/usr/share/zoneinfo/America/Bahia", + "/usr/share/zoneinfo/America/Bahia_Banderas", + "/usr/share/zoneinfo/America/Barbados", + "/usr/share/zoneinfo/America/Belem", + "/usr/share/zoneinfo/America/Belize", + "/usr/share/zoneinfo/America/Blanc-Sablon", + "/usr/share/zoneinfo/America/Boa_Vista", + "/usr/share/zoneinfo/America/Bogota", + "/usr/share/zoneinfo/America/Boise", + "/usr/share/zoneinfo/America/Cambridge_Bay", + "/usr/share/zoneinfo/America/Campo_Grande", + "/usr/share/zoneinfo/America/Cancun", + "/usr/share/zoneinfo/America/Caracas", + "/usr/share/zoneinfo/America/Cayenne", + "/usr/share/zoneinfo/America/Cayman", + "/usr/share/zoneinfo/America/Chicago", + "/usr/share/zoneinfo/America/Chihuahua", + "/usr/share/zoneinfo/America/Ciudad_Juarez", + "/usr/share/zoneinfo/America/Costa_Rica", + "/usr/share/zoneinfo/America/Coyhaique", + "/usr/share/zoneinfo/America/Creston", + "/usr/share/zoneinfo/America/Cuiaba", + "/usr/share/zoneinfo/America/Curacao", + "/usr/share/zoneinfo/America/Danmarkshavn", + "/usr/share/zoneinfo/America/Dawson", + "/usr/share/zoneinfo/America/Dawson_Creek", + "/usr/share/zoneinfo/America/Denver", + "/usr/share/zoneinfo/America/Detroit", + "/usr/share/zoneinfo/America/Dominica", + "/usr/share/zoneinfo/America/Edmonton", + "/usr/share/zoneinfo/America/Eirunepe", + "/usr/share/zoneinfo/America/El_Salvador", + "/usr/share/zoneinfo/America/Fort_Nelson", + "/usr/share/zoneinfo/America/Fortaleza", + "/usr/share/zoneinfo/America/Glace_Bay", + "/usr/share/zoneinfo/America/Goose_Bay", + "/usr/share/zoneinfo/America/Grand_Turk", + "/usr/share/zoneinfo/America/Grenada", + "/usr/share/zoneinfo/America/Guadeloupe", + "/usr/share/zoneinfo/America/Guatemala", + "/usr/share/zoneinfo/America/Guayaquil", + "/usr/share/zoneinfo/America/Guyana", + "/usr/share/zoneinfo/America/Halifax", + "/usr/share/zoneinfo/America/Havana", + "/usr/share/zoneinfo/America/Hermosillo", + "/usr/share/zoneinfo/America/Indiana/Indianapolis", + "/usr/share/zoneinfo/America/Indiana/Knox", + "/usr/share/zoneinfo/America/Indiana/Marengo", + "/usr/share/zoneinfo/America/Indiana/Petersburg", + "/usr/share/zoneinfo/America/Indiana/Tell_City", + "/usr/share/zoneinfo/America/Indiana/Vevay", + "/usr/share/zoneinfo/America/Indiana/Vincennes", + "/usr/share/zoneinfo/America/Indiana/Winamac", + "/usr/share/zoneinfo/America/Inuvik", + "/usr/share/zoneinfo/America/Iqaluit", + "/usr/share/zoneinfo/America/Jamaica", + "/usr/share/zoneinfo/America/Juneau", + "/usr/share/zoneinfo/America/Kentucky/Louisville", + "/usr/share/zoneinfo/America/Kentucky/Monticello", + "/usr/share/zoneinfo/America/La_Paz", + "/usr/share/zoneinfo/America/Lima", + "/usr/share/zoneinfo/America/Los_Angeles", + "/usr/share/zoneinfo/America/Maceio", + "/usr/share/zoneinfo/America/Managua", + "/usr/share/zoneinfo/America/Manaus", + "/usr/share/zoneinfo/America/Martinique", + "/usr/share/zoneinfo/America/Matamoros", + "/usr/share/zoneinfo/America/Mazatlan", + "/usr/share/zoneinfo/America/Menominee", + "/usr/share/zoneinfo/America/Merida", + "/usr/share/zoneinfo/America/Metlakatla", + "/usr/share/zoneinfo/America/Mexico_City", + "/usr/share/zoneinfo/America/Miquelon", + "/usr/share/zoneinfo/America/Moncton", + "/usr/share/zoneinfo/America/Monterrey", + "/usr/share/zoneinfo/America/Montevideo", + "/usr/share/zoneinfo/America/Montserrat", + "/usr/share/zoneinfo/America/Nassau", + "/usr/share/zoneinfo/America/New_York", + "/usr/share/zoneinfo/America/Nome", + "/usr/share/zoneinfo/America/Noronha", + "/usr/share/zoneinfo/America/North_Dakota/Beulah", + "/usr/share/zoneinfo/America/North_Dakota/Center", + "/usr/share/zoneinfo/America/North_Dakota/New_Salem", + "/usr/share/zoneinfo/America/Nuuk", + "/usr/share/zoneinfo/America/Ojinaga", + "/usr/share/zoneinfo/America/Panama", + "/usr/share/zoneinfo/America/Paramaribo", + "/usr/share/zoneinfo/America/Phoenix", + "/usr/share/zoneinfo/America/Port-au-Prince", + "/usr/share/zoneinfo/America/Port_of_Spain", + "/usr/share/zoneinfo/America/Porto_Velho", + "/usr/share/zoneinfo/America/Puerto_Rico", + "/usr/share/zoneinfo/America/Punta_Arenas", + "/usr/share/zoneinfo/America/Rankin_Inlet", + "/usr/share/zoneinfo/America/Recife", + "/usr/share/zoneinfo/America/Regina", + "/usr/share/zoneinfo/America/Resolute", + "/usr/share/zoneinfo/America/Rio_Branco", + "/usr/share/zoneinfo/America/Santarem", + "/usr/share/zoneinfo/America/Santiago", + "/usr/share/zoneinfo/America/Santo_Domingo", + "/usr/share/zoneinfo/America/Sao_Paulo", + "/usr/share/zoneinfo/America/Scoresbysund", + "/usr/share/zoneinfo/America/Sitka", + "/usr/share/zoneinfo/America/St_Johns", + "/usr/share/zoneinfo/America/St_Kitts", + "/usr/share/zoneinfo/America/St_Lucia", + "/usr/share/zoneinfo/America/St_Thomas", + "/usr/share/zoneinfo/America/St_Vincent", + "/usr/share/zoneinfo/America/Swift_Current", + "/usr/share/zoneinfo/America/Tegucigalpa", + "/usr/share/zoneinfo/America/Thule", + "/usr/share/zoneinfo/America/Tijuana", + "/usr/share/zoneinfo/America/Toronto", + "/usr/share/zoneinfo/America/Tortola", + "/usr/share/zoneinfo/America/Vancouver", + "/usr/share/zoneinfo/America/Whitehorse", + "/usr/share/zoneinfo/America/Winnipeg", + "/usr/share/zoneinfo/America/Yakutat", + "/usr/share/zoneinfo/Antarctica/Casey", + "/usr/share/zoneinfo/Antarctica/Davis", + "/usr/share/zoneinfo/Antarctica/DumontDUrville", + "/usr/share/zoneinfo/Antarctica/Macquarie", + "/usr/share/zoneinfo/Antarctica/Mawson", + "/usr/share/zoneinfo/Antarctica/McMurdo", + "/usr/share/zoneinfo/Antarctica/Palmer", + "/usr/share/zoneinfo/Antarctica/Rothera", + "/usr/share/zoneinfo/Antarctica/Syowa", + "/usr/share/zoneinfo/Antarctica/Troll", + "/usr/share/zoneinfo/Antarctica/Vostok", + "/usr/share/zoneinfo/Asia/Aden", + "/usr/share/zoneinfo/Asia/Almaty", + "/usr/share/zoneinfo/Asia/Amman", + "/usr/share/zoneinfo/Asia/Anadyr", + "/usr/share/zoneinfo/Asia/Aqtau", + "/usr/share/zoneinfo/Asia/Aqtobe", + "/usr/share/zoneinfo/Asia/Ashgabat", + "/usr/share/zoneinfo/Asia/Atyrau", + "/usr/share/zoneinfo/Asia/Baghdad", + "/usr/share/zoneinfo/Asia/Bahrain", + "/usr/share/zoneinfo/Asia/Baku", + "/usr/share/zoneinfo/Asia/Bangkok", + "/usr/share/zoneinfo/Asia/Barnaul", + "/usr/share/zoneinfo/Asia/Beirut", + "/usr/share/zoneinfo/Asia/Bishkek", + "/usr/share/zoneinfo/Asia/Brunei", + "/usr/share/zoneinfo/Asia/Chita", + "/usr/share/zoneinfo/Asia/Colombo", + "/usr/share/zoneinfo/Asia/Damascus", + "/usr/share/zoneinfo/Asia/Dhaka", + "/usr/share/zoneinfo/Asia/Dili", + "/usr/share/zoneinfo/Asia/Dubai", + "/usr/share/zoneinfo/Asia/Dushanbe", + "/usr/share/zoneinfo/Asia/Famagusta", + "/usr/share/zoneinfo/Asia/Gaza", + "/usr/share/zoneinfo/Asia/Hebron", + "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", + "/usr/share/zoneinfo/Asia/Hong_Kong", + "/usr/share/zoneinfo/Asia/Hovd", + "/usr/share/zoneinfo/Asia/Irkutsk", + "/usr/share/zoneinfo/Asia/Jakarta", + "/usr/share/zoneinfo/Asia/Jayapura", + "/usr/share/zoneinfo/Asia/Jerusalem", + "/usr/share/zoneinfo/Asia/Kabul", + "/usr/share/zoneinfo/Asia/Kamchatka", + "/usr/share/zoneinfo/Asia/Karachi", + "/usr/share/zoneinfo/Asia/Kathmandu", + "/usr/share/zoneinfo/Asia/Khandyga", + "/usr/share/zoneinfo/Asia/Kolkata", + "/usr/share/zoneinfo/Asia/Krasnoyarsk", + "/usr/share/zoneinfo/Asia/Kuala_Lumpur", + "/usr/share/zoneinfo/Asia/Kuching", + "/usr/share/zoneinfo/Asia/Kuwait", + "/usr/share/zoneinfo/Asia/Macau", + "/usr/share/zoneinfo/Asia/Magadan", + "/usr/share/zoneinfo/Asia/Makassar", + "/usr/share/zoneinfo/Asia/Manila", + "/usr/share/zoneinfo/Asia/Muscat", + "/usr/share/zoneinfo/Asia/Nicosia", + "/usr/share/zoneinfo/Asia/Novokuznetsk", + "/usr/share/zoneinfo/Asia/Novosibirsk", + "/usr/share/zoneinfo/Asia/Omsk", + "/usr/share/zoneinfo/Asia/Oral", + "/usr/share/zoneinfo/Asia/Phnom_Penh", + "/usr/share/zoneinfo/Asia/Pontianak", + "/usr/share/zoneinfo/Asia/Pyongyang", + "/usr/share/zoneinfo/Asia/Qatar", + "/usr/share/zoneinfo/Asia/Qostanay", + "/usr/share/zoneinfo/Asia/Qyzylorda", + "/usr/share/zoneinfo/Asia/Riyadh", + "/usr/share/zoneinfo/Asia/Sakhalin", + "/usr/share/zoneinfo/Asia/Samarkand", + "/usr/share/zoneinfo/Asia/Seoul", + "/usr/share/zoneinfo/Asia/Shanghai", + "/usr/share/zoneinfo/Asia/Singapore", + "/usr/share/zoneinfo/Asia/Srednekolymsk", + "/usr/share/zoneinfo/Asia/Taipei", + "/usr/share/zoneinfo/Asia/Tashkent", + "/usr/share/zoneinfo/Asia/Tbilisi", + "/usr/share/zoneinfo/Asia/Tehran", + "/usr/share/zoneinfo/Asia/Thimphu", + "/usr/share/zoneinfo/Asia/Tokyo", + "/usr/share/zoneinfo/Asia/Tomsk", + "/usr/share/zoneinfo/Asia/Ulaanbaatar", + "/usr/share/zoneinfo/Asia/Urumqi", + "/usr/share/zoneinfo/Asia/Ust-Nera", + "/usr/share/zoneinfo/Asia/Vientiane", + "/usr/share/zoneinfo/Asia/Vladivostok", + "/usr/share/zoneinfo/Asia/Yakutsk", + "/usr/share/zoneinfo/Asia/Yangon", + "/usr/share/zoneinfo/Asia/Yekaterinburg", + "/usr/share/zoneinfo/Asia/Yerevan", + "/usr/share/zoneinfo/Atlantic/Azores", + "/usr/share/zoneinfo/Atlantic/Bermuda", + "/usr/share/zoneinfo/Atlantic/Canary", + "/usr/share/zoneinfo/Atlantic/Cape_Verde", + "/usr/share/zoneinfo/Atlantic/Faroe", + "/usr/share/zoneinfo/Atlantic/Madeira", + "/usr/share/zoneinfo/Atlantic/Reykjavik", + "/usr/share/zoneinfo/Atlantic/South_Georgia", + "/usr/share/zoneinfo/Atlantic/St_Helena", + "/usr/share/zoneinfo/Atlantic/Stanley", + "/usr/share/zoneinfo/Australia/Adelaide", + "/usr/share/zoneinfo/Australia/Brisbane", + "/usr/share/zoneinfo/Australia/Broken_Hill", + "/usr/share/zoneinfo/Australia/Darwin", + "/usr/share/zoneinfo/Australia/Eucla", + "/usr/share/zoneinfo/Australia/Hobart", + "/usr/share/zoneinfo/Australia/Lindeman", + "/usr/share/zoneinfo/Australia/Lord_Howe", + "/usr/share/zoneinfo/Australia/Melbourne", + "/usr/share/zoneinfo/Australia/Perth", + "/usr/share/zoneinfo/Australia/Sydney", + "/usr/share/zoneinfo/Etc/GMT", + "/usr/share/zoneinfo/Etc/GMT+1", + "/usr/share/zoneinfo/Etc/GMT+10", + "/usr/share/zoneinfo/Etc/GMT+11", + "/usr/share/zoneinfo/Etc/GMT+12", + "/usr/share/zoneinfo/Etc/GMT+2", + "/usr/share/zoneinfo/Etc/GMT+3", + "/usr/share/zoneinfo/Etc/GMT+4", + "/usr/share/zoneinfo/Etc/GMT+5", + "/usr/share/zoneinfo/Etc/GMT+6", + "/usr/share/zoneinfo/Etc/GMT+7", + "/usr/share/zoneinfo/Etc/GMT+8", + "/usr/share/zoneinfo/Etc/GMT+9", + "/usr/share/zoneinfo/Etc/GMT-1", + "/usr/share/zoneinfo/Etc/GMT-10", + "/usr/share/zoneinfo/Etc/GMT-11", + "/usr/share/zoneinfo/Etc/GMT-12", + "/usr/share/zoneinfo/Etc/GMT-13", + "/usr/share/zoneinfo/Etc/GMT-14", + "/usr/share/zoneinfo/Etc/GMT-2", + "/usr/share/zoneinfo/Etc/GMT-3", + "/usr/share/zoneinfo/Etc/GMT-4", + "/usr/share/zoneinfo/Etc/GMT-5", + "/usr/share/zoneinfo/Etc/GMT-6", + "/usr/share/zoneinfo/Etc/GMT-7", + "/usr/share/zoneinfo/Etc/GMT-8", + "/usr/share/zoneinfo/Etc/GMT-9", + "/usr/share/zoneinfo/Etc/UTC", + "/usr/share/zoneinfo/Europe/Amsterdam", + "/usr/share/zoneinfo/Europe/Andorra", + "/usr/share/zoneinfo/Europe/Astrakhan", + "/usr/share/zoneinfo/Europe/Athens", + "/usr/share/zoneinfo/Europe/Belgrade", + "/usr/share/zoneinfo/Europe/Berlin", + "/usr/share/zoneinfo/Europe/Brussels", + "/usr/share/zoneinfo/Europe/Bucharest", + "/usr/share/zoneinfo/Europe/Budapest", + "/usr/share/zoneinfo/Europe/Chisinau", + "/usr/share/zoneinfo/Europe/Copenhagen", + "/usr/share/zoneinfo/Europe/Dublin", + "/usr/share/zoneinfo/Europe/Gibraltar", + "/usr/share/zoneinfo/Europe/Guernsey", + "/usr/share/zoneinfo/Europe/Helsinki", + "/usr/share/zoneinfo/Europe/Isle_of_Man", + "/usr/share/zoneinfo/Europe/Istanbul", + "/usr/share/zoneinfo/Europe/Jersey", + "/usr/share/zoneinfo/Europe/Kaliningrad", + "/usr/share/zoneinfo/Europe/Kirov", + "/usr/share/zoneinfo/Europe/Kyiv", + "/usr/share/zoneinfo/Europe/Lisbon", + "/usr/share/zoneinfo/Europe/Ljubljana", + "/usr/share/zoneinfo/Europe/London", + "/usr/share/zoneinfo/Europe/Luxembourg", + "/usr/share/zoneinfo/Europe/Madrid", + "/usr/share/zoneinfo/Europe/Malta", + "/usr/share/zoneinfo/Europe/Minsk", + "/usr/share/zoneinfo/Europe/Monaco", + "/usr/share/zoneinfo/Europe/Moscow", + "/usr/share/zoneinfo/Europe/Oslo", + "/usr/share/zoneinfo/Europe/Paris", + "/usr/share/zoneinfo/Europe/Prague", + "/usr/share/zoneinfo/Europe/Riga", + "/usr/share/zoneinfo/Europe/Rome", + "/usr/share/zoneinfo/Europe/Samara", + "/usr/share/zoneinfo/Europe/Sarajevo", + "/usr/share/zoneinfo/Europe/Saratov", + "/usr/share/zoneinfo/Europe/Simferopol", + "/usr/share/zoneinfo/Europe/Skopje", + "/usr/share/zoneinfo/Europe/Sofia", + "/usr/share/zoneinfo/Europe/Stockholm", + "/usr/share/zoneinfo/Europe/Tallinn", + "/usr/share/zoneinfo/Europe/Tirane", + "/usr/share/zoneinfo/Europe/Ulyanovsk", + "/usr/share/zoneinfo/Europe/Vaduz", + "/usr/share/zoneinfo/Europe/Vienna", + "/usr/share/zoneinfo/Europe/Vilnius", + "/usr/share/zoneinfo/Europe/Volgograd", + "/usr/share/zoneinfo/Europe/Warsaw", + "/usr/share/zoneinfo/Europe/Zagreb", + "/usr/share/zoneinfo/Europe/Zurich", + "/usr/share/zoneinfo/Factory", + "/usr/share/zoneinfo/Indian/Antananarivo", + "/usr/share/zoneinfo/Indian/Chagos", + "/usr/share/zoneinfo/Indian/Christmas", + "/usr/share/zoneinfo/Indian/Cocos", + "/usr/share/zoneinfo/Indian/Comoro", + "/usr/share/zoneinfo/Indian/Kerguelen", + "/usr/share/zoneinfo/Indian/Mahe", + "/usr/share/zoneinfo/Indian/Maldives", + "/usr/share/zoneinfo/Indian/Mauritius", + "/usr/share/zoneinfo/Indian/Mayotte", + "/usr/share/zoneinfo/Indian/Reunion", + "/usr/share/zoneinfo/Pacific/Apia", + "/usr/share/zoneinfo/Pacific/Auckland", + "/usr/share/zoneinfo/Pacific/Bougainville", + "/usr/share/zoneinfo/Pacific/Chatham", + "/usr/share/zoneinfo/Pacific/Chuuk", + "/usr/share/zoneinfo/Pacific/Easter", + "/usr/share/zoneinfo/Pacific/Efate", + "/usr/share/zoneinfo/Pacific/Fakaofo", + "/usr/share/zoneinfo/Pacific/Fiji", + "/usr/share/zoneinfo/Pacific/Funafuti", + "/usr/share/zoneinfo/Pacific/Galapagos", + "/usr/share/zoneinfo/Pacific/Gambier", + "/usr/share/zoneinfo/Pacific/Guadalcanal", + "/usr/share/zoneinfo/Pacific/Guam", + "/usr/share/zoneinfo/Pacific/Honolulu", + "/usr/share/zoneinfo/Pacific/Kanton", + "/usr/share/zoneinfo/Pacific/Kiritimati", + "/usr/share/zoneinfo/Pacific/Kosrae", + "/usr/share/zoneinfo/Pacific/Kwajalein", + "/usr/share/zoneinfo/Pacific/Majuro", + "/usr/share/zoneinfo/Pacific/Marquesas", + "/usr/share/zoneinfo/Pacific/Midway", + "/usr/share/zoneinfo/Pacific/Nauru", + "/usr/share/zoneinfo/Pacific/Niue", + "/usr/share/zoneinfo/Pacific/Norfolk", + "/usr/share/zoneinfo/Pacific/Noumea", + "/usr/share/zoneinfo/Pacific/Pago_Pago", + "/usr/share/zoneinfo/Pacific/Palau", + "/usr/share/zoneinfo/Pacific/Pitcairn", + "/usr/share/zoneinfo/Pacific/Pohnpei", + "/usr/share/zoneinfo/Pacific/Port_Moresby", + "/usr/share/zoneinfo/Pacific/Rarotonga", + "/usr/share/zoneinfo/Pacific/Saipan", + "/usr/share/zoneinfo/Pacific/Tahiti", + "/usr/share/zoneinfo/Pacific/Tarawa", + "/usr/share/zoneinfo/Pacific/Tongatapu", + "/usr/share/zoneinfo/Pacific/Wake", + "/usr/share/zoneinfo/Pacific/Wallis", + "/usr/share/zoneinfo/iso3166.tab", + "/usr/share/zoneinfo/leap-seconds.list", + "/usr/share/zoneinfo/leapseconds", + "/usr/share/zoneinfo/tzdata.zi", + "/usr/share/zoneinfo/zone.tab", + "/usr/share/zoneinfo/zone1970.tab", + "/usr/share/zoneinfo/zonenow.tab" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "zlib1g@1:1.3.dfsg+really1.3.1-1+b1", + "Name": "zlib1g", + "Identifier": { + "PURL": "pkg:deb/debian/zlib1g@1.3.dfsg%2Breally1.3.1-1%2Bb1?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", + "UID": "6f0e3b7df83b1702" + }, + "Version": "1.3.dfsg+really1.3.1", + "Release": "1+b1", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "zlib", + "SrcVersion": "1.3.dfsg+really1.3.1", + "SrcRelease": "1", + "SrcEpoch": 1, + "Licenses": [ + "Zlib" + ], + "Maintainer": "Mark Brown \u003cbroonie@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u2" + ], + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libz.so.1.3.1", + "/usr/share/doc/zlib1g/changelog.Debian.amd64.gz", + "/usr/share/doc/zlib1g/changelog.Debian.gz", + "/usr/share/doc/zlib1g/changelog.gz", + "/usr/share/doc/zlib1g/copyright" + ], + "AnalyzedBy": "dpkg" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "bsdutils@1:2.41-5", + "PkgName": "bsdutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", + "UID": "5843733a461e6ce1" + }, + "InstalledVersion": "1:2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:304ec3739979cb1bb265a6c7284c015bf7721f3350bde699dec65f67133caf32", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "bsdutils@1:2.41-5", + "PkgName": "bsdutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", + "UID": "5843733a461e6ce1" + }, + "InstalledVersion": "1:2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:c2724bee0f32862198dd0ae97a4e5b05882cd7b6d5ae7f452c5d4ddedbd8da61", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "libblkid1@2.41-5", + "PkgName": "libblkid1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.4", + "UID": "c1af86eefb8cc018" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:22476334059611a6dfe8e6570cc668a85f8b7c11a1bff882287b2b7a9c1ae903", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "libblkid1@2.41-5", + "PkgName": "libblkid1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.4", + "UID": "c1af86eefb8cc018" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:60a6861e25a912963d4175f3b794430d1b24075b6cbf8c6f1f47c1250b18c8fc", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-4046", + "PkgID": "libc6@2.41-12+deb13u2", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u2?arch=amd64\u0026distro=debian-13.4", + "UID": "f8217b10d3b7623a" + }, + "InstalledVersion": "2.41-12+deb13u2", + "FixedVersion": "2.41-12+deb13u3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4046", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:74f7efe4a69af456071b45d90327d9506f7c54b5af6c0852820bba3885d030ec", + "Title": "glibc: glibc: Denial of Service via iconv() function with specific character sets", + "Description": "The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application.\n\n\n\nThis vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-617" + ], + "VendorSeverity": { + "amazon": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-4046", + "https://inbox.sourceware.org/libc-announce/76814edf-cf7f-47ec-979d-2dce0a2c76bf@gotplt.org/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2026-4046", + "https://packages.fedoraproject.org/pkgs/glibc/glibc-gconv-extra/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33980", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007", + "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD", + "https://www.cve.org/CVERecord?id=CVE-2026-4046" + ], + "PublishedDate": "2026-03-30T18:16:19.573Z", + "LastModifiedDate": "2026-04-20T22:16:23.623Z" + }, + { + "VulnerabilityID": "CVE-2026-4437", + "PkgID": "libc6@2.41-12+deb13u2", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u2?arch=amd64\u0026distro=debian-13.4", + "UID": "f8217b10d3b7623a" + }, + "InstalledVersion": "2.41-12+deb13u2", + "FixedVersion": "2.41-12+deb13u3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4437", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:4dd461c682aaebb3ac36ddb9e81c0d39ce11ae82e26d189a5f3816608ba8f90d", + "Title": "glibc: glibc: Incorrect DNS response parsing via crafted DNS server response", + "Description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "azure": 2, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-4437", + "https://nvd.nist.gov/vuln/detail/CVE-2026-4437", + "https://sourceware.org/bugzilla/show_bug.cgi?id=34014", + "https://www.cve.org/CVERecord?id=CVE-2026-4437", + "https://www.openwall.com/lists/oss-security/2026/03/23/2" + ], + "PublishedDate": "2026-03-20T20:16:49.477Z", + "LastModifiedDate": "2026-04-07T18:41:36.647Z" + }, + { + "VulnerabilityID": "CVE-2026-5435", + "PkgID": "libc6@2.41-12+deb13u2", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u2?arch=amd64\u0026distro=debian-13.4", + "UID": "f8217b10d3b7623a" + }, + "InstalledVersion": "2.41-12+deb13u2", + "Status": "affected", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5435", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:259455ccf758785399069d2bd7a0419e370333b80cf27457d8fb0075dbcea2c0", + "Title": "glibc: glibc: Out-of-bounds write via TSIG record processing", + "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-5435", + "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5435", + "https://sourceware.org/bugzilla/show_bug.cgi?id=34033", + "https://www.cve.org/CVERecord?id=CVE-2026-5435" + ], + "PublishedDate": "2026-04-28T13:19:22.29Z", + "LastModifiedDate": "2026-05-05T17:38:37.03Z" + }, + { + "VulnerabilityID": "CVE-2026-5450", + "PkgID": "libc6@2.41-12+deb13u2", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u2?arch=amd64\u0026distro=debian-13.4", + "UID": "f8217b10d3b7623a" + }, + "InstalledVersion": "2.41-12+deb13u2", + "Status": "affected", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5450", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:d78ba5e3dfd5cdb9c5c105766d20e2ec9272a4984d2f15ad4396e6ac74629a31", + "Title": "glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width", + "Description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122", + "CWE-787" + ], + "VendorSeverity": { + "photon": 4, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-5450", + "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5450", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997", + "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450", + "https://www.cve.org/CVERecord?id=CVE-2026-5450" + ], + "PublishedDate": "2026-04-20T21:16:36.85Z", + "LastModifiedDate": "2026-04-23T15:33:34.277Z" + }, + { + "VulnerabilityID": "CVE-2026-5928", + "PkgID": "libc6@2.41-12+deb13u2", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u2?arch=amd64\u0026distro=debian-13.4", + "UID": "f8217b10d3b7623a" + }, + "InstalledVersion": "2.41-12+deb13u2", + "Status": "affected", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5928", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:4f8e5ea58ea0eb543275d6659cfcd0a4e5e8cf62450e77d6c1f5eff39217373e", + "Title": "glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings", + "Description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp-\u003e_IO_read_ptr) instead of the actual wide-stream read pointer (fp-\u003e_wide_data-\u003e_IO_read_ptr). The program crash may happen in cases where fp-\u003e_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-127" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-5928", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5928", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33998", + "https://www.cve.org/CVERecord?id=CVE-2026-5928" + ], + "PublishedDate": "2026-04-20T21:16:36.963Z", + "LastModifiedDate": "2026-04-23T15:33:43.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6238", + "PkgID": "libc6@2.41-12+deb13u2", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u2?arch=amd64\u0026distro=debian-13.4", + "UID": "f8217b10d3b7623a" + }, + "InstalledVersion": "2.41-12+deb13u2", + "Status": "affected", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6238", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:fcf6c238d4c7b6e629178ac87e918bf29562809ef6d9b6cd01e9444ed98a71e1", + "Title": "glibc: glibc: Application crash or uninitialized memory read via crafted DNS response", + "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.\n\nThese functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-126" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-6238", + "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6238", + "https://sourceware.org/bugzilla/show_bug.cgi?id=34069", + "https://www.cve.org/CVERecord?id=CVE-2026-6238" + ], + "PublishedDate": "2026-04-28T19:37:47.523Z", + "LastModifiedDate": "2026-05-04T17:57:24.007Z" + }, + { + "VulnerabilityID": "CVE-2026-4878", + "PkgID": "libcap2@1:2.75-10+b8", + "PkgName": "libcap2", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libcap2@2.75-10%2Bb8?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", + "UID": "7062e9c4f309915f" + }, + "InstalledVersion": "1:2.75-10+b8", + "FixedVersion": "1:2.75-10+deb13u1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4878", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:9b50c52f3857ab58a41d7905e817bfc10b0d7f5d2020ca8e6d421fc2cca6890b", + "Title": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()", + "Description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-367" + ], + "VendorSeverity": { + "alma": 3, + "azure": 2, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/07/14", + "http://www.openwall.com/lists/oss-security/2026/04/07/4", + "http://www.openwall.com/lists/oss-security/2026/04/08/9", + "http://www.openwall.com/lists/oss-security/2026/04/09/5", + "http://www.openwall.com/lists/oss-security/2026/04/09/6", + "https://access.redhat.com/errata/RHSA-2026:12423", + "https://access.redhat.com/errata/RHSA-2026:12441", + "https://access.redhat.com/errata/RHSA-2026:13285", + "https://access.redhat.com/errata/RHSA-2026:14162", + "https://access.redhat.com/errata/RHSA-2026:14937", + "https://access.redhat.com/errata/RHSA-2026:19130", + "https://access.redhat.com/errata/RHSA-2026:19346", + "https://access.redhat.com/errata/RHSA-2026:19456", + "https://access.redhat.com/errata/RHSA-2026:19458", + "https://access.redhat.com/errata/RHSA-2026:7473", + "https://access.redhat.com/security/cve/CVE-2026-4878", + "https://bugzilla.redhat.com/2451615", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447554", + "https://bugzilla.redhat.com/show_bug.cgi?id=2451615", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4878", + "https://errata.almalinux.org/9/ALSA-2026-12441.html", + "https://errata.rockylinux.org/RLSA-2026:12441", + "https://github.com/AndrewGMorgan/libcap_mirror/security/advisories/GHSA-f78v-p5hx-m7hh", + "https://linux.oracle.com/cve/CVE-2026-4878.html", + "https://linux.oracle.com/errata/ELSA-2026-13285.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-4878", + "https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.x4zn8j3lss6r", + "https://ubuntu.com/security/notices/USN-8193-1", + "https://www.cve.org/CVERecord?id=CVE-2026-4878" + ], + "PublishedDate": "2026-04-09T16:16:31.987Z", + "LastModifiedDate": "2026-05-20T05:16:21.907Z" + }, + { + "VulnerabilityID": "CVE-2025-59375", + "PkgID": "libexpat1@2.7.1-2", + "PkgName": "libexpat1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libexpat1@2.7.1-2?arch=amd64\u0026distro=debian-13.4", + "UID": "98d5e2cecc41711d" + }, + "InstalledVersion": "2.7.1-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-59375", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:1c2233429030fd0bb6036635e431c473f1637b4f931b373d14fa8053400a8ac1", + "Title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing", + "Description": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/16/2", + "http://www.openwall.com/lists/oss-security/2026/05/01/5", + "https://access.redhat.com/errata/RHSA-2025:22175", + "https://access.redhat.com/security/cve/CVE-2025-59375", + "https://bugzilla.redhat.com/2395108", + "https://bugzilla.redhat.com/show_bug.cgi?id=2395108", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375", + "https://errata.almalinux.org/9/ALSA-2025-22175.html", + "https://errata.rockylinux.org/RLSA-2025:22175", + "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74", + "https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes", + "https://github.com/libexpat/libexpat/issues/1018", + "https://github.com/libexpat/libexpat/pull/1034", + "https://issues.oss-fuzz.com/issues/439133977", + "https://linux.oracle.com/cve/CVE-2025-59375.html", + "https://linux.oracle.com/errata/ELSA-2026-3407.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-59375", + "https://ubuntu.com/security/notices/USN-8022-1", + "https://www.cve.org/CVERecord?id=CVE-2025-59375", + "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375", + "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375" + ], + "PublishedDate": "2025-09-15T03:15:40.92Z", + "LastModifiedDate": "2026-05-12T13:17:22.64Z" + }, + { + "VulnerabilityID": "CVE-2026-25210", + "PkgID": "libexpat1@2.7.1-2", + "PkgName": "libexpat1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libexpat1@2.7.1-2?arch=amd64\u0026distro=debian-13.4", + "UID": "98d5e2cecc41711d" + }, + "InstalledVersion": "2.7.1-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25210", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:00d448a8fc1be16cd4acdb9d865318da8759e97a5bd99d42ce2e39004450ff3e", + "Title": "libexpat: libexpat: Information disclosure and data integrity issues due to integer overflow in buffer reallocation", + "Description": "In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "nvd": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", + "V3Score": 6.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-25210", + "https://github.com/libexpat/libexpat/pull/1075", + "https://github.com/libexpat/libexpat/pull/1075/commits/9c2d990389e6abe2e44527eeaa8b39f16fe859c7", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25210", + "https://ubuntu.com/security/notices/USN-8022-1", + "https://ubuntu.com/security/notices/USN-8022-2", + "https://ubuntu.com/security/notices/USN-8023-1", + "https://www.cve.org/CVERecord?id=CVE-2026-25210" + ], + "PublishedDate": "2026-01-30T07:16:15.57Z", + "LastModifiedDate": "2026-03-10T18:17:12.78Z" + }, + { + "VulnerabilityID": "CVE-2026-45186", + "PkgID": "libexpat1@2.7.1-2", + "PkgName": "libexpat1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libexpat1@2.7.1-2?arch=amd64\u0026distro=debian-13.4", + "UID": "98d5e2cecc41711d" + }, + "InstalledVersion": "2.7.1-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-45186", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:3fc90519adb68da0990e7c5a76573c236c00c39bbf8d78f973b5de3a87478e3e", + "Title": "libexpat: denial of service via crafted XML input", + "Description": "In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "nvd": 3, + "photon": 3, + "redhat": 3 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/05/11/16", + "https://access.redhat.com/security/cve/CVE-2026-45186", + "https://github.com/libexpat/libexpat/pull/1216", + "https://nvd.nist.gov/vuln/detail/CVE-2026-45186", + "https://www.cve.org/CVERecord?id=CVE-2026-45186" + ], + "PublishedDate": "2026-05-10T07:16:07.883Z", + "LastModifiedDate": "2026-05-14T17:20:32.57Z" + }, + { + "VulnerabilityID": "CVE-2025-66382", + "PkgID": "libexpat1@2.7.1-2", + "PkgName": "libexpat1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libexpat1@2.7.1-2?arch=amd64\u0026distro=debian-13.4", + "UID": "98d5e2cecc41711d" + }, + "InstalledVersion": "2.7.1-2", + "Status": "fix_deferred", + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-66382", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:4cd7fbb0a13db23e2c9449887eb1fb15f13f7ec1f99855d54dc5519c6e8fdae5", + "Title": "libexpat: libexpat: Denial of service via crafted file processing", + "Description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/12/02/1", + "https://access.redhat.com/security/cve/CVE-2025-66382", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://github.com/libexpat/libexpat/issues/1076", + "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", + "https://www.cve.org/CVERecord?id=CVE-2025-66382" + ], + "PublishedDate": "2025-11-28T07:15:57.9Z", + "LastModifiedDate": "2026-05-12T13:17:23.933Z" + }, + { + "VulnerabilityID": "CVE-2026-32776", + "PkgID": "libexpat1@2.7.1-2", + "PkgName": "libexpat1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libexpat1@2.7.1-2?arch=amd64\u0026distro=debian-13.4", + "UID": "98d5e2cecc41711d" + }, + "InstalledVersion": "2.7.1-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32776", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:31e2bba6a37fed5c88a61641a73e78b3dcc479c48381c11b44c9b259436b778e", + "Title": "libexpat: libexpat: Denial of Service due to NULL pointer dereference", + "Description": "libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.2 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32776", + "https://github.com/libexpat/libexpat/pull/1158", + "https://github.com/libexpat/libexpat/pull/1159", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32776", + "https://www.cve.org/CVERecord?id=CVE-2026-32776" + ], + "PublishedDate": "2026-03-16T14:19:44.6Z", + "LastModifiedDate": "2026-03-17T15:52:09.023Z" + }, + { + "VulnerabilityID": "CVE-2026-32777", + "PkgID": "libexpat1@2.7.1-2", + "PkgName": "libexpat1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libexpat1@2.7.1-2?arch=amd64\u0026distro=debian-13.4", + "UID": "98d5e2cecc41711d" + }, + "InstalledVersion": "2.7.1-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32777", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:aa6119201c4048ff7fa79f5f89c80c5dda49fbd93fbf97df47df3b04af3eb1ec", + "Title": "libexpat: libexpat: Denial of Service via infinite loop in DTD content parsing", + "Description": "libexpat before 2.7.5 allows an infinite loop while parsing DTD content.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32777", + "https://github.com/libexpat/libexpat/issues/1161", + "https://github.com/libexpat/libexpat/pull/1159", + "https://github.com/libexpat/libexpat/pull/1162", + "https://issues.oss-fuzz.com/issues/486993411", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32777", + "https://www.cve.org/CVERecord?id=CVE-2026-32777" + ], + "PublishedDate": "2026-03-16T14:19:44.78Z", + "LastModifiedDate": "2026-03-17T15:52:34.357Z" + }, + { + "VulnerabilityID": "CVE-2026-32778", + "PkgID": "libexpat1@2.7.1-2", + "PkgName": "libexpat1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libexpat1@2.7.1-2?arch=amd64\u0026distro=debian-13.4", + "UID": "98d5e2cecc41711d" + }, + "InstalledVersion": "2.7.1-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32778", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:b22fe00870ec4d9d2932040a334fed7ef46190fa9f83bcddf7f10566e9227880", + "Title": "libexpat: libexpat: Denial of Service via NULL pointer dereference after out-of-memory condition", + "Description": "libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32778", + "https://github.com/libexpat/libexpat/pull/1159", + "https://github.com/libexpat/libexpat/pull/1163", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32778", + "https://www.cve.org/CVERecord?id=CVE-2026-32778" + ], + "PublishedDate": "2026-03-16T14:19:44.97Z", + "LastModifiedDate": "2026-03-17T15:52:53.16Z" + }, + { + "VulnerabilityID": "CVE-2026-40356", + "PkgID": "libgssapi-krb5-2@1.21.3-5", + "PkgName": "libgssapi-krb5-2", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64\u0026distro=debian-13.4", + "UID": "933c7fd5d2ea42cb" + }, + "InstalledVersion": "1.21.3-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40356", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:d4575856b5373d173bf27a5d5a0f675c1a1dc432afa8a26903cbff41d2cdf99a", + "Title": "krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read", + "Description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-191" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:16799", + "https://access.redhat.com/security/cve/CVE-2026-40356", + "https://bugzilla.redhat.com/2463368", + "https://bugzilla.redhat.com/2463370", + "https://bugzilla.redhat.com/show_bug.cgi?id=2463368", + "https://bugzilla.redhat.com/show_bug.cgi?id=2463370", + "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40355", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40356", + "https://errata.almalinux.org/8/ALSA-2026-16799.html", + "https://errata.rockylinux.org/RLSA-2026:16799", + "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", + "https://linux.oracle.com/cve/CVE-2026-40356.html", + "https://linux.oracle.com/errata/ELSA-2026-16799.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40356", + "https://web.mit.edu/kerberos/advisories/", + "https://www.cve.org/CVERecord?id=CVE-2026-40356" + ], + "PublishedDate": "2026-04-28T07:16:03.197Z", + "LastModifiedDate": "2026-04-28T20:11:56.713Z" + }, + { + "VulnerabilityID": "CVE-2026-40355", + "PkgID": "libgssapi-krb5-2@1.21.3-5", + "PkgName": "libgssapi-krb5-2", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64\u0026distro=debian-13.4", + "UID": "933c7fd5d2ea42cb" + }, + "InstalledVersion": "1.21.3-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40355", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:b4dc2364a8c77a8d5793eac3da251e169095a355526166cd529f55170a25f692", + "Title": "krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism", + "Description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:16799", + "https://access.redhat.com/security/cve/CVE-2026-40355", + "https://bugzilla.redhat.com/2463368", + "https://bugzilla.redhat.com/2463370", + "https://bugzilla.redhat.com/show_bug.cgi?id=2463368", + "https://bugzilla.redhat.com/show_bug.cgi?id=2463370", + "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40355", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40356", + "https://errata.almalinux.org/8/ALSA-2026-16799.html", + "https://errata.rockylinux.org/RLSA-2026:16799", + "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", + "https://linux.oracle.com/cve/CVE-2026-40355.html", + "https://linux.oracle.com/errata/ELSA-2026-16799.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40355", + "https://web.mit.edu/kerberos/advisories/", + "https://www.cve.org/CVERecord?id=CVE-2026-40355" + ], + "PublishedDate": "2026-04-28T06:16:03.663Z", + "LastModifiedDate": "2026-04-28T20:11:56.713Z" + }, + { + "VulnerabilityID": "CVE-2026-40356", + "PkgID": "libk5crypto3@1.21.3-5", + "PkgName": "libk5crypto3", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64\u0026distro=debian-13.4", + "UID": "befbda97f4b45427" + }, + "InstalledVersion": "1.21.3-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40356", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:19f4ab38b13a6475a0a3454d011d9a4aa2e8eb9b7690a37ac6a5c8cfe817bbbb", + "Title": "krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read", + "Description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-191" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:16799", + "https://access.redhat.com/security/cve/CVE-2026-40356", + "https://bugzilla.redhat.com/2463368", + "https://bugzilla.redhat.com/2463370", + "https://bugzilla.redhat.com/show_bug.cgi?id=2463368", + "https://bugzilla.redhat.com/show_bug.cgi?id=2463370", + "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40355", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40356", + "https://errata.almalinux.org/8/ALSA-2026-16799.html", + "https://errata.rockylinux.org/RLSA-2026:16799", + "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", + "https://linux.oracle.com/cve/CVE-2026-40356.html", + "https://linux.oracle.com/errata/ELSA-2026-16799.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40356", + "https://web.mit.edu/kerberos/advisories/", + "https://www.cve.org/CVERecord?id=CVE-2026-40356" + ], + "PublishedDate": "2026-04-28T07:16:03.197Z", + "LastModifiedDate": "2026-04-28T20:11:56.713Z" + }, + { + "VulnerabilityID": "CVE-2026-40355", + "PkgID": "libk5crypto3@1.21.3-5", + "PkgName": "libk5crypto3", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64\u0026distro=debian-13.4", + "UID": "befbda97f4b45427" + }, + "InstalledVersion": "1.21.3-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40355", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:67cf7bccc77947ad20799959431768cfeeb7199a098f2e17839b04a6b63054ee", + "Title": "krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism", + "Description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:16799", + "https://access.redhat.com/security/cve/CVE-2026-40355", + "https://bugzilla.redhat.com/2463368", + "https://bugzilla.redhat.com/2463370", + "https://bugzilla.redhat.com/show_bug.cgi?id=2463368", + "https://bugzilla.redhat.com/show_bug.cgi?id=2463370", + "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40355", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40356", + "https://errata.almalinux.org/8/ALSA-2026-16799.html", + "https://errata.rockylinux.org/RLSA-2026:16799", + "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", + "https://linux.oracle.com/cve/CVE-2026-40355.html", + "https://linux.oracle.com/errata/ELSA-2026-16799.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40355", + "https://web.mit.edu/kerberos/advisories/", + "https://www.cve.org/CVERecord?id=CVE-2026-40355" + ], + "PublishedDate": "2026-04-28T06:16:03.663Z", + "LastModifiedDate": "2026-04-28T20:11:56.713Z" + }, + { + "VulnerabilityID": "CVE-2026-40356", + "PkgID": "libkrb5-3@1.21.3-5", + "PkgName": "libkrb5-3", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64\u0026distro=debian-13.4", + "UID": "240163a62e427931" + }, + "InstalledVersion": "1.21.3-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40356", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:00e8f1b4d38034004c4b164ca0002675b37ab5a2a0442fda8f5ee3eccf22c9e8", + "Title": "krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read", + "Description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-191" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:16799", + "https://access.redhat.com/security/cve/CVE-2026-40356", + "https://bugzilla.redhat.com/2463368", + "https://bugzilla.redhat.com/2463370", + "https://bugzilla.redhat.com/show_bug.cgi?id=2463368", + "https://bugzilla.redhat.com/show_bug.cgi?id=2463370", + "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40355", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40356", + "https://errata.almalinux.org/8/ALSA-2026-16799.html", + "https://errata.rockylinux.org/RLSA-2026:16799", + "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", + "https://linux.oracle.com/cve/CVE-2026-40356.html", + "https://linux.oracle.com/errata/ELSA-2026-16799.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40356", + "https://web.mit.edu/kerberos/advisories/", + "https://www.cve.org/CVERecord?id=CVE-2026-40356" + ], + "PublishedDate": "2026-04-28T07:16:03.197Z", + "LastModifiedDate": "2026-04-28T20:11:56.713Z" + }, + { + "VulnerabilityID": "CVE-2026-40355", + "PkgID": "libkrb5-3@1.21.3-5", + "PkgName": "libkrb5-3", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64\u0026distro=debian-13.4", + "UID": "240163a62e427931" + }, + "InstalledVersion": "1.21.3-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40355", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:7d158d0dd8dfc91e10508182cab22f1e484887b5cfcc8bdc6f0a5ee03f3cc17f", + "Title": "krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism", + "Description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:16799", + "https://access.redhat.com/security/cve/CVE-2026-40355", + "https://bugzilla.redhat.com/2463368", + "https://bugzilla.redhat.com/2463370", + "https://bugzilla.redhat.com/show_bug.cgi?id=2463368", + "https://bugzilla.redhat.com/show_bug.cgi?id=2463370", + "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40355", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40356", + "https://errata.almalinux.org/8/ALSA-2026-16799.html", + "https://errata.rockylinux.org/RLSA-2026:16799", + "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", + "https://linux.oracle.com/cve/CVE-2026-40355.html", + "https://linux.oracle.com/errata/ELSA-2026-16799.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40355", + "https://web.mit.edu/kerberos/advisories/", + "https://www.cve.org/CVERecord?id=CVE-2026-40355" + ], + "PublishedDate": "2026-04-28T06:16:03.663Z", + "LastModifiedDate": "2026-04-28T20:11:56.713Z" + }, + { + "VulnerabilityID": "CVE-2026-40356", + "PkgID": "libkrb5support0@1.21.3-5", + "PkgName": "libkrb5support0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64\u0026distro=debian-13.4", + "UID": "717b5dd3fe7611cb" + }, + "InstalledVersion": "1.21.3-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40356", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:399b23f40ba22141232ccf2b8e7ffc3053497e60d8cb8c9a95f15f85b1768658", + "Title": "krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read", + "Description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-191" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:16799", + "https://access.redhat.com/security/cve/CVE-2026-40356", + "https://bugzilla.redhat.com/2463368", + "https://bugzilla.redhat.com/2463370", + "https://bugzilla.redhat.com/show_bug.cgi?id=2463368", + "https://bugzilla.redhat.com/show_bug.cgi?id=2463370", + "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40355", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40356", + "https://errata.almalinux.org/8/ALSA-2026-16799.html", + "https://errata.rockylinux.org/RLSA-2026:16799", + "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", + "https://linux.oracle.com/cve/CVE-2026-40356.html", + "https://linux.oracle.com/errata/ELSA-2026-16799.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40356", + "https://web.mit.edu/kerberos/advisories/", + "https://www.cve.org/CVERecord?id=CVE-2026-40356" + ], + "PublishedDate": "2026-04-28T07:16:03.197Z", + "LastModifiedDate": "2026-04-28T20:11:56.713Z" + }, + { + "VulnerabilityID": "CVE-2026-40355", + "PkgID": "libkrb5support0@1.21.3-5", + "PkgName": "libkrb5support0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64\u0026distro=debian-13.4", + "UID": "717b5dd3fe7611cb" + }, + "InstalledVersion": "1.21.3-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40355", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:3dfebfbac4238816155f423a9d5943334a89248a19fad326a2531a6a147c466c", + "Title": "krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism", + "Description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:16799", + "https://access.redhat.com/security/cve/CVE-2026-40355", + "https://bugzilla.redhat.com/2463368", + "https://bugzilla.redhat.com/2463370", + "https://bugzilla.redhat.com/show_bug.cgi?id=2463368", + "https://bugzilla.redhat.com/show_bug.cgi?id=2463370", + "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40355", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40356", + "https://errata.almalinux.org/8/ALSA-2026-16799.html", + "https://errata.rockylinux.org/RLSA-2026:16799", + "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", + "https://linux.oracle.com/cve/CVE-2026-40355.html", + "https://linux.oracle.com/errata/ELSA-2026-16799.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40355", + "https://web.mit.edu/kerberos/advisories/", + "https://www.cve.org/CVERecord?id=CVE-2026-40355" + ], + "PublishedDate": "2026-04-28T06:16:03.663Z", + "LastModifiedDate": "2026-04-28T20:11:56.713Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "liblastlog2-2@2.41-5", + "PkgName": "liblastlog2-2", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.4", + "UID": "79a1595d548be91" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:974989339d029629cf9109c40e12c3031c359bf38b7f716e627abb6d7284ba08", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "liblastlog2-2@2.41-5", + "PkgName": "liblastlog2-2", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.4", + "UID": "79a1595d548be91" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:5e81ad1d8268378319662499b61c8e51f82530e053429f6aab34657bd3fa691d", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-34743", + "PkgID": "liblzma5@5.8.1-1", + "PkgName": "liblzma5", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/liblzma5@5.8.1-1?arch=amd64\u0026distro=debian-13.4", + "UID": "a1f09431b82b8b89" + }, + "InstalledVersion": "5.8.1-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34743", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:de4deec9d9deb8322346f9fbdf0fccc4a376b8a64e9bcdc4e3e181d99f849474", + "Title": "xz: XZ Utils: Denial of Service via buffer overflow in index decoding", + "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/31/13", + "https://access.redhat.com/security/cve/CVE-2026-34743", + "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", + "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", + "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", + "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", + "https://www.cve.org/CVERecord?id=CVE-2026-34743" + ], + "PublishedDate": "2026-04-02T19:21:33.187Z", + "LastModifiedDate": "2026-04-15T17:33:17.68Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "libmount1@2.41-5", + "PkgName": "libmount1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.4", + "UID": "5581a0d7033537c" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:097c8f3e3e88625c1f5ed23ab3b27395b67c0a7f8fdbceb6eafa142f119897b7", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "libmount1@2.41-5", + "PkgName": "libmount1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.4", + "UID": "5581a0d7033537c" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:7205c66617bff8d094fe9fb0110527a76c2368fc7e8a583f906899263f7fc670", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2025-69720", + "PkgID": "libncursesw6@6.5+20250216-2", + "PkgName": "libncursesw6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libncursesw6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.4", + "UID": "217bb0c4e6d77677" + }, + "InstalledVersion": "6.5+20250216-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:17dfc43184701491d7bf270eae6f94f907a599b7dab6988d0a78778759879312", + "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", + "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-121", + "CWE-120" + ], + "VendorSeverity": { + "alma": 2, + "azure": 4, + "cbl-mariner": 4, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:5913", + "https://access.redhat.com/security/cve/CVE-2025-69720", + "https://bugzilla.redhat.com/2449037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", + "https://errata.almalinux.org/10/ALSA-2026-5913.html", + "https://errata.rockylinux.org/RLSA-2026:5913", + "https://github.com/Cao-Wuhui/CVE-2025-69720", + "https://invisible-island.net/archives/ncurses/6.5/", + "https://invisible-island.net/ncurses/", + "https://linux.oracle.com/cve/CVE-2025-69720.html", + "https://linux.oracle.com/errata/ELSA-2026-5913.html", + "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", + "https://www.cve.org/CVERecord?id=CVE-2025-69720" + ], + "PublishedDate": "2026-03-19T15:16:21.293Z", + "LastModifiedDate": "2026-03-26T19:35:10.547Z" + }, + { + "VulnerabilityID": "CVE-2026-6473", + "VendorIDs": [ + "DSA-6270-1" + ], + "PkgID": "libpq5@17.9-0+deb13u1", + "PkgName": "libpq5", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64\u0026distro=debian-13.4", + "UID": "d45387f5f2192a66" + }, + "InstalledVersion": "17.9-0+deb13u1", + "FixedVersion": "17.10-0+deb13u1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6473", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:c976978fa06d63aabee27f31a55afe14db3f767d2258022d2efde0c7cb2ab314", + "Title": "Integer wraparound in multiple PostgreSQL server features allows an un ...", + "Description": "Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user inputs to the relevant database functions, the application input provider may achieve a segmentation fault. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "azure": 3, + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "https://nvd.nist.gov/vuln/detail/CVE-2026-6473", + "https://www.postgresql.org/support/security/CVE-2026-6473/" + ], + "PublishedDate": "2026-05-14T14:16:24.883Z", + "LastModifiedDate": "2026-05-18T14:59:59.747Z" + }, + { + "VulnerabilityID": "CVE-2026-6475", + "VendorIDs": [ + "DSA-6270-1" + ], + "PkgID": "libpq5@17.9-0+deb13u1", + "PkgName": "libpq5", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64\u0026distro=debian-13.4", + "UID": "d45387f5f2192a66" + }, + "InstalledVersion": "17.9-0+deb13u1", + "FixedVersion": "17.10-0+deb13u1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6475", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:0f51a424f0a28f92f8e2f9e9413002c9ca18db3a169f89e81ac57db2d0168f67", + "Title": "Symlink following in PostgreSQL pg_basebackup plain format and in pg_r ...", + "Description": "Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the origin superuser, due to features like shared_preload_libraries. Hence, the attack has practical implications only if one takes relevant action between these commands and server start, like moving the files to a different VM or snapshotting the VM. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-61" + ], + "VendorSeverity": { + "azure": 3, + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "https://nvd.nist.gov/vuln/detail/CVE-2026-6475", + "https://www.postgresql.org/support/security/CVE-2026-6475/" + ], + "PublishedDate": "2026-05-14T14:16:25.113Z", + "LastModifiedDate": "2026-05-18T15:02:12.483Z" + }, + { + "VulnerabilityID": "CVE-2026-6476", + "VendorIDs": [ + "DSA-6270-1" + ], + "PkgID": "libpq5@17.9-0+deb13u1", + "PkgName": "libpq5", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64\u0026distro=debian-13.4", + "UID": "d45387f5f2192a66" + }, + "InstalledVersion": "17.9-0+deb13u1", + "FixedVersion": "17.10-0+deb13u1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6476", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:2ae0d350a4525fbaab99c2faf7ba97b1e615656008e2975fad62928a73d81a69", + "Title": "SQL injection in PostgreSQL pg_createsubscriber allows an attacker wit ...", + "Description": "SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pg_createsubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected. Versions before PostgreSQL 17 are unaffected.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-89" + ], + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.2 + } + }, + "References": [ + "https://nvd.nist.gov/vuln/detail/CVE-2026-6476", + "https://www.postgresql.org/support/security/CVE-2026-6476/" + ], + "PublishedDate": "2026-05-14T14:16:25.23Z", + "LastModifiedDate": "2026-05-18T15:02:55.537Z" + }, + { + "VulnerabilityID": "CVE-2026-6477", + "VendorIDs": [ + "DSA-6270-1" + ], + "PkgID": "libpq5@17.9-0+deb13u1", + "PkgName": "libpq5", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64\u0026distro=debian-13.4", + "UID": "d45387f5f2192a66" + }, + "InstalledVersion": "17.9-0+deb13u1", + "FixedVersion": "17.10-0+deb13u1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6477", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:10eef2a7cc2b682fc9c81aec93d48bfbac309ae987f07c291f720b9cb4f1e7ce", + "Title": "Use of inherently dangerous function PQfn(..., result_is_int=0, ...) i ...", + "Description": "Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(..., result_is_int=0, ...) stores arbitrary-length, server-determined data into a buffer of unspecified size. Because both the \\lo_export command in psql and pg_dump call lo_read(), the server superuser can overwrite pg_dump or psql stack memory. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-242" + ], + "VendorSeverity": { + "azure": 3, + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "https://nvd.nist.gov/vuln/detail/CVE-2026-6477", + "https://www.postgresql.org/support/security/CVE-2026-6477/" + ], + "PublishedDate": "2026-05-14T14:16:25.347Z", + "LastModifiedDate": "2026-05-18T15:03:26.733Z" + }, + { + "VulnerabilityID": "CVE-2026-6479", + "VendorIDs": [ + "DSA-6270-1" + ], + "PkgID": "libpq5@17.9-0+deb13u1", + "PkgName": "libpq5", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64\u0026distro=debian-13.4", + "UID": "d45387f5f2192a66" + }, + "InstalledVersion": "17.9-0+deb13u1", + "FixedVersion": "17.10-0+deb13u1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6479", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:4e3f30734de073ff4c3523d74b1302049225c2f726e87cbe2bcb5686a8e843de", + "Title": "Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an ...", + "Description": "Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "azure": 3, + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://nvd.nist.gov/vuln/detail/CVE-2026-6479", + "https://www.postgresql.org/support/security/CVE-2026-6479/" + ], + "PublishedDate": "2026-05-14T14:16:25.583Z", + "LastModifiedDate": "2026-05-18T15:04:25.403Z" + }, + { + "VulnerabilityID": "CVE-2026-6637", + "VendorIDs": [ + "DSA-6270-1" + ], + "PkgID": "libpq5@17.9-0+deb13u1", + "PkgName": "libpq5", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64\u0026distro=debian-13.4", + "UID": "d45387f5f2192a66" + }, + "InstalledVersion": "17.9-0+deb13u1", + "FixedVersion": "17.10-0+deb13u1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6637", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:534c1a3afc52ba68758aaa054616c3f82a29fd6bc9af709072179770e4df1ce9", + "Title": "Stack buffer overflow in PostgreSQL module \"refint\" allows an unprivil ...", + "Description": "Stack buffer overflow in PostgreSQL module \"refint\" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a \"refint\" cascade primary key and facilitates user-controlled updates to that column. In that case, a SQL injection allows a primary key update value provider to execute arbitrary SQL as the database user performing the primary key update. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-89", + "CWE-121" + ], + "VendorSeverity": { + "azure": 3, + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "https://nvd.nist.gov/vuln/detail/CVE-2026-6637", + "https://www.postgresql.org/support/security/CVE-2026-6637/" + ], + "PublishedDate": "2026-05-14T14:16:25.82Z", + "LastModifiedDate": "2026-05-18T15:05:21.3Z" + }, + { + "VulnerabilityID": "CVE-2026-6638", + "VendorIDs": [ + "DSA-6270-1" + ], + "PkgID": "libpq5@17.9-0+deb13u1", + "PkgName": "libpq5", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64\u0026distro=debian-13.4", + "UID": "d45387f5f2192a66" + }, + "InstalledVersion": "17.9-0+deb13u1", + "FixedVersion": "17.10-0+deb13u1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6638", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:b825b1d7ceedc98afd6ec1a9e88a256998ca57c044f2e6004ad761c6f1232157", + "Title": "SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... ...", + "Description": "SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18, minor versions before PostgreSQL 18.4, 17.10, and 16.14 are affected. Versions before PostgreSQL 16 are unaffected.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-89" + ], + "VendorSeverity": { + "azure": 1, + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "https://nvd.nist.gov/vuln/detail/CVE-2026-6638", + "https://www.postgresql.org/support/security/CVE-2026-6638/" + ], + "PublishedDate": "2026-05-14T14:16:25.937Z", + "LastModifiedDate": "2026-05-18T14:14:33.4Z" + }, + { + "VulnerabilityID": "CVE-2026-6472", + "VendorIDs": [ + "DSA-6270-1" + ], + "PkgID": "libpq5@17.9-0+deb13u1", + "PkgName": "libpq5", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64\u0026distro=debian-13.4", + "UID": "d45387f5f2192a66" + }, + "InstalledVersion": "17.9-0+deb13u1", + "FixedVersion": "17.10-0+deb13u1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6472", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:bc271e795e5c06d006e3cebef7bbdffc5e13fb0f3f1ed456d4ac7d4efc8a39c2", + "Title": "Missing authorization in PostgreSQL CREATE TYPE allows an object creat ...", + "Description": "Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-862" + ], + "VendorSeverity": { + "azure": 2, + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://nvd.nist.gov/vuln/detail/CVE-2026-6472", + "https://www.postgresql.org/support/security/CVE-2026-6472/" + ], + "PublishedDate": "2026-05-14T14:16:24.757Z", + "LastModifiedDate": "2026-05-18T14:59:26.607Z" + }, + { + "VulnerabilityID": "CVE-2026-6474", + "VendorIDs": [ + "DSA-6270-1" + ], + "PkgID": "libpq5@17.9-0+deb13u1", + "PkgName": "libpq5", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64\u0026distro=debian-13.4", + "UID": "d45387f5f2192a66" + }, + "InstalledVersion": "17.9-0+deb13u1", + "FixedVersion": "17.10-0+deb13u1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6474", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:a03b85ff93af5f367c38e85d5a49cb54b0650cd3a8f7991da4d432d37c800834", + "Title": "Externally-controlled format string in PostgreSQL timeofday() function ...", + "Description": "Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-134" + ], + "VendorSeverity": { + "azure": 2, + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 4.3 + } + }, + "References": [ + "https://nvd.nist.gov/vuln/detail/CVE-2026-6474", + "https://www.postgresql.org/support/security/CVE-2026-6474/" + ], + "PublishedDate": "2026-05-14T14:16:24.997Z", + "LastModifiedDate": "2026-05-18T15:00:45.52Z" + }, + { + "VulnerabilityID": "CVE-2026-6478", + "VendorIDs": [ + "DSA-6270-1" + ], + "PkgID": "libpq5@17.9-0+deb13u1", + "PkgName": "libpq5", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64\u0026distro=debian-13.4", + "UID": "d45387f5f2192a66" + }, + "InstalledVersion": "17.9-0+deb13u1", + "FixedVersion": "17.10-0+deb13u1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", + "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6478", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:838b3e75f8e8bf6c3fb5ea6f325cd55a07bb0056eef1fe303f1020c1220efe44", + "Title": "Covert timing channel in comparison of MD5-hashed password in PostgreS ...", + "Description": "Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed passwords originating in upgrades from PostgreSQL 13 or earlier. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-385" + ], + "VendorSeverity": { + "azure": 2, + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://nvd.nist.gov/vuln/detail/CVE-2026-6478", + "https://www.postgresql.org/support/security/CVE-2026-6478/" + ], + "PublishedDate": "2026-05-14T14:16:25.463Z", + "LastModifiedDate": "2026-05-18T15:03:55.67Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "libsmartcols1@2.41-5", + "PkgName": "libsmartcols1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.4", + "UID": "cfae7d67f8245164" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:b87941983179b676ec44f904304d3d745afe885e336c77641bdf84620ca16a67", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "libsmartcols1@2.41-5", + "PkgName": "libsmartcols1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.4", + "UID": "cfae7d67f8245164" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:fbb9e169576671b37e32a800cdd6c0da598b2443c96a2b1be7889553b389c65c", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-29111", + "PkgID": "libsystemd0@257.9-1~deb13u1", + "PkgName": "libsystemd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64\u0026distro=debian-13.4", + "UID": "b50b08c7bba67f5" + }, + "InstalledVersion": "257.9-1~deb13u1", + "FixedVersion": "257.13-1~deb13u1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29111", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:2ac4148b15606100696639929f5833a1894cdfd1fdb69af3594693a6a64ac7e7", + "Title": "systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data", + "Description": "systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-269" + ], + "VendorSeverity": { + "alma": 2, + "azure": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:13677", + "https://access.redhat.com/security/cve/CVE-2026-29111", + "https://bugzilla.redhat.com/2450505", + "https://errata.almalinux.org/9/ALSA-2026-13677.html", + "https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a", + "https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6", + "https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412", + "https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd", + "https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f", + "https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f", + "https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69", + "https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6", + "https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c", + "https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8", + "https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764", + "https://linux.oracle.com/cve/CVE-2026-29111.html", + "https://linux.oracle.com/errata/ELSA-2026-13677.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-29111", + "https://ubuntu.com/security/notices/USN-8119-1", + "https://ubuntu.com/security/notices/USN-8119-2", + "https://www.cve.org/CVERecord?id=CVE-2026-29111" + ], + "PublishedDate": "2026-03-23T22:16:26.267Z", + "LastModifiedDate": "2026-04-15T16:44:38.387Z" + }, + { + "VulnerabilityID": "CVE-2026-40225", + "PkgID": "libsystemd0@257.9-1~deb13u1", + "PkgName": "libsystemd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64\u0026distro=debian-13.4", + "UID": "b50b08c7bba67f5" + }, + "InstalledVersion": "257.9-1~deb13u1", + "FixedVersion": "257.13-1~deb13u1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40225", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:a045c8e8ab52ac058059444c83a3e955b7408b55d832ad9d6986144cfaa13751", + "Title": "systemd: udev in systemd: Privilege escalation via malicious hardware devices and unsanitized kernel output", + "Description": "In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-669" + ], + "VendorSeverity": { + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-40225", + "https://github.com/systemd/systemd/security/advisories/GHSA-vpfq-8p5f-jcqx", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40225", + "https://www.cve.org/CVERecord?id=CVE-2026-40225" + ], + "PublishedDate": "2026-04-10T16:16:33.287Z", + "LastModifiedDate": "2026-04-27T19:00:02.21Z" + }, + { + "VulnerabilityID": "CVE-2026-40226", + "PkgID": "libsystemd0@257.9-1~deb13u1", + "PkgName": "libsystemd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64\u0026distro=debian-13.4", + "UID": "b50b08c7bba67f5" + }, + "InstalledVersion": "257.9-1~deb13u1", + "FixedVersion": "257.13-1~deb13u1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40226", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:c24c1b86d6b5bb5772cfed887d0be8a8934af0902cdb057f42a024dcd7707229", + "Title": "systemd: systemd nspawn: Escape-to-host action via crafted config file", + "Description": "In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-348" + ], + "VendorSeverity": { + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-40226", + "https://github.com/systemd/systemd/security/advisories/GHSA-9mj4-rrc3-gjcx", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40226", + "https://www.cve.org/CVERecord?id=CVE-2026-40226" + ], + "PublishedDate": "2026-04-10T16:16:33.447Z", + "LastModifiedDate": "2026-04-17T22:02:15.393Z" + }, + { + "VulnerabilityID": "CVE-2026-4105", + "PkgID": "libsystemd0@257.9-1~deb13u1", + "PkgName": "libsystemd0", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64\u0026distro=debian-13.4", + "UID": "b50b08c7bba67f5" + }, + "InstalledVersion": "257.9-1~deb13u1", + "FixedVersion": "257.13-1~deb13u1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4105", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:0e6cae38db3b05d7cc87df34817ae885b419141f0e7fb8ed0015f74cefc55164", + "Title": "systemd: systemd: Privilege escalation via improper access control in RegisterMachine D-Bus method", + "Description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-284" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7299", + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862", + "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", + "https://www.cve.org/CVERecord?id=CVE-2026-4105" + ], + "PublishedDate": "2026-03-13T19:55:13.673Z", + "LastModifiedDate": "2026-04-30T17:16:26.697Z" + }, + { + "VulnerabilityID": "CVE-2025-69720", + "PkgID": "libtinfo6@6.5+20250216-2", + "PkgName": "libtinfo6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libtinfo6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.4", + "UID": "5286a1335bb605c5" + }, + "InstalledVersion": "6.5+20250216-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:f6b91eb1aff994783223da57c34e1c55987f25e7744aefb5c60b3a73f04611b4", + "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", + "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-121", + "CWE-120" + ], + "VendorSeverity": { + "alma": 2, + "azure": 4, + "cbl-mariner": 4, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:5913", + "https://access.redhat.com/security/cve/CVE-2025-69720", + "https://bugzilla.redhat.com/2449037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", + "https://errata.almalinux.org/10/ALSA-2026-5913.html", + "https://errata.rockylinux.org/RLSA-2026:5913", + "https://github.com/Cao-Wuhui/CVE-2025-69720", + "https://invisible-island.net/archives/ncurses/6.5/", + "https://invisible-island.net/ncurses/", + "https://linux.oracle.com/cve/CVE-2025-69720.html", + "https://linux.oracle.com/errata/ELSA-2026-5913.html", + "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", + "https://www.cve.org/CVERecord?id=CVE-2025-69720" + ], + "PublishedDate": "2026-03-19T15:16:21.293Z", + "LastModifiedDate": "2026-03-26T19:35:10.547Z" + }, + { + "VulnerabilityID": "CVE-2026-29111", + "PkgID": "libudev1@257.9-1~deb13u1", + "PkgName": "libudev1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libudev1@257.9-1~deb13u1?arch=amd64\u0026distro=debian-13.4", + "UID": "9b08ae719b1cb01e" + }, + "InstalledVersion": "257.9-1~deb13u1", + "FixedVersion": "257.13-1~deb13u1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29111", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:7981388a82b55e5c281b0c8f6001dfe6c6cee8201f45e671125a9c4cd5e991a2", + "Title": "systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data", + "Description": "systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-269" + ], + "VendorSeverity": { + "alma": 2, + "azure": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:13677", + "https://access.redhat.com/security/cve/CVE-2026-29111", + "https://bugzilla.redhat.com/2450505", + "https://errata.almalinux.org/9/ALSA-2026-13677.html", + "https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a", + "https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6", + "https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412", + "https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd", + "https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f", + "https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f", + "https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69", + "https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6", + "https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c", + "https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8", + "https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764", + "https://linux.oracle.com/cve/CVE-2026-29111.html", + "https://linux.oracle.com/errata/ELSA-2026-13677.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-29111", + "https://ubuntu.com/security/notices/USN-8119-1", + "https://ubuntu.com/security/notices/USN-8119-2", + "https://www.cve.org/CVERecord?id=CVE-2026-29111" + ], + "PublishedDate": "2026-03-23T22:16:26.267Z", + "LastModifiedDate": "2026-04-15T16:44:38.387Z" + }, + { + "VulnerabilityID": "CVE-2026-40225", + "PkgID": "libudev1@257.9-1~deb13u1", + "PkgName": "libudev1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libudev1@257.9-1~deb13u1?arch=amd64\u0026distro=debian-13.4", + "UID": "9b08ae719b1cb01e" + }, + "InstalledVersion": "257.9-1~deb13u1", + "FixedVersion": "257.13-1~deb13u1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40225", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:21e8249acc472a6190aabd1355208811229432baad1ee6df9e79ccf432307299", + "Title": "systemd: udev in systemd: Privilege escalation via malicious hardware devices and unsanitized kernel output", + "Description": "In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-669" + ], + "VendorSeverity": { + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-40225", + "https://github.com/systemd/systemd/security/advisories/GHSA-vpfq-8p5f-jcqx", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40225", + "https://www.cve.org/CVERecord?id=CVE-2026-40225" + ], + "PublishedDate": "2026-04-10T16:16:33.287Z", + "LastModifiedDate": "2026-04-27T19:00:02.21Z" + }, + { + "VulnerabilityID": "CVE-2026-40226", + "PkgID": "libudev1@257.9-1~deb13u1", + "PkgName": "libudev1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libudev1@257.9-1~deb13u1?arch=amd64\u0026distro=debian-13.4", + "UID": "9b08ae719b1cb01e" + }, + "InstalledVersion": "257.9-1~deb13u1", + "FixedVersion": "257.13-1~deb13u1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40226", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:5522ca95fa89c2e3782566f844047c6ab9b05a68bd1ccb7a891de194eb862259", + "Title": "systemd: systemd nspawn: Escape-to-host action via crafted config file", + "Description": "In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-348" + ], + "VendorSeverity": { + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-40226", + "https://github.com/systemd/systemd/security/advisories/GHSA-9mj4-rrc3-gjcx", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40226", + "https://www.cve.org/CVERecord?id=CVE-2026-40226" + ], + "PublishedDate": "2026-04-10T16:16:33.447Z", + "LastModifiedDate": "2026-04-17T22:02:15.393Z" + }, + { + "VulnerabilityID": "CVE-2026-4105", + "PkgID": "libudev1@257.9-1~deb13u1", + "PkgName": "libudev1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libudev1@257.9-1~deb13u1?arch=amd64\u0026distro=debian-13.4", + "UID": "9b08ae719b1cb01e" + }, + "InstalledVersion": "257.9-1~deb13u1", + "FixedVersion": "257.13-1~deb13u1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4105", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:4f49d6916adf9d722fb666b581fcfb8220ba268a37353abb4d8c503b8385ff80", + "Title": "systemd: systemd: Privilege escalation via improper access control in RegisterMachine D-Bus method", + "Description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-284" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7299", + "https://access.redhat.com/security/cve/CVE-2026-4105", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", + "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862", + "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", + "https://www.cve.org/CVERecord?id=CVE-2026-4105" + ], + "PublishedDate": "2026-03-13T19:55:13.673Z", + "LastModifiedDate": "2026-04-30T17:16:26.697Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "libuuid1@2.41-5", + "PkgName": "libuuid1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.4", + "UID": "4a57eaeae20e47" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:0634bbbbb348ca9dcb0eb98ee1939e922ceb5e38e211cae37d80b5cd3362a130", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "libuuid1@2.41-5", + "PkgName": "libuuid1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.4", + "UID": "4a57eaeae20e47" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:7e6606670e8eafa50fb3f5b4826dfb914cc30c0021f728ac39bacb53754531e3", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "login@1:4.16.0-2+really2.41-5", + "PkgName": "login", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", + "UID": "35a636a49ab503ca" + }, + "InstalledVersion": "1:4.16.0-2+really2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:6279a3e5c0e1d5c3a1fd33dd5136ea27b7541ba56d1f1555cbce72b4e67d3682", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "login@1:4.16.0-2+really2.41-5", + "PkgName": "login", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", + "UID": "35a636a49ab503ca" + }, + "InstalledVersion": "1:4.16.0-2+really2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:a26bb4b5c9d32d1b71e680d6b532d8e5643ef665fe375addc3ec80e53df5728c", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2025-69720", + "PkgID": "ncurses-base@6.5+20250216-2", + "PkgName": "ncurses-base", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/ncurses-base@6.5%2B20250216-2?arch=all\u0026distro=debian-13.4", + "UID": "767a0231348a5cb5" + }, + "InstalledVersion": "6.5+20250216-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:0c84a372ca3229009ee1aa46a91a45714f6c80f6f0ef931438d1866179f2b257", + "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", + "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-121", + "CWE-120" + ], + "VendorSeverity": { + "alma": 2, + "azure": 4, + "cbl-mariner": 4, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:5913", + "https://access.redhat.com/security/cve/CVE-2025-69720", + "https://bugzilla.redhat.com/2449037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", + "https://errata.almalinux.org/10/ALSA-2026-5913.html", + "https://errata.rockylinux.org/RLSA-2026:5913", + "https://github.com/Cao-Wuhui/CVE-2025-69720", + "https://invisible-island.net/archives/ncurses/6.5/", + "https://invisible-island.net/ncurses/", + "https://linux.oracle.com/cve/CVE-2025-69720.html", + "https://linux.oracle.com/errata/ELSA-2026-5913.html", + "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", + "https://www.cve.org/CVERecord?id=CVE-2025-69720" + ], + "PublishedDate": "2026-03-19T15:16:21.293Z", + "LastModifiedDate": "2026-03-26T19:35:10.547Z" + }, + { + "VulnerabilityID": "CVE-2026-27171", + "PkgID": "zlib1g@1:1.3.dfsg+really1.3.1-1+b1", + "PkgName": "zlib1g", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/zlib1g@1.3.dfsg%2Breally1.3.1-1%2Bb1?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", + "UID": "6f0e3b7df83b1702" + }, + "InstalledVersion": "1:1.3.dfsg+really1.3.1-1+b1", + "Status": "affected", + "Layer": { + "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", + "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:f241a844d071fb30de3976f7e151458b46819f63dee29ba0156c3fc7513daa40", + "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", + "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1284" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 1, + "cbl-mariner": 1, + "julia": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://access.redhat.com/security/cve/CVE-2026-27171", + "https://github.com/advisories/GHSA-h858-mf2m-8jf4", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "https://ostif.org/zlib-audit-complete", + "https://ostif.org/zlib-audit-complete/", + "https://www.cve.org/CVERecord?id=CVE-2026-27171" + ], + "PublishedDate": "2026-02-18T04:16:01.263Z", + "LastModifiedDate": "2026-03-25T21:27:04.603Z" + } + ] + } + ] + }, + { + "Namespace": "mail", + "Kind": "Deployment", + "Name": "dovecot", + "Metadata": [ + { + "Size": 58672128, + "OS": { + "Family": "wolfi", + "Name": "20230201" + }, + "ImageID": "sha256:b9b56018bd9e4f7496c6f35b0918448626dc1a894abaf6bb1d4cf91150bd56a4", + "DiffIDs": [ + "sha256:3a9803177bb563195998847cce18c838b99873e634c902f385e042d5228df4d7", + "sha256:f11fd671e779cce250907410910e28992aa53539ab2a0975ac56dade8038383c", + "sha256:7505965c2d8eb899a7de523a3351dc5636845c24cf50a7df9fcff870d2048e1c", + "sha256:6dc90485e72e44afeb1ecab592900e898164c016d33125161b308c8bcfa53cf9", + "sha256:caaccf89b8660b925e0e0266ffdc4f3e3cc7e98e121742c233f199ec167a4920", + "sha256:70991d5976e247cb33ca1923edd3f609e6c23f527dbe62b838d6a03c0bca6453", + "sha256:850730726263ef9170056c45983eebcbb4c22014c78b7d72032085fa3762def1", + "sha256:90cfe0bd8cd693b2ee91b94108fc47f023d82edc00e57352ab6635d827b33505", + "sha256:711f72ded0c5f10478ebf93fdd6d6a47ac484a232ef709c52e67315d4af006d9", + "sha256:fa008b9e9566cccb0022385799dfad042fce8d00164bbce9b0780c0d48189a94", + "sha256:c04a63708d2b0452b3e995ea00fc60f254d7fc35f8ffdbfcf0cb3b997369610e" + ], + "RepoTags": [ + "chainguard/stunnel:latest" + ], + "RepoDigests": [ + "chainguard/stunnel@sha256:5beda2fa6c5a3d36be2a650ef1233ab244aee71efe07c73e4495f82bb34cecd8" + ], + "Reference": "chainguard/stunnel:latest", + "ImageConfig": { + "architecture": "amd64", + "author": "github.com/chainguard-dev/apko", + "created": "2026-05-20T02:17:13Z", + "history": [ + { + "author": "apko", + "created": "2026-05-20T02:17:13Z", + "created_by": "apko", + "comment": "stunnel by Chainguard" + }, + { + "author": "apko", + "created": "2026-05-20T02:17:13Z", + "created_by": "apko", + "comment": "stunnel by Chainguard" + }, + { + "author": "apko", + "created": "2026-05-20T02:17:13Z", + "created_by": "apko", + "comment": "stunnel by Chainguard" + }, + { + "author": "apko", + "created": "2026-05-20T02:17:13Z", + "created_by": "apko", + "comment": "stunnel by Chainguard" + }, + { + "author": "apko", + "created": "2026-05-20T02:17:13Z", + "created_by": "apko", + "comment": "stunnel by Chainguard" + }, + { + "author": "apko", + "created": "2026-05-20T02:17:13Z", + "created_by": "apko", + "comment": "stunnel by Chainguard" + }, + { + "author": "apko", + "created": "2026-05-20T02:17:13Z", + "created_by": "apko", + "comment": "stunnel by Chainguard" + }, + { + "author": "apko", + "created": "2026-05-20T02:17:13Z", + "created_by": "apko", + "comment": "stunnel by Chainguard" + }, + { + "author": "apko", + "created": "2026-05-20T02:17:13Z", + "created_by": "apko", + "comment": "stunnel by Chainguard" + }, + { + "author": "apko", + "created": "2026-05-20T02:17:13Z", + "created_by": "apko", + "comment": "stunnel by Chainguard" + }, + { + "author": "apko", + "created": "2026-05-20T02:17:13Z", + "created_by": "apko", + "comment": "stunnel by Chainguard" + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:3a9803177bb563195998847cce18c838b99873e634c902f385e042d5228df4d7", + "sha256:f11fd671e779cce250907410910e28992aa53539ab2a0975ac56dade8038383c", + "sha256:7505965c2d8eb899a7de523a3351dc5636845c24cf50a7df9fcff870d2048e1c", + "sha256:6dc90485e72e44afeb1ecab592900e898164c016d33125161b308c8bcfa53cf9", + "sha256:caaccf89b8660b925e0e0266ffdc4f3e3cc7e98e121742c233f199ec167a4920", + "sha256:70991d5976e247cb33ca1923edd3f609e6c23f527dbe62b838d6a03c0bca6453", + "sha256:850730726263ef9170056c45983eebcbb4c22014c78b7d72032085fa3762def1", + "sha256:90cfe0bd8cd693b2ee91b94108fc47f023d82edc00e57352ab6635d827b33505", + "sha256:711f72ded0c5f10478ebf93fdd6d6a47ac484a232ef709c52e67315d4af006d9", + "sha256:fa008b9e9566cccb0022385799dfad042fce8d00164bbce9b0780c0d48189a94", + "sha256:c04a63708d2b0452b3e995ea00fc60f254d7fc35f8ffdbfcf0cb3b997369610e" + ] + }, + "config": { + "Cmd": [ + "-help" + ], + "Entrypoint": [ + "/usr/bin/stunnel" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin", + "SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt" + ], + "Labels": { + "dev.chainguard.image.title": "stunnel", + "dev.chainguard.package.main": "", + "org.opencontainers.image.authors": "Chainguard Team https://www.chainguard.dev/", + "org.opencontainers.image.created": "2026-05-20T02:17:13Z", + "org.opencontainers.image.source": "https://github.com/chainguard-images/images/tree/main/images/stunnel", + "org.opencontainers.image.title": "stunnel", + "org.opencontainers.image.url": "https://images.chainguard.dev/directory/image/stunnel/overview", + "org.opencontainers.image.vendor": "Chainguard" + }, + "User": "65532" + } + }, + "Layers": [ + { + "Size": 42873344, + "Digest": "sha256:bbf145ce746720e770db2198f415ca26e343d5d7a94ec0c90bf590e09ed0646d", + "DiffID": "sha256:3a9803177bb563195998847cce18c838b99873e634c902f385e042d5228df4d7" + }, + { + "Size": 7198720, + "Digest": "sha256:a5bfa7101982291c5462599e1eb8bc10b735e11d87315dc410d32701854a8df1", + "DiffID": "sha256:f11fd671e779cce250907410910e28992aa53539ab2a0975ac56dade8038383c" + }, + { + "Size": 6977536, + "Digest": "sha256:860e1c8a11b7b2efc375891fded78cd87961dafe0801554372faaf6e517622ff", + "DiffID": "sha256:7505965c2d8eb899a7de523a3351dc5636845c24cf50a7df9fcff870d2048e1c" + }, + { + "Size": 323072, + "Digest": "sha256:3dcb254820f5eabdf1fc2319a73184c051cbc56d72886c40e6cd0b43033579c7", + "DiffID": "sha256:6dc90485e72e44afeb1ecab592900e898164c016d33125161b308c8bcfa53cf9" + }, + { + "Size": 238592, + "Digest": "sha256:9201e51fe8c1f99c6602ba89bc6cbd3895501936ba9f62f705bb8f150d9bbace", + "DiffID": "sha256:caaccf89b8660b925e0e0266ffdc4f3e3cc7e98e121742c233f199ec167a4920" + }, + { + "Size": 227840, + "Digest": "sha256:7c6e71c1fdfdf429844e25aad86441920641c0ba46466bc1d043556bfb81b24e", + "DiffID": "sha256:70991d5976e247cb33ca1923edd3f609e6c23f527dbe62b838d6a03c0bca6453" + }, + { + "Size": 217088, + "Digest": "sha256:4b14fbe9f208e0e4db31fa1d0355d3a4f3be73e3cf4b7842a7b391de62ea1768", + "DiffID": "sha256:850730726263ef9170056c45983eebcbb4c22014c78b7d72032085fa3762def1" + }, + { + "Size": 127488, + "Digest": "sha256:8d99fd8fea9c370971ba3ab2ab453586d6a437c40211fea16fdb1445d876e907", + "DiffID": "sha256:90cfe0bd8cd693b2ee91b94108fc47f023d82edc00e57352ab6635d827b33505" + }, + { + "Size": 64000, + "Digest": "sha256:57ba55784e2887043227b53d1ee2788722aae8a9c66b20723e1dfb801c8ce471", + "DiffID": "sha256:711f72ded0c5f10478ebf93fdd6d6a47ac484a232ef709c52e67315d4af006d9" + }, + { + "Size": 104960, + "Digest": "sha256:858f3967e60f4e2f68ad413de098383c0a420717d554a9e1523cab3e56898c94", + "DiffID": "sha256:fa008b9e9566cccb0022385799dfad042fce8d00164bbce9b0780c0d48189a94" + }, + { + "Size": 319488, + "Digest": "sha256:79549e660a703a8194c255340b9d1a4e141878979b2ca318ee0170bbea41671c", + "DiffID": "sha256:c04a63708d2b0452b3e995ea00fc60f254d7fc35f8ffdbfcf0cb3b997369610e" + } + ] + } + ], + "Results": [ + { + "Target": "chainguard/stunnel:latest (wolfi 20230201)", + "Class": "os-pkgs", + "Type": "wolfi", + "Packages": [ + { + "ID": "ca-certificates-bundle@20260413-r0", + "Name": "ca-certificates-bundle", + "Identifier": { + "PURL": "pkg:apk/wolfi/ca-certificates-bundle@20260413-r0?arch=x86_64\u0026distro=20230201", + "UID": "ebab806008154318" + }, + "Version": "20260413-r0", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20260413-r0", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "wolfi", + "DependsOn": [ + "wolfi-baselayout@20230201-r29" + ], + "Layer": { + "Digest": "sha256:9201e51fe8c1f99c6602ba89bc6cbd3895501936ba9f62f705bb8f150d9bbace", + "DiffID": "sha256:caaccf89b8660b925e0e0266ffdc4f3e3cc7e98e121742c233f199ec167a4920" + }, + "Digest": "sha1:2b209d10bdb420a13e07b0ca5bdec62d7bb640b3", + "InstalledFiles": [ + "etc/pki/tls/certs/ca-bundle.crt", + "etc/ssl/cert.pem", + "etc/ssl/certs/ca-bundle.crt", + "etc/ssl/certs/ca-certificates.crt", + "var/lib/db/sbom/ca-certificates-bundle-20260413-r0.spdx.json" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "glibc@2.43-r7", + "Name": "glibc", + "Identifier": { + "PURL": "pkg:apk/wolfi/glibc@2.43-r7?arch=x86_64\u0026distro=20230201", + "UID": "1a1b90bec1861696" + }, + "Version": "2.43-r7", + "Arch": "x86_64", + "SrcName": "glibc", + "SrcVersion": "2.43-r7", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "wolfi", + "DependsOn": [ + "glibc-locale-posix@2.43-r7", + "ld-linux@2.43-r7", + "libgcc@16.1.0-r1", + "wolfi-baselayout@20230201-r29" + ], + "Layer": { + "Digest": "sha256:860e1c8a11b7b2efc375891fded78cd87961dafe0801554372faaf6e517622ff", + "DiffID": "sha256:7505965c2d8eb899a7de523a3351dc5636845c24cf50a7df9fcff870d2048e1c" + }, + "Digest": "sha1:f0cc592d1ea3041b220dc81ec639e26cf4f3e66b", + "InstalledFiles": [ + "etc/rpc", + "etc/apk/commit_hooks.d/ldconfig-commit.sh", + "usr/bin/ld.so", + "usr/bin/ldconfig", + "usr/lib/libBrokenLocale.so.1", + "usr/lib/libanl.so.1", + "usr/lib/libc.so.6", + "usr/lib/libc_malloc_debug.so.0", + "usr/lib/libdl.so.2", + "usr/lib/libm.so.6", + "usr/lib/libmemusage.so", + "usr/lib/libmvec.so.1", + "usr/lib/libnsl.so.1", + "usr/lib/libnss_compat.so.2", + "usr/lib/libnss_dns.so.2", + "usr/lib/libnss_files.so.2", + "usr/lib/libpthread.so.0", + "usr/lib/libresolv.so.2", + "usr/lib/librt.so.1", + "usr/lib/libthread_db.so.1", + "usr/lib/libutil.so.1", + "var/lib/db/sbom/glibc-2.43-r7.spdx.json" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "glibc-locale-posix@2.43-r7", + "Name": "glibc-locale-posix", + "Identifier": { + "PURL": "pkg:apk/wolfi/glibc-locale-posix@2.43-r7?arch=x86_64\u0026distro=20230201", + "UID": "d44b25bb62d865d3" + }, + "Version": "2.43-r7", + "Arch": "x86_64", + "SrcName": "glibc", + "SrcVersion": "2.43-r7", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "wolfi", + "DependsOn": [ + "wolfi-baselayout@20230201-r29" + ], + "Layer": { + "Digest": "sha256:860e1c8a11b7b2efc375891fded78cd87961dafe0801554372faaf6e517622ff", + "DiffID": "sha256:7505965c2d8eb899a7de523a3351dc5636845c24cf50a7df9fcff870d2048e1c" + }, + "Digest": "sha1:0b8977ea1b9fd95bee784b9f7f1a975431088f73", + "InstalledFiles": [ + "usr/lib/locale/C.utf8/LC_ADDRESS", + "usr/lib/locale/C.utf8/LC_COLLATE", + "usr/lib/locale/C.utf8/LC_CTYPE", + "usr/lib/locale/C.utf8/LC_IDENTIFICATION", + "usr/lib/locale/C.utf8/LC_MEASUREMENT", + "usr/lib/locale/C.utf8/LC_MONETARY", + "usr/lib/locale/C.utf8/LC_NAME", + "usr/lib/locale/C.utf8/LC_NUMERIC", + "usr/lib/locale/C.utf8/LC_PAPER", + "usr/lib/locale/C.utf8/LC_TELEPHONE", + "usr/lib/locale/C.utf8/LC_TIME", + "usr/lib/locale/C.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "var/lib/db/sbom/glibc-locale-posix-2.43-r7.spdx.json" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ld-linux@2.43-r7", + "Name": "ld-linux", + "Identifier": { + "PURL": "pkg:apk/wolfi/ld-linux@2.43-r7?arch=x86_64\u0026distro=20230201", + "UID": "7678e2c8b3007292" + }, + "Version": "2.43-r7", + "Arch": "x86_64", + "SrcName": "glibc", + "SrcVersion": "2.43-r7", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "wolfi", + "DependsOn": [ + "glibc@2.43-r7", + "wolfi-baselayout@20230201-r29" + ], + "Layer": { + "Digest": "sha256:860e1c8a11b7b2efc375891fded78cd87961dafe0801554372faaf6e517622ff", + "DiffID": "sha256:7505965c2d8eb899a7de523a3351dc5636845c24cf50a7df9fcff870d2048e1c" + }, + "Digest": "sha1:eda542ec0f919bdfefc4d391cbd66a6a0089a3c0", + "InstalledFiles": [ + "etc/ld.so.conf", + "etc/ld.so.conf.d/libc.conf", + "usr/lib/ld-linux-x86-64.so.2", + "var/lib/db/sbom/ld-linux-2.43-r7.spdx.json" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libbz2-1@1.0.8-r23", + "Name": "libbz2-1", + "Identifier": { + "PURL": "pkg:apk/wolfi/libbz2-1@1.0.8-r23?arch=x86_64\u0026distro=20230201", + "UID": "baf39df966852f25" + }, + "Version": "1.0.8-r23", + "Arch": "x86_64", + "SrcName": "bzip2", + "SrcVersion": "1.0.8-r23", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "wolfi", + "DependsOn": [ + "glibc@2.43-r7" + ], + "Layer": { + "Digest": "sha256:858f3967e60f4e2f68ad413de098383c0a420717d554a9e1523cab3e56898c94", + "DiffID": "sha256:fa008b9e9566cccb0022385799dfad042fce8d00164bbce9b0780c0d48189a94" + }, + "Digest": "sha1:7fc1bbc3ec68d43ae5212efbc33827d139624ada", + "InstalledFiles": [ + "usr/lib/libbz2.so.1", + "usr/lib/libbz2.so.1.0", + "usr/lib/libbz2.so.1.0.8", + "var/lib/db/sbom/libbz2-1-1.0.8-r23.spdx.json" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcrypt1@2.43-r7", + "Name": "libcrypt1", + "Identifier": { + "PURL": "pkg:apk/wolfi/libcrypt1@2.43-r7?arch=x86_64\u0026distro=20230201", + "UID": "b34138e20d9fb87a" + }, + "Version": "2.43-r7", + "Arch": "x86_64", + "SrcName": "glibc", + "SrcVersion": "2.43-r7", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "wolfi", + "DependsOn": [ + "glibc@2.43-r7", + "libxcrypt@4.5.2-r2", + "wolfi-baselayout@20230201-r29" + ], + "Layer": { + "Digest": "sha256:860e1c8a11b7b2efc375891fded78cd87961dafe0801554372faaf6e517622ff", + "DiffID": "sha256:7505965c2d8eb899a7de523a3351dc5636845c24cf50a7df9fcff870d2048e1c" + }, + "Digest": "sha1:2b0791fc2ee61b9771eae9c7323d1aa77a4ded74", + "InstalledFiles": [ + "var/lib/db/sbom/libcrypt1-2.43-r7.spdx.json" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcrypto3@3.6.2-r5", + "Name": "libcrypto3", + "Identifier": { + "PURL": "pkg:apk/wolfi/libcrypto3@3.6.2-r5?arch=x86_64\u0026distro=20230201", + "UID": "a046278abe6b9ef0" + }, + "Version": "3.6.2-r5", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.6.2-r5", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "wolfi", + "DependsOn": [ + "glibc@2.43-r7" + ], + "Layer": { + "Digest": "sha256:a5bfa7101982291c5462599e1eb8bc10b735e11d87315dc410d32701854a8df1", + "DiffID": "sha256:f11fd671e779cce250907410910e28992aa53539ab2a0975ac56dade8038383c" + }, + "Digest": "sha1:aaa5fa034519fdcd141796d11b7b398a4c779f24", + "InstalledFiles": [ + "etc/ssl/ca.cnf", + "usr/lib/libcrypto.so.3", + "var/lib/db/sbom/libcrypto3-3.6.2-r5.spdx.json" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libgcc@16.1.0-r1", + "Name": "libgcc", + "Identifier": { + "PURL": "pkg:apk/wolfi/libgcc@16.1.0-r1?arch=x86_64\u0026distro=20230201", + "UID": "c62104aba8c6673f" + }, + "Version": "16.1.0-r1", + "Arch": "x86_64", + "SrcName": "gcc", + "SrcVersion": "16.1.0-r1", + "Licenses": [ + "GPL-3.0-or-later WITH GCC-exception-3.1" + ], + "Maintainer": "wolfi", + "DependsOn": [ + "glibc@2.43-r7", + "ld-linux@2.43-r7" + ], + "Layer": { + "Digest": "sha256:4b14fbe9f208e0e4db31fa1d0355d3a4f3be73e3cf4b7842a7b391de62ea1768", + "DiffID": "sha256:850730726263ef9170056c45983eebcbb4c22014c78b7d72032085fa3762def1" + }, + "Digest": "sha1:222b2b0347eea4eb7f440d0746956585d88be3ca", + "InstalledFiles": [ + "usr/lib/libgcc_s.so.1", + "usr/lib/libgcc_s_asneeded.so", + "var/lib/db/sbom/libgcc-16.1.0-r1.spdx.json" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libssl3@3.6.2-r5", + "Name": "libssl3", + "Identifier": { + "PURL": "pkg:apk/wolfi/libssl3@3.6.2-r5?arch=x86_64\u0026distro=20230201", + "UID": "9ca3c227d7ad2f32" + }, + "Version": "3.6.2-r5", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.6.2-r5", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "wolfi", + "DependsOn": [ + "glibc@2.43-r7", + "libcrypto3@3.6.2-r5" + ], + "Layer": { + "Digest": "sha256:a5bfa7101982291c5462599e1eb8bc10b735e11d87315dc410d32701854a8df1", + "DiffID": "sha256:f11fd671e779cce250907410910e28992aa53539ab2a0975ac56dade8038383c" + }, + "Digest": "sha1:c35d5c141272a08edcdaeea03e2a5796b82c6889", + "InstalledFiles": [ + "usr/lib/libssl.so.3", + "var/lib/db/sbom/libssl3-3.6.2-r5.spdx.json" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libxcrypt@4.5.2-r2", + "Name": "libxcrypt", + "Identifier": { + "PURL": "pkg:apk/wolfi/libxcrypt@4.5.2-r2?arch=x86_64\u0026distro=20230201", + "UID": "c4d66f4744dcb02a" + }, + "Version": "4.5.2-r2", + "Arch": "x86_64", + "SrcName": "libxcrypt", + "SrcVersion": "4.5.2-r2", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "wolfi", + "Layer": { + "Digest": "sha256:7c6e71c1fdfdf429844e25aad86441920641c0ba46466bc1d043556bfb81b24e", + "DiffID": "sha256:70991d5976e247cb33ca1923edd3f609e6c23f527dbe62b838d6a03c0bca6453" + }, + "Digest": "sha1:1dde219a6ba81f29f519398066c7924a90e34598", + "InstalledFiles": [ + "usr/lib/libcrypt.so.1", + "usr/lib/libcrypt.so.1.1.0", + "var/lib/db/sbom/libxcrypt-4.5.2-r2.spdx.json" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "perl@5.42.2-r0", + "Name": "perl", + "Identifier": { + "PURL": "pkg:apk/wolfi/perl@5.42.2-r0?arch=x86_64\u0026distro=20230201", + "UID": "ae78e403626bfc66" + }, + "Version": "5.42.2-r0", + "Arch": "x86_64", + "SrcName": "perl", + "SrcVersion": "5.42.2-r0", + "Licenses": [ + "Artistic-1.0-Perl", + "GPL-1.0-or-later" + ], + "Maintainer": "wolfi", + "DependsOn": [ + "glibc@2.43-r7", + "ld-linux@2.43-r7", + "libbz2-1@1.0.8-r23", + "libcrypt1@2.43-r7", + "zlib@1.3.2-r3" + ], + "Layer": { + "Digest": "sha256:bbf145ce746720e770db2198f415ca26e343d5d7a94ec0c90bf590e09ed0646d", + "DiffID": "sha256:3a9803177bb563195998847cce18c838b99873e634c902f385e042d5228df4d7" + }, + "Digest": "sha1:aaed423b55b8d1d00a21deb8d57663f19c448503", + "InstalledFiles": [ + "usr/bin/perl", + "usr/bin/perl5.42.2", + "usr/bin/perldoc", + "usr/bin/pod2html", + "usr/bin/pod2man", + "usr/bin/pod2text", + "usr/bin/pod2usage", + "usr/bin/podchecker", + "usr/bin/streamzip", + "usr/lib/perl5/core_perl/B.pm", + "usr/lib/perl5/core_perl/Config.pm", + "usr/lib/perl5/core_perl/Config_git.pl", + "usr/lib/perl5/core_perl/Config_heavy.pl", + "usr/lib/perl5/core_perl/Cwd.pm", + "usr/lib/perl5/core_perl/DynaLoader.pm", + "usr/lib/perl5/core_perl/Encode.pm", + "usr/lib/perl5/core_perl/Errno.pm", + "usr/lib/perl5/core_perl/Fcntl.pm", + "usr/lib/perl5/core_perl/IO.pm", + "usr/lib/perl5/core_perl/O.pm", + "usr/lib/perl5/core_perl/Opcode.pm", + "usr/lib/perl5/core_perl/POSIX.pm", + "usr/lib/perl5/core_perl/SDBM_File.pm", + "usr/lib/perl5/core_perl/Socket.pm", + "usr/lib/perl5/core_perl/Storable.pm", + "usr/lib/perl5/core_perl/attributes.pm", + "usr/lib/perl5/core_perl/encoding.pm", + "usr/lib/perl5/core_perl/lib.pm", + "usr/lib/perl5/core_perl/mro.pm", + "usr/lib/perl5/core_perl/ops.pm", + "usr/lib/perl5/core_perl/re.pm", + "usr/lib/perl5/core_perl/threads.pm", + "usr/lib/perl5/core_perl/B/Concise.pm", + "usr/lib/perl5/core_perl/B/Showlex.pm", + "usr/lib/perl5/core_perl/B/Terse.pm", + "usr/lib/perl5/core_perl/B/Xref.pm", + "usr/lib/perl5/core_perl/CORE/libperl.so", + "usr/lib/perl5/core_perl/Compress/Raw/Bzip2.pm", + "usr/lib/perl5/core_perl/Compress/Raw/Zlib.pm", + "usr/lib/perl5/core_perl/Data/Dumper.pm", + "usr/lib/perl5/core_perl/Digest/MD5.pm", + "usr/lib/perl5/core_perl/Digest/SHA.pm", + "usr/lib/perl5/core_perl/Encode/Alias.pm", + "usr/lib/perl5/core_perl/Encode/Byte.pm", + "usr/lib/perl5/core_perl/Encode/CJKConstants.pm", + "usr/lib/perl5/core_perl/Encode/CN.pm", + "usr/lib/perl5/core_perl/Encode/Config.pm", + "usr/lib/perl5/core_perl/Encode/EBCDIC.pm", + "usr/lib/perl5/core_perl/Encode/Encoder.pm", + "usr/lib/perl5/core_perl/Encode/Encoding.pm", + "usr/lib/perl5/core_perl/Encode/GSM0338.pm", + "usr/lib/perl5/core_perl/Encode/Guess.pm", + "usr/lib/perl5/core_perl/Encode/JP.pm", + "usr/lib/perl5/core_perl/Encode/KR.pm", + "usr/lib/perl5/core_perl/Encode/Symbol.pm", + "usr/lib/perl5/core_perl/Encode/TW.pm", + "usr/lib/perl5/core_perl/Encode/Unicode.pm", + "usr/lib/perl5/core_perl/Encode/CN/HZ.pm", + "usr/lib/perl5/core_perl/Encode/JP/H2Z.pm", + "usr/lib/perl5/core_perl/Encode/JP/JIS7.pm", + "usr/lib/perl5/core_perl/Encode/KR/2022_KR.pm", + "usr/lib/perl5/core_perl/Encode/MIME/Header.pm", + "usr/lib/perl5/core_perl/Encode/MIME/Name.pm", + "usr/lib/perl5/core_perl/Encode/MIME/Header/ISO_2022_JP.pm", + "usr/lib/perl5/core_perl/Encode/Unicode/UTF7.pm", + "usr/lib/perl5/core_perl/File/DosGlob.pm", + "usr/lib/perl5/core_perl/File/Glob.pm", + "usr/lib/perl5/core_perl/File/Spec.pm", + "usr/lib/perl5/core_perl/File/Spec/AmigaOS.pm", + "usr/lib/perl5/core_perl/File/Spec/Cygwin.pm", + "usr/lib/perl5/core_perl/File/Spec/Epoc.pm", + "usr/lib/perl5/core_perl/File/Spec/Functions.pm", + "usr/lib/perl5/core_perl/File/Spec/Mac.pm", + "usr/lib/perl5/core_perl/File/Spec/OS2.pm", + "usr/lib/perl5/core_perl/File/Spec/Unix.pm", + "usr/lib/perl5/core_perl/File/Spec/VMS.pm", + "usr/lib/perl5/core_perl/File/Spec/Win32.pm", + "usr/lib/perl5/core_perl/Filter/Util/Call.pm", + "usr/lib/perl5/core_perl/Hash/Util.pm", + "usr/lib/perl5/core_perl/Hash/Util/FieldHash.pm", + "usr/lib/perl5/core_perl/I18N/Langinfo.pm", + "usr/lib/perl5/core_perl/IO/Dir.pm", + "usr/lib/perl5/core_perl/IO/File.pm", + "usr/lib/perl5/core_perl/IO/Handle.pm", + "usr/lib/perl5/core_perl/IO/Pipe.pm", + "usr/lib/perl5/core_perl/IO/Poll.pm", + "usr/lib/perl5/core_perl/IO/Seekable.pm", + "usr/lib/perl5/core_perl/IO/Select.pm", + "usr/lib/perl5/core_perl/IO/Socket.pm", + "usr/lib/perl5/core_perl/IO/Socket/INET.pm", + "usr/lib/perl5/core_perl/IO/Socket/UNIX.pm", + "usr/lib/perl5/core_perl/IPC/Msg.pm", + "usr/lib/perl5/core_perl/IPC/Semaphore.pm", + "usr/lib/perl5/core_perl/IPC/SharedMem.pm", + "usr/lib/perl5/core_perl/IPC/SysV.pm", + "usr/lib/perl5/core_perl/List/Util.pm", + "usr/lib/perl5/core_perl/List/Util/XS.pm", + "usr/lib/perl5/core_perl/MIME/Base64.pm", + "usr/lib/perl5/core_perl/MIME/QuotedPrint.pm", + "usr/lib/perl5/core_perl/Math/BigInt/FastCalc.pm", + "usr/lib/perl5/core_perl/PerlIO/encoding.pm", + "usr/lib/perl5/core_perl/PerlIO/mmap.pm", + "usr/lib/perl5/core_perl/PerlIO/via.pm", + "usr/lib/perl5/core_perl/Scalar/Util.pm", + "usr/lib/perl5/core_perl/Scalar/List/Utils.pm", + "usr/lib/perl5/core_perl/Sub/Util.pm", + "usr/lib/perl5/core_perl/Sys/Hostname.pm", + "usr/lib/perl5/core_perl/Sys/Syslog.pm", + "usr/lib/perl5/core_perl/Time/HiRes.pm", + "usr/lib/perl5/core_perl/Time/Piece.pm", + "usr/lib/perl5/core_perl/Time/Seconds.pm", + "usr/lib/perl5/core_perl/Unicode/Collate.pm", + "usr/lib/perl5/core_perl/Unicode/Normalize.pm", + "usr/lib/perl5/core_perl/Unicode/Collate/Locale.pm", + "usr/lib/perl5/core_perl/auto/B/B.so", + "usr/lib/perl5/core_perl/auto/Compress/Raw/Bzip2/Bzip2.so", + "usr/lib/perl5/core_perl/auto/Compress/Raw/Zlib/Zlib.so", + "usr/lib/perl5/core_perl/auto/Cwd/Cwd.so", + "usr/lib/perl5/core_perl/auto/Data/Dumper/Dumper.so", + "usr/lib/perl5/core_perl/auto/Devel/Peek/Peek.so", + "usr/lib/perl5/core_perl/auto/Digest/MD5/MD5.so", + "usr/lib/perl5/core_perl/auto/Digest/SHA/SHA.so", + "usr/lib/perl5/core_perl/auto/Encode/Encode.so", + "usr/lib/perl5/core_perl/auto/Encode/Byte/Byte.so", + "usr/lib/perl5/core_perl/auto/Encode/CN/CN.so", + "usr/lib/perl5/core_perl/auto/Encode/EBCDIC/EBCDIC.so", + "usr/lib/perl5/core_perl/auto/Encode/JP/JP.so", + "usr/lib/perl5/core_perl/auto/Encode/KR/KR.so", + "usr/lib/perl5/core_perl/auto/Encode/Symbol/Symbol.so", + "usr/lib/perl5/core_perl/auto/Encode/TW/TW.so", + "usr/lib/perl5/core_perl/auto/Encode/Unicode/Unicode.so", + "usr/lib/perl5/core_perl/auto/Fcntl/Fcntl.so", + "usr/lib/perl5/core_perl/auto/File/DosGlob/DosGlob.so", + "usr/lib/perl5/core_perl/auto/File/Glob/Glob.so", + "usr/lib/perl5/core_perl/auto/Filter/Util/Call/Call.so", + "usr/lib/perl5/core_perl/auto/Hash/Util/Util.so", + "usr/lib/perl5/core_perl/auto/Hash/Util/FieldHash/FieldHash.so", + "usr/lib/perl5/core_perl/auto/I18N/Langinfo/Langinfo.so", + "usr/lib/perl5/core_perl/auto/IO/IO.so", + "usr/lib/perl5/core_perl/auto/IPC/SysV/SysV.so", + "usr/lib/perl5/core_perl/auto/List/Util/Util.so", + "usr/lib/perl5/core_perl/auto/MIME/Base64/Base64.so", + "usr/lib/perl5/core_perl/auto/Math/BigInt/FastCalc/FastCalc.so", + "usr/lib/perl5/core_perl/auto/Opcode/Opcode.so", + "usr/lib/perl5/core_perl/auto/POSIX/POSIX.so", + "usr/lib/perl5/core_perl/auto/PerlIO/encoding/encoding.so", + "usr/lib/perl5/core_perl/auto/PerlIO/mmap/mmap.so", + "usr/lib/perl5/core_perl/auto/PerlIO/via/via.so", + "usr/lib/perl5/core_perl/auto/SDBM_File/SDBM_File.so", + "usr/lib/perl5/core_perl/auto/Socket/Socket.so", + "usr/lib/perl5/core_perl/auto/Storable/Storable.so", + "usr/lib/perl5/core_perl/auto/Sys/Hostname/Hostname.so", + "usr/lib/perl5/core_perl/auto/Sys/Syslog/Syslog.so", + "usr/lib/perl5/core_perl/auto/Time/HiRes/HiRes.so", + "usr/lib/perl5/core_perl/auto/Time/Piece/Piece.so", + "usr/lib/perl5/core_perl/auto/Unicode/Collate/Collate.so", + "usr/lib/perl5/core_perl/auto/Unicode/Normalize/Normalize.so", + "usr/lib/perl5/core_perl/auto/attributes/attributes.so", + "usr/lib/perl5/core_perl/auto/mro/mro.so", + "usr/lib/perl5/core_perl/auto/re/re.so", + "usr/lib/perl5/core_perl/auto/threads/threads.so", + "usr/lib/perl5/core_perl/auto/threads/shared/shared.so", + "usr/lib/perl5/core_perl/threads/shared.pm", + "usr/share/perl5/core_perl/AnyDBM_File.pm", + "usr/share/perl5/core_perl/AutoLoader.pm", + "usr/share/perl5/core_perl/AutoSplit.pm", + "usr/share/perl5/core_perl/Benchmark.pm", + "usr/share/perl5/core_perl/CPAN.pm", + "usr/share/perl5/core_perl/Carp.pm", + "usr/share/perl5/core_perl/DB.pm", + "usr/share/perl5/core_perl/DBM_Filter.pm", + "usr/share/perl5/core_perl/Digest.pm", + "usr/share/perl5/core_perl/DirHandle.pm", + "usr/share/perl5/core_perl/Dumpvalue.pm", + "usr/share/perl5/core_perl/English.pm", + "usr/share/perl5/core_perl/Env.pm", + "usr/share/perl5/core_perl/Exporter.pm", + "usr/share/perl5/core_perl/Fatal.pm", + "usr/share/perl5/core_perl/FileCache.pm", + "usr/share/perl5/core_perl/FileHandle.pm", + "usr/share/perl5/core_perl/FindBin.pm", + "usr/share/perl5/core_perl/Memoize.pm", + "usr/share/perl5/core_perl/NEXT.pm", + "usr/share/perl5/core_perl/PerlIO.pm", + "usr/share/perl5/core_perl/Safe.pm", + "usr/share/perl5/core_perl/SelectSaver.pm", + "usr/share/perl5/core_perl/SelfLoader.pm", + "usr/share/perl5/core_perl/Symbol.pm", + "usr/share/perl5/core_perl/Test.pm", + "usr/share/perl5/core_perl/Test2.pm", + "usr/share/perl5/core_perl/Thread.pm", + "usr/share/perl5/core_perl/UNIVERSAL.pm", + "usr/share/perl5/core_perl/XSLoader.pm", + "usr/share/perl5/core_perl/_charnames.pm", + "usr/share/perl5/core_perl/autodie.pm", + "usr/share/perl5/core_perl/autouse.pm", + "usr/share/perl5/core_perl/base.pm", + "usr/share/perl5/core_perl/bigfloat.pm", + "usr/share/perl5/core_perl/bigint.pm", + "usr/share/perl5/core_perl/bignum.pm", + "usr/share/perl5/core_perl/bigrat.pm", + "usr/share/perl5/core_perl/blib.pm", + "usr/share/perl5/core_perl/builtin.pm", + "usr/share/perl5/core_perl/bytes.pm", + "usr/share/perl5/core_perl/charnames.pm", + "usr/share/perl5/core_perl/constant.pm", + "usr/share/perl5/core_perl/deprecate.pm", + "usr/share/perl5/core_perl/diagnostics.pm", + "usr/share/perl5/core_perl/dumpvar.pl", + "usr/share/perl5/core_perl/experimental.pm", + "usr/share/perl5/core_perl/feature.pm", + "usr/share/perl5/core_perl/fields.pm", + "usr/share/perl5/core_perl/filetest.pm", + "usr/share/perl5/core_perl/if.pm", + "usr/share/perl5/core_perl/integer.pm", + "usr/share/perl5/core_perl/less.pm", + "usr/share/perl5/core_perl/locale.pm", + "usr/share/perl5/core_perl/meta_notation.pm", + "usr/share/perl5/core_perl/ok.pm", + "usr/share/perl5/core_perl/open.pm", + "usr/share/perl5/core_perl/overload.pm", + "usr/share/perl5/core_perl/overloading.pm", + "usr/share/perl5/core_perl/parent.pm", + "usr/share/perl5/core_perl/perl5db.pl", + "usr/share/perl5/core_perl/perlfaq.pm", + "usr/share/perl5/core_perl/sigtrap.pm", + "usr/share/perl5/core_perl/sort.pm", + "usr/share/perl5/core_perl/stable.pm", + "usr/share/perl5/core_perl/strict.pm", + "usr/share/perl5/core_perl/subs.pm", + "usr/share/perl5/core_perl/utf8.pm", + "usr/share/perl5/core_perl/vars.pm", + "usr/share/perl5/core_perl/version.pm", + "usr/share/perl5/core_perl/vmsish.pm", + "usr/share/perl5/core_perl/warnings.pm", + "usr/share/perl5/core_perl/App/Cpan.pm", + "usr/share/perl5/core_perl/App/Prove.pm", + "usr/share/perl5/core_perl/App/Prove/State.pm", + "usr/share/perl5/core_perl/App/Prove/State/Result.pm", + "usr/share/perl5/core_perl/App/Prove/State/Result/Test.pm", + "usr/share/perl5/core_perl/Archive/Tar.pm", + "usr/share/perl5/core_perl/Archive/Tar/Constant.pm", + "usr/share/perl5/core_perl/Archive/Tar/File.pm", + "usr/share/perl5/core_perl/Attribute/Handlers.pm", + "usr/share/perl5/core_perl/B/Deparse.pm", + "usr/share/perl5/core_perl/B/Op_private.pm", + "usr/share/perl5/core_perl/CPAN/Author.pm", + "usr/share/perl5/core_perl/CPAN/Bundle.pm", + "usr/share/perl5/core_perl/CPAN/CacheMgr.pm", + "usr/share/perl5/core_perl/CPAN/Complete.pm", + "usr/share/perl5/core_perl/CPAN/Debug.pm", + "usr/share/perl5/core_perl/CPAN/DeferredCode.pm", + "usr/share/perl5/core_perl/CPAN/Distribution.pm", + "usr/share/perl5/core_perl/CPAN/Distroprefs.pm", + "usr/share/perl5/core_perl/CPAN/Distrostatus.pm", + "usr/share/perl5/core_perl/CPAN/FTP.pm", + "usr/share/perl5/core_perl/CPAN/FirstTime.pm", + "usr/share/perl5/core_perl/CPAN/HandleConfig.pm", + "usr/share/perl5/core_perl/CPAN/Index.pm", + "usr/share/perl5/core_perl/CPAN/InfoObj.pm", + "usr/share/perl5/core_perl/CPAN/Kwalify.pm", + "usr/share/perl5/core_perl/CPAN/Meta.pm", + "usr/share/perl5/core_perl/CPAN/Mirrors.pm", + "usr/share/perl5/core_perl/CPAN/Module.pm", + "usr/share/perl5/core_perl/CPAN/Nox.pm", + "usr/share/perl5/core_perl/CPAN/Plugin.pm", + "usr/share/perl5/core_perl/CPAN/Prompt.pm", + "usr/share/perl5/core_perl/CPAN/Queue.pm", + "usr/share/perl5/core_perl/CPAN/Shell.pm", + "usr/share/perl5/core_perl/CPAN/Tarzip.pm", + "usr/share/perl5/core_perl/CPAN/URL.pm", + "usr/share/perl5/core_perl/CPAN/Version.pm", + "usr/share/perl5/core_perl/CPAN/Exception/RecursiveDependency.pm", + "usr/share/perl5/core_perl/CPAN/Exception/blocked_urllist.pm", + "usr/share/perl5/core_perl/CPAN/Exception/yaml_not_installed.pm", + "usr/share/perl5/core_perl/CPAN/Exception/yaml_process_error.pm", + "usr/share/perl5/core_perl/CPAN/FTP/netrc.pm", + "usr/share/perl5/core_perl/CPAN/HTTP/Client.pm", + "usr/share/perl5/core_perl/CPAN/HTTP/Credentials.pm", + "usr/share/perl5/core_perl/CPAN/Kwalify/distroprefs.dd", + "usr/share/perl5/core_perl/CPAN/Kwalify/distroprefs.yml", + "usr/share/perl5/core_perl/CPAN/LWP/UserAgent.pm", + "usr/share/perl5/core_perl/CPAN/Meta/Converter.pm", + "usr/share/perl5/core_perl/CPAN/Meta/Feature.pm", + "usr/share/perl5/core_perl/CPAN/Meta/History.pm", + "usr/share/perl5/core_perl/CPAN/Meta/Merge.pm", + "usr/share/perl5/core_perl/CPAN/Meta/Prereqs.pm", + "usr/share/perl5/core_perl/CPAN/Meta/Requirements.pm", + "usr/share/perl5/core_perl/CPAN/Meta/Spec.pm", + "usr/share/perl5/core_perl/CPAN/Meta/Validator.pm", + "usr/share/perl5/core_perl/CPAN/Meta/YAML.pm", + "usr/share/perl5/core_perl/CPAN/Meta/Requirements/Range.pm", + "usr/share/perl5/core_perl/CPAN/Plugin/Specfile.pm", + "usr/share/perl5/core_perl/Carp/Heavy.pm", + "usr/share/perl5/core_perl/Class/Struct.pm", + "usr/share/perl5/core_perl/Compress/Zlib.pm", + "usr/share/perl5/core_perl/Config/Extensions.pm", + "usr/share/perl5/core_perl/Config/Perl/V.pm", + "usr/share/perl5/core_perl/DBM_Filter/compress.pm", + "usr/share/perl5/core_perl/DBM_Filter/encode.pm", + "usr/share/perl5/core_perl/DBM_Filter/int32.pm", + "usr/share/perl5/core_perl/DBM_Filter/null.pm", + "usr/share/perl5/core_perl/DBM_Filter/utf8.pm", + "usr/share/perl5/core_perl/Devel/SelfStubber.pm", + "usr/share/perl5/core_perl/Digest/base.pm", + "usr/share/perl5/core_perl/Digest/file.pm", + "usr/share/perl5/core_perl/Exporter/Heavy.pm", + "usr/share/perl5/core_perl/ExtUtils/CBuilder.pm", + "usr/share/perl5/core_perl/ExtUtils/Command.pm", + "usr/share/perl5/core_perl/ExtUtils/Constant.pm", + "usr/share/perl5/core_perl/ExtUtils/Embed.pm", + "usr/share/perl5/core_perl/ExtUtils/Install.pm", + "usr/share/perl5/core_perl/ExtUtils/Installed.pm", + "usr/share/perl5/core_perl/ExtUtils/Liblist.pm", + "usr/share/perl5/core_perl/ExtUtils/MANIFEST.SKIP", + "usr/share/perl5/core_perl/ExtUtils/MM.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_AIX.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_Any.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_BeOS.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_Cygwin.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_DOS.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_Darwin.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_MacOS.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_NW5.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_OS2.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_OS390.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_QNX.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_UWIN.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_Unix.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_VMS.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_VOS.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_Win32.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_Win95.pm", + "usr/share/perl5/core_perl/ExtUtils/MY.pm", + "usr/share/perl5/core_perl/ExtUtils/MakeMaker.pm", + "usr/share/perl5/core_perl/ExtUtils/Manifest.pm", + "usr/share/perl5/core_perl/ExtUtils/Miniperl.pm", + "usr/share/perl5/core_perl/ExtUtils/Mkbootstrap.pm", + "usr/share/perl5/core_perl/ExtUtils/Mksymlists.pm", + "usr/share/perl5/core_perl/ExtUtils/PL2Bat.pm", + "usr/share/perl5/core_perl/ExtUtils/Packlist.pm", + "usr/share/perl5/core_perl/ExtUtils/ParseXS.pm", + "usr/share/perl5/core_perl/ExtUtils/Typemaps.pm", + "usr/share/perl5/core_perl/ExtUtils/testlib.pm", + "usr/share/perl5/core_perl/ExtUtils/typemap", + "usr/share/perl5/core_perl/ExtUtils/xsubpp", + "usr/share/perl5/core_perl/ExtUtils/CBuilder/Base.pm", + "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/Unix.pm", + "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/VMS.pm", + "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/Windows.pm", + "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/aix.pm", + "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/android.pm", + "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/cygwin.pm", + "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/darwin.pm", + "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/dec_osf.pm", + "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/os2.pm", + "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/Windows/BCC.pm", + "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/Windows/GCC.pm", + "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/Windows/MSVC.pm", + "usr/share/perl5/core_perl/ExtUtils/Command/MM.pm", + "usr/share/perl5/core_perl/ExtUtils/Constant/Base.pm", + "usr/share/perl5/core_perl/ExtUtils/Constant/ProxySubs.pm", + "usr/share/perl5/core_perl/ExtUtils/Constant/Utils.pm", + "usr/share/perl5/core_perl/ExtUtils/Constant/XS.pm", + "usr/share/perl5/core_perl/ExtUtils/Liblist/Kid.pm", + "usr/share/perl5/core_perl/ExtUtils/MakeMaker/Config.pm", + "usr/share/perl5/core_perl/ExtUtils/MakeMaker/Locale.pm", + "usr/share/perl5/core_perl/ExtUtils/MakeMaker/version.pm", + "usr/share/perl5/core_perl/ExtUtils/ParseXS/Constants.pm", + "usr/share/perl5/core_perl/ExtUtils/ParseXS/CountLines.pm", + "usr/share/perl5/core_perl/ExtUtils/ParseXS/Eval.pm", + "usr/share/perl5/core_perl/ExtUtils/ParseXS/Node.pm", + "usr/share/perl5/core_perl/ExtUtils/ParseXS/Utilities.pm", + "usr/share/perl5/core_perl/ExtUtils/Typemaps/Cmd.pm", + "usr/share/perl5/core_perl/ExtUtils/Typemaps/InputMap.pm", + "usr/share/perl5/core_perl/ExtUtils/Typemaps/OutputMap.pm", + "usr/share/perl5/core_perl/ExtUtils/Typemaps/Type.pm", + "usr/share/perl5/core_perl/File/Basename.pm", + "usr/share/perl5/core_perl/File/Compare.pm", + "usr/share/perl5/core_perl/File/Copy.pm", + "usr/share/perl5/core_perl/File/Fetch.pm", + "usr/share/perl5/core_perl/File/Find.pm", + "usr/share/perl5/core_perl/File/GlobMapper.pm", + "usr/share/perl5/core_perl/File/Path.pm", + "usr/share/perl5/core_perl/File/Temp.pm", + "usr/share/perl5/core_perl/File/stat.pm", + "usr/share/perl5/core_perl/Filter/Simple.pm", + "usr/share/perl5/core_perl/Getopt/Long.pm", + "usr/share/perl5/core_perl/Getopt/Std.pm", + "usr/share/perl5/core_perl/Getopt/Long/Parser.pm", + "usr/share/perl5/core_perl/HTTP/Tiny.pm", + "usr/share/perl5/core_perl/I18N/Collate.pm", + "usr/share/perl5/core_perl/I18N/LangTags.pm", + "usr/share/perl5/core_perl/I18N/LangTags/Detect.pm", + "usr/share/perl5/core_perl/I18N/LangTags/List.pm", + "usr/share/perl5/core_perl/IO/Compress.pm", + "usr/share/perl5/core_perl/IO/Zlib.pm", + "usr/share/perl5/core_perl/IO/Compress/Base.pm", + "usr/share/perl5/core_perl/IO/Compress/Bzip2.pm", + "usr/share/perl5/core_perl/IO/Compress/Deflate.pm", + "usr/share/perl5/core_perl/IO/Compress/Gzip.pm", + "usr/share/perl5/core_perl/IO/Compress/RawDeflate.pm", + "usr/share/perl5/core_perl/IO/Compress/Zip.pm", + "usr/share/perl5/core_perl/IO/Compress/Adapter/Bzip2.pm", + "usr/share/perl5/core_perl/IO/Compress/Adapter/Deflate.pm", + "usr/share/perl5/core_perl/IO/Compress/Adapter/Identity.pm", + "usr/share/perl5/core_perl/IO/Compress/Base/Common.pm", + "usr/share/perl5/core_perl/IO/Compress/Gzip/Constants.pm", + "usr/share/perl5/core_perl/IO/Compress/Zip/Constants.pm", + "usr/share/perl5/core_perl/IO/Compress/Zlib/Constants.pm", + "usr/share/perl5/core_perl/IO/Compress/Zlib/Extra.pm", + "usr/share/perl5/core_perl/IO/Socket/IP.pm", + "usr/share/perl5/core_perl/IO/Uncompress/AnyInflate.pm", + "usr/share/perl5/core_perl/IO/Uncompress/AnyUncompress.pm", + "usr/share/perl5/core_perl/IO/Uncompress/Base.pm", + "usr/share/perl5/core_perl/IO/Uncompress/Bunzip2.pm", + "usr/share/perl5/core_perl/IO/Uncompress/Gunzip.pm", + "usr/share/perl5/core_perl/IO/Uncompress/Inflate.pm", + "usr/share/perl5/core_perl/IO/Uncompress/RawInflate.pm", + "usr/share/perl5/core_perl/IO/Uncompress/Unzip.pm", + "usr/share/perl5/core_perl/IO/Uncompress/Adapter/Bunzip2.pm", + "usr/share/perl5/core_perl/IO/Uncompress/Adapter/Identity.pm", + "usr/share/perl5/core_perl/IO/Uncompress/Adapter/Inflate.pm", + "usr/share/perl5/core_perl/IPC/Cmd.pm", + "usr/share/perl5/core_perl/IPC/Open2.pm", + "usr/share/perl5/core_perl/IPC/Open3.pm", + "usr/share/perl5/core_perl/JSON/PP.pm", + "usr/share/perl5/core_perl/JSON/PP/Boolean.pm", + "usr/share/perl5/core_perl/Locale/Maketext.pm", + "usr/share/perl5/core_perl/Locale/Maketext/Guts.pm", + "usr/share/perl5/core_perl/Locale/Maketext/GutsLoader.pm", + "usr/share/perl5/core_perl/Locale/Maketext/Simple.pm", + "usr/share/perl5/core_perl/Math/BigFloat.pm", + "usr/share/perl5/core_perl/Math/BigInt.pm", + "usr/share/perl5/core_perl/Math/BigRat.pm", + "usr/share/perl5/core_perl/Math/Complex.pm", + "usr/share/perl5/core_perl/Math/Trig.pm", + "usr/share/perl5/core_perl/Math/BigFloat/Trace.pm", + "usr/share/perl5/core_perl/Math/BigInt/Calc.pm", + "usr/share/perl5/core_perl/Math/BigInt/Lib.pm", + "usr/share/perl5/core_perl/Math/BigInt/Trace.pm", + "usr/share/perl5/core_perl/Math/BigRat/Trace.pm", + "usr/share/perl5/core_perl/Memoize/AnyDBM_File.pm", + "usr/share/perl5/core_perl/Memoize/Expire.pm", + "usr/share/perl5/core_perl/Memoize/NDBM_File.pm", + "usr/share/perl5/core_perl/Memoize/SDBM_File.pm", + "usr/share/perl5/core_perl/Memoize/Storable.pm", + "usr/share/perl5/core_perl/Module/CoreList.pm", + "usr/share/perl5/core_perl/Module/Load.pm", + "usr/share/perl5/core_perl/Module/Loaded.pm", + "usr/share/perl5/core_perl/Module/Metadata.pm", + "usr/share/perl5/core_perl/Module/CoreList/Utils.pm", + "usr/share/perl5/core_perl/Module/Load/Conditional.pm", + "usr/share/perl5/core_perl/Net/Cmd.pm", + "usr/share/perl5/core_perl/Net/Config.pm", + "usr/share/perl5/core_perl/Net/Domain.pm", + "usr/share/perl5/core_perl/Net/FTP.pm", + "usr/share/perl5/core_perl/Net/NNTP.pm", + "usr/share/perl5/core_perl/Net/Netrc.pm", + "usr/share/perl5/core_perl/Net/POP3.pm", + "usr/share/perl5/core_perl/Net/Ping.pm", + "usr/share/perl5/core_perl/Net/SMTP.pm", + "usr/share/perl5/core_perl/Net/Time.pm", + "usr/share/perl5/core_perl/Net/hostent.pm", + "usr/share/perl5/core_perl/Net/netent.pm", + "usr/share/perl5/core_perl/Net/protoent.pm", + "usr/share/perl5/core_perl/Net/servent.pm", + "usr/share/perl5/core_perl/Net/FTP/A.pm", + "usr/share/perl5/core_perl/Net/FTP/E.pm", + "usr/share/perl5/core_perl/Net/FTP/I.pm", + "usr/share/perl5/core_perl/Net/FTP/L.pm", + "usr/share/perl5/core_perl/Net/FTP/dataconn.pm", + "usr/share/perl5/core_perl/Params/Check.pm", + "usr/share/perl5/core_perl/Parse/CPAN/Meta.pm", + "usr/share/perl5/core_perl/Perl/OSType.pm", + "usr/share/perl5/core_perl/PerlIO/scalar.pm", + "usr/share/perl5/core_perl/PerlIO/via/QuotedPrint.pm", + "usr/share/perl5/core_perl/Pod/Checker.pm", + "usr/share/perl5/core_perl/Pod/Escapes.pm", + "usr/share/perl5/core_perl/Pod/Functions.pm", + "usr/share/perl5/core_perl/Pod/Html.pm", + "usr/share/perl5/core_perl/Pod/Man.pm", + "usr/share/perl5/core_perl/Pod/ParseLink.pm", + "usr/share/perl5/core_perl/Pod/Perldoc.pm", + "usr/share/perl5/core_perl/Pod/Simple.pm", + "usr/share/perl5/core_perl/Pod/Text.pm", + "usr/share/perl5/core_perl/Pod/Usage.pm", + "usr/share/perl5/core_perl/Pod/Html/Util.pm", + "usr/share/perl5/core_perl/Pod/Perldoc/BaseTo.pm", + "usr/share/perl5/core_perl/Pod/Perldoc/GetOptsOO.pm", + "usr/share/perl5/core_perl/Pod/Perldoc/ToANSI.pm", + "usr/share/perl5/core_perl/Pod/Perldoc/ToChecker.pm", + "usr/share/perl5/core_perl/Pod/Perldoc/ToMan.pm", + "usr/share/perl5/core_perl/Pod/Perldoc/ToNroff.pm", + "usr/share/perl5/core_perl/Pod/Perldoc/ToPod.pm", + "usr/share/perl5/core_perl/Pod/Perldoc/ToRtf.pm", + "usr/share/perl5/core_perl/Pod/Perldoc/ToTerm.pm", + "usr/share/perl5/core_perl/Pod/Perldoc/ToText.pm", + "usr/share/perl5/core_perl/Pod/Perldoc/ToTk.pm", + "usr/share/perl5/core_perl/Pod/Perldoc/ToXml.pm", + "usr/share/perl5/core_perl/Pod/Simple/BlackBox.pm", + "usr/share/perl5/core_perl/Pod/Simple/Checker.pm", + "usr/share/perl5/core_perl/Pod/Simple/Debug.pm", + "usr/share/perl5/core_perl/Pod/Simple/DumpAsText.pm", + "usr/share/perl5/core_perl/Pod/Simple/DumpAsXML.pm", + "usr/share/perl5/core_perl/Pod/Simple/HTML.pm", + "usr/share/perl5/core_perl/Pod/Simple/HTMLBatch.pm", + "usr/share/perl5/core_perl/Pod/Simple/HTMLLegacy.pm", + "usr/share/perl5/core_perl/Pod/Simple/JustPod.pm", + "usr/share/perl5/core_perl/Pod/Simple/LinkSection.pm", + "usr/share/perl5/core_perl/Pod/Simple/Methody.pm", + "usr/share/perl5/core_perl/Pod/Simple/Progress.pm", + "usr/share/perl5/core_perl/Pod/Simple/PullParser.pm", + "usr/share/perl5/core_perl/Pod/Simple/PullParserEndToken.pm", + "usr/share/perl5/core_perl/Pod/Simple/PullParserStartToken.pm", + "usr/share/perl5/core_perl/Pod/Simple/PullParserTextToken.pm", + "usr/share/perl5/core_perl/Pod/Simple/PullParserToken.pm", + "usr/share/perl5/core_perl/Pod/Simple/RTF.pm", + "usr/share/perl5/core_perl/Pod/Simple/Search.pm", + "usr/share/perl5/core_perl/Pod/Simple/SimpleTree.pm", + "usr/share/perl5/core_perl/Pod/Simple/Text.pm", + "usr/share/perl5/core_perl/Pod/Simple/TextContent.pm", + "usr/share/perl5/core_perl/Pod/Simple/TiedOutFH.pm", + "usr/share/perl5/core_perl/Pod/Simple/Transcode.pm", + "usr/share/perl5/core_perl/Pod/Simple/TranscodeDumb.pm", + "usr/share/perl5/core_perl/Pod/Simple/TranscodeSmart.pm", + "usr/share/perl5/core_perl/Pod/Simple/XHTML.pm", + "usr/share/perl5/core_perl/Pod/Simple/XMLOutStream.pm", + "usr/share/perl5/core_perl/Pod/Text/Color.pm", + "usr/share/perl5/core_perl/Pod/Text/Overstrike.pm", + "usr/share/perl5/core_perl/Pod/Text/Termcap.pm", + "usr/share/perl5/core_perl/Search/Dict.pm", + "usr/share/perl5/core_perl/TAP/Base.pm", + "usr/share/perl5/core_perl/TAP/Harness.pm", + "usr/share/perl5/core_perl/TAP/Object.pm", + "usr/share/perl5/core_perl/TAP/Parser.pm", + "usr/share/perl5/core_perl/TAP/Formatter/Base.pm", + "usr/share/perl5/core_perl/TAP/Formatter/Color.pm", + "usr/share/perl5/core_perl/TAP/Formatter/Console.pm", + "usr/share/perl5/core_perl/TAP/Formatter/File.pm", + "usr/share/perl5/core_perl/TAP/Formatter/Session.pm", + "usr/share/perl5/core_perl/TAP/Formatter/Console/ParallelSession.pm", + "usr/share/perl5/core_perl/TAP/Formatter/Console/Session.pm", + "usr/share/perl5/core_perl/TAP/Formatter/File/Session.pm", + "usr/share/perl5/core_perl/TAP/Harness/Env.pm", + "usr/share/perl5/core_perl/TAP/Parser/Aggregator.pm", + "usr/share/perl5/core_perl/TAP/Parser/Grammar.pm", + "usr/share/perl5/core_perl/TAP/Parser/Iterator.pm", + "usr/share/perl5/core_perl/TAP/Parser/IteratorFactory.pm", + "usr/share/perl5/core_perl/TAP/Parser/Multiplexer.pm", + "usr/share/perl5/core_perl/TAP/Parser/Result.pm", + "usr/share/perl5/core_perl/TAP/Parser/ResultFactory.pm", + "usr/share/perl5/core_perl/TAP/Parser/Scheduler.pm", + "usr/share/perl5/core_perl/TAP/Parser/Source.pm", + "usr/share/perl5/core_perl/TAP/Parser/SourceHandler.pm", + "usr/share/perl5/core_perl/TAP/Parser/Iterator/Array.pm", + "usr/share/perl5/core_perl/TAP/Parser/Iterator/Process.pm", + "usr/share/perl5/core_perl/TAP/Parser/Iterator/Stream.pm", + "usr/share/perl5/core_perl/TAP/Parser/Result/Bailout.pm", + "usr/share/perl5/core_perl/TAP/Parser/Result/Comment.pm", + "usr/share/perl5/core_perl/TAP/Parser/Result/Plan.pm", + "usr/share/perl5/core_perl/TAP/Parser/Result/Pragma.pm", + "usr/share/perl5/core_perl/TAP/Parser/Result/Test.pm", + "usr/share/perl5/core_perl/TAP/Parser/Result/Unknown.pm", + "usr/share/perl5/core_perl/TAP/Parser/Result/Version.pm", + "usr/share/perl5/core_perl/TAP/Parser/Result/YAML.pm", + "usr/share/perl5/core_perl/TAP/Parser/Scheduler/Job.pm", + "usr/share/perl5/core_perl/TAP/Parser/Scheduler/Spinner.pm", + "usr/share/perl5/core_perl/TAP/Parser/SourceHandler/Executable.pm", + "usr/share/perl5/core_perl/TAP/Parser/SourceHandler/File.pm", + "usr/share/perl5/core_perl/TAP/Parser/SourceHandler/Handle.pm", + "usr/share/perl5/core_perl/TAP/Parser/SourceHandler/Perl.pm", + "usr/share/perl5/core_perl/TAP/Parser/SourceHandler/RawTAP.pm", + "usr/share/perl5/core_perl/TAP/Parser/YAMLish/Reader.pm", + "usr/share/perl5/core_perl/TAP/Parser/YAMLish/Writer.pm", + "usr/share/perl5/core_perl/Term/ANSIColor.pm", + "usr/share/perl5/core_perl/Term/Cap.pm", + "usr/share/perl5/core_perl/Term/Complete.pm", + "usr/share/perl5/core_perl/Term/ReadLine.pm", + "usr/share/perl5/core_perl/Term/Table.pm", + "usr/share/perl5/core_perl/Term/Table/Cell.pm", + "usr/share/perl5/core_perl/Term/Table/CellStack.pm", + "usr/share/perl5/core_perl/Term/Table/HashBase.pm", + "usr/share/perl5/core_perl/Term/Table/LineBreak.pm", + "usr/share/perl5/core_perl/Term/Table/Spacer.pm", + "usr/share/perl5/core_perl/Term/Table/Util.pm", + "usr/share/perl5/core_perl/Test/Builder.pm", + "usr/share/perl5/core_perl/Test/Harness.pm", + "usr/share/perl5/core_perl/Test/More.pm", + "usr/share/perl5/core_perl/Test/Simple.pm", + "usr/share/perl5/core_perl/Test/Tester.pm", + "usr/share/perl5/core_perl/Test/Builder/Formatter.pm", + "usr/share/perl5/core_perl/Test/Builder/Module.pm", + "usr/share/perl5/core_perl/Test/Builder/Tester.pm", + "usr/share/perl5/core_perl/Test/Builder/TodoDiag.pm", + "usr/share/perl5/core_perl/Test/Builder/Tester/Color.pm", + "usr/share/perl5/core_perl/Test/Tester/Capture.pm", + "usr/share/perl5/core_perl/Test/Tester/CaptureRunner.pm", + "usr/share/perl5/core_perl/Test/Tester/Delegate.pm", + "usr/share/perl5/core_perl/Test/use/ok.pm", + "usr/share/perl5/core_perl/Test2/API.pm", + "usr/share/perl5/core_perl/Test2/AsyncSubtest.pm", + "usr/share/perl5/core_perl/Test2/Bundle.pm", + "usr/share/perl5/core_perl/Test2/Compare.pm", + "usr/share/perl5/core_perl/Test2/Env.pm", + "usr/share/perl5/core_perl/Test2/Event.pm", + "usr/share/perl5/core_perl/Test2/EventFacet.pm", + "usr/share/perl5/core_perl/Test2/Formatter.pm", + "usr/share/perl5/core_perl/Test2/Hub.pm", + "usr/share/perl5/core_perl/Test2/IPC.pm", + "usr/share/perl5/core_perl/Test2/Manual.pm", + "usr/share/perl5/core_perl/Test2/Mock.pm", + "usr/share/perl5/core_perl/Test2/Plugin.pm", + "usr/share/perl5/core_perl/Test2/Require.pm", + "usr/share/perl5/core_perl/Test2/Suite.pm", + "usr/share/perl5/core_perl/Test2/Todo.pm", + "usr/share/perl5/core_perl/Test2/Tools.pm", + "usr/share/perl5/core_perl/Test2/Util.pm", + "usr/share/perl5/core_perl/Test2/V0.pm", + "usr/share/perl5/core_perl/Test2/Workflow.pm", + "usr/share/perl5/core_perl/Test2/API/Breakage.pm", + "usr/share/perl5/core_perl/Test2/API/Context.pm", + "usr/share/perl5/core_perl/Test2/API/Instance.pm", + "usr/share/perl5/core_perl/Test2/API/InterceptResult.pm", + "usr/share/perl5/core_perl/Test2/API/Stack.pm", + "usr/share/perl5/core_perl/Test2/API/InterceptResult/Event.pm", + "usr/share/perl5/core_perl/Test2/API/InterceptResult/Facet.pm", + "usr/share/perl5/core_perl/Test2/API/InterceptResult/Hub.pm", + "usr/share/perl5/core_perl/Test2/API/InterceptResult/Squasher.pm", + "usr/share/perl5/core_perl/Test2/AsyncSubtest/Formatter.pm", + "usr/share/perl5/core_perl/Test2/AsyncSubtest/Hub.pm", + "usr/share/perl5/core_perl/Test2/AsyncSubtest/Event/Attach.pm", + "usr/share/perl5/core_perl/Test2/AsyncSubtest/Event/Detach.pm", + "usr/share/perl5/core_perl/Test2/Bundle/Extended.pm", + "usr/share/perl5/core_perl/Test2/Bundle/More.pm", + "usr/share/perl5/core_perl/Test2/Bundle/Simple.pm", + "usr/share/perl5/core_perl/Test2/Compare/Array.pm", + "usr/share/perl5/core_perl/Test2/Compare/Bag.pm", + "usr/share/perl5/core_perl/Test2/Compare/Base.pm", + "usr/share/perl5/core_perl/Test2/Compare/Bool.pm", + "usr/share/perl5/core_perl/Test2/Compare/Custom.pm", + "usr/share/perl5/core_perl/Test2/Compare/DeepRef.pm", + "usr/share/perl5/core_perl/Test2/Compare/Delta.pm", + "usr/share/perl5/core_perl/Test2/Compare/Event.pm", + "usr/share/perl5/core_perl/Test2/Compare/EventMeta.pm", + "usr/share/perl5/core_perl/Test2/Compare/Float.pm", + "usr/share/perl5/core_perl/Test2/Compare/Hash.pm", + "usr/share/perl5/core_perl/Test2/Compare/Isa.pm", + "usr/share/perl5/core_perl/Test2/Compare/Meta.pm", + "usr/share/perl5/core_perl/Test2/Compare/Negatable.pm", + "usr/share/perl5/core_perl/Test2/Compare/Number.pm", + "usr/share/perl5/core_perl/Test2/Compare/Object.pm", + "usr/share/perl5/core_perl/Test2/Compare/OrderedSubset.pm", + "usr/share/perl5/core_perl/Test2/Compare/Pattern.pm", + "usr/share/perl5/core_perl/Test2/Compare/Ref.pm", + "usr/share/perl5/core_perl/Test2/Compare/Regex.pm", + "usr/share/perl5/core_perl/Test2/Compare/Scalar.pm", + "usr/share/perl5/core_perl/Test2/Compare/Set.pm", + "usr/share/perl5/core_perl/Test2/Compare/String.pm", + "usr/share/perl5/core_perl/Test2/Compare/Undef.pm", + "usr/share/perl5/core_perl/Test2/Compare/Wildcard.pm", + "usr/share/perl5/core_perl/Test2/Event/Bail.pm", + "usr/share/perl5/core_perl/Test2/Event/Diag.pm", + "usr/share/perl5/core_perl/Test2/Event/Encoding.pm", + "usr/share/perl5/core_perl/Test2/Event/Exception.pm", + "usr/share/perl5/core_perl/Test2/Event/Fail.pm", + "usr/share/perl5/core_perl/Test2/Event/Generic.pm", + "usr/share/perl5/core_perl/Test2/Event/Note.pm", + "usr/share/perl5/core_perl/Test2/Event/Ok.pm", + "usr/share/perl5/core_perl/Test2/Event/Pass.pm", + "usr/share/perl5/core_perl/Test2/Event/Plan.pm", + "usr/share/perl5/core_perl/Test2/Event/Skip.pm", + "usr/share/perl5/core_perl/Test2/Event/Subtest.pm", + "usr/share/perl5/core_perl/Test2/Event/V2.pm", + "usr/share/perl5/core_perl/Test2/Event/Waiting.pm", + "usr/share/perl5/core_perl/Test2/Event/TAP/Version.pm", + "usr/share/perl5/core_perl/Test2/EventFacet/About.pm", + "usr/share/perl5/core_perl/Test2/EventFacet/Amnesty.pm", + "usr/share/perl5/core_perl/Test2/EventFacet/Assert.pm", + "usr/share/perl5/core_perl/Test2/EventFacet/Control.pm", + "usr/share/perl5/core_perl/Test2/EventFacet/Error.pm", + "usr/share/perl5/core_perl/Test2/EventFacet/Hub.pm", + "usr/share/perl5/core_perl/Test2/EventFacet/Info.pm", + "usr/share/perl5/core_perl/Test2/EventFacet/Meta.pm", + "usr/share/perl5/core_perl/Test2/EventFacet/Parent.pm", + "usr/share/perl5/core_perl/Test2/EventFacet/Plan.pm", + "usr/share/perl5/core_perl/Test2/EventFacet/Render.pm", + "usr/share/perl5/core_perl/Test2/EventFacet/Trace.pm", + "usr/share/perl5/core_perl/Test2/EventFacet/Info/Table.pm", + "usr/share/perl5/core_perl/Test2/Formatter/TAP.pm", + "usr/share/perl5/core_perl/Test2/Hub/Interceptor.pm", + "usr/share/perl5/core_perl/Test2/Hub/Subtest.pm", + "usr/share/perl5/core_perl/Test2/Hub/Interceptor/Terminator.pm", + "usr/share/perl5/core_perl/Test2/IPC/Driver.pm", + "usr/share/perl5/core_perl/Test2/IPC/Driver/Files.pm", + "usr/share/perl5/core_perl/Test2/Manual/Anatomy.pm", + "usr/share/perl5/core_perl/Test2/Manual/Concurrency.pm", + "usr/share/perl5/core_perl/Test2/Manual/Contributing.pm", + "usr/share/perl5/core_perl/Test2/Manual/Testing.pm", + "usr/share/perl5/core_perl/Test2/Manual/Tooling.pm", + "usr/share/perl5/core_perl/Test2/Manual/Anatomy/API.pm", + "usr/share/perl5/core_perl/Test2/Manual/Anatomy/Context.pm", + "usr/share/perl5/core_perl/Test2/Manual/Anatomy/EndToEnd.pm", + "usr/share/perl5/core_perl/Test2/Manual/Anatomy/Event.pm", + "usr/share/perl5/core_perl/Test2/Manual/Anatomy/Hubs.pm", + "usr/share/perl5/core_perl/Test2/Manual/Anatomy/IPC.pm", + "usr/share/perl5/core_perl/Test2/Manual/Anatomy/Utilities.pm", + "usr/share/perl5/core_perl/Test2/Manual/Testing/Introduction.pm", + "usr/share/perl5/core_perl/Test2/Manual/Testing/Migrating.pm", + "usr/share/perl5/core_perl/Test2/Manual/Testing/Planning.pm", + "usr/share/perl5/core_perl/Test2/Manual/Testing/Todo.pm", + "usr/share/perl5/core_perl/Test2/Manual/Tooling/FirstTool.pm", + "usr/share/perl5/core_perl/Test2/Manual/Tooling/Formatter.pm", + "usr/share/perl5/core_perl/Test2/Manual/Tooling/Nesting.pm", + "usr/share/perl5/core_perl/Test2/Manual/Tooling/Subtest.pm", + "usr/share/perl5/core_perl/Test2/Manual/Tooling/TestBuilder.pm", + "usr/share/perl5/core_perl/Test2/Manual/Tooling/Testing.pm", + "usr/share/perl5/core_perl/Test2/Manual/Tooling/Plugin/TestExit.pm", + "usr/share/perl5/core_perl/Test2/Manual/Tooling/Plugin/TestingDone.pm", + "usr/share/perl5/core_perl/Test2/Manual/Tooling/Plugin/ToolCompletes.pm", + "usr/share/perl5/core_perl/Test2/Manual/Tooling/Plugin/ToolStarts.pm", + "usr/share/perl5/core_perl/Test2/Plugin/BailOnFail.pm", + "usr/share/perl5/core_perl/Test2/Plugin/DieOnFail.pm", + "usr/share/perl5/core_perl/Test2/Plugin/ExitSummary.pm", + "usr/share/perl5/core_perl/Test2/Plugin/SRand.pm", + "usr/share/perl5/core_perl/Test2/Plugin/Times.pm", + "usr/share/perl5/core_perl/Test2/Plugin/UTF8.pm", + "usr/share/perl5/core_perl/Test2/Require/AuthorTesting.pm", + "usr/share/perl5/core_perl/Test2/Require/AutomatedTesting.pm", + "usr/share/perl5/core_perl/Test2/Require/EnvVar.pm", + "usr/share/perl5/core_perl/Test2/Require/ExtendedTesting.pm", + "usr/share/perl5/core_perl/Test2/Require/Fork.pm", + "usr/share/perl5/core_perl/Test2/Require/Module.pm", + "usr/share/perl5/core_perl/Test2/Require/NonInteractiveTesting.pm", + "usr/share/perl5/core_perl/Test2/Require/Perl.pm", + "usr/share/perl5/core_perl/Test2/Require/RealFork.pm", + "usr/share/perl5/core_perl/Test2/Require/ReleaseTesting.pm", + "usr/share/perl5/core_perl/Test2/Require/Threads.pm", + "usr/share/perl5/core_perl/Test2/Tools/AsyncSubtest.pm", + "usr/share/perl5/core_perl/Test2/Tools/Basic.pm", + "usr/share/perl5/core_perl/Test2/Tools/Class.pm", + "usr/share/perl5/core_perl/Test2/Tools/ClassicCompare.pm", + "usr/share/perl5/core_perl/Test2/Tools/Compare.pm", + "usr/share/perl5/core_perl/Test2/Tools/Defer.pm", + "usr/share/perl5/core_perl/Test2/Tools/Encoding.pm", + "usr/share/perl5/core_perl/Test2/Tools/Event.pm", + "usr/share/perl5/core_perl/Test2/Tools/Exception.pm", + "usr/share/perl5/core_perl/Test2/Tools/Exports.pm", + "usr/share/perl5/core_perl/Test2/Tools/GenTemp.pm", + "usr/share/perl5/core_perl/Test2/Tools/Grab.pm", + "usr/share/perl5/core_perl/Test2/Tools/Mock.pm", + "usr/share/perl5/core_perl/Test2/Tools/Ref.pm", + "usr/share/perl5/core_perl/Test2/Tools/Refcount.pm", + "usr/share/perl5/core_perl/Test2/Tools/Spec.pm", + "usr/share/perl5/core_perl/Test2/Tools/Subtest.pm", + "usr/share/perl5/core_perl/Test2/Tools/Target.pm", + "usr/share/perl5/core_perl/Test2/Tools/Tester.pm", + "usr/share/perl5/core_perl/Test2/Tools/Tiny.pm", + "usr/share/perl5/core_perl/Test2/Tools/Warnings.pm", + "usr/share/perl5/core_perl/Test2/Util/ExternalMeta.pm", + "usr/share/perl5/core_perl/Test2/Util/Facets2Legacy.pm", + "usr/share/perl5/core_perl/Test2/Util/Grabber.pm", + "usr/share/perl5/core_perl/Test2/Util/Guard.pm", + "usr/share/perl5/core_perl/Test2/Util/HashBase.pm", + "usr/share/perl5/core_perl/Test2/Util/Importer.pm", + "usr/share/perl5/core_perl/Test2/Util/Ref.pm", + "usr/share/perl5/core_perl/Test2/Util/Sig.pm", + "usr/share/perl5/core_perl/Test2/Util/Stash.pm", + "usr/share/perl5/core_perl/Test2/Util/Sub.pm", + "usr/share/perl5/core_perl/Test2/Util/Table.pm", + "usr/share/perl5/core_perl/Test2/Util/Term.pm", + "usr/share/perl5/core_perl/Test2/Util/Times.pm", + "usr/share/perl5/core_perl/Test2/Util/Trace.pm", + "usr/share/perl5/core_perl/Test2/Util/Table/Cell.pm", + "usr/share/perl5/core_perl/Test2/Util/Table/LineBreak.pm", + "usr/share/perl5/core_perl/Test2/Workflow/BlockBase.pm", + "usr/share/perl5/core_perl/Test2/Workflow/Build.pm", + "usr/share/perl5/core_perl/Test2/Workflow/Runner.pm", + "usr/share/perl5/core_perl/Test2/Workflow/Task.pm", + "usr/share/perl5/core_perl/Test2/Workflow/Task/Action.pm", + "usr/share/perl5/core_perl/Test2/Workflow/Task/Group.pm", + "usr/share/perl5/core_perl/Text/Abbrev.pm", + "usr/share/perl5/core_perl/Text/Balanced.pm", + "usr/share/perl5/core_perl/Text/ParseWords.pm", + "usr/share/perl5/core_perl/Text/Tabs.pm", + "usr/share/perl5/core_perl/Text/Wrap.pm", + "usr/share/perl5/core_perl/Thread/Queue.pm", + "usr/share/perl5/core_perl/Thread/Semaphore.pm", + "usr/share/perl5/core_perl/Tie/Array.pm", + "usr/share/perl5/core_perl/Tie/File.pm", + "usr/share/perl5/core_perl/Tie/Handle.pm", + "usr/share/perl5/core_perl/Tie/Hash.pm", + "usr/share/perl5/core_perl/Tie/Memoize.pm", + "usr/share/perl5/core_perl/Tie/RefHash.pm", + "usr/share/perl5/core_perl/Tie/Scalar.pm", + "usr/share/perl5/core_perl/Tie/StdHandle.pm", + "usr/share/perl5/core_perl/Tie/SubstrHash.pm", + "usr/share/perl5/core_perl/Tie/Hash/NamedCapture.pm", + "usr/share/perl5/core_perl/Time/Local.pm", + "usr/share/perl5/core_perl/Time/gmtime.pm", + "usr/share/perl5/core_perl/Time/localtime.pm", + "usr/share/perl5/core_perl/Time/tm.pm", + "usr/share/perl5/core_perl/Unicode/UCD.pm", + "usr/share/perl5/core_perl/Unicode/Collate/allkeys.txt", + "usr/share/perl5/core_perl/Unicode/Collate/keys.txt", + "usr/share/perl5/core_perl/Unicode/Collate/CJK/Big5.pm", + "usr/share/perl5/core_perl/Unicode/Collate/CJK/GB2312.pm", + "usr/share/perl5/core_perl/Unicode/Collate/CJK/JISX0208.pm", + "usr/share/perl5/core_perl/Unicode/Collate/CJK/Korean.pm", + "usr/share/perl5/core_perl/Unicode/Collate/CJK/Pinyin.pm", + "usr/share/perl5/core_perl/Unicode/Collate/CJK/Stroke.pm", + "usr/share/perl5/core_perl/Unicode/Collate/CJK/Zhuyin.pm", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/af.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/ar.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/as.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/az.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/be.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/bn.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/ca.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/cs.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/cu.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/cy.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/da.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/de_at_ph.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/de_phone.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/dsb.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/ee.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/eo.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/es.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/es_trad.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/et.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/fa.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/fi.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/fi_phone.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/fil.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/fo.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/fr_ca.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/gu.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/ha.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/haw.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/he.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/hi.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/hr.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/hu.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/hy.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/ig.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/is.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/ja.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/kk.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/kl.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/kn.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/ko.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/kok.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/lkt.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/ln.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/lt.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/lv.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/mk.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/ml.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/mr.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/mt.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/nb.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/nn.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/nso.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/om.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/or.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/pa.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/pl.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/ro.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/sa.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/se.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/si.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/si_dict.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/sk.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/sl.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/sq.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/sr.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/sv.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/sv_refo.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/ta.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/te.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/th.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/tn.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/to.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/tr.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/ug_cyrl.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/uk.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/ur.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/vi.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/vo.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/wae.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/wo.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/yo.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/zh.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/zh_big5.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/zh_gb.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/zh_pin.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/zh_strk.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/zh_zhu.pl", + "usr/share/perl5/core_perl/User/grent.pm", + "usr/share/perl5/core_perl/User/pwent.pm", + "usr/share/perl5/core_perl/autodie/Util.pm", + "usr/share/perl5/core_perl/autodie/exception.pm", + "usr/share/perl5/core_perl/autodie/hints.pm", + "usr/share/perl5/core_perl/autodie/skip.pm", + "usr/share/perl5/core_perl/autodie/Scope/Guard.pm", + "usr/share/perl5/core_perl/autodie/Scope/GuardStack.pm", + "usr/share/perl5/core_perl/autodie/exception/system.pm", + "usr/share/perl5/core_perl/encoding/warnings.pm", + "usr/share/perl5/core_perl/overload/numbers.pm", + "usr/share/perl5/core_perl/source/encoding.pm", + "usr/share/perl5/core_perl/unicore/Blocks.txt", + "usr/share/perl5/core_perl/unicore/CombiningClass.pl", + "usr/share/perl5/core_perl/unicore/Decomposition.pl", + "usr/share/perl5/core_perl/unicore/Name.pl", + "usr/share/perl5/core_perl/unicore/Name.pm", + "usr/share/perl5/core_perl/unicore/NamedSequences.txt", + "usr/share/perl5/core_perl/unicore/SpecialCasing.txt", + "usr/share/perl5/core_perl/unicore/TestNorm.pl", + "usr/share/perl5/core_perl/unicore/UCD.pl", + "usr/share/perl5/core_perl/unicore/uni_keywords.pl", + "usr/share/perl5/core_perl/unicore/version", + "usr/share/perl5/core_perl/unicore/To/Age.pl", + "usr/share/perl5/core_perl/unicore/To/Bc.pl", + "usr/share/perl5/core_perl/unicore/To/Bmg.pl", + "usr/share/perl5/core_perl/unicore/To/Bpb.pl", + "usr/share/perl5/core_perl/unicore/To/Bpt.pl", + "usr/share/perl5/core_perl/unicore/To/Cf.pl", + "usr/share/perl5/core_perl/unicore/To/Ea.pl", + "usr/share/perl5/core_perl/unicore/To/EqUIdeo.pl", + "usr/share/perl5/core_perl/unicore/To/GCB.pl", + "usr/share/perl5/core_perl/unicore/To/Gc.pl", + "usr/share/perl5/core_perl/unicore/To/Hst.pl", + "usr/share/perl5/core_perl/unicore/To/Identif2.pl", + "usr/share/perl5/core_perl/unicore/To/Identifi.pl", + "usr/share/perl5/core_perl/unicore/To/InCB.pl", + "usr/share/perl5/core_perl/unicore/To/InPC.pl", + "usr/share/perl5/core_perl/unicore/To/InSC.pl", + "usr/share/perl5/core_perl/unicore/To/Isc.pl", + "usr/share/perl5/core_perl/unicore/To/Jg.pl", + "usr/share/perl5/core_perl/unicore/To/Jt.pl", + "usr/share/perl5/core_perl/unicore/To/Lb.pl", + "usr/share/perl5/core_perl/unicore/To/Lc.pl", + "usr/share/perl5/core_perl/unicore/To/NFCQC.pl", + "usr/share/perl5/core_perl/unicore/To/NFDQC.pl", + "usr/share/perl5/core_perl/unicore/To/NFKCCF.pl", + "usr/share/perl5/core_perl/unicore/To/NFKCQC.pl", + "usr/share/perl5/core_perl/unicore/To/NFKCSCF.pl", + "usr/share/perl5/core_perl/unicore/To/NFKDQC.pl", + "usr/share/perl5/core_perl/unicore/To/Na1.pl", + "usr/share/perl5/core_perl/unicore/To/NameAlia.pl", + "usr/share/perl5/core_perl/unicore/To/Nt.pl", + "usr/share/perl5/core_perl/unicore/To/Nv.pl", + "usr/share/perl5/core_perl/unicore/To/PerlDeci.pl", + "usr/share/perl5/core_perl/unicore/To/SB.pl", + "usr/share/perl5/core_perl/unicore/To/Sc.pl", + "usr/share/perl5/core_perl/unicore/To/Scx.pl", + "usr/share/perl5/core_perl/unicore/To/Tc.pl", + "usr/share/perl5/core_perl/unicore/To/Uc.pl", + "usr/share/perl5/core_perl/unicore/To/Vo.pl", + "usr/share/perl5/core_perl/unicore/To/WB.pl", + "usr/share/perl5/core_perl/unicore/To/_PerlLB.pl", + "usr/share/perl5/core_perl/unicore/To/_PerlSCX.pl", + "usr/share/perl5/core_perl/unicore/To/kEHCat.pl", + "usr/share/perl5/core_perl/unicore/To/kEHCore.pl", + "usr/share/perl5/core_perl/unicore/To/kEHDesc.pl", + "usr/share/perl5/core_perl/unicore/To/kEHFVal.pl", + "usr/share/perl5/core_perl/unicore/To/kEHFunc.pl", + "usr/share/perl5/core_perl/unicore/To/kEHHG.pl", + "usr/share/perl5/core_perl/unicore/To/kEHIFAO.pl", + "usr/share/perl5/core_perl/unicore/To/kEHJSesh.pl", + "usr/share/perl5/core_perl/unicore/To/kEHUniK.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/NA.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V100.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V11.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V110.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V120.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V130.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V140.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V150.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V160.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V20.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V30.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V31.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V32.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V40.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V41.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V50.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V51.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V52.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V60.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V61.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V70.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V80.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V90.pl", + "usr/share/perl5/core_perl/unicore/lib/Alpha/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Bc/AL.pl", + "usr/share/perl5/core_perl/unicore/lib/Bc/AN.pl", + "usr/share/perl5/core_perl/unicore/lib/Bc/B.pl", + "usr/share/perl5/core_perl/unicore/lib/Bc/BN.pl", + "usr/share/perl5/core_perl/unicore/lib/Bc/CS.pl", + "usr/share/perl5/core_perl/unicore/lib/Bc/EN.pl", + "usr/share/perl5/core_perl/unicore/lib/Bc/ES.pl", + "usr/share/perl5/core_perl/unicore/lib/Bc/ET.pl", + "usr/share/perl5/core_perl/unicore/lib/Bc/L.pl", + "usr/share/perl5/core_perl/unicore/lib/Bc/NSM.pl", + "usr/share/perl5/core_perl/unicore/lib/Bc/ON.pl", + "usr/share/perl5/core_perl/unicore/lib/Bc/R.pl", + "usr/share/perl5/core_perl/unicore/lib/Bc/WS.pl", + "usr/share/perl5/core_perl/unicore/lib/BidiC/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/BidiM/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Blk/NB.pl", + "usr/share/perl5/core_perl/unicore/lib/Bpt/C.pl", + "usr/share/perl5/core_perl/unicore/lib/Bpt/N.pl", + "usr/share/perl5/core_perl/unicore/lib/Bpt/O.pl", + "usr/share/perl5/core_perl/unicore/lib/CE/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/CI/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/CWCF/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/CWCM/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/CWKCF/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/CWL/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/CWT/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/CWU/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Cased/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Ccc/A.pl", + "usr/share/perl5/core_perl/unicore/lib/Ccc/AL.pl", + "usr/share/perl5/core_perl/unicore/lib/Ccc/AR.pl", + "usr/share/perl5/core_perl/unicore/lib/Ccc/ATAR.pl", + "usr/share/perl5/core_perl/unicore/lib/Ccc/B.pl", + "usr/share/perl5/core_perl/unicore/lib/Ccc/BR.pl", + "usr/share/perl5/core_perl/unicore/lib/Ccc/DB.pl", + "usr/share/perl5/core_perl/unicore/lib/Ccc/NK.pl", + "usr/share/perl5/core_perl/unicore/lib/Ccc/NR.pl", + "usr/share/perl5/core_perl/unicore/lib/Ccc/OV.pl", + "usr/share/perl5/core_perl/unicore/lib/Ccc/VR.pl", + "usr/share/perl5/core_perl/unicore/lib/CompEx/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/DI/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Dash/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Dep/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Dia/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Dt/Com.pl", + "usr/share/perl5/core_perl/unicore/lib/Dt/Enc.pl", + "usr/share/perl5/core_perl/unicore/lib/Dt/Fin.pl", + "usr/share/perl5/core_perl/unicore/lib/Dt/Font.pl", + "usr/share/perl5/core_perl/unicore/lib/Dt/Init.pl", + "usr/share/perl5/core_perl/unicore/lib/Dt/Iso.pl", + "usr/share/perl5/core_perl/unicore/lib/Dt/Med.pl", + "usr/share/perl5/core_perl/unicore/lib/Dt/Nar.pl", + "usr/share/perl5/core_perl/unicore/lib/Dt/Nb.pl", + "usr/share/perl5/core_perl/unicore/lib/Dt/NonCanon.pl", + "usr/share/perl5/core_perl/unicore/lib/Dt/Sqr.pl", + "usr/share/perl5/core_perl/unicore/lib/Dt/Sub.pl", + "usr/share/perl5/core_perl/unicore/lib/Dt/Sup.pl", + "usr/share/perl5/core_perl/unicore/lib/Dt/Vert.pl", + "usr/share/perl5/core_perl/unicore/lib/EBase/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/EComp/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/EPres/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Ea/A.pl", + "usr/share/perl5/core_perl/unicore/lib/Ea/H.pl", + "usr/share/perl5/core_perl/unicore/lib/Ea/N.pl", + "usr/share/perl5/core_perl/unicore/lib/Ea/Na.pl", + "usr/share/perl5/core_perl/unicore/lib/Ea/W.pl", + "usr/share/perl5/core_perl/unicore/lib/Emoji/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Ext/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/ExtPict/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/GCB/CN.pl", + "usr/share/perl5/core_perl/unicore/lib/GCB/EX.pl", + "usr/share/perl5/core_perl/unicore/lib/GCB/LV.pl", + "usr/share/perl5/core_perl/unicore/lib/GCB/LVT.pl", + "usr/share/perl5/core_perl/unicore/lib/GCB/PP.pl", + "usr/share/perl5/core_perl/unicore/lib/GCB/SM.pl", + "usr/share/perl5/core_perl/unicore/lib/GCB/V.pl", + "usr/share/perl5/core_perl/unicore/lib/GCB/XX.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/C.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Cf.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Cn.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/L.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/LC.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Ll.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Lm.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Lo.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Lu.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/M.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Mc.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Me.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Mn.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/N.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Nd.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Nl.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/No.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/P.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Pc.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Pd.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Pe.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Pf.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Pi.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Po.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Ps.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/S.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Sc.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Sk.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Sm.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/So.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Z.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Zs.pl", + "usr/share/perl5/core_perl/unicore/lib/GrBase/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/GrExt/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Hex/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Hst/NA.pl", + "usr/share/perl5/core_perl/unicore/lib/Hyphen/T.pl", + "usr/share/perl5/core_perl/unicore/lib/IDC/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/IDCMContinue/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/IDCMStart/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/IDS/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/IdStatus/Allowed.pl", + "usr/share/perl5/core_perl/unicore/lib/IdStatus/Restrict.pl", + "usr/share/perl5/core_perl/unicore/lib/IdType/DefaultI.pl", + "usr/share/perl5/core_perl/unicore/lib/IdType/Exclusio.pl", + "usr/share/perl5/core_perl/unicore/lib/IdType/Inclusio.pl", + "usr/share/perl5/core_perl/unicore/lib/IdType/LimitedU.pl", + "usr/share/perl5/core_perl/unicore/lib/IdType/NotChara.pl", + "usr/share/perl5/core_perl/unicore/lib/IdType/NotNFKC.pl", + "usr/share/perl5/core_perl/unicore/lib/IdType/NotXID.pl", + "usr/share/perl5/core_perl/unicore/lib/IdType/Obsolete.pl", + "usr/share/perl5/core_perl/unicore/lib/IdType/Recommen.pl", + "usr/share/perl5/core_perl/unicore/lib/IdType/Technica.pl", + "usr/share/perl5/core_perl/unicore/lib/IdType/Uncommon.pl", + "usr/share/perl5/core_perl/unicore/lib/Ideo/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/In/10_0.pl", + "usr/share/perl5/core_perl/unicore/lib/In/11_0.pl", + "usr/share/perl5/core_perl/unicore/lib/In/12_0.pl", + "usr/share/perl5/core_perl/unicore/lib/In/12_1.pl", + "usr/share/perl5/core_perl/unicore/lib/In/13_0.pl", + "usr/share/perl5/core_perl/unicore/lib/In/14_0.pl", + "usr/share/perl5/core_perl/unicore/lib/In/15_0.pl", + "usr/share/perl5/core_perl/unicore/lib/In/15_1.pl", + "usr/share/perl5/core_perl/unicore/lib/In/16_0.pl", + "usr/share/perl5/core_perl/unicore/lib/In/2_0.pl", + "usr/share/perl5/core_perl/unicore/lib/In/2_1.pl", + "usr/share/perl5/core_perl/unicore/lib/In/3_0.pl", + "usr/share/perl5/core_perl/unicore/lib/In/3_1.pl", + "usr/share/perl5/core_perl/unicore/lib/In/3_2.pl", + "usr/share/perl5/core_perl/unicore/lib/In/4_0.pl", + "usr/share/perl5/core_perl/unicore/lib/In/4_1.pl", + "usr/share/perl5/core_perl/unicore/lib/In/5_0.pl", + "usr/share/perl5/core_perl/unicore/lib/In/5_1.pl", + "usr/share/perl5/core_perl/unicore/lib/In/5_2.pl", + "usr/share/perl5/core_perl/unicore/lib/In/6_0.pl", + "usr/share/perl5/core_perl/unicore/lib/In/6_1.pl", + "usr/share/perl5/core_perl/unicore/lib/In/6_2.pl", + "usr/share/perl5/core_perl/unicore/lib/In/6_3.pl", + "usr/share/perl5/core_perl/unicore/lib/In/7_0.pl", + "usr/share/perl5/core_perl/unicore/lib/In/8_0.pl", + "usr/share/perl5/core_perl/unicore/lib/In/9_0.pl", + "usr/share/perl5/core_perl/unicore/lib/InCB/Consonan.pl", + "usr/share/perl5/core_perl/unicore/lib/InCB/Extend.pl", + "usr/share/perl5/core_perl/unicore/lib/InCB/Linker.pl", + "usr/share/perl5/core_perl/unicore/lib/InCB/None.pl", + "usr/share/perl5/core_perl/unicore/lib/InPC/Bottom.pl", + "usr/share/perl5/core_perl/unicore/lib/InPC/BottomAn.pl", + "usr/share/perl5/core_perl/unicore/lib/InPC/Left.pl", + "usr/share/perl5/core_perl/unicore/lib/InPC/LeftAndR.pl", + "usr/share/perl5/core_perl/unicore/lib/InPC/NA.pl", + "usr/share/perl5/core_perl/unicore/lib/InPC/Overstru.pl", + "usr/share/perl5/core_perl/unicore/lib/InPC/Right.pl", + "usr/share/perl5/core_perl/unicore/lib/InPC/Top.pl", + "usr/share/perl5/core_perl/unicore/lib/InPC/TopAndBo.pl", + "usr/share/perl5/core_perl/unicore/lib/InPC/TopAndL2.pl", + "usr/share/perl5/core_perl/unicore/lib/InPC/TopAndLe.pl", + "usr/share/perl5/core_perl/unicore/lib/InPC/TopAndRi.pl", + "usr/share/perl5/core_perl/unicore/lib/InPC/VisualOr.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Avagraha.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Bindu.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Cantilla.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Consona2.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Consona3.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Consona4.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Consona5.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Consona6.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Consona7.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Consona8.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Consona9.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Consonan.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Geminati.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Invisibl.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Nukta.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Number.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Other.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/PureKill.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Syllable.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/ToneMark.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Virama.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Visarga.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Vowel.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/VowelDep.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/VowelInd.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Ain.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Alef.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Beh.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Dal.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/FarsiYeh.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Feh.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Gaf.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Hah.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/HanifiRo.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Kaf.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Lam.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/NoJoinin.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Noon.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Qaf.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Reh.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Sad.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Seen.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Tah.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Waw.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Yeh.pl", + "usr/share/perl5/core_perl/unicore/lib/Jt/C.pl", + "usr/share/perl5/core_perl/unicore/lib/Jt/D.pl", + "usr/share/perl5/core_perl/unicore/lib/Jt/L.pl", + "usr/share/perl5/core_perl/unicore/lib/Jt/R.pl", + "usr/share/perl5/core_perl/unicore/lib/Jt/T.pl", + "usr/share/perl5/core_perl/unicore/lib/Jt/U.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/AI.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/AK.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/AL.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/AP.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/AS.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/BA.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/BB.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/CJ.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/CL.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/CM.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/CP.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/EX.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/GL.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/ID.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/IN.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/IS.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/NS.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/NU.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/OP.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/PO.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/PR.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/QU.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/SA.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/VI.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/XX.pl", + "usr/share/perl5/core_perl/unicore/lib/Lower/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/MCM/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Math/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/NFCQC/M.pl", + "usr/share/perl5/core_perl/unicore/lib/NFCQC/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/NFDQC/N.pl", + "usr/share/perl5/core_perl/unicore/lib/NFDQC/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/NFKCQC/N.pl", + "usr/share/perl5/core_perl/unicore/lib/NFKCQC/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/NFKDQC/N.pl", + "usr/share/perl5/core_perl/unicore/lib/NFKDQC/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Nt/Di.pl", + "usr/share/perl5/core_perl/unicore/lib/Nt/None.pl", + "usr/share/perl5/core_perl/unicore/lib/Nt/Nu.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/0.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/1.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/10.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/100.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/1000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/10000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/100000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/11.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/12.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/13.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/14.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/15.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/16.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/17.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/18.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/19.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/1_16.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/1_2.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/1_3.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/1_4.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/1_6.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/1_8.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/2.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/20.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/200.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/2000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/20000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/2_3.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/3.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/30.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/300.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/3000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/30000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/3_16.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/3_4.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/4.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/40.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/400.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/4000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/40000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/5.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/50.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/500.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/5000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/50000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/6.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/60.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/600.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/6000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/60000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/7.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/70.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/700.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/7000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/70000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/8.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/80.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/800.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/8000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/80000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/9.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/90.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/900.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/9000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/90000.pl", + "usr/share/perl5/core_perl/unicore/lib/PCM/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/PatSyn/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/Alnum.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/Assigned.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/Blank.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/Graph.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/PerlWord.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/PosixPun.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/Print.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/SpacePer.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/Title.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/Word.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/XPosixPu.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlAny.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlCh2.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlCha.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlFol.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlIDC.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlIDS.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlIsI.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlNch.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlPat.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlPr2.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlPro.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlQuo.pl", + "usr/share/perl5/core_perl/unicore/lib/QMark/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/SB/AT.pl", + "usr/share/perl5/core_perl/unicore/lib/SB/CL.pl", + "usr/share/perl5/core_perl/unicore/lib/SB/EX.pl", + "usr/share/perl5/core_perl/unicore/lib/SB/FO.pl", + "usr/share/perl5/core_perl/unicore/lib/SB/LE.pl", + "usr/share/perl5/core_perl/unicore/lib/SB/LO.pl", + "usr/share/perl5/core_perl/unicore/lib/SB/NU.pl", + "usr/share/perl5/core_perl/unicore/lib/SB/SC.pl", + "usr/share/perl5/core_perl/unicore/lib/SB/ST.pl", + "usr/share/perl5/core_perl/unicore/lib/SB/Sp.pl", + "usr/share/perl5/core_perl/unicore/lib/SB/UP.pl", + "usr/share/perl5/core_perl/unicore/lib/SB/XX.pl", + "usr/share/perl5/core_perl/unicore/lib/SD/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/STerm/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Arab.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Armn.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Beng.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Cprt.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Cyrl.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Deva.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Dupl.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Ethi.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Geor.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Glag.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Gong.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Gonm.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Gran.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Grek.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Gujr.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Guru.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Han.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Hang.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Hebr.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Hira.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Kana.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Knda.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Latn.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Limb.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Linb.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Mlym.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Mong.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Mult.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Mymr.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Orya.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Sinh.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Syrc.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Taml.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Tang.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Telu.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Tibt.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Tutg.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Zinh.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Zyyy.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Adlm.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Aghb.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Arab.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Armn.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Avst.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Beng.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Bhks.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Bopo.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Cakm.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Cari.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Cham.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Cher.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Copt.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Cprt.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Cyrl.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Deva.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Diak.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Dupl.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Ethi.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Gara.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Geor.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Glag.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Gong.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Gonm.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Goth.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Gran.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Grek.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Gujr.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Guru.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Han.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Hang.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Hebr.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Hira.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Hmng.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Hmnp.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Hung.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Kana.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Khar.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Khmr.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Khoj.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Knda.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Kthi.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Lana.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Lao.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Latn.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Limb.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Lina.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Linb.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Lisu.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Lydi.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Mahj.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Mlym.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Mong.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Mult.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Mymr.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Nand.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Nko.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Orya.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Osge.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Perm.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Phag.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Phlp.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Rohg.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Shrd.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Sind.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Sinh.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Sunu.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Syrc.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Tagb.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Takr.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Tale.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Talu.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Taml.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Tang.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Telu.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Tfng.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Thaa.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Thai.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Tibt.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Tirh.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Todr.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Tutg.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Vith.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Xsux.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Yezi.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Yi.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Zinh.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Zyyy.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Zzzz.pl", + "usr/share/perl5/core_perl/unicore/lib/Term/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/UIdeo/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Upper/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/VS/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Vo/R.pl", + "usr/share/perl5/core_perl/unicore/lib/Vo/Tr.pl", + "usr/share/perl5/core_perl/unicore/lib/Vo/Tu.pl", + "usr/share/perl5/core_perl/unicore/lib/Vo/U.pl", + "usr/share/perl5/core_perl/unicore/lib/WB/EX.pl", + "usr/share/perl5/core_perl/unicore/lib/WB/Extend.pl", + "usr/share/perl5/core_perl/unicore/lib/WB/FO.pl", + "usr/share/perl5/core_perl/unicore/lib/WB/HL.pl", + "usr/share/perl5/core_perl/unicore/lib/WB/KA.pl", + "usr/share/perl5/core_perl/unicore/lib/WB/LE.pl", + "usr/share/perl5/core_perl/unicore/lib/WB/MB.pl", + "usr/share/perl5/core_perl/unicore/lib/WB/ML.pl", + "usr/share/perl5/core_perl/unicore/lib/WB/MN.pl", + "usr/share/perl5/core_perl/unicore/lib/WB/NU.pl", + "usr/share/perl5/core_perl/unicore/lib/WB/WSegSpac.pl", + "usr/share/perl5/core_perl/unicore/lib/WB/XX.pl", + "usr/share/perl5/core_perl/unicore/lib/XIDC/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/XIDS/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/kEHNoMirror/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/kEHNoRotate/Y.pl", + "usr/share/perl5/core_perl/version/regex.pm", + "usr/share/perl5/core_perl/warnings/register.pm", + "var/lib/db/sbom/perl-5.42.2-r0.spdx.json" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "stunnel@5.78-r1", + "Name": "stunnel", + "Identifier": { + "PURL": "pkg:apk/wolfi/stunnel@5.78-r1?arch=x86_64\u0026distro=20230201", + "UID": "701651e21b793377" + }, + "Version": "5.78-r1", + "Arch": "x86_64", + "SrcName": "stunnel", + "SrcVersion": "5.78-r1", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "wolfi", + "DependsOn": [ + "glibc@2.43-r7", + "ld-linux@2.43-r7", + "libcrypto3@3.6.2-r5", + "libgcc@16.1.0-r1", + "libssl3@3.6.2-r5", + "perl@5.42.2-r0" + ], + "Layer": { + "Digest": "sha256:3dcb254820f5eabdf1fc2319a73184c051cbc56d72886c40e6cd0b43033579c7", + "DiffID": "sha256:6dc90485e72e44afeb1ecab592900e898164c016d33125161b308c8bcfa53cf9" + }, + "Digest": "sha1:47b7507db0dec5bf8edfa5ba2bb63540e14dac84", + "InstalledFiles": [ + "etc/stunnel/stunnel.conf-sample", + "usr/bin/stunnel", + "usr/bin/stunnel3", + "usr/lib/stunnel/libstunnel.so", + "var/lib/db/sbom/stunnel-5.78-r1.spdx.json" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "wolfi-baselayout@20230201-r29", + "Name": "wolfi-baselayout", + "Identifier": { + "PURL": "pkg:apk/wolfi/wolfi-baselayout@20230201-r29?arch=x86_64\u0026distro=20230201", + "UID": "c978bcececcb7891" + }, + "Version": "20230201-r29", + "Arch": "x86_64", + "SrcName": "wolfi-baselayout", + "SrcVersion": "20230201-r29", + "Licenses": [ + "MIT" + ], + "Maintainer": "wolfi", + "DependsOn": [ + "ca-certificates-bundle@20260413-r0" + ], + "Layer": { + "Digest": "sha256:57ba55784e2887043227b53d1ee2788722aae8a9c66b20723e1dfb801c8ce471", + "DiffID": "sha256:711f72ded0c5f10478ebf93fdd6d6a47ac484a232ef709c52e67315d4af006d9" + }, + "Digest": "sha1:9b1560903e3eaf5712512796a3a0a5920351d480", + "InstalledFiles": [ + "bin", + "lib", + "lib64", + "sbin", + "etc/group", + "etc/host.conf", + "etc/hosts", + "etc/mtab", + "etc/nsswitch.conf", + "etc/os-release", + "etc/passwd", + "etc/profile", + "etc/protocols", + "etc/services", + "etc/shadow", + "etc/shells", + "etc/profile.d/locale.sh", + "etc/secfixes.d/wolfi", + "usr/lib64", + "usr/sbin", + "usr/tmp", + "usr/local/lib64", + "var/lock", + "var/run", + "var/lib/db/sbom/wolfi-baselayout-20230201-r29.spdx.json", + "var/spool/mail" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "zlib@1.3.2-r3", + "Name": "zlib", + "Identifier": { + "PURL": "pkg:apk/wolfi/zlib@1.3.2-r3?arch=x86_64\u0026distro=20230201", + "UID": "a4285aa49545e56a" + }, + "Version": "1.3.2-r3", + "Arch": "x86_64", + "SrcName": "zlib", + "SrcVersion": "1.3.2-r3", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "wolfi", + "DependsOn": [ + "glibc@2.43-r7", + "wolfi-baselayout@20230201-r29" + ], + "Layer": { + "Digest": "sha256:8d99fd8fea9c370971ba3ab2ab453586d6a437c40211fea16fdb1445d876e907", + "DiffID": "sha256:90cfe0bd8cd693b2ee91b94108fc47f023d82edc00e57352ab6635d827b33505" + }, + "Digest": "sha1:77ec609e1bf6aa69a7c94a6420430bbff09c7edb", + "InstalledFiles": [ + "usr/lib/libz.so.1", + "usr/lib/libz.so.1.3.2", + "var/lib/db/sbom/zlib-1.3.2-r3.spdx.json" + ], + "AnalyzedBy": "apk" + } + ] + } + ] + }, + { + "Namespace": "mail", + "Kind": "Deployment", + "Name": "fetch-emails", + "Metadata": [ + { + "Size": 66686464, + "OS": { + "Family": "alpine", + "Name": "3.21.3" + }, + "ImageID": "sha256:e81f1e4864b5a5d0085563b2f8ac22cfbf685f46e966f0b4bb1fc3f5d561dce5", + "DiffIDs": [ + "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350", + "sha256:052b772c7a047144fe9764df3fe0bc683abd5b2d212494aef4054f5a91f36b16", + "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec", + "sha256:336e6a290569e2248d824031e4508cc6b6198e244de975b12299b3d16ae9b243", + "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616", + "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" + ], + "RepoTags": [ + "a13labs/getmail6:v0.0.1-6.19.07" + ], + "RepoDigests": [ + "a13labs/getmail6@sha256:ac45401edb9706078970d1fe8c47c3a96007f25e8f29e29c3b5fccd77ae33afa" + ], + "Reference": "a13labs/getmail6:v0.0.1-6.19.07", + "ImageConfig": { + "architecture": "amd64", + "created": "2025-03-14T18:06:28.21033543Z", + "history": [ + { + "created": "2025-02-04T23:51:20Z", + "created_by": "ADD alpine-minirootfs-3.21.3-x86_64.tar.gz / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-02-04T23:51:20Z", + "created_by": "CMD [\"/bin/sh\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-02-04T23:51:20Z", + "created_by": "ENV PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-02-04T23:51:20Z", + "created_by": "RUN /bin/sh -c set -eux; \tapk add --no-cache \t\tca-certificates \t\ttzdata \t; # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-02-04T23:51:20Z", + "created_by": "ENV GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-02-04T23:51:20Z", + "created_by": "ENV PYTHON_VERSION=3.13.2", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-02-04T23:51:20Z", + "created_by": "ENV PYTHON_SHA256=d984bcc57cd67caab26f7def42e523b1c015bbc5dc07836cf4f0b63fa159eb56", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-02-04T23:51:20Z", + "created_by": "RUN /bin/sh -c set -eux; \t\tapk add --no-cache --virtual .build-deps \t\tgnupg \t\ttar \t\txz \t\t\t\tbluez-dev \t\tbzip2-dev \t\tdpkg-dev dpkg \t\tfindutils \t\tgcc \t\tgdbm-dev \t\tlibc-dev \t\tlibffi-dev \t\tlibnsl-dev \t\tlibtirpc-dev \t\tlinux-headers \t\tmake \t\tncurses-dev \t\topenssl-dev \t\tpax-utils \t\treadline-dev \t\tsqlite-dev \t\ttcl-dev \t\ttk \t\ttk-dev \t\tutil-linux-dev \t\txz-dev \t\tzlib-dev \t; \t\twget -O python.tar.xz \"https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz\"; \techo \"$PYTHON_SHA256 *python.tar.xz\" | sha256sum -c -; \twget -O python.tar.xz.asc \"https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc\"; \tGNUPGHOME=\"$(mktemp -d)\"; export GNUPGHOME; \tgpg --batch --keyserver hkps://keys.openpgp.org --recv-keys \"$GPG_KEY\"; \tgpg --batch --verify python.tar.xz.asc python.tar.xz; \tgpgconf --kill all; \trm -rf \"$GNUPGHOME\" python.tar.xz.asc; \tmkdir -p /usr/src/python; \ttar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; \trm python.tar.xz; \t\tcd /usr/src/python; \tgnuArch=\"$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)\"; \t./configure \t\t--build=\"$gnuArch\" \t\t--enable-loadable-sqlite-extensions \t\t--enable-option-checking=fatal \t\t--enable-shared \t\t--with-lto \t\t--with-ensurepip \t; \tnproc=\"$(nproc)\"; \tEXTRA_CFLAGS=\"-DTHREAD_STACK_SIZE=0x100000\"; \tLDFLAGS=\"${LDFLAGS:--Wl},--strip-all\"; \t\tarch=\"$(apk --print-arch)\"; \t\tcase \"$arch\" in \t\t\tx86_64|aarch64) \t\t\t\tEXTRA_CFLAGS=\"${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer\"; \t\t\t\t;; \t\t\tx86) \t\t\t\t;; \t\t\t*) \t\t\t\tEXTRA_CFLAGS=\"${EXTRA_CFLAGS:-} -fno-omit-frame-pointer\"; \t\t\t\t;; \t\tesac; \tmake -j \"$nproc\" \t\t\"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}\" \t\t\"LDFLAGS=${LDFLAGS:-}\" \t; \trm python; \tmake -j \"$nproc\" \t\t\"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}\" \t\t\"LDFLAGS=${LDFLAGS:--Wl},-rpath='\\$\\$ORIGIN/../lib'\" \t\tpython \t; \tmake install; \t\tcd /; \trm -rf /usr/src/python; \t\tfind /usr/local -depth \t\t\\( \t\t\t\\( -type d -a \\( -name test -o -name tests -o -name idle_test \\) \\) \t\t\t-o \\( -type f -a \\( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \\) \\) \t\t\\) -exec rm -rf '{}' + \t; \t\tfind /usr/local -type f -executable -not \\( -name '*tkinter*' \\) -exec scanelf --needed --nobanner --format '%n#p' '{}' ';' \t\t| tr ',' '\\n' \t\t| sort -u \t\t| awk 'system(\"[ -e /usr/local/lib/\" $1 \" ]\") == 0 { next } { print \"so:\" $1 }' \t\t| xargs -rt apk add --no-network --virtual .python-rundeps \t; \tapk del --no-network .build-deps; \t\texport PYTHONDONTWRITEBYTECODE=1; \tpython3 --version; \tpip3 --version # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-02-04T23:51:20Z", + "created_by": "RUN /bin/sh -c set -eux; \tfor src in idle3 pip3 pydoc3 python3 python3-config; do \t\tdst=\"$(echo \"$src\" | tr -d 3)\"; \t\t[ -s \"/usr/local/bin/$src\" ]; \t\t[ ! -e \"/usr/local/bin/$dst\" ]; \t\tln -svT \"$src\" \"/usr/local/bin/$dst\"; \tdone # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-02-04T23:51:20Z", + "created_by": "CMD [\"python3\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-03-14T18:06:28.188478151Z", + "created_by": "ENV TZ=Europe/Brussels", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-03-14T18:06:28.188478151Z", + "created_by": "ARG USER_ID=1000", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-03-14T18:06:28.188478151Z", + "created_by": "ARG DUMB_INIT_VERSION=1.2.5", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-03-14T18:06:28.188478151Z", + "created_by": "RUN |2 USER_ID=1000 DUMB_INIT_VERSION=1.2.5 /bin/sh -c ln -snf /usr/share/zoneinfo/$TZ /etc/localtime \u0026\u0026 echo $TZ \u003e /etc/timezone \u0026\u0026 apk add --no-cache ca-certificates tzdata wget netcat-openbsd msmtp \u0026\u0026 pip install getmail6 \u0026\u0026 getmail --version \u0026\u0026 wget -O /usr/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v${DUMB_INIT_VERSION}/dumb-init_${DUMB_INIT_VERSION}_x86_64 \u0026\u0026 adduser -D -u $USER_ID getmail -s /bin/sh -h /getmail \u0026\u0026 chmod +x /usr/bin/dumb-init \u0026\u0026 mkdir -p /getmail \u0026\u0026 chown $USER_ID -R /getmail # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-03-14T18:06:28.188478151Z", + "created_by": "USER getmail", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-03-14T18:06:28.21033543Z", + "created_by": "WORKDIR /getmail", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-03-14T18:06:28.21033543Z", + "created_by": "ENTRYPOINT [\"/usr/bin/dumb-init\" \"getmail\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350", + "sha256:052b772c7a047144fe9764df3fe0bc683abd5b2d212494aef4054f5a91f36b16", + "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec", + "sha256:336e6a290569e2248d824031e4508cc6b6198e244de975b12299b3d16ae9b243", + "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616", + "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" + ] + }, + "config": { + "Entrypoint": [ + "/usr/bin/dumb-init", + "getmail" + ], + "Env": [ + "PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305", + "PYTHON_VERSION=3.13.2", + "PYTHON_SHA256=d984bcc57cd67caab26f7def42e523b1c015bbc5dc07836cf4f0b63fa159eb56", + "TZ=Europe/Brussels" + ], + "Labels": { + "org.opencontainers.image.created": "2025-03-14T18:06:06.734Z", + "org.opencontainers.image.description": "", + "org.opencontainers.image.licenses": "", + "org.opencontainers.image.revision": "11162bbf7ead5b2cf12e18e27dae4fb4eaaecbb8", + "org.opencontainers.image.source": "https://github.com/a13labs/getmail6", + "org.opencontainers.image.title": "getmail6", + "org.opencontainers.image.url": "https://github.com/a13labs/getmail6", + "org.opencontainers.image.version": "v0.0.1-6.19.07" + }, + "User": "getmail", + "WorkingDir": "/getmail" + } + }, + "Layers": [ + { + "Size": 8120832, + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + { + "Size": 1684992, + "Digest": "sha256:a507b793f9af8c58adcae308a17d0d4c2e8074a530b01b6abec958e9b7476cbb", + "DiffID": "sha256:052b772c7a047144fe9764df3fe0bc683abd5b2d212494aef4054f5a91f36b16" + }, + { + "Size": 37467648, + "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", + "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" + }, + { + "Size": 5120, + "Digest": "sha256:b0d8a12effa95e69eeae00f331cd5c50b0d9c8ed631b6e681fbe08a5902971ff", + "DiffID": "sha256:336e6a290569e2248d824031e4508cc6b6198e244de975b12299b3d16ae9b243" + }, + { + "Size": 19406848, + "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", + "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" + }, + { + "Size": 1024, + "Digest": "sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1", + "DiffID": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" + } + ] + } + ], + "Results": [ + { + "Target": "a13labs/getmail6:v0.0.1-6.19.07 (alpine 3.21.3)", + "Class": "os-pkgs", + "Type": "alpine", + "Packages": [ + { + "ID": ".python-rundeps@20250214.193348", + "Name": ".python-rundeps", + "Identifier": { + "PURL": "pkg:apk/alpine/.python-rundeps@20250214.193348?arch=noarch\u0026distro=3.21.3", + "UID": "54e0495b5dc517e2" + }, + "Version": "20250214.193348", + "Arch": "noarch", + "DependsOn": [ + "gdbm@1.24-r0", + "libbz2@1.0.8-r6", + "libcrypto3@3.3.3-r0", + "libffi@3.4.6-r0", + "libncursesw@6.5_p20241006-r3", + "libpanelw@6.5_p20241006-r3", + "libssl3@3.3.3-r0", + "libuuid@2.40.4-r0", + "musl@1.2.5-r9", + "readline@8.2.13-r0", + "sqlite-libs@3.48.0-r0", + "xz-libs@5.6.3-r0", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", + "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" + }, + "Digest": "sha1:9eea1147217e764f0c371da8940c3a0c495bc599", + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-baselayout@3.6.8-r1", + "Name": "alpine-baselayout", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout@3.6.8-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "393060090f95beb4" + }, + "Version": "3.6.8-r1", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.6.8-r1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-baselayout-data@3.6.8-r1", + "busybox-binsh@1.37.0-r12" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:eceb5e3555e7f7f8925dc248d557fcc744d573d6", + "InstalledFiles": [ + "etc/motd", + "etc/crontabs/root", + "etc/modprobe.d/aliases.conf", + "etc/modprobe.d/blacklist.conf", + "etc/modprobe.d/i386.conf", + "etc/modprobe.d/kms.conf", + "etc/profile.d/20locale.sh", + "etc/profile.d/README", + "etc/profile.d/color_prompt.sh.disabled", + "usr/lib/sysctl.d/00-alpine.conf", + "var/lock", + "var/run", + "var/spool/mail", + "var/spool/cron/crontabs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-baselayout-data@3.6.8-r1", + "Name": "alpine-baselayout-data", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.6.8-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "a35ff814457b106b" + }, + "Version": "3.6.8-r1", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.6.8-r1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:7979a835bc317cedb997d3a42f3b10be86a8d18a", + "InstalledFiles": [ + "etc/fstab", + "etc/group", + "etc/hostname", + "etc/hosts", + "etc/inittab", + "etc/modules", + "etc/mtab", + "etc/nsswitch.conf", + "etc/passwd", + "etc/profile", + "etc/protocols", + "etc/services", + "etc/shadow", + "etc/shells", + "etc/sysctl.conf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-keys@2.5-r0", + "Name": "alpine-keys", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-keys@2.5-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "e87ecc7343d144e0" + }, + "Version": "2.5-r0", + "Arch": "x86_64", + "SrcName": "alpine-keys", + "SrcVersion": "2.5-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:91014bfdba0e7f7b4505159466e9f19871606a59", + "InstalledFiles": [ + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/loongarch64/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", + "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-release@3.21.3-r0", + "Name": "alpine-release", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-release@3.21.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "67b837fa5630d327" + }, + "Version": "3.21.3-r0", + "Arch": "x86_64", + "SrcName": "alpine-base", + "SrcVersion": "3.21.3-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-keys@2.5-r0" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:b9fcfa5afb3341f82ec4f757c6dba8d8807017e3", + "InstalledFiles": [ + "etc/alpine-release", + "etc/issue", + "etc/os-release", + "etc/secfixes.d/alpine", + "usr/lib/os-release" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "apk-tools@2.14.6-r3", + "Name": "apk-tools", + "Identifier": { + "PURL": "pkg:apk/alpine/apk-tools@2.14.6-r3?arch=x86_64\u0026distro=3.21.3", + "UID": "d24a24462031f215" + }, + "Version": "2.14.6-r3", + "Arch": "x86_64", + "SrcName": "apk-tools", + "SrcVersion": "2.14.6-r3", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "ca-certificates-bundle@20241121-r1", + "libcrypto3@3.3.3-r0", + "libssl3@3.3.3-r0", + "musl@1.2.5-r9", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:9704358d1b44fa771e0a0a3a527d8a26830e3eba", + "InstalledFiles": [ + "sbin/apk", + "usr/lib/libapk.so.2.14.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox@1.37.0-r12", + "Name": "busybox", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", + "UID": "40c5c5c69a5100e0" + }, + "Version": "1.37.0-r12", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r12", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:b1234297831343477557fd0d4d702122363b36aa", + "InstalledFiles": [ + "bin/busybox", + "etc/securetty", + "etc/busybox-paths.d/busybox", + "etc/logrotate.d/acpid", + "etc/network/if-up.d/dad", + "etc/udhcpc/udhcpc.conf", + "usr/share/udhcpc/default.script" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox-binsh@1.37.0-r12", + "Name": "busybox-binsh", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", + "UID": "f727574eea8e47ea" + }, + "Version": "1.37.0-r12", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r12", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "busybox@1.37.0-r12" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:2a3dd16cd3f036f57a45e0b4819a7d9ffa74f101", + "InstalledFiles": [ + "bin/sh" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates@20241121-r1", + "Name": "ca-certificates", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates@20241121-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "7bc60c9beb5b71aa" + }, + "Version": "20241121-r1", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20241121-r1", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r12", + "libcrypto3@3.3.3-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:a507b793f9af8c58adcae308a17d0d4c2e8074a530b01b6abec958e9b7476cbb", + "DiffID": "sha256:052b772c7a047144fe9764df3fe0bc683abd5b2d212494aef4054f5a91f36b16" + }, + "Digest": "sha1:ec815ac3e1ae86c055bede3a0b697b62f2b6cca0", + "InstalledFiles": [ + "etc/ca-certificates.conf", + "etc/apk/protected_paths.d/ca-certificates.list", + "etc/ca-certificates/update.d/certhash", + "usr/bin/c_rehash", + "usr/sbin/update-ca-certificates", + "usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", + "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", + "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", + "usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", + "usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", + "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", + "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", + "usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", + "usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", + "usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", + "usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", + "usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", + "usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", + "usr/share/ca-certificates/mozilla/Certigna.crt", + "usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-01.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-02.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-01.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-02.crt", + "usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", + "usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", + "usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", + "usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", + "usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", + "usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", + "usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", + "usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", + "usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", + "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", + "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", + "usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", + "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", + "usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", + "usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/Izenpe.com.crt", + "usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", + "usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", + "usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", + "usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", + "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", + "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", + "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", + "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", + "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", + "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", + "usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", + "usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", + "usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", + "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", + "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", + "usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", + "usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", + "usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", + "usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", + "usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", + "usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", + "usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", + "usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", + "usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", + "usr/share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt", + "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", + "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", + "usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", + "usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", + "usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", + "usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", + "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", + "usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", + "usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", + "usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", + "usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", + "usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", + "usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", + "usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", + "usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", + "usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", + "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", + "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", + "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", + "usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", + "usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates-bundle@20241121-r1", + "Name": "ca-certificates-bundle", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates-bundle@20241121-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "648ddfcaeba667a7" + }, + "Version": "20241121-r1", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20241121-r1", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:9cfd2df1eb4d8cf25007be42ad2818f3e5c9a37b", + "InstalledFiles": [ + "etc/ssl/cert.pem", + "etc/ssl/certs/ca-certificates.crt", + "etc/ssl1.1/cert.pem", + "etc/ssl1.1/certs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "gdbm@1.24-r0", + "Name": "gdbm", + "Identifier": { + "PURL": "pkg:apk/alpine/gdbm@1.24-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "16187e1189640a5f" + }, + "Version": "1.24-r0", + "Arch": "x86_64", + "SrcName": "gdbm", + "SrcVersion": "1.24-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", + "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" + }, + "Digest": "sha1:06876a4fe8da5ca1e5930daa08aaf90629c35074", + "InstalledFiles": [ + "usr/lib/libgdbm.so.6", + "usr/lib/libgdbm.so.6.0.0", + "usr/lib/libgdbm_compat.so.4", + "usr/lib/libgdbm_compat.so.4.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "keyutils-libs@1.6.3-r4", + "Name": "keyutils-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/keyutils-libs@1.6.3-r4?arch=x86_64\u0026distro=3.21.3", + "UID": "5818e21637d6b797" + }, + "Version": "1.6.3-r4", + "Arch": "x86_64", + "SrcName": "keyutils", + "SrcVersion": "1.6.3-r4", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", + "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" + }, + "Digest": "sha1:128ea507e8ce17fd70c5ec18f8581633dac01a66", + "InstalledFiles": [ + "usr/lib/libkeyutils.so.1", + "usr/lib/libkeyutils.so.1.10" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "krb5-conf@1.0-r2", + "Name": "krb5-conf", + "Identifier": { + "PURL": "pkg:apk/alpine/krb5-conf@1.0-r2?arch=x86_64\u0026distro=3.21.3", + "UID": "9273a2b8d3ad3c52" + }, + "Version": "1.0-r2", + "Arch": "x86_64", + "SrcName": "krb5-conf", + "SrcVersion": "1.0-r2", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", + "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" + }, + "Digest": "sha1:bd3748a2e1d04eaea8668277f2540249decf38b0", + "InstalledFiles": [ + "etc/krb5.conf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "krb5-libs@1.21.3-r0", + "Name": "krb5-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/krb5-libs@1.21.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "66b514f5594f0e70" + }, + "Version": "1.21.3-r0", + "Arch": "x86_64", + "SrcName": "krb5", + "SrcVersion": "1.21.3-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "keyutils-libs@1.6.3-r4", + "krb5-conf@1.0-r2", + "libcom_err@1.47.1-r1", + "libcrypto3@3.3.3-r0", + "libssl3@3.3.3-r0", + "libverto@0.3.2-r2", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", + "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" + }, + "Digest": "sha1:8da452f1ff426ddb0c8d6f62ad3f0201980d20fe", + "InstalledFiles": [ + "usr/lib/libgssapi_krb5.so.2", + "usr/lib/libgssapi_krb5.so.2.2", + "usr/lib/libgssrpc.so.4", + "usr/lib/libgssrpc.so.4.2", + "usr/lib/libk5crypto.so.3", + "usr/lib/libk5crypto.so.3.1", + "usr/lib/libkadm5clnt_mit.so.12", + "usr/lib/libkadm5clnt_mit.so.12.0", + "usr/lib/libkadm5srv_mit.so.12", + "usr/lib/libkadm5srv_mit.so.12.0", + "usr/lib/libkdb5.so.10", + "usr/lib/libkdb5.so.10.0", + "usr/lib/libkrad.so.0", + "usr/lib/libkrad.so.0.0", + "usr/lib/libkrb5.so.3", + "usr/lib/libkrb5.so.3.3", + "usr/lib/libkrb5support.so.0", + "usr/lib/libkrb5support.so.0.1", + "usr/lib/krb5/plugins/kdb/db2.so", + "usr/lib/krb5/plugins/preauth/otp.so", + "usr/lib/krb5/plugins/preauth/spake.so", + "usr/lib/krb5/plugins/preauth/test.so", + "usr/lib/krb5/plugins/tls/k5tls.so" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libbsd@0.12.2-r0", + "Name": "libbsd", + "Identifier": { + "PURL": "pkg:apk/alpine/libbsd@0.12.2-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "581a570b71de5d75" + }, + "Version": "0.12.2-r0", + "Arch": "x86_64", + "SrcName": "libbsd", + "SrcVersion": "0.12.2-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libmd@1.1.0-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", + "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" + }, + "Digest": "sha1:023153a2f28d5ba21f252cfbda08931431cbd38d", + "InstalledFiles": [ + "usr/lib/libbsd.so.0", + "usr/lib/libbsd.so.0.12.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libbz2@1.0.8-r6", + "Name": "libbz2", + "Identifier": { + "PURL": "pkg:apk/alpine/libbz2@1.0.8-r6?arch=x86_64\u0026distro=3.21.3", + "UID": "68ca16760186f1f7" + }, + "Version": "1.0.8-r6", + "Arch": "x86_64", + "SrcName": "bzip2", + "SrcVersion": "1.0.8-r6", + "Licenses": [ + "bzip-2-1.0.6" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", + "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" + }, + "Digest": "sha1:54f88b518e92e39616f55bff21e0c3c1eec44446", + "InstalledFiles": [ + "usr/lib/libbz2.so.1", + "usr/lib/libbz2.so.1.0.8" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcom_err@1.47.1-r1", + "Name": "libcom_err", + "Identifier": { + "PURL": "pkg:apk/alpine/libcom_err@1.47.1-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "9ea7f0ab0731d03d" + }, + "Version": "1.47.1-r1", + "Arch": "x86_64", + "SrcName": "e2fsprogs", + "SrcVersion": "1.47.1-r1", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.0-or-later", + "BSD-3-Clause", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", + "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" + }, + "Digest": "sha1:fadca43c547e85389b2b11af9197aa8562e9ea45", + "InstalledFiles": [ + "usr/lib/libcom_err.so.2", + "usr/lib/libcom_err.so.2.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcrypto3@3.3.3-r0", + "Name": "libcrypto3", + "Identifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "Version": "3.3.3-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.3.3-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:ba21a974113543ebb687f9e18494c0ce736775f8", + "InstalledFiles": [ + "etc/ssl/ct_log_list.cnf", + "etc/ssl/ct_log_list.cnf.dist", + "etc/ssl/openssl.cnf", + "etc/ssl/openssl.cnf.dist", + "usr/lib/libcrypto.so.3", + "usr/lib/engines-3/afalg.so", + "usr/lib/engines-3/capi.so", + "usr/lib/engines-3/loader_attic.so", + "usr/lib/engines-3/padlock.so", + "usr/lib/ossl-modules/legacy.so" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libffi@3.4.6-r0", + "Name": "libffi", + "Identifier": { + "PURL": "pkg:apk/alpine/libffi@3.4.6-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "a6a695bcdcd79ae6" + }, + "Version": "3.4.6-r0", + "Arch": "x86_64", + "SrcName": "libffi", + "SrcVersion": "3.4.6-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", + "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" + }, + "Digest": "sha1:79720d428db830c5cb59be786c1f39c9a0a8a891", + "InstalledFiles": [ + "usr/lib/libffi.so.8", + "usr/lib/libffi.so.8.1.4" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libgcrypt@1.10.3-r1", + "Name": "libgcrypt", + "Identifier": { + "PURL": "pkg:apk/alpine/libgcrypt@1.10.3-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "39c266ab282a419c" + }, + "Version": "1.10.3-r1", + "Arch": "x86_64", + "SrcName": "libgcrypt", + "SrcVersion": "1.10.3-r1", + "Licenses": [ + "LGPL-2.1-or-later", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libgpg-error@1.51-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", + "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" + }, + "Digest": "sha1:a2e945163357eadf8d4f2d1ff987034b833f8ba3", + "InstalledFiles": [ + "usr/lib/libgcrypt.so.20", + "usr/lib/libgcrypt.so.20.4.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libgpg-error@1.51-r0", + "Name": "libgpg-error", + "Identifier": { + "PURL": "pkg:apk/alpine/libgpg-error@1.51-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "f04ab95d023d1ea1" + }, + "Version": "1.51-r0", + "Arch": "x86_64", + "SrcName": "libgpg-error", + "SrcVersion": "1.51-r0", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", + "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" + }, + "Digest": "sha1:950137f6bb7ffca1fa8039d2c7dc330d46c0369c", + "InstalledFiles": [ + "usr/bin/gpg-error", + "usr/lib/libgpg-error.so.0", + "usr/lib/libgpg-error.so.0.38.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libgsasl@2.2.1-r0", + "Name": "libgsasl", + "Identifier": { + "PURL": "pkg:apk/alpine/libgsasl@2.2.1-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "9a895e37dbf07764" + }, + "Version": "2.2.1-r0", + "Arch": "x86_64", + "SrcName": "libgsasl", + "SrcVersion": "2.2.1-r0", + "Licenses": [ + "LGPL-2.0-or-later" + ], + "Maintainer": "Celeste \u003ccielesti@protonmail.com\u003e", + "DependsOn": [ + "krb5-libs@1.21.3-r0", + "libgcrypt@1.10.3-r1", + "libidn@1.42-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", + "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" + }, + "Digest": "sha1:6a0de29e345552f7d6aa372092c70457d7399535", + "InstalledFiles": [ + "usr/lib/libgsasl.so.18", + "usr/lib/libgsasl.so.18.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libidn@1.42-r0", + "Name": "libidn", + "Identifier": { + "PURL": "pkg:apk/alpine/libidn@1.42-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "13d6cff1f3cbcaeb" + }, + "Version": "1.42-r0", + "Arch": "x86_64", + "SrcName": "libidn", + "SrcVersion": "1.42-r0", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", + "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" + }, + "Digest": "sha1:ef9bff171b898c8d8912fb49d00c515e47d0286c", + "InstalledFiles": [ + "usr/bin/idn", + "usr/lib/libidn.so.12", + "usr/lib/libidn.so.12.6.5", + "usr/share/emacs/site-lisp/idna.el", + "usr/share/emacs/site-lisp/punycode.el" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libidn2@2.3.7-r0", + "Name": "libidn2", + "Identifier": { + "PURL": "pkg:apk/alpine/libidn2@2.3.7-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "7a5029ce71d1e992" + }, + "Version": "2.3.7-r0", + "Arch": "x86_64", + "SrcName": "libidn2", + "SrcVersion": "2.3.7-r0", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libunistring@1.2-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", + "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" + }, + "Digest": "sha1:ae3b64134ad2a63718269dac2826bc514a3445e2", + "InstalledFiles": [ + "usr/lib/libidn2.so.0", + "usr/lib/libidn2.so.0.4.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libintl@0.22.5-r0", + "Name": "libintl", + "Identifier": { + "PURL": "pkg:apk/alpine/libintl@0.22.5-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "8042f9b62820ffd5" + }, + "Version": "0.22.5-r0", + "Arch": "x86_64", + "SrcName": "gettext", + "SrcVersion": "0.22.5-r0", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", + "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" + }, + "Digest": "sha1:c3f183a55f73801890303634540cf1c84530cc17", + "InstalledFiles": [ + "usr/lib/libintl.so.8", + "usr/lib/libintl.so.8.4.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libmd@1.1.0-r0", + "Name": "libmd", + "Identifier": { + "PURL": "pkg:apk/alpine/libmd@1.1.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "9d51cc7dab98483b" + }, + "Version": "1.1.0-r0", + "Arch": "x86_64", + "SrcName": "libmd", + "SrcVersion": "1.1.0-r0", + "Licenses": [ + "BSD-3-Clause", + "BSD-2-Clause", + "ISC", + "Beerware", + "Public", + "Domain" + ], + "Maintainer": "omni \u003comni+alpine@hack.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", + "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" + }, + "Digest": "sha1:a80e622a84ee4a3f53062a516bb8b1d92a60497b", + "InstalledFiles": [ + "usr/lib/libmd.so.0", + "usr/lib/libmd.so.0.1.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libncursesw@6.5_p20241006-r3", + "Name": "libncursesw", + "Identifier": { + "PURL": "pkg:apk/alpine/libncursesw@6.5_p20241006-r3?arch=x86_64\u0026distro=3.21.3", + "UID": "75cdd41a72db6f1" + }, + "Version": "6.5_p20241006-r3", + "Arch": "x86_64", + "SrcName": "ncurses", + "SrcVersion": "6.5_p20241006-r3", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9", + "ncurses-terminfo-base@6.5_p20241006-r3" + ], + "Layer": { + "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", + "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" + }, + "Digest": "sha1:1f4a0b567990a75699de992aa91da75bad914a57", + "InstalledFiles": [ + "usr/lib/libncursesw.so.6", + "usr/lib/libncursesw.so.6.5" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libpanelw@6.5_p20241006-r3", + "Name": "libpanelw", + "Identifier": { + "PURL": "pkg:apk/alpine/libpanelw@6.5_p20241006-r3?arch=x86_64\u0026distro=3.21.3", + "UID": "bc19a00a809b43ea" + }, + "Version": "6.5_p20241006-r3", + "Arch": "x86_64", + "SrcName": "ncurses", + "SrcVersion": "6.5_p20241006-r3", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libncursesw@6.5_p20241006-r3", + "musl@1.2.5-r9", + "ncurses-terminfo-base@6.5_p20241006-r3" + ], + "Layer": { + "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", + "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" + }, + "Digest": "sha1:b7928b751d482d3ee192ef1cb0f4b8de1baa0b20", + "InstalledFiles": [ + "usr/lib/libpanelw.so.6", + "usr/lib/libpanelw.so.6.5" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libssl3@3.3.3-r0", + "Name": "libssl3", + "Identifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "Version": "3.3.3-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.3.3-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcrypto3@3.3.3-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:f903912bd42fe4658ee2adf39744b36019f046b3", + "InstalledFiles": [ + "usr/lib/libssl.so.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libunistring@1.2-r0", + "Name": "libunistring", + "Identifier": { + "PURL": "pkg:apk/alpine/libunistring@1.2-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "afda0efd6d9fe81d" + }, + "Version": "1.2-r0", + "Arch": "x86_64", + "SrcName": "libunistring", + "SrcVersion": "1.2-r0", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", + "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" + }, + "Digest": "sha1:79aac0821ef4e14fc6ceaacfbf7c2a770a80cf78", + "InstalledFiles": [ + "usr/lib/libunistring.so.5", + "usr/lib/libunistring.so.5.1.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libuuid@2.40.4-r0", + "Name": "libuuid", + "Identifier": { + "PURL": "pkg:apk/alpine/libuuid@2.40.4-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "95a35a694952d3ae" + }, + "Version": "2.40.4-r0", + "Arch": "x86_64", + "SrcName": "util-linux", + "SrcVersion": "2.40.4-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", + "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" + }, + "Digest": "sha1:687f7a3d2df8f2270e247715b2eadc1cfbc63185", + "InstalledFiles": [ + "usr/lib/libuuid.so.1", + "usr/lib/libuuid.so.1.3.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libverto@0.3.2-r2", + "Name": "libverto", + "Identifier": { + "PURL": "pkg:apk/alpine/libverto@0.3.2-r2?arch=x86_64\u0026distro=3.21.3", + "UID": "67e5fa5840c0d028" + }, + "Version": "0.3.2-r2", + "Arch": "x86_64", + "SrcName": "libverto", + "SrcVersion": "0.3.2-r2", + "Licenses": [ + "MIT" + ], + "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", + "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" + }, + "Digest": "sha1:154644a18e6de4d3b6d9d6c2c35d28826b9167a1", + "InstalledFiles": [ + "usr/lib/libverto.so.1", + "usr/lib/libverto.so.1.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "msmtp@1.8.27-r0", + "Name": "msmtp", + "Identifier": { + "PURL": "pkg:apk/alpine/msmtp@1.8.27-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "709d974c70d11aaf" + }, + "Version": "1.8.27-r0", + "Arch": "x86_64", + "SrcName": "msmtp", + "SrcVersion": "1.8.27-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcrypto3@3.3.3-r0", + "libgsasl@2.2.1-r0", + "libidn2@2.3.7-r0", + "libintl@0.22.5-r0", + "libssl3@3.3.3-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", + "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" + }, + "Digest": "sha1:7b5a81f0558bbf74aeec76787dbfc5ad13b94ae1", + "InstalledFiles": [ + "usr/bin/msmtp", + "usr/bin/msmtpd" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl@1.2.5-r9", + "Name": "musl", + "Identifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", + "UID": "d0316c4ab0862e6b" + }, + "Version": "1.2.5-r9", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.5-r9", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:fcbef23891ec04f81a28b98dbbb521e58218d2d8", + "InstalledFiles": [ + "lib/ld-musl-x86_64.so.1", + "lib/libc.musl-x86_64.so.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl-utils@1.2.5-r9", + "Name": "musl-utils", + "Identifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", + "UID": "8991799c5350cf95" + }, + "Version": "1.2.5-r9", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.5-r9", + "Licenses": [ + "MIT", + "BSD-2-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9", + "scanelf@1.3.8-r1" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:dd00323d3c0b14f2607f7a14ef503ebb4f737d22", + "InstalledFiles": [ + "sbin/ldconfig", + "usr/bin/getconf", + "usr/bin/getent", + "usr/bin/iconv", + "usr/bin/ldd" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ncurses-terminfo-base@6.5_p20241006-r3", + "Name": "ncurses-terminfo-base", + "Identifier": { + "PURL": "pkg:apk/alpine/ncurses-terminfo-base@6.5_p20241006-r3?arch=x86_64\u0026distro=3.21.3", + "UID": "ba7a41d37c387447" + }, + "Version": "6.5_p20241006-r3", + "Arch": "x86_64", + "SrcName": "ncurses", + "SrcVersion": "6.5_p20241006-r3", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", + "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" + }, + "Digest": "sha1:a2bc82a235e7172605f069a36c371f955bc9d8fc", + "InstalledFiles": [ + "etc/terminfo/a/alacritty", + "etc/terminfo/a/ansi", + "etc/terminfo/d/dumb", + "etc/terminfo/g/gnome", + "etc/terminfo/g/gnome-256color", + "etc/terminfo/k/konsole", + "etc/terminfo/k/konsole-256color", + "etc/terminfo/k/konsole-linux", + "etc/terminfo/l/linux", + "etc/terminfo/p/putty", + "etc/terminfo/p/putty-256color", + "etc/terminfo/r/rxvt", + "etc/terminfo/r/rxvt-256color", + "etc/terminfo/s/screen", + "etc/terminfo/s/screen-256color", + "etc/terminfo/s/st-0.6", + "etc/terminfo/s/st-0.7", + "etc/terminfo/s/st-0.8", + "etc/terminfo/s/st-16color", + "etc/terminfo/s/st-256color", + "etc/terminfo/s/st-direct", + "etc/terminfo/s/sun", + "etc/terminfo/t/terminator", + "etc/terminfo/t/terminology", + "etc/terminfo/t/terminology-0.6.1", + "etc/terminfo/t/terminology-1.0.0", + "etc/terminfo/t/terminology-1.8.1", + "etc/terminfo/t/tmux", + "etc/terminfo/t/tmux-256color", + "etc/terminfo/v/vt100", + "etc/terminfo/v/vt102", + "etc/terminfo/v/vt200", + "etc/terminfo/v/vt220", + "etc/terminfo/v/vt52", + "etc/terminfo/v/vte", + "etc/terminfo/v/vte-256color", + "etc/terminfo/x/xterm", + "etc/terminfo/x/xterm-256color", + "etc/terminfo/x/xterm-color", + "etc/terminfo/x/xterm-xfree86" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "netcat-openbsd@1.226.1.1-r0", + "Name": "netcat-openbsd", + "Identifier": { + "PURL": "pkg:apk/alpine/netcat-openbsd@1.226.1.1-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "99ea8440fdb1f22d" + }, + "Version": "1.226.1.1-r0", + "Arch": "x86_64", + "SrcName": "netcat-openbsd", + "SrcVersion": "1.226.1.1-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Leonardo Arena \u003crnalrd@alpinelinux.org\u003e", + "DependsOn": [ + "libbsd@0.12.2-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", + "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" + }, + "Digest": "sha1:7bb180574ade70df0c6dfd473f75df966e884133", + "InstalledFiles": [ + "usr/bin/nc" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "pcre2@10.43-r0", + "Name": "pcre2", + "Identifier": { + "PURL": "pkg:apk/alpine/pcre2@10.43-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "f6f0683f9f0923fb" + }, + "Version": "10.43-r0", + "Arch": "x86_64", + "SrcName": "pcre2", + "SrcVersion": "10.43-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", + "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" + }, + "Digest": "sha1:ac7e2633be267904f90d2a850ea43d393583b160", + "InstalledFiles": [ + "usr/lib/libpcre2-8.so.0", + "usr/lib/libpcre2-8.so.0.12.0", + "usr/lib/libpcre2-posix.so.3", + "usr/lib/libpcre2-posix.so.3.0.5" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "readline@8.2.13-r0", + "Name": "readline", + "Identifier": { + "PURL": "pkg:apk/alpine/readline@8.2.13-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "8e448129748c2000" + }, + "Version": "8.2.13-r0", + "Arch": "x86_64", + "SrcName": "readline", + "SrcVersion": "8.2.13-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libncursesw@6.5_p20241006-r3", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", + "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" + }, + "Digest": "sha1:b99e42766d2d37aa8b69820daa080ab50c28a150", + "InstalledFiles": [ + "etc/inputrc", + "usr/lib/libreadline.so.8", + "usr/lib/libreadline.so.8.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "scanelf@1.3.8-r1", + "Name": "scanelf", + "Identifier": { + "PURL": "pkg:apk/alpine/scanelf@1.3.8-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "99c1bc01da347386" + }, + "Version": "1.3.8-r1", + "Arch": "x86_64", + "SrcName": "pax-utils", + "SrcVersion": "1.3.8-r1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:77729f7622baeaafb6feaf7486f4f5452c1c7b62", + "InstalledFiles": [ + "usr/bin/scanelf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "sqlite-libs@3.48.0-r0", + "Name": "sqlite-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/sqlite-libs@3.48.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "97ae2c9dd021d9ff" + }, + "Version": "3.48.0-r0", + "Arch": "x86_64", + "SrcName": "sqlite", + "SrcVersion": "3.48.0-r0", + "Licenses": [ + "blessing" + ], + "Maintainer": "Celeste \u003ccielesti@protonmail.com\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", + "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" + }, + "Digest": "sha1:f0ea631805919e1704c25aa2ea8aeb9ce25dbcff", + "InstalledFiles": [ + "usr/lib/libsqlite3.so.0", + "usr/lib/libsqlite3.so.0.8.6" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ssl_client@1.37.0-r12", + "Name": "ssl_client", + "Identifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", + "UID": "7637191a09ed06b3" + }, + "Version": "1.37.0-r12", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r12", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "libcrypto3@3.3.3-r0", + "libssl3@3.3.3-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:69bfb6258ecb0a21e3b0ea12e6d4544192ab3766", + "InstalledFiles": [ + "usr/bin/ssl_client" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "tzdata@2025a-r0", + "Name": "tzdata", + "Identifier": { + "PURL": "pkg:apk/alpine/tzdata@2025a-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "6202fbbc831770e0" + }, + "Version": "2025a-r0", + "Arch": "x86_64", + "SrcName": "tzdata", + "SrcVersion": "2025a-r0", + "Licenses": [ + "Public-Domain" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:a507b793f9af8c58adcae308a17d0d4c2e8074a530b01b6abec958e9b7476cbb", + "DiffID": "sha256:052b772c7a047144fe9764df3fe0bc683abd5b2d212494aef4054f5a91f36b16" + }, + "Digest": "sha1:0b536b9594eb3a23cc3fcb9222d87999ee7a5a5e", + "InstalledFiles": [ + "usr/share/zoneinfo/CET", + "usr/share/zoneinfo/CST6CDT", + "usr/share/zoneinfo/Cuba", + "usr/share/zoneinfo/EET", + "usr/share/zoneinfo/EST", + "usr/share/zoneinfo/EST5EDT", + "usr/share/zoneinfo/Egypt", + "usr/share/zoneinfo/Eire", + "usr/share/zoneinfo/Factory", + "usr/share/zoneinfo/GB", + "usr/share/zoneinfo/GB-Eire", + "usr/share/zoneinfo/GMT", + "usr/share/zoneinfo/GMT+0", + "usr/share/zoneinfo/GMT-0", + "usr/share/zoneinfo/GMT0", + "usr/share/zoneinfo/Greenwich", + "usr/share/zoneinfo/HST", + "usr/share/zoneinfo/Hongkong", + "usr/share/zoneinfo/Iceland", + "usr/share/zoneinfo/Iran", + "usr/share/zoneinfo/Israel", + "usr/share/zoneinfo/Jamaica", + "usr/share/zoneinfo/Japan", + "usr/share/zoneinfo/Kwajalein", + "usr/share/zoneinfo/Libya", + "usr/share/zoneinfo/MET", + "usr/share/zoneinfo/MST", + "usr/share/zoneinfo/MST7MDT", + "usr/share/zoneinfo/NZ", + "usr/share/zoneinfo/NZ-CHAT", + "usr/share/zoneinfo/Navajo", + "usr/share/zoneinfo/PRC", + "usr/share/zoneinfo/PST8PDT", + "usr/share/zoneinfo/Poland", + "usr/share/zoneinfo/Portugal", + "usr/share/zoneinfo/ROC", + "usr/share/zoneinfo/ROK", + "usr/share/zoneinfo/Singapore", + "usr/share/zoneinfo/Turkey", + "usr/share/zoneinfo/UCT", + "usr/share/zoneinfo/UTC", + "usr/share/zoneinfo/Universal", + "usr/share/zoneinfo/W-SU", + "usr/share/zoneinfo/WET", + "usr/share/zoneinfo/Zulu", + "usr/share/zoneinfo/iso3166.tab", + "usr/share/zoneinfo/leap-seconds.list", + "usr/share/zoneinfo/posixrules", + "usr/share/zoneinfo/zone.tab", + "usr/share/zoneinfo/zone1970.tab", + "usr/share/zoneinfo/Africa/Abidjan", + "usr/share/zoneinfo/Africa/Accra", + "usr/share/zoneinfo/Africa/Addis_Ababa", + "usr/share/zoneinfo/Africa/Algiers", + "usr/share/zoneinfo/Africa/Asmara", + "usr/share/zoneinfo/Africa/Asmera", + "usr/share/zoneinfo/Africa/Bamako", + "usr/share/zoneinfo/Africa/Bangui", + "usr/share/zoneinfo/Africa/Banjul", + "usr/share/zoneinfo/Africa/Bissau", + "usr/share/zoneinfo/Africa/Blantyre", + "usr/share/zoneinfo/Africa/Brazzaville", + "usr/share/zoneinfo/Africa/Bujumbura", + "usr/share/zoneinfo/Africa/Cairo", + "usr/share/zoneinfo/Africa/Casablanca", + "usr/share/zoneinfo/Africa/Ceuta", + "usr/share/zoneinfo/Africa/Conakry", + "usr/share/zoneinfo/Africa/Dakar", + "usr/share/zoneinfo/Africa/Dar_es_Salaam", + "usr/share/zoneinfo/Africa/Djibouti", + "usr/share/zoneinfo/Africa/Douala", + "usr/share/zoneinfo/Africa/El_Aaiun", + "usr/share/zoneinfo/Africa/Freetown", + "usr/share/zoneinfo/Africa/Gaborone", + "usr/share/zoneinfo/Africa/Harare", + "usr/share/zoneinfo/Africa/Johannesburg", + "usr/share/zoneinfo/Africa/Juba", + "usr/share/zoneinfo/Africa/Kampala", + "usr/share/zoneinfo/Africa/Khartoum", + "usr/share/zoneinfo/Africa/Kigali", + "usr/share/zoneinfo/Africa/Kinshasa", + "usr/share/zoneinfo/Africa/Lagos", + "usr/share/zoneinfo/Africa/Libreville", + "usr/share/zoneinfo/Africa/Lome", + "usr/share/zoneinfo/Africa/Luanda", + "usr/share/zoneinfo/Africa/Lubumbashi", + "usr/share/zoneinfo/Africa/Lusaka", + "usr/share/zoneinfo/Africa/Malabo", + "usr/share/zoneinfo/Africa/Maputo", + "usr/share/zoneinfo/Africa/Maseru", + "usr/share/zoneinfo/Africa/Mbabane", + "usr/share/zoneinfo/Africa/Mogadishu", + "usr/share/zoneinfo/Africa/Monrovia", + "usr/share/zoneinfo/Africa/Nairobi", + "usr/share/zoneinfo/Africa/Ndjamena", + "usr/share/zoneinfo/Africa/Niamey", + "usr/share/zoneinfo/Africa/Nouakchott", + "usr/share/zoneinfo/Africa/Ouagadougou", + "usr/share/zoneinfo/Africa/Porto-Novo", + "usr/share/zoneinfo/Africa/Sao_Tome", + "usr/share/zoneinfo/Africa/Timbuktu", + "usr/share/zoneinfo/Africa/Tripoli", + "usr/share/zoneinfo/Africa/Tunis", + "usr/share/zoneinfo/Africa/Windhoek", + "usr/share/zoneinfo/America/Adak", + "usr/share/zoneinfo/America/Anchorage", + "usr/share/zoneinfo/America/Anguilla", + "usr/share/zoneinfo/America/Antigua", + "usr/share/zoneinfo/America/Araguaina", + "usr/share/zoneinfo/America/Aruba", + "usr/share/zoneinfo/America/Asuncion", + "usr/share/zoneinfo/America/Atikokan", + "usr/share/zoneinfo/America/Atka", + "usr/share/zoneinfo/America/Bahia", + "usr/share/zoneinfo/America/Bahia_Banderas", + "usr/share/zoneinfo/America/Barbados", + "usr/share/zoneinfo/America/Belem", + "usr/share/zoneinfo/America/Belize", + "usr/share/zoneinfo/America/Blanc-Sablon", + "usr/share/zoneinfo/America/Boa_Vista", + "usr/share/zoneinfo/America/Bogota", + "usr/share/zoneinfo/America/Boise", + "usr/share/zoneinfo/America/Buenos_Aires", + "usr/share/zoneinfo/America/Cambridge_Bay", + "usr/share/zoneinfo/America/Campo_Grande", + "usr/share/zoneinfo/America/Cancun", + "usr/share/zoneinfo/America/Caracas", + "usr/share/zoneinfo/America/Catamarca", + "usr/share/zoneinfo/America/Cayenne", + "usr/share/zoneinfo/America/Cayman", + "usr/share/zoneinfo/America/Chicago", + "usr/share/zoneinfo/America/Chihuahua", + "usr/share/zoneinfo/America/Ciudad_Juarez", + "usr/share/zoneinfo/America/Coral_Harbour", + "usr/share/zoneinfo/America/Cordoba", + "usr/share/zoneinfo/America/Costa_Rica", + "usr/share/zoneinfo/America/Creston", + "usr/share/zoneinfo/America/Cuiaba", + "usr/share/zoneinfo/America/Curacao", + "usr/share/zoneinfo/America/Danmarkshavn", + "usr/share/zoneinfo/America/Dawson", + "usr/share/zoneinfo/America/Dawson_Creek", + "usr/share/zoneinfo/America/Denver", + "usr/share/zoneinfo/America/Detroit", + "usr/share/zoneinfo/America/Dominica", + "usr/share/zoneinfo/America/Edmonton", + "usr/share/zoneinfo/America/Eirunepe", + "usr/share/zoneinfo/America/El_Salvador", + "usr/share/zoneinfo/America/Ensenada", + "usr/share/zoneinfo/America/Fort_Nelson", + "usr/share/zoneinfo/America/Fort_Wayne", + "usr/share/zoneinfo/America/Fortaleza", + "usr/share/zoneinfo/America/Glace_Bay", + "usr/share/zoneinfo/America/Godthab", + "usr/share/zoneinfo/America/Goose_Bay", + "usr/share/zoneinfo/America/Grand_Turk", + "usr/share/zoneinfo/America/Grenada", + "usr/share/zoneinfo/America/Guadeloupe", + "usr/share/zoneinfo/America/Guatemala", + "usr/share/zoneinfo/America/Guayaquil", + "usr/share/zoneinfo/America/Guyana", + "usr/share/zoneinfo/America/Halifax", + "usr/share/zoneinfo/America/Havana", + "usr/share/zoneinfo/America/Hermosillo", + "usr/share/zoneinfo/America/Indianapolis", + "usr/share/zoneinfo/America/Inuvik", + "usr/share/zoneinfo/America/Iqaluit", + "usr/share/zoneinfo/America/Jamaica", + "usr/share/zoneinfo/America/Jujuy", + "usr/share/zoneinfo/America/Juneau", + "usr/share/zoneinfo/America/Knox_IN", + "usr/share/zoneinfo/America/Kralendijk", + "usr/share/zoneinfo/America/La_Paz", + "usr/share/zoneinfo/America/Lima", + "usr/share/zoneinfo/America/Los_Angeles", + "usr/share/zoneinfo/America/Louisville", + "usr/share/zoneinfo/America/Lower_Princes", + "usr/share/zoneinfo/America/Maceio", + "usr/share/zoneinfo/America/Managua", + "usr/share/zoneinfo/America/Manaus", + "usr/share/zoneinfo/America/Marigot", + "usr/share/zoneinfo/America/Martinique", + "usr/share/zoneinfo/America/Matamoros", + "usr/share/zoneinfo/America/Mazatlan", + "usr/share/zoneinfo/America/Mendoza", + "usr/share/zoneinfo/America/Menominee", + "usr/share/zoneinfo/America/Merida", + "usr/share/zoneinfo/America/Metlakatla", + "usr/share/zoneinfo/America/Mexico_City", + "usr/share/zoneinfo/America/Miquelon", + "usr/share/zoneinfo/America/Moncton", + "usr/share/zoneinfo/America/Monterrey", + "usr/share/zoneinfo/America/Montevideo", + "usr/share/zoneinfo/America/Montreal", + "usr/share/zoneinfo/America/Montserrat", + "usr/share/zoneinfo/America/Nassau", + "usr/share/zoneinfo/America/New_York", + "usr/share/zoneinfo/America/Nipigon", + "usr/share/zoneinfo/America/Nome", + "usr/share/zoneinfo/America/Noronha", + "usr/share/zoneinfo/America/Nuuk", + "usr/share/zoneinfo/America/Ojinaga", + "usr/share/zoneinfo/America/Panama", + "usr/share/zoneinfo/America/Pangnirtung", + "usr/share/zoneinfo/America/Paramaribo", + "usr/share/zoneinfo/America/Phoenix", + "usr/share/zoneinfo/America/Port-au-Prince", + "usr/share/zoneinfo/America/Port_of_Spain", + "usr/share/zoneinfo/America/Porto_Acre", + "usr/share/zoneinfo/America/Porto_Velho", + "usr/share/zoneinfo/America/Puerto_Rico", + "usr/share/zoneinfo/America/Punta_Arenas", + "usr/share/zoneinfo/America/Rainy_River", + "usr/share/zoneinfo/America/Rankin_Inlet", + "usr/share/zoneinfo/America/Recife", + "usr/share/zoneinfo/America/Regina", + "usr/share/zoneinfo/America/Resolute", + "usr/share/zoneinfo/America/Rio_Branco", + "usr/share/zoneinfo/America/Rosario", + "usr/share/zoneinfo/America/Santa_Isabel", + "usr/share/zoneinfo/America/Santarem", + "usr/share/zoneinfo/America/Santiago", + "usr/share/zoneinfo/America/Santo_Domingo", + "usr/share/zoneinfo/America/Sao_Paulo", + "usr/share/zoneinfo/America/Scoresbysund", + "usr/share/zoneinfo/America/Shiprock", + "usr/share/zoneinfo/America/Sitka", + "usr/share/zoneinfo/America/St_Barthelemy", + "usr/share/zoneinfo/America/St_Johns", + "usr/share/zoneinfo/America/St_Kitts", + "usr/share/zoneinfo/America/St_Lucia", + "usr/share/zoneinfo/America/St_Thomas", + "usr/share/zoneinfo/America/St_Vincent", + "usr/share/zoneinfo/America/Swift_Current", + "usr/share/zoneinfo/America/Tegucigalpa", + "usr/share/zoneinfo/America/Thule", + "usr/share/zoneinfo/America/Thunder_Bay", + "usr/share/zoneinfo/America/Tijuana", + "usr/share/zoneinfo/America/Toronto", + "usr/share/zoneinfo/America/Tortola", + "usr/share/zoneinfo/America/Vancouver", + "usr/share/zoneinfo/America/Virgin", + "usr/share/zoneinfo/America/Whitehorse", + "usr/share/zoneinfo/America/Winnipeg", + "usr/share/zoneinfo/America/Yakutat", + "usr/share/zoneinfo/America/Yellowknife", + "usr/share/zoneinfo/America/Argentina/Buenos_Aires", + "usr/share/zoneinfo/America/Argentina/Catamarca", + "usr/share/zoneinfo/America/Argentina/ComodRivadavia", + "usr/share/zoneinfo/America/Argentina/Cordoba", + "usr/share/zoneinfo/America/Argentina/Jujuy", + "usr/share/zoneinfo/America/Argentina/La_Rioja", + "usr/share/zoneinfo/America/Argentina/Mendoza", + "usr/share/zoneinfo/America/Argentina/Rio_Gallegos", + "usr/share/zoneinfo/America/Argentina/Salta", + "usr/share/zoneinfo/America/Argentina/San_Juan", + "usr/share/zoneinfo/America/Argentina/San_Luis", + "usr/share/zoneinfo/America/Argentina/Tucuman", + "usr/share/zoneinfo/America/Argentina/Ushuaia", + "usr/share/zoneinfo/America/Indiana/Indianapolis", + "usr/share/zoneinfo/America/Indiana/Knox", + "usr/share/zoneinfo/America/Indiana/Marengo", + "usr/share/zoneinfo/America/Indiana/Petersburg", + "usr/share/zoneinfo/America/Indiana/Tell_City", + "usr/share/zoneinfo/America/Indiana/Vevay", + "usr/share/zoneinfo/America/Indiana/Vincennes", + "usr/share/zoneinfo/America/Indiana/Winamac", + "usr/share/zoneinfo/America/Kentucky/Louisville", + "usr/share/zoneinfo/America/Kentucky/Monticello", + "usr/share/zoneinfo/America/North_Dakota/Beulah", + "usr/share/zoneinfo/America/North_Dakota/Center", + "usr/share/zoneinfo/America/North_Dakota/New_Salem", + "usr/share/zoneinfo/Antarctica/Casey", + "usr/share/zoneinfo/Antarctica/Davis", + "usr/share/zoneinfo/Antarctica/DumontDUrville", + "usr/share/zoneinfo/Antarctica/Macquarie", + "usr/share/zoneinfo/Antarctica/Mawson", + "usr/share/zoneinfo/Antarctica/McMurdo", + "usr/share/zoneinfo/Antarctica/Palmer", + "usr/share/zoneinfo/Antarctica/Rothera", + "usr/share/zoneinfo/Antarctica/South_Pole", + "usr/share/zoneinfo/Antarctica/Syowa", + "usr/share/zoneinfo/Antarctica/Troll", + "usr/share/zoneinfo/Antarctica/Vostok", + "usr/share/zoneinfo/Arctic/Longyearbyen", + "usr/share/zoneinfo/Asia/Aden", + "usr/share/zoneinfo/Asia/Almaty", + "usr/share/zoneinfo/Asia/Amman", + "usr/share/zoneinfo/Asia/Anadyr", + "usr/share/zoneinfo/Asia/Aqtau", + "usr/share/zoneinfo/Asia/Aqtobe", + "usr/share/zoneinfo/Asia/Ashgabat", + "usr/share/zoneinfo/Asia/Ashkhabad", + "usr/share/zoneinfo/Asia/Atyrau", + "usr/share/zoneinfo/Asia/Baghdad", + "usr/share/zoneinfo/Asia/Bahrain", + "usr/share/zoneinfo/Asia/Baku", + "usr/share/zoneinfo/Asia/Bangkok", + "usr/share/zoneinfo/Asia/Barnaul", + "usr/share/zoneinfo/Asia/Beirut", + "usr/share/zoneinfo/Asia/Bishkek", + "usr/share/zoneinfo/Asia/Brunei", + "usr/share/zoneinfo/Asia/Calcutta", + "usr/share/zoneinfo/Asia/Chita", + "usr/share/zoneinfo/Asia/Choibalsan", + "usr/share/zoneinfo/Asia/Chongqing", + "usr/share/zoneinfo/Asia/Chungking", + "usr/share/zoneinfo/Asia/Colombo", + "usr/share/zoneinfo/Asia/Dacca", + "usr/share/zoneinfo/Asia/Damascus", + "usr/share/zoneinfo/Asia/Dhaka", + "usr/share/zoneinfo/Asia/Dili", + "usr/share/zoneinfo/Asia/Dubai", + "usr/share/zoneinfo/Asia/Dushanbe", + "usr/share/zoneinfo/Asia/Famagusta", + "usr/share/zoneinfo/Asia/Gaza", + "usr/share/zoneinfo/Asia/Harbin", + "usr/share/zoneinfo/Asia/Hebron", + "usr/share/zoneinfo/Asia/Ho_Chi_Minh", + "usr/share/zoneinfo/Asia/Hong_Kong", + "usr/share/zoneinfo/Asia/Hovd", + "usr/share/zoneinfo/Asia/Irkutsk", + "usr/share/zoneinfo/Asia/Istanbul", + "usr/share/zoneinfo/Asia/Jakarta", + "usr/share/zoneinfo/Asia/Jayapura", + "usr/share/zoneinfo/Asia/Jerusalem", + "usr/share/zoneinfo/Asia/Kabul", + "usr/share/zoneinfo/Asia/Kamchatka", + "usr/share/zoneinfo/Asia/Karachi", + "usr/share/zoneinfo/Asia/Kashgar", + "usr/share/zoneinfo/Asia/Kathmandu", + "usr/share/zoneinfo/Asia/Katmandu", + "usr/share/zoneinfo/Asia/Khandyga", + "usr/share/zoneinfo/Asia/Kolkata", + "usr/share/zoneinfo/Asia/Krasnoyarsk", + "usr/share/zoneinfo/Asia/Kuala_Lumpur", + "usr/share/zoneinfo/Asia/Kuching", + "usr/share/zoneinfo/Asia/Kuwait", + "usr/share/zoneinfo/Asia/Macao", + "usr/share/zoneinfo/Asia/Macau", + "usr/share/zoneinfo/Asia/Magadan", + "usr/share/zoneinfo/Asia/Makassar", + "usr/share/zoneinfo/Asia/Manila", + "usr/share/zoneinfo/Asia/Muscat", + "usr/share/zoneinfo/Asia/Nicosia", + "usr/share/zoneinfo/Asia/Novokuznetsk", + "usr/share/zoneinfo/Asia/Novosibirsk", + "usr/share/zoneinfo/Asia/Omsk", + "usr/share/zoneinfo/Asia/Oral", + "usr/share/zoneinfo/Asia/Phnom_Penh", + "usr/share/zoneinfo/Asia/Pontianak", + "usr/share/zoneinfo/Asia/Pyongyang", + "usr/share/zoneinfo/Asia/Qatar", + "usr/share/zoneinfo/Asia/Qostanay", + "usr/share/zoneinfo/Asia/Qyzylorda", + "usr/share/zoneinfo/Asia/Rangoon", + "usr/share/zoneinfo/Asia/Riyadh", + "usr/share/zoneinfo/Asia/Saigon", + "usr/share/zoneinfo/Asia/Sakhalin", + "usr/share/zoneinfo/Asia/Samarkand", + "usr/share/zoneinfo/Asia/Seoul", + "usr/share/zoneinfo/Asia/Shanghai", + "usr/share/zoneinfo/Asia/Singapore", + "usr/share/zoneinfo/Asia/Srednekolymsk", + "usr/share/zoneinfo/Asia/Taipei", + "usr/share/zoneinfo/Asia/Tashkent", + "usr/share/zoneinfo/Asia/Tbilisi", + "usr/share/zoneinfo/Asia/Tehran", + "usr/share/zoneinfo/Asia/Tel_Aviv", + "usr/share/zoneinfo/Asia/Thimbu", + "usr/share/zoneinfo/Asia/Thimphu", + "usr/share/zoneinfo/Asia/Tokyo", + "usr/share/zoneinfo/Asia/Tomsk", + "usr/share/zoneinfo/Asia/Ujung_Pandang", + "usr/share/zoneinfo/Asia/Ulaanbaatar", + "usr/share/zoneinfo/Asia/Ulan_Bator", + "usr/share/zoneinfo/Asia/Urumqi", + "usr/share/zoneinfo/Asia/Ust-Nera", + "usr/share/zoneinfo/Asia/Vientiane", + "usr/share/zoneinfo/Asia/Vladivostok", + "usr/share/zoneinfo/Asia/Yakutsk", + "usr/share/zoneinfo/Asia/Yangon", + "usr/share/zoneinfo/Asia/Yekaterinburg", + "usr/share/zoneinfo/Asia/Yerevan", + "usr/share/zoneinfo/Atlantic/Azores", + "usr/share/zoneinfo/Atlantic/Bermuda", + "usr/share/zoneinfo/Atlantic/Canary", + "usr/share/zoneinfo/Atlantic/Cape_Verde", + "usr/share/zoneinfo/Atlantic/Faeroe", + "usr/share/zoneinfo/Atlantic/Faroe", + "usr/share/zoneinfo/Atlantic/Jan_Mayen", + "usr/share/zoneinfo/Atlantic/Madeira", + "usr/share/zoneinfo/Atlantic/Reykjavik", + "usr/share/zoneinfo/Atlantic/South_Georgia", + "usr/share/zoneinfo/Atlantic/St_Helena", + "usr/share/zoneinfo/Atlantic/Stanley", + "usr/share/zoneinfo/Australia/ACT", + "usr/share/zoneinfo/Australia/Adelaide", + "usr/share/zoneinfo/Australia/Brisbane", + "usr/share/zoneinfo/Australia/Broken_Hill", + "usr/share/zoneinfo/Australia/Canberra", + "usr/share/zoneinfo/Australia/Currie", + "usr/share/zoneinfo/Australia/Darwin", + "usr/share/zoneinfo/Australia/Eucla", + "usr/share/zoneinfo/Australia/Hobart", + "usr/share/zoneinfo/Australia/LHI", + "usr/share/zoneinfo/Australia/Lindeman", + "usr/share/zoneinfo/Australia/Lord_Howe", + "usr/share/zoneinfo/Australia/Melbourne", + "usr/share/zoneinfo/Australia/NSW", + "usr/share/zoneinfo/Australia/North", + "usr/share/zoneinfo/Australia/Perth", + "usr/share/zoneinfo/Australia/Queensland", + "usr/share/zoneinfo/Australia/South", + "usr/share/zoneinfo/Australia/Sydney", + "usr/share/zoneinfo/Australia/Tasmania", + "usr/share/zoneinfo/Australia/Victoria", + "usr/share/zoneinfo/Australia/West", + "usr/share/zoneinfo/Australia/Yancowinna", + "usr/share/zoneinfo/Brazil/Acre", + "usr/share/zoneinfo/Brazil/DeNoronha", + "usr/share/zoneinfo/Brazil/East", + "usr/share/zoneinfo/Brazil/West", + "usr/share/zoneinfo/Canada/Atlantic", + "usr/share/zoneinfo/Canada/Central", + "usr/share/zoneinfo/Canada/Eastern", + "usr/share/zoneinfo/Canada/Mountain", + "usr/share/zoneinfo/Canada/Newfoundland", + "usr/share/zoneinfo/Canada/Pacific", + "usr/share/zoneinfo/Canada/Saskatchewan", + "usr/share/zoneinfo/Canada/Yukon", + "usr/share/zoneinfo/Chile/Continental", + "usr/share/zoneinfo/Chile/EasterIsland", + "usr/share/zoneinfo/Etc/GMT", + "usr/share/zoneinfo/Etc/GMT+0", + "usr/share/zoneinfo/Etc/GMT+1", + "usr/share/zoneinfo/Etc/GMT+10", + "usr/share/zoneinfo/Etc/GMT+11", + "usr/share/zoneinfo/Etc/GMT+12", + "usr/share/zoneinfo/Etc/GMT+2", + "usr/share/zoneinfo/Etc/GMT+3", + "usr/share/zoneinfo/Etc/GMT+4", + "usr/share/zoneinfo/Etc/GMT+5", + "usr/share/zoneinfo/Etc/GMT+6", + "usr/share/zoneinfo/Etc/GMT+7", + "usr/share/zoneinfo/Etc/GMT+8", + "usr/share/zoneinfo/Etc/GMT+9", + "usr/share/zoneinfo/Etc/GMT-0", + "usr/share/zoneinfo/Etc/GMT-1", + "usr/share/zoneinfo/Etc/GMT-10", + "usr/share/zoneinfo/Etc/GMT-11", + "usr/share/zoneinfo/Etc/GMT-12", + "usr/share/zoneinfo/Etc/GMT-13", + "usr/share/zoneinfo/Etc/GMT-14", + "usr/share/zoneinfo/Etc/GMT-2", + "usr/share/zoneinfo/Etc/GMT-3", + "usr/share/zoneinfo/Etc/GMT-4", + "usr/share/zoneinfo/Etc/GMT-5", + "usr/share/zoneinfo/Etc/GMT-6", + "usr/share/zoneinfo/Etc/GMT-7", + "usr/share/zoneinfo/Etc/GMT-8", + "usr/share/zoneinfo/Etc/GMT-9", + "usr/share/zoneinfo/Etc/GMT0", + "usr/share/zoneinfo/Etc/Greenwich", + "usr/share/zoneinfo/Etc/UCT", + "usr/share/zoneinfo/Etc/UTC", + "usr/share/zoneinfo/Etc/Universal", + "usr/share/zoneinfo/Etc/Zulu", + "usr/share/zoneinfo/Europe/Amsterdam", + "usr/share/zoneinfo/Europe/Andorra", + "usr/share/zoneinfo/Europe/Astrakhan", + "usr/share/zoneinfo/Europe/Athens", + "usr/share/zoneinfo/Europe/Belfast", + "usr/share/zoneinfo/Europe/Belgrade", + "usr/share/zoneinfo/Europe/Berlin", + "usr/share/zoneinfo/Europe/Bratislava", + "usr/share/zoneinfo/Europe/Brussels", + "usr/share/zoneinfo/Europe/Bucharest", + "usr/share/zoneinfo/Europe/Budapest", + "usr/share/zoneinfo/Europe/Busingen", + "usr/share/zoneinfo/Europe/Chisinau", + "usr/share/zoneinfo/Europe/Copenhagen", + "usr/share/zoneinfo/Europe/Dublin", + "usr/share/zoneinfo/Europe/Gibraltar", + "usr/share/zoneinfo/Europe/Guernsey", + "usr/share/zoneinfo/Europe/Helsinki", + "usr/share/zoneinfo/Europe/Isle_of_Man", + "usr/share/zoneinfo/Europe/Istanbul", + "usr/share/zoneinfo/Europe/Jersey", + "usr/share/zoneinfo/Europe/Kaliningrad", + "usr/share/zoneinfo/Europe/Kiev", + "usr/share/zoneinfo/Europe/Kirov", + "usr/share/zoneinfo/Europe/Kyiv", + "usr/share/zoneinfo/Europe/Lisbon", + "usr/share/zoneinfo/Europe/Ljubljana", + "usr/share/zoneinfo/Europe/London", + "usr/share/zoneinfo/Europe/Luxembourg", + "usr/share/zoneinfo/Europe/Madrid", + "usr/share/zoneinfo/Europe/Malta", + "usr/share/zoneinfo/Europe/Mariehamn", + "usr/share/zoneinfo/Europe/Minsk", + "usr/share/zoneinfo/Europe/Monaco", + "usr/share/zoneinfo/Europe/Moscow", + "usr/share/zoneinfo/Europe/Nicosia", + "usr/share/zoneinfo/Europe/Oslo", + "usr/share/zoneinfo/Europe/Paris", + "usr/share/zoneinfo/Europe/Podgorica", + "usr/share/zoneinfo/Europe/Prague", + "usr/share/zoneinfo/Europe/Riga", + "usr/share/zoneinfo/Europe/Rome", + "usr/share/zoneinfo/Europe/Samara", + "usr/share/zoneinfo/Europe/San_Marino", + "usr/share/zoneinfo/Europe/Sarajevo", + "usr/share/zoneinfo/Europe/Saratov", + "usr/share/zoneinfo/Europe/Simferopol", + "usr/share/zoneinfo/Europe/Skopje", + "usr/share/zoneinfo/Europe/Sofia", + "usr/share/zoneinfo/Europe/Stockholm", + "usr/share/zoneinfo/Europe/Tallinn", + "usr/share/zoneinfo/Europe/Tirane", + "usr/share/zoneinfo/Europe/Tiraspol", + "usr/share/zoneinfo/Europe/Ulyanovsk", + "usr/share/zoneinfo/Europe/Uzhgorod", + "usr/share/zoneinfo/Europe/Vaduz", + "usr/share/zoneinfo/Europe/Vatican", + "usr/share/zoneinfo/Europe/Vienna", + "usr/share/zoneinfo/Europe/Vilnius", + "usr/share/zoneinfo/Europe/Volgograd", + "usr/share/zoneinfo/Europe/Warsaw", + "usr/share/zoneinfo/Europe/Zagreb", + "usr/share/zoneinfo/Europe/Zaporozhye", + "usr/share/zoneinfo/Europe/Zurich", + "usr/share/zoneinfo/Indian/Antananarivo", + "usr/share/zoneinfo/Indian/Chagos", + "usr/share/zoneinfo/Indian/Christmas", + "usr/share/zoneinfo/Indian/Cocos", + "usr/share/zoneinfo/Indian/Comoro", + "usr/share/zoneinfo/Indian/Kerguelen", + "usr/share/zoneinfo/Indian/Mahe", + "usr/share/zoneinfo/Indian/Maldives", + "usr/share/zoneinfo/Indian/Mauritius", + "usr/share/zoneinfo/Indian/Mayotte", + "usr/share/zoneinfo/Indian/Reunion", + "usr/share/zoneinfo/Mexico/BajaNorte", + "usr/share/zoneinfo/Mexico/BajaSur", + "usr/share/zoneinfo/Mexico/General", + "usr/share/zoneinfo/Pacific/Apia", + "usr/share/zoneinfo/Pacific/Auckland", + "usr/share/zoneinfo/Pacific/Bougainville", + "usr/share/zoneinfo/Pacific/Chatham", + "usr/share/zoneinfo/Pacific/Chuuk", + "usr/share/zoneinfo/Pacific/Easter", + "usr/share/zoneinfo/Pacific/Efate", + "usr/share/zoneinfo/Pacific/Enderbury", + "usr/share/zoneinfo/Pacific/Fakaofo", + "usr/share/zoneinfo/Pacific/Fiji", + "usr/share/zoneinfo/Pacific/Funafuti", + "usr/share/zoneinfo/Pacific/Galapagos", + "usr/share/zoneinfo/Pacific/Gambier", + "usr/share/zoneinfo/Pacific/Guadalcanal", + "usr/share/zoneinfo/Pacific/Guam", + "usr/share/zoneinfo/Pacific/Honolulu", + "usr/share/zoneinfo/Pacific/Johnston", + "usr/share/zoneinfo/Pacific/Kanton", + "usr/share/zoneinfo/Pacific/Kiritimati", + "usr/share/zoneinfo/Pacific/Kosrae", + "usr/share/zoneinfo/Pacific/Kwajalein", + "usr/share/zoneinfo/Pacific/Majuro", + "usr/share/zoneinfo/Pacific/Marquesas", + "usr/share/zoneinfo/Pacific/Midway", + "usr/share/zoneinfo/Pacific/Nauru", + "usr/share/zoneinfo/Pacific/Niue", + "usr/share/zoneinfo/Pacific/Norfolk", + "usr/share/zoneinfo/Pacific/Noumea", + "usr/share/zoneinfo/Pacific/Pago_Pago", + "usr/share/zoneinfo/Pacific/Palau", + "usr/share/zoneinfo/Pacific/Pitcairn", + "usr/share/zoneinfo/Pacific/Pohnpei", + "usr/share/zoneinfo/Pacific/Ponape", + "usr/share/zoneinfo/Pacific/Port_Moresby", + "usr/share/zoneinfo/Pacific/Rarotonga", + "usr/share/zoneinfo/Pacific/Saipan", + "usr/share/zoneinfo/Pacific/Samoa", + "usr/share/zoneinfo/Pacific/Tahiti", + "usr/share/zoneinfo/Pacific/Tarawa", + "usr/share/zoneinfo/Pacific/Tongatapu", + "usr/share/zoneinfo/Pacific/Truk", + "usr/share/zoneinfo/Pacific/Wake", + "usr/share/zoneinfo/Pacific/Wallis", + "usr/share/zoneinfo/Pacific/Yap", + "usr/share/zoneinfo/US/Alaska", + "usr/share/zoneinfo/US/Aleutian", + "usr/share/zoneinfo/US/Arizona", + "usr/share/zoneinfo/US/Central", + "usr/share/zoneinfo/US/East-Indiana", + "usr/share/zoneinfo/US/Eastern", + "usr/share/zoneinfo/US/Hawaii", + "usr/share/zoneinfo/US/Indiana-Starke", + "usr/share/zoneinfo/US/Michigan", + "usr/share/zoneinfo/US/Mountain", + "usr/share/zoneinfo/US/Pacific", + "usr/share/zoneinfo/US/Samoa" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "wget@1.25.0-r0", + "Name": "wget", + "Identifier": { + "PURL": "pkg:apk/alpine/wget@1.25.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "d23fedb35c58f00f" + }, + "Version": "1.25.0-r0", + "Arch": "x86_64", + "SrcName": "wget", + "SrcVersion": "1.25.0-r0", + "Licenses": [ + "GPL-3.0-or-later WITH OpenSSL-Exception" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "libcrypto3@3.3.3-r0", + "libidn2@2.3.7-r0", + "libssl3@3.3.3-r0", + "musl@1.2.5-r9", + "pcre2@10.43-r0", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", + "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" + }, + "Digest": "sha1:cf66ba546e27cae8675275230129dabd4562c8b6", + "InstalledFiles": [ + "etc/wgetrc", + "usr/bin/wget" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "xz-libs@5.6.3-r0", + "Name": "xz-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/xz-libs@5.6.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "458a272f25e033f6" + }, + "Version": "5.6.3-r0", + "Arch": "x86_64", + "SrcName": "xz", + "SrcVersion": "5.6.3-r0", + "Licenses": [ + "GPL-2.0-or-later", + "0BSD", + "Public-Domain", + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", + "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" + }, + "Digest": "sha1:019d37b9326daf6a7a7840ec5957b7a65c79ccac", + "InstalledFiles": [ + "usr/lib/liblzma.so.5", + "usr/lib/liblzma.so.5.6.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "zlib@1.3.1-r2", + "Name": "zlib", + "Identifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.21.3", + "UID": "3b545badcbeb3bc0" + }, + "Version": "1.3.1-r2", + "Arch": "x86_64", + "SrcName": "zlib", + "SrcVersion": "1.3.1-r2", + "Licenses": [ + "Zlib" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:f0b90f76367ac51b4a3e70432ed00e6dca6a7432", + "InstalledFiles": [ + "usr/lib/libz.so.1", + "usr/lib/libz.so.1.3.1" + ], + "AnalyzedBy": "apk" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2024-58251", + "PkgID": "busybox@1.37.0-r12", + "PkgName": "busybox", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", + "UID": "40c5c5c69a5100e0" + }, + "InstalledVersion": "1.37.0-r12", + "FixedVersion": "1.37.0-r14", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:a0458d901fae4b6a2a76979084dafa0d12d59231d36316171ba8a092cf60fd11", + "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", + "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/23/6", + "https://bugs.busybox.net/show_bug.cgi?id=15922", + "https://www.busybox.net", + "https://www.busybox.net/downloads/", + "https://www.cve.org/CVERecord?id=CVE-2024-58251" + ], + "PublishedDate": "2025-04-23T18:16:03.057Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-58251", + "PkgID": "busybox-binsh@1.37.0-r12", + "PkgName": "busybox-binsh", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", + "UID": "f727574eea8e47ea" + }, + "InstalledVersion": "1.37.0-r12", + "FixedVersion": "1.37.0-r14", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:222146df23314a2464ebfa26b270d329ec1c846607c8cbaa73d794a3b1a2791e", + "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", + "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/23/6", + "https://bugs.busybox.net/show_bug.cgi?id=15922", + "https://www.busybox.net", + "https://www.busybox.net/downloads/", + "https://www.cve.org/CVERecord?id=CVE-2024-58251" + ], + "PublishedDate": "2025-04-23T18:16:03.057Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2026-31789", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:1209cc92f8efdcd1dd605779863f663bdbdb072f0b82582f763f5f8dc80d53e8", + "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", + "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "nvd": 4, + "photon": 4, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 5.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31789", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-j79m-9jxq-788r", + "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", + "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", + "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", + "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", + "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31789", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.617Z", + "LastModifiedDate": "2026-05-12T13:17:34.57Z" + }, + { + "VulnerabilityID": "CVE-2025-15467", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:0c76034b883105d916a5a54aa9f6301b760dd5847a793ef16ae8d7648f02740f", + "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", + "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 4, + "julia": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6", + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-15467", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", + "https://github.com/guiimoraes/CVE-2025-15467", + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://linux.oracle.com/cve/CVE-2025-15467.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-15467" + ], + "PublishedDate": "2026-01-27T16:16:14.257Z", + "LastModifiedDate": "2026-05-07T18:12:43.253Z" + }, + { + "VulnerabilityID": "CVE-2025-69421", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:1d9f4579f17b13132b92ce49d26cd08c7dd47152283daf1da8f2058b50c90522", + "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", + "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-69421", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://linux.oracle.com/cve/CVE-2025-69421.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69421" + ], + "PublishedDate": "2026-01-27T16:16:34.437Z", + "LastModifiedDate": "2026-05-12T13:17:26.71Z" + }, + { + "VulnerabilityID": "CVE-2026-28387", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:5156b868850ff189c0bc1ee51dc02f628313115b6470ea507f47db3deadabb11", + "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", + "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28387", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", + "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", + "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", + "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", + "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28387", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.7Z", + "LastModifiedDate": "2026-05-12T13:17:33.27Z" + }, + { + "VulnerabilityID": "CVE-2026-28388", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:57ca1c7ea5e673f9df60010f7d6b9098eea1710c84a0735b83eb98110e0e0973", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", + "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28388", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", + "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", + "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", + "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", + "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28388", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.863Z", + "LastModifiedDate": "2026-05-12T13:17:33.453Z" + }, + { + "VulnerabilityID": "CVE-2026-28389", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ec294a5bdaa5caa7bc7809b5df710bae47786bbe8ecdb92d4fa5d72ec823910b", + "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28389", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/advisories/GHSA-7x88-9hgc-69gf", + "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", + "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", + "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", + "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", + "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28389", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.03Z", + "LastModifiedDate": "2026-05-12T13:17:33.637Z" + }, + { + "VulnerabilityID": "CVE-2026-28390", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:3c2817e1b80590491a31f1d58e5e542ec4772263b5638bd897cde01eacd5dfc6", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28390", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", + "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", + "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", + "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", + "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28390", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.19Z", + "LastModifiedDate": "2026-05-12T13:17:33.81Z" + }, + { + "VulnerabilityID": "CVE-2025-69419", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:135413c7598c5fb196ac3699f5f16a43843afeee939c9050bb977e8b2c4e370d", + "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", + "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4472", + "https://access.redhat.com/security/cve/CVE-2025-69419", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-4472.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-x77r-97gw-wh89", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://linux.oracle.com/cve/CVE-2025-69419.html", + "https://linux.oracle.com/errata/ELSA-2026-50131.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69419" + ], + "PublishedDate": "2026-01-27T16:16:34.113Z", + "LastModifiedDate": "2026-05-12T13:17:26.19Z" + }, + { + "VulnerabilityID": "CVE-2025-9230", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:804693af6eb0bd28a7f1932c08111f752791874cf15714505f02ee94b2fe9cfb", + "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", + "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://access.redhat.com/errata/RHSA-2026:2776", + "https://access.redhat.com/security/cve/CVE-2025-9230", + "https://bugzilla.redhat.com/2396054", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", + "https://errata.almalinux.org/9/ALSA-2026-2776.html", + "https://errata.rockylinux.org/RLSA-2025:21255", + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://linux.oracle.com/cve/CVE-2025-9230.html", + "https://linux.oracle.com/errata/ELSA-2026-50114.html", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9230" + ], + "PublishedDate": "2025-09-30T14:15:41.05Z", + "LastModifiedDate": "2026-05-12T13:17:29.767Z" + }, + { + "VulnerabilityID": "CVE-2025-9231", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:f01c3b2dc3e1c8a4106165b1b6c72d696d627e42fc133ef2a39fa6dbed8a9a92", + "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-385" + ], + "VendorSeverity": { + "amazon": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "http://www.openwall.com/lists/oss-security/2026/05/11/11", + "https://access.redhat.com/security/cve/CVE-2025-9231", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", + "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", + "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", + "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", + "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9231" + ], + "PublishedDate": "2025-09-30T14:15:41.19Z", + "LastModifiedDate": "2026-05-12T13:17:29.927Z" + }, + { + "VulnerabilityID": "CVE-2026-31790", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ab8f86d8cc2c238019e30550e11e47df84bbac53617e39fe70a6df96063f2d55", + "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", + "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31790", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", + "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", + "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", + "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", + "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", + "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31790", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.77Z", + "LastModifiedDate": "2026-05-12T13:17:34.75Z" + }, + { + "VulnerabilityID": "CVE-2026-31789", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:c96d8cf77af4d42752d33521ed3a9ab66e68a4ffc7c972977dc25593da3dab80", + "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", + "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "nvd": 4, + "photon": 4, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 5.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31789", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-j79m-9jxq-788r", + "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", + "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", + "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", + "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", + "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31789", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.617Z", + "LastModifiedDate": "2026-05-12T13:17:34.57Z" + }, + { + "VulnerabilityID": "CVE-2025-15467", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:489033601741ae62fdf154af8696b85c772b6c6dffddc8af61aa734711a7a0e4", + "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", + "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 4, + "julia": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6", + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-15467", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", + "https://github.com/guiimoraes/CVE-2025-15467", + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://linux.oracle.com/cve/CVE-2025-15467.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-15467" + ], + "PublishedDate": "2026-01-27T16:16:14.257Z", + "LastModifiedDate": "2026-05-07T18:12:43.253Z" + }, + { + "VulnerabilityID": "CVE-2025-69421", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ce3558d19cdb2dacfa039a8dd0f9d9b6c8dbd6fa15cf12b77f82cc19666e84ea", + "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", + "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-69421", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://linux.oracle.com/cve/CVE-2025-69421.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69421" + ], + "PublishedDate": "2026-01-27T16:16:34.437Z", + "LastModifiedDate": "2026-05-12T13:17:26.71Z" + }, + { + "VulnerabilityID": "CVE-2026-28387", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:864f75b6117202ee3fee8ae6359b2d3e47c4c4ec308fd21f835ba814e53203d8", + "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", + "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28387", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", + "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", + "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", + "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", + "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28387", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.7Z", + "LastModifiedDate": "2026-05-12T13:17:33.27Z" + }, + { + "VulnerabilityID": "CVE-2026-28388", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:a46dd1cf5aa7ab50ea850118d23f13fdd4d977e288e8c00e7c664e366a66a24a", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", + "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28388", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", + "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", + "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", + "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", + "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28388", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.863Z", + "LastModifiedDate": "2026-05-12T13:17:33.453Z" + }, + { + "VulnerabilityID": "CVE-2026-28389", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:fdc4eadc9c91279c0213cf32c0c0eccf8e33a170f8be4912f7a9d41c4b177fd9", + "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28389", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/advisories/GHSA-7x88-9hgc-69gf", + "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", + "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", + "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", + "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", + "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28389", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.03Z", + "LastModifiedDate": "2026-05-12T13:17:33.637Z" + }, + { + "VulnerabilityID": "CVE-2026-28390", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:497935cc7ea57607a4b81a788419296c5871ec2b0e2557b1354f70437dac9071", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28390", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", + "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", + "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", + "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", + "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28390", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.19Z", + "LastModifiedDate": "2026-05-12T13:17:33.81Z" + }, + { + "VulnerabilityID": "CVE-2025-69419", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:e92d583b215d51d88593f90309eea7b22b43d86c54839079c5c82f39ad10a192", + "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", + "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4472", + "https://access.redhat.com/security/cve/CVE-2025-69419", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-4472.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-x77r-97gw-wh89", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://linux.oracle.com/cve/CVE-2025-69419.html", + "https://linux.oracle.com/errata/ELSA-2026-50131.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69419" + ], + "PublishedDate": "2026-01-27T16:16:34.113Z", + "LastModifiedDate": "2026-05-12T13:17:26.19Z" + }, + { + "VulnerabilityID": "CVE-2025-9230", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:5ec23fd3f582fef3ce2ab81372c3214348a08cb0c53af10c294715861303735c", + "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", + "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://access.redhat.com/errata/RHSA-2026:2776", + "https://access.redhat.com/security/cve/CVE-2025-9230", + "https://bugzilla.redhat.com/2396054", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", + "https://errata.almalinux.org/9/ALSA-2026-2776.html", + "https://errata.rockylinux.org/RLSA-2025:21255", + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://linux.oracle.com/cve/CVE-2025-9230.html", + "https://linux.oracle.com/errata/ELSA-2026-50114.html", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9230" + ], + "PublishedDate": "2025-09-30T14:15:41.05Z", + "LastModifiedDate": "2026-05-12T13:17:29.767Z" + }, + { + "VulnerabilityID": "CVE-2025-9231", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:370852e3dca7772d8a2f2e4ba8cd2a4e58edb7797631085b186df1dce5579123", + "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-385" + ], + "VendorSeverity": { + "amazon": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "http://www.openwall.com/lists/oss-security/2026/05/11/11", + "https://access.redhat.com/security/cve/CVE-2025-9231", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", + "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", + "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", + "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", + "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9231" + ], + "PublishedDate": "2025-09-30T14:15:41.19Z", + "LastModifiedDate": "2026-05-12T13:17:29.927Z" + }, + { + "VulnerabilityID": "CVE-2026-31790", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:fefbcc47b1be4b87d3f9961108b74698b189a1ed15a7243643101b25376a3ca8", + "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", + "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31790", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", + "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", + "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", + "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", + "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", + "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31790", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.77Z", + "LastModifiedDate": "2026-05-12T13:17:34.75Z" + }, + { + "VulnerabilityID": "CVE-2026-40200", + "PkgID": "musl@1.2.5-r9", + "PkgName": "musl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", + "UID": "d0316c4ab0862e6b" + }, + "InstalledVersion": "1.2.5-r9", + "FixedVersion": "1.2.5-r11", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:0ff0cd2b52130fc08a0c2697bff157d1000ba68210e1176812fef74a2fb4ae51", + "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", + "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-670" + ], + "VendorSeverity": { + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/10/13", + "https://access.redhat.com/security/cve/CVE-2026-40200", + "https://musl.libc.org/releases.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", + "https://www.cve.org/CVERecord?id=CVE-2026-40200", + "https://www.openwall.com/lists/oss-security/2026/04/10/13" + ], + "PublishedDate": "2026-04-10T17:17:14.107Z", + "LastModifiedDate": "2026-04-27T19:18:46.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6042", + "PkgID": "musl@1.2.5-r9", + "PkgName": "musl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", + "UID": "d0316c4ab0862e6b" + }, + "InstalledVersion": "1.2.5-r9", + "FixedVersion": "1.2.5-r10", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:8a6a7e4635869c79a540d29a18398552c56be87e942981a7f408c793d5fbe3b3", + "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", + "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-404", + "CWE-407" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/09/19", + "https://access.redhat.com/security/cve/CVE-2026-6042", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", + "https://vuldb.com/submit/796352", + "https://vuldb.com/vuln/356620", + "https://vuldb.com/vuln/356620/cti", + "https://www.cve.org/CVERecord?id=CVE-2026-6042", + "https://www.openwall.com/lists/oss-security/2026/04/02/10", + "https://www.openwall.com/lists/oss-security/2026/04/03/2" + ], + "PublishedDate": "2026-04-10T09:16:25.45Z", + "LastModifiedDate": "2026-04-24T18:01:13.913Z" + }, + { + "VulnerabilityID": "CVE-2026-40200", + "PkgID": "musl-utils@1.2.5-r9", + "PkgName": "musl-utils", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", + "UID": "8991799c5350cf95" + }, + "InstalledVersion": "1.2.5-r9", + "FixedVersion": "1.2.5-r11", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ac23320a4554de5158c6732c204a0af55a7636c51328b2e3aea2a38359947fbd", + "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", + "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-670" + ], + "VendorSeverity": { + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/10/13", + "https://access.redhat.com/security/cve/CVE-2026-40200", + "https://musl.libc.org/releases.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", + "https://www.cve.org/CVERecord?id=CVE-2026-40200", + "https://www.openwall.com/lists/oss-security/2026/04/10/13" + ], + "PublishedDate": "2026-04-10T17:17:14.107Z", + "LastModifiedDate": "2026-04-27T19:18:46.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6042", + "PkgID": "musl-utils@1.2.5-r9", + "PkgName": "musl-utils", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", + "UID": "8991799c5350cf95" + }, + "InstalledVersion": "1.2.5-r9", + "FixedVersion": "1.2.5-r10", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:384b05b3dc9ce9a13198224ec8058acbb193eb8280001dea4152a22299dac431", + "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", + "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-404", + "CWE-407" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/09/19", + "https://access.redhat.com/security/cve/CVE-2026-6042", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", + "https://vuldb.com/submit/796352", + "https://vuldb.com/vuln/356620", + "https://vuldb.com/vuln/356620/cti", + "https://www.cve.org/CVERecord?id=CVE-2026-6042", + "https://www.openwall.com/lists/oss-security/2026/04/02/10", + "https://www.openwall.com/lists/oss-security/2026/04/03/2" + ], + "PublishedDate": "2026-04-10T09:16:25.45Z", + "LastModifiedDate": "2026-04-24T18:01:13.913Z" + }, + { + "VulnerabilityID": "CVE-2025-3277", + "PkgID": "sqlite-libs@3.48.0-r0", + "PkgName": "sqlite-libs", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/sqlite-libs@3.48.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "97ae2c9dd021d9ff" + }, + "InstalledVersion": "3.48.0-r0", + "FixedVersion": "3.48.0-r1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", + "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3277", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:5de32cb3d61878791c86a15c1d6b8294ef8c0a06101e8bdf3cef6d3f7a60a019", + "Title": "SQLite: integer overflow in SQLite", + "Description": "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-122", + "CWE-190" + ], + "VendorSeverity": { + "alma": 3, + "bitnami": 2, + "nvd": 4, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L", + "V40Score": 6.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7433", + "https://access.redhat.com/security/cve/CVE-2025-3277", + "https://bugzilla.redhat.com/2358271", + "https://bugzilla.redhat.com/2359553", + "https://bugzilla.redhat.com/show_bug.cgi?id=2358271", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359553", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31498", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3277", + "https://errata.almalinux.org/9/ALSA-2025-7433.html", + "https://errata.rockylinux.org/RLSA-2025:7433", + "https://linux.oracle.com/cve/CVE-2025-3277.html", + "https://linux.oracle.com/errata/ELSA-2025-7517.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-3277", + "https://sqlite.org/src/info/498e3f1cf57f164f", + "https://ubuntu.com/security/notices/USN-7528-1", + "https://www.cve.org/CVERecord?id=CVE-2025-3277" + ], + "PublishedDate": "2025-04-14T17:15:27.297Z", + "LastModifiedDate": "2025-08-18T21:28:16.38Z" + }, + { + "VulnerabilityID": "CVE-2025-6965", + "PkgID": "sqlite-libs@3.48.0-r0", + "PkgName": "sqlite-libs", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/sqlite-libs@3.48.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "97ae2c9dd021d9ff" + }, + "InstalledVersion": "3.48.0-r0", + "FixedVersion": "3.48.0-r3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", + "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-6965", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:6f2107e183bf919fa006fca259d0ae7ea83fc6c7bee3c3bc466fa242dca3b871", + "Title": "sqlite: Integer Truncation in SQLite", + "Description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-197" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 4, + "oracle-oval": 3, + "photon": 4, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V40Vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/S:N/AU:N/R:U/V:D/RE:L/U:Green", + "V40Score": 7.2 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "V3Score": 7.7 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2025/Sep/49", + "http://seclists.org/fulldisclosure/2025/Sep/53", + "http://seclists.org/fulldisclosure/2025/Sep/56", + "http://seclists.org/fulldisclosure/2025/Sep/57", + "http://seclists.org/fulldisclosure/2025/Sep/58", + "http://www.openwall.com/lists/oss-security/2025/09/06/1", + "https://access.redhat.com/errata/RHSA-2025:20936", + "https://access.redhat.com/security/cve/CVE-2025-6965", + "https://bugzilla.redhat.com/2380149", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380149", + "https://cert-portal.siemens.com/productcert/html/ssa-225816.html", + "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965", + "https://errata.almalinux.org/9/ALSA-2025-20936.html", + "https://errata.rockylinux.org/RLSA-2025:20936", + "https://linux.oracle.com/cve/CVE-2025-6965.html", + "https://linux.oracle.com/errata/ELSA-2025-20936.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", + "https://ubuntu.com/security/notices/USN-7676-1", + "https://ubuntu.com/security/notices/USN-7679-1", + "https://www.cve.org/CVERecord?id=CVE-2025-6965", + "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL", + "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8" + ], + "PublishedDate": "2025-07-15T14:15:31.08Z", + "LastModifiedDate": "2026-04-14T10:16:29.853Z" + }, + { + "VulnerabilityID": "CVE-2025-29087", + "PkgID": "sqlite-libs@3.48.0-r0", + "PkgName": "sqlite-libs", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/sqlite-libs@3.48.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "97ae2c9dd021d9ff" + }, + "InstalledVersion": "3.48.0-r0", + "FixedVersion": "3.48.0-r1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", + "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-29087", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:4643b8f19c0c1d4941159bb044cfa95b3d4c5df7ca4a2276bfed8933adb8e9c1", + "Title": "sqlite: Integer Overflow in SQLite concat_ws Function", + "Description": "In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-29087", + "https://gist.github.com/ylwango613/a44a29f1ef074fa783e29f04a0afd62a", + "https://nvd.nist.gov/vuln/detail/CVE-2025-29087", + "https://sqlite.org/releaselog/3_49_1.html", + "https://sqlite.org/src/info/498e3f1cf57f164f", + "https://ubuntu.com/security/notices/USN-7528-1", + "https://www.cve.org/CVERecord?id=CVE-2025-29087", + "https://www.sqlite.org/cves.html" + ], + "PublishedDate": "2025-04-07T20:15:20.253Z", + "LastModifiedDate": "2025-04-30T12:43:22.31Z" + }, + { + "VulnerabilityID": "CVE-2025-29088", + "PkgID": "sqlite-libs@3.48.0-r0", + "PkgName": "sqlite-libs", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/sqlite-libs@3.48.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "97ae2c9dd021d9ff" + }, + "InstalledVersion": "3.48.0-r0", + "FixedVersion": "3.48.0-r4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", + "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-29088", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:4f08b21186bd429cb332a5b7bf4029ace16f81911c8e1ae85b68844f5fe3eec2", + "Title": "sqlite: Denial of Service in SQLite", + "Description": "In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-29088", + "https://gist.github.com/ylwango613/d3883fb9f6ba8a78086356779ce88248", + "https://github.com/sqlite/sqlite/commit/56d2fd008b108109f489339f5fd55212bb50afd4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-29088", + "https://sqlite.org/forum/forumpost/48f365daec", + "https://sqlite.org/releaselog/3_49_1.html", + "https://ubuntu.com/security/notices/USN-7528-1", + "https://ubuntu.com/security/notices/USN-7679-1", + "https://www.cve.org/CVERecord?id=CVE-2025-29088", + "https://www.sqlite.org/cves.html" + ], + "PublishedDate": "2025-04-10T14:15:27.163Z", + "LastModifiedDate": "2025-09-30T16:59:27.32Z" + }, + { + "VulnerabilityID": "CVE-2024-58251", + "PkgID": "ssl_client@1.37.0-r12", + "PkgName": "ssl_client", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", + "UID": "7637191a09ed06b3" + }, + "InstalledVersion": "1.37.0-r12", + "FixedVersion": "1.37.0-r14", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:0c9ae8d3b74899aa31cf60a6f820663f5940dd6aa69006c8d14ce43e40982904", + "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", + "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/23/6", + "https://bugs.busybox.net/show_bug.cgi?id=15922", + "https://www.busybox.net", + "https://www.busybox.net/downloads/", + "https://www.cve.org/CVERecord?id=CVE-2024-58251" + ], + "PublishedDate": "2025-04-23T18:16:03.057Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-31115", + "PkgID": "xz-libs@5.6.3-r0", + "PkgName": "xz-libs", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/xz-libs@5.6.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "458a272f25e033f6" + }, + "InstalledVersion": "5.6.3-r0", + "FixedVersion": "5.6.3-r1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", + "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-31115", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:89e3500de9e2ccf2b4838ff86c4e02b10b473ece2dbfbee71d5008487c57ecf6", + "Title": "xz: XZ has a heap-use-after-free bug in threaded .xz decoder", + "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null pointer plus an offset. Applications and libraries that use the lzma_stream_decoder_mt function are affected. The bug has been fixed in XZ Utils 5.8.1, and the fix has been committed to the v5.4, v5.6, v5.8, and master branches in the xz Git repository. No new release packages will be made from the old stable branches, but a standalone patch is available that applies to all affected releases.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-366", + "CWE-416", + "CWE-476", + "CWE-826" + ], + "VendorSeverity": { + "azure": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/03/1", + "http://www.openwall.com/lists/oss-security/2025/04/03/2", + "http://www.openwall.com/lists/oss-security/2025/04/03/3", + "https://access.redhat.com/security/cve/CVE-2025-31115", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357249", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31115", + "https://errata.rockylinux.org/RLSA-2025:7524", + "https://github.com/tukaani-project/xz/commit/d5a2ffe41bb77b918a8c96084885d4dbe4bf6480", + "https://github.com/tukaani-project/xz/security/advisories/GHSA-6cc8-p5mm-29w2", + "https://linux.oracle.com/cve/CVE-2025-31115.html", + "https://linux.oracle.com/errata/ELSA-2025-7524.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-31115", + "https://tukaani.org/xz/xz-cve-2025-31115.patch", + "https://ubuntu.com/security/notices/USN-7414-1", + "https://www.cve.org/CVERecord?id=CVE-2025-31115" + ], + "PublishedDate": "2025-04-03T17:15:30.54Z", + "LastModifiedDate": "2026-05-12T13:16:40.627Z" + }, + { + "VulnerabilityID": "CVE-2026-34743", + "PkgID": "xz-libs@5.6.3-r0", + "PkgName": "xz-libs", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/xz-libs@5.6.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "458a272f25e033f6" + }, + "InstalledVersion": "5.6.3-r0", + "FixedVersion": "5.8.3-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", + "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34743", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:918d09a184dac74cd581d51736ab53e4917274818f596f4acb14cb9096f6ab14", + "Title": "xz: XZ Utils: Denial of Service via buffer overflow in index decoding", + "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/31/13", + "https://access.redhat.com/security/cve/CVE-2026-34743", + "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", + "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", + "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", + "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", + "https://www.cve.org/CVERecord?id=CVE-2026-34743" + ], + "PublishedDate": "2026-04-02T19:21:33.187Z", + "LastModifiedDate": "2026-04-15T17:33:17.68Z" + }, + { + "VulnerabilityID": "CVE-2026-22184", + "PkgID": "zlib@1.3.1-r2", + "PkgName": "zlib", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.21.3", + "UID": "3b545badcbeb3bc0" + }, + "InstalledVersion": "1.3.1-r2", + "FixedVersion": "1.3.2-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22184", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:9f702687f01702eb3c4037d2ef2feba1f30390b4bf1c049965687f3a79827df5", + "Title": "zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility", + "Description": "zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "nvd": 3, + "redhat": 3 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 8.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-22184", + "https://github.com/madler/zlib", + "https://github.com/madler/zlib/issues/1142", + "https://nvd.nist.gov/vuln/detail/CVE-2026-22184", + "https://seclists.org/fulldisclosure/2026/Jan/3", + "https://www.cve.org/CVERecord?id=CVE-2026-22184", + "https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname", + "https://zlib.net/" + ], + "PublishedDate": "2026-01-07T21:16:01.563Z", + "LastModifiedDate": "2026-03-18T16:26:31.14Z" + }, + { + "VulnerabilityID": "CVE-2026-27171", + "PkgID": "zlib@1.3.1-r2", + "PkgName": "zlib", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.21.3", + "UID": "3b545badcbeb3bc0" + }, + "InstalledVersion": "1.3.1-r2", + "FixedVersion": "1.3.2-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:41846e162e0062d6ee68fa53fea06f95747e5fd6905d8e8c285356280e8258a5", + "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", + "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1284" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 1, + "cbl-mariner": 1, + "julia": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://access.redhat.com/security/cve/CVE-2026-27171", + "https://github.com/advisories/GHSA-h858-mf2m-8jf4", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "https://ostif.org/zlib-audit-complete", + "https://ostif.org/zlib-audit-complete/", + "https://www.cve.org/CVERecord?id=CVE-2026-27171" + ], + "PublishedDate": "2026-02-18T04:16:01.263Z", + "LastModifiedDate": "2026-03-25T21:27:04.603Z" + } + ] + }, + { + "Target": "Python", + "Class": "lang-pkgs", + "Type": "python-pkg", + "Packages": [ + { + "Name": "getmail6", + "Identifier": { + "PURL": "pkg:pypi/getmail6@6.19.7", + "UID": "e4cf6543a6f1887d" + }, + "Version": "6.19.7", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Layer": { + "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", + "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" + }, + "FilePath": "usr/local/lib/python3.13/site-packages/getmail6-6.19.7.dist-info/METADATA", + "AnalyzedBy": "python-pkg" + }, + { + "Name": "pip", + "Identifier": { + "PURL": "pkg:pypi/pip@24.3.1", + "UID": "4f58503391f310a" + }, + "Version": "24.3.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", + "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" + }, + "FilePath": "usr/local/lib/python3.13/site-packages/pip-24.3.1.dist-info/METADATA", + "AnalyzedBy": "python-pkg" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2025-8869", + "VendorIDs": [ + "GHSA-4xh5-x5gv-qwph" + ], + "PkgName": "pip", + "PkgPath": "usr/local/lib/python3.13/site-packages/pip-24.3.1.dist-info/METADATA", + "PkgIdentifier": { + "PURL": "pkg:pypi/pip@24.3.1", + "UID": "4f58503391f310a" + }, + "InstalledVersion": "24.3.1", + "FixedVersion": "25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", + "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8869", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory pip", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" + }, + "Fingerprint": "sha256:14b39f9a4a84ce18006c35848183075ad4edfc10d082801f8a2a7382a0ba21db", + "Title": "pip: pip missing checks on symbolic link extraction", + "Description": "When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706.\nNote that upgrading pip to a \"fixed\" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python version that implements PEP 706.\n\nNote that this is a vulnerability in pip's fallback implementation of tar extraction for Python versions that don't implement PEP 706\nand therefore are not secure to all vulnerabilities in the Python 'tarfile' module. If you're using a Python version that implements PEP 706\nthen pip doesn't use the \"vulnerable\" fallback code.\n\nMitigations include upgrading to a version of pip that includes the fix, upgrading to a Python version that implements PEP 706 (Python \u003e=3.9.17, \u003e=3.10.12, \u003e=3.11.4, or \u003e=3.12),\napplying the linked patch, or inspecting source distributions (sdists) before installation as is already a best-practice.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", + "V40Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8869", + "https://github.com/pypa/pip", + "https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a", + "https://github.com/pypa/pip/pull/13550", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html", + "https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN", + "https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN/", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8869", + "https://pip.pypa.io/en/stable/news/#v25-2", + "https://www.cve.org/CVERecord?id=CVE-2025-8869" + ], + "PublishedDate": "2025-09-24T15:15:41.293Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2026-3219", + "VendorIDs": [ + "GHSA-58qw-9mgm-455v" + ], + "PkgName": "pip", + "PkgPath": "usr/local/lib/python3.13/site-packages/pip-24.3.1.dist-info/METADATA", + "PkgIdentifier": { + "PURL": "pkg:pypi/pip@24.3.1", + "UID": "4f58503391f310a" + }, + "InstalledVersion": "24.3.1", + "FixedVersion": "26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", + "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3219", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory pip", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" + }, + "Fingerprint": "sha256:27d65b16c989876a57236f140f47280032bf2ea1eb32623ebe46c2d5f0ba8be8", + "Title": "pip: pip: Incorrect file installation due to improper archive handling", + "Description": "pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing \"incorrect\" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-434" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", + "V40Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/20/8", + "https://access.redhat.com/security/cve/CVE-2026-3219", + "https://github.com/pypa/pip", + "https://github.com/pypa/pip/issues/13867", + "https://github.com/pypa/pip/pull/13870", + "https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ", + "https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ/", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3219", + "https://www.cve.org/CVERecord?id=CVE-2026-3219" + ], + "PublishedDate": "2026-04-20T16:16:45.43Z", + "LastModifiedDate": "2026-04-20T21:16:36.42Z" + }, + { + "VulnerabilityID": "CVE-2026-6357", + "VendorIDs": [ + "GHSA-jp4c-xjxw-mgf9" + ], + "PkgName": "pip", + "PkgPath": "usr/local/lib/python3.13/site-packages/pip-24.3.1.dist-info/METADATA", + "PkgIdentifier": { + "PURL": "pkg:pypi/pip@24.3.1", + "UID": "4f58503391f310a" + }, + "InstalledVersion": "24.3.1", + "FixedVersion": "26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", + "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6357", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory pip", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" + }, + "Fingerprint": "sha256:6bc78543398c7ca5f2e2d7135006e937e32eec331374f513c8ca3556fb7a891d", + "Title": "pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation", + "Description": "pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-829" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", + "V40Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 5.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/27/7", + "https://access.redhat.com/security/cve/CVE-2026-6357", + "https://github.com/pypa/pip", + "https://github.com/pypa/pip/commit/b369bfc96cc524e00c267e1693290e6599c36bad", + "https://github.com/pypa/pip/pull/13923", + "https://ichard26.github.io/blog/2026/04/whats-new-in-pip-26.1/#security-fixes", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6357", + "https://www.cve.org/CVERecord?id=CVE-2026-6357" + ], + "PublishedDate": "2026-04-27T15:16:20.857Z", + "LastModifiedDate": "2026-04-27T23:16:03.533Z" + } + ] + } + ] + }, + { + "Namespace": "mail", + "Kind": "Deployment", + "Name": "postfix", + "Metadata": [ + { + "Size": 41336320, + "OS": { + "Family": "alpine", + "Name": "3.16.9", + "EOSL": true + }, + "ImageID": "sha256:bc3edcf153d2587e3f50d51bfffb7a9440f07307fdd61414039b9b9f1abe88b4", + "DiffIDs": [ + "sha256:5535fda0356bb3eff348b2f618314a47946d7ccfbeb880b3fc910dd7375ae140", + "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2", + "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d", + "sha256:8601cf25f595362b38b93073b0c1bca028cd045d7e306dc535060c56e5cd89b8", + "sha256:afcbd1cbb5b8884fa0f936b7ff152814bf17f5df59124d41694b7eeda23ff951", + "sha256:89990f9ab1ef99727683c3b051ac440074020f2549a6d2ff2cad2c1477134c03", + "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", + "sha256:71e530aa3847093ac9fcc703f6fc3c80c6437c86634d6ec5c2e39aa13498770a" + ], + "RepoTags": [ + "tozd/postfix:alpine-316" + ], + "RepoDigests": [ + "tozd/postfix@sha256:e7d9d903191508713f6f76d843c161b79bc59d637f1a9c76bfa5e8aee5ca061b" + ], + "Reference": "tozd/postfix:alpine-316", + "ImageConfig": { + "architecture": "amd64", + "created": "2026-05-21T17:47:40.685528631Z", + "history": [ + { + "created": "2024-01-27T00:31:09.42422573Z", + "created_by": "/bin/sh -c #(nop) ADD file:b308dfeecaa300a430b4e65e312a48eb5f191df7754e93ff4e7b2d04016b3ca7 in / " + }, + { + "created": "2024-01-27T00:31:09.532912003Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]", + "empty_layer": true + }, + { + "created": "2026-04-22T19:49:11.533222902Z", + "created_by": "RUN /bin/sh -c apk update \u0026\u0026 apk upgrade \u0026\u0026 apk add sudo file bash \u0026\u0026 apk add cmake make musl-dev gcc gettext-dev libintl \u0026\u0026 wget https://gitlab.com/rilian-la-te/musl-locales/-/archive/1101fb2bcdd189cd9415b8bd1c775eb43527d25c/musl-locales-1101fb2bcdd189cd9415b8bd1c775eb43527d25c.tar.gz \u0026\u0026 tar -xzf musl-locales-*.tar.gz \u0026\u0026 cd musl-locales-* \u0026\u0026 cmake -D LOCALE_PROFILE=OFF -D CMAKE_INSTALL_PREFIX:PATH=/usr . \u0026\u0026 make \u0026\u0026 make install \u0026\u0026 cd .. \u0026\u0026 rm -rf musl-locales-* musl-locales-*.tar.gz \u0026\u0026 apk del cmake make musl-dev gcc gettext-dev \u0026\u0026 echo 'UTC' \u003e /etc/timezone \u0026\u0026 rm -rf /var/cache/apk/* # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-04-22T19:49:11.533222902Z", + "created_by": "ENV MUSL_LOCPATH=/usr/share/i18n/locales/musl", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-22T19:49:11.533222902Z", + "created_by": "ENV LC_ALL=en_US.UTF-8", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-22T20:11:39.035668572Z", + "created_by": "ARG TARGETARCH=amd64", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-22T20:11:39.035668572Z", + "created_by": "RUN |1 TARGETARCH=amd64 /bin/sh -c apk add --no-cache runit tzdata \u0026\u0026 wget -O /dinit https://gitlab.com/tozd/dinit/-/releases/v0.4.0/downloads/linux-${TARGETARCH:-amd64}/dinit \u0026\u0026 chmod +x /dinit \u0026\u0026 wget -O /usr/local/bin/regex2json https://gitlab.com/tozd/regex2json/-/releases/v0.13.0/downloads/linux-${TARGETARCH:-amd64}/regex2json \u0026\u0026 chmod +x /usr/local/bin/regex2json # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-04-22T20:11:39.035668572Z", + "created_by": "ENTRYPOINT [\"/dinit\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-21T17:47:39.335380745Z", + "created_by": "EXPOSE [25/tcp 465/tcp 587/tcp]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-21T17:47:39.335380745Z", + "created_by": "VOLUME [/var/log/postfix]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-21T17:47:39.335380745Z", + "created_by": "VOLUME [/var/spool/postfix]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-21T17:47:39.335380745Z", + "created_by": "ENV MAILNAME=mail.example.com", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-21T17:47:39.335380745Z", + "created_by": "ENV MY_NETWORKS=172.17.0.0/16 127.0.0.0/8", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-21T17:47:39.335380745Z", + "created_by": "ENV MY_DESTINATION=localhost.localdomain, localhost", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-21T17:47:39.335380745Z", + "created_by": "ENV ROOT_ALIAS=admin@example.com", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-21T17:47:39.335380745Z", + "created_by": "ENV LOG_TO_STDOUT=0", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-21T17:47:39.335380745Z", + "created_by": "COPY ./etc/aliases /etc/aliases # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-21T17:47:40.345088922Z", + "created_by": "RUN /bin/sh -c apk add --no-cache postfix postfix-pcre # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-21T17:47:40.571710368Z", + "created_by": "RUN /bin/sh -c postconf -e mydestination=\"localhost.localdomain, localhost\" \u0026\u0026 postconf -e smtpd_banner='$myhostname ESMTP $mail_name' \u0026\u0026 postconf -# myhostname \u0026\u0026 postconf -e inet_protocols=ipv4 # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-21T17:47:40.571710368Z", + "created_by": "ENV POSTFIX_PATH=/usr/libexec/postfix/master", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-21T17:47:40.643464993Z", + "created_by": "COPY ./etc/aliases /etc/aliases # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-21T17:47:40.685528631Z", + "created_by": "COPY ./etc/service/postfix /etc/service/postfix # buildkit", + "comment": "buildkit.dockerfile.v0" + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:5535fda0356bb3eff348b2f618314a47946d7ccfbeb880b3fc910dd7375ae140", + "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2", + "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d", + "sha256:8601cf25f595362b38b93073b0c1bca028cd045d7e306dc535060c56e5cd89b8", + "sha256:afcbd1cbb5b8884fa0f936b7ff152814bf17f5df59124d41694b7eeda23ff951", + "sha256:89990f9ab1ef99727683c3b051ac440074020f2549a6d2ff2cad2c1477134c03", + "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", + "sha256:71e530aa3847093ac9fcc703f6fc3c80c6437c86634d6ec5c2e39aa13498770a" + ] + }, + "config": { + "Entrypoint": [ + "/dinit" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "MUSL_LOCPATH=/usr/share/i18n/locales/musl", + "LC_ALL=en_US.UTF-8", + "MAILNAME=mail.example.com", + "MY_NETWORKS=172.17.0.0/16 127.0.0.0/8", + "MY_DESTINATION=localhost.localdomain, localhost", + "ROOT_ALIAS=admin@example.com", + "LOG_TO_STDOUT=0", + "POSTFIX_PATH=/usr/libexec/postfix/master" + ], + "Volumes": { + "/var/log/postfix": {}, + "/var/spool/postfix": {} + }, + "ExposedPorts": { + "25/tcp": {}, + "465/tcp": {}, + "587/tcp": {} + } + } + }, + "Layers": [ + { + "Size": 5827584, + "Digest": "sha256:a88dc8b54e91eb6b19695ef7e04865926d4df23004f414a3ee86978617492d4d", + "DiffID": "sha256:5535fda0356bb3eff348b2f618314a47946d7ccfbeb880b3fc910dd7375ae140" + }, + { + "Size": 13586432, + "Digest": "sha256:3c17db25a80559233b072fcb75a07818e67faea561b939d34a757001f75771ed", + "DiffID": "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2" + }, + { + "Size": 8687104, + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + { + "Size": 2560, + "Digest": "sha256:8731caaec5d6522a12867ce756d810b2d19fa429874062444712890d5de16be0", + "DiffID": "sha256:8601cf25f595362b38b93073b0c1bca028cd045d7e306dc535060c56e5cd89b8" + }, + { + "Size": 13194240, + "Digest": "sha256:11c13ca337c7c9207294ba298f14ee555a333c2eb4ff188cfc68309eeb63928c", + "DiffID": "sha256:afcbd1cbb5b8884fa0f936b7ff152814bf17f5df59124d41694b7eeda23ff951" + }, + { + "Size": 30208, + "Digest": "sha256:ff0c35dba1e49cef1ae264a39d075ec8476f4b68545b0fbd4e8cb6206f02f4ce", + "DiffID": "sha256:89990f9ab1ef99727683c3b051ac440074020f2549a6d2ff2cad2c1477134c03" + }, + { + "Size": 1024, + "Digest": "sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1", + "DiffID": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" + }, + { + "Size": 7168, + "Digest": "sha256:241288f10b0cf168e3f0de6837d6118dd77b1b30ddc84552e1d8607266d213e7", + "DiffID": "sha256:71e530aa3847093ac9fcc703f6fc3c80c6437c86634d6ec5c2e39aa13498770a" + } + ] + } + ], + "Results": [ + { + "Target": "tozd/postfix:alpine-316 (alpine 3.16.9)", + "Class": "os-pkgs", + "Type": "alpine", + "Packages": [ + { + "ID": "alpine-baselayout@3.2.0-r23", + "Name": "alpine-baselayout", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout@3.2.0-r23?arch=x86_64\u0026distro=3.16.9", + "UID": "c9bb66b39aa528cd" + }, + "Version": "3.2.0-r23", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.2.0-r23", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-baselayout-data@3.2.0-r23", + "busybox@1.35.0-r18", + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:a88dc8b54e91eb6b19695ef7e04865926d4df23004f414a3ee86978617492d4d", + "DiffID": "sha256:5535fda0356bb3eff348b2f618314a47946d7ccfbeb880b3fc910dd7375ae140" + }, + "Digest": "sha1:f5423b531ca2532c06e9a7b0f5cde50813ec86c1", + "InstalledFiles": [ + "etc/motd", + "etc/crontabs/root", + "etc/modprobe.d/aliases.conf", + "etc/modprobe.d/blacklist.conf", + "etc/modprobe.d/i386.conf", + "etc/modprobe.d/kms.conf", + "etc/profile.d/README", + "etc/profile.d/color_prompt.sh.disabled", + "etc/profile.d/locale.sh", + "lib/sysctl.d/00-alpine.conf", + "sbin/mkmntdirs", + "var/run", + "var/spool/mail", + "var/spool/cron/crontabs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-baselayout-data@3.2.0-r23", + "Name": "alpine-baselayout-data", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.2.0-r23?arch=x86_64\u0026distro=3.16.9", + "UID": "3052a70de4c8ac9c" + }, + "Version": "3.2.0-r23", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.2.0-r23", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:a88dc8b54e91eb6b19695ef7e04865926d4df23004f414a3ee86978617492d4d", + "DiffID": "sha256:5535fda0356bb3eff348b2f618314a47946d7ccfbeb880b3fc910dd7375ae140" + }, + "Digest": "sha1:7781d0fc6c9fc3b3510f5a91bce812e88cd3dac2", + "InstalledFiles": [ + "etc/fstab", + "etc/group", + "etc/hostname", + "etc/hosts", + "etc/inittab", + "etc/modules", + "etc/mtab", + "etc/nsswitch.conf", + "etc/passwd", + "etc/profile", + "etc/protocols", + "etc/services", + "etc/shadow", + "etc/shells", + "etc/sysctl.conf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-keys@2.4-r1", + "Name": "alpine-keys", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64\u0026distro=3.16.9", + "UID": "caf9b27003694a64" + }, + "Version": "2.4-r1", + "Arch": "x86_64", + "SrcName": "alpine-keys", + "SrcVersion": "2.4-r1", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:a88dc8b54e91eb6b19695ef7e04865926d4df23004f414a3ee86978617492d4d", + "DiffID": "sha256:5535fda0356bb3eff348b2f618314a47946d7ccfbeb880b3fc910dd7375ae140" + }, + "Digest": "sha1:1417c88edb049afbaaa0d5e94a15c3726fe68f31", + "InstalledFiles": [ + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "apk-tools@2.12.9-r3", + "Name": "apk-tools", + "Identifier": { + "PURL": "pkg:apk/alpine/apk-tools@2.12.9-r3?arch=x86_64\u0026distro=3.16.9", + "UID": "cbe58463fe4e0186" + }, + "Version": "2.12.9-r3", + "Arch": "x86_64", + "SrcName": "apk-tools", + "SrcVersion": "2.12.9-r3", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "ca-certificates-bundle@20240226-r0", + "libcrypto1.1@1.1.1w-r1", + "libssl1.1@1.1.1w-r1", + "musl@1.2.3-r4", + "zlib@1.2.12-r3" + ], + "Layer": { + "Digest": "sha256:a88dc8b54e91eb6b19695ef7e04865926d4df23004f414a3ee86978617492d4d", + "DiffID": "sha256:5535fda0356bb3eff348b2f618314a47946d7ccfbeb880b3fc910dd7375ae140" + }, + "Digest": "sha1:54514558c2a307d69191e8480137399308008655", + "InstalledFiles": [ + "lib/libapk.so.3.12.0", + "sbin/apk" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "bash@5.1.16-r2", + "Name": "bash", + "Identifier": { + "PURL": "pkg:apk/alpine/bash@5.1.16-r2?arch=x86_64\u0026distro=3.16.9", + "UID": "a3aafde700944af1" + }, + "Version": "5.1.16-r2", + "Arch": "x86_64", + "SrcName": "bash", + "SrcVersion": "5.1.16-r2", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox@1.35.0-r18", + "musl@1.2.3-r4", + "readline@8.1.2-r0" + ], + "Layer": { + "Digest": "sha256:3c17db25a80559233b072fcb75a07818e67faea561b939d34a757001f75771ed", + "DiffID": "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2" + }, + "Digest": "sha1:a3035d51c1b485ff6913973631bb1886bc2a4061", + "InstalledFiles": [ + "bin/bash", + "etc/bash/bashrc", + "usr/lib/bash/accept", + "usr/lib/bash/basename", + "usr/lib/bash/csv", + "usr/lib/bash/cut", + "usr/lib/bash/dirname", + "usr/lib/bash/fdflags", + "usr/lib/bash/finfo", + "usr/lib/bash/head", + "usr/lib/bash/id", + "usr/lib/bash/ln", + "usr/lib/bash/logname", + "usr/lib/bash/mkdir", + "usr/lib/bash/mkfifo", + "usr/lib/bash/mktemp", + "usr/lib/bash/mypid", + "usr/lib/bash/pathchk", + "usr/lib/bash/print", + "usr/lib/bash/printenv", + "usr/lib/bash/push", + "usr/lib/bash/realpath", + "usr/lib/bash/rm", + "usr/lib/bash/rmdir", + "usr/lib/bash/seq", + "usr/lib/bash/setpgid", + "usr/lib/bash/sleep", + "usr/lib/bash/strftime", + "usr/lib/bash/sync", + "usr/lib/bash/tee", + "usr/lib/bash/truefalse", + "usr/lib/bash/tty", + "usr/lib/bash/uname", + "usr/lib/bash/unlink", + "usr/lib/bash/whoami" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox@1.35.0-r18", + "Name": "busybox", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox@1.35.0-r18?arch=x86_64\u0026distro=3.16.9", + "UID": "1f07d68deadf2682" + }, + "Version": "1.35.0-r18", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.35.0-r18", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:3c17db25a80559233b072fcb75a07818e67faea561b939d34a757001f75771ed", + "DiffID": "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2" + }, + "Digest": "sha1:29da1c0b924a081615b661f33dbfbbc6aee47ff5", + "InstalledFiles": [ + "bin/busybox", + "bin/sh", + "etc/securetty", + "etc/udhcpd.conf", + "etc/logrotate.d/acpid", + "etc/network/if-up.d/dad", + "usr/share/udhcpc/default.script" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates-bundle@20240226-r0", + "Name": "ca-certificates-bundle", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates-bundle@20240226-r0?arch=x86_64\u0026distro=3.16.9", + "UID": "6e262e06439d91e5" + }, + "Version": "20240226-r0", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20240226-r0", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:3c17db25a80559233b072fcb75a07818e67faea561b939d34a757001f75771ed", + "DiffID": "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2" + }, + "Digest": "sha1:aca248897011535431fa12ab9f7969827015eb70", + "InstalledFiles": [ + "etc/ssl/cert.pem", + "etc/ssl/certs/ca-certificates.crt" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "file@5.41-r0", + "Name": "file", + "Identifier": { + "PURL": "pkg:apk/alpine/file@5.41-r0?arch=x86_64\u0026distro=3.16.9", + "UID": "db419961dfa54b92" + }, + "Version": "5.41-r0", + "Arch": "x86_64", + "SrcName": "file", + "SrcVersion": "5.41-r0", + "Licenses": [ + "BSD-2-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libmagic@5.41-r0", + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:3c17db25a80559233b072fcb75a07818e67faea561b939d34a757001f75771ed", + "DiffID": "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2" + }, + "Digest": "sha1:41fcff3b4e4f940bc44669b51e499e31b451071b", + "InstalledFiles": [ + "usr/bin/file" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "gdbm@1.23-r0", + "Name": "gdbm", + "Identifier": { + "PURL": "pkg:apk/alpine/gdbm@1.23-r0?arch=x86_64\u0026distro=3.16.9", + "UID": "800447b8c73ff598" + }, + "Version": "1.23-r0", + "Arch": "x86_64", + "SrcName": "gdbm", + "SrcVersion": "1.23-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:11c13ca337c7c9207294ba298f14ee555a333c2eb4ff188cfc68309eeb63928c", + "DiffID": "sha256:afcbd1cbb5b8884fa0f936b7ff152814bf17f5df59124d41694b7eeda23ff951" + }, + "Digest": "sha1:9519fe84a0abd765b526b7f0d69fa82833361052", + "InstalledFiles": [ + "usr/lib/libgdbm.so.6", + "usr/lib/libgdbm.so.6.0.0", + "usr/lib/libgdbm_compat.so.4", + "usr/lib/libgdbm_compat.so.4.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "icu-data-en@71.1-r2", + "Name": "icu-data-en", + "Identifier": { + "PURL": "pkg:apk/alpine/icu-data-en@71.1-r2?arch=x86_64\u0026distro=3.16.9", + "UID": "9ae5dc4d26f1c6cf" + }, + "Version": "71.1-r2", + "Arch": "x86_64", + "SrcName": "icu", + "SrcVersion": "71.1-r2", + "Licenses": [ + "MIT", + "ICU", + "Unicode-TOU" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox@1.35.0-r18" + ], + "Layer": { + "Digest": "sha256:11c13ca337c7c9207294ba298f14ee555a333c2eb4ff188cfc68309eeb63928c", + "DiffID": "sha256:afcbd1cbb5b8884fa0f936b7ff152814bf17f5df59124d41694b7eeda23ff951" + }, + "Digest": "sha1:2704207dc957655796ef632d51f6942c626f1531", + "InstalledFiles": [ + "usr/share/icu/71.1/icudt71l.dat" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "icu-libs@71.1-r2", + "Name": "icu-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/icu-libs@71.1-r2?arch=x86_64\u0026distro=3.16.9", + "UID": "53fa767efa2ed567" + }, + "Version": "71.1-r2", + "Arch": "x86_64", + "SrcName": "icu", + "SrcVersion": "71.1-r2", + "Licenses": [ + "MIT", + "ICU", + "Unicode-TOU" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "icu-data-en@71.1-r2", + "libgcc@11.2.1_git20220219-r2", + "libstdc++@11.2.1_git20220219-r2", + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:11c13ca337c7c9207294ba298f14ee555a333c2eb4ff188cfc68309eeb63928c", + "DiffID": "sha256:afcbd1cbb5b8884fa0f936b7ff152814bf17f5df59124d41694b7eeda23ff951" + }, + "Digest": "sha1:45b54bd531204a1c629dc57a213d943f47c44ed0", + "InstalledFiles": [ + "usr/lib/libicudata.so.71", + "usr/lib/libicudata.so.71.1", + "usr/lib/libicui18n.so.71", + "usr/lib/libicui18n.so.71.1", + "usr/lib/libicuio.so.71", + "usr/lib/libicuio.so.71.1", + "usr/lib/libicuuc.so.71", + "usr/lib/libicuuc.so.71.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libc-utils@0.7.2-r3", + "Name": "libc-utils", + "Identifier": { + "PURL": "pkg:apk/alpine/libc-utils@0.7.2-r3?arch=x86_64\u0026distro=3.16.9", + "UID": "f63083d391d5172a" + }, + "Version": "0.7.2-r3", + "Arch": "x86_64", + "SrcName": "libc-dev", + "SrcVersion": "0.7.2-r3", + "Licenses": [ + "BSD-2-Clause", + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl-utils@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:a88dc8b54e91eb6b19695ef7e04865926d4df23004f414a3ee86978617492d4d", + "DiffID": "sha256:5535fda0356bb3eff348b2f618314a47946d7ccfbeb880b3fc910dd7375ae140" + }, + "Digest": "sha1:3b8185251bc7cfde6d3e33bce2aa44be4355c03c", + "AnalyzedBy": "apk" + }, + { + "ID": "libcrypto1.1@1.1.1w-r1", + "Name": "libcrypto1.1", + "Identifier": { + "PURL": "pkg:apk/alpine/libcrypto1.1@1.1.1w-r1?arch=x86_64\u0026distro=3.16.9", + "UID": "b66727936c029a29" + }, + "Version": "1.1.1w-r1", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "1.1.1w-r1", + "Licenses": [ + "OpenSSL" + ], + "Maintainer": "Timo Teras \u003ctimo.teras@iki.fi\u003e", + "DependsOn": [ + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:a88dc8b54e91eb6b19695ef7e04865926d4df23004f414a3ee86978617492d4d", + "DiffID": "sha256:5535fda0356bb3eff348b2f618314a47946d7ccfbeb880b3fc910dd7375ae140" + }, + "Digest": "sha1:b0bda9c8ca517645567ba67f44be19aee380de40", + "InstalledFiles": [ + "etc/ssl/ct_log_list.cnf", + "etc/ssl/ct_log_list.cnf.dist", + "etc/ssl/openssl.cnf", + "etc/ssl/openssl.cnf.dist", + "etc/ssl/misc/CA.pl", + "etc/ssl/misc/tsget", + "etc/ssl/misc/tsget.pl", + "lib/libcrypto.so.1.1", + "usr/lib/libcrypto.so.1.1", + "usr/lib/engines-1.1/afalg.so", + "usr/lib/engines-1.1/capi.so", + "usr/lib/engines-1.1/padlock.so" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libgcc@11.2.1_git20220219-r2", + "Name": "libgcc", + "Identifier": { + "PURL": "pkg:apk/alpine/libgcc@11.2.1_git20220219-r2?arch=x86_64\u0026distro=3.16.9", + "UID": "9a690b254956d66" + }, + "Version": "11.2.1_git20220219-r2", + "Arch": "x86_64", + "SrcName": "gcc", + "SrcVersion": "11.2.1_git20220219-r2", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", + "DependsOn": [ + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:11c13ca337c7c9207294ba298f14ee555a333c2eb4ff188cfc68309eeb63928c", + "DiffID": "sha256:afcbd1cbb5b8884fa0f936b7ff152814bf17f5df59124d41694b7eeda23ff951" + }, + "Digest": "sha1:c765504f6bf09c2455271cc48c4b48e459dcf09b", + "InstalledFiles": [ + "usr/lib/libgcc_s.so.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libintl@0.21-r2", + "Name": "libintl", + "Identifier": { + "PURL": "pkg:apk/alpine/libintl@0.21-r2?arch=x86_64\u0026distro=3.16.9", + "UID": "cb16c8f57fcf7181" + }, + "Version": "0.21-r2", + "Arch": "x86_64", + "SrcName": "gettext", + "SrcVersion": "0.21-r2", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:3c17db25a80559233b072fcb75a07818e67faea561b939d34a757001f75771ed", + "DiffID": "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2" + }, + "Digest": "sha1:079123672726e33c47bfaf2581b8034b2cbd6a8b", + "InstalledFiles": [ + "usr/lib/libintl.so.8", + "usr/lib/libintl.so.8.2.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libmagic@5.41-r0", + "Name": "libmagic", + "Identifier": { + "PURL": "pkg:apk/alpine/libmagic@5.41-r0?arch=x86_64\u0026distro=3.16.9", + "UID": "96328d6052194d50" + }, + "Version": "5.41-r0", + "Arch": "x86_64", + "SrcName": "file", + "SrcVersion": "5.41-r0", + "Licenses": [ + "BSD-2-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:3c17db25a80559233b072fcb75a07818e67faea561b939d34a757001f75771ed", + "DiffID": "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2" + }, + "Digest": "sha1:026dc6d2669ef540d141b7bf58abecadc2bb00d5", + "InstalledFiles": [ + "usr/lib/libmagic.so.1", + "usr/lib/libmagic.so.1.0.0", + "usr/share/misc/magic.mgc" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libsasl@2.1.28-r1", + "Name": "libsasl", + "Identifier": { + "PURL": "pkg:apk/alpine/libsasl@2.1.28-r1?arch=x86_64\u0026distro=3.16.9", + "UID": "f0769a139d5e9ba1" + }, + "Version": "2.1.28-r1", + "Arch": "x86_64", + "SrcName": "cyrus-sasl", + "SrcVersion": "2.1.28-r1", + "Licenses": [ + "custom" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "gdbm@1.23-r0", + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:11c13ca337c7c9207294ba298f14ee555a333c2eb4ff188cfc68309eeb63928c", + "DiffID": "sha256:afcbd1cbb5b8884fa0f936b7ff152814bf17f5df59124d41694b7eeda23ff951" + }, + "Digest": "sha1:93db49b8fe3480339cd56255808caa06a0d99c54", + "InstalledFiles": [ + "usr/lib/libsasl2.so.3", + "usr/lib/libsasl2.so.3.0.0", + "usr/lib/sasl2/libanonymous.so", + "usr/lib/sasl2/libanonymous.so.3", + "usr/lib/sasl2/libanonymous.so.3.0.0", + "usr/lib/sasl2/libplain.so", + "usr/lib/sasl2/libplain.so.3", + "usr/lib/sasl2/libplain.so.3.0.0", + "usr/lib/sasl2/libsasldb.so", + "usr/lib/sasl2/libsasldb.so.3", + "usr/lib/sasl2/libsasldb.so.3.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libssl1.1@1.1.1w-r1", + "Name": "libssl1.1", + "Identifier": { + "PURL": "pkg:apk/alpine/libssl1.1@1.1.1w-r1?arch=x86_64\u0026distro=3.16.9", + "UID": "eaa025b7846d7045" + }, + "Version": "1.1.1w-r1", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "1.1.1w-r1", + "Licenses": [ + "OpenSSL" + ], + "Maintainer": "Timo Teras \u003ctimo.teras@iki.fi\u003e", + "DependsOn": [ + "libcrypto1.1@1.1.1w-r1", + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:a88dc8b54e91eb6b19695ef7e04865926d4df23004f414a3ee86978617492d4d", + "DiffID": "sha256:5535fda0356bb3eff348b2f618314a47946d7ccfbeb880b3fc910dd7375ae140" + }, + "Digest": "sha1:5facd69c238a147ee0c8d9b5dbe2cce00be9dbfc", + "InstalledFiles": [ + "lib/libssl.so.1.1", + "usr/lib/libssl.so.1.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libstdc++@11.2.1_git20220219-r2", + "Name": "libstdc++", + "Identifier": { + "PURL": "pkg:apk/alpine/libstdc%2B%2B@11.2.1_git20220219-r2?arch=x86_64\u0026distro=3.16.9", + "UID": "4d812412b8d16369" + }, + "Version": "11.2.1_git20220219-r2", + "Arch": "x86_64", + "SrcName": "gcc", + "SrcVersion": "11.2.1_git20220219-r2", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", + "DependsOn": [ + "libgcc@11.2.1_git20220219-r2", + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:11c13ca337c7c9207294ba298f14ee555a333c2eb4ff188cfc68309eeb63928c", + "DiffID": "sha256:afcbd1cbb5b8884fa0f936b7ff152814bf17f5df59124d41694b7eeda23ff951" + }, + "Digest": "sha1:f6e2eb3e2d01a83e849bef7c27a2f90a072e6801", + "InstalledFiles": [ + "usr/lib/libstdc++.so.6", + "usr/lib/libstdc++.so.6.0.29" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "lmdb@0.9.29-r1", + "Name": "lmdb", + "Identifier": { + "PURL": "pkg:apk/alpine/lmdb@0.9.29-r1?arch=x86_64\u0026distro=3.16.9", + "UID": "f2249e1ec7e5226a" + }, + "Version": "0.9.29-r1", + "Arch": "x86_64", + "SrcName": "lmdb", + "SrcVersion": "0.9.29-r1", + "Licenses": [ + "OLDAP-2.8" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:11c13ca337c7c9207294ba298f14ee555a333c2eb4ff188cfc68309eeb63928c", + "DiffID": "sha256:afcbd1cbb5b8884fa0f936b7ff152814bf17f5df59124d41694b7eeda23ff951" + }, + "Digest": "sha1:7f14eba592c505f9fe14f264533d6909eb695847", + "InstalledFiles": [ + "usr/lib/liblmdb.so.0", + "usr/lib/liblmdb.so.0.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl@1.2.3-r4", + "Name": "musl", + "Identifier": { + "PURL": "pkg:apk/alpine/musl@1.2.3-r4?arch=x86_64\u0026distro=3.16.9", + "UID": "aa895aedd1079579" + }, + "Version": "1.2.3-r4", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.3-r4", + "Licenses": [ + "MIT" + ], + "Maintainer": "Timo Teräs \u003ctimo.teras@iki.fi\u003e", + "Layer": { + "Digest": "sha256:3c17db25a80559233b072fcb75a07818e67faea561b939d34a757001f75771ed", + "DiffID": "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2" + }, + "Digest": "sha1:590f3bdaf82bb6747a89b1d63fedfe794ba47f7e", + "InstalledFiles": [ + "lib/ld-musl-x86_64.so.1", + "lib/libc.musl-x86_64.so.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl-utils@1.2.3-r4", + "Name": "musl-utils", + "Identifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.3-r4?arch=x86_64\u0026distro=3.16.9", + "UID": "e044260285eed036" + }, + "Version": "1.2.3-r4", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.3-r4", + "Licenses": [ + "MIT", + "BSD-3-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Timo Teräs \u003ctimo.teras@iki.fi\u003e", + "DependsOn": [ + "musl@1.2.3-r4", + "scanelf@1.3.4-r0" + ], + "Layer": { + "Digest": "sha256:3c17db25a80559233b072fcb75a07818e67faea561b939d34a757001f75771ed", + "DiffID": "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2" + }, + "Digest": "sha1:86611338c68bfdb72ed51868e857391859348d4f", + "InstalledFiles": [ + "sbin/ldconfig", + "usr/bin/getconf", + "usr/bin/getent", + "usr/bin/iconv", + "usr/bin/ldd" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ncurses-libs@6.3_p20220521-r1", + "Name": "ncurses-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/ncurses-libs@6.3_p20220521-r1?arch=x86_64\u0026distro=3.16.9", + "UID": "263ed1ffdfeaad17" + }, + "Version": "6.3_p20220521-r1", + "Arch": "x86_64", + "SrcName": "ncurses", + "SrcVersion": "6.3_p20220521-r1", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.3-r4", + "ncurses-terminfo-base@6.3_p20220521-r1" + ], + "Layer": { + "Digest": "sha256:3c17db25a80559233b072fcb75a07818e67faea561b939d34a757001f75771ed", + "DiffID": "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2" + }, + "Digest": "sha1:f28c80a74acdcd3d2a616c08ace9d3bafdcf7099", + "InstalledFiles": [ + "usr/lib/libformw.so.6", + "usr/lib/libformw.so.6.3", + "usr/lib/libmenuw.so.6", + "usr/lib/libmenuw.so.6.3", + "usr/lib/libncursesw.so.6", + "usr/lib/libncursesw.so.6.3", + "usr/lib/libpanelw.so.6", + "usr/lib/libpanelw.so.6.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ncurses-terminfo-base@6.3_p20220521-r1", + "Name": "ncurses-terminfo-base", + "Identifier": { + "PURL": "pkg:apk/alpine/ncurses-terminfo-base@6.3_p20220521-r1?arch=x86_64\u0026distro=3.16.9", + "UID": "6fdbcbbe9dbbd4ab" + }, + "Version": "6.3_p20220521-r1", + "Arch": "x86_64", + "SrcName": "ncurses", + "SrcVersion": "6.3_p20220521-r1", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:3c17db25a80559233b072fcb75a07818e67faea561b939d34a757001f75771ed", + "DiffID": "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2" + }, + "Digest": "sha1:06677b3905e850d1b9882c9ac90e7e04a3baf2ad", + "InstalledFiles": [ + "etc/terminfo/a/alacritty", + "etc/terminfo/a/ansi", + "etc/terminfo/d/dumb", + "etc/terminfo/g/gnome", + "etc/terminfo/g/gnome-256color", + "etc/terminfo/k/kitty", + "etc/terminfo/k/konsole", + "etc/terminfo/k/konsole-256color", + "etc/terminfo/k/konsole-linux", + "etc/terminfo/l/linux", + "etc/terminfo/p/putty", + "etc/terminfo/p/putty-256color", + "etc/terminfo/r/rxvt", + "etc/terminfo/r/rxvt-256color", + "etc/terminfo/s/screen", + "etc/terminfo/s/screen-256color", + "etc/terminfo/s/st-0.6", + "etc/terminfo/s/st-0.7", + "etc/terminfo/s/st-0.8", + "etc/terminfo/s/st-16color", + "etc/terminfo/s/st-256color", + "etc/terminfo/s/st-direct", + "etc/terminfo/s/sun", + "etc/terminfo/t/terminator", + "etc/terminfo/t/terminology", + "etc/terminfo/t/terminology-0.6.1", + "etc/terminfo/t/terminology-1.0.0", + "etc/terminfo/t/terminology-1.8.1", + "etc/terminfo/t/tmux", + "etc/terminfo/t/tmux-256color", + "etc/terminfo/v/vt100", + "etc/terminfo/v/vt102", + "etc/terminfo/v/vt200", + "etc/terminfo/v/vt220", + "etc/terminfo/v/vt52", + "etc/terminfo/v/vte", + "etc/terminfo/v/vte-256color", + "etc/terminfo/x/xterm", + "etc/terminfo/x/xterm-256color", + "etc/terminfo/x/xterm-color", + "etc/terminfo/x/xterm-xfree86" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "pcre2@10.42-r0", + "Name": "pcre2", + "Identifier": { + "PURL": "pkg:apk/alpine/pcre2@10.42-r0?arch=x86_64\u0026distro=3.16.9", + "UID": "b5f9aa6991d92de" + }, + "Version": "10.42-r0", + "Arch": "x86_64", + "SrcName": "pcre2", + "SrcVersion": "10.42-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", + "DependsOn": [ + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:11c13ca337c7c9207294ba298f14ee555a333c2eb4ff188cfc68309eeb63928c", + "DiffID": "sha256:afcbd1cbb5b8884fa0f936b7ff152814bf17f5df59124d41694b7eeda23ff951" + }, + "Digest": "sha1:f563dad17adc550e9d91a4e6f86000578907ac06", + "InstalledFiles": [ + "usr/lib/libpcre2-8.so.0", + "usr/lib/libpcre2-8.so.0.11.2", + "usr/lib/libpcre2-posix.so.3", + "usr/lib/libpcre2-posix.so.3.0.4" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "postfix@3.7.12-r0", + "Name": "postfix", + "Identifier": { + "PURL": "pkg:apk/alpine/postfix@3.7.12-r0?arch=x86_64\u0026distro=3.16.9", + "UID": "6efbb0d6b9daf6ef" + }, + "Version": "3.7.12-r0", + "Arch": "x86_64", + "SrcName": "postfix", + "SrcVersion": "3.7.12-r0", + "Licenses": [ + "IPL-1.0", + "EPL-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox@1.35.0-r18", + "icu-libs@71.1-r2", + "libcrypto1.1@1.1.1w-r1", + "libsasl@2.1.28-r1", + "libssl1.1@1.1.1w-r1", + "lmdb@0.9.29-r1", + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:11c13ca337c7c9207294ba298f14ee555a333c2eb4ff188cfc68309eeb63928c", + "DiffID": "sha256:afcbd1cbb5b8884fa0f936b7ff152814bf17f5df59124d41694b7eeda23ff951" + }, + "Digest": "sha1:17475b5ea05e982520d08bf8f90e2b217d575061", + "InstalledFiles": [ + "etc/postfix/access", + "etc/postfix/aliases", + "etc/postfix/canonical", + "etc/postfix/dynamicmaps.cf", + "etc/postfix/generic", + "etc/postfix/header_checks", + "etc/postfix/main.cf", + "etc/postfix/main.cf.proto", + "etc/postfix/master.cf", + "etc/postfix/master.cf.proto", + "etc/postfix/postfix-files", + "etc/postfix/relocated", + "etc/postfix/transport", + "etc/postfix/virtual", + "etc/postfix/dynamicmaps.cf.d/lmdb", + "usr/bin/mailq", + "usr/bin/newaliases", + "usr/bin/qshape.pl", + "usr/lib/postfix/libpostfix-dns.so", + "usr/lib/postfix/libpostfix-global.so", + "usr/lib/postfix/libpostfix-master.so", + "usr/lib/postfix/libpostfix-tls.so", + "usr/lib/postfix/libpostfix-util.so", + "usr/lib/postfix/postfix-lmdb.so", + "usr/libexec/postfix/anvil", + "usr/libexec/postfix/bounce", + "usr/libexec/postfix/cleanup", + "usr/libexec/postfix/discard", + "usr/libexec/postfix/dnsblog", + "usr/libexec/postfix/error", + "usr/libexec/postfix/flush", + "usr/libexec/postfix/lmtp", + "usr/libexec/postfix/local", + "usr/libexec/postfix/master", + "usr/libexec/postfix/nqmgr", + "usr/libexec/postfix/oqmgr", + "usr/libexec/postfix/pickup", + "usr/libexec/postfix/pipe", + "usr/libexec/postfix/post-install", + "usr/libexec/postfix/postfix-script", + "usr/libexec/postfix/postfix-tls-script", + "usr/libexec/postfix/postfix-wrapper", + "usr/libexec/postfix/postlogd", + "usr/libexec/postfix/postmulti-script", + "usr/libexec/postfix/postscreen", + "usr/libexec/postfix/proxymap", + "usr/libexec/postfix/qmgr", + "usr/libexec/postfix/qmqpd", + "usr/libexec/postfix/scache", + "usr/libexec/postfix/showq", + "usr/libexec/postfix/smtp", + "usr/libexec/postfix/smtpd", + "usr/libexec/postfix/spawn", + "usr/libexec/postfix/tlsmgr", + "usr/libexec/postfix/tlsproxy", + "usr/libexec/postfix/trivial-rewrite", + "usr/libexec/postfix/verify", + "usr/libexec/postfix/virtual", + "usr/sbin/postalias", + "usr/sbin/postcat", + "usr/sbin/postconf", + "usr/sbin/postdrop", + "usr/sbin/postfix", + "usr/sbin/postkick", + "usr/sbin/postlock", + "usr/sbin/postlog", + "usr/sbin/postmap", + "usr/sbin/postmulti", + "usr/sbin/postqueue", + "usr/sbin/postsuper", + "usr/sbin/sendmail" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "postfix-pcre@3.7.12-r0", + "Name": "postfix-pcre", + "Identifier": { + "PURL": "pkg:apk/alpine/postfix-pcre@3.7.12-r0?arch=x86_64\u0026distro=3.16.9", + "UID": "5496ff9292b54cc4" + }, + "Version": "3.7.12-r0", + "Arch": "x86_64", + "SrcName": "postfix", + "SrcVersion": "3.7.12-r0", + "Licenses": [ + "IPL-1.0", + "EPL-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.3-r4", + "pcre2@10.42-r0" + ], + "Layer": { + "Digest": "sha256:11c13ca337c7c9207294ba298f14ee555a333c2eb4ff188cfc68309eeb63928c", + "DiffID": "sha256:afcbd1cbb5b8884fa0f936b7ff152814bf17f5df59124d41694b7eeda23ff951" + }, + "Digest": "sha1:3abb665c4ca48f583a9825553e4ba218be3086a9", + "InstalledFiles": [ + "etc/postfix/dynamicmaps.cf.d/pcre", + "usr/lib/postfix/postfix-pcre.so" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "readline@8.1.2-r0", + "Name": "readline", + "Identifier": { + "PURL": "pkg:apk/alpine/readline@8.1.2-r0?arch=x86_64\u0026distro=3.16.9", + "UID": "c07a2844fcd7853b" + }, + "Version": "8.1.2-r0", + "Arch": "x86_64", + "SrcName": "readline", + "SrcVersion": "8.1.2-r0", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.3-r4", + "ncurses-libs@6.3_p20220521-r1" + ], + "Layer": { + "Digest": "sha256:3c17db25a80559233b072fcb75a07818e67faea561b939d34a757001f75771ed", + "DiffID": "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2" + }, + "Digest": "sha1:f676007339535e21de79acffbe7ae743a1f7168c", + "InstalledFiles": [ + "etc/inputrc", + "usr/lib/libreadline.so.8", + "usr/lib/libreadline.so.8.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "runit@2.1.2-r5", + "Name": "runit", + "Identifier": { + "PURL": "pkg:apk/alpine/runit@2.1.2-r5?arch=x86_64\u0026distro=3.16.9", + "UID": "d1ec74d2e957c6e" + }, + "Version": "2.1.2-r5", + "Arch": "x86_64", + "SrcName": "runit", + "SrcVersion": "2.1.2-r5", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Stuart Cardall \u003cdeveloper@it-offshore.co.uk\u003e", + "DependsOn": [ + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "Digest": "sha1:877ab81ee44a806a1241eeb5dfa346e0bfceafb1", + "InstalledFiles": [ + "sbin/chpst", + "sbin/runit", + "sbin/runit-init", + "sbin/runsv", + "sbin/runsvchdir", + "sbin/runsvdir", + "sbin/sv", + "sbin/svlogd", + "sbin/utmpset" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "scanelf@1.3.4-r0", + "Name": "scanelf", + "Identifier": { + "PURL": "pkg:apk/alpine/scanelf@1.3.4-r0?arch=x86_64\u0026distro=3.16.9", + "UID": "29cfd9d59ed701b0" + }, + "Version": "1.3.4-r0", + "Arch": "x86_64", + "SrcName": "pax-utils", + "SrcVersion": "1.3.4-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:a88dc8b54e91eb6b19695ef7e04865926d4df23004f414a3ee86978617492d4d", + "DiffID": "sha256:5535fda0356bb3eff348b2f618314a47946d7ccfbeb880b3fc910dd7375ae140" + }, + "Digest": "sha1:19ca9ef8d0fc0c53a584cdd1d28e4ac998d1da81", + "InstalledFiles": [ + "usr/bin/scanelf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ssl_client@1.35.0-r18", + "Name": "ssl_client", + "Identifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.35.0-r18?arch=x86_64\u0026distro=3.16.9", + "UID": "10e86f637e9790f6" + }, + "Version": "1.35.0-r18", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.35.0-r18", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "libcrypto1.1@1.1.1w-r1", + "libssl1.1@1.1.1w-r1", + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:3c17db25a80559233b072fcb75a07818e67faea561b939d34a757001f75771ed", + "DiffID": "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2" + }, + "Digest": "sha1:60df8baae7bf58f9426557bd1214354dbdf50c25", + "InstalledFiles": [ + "usr/bin/ssl_client" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "sudo@1.9.12-r1", + "Name": "sudo", + "Identifier": { + "PURL": "pkg:apk/alpine/sudo@1.9.12-r1?arch=x86_64\u0026distro=3.16.9", + "UID": "9156ae19220c3ae9" + }, + "Version": "1.9.12-r1", + "Arch": "x86_64", + "SrcName": "sudo", + "SrcVersion": "1.9.12-r1", + "Licenses": [ + "custom", + "ISC" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.3-r4", + "zlib@1.2.12-r3" + ], + "Layer": { + "Digest": "sha256:3c17db25a80559233b072fcb75a07818e67faea561b939d34a757001f75771ed", + "DiffID": "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2" + }, + "Digest": "sha1:b68dc466ed3d7bf1273e28e59f7d037605b22782", + "InstalledFiles": [ + "etc/sudo.conf", + "etc/sudo_logsrvd.conf", + "etc/sudoers", + "usr/bin/cvtsudoers", + "usr/bin/sudo", + "usr/bin/sudoedit", + "usr/bin/sudoreplay", + "usr/lib/sudo/audit_json.so", + "usr/lib/sudo/group_file.so", + "usr/lib/sudo/libsudo_util.so", + "usr/lib/sudo/libsudo_util.so.0", + "usr/lib/sudo/libsudo_util.so.0.0.0", + "usr/lib/sudo/sudo_intercept.so", + "usr/lib/sudo/sudo_noexec.so", + "usr/lib/sudo/sudoers.so", + "usr/lib/sudo/system_group.so", + "usr/sbin/sudo_logsrvd", + "usr/sbin/sudo_sendlog", + "usr/sbin/visudo" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "tzdata@2024a-r0", + "Name": "tzdata", + "Identifier": { + "PURL": "pkg:apk/alpine/tzdata@2024a-r0?arch=x86_64\u0026distro=3.16.9", + "UID": "33fbfe98072df7cd" + }, + "Version": "2024a-r0", + "Arch": "x86_64", + "SrcName": "tzdata", + "SrcVersion": "2024a-r0", + "Licenses": [ + "Public-Domain" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "Digest": "sha1:c8db8eed6aad7f952e52bbb37ad12a010ac71cf9", + "InstalledFiles": [ + "usr/bin/posixtz", + "usr/sbin/zdump", + "usr/sbin/zic", + "usr/share/zoneinfo/CET", + "usr/share/zoneinfo/CST6CDT", + "usr/share/zoneinfo/Cuba", + "usr/share/zoneinfo/EET", + "usr/share/zoneinfo/EST", + "usr/share/zoneinfo/EST5EDT", + "usr/share/zoneinfo/Egypt", + "usr/share/zoneinfo/Eire", + "usr/share/zoneinfo/Factory", + "usr/share/zoneinfo/GB", + "usr/share/zoneinfo/GB-Eire", + "usr/share/zoneinfo/GMT", + "usr/share/zoneinfo/GMT+0", + "usr/share/zoneinfo/GMT-0", + "usr/share/zoneinfo/GMT0", + "usr/share/zoneinfo/Greenwich", + "usr/share/zoneinfo/HST", + "usr/share/zoneinfo/Hongkong", + "usr/share/zoneinfo/Iceland", + "usr/share/zoneinfo/Iran", + "usr/share/zoneinfo/Israel", + "usr/share/zoneinfo/Jamaica", + "usr/share/zoneinfo/Japan", + "usr/share/zoneinfo/Kwajalein", + "usr/share/zoneinfo/Libya", + "usr/share/zoneinfo/MET", + "usr/share/zoneinfo/MST", + "usr/share/zoneinfo/MST7MDT", + "usr/share/zoneinfo/NZ", + "usr/share/zoneinfo/NZ-CHAT", + "usr/share/zoneinfo/Navajo", + "usr/share/zoneinfo/PRC", + "usr/share/zoneinfo/PST8PDT", + "usr/share/zoneinfo/Poland", + "usr/share/zoneinfo/Portugal", + "usr/share/zoneinfo/ROC", + "usr/share/zoneinfo/ROK", + "usr/share/zoneinfo/Singapore", + "usr/share/zoneinfo/Turkey", + "usr/share/zoneinfo/UCT", + "usr/share/zoneinfo/UTC", + "usr/share/zoneinfo/Universal", + "usr/share/zoneinfo/W-SU", + "usr/share/zoneinfo/WET", + "usr/share/zoneinfo/Zulu", + "usr/share/zoneinfo/iso3166.tab", + "usr/share/zoneinfo/posixrules", + "usr/share/zoneinfo/zone.tab", + "usr/share/zoneinfo/zone1970.tab", + "usr/share/zoneinfo/Africa/Abidjan", + "usr/share/zoneinfo/Africa/Accra", + "usr/share/zoneinfo/Africa/Addis_Ababa", + "usr/share/zoneinfo/Africa/Algiers", + "usr/share/zoneinfo/Africa/Asmara", + "usr/share/zoneinfo/Africa/Asmera", + "usr/share/zoneinfo/Africa/Bamako", + "usr/share/zoneinfo/Africa/Bangui", + "usr/share/zoneinfo/Africa/Banjul", + "usr/share/zoneinfo/Africa/Bissau", + "usr/share/zoneinfo/Africa/Blantyre", + "usr/share/zoneinfo/Africa/Brazzaville", + "usr/share/zoneinfo/Africa/Bujumbura", + "usr/share/zoneinfo/Africa/Cairo", + "usr/share/zoneinfo/Africa/Casablanca", + "usr/share/zoneinfo/Africa/Ceuta", + "usr/share/zoneinfo/Africa/Conakry", + "usr/share/zoneinfo/Africa/Dakar", + "usr/share/zoneinfo/Africa/Dar_es_Salaam", + "usr/share/zoneinfo/Africa/Djibouti", + "usr/share/zoneinfo/Africa/Douala", + "usr/share/zoneinfo/Africa/El_Aaiun", + "usr/share/zoneinfo/Africa/Freetown", + "usr/share/zoneinfo/Africa/Gaborone", + "usr/share/zoneinfo/Africa/Harare", + "usr/share/zoneinfo/Africa/Johannesburg", + "usr/share/zoneinfo/Africa/Juba", + "usr/share/zoneinfo/Africa/Kampala", + "usr/share/zoneinfo/Africa/Khartoum", + "usr/share/zoneinfo/Africa/Kigali", + "usr/share/zoneinfo/Africa/Kinshasa", + "usr/share/zoneinfo/Africa/Lagos", + "usr/share/zoneinfo/Africa/Libreville", + "usr/share/zoneinfo/Africa/Lome", + "usr/share/zoneinfo/Africa/Luanda", + "usr/share/zoneinfo/Africa/Lubumbashi", + "usr/share/zoneinfo/Africa/Lusaka", + "usr/share/zoneinfo/Africa/Malabo", + "usr/share/zoneinfo/Africa/Maputo", + "usr/share/zoneinfo/Africa/Maseru", + "usr/share/zoneinfo/Africa/Mbabane", + "usr/share/zoneinfo/Africa/Mogadishu", + "usr/share/zoneinfo/Africa/Monrovia", + "usr/share/zoneinfo/Africa/Nairobi", + "usr/share/zoneinfo/Africa/Ndjamena", + "usr/share/zoneinfo/Africa/Niamey", + "usr/share/zoneinfo/Africa/Nouakchott", + "usr/share/zoneinfo/Africa/Ouagadougou", + "usr/share/zoneinfo/Africa/Porto-Novo", + "usr/share/zoneinfo/Africa/Sao_Tome", + "usr/share/zoneinfo/Africa/Timbuktu", + "usr/share/zoneinfo/Africa/Tripoli", + "usr/share/zoneinfo/Africa/Tunis", + "usr/share/zoneinfo/Africa/Windhoek", + "usr/share/zoneinfo/America/Adak", + "usr/share/zoneinfo/America/Anchorage", + "usr/share/zoneinfo/America/Anguilla", + "usr/share/zoneinfo/America/Antigua", + "usr/share/zoneinfo/America/Araguaina", + "usr/share/zoneinfo/America/Aruba", + "usr/share/zoneinfo/America/Asuncion", + "usr/share/zoneinfo/America/Atikokan", + "usr/share/zoneinfo/America/Atka", + "usr/share/zoneinfo/America/Bahia", + "usr/share/zoneinfo/America/Bahia_Banderas", + "usr/share/zoneinfo/America/Barbados", + "usr/share/zoneinfo/America/Belem", + "usr/share/zoneinfo/America/Belize", + "usr/share/zoneinfo/America/Blanc-Sablon", + "usr/share/zoneinfo/America/Boa_Vista", + "usr/share/zoneinfo/America/Bogota", + "usr/share/zoneinfo/America/Boise", + "usr/share/zoneinfo/America/Buenos_Aires", + "usr/share/zoneinfo/America/Cambridge_Bay", + "usr/share/zoneinfo/America/Campo_Grande", + "usr/share/zoneinfo/America/Cancun", + "usr/share/zoneinfo/America/Caracas", + "usr/share/zoneinfo/America/Catamarca", + "usr/share/zoneinfo/America/Cayenne", + "usr/share/zoneinfo/America/Cayman", + "usr/share/zoneinfo/America/Chicago", + "usr/share/zoneinfo/America/Chihuahua", + "usr/share/zoneinfo/America/Ciudad_Juarez", + "usr/share/zoneinfo/America/Coral_Harbour", + "usr/share/zoneinfo/America/Cordoba", + "usr/share/zoneinfo/America/Costa_Rica", + "usr/share/zoneinfo/America/Creston", + "usr/share/zoneinfo/America/Cuiaba", + "usr/share/zoneinfo/America/Curacao", + "usr/share/zoneinfo/America/Danmarkshavn", + "usr/share/zoneinfo/America/Dawson", + "usr/share/zoneinfo/America/Dawson_Creek", + "usr/share/zoneinfo/America/Denver", + "usr/share/zoneinfo/America/Detroit", + "usr/share/zoneinfo/America/Dominica", + "usr/share/zoneinfo/America/Edmonton", + "usr/share/zoneinfo/America/Eirunepe", + "usr/share/zoneinfo/America/El_Salvador", + "usr/share/zoneinfo/America/Ensenada", + "usr/share/zoneinfo/America/Fort_Nelson", + "usr/share/zoneinfo/America/Fort_Wayne", + "usr/share/zoneinfo/America/Fortaleza", + "usr/share/zoneinfo/America/Glace_Bay", + "usr/share/zoneinfo/America/Godthab", + "usr/share/zoneinfo/America/Goose_Bay", + "usr/share/zoneinfo/America/Grand_Turk", + "usr/share/zoneinfo/America/Grenada", + "usr/share/zoneinfo/America/Guadeloupe", + "usr/share/zoneinfo/America/Guatemala", + "usr/share/zoneinfo/America/Guayaquil", + "usr/share/zoneinfo/America/Guyana", + "usr/share/zoneinfo/America/Halifax", + "usr/share/zoneinfo/America/Havana", + "usr/share/zoneinfo/America/Hermosillo", + "usr/share/zoneinfo/America/Indianapolis", + "usr/share/zoneinfo/America/Inuvik", + "usr/share/zoneinfo/America/Iqaluit", + "usr/share/zoneinfo/America/Jamaica", + "usr/share/zoneinfo/America/Jujuy", + "usr/share/zoneinfo/America/Juneau", + "usr/share/zoneinfo/America/Knox_IN", + "usr/share/zoneinfo/America/Kralendijk", + "usr/share/zoneinfo/America/La_Paz", + "usr/share/zoneinfo/America/Lima", + "usr/share/zoneinfo/America/Los_Angeles", + "usr/share/zoneinfo/America/Louisville", + "usr/share/zoneinfo/America/Lower_Princes", + "usr/share/zoneinfo/America/Maceio", + "usr/share/zoneinfo/America/Managua", + "usr/share/zoneinfo/America/Manaus", + "usr/share/zoneinfo/America/Marigot", + "usr/share/zoneinfo/America/Martinique", + "usr/share/zoneinfo/America/Matamoros", + "usr/share/zoneinfo/America/Mazatlan", + "usr/share/zoneinfo/America/Mendoza", + "usr/share/zoneinfo/America/Menominee", + "usr/share/zoneinfo/America/Merida", + "usr/share/zoneinfo/America/Metlakatla", + "usr/share/zoneinfo/America/Mexico_City", + "usr/share/zoneinfo/America/Miquelon", + "usr/share/zoneinfo/America/Moncton", + "usr/share/zoneinfo/America/Monterrey", + "usr/share/zoneinfo/America/Montevideo", + "usr/share/zoneinfo/America/Montreal", + "usr/share/zoneinfo/America/Montserrat", + "usr/share/zoneinfo/America/Nassau", + "usr/share/zoneinfo/America/New_York", + "usr/share/zoneinfo/America/Nipigon", + "usr/share/zoneinfo/America/Nome", + "usr/share/zoneinfo/America/Noronha", + "usr/share/zoneinfo/America/Nuuk", + "usr/share/zoneinfo/America/Ojinaga", + "usr/share/zoneinfo/America/Panama", + "usr/share/zoneinfo/America/Pangnirtung", + "usr/share/zoneinfo/America/Paramaribo", + "usr/share/zoneinfo/America/Phoenix", + "usr/share/zoneinfo/America/Port-au-Prince", + "usr/share/zoneinfo/America/Port_of_Spain", + "usr/share/zoneinfo/America/Porto_Acre", + "usr/share/zoneinfo/America/Porto_Velho", + "usr/share/zoneinfo/America/Puerto_Rico", + "usr/share/zoneinfo/America/Punta_Arenas", + "usr/share/zoneinfo/America/Rainy_River", + "usr/share/zoneinfo/America/Rankin_Inlet", + "usr/share/zoneinfo/America/Recife", + "usr/share/zoneinfo/America/Regina", + "usr/share/zoneinfo/America/Resolute", + "usr/share/zoneinfo/America/Rio_Branco", + "usr/share/zoneinfo/America/Rosario", + "usr/share/zoneinfo/America/Santa_Isabel", + "usr/share/zoneinfo/America/Santarem", + "usr/share/zoneinfo/America/Santiago", + "usr/share/zoneinfo/America/Santo_Domingo", + "usr/share/zoneinfo/America/Sao_Paulo", + "usr/share/zoneinfo/America/Scoresbysund", + "usr/share/zoneinfo/America/Shiprock", + "usr/share/zoneinfo/America/Sitka", + "usr/share/zoneinfo/America/St_Barthelemy", + "usr/share/zoneinfo/America/St_Johns", + "usr/share/zoneinfo/America/St_Kitts", + "usr/share/zoneinfo/America/St_Lucia", + "usr/share/zoneinfo/America/St_Thomas", + "usr/share/zoneinfo/America/St_Vincent", + "usr/share/zoneinfo/America/Swift_Current", + "usr/share/zoneinfo/America/Tegucigalpa", + "usr/share/zoneinfo/America/Thule", + "usr/share/zoneinfo/America/Thunder_Bay", + "usr/share/zoneinfo/America/Tijuana", + "usr/share/zoneinfo/America/Toronto", + "usr/share/zoneinfo/America/Tortola", + "usr/share/zoneinfo/America/Vancouver", + "usr/share/zoneinfo/America/Virgin", + "usr/share/zoneinfo/America/Whitehorse", + "usr/share/zoneinfo/America/Winnipeg", + "usr/share/zoneinfo/America/Yakutat", + "usr/share/zoneinfo/America/Yellowknife", + "usr/share/zoneinfo/America/Argentina/Buenos_Aires", + "usr/share/zoneinfo/America/Argentina/Catamarca", + "usr/share/zoneinfo/America/Argentina/ComodRivadavia", + "usr/share/zoneinfo/America/Argentina/Cordoba", + "usr/share/zoneinfo/America/Argentina/Jujuy", + "usr/share/zoneinfo/America/Argentina/La_Rioja", + "usr/share/zoneinfo/America/Argentina/Mendoza", + "usr/share/zoneinfo/America/Argentina/Rio_Gallegos", + "usr/share/zoneinfo/America/Argentina/Salta", + "usr/share/zoneinfo/America/Argentina/San_Juan", + "usr/share/zoneinfo/America/Argentina/San_Luis", + "usr/share/zoneinfo/America/Argentina/Tucuman", + "usr/share/zoneinfo/America/Argentina/Ushuaia", + "usr/share/zoneinfo/America/Indiana/Indianapolis", + "usr/share/zoneinfo/America/Indiana/Knox", + "usr/share/zoneinfo/America/Indiana/Marengo", + "usr/share/zoneinfo/America/Indiana/Petersburg", + "usr/share/zoneinfo/America/Indiana/Tell_City", + "usr/share/zoneinfo/America/Indiana/Vevay", + "usr/share/zoneinfo/America/Indiana/Vincennes", + "usr/share/zoneinfo/America/Indiana/Winamac", + "usr/share/zoneinfo/America/Kentucky/Louisville", + "usr/share/zoneinfo/America/Kentucky/Monticello", + "usr/share/zoneinfo/America/North_Dakota/Beulah", + "usr/share/zoneinfo/America/North_Dakota/Center", + "usr/share/zoneinfo/America/North_Dakota/New_Salem", + "usr/share/zoneinfo/Antarctica/Casey", + "usr/share/zoneinfo/Antarctica/Davis", + "usr/share/zoneinfo/Antarctica/DumontDUrville", + "usr/share/zoneinfo/Antarctica/Macquarie", + "usr/share/zoneinfo/Antarctica/Mawson", + "usr/share/zoneinfo/Antarctica/McMurdo", + "usr/share/zoneinfo/Antarctica/Palmer", + "usr/share/zoneinfo/Antarctica/Rothera", + "usr/share/zoneinfo/Antarctica/South_Pole", + "usr/share/zoneinfo/Antarctica/Syowa", + "usr/share/zoneinfo/Antarctica/Troll", + "usr/share/zoneinfo/Antarctica/Vostok", + "usr/share/zoneinfo/Arctic/Longyearbyen", + "usr/share/zoneinfo/Asia/Aden", + "usr/share/zoneinfo/Asia/Almaty", + "usr/share/zoneinfo/Asia/Amman", + "usr/share/zoneinfo/Asia/Anadyr", + "usr/share/zoneinfo/Asia/Aqtau", + "usr/share/zoneinfo/Asia/Aqtobe", + "usr/share/zoneinfo/Asia/Ashgabat", + "usr/share/zoneinfo/Asia/Ashkhabad", + "usr/share/zoneinfo/Asia/Atyrau", + "usr/share/zoneinfo/Asia/Baghdad", + "usr/share/zoneinfo/Asia/Bahrain", + "usr/share/zoneinfo/Asia/Baku", + "usr/share/zoneinfo/Asia/Bangkok", + "usr/share/zoneinfo/Asia/Barnaul", + "usr/share/zoneinfo/Asia/Beirut", + "usr/share/zoneinfo/Asia/Bishkek", + "usr/share/zoneinfo/Asia/Brunei", + "usr/share/zoneinfo/Asia/Calcutta", + "usr/share/zoneinfo/Asia/Chita", + "usr/share/zoneinfo/Asia/Choibalsan", + "usr/share/zoneinfo/Asia/Chongqing", + "usr/share/zoneinfo/Asia/Chungking", + "usr/share/zoneinfo/Asia/Colombo", + "usr/share/zoneinfo/Asia/Dacca", + "usr/share/zoneinfo/Asia/Damascus", + "usr/share/zoneinfo/Asia/Dhaka", + "usr/share/zoneinfo/Asia/Dili", + "usr/share/zoneinfo/Asia/Dubai", + "usr/share/zoneinfo/Asia/Dushanbe", + "usr/share/zoneinfo/Asia/Famagusta", + "usr/share/zoneinfo/Asia/Gaza", + "usr/share/zoneinfo/Asia/Harbin", + "usr/share/zoneinfo/Asia/Hebron", + "usr/share/zoneinfo/Asia/Ho_Chi_Minh", + "usr/share/zoneinfo/Asia/Hong_Kong", + "usr/share/zoneinfo/Asia/Hovd", + "usr/share/zoneinfo/Asia/Irkutsk", + "usr/share/zoneinfo/Asia/Istanbul", + "usr/share/zoneinfo/Asia/Jakarta", + "usr/share/zoneinfo/Asia/Jayapura", + "usr/share/zoneinfo/Asia/Jerusalem", + "usr/share/zoneinfo/Asia/Kabul", + "usr/share/zoneinfo/Asia/Kamchatka", + "usr/share/zoneinfo/Asia/Karachi", + "usr/share/zoneinfo/Asia/Kashgar", + "usr/share/zoneinfo/Asia/Kathmandu", + "usr/share/zoneinfo/Asia/Katmandu", + "usr/share/zoneinfo/Asia/Khandyga", + "usr/share/zoneinfo/Asia/Kolkata", + "usr/share/zoneinfo/Asia/Krasnoyarsk", + "usr/share/zoneinfo/Asia/Kuala_Lumpur", + "usr/share/zoneinfo/Asia/Kuching", + "usr/share/zoneinfo/Asia/Kuwait", + "usr/share/zoneinfo/Asia/Macao", + "usr/share/zoneinfo/Asia/Macau", + "usr/share/zoneinfo/Asia/Magadan", + "usr/share/zoneinfo/Asia/Makassar", + "usr/share/zoneinfo/Asia/Manila", + "usr/share/zoneinfo/Asia/Muscat", + "usr/share/zoneinfo/Asia/Nicosia", + "usr/share/zoneinfo/Asia/Novokuznetsk", + "usr/share/zoneinfo/Asia/Novosibirsk", + "usr/share/zoneinfo/Asia/Omsk", + "usr/share/zoneinfo/Asia/Oral", + "usr/share/zoneinfo/Asia/Phnom_Penh", + "usr/share/zoneinfo/Asia/Pontianak", + "usr/share/zoneinfo/Asia/Pyongyang", + "usr/share/zoneinfo/Asia/Qatar", + "usr/share/zoneinfo/Asia/Qostanay", + "usr/share/zoneinfo/Asia/Qyzylorda", + "usr/share/zoneinfo/Asia/Rangoon", + "usr/share/zoneinfo/Asia/Riyadh", + "usr/share/zoneinfo/Asia/Saigon", + "usr/share/zoneinfo/Asia/Sakhalin", + "usr/share/zoneinfo/Asia/Samarkand", + "usr/share/zoneinfo/Asia/Seoul", + "usr/share/zoneinfo/Asia/Shanghai", + "usr/share/zoneinfo/Asia/Singapore", + "usr/share/zoneinfo/Asia/Srednekolymsk", + "usr/share/zoneinfo/Asia/Taipei", + "usr/share/zoneinfo/Asia/Tashkent", + "usr/share/zoneinfo/Asia/Tbilisi", + "usr/share/zoneinfo/Asia/Tehran", + "usr/share/zoneinfo/Asia/Tel_Aviv", + "usr/share/zoneinfo/Asia/Thimbu", + "usr/share/zoneinfo/Asia/Thimphu", + "usr/share/zoneinfo/Asia/Tokyo", + "usr/share/zoneinfo/Asia/Tomsk", + "usr/share/zoneinfo/Asia/Ujung_Pandang", + "usr/share/zoneinfo/Asia/Ulaanbaatar", + "usr/share/zoneinfo/Asia/Ulan_Bator", + "usr/share/zoneinfo/Asia/Urumqi", + "usr/share/zoneinfo/Asia/Ust-Nera", + "usr/share/zoneinfo/Asia/Vientiane", + "usr/share/zoneinfo/Asia/Vladivostok", + "usr/share/zoneinfo/Asia/Yakutsk", + "usr/share/zoneinfo/Asia/Yangon", + "usr/share/zoneinfo/Asia/Yekaterinburg", + "usr/share/zoneinfo/Asia/Yerevan", + "usr/share/zoneinfo/Atlantic/Azores", + "usr/share/zoneinfo/Atlantic/Bermuda", + "usr/share/zoneinfo/Atlantic/Canary", + "usr/share/zoneinfo/Atlantic/Cape_Verde", + "usr/share/zoneinfo/Atlantic/Faeroe", + "usr/share/zoneinfo/Atlantic/Faroe", + "usr/share/zoneinfo/Atlantic/Jan_Mayen", + "usr/share/zoneinfo/Atlantic/Madeira", + "usr/share/zoneinfo/Atlantic/Reykjavik", + "usr/share/zoneinfo/Atlantic/South_Georgia", + "usr/share/zoneinfo/Atlantic/St_Helena", + "usr/share/zoneinfo/Atlantic/Stanley", + "usr/share/zoneinfo/Australia/ACT", + "usr/share/zoneinfo/Australia/Adelaide", + "usr/share/zoneinfo/Australia/Brisbane", + "usr/share/zoneinfo/Australia/Broken_Hill", + "usr/share/zoneinfo/Australia/Canberra", + "usr/share/zoneinfo/Australia/Currie", + "usr/share/zoneinfo/Australia/Darwin", + "usr/share/zoneinfo/Australia/Eucla", + "usr/share/zoneinfo/Australia/Hobart", + "usr/share/zoneinfo/Australia/LHI", + "usr/share/zoneinfo/Australia/Lindeman", + "usr/share/zoneinfo/Australia/Lord_Howe", + "usr/share/zoneinfo/Australia/Melbourne", + "usr/share/zoneinfo/Australia/NSW", + "usr/share/zoneinfo/Australia/North", + "usr/share/zoneinfo/Australia/Perth", + "usr/share/zoneinfo/Australia/Queensland", + "usr/share/zoneinfo/Australia/South", + "usr/share/zoneinfo/Australia/Sydney", + "usr/share/zoneinfo/Australia/Tasmania", + "usr/share/zoneinfo/Australia/Victoria", + "usr/share/zoneinfo/Australia/West", + "usr/share/zoneinfo/Australia/Yancowinna", + "usr/share/zoneinfo/Brazil/Acre", + "usr/share/zoneinfo/Brazil/DeNoronha", + "usr/share/zoneinfo/Brazil/East", + "usr/share/zoneinfo/Brazil/West", + "usr/share/zoneinfo/Canada/Atlantic", + "usr/share/zoneinfo/Canada/Central", + "usr/share/zoneinfo/Canada/Eastern", + "usr/share/zoneinfo/Canada/Mountain", + "usr/share/zoneinfo/Canada/Newfoundland", + "usr/share/zoneinfo/Canada/Pacific", + "usr/share/zoneinfo/Canada/Saskatchewan", + "usr/share/zoneinfo/Canada/Yukon", + "usr/share/zoneinfo/Chile/Continental", + "usr/share/zoneinfo/Chile/EasterIsland", + "usr/share/zoneinfo/Etc/GMT", + "usr/share/zoneinfo/Etc/GMT+0", + "usr/share/zoneinfo/Etc/GMT+1", + "usr/share/zoneinfo/Etc/GMT+10", + "usr/share/zoneinfo/Etc/GMT+11", + "usr/share/zoneinfo/Etc/GMT+12", + "usr/share/zoneinfo/Etc/GMT+2", + "usr/share/zoneinfo/Etc/GMT+3", + "usr/share/zoneinfo/Etc/GMT+4", + "usr/share/zoneinfo/Etc/GMT+5", + "usr/share/zoneinfo/Etc/GMT+6", + "usr/share/zoneinfo/Etc/GMT+7", + "usr/share/zoneinfo/Etc/GMT+8", + "usr/share/zoneinfo/Etc/GMT+9", + "usr/share/zoneinfo/Etc/GMT-0", + "usr/share/zoneinfo/Etc/GMT-1", + "usr/share/zoneinfo/Etc/GMT-10", + "usr/share/zoneinfo/Etc/GMT-11", + "usr/share/zoneinfo/Etc/GMT-12", + "usr/share/zoneinfo/Etc/GMT-13", + "usr/share/zoneinfo/Etc/GMT-14", + "usr/share/zoneinfo/Etc/GMT-2", + "usr/share/zoneinfo/Etc/GMT-3", + "usr/share/zoneinfo/Etc/GMT-4", + "usr/share/zoneinfo/Etc/GMT-5", + "usr/share/zoneinfo/Etc/GMT-6", + "usr/share/zoneinfo/Etc/GMT-7", + "usr/share/zoneinfo/Etc/GMT-8", + "usr/share/zoneinfo/Etc/GMT-9", + "usr/share/zoneinfo/Etc/GMT0", + "usr/share/zoneinfo/Etc/Greenwich", + "usr/share/zoneinfo/Etc/UCT", + "usr/share/zoneinfo/Etc/UTC", + "usr/share/zoneinfo/Etc/Universal", + "usr/share/zoneinfo/Etc/Zulu", + "usr/share/zoneinfo/Europe/Amsterdam", + "usr/share/zoneinfo/Europe/Andorra", + "usr/share/zoneinfo/Europe/Astrakhan", + "usr/share/zoneinfo/Europe/Athens", + "usr/share/zoneinfo/Europe/Belfast", + "usr/share/zoneinfo/Europe/Belgrade", + "usr/share/zoneinfo/Europe/Berlin", + "usr/share/zoneinfo/Europe/Bratislava", + "usr/share/zoneinfo/Europe/Brussels", + "usr/share/zoneinfo/Europe/Bucharest", + "usr/share/zoneinfo/Europe/Budapest", + "usr/share/zoneinfo/Europe/Busingen", + "usr/share/zoneinfo/Europe/Chisinau", + "usr/share/zoneinfo/Europe/Copenhagen", + "usr/share/zoneinfo/Europe/Dublin", + "usr/share/zoneinfo/Europe/Gibraltar", + "usr/share/zoneinfo/Europe/Guernsey", + "usr/share/zoneinfo/Europe/Helsinki", + "usr/share/zoneinfo/Europe/Isle_of_Man", + "usr/share/zoneinfo/Europe/Istanbul", + "usr/share/zoneinfo/Europe/Jersey", + "usr/share/zoneinfo/Europe/Kaliningrad", + "usr/share/zoneinfo/Europe/Kiev", + "usr/share/zoneinfo/Europe/Kirov", + "usr/share/zoneinfo/Europe/Kyiv", + "usr/share/zoneinfo/Europe/Lisbon", + "usr/share/zoneinfo/Europe/Ljubljana", + "usr/share/zoneinfo/Europe/London", + "usr/share/zoneinfo/Europe/Luxembourg", + "usr/share/zoneinfo/Europe/Madrid", + "usr/share/zoneinfo/Europe/Malta", + "usr/share/zoneinfo/Europe/Mariehamn", + "usr/share/zoneinfo/Europe/Minsk", + "usr/share/zoneinfo/Europe/Monaco", + "usr/share/zoneinfo/Europe/Moscow", + "usr/share/zoneinfo/Europe/Nicosia", + "usr/share/zoneinfo/Europe/Oslo", + "usr/share/zoneinfo/Europe/Paris", + "usr/share/zoneinfo/Europe/Podgorica", + "usr/share/zoneinfo/Europe/Prague", + "usr/share/zoneinfo/Europe/Riga", + "usr/share/zoneinfo/Europe/Rome", + "usr/share/zoneinfo/Europe/Samara", + "usr/share/zoneinfo/Europe/San_Marino", + "usr/share/zoneinfo/Europe/Sarajevo", + "usr/share/zoneinfo/Europe/Saratov", + "usr/share/zoneinfo/Europe/Simferopol", + "usr/share/zoneinfo/Europe/Skopje", + "usr/share/zoneinfo/Europe/Sofia", + "usr/share/zoneinfo/Europe/Stockholm", + "usr/share/zoneinfo/Europe/Tallinn", + "usr/share/zoneinfo/Europe/Tirane", + "usr/share/zoneinfo/Europe/Tiraspol", + "usr/share/zoneinfo/Europe/Ulyanovsk", + "usr/share/zoneinfo/Europe/Uzhgorod", + "usr/share/zoneinfo/Europe/Vaduz", + "usr/share/zoneinfo/Europe/Vatican", + "usr/share/zoneinfo/Europe/Vienna", + "usr/share/zoneinfo/Europe/Vilnius", + "usr/share/zoneinfo/Europe/Volgograd", + "usr/share/zoneinfo/Europe/Warsaw", + "usr/share/zoneinfo/Europe/Zagreb", + "usr/share/zoneinfo/Europe/Zaporozhye", + "usr/share/zoneinfo/Europe/Zurich", + "usr/share/zoneinfo/Indian/Antananarivo", + "usr/share/zoneinfo/Indian/Chagos", + "usr/share/zoneinfo/Indian/Christmas", + "usr/share/zoneinfo/Indian/Cocos", + "usr/share/zoneinfo/Indian/Comoro", + "usr/share/zoneinfo/Indian/Kerguelen", + "usr/share/zoneinfo/Indian/Mahe", + "usr/share/zoneinfo/Indian/Maldives", + "usr/share/zoneinfo/Indian/Mauritius", + "usr/share/zoneinfo/Indian/Mayotte", + "usr/share/zoneinfo/Indian/Reunion", + "usr/share/zoneinfo/Mexico/BajaNorte", + "usr/share/zoneinfo/Mexico/BajaSur", + "usr/share/zoneinfo/Mexico/General", + "usr/share/zoneinfo/Pacific/Apia", + "usr/share/zoneinfo/Pacific/Auckland", + "usr/share/zoneinfo/Pacific/Bougainville", + "usr/share/zoneinfo/Pacific/Chatham", + "usr/share/zoneinfo/Pacific/Chuuk", + "usr/share/zoneinfo/Pacific/Easter", + "usr/share/zoneinfo/Pacific/Efate", + "usr/share/zoneinfo/Pacific/Enderbury", + "usr/share/zoneinfo/Pacific/Fakaofo", + "usr/share/zoneinfo/Pacific/Fiji", + "usr/share/zoneinfo/Pacific/Funafuti", + "usr/share/zoneinfo/Pacific/Galapagos", + "usr/share/zoneinfo/Pacific/Gambier", + "usr/share/zoneinfo/Pacific/Guadalcanal", + "usr/share/zoneinfo/Pacific/Guam", + "usr/share/zoneinfo/Pacific/Honolulu", + "usr/share/zoneinfo/Pacific/Johnston", + "usr/share/zoneinfo/Pacific/Kanton", + "usr/share/zoneinfo/Pacific/Kiritimati", + "usr/share/zoneinfo/Pacific/Kosrae", + "usr/share/zoneinfo/Pacific/Kwajalein", + "usr/share/zoneinfo/Pacific/Majuro", + "usr/share/zoneinfo/Pacific/Marquesas", + "usr/share/zoneinfo/Pacific/Midway", + "usr/share/zoneinfo/Pacific/Nauru", + "usr/share/zoneinfo/Pacific/Niue", + "usr/share/zoneinfo/Pacific/Norfolk", + "usr/share/zoneinfo/Pacific/Noumea", + "usr/share/zoneinfo/Pacific/Pago_Pago", + "usr/share/zoneinfo/Pacific/Palau", + "usr/share/zoneinfo/Pacific/Pitcairn", + "usr/share/zoneinfo/Pacific/Pohnpei", + "usr/share/zoneinfo/Pacific/Ponape", + "usr/share/zoneinfo/Pacific/Port_Moresby", + "usr/share/zoneinfo/Pacific/Rarotonga", + "usr/share/zoneinfo/Pacific/Saipan", + "usr/share/zoneinfo/Pacific/Samoa", + "usr/share/zoneinfo/Pacific/Tahiti", + "usr/share/zoneinfo/Pacific/Tarawa", + "usr/share/zoneinfo/Pacific/Tongatapu", + "usr/share/zoneinfo/Pacific/Truk", + "usr/share/zoneinfo/Pacific/Wake", + "usr/share/zoneinfo/Pacific/Wallis", + "usr/share/zoneinfo/Pacific/Yap", + "usr/share/zoneinfo/US/Alaska", + "usr/share/zoneinfo/US/Aleutian", + "usr/share/zoneinfo/US/Arizona", + "usr/share/zoneinfo/US/Central", + "usr/share/zoneinfo/US/East-Indiana", + "usr/share/zoneinfo/US/Eastern", + "usr/share/zoneinfo/US/Hawaii", + "usr/share/zoneinfo/US/Indiana-Starke", + "usr/share/zoneinfo/US/Michigan", + "usr/share/zoneinfo/US/Mountain", + "usr/share/zoneinfo/US/Pacific", + "usr/share/zoneinfo/US/Samoa", + "usr/share/zoneinfo/right/CET", + "usr/share/zoneinfo/right/CST6CDT", + "usr/share/zoneinfo/right/Cuba", + "usr/share/zoneinfo/right/EET", + "usr/share/zoneinfo/right/EST", + "usr/share/zoneinfo/right/EST5EDT", + "usr/share/zoneinfo/right/Egypt", + "usr/share/zoneinfo/right/Eire", + "usr/share/zoneinfo/right/Factory", + "usr/share/zoneinfo/right/GB", + "usr/share/zoneinfo/right/GB-Eire", + "usr/share/zoneinfo/right/GMT", + "usr/share/zoneinfo/right/GMT+0", + "usr/share/zoneinfo/right/GMT-0", + "usr/share/zoneinfo/right/GMT0", + "usr/share/zoneinfo/right/Greenwich", + "usr/share/zoneinfo/right/HST", + "usr/share/zoneinfo/right/Hongkong", + "usr/share/zoneinfo/right/Iceland", + "usr/share/zoneinfo/right/Iran", + "usr/share/zoneinfo/right/Israel", + "usr/share/zoneinfo/right/Jamaica", + "usr/share/zoneinfo/right/Japan", + "usr/share/zoneinfo/right/Kwajalein", + "usr/share/zoneinfo/right/Libya", + "usr/share/zoneinfo/right/MET", + "usr/share/zoneinfo/right/MST", + "usr/share/zoneinfo/right/MST7MDT", + "usr/share/zoneinfo/right/NZ", + "usr/share/zoneinfo/right/NZ-CHAT", + "usr/share/zoneinfo/right/Navajo", + "usr/share/zoneinfo/right/PRC", + "usr/share/zoneinfo/right/PST8PDT", + "usr/share/zoneinfo/right/Poland", + "usr/share/zoneinfo/right/Portugal", + "usr/share/zoneinfo/right/ROC", + "usr/share/zoneinfo/right/ROK", + "usr/share/zoneinfo/right/Singapore", + "usr/share/zoneinfo/right/Turkey", + "usr/share/zoneinfo/right/UCT", + "usr/share/zoneinfo/right/UTC", + "usr/share/zoneinfo/right/Universal", + "usr/share/zoneinfo/right/W-SU", + "usr/share/zoneinfo/right/WET", + "usr/share/zoneinfo/right/Zulu", + "usr/share/zoneinfo/right/Africa/Abidjan", + "usr/share/zoneinfo/right/Africa/Accra", + "usr/share/zoneinfo/right/Africa/Addis_Ababa", + "usr/share/zoneinfo/right/Africa/Algiers", + "usr/share/zoneinfo/right/Africa/Asmara", + "usr/share/zoneinfo/right/Africa/Asmera", + "usr/share/zoneinfo/right/Africa/Bamako", + "usr/share/zoneinfo/right/Africa/Bangui", + "usr/share/zoneinfo/right/Africa/Banjul", + "usr/share/zoneinfo/right/Africa/Bissau", + "usr/share/zoneinfo/right/Africa/Blantyre", + "usr/share/zoneinfo/right/Africa/Brazzaville", + "usr/share/zoneinfo/right/Africa/Bujumbura", + "usr/share/zoneinfo/right/Africa/Cairo", + "usr/share/zoneinfo/right/Africa/Casablanca", + "usr/share/zoneinfo/right/Africa/Ceuta", + "usr/share/zoneinfo/right/Africa/Conakry", + "usr/share/zoneinfo/right/Africa/Dakar", + "usr/share/zoneinfo/right/Africa/Dar_es_Salaam", + "usr/share/zoneinfo/right/Africa/Djibouti", + "usr/share/zoneinfo/right/Africa/Douala", + "usr/share/zoneinfo/right/Africa/El_Aaiun", + "usr/share/zoneinfo/right/Africa/Freetown", + "usr/share/zoneinfo/right/Africa/Gaborone", + "usr/share/zoneinfo/right/Africa/Harare", + "usr/share/zoneinfo/right/Africa/Johannesburg", + "usr/share/zoneinfo/right/Africa/Juba", + "usr/share/zoneinfo/right/Africa/Kampala", + "usr/share/zoneinfo/right/Africa/Khartoum", + "usr/share/zoneinfo/right/Africa/Kigali", + "usr/share/zoneinfo/right/Africa/Kinshasa", + "usr/share/zoneinfo/right/Africa/Lagos", + "usr/share/zoneinfo/right/Africa/Libreville", + "usr/share/zoneinfo/right/Africa/Lome", + "usr/share/zoneinfo/right/Africa/Luanda", + "usr/share/zoneinfo/right/Africa/Lubumbashi", + "usr/share/zoneinfo/right/Africa/Lusaka", + "usr/share/zoneinfo/right/Africa/Malabo", + "usr/share/zoneinfo/right/Africa/Maputo", + "usr/share/zoneinfo/right/Africa/Maseru", + "usr/share/zoneinfo/right/Africa/Mbabane", + "usr/share/zoneinfo/right/Africa/Mogadishu", + "usr/share/zoneinfo/right/Africa/Monrovia", + "usr/share/zoneinfo/right/Africa/Nairobi", + "usr/share/zoneinfo/right/Africa/Ndjamena", + "usr/share/zoneinfo/right/Africa/Niamey", + "usr/share/zoneinfo/right/Africa/Nouakchott", + "usr/share/zoneinfo/right/Africa/Ouagadougou", + "usr/share/zoneinfo/right/Africa/Porto-Novo", + "usr/share/zoneinfo/right/Africa/Sao_Tome", + "usr/share/zoneinfo/right/Africa/Timbuktu", + "usr/share/zoneinfo/right/Africa/Tripoli", + "usr/share/zoneinfo/right/Africa/Tunis", + "usr/share/zoneinfo/right/Africa/Windhoek", + "usr/share/zoneinfo/right/America/Adak", + "usr/share/zoneinfo/right/America/Anchorage", + "usr/share/zoneinfo/right/America/Anguilla", + "usr/share/zoneinfo/right/America/Antigua", + "usr/share/zoneinfo/right/America/Araguaina", + "usr/share/zoneinfo/right/America/Aruba", + "usr/share/zoneinfo/right/America/Asuncion", + "usr/share/zoneinfo/right/America/Atikokan", + "usr/share/zoneinfo/right/America/Atka", + "usr/share/zoneinfo/right/America/Bahia", + "usr/share/zoneinfo/right/America/Bahia_Banderas", + "usr/share/zoneinfo/right/America/Barbados", + "usr/share/zoneinfo/right/America/Belem", + "usr/share/zoneinfo/right/America/Belize", + "usr/share/zoneinfo/right/America/Blanc-Sablon", + "usr/share/zoneinfo/right/America/Boa_Vista", + "usr/share/zoneinfo/right/America/Bogota", + "usr/share/zoneinfo/right/America/Boise", + "usr/share/zoneinfo/right/America/Buenos_Aires", + "usr/share/zoneinfo/right/America/Cambridge_Bay", + "usr/share/zoneinfo/right/America/Campo_Grande", + "usr/share/zoneinfo/right/America/Cancun", + "usr/share/zoneinfo/right/America/Caracas", + "usr/share/zoneinfo/right/America/Catamarca", + "usr/share/zoneinfo/right/America/Cayenne", + "usr/share/zoneinfo/right/America/Cayman", + "usr/share/zoneinfo/right/America/Chicago", + "usr/share/zoneinfo/right/America/Chihuahua", + "usr/share/zoneinfo/right/America/Ciudad_Juarez", + "usr/share/zoneinfo/right/America/Coral_Harbour", + "usr/share/zoneinfo/right/America/Cordoba", + "usr/share/zoneinfo/right/America/Costa_Rica", + "usr/share/zoneinfo/right/America/Creston", + "usr/share/zoneinfo/right/America/Cuiaba", + "usr/share/zoneinfo/right/America/Curacao", + "usr/share/zoneinfo/right/America/Danmarkshavn", + "usr/share/zoneinfo/right/America/Dawson", + "usr/share/zoneinfo/right/America/Dawson_Creek", + "usr/share/zoneinfo/right/America/Denver", + "usr/share/zoneinfo/right/America/Detroit", + "usr/share/zoneinfo/right/America/Dominica", + "usr/share/zoneinfo/right/America/Edmonton", + "usr/share/zoneinfo/right/America/Eirunepe", + "usr/share/zoneinfo/right/America/El_Salvador", + "usr/share/zoneinfo/right/America/Ensenada", + "usr/share/zoneinfo/right/America/Fort_Nelson", + "usr/share/zoneinfo/right/America/Fort_Wayne", + "usr/share/zoneinfo/right/America/Fortaleza", + "usr/share/zoneinfo/right/America/Glace_Bay", + "usr/share/zoneinfo/right/America/Godthab", + "usr/share/zoneinfo/right/America/Goose_Bay", + "usr/share/zoneinfo/right/America/Grand_Turk", + "usr/share/zoneinfo/right/America/Grenada", + "usr/share/zoneinfo/right/America/Guadeloupe", + "usr/share/zoneinfo/right/America/Guatemala", + "usr/share/zoneinfo/right/America/Guayaquil", + "usr/share/zoneinfo/right/America/Guyana", + "usr/share/zoneinfo/right/America/Halifax", + "usr/share/zoneinfo/right/America/Havana", + "usr/share/zoneinfo/right/America/Hermosillo", + "usr/share/zoneinfo/right/America/Indianapolis", + "usr/share/zoneinfo/right/America/Inuvik", + "usr/share/zoneinfo/right/America/Iqaluit", + "usr/share/zoneinfo/right/America/Jamaica", + "usr/share/zoneinfo/right/America/Jujuy", + "usr/share/zoneinfo/right/America/Juneau", + "usr/share/zoneinfo/right/America/Knox_IN", + "usr/share/zoneinfo/right/America/Kralendijk", + "usr/share/zoneinfo/right/America/La_Paz", + "usr/share/zoneinfo/right/America/Lima", + "usr/share/zoneinfo/right/America/Los_Angeles", + "usr/share/zoneinfo/right/America/Louisville", + "usr/share/zoneinfo/right/America/Lower_Princes", + "usr/share/zoneinfo/right/America/Maceio", + "usr/share/zoneinfo/right/America/Managua", + "usr/share/zoneinfo/right/America/Manaus", + "usr/share/zoneinfo/right/America/Marigot", + "usr/share/zoneinfo/right/America/Martinique", + "usr/share/zoneinfo/right/America/Matamoros", + "usr/share/zoneinfo/right/America/Mazatlan", + "usr/share/zoneinfo/right/America/Mendoza", + "usr/share/zoneinfo/right/America/Menominee", + "usr/share/zoneinfo/right/America/Merida", + "usr/share/zoneinfo/right/America/Metlakatla", + "usr/share/zoneinfo/right/America/Mexico_City", + "usr/share/zoneinfo/right/America/Miquelon", + "usr/share/zoneinfo/right/America/Moncton", + "usr/share/zoneinfo/right/America/Monterrey", + "usr/share/zoneinfo/right/America/Montevideo", + "usr/share/zoneinfo/right/America/Montreal", + "usr/share/zoneinfo/right/America/Montserrat", + "usr/share/zoneinfo/right/America/Nassau", + "usr/share/zoneinfo/right/America/New_York", + "usr/share/zoneinfo/right/America/Nipigon", + "usr/share/zoneinfo/right/America/Nome", + "usr/share/zoneinfo/right/America/Noronha", + "usr/share/zoneinfo/right/America/Nuuk", + "usr/share/zoneinfo/right/America/Ojinaga", + "usr/share/zoneinfo/right/America/Panama", + "usr/share/zoneinfo/right/America/Pangnirtung", + "usr/share/zoneinfo/right/America/Paramaribo", + "usr/share/zoneinfo/right/America/Phoenix", + "usr/share/zoneinfo/right/America/Port-au-Prince", + "usr/share/zoneinfo/right/America/Port_of_Spain", + "usr/share/zoneinfo/right/America/Porto_Acre", + "usr/share/zoneinfo/right/America/Porto_Velho", + "usr/share/zoneinfo/right/America/Puerto_Rico", + "usr/share/zoneinfo/right/America/Punta_Arenas", + "usr/share/zoneinfo/right/America/Rainy_River", + "usr/share/zoneinfo/right/America/Rankin_Inlet", + "usr/share/zoneinfo/right/America/Recife", + "usr/share/zoneinfo/right/America/Regina", + "usr/share/zoneinfo/right/America/Resolute", + "usr/share/zoneinfo/right/America/Rio_Branco", + "usr/share/zoneinfo/right/America/Rosario", + "usr/share/zoneinfo/right/America/Santa_Isabel", + "usr/share/zoneinfo/right/America/Santarem", + "usr/share/zoneinfo/right/America/Santiago", + "usr/share/zoneinfo/right/America/Santo_Domingo", + "usr/share/zoneinfo/right/America/Sao_Paulo", + "usr/share/zoneinfo/right/America/Scoresbysund", + "usr/share/zoneinfo/right/America/Shiprock", + "usr/share/zoneinfo/right/America/Sitka", + "usr/share/zoneinfo/right/America/St_Barthelemy", + "usr/share/zoneinfo/right/America/St_Johns", + "usr/share/zoneinfo/right/America/St_Kitts", + "usr/share/zoneinfo/right/America/St_Lucia", + "usr/share/zoneinfo/right/America/St_Thomas", + "usr/share/zoneinfo/right/America/St_Vincent", + "usr/share/zoneinfo/right/America/Swift_Current", + "usr/share/zoneinfo/right/America/Tegucigalpa", + "usr/share/zoneinfo/right/America/Thule", + "usr/share/zoneinfo/right/America/Thunder_Bay", + "usr/share/zoneinfo/right/America/Tijuana", + "usr/share/zoneinfo/right/America/Toronto", + "usr/share/zoneinfo/right/America/Tortola", + "usr/share/zoneinfo/right/America/Vancouver", + "usr/share/zoneinfo/right/America/Virgin", + "usr/share/zoneinfo/right/America/Whitehorse", + "usr/share/zoneinfo/right/America/Winnipeg", + "usr/share/zoneinfo/right/America/Yakutat", + "usr/share/zoneinfo/right/America/Yellowknife", + "usr/share/zoneinfo/right/America/Argentina/Buenos_Aires", + "usr/share/zoneinfo/right/America/Argentina/Catamarca", + "usr/share/zoneinfo/right/America/Argentina/ComodRivadavia", + "usr/share/zoneinfo/right/America/Argentina/Cordoba", + "usr/share/zoneinfo/right/America/Argentina/Jujuy", + "usr/share/zoneinfo/right/America/Argentina/La_Rioja", + "usr/share/zoneinfo/right/America/Argentina/Mendoza", + "usr/share/zoneinfo/right/America/Argentina/Rio_Gallegos", + "usr/share/zoneinfo/right/America/Argentina/Salta", + "usr/share/zoneinfo/right/America/Argentina/San_Juan", + "usr/share/zoneinfo/right/America/Argentina/San_Luis", + "usr/share/zoneinfo/right/America/Argentina/Tucuman", + "usr/share/zoneinfo/right/America/Argentina/Ushuaia", + "usr/share/zoneinfo/right/America/Indiana/Indianapolis", + "usr/share/zoneinfo/right/America/Indiana/Knox", + "usr/share/zoneinfo/right/America/Indiana/Marengo", + "usr/share/zoneinfo/right/America/Indiana/Petersburg", + "usr/share/zoneinfo/right/America/Indiana/Tell_City", + "usr/share/zoneinfo/right/America/Indiana/Vevay", + "usr/share/zoneinfo/right/America/Indiana/Vincennes", + "usr/share/zoneinfo/right/America/Indiana/Winamac", + "usr/share/zoneinfo/right/America/Kentucky/Louisville", + "usr/share/zoneinfo/right/America/Kentucky/Monticello", + "usr/share/zoneinfo/right/America/North_Dakota/Beulah", + "usr/share/zoneinfo/right/America/North_Dakota/Center", + "usr/share/zoneinfo/right/America/North_Dakota/New_Salem", + "usr/share/zoneinfo/right/Antarctica/Casey", + "usr/share/zoneinfo/right/Antarctica/Davis", + "usr/share/zoneinfo/right/Antarctica/DumontDUrville", + "usr/share/zoneinfo/right/Antarctica/Macquarie", + "usr/share/zoneinfo/right/Antarctica/Mawson", + "usr/share/zoneinfo/right/Antarctica/McMurdo", + "usr/share/zoneinfo/right/Antarctica/Palmer", + "usr/share/zoneinfo/right/Antarctica/Rothera", + "usr/share/zoneinfo/right/Antarctica/South_Pole", + "usr/share/zoneinfo/right/Antarctica/Syowa", + "usr/share/zoneinfo/right/Antarctica/Troll", + "usr/share/zoneinfo/right/Antarctica/Vostok", + "usr/share/zoneinfo/right/Arctic/Longyearbyen", + "usr/share/zoneinfo/right/Asia/Aden", + "usr/share/zoneinfo/right/Asia/Almaty", + "usr/share/zoneinfo/right/Asia/Amman", + "usr/share/zoneinfo/right/Asia/Anadyr", + "usr/share/zoneinfo/right/Asia/Aqtau", + "usr/share/zoneinfo/right/Asia/Aqtobe", + "usr/share/zoneinfo/right/Asia/Ashgabat", + "usr/share/zoneinfo/right/Asia/Ashkhabad", + "usr/share/zoneinfo/right/Asia/Atyrau", + "usr/share/zoneinfo/right/Asia/Baghdad", + "usr/share/zoneinfo/right/Asia/Bahrain", + "usr/share/zoneinfo/right/Asia/Baku", + "usr/share/zoneinfo/right/Asia/Bangkok", + "usr/share/zoneinfo/right/Asia/Barnaul", + "usr/share/zoneinfo/right/Asia/Beirut", + "usr/share/zoneinfo/right/Asia/Bishkek", + "usr/share/zoneinfo/right/Asia/Brunei", + "usr/share/zoneinfo/right/Asia/Calcutta", + "usr/share/zoneinfo/right/Asia/Chita", + "usr/share/zoneinfo/right/Asia/Choibalsan", + "usr/share/zoneinfo/right/Asia/Chongqing", + "usr/share/zoneinfo/right/Asia/Chungking", + "usr/share/zoneinfo/right/Asia/Colombo", + "usr/share/zoneinfo/right/Asia/Dacca", + "usr/share/zoneinfo/right/Asia/Damascus", + "usr/share/zoneinfo/right/Asia/Dhaka", + "usr/share/zoneinfo/right/Asia/Dili", + "usr/share/zoneinfo/right/Asia/Dubai", + "usr/share/zoneinfo/right/Asia/Dushanbe", + "usr/share/zoneinfo/right/Asia/Famagusta", + "usr/share/zoneinfo/right/Asia/Gaza", + "usr/share/zoneinfo/right/Asia/Harbin", + "usr/share/zoneinfo/right/Asia/Hebron", + "usr/share/zoneinfo/right/Asia/Ho_Chi_Minh", + "usr/share/zoneinfo/right/Asia/Hong_Kong", + "usr/share/zoneinfo/right/Asia/Hovd", + "usr/share/zoneinfo/right/Asia/Irkutsk", + "usr/share/zoneinfo/right/Asia/Istanbul", + "usr/share/zoneinfo/right/Asia/Jakarta", + "usr/share/zoneinfo/right/Asia/Jayapura", + "usr/share/zoneinfo/right/Asia/Jerusalem", + "usr/share/zoneinfo/right/Asia/Kabul", + "usr/share/zoneinfo/right/Asia/Kamchatka", + "usr/share/zoneinfo/right/Asia/Karachi", + "usr/share/zoneinfo/right/Asia/Kashgar", + "usr/share/zoneinfo/right/Asia/Kathmandu", + "usr/share/zoneinfo/right/Asia/Katmandu", + "usr/share/zoneinfo/right/Asia/Khandyga", + "usr/share/zoneinfo/right/Asia/Kolkata", + "usr/share/zoneinfo/right/Asia/Krasnoyarsk", + "usr/share/zoneinfo/right/Asia/Kuala_Lumpur", + "usr/share/zoneinfo/right/Asia/Kuching", + "usr/share/zoneinfo/right/Asia/Kuwait", + "usr/share/zoneinfo/right/Asia/Macao", + "usr/share/zoneinfo/right/Asia/Macau", + "usr/share/zoneinfo/right/Asia/Magadan", + "usr/share/zoneinfo/right/Asia/Makassar", + "usr/share/zoneinfo/right/Asia/Manila", + "usr/share/zoneinfo/right/Asia/Muscat", + "usr/share/zoneinfo/right/Asia/Nicosia", + "usr/share/zoneinfo/right/Asia/Novokuznetsk", + "usr/share/zoneinfo/right/Asia/Novosibirsk", + "usr/share/zoneinfo/right/Asia/Omsk", + "usr/share/zoneinfo/right/Asia/Oral", + "usr/share/zoneinfo/right/Asia/Phnom_Penh", + "usr/share/zoneinfo/right/Asia/Pontianak", + "usr/share/zoneinfo/right/Asia/Pyongyang", + "usr/share/zoneinfo/right/Asia/Qatar", + "usr/share/zoneinfo/right/Asia/Qostanay", + "usr/share/zoneinfo/right/Asia/Qyzylorda", + "usr/share/zoneinfo/right/Asia/Rangoon", + "usr/share/zoneinfo/right/Asia/Riyadh", + "usr/share/zoneinfo/right/Asia/Saigon", + "usr/share/zoneinfo/right/Asia/Sakhalin", + "usr/share/zoneinfo/right/Asia/Samarkand", + "usr/share/zoneinfo/right/Asia/Seoul", + "usr/share/zoneinfo/right/Asia/Shanghai", + "usr/share/zoneinfo/right/Asia/Singapore", + "usr/share/zoneinfo/right/Asia/Srednekolymsk", + "usr/share/zoneinfo/right/Asia/Taipei", + "usr/share/zoneinfo/right/Asia/Tashkent", + "usr/share/zoneinfo/right/Asia/Tbilisi", + "usr/share/zoneinfo/right/Asia/Tehran", + "usr/share/zoneinfo/right/Asia/Tel_Aviv", + "usr/share/zoneinfo/right/Asia/Thimbu", + "usr/share/zoneinfo/right/Asia/Thimphu", + "usr/share/zoneinfo/right/Asia/Tokyo", + "usr/share/zoneinfo/right/Asia/Tomsk", + "usr/share/zoneinfo/right/Asia/Ujung_Pandang", + "usr/share/zoneinfo/right/Asia/Ulaanbaatar", + "usr/share/zoneinfo/right/Asia/Ulan_Bator", + "usr/share/zoneinfo/right/Asia/Urumqi", + "usr/share/zoneinfo/right/Asia/Ust-Nera", + "usr/share/zoneinfo/right/Asia/Vientiane", + "usr/share/zoneinfo/right/Asia/Vladivostok", + "usr/share/zoneinfo/right/Asia/Yakutsk", + "usr/share/zoneinfo/right/Asia/Yangon", + "usr/share/zoneinfo/right/Asia/Yekaterinburg", + "usr/share/zoneinfo/right/Asia/Yerevan", + "usr/share/zoneinfo/right/Atlantic/Azores", + "usr/share/zoneinfo/right/Atlantic/Bermuda", + "usr/share/zoneinfo/right/Atlantic/Canary", + "usr/share/zoneinfo/right/Atlantic/Cape_Verde", + "usr/share/zoneinfo/right/Atlantic/Faeroe", + "usr/share/zoneinfo/right/Atlantic/Faroe", + "usr/share/zoneinfo/right/Atlantic/Jan_Mayen", + "usr/share/zoneinfo/right/Atlantic/Madeira", + "usr/share/zoneinfo/right/Atlantic/Reykjavik", + "usr/share/zoneinfo/right/Atlantic/South_Georgia", + "usr/share/zoneinfo/right/Atlantic/St_Helena", + "usr/share/zoneinfo/right/Atlantic/Stanley", + "usr/share/zoneinfo/right/Australia/ACT", + "usr/share/zoneinfo/right/Australia/Adelaide", + "usr/share/zoneinfo/right/Australia/Brisbane", + "usr/share/zoneinfo/right/Australia/Broken_Hill", + "usr/share/zoneinfo/right/Australia/Canberra", + "usr/share/zoneinfo/right/Australia/Currie", + "usr/share/zoneinfo/right/Australia/Darwin", + "usr/share/zoneinfo/right/Australia/Eucla", + "usr/share/zoneinfo/right/Australia/Hobart", + "usr/share/zoneinfo/right/Australia/LHI", + "usr/share/zoneinfo/right/Australia/Lindeman", + "usr/share/zoneinfo/right/Australia/Lord_Howe", + "usr/share/zoneinfo/right/Australia/Melbourne", + "usr/share/zoneinfo/right/Australia/NSW", + "usr/share/zoneinfo/right/Australia/North", + "usr/share/zoneinfo/right/Australia/Perth", + "usr/share/zoneinfo/right/Australia/Queensland", + "usr/share/zoneinfo/right/Australia/South", + "usr/share/zoneinfo/right/Australia/Sydney", + "usr/share/zoneinfo/right/Australia/Tasmania", + "usr/share/zoneinfo/right/Australia/Victoria", + "usr/share/zoneinfo/right/Australia/West", + "usr/share/zoneinfo/right/Australia/Yancowinna", + "usr/share/zoneinfo/right/Brazil/Acre", + "usr/share/zoneinfo/right/Brazil/DeNoronha", + "usr/share/zoneinfo/right/Brazil/East", + "usr/share/zoneinfo/right/Brazil/West", + "usr/share/zoneinfo/right/Canada/Atlantic", + "usr/share/zoneinfo/right/Canada/Central", + "usr/share/zoneinfo/right/Canada/Eastern", + "usr/share/zoneinfo/right/Canada/Mountain", + "usr/share/zoneinfo/right/Canada/Newfoundland", + "usr/share/zoneinfo/right/Canada/Pacific", + "usr/share/zoneinfo/right/Canada/Saskatchewan", + "usr/share/zoneinfo/right/Canada/Yukon", + "usr/share/zoneinfo/right/Chile/Continental", + "usr/share/zoneinfo/right/Chile/EasterIsland", + "usr/share/zoneinfo/right/Etc/GMT", + "usr/share/zoneinfo/right/Etc/GMT+0", + "usr/share/zoneinfo/right/Etc/GMT+1", + "usr/share/zoneinfo/right/Etc/GMT+10", + "usr/share/zoneinfo/right/Etc/GMT+11", + "usr/share/zoneinfo/right/Etc/GMT+12", + "usr/share/zoneinfo/right/Etc/GMT+2", + "usr/share/zoneinfo/right/Etc/GMT+3", + "usr/share/zoneinfo/right/Etc/GMT+4", + "usr/share/zoneinfo/right/Etc/GMT+5", + "usr/share/zoneinfo/right/Etc/GMT+6", + "usr/share/zoneinfo/right/Etc/GMT+7", + "usr/share/zoneinfo/right/Etc/GMT+8", + "usr/share/zoneinfo/right/Etc/GMT+9", + "usr/share/zoneinfo/right/Etc/GMT-0", + "usr/share/zoneinfo/right/Etc/GMT-1", + "usr/share/zoneinfo/right/Etc/GMT-10", + "usr/share/zoneinfo/right/Etc/GMT-11", + "usr/share/zoneinfo/right/Etc/GMT-12", + "usr/share/zoneinfo/right/Etc/GMT-13", + "usr/share/zoneinfo/right/Etc/GMT-14", + "usr/share/zoneinfo/right/Etc/GMT-2", + "usr/share/zoneinfo/right/Etc/GMT-3", + "usr/share/zoneinfo/right/Etc/GMT-4", + "usr/share/zoneinfo/right/Etc/GMT-5", + "usr/share/zoneinfo/right/Etc/GMT-6", + "usr/share/zoneinfo/right/Etc/GMT-7", + "usr/share/zoneinfo/right/Etc/GMT-8", + "usr/share/zoneinfo/right/Etc/GMT-9", + "usr/share/zoneinfo/right/Etc/GMT0", + "usr/share/zoneinfo/right/Etc/Greenwich", + "usr/share/zoneinfo/right/Etc/UCT", + "usr/share/zoneinfo/right/Etc/UTC", + "usr/share/zoneinfo/right/Etc/Universal", + "usr/share/zoneinfo/right/Etc/Zulu", + "usr/share/zoneinfo/right/Europe/Amsterdam", + "usr/share/zoneinfo/right/Europe/Andorra", + "usr/share/zoneinfo/right/Europe/Astrakhan", + "usr/share/zoneinfo/right/Europe/Athens", + "usr/share/zoneinfo/right/Europe/Belfast", + "usr/share/zoneinfo/right/Europe/Belgrade", + "usr/share/zoneinfo/right/Europe/Berlin", + "usr/share/zoneinfo/right/Europe/Bratislava", + "usr/share/zoneinfo/right/Europe/Brussels", + "usr/share/zoneinfo/right/Europe/Bucharest", + "usr/share/zoneinfo/right/Europe/Budapest", + "usr/share/zoneinfo/right/Europe/Busingen", + "usr/share/zoneinfo/right/Europe/Chisinau", + "usr/share/zoneinfo/right/Europe/Copenhagen", + "usr/share/zoneinfo/right/Europe/Dublin", + "usr/share/zoneinfo/right/Europe/Gibraltar", + "usr/share/zoneinfo/right/Europe/Guernsey", + "usr/share/zoneinfo/right/Europe/Helsinki", + "usr/share/zoneinfo/right/Europe/Isle_of_Man", + "usr/share/zoneinfo/right/Europe/Istanbul", + "usr/share/zoneinfo/right/Europe/Jersey", + "usr/share/zoneinfo/right/Europe/Kaliningrad", + "usr/share/zoneinfo/right/Europe/Kiev", + "usr/share/zoneinfo/right/Europe/Kirov", + "usr/share/zoneinfo/right/Europe/Kyiv", + "usr/share/zoneinfo/right/Europe/Lisbon", + "usr/share/zoneinfo/right/Europe/Ljubljana", + "usr/share/zoneinfo/right/Europe/London", + "usr/share/zoneinfo/right/Europe/Luxembourg", + "usr/share/zoneinfo/right/Europe/Madrid", + "usr/share/zoneinfo/right/Europe/Malta", + "usr/share/zoneinfo/right/Europe/Mariehamn", + "usr/share/zoneinfo/right/Europe/Minsk", + "usr/share/zoneinfo/right/Europe/Monaco", + "usr/share/zoneinfo/right/Europe/Moscow", + "usr/share/zoneinfo/right/Europe/Nicosia", + "usr/share/zoneinfo/right/Europe/Oslo", + "usr/share/zoneinfo/right/Europe/Paris", + "usr/share/zoneinfo/right/Europe/Podgorica", + "usr/share/zoneinfo/right/Europe/Prague", + "usr/share/zoneinfo/right/Europe/Riga", + "usr/share/zoneinfo/right/Europe/Rome", + "usr/share/zoneinfo/right/Europe/Samara", + "usr/share/zoneinfo/right/Europe/San_Marino", + "usr/share/zoneinfo/right/Europe/Sarajevo", + "usr/share/zoneinfo/right/Europe/Saratov", + "usr/share/zoneinfo/right/Europe/Simferopol", + "usr/share/zoneinfo/right/Europe/Skopje", + "usr/share/zoneinfo/right/Europe/Sofia", + "usr/share/zoneinfo/right/Europe/Stockholm", + "usr/share/zoneinfo/right/Europe/Tallinn", + "usr/share/zoneinfo/right/Europe/Tirane", + "usr/share/zoneinfo/right/Europe/Tiraspol", + "usr/share/zoneinfo/right/Europe/Ulyanovsk", + "usr/share/zoneinfo/right/Europe/Uzhgorod", + "usr/share/zoneinfo/right/Europe/Vaduz", + "usr/share/zoneinfo/right/Europe/Vatican", + "usr/share/zoneinfo/right/Europe/Vienna", + "usr/share/zoneinfo/right/Europe/Vilnius", + "usr/share/zoneinfo/right/Europe/Volgograd", + "usr/share/zoneinfo/right/Europe/Warsaw", + "usr/share/zoneinfo/right/Europe/Zagreb", + "usr/share/zoneinfo/right/Europe/Zaporozhye", + "usr/share/zoneinfo/right/Europe/Zurich", + "usr/share/zoneinfo/right/Indian/Antananarivo", + "usr/share/zoneinfo/right/Indian/Chagos", + "usr/share/zoneinfo/right/Indian/Christmas", + "usr/share/zoneinfo/right/Indian/Cocos", + "usr/share/zoneinfo/right/Indian/Comoro", + "usr/share/zoneinfo/right/Indian/Kerguelen", + "usr/share/zoneinfo/right/Indian/Mahe", + "usr/share/zoneinfo/right/Indian/Maldives", + "usr/share/zoneinfo/right/Indian/Mauritius", + "usr/share/zoneinfo/right/Indian/Mayotte", + "usr/share/zoneinfo/right/Indian/Reunion", + "usr/share/zoneinfo/right/Mexico/BajaNorte", + "usr/share/zoneinfo/right/Mexico/BajaSur", + "usr/share/zoneinfo/right/Mexico/General", + "usr/share/zoneinfo/right/Pacific/Apia", + "usr/share/zoneinfo/right/Pacific/Auckland", + "usr/share/zoneinfo/right/Pacific/Bougainville", + "usr/share/zoneinfo/right/Pacific/Chatham", + "usr/share/zoneinfo/right/Pacific/Chuuk", + "usr/share/zoneinfo/right/Pacific/Easter", + "usr/share/zoneinfo/right/Pacific/Efate", + "usr/share/zoneinfo/right/Pacific/Enderbury", + "usr/share/zoneinfo/right/Pacific/Fakaofo", + "usr/share/zoneinfo/right/Pacific/Fiji", + "usr/share/zoneinfo/right/Pacific/Funafuti", + "usr/share/zoneinfo/right/Pacific/Galapagos", + "usr/share/zoneinfo/right/Pacific/Gambier", + "usr/share/zoneinfo/right/Pacific/Guadalcanal", + "usr/share/zoneinfo/right/Pacific/Guam", + "usr/share/zoneinfo/right/Pacific/Honolulu", + "usr/share/zoneinfo/right/Pacific/Johnston", + "usr/share/zoneinfo/right/Pacific/Kanton", + "usr/share/zoneinfo/right/Pacific/Kiritimati", + "usr/share/zoneinfo/right/Pacific/Kosrae", + "usr/share/zoneinfo/right/Pacific/Kwajalein", + "usr/share/zoneinfo/right/Pacific/Majuro", + "usr/share/zoneinfo/right/Pacific/Marquesas", + "usr/share/zoneinfo/right/Pacific/Midway", + "usr/share/zoneinfo/right/Pacific/Nauru", + "usr/share/zoneinfo/right/Pacific/Niue", + "usr/share/zoneinfo/right/Pacific/Norfolk", + "usr/share/zoneinfo/right/Pacific/Noumea", + "usr/share/zoneinfo/right/Pacific/Pago_Pago", + "usr/share/zoneinfo/right/Pacific/Palau", + "usr/share/zoneinfo/right/Pacific/Pitcairn", + "usr/share/zoneinfo/right/Pacific/Pohnpei", + "usr/share/zoneinfo/right/Pacific/Ponape", + "usr/share/zoneinfo/right/Pacific/Port_Moresby", + "usr/share/zoneinfo/right/Pacific/Rarotonga", + "usr/share/zoneinfo/right/Pacific/Saipan", + "usr/share/zoneinfo/right/Pacific/Samoa", + "usr/share/zoneinfo/right/Pacific/Tahiti", + "usr/share/zoneinfo/right/Pacific/Tarawa", + "usr/share/zoneinfo/right/Pacific/Tongatapu", + "usr/share/zoneinfo/right/Pacific/Truk", + "usr/share/zoneinfo/right/Pacific/Wake", + "usr/share/zoneinfo/right/Pacific/Wallis", + "usr/share/zoneinfo/right/Pacific/Yap", + "usr/share/zoneinfo/right/US/Alaska", + "usr/share/zoneinfo/right/US/Aleutian", + "usr/share/zoneinfo/right/US/Arizona", + "usr/share/zoneinfo/right/US/Central", + "usr/share/zoneinfo/right/US/East-Indiana", + "usr/share/zoneinfo/right/US/Eastern", + "usr/share/zoneinfo/right/US/Hawaii", + "usr/share/zoneinfo/right/US/Indiana-Starke", + "usr/share/zoneinfo/right/US/Michigan", + "usr/share/zoneinfo/right/US/Mountain", + "usr/share/zoneinfo/right/US/Pacific", + "usr/share/zoneinfo/right/US/Samoa" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "zlib@1.2.12-r3", + "Name": "zlib", + "Identifier": { + "PURL": "pkg:apk/alpine/zlib@1.2.12-r3?arch=x86_64\u0026distro=3.16.9", + "UID": "481df036f091f71" + }, + "Version": "1.2.12-r3", + "Arch": "x86_64", + "SrcName": "zlib", + "SrcVersion": "1.2.12-r3", + "Licenses": [ + "Zlib" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:a88dc8b54e91eb6b19695ef7e04865926d4df23004f414a3ee86978617492d4d", + "DiffID": "sha256:5535fda0356bb3eff348b2f618314a47946d7ccfbeb880b3fc910dd7375ae140" + }, + "Digest": "sha1:124baa9bfd023f2c0308a11b13086c3c2c3ecfd1", + "InstalledFiles": [ + "lib/libz.so.1", + "lib/libz.so.1.2.12" + ], + "AnalyzedBy": "apk" + } + ] + }, + { + "Target": "dinit", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "gitlab.com/tozd/dinit@v0.4.0", + "Name": "gitlab.com/tozd/dinit", + "Identifier": { + "PURL": "pkg:golang/gitlab.com/tozd/dinit@v0.4.0", + "UID": "a1067bcfdd058b2" + }, + "Version": "v0.4.0", + "Relationship": "root", + "DependsOn": [ + "github.com/google/uuid@v1.3.0", + "github.com/pkg/errors@v0.9.1", + "gitlab.com/tozd/go/errors@v0.7.2", + "gitlab.com/tozd/go/pcontrol@v0.3.0", + "golang.org/x/sync@v0.2.0", + "golang.org/x/sys@v0.9.0", + "stdlib@v1.25.1" + ], + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "stdlib@v1.25.1", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "Version": "v1.25.1", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/uuid@v1.3.0", + "Name": "github.com/google/uuid", + "Identifier": { + "PURL": "pkg:golang/github.com/google/uuid@v1.3.0", + "UID": "d35ecc168b92c1c" + }, + "Version": "v1.3.0", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pkg/errors@v0.9.1", + "Name": "github.com/pkg/errors", + "Identifier": { + "PURL": "pkg:golang/github.com/pkg/errors@v0.9.1", + "UID": "e40239b36ee6a731" + }, + "Version": "v0.9.1", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gitlab.com/tozd/go/errors@v0.7.2", + "Name": "gitlab.com/tozd/go/errors", + "Identifier": { + "PURL": "pkg:golang/gitlab.com/tozd/go/errors@v0.7.2", + "UID": "4b5d2f7d1cbb234b" + }, + "Version": "v0.7.2", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gitlab.com/tozd/go/pcontrol@v0.3.0", + "Name": "gitlab.com/tozd/go/pcontrol", + "Identifier": { + "PURL": "pkg:golang/gitlab.com/tozd/go/pcontrol@v0.3.0", + "UID": "74562aae0baeaea9" + }, + "Version": "v0.3.0", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sync@v0.2.0", + "Name": "golang.org/x/sync", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sync@v0.2.0", + "UID": "6e243ad87e7d686b" + }, + "Version": "v0.2.0", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sys@v0.9.0", + "Name": "golang.org/x/sys", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sys@v0.9.0", + "UID": "3321b921c95ead4c" + }, + "Version": "v0.9.0", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2025-68121", + "VendorIDs": [ + "GO-2026-4337" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b70c47b08082e8a079c83b0ad846073d691b884a30693661d69b9bd6969d5edd", + "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", + "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 4, + "cbl-mariner": 2, + "nvd": 4, + "oracle-oval": 3, + "photon": 4, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-68121", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://github.com/golang/go/issues/77113", + "https://go.dev/cl/737700", + "https://go.dev/issue/77217", + "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-68121.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", + "https://pkg.go.dev/vuln/GO-2026-4337", + "https://www.cve.org/CVERecord?id=CVE-2025-68121" + ], + "PublishedDate": "2026-02-05T18:16:10.857Z", + "LastModifiedDate": "2026-04-29T14:16:16.17Z" + }, + { + "VulnerabilityID": "CVE-2025-61726", + "VendorIDs": [ + "GO-2026-4341" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7b8b32dce2b69c643a121909af9b5555d20b038d384e0cff16260801e910db53", + "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", + "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 3, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-61726", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://go.dev/cl/736712", + "https://go.dev/issue/77101", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61726.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", + "https://pkg.go.dev/vuln/GO-2026-4341", + "https://www.cve.org/CVERecord?id=CVE-2025-61726" + ], + "PublishedDate": "2026-01-28T20:16:09.713Z", + "LastModifiedDate": "2026-02-06T18:47:34.52Z" + }, + { + "VulnerabilityID": "CVE-2025-61729", + "VendorIDs": [ + "GO-2025-4155" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3e2f92a48bc0c95d0996deda1b165efbbcf765b69f42f11cc412a3ce45cd98df", + "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", + "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 1, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3928", + "https://access.redhat.com/security/cve/CVE-2025-61729", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3928.html", + "https://errata.rockylinux.org/RLSA-2026:3928", + "https://go.dev/cl/725920", + "https://go.dev/issue/76445", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://linux.oracle.com/cve/CVE-2025-61729.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", + "https://pkg.go.dev/vuln/GO-2025-4155", + "https://www.cve.org/CVERecord?id=CVE-2025-61729" + ], + "PublishedDate": "2025-12-02T19:15:51.447Z", + "LastModifiedDate": "2025-12-19T18:25:28.283Z" + }, + { + "VulnerabilityID": "CVE-2026-25679", + "VendorIDs": [ + "GO-2026-4601" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:81e9c46ca60af61d6c82747690281a2ea1498538717001f4d647c8191ea13a22", + "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", + "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-425" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9044", + "https://access.redhat.com/security/cve/CVE-2026-25679", + "https://bugzilla.redhat.com/2445356", + "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", + "https://errata.almalinux.org/9/ALSA-2026-9044.html", + "https://errata.rockylinux.org/RLSA-2026:8841", + "https://go.dev/cl/752180", + "https://go.dev/issue/77578", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://linux.oracle.com/cve/CVE-2026-25679.html", + "https://linux.oracle.com/errata/ELSA-2026-9044.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", + "https://pkg.go.dev/vuln/GO-2026-4601", + "https://www.cve.org/CVERecord?id=CVE-2026-25679" + ], + "PublishedDate": "2026-03-06T22:16:00.72Z", + "LastModifiedDate": "2026-04-21T14:43:03.8Z" + }, + { + "VulnerabilityID": "CVE-2026-32280", + "VendorIDs": [ + "GO-2026-4947" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:eb2e805012f99d8e06300b15afb3fcd3a8e8429dc92926ea2fe15727c4d6e2bb", + "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", + "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32280", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/758320", + "https://go.dev/issue/78282", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32280.html", + "https://linux.oracle.com/errata/ELSA-2026-16875.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", + "https://pkg.go.dev/vuln/GO-2026-4947", + "https://www.cve.org/CVERecord?id=CVE-2026-32280" + ], + "PublishedDate": "2026-04-08T02:16:03.247Z", + "LastModifiedDate": "2026-04-16T19:16:42.18Z" + }, + { + "VulnerabilityID": "CVE-2026-32281", + "VendorIDs": [ + "GO-2026-4946" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:0eb95a8db5701af739fd24a3c1750cfb3b6002ae1cad87c1ac9afd58e250c6b9", + "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", + "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32281", + "https://go.dev/cl/758061", + "https://go.dev/issue/78281", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", + "https://pkg.go.dev/vuln/GO-2026-4946", + "https://www.cve.org/CVERecord?id=CVE-2026-32281" + ], + "PublishedDate": "2026-04-08T02:16:03.35Z", + "LastModifiedDate": "2026-04-16T19:15:57.75Z" + }, + { + "VulnerabilityID": "CVE-2026-32283", + "VendorIDs": [ + "GO-2026-4870" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:57f789a7ef3cc3a9ec99ea60e37954a2fbf1415806ff27af027305c7e9c72cb1", + "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", + "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32283", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763767", + "https://go.dev/issue/78334", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32283.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", + "https://pkg.go.dev/vuln/GO-2026-4870", + "https://www.cve.org/CVERecord?id=CVE-2026-32283" + ], + "PublishedDate": "2026-04-08T02:16:03.58Z", + "LastModifiedDate": "2026-04-16T19:12:10.54Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c83a22a6c0fa01fc1a2d45fd5c3aceacddde3d804d3d4f536305ccef4ce5f3fc", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4b65316f2ab62f785a6d682745647f07b0262424e118a11e854aeef0501513b2", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:0a734015251488443dc41f01af9bbb7d56d5a5a1435785a71685bf3564169243", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b270b536833726021101cc117dbddadde96c485b6d4d292be8737a85aaf00635", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:992fdd4fe78327be37a0ba3046c63b0f0318764569f134b0be8e5d792bc6630e", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2025-47912", + "VendorIDs": [ + "GO-2025-4010" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:be6327e2ecd1cb2181f3c276a884f8fca1ea72870b3aa3ba95ab523b93ed29dc", + "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", + "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-47912", + "https://go.dev/cl/709857", + "https://go.dev/issue/75678", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", + "https://pkg.go.dev/vuln/GO-2025-4010", + "https://www.cve.org/CVERecord?id=CVE-2025-47912" + ], + "PublishedDate": "2025-10-29T23:16:18.187Z", + "LastModifiedDate": "2026-01-29T13:57:18.69Z" + }, + { + "VulnerabilityID": "CVE-2025-58183", + "VendorIDs": [ + "GO-2025-4014" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:18d37ba49f6b9ea9719050ac0e91224b9cd12dbc81a513ad1d703ec235ac952f", + "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", + "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/errata/RHSA-2026:1381", + "https://access.redhat.com/security/cve/CVE-2025-58183", + "https://bugzilla.redhat.com/2407258", + "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", + "https://errata.almalinux.org/9/ALSA-2026-1381.html", + "https://errata.rockylinux.org/RLSA-2025:23326", + "https://go.dev/cl/709861", + "https://go.dev/issue/75677", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://linux.oracle.com/cve/CVE-2025-58183.html", + "https://linux.oracle.com/errata/ELSA-2026-50076.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", + "https://pkg.go.dev/vuln/GO-2025-4014", + "https://www.cve.org/CVERecord?id=CVE-2025-58183" + ], + "PublishedDate": "2025-10-29T23:16:19.357Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-58185", + "VendorIDs": [ + "GO-2025-4011" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:90c5ab3bea7bd55f4eb0f9c8e7dcafdc602a89be7368d6c4ac193f7106dc4190", + "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", + "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58185", + "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", + "https://go.dev/cl/709856", + "https://go.dev/issue/75671", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", + "https://pkg.go.dev/vuln/GO-2025-4011", + "https://www.cve.org/CVERecord?id=CVE-2025-58185" + ], + "PublishedDate": "2025-10-29T23:16:19.45Z", + "LastModifiedDate": "2026-02-06T20:26:41.997Z" + }, + { + "VulnerabilityID": "CVE-2025-58187", + "VendorIDs": [ + "GO-2025-4007" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.9, 1.25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c62d4c970201ba1f8a9ff70cb9d99f5dd7f7ef0ab9c199c1970d89fd347eab3f", + "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", + "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58187", + "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", + "https://go.dev/cl/709854", + "https://go.dev/issue/75681", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", + "https://pkg.go.dev/vuln/GO-2025-4007", + "https://www.cve.org/CVERecord?id=CVE-2025-58187" + ], + "PublishedDate": "2025-10-29T23:16:19.643Z", + "LastModifiedDate": "2026-01-29T16:02:27.08Z" + }, + { + "VulnerabilityID": "CVE-2025-58188", + "VendorIDs": [ + "GO-2025-4013" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b7ee51268c1fcbe1567984aa3586b66aa38de835b418b243cf256272dc4c51ec", + "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", + "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58188", + "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", + "https://go.dev/cl/709853", + "https://go.dev/issue/75675", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", + "https://pkg.go.dev/vuln/GO-2025-4013", + "https://www.cve.org/CVERecord?id=CVE-2025-58188" + ], + "PublishedDate": "2025-10-29T23:16:19.74Z", + "LastModifiedDate": "2026-01-29T15:55:11.97Z" + }, + { + "VulnerabilityID": "CVE-2025-58189", + "VendorIDs": [ + "GO-2025-4008" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:969934641d52a0e9a8b4a891a95bd71ebd2f8ece4418fb137d4e2b84c82b4c77", + "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", + "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-532" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58189", + "https://go.dev/cl/707776", + "https://go.dev/issue/75652", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", + "https://pkg.go.dev/vuln/GO-2025-4008", + "https://www.cve.org/CVERecord?id=CVE-2025-58189" + ], + "PublishedDate": "2025-10-29T23:16:19.833Z", + "LastModifiedDate": "2026-01-29T15:49:24.543Z" + }, + { + "VulnerabilityID": "CVE-2025-61723", + "VendorIDs": [ + "GO-2025-4009" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d3902dc9b21f547aa279dc6595ac054df58d0d06f0be0f32fa895504160787a8", + "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", + "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61723", + "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", + "https://go.dev/cl/709858", + "https://go.dev/issue/75676", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", + "https://pkg.go.dev/vuln/GO-2025-4009", + "https://www.cve.org/CVERecord?id=CVE-2025-61723" + ], + "PublishedDate": "2025-10-29T23:16:19.927Z", + "LastModifiedDate": "2026-01-29T15:49:05.343Z" + }, + { + "VulnerabilityID": "CVE-2025-61724", + "VendorIDs": [ + "GO-2025-4015" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9854bbab6f877b046810300593a328bc4752a1ac392b95777ebe7cbd746d828d", + "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", + "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61724", + "https://go.dev/cl/709859", + "https://go.dev/issue/75716", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", + "https://pkg.go.dev/vuln/GO-2025-4015", + "https://www.cve.org/CVERecord?id=CVE-2025-61724" + ], + "PublishedDate": "2025-10-29T23:16:20.02Z", + "LastModifiedDate": "2026-01-29T15:30:53.69Z" + }, + { + "VulnerabilityID": "CVE-2025-61725", + "VendorIDs": [ + "GO-2025-4006" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:dfb46408fbcd3a99ac73914348bdaf83c6d2079f5bc082a6bb9374635dd82194", + "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", + "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61725", + "https://go.dev/cl/709860", + "https://go.dev/issue/75680", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", + "https://pkg.go.dev/vuln/GO-2025-4006", + "https://www.cve.org/CVERecord?id=CVE-2025-61725" + ], + "PublishedDate": "2025-10-29T23:16:20.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61727", + "VendorIDs": [ + "GO-2025-4175" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:051d08ad2f8f05fb3ed2f678183d840ec2511a3e771f2ee0ced8193de996d99b", + "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", + "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61727", + "https://go.dev/cl/723900", + "https://go.dev/issue/76442", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", + "https://pkg.go.dev/vuln/GO-2025-4175", + "https://www.cve.org/CVERecord?id=CVE-2025-61727" + ], + "PublishedDate": "2025-12-03T20:16:25.607Z", + "LastModifiedDate": "2025-12-18T20:15:10.957Z" + }, + { + "VulnerabilityID": "CVE-2025-61728", + "VendorIDs": [ + "GO-2026-4342" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8812ad9d334261aa14772471fc4be50240bbf31557fe7d1bcc13704bfb42d653", + "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", + "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/15/4", + "https://access.redhat.com/errata/RHSA-2026:3753", + "https://access.redhat.com/security/cve/CVE-2025-61728", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434431", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3753.html", + "https://errata.rockylinux.org/RLSA-2026:3337", + "https://go.dev/cl/736713", + "https://go.dev/issue/77102", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61728.html", + "https://linux.oracle.com/errata/ELSA-2026-4672.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", + "https://pkg.go.dev/vuln/GO-2026-4342", + "https://www.cve.org/CVERecord?id=CVE-2025-61728" + ], + "PublishedDate": "2026-01-28T20:16:09.83Z", + "LastModifiedDate": "2026-02-06T18:45:10.42Z" + }, + { + "VulnerabilityID": "CVE-2025-61730", + "VendorIDs": [ + "GO-2026-4340" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6ebf3fecc1b12df7ae2ccdb19c4b97121ade2e5b65c8cb8b149efa5a62ba48ae", + "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", + "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "bitnami": 2, + "cbl-mariner": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61730", + "https://go.dev/cl/724120", + "https://go.dev/issue/76443", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", + "https://pkg.go.dev/vuln/GO-2026-4340", + "https://www.cve.org/CVERecord?id=CVE-2025-61730" + ], + "PublishedDate": "2026-01-28T20:16:09.94Z", + "LastModifiedDate": "2026-02-03T20:36:41.3Z" + }, + { + "VulnerabilityID": "CVE-2026-27142", + "VendorIDs": [ + "GO-2026-4603" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:617c46a38021042807e385dd5350a68fe52c0576c9f1d60349d70bb6d0ecd494", + "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", + "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27142", + "https://go.dev/cl/752081", + "https://go.dev/issue/77954", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", + "https://pkg.go.dev/vuln/GO-2026-4603", + "https://www.cve.org/CVERecord?id=CVE-2026-27142" + ], + "PublishedDate": "2026-03-06T22:16:01.177Z", + "LastModifiedDate": "2026-04-21T14:30:01.38Z" + }, + { + "VulnerabilityID": "CVE-2026-32282", + "VendorIDs": [ + "GO-2026-4864" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6519340c1fc86ac654a7ef1c0c521d0b0a7fa27f26698eef453c84b4ca473d1d", + "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", + "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32282", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763761", + "https://go.dev/issue/78293", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32282.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", + "https://pkg.go.dev/vuln/GO-2026-4864", + "https://www.cve.org/CVERecord?id=CVE-2026-32282" + ], + "PublishedDate": "2026-04-08T02:16:03.467Z", + "LastModifiedDate": "2026-04-16T19:15:39.4Z" + }, + { + "VulnerabilityID": "CVE-2026-32288", + "VendorIDs": [ + "GO-2026-4869" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e4616833540863ba2256ba93323b8ee39da01429fd45efc9181970e7991c7b5a", + "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", + "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32288", + "https://go.dev/cl/763766", + "https://go.dev/issue/78301", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", + "https://pkg.go.dev/vuln/GO-2026-4869", + "https://www.cve.org/CVERecord?id=CVE-2026-32288" + ], + "PublishedDate": "2026-04-08T02:16:03.707Z", + "LastModifiedDate": "2026-04-16T19:08:52.24Z" + }, + { + "VulnerabilityID": "CVE-2026-32289", + "VendorIDs": [ + "GO-2026-4865" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:593f57c2b78c3796838c5cd6f1d4751a7fb344b20a72055927f7c234d3c01391", + "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", + "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32289", + "https://go.dev/cl/763762", + "https://go.dev/issue/78331", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", + "https://pkg.go.dev/vuln/GO-2026-4865", + "https://www.cve.org/CVERecord?id=CVE-2026-32289" + ], + "PublishedDate": "2026-04-08T02:16:03.82Z", + "LastModifiedDate": "2026-04-16T19:06:57.367Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b50b9bc45f2ae211287d5b484929cfed7c7ac6d5392294b73d233493bc76ab80", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6749a231f3169ff21a4090f2fc070c86a962f43218f183607d2f0bdeaa91919e", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "b45deeac0c620822" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b01122cd00c7cc3cec247d5ed01e60dfdfc76191e74303a154490e2f4591c1d2", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + }, + { + "Target": "usr/local/bin/regex2json", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "gitlab.com/tozd/regex2json@v0.13.0", + "Name": "gitlab.com/tozd/regex2json", + "Identifier": { + "PURL": "pkg:golang/gitlab.com/tozd/regex2json@v0.13.0", + "UID": "670c77a77032cae" + }, + "Version": "v0.13.0", + "Relationship": "root", + "DependsOn": [ + "github.com/tkuchiki/go-timezone@v0.2.2", + "stdlib@v1.25.1" + ], + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "stdlib@v1.25.1", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "Version": "v1.25.1", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/tkuchiki/go-timezone@v0.2.2", + "Name": "github.com/tkuchiki/go-timezone", + "Identifier": { + "PURL": "pkg:golang/github.com/tkuchiki/go-timezone@v0.2.2", + "UID": "45f1707a4bf46485" + }, + "Version": "v0.2.2", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2025-68121", + "VendorIDs": [ + "GO-2026-4337" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:058174fa3fd8a32f6cd1e57e27f57270a8e24080209e6dab95bf369e80e4af1f", + "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", + "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 4, + "cbl-mariner": 2, + "nvd": 4, + "oracle-oval": 3, + "photon": 4, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-68121", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://github.com/golang/go/issues/77113", + "https://go.dev/cl/737700", + "https://go.dev/issue/77217", + "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-68121.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", + "https://pkg.go.dev/vuln/GO-2026-4337", + "https://www.cve.org/CVERecord?id=CVE-2025-68121" + ], + "PublishedDate": "2026-02-05T18:16:10.857Z", + "LastModifiedDate": "2026-04-29T14:16:16.17Z" + }, + { + "VulnerabilityID": "CVE-2025-61726", + "VendorIDs": [ + "GO-2026-4341" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1c59a6b8e80f3789d78824de8c0909edd42db53e24663a2221afab92fce3ce49", + "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", + "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 3, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-61726", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://go.dev/cl/736712", + "https://go.dev/issue/77101", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61726.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", + "https://pkg.go.dev/vuln/GO-2026-4341", + "https://www.cve.org/CVERecord?id=CVE-2025-61726" + ], + "PublishedDate": "2026-01-28T20:16:09.713Z", + "LastModifiedDate": "2026-02-06T18:47:34.52Z" + }, + { + "VulnerabilityID": "CVE-2025-61729", + "VendorIDs": [ + "GO-2025-4155" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:fe700490d3ffea3ec016e141c00daaeecb3ab03ccbff3dd269dc724c62d496bc", + "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", + "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 1, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3928", + "https://access.redhat.com/security/cve/CVE-2025-61729", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3928.html", + "https://errata.rockylinux.org/RLSA-2026:3928", + "https://go.dev/cl/725920", + "https://go.dev/issue/76445", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://linux.oracle.com/cve/CVE-2025-61729.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", + "https://pkg.go.dev/vuln/GO-2025-4155", + "https://www.cve.org/CVERecord?id=CVE-2025-61729" + ], + "PublishedDate": "2025-12-02T19:15:51.447Z", + "LastModifiedDate": "2025-12-19T18:25:28.283Z" + }, + { + "VulnerabilityID": "CVE-2026-25679", + "VendorIDs": [ + "GO-2026-4601" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3d4388af11d3d9a683d385dc396c0c2a6edaba2d3428a0af98c208f01804f4f3", + "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", + "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-425" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9044", + "https://access.redhat.com/security/cve/CVE-2026-25679", + "https://bugzilla.redhat.com/2445356", + "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", + "https://errata.almalinux.org/9/ALSA-2026-9044.html", + "https://errata.rockylinux.org/RLSA-2026:8841", + "https://go.dev/cl/752180", + "https://go.dev/issue/77578", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://linux.oracle.com/cve/CVE-2026-25679.html", + "https://linux.oracle.com/errata/ELSA-2026-9044.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", + "https://pkg.go.dev/vuln/GO-2026-4601", + "https://www.cve.org/CVERecord?id=CVE-2026-25679" + ], + "PublishedDate": "2026-03-06T22:16:00.72Z", + "LastModifiedDate": "2026-04-21T14:43:03.8Z" + }, + { + "VulnerabilityID": "CVE-2026-32280", + "VendorIDs": [ + "GO-2026-4947" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e0dc6d89d91e643434daace63def949b27d5558ebe723fae92538627150aad7f", + "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", + "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32280", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/758320", + "https://go.dev/issue/78282", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32280.html", + "https://linux.oracle.com/errata/ELSA-2026-16875.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", + "https://pkg.go.dev/vuln/GO-2026-4947", + "https://www.cve.org/CVERecord?id=CVE-2026-32280" + ], + "PublishedDate": "2026-04-08T02:16:03.247Z", + "LastModifiedDate": "2026-04-16T19:16:42.18Z" + }, + { + "VulnerabilityID": "CVE-2026-32281", + "VendorIDs": [ + "GO-2026-4946" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d54574bcdfbd8d2f0b6648741480f8931045dc8ade18cf4bd76839c963bfd12d", + "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", + "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32281", + "https://go.dev/cl/758061", + "https://go.dev/issue/78281", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", + "https://pkg.go.dev/vuln/GO-2026-4946", + "https://www.cve.org/CVERecord?id=CVE-2026-32281" + ], + "PublishedDate": "2026-04-08T02:16:03.35Z", + "LastModifiedDate": "2026-04-16T19:15:57.75Z" + }, + { + "VulnerabilityID": "CVE-2026-32283", + "VendorIDs": [ + "GO-2026-4870" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d7172ced8be4f55e99cc8b08811906d0fd4e3b8f51a3cedbd41158b1d3412f62", + "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", + "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32283", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763767", + "https://go.dev/issue/78334", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32283.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", + "https://pkg.go.dev/vuln/GO-2026-4870", + "https://www.cve.org/CVERecord?id=CVE-2026-32283" + ], + "PublishedDate": "2026-04-08T02:16:03.58Z", + "LastModifiedDate": "2026-04-16T19:12:10.54Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:de70fe8aa298b85b4251bd79b6b8e586ce8b34a883bf7b6eb313c8d413869b91", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8d8e5b12dfa85cb1e885f52282b951c8655b5c1ab5cd6537886fb0d43680600f", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:010cf0f6ccc5d62be6547124b629da7c2efc4f9a25fe02a37a58d47983797742", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1c2a96742478cb42a91b2ead788b8c43110d6476c2d6e637cd2955d6356f375c", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e38bdc371c250c8ffcad3e75d6c74e827ffce6899abee65f4b25ea2d7ca31ea8", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2025-47912", + "VendorIDs": [ + "GO-2025-4010" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:df3afdf4e660d934ff184fe6133ff44b228d6e72fede42f6f37b928e14155546", + "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", + "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-47912", + "https://go.dev/cl/709857", + "https://go.dev/issue/75678", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", + "https://pkg.go.dev/vuln/GO-2025-4010", + "https://www.cve.org/CVERecord?id=CVE-2025-47912" + ], + "PublishedDate": "2025-10-29T23:16:18.187Z", + "LastModifiedDate": "2026-01-29T13:57:18.69Z" + }, + { + "VulnerabilityID": "CVE-2025-58183", + "VendorIDs": [ + "GO-2025-4014" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b6b1ed967a407961f41840d3bff4727c08b4fee35a0d5ea40caeb30569378004", + "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", + "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/errata/RHSA-2026:1381", + "https://access.redhat.com/security/cve/CVE-2025-58183", + "https://bugzilla.redhat.com/2407258", + "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", + "https://errata.almalinux.org/9/ALSA-2026-1381.html", + "https://errata.rockylinux.org/RLSA-2025:23326", + "https://go.dev/cl/709861", + "https://go.dev/issue/75677", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://linux.oracle.com/cve/CVE-2025-58183.html", + "https://linux.oracle.com/errata/ELSA-2026-50076.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", + "https://pkg.go.dev/vuln/GO-2025-4014", + "https://www.cve.org/CVERecord?id=CVE-2025-58183" + ], + "PublishedDate": "2025-10-29T23:16:19.357Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-58185", + "VendorIDs": [ + "GO-2025-4011" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:53e84971361109869b5709eddbf10a02abe5553a80d710730114ffa39e8ac436", + "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", + "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58185", + "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", + "https://go.dev/cl/709856", + "https://go.dev/issue/75671", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", + "https://pkg.go.dev/vuln/GO-2025-4011", + "https://www.cve.org/CVERecord?id=CVE-2025-58185" + ], + "PublishedDate": "2025-10-29T23:16:19.45Z", + "LastModifiedDate": "2026-02-06T20:26:41.997Z" + }, + { + "VulnerabilityID": "CVE-2025-58187", + "VendorIDs": [ + "GO-2025-4007" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.9, 1.25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:73d1a5af2436fde4b3ad0cdb3b46fbeaf50780a11ce9b21abd2244002d7f2271", + "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", + "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58187", + "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", + "https://go.dev/cl/709854", + "https://go.dev/issue/75681", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", + "https://pkg.go.dev/vuln/GO-2025-4007", + "https://www.cve.org/CVERecord?id=CVE-2025-58187" + ], + "PublishedDate": "2025-10-29T23:16:19.643Z", + "LastModifiedDate": "2026-01-29T16:02:27.08Z" + }, + { + "VulnerabilityID": "CVE-2025-58188", + "VendorIDs": [ + "GO-2025-4013" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6a60b44da3702827291d80a29cd7729a03af4387281f381e58d8ed737306906a", + "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", + "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58188", + "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", + "https://go.dev/cl/709853", + "https://go.dev/issue/75675", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", + "https://pkg.go.dev/vuln/GO-2025-4013", + "https://www.cve.org/CVERecord?id=CVE-2025-58188" + ], + "PublishedDate": "2025-10-29T23:16:19.74Z", + "LastModifiedDate": "2026-01-29T15:55:11.97Z" + }, + { + "VulnerabilityID": "CVE-2025-58189", + "VendorIDs": [ + "GO-2025-4008" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:caed1b87040bed34f42256edd21b1f21fc2ee9678db878351b7c5d95b52e134a", + "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", + "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-532" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58189", + "https://go.dev/cl/707776", + "https://go.dev/issue/75652", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", + "https://pkg.go.dev/vuln/GO-2025-4008", + "https://www.cve.org/CVERecord?id=CVE-2025-58189" + ], + "PublishedDate": "2025-10-29T23:16:19.833Z", + "LastModifiedDate": "2026-01-29T15:49:24.543Z" + }, + { + "VulnerabilityID": "CVE-2025-61723", + "VendorIDs": [ + "GO-2025-4009" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3189fdeda248c7aca38d8e43ad9e257223f22df67f4cbe26135c001020193f25", + "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", + "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61723", + "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", + "https://go.dev/cl/709858", + "https://go.dev/issue/75676", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", + "https://pkg.go.dev/vuln/GO-2025-4009", + "https://www.cve.org/CVERecord?id=CVE-2025-61723" + ], + "PublishedDate": "2025-10-29T23:16:19.927Z", + "LastModifiedDate": "2026-01-29T15:49:05.343Z" + }, + { + "VulnerabilityID": "CVE-2025-61724", + "VendorIDs": [ + "GO-2025-4015" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9c2bc29862494fc5399a80916061780452d3d437c42b33ddc855b2da115654c1", + "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", + "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61724", + "https://go.dev/cl/709859", + "https://go.dev/issue/75716", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", + "https://pkg.go.dev/vuln/GO-2025-4015", + "https://www.cve.org/CVERecord?id=CVE-2025-61724" + ], + "PublishedDate": "2025-10-29T23:16:20.02Z", + "LastModifiedDate": "2026-01-29T15:30:53.69Z" + }, + { + "VulnerabilityID": "CVE-2025-61725", + "VendorIDs": [ + "GO-2025-4006" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ff7ea82e91fc0af78950555dbb0789b4bffa652d04dbe8d696f60c122a75c9f6", + "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", + "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61725", + "https://go.dev/cl/709860", + "https://go.dev/issue/75680", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", + "https://pkg.go.dev/vuln/GO-2025-4006", + "https://www.cve.org/CVERecord?id=CVE-2025-61725" + ], + "PublishedDate": "2025-10-29T23:16:20.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61727", + "VendorIDs": [ + "GO-2025-4175" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d003e147c7ce8739b68bde99f3ebe8dfe321e5d07e5fc6d52d3451fcd72f53e8", + "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", + "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61727", + "https://go.dev/cl/723900", + "https://go.dev/issue/76442", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", + "https://pkg.go.dev/vuln/GO-2025-4175", + "https://www.cve.org/CVERecord?id=CVE-2025-61727" + ], + "PublishedDate": "2025-12-03T20:16:25.607Z", + "LastModifiedDate": "2025-12-18T20:15:10.957Z" + }, + { + "VulnerabilityID": "CVE-2025-61728", + "VendorIDs": [ + "GO-2026-4342" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:08063223e872e02a4588580462494aeaf69e8859b9ef7a3b78ca622976a1c1e0", + "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", + "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/15/4", + "https://access.redhat.com/errata/RHSA-2026:3753", + "https://access.redhat.com/security/cve/CVE-2025-61728", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434431", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3753.html", + "https://errata.rockylinux.org/RLSA-2026:3337", + "https://go.dev/cl/736713", + "https://go.dev/issue/77102", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61728.html", + "https://linux.oracle.com/errata/ELSA-2026-4672.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", + "https://pkg.go.dev/vuln/GO-2026-4342", + "https://www.cve.org/CVERecord?id=CVE-2025-61728" + ], + "PublishedDate": "2026-01-28T20:16:09.83Z", + "LastModifiedDate": "2026-02-06T18:45:10.42Z" + }, + { + "VulnerabilityID": "CVE-2025-61730", + "VendorIDs": [ + "GO-2026-4340" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a3a8f651464fff19fef41c3a6e96e0c3aa4d53be322a217b36b4236b820505fb", + "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", + "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "bitnami": 2, + "cbl-mariner": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61730", + "https://go.dev/cl/724120", + "https://go.dev/issue/76443", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", + "https://pkg.go.dev/vuln/GO-2026-4340", + "https://www.cve.org/CVERecord?id=CVE-2025-61730" + ], + "PublishedDate": "2026-01-28T20:16:09.94Z", + "LastModifiedDate": "2026-02-03T20:36:41.3Z" + }, + { + "VulnerabilityID": "CVE-2026-27142", + "VendorIDs": [ + "GO-2026-4603" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a0af01d15929746ff55c5dbf586eeaa41a7034d79e207a0d9a50e8b9a581214c", + "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", + "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27142", + "https://go.dev/cl/752081", + "https://go.dev/issue/77954", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", + "https://pkg.go.dev/vuln/GO-2026-4603", + "https://www.cve.org/CVERecord?id=CVE-2026-27142" + ], + "PublishedDate": "2026-03-06T22:16:01.177Z", + "LastModifiedDate": "2026-04-21T14:30:01.38Z" + }, + { + "VulnerabilityID": "CVE-2026-32282", + "VendorIDs": [ + "GO-2026-4864" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:67b30ed62333bca3f32051d2deff781695fcbb961145de13315d5abed9ffae6c", + "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", + "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32282", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763761", + "https://go.dev/issue/78293", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32282.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", + "https://pkg.go.dev/vuln/GO-2026-4864", + "https://www.cve.org/CVERecord?id=CVE-2026-32282" + ], + "PublishedDate": "2026-04-08T02:16:03.467Z", + "LastModifiedDate": "2026-04-16T19:15:39.4Z" + }, + { + "VulnerabilityID": "CVE-2026-32288", + "VendorIDs": [ + "GO-2026-4869" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1e9f0ee733147da151806623a8100b0ee112a0c6c4b10008e7c5ba01fd4558fa", + "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", + "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32288", + "https://go.dev/cl/763766", + "https://go.dev/issue/78301", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", + "https://pkg.go.dev/vuln/GO-2026-4869", + "https://www.cve.org/CVERecord?id=CVE-2026-32288" + ], + "PublishedDate": "2026-04-08T02:16:03.707Z", + "LastModifiedDate": "2026-04-16T19:08:52.24Z" + }, + { + "VulnerabilityID": "CVE-2026-32289", + "VendorIDs": [ + "GO-2026-4865" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2ec298549723c57fcd158242a208c1bd5dc850ebc78e1c5d57e0a4074c8e03e5", + "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", + "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32289", + "https://go.dev/cl/763762", + "https://go.dev/issue/78331", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", + "https://pkg.go.dev/vuln/GO-2026-4865", + "https://www.cve.org/CVERecord?id=CVE-2026-32289" + ], + "PublishedDate": "2026-04-08T02:16:03.82Z", + "LastModifiedDate": "2026-04-16T19:06:57.367Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8e52f3db56239fe9ff1c8b42f1f5bbf674cbb23988ccf7ad389f3900f687090d", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:84a119efe6daedab768b6d98cf4eb3627cf71e242d65772ee47f840ab6ebead0", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.25.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.1", + "UID": "fe93f0d92b4d245e" + }, + "InstalledVersion": "v1.25.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", + "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b5f7df0819d0c50c26907c4c60215cf67416554b25889b851882793bd284401f", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + } + ] + }, + { + "Namespace": "mail", + "Kind": "Deployment", + "Name": "postfix", + "Metadata": [ + { + "Size": 58672128, + "OS": { + "Family": "wolfi", + "Name": "20230201" + }, + "ImageID": "sha256:b9b56018bd9e4f7496c6f35b0918448626dc1a894abaf6bb1d4cf91150bd56a4", + "DiffIDs": [ + "sha256:3a9803177bb563195998847cce18c838b99873e634c902f385e042d5228df4d7", + "sha256:f11fd671e779cce250907410910e28992aa53539ab2a0975ac56dade8038383c", + "sha256:7505965c2d8eb899a7de523a3351dc5636845c24cf50a7df9fcff870d2048e1c", + "sha256:6dc90485e72e44afeb1ecab592900e898164c016d33125161b308c8bcfa53cf9", + "sha256:caaccf89b8660b925e0e0266ffdc4f3e3cc7e98e121742c233f199ec167a4920", + "sha256:70991d5976e247cb33ca1923edd3f609e6c23f527dbe62b838d6a03c0bca6453", + "sha256:850730726263ef9170056c45983eebcbb4c22014c78b7d72032085fa3762def1", + "sha256:90cfe0bd8cd693b2ee91b94108fc47f023d82edc00e57352ab6635d827b33505", + "sha256:711f72ded0c5f10478ebf93fdd6d6a47ac484a232ef709c52e67315d4af006d9", + "sha256:fa008b9e9566cccb0022385799dfad042fce8d00164bbce9b0780c0d48189a94", + "sha256:c04a63708d2b0452b3e995ea00fc60f254d7fc35f8ffdbfcf0cb3b997369610e" + ], + "RepoTags": [ + "chainguard/stunnel:latest" + ], + "RepoDigests": [ + "chainguard/stunnel@sha256:5beda2fa6c5a3d36be2a650ef1233ab244aee71efe07c73e4495f82bb34cecd8" + ], + "Reference": "chainguard/stunnel:latest", + "ImageConfig": { + "architecture": "amd64", + "author": "github.com/chainguard-dev/apko", + "created": "2026-05-20T02:17:13Z", + "history": [ + { + "author": "apko", + "created": "2026-05-20T02:17:13Z", + "created_by": "apko", + "comment": "stunnel by Chainguard" + }, + { + "author": "apko", + "created": "2026-05-20T02:17:13Z", + "created_by": "apko", + "comment": "stunnel by Chainguard" + }, + { + "author": "apko", + "created": "2026-05-20T02:17:13Z", + "created_by": "apko", + "comment": "stunnel by Chainguard" + }, + { + "author": "apko", + "created": "2026-05-20T02:17:13Z", + "created_by": "apko", + "comment": "stunnel by Chainguard" + }, + { + "author": "apko", + "created": "2026-05-20T02:17:13Z", + "created_by": "apko", + "comment": "stunnel by Chainguard" + }, + { + "author": "apko", + "created": "2026-05-20T02:17:13Z", + "created_by": "apko", + "comment": "stunnel by Chainguard" + }, + { + "author": "apko", + "created": "2026-05-20T02:17:13Z", + "created_by": "apko", + "comment": "stunnel by Chainguard" + }, + { + "author": "apko", + "created": "2026-05-20T02:17:13Z", + "created_by": "apko", + "comment": "stunnel by Chainguard" + }, + { + "author": "apko", + "created": "2026-05-20T02:17:13Z", + "created_by": "apko", + "comment": "stunnel by Chainguard" + }, + { + "author": "apko", + "created": "2026-05-20T02:17:13Z", + "created_by": "apko", + "comment": "stunnel by Chainguard" + }, + { + "author": "apko", + "created": "2026-05-20T02:17:13Z", + "created_by": "apko", + "comment": "stunnel by Chainguard" + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:3a9803177bb563195998847cce18c838b99873e634c902f385e042d5228df4d7", + "sha256:f11fd671e779cce250907410910e28992aa53539ab2a0975ac56dade8038383c", + "sha256:7505965c2d8eb899a7de523a3351dc5636845c24cf50a7df9fcff870d2048e1c", + "sha256:6dc90485e72e44afeb1ecab592900e898164c016d33125161b308c8bcfa53cf9", + "sha256:caaccf89b8660b925e0e0266ffdc4f3e3cc7e98e121742c233f199ec167a4920", + "sha256:70991d5976e247cb33ca1923edd3f609e6c23f527dbe62b838d6a03c0bca6453", + "sha256:850730726263ef9170056c45983eebcbb4c22014c78b7d72032085fa3762def1", + "sha256:90cfe0bd8cd693b2ee91b94108fc47f023d82edc00e57352ab6635d827b33505", + "sha256:711f72ded0c5f10478ebf93fdd6d6a47ac484a232ef709c52e67315d4af006d9", + "sha256:fa008b9e9566cccb0022385799dfad042fce8d00164bbce9b0780c0d48189a94", + "sha256:c04a63708d2b0452b3e995ea00fc60f254d7fc35f8ffdbfcf0cb3b997369610e" + ] + }, + "config": { + "Cmd": [ + "-help" + ], + "Entrypoint": [ + "/usr/bin/stunnel" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin", + "SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt" + ], + "Labels": { + "dev.chainguard.image.title": "stunnel", + "dev.chainguard.package.main": "", + "org.opencontainers.image.authors": "Chainguard Team https://www.chainguard.dev/", + "org.opencontainers.image.created": "2026-05-20T02:17:13Z", + "org.opencontainers.image.source": "https://github.com/chainguard-images/images/tree/main/images/stunnel", + "org.opencontainers.image.title": "stunnel", + "org.opencontainers.image.url": "https://images.chainguard.dev/directory/image/stunnel/overview", + "org.opencontainers.image.vendor": "Chainguard" + }, + "User": "65532" + } + }, + "Layers": [ + { + "Size": 42873344, + "Digest": "sha256:bbf145ce746720e770db2198f415ca26e343d5d7a94ec0c90bf590e09ed0646d", + "DiffID": "sha256:3a9803177bb563195998847cce18c838b99873e634c902f385e042d5228df4d7" + }, + { + "Size": 7198720, + "Digest": "sha256:a5bfa7101982291c5462599e1eb8bc10b735e11d87315dc410d32701854a8df1", + "DiffID": "sha256:f11fd671e779cce250907410910e28992aa53539ab2a0975ac56dade8038383c" + }, + { + "Size": 6977536, + "Digest": "sha256:860e1c8a11b7b2efc375891fded78cd87961dafe0801554372faaf6e517622ff", + "DiffID": "sha256:7505965c2d8eb899a7de523a3351dc5636845c24cf50a7df9fcff870d2048e1c" + }, + { + "Size": 323072, + "Digest": "sha256:3dcb254820f5eabdf1fc2319a73184c051cbc56d72886c40e6cd0b43033579c7", + "DiffID": "sha256:6dc90485e72e44afeb1ecab592900e898164c016d33125161b308c8bcfa53cf9" + }, + { + "Size": 238592, + "Digest": "sha256:9201e51fe8c1f99c6602ba89bc6cbd3895501936ba9f62f705bb8f150d9bbace", + "DiffID": "sha256:caaccf89b8660b925e0e0266ffdc4f3e3cc7e98e121742c233f199ec167a4920" + }, + { + "Size": 227840, + "Digest": "sha256:7c6e71c1fdfdf429844e25aad86441920641c0ba46466bc1d043556bfb81b24e", + "DiffID": "sha256:70991d5976e247cb33ca1923edd3f609e6c23f527dbe62b838d6a03c0bca6453" + }, + { + "Size": 217088, + "Digest": "sha256:4b14fbe9f208e0e4db31fa1d0355d3a4f3be73e3cf4b7842a7b391de62ea1768", + "DiffID": "sha256:850730726263ef9170056c45983eebcbb4c22014c78b7d72032085fa3762def1" + }, + { + "Size": 127488, + "Digest": "sha256:8d99fd8fea9c370971ba3ab2ab453586d6a437c40211fea16fdb1445d876e907", + "DiffID": "sha256:90cfe0bd8cd693b2ee91b94108fc47f023d82edc00e57352ab6635d827b33505" + }, + { + "Size": 64000, + "Digest": "sha256:57ba55784e2887043227b53d1ee2788722aae8a9c66b20723e1dfb801c8ce471", + "DiffID": "sha256:711f72ded0c5f10478ebf93fdd6d6a47ac484a232ef709c52e67315d4af006d9" + }, + { + "Size": 104960, + "Digest": "sha256:858f3967e60f4e2f68ad413de098383c0a420717d554a9e1523cab3e56898c94", + "DiffID": "sha256:fa008b9e9566cccb0022385799dfad042fce8d00164bbce9b0780c0d48189a94" + }, + { + "Size": 319488, + "Digest": "sha256:79549e660a703a8194c255340b9d1a4e141878979b2ca318ee0170bbea41671c", + "DiffID": "sha256:c04a63708d2b0452b3e995ea00fc60f254d7fc35f8ffdbfcf0cb3b997369610e" + } + ] + } + ], + "Results": [ + { + "Target": "chainguard/stunnel:latest (wolfi 20230201)", + "Class": "os-pkgs", + "Type": "wolfi", + "Packages": [ + { + "ID": "ca-certificates-bundle@20260413-r0", + "Name": "ca-certificates-bundle", + "Identifier": { + "PURL": "pkg:apk/wolfi/ca-certificates-bundle@20260413-r0?arch=x86_64\u0026distro=20230201", + "UID": "ebab806008154318" + }, + "Version": "20260413-r0", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20260413-r0", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "wolfi", + "DependsOn": [ + "wolfi-baselayout@20230201-r29" + ], + "Layer": { + "Digest": "sha256:9201e51fe8c1f99c6602ba89bc6cbd3895501936ba9f62f705bb8f150d9bbace", + "DiffID": "sha256:caaccf89b8660b925e0e0266ffdc4f3e3cc7e98e121742c233f199ec167a4920" + }, + "Digest": "sha1:2b209d10bdb420a13e07b0ca5bdec62d7bb640b3", + "InstalledFiles": [ + "etc/pki/tls/certs/ca-bundle.crt", + "etc/ssl/cert.pem", + "etc/ssl/certs/ca-bundle.crt", + "etc/ssl/certs/ca-certificates.crt", + "var/lib/db/sbom/ca-certificates-bundle-20260413-r0.spdx.json" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "glibc@2.43-r7", + "Name": "glibc", + "Identifier": { + "PURL": "pkg:apk/wolfi/glibc@2.43-r7?arch=x86_64\u0026distro=20230201", + "UID": "1a1b90bec1861696" + }, + "Version": "2.43-r7", + "Arch": "x86_64", + "SrcName": "glibc", + "SrcVersion": "2.43-r7", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "wolfi", + "DependsOn": [ + "glibc-locale-posix@2.43-r7", + "ld-linux@2.43-r7", + "libgcc@16.1.0-r1", + "wolfi-baselayout@20230201-r29" + ], + "Layer": { + "Digest": "sha256:860e1c8a11b7b2efc375891fded78cd87961dafe0801554372faaf6e517622ff", + "DiffID": "sha256:7505965c2d8eb899a7de523a3351dc5636845c24cf50a7df9fcff870d2048e1c" + }, + "Digest": "sha1:f0cc592d1ea3041b220dc81ec639e26cf4f3e66b", + "InstalledFiles": [ + "etc/rpc", + "etc/apk/commit_hooks.d/ldconfig-commit.sh", + "usr/bin/ld.so", + "usr/bin/ldconfig", + "usr/lib/libBrokenLocale.so.1", + "usr/lib/libanl.so.1", + "usr/lib/libc.so.6", + "usr/lib/libc_malloc_debug.so.0", + "usr/lib/libdl.so.2", + "usr/lib/libm.so.6", + "usr/lib/libmemusage.so", + "usr/lib/libmvec.so.1", + "usr/lib/libnsl.so.1", + "usr/lib/libnss_compat.so.2", + "usr/lib/libnss_dns.so.2", + "usr/lib/libnss_files.so.2", + "usr/lib/libpthread.so.0", + "usr/lib/libresolv.so.2", + "usr/lib/librt.so.1", + "usr/lib/libthread_db.so.1", + "usr/lib/libutil.so.1", + "var/lib/db/sbom/glibc-2.43-r7.spdx.json" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "glibc-locale-posix@2.43-r7", + "Name": "glibc-locale-posix", + "Identifier": { + "PURL": "pkg:apk/wolfi/glibc-locale-posix@2.43-r7?arch=x86_64\u0026distro=20230201", + "UID": "d44b25bb62d865d3" + }, + "Version": "2.43-r7", + "Arch": "x86_64", + "SrcName": "glibc", + "SrcVersion": "2.43-r7", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "wolfi", + "DependsOn": [ + "wolfi-baselayout@20230201-r29" + ], + "Layer": { + "Digest": "sha256:860e1c8a11b7b2efc375891fded78cd87961dafe0801554372faaf6e517622ff", + "DiffID": "sha256:7505965c2d8eb899a7de523a3351dc5636845c24cf50a7df9fcff870d2048e1c" + }, + "Digest": "sha1:0b8977ea1b9fd95bee784b9f7f1a975431088f73", + "InstalledFiles": [ + "usr/lib/locale/C.utf8/LC_ADDRESS", + "usr/lib/locale/C.utf8/LC_COLLATE", + "usr/lib/locale/C.utf8/LC_CTYPE", + "usr/lib/locale/C.utf8/LC_IDENTIFICATION", + "usr/lib/locale/C.utf8/LC_MEASUREMENT", + "usr/lib/locale/C.utf8/LC_MONETARY", + "usr/lib/locale/C.utf8/LC_NAME", + "usr/lib/locale/C.utf8/LC_NUMERIC", + "usr/lib/locale/C.utf8/LC_PAPER", + "usr/lib/locale/C.utf8/LC_TELEPHONE", + "usr/lib/locale/C.utf8/LC_TIME", + "usr/lib/locale/C.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "var/lib/db/sbom/glibc-locale-posix-2.43-r7.spdx.json" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ld-linux@2.43-r7", + "Name": "ld-linux", + "Identifier": { + "PURL": "pkg:apk/wolfi/ld-linux@2.43-r7?arch=x86_64\u0026distro=20230201", + "UID": "7678e2c8b3007292" + }, + "Version": "2.43-r7", + "Arch": "x86_64", + "SrcName": "glibc", + "SrcVersion": "2.43-r7", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "wolfi", + "DependsOn": [ + "glibc@2.43-r7", + "wolfi-baselayout@20230201-r29" + ], + "Layer": { + "Digest": "sha256:860e1c8a11b7b2efc375891fded78cd87961dafe0801554372faaf6e517622ff", + "DiffID": "sha256:7505965c2d8eb899a7de523a3351dc5636845c24cf50a7df9fcff870d2048e1c" + }, + "Digest": "sha1:eda542ec0f919bdfefc4d391cbd66a6a0089a3c0", + "InstalledFiles": [ + "etc/ld.so.conf", + "etc/ld.so.conf.d/libc.conf", + "usr/lib/ld-linux-x86-64.so.2", + "var/lib/db/sbom/ld-linux-2.43-r7.spdx.json" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libbz2-1@1.0.8-r23", + "Name": "libbz2-1", + "Identifier": { + "PURL": "pkg:apk/wolfi/libbz2-1@1.0.8-r23?arch=x86_64\u0026distro=20230201", + "UID": "baf39df966852f25" + }, + "Version": "1.0.8-r23", + "Arch": "x86_64", + "SrcName": "bzip2", + "SrcVersion": "1.0.8-r23", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "wolfi", + "DependsOn": [ + "glibc@2.43-r7" + ], + "Layer": { + "Digest": "sha256:858f3967e60f4e2f68ad413de098383c0a420717d554a9e1523cab3e56898c94", + "DiffID": "sha256:fa008b9e9566cccb0022385799dfad042fce8d00164bbce9b0780c0d48189a94" + }, + "Digest": "sha1:7fc1bbc3ec68d43ae5212efbc33827d139624ada", + "InstalledFiles": [ + "usr/lib/libbz2.so.1", + "usr/lib/libbz2.so.1.0", + "usr/lib/libbz2.so.1.0.8", + "var/lib/db/sbom/libbz2-1-1.0.8-r23.spdx.json" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcrypt1@2.43-r7", + "Name": "libcrypt1", + "Identifier": { + "PURL": "pkg:apk/wolfi/libcrypt1@2.43-r7?arch=x86_64\u0026distro=20230201", + "UID": "b34138e20d9fb87a" + }, + "Version": "2.43-r7", + "Arch": "x86_64", + "SrcName": "glibc", + "SrcVersion": "2.43-r7", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "wolfi", + "DependsOn": [ + "glibc@2.43-r7", + "libxcrypt@4.5.2-r2", + "wolfi-baselayout@20230201-r29" + ], + "Layer": { + "Digest": "sha256:860e1c8a11b7b2efc375891fded78cd87961dafe0801554372faaf6e517622ff", + "DiffID": "sha256:7505965c2d8eb899a7de523a3351dc5636845c24cf50a7df9fcff870d2048e1c" + }, + "Digest": "sha1:2b0791fc2ee61b9771eae9c7323d1aa77a4ded74", + "InstalledFiles": [ + "var/lib/db/sbom/libcrypt1-2.43-r7.spdx.json" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcrypto3@3.6.2-r5", + "Name": "libcrypto3", + "Identifier": { + "PURL": "pkg:apk/wolfi/libcrypto3@3.6.2-r5?arch=x86_64\u0026distro=20230201", + "UID": "a046278abe6b9ef0" + }, + "Version": "3.6.2-r5", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.6.2-r5", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "wolfi", + "DependsOn": [ + "glibc@2.43-r7" + ], + "Layer": { + "Digest": "sha256:a5bfa7101982291c5462599e1eb8bc10b735e11d87315dc410d32701854a8df1", + "DiffID": "sha256:f11fd671e779cce250907410910e28992aa53539ab2a0975ac56dade8038383c" + }, + "Digest": "sha1:aaa5fa034519fdcd141796d11b7b398a4c779f24", + "InstalledFiles": [ + "etc/ssl/ca.cnf", + "usr/lib/libcrypto.so.3", + "var/lib/db/sbom/libcrypto3-3.6.2-r5.spdx.json" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libgcc@16.1.0-r1", + "Name": "libgcc", + "Identifier": { + "PURL": "pkg:apk/wolfi/libgcc@16.1.0-r1?arch=x86_64\u0026distro=20230201", + "UID": "c62104aba8c6673f" + }, + "Version": "16.1.0-r1", + "Arch": "x86_64", + "SrcName": "gcc", + "SrcVersion": "16.1.0-r1", + "Licenses": [ + "GPL-3.0-or-later WITH GCC-exception-3.1" + ], + "Maintainer": "wolfi", + "DependsOn": [ + "glibc@2.43-r7", + "ld-linux@2.43-r7" + ], + "Layer": { + "Digest": "sha256:4b14fbe9f208e0e4db31fa1d0355d3a4f3be73e3cf4b7842a7b391de62ea1768", + "DiffID": "sha256:850730726263ef9170056c45983eebcbb4c22014c78b7d72032085fa3762def1" + }, + "Digest": "sha1:222b2b0347eea4eb7f440d0746956585d88be3ca", + "InstalledFiles": [ + "usr/lib/libgcc_s.so.1", + "usr/lib/libgcc_s_asneeded.so", + "var/lib/db/sbom/libgcc-16.1.0-r1.spdx.json" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libssl3@3.6.2-r5", + "Name": "libssl3", + "Identifier": { + "PURL": "pkg:apk/wolfi/libssl3@3.6.2-r5?arch=x86_64\u0026distro=20230201", + "UID": "9ca3c227d7ad2f32" + }, + "Version": "3.6.2-r5", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.6.2-r5", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "wolfi", + "DependsOn": [ + "glibc@2.43-r7", + "libcrypto3@3.6.2-r5" + ], + "Layer": { + "Digest": "sha256:a5bfa7101982291c5462599e1eb8bc10b735e11d87315dc410d32701854a8df1", + "DiffID": "sha256:f11fd671e779cce250907410910e28992aa53539ab2a0975ac56dade8038383c" + }, + "Digest": "sha1:c35d5c141272a08edcdaeea03e2a5796b82c6889", + "InstalledFiles": [ + "usr/lib/libssl.so.3", + "var/lib/db/sbom/libssl3-3.6.2-r5.spdx.json" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libxcrypt@4.5.2-r2", + "Name": "libxcrypt", + "Identifier": { + "PURL": "pkg:apk/wolfi/libxcrypt@4.5.2-r2?arch=x86_64\u0026distro=20230201", + "UID": "c4d66f4744dcb02a" + }, + "Version": "4.5.2-r2", + "Arch": "x86_64", + "SrcName": "libxcrypt", + "SrcVersion": "4.5.2-r2", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "wolfi", + "Layer": { + "Digest": "sha256:7c6e71c1fdfdf429844e25aad86441920641c0ba46466bc1d043556bfb81b24e", + "DiffID": "sha256:70991d5976e247cb33ca1923edd3f609e6c23f527dbe62b838d6a03c0bca6453" + }, + "Digest": "sha1:1dde219a6ba81f29f519398066c7924a90e34598", + "InstalledFiles": [ + "usr/lib/libcrypt.so.1", + "usr/lib/libcrypt.so.1.1.0", + "var/lib/db/sbom/libxcrypt-4.5.2-r2.spdx.json" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "perl@5.42.2-r0", + "Name": "perl", + "Identifier": { + "PURL": "pkg:apk/wolfi/perl@5.42.2-r0?arch=x86_64\u0026distro=20230201", + "UID": "ae78e403626bfc66" + }, + "Version": "5.42.2-r0", + "Arch": "x86_64", + "SrcName": "perl", + "SrcVersion": "5.42.2-r0", + "Licenses": [ + "Artistic-1.0-Perl", + "GPL-1.0-or-later" + ], + "Maintainer": "wolfi", + "DependsOn": [ + "glibc@2.43-r7", + "ld-linux@2.43-r7", + "libbz2-1@1.0.8-r23", + "libcrypt1@2.43-r7", + "zlib@1.3.2-r3" + ], + "Layer": { + "Digest": "sha256:bbf145ce746720e770db2198f415ca26e343d5d7a94ec0c90bf590e09ed0646d", + "DiffID": "sha256:3a9803177bb563195998847cce18c838b99873e634c902f385e042d5228df4d7" + }, + "Digest": "sha1:aaed423b55b8d1d00a21deb8d57663f19c448503", + "InstalledFiles": [ + "usr/bin/perl", + "usr/bin/perl5.42.2", + "usr/bin/perldoc", + "usr/bin/pod2html", + "usr/bin/pod2man", + "usr/bin/pod2text", + "usr/bin/pod2usage", + "usr/bin/podchecker", + "usr/bin/streamzip", + "usr/lib/perl5/core_perl/B.pm", + "usr/lib/perl5/core_perl/Config.pm", + "usr/lib/perl5/core_perl/Config_git.pl", + "usr/lib/perl5/core_perl/Config_heavy.pl", + "usr/lib/perl5/core_perl/Cwd.pm", + "usr/lib/perl5/core_perl/DynaLoader.pm", + "usr/lib/perl5/core_perl/Encode.pm", + "usr/lib/perl5/core_perl/Errno.pm", + "usr/lib/perl5/core_perl/Fcntl.pm", + "usr/lib/perl5/core_perl/IO.pm", + "usr/lib/perl5/core_perl/O.pm", + "usr/lib/perl5/core_perl/Opcode.pm", + "usr/lib/perl5/core_perl/POSIX.pm", + "usr/lib/perl5/core_perl/SDBM_File.pm", + "usr/lib/perl5/core_perl/Socket.pm", + "usr/lib/perl5/core_perl/Storable.pm", + "usr/lib/perl5/core_perl/attributes.pm", + "usr/lib/perl5/core_perl/encoding.pm", + "usr/lib/perl5/core_perl/lib.pm", + "usr/lib/perl5/core_perl/mro.pm", + "usr/lib/perl5/core_perl/ops.pm", + "usr/lib/perl5/core_perl/re.pm", + "usr/lib/perl5/core_perl/threads.pm", + "usr/lib/perl5/core_perl/B/Concise.pm", + "usr/lib/perl5/core_perl/B/Showlex.pm", + "usr/lib/perl5/core_perl/B/Terse.pm", + "usr/lib/perl5/core_perl/B/Xref.pm", + "usr/lib/perl5/core_perl/CORE/libperl.so", + "usr/lib/perl5/core_perl/Compress/Raw/Bzip2.pm", + "usr/lib/perl5/core_perl/Compress/Raw/Zlib.pm", + "usr/lib/perl5/core_perl/Data/Dumper.pm", + "usr/lib/perl5/core_perl/Digest/MD5.pm", + "usr/lib/perl5/core_perl/Digest/SHA.pm", + "usr/lib/perl5/core_perl/Encode/Alias.pm", + "usr/lib/perl5/core_perl/Encode/Byte.pm", + "usr/lib/perl5/core_perl/Encode/CJKConstants.pm", + "usr/lib/perl5/core_perl/Encode/CN.pm", + "usr/lib/perl5/core_perl/Encode/Config.pm", + "usr/lib/perl5/core_perl/Encode/EBCDIC.pm", + "usr/lib/perl5/core_perl/Encode/Encoder.pm", + "usr/lib/perl5/core_perl/Encode/Encoding.pm", + "usr/lib/perl5/core_perl/Encode/GSM0338.pm", + "usr/lib/perl5/core_perl/Encode/Guess.pm", + "usr/lib/perl5/core_perl/Encode/JP.pm", + "usr/lib/perl5/core_perl/Encode/KR.pm", + "usr/lib/perl5/core_perl/Encode/Symbol.pm", + "usr/lib/perl5/core_perl/Encode/TW.pm", + "usr/lib/perl5/core_perl/Encode/Unicode.pm", + "usr/lib/perl5/core_perl/Encode/CN/HZ.pm", + "usr/lib/perl5/core_perl/Encode/JP/H2Z.pm", + "usr/lib/perl5/core_perl/Encode/JP/JIS7.pm", + "usr/lib/perl5/core_perl/Encode/KR/2022_KR.pm", + "usr/lib/perl5/core_perl/Encode/MIME/Header.pm", + "usr/lib/perl5/core_perl/Encode/MIME/Name.pm", + "usr/lib/perl5/core_perl/Encode/MIME/Header/ISO_2022_JP.pm", + "usr/lib/perl5/core_perl/Encode/Unicode/UTF7.pm", + "usr/lib/perl5/core_perl/File/DosGlob.pm", + "usr/lib/perl5/core_perl/File/Glob.pm", + "usr/lib/perl5/core_perl/File/Spec.pm", + "usr/lib/perl5/core_perl/File/Spec/AmigaOS.pm", + "usr/lib/perl5/core_perl/File/Spec/Cygwin.pm", + "usr/lib/perl5/core_perl/File/Spec/Epoc.pm", + "usr/lib/perl5/core_perl/File/Spec/Functions.pm", + "usr/lib/perl5/core_perl/File/Spec/Mac.pm", + "usr/lib/perl5/core_perl/File/Spec/OS2.pm", + "usr/lib/perl5/core_perl/File/Spec/Unix.pm", + "usr/lib/perl5/core_perl/File/Spec/VMS.pm", + "usr/lib/perl5/core_perl/File/Spec/Win32.pm", + "usr/lib/perl5/core_perl/Filter/Util/Call.pm", + "usr/lib/perl5/core_perl/Hash/Util.pm", + "usr/lib/perl5/core_perl/Hash/Util/FieldHash.pm", + "usr/lib/perl5/core_perl/I18N/Langinfo.pm", + "usr/lib/perl5/core_perl/IO/Dir.pm", + "usr/lib/perl5/core_perl/IO/File.pm", + "usr/lib/perl5/core_perl/IO/Handle.pm", + "usr/lib/perl5/core_perl/IO/Pipe.pm", + "usr/lib/perl5/core_perl/IO/Poll.pm", + "usr/lib/perl5/core_perl/IO/Seekable.pm", + "usr/lib/perl5/core_perl/IO/Select.pm", + "usr/lib/perl5/core_perl/IO/Socket.pm", + "usr/lib/perl5/core_perl/IO/Socket/INET.pm", + "usr/lib/perl5/core_perl/IO/Socket/UNIX.pm", + "usr/lib/perl5/core_perl/IPC/Msg.pm", + "usr/lib/perl5/core_perl/IPC/Semaphore.pm", + "usr/lib/perl5/core_perl/IPC/SharedMem.pm", + "usr/lib/perl5/core_perl/IPC/SysV.pm", + "usr/lib/perl5/core_perl/List/Util.pm", + "usr/lib/perl5/core_perl/List/Util/XS.pm", + "usr/lib/perl5/core_perl/MIME/Base64.pm", + "usr/lib/perl5/core_perl/MIME/QuotedPrint.pm", + "usr/lib/perl5/core_perl/Math/BigInt/FastCalc.pm", + "usr/lib/perl5/core_perl/PerlIO/encoding.pm", + "usr/lib/perl5/core_perl/PerlIO/mmap.pm", + "usr/lib/perl5/core_perl/PerlIO/via.pm", + "usr/lib/perl5/core_perl/Scalar/Util.pm", + "usr/lib/perl5/core_perl/Scalar/List/Utils.pm", + "usr/lib/perl5/core_perl/Sub/Util.pm", + "usr/lib/perl5/core_perl/Sys/Hostname.pm", + "usr/lib/perl5/core_perl/Sys/Syslog.pm", + "usr/lib/perl5/core_perl/Time/HiRes.pm", + "usr/lib/perl5/core_perl/Time/Piece.pm", + "usr/lib/perl5/core_perl/Time/Seconds.pm", + "usr/lib/perl5/core_perl/Unicode/Collate.pm", + "usr/lib/perl5/core_perl/Unicode/Normalize.pm", + "usr/lib/perl5/core_perl/Unicode/Collate/Locale.pm", + "usr/lib/perl5/core_perl/auto/B/B.so", + "usr/lib/perl5/core_perl/auto/Compress/Raw/Bzip2/Bzip2.so", + "usr/lib/perl5/core_perl/auto/Compress/Raw/Zlib/Zlib.so", + "usr/lib/perl5/core_perl/auto/Cwd/Cwd.so", + "usr/lib/perl5/core_perl/auto/Data/Dumper/Dumper.so", + "usr/lib/perl5/core_perl/auto/Devel/Peek/Peek.so", + "usr/lib/perl5/core_perl/auto/Digest/MD5/MD5.so", + "usr/lib/perl5/core_perl/auto/Digest/SHA/SHA.so", + "usr/lib/perl5/core_perl/auto/Encode/Encode.so", + "usr/lib/perl5/core_perl/auto/Encode/Byte/Byte.so", + "usr/lib/perl5/core_perl/auto/Encode/CN/CN.so", + "usr/lib/perl5/core_perl/auto/Encode/EBCDIC/EBCDIC.so", + "usr/lib/perl5/core_perl/auto/Encode/JP/JP.so", + "usr/lib/perl5/core_perl/auto/Encode/KR/KR.so", + "usr/lib/perl5/core_perl/auto/Encode/Symbol/Symbol.so", + "usr/lib/perl5/core_perl/auto/Encode/TW/TW.so", + "usr/lib/perl5/core_perl/auto/Encode/Unicode/Unicode.so", + "usr/lib/perl5/core_perl/auto/Fcntl/Fcntl.so", + "usr/lib/perl5/core_perl/auto/File/DosGlob/DosGlob.so", + "usr/lib/perl5/core_perl/auto/File/Glob/Glob.so", + "usr/lib/perl5/core_perl/auto/Filter/Util/Call/Call.so", + "usr/lib/perl5/core_perl/auto/Hash/Util/Util.so", + "usr/lib/perl5/core_perl/auto/Hash/Util/FieldHash/FieldHash.so", + "usr/lib/perl5/core_perl/auto/I18N/Langinfo/Langinfo.so", + "usr/lib/perl5/core_perl/auto/IO/IO.so", + "usr/lib/perl5/core_perl/auto/IPC/SysV/SysV.so", + "usr/lib/perl5/core_perl/auto/List/Util/Util.so", + "usr/lib/perl5/core_perl/auto/MIME/Base64/Base64.so", + "usr/lib/perl5/core_perl/auto/Math/BigInt/FastCalc/FastCalc.so", + "usr/lib/perl5/core_perl/auto/Opcode/Opcode.so", + "usr/lib/perl5/core_perl/auto/POSIX/POSIX.so", + "usr/lib/perl5/core_perl/auto/PerlIO/encoding/encoding.so", + "usr/lib/perl5/core_perl/auto/PerlIO/mmap/mmap.so", + "usr/lib/perl5/core_perl/auto/PerlIO/via/via.so", + "usr/lib/perl5/core_perl/auto/SDBM_File/SDBM_File.so", + "usr/lib/perl5/core_perl/auto/Socket/Socket.so", + "usr/lib/perl5/core_perl/auto/Storable/Storable.so", + "usr/lib/perl5/core_perl/auto/Sys/Hostname/Hostname.so", + "usr/lib/perl5/core_perl/auto/Sys/Syslog/Syslog.so", + "usr/lib/perl5/core_perl/auto/Time/HiRes/HiRes.so", + "usr/lib/perl5/core_perl/auto/Time/Piece/Piece.so", + "usr/lib/perl5/core_perl/auto/Unicode/Collate/Collate.so", + "usr/lib/perl5/core_perl/auto/Unicode/Normalize/Normalize.so", + "usr/lib/perl5/core_perl/auto/attributes/attributes.so", + "usr/lib/perl5/core_perl/auto/mro/mro.so", + "usr/lib/perl5/core_perl/auto/re/re.so", + "usr/lib/perl5/core_perl/auto/threads/threads.so", + "usr/lib/perl5/core_perl/auto/threads/shared/shared.so", + "usr/lib/perl5/core_perl/threads/shared.pm", + "usr/share/perl5/core_perl/AnyDBM_File.pm", + "usr/share/perl5/core_perl/AutoLoader.pm", + "usr/share/perl5/core_perl/AutoSplit.pm", + "usr/share/perl5/core_perl/Benchmark.pm", + "usr/share/perl5/core_perl/CPAN.pm", + "usr/share/perl5/core_perl/Carp.pm", + "usr/share/perl5/core_perl/DB.pm", + "usr/share/perl5/core_perl/DBM_Filter.pm", + "usr/share/perl5/core_perl/Digest.pm", + "usr/share/perl5/core_perl/DirHandle.pm", + "usr/share/perl5/core_perl/Dumpvalue.pm", + "usr/share/perl5/core_perl/English.pm", + "usr/share/perl5/core_perl/Env.pm", + "usr/share/perl5/core_perl/Exporter.pm", + "usr/share/perl5/core_perl/Fatal.pm", + "usr/share/perl5/core_perl/FileCache.pm", + "usr/share/perl5/core_perl/FileHandle.pm", + "usr/share/perl5/core_perl/FindBin.pm", + "usr/share/perl5/core_perl/Memoize.pm", + "usr/share/perl5/core_perl/NEXT.pm", + "usr/share/perl5/core_perl/PerlIO.pm", + "usr/share/perl5/core_perl/Safe.pm", + "usr/share/perl5/core_perl/SelectSaver.pm", + "usr/share/perl5/core_perl/SelfLoader.pm", + "usr/share/perl5/core_perl/Symbol.pm", + "usr/share/perl5/core_perl/Test.pm", + "usr/share/perl5/core_perl/Test2.pm", + "usr/share/perl5/core_perl/Thread.pm", + "usr/share/perl5/core_perl/UNIVERSAL.pm", + "usr/share/perl5/core_perl/XSLoader.pm", + "usr/share/perl5/core_perl/_charnames.pm", + "usr/share/perl5/core_perl/autodie.pm", + "usr/share/perl5/core_perl/autouse.pm", + "usr/share/perl5/core_perl/base.pm", + "usr/share/perl5/core_perl/bigfloat.pm", + "usr/share/perl5/core_perl/bigint.pm", + "usr/share/perl5/core_perl/bignum.pm", + "usr/share/perl5/core_perl/bigrat.pm", + "usr/share/perl5/core_perl/blib.pm", + "usr/share/perl5/core_perl/builtin.pm", + "usr/share/perl5/core_perl/bytes.pm", + "usr/share/perl5/core_perl/charnames.pm", + "usr/share/perl5/core_perl/constant.pm", + "usr/share/perl5/core_perl/deprecate.pm", + "usr/share/perl5/core_perl/diagnostics.pm", + "usr/share/perl5/core_perl/dumpvar.pl", + "usr/share/perl5/core_perl/experimental.pm", + "usr/share/perl5/core_perl/feature.pm", + "usr/share/perl5/core_perl/fields.pm", + "usr/share/perl5/core_perl/filetest.pm", + "usr/share/perl5/core_perl/if.pm", + "usr/share/perl5/core_perl/integer.pm", + "usr/share/perl5/core_perl/less.pm", + "usr/share/perl5/core_perl/locale.pm", + "usr/share/perl5/core_perl/meta_notation.pm", + "usr/share/perl5/core_perl/ok.pm", + "usr/share/perl5/core_perl/open.pm", + "usr/share/perl5/core_perl/overload.pm", + "usr/share/perl5/core_perl/overloading.pm", + "usr/share/perl5/core_perl/parent.pm", + "usr/share/perl5/core_perl/perl5db.pl", + "usr/share/perl5/core_perl/perlfaq.pm", + "usr/share/perl5/core_perl/sigtrap.pm", + "usr/share/perl5/core_perl/sort.pm", + "usr/share/perl5/core_perl/stable.pm", + "usr/share/perl5/core_perl/strict.pm", + "usr/share/perl5/core_perl/subs.pm", + "usr/share/perl5/core_perl/utf8.pm", + "usr/share/perl5/core_perl/vars.pm", + "usr/share/perl5/core_perl/version.pm", + "usr/share/perl5/core_perl/vmsish.pm", + "usr/share/perl5/core_perl/warnings.pm", + "usr/share/perl5/core_perl/App/Cpan.pm", + "usr/share/perl5/core_perl/App/Prove.pm", + "usr/share/perl5/core_perl/App/Prove/State.pm", + "usr/share/perl5/core_perl/App/Prove/State/Result.pm", + "usr/share/perl5/core_perl/App/Prove/State/Result/Test.pm", + "usr/share/perl5/core_perl/Archive/Tar.pm", + "usr/share/perl5/core_perl/Archive/Tar/Constant.pm", + "usr/share/perl5/core_perl/Archive/Tar/File.pm", + "usr/share/perl5/core_perl/Attribute/Handlers.pm", + "usr/share/perl5/core_perl/B/Deparse.pm", + "usr/share/perl5/core_perl/B/Op_private.pm", + "usr/share/perl5/core_perl/CPAN/Author.pm", + "usr/share/perl5/core_perl/CPAN/Bundle.pm", + "usr/share/perl5/core_perl/CPAN/CacheMgr.pm", + "usr/share/perl5/core_perl/CPAN/Complete.pm", + "usr/share/perl5/core_perl/CPAN/Debug.pm", + "usr/share/perl5/core_perl/CPAN/DeferredCode.pm", + "usr/share/perl5/core_perl/CPAN/Distribution.pm", + "usr/share/perl5/core_perl/CPAN/Distroprefs.pm", + "usr/share/perl5/core_perl/CPAN/Distrostatus.pm", + "usr/share/perl5/core_perl/CPAN/FTP.pm", + "usr/share/perl5/core_perl/CPAN/FirstTime.pm", + "usr/share/perl5/core_perl/CPAN/HandleConfig.pm", + "usr/share/perl5/core_perl/CPAN/Index.pm", + "usr/share/perl5/core_perl/CPAN/InfoObj.pm", + "usr/share/perl5/core_perl/CPAN/Kwalify.pm", + "usr/share/perl5/core_perl/CPAN/Meta.pm", + "usr/share/perl5/core_perl/CPAN/Mirrors.pm", + "usr/share/perl5/core_perl/CPAN/Module.pm", + "usr/share/perl5/core_perl/CPAN/Nox.pm", + "usr/share/perl5/core_perl/CPAN/Plugin.pm", + "usr/share/perl5/core_perl/CPAN/Prompt.pm", + "usr/share/perl5/core_perl/CPAN/Queue.pm", + "usr/share/perl5/core_perl/CPAN/Shell.pm", + "usr/share/perl5/core_perl/CPAN/Tarzip.pm", + "usr/share/perl5/core_perl/CPAN/URL.pm", + "usr/share/perl5/core_perl/CPAN/Version.pm", + "usr/share/perl5/core_perl/CPAN/Exception/RecursiveDependency.pm", + "usr/share/perl5/core_perl/CPAN/Exception/blocked_urllist.pm", + "usr/share/perl5/core_perl/CPAN/Exception/yaml_not_installed.pm", + "usr/share/perl5/core_perl/CPAN/Exception/yaml_process_error.pm", + "usr/share/perl5/core_perl/CPAN/FTP/netrc.pm", + "usr/share/perl5/core_perl/CPAN/HTTP/Client.pm", + "usr/share/perl5/core_perl/CPAN/HTTP/Credentials.pm", + "usr/share/perl5/core_perl/CPAN/Kwalify/distroprefs.dd", + "usr/share/perl5/core_perl/CPAN/Kwalify/distroprefs.yml", + "usr/share/perl5/core_perl/CPAN/LWP/UserAgent.pm", + "usr/share/perl5/core_perl/CPAN/Meta/Converter.pm", + "usr/share/perl5/core_perl/CPAN/Meta/Feature.pm", + "usr/share/perl5/core_perl/CPAN/Meta/History.pm", + "usr/share/perl5/core_perl/CPAN/Meta/Merge.pm", + "usr/share/perl5/core_perl/CPAN/Meta/Prereqs.pm", + "usr/share/perl5/core_perl/CPAN/Meta/Requirements.pm", + "usr/share/perl5/core_perl/CPAN/Meta/Spec.pm", + "usr/share/perl5/core_perl/CPAN/Meta/Validator.pm", + "usr/share/perl5/core_perl/CPAN/Meta/YAML.pm", + "usr/share/perl5/core_perl/CPAN/Meta/Requirements/Range.pm", + "usr/share/perl5/core_perl/CPAN/Plugin/Specfile.pm", + "usr/share/perl5/core_perl/Carp/Heavy.pm", + "usr/share/perl5/core_perl/Class/Struct.pm", + "usr/share/perl5/core_perl/Compress/Zlib.pm", + "usr/share/perl5/core_perl/Config/Extensions.pm", + "usr/share/perl5/core_perl/Config/Perl/V.pm", + "usr/share/perl5/core_perl/DBM_Filter/compress.pm", + "usr/share/perl5/core_perl/DBM_Filter/encode.pm", + "usr/share/perl5/core_perl/DBM_Filter/int32.pm", + "usr/share/perl5/core_perl/DBM_Filter/null.pm", + "usr/share/perl5/core_perl/DBM_Filter/utf8.pm", + "usr/share/perl5/core_perl/Devel/SelfStubber.pm", + "usr/share/perl5/core_perl/Digest/base.pm", + "usr/share/perl5/core_perl/Digest/file.pm", + "usr/share/perl5/core_perl/Exporter/Heavy.pm", + "usr/share/perl5/core_perl/ExtUtils/CBuilder.pm", + "usr/share/perl5/core_perl/ExtUtils/Command.pm", + "usr/share/perl5/core_perl/ExtUtils/Constant.pm", + "usr/share/perl5/core_perl/ExtUtils/Embed.pm", + "usr/share/perl5/core_perl/ExtUtils/Install.pm", + "usr/share/perl5/core_perl/ExtUtils/Installed.pm", + "usr/share/perl5/core_perl/ExtUtils/Liblist.pm", + "usr/share/perl5/core_perl/ExtUtils/MANIFEST.SKIP", + "usr/share/perl5/core_perl/ExtUtils/MM.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_AIX.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_Any.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_BeOS.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_Cygwin.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_DOS.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_Darwin.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_MacOS.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_NW5.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_OS2.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_OS390.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_QNX.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_UWIN.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_Unix.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_VMS.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_VOS.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_Win32.pm", + "usr/share/perl5/core_perl/ExtUtils/MM_Win95.pm", + "usr/share/perl5/core_perl/ExtUtils/MY.pm", + "usr/share/perl5/core_perl/ExtUtils/MakeMaker.pm", + "usr/share/perl5/core_perl/ExtUtils/Manifest.pm", + "usr/share/perl5/core_perl/ExtUtils/Miniperl.pm", + "usr/share/perl5/core_perl/ExtUtils/Mkbootstrap.pm", + "usr/share/perl5/core_perl/ExtUtils/Mksymlists.pm", + "usr/share/perl5/core_perl/ExtUtils/PL2Bat.pm", + "usr/share/perl5/core_perl/ExtUtils/Packlist.pm", + "usr/share/perl5/core_perl/ExtUtils/ParseXS.pm", + "usr/share/perl5/core_perl/ExtUtils/Typemaps.pm", + "usr/share/perl5/core_perl/ExtUtils/testlib.pm", + "usr/share/perl5/core_perl/ExtUtils/typemap", + "usr/share/perl5/core_perl/ExtUtils/xsubpp", + "usr/share/perl5/core_perl/ExtUtils/CBuilder/Base.pm", + "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/Unix.pm", + "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/VMS.pm", + "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/Windows.pm", + "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/aix.pm", + "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/android.pm", + "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/cygwin.pm", + "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/darwin.pm", + "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/dec_osf.pm", + "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/os2.pm", + "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/Windows/BCC.pm", + "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/Windows/GCC.pm", + "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/Windows/MSVC.pm", + "usr/share/perl5/core_perl/ExtUtils/Command/MM.pm", + "usr/share/perl5/core_perl/ExtUtils/Constant/Base.pm", + "usr/share/perl5/core_perl/ExtUtils/Constant/ProxySubs.pm", + "usr/share/perl5/core_perl/ExtUtils/Constant/Utils.pm", + "usr/share/perl5/core_perl/ExtUtils/Constant/XS.pm", + "usr/share/perl5/core_perl/ExtUtils/Liblist/Kid.pm", + "usr/share/perl5/core_perl/ExtUtils/MakeMaker/Config.pm", + "usr/share/perl5/core_perl/ExtUtils/MakeMaker/Locale.pm", + "usr/share/perl5/core_perl/ExtUtils/MakeMaker/version.pm", + "usr/share/perl5/core_perl/ExtUtils/ParseXS/Constants.pm", + "usr/share/perl5/core_perl/ExtUtils/ParseXS/CountLines.pm", + "usr/share/perl5/core_perl/ExtUtils/ParseXS/Eval.pm", + "usr/share/perl5/core_perl/ExtUtils/ParseXS/Node.pm", + "usr/share/perl5/core_perl/ExtUtils/ParseXS/Utilities.pm", + "usr/share/perl5/core_perl/ExtUtils/Typemaps/Cmd.pm", + "usr/share/perl5/core_perl/ExtUtils/Typemaps/InputMap.pm", + "usr/share/perl5/core_perl/ExtUtils/Typemaps/OutputMap.pm", + "usr/share/perl5/core_perl/ExtUtils/Typemaps/Type.pm", + "usr/share/perl5/core_perl/File/Basename.pm", + "usr/share/perl5/core_perl/File/Compare.pm", + "usr/share/perl5/core_perl/File/Copy.pm", + "usr/share/perl5/core_perl/File/Fetch.pm", + "usr/share/perl5/core_perl/File/Find.pm", + "usr/share/perl5/core_perl/File/GlobMapper.pm", + "usr/share/perl5/core_perl/File/Path.pm", + "usr/share/perl5/core_perl/File/Temp.pm", + "usr/share/perl5/core_perl/File/stat.pm", + "usr/share/perl5/core_perl/Filter/Simple.pm", + "usr/share/perl5/core_perl/Getopt/Long.pm", + "usr/share/perl5/core_perl/Getopt/Std.pm", + "usr/share/perl5/core_perl/Getopt/Long/Parser.pm", + "usr/share/perl5/core_perl/HTTP/Tiny.pm", + "usr/share/perl5/core_perl/I18N/Collate.pm", + "usr/share/perl5/core_perl/I18N/LangTags.pm", + "usr/share/perl5/core_perl/I18N/LangTags/Detect.pm", + "usr/share/perl5/core_perl/I18N/LangTags/List.pm", + "usr/share/perl5/core_perl/IO/Compress.pm", + "usr/share/perl5/core_perl/IO/Zlib.pm", + "usr/share/perl5/core_perl/IO/Compress/Base.pm", + "usr/share/perl5/core_perl/IO/Compress/Bzip2.pm", + "usr/share/perl5/core_perl/IO/Compress/Deflate.pm", + "usr/share/perl5/core_perl/IO/Compress/Gzip.pm", + "usr/share/perl5/core_perl/IO/Compress/RawDeflate.pm", + "usr/share/perl5/core_perl/IO/Compress/Zip.pm", + "usr/share/perl5/core_perl/IO/Compress/Adapter/Bzip2.pm", + "usr/share/perl5/core_perl/IO/Compress/Adapter/Deflate.pm", + "usr/share/perl5/core_perl/IO/Compress/Adapter/Identity.pm", + "usr/share/perl5/core_perl/IO/Compress/Base/Common.pm", + "usr/share/perl5/core_perl/IO/Compress/Gzip/Constants.pm", + "usr/share/perl5/core_perl/IO/Compress/Zip/Constants.pm", + "usr/share/perl5/core_perl/IO/Compress/Zlib/Constants.pm", + "usr/share/perl5/core_perl/IO/Compress/Zlib/Extra.pm", + "usr/share/perl5/core_perl/IO/Socket/IP.pm", + "usr/share/perl5/core_perl/IO/Uncompress/AnyInflate.pm", + "usr/share/perl5/core_perl/IO/Uncompress/AnyUncompress.pm", + "usr/share/perl5/core_perl/IO/Uncompress/Base.pm", + "usr/share/perl5/core_perl/IO/Uncompress/Bunzip2.pm", + "usr/share/perl5/core_perl/IO/Uncompress/Gunzip.pm", + "usr/share/perl5/core_perl/IO/Uncompress/Inflate.pm", + "usr/share/perl5/core_perl/IO/Uncompress/RawInflate.pm", + "usr/share/perl5/core_perl/IO/Uncompress/Unzip.pm", + "usr/share/perl5/core_perl/IO/Uncompress/Adapter/Bunzip2.pm", + "usr/share/perl5/core_perl/IO/Uncompress/Adapter/Identity.pm", + "usr/share/perl5/core_perl/IO/Uncompress/Adapter/Inflate.pm", + "usr/share/perl5/core_perl/IPC/Cmd.pm", + "usr/share/perl5/core_perl/IPC/Open2.pm", + "usr/share/perl5/core_perl/IPC/Open3.pm", + "usr/share/perl5/core_perl/JSON/PP.pm", + "usr/share/perl5/core_perl/JSON/PP/Boolean.pm", + "usr/share/perl5/core_perl/Locale/Maketext.pm", + "usr/share/perl5/core_perl/Locale/Maketext/Guts.pm", + "usr/share/perl5/core_perl/Locale/Maketext/GutsLoader.pm", + "usr/share/perl5/core_perl/Locale/Maketext/Simple.pm", + "usr/share/perl5/core_perl/Math/BigFloat.pm", + "usr/share/perl5/core_perl/Math/BigInt.pm", + "usr/share/perl5/core_perl/Math/BigRat.pm", + "usr/share/perl5/core_perl/Math/Complex.pm", + "usr/share/perl5/core_perl/Math/Trig.pm", + "usr/share/perl5/core_perl/Math/BigFloat/Trace.pm", + "usr/share/perl5/core_perl/Math/BigInt/Calc.pm", + "usr/share/perl5/core_perl/Math/BigInt/Lib.pm", + "usr/share/perl5/core_perl/Math/BigInt/Trace.pm", + "usr/share/perl5/core_perl/Math/BigRat/Trace.pm", + "usr/share/perl5/core_perl/Memoize/AnyDBM_File.pm", + "usr/share/perl5/core_perl/Memoize/Expire.pm", + "usr/share/perl5/core_perl/Memoize/NDBM_File.pm", + "usr/share/perl5/core_perl/Memoize/SDBM_File.pm", + "usr/share/perl5/core_perl/Memoize/Storable.pm", + "usr/share/perl5/core_perl/Module/CoreList.pm", + "usr/share/perl5/core_perl/Module/Load.pm", + "usr/share/perl5/core_perl/Module/Loaded.pm", + "usr/share/perl5/core_perl/Module/Metadata.pm", + "usr/share/perl5/core_perl/Module/CoreList/Utils.pm", + "usr/share/perl5/core_perl/Module/Load/Conditional.pm", + "usr/share/perl5/core_perl/Net/Cmd.pm", + "usr/share/perl5/core_perl/Net/Config.pm", + "usr/share/perl5/core_perl/Net/Domain.pm", + "usr/share/perl5/core_perl/Net/FTP.pm", + "usr/share/perl5/core_perl/Net/NNTP.pm", + "usr/share/perl5/core_perl/Net/Netrc.pm", + "usr/share/perl5/core_perl/Net/POP3.pm", + "usr/share/perl5/core_perl/Net/Ping.pm", + "usr/share/perl5/core_perl/Net/SMTP.pm", + "usr/share/perl5/core_perl/Net/Time.pm", + "usr/share/perl5/core_perl/Net/hostent.pm", + "usr/share/perl5/core_perl/Net/netent.pm", + "usr/share/perl5/core_perl/Net/protoent.pm", + "usr/share/perl5/core_perl/Net/servent.pm", + "usr/share/perl5/core_perl/Net/FTP/A.pm", + "usr/share/perl5/core_perl/Net/FTP/E.pm", + "usr/share/perl5/core_perl/Net/FTP/I.pm", + "usr/share/perl5/core_perl/Net/FTP/L.pm", + "usr/share/perl5/core_perl/Net/FTP/dataconn.pm", + "usr/share/perl5/core_perl/Params/Check.pm", + "usr/share/perl5/core_perl/Parse/CPAN/Meta.pm", + "usr/share/perl5/core_perl/Perl/OSType.pm", + "usr/share/perl5/core_perl/PerlIO/scalar.pm", + "usr/share/perl5/core_perl/PerlIO/via/QuotedPrint.pm", + "usr/share/perl5/core_perl/Pod/Checker.pm", + "usr/share/perl5/core_perl/Pod/Escapes.pm", + "usr/share/perl5/core_perl/Pod/Functions.pm", + "usr/share/perl5/core_perl/Pod/Html.pm", + "usr/share/perl5/core_perl/Pod/Man.pm", + "usr/share/perl5/core_perl/Pod/ParseLink.pm", + "usr/share/perl5/core_perl/Pod/Perldoc.pm", + "usr/share/perl5/core_perl/Pod/Simple.pm", + "usr/share/perl5/core_perl/Pod/Text.pm", + "usr/share/perl5/core_perl/Pod/Usage.pm", + "usr/share/perl5/core_perl/Pod/Html/Util.pm", + "usr/share/perl5/core_perl/Pod/Perldoc/BaseTo.pm", + "usr/share/perl5/core_perl/Pod/Perldoc/GetOptsOO.pm", + "usr/share/perl5/core_perl/Pod/Perldoc/ToANSI.pm", + "usr/share/perl5/core_perl/Pod/Perldoc/ToChecker.pm", + "usr/share/perl5/core_perl/Pod/Perldoc/ToMan.pm", + "usr/share/perl5/core_perl/Pod/Perldoc/ToNroff.pm", + "usr/share/perl5/core_perl/Pod/Perldoc/ToPod.pm", + "usr/share/perl5/core_perl/Pod/Perldoc/ToRtf.pm", + "usr/share/perl5/core_perl/Pod/Perldoc/ToTerm.pm", + "usr/share/perl5/core_perl/Pod/Perldoc/ToText.pm", + "usr/share/perl5/core_perl/Pod/Perldoc/ToTk.pm", + "usr/share/perl5/core_perl/Pod/Perldoc/ToXml.pm", + "usr/share/perl5/core_perl/Pod/Simple/BlackBox.pm", + "usr/share/perl5/core_perl/Pod/Simple/Checker.pm", + "usr/share/perl5/core_perl/Pod/Simple/Debug.pm", + "usr/share/perl5/core_perl/Pod/Simple/DumpAsText.pm", + "usr/share/perl5/core_perl/Pod/Simple/DumpAsXML.pm", + "usr/share/perl5/core_perl/Pod/Simple/HTML.pm", + "usr/share/perl5/core_perl/Pod/Simple/HTMLBatch.pm", + "usr/share/perl5/core_perl/Pod/Simple/HTMLLegacy.pm", + "usr/share/perl5/core_perl/Pod/Simple/JustPod.pm", + "usr/share/perl5/core_perl/Pod/Simple/LinkSection.pm", + "usr/share/perl5/core_perl/Pod/Simple/Methody.pm", + "usr/share/perl5/core_perl/Pod/Simple/Progress.pm", + "usr/share/perl5/core_perl/Pod/Simple/PullParser.pm", + "usr/share/perl5/core_perl/Pod/Simple/PullParserEndToken.pm", + "usr/share/perl5/core_perl/Pod/Simple/PullParserStartToken.pm", + "usr/share/perl5/core_perl/Pod/Simple/PullParserTextToken.pm", + "usr/share/perl5/core_perl/Pod/Simple/PullParserToken.pm", + "usr/share/perl5/core_perl/Pod/Simple/RTF.pm", + "usr/share/perl5/core_perl/Pod/Simple/Search.pm", + "usr/share/perl5/core_perl/Pod/Simple/SimpleTree.pm", + "usr/share/perl5/core_perl/Pod/Simple/Text.pm", + "usr/share/perl5/core_perl/Pod/Simple/TextContent.pm", + "usr/share/perl5/core_perl/Pod/Simple/TiedOutFH.pm", + "usr/share/perl5/core_perl/Pod/Simple/Transcode.pm", + "usr/share/perl5/core_perl/Pod/Simple/TranscodeDumb.pm", + "usr/share/perl5/core_perl/Pod/Simple/TranscodeSmart.pm", + "usr/share/perl5/core_perl/Pod/Simple/XHTML.pm", + "usr/share/perl5/core_perl/Pod/Simple/XMLOutStream.pm", + "usr/share/perl5/core_perl/Pod/Text/Color.pm", + "usr/share/perl5/core_perl/Pod/Text/Overstrike.pm", + "usr/share/perl5/core_perl/Pod/Text/Termcap.pm", + "usr/share/perl5/core_perl/Search/Dict.pm", + "usr/share/perl5/core_perl/TAP/Base.pm", + "usr/share/perl5/core_perl/TAP/Harness.pm", + "usr/share/perl5/core_perl/TAP/Object.pm", + "usr/share/perl5/core_perl/TAP/Parser.pm", + "usr/share/perl5/core_perl/TAP/Formatter/Base.pm", + "usr/share/perl5/core_perl/TAP/Formatter/Color.pm", + "usr/share/perl5/core_perl/TAP/Formatter/Console.pm", + "usr/share/perl5/core_perl/TAP/Formatter/File.pm", + "usr/share/perl5/core_perl/TAP/Formatter/Session.pm", + "usr/share/perl5/core_perl/TAP/Formatter/Console/ParallelSession.pm", + "usr/share/perl5/core_perl/TAP/Formatter/Console/Session.pm", + "usr/share/perl5/core_perl/TAP/Formatter/File/Session.pm", + "usr/share/perl5/core_perl/TAP/Harness/Env.pm", + "usr/share/perl5/core_perl/TAP/Parser/Aggregator.pm", + "usr/share/perl5/core_perl/TAP/Parser/Grammar.pm", + "usr/share/perl5/core_perl/TAP/Parser/Iterator.pm", + "usr/share/perl5/core_perl/TAP/Parser/IteratorFactory.pm", + "usr/share/perl5/core_perl/TAP/Parser/Multiplexer.pm", + "usr/share/perl5/core_perl/TAP/Parser/Result.pm", + "usr/share/perl5/core_perl/TAP/Parser/ResultFactory.pm", + "usr/share/perl5/core_perl/TAP/Parser/Scheduler.pm", + "usr/share/perl5/core_perl/TAP/Parser/Source.pm", + "usr/share/perl5/core_perl/TAP/Parser/SourceHandler.pm", + "usr/share/perl5/core_perl/TAP/Parser/Iterator/Array.pm", + "usr/share/perl5/core_perl/TAP/Parser/Iterator/Process.pm", + "usr/share/perl5/core_perl/TAP/Parser/Iterator/Stream.pm", + "usr/share/perl5/core_perl/TAP/Parser/Result/Bailout.pm", + "usr/share/perl5/core_perl/TAP/Parser/Result/Comment.pm", + "usr/share/perl5/core_perl/TAP/Parser/Result/Plan.pm", + "usr/share/perl5/core_perl/TAP/Parser/Result/Pragma.pm", + "usr/share/perl5/core_perl/TAP/Parser/Result/Test.pm", + "usr/share/perl5/core_perl/TAP/Parser/Result/Unknown.pm", + "usr/share/perl5/core_perl/TAP/Parser/Result/Version.pm", + "usr/share/perl5/core_perl/TAP/Parser/Result/YAML.pm", + "usr/share/perl5/core_perl/TAP/Parser/Scheduler/Job.pm", + "usr/share/perl5/core_perl/TAP/Parser/Scheduler/Spinner.pm", + "usr/share/perl5/core_perl/TAP/Parser/SourceHandler/Executable.pm", + "usr/share/perl5/core_perl/TAP/Parser/SourceHandler/File.pm", + "usr/share/perl5/core_perl/TAP/Parser/SourceHandler/Handle.pm", + "usr/share/perl5/core_perl/TAP/Parser/SourceHandler/Perl.pm", + "usr/share/perl5/core_perl/TAP/Parser/SourceHandler/RawTAP.pm", + "usr/share/perl5/core_perl/TAP/Parser/YAMLish/Reader.pm", + "usr/share/perl5/core_perl/TAP/Parser/YAMLish/Writer.pm", + "usr/share/perl5/core_perl/Term/ANSIColor.pm", + "usr/share/perl5/core_perl/Term/Cap.pm", + "usr/share/perl5/core_perl/Term/Complete.pm", + "usr/share/perl5/core_perl/Term/ReadLine.pm", + "usr/share/perl5/core_perl/Term/Table.pm", + "usr/share/perl5/core_perl/Term/Table/Cell.pm", + "usr/share/perl5/core_perl/Term/Table/CellStack.pm", + "usr/share/perl5/core_perl/Term/Table/HashBase.pm", + "usr/share/perl5/core_perl/Term/Table/LineBreak.pm", + "usr/share/perl5/core_perl/Term/Table/Spacer.pm", + "usr/share/perl5/core_perl/Term/Table/Util.pm", + "usr/share/perl5/core_perl/Test/Builder.pm", + "usr/share/perl5/core_perl/Test/Harness.pm", + "usr/share/perl5/core_perl/Test/More.pm", + "usr/share/perl5/core_perl/Test/Simple.pm", + "usr/share/perl5/core_perl/Test/Tester.pm", + "usr/share/perl5/core_perl/Test/Builder/Formatter.pm", + "usr/share/perl5/core_perl/Test/Builder/Module.pm", + "usr/share/perl5/core_perl/Test/Builder/Tester.pm", + "usr/share/perl5/core_perl/Test/Builder/TodoDiag.pm", + "usr/share/perl5/core_perl/Test/Builder/Tester/Color.pm", + "usr/share/perl5/core_perl/Test/Tester/Capture.pm", + "usr/share/perl5/core_perl/Test/Tester/CaptureRunner.pm", + "usr/share/perl5/core_perl/Test/Tester/Delegate.pm", + "usr/share/perl5/core_perl/Test/use/ok.pm", + "usr/share/perl5/core_perl/Test2/API.pm", + "usr/share/perl5/core_perl/Test2/AsyncSubtest.pm", + "usr/share/perl5/core_perl/Test2/Bundle.pm", + "usr/share/perl5/core_perl/Test2/Compare.pm", + "usr/share/perl5/core_perl/Test2/Env.pm", + "usr/share/perl5/core_perl/Test2/Event.pm", + "usr/share/perl5/core_perl/Test2/EventFacet.pm", + "usr/share/perl5/core_perl/Test2/Formatter.pm", + "usr/share/perl5/core_perl/Test2/Hub.pm", + "usr/share/perl5/core_perl/Test2/IPC.pm", + "usr/share/perl5/core_perl/Test2/Manual.pm", + "usr/share/perl5/core_perl/Test2/Mock.pm", + "usr/share/perl5/core_perl/Test2/Plugin.pm", + "usr/share/perl5/core_perl/Test2/Require.pm", + "usr/share/perl5/core_perl/Test2/Suite.pm", + "usr/share/perl5/core_perl/Test2/Todo.pm", + "usr/share/perl5/core_perl/Test2/Tools.pm", + "usr/share/perl5/core_perl/Test2/Util.pm", + "usr/share/perl5/core_perl/Test2/V0.pm", + "usr/share/perl5/core_perl/Test2/Workflow.pm", + "usr/share/perl5/core_perl/Test2/API/Breakage.pm", + "usr/share/perl5/core_perl/Test2/API/Context.pm", + "usr/share/perl5/core_perl/Test2/API/Instance.pm", + "usr/share/perl5/core_perl/Test2/API/InterceptResult.pm", + "usr/share/perl5/core_perl/Test2/API/Stack.pm", + "usr/share/perl5/core_perl/Test2/API/InterceptResult/Event.pm", + "usr/share/perl5/core_perl/Test2/API/InterceptResult/Facet.pm", + "usr/share/perl5/core_perl/Test2/API/InterceptResult/Hub.pm", + "usr/share/perl5/core_perl/Test2/API/InterceptResult/Squasher.pm", + "usr/share/perl5/core_perl/Test2/AsyncSubtest/Formatter.pm", + "usr/share/perl5/core_perl/Test2/AsyncSubtest/Hub.pm", + "usr/share/perl5/core_perl/Test2/AsyncSubtest/Event/Attach.pm", + "usr/share/perl5/core_perl/Test2/AsyncSubtest/Event/Detach.pm", + "usr/share/perl5/core_perl/Test2/Bundle/Extended.pm", + "usr/share/perl5/core_perl/Test2/Bundle/More.pm", + "usr/share/perl5/core_perl/Test2/Bundle/Simple.pm", + "usr/share/perl5/core_perl/Test2/Compare/Array.pm", + "usr/share/perl5/core_perl/Test2/Compare/Bag.pm", + "usr/share/perl5/core_perl/Test2/Compare/Base.pm", + "usr/share/perl5/core_perl/Test2/Compare/Bool.pm", + "usr/share/perl5/core_perl/Test2/Compare/Custom.pm", + "usr/share/perl5/core_perl/Test2/Compare/DeepRef.pm", + "usr/share/perl5/core_perl/Test2/Compare/Delta.pm", + "usr/share/perl5/core_perl/Test2/Compare/Event.pm", + "usr/share/perl5/core_perl/Test2/Compare/EventMeta.pm", + "usr/share/perl5/core_perl/Test2/Compare/Float.pm", + "usr/share/perl5/core_perl/Test2/Compare/Hash.pm", + "usr/share/perl5/core_perl/Test2/Compare/Isa.pm", + "usr/share/perl5/core_perl/Test2/Compare/Meta.pm", + "usr/share/perl5/core_perl/Test2/Compare/Negatable.pm", + "usr/share/perl5/core_perl/Test2/Compare/Number.pm", + "usr/share/perl5/core_perl/Test2/Compare/Object.pm", + "usr/share/perl5/core_perl/Test2/Compare/OrderedSubset.pm", + "usr/share/perl5/core_perl/Test2/Compare/Pattern.pm", + "usr/share/perl5/core_perl/Test2/Compare/Ref.pm", + "usr/share/perl5/core_perl/Test2/Compare/Regex.pm", + "usr/share/perl5/core_perl/Test2/Compare/Scalar.pm", + "usr/share/perl5/core_perl/Test2/Compare/Set.pm", + "usr/share/perl5/core_perl/Test2/Compare/String.pm", + "usr/share/perl5/core_perl/Test2/Compare/Undef.pm", + "usr/share/perl5/core_perl/Test2/Compare/Wildcard.pm", + "usr/share/perl5/core_perl/Test2/Event/Bail.pm", + "usr/share/perl5/core_perl/Test2/Event/Diag.pm", + "usr/share/perl5/core_perl/Test2/Event/Encoding.pm", + "usr/share/perl5/core_perl/Test2/Event/Exception.pm", + "usr/share/perl5/core_perl/Test2/Event/Fail.pm", + "usr/share/perl5/core_perl/Test2/Event/Generic.pm", + "usr/share/perl5/core_perl/Test2/Event/Note.pm", + "usr/share/perl5/core_perl/Test2/Event/Ok.pm", + "usr/share/perl5/core_perl/Test2/Event/Pass.pm", + "usr/share/perl5/core_perl/Test2/Event/Plan.pm", + "usr/share/perl5/core_perl/Test2/Event/Skip.pm", + "usr/share/perl5/core_perl/Test2/Event/Subtest.pm", + "usr/share/perl5/core_perl/Test2/Event/V2.pm", + "usr/share/perl5/core_perl/Test2/Event/Waiting.pm", + "usr/share/perl5/core_perl/Test2/Event/TAP/Version.pm", + "usr/share/perl5/core_perl/Test2/EventFacet/About.pm", + "usr/share/perl5/core_perl/Test2/EventFacet/Amnesty.pm", + "usr/share/perl5/core_perl/Test2/EventFacet/Assert.pm", + "usr/share/perl5/core_perl/Test2/EventFacet/Control.pm", + "usr/share/perl5/core_perl/Test2/EventFacet/Error.pm", + "usr/share/perl5/core_perl/Test2/EventFacet/Hub.pm", + "usr/share/perl5/core_perl/Test2/EventFacet/Info.pm", + "usr/share/perl5/core_perl/Test2/EventFacet/Meta.pm", + "usr/share/perl5/core_perl/Test2/EventFacet/Parent.pm", + "usr/share/perl5/core_perl/Test2/EventFacet/Plan.pm", + "usr/share/perl5/core_perl/Test2/EventFacet/Render.pm", + "usr/share/perl5/core_perl/Test2/EventFacet/Trace.pm", + "usr/share/perl5/core_perl/Test2/EventFacet/Info/Table.pm", + "usr/share/perl5/core_perl/Test2/Formatter/TAP.pm", + "usr/share/perl5/core_perl/Test2/Hub/Interceptor.pm", + "usr/share/perl5/core_perl/Test2/Hub/Subtest.pm", + "usr/share/perl5/core_perl/Test2/Hub/Interceptor/Terminator.pm", + "usr/share/perl5/core_perl/Test2/IPC/Driver.pm", + "usr/share/perl5/core_perl/Test2/IPC/Driver/Files.pm", + "usr/share/perl5/core_perl/Test2/Manual/Anatomy.pm", + "usr/share/perl5/core_perl/Test2/Manual/Concurrency.pm", + "usr/share/perl5/core_perl/Test2/Manual/Contributing.pm", + "usr/share/perl5/core_perl/Test2/Manual/Testing.pm", + "usr/share/perl5/core_perl/Test2/Manual/Tooling.pm", + "usr/share/perl5/core_perl/Test2/Manual/Anatomy/API.pm", + "usr/share/perl5/core_perl/Test2/Manual/Anatomy/Context.pm", + "usr/share/perl5/core_perl/Test2/Manual/Anatomy/EndToEnd.pm", + "usr/share/perl5/core_perl/Test2/Manual/Anatomy/Event.pm", + "usr/share/perl5/core_perl/Test2/Manual/Anatomy/Hubs.pm", + "usr/share/perl5/core_perl/Test2/Manual/Anatomy/IPC.pm", + "usr/share/perl5/core_perl/Test2/Manual/Anatomy/Utilities.pm", + "usr/share/perl5/core_perl/Test2/Manual/Testing/Introduction.pm", + "usr/share/perl5/core_perl/Test2/Manual/Testing/Migrating.pm", + "usr/share/perl5/core_perl/Test2/Manual/Testing/Planning.pm", + "usr/share/perl5/core_perl/Test2/Manual/Testing/Todo.pm", + "usr/share/perl5/core_perl/Test2/Manual/Tooling/FirstTool.pm", + "usr/share/perl5/core_perl/Test2/Manual/Tooling/Formatter.pm", + "usr/share/perl5/core_perl/Test2/Manual/Tooling/Nesting.pm", + "usr/share/perl5/core_perl/Test2/Manual/Tooling/Subtest.pm", + "usr/share/perl5/core_perl/Test2/Manual/Tooling/TestBuilder.pm", + "usr/share/perl5/core_perl/Test2/Manual/Tooling/Testing.pm", + "usr/share/perl5/core_perl/Test2/Manual/Tooling/Plugin/TestExit.pm", + "usr/share/perl5/core_perl/Test2/Manual/Tooling/Plugin/TestingDone.pm", + "usr/share/perl5/core_perl/Test2/Manual/Tooling/Plugin/ToolCompletes.pm", + "usr/share/perl5/core_perl/Test2/Manual/Tooling/Plugin/ToolStarts.pm", + "usr/share/perl5/core_perl/Test2/Plugin/BailOnFail.pm", + "usr/share/perl5/core_perl/Test2/Plugin/DieOnFail.pm", + "usr/share/perl5/core_perl/Test2/Plugin/ExitSummary.pm", + "usr/share/perl5/core_perl/Test2/Plugin/SRand.pm", + "usr/share/perl5/core_perl/Test2/Plugin/Times.pm", + "usr/share/perl5/core_perl/Test2/Plugin/UTF8.pm", + "usr/share/perl5/core_perl/Test2/Require/AuthorTesting.pm", + "usr/share/perl5/core_perl/Test2/Require/AutomatedTesting.pm", + "usr/share/perl5/core_perl/Test2/Require/EnvVar.pm", + "usr/share/perl5/core_perl/Test2/Require/ExtendedTesting.pm", + "usr/share/perl5/core_perl/Test2/Require/Fork.pm", + "usr/share/perl5/core_perl/Test2/Require/Module.pm", + "usr/share/perl5/core_perl/Test2/Require/NonInteractiveTesting.pm", + "usr/share/perl5/core_perl/Test2/Require/Perl.pm", + "usr/share/perl5/core_perl/Test2/Require/RealFork.pm", + "usr/share/perl5/core_perl/Test2/Require/ReleaseTesting.pm", + "usr/share/perl5/core_perl/Test2/Require/Threads.pm", + "usr/share/perl5/core_perl/Test2/Tools/AsyncSubtest.pm", + "usr/share/perl5/core_perl/Test2/Tools/Basic.pm", + "usr/share/perl5/core_perl/Test2/Tools/Class.pm", + "usr/share/perl5/core_perl/Test2/Tools/ClassicCompare.pm", + "usr/share/perl5/core_perl/Test2/Tools/Compare.pm", + "usr/share/perl5/core_perl/Test2/Tools/Defer.pm", + "usr/share/perl5/core_perl/Test2/Tools/Encoding.pm", + "usr/share/perl5/core_perl/Test2/Tools/Event.pm", + "usr/share/perl5/core_perl/Test2/Tools/Exception.pm", + "usr/share/perl5/core_perl/Test2/Tools/Exports.pm", + "usr/share/perl5/core_perl/Test2/Tools/GenTemp.pm", + "usr/share/perl5/core_perl/Test2/Tools/Grab.pm", + "usr/share/perl5/core_perl/Test2/Tools/Mock.pm", + "usr/share/perl5/core_perl/Test2/Tools/Ref.pm", + "usr/share/perl5/core_perl/Test2/Tools/Refcount.pm", + "usr/share/perl5/core_perl/Test2/Tools/Spec.pm", + "usr/share/perl5/core_perl/Test2/Tools/Subtest.pm", + "usr/share/perl5/core_perl/Test2/Tools/Target.pm", + "usr/share/perl5/core_perl/Test2/Tools/Tester.pm", + "usr/share/perl5/core_perl/Test2/Tools/Tiny.pm", + "usr/share/perl5/core_perl/Test2/Tools/Warnings.pm", + "usr/share/perl5/core_perl/Test2/Util/ExternalMeta.pm", + "usr/share/perl5/core_perl/Test2/Util/Facets2Legacy.pm", + "usr/share/perl5/core_perl/Test2/Util/Grabber.pm", + "usr/share/perl5/core_perl/Test2/Util/Guard.pm", + "usr/share/perl5/core_perl/Test2/Util/HashBase.pm", + "usr/share/perl5/core_perl/Test2/Util/Importer.pm", + "usr/share/perl5/core_perl/Test2/Util/Ref.pm", + "usr/share/perl5/core_perl/Test2/Util/Sig.pm", + "usr/share/perl5/core_perl/Test2/Util/Stash.pm", + "usr/share/perl5/core_perl/Test2/Util/Sub.pm", + "usr/share/perl5/core_perl/Test2/Util/Table.pm", + "usr/share/perl5/core_perl/Test2/Util/Term.pm", + "usr/share/perl5/core_perl/Test2/Util/Times.pm", + "usr/share/perl5/core_perl/Test2/Util/Trace.pm", + "usr/share/perl5/core_perl/Test2/Util/Table/Cell.pm", + "usr/share/perl5/core_perl/Test2/Util/Table/LineBreak.pm", + "usr/share/perl5/core_perl/Test2/Workflow/BlockBase.pm", + "usr/share/perl5/core_perl/Test2/Workflow/Build.pm", + "usr/share/perl5/core_perl/Test2/Workflow/Runner.pm", + "usr/share/perl5/core_perl/Test2/Workflow/Task.pm", + "usr/share/perl5/core_perl/Test2/Workflow/Task/Action.pm", + "usr/share/perl5/core_perl/Test2/Workflow/Task/Group.pm", + "usr/share/perl5/core_perl/Text/Abbrev.pm", + "usr/share/perl5/core_perl/Text/Balanced.pm", + "usr/share/perl5/core_perl/Text/ParseWords.pm", + "usr/share/perl5/core_perl/Text/Tabs.pm", + "usr/share/perl5/core_perl/Text/Wrap.pm", + "usr/share/perl5/core_perl/Thread/Queue.pm", + "usr/share/perl5/core_perl/Thread/Semaphore.pm", + "usr/share/perl5/core_perl/Tie/Array.pm", + "usr/share/perl5/core_perl/Tie/File.pm", + "usr/share/perl5/core_perl/Tie/Handle.pm", + "usr/share/perl5/core_perl/Tie/Hash.pm", + "usr/share/perl5/core_perl/Tie/Memoize.pm", + "usr/share/perl5/core_perl/Tie/RefHash.pm", + "usr/share/perl5/core_perl/Tie/Scalar.pm", + "usr/share/perl5/core_perl/Tie/StdHandle.pm", + "usr/share/perl5/core_perl/Tie/SubstrHash.pm", + "usr/share/perl5/core_perl/Tie/Hash/NamedCapture.pm", + "usr/share/perl5/core_perl/Time/Local.pm", + "usr/share/perl5/core_perl/Time/gmtime.pm", + "usr/share/perl5/core_perl/Time/localtime.pm", + "usr/share/perl5/core_perl/Time/tm.pm", + "usr/share/perl5/core_perl/Unicode/UCD.pm", + "usr/share/perl5/core_perl/Unicode/Collate/allkeys.txt", + "usr/share/perl5/core_perl/Unicode/Collate/keys.txt", + "usr/share/perl5/core_perl/Unicode/Collate/CJK/Big5.pm", + "usr/share/perl5/core_perl/Unicode/Collate/CJK/GB2312.pm", + "usr/share/perl5/core_perl/Unicode/Collate/CJK/JISX0208.pm", + "usr/share/perl5/core_perl/Unicode/Collate/CJK/Korean.pm", + "usr/share/perl5/core_perl/Unicode/Collate/CJK/Pinyin.pm", + "usr/share/perl5/core_perl/Unicode/Collate/CJK/Stroke.pm", + "usr/share/perl5/core_perl/Unicode/Collate/CJK/Zhuyin.pm", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/af.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/ar.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/as.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/az.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/be.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/bn.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/ca.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/cs.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/cu.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/cy.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/da.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/de_at_ph.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/de_phone.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/dsb.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/ee.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/eo.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/es.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/es_trad.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/et.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/fa.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/fi.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/fi_phone.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/fil.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/fo.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/fr_ca.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/gu.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/ha.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/haw.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/he.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/hi.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/hr.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/hu.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/hy.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/ig.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/is.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/ja.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/kk.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/kl.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/kn.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/ko.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/kok.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/lkt.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/ln.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/lt.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/lv.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/mk.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/ml.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/mr.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/mt.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/nb.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/nn.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/nso.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/om.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/or.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/pa.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/pl.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/ro.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/sa.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/se.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/si.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/si_dict.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/sk.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/sl.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/sq.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/sr.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/sv.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/sv_refo.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/ta.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/te.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/th.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/tn.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/to.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/tr.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/ug_cyrl.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/uk.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/ur.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/vi.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/vo.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/wae.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/wo.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/yo.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/zh.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/zh_big5.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/zh_gb.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/zh_pin.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/zh_strk.pl", + "usr/share/perl5/core_perl/Unicode/Collate/Locale/zh_zhu.pl", + "usr/share/perl5/core_perl/User/grent.pm", + "usr/share/perl5/core_perl/User/pwent.pm", + "usr/share/perl5/core_perl/autodie/Util.pm", + "usr/share/perl5/core_perl/autodie/exception.pm", + "usr/share/perl5/core_perl/autodie/hints.pm", + "usr/share/perl5/core_perl/autodie/skip.pm", + "usr/share/perl5/core_perl/autodie/Scope/Guard.pm", + "usr/share/perl5/core_perl/autodie/Scope/GuardStack.pm", + "usr/share/perl5/core_perl/autodie/exception/system.pm", + "usr/share/perl5/core_perl/encoding/warnings.pm", + "usr/share/perl5/core_perl/overload/numbers.pm", + "usr/share/perl5/core_perl/source/encoding.pm", + "usr/share/perl5/core_perl/unicore/Blocks.txt", + "usr/share/perl5/core_perl/unicore/CombiningClass.pl", + "usr/share/perl5/core_perl/unicore/Decomposition.pl", + "usr/share/perl5/core_perl/unicore/Name.pl", + "usr/share/perl5/core_perl/unicore/Name.pm", + "usr/share/perl5/core_perl/unicore/NamedSequences.txt", + "usr/share/perl5/core_perl/unicore/SpecialCasing.txt", + "usr/share/perl5/core_perl/unicore/TestNorm.pl", + "usr/share/perl5/core_perl/unicore/UCD.pl", + "usr/share/perl5/core_perl/unicore/uni_keywords.pl", + "usr/share/perl5/core_perl/unicore/version", + "usr/share/perl5/core_perl/unicore/To/Age.pl", + "usr/share/perl5/core_perl/unicore/To/Bc.pl", + "usr/share/perl5/core_perl/unicore/To/Bmg.pl", + "usr/share/perl5/core_perl/unicore/To/Bpb.pl", + "usr/share/perl5/core_perl/unicore/To/Bpt.pl", + "usr/share/perl5/core_perl/unicore/To/Cf.pl", + "usr/share/perl5/core_perl/unicore/To/Ea.pl", + "usr/share/perl5/core_perl/unicore/To/EqUIdeo.pl", + "usr/share/perl5/core_perl/unicore/To/GCB.pl", + "usr/share/perl5/core_perl/unicore/To/Gc.pl", + "usr/share/perl5/core_perl/unicore/To/Hst.pl", + "usr/share/perl5/core_perl/unicore/To/Identif2.pl", + "usr/share/perl5/core_perl/unicore/To/Identifi.pl", + "usr/share/perl5/core_perl/unicore/To/InCB.pl", + "usr/share/perl5/core_perl/unicore/To/InPC.pl", + "usr/share/perl5/core_perl/unicore/To/InSC.pl", + "usr/share/perl5/core_perl/unicore/To/Isc.pl", + "usr/share/perl5/core_perl/unicore/To/Jg.pl", + "usr/share/perl5/core_perl/unicore/To/Jt.pl", + "usr/share/perl5/core_perl/unicore/To/Lb.pl", + "usr/share/perl5/core_perl/unicore/To/Lc.pl", + "usr/share/perl5/core_perl/unicore/To/NFCQC.pl", + "usr/share/perl5/core_perl/unicore/To/NFDQC.pl", + "usr/share/perl5/core_perl/unicore/To/NFKCCF.pl", + "usr/share/perl5/core_perl/unicore/To/NFKCQC.pl", + "usr/share/perl5/core_perl/unicore/To/NFKCSCF.pl", + "usr/share/perl5/core_perl/unicore/To/NFKDQC.pl", + "usr/share/perl5/core_perl/unicore/To/Na1.pl", + "usr/share/perl5/core_perl/unicore/To/NameAlia.pl", + "usr/share/perl5/core_perl/unicore/To/Nt.pl", + "usr/share/perl5/core_perl/unicore/To/Nv.pl", + "usr/share/perl5/core_perl/unicore/To/PerlDeci.pl", + "usr/share/perl5/core_perl/unicore/To/SB.pl", + "usr/share/perl5/core_perl/unicore/To/Sc.pl", + "usr/share/perl5/core_perl/unicore/To/Scx.pl", + "usr/share/perl5/core_perl/unicore/To/Tc.pl", + "usr/share/perl5/core_perl/unicore/To/Uc.pl", + "usr/share/perl5/core_perl/unicore/To/Vo.pl", + "usr/share/perl5/core_perl/unicore/To/WB.pl", + "usr/share/perl5/core_perl/unicore/To/_PerlLB.pl", + "usr/share/perl5/core_perl/unicore/To/_PerlSCX.pl", + "usr/share/perl5/core_perl/unicore/To/kEHCat.pl", + "usr/share/perl5/core_perl/unicore/To/kEHCore.pl", + "usr/share/perl5/core_perl/unicore/To/kEHDesc.pl", + "usr/share/perl5/core_perl/unicore/To/kEHFVal.pl", + "usr/share/perl5/core_perl/unicore/To/kEHFunc.pl", + "usr/share/perl5/core_perl/unicore/To/kEHHG.pl", + "usr/share/perl5/core_perl/unicore/To/kEHIFAO.pl", + "usr/share/perl5/core_perl/unicore/To/kEHJSesh.pl", + "usr/share/perl5/core_perl/unicore/To/kEHUniK.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/NA.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V100.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V11.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V110.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V120.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V130.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V140.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V150.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V160.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V20.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V30.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V31.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V32.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V40.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V41.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V50.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V51.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V52.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V60.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V61.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V70.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V80.pl", + "usr/share/perl5/core_perl/unicore/lib/Age/V90.pl", + "usr/share/perl5/core_perl/unicore/lib/Alpha/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Bc/AL.pl", + "usr/share/perl5/core_perl/unicore/lib/Bc/AN.pl", + "usr/share/perl5/core_perl/unicore/lib/Bc/B.pl", + "usr/share/perl5/core_perl/unicore/lib/Bc/BN.pl", + "usr/share/perl5/core_perl/unicore/lib/Bc/CS.pl", + "usr/share/perl5/core_perl/unicore/lib/Bc/EN.pl", + "usr/share/perl5/core_perl/unicore/lib/Bc/ES.pl", + "usr/share/perl5/core_perl/unicore/lib/Bc/ET.pl", + "usr/share/perl5/core_perl/unicore/lib/Bc/L.pl", + "usr/share/perl5/core_perl/unicore/lib/Bc/NSM.pl", + "usr/share/perl5/core_perl/unicore/lib/Bc/ON.pl", + "usr/share/perl5/core_perl/unicore/lib/Bc/R.pl", + "usr/share/perl5/core_perl/unicore/lib/Bc/WS.pl", + "usr/share/perl5/core_perl/unicore/lib/BidiC/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/BidiM/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Blk/NB.pl", + "usr/share/perl5/core_perl/unicore/lib/Bpt/C.pl", + "usr/share/perl5/core_perl/unicore/lib/Bpt/N.pl", + "usr/share/perl5/core_perl/unicore/lib/Bpt/O.pl", + "usr/share/perl5/core_perl/unicore/lib/CE/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/CI/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/CWCF/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/CWCM/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/CWKCF/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/CWL/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/CWT/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/CWU/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Cased/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Ccc/A.pl", + "usr/share/perl5/core_perl/unicore/lib/Ccc/AL.pl", + "usr/share/perl5/core_perl/unicore/lib/Ccc/AR.pl", + "usr/share/perl5/core_perl/unicore/lib/Ccc/ATAR.pl", + "usr/share/perl5/core_perl/unicore/lib/Ccc/B.pl", + "usr/share/perl5/core_perl/unicore/lib/Ccc/BR.pl", + "usr/share/perl5/core_perl/unicore/lib/Ccc/DB.pl", + "usr/share/perl5/core_perl/unicore/lib/Ccc/NK.pl", + "usr/share/perl5/core_perl/unicore/lib/Ccc/NR.pl", + "usr/share/perl5/core_perl/unicore/lib/Ccc/OV.pl", + "usr/share/perl5/core_perl/unicore/lib/Ccc/VR.pl", + "usr/share/perl5/core_perl/unicore/lib/CompEx/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/DI/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Dash/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Dep/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Dia/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Dt/Com.pl", + "usr/share/perl5/core_perl/unicore/lib/Dt/Enc.pl", + "usr/share/perl5/core_perl/unicore/lib/Dt/Fin.pl", + "usr/share/perl5/core_perl/unicore/lib/Dt/Font.pl", + "usr/share/perl5/core_perl/unicore/lib/Dt/Init.pl", + "usr/share/perl5/core_perl/unicore/lib/Dt/Iso.pl", + "usr/share/perl5/core_perl/unicore/lib/Dt/Med.pl", + "usr/share/perl5/core_perl/unicore/lib/Dt/Nar.pl", + "usr/share/perl5/core_perl/unicore/lib/Dt/Nb.pl", + "usr/share/perl5/core_perl/unicore/lib/Dt/NonCanon.pl", + "usr/share/perl5/core_perl/unicore/lib/Dt/Sqr.pl", + "usr/share/perl5/core_perl/unicore/lib/Dt/Sub.pl", + "usr/share/perl5/core_perl/unicore/lib/Dt/Sup.pl", + "usr/share/perl5/core_perl/unicore/lib/Dt/Vert.pl", + "usr/share/perl5/core_perl/unicore/lib/EBase/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/EComp/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/EPres/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Ea/A.pl", + "usr/share/perl5/core_perl/unicore/lib/Ea/H.pl", + "usr/share/perl5/core_perl/unicore/lib/Ea/N.pl", + "usr/share/perl5/core_perl/unicore/lib/Ea/Na.pl", + "usr/share/perl5/core_perl/unicore/lib/Ea/W.pl", + "usr/share/perl5/core_perl/unicore/lib/Emoji/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Ext/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/ExtPict/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/GCB/CN.pl", + "usr/share/perl5/core_perl/unicore/lib/GCB/EX.pl", + "usr/share/perl5/core_perl/unicore/lib/GCB/LV.pl", + "usr/share/perl5/core_perl/unicore/lib/GCB/LVT.pl", + "usr/share/perl5/core_perl/unicore/lib/GCB/PP.pl", + "usr/share/perl5/core_perl/unicore/lib/GCB/SM.pl", + "usr/share/perl5/core_perl/unicore/lib/GCB/V.pl", + "usr/share/perl5/core_perl/unicore/lib/GCB/XX.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/C.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Cf.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Cn.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/L.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/LC.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Ll.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Lm.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Lo.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Lu.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/M.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Mc.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Me.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Mn.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/N.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Nd.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Nl.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/No.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/P.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Pc.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Pd.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Pe.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Pf.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Pi.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Po.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Ps.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/S.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Sc.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Sk.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Sm.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/So.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Z.pl", + "usr/share/perl5/core_perl/unicore/lib/Gc/Zs.pl", + "usr/share/perl5/core_perl/unicore/lib/GrBase/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/GrExt/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Hex/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Hst/NA.pl", + "usr/share/perl5/core_perl/unicore/lib/Hyphen/T.pl", + "usr/share/perl5/core_perl/unicore/lib/IDC/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/IDCMContinue/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/IDCMStart/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/IDS/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/IdStatus/Allowed.pl", + "usr/share/perl5/core_perl/unicore/lib/IdStatus/Restrict.pl", + "usr/share/perl5/core_perl/unicore/lib/IdType/DefaultI.pl", + "usr/share/perl5/core_perl/unicore/lib/IdType/Exclusio.pl", + "usr/share/perl5/core_perl/unicore/lib/IdType/Inclusio.pl", + "usr/share/perl5/core_perl/unicore/lib/IdType/LimitedU.pl", + "usr/share/perl5/core_perl/unicore/lib/IdType/NotChara.pl", + "usr/share/perl5/core_perl/unicore/lib/IdType/NotNFKC.pl", + "usr/share/perl5/core_perl/unicore/lib/IdType/NotXID.pl", + "usr/share/perl5/core_perl/unicore/lib/IdType/Obsolete.pl", + "usr/share/perl5/core_perl/unicore/lib/IdType/Recommen.pl", + "usr/share/perl5/core_perl/unicore/lib/IdType/Technica.pl", + "usr/share/perl5/core_perl/unicore/lib/IdType/Uncommon.pl", + "usr/share/perl5/core_perl/unicore/lib/Ideo/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/In/10_0.pl", + "usr/share/perl5/core_perl/unicore/lib/In/11_0.pl", + "usr/share/perl5/core_perl/unicore/lib/In/12_0.pl", + "usr/share/perl5/core_perl/unicore/lib/In/12_1.pl", + "usr/share/perl5/core_perl/unicore/lib/In/13_0.pl", + "usr/share/perl5/core_perl/unicore/lib/In/14_0.pl", + "usr/share/perl5/core_perl/unicore/lib/In/15_0.pl", + "usr/share/perl5/core_perl/unicore/lib/In/15_1.pl", + "usr/share/perl5/core_perl/unicore/lib/In/16_0.pl", + "usr/share/perl5/core_perl/unicore/lib/In/2_0.pl", + "usr/share/perl5/core_perl/unicore/lib/In/2_1.pl", + "usr/share/perl5/core_perl/unicore/lib/In/3_0.pl", + "usr/share/perl5/core_perl/unicore/lib/In/3_1.pl", + "usr/share/perl5/core_perl/unicore/lib/In/3_2.pl", + "usr/share/perl5/core_perl/unicore/lib/In/4_0.pl", + "usr/share/perl5/core_perl/unicore/lib/In/4_1.pl", + "usr/share/perl5/core_perl/unicore/lib/In/5_0.pl", + "usr/share/perl5/core_perl/unicore/lib/In/5_1.pl", + "usr/share/perl5/core_perl/unicore/lib/In/5_2.pl", + "usr/share/perl5/core_perl/unicore/lib/In/6_0.pl", + "usr/share/perl5/core_perl/unicore/lib/In/6_1.pl", + "usr/share/perl5/core_perl/unicore/lib/In/6_2.pl", + "usr/share/perl5/core_perl/unicore/lib/In/6_3.pl", + "usr/share/perl5/core_perl/unicore/lib/In/7_0.pl", + "usr/share/perl5/core_perl/unicore/lib/In/8_0.pl", + "usr/share/perl5/core_perl/unicore/lib/In/9_0.pl", + "usr/share/perl5/core_perl/unicore/lib/InCB/Consonan.pl", + "usr/share/perl5/core_perl/unicore/lib/InCB/Extend.pl", + "usr/share/perl5/core_perl/unicore/lib/InCB/Linker.pl", + "usr/share/perl5/core_perl/unicore/lib/InCB/None.pl", + "usr/share/perl5/core_perl/unicore/lib/InPC/Bottom.pl", + "usr/share/perl5/core_perl/unicore/lib/InPC/BottomAn.pl", + "usr/share/perl5/core_perl/unicore/lib/InPC/Left.pl", + "usr/share/perl5/core_perl/unicore/lib/InPC/LeftAndR.pl", + "usr/share/perl5/core_perl/unicore/lib/InPC/NA.pl", + "usr/share/perl5/core_perl/unicore/lib/InPC/Overstru.pl", + "usr/share/perl5/core_perl/unicore/lib/InPC/Right.pl", + "usr/share/perl5/core_perl/unicore/lib/InPC/Top.pl", + "usr/share/perl5/core_perl/unicore/lib/InPC/TopAndBo.pl", + "usr/share/perl5/core_perl/unicore/lib/InPC/TopAndL2.pl", + "usr/share/perl5/core_perl/unicore/lib/InPC/TopAndLe.pl", + "usr/share/perl5/core_perl/unicore/lib/InPC/TopAndRi.pl", + "usr/share/perl5/core_perl/unicore/lib/InPC/VisualOr.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Avagraha.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Bindu.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Cantilla.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Consona2.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Consona3.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Consona4.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Consona5.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Consona6.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Consona7.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Consona8.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Consona9.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Consonan.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Geminati.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Invisibl.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Nukta.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Number.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Other.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/PureKill.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Syllable.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/ToneMark.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Virama.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Visarga.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/Vowel.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/VowelDep.pl", + "usr/share/perl5/core_perl/unicore/lib/InSC/VowelInd.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Ain.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Alef.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Beh.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Dal.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/FarsiYeh.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Feh.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Gaf.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Hah.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/HanifiRo.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Kaf.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Lam.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/NoJoinin.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Noon.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Qaf.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Reh.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Sad.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Seen.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Tah.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Waw.pl", + "usr/share/perl5/core_perl/unicore/lib/Jg/Yeh.pl", + "usr/share/perl5/core_perl/unicore/lib/Jt/C.pl", + "usr/share/perl5/core_perl/unicore/lib/Jt/D.pl", + "usr/share/perl5/core_perl/unicore/lib/Jt/L.pl", + "usr/share/perl5/core_perl/unicore/lib/Jt/R.pl", + "usr/share/perl5/core_perl/unicore/lib/Jt/T.pl", + "usr/share/perl5/core_perl/unicore/lib/Jt/U.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/AI.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/AK.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/AL.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/AP.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/AS.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/BA.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/BB.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/CJ.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/CL.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/CM.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/CP.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/EX.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/GL.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/ID.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/IN.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/IS.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/NS.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/NU.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/OP.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/PO.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/PR.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/QU.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/SA.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/VI.pl", + "usr/share/perl5/core_perl/unicore/lib/Lb/XX.pl", + "usr/share/perl5/core_perl/unicore/lib/Lower/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/MCM/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Math/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/NFCQC/M.pl", + "usr/share/perl5/core_perl/unicore/lib/NFCQC/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/NFDQC/N.pl", + "usr/share/perl5/core_perl/unicore/lib/NFDQC/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/NFKCQC/N.pl", + "usr/share/perl5/core_perl/unicore/lib/NFKCQC/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/NFKDQC/N.pl", + "usr/share/perl5/core_perl/unicore/lib/NFKDQC/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Nt/Di.pl", + "usr/share/perl5/core_perl/unicore/lib/Nt/None.pl", + "usr/share/perl5/core_perl/unicore/lib/Nt/Nu.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/0.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/1.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/10.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/100.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/1000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/10000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/100000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/11.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/12.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/13.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/14.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/15.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/16.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/17.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/18.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/19.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/1_16.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/1_2.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/1_3.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/1_4.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/1_6.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/1_8.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/2.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/20.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/200.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/2000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/20000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/2_3.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/3.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/30.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/300.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/3000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/30000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/3_16.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/3_4.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/4.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/40.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/400.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/4000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/40000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/5.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/50.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/500.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/5000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/50000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/6.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/60.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/600.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/6000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/60000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/7.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/70.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/700.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/7000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/70000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/8.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/80.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/800.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/8000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/80000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/9.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/90.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/900.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/9000.pl", + "usr/share/perl5/core_perl/unicore/lib/Nv/90000.pl", + "usr/share/perl5/core_perl/unicore/lib/PCM/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/PatSyn/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/Alnum.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/Assigned.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/Blank.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/Graph.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/PerlWord.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/PosixPun.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/Print.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/SpacePer.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/Title.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/Word.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/XPosixPu.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlAny.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlCh2.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlCha.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlFol.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlIDC.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlIDS.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlIsI.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlNch.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlPat.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlPr2.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlPro.pl", + "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlQuo.pl", + "usr/share/perl5/core_perl/unicore/lib/QMark/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/SB/AT.pl", + "usr/share/perl5/core_perl/unicore/lib/SB/CL.pl", + "usr/share/perl5/core_perl/unicore/lib/SB/EX.pl", + "usr/share/perl5/core_perl/unicore/lib/SB/FO.pl", + "usr/share/perl5/core_perl/unicore/lib/SB/LE.pl", + "usr/share/perl5/core_perl/unicore/lib/SB/LO.pl", + "usr/share/perl5/core_perl/unicore/lib/SB/NU.pl", + "usr/share/perl5/core_perl/unicore/lib/SB/SC.pl", + "usr/share/perl5/core_perl/unicore/lib/SB/ST.pl", + "usr/share/perl5/core_perl/unicore/lib/SB/Sp.pl", + "usr/share/perl5/core_perl/unicore/lib/SB/UP.pl", + "usr/share/perl5/core_perl/unicore/lib/SB/XX.pl", + "usr/share/perl5/core_perl/unicore/lib/SD/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/STerm/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Arab.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Armn.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Beng.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Cprt.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Cyrl.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Deva.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Dupl.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Ethi.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Geor.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Glag.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Gong.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Gonm.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Gran.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Grek.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Gujr.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Guru.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Han.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Hang.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Hebr.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Hira.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Kana.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Knda.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Latn.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Limb.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Linb.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Mlym.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Mong.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Mult.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Mymr.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Orya.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Sinh.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Syrc.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Taml.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Tang.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Telu.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Tibt.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Tutg.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Zinh.pl", + "usr/share/perl5/core_perl/unicore/lib/Sc/Zyyy.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Adlm.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Aghb.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Arab.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Armn.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Avst.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Beng.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Bhks.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Bopo.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Cakm.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Cari.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Cham.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Cher.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Copt.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Cprt.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Cyrl.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Deva.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Diak.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Dupl.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Ethi.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Gara.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Geor.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Glag.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Gong.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Gonm.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Goth.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Gran.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Grek.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Gujr.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Guru.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Han.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Hang.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Hebr.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Hira.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Hmng.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Hmnp.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Hung.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Kana.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Khar.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Khmr.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Khoj.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Knda.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Kthi.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Lana.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Lao.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Latn.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Limb.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Lina.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Linb.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Lisu.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Lydi.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Mahj.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Mlym.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Mong.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Mult.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Mymr.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Nand.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Nko.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Orya.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Osge.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Perm.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Phag.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Phlp.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Rohg.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Shrd.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Sind.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Sinh.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Sunu.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Syrc.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Tagb.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Takr.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Tale.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Talu.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Taml.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Tang.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Telu.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Tfng.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Thaa.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Thai.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Tibt.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Tirh.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Todr.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Tutg.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Vith.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Xsux.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Yezi.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Yi.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Zinh.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Zyyy.pl", + "usr/share/perl5/core_perl/unicore/lib/Scx/Zzzz.pl", + "usr/share/perl5/core_perl/unicore/lib/Term/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/UIdeo/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Upper/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/VS/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/Vo/R.pl", + "usr/share/perl5/core_perl/unicore/lib/Vo/Tr.pl", + "usr/share/perl5/core_perl/unicore/lib/Vo/Tu.pl", + "usr/share/perl5/core_perl/unicore/lib/Vo/U.pl", + "usr/share/perl5/core_perl/unicore/lib/WB/EX.pl", + "usr/share/perl5/core_perl/unicore/lib/WB/Extend.pl", + "usr/share/perl5/core_perl/unicore/lib/WB/FO.pl", + "usr/share/perl5/core_perl/unicore/lib/WB/HL.pl", + "usr/share/perl5/core_perl/unicore/lib/WB/KA.pl", + "usr/share/perl5/core_perl/unicore/lib/WB/LE.pl", + "usr/share/perl5/core_perl/unicore/lib/WB/MB.pl", + "usr/share/perl5/core_perl/unicore/lib/WB/ML.pl", + "usr/share/perl5/core_perl/unicore/lib/WB/MN.pl", + "usr/share/perl5/core_perl/unicore/lib/WB/NU.pl", + "usr/share/perl5/core_perl/unicore/lib/WB/WSegSpac.pl", + "usr/share/perl5/core_perl/unicore/lib/WB/XX.pl", + "usr/share/perl5/core_perl/unicore/lib/XIDC/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/XIDS/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/kEHNoMirror/Y.pl", + "usr/share/perl5/core_perl/unicore/lib/kEHNoRotate/Y.pl", + "usr/share/perl5/core_perl/version/regex.pm", + "usr/share/perl5/core_perl/warnings/register.pm", + "var/lib/db/sbom/perl-5.42.2-r0.spdx.json" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "stunnel@5.78-r1", + "Name": "stunnel", + "Identifier": { + "PURL": "pkg:apk/wolfi/stunnel@5.78-r1?arch=x86_64\u0026distro=20230201", + "UID": "701651e21b793377" + }, + "Version": "5.78-r1", + "Arch": "x86_64", + "SrcName": "stunnel", + "SrcVersion": "5.78-r1", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "wolfi", + "DependsOn": [ + "glibc@2.43-r7", + "ld-linux@2.43-r7", + "libcrypto3@3.6.2-r5", + "libgcc@16.1.0-r1", + "libssl3@3.6.2-r5", + "perl@5.42.2-r0" + ], + "Layer": { + "Digest": "sha256:3dcb254820f5eabdf1fc2319a73184c051cbc56d72886c40e6cd0b43033579c7", + "DiffID": "sha256:6dc90485e72e44afeb1ecab592900e898164c016d33125161b308c8bcfa53cf9" + }, + "Digest": "sha1:47b7507db0dec5bf8edfa5ba2bb63540e14dac84", + "InstalledFiles": [ + "etc/stunnel/stunnel.conf-sample", + "usr/bin/stunnel", + "usr/bin/stunnel3", + "usr/lib/stunnel/libstunnel.so", + "var/lib/db/sbom/stunnel-5.78-r1.spdx.json" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "wolfi-baselayout@20230201-r29", + "Name": "wolfi-baselayout", + "Identifier": { + "PURL": "pkg:apk/wolfi/wolfi-baselayout@20230201-r29?arch=x86_64\u0026distro=20230201", + "UID": "c978bcececcb7891" + }, + "Version": "20230201-r29", + "Arch": "x86_64", + "SrcName": "wolfi-baselayout", + "SrcVersion": "20230201-r29", + "Licenses": [ + "MIT" + ], + "Maintainer": "wolfi", + "DependsOn": [ + "ca-certificates-bundle@20260413-r0" + ], + "Layer": { + "Digest": "sha256:57ba55784e2887043227b53d1ee2788722aae8a9c66b20723e1dfb801c8ce471", + "DiffID": "sha256:711f72ded0c5f10478ebf93fdd6d6a47ac484a232ef709c52e67315d4af006d9" + }, + "Digest": "sha1:9b1560903e3eaf5712512796a3a0a5920351d480", + "InstalledFiles": [ + "bin", + "lib", + "lib64", + "sbin", + "etc/group", + "etc/host.conf", + "etc/hosts", + "etc/mtab", + "etc/nsswitch.conf", + "etc/os-release", + "etc/passwd", + "etc/profile", + "etc/protocols", + "etc/services", + "etc/shadow", + "etc/shells", + "etc/profile.d/locale.sh", + "etc/secfixes.d/wolfi", + "usr/lib64", + "usr/sbin", + "usr/tmp", + "usr/local/lib64", + "var/lock", + "var/run", + "var/lib/db/sbom/wolfi-baselayout-20230201-r29.spdx.json", + "var/spool/mail" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "zlib@1.3.2-r3", + "Name": "zlib", + "Identifier": { + "PURL": "pkg:apk/wolfi/zlib@1.3.2-r3?arch=x86_64\u0026distro=20230201", + "UID": "a4285aa49545e56a" + }, + "Version": "1.3.2-r3", + "Arch": "x86_64", + "SrcName": "zlib", + "SrcVersion": "1.3.2-r3", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "wolfi", + "DependsOn": [ + "glibc@2.43-r7", + "wolfi-baselayout@20230201-r29" + ], + "Layer": { + "Digest": "sha256:8d99fd8fea9c370971ba3ab2ab453586d6a437c40211fea16fdb1445d876e907", + "DiffID": "sha256:90cfe0bd8cd693b2ee91b94108fc47f023d82edc00e57352ab6635d827b33505" + }, + "Digest": "sha1:77ec609e1bf6aa69a7c94a6420430bbff09c7edb", + "InstalledFiles": [ + "usr/lib/libz.so.1", + "usr/lib/libz.so.1.3.2", + "var/lib/db/sbom/zlib-1.3.2-r3.spdx.json" + ], + "AnalyzedBy": "apk" + } + ] + } + ] + }, + { + "Namespace": "metallb-system", + "Kind": "Deployment", + "Name": "controller", + "Metadata": [ + { + "Size": 71413248, + "OS": { + "Family": "debian", + "Name": "12.8" + }, + "ImageID": "sha256:48c6a3e363a254540ea2336bc5d89908e8c54abc8ae2e4bbb28a73ead48e2bf7", + "DiffIDs": [ + "sha256:03af251906410714c5aef9fa705b63f6bbc39c4a5e787de7361eeb18886c2ed2", + "sha256:8fa10c0194df9b7c054c90dbe482585f768a54428fc90a5b78a0066a123b1bba", + "sha256:a80545a98dcd0866ae5eeadc9a28dec703b1e54a01ce8ff245e83f48261fe575", + "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368", + "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc", + "sha256:6f1cdceb6a3146f0ccb986521156bef8a422cdbb0863396f7f751f575ba308f4", + "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b", + "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1", + "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849", + "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3", + "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217", + "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb", + "sha256:2dc1d60777ec552985e26f6678f7ce4929b526e8166decb3c365dde9477d2e8e" + ], + "RepoTags": [ + "quay.io/metallb/controller:v0.14.9" + ], + "RepoDigests": [ + "quay.io/metallb/controller@sha256:86261567e5ff03978893bf03ea865275283ad1e3f0f20dd342ed501b651fdf78" + ], + "Reference": "quay.io/metallb/controller:v0.14.9", + "ImageConfig": { + "architecture": "amd64", + "created": "2024-12-17T14:55:17.453857751Z", + "history": [ + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "2024-12-17T14:55:17.441732264Z", + "created_by": "COPY /build/controller /controller # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-12-17T14:55:17.453857751Z", + "created_by": "COPY LICENSE / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-12-17T14:55:17.453857751Z", + "created_by": "LABEL org.opencontainers.image.authors=metallb org.opencontainers.image.url=https://github.com/metallb/metallb org.opencontainers.image.documentation=https://metallb.universe.tf org.opencontainers.image.source=https://github.com/metallb/metallb org.opencontainers.image.vendor=metallb org.opencontainers.image.licenses=Apache-2.0 org.opencontainers.image.description=Metallb Controller org.opencontainers.image.title=controller org.opencontainers.image.base.name=gcr.io/distroless/static:latest", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-12-17T14:55:17.453857751Z", + "created_by": "ENTRYPOINT [\"/controller\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:03af251906410714c5aef9fa705b63f6bbc39c4a5e787de7361eeb18886c2ed2", + "sha256:8fa10c0194df9b7c054c90dbe482585f768a54428fc90a5b78a0066a123b1bba", + "sha256:a80545a98dcd0866ae5eeadc9a28dec703b1e54a01ce8ff245e83f48261fe575", + "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368", + "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc", + "sha256:6f1cdceb6a3146f0ccb986521156bef8a422cdbb0863396f7f751f575ba308f4", + "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b", + "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1", + "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849", + "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3", + "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217", + "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb", + "sha256:2dc1d60777ec552985e26f6678f7ce4929b526e8166decb3c365dde9477d2e8e" + ] + }, + "config": { + "Entrypoint": [ + "/controller" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt" + ], + "Labels": { + "org.opencontainers.image.authors": "metallb", + "org.opencontainers.image.base.name": "gcr.io/distroless/static:latest", + "org.opencontainers.image.created": "2024-12-17T14:50:29.605Z", + "org.opencontainers.image.description": "controller for metallb, a network load-balancer implementation for Kubernetes using standard routing protocols", + "org.opencontainers.image.documentation": "https://metallb.universe.tf", + "org.opencontainers.image.licenses": "Apache-2.0", + "org.opencontainers.image.revision": "5765ee504d21a3a237d9dab223ca707661269ecd", + "org.opencontainers.image.source": "https://github.com/metallb/metallb", + "org.opencontainers.image.title": "controller", + "org.opencontainers.image.url": "https://github.com/metallb/metallb", + "org.opencontainers.image.vendor": "metallb", + "org.opencontainers.image.version": "v0.14.9" + }, + "User": "0", + "WorkingDir": "/" + } + }, + "Layers": [ + { + "Size": 327680, + "Digest": "sha256:0baecf37abeec25aad5f5bb99f3fa20e90f15361468ef5b66fae93e9c8283c3d", + "DiffID": "sha256:03af251906410714c5aef9fa705b63f6bbc39c4a5e787de7361eeb18886c2ed2" + }, + { + "Size": 40960, + "Digest": "sha256:bfb59b82a9b65e47d485e53b3e815bca3b3e21a095bd0cb88ced9ac0b48062bf", + "DiffID": "sha256:8fa10c0194df9b7c054c90dbe482585f768a54428fc90a5b78a0066a123b1bba" + }, + { + "Size": 2396160, + "Digest": "sha256:efa9d1d5d3a286c60a7261496166fdf31cec2284dafe7eef7cda89eba2f675d6", + "DiffID": "sha256:a80545a98dcd0866ae5eeadc9a28dec703b1e54a01ce8ff245e83f48261fe575" + }, + { + "Size": 1536, + "Digest": "sha256:0f8b424aa0b96c1c388a5fd4d90735604459256336853082afb61733438872b5", + "DiffID": "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368" + }, + { + "Size": 2560, + "Digest": "sha256:d557676654e572af3e3173c90e7874644207fda32cd87e9d3d66b5d7b98a7b21", + "DiffID": "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc" + }, + { + "Size": 2560, + "Digest": "sha256:3214acf345c0cc6bbdb56b698a41ccdefc624a09d6beb0d38b5de0b2303ecaf4", + "DiffID": "sha256:6f1cdceb6a3146f0ccb986521156bef8a422cdbb0863396f7f751f575ba308f4" + }, + { + "Size": 2560, + "Digest": "sha256:d858cbc252ade14879807ff8dbc3043a26bbdb92087da98cda831ee040b172b3", + "DiffID": "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b" + }, + { + "Size": 1536, + "Digest": "sha256:1069fc2daed1aceff7232f4b8ab21200dd3d8b04f61be9da86977a34a105dfdc", + "DiffID": "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1" + }, + { + "Size": 10240, + "Digest": "sha256:b40161cd83fc5d470d6abe50e87aa288481b6b89137012881d74187cfbf9f502", + "DiffID": "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849" + }, + { + "Size": 3072, + "Digest": "sha256:3f4e2c5863480125882d92060440a5250766bce764fee10acdbac18c872e4dc7", + "DiffID": "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3" + }, + { + "Size": 238592, + "Digest": "sha256:80a8c047508ae5cd6a591060fc43422cb8e3aea1bd908d913e8f0146e2297fea", + "DiffID": "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217" + }, + { + "Size": 68372480, + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + { + "Size": 13312, + "Digest": "sha256:5ac6c79bf477324d06c92749f565d767991e7c24db91247498bcc6689062e3a7", + "DiffID": "sha256:2dc1d60777ec552985e26f6678f7ce4929b526e8166decb3c365dde9477d2e8e" + } + ] + } + ], + "Results": [ + { + "Target": "quay.io/metallb/controller:v0.14.9 (debian 12.8)", + "Class": "os-pkgs", + "Type": "debian", + "Packages": [ + { + "ID": "base-files@12.4+deb12u8", + "Name": "base-files", + "Identifier": { + "PURL": "pkg:deb/debian/base-files@12.4%2Bdeb12u8?arch=amd64\u0026distro=debian-12.8", + "UID": "d14c71402a4a6855" + }, + "Version": "12.4+deb12u8", + "Arch": "amd64", + "SrcName": "base-files", + "SrcVersion": "12.4+deb12u8", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:0baecf37abeec25aad5f5bb99f3fa20e90f15361468ef5b66fae93e9c8283c3d", + "DiffID": "sha256:03af251906410714c5aef9fa705b63f6bbc39c4a5e787de7361eeb18886c2ed2" + }, + "InstalledFiles": [ + "/usr/lib/os-release", + "/usr/share/base-files/dot.bashrc", + "/usr/share/base-files/dot.profile", + "/usr/share/base-files/dot.profile.md5sums", + "/usr/share/base-files/info.dir", + "/usr/share/base-files/motd", + "/usr/share/base-files/profile", + "/usr/share/base-files/profile.md5sums", + "/usr/share/base-files/staff-group-for-usr-local", + "/usr/share/common-licenses/Apache-2.0", + "/usr/share/common-licenses/Artistic", + "/usr/share/common-licenses/BSD", + "/usr/share/common-licenses/CC0-1.0", + "/usr/share/common-licenses/GFDL-1.2", + "/usr/share/common-licenses/GFDL-1.3", + "/usr/share/common-licenses/GPL-1", + "/usr/share/common-licenses/GPL-2", + "/usr/share/common-licenses/GPL-3", + "/usr/share/common-licenses/LGPL-2", + "/usr/share/common-licenses/LGPL-2.1", + "/usr/share/common-licenses/LGPL-3", + "/usr/share/common-licenses/MPL-1.1", + "/usr/share/common-licenses/MPL-2.0", + "/usr/share/doc/base-files/README", + "/usr/share/doc/base-files/README.FHS", + "/usr/share/doc/base-files/changelog.gz", + "/usr/share/doc/base-files/copyright", + "/usr/share/lintian/overrides/base-files" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "netbase@6.4", + "Name": "netbase", + "Identifier": { + "PURL": "pkg:deb/debian/netbase@6.4?arch=all\u0026distro=debian-12.8", + "UID": "64adcbea2e4e887c" + }, + "Version": "6.4", + "Arch": "all", + "SrcName": "netbase", + "SrcVersion": "6.4", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:bfb59b82a9b65e47d485e53b3e815bca3b3e21a095bd0cb88ced9ac0b48062bf", + "DiffID": "sha256:8fa10c0194df9b7c054c90dbe482585f768a54428fc90a5b78a0066a123b1bba" + }, + "InstalledFiles": [ + "/usr/share/doc/netbase/changelog.gz", + "/usr/share/doc/netbase/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "tzdata@2024b-0+deb12u1", + "Name": "tzdata", + "Identifier": { + "PURL": "pkg:deb/debian/tzdata@2024b-0%2Bdeb12u1?arch=all\u0026distro=debian-12.8", + "UID": "3a3b46fd2f480cbf" + }, + "Version": "2024b", + "Release": "0+deb12u1", + "Arch": "all", + "SrcName": "tzdata", + "SrcVersion": "2024b", + "SrcRelease": "0+deb12u1", + "Licenses": [ + "public-domain" + ], + "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:efa9d1d5d3a286c60a7261496166fdf31cec2284dafe7eef7cda89eba2f675d6", + "DiffID": "sha256:a80545a98dcd0866ae5eeadc9a28dec703b1e54a01ce8ff245e83f48261fe575" + }, + "InstalledFiles": [ + "/usr/share/doc/tzdata/README.Debian", + "/usr/share/doc/tzdata/changelog.Debian.gz", + "/usr/share/doc/tzdata/changelog.gz", + "/usr/share/doc/tzdata/copyright", + "/usr/share/lintian/overrides/tzdata", + "/usr/share/zoneinfo/Africa/Abidjan", + "/usr/share/zoneinfo/Africa/Accra", + "/usr/share/zoneinfo/Africa/Addis_Ababa", + "/usr/share/zoneinfo/Africa/Algiers", + "/usr/share/zoneinfo/Africa/Asmara", + "/usr/share/zoneinfo/Africa/Bamako", + "/usr/share/zoneinfo/Africa/Bangui", + "/usr/share/zoneinfo/Africa/Banjul", + "/usr/share/zoneinfo/Africa/Bissau", + "/usr/share/zoneinfo/Africa/Blantyre", + "/usr/share/zoneinfo/Africa/Brazzaville", + "/usr/share/zoneinfo/Africa/Bujumbura", + "/usr/share/zoneinfo/Africa/Cairo", + "/usr/share/zoneinfo/Africa/Casablanca", + "/usr/share/zoneinfo/Africa/Ceuta", + "/usr/share/zoneinfo/Africa/Conakry", + "/usr/share/zoneinfo/Africa/Dakar", + "/usr/share/zoneinfo/Africa/Dar_es_Salaam", + "/usr/share/zoneinfo/Africa/Djibouti", + "/usr/share/zoneinfo/Africa/Douala", + "/usr/share/zoneinfo/Africa/El_Aaiun", + "/usr/share/zoneinfo/Africa/Freetown", + "/usr/share/zoneinfo/Africa/Gaborone", + "/usr/share/zoneinfo/Africa/Harare", + "/usr/share/zoneinfo/Africa/Johannesburg", + "/usr/share/zoneinfo/Africa/Juba", + "/usr/share/zoneinfo/Africa/Kampala", + "/usr/share/zoneinfo/Africa/Khartoum", + "/usr/share/zoneinfo/Africa/Kigali", + "/usr/share/zoneinfo/Africa/Kinshasa", + "/usr/share/zoneinfo/Africa/Lagos", + "/usr/share/zoneinfo/Africa/Libreville", + "/usr/share/zoneinfo/Africa/Lome", + "/usr/share/zoneinfo/Africa/Luanda", + "/usr/share/zoneinfo/Africa/Lubumbashi", + "/usr/share/zoneinfo/Africa/Lusaka", + "/usr/share/zoneinfo/Africa/Malabo", + "/usr/share/zoneinfo/Africa/Maputo", + "/usr/share/zoneinfo/Africa/Maseru", + "/usr/share/zoneinfo/Africa/Mbabane", + "/usr/share/zoneinfo/Africa/Mogadishu", + "/usr/share/zoneinfo/Africa/Monrovia", + "/usr/share/zoneinfo/Africa/Nairobi", + "/usr/share/zoneinfo/Africa/Ndjamena", + "/usr/share/zoneinfo/Africa/Niamey", + "/usr/share/zoneinfo/Africa/Nouakchott", + "/usr/share/zoneinfo/Africa/Ouagadougou", + "/usr/share/zoneinfo/Africa/Porto-Novo", + "/usr/share/zoneinfo/Africa/Sao_Tome", + "/usr/share/zoneinfo/Africa/Tripoli", + "/usr/share/zoneinfo/Africa/Tunis", + "/usr/share/zoneinfo/Africa/Windhoek", + "/usr/share/zoneinfo/America/Adak", + "/usr/share/zoneinfo/America/Anchorage", + "/usr/share/zoneinfo/America/Anguilla", + "/usr/share/zoneinfo/America/Antigua", + "/usr/share/zoneinfo/America/Araguaina", + "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", + "/usr/share/zoneinfo/America/Argentina/Catamarca", + "/usr/share/zoneinfo/America/Argentina/Cordoba", + "/usr/share/zoneinfo/America/Argentina/Jujuy", + "/usr/share/zoneinfo/America/Argentina/La_Rioja", + "/usr/share/zoneinfo/America/Argentina/Mendoza", + "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", + "/usr/share/zoneinfo/America/Argentina/Salta", + "/usr/share/zoneinfo/America/Argentina/San_Juan", + "/usr/share/zoneinfo/America/Argentina/San_Luis", + "/usr/share/zoneinfo/America/Argentina/Tucuman", + "/usr/share/zoneinfo/America/Argentina/Ushuaia", + "/usr/share/zoneinfo/America/Aruba", + "/usr/share/zoneinfo/America/Asuncion", + "/usr/share/zoneinfo/America/Atikokan", + "/usr/share/zoneinfo/America/Bahia", + "/usr/share/zoneinfo/America/Bahia_Banderas", + "/usr/share/zoneinfo/America/Barbados", + "/usr/share/zoneinfo/America/Belem", + "/usr/share/zoneinfo/America/Belize", + "/usr/share/zoneinfo/America/Blanc-Sablon", + "/usr/share/zoneinfo/America/Boa_Vista", + "/usr/share/zoneinfo/America/Bogota", + "/usr/share/zoneinfo/America/Boise", + "/usr/share/zoneinfo/America/Cambridge_Bay", + "/usr/share/zoneinfo/America/Campo_Grande", + "/usr/share/zoneinfo/America/Cancun", + "/usr/share/zoneinfo/America/Caracas", + "/usr/share/zoneinfo/America/Cayenne", + "/usr/share/zoneinfo/America/Cayman", + "/usr/share/zoneinfo/America/Chicago", + "/usr/share/zoneinfo/America/Chihuahua", + "/usr/share/zoneinfo/America/Ciudad_Juarez", + "/usr/share/zoneinfo/America/Costa_Rica", + "/usr/share/zoneinfo/America/Creston", + "/usr/share/zoneinfo/America/Cuiaba", + "/usr/share/zoneinfo/America/Curacao", + "/usr/share/zoneinfo/America/Danmarkshavn", + "/usr/share/zoneinfo/America/Dawson", + "/usr/share/zoneinfo/America/Dawson_Creek", + "/usr/share/zoneinfo/America/Denver", + "/usr/share/zoneinfo/America/Detroit", + "/usr/share/zoneinfo/America/Dominica", + "/usr/share/zoneinfo/America/Edmonton", + "/usr/share/zoneinfo/America/Eirunepe", + "/usr/share/zoneinfo/America/El_Salvador", + "/usr/share/zoneinfo/America/Fort_Nelson", + "/usr/share/zoneinfo/America/Fortaleza", + "/usr/share/zoneinfo/America/Glace_Bay", + "/usr/share/zoneinfo/America/Goose_Bay", + "/usr/share/zoneinfo/America/Grand_Turk", + "/usr/share/zoneinfo/America/Grenada", + "/usr/share/zoneinfo/America/Guadeloupe", + "/usr/share/zoneinfo/America/Guatemala", + "/usr/share/zoneinfo/America/Guayaquil", + "/usr/share/zoneinfo/America/Guyana", + "/usr/share/zoneinfo/America/Halifax", + "/usr/share/zoneinfo/America/Havana", + "/usr/share/zoneinfo/America/Hermosillo", + "/usr/share/zoneinfo/America/Indiana/Indianapolis", + "/usr/share/zoneinfo/America/Indiana/Knox", + "/usr/share/zoneinfo/America/Indiana/Marengo", + "/usr/share/zoneinfo/America/Indiana/Petersburg", + "/usr/share/zoneinfo/America/Indiana/Tell_City", + "/usr/share/zoneinfo/America/Indiana/Vevay", + "/usr/share/zoneinfo/America/Indiana/Vincennes", + "/usr/share/zoneinfo/America/Indiana/Winamac", + "/usr/share/zoneinfo/America/Inuvik", + "/usr/share/zoneinfo/America/Iqaluit", + "/usr/share/zoneinfo/America/Jamaica", + "/usr/share/zoneinfo/America/Juneau", + "/usr/share/zoneinfo/America/Kentucky/Louisville", + "/usr/share/zoneinfo/America/Kentucky/Monticello", + "/usr/share/zoneinfo/America/La_Paz", + "/usr/share/zoneinfo/America/Lima", + "/usr/share/zoneinfo/America/Los_Angeles", + "/usr/share/zoneinfo/America/Maceio", + "/usr/share/zoneinfo/America/Managua", + "/usr/share/zoneinfo/America/Manaus", + "/usr/share/zoneinfo/America/Martinique", + "/usr/share/zoneinfo/America/Matamoros", + "/usr/share/zoneinfo/America/Mazatlan", + "/usr/share/zoneinfo/America/Menominee", + "/usr/share/zoneinfo/America/Merida", + "/usr/share/zoneinfo/America/Metlakatla", + "/usr/share/zoneinfo/America/Mexico_City", + "/usr/share/zoneinfo/America/Miquelon", + "/usr/share/zoneinfo/America/Moncton", + "/usr/share/zoneinfo/America/Monterrey", + "/usr/share/zoneinfo/America/Montevideo", + "/usr/share/zoneinfo/America/Montserrat", + "/usr/share/zoneinfo/America/Nassau", + "/usr/share/zoneinfo/America/New_York", + "/usr/share/zoneinfo/America/Nome", + "/usr/share/zoneinfo/America/Noronha", + "/usr/share/zoneinfo/America/North_Dakota/Beulah", + "/usr/share/zoneinfo/America/North_Dakota/Center", + "/usr/share/zoneinfo/America/North_Dakota/New_Salem", + "/usr/share/zoneinfo/America/Nuuk", + "/usr/share/zoneinfo/America/Ojinaga", + "/usr/share/zoneinfo/America/Panama", + "/usr/share/zoneinfo/America/Paramaribo", + "/usr/share/zoneinfo/America/Phoenix", + "/usr/share/zoneinfo/America/Port-au-Prince", + "/usr/share/zoneinfo/America/Port_of_Spain", + "/usr/share/zoneinfo/America/Porto_Velho", + "/usr/share/zoneinfo/America/Puerto_Rico", + "/usr/share/zoneinfo/America/Punta_Arenas", + "/usr/share/zoneinfo/America/Rankin_Inlet", + "/usr/share/zoneinfo/America/Recife", + "/usr/share/zoneinfo/America/Regina", + "/usr/share/zoneinfo/America/Resolute", + "/usr/share/zoneinfo/America/Rio_Branco", + "/usr/share/zoneinfo/America/Santarem", + "/usr/share/zoneinfo/America/Santiago", + "/usr/share/zoneinfo/America/Santo_Domingo", + "/usr/share/zoneinfo/America/Sao_Paulo", + "/usr/share/zoneinfo/America/Scoresbysund", + "/usr/share/zoneinfo/America/Sitka", + "/usr/share/zoneinfo/America/St_Johns", + "/usr/share/zoneinfo/America/St_Kitts", + "/usr/share/zoneinfo/America/St_Lucia", + "/usr/share/zoneinfo/America/St_Thomas", + "/usr/share/zoneinfo/America/St_Vincent", + "/usr/share/zoneinfo/America/Swift_Current", + "/usr/share/zoneinfo/America/Tegucigalpa", + "/usr/share/zoneinfo/America/Thule", + "/usr/share/zoneinfo/America/Tijuana", + "/usr/share/zoneinfo/America/Toronto", + "/usr/share/zoneinfo/America/Tortola", + "/usr/share/zoneinfo/America/Vancouver", + "/usr/share/zoneinfo/America/Whitehorse", + "/usr/share/zoneinfo/America/Winnipeg", + "/usr/share/zoneinfo/America/Yakutat", + "/usr/share/zoneinfo/Antarctica/Casey", + "/usr/share/zoneinfo/Antarctica/Davis", + "/usr/share/zoneinfo/Antarctica/DumontDUrville", + "/usr/share/zoneinfo/Antarctica/Macquarie", + "/usr/share/zoneinfo/Antarctica/Mawson", + "/usr/share/zoneinfo/Antarctica/McMurdo", + "/usr/share/zoneinfo/Antarctica/Palmer", + "/usr/share/zoneinfo/Antarctica/Rothera", + "/usr/share/zoneinfo/Antarctica/Syowa", + "/usr/share/zoneinfo/Antarctica/Troll", + "/usr/share/zoneinfo/Antarctica/Vostok", + "/usr/share/zoneinfo/Asia/Aden", + "/usr/share/zoneinfo/Asia/Almaty", + "/usr/share/zoneinfo/Asia/Amman", + "/usr/share/zoneinfo/Asia/Anadyr", + "/usr/share/zoneinfo/Asia/Aqtau", + "/usr/share/zoneinfo/Asia/Aqtobe", + "/usr/share/zoneinfo/Asia/Ashgabat", + "/usr/share/zoneinfo/Asia/Atyrau", + "/usr/share/zoneinfo/Asia/Baghdad", + "/usr/share/zoneinfo/Asia/Bahrain", + "/usr/share/zoneinfo/Asia/Baku", + "/usr/share/zoneinfo/Asia/Bangkok", + "/usr/share/zoneinfo/Asia/Barnaul", + "/usr/share/zoneinfo/Asia/Beirut", + "/usr/share/zoneinfo/Asia/Bishkek", + "/usr/share/zoneinfo/Asia/Brunei", + "/usr/share/zoneinfo/Asia/Chita", + "/usr/share/zoneinfo/Asia/Colombo", + "/usr/share/zoneinfo/Asia/Damascus", + "/usr/share/zoneinfo/Asia/Dhaka", + "/usr/share/zoneinfo/Asia/Dili", + "/usr/share/zoneinfo/Asia/Dubai", + "/usr/share/zoneinfo/Asia/Dushanbe", + "/usr/share/zoneinfo/Asia/Famagusta", + "/usr/share/zoneinfo/Asia/Gaza", + "/usr/share/zoneinfo/Asia/Hebron", + "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", + "/usr/share/zoneinfo/Asia/Hong_Kong", + "/usr/share/zoneinfo/Asia/Hovd", + "/usr/share/zoneinfo/Asia/Irkutsk", + "/usr/share/zoneinfo/Asia/Jakarta", + "/usr/share/zoneinfo/Asia/Jayapura", + "/usr/share/zoneinfo/Asia/Jerusalem", + "/usr/share/zoneinfo/Asia/Kabul", + "/usr/share/zoneinfo/Asia/Kamchatka", + "/usr/share/zoneinfo/Asia/Karachi", + "/usr/share/zoneinfo/Asia/Kathmandu", + "/usr/share/zoneinfo/Asia/Khandyga", + "/usr/share/zoneinfo/Asia/Kolkata", + "/usr/share/zoneinfo/Asia/Krasnoyarsk", + "/usr/share/zoneinfo/Asia/Kuala_Lumpur", + "/usr/share/zoneinfo/Asia/Kuching", + "/usr/share/zoneinfo/Asia/Kuwait", + "/usr/share/zoneinfo/Asia/Macau", + "/usr/share/zoneinfo/Asia/Magadan", + "/usr/share/zoneinfo/Asia/Makassar", + "/usr/share/zoneinfo/Asia/Manila", + "/usr/share/zoneinfo/Asia/Muscat", + "/usr/share/zoneinfo/Asia/Nicosia", + "/usr/share/zoneinfo/Asia/Novokuznetsk", + "/usr/share/zoneinfo/Asia/Novosibirsk", + "/usr/share/zoneinfo/Asia/Omsk", + "/usr/share/zoneinfo/Asia/Oral", + "/usr/share/zoneinfo/Asia/Phnom_Penh", + "/usr/share/zoneinfo/Asia/Pontianak", + "/usr/share/zoneinfo/Asia/Pyongyang", + "/usr/share/zoneinfo/Asia/Qatar", + "/usr/share/zoneinfo/Asia/Qostanay", + "/usr/share/zoneinfo/Asia/Qyzylorda", + "/usr/share/zoneinfo/Asia/Riyadh", + "/usr/share/zoneinfo/Asia/Sakhalin", + "/usr/share/zoneinfo/Asia/Samarkand", + "/usr/share/zoneinfo/Asia/Seoul", + "/usr/share/zoneinfo/Asia/Shanghai", + "/usr/share/zoneinfo/Asia/Singapore", + "/usr/share/zoneinfo/Asia/Srednekolymsk", + "/usr/share/zoneinfo/Asia/Taipei", + "/usr/share/zoneinfo/Asia/Tashkent", + "/usr/share/zoneinfo/Asia/Tbilisi", + "/usr/share/zoneinfo/Asia/Tehran", + "/usr/share/zoneinfo/Asia/Thimphu", + "/usr/share/zoneinfo/Asia/Tokyo", + "/usr/share/zoneinfo/Asia/Tomsk", + "/usr/share/zoneinfo/Asia/Ulaanbaatar", + "/usr/share/zoneinfo/Asia/Urumqi", + "/usr/share/zoneinfo/Asia/Ust-Nera", + "/usr/share/zoneinfo/Asia/Vientiane", + "/usr/share/zoneinfo/Asia/Vladivostok", + "/usr/share/zoneinfo/Asia/Yakutsk", + "/usr/share/zoneinfo/Asia/Yangon", + "/usr/share/zoneinfo/Asia/Yekaterinburg", + "/usr/share/zoneinfo/Asia/Yerevan", + "/usr/share/zoneinfo/Atlantic/Azores", + "/usr/share/zoneinfo/Atlantic/Bermuda", + "/usr/share/zoneinfo/Atlantic/Canary", + "/usr/share/zoneinfo/Atlantic/Cape_Verde", + "/usr/share/zoneinfo/Atlantic/Faroe", + "/usr/share/zoneinfo/Atlantic/Madeira", + "/usr/share/zoneinfo/Atlantic/Reykjavik", + "/usr/share/zoneinfo/Atlantic/South_Georgia", + "/usr/share/zoneinfo/Atlantic/St_Helena", + "/usr/share/zoneinfo/Atlantic/Stanley", + "/usr/share/zoneinfo/Australia/Adelaide", + "/usr/share/zoneinfo/Australia/Brisbane", + "/usr/share/zoneinfo/Australia/Broken_Hill", + "/usr/share/zoneinfo/Australia/Darwin", + "/usr/share/zoneinfo/Australia/Eucla", + "/usr/share/zoneinfo/Australia/Hobart", + "/usr/share/zoneinfo/Australia/Lindeman", + "/usr/share/zoneinfo/Australia/Lord_Howe", + "/usr/share/zoneinfo/Australia/Melbourne", + "/usr/share/zoneinfo/Australia/Perth", + "/usr/share/zoneinfo/Australia/Sydney", + "/usr/share/zoneinfo/CET", + "/usr/share/zoneinfo/CST6CDT", + "/usr/share/zoneinfo/EET", + "/usr/share/zoneinfo/EST", + "/usr/share/zoneinfo/EST5EDT", + "/usr/share/zoneinfo/Etc/GMT", + "/usr/share/zoneinfo/Etc/GMT+1", + "/usr/share/zoneinfo/Etc/GMT+10", + "/usr/share/zoneinfo/Etc/GMT+11", + "/usr/share/zoneinfo/Etc/GMT+12", + "/usr/share/zoneinfo/Etc/GMT+2", + "/usr/share/zoneinfo/Etc/GMT+3", + "/usr/share/zoneinfo/Etc/GMT+4", + "/usr/share/zoneinfo/Etc/GMT+5", + "/usr/share/zoneinfo/Etc/GMT+6", + "/usr/share/zoneinfo/Etc/GMT+7", + "/usr/share/zoneinfo/Etc/GMT+8", + "/usr/share/zoneinfo/Etc/GMT+9", + "/usr/share/zoneinfo/Etc/GMT-1", + "/usr/share/zoneinfo/Etc/GMT-10", + "/usr/share/zoneinfo/Etc/GMT-11", + "/usr/share/zoneinfo/Etc/GMT-12", + "/usr/share/zoneinfo/Etc/GMT-13", + "/usr/share/zoneinfo/Etc/GMT-14", + "/usr/share/zoneinfo/Etc/GMT-2", + "/usr/share/zoneinfo/Etc/GMT-3", + "/usr/share/zoneinfo/Etc/GMT-4", + "/usr/share/zoneinfo/Etc/GMT-5", + "/usr/share/zoneinfo/Etc/GMT-6", + "/usr/share/zoneinfo/Etc/GMT-7", + "/usr/share/zoneinfo/Etc/GMT-8", + "/usr/share/zoneinfo/Etc/GMT-9", + "/usr/share/zoneinfo/Etc/UTC", + "/usr/share/zoneinfo/Europe/Amsterdam", + "/usr/share/zoneinfo/Europe/Andorra", + "/usr/share/zoneinfo/Europe/Astrakhan", + "/usr/share/zoneinfo/Europe/Athens", + "/usr/share/zoneinfo/Europe/Belgrade", + "/usr/share/zoneinfo/Europe/Berlin", + "/usr/share/zoneinfo/Europe/Brussels", + "/usr/share/zoneinfo/Europe/Bucharest", + "/usr/share/zoneinfo/Europe/Budapest", + "/usr/share/zoneinfo/Europe/Chisinau", + "/usr/share/zoneinfo/Europe/Copenhagen", + "/usr/share/zoneinfo/Europe/Dublin", + "/usr/share/zoneinfo/Europe/Gibraltar", + "/usr/share/zoneinfo/Europe/Guernsey", + "/usr/share/zoneinfo/Europe/Helsinki", + "/usr/share/zoneinfo/Europe/Isle_of_Man", + "/usr/share/zoneinfo/Europe/Istanbul", + "/usr/share/zoneinfo/Europe/Jersey", + "/usr/share/zoneinfo/Europe/Kaliningrad", + "/usr/share/zoneinfo/Europe/Kirov", + "/usr/share/zoneinfo/Europe/Kyiv", + "/usr/share/zoneinfo/Europe/Lisbon", + "/usr/share/zoneinfo/Europe/Ljubljana", + "/usr/share/zoneinfo/Europe/London", + "/usr/share/zoneinfo/Europe/Luxembourg", + "/usr/share/zoneinfo/Europe/Madrid", + "/usr/share/zoneinfo/Europe/Malta", + "/usr/share/zoneinfo/Europe/Minsk", + "/usr/share/zoneinfo/Europe/Monaco", + "/usr/share/zoneinfo/Europe/Moscow", + "/usr/share/zoneinfo/Europe/Oslo", + "/usr/share/zoneinfo/Europe/Paris", + "/usr/share/zoneinfo/Europe/Prague", + "/usr/share/zoneinfo/Europe/Riga", + "/usr/share/zoneinfo/Europe/Rome", + "/usr/share/zoneinfo/Europe/Samara", + "/usr/share/zoneinfo/Europe/Sarajevo", + "/usr/share/zoneinfo/Europe/Saratov", + "/usr/share/zoneinfo/Europe/Simferopol", + "/usr/share/zoneinfo/Europe/Skopje", + "/usr/share/zoneinfo/Europe/Sofia", + "/usr/share/zoneinfo/Europe/Stockholm", + "/usr/share/zoneinfo/Europe/Tallinn", + "/usr/share/zoneinfo/Europe/Tirane", + "/usr/share/zoneinfo/Europe/Ulyanovsk", + "/usr/share/zoneinfo/Europe/Vaduz", + "/usr/share/zoneinfo/Europe/Vienna", + "/usr/share/zoneinfo/Europe/Vilnius", + "/usr/share/zoneinfo/Europe/Volgograd", + "/usr/share/zoneinfo/Europe/Warsaw", + "/usr/share/zoneinfo/Europe/Zagreb", + "/usr/share/zoneinfo/Europe/Zurich", + "/usr/share/zoneinfo/Factory", + "/usr/share/zoneinfo/HST", + "/usr/share/zoneinfo/Indian/Antananarivo", + "/usr/share/zoneinfo/Indian/Chagos", + "/usr/share/zoneinfo/Indian/Christmas", + "/usr/share/zoneinfo/Indian/Cocos", + "/usr/share/zoneinfo/Indian/Comoro", + "/usr/share/zoneinfo/Indian/Kerguelen", + "/usr/share/zoneinfo/Indian/Mahe", + "/usr/share/zoneinfo/Indian/Maldives", + "/usr/share/zoneinfo/Indian/Mauritius", + "/usr/share/zoneinfo/Indian/Mayotte", + "/usr/share/zoneinfo/Indian/Reunion", + "/usr/share/zoneinfo/MET", + "/usr/share/zoneinfo/MST", + "/usr/share/zoneinfo/MST7MDT", + "/usr/share/zoneinfo/PST8PDT", + "/usr/share/zoneinfo/Pacific/Apia", + "/usr/share/zoneinfo/Pacific/Auckland", + "/usr/share/zoneinfo/Pacific/Bougainville", + "/usr/share/zoneinfo/Pacific/Chatham", + "/usr/share/zoneinfo/Pacific/Chuuk", + "/usr/share/zoneinfo/Pacific/Easter", + "/usr/share/zoneinfo/Pacific/Efate", + "/usr/share/zoneinfo/Pacific/Fakaofo", + "/usr/share/zoneinfo/Pacific/Fiji", + "/usr/share/zoneinfo/Pacific/Funafuti", + "/usr/share/zoneinfo/Pacific/Galapagos", + "/usr/share/zoneinfo/Pacific/Gambier", + "/usr/share/zoneinfo/Pacific/Guadalcanal", + "/usr/share/zoneinfo/Pacific/Guam", + "/usr/share/zoneinfo/Pacific/Honolulu", + "/usr/share/zoneinfo/Pacific/Kanton", + "/usr/share/zoneinfo/Pacific/Kiritimati", + "/usr/share/zoneinfo/Pacific/Kosrae", + "/usr/share/zoneinfo/Pacific/Kwajalein", + "/usr/share/zoneinfo/Pacific/Majuro", + "/usr/share/zoneinfo/Pacific/Marquesas", + "/usr/share/zoneinfo/Pacific/Midway", + "/usr/share/zoneinfo/Pacific/Nauru", + "/usr/share/zoneinfo/Pacific/Niue", + "/usr/share/zoneinfo/Pacific/Norfolk", + "/usr/share/zoneinfo/Pacific/Noumea", + "/usr/share/zoneinfo/Pacific/Pago_Pago", + "/usr/share/zoneinfo/Pacific/Palau", + "/usr/share/zoneinfo/Pacific/Pitcairn", + "/usr/share/zoneinfo/Pacific/Pohnpei", + "/usr/share/zoneinfo/Pacific/Port_Moresby", + "/usr/share/zoneinfo/Pacific/Rarotonga", + "/usr/share/zoneinfo/Pacific/Saipan", + "/usr/share/zoneinfo/Pacific/Tahiti", + "/usr/share/zoneinfo/Pacific/Tarawa", + "/usr/share/zoneinfo/Pacific/Tongatapu", + "/usr/share/zoneinfo/Pacific/Wake", + "/usr/share/zoneinfo/Pacific/Wallis", + "/usr/share/zoneinfo/WET", + "/usr/share/zoneinfo/iso3166.tab", + "/usr/share/zoneinfo/leap-seconds.list", + "/usr/share/zoneinfo/leapseconds", + "/usr/share/zoneinfo/right/Africa/Abidjan", + "/usr/share/zoneinfo/right/Africa/Accra", + "/usr/share/zoneinfo/right/Africa/Addis_Ababa", + "/usr/share/zoneinfo/right/Africa/Algiers", + "/usr/share/zoneinfo/right/Africa/Asmara", + "/usr/share/zoneinfo/right/Africa/Bamako", + "/usr/share/zoneinfo/right/Africa/Bangui", + "/usr/share/zoneinfo/right/Africa/Banjul", + "/usr/share/zoneinfo/right/Africa/Bissau", + "/usr/share/zoneinfo/right/Africa/Blantyre", + "/usr/share/zoneinfo/right/Africa/Brazzaville", + "/usr/share/zoneinfo/right/Africa/Bujumbura", + "/usr/share/zoneinfo/right/Africa/Cairo", + "/usr/share/zoneinfo/right/Africa/Casablanca", + "/usr/share/zoneinfo/right/Africa/Ceuta", + "/usr/share/zoneinfo/right/Africa/Conakry", + "/usr/share/zoneinfo/right/Africa/Dakar", + "/usr/share/zoneinfo/right/Africa/Dar_es_Salaam", + "/usr/share/zoneinfo/right/Africa/Djibouti", + "/usr/share/zoneinfo/right/Africa/Douala", + "/usr/share/zoneinfo/right/Africa/El_Aaiun", + "/usr/share/zoneinfo/right/Africa/Freetown", + "/usr/share/zoneinfo/right/Africa/Gaborone", + "/usr/share/zoneinfo/right/Africa/Harare", + "/usr/share/zoneinfo/right/Africa/Johannesburg", + "/usr/share/zoneinfo/right/Africa/Juba", + "/usr/share/zoneinfo/right/Africa/Kampala", + "/usr/share/zoneinfo/right/Africa/Khartoum", + "/usr/share/zoneinfo/right/Africa/Kigali", + "/usr/share/zoneinfo/right/Africa/Kinshasa", + "/usr/share/zoneinfo/right/Africa/Lagos", + "/usr/share/zoneinfo/right/Africa/Libreville", + "/usr/share/zoneinfo/right/Africa/Lome", + "/usr/share/zoneinfo/right/Africa/Luanda", + "/usr/share/zoneinfo/right/Africa/Lubumbashi", + "/usr/share/zoneinfo/right/Africa/Lusaka", + "/usr/share/zoneinfo/right/Africa/Malabo", + "/usr/share/zoneinfo/right/Africa/Maputo", + "/usr/share/zoneinfo/right/Africa/Maseru", + "/usr/share/zoneinfo/right/Africa/Mbabane", + "/usr/share/zoneinfo/right/Africa/Mogadishu", + "/usr/share/zoneinfo/right/Africa/Monrovia", + "/usr/share/zoneinfo/right/Africa/Nairobi", + "/usr/share/zoneinfo/right/Africa/Ndjamena", + "/usr/share/zoneinfo/right/Africa/Niamey", + "/usr/share/zoneinfo/right/Africa/Nouakchott", + "/usr/share/zoneinfo/right/Africa/Ouagadougou", + "/usr/share/zoneinfo/right/Africa/Porto-Novo", + "/usr/share/zoneinfo/right/Africa/Sao_Tome", + "/usr/share/zoneinfo/right/Africa/Tripoli", + "/usr/share/zoneinfo/right/Africa/Tunis", + "/usr/share/zoneinfo/right/Africa/Windhoek", + "/usr/share/zoneinfo/right/America/Adak", + "/usr/share/zoneinfo/right/America/Anchorage", + "/usr/share/zoneinfo/right/America/Anguilla", + "/usr/share/zoneinfo/right/America/Antigua", + "/usr/share/zoneinfo/right/America/Araguaina", + "/usr/share/zoneinfo/right/America/Argentina/Buenos_Aires", + "/usr/share/zoneinfo/right/America/Argentina/Catamarca", + "/usr/share/zoneinfo/right/America/Argentina/Cordoba", + "/usr/share/zoneinfo/right/America/Argentina/Jujuy", + "/usr/share/zoneinfo/right/America/Argentina/La_Rioja", + "/usr/share/zoneinfo/right/America/Argentina/Mendoza", + "/usr/share/zoneinfo/right/America/Argentina/Rio_Gallegos", + "/usr/share/zoneinfo/right/America/Argentina/Salta", + "/usr/share/zoneinfo/right/America/Argentina/San_Juan", + "/usr/share/zoneinfo/right/America/Argentina/San_Luis", + "/usr/share/zoneinfo/right/America/Argentina/Tucuman", + "/usr/share/zoneinfo/right/America/Argentina/Ushuaia", + "/usr/share/zoneinfo/right/America/Aruba", + "/usr/share/zoneinfo/right/America/Asuncion", + "/usr/share/zoneinfo/right/America/Atikokan", + "/usr/share/zoneinfo/right/America/Bahia", + "/usr/share/zoneinfo/right/America/Bahia_Banderas", + "/usr/share/zoneinfo/right/America/Barbados", + "/usr/share/zoneinfo/right/America/Belem", + "/usr/share/zoneinfo/right/America/Belize", + "/usr/share/zoneinfo/right/America/Blanc-Sablon", + "/usr/share/zoneinfo/right/America/Boa_Vista", + "/usr/share/zoneinfo/right/America/Bogota", + "/usr/share/zoneinfo/right/America/Boise", + "/usr/share/zoneinfo/right/America/Cambridge_Bay", + "/usr/share/zoneinfo/right/America/Campo_Grande", + "/usr/share/zoneinfo/right/America/Cancun", + "/usr/share/zoneinfo/right/America/Caracas", + "/usr/share/zoneinfo/right/America/Cayenne", + "/usr/share/zoneinfo/right/America/Cayman", + "/usr/share/zoneinfo/right/America/Chicago", + "/usr/share/zoneinfo/right/America/Chihuahua", + "/usr/share/zoneinfo/right/America/Ciudad_Juarez", + "/usr/share/zoneinfo/right/America/Costa_Rica", + "/usr/share/zoneinfo/right/America/Creston", + "/usr/share/zoneinfo/right/America/Cuiaba", + "/usr/share/zoneinfo/right/America/Curacao", + "/usr/share/zoneinfo/right/America/Danmarkshavn", + "/usr/share/zoneinfo/right/America/Dawson", + "/usr/share/zoneinfo/right/America/Dawson_Creek", + "/usr/share/zoneinfo/right/America/Denver", + "/usr/share/zoneinfo/right/America/Detroit", + "/usr/share/zoneinfo/right/America/Dominica", + "/usr/share/zoneinfo/right/America/Edmonton", + "/usr/share/zoneinfo/right/America/Eirunepe", + "/usr/share/zoneinfo/right/America/El_Salvador", + "/usr/share/zoneinfo/right/America/Fort_Nelson", + "/usr/share/zoneinfo/right/America/Fortaleza", + "/usr/share/zoneinfo/right/America/Glace_Bay", + "/usr/share/zoneinfo/right/America/Goose_Bay", + "/usr/share/zoneinfo/right/America/Grand_Turk", + "/usr/share/zoneinfo/right/America/Grenada", + "/usr/share/zoneinfo/right/America/Guadeloupe", + "/usr/share/zoneinfo/right/America/Guatemala", + "/usr/share/zoneinfo/right/America/Guayaquil", + "/usr/share/zoneinfo/right/America/Guyana", + "/usr/share/zoneinfo/right/America/Halifax", + "/usr/share/zoneinfo/right/America/Havana", + "/usr/share/zoneinfo/right/America/Hermosillo", + "/usr/share/zoneinfo/right/America/Indiana/Indianapolis", + "/usr/share/zoneinfo/right/America/Indiana/Knox", + "/usr/share/zoneinfo/right/America/Indiana/Marengo", + "/usr/share/zoneinfo/right/America/Indiana/Petersburg", + "/usr/share/zoneinfo/right/America/Indiana/Tell_City", + "/usr/share/zoneinfo/right/America/Indiana/Vevay", + "/usr/share/zoneinfo/right/America/Indiana/Vincennes", + "/usr/share/zoneinfo/right/America/Indiana/Winamac", + "/usr/share/zoneinfo/right/America/Inuvik", + "/usr/share/zoneinfo/right/America/Iqaluit", + "/usr/share/zoneinfo/right/America/Jamaica", + "/usr/share/zoneinfo/right/America/Juneau", + "/usr/share/zoneinfo/right/America/Kentucky/Louisville", + "/usr/share/zoneinfo/right/America/Kentucky/Monticello", + "/usr/share/zoneinfo/right/America/La_Paz", + "/usr/share/zoneinfo/right/America/Lima", + "/usr/share/zoneinfo/right/America/Los_Angeles", + "/usr/share/zoneinfo/right/America/Maceio", + "/usr/share/zoneinfo/right/America/Managua", + "/usr/share/zoneinfo/right/America/Manaus", + "/usr/share/zoneinfo/right/America/Martinique", + "/usr/share/zoneinfo/right/America/Matamoros", + "/usr/share/zoneinfo/right/America/Mazatlan", + "/usr/share/zoneinfo/right/America/Menominee", + "/usr/share/zoneinfo/right/America/Merida", + "/usr/share/zoneinfo/right/America/Metlakatla", + "/usr/share/zoneinfo/right/America/Mexico_City", + "/usr/share/zoneinfo/right/America/Miquelon", + "/usr/share/zoneinfo/right/America/Moncton", + "/usr/share/zoneinfo/right/America/Monterrey", + "/usr/share/zoneinfo/right/America/Montevideo", + "/usr/share/zoneinfo/right/America/Montserrat", + "/usr/share/zoneinfo/right/America/Nassau", + "/usr/share/zoneinfo/right/America/New_York", + "/usr/share/zoneinfo/right/America/Nome", + "/usr/share/zoneinfo/right/America/Noronha", + "/usr/share/zoneinfo/right/America/North_Dakota/Beulah", + "/usr/share/zoneinfo/right/America/North_Dakota/Center", + "/usr/share/zoneinfo/right/America/North_Dakota/New_Salem", + "/usr/share/zoneinfo/right/America/Nuuk", + "/usr/share/zoneinfo/right/America/Ojinaga", + "/usr/share/zoneinfo/right/America/Panama", + "/usr/share/zoneinfo/right/America/Paramaribo", + "/usr/share/zoneinfo/right/America/Phoenix", + "/usr/share/zoneinfo/right/America/Port-au-Prince", + "/usr/share/zoneinfo/right/America/Port_of_Spain", + "/usr/share/zoneinfo/right/America/Porto_Velho", + "/usr/share/zoneinfo/right/America/Puerto_Rico", + "/usr/share/zoneinfo/right/America/Punta_Arenas", + "/usr/share/zoneinfo/right/America/Rankin_Inlet", + "/usr/share/zoneinfo/right/America/Recife", + "/usr/share/zoneinfo/right/America/Regina", + "/usr/share/zoneinfo/right/America/Resolute", + "/usr/share/zoneinfo/right/America/Rio_Branco", + "/usr/share/zoneinfo/right/America/Santarem", + "/usr/share/zoneinfo/right/America/Santiago", + "/usr/share/zoneinfo/right/America/Santo_Domingo", + "/usr/share/zoneinfo/right/America/Sao_Paulo", + "/usr/share/zoneinfo/right/America/Scoresbysund", + "/usr/share/zoneinfo/right/America/Sitka", + "/usr/share/zoneinfo/right/America/St_Johns", + "/usr/share/zoneinfo/right/America/St_Kitts", + "/usr/share/zoneinfo/right/America/St_Lucia", + "/usr/share/zoneinfo/right/America/St_Thomas", + "/usr/share/zoneinfo/right/America/St_Vincent", + "/usr/share/zoneinfo/right/America/Swift_Current", + "/usr/share/zoneinfo/right/America/Tegucigalpa", + "/usr/share/zoneinfo/right/America/Thule", + "/usr/share/zoneinfo/right/America/Tijuana", + "/usr/share/zoneinfo/right/America/Toronto", + "/usr/share/zoneinfo/right/America/Tortola", + "/usr/share/zoneinfo/right/America/Vancouver", + "/usr/share/zoneinfo/right/America/Whitehorse", + "/usr/share/zoneinfo/right/America/Winnipeg", + "/usr/share/zoneinfo/right/America/Yakutat", + "/usr/share/zoneinfo/right/Antarctica/Casey", + "/usr/share/zoneinfo/right/Antarctica/Davis", + "/usr/share/zoneinfo/right/Antarctica/DumontDUrville", + "/usr/share/zoneinfo/right/Antarctica/Macquarie", + "/usr/share/zoneinfo/right/Antarctica/Mawson", + "/usr/share/zoneinfo/right/Antarctica/McMurdo", + "/usr/share/zoneinfo/right/Antarctica/Palmer", + "/usr/share/zoneinfo/right/Antarctica/Rothera", + "/usr/share/zoneinfo/right/Antarctica/Syowa", + "/usr/share/zoneinfo/right/Antarctica/Troll", + "/usr/share/zoneinfo/right/Antarctica/Vostok", + "/usr/share/zoneinfo/right/Asia/Aden", + "/usr/share/zoneinfo/right/Asia/Almaty", + "/usr/share/zoneinfo/right/Asia/Amman", + "/usr/share/zoneinfo/right/Asia/Anadyr", + "/usr/share/zoneinfo/right/Asia/Aqtau", + "/usr/share/zoneinfo/right/Asia/Aqtobe", + "/usr/share/zoneinfo/right/Asia/Ashgabat", + "/usr/share/zoneinfo/right/Asia/Atyrau", + "/usr/share/zoneinfo/right/Asia/Baghdad", + "/usr/share/zoneinfo/right/Asia/Bahrain", + "/usr/share/zoneinfo/right/Asia/Baku", + "/usr/share/zoneinfo/right/Asia/Bangkok", + "/usr/share/zoneinfo/right/Asia/Barnaul", + "/usr/share/zoneinfo/right/Asia/Beirut", + "/usr/share/zoneinfo/right/Asia/Bishkek", + "/usr/share/zoneinfo/right/Asia/Brunei", + "/usr/share/zoneinfo/right/Asia/Chita", + "/usr/share/zoneinfo/right/Asia/Colombo", + "/usr/share/zoneinfo/right/Asia/Damascus", + "/usr/share/zoneinfo/right/Asia/Dhaka", + "/usr/share/zoneinfo/right/Asia/Dili", + "/usr/share/zoneinfo/right/Asia/Dubai", + "/usr/share/zoneinfo/right/Asia/Dushanbe", + "/usr/share/zoneinfo/right/Asia/Famagusta", + "/usr/share/zoneinfo/right/Asia/Gaza", + "/usr/share/zoneinfo/right/Asia/Hebron", + "/usr/share/zoneinfo/right/Asia/Ho_Chi_Minh", + "/usr/share/zoneinfo/right/Asia/Hong_Kong", + "/usr/share/zoneinfo/right/Asia/Hovd", + "/usr/share/zoneinfo/right/Asia/Irkutsk", + "/usr/share/zoneinfo/right/Asia/Jakarta", + "/usr/share/zoneinfo/right/Asia/Jayapura", + "/usr/share/zoneinfo/right/Asia/Jerusalem", + "/usr/share/zoneinfo/right/Asia/Kabul", + "/usr/share/zoneinfo/right/Asia/Kamchatka", + "/usr/share/zoneinfo/right/Asia/Karachi", + "/usr/share/zoneinfo/right/Asia/Kathmandu", + "/usr/share/zoneinfo/right/Asia/Khandyga", + "/usr/share/zoneinfo/right/Asia/Kolkata", + "/usr/share/zoneinfo/right/Asia/Krasnoyarsk", + "/usr/share/zoneinfo/right/Asia/Kuala_Lumpur", + "/usr/share/zoneinfo/right/Asia/Kuching", + "/usr/share/zoneinfo/right/Asia/Kuwait", + "/usr/share/zoneinfo/right/Asia/Macau", + "/usr/share/zoneinfo/right/Asia/Magadan", + "/usr/share/zoneinfo/right/Asia/Makassar", + "/usr/share/zoneinfo/right/Asia/Manila", + "/usr/share/zoneinfo/right/Asia/Muscat", + "/usr/share/zoneinfo/right/Asia/Nicosia", + "/usr/share/zoneinfo/right/Asia/Novokuznetsk", + "/usr/share/zoneinfo/right/Asia/Novosibirsk", + "/usr/share/zoneinfo/right/Asia/Omsk", + "/usr/share/zoneinfo/right/Asia/Oral", + "/usr/share/zoneinfo/right/Asia/Phnom_Penh", + "/usr/share/zoneinfo/right/Asia/Pontianak", + "/usr/share/zoneinfo/right/Asia/Pyongyang", + "/usr/share/zoneinfo/right/Asia/Qatar", + "/usr/share/zoneinfo/right/Asia/Qostanay", + "/usr/share/zoneinfo/right/Asia/Qyzylorda", + "/usr/share/zoneinfo/right/Asia/Riyadh", + "/usr/share/zoneinfo/right/Asia/Sakhalin", + "/usr/share/zoneinfo/right/Asia/Samarkand", + "/usr/share/zoneinfo/right/Asia/Seoul", + "/usr/share/zoneinfo/right/Asia/Shanghai", + "/usr/share/zoneinfo/right/Asia/Singapore", + "/usr/share/zoneinfo/right/Asia/Srednekolymsk", + "/usr/share/zoneinfo/right/Asia/Taipei", + "/usr/share/zoneinfo/right/Asia/Tashkent", + "/usr/share/zoneinfo/right/Asia/Tbilisi", + "/usr/share/zoneinfo/right/Asia/Tehran", + "/usr/share/zoneinfo/right/Asia/Thimphu", + "/usr/share/zoneinfo/right/Asia/Tokyo", + "/usr/share/zoneinfo/right/Asia/Tomsk", + "/usr/share/zoneinfo/right/Asia/Ulaanbaatar", + "/usr/share/zoneinfo/right/Asia/Urumqi", + "/usr/share/zoneinfo/right/Asia/Ust-Nera", + "/usr/share/zoneinfo/right/Asia/Vientiane", + "/usr/share/zoneinfo/right/Asia/Vladivostok", + "/usr/share/zoneinfo/right/Asia/Yakutsk", + "/usr/share/zoneinfo/right/Asia/Yangon", + "/usr/share/zoneinfo/right/Asia/Yekaterinburg", + "/usr/share/zoneinfo/right/Asia/Yerevan", + "/usr/share/zoneinfo/right/Atlantic/Azores", + "/usr/share/zoneinfo/right/Atlantic/Bermuda", + "/usr/share/zoneinfo/right/Atlantic/Canary", + "/usr/share/zoneinfo/right/Atlantic/Cape_Verde", + "/usr/share/zoneinfo/right/Atlantic/Faroe", + "/usr/share/zoneinfo/right/Atlantic/Madeira", + "/usr/share/zoneinfo/right/Atlantic/Reykjavik", + "/usr/share/zoneinfo/right/Atlantic/South_Georgia", + "/usr/share/zoneinfo/right/Atlantic/St_Helena", + "/usr/share/zoneinfo/right/Atlantic/Stanley", + "/usr/share/zoneinfo/right/Australia/Adelaide", + "/usr/share/zoneinfo/right/Australia/Brisbane", + "/usr/share/zoneinfo/right/Australia/Broken_Hill", + "/usr/share/zoneinfo/right/Australia/Darwin", + "/usr/share/zoneinfo/right/Australia/Eucla", + "/usr/share/zoneinfo/right/Australia/Hobart", + "/usr/share/zoneinfo/right/Australia/Lindeman", + "/usr/share/zoneinfo/right/Australia/Lord_Howe", + "/usr/share/zoneinfo/right/Australia/Melbourne", + "/usr/share/zoneinfo/right/Australia/Perth", + "/usr/share/zoneinfo/right/Australia/Sydney", + "/usr/share/zoneinfo/right/CET", + "/usr/share/zoneinfo/right/CST6CDT", + "/usr/share/zoneinfo/right/EET", + "/usr/share/zoneinfo/right/EST", + "/usr/share/zoneinfo/right/EST5EDT", + "/usr/share/zoneinfo/right/Etc/GMT", + "/usr/share/zoneinfo/right/Etc/GMT+1", + "/usr/share/zoneinfo/right/Etc/GMT+10", + "/usr/share/zoneinfo/right/Etc/GMT+11", + "/usr/share/zoneinfo/right/Etc/GMT+12", + "/usr/share/zoneinfo/right/Etc/GMT+2", + "/usr/share/zoneinfo/right/Etc/GMT+3", + "/usr/share/zoneinfo/right/Etc/GMT+4", + "/usr/share/zoneinfo/right/Etc/GMT+5", + "/usr/share/zoneinfo/right/Etc/GMT+6", + "/usr/share/zoneinfo/right/Etc/GMT+7", + "/usr/share/zoneinfo/right/Etc/GMT+8", + "/usr/share/zoneinfo/right/Etc/GMT+9", + "/usr/share/zoneinfo/right/Etc/GMT-1", + "/usr/share/zoneinfo/right/Etc/GMT-10", + "/usr/share/zoneinfo/right/Etc/GMT-11", + "/usr/share/zoneinfo/right/Etc/GMT-12", + "/usr/share/zoneinfo/right/Etc/GMT-13", + "/usr/share/zoneinfo/right/Etc/GMT-14", + "/usr/share/zoneinfo/right/Etc/GMT-2", + "/usr/share/zoneinfo/right/Etc/GMT-3", + "/usr/share/zoneinfo/right/Etc/GMT-4", + "/usr/share/zoneinfo/right/Etc/GMT-5", + "/usr/share/zoneinfo/right/Etc/GMT-6", + "/usr/share/zoneinfo/right/Etc/GMT-7", + "/usr/share/zoneinfo/right/Etc/GMT-8", + "/usr/share/zoneinfo/right/Etc/GMT-9", + "/usr/share/zoneinfo/right/Etc/UTC", + "/usr/share/zoneinfo/right/Europe/Amsterdam", + "/usr/share/zoneinfo/right/Europe/Andorra", + "/usr/share/zoneinfo/right/Europe/Astrakhan", + "/usr/share/zoneinfo/right/Europe/Athens", + "/usr/share/zoneinfo/right/Europe/Belgrade", + "/usr/share/zoneinfo/right/Europe/Berlin", + "/usr/share/zoneinfo/right/Europe/Brussels", + "/usr/share/zoneinfo/right/Europe/Bucharest", + "/usr/share/zoneinfo/right/Europe/Budapest", + "/usr/share/zoneinfo/right/Europe/Chisinau", + "/usr/share/zoneinfo/right/Europe/Copenhagen", + "/usr/share/zoneinfo/right/Europe/Dublin", + "/usr/share/zoneinfo/right/Europe/Gibraltar", + "/usr/share/zoneinfo/right/Europe/Guernsey", + "/usr/share/zoneinfo/right/Europe/Helsinki", + "/usr/share/zoneinfo/right/Europe/Isle_of_Man", + "/usr/share/zoneinfo/right/Europe/Istanbul", + "/usr/share/zoneinfo/right/Europe/Jersey", + "/usr/share/zoneinfo/right/Europe/Kaliningrad", + "/usr/share/zoneinfo/right/Europe/Kirov", + "/usr/share/zoneinfo/right/Europe/Kyiv", + "/usr/share/zoneinfo/right/Europe/Lisbon", + "/usr/share/zoneinfo/right/Europe/Ljubljana", + "/usr/share/zoneinfo/right/Europe/London", + "/usr/share/zoneinfo/right/Europe/Luxembourg", + "/usr/share/zoneinfo/right/Europe/Madrid", + "/usr/share/zoneinfo/right/Europe/Malta", + "/usr/share/zoneinfo/right/Europe/Minsk", + "/usr/share/zoneinfo/right/Europe/Monaco", + "/usr/share/zoneinfo/right/Europe/Moscow", + "/usr/share/zoneinfo/right/Europe/Oslo", + "/usr/share/zoneinfo/right/Europe/Paris", + "/usr/share/zoneinfo/right/Europe/Prague", + "/usr/share/zoneinfo/right/Europe/Riga", + "/usr/share/zoneinfo/right/Europe/Rome", + "/usr/share/zoneinfo/right/Europe/Samara", + "/usr/share/zoneinfo/right/Europe/Sarajevo", + "/usr/share/zoneinfo/right/Europe/Saratov", + "/usr/share/zoneinfo/right/Europe/Simferopol", + "/usr/share/zoneinfo/right/Europe/Skopje", + "/usr/share/zoneinfo/right/Europe/Sofia", + "/usr/share/zoneinfo/right/Europe/Stockholm", + "/usr/share/zoneinfo/right/Europe/Tallinn", + "/usr/share/zoneinfo/right/Europe/Tirane", + "/usr/share/zoneinfo/right/Europe/Ulyanovsk", + "/usr/share/zoneinfo/right/Europe/Vaduz", + "/usr/share/zoneinfo/right/Europe/Vienna", + "/usr/share/zoneinfo/right/Europe/Vilnius", + "/usr/share/zoneinfo/right/Europe/Volgograd", + "/usr/share/zoneinfo/right/Europe/Warsaw", + "/usr/share/zoneinfo/right/Europe/Zagreb", + "/usr/share/zoneinfo/right/Europe/Zurich", + "/usr/share/zoneinfo/right/Factory", + "/usr/share/zoneinfo/right/HST", + "/usr/share/zoneinfo/right/Indian/Antananarivo", + "/usr/share/zoneinfo/right/Indian/Chagos", + "/usr/share/zoneinfo/right/Indian/Christmas", + "/usr/share/zoneinfo/right/Indian/Cocos", + "/usr/share/zoneinfo/right/Indian/Comoro", + "/usr/share/zoneinfo/right/Indian/Kerguelen", + "/usr/share/zoneinfo/right/Indian/Mahe", + "/usr/share/zoneinfo/right/Indian/Maldives", + "/usr/share/zoneinfo/right/Indian/Mauritius", + "/usr/share/zoneinfo/right/Indian/Mayotte", + "/usr/share/zoneinfo/right/Indian/Reunion", + "/usr/share/zoneinfo/right/MET", + "/usr/share/zoneinfo/right/MST", + "/usr/share/zoneinfo/right/MST7MDT", + "/usr/share/zoneinfo/right/PST8PDT", + "/usr/share/zoneinfo/right/Pacific/Apia", + "/usr/share/zoneinfo/right/Pacific/Auckland", + "/usr/share/zoneinfo/right/Pacific/Bougainville", + "/usr/share/zoneinfo/right/Pacific/Chatham", + "/usr/share/zoneinfo/right/Pacific/Chuuk", + "/usr/share/zoneinfo/right/Pacific/Easter", + "/usr/share/zoneinfo/right/Pacific/Efate", + "/usr/share/zoneinfo/right/Pacific/Fakaofo", + "/usr/share/zoneinfo/right/Pacific/Fiji", + "/usr/share/zoneinfo/right/Pacific/Funafuti", + "/usr/share/zoneinfo/right/Pacific/Galapagos", + "/usr/share/zoneinfo/right/Pacific/Gambier", + "/usr/share/zoneinfo/right/Pacific/Guadalcanal", + "/usr/share/zoneinfo/right/Pacific/Guam", + "/usr/share/zoneinfo/right/Pacific/Honolulu", + "/usr/share/zoneinfo/right/Pacific/Kanton", + "/usr/share/zoneinfo/right/Pacific/Kiritimati", + "/usr/share/zoneinfo/right/Pacific/Kosrae", + "/usr/share/zoneinfo/right/Pacific/Kwajalein", + "/usr/share/zoneinfo/right/Pacific/Majuro", + "/usr/share/zoneinfo/right/Pacific/Marquesas", + "/usr/share/zoneinfo/right/Pacific/Midway", + "/usr/share/zoneinfo/right/Pacific/Nauru", + "/usr/share/zoneinfo/right/Pacific/Niue", + "/usr/share/zoneinfo/right/Pacific/Norfolk", + "/usr/share/zoneinfo/right/Pacific/Noumea", + "/usr/share/zoneinfo/right/Pacific/Pago_Pago", + "/usr/share/zoneinfo/right/Pacific/Palau", + "/usr/share/zoneinfo/right/Pacific/Pitcairn", + "/usr/share/zoneinfo/right/Pacific/Pohnpei", + "/usr/share/zoneinfo/right/Pacific/Port_Moresby", + "/usr/share/zoneinfo/right/Pacific/Rarotonga", + "/usr/share/zoneinfo/right/Pacific/Saipan", + "/usr/share/zoneinfo/right/Pacific/Tahiti", + "/usr/share/zoneinfo/right/Pacific/Tarawa", + "/usr/share/zoneinfo/right/Pacific/Tongatapu", + "/usr/share/zoneinfo/right/Pacific/Wake", + "/usr/share/zoneinfo/right/Pacific/Wallis", + "/usr/share/zoneinfo/right/WET", + "/usr/share/zoneinfo/tzdata.zi", + "/usr/share/zoneinfo/zone.tab", + "/usr/share/zoneinfo/zone1970.tab" + ], + "AnalyzedBy": "dpkg" + } + ] + }, + { + "Target": "controller", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "go.universe.tf/metallb", + "Name": "go.universe.tf/metallb", + "Identifier": { + "PURL": "pkg:golang/go.universe.tf/metallb", + "UID": "c213d92d7ee1c4da" + }, + "Relationship": "root", + "DependsOn": [ + "github.com/beorn7/perks@v1.0.1", + "github.com/cespare/xxhash/v2@v2.3.0", + "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "github.com/emicklei/go-restful/v3@v3.12.1", + "github.com/evanphx/json-patch/v5@v5.9.0", + "github.com/fxamacker/cbor/v2@v2.7.0", + "github.com/go-kit/log@v0.2.1", + "github.com/go-logfmt/logfmt@v0.5.1", + "github.com/go-logr/logr@v1.4.2", + "github.com/go-logr/zapr@v1.3.0", + "github.com/go-openapi/jsonpointer@v0.21.0", + "github.com/go-openapi/jsonreference@v0.21.0", + "github.com/go-openapi/swag@v0.23.0", + "github.com/gogo/protobuf@v1.3.2", + "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", + "github.com/golang/protobuf@v1.5.4", + "github.com/google/gnostic-models@v0.6.8", + "github.com/google/go-cmp@v0.6.0", + "github.com/google/gofuzz@v1.2.0", + "github.com/google/uuid@v1.6.0", + "github.com/imdario/mergo@v0.3.16", + "github.com/josharian/intern@v1.0.0", + "github.com/josharian/native@v1.0.0", + "github.com/json-iterator/go@v1.1.12", + "github.com/mailru/easyjson@v0.7.7", + "github.com/mdlayher/arp@v0.0.0-20220221190821-c37aaafac7f9", + "github.com/mdlayher/ethernet@v0.0.0-20220221185849-529eae5b6118", + "github.com/mdlayher/ndp@v0.0.0-20200602162440-17ab9e3e5567", + "github.com/mdlayher/packet@v1.0.0", + "github.com/mdlayher/socket@v0.2.1", + "github.com/metallb/frr-k8s@v0.0.16", + "github.com/mikioh/ipaddr@v0.0.0-20190404000644-d465c8ab6721", + "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "github.com/modern-go/reflect2@v1.0.2", + "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "github.com/open-policy-agent/cert-controller@v0.10.2-0.20240531181455-2649f121ab97", + "github.com/pkg/errors@v0.9.1", + "github.com/prometheus/client_golang@v1.19.1", + "github.com/prometheus/client_model@v0.6.1", + "github.com/prometheus/common@v0.55.0", + "github.com/prometheus/procfs@v0.15.1", + "github.com/spf13/cobra@v1.8.1", + "github.com/spf13/pflag@v1.0.5", + "github.com/x448/float16@v0.8.4", + "gitlab.com/golang-commonmark/puny@v0.0.0-20191124015043-9f83538fa04f", + "go.uber.org/atomic@v1.11.0", + "go.uber.org/multierr@v1.11.0", + "go.uber.org/zap@v1.27.0", + "golang.org/x/exp@v0.0.0-20240719175910-8a7402abbf56", + "golang.org/x/net@v0.30.0", + "golang.org/x/oauth2@v0.21.0", + "golang.org/x/sync@v0.8.0", + "golang.org/x/sys@v0.26.0", + "golang.org/x/term@v0.25.0", + "golang.org/x/text@v0.19.0", + "golang.org/x/time@v0.5.0", + "gomodules.xyz/jsonpatch/v2@v2.4.0", + "google.golang.org/protobuf@v1.35.1", + "gopkg.in/inf.v0@v0.9.1", + "gopkg.in/yaml.v2@v2.4.0", + "gopkg.in/yaml.v3@v3.0.1", + "k8s.io/api@v0.31.4", + "k8s.io/apiextensions-apiserver@v0.31.1", + "k8s.io/apimachinery@v0.31.4", + "k8s.io/client-go@v0.31.4", + "k8s.io/component-base@v0.31.1", + "k8s.io/klog/v2@v2.130.1", + "k8s.io/klog@v1.0.0", + "k8s.io/kube-openapi@v0.0.0-20240521193020-835d969ad83a", + "k8s.io/utils@v0.0.0-20240711033017-18e509b52bc8", + "sigs.k8s.io/controller-runtime@v0.19.3", + "sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", + "sigs.k8s.io/structured-merge-diff/v4@v4.4.1", + "sigs.k8s.io/yaml@v1.4.0", + "stdlib@v1.22.7" + ], + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "stdlib@v1.22.7", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "Version": "v1.22.7", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/beorn7/perks@v1.0.1", + "Name": "github.com/beorn7/perks", + "Identifier": { + "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", + "UID": "bddcf7fc11e5c617" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cespare/xxhash/v2@v2.3.0", + "Name": "github.com/cespare/xxhash/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0", + "UID": "438c9e9a157ba34a" + }, + "Version": "v2.3.0", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "Name": "github.com/davecgh/go-spew", + "Identifier": { + "PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "UID": "2ed539be93452137" + }, + "Version": "v1.1.2-0.20180830191138-d8f796af33cc", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/emicklei/go-restful/v3@v3.12.1", + "Name": "github.com/emicklei/go-restful/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/emicklei/go-restful/v3@v3.12.1", + "UID": "a723a91a1cb5cfe6" + }, + "Version": "v3.12.1", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/evanphx/json-patch/v5@v5.9.0", + "Name": "github.com/evanphx/json-patch/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/evanphx/json-patch/v5@v5.9.0", + "UID": "6567d0ce2e7af9c1" + }, + "Version": "v5.9.0", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/fxamacker/cbor/v2@v2.7.0", + "Name": "github.com/fxamacker/cbor/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/fxamacker/cbor/v2@v2.7.0", + "UID": "8fd30b172bd01e8f" + }, + "Version": "v2.7.0", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-kit/log@v0.2.1", + "Name": "github.com/go-kit/log", + "Identifier": { + "PURL": "pkg:golang/github.com/go-kit/log@v0.2.1", + "UID": "a2b35f36c11398a2" + }, + "Version": "v0.2.1", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logfmt/logfmt@v0.5.1", + "Name": "github.com/go-logfmt/logfmt", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logfmt/logfmt@v0.5.1", + "UID": "4e02bf0f2b4916d5" + }, + "Version": "v0.5.1", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/logr@v1.4.2", + "Name": "github.com/go-logr/logr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/logr@v1.4.2", + "UID": "312281a1a9e1a80d" + }, + "Version": "v1.4.2", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/zapr@v1.3.0", + "Name": "github.com/go-logr/zapr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/zapr@v1.3.0", + "UID": "430933dd7d57c2e7" + }, + "Version": "v1.3.0", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/jsonpointer@v0.21.0", + "Name": "github.com/go-openapi/jsonpointer", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/jsonpointer@v0.21.0", + "UID": "7088877701e52f31" + }, + "Version": "v0.21.0", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/jsonreference@v0.21.0", + "Name": "github.com/go-openapi/jsonreference", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/jsonreference@v0.21.0", + "UID": "4c243a6071264bd" + }, + "Version": "v0.21.0", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag@v0.23.0", + "Name": "github.com/go-openapi/swag", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag@v0.23.0", + "UID": "52acd7b3ddee9cb8" + }, + "Version": "v0.23.0", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gogo/protobuf@v1.3.2", + "Name": "github.com/gogo/protobuf", + "Identifier": { + "PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2", + "UID": "216cdabccf04c9cb" + }, + "Version": "v1.3.2", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", + "Name": "github.com/golang/groupcache", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", + "UID": "b486c01031fc33fb" + }, + "Version": "v0.0.0-20210331224755-41bb18bfe9da", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/protobuf@v1.5.4", + "Name": "github.com/golang/protobuf", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/protobuf@v1.5.4", + "UID": "cf802ee8a0d4d15" + }, + "Version": "v1.5.4", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/gnostic-models@v0.6.8", + "Name": "github.com/google/gnostic-models", + "Identifier": { + "PURL": "pkg:golang/github.com/google/gnostic-models@v0.6.8", + "UID": "47ed0c28c217af89" + }, + "Version": "v0.6.8", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/go-cmp@v0.6.0", + "Name": "github.com/google/go-cmp", + "Identifier": { + "PURL": "pkg:golang/github.com/google/go-cmp@v0.6.0", + "UID": "f9e92733e87f325b" + }, + "Version": "v0.6.0", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/gofuzz@v1.2.0", + "Name": "github.com/google/gofuzz", + "Identifier": { + "PURL": "pkg:golang/github.com/google/gofuzz@v1.2.0", + "UID": "d93d18636090baec" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/uuid@v1.6.0", + "Name": "github.com/google/uuid", + "Identifier": { + "PURL": "pkg:golang/github.com/google/uuid@v1.6.0", + "UID": "efde5cbfc152502d" + }, + "Version": "v1.6.0", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/imdario/mergo@v0.3.16", + "Name": "github.com/imdario/mergo", + "Identifier": { + "PURL": "pkg:golang/github.com/imdario/mergo@v0.3.16", + "UID": "f477c87e5ba162d7" + }, + "Version": "v0.3.16", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/josharian/intern@v1.0.0", + "Name": "github.com/josharian/intern", + "Identifier": { + "PURL": "pkg:golang/github.com/josharian/intern@v1.0.0", + "UID": "cf8c0a1d438eae17" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/josharian/native@v1.0.0", + "Name": "github.com/josharian/native", + "Identifier": { + "PURL": "pkg:golang/github.com/josharian/native@v1.0.0", + "UID": "b9484e23c269800" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/json-iterator/go@v1.1.12", + "Name": "github.com/json-iterator/go", + "Identifier": { + "PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12", + "UID": "328615ab1c67ec77" + }, + "Version": "v1.1.12", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mailru/easyjson@v0.7.7", + "Name": "github.com/mailru/easyjson", + "Identifier": { + "PURL": "pkg:golang/github.com/mailru/easyjson@v0.7.7", + "UID": "ba58a96c69c9f44f" + }, + "Version": "v0.7.7", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mdlayher/arp@v0.0.0-20220221190821-c37aaafac7f9", + "Name": "github.com/mdlayher/arp", + "Identifier": { + "PURL": "pkg:golang/github.com/mdlayher/arp@v0.0.0-20220221190821-c37aaafac7f9", + "UID": "3785a5694c42578b" + }, + "Version": "v0.0.0-20220221190821-c37aaafac7f9", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mdlayher/ethernet@v0.0.0-20220221185849-529eae5b6118", + "Name": "github.com/mdlayher/ethernet", + "Identifier": { + "PURL": "pkg:golang/github.com/mdlayher/ethernet@v0.0.0-20220221185849-529eae5b6118", + "UID": "7743b83e9a86abca" + }, + "Version": "v0.0.0-20220221185849-529eae5b6118", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mdlayher/ndp@v0.0.0-20200602162440-17ab9e3e5567", + "Name": "github.com/mdlayher/ndp", + "Identifier": { + "PURL": "pkg:golang/github.com/mdlayher/ndp@v0.0.0-20200602162440-17ab9e3e5567", + "UID": "7ba75f1f11551361" + }, + "Version": "v0.0.0-20200602162440-17ab9e3e5567", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mdlayher/packet@v1.0.0", + "Name": "github.com/mdlayher/packet", + "Identifier": { + "PURL": "pkg:golang/github.com/mdlayher/packet@v1.0.0", + "UID": "e92c571008c966a0" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mdlayher/socket@v0.2.1", + "Name": "github.com/mdlayher/socket", + "Identifier": { + "PURL": "pkg:golang/github.com/mdlayher/socket@v0.2.1", + "UID": "e0eb3dae1a3bb69d" + }, + "Version": "v0.2.1", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/metallb/frr-k8s@v0.0.16", + "Name": "github.com/metallb/frr-k8s", + "Identifier": { + "PURL": "pkg:golang/github.com/metallb/frr-k8s@v0.0.16", + "UID": "f62e37404d8b0155" + }, + "Version": "v0.0.16", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mikioh/ipaddr@v0.0.0-20190404000644-d465c8ab6721", + "Name": "github.com/mikioh/ipaddr", + "Identifier": { + "PURL": "pkg:golang/github.com/mikioh/ipaddr@v0.0.0-20190404000644-d465c8ab6721", + "UID": "dd3eed0c8bf269bf" + }, + "Version": "v0.0.0-20190404000644-d465c8ab6721", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "Name": "github.com/modern-go/concurrent", + "Identifier": { + "PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "UID": "b7e9b13b91ad0959" + }, + "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/modern-go/reflect2@v1.0.2", + "Name": "github.com/modern-go/reflect2", + "Identifier": { + "PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.2", + "UID": "d5f1d5020eb9f015" + }, + "Version": "v1.0.2", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "Name": "github.com/munnerz/goautoneg", + "Identifier": { + "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "UID": "9a470f7d8f6131c3" + }, + "Version": "v0.0.0-20191010083416-a7dc8b61c822", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/open-policy-agent/cert-controller@v0.10.2-0.20240531181455-2649f121ab97", + "Name": "github.com/open-policy-agent/cert-controller", + "Identifier": { + "PURL": "pkg:golang/github.com/open-policy-agent/cert-controller@v0.10.2-0.20240531181455-2649f121ab97", + "UID": "9976ce91e13ef91" + }, + "Version": "v0.10.2-0.20240531181455-2649f121ab97", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pkg/errors@v0.9.1", + "Name": "github.com/pkg/errors", + "Identifier": { + "PURL": "pkg:golang/github.com/pkg/errors@v0.9.1", + "UID": "19b18e1a20203079" + }, + "Version": "v0.9.1", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_golang@v1.19.1", + "Name": "github.com/prometheus/client_golang", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.19.1", + "UID": "505a7ec0e698a08f" + }, + "Version": "v1.19.1", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_model@v0.6.1", + "Name": "github.com/prometheus/client_model", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_model@v0.6.1", + "UID": "8f65b5e3d148b78d" + }, + "Version": "v0.6.1", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/common@v0.55.0", + "Name": "github.com/prometheus/common", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/common@v0.55.0", + "UID": "45bacc82e1cd33a2" + }, + "Version": "v0.55.0", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/procfs@v0.15.1", + "Name": "github.com/prometheus/procfs", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/procfs@v0.15.1", + "UID": "3caf0d809193fb8e" + }, + "Version": "v0.15.1", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/cobra@v1.8.1", + "Name": "github.com/spf13/cobra", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/cobra@v1.8.1", + "UID": "cb0a3e0b91bf14a" + }, + "Version": "v1.8.1", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/pflag@v1.0.5", + "Name": "github.com/spf13/pflag", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.5", + "UID": "2d4d631cc5330e77" + }, + "Version": "v1.0.5", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/x448/float16@v0.8.4", + "Name": "github.com/x448/float16", + "Identifier": { + "PURL": "pkg:golang/github.com/x448/float16@v0.8.4", + "UID": "5729d5b5603ea8bd" + }, + "Version": "v0.8.4", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gitlab.com/golang-commonmark/puny@v0.0.0-20191124015043-9f83538fa04f", + "Name": "gitlab.com/golang-commonmark/puny", + "Identifier": { + "PURL": "pkg:golang/gitlab.com/golang-commonmark/puny@v0.0.0-20191124015043-9f83538fa04f", + "UID": "b8206212ec42d026" + }, + "Version": "v0.0.0-20191124015043-9f83538fa04f", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/atomic@v1.11.0", + "Name": "go.uber.org/atomic", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/atomic@v1.11.0", + "UID": "d09a11982346735a" + }, + "Version": "v1.11.0", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/multierr@v1.11.0", + "Name": "go.uber.org/multierr", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/multierr@v1.11.0", + "UID": "7f45b0ec2bd7622f" + }, + "Version": "v1.11.0", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/zap@v1.27.0", + "Name": "go.uber.org/zap", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/zap@v1.27.0", + "UID": "59da15f7e06d6bc9" + }, + "Version": "v1.27.0", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/exp@v0.0.0-20240719175910-8a7402abbf56", + "Name": "golang.org/x/exp", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/exp@v0.0.0-20240719175910-8a7402abbf56", + "UID": "766f8922ae3f249d" + }, + "Version": "v0.0.0-20240719175910-8a7402abbf56", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/net@v0.30.0", + "Name": "golang.org/x/net", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.30.0", + "UID": "afcba994f63fb6d9" + }, + "Version": "v0.30.0", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/oauth2@v0.21.0", + "Name": "golang.org/x/oauth2", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/oauth2@v0.21.0", + "UID": "30e8fcf9a19a8b7a" + }, + "Version": "v0.21.0", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sync@v0.8.0", + "Name": "golang.org/x/sync", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sync@v0.8.0", + "UID": "364c79b42efca8e2" + }, + "Version": "v0.8.0", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sys@v0.26.0", + "Name": "golang.org/x/sys", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sys@v0.26.0", + "UID": "e1b75f4d5f856abe" + }, + "Version": "v0.26.0", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/term@v0.25.0", + "Name": "golang.org/x/term", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/term@v0.25.0", + "UID": "50b9b02b0448dec1" + }, + "Version": "v0.25.0", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/text@v0.19.0", + "Name": "golang.org/x/text", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/text@v0.19.0", + "UID": "e7af3d6fc794a64c" + }, + "Version": "v0.19.0", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/time@v0.5.0", + "Name": "golang.org/x/time", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/time@v0.5.0", + "UID": "abbbadf5b3426b6f" + }, + "Version": "v0.5.0", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gomodules.xyz/jsonpatch/v2@v2.4.0", + "Name": "gomodules.xyz/jsonpatch/v2", + "Identifier": { + "PURL": "pkg:golang/gomodules.xyz/jsonpatch/v2@v2.4.0", + "UID": "738b2eb595513cdd" + }, + "Version": "v2.4.0", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/protobuf@v1.35.1", + "Name": "google.golang.org/protobuf", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/protobuf@v1.35.1", + "UID": "e9ea71bf9c18f4d" + }, + "Version": "v1.35.1", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/inf.v0@v0.9.1", + "Name": "gopkg.in/inf.v0", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/inf.v0@v0.9.1", + "UID": "8008636432339b55" + }, + "Version": "v0.9.1", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v2@v2.4.0", + "Name": "gopkg.in/yaml.v2", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", + "UID": "c9317eb7da959db3" + }, + "Version": "v2.4.0", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v3@v3.0.1", + "Name": "gopkg.in/yaml.v3", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", + "UID": "94192ecb51bbe29f" + }, + "Version": "v3.0.1", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/api@v0.31.4", + "Name": "k8s.io/api", + "Identifier": { + "PURL": "pkg:golang/k8s.io/api@v0.31.4", + "UID": "7c203e280f511b77" + }, + "Version": "v0.31.4", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/apiextensions-apiserver@v0.31.1", + "Name": "k8s.io/apiextensions-apiserver", + "Identifier": { + "PURL": "pkg:golang/k8s.io/apiextensions-apiserver@v0.31.1", + "UID": "96d08d349fcc9a7c" + }, + "Version": "v0.31.1", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/apimachinery@v0.31.4", + "Name": "k8s.io/apimachinery", + "Identifier": { + "PURL": "pkg:golang/k8s.io/apimachinery@v0.31.4", + "UID": "1dd982a7cd06ca81" + }, + "Version": "v0.31.4", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/client-go@v0.31.4", + "Name": "k8s.io/client-go", + "Identifier": { + "PURL": "pkg:golang/k8s.io/client-go@v0.31.4", + "UID": "6147f4585dfa340a" + }, + "Version": "v0.31.4", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/component-base@v0.31.1", + "Name": "k8s.io/component-base", + "Identifier": { + "PURL": "pkg:golang/k8s.io/component-base@v0.31.1", + "UID": "159c2400caec34f" + }, + "Version": "v0.31.1", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/klog@v1.0.0", + "Name": "k8s.io/klog", + "Identifier": { + "PURL": "pkg:golang/k8s.io/klog@v1.0.0", + "UID": "2f9aa61a553ce6df" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/klog/v2@v2.130.1", + "Name": "k8s.io/klog/v2", + "Identifier": { + "PURL": "pkg:golang/k8s.io/klog/v2@v2.130.1", + "UID": "f9c8218bb95277af" + }, + "Version": "v2.130.1", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/kube-openapi@v0.0.0-20240521193020-835d969ad83a", + "Name": "k8s.io/kube-openapi", + "Identifier": { + "PURL": "pkg:golang/k8s.io/kube-openapi@v0.0.0-20240521193020-835d969ad83a", + "UID": "219d943ed8d38e22" + }, + "Version": "v0.0.0-20240521193020-835d969ad83a", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/utils@v0.0.0-20240711033017-18e509b52bc8", + "Name": "k8s.io/utils", + "Identifier": { + "PURL": "pkg:golang/k8s.io/utils@v0.0.0-20240711033017-18e509b52bc8", + "UID": "64d4e668f17a9cb0" + }, + "Version": "v0.0.0-20240711033017-18e509b52bc8", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/controller-runtime@v0.19.3", + "Name": "sigs.k8s.io/controller-runtime", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/controller-runtime@v0.19.3", + "UID": "f556f89018e0e5d2" + }, + "Version": "v0.19.3", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", + "Name": "sigs.k8s.io/json", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", + "UID": "bd59334a9d4019cc" + }, + "Version": "v0.0.0-20221116044647-bc3834ca7abd", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/structured-merge-diff/v4@v4.4.1", + "Name": "sigs.k8s.io/structured-merge-diff/v4", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/structured-merge-diff/v4@v4.4.1", + "UID": "fcea4e350432eee8" + }, + "Version": "v4.4.1", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/yaml@v1.4.0", + "Name": "sigs.k8s.io/yaml", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/yaml@v1.4.0", + "UID": "e34ff5537a0abe4d" + }, + "Version": "v1.4.0", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2025-22870", + "VendorIDs": [ + "GHSA-qxp5-gwg8-xv66" + ], + "PkgID": "golang.org/x/net@v0.30.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.30.0", + "UID": "afcba994f63fb6d9" + }, + "InstalledVersion": "v0.30.0", + "FixedVersion": "0.36.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:3d03061ab6a168946c5ae79b6f0bbb2742df49e2c9bba22b013550c1148472bd", + "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", + "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-115" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/03/07/2", + "https://access.redhat.com/security/cve/CVE-2025-22870", + "https://github.com/golang/go/issues/71984", + "https://go-review.googlesource.com/q/project:net", + "https://go.dev/cl/654697", + "https://go.dev/issue/71984", + "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", + "https://pkg.go.dev/vuln/GO-2025-3503", + "https://security.netapp.com/advisory/ntap-20250509-0007", + "https://security.netapp.com/advisory/ntap-20250509-0007/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22870" + ], + "PublishedDate": "2025-03-12T19:15:38.31Z", + "LastModifiedDate": "2026-04-16T23:16:32.86Z" + }, + { + "VulnerabilityID": "CVE-2025-22872", + "VendorIDs": [ + "GHSA-vvgc-356p-c3xw" + ], + "PkgID": "golang.org/x/net@v0.30.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.30.0", + "UID": "afcba994f63fb6d9" + }, + "InstalledVersion": "v0.30.0", + "FixedVersion": "0.38.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:d82e1312d73bbb2f9b509305454a7191377cb5db519e0865a031fa4325dc55d4", + "Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net", + "Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", + "V40Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22872", + "https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9", + "https://github.com/advisories/GHSA-vvgc-356p-c3xw", + "https://go.dev/cl/662715", + "https://go.dev/issue/73070", + "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22872", + "https://pkg.go.dev/vuln/GO-2025-3595", + "https://security.netapp.com/advisory/ntap-20250516-0007", + "https://security.netapp.com/advisory/ntap-20250516-0007/", + "https://ubuntu.com/security/notices/USN-8089-1", + "https://ubuntu.com/security/notices/USN-8089-2", + "https://ubuntu.com/security/notices/USN-8089-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22872" + ], + "PublishedDate": "2025-04-16T18:16:04.183Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22868", + "VendorIDs": [ + "GHSA-6v2p-p543-phr9" + ], + "PkgID": "golang.org/x/oauth2@v0.21.0", + "PkgName": "golang.org/x/oauth2", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/oauth2@v0.21.0", + "UID": "30e8fcf9a19a8b7a" + }, + "InstalledVersion": "v0.21.0", + "FixedVersion": "0.27.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22868", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:fb830f569a9d4a68690c89e64295b98b3d2a30d39c2b6cb7eaf8e645a5baf829", + "Title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws", + "Description": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1286" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2347423", + "https://bugzilla.redhat.com/show_bug.cgi?id=2348366", + "https://bugzilla.redhat.com/show_bug.cgi?id=2352914", + "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22868", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27144", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29786", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204", + "https://errata.rockylinux.org/RLSA-2025:7479", + "https://go.dev/cl/652155", + "https://go.dev/issue/71490", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22868", + "https://pkg.go.dev/vuln/GO-2025-3488", + "https://www.cve.org/CVERecord?id=CVE-2025-22868" + ], + "PublishedDate": "2025-02-26T08:14:24.897Z", + "LastModifiedDate": "2025-05-01T19:27:10.43Z" + }, + { + "VulnerabilityID": "CVE-2025-68121", + "VendorIDs": [ + "GO-2026-4337" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:44874c165127142a9563ed39acded8849fecfb1251f8781cfccde469ae734e23", + "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", + "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 4, + "cbl-mariner": 2, + "nvd": 4, + "oracle-oval": 3, + "photon": 4, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-68121", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://github.com/golang/go/issues/77113", + "https://go.dev/cl/737700", + "https://go.dev/issue/77217", + "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-68121.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", + "https://pkg.go.dev/vuln/GO-2026-4337", + "https://www.cve.org/CVERecord?id=CVE-2025-68121" + ], + "PublishedDate": "2026-02-05T18:16:10.857Z", + "LastModifiedDate": "2026-04-29T14:16:16.17Z" + }, + { + "VulnerabilityID": "CVE-2025-61726", + "VendorIDs": [ + "GO-2026-4341" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6848bd773f19c242574ec4b8a9f82ea897b0618c244501364728087164bdf973", + "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", + "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 3, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-61726", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://go.dev/cl/736712", + "https://go.dev/issue/77101", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61726.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", + "https://pkg.go.dev/vuln/GO-2026-4341", + "https://www.cve.org/CVERecord?id=CVE-2025-61726" + ], + "PublishedDate": "2026-01-28T20:16:09.713Z", + "LastModifiedDate": "2026-02-06T18:47:34.52Z" + }, + { + "VulnerabilityID": "CVE-2025-61729", + "VendorIDs": [ + "GO-2025-4155" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1a85c2eb1cb44d559504d8c535d523e37b6071b8f22293f3167d68b858cdcea8", + "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", + "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 1, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3928", + "https://access.redhat.com/security/cve/CVE-2025-61729", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3928.html", + "https://errata.rockylinux.org/RLSA-2026:3928", + "https://go.dev/cl/725920", + "https://go.dev/issue/76445", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://linux.oracle.com/cve/CVE-2025-61729.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", + "https://pkg.go.dev/vuln/GO-2025-4155", + "https://www.cve.org/CVERecord?id=CVE-2025-61729" + ], + "PublishedDate": "2025-12-02T19:15:51.447Z", + "LastModifiedDate": "2025-12-19T18:25:28.283Z" + }, + { + "VulnerabilityID": "CVE-2026-25679", + "VendorIDs": [ + "GO-2026-4601" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e65ff3102ea7772289a8c9eaf19e905245f2eebf0cc29325f1192334c8bb3196", + "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", + "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-425" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9044", + "https://access.redhat.com/security/cve/CVE-2026-25679", + "https://bugzilla.redhat.com/2445356", + "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", + "https://errata.almalinux.org/9/ALSA-2026-9044.html", + "https://errata.rockylinux.org/RLSA-2026:8841", + "https://go.dev/cl/752180", + "https://go.dev/issue/77578", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://linux.oracle.com/cve/CVE-2026-25679.html", + "https://linux.oracle.com/errata/ELSA-2026-9044.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", + "https://pkg.go.dev/vuln/GO-2026-4601", + "https://www.cve.org/CVERecord?id=CVE-2026-25679" + ], + "PublishedDate": "2026-03-06T22:16:00.72Z", + "LastModifiedDate": "2026-04-21T14:43:03.8Z" + }, + { + "VulnerabilityID": "CVE-2026-32280", + "VendorIDs": [ + "GO-2026-4947" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1b5bf188341737be84d76aedfdc22dc659709abab7874a7fa7b4ea1f1c404d37", + "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", + "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32280", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/758320", + "https://go.dev/issue/78282", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32280.html", + "https://linux.oracle.com/errata/ELSA-2026-16875.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", + "https://pkg.go.dev/vuln/GO-2026-4947", + "https://www.cve.org/CVERecord?id=CVE-2026-32280" + ], + "PublishedDate": "2026-04-08T02:16:03.247Z", + "LastModifiedDate": "2026-04-16T19:16:42.18Z" + }, + { + "VulnerabilityID": "CVE-2026-32281", + "VendorIDs": [ + "GO-2026-4946" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:531b05b13b2df3f8a140b693bea5825bf1a5ec183c6ec3bff8ef1a51c1277991", + "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", + "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32281", + "https://go.dev/cl/758061", + "https://go.dev/issue/78281", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", + "https://pkg.go.dev/vuln/GO-2026-4946", + "https://www.cve.org/CVERecord?id=CVE-2026-32281" + ], + "PublishedDate": "2026-04-08T02:16:03.35Z", + "LastModifiedDate": "2026-04-16T19:15:57.75Z" + }, + { + "VulnerabilityID": "CVE-2026-32283", + "VendorIDs": [ + "GO-2026-4870" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9c15b9770978ef8e88af2d5a901442edca2f9b369cedfc5558d52074e52f3cf2", + "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", + "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32283", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763767", + "https://go.dev/issue/78334", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32283.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", + "https://pkg.go.dev/vuln/GO-2026-4870", + "https://www.cve.org/CVERecord?id=CVE-2026-32283" + ], + "PublishedDate": "2026-04-08T02:16:03.58Z", + "LastModifiedDate": "2026-04-16T19:12:10.54Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4fbee526305f5a6dfe611313c9cb0bdd43baeb01d36a307b182934f9485e40f1", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9c01dc9e96914d75d10c571e4da4757c8aea369099171dcbc13fecc117a21e37", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:74fe517495b0a50942b39dad2a705c25c934cf187cf148faf149d4e4df6e57d1", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:fa774ab6e351524fa547fa2d615dd4c5f8c63989b8e50fbaa6e887de81fee0f7", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:47efff7b22c8d35996793e5eb662f9bd9ca8adbd0239f28fc93ac50e5068aa49", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2024-45336", + "VendorIDs": [ + "GO-2025-3420" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7a020338e26c87ef0308ef40903d98b05d320fc66eb4ef29c39b25e85f1045df", + "Title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", + "Description": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:3772", + "https://access.redhat.com/security/cve/CVE-2024-45336", + "https://bugzilla.redhat.com/2341750", + "https://bugzilla.redhat.com/2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.almalinux.org/8/ALSA-2025-3772.html", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/issues/70530", + "https://go.dev/cl/643100", + "https://go.dev/issue/70530", + "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI", + "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", + "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", + "https://linux.oracle.com/cve/CVE-2024-45336.html", + "https://linux.oracle.com/errata/ELSA-2025-7592.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-45336", + "https://pkg.go.dev/vuln/GO-2025-3420", + "https://security.netapp.com/advisory/ntap-20250221-0003/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2024-45336" + ], + "PublishedDate": "2025-01-28T02:15:28.807Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-0913", + "VendorIDs": [ + "GO-2025-3750" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4e35962e6c37338d25d361b1864956aab2a7be73f86c16a5bec0fe57119e01ab", + "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", + "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://go.dev/cl/672396", + "https://go.dev/issue/73702", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", + "https://pkg.go.dev/vuln/GO-2025-3750" + ], + "PublishedDate": "2025-06-11T18:15:24.627Z", + "LastModifiedDate": "2025-08-08T14:53:03.55Z" + }, + { + "VulnerabilityID": "CVE-2025-22866", + "VendorIDs": [ + "GO-2025-3447" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3d103c3dd4d83c83e3dd8e2c310002449bf1fc9db39c2f7c1c571fa46cb41a61", + "Title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", + "Description": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22866", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12)", + "https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6)", + "https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)", + "https://github.com/golang/go/issues/71383", + "https://go.dev/cl/643735", + "https://go.dev/issue/71383", + "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", + "https://linux.oracle.com/cve/CVE-2025-22866.html", + "https://linux.oracle.com/errata/ELSA-2025-7466.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22866", + "https://pkg.go.dev/vuln/GO-2025-3447", + "https://security.netapp.com/advisory/ntap-20250221-0002/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22866" + ], + "PublishedDate": "2025-02-06T17:15:21.41Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22870", + "VendorIDs": [ + "GHSA-qxp5-gwg8-xv66", + "GO-2025-3503" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.23.7, 1.24.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8dc19f60712a0cf829b8e23edf7711f569959a301a53d430ce5755155ebd2aff", + "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", + "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-115" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/03/07/2", + "https://access.redhat.com/security/cve/CVE-2025-22870", + "https://github.com/golang/go/issues/71984", + "https://go-review.googlesource.com/q/project:net", + "https://go.dev/cl/654697", + "https://go.dev/issue/71984", + "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", + "https://pkg.go.dev/vuln/GO-2025-3503", + "https://security.netapp.com/advisory/ntap-20250509-0007", + "https://security.netapp.com/advisory/ntap-20250509-0007/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22870" + ], + "PublishedDate": "2025-03-12T19:15:38.31Z", + "LastModifiedDate": "2026-04-16T23:16:32.86Z" + }, + { + "VulnerabilityID": "CVE-2025-22871", + "VendorIDs": [ + "GO-2025-3563" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.23.8, 1.24.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8c6f7722f72c2dfacd621f2d9a49bd0f4df743851108d55f1da302e71a19945e", + "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", + "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 3, + "ghsa": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/04/4", + "https://access.redhat.com/errata/RHSA-2025:9635", + "https://access.redhat.com/security/cve/CVE-2025-22871", + "https://bugzilla.redhat.com/2358493", + "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", + "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", + "https://errata.almalinux.org/9/ALSA-2025-9635.html", + "https://errata.rockylinux.org/RLSA-2025:9635", + "https://github.com/roadrunner-server/roadrunner", + "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", + "https://github.com/roadrunner-server/roadrunner/issues/2166", + "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", + "https://go.dev/cl/652998", + "https://go.dev/issue/71988", + "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", + "https://linux.oracle.com/cve/CVE-2025-22871.html", + "https://linux.oracle.com/errata/ELSA-2025-9845.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", + "https://pkg.go.dev/vuln/GO-2025-3563", + "https://www.cve.org/CVERecord?id=CVE-2025-22871" + ], + "PublishedDate": "2025-04-08T20:15:20.183Z", + "LastModifiedDate": "2026-05-12T13:16:39.897Z" + }, + { + "VulnerabilityID": "CVE-2025-22873", + "VendorIDs": [ + "GO-2026-4403" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.23.9, 1.24.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c062f3598d699b79e7bf7a00d14599e4881281fa77fa1c13f9c8eb9dffa11427", + "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", + "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-23" + ], + "VendorSeverity": { + "amazon": 2, + "bitnami": 1, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "V3Score": 3.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/06/2", + "https://access.redhat.com/security/cve/CVE-2025-22873", + "https://go.dev/cl/670036", + "https://go.dev/issue/73555", + "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", + "https://pkg.go.dev/vuln/GO-2026-4403", + "https://www.cve.org/CVERecord?id=CVE-2025-22873" + ], + "PublishedDate": "2026-02-04T23:15:54.22Z", + "LastModifiedDate": "2026-02-10T15:16:40.057Z" + }, + { + "VulnerabilityID": "CVE-2025-4673", + "VendorIDs": [ + "GO-2025-3751" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:76ba1b758e512189401a025b45994a25567e7b12323a8882842c771bc4ae003d", + "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", + "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:15887", + "https://access.redhat.com/security/cve/CVE-2025-4673", + "https://bugzilla.redhat.com/2373305", + "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", + "https://errata.almalinux.org/9/ALSA-2025-15887.html", + "https://errata.rockylinux.org/RLSA-2025:15887", + "https://go.dev/cl/679257", + "https://go.dev/issue/73816", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://linux.oracle.com/cve/CVE-2025-4673.html", + "https://linux.oracle.com/errata/ELSA-2025-10677.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", + "https://pkg.go.dev/vuln/GO-2025-3751", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-4673" + ], + "PublishedDate": "2025-06-11T17:15:42.993Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-47906", + "VendorIDs": [ + "GO-2025-3956" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f57667fd9c0a51e98d9a9b7e48cd79cff927872ef518c2805b70f99f40ee3c18", + "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", + "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:22005", + "https://access.redhat.com/security/cve/CVE-2025-47906", + "https://bugzilla.redhat.com/2396546", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", + "https://errata.almalinux.org/9/ALSA-2025-22005.html", + "https://errata.rockylinux.org/RLSA-2025:22005", + "https://go.dev/cl/691775", + "https://go.dev/issue/74466", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47906.html", + "https://linux.oracle.com/errata/ELSA-2025-22668.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", + "https://pkg.go.dev/vuln/GO-2025-3956", + "https://www.cve.org/CVERecord?id=CVE-2025-47906" + ], + "PublishedDate": "2025-09-18T19:15:37.66Z", + "LastModifiedDate": "2026-01-27T19:56:17.707Z" + }, + { + "VulnerabilityID": "CVE-2025-47907", + "VendorIDs": [ + "GO-2025-3849" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6f965ab0ecf715a8cb6683002aaab785b398a0f1ff01153871a01f4e1ba651c5", + "Title": "database/sql: Postgres Scan Race Condition", + "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:20909", + "https://access.redhat.com/security/cve/CVE-2025-47907", + "https://bugzilla.redhat.com/2387083", + "https://bugzilla.redhat.com/2393152", + "https://errata.almalinux.org/9/ALSA-2025-20909.html", + "https://go.dev/cl/693735", + "https://go.dev/issue/74831", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47907.html", + "https://linux.oracle.com/errata/ELSA-2025-20983.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", + "https://pkg.go.dev/vuln/GO-2025-3849", + "https://www.cve.org/CVERecord?id=CVE-2025-47907" + ], + "PublishedDate": "2025-08-07T16:15:30.357Z", + "LastModifiedDate": "2026-01-29T19:11:50.67Z" + }, + { + "VulnerabilityID": "CVE-2025-47912", + "VendorIDs": [ + "GO-2025-4010" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e8248f7ff3970a92cd620b0fb3a8f3bbd53ba5012e72c3eaa9ec565263d56446", + "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", + "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-47912", + "https://go.dev/cl/709857", + "https://go.dev/issue/75678", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", + "https://pkg.go.dev/vuln/GO-2025-4010", + "https://www.cve.org/CVERecord?id=CVE-2025-47912" + ], + "PublishedDate": "2025-10-29T23:16:18.187Z", + "LastModifiedDate": "2026-01-29T13:57:18.69Z" + }, + { + "VulnerabilityID": "CVE-2025-58183", + "VendorIDs": [ + "GO-2025-4014" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:db31256864b6a261eade42bc24a7904cdb83a33c177559335cf406a4fa70c7ae", + "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", + "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/errata/RHSA-2026:1381", + "https://access.redhat.com/security/cve/CVE-2025-58183", + "https://bugzilla.redhat.com/2407258", + "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", + "https://errata.almalinux.org/9/ALSA-2026-1381.html", + "https://errata.rockylinux.org/RLSA-2025:23326", + "https://go.dev/cl/709861", + "https://go.dev/issue/75677", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://linux.oracle.com/cve/CVE-2025-58183.html", + "https://linux.oracle.com/errata/ELSA-2026-50076.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", + "https://pkg.go.dev/vuln/GO-2025-4014", + "https://www.cve.org/CVERecord?id=CVE-2025-58183" + ], + "PublishedDate": "2025-10-29T23:16:19.357Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-58185", + "VendorIDs": [ + "GO-2025-4011" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:25dc65ee7fa043f8bc11e5b6f1fa2a5563ffd0f40f2915e28117b7196ba83be9", + "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", + "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58185", + "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", + "https://go.dev/cl/709856", + "https://go.dev/issue/75671", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", + "https://pkg.go.dev/vuln/GO-2025-4011", + "https://www.cve.org/CVERecord?id=CVE-2025-58185" + ], + "PublishedDate": "2025-10-29T23:16:19.45Z", + "LastModifiedDate": "2026-02-06T20:26:41.997Z" + }, + { + "VulnerabilityID": "CVE-2025-58187", + "VendorIDs": [ + "GO-2025-4007" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.9, 1.25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:50b0a051ad7455376505b79c1d37416ad85ab2a72fea719ca46097445156b568", + "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", + "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58187", + "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", + "https://go.dev/cl/709854", + "https://go.dev/issue/75681", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", + "https://pkg.go.dev/vuln/GO-2025-4007", + "https://www.cve.org/CVERecord?id=CVE-2025-58187" + ], + "PublishedDate": "2025-10-29T23:16:19.643Z", + "LastModifiedDate": "2026-01-29T16:02:27.08Z" + }, + { + "VulnerabilityID": "CVE-2025-58188", + "VendorIDs": [ + "GO-2025-4013" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:53f25fccfa42ae17d21f436a578fb116e16031ff05b0f446dd2c90b1fdb4bf8b", + "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", + "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58188", + "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", + "https://go.dev/cl/709853", + "https://go.dev/issue/75675", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", + "https://pkg.go.dev/vuln/GO-2025-4013", + "https://www.cve.org/CVERecord?id=CVE-2025-58188" + ], + "PublishedDate": "2025-10-29T23:16:19.74Z", + "LastModifiedDate": "2026-01-29T15:55:11.97Z" + }, + { + "VulnerabilityID": "CVE-2025-58189", + "VendorIDs": [ + "GO-2025-4008" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:509284a4d45f3c4e8a50e933c25b3c513a8f2a1df6fde51250e7cd1988446cd6", + "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", + "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-532" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58189", + "https://go.dev/cl/707776", + "https://go.dev/issue/75652", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", + "https://pkg.go.dev/vuln/GO-2025-4008", + "https://www.cve.org/CVERecord?id=CVE-2025-58189" + ], + "PublishedDate": "2025-10-29T23:16:19.833Z", + "LastModifiedDate": "2026-01-29T15:49:24.543Z" + }, + { + "VulnerabilityID": "CVE-2025-61723", + "VendorIDs": [ + "GO-2025-4009" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4c591b82fc4b3bcd6469f971aac862848fa004b1050f36741a77b374145b873d", + "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", + "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61723", + "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", + "https://go.dev/cl/709858", + "https://go.dev/issue/75676", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", + "https://pkg.go.dev/vuln/GO-2025-4009", + "https://www.cve.org/CVERecord?id=CVE-2025-61723" + ], + "PublishedDate": "2025-10-29T23:16:19.927Z", + "LastModifiedDate": "2026-01-29T15:49:05.343Z" + }, + { + "VulnerabilityID": "CVE-2025-61724", + "VendorIDs": [ + "GO-2025-4015" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:abfdd7ccd15fd4c08d5d949c30db472ed1a5e9af3f4da783b6ee2b54cef7244e", + "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", + "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61724", + "https://go.dev/cl/709859", + "https://go.dev/issue/75716", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", + "https://pkg.go.dev/vuln/GO-2025-4015", + "https://www.cve.org/CVERecord?id=CVE-2025-61724" + ], + "PublishedDate": "2025-10-29T23:16:20.02Z", + "LastModifiedDate": "2026-01-29T15:30:53.69Z" + }, + { + "VulnerabilityID": "CVE-2025-61725", + "VendorIDs": [ + "GO-2025-4006" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4f2d251ee6fd9cb2d536392cba3a33c756ddde2d279bfb887d78a26cf1fe0d95", + "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", + "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61725", + "https://go.dev/cl/709860", + "https://go.dev/issue/75680", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", + "https://pkg.go.dev/vuln/GO-2025-4006", + "https://www.cve.org/CVERecord?id=CVE-2025-61725" + ], + "PublishedDate": "2025-10-29T23:16:20.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61727", + "VendorIDs": [ + "GO-2025-4175" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:41b55a3b35a838c736def8dd6ec0e87083ea72eed2c84816a6f8a37f621f1530", + "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", + "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61727", + "https://go.dev/cl/723900", + "https://go.dev/issue/76442", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", + "https://pkg.go.dev/vuln/GO-2025-4175", + "https://www.cve.org/CVERecord?id=CVE-2025-61727" + ], + "PublishedDate": "2025-12-03T20:16:25.607Z", + "LastModifiedDate": "2025-12-18T20:15:10.957Z" + }, + { + "VulnerabilityID": "CVE-2025-61728", + "VendorIDs": [ + "GO-2026-4342" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:46a51a345126c1357cf2d33399da89ce133bb6eedcd4dad608deb31abf142221", + "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", + "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/15/4", + "https://access.redhat.com/errata/RHSA-2026:3753", + "https://access.redhat.com/security/cve/CVE-2025-61728", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434431", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3753.html", + "https://errata.rockylinux.org/RLSA-2026:3337", + "https://go.dev/cl/736713", + "https://go.dev/issue/77102", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61728.html", + "https://linux.oracle.com/errata/ELSA-2026-4672.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", + "https://pkg.go.dev/vuln/GO-2026-4342", + "https://www.cve.org/CVERecord?id=CVE-2025-61728" + ], + "PublishedDate": "2026-01-28T20:16:09.83Z", + "LastModifiedDate": "2026-02-06T18:45:10.42Z" + }, + { + "VulnerabilityID": "CVE-2025-61730", + "VendorIDs": [ + "GO-2026-4340" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9c12c4682b2cc8d8c9f3788fbcc74f9595ccca1ed664e554776878c09bb0826d", + "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", + "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "bitnami": 2, + "cbl-mariner": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61730", + "https://go.dev/cl/724120", + "https://go.dev/issue/76443", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", + "https://pkg.go.dev/vuln/GO-2026-4340", + "https://www.cve.org/CVERecord?id=CVE-2025-61730" + ], + "PublishedDate": "2026-01-28T20:16:09.94Z", + "LastModifiedDate": "2026-02-03T20:36:41.3Z" + }, + { + "VulnerabilityID": "CVE-2026-27142", + "VendorIDs": [ + "GO-2026-4603" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6ad205a50ea24b41d99dad1e52ebd4412a3e864394ce2b43c0d2bbe8b1f46e10", + "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", + "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27142", + "https://go.dev/cl/752081", + "https://go.dev/issue/77954", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", + "https://pkg.go.dev/vuln/GO-2026-4603", + "https://www.cve.org/CVERecord?id=CVE-2026-27142" + ], + "PublishedDate": "2026-03-06T22:16:01.177Z", + "LastModifiedDate": "2026-04-21T14:30:01.38Z" + }, + { + "VulnerabilityID": "CVE-2026-32282", + "VendorIDs": [ + "GO-2026-4864" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8418d442ca5f99bf46957678dc45055ac6de1fc7237c277dd6c8863fc94ff31f", + "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", + "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32282", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763761", + "https://go.dev/issue/78293", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32282.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", + "https://pkg.go.dev/vuln/GO-2026-4864", + "https://www.cve.org/CVERecord?id=CVE-2026-32282" + ], + "PublishedDate": "2026-04-08T02:16:03.467Z", + "LastModifiedDate": "2026-04-16T19:15:39.4Z" + }, + { + "VulnerabilityID": "CVE-2026-32288", + "VendorIDs": [ + "GO-2026-4869" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a15f4d9f0604f6684ae737b400162cd1bf15411e32d42fe54aed3c154d63b8d9", + "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", + "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32288", + "https://go.dev/cl/763766", + "https://go.dev/issue/78301", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", + "https://pkg.go.dev/vuln/GO-2026-4869", + "https://www.cve.org/CVERecord?id=CVE-2026-32288" + ], + "PublishedDate": "2026-04-08T02:16:03.707Z", + "LastModifiedDate": "2026-04-16T19:08:52.24Z" + }, + { + "VulnerabilityID": "CVE-2026-32289", + "VendorIDs": [ + "GO-2026-4865" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f46be49d0799f836b5c77301863f13218454fae5faaac3431739de8541e54d09", + "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", + "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32289", + "https://go.dev/cl/763762", + "https://go.dev/issue/78331", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", + "https://pkg.go.dev/vuln/GO-2026-4865", + "https://www.cve.org/CVERecord?id=CVE-2026-32289" + ], + "PublishedDate": "2026-04-08T02:16:03.82Z", + "LastModifiedDate": "2026-04-16T19:06:57.367Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e45ed45c2977884efdabceba94a8c1545aa54ab427a1b9c04604d5b6faca2338", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7be95f0b423ca8269e94a78737aec4fc6829972011d6fa32a0e86a8535c064b2", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "f2a7af45e0298ef8" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", + "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f5fc1c65f66a5bd893e6368f066a78b39575629e44e159c67c51ff7b4c448780", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + } + ] + }, + { + "Namespace": "prometheus", + "Kind": "Deployment", + "Name": "alertmanager", + "Metadata": [ + { + "Size": 72671744, + "ImageID": "sha256:6519630d2dcc96a94f82e6e6fea153cfd87de0f97a95230bf713946a0756d97f", + "DiffIDs": [ + "sha256:ce003e882898fd52c48121c32517cfd5dc2ba95a8216989b5e6571cc147e1f2f", + "sha256:b2f24d7bd8435c9eb1ab45056b1bd85f82b0d29043f9dd5db27244fc08029cbd", + "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525", + "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9", + "sha256:a0b193e13c47f0dbb59853a0c116f17f91ba4e4b8a88ec31fcc6144931e1bb4c", + "sha256:743ab2fdbd295dabbd1553e9cb107fdf3f4b5a9abec75f31bbe0aeed63ca981a", + "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" + ], + "RepoTags": [ + "prom/alertmanager:latest" + ], + "RepoDigests": [ + "prom/alertmanager@sha256:51a825c2a40acc3e338fdd00d622e01ec090f72be2b3ea46be0839cd47a4d286" + ], + "Reference": "prom/alertmanager:latest", + "ImageConfig": { + "architecture": "amd64", + "author": "The Prometheus Authors \u003cprometheus-developers@googlegroups.com\u003e", + "created": "2026-04-29T17:45:56.223633017Z", + "history": [ + { + "created": "2024-09-26T21:31:42Z", + "created_by": "BusyBox 1.37.0 (uclibc), Buildroot 2025.11.3, Debian 13" + }, + { + "created": "2026-04-15T10:54:45.929154899Z", + "created_by": "MAINTAINER The Prometheus Authors \u003cprometheus-developers@googlegroups.com\u003e", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-15T10:54:45.929154899Z", + "created_by": "COPY /rootfs / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-04-29T17:45:56.032089482Z", + "created_by": "LABEL maintainer=The Prometheus Authors \u003cprometheus-developers@googlegroups.com\u003e", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-29T17:45:56.032089482Z", + "created_by": "LABEL org.opencontainers.image.source=https://github.com/prometheus/alertmanager", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-29T17:45:56.032089482Z", + "created_by": "ARG ARCH=amd64", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-29T17:45:56.032089482Z", + "created_by": "ARG OS=linux", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-29T17:45:56.032089482Z", + "created_by": "COPY .build/linux-amd64/amtool /bin/amtool # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-04-29T17:45:56.078638477Z", + "created_by": "COPY .build/linux-amd64/alertmanager /bin/alertmanager # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-04-29T17:45:56.08799851Z", + "created_by": "COPY examples/ha/alertmanager.yml /etc/alertmanager/alertmanager.yml # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-04-29T17:45:56.203502631Z", + "created_by": "RUN |2 ARCH=amd64 OS=linux /bin/sh -c mkdir -p /alertmanager \u0026\u0026 chown -R nobody:nobody /etc/alertmanager /alertmanager \u0026\u0026 chmod -R g+w /alertmanager # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-04-29T17:45:56.203502631Z", + "created_by": "USER nobody", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-29T17:45:56.203502631Z", + "created_by": "EXPOSE map[9093/tcp:{}]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-29T17:45:56.203502631Z", + "created_by": "VOLUME [/alertmanager]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-29T17:45:56.223633017Z", + "created_by": "WORKDIR /alertmanager", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-04-29T17:45:56.223633017Z", + "created_by": "ENTRYPOINT [\"/bin/alertmanager\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-29T17:45:56.223633017Z", + "created_by": "CMD [\"--config.file=/etc/alertmanager/alertmanager.yml\" \"--storage.path=/alertmanager\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:ce003e882898fd52c48121c32517cfd5dc2ba95a8216989b5e6571cc147e1f2f", + "sha256:b2f24d7bd8435c9eb1ab45056b1bd85f82b0d29043f9dd5db27244fc08029cbd", + "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525", + "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9", + "sha256:a0b193e13c47f0dbb59853a0c116f17f91ba4e4b8a88ec31fcc6144931e1bb4c", + "sha256:743ab2fdbd295dabbd1553e9cb107fdf3f4b5a9abec75f31bbe0aeed63ca981a", + "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" + ] + }, + "config": { + "Cmd": [ + "--config.file=/etc/alertmanager/alertmanager.yml", + "--storage.path=/alertmanager" + ], + "Entrypoint": [ + "/bin/alertmanager" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ], + "Labels": { + "maintainer": "The Prometheus Authors \u003cprometheus-developers@googlegroups.com\u003e", + "org.opencontainers.image.source": "https://github.com/prometheus/alertmanager" + }, + "User": "nobody", + "Volumes": { + "/alertmanager": {} + }, + "WorkingDir": "/alertmanager", + "ExposedPorts": { + "9093/tcp": {} + }, + "ArgsEscaped": true + } + }, + "Layers": [ + { + "Size": 1454080, + "Digest": "sha256:2acf9a40b14f28b6096477413ec272f1fae2d5df7d963466f0936cc16b08ab7b", + "DiffID": "sha256:ce003e882898fd52c48121c32517cfd5dc2ba95a8216989b5e6571cc147e1f2f" + }, + { + "Size": 1262080, + "Digest": "sha256:27baa147e9fa2a2d3cddd0ccabf97ee10c9b66379c5b8835ec4c9438ef9dbd07", + "DiffID": "sha256:b2f24d7bd8435c9eb1ab45056b1bd85f82b0d29043f9dd5db27244fc08029cbd" + }, + { + "Size": 28680704, + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + { + "Size": 41265152, + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + { + "Size": 3584, + "Digest": "sha256:02dd15185ff817e6b78158fb348bbe98129833673a81ca2503dfd4a9f670d168", + "DiffID": "sha256:a0b193e13c47f0dbb59853a0c116f17f91ba4e4b8a88ec31fcc6144931e1bb4c" + }, + { + "Size": 5120, + "Digest": "sha256:743274192ad7a9b8f72979769808f7e27c5a3fa2d7653a513cda43ff21f262fd", + "DiffID": "sha256:743ab2fdbd295dabbd1553e9cb107fdf3f4b5a9abec75f31bbe0aeed63ca981a" + }, + { + "Size": 1024, + "Digest": "sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1", + "DiffID": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" + } + ] + } + ], + "Results": [ + { + "Target": "bin/alertmanager", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "github.com/prometheus/alertmanager@v0.32.1", + "Name": "github.com/prometheus/alertmanager", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/alertmanager@v0.32.1", + "UID": "80b0b452c2325658" + }, + "Version": "v0.32.1", + "Relationship": "root", + "DependsOn": [ + "github.com/KimMachineGun/automemlimit@v0.7.5", + "github.com/alecthomas/kingpin/v2@v2.4.0", + "github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", + "github.com/armon/go-metrics@v0.4.1", + "github.com/aws/aws-sdk-go-v2/config@v1.32.13", + "github.com/aws/aws-sdk-go-v2/credentials@v1.19.13", + "github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.21", + "github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.21", + "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.21", + "github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", + "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", + "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.21", + "github.com/aws/aws-sdk-go-v2/service/signin@v1.0.9", + "github.com/aws/aws-sdk-go-v2/service/sns@v1.39.15", + "github.com/aws/aws-sdk-go-v2/service/sso@v1.30.14", + "github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.18", + "github.com/aws/aws-sdk-go-v2/service/sts@v1.41.10", + "github.com/aws/aws-sdk-go-v2@v1.41.5", + "github.com/aws/smithy-go@v1.24.2", + "github.com/beorn7/perks@v1.0.1", + "github.com/cenkalti/backoff/v4@v4.3.0", + "github.com/cenkalti/backoff/v5@v5.0.3", + "github.com/cespare/xxhash/v2@v2.3.0", + "github.com/coder/quartz@v0.3.0", + "github.com/coreos/go-systemd/v22@v22.6.0", + "github.com/docker/go-units@v0.5.0", + "github.com/felixge/httpsnoop@v1.0.4", + "github.com/go-logr/logr@v1.4.3", + "github.com/go-logr/stdr@v1.2.2", + "github.com/go-openapi/analysis@v0.25.0", + "github.com/go-openapi/errors@v0.22.7", + "github.com/go-openapi/jsonpointer@v0.22.5", + "github.com/go-openapi/jsonreference@v0.21.5", + "github.com/go-openapi/loads@v0.23.3", + "github.com/go-openapi/runtime@v0.29.3", + "github.com/go-openapi/spec@v0.22.4", + "github.com/go-openapi/strfmt@v0.26.1", + "github.com/go-openapi/swag/cmdutils@v0.25.5", + "github.com/go-openapi/swag/conv@v0.25.5", + "github.com/go-openapi/swag/fileutils@v0.25.5", + "github.com/go-openapi/swag/jsonname@v0.25.5", + "github.com/go-openapi/swag/jsonutils@v0.25.5", + "github.com/go-openapi/swag/loading@v0.25.5", + "github.com/go-openapi/swag/mangling@v0.25.5", + "github.com/go-openapi/swag/netutils@v0.25.5", + "github.com/go-openapi/swag/stringutils@v0.25.5", + "github.com/go-openapi/swag/typeutils@v0.25.5", + "github.com/go-openapi/swag/yamlutils@v0.25.5", + "github.com/go-openapi/swag@v0.25.5", + "github.com/go-openapi/validate@v0.25.2", + "github.com/go-viper/mapstructure/v2@v2.5.0", + "github.com/golang-jwt/jwt/v5@v5.3.0", + "github.com/google/btree@v1.1.3", + "github.com/google/uuid@v1.6.0", + "github.com/grpc-ecosystem/grpc-gateway/v2@v2.28.0", + "github.com/hashicorp/errwrap@v1.1.0", + "github.com/hashicorp/go-immutable-radix@v1.3.1", + "github.com/hashicorp/go-metrics@v0.5.4", + "github.com/hashicorp/go-msgpack/v2@v2.1.5", + "github.com/hashicorp/go-multierror@v1.1.1", + "github.com/hashicorp/go-sockaddr@v1.0.7", + "github.com/hashicorp/golang-lru/v2@v2.0.7", + "github.com/hashicorp/golang-lru@v0.5.4", + "github.com/hashicorp/memberlist@v0.5.4", + "github.com/jessevdk/go-flags@v1.6.1", + "github.com/jpillora/backoff@v1.0.0", + "github.com/julienschmidt/httprouter@v1.3.0", + "github.com/mdlayher/socket@v0.4.1", + "github.com/mdlayher/vsock@v1.2.1", + "github.com/miekg/dns@v1.1.68", + "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", + "github.com/oklog/run@v1.2.0", + "github.com/oklog/ulid/v2@v2.1.1", + "github.com/pbnjay/memory@v0.0.0-20210728143218-7b4eea64cf58", + "github.com/prometheus/client_golang@v1.23.2", + "github.com/prometheus/client_model@v0.6.2", + "github.com/prometheus/common@v0.67.5", + "github.com/prometheus/exporter-toolkit@v0.15.1", + "github.com/prometheus/procfs@v0.16.1", + "github.com/prometheus/sigv4@v0.4.1", + "github.com/rs/cors@v1.11.1", + "github.com/sean-/seed@v0.0.0-20170313163322-e2103e2c3529", + "github.com/xhit/go-str2duration/v2@v2.1.0", + "go.opentelemetry.io/auto/sdk@v1.2.1", + "go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@v0.66.0", + "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.66.0", + "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.41.0", + "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.41.0", + "go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.41.0", + "go.opentelemetry.io/otel/metric@v1.41.0", + "go.opentelemetry.io/otel/sdk@v1.41.0", + "go.opentelemetry.io/otel/trace@v1.41.0", + "go.opentelemetry.io/otel@v1.41.0", + "go.opentelemetry.io/proto/otlp@v1.9.0", + "go.yaml.in/yaml/v2@v2.4.3", + "go.yaml.in/yaml/v3@v3.0.4", + "golang.org/x/crypto@v0.49.0", + "golang.org/x/net@v0.52.0", + "golang.org/x/oauth2@v0.35.0", + "golang.org/x/sync@v0.20.0", + "golang.org/x/sys@v0.42.0", + "golang.org/x/text@v0.35.0", + "golang.org/x/time@v0.14.0", + "google.golang.org/genproto/googleapis/api@v0.0.0-20260209200024-4cfbd4190f57", + "google.golang.org/genproto/googleapis/rpc@v0.0.0-20260209200024-4cfbd4190f57", + "google.golang.org/grpc@v1.80.0", + "google.golang.org/protobuf@v1.36.11", + "gopkg.in/telebot.v3@v3.3.8", + "gopkg.in/yaml.v2@v2.4.0", + "stdlib@v1.26.2" + ], + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "stdlib@v1.26.2", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "28f63090157d12cc" + }, + "Version": "v1.26.2", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/KimMachineGun/automemlimit@v0.7.5", + "Name": "github.com/KimMachineGun/automemlimit", + "Identifier": { + "PURL": "pkg:golang/github.com/kimmachinegun/automemlimit@v0.7.5", + "UID": "f545ee64627643f7" + }, + "Version": "v0.7.5", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/alecthomas/kingpin/v2@v2.4.0", + "Name": "github.com/alecthomas/kingpin/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/alecthomas/kingpin/v2@v2.4.0", + "UID": "a8dccb910a64e09d" + }, + "Version": "v2.4.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", + "Name": "github.com/alecthomas/units", + "Identifier": { + "PURL": "pkg:golang/github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", + "UID": "6e30d76b4ec7ebed" + }, + "Version": "v0.0.0-20240927000941-0f3dac36c52b", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/armon/go-metrics@v0.4.1", + "Name": "github.com/armon/go-metrics", + "Identifier": { + "PURL": "pkg:golang/github.com/armon/go-metrics@v0.4.1", + "UID": "ba3631eb0cb68412" + }, + "Version": "v0.4.1", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2@v1.41.5", + "Name": "github.com/aws/aws-sdk-go-v2", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2@v1.41.5", + "UID": "1aafa065f3fb62f2" + }, + "Version": "v1.41.5", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/config@v1.32.13", + "Name": "github.com/aws/aws-sdk-go-v2/config", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/config@v1.32.13", + "UID": "b0cc33e54176c2fb" + }, + "Version": "v1.32.13", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/credentials@v1.19.13", + "Name": "github.com/aws/aws-sdk-go-v2/credentials", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/credentials@v1.19.13", + "UID": "8092bda4076cf73f" + }, + "Version": "v1.19.13", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.21", + "Name": "github.com/aws/aws-sdk-go-v2/feature/ec2/imds", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.21", + "UID": "cb15060419c53456" + }, + "Version": "v1.18.21", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.21", + "Name": "github.com/aws/aws-sdk-go-v2/internal/configsources", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.21", + "UID": "f9532a94ef2b75f2" + }, + "Version": "v1.4.21", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.21", + "Name": "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.21", + "UID": "673a0d1a3fd306e6" + }, + "Version": "v2.7.21", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", + "Name": "github.com/aws/aws-sdk-go-v2/internal/ini", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", + "UID": "30c10dc4272364e2" + }, + "Version": "v1.8.6", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", + "Name": "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", + "UID": "e821e4ae4316be26" + }, + "Version": "v1.13.7", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.21", + "Name": "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.21", + "UID": "f2c138b01a07cf78" + }, + "Version": "v1.13.21", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/signin@v1.0.9", + "Name": "github.com/aws/aws-sdk-go-v2/service/signin", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/signin@v1.0.9", + "UID": "eb6fc7ff05c8c0c0" + }, + "Version": "v1.0.9", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/sns@v1.39.15", + "Name": "github.com/aws/aws-sdk-go-v2/service/sns", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/sns@v1.39.15", + "UID": "64b8f4cd89ccbedc" + }, + "Version": "v1.39.15", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/sso@v1.30.14", + "Name": "github.com/aws/aws-sdk-go-v2/service/sso", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/sso@v1.30.14", + "UID": "38ff791bce5e39ec" + }, + "Version": "v1.30.14", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.18", + "Name": "github.com/aws/aws-sdk-go-v2/service/ssooidc", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.18", + "UID": "79ab1bd77c72fc35" + }, + "Version": "v1.35.18", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/sts@v1.41.10", + "Name": "github.com/aws/aws-sdk-go-v2/service/sts", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/sts@v1.41.10", + "UID": "202bb22757b92af3" + }, + "Version": "v1.41.10", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/smithy-go@v1.24.2", + "Name": "github.com/aws/smithy-go", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/smithy-go@v1.24.2", + "UID": "b4e6bfce8371c308" + }, + "Version": "v1.24.2", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/beorn7/perks@v1.0.1", + "Name": "github.com/beorn7/perks", + "Identifier": { + "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", + "UID": "db3712bc97b16325" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cenkalti/backoff/v4@v4.3.0", + "Name": "github.com/cenkalti/backoff/v4", + "Identifier": { + "PURL": "pkg:golang/github.com/cenkalti/backoff/v4@v4.3.0", + "UID": "8ee0f544a80be3fc" + }, + "Version": "v4.3.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cenkalti/backoff/v5@v5.0.3", + "Name": "github.com/cenkalti/backoff/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/cenkalti/backoff/v5@v5.0.3", + "UID": "dc7bd0f2889b5b76" + }, + "Version": "v5.0.3", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cespare/xxhash/v2@v2.3.0", + "Name": "github.com/cespare/xxhash/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0", + "UID": "6f350e1a30d94d30" + }, + "Version": "v2.3.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/coder/quartz@v0.3.0", + "Name": "github.com/coder/quartz", + "Identifier": { + "PURL": "pkg:golang/github.com/coder/quartz@v0.3.0", + "UID": "4ec4114afc0e9445" + }, + "Version": "v0.3.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/coreos/go-systemd/v22@v22.6.0", + "Name": "github.com/coreos/go-systemd/v22", + "Identifier": { + "PURL": "pkg:golang/github.com/coreos/go-systemd/v22@v22.6.0", + "UID": "cfddca39fd8e9fd6" + }, + "Version": "v22.6.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/docker/go-units@v0.5.0", + "Name": "github.com/docker/go-units", + "Identifier": { + "PURL": "pkg:golang/github.com/docker/go-units@v0.5.0", + "UID": "1327e6483c8a4ff6" + }, + "Version": "v0.5.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/felixge/httpsnoop@v1.0.4", + "Name": "github.com/felixge/httpsnoop", + "Identifier": { + "PURL": "pkg:golang/github.com/felixge/httpsnoop@v1.0.4", + "UID": "31e05c000fd9b0e2" + }, + "Version": "v1.0.4", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/logr@v1.4.3", + "Name": "github.com/go-logr/logr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/logr@v1.4.3", + "UID": "6d53dc6d13f796be" + }, + "Version": "v1.4.3", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/stdr@v1.2.2", + "Name": "github.com/go-logr/stdr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/stdr@v1.2.2", + "UID": "d0114b44ce3afe7d" + }, + "Version": "v1.2.2", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/analysis@v0.25.0", + "Name": "github.com/go-openapi/analysis", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/analysis@v0.25.0", + "UID": "af90c7e0e6603226" + }, + "Version": "v0.25.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/errors@v0.22.7", + "Name": "github.com/go-openapi/errors", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/errors@v0.22.7", + "UID": "d6364c91f2f616ce" + }, + "Version": "v0.22.7", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/jsonpointer@v0.22.5", + "Name": "github.com/go-openapi/jsonpointer", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/jsonpointer@v0.22.5", + "UID": "8c196040591931e1" + }, + "Version": "v0.22.5", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/jsonreference@v0.21.5", + "Name": "github.com/go-openapi/jsonreference", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/jsonreference@v0.21.5", + "UID": "fbd5f1c768223118" + }, + "Version": "v0.21.5", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/loads@v0.23.3", + "Name": "github.com/go-openapi/loads", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/loads@v0.23.3", + "UID": "238eaeab7e95bc09" + }, + "Version": "v0.23.3", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/runtime@v0.29.3", + "Name": "github.com/go-openapi/runtime", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/runtime@v0.29.3", + "UID": "13a68f0daf3b64ea" + }, + "Version": "v0.29.3", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/spec@v0.22.4", + "Name": "github.com/go-openapi/spec", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/spec@v0.22.4", + "UID": "7237e7de94211d5f" + }, + "Version": "v0.22.4", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/strfmt@v0.26.1", + "Name": "github.com/go-openapi/strfmt", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/strfmt@v0.26.1", + "UID": "c11b55c584b25efa" + }, + "Version": "v0.26.1", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag@v0.25.5", + "Name": "github.com/go-openapi/swag", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag@v0.25.5", + "UID": "15b2ee6d51d31d25" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/cmdutils@v0.25.5", + "Name": "github.com/go-openapi/swag/cmdutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/cmdutils@v0.25.5", + "UID": "9b527751ca4df554" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/conv@v0.25.5", + "Name": "github.com/go-openapi/swag/conv", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/conv@v0.25.5", + "UID": "93a5eed0af039a1" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/fileutils@v0.25.5", + "Name": "github.com/go-openapi/swag/fileutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/fileutils@v0.25.5", + "UID": "bb1ee779f9877f60" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/jsonname@v0.25.5", + "Name": "github.com/go-openapi/swag/jsonname", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/jsonname@v0.25.5", + "UID": "c7d151212b1ca0be" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/jsonutils@v0.25.5", + "Name": "github.com/go-openapi/swag/jsonutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/jsonutils@v0.25.5", + "UID": "3183eeeece4c8c49" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/loading@v0.25.5", + "Name": "github.com/go-openapi/swag/loading", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/loading@v0.25.5", + "UID": "b446a7e35ecb1666" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/mangling@v0.25.5", + "Name": "github.com/go-openapi/swag/mangling", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/mangling@v0.25.5", + "UID": "c75c90162cb7be75" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/netutils@v0.25.5", + "Name": "github.com/go-openapi/swag/netutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/netutils@v0.25.5", + "UID": "7dd76e1c765a429" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/stringutils@v0.25.5", + "Name": "github.com/go-openapi/swag/stringutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/stringutils@v0.25.5", + "UID": "c1913bf19f1b4c7b" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/typeutils@v0.25.5", + "Name": "github.com/go-openapi/swag/typeutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/typeutils@v0.25.5", + "UID": "622d0133aaff108a" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/yamlutils@v0.25.5", + "Name": "github.com/go-openapi/swag/yamlutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/yamlutils@v0.25.5", + "UID": "f3e79824ea15df2f" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/validate@v0.25.2", + "Name": "github.com/go-openapi/validate", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/validate@v0.25.2", + "UID": "cbad22c1fea806c6" + }, + "Version": "v0.25.2", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-viper/mapstructure/v2@v2.5.0", + "Name": "github.com/go-viper/mapstructure/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/go-viper/mapstructure/v2@v2.5.0", + "UID": "745f435369951ba0" + }, + "Version": "v2.5.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang-jwt/jwt/v5@v5.3.0", + "Name": "github.com/golang-jwt/jwt/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/golang-jwt/jwt/v5@v5.3.0", + "UID": "12e62f1a5fd8bafa" + }, + "Version": "v5.3.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/btree@v1.1.3", + "Name": "github.com/google/btree", + "Identifier": { + "PURL": "pkg:golang/github.com/google/btree@v1.1.3", + "UID": "7857179b09ffd7f1" + }, + "Version": "v1.1.3", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/uuid@v1.6.0", + "Name": "github.com/google/uuid", + "Identifier": { + "PURL": "pkg:golang/github.com/google/uuid@v1.6.0", + "UID": "cb5384fa14604d67" + }, + "Version": "v1.6.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/grpc-ecosystem/grpc-gateway/v2@v2.28.0", + "Name": "github.com/grpc-ecosystem/grpc-gateway/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/grpc-ecosystem/grpc-gateway/v2@v2.28.0", + "UID": "3c8c497a2a12f00b" + }, + "Version": "v2.28.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/errwrap@v1.1.0", + "Name": "github.com/hashicorp/errwrap", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/errwrap@v1.1.0", + "UID": "e2608131d0608f47" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-immutable-radix@v1.3.1", + "Name": "github.com/hashicorp/go-immutable-radix", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-immutable-radix@v1.3.1", + "UID": "c905e5bd1b1dd4b5" + }, + "Version": "v1.3.1", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-metrics@v0.5.4", + "Name": "github.com/hashicorp/go-metrics", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-metrics@v0.5.4", + "UID": "8184fa0fac393a8d" + }, + "Version": "v0.5.4", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-msgpack/v2@v2.1.5", + "Name": "github.com/hashicorp/go-msgpack/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-msgpack/v2@v2.1.5", + "UID": "e6225c1fd1a25109" + }, + "Version": "v2.1.5", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-multierror@v1.1.1", + "Name": "github.com/hashicorp/go-multierror", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-multierror@v1.1.1", + "UID": "1469fdcb7d464ed" + }, + "Version": "v1.1.1", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-sockaddr@v1.0.7", + "Name": "github.com/hashicorp/go-sockaddr", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-sockaddr@v1.0.7", + "UID": "e616fe7744585532" + }, + "Version": "v1.0.7", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/golang-lru@v0.5.4", + "Name": "github.com/hashicorp/golang-lru", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/golang-lru@v0.5.4", + "UID": "ef9e5e7849c20252" + }, + "Version": "v0.5.4", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/golang-lru/v2@v2.0.7", + "Name": "github.com/hashicorp/golang-lru/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/golang-lru/v2@v2.0.7", + "UID": "ceba19a6daa95e3c" + }, + "Version": "v2.0.7", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/memberlist@v0.5.4", + "Name": "github.com/hashicorp/memberlist", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/memberlist@v0.5.4", + "UID": "e96ed9035eb64a61" + }, + "Version": "v0.5.4", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jessevdk/go-flags@v1.6.1", + "Name": "github.com/jessevdk/go-flags", + "Identifier": { + "PURL": "pkg:golang/github.com/jessevdk/go-flags@v1.6.1", + "UID": "4815e363c4f5b51a" + }, + "Version": "v1.6.1", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jpillora/backoff@v1.0.0", + "Name": "github.com/jpillora/backoff", + "Identifier": { + "PURL": "pkg:golang/github.com/jpillora/backoff@v1.0.0", + "UID": "c228aa4013e13e53" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/julienschmidt/httprouter@v1.3.0", + "Name": "github.com/julienschmidt/httprouter", + "Identifier": { + "PURL": "pkg:golang/github.com/julienschmidt/httprouter@v1.3.0", + "UID": "5617aff11007d6da" + }, + "Version": "v1.3.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mdlayher/socket@v0.4.1", + "Name": "github.com/mdlayher/socket", + "Identifier": { + "PURL": "pkg:golang/github.com/mdlayher/socket@v0.4.1", + "UID": "4faf1630cd7c291" + }, + "Version": "v0.4.1", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mdlayher/vsock@v1.2.1", + "Name": "github.com/mdlayher/vsock", + "Identifier": { + "PURL": "pkg:golang/github.com/mdlayher/vsock@v1.2.1", + "UID": "166f21963b9a1ae" + }, + "Version": "v1.2.1", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/miekg/dns@v1.1.68", + "Name": "github.com/miekg/dns", + "Identifier": { + "PURL": "pkg:golang/github.com/miekg/dns@v1.1.68", + "UID": "5d1cb982e032b176" + }, + "Version": "v1.1.68", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "Name": "github.com/munnerz/goautoneg", + "Identifier": { + "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "UID": "4638ea033e85d125" + }, + "Version": "v0.0.0-20191010083416-a7dc8b61c822", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", + "Name": "github.com/mwitkow/go-conntrack", + "Identifier": { + "PURL": "pkg:golang/github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", + "UID": "5a27f4c3423ffeac" + }, + "Version": "v0.0.0-20190716064945-2f068394615f", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/oklog/run@v1.2.0", + "Name": "github.com/oklog/run", + "Identifier": { + "PURL": "pkg:golang/github.com/oklog/run@v1.2.0", + "UID": "147a5d0d1fabc425" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/oklog/ulid/v2@v2.1.1", + "Name": "github.com/oklog/ulid/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/oklog/ulid/v2@v2.1.1", + "UID": "4ee17cf6f21d9757" + }, + "Version": "v2.1.1", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pbnjay/memory@v0.0.0-20210728143218-7b4eea64cf58", + "Name": "github.com/pbnjay/memory", + "Identifier": { + "PURL": "pkg:golang/github.com/pbnjay/memory@v0.0.0-20210728143218-7b4eea64cf58", + "UID": "d4abb5b14db474bc" + }, + "Version": "v0.0.0-20210728143218-7b4eea64cf58", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_golang@v1.23.2", + "Name": "github.com/prometheus/client_golang", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.23.2", + "UID": "3946ae35ddff6154" + }, + "Version": "v1.23.2", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_model@v0.6.2", + "Name": "github.com/prometheus/client_model", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_model@v0.6.2", + "UID": "90048976e29ebdbd" + }, + "Version": "v0.6.2", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/common@v0.67.5", + "Name": "github.com/prometheus/common", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/common@v0.67.5", + "UID": "ab1ee0620b7e8a98" + }, + "Version": "v0.67.5", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/exporter-toolkit@v0.15.1", + "Name": "github.com/prometheus/exporter-toolkit", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/exporter-toolkit@v0.15.1", + "UID": "bb0a2c3256f77ac5" + }, + "Version": "v0.15.1", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/procfs@v0.16.1", + "Name": "github.com/prometheus/procfs", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/procfs@v0.16.1", + "UID": "26ffb44cd2d7605a" + }, + "Version": "v0.16.1", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/sigv4@v0.4.1", + "Name": "github.com/prometheus/sigv4", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/sigv4@v0.4.1", + "UID": "61f47701cb402304" + }, + "Version": "v0.4.1", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/rs/cors@v1.11.1", + "Name": "github.com/rs/cors", + "Identifier": { + "PURL": "pkg:golang/github.com/rs/cors@v1.11.1", + "UID": "2752321501590c7f" + }, + "Version": "v1.11.1", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/sean-/seed@v0.0.0-20170313163322-e2103e2c3529", + "Name": "github.com/sean-/seed", + "Identifier": { + "PURL": "pkg:golang/github.com/sean-/seed@v0.0.0-20170313163322-e2103e2c3529", + "UID": "8cfbf59613910888" + }, + "Version": "v0.0.0-20170313163322-e2103e2c3529", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/xhit/go-str2duration/v2@v2.1.0", + "Name": "github.com/xhit/go-str2duration/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/xhit/go-str2duration/v2@v2.1.0", + "UID": "daa991f2b6e7f4b" + }, + "Version": "v2.1.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/auto/sdk@v1.2.1", + "Name": "go.opentelemetry.io/auto/sdk", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/auto/sdk@v1.2.1", + "UID": "1beae5d3a921b8d9" + }, + "Version": "v1.2.1", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@v0.66.0", + "Name": "go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@v0.66.0", + "UID": "7149da4782ba3e8a" + }, + "Version": "v0.66.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.66.0", + "Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.66.0", + "UID": "970382b75466d4a7" + }, + "Version": "v0.66.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel@v1.41.0", + "Name": "go.opentelemetry.io/otel", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel@v1.41.0", + "UID": "11dcff7c2d8dba3e" + }, + "Version": "v1.41.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.41.0", + "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.41.0", + "UID": "e54b89cdeb90dff9" + }, + "Version": "v1.41.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.41.0", + "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.41.0", + "UID": "ef9c2806b4c4aa77" + }, + "Version": "v1.41.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.41.0", + "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.41.0", + "UID": "f35167e128608853" + }, + "Version": "v1.41.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/metric@v1.41.0", + "Name": "go.opentelemetry.io/otel/metric", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/metric@v1.41.0", + "UID": "dec2f3636adca90f" + }, + "Version": "v1.41.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/sdk@v1.41.0", + "Name": "go.opentelemetry.io/otel/sdk", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/sdk@v1.41.0", + "UID": "f66cf0db8664f28f" + }, + "Version": "v1.41.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/trace@v1.41.0", + "Name": "go.opentelemetry.io/otel/trace", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/trace@v1.41.0", + "UID": "c988aabf4950b0c8" + }, + "Version": "v1.41.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/proto/otlp@v1.9.0", + "Name": "go.opentelemetry.io/proto/otlp", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/proto/otlp@v1.9.0", + "UID": "23f550d877688245" + }, + "Version": "v1.9.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.yaml.in/yaml/v2@v2.4.3", + "Name": "go.yaml.in/yaml/v2", + "Identifier": { + "PURL": "pkg:golang/go.yaml.in/yaml/v2@v2.4.3", + "UID": "f0f1b4b6a765437" + }, + "Version": "v2.4.3", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.yaml.in/yaml/v3@v3.0.4", + "Name": "go.yaml.in/yaml/v3", + "Identifier": { + "PURL": "pkg:golang/go.yaml.in/yaml/v3@v3.0.4", + "UID": "24f094373e766e14" + }, + "Version": "v3.0.4", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/crypto@v0.49.0", + "Name": "golang.org/x/crypto", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.49.0", + "UID": "78807ace974b3f83" + }, + "Version": "v0.49.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/net@v0.52.0", + "Name": "golang.org/x/net", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.52.0", + "UID": "c43d7adcfc0739a4" + }, + "Version": "v0.52.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/oauth2@v0.35.0", + "Name": "golang.org/x/oauth2", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/oauth2@v0.35.0", + "UID": "8f678b7fa2ce4887" + }, + "Version": "v0.35.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sync@v0.20.0", + "Name": "golang.org/x/sync", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sync@v0.20.0", + "UID": "b0911dea9ce16999" + }, + "Version": "v0.20.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sys@v0.42.0", + "Name": "golang.org/x/sys", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sys@v0.42.0", + "UID": "f786578792e83e4" + }, + "Version": "v0.42.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/text@v0.35.0", + "Name": "golang.org/x/text", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/text@v0.35.0", + "UID": "1d4cdc928840a9a3" + }, + "Version": "v0.35.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/time@v0.14.0", + "Name": "golang.org/x/time", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/time@v0.14.0", + "UID": "f9a4e21d7d45ceb8" + }, + "Version": "v0.14.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/genproto/googleapis/api@v0.0.0-20260209200024-4cfbd4190f57", + "Name": "google.golang.org/genproto/googleapis/api", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/genproto/googleapis/api@v0.0.0-20260209200024-4cfbd4190f57", + "UID": "95857cb926b15c6e" + }, + "Version": "v0.0.0-20260209200024-4cfbd4190f57", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/genproto/googleapis/rpc@v0.0.0-20260209200024-4cfbd4190f57", + "Name": "google.golang.org/genproto/googleapis/rpc", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/genproto/googleapis/rpc@v0.0.0-20260209200024-4cfbd4190f57", + "UID": "bb97c362e3ef1c01" + }, + "Version": "v0.0.0-20260209200024-4cfbd4190f57", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/grpc@v1.80.0", + "Name": "google.golang.org/grpc", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/grpc@v1.80.0", + "UID": "e87c510e29bcb598" + }, + "Version": "v1.80.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/protobuf@v1.36.11", + "Name": "google.golang.org/protobuf", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/protobuf@v1.36.11", + "UID": "6a1b141341a4567d" + }, + "Version": "v1.36.11", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/telebot.v3@v3.3.8", + "Name": "gopkg.in/telebot.v3", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/telebot.v3@v3.3.8", + "UID": "f1eb026f6e2e23cd" + }, + "Version": "v3.3.8", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v2@v2.4.0", + "Name": "gopkg.in/yaml.v2", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", + "UID": "8cb3c522fd2a6bcd" + }, + "Version": "v2.4.0", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2026-39882", + "VendorIDs": [ + "GHSA-w8rr-5gcm-pp58" + ], + "PkgID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.41.0", + "PkgName": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp", + "PkgIdentifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.41.0", + "UID": "f35167e128608853" + }, + "InstalledVersion": "v1.41.0", + "FixedVersion": "1.43.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39882", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:e69a087a9b2abf10d04e245b011eca7966ed0a9450da73e55202f307932cb4d5", + "Title": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ...", + "Description": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory bytes.Buffer without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled (or a network attacker can mitm the exporter connection). This vulnerability is fixed in 1.43.0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-789" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.3 + } + }, + "References": [ + "http://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0", + "https://github.com/open-telemetry/opentelemetry-go", + "https://github.com/open-telemetry/opentelemetry-go/pull/8108", + "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-w8rr-5gcm-pp58", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39882" + ], + "PublishedDate": "2026-04-08T21:17:00.547Z", + "LastModifiedDate": "2026-04-09T18:39:55.73Z" + }, + { + "VulnerabilityID": "CVE-2026-39883", + "VendorIDs": [ + "GHSA-hfvc-g4fc-pqhx" + ], + "PkgID": "go.opentelemetry.io/otel/sdk@v1.41.0", + "PkgName": "go.opentelemetry.io/otel/sdk", + "PkgIdentifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/sdk@v1.41.0", + "UID": "f66cf0db8664f28f" + }, + "InstalledVersion": "v1.41.0", + "FixedVersion": "1.43.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39883", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:3c1e34e6bfc9a1990603051414ae4e71fc17f9c41ba87f548f7a85fd22e6d382", + "Title": "opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking", + "Description": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This vulnerability is fixed in 1.43.0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-426" + ], + "VendorSeverity": { + "ghsa": 3, + "nvd": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", + "V40Score": 7.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0", + "https://github.com/open-telemetry/opentelemetry-go", + "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-hfvc-g4fc-pqhx", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39883" + ], + "PublishedDate": "2026-04-08T21:17:00.697Z", + "LastModifiedDate": "2026-04-10T21:16:27.12Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "28f63090157d12cc" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:08923d645f814f203032a42e955b2636295f1b08f8ea0d8f81272b1d68a3fea1", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "28f63090157d12cc" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1f96688b93a6ffa3667ed3d976ace9af4ee7760a01ff20d07c11aa4c79cc7bd8", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "28f63090157d12cc" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7dd1042c8798d7991507dbc793467df95f060efd4be2a35cf509506043ac2cc1", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "28f63090157d12cc" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:03b0af0c2d16afc7ab0f416362882be793d1f18e52a095cab9fe60cd4a53f29d", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "28f63090157d12cc" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:aef07408b4a54dd1ae64bb42e433da0c7482bfc6e7281bdeb97bd7dafc09aeab", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "28f63090157d12cc" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2d9b5fe277df7e5ba3df796d87e20434caff4e72f507f10eb959b2498591c8d9", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "28f63090157d12cc" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3eb73d66cd13b11453111f16052c54a00d0a54f2e220c022e6b21becce0cde5a", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "28f63090157d12cc" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", + "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7f38f6e462eaa154bc99c49464ae5ed096051f3253926569b9fba8b18f0439c7", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + }, + { + "Target": "bin/amtool", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "github.com/prometheus/alertmanager@v0.32.1", + "Name": "github.com/prometheus/alertmanager", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/alertmanager@v0.32.1", + "UID": "84a87fb6940f1b15" + }, + "Version": "v0.32.1", + "Relationship": "root", + "DependsOn": [ + "github.com/alecthomas/kingpin/v2@v2.4.0", + "github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", + "github.com/armon/go-metrics@v0.4.1", + "github.com/aws/aws-sdk-go-v2/config@v1.32.13", + "github.com/aws/aws-sdk-go-v2/credentials@v1.19.13", + "github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.21", + "github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.21", + "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.21", + "github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", + "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", + "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.21", + "github.com/aws/aws-sdk-go-v2/service/signin@v1.0.9", + "github.com/aws/aws-sdk-go-v2/service/sso@v1.30.14", + "github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.18", + "github.com/aws/aws-sdk-go-v2/service/sts@v1.41.10", + "github.com/aws/aws-sdk-go-v2@v1.41.5", + "github.com/aws/smithy-go@v1.24.2", + "github.com/beorn7/perks@v1.0.1", + "github.com/cenkalti/backoff/v4@v4.3.0", + "github.com/cenkalti/backoff/v5@v5.0.3", + "github.com/cespare/xxhash/v2@v2.3.0", + "github.com/coder/quartz@v0.3.0", + "github.com/coreos/go-systemd/v22@v22.6.0", + "github.com/felixge/httpsnoop@v1.0.4", + "github.com/go-logr/logr@v1.4.3", + "github.com/go-logr/stdr@v1.2.2", + "github.com/go-openapi/analysis@v0.25.0", + "github.com/go-openapi/errors@v0.22.7", + "github.com/go-openapi/jsonpointer@v0.22.5", + "github.com/go-openapi/jsonreference@v0.21.5", + "github.com/go-openapi/loads@v0.23.3", + "github.com/go-openapi/runtime@v0.29.3", + "github.com/go-openapi/spec@v0.22.4", + "github.com/go-openapi/strfmt@v0.26.1", + "github.com/go-openapi/swag/cmdutils@v0.25.5", + "github.com/go-openapi/swag/conv@v0.25.5", + "github.com/go-openapi/swag/fileutils@v0.25.5", + "github.com/go-openapi/swag/jsonname@v0.25.5", + "github.com/go-openapi/swag/jsonutils@v0.25.5", + "github.com/go-openapi/swag/loading@v0.25.5", + "github.com/go-openapi/swag/mangling@v0.25.5", + "github.com/go-openapi/swag/netutils@v0.25.5", + "github.com/go-openapi/swag/stringutils@v0.25.5", + "github.com/go-openapi/swag/typeutils@v0.25.5", + "github.com/go-openapi/swag/yamlutils@v0.25.5", + "github.com/go-openapi/swag@v0.25.5", + "github.com/go-openapi/validate@v0.25.2", + "github.com/go-viper/mapstructure/v2@v2.5.0", + "github.com/golang-jwt/jwt/v5@v5.3.0", + "github.com/google/btree@v1.1.3", + "github.com/google/uuid@v1.6.0", + "github.com/grpc-ecosystem/grpc-gateway/v2@v2.28.0", + "github.com/hashicorp/errwrap@v1.1.0", + "github.com/hashicorp/go-immutable-radix@v1.3.1", + "github.com/hashicorp/go-metrics@v0.5.4", + "github.com/hashicorp/go-msgpack/v2@v2.1.5", + "github.com/hashicorp/go-multierror@v1.1.1", + "github.com/hashicorp/go-sockaddr@v1.0.7", + "github.com/hashicorp/golang-lru/v2@v2.0.7", + "github.com/hashicorp/golang-lru@v0.5.4", + "github.com/hashicorp/memberlist@v0.5.4", + "github.com/jpillora/backoff@v1.0.0", + "github.com/mdlayher/socket@v0.4.1", + "github.com/mdlayher/vsock@v1.2.1", + "github.com/miekg/dns@v1.1.68", + "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", + "github.com/oklog/run@v1.2.0", + "github.com/oklog/ulid/v2@v2.1.1", + "github.com/prometheus/client_golang@v1.23.2", + "github.com/prometheus/client_model@v0.6.2", + "github.com/prometheus/common@v0.67.5", + "github.com/prometheus/exporter-toolkit@v0.15.1", + "github.com/prometheus/procfs@v0.16.1", + "github.com/prometheus/sigv4@v0.4.1", + "github.com/sean-/seed@v0.0.0-20170313163322-e2103e2c3529", + "github.com/xhit/go-str2duration/v2@v2.1.0", + "github.com/xlab/treeprint@v1.2.0", + "go.opentelemetry.io/auto/sdk@v1.2.1", + "go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@v0.66.0", + "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.66.0", + "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.41.0", + "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.41.0", + "go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.41.0", + "go.opentelemetry.io/otel/metric@v1.41.0", + "go.opentelemetry.io/otel/sdk@v1.41.0", + "go.opentelemetry.io/otel/trace@v1.41.0", + "go.opentelemetry.io/otel@v1.41.0", + "go.opentelemetry.io/proto/otlp@v1.9.0", + "go.yaml.in/yaml/v2@v2.4.3", + "go.yaml.in/yaml/v3@v3.0.4", + "golang.org/x/crypto@v0.49.0", + "golang.org/x/mod@v0.34.0", + "golang.org/x/net@v0.52.0", + "golang.org/x/oauth2@v0.35.0", + "golang.org/x/sync@v0.20.0", + "golang.org/x/sys@v0.42.0", + "golang.org/x/text@v0.35.0", + "golang.org/x/time@v0.14.0", + "google.golang.org/genproto/googleapis/api@v0.0.0-20260209200024-4cfbd4190f57", + "google.golang.org/genproto/googleapis/rpc@v0.0.0-20260209200024-4cfbd4190f57", + "google.golang.org/grpc@v1.80.0", + "google.golang.org/protobuf@v1.36.11", + "gopkg.in/yaml.v2@v2.4.0", + "stdlib@v1.26.2" + ], + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "stdlib@v1.26.2", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "72ad0bffed5617e7" + }, + "Version": "v1.26.2", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/alecthomas/kingpin/v2@v2.4.0", + "Name": "github.com/alecthomas/kingpin/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/alecthomas/kingpin/v2@v2.4.0", + "UID": "120ed40602820dce" + }, + "Version": "v2.4.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", + "Name": "github.com/alecthomas/units", + "Identifier": { + "PURL": "pkg:golang/github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", + "UID": "2d8ddd0221b28f2e" + }, + "Version": "v0.0.0-20240927000941-0f3dac36c52b", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/armon/go-metrics@v0.4.1", + "Name": "github.com/armon/go-metrics", + "Identifier": { + "PURL": "pkg:golang/github.com/armon/go-metrics@v0.4.1", + "UID": "7ebeaf02a52d52d" + }, + "Version": "v0.4.1", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2@v1.41.5", + "Name": "github.com/aws/aws-sdk-go-v2", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2@v1.41.5", + "UID": "7101322ce4bd4ee9" + }, + "Version": "v1.41.5", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/config@v1.32.13", + "Name": "github.com/aws/aws-sdk-go-v2/config", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/config@v1.32.13", + "UID": "9fcdd25bbbd42a54" + }, + "Version": "v1.32.13", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/credentials@v1.19.13", + "Name": "github.com/aws/aws-sdk-go-v2/credentials", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/credentials@v1.19.13", + "UID": "364d324e03471fbc" + }, + "Version": "v1.19.13", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.21", + "Name": "github.com/aws/aws-sdk-go-v2/feature/ec2/imds", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.21", + "UID": "5d27a0a1500a8d45" + }, + "Version": "v1.18.21", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.21", + "Name": "github.com/aws/aws-sdk-go-v2/internal/configsources", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.21", + "UID": "839f36e6c38d7369" + }, + "Version": "v1.4.21", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.21", + "Name": "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.21", + "UID": "d1a3236cfbd6ff79" + }, + "Version": "v2.7.21", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", + "Name": "github.com/aws/aws-sdk-go-v2/internal/ini", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", + "UID": "91956034016dce39" + }, + "Version": "v1.8.6", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", + "Name": "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", + "UID": "97fe572ab753f42d" + }, + "Version": "v1.13.7", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.21", + "Name": "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.21", + "UID": "391db372144d6bcb" + }, + "Version": "v1.13.21", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/signin@v1.0.9", + "Name": "github.com/aws/aws-sdk-go-v2/service/signin", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/signin@v1.0.9", + "UID": "a96db990dd2367bb" + }, + "Version": "v1.0.9", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/sso@v1.30.14", + "Name": "github.com/aws/aws-sdk-go-v2/service/sso", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/sso@v1.30.14", + "UID": "bd071e634c5425ef" + }, + "Version": "v1.30.14", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.18", + "Name": "github.com/aws/aws-sdk-go-v2/service/ssooidc", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.18", + "UID": "9802b347aae85556" + }, + "Version": "v1.35.18", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/sts@v1.41.10", + "Name": "github.com/aws/aws-sdk-go-v2/service/sts", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/sts@v1.41.10", + "UID": "91f71471c2c9c350" + }, + "Version": "v1.41.10", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/smithy-go@v1.24.2", + "Name": "github.com/aws/smithy-go", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/smithy-go@v1.24.2", + "UID": "86ff6036d460bcf7" + }, + "Version": "v1.24.2", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/beorn7/perks@v1.0.1", + "Name": "github.com/beorn7/perks", + "Identifier": { + "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", + "UID": "37b8b1ba2d6eccee" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cenkalti/backoff/v4@v4.3.0", + "Name": "github.com/cenkalti/backoff/v4", + "Identifier": { + "PURL": "pkg:golang/github.com/cenkalti/backoff/v4@v4.3.0", + "UID": "e2af2532b9f1037b" + }, + "Version": "v4.3.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cenkalti/backoff/v5@v5.0.3", + "Name": "github.com/cenkalti/backoff/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/cenkalti/backoff/v5@v5.0.3", + "UID": "fc83a3947e256729" + }, + "Version": "v5.0.3", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cespare/xxhash/v2@v2.3.0", + "Name": "github.com/cespare/xxhash/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0", + "UID": "99c7e12e12b2af47" + }, + "Version": "v2.3.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/coder/quartz@v0.3.0", + "Name": "github.com/coder/quartz", + "Identifier": { + "PURL": "pkg:golang/github.com/coder/quartz@v0.3.0", + "UID": "434f58e7d454f002" + }, + "Version": "v0.3.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/coreos/go-systemd/v22@v22.6.0", + "Name": "github.com/coreos/go-systemd/v22", + "Identifier": { + "PURL": "pkg:golang/github.com/coreos/go-systemd/v22@v22.6.0", + "UID": "3c6050d4b140cad5" + }, + "Version": "v22.6.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/felixge/httpsnoop@v1.0.4", + "Name": "github.com/felixge/httpsnoop", + "Identifier": { + "PURL": "pkg:golang/github.com/felixge/httpsnoop@v1.0.4", + "UID": "99b25398fa0029" + }, + "Version": "v1.0.4", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/logr@v1.4.3", + "Name": "github.com/go-logr/logr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/logr@v1.4.3", + "UID": "b1f0cf4b9dc52145" + }, + "Version": "v1.4.3", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/stdr@v1.2.2", + "Name": "github.com/go-logr/stdr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/stdr@v1.2.2", + "UID": "452552b1614ff6ae" + }, + "Version": "v1.2.2", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/analysis@v0.25.0", + "Name": "github.com/go-openapi/analysis", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/analysis@v0.25.0", + "UID": "f264eb5503550b15" + }, + "Version": "v0.25.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/errors@v0.22.7", + "Name": "github.com/go-openapi/errors", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/errors@v0.22.7", + "UID": "788b8a69fbec977d" + }, + "Version": "v0.22.7", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/jsonpointer@v0.22.5", + "Name": "github.com/go-openapi/jsonpointer", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/jsonpointer@v0.22.5", + "UID": "1983504464e3879a" + }, + "Version": "v0.22.5", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/jsonreference@v0.21.5", + "Name": "github.com/go-openapi/jsonreference", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/jsonreference@v0.21.5", + "UID": "bd03902028da66db" + }, + "Version": "v0.21.5", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/loads@v0.23.3", + "Name": "github.com/go-openapi/loads", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/loads@v0.23.3", + "UID": "9bf3cc8ad03d8a" + }, + "Version": "v0.23.3", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/runtime@v0.29.3", + "Name": "github.com/go-openapi/runtime", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/runtime@v0.29.3", + "UID": "17014a3c94cd2de9" + }, + "Version": "v0.29.3", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/spec@v0.22.4", + "Name": "github.com/go-openapi/spec", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/spec@v0.22.4", + "UID": "3782b22342ff56ac" + }, + "Version": "v0.22.4", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/strfmt@v0.26.1", + "Name": "github.com/go-openapi/strfmt", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/strfmt@v0.26.1", + "UID": "b3b8392537cfa1ed" + }, + "Version": "v0.26.1", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag@v0.25.5", + "Name": "github.com/go-openapi/swag", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag@v0.25.5", + "UID": "c04c4c4d11fbe8a6" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/cmdutils@v0.25.5", + "Name": "github.com/go-openapi/swag/cmdutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/cmdutils@v0.25.5", + "UID": "c57fe8af98e3ecf3" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/conv@v0.25.5", + "Name": "github.com/go-openapi/swag/conv", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/conv@v0.25.5", + "UID": "daf61d0b52bafac2" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/fileutils@v0.25.5", + "Name": "github.com/go-openapi/swag/fileutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/fileutils@v0.25.5", + "UID": "e1b323bdeea16d3" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/jsonname@v0.25.5", + "Name": "github.com/go-openapi/swag/jsonname", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/jsonname@v0.25.5", + "UID": "ef7fe50cd84dc525" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/jsonutils@v0.25.5", + "Name": "github.com/go-openapi/swag/jsonutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/jsonutils@v0.25.5", + "UID": "aa2c03c653338316" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/loading@v0.25.5", + "Name": "github.com/go-openapi/swag/loading", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/loading@v0.25.5", + "UID": "2b781dfe20b204b1" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/mangling@v0.25.5", + "Name": "github.com/go-openapi/swag/mangling", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/mangling@v0.25.5", + "UID": "916c322051d18256" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/netutils@v0.25.5", + "Name": "github.com/go-openapi/swag/netutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/netutils@v0.25.5", + "UID": "69dc539c8ecc613a" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/stringutils@v0.25.5", + "Name": "github.com/go-openapi/swag/stringutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/stringutils@v0.25.5", + "UID": "11316aa600f5efb0" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/typeutils@v0.25.5", + "Name": "github.com/go-openapi/swag/typeutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/typeutils@v0.25.5", + "UID": "b02055793f75d57d" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/yamlutils@v0.25.5", + "Name": "github.com/go-openapi/swag/yamlutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/yamlutils@v0.25.5", + "UID": "ef19ff997d8c1c70" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/validate@v0.25.2", + "Name": "github.com/go-openapi/validate", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/validate@v0.25.2", + "UID": "9fb031eda1406e31" + }, + "Version": "v0.25.2", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-viper/mapstructure/v2@v2.5.0", + "Name": "github.com/go-viper/mapstructure/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/go-viper/mapstructure/v2@v2.5.0", + "UID": "a0fe04a81eaaba97" + }, + "Version": "v2.5.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang-jwt/jwt/v5@v5.3.0", + "Name": "github.com/golang-jwt/jwt/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/golang-jwt/jwt/v5@v5.3.0", + "UID": "1996acf81877be01" + }, + "Version": "v5.3.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/btree@v1.1.3", + "Name": "github.com/google/btree", + "Identifier": { + "PURL": "pkg:golang/github.com/google/btree@v1.1.3", + "UID": "497059916e676bb2" + }, + "Version": "v1.1.3", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/uuid@v1.6.0", + "Name": "github.com/google/uuid", + "Identifier": { + "PURL": "pkg:golang/github.com/google/uuid@v1.6.0", + "UID": "638c72528462057c" + }, + "Version": "v1.6.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/grpc-ecosystem/grpc-gateway/v2@v2.28.0", + "Name": "github.com/grpc-ecosystem/grpc-gateway/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/grpc-ecosystem/grpc-gateway/v2@v2.28.0", + "UID": "c3d3b2c3d4ab3a34" + }, + "Version": "v2.28.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/errwrap@v1.1.0", + "Name": "github.com/hashicorp/errwrap", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/errwrap@v1.1.0", + "UID": "b00c869670d6c218" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-immutable-radix@v1.3.1", + "Name": "github.com/hashicorp/go-immutable-radix", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-immutable-radix@v1.3.1", + "UID": "a513b6d5d9620506" + }, + "Version": "v1.3.1", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-metrics@v0.5.4", + "Name": "github.com/hashicorp/go-metrics", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-metrics@v0.5.4", + "UID": "cf4361bb65d5e0a" + }, + "Version": "v0.5.4", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-msgpack/v2@v2.1.5", + "Name": "github.com/hashicorp/go-msgpack/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-msgpack/v2@v2.1.5", + "UID": "1872e58f9eb9ecb2" + }, + "Version": "v2.1.5", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-multierror@v1.1.1", + "Name": "github.com/hashicorp/go-multierror", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-multierror@v1.1.1", + "UID": "2c1c9e9905f92716" + }, + "Version": "v1.1.1", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-sockaddr@v1.0.7", + "Name": "github.com/hashicorp/go-sockaddr", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-sockaddr@v1.0.7", + "UID": "ba7a0907e57b50a5" + }, + "Version": "v1.0.7", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/golang-lru@v0.5.4", + "Name": "github.com/hashicorp/golang-lru", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/golang-lru@v0.5.4", + "UID": "ebc07f44a80e9fc5" + }, + "Version": "v0.5.4", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/golang-lru/v2@v2.0.7", + "Name": "github.com/hashicorp/golang-lru/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/golang-lru/v2@v2.0.7", + "UID": "446a5b06691cf9e3" + }, + "Version": "v2.0.7", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/memberlist@v0.5.4", + "Name": "github.com/hashicorp/memberlist", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/memberlist@v0.5.4", + "UID": "3dca9dee95cad796" + }, + "Version": "v0.5.4", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jpillora/backoff@v1.0.0", + "Name": "github.com/jpillora/backoff", + "Identifier": { + "PURL": "pkg:golang/github.com/jpillora/backoff@v1.0.0", + "UID": "83d66b1d93381e28" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mdlayher/socket@v0.4.1", + "Name": "github.com/mdlayher/socket", + "Identifier": { + "PURL": "pkg:golang/github.com/mdlayher/socket@v0.4.1", + "UID": "977da514ed8f507e" + }, + "Version": "v0.4.1", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mdlayher/vsock@v1.2.1", + "Name": "github.com/mdlayher/vsock", + "Identifier": { + "PURL": "pkg:golang/github.com/mdlayher/vsock@v1.2.1", + "UID": "7577dcb510eeb769" + }, + "Version": "v1.2.1", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/miekg/dns@v1.1.68", + "Name": "github.com/miekg/dns", + "Identifier": { + "PURL": "pkg:golang/github.com/miekg/dns@v1.1.68", + "UID": "d73187f753142705" + }, + "Version": "v1.1.68", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "Name": "github.com/munnerz/goautoneg", + "Identifier": { + "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "UID": "eb164906c3833b32" + }, + "Version": "v0.0.0-20191010083416-a7dc8b61c822", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", + "Name": "github.com/mwitkow/go-conntrack", + "Identifier": { + "PURL": "pkg:golang/github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", + "UID": "429ae4512663de27" + }, + "Version": "v0.0.0-20190716064945-2f068394615f", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/oklog/run@v1.2.0", + "Name": "github.com/oklog/run", + "Identifier": { + "PURL": "pkg:golang/github.com/oklog/run@v1.2.0", + "UID": "49a9cdc70bbe0b8e" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/oklog/ulid/v2@v2.1.1", + "Name": "github.com/oklog/ulid/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/oklog/ulid/v2@v2.1.1", + "UID": "9bb50f733f3481fc" + }, + "Version": "v2.1.1", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_golang@v1.23.2", + "Name": "github.com/prometheus/client_golang", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.23.2", + "UID": "a452d3d5c1e8b743" + }, + "Version": "v1.23.2", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_model@v0.6.2", + "Name": "github.com/prometheus/client_model", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_model@v0.6.2", + "UID": "a0675c1c234632b2" + }, + "Version": "v0.6.2", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/common@v0.67.5", + "Name": "github.com/prometheus/common", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/common@v0.67.5", + "UID": "a38673513c4a7ff7" + }, + "Version": "v0.67.5", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/exporter-toolkit@v0.15.1", + "Name": "github.com/prometheus/exporter-toolkit", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/exporter-toolkit@v0.15.1", + "UID": "c4557ae99ab507f6" + }, + "Version": "v0.15.1", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/procfs@v0.16.1", + "Name": "github.com/prometheus/procfs", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/procfs@v0.16.1", + "UID": "c0b91f24c129f901" + }, + "Version": "v0.16.1", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/sigv4@v0.4.1", + "Name": "github.com/prometheus/sigv4", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/sigv4@v0.4.1", + "UID": "a2a43ceabda6c91b" + }, + "Version": "v0.4.1", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/sean-/seed@v0.0.0-20170313163322-e2103e2c3529", + "Name": "github.com/sean-/seed", + "Identifier": { + "PURL": "pkg:golang/github.com/sean-/seed@v0.0.0-20170313163322-e2103e2c3529", + "UID": "307510990e328003" + }, + "Version": "v0.0.0-20170313163322-e2103e2c3529", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/xhit/go-str2duration/v2@v2.1.0", + "Name": "github.com/xhit/go-str2duration/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/xhit/go-str2duration/v2@v2.1.0", + "UID": "4273d654bb9b09b0" + }, + "Version": "v2.1.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/xlab/treeprint@v1.2.0", + "Name": "github.com/xlab/treeprint", + "Identifier": { + "PURL": "pkg:golang/github.com/xlab/treeprint@v1.2.0", + "UID": "464133349b8e76c9" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/auto/sdk@v1.2.1", + "Name": "go.opentelemetry.io/auto/sdk", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/auto/sdk@v1.2.1", + "UID": "738654f5fb2ff03a" + }, + "Version": "v1.2.1", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@v0.66.0", + "Name": "go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@v0.66.0", + "UID": "2cc4aa44deb1db61" + }, + "Version": "v0.66.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.66.0", + "Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.66.0", + "UID": "29aaf682e5cbad24" + }, + "Version": "v0.66.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel@v1.41.0", + "Name": "go.opentelemetry.io/otel", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel@v1.41.0", + "UID": "1a92505491df2841" + }, + "Version": "v1.41.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.41.0", + "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.41.0", + "UID": "5f4d21040f802faa" + }, + "Version": "v1.41.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.41.0", + "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.41.0", + "UID": "124c3b2b084a6ffc" + }, + "Version": "v1.41.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.41.0", + "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.41.0", + "UID": "a189492f3e3cd9d8" + }, + "Version": "v1.41.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/metric@v1.41.0", + "Name": "go.opentelemetry.io/otel/metric", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/metric@v1.41.0", + "UID": "ac091df1c269b1a0" + }, + "Version": "v1.41.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/sdk@v1.41.0", + "Name": "go.opentelemetry.io/otel/sdk", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/sdk@v1.41.0", + "UID": "1b139d64e65bc0b0" + }, + "Version": "v1.41.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/trace@v1.41.0", + "Name": "go.opentelemetry.io/otel/trace", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/trace@v1.41.0", + "UID": "de45e9031bdb0e87" + }, + "Version": "v1.41.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/proto/otlp@v1.9.0", + "Name": "go.opentelemetry.io/proto/otlp", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/proto/otlp@v1.9.0", + "UID": "1195d69266ef8b72" + }, + "Version": "v1.9.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.yaml.in/yaml/v2@v2.4.3", + "Name": "go.yaml.in/yaml/v2", + "Identifier": { + "PURL": "pkg:golang/go.yaml.in/yaml/v2@v2.4.3", + "UID": "2e10aa33428e542c" + }, + "Version": "v2.4.3", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.yaml.in/yaml/v3@v3.0.4", + "Name": "go.yaml.in/yaml/v3", + "Identifier": { + "PURL": "pkg:golang/go.yaml.in/yaml/v3@v3.0.4", + "UID": "16d232b4d1c9569f" + }, + "Version": "v3.0.4", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/crypto@v0.49.0", + "Name": "golang.org/x/crypto", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.49.0", + "UID": "4f64fdf89e9573d0" + }, + "Version": "v0.49.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/mod@v0.34.0", + "Name": "golang.org/x/mod", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/mod@v0.34.0", + "UID": "18bff65fda471564" + }, + "Version": "v0.34.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/net@v0.52.0", + "Name": "golang.org/x/net", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.52.0", + "UID": "49e14711744516a7" + }, + "Version": "v0.52.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/oauth2@v0.35.0", + "Name": "golang.org/x/oauth2", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/oauth2@v0.35.0", + "UID": "9eea24b1089525e0" + }, + "Version": "v0.35.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sync@v0.20.0", + "Name": "golang.org/x/sync", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sync@v0.20.0", + "UID": "6317925b5bf4c01e" + }, + "Version": "v0.20.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sys@v0.42.0", + "Name": "golang.org/x/sys", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sys@v0.42.0", + "UID": "618e027092f4ba9b" + }, + "Version": "v0.42.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/text@v0.35.0", + "Name": "golang.org/x/text", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/text@v0.35.0", + "UID": "ab487a9f778080e8" + }, + "Version": "v0.35.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/time@v0.14.0", + "Name": "golang.org/x/time", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/time@v0.14.0", + "UID": "64fb71f0eea1379b" + }, + "Version": "v0.14.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/genproto/googleapis/api@v0.0.0-20260209200024-4cfbd4190f57", + "Name": "google.golang.org/genproto/googleapis/api", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/genproto/googleapis/api@v0.0.0-20260209200024-4cfbd4190f57", + "UID": "c84e8023c3bcfe49" + }, + "Version": "v0.0.0-20260209200024-4cfbd4190f57", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/genproto/googleapis/rpc@v0.0.0-20260209200024-4cfbd4190f57", + "Name": "google.golang.org/genproto/googleapis/rpc", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/genproto/googleapis/rpc@v0.0.0-20260209200024-4cfbd4190f57", + "UID": "f0ecc2d61b318c22" + }, + "Version": "v0.0.0-20260209200024-4cfbd4190f57", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/grpc@v1.80.0", + "Name": "google.golang.org/grpc", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/grpc@v1.80.0", + "UID": "3f17563156914c17" + }, + "Version": "v1.80.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/protobuf@v1.36.11", + "Name": "google.golang.org/protobuf", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/protobuf@v1.36.11", + "UID": "737f4e5915429126" + }, + "Version": "v1.36.11", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v2@v2.4.0", + "Name": "gopkg.in/yaml.v2", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", + "UID": "9cf40bc580886d4e" + }, + "Version": "v2.4.0", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2026-39882", + "VendorIDs": [ + "GHSA-w8rr-5gcm-pp58" + ], + "PkgID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.41.0", + "PkgName": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp", + "PkgIdentifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.41.0", + "UID": "a189492f3e3cd9d8" + }, + "InstalledVersion": "v1.41.0", + "FixedVersion": "1.43.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39882", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:99935b6db464ae5edf466fb6d8ecc777a20df76b83dc67ebea361b5dfde05af8", + "Title": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ...", + "Description": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory bytes.Buffer without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled (or a network attacker can mitm the exporter connection). This vulnerability is fixed in 1.43.0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-789" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.3 + } + }, + "References": [ + "http://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0", + "https://github.com/open-telemetry/opentelemetry-go", + "https://github.com/open-telemetry/opentelemetry-go/pull/8108", + "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-w8rr-5gcm-pp58", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39882" + ], + "PublishedDate": "2026-04-08T21:17:00.547Z", + "LastModifiedDate": "2026-04-09T18:39:55.73Z" + }, + { + "VulnerabilityID": "CVE-2026-39883", + "VendorIDs": [ + "GHSA-hfvc-g4fc-pqhx" + ], + "PkgID": "go.opentelemetry.io/otel/sdk@v1.41.0", + "PkgName": "go.opentelemetry.io/otel/sdk", + "PkgIdentifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/sdk@v1.41.0", + "UID": "1b139d64e65bc0b0" + }, + "InstalledVersion": "v1.41.0", + "FixedVersion": "1.43.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39883", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:730eef800bf6d38a7bf413b1632a7224d601f64d2e15a2aa867191ffaa127c8d", + "Title": "opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking", + "Description": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This vulnerability is fixed in 1.43.0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-426" + ], + "VendorSeverity": { + "ghsa": 3, + "nvd": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", + "V40Score": 7.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0", + "https://github.com/open-telemetry/opentelemetry-go", + "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-hfvc-g4fc-pqhx", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39883" + ], + "PublishedDate": "2026-04-08T21:17:00.697Z", + "LastModifiedDate": "2026-04-10T21:16:27.12Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "72ad0bffed5617e7" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:54c29c23f381404d862c99a8413e9ed4b741f9d3cb086b84aacdf4ceb70836a2", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "72ad0bffed5617e7" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3922f5383e15b704eb0a7a48041f64a6c657df1ad708b331c6ad7e01f3c44e8b", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "72ad0bffed5617e7" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c567038a7813b33af2ee2abe15645d45fb4387689caa02e044659eaa2c245e8f", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "72ad0bffed5617e7" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:0cbab31620f0c3071b05c09bae3606e14e3def23fbcf055b554d2eb86b3093f7", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "72ad0bffed5617e7" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:68b7351f8f9de3576865cb9778ad9b774bcf634d65ae9bd170ce11540efee3c9", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "72ad0bffed5617e7" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:589af3ff40db8b36479ffab2cbdb33ae734e238f9245431bdf640c2cca4fafd7", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "72ad0bffed5617e7" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6fee37303636ed27718fc6a3372de3b1e44f75f143331f8b9d1c40058f16df15", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "72ad0bffed5617e7" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", + "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:87d76236d84dfc030034aee9a379a9b1f43df4f20770adf846e22f88da24487d", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + } + ] + }, + { + "Namespace": "prometheus", + "Kind": "Deployment", + "Name": "auth-exporter", + "Metadata": [ + { + "Size": 123288576, + "OS": { + "Family": "debian", + "Name": "13.5" + }, + "ImageID": "sha256:e1054bc5a9f2ddbdd6d0247997c45f2201a4e9b4c6f824b247064a558e877070", + "DiffIDs": [ + "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40", + "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54", + "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939", + "sha256:6872606a6b819a8348189e0d99b8e730aa74d558c158d96f1dd2406a7c6baaf7" + ], + "RepoTags": [ + "python:3.12-slim" + ], + "RepoDigests": [ + "python@sha256:9d3abd9fc11d06998ccdbdd93b4dd49b5ad7d67fcbbc11c016eb0eb2c2194891" + ], + "Reference": "python:3.12-slim", + "ImageConfig": { + "architecture": "amd64", + "created": "2026-05-19T23:50:55.52769964Z", + "history": [ + { + "created": "2026-05-18T00:00:00Z", + "created_by": "# debian.sh --arch 'amd64' out/ 'trixie' '@1779062400'", + "comment": "debuerreotype 0.17" + }, + { + "created": "2026-05-19T23:42:40.234278553Z", + "created_by": "ENV PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T23:42:40.234278553Z", + "created_by": "ENV LANG=C.UTF-8", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T23:42:40.234278553Z", + "created_by": "RUN /bin/sh -c set -eux; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tca-certificates \t\tnetbase \t\ttzdata \t; \tapt-get dist-clean # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-19T23:42:40.234278553Z", + "created_by": "ENV GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T23:42:40.234278553Z", + "created_by": "ENV PYTHON_VERSION=3.12.13", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T23:42:40.234278553Z", + "created_by": "ENV PYTHON_SHA256=c08bc65a81971c1dd5783182826503369466c7e67374d1646519adf05207b684", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T23:50:55.41770734Z", + "created_by": "RUN /bin/sh -c set -eux; \t\tsavedAptMark=\"$(apt-mark showmanual)\"; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tdpkg-dev \t\tgcc \t\tgnupg \t\tlibbluetooth-dev \t\tlibbz2-dev \t\tlibc6-dev \t\tlibdb-dev \t\tlibffi-dev \t\tlibgdbm-dev \t\tliblzma-dev \t\tlibncursesw5-dev \t\tlibreadline-dev \t\tlibsqlite3-dev \t\tlibssl-dev \t\tmake \t\ttk-dev \t\tuuid-dev \t\twget \t\txz-utils \t\tzlib1g-dev \t; \t\twget -O python.tar.xz \"https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz\"; \techo \"$PYTHON_SHA256 *python.tar.xz\" | sha256sum -c -; \twget -O python.tar.xz.asc \"https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc\"; \tGNUPGHOME=\"$(mktemp -d)\"; export GNUPGHOME; \tgpg --batch --keyserver hkps://keys.openpgp.org --recv-keys \"$GPG_KEY\"; \tgpg --batch --verify python.tar.xz.asc python.tar.xz; \tgpgconf --kill all; \trm -rf \"$GNUPGHOME\" python.tar.xz.asc; \tmkdir -p /usr/src/python; \ttar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; \trm python.tar.xz; \t\tcd /usr/src/python; \tgnuArch=\"$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)\"; \t./configure \t\t--build=\"$gnuArch\" \t\t--enable-loadable-sqlite-extensions \t\t--enable-optimizations \t\t--enable-option-checking=fatal \t\t--enable-shared \t\t$(test \"${gnuArch%%-*}\" != 'riscv64' \u0026\u0026 echo '--with-lto') \t\t--with-ensurepip \t; \tnproc=\"$(nproc)\"; \tEXTRA_CFLAGS=\"$(dpkg-buildflags --get CFLAGS)\"; \tLDFLAGS=\"$(dpkg-buildflags --get LDFLAGS)\"; \tLDFLAGS=\"${LDFLAGS:-} -Wl,--strip-all\"; \tarch=\"$(dpkg --print-architecture)\"; arch=\"${arch##*-}\"; \tcase \"$arch\" in \t\tamd64|arm64) \t\t\tEXTRA_CFLAGS=\"${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer\"; \t\t\t;; \t\ti386) \t\t\t;; \t\t*) \t\t\tEXTRA_CFLAGS=\"${EXTRA_CFLAGS:-} -fno-omit-frame-pointer\"; \t\t\t;; \tesac; \tmake -j \"$nproc\" \t\t\"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}\" \t\t\"LDFLAGS=${LDFLAGS:-}\" \t; \trm python; \tmake -j \"$nproc\" \t\t\"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}\" \t\t\"LDFLAGS=${LDFLAGS:-} -Wl,-rpath='\\$\\$ORIGIN/../lib'\" \t\tpython \t; \tmake install; \t\tcd /; \trm -rf /usr/src/python; \t\tfind /usr/local -depth \t\t\\( \t\t\t\\( -type d -a \\( -name test -o -name tests -o -name idle_test \\) \\) \t\t\t-o \\( -type f -a \\( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \\) \\) \t\t\\) -exec rm -rf '{}' + \t; \t\tldconfig; \t\tapt-mark auto '.*' \u003e /dev/null; \tapt-mark manual $savedAptMark; \tfind /usr/local -type f -executable -not \\( -name '*tkinter*' \\) -exec ldd '{}' ';' \t\t| awk '/=\u003e/ { so = $(NF-1); if (index(so, \"/usr/local/\") == 1) { next }; gsub(\"^/(usr/)?\", \"\", so); printf \"*%s\\n\", so }' \t\t| sort -u \t\t| xargs -rt dpkg-query --search \t\t| awk 'sub(\":$\", \"\", $1) { print $1 }' \t\t| sort -u \t\t| xargs -r apt-mark manual \t; \tapt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \tapt-get dist-clean; \t\texport PYTHONDONTWRITEBYTECODE=1; \tpython3 --version; \tpip3 --version # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-19T23:50:55.52769964Z", + "created_by": "RUN /bin/sh -c set -eux; \tfor src in idle3 pip3 pydoc3 python3 python3-config; do \t\tdst=\"$(echo \"$src\" | tr -d 3)\"; \t\t[ -s \"/usr/local/bin/$src\" ]; \t\t[ ! -e \"/usr/local/bin/$dst\" ]; \t\tln -svT \"$src\" \"/usr/local/bin/$dst\"; \tdone # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-19T23:50:55.52769964Z", + "created_by": "CMD [\"python3\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40", + "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54", + "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939", + "sha256:6872606a6b819a8348189e0d99b8e730aa74d558c158d96f1dd2406a7c6baaf7" + ] + }, + "config": { + "Cmd": [ + "python3" + ], + "Env": [ + "PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "LANG=C.UTF-8", + "GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305", + "PYTHON_VERSION=3.12.13", + "PYTHON_SHA256=c08bc65a81971c1dd5783182826503369466c7e67374d1646519adf05207b684" + ] + } + }, + "Layers": [ + { + "Size": 81049600, + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + { + "Size": 4127232, + "Digest": "sha256:4a9dde5cdde190bfa0a3ab17863a083e66ea9636b157638c315357dfa476ba76", + "DiffID": "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54" + }, + { + "Size": 38106624, + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + { + "Size": 5120, + "Digest": "sha256:07342fe545e640a2c4960e97ffe33a301cd8e61e0c4d4307d7ac66b6b8a9eb2d", + "DiffID": "sha256:6872606a6b819a8348189e0d99b8e730aa74d558c158d96f1dd2406a7c6baaf7" + } + ] + } + ], + "Results": [ + { + "Target": "python:3.12-slim (debian 13.5)", + "Class": "os-pkgs", + "Type": "debian", + "Packages": [ + { + "ID": "adduser@3.152", + "Name": "adduser", + "Identifier": { + "PURL": "pkg:deb/debian/adduser@3.152?arch=all\u0026distro=debian-13.5", + "UID": "681428a4291e51" + }, + "Version": "3.152", + "Arch": "all", + "SrcName": "adduser", + "SrcVersion": "3.152", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Debian Adduser Developers \u003cadduser@packages.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "passwd@1:4.17.4-2" + ], + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "InstalledFiles": [ + "/usr/sbin/adduser", + "/usr/sbin/deluser", + "/usr/share/doc/adduser/NEWS.Debian.gz", + "/usr/share/doc/adduser/README.gz", + "/usr/share/doc/adduser/TODO", + "/usr/share/doc/adduser/changelog.gz", + "/usr/share/doc/adduser/copyright", + "/usr/share/doc/adduser/examples/INSTALL", + "/usr/share/doc/adduser/examples/README", + "/usr/share/doc/adduser/examples/adduser.conf", + "/usr/share/doc/adduser/examples/adduser.local", + "/usr/share/doc/adduser/examples/adduser.local.conf", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/bash.bashrc", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/profile", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel.other/index.html", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_logout", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_profile", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bashrc", + "/usr/share/doc/adduser/examples/deluser.conf", + "/usr/share/man/da/man5/deluser.conf.5.gz", + "/usr/share/man/de/man5/adduser.conf.5.gz", + "/usr/share/man/de/man5/deluser.conf.5.gz", + "/usr/share/man/de/man8/adduser.8.gz", + "/usr/share/man/de/man8/adduser.local.8.gz", + "/usr/share/man/de/man8/deluser.8.gz", + "/usr/share/man/es/man5/deluser.conf.5.gz", + "/usr/share/man/fr/man5/adduser.conf.5.gz", + "/usr/share/man/fr/man5/deluser.conf.5.gz", + "/usr/share/man/fr/man8/adduser.8.gz", + "/usr/share/man/fr/man8/deluser.8.gz", + "/usr/share/man/it/man5/deluser.conf.5.gz", + "/usr/share/man/man5/adduser.conf.5.gz", + "/usr/share/man/man5/deluser.conf.5.gz", + "/usr/share/man/man8/adduser.8.gz", + "/usr/share/man/man8/adduser.local.8.gz", + "/usr/share/man/man8/deluser.8.gz", + "/usr/share/man/nl/man5/adduser.conf.5.gz", + "/usr/share/man/nl/man5/deluser.conf.5.gz", + "/usr/share/man/nl/man8/adduser.8.gz", + "/usr/share/man/nl/man8/adduser.local.8.gz", + "/usr/share/man/nl/man8/deluser.8.gz", + "/usr/share/man/pl/man5/deluser.conf.5.gz", + "/usr/share/man/pt/man5/adduser.conf.5.gz", + "/usr/share/man/pt/man5/deluser.conf.5.gz", + "/usr/share/man/pt/man8/adduser.8.gz", + "/usr/share/man/pt/man8/adduser.local.8.gz", + "/usr/share/man/pt/man8/deluser.8.gz", + "/usr/share/man/ro/man5/adduser.conf.5.gz", + "/usr/share/man/ro/man5/deluser.conf.5.gz", + "/usr/share/man/ro/man8/adduser.8.gz", + "/usr/share/man/ro/man8/adduser.local.8.gz", + "/usr/share/man/ro/man8/deluser.8.gz", + "/usr/share/man/ru/man5/deluser.conf.5.gz", + "/usr/share/man/sv/man5/deluser.conf.5.gz", + "/usr/share/perl5/Debian/AdduserCommon.pm", + "/usr/share/perl5/Debian/AdduserLogging.pm", + "/usr/share/perl5/Debian/AdduserRetvalues.pm" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "apt@3.0.3", + "Name": "apt", + "Identifier": { + "PURL": "pkg:deb/debian/apt@3.0.3?arch=amd64\u0026distro=debian-13.5", + "UID": "2e5d8c8032700559" + }, + "Version": "3.0.3", + "Arch": "amd64", + "SrcName": "apt", + "SrcVersion": "3.0.3", + "Licenses": [ + "GPL-2.0-or-later", + "curl", + "BSD-3-Clause", + "MIT", + "GPL-2.0-only" + ], + "Maintainer": "APT Development Team \u003cdeity@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "adduser@3.152", + "base-passwd@3.6.7", + "debian-archive-keyring@2025.1", + "libapt-pkg7.0@3.0.3", + "libc6@2.41-12+deb13u3", + "libgcc-s1@14.2.0-19", + "libseccomp2@2.6.0-2", + "libssl3t64@3.5.6-1~deb13u1", + "libstdc++6@14.2.0-19", + "libsystemd0@257.13-1~deb13u1", + "sqv@1.3.0-3+b2" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/apt", + "/usr/bin/apt-cache", + "/usr/bin/apt-cdrom", + "/usr/bin/apt-config", + "/usr/bin/apt-get", + "/usr/bin/apt-mark", + "/usr/lib/apt/apt-extracttemplates", + "/usr/lib/apt/apt-helper", + "/usr/lib/apt/apt.systemd.daily", + "/usr/lib/apt/methods/cdrom", + "/usr/lib/apt/methods/copy", + "/usr/lib/apt/methods/file", + "/usr/lib/apt/methods/gpgv", + "/usr/lib/apt/methods/http", + "/usr/lib/apt/methods/mirror", + "/usr/lib/apt/methods/rred", + "/usr/lib/apt/methods/sqv", + "/usr/lib/apt/methods/store", + "/usr/lib/apt/solvers/dump", + "/usr/lib/dpkg/methods/apt/desc.apt", + "/usr/lib/dpkg/methods/apt/install", + "/usr/lib/dpkg/methods/apt/names", + "/usr/lib/dpkg/methods/apt/setup", + "/usr/lib/dpkg/methods/apt/update", + "/usr/lib/systemd/system/apt-daily-upgrade.service", + "/usr/lib/systemd/system/apt-daily-upgrade.timer", + "/usr/lib/systemd/system/apt-daily.service", + "/usr/lib/systemd/system/apt-daily.timer", + "/usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0", + "/usr/share/apt/default-sequoia.config", + "/usr/share/bash-completion/completions/apt", + "/usr/share/bug/apt/script", + "/usr/share/doc/apt/NEWS.Debian.gz", + "/usr/share/doc/apt/README.md.gz", + "/usr/share/doc/apt/changelog.gz", + "/usr/share/doc/apt/copyright", + "/usr/share/doc/apt/examples/apt.conf", + "/usr/share/doc/apt/examples/configure-index", + "/usr/share/doc/apt/examples/debian.sources", + "/usr/share/doc/apt/examples/preferences", + "/usr/share/lintian/overrides/apt", + "/usr/share/locale/ar/LC_MESSAGES/apt.mo", + "/usr/share/locale/ast/LC_MESSAGES/apt.mo", + "/usr/share/locale/bg/LC_MESSAGES/apt.mo", + "/usr/share/locale/bs/LC_MESSAGES/apt.mo", + "/usr/share/locale/ca/LC_MESSAGES/apt.mo", + "/usr/share/locale/cs/LC_MESSAGES/apt.mo", + "/usr/share/locale/cy/LC_MESSAGES/apt.mo", + "/usr/share/locale/da/LC_MESSAGES/apt.mo", + "/usr/share/locale/de/LC_MESSAGES/apt.mo", + "/usr/share/locale/dz/LC_MESSAGES/apt.mo", + "/usr/share/locale/el/LC_MESSAGES/apt.mo", + "/usr/share/locale/es/LC_MESSAGES/apt.mo", + "/usr/share/locale/eu/LC_MESSAGES/apt.mo", + "/usr/share/locale/fi/LC_MESSAGES/apt.mo", + "/usr/share/locale/fr/LC_MESSAGES/apt.mo", + "/usr/share/locale/gl/LC_MESSAGES/apt.mo", + "/usr/share/locale/hu/LC_MESSAGES/apt.mo", + "/usr/share/locale/it/LC_MESSAGES/apt.mo", + "/usr/share/locale/ja/LC_MESSAGES/apt.mo", + "/usr/share/locale/km/LC_MESSAGES/apt.mo", + "/usr/share/locale/ko/LC_MESSAGES/apt.mo", + "/usr/share/locale/ku/LC_MESSAGES/apt.mo", + "/usr/share/locale/lt/LC_MESSAGES/apt.mo", + "/usr/share/locale/mr/LC_MESSAGES/apt.mo", + "/usr/share/locale/nb/LC_MESSAGES/apt.mo", + "/usr/share/locale/ne/LC_MESSAGES/apt.mo", + "/usr/share/locale/nl/LC_MESSAGES/apt.mo", + "/usr/share/locale/nn/LC_MESSAGES/apt.mo", + "/usr/share/locale/pl/LC_MESSAGES/apt.mo", + "/usr/share/locale/pt/LC_MESSAGES/apt.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/apt.mo", + "/usr/share/locale/ro/LC_MESSAGES/apt.mo", + "/usr/share/locale/ru/LC_MESSAGES/apt.mo", + "/usr/share/locale/sk/LC_MESSAGES/apt.mo", + "/usr/share/locale/sl/LC_MESSAGES/apt.mo", + "/usr/share/locale/sv/LC_MESSAGES/apt.mo", + "/usr/share/locale/th/LC_MESSAGES/apt.mo", + "/usr/share/locale/tl/LC_MESSAGES/apt.mo", + "/usr/share/locale/tr/LC_MESSAGES/apt.mo", + "/usr/share/locale/uk/LC_MESSAGES/apt.mo", + "/usr/share/locale/vi/LC_MESSAGES/apt.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/apt.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/apt.mo", + "/usr/share/man/de/man1/apt-transport-http.1.gz", + "/usr/share/man/de/man1/apt-transport-https.1.gz", + "/usr/share/man/de/man1/apt-transport-mirror.1.gz", + "/usr/share/man/de/man5/apt.conf.5.gz", + "/usr/share/man/de/man5/apt_auth.conf.5.gz", + "/usr/share/man/de/man5/apt_preferences.5.gz", + "/usr/share/man/de/man5/sources.list.5.gz", + "/usr/share/man/de/man7/apt-patterns.7.gz", + "/usr/share/man/de/man8/apt-cache.8.gz", + "/usr/share/man/de/man8/apt-cdrom.8.gz", + "/usr/share/man/de/man8/apt-config.8.gz", + "/usr/share/man/de/man8/apt-get.8.gz", + "/usr/share/man/de/man8/apt-mark.8.gz", + "/usr/share/man/de/man8/apt-secure.8.gz", + "/usr/share/man/de/man8/apt.8.gz", + "/usr/share/man/es/man5/apt_preferences.5.gz", + "/usr/share/man/es/man8/apt-cache.8.gz", + "/usr/share/man/es/man8/apt-cdrom.8.gz", + "/usr/share/man/es/man8/apt-config.8.gz", + "/usr/share/man/fr/man1/apt-transport-http.1.gz", + "/usr/share/man/fr/man1/apt-transport-https.1.gz", + "/usr/share/man/fr/man1/apt-transport-mirror.1.gz", + "/usr/share/man/fr/man5/apt.conf.5.gz", + "/usr/share/man/fr/man5/apt_auth.conf.5.gz", + "/usr/share/man/fr/man5/apt_preferences.5.gz", + "/usr/share/man/fr/man5/sources.list.5.gz", + "/usr/share/man/fr/man7/apt-patterns.7.gz", + "/usr/share/man/fr/man8/apt-cache.8.gz", + "/usr/share/man/fr/man8/apt-cdrom.8.gz", + "/usr/share/man/fr/man8/apt-config.8.gz", + "/usr/share/man/fr/man8/apt-get.8.gz", + "/usr/share/man/fr/man8/apt-mark.8.gz", + "/usr/share/man/fr/man8/apt-secure.8.gz", + "/usr/share/man/fr/man8/apt.8.gz", + "/usr/share/man/it/man5/apt.conf.5.gz", + "/usr/share/man/it/man5/apt_preferences.5.gz", + "/usr/share/man/it/man8/apt-cache.8.gz", + "/usr/share/man/it/man8/apt-cdrom.8.gz", + "/usr/share/man/it/man8/apt-config.8.gz", + "/usr/share/man/it/man8/apt-mark.8.gz", + "/usr/share/man/it/man8/apt.8.gz", + "/usr/share/man/ja/man5/apt.conf.5.gz", + "/usr/share/man/ja/man5/apt_preferences.5.gz", + "/usr/share/man/ja/man8/apt-cache.8.gz", + "/usr/share/man/ja/man8/apt-cdrom.8.gz", + "/usr/share/man/ja/man8/apt-config.8.gz", + "/usr/share/man/ja/man8/apt-mark.8.gz", + "/usr/share/man/ja/man8/apt.8.gz", + "/usr/share/man/man1/apt-transport-http.1.gz", + "/usr/share/man/man1/apt-transport-https.1.gz", + "/usr/share/man/man1/apt-transport-mirror.1.gz", + "/usr/share/man/man5/apt.conf.5.gz", + "/usr/share/man/man5/apt_auth.conf.5.gz", + "/usr/share/man/man5/apt_preferences.5.gz", + "/usr/share/man/man5/sources.list.5.gz", + "/usr/share/man/man7/apt-patterns.7.gz", + "/usr/share/man/man8/apt-cache.8.gz", + "/usr/share/man/man8/apt-cdrom.8.gz", + "/usr/share/man/man8/apt-config.8.gz", + "/usr/share/man/man8/apt-get.8.gz", + "/usr/share/man/man8/apt-mark.8.gz", + "/usr/share/man/man8/apt-secure.8.gz", + "/usr/share/man/man8/apt.8.gz", + "/usr/share/man/nl/man1/apt-transport-http.1.gz", + "/usr/share/man/nl/man1/apt-transport-https.1.gz", + "/usr/share/man/nl/man1/apt-transport-mirror.1.gz", + "/usr/share/man/nl/man5/apt.conf.5.gz", + "/usr/share/man/nl/man5/apt_auth.conf.5.gz", + "/usr/share/man/nl/man5/apt_preferences.5.gz", + "/usr/share/man/nl/man5/sources.list.5.gz", + "/usr/share/man/nl/man7/apt-patterns.7.gz", + "/usr/share/man/nl/man8/apt-cache.8.gz", + "/usr/share/man/nl/man8/apt-cdrom.8.gz", + "/usr/share/man/nl/man8/apt-config.8.gz", + "/usr/share/man/nl/man8/apt-get.8.gz", + "/usr/share/man/nl/man8/apt-mark.8.gz", + "/usr/share/man/nl/man8/apt-secure.8.gz", + "/usr/share/man/nl/man8/apt.8.gz", + "/usr/share/man/pl/man5/apt_preferences.5.gz", + "/usr/share/man/pl/man8/apt-cache.8.gz", + "/usr/share/man/pl/man8/apt-cdrom.8.gz", + "/usr/share/man/pl/man8/apt-config.8.gz", + "/usr/share/man/pt/man1/apt-transport-http.1.gz", + "/usr/share/man/pt/man1/apt-transport-https.1.gz", + "/usr/share/man/pt/man1/apt-transport-mirror.1.gz", + "/usr/share/man/pt/man5/apt.conf.5.gz", + "/usr/share/man/pt/man5/apt_auth.conf.5.gz", + "/usr/share/man/pt/man5/apt_preferences.5.gz", + "/usr/share/man/pt/man5/sources.list.5.gz", + "/usr/share/man/pt/man7/apt-patterns.7.gz", + "/usr/share/man/pt/man8/apt-cache.8.gz", + "/usr/share/man/pt/man8/apt-cdrom.8.gz", + "/usr/share/man/pt/man8/apt-config.8.gz", + "/usr/share/man/pt/man8/apt-get.8.gz", + "/usr/share/man/pt/man8/apt-mark.8.gz", + "/usr/share/man/pt/man8/apt-secure.8.gz", + "/usr/share/man/pt/man8/apt.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "base-files@13.8+deb13u5", + "Name": "base-files", + "Identifier": { + "PURL": "pkg:deb/debian/base-files@13.8%2Bdeb13u5?arch=amd64\u0026distro=debian-13.5", + "UID": "6b13e330b45e6f4f" + }, + "Version": "13.8+deb13u5", + "Arch": "amd64", + "SrcName": "base-files", + "SrcVersion": "13.8+deb13u5", + "Licenses": [ + "GPL-2.0-or-later", + "verbatim" + ], + "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/os-release", + "/usr/share/base-files/dot.bashrc", + "/usr/share/base-files/dot.profile", + "/usr/share/base-files/dot.profile.md5sums", + "/usr/share/base-files/info.dir", + "/usr/share/base-files/motd", + "/usr/share/base-files/profile", + "/usr/share/base-files/profile.md5sums", + "/usr/share/base-files/staff-group-for-usr-local", + "/usr/share/common-licenses/Apache-2.0", + "/usr/share/common-licenses/Artistic", + "/usr/share/common-licenses/BSD", + "/usr/share/common-licenses/CC0-1.0", + "/usr/share/common-licenses/GFDL-1.2", + "/usr/share/common-licenses/GFDL-1.3", + "/usr/share/common-licenses/GPL-1", + "/usr/share/common-licenses/GPL-2", + "/usr/share/common-licenses/GPL-3", + "/usr/share/common-licenses/LGPL-2", + "/usr/share/common-licenses/LGPL-2.1", + "/usr/share/common-licenses/LGPL-3", + "/usr/share/common-licenses/MPL-1.1", + "/usr/share/common-licenses/MPL-2.0", + "/usr/share/doc/base-files/NEWS.Debian.gz", + "/usr/share/doc/base-files/README", + "/usr/share/doc/base-files/README.FHS", + "/usr/share/doc/base-files/changelog.gz", + "/usr/share/doc/base-files/copyright", + "/usr/share/lintian/overrides/base-files" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "base-passwd@3.6.7", + "Name": "base-passwd", + "Identifier": { + "PURL": "pkg:deb/debian/base-passwd@3.6.7?arch=amd64\u0026distro=debian-13.5", + "UID": "f77779fa356eca05" + }, + "Version": "3.6.7", + "Arch": "amd64", + "SrcName": "base-passwd", + "SrcVersion": "3.6.7", + "Licenses": [ + "GPL-2.0-only", + "public-domain" + ], + "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libdebconfclient0@0.280", + "libselinux1@3.8.1-1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/sbin/update-passwd", + "/usr/share/base-passwd/group.master", + "/usr/share/base-passwd/passwd.master", + "/usr/share/doc-base/base-passwd.users-and-groups", + "/usr/share/doc/base-passwd/README", + "/usr/share/doc/base-passwd/changelog.gz", + "/usr/share/doc/base-passwd/copyright", + "/usr/share/doc/base-passwd/users-and-groups.html", + "/usr/share/doc/base-passwd/users-and-groups.txt.gz", + "/usr/share/lintian/overrides/base-passwd", + "/usr/share/man/de/man8/update-passwd.8.gz", + "/usr/share/man/es/man8/update-passwd.8.gz", + "/usr/share/man/fr/man8/update-passwd.8.gz", + "/usr/share/man/ja/man8/update-passwd.8.gz", + "/usr/share/man/man8/update-passwd.8.gz", + "/usr/share/man/pl/man8/update-passwd.8.gz", + "/usr/share/man/ro/man8/update-passwd.8.gz", + "/usr/share/man/ru/man8/update-passwd.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "bash@5.2.37-2+b9", + "Name": "bash", + "Identifier": { + "PURL": "pkg:deb/debian/bash@5.2.37-2%2Bb9?arch=amd64\u0026distro=debian-13.5", + "UID": "f36f9b3693158651" + }, + "Version": "5.2.37", + "Release": "2+b9", + "Arch": "amd64", + "SrcName": "bash", + "SrcVersion": "5.2.37", + "SrcRelease": "2", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "GPL-2.0-or-later", + "GPL-2.0-only", + "GFDL-1.3-no-invariants-only", + "GFDL-1.3-only", + "Latex2e", + "BSD-4-Clause-UC", + "MIT", + "permissive" + ], + "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "base-files@13.8+deb13u5", + "debianutils@5.23.2" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/bash", + "/usr/bin/bashbug", + "/usr/bin/clear_console", + "/usr/share/debianutils/shells.d/bash", + "/usr/share/doc/bash/CHANGES.gz", + "/usr/share/doc/bash/COMPAT.gz", + "/usr/share/doc/bash/INTRO.gz", + "/usr/share/doc/bash/NEWS.gz", + "/usr/share/doc/bash/POSIX.gz", + "/usr/share/doc/bash/RBASH", + "/usr/share/doc/bash/README.Debian.gz", + "/usr/share/doc/bash/README.abs-guide", + "/usr/share/doc/bash/README.commands.gz", + "/usr/share/doc/bash/README.gz", + "/usr/share/doc/bash/changelog.Debian.amd64.gz", + "/usr/share/doc/bash/changelog.Debian.gz", + "/usr/share/doc/bash/changelog.gz", + "/usr/share/doc/bash/copyright", + "/usr/share/doc/bash/inputrc.arrows", + "/usr/share/lintian/overrides/bash", + "/usr/share/locale/af/LC_MESSAGES/bash.mo", + "/usr/share/locale/bg/LC_MESSAGES/bash.mo", + "/usr/share/locale/ca/LC_MESSAGES/bash.mo", + "/usr/share/locale/cs/LC_MESSAGES/bash.mo", + "/usr/share/locale/da/LC_MESSAGES/bash.mo", + "/usr/share/locale/de/LC_MESSAGES/bash.mo", + "/usr/share/locale/el/LC_MESSAGES/bash.mo", + "/usr/share/locale/en@boldquot/LC_MESSAGES/bash.mo", + "/usr/share/locale/en@quot/LC_MESSAGES/bash.mo", + "/usr/share/locale/eo/LC_MESSAGES/bash.mo", + "/usr/share/locale/es/LC_MESSAGES/bash.mo", + "/usr/share/locale/et/LC_MESSAGES/bash.mo", + "/usr/share/locale/fi/LC_MESSAGES/bash.mo", + "/usr/share/locale/fr/LC_MESSAGES/bash.mo", + "/usr/share/locale/ga/LC_MESSAGES/bash.mo", + "/usr/share/locale/gl/LC_MESSAGES/bash.mo", + "/usr/share/locale/hr/LC_MESSAGES/bash.mo", + "/usr/share/locale/hu/LC_MESSAGES/bash.mo", + "/usr/share/locale/id/LC_MESSAGES/bash.mo", + "/usr/share/locale/it/LC_MESSAGES/bash.mo", + "/usr/share/locale/ja/LC_MESSAGES/bash.mo", + "/usr/share/locale/ko/LC_MESSAGES/bash.mo", + "/usr/share/locale/lt/LC_MESSAGES/bash.mo", + "/usr/share/locale/nb/LC_MESSAGES/bash.mo", + "/usr/share/locale/nl/LC_MESSAGES/bash.mo", + "/usr/share/locale/pl/LC_MESSAGES/bash.mo", + "/usr/share/locale/pt/LC_MESSAGES/bash.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/bash.mo", + "/usr/share/locale/ro/LC_MESSAGES/bash.mo", + "/usr/share/locale/ru/LC_MESSAGES/bash.mo", + "/usr/share/locale/sk/LC_MESSAGES/bash.mo", + "/usr/share/locale/sl/LC_MESSAGES/bash.mo", + "/usr/share/locale/sr/LC_MESSAGES/bash.mo", + "/usr/share/locale/sv/LC_MESSAGES/bash.mo", + "/usr/share/locale/tr/LC_MESSAGES/bash.mo", + "/usr/share/locale/uk/LC_MESSAGES/bash.mo", + "/usr/share/locale/vi/LC_MESSAGES/bash.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/bash.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/bash.mo", + "/usr/share/man/man1/bash.1.gz", + "/usr/share/man/man1/bashbug.1.gz", + "/usr/share/man/man1/clear_console.1.gz", + "/usr/share/man/man1/rbash.1.gz", + "/usr/share/man/man7/bash-builtins.7.gz", + "/usr/share/menu/bash" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "bsdutils@1:2.41-5", + "Name": "bsdutils", + "Identifier": { + "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "5843733a461e6ce1" + }, + "Version": "2.41", + "Release": "5", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/logger", + "/usr/bin/renice", + "/usr/bin/script", + "/usr/bin/scriptlive", + "/usr/bin/scriptreplay", + "/usr/bin/wall", + "/usr/share/bash-completion/completions/logger", + "/usr/share/bash-completion/completions/renice", + "/usr/share/bash-completion/completions/script", + "/usr/share/bash-completion/completions/scriptlive", + "/usr/share/bash-completion/completions/scriptreplay", + "/usr/share/bash-completion/completions/wall", + "/usr/share/doc/bsdutils/NEWS.Debian.gz", + "/usr/share/doc/bsdutils/changelog.Debian.gz", + "/usr/share/doc/bsdutils/changelog.gz", + "/usr/share/doc/bsdutils/copyright", + "/usr/share/lintian/overrides/bsdutils", + "/usr/share/man/man1/logger.1.gz", + "/usr/share/man/man1/renice.1.gz", + "/usr/share/man/man1/script.1.gz", + "/usr/share/man/man1/scriptlive.1.gz", + "/usr/share/man/man1/scriptreplay.1.gz", + "/usr/share/man/man1/wall.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "ca-certificates@20250419", + "Name": "ca-certificates", + "Identifier": { + "PURL": "pkg:deb/debian/ca-certificates@20250419?arch=all\u0026distro=debian-13.5", + "UID": "2c691dbd8cebdf2a" + }, + "Version": "20250419", + "Arch": "all", + "SrcName": "ca-certificates", + "SrcVersion": "20250419", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "MPL-2.0" + ], + "Maintainer": "Julien Cristau \u003cjcristau@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.91", + "openssl@3.5.6-1~deb13u1" + ], + "Layer": { + "Digest": "sha256:4a9dde5cdde190bfa0a3ab17863a083e66ea9636b157638c315357dfa476ba76", + "DiffID": "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54" + }, + "InstalledFiles": [ + "/usr/sbin/update-ca-certificates", + "/usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", + "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", + "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", + "/usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", + "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", + "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", + "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", + "/usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", + "/usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", + "/usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", + "/usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", + "/usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", + "/usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", + "/usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", + "/usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", + "/usr/share/ca-certificates/mozilla/Certigna.crt", + "/usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", + "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", + "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", + "/usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-01.crt", + "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-02.crt", + "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-01.crt", + "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-02.crt", + "/usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_2_2023.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_2_2023.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", + "/usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", + "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", + "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", + "/usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", + "/usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", + "/usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", + "/usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", + "/usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", + "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", + "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", + "/usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", + "/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", + "/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", + "/usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", + "/usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", + "/usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", + "/usr/share/ca-certificates/mozilla/Izenpe.com.crt", + "/usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", + "/usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", + "/usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", + "/usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", + "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", + "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", + "/usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", + "/usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", + "/usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", + "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", + "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", + "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", + "/usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", + "/usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", + "/usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", + "/usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", + "/usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", + "/usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", + "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", + "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", + "/usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", + "/usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", + "/usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", + "/usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", + "/usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", + "/usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", + "/usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", + "/usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", + "/usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", + "/usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", + "/usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", + "/usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", + "/usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", + "/usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", + "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", + "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", + "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", + "/usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt", + "/usr/share/doc/ca-certificates/README.Debian", + "/usr/share/doc/ca-certificates/changelog.gz", + "/usr/share/doc/ca-certificates/copyright", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/Makefile", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/README", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/ca-certificates-local.triggers", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/changelog", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/compat", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/control", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/copyright", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/postrm", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/rules", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/source/format", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Local_Root_CA.crt", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Makefile", + "/usr/share/man/man8/update-ca-certificates.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "coreutils@9.7-3", + "Name": "coreutils", + "Identifier": { + "PURL": "pkg:deb/debian/coreutils@9.7-3?arch=amd64\u0026distro=debian-13.5", + "UID": "cb4a55f50bda2393" + }, + "Version": "9.7", + "Release": "3", + "Arch": "amd64", + "SrcName": "coreutils", + "SrcVersion": "9.7", + "SrcRelease": "3", + "Licenses": [ + "GPL-3.0-or-later", + "BSD-4-Clause-UC", + "GPL-3.0-only", + "ISC", + "FSFULLR", + "GFDL-1.3-no-invariants-only", + "GFDL-1.3-only" + ], + "Maintainer": "Michael Stone \u003cmstone@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/[", + "/usr/bin/arch", + "/usr/bin/b2sum", + "/usr/bin/base32", + "/usr/bin/base64", + "/usr/bin/basename", + "/usr/bin/basenc", + "/usr/bin/cat", + "/usr/bin/chcon", + "/usr/bin/chgrp", + "/usr/bin/chmod", + "/usr/bin/chown", + "/usr/bin/cksum", + "/usr/bin/comm", + "/usr/bin/cp", + "/usr/bin/csplit", + "/usr/bin/cut", + "/usr/bin/date", + "/usr/bin/dd", + "/usr/bin/df", + "/usr/bin/dir", + "/usr/bin/dircolors", + "/usr/bin/dirname", + "/usr/bin/du", + "/usr/bin/echo", + "/usr/bin/env", + "/usr/bin/expand", + "/usr/bin/expr", + "/usr/bin/factor", + "/usr/bin/false", + "/usr/bin/fmt", + "/usr/bin/fold", + "/usr/bin/groups", + "/usr/bin/head", + "/usr/bin/hostid", + "/usr/bin/id", + "/usr/bin/install", + "/usr/bin/join", + "/usr/bin/link", + "/usr/bin/ln", + "/usr/bin/logname", + "/usr/bin/ls", + "/usr/bin/md5sum", + "/usr/bin/mkdir", + "/usr/bin/mkfifo", + "/usr/bin/mknod", + "/usr/bin/mktemp", + "/usr/bin/mv", + "/usr/bin/nice", + "/usr/bin/nl", + "/usr/bin/nohup", + "/usr/bin/nproc", + "/usr/bin/numfmt", + "/usr/bin/od", + "/usr/bin/paste", + "/usr/bin/pathchk", + "/usr/bin/pinky", + "/usr/bin/pr", + "/usr/bin/printenv", + "/usr/bin/printf", + "/usr/bin/ptx", + "/usr/bin/pwd", + "/usr/bin/readlink", + "/usr/bin/realpath", + "/usr/bin/rm", + "/usr/bin/rmdir", + "/usr/bin/runcon", + "/usr/bin/seq", + "/usr/bin/sha1sum", + "/usr/bin/sha224sum", + "/usr/bin/sha256sum", + "/usr/bin/sha384sum", + "/usr/bin/sha512sum", + "/usr/bin/shred", + "/usr/bin/shuf", + "/usr/bin/sleep", + "/usr/bin/sort", + "/usr/bin/split", + "/usr/bin/stat", + "/usr/bin/stdbuf", + "/usr/bin/stty", + "/usr/bin/sum", + "/usr/bin/sync", + "/usr/bin/tac", + "/usr/bin/tail", + "/usr/bin/tee", + "/usr/bin/test", + "/usr/bin/timeout", + "/usr/bin/touch", + "/usr/bin/tr", + "/usr/bin/true", + "/usr/bin/truncate", + "/usr/bin/tsort", + "/usr/bin/tty", + "/usr/bin/uname", + "/usr/bin/unexpand", + "/usr/bin/uniq", + "/usr/bin/unlink", + "/usr/bin/users", + "/usr/bin/vdir", + "/usr/bin/wc", + "/usr/bin/who", + "/usr/bin/whoami", + "/usr/bin/yes", + "/usr/libexec/coreutils/libstdbuf.so", + "/usr/sbin/chroot", + "/usr/share/doc/coreutils/AUTHORS", + "/usr/share/doc/coreutils/NEWS.gz", + "/usr/share/doc/coreutils/README.Debian", + "/usr/share/doc/coreutils/README.gz", + "/usr/share/doc/coreutils/THANKS.gz", + "/usr/share/doc/coreutils/TODO.gz", + "/usr/share/doc/coreutils/changelog.Debian.gz", + "/usr/share/doc/coreutils/changelog.gz", + "/usr/share/doc/coreutils/copyright", + "/usr/share/info/coreutils.info.gz", + "/usr/share/lintian/overrides/coreutils", + "/usr/share/locale/af/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/be/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/bg/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ca/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/cs/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/da/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/de/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/el/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/eo/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/es/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/et/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/eu/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/fi/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/fr/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ga/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/gl/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/hr/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/hu/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ia/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/id/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/it/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ja/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ka/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/kk/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ko/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/lg/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/lt/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ms/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/nb/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/nl/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/pl/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/pt/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ro/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ru/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/sk/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/sl/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/sr/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/sv/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ta/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/tr/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/uk/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/vi/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/coreutils.mo", + "/usr/share/man/man1/arch.1.gz", + "/usr/share/man/man1/b2sum.1.gz", + "/usr/share/man/man1/base32.1.gz", + "/usr/share/man/man1/base64.1.gz", + "/usr/share/man/man1/basename.1.gz", + "/usr/share/man/man1/basenc.1.gz", + "/usr/share/man/man1/cat.1.gz", + "/usr/share/man/man1/chcon.1.gz", + "/usr/share/man/man1/chgrp.1.gz", + "/usr/share/man/man1/chmod.1.gz", + "/usr/share/man/man1/chown.1.gz", + "/usr/share/man/man1/cksum.1.gz", + "/usr/share/man/man1/comm.1.gz", + "/usr/share/man/man1/cp.1.gz", + "/usr/share/man/man1/csplit.1.gz", + "/usr/share/man/man1/cut.1.gz", + "/usr/share/man/man1/date.1.gz", + "/usr/share/man/man1/dd.1.gz", + "/usr/share/man/man1/df.1.gz", + "/usr/share/man/man1/dir.1.gz", + "/usr/share/man/man1/dircolors.1.gz", + "/usr/share/man/man1/dirname.1.gz", + "/usr/share/man/man1/du.1.gz", + "/usr/share/man/man1/echo.1.gz", + "/usr/share/man/man1/env.1.gz", + "/usr/share/man/man1/expand.1.gz", + "/usr/share/man/man1/expr.1.gz", + "/usr/share/man/man1/factor.1.gz", + "/usr/share/man/man1/false.1.gz", + "/usr/share/man/man1/fmt.1.gz", + "/usr/share/man/man1/fold.1.gz", + "/usr/share/man/man1/groups.1.gz", + "/usr/share/man/man1/head.1.gz", + "/usr/share/man/man1/hostid.1.gz", + "/usr/share/man/man1/id.1.gz", + "/usr/share/man/man1/install.1.gz", + "/usr/share/man/man1/join.1.gz", + "/usr/share/man/man1/link.1.gz", + "/usr/share/man/man1/ln.1.gz", + "/usr/share/man/man1/logname.1.gz", + "/usr/share/man/man1/ls.1.gz", + "/usr/share/man/man1/md5sum.1.gz", + "/usr/share/man/man1/mkdir.1.gz", + "/usr/share/man/man1/mkfifo.1.gz", + "/usr/share/man/man1/mknod.1.gz", + "/usr/share/man/man1/mktemp.1.gz", + "/usr/share/man/man1/mv.1.gz", + "/usr/share/man/man1/nice.1.gz", + "/usr/share/man/man1/nl.1.gz", + "/usr/share/man/man1/nohup.1.gz", + "/usr/share/man/man1/nproc.1.gz", + "/usr/share/man/man1/numfmt.1.gz", + "/usr/share/man/man1/od.1.gz", + "/usr/share/man/man1/paste.1.gz", + "/usr/share/man/man1/pathchk.1.gz", + "/usr/share/man/man1/pinky.1.gz", + "/usr/share/man/man1/pr.1.gz", + "/usr/share/man/man1/printenv.1.gz", + "/usr/share/man/man1/printf.1.gz", + "/usr/share/man/man1/ptx.1.gz", + "/usr/share/man/man1/pwd.1.gz", + "/usr/share/man/man1/readlink.1.gz", + "/usr/share/man/man1/realpath.1.gz", + "/usr/share/man/man1/rm.1.gz", + "/usr/share/man/man1/rmdir.1.gz", + "/usr/share/man/man1/runcon.1.gz", + "/usr/share/man/man1/seq.1.gz", + "/usr/share/man/man1/sha1sum.1.gz", + "/usr/share/man/man1/sha224sum.1.gz", + "/usr/share/man/man1/sha256sum.1.gz", + "/usr/share/man/man1/sha384sum.1.gz", + "/usr/share/man/man1/sha512sum.1.gz", + "/usr/share/man/man1/shred.1.gz", + "/usr/share/man/man1/shuf.1.gz", + "/usr/share/man/man1/sleep.1.gz", + "/usr/share/man/man1/sort.1.gz", + "/usr/share/man/man1/split.1.gz", + "/usr/share/man/man1/stat.1.gz", + "/usr/share/man/man1/stdbuf.1.gz", + "/usr/share/man/man1/stty.1.gz", + "/usr/share/man/man1/sum.1.gz", + "/usr/share/man/man1/sync.1.gz", + "/usr/share/man/man1/tac.1.gz", + "/usr/share/man/man1/tail.1.gz", + "/usr/share/man/man1/tee.1.gz", + "/usr/share/man/man1/test.1.gz", + "/usr/share/man/man1/timeout.1.gz", + "/usr/share/man/man1/touch.1.gz", + "/usr/share/man/man1/tr.1.gz", + "/usr/share/man/man1/true.1.gz", + "/usr/share/man/man1/truncate.1.gz", + "/usr/share/man/man1/tsort.1.gz", + "/usr/share/man/man1/tty.1.gz", + "/usr/share/man/man1/uname.1.gz", + "/usr/share/man/man1/unexpand.1.gz", + "/usr/share/man/man1/uniq.1.gz", + "/usr/share/man/man1/unlink.1.gz", + "/usr/share/man/man1/users.1.gz", + "/usr/share/man/man1/vdir.1.gz", + "/usr/share/man/man1/wc.1.gz", + "/usr/share/man/man1/who.1.gz", + "/usr/share/man/man1/whoami.1.gz", + "/usr/share/man/man1/yes.1.gz", + "/usr/share/man/man8/chroot.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "dash@0.5.12-12", + "Name": "dash", + "Identifier": { + "PURL": "pkg:deb/debian/dash@0.5.12-12?arch=amd64\u0026distro=debian-13.5", + "UID": "4990b2098a2a3724" + }, + "Version": "0.5.12", + "Release": "12", + "Arch": "amd64", + "SrcName": "dash", + "SrcVersion": "0.5.12", + "SrcRelease": "12", + "Licenses": [ + "BSD-3-Clause", + "public-domain", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Andrej Shadura \u003candrewsh@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debianutils@5.23.2" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/dash", + "/usr/share/debianutils/shells.d/dash", + "/usr/share/doc/dash/README.Debian.diet", + "/usr/share/doc/dash/README.source", + "/usr/share/doc/dash/changelog.Debian.gz", + "/usr/share/doc/dash/changelog.gz", + "/usr/share/doc/dash/copyright", + "/usr/share/lintian/overrides/dash", + "/usr/share/man/man1/dash.1.gz", + "/usr/share/menu/dash" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "debconf@1.5.91", + "Name": "debconf", + "Identifier": { + "PURL": "pkg:deb/debian/debconf@1.5.91?arch=all\u0026distro=debian-13.5", + "UID": "f7c8b7ba83ed5cfe" + }, + "Version": "1.5.91", + "Arch": "all", + "SrcName": "debconf", + "SrcVersion": "1.5.91", + "Licenses": [ + "BSD-2-Clause" + ], + "Maintainer": "Debconf Developers \u003cdebconf-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/debconf", + "/usr/bin/debconf-apt-progress", + "/usr/bin/debconf-communicate", + "/usr/bin/debconf-copydb", + "/usr/bin/debconf-escape", + "/usr/bin/debconf-set-selections", + "/usr/bin/debconf-show", + "/usr/sbin/dpkg-preconfigure", + "/usr/sbin/dpkg-reconfigure", + "/usr/share/bash-completion/completions/debconf", + "/usr/share/debconf/confmodule", + "/usr/share/debconf/confmodule.sh", + "/usr/share/debconf/debconf.conf", + "/usr/share/debconf/fix_db.pl", + "/usr/share/debconf/frontend", + "/usr/share/doc/debconf/README.Debian", + "/usr/share/doc/debconf/changelog.gz", + "/usr/share/doc/debconf/copyright", + "/usr/share/lintian/overrides/debconf", + "/usr/share/man/man1/debconf-apt-progress.1.gz", + "/usr/share/man/man1/debconf-communicate.1.gz", + "/usr/share/man/man1/debconf-copydb.1.gz", + "/usr/share/man/man1/debconf-escape.1.gz", + "/usr/share/man/man1/debconf-set-selections.1.gz", + "/usr/share/man/man1/debconf-show.1.gz", + "/usr/share/man/man1/debconf.1.gz", + "/usr/share/man/man8/dpkg-preconfigure.8.gz", + "/usr/share/man/man8/dpkg-reconfigure.8.gz", + "/usr/share/perl5/Debconf/AutoSelect.pm", + "/usr/share/perl5/Debconf/Base.pm", + "/usr/share/perl5/Debconf/Client/ConfModule.pm", + "/usr/share/perl5/Debconf/ConfModule.pm", + "/usr/share/perl5/Debconf/Config.pm", + "/usr/share/perl5/Debconf/Db.pm", + "/usr/share/perl5/Debconf/DbDriver.pm", + "/usr/share/perl5/Debconf/DbDriver/Backup.pm", + "/usr/share/perl5/Debconf/DbDriver/Cache.pm", + "/usr/share/perl5/Debconf/DbDriver/Copy.pm", + "/usr/share/perl5/Debconf/DbDriver/Debug.pm", + "/usr/share/perl5/Debconf/DbDriver/DirTree.pm", + "/usr/share/perl5/Debconf/DbDriver/Directory.pm", + "/usr/share/perl5/Debconf/DbDriver/File.pm", + "/usr/share/perl5/Debconf/DbDriver/LDAP.pm", + "/usr/share/perl5/Debconf/DbDriver/PackageDir.pm", + "/usr/share/perl5/Debconf/DbDriver/Pipe.pm", + "/usr/share/perl5/Debconf/DbDriver/Stack.pm", + "/usr/share/perl5/Debconf/Element.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Error.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Note.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Password.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Progress.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Select.pm", + "/usr/share/perl5/Debconf/Element/Dialog/String.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Text.pm", + "/usr/share/perl5/Debconf/Element/Editor/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Editor/Error.pm", + "/usr/share/perl5/Debconf/Element/Editor/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Editor/Note.pm", + "/usr/share/perl5/Debconf/Element/Editor/Password.pm", + "/usr/share/perl5/Debconf/Element/Editor/Progress.pm", + "/usr/share/perl5/Debconf/Element/Editor/Select.pm", + "/usr/share/perl5/Debconf/Element/Editor/String.pm", + "/usr/share/perl5/Debconf/Element/Editor/Text.pm", + "/usr/share/perl5/Debconf/Element/Gnome.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Error.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Note.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Password.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Progress.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Select.pm", + "/usr/share/perl5/Debconf/Element/Gnome/String.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Text.pm", + "/usr/share/perl5/Debconf/Element/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Error.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Note.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Password.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Progress.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Select.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/String.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Text.pm", + "/usr/share/perl5/Debconf/Element/Select.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Error.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Note.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Password.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Progress.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Select.pm", + "/usr/share/perl5/Debconf/Element/Teletype/String.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Text.pm", + "/usr/share/perl5/Debconf/Element/Web/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Web/Error.pm", + "/usr/share/perl5/Debconf/Element/Web/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Web/Note.pm", + "/usr/share/perl5/Debconf/Element/Web/Password.pm", + "/usr/share/perl5/Debconf/Element/Web/Progress.pm", + "/usr/share/perl5/Debconf/Element/Web/Select.pm", + "/usr/share/perl5/Debconf/Element/Web/String.pm", + "/usr/share/perl5/Debconf/Element/Web/Text.pm", + "/usr/share/perl5/Debconf/Encoding.pm", + "/usr/share/perl5/Debconf/Format.pm", + "/usr/share/perl5/Debconf/Format/822.pm", + "/usr/share/perl5/Debconf/FrontEnd.pm", + "/usr/share/perl5/Debconf/FrontEnd/Dialog.pm", + "/usr/share/perl5/Debconf/FrontEnd/Editor.pm", + "/usr/share/perl5/Debconf/FrontEnd/Gnome.pm", + "/usr/share/perl5/Debconf/FrontEnd/Kde.pm", + "/usr/share/perl5/Debconf/FrontEnd/Noninteractive.pm", + "/usr/share/perl5/Debconf/FrontEnd/Passthrough.pm", + "/usr/share/perl5/Debconf/FrontEnd/Readline.pm", + "/usr/share/perl5/Debconf/FrontEnd/ScreenSize.pm", + "/usr/share/perl5/Debconf/FrontEnd/Teletype.pm", + "/usr/share/perl5/Debconf/FrontEnd/Text.pm", + "/usr/share/perl5/Debconf/FrontEnd/Web.pm", + "/usr/share/perl5/Debconf/Gettext.pm", + "/usr/share/perl5/Debconf/Iterator.pm", + "/usr/share/perl5/Debconf/Log.pm", + "/usr/share/perl5/Debconf/Path.pm", + "/usr/share/perl5/Debconf/Priority.pm", + "/usr/share/perl5/Debconf/Question.pm", + "/usr/share/perl5/Debconf/Template.pm", + "/usr/share/perl5/Debconf/Template/Transient.pm", + "/usr/share/perl5/Debconf/TmpFile.pm", + "/usr/share/perl5/Debian/DebConf/Client/ConfModule.pm", + "/usr/share/pixmaps/debian-logo.png" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "debian-archive-keyring@2025.1", + "Name": "debian-archive-keyring", + "Identifier": { + "PURL": "pkg:deb/debian/debian-archive-keyring@2025.1?arch=all\u0026distro=debian-13.5", + "UID": "a22d861380b1187c" + }, + "Version": "2025.1", + "Arch": "all", + "SrcName": "debian-archive-keyring", + "SrcVersion": "2025.1", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Debian Release Team \u003cpackages@release.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/share/doc/debian-archive-keyring/NEWS.Debian.gz", + "/usr/share/doc/debian-archive-keyring/README", + "/usr/share/doc/debian-archive-keyring/changelog.gz", + "/usr/share/doc/debian-archive-keyring/copyright", + "/usr/share/keyrings/debian-archive-bookworm-automatic.pgp", + "/usr/share/keyrings/debian-archive-bookworm-security-automatic.pgp", + "/usr/share/keyrings/debian-archive-bookworm-stable.pgp", + "/usr/share/keyrings/debian-archive-bullseye-automatic.pgp", + "/usr/share/keyrings/debian-archive-bullseye-security-automatic.pgp", + "/usr/share/keyrings/debian-archive-bullseye-stable.pgp", + "/usr/share/keyrings/debian-archive-keyring.pgp", + "/usr/share/keyrings/debian-archive-removed-keys.pgp", + "/usr/share/keyrings/debian-archive-trixie-automatic.pgp", + "/usr/share/keyrings/debian-archive-trixie-security-automatic.pgp", + "/usr/share/keyrings/debian-archive-trixie-stable.pgp" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "debianutils@5.23.2", + "Name": "debianutils", + "Identifier": { + "PURL": "pkg:deb/debian/debianutils@5.23.2?arch=amd64\u0026distro=debian-13.5", + "UID": "3c5d0b66afafddbb" + }, + "Version": "5.23.2", + "Arch": "amd64", + "SrcName": "debianutils", + "SrcVersion": "5.23.2", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "public-domain", + "SMAIL-GPL" + ], + "Maintainer": "Ileana Dumitrescu \u003cileanadumitrescu95@gmail.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/ischroot", + "/usr/bin/run-parts", + "/usr/bin/savelog", + "/usr/bin/tempfile", + "/usr/bin/which.debianutils", + "/usr/sbin/add-shell", + "/usr/sbin/installkernel", + "/usr/sbin/remove-shell", + "/usr/sbin/update-shells", + "/usr/share/debianutils/shells", + "/usr/share/doc/debianutils/README.shells", + "/usr/share/doc/debianutils/changelog.gz", + "/usr/share/doc/debianutils/copyright", + "/usr/share/man/de/man1/which.debianutils.1.gz", + "/usr/share/man/de/man8/add-shell.8.gz", + "/usr/share/man/de/man8/installkernel.8.gz", + "/usr/share/man/de/man8/remove-shell.8.gz", + "/usr/share/man/de/man8/run-parts.8.gz", + "/usr/share/man/de/man8/savelog.8.gz", + "/usr/share/man/es/man1/which.debianutils.1.gz", + "/usr/share/man/es/man8/add-shell.8.gz", + "/usr/share/man/es/man8/installkernel.8.gz", + "/usr/share/man/es/man8/remove-shell.8.gz", + "/usr/share/man/es/man8/run-parts.8.gz", + "/usr/share/man/es/man8/savelog.8.gz", + "/usr/share/man/fr/man1/which.debianutils.1.gz", + "/usr/share/man/fr/man8/add-shell.8.gz", + "/usr/share/man/fr/man8/installkernel.8.gz", + "/usr/share/man/fr/man8/remove-shell.8.gz", + "/usr/share/man/fr/man8/run-parts.8.gz", + "/usr/share/man/fr/man8/savelog.8.gz", + "/usr/share/man/it/man1/which.debianutils.1.gz", + "/usr/share/man/it/man8/add-shell.8.gz", + "/usr/share/man/it/man8/installkernel.8.gz", + "/usr/share/man/it/man8/remove-shell.8.gz", + "/usr/share/man/it/man8/run-parts.8.gz", + "/usr/share/man/it/man8/savelog.8.gz", + "/usr/share/man/ja/man1/which.debianutils.1.gz", + "/usr/share/man/ja/man8/add-shell.8.gz", + "/usr/share/man/ja/man8/installkernel.8.gz", + "/usr/share/man/ja/man8/remove-shell.8.gz", + "/usr/share/man/ja/man8/run-parts.8.gz", + "/usr/share/man/ja/man8/savelog.8.gz", + "/usr/share/man/man1/ischroot.1.gz", + "/usr/share/man/man1/tempfile.1.gz", + "/usr/share/man/man1/which.debianutils.1.gz", + "/usr/share/man/man8/add-shell.8.gz", + "/usr/share/man/man8/installkernel.8.gz", + "/usr/share/man/man8/remove-shell.8.gz", + "/usr/share/man/man8/run-parts.8.gz", + "/usr/share/man/man8/savelog.8.gz", + "/usr/share/man/man8/update-shells.8.gz", + "/usr/share/man/pl/man1/which.debianutils.1.gz", + "/usr/share/man/pl/man8/add-shell.8.gz", + "/usr/share/man/pl/man8/installkernel.8.gz", + "/usr/share/man/pl/man8/remove-shell.8.gz", + "/usr/share/man/pl/man8/run-parts.8.gz", + "/usr/share/man/pl/man8/savelog.8.gz", + "/usr/share/man/pt/man1/which.debianutils.1.gz", + "/usr/share/man/pt/man8/add-shell.8.gz", + "/usr/share/man/pt/man8/installkernel.8.gz", + "/usr/share/man/pt/man8/remove-shell.8.gz", + "/usr/share/man/pt/man8/run-parts.8.gz", + "/usr/share/man/pt/man8/savelog.8.gz", + "/usr/share/man/sl/man1/which.debianutils.1.gz", + "/usr/share/man/sl/man8/add-shell.8.gz", + "/usr/share/man/sl/man8/installkernel.8.gz", + "/usr/share/man/sl/man8/remove-shell.8.gz", + "/usr/share/man/sl/man8/run-parts.8.gz", + "/usr/share/man/sl/man8/savelog.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "diffutils@1:3.10-4", + "Name": "diffutils", + "Identifier": { + "PURL": "pkg:deb/debian/diffutils@3.10-4?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "852f693a78aaa149" + }, + "Version": "3.10", + "Release": "4", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "diffutils", + "SrcVersion": "3.10", + "SrcRelease": "4", + "SrcEpoch": 1, + "Licenses": [ + "GPL-3.0-or-later", + "FSFULLR", + "LGPL-2.1-or-later", + "GPL-3.0-with-autoconf-exception+", + "GPL-3.0-only", + "GPL-3+ with texinfo exception", + "LGPL-2.0-or-later", + "GPL-2.0-or-later", + "X11", + "FSFAP", + "GFDL-1.3-no-invariants-only", + "LGPL-3.0-or-later", + "LGPL-3.0-only", + "public-domain", + "LGPL-2.0-only", + "LGPL-2.1-only", + "GPL-2.0-only", + "GFDL-1.3-only" + ], + "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/cmp", + "/usr/bin/diff", + "/usr/bin/diff3", + "/usr/bin/sdiff", + "/usr/share/doc/diffutils/NEWS.gz", + "/usr/share/doc/diffutils/changelog.Debian.gz", + "/usr/share/doc/diffutils/changelog.gz", + "/usr/share/doc/diffutils/copyright", + "/usr/share/info/diffutils.info.gz", + "/usr/share/locale/bg/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ca/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/cs/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/da/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/de/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/el/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/eo/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/es/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/fi/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/fr/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ga/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/gl/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/he/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/hr/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/hu/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/id/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/it/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ja/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ka/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ko/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/lv/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ms/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/nb/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/nl/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/pl/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/pt/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ro/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ru/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/sr/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/sv/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/tr/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/uk/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/vi/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/diffutils.mo", + "/usr/share/man/man1/cmp.1.gz", + "/usr/share/man/man1/diff.1.gz", + "/usr/share/man/man1/diff3.1.gz", + "/usr/share/man/man1/sdiff.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "dpkg@1.22.22", + "Name": "dpkg", + "Identifier": { + "PURL": "pkg:deb/debian/dpkg@1.22.22?arch=amd64\u0026distro=debian-13.5", + "UID": "7b97f27e3bec0417" + }, + "Version": "1.22.22", + "Arch": "amd64", + "SrcName": "dpkg", + "SrcVersion": "1.22.22", + "Licenses": [ + "GPL-2.0-or-later", + "public-domain-s-s-d", + "GPL-2.0-only" + ], + "Maintainer": "Dpkg Developers \u003cdebian-dpkg@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "tar@1.35+dfsg-3.1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/dpkg", + "/usr/bin/dpkg-deb", + "/usr/bin/dpkg-divert", + "/usr/bin/dpkg-maintscript-helper", + "/usr/bin/dpkg-query", + "/usr/bin/dpkg-realpath", + "/usr/bin/dpkg-split", + "/usr/bin/dpkg-statoverride", + "/usr/bin/dpkg-trigger", + "/usr/bin/update-alternatives", + "/usr/lib/systemd/system/dpkg-db-backup.service", + "/usr/lib/systemd/system/dpkg-db-backup.timer", + "/usr/libexec/dpkg/dpkg-db-backup", + "/usr/libexec/dpkg/dpkg-db-keeper", + "/usr/sbin/start-stop-daemon", + "/usr/share/doc/dpkg/AUTHORS", + "/usr/share/doc/dpkg/README.api", + "/usr/share/doc/dpkg/README.bug-usertags.gz", + "/usr/share/doc/dpkg/README.feature-removal-schedule.gz", + "/usr/share/doc/dpkg/THANKS.gz", + "/usr/share/doc/dpkg/changelog.gz", + "/usr/share/doc/dpkg/copyright", + "/usr/share/dpkg/abitable", + "/usr/share/dpkg/cputable", + "/usr/share/dpkg/ostable", + "/usr/share/dpkg/sh/dpkg-error.sh", + "/usr/share/dpkg/tupletable", + "/usr/share/lintian/overrides/dpkg", + "/usr/share/lintian/profiles/dpkg/main.profile", + "/usr/share/locale/ast/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/bs/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ca/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/cs/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/da/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/de/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/dz/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/el/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/eo/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/es/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/et/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/eu/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/fr/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/gl/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/hu/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/id/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/it/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ja/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/km/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ko/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ku/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/lt/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/mr/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/nb/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ne/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/nl/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/nn/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/oc/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/pa/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/pl/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/pt/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ro/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ru/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/sk/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/sv/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/th/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/tl/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/tr/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/vi/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/dpkg.mo", + "/usr/share/man/de/man1/dpkg-deb.1.gz", + "/usr/share/man/de/man1/dpkg-divert.1.gz", + "/usr/share/man/de/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/de/man1/dpkg-query.1.gz", + "/usr/share/man/de/man1/dpkg-realpath.1.gz", + "/usr/share/man/de/man1/dpkg-split.1.gz", + "/usr/share/man/de/man1/dpkg-statoverride.1.gz", + "/usr/share/man/de/man1/dpkg-trigger.1.gz", + "/usr/share/man/de/man1/dpkg.1.gz", + "/usr/share/man/de/man1/update-alternatives.1.gz", + "/usr/share/man/de/man5/dpkg.cfg.5.gz", + "/usr/share/man/de/man8/start-stop-daemon.8.gz", + "/usr/share/man/es/man5/dpkg.cfg.5.gz", + "/usr/share/man/fr/man1/dpkg-divert.1.gz", + "/usr/share/man/fr/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/fr/man1/dpkg-query.1.gz", + "/usr/share/man/fr/man1/dpkg-realpath.1.gz", + "/usr/share/man/fr/man1/dpkg-split.1.gz", + "/usr/share/man/fr/man1/dpkg-trigger.1.gz", + "/usr/share/man/fr/man1/update-alternatives.1.gz", + "/usr/share/man/fr/man5/dpkg.cfg.5.gz", + "/usr/share/man/fr/man8/start-stop-daemon.8.gz", + "/usr/share/man/it/man5/dpkg.cfg.5.gz", + "/usr/share/man/ja/man5/dpkg.cfg.5.gz", + "/usr/share/man/man1/dpkg-deb.1.gz", + "/usr/share/man/man1/dpkg-divert.1.gz", + "/usr/share/man/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/man1/dpkg-query.1.gz", + "/usr/share/man/man1/dpkg-realpath.1.gz", + "/usr/share/man/man1/dpkg-split.1.gz", + "/usr/share/man/man1/dpkg-statoverride.1.gz", + "/usr/share/man/man1/dpkg-trigger.1.gz", + "/usr/share/man/man1/dpkg.1.gz", + "/usr/share/man/man1/update-alternatives.1.gz", + "/usr/share/man/man5/dpkg.cfg.5.gz", + "/usr/share/man/man8/start-stop-daemon.8.gz", + "/usr/share/man/nl/man1/dpkg-deb.1.gz", + "/usr/share/man/nl/man1/dpkg-divert.1.gz", + "/usr/share/man/nl/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/nl/man1/dpkg-query.1.gz", + "/usr/share/man/nl/man1/dpkg-realpath.1.gz", + "/usr/share/man/nl/man1/dpkg-split.1.gz", + "/usr/share/man/nl/man1/dpkg-statoverride.1.gz", + "/usr/share/man/nl/man1/dpkg-trigger.1.gz", + "/usr/share/man/nl/man1/dpkg.1.gz", + "/usr/share/man/nl/man1/update-alternatives.1.gz", + "/usr/share/man/nl/man5/dpkg.cfg.5.gz", + "/usr/share/man/nl/man8/start-stop-daemon.8.gz", + "/usr/share/man/pl/man5/dpkg.cfg.5.gz", + "/usr/share/man/pt/man1/dpkg-deb.1.gz", + "/usr/share/man/pt/man1/dpkg-divert.1.gz", + "/usr/share/man/pt/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/pt/man1/dpkg-query.1.gz", + "/usr/share/man/pt/man1/dpkg-realpath.1.gz", + "/usr/share/man/pt/man1/dpkg-split.1.gz", + "/usr/share/man/pt/man1/dpkg-statoverride.1.gz", + "/usr/share/man/pt/man1/dpkg-trigger.1.gz", + "/usr/share/man/pt/man1/dpkg.1.gz", + "/usr/share/man/pt/man1/update-alternatives.1.gz", + "/usr/share/man/pt/man5/dpkg.cfg.5.gz", + "/usr/share/man/pt/man8/start-stop-daemon.8.gz", + "/usr/share/man/sv/man1/dpkg-deb.1.gz", + "/usr/share/man/sv/man1/dpkg-divert.1.gz", + "/usr/share/man/sv/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/sv/man1/dpkg-query.1.gz", + "/usr/share/man/sv/man1/dpkg-realpath.1.gz", + "/usr/share/man/sv/man1/dpkg-split.1.gz", + "/usr/share/man/sv/man1/dpkg-statoverride.1.gz", + "/usr/share/man/sv/man1/dpkg-trigger.1.gz", + "/usr/share/man/sv/man1/dpkg.1.gz", + "/usr/share/man/sv/man1/update-alternatives.1.gz", + "/usr/share/man/sv/man5/dpkg.cfg.5.gz", + "/usr/share/man/sv/man8/start-stop-daemon.8.gz", + "/usr/share/polkit-1/actions/org.dpkg.pkexec.update-alternatives.policy" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "findutils@4.10.0-3", + "Name": "findutils", + "Identifier": { + "PURL": "pkg:deb/debian/findutils@4.10.0-3?arch=amd64\u0026distro=debian-13.5", + "UID": "12e741692291b42a" + }, + "Version": "4.10.0", + "Release": "3", + "Arch": "amd64", + "SrcName": "findutils", + "SrcVersion": "4.10.0", + "SrcRelease": "3", + "Licenses": [ + "GFDL-1.3-no-invariants-or-later", + "GPL-3.0-or-later", + "FSFAP", + "GPL-2+ with Autoconf-data exception", + "GPL-3+ with Autoconf-data exception", + "FSFULLR", + "GPL-2.0-or-later", + "X11", + "public-domain", + "LGPL-2.1-or-later", + "GPL with automake exception", + "LGPL-2.0-or-later", + "LGPL-3.0-or-later", + "BSD-3-Clause", + "GPL-3+ with Bison-2.2 exception", + "LGPL-3.0-only", + "ISC", + "GFDL-1.3-only", + "GPL-2.0-only", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Andreas Metzler \u003cametzler@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/find", + "/usr/bin/xargs", + "/usr/share/doc-base/findutils.findutils", + "/usr/share/doc/findutils/NEWS.gz", + "/usr/share/doc/findutils/README.gz", + "/usr/share/doc/findutils/TODO", + "/usr/share/doc/findutils/changelog.Debian.gz", + "/usr/share/doc/findutils/changelog.gz", + "/usr/share/doc/findutils/copyright", + "/usr/share/info/find-maint.info.gz", + "/usr/share/info/find.info.gz", + "/usr/share/locale/be/LC_MESSAGES/findutils.mo", + "/usr/share/locale/bg/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ca/LC_MESSAGES/findutils.mo", + "/usr/share/locale/cs/LC_MESSAGES/findutils.mo", + "/usr/share/locale/da/LC_MESSAGES/findutils.mo", + "/usr/share/locale/de/LC_MESSAGES/findutils.mo", + "/usr/share/locale/el/LC_MESSAGES/findutils.mo", + "/usr/share/locale/eo/LC_MESSAGES/findutils.mo", + "/usr/share/locale/es/LC_MESSAGES/findutils.mo", + "/usr/share/locale/et/LC_MESSAGES/findutils.mo", + "/usr/share/locale/fi/LC_MESSAGES/findutils.mo", + "/usr/share/locale/fr/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ga/LC_MESSAGES/findutils.mo", + "/usr/share/locale/gl/LC_MESSAGES/findutils.mo", + "/usr/share/locale/hr/LC_MESSAGES/findutils.mo", + "/usr/share/locale/hu/LC_MESSAGES/findutils.mo", + "/usr/share/locale/id/LC_MESSAGES/findutils.mo", + "/usr/share/locale/it/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ja/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ka/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ko/LC_MESSAGES/findutils.mo", + "/usr/share/locale/lg/LC_MESSAGES/findutils.mo", + "/usr/share/locale/lt/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ms/LC_MESSAGES/findutils.mo", + "/usr/share/locale/nb/LC_MESSAGES/findutils.mo", + "/usr/share/locale/nl/LC_MESSAGES/findutils.mo", + "/usr/share/locale/pl/LC_MESSAGES/findutils.mo", + "/usr/share/locale/pt/LC_MESSAGES/findutils.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ro/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ru/LC_MESSAGES/findutils.mo", + "/usr/share/locale/sk/LC_MESSAGES/findutils.mo", + "/usr/share/locale/sl/LC_MESSAGES/findutils.mo", + "/usr/share/locale/sr/LC_MESSAGES/findutils.mo", + "/usr/share/locale/sv/LC_MESSAGES/findutils.mo", + "/usr/share/locale/tr/LC_MESSAGES/findutils.mo", + "/usr/share/locale/uk/LC_MESSAGES/findutils.mo", + "/usr/share/locale/vi/LC_MESSAGES/findutils.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/findutils.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/findutils.mo", + "/usr/share/man/man1/find.1.gz", + "/usr/share/man/man1/xargs.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "gcc-14-base@14.2.0-19", + "Name": "gcc-14-base", + "Identifier": { + "PURL": "pkg:deb/debian/gcc-14-base@14.2.0-19?arch=amd64\u0026distro=debian-13.5", + "UID": "371c061d08215a1b" + }, + "Version": "14.2.0", + "Release": "19", + "Arch": "amd64", + "SrcName": "gcc-14", + "SrcVersion": "14.2.0", + "SrcRelease": "19", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-3.0-only", + "GFDL-1.2-only", + "Artistic-2.0", + "LGPL-2.0-or-later" + ], + "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/share/doc/gcc-14-base/README.Debian.amd64.gz", + "/usr/share/doc/gcc-14-base/TODO.Debian", + "/usr/share/doc/gcc-14-base/changelog.Debian.gz", + "/usr/share/doc/gcc-14-base/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "grep@3.11-4", + "Name": "grep", + "Identifier": { + "PURL": "pkg:deb/debian/grep@3.11-4?arch=amd64\u0026distro=debian-13.5", + "UID": "6ce8b4eed9c0d137" + }, + "Version": "3.11", + "Release": "4", + "Arch": "amd64", + "SrcName": "grep", + "SrcVersion": "3.11", + "SrcRelease": "4", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only" + ], + "Maintainer": "Anibal Monsalve Salazar \u003canibal@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/egrep", + "/usr/bin/fgrep", + "/usr/bin/grep", + "/usr/bin/rgrep", + "/usr/share/doc/grep/AUTHORS", + "/usr/share/doc/grep/NEWS.Debian.gz", + "/usr/share/doc/grep/NEWS.gz", + "/usr/share/doc/grep/README", + "/usr/share/doc/grep/THANKS.gz", + "/usr/share/doc/grep/TODO.gz", + "/usr/share/doc/grep/changelog.Debian.gz", + "/usr/share/doc/grep/changelog.gz", + "/usr/share/doc/grep/copyright", + "/usr/share/info/grep.info.gz", + "/usr/share/locale/af/LC_MESSAGES/grep.mo", + "/usr/share/locale/be/LC_MESSAGES/grep.mo", + "/usr/share/locale/bg/LC_MESSAGES/grep.mo", + "/usr/share/locale/ca/LC_MESSAGES/grep.mo", + "/usr/share/locale/cs/LC_MESSAGES/grep.mo", + "/usr/share/locale/da/LC_MESSAGES/grep.mo", + "/usr/share/locale/de/LC_MESSAGES/grep.mo", + "/usr/share/locale/el/LC_MESSAGES/grep.mo", + "/usr/share/locale/eo/LC_MESSAGES/grep.mo", + "/usr/share/locale/es/LC_MESSAGES/grep.mo", + "/usr/share/locale/et/LC_MESSAGES/grep.mo", + "/usr/share/locale/eu/LC_MESSAGES/grep.mo", + "/usr/share/locale/fi/LC_MESSAGES/grep.mo", + "/usr/share/locale/fr/LC_MESSAGES/grep.mo", + "/usr/share/locale/ga/LC_MESSAGES/grep.mo", + "/usr/share/locale/gl/LC_MESSAGES/grep.mo", + "/usr/share/locale/he/LC_MESSAGES/grep.mo", + "/usr/share/locale/hr/LC_MESSAGES/grep.mo", + "/usr/share/locale/hu/LC_MESSAGES/grep.mo", + "/usr/share/locale/id/LC_MESSAGES/grep.mo", + "/usr/share/locale/it/LC_MESSAGES/grep.mo", + "/usr/share/locale/ja/LC_MESSAGES/grep.mo", + "/usr/share/locale/ka/LC_MESSAGES/grep.mo", + "/usr/share/locale/ko/LC_MESSAGES/grep.mo", + "/usr/share/locale/ky/LC_MESSAGES/grep.mo", + "/usr/share/locale/lt/LC_MESSAGES/grep.mo", + "/usr/share/locale/nb/LC_MESSAGES/grep.mo", + "/usr/share/locale/nl/LC_MESSAGES/grep.mo", + "/usr/share/locale/pa/LC_MESSAGES/grep.mo", + "/usr/share/locale/pl/LC_MESSAGES/grep.mo", + "/usr/share/locale/pt/LC_MESSAGES/grep.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/grep.mo", + "/usr/share/locale/ro/LC_MESSAGES/grep.mo", + "/usr/share/locale/ru/LC_MESSAGES/grep.mo", + "/usr/share/locale/sk/LC_MESSAGES/grep.mo", + "/usr/share/locale/sl/LC_MESSAGES/grep.mo", + "/usr/share/locale/sr/LC_MESSAGES/grep.mo", + "/usr/share/locale/sv/LC_MESSAGES/grep.mo", + "/usr/share/locale/ta/LC_MESSAGES/grep.mo", + "/usr/share/locale/th/LC_MESSAGES/grep.mo", + "/usr/share/locale/tr/LC_MESSAGES/grep.mo", + "/usr/share/locale/uk/LC_MESSAGES/grep.mo", + "/usr/share/locale/vi/LC_MESSAGES/grep.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/grep.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/grep.mo", + "/usr/share/man/man1/grep.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "gzip@1.13-1", + "Name": "gzip", + "Identifier": { + "PURL": "pkg:deb/debian/gzip@1.13-1?arch=amd64\u0026distro=debian-13.5", + "UID": "954545ce99bc687e" + }, + "Version": "1.13", + "Release": "1", + "Arch": "amd64", + "SrcName": "gzip", + "SrcVersion": "1.13", + "SrcRelease": "1", + "Licenses": [ + "GPL-3.0-or-later", + "GFDL-1.3+-no-invariant", + "FSF-manpages", + "GPL-3.0-only", + "GFDL-3" + ], + "Maintainer": "Milan Kupcevic \u003cmilan@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/gunzip", + "/usr/bin/gzexe", + "/usr/bin/gzip", + "/usr/bin/zcat", + "/usr/bin/zcmp", + "/usr/bin/zdiff", + "/usr/bin/zegrep", + "/usr/bin/zfgrep", + "/usr/bin/zforce", + "/usr/bin/zgrep", + "/usr/bin/zless", + "/usr/bin/zmore", + "/usr/bin/znew", + "/usr/share/doc/gzip/NEWS.gz", + "/usr/share/doc/gzip/README.gz", + "/usr/share/doc/gzip/TODO", + "/usr/share/doc/gzip/changelog.Debian.gz", + "/usr/share/doc/gzip/changelog.gz", + "/usr/share/doc/gzip/copyright", + "/usr/share/info/gzip.info.gz", + "/usr/share/man/man1/gzexe.1.gz", + "/usr/share/man/man1/gzip.1.gz", + "/usr/share/man/man1/zdiff.1.gz", + "/usr/share/man/man1/zforce.1.gz", + "/usr/share/man/man1/zgrep.1.gz", + "/usr/share/man/man1/zless.1.gz", + "/usr/share/man/man1/zmore.1.gz", + "/usr/share/man/man1/znew.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "hostname@3.25", + "Name": "hostname", + "Identifier": { + "PURL": "pkg:deb/debian/hostname@3.25?arch=amd64\u0026distro=debian-13.5", + "UID": "641772722328aedf" + }, + "Version": "3.25", + "Arch": "amd64", + "SrcName": "hostname", + "SrcVersion": "3.25", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Michael Meskes \u003cmeskes@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/hostname", + "/usr/share/doc/hostname/changelog.gz", + "/usr/share/doc/hostname/copyright", + "/usr/share/man/man1/hostname.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "init-system-helpers@1.69~deb13u1", + "Name": "init-system-helpers", + "Identifier": { + "PURL": "pkg:deb/debian/init-system-helpers@1.69~deb13u1?arch=all\u0026distro=debian-13.5", + "UID": "cb52819ec2f1a236" + }, + "Version": "1.69~deb13u1", + "Arch": "all", + "SrcName": "init-system-helpers", + "SrcVersion": "1.69~deb13u1", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/deb-systemd-helper", + "/usr/bin/deb-systemd-invoke", + "/usr/sbin/invoke-rc.d", + "/usr/sbin/service", + "/usr/sbin/update-rc.d", + "/usr/share/bug/init-system-helpers/control", + "/usr/share/doc/init-system-helpers/README.invoke-rc.d.gz", + "/usr/share/doc/init-system-helpers/README.policy-rc.d.gz", + "/usr/share/doc/init-system-helpers/changelog.gz", + "/usr/share/doc/init-system-helpers/copyright", + "/usr/share/lintian/overrides/init-system-helpers", + "/usr/share/man/man1/deb-systemd-helper.1p.gz", + "/usr/share/man/man1/deb-systemd-invoke.1p.gz", + "/usr/share/man/man8/invoke-rc.d.8.gz", + "/usr/share/man/man8/service.8.gz", + "/usr/share/man/man8/update-rc.d.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libacl1@2.3.2-2+b1", + "Name": "libacl1", + "Identifier": { + "PURL": "pkg:deb/debian/libacl1@2.3.2-2%2Bb1?arch=amd64\u0026distro=debian-13.5", + "UID": "f9f7789d147b9636" + }, + "Version": "2.3.2", + "Release": "2+b1", + "Arch": "amd64", + "SrcName": "acl", + "SrcVersion": "2.3.2", + "SrcRelease": "2", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.0-or-later", + "LGPL-2.1-only" + ], + "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libacl.so.1.1.2302", + "/usr/share/doc/libacl1/changelog.Debian.amd64.gz", + "/usr/share/doc/libacl1/changelog.Debian.gz", + "/usr/share/doc/libacl1/changelog.gz", + "/usr/share/doc/libacl1/copyright", + "/usr/share/lintian/overrides/libacl1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libapt-pkg7.0@3.0.3", + "Name": "libapt-pkg7.0", + "Identifier": { + "PURL": "pkg:deb/debian/libapt-pkg7.0@3.0.3?arch=amd64\u0026distro=debian-13.5", + "UID": "5549812c55d79bea" + }, + "Version": "3.0.3", + "Arch": "amd64", + "SrcName": "apt", + "SrcVersion": "3.0.3", + "Licenses": [ + "GPL-2.0-or-later", + "curl", + "BSD-3-Clause", + "MIT", + "GPL-2.0-only" + ], + "Maintainer": "APT Development Team \u003cdeity@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libbz2-1.0@1.0.8-6", + "libc6@2.41-12+deb13u3", + "libgcc-s1@14.2.0-19", + "liblz4-1@1.10.0-4", + "liblzma5@5.8.1-1", + "libssl3t64@3.5.6-1~deb13u1", + "libstdc++6@14.2.0-19", + "libsystemd0@257.13-1~deb13u1", + "libudev1@257.13-1~deb13u1", + "libxxhash0@0.8.3-2", + "libzstd1@1.5.7+dfsg-1", + "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libapt-pkg.so.7.0.0", + "/usr/share/doc/libapt-pkg7.0/NEWS.Debian.gz", + "/usr/share/doc/libapt-pkg7.0/changelog.gz", + "/usr/share/doc/libapt-pkg7.0/copyright", + "/usr/share/locale/ar/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ast/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/bg/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/bs/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ca/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/cs/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/cy/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/da/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/de/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/dz/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/el/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/es/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/eu/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/fi/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/fr/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/gl/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/hu/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/it/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ja/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/km/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ko/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ku/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/lt/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/mr/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/nb/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ne/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/nl/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/nn/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/pl/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/pt/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ro/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ru/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/sk/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/sl/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/sv/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/th/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/tl/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/tr/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/uk/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/vi/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/libapt-pkg7.0.mo" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libattr1@1:2.5.2-3", + "Name": "libattr1", + "Identifier": { + "PURL": "pkg:deb/debian/libattr1@2.5.2-3?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "90d554a582a8683b" + }, + "Version": "2.5.2", + "Release": "3", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "attr", + "SrcVersion": "2.5.2", + "SrcRelease": "3", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.0-or-later", + "LGPL-2.1-only" + ], + "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libattr.so.1.1.2502", + "/usr/share/doc/libattr1/changelog.Debian.gz", + "/usr/share/doc/libattr1/changelog.gz", + "/usr/share/doc/libattr1/copyright", + "/usr/share/lintian/overrides/libattr1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libaudit-common@1:4.0.2-2", + "Name": "libaudit-common", + "Identifier": { + "PURL": "pkg:deb/debian/libaudit-common@4.0.2-2?arch=all\u0026distro=debian-13.5\u0026epoch=1", + "UID": "d20cd9a11d8e018d" + }, + "Version": "4.0.2", + "Release": "2", + "Epoch": 1, + "Arch": "all", + "SrcName": "audit", + "SrcVersion": "4.0.2", + "SrcRelease": "2", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.1-only", + "GPL-1.0-only" + ], + "Maintainer": "Laurent Bigonville \u003cbigon@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/share/doc/libaudit-common/changelog.Debian.gz", + "/usr/share/doc/libaudit-common/changelog.gz", + "/usr/share/doc/libaudit-common/copyright", + "/usr/share/man/man5/libaudit.conf.5.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libaudit1@1:4.0.2-2+b2", + "Name": "libaudit1", + "Identifier": { + "PURL": "pkg:deb/debian/libaudit1@4.0.2-2%2Bb2?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "c47a55b8e27ace3c" + }, + "Version": "4.0.2", + "Release": "2+b2", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "audit", + "SrcVersion": "4.0.2", + "SrcRelease": "2", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.1-only", + "GPL-1.0-only" + ], + "Maintainer": "Laurent Bigonville \u003cbigon@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit-common@1:4.0.2-2", + "libc6@2.41-12+deb13u3", + "libcap-ng0@0.8.5-4+b1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libaudit.so.1.0.0", + "/usr/share/doc/libaudit1/changelog.Debian.amd64.gz", + "/usr/share/doc/libaudit1/changelog.Debian.gz", + "/usr/share/doc/libaudit1/changelog.gz", + "/usr/share/doc/libaudit1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libblkid1@2.41-5", + "Name": "libblkid1", + "Identifier": { + "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "51bf0af8d40f4a01" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libblkid.so.1.1.0", + "/usr/share/doc/libblkid1/NEWS.Debian.gz", + "/usr/share/doc/libblkid1/changelog.Debian.gz", + "/usr/share/doc/libblkid1/changelog.gz", + "/usr/share/doc/libblkid1/copyright", + "/usr/share/lintian/overrides/libblkid1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libbsd0@0.12.2-2", + "Name": "libbsd0", + "Identifier": { + "PURL": "pkg:deb/debian/libbsd0@0.12.2-2?arch=amd64\u0026distro=debian-13.5", + "UID": "a8f4afa42f768363" + }, + "Version": "0.12.2", + "Release": "2", + "Arch": "amd64", + "SrcName": "libbsd", + "SrcVersion": "0.12.2", + "SrcRelease": "2", + "Licenses": [ + "BSD-3-Clause", + "BSD-3-clause-Regents", + "BSD-2-Clause-NetBSD", + "BSD-3-clause-author", + "BSD-3-clause-John-Birrell", + "BSD-5-clause-Peter-Wemm", + "BSD-2-Clause", + "BSD-2-clause-verbatim", + "BSD-2-clause-author", + "ISC", + "ISC-Original", + "MIT", + "public-domain", + "Beerware" + ], + "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libmd0@1.1.0-2+b1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libbsd.so.0.12.2", + "/usr/share/doc/libbsd0/changelog.Debian.gz", + "/usr/share/doc/libbsd0/changelog.gz", + "/usr/share/doc/libbsd0/copyright", + "/usr/share/lintian/overrides/libbsd0" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libbz2-1.0@1.0.8-6", + "Name": "libbz2-1.0", + "Identifier": { + "PURL": "pkg:deb/debian/libbz2-1.0@1.0.8-6?arch=amd64\u0026distro=debian-13.5", + "UID": "2da429aca83dde92" + }, + "Version": "1.0.8", + "Release": "6", + "Arch": "amd64", + "SrcName": "bzip2", + "SrcVersion": "1.0.8", + "SrcRelease": "6", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only" + ], + "Maintainer": "Anibal Monsalve Salazar \u003canibal@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libbz2.so.1.0.4", + "/usr/share/doc/libbz2-1.0/changelog.Debian.gz", + "/usr/share/doc/libbz2-1.0/changelog.gz", + "/usr/share/doc/libbz2-1.0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libc-bin@2.41-12+deb13u3", + "Name": "libc-bin", + "Identifier": { + "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "c45af597301c8c0b" + }, + "Version": "2.41", + "Release": "12+deb13u3", + "Arch": "amd64", + "SrcName": "glibc", + "SrcVersion": "2.41", + "SrcRelease": "12+deb13u3", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.0-or-later", + "LGPL-2.1+-with-link-exception", + "LGPL-3.0-or-later", + "GPL-2.0-or-later", + "GPL-2+-with-link-exception", + "GPL-2.0-only", + "GPL-3.0-or-later", + "FSFAP", + "Carnegie", + "Inner-Net", + "MIT-like-Lord", + "BSD-like-Spencer", + "PCRE", + "BSD-3-clause-Carnegie", + "Unicode-DFS-2016", + "BSL-1.0", + "SunPro", + "CORE-MATH", + "BSD-3-clause-Berkeley", + "BSD-3-clause-WIDE", + "BSD-2-Clause", + "BSD-3-clause-Oracle", + "DEC", + "IBM", + "ISC", + "Univ-Coimbra", + "public-domain", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/getconf", + "/usr/bin/getent", + "/usr/bin/iconv", + "/usr/bin/ldd", + "/usr/bin/locale", + "/usr/bin/localedef", + "/usr/bin/pldd", + "/usr/bin/tzselect", + "/usr/bin/zdump", + "/usr/lib/locale/C.utf8/LC_ADDRESS", + "/usr/lib/locale/C.utf8/LC_COLLATE", + "/usr/lib/locale/C.utf8/LC_CTYPE", + "/usr/lib/locale/C.utf8/LC_IDENTIFICATION", + "/usr/lib/locale/C.utf8/LC_MEASUREMENT", + "/usr/lib/locale/C.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "/usr/lib/locale/C.utf8/LC_MONETARY", + "/usr/lib/locale/C.utf8/LC_NAME", + "/usr/lib/locale/C.utf8/LC_NUMERIC", + "/usr/lib/locale/C.utf8/LC_PAPER", + "/usr/lib/locale/C.utf8/LC_TELEPHONE", + "/usr/lib/locale/C.utf8/LC_TIME", + "/usr/sbin/iconvconfig", + "/usr/sbin/ldconfig", + "/usr/sbin/zic", + "/usr/share/doc/libc-bin/changelog.Debian.gz", + "/usr/share/doc/libc-bin/changelog.gz", + "/usr/share/doc/libc-bin/copyright", + "/usr/share/libc-bin/nsswitch.conf", + "/usr/share/lintian/overrides/libc-bin", + "/usr/share/man/man1/getconf.1.gz", + "/usr/share/man/man1/tzselect.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libc6@2.41-12+deb13u3", + "Name": "libc6", + "Identifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "2a1acf211abcdd46" + }, + "Version": "2.41", + "Release": "12+deb13u3", + "Arch": "amd64", + "SrcName": "glibc", + "SrcVersion": "2.41", + "SrcRelease": "12+deb13u3", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.0-or-later", + "LGPL-2.1+-with-link-exception", + "LGPL-3.0-or-later", + "GPL-2.0-or-later", + "GPL-2+-with-link-exception", + "GPL-2.0-only", + "GPL-3.0-or-later", + "FSFAP", + "Carnegie", + "Inner-Net", + "MIT-like-Lord", + "BSD-like-Spencer", + "PCRE", + "BSD-3-clause-Carnegie", + "Unicode-DFS-2016", + "BSL-1.0", + "SunPro", + "CORE-MATH", + "BSD-3-clause-Berkeley", + "BSD-3-clause-WIDE", + "BSD-2-Clause", + "BSD-3-clause-Oracle", + "DEC", + "IBM", + "ISC", + "Univ-Coimbra", + "public-domain", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libgcc-s1@14.2.0-19" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/gconv/ANSI_X3.110.so", + "/usr/lib/x86_64-linux-gnu/gconv/ARMSCII-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/ASMO_449.so", + "/usr/lib/x86_64-linux-gnu/gconv/BIG5.so", + "/usr/lib/x86_64-linux-gnu/gconv/BIG5HKSCS.so", + "/usr/lib/x86_64-linux-gnu/gconv/BRF.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP10007.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1125.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1250.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1251.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1252.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1253.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1254.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1255.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1256.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1257.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1258.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP737.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP770.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP771.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP772.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP773.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP774.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP775.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP932.so", + "/usr/lib/x86_64-linux-gnu/gconv/CSN_369103.so", + "/usr/lib/x86_64-linux-gnu/gconv/CWI.so", + "/usr/lib/x86_64-linux-gnu/gconv/DEC-MCS.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-CA-FR.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-S.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FR.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IS-FRISS.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IT.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-PT.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-UK.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-US.so", + "/usr/lib/x86_64-linux-gnu/gconv/ECMA-CYRILLIC.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-CN.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-JISX0213.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP-MS.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-KR.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-TW.so", + "/usr/lib/x86_64-linux-gnu/gconv/GB18030.so", + "/usr/lib/x86_64-linux-gnu/gconv/GBBIG5.so", + "/usr/lib/x86_64-linux-gnu/gconv/GBGBK.so", + "/usr/lib/x86_64-linux-gnu/gconv/GBK.so", + "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-ACADEMY.so", + "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-PS.so", + "/usr/lib/x86_64-linux-gnu/gconv/GOST_19768-74.so", + "/usr/lib/x86_64-linux-gnu/gconv/GREEK-CCITT.so", + "/usr/lib/x86_64-linux-gnu/gconv/GREEK7-OLD.so", + "/usr/lib/x86_64-linux-gnu/gconv/GREEK7.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-GREEK8.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN8.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN9.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-THAI8.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-TURKISH8.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM037.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM038.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1004.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1008.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1008_420.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1025.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1026.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1046.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1047.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1097.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1112.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1122.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1123.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1124.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1129.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1130.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1132.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1133.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1137.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1140.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1141.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1142.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1143.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1144.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1145.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1146.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1147.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1148.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1149.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1153.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1154.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1155.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1156.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1157.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1158.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1160.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1161.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1162.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1163.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1164.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1166.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1167.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM12712.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1364.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1371.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1388.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1390.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1399.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM16804.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM256.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM273.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM274.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM275.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM277.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM278.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM280.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM281.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM284.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM285.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM290.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM297.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM420.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM423.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM424.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM437.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4517.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4899.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4909.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4971.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM500.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM5347.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM803.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM850.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM851.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM852.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM855.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM856.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM857.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM858.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM860.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM861.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM862.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM863.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM864.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM865.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM866.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM866NAV.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM868.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM869.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM870.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM871.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM874.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM875.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM880.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM891.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM901.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM902.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM903.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM9030.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM904.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM905.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM9066.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM918.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM921.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM922.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM930.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM932.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM933.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM935.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM937.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM939.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM943.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM9448.so", + "/usr/lib/x86_64-linux-gnu/gconv/IEC_P27-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/INIS-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/INIS-CYRILLIC.so", + "/usr/lib/x86_64-linux-gnu/gconv/INIS.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISIRI-3342.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN-EXT.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP-3.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-KR.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-197.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-209.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO646.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-10.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-11.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-13.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-14.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-15.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-16.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-2.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-3.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-4.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-5.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-6.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-7.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9E.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_10367-BOX.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_11548-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_2033.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427-EXT.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_5428.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937-2.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937.so", + "/usr/lib/x86_64-linux-gnu/gconv/JOHAB.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-R.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-RU.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-T.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-U.so", + "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-CENTRALEUROPE.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-IS.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-SAMI.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-UK.so", + "/usr/lib/x86_64-linux-gnu/gconv/MACINTOSH.so", + "/usr/lib/x86_64-linux-gnu/gconv/MIK.so", + "/usr/lib/x86_64-linux-gnu/gconv/NATS-DANO.so", + "/usr/lib/x86_64-linux-gnu/gconv/NATS-SEFI.so", + "/usr/lib/x86_64-linux-gnu/gconv/PT154.so", + "/usr/lib/x86_64-linux-gnu/gconv/RK1048.so", + "/usr/lib/x86_64-linux-gnu/gconv/SAMI-WS2.so", + "/usr/lib/x86_64-linux-gnu/gconv/SHIFT_JISX0213.so", + "/usr/lib/x86_64-linux-gnu/gconv/SJIS.so", + "/usr/lib/x86_64-linux-gnu/gconv/T.61.so", + "/usr/lib/x86_64-linux-gnu/gconv/TCVN5712-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/TIS-620.so", + "/usr/lib/x86_64-linux-gnu/gconv/TSCII.so", + "/usr/lib/x86_64-linux-gnu/gconv/UHC.so", + "/usr/lib/x86_64-linux-gnu/gconv/UNICODE.so", + "/usr/lib/x86_64-linux-gnu/gconv/UTF-16.so", + "/usr/lib/x86_64-linux-gnu/gconv/UTF-32.so", + "/usr/lib/x86_64-linux-gnu/gconv/UTF-7.so", + "/usr/lib/x86_64-linux-gnu/gconv/VISCII.so", + "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules", + "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache", + "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.d/gconv-modules-extra.conf", + "/usr/lib/x86_64-linux-gnu/gconv/libCNS.so", + "/usr/lib/x86_64-linux-gnu/gconv/libGB.so", + "/usr/lib/x86_64-linux-gnu/gconv/libISOIR165.so", + "/usr/lib/x86_64-linux-gnu/gconv/libJIS.so", + "/usr/lib/x86_64-linux-gnu/gconv/libJISX0213.so", + "/usr/lib/x86_64-linux-gnu/gconv/libKSC.so", + "/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2", + "/usr/lib/x86_64-linux-gnu/libBrokenLocale.so.1", + "/usr/lib/x86_64-linux-gnu/libanl.so.1", + "/usr/lib/x86_64-linux-gnu/libc.so.6", + "/usr/lib/x86_64-linux-gnu/libc_malloc_debug.so.0", + "/usr/lib/x86_64-linux-gnu/libdl.so.2", + "/usr/lib/x86_64-linux-gnu/libm.so.6", + "/usr/lib/x86_64-linux-gnu/libmemusage.so", + "/usr/lib/x86_64-linux-gnu/libmvec.so.1", + "/usr/lib/x86_64-linux-gnu/libnsl.so.1", + "/usr/lib/x86_64-linux-gnu/libnss_compat.so.2", + "/usr/lib/x86_64-linux-gnu/libnss_dns.so.2", + "/usr/lib/x86_64-linux-gnu/libnss_files.so.2", + "/usr/lib/x86_64-linux-gnu/libnss_hesiod.so.2", + "/usr/lib/x86_64-linux-gnu/libpcprofile.so", + "/usr/lib/x86_64-linux-gnu/libpthread.so.0", + "/usr/lib/x86_64-linux-gnu/libresolv.so.2", + "/usr/lib/x86_64-linux-gnu/librt.so.1", + "/usr/lib/x86_64-linux-gnu/libthread_db.so.1", + "/usr/lib/x86_64-linux-gnu/libutil.so.1", + "/usr/share/doc/libc6/NEWS.Debian.gz", + "/usr/share/doc/libc6/NEWS.gz", + "/usr/share/doc/libc6/README.Debian.gz", + "/usr/share/doc/libc6/README.hesiod.gz", + "/usr/share/doc/libc6/changelog.Debian.gz", + "/usr/share/doc/libc6/changelog.gz", + "/usr/share/doc/libc6/copyright", + "/usr/share/lintian/overrides/libc6" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcap-ng0@0.8.5-4+b1", + "Name": "libcap-ng0", + "Identifier": { + "PURL": "pkg:deb/debian/libcap-ng0@0.8.5-4%2Bb1?arch=amd64\u0026distro=debian-13.5", + "UID": "9b7c2d5667513e48" + }, + "Version": "0.8.5", + "Release": "4+b1", + "Arch": "amd64", + "SrcName": "libcap-ng", + "SrcVersion": "0.8.5", + "SrcRelease": "4", + "Licenses": [ + "LGPL-2.1-or-later", + "GPL-2.0-or-later", + "GPL-3.0-only", + "LGPL-2.1-only", + "GPL-2.0-only" + ], + "Maintainer": "Håvard F. Aasen \u003chavard.f.aasen@pfft.no\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/libdrop_ambient.so.0.0.0", + "/usr/share/doc/libcap-ng0/changelog.Debian.amd64.gz", + "/usr/share/doc/libcap-ng0/changelog.Debian.gz", + "/usr/share/doc/libcap-ng0/changelog.gz", + "/usr/share/doc/libcap-ng0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcap2@1:2.75-10+deb13u1+b1", + "Name": "libcap2", + "Identifier": { + "PURL": "pkg:deb/debian/libcap2@2.75-10%2Bdeb13u1%2Bb1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "7cefa0399e4d88d4" + }, + "Version": "2.75", + "Release": "10+deb13u1+b1", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "libcap2", + "SrcVersion": "2.75", + "SrcRelease": "10+deb13u1", + "SrcEpoch": 1, + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only", + "GPL-2.0-or-later" + ], + "Maintainer": "Christian Kastner \u003cckk@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libcap.so.2.75", + "/usr/lib/x86_64-linux-gnu/libpsx.so.2.75", + "/usr/share/doc/libcap2/changelog.Debian.amd64.gz", + "/usr/share/doc/libcap2/changelog.Debian.gz", + "/usr/share/doc/libcap2/changelog.gz", + "/usr/share/doc/libcap2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcrypt1@1:4.4.38-1", + "Name": "libcrypt1", + "Identifier": { + "PURL": "pkg:deb/debian/libcrypt1@4.4.38-1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "afe984ba824f92ac" + }, + "Version": "4.4.38", + "Release": "1", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "libxcrypt", + "SrcVersion": "4.4.38", + "SrcRelease": "1", + "SrcEpoch": 1, + "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0", + "/usr/share/doc/libcrypt1/changelog.Debian.gz", + "/usr/share/doc/libcrypt1/changelog.gz", + "/usr/share/doc/libcrypt1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libdb5.3t64@5.3.28+dfsg2-9", + "Name": "libdb5.3t64", + "Identifier": { + "PURL": "pkg:deb/debian/libdb5.3t64@5.3.28%2Bdfsg2-9?arch=amd64\u0026distro=debian-13.5", + "UID": "2f5f1c2fd77295dc" + }, + "Version": "5.3.28+dfsg2", + "Release": "9", + "Arch": "amd64", + "SrcName": "db5.3", + "SrcVersion": "5.3.28+dfsg2", + "SrcRelease": "9", + "Licenses": [ + "Sleepycat", + "BSD-3-Clause", + "MS-PL", + "GPL-2.0-or-later", + "Artistic-2.0", + "X11", + "MIT-old", + "TCL-like", + "BSD-3-clause-fjord", + "GPL-3.0-only", + "Zlib" + ], + "Maintainer": "Debian QA Group \u003cpackages@qa.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libdb-5.3.so", + "/usr/share/doc/libdb5.3t64/build_signature_amd64.txt", + "/usr/share/doc/libdb5.3t64/changelog.Debian.gz", + "/usr/share/doc/libdb5.3t64/copyright", + "/usr/share/lintian/overrides/libdb5.3t64" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libdebconfclient0@0.280", + "Name": "libdebconfclient0", + "Identifier": { + "PURL": "pkg:deb/debian/libdebconfclient0@0.280?arch=amd64\u0026distro=debian-13.5", + "UID": "fcad452fa456130" + }, + "Version": "0.280", + "Arch": "amd64", + "SrcName": "cdebconf", + "SrcVersion": "0.280", + "Licenses": [ + "BSD-2-Clause", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Debian Install System Team \u003cdebian-boot@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libdebconfclient.so.0.0.0", + "/usr/share/doc/libdebconfclient0/changelog.gz", + "/usr/share/doc/libdebconfclient0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libffi8@3.4.8-2", + "Name": "libffi8", + "Identifier": { + "PURL": "pkg:deb/debian/libffi8@3.4.8-2?arch=amd64\u0026distro=debian-13.5", + "UID": "e57a61a9119138e1" + }, + "Version": "3.4.8", + "Release": "2", + "Arch": "amd64", + "SrcName": "libffi", + "SrcVersion": "3.4.8", + "SrcRelease": "2", + "Licenses": [ + "MIT", + "X11", + "GPL-2.0-or-later", + "GPL-3.0-or-later", + "MPL-1.1", + "LGPL-2.1-or-later", + "public-domain" + ], + "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libffi.so.8.1.4", + "/usr/share/doc/libffi8/changelog.Debian.gz", + "/usr/share/doc/libffi8/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgcc-s1@14.2.0-19", + "Name": "libgcc-s1", + "Identifier": { + "PURL": "pkg:deb/debian/libgcc-s1@14.2.0-19?arch=amd64\u0026distro=debian-13.5", + "UID": "6ebf985ba3bd76f3" + }, + "Version": "14.2.0", + "Release": "19", + "Arch": "amd64", + "SrcName": "gcc-14", + "SrcVersion": "14.2.0", + "SrcRelease": "19", + "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "gcc-14-base@14.2.0-19", + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgcc_s.so.1", + "/usr/share/lintian/overrides/libgcc-s1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgdbm6t64@1.24-2", + "Name": "libgdbm6t64", + "Identifier": { + "PURL": "pkg:deb/debian/libgdbm6t64@1.24-2?arch=amd64\u0026distro=debian-13.5", + "UID": "a978781f1be6197e" + }, + "Version": "1.24", + "Release": "2", + "Arch": "amd64", + "SrcName": "gdbm", + "SrcVersion": "1.24", + "SrcRelease": "2", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-2.0-or-later", + "GFDL-1.3-no-invariants-or-later", + "GPL-3.0-only", + "GPL-2.0-only" + ], + "Maintainer": "Nicolas Mora \u003cbabelouest@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgdbm.so.6.0.0", + "/usr/share/doc/libgdbm6t64/changelog.Debian.gz", + "/usr/share/doc/libgdbm6t64/changelog.gz", + "/usr/share/doc/libgdbm6t64/copyright", + "/usr/share/lintian/overrides/libgdbm6t64" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgmp10@2:6.3.0+dfsg-3", + "Name": "libgmp10", + "Identifier": { + "PURL": "pkg:deb/debian/libgmp10@6.3.0%2Bdfsg-3?arch=amd64\u0026distro=debian-13.5\u0026epoch=2", + "UID": "fec85c1b440262e2" + }, + "Version": "6.3.0+dfsg", + "Release": "3", + "Epoch": 2, + "Arch": "amd64", + "SrcName": "gmp", + "SrcVersion": "6.3.0+dfsg", + "SrcRelease": "3", + "SrcEpoch": 2, + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-or-later", + "GPL-3+ with Bison exception", + "GPL-2.0-only", + "GPL-3.0-only", + "LGPL-3.0-only" + ], + "Maintainer": "Debian Science Maintainers \u003cdebian-science-maintainers@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgmp.so.10.5.0", + "/usr/share/doc/libgmp10/README.Debian", + "/usr/share/doc/libgmp10/changelog.Debian.gz", + "/usr/share/doc/libgmp10/changelog.gz", + "/usr/share/doc/libgmp10/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libhogweed6t64@3.10.1-1", + "Name": "libhogweed6t64", + "Identifier": { + "PURL": "pkg:deb/debian/libhogweed6t64@3.10.1-1?arch=amd64\u0026distro=debian-13.5", + "UID": "8a048285d77ff6c0" + }, + "Version": "3.10.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "nettle", + "SrcVersion": "3.10.1", + "SrcRelease": "1", + "Licenses": [ + "LGPL-3.0-or-later", + "GPL-2.0-or-later", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "MIT", + "GPL-3.0-with-autoconf-exception+", + "public-domain", + "GPL-2.0-only", + "GAP" + ], + "Maintainer": "Magnus Holmgren \u003cholmgren@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libgmp10@2:6.3.0+dfsg-3", + "libnettle8t64@3.10.1-1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libhogweed.so.6.10", + "/usr/share/doc/libhogweed6t64/changelog.Debian.gz", + "/usr/share/doc/libhogweed6t64/changelog.gz", + "/usr/share/doc/libhogweed6t64/copyright", + "/usr/share/lintian/overrides/libhogweed6t64" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "liblastlog2-2@2.41-5", + "Name": "liblastlog2-2", + "Identifier": { + "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "eb4f5430aea34a10" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libsqlite3-0@3.46.1-7+deb13u1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/liblastlog2.so.2.0.0", + "/usr/share/doc/liblastlog2-2/NEWS.Debian.gz", + "/usr/share/doc/liblastlog2-2/changelog.Debian.gz", + "/usr/share/doc/liblastlog2-2/changelog.gz", + "/usr/share/doc/liblastlog2-2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "liblz4-1@1.10.0-4", + "Name": "liblz4-1", + "Identifier": { + "PURL": "pkg:deb/debian/liblz4-1@1.10.0-4?arch=amd64\u0026distro=debian-13.5", + "UID": "c31b43410c927de" + }, + "Version": "1.10.0", + "Release": "4", + "Arch": "amd64", + "SrcName": "lz4", + "SrcVersion": "1.10.0", + "SrcRelease": "4", + "Licenses": [ + "GPL-2.0-or-later", + "BSD-2-Clause", + "GPL-2.0-only" + ], + "Maintainer": "Nobuhiro Iwamatsu \u003ciwamatsu@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libxxhash0@0.8.3-2" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/liblz4.so.1.10.0", + "/usr/share/doc/liblz4-1/changelog.Debian.gz", + "/usr/share/doc/liblz4-1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "liblzma5@5.8.1-1", + "Name": "liblzma5", + "Identifier": { + "PURL": "pkg:deb/debian/liblzma5@5.8.1-1?arch=amd64\u0026distro=debian-13.5", + "UID": "d7b58e04f1a265ed" + }, + "Version": "5.8.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "xz-utils", + "SrcVersion": "5.8.1", + "SrcRelease": "1", + "Licenses": [ + "0BSD", + "GPL-2.0-or-later", + "LGPL-2.1-or-later", + "FSFULLR", + "GPL-3.0-or-later-WITH-Autoconf-exception-macro", + "none", + "PD", + "permissive-nowarranty", + "FSFUL", + "noderivs", + "PD-debian", + "LGPL-2.1-only", + "GPL-2.0-only", + "GPL-3.0-only" + ], + "Maintainer": "Sebastian Andrzej Siewior \u003csebastian@breakpoint.cc\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/liblzma.so.5.8.1", + "/usr/share/doc/liblzma5/AUTHORS", + "/usr/share/doc/liblzma5/NEWS.gz", + "/usr/share/doc/liblzma5/THANKS.gz", + "/usr/share/doc/liblzma5/changelog.Debian.gz", + "/usr/share/doc/liblzma5/changelog.gz", + "/usr/share/doc/liblzma5/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libmd0@1.1.0-2+b1", + "Name": "libmd0", + "Identifier": { + "PURL": "pkg:deb/debian/libmd0@1.1.0-2%2Bb1?arch=amd64\u0026distro=debian-13.5", + "UID": "f3971c5b48c68b3c" + }, + "Version": "1.1.0", + "Release": "2+b1", + "Arch": "amd64", + "SrcName": "libmd", + "SrcVersion": "1.1.0", + "SrcRelease": "2", + "Licenses": [ + "BSD-3-Clause", + "BSD-3-clause-Aaron-D-Gifford", + "BSD-2-Clause", + "BSD-2-Clause-NetBSD", + "ISC", + "Beerware", + "public-domain-md4", + "public-domain-md5", + "public-domain-sha1" + ], + "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libmd.so.0.1.0", + "/usr/share/doc/libmd0/changelog.Debian.amd64.gz", + "/usr/share/doc/libmd0/changelog.Debian.gz", + "/usr/share/doc/libmd0/changelog.gz", + "/usr/share/doc/libmd0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libmount1@2.41-5", + "Name": "libmount1", + "Identifier": { + "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "84ccd0371833b76" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libblkid1@2.41-5", + "libc6@2.41-12+deb13u3", + "libselinux1@3.8.1-1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libmount.so.1.1.0", + "/usr/share/doc/libmount1/NEWS.Debian.gz", + "/usr/share/doc/libmount1/changelog.Debian.gz", + "/usr/share/doc/libmount1/changelog.gz", + "/usr/share/doc/libmount1/copyright", + "/usr/share/lintian/overrides/libmount1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libncursesw6@6.5+20250216-2", + "Name": "libncursesw6", + "Identifier": { + "PURL": "pkg:deb/debian/libncursesw6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", + "UID": "5efa2a2068c240d8" + }, + "Version": "6.5+20250216", + "Release": "2", + "Arch": "amd64", + "SrcName": "ncurses", + "SrcVersion": "6.5+20250216", + "SrcRelease": "2", + "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libtinfo6@6.5+20250216-2" + ], + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libformw.so.6.5", + "/usr/lib/x86_64-linux-gnu/libmenuw.so.6.5", + "/usr/lib/x86_64-linux-gnu/libncursesw.so.6.5", + "/usr/lib/x86_64-linux-gnu/libpanelw.so.6.5" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libnettle8t64@3.10.1-1", + "Name": "libnettle8t64", + "Identifier": { + "PURL": "pkg:deb/debian/libnettle8t64@3.10.1-1?arch=amd64\u0026distro=debian-13.5", + "UID": "fd78e15d23b25c1f" + }, + "Version": "3.10.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "nettle", + "SrcVersion": "3.10.1", + "SrcRelease": "1", + "Licenses": [ + "LGPL-3.0-or-later", + "GPL-2.0-or-later", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "MIT", + "GPL-3.0-with-autoconf-exception+", + "public-domain", + "GPL-2.0-only", + "GAP" + ], + "Maintainer": "Magnus Holmgren \u003cholmgren@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libnettle.so.8.10", + "/usr/share/doc/libnettle8t64/NEWS.gz", + "/usr/share/doc/libnettle8t64/README", + "/usr/share/doc/libnettle8t64/changelog.Debian.gz", + "/usr/share/doc/libnettle8t64/changelog.gz", + "/usr/share/doc/libnettle8t64/copyright", + "/usr/share/lintian/overrides/libnettle8t64" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam-modules@1.7.0-5", + "Name": "libpam-modules", + "Identifier": { + "PURL": "pkg:deb/debian/libpam-modules@1.7.0-5?arch=amd64\u0026distro=debian-13.5", + "UID": "274a704398461ef0" + }, + "Version": "1.7.0", + "Release": "5", + "Arch": "amd64", + "SrcName": "pam", + "SrcVersion": "1.7.0", + "SrcRelease": "5", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-1.0-only", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "BSD-tcp_wrappers", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "public-domain", + "Beerware" + ], + "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/security/pam_access.so", + "/usr/lib/x86_64-linux-gnu/security/pam_canonicalize_user.so", + "/usr/lib/x86_64-linux-gnu/security/pam_debug.so", + "/usr/lib/x86_64-linux-gnu/security/pam_deny.so", + "/usr/lib/x86_64-linux-gnu/security/pam_echo.so", + "/usr/lib/x86_64-linux-gnu/security/pam_env.so", + "/usr/lib/x86_64-linux-gnu/security/pam_exec.so", + "/usr/lib/x86_64-linux-gnu/security/pam_faildelay.so", + "/usr/lib/x86_64-linux-gnu/security/pam_faillock.so", + "/usr/lib/x86_64-linux-gnu/security/pam_filter.so", + "/usr/lib/x86_64-linux-gnu/security/pam_ftp.so", + "/usr/lib/x86_64-linux-gnu/security/pam_group.so", + "/usr/lib/x86_64-linux-gnu/security/pam_issue.so", + "/usr/lib/x86_64-linux-gnu/security/pam_keyinit.so", + "/usr/lib/x86_64-linux-gnu/security/pam_limits.so", + "/usr/lib/x86_64-linux-gnu/security/pam_listfile.so", + "/usr/lib/x86_64-linux-gnu/security/pam_localuser.so", + "/usr/lib/x86_64-linux-gnu/security/pam_loginuid.so", + "/usr/lib/x86_64-linux-gnu/security/pam_mail.so", + "/usr/lib/x86_64-linux-gnu/security/pam_mkhomedir.so", + "/usr/lib/x86_64-linux-gnu/security/pam_motd.so", + "/usr/lib/x86_64-linux-gnu/security/pam_namespace.so", + "/usr/lib/x86_64-linux-gnu/security/pam_nologin.so", + "/usr/lib/x86_64-linux-gnu/security/pam_permit.so", + "/usr/lib/x86_64-linux-gnu/security/pam_pwhistory.so", + "/usr/lib/x86_64-linux-gnu/security/pam_rhosts.so", + "/usr/lib/x86_64-linux-gnu/security/pam_rootok.so", + "/usr/lib/x86_64-linux-gnu/security/pam_securetty.so", + "/usr/lib/x86_64-linux-gnu/security/pam_selinux.so", + "/usr/lib/x86_64-linux-gnu/security/pam_sepermit.so", + "/usr/lib/x86_64-linux-gnu/security/pam_setquota.so", + "/usr/lib/x86_64-linux-gnu/security/pam_shells.so", + "/usr/lib/x86_64-linux-gnu/security/pam_stress.so", + "/usr/lib/x86_64-linux-gnu/security/pam_succeed_if.so", + "/usr/lib/x86_64-linux-gnu/security/pam_time.so", + "/usr/lib/x86_64-linux-gnu/security/pam_timestamp.so", + "/usr/lib/x86_64-linux-gnu/security/pam_tty_audit.so", + "/usr/lib/x86_64-linux-gnu/security/pam_umask.so", + "/usr/lib/x86_64-linux-gnu/security/pam_unix.so", + "/usr/lib/x86_64-linux-gnu/security/pam_userdb.so", + "/usr/lib/x86_64-linux-gnu/security/pam_usertype.so", + "/usr/lib/x86_64-linux-gnu/security/pam_warn.so", + "/usr/lib/x86_64-linux-gnu/security/pam_wheel.so", + "/usr/lib/x86_64-linux-gnu/security/pam_xauth.so", + "/usr/share/doc/libpam-modules/NEWS.Debian.gz", + "/usr/share/doc/libpam-modules/changelog.Debian.gz", + "/usr/share/doc/libpam-modules/changelog.gz", + "/usr/share/doc/libpam-modules/copyright", + "/usr/share/doc/libpam-modules/examples/upperLOWER.c", + "/usr/share/lintian/overrides/libpam-modules", + "/usr/share/pam-configs/mkhomedir" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam-modules-bin@1.7.0-5", + "Name": "libpam-modules-bin", + "Identifier": { + "PURL": "pkg:deb/debian/libpam-modules-bin@1.7.0-5?arch=amd64\u0026distro=debian-13.5", + "UID": "c9cbae9084b28bae" + }, + "Version": "1.7.0", + "Release": "5", + "Arch": "amd64", + "SrcName": "pam", + "SrcVersion": "1.7.0", + "SrcRelease": "5", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-1.0-only", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "BSD-tcp_wrappers", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "public-domain", + "Beerware" + ], + "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit1@1:4.0.2-2+b2", + "libc6@2.41-12+deb13u3", + "libcrypt1@1:4.4.38-1", + "libpam0g@1.7.0-5", + "libselinux1@3.8.1-1", + "libsystemd0@257.13-1~deb13u1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/systemd/system/pam_namespace.service", + "/usr/sbin/faillock", + "/usr/sbin/mkhomedir_helper", + "/usr/sbin/pam_namespace_helper", + "/usr/sbin/pam_timestamp_check", + "/usr/sbin/pwhistory_helper", + "/usr/sbin/unix_chkpwd", + "/usr/sbin/unix_update", + "/usr/share/doc/libpam-modules-bin/changelog.Debian.gz", + "/usr/share/doc/libpam-modules-bin/changelog.gz", + "/usr/share/doc/libpam-modules-bin/copyright", + "/usr/share/lintian/overrides/libpam-modules-bin" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam-runtime@1.7.0-5", + "Name": "libpam-runtime", + "Identifier": { + "PURL": "pkg:deb/debian/libpam-runtime@1.7.0-5?arch=all\u0026distro=debian-13.5", + "UID": "1d4f3eaf1c0f9548" + }, + "Version": "1.7.0", + "Release": "5", + "Arch": "all", + "SrcName": "pam", + "SrcVersion": "1.7.0", + "SrcRelease": "5", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-1.0-only", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "BSD-tcp_wrappers", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "public-domain", + "Beerware" + ], + "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.91", + "libpam-modules@1.7.0-5" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/sbin/pam-auth-update", + "/usr/sbin/pam_getenv", + "/usr/share/doc/libpam-runtime/changelog.Debian.gz", + "/usr/share/doc/libpam-runtime/changelog.gz", + "/usr/share/doc/libpam-runtime/copyright", + "/usr/share/lintian/overrides/libpam-runtime", + "/usr/share/locale/af/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/am/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ar/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/as/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/az/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/be/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/bg/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/bn/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/bn_IN/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/bs/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ca/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/cs/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/cy/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/da/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/de/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/de_CH/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/el/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/eo/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/es/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/et/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/eu/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/fa/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/fi/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/fr/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ga/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/gl/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/gu/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/he/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/hi/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/hr/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/hu/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ia/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/id/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/is/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/it/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ja/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ka/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/kk/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/km/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/kn/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ko/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/kw_GB/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ky/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/lt/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/lv/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/mk/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ml/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/mn/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/mr/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ms/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/my/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/nb/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ne/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/nl/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/nn/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/or/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/pa/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/pl/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/pt/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ro/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ru/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/si/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sk/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sl/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sq/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sr/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sr@latin/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sv/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ta/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/te/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/tg/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/th/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/tr/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/uk/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ur/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/vi/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/yo/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/zh_HK/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/zu/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/man/man5/access.conf.5.gz", + "/usr/share/man/man5/faillock.conf.5.gz", + "/usr/share/man/man5/group.conf.5.gz", + "/usr/share/man/man5/limits.conf.5.gz", + "/usr/share/man/man5/namespace.conf.5.gz", + "/usr/share/man/man5/pam.conf.5.gz", + "/usr/share/man/man5/pam_env.conf.5.gz", + "/usr/share/man/man5/pwhistory.conf.5.gz", + "/usr/share/man/man5/sepermit.conf.5.gz", + "/usr/share/man/man5/time.conf.5.gz", + "/usr/share/man/man7/PAM.7.gz", + "/usr/share/man/man8/faillock.8.gz", + "/usr/share/man/man8/mkhomedir_helper.8.gz", + "/usr/share/man/man8/pam-auth-update.8.gz", + "/usr/share/man/man8/pam_access.8.gz", + "/usr/share/man/man8/pam_canonicalize_user.8.gz", + "/usr/share/man/man8/pam_debug.8.gz", + "/usr/share/man/man8/pam_deny.8.gz", + "/usr/share/man/man8/pam_echo.8.gz", + "/usr/share/man/man8/pam_env.8.gz", + "/usr/share/man/man8/pam_exec.8.gz", + "/usr/share/man/man8/pam_faildelay.8.gz", + "/usr/share/man/man8/pam_faillock.8.gz", + "/usr/share/man/man8/pam_filter.8.gz", + "/usr/share/man/man8/pam_ftp.8.gz", + "/usr/share/man/man8/pam_getenv.8.gz", + "/usr/share/man/man8/pam_group.8.gz", + "/usr/share/man/man8/pam_issue.8.gz", + "/usr/share/man/man8/pam_keyinit.8.gz", + "/usr/share/man/man8/pam_limits.8.gz", + "/usr/share/man/man8/pam_listfile.8.gz", + "/usr/share/man/man8/pam_localuser.8.gz", + "/usr/share/man/man8/pam_loginuid.8.gz", + "/usr/share/man/man8/pam_mail.8.gz", + "/usr/share/man/man8/pam_mkhomedir.8.gz", + "/usr/share/man/man8/pam_motd.8.gz", + "/usr/share/man/man8/pam_namespace.8.gz", + "/usr/share/man/man8/pam_namespace_helper.8.gz", + "/usr/share/man/man8/pam_nologin.8.gz", + "/usr/share/man/man8/pam_permit.8.gz", + "/usr/share/man/man8/pam_pwhistory.8.gz", + "/usr/share/man/man8/pam_rhosts.8.gz", + "/usr/share/man/man8/pam_rootok.8.gz", + "/usr/share/man/man8/pam_securetty.8.gz", + "/usr/share/man/man8/pam_selinux.8.gz", + "/usr/share/man/man8/pam_sepermit.8.gz", + "/usr/share/man/man8/pam_setquota.8.gz", + "/usr/share/man/man8/pam_shells.8.gz", + "/usr/share/man/man8/pam_stress.8.gz", + "/usr/share/man/man8/pam_succeed_if.8.gz", + "/usr/share/man/man8/pam_time.8.gz", + "/usr/share/man/man8/pam_timestamp.8.gz", + "/usr/share/man/man8/pam_timestamp_check.8.gz", + "/usr/share/man/man8/pam_tty_audit.8.gz", + "/usr/share/man/man8/pam_umask.8.gz", + "/usr/share/man/man8/pam_unix.8.gz", + "/usr/share/man/man8/pam_userdb.8.gz", + "/usr/share/man/man8/pam_usertype.8.gz", + "/usr/share/man/man8/pam_warn.8.gz", + "/usr/share/man/man8/pam_wheel.8.gz", + "/usr/share/man/man8/pam_xauth.8.gz", + "/usr/share/man/man8/pwhistory_helper.8.gz", + "/usr/share/man/man8/unix_chkpwd.8.gz", + "/usr/share/man/man8/unix_update.8.gz", + "/usr/share/pam-configs/unix", + "/usr/share/pam/common-account", + "/usr/share/pam/common-account.md5sums", + "/usr/share/pam/common-auth", + "/usr/share/pam/common-auth.md5sums", + "/usr/share/pam/common-password", + "/usr/share/pam/common-password.md5sums", + "/usr/share/pam/common-session", + "/usr/share/pam/common-session-noninteractive", + "/usr/share/pam/common-session-noninteractive.md5sums", + "/usr/share/pam/common-session.md5sums" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam0g@1.7.0-5", + "Name": "libpam0g", + "Identifier": { + "PURL": "pkg:deb/debian/libpam0g@1.7.0-5?arch=amd64\u0026distro=debian-13.5", + "UID": "50a3886f7361785c" + }, + "Version": "1.7.0", + "Release": "5", + "Arch": "amd64", + "SrcName": "pam", + "SrcVersion": "1.7.0", + "SrcRelease": "5", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-1.0-only", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "BSD-tcp_wrappers", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "public-domain", + "Beerware" + ], + "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.91", + "libaudit1@1:4.0.2-2+b2", + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libpam.so.0.85.1", + "/usr/lib/x86_64-linux-gnu/libpam_misc.so.0.82.1", + "/usr/lib/x86_64-linux-gnu/libpamc.so.0.82.1", + "/usr/share/doc/libpam0g/Debian-PAM-MiniPolicy.gz", + "/usr/share/doc/libpam0g/README", + "/usr/share/doc/libpam0g/README.Debian", + "/usr/share/doc/libpam0g/TODO.Debian", + "/usr/share/doc/libpam0g/changelog.Debian.gz", + "/usr/share/doc/libpam0g/changelog.gz", + "/usr/share/doc/libpam0g/copyright", + "/usr/share/lintian/overrides/libpam0g" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpcre2-8-0@10.46-1~deb13u1", + "Name": "libpcre2-8-0", + "Identifier": { + "PURL": "pkg:deb/debian/libpcre2-8-0@10.46-1~deb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "aa7e3a6ab471d889" + }, + "Version": "10.46", + "Release": "1~deb13u1", + "Arch": "amd64", + "SrcName": "pcre2", + "SrcVersion": "10.46", + "SrcRelease": "1~deb13u1", + "Licenses": [ + "BSD-3-clause-Cambridge with BINARY LIBRARY-LIKE PACKAGES exception", + "BSD-3-Clause", + "X11", + "BSD-2-Clause", + "public-domain" + ], + "Maintainer": "Matthew Vernon \u003cmatthew@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.14.0", + "/usr/share/doc/libpcre2-8-0/README.Debian", + "/usr/share/doc/libpcre2-8-0/changelog.Debian.gz", + "/usr/share/doc/libpcre2-8-0/changelog.gz", + "/usr/share/doc/libpcre2-8-0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libreadline8t64@8.2-6", + "Name": "libreadline8t64", + "Identifier": { + "PURL": "pkg:deb/debian/libreadline8t64@8.2-6?arch=amd64\u0026distro=debian-13.5", + "UID": "a41a60a40a941961" + }, + "Version": "8.2", + "Release": "6", + "Arch": "amd64", + "SrcName": "readline", + "SrcVersion": "8.2", + "SrcRelease": "6", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only", + "GPL-2.0-or-later", + "GPL-2.0-only", + "GFDL-1.3-no-invariants-or-later", + "GFDL-1.3-or-later", + "ISC-no-attribution" + ], + "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libtinfo6@6.5+20250216-2", + "readline-common@8.2-6" + ], + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libhistory.so.8.2", + "/usr/lib/x86_64-linux-gnu/libreadline.so.8.2", + "/usr/share/doc/libreadline8t64/README.Debian", + "/usr/share/doc/libreadline8t64/USAGE", + "/usr/share/doc/libreadline8t64/changelog.Debian.gz", + "/usr/share/doc/libreadline8t64/changelog.gz", + "/usr/share/doc/libreadline8t64/copyright", + "/usr/share/doc/libreadline8t64/examples/Inputrc", + "/usr/share/doc/libreadline8t64/inputrc.arrows" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libseccomp2@2.6.0-2", + "Name": "libseccomp2", + "Identifier": { + "PURL": "pkg:deb/debian/libseccomp2@2.6.0-2?arch=amd64\u0026distro=debian-13.5", + "UID": "97e0ed663a98e78b" + }, + "Version": "2.6.0", + "Release": "2", + "Arch": "amd64", + "SrcName": "libseccomp", + "SrcVersion": "2.6.0", + "SrcRelease": "2", + "Licenses": [ + "LGPL-2.1-only" + ], + "Maintainer": "Kees Cook \u003ckees@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libseccomp.so.2.6.0", + "/usr/share/doc/libseccomp2/changelog.Debian.gz", + "/usr/share/doc/libseccomp2/changelog.gz", + "/usr/share/doc/libseccomp2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libselinux1@3.8.1-1", + "Name": "libselinux1", + "Identifier": { + "PURL": "pkg:deb/debian/libselinux1@3.8.1-1?arch=amd64\u0026distro=debian-13.5", + "UID": "f7d3a23ad693e5cb" + }, + "Version": "3.8.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "libselinux", + "SrcVersion": "3.8.1", + "SrcRelease": "1", + "Licenses": [ + "public-domain", + "GPL-2.0-only" + ], + "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libpcre2-8-0@10.46-1~deb13u1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/tmpfiles.d/libselinux1.conf", + "/usr/lib/x86_64-linux-gnu/libselinux.so.1", + "/usr/share/doc/libselinux1/changelog.Debian.gz", + "/usr/share/doc/libselinux1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsemanage-common@3.8.1-1", + "Name": "libsemanage-common", + "Identifier": { + "PURL": "pkg:deb/debian/libsemanage-common@3.8.1-1?arch=all\u0026distro=debian-13.5", + "UID": "ecc6b54d8bc6318c" + }, + "Version": "3.8.1", + "Release": "1", + "Arch": "all", + "SrcName": "libsemanage", + "SrcVersion": "3.8.1", + "SrcRelease": "1", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.1-only", + "GPL-2.0-only" + ], + "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/share/doc/libsemanage-common/changelog.Debian.gz", + "/usr/share/doc/libsemanage-common/copyright", + "/usr/share/man/man5/semanage.conf.5.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsemanage2@3.8.1-1", + "Name": "libsemanage2", + "Identifier": { + "PURL": "pkg:deb/debian/libsemanage2@3.8.1-1?arch=amd64\u0026distro=debian-13.5", + "UID": "5684bd063761ddb3" + }, + "Version": "3.8.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "libsemanage", + "SrcVersion": "3.8.1", + "SrcRelease": "1", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.1-only", + "GPL-2.0-only" + ], + "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit1@1:4.0.2-2+b2", + "libbz2-1.0@1.0.8-6", + "libc6@2.41-12+deb13u3", + "libselinux1@3.8.1-1", + "libsemanage-common@3.8.1-1", + "libsepol2@3.8.1-1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsemanage.so.2", + "/usr/share/doc/libsemanage2/changelog.Debian.gz", + "/usr/share/doc/libsemanage2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsepol2@3.8.1-1", + "Name": "libsepol2", + "Identifier": { + "PURL": "pkg:deb/debian/libsepol2@3.8.1-1?arch=amd64\u0026distro=debian-13.5", + "UID": "9990a97d658e13ae" + }, + "Version": "3.8.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "libsepol", + "SrcVersion": "3.8.1", + "SrcRelease": "1", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.1-only", + "Zlib", + "GPL-2.0-only", + "GPL-2.0-or-later" + ], + "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsepol.so.2", + "/usr/share/doc/libsepol2/changelog.Debian.gz", + "/usr/share/doc/libsepol2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsmartcols1@2.41-5", + "Name": "libsmartcols1", + "Identifier": { + "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "780dbec0869ab8e" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsmartcols.so.1.1.0", + "/usr/share/doc/libsmartcols1/NEWS.Debian.gz", + "/usr/share/doc/libsmartcols1/changelog.Debian.gz", + "/usr/share/doc/libsmartcols1/changelog.gz", + "/usr/share/doc/libsmartcols1/copyright", + "/usr/share/lintian/overrides/libsmartcols1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsqlite3-0@3.46.1-7+deb13u1", + "Name": "libsqlite3-0", + "Identifier": { + "PURL": "pkg:deb/debian/libsqlite3-0@3.46.1-7%2Bdeb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "c7da287e696e8198" + }, + "Version": "3.46.1", + "Release": "7+deb13u1", + "Arch": "amd64", + "SrcName": "sqlite3", + "SrcVersion": "3.46.1", + "SrcRelease": "7+deb13u1", + "Licenses": [ + "public-domain", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Laszlo Boszormenyi (GCS) \u003cgcs@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsqlite3.so.0.8.6", + "/usr/share/doc/libsqlite3-0/README.Debian", + "/usr/share/doc/libsqlite3-0/changelog.Debian.gz", + "/usr/share/doc/libsqlite3-0/changelog.gz", + "/usr/share/doc/libsqlite3-0/changelog.html.gz", + "/usr/share/doc/libsqlite3-0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libssl3t64@3.5.6-1~deb13u1", + "Name": "libssl3t64", + "Identifier": { + "PURL": "pkg:deb/debian/libssl3t64@3.5.6-1~deb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "19bca5c02c5a9632" + }, + "Version": "3.5.6", + "Release": "1~deb13u1", + "Arch": "amd64", + "SrcName": "openssl", + "SrcVersion": "3.5.6", + "SrcRelease": "1~deb13u1", + "Licenses": [ + "Apache-2.0", + "Artistic-2.0", + "GPL-1.0-or-later", + "GPL-1.0-only" + ], + "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libzstd1@1.5.7+dfsg-1", + "openssl-provider-legacy@3.5.6-1~deb13u1", + "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/engines-3/afalg.so", + "/usr/lib/x86_64-linux-gnu/engines-3/loader_attic.so", + "/usr/lib/x86_64-linux-gnu/engines-3/padlock.so", + "/usr/lib/x86_64-linux-gnu/libcrypto.so.3", + "/usr/lib/x86_64-linux-gnu/libssl.so.3", + "/usr/share/doc/libssl3t64/NEWS.Debian.gz", + "/usr/share/doc/libssl3t64/changelog.Debian.gz", + "/usr/share/doc/libssl3t64/changelog.gz", + "/usr/share/doc/libssl3t64/copyright", + "/usr/share/lintian/overrides/libssl3t64" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libstdc++6@14.2.0-19", + "Name": "libstdc++6", + "Identifier": { + "PURL": "pkg:deb/debian/libstdc%2B%2B6@14.2.0-19?arch=amd64\u0026distro=debian-13.5", + "UID": "1b384a6346513d7c" + }, + "Version": "14.2.0", + "Release": "19", + "Arch": "amd64", + "SrcName": "gcc-14", + "SrcVersion": "14.2.0", + "SrcRelease": "19", + "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "gcc-14-base@14.2.0-19", + "libc6@2.41-12+deb13u3", + "libgcc-s1@14.2.0-19" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.33", + "/usr/share/gcc/python/libstdcxx/__init__.py", + "/usr/share/gcc/python/libstdcxx/v6/__init__.py", + "/usr/share/gcc/python/libstdcxx/v6/printers.py", + "/usr/share/gcc/python/libstdcxx/v6/xmethods.py", + "/usr/share/gdb/auto-load/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.33-gdb.py" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsystemd0@257.13-1~deb13u1", + "Name": "libsystemd0", + "Identifier": { + "PURL": "pkg:deb/debian/libsystemd0@257.13-1~deb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "a2b4ba47389f858e" + }, + "Version": "257.13", + "Release": "1~deb13u1", + "Arch": "amd64", + "SrcName": "systemd", + "SrcVersion": "257.13", + "SrcRelease": "1~deb13u1", + "Licenses": [ + "LGPL-2.1-or-later", + "CC0-1.0", + "GPL-2 with Linux-syscall-note exception", + "MIT", + "public-domain", + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libcap2@1:2.75-10+deb13u1+b1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", + "/usr/share/doc/libsystemd0/NEWS.Debian.gz", + "/usr/share/doc/libsystemd0/changelog.Debian.gz", + "/usr/share/doc/libsystemd0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libtinfo6@6.5+20250216-2", + "Name": "libtinfo6", + "Identifier": { + "PURL": "pkg:deb/debian/libtinfo6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", + "UID": "ba2c2b464f07108a" + }, + "Version": "6.5+20250216", + "Release": "2", + "Arch": "amd64", + "SrcName": "ncurses", + "SrcVersion": "6.5+20250216", + "SrcRelease": "2", + "Licenses": [ + "MIT/X11", + "X11", + "BSD-3-Clause" + ], + "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libtic.so.6.5", + "/usr/lib/x86_64-linux-gnu/libtinfo.so.6.5", + "/usr/share/doc/libtinfo6/changelog.Debian.gz", + "/usr/share/doc/libtinfo6/changelog.gz", + "/usr/share/doc/libtinfo6/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libudev1@257.13-1~deb13u1", + "Name": "libudev1", + "Identifier": { + "PURL": "pkg:deb/debian/libudev1@257.13-1~deb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "3b7a2f1a9ab169b" + }, + "Version": "257.13", + "Release": "1~deb13u1", + "Arch": "amd64", + "SrcName": "systemd", + "SrcVersion": "257.13", + "SrcRelease": "1~deb13u1", + "Licenses": [ + "LGPL-2.1-or-later", + "CC0-1.0", + "GPL-2 with Linux-syscall-note exception", + "MIT", + "public-domain", + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libcap2@1:2.75-10+deb13u1+b1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libudev.so.1.7.10", + "/usr/share/doc/libudev1/NEWS.Debian.gz", + "/usr/share/doc/libudev1/changelog.Debian.gz", + "/usr/share/doc/libudev1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libuuid1@2.41-5", + "Name": "libuuid1", + "Identifier": { + "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "1afbb50818377478" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libuuid.so.1.3.0", + "/usr/share/doc/libuuid1/NEWS.Debian.gz", + "/usr/share/doc/libuuid1/changelog.Debian.gz", + "/usr/share/doc/libuuid1/changelog.gz", + "/usr/share/doc/libuuid1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libxxhash0@0.8.3-2", + "Name": "libxxhash0", + "Identifier": { + "PURL": "pkg:deb/debian/libxxhash0@0.8.3-2?arch=amd64\u0026distro=debian-13.5", + "UID": "d91110b5edcae2d8" + }, + "Version": "0.8.3", + "Release": "2", + "Arch": "amd64", + "SrcName": "xxhash", + "SrcVersion": "0.8.3", + "SrcRelease": "2", + "Licenses": [ + "BSD-2-Clause", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Josue Ortega \u003cjosue@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libxxhash.so.0.8.3", + "/usr/share/doc/libxxhash0/changelog.Debian.gz", + "/usr/share/doc/libxxhash0/changelog.gz", + "/usr/share/doc/libxxhash0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libzstd1@1.5.7+dfsg-1", + "Name": "libzstd1", + "Identifier": { + "PURL": "pkg:deb/debian/libzstd1@1.5.7%2Bdfsg-1?arch=amd64\u0026distro=debian-13.5", + "UID": "ca4814a2bfd07696" + }, + "Version": "1.5.7+dfsg", + "Release": "1", + "Arch": "amd64", + "SrcName": "libzstd", + "SrcVersion": "1.5.7+dfsg", + "SrcRelease": "1", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only", + "Zlib", + "MIT" + ], + "Maintainer": "RPM packaging team \u003cteam+pkg-rpm@tracker.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libzstd.so.1.5.7", + "/usr/share/doc/libzstd1/changelog.Debian.gz", + "/usr/share/doc/libzstd1/changelog.gz", + "/usr/share/doc/libzstd1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "login@1:4.16.0-2+really2.41-5", + "Name": "login", + "Identifier": { + "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "c0ab0b857644733b" + }, + "Version": "4.16.0-2+really2.41", + "Release": "5", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit1@1:4.0.2-2+b2", + "libc6@2.41-12+deb13u3", + "libcrypt1@1:4.4.38-1", + "libpam-modules@1.7.0-5", + "libpam-runtime@1.7.0-5", + "libpam0g@1.7.0-5" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/login", + "/usr/bin/newgrp", + "/usr/sbin/nologin", + "/usr/share/bash-completion/completions/newgrp", + "/usr/share/doc/login/NEWS.Debian.gz", + "/usr/share/doc/login/changelog.Debian.gz", + "/usr/share/doc/login/changelog.gz", + "/usr/share/doc/login/copyright", + "/usr/share/lintian/overrides/login", + "/usr/share/man/de/man1/login.1.gz", + "/usr/share/man/de/man8/nologin.8.gz", + "/usr/share/man/fr/man1/login.1.gz", + "/usr/share/man/man1/login.1.gz", + "/usr/share/man/man1/newgrp.1.gz", + "/usr/share/man/man8/nologin.8.gz", + "/usr/share/man/pl/man1/login.1.gz", + "/usr/share/man/pl/man1/newgrp.1.gz", + "/usr/share/man/pl/man8/nologin.8.gz", + "/usr/share/man/ro/man1/login.1.gz", + "/usr/share/man/ro/man1/newgrp.1.gz", + "/usr/share/man/ro/man8/nologin.8.gz", + "/usr/share/man/sr/man1/login.1.gz", + "/usr/share/man/sr/man8/nologin.8.gz", + "/usr/share/man/uk/man1/login.1.gz", + "/usr/share/man/uk/man1/newgrp.1.gz", + "/usr/share/man/uk/man8/nologin.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "login.defs@1:4.17.4-2", + "Name": "login.defs", + "Identifier": { + "PURL": "pkg:deb/debian/login.defs@4.17.4-2?arch=all\u0026distro=debian-13.5\u0026epoch=1", + "UID": "b6a337588c67d5a3" + }, + "Version": "4.17.4", + "Release": "2", + "Epoch": 1, + "Arch": "all", + "SrcName": "shadow", + "SrcVersion": "4.17.4", + "SrcRelease": "2", + "SrcEpoch": 1, + "Licenses": [ + "BSD-3-Clause", + "GPL-1.0-only", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/share/doc/login.defs/NEWS.Debian.gz", + "/usr/share/doc/login.defs/changelog.Debian.gz", + "/usr/share/doc/login.defs/changelog.gz", + "/usr/share/doc/login.defs/copyright", + "/usr/share/man/de/man5/login.defs.5.gz", + "/usr/share/man/fr/man5/login.defs.5.gz", + "/usr/share/man/it/man5/login.defs.5.gz", + "/usr/share/man/ja/man5/login.defs.5.gz", + "/usr/share/man/man5/login.defs.5.gz", + "/usr/share/man/ru/man5/login.defs.5.gz", + "/usr/share/man/uk/man5/login.defs.5.gz", + "/usr/share/man/zh_CN/man5/login.defs.5.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mawk@1.3.4.20250131-1", + "Name": "mawk", + "Identifier": { + "PURL": "pkg:deb/debian/mawk@1.3.4.20250131-1?arch=amd64\u0026distro=debian-13.5", + "UID": "a4460701c66e182d" + }, + "Version": "1.3.4.20250131", + "Release": "1", + "Arch": "amd64", + "SrcName": "mawk", + "SrcVersion": "1.3.4.20250131", + "SrcRelease": "1", + "Licenses": [ + "GPL-2.0-only", + "X11", + "CC-BY-3.0" + ], + "Maintainer": "Boyuan Yang \u003cbyang@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/mawk", + "/usr/share/doc/mawk/ACKNOWLEDGMENT", + "/usr/share/doc/mawk/README", + "/usr/share/doc/mawk/changelog.Debian.gz", + "/usr/share/doc/mawk/changelog.gz", + "/usr/share/doc/mawk/copyright", + "/usr/share/doc/mawk/examples/ct_length.awk", + "/usr/share/doc/mawk/examples/decl.awk", + "/usr/share/doc/mawk/examples/deps.awk", + "/usr/share/doc/mawk/examples/eatc.awk", + "/usr/share/doc/mawk/examples/gdecl.awk", + "/usr/share/doc/mawk/examples/hcal", + "/usr/share/doc/mawk/examples/hical", + "/usr/share/doc/mawk/examples/nocomment.awk", + "/usr/share/doc/mawk/examples/primes.awk", + "/usr/share/doc/mawk/examples/qsort.awk", + "/usr/share/man/man1/mawk.1.gz", + "/usr/share/man/man7/mawk-arrays.7.gz", + "/usr/share/man/man7/mawk-code.7.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mount@2.41-5", + "Name": "mount", + "Identifier": { + "PURL": "pkg:deb/debian/mount@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "55c835c674d0a0e5" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/mount", + "/usr/bin/umount", + "/usr/sbin/losetup", + "/usr/sbin/swapoff", + "/usr/sbin/swapon", + "/usr/share/bash-completion/completions/losetup", + "/usr/share/bash-completion/completions/mount", + "/usr/share/bash-completion/completions/swapoff", + "/usr/share/bash-completion/completions/swapon", + "/usr/share/bash-completion/completions/umount", + "/usr/share/doc/mount/NEWS.Debian.gz", + "/usr/share/doc/mount/changelog.Debian.gz", + "/usr/share/doc/mount/changelog.gz", + "/usr/share/doc/mount/copyright", + "/usr/share/doc/mount/examples/filesystems", + "/usr/share/doc/mount/examples/fstab", + "/usr/share/doc/mount/examples/mount.fstab", + "/usr/share/doc/mount/mount.txt", + "/usr/share/lintian/overrides/mount", + "/usr/share/man/man5/fstab.5.gz", + "/usr/share/man/man8/losetup.8.gz", + "/usr/share/man/man8/mount.8.gz", + "/usr/share/man/man8/swapon.8.gz", + "/usr/share/man/man8/umount.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "ncurses-base@6.5+20250216-2", + "Name": "ncurses-base", + "Identifier": { + "PURL": "pkg:deb/debian/ncurses-base@6.5%2B20250216-2?arch=all\u0026distro=debian-13.5", + "UID": "767a0231348a5cb5" + }, + "Version": "6.5+20250216", + "Release": "2", + "Arch": "all", + "SrcName": "ncurses", + "SrcVersion": "6.5+20250216", + "SrcRelease": "2", + "Licenses": [ + "MIT/X11", + "X11", + "BSD-3-Clause" + ], + "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/share/doc/ncurses-base/FAQ", + "/usr/share/doc/ncurses-base/TODO.Debian", + "/usr/share/doc/ncurses-base/changelog.Debian.gz", + "/usr/share/doc/ncurses-base/changelog.gz", + "/usr/share/doc/ncurses-base/copyright", + "/usr/share/lintian/overrides/ncurses-base", + "/usr/share/tabset/std", + "/usr/share/tabset/stdcrt", + "/usr/share/tabset/vt100", + "/usr/share/tabset/vt300", + "/usr/share/terminfo/E/Eterm", + "/usr/share/terminfo/a/ansi", + "/usr/share/terminfo/c/cons25", + "/usr/share/terminfo/c/cygwin", + "/usr/share/terminfo/d/dumb", + "/usr/share/terminfo/h/hurd", + "/usr/share/terminfo/l/linux", + "/usr/share/terminfo/m/mach", + "/usr/share/terminfo/m/mach-bold", + "/usr/share/terminfo/m/mach-color", + "/usr/share/terminfo/m/mach-gnu", + "/usr/share/terminfo/m/mach-gnu-color", + "/usr/share/terminfo/p/pcansi", + "/usr/share/terminfo/r/rxvt", + "/usr/share/terminfo/r/rxvt-basic", + "/usr/share/terminfo/r/rxvt-unicode", + "/usr/share/terminfo/r/rxvt-unicode-256color", + "/usr/share/terminfo/s/screen", + "/usr/share/terminfo/s/screen-256color", + "/usr/share/terminfo/s/screen-256color-bce", + "/usr/share/terminfo/s/screen-bce", + "/usr/share/terminfo/s/screen-s", + "/usr/share/terminfo/s/screen-w", + "/usr/share/terminfo/s/screen.xterm-256color", + "/usr/share/terminfo/s/sun", + "/usr/share/terminfo/t/tmux", + "/usr/share/terminfo/t/tmux-256color", + "/usr/share/terminfo/v/vt100", + "/usr/share/terminfo/v/vt102", + "/usr/share/terminfo/v/vt220", + "/usr/share/terminfo/v/vt52", + "/usr/share/terminfo/w/wsvt25", + "/usr/share/terminfo/w/wsvt25m", + "/usr/share/terminfo/x/xterm", + "/usr/share/terminfo/x/xterm-256color", + "/usr/share/terminfo/x/xterm-color", + "/usr/share/terminfo/x/xterm-mono", + "/usr/share/terminfo/x/xterm-r5", + "/usr/share/terminfo/x/xterm-r6", + "/usr/share/terminfo/x/xterm-vt220", + "/usr/share/terminfo/x/xterm-xfree86" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "ncurses-bin@6.5+20250216-2", + "Name": "ncurses-bin", + "Identifier": { + "PURL": "pkg:deb/debian/ncurses-bin@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", + "UID": "5b541563cf6587e5" + }, + "Version": "6.5+20250216", + "Release": "2", + "Arch": "amd64", + "SrcName": "ncurses", + "SrcVersion": "6.5+20250216", + "SrcRelease": "2", + "Licenses": [ + "MIT/X11", + "X11", + "BSD-3-Clause" + ], + "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/clear", + "/usr/bin/infocmp", + "/usr/bin/tabs", + "/usr/bin/tic", + "/usr/bin/toe", + "/usr/bin/tput", + "/usr/bin/tset", + "/usr/share/doc/ncurses-bin/changelog.Debian.gz", + "/usr/share/doc/ncurses-bin/changelog.gz", + "/usr/share/doc/ncurses-bin/copyright", + "/usr/share/man/man1/captoinfo.1.gz", + "/usr/share/man/man1/clear.1.gz", + "/usr/share/man/man1/infocmp.1.gz", + "/usr/share/man/man1/infotocap.1.gz", + "/usr/share/man/man1/tabs.1.gz", + "/usr/share/man/man1/tic.1.gz", + "/usr/share/man/man1/toe.1.gz", + "/usr/share/man/man1/tput.1.gz", + "/usr/share/man/man1/tset.1.gz", + "/usr/share/man/man5/scr_dump.5.gz", + "/usr/share/man/man5/term.5.gz", + "/usr/share/man/man5/terminfo.5.gz", + "/usr/share/man/man5/user_caps.5.gz", + "/usr/share/man/man7/term.7.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "netbase@6.5", + "Name": "netbase", + "Identifier": { + "PURL": "pkg:deb/debian/netbase@6.5?arch=all\u0026distro=debian-13.5", + "UID": "9929ff265179fc61" + }, + "Version": "6.5", + "Arch": "all", + "SrcName": "netbase", + "SrcVersion": "6.5", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:4a9dde5cdde190bfa0a3ab17863a083e66ea9636b157638c315357dfa476ba76", + "DiffID": "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54" + }, + "InstalledFiles": [ + "/usr/share/doc/netbase/changelog.gz", + "/usr/share/doc/netbase/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "openssl@3.5.6-1~deb13u1", + "Name": "openssl", + "Identifier": { + "PURL": "pkg:deb/debian/openssl@3.5.6-1~deb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "ee88be94d89898bf" + }, + "Version": "3.5.6", + "Release": "1~deb13u1", + "Arch": "amd64", + "SrcName": "openssl", + "SrcVersion": "3.5.6", + "SrcRelease": "1~deb13u1", + "Licenses": [ + "Apache-2.0", + "Artistic-2.0", + "GPL-1.0-or-later", + "GPL-1.0-only" + ], + "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libssl3t64@3.5.6-1~deb13u1" + ], + "Layer": { + "Digest": "sha256:4a9dde5cdde190bfa0a3ab17863a083e66ea9636b157638c315357dfa476ba76", + "DiffID": "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54" + }, + "InstalledFiles": [ + "/usr/bin/c_rehash", + "/usr/bin/openssl", + "/usr/lib/ssl/misc/CA.pl", + "/usr/lib/ssl/misc/tsget.pl", + "/usr/share/doc/openssl/HOWTO/certificates.txt.gz", + "/usr/share/doc/openssl/HOWTO/documenting-functions-and-macros.md.gz", + "/usr/share/doc/openssl/HOWTO/keys.txt.gz", + "/usr/share/doc/openssl/NEWS.md.gz", + "/usr/share/doc/openssl/README-ENGINES.md.gz", + "/usr/share/doc/openssl/README-PROVIDERS.md.gz", + "/usr/share/doc/openssl/README-QUIC.md.gz", + "/usr/share/doc/openssl/README.Debian", + "/usr/share/doc/openssl/README.md.gz", + "/usr/share/doc/openssl/changelog.Debian.gz", + "/usr/share/doc/openssl/changelog.gz", + "/usr/share/doc/openssl/copyright", + "/usr/share/doc/openssl/fingerprints.txt", + "/usr/share/lintian/overrides/openssl", + "/usr/share/man/man1/CA.pl.1ssl.gz", + "/usr/share/man/man1/openssl-asn1parse.1ssl.gz", + "/usr/share/man/man1/openssl-ca.1ssl.gz", + "/usr/share/man/man1/openssl-ciphers.1ssl.gz", + "/usr/share/man/man1/openssl-cmds.1ssl.gz", + "/usr/share/man/man1/openssl-cmp.1ssl.gz", + "/usr/share/man/man1/openssl-cms.1ssl.gz", + "/usr/share/man/man1/openssl-crl.1ssl.gz", + "/usr/share/man/man1/openssl-crl2pkcs7.1ssl.gz", + "/usr/share/man/man1/openssl-dgst.1ssl.gz", + "/usr/share/man/man1/openssl-dhparam.1ssl.gz", + "/usr/share/man/man1/openssl-dsa.1ssl.gz", + "/usr/share/man/man1/openssl-dsaparam.1ssl.gz", + "/usr/share/man/man1/openssl-ec.1ssl.gz", + "/usr/share/man/man1/openssl-ecparam.1ssl.gz", + "/usr/share/man/man1/openssl-enc.1ssl.gz", + "/usr/share/man/man1/openssl-engine.1ssl.gz", + "/usr/share/man/man1/openssl-errstr.1ssl.gz", + "/usr/share/man/man1/openssl-fipsinstall.1ssl.gz", + "/usr/share/man/man1/openssl-format-options.1ssl.gz", + "/usr/share/man/man1/openssl-gendsa.1ssl.gz", + "/usr/share/man/man1/openssl-genpkey.1ssl.gz", + "/usr/share/man/man1/openssl-genrsa.1ssl.gz", + "/usr/share/man/man1/openssl-info.1ssl.gz", + "/usr/share/man/man1/openssl-kdf.1ssl.gz", + "/usr/share/man/man1/openssl-list.1ssl.gz", + "/usr/share/man/man1/openssl-mac.1ssl.gz", + "/usr/share/man/man1/openssl-namedisplay-options.1ssl.gz", + "/usr/share/man/man1/openssl-nseq.1ssl.gz", + "/usr/share/man/man1/openssl-ocsp.1ssl.gz", + "/usr/share/man/man1/openssl-passphrase-options.1ssl.gz", + "/usr/share/man/man1/openssl-passwd.1ssl.gz", + "/usr/share/man/man1/openssl-pkcs12.1ssl.gz", + "/usr/share/man/man1/openssl-pkcs7.1ssl.gz", + "/usr/share/man/man1/openssl-pkcs8.1ssl.gz", + "/usr/share/man/man1/openssl-pkey.1ssl.gz", + "/usr/share/man/man1/openssl-pkeyparam.1ssl.gz", + "/usr/share/man/man1/openssl-pkeyutl.1ssl.gz", + "/usr/share/man/man1/openssl-prime.1ssl.gz", + "/usr/share/man/man1/openssl-rand.1ssl.gz", + "/usr/share/man/man1/openssl-rehash.1ssl.gz", + "/usr/share/man/man1/openssl-req.1ssl.gz", + "/usr/share/man/man1/openssl-rsa.1ssl.gz", + "/usr/share/man/man1/openssl-rsautl.1ssl.gz", + "/usr/share/man/man1/openssl-s_client.1ssl.gz", + "/usr/share/man/man1/openssl-s_server.1ssl.gz", + "/usr/share/man/man1/openssl-s_time.1ssl.gz", + "/usr/share/man/man1/openssl-sess_id.1ssl.gz", + "/usr/share/man/man1/openssl-skeyutl.1ssl.gz", + "/usr/share/man/man1/openssl-smime.1ssl.gz", + "/usr/share/man/man1/openssl-speed.1ssl.gz", + "/usr/share/man/man1/openssl-spkac.1ssl.gz", + "/usr/share/man/man1/openssl-srp.1ssl.gz", + "/usr/share/man/man1/openssl-storeutl.1ssl.gz", + "/usr/share/man/man1/openssl-ts.1ssl.gz", + "/usr/share/man/man1/openssl-verification-options.1ssl.gz", + "/usr/share/man/man1/openssl-verify.1ssl.gz", + "/usr/share/man/man1/openssl-version.1ssl.gz", + "/usr/share/man/man1/openssl-x509.1ssl.gz", + "/usr/share/man/man1/openssl.1ssl.gz", + "/usr/share/man/man1/tsget.1ssl.gz", + "/usr/share/man/man5/config.5ssl.gz", + "/usr/share/man/man5/fips_config.5ssl.gz", + "/usr/share/man/man5/x509v3_config.5ssl.gz", + "/usr/share/man/man7/EVP_ASYM_CIPHER-RSA.7ssl.gz", + "/usr/share/man/man7/EVP_ASYM_CIPHER-SM2.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-AES.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-ARIA.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-BLOWFISH.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-CAMELLIA.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-CAST.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-CHACHA.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-DES.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-IDEA.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-NULL.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-RC2.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-RC4.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-RC5.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-SEED.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-SM4.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-ARGON2.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-HKDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-HMAC-DRBG.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-KB.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-KRB5KDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-PBKDF1.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-PBKDF2.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-PKCS12KDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-PVKKDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-SCRYPT.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-SS.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-SSHKDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-TLS13_KDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-TLS1_PRF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-X942-ASN1.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-X942-CONCAT.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-X963.7ssl.gz", + "/usr/share/man/man7/EVP_KEM-EC.7ssl.gz", + "/usr/share/man/man7/EVP_KEM-ML-KEM.7ssl.gz", + "/usr/share/man/man7/EVP_KEM-RSA.7ssl.gz", + "/usr/share/man/man7/EVP_KEM-X25519.7ssl.gz", + "/usr/share/man/man7/EVP_KEYEXCH-DH.7ssl.gz", + "/usr/share/man/man7/EVP_KEYEXCH-ECDH.7ssl.gz", + "/usr/share/man/man7/EVP_KEYEXCH-X25519.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-BLAKE2.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-CMAC.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-GMAC.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-HMAC.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-KMAC.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-Poly1305.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-Siphash.7ssl.gz", + "/usr/share/man/man7/EVP_MD-BLAKE2.7ssl.gz", + "/usr/share/man/man7/EVP_MD-KECCAK.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MD2.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MD4.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MD5-SHA1.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MD5.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MDC2.7ssl.gz", + "/usr/share/man/man7/EVP_MD-NULL.7ssl.gz", + "/usr/share/man/man7/EVP_MD-RIPEMD160.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SHA1.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SHA2.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SHA3.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SHAKE.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SM3.7ssl.gz", + "/usr/share/man/man7/EVP_MD-WHIRLPOOL.7ssl.gz", + "/usr/share/man/man7/EVP_MD-common.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-DH.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-DSA.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-EC.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-FFC.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-HMAC.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-ML-DSA.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-ML-KEM.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-RSA.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-SLH-DSA.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-SM2.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-X25519.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-CRNG-TEST.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-CTR-DRBG.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-HASH-DRBG.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-HMAC-DRBG.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-JITTER.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-SEED-SRC.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-TEST-RAND.7ssl.gz", + "/usr/share/man/man7/EVP_RAND.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-DSA.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-ECDSA.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-ED25519.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-HMAC.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-ML-DSA.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-RSA.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-SLH-DSA.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-FIPS.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-base.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-default.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-legacy.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-null.7ssl.gz", + "/usr/share/man/man7/OSSL_STORE-winstore.7ssl.gz", + "/usr/share/man/man7/RAND.7ssl.gz", + "/usr/share/man/man7/RSA-PSS.7ssl.gz", + "/usr/share/man/man7/X25519.7ssl.gz", + "/usr/share/man/man7/bio.7ssl.gz", + "/usr/share/man/man7/ct.7ssl.gz", + "/usr/share/man/man7/des_modes.7ssl.gz", + "/usr/share/man/man7/evp.7ssl.gz", + "/usr/share/man/man7/fips_module.7ssl.gz", + "/usr/share/man/man7/life_cycle-cipher.7ssl.gz", + "/usr/share/man/man7/life_cycle-digest.7ssl.gz", + "/usr/share/man/man7/life_cycle-kdf.7ssl.gz", + "/usr/share/man/man7/life_cycle-mac.7ssl.gz", + "/usr/share/man/man7/life_cycle-pkey.7ssl.gz", + "/usr/share/man/man7/life_cycle-rand.7ssl.gz", + "/usr/share/man/man7/openssl-core.h.7ssl.gz", + "/usr/share/man/man7/openssl-core_dispatch.h.7ssl.gz", + "/usr/share/man/man7/openssl-core_names.h.7ssl.gz", + "/usr/share/man/man7/openssl-env.7ssl.gz", + "/usr/share/man/man7/openssl-glossary.7ssl.gz", + "/usr/share/man/man7/openssl-qlog.7ssl.gz", + "/usr/share/man/man7/openssl-quic-concurrency.7ssl.gz", + "/usr/share/man/man7/openssl-quic.7ssl.gz", + "/usr/share/man/man7/openssl-threads.7ssl.gz", + "/usr/share/man/man7/openssl_user_macros.7ssl.gz", + "/usr/share/man/man7/ossl-guide-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-libcrypto-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-libraries-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-libssl-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-migration.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-client-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-client-non-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-multi-stream.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-server-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-server-non-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-tls-client-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-tls-client-non-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-tls-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-tls-server-block.7ssl.gz", + "/usr/share/man/man7/ossl_store-file.7ssl.gz", + "/usr/share/man/man7/ossl_store.7ssl.gz", + "/usr/share/man/man7/passphrase-encoding.7ssl.gz", + "/usr/share/man/man7/property.7ssl.gz", + "/usr/share/man/man7/provider-asym_cipher.7ssl.gz", + "/usr/share/man/man7/provider-base.7ssl.gz", + "/usr/share/man/man7/provider-cipher.7ssl.gz", + "/usr/share/man/man7/provider-decoder.7ssl.gz", + "/usr/share/man/man7/provider-digest.7ssl.gz", + "/usr/share/man/man7/provider-encoder.7ssl.gz", + "/usr/share/man/man7/provider-kdf.7ssl.gz", + "/usr/share/man/man7/provider-kem.7ssl.gz", + "/usr/share/man/man7/provider-keyexch.7ssl.gz", + "/usr/share/man/man7/provider-keymgmt.7ssl.gz", + "/usr/share/man/man7/provider-mac.7ssl.gz", + "/usr/share/man/man7/provider-object.7ssl.gz", + "/usr/share/man/man7/provider-rand.7ssl.gz", + "/usr/share/man/man7/provider-signature.7ssl.gz", + "/usr/share/man/man7/provider-skeymgmt.7ssl.gz", + "/usr/share/man/man7/provider-storemgmt.7ssl.gz", + "/usr/share/man/man7/provider.7ssl.gz", + "/usr/share/man/man7/proxy-certificates.7ssl.gz", + "/usr/share/man/man7/x509.7ssl.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "openssl-provider-legacy@3.5.6-1~deb13u1", + "Name": "openssl-provider-legacy", + "Identifier": { + "PURL": "pkg:deb/debian/openssl-provider-legacy@3.5.6-1~deb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "c38741326d0e034f" + }, + "Version": "3.5.6", + "Release": "1~deb13u1", + "Arch": "amd64", + "SrcName": "openssl", + "SrcVersion": "3.5.6", + "SrcRelease": "1~deb13u1", + "Licenses": [ + "Apache-2.0", + "Artistic-2.0", + "GPL-1.0-or-later", + "GPL-1.0-only" + ], + "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libssl3t64@3.5.6-1~deb13u1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/ossl-modules/legacy.so", + "/usr/share/doc/openssl-provider-legacy/changelog.Debian.gz", + "/usr/share/doc/openssl-provider-legacy/changelog.gz", + "/usr/share/doc/openssl-provider-legacy/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "passwd@1:4.17.4-2", + "Name": "passwd", + "Identifier": { + "PURL": "pkg:deb/debian/passwd@4.17.4-2?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "d93f813ae3092e32" + }, + "Version": "4.17.4", + "Release": "2", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "shadow", + "SrcVersion": "4.17.4", + "SrcRelease": "2", + "SrcEpoch": 1, + "Licenses": [ + "BSD-3-Clause", + "GPL-1.0-only", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "base-passwd@3.6.7", + "libacl1@2.3.2-2+b1", + "libattr1@1:2.5.2-3", + "libaudit1@1:4.0.2-2+b2", + "libbsd0@0.12.2-2", + "libc6@2.41-12+deb13u3", + "libcrypt1@1:4.4.38-1", + "libpam-modules@1.7.0-5", + "libpam0g@1.7.0-5", + "libselinux1@3.8.1-1", + "libsemanage2@3.8.1-1", + "login.defs@1:4.17.4-2" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/chage", + "/usr/bin/chfn", + "/usr/bin/chsh", + "/usr/bin/expiry", + "/usr/bin/gpasswd", + "/usr/bin/passwd", + "/usr/lib/tmpfiles.d/passwd.conf", + "/usr/sbin/chgpasswd", + "/usr/sbin/chpasswd", + "/usr/sbin/groupadd", + "/usr/sbin/groupdel", + "/usr/sbin/groupmod", + "/usr/sbin/grpck", + "/usr/sbin/grpconv", + "/usr/sbin/grpunconv", + "/usr/sbin/newusers", + "/usr/sbin/pwck", + "/usr/sbin/pwconv", + "/usr/sbin/pwunconv", + "/usr/sbin/shadowconfig", + "/usr/sbin/useradd", + "/usr/sbin/userdel", + "/usr/sbin/usermod", + "/usr/sbin/vipw", + "/usr/share/doc/passwd/NEWS.Debian.gz", + "/usr/share/doc/passwd/README.Debian", + "/usr/share/doc/passwd/TODO.Debian", + "/usr/share/doc/passwd/changelog.Debian.gz", + "/usr/share/doc/passwd/changelog.gz", + "/usr/share/doc/passwd/copyright", + "/usr/share/doc/passwd/examples/passwd.expire.cron", + "/usr/share/lintian/overrides/passwd", + "/usr/share/locale/bs/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ca/LC_MESSAGES/shadow.mo", + "/usr/share/locale/cs/LC_MESSAGES/shadow.mo", + "/usr/share/locale/da/LC_MESSAGES/shadow.mo", + "/usr/share/locale/de/LC_MESSAGES/shadow.mo", + "/usr/share/locale/dz/LC_MESSAGES/shadow.mo", + "/usr/share/locale/el/LC_MESSAGES/shadow.mo", + "/usr/share/locale/es/LC_MESSAGES/shadow.mo", + "/usr/share/locale/eu/LC_MESSAGES/shadow.mo", + "/usr/share/locale/fi/LC_MESSAGES/shadow.mo", + "/usr/share/locale/fr/LC_MESSAGES/shadow.mo", + "/usr/share/locale/gl/LC_MESSAGES/shadow.mo", + "/usr/share/locale/he/LC_MESSAGES/shadow.mo", + "/usr/share/locale/hu/LC_MESSAGES/shadow.mo", + "/usr/share/locale/id/LC_MESSAGES/shadow.mo", + "/usr/share/locale/it/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ja/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ka/LC_MESSAGES/shadow.mo", + "/usr/share/locale/kk/LC_MESSAGES/shadow.mo", + "/usr/share/locale/km/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ko/LC_MESSAGES/shadow.mo", + "/usr/share/locale/nb/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ne/LC_MESSAGES/shadow.mo", + "/usr/share/locale/nl/LC_MESSAGES/shadow.mo", + "/usr/share/locale/nn/LC_MESSAGES/shadow.mo", + "/usr/share/locale/pl/LC_MESSAGES/shadow.mo", + "/usr/share/locale/pt/LC_MESSAGES/shadow.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ro/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ru/LC_MESSAGES/shadow.mo", + "/usr/share/locale/sk/LC_MESSAGES/shadow.mo", + "/usr/share/locale/sq/LC_MESSAGES/shadow.mo", + "/usr/share/locale/sv/LC_MESSAGES/shadow.mo", + "/usr/share/locale/tl/LC_MESSAGES/shadow.mo", + "/usr/share/locale/tr/LC_MESSAGES/shadow.mo", + "/usr/share/locale/uk/LC_MESSAGES/shadow.mo", + "/usr/share/locale/vi/LC_MESSAGES/shadow.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/shadow.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/shadow.mo", + "/usr/share/man/cs/man1/expiry.1.gz", + "/usr/share/man/cs/man1/gpasswd.1.gz", + "/usr/share/man/cs/man5/gshadow.5.gz", + "/usr/share/man/cs/man5/passwd.5.gz", + "/usr/share/man/cs/man5/shadow.5.gz", + "/usr/share/man/cs/man8/groupadd.8.gz", + "/usr/share/man/cs/man8/groupdel.8.gz", + "/usr/share/man/cs/man8/groupmod.8.gz", + "/usr/share/man/cs/man8/grpck.8.gz", + "/usr/share/man/cs/man8/vipw.8.gz", + "/usr/share/man/da/man1/chfn.1.gz", + "/usr/share/man/da/man5/gshadow.5.gz", + "/usr/share/man/da/man8/groupdel.8.gz", + "/usr/share/man/da/man8/vipw.8.gz", + "/usr/share/man/de/man1/chage.1.gz", + "/usr/share/man/de/man1/chfn.1.gz", + "/usr/share/man/de/man1/chsh.1.gz", + "/usr/share/man/de/man1/expiry.1.gz", + "/usr/share/man/de/man1/gpasswd.1.gz", + "/usr/share/man/de/man1/passwd.1.gz", + "/usr/share/man/de/man5/gshadow.5.gz", + "/usr/share/man/de/man5/passwd.5.gz", + "/usr/share/man/de/man5/shadow.5.gz", + "/usr/share/man/de/man8/chgpasswd.8.gz", + "/usr/share/man/de/man8/chpasswd.8.gz", + "/usr/share/man/de/man8/groupadd.8.gz", + "/usr/share/man/de/man8/groupdel.8.gz", + "/usr/share/man/de/man8/groupmod.8.gz", + "/usr/share/man/de/man8/grpck.8.gz", + "/usr/share/man/de/man8/newusers.8.gz", + "/usr/share/man/de/man8/pwck.8.gz", + "/usr/share/man/de/man8/pwconv.8.gz", + "/usr/share/man/de/man8/useradd.8.gz", + "/usr/share/man/de/man8/userdel.8.gz", + "/usr/share/man/de/man8/usermod.8.gz", + "/usr/share/man/de/man8/vipw.8.gz", + "/usr/share/man/fi/man1/chfn.1.gz", + "/usr/share/man/fi/man1/chsh.1.gz", + "/usr/share/man/fr/man1/chage.1.gz", + "/usr/share/man/fr/man1/chfn.1.gz", + "/usr/share/man/fr/man1/chsh.1.gz", + "/usr/share/man/fr/man1/expiry.1.gz", + "/usr/share/man/fr/man1/gpasswd.1.gz", + "/usr/share/man/fr/man1/passwd.1.gz", + "/usr/share/man/fr/man5/gshadow.5.gz", + "/usr/share/man/fr/man5/passwd.5.gz", + "/usr/share/man/fr/man5/shadow.5.gz", + "/usr/share/man/fr/man5/subgid.5.gz", + "/usr/share/man/fr/man5/subuid.5.gz", + "/usr/share/man/fr/man8/chgpasswd.8.gz", + "/usr/share/man/fr/man8/chpasswd.8.gz", + "/usr/share/man/fr/man8/groupadd.8.gz", + "/usr/share/man/fr/man8/groupdel.8.gz", + "/usr/share/man/fr/man8/groupmod.8.gz", + "/usr/share/man/fr/man8/grpck.8.gz", + "/usr/share/man/fr/man8/newusers.8.gz", + "/usr/share/man/fr/man8/pwck.8.gz", + "/usr/share/man/fr/man8/pwconv.8.gz", + "/usr/share/man/fr/man8/useradd.8.gz", + "/usr/share/man/fr/man8/userdel.8.gz", + "/usr/share/man/fr/man8/usermod.8.gz", + "/usr/share/man/fr/man8/vipw.8.gz", + "/usr/share/man/hu/man1/chsh.1.gz", + "/usr/share/man/hu/man1/gpasswd.1.gz", + "/usr/share/man/hu/man1/passwd.1.gz", + "/usr/share/man/hu/man5/passwd.5.gz", + "/usr/share/man/id/man1/chsh.1.gz", + "/usr/share/man/id/man8/useradd.8.gz", + "/usr/share/man/it/man1/chage.1.gz", + "/usr/share/man/it/man1/chfn.1.gz", + "/usr/share/man/it/man1/chsh.1.gz", + "/usr/share/man/it/man1/expiry.1.gz", + "/usr/share/man/it/man1/gpasswd.1.gz", + "/usr/share/man/it/man1/passwd.1.gz", + "/usr/share/man/it/man5/gshadow.5.gz", + "/usr/share/man/it/man5/passwd.5.gz", + "/usr/share/man/it/man5/shadow.5.gz", + "/usr/share/man/it/man8/chgpasswd.8.gz", + "/usr/share/man/it/man8/chpasswd.8.gz", + "/usr/share/man/it/man8/groupadd.8.gz", + "/usr/share/man/it/man8/groupdel.8.gz", + "/usr/share/man/it/man8/groupmod.8.gz", + "/usr/share/man/it/man8/grpck.8.gz", + "/usr/share/man/it/man8/newusers.8.gz", + "/usr/share/man/it/man8/pwck.8.gz", + "/usr/share/man/it/man8/pwconv.8.gz", + "/usr/share/man/it/man8/useradd.8.gz", + "/usr/share/man/it/man8/userdel.8.gz", + "/usr/share/man/it/man8/usermod.8.gz", + "/usr/share/man/it/man8/vipw.8.gz", + "/usr/share/man/ja/man1/chage.1.gz", + "/usr/share/man/ja/man1/chfn.1.gz", + "/usr/share/man/ja/man1/chsh.1.gz", + "/usr/share/man/ja/man1/expiry.1.gz", + "/usr/share/man/ja/man1/gpasswd.1.gz", + "/usr/share/man/ja/man1/passwd.1.gz", + "/usr/share/man/ja/man5/passwd.5.gz", + "/usr/share/man/ja/man5/shadow.5.gz", + "/usr/share/man/ja/man8/chpasswd.8.gz", + "/usr/share/man/ja/man8/groupadd.8.gz", + "/usr/share/man/ja/man8/groupdel.8.gz", + "/usr/share/man/ja/man8/groupmod.8.gz", + "/usr/share/man/ja/man8/grpck.8.gz", + "/usr/share/man/ja/man8/newusers.8.gz", + "/usr/share/man/ja/man8/pwck.8.gz", + "/usr/share/man/ja/man8/pwconv.8.gz", + "/usr/share/man/ja/man8/useradd.8.gz", + "/usr/share/man/ja/man8/userdel.8.gz", + "/usr/share/man/ja/man8/usermod.8.gz", + "/usr/share/man/ja/man8/vipw.8.gz", + "/usr/share/man/ko/man1/chfn.1.gz", + "/usr/share/man/ko/man1/chsh.1.gz", + "/usr/share/man/ko/man5/passwd.5.gz", + "/usr/share/man/ko/man8/vipw.8.gz", + "/usr/share/man/man1/chage.1.gz", + "/usr/share/man/man1/chfn.1.gz", + "/usr/share/man/man1/chsh.1.gz", + "/usr/share/man/man1/expiry.1.gz", + "/usr/share/man/man1/gpasswd.1.gz", + "/usr/share/man/man1/passwd.1.gz", + "/usr/share/man/man5/gshadow.5.gz", + "/usr/share/man/man5/passwd.5.gz", + "/usr/share/man/man5/shadow.5.gz", + "/usr/share/man/man5/subgid.5.gz", + "/usr/share/man/man5/subuid.5.gz", + "/usr/share/man/man8/chgpasswd.8.gz", + "/usr/share/man/man8/chpasswd.8.gz", + "/usr/share/man/man8/groupadd.8.gz", + "/usr/share/man/man8/groupdel.8.gz", + "/usr/share/man/man8/groupmod.8.gz", + "/usr/share/man/man8/grpck.8.gz", + "/usr/share/man/man8/newusers.8.gz", + "/usr/share/man/man8/pwck.8.gz", + "/usr/share/man/man8/pwconv.8.gz", + "/usr/share/man/man8/shadowconfig.8.gz", + "/usr/share/man/man8/useradd.8.gz", + "/usr/share/man/man8/userdel.8.gz", + "/usr/share/man/man8/usermod.8.gz", + "/usr/share/man/man8/vipw.8.gz", + "/usr/share/man/pl/man1/chage.1.gz", + "/usr/share/man/pl/man1/chsh.1.gz", + "/usr/share/man/pl/man1/expiry.1.gz", + "/usr/share/man/pl/man8/groupadd.8.gz", + "/usr/share/man/pl/man8/groupdel.8.gz", + "/usr/share/man/pl/man8/groupmod.8.gz", + "/usr/share/man/pl/man8/grpck.8.gz", + "/usr/share/man/pl/man8/userdel.8.gz", + "/usr/share/man/pl/man8/usermod.8.gz", + "/usr/share/man/pl/man8/vipw.8.gz", + "/usr/share/man/pt_BR/man1/gpasswd.1.gz", + "/usr/share/man/pt_BR/man5/passwd.5.gz", + "/usr/share/man/pt_BR/man5/shadow.5.gz", + "/usr/share/man/pt_BR/man8/groupadd.8.gz", + "/usr/share/man/pt_BR/man8/groupdel.8.gz", + "/usr/share/man/pt_BR/man8/groupmod.8.gz", + "/usr/share/man/ru/man1/chage.1.gz", + "/usr/share/man/ru/man1/chfn.1.gz", + "/usr/share/man/ru/man1/chsh.1.gz", + "/usr/share/man/ru/man1/expiry.1.gz", + "/usr/share/man/ru/man1/gpasswd.1.gz", + "/usr/share/man/ru/man1/passwd.1.gz", + "/usr/share/man/ru/man5/gshadow.5.gz", + "/usr/share/man/ru/man5/passwd.5.gz", + "/usr/share/man/ru/man5/shadow.5.gz", + "/usr/share/man/ru/man8/chgpasswd.8.gz", + "/usr/share/man/ru/man8/chpasswd.8.gz", + "/usr/share/man/ru/man8/groupadd.8.gz", + "/usr/share/man/ru/man8/groupdel.8.gz", + "/usr/share/man/ru/man8/groupmod.8.gz", + "/usr/share/man/ru/man8/grpck.8.gz", + "/usr/share/man/ru/man8/newusers.8.gz", + "/usr/share/man/ru/man8/pwck.8.gz", + "/usr/share/man/ru/man8/pwconv.8.gz", + "/usr/share/man/ru/man8/useradd.8.gz", + "/usr/share/man/ru/man8/userdel.8.gz", + "/usr/share/man/ru/man8/usermod.8.gz", + "/usr/share/man/ru/man8/vipw.8.gz", + "/usr/share/man/sv/man1/chage.1.gz", + "/usr/share/man/sv/man1/chsh.1.gz", + "/usr/share/man/sv/man1/expiry.1.gz", + "/usr/share/man/sv/man1/passwd.1.gz", + "/usr/share/man/sv/man5/gshadow.5.gz", + "/usr/share/man/sv/man5/passwd.5.gz", + "/usr/share/man/sv/man8/groupadd.8.gz", + "/usr/share/man/sv/man8/groupdel.8.gz", + "/usr/share/man/sv/man8/groupmod.8.gz", + "/usr/share/man/sv/man8/grpck.8.gz", + "/usr/share/man/sv/man8/pwck.8.gz", + "/usr/share/man/sv/man8/userdel.8.gz", + "/usr/share/man/sv/man8/vipw.8.gz", + "/usr/share/man/tr/man1/chage.1.gz", + "/usr/share/man/tr/man1/chfn.1.gz", + "/usr/share/man/tr/man1/passwd.1.gz", + "/usr/share/man/tr/man5/passwd.5.gz", + "/usr/share/man/tr/man5/shadow.5.gz", + "/usr/share/man/tr/man8/groupadd.8.gz", + "/usr/share/man/tr/man8/groupdel.8.gz", + "/usr/share/man/tr/man8/groupmod.8.gz", + "/usr/share/man/tr/man8/useradd.8.gz", + "/usr/share/man/tr/man8/userdel.8.gz", + "/usr/share/man/tr/man8/usermod.8.gz", + "/usr/share/man/uk/man1/chage.1.gz", + "/usr/share/man/uk/man1/chfn.1.gz", + "/usr/share/man/uk/man1/chsh.1.gz", + "/usr/share/man/uk/man1/expiry.1.gz", + "/usr/share/man/uk/man1/gpasswd.1.gz", + "/usr/share/man/uk/man1/passwd.1.gz", + "/usr/share/man/uk/man5/gshadow.5.gz", + "/usr/share/man/uk/man5/passwd.5.gz", + "/usr/share/man/uk/man5/shadow.5.gz", + "/usr/share/man/uk/man8/chgpasswd.8.gz", + "/usr/share/man/uk/man8/chpasswd.8.gz", + "/usr/share/man/uk/man8/groupadd.8.gz", + "/usr/share/man/uk/man8/groupdel.8.gz", + "/usr/share/man/uk/man8/groupmod.8.gz", + "/usr/share/man/uk/man8/grpck.8.gz", + "/usr/share/man/uk/man8/newusers.8.gz", + "/usr/share/man/uk/man8/pwck.8.gz", + "/usr/share/man/uk/man8/pwconv.8.gz", + "/usr/share/man/uk/man8/useradd.8.gz", + "/usr/share/man/uk/man8/userdel.8.gz", + "/usr/share/man/uk/man8/usermod.8.gz", + "/usr/share/man/uk/man8/vipw.8.gz", + "/usr/share/man/zh_CN/man1/chage.1.gz", + "/usr/share/man/zh_CN/man1/chfn.1.gz", + "/usr/share/man/zh_CN/man1/chsh.1.gz", + "/usr/share/man/zh_CN/man1/expiry.1.gz", + "/usr/share/man/zh_CN/man1/gpasswd.1.gz", + "/usr/share/man/zh_CN/man1/passwd.1.gz", + "/usr/share/man/zh_CN/man5/gshadow.5.gz", + "/usr/share/man/zh_CN/man5/passwd.5.gz", + "/usr/share/man/zh_CN/man5/shadow.5.gz", + "/usr/share/man/zh_CN/man8/chgpasswd.8.gz", + "/usr/share/man/zh_CN/man8/chpasswd.8.gz", + "/usr/share/man/zh_CN/man8/groupadd.8.gz", + "/usr/share/man/zh_CN/man8/groupdel.8.gz", + "/usr/share/man/zh_CN/man8/groupmod.8.gz", + "/usr/share/man/zh_CN/man8/grpck.8.gz", + "/usr/share/man/zh_CN/man8/newusers.8.gz", + "/usr/share/man/zh_CN/man8/pwck.8.gz", + "/usr/share/man/zh_CN/man8/pwconv.8.gz", + "/usr/share/man/zh_CN/man8/useradd.8.gz", + "/usr/share/man/zh_CN/man8/userdel.8.gz", + "/usr/share/man/zh_CN/man8/usermod.8.gz", + "/usr/share/man/zh_CN/man8/vipw.8.gz", + "/usr/share/man/zh_TW/man1/chfn.1.gz", + "/usr/share/man/zh_TW/man1/chsh.1.gz", + "/usr/share/man/zh_TW/man5/passwd.5.gz", + "/usr/share/man/zh_TW/man8/chpasswd.8.gz", + "/usr/share/man/zh_TW/man8/groupadd.8.gz", + "/usr/share/man/zh_TW/man8/groupdel.8.gz", + "/usr/share/man/zh_TW/man8/groupmod.8.gz", + "/usr/share/man/zh_TW/man8/useradd.8.gz", + "/usr/share/man/zh_TW/man8/userdel.8.gz", + "/usr/share/man/zh_TW/man8/usermod.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "perl-base@5.40.1-6", + "Name": "perl-base", + "Identifier": { + "PURL": "pkg:deb/debian/perl-base@5.40.1-6?arch=amd64\u0026distro=debian-13.5", + "UID": "546ba1bdcd66d61" + }, + "Version": "5.40.1", + "Release": "6", + "Arch": "amd64", + "SrcName": "perl", + "SrcVersion": "5.40.1", + "SrcRelease": "6", + "Licenses": [ + "GPL-1.0-or-later", + "Artistic-2.0", + "MIT", + "REGCOMP", + "GPL-2.0-with-bison-exception+", + "Unicode", + "BZIP", + "Zlib", + "GPL-2.0-or-later", + "FSFAP", + "BSD-3-clause-with-weird-numbering", + "CC0-1.0", + "TEXT-TABS", + "BSD-4-clause-POWERDOG", + "BSD-3-clause-GENERIC", + "BSD-3-Clause", + "SDBM-PUBLIC-DOMAIN", + "DONT-CHANGE-THE-GPL", + "Artistic-dist", + "LGPL-2.1-only", + "GPL-1.0-only", + "GPL-2.0-only", + "Artistic-2" + ], + "Maintainer": "Niko Tyni \u003cntyni@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/perl", + "/usr/bin/perl5.40.1", + "/usr/lib/x86_64-linux-gnu/perl-base/AutoLoader.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Carp.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Carp/Heavy.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Config.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Config_git.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/Config_heavy.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/Cwd.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/DynaLoader.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Errno.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Exporter.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Exporter/Heavy.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Fcntl.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Basename.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Glob.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Path.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec/Unix.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Temp.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/FileHandle.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Getopt/Long.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Getopt/Long/Parser.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Hash/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/File.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Handle.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Pipe.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Seekable.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Select.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/INET.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/IP.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/UNIX.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open2.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/List/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/POSIX.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Scalar/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/SelectSaver.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Socket.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Symbol.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Text/ParseWords.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Text/Tabs.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Text/Wrap.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Tie/Hash.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/XSLoader.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/attributes.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/Cwd/Cwd.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/Fcntl/Fcntl.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/File/Glob/Glob.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/Hash/Util/Util.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/IO/IO.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/List/Util/Util.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/POSIX/POSIX.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/Socket/Socket.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/attributes/attributes.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/re/re.so", + "/usr/lib/x86_64-linux-gnu/perl-base/base.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/builtin.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/bytes.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/constant.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/feature.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/fields.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/integer.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/lib.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/locale.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/overload.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/overloading.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/parent.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/re.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/strict.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Age.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bmg.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Cf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Ea.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/EqUIdeo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/GCB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Gc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Hst.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Identif2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Identifi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InPC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InSC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Isc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jg.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFCQC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFDQC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCCF.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCQC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKDQC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Na1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NameAlia.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nv.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/PerlDeci.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/SB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Sc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Scx.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Tc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Uc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Vo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/WB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlLB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlSCX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/NA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V100.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V11.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V110.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V120.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V130.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V140.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V150.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V20.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V30.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V31.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V32.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V40.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V41.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V50.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V51.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V52.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V60.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V61.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V70.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V80.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V90.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Alpha/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/B.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/BN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/CS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/EN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ES.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ET.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/L.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/NSM.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ON.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/R.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/WS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiM/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Blk/NB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/C.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/O.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CE/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CI/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCF/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCM/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWKCF/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWL/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWT/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWU/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Cased/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/A.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/ATAR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/B.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/BR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/DB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NK.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/OV.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/VR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CompEx/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/DI/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dash/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dep/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dia/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Com.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Enc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Fin.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Font.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Init.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Iso.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Med.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nar.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/NonCanon.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sqr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sub.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sup.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Vert.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EBase/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EComp/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EPres/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/A.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/H.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/Na.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/W.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Emoji/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ext/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/ExtPict/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/CN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/EX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LV.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LVT.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/PP.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/SM.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/XX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/C.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/L.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/LC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ll.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/M.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Me.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nd.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/No.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/P.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pd.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pe.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Po.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ps.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/S.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sk.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/So.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Z.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Zs.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrBase/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrExt/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hex/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hst/NA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hyphen/T.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDS/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdStatus/Allowed.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdStatus/Restrict.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/DefaultI.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Exclusio.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Inclusio.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/LimitedU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotChara.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotNFKC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotXID.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Obsolete.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Recommen.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Technica.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Uncommon.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ideo/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/10_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/11_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/13_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/14_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/15_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/7_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/8_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/9_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Bottom.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/BottomAn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Left.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/LeftAndR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/NA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Overstru.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Right.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Top.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndBo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndL2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndLe.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndRi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/VisualOr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Avagraha.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Bindu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Cantilla.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona4.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona5.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona6.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona7.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona8.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona9.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consonan.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Geminati.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Invisibl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Nukta.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Number.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Other.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/PureKill.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Syllable.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/ToneMark.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Virama.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Visarga.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Vowel.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelDep.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelInd.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Ain.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Alef.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Beh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Dal.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/FarsiYeh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Feh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Gaf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Hah.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/HanifiRo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Kaf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Lam.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/NoJoinin.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Noon.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Qaf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Reh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Sad.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Seen.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Tah.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Waw.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Yeh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/C.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/D.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/L.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/R.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/T.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/U.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AI.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CJ.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CM.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/EX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/GL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/ID.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/OP.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PO.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/QU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/SA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/XX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lower/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Math/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/M.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Di.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/None.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Nu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/11.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/12.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/13.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/14.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/15.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/16.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/17.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/18.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/19.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_16.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_4.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_6.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_8.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/200.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2_3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/300.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_16.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_4.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/400.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/500.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/600.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/700.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/800.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/900.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PCM/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PatSyn/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Alnum.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Assigned.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Blank.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Graph.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PerlWord.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PosixPun.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Print.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/SpacePer.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Title.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Word.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/XPosixPu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlAny.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCh2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCha.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlFol.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIsI.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlNch.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPat.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPr2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPro.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlQuo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/QMark/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/AT.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/CL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/EX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/FO.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LE.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LO.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/NU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/SC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/ST.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/Sp.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/UP.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/XX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SD/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/STerm/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Arab.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Beng.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cprt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cyrl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Deva.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Dupl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Geor.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Glag.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gong.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gonm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gran.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Grek.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gujr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Guru.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Han.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hang.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hira.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Kana.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Knda.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Latn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Limb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Linb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mlym.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mong.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mult.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Orya.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Sinh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Syrc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Taml.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Telu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zinh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zyyy.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Adlm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Arab.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Armn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Beng.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bhks.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bopo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cakm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cham.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Copt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cprt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cyrl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Deva.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Diak.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Dupl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Ethi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Geor.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Glag.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gong.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gonm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gran.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Grek.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gujr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Guru.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Han.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hang.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hebr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hira.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmng.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmnp.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kana.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khar.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khmr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khoj.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Knda.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kthi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lana.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lao.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Latn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Limb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lina.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Linb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mlym.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mong.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mult.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mymr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Nand.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Nko.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Orya.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Phlp.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Rohg.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Shrd.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sind.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sinh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Syrc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tagb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Takr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Talu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Taml.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tang.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Telu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Thaa.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tibt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tirh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Vith.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Xsux.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Yezi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Yi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zinh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zyyy.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zzzz.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Term/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/UIdeo/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Upper/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/VS/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/R.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/U.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/EX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/Extend.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/FO.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/HL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/KA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/LE.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/ML.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/NU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/WSegSpac.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/XX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDS/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/utf8.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/vars.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/warnings.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/warnings/register.pm", + "/usr/share/doc/perl-base/changelog.Debian.gz", + "/usr/share/doc/perl-base/changelog.gz", + "/usr/share/doc/perl-base/copyright", + "/usr/share/doc/perl/AUTHORS.gz", + "/usr/share/doc/perl/Documentation", + "/usr/share/lintian/overrides/perl-base", + "/usr/share/man/man1/perl.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "readline-common@8.2-6", + "Name": "readline-common", + "Identifier": { + "PURL": "pkg:deb/debian/readline-common@8.2-6?arch=all\u0026distro=debian-13.5", + "UID": "e762758a1681f62e" + }, + "Version": "8.2", + "Release": "6", + "Arch": "all", + "SrcName": "readline", + "SrcVersion": "8.2", + "SrcRelease": "6", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only", + "GPL-2.0-or-later", + "GPL-2.0-only", + "GFDL-1.3-no-invariants-or-later", + "GFDL-1.3-or-later", + "ISC-no-attribution" + ], + "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "InstalledFiles": [ + "/usr/share/doc/readline-common/changelog.Debian.gz", + "/usr/share/doc/readline-common/changelog.gz", + "/usr/share/doc/readline-common/copyright", + "/usr/share/doc/readline-common/inputrc.arrows", + "/usr/share/info/rluserman.info.gz", + "/usr/share/lintian/overrides/readline-common", + "/usr/share/man/man3/history.3readline.gz", + "/usr/share/man/man3/readline.3readline.gz", + "/usr/share/readline/inputrc" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "sed@4.9-2+deb13u1", + "Name": "sed", + "Identifier": { + "PURL": "pkg:deb/debian/sed@4.9-2%2Bdeb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "a041ea16982bb927" + }, + "Version": "4.9", + "Release": "2+deb13u1", + "Arch": "amd64", + "SrcName": "sed", + "SrcVersion": "4.9", + "SrcRelease": "2+deb13u1", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only", + "X11", + "GFDL-1.3-no-invariants-or-later", + "GFDL-1.3-only", + "ISC", + "BSD-4-Clause-UC", + "BSL-1", + "pcre" + ], + "Maintainer": "Clint Adams \u003cclint@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/sed", + "/usr/share/doc/sed/AUTHORS", + "/usr/share/doc/sed/BUGS.gz", + "/usr/share/doc/sed/NEWS.gz", + "/usr/share/doc/sed/README", + "/usr/share/doc/sed/THANKS.gz", + "/usr/share/doc/sed/changelog.Debian.gz", + "/usr/share/doc/sed/changelog.gz", + "/usr/share/doc/sed/copyright", + "/usr/share/doc/sed/examples/dc.sed", + "/usr/share/doc/sed/sedfaq.txt.gz", + "/usr/share/info/sed.info.gz", + "/usr/share/locale/af/LC_MESSAGES/sed.mo", + "/usr/share/locale/ast/LC_MESSAGES/sed.mo", + "/usr/share/locale/bg/LC_MESSAGES/sed.mo", + "/usr/share/locale/ca/LC_MESSAGES/sed.mo", + "/usr/share/locale/cs/LC_MESSAGES/sed.mo", + "/usr/share/locale/da/LC_MESSAGES/sed.mo", + "/usr/share/locale/de/LC_MESSAGES/sed.mo", + "/usr/share/locale/el/LC_MESSAGES/sed.mo", + "/usr/share/locale/eo/LC_MESSAGES/sed.mo", + "/usr/share/locale/es/LC_MESSAGES/sed.mo", + "/usr/share/locale/et/LC_MESSAGES/sed.mo", + "/usr/share/locale/eu/LC_MESSAGES/sed.mo", + "/usr/share/locale/fi/LC_MESSAGES/sed.mo", + "/usr/share/locale/fr/LC_MESSAGES/sed.mo", + "/usr/share/locale/ga/LC_MESSAGES/sed.mo", + "/usr/share/locale/gl/LC_MESSAGES/sed.mo", + "/usr/share/locale/he/LC_MESSAGES/sed.mo", + "/usr/share/locale/hr/LC_MESSAGES/sed.mo", + "/usr/share/locale/hu/LC_MESSAGES/sed.mo", + "/usr/share/locale/id/LC_MESSAGES/sed.mo", + "/usr/share/locale/it/LC_MESSAGES/sed.mo", + "/usr/share/locale/ja/LC_MESSAGES/sed.mo", + "/usr/share/locale/ka/LC_MESSAGES/sed.mo", + "/usr/share/locale/ko/LC_MESSAGES/sed.mo", + "/usr/share/locale/nb/LC_MESSAGES/sed.mo", + "/usr/share/locale/nl/LC_MESSAGES/sed.mo", + "/usr/share/locale/pl/LC_MESSAGES/sed.mo", + "/usr/share/locale/pt/LC_MESSAGES/sed.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/sed.mo", + "/usr/share/locale/ro/LC_MESSAGES/sed.mo", + "/usr/share/locale/ru/LC_MESSAGES/sed.mo", + "/usr/share/locale/sk/LC_MESSAGES/sed.mo", + "/usr/share/locale/sl/LC_MESSAGES/sed.mo", + "/usr/share/locale/sr/LC_MESSAGES/sed.mo", + "/usr/share/locale/sv/LC_MESSAGES/sed.mo", + "/usr/share/locale/tr/LC_MESSAGES/sed.mo", + "/usr/share/locale/uk/LC_MESSAGES/sed.mo", + "/usr/share/locale/vi/LC_MESSAGES/sed.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/sed.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/sed.mo", + "/usr/share/man/man1/sed.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "sqv@1.3.0-3+b2", + "Name": "sqv", + "Identifier": { + "PURL": "pkg:deb/debian/sqv@1.3.0-3%2Bb2?arch=amd64\u0026distro=debian-13.5", + "UID": "2bf11ffe79190750" + }, + "Version": "1.3.0", + "Release": "3+b2", + "Arch": "amd64", + "SrcName": "rust-sequoia-sqv", + "SrcVersion": "1.3.0", + "SrcRelease": "3", + "Licenses": [ + "LGPL-2.0-or-later", + "LGPL-2.0-only" + ], + "Maintainer": "Debian Rust Maintainers \u003cpkg-rust-maintainers@alioth-lists.debian.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libgcc-s1@14.2.0-19", + "libgmp10@2:6.3.0+dfsg-3", + "libhogweed6t64@3.10.1-1", + "libnettle8t64@3.10.1-1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/sqv", + "/usr/share/bash-completion/completions/sqv.bash", + "/usr/share/doc/sqv/NEWS.gz", + "/usr/share/doc/sqv/changelog.Debian.amd64.gz", + "/usr/share/doc/sqv/changelog.Debian.gz", + "/usr/share/doc/sqv/copyright", + "/usr/share/fish/completions/sqv.fish", + "/usr/share/man/man1/sqv.1.gz", + "/usr/share/zsh/vendor-completions/_sqv" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "sysvinit-utils@3.14-4", + "Name": "sysvinit-utils", + "Identifier": { + "PURL": "pkg:deb/debian/sysvinit-utils@3.14-4?arch=amd64\u0026distro=debian-13.5", + "UID": "f7fb888c58ca826e" + }, + "Version": "3.14", + "Release": "4", + "Arch": "amd64", + "SrcName": "sysvinit", + "SrcVersion": "3.14", + "SrcRelease": "4", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later", + "GPL-3.0-only", + "GPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Debian sysvinit maintainers \u003cdebian-init-diversity@chiark.greenend.org.uk\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/init/init-d-script", + "/usr/lib/init/vars.sh", + "/usr/lib/lsb/init-functions", + "/usr/lib/lsb/init-functions.d/00-verbose", + "/usr/sbin/fstab-decode", + "/usr/sbin/killall5", + "/usr/share/doc/sysvinit-utils/changelog.Debian.gz", + "/usr/share/doc/sysvinit-utils/copyright", + "/usr/share/man/man5/init-d-script.5.gz", + "/usr/share/man/man8/fstab-decode.8.gz", + "/usr/share/man/man8/killall5.8.gz", + "/usr/share/man/man8/pidof.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "tar@1.35+dfsg-3.1", + "Name": "tar", + "Identifier": { + "PURL": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?arch=amd64\u0026distro=debian-13.5", + "UID": "4f69996c49afbaca" + }, + "Version": "1.35+dfsg", + "Release": "3.1", + "Arch": "amd64", + "SrcName": "tar", + "SrcVersion": "1.35+dfsg", + "SrcRelease": "3.1", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "LGPL-2.1-or-later", + "LGPL-2.1-only", + "LGPL-3.0-or-later", + "LGPL-3.0-only", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Janos Lenart \u003cocsi@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/tar", + "/usr/lib/mime/packages/tar", + "/usr/sbin/rmt-tar", + "/usr/sbin/tarcat", + "/usr/share/doc/tar/AUTHORS", + "/usr/share/doc/tar/NEWS.gz", + "/usr/share/doc/tar/README.Debian", + "/usr/share/doc/tar/THANKS.gz", + "/usr/share/doc/tar/changelog.1.gz", + "/usr/share/doc/tar/changelog.Debian.gz", + "/usr/share/doc/tar/changelog.gz", + "/usr/share/doc/tar/copyright", + "/usr/share/locale/bg/LC_MESSAGES/tar.mo", + "/usr/share/locale/ca/LC_MESSAGES/tar.mo", + "/usr/share/locale/cs/LC_MESSAGES/tar.mo", + "/usr/share/locale/da/LC_MESSAGES/tar.mo", + "/usr/share/locale/de/LC_MESSAGES/tar.mo", + "/usr/share/locale/el/LC_MESSAGES/tar.mo", + "/usr/share/locale/eo/LC_MESSAGES/tar.mo", + "/usr/share/locale/es/LC_MESSAGES/tar.mo", + "/usr/share/locale/et/LC_MESSAGES/tar.mo", + "/usr/share/locale/eu/LC_MESSAGES/tar.mo", + "/usr/share/locale/fi/LC_MESSAGES/tar.mo", + "/usr/share/locale/fr/LC_MESSAGES/tar.mo", + "/usr/share/locale/ga/LC_MESSAGES/tar.mo", + "/usr/share/locale/gl/LC_MESSAGES/tar.mo", + "/usr/share/locale/hr/LC_MESSAGES/tar.mo", + "/usr/share/locale/hu/LC_MESSAGES/tar.mo", + "/usr/share/locale/id/LC_MESSAGES/tar.mo", + "/usr/share/locale/it/LC_MESSAGES/tar.mo", + "/usr/share/locale/ja/LC_MESSAGES/tar.mo", + "/usr/share/locale/ka/LC_MESSAGES/tar.mo", + "/usr/share/locale/ko/LC_MESSAGES/tar.mo", + "/usr/share/locale/ky/LC_MESSAGES/tar.mo", + "/usr/share/locale/ms/LC_MESSAGES/tar.mo", + "/usr/share/locale/nb/LC_MESSAGES/tar.mo", + "/usr/share/locale/nl/LC_MESSAGES/tar.mo", + "/usr/share/locale/pl/LC_MESSAGES/tar.mo", + "/usr/share/locale/pt/LC_MESSAGES/tar.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/tar.mo", + "/usr/share/locale/ro/LC_MESSAGES/tar.mo", + "/usr/share/locale/ru/LC_MESSAGES/tar.mo", + "/usr/share/locale/sk/LC_MESSAGES/tar.mo", + "/usr/share/locale/sl/LC_MESSAGES/tar.mo", + "/usr/share/locale/sr/LC_MESSAGES/tar.mo", + "/usr/share/locale/sv/LC_MESSAGES/tar.mo", + "/usr/share/locale/tr/LC_MESSAGES/tar.mo", + "/usr/share/locale/uk/LC_MESSAGES/tar.mo", + "/usr/share/locale/vi/LC_MESSAGES/tar.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/tar.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/tar.mo", + "/usr/share/man/man1/tar.1.gz", + "/usr/share/man/man1/tarcat.1.gz", + "/usr/share/man/man8/rmt-tar.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "tzdata@2026b-0+deb13u1", + "Name": "tzdata", + "Identifier": { + "PURL": "pkg:deb/debian/tzdata@2026b-0%2Bdeb13u1?arch=all\u0026distro=debian-13.5", + "UID": "9e352e373d8245f0" + }, + "Version": "2026b", + "Release": "0+deb13u1", + "Arch": "all", + "SrcName": "tzdata", + "SrcVersion": "2026b", + "SrcRelease": "0+deb13u1", + "Licenses": [ + "public-domain" + ], + "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.91" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/share/doc/tzdata/NEWS.Debian.gz", + "/usr/share/doc/tzdata/README.Debian", + "/usr/share/doc/tzdata/changelog.Debian.gz", + "/usr/share/doc/tzdata/changelog.gz", + "/usr/share/doc/tzdata/copyright", + "/usr/share/lintian/overrides/tzdata", + "/usr/share/zoneinfo/Africa/Abidjan", + "/usr/share/zoneinfo/Africa/Accra", + "/usr/share/zoneinfo/Africa/Addis_Ababa", + "/usr/share/zoneinfo/Africa/Algiers", + "/usr/share/zoneinfo/Africa/Asmara", + "/usr/share/zoneinfo/Africa/Bamako", + "/usr/share/zoneinfo/Africa/Bangui", + "/usr/share/zoneinfo/Africa/Banjul", + "/usr/share/zoneinfo/Africa/Bissau", + "/usr/share/zoneinfo/Africa/Blantyre", + "/usr/share/zoneinfo/Africa/Brazzaville", + "/usr/share/zoneinfo/Africa/Bujumbura", + "/usr/share/zoneinfo/Africa/Cairo", + "/usr/share/zoneinfo/Africa/Casablanca", + "/usr/share/zoneinfo/Africa/Ceuta", + "/usr/share/zoneinfo/Africa/Conakry", + "/usr/share/zoneinfo/Africa/Dakar", + "/usr/share/zoneinfo/Africa/Dar_es_Salaam", + "/usr/share/zoneinfo/Africa/Djibouti", + "/usr/share/zoneinfo/Africa/Douala", + "/usr/share/zoneinfo/Africa/El_Aaiun", + "/usr/share/zoneinfo/Africa/Freetown", + "/usr/share/zoneinfo/Africa/Gaborone", + "/usr/share/zoneinfo/Africa/Harare", + "/usr/share/zoneinfo/Africa/Johannesburg", + "/usr/share/zoneinfo/Africa/Juba", + "/usr/share/zoneinfo/Africa/Kampala", + "/usr/share/zoneinfo/Africa/Khartoum", + "/usr/share/zoneinfo/Africa/Kigali", + "/usr/share/zoneinfo/Africa/Kinshasa", + "/usr/share/zoneinfo/Africa/Lagos", + "/usr/share/zoneinfo/Africa/Libreville", + "/usr/share/zoneinfo/Africa/Lome", + "/usr/share/zoneinfo/Africa/Luanda", + "/usr/share/zoneinfo/Africa/Lubumbashi", + "/usr/share/zoneinfo/Africa/Lusaka", + "/usr/share/zoneinfo/Africa/Malabo", + "/usr/share/zoneinfo/Africa/Maputo", + "/usr/share/zoneinfo/Africa/Maseru", + "/usr/share/zoneinfo/Africa/Mbabane", + "/usr/share/zoneinfo/Africa/Mogadishu", + "/usr/share/zoneinfo/Africa/Monrovia", + "/usr/share/zoneinfo/Africa/Nairobi", + "/usr/share/zoneinfo/Africa/Ndjamena", + "/usr/share/zoneinfo/Africa/Niamey", + "/usr/share/zoneinfo/Africa/Nouakchott", + "/usr/share/zoneinfo/Africa/Ouagadougou", + "/usr/share/zoneinfo/Africa/Porto-Novo", + "/usr/share/zoneinfo/Africa/Sao_Tome", + "/usr/share/zoneinfo/Africa/Tripoli", + "/usr/share/zoneinfo/Africa/Tunis", + "/usr/share/zoneinfo/Africa/Windhoek", + "/usr/share/zoneinfo/America/Adak", + "/usr/share/zoneinfo/America/Anchorage", + "/usr/share/zoneinfo/America/Anguilla", + "/usr/share/zoneinfo/America/Antigua", + "/usr/share/zoneinfo/America/Araguaina", + "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", + "/usr/share/zoneinfo/America/Argentina/Catamarca", + "/usr/share/zoneinfo/America/Argentina/Cordoba", + "/usr/share/zoneinfo/America/Argentina/Jujuy", + "/usr/share/zoneinfo/America/Argentina/La_Rioja", + "/usr/share/zoneinfo/America/Argentina/Mendoza", + "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", + "/usr/share/zoneinfo/America/Argentina/Salta", + "/usr/share/zoneinfo/America/Argentina/San_Juan", + "/usr/share/zoneinfo/America/Argentina/San_Luis", + "/usr/share/zoneinfo/America/Argentina/Tucuman", + "/usr/share/zoneinfo/America/Argentina/Ushuaia", + "/usr/share/zoneinfo/America/Aruba", + "/usr/share/zoneinfo/America/Asuncion", + "/usr/share/zoneinfo/America/Atikokan", + "/usr/share/zoneinfo/America/Bahia", + "/usr/share/zoneinfo/America/Bahia_Banderas", + "/usr/share/zoneinfo/America/Barbados", + "/usr/share/zoneinfo/America/Belem", + "/usr/share/zoneinfo/America/Belize", + "/usr/share/zoneinfo/America/Blanc-Sablon", + "/usr/share/zoneinfo/America/Boa_Vista", + "/usr/share/zoneinfo/America/Bogota", + "/usr/share/zoneinfo/America/Boise", + "/usr/share/zoneinfo/America/Cambridge_Bay", + "/usr/share/zoneinfo/America/Campo_Grande", + "/usr/share/zoneinfo/America/Cancun", + "/usr/share/zoneinfo/America/Caracas", + "/usr/share/zoneinfo/America/Cayenne", + "/usr/share/zoneinfo/America/Cayman", + "/usr/share/zoneinfo/America/Chicago", + "/usr/share/zoneinfo/America/Chihuahua", + "/usr/share/zoneinfo/America/Ciudad_Juarez", + "/usr/share/zoneinfo/America/Costa_Rica", + "/usr/share/zoneinfo/America/Coyhaique", + "/usr/share/zoneinfo/America/Creston", + "/usr/share/zoneinfo/America/Cuiaba", + "/usr/share/zoneinfo/America/Curacao", + "/usr/share/zoneinfo/America/Danmarkshavn", + "/usr/share/zoneinfo/America/Dawson", + "/usr/share/zoneinfo/America/Dawson_Creek", + "/usr/share/zoneinfo/America/Denver", + "/usr/share/zoneinfo/America/Detroit", + "/usr/share/zoneinfo/America/Dominica", + "/usr/share/zoneinfo/America/Edmonton", + "/usr/share/zoneinfo/America/Eirunepe", + "/usr/share/zoneinfo/America/El_Salvador", + "/usr/share/zoneinfo/America/Fort_Nelson", + "/usr/share/zoneinfo/America/Fortaleza", + "/usr/share/zoneinfo/America/Glace_Bay", + "/usr/share/zoneinfo/America/Goose_Bay", + "/usr/share/zoneinfo/America/Grand_Turk", + "/usr/share/zoneinfo/America/Grenada", + "/usr/share/zoneinfo/America/Guadeloupe", + "/usr/share/zoneinfo/America/Guatemala", + "/usr/share/zoneinfo/America/Guayaquil", + "/usr/share/zoneinfo/America/Guyana", + "/usr/share/zoneinfo/America/Halifax", + "/usr/share/zoneinfo/America/Havana", + "/usr/share/zoneinfo/America/Hermosillo", + "/usr/share/zoneinfo/America/Indiana/Indianapolis", + "/usr/share/zoneinfo/America/Indiana/Knox", + "/usr/share/zoneinfo/America/Indiana/Marengo", + "/usr/share/zoneinfo/America/Indiana/Petersburg", + "/usr/share/zoneinfo/America/Indiana/Tell_City", + "/usr/share/zoneinfo/America/Indiana/Vevay", + "/usr/share/zoneinfo/America/Indiana/Vincennes", + "/usr/share/zoneinfo/America/Indiana/Winamac", + "/usr/share/zoneinfo/America/Inuvik", + "/usr/share/zoneinfo/America/Iqaluit", + "/usr/share/zoneinfo/America/Jamaica", + "/usr/share/zoneinfo/America/Juneau", + "/usr/share/zoneinfo/America/Kentucky/Louisville", + "/usr/share/zoneinfo/America/Kentucky/Monticello", + "/usr/share/zoneinfo/America/La_Paz", + "/usr/share/zoneinfo/America/Lima", + "/usr/share/zoneinfo/America/Los_Angeles", + "/usr/share/zoneinfo/America/Maceio", + "/usr/share/zoneinfo/America/Managua", + "/usr/share/zoneinfo/America/Manaus", + "/usr/share/zoneinfo/America/Martinique", + "/usr/share/zoneinfo/America/Matamoros", + "/usr/share/zoneinfo/America/Mazatlan", + "/usr/share/zoneinfo/America/Menominee", + "/usr/share/zoneinfo/America/Merida", + "/usr/share/zoneinfo/America/Metlakatla", + "/usr/share/zoneinfo/America/Mexico_City", + "/usr/share/zoneinfo/America/Miquelon", + "/usr/share/zoneinfo/America/Moncton", + "/usr/share/zoneinfo/America/Monterrey", + "/usr/share/zoneinfo/America/Montevideo", + "/usr/share/zoneinfo/America/Montserrat", + "/usr/share/zoneinfo/America/Nassau", + "/usr/share/zoneinfo/America/New_York", + "/usr/share/zoneinfo/America/Nome", + "/usr/share/zoneinfo/America/Noronha", + "/usr/share/zoneinfo/America/North_Dakota/Beulah", + "/usr/share/zoneinfo/America/North_Dakota/Center", + "/usr/share/zoneinfo/America/North_Dakota/New_Salem", + "/usr/share/zoneinfo/America/Nuuk", + "/usr/share/zoneinfo/America/Ojinaga", + "/usr/share/zoneinfo/America/Panama", + "/usr/share/zoneinfo/America/Paramaribo", + "/usr/share/zoneinfo/America/Phoenix", + "/usr/share/zoneinfo/America/Port-au-Prince", + "/usr/share/zoneinfo/America/Port_of_Spain", + "/usr/share/zoneinfo/America/Porto_Velho", + "/usr/share/zoneinfo/America/Puerto_Rico", + "/usr/share/zoneinfo/America/Punta_Arenas", + "/usr/share/zoneinfo/America/Rankin_Inlet", + "/usr/share/zoneinfo/America/Recife", + "/usr/share/zoneinfo/America/Regina", + "/usr/share/zoneinfo/America/Resolute", + "/usr/share/zoneinfo/America/Rio_Branco", + "/usr/share/zoneinfo/America/Santarem", + "/usr/share/zoneinfo/America/Santiago", + "/usr/share/zoneinfo/America/Santo_Domingo", + "/usr/share/zoneinfo/America/Sao_Paulo", + "/usr/share/zoneinfo/America/Scoresbysund", + "/usr/share/zoneinfo/America/Sitka", + "/usr/share/zoneinfo/America/St_Johns", + "/usr/share/zoneinfo/America/St_Kitts", + "/usr/share/zoneinfo/America/St_Lucia", + "/usr/share/zoneinfo/America/St_Thomas", + "/usr/share/zoneinfo/America/St_Vincent", + "/usr/share/zoneinfo/America/Swift_Current", + "/usr/share/zoneinfo/America/Tegucigalpa", + "/usr/share/zoneinfo/America/Thule", + "/usr/share/zoneinfo/America/Tijuana", + "/usr/share/zoneinfo/America/Toronto", + "/usr/share/zoneinfo/America/Tortola", + "/usr/share/zoneinfo/America/Vancouver", + "/usr/share/zoneinfo/America/Whitehorse", + "/usr/share/zoneinfo/America/Winnipeg", + "/usr/share/zoneinfo/America/Yakutat", + "/usr/share/zoneinfo/Antarctica/Casey", + "/usr/share/zoneinfo/Antarctica/Davis", + "/usr/share/zoneinfo/Antarctica/DumontDUrville", + "/usr/share/zoneinfo/Antarctica/Macquarie", + "/usr/share/zoneinfo/Antarctica/Mawson", + "/usr/share/zoneinfo/Antarctica/McMurdo", + "/usr/share/zoneinfo/Antarctica/Palmer", + "/usr/share/zoneinfo/Antarctica/Rothera", + "/usr/share/zoneinfo/Antarctica/Syowa", + "/usr/share/zoneinfo/Antarctica/Troll", + "/usr/share/zoneinfo/Antarctica/Vostok", + "/usr/share/zoneinfo/Asia/Aden", + "/usr/share/zoneinfo/Asia/Almaty", + "/usr/share/zoneinfo/Asia/Amman", + "/usr/share/zoneinfo/Asia/Anadyr", + "/usr/share/zoneinfo/Asia/Aqtau", + "/usr/share/zoneinfo/Asia/Aqtobe", + "/usr/share/zoneinfo/Asia/Ashgabat", + "/usr/share/zoneinfo/Asia/Atyrau", + "/usr/share/zoneinfo/Asia/Baghdad", + "/usr/share/zoneinfo/Asia/Bahrain", + "/usr/share/zoneinfo/Asia/Baku", + "/usr/share/zoneinfo/Asia/Bangkok", + "/usr/share/zoneinfo/Asia/Barnaul", + "/usr/share/zoneinfo/Asia/Beirut", + "/usr/share/zoneinfo/Asia/Bishkek", + "/usr/share/zoneinfo/Asia/Brunei", + "/usr/share/zoneinfo/Asia/Chita", + "/usr/share/zoneinfo/Asia/Colombo", + "/usr/share/zoneinfo/Asia/Damascus", + "/usr/share/zoneinfo/Asia/Dhaka", + "/usr/share/zoneinfo/Asia/Dili", + "/usr/share/zoneinfo/Asia/Dubai", + "/usr/share/zoneinfo/Asia/Dushanbe", + "/usr/share/zoneinfo/Asia/Famagusta", + "/usr/share/zoneinfo/Asia/Gaza", + "/usr/share/zoneinfo/Asia/Hebron", + "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", + "/usr/share/zoneinfo/Asia/Hong_Kong", + "/usr/share/zoneinfo/Asia/Hovd", + "/usr/share/zoneinfo/Asia/Irkutsk", + "/usr/share/zoneinfo/Asia/Jakarta", + "/usr/share/zoneinfo/Asia/Jayapura", + "/usr/share/zoneinfo/Asia/Jerusalem", + "/usr/share/zoneinfo/Asia/Kabul", + "/usr/share/zoneinfo/Asia/Kamchatka", + "/usr/share/zoneinfo/Asia/Karachi", + "/usr/share/zoneinfo/Asia/Kathmandu", + "/usr/share/zoneinfo/Asia/Khandyga", + "/usr/share/zoneinfo/Asia/Kolkata", + "/usr/share/zoneinfo/Asia/Krasnoyarsk", + "/usr/share/zoneinfo/Asia/Kuala_Lumpur", + "/usr/share/zoneinfo/Asia/Kuching", + "/usr/share/zoneinfo/Asia/Kuwait", + "/usr/share/zoneinfo/Asia/Macau", + "/usr/share/zoneinfo/Asia/Magadan", + "/usr/share/zoneinfo/Asia/Makassar", + "/usr/share/zoneinfo/Asia/Manila", + "/usr/share/zoneinfo/Asia/Muscat", + "/usr/share/zoneinfo/Asia/Nicosia", + "/usr/share/zoneinfo/Asia/Novokuznetsk", + "/usr/share/zoneinfo/Asia/Novosibirsk", + "/usr/share/zoneinfo/Asia/Omsk", + "/usr/share/zoneinfo/Asia/Oral", + "/usr/share/zoneinfo/Asia/Phnom_Penh", + "/usr/share/zoneinfo/Asia/Pontianak", + "/usr/share/zoneinfo/Asia/Pyongyang", + "/usr/share/zoneinfo/Asia/Qatar", + "/usr/share/zoneinfo/Asia/Qostanay", + "/usr/share/zoneinfo/Asia/Qyzylorda", + "/usr/share/zoneinfo/Asia/Riyadh", + "/usr/share/zoneinfo/Asia/Sakhalin", + "/usr/share/zoneinfo/Asia/Samarkand", + "/usr/share/zoneinfo/Asia/Seoul", + "/usr/share/zoneinfo/Asia/Shanghai", + "/usr/share/zoneinfo/Asia/Singapore", + "/usr/share/zoneinfo/Asia/Srednekolymsk", + "/usr/share/zoneinfo/Asia/Taipei", + "/usr/share/zoneinfo/Asia/Tashkent", + "/usr/share/zoneinfo/Asia/Tbilisi", + "/usr/share/zoneinfo/Asia/Tehran", + "/usr/share/zoneinfo/Asia/Thimphu", + "/usr/share/zoneinfo/Asia/Tokyo", + "/usr/share/zoneinfo/Asia/Tomsk", + "/usr/share/zoneinfo/Asia/Ulaanbaatar", + "/usr/share/zoneinfo/Asia/Urumqi", + "/usr/share/zoneinfo/Asia/Ust-Nera", + "/usr/share/zoneinfo/Asia/Vientiane", + "/usr/share/zoneinfo/Asia/Vladivostok", + "/usr/share/zoneinfo/Asia/Yakutsk", + "/usr/share/zoneinfo/Asia/Yangon", + "/usr/share/zoneinfo/Asia/Yekaterinburg", + "/usr/share/zoneinfo/Asia/Yerevan", + "/usr/share/zoneinfo/Atlantic/Azores", + "/usr/share/zoneinfo/Atlantic/Bermuda", + "/usr/share/zoneinfo/Atlantic/Canary", + "/usr/share/zoneinfo/Atlantic/Cape_Verde", + "/usr/share/zoneinfo/Atlantic/Faroe", + "/usr/share/zoneinfo/Atlantic/Madeira", + "/usr/share/zoneinfo/Atlantic/Reykjavik", + "/usr/share/zoneinfo/Atlantic/South_Georgia", + "/usr/share/zoneinfo/Atlantic/St_Helena", + "/usr/share/zoneinfo/Atlantic/Stanley", + "/usr/share/zoneinfo/Australia/Adelaide", + "/usr/share/zoneinfo/Australia/Brisbane", + "/usr/share/zoneinfo/Australia/Broken_Hill", + "/usr/share/zoneinfo/Australia/Darwin", + "/usr/share/zoneinfo/Australia/Eucla", + "/usr/share/zoneinfo/Australia/Hobart", + "/usr/share/zoneinfo/Australia/Lindeman", + "/usr/share/zoneinfo/Australia/Lord_Howe", + "/usr/share/zoneinfo/Australia/Melbourne", + "/usr/share/zoneinfo/Australia/Perth", + "/usr/share/zoneinfo/Australia/Sydney", + "/usr/share/zoneinfo/Etc/GMT", + "/usr/share/zoneinfo/Etc/GMT+1", + "/usr/share/zoneinfo/Etc/GMT+10", + "/usr/share/zoneinfo/Etc/GMT+11", + "/usr/share/zoneinfo/Etc/GMT+12", + "/usr/share/zoneinfo/Etc/GMT+2", + "/usr/share/zoneinfo/Etc/GMT+3", + "/usr/share/zoneinfo/Etc/GMT+4", + "/usr/share/zoneinfo/Etc/GMT+5", + "/usr/share/zoneinfo/Etc/GMT+6", + "/usr/share/zoneinfo/Etc/GMT+7", + "/usr/share/zoneinfo/Etc/GMT+8", + "/usr/share/zoneinfo/Etc/GMT+9", + "/usr/share/zoneinfo/Etc/GMT-1", + "/usr/share/zoneinfo/Etc/GMT-10", + "/usr/share/zoneinfo/Etc/GMT-11", + "/usr/share/zoneinfo/Etc/GMT-12", + "/usr/share/zoneinfo/Etc/GMT-13", + "/usr/share/zoneinfo/Etc/GMT-14", + "/usr/share/zoneinfo/Etc/GMT-2", + "/usr/share/zoneinfo/Etc/GMT-3", + "/usr/share/zoneinfo/Etc/GMT-4", + "/usr/share/zoneinfo/Etc/GMT-5", + "/usr/share/zoneinfo/Etc/GMT-6", + "/usr/share/zoneinfo/Etc/GMT-7", + "/usr/share/zoneinfo/Etc/GMT-8", + "/usr/share/zoneinfo/Etc/GMT-9", + "/usr/share/zoneinfo/Etc/UTC", + "/usr/share/zoneinfo/Europe/Amsterdam", + "/usr/share/zoneinfo/Europe/Andorra", + "/usr/share/zoneinfo/Europe/Astrakhan", + "/usr/share/zoneinfo/Europe/Athens", + "/usr/share/zoneinfo/Europe/Belgrade", + "/usr/share/zoneinfo/Europe/Berlin", + "/usr/share/zoneinfo/Europe/Brussels", + "/usr/share/zoneinfo/Europe/Bucharest", + "/usr/share/zoneinfo/Europe/Budapest", + "/usr/share/zoneinfo/Europe/Chisinau", + "/usr/share/zoneinfo/Europe/Copenhagen", + "/usr/share/zoneinfo/Europe/Dublin", + "/usr/share/zoneinfo/Europe/Gibraltar", + "/usr/share/zoneinfo/Europe/Guernsey", + "/usr/share/zoneinfo/Europe/Helsinki", + "/usr/share/zoneinfo/Europe/Isle_of_Man", + "/usr/share/zoneinfo/Europe/Istanbul", + "/usr/share/zoneinfo/Europe/Jersey", + "/usr/share/zoneinfo/Europe/Kaliningrad", + "/usr/share/zoneinfo/Europe/Kirov", + "/usr/share/zoneinfo/Europe/Kyiv", + "/usr/share/zoneinfo/Europe/Lisbon", + "/usr/share/zoneinfo/Europe/Ljubljana", + "/usr/share/zoneinfo/Europe/London", + "/usr/share/zoneinfo/Europe/Luxembourg", + "/usr/share/zoneinfo/Europe/Madrid", + "/usr/share/zoneinfo/Europe/Malta", + "/usr/share/zoneinfo/Europe/Minsk", + "/usr/share/zoneinfo/Europe/Monaco", + "/usr/share/zoneinfo/Europe/Moscow", + "/usr/share/zoneinfo/Europe/Oslo", + "/usr/share/zoneinfo/Europe/Paris", + "/usr/share/zoneinfo/Europe/Prague", + "/usr/share/zoneinfo/Europe/Riga", + "/usr/share/zoneinfo/Europe/Rome", + "/usr/share/zoneinfo/Europe/Samara", + "/usr/share/zoneinfo/Europe/Sarajevo", + "/usr/share/zoneinfo/Europe/Saratov", + "/usr/share/zoneinfo/Europe/Simferopol", + "/usr/share/zoneinfo/Europe/Skopje", + "/usr/share/zoneinfo/Europe/Sofia", + "/usr/share/zoneinfo/Europe/Stockholm", + "/usr/share/zoneinfo/Europe/Tallinn", + "/usr/share/zoneinfo/Europe/Tirane", + "/usr/share/zoneinfo/Europe/Ulyanovsk", + "/usr/share/zoneinfo/Europe/Vaduz", + "/usr/share/zoneinfo/Europe/Vienna", + "/usr/share/zoneinfo/Europe/Vilnius", + "/usr/share/zoneinfo/Europe/Volgograd", + "/usr/share/zoneinfo/Europe/Warsaw", + "/usr/share/zoneinfo/Europe/Zagreb", + "/usr/share/zoneinfo/Europe/Zurich", + "/usr/share/zoneinfo/Factory", + "/usr/share/zoneinfo/Indian/Antananarivo", + "/usr/share/zoneinfo/Indian/Chagos", + "/usr/share/zoneinfo/Indian/Christmas", + "/usr/share/zoneinfo/Indian/Cocos", + "/usr/share/zoneinfo/Indian/Comoro", + "/usr/share/zoneinfo/Indian/Kerguelen", + "/usr/share/zoneinfo/Indian/Mahe", + "/usr/share/zoneinfo/Indian/Maldives", + "/usr/share/zoneinfo/Indian/Mauritius", + "/usr/share/zoneinfo/Indian/Mayotte", + "/usr/share/zoneinfo/Indian/Reunion", + "/usr/share/zoneinfo/Pacific/Apia", + "/usr/share/zoneinfo/Pacific/Auckland", + "/usr/share/zoneinfo/Pacific/Bougainville", + "/usr/share/zoneinfo/Pacific/Chatham", + "/usr/share/zoneinfo/Pacific/Chuuk", + "/usr/share/zoneinfo/Pacific/Easter", + "/usr/share/zoneinfo/Pacific/Efate", + "/usr/share/zoneinfo/Pacific/Fakaofo", + "/usr/share/zoneinfo/Pacific/Fiji", + "/usr/share/zoneinfo/Pacific/Funafuti", + "/usr/share/zoneinfo/Pacific/Galapagos", + "/usr/share/zoneinfo/Pacific/Gambier", + "/usr/share/zoneinfo/Pacific/Guadalcanal", + "/usr/share/zoneinfo/Pacific/Guam", + "/usr/share/zoneinfo/Pacific/Honolulu", + "/usr/share/zoneinfo/Pacific/Kanton", + "/usr/share/zoneinfo/Pacific/Kiritimati", + "/usr/share/zoneinfo/Pacific/Kosrae", + "/usr/share/zoneinfo/Pacific/Kwajalein", + "/usr/share/zoneinfo/Pacific/Majuro", + "/usr/share/zoneinfo/Pacific/Marquesas", + "/usr/share/zoneinfo/Pacific/Midway", + "/usr/share/zoneinfo/Pacific/Nauru", + "/usr/share/zoneinfo/Pacific/Niue", + "/usr/share/zoneinfo/Pacific/Norfolk", + "/usr/share/zoneinfo/Pacific/Noumea", + "/usr/share/zoneinfo/Pacific/Pago_Pago", + "/usr/share/zoneinfo/Pacific/Palau", + "/usr/share/zoneinfo/Pacific/Pitcairn", + "/usr/share/zoneinfo/Pacific/Pohnpei", + "/usr/share/zoneinfo/Pacific/Port_Moresby", + "/usr/share/zoneinfo/Pacific/Rarotonga", + "/usr/share/zoneinfo/Pacific/Saipan", + "/usr/share/zoneinfo/Pacific/Tahiti", + "/usr/share/zoneinfo/Pacific/Tarawa", + "/usr/share/zoneinfo/Pacific/Tongatapu", + "/usr/share/zoneinfo/Pacific/Wake", + "/usr/share/zoneinfo/Pacific/Wallis", + "/usr/share/zoneinfo/iso3166.tab", + "/usr/share/zoneinfo/leap-seconds.list", + "/usr/share/zoneinfo/leapseconds", + "/usr/share/zoneinfo/tzdata.zi", + "/usr/share/zoneinfo/zone.tab", + "/usr/share/zoneinfo/zone1970.tab", + "/usr/share/zoneinfo/zonenow.tab" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "util-linux@2.41-5", + "Name": "util-linux", + "Identifier": { + "PURL": "pkg:deb/debian/util-linux@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "972fb85b9c9e83e7" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/choom", + "/usr/bin/chrt", + "/usr/bin/dmesg", + "/usr/bin/fallocate", + "/usr/bin/findmnt", + "/usr/bin/flock", + "/usr/bin/getopt", + "/usr/bin/hardlink", + "/usr/bin/ionice", + "/usr/bin/ipcmk", + "/usr/bin/ipcrm", + "/usr/bin/ipcs", + "/usr/bin/lsblk", + "/usr/bin/lscpu", + "/usr/bin/lsipc", + "/usr/bin/lslocks", + "/usr/bin/lslogins", + "/usr/bin/lsmem", + "/usr/bin/lsns", + "/usr/bin/mcookie", + "/usr/bin/more", + "/usr/bin/mountpoint", + "/usr/bin/namei", + "/usr/bin/nsenter", + "/usr/bin/partx", + "/usr/bin/prlimit", + "/usr/bin/rename.ul", + "/usr/bin/rev", + "/usr/bin/setarch", + "/usr/bin/setpriv", + "/usr/bin/setsid", + "/usr/bin/setterm", + "/usr/bin/su", + "/usr/bin/taskset", + "/usr/bin/uclampset", + "/usr/bin/unshare", + "/usr/bin/wdctl", + "/usr/bin/whereis", + "/usr/lib/mime/packages/util-linux", + "/usr/lib/systemd/system/fstrim.service", + "/usr/lib/systemd/system/fstrim.timer", + "/usr/sbin/agetty", + "/usr/sbin/blkdiscard", + "/usr/sbin/blkid", + "/usr/sbin/blkzone", + "/usr/sbin/blockdev", + "/usr/sbin/chcpu", + "/usr/sbin/chmem", + "/usr/sbin/findfs", + "/usr/sbin/fsck", + "/usr/sbin/fsfreeze", + "/usr/sbin/fstrim", + "/usr/sbin/isosize", + "/usr/sbin/ldattach", + "/usr/sbin/mkfs", + "/usr/sbin/mkswap", + "/usr/sbin/pivot_root", + "/usr/sbin/readprofile", + "/usr/sbin/rtcwake", + "/usr/sbin/runuser", + "/usr/sbin/sulogin", + "/usr/sbin/swaplabel", + "/usr/sbin/switch_root", + "/usr/sbin/wipefs", + "/usr/sbin/zramctl", + "/usr/share/bash-completion/completions/blkdiscard", + "/usr/share/bash-completion/completions/blkid", + "/usr/share/bash-completion/completions/blkzone", + "/usr/share/bash-completion/completions/blockdev", + "/usr/share/bash-completion/completions/chcpu", + "/usr/share/bash-completion/completions/chmem", + "/usr/share/bash-completion/completions/chrt", + "/usr/share/bash-completion/completions/dmesg", + "/usr/share/bash-completion/completions/fallocate", + "/usr/share/bash-completion/completions/findfs", + "/usr/share/bash-completion/completions/findmnt", + "/usr/share/bash-completion/completions/flock", + "/usr/share/bash-completion/completions/fsck", + "/usr/share/bash-completion/completions/fsfreeze", + "/usr/share/bash-completion/completions/fstrim", + "/usr/share/bash-completion/completions/getopt", + "/usr/share/bash-completion/completions/hardlink", + "/usr/share/bash-completion/completions/ionice", + "/usr/share/bash-completion/completions/ipcmk", + "/usr/share/bash-completion/completions/ipcrm", + "/usr/share/bash-completion/completions/ipcs", + "/usr/share/bash-completion/completions/isosize", + "/usr/share/bash-completion/completions/ldattach", + "/usr/share/bash-completion/completions/lsblk", + "/usr/share/bash-completion/completions/lscpu", + "/usr/share/bash-completion/completions/lsipc", + "/usr/share/bash-completion/completions/lslocks", + "/usr/share/bash-completion/completions/lslogins", + "/usr/share/bash-completion/completions/lsmem", + "/usr/share/bash-completion/completions/lsns", + "/usr/share/bash-completion/completions/mcookie", + "/usr/share/bash-completion/completions/mkfs", + "/usr/share/bash-completion/completions/mkswap", + "/usr/share/bash-completion/completions/more", + "/usr/share/bash-completion/completions/mountpoint", + "/usr/share/bash-completion/completions/namei", + "/usr/share/bash-completion/completions/nsenter", + "/usr/share/bash-completion/completions/partx", + "/usr/share/bash-completion/completions/pivot_root", + "/usr/share/bash-completion/completions/prlimit", + "/usr/share/bash-completion/completions/readprofile", + "/usr/share/bash-completion/completions/rename.ul", + "/usr/share/bash-completion/completions/rev", + "/usr/share/bash-completion/completions/rtcwake", + "/usr/share/bash-completion/completions/setarch", + "/usr/share/bash-completion/completions/setpriv", + "/usr/share/bash-completion/completions/setsid", + "/usr/share/bash-completion/completions/setterm", + "/usr/share/bash-completion/completions/su", + "/usr/share/bash-completion/completions/swaplabel", + "/usr/share/bash-completion/completions/taskset", + "/usr/share/bash-completion/completions/uclampset", + "/usr/share/bash-completion/completions/unshare", + "/usr/share/bash-completion/completions/wdctl", + "/usr/share/bash-completion/completions/whereis", + "/usr/share/bash-completion/completions/wipefs", + "/usr/share/bash-completion/completions/zramctl", + "/usr/share/doc/util-linux/00-about-docs.txt", + "/usr/share/doc/util-linux/AUTHORS.gz", + "/usr/share/doc/util-linux/NEWS.Debian.gz", + "/usr/share/doc/util-linux/PAM-configuration.txt", + "/usr/share/doc/util-linux/README.Debian", + "/usr/share/doc/util-linux/blkid.txt", + "/usr/share/doc/util-linux/cal.txt", + "/usr/share/doc/util-linux/changelog.Debian.gz", + "/usr/share/doc/util-linux/changelog.gz", + "/usr/share/doc/util-linux/col.txt", + "/usr/share/doc/util-linux/copyright", + "/usr/share/doc/util-linux/deprecated.txt", + "/usr/share/doc/util-linux/examples/getopt-example.bash", + "/usr/share/doc/util-linux/getopt.txt", + "/usr/share/doc/util-linux/getopt_changelog.txt", + "/usr/share/doc/util-linux/howto-build-sys.txt", + "/usr/share/doc/util-linux/howto-compilation.txt", + "/usr/share/doc/util-linux/howto-contribute.txt.gz", + "/usr/share/doc/util-linux/howto-debug.txt", + "/usr/share/doc/util-linux/howto-man-page.txt", + "/usr/share/doc/util-linux/howto-pull-request.txt.gz", + "/usr/share/doc/util-linux/howto-tests.txt", + "/usr/share/doc/util-linux/howto-usage-function.txt.gz", + "/usr/share/doc/util-linux/hwclock.txt", + "/usr/share/doc/util-linux/modems-with-agetty.txt", + "/usr/share/doc/util-linux/mount.txt", + "/usr/share/doc/util-linux/parse-date.txt.gz", + "/usr/share/doc/util-linux/pg.txt", + "/usr/share/doc/util-linux/poeigl.txt.gz", + "/usr/share/doc/util-linux/release-schedule.txt", + "/usr/share/doc/util-linux/releases/v2.13-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.14-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.15-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.16-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.17-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.18-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.19-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.20-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.21-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.22-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.23-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.24-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.25-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.26-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.27-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.28-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.29-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.30-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.31-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.32-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.33-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.34-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.35-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.36-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.37-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.38-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.39-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.40-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.41-ReleaseNotes.gz", + "/usr/share/lintian/overrides/util-linux", + "/usr/share/man/man1/choom.1.gz", + "/usr/share/man/man1/chrt.1.gz", + "/usr/share/man/man1/dmesg.1.gz", + "/usr/share/man/man1/fallocate.1.gz", + "/usr/share/man/man1/flock.1.gz", + "/usr/share/man/man1/getopt.1.gz", + "/usr/share/man/man1/hardlink.1.gz", + "/usr/share/man/man1/ionice.1.gz", + "/usr/share/man/man1/ipcmk.1.gz", + "/usr/share/man/man1/ipcrm.1.gz", + "/usr/share/man/man1/ipcs.1.gz", + "/usr/share/man/man1/lscpu.1.gz", + "/usr/share/man/man1/lsipc.1.gz", + "/usr/share/man/man1/lslogins.1.gz", + "/usr/share/man/man1/lsmem.1.gz", + "/usr/share/man/man1/mcookie.1.gz", + "/usr/share/man/man1/more.1.gz", + "/usr/share/man/man1/mountpoint.1.gz", + "/usr/share/man/man1/namei.1.gz", + "/usr/share/man/man1/nsenter.1.gz", + "/usr/share/man/man1/prlimit.1.gz", + "/usr/share/man/man1/rename.ul.1.gz", + "/usr/share/man/man1/rev.1.gz", + "/usr/share/man/man1/runuser.1.gz", + "/usr/share/man/man1/setpriv.1.gz", + "/usr/share/man/man1/setsid.1.gz", + "/usr/share/man/man1/setterm.1.gz", + "/usr/share/man/man1/su.1.gz", + "/usr/share/man/man1/taskset.1.gz", + "/usr/share/man/man1/uclampset.1.gz", + "/usr/share/man/man1/unshare.1.gz", + "/usr/share/man/man1/whereis.1.gz", + "/usr/share/man/man5/adjtime_config.5.gz", + "/usr/share/man/man5/scols-filter.5.gz", + "/usr/share/man/man5/terminal-colors.d.5.gz", + "/usr/share/man/man8/agetty.8.gz", + "/usr/share/man/man8/blkdiscard.8.gz", + "/usr/share/man/man8/blkid.8.gz", + "/usr/share/man/man8/blkzone.8.gz", + "/usr/share/man/man8/blockdev.8.gz", + "/usr/share/man/man8/chcpu.8.gz", + "/usr/share/man/man8/chmem.8.gz", + "/usr/share/man/man8/findfs.8.gz", + "/usr/share/man/man8/findmnt.8.gz", + "/usr/share/man/man8/fsck.8.gz", + "/usr/share/man/man8/fsfreeze.8.gz", + "/usr/share/man/man8/fstrim.8.gz", + "/usr/share/man/man8/isosize.8.gz", + "/usr/share/man/man8/ldattach.8.gz", + "/usr/share/man/man8/lsblk.8.gz", + "/usr/share/man/man8/lslocks.8.gz", + "/usr/share/man/man8/lsns.8.gz", + "/usr/share/man/man8/mkfs.8.gz", + "/usr/share/man/man8/mkswap.8.gz", + "/usr/share/man/man8/partx.8.gz", + "/usr/share/man/man8/pivot_root.8.gz", + "/usr/share/man/man8/readprofile.8.gz", + "/usr/share/man/man8/rtcwake.8.gz", + "/usr/share/man/man8/setarch.8.gz", + "/usr/share/man/man8/sulogin.8.gz", + "/usr/share/man/man8/swaplabel.8.gz", + "/usr/share/man/man8/switch_root.8.gz", + "/usr/share/man/man8/wdctl.8.gz", + "/usr/share/man/man8/wipefs.8.gz", + "/usr/share/man/man8/zramctl.8.gz", + "/usr/share/util-linux/logcheck/ignore.d.server/util-linux" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "zlib1g@1:1.3.dfsg+really1.3.1-1+b1", + "Name": "zlib1g", + "Identifier": { + "PURL": "pkg:deb/debian/zlib1g@1.3.dfsg%2Breally1.3.1-1%2Bb1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "ff182eb2a26a8142" + }, + "Version": "1.3.dfsg+really1.3.1", + "Release": "1+b1", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "zlib", + "SrcVersion": "1.3.dfsg+really1.3.1", + "SrcRelease": "1", + "SrcEpoch": 1, + "Licenses": [ + "Zlib" + ], + "Maintainer": "Mark Brown \u003cbroonie@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libz.so.1.3.1", + "/usr/share/doc/zlib1g/changelog.Debian.amd64.gz", + "/usr/share/doc/zlib1g/changelog.Debian.gz", + "/usr/share/doc/zlib1g/changelog.gz", + "/usr/share/doc/zlib1g/copyright" + ], + "AnalyzedBy": "dpkg" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "bsdutils@1:2.41-5", + "PkgName": "bsdutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "5843733a461e6ce1" + }, + "InstalledVersion": "1:2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:48d45065fd36f9b29605ea9e40dcda4160994ad29bfaa13740de33043026e270", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "bsdutils@1:2.41-5", + "PkgName": "bsdutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "5843733a461e6ce1" + }, + "InstalledVersion": "1:2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:24958e6e74e26b300133f285c228b9f461b52b95614b7a6a11a8c375f56fd1ad", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "libblkid1@2.41-5", + "PkgName": "libblkid1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "51bf0af8d40f4a01" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:208d533fb99315acb62e1e9ea4784a159117a77fde3e0e2ecd946a623ec63e05", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "libblkid1@2.41-5", + "PkgName": "libblkid1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "51bf0af8d40f4a01" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:6c64f70629ab0593fa1bf5c32fccbdd6becc9bd93e29919dad32d10e21c7b220", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-5435", + "PkgID": "libc-bin@2.41-12+deb13u3", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "c45af597301c8c0b" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5435", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:b3629142443e8ebf9958830b2ca46a0923ef41f10d95ed80964f96f8d430d6fb", + "Title": "glibc: glibc: Out-of-bounds write via TSIG record processing", + "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-5435", + "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5435", + "https://sourceware.org/bugzilla/show_bug.cgi?id=34033", + "https://www.cve.org/CVERecord?id=CVE-2026-5435" + ], + "PublishedDate": "2026-04-28T13:19:22.29Z", + "LastModifiedDate": "2026-05-05T17:38:37.03Z" + }, + { + "VulnerabilityID": "CVE-2026-5450", + "PkgID": "libc-bin@2.41-12+deb13u3", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "c45af597301c8c0b" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5450", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:6b2c53bb9c79464e2f0dec6316df2631ed75aa71b95b1f19e5ac05de11c9f099", + "Title": "glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width", + "Description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122", + "CWE-787" + ], + "VendorSeverity": { + "photon": 4, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-5450", + "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5450", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997", + "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450", + "https://www.cve.org/CVERecord?id=CVE-2026-5450" + ], + "PublishedDate": "2026-04-20T21:16:36.85Z", + "LastModifiedDate": "2026-04-23T15:33:34.277Z" + }, + { + "VulnerabilityID": "CVE-2026-5928", + "PkgID": "libc-bin@2.41-12+deb13u3", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "c45af597301c8c0b" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5928", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:f30717acc188a932e74e113d90b2fa1d0d6e93472dc89eaa63e3d2f7bb298274", + "Title": "glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings", + "Description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp-\u003e_IO_read_ptr) instead of the actual wide-stream read pointer (fp-\u003e_wide_data-\u003e_IO_read_ptr). The program crash may happen in cases where fp-\u003e_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-127" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-5928", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5928", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33998", + "https://www.cve.org/CVERecord?id=CVE-2026-5928" + ], + "PublishedDate": "2026-04-20T21:16:36.963Z", + "LastModifiedDate": "2026-04-23T15:33:43.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6238", + "PkgID": "libc-bin@2.41-12+deb13u3", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "c45af597301c8c0b" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6238", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:5632cb45b00790fcb54577cca57d9deadf8594b579bad2da7b4c9523a96e7e17", + "Title": "glibc: glibc: Application crash or uninitialized memory read via crafted DNS response", + "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.\n\nThese functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-126" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-6238", + "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6238", + "https://sourceware.org/bugzilla/show_bug.cgi?id=34069", + "https://www.cve.org/CVERecord?id=CVE-2026-6238" + ], + "PublishedDate": "2026-04-28T19:37:47.523Z", + "LastModifiedDate": "2026-05-04T17:57:24.007Z" + }, + { + "VulnerabilityID": "CVE-2026-5435", + "PkgID": "libc6@2.41-12+deb13u3", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "2a1acf211abcdd46" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5435", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:5a8735a67c5528254a880003379960bf48d334877ea38796a8e0a0d0fc196082", + "Title": "glibc: glibc: Out-of-bounds write via TSIG record processing", + "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-5435", + "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5435", + "https://sourceware.org/bugzilla/show_bug.cgi?id=34033", + "https://www.cve.org/CVERecord?id=CVE-2026-5435" + ], + "PublishedDate": "2026-04-28T13:19:22.29Z", + "LastModifiedDate": "2026-05-05T17:38:37.03Z" + }, + { + "VulnerabilityID": "CVE-2026-5450", + "PkgID": "libc6@2.41-12+deb13u3", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "2a1acf211abcdd46" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5450", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:557af5ca4f16b799113e71a4c02df0775e2633618c3da39aa59d62a9c9cb9173", + "Title": "glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width", + "Description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122", + "CWE-787" + ], + "VendorSeverity": { + "photon": 4, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-5450", + "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5450", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997", + "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450", + "https://www.cve.org/CVERecord?id=CVE-2026-5450" + ], + "PublishedDate": "2026-04-20T21:16:36.85Z", + "LastModifiedDate": "2026-04-23T15:33:34.277Z" + }, + { + "VulnerabilityID": "CVE-2026-5928", + "PkgID": "libc6@2.41-12+deb13u3", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "2a1acf211abcdd46" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5928", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:2c364f60364adcd795282d836c525d2d9580ff33848aaacc76918b133bd782c6", + "Title": "glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings", + "Description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp-\u003e_IO_read_ptr) instead of the actual wide-stream read pointer (fp-\u003e_wide_data-\u003e_IO_read_ptr). The program crash may happen in cases where fp-\u003e_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-127" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-5928", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5928", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33998", + "https://www.cve.org/CVERecord?id=CVE-2026-5928" + ], + "PublishedDate": "2026-04-20T21:16:36.963Z", + "LastModifiedDate": "2026-04-23T15:33:43.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6238", + "PkgID": "libc6@2.41-12+deb13u3", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "2a1acf211abcdd46" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6238", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:f1e6150153fa20a27fd1d8c7890a10aadb565bbcd41c56c6354bff22c2b98a0d", + "Title": "glibc: glibc: Application crash or uninitialized memory read via crafted DNS response", + "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.\n\nThese functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-126" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-6238", + "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6238", + "https://sourceware.org/bugzilla/show_bug.cgi?id=34069", + "https://www.cve.org/CVERecord?id=CVE-2026-6238" + ], + "PublishedDate": "2026-04-28T19:37:47.523Z", + "LastModifiedDate": "2026-05-04T17:57:24.007Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "liblastlog2-2@2.41-5", + "PkgName": "liblastlog2-2", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "eb4f5430aea34a10" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:3c38d5dfebf43ad288b31d346954f63e024106bb02129276cf89249a8daa3c0f", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "liblastlog2-2@2.41-5", + "PkgName": "liblastlog2-2", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "eb4f5430aea34a10" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:f130dbdbae22fc4b1c7349d3a6714730f734e338f00e4a9b128e1b73962b3876", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-34743", + "PkgID": "liblzma5@5.8.1-1", + "PkgName": "liblzma5", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/liblzma5@5.8.1-1?arch=amd64\u0026distro=debian-13.5", + "UID": "d7b58e04f1a265ed" + }, + "InstalledVersion": "5.8.1-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34743", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:60084a3cd4b884c5709e460ec100a32d128b23729546865106a2cb844f42456a", + "Title": "xz: XZ Utils: Denial of Service via buffer overflow in index decoding", + "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/31/13", + "https://access.redhat.com/security/cve/CVE-2026-34743", + "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", + "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", + "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", + "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", + "https://www.cve.org/CVERecord?id=CVE-2026-34743" + ], + "PublishedDate": "2026-04-02T19:21:33.187Z", + "LastModifiedDate": "2026-04-15T17:33:17.68Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "libmount1@2.41-5", + "PkgName": "libmount1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "84ccd0371833b76" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:367889648a8f344f1a26014bcfac03328b7ecb97ca9ef56d880e8bae4c4eb2b3", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "libmount1@2.41-5", + "PkgName": "libmount1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "84ccd0371833b76" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:f77fd9fe2df1096b0a48c53a57120f7cc957a8ccc6427a72d98ff72f8cb90b79", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2025-69720", + "PkgID": "libncursesw6@6.5+20250216-2", + "PkgName": "libncursesw6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libncursesw6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", + "UID": "5efa2a2068c240d8" + }, + "InstalledVersion": "6.5+20250216-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:4d57d21013edd86f841c91aca2d842828d24719fe3ec6ac4e58977f3c2213a44", + "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", + "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-121", + "CWE-120" + ], + "VendorSeverity": { + "alma": 2, + "azure": 4, + "cbl-mariner": 4, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:5913", + "https://access.redhat.com/security/cve/CVE-2025-69720", + "https://bugzilla.redhat.com/2449037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", + "https://errata.almalinux.org/10/ALSA-2026-5913.html", + "https://errata.rockylinux.org/RLSA-2026:5913", + "https://github.com/Cao-Wuhui/CVE-2025-69720", + "https://invisible-island.net/archives/ncurses/6.5/", + "https://invisible-island.net/ncurses/", + "https://linux.oracle.com/cve/CVE-2025-69720.html", + "https://linux.oracle.com/errata/ELSA-2026-5913.html", + "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", + "https://www.cve.org/CVERecord?id=CVE-2025-69720" + ], + "PublishedDate": "2026-03-19T15:16:21.293Z", + "LastModifiedDate": "2026-03-26T19:35:10.547Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "libsmartcols1@2.41-5", + "PkgName": "libsmartcols1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "780dbec0869ab8e" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:bfbd68f5f2157efeec31929024ed24baa54fb339adaecda9d72eaf97d64afeec", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "libsmartcols1@2.41-5", + "PkgName": "libsmartcols1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "780dbec0869ab8e" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:9650bf90815644bd7452abf1b641da490c28fa22ce8e98f6f96c3d09dc924d3b", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2025-69720", + "PkgID": "libtinfo6@6.5+20250216-2", + "PkgName": "libtinfo6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libtinfo6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", + "UID": "ba2c2b464f07108a" + }, + "InstalledVersion": "6.5+20250216-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:a909bd893728c34e84d63a7248be944e4dcfd752e481f53a8f04edf766c02b3f", + "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", + "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-121", + "CWE-120" + ], + "VendorSeverity": { + "alma": 2, + "azure": 4, + "cbl-mariner": 4, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:5913", + "https://access.redhat.com/security/cve/CVE-2025-69720", + "https://bugzilla.redhat.com/2449037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", + "https://errata.almalinux.org/10/ALSA-2026-5913.html", + "https://errata.rockylinux.org/RLSA-2026:5913", + "https://github.com/Cao-Wuhui/CVE-2025-69720", + "https://invisible-island.net/archives/ncurses/6.5/", + "https://invisible-island.net/ncurses/", + "https://linux.oracle.com/cve/CVE-2025-69720.html", + "https://linux.oracle.com/errata/ELSA-2026-5913.html", + "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", + "https://www.cve.org/CVERecord?id=CVE-2025-69720" + ], + "PublishedDate": "2026-03-19T15:16:21.293Z", + "LastModifiedDate": "2026-03-26T19:35:10.547Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "libuuid1@2.41-5", + "PkgName": "libuuid1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "1afbb50818377478" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:3b69a00de2c02ec54249af8e1ff7cddb7fa5a1783783c62347c47e9128444395", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "libuuid1@2.41-5", + "PkgName": "libuuid1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "1afbb50818377478" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:2f240b864e2ccdb5b47f89a5e698a2cae073228852916f4e53e2a1c97829c73d", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "login@1:4.16.0-2+really2.41-5", + "PkgName": "login", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "c0ab0b857644733b" + }, + "InstalledVersion": "1:4.16.0-2+really2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:ad3fb67c2c1cfac7c7ca3788194728a8a9a94cf4a5917a13f2072e6c0af7a350", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "login@1:4.16.0-2+really2.41-5", + "PkgName": "login", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "c0ab0b857644733b" + }, + "InstalledVersion": "1:4.16.0-2+really2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:fb5eb329a8139c265be893d38c331dbd2c789abe300b5ce939b6ab4e0cd82bbf", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "mount@2.41-5", + "PkgName": "mount", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/mount@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "55c835c674d0a0e5" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:106a84cd7883c06968fcd11d3092990ea04c50c21fcaa677d38ce047fa8742da", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "mount@2.41-5", + "PkgName": "mount", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/mount@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "55c835c674d0a0e5" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:2dd84bb9ffd00958438e2b069976dafcf778dad93f30a0ad778c2691e27475cb", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2025-69720", + "PkgID": "ncurses-base@6.5+20250216-2", + "PkgName": "ncurses-base", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/ncurses-base@6.5%2B20250216-2?arch=all\u0026distro=debian-13.5", + "UID": "767a0231348a5cb5" + }, + "InstalledVersion": "6.5+20250216-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:c66678f7af162644c73504b2cd8d87bd9aec4095d1d1bcfe42329e78187f366b", + "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", + "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-121", + "CWE-120" + ], + "VendorSeverity": { + "alma": 2, + "azure": 4, + "cbl-mariner": 4, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:5913", + "https://access.redhat.com/security/cve/CVE-2025-69720", + "https://bugzilla.redhat.com/2449037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", + "https://errata.almalinux.org/10/ALSA-2026-5913.html", + "https://errata.rockylinux.org/RLSA-2026:5913", + "https://github.com/Cao-Wuhui/CVE-2025-69720", + "https://invisible-island.net/archives/ncurses/6.5/", + "https://invisible-island.net/ncurses/", + "https://linux.oracle.com/cve/CVE-2025-69720.html", + "https://linux.oracle.com/errata/ELSA-2026-5913.html", + "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", + "https://www.cve.org/CVERecord?id=CVE-2025-69720" + ], + "PublishedDate": "2026-03-19T15:16:21.293Z", + "LastModifiedDate": "2026-03-26T19:35:10.547Z" + }, + { + "VulnerabilityID": "CVE-2025-69720", + "PkgID": "ncurses-bin@6.5+20250216-2", + "PkgName": "ncurses-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/ncurses-bin@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", + "UID": "5b541563cf6587e5" + }, + "InstalledVersion": "6.5+20250216-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:5c62c30e5dd0b9165b4bc1c123ad4d01ae809c974f4911cad2f47e09e5033541", + "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", + "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-121", + "CWE-120" + ], + "VendorSeverity": { + "alma": 2, + "azure": 4, + "cbl-mariner": 4, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:5913", + "https://access.redhat.com/security/cve/CVE-2025-69720", + "https://bugzilla.redhat.com/2449037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", + "https://errata.almalinux.org/10/ALSA-2026-5913.html", + "https://errata.rockylinux.org/RLSA-2026:5913", + "https://github.com/Cao-Wuhui/CVE-2025-69720", + "https://invisible-island.net/archives/ncurses/6.5/", + "https://invisible-island.net/ncurses/", + "https://linux.oracle.com/cve/CVE-2025-69720.html", + "https://linux.oracle.com/errata/ELSA-2026-5913.html", + "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", + "https://www.cve.org/CVERecord?id=CVE-2025-69720" + ], + "PublishedDate": "2026-03-19T15:16:21.293Z", + "LastModifiedDate": "2026-03-26T19:35:10.547Z" + }, + { + "VulnerabilityID": "CVE-2026-5704", + "PkgID": "tar@1.35+dfsg-3.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?arch=amd64\u0026distro=debian-13.5", + "UID": "4f69996c49afbaca" + }, + "InstalledVersion": "1.35+dfsg-3.1", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5704", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:dba3b85f8665a48ab473c378207a09a8b34da3047907f53125a50d132564de74", + "Title": "tar: tar: Hidden file injection via crafted archives", + "Description": "A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-434" + ], + "VendorSeverity": { + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/11/10", + "http://www.openwall.com/lists/oss-security/2026/04/11/11", + "http://www.openwall.com/lists/oss-security/2026/04/12/2", + "https://access.redhat.com/security/cve/CVE-2026-5704", + "https://bugzilla.redhat.com/show_bug.cgi?id=2455360", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5704", + "https://www.cve.org/CVERecord?id=CVE-2026-5704" + ], + "PublishedDate": "2026-04-06T16:16:42.14Z", + "LastModifiedDate": "2026-04-22T20:08:59.92Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "util-linux@2.41-5", + "PkgName": "util-linux", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/util-linux@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "972fb85b9c9e83e7" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:ec60f9924a55c1f9ad836fae64b1b02f24e3c2259288502dad705a073235719d", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "util-linux@2.41-5", + "PkgName": "util-linux", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/util-linux@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "972fb85b9c9e83e7" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:e9e56abe608dcfe0bd1d69e938e9be3eb06d81ae7b7e6d82fe022198d4d0d4dc", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-27171", + "PkgID": "zlib1g@1:1.3.dfsg+really1.3.1-1+b1", + "PkgName": "zlib1g", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/zlib1g@1.3.dfsg%2Breally1.3.1-1%2Bb1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "ff182eb2a26a8142" + }, + "InstalledVersion": "1:1.3.dfsg+really1.3.1-1+b1", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:bf46a3644bc01c553b46ca0ad39c24caf0bef6e14a5aec064021802c26cb0284", + "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", + "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1284" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 1, + "cbl-mariner": 1, + "julia": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://access.redhat.com/security/cve/CVE-2026-27171", + "https://github.com/advisories/GHSA-h858-mf2m-8jf4", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "https://ostif.org/zlib-audit-complete", + "https://ostif.org/zlib-audit-complete/", + "https://www.cve.org/CVERecord?id=CVE-2026-27171" + ], + "PublishedDate": "2026-02-18T04:16:01.263Z", + "LastModifiedDate": "2026-03-25T21:27:04.603Z" + } + ] + }, + { + "Target": "Python", + "Class": "lang-pkgs", + "Type": "python-pkg", + "Packages": [ + { + "Name": "pip", + "Identifier": { + "PURL": "pkg:pypi/pip@25.0.1", + "UID": "7d864d9a4bf3bfe8" + }, + "Version": "25.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "FilePath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", + "AnalyzedBy": "python-pkg" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2025-8869", + "VendorIDs": [ + "GHSA-4xh5-x5gv-qwph" + ], + "PkgName": "pip", + "PkgPath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", + "PkgIdentifier": { + "PURL": "pkg:pypi/pip@25.0.1", + "UID": "7d864d9a4bf3bfe8" + }, + "InstalledVersion": "25.0.1", + "FixedVersion": "25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8869", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory pip", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" + }, + "Fingerprint": "sha256:42863a411c9517557e1744d4dfd39ff9bc29495eff1e5499dcd724418ce89c2d", + "Title": "pip: pip missing checks on symbolic link extraction", + "Description": "When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706.\nNote that upgrading pip to a \"fixed\" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python version that implements PEP 706.\n\nNote that this is a vulnerability in pip's fallback implementation of tar extraction for Python versions that don't implement PEP 706\nand therefore are not secure to all vulnerabilities in the Python 'tarfile' module. If you're using a Python version that implements PEP 706\nthen pip doesn't use the \"vulnerable\" fallback code.\n\nMitigations include upgrading to a version of pip that includes the fix, upgrading to a Python version that implements PEP 706 (Python \u003e=3.9.17, \u003e=3.10.12, \u003e=3.11.4, or \u003e=3.12),\napplying the linked patch, or inspecting source distributions (sdists) before installation as is already a best-practice.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", + "V40Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8869", + "https://github.com/pypa/pip", + "https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a", + "https://github.com/pypa/pip/pull/13550", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html", + "https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN", + "https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN/", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8869", + "https://pip.pypa.io/en/stable/news/#v25-2", + "https://www.cve.org/CVERecord?id=CVE-2025-8869" + ], + "PublishedDate": "2025-09-24T15:15:41.293Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2026-3219", + "VendorIDs": [ + "GHSA-58qw-9mgm-455v" + ], + "PkgName": "pip", + "PkgPath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", + "PkgIdentifier": { + "PURL": "pkg:pypi/pip@25.0.1", + "UID": "7d864d9a4bf3bfe8" + }, + "InstalledVersion": "25.0.1", + "FixedVersion": "26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3219", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory pip", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" + }, + "Fingerprint": "sha256:7bf17290665b4787fc0122d98ffb36d3c01a88784921e24e7c39276cc7339c42", + "Title": "pip: pip: Incorrect file installation due to improper archive handling", + "Description": "pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing \"incorrect\" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-434" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", + "V40Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/20/8", + "https://access.redhat.com/security/cve/CVE-2026-3219", + "https://github.com/pypa/pip", + "https://github.com/pypa/pip/issues/13867", + "https://github.com/pypa/pip/pull/13870", + "https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ", + "https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ/", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3219", + "https://www.cve.org/CVERecord?id=CVE-2026-3219" + ], + "PublishedDate": "2026-04-20T16:16:45.43Z", + "LastModifiedDate": "2026-04-20T21:16:36.42Z" + }, + { + "VulnerabilityID": "CVE-2026-6357", + "VendorIDs": [ + "GHSA-jp4c-xjxw-mgf9" + ], + "PkgName": "pip", + "PkgPath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", + "PkgIdentifier": { + "PURL": "pkg:pypi/pip@25.0.1", + "UID": "7d864d9a4bf3bfe8" + }, + "InstalledVersion": "25.0.1", + "FixedVersion": "26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6357", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory pip", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" + }, + "Fingerprint": "sha256:50c01cddfb2d5c6addeb179114d8bb183aab36219080d055522332e33d4d5aa1", + "Title": "pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation", + "Description": "pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-829" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", + "V40Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 5.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/27/7", + "https://access.redhat.com/security/cve/CVE-2026-6357", + "https://github.com/pypa/pip", + "https://github.com/pypa/pip/commit/b369bfc96cc524e00c267e1693290e6599c36bad", + "https://github.com/pypa/pip/pull/13923", + "https://ichard26.github.io/blog/2026/04/whats-new-in-pip-26.1/#security-fixes", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6357", + "https://www.cve.org/CVERecord?id=CVE-2026-6357" + ], + "PublishedDate": "2026-04-27T15:16:20.857Z", + "LastModifiedDate": "2026-04-27T23:16:03.533Z" + } + ] + } + ] + }, + { + "Namespace": "prometheus", + "Kind": "Deployment", + "Name": "fail2ban-exporter", + "Metadata": [ + { + "Size": 26682368, + "OS": { + "Family": "alpine", + "Name": "3.21.3" + }, + "ImageID": "sha256:127c08f351c9bb655a62c7ea6ad0dbe072015c53527f16dfde8dfd7701d424fa", + "DiffIDs": [ + "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350", + "sha256:a861581dad2855f3b96d011416e601900adb286effdcb8e0fb97eb9b7fe0a831", + "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11", + "sha256:cb76bafc08ea1fde43881c61bb93b3301037119a05c5f717ab5bdd78746c7919", + "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" + ], + "RepoTags": [ + "registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest" + ], + "RepoDigests": [ + "registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter@sha256:2b8cd2319c8c9058a8b5a9076752eaedd14cdc07cb4bbb1defae8ffa36d27158" + ], + "Reference": "registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest", + "ImageConfig": { + "architecture": "amd64", + "created": "2025-04-04T20:30:39.742019776Z", + "history": [ + { + "created": "2025-02-14T03:28:36Z", + "created_by": "ADD alpine-minirootfs-3.21.3-x86_64.tar.gz / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-02-14T03:28:36Z", + "created_by": "CMD [\"/bin/sh\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-04-04T20:30:37.609169694Z", + "created_by": "WORKDIR /app", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-04-04T20:30:37.973562498Z", + "created_by": "COPY fail2ban_exporter /app/fail2ban_exporter # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-04-04T20:30:38.210617707Z", + "created_by": "COPY health /app/health # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-04-04T20:30:39.742019776Z", + "created_by": "RUN /bin/sh -c apk add curl # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-04-04T20:30:39.742019776Z", + "created_by": "HEALTHCHECK \u0026{[\"CMD-SHELL\" \"/app/health\"] \"10s\" \"4s\" \"0s\" \"0s\" '\\x03'}", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-04-04T20:30:39.742019776Z", + "created_by": "ENTRYPOINT [\"/app/fail2ban_exporter\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350", + "sha256:a861581dad2855f3b96d011416e601900adb286effdcb8e0fb97eb9b7fe0a831", + "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11", + "sha256:cb76bafc08ea1fde43881c61bb93b3301037119a05c5f717ab5bdd78746c7919", + "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" + ] + }, + "config": { + "Healthcheck": { + "Test": [ + "CMD-SHELL", + "/app/health" + ], + "Interval": 10000000000, + "Timeout": 4000000000, + "Retries": 3 + }, + "Entrypoint": [ + "/app/fail2ban_exporter" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ], + "Labels": { + "org.opencontainers.image.created": "2025-04-04T20:30:34Z", + "org.opencontainers.image.description": "fail2ban_exporter", + "org.opencontainers.image.licenses": "MIT", + "org.opencontainers.image.revision": "fc513a11c9ee866c2b5eefc917dc4bd20d8b63cd", + "org.opencontainers.image.source": "https://gitlab.com/hctrdev/fail2ban-prometheus-exporter", + "org.opencontainers.image.title": "fail2ban_exporter", + "org.opencontainers.image.url": "https://gitlab.com/hctrdev/fail2ban-prometheus-exporter", + "org.opencontainers.image.version": "0.10.3" + }, + "WorkingDir": "/app" + } + }, + "Layers": [ + { + "Size": 8120832, + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + { + "Size": 1536, + "Digest": "sha256:62c53fe851fb1d6c6ee79a2c7e861902060ff3dc13e336cacc20932386e4864f", + "DiffID": "sha256:a861581dad2855f3b96d011416e601900adb286effdcb8e0fb97eb9b7fe0a831" + }, + { + "Size": 11110912, + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + { + "Size": 2560, + "Digest": "sha256:b7c92aa39baaa466f8f8ad2d3f586a73c0fd1c651b40a49e2b8ef4164d2959f6", + "DiffID": "sha256:cb76bafc08ea1fde43881c61bb93b3301037119a05c5f717ab5bdd78746c7919" + }, + { + "Size": 7446528, + "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", + "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" + } + ] + } + ], + "Results": [ + { + "Target": "registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest (alpine 3.21.3)", + "Class": "os-pkgs", + "Type": "alpine", + "Packages": [ + { + "ID": "alpine-baselayout@3.6.8-r1", + "Name": "alpine-baselayout", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout@3.6.8-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "393060090f95beb4" + }, + "Version": "3.6.8-r1", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.6.8-r1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-baselayout-data@3.6.8-r1", + "busybox-binsh@1.37.0-r12" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:eceb5e3555e7f7f8925dc248d557fcc744d573d6", + "InstalledFiles": [ + "etc/motd", + "etc/crontabs/root", + "etc/modprobe.d/aliases.conf", + "etc/modprobe.d/blacklist.conf", + "etc/modprobe.d/i386.conf", + "etc/modprobe.d/kms.conf", + "etc/profile.d/20locale.sh", + "etc/profile.d/README", + "etc/profile.d/color_prompt.sh.disabled", + "usr/lib/sysctl.d/00-alpine.conf", + "var/lock", + "var/run", + "var/spool/mail", + "var/spool/cron/crontabs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-baselayout-data@3.6.8-r1", + "Name": "alpine-baselayout-data", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.6.8-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "a35ff814457b106b" + }, + "Version": "3.6.8-r1", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.6.8-r1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:7979a835bc317cedb997d3a42f3b10be86a8d18a", + "InstalledFiles": [ + "etc/fstab", + "etc/group", + "etc/hostname", + "etc/hosts", + "etc/inittab", + "etc/modules", + "etc/mtab", + "etc/nsswitch.conf", + "etc/passwd", + "etc/profile", + "etc/protocols", + "etc/services", + "etc/shadow", + "etc/shells", + "etc/sysctl.conf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-keys@2.5-r0", + "Name": "alpine-keys", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-keys@2.5-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "e87ecc7343d144e0" + }, + "Version": "2.5-r0", + "Arch": "x86_64", + "SrcName": "alpine-keys", + "SrcVersion": "2.5-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:91014bfdba0e7f7b4505159466e9f19871606a59", + "InstalledFiles": [ + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/loongarch64/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", + "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-release@3.21.3-r0", + "Name": "alpine-release", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-release@3.21.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "67b837fa5630d327" + }, + "Version": "3.21.3-r0", + "Arch": "x86_64", + "SrcName": "alpine-base", + "SrcVersion": "3.21.3-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-keys@2.5-r0" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:b9fcfa5afb3341f82ec4f757c6dba8d8807017e3", + "InstalledFiles": [ + "etc/alpine-release", + "etc/issue", + "etc/os-release", + "etc/secfixes.d/alpine", + "usr/lib/os-release" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "apk-tools@2.14.6-r3", + "Name": "apk-tools", + "Identifier": { + "PURL": "pkg:apk/alpine/apk-tools@2.14.6-r3?arch=x86_64\u0026distro=3.21.3", + "UID": "d24a24462031f215" + }, + "Version": "2.14.6-r3", + "Arch": "x86_64", + "SrcName": "apk-tools", + "SrcVersion": "2.14.6-r3", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "ca-certificates-bundle@20241121-r1", + "libcrypto3@3.3.3-r0", + "libssl3@3.3.3-r0", + "musl@1.2.5-r9", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:9704358d1b44fa771e0a0a3a527d8a26830e3eba", + "InstalledFiles": [ + "sbin/apk", + "usr/lib/libapk.so.2.14.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "brotli-libs@1.1.0-r2", + "Name": "brotli-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/brotli-libs@1.1.0-r2?arch=x86_64\u0026distro=3.21.3", + "UID": "cc9451d88db1a57f" + }, + "Version": "1.1.0-r2", + "Arch": "x86_64", + "SrcName": "brotli", + "SrcVersion": "1.1.0-r2", + "Licenses": [ + "MIT" + ], + "Maintainer": "prspkt \u003cprspkt@protonmail.com\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", + "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" + }, + "Digest": "sha1:70f773919e72e35e8d9bbc364922178a7656f3a1", + "InstalledFiles": [ + "usr/lib/libbrotlicommon.so.1", + "usr/lib/libbrotlicommon.so.1.1.0", + "usr/lib/libbrotlidec.so.1", + "usr/lib/libbrotlidec.so.1.1.0", + "usr/lib/libbrotlienc.so.1", + "usr/lib/libbrotlienc.so.1.1.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox@1.37.0-r12", + "Name": "busybox", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", + "UID": "40c5c5c69a5100e0" + }, + "Version": "1.37.0-r12", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r12", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:b1234297831343477557fd0d4d702122363b36aa", + "InstalledFiles": [ + "bin/busybox", + "etc/securetty", + "etc/busybox-paths.d/busybox", + "etc/logrotate.d/acpid", + "etc/network/if-up.d/dad", + "etc/udhcpc/udhcpc.conf", + "usr/share/udhcpc/default.script" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox-binsh@1.37.0-r12", + "Name": "busybox-binsh", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", + "UID": "f727574eea8e47ea" + }, + "Version": "1.37.0-r12", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r12", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "busybox@1.37.0-r12" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:2a3dd16cd3f036f57a45e0b4819a7d9ffa74f101", + "InstalledFiles": [ + "bin/sh" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "c-ares@1.34.3-r0", + "Name": "c-ares", + "Identifier": { + "PURL": "pkg:apk/alpine/c-ares@1.34.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "65e5c61e1dac77c8" + }, + "Version": "1.34.3-r0", + "Arch": "x86_64", + "SrcName": "c-ares", + "SrcVersion": "1.34.3-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", + "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" + }, + "Digest": "sha1:ce4b51a748e0f56676097438497c0d07ae2a10ba", + "InstalledFiles": [ + "usr/lib/libcares.so.2", + "usr/lib/libcares.so.2.19.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates-bundle@20241121-r1", + "Name": "ca-certificates-bundle", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates-bundle@20241121-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "648ddfcaeba667a7" + }, + "Version": "20241121-r1", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20241121-r1", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:9cfd2df1eb4d8cf25007be42ad2818f3e5c9a37b", + "InstalledFiles": [ + "etc/ssl/cert.pem", + "etc/ssl/certs/ca-certificates.crt", + "etc/ssl1.1/cert.pem", + "etc/ssl1.1/certs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "curl@8.12.1-r1", + "Name": "curl", + "Identifier": { + "PURL": "pkg:apk/alpine/curl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "88c4306caf842e16" + }, + "Version": "8.12.1-r1", + "Arch": "x86_64", + "SrcName": "curl", + "SrcVersion": "8.12.1-r1", + "Licenses": [ + "curl" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcurl@8.12.1-r1", + "musl@1.2.5-r9", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", + "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" + }, + "Digest": "sha1:2c50f1a2eae9946459a4fcceeaf8d31f43fdae48", + "InstalledFiles": [ + "usr/bin/curl" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcrypto3@3.3.3-r0", + "Name": "libcrypto3", + "Identifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "Version": "3.3.3-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.3.3-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:ba21a974113543ebb687f9e18494c0ce736775f8", + "InstalledFiles": [ + "etc/ssl/ct_log_list.cnf", + "etc/ssl/ct_log_list.cnf.dist", + "etc/ssl/openssl.cnf", + "etc/ssl/openssl.cnf.dist", + "usr/lib/libcrypto.so.3", + "usr/lib/engines-3/afalg.so", + "usr/lib/engines-3/capi.so", + "usr/lib/engines-3/loader_attic.so", + "usr/lib/engines-3/padlock.so", + "usr/lib/ossl-modules/legacy.so" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcurl@8.12.1-r1", + "Name": "libcurl", + "Identifier": { + "PURL": "pkg:apk/alpine/libcurl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "bb07c860cc2206ec" + }, + "Version": "8.12.1-r1", + "Arch": "x86_64", + "SrcName": "curl", + "SrcVersion": "8.12.1-r1", + "Licenses": [ + "curl" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "brotli-libs@1.1.0-r2", + "c-ares@1.34.3-r0", + "ca-certificates-bundle@20241121-r1", + "libcrypto3@3.3.3-r0", + "libidn2@2.3.7-r0", + "libpsl@0.21.5-r3", + "libssl3@3.3.3-r0", + "musl@1.2.5-r9", + "nghttp2-libs@1.64.0-r0", + "zlib@1.3.1-r2", + "zstd-libs@1.5.6-r2" + ], + "Layer": { + "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", + "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" + }, + "Digest": "sha1:572244672981ad6e6331ef0d66c4040cf65509b4", + "InstalledFiles": [ + "usr/lib/libcurl.so.4", + "usr/lib/libcurl.so.4.8.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libidn2@2.3.7-r0", + "Name": "libidn2", + "Identifier": { + "PURL": "pkg:apk/alpine/libidn2@2.3.7-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "7a5029ce71d1e992" + }, + "Version": "2.3.7-r0", + "Arch": "x86_64", + "SrcName": "libidn2", + "SrcVersion": "2.3.7-r0", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libunistring@1.2-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", + "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" + }, + "Digest": "sha1:ae3b64134ad2a63718269dac2826bc514a3445e2", + "InstalledFiles": [ + "usr/lib/libidn2.so.0", + "usr/lib/libidn2.so.0.4.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libpsl@0.21.5-r3", + "Name": "libpsl", + "Identifier": { + "PURL": "pkg:apk/alpine/libpsl@0.21.5-r3?arch=x86_64\u0026distro=3.21.3", + "UID": "240880a372fa2415" + }, + "Version": "0.21.5-r3", + "Arch": "x86_64", + "SrcName": "libpsl", + "SrcVersion": "0.21.5-r3", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libidn2@2.3.7-r0", + "libunistring@1.2-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", + "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" + }, + "Digest": "sha1:9d21a9cf20d165ea68eafc7566a5da16ce9eabfc", + "InstalledFiles": [ + "usr/lib/libpsl.so.5", + "usr/lib/libpsl.so.5.3.5" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libssl3@3.3.3-r0", + "Name": "libssl3", + "Identifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "Version": "3.3.3-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.3.3-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcrypto3@3.3.3-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:f903912bd42fe4658ee2adf39744b36019f046b3", + "InstalledFiles": [ + "usr/lib/libssl.so.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libunistring@1.2-r0", + "Name": "libunistring", + "Identifier": { + "PURL": "pkg:apk/alpine/libunistring@1.2-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "afda0efd6d9fe81d" + }, + "Version": "1.2-r0", + "Arch": "x86_64", + "SrcName": "libunistring", + "SrcVersion": "1.2-r0", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", + "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" + }, + "Digest": "sha1:79aac0821ef4e14fc6ceaacfbf7c2a770a80cf78", + "InstalledFiles": [ + "usr/lib/libunistring.so.5", + "usr/lib/libunistring.so.5.1.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl@1.2.5-r9", + "Name": "musl", + "Identifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", + "UID": "d0316c4ab0862e6b" + }, + "Version": "1.2.5-r9", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.5-r9", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:fcbef23891ec04f81a28b98dbbb521e58218d2d8", + "InstalledFiles": [ + "lib/ld-musl-x86_64.so.1", + "lib/libc.musl-x86_64.so.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl-utils@1.2.5-r9", + "Name": "musl-utils", + "Identifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", + "UID": "8991799c5350cf95" + }, + "Version": "1.2.5-r9", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.5-r9", + "Licenses": [ + "MIT", + "BSD-2-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9", + "scanelf@1.3.8-r1" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:dd00323d3c0b14f2607f7a14ef503ebb4f737d22", + "InstalledFiles": [ + "sbin/ldconfig", + "usr/bin/getconf", + "usr/bin/getent", + "usr/bin/iconv", + "usr/bin/ldd" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "nghttp2-libs@1.64.0-r0", + "Name": "nghttp2-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/nghttp2-libs@1.64.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "e522ca22ea4867ac" + }, + "Version": "1.64.0-r0", + "Arch": "x86_64", + "SrcName": "nghttp2", + "SrcVersion": "1.64.0-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", + "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" + }, + "Digest": "sha1:239d49335b0c521c41d0823a619bf84c3f20722e", + "InstalledFiles": [ + "usr/lib/libnghttp2.so.14", + "usr/lib/libnghttp2.so.14.28.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "scanelf@1.3.8-r1", + "Name": "scanelf", + "Identifier": { + "PURL": "pkg:apk/alpine/scanelf@1.3.8-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "99c1bc01da347386" + }, + "Version": "1.3.8-r1", + "Arch": "x86_64", + "SrcName": "pax-utils", + "SrcVersion": "1.3.8-r1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:77729f7622baeaafb6feaf7486f4f5452c1c7b62", + "InstalledFiles": [ + "usr/bin/scanelf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ssl_client@1.37.0-r12", + "Name": "ssl_client", + "Identifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", + "UID": "7637191a09ed06b3" + }, + "Version": "1.37.0-r12", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r12", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "libcrypto3@3.3.3-r0", + "libssl3@3.3.3-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:69bfb6258ecb0a21e3b0ea12e6d4544192ab3766", + "InstalledFiles": [ + "usr/bin/ssl_client" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "zlib@1.3.1-r2", + "Name": "zlib", + "Identifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.21.3", + "UID": "3b545badcbeb3bc0" + }, + "Version": "1.3.1-r2", + "Arch": "x86_64", + "SrcName": "zlib", + "SrcVersion": "1.3.1-r2", + "Licenses": [ + "Zlib" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:f0b90f76367ac51b4a3e70432ed00e6dca6a7432", + "InstalledFiles": [ + "usr/lib/libz.so.1", + "usr/lib/libz.so.1.3.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "zstd-libs@1.5.6-r2", + "Name": "zstd-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/zstd-libs@1.5.6-r2?arch=x86_64\u0026distro=3.21.3", + "UID": "12ea9cf6ad7ac333" + }, + "Version": "1.5.6-r2", + "Arch": "x86_64", + "SrcName": "zstd", + "SrcVersion": "1.5.6-r2", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", + "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" + }, + "Digest": "sha1:974f4e438a513770c78e286dae55203fc38604db", + "InstalledFiles": [ + "usr/lib/libzstd.so.1", + "usr/lib/libzstd.so.1.5.6" + ], + "AnalyzedBy": "apk" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2024-58251", + "PkgID": "busybox@1.37.0-r12", + "PkgName": "busybox", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", + "UID": "40c5c5c69a5100e0" + }, + "InstalledVersion": "1.37.0-r12", + "FixedVersion": "1.37.0-r14", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:a2cf6768490411c6ec463f534922bda4f0eabae959441746ca8ab06dc71f5ed0", + "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", + "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/23/6", + "https://bugs.busybox.net/show_bug.cgi?id=15922", + "https://www.busybox.net", + "https://www.busybox.net/downloads/", + "https://www.cve.org/CVERecord?id=CVE-2024-58251" + ], + "PublishedDate": "2025-04-23T18:16:03.057Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-58251", + "PkgID": "busybox-binsh@1.37.0-r12", + "PkgName": "busybox-binsh", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", + "UID": "f727574eea8e47ea" + }, + "InstalledVersion": "1.37.0-r12", + "FixedVersion": "1.37.0-r14", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:02142a054ccf85d2cf9219d40c219eb95bbb994c112e764168f6d2d622e5e001", + "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", + "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/23/6", + "https://bugs.busybox.net/show_bug.cgi?id=15922", + "https://www.busybox.net", + "https://www.busybox.net/downloads/", + "https://www.cve.org/CVERecord?id=CVE-2024-58251" + ], + "PublishedDate": "2025-04-23T18:16:03.057Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-31498", + "PkgID": "c-ares@1.34.3-r0", + "PkgName": "c-ares", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/c-ares@1.34.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "65e5c61e1dac77c8" + }, + "InstalledVersion": "1.34.3-r0", + "FixedVersion": "1.34.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", + "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-31498", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:c505ee850d515c1671a6b0fce40effcb4ea9c5f64f1d9573c47916f717f4ae2f", + "Title": "c-ares: c-ares has a use-after-free in read_answers()", + "Description": "c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in read_answers() when process_answer() may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed the connection immediately after a response. If there was an issue trying to put that new transaction on the wire, it would close the connection handle, but read_answers() was still expecting the connection handle to be available to possibly dequeue other responses. In theory a remote attacker might be able to trigger this by flooding the target with ICMP UNREACHABLE packets if they also control the upstream nameserver and can return a result with one of those conditions, this has been untested. Otherwise only a local attacker might be able to change system behavior to make send()/write() return a failure condition. This vulnerability is fixed in 1.34.5.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/08/3", + "https://access.redhat.com/errata/RHSA-2025:7433", + "https://access.redhat.com/security/cve/CVE-2025-31498", + "https://bugzilla.redhat.com/2358271", + "https://bugzilla.redhat.com/2359553", + "https://bugzilla.redhat.com/show_bug.cgi?id=2358271", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359553", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31498", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3277", + "https://errata.almalinux.org/9/ALSA-2025-7433.html", + "https://errata.rockylinux.org/RLSA-2025:7433", + "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1", + "https://github.com/c-ares/c-ares/pull/821", + "https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v", + "https://linux.oracle.com/cve/CVE-2025-31498.html", + "https://linux.oracle.com/errata/ELSA-2025-7502.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-31498", + "https://ubuntu.com/security/notices/USN-7477-1", + "https://www.cve.org/CVERecord?id=CVE-2025-31498" + ], + "PublishedDate": "2025-04-08T14:15:35.293Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-62408", + "PkgID": "c-ares@1.34.3-r0", + "PkgName": "c-ares", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/c-ares@1.34.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "65e5c61e1dac77c8" + }, + "InstalledVersion": "1.34.3-r0", + "FixedVersion": "1.34.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", + "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-62408", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:77036eb9134c57c0f8f2f8e2e3ca5205b9d323cba09fad7e06f7a49ce2e40c87", + "Title": "c-ares: c-ares: Denial of Service due to query termination after maximum attempts", + "Description": "c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and process_answer(), which can cause a Denial of Service. This issue is fixed in version 1.34.6.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-62408", + "https://github.com/c-ares/c-ares/commit/714bf5675c541bd1e668a8db8e67ce012651e618", + "https://github.com/c-ares/c-ares/security/advisories/GHSA-jq53-42q6-pqr5", + "https://nvd.nist.gov/vuln/detail/CVE-2025-62408", + "https://ubuntu.com/security/notices/USN-7925-1", + "https://www.cve.org/CVERecord?id=CVE-2025-62408" + ], + "PublishedDate": "2025-12-08T22:15:52.62Z", + "LastModifiedDate": "2026-02-02T14:40:44.843Z" + }, + { + "VulnerabilityID": "CVE-2025-4947", + "PkgID": "curl@8.12.1-r1", + "PkgName": "curl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/curl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "88c4306caf842e16" + }, + "InstalledVersion": "8.12.1-r1", + "FixedVersion": "8.14.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", + "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4947", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:305d8c398f894915352422500debd22722424a589a0431803288d5fbaf18e4d2", + "Title": "libcurl: curl: QUIC certificate check skip with wolfSSL", + "Description": "libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/28/4", + "https://access.redhat.com/security/cve/CVE-2025-4947", + "https://curl.se/docs/CVE-2025-4947.html", + "https://curl.se/docs/CVE-2025-4947.json", + "https://github.com/advisories/GHSA-ppfq-jg49-mqj4", + "https://hackerone.com/reports/3150884", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4947", + "https://www.cve.org/CVERecord?id=CVE-2025-4947" + ], + "PublishedDate": "2025-05-28T07:15:24.78Z", + "LastModifiedDate": "2025-06-26T15:08:21.52Z" + }, + { + "VulnerabilityID": "CVE-2025-5025", + "PkgID": "curl@8.12.1-r1", + "PkgName": "curl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/curl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "88c4306caf842e16" + }, + "InstalledVersion": "8.12.1-r1", + "FixedVersion": "8.14.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", + "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5025", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:5a2cd23699cecfa94d6eb718dfb1d575c479b50ca39fb5c22cfc990ed04d8bcb", + "Title": "curl: libcurl: QUIC Certificate Pinning Bypass", + "Description": "libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/28/5", + "https://access.redhat.com/security/cve/CVE-2025-5025", + "https://curl.se/docs/CVE-2025-5025.html", + "https://curl.se/docs/CVE-2025-5025.json", + "https://github.com/advisories/GHSA-x8ch-h5vv-q6cm", + "https://hackerone.com/reports/3153497", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5025", + "https://www.cve.org/CVERecord?id=CVE-2025-5025" + ], + "PublishedDate": "2025-05-28T07:15:24.91Z", + "LastModifiedDate": "2025-07-30T19:41:37.987Z" + }, + { + "VulnerabilityID": "CVE-2025-5399", + "PkgID": "curl@8.12.1-r1", + "PkgName": "curl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/curl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "88c4306caf842e16" + }, + "InstalledVersion": "8.12.1-r1", + "FixedVersion": "8.14.1-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", + "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5399", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:95cfe57b3a1cede86b9e02d6ff247bdfaa215ca5ad6e22154e60bca77fc34bb8", + "Title": "curl: libcurl: WebSocket endless loop", + "Description": "Due to a mistake in libcurl's WebSocket code, a malicious server can send a\nparticularly crafted packet which makes libcurl get trapped in an endless\nbusy-loop.\n\nThere is no other way for the application to escape or exit this loop other\nthan killing the thread/process.\n\nThis might be used to DoS libcurl-using application.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "alma": 2, + "julia": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/06/04/2", + "https://access.redhat.com/errata/RHSA-2025:16046", + "https://access.redhat.com/security/cve/CVE-2025-5399", + "https://bugzilla.redhat.com/2359885", + "https://bugzilla.redhat.com/2359888", + "https://bugzilla.redhat.com/2359892", + "https://bugzilla.redhat.com/2359894", + "https://bugzilla.redhat.com/2359895", + "https://bugzilla.redhat.com/2359899", + "https://bugzilla.redhat.com/2359900", + "https://bugzilla.redhat.com/2359902", + "https://bugzilla.redhat.com/2359903", + "https://bugzilla.redhat.com/2359911", + "https://bugzilla.redhat.com/2359918", + "https://bugzilla.redhat.com/2359920", + "https://bugzilla.redhat.com/2359924", + "https://bugzilla.redhat.com/2359928", + "https://bugzilla.redhat.com/2359930", + "https://bugzilla.redhat.com/2359932", + "https://bugzilla.redhat.com/2359934", + "https://bugzilla.redhat.com/2359938", + "https://bugzilla.redhat.com/2359940", + "https://bugzilla.redhat.com/2359943", + "https://bugzilla.redhat.com/2359944", + "https://bugzilla.redhat.com/2359945", + "https://bugzilla.redhat.com/2359947", + "https://bugzilla.redhat.com/2359950", + "https://bugzilla.redhat.com/2359963", + "https://bugzilla.redhat.com/2359964", + "https://bugzilla.redhat.com/2359972", + "https://bugzilla.redhat.com/2370920", + "https://bugzilla.redhat.com/2380264", + "https://bugzilla.redhat.com/2380273", + "https://bugzilla.redhat.com/2380274", + "https://bugzilla.redhat.com/2380278", + "https://bugzilla.redhat.com/2380280", + "https://bugzilla.redhat.com/2380283", + "https://bugzilla.redhat.com/2380284", + "https://bugzilla.redhat.com/2380290", + "https://bugzilla.redhat.com/2380291", + "https://bugzilla.redhat.com/2380295", + "https://bugzilla.redhat.com/2380298", + "https://bugzilla.redhat.com/2380306", + "https://bugzilla.redhat.com/2380308", + "https://bugzilla.redhat.com/2380309", + "https://bugzilla.redhat.com/2380310", + "https://bugzilla.redhat.com/2380312", + "https://bugzilla.redhat.com/2380313", + "https://bugzilla.redhat.com/2380320", + "https://bugzilla.redhat.com/2380321", + "https://bugzilla.redhat.com/2380322", + "https://bugzilla.redhat.com/2380326", + "https://bugzilla.redhat.com/2380327", + "https://bugzilla.redhat.com/2380334", + "https://bugzilla.redhat.com/2380335", + "https://bugzilla.redhat.com/show_bug.cgi?id=2338999", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359885", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359888", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359892", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359894", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359895", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359899", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359900", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359902", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359903", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359911", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359920", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359924", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359928", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359930", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359932", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359934", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359938", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359940", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359943", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359944", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359945", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359947", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359950", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359963", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359964", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359972", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370920", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380264", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380274", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380280", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380283", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380284", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380290", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380291", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380295", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380298", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380306", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380308", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380309", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380312", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380313", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380320", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380321", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380322", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380326", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380327", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380334", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380335", + "https://curl.se/docs/CVE-2025-5399.html", + "https://curl.se/docs/CVE-2025-5399.json", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21574", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21575", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21577", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21579", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21580", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21581", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21584", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21585", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21588", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30681", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30682", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30683", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30684", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30685", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30687", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30688", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30693", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30695", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30696", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30699", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30703", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30704", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30721", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30722", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50077", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50078", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50079", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50080", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50081", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50082", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50083", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50084", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50085", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50086", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50087", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50088", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50093", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50094", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50096", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50097", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50098", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50099", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50100", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50101", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50102", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50104", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5399", + "https://errata.almalinux.org/9/ALSA-2025-16046.html", + "https://errata.rockylinux.org/RLSA-2025:15699", + "https://github.com/advisories/GHSA-8h93-38hx-vv92", + "https://hackerone.com/reports/3168039", + "https://linux.oracle.com/cve/CVE-2025-5399.html", + "https://linux.oracle.com/errata/ELSA-2025-16046.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5399", + "https://www.cve.org/CVERecord?id=CVE-2025-5399", + "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixMSQL" + ], + "PublishedDate": "2025-06-07T08:15:20.687Z", + "LastModifiedDate": "2025-07-30T19:41:33.457Z" + }, + { + "VulnerabilityID": "CVE-2025-9086", + "PkgID": "curl@8.12.1-r1", + "PkgName": "curl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/curl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "88c4306caf842e16" + }, + "InstalledVersion": "8.12.1-r1", + "FixedVersion": "8.14.1-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", + "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9086", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:8f41649a828645da62af77d80f742e3f27b8ec02d30aedc00986071242df7393", + "Title": "curl: libcurl: Curl out of bounds read for cookie path", + "Description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 1, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://access.redhat.com/errata/RHSA-2026:1350", + "https://access.redhat.com/security/cve/CVE-2025-9086", + "https://bugzilla.redhat.com/2394750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2394750", + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086", + "https://errata.almalinux.org/9/ALSA-2026-1350.html", + "https://errata.rockylinux.org/RLSA-2026:1350", + "https://github.com/advisories/GHSA-v676-f8gm-92r9", + "https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6", + "https://hackerone.com/reports/3294999", + "https://linux.oracle.com/cve/CVE-2025-9086.html", + "https://linux.oracle.com/errata/ELSA-2026-1825.html", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "https://ubuntu.com/security/notices/USN-8062-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9086" + ], + "PublishedDate": "2025-09-12T06:15:44.1Z", + "LastModifiedDate": "2026-01-20T14:58:01.347Z" + }, + { + "VulnerabilityID": "CVE-2026-31789", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:a2828f9edd514acc06d8c40826dab8132e5f30ea5d8f3a3a36242bb540189f5d", + "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", + "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "nvd": 4, + "photon": 4, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 5.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31789", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-j79m-9jxq-788r", + "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", + "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", + "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", + "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", + "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31789", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.617Z", + "LastModifiedDate": "2026-05-12T13:17:34.57Z" + }, + { + "VulnerabilityID": "CVE-2025-15467", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:220d19f775c4ecfa36bc557f912eafaffb793d27b127ca5859eaad6025aee5a7", + "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", + "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 4, + "julia": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6", + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-15467", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", + "https://github.com/guiimoraes/CVE-2025-15467", + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://linux.oracle.com/cve/CVE-2025-15467.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-15467" + ], + "PublishedDate": "2026-01-27T16:16:14.257Z", + "LastModifiedDate": "2026-05-07T18:12:43.253Z" + }, + { + "VulnerabilityID": "CVE-2025-69421", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:9408bdb0dd30466d658a91d049dffcc384277a776d281d84f1e993a737259636", + "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", + "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-69421", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://linux.oracle.com/cve/CVE-2025-69421.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69421" + ], + "PublishedDate": "2026-01-27T16:16:34.437Z", + "LastModifiedDate": "2026-05-12T13:17:26.71Z" + }, + { + "VulnerabilityID": "CVE-2026-28387", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:aa0530eb7ae3aec9f06c5c64034b12a2f1f2d5e0abf0b9846bb9e91f6245af20", + "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", + "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28387", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", + "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", + "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", + "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", + "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28387", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.7Z", + "LastModifiedDate": "2026-05-12T13:17:33.27Z" + }, + { + "VulnerabilityID": "CVE-2026-28388", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:808f159284641f96d87fb0160b3ad58ed6ef96aa4aa5c54ecedbcb5f29fb6e4f", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", + "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28388", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", + "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", + "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", + "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", + "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28388", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.863Z", + "LastModifiedDate": "2026-05-12T13:17:33.453Z" + }, + { + "VulnerabilityID": "CVE-2026-28389", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:2237fdc57660968e32822f15d66d38117452ff69965ef990f82f50e4d07daf7a", + "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28389", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/advisories/GHSA-7x88-9hgc-69gf", + "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", + "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", + "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", + "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", + "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28389", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.03Z", + "LastModifiedDate": "2026-05-12T13:17:33.637Z" + }, + { + "VulnerabilityID": "CVE-2026-28390", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:34ee20b25ff9dd9c1817212ca260da57c511b98910101625b56796aaf9e92470", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28390", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", + "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", + "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", + "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", + "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28390", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.19Z", + "LastModifiedDate": "2026-05-12T13:17:33.81Z" + }, + { + "VulnerabilityID": "CVE-2025-69419", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:c1e11034626254276fe24e9be14877cbd65bf8a9e328617dc59e63868b7d5f48", + "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", + "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4472", + "https://access.redhat.com/security/cve/CVE-2025-69419", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-4472.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-x77r-97gw-wh89", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://linux.oracle.com/cve/CVE-2025-69419.html", + "https://linux.oracle.com/errata/ELSA-2026-50131.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69419" + ], + "PublishedDate": "2026-01-27T16:16:34.113Z", + "LastModifiedDate": "2026-05-12T13:17:26.19Z" + }, + { + "VulnerabilityID": "CVE-2025-9230", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:7fadb18733fd4ab0d37a2727b8b285799602e80945bfd3f16b9ad5891c3c5c51", + "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", + "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://access.redhat.com/errata/RHSA-2026:2776", + "https://access.redhat.com/security/cve/CVE-2025-9230", + "https://bugzilla.redhat.com/2396054", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", + "https://errata.almalinux.org/9/ALSA-2026-2776.html", + "https://errata.rockylinux.org/RLSA-2025:21255", + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://linux.oracle.com/cve/CVE-2025-9230.html", + "https://linux.oracle.com/errata/ELSA-2026-50114.html", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9230" + ], + "PublishedDate": "2025-09-30T14:15:41.05Z", + "LastModifiedDate": "2026-05-12T13:17:29.767Z" + }, + { + "VulnerabilityID": "CVE-2025-9231", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:3d7b45d58fffce8097100d1a70510fbc53d6c1fb885cf8112da0c0daab85f0fb", + "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-385" + ], + "VendorSeverity": { + "amazon": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "http://www.openwall.com/lists/oss-security/2026/05/11/11", + "https://access.redhat.com/security/cve/CVE-2025-9231", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", + "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", + "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", + "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", + "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9231" + ], + "PublishedDate": "2025-09-30T14:15:41.19Z", + "LastModifiedDate": "2026-05-12T13:17:29.927Z" + }, + { + "VulnerabilityID": "CVE-2026-31790", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:639f27b7378e3018cbb8db30f945c034bf05c7cd1eb856b7b5a09ad0e3eb9b30", + "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", + "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31790", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", + "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", + "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", + "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", + "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", + "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31790", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.77Z", + "LastModifiedDate": "2026-05-12T13:17:34.75Z" + }, + { + "VulnerabilityID": "CVE-2025-4947", + "PkgID": "libcurl@8.12.1-r1", + "PkgName": "libcurl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcurl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "bb07c860cc2206ec" + }, + "InstalledVersion": "8.12.1-r1", + "FixedVersion": "8.14.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", + "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4947", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:5a9e6e57292dbb2fa91e0c09d96eb9113bcae29797e81b2683e8a7a7e708e808", + "Title": "libcurl: curl: QUIC certificate check skip with wolfSSL", + "Description": "libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/28/4", + "https://access.redhat.com/security/cve/CVE-2025-4947", + "https://curl.se/docs/CVE-2025-4947.html", + "https://curl.se/docs/CVE-2025-4947.json", + "https://github.com/advisories/GHSA-ppfq-jg49-mqj4", + "https://hackerone.com/reports/3150884", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4947", + "https://www.cve.org/CVERecord?id=CVE-2025-4947" + ], + "PublishedDate": "2025-05-28T07:15:24.78Z", + "LastModifiedDate": "2025-06-26T15:08:21.52Z" + }, + { + "VulnerabilityID": "CVE-2025-5025", + "PkgID": "libcurl@8.12.1-r1", + "PkgName": "libcurl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcurl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "bb07c860cc2206ec" + }, + "InstalledVersion": "8.12.1-r1", + "FixedVersion": "8.14.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", + "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5025", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:c73ba1377e9dae7d15e000c8f6c33d948d1103f8a1d1fed70663403477f596f4", + "Title": "curl: libcurl: QUIC Certificate Pinning Bypass", + "Description": "libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/28/5", + "https://access.redhat.com/security/cve/CVE-2025-5025", + "https://curl.se/docs/CVE-2025-5025.html", + "https://curl.se/docs/CVE-2025-5025.json", + "https://github.com/advisories/GHSA-x8ch-h5vv-q6cm", + "https://hackerone.com/reports/3153497", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5025", + "https://www.cve.org/CVERecord?id=CVE-2025-5025" + ], + "PublishedDate": "2025-05-28T07:15:24.91Z", + "LastModifiedDate": "2025-07-30T19:41:37.987Z" + }, + { + "VulnerabilityID": "CVE-2025-5399", + "PkgID": "libcurl@8.12.1-r1", + "PkgName": "libcurl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcurl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "bb07c860cc2206ec" + }, + "InstalledVersion": "8.12.1-r1", + "FixedVersion": "8.14.1-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", + "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5399", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:8f527ce7b66eaf552d9ba19e424774f1fa2cf952ac338ba50b392d01a5cdb283", + "Title": "curl: libcurl: WebSocket endless loop", + "Description": "Due to a mistake in libcurl's WebSocket code, a malicious server can send a\nparticularly crafted packet which makes libcurl get trapped in an endless\nbusy-loop.\n\nThere is no other way for the application to escape or exit this loop other\nthan killing the thread/process.\n\nThis might be used to DoS libcurl-using application.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "alma": 2, + "julia": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/06/04/2", + "https://access.redhat.com/errata/RHSA-2025:16046", + "https://access.redhat.com/security/cve/CVE-2025-5399", + "https://bugzilla.redhat.com/2359885", + "https://bugzilla.redhat.com/2359888", + "https://bugzilla.redhat.com/2359892", + "https://bugzilla.redhat.com/2359894", + "https://bugzilla.redhat.com/2359895", + "https://bugzilla.redhat.com/2359899", + "https://bugzilla.redhat.com/2359900", + "https://bugzilla.redhat.com/2359902", + "https://bugzilla.redhat.com/2359903", + "https://bugzilla.redhat.com/2359911", + "https://bugzilla.redhat.com/2359918", + "https://bugzilla.redhat.com/2359920", + "https://bugzilla.redhat.com/2359924", + "https://bugzilla.redhat.com/2359928", + "https://bugzilla.redhat.com/2359930", + "https://bugzilla.redhat.com/2359932", + "https://bugzilla.redhat.com/2359934", + "https://bugzilla.redhat.com/2359938", + "https://bugzilla.redhat.com/2359940", + "https://bugzilla.redhat.com/2359943", + "https://bugzilla.redhat.com/2359944", + "https://bugzilla.redhat.com/2359945", + "https://bugzilla.redhat.com/2359947", + "https://bugzilla.redhat.com/2359950", + "https://bugzilla.redhat.com/2359963", + "https://bugzilla.redhat.com/2359964", + "https://bugzilla.redhat.com/2359972", + "https://bugzilla.redhat.com/2370920", + "https://bugzilla.redhat.com/2380264", + "https://bugzilla.redhat.com/2380273", + "https://bugzilla.redhat.com/2380274", + "https://bugzilla.redhat.com/2380278", + "https://bugzilla.redhat.com/2380280", + "https://bugzilla.redhat.com/2380283", + "https://bugzilla.redhat.com/2380284", + "https://bugzilla.redhat.com/2380290", + "https://bugzilla.redhat.com/2380291", + "https://bugzilla.redhat.com/2380295", + "https://bugzilla.redhat.com/2380298", + "https://bugzilla.redhat.com/2380306", + "https://bugzilla.redhat.com/2380308", + "https://bugzilla.redhat.com/2380309", + "https://bugzilla.redhat.com/2380310", + "https://bugzilla.redhat.com/2380312", + "https://bugzilla.redhat.com/2380313", + "https://bugzilla.redhat.com/2380320", + "https://bugzilla.redhat.com/2380321", + "https://bugzilla.redhat.com/2380322", + "https://bugzilla.redhat.com/2380326", + "https://bugzilla.redhat.com/2380327", + "https://bugzilla.redhat.com/2380334", + "https://bugzilla.redhat.com/2380335", + "https://bugzilla.redhat.com/show_bug.cgi?id=2338999", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359885", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359888", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359892", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359894", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359895", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359899", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359900", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359902", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359903", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359911", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359920", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359924", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359928", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359930", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359932", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359934", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359938", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359940", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359943", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359944", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359945", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359947", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359950", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359963", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359964", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359972", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370920", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380264", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380274", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380280", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380283", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380284", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380290", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380291", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380295", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380298", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380306", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380308", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380309", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380312", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380313", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380320", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380321", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380322", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380326", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380327", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380334", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380335", + "https://curl.se/docs/CVE-2025-5399.html", + "https://curl.se/docs/CVE-2025-5399.json", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21574", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21575", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21577", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21579", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21580", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21581", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21584", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21585", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21588", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30681", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30682", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30683", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30684", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30685", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30687", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30688", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30693", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30695", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30696", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30699", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30703", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30704", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30721", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30722", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50077", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50078", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50079", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50080", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50081", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50082", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50083", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50084", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50085", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50086", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50087", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50088", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50093", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50094", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50096", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50097", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50098", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50099", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50100", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50101", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50102", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50104", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5399", + "https://errata.almalinux.org/9/ALSA-2025-16046.html", + "https://errata.rockylinux.org/RLSA-2025:15699", + "https://github.com/advisories/GHSA-8h93-38hx-vv92", + "https://hackerone.com/reports/3168039", + "https://linux.oracle.com/cve/CVE-2025-5399.html", + "https://linux.oracle.com/errata/ELSA-2025-16046.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5399", + "https://www.cve.org/CVERecord?id=CVE-2025-5399", + "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixMSQL" + ], + "PublishedDate": "2025-06-07T08:15:20.687Z", + "LastModifiedDate": "2025-07-30T19:41:33.457Z" + }, + { + "VulnerabilityID": "CVE-2025-9086", + "PkgID": "libcurl@8.12.1-r1", + "PkgName": "libcurl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcurl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "bb07c860cc2206ec" + }, + "InstalledVersion": "8.12.1-r1", + "FixedVersion": "8.14.1-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", + "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9086", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:9557a581a20fd0d55b7a4357bde8750af117ac984568a6a514e698718493c8b8", + "Title": "curl: libcurl: Curl out of bounds read for cookie path", + "Description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 1, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://access.redhat.com/errata/RHSA-2026:1350", + "https://access.redhat.com/security/cve/CVE-2025-9086", + "https://bugzilla.redhat.com/2394750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2394750", + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086", + "https://errata.almalinux.org/9/ALSA-2026-1350.html", + "https://errata.rockylinux.org/RLSA-2026:1350", + "https://github.com/advisories/GHSA-v676-f8gm-92r9", + "https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6", + "https://hackerone.com/reports/3294999", + "https://linux.oracle.com/cve/CVE-2025-9086.html", + "https://linux.oracle.com/errata/ELSA-2026-1825.html", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "https://ubuntu.com/security/notices/USN-8062-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9086" + ], + "PublishedDate": "2025-09-12T06:15:44.1Z", + "LastModifiedDate": "2026-01-20T14:58:01.347Z" + }, + { + "VulnerabilityID": "CVE-2026-31789", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:1df247ad76d18c2e2701d26fb6462109b45b6d6d3b0cf801685ef3bfe5db8cd2", + "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", + "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "nvd": 4, + "photon": 4, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 5.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31789", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-j79m-9jxq-788r", + "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", + "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", + "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", + "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", + "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31789", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.617Z", + "LastModifiedDate": "2026-05-12T13:17:34.57Z" + }, + { + "VulnerabilityID": "CVE-2025-15467", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:2e4a8ecfbe9e275d9e0c2c57320cea65cb1bb98e7e027ffc7410811ba67e6c46", + "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", + "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 4, + "julia": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6", + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-15467", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", + "https://github.com/guiimoraes/CVE-2025-15467", + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://linux.oracle.com/cve/CVE-2025-15467.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-15467" + ], + "PublishedDate": "2026-01-27T16:16:14.257Z", + "LastModifiedDate": "2026-05-07T18:12:43.253Z" + }, + { + "VulnerabilityID": "CVE-2025-69421", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ca639a2a6ac1a69763931836199e4d48b7cfc1f68506135e2579b2c58e35f53b", + "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", + "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-69421", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://linux.oracle.com/cve/CVE-2025-69421.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69421" + ], + "PublishedDate": "2026-01-27T16:16:34.437Z", + "LastModifiedDate": "2026-05-12T13:17:26.71Z" + }, + { + "VulnerabilityID": "CVE-2026-28387", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:adf74c32acf3872f3c49f3959dd4e12f8e59e2594fde982c4b5b5d3f70aa3345", + "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", + "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28387", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", + "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", + "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", + "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", + "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28387", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.7Z", + "LastModifiedDate": "2026-05-12T13:17:33.27Z" + }, + { + "VulnerabilityID": "CVE-2026-28388", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:78e6261c6ee8e562541c46c9253147609bb04dd703e78e831442ef4f8c188993", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", + "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28388", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", + "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", + "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", + "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", + "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28388", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.863Z", + "LastModifiedDate": "2026-05-12T13:17:33.453Z" + }, + { + "VulnerabilityID": "CVE-2026-28389", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ed07485d9118925b4ae14a61cabd97bc1391592cbb39878df00895d7db7ba366", + "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28389", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/advisories/GHSA-7x88-9hgc-69gf", + "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", + "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", + "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", + "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", + "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28389", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.03Z", + "LastModifiedDate": "2026-05-12T13:17:33.637Z" + }, + { + "VulnerabilityID": "CVE-2026-28390", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:8179137ef2045880b3d2a1f7997a4c392e0585dc36dbe1fcc706ba1edee390d5", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28390", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", + "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", + "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", + "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", + "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28390", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.19Z", + "LastModifiedDate": "2026-05-12T13:17:33.81Z" + }, + { + "VulnerabilityID": "CVE-2025-69419", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:2dc5ebade43820e6d6e4d9e8a894cf7b9c177a9b56374f3eef4f690bf09c12ab", + "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", + "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4472", + "https://access.redhat.com/security/cve/CVE-2025-69419", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-4472.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-x77r-97gw-wh89", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://linux.oracle.com/cve/CVE-2025-69419.html", + "https://linux.oracle.com/errata/ELSA-2026-50131.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69419" + ], + "PublishedDate": "2026-01-27T16:16:34.113Z", + "LastModifiedDate": "2026-05-12T13:17:26.19Z" + }, + { + "VulnerabilityID": "CVE-2025-9230", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:b599f56419646148e4e09b6bff4e551058af359b1f3058716d059d926002d6cc", + "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", + "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://access.redhat.com/errata/RHSA-2026:2776", + "https://access.redhat.com/security/cve/CVE-2025-9230", + "https://bugzilla.redhat.com/2396054", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", + "https://errata.almalinux.org/9/ALSA-2026-2776.html", + "https://errata.rockylinux.org/RLSA-2025:21255", + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://linux.oracle.com/cve/CVE-2025-9230.html", + "https://linux.oracle.com/errata/ELSA-2026-50114.html", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9230" + ], + "PublishedDate": "2025-09-30T14:15:41.05Z", + "LastModifiedDate": "2026-05-12T13:17:29.767Z" + }, + { + "VulnerabilityID": "CVE-2025-9231", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:731b7e9d83cf54cb714a1210463fd7af6491ed40c84d100658638989c26d2551", + "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-385" + ], + "VendorSeverity": { + "amazon": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "http://www.openwall.com/lists/oss-security/2026/05/11/11", + "https://access.redhat.com/security/cve/CVE-2025-9231", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", + "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", + "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", + "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", + "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9231" + ], + "PublishedDate": "2025-09-30T14:15:41.19Z", + "LastModifiedDate": "2026-05-12T13:17:29.927Z" + }, + { + "VulnerabilityID": "CVE-2026-31790", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:3900523675f08164a643e04a1423a01348aa7143de8971421d1c70da7d143555", + "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", + "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31790", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", + "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", + "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", + "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", + "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", + "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31790", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.77Z", + "LastModifiedDate": "2026-05-12T13:17:34.75Z" + }, + { + "VulnerabilityID": "CVE-2026-40200", + "PkgID": "musl@1.2.5-r9", + "PkgName": "musl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", + "UID": "d0316c4ab0862e6b" + }, + "InstalledVersion": "1.2.5-r9", + "FixedVersion": "1.2.5-r11", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:8c5b6b902e4f7f88aa0427a8ef9c9979732caa91c8a4d992d1f45ea31cc1657f", + "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", + "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-670" + ], + "VendorSeverity": { + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/10/13", + "https://access.redhat.com/security/cve/CVE-2026-40200", + "https://musl.libc.org/releases.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", + "https://www.cve.org/CVERecord?id=CVE-2026-40200", + "https://www.openwall.com/lists/oss-security/2026/04/10/13" + ], + "PublishedDate": "2026-04-10T17:17:14.107Z", + "LastModifiedDate": "2026-04-27T19:18:46.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6042", + "PkgID": "musl@1.2.5-r9", + "PkgName": "musl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", + "UID": "d0316c4ab0862e6b" + }, + "InstalledVersion": "1.2.5-r9", + "FixedVersion": "1.2.5-r10", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:89c31813ca04c76a44fd66ed45461b9796d33acc6af0cdd924211e0da48183a7", + "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", + "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-404", + "CWE-407" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/09/19", + "https://access.redhat.com/security/cve/CVE-2026-6042", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", + "https://vuldb.com/submit/796352", + "https://vuldb.com/vuln/356620", + "https://vuldb.com/vuln/356620/cti", + "https://www.cve.org/CVERecord?id=CVE-2026-6042", + "https://www.openwall.com/lists/oss-security/2026/04/02/10", + "https://www.openwall.com/lists/oss-security/2026/04/03/2" + ], + "PublishedDate": "2026-04-10T09:16:25.45Z", + "LastModifiedDate": "2026-04-24T18:01:13.913Z" + }, + { + "VulnerabilityID": "CVE-2026-40200", + "PkgID": "musl-utils@1.2.5-r9", + "PkgName": "musl-utils", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", + "UID": "8991799c5350cf95" + }, + "InstalledVersion": "1.2.5-r9", + "FixedVersion": "1.2.5-r11", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:80c15725f1c775d052da32e90f7935b7a87634ee28340ce9eba1f4976d65f6e1", + "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", + "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-670" + ], + "VendorSeverity": { + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/10/13", + "https://access.redhat.com/security/cve/CVE-2026-40200", + "https://musl.libc.org/releases.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", + "https://www.cve.org/CVERecord?id=CVE-2026-40200", + "https://www.openwall.com/lists/oss-security/2026/04/10/13" + ], + "PublishedDate": "2026-04-10T17:17:14.107Z", + "LastModifiedDate": "2026-04-27T19:18:46.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6042", + "PkgID": "musl-utils@1.2.5-r9", + "PkgName": "musl-utils", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", + "UID": "8991799c5350cf95" + }, + "InstalledVersion": "1.2.5-r9", + "FixedVersion": "1.2.5-r10", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:53bcf81d550355af5868bf0533fea1e2ed58d56d6a2cf398d18200f21941f976", + "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", + "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-404", + "CWE-407" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/09/19", + "https://access.redhat.com/security/cve/CVE-2026-6042", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", + "https://vuldb.com/submit/796352", + "https://vuldb.com/vuln/356620", + "https://vuldb.com/vuln/356620/cti", + "https://www.cve.org/CVERecord?id=CVE-2026-6042", + "https://www.openwall.com/lists/oss-security/2026/04/02/10", + "https://www.openwall.com/lists/oss-security/2026/04/03/2" + ], + "PublishedDate": "2026-04-10T09:16:25.45Z", + "LastModifiedDate": "2026-04-24T18:01:13.913Z" + }, + { + "VulnerabilityID": "CVE-2026-27135", + "PkgID": "nghttp2-libs@1.64.0-r0", + "PkgName": "nghttp2-libs", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/nghttp2-libs@1.64.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "e522ca22ea4867ac" + }, + "InstalledVersion": "1.64.0-r0", + "FixedVersion": "1.68.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", + "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27135", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:2bf68d99b1aadee41ab27c1f2298a0fa79b109c14d6e4fef5088be1028b50cb6", + "Title": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination", + "Description": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-617" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/20/3", + "https://access.redhat.com/errata/RHSA-2026:7896", + "https://access.redhat.com/security/cve/CVE-2026-27135", + "https://bugzilla.redhat.com/2441268", + "https://bugzilla.redhat.com/2442922", + "https://bugzilla.redhat.com/2448754", + "https://bugzilla.redhat.com/2453151", + "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", + "https://errata.almalinux.org/9/ALSA-2026-7896.html", + "https://errata.rockylinux.org/RLSA-2026:7668", + "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1", + "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6", + "https://linux.oracle.com/cve/CVE-2026-27135.html", + "https://linux.oracle.com/errata/ELSA-2026-8339.html", + "https://lists.debian.org/debian-lts-announce/2026/05/msg00025.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27135", + "https://ubuntu.com/security/notices/USN-8233-1", + "https://ubuntu.com/security/notices/USN-8233-2", + "https://www.cve.org/CVERecord?id=CVE-2026-27135" + ], + "PublishedDate": "2026-03-18T18:16:26.723Z", + "LastModifiedDate": "2026-05-13T22:16:42.337Z" + }, + { + "VulnerabilityID": "CVE-2024-58251", + "PkgID": "ssl_client@1.37.0-r12", + "PkgName": "ssl_client", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", + "UID": "7637191a09ed06b3" + }, + "InstalledVersion": "1.37.0-r12", + "FixedVersion": "1.37.0-r14", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:cf9898a48ec8dd0510ce295b6395c89b002091c86789f47de40ac3135d2df8af", + "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", + "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/23/6", + "https://bugs.busybox.net/show_bug.cgi?id=15922", + "https://www.busybox.net", + "https://www.busybox.net/downloads/", + "https://www.cve.org/CVERecord?id=CVE-2024-58251" + ], + "PublishedDate": "2025-04-23T18:16:03.057Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2026-22184", + "PkgID": "zlib@1.3.1-r2", + "PkgName": "zlib", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.21.3", + "UID": "3b545badcbeb3bc0" + }, + "InstalledVersion": "1.3.1-r2", + "FixedVersion": "1.3.2-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22184", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:393bb3e8bdb0b1d8f86a8fc521ef8de1e6f6dd3aea31d033af28d058ad14303e", + "Title": "zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility", + "Description": "zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "nvd": 3, + "redhat": 3 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 8.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-22184", + "https://github.com/madler/zlib", + "https://github.com/madler/zlib/issues/1142", + "https://nvd.nist.gov/vuln/detail/CVE-2026-22184", + "https://seclists.org/fulldisclosure/2026/Jan/3", + "https://www.cve.org/CVERecord?id=CVE-2026-22184", + "https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname", + "https://zlib.net/" + ], + "PublishedDate": "2026-01-07T21:16:01.563Z", + "LastModifiedDate": "2026-03-18T16:26:31.14Z" + }, + { + "VulnerabilityID": "CVE-2026-27171", + "PkgID": "zlib@1.3.1-r2", + "PkgName": "zlib", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.21.3", + "UID": "3b545badcbeb3bc0" + }, + "InstalledVersion": "1.3.1-r2", + "FixedVersion": "1.3.2-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:e40e58309a268e6b1314da0a64b61de61927da632d4fe170a071a1db2f120e1f", + "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", + "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1284" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 1, + "cbl-mariner": 1, + "julia": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://access.redhat.com/security/cve/CVE-2026-27171", + "https://github.com/advisories/GHSA-h858-mf2m-8jf4", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "https://ostif.org/zlib-audit-complete", + "https://ostif.org/zlib-audit-complete/", + "https://www.cve.org/CVERecord?id=CVE-2026-27171" + ], + "PublishedDate": "2026-02-18T04:16:01.263Z", + "LastModifiedDate": "2026-03-25T21:27:04.603Z" + } + ] + }, + { + "Target": "app/fail2ban_exporter", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "gitlab.com/hctrdev/fail2ban-prometheus-exporter@v0.10.3", + "Name": "gitlab.com/hctrdev/fail2ban-prometheus-exporter", + "Identifier": { + "PURL": "pkg:golang/gitlab.com/hctrdev/fail2ban-prometheus-exporter@v0.10.3", + "UID": "9336168d21905a1d" + }, + "Version": "v0.10.3", + "Relationship": "root", + "DependsOn": [ + "github.com/alecthomas/kong@v1.10.0", + "github.com/aristanetworks/gomap@v0.0.0-20240919214256-2b26376628e1", + "github.com/beorn7/perks@v1.0.1", + "github.com/cespare/xxhash/v2@v2.3.0", + "github.com/kisielk/og-rek@v1.3.0", + "github.com/klauspost/compress@v1.18.0", + "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "github.com/nlpodyssey/gopickle@v0.3.0", + "github.com/prometheus/client_golang@v1.21.1", + "github.com/prometheus/client_model@v0.6.1", + "github.com/prometheus/common@v0.63.0", + "github.com/prometheus/procfs@v0.16.0", + "golang.org/x/sys@v0.31.0", + "golang.org/x/text@v0.23.0", + "google.golang.org/protobuf@v1.36.6", + "stdlib@v1.24.1" + ], + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "stdlib@v1.24.1", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "Version": "v1.24.1", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/alecthomas/kong@v1.10.0", + "Name": "github.com/alecthomas/kong", + "Identifier": { + "PURL": "pkg:golang/github.com/alecthomas/kong@v1.10.0", + "UID": "879cb59119f5bbf" + }, + "Version": "v1.10.0", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aristanetworks/gomap@v0.0.0-20240919214256-2b26376628e1", + "Name": "github.com/aristanetworks/gomap", + "Identifier": { + "PURL": "pkg:golang/github.com/aristanetworks/gomap@v0.0.0-20240919214256-2b26376628e1", + "UID": "68ad3663ae8bfde1" + }, + "Version": "v0.0.0-20240919214256-2b26376628e1", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/beorn7/perks@v1.0.1", + "Name": "github.com/beorn7/perks", + "Identifier": { + "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", + "UID": "2f202ebf6179f939" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cespare/xxhash/v2@v2.3.0", + "Name": "github.com/cespare/xxhash/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0", + "UID": "ee0d00395cec0c5c" + }, + "Version": "v2.3.0", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/kisielk/og-rek@v1.3.0", + "Name": "github.com/kisielk/og-rek", + "Identifier": { + "PURL": "pkg:golang/github.com/kisielk/og-rek@v1.3.0", + "UID": "51c70a58f8def640" + }, + "Version": "v1.3.0", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/klauspost/compress@v1.18.0", + "Name": "github.com/klauspost/compress", + "Identifier": { + "PURL": "pkg:golang/github.com/klauspost/compress@v1.18.0", + "UID": "bd9636263a279842" + }, + "Version": "v1.18.0", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "Name": "github.com/munnerz/goautoneg", + "Identifier": { + "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "UID": "906f4cd5115832d1" + }, + "Version": "v0.0.0-20191010083416-a7dc8b61c822", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/nlpodyssey/gopickle@v0.3.0", + "Name": "github.com/nlpodyssey/gopickle", + "Identifier": { + "PURL": "pkg:golang/github.com/nlpodyssey/gopickle@v0.3.0", + "UID": "9f52e8658ff1482c" + }, + "Version": "v0.3.0", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_golang@v1.21.1", + "Name": "github.com/prometheus/client_golang", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.21.1", + "UID": "f44fc79438e76c31" + }, + "Version": "v1.21.1", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_model@v0.6.1", + "Name": "github.com/prometheus/client_model", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_model@v0.6.1", + "UID": "40257b651669b1f7" + }, + "Version": "v0.6.1", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/common@v0.63.0", + "Name": "github.com/prometheus/common", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/common@v0.63.0", + "UID": "124b4e6827e0eb3e" + }, + "Version": "v0.63.0", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/procfs@v0.16.0", + "Name": "github.com/prometheus/procfs", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/procfs@v0.16.0", + "UID": "cf6202649523a8f9" + }, + "Version": "v0.16.0", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sys@v0.31.0", + "Name": "golang.org/x/sys", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sys@v0.31.0", + "UID": "118c3832c8d92898" + }, + "Version": "v0.31.0", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/text@v0.23.0", + "Name": "golang.org/x/text", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/text@v0.23.0", + "UID": "d6523e39b7720139" + }, + "Version": "v0.23.0", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/protobuf@v1.36.6", + "Name": "google.golang.org/protobuf", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/protobuf@v1.36.6", + "UID": "2c8889f21d5c7c94" + }, + "Version": "v1.36.6", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2025-68121", + "VendorIDs": [ + "GO-2026-4337" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5da2e70c1a1b0ada794973eec9d313e65d343403a5ca733f84059d2adc29edd5", + "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", + "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 4, + "cbl-mariner": 2, + "nvd": 4, + "oracle-oval": 3, + "photon": 4, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-68121", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://github.com/golang/go/issues/77113", + "https://go.dev/cl/737700", + "https://go.dev/issue/77217", + "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-68121.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", + "https://pkg.go.dev/vuln/GO-2026-4337", + "https://www.cve.org/CVERecord?id=CVE-2025-68121" + ], + "PublishedDate": "2026-02-05T18:16:10.857Z", + "LastModifiedDate": "2026-04-29T14:16:16.17Z" + }, + { + "VulnerabilityID": "CVE-2025-22874", + "VendorIDs": [ + "GO-2025-3749" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22874", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7effe853a3545b4a808a8cc8574e4a2549d4c5d0327aa7432d17eb472bcd829c", + "Title": "crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509", + "Description": "Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.", + "Severity": "HIGH", + "VendorSeverity": { + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "redhat": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22874", + "https://go.dev/cl/670375", + "https://go.dev/issue/73612", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22874", + "https://pkg.go.dev/vuln/GO-2025-3749", + "https://www.cve.org/CVERecord?id=CVE-2025-22874" + ], + "PublishedDate": "2025-06-11T17:15:42.167Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61726", + "VendorIDs": [ + "GO-2026-4341" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:772968446b7b15c315c5f7502abc7171184278c06b319c84073dad26cf447b9f", + "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", + "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 3, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-61726", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://go.dev/cl/736712", + "https://go.dev/issue/77101", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61726.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", + "https://pkg.go.dev/vuln/GO-2026-4341", + "https://www.cve.org/CVERecord?id=CVE-2025-61726" + ], + "PublishedDate": "2026-01-28T20:16:09.713Z", + "LastModifiedDate": "2026-02-06T18:47:34.52Z" + }, + { + "VulnerabilityID": "CVE-2025-61729", + "VendorIDs": [ + "GO-2025-4155" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b704a8b29225fda99355b6c44334d6b35b5e828c7220e349933ebda6ffd94bde", + "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", + "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 1, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3928", + "https://access.redhat.com/security/cve/CVE-2025-61729", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3928.html", + "https://errata.rockylinux.org/RLSA-2026:3928", + "https://go.dev/cl/725920", + "https://go.dev/issue/76445", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://linux.oracle.com/cve/CVE-2025-61729.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", + "https://pkg.go.dev/vuln/GO-2025-4155", + "https://www.cve.org/CVERecord?id=CVE-2025-61729" + ], + "PublishedDate": "2025-12-02T19:15:51.447Z", + "LastModifiedDate": "2025-12-19T18:25:28.283Z" + }, + { + "VulnerabilityID": "CVE-2026-25679", + "VendorIDs": [ + "GO-2026-4601" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c18cd85cc42757048b44a09df42a472a8985354297abc9847ee419d131e4fbcd", + "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", + "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-425" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9044", + "https://access.redhat.com/security/cve/CVE-2026-25679", + "https://bugzilla.redhat.com/2445356", + "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", + "https://errata.almalinux.org/9/ALSA-2026-9044.html", + "https://errata.rockylinux.org/RLSA-2026:8841", + "https://go.dev/cl/752180", + "https://go.dev/issue/77578", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://linux.oracle.com/cve/CVE-2026-25679.html", + "https://linux.oracle.com/errata/ELSA-2026-9044.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", + "https://pkg.go.dev/vuln/GO-2026-4601", + "https://www.cve.org/CVERecord?id=CVE-2026-25679" + ], + "PublishedDate": "2026-03-06T22:16:00.72Z", + "LastModifiedDate": "2026-04-21T14:43:03.8Z" + }, + { + "VulnerabilityID": "CVE-2026-32280", + "VendorIDs": [ + "GO-2026-4947" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6085126cfbc6e9e02e547355980b85e716841a01c28b7ae2d47ca18900988c0e", + "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", + "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32280", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/758320", + "https://go.dev/issue/78282", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32280.html", + "https://linux.oracle.com/errata/ELSA-2026-16875.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", + "https://pkg.go.dev/vuln/GO-2026-4947", + "https://www.cve.org/CVERecord?id=CVE-2026-32280" + ], + "PublishedDate": "2026-04-08T02:16:03.247Z", + "LastModifiedDate": "2026-04-16T19:16:42.18Z" + }, + { + "VulnerabilityID": "CVE-2026-32281", + "VendorIDs": [ + "GO-2026-4946" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:fb0ae563be6c22bed08cf651a9c776e2cb2d1ba9b6a9648be90cdc382ca53c42", + "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", + "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32281", + "https://go.dev/cl/758061", + "https://go.dev/issue/78281", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", + "https://pkg.go.dev/vuln/GO-2026-4946", + "https://www.cve.org/CVERecord?id=CVE-2026-32281" + ], + "PublishedDate": "2026-04-08T02:16:03.35Z", + "LastModifiedDate": "2026-04-16T19:15:57.75Z" + }, + { + "VulnerabilityID": "CVE-2026-32283", + "VendorIDs": [ + "GO-2026-4870" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6bbe806b3d7e3b254acc482f86772f5c61f20db469baf80505b6a44f7159140f", + "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", + "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32283", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763767", + "https://go.dev/issue/78334", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32283.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", + "https://pkg.go.dev/vuln/GO-2026-4870", + "https://www.cve.org/CVERecord?id=CVE-2026-32283" + ], + "PublishedDate": "2026-04-08T02:16:03.58Z", + "LastModifiedDate": "2026-04-16T19:12:10.54Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c2b281d5596eba0e5d387742557eb17aff12a74b71e391c5817d68a4553d6851", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:54c866545df52f3c87f8325cb1d0381afb41a6bde73032a52ace13832f752f90", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c8147ad07e1bb16f8dfd574bceeb0c0f054ba0fd667046e1db1b847e3938d3f6", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:cce7533e2b543404103eec7ae0a352ef6b5a0e949ac9c7f32886d035d1403973", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3bc88953eac77cfb88d9039560193453f0e48326dc91857ec85b07d9a3a84f6a", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2025-0913", + "VendorIDs": [ + "GO-2025-3750" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:81ee99e285438b4ae6f67701809b1902e67aeb0239ff6880e1da3eef7860b0ad", + "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", + "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://go.dev/cl/672396", + "https://go.dev/issue/73702", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", + "https://pkg.go.dev/vuln/GO-2025-3750" + ], + "PublishedDate": "2025-06-11T18:15:24.627Z", + "LastModifiedDate": "2025-08-08T14:53:03.55Z" + }, + { + "VulnerabilityID": "CVE-2025-22871", + "VendorIDs": [ + "GO-2025-3563" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.23.8, 1.24.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:73775ab570f36258822fb1538366fad83f8eaed2bcfe644c86945fe65cc27b43", + "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", + "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 3, + "ghsa": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/04/4", + "https://access.redhat.com/errata/RHSA-2025:9635", + "https://access.redhat.com/security/cve/CVE-2025-22871", + "https://bugzilla.redhat.com/2358493", + "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", + "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", + "https://errata.almalinux.org/9/ALSA-2025-9635.html", + "https://errata.rockylinux.org/RLSA-2025:9635", + "https://github.com/roadrunner-server/roadrunner", + "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", + "https://github.com/roadrunner-server/roadrunner/issues/2166", + "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", + "https://go.dev/cl/652998", + "https://go.dev/issue/71988", + "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", + "https://linux.oracle.com/cve/CVE-2025-22871.html", + "https://linux.oracle.com/errata/ELSA-2025-9845.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", + "https://pkg.go.dev/vuln/GO-2025-3563", + "https://www.cve.org/CVERecord?id=CVE-2025-22871" + ], + "PublishedDate": "2025-04-08T20:15:20.183Z", + "LastModifiedDate": "2026-05-12T13:16:39.897Z" + }, + { + "VulnerabilityID": "CVE-2025-22873", + "VendorIDs": [ + "GO-2026-4403" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.23.9, 1.24.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bac49db994082806d6e49badd90d431bf16f57830068d518b66337286058d826", + "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", + "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-23" + ], + "VendorSeverity": { + "amazon": 2, + "bitnami": 1, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "V3Score": 3.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/06/2", + "https://access.redhat.com/security/cve/CVE-2025-22873", + "https://go.dev/cl/670036", + "https://go.dev/issue/73555", + "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", + "https://pkg.go.dev/vuln/GO-2026-4403", + "https://www.cve.org/CVERecord?id=CVE-2025-22873" + ], + "PublishedDate": "2026-02-04T23:15:54.22Z", + "LastModifiedDate": "2026-02-10T15:16:40.057Z" + }, + { + "VulnerabilityID": "CVE-2025-4673", + "VendorIDs": [ + "GO-2025-3751" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ebf1330c5943b513bd1dafa3420930584d67ee6539d98f66db1cc6da0ac1fcd0", + "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", + "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:15887", + "https://access.redhat.com/security/cve/CVE-2025-4673", + "https://bugzilla.redhat.com/2373305", + "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", + "https://errata.almalinux.org/9/ALSA-2025-15887.html", + "https://errata.rockylinux.org/RLSA-2025:15887", + "https://go.dev/cl/679257", + "https://go.dev/issue/73816", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://linux.oracle.com/cve/CVE-2025-4673.html", + "https://linux.oracle.com/errata/ELSA-2025-10677.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", + "https://pkg.go.dev/vuln/GO-2025-3751", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-4673" + ], + "PublishedDate": "2025-06-11T17:15:42.993Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-47906", + "VendorIDs": [ + "GO-2025-3956" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:68893530c46807a7f7fc75967ccadb15e7715ed582d113891a28655b2312beb9", + "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", + "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:22005", + "https://access.redhat.com/security/cve/CVE-2025-47906", + "https://bugzilla.redhat.com/2396546", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", + "https://errata.almalinux.org/9/ALSA-2025-22005.html", + "https://errata.rockylinux.org/RLSA-2025:22005", + "https://go.dev/cl/691775", + "https://go.dev/issue/74466", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47906.html", + "https://linux.oracle.com/errata/ELSA-2025-22668.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", + "https://pkg.go.dev/vuln/GO-2025-3956", + "https://www.cve.org/CVERecord?id=CVE-2025-47906" + ], + "PublishedDate": "2025-09-18T19:15:37.66Z", + "LastModifiedDate": "2026-01-27T19:56:17.707Z" + }, + { + "VulnerabilityID": "CVE-2025-47907", + "VendorIDs": [ + "GO-2025-3849" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:509fc9012f1e9faaece6bee41a06669d2f5f258025e2b0e1a08d6f0ba7001ee9", + "Title": "database/sql: Postgres Scan Race Condition", + "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:20909", + "https://access.redhat.com/security/cve/CVE-2025-47907", + "https://bugzilla.redhat.com/2387083", + "https://bugzilla.redhat.com/2393152", + "https://errata.almalinux.org/9/ALSA-2025-20909.html", + "https://go.dev/cl/693735", + "https://go.dev/issue/74831", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47907.html", + "https://linux.oracle.com/errata/ELSA-2025-20983.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", + "https://pkg.go.dev/vuln/GO-2025-3849", + "https://www.cve.org/CVERecord?id=CVE-2025-47907" + ], + "PublishedDate": "2025-08-07T16:15:30.357Z", + "LastModifiedDate": "2026-01-29T19:11:50.67Z" + }, + { + "VulnerabilityID": "CVE-2025-47912", + "VendorIDs": [ + "GO-2025-4010" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:34f76a054880b1f01c5e1900532d5fa8ad4cc22be00634f02206423bba40110b", + "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", + "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-47912", + "https://go.dev/cl/709857", + "https://go.dev/issue/75678", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", + "https://pkg.go.dev/vuln/GO-2025-4010", + "https://www.cve.org/CVERecord?id=CVE-2025-47912" + ], + "PublishedDate": "2025-10-29T23:16:18.187Z", + "LastModifiedDate": "2026-01-29T13:57:18.69Z" + }, + { + "VulnerabilityID": "CVE-2025-58183", + "VendorIDs": [ + "GO-2025-4014" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c451cb14726dc4393711440f61218e316ecad3b0ae3a43a72ab86950c1bda02e", + "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", + "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/errata/RHSA-2026:1381", + "https://access.redhat.com/security/cve/CVE-2025-58183", + "https://bugzilla.redhat.com/2407258", + "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", + "https://errata.almalinux.org/9/ALSA-2026-1381.html", + "https://errata.rockylinux.org/RLSA-2025:23326", + "https://go.dev/cl/709861", + "https://go.dev/issue/75677", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://linux.oracle.com/cve/CVE-2025-58183.html", + "https://linux.oracle.com/errata/ELSA-2026-50076.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", + "https://pkg.go.dev/vuln/GO-2025-4014", + "https://www.cve.org/CVERecord?id=CVE-2025-58183" + ], + "PublishedDate": "2025-10-29T23:16:19.357Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-58185", + "VendorIDs": [ + "GO-2025-4011" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3648b537c549c95de0d57d94bfb43779daa5a76bad9baff35d2017e2ab215e26", + "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", + "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58185", + "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", + "https://go.dev/cl/709856", + "https://go.dev/issue/75671", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", + "https://pkg.go.dev/vuln/GO-2025-4011", + "https://www.cve.org/CVERecord?id=CVE-2025-58185" + ], + "PublishedDate": "2025-10-29T23:16:19.45Z", + "LastModifiedDate": "2026-02-06T20:26:41.997Z" + }, + { + "VulnerabilityID": "CVE-2025-58187", + "VendorIDs": [ + "GO-2025-4007" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.9, 1.25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:0f63234fa6fb597526d5c6077190210fcf43f4d854177ca4d6a2570609237d58", + "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", + "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58187", + "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", + "https://go.dev/cl/709854", + "https://go.dev/issue/75681", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", + "https://pkg.go.dev/vuln/GO-2025-4007", + "https://www.cve.org/CVERecord?id=CVE-2025-58187" + ], + "PublishedDate": "2025-10-29T23:16:19.643Z", + "LastModifiedDate": "2026-01-29T16:02:27.08Z" + }, + { + "VulnerabilityID": "CVE-2025-58188", + "VendorIDs": [ + "GO-2025-4013" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e11d80a7897c80ab33582e61184acb6bf43c085bdd790e3cce73a10657bea303", + "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", + "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58188", + "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", + "https://go.dev/cl/709853", + "https://go.dev/issue/75675", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", + "https://pkg.go.dev/vuln/GO-2025-4013", + "https://www.cve.org/CVERecord?id=CVE-2025-58188" + ], + "PublishedDate": "2025-10-29T23:16:19.74Z", + "LastModifiedDate": "2026-01-29T15:55:11.97Z" + }, + { + "VulnerabilityID": "CVE-2025-58189", + "VendorIDs": [ + "GO-2025-4008" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:614d06fabd57599d6c06aaf4ca70fda211319fb6e7543c00af4c0632b3602b4e", + "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", + "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-532" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58189", + "https://go.dev/cl/707776", + "https://go.dev/issue/75652", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", + "https://pkg.go.dev/vuln/GO-2025-4008", + "https://www.cve.org/CVERecord?id=CVE-2025-58189" + ], + "PublishedDate": "2025-10-29T23:16:19.833Z", + "LastModifiedDate": "2026-01-29T15:49:24.543Z" + }, + { + "VulnerabilityID": "CVE-2025-61723", + "VendorIDs": [ + "GO-2025-4009" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:0c836097c95ba045d6e9e710869e8f8d63e95f64063ed6a2a046854427cdad14", + "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", + "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61723", + "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", + "https://go.dev/cl/709858", + "https://go.dev/issue/75676", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", + "https://pkg.go.dev/vuln/GO-2025-4009", + "https://www.cve.org/CVERecord?id=CVE-2025-61723" + ], + "PublishedDate": "2025-10-29T23:16:19.927Z", + "LastModifiedDate": "2026-01-29T15:49:05.343Z" + }, + { + "VulnerabilityID": "CVE-2025-61724", + "VendorIDs": [ + "GO-2025-4015" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:350139d9ab6cf6ba6494a2ef90dc10df700fad24c7da3af81f9d7bc9db375a68", + "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", + "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61724", + "https://go.dev/cl/709859", + "https://go.dev/issue/75716", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", + "https://pkg.go.dev/vuln/GO-2025-4015", + "https://www.cve.org/CVERecord?id=CVE-2025-61724" + ], + "PublishedDate": "2025-10-29T23:16:20.02Z", + "LastModifiedDate": "2026-01-29T15:30:53.69Z" + }, + { + "VulnerabilityID": "CVE-2025-61725", + "VendorIDs": [ + "GO-2025-4006" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9416abdddc52351ec0505b7d35089f35d5eb1b661c7d7a862154ec48fb05c55b", + "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", + "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61725", + "https://go.dev/cl/709860", + "https://go.dev/issue/75680", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", + "https://pkg.go.dev/vuln/GO-2025-4006", + "https://www.cve.org/CVERecord?id=CVE-2025-61725" + ], + "PublishedDate": "2025-10-29T23:16:20.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61727", + "VendorIDs": [ + "GO-2025-4175" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f103d1584d7c7754e0c485ac30786937ff1c67b68c9af52332d524ff9a916822", + "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", + "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61727", + "https://go.dev/cl/723900", + "https://go.dev/issue/76442", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", + "https://pkg.go.dev/vuln/GO-2025-4175", + "https://www.cve.org/CVERecord?id=CVE-2025-61727" + ], + "PublishedDate": "2025-12-03T20:16:25.607Z", + "LastModifiedDate": "2025-12-18T20:15:10.957Z" + }, + { + "VulnerabilityID": "CVE-2025-61728", + "VendorIDs": [ + "GO-2026-4342" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d2698138bde30ff01a4850b59368c672392587e627fd33707091795fce60f6e8", + "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", + "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/15/4", + "https://access.redhat.com/errata/RHSA-2026:3753", + "https://access.redhat.com/security/cve/CVE-2025-61728", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434431", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3753.html", + "https://errata.rockylinux.org/RLSA-2026:3337", + "https://go.dev/cl/736713", + "https://go.dev/issue/77102", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61728.html", + "https://linux.oracle.com/errata/ELSA-2026-4672.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", + "https://pkg.go.dev/vuln/GO-2026-4342", + "https://www.cve.org/CVERecord?id=CVE-2025-61728" + ], + "PublishedDate": "2026-01-28T20:16:09.83Z", + "LastModifiedDate": "2026-02-06T18:45:10.42Z" + }, + { + "VulnerabilityID": "CVE-2025-61730", + "VendorIDs": [ + "GO-2026-4340" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c755d9ed3ad868c19ad59cc682c9f83f6b87ae2a428b2ce08a5357068ae4ee36", + "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", + "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "bitnami": 2, + "cbl-mariner": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61730", + "https://go.dev/cl/724120", + "https://go.dev/issue/76443", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", + "https://pkg.go.dev/vuln/GO-2026-4340", + "https://www.cve.org/CVERecord?id=CVE-2025-61730" + ], + "PublishedDate": "2026-01-28T20:16:09.94Z", + "LastModifiedDate": "2026-02-03T20:36:41.3Z" + }, + { + "VulnerabilityID": "CVE-2026-27142", + "VendorIDs": [ + "GO-2026-4603" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:311d3b20e4c33632e47fd1155f2d796434a44ed77016c83204736c895be73be0", + "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", + "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27142", + "https://go.dev/cl/752081", + "https://go.dev/issue/77954", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", + "https://pkg.go.dev/vuln/GO-2026-4603", + "https://www.cve.org/CVERecord?id=CVE-2026-27142" + ], + "PublishedDate": "2026-03-06T22:16:01.177Z", + "LastModifiedDate": "2026-04-21T14:30:01.38Z" + }, + { + "VulnerabilityID": "CVE-2026-32282", + "VendorIDs": [ + "GO-2026-4864" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:65f98746c8e86a01af8dc1913e9722fd3c416071237de30f28978fd9c5fa9623", + "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", + "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32282", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763761", + "https://go.dev/issue/78293", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32282.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", + "https://pkg.go.dev/vuln/GO-2026-4864", + "https://www.cve.org/CVERecord?id=CVE-2026-32282" + ], + "PublishedDate": "2026-04-08T02:16:03.467Z", + "LastModifiedDate": "2026-04-16T19:15:39.4Z" + }, + { + "VulnerabilityID": "CVE-2026-32288", + "VendorIDs": [ + "GO-2026-4869" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3d545dad2319144a8be096eb1b93d11f7041d6241fd93ca1e941b00dccd6a384", + "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", + "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32288", + "https://go.dev/cl/763766", + "https://go.dev/issue/78301", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", + "https://pkg.go.dev/vuln/GO-2026-4869", + "https://www.cve.org/CVERecord?id=CVE-2026-32288" + ], + "PublishedDate": "2026-04-08T02:16:03.707Z", + "LastModifiedDate": "2026-04-16T19:08:52.24Z" + }, + { + "VulnerabilityID": "CVE-2026-32289", + "VendorIDs": [ + "GO-2026-4865" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f95a3d406d60cadc57e3ccc207b71b717b85d5760bdd705785f8b24b3731c94a", + "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", + "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32289", + "https://go.dev/cl/763762", + "https://go.dev/issue/78331", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", + "https://pkg.go.dev/vuln/GO-2026-4865", + "https://www.cve.org/CVERecord?id=CVE-2026-32289" + ], + "PublishedDate": "2026-04-08T02:16:03.82Z", + "LastModifiedDate": "2026-04-16T19:06:57.367Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:0edc5dcaf7d56501062c12ab29f86cefdc667d94b39a0fc52dca3edae35bf7cd", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:49814494d21ec96d35412b2252a91f9030b7b33ee8c02d68fba580c8900aa73c", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9260dd29e19c23a4" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", + "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5cc236f4f473741e6884fe9b5390e95f39ab9232fbfdcd9556506a4cf3f4ac76", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + } + ] + }, + { + "Namespace": "prometheus", + "Kind": "Deployment", + "Name": "node-exporter", + "Metadata": [ + { + "Size": 26442240, + "ImageID": "sha256:47509d7f7c15a729686d9d5eccec66abd4b2495d9ae01f637f63e6375fe93f8b", + "DiffIDs": [ + "sha256:fe8da3eab3143a4922924a1e6a2de9594bc47a5a577ac77f08d9de875307621a", + "sha256:70764c8e5028cb89f3dd78d9afb5da1c5027bd867d446be30a9589836c5708ff", + "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + ], + "RepoTags": [ + "quay.io/prometheus/node-exporter:latest" + ], + "RepoDigests": [ + "quay.io/prometheus/node-exporter@sha256:0f422f62c15f154af8d8572b23d623aebfb10cec73a5c654d18f911f3f9df241" + ], + "Reference": "quay.io/prometheus/node-exporter:latest", + "ImageConfig": { + "architecture": "amd64", + "author": "The Prometheus Authors \u003cprometheus-developers@googlegroups.com\u003e", + "created": "2026-04-07T15:51:25.177329481Z", + "history": [ + { + "created": "2024-09-26T21:31:42Z", + "created_by": "BusyBox 1.37.0 (uclibc), Buildroot 2025.11.2, Debian 13" + }, + { + "created": "2026-03-15T10:55:08.806172887Z", + "created_by": "MAINTAINER The Prometheus Authors \u003cprometheus-developers@googlegroups.com\u003e", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-03-15T10:55:08.806172887Z", + "created_by": "COPY /rootfs / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-04-07T15:51:25.177329481Z", + "created_by": "LABEL maintainer=The Prometheus Authors \u003cprometheus-developers@googlegroups.com\u003e", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-07T15:51:25.177329481Z", + "created_by": "LABEL org.opencontainers.image.authors=The Prometheus Authors", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-07T15:51:25.177329481Z", + "created_by": "LABEL org.opencontainers.image.vendor=Prometheus", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-07T15:51:25.177329481Z", + "created_by": "LABEL org.opencontainers.image.title=node_exporter", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-07T15:51:25.177329481Z", + "created_by": "LABEL org.opencontainers.image.description=Prometheus exporter for hardware and OS metrics exposed by *NIX kernels", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-07T15:51:25.177329481Z", + "created_by": "LABEL org.opencontainers.image.source=https://github.com/prometheus/node_exporter", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-07T15:51:25.177329481Z", + "created_by": "LABEL org.opencontainers.image.url=https://github.com/prometheus/node_exporter", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-07T15:51:25.177329481Z", + "created_by": "LABEL org.opencontainers.image.documentation=https://github.com/prometheus/node_exporter", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-07T15:51:25.177329481Z", + "created_by": "LABEL org.opencontainers.image.licenses=Apache License 2.0", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-07T15:51:25.177329481Z", + "created_by": "LABEL io.prometheus.image.variant=busybox", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-07T15:51:25.177329481Z", + "created_by": "ARG ARCH=amd64", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-07T15:51:25.177329481Z", + "created_by": "ARG OS=linux", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-07T15:51:25.177329481Z", + "created_by": "COPY .build/linux-amd64/node_exporter /bin/node_exporter # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-04-07T15:51:25.177329481Z", + "created_by": "EXPOSE map[9100/tcp:{}]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-07T15:51:25.177329481Z", + "created_by": "USER nobody", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-07T15:51:25.177329481Z", + "created_by": "ENTRYPOINT [\"/bin/node_exporter\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:fe8da3eab3143a4922924a1e6a2de9594bc47a5a577ac77f08d9de875307621a", + "sha256:70764c8e5028cb89f3dd78d9afb5da1c5027bd867d446be30a9589836c5708ff", + "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + ] + }, + "config": { + "Entrypoint": [ + "/bin/node_exporter" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ], + "Labels": { + "io.prometheus.image.variant": "busybox", + "maintainer": "The Prometheus Authors \u003cprometheus-developers@googlegroups.com\u003e", + "org.opencontainers.image.authors": "The Prometheus Authors", + "org.opencontainers.image.description": "Prometheus exporter for hardware and OS metrics exposed by *NIX kernels", + "org.opencontainers.image.documentation": "https://github.com/prometheus/node_exporter", + "org.opencontainers.image.licenses": "Apache License 2.0", + "org.opencontainers.image.source": "https://github.com/prometheus/node_exporter", + "org.opencontainers.image.title": "node_exporter", + "org.opencontainers.image.url": "https://github.com/prometheus/node_exporter", + "org.opencontainers.image.vendor": "Prometheus" + }, + "User": "nobody", + "ExposedPorts": { + "9100/tcp": {} + } + } + }, + "Layers": [ + { + "Size": 1454080, + "Digest": "sha256:a6680b927350cc00b395133816b089a777ad1a8e4e799a000f9a9f166a0c4f7e", + "DiffID": "sha256:fe8da3eab3143a4922924a1e6a2de9594bc47a5a577ac77f08d9de875307621a" + }, + { + "Size": 1261056, + "Digest": "sha256:a2243411ec8e6f03b5bd3683b39b605ebdd828234228bc7823815411b075ff44", + "DiffID": "sha256:70764c8e5028cb89f3dd78d9afb5da1c5027bd867d446be30a9589836c5708ff" + }, + { + "Size": 23727104, + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + } + ] + } + ], + "Results": [ + { + "Target": "bin/node_exporter", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "github.com/prometheus/node_exporter@v1.11.1", + "Name": "github.com/prometheus/node_exporter", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/node_exporter@v1.11.1", + "UID": "a8718f1a04881581" + }, + "Version": "v1.11.1", + "Relationship": "root", + "DependsOn": [ + "github.com/alecthomas/kingpin/v2@v2.4.0", + "github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", + "github.com/beevik/ntp@v1.5.0", + "github.com/beorn7/perks@v1.0.1", + "github.com/cespare/xxhash/v2@v2.3.0", + "github.com/coreos/go-systemd/v22@v22.7.0", + "github.com/cyphar/filepath-securejoin@v0.6.1", + "github.com/dennwc/btrfs@v0.0.0-20260222081608-edfb8b9e4f55", + "github.com/dennwc/ioctl@v1.0.1-0.20181021180353-017804252068", + "github.com/ema/qdisc@v1.0.0", + "github.com/godbus/dbus/v5@v5.2.2", + "github.com/golang-jwt/jwt/v5@v5.3.0", + "github.com/google/uuid@v1.6.0", + "github.com/hashicorp/go-envparse@v0.1.0", + "github.com/hodgesds/perf-utils@v0.7.0", + "github.com/jpillora/backoff@v1.0.0", + "github.com/jsimonetti/rtnetlink/v2@v2.2.0", + "github.com/mattn/go-xmlrpc@v0.0.3", + "github.com/mdlayher/ethtool@v0.6.0", + "github.com/mdlayher/genetlink@v1.3.2", + "github.com/mdlayher/netlink@v1.10.0", + "github.com/mdlayher/socket@v0.5.1", + "github.com/mdlayher/vsock@v1.2.1", + "github.com/mdlayher/wifi@v0.7.2", + "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", + "github.com/opencontainers/selinux@v1.13.1", + "github.com/prometheus-community/go-runit@v0.1.0", + "github.com/prometheus/client_golang@v1.23.2", + "github.com/prometheus/client_model@v0.6.2", + "github.com/prometheus/common@v0.67.5", + "github.com/prometheus/exporter-toolkit@v0.16.0", + "github.com/prometheus/procfs@v0.20.1", + "github.com/safchain/ethtool@v0.7.0", + "github.com/xhit/go-str2duration/v2@v2.1.0", + "go.uber.org/atomic@v1.7.0", + "go.uber.org/multierr@v1.6.0", + "go.yaml.in/yaml/v2@v2.4.4", + "golang.org/x/crypto@v0.49.0", + "golang.org/x/net@v0.52.0", + "golang.org/x/oauth2@v0.36.0", + "golang.org/x/sync@v0.20.0", + "golang.org/x/sys@v0.42.0", + "golang.org/x/text@v0.35.0", + "golang.org/x/time@v0.15.0", + "google.golang.org/protobuf@v1.36.11", + "stdlib@v1.26.1" + ], + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "stdlib@v1.26.1", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.26.1", + "UID": "4120a2832d4abb90" + }, + "Version": "v1.26.1", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/alecthomas/kingpin/v2@v2.4.0", + "Name": "github.com/alecthomas/kingpin/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/alecthomas/kingpin/v2@v2.4.0", + "UID": "88759d99f0871bbc" + }, + "Version": "v2.4.0", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", + "Name": "github.com/alecthomas/units", + "Identifier": { + "PURL": "pkg:golang/github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", + "UID": "ab36a1c8dd7d7724" + }, + "Version": "v0.0.0-20240927000941-0f3dac36c52b", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/beevik/ntp@v1.5.0", + "Name": "github.com/beevik/ntp", + "Identifier": { + "PURL": "pkg:golang/github.com/beevik/ntp@v1.5.0", + "UID": "75e72730d49e0dcf" + }, + "Version": "v1.5.0", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/beorn7/perks@v1.0.1", + "Name": "github.com/beorn7/perks", + "Identifier": { + "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", + "UID": "e5b61f231acc6788" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cespare/xxhash/v2@v2.3.0", + "Name": "github.com/cespare/xxhash/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0", + "UID": "2448921450b25fd5" + }, + "Version": "v2.3.0", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/coreos/go-systemd/v22@v22.7.0", + "Name": "github.com/coreos/go-systemd/v22", + "Identifier": { + "PURL": "pkg:golang/github.com/coreos/go-systemd/v22@v22.7.0", + "UID": "251ad5420c6557f1" + }, + "Version": "v22.7.0", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cyphar/filepath-securejoin@v0.6.1", + "Name": "github.com/cyphar/filepath-securejoin", + "Identifier": { + "PURL": "pkg:golang/github.com/cyphar/filepath-securejoin@v0.6.1", + "UID": "3e8a3c80d94adc3e" + }, + "Version": "v0.6.1", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/dennwc/btrfs@v0.0.0-20260222081608-edfb8b9e4f55", + "Name": "github.com/dennwc/btrfs", + "Identifier": { + "PURL": "pkg:golang/github.com/dennwc/btrfs@v0.0.0-20260222081608-edfb8b9e4f55", + "UID": "8fea6a55b6224310" + }, + "Version": "v0.0.0-20260222081608-edfb8b9e4f55", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/dennwc/ioctl@v1.0.1-0.20181021180353-017804252068", + "Name": "github.com/dennwc/ioctl", + "Identifier": { + "PURL": "pkg:golang/github.com/dennwc/ioctl@v1.0.1-0.20181021180353-017804252068", + "UID": "2853cf8344dd3313" + }, + "Version": "v1.0.1-0.20181021180353-017804252068", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/ema/qdisc@v1.0.0", + "Name": "github.com/ema/qdisc", + "Identifier": { + "PURL": "pkg:golang/github.com/ema/qdisc@v1.0.0", + "UID": "439b03042f59dbfe" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/godbus/dbus/v5@v5.2.2", + "Name": "github.com/godbus/dbus/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/godbus/dbus/v5@v5.2.2", + "UID": "67eb6656c75437f8" + }, + "Version": "v5.2.2", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang-jwt/jwt/v5@v5.3.0", + "Name": "github.com/golang-jwt/jwt/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/golang-jwt/jwt/v5@v5.3.0", + "UID": "d16bdabd86aa7e1f" + }, + "Version": "v5.3.0", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/uuid@v1.6.0", + "Name": "github.com/google/uuid", + "Identifier": { + "PURL": "pkg:golang/github.com/google/uuid@v1.6.0", + "UID": "34e33e28d2e93ede" + }, + "Version": "v1.6.0", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-envparse@v0.1.0", + "Name": "github.com/hashicorp/go-envparse", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-envparse@v0.1.0", + "UID": "7100ccc68ce98ea9" + }, + "Version": "v0.1.0", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hodgesds/perf-utils@v0.7.0", + "Name": "github.com/hodgesds/perf-utils", + "Identifier": { + "PURL": "pkg:golang/github.com/hodgesds/perf-utils@v0.7.0", + "UID": "77bbd7d12c807169" + }, + "Version": "v0.7.0", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jpillora/backoff@v1.0.0", + "Name": "github.com/jpillora/backoff", + "Identifier": { + "PURL": "pkg:golang/github.com/jpillora/backoff@v1.0.0", + "UID": "5cef5fd1568f73f6" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jsimonetti/rtnetlink/v2@v2.2.0", + "Name": "github.com/jsimonetti/rtnetlink/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/jsimonetti/rtnetlink/v2@v2.2.0", + "UID": "df60cd629242718c" + }, + "Version": "v2.2.0", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mattn/go-xmlrpc@v0.0.3", + "Name": "github.com/mattn/go-xmlrpc", + "Identifier": { + "PURL": "pkg:golang/github.com/mattn/go-xmlrpc@v0.0.3", + "UID": "d4c8a4ae8e92a7c" + }, + "Version": "v0.0.3", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mdlayher/ethtool@v0.6.0", + "Name": "github.com/mdlayher/ethtool", + "Identifier": { + "PURL": "pkg:golang/github.com/mdlayher/ethtool@v0.6.0", + "UID": "112514772eae431f" + }, + "Version": "v0.6.0", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mdlayher/genetlink@v1.3.2", + "Name": "github.com/mdlayher/genetlink", + "Identifier": { + "PURL": "pkg:golang/github.com/mdlayher/genetlink@v1.3.2", + "UID": "cd7d099a56c30547" + }, + "Version": "v1.3.2", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mdlayher/netlink@v1.10.0", + "Name": "github.com/mdlayher/netlink", + "Identifier": { + "PURL": "pkg:golang/github.com/mdlayher/netlink@v1.10.0", + "UID": "4213e6a57c54a21" + }, + "Version": "v1.10.0", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mdlayher/socket@v0.5.1", + "Name": "github.com/mdlayher/socket", + "Identifier": { + "PURL": "pkg:golang/github.com/mdlayher/socket@v0.5.1", + "UID": "3a6529ba3b4ae89f" + }, + "Version": "v0.5.1", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mdlayher/vsock@v1.2.1", + "Name": "github.com/mdlayher/vsock", + "Identifier": { + "PURL": "pkg:golang/github.com/mdlayher/vsock@v1.2.1", + "UID": "ddd5f5d0978b41d3" + }, + "Version": "v1.2.1", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mdlayher/wifi@v0.7.2", + "Name": "github.com/mdlayher/wifi", + "Identifier": { + "PURL": "pkg:golang/github.com/mdlayher/wifi@v0.7.2", + "UID": "42cb9773b705e005" + }, + "Version": "v0.7.2", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "Name": "github.com/munnerz/goautoneg", + "Identifier": { + "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "UID": "5be39eea2e77c5d8" + }, + "Version": "v0.0.0-20191010083416-a7dc8b61c822", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", + "Name": "github.com/mwitkow/go-conntrack", + "Identifier": { + "PURL": "pkg:golang/github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", + "UID": "2c8cd38e459d6a55" + }, + "Version": "v0.0.0-20190716064945-2f068394615f", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/opencontainers/selinux@v1.13.1", + "Name": "github.com/opencontainers/selinux", + "Identifier": { + "PURL": "pkg:golang/github.com/opencontainers/selinux@v1.13.1", + "UID": "3fd941f15611ec7b" + }, + "Version": "v1.13.1", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus-community/go-runit@v0.1.0", + "Name": "github.com/prometheus-community/go-runit", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus-community/go-runit@v0.1.0", + "UID": "f70cc86ac8dd87c5" + }, + "Version": "v0.1.0", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_golang@v1.23.2", + "Name": "github.com/prometheus/client_golang", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.23.2", + "UID": "2a76370629864741" + }, + "Version": "v1.23.2", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_model@v0.6.2", + "Name": "github.com/prometheus/client_model", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_model@v0.6.2", + "UID": "39c8a6f1dc613eb0" + }, + "Version": "v0.6.2", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/common@v0.67.5", + "Name": "github.com/prometheus/common", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/common@v0.67.5", + "UID": "2eaba6169d004f39" + }, + "Version": "v0.67.5", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/exporter-toolkit@v0.16.0", + "Name": "github.com/prometheus/exporter-toolkit", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/exporter-toolkit@v0.16.0", + "UID": "a9f36926e9a60e70" + }, + "Version": "v0.16.0", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/procfs@v0.20.1", + "Name": "github.com/prometheus/procfs", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/procfs@v0.20.1", + "UID": "8874af209b985e74" + }, + "Version": "v0.20.1", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/safchain/ethtool@v0.7.0", + "Name": "github.com/safchain/ethtool", + "Identifier": { + "PURL": "pkg:golang/github.com/safchain/ethtool@v0.7.0", + "UID": "34773e694eadbfb" + }, + "Version": "v0.7.0", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/xhit/go-str2duration/v2@v2.1.0", + "Name": "github.com/xhit/go-str2duration/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/xhit/go-str2duration/v2@v2.1.0", + "UID": "70c7c2c382aec932" + }, + "Version": "v2.1.0", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/atomic@v1.7.0", + "Name": "go.uber.org/atomic", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/atomic@v1.7.0", + "UID": "1ca9a927d5686757" + }, + "Version": "v1.7.0", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/multierr@v1.6.0", + "Name": "go.uber.org/multierr", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/multierr@v1.6.0", + "UID": "f660c68eb610b043" + }, + "Version": "v1.6.0", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.yaml.in/yaml/v2@v2.4.4", + "Name": "go.yaml.in/yaml/v2", + "Identifier": { + "PURL": "pkg:golang/go.yaml.in/yaml/v2@v2.4.4", + "UID": "93b0875d71f03925" + }, + "Version": "v2.4.4", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/crypto@v0.49.0", + "Name": "golang.org/x/crypto", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.49.0", + "UID": "c88b46481f0581c6" + }, + "Version": "v0.49.0", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/net@v0.52.0", + "Name": "golang.org/x/net", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.52.0", + "UID": "3e95dae8bcddfcdd" + }, + "Version": "v0.52.0", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/oauth2@v0.36.0", + "Name": "golang.org/x/oauth2", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/oauth2@v0.36.0", + "UID": "48b995a7a2a3424" + }, + "Version": "v0.36.0", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sync@v0.20.0", + "Name": "golang.org/x/sync", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sync@v0.20.0", + "UID": "b42cff145c43b8a8" + }, + "Version": "v0.20.0", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sys@v0.42.0", + "Name": "golang.org/x/sys", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sys@v0.42.0", + "UID": "2e617d1b5431b641" + }, + "Version": "v0.42.0", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/text@v0.35.0", + "Name": "golang.org/x/text", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/text@v0.35.0", + "UID": "ac217e43c1fe7f56" + }, + "Version": "v0.35.0", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/time@v0.15.0", + "Name": "golang.org/x/time", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/time@v0.15.0", + "UID": "c7e0be516d301e1f" + }, + "Version": "v0.15.0", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/protobuf@v1.36.11", + "Name": "google.golang.org/protobuf", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/protobuf@v1.36.11", + "UID": "e76a9c1093d617bc" + }, + "Version": "v1.36.11", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2026-32280", + "VendorIDs": [ + "GO-2026-4947" + ], + "PkgID": "stdlib@v1.26.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.1", + "UID": "4120a2832d4abb90" + }, + "InstalledVersion": "v1.26.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:dfdfd69495ec27760f1a753325eab9b9abad0a45296c563bb1d602c9c738198c", + "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", + "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32280", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/758320", + "https://go.dev/issue/78282", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32280.html", + "https://linux.oracle.com/errata/ELSA-2026-16875.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", + "https://pkg.go.dev/vuln/GO-2026-4947", + "https://www.cve.org/CVERecord?id=CVE-2026-32280" + ], + "PublishedDate": "2026-04-08T02:16:03.247Z", + "LastModifiedDate": "2026-04-16T19:16:42.18Z" + }, + { + "VulnerabilityID": "CVE-2026-32281", + "VendorIDs": [ + "GO-2026-4946" + ], + "PkgID": "stdlib@v1.26.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.1", + "UID": "4120a2832d4abb90" + }, + "InstalledVersion": "v1.26.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:48c37e97ed8b62f26001b57c0aca0af3e75c959b0bcd42deecb9af14e6691047", + "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", + "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32281", + "https://go.dev/cl/758061", + "https://go.dev/issue/78281", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", + "https://pkg.go.dev/vuln/GO-2026-4946", + "https://www.cve.org/CVERecord?id=CVE-2026-32281" + ], + "PublishedDate": "2026-04-08T02:16:03.35Z", + "LastModifiedDate": "2026-04-16T19:15:57.75Z" + }, + { + "VulnerabilityID": "CVE-2026-32283", + "VendorIDs": [ + "GO-2026-4870" + ], + "PkgID": "stdlib@v1.26.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.1", + "UID": "4120a2832d4abb90" + }, + "InstalledVersion": "v1.26.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9ca87c7feb1badc3fe3e0d3078a719baddc6fed74a8dd4ae0803eb8afeab7459", + "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", + "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32283", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763767", + "https://go.dev/issue/78334", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32283.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", + "https://pkg.go.dev/vuln/GO-2026-4870", + "https://www.cve.org/CVERecord?id=CVE-2026-32283" + ], + "PublishedDate": "2026-04-08T02:16:03.58Z", + "LastModifiedDate": "2026-04-16T19:12:10.54Z" + }, + { + "VulnerabilityID": "CVE-2026-33810", + "VendorIDs": [ + "GO-2026-4866" + ], + "PkgID": "stdlib@v1.26.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.1", + "UID": "4120a2832d4abb90" + }, + "InstalledVersion": "v1.26.1", + "FixedVersion": "1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33810", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1cdb8ead113608992a981e9b7719461ba7ebc0b41c26e8e2e984084c35be9425", + "Title": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application", + "Description": "When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "azure": 2, + "bitnami": 3, + "nvd": 3, + "redhat": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "V3Score": 8.2 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "V3Score": 8.2 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L", + "V3Score": 8.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/19/4", + "http://www.openwall.com/lists/oss-security/2026/04/20/1", + "https://access.redhat.com/security/cve/CVE-2026-33810", + "https://go.dev/cl/763763", + "https://go.dev/issue/78332", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33810", + "https://pkg.go.dev/vuln/GO-2026-4866", + "https://www.cve.org/CVERecord?id=CVE-2026-33810" + ], + "PublishedDate": "2026-04-08T02:16:03.95Z", + "LastModifiedDate": "2026-04-20T18:16:26.813Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.26.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.1", + "UID": "4120a2832d4abb90" + }, + "InstalledVersion": "v1.26.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:00b33a076bf9b878f061c82065ea2c32e5e7389b59c14cb1705a6c7a089122db", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.26.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.1", + "UID": "4120a2832d4abb90" + }, + "InstalledVersion": "v1.26.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:647939d1380c5b10d8e6cb587d03e07bc448efc45583baa89c07a16ac259967e", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.26.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.1", + "UID": "4120a2832d4abb90" + }, + "InstalledVersion": "v1.26.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6c1bd75a684b253cc469cb977bf3b551c671454a5d7043c5b0cd38891e928f2f", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.26.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.1", + "UID": "4120a2832d4abb90" + }, + "InstalledVersion": "v1.26.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:74f921db4c39f8be9c158d8c5df1f7a7d488396658f9119efdb10b6ce77d3d12", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.26.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.1", + "UID": "4120a2832d4abb90" + }, + "InstalledVersion": "v1.26.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1086b320426599b175035d675e64c6332cdbf6a3d8e1ac15faadc177b2520746", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2026-32282", + "VendorIDs": [ + "GO-2026-4864" + ], + "PkgID": "stdlib@v1.26.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.1", + "UID": "4120a2832d4abb90" + }, + "InstalledVersion": "v1.26.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b7105857a8aa17f8148b245eeecc7449691402d7beb9395ea4b3303a21a4a097", + "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", + "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32282", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763761", + "https://go.dev/issue/78293", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32282.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", + "https://pkg.go.dev/vuln/GO-2026-4864", + "https://www.cve.org/CVERecord?id=CVE-2026-32282" + ], + "PublishedDate": "2026-04-08T02:16:03.467Z", + "LastModifiedDate": "2026-04-16T19:15:39.4Z" + }, + { + "VulnerabilityID": "CVE-2026-32288", + "VendorIDs": [ + "GO-2026-4869" + ], + "PkgID": "stdlib@v1.26.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.1", + "UID": "4120a2832d4abb90" + }, + "InstalledVersion": "v1.26.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:407d1df6ab206cd128e6b3bfdd404ade281f2b268d048fe0ad6d59a7159afc7e", + "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", + "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32288", + "https://go.dev/cl/763766", + "https://go.dev/issue/78301", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", + "https://pkg.go.dev/vuln/GO-2026-4869", + "https://www.cve.org/CVERecord?id=CVE-2026-32288" + ], + "PublishedDate": "2026-04-08T02:16:03.707Z", + "LastModifiedDate": "2026-04-16T19:08:52.24Z" + }, + { + "VulnerabilityID": "CVE-2026-32289", + "VendorIDs": [ + "GO-2026-4865" + ], + "PkgID": "stdlib@v1.26.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.1", + "UID": "4120a2832d4abb90" + }, + "InstalledVersion": "v1.26.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:131db483fdb80bad70baeb9ba75472281b9164a26e98ec7af963becc0125abbc", + "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", + "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32289", + "https://go.dev/cl/763762", + "https://go.dev/issue/78331", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", + "https://pkg.go.dev/vuln/GO-2026-4865", + "https://www.cve.org/CVERecord?id=CVE-2026-32289" + ], + "PublishedDate": "2026-04-08T02:16:03.82Z", + "LastModifiedDate": "2026-04-16T19:06:57.367Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.26.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.1", + "UID": "4120a2832d4abb90" + }, + "InstalledVersion": "v1.26.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:16037a4d5814d4245142af3ac605cbddda432a6fca1923fa306bba9ec1f985bd", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.26.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.1", + "UID": "4120a2832d4abb90" + }, + "InstalledVersion": "v1.26.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4abeecf4016739282419bc25e219fbf48ee13e8fabaea295bd18a4dec60fa7b4", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.26.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.1", + "UID": "4120a2832d4abb90" + }, + "InstalledVersion": "v1.26.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", + "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1dfb427b8c42fe44367532362e97d62cdc583967670323feaf86953416c835f3", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + } + ] + }, + { + "Namespace": "prometheus", + "Kind": "Deployment", + "Name": "prometheus", + "Metadata": [ + { + "Size": 423599616, + "ImageID": "sha256:eb76b4fb57766a23611a3d1347c60218136b6918d6047d02808147b09a1a6f6c", + "DiffIDs": [ + "sha256:ce003e882898fd52c48121c32517cfd5dc2ba95a8216989b5e6571cc147e1f2f", + "sha256:b2f24d7bd8435c9eb1ab45056b1bd85f82b0d29043f9dd5db27244fc08029cbd", + "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48", + "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a", + "sha256:bea626a43336640bcb8788b1d7dcbc60cf29360164342b7dc5643c6cd1b0101e", + "sha256:677bc70ada3a2ed6f163481305b63d2be7c2e4f16dccfd7c4310465b70545c70", + "sha256:c3e1f7620ea5090cec130209c9d09ace8cf4dba3779b6805fbca073d15eed7fd", + "sha256:b881ce0ea4d0ff461100ec79ea9459ab418e93c366efcd7d3524d2c13df49e22", + "sha256:e94eb9143cd87890e0516bb904ee3298227d77910c55ed8c55923cba0e492b87", + "sha256:6a84548b2b30dcd7d2adfe8cf6adf7159c849f169f3837ee3cbe27da52a29f1a" + ], + "RepoTags": [ + "prom/prometheus:latest" + ], + "RepoDigests": [ + "prom/prometheus@sha256:e4254400b85610324913f0dc4acf92603d9984e7519414c5a12811aa6146acc3" + ], + "Reference": "prom/prometheus:latest", + "ImageConfig": { + "architecture": "amd64", + "author": "The Prometheus Authors \u003cprometheus-developers@googlegroups.com\u003e", + "created": "2026-04-27T15:30:48.118738051Z", + "history": [ + { + "created": "2024-09-26T21:31:42Z", + "created_by": "BusyBox 1.37.0 (uclibc), Buildroot 2025.11.3, Debian 13" + }, + { + "created": "2026-04-15T10:54:45.929154899Z", + "created_by": "MAINTAINER The Prometheus Authors \u003cprometheus-developers@googlegroups.com\u003e", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-15T10:54:45.929154899Z", + "created_by": "COPY /rootfs / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-04-27T15:30:47.479681624Z", + "created_by": "LABEL maintainer=The Prometheus Authors \u003cprometheus-developers@googlegroups.com\u003e", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-27T15:30:47.479681624Z", + "created_by": "LABEL org.opencontainers.image.authors=The Prometheus Authors org.opencontainers.image.vendor=Prometheus org.opencontainers.image.title=Prometheus org.opencontainers.image.description=The Prometheus monitoring system and time series database org.opencontainers.image.source=https://github.com/prometheus/prometheus org.opencontainers.image.url=https://github.com/prometheus/prometheus org.opencontainers.image.documentation=https://prometheus.io/docs org.opencontainers.image.licenses=Apache License 2.0 io.prometheus.image.variant=busybox", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-27T15:30:47.479681624Z", + "created_by": "ARG ARCH=amd64", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-27T15:30:47.479681624Z", + "created_by": "ARG OS=linux", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-27T15:30:47.479681624Z", + "created_by": "COPY .build/linux-amd64/prometheus /bin/prometheus # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-04-27T15:30:47.925929922Z", + "created_by": "COPY .build/linux-amd64/promtool /bin/promtool # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-04-27T15:30:47.972358051Z", + "created_by": "COPY documentation/examples/prometheus.yml /etc/prometheus/prometheus.yml # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-04-27T15:30:47.981910466Z", + "created_by": "COPY LICENSE /LICENSE # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-04-27T15:30:47.99067363Z", + "created_by": "COPY NOTICE /NOTICE # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-04-27T15:30:47.999378586Z", + "created_by": "COPY npm_licenses.tar.bz2 /npm_licenses.tar.bz2 # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-04-27T15:30:48.006379868Z", + "created_by": "WORKDIR /prometheus", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-04-27T15:30:48.118738051Z", + "created_by": "RUN |2 ARCH=amd64 OS=linux /bin/sh -c chown -R nobody:nobody /etc/prometheus /prometheus \u0026\u0026 chmod g+w /prometheus # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-04-27T15:30:48.118738051Z", + "created_by": "USER nobody", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-27T15:30:48.118738051Z", + "created_by": "EXPOSE map[9090/tcp:{}]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-27T15:30:48.118738051Z", + "created_by": "VOLUME [/prometheus]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-27T15:30:48.118738051Z", + "created_by": "ENTRYPOINT [\"/bin/prometheus\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-27T15:30:48.118738051Z", + "created_by": "CMD [\"--config.file=/etc/prometheus/prometheus.yml\" \"--storage.tsdb.path=/prometheus\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:ce003e882898fd52c48121c32517cfd5dc2ba95a8216989b5e6571cc147e1f2f", + "sha256:b2f24d7bd8435c9eb1ab45056b1bd85f82b0d29043f9dd5db27244fc08029cbd", + "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48", + "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a", + "sha256:bea626a43336640bcb8788b1d7dcbc60cf29360164342b7dc5643c6cd1b0101e", + "sha256:677bc70ada3a2ed6f163481305b63d2be7c2e4f16dccfd7c4310465b70545c70", + "sha256:c3e1f7620ea5090cec130209c9d09ace8cf4dba3779b6805fbca073d15eed7fd", + "sha256:b881ce0ea4d0ff461100ec79ea9459ab418e93c366efcd7d3524d2c13df49e22", + "sha256:e94eb9143cd87890e0516bb904ee3298227d77910c55ed8c55923cba0e492b87", + "sha256:6a84548b2b30dcd7d2adfe8cf6adf7159c849f169f3837ee3cbe27da52a29f1a" + ] + }, + "config": { + "Cmd": [ + "--config.file=/etc/prometheus/prometheus.yml", + "--storage.tsdb.path=/prometheus" + ], + "Entrypoint": [ + "/bin/prometheus" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ], + "Labels": { + "io.prometheus.image.variant": "busybox", + "maintainer": "The Prometheus Authors \u003cprometheus-developers@googlegroups.com\u003e", + "org.opencontainers.image.authors": "The Prometheus Authors", + "org.opencontainers.image.description": "The Prometheus monitoring system and time series database", + "org.opencontainers.image.documentation": "https://prometheus.io/docs", + "org.opencontainers.image.licenses": "Apache License 2.0", + "org.opencontainers.image.source": "https://github.com/prometheus/prometheus", + "org.opencontainers.image.title": "Prometheus", + "org.opencontainers.image.url": "https://github.com/prometheus/prometheus", + "org.opencontainers.image.vendor": "Prometheus" + }, + "User": "nobody", + "Volumes": { + "/prometheus": {} + }, + "WorkingDir": "/prometheus", + "ExposedPorts": { + "9090/tcp": {} + }, + "ArgsEscaped": true + } + }, + "Layers": [ + { + "Size": 1454080, + "Digest": "sha256:2acf9a40b14f28b6096477413ec272f1fae2d5df7d963466f0936cc16b08ab7b", + "DiffID": "sha256:ce003e882898fd52c48121c32517cfd5dc2ba95a8216989b5e6571cc147e1f2f" + }, + { + "Size": 1262080, + "Digest": "sha256:27baa147e9fa2a2d3cddd0ccabf97ee10c9b66379c5b8835ec4c9438ef9dbd07", + "DiffID": "sha256:b2f24d7bd8435c9eb1ab45056b1bd85f82b0d29043f9dd5db27244fc08029cbd" + }, + { + "Size": 222842880, + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + { + "Size": 197945856, + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + { + "Size": 4096, + "Digest": "sha256:e7f02ac1f456ccf3058902f22e8d64ce9cfb9be5d78f9ef3dd1c15dff34ecd2b", + "DiffID": "sha256:bea626a43336640bcb8788b1d7dcbc60cf29360164342b7dc5643c6cd1b0101e" + }, + { + "Size": 13312, + "Digest": "sha256:612087d42eba6e367ecbc74d5dfa596a92e41540e91cff78712952b9ff906af7", + "DiffID": "sha256:677bc70ada3a2ed6f163481305b63d2be7c2e4f16dccfd7c4310465b70545c70" + }, + { + "Size": 5632, + "Digest": "sha256:2d001a504b8144d906066004870ab5dbfafbb4a38c8823db9b7a7acb06e3dc28", + "DiffID": "sha256:c3e1f7620ea5090cec130209c9d09ace8cf4dba3779b6805fbca073d15eed7fd" + }, + { + "Size": 64512, + "Digest": "sha256:bd1a7d2e07374f8411584200c834e27fd30138817cdf6f950fb0b38a7f8cb3aa", + "DiffID": "sha256:b881ce0ea4d0ff461100ec79ea9459ab418e93c366efcd7d3524d2c13df49e22" + }, + { + "Size": 1536, + "Digest": "sha256:69294359b56a7ada7db59b4633c4c83e7a55f97b0d5f423131b32d1cb1ed8ccc", + "DiffID": "sha256:e94eb9143cd87890e0516bb904ee3298227d77910c55ed8c55923cba0e492b87" + }, + { + "Size": 5632, + "Digest": "sha256:df0231abac1e1886465e83d887a7df7a97002750da40644e217a0fe6a1090f9c", + "DiffID": "sha256:6a84548b2b30dcd7d2adfe8cf6adf7159c849f169f3837ee3cbe27da52a29f1a" + } + ] + } + ], + "Results": [ + { + "Target": "bin/prometheus", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "github.com/prometheus/prometheus@v3.11.3", + "Name": "github.com/prometheus/prometheus", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/prometheus@3.11.3", + "UID": "97056c3a8e3d7d73" + }, + "Version": "3.11.3", + "Relationship": "root", + "DependsOn": [ + "cloud.google.com/go/auth/oauth2adapt@v0.2.8", + "cloud.google.com/go/auth@v0.18.2", + "cloud.google.com/go/compute/metadata@v0.9.0", + "github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.21.0", + "github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.13.1", + "github.com/Azure/azure-sdk-for-go/sdk/internal@v1.11.2", + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5@v5.7.0", + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4@v4.3.0", + "github.com/AzureAD/microsoft-authentication-library-for-go@v1.6.0", + "github.com/Code-Hex/go-generics-cache@v1.5.1", + "github.com/KimMachineGun/automemlimit@v0.7.5", + "github.com/alecthomas/kingpin/v2@v2.4.0", + "github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", + "github.com/armon/go-metrics@v0.4.1", + "github.com/aws/aws-sdk-go-v2/config@v1.32.12", + "github.com/aws/aws-sdk-go-v2/credentials@v1.19.12", + "github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.20", + "github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.20", + "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.20", + "github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", + "github.com/aws/aws-sdk-go-v2/service/ec2@v1.296.0", + "github.com/aws/aws-sdk-go-v2/service/ecs@v1.74.0", + "github.com/aws/aws-sdk-go-v2/service/elasticache@v1.51.12", + "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", + "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.20", + "github.com/aws/aws-sdk-go-v2/service/kafka@v1.49.1", + "github.com/aws/aws-sdk-go-v2/service/lightsail@v1.51.0", + "github.com/aws/aws-sdk-go-v2/service/rds@v1.117.0", + "github.com/aws/aws-sdk-go-v2/service/signin@v1.0.8", + "github.com/aws/aws-sdk-go-v2/service/sso@v1.30.13", + "github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.17", + "github.com/aws/aws-sdk-go-v2/service/sts@v1.41.9", + "github.com/aws/aws-sdk-go-v2@v1.41.4", + "github.com/aws/smithy-go@v1.24.2", + "github.com/bahlo/generic-list-go@v0.2.0", + "github.com/basgys/goxml2json@v1.1.1-0.20231018121955-e66ee54ceaad", + "github.com/bboreham/go-loser@v0.0.0-20230920113527-fcc2c21820a3", + "github.com/beorn7/perks@v1.0.1", + "github.com/buger/jsonparser@v1.1.1", + "github.com/cenkalti/backoff/v5@v5.0.3", + "github.com/cespare/xxhash/v2@v2.3.0", + "github.com/cncf/xds/go@v0.0.0-20251210132809-ee656c7534f5", + "github.com/containerd/errdefs/pkg@v0.3.0", + "github.com/containerd/errdefs@v1.0.0", + "github.com/coreos/go-systemd/v22@v22.6.0", + "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "github.com/dennwc/varint@v1.0.0", + "github.com/digitalocean/godo@v1.178.0", + "github.com/distribution/reference@v0.6.0", + "github.com/docker/docker@v28.5.2+incompatible", + "github.com/docker/go-connections@v0.6.0", + "github.com/docker/go-units@v0.5.0", + "github.com/edsrzf/mmap-go@v1.2.0", + "github.com/emicklei/go-restful/v3@v3.12.2", + "github.com/envoyproxy/go-control-plane/envoy@v1.37.0", + "github.com/envoyproxy/protoc-gen-validate@v1.3.3", + "github.com/facette/natsort@v0.0.0-20181210072756-2cd4dd1e2dcb", + "github.com/fatih/color@v1.18.0", + "github.com/felixge/fgprof@v0.9.5", + "github.com/felixge/httpsnoop@v1.0.4", + "github.com/fsnotify/fsnotify@v1.9.0", + "github.com/fxamacker/cbor/v2@v2.9.0", + "github.com/go-logr/logr@v1.4.3", + "github.com/go-logr/stdr@v1.2.2", + "github.com/go-openapi/analysis@v0.24.2", + "github.com/go-openapi/errors@v0.22.7", + "github.com/go-openapi/jsonpointer@v0.22.5", + "github.com/go-openapi/jsonreference@v0.21.4", + "github.com/go-openapi/loads@v0.23.2", + "github.com/go-openapi/spec@v0.22.3", + "github.com/go-openapi/strfmt@v0.26.1", + "github.com/go-openapi/swag/cmdutils@v0.25.4", + "github.com/go-openapi/swag/conv@v0.25.4", + "github.com/go-openapi/swag/fileutils@v0.25.4", + "github.com/go-openapi/swag/jsonname@v0.25.5", + "github.com/go-openapi/swag/jsonutils@v0.25.4", + "github.com/go-openapi/swag/loading@v0.25.4", + "github.com/go-openapi/swag/mangling@v0.25.4", + "github.com/go-openapi/swag/netutils@v0.25.4", + "github.com/go-openapi/swag/stringutils@v0.25.4", + "github.com/go-openapi/swag/typeutils@v0.25.4", + "github.com/go-openapi/swag/yamlutils@v0.25.4", + "github.com/go-openapi/swag@v0.25.4", + "github.com/go-openapi/validate@v0.25.1", + "github.com/go-resty/resty/v2@v2.17.2", + "github.com/go-viper/mapstructure/v2@v2.5.0", + "github.com/go-zookeeper/zk@v1.0.4", + "github.com/gobwas/glob@v0.2.3", + "github.com/gogo/protobuf@v1.3.2", + "github.com/golang-jwt/jwt/v5@v5.3.1", + "github.com/golang/snappy@v1.0.0", + "github.com/google/gnostic-models@v0.7.0", + "github.com/google/go-cmp@v0.7.0", + "github.com/google/go-querystring@v1.2.0", + "github.com/google/pprof@v0.0.0-20260302011040-a15ffb7f9dcc", + "github.com/google/s2a-go@v0.1.9", + "github.com/google/uuid@v1.6.0", + "github.com/googleapis/enterprise-certificate-proxy@v0.3.14", + "github.com/googleapis/gax-go/v2@v2.18.0", + "github.com/gophercloud/gophercloud/v2@v2.11.1", + "github.com/gorilla/websocket@v1.5.4-0.20250319132907-e064f32e3674", + "github.com/grafana/regexp@v0.0.0-20250905093917-f7b3be9d1853", + "github.com/grpc-ecosystem/grpc-gateway/v2@v2.28.0", + "github.com/hashicorp/consul/api@v1.32.1", + "github.com/hashicorp/cronexpr@v1.1.3", + "github.com/hashicorp/errwrap@v1.1.0", + "github.com/hashicorp/go-cleanhttp@v0.5.2", + "github.com/hashicorp/go-hclog@v1.6.3", + "github.com/hashicorp/go-immutable-radix@v1.3.1", + "github.com/hashicorp/go-multierror@v1.1.1", + "github.com/hashicorp/go-retryablehttp@v0.7.8", + "github.com/hashicorp/go-rootcerts@v1.0.2", + "github.com/hashicorp/go-version@v1.8.0", + "github.com/hashicorp/golang-lru@v0.6.0", + "github.com/hashicorp/nomad/api@v0.0.0-20260324203407-b27b0c2e019a", + "github.com/hashicorp/serf@v0.10.1", + "github.com/hetznercloud/hcloud-go/v2@v2.36.0", + "github.com/ionos-cloud/sdk-go/v6@v6.3.6", + "github.com/jpillora/backoff@v1.0.0", + "github.com/json-iterator/go@v1.1.12", + "github.com/julienschmidt/httprouter@v1.3.0", + "github.com/klauspost/compress@v1.18.5", + "github.com/knadh/koanf/maps@v0.1.2", + "github.com/knadh/koanf/providers/confmap@v1.0.0", + "github.com/knadh/koanf/v2@v2.3.3", + "github.com/kolo/xmlrpc@v0.0.0-20220921171641-a4b6fa1dd06b", + "github.com/kylelemons/godebug@v1.1.0", + "github.com/linode/linodego@v1.66.0", + "github.com/mattn/go-colorable@v0.1.14", + "github.com/mattn/go-isatty@v0.0.20", + "github.com/mdlayher/socket@v0.4.1", + "github.com/mdlayher/vsock@v1.2.1", + "github.com/miekg/dns@v1.1.72", + "github.com/mitchellh/copystructure@v1.2.0", + "github.com/mitchellh/mapstructure@v1.5.0", + "github.com/mitchellh/reflectwalk@v1.0.2", + "github.com/moby/docker-image-spec@v1.3.1", + "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "github.com/modern-go/reflect2@v1.0.3-0.20250322232337-35a7c28c31ee", + "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", + "github.com/oklog/run@v1.2.0", + "github.com/oklog/ulid/v2@v2.1.1", + "github.com/open-telemetry/opentelemetry-collector-contrib/internal/exp/metrics@v0.148.0", + "github.com/open-telemetry/opentelemetry-collector-contrib/pkg/pdatautil@v0.148.0", + "github.com/open-telemetry/opentelemetry-collector-contrib/processor/deltatocumulativeprocessor@v0.148.0", + "github.com/opencontainers/go-digest@v1.0.0", + "github.com/opencontainers/image-spec@v1.1.1", + "github.com/ovh/go-ovh@v1.9.0", + "github.com/pb33f/jsonpath@v0.8.1", + "github.com/pb33f/libopenapi-validator@v0.13.3", + "github.com/pb33f/libopenapi@v0.34.3", + "github.com/pb33f/ordered-map/v2@v2.3.0", + "github.com/pbnjay/memory@v0.0.0-20210728143218-7b4eea64cf58", + "github.com/pkg/browser@v0.0.0-20240102092130-5ac0b6a4141c", + "github.com/pkg/errors@v0.9.1", + "github.com/pmezard/go-difflib@v1.0.1-0.20181226105442-5d4384ee4fb2", + "github.com/prometheus/alertmanager@v0.31.1", + "github.com/prometheus/client_golang/exp@v0.0.0-20260325093428-d8591d0db856", + "github.com/prometheus/client_golang@v1.23.2", + "github.com/prometheus/client_model@v0.6.2", + "github.com/prometheus/common/assets@v0.2.0", + "github.com/prometheus/common@v0.67.5", + "github.com/prometheus/exporter-toolkit@v0.15.1", + "github.com/prometheus/otlptranslator@v1.0.0", + "github.com/prometheus/procfs@v0.16.1", + "github.com/prometheus/sigv4@v0.4.1", + "github.com/puzpuzpuz/xsync/v4@v4.4.0", + "github.com/santhosh-tekuri/jsonschema/v6@v6.0.2", + "github.com/scaleway/scaleway-sdk-go@v1.0.0-beta.36", + "github.com/spf13/pflag@v1.0.10", + "github.com/stackitcloud/stackit-sdk-go/core@v0.23.0", + "github.com/stretchr/testify@v1.11.1", + "github.com/vultr/govultr/v3@v3.28.1", + "github.com/x448/float16@v0.8.4", + "github.com/xhit/go-str2duration/v2@v2.1.0", + "go.opentelemetry.io/auto/sdk@v1.2.1", + "go.opentelemetry.io/collector/component@v1.54.0", + "go.opentelemetry.io/collector/confmap/xconfmap@v0.148.0", + "go.opentelemetry.io/collector/confmap@v1.54.0", + "go.opentelemetry.io/collector/consumer@v1.54.0", + "go.opentelemetry.io/collector/featuregate@v1.54.0", + "go.opentelemetry.io/collector/internal/componentalias@v0.148.0", + "go.opentelemetry.io/collector/pdata@v1.54.0", + "go.opentelemetry.io/collector/pipeline@v1.54.0", + "go.opentelemetry.io/collector/processor@v1.54.0", + "go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@v0.67.0", + "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.67.0", + "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.42.0", + "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.42.0", + "go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.42.0", + "go.opentelemetry.io/otel/metric@v1.42.0", + "go.opentelemetry.io/otel/sdk@v1.42.0", + "go.opentelemetry.io/otel/trace@v1.42.0", + "go.opentelemetry.io/otel@v1.42.0", + "go.opentelemetry.io/proto/otlp@v1.9.0", + "go.uber.org/atomic@v1.11.0", + "go.uber.org/automaxprocs@v1.6.0", + "go.uber.org/goleak@v1.3.0", + "go.uber.org/multierr@v1.11.0", + "go.uber.org/zap@v1.27.1", + "go.yaml.in/yaml/v2@v2.4.4", + "go.yaml.in/yaml/v3@v3.0.4", + "go.yaml.in/yaml/v4@v4.0.0-rc.4", + "golang.org/x/crypto@v0.49.0", + "golang.org/x/exp@v0.0.0-20260218203240-3dfff04db8fa", + "golang.org/x/net@v0.52.0", + "golang.org/x/oauth2@v0.36.0", + "golang.org/x/sync@v0.20.0", + "golang.org/x/sys@v0.42.0", + "golang.org/x/term@v0.41.0", + "golang.org/x/text@v0.35.0", + "golang.org/x/time@v0.15.0", + "google.golang.org/api@v0.272.0", + "google.golang.org/genproto/googleapis/api@v0.0.0-20260319201613-d00831a3d3e7", + "google.golang.org/genproto/googleapis/rpc@v0.0.0-20260311181403-84a4fc48630c", + "google.golang.org/grpc@v1.79.3", + "google.golang.org/protobuf@v1.36.11", + "gopkg.in/evanphx/json-patch.v4@v4.13.0", + "gopkg.in/inf.v0@v0.9.1", + "gopkg.in/ini.v1@v1.67.1", + "gopkg.in/yaml.v2@v2.4.0", + "gopkg.in/yaml.v3@v3.0.1", + "k8s.io/api@v0.35.3", + "k8s.io/apimachinery@v0.35.3", + "k8s.io/client-go@v0.35.3", + "k8s.io/klog/v2@v2.140.0", + "k8s.io/klog@v1.0.0", + "k8s.io/kube-openapi@v0.0.0-20250910181357-589584f1c912", + "k8s.io/utils@v0.0.0-20251002143259-bc988d571ff4", + "sigs.k8s.io/json@v0.0.0-20250730193827-2d320260d730", + "sigs.k8s.io/randfill@v1.0.0", + "sigs.k8s.io/structured-merge-diff/v6@v6.3.0", + "sigs.k8s.io/yaml@v1.6.0", + "stdlib@v1.26.2" + ], + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "stdlib@v1.26.2", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "f8b9f4accc86a9be" + }, + "Version": "v1.26.2", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "cloud.google.com/go/auth@v0.18.2", + "Name": "cloud.google.com/go/auth", + "Identifier": { + "PURL": "pkg:golang/cloud.google.com/go/auth@v0.18.2", + "UID": "fce0c22f4b7cf20a" + }, + "Version": "v0.18.2", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "cloud.google.com/go/auth/oauth2adapt@v0.2.8", + "Name": "cloud.google.com/go/auth/oauth2adapt", + "Identifier": { + "PURL": "pkg:golang/cloud.google.com/go/auth/oauth2adapt@v0.2.8", + "UID": "1642ac8730da86b9" + }, + "Version": "v0.2.8", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "cloud.google.com/go/compute/metadata@v0.9.0", + "Name": "cloud.google.com/go/compute/metadata", + "Identifier": { + "PURL": "pkg:golang/cloud.google.com/go/compute/metadata@v0.9.0", + "UID": "3e52b01b0d6398ad" + }, + "Version": "v0.9.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.21.0", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/azcore", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azcore@v1.21.0", + "UID": "8de750711440f060" + }, + "Version": "v1.21.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.13.1", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/azidentity", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azidentity@v1.13.1", + "UID": "4389bebaebcd5b" + }, + "Version": "v1.13.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/internal@v1.11.2", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/internal", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/internal@v1.11.2", + "UID": "1b87f11f487e0a12" + }, + "Version": "v1.11.2", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5@v5.7.0", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5@v5.7.0", + "UID": "770c99947f879037" + }, + "Version": "v5.7.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4@v4.3.0", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4@v4.3.0", + "UID": "f595be2a9e6fb355" + }, + "Version": "v4.3.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/AzureAD/microsoft-authentication-library-for-go@v1.6.0", + "Name": "github.com/AzureAD/microsoft-authentication-library-for-go", + "Identifier": { + "PURL": "pkg:golang/github.com/azuread/microsoft-authentication-library-for-go@v1.6.0", + "UID": "23b8bf467d262eaa" + }, + "Version": "v1.6.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Code-Hex/go-generics-cache@v1.5.1", + "Name": "github.com/Code-Hex/go-generics-cache", + "Identifier": { + "PURL": "pkg:golang/github.com/code-hex/go-generics-cache@v1.5.1", + "UID": "b45371082fe83ac7" + }, + "Version": "v1.5.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/KimMachineGun/automemlimit@v0.7.5", + "Name": "github.com/KimMachineGun/automemlimit", + "Identifier": { + "PURL": "pkg:golang/github.com/kimmachinegun/automemlimit@v0.7.5", + "UID": "587909c30da81c51" + }, + "Version": "v0.7.5", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/alecthomas/kingpin/v2@v2.4.0", + "Name": "github.com/alecthomas/kingpin/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/alecthomas/kingpin/v2@v2.4.0", + "UID": "9951f2059f556cbf" + }, + "Version": "v2.4.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", + "Name": "github.com/alecthomas/units", + "Identifier": { + "PURL": "pkg:golang/github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", + "UID": "7749b32cc5c5a0af" + }, + "Version": "v0.0.0-20240927000941-0f3dac36c52b", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/armon/go-metrics@v0.4.1", + "Name": "github.com/armon/go-metrics", + "Identifier": { + "PURL": "pkg:golang/github.com/armon/go-metrics@v0.4.1", + "UID": "dcbeb1073e1848a4" + }, + "Version": "v0.4.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2@v1.41.4", + "Name": "github.com/aws/aws-sdk-go-v2", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2@v1.41.4", + "UID": "22c50736fc827060" + }, + "Version": "v1.41.4", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/config@v1.32.12", + "Name": "github.com/aws/aws-sdk-go-v2/config", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/config@v1.32.12", + "UID": "9e99a6c03371fb28" + }, + "Version": "v1.32.12", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/credentials@v1.19.12", + "Name": "github.com/aws/aws-sdk-go-v2/credentials", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/credentials@v1.19.12", + "UID": "362e2b194b85ac49" + }, + "Version": "v1.19.12", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.20", + "Name": "github.com/aws/aws-sdk-go-v2/feature/ec2/imds", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.20", + "UID": "45b64c2f8ae64e56" + }, + "Version": "v1.18.20", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.20", + "Name": "github.com/aws/aws-sdk-go-v2/internal/configsources", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.20", + "UID": "7c00a916e3670f15" + }, + "Version": "v1.4.20", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.20", + "Name": "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.20", + "UID": "74f31595b057491d" + }, + "Version": "v2.7.20", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", + "Name": "github.com/aws/aws-sdk-go-v2/internal/ini", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", + "UID": "58e03f3e967d12b0" + }, + "Version": "v1.8.6", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/ec2@v1.296.0", + "Name": "github.com/aws/aws-sdk-go-v2/service/ec2", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/ec2@v1.296.0", + "UID": "823b033c6feb0367" + }, + "Version": "v1.296.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/ecs@v1.74.0", + "Name": "github.com/aws/aws-sdk-go-v2/service/ecs", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/ecs@v1.74.0", + "UID": "8f92e5b294be751e" + }, + "Version": "v1.74.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/elasticache@v1.51.12", + "Name": "github.com/aws/aws-sdk-go-v2/service/elasticache", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/elasticache@v1.51.12", + "UID": "61aff9f82b8bad76" + }, + "Version": "v1.51.12", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", + "Name": "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", + "UID": "329709d2560a435c" + }, + "Version": "v1.13.7", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.20", + "Name": "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.20", + "UID": "64b9386a06e7eb8c" + }, + "Version": "v1.13.20", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/kafka@v1.49.1", + "Name": "github.com/aws/aws-sdk-go-v2/service/kafka", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/kafka@v1.49.1", + "UID": "4eaaddca141538f1" + }, + "Version": "v1.49.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/lightsail@v1.51.0", + "Name": "github.com/aws/aws-sdk-go-v2/service/lightsail", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/lightsail@v1.51.0", + "UID": "3d6b65a49753c17c" + }, + "Version": "v1.51.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/rds@v1.117.0", + "Name": "github.com/aws/aws-sdk-go-v2/service/rds", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/rds@v1.117.0", + "UID": "141c4e7ef5e54ce" + }, + "Version": "v1.117.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/signin@v1.0.8", + "Name": "github.com/aws/aws-sdk-go-v2/service/signin", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/signin@v1.0.8", + "UID": "987dfe9b05b63af2" + }, + "Version": "v1.0.8", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/sso@v1.30.13", + "Name": "github.com/aws/aws-sdk-go-v2/service/sso", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/sso@v1.30.13", + "UID": "4186ed7c6e6f8468" + }, + "Version": "v1.30.13", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.17", + "Name": "github.com/aws/aws-sdk-go-v2/service/ssooidc", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.17", + "UID": "ddd19f0b66698d8d" + }, + "Version": "v1.35.17", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/sts@v1.41.9", + "Name": "github.com/aws/aws-sdk-go-v2/service/sts", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/sts@v1.41.9", + "UID": "e53c2f1cdaf069e6" + }, + "Version": "v1.41.9", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/smithy-go@v1.24.2", + "Name": "github.com/aws/smithy-go", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/smithy-go@v1.24.2", + "UID": "a33e9131eef2ad66" + }, + "Version": "v1.24.2", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/bahlo/generic-list-go@v0.2.0", + "Name": "github.com/bahlo/generic-list-go", + "Identifier": { + "PURL": "pkg:golang/github.com/bahlo/generic-list-go@v0.2.0", + "UID": "72932a0525eace0f" + }, + "Version": "v0.2.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/basgys/goxml2json@v1.1.1-0.20231018121955-e66ee54ceaad", + "Name": "github.com/basgys/goxml2json", + "Identifier": { + "PURL": "pkg:golang/github.com/basgys/goxml2json@v1.1.1-0.20231018121955-e66ee54ceaad", + "UID": "296c4a131eff9651" + }, + "Version": "v1.1.1-0.20231018121955-e66ee54ceaad", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/bboreham/go-loser@v0.0.0-20230920113527-fcc2c21820a3", + "Name": "github.com/bboreham/go-loser", + "Identifier": { + "PURL": "pkg:golang/github.com/bboreham/go-loser@v0.0.0-20230920113527-fcc2c21820a3", + "UID": "561358891b294ccb" + }, + "Version": "v0.0.0-20230920113527-fcc2c21820a3", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/beorn7/perks@v1.0.1", + "Name": "github.com/beorn7/perks", + "Identifier": { + "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", + "UID": "94d0fd3d40bb41ff" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/buger/jsonparser@v1.1.1", + "Name": "github.com/buger/jsonparser", + "Identifier": { + "PURL": "pkg:golang/github.com/buger/jsonparser@v1.1.1", + "UID": "73110281e49618c1" + }, + "Version": "v1.1.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cenkalti/backoff/v5@v5.0.3", + "Name": "github.com/cenkalti/backoff/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/cenkalti/backoff/v5@v5.0.3", + "UID": "b0d0b3cca77baca0" + }, + "Version": "v5.0.3", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cespare/xxhash/v2@v2.3.0", + "Name": "github.com/cespare/xxhash/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0", + "UID": "617666a7fd02e0b2" + }, + "Version": "v2.3.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cncf/xds/go@v0.0.0-20251210132809-ee656c7534f5", + "Name": "github.com/cncf/xds/go", + "Identifier": { + "PURL": "pkg:golang/github.com/cncf/xds/go@v0.0.0-20251210132809-ee656c7534f5", + "UID": "bf9a0af5a0412f1a" + }, + "Version": "v0.0.0-20251210132809-ee656c7534f5", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/containerd/errdefs@v1.0.0", + "Name": "github.com/containerd/errdefs", + "Identifier": { + "PURL": "pkg:golang/github.com/containerd/errdefs@v1.0.0", + "UID": "f8ca7dd5e0e7562a" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/containerd/errdefs/pkg@v0.3.0", + "Name": "github.com/containerd/errdefs/pkg", + "Identifier": { + "PURL": "pkg:golang/github.com/containerd/errdefs/pkg@v0.3.0", + "UID": "fa87ae25e4f30a56" + }, + "Version": "v0.3.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/coreos/go-systemd/v22@v22.6.0", + "Name": "github.com/coreos/go-systemd/v22", + "Identifier": { + "PURL": "pkg:golang/github.com/coreos/go-systemd/v22@v22.6.0", + "UID": "2a3d647d245b4dec" + }, + "Version": "v22.6.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "Name": "github.com/davecgh/go-spew", + "Identifier": { + "PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "UID": "7f9c3bf016fe96fb" + }, + "Version": "v1.1.2-0.20180830191138-d8f796af33cc", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/dennwc/varint@v1.0.0", + "Name": "github.com/dennwc/varint", + "Identifier": { + "PURL": "pkg:golang/github.com/dennwc/varint@v1.0.0", + "UID": "fb3314d028337e63" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/digitalocean/godo@v1.178.0", + "Name": "github.com/digitalocean/godo", + "Identifier": { + "PURL": "pkg:golang/github.com/digitalocean/godo@v1.178.0", + "UID": "254ea2e68f6651e2" + }, + "Version": "v1.178.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/distribution/reference@v0.6.0", + "Name": "github.com/distribution/reference", + "Identifier": { + "PURL": "pkg:golang/github.com/distribution/reference@v0.6.0", + "UID": "610829b63c40bd11" + }, + "Version": "v0.6.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/docker/docker@v28.5.2+incompatible", + "Name": "github.com/docker/docker", + "Identifier": { + "PURL": "pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible", + "UID": "80cdc665acbb41b4" + }, + "Version": "v28.5.2+incompatible", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/docker/go-connections@v0.6.0", + "Name": "github.com/docker/go-connections", + "Identifier": { + "PURL": "pkg:golang/github.com/docker/go-connections@v0.6.0", + "UID": "45066699ccb27404" + }, + "Version": "v0.6.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/docker/go-units@v0.5.0", + "Name": "github.com/docker/go-units", + "Identifier": { + "PURL": "pkg:golang/github.com/docker/go-units@v0.5.0", + "UID": "88cd8ac6326caa20" + }, + "Version": "v0.5.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/edsrzf/mmap-go@v1.2.0", + "Name": "github.com/edsrzf/mmap-go", + "Identifier": { + "PURL": "pkg:golang/github.com/edsrzf/mmap-go@v1.2.0", + "UID": "8476589f616975f1" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/emicklei/go-restful/v3@v3.12.2", + "Name": "github.com/emicklei/go-restful/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/emicklei/go-restful/v3@v3.12.2", + "UID": "b9ac4cb4df50c8be" + }, + "Version": "v3.12.2", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/envoyproxy/go-control-plane/envoy@v1.37.0", + "Name": "github.com/envoyproxy/go-control-plane/envoy", + "Identifier": { + "PURL": "pkg:golang/github.com/envoyproxy/go-control-plane/envoy@v1.37.0", + "UID": "2acc3e0970bafad3" + }, + "Version": "v1.37.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/envoyproxy/protoc-gen-validate@v1.3.3", + "Name": "github.com/envoyproxy/protoc-gen-validate", + "Identifier": { + "PURL": "pkg:golang/github.com/envoyproxy/protoc-gen-validate@v1.3.3", + "UID": "1927afaf611ec82d" + }, + "Version": "v1.3.3", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/facette/natsort@v0.0.0-20181210072756-2cd4dd1e2dcb", + "Name": "github.com/facette/natsort", + "Identifier": { + "PURL": "pkg:golang/github.com/facette/natsort@v0.0.0-20181210072756-2cd4dd1e2dcb", + "UID": "ec9d1999270a8090" + }, + "Version": "v0.0.0-20181210072756-2cd4dd1e2dcb", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/fatih/color@v1.18.0", + "Name": "github.com/fatih/color", + "Identifier": { + "PURL": "pkg:golang/github.com/fatih/color@v1.18.0", + "UID": "2ffe79a61f03db19" + }, + "Version": "v1.18.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/felixge/fgprof@v0.9.5", + "Name": "github.com/felixge/fgprof", + "Identifier": { + "PURL": "pkg:golang/github.com/felixge/fgprof@v0.9.5", + "UID": "6b9cd8559c9819a6" + }, + "Version": "v0.9.5", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/felixge/httpsnoop@v1.0.4", + "Name": "github.com/felixge/httpsnoop", + "Identifier": { + "PURL": "pkg:golang/github.com/felixge/httpsnoop@v1.0.4", + "UID": "53c235ddafdbe330" + }, + "Version": "v1.0.4", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/fsnotify/fsnotify@v1.9.0", + "Name": "github.com/fsnotify/fsnotify", + "Identifier": { + "PURL": "pkg:golang/github.com/fsnotify/fsnotify@v1.9.0", + "UID": "efab054f0986d7bd" + }, + "Version": "v1.9.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/fxamacker/cbor/v2@v2.9.0", + "Name": "github.com/fxamacker/cbor/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/fxamacker/cbor/v2@v2.9.0", + "UID": "673ebec4a246a081" + }, + "Version": "v2.9.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/logr@v1.4.3", + "Name": "github.com/go-logr/logr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/logr@v1.4.3", + "UID": "e8ad8c279e129d08" + }, + "Version": "v1.4.3", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/stdr@v1.2.2", + "Name": "github.com/go-logr/stdr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/stdr@v1.2.2", + "UID": "ef187250bed07a4b" + }, + "Version": "v1.2.2", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/analysis@v0.24.2", + "Name": "github.com/go-openapi/analysis", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/analysis@v0.24.2", + "UID": "45e4389362f9bc12" + }, + "Version": "v0.24.2", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/errors@v0.22.7", + "Name": "github.com/go-openapi/errors", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/errors@v0.22.7", + "UID": "411d12f71356a680" + }, + "Version": "v0.22.7", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/jsonpointer@v0.22.5", + "Name": "github.com/go-openapi/jsonpointer", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/jsonpointer@v0.22.5", + "UID": "4d3a1caa37a80f1b" + }, + "Version": "v0.22.5", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/jsonreference@v0.21.4", + "Name": "github.com/go-openapi/jsonreference", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/jsonreference@v0.21.4", + "UID": "2d9f310cc5608738" + }, + "Version": "v0.21.4", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/loads@v0.23.2", + "Name": "github.com/go-openapi/loads", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/loads@v0.23.2", + "UID": "55d54250a5eb89ed" + }, + "Version": "v0.23.2", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/spec@v0.22.3", + "Name": "github.com/go-openapi/spec", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/spec@v0.22.3", + "UID": "c1755afce8f7e5d5" + }, + "Version": "v0.22.3", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/strfmt@v0.26.1", + "Name": "github.com/go-openapi/strfmt", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/strfmt@v0.26.1", + "UID": "9d067101dbad2dd4" + }, + "Version": "v0.26.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag@v0.25.4", + "Name": "github.com/go-openapi/swag", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag@v0.25.4", + "UID": "3e0ea858daeb7731" + }, + "Version": "v0.25.4", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/cmdutils@v0.25.4", + "Name": "github.com/go-openapi/swag/cmdutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/cmdutils@v0.25.4", + "UID": "751e5ac754562d4" + }, + "Version": "v0.25.4", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/conv@v0.25.4", + "Name": "github.com/go-openapi/swag/conv", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/conv@v0.25.4", + "UID": "e1ae997975887467" + }, + "Version": "v0.25.4", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/fileutils@v0.25.4", + "Name": "github.com/go-openapi/swag/fileutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/fileutils@v0.25.4", + "UID": "678c382701636f83" + }, + "Version": "v0.25.4", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/jsonname@v0.25.5", + "Name": "github.com/go-openapi/swag/jsonname", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/jsonname@v0.25.5", + "UID": "72872bf24308511c" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/jsonutils@v0.25.4", + "Name": "github.com/go-openapi/swag/jsonutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/jsonutils@v0.25.4", + "UID": "c024f2c8a1d7176f" + }, + "Version": "v0.25.4", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/loading@v0.25.4", + "Name": "github.com/go-openapi/swag/loading", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/loading@v0.25.4", + "UID": "9f792668fb1294dc" + }, + "Version": "v0.25.4", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/mangling@v0.25.4", + "Name": "github.com/go-openapi/swag/mangling", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/mangling@v0.25.4", + "UID": "5cbe00f5d78984aa" + }, + "Version": "v0.25.4", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/netutils@v0.25.4", + "Name": "github.com/go-openapi/swag/netutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/netutils@v0.25.4", + "UID": "cf03a7f7c951f66" + }, + "Version": "v0.25.4", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/stringutils@v0.25.4", + "Name": "github.com/go-openapi/swag/stringutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/stringutils@v0.25.4", + "UID": "f03be0a70d9ccf26" + }, + "Version": "v0.25.4", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/typeutils@v0.25.4", + "Name": "github.com/go-openapi/swag/typeutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/typeutils@v0.25.4", + "UID": "f3102484fe67329a" + }, + "Version": "v0.25.4", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/yamlutils@v0.25.4", + "Name": "github.com/go-openapi/swag/yamlutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/yamlutils@v0.25.4", + "UID": "b55d6bf5deeb3d6d" + }, + "Version": "v0.25.4", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/validate@v0.25.1", + "Name": "github.com/go-openapi/validate", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/validate@v0.25.1", + "UID": "514e0cffe4a2f7be" + }, + "Version": "v0.25.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-resty/resty/v2@v2.17.2", + "Name": "github.com/go-resty/resty/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/go-resty/resty/v2@v2.17.2", + "UID": "b6fcc63433a1468d" + }, + "Version": "v2.17.2", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-viper/mapstructure/v2@v2.5.0", + "Name": "github.com/go-viper/mapstructure/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/go-viper/mapstructure/v2@v2.5.0", + "UID": "2212f9d52f9374ba" + }, + "Version": "v2.5.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-zookeeper/zk@v1.0.4", + "Name": "github.com/go-zookeeper/zk", + "Identifier": { + "PURL": "pkg:golang/github.com/go-zookeeper/zk@v1.0.4", + "UID": "aadc78f2f1704f5f" + }, + "Version": "v1.0.4", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gobwas/glob@v0.2.3", + "Name": "github.com/gobwas/glob", + "Identifier": { + "PURL": "pkg:golang/github.com/gobwas/glob@v0.2.3", + "UID": "2fc5bd60ae976498" + }, + "Version": "v0.2.3", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gogo/protobuf@v1.3.2", + "Name": "github.com/gogo/protobuf", + "Identifier": { + "PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2", + "UID": "3b1159e4f396bb77" + }, + "Version": "v1.3.2", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang-jwt/jwt/v5@v5.3.1", + "Name": "github.com/golang-jwt/jwt/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/golang-jwt/jwt/v5@v5.3.1", + "UID": "67e17c88e7239736" + }, + "Version": "v5.3.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/snappy@v1.0.0", + "Name": "github.com/golang/snappy", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/snappy@v1.0.0", + "UID": "7d76bb2cbe6599b4" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/gnostic-models@v0.7.0", + "Name": "github.com/google/gnostic-models", + "Identifier": { + "PURL": "pkg:golang/github.com/google/gnostic-models@v0.7.0", + "UID": "7f0007e695fec4c6" + }, + "Version": "v0.7.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/go-cmp@v0.7.0", + "Name": "github.com/google/go-cmp", + "Identifier": { + "PURL": "pkg:golang/github.com/google/go-cmp@v0.7.0", + "UID": "7b1bec43162b2e5d" + }, + "Version": "v0.7.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/go-querystring@v1.2.0", + "Name": "github.com/google/go-querystring", + "Identifier": { + "PURL": "pkg:golang/github.com/google/go-querystring@v1.2.0", + "UID": "324bbb8d9c13ff75" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/pprof@v0.0.0-20260302011040-a15ffb7f9dcc", + "Name": "github.com/google/pprof", + "Identifier": { + "PURL": "pkg:golang/github.com/google/pprof@v0.0.0-20260302011040-a15ffb7f9dcc", + "UID": "c0fb0b89dc748b2d" + }, + "Version": "v0.0.0-20260302011040-a15ffb7f9dcc", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/s2a-go@v0.1.9", + "Name": "github.com/google/s2a-go", + "Identifier": { + "PURL": "pkg:golang/github.com/google/s2a-go@v0.1.9", + "UID": "1ed090da124b6acf" + }, + "Version": "v0.1.9", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/uuid@v1.6.0", + "Name": "github.com/google/uuid", + "Identifier": { + "PURL": "pkg:golang/github.com/google/uuid@v1.6.0", + "UID": "25ab3a4fca20f1c5" + }, + "Version": "v1.6.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/googleapis/enterprise-certificate-proxy@v0.3.14", + "Name": "github.com/googleapis/enterprise-certificate-proxy", + "Identifier": { + "PURL": "pkg:golang/github.com/googleapis/enterprise-certificate-proxy@v0.3.14", + "UID": "58469f5e2e6a6e6f" + }, + "Version": "v0.3.14", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/googleapis/gax-go/v2@v2.18.0", + "Name": "github.com/googleapis/gax-go/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/googleapis/gax-go/v2@v2.18.0", + "UID": "f9d0d6becf5df9bc" + }, + "Version": "v2.18.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gophercloud/gophercloud/v2@v2.11.1", + "Name": "github.com/gophercloud/gophercloud/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/gophercloud/gophercloud/v2@v2.11.1", + "UID": "46e223ce4ece55ad" + }, + "Version": "v2.11.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gorilla/websocket@v1.5.4-0.20250319132907-e064f32e3674", + "Name": "github.com/gorilla/websocket", + "Identifier": { + "PURL": "pkg:golang/github.com/gorilla/websocket@v1.5.4-0.20250319132907-e064f32e3674", + "UID": "1856ae635780099d" + }, + "Version": "v1.5.4-0.20250319132907-e064f32e3674", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/grafana/regexp@v0.0.0-20250905093917-f7b3be9d1853", + "Name": "github.com/grafana/regexp", + "Identifier": { + "PURL": "pkg:golang/github.com/grafana/regexp@v0.0.0-20250905093917-f7b3be9d1853", + "UID": "822035ea59528563" + }, + "Version": "v0.0.0-20250905093917-f7b3be9d1853", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/grpc-ecosystem/grpc-gateway/v2@v2.28.0", + "Name": "github.com/grpc-ecosystem/grpc-gateway/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/grpc-ecosystem/grpc-gateway/v2@v2.28.0", + "UID": "ccebbcbe843b6819" + }, + "Version": "v2.28.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/consul/api@v1.32.1", + "Name": "github.com/hashicorp/consul/api", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/consul/api@v1.32.1", + "UID": "e77ebd36d161b64c" + }, + "Version": "v1.32.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/cronexpr@v1.1.3", + "Name": "github.com/hashicorp/cronexpr", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/cronexpr@v1.1.3", + "UID": "21557fa059d57ab3" + }, + "Version": "v1.1.3", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/errwrap@v1.1.0", + "Name": "github.com/hashicorp/errwrap", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/errwrap@v1.1.0", + "UID": "ebfa4413fb46b91" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-cleanhttp@v0.5.2", + "Name": "github.com/hashicorp/go-cleanhttp", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-cleanhttp@v0.5.2", + "UID": "2b65889b563b1631" + }, + "Version": "v0.5.2", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-hclog@v1.6.3", + "Name": "github.com/hashicorp/go-hclog", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-hclog@v1.6.3", + "UID": "5926656a648cfb84" + }, + "Version": "v1.6.3", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-immutable-radix@v1.3.1", + "Name": "github.com/hashicorp/go-immutable-radix", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-immutable-radix@v1.3.1", + "UID": "da12230e2a3cb4d7" + }, + "Version": "v1.3.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-multierror@v1.1.1", + "Name": "github.com/hashicorp/go-multierror", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-multierror@v1.1.1", + "UID": "3c705bfbeeb5f3fb" + }, + "Version": "v1.1.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-retryablehttp@v0.7.8", + "Name": "github.com/hashicorp/go-retryablehttp", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-retryablehttp@v0.7.8", + "UID": "6411265ae96af57e" + }, + "Version": "v0.7.8", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-rootcerts@v1.0.2", + "Name": "github.com/hashicorp/go-rootcerts", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-rootcerts@v1.0.2", + "UID": "bb528f8483175ec0" + }, + "Version": "v1.0.2", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-version@v1.8.0", + "Name": "github.com/hashicorp/go-version", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-version@v1.8.0", + "UID": "3721d9135393987d" + }, + "Version": "v1.8.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/golang-lru@v0.6.0", + "Name": "github.com/hashicorp/golang-lru", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/golang-lru@v0.6.0", + "UID": "dacc1b50f2ff05f0" + }, + "Version": "v0.6.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/nomad/api@v0.0.0-20260324203407-b27b0c2e019a", + "Name": "github.com/hashicorp/nomad/api", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/nomad/api@v0.0.0-20260324203407-b27b0c2e019a", + "UID": "f0cedd1a9c0edb09" + }, + "Version": "v0.0.0-20260324203407-b27b0c2e019a", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/serf@v0.10.1", + "Name": "github.com/hashicorp/serf", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/serf@v0.10.1", + "UID": "52ecd8deefd7b462" + }, + "Version": "v0.10.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hetznercloud/hcloud-go/v2@v2.36.0", + "Name": "github.com/hetznercloud/hcloud-go/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/hetznercloud/hcloud-go/v2@v2.36.0", + "UID": "bc00c6c7fe5ff494" + }, + "Version": "v2.36.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/ionos-cloud/sdk-go/v6@v6.3.6", + "Name": "github.com/ionos-cloud/sdk-go/v6", + "Identifier": { + "PURL": "pkg:golang/github.com/ionos-cloud/sdk-go/v6@v6.3.6", + "UID": "b0a2e36a703d8060" + }, + "Version": "v6.3.6", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jpillora/backoff@v1.0.0", + "Name": "github.com/jpillora/backoff", + "Identifier": { + "PURL": "pkg:golang/github.com/jpillora/backoff@v1.0.0", + "UID": "85acdaa6c4207e05" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/json-iterator/go@v1.1.12", + "Name": "github.com/json-iterator/go", + "Identifier": { + "PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12", + "UID": "5519a505d2ee8627" + }, + "Version": "v1.1.12", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/julienschmidt/httprouter@v1.3.0", + "Name": "github.com/julienschmidt/httprouter", + "Identifier": { + "PURL": "pkg:golang/github.com/julienschmidt/httprouter@v1.3.0", + "UID": "8b38ab08468df208" + }, + "Version": "v1.3.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/klauspost/compress@v1.18.5", + "Name": "github.com/klauspost/compress", + "Identifier": { + "PURL": "pkg:golang/github.com/klauspost/compress@v1.18.5", + "UID": "ab8df8e53b8149ec" + }, + "Version": "v1.18.5", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/knadh/koanf/maps@v0.1.2", + "Name": "github.com/knadh/koanf/maps", + "Identifier": { + "PURL": "pkg:golang/github.com/knadh/koanf/maps@v0.1.2", + "UID": "9dda2d1b796905f1" + }, + "Version": "v0.1.2", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/knadh/koanf/providers/confmap@v1.0.0", + "Name": "github.com/knadh/koanf/providers/confmap", + "Identifier": { + "PURL": "pkg:golang/github.com/knadh/koanf/providers/confmap@v1.0.0", + "UID": "a5cbd9754048b97d" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/knadh/koanf/v2@v2.3.3", + "Name": "github.com/knadh/koanf/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/knadh/koanf/v2@v2.3.3", + "UID": "c6b8530406fb1b7c" + }, + "Version": "v2.3.3", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/kolo/xmlrpc@v0.0.0-20220921171641-a4b6fa1dd06b", + "Name": "github.com/kolo/xmlrpc", + "Identifier": { + "PURL": "pkg:golang/github.com/kolo/xmlrpc@v0.0.0-20220921171641-a4b6fa1dd06b", + "UID": "2089f53c9f5cf46f" + }, + "Version": "v0.0.0-20220921171641-a4b6fa1dd06b", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/kylelemons/godebug@v1.1.0", + "Name": "github.com/kylelemons/godebug", + "Identifier": { + "PURL": "pkg:golang/github.com/kylelemons/godebug@v1.1.0", + "UID": "529d5064cebfd18c" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/linode/linodego@v1.66.0", + "Name": "github.com/linode/linodego", + "Identifier": { + "PURL": "pkg:golang/github.com/linode/linodego@v1.66.0", + "UID": "ded0b51d1f229ce5" + }, + "Version": "v1.66.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mattn/go-colorable@v0.1.14", + "Name": "github.com/mattn/go-colorable", + "Identifier": { + "PURL": "pkg:golang/github.com/mattn/go-colorable@v0.1.14", + "UID": "a294d8b24031a3bc" + }, + "Version": "v0.1.14", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mattn/go-isatty@v0.0.20", + "Name": "github.com/mattn/go-isatty", + "Identifier": { + "PURL": "pkg:golang/github.com/mattn/go-isatty@v0.0.20", + "UID": "57e7af910dd29cb0" + }, + "Version": "v0.0.20", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mdlayher/socket@v0.4.1", + "Name": "github.com/mdlayher/socket", + "Identifier": { + "PURL": "pkg:golang/github.com/mdlayher/socket@v0.4.1", + "UID": "1ee980ad8658cfff" + }, + "Version": "v0.4.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mdlayher/vsock@v1.2.1", + "Name": "github.com/mdlayher/vsock", + "Identifier": { + "PURL": "pkg:golang/github.com/mdlayher/vsock@v1.2.1", + "UID": "c8d4bf7194362c04" + }, + "Version": "v1.2.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/miekg/dns@v1.1.72", + "Name": "github.com/miekg/dns", + "Identifier": { + "PURL": "pkg:golang/github.com/miekg/dns@v1.1.72", + "UID": "9dd50b6675d8fe14" + }, + "Version": "v1.1.72", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mitchellh/copystructure@v1.2.0", + "Name": "github.com/mitchellh/copystructure", + "Identifier": { + "PURL": "pkg:golang/github.com/mitchellh/copystructure@v1.2.0", + "UID": "16765f0b945eb478" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mitchellh/mapstructure@v1.5.0", + "Name": "github.com/mitchellh/mapstructure", + "Identifier": { + "PURL": "pkg:golang/github.com/mitchellh/mapstructure@v1.5.0", + "UID": "3cb21089d6e8c2cd" + }, + "Version": "v1.5.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mitchellh/reflectwalk@v1.0.2", + "Name": "github.com/mitchellh/reflectwalk", + "Identifier": { + "PURL": "pkg:golang/github.com/mitchellh/reflectwalk@v1.0.2", + "UID": "7cce7f79d4fbba51" + }, + "Version": "v1.0.2", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/moby/docker-image-spec@v1.3.1", + "Name": "github.com/moby/docker-image-spec", + "Identifier": { + "PURL": "pkg:golang/github.com/moby/docker-image-spec@v1.3.1", + "UID": "399a508db176b47" + }, + "Version": "v1.3.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "Name": "github.com/modern-go/concurrent", + "Identifier": { + "PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "UID": "c9e50733e23b84b1" + }, + "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/modern-go/reflect2@v1.0.3-0.20250322232337-35a7c28c31ee", + "Name": "github.com/modern-go/reflect2", + "Identifier": { + "PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.3-0.20250322232337-35a7c28c31ee", + "UID": "3472270522abc345" + }, + "Version": "v1.0.3-0.20250322232337-35a7c28c31ee", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "Name": "github.com/munnerz/goautoneg", + "Identifier": { + "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "UID": "57f7166a5f9270eb" + }, + "Version": "v0.0.0-20191010083416-a7dc8b61c822", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", + "Name": "github.com/mwitkow/go-conntrack", + "Identifier": { + "PURL": "pkg:golang/github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", + "UID": "4e7eee934a1b5c66" + }, + "Version": "v0.0.0-20190716064945-2f068394615f", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/oklog/run@v1.2.0", + "Name": "github.com/oklog/run", + "Identifier": { + "PURL": "pkg:golang/github.com/oklog/run@v1.2.0", + "UID": "b3db03a03616ac1f" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/oklog/ulid/v2@v2.1.1", + "Name": "github.com/oklog/ulid/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/oklog/ulid/v2@v2.1.1", + "UID": "48b9800cf5b6bd9d" + }, + "Version": "v2.1.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/open-telemetry/opentelemetry-collector-contrib/internal/exp/metrics@v0.148.0", + "Name": "github.com/open-telemetry/opentelemetry-collector-contrib/internal/exp/metrics", + "Identifier": { + "PURL": "pkg:golang/github.com/open-telemetry/opentelemetry-collector-contrib/internal/exp/metrics@v0.148.0", + "UID": "f38a77a64300a5c4" + }, + "Version": "v0.148.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/open-telemetry/opentelemetry-collector-contrib/pkg/pdatautil@v0.148.0", + "Name": "github.com/open-telemetry/opentelemetry-collector-contrib/pkg/pdatautil", + "Identifier": { + "PURL": "pkg:golang/github.com/open-telemetry/opentelemetry-collector-contrib/pkg/pdatautil@v0.148.0", + "UID": "cf09cfdac047bd91" + }, + "Version": "v0.148.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/open-telemetry/opentelemetry-collector-contrib/processor/deltatocumulativeprocessor@v0.148.0", + "Name": "github.com/open-telemetry/opentelemetry-collector-contrib/processor/deltatocumulativeprocessor", + "Identifier": { + "PURL": "pkg:golang/github.com/open-telemetry/opentelemetry-collector-contrib/processor/deltatocumulativeprocessor@v0.148.0", + "UID": "ae85976f435f00ec" + }, + "Version": "v0.148.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/opencontainers/go-digest@v1.0.0", + "Name": "github.com/opencontainers/go-digest", + "Identifier": { + "PURL": "pkg:golang/github.com/opencontainers/go-digest@v1.0.0", + "UID": "31ad3a5885be9ba3" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/opencontainers/image-spec@v1.1.1", + "Name": "github.com/opencontainers/image-spec", + "Identifier": { + "PURL": "pkg:golang/github.com/opencontainers/image-spec@v1.1.1", + "UID": "941cd909b0de445d" + }, + "Version": "v1.1.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/ovh/go-ovh@v1.9.0", + "Name": "github.com/ovh/go-ovh", + "Identifier": { + "PURL": "pkg:golang/github.com/ovh/go-ovh@v1.9.0", + "UID": "d0eb17affc99c064" + }, + "Version": "v1.9.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pb33f/jsonpath@v0.8.1", + "Name": "github.com/pb33f/jsonpath", + "Identifier": { + "PURL": "pkg:golang/github.com/pb33f/jsonpath@v0.8.1", + "UID": "9ca50b083e71ec75" + }, + "Version": "v0.8.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pb33f/libopenapi@v0.34.3", + "Name": "github.com/pb33f/libopenapi", + "Identifier": { + "PURL": "pkg:golang/github.com/pb33f/libopenapi@v0.34.3", + "UID": "e575403ac0477ab8" + }, + "Version": "v0.34.3", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pb33f/libopenapi-validator@v0.13.3", + "Name": "github.com/pb33f/libopenapi-validator", + "Identifier": { + "PURL": "pkg:golang/github.com/pb33f/libopenapi-validator@v0.13.3", + "UID": "2ff5f00549b6cc6f" + }, + "Version": "v0.13.3", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pb33f/ordered-map/v2@v2.3.0", + "Name": "github.com/pb33f/ordered-map/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/pb33f/ordered-map/v2@v2.3.0", + "UID": "b3c97f24e49a7f19" + }, + "Version": "v2.3.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pbnjay/memory@v0.0.0-20210728143218-7b4eea64cf58", + "Name": "github.com/pbnjay/memory", + "Identifier": { + "PURL": "pkg:golang/github.com/pbnjay/memory@v0.0.0-20210728143218-7b4eea64cf58", + "UID": "990a75f814aea33e" + }, + "Version": "v0.0.0-20210728143218-7b4eea64cf58", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pkg/browser@v0.0.0-20240102092130-5ac0b6a4141c", + "Name": "github.com/pkg/browser", + "Identifier": { + "PURL": "pkg:golang/github.com/pkg/browser@v0.0.0-20240102092130-5ac0b6a4141c", + "UID": "7761b3e5b0c31ae1" + }, + "Version": "v0.0.0-20240102092130-5ac0b6a4141c", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pkg/errors@v0.9.1", + "Name": "github.com/pkg/errors", + "Identifier": { + "PURL": "pkg:golang/github.com/pkg/errors@v0.9.1", + "UID": "711469a245e0c8b5" + }, + "Version": "v0.9.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pmezard/go-difflib@v1.0.1-0.20181226105442-5d4384ee4fb2", + "Name": "github.com/pmezard/go-difflib", + "Identifier": { + "PURL": "pkg:golang/github.com/pmezard/go-difflib@v1.0.1-0.20181226105442-5d4384ee4fb2", + "UID": "2f4e40bbf5aac03f" + }, + "Version": "v1.0.1-0.20181226105442-5d4384ee4fb2", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/alertmanager@v0.31.1", + "Name": "github.com/prometheus/alertmanager", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/alertmanager@v0.31.1", + "UID": "c008482d3a0f083d" + }, + "Version": "v0.31.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_golang@v1.23.2", + "Name": "github.com/prometheus/client_golang", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.23.2", + "UID": "eaca842d337faf42" + }, + "Version": "v1.23.2", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_golang/exp@v0.0.0-20260325093428-d8591d0db856", + "Name": "github.com/prometheus/client_golang/exp", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_golang/exp@v0.0.0-20260325093428-d8591d0db856", + "UID": "be271605da604045" + }, + "Version": "v0.0.0-20260325093428-d8591d0db856", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_model@v0.6.2", + "Name": "github.com/prometheus/client_model", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_model@v0.6.2", + "UID": "f770435bb9b4357" + }, + "Version": "v0.6.2", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/common@v0.67.5", + "Name": "github.com/prometheus/common", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/common@v0.67.5", + "UID": "304528c102d15192" + }, + "Version": "v0.67.5", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/common/assets@v0.2.0", + "Name": "github.com/prometheus/common/assets", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/common/assets@v0.2.0", + "UID": "f8e98ff884ecdc4c" + }, + "Version": "v0.2.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/exporter-toolkit@v0.15.1", + "Name": "github.com/prometheus/exporter-toolkit", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/exporter-toolkit@v0.15.1", + "UID": "eb99e485815f7fcf" + }, + "Version": "v0.15.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/otlptranslator@v1.0.0", + "Name": "github.com/prometheus/otlptranslator", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/otlptranslator@v1.0.0", + "UID": "c2cdb158286ff15b" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/procfs@v0.16.1", + "Name": "github.com/prometheus/procfs", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/procfs@v0.16.1", + "UID": "6fdf28eda9c5f0f4" + }, + "Version": "v0.16.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/sigv4@v0.4.1", + "Name": "github.com/prometheus/sigv4", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/sigv4@v0.4.1", + "UID": "211508854c7490ca" + }, + "Version": "v0.4.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/puzpuzpuz/xsync/v4@v4.4.0", + "Name": "github.com/puzpuzpuz/xsync/v4", + "Identifier": { + "PURL": "pkg:golang/github.com/puzpuzpuz/xsync/v4@v4.4.0", + "UID": "12ec49df1d5e7152" + }, + "Version": "v4.4.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/santhosh-tekuri/jsonschema/v6@v6.0.2", + "Name": "github.com/santhosh-tekuri/jsonschema/v6", + "Identifier": { + "PURL": "pkg:golang/github.com/santhosh-tekuri/jsonschema/v6@v6.0.2", + "UID": "83cdcf9d94a03bec" + }, + "Version": "v6.0.2", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/scaleway/scaleway-sdk-go@v1.0.0-beta.36", + "Name": "github.com/scaleway/scaleway-sdk-go", + "Identifier": { + "PURL": "pkg:golang/github.com/scaleway/scaleway-sdk-go@v1.0.0-beta.36", + "UID": "30c33ec1877d71c8" + }, + "Version": "v1.0.0-beta.36", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/pflag@v1.0.10", + "Name": "github.com/spf13/pflag", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.10", + "UID": "a19cf44f862a3f99" + }, + "Version": "v1.0.10", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/stackitcloud/stackit-sdk-go/core@v0.23.0", + "Name": "github.com/stackitcloud/stackit-sdk-go/core", + "Identifier": { + "PURL": "pkg:golang/github.com/stackitcloud/stackit-sdk-go/core@v0.23.0", + "UID": "d818d87ba4c7a0f4" + }, + "Version": "v0.23.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/stretchr/testify@v1.11.1", + "Name": "github.com/stretchr/testify", + "Identifier": { + "PURL": "pkg:golang/github.com/stretchr/testify@v1.11.1", + "UID": "e1f925609bb64645" + }, + "Version": "v1.11.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/vultr/govultr/v3@v3.28.1", + "Name": "github.com/vultr/govultr/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/vultr/govultr/v3@v3.28.1", + "UID": "ff73967bd387e119" + }, + "Version": "v3.28.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/x448/float16@v0.8.4", + "Name": "github.com/x448/float16", + "Identifier": { + "PURL": "pkg:golang/github.com/x448/float16@v0.8.4", + "UID": "5cf658e685bacb51" + }, + "Version": "v0.8.4", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/xhit/go-str2duration/v2@v2.1.0", + "Name": "github.com/xhit/go-str2duration/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/xhit/go-str2duration/v2@v2.1.0", + "UID": "d8f44b3821e70459" + }, + "Version": "v2.1.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/auto/sdk@v1.2.1", + "Name": "go.opentelemetry.io/auto/sdk", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/auto/sdk@v1.2.1", + "UID": "de35fe5c8f3179e3" + }, + "Version": "v1.2.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/collector/component@v1.54.0", + "Name": "go.opentelemetry.io/collector/component", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/collector/component@v1.54.0", + "UID": "42de11cde12aca89" + }, + "Version": "v1.54.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/collector/confmap@v1.54.0", + "Name": "go.opentelemetry.io/collector/confmap", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/collector/confmap@v1.54.0", + "UID": "38b1c8d2c0eacdc5" + }, + "Version": "v1.54.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/collector/confmap/xconfmap@v0.148.0", + "Name": "go.opentelemetry.io/collector/confmap/xconfmap", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/collector/confmap/xconfmap@v0.148.0", + "UID": "1fd8ef0f798d9cc" + }, + "Version": "v0.148.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/collector/consumer@v1.54.0", + "Name": "go.opentelemetry.io/collector/consumer", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/collector/consumer@v1.54.0", + "UID": "cb83cef10bcf7a7e" + }, + "Version": "v1.54.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/collector/featuregate@v1.54.0", + "Name": "go.opentelemetry.io/collector/featuregate", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/collector/featuregate@v1.54.0", + "UID": "53fb34f5ff8748c2" + }, + "Version": "v1.54.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/collector/internal/componentalias@v0.148.0", + "Name": "go.opentelemetry.io/collector/internal/componentalias", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/collector/internal/componentalias@v0.148.0", + "UID": "294e254bddf88e43" + }, + "Version": "v0.148.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/collector/pdata@v1.54.0", + "Name": "go.opentelemetry.io/collector/pdata", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/collector/pdata@v1.54.0", + "UID": "5f14c8da97fb995a" + }, + "Version": "v1.54.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/collector/pipeline@v1.54.0", + "Name": "go.opentelemetry.io/collector/pipeline", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/collector/pipeline@v1.54.0", + "UID": "395074cfd24cc220" + }, + "Version": "v1.54.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/collector/processor@v1.54.0", + "Name": "go.opentelemetry.io/collector/processor", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/collector/processor@v1.54.0", + "UID": "976efb01ff8c4973" + }, + "Version": "v1.54.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@v0.67.0", + "Name": "go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@v0.67.0", + "UID": "e3e3659c52bc3f73" + }, + "Version": "v0.67.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.67.0", + "Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.67.0", + "UID": "8bd611c7476b1e8" + }, + "Version": "v0.67.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel@v1.42.0", + "Name": "go.opentelemetry.io/otel", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel@v1.42.0", + "UID": "ea8065bc78d88e47" + }, + "Version": "v1.42.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.42.0", + "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.42.0", + "UID": "ca4581cb56a63723" + }, + "Version": "v1.42.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.42.0", + "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.42.0", + "UID": "c927bae0b462da0f" + }, + "Version": "v1.42.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.42.0", + "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.42.0", + "UID": "a96bfd90f2d400cb" + }, + "Version": "v1.42.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/metric@v1.42.0", + "Name": "go.opentelemetry.io/otel/metric", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/metric@v1.42.0", + "UID": "535bc300eacce4aa" + }, + "Version": "v1.42.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/sdk@v1.42.0", + "Name": "go.opentelemetry.io/otel/sdk", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/sdk@v1.42.0", + "UID": "e049a293cf690f77" + }, + "Version": "v1.42.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/trace@v1.42.0", + "Name": "go.opentelemetry.io/otel/trace", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/trace@v1.42.0", + "UID": "4fb7000c7d548bc3" + }, + "Version": "v1.42.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/proto/otlp@v1.9.0", + "Name": "go.opentelemetry.io/proto/otlp", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/proto/otlp@v1.9.0", + "UID": "c9a0f30491cb2a63" + }, + "Version": "v1.9.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/atomic@v1.11.0", + "Name": "go.uber.org/atomic", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/atomic@v1.11.0", + "UID": "396e8c8d39fc3112" + }, + "Version": "v1.11.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/automaxprocs@v1.6.0", + "Name": "go.uber.org/automaxprocs", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/automaxprocs@v1.6.0", + "UID": "ab80bb6752964505" + }, + "Version": "v1.6.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/goleak@v1.3.0", + "Name": "go.uber.org/goleak", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/goleak@v1.3.0", + "UID": "7ad0a22e9d273419" + }, + "Version": "v1.3.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/multierr@v1.11.0", + "Name": "go.uber.org/multierr", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/multierr@v1.11.0", + "UID": "63863f051aba5dbb" + }, + "Version": "v1.11.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/zap@v1.27.1", + "Name": "go.uber.org/zap", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/zap@v1.27.1", + "UID": "5bc7a3b46406e936" + }, + "Version": "v1.27.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.yaml.in/yaml/v2@v2.4.4", + "Name": "go.yaml.in/yaml/v2", + "Identifier": { + "PURL": "pkg:golang/go.yaml.in/yaml/v2@v2.4.4", + "UID": "f18a332441ed536" + }, + "Version": "v2.4.4", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.yaml.in/yaml/v3@v3.0.4", + "Name": "go.yaml.in/yaml/v3", + "Identifier": { + "PURL": "pkg:golang/go.yaml.in/yaml/v3@v3.0.4", + "UID": "5d94579a2e20fec6" + }, + "Version": "v3.0.4", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.yaml.in/yaml/v4@v4.0.0-rc.4", + "Name": "go.yaml.in/yaml/v4", + "Identifier": { + "PURL": "pkg:golang/go.yaml.in/yaml/v4@v4.0.0-rc.4", + "UID": "314a88b684eae084" + }, + "Version": "v4.0.0-rc.4", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/crypto@v0.49.0", + "Name": "golang.org/x/crypto", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.49.0", + "UID": "6b2555101c89ec99" + }, + "Version": "v0.49.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/exp@v0.0.0-20260218203240-3dfff04db8fa", + "Name": "golang.org/x/exp", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/exp@v0.0.0-20260218203240-3dfff04db8fa", + "UID": "7753c684b06bfd79" + }, + "Version": "v0.0.0-20260218203240-3dfff04db8fa", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/net@v0.52.0", + "Name": "golang.org/x/net", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.52.0", + "UID": "2f12636bf35b6ade" + }, + "Version": "v0.52.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/oauth2@v0.36.0", + "Name": "golang.org/x/oauth2", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/oauth2@v0.36.0", + "UID": "a30d146e688d7a47" + }, + "Version": "v0.36.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sync@v0.20.0", + "Name": "golang.org/x/sync", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sync@v0.20.0", + "UID": "d9d7654c82cc875b" + }, + "Version": "v0.20.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sys@v0.42.0", + "Name": "golang.org/x/sys", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sys@v0.42.0", + "UID": "dc6f0902775523de" + }, + "Version": "v0.42.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/term@v0.41.0", + "Name": "golang.org/x/term", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/term@v0.41.0", + "UID": "20a04e6727819824" + }, + "Version": "v0.41.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/text@v0.35.0", + "Name": "golang.org/x/text", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/text@v0.35.0", + "UID": "bc482050949f4481" + }, + "Version": "v0.35.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/time@v0.15.0", + "Name": "golang.org/x/time", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/time@v0.15.0", + "UID": "7d5f4b4171b30994" + }, + "Version": "v0.15.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/api@v0.272.0", + "Name": "google.golang.org/api", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/api@v0.272.0", + "UID": "445671508be01f60" + }, + "Version": "v0.272.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/genproto/googleapis/api@v0.0.0-20260319201613-d00831a3d3e7", + "Name": "google.golang.org/genproto/googleapis/api", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/genproto/googleapis/api@v0.0.0-20260319201613-d00831a3d3e7", + "UID": "b5990eae76e9072c" + }, + "Version": "v0.0.0-20260319201613-d00831a3d3e7", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/genproto/googleapis/rpc@v0.0.0-20260311181403-84a4fc48630c", + "Name": "google.golang.org/genproto/googleapis/rpc", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/genproto/googleapis/rpc@v0.0.0-20260311181403-84a4fc48630c", + "UID": "64aff811bd17e609" + }, + "Version": "v0.0.0-20260311181403-84a4fc48630c", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/grpc@v1.79.3", + "Name": "google.golang.org/grpc", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/grpc@v1.79.3", + "UID": "2d09810516bbc3d7" + }, + "Version": "v1.79.3", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/protobuf@v1.36.11", + "Name": "google.golang.org/protobuf", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/protobuf@v1.36.11", + "UID": "61803db316219043" + }, + "Version": "v1.36.11", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/evanphx/json-patch.v4@v4.13.0", + "Name": "gopkg.in/evanphx/json-patch.v4", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/evanphx/json-patch.v4@v4.13.0", + "UID": "aeb3ac32ffd1e700" + }, + "Version": "v4.13.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/inf.v0@v0.9.1", + "Name": "gopkg.in/inf.v0", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/inf.v0@v0.9.1", + "UID": "71ae235a8179f079" + }, + "Version": "v0.9.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/ini.v1@v1.67.1", + "Name": "gopkg.in/ini.v1", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/ini.v1@v1.67.1", + "UID": "e45a1b4abb9d1aa7" + }, + "Version": "v1.67.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v2@v2.4.0", + "Name": "gopkg.in/yaml.v2", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", + "UID": "5d696abc510482cf" + }, + "Version": "v2.4.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v3@v3.0.1", + "Name": "gopkg.in/yaml.v3", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", + "UID": "894b6b9e956b0bcb" + }, + "Version": "v3.0.1", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/api@v0.35.3", + "Name": "k8s.io/api", + "Identifier": { + "PURL": "pkg:golang/k8s.io/api@v0.35.3", + "UID": "f25fefce0c2431f9" + }, + "Version": "v0.35.3", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/apimachinery@v0.35.3", + "Name": "k8s.io/apimachinery", + "Identifier": { + "PURL": "pkg:golang/k8s.io/apimachinery@v0.35.3", + "UID": "72ea161fb20d85bb" + }, + "Version": "v0.35.3", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/client-go@v0.35.3", + "Name": "k8s.io/client-go", + "Identifier": { + "PURL": "pkg:golang/k8s.io/client-go@v0.35.3", + "UID": "e5311bb6db53bb22" + }, + "Version": "v0.35.3", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/klog@v1.0.0", + "Name": "k8s.io/klog", + "Identifier": { + "PURL": "pkg:golang/k8s.io/klog@v1.0.0", + "UID": "50421466fcbf5ff7" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/klog/v2@v2.140.0", + "Name": "k8s.io/klog/v2", + "Identifier": { + "PURL": "pkg:golang/k8s.io/klog/v2@v2.140.0", + "UID": "e37583d83b22515e" + }, + "Version": "v2.140.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/kube-openapi@v0.0.0-20250910181357-589584f1c912", + "Name": "k8s.io/kube-openapi", + "Identifier": { + "PURL": "pkg:golang/k8s.io/kube-openapi@v0.0.0-20250910181357-589584f1c912", + "UID": "d98d76f9e1fee2f" + }, + "Version": "v0.0.0-20250910181357-589584f1c912", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/utils@v0.0.0-20251002143259-bc988d571ff4", + "Name": "k8s.io/utils", + "Identifier": { + "PURL": "pkg:golang/k8s.io/utils@v0.0.0-20251002143259-bc988d571ff4", + "UID": "d42ef5e7bc7d137f" + }, + "Version": "v0.0.0-20251002143259-bc988d571ff4", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/json@v0.0.0-20250730193827-2d320260d730", + "Name": "sigs.k8s.io/json", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/json@v0.0.0-20250730193827-2d320260d730", + "UID": "7ed447bde08e46d5" + }, + "Version": "v0.0.0-20250730193827-2d320260d730", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/randfill@v1.0.0", + "Name": "sigs.k8s.io/randfill", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/randfill@v1.0.0", + "UID": "809e21831ae4b5ba" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/structured-merge-diff/v6@v6.3.0", + "Name": "sigs.k8s.io/structured-merge-diff/v6", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/structured-merge-diff/v6@v6.3.0", + "UID": "b6a741b7e39a206d" + }, + "Version": "v6.3.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/yaml@v1.6.0", + "Name": "sigs.k8s.io/yaml", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/yaml@v1.6.0", + "UID": "938df54684fecea9" + }, + "Version": "v1.6.0", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2026-32285", + "VendorIDs": [ + "GHSA-6g7g-w4f8-9c9x" + ], + "PkgID": "github.com/buger/jsonparser@v1.1.1", + "PkgName": "github.com/buger/jsonparser", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/buger/jsonparser@v1.1.1", + "UID": "73110281e49618c1" + }, + "InstalledVersion": "v1.1.1", + "FixedVersion": "1.1.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32285", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:49ac7d415e3c79c02bb0c28964c34634b0aaad6d2bbd7251bc8a20dfb553f0d0", + "Title": "github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input", + "Description": "The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-129" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32285", + "https://github.com/buger/jsonparser", + "https://github.com/buger/jsonparser/commit/a69e7e01cd4ad67bdfd3ac2c080b9212af16f4b0", + "https://github.com/buger/jsonparser/issues/275", + "https://github.com/buger/jsonparser/pull/276", + "https://github.com/buger/jsonparser/releases/tag/v1.1.2", + "https://github.com/golang/vulndb/issues/4514", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32285", + "https://pkg.go.dev/vuln/GO-2026-4514", + "https://securityinfinity.com/research/buger-jsonparser-negative-slice-panic-dos-2026", + "https://www.cve.org/CVERecord?id=CVE-2026-32285" + ], + "PublishedDate": "2026-03-26T20:16:12.197Z", + "LastModifiedDate": "2026-04-21T15:42:07.52Z" + }, + { + "VulnerabilityID": "CVE-2026-34040", + "VendorIDs": [ + "GHSA-x744-4wpc-v9h2" + ], + "PkgID": "github.com/docker/docker@v28.5.2+incompatible", + "PkgName": "github.com/docker/docker", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible", + "UID": "80cdc665acbb41b4" + }, + "InstalledVersion": "v28.5.2+incompatible", + "FixedVersion": "29.3.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34040", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:04ebb2194e574d3645067d7d14e225eefbf5b456a725abb377e64a3b799eae7d", + "Title": "Moby: Moby: Authorization bypass vulnerability", + "Description": "Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-288" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 3, + "nvd": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", + "V3Score": 8.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-34040", + "https://docs.docker.com/engine/extend/plugins_authorization", + "https://github.com/moby/moby", + "https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38", + "https://github.com/moby/moby/releases/tag/docker-v29.3.1", + "https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq", + "https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2", + "https://nvd.nist.gov/vuln/detail/CVE-2026-34040", + "https://www.cve.org/CVERecord?id=CVE-2026-34040" + ], + "PublishedDate": "2026-03-31T03:15:57.883Z", + "LastModifiedDate": "2026-04-03T16:51:28.67Z" + }, + { + "VulnerabilityID": "CVE-2026-41567", + "VendorIDs": [ + "GHSA-x86f-5xw2-fm2r" + ], + "PkgID": "github.com/docker/docker@v28.5.2+incompatible", + "PkgName": "github.com/docker/docker", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible", + "UID": "80cdc665acbb41b4" + }, + "InstalledVersion": "v28.5.2+incompatible", + "Status": "affected", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41567", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:47d75cc27f34edaf5dafbabaf75cfce1245488baee895d665f2dc0d3f7657f76", + "Title": "Docker: `PUT /containers/{id}/archive` executes container binary on the host", + "Description": "## Summary\n\nWhen a user uploads a compressed archive into a container, a malicious image can execute arbitrary code with daemon (host root) privileges.\n\n## Details\n\nWhen handling `PUT /containers/{id}/archive` requests with compressed archives, the daemon decompresses them using external system binaries. Due to incorrect ordering of operations, these binaries are resolved from the container's filesystem rather than the host's. A container image that includes a trojanized decompression binary can achieve code execution as the daemon process whenever a compressed archive is uploaded to that container.\n\nThe executed binary runs with the daemon's full privileges, including host root UID and unrestricted capabilities.\n\n## Impact\n\nArbitrary code execution as host root, crossing the container-to-host trust boundary.\n\n### Conditions for exploitation\n\n- A user must run a container from a malicious image that contains a trojanized decompression binary.\n- The user must then upload a compressed archive (xz or gzip) into that container, either by piping a compressed archive via `docker cp -` or by calling the `PUT /containers/{id}/archive` API directly with compressed content.\n\n### Not affected\n\nStandard `docker cp` usage is **not** affected, because the CLI sends uncompressed tar by default:\n\n```\ndocker cp ./file.txt mycontainer:/file.txt\n```\n\nThis can only be exploited when explicitly passing a xz or gzip-compressed archive to `docker cp` or the `PUT /containers/{id}/archive` API, for example:\n\n```\ncat archive.tar.xz | docker cp - mycontainer:/dir\n```\n\nDecompression formats using pure Go implementations (bzip2, zstd, and gzip when the container image does not contain an `unpigz` binary) are also not affected.\n\n## Workarounds\n\n- Only run containers from trusted images.\n- Use authorization plugins to limit access to the `PUT /containers/{id}/archive` endpoint.\n- Avoid piping compressed archives into containers created from untrusted images.", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", + "V3Score": 7.2 + } + }, + "References": [ + "https://github.com/moby/moby", + "https://github.com/moby/moby/security/advisories/GHSA-x86f-5xw2-fm2r" + ] + }, + { + "VulnerabilityID": "CVE-2026-42306", + "VendorIDs": [ + "GHSA-rg2x-37c3-w2rh" + ], + "PkgID": "github.com/docker/docker@v28.5.2+incompatible", + "PkgName": "github.com/docker/docker", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible", + "UID": "80cdc665acbb41b4" + }, + "InstalledVersion": "v28.5.2+incompatible", + "Status": "affected", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42306", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:d288c666dfb4023f309775f41cd591ddcc56dd1c1583dd155c34d0526bbf2aa6", + "Title": "Docker: Race condition in docker cp allows bind mount redirection to host path", + "Description": "## Summary\n\nA race condition during `docker cp` mount setup allows a malicious container to redirect a bind mount target to an arbitrary host path, potentially overwriting host files or causing denial of service.\n\n## Details\n\nWhen copying files into a container, the daemon sets up a temporary filesystem view by bind-mounting volumes into a private mount namespace. During this setup, the mount destination is created inside the container root and then a bind mount is attached using the container-relative path resolved to an absolute host path.\n\nBetween mountpoint creation and the `mount()` syscall, a process running inside the container can replace the destination (or a parent path component) with a symlink pointing to an arbitrary location on the host. The `mount()` syscall follows the symlink, causing the volume to be bind-mounted onto an arbitrary host path instead of the intended container path.\n\n## Impact\n\nA malicious container can redirect a volume bind mount to an arbitrary host path. The impact depends on the volume content and mount options:\n\n- If the volume is writable, arbitrary host files at the redirected path could be overwritten with the volume's contents.\n- If the volume is read-only, the host path is masked by the mount for the duration of the operation, causing denial of service.\n- In all cases the mount is temporary (torn down after the `docker cp` completes), but the effects of any writes persist.\n\n### Conditions for exploitation\n\n- A container must have at least one volume mount.\n- A process inside the container must be able to rapidly create and swap symlinks at the volume mount destination path.\n- An operator must initiate a `docker cp` into that container, or call the `PUT /containers/{id}/archive` or `HEAD /containers/{id}/archive` API endpoints.\n\n### Not affected\n\n- Containers that do not have volume mounts are not affected, as the race occurs during volume bind-mount setup.\n\n## Workarounds\n\n- Only run containers from trusted images.\n- Avoid using `docker cp` with untrusted running containers.\n- Use authorization plugins to restrict access to the archive API endpoints (`PUT /containers/{id}/archive`, `HEAD /containers/{id}/archive`).", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:H", + "V3Score": 7.2 + } + }, + "References": [ + "https://github.com/moby/moby", + "https://github.com/moby/moby/security/advisories/GHSA-rg2x-37c3-w2rh" + ] + }, + { + "VulnerabilityID": "CVE-2026-33997", + "VendorIDs": [ + "GHSA-pxq6-2prw-chj9" + ], + "PkgID": "github.com/docker/docker@v28.5.2+incompatible", + "PkgName": "github.com/docker/docker", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible", + "UID": "80cdc665acbb41b4" + }, + "InstalledVersion": "v28.5.2+incompatible", + "FixedVersion": "29.3.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33997", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:29ebe9110bc9a76b1fffb61276bff7cec0586602dac41fe9a9b960a0f7e81c46", + "Title": "moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation", + "Description": "Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user. Plugins that request exactly one privilege are also affected, because no comparison is performed at all. This issue has been patched in version 29.3.1.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-193" + ], + "VendorSeverity": { + "amazon": 2, + "ghsa": 2, + "nvd": 3, + "photon": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 6.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 8.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-33997", + "https://docs.docker.com/engine/extend/legacy_plugins", + "https://github.com/moby/moby", + "https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a", + "https://github.com/moby/moby/releases/tag/docker-v29.3.1", + "https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33997", + "https://www.cve.org/CVERecord?id=CVE-2026-33997" + ], + "PublishedDate": "2026-03-31T03:15:57.523Z", + "LastModifiedDate": "2026-04-03T17:23:21.307Z" + }, + { + "VulnerabilityID": "CVE-2026-41568", + "VendorIDs": [ + "GHSA-vp62-88p7-qqf5" + ], + "PkgID": "github.com/docker/docker@v28.5.2+incompatible", + "PkgName": "github.com/docker/docker", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible", + "UID": "80cdc665acbb41b4" + }, + "InstalledVersion": "v28.5.2+incompatible", + "Status": "affected", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41568", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:75475811480b8d92fef3e5e585b5b9029eaedce3c88567c19ec7e2f267d5e92f", + "Title": "Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap", + "Description": "## Summary\n\nA race condition during `docker cp` mount setup allows a malicious container to create empty files or directories at arbitrary absolute paths on the host filesystem.\n\nThis advisory covers the race during mountpoint creation. The related race during the subsequent mount syscall is tracked in GHSA-rg2x-37c3-w2rh\n\n## Details\n\nWhen copying files into a container, the daemon sets up a temporary filesystem view by bind-mounting volumes into a private mount namespace. During this setup, the mount destination path is first resolved within the container's root filesystem using `GetResourcePath`, and then used to create the mountpoint (file or directory) if it does not already exist via `createIfNotExists`.\n\nBetween path resolution and mountpoint creation, a process running inside the container can swap a path component for a symlink pointing to an arbitrary location on the host. Because `createIfNotExists` operates on the already-resolved absolute path using standard `os.MkdirAll` and `os.OpenFile` — which follow symlinks in intermediate path components — the symlink is followed and the file or directory is created outside the container root filesystem, as root.\n\n## Impact\n\nA malicious container can create empty files or directories at arbitrary absolute paths on the host filesystem, running as root. This enables persistent denial of service — for example:\n\n- Converting `/etc/docker/daemon.json` into a directory prevents the daemon from restarting\n- Creating `/etc/nologin` prevents user logins\n- Overwriting critical system paths with empty files can break host services\n\nThe container does not gain read or write access to existing host files — only the ability to create new empty files or directories at chosen paths.\n\n### Conditions for exploitation\n\n- A container must be running with a process that can rapidly create and swap symlinks at a volume mount destination path.\n- An operator must initiate a `docker cp` into that container, or call the `PUT /containers/{id}/archive` or `HEAD /containers/{id}/archive` API endpoints.\n\n### Not affected\n\n- Containers that do not have volume mounts are not affected, as the race occurs during volume bind-mount setup.\n\n## Patches\n\nMountpoint creation is now scoped to the container root using `os.Root` (Go 1.24+), which refuses to follow symlinks that escape the opened root directory. All filesystem operations in `createIfNotExists` (`MkdirAll`, `OpenFile`) are performed through the `os.Root` handle, so even if a symlink swap occurs after path resolution, the creation stays confined to the container root.\n\n## Workarounds\n\n- Only run containers from trusted images.\n- Avoid using `docker cp` with untrusted running containers.\n- Use authorization plugins to restrict access to the archive API endpoints (`PUT /containers/{id}/archive`, `HEAD /containers/{id}/archive`).", + "Severity": "MEDIUM", + "VendorSeverity": { + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:H", + "V3Score": 6 + } + }, + "References": [ + "https://github.com/moby/moby", + "https://github.com/moby/moby/security/advisories/GHSA-vp62-88p7-qqf5" + ] + }, + { + "VulnerabilityID": "CVE-2026-39882", + "VendorIDs": [ + "GHSA-w8rr-5gcm-pp58" + ], + "PkgID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.42.0", + "PkgName": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp", + "PkgIdentifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.42.0", + "UID": "a96bfd90f2d400cb" + }, + "InstalledVersion": "v1.42.0", + "FixedVersion": "1.43.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39882", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:959779163b20339124064054d4dbf9f46d440e4c59998d497ba6fd3684a2ccca", + "Title": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ...", + "Description": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory bytes.Buffer without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled (or a network attacker can mitm the exporter connection). This vulnerability is fixed in 1.43.0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-789" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.3 + } + }, + "References": [ + "http://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0", + "https://github.com/open-telemetry/opentelemetry-go", + "https://github.com/open-telemetry/opentelemetry-go/pull/8108", + "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-w8rr-5gcm-pp58", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39882" + ], + "PublishedDate": "2026-04-08T21:17:00.547Z", + "LastModifiedDate": "2026-04-09T18:39:55.73Z" + }, + { + "VulnerabilityID": "CVE-2026-39883", + "VendorIDs": [ + "GHSA-hfvc-g4fc-pqhx" + ], + "PkgID": "go.opentelemetry.io/otel/sdk@v1.42.0", + "PkgName": "go.opentelemetry.io/otel/sdk", + "PkgIdentifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/sdk@v1.42.0", + "UID": "e049a293cf690f77" + }, + "InstalledVersion": "v1.42.0", + "FixedVersion": "1.43.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39883", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:1834c7d723331bb4c79bd0d8ae19b32edbe4ed5a314480dbd667e6234e6addfa", + "Title": "opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking", + "Description": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This vulnerability is fixed in 1.43.0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-426" + ], + "VendorSeverity": { + "ghsa": 3, + "nvd": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", + "V40Score": 7.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0", + "https://github.com/open-telemetry/opentelemetry-go", + "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-hfvc-g4fc-pqhx", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39883" + ], + "PublishedDate": "2026-04-08T21:17:00.697Z", + "LastModifiedDate": "2026-04-10T21:16:27.12Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "f8b9f4accc86a9be" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c0dacea47b72604123e5f93f3e2d0db96305ddbb302db984af6258dbfebfbf7a", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "f8b9f4accc86a9be" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:61aa2fa3b2e0705fd053531a3e44f6fa63a05e0771657bc4fbd61ca437158d03", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "f8b9f4accc86a9be" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3de0d46890d9c011e57a238b413c8043f136cbb2c917e0b80e1e1fbd59d53de1", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "f8b9f4accc86a9be" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a501f4c79273d94ccca23c67762daa2cf5ee7201fffacafe15c50713fae04f41", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "f8b9f4accc86a9be" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:037e8196d9e93151445fa49e5db8e796d3a886358de21e76c9932bae89d081eb", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "f8b9f4accc86a9be" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:46ea3c44d2311c08ce5fe011556f92f866f47c10c4f6f532c71809b76c318dbb", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "f8b9f4accc86a9be" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:558ec9fd67fb46abf091405bca6b81c7c6cbbdd57137ff88c150b8deafddd5a9", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "f8b9f4accc86a9be" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", + "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3fa90bb7950ad1f1cd289a25b8bd93d4126d24d2293ea2ce13b73432fd5d098f", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + }, + { + "Target": "bin/promtool", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "github.com/prometheus/prometheus@v3.11.3", + "Name": "github.com/prometheus/prometheus", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/prometheus@3.11.3", + "UID": "d0b7596820559c68" + }, + "Version": "3.11.3", + "Relationship": "root", + "DependsOn": [ + "cloud.google.com/go/auth/oauth2adapt@v0.2.8", + "cloud.google.com/go/auth@v0.18.2", + "cloud.google.com/go/compute/metadata@v0.9.0", + "github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.21.0", + "github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.13.1", + "github.com/Azure/azure-sdk-for-go/sdk/internal@v1.11.2", + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5@v5.7.0", + "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4@v4.3.0", + "github.com/AzureAD/microsoft-authentication-library-for-go@v1.6.0", + "github.com/Code-Hex/go-generics-cache@v1.5.1", + "github.com/alecthomas/kingpin/v2@v2.4.0", + "github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", + "github.com/armon/go-metrics@v0.4.1", + "github.com/aws/aws-sdk-go-v2/config@v1.32.12", + "github.com/aws/aws-sdk-go-v2/credentials@v1.19.12", + "github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.20", + "github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.20", + "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.20", + "github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", + "github.com/aws/aws-sdk-go-v2/service/ec2@v1.296.0", + "github.com/aws/aws-sdk-go-v2/service/ecs@v1.74.0", + "github.com/aws/aws-sdk-go-v2/service/elasticache@v1.51.12", + "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", + "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.20", + "github.com/aws/aws-sdk-go-v2/service/kafka@v1.49.1", + "github.com/aws/aws-sdk-go-v2/service/lightsail@v1.51.0", + "github.com/aws/aws-sdk-go-v2/service/rds@v1.117.0", + "github.com/aws/aws-sdk-go-v2/service/signin@v1.0.8", + "github.com/aws/aws-sdk-go-v2/service/sso@v1.30.13", + "github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.17", + "github.com/aws/aws-sdk-go-v2/service/sts@v1.41.9", + "github.com/aws/aws-sdk-go-v2@v1.41.4", + "github.com/aws/smithy-go@v1.24.2", + "github.com/bboreham/go-loser@v0.0.0-20230920113527-fcc2c21820a3", + "github.com/beorn7/perks@v1.0.1", + "github.com/cespare/xxhash/v2@v2.3.0", + "github.com/cncf/xds/go@v0.0.0-20251210132809-ee656c7534f5", + "github.com/containerd/errdefs/pkg@v0.3.0", + "github.com/containerd/errdefs@v1.0.0", + "github.com/coreos/go-systemd/v22@v22.6.0", + "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "github.com/dennwc/varint@v1.0.0", + "github.com/digitalocean/godo@v1.178.0", + "github.com/distribution/reference@v0.6.0", + "github.com/docker/docker@v28.5.2+incompatible", + "github.com/docker/go-connections@v0.6.0", + "github.com/docker/go-units@v0.5.0", + "github.com/edsrzf/mmap-go@v1.2.0", + "github.com/emicklei/go-restful/v3@v3.12.2", + "github.com/envoyproxy/go-control-plane/envoy@v1.37.0", + "github.com/envoyproxy/protoc-gen-validate@v1.3.3", + "github.com/facette/natsort@v0.0.0-20181210072756-2cd4dd1e2dcb", + "github.com/fatih/color@v1.18.0", + "github.com/felixge/httpsnoop@v1.0.4", + "github.com/fsnotify/fsnotify@v1.9.0", + "github.com/fxamacker/cbor/v2@v2.9.0", + "github.com/go-logr/logr@v1.4.3", + "github.com/go-logr/stdr@v1.2.2", + "github.com/go-openapi/analysis@v0.24.2", + "github.com/go-openapi/errors@v0.22.7", + "github.com/go-openapi/jsonpointer@v0.22.5", + "github.com/go-openapi/jsonreference@v0.21.4", + "github.com/go-openapi/loads@v0.23.2", + "github.com/go-openapi/spec@v0.22.3", + "github.com/go-openapi/strfmt@v0.26.1", + "github.com/go-openapi/swag/cmdutils@v0.25.4", + "github.com/go-openapi/swag/conv@v0.25.4", + "github.com/go-openapi/swag/fileutils@v0.25.4", + "github.com/go-openapi/swag/jsonname@v0.25.5", + "github.com/go-openapi/swag/jsonutils@v0.25.4", + "github.com/go-openapi/swag/loading@v0.25.4", + "github.com/go-openapi/swag/mangling@v0.25.4", + "github.com/go-openapi/swag/netutils@v0.25.4", + "github.com/go-openapi/swag/stringutils@v0.25.4", + "github.com/go-openapi/swag/typeutils@v0.25.4", + "github.com/go-openapi/swag/yamlutils@v0.25.4", + "github.com/go-openapi/swag@v0.25.4", + "github.com/go-openapi/validate@v0.25.1", + "github.com/go-resty/resty/v2@v2.17.2", + "github.com/go-viper/mapstructure/v2@v2.5.0", + "github.com/go-zookeeper/zk@v1.0.4", + "github.com/gogo/protobuf@v1.3.2", + "github.com/golang-jwt/jwt/v5@v5.3.1", + "github.com/golang/snappy@v1.0.0", + "github.com/google/gnostic-models@v0.7.0", + "github.com/google/go-cmp@v0.7.0", + "github.com/google/go-querystring@v1.2.0", + "github.com/google/pprof@v0.0.0-20260302011040-a15ffb7f9dcc", + "github.com/google/s2a-go@v0.1.9", + "github.com/google/uuid@v1.6.0", + "github.com/googleapis/enterprise-certificate-proxy@v0.3.14", + "github.com/googleapis/gax-go/v2@v2.18.0", + "github.com/gophercloud/gophercloud/v2@v2.11.1", + "github.com/gorilla/websocket@v1.5.4-0.20250319132907-e064f32e3674", + "github.com/grafana/regexp@v0.0.0-20250905093917-f7b3be9d1853", + "github.com/hashicorp/consul/api@v1.32.1", + "github.com/hashicorp/cronexpr@v1.1.3", + "github.com/hashicorp/errwrap@v1.1.0", + "github.com/hashicorp/go-cleanhttp@v0.5.2", + "github.com/hashicorp/go-hclog@v1.6.3", + "github.com/hashicorp/go-immutable-radix@v1.3.1", + "github.com/hashicorp/go-multierror@v1.1.1", + "github.com/hashicorp/go-retryablehttp@v0.7.8", + "github.com/hashicorp/go-rootcerts@v1.0.2", + "github.com/hashicorp/golang-lru@v0.6.0", + "github.com/hashicorp/nomad/api@v0.0.0-20260324203407-b27b0c2e019a", + "github.com/hashicorp/serf@v0.10.1", + "github.com/hetznercloud/hcloud-go/v2@v2.36.0", + "github.com/ionos-cloud/sdk-go/v6@v6.3.6", + "github.com/jpillora/backoff@v1.0.0", + "github.com/json-iterator/go@v1.1.12", + "github.com/klauspost/compress@v1.18.5", + "github.com/kolo/xmlrpc@v0.0.0-20220921171641-a4b6fa1dd06b", + "github.com/kylelemons/godebug@v1.1.0", + "github.com/linode/linodego@v1.66.0", + "github.com/mattn/go-colorable@v0.1.14", + "github.com/mattn/go-isatty@v0.0.20", + "github.com/mdlayher/socket@v0.4.1", + "github.com/mdlayher/vsock@v1.2.1", + "github.com/miekg/dns@v1.1.72", + "github.com/mitchellh/mapstructure@v1.5.0", + "github.com/moby/docker-image-spec@v1.3.1", + "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "github.com/modern-go/reflect2@v1.0.3-0.20250322232337-35a7c28c31ee", + "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", + "github.com/nsf/jsondiff@v0.0.0-20260207060731-8e8d90c4c0ac", + "github.com/oklog/ulid/v2@v2.1.1", + "github.com/opencontainers/go-digest@v1.0.0", + "github.com/opencontainers/image-spec@v1.1.1", + "github.com/ovh/go-ovh@v1.9.0", + "github.com/pkg/browser@v0.0.0-20240102092130-5ac0b6a4141c", + "github.com/pkg/errors@v0.9.1", + "github.com/pmezard/go-difflib@v1.0.1-0.20181226105442-5d4384ee4fb2", + "github.com/prometheus/alertmanager@v0.31.1", + "github.com/prometheus/client_golang/exp@v0.0.0-20260325093428-d8591d0db856", + "github.com/prometheus/client_golang@v1.23.2", + "github.com/prometheus/client_model@v0.6.2", + "github.com/prometheus/common@v0.67.5", + "github.com/prometheus/exporter-toolkit@v0.15.1", + "github.com/prometheus/otlptranslator@v1.0.0", + "github.com/prometheus/procfs@v0.16.1", + "github.com/prometheus/sigv4@v0.4.1", + "github.com/scaleway/scaleway-sdk-go@v1.0.0-beta.36", + "github.com/spf13/pflag@v1.0.10", + "github.com/stackitcloud/stackit-sdk-go/core@v0.23.0", + "github.com/stretchr/testify@v1.11.1", + "github.com/vultr/govultr/v3@v3.28.1", + "github.com/x448/float16@v0.8.4", + "github.com/xhit/go-str2duration/v2@v2.1.0", + "go.opentelemetry.io/auto/sdk@v1.2.1", + "go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@v0.67.0", + "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.67.0", + "go.opentelemetry.io/otel/metric@v1.42.0", + "go.opentelemetry.io/otel/trace@v1.42.0", + "go.opentelemetry.io/otel@v1.42.0", + "go.uber.org/atomic@v1.11.0", + "go.uber.org/goleak@v1.3.0", + "go.yaml.in/yaml/v2@v2.4.4", + "go.yaml.in/yaml/v3@v3.0.4", + "golang.org/x/crypto@v0.49.0", + "golang.org/x/exp@v0.0.0-20260218203240-3dfff04db8fa", + "golang.org/x/net@v0.52.0", + "golang.org/x/oauth2@v0.36.0", + "golang.org/x/sync@v0.20.0", + "golang.org/x/sys@v0.42.0", + "golang.org/x/term@v0.41.0", + "golang.org/x/text@v0.35.0", + "golang.org/x/time@v0.15.0", + "google.golang.org/api@v0.272.0", + "google.golang.org/genproto/googleapis/api@v0.0.0-20260319201613-d00831a3d3e7", + "google.golang.org/genproto/googleapis/rpc@v0.0.0-20260311181403-84a4fc48630c", + "google.golang.org/grpc@v1.79.3", + "google.golang.org/protobuf@v1.36.11", + "gopkg.in/evanphx/json-patch.v4@v4.13.0", + "gopkg.in/inf.v0@v0.9.1", + "gopkg.in/ini.v1@v1.67.1", + "gopkg.in/yaml.v2@v2.4.0", + "gopkg.in/yaml.v3@v3.0.1", + "k8s.io/api@v0.35.3", + "k8s.io/apimachinery@v0.35.3", + "k8s.io/client-go@v0.35.3", + "k8s.io/klog/v2@v2.140.0", + "k8s.io/kube-openapi@v0.0.0-20250910181357-589584f1c912", + "k8s.io/utils@v0.0.0-20251002143259-bc988d571ff4", + "sigs.k8s.io/json@v0.0.0-20250730193827-2d320260d730", + "sigs.k8s.io/randfill@v1.0.0", + "sigs.k8s.io/structured-merge-diff/v6@v6.3.0", + "sigs.k8s.io/yaml@v1.6.0", + "stdlib@v1.26.2" + ], + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "stdlib@v1.26.2", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "440e189b541082a8" + }, + "Version": "v1.26.2", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "cloud.google.com/go/auth@v0.18.2", + "Name": "cloud.google.com/go/auth", + "Identifier": { + "PURL": "pkg:golang/cloud.google.com/go/auth@v0.18.2", + "UID": "eb503a9682aa0004" + }, + "Version": "v0.18.2", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "cloud.google.com/go/auth/oauth2adapt@v0.2.8", + "Name": "cloud.google.com/go/auth/oauth2adapt", + "Identifier": { + "PURL": "pkg:golang/cloud.google.com/go/auth/oauth2adapt@v0.2.8", + "UID": "f33cdc8e9bfe8fc7" + }, + "Version": "v0.2.8", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "cloud.google.com/go/compute/metadata@v0.9.0", + "Name": "cloud.google.com/go/compute/metadata", + "Identifier": { + "PURL": "pkg:golang/cloud.google.com/go/compute/metadata@v0.9.0", + "UID": "78d23c152d075a27" + }, + "Version": "v0.9.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.21.0", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/azcore", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azcore@v1.21.0", + "UID": "edd5dd01150c728e" + }, + "Version": "v1.21.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.13.1", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/azidentity", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azidentity@v1.13.1", + "UID": "a2a5fa3acbfa1a59" + }, + "Version": "v1.13.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/internal@v1.11.2", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/internal", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/internal@v1.11.2", + "UID": "15f732fd65503168" + }, + "Version": "v1.11.2", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5@v5.7.0", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5@v5.7.0", + "UID": "f5415a6628fa5cd" + }, + "Version": "v5.7.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4@v4.3.0", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4@v4.3.0", + "UID": "28ca8f75d33058f" + }, + "Version": "v4.3.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/AzureAD/microsoft-authentication-library-for-go@v1.6.0", + "Name": "github.com/AzureAD/microsoft-authentication-library-for-go", + "Identifier": { + "PURL": "pkg:golang/github.com/azuread/microsoft-authentication-library-for-go@v1.6.0", + "UID": "aef3b8ba2411b3d8" + }, + "Version": "v1.6.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Code-Hex/go-generics-cache@v1.5.1", + "Name": "github.com/Code-Hex/go-generics-cache", + "Identifier": { + "PURL": "pkg:golang/github.com/code-hex/go-generics-cache@v1.5.1", + "UID": "2d783eb278890459" + }, + "Version": "v1.5.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/alecthomas/kingpin/v2@v2.4.0", + "Name": "github.com/alecthomas/kingpin/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/alecthomas/kingpin/v2@v2.4.0", + "UID": "8acc6e8588325f59" + }, + "Version": "v2.4.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", + "Name": "github.com/alecthomas/units", + "Identifier": { + "PURL": "pkg:golang/github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", + "UID": "1eb7a88f83d1e90d" + }, + "Version": "v0.0.0-20240927000941-0f3dac36c52b", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/armon/go-metrics@v0.4.1", + "Name": "github.com/armon/go-metrics", + "Identifier": { + "PURL": "pkg:golang/github.com/armon/go-metrics@v0.4.1", + "UID": "35b558868e4ea7fa" + }, + "Version": "v0.4.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2@v1.41.4", + "Name": "github.com/aws/aws-sdk-go-v2", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2@v1.41.4", + "UID": "4c8c660c3fce523a" + }, + "Version": "v1.41.4", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/config@v1.32.12", + "Name": "github.com/aws/aws-sdk-go-v2/config", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/config@v1.32.12", + "UID": "9ba8679d36275b3a" + }, + "Version": "v1.32.12", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/credentials@v1.19.12", + "Name": "github.com/aws/aws-sdk-go-v2/credentials", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/credentials@v1.19.12", + "UID": "794bdc584807338f" + }, + "Version": "v1.19.12", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.20", + "Name": "github.com/aws/aws-sdk-go-v2/feature/ec2/imds", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.20", + "UID": "f96e309a8d3dacec" + }, + "Version": "v1.18.20", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.20", + "Name": "github.com/aws/aws-sdk-go-v2/internal/configsources", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.20", + "UID": "93f9f52b5b991057" + }, + "Version": "v1.4.20", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.20", + "Name": "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.20", + "UID": "4a95423ce6855d17" + }, + "Version": "v2.7.20", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", + "Name": "github.com/aws/aws-sdk-go-v2/internal/ini", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", + "UID": "64352d99e4740bea" + }, + "Version": "v1.8.6", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/ec2@v1.296.0", + "Name": "github.com/aws/aws-sdk-go-v2/service/ec2", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/ec2@v1.296.0", + "UID": "a99a30027c6ccdf9" + }, + "Version": "v1.296.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/ecs@v1.74.0", + "Name": "github.com/aws/aws-sdk-go-v2/service/ecs", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/ecs@v1.74.0", + "UID": "7c837954fff60c50" + }, + "Version": "v1.74.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/elasticache@v1.51.12", + "Name": "github.com/aws/aws-sdk-go-v2/service/elasticache", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/elasticache@v1.51.12", + "UID": "de68f43a8e85d2d8" + }, + "Version": "v1.51.12", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", + "Name": "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", + "UID": "268a2a21c9f9d0ce" + }, + "Version": "v1.13.7", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.20", + "Name": "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.20", + "UID": "424fd39aa2e56bf6" + }, + "Version": "v1.13.20", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/kafka@v1.49.1", + "Name": "github.com/aws/aws-sdk-go-v2/service/kafka", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/kafka@v1.49.1", + "UID": "c73b092f9d2e0d4b" + }, + "Version": "v1.49.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/lightsail@v1.51.0", + "Name": "github.com/aws/aws-sdk-go-v2/service/lightsail", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/lightsail@v1.51.0", + "UID": "5ca72ba40dd9f42" + }, + "Version": "v1.51.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/rds@v1.117.0", + "Name": "github.com/aws/aws-sdk-go-v2/service/rds", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/rds@v1.117.0", + "UID": "f83f647b687e4adc" + }, + "Version": "v1.117.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/signin@v1.0.8", + "Name": "github.com/aws/aws-sdk-go-v2/service/signin", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/signin@v1.0.8", + "UID": "a2a9eeaaf1400b48" + }, + "Version": "v1.0.8", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/sso@v1.30.13", + "Name": "github.com/aws/aws-sdk-go-v2/service/sso", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/sso@v1.30.13", + "UID": "2f32799d7c72f62e" + }, + "Version": "v1.30.13", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.17", + "Name": "github.com/aws/aws-sdk-go-v2/service/ssooidc", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.17", + "UID": "968040bb13fa765f" + }, + "Version": "v1.35.17", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/sts@v1.41.9", + "Name": "github.com/aws/aws-sdk-go-v2/service/sts", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/sts@v1.41.9", + "UID": "145d4e7fa75f1cc" + }, + "Version": "v1.41.9", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/smithy-go@v1.24.2", + "Name": "github.com/aws/smithy-go", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/smithy-go@v1.24.2", + "UID": "a4f7074e36ed07a8" + }, + "Version": "v1.24.2", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/bboreham/go-loser@v0.0.0-20230920113527-fcc2c21820a3", + "Name": "github.com/bboreham/go-loser", + "Identifier": { + "PURL": "pkg:golang/github.com/bboreham/go-loser@v0.0.0-20230920113527-fcc2c21820a3", + "UID": "10db9db86355d395" + }, + "Version": "v0.0.0-20230920113527-fcc2c21820a3", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/beorn7/perks@v1.0.1", + "Name": "github.com/beorn7/perks", + "Identifier": { + "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", + "UID": "40d9f68d6ac47de1" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cespare/xxhash/v2@v2.3.0", + "Name": "github.com/cespare/xxhash/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0", + "UID": "62a027fca56d9bec" + }, + "Version": "v2.3.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cncf/xds/go@v0.0.0-20251210132809-ee656c7534f5", + "Name": "github.com/cncf/xds/go", + "Identifier": { + "PURL": "pkg:golang/github.com/cncf/xds/go@v0.0.0-20251210132809-ee656c7534f5", + "UID": "35cb15de7e81659c" + }, + "Version": "v0.0.0-20251210132809-ee656c7534f5", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/containerd/errdefs@v1.0.0", + "Name": "github.com/containerd/errdefs", + "Identifier": { + "PURL": "pkg:golang/github.com/containerd/errdefs@v1.0.0", + "UID": "80c95055f8abc718" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/containerd/errdefs/pkg@v0.3.0", + "Name": "github.com/containerd/errdefs/pkg", + "Identifier": { + "PURL": "pkg:golang/github.com/containerd/errdefs/pkg@v0.3.0", + "UID": "2ab87eedef209da8" + }, + "Version": "v0.3.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/coreos/go-systemd/v22@v22.6.0", + "Name": "github.com/coreos/go-systemd/v22", + "Identifier": { + "PURL": "pkg:golang/github.com/coreos/go-systemd/v22@v22.6.0", + "UID": "3fb1d1945448196" + }, + "Version": "v22.6.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "Name": "github.com/davecgh/go-spew", + "Identifier": { + "PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "UID": "2a4db94df09c2d2d" + }, + "Version": "v1.1.2-0.20180830191138-d8f796af33cc", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/dennwc/varint@v1.0.0", + "Name": "github.com/dennwc/varint", + "Identifier": { + "PURL": "pkg:golang/github.com/dennwc/varint@v1.0.0", + "UID": "e4c6564c0f6b9aa9" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/digitalocean/godo@v1.178.0", + "Name": "github.com/digitalocean/godo", + "Identifier": { + "PURL": "pkg:golang/github.com/digitalocean/godo@v1.178.0", + "UID": "d01c860dadfc6f6c" + }, + "Version": "v1.178.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/distribution/reference@v0.6.0", + "Name": "github.com/distribution/reference", + "Identifier": { + "PURL": "pkg:golang/github.com/distribution/reference@v0.6.0", + "UID": "f4fdc891540d49f" + }, + "Version": "v0.6.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/docker/docker@v28.5.2+incompatible", + "Name": "github.com/docker/docker", + "Identifier": { + "PURL": "pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible", + "UID": "f6d5f406fd53cd26" + }, + "Version": "v28.5.2+incompatible", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/docker/go-connections@v0.6.0", + "Name": "github.com/docker/go-connections", + "Identifier": { + "PURL": "pkg:golang/github.com/docker/go-connections@v0.6.0", + "UID": "4de57c82396d962a" + }, + "Version": "v0.6.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/docker/go-units@v0.5.0", + "Name": "github.com/docker/go-units", + "Identifier": { + "PURL": "pkg:golang/github.com/docker/go-units@v0.5.0", + "UID": "48755fbec63be532" + }, + "Version": "v0.5.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/edsrzf/mmap-go@v1.2.0", + "Name": "github.com/edsrzf/mmap-go", + "Identifier": { + "PURL": "pkg:golang/github.com/edsrzf/mmap-go@v1.2.0", + "UID": "c6209f740e2a01ef" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/emicklei/go-restful/v3@v3.12.2", + "Name": "github.com/emicklei/go-restful/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/emicklei/go-restful/v3@v3.12.2", + "UID": "2884883d69d20b24" + }, + "Version": "v3.12.2", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/envoyproxy/go-control-plane/envoy@v1.37.0", + "Name": "github.com/envoyproxy/go-control-plane/envoy", + "Identifier": { + "PURL": "pkg:golang/github.com/envoyproxy/go-control-plane/envoy@v1.37.0", + "UID": "5d26a62531f418e5" + }, + "Version": "v1.37.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/envoyproxy/protoc-gen-validate@v1.3.3", + "Name": "github.com/envoyproxy/protoc-gen-validate", + "Identifier": { + "PURL": "pkg:golang/github.com/envoyproxy/protoc-gen-validate@v1.3.3", + "UID": "c5167f057d8fd717" + }, + "Version": "v1.3.3", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/facette/natsort@v0.0.0-20181210072756-2cd4dd1e2dcb", + "Name": "github.com/facette/natsort", + "Identifier": { + "PURL": "pkg:golang/github.com/facette/natsort@v0.0.0-20181210072756-2cd4dd1e2dcb", + "UID": "4ba908c4be2c1f1e" + }, + "Version": "v0.0.0-20181210072756-2cd4dd1e2dcb", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/fatih/color@v1.18.0", + "Name": "github.com/fatih/color", + "Identifier": { + "PURL": "pkg:golang/github.com/fatih/color@v1.18.0", + "UID": "4e1174e024e718e3" + }, + "Version": "v1.18.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/felixge/httpsnoop@v1.0.4", + "Name": "github.com/felixge/httpsnoop", + "Identifier": { + "PURL": "pkg:golang/github.com/felixge/httpsnoop@v1.0.4", + "UID": "68ffe344b6294142" + }, + "Version": "v1.0.4", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/fsnotify/fsnotify@v1.9.0", + "Name": "github.com/fsnotify/fsnotify", + "Identifier": { + "PURL": "pkg:golang/github.com/fsnotify/fsnotify@v1.9.0", + "UID": "2b7eddbb2e3807ab" + }, + "Version": "v1.9.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/fxamacker/cbor/v2@v2.9.0", + "Name": "github.com/fxamacker/cbor/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/fxamacker/cbor/v2@v2.9.0", + "UID": "8602db8deb1607a3" + }, + "Version": "v2.9.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/logr@v1.4.3", + "Name": "github.com/go-logr/logr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/logr@v1.4.3", + "UID": "faec3da6af2be65e" + }, + "Version": "v1.4.3", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/stdr@v1.2.2", + "Name": "github.com/go-logr/stdr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/stdr@v1.2.2", + "UID": "204d99185efdfa8d" + }, + "Version": "v1.2.2", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/analysis@v0.24.2", + "Name": "github.com/go-openapi/analysis", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/analysis@v0.24.2", + "UID": "41d59946c5ebee88" + }, + "Version": "v0.24.2", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/errors@v0.22.7", + "Name": "github.com/go-openapi/errors", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/errors@v0.22.7", + "UID": "bca104328bba1c3e" + }, + "Version": "v0.22.7", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/jsonpointer@v0.22.5", + "Name": "github.com/go-openapi/jsonpointer", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/jsonpointer@v0.22.5", + "UID": "7352e314820ead99" + }, + "Version": "v0.22.5", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/jsonreference@v0.21.4", + "Name": "github.com/go-openapi/jsonreference", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/jsonreference@v0.21.4", + "UID": "52add103ac860a3e" + }, + "Version": "v0.21.4", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/loads@v0.23.2", + "Name": "github.com/go-openapi/loads", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/loads@v0.23.2", + "UID": "5aa8b00dd3152d9f" + }, + "Version": "v0.23.2", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/spec@v0.22.3", + "Name": "github.com/go-openapi/spec", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/spec@v0.22.3", + "UID": "45de748a24ae3b0b" + }, + "Version": "v0.22.3", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/strfmt@v0.26.1", + "Name": "github.com/go-openapi/strfmt", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/strfmt@v0.26.1", + "UID": "96061d236226fe4e" + }, + "Version": "v0.26.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag@v0.25.4", + "Name": "github.com/go-openapi/swag", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag@v0.25.4", + "UID": "b22cfa88cae266d3" + }, + "Version": "v0.25.4", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/cmdutils@v0.25.4", + "Name": "github.com/go-openapi/swag/cmdutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/cmdutils@v0.25.4", + "UID": "2af806a2aee41536" + }, + "Version": "v0.25.4", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/conv@v0.25.4", + "Name": "github.com/go-openapi/swag/conv", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/conv@v0.25.4", + "UID": "5eb68e80c62b4f65" + }, + "Version": "v0.25.4", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/fileutils@v0.25.4", + "Name": "github.com/go-openapi/swag/fileutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/fileutils@v0.25.4", + "UID": "cd629247d2cdb1b9" + }, + "Version": "v0.25.4", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/jsonname@v0.25.5", + "Name": "github.com/go-openapi/swag/jsonname", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/jsonname@v0.25.5", + "UID": "556c658f8b12ddaa" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/jsonutils@v0.25.4", + "Name": "github.com/go-openapi/swag/jsonutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/jsonutils@v0.25.4", + "UID": "5edee8b5d2e1332d" + }, + "Version": "v0.25.4", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/loading@v0.25.4", + "Name": "github.com/go-openapi/swag/loading", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/loading@v0.25.4", + "UID": "7081770a689ca782" + }, + "Version": "v0.25.4", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/mangling@v0.25.4", + "Name": "github.com/go-openapi/swag/mangling", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/mangling@v0.25.4", + "UID": "4b2fe08b54b9160" + }, + "Version": "v0.25.4", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/netutils@v0.25.4", + "Name": "github.com/go-openapi/swag/netutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/netutils@v0.25.4", + "UID": "41ed443d079b3458" + }, + "Version": "v0.25.4", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/stringutils@v0.25.4", + "Name": "github.com/go-openapi/swag/stringutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/stringutils@v0.25.4", + "UID": "d4a9b2626dcd8950" + }, + "Version": "v0.25.4", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/typeutils@v0.25.4", + "Name": "github.com/go-openapi/swag/typeutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/typeutils@v0.25.4", + "UID": "ae2ed0da3de57cf4" + }, + "Version": "v0.25.4", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/yamlutils@v0.25.4", + "Name": "github.com/go-openapi/swag/yamlutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/yamlutils@v0.25.4", + "UID": "72ff68c4ced798eb" + }, + "Version": "v0.25.4", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/validate@v0.25.1", + "Name": "github.com/go-openapi/validate", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/validate@v0.25.1", + "UID": "f703790b1015937c" + }, + "Version": "v0.25.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-resty/resty/v2@v2.17.2", + "Name": "github.com/go-resty/resty/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/go-resty/resty/v2@v2.17.2", + "UID": "34fff996c6085313" + }, + "Version": "v2.17.2", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-viper/mapstructure/v2@v2.5.0", + "Name": "github.com/go-viper/mapstructure/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/go-viper/mapstructure/v2@v2.5.0", + "UID": "29394103d28dd6c0" + }, + "Version": "v2.5.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-zookeeper/zk@v1.0.4", + "Name": "github.com/go-zookeeper/zk", + "Identifier": { + "PURL": "pkg:golang/github.com/go-zookeeper/zk@v1.0.4", + "UID": "9498346f908a4339" + }, + "Version": "v1.0.4", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gogo/protobuf@v1.3.2", + "Name": "github.com/gogo/protobuf", + "Identifier": { + "PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2", + "UID": "a63a4123f1d1559d" + }, + "Version": "v1.3.2", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang-jwt/jwt/v5@v5.3.1", + "Name": "github.com/golang-jwt/jwt/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/golang-jwt/jwt/v5@v5.3.1", + "UID": "5b03910302afe88" + }, + "Version": "v5.3.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/snappy@v1.0.0", + "Name": "github.com/golang/snappy", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/snappy@v1.0.0", + "UID": "13950d9e46fde8ae" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/gnostic-models@v0.7.0", + "Name": "github.com/google/gnostic-models", + "Identifier": { + "PURL": "pkg:golang/github.com/google/gnostic-models@v0.7.0", + "UID": "9b38fcac2b4fd808" + }, + "Version": "v0.7.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/go-cmp@v0.7.0", + "Name": "github.com/google/go-cmp", + "Identifier": { + "PURL": "pkg:golang/github.com/google/go-cmp@v0.7.0", + "UID": "5fd24d10be0a36db" + }, + "Version": "v0.7.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/go-querystring@v1.2.0", + "Name": "github.com/google/go-querystring", + "Identifier": { + "PURL": "pkg:golang/github.com/google/go-querystring@v1.2.0", + "UID": "752e7cc088ba43cb" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/pprof@v0.0.0-20260302011040-a15ffb7f9dcc", + "Name": "github.com/google/pprof", + "Identifier": { + "PURL": "pkg:golang/github.com/google/pprof@v0.0.0-20260302011040-a15ffb7f9dcc", + "UID": "369a136f7d89797" + }, + "Version": "v0.0.0-20260302011040-a15ffb7f9dcc", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/s2a-go@v0.1.9", + "Name": "github.com/google/s2a-go", + "Identifier": { + "PURL": "pkg:golang/github.com/google/s2a-go@v0.1.9", + "UID": "c20a08a96fdf05b1" + }, + "Version": "v0.1.9", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/uuid@v1.6.0", + "Name": "github.com/google/uuid", + "Identifier": { + "PURL": "pkg:golang/github.com/google/uuid@v1.6.0", + "UID": "5046cb984b810e3f" + }, + "Version": "v1.6.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/googleapis/enterprise-certificate-proxy@v0.3.14", + "Name": "github.com/googleapis/enterprise-certificate-proxy", + "Identifier": { + "PURL": "pkg:golang/github.com/googleapis/enterprise-certificate-proxy@v0.3.14", + "UID": "de15ddd696f07bdd" + }, + "Version": "v0.3.14", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/googleapis/gax-go/v2@v2.18.0", + "Name": "github.com/googleapis/gax-go/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/googleapis/gax-go/v2@v2.18.0", + "UID": "e038d67809128422" + }, + "Version": "v2.18.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gophercloud/gophercloud/v2@v2.11.1", + "Name": "github.com/gophercloud/gophercloud/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/gophercloud/gophercloud/v2@v2.11.1", + "UID": "a7b3a2c33023e447" + }, + "Version": "v2.11.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gorilla/websocket@v1.5.4-0.20250319132907-e064f32e3674", + "Name": "github.com/gorilla/websocket", + "Identifier": { + "PURL": "pkg:golang/github.com/gorilla/websocket@v1.5.4-0.20250319132907-e064f32e3674", + "UID": "c8ef014719f17acf" + }, + "Version": "v1.5.4-0.20250319132907-e064f32e3674", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/grafana/regexp@v0.0.0-20250905093917-f7b3be9d1853", + "Name": "github.com/grafana/regexp", + "Identifier": { + "PURL": "pkg:golang/github.com/grafana/regexp@v0.0.0-20250905093917-f7b3be9d1853", + "UID": "5096e4766939c39d" + }, + "Version": "v0.0.0-20250905093917-f7b3be9d1853", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/consul/api@v1.32.1", + "Name": "github.com/hashicorp/consul/api", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/consul/api@v1.32.1", + "UID": "a2a0f2b41e2ac05a" + }, + "Version": "v1.32.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/cronexpr@v1.1.3", + "Name": "github.com/hashicorp/cronexpr", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/cronexpr@v1.1.3", + "UID": "f54782361d2ac9d9" + }, + "Version": "v1.1.3", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/errwrap@v1.1.0", + "Name": "github.com/hashicorp/errwrap", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/errwrap@v1.1.0", + "UID": "c9afcb11d59991a3" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-cleanhttp@v0.5.2", + "Name": "github.com/hashicorp/go-cleanhttp", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-cleanhttp@v0.5.2", + "UID": "5719d6e21c8322c3" + }, + "Version": "v0.5.2", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-hclog@v1.6.3", + "Name": "github.com/hashicorp/go-hclog", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-hclog@v1.6.3", + "UID": "a9c66e8500db7802" + }, + "Version": "v1.6.3", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-immutable-radix@v1.3.1", + "Name": "github.com/hashicorp/go-immutable-radix", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-immutable-radix@v1.3.1", + "UID": "1063e6f4fdb7ce91" + }, + "Version": "v1.3.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-multierror@v1.1.1", + "Name": "github.com/hashicorp/go-multierror", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-multierror@v1.1.1", + "UID": "fc860262687018d" + }, + "Version": "v1.1.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-retryablehttp@v0.7.8", + "Name": "github.com/hashicorp/go-retryablehttp", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-retryablehttp@v0.7.8", + "UID": "bf7e60b1fdc55e78" + }, + "Version": "v0.7.8", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-rootcerts@v1.0.2", + "Name": "github.com/hashicorp/go-rootcerts", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-rootcerts@v1.0.2", + "UID": "76c53d49313ee03e" + }, + "Version": "v1.0.2", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/golang-lru@v0.6.0", + "Name": "github.com/hashicorp/golang-lru", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/golang-lru@v0.6.0", + "UID": "1fd086844f5a4cf2" + }, + "Version": "v0.6.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/nomad/api@v0.0.0-20260324203407-b27b0c2e019a", + "Name": "github.com/hashicorp/nomad/api", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/nomad/api@v0.0.0-20260324203407-b27b0c2e019a", + "UID": "48c5e63bda40463" + }, + "Version": "v0.0.0-20260324203407-b27b0c2e019a", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/serf@v0.10.1", + "Name": "github.com/hashicorp/serf", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/serf@v0.10.1", + "UID": "c68c5fe00339e2fc" + }, + "Version": "v0.10.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hetznercloud/hcloud-go/v2@v2.36.0", + "Name": "github.com/hetznercloud/hcloud-go/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/hetznercloud/hcloud-go/v2@v2.36.0", + "UID": "af95876161495512" + }, + "Version": "v2.36.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/ionos-cloud/sdk-go/v6@v6.3.6", + "Name": "github.com/ionos-cloud/sdk-go/v6", + "Identifier": { + "PURL": "pkg:golang/github.com/ionos-cloud/sdk-go/v6@v6.3.6", + "UID": "682ec303e8888566" + }, + "Version": "v6.3.6", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jpillora/backoff@v1.0.0", + "Name": "github.com/jpillora/backoff", + "Identifier": { + "PURL": "pkg:golang/github.com/jpillora/backoff@v1.0.0", + "UID": "5e2cca3aab777ef3" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/json-iterator/go@v1.1.12", + "Name": "github.com/json-iterator/go", + "Identifier": { + "PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12", + "UID": "f7ce79647a739879" + }, + "Version": "v1.1.12", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/klauspost/compress@v1.18.5", + "Name": "github.com/klauspost/compress", + "Identifier": { + "PURL": "pkg:golang/github.com/klauspost/compress@v1.18.5", + "UID": "f2977256591cceea" + }, + "Version": "v1.18.5", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/kolo/xmlrpc@v0.0.0-20220921171641-a4b6fa1dd06b", + "Name": "github.com/kolo/xmlrpc", + "Identifier": { + "PURL": "pkg:golang/github.com/kolo/xmlrpc@v0.0.0-20220921171641-a4b6fa1dd06b", + "UID": "755f654f2d6cc3c5" + }, + "Version": "v0.0.0-20220921171641-a4b6fa1dd06b", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/kylelemons/godebug@v1.1.0", + "Name": "github.com/kylelemons/godebug", + "Identifier": { + "PURL": "pkg:golang/github.com/kylelemons/godebug@v1.1.0", + "UID": "f353e71f501288c6" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/linode/linodego@v1.66.0", + "Name": "github.com/linode/linodego", + "Identifier": { + "PURL": "pkg:golang/github.com/linode/linodego@v1.66.0", + "UID": "d304d7ebddb6a8bb" + }, + "Version": "v1.66.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mattn/go-colorable@v0.1.14", + "Name": "github.com/mattn/go-colorable", + "Identifier": { + "PURL": "pkg:golang/github.com/mattn/go-colorable@v0.1.14", + "UID": "603da16f8902c9a" + }, + "Version": "v0.1.14", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mattn/go-isatty@v0.0.20", + "Name": "github.com/mattn/go-isatty", + "Identifier": { + "PURL": "pkg:golang/github.com/mattn/go-isatty@v0.0.20", + "UID": "645cda8396af6d46" + }, + "Version": "v0.0.20", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mdlayher/socket@v0.4.1", + "Name": "github.com/mdlayher/socket", + "Identifier": { + "PURL": "pkg:golang/github.com/mdlayher/socket@v0.4.1", + "UID": "efab1140e00d43b1" + }, + "Version": "v0.4.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mdlayher/vsock@v1.2.1", + "Name": "github.com/mdlayher/vsock", + "Identifier": { + "PURL": "pkg:golang/github.com/mdlayher/vsock@v1.2.1", + "UID": "416b57b8e678a326" + }, + "Version": "v1.2.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/miekg/dns@v1.1.72", + "Name": "github.com/miekg/dns", + "Identifier": { + "PURL": "pkg:golang/github.com/miekg/dns@v1.1.72", + "UID": "d63ec140b079de46" + }, + "Version": "v1.1.72", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mitchellh/mapstructure@v1.5.0", + "Name": "github.com/mitchellh/mapstructure", + "Identifier": { + "PURL": "pkg:golang/github.com/mitchellh/mapstructure@v1.5.0", + "UID": "ac3f9cc3c8b5a81f" + }, + "Version": "v1.5.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/moby/docker-image-spec@v1.3.1", + "Name": "github.com/moby/docker-image-spec", + "Identifier": { + "PURL": "pkg:golang/github.com/moby/docker-image-spec@v1.3.1", + "UID": "5ee3977242078511" + }, + "Version": "v1.3.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "Name": "github.com/modern-go/concurrent", + "Identifier": { + "PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "UID": "bd652aed9e2f2543" + }, + "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/modern-go/reflect2@v1.0.3-0.20250322232337-35a7c28c31ee", + "Name": "github.com/modern-go/reflect2", + "Identifier": { + "PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.3-0.20250322232337-35a7c28c31ee", + "UID": "78b82030b0b4d24f" + }, + "Version": "v1.0.3-0.20250322232337-35a7c28c31ee", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "Name": "github.com/munnerz/goautoneg", + "Identifier": { + "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "UID": "5e185b6d704352c5" + }, + "Version": "v0.0.0-20191010083416-a7dc8b61c822", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", + "Name": "github.com/mwitkow/go-conntrack", + "Identifier": { + "PURL": "pkg:golang/github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", + "UID": "969e509a56ae57a0" + }, + "Version": "v0.0.0-20190716064945-2f068394615f", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/nsf/jsondiff@v0.0.0-20260207060731-8e8d90c4c0ac", + "Name": "github.com/nsf/jsondiff", + "Identifier": { + "PURL": "pkg:golang/github.com/nsf/jsondiff@v0.0.0-20260207060731-8e8d90c4c0ac", + "UID": "4a0e93cccf3bf7ae" + }, + "Version": "v0.0.0-20260207060731-8e8d90c4c0ac", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/oklog/ulid/v2@v2.1.1", + "Name": "github.com/oklog/ulid/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/oklog/ulid/v2@v2.1.1", + "UID": "84dbd75a84b166a7" + }, + "Version": "v2.1.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/opencontainers/go-digest@v1.0.0", + "Name": "github.com/opencontainers/go-digest", + "Identifier": { + "PURL": "pkg:golang/github.com/opencontainers/go-digest@v1.0.0", + "UID": "685678d60681d6d5" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/opencontainers/image-spec@v1.1.1", + "Name": "github.com/opencontainers/image-spec", + "Identifier": { + "PURL": "pkg:golang/github.com/opencontainers/image-spec@v1.1.1", + "UID": "72b4b5c13d22e9cf" + }, + "Version": "v1.1.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/ovh/go-ovh@v1.9.0", + "Name": "github.com/ovh/go-ovh", + "Identifier": { + "PURL": "pkg:golang/github.com/ovh/go-ovh@v1.9.0", + "UID": "be18c482a0d8401a" + }, + "Version": "v1.9.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pkg/browser@v0.0.0-20240102092130-5ac0b6a4141c", + "Name": "github.com/pkg/browser", + "Identifier": { + "PURL": "pkg:golang/github.com/pkg/browser@v0.0.0-20240102092130-5ac0b6a4141c", + "UID": "9ce973c5f396113b" + }, + "Version": "v0.0.0-20240102092130-5ac0b6a4141c", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pkg/errors@v0.9.1", + "Name": "github.com/pkg/errors", + "Identifier": { + "PURL": "pkg:golang/github.com/pkg/errors@v0.9.1", + "UID": "bec14694fe418f4b" + }, + "Version": "v0.9.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pmezard/go-difflib@v1.0.1-0.20181226105442-5d4384ee4fb2", + "Name": "github.com/pmezard/go-difflib", + "Identifier": { + "PURL": "pkg:golang/github.com/pmezard/go-difflib@v1.0.1-0.20181226105442-5d4384ee4fb2", + "UID": "35c7c0d211c93451" + }, + "Version": "v1.0.1-0.20181226105442-5d4384ee4fb2", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/alertmanager@v0.31.1", + "Name": "github.com/prometheus/alertmanager", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/alertmanager@v0.31.1", + "UID": "dca05ecaf7fdb813" + }, + "Version": "v0.31.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_golang@v1.23.2", + "Name": "github.com/prometheus/client_golang", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.23.2", + "UID": "98140986d3125c4" + }, + "Version": "v1.23.2", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_golang/exp@v0.0.0-20260325093428-d8591d0db856", + "Name": "github.com/prometheus/client_golang/exp", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_golang/exp@v0.0.0-20260325093428-d8591d0db856", + "UID": "799a91315d4a6517" + }, + "Version": "v0.0.0-20260325093428-d8591d0db856", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_model@v0.6.2", + "Name": "github.com/prometheus/client_model", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_model@v0.6.2", + "UID": "32e28c300e237905" + }, + "Version": "v0.6.2", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/common@v0.67.5", + "Name": "github.com/prometheus/common", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/common@v0.67.5", + "UID": "b20176d88cedc0fc" + }, + "Version": "v0.67.5", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/exporter-toolkit@v0.15.1", + "Name": "github.com/prometheus/exporter-toolkit", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/exporter-toolkit@v0.15.1", + "UID": "214ef6c47a3efe4d" + }, + "Version": "v0.15.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/otlptranslator@v1.0.0", + "Name": "github.com/prometheus/otlptranslator", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/otlptranslator@v1.0.0", + "UID": "4086ce8f3b83d5a5" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/procfs@v0.16.1", + "Name": "github.com/prometheus/procfs", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/procfs@v0.16.1", + "UID": "74a6d135a224f952" + }, + "Version": "v0.16.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/sigv4@v0.4.1", + "Name": "github.com/prometheus/sigv4", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/sigv4@v0.4.1", + "UID": "2403fb69d3d46a0" + }, + "Version": "v0.4.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/scaleway/scaleway-sdk-go@v1.0.0-beta.36", + "Name": "github.com/scaleway/scaleway-sdk-go", + "Identifier": { + "PURL": "pkg:golang/github.com/scaleway/scaleway-sdk-go@v1.0.0-beta.36", + "UID": "b9f15f6b3cb77eda" + }, + "Version": "v1.0.0-beta.36", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/pflag@v1.0.10", + "Name": "github.com/spf13/pflag", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.10", + "UID": "d77354f2cde984bb" + }, + "Version": "v1.0.10", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/stackitcloud/stackit-sdk-go/core@v0.23.0", + "Name": "github.com/stackitcloud/stackit-sdk-go/core", + "Identifier": { + "PURL": "pkg:golang/github.com/stackitcloud/stackit-sdk-go/core@v0.23.0", + "UID": "7a13fa55f6d160ba" + }, + "Version": "v0.23.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/stretchr/testify@v1.11.1", + "Name": "github.com/stretchr/testify", + "Identifier": { + "PURL": "pkg:golang/github.com/stretchr/testify@v1.11.1", + "UID": "8267de5762c61113" + }, + "Version": "v1.11.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/vultr/govultr/v3@v3.28.1", + "Name": "github.com/vultr/govultr/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/vultr/govultr/v3@v3.28.1", + "UID": "c13994d3d519403" + }, + "Version": "v3.28.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/x448/float16@v0.8.4", + "Name": "github.com/x448/float16", + "Identifier": { + "PURL": "pkg:golang/github.com/x448/float16@v0.8.4", + "UID": "e8edad8a63ae7dff" + }, + "Version": "v0.8.4", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/xhit/go-str2duration/v2@v2.1.0", + "Name": "github.com/xhit/go-str2duration/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/xhit/go-str2duration/v2@v2.1.0", + "UID": "4771c40d2d6263ab" + }, + "Version": "v2.1.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/auto/sdk@v1.2.1", + "Name": "go.opentelemetry.io/auto/sdk", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/auto/sdk@v1.2.1", + "UID": "b5a4694c42a71465" + }, + "Version": "v1.2.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@v0.67.0", + "Name": "go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@v0.67.0", + "UID": "446b1d7cf4ad8029" + }, + "Version": "v0.67.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.67.0", + "Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.67.0", + "UID": "5f8e9a73cfbc37d2" + }, + "Version": "v0.67.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel@v1.42.0", + "Name": "go.opentelemetry.io/otel", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel@v1.42.0", + "UID": "235b6069d80951d1" + }, + "Version": "v1.42.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/metric@v1.42.0", + "Name": "go.opentelemetry.io/otel/metric", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/metric@v1.42.0", + "UID": "c9a96520faeeefb8" + }, + "Version": "v1.42.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/trace@v1.42.0", + "Name": "go.opentelemetry.io/otel/trace", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/trace@v1.42.0", + "UID": "3354b9d148134d95" + }, + "Version": "v1.42.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/atomic@v1.11.0", + "Name": "go.uber.org/atomic", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/atomic@v1.11.0", + "UID": "652130737734cc4c" + }, + "Version": "v1.11.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/goleak@v1.3.0", + "Name": "go.uber.org/goleak", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/goleak@v1.3.0", + "UID": "7d5c43e409390fa3" + }, + "Version": "v1.3.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.yaml.in/yaml/v2@v2.4.4", + "Name": "go.yaml.in/yaml/v2", + "Identifier": { + "PURL": "pkg:golang/go.yaml.in/yaml/v2@v2.4.4", + "UID": "77cef8f014b9a00c" + }, + "Version": "v2.4.4", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.yaml.in/yaml/v3@v3.0.4", + "Name": "go.yaml.in/yaml/v3", + "Identifier": { + "PURL": "pkg:golang/go.yaml.in/yaml/v3@v3.0.4", + "UID": "2c00befa91894448" + }, + "Version": "v3.0.4", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/crypto@v0.49.0", + "Name": "golang.org/x/crypto", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.49.0", + "UID": "d8b4fc1045858fc3" + }, + "Version": "v0.49.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/exp@v0.0.0-20260218203240-3dfff04db8fa", + "Name": "golang.org/x/exp", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/exp@v0.0.0-20260218203240-3dfff04db8fa", + "UID": "abbe45fb1568029f" + }, + "Version": "v0.0.0-20260218203240-3dfff04db8fa", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/net@v0.52.0", + "Name": "golang.org/x/net", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.52.0", + "UID": "f0a3df2274896330" + }, + "Version": "v0.52.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/oauth2@v0.36.0", + "Name": "golang.org/x/oauth2", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/oauth2@v0.36.0", + "UID": "db510fbdaa57c39" + }, + "Version": "v0.36.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sync@v0.20.0", + "Name": "golang.org/x/sync", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sync@v0.20.0", + "UID": "ee4175cd9ebce6e5" + }, + "Version": "v0.20.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sys@v0.42.0", + "Name": "golang.org/x/sys", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sys@v0.42.0", + "UID": "17f820cc17295208" + }, + "Version": "v0.42.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/term@v0.41.0", + "Name": "golang.org/x/term", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/term@v0.41.0", + "UID": "e9c3d837a267373a" + }, + "Version": "v0.41.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/text@v0.35.0", + "Name": "golang.org/x/text", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/text@v0.35.0", + "UID": "492bd4b8cdf06f33" + }, + "Version": "v0.35.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/time@v0.15.0", + "Name": "golang.org/x/time", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/time@v0.15.0", + "UID": "a3a3d23a843be29a" + }, + "Version": "v0.15.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/api@v0.272.0", + "Name": "google.golang.org/api", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/api@v0.272.0", + "UID": "461997d33d0aa19e" + }, + "Version": "v0.272.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/genproto/googleapis/api@v0.0.0-20260319201613-d00831a3d3e7", + "Name": "google.golang.org/genproto/googleapis/api", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/genproto/googleapis/api@v0.0.0-20260319201613-d00831a3d3e7", + "UID": "6fec123e3337ac9e" + }, + "Version": "v0.0.0-20260319201613-d00831a3d3e7", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/genproto/googleapis/rpc@v0.0.0-20260311181403-84a4fc48630c", + "Name": "google.golang.org/genproto/googleapis/rpc", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/genproto/googleapis/rpc@v0.0.0-20260311181403-84a4fc48630c", + "UID": "f7b25317b4419de3" + }, + "Version": "v0.0.0-20260311181403-84a4fc48630c", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/grpc@v1.79.3", + "Name": "google.golang.org/grpc", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/grpc@v1.79.3", + "UID": "9538ff12aaf80f5d" + }, + "Version": "v1.79.3", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/protobuf@v1.36.11", + "Name": "google.golang.org/protobuf", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/protobuf@v1.36.11", + "UID": "bac098609d2bee59" + }, + "Version": "v1.36.11", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/evanphx/json-patch.v4@v4.13.0", + "Name": "gopkg.in/evanphx/json-patch.v4", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/evanphx/json-patch.v4@v4.13.0", + "UID": "10a43444ac5a981a" + }, + "Version": "v4.13.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/inf.v0@v0.9.1", + "Name": "gopkg.in/inf.v0", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/inf.v0@v0.9.1", + "UID": "be80991e913d94eb" + }, + "Version": "v0.9.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/ini.v1@v1.67.1", + "Name": "gopkg.in/ini.v1", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/ini.v1@v1.67.1", + "UID": "b30361e1d870c8d1" + }, + "Version": "v1.67.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v2@v2.4.0", + "Name": "gopkg.in/yaml.v2", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", + "UID": "d2861ab098107375" + }, + "Version": "v2.4.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v3@v3.0.1", + "Name": "gopkg.in/yaml.v3", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", + "UID": "9a9c4ec16bf3aa79" + }, + "Version": "v3.0.1", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/api@v0.35.3", + "Name": "k8s.io/api", + "Identifier": { + "PURL": "pkg:golang/k8s.io/api@v0.35.3", + "UID": "2b6ceb6ed76c4203" + }, + "Version": "v0.35.3", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/apimachinery@v0.35.3", + "Name": "k8s.io/apimachinery", + "Identifier": { + "PURL": "pkg:golang/k8s.io/apimachinery@v0.35.3", + "UID": "e3876e1fcf5e3fe1" + }, + "Version": "v0.35.3", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/client-go@v0.35.3", + "Name": "k8s.io/client-go", + "Identifier": { + "PURL": "pkg:golang/k8s.io/client-go@v0.35.3", + "UID": "bc4d021cf2bf1e74" + }, + "Version": "v0.35.3", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/klog/v2@v2.140.0", + "Name": "k8s.io/klog/v2", + "Identifier": { + "PURL": "pkg:golang/k8s.io/klog/v2@v2.140.0", + "UID": "e43aec84cb803bf8" + }, + "Version": "v2.140.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/kube-openapi@v0.0.0-20250910181357-589584f1c912", + "Name": "k8s.io/kube-openapi", + "Identifier": { + "PURL": "pkg:golang/k8s.io/kube-openapi@v0.0.0-20250910181357-589584f1c912", + "UID": "123c0ae5550a3c9" + }, + "Version": "v0.0.0-20250910181357-589584f1c912", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/utils@v0.0.0-20251002143259-bc988d571ff4", + "Name": "k8s.io/utils", + "Identifier": { + "PURL": "pkg:golang/k8s.io/utils@v0.0.0-20251002143259-bc988d571ff4", + "UID": "b3953eff4c6c2ce1" + }, + "Version": "v0.0.0-20251002143259-bc988d571ff4", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/json@v0.0.0-20250730193827-2d320260d730", + "Name": "sigs.k8s.io/json", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/json@v0.0.0-20250730193827-2d320260d730", + "UID": "a37f0c105b172677" + }, + "Version": "v0.0.0-20250730193827-2d320260d730", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/randfill@v1.0.0", + "Name": "sigs.k8s.io/randfill", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/randfill@v1.0.0", + "UID": "36a68e825ca55fc0" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/structured-merge-diff/v6@v6.3.0", + "Name": "sigs.k8s.io/structured-merge-diff/v6", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/structured-merge-diff/v6@v6.3.0", + "UID": "e11e8bc3e8b3e4b3" + }, + "Version": "v6.3.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/yaml@v1.6.0", + "Name": "sigs.k8s.io/yaml", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/yaml@v1.6.0", + "UID": "b4175798d22ec4cf" + }, + "Version": "v1.6.0", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2026-34040", + "VendorIDs": [ + "GHSA-x744-4wpc-v9h2" + ], + "PkgID": "github.com/docker/docker@v28.5.2+incompatible", + "PkgName": "github.com/docker/docker", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible", + "UID": "f6d5f406fd53cd26" + }, + "InstalledVersion": "v28.5.2+incompatible", + "FixedVersion": "29.3.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34040", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:a69f5c780eafc020790aae57f94250ae50cf0719ad1af771d9b17cb9d2d93532", + "Title": "Moby: Moby: Authorization bypass vulnerability", + "Description": "Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-288" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 3, + "nvd": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", + "V3Score": 8.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-34040", + "https://docs.docker.com/engine/extend/plugins_authorization", + "https://github.com/moby/moby", + "https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38", + "https://github.com/moby/moby/releases/tag/docker-v29.3.1", + "https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq", + "https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2", + "https://nvd.nist.gov/vuln/detail/CVE-2026-34040", + "https://www.cve.org/CVERecord?id=CVE-2026-34040" + ], + "PublishedDate": "2026-03-31T03:15:57.883Z", + "LastModifiedDate": "2026-04-03T16:51:28.67Z" + }, + { + "VulnerabilityID": "CVE-2026-41567", + "VendorIDs": [ + "GHSA-x86f-5xw2-fm2r" + ], + "PkgID": "github.com/docker/docker@v28.5.2+incompatible", + "PkgName": "github.com/docker/docker", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible", + "UID": "f6d5f406fd53cd26" + }, + "InstalledVersion": "v28.5.2+incompatible", + "Status": "affected", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41567", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:1ebeb16f87582725997f95a8f929ea7a0beff53cae4b799fcf66df15a9b9a1bb", + "Title": "Docker: `PUT /containers/{id}/archive` executes container binary on the host", + "Description": "## Summary\n\nWhen a user uploads a compressed archive into a container, a malicious image can execute arbitrary code with daemon (host root) privileges.\n\n## Details\n\nWhen handling `PUT /containers/{id}/archive` requests with compressed archives, the daemon decompresses them using external system binaries. Due to incorrect ordering of operations, these binaries are resolved from the container's filesystem rather than the host's. A container image that includes a trojanized decompression binary can achieve code execution as the daemon process whenever a compressed archive is uploaded to that container.\n\nThe executed binary runs with the daemon's full privileges, including host root UID and unrestricted capabilities.\n\n## Impact\n\nArbitrary code execution as host root, crossing the container-to-host trust boundary.\n\n### Conditions for exploitation\n\n- A user must run a container from a malicious image that contains a trojanized decompression binary.\n- The user must then upload a compressed archive (xz or gzip) into that container, either by piping a compressed archive via `docker cp -` or by calling the `PUT /containers/{id}/archive` API directly with compressed content.\n\n### Not affected\n\nStandard `docker cp` usage is **not** affected, because the CLI sends uncompressed tar by default:\n\n```\ndocker cp ./file.txt mycontainer:/file.txt\n```\n\nThis can only be exploited when explicitly passing a xz or gzip-compressed archive to `docker cp` or the `PUT /containers/{id}/archive` API, for example:\n\n```\ncat archive.tar.xz | docker cp - mycontainer:/dir\n```\n\nDecompression formats using pure Go implementations (bzip2, zstd, and gzip when the container image does not contain an `unpigz` binary) are also not affected.\n\n## Workarounds\n\n- Only run containers from trusted images.\n- Use authorization plugins to limit access to the `PUT /containers/{id}/archive` endpoint.\n- Avoid piping compressed archives into containers created from untrusted images.", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", + "V3Score": 7.2 + } + }, + "References": [ + "https://github.com/moby/moby", + "https://github.com/moby/moby/security/advisories/GHSA-x86f-5xw2-fm2r" + ] + }, + { + "VulnerabilityID": "CVE-2026-42306", + "VendorIDs": [ + "GHSA-rg2x-37c3-w2rh" + ], + "PkgID": "github.com/docker/docker@v28.5.2+incompatible", + "PkgName": "github.com/docker/docker", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible", + "UID": "f6d5f406fd53cd26" + }, + "InstalledVersion": "v28.5.2+incompatible", + "Status": "affected", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42306", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:d86d959ae21edd9a75055d55361c2c4a25cf247cc2ed41b10c4289017811aacd", + "Title": "Docker: Race condition in docker cp allows bind mount redirection to host path", + "Description": "## Summary\n\nA race condition during `docker cp` mount setup allows a malicious container to redirect a bind mount target to an arbitrary host path, potentially overwriting host files or causing denial of service.\n\n## Details\n\nWhen copying files into a container, the daemon sets up a temporary filesystem view by bind-mounting volumes into a private mount namespace. During this setup, the mount destination is created inside the container root and then a bind mount is attached using the container-relative path resolved to an absolute host path.\n\nBetween mountpoint creation and the `mount()` syscall, a process running inside the container can replace the destination (or a parent path component) with a symlink pointing to an arbitrary location on the host. The `mount()` syscall follows the symlink, causing the volume to be bind-mounted onto an arbitrary host path instead of the intended container path.\n\n## Impact\n\nA malicious container can redirect a volume bind mount to an arbitrary host path. The impact depends on the volume content and mount options:\n\n- If the volume is writable, arbitrary host files at the redirected path could be overwritten with the volume's contents.\n- If the volume is read-only, the host path is masked by the mount for the duration of the operation, causing denial of service.\n- In all cases the mount is temporary (torn down after the `docker cp` completes), but the effects of any writes persist.\n\n### Conditions for exploitation\n\n- A container must have at least one volume mount.\n- A process inside the container must be able to rapidly create and swap symlinks at the volume mount destination path.\n- An operator must initiate a `docker cp` into that container, or call the `PUT /containers/{id}/archive` or `HEAD /containers/{id}/archive` API endpoints.\n\n### Not affected\n\n- Containers that do not have volume mounts are not affected, as the race occurs during volume bind-mount setup.\n\n## Workarounds\n\n- Only run containers from trusted images.\n- Avoid using `docker cp` with untrusted running containers.\n- Use authorization plugins to restrict access to the archive API endpoints (`PUT /containers/{id}/archive`, `HEAD /containers/{id}/archive`).", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:H", + "V3Score": 7.2 + } + }, + "References": [ + "https://github.com/moby/moby", + "https://github.com/moby/moby/security/advisories/GHSA-rg2x-37c3-w2rh" + ] + }, + { + "VulnerabilityID": "CVE-2026-33997", + "VendorIDs": [ + "GHSA-pxq6-2prw-chj9" + ], + "PkgID": "github.com/docker/docker@v28.5.2+incompatible", + "PkgName": "github.com/docker/docker", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible", + "UID": "f6d5f406fd53cd26" + }, + "InstalledVersion": "v28.5.2+incompatible", + "FixedVersion": "29.3.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33997", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:6a8930c229e18aa12bc34e466123595ccaf2c88ed68d15fa12802e68b70a89ba", + "Title": "moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation", + "Description": "Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user. Plugins that request exactly one privilege are also affected, because no comparison is performed at all. This issue has been patched in version 29.3.1.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-193" + ], + "VendorSeverity": { + "amazon": 2, + "ghsa": 2, + "nvd": 3, + "photon": 3, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 6.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 8.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-33997", + "https://docs.docker.com/engine/extend/legacy_plugins", + "https://github.com/moby/moby", + "https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a", + "https://github.com/moby/moby/releases/tag/docker-v29.3.1", + "https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33997", + "https://www.cve.org/CVERecord?id=CVE-2026-33997" + ], + "PublishedDate": "2026-03-31T03:15:57.523Z", + "LastModifiedDate": "2026-04-03T17:23:21.307Z" + }, + { + "VulnerabilityID": "CVE-2026-41568", + "VendorIDs": [ + "GHSA-vp62-88p7-qqf5" + ], + "PkgID": "github.com/docker/docker@v28.5.2+incompatible", + "PkgName": "github.com/docker/docker", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible", + "UID": "f6d5f406fd53cd26" + }, + "InstalledVersion": "v28.5.2+incompatible", + "Status": "affected", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41568", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:63483ed8941d9fa7e086d1e6568d82f591751fa701dfcc89f8687ad707c582ab", + "Title": "Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap", + "Description": "## Summary\n\nA race condition during `docker cp` mount setup allows a malicious container to create empty files or directories at arbitrary absolute paths on the host filesystem.\n\nThis advisory covers the race during mountpoint creation. The related race during the subsequent mount syscall is tracked in GHSA-rg2x-37c3-w2rh\n\n## Details\n\nWhen copying files into a container, the daemon sets up a temporary filesystem view by bind-mounting volumes into a private mount namespace. During this setup, the mount destination path is first resolved within the container's root filesystem using `GetResourcePath`, and then used to create the mountpoint (file or directory) if it does not already exist via `createIfNotExists`.\n\nBetween path resolution and mountpoint creation, a process running inside the container can swap a path component for a symlink pointing to an arbitrary location on the host. Because `createIfNotExists` operates on the already-resolved absolute path using standard `os.MkdirAll` and `os.OpenFile` — which follow symlinks in intermediate path components — the symlink is followed and the file or directory is created outside the container root filesystem, as root.\n\n## Impact\n\nA malicious container can create empty files or directories at arbitrary absolute paths on the host filesystem, running as root. This enables persistent denial of service — for example:\n\n- Converting `/etc/docker/daemon.json` into a directory prevents the daemon from restarting\n- Creating `/etc/nologin` prevents user logins\n- Overwriting critical system paths with empty files can break host services\n\nThe container does not gain read or write access to existing host files — only the ability to create new empty files or directories at chosen paths.\n\n### Conditions for exploitation\n\n- A container must be running with a process that can rapidly create and swap symlinks at a volume mount destination path.\n- An operator must initiate a `docker cp` into that container, or call the `PUT /containers/{id}/archive` or `HEAD /containers/{id}/archive` API endpoints.\n\n### Not affected\n\n- Containers that do not have volume mounts are not affected, as the race occurs during volume bind-mount setup.\n\n## Patches\n\nMountpoint creation is now scoped to the container root using `os.Root` (Go 1.24+), which refuses to follow symlinks that escape the opened root directory. All filesystem operations in `createIfNotExists` (`MkdirAll`, `OpenFile`) are performed through the `os.Root` handle, so even if a symlink swap occurs after path resolution, the creation stays confined to the container root.\n\n## Workarounds\n\n- Only run containers from trusted images.\n- Avoid using `docker cp` with untrusted running containers.\n- Use authorization plugins to restrict access to the archive API endpoints (`PUT /containers/{id}/archive`, `HEAD /containers/{id}/archive`).", + "Severity": "MEDIUM", + "VendorSeverity": { + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:H", + "V3Score": 6 + } + }, + "References": [ + "https://github.com/moby/moby", + "https://github.com/moby/moby/security/advisories/GHSA-vp62-88p7-qqf5" + ] + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "440e189b541082a8" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8286df652c372367cc47e349fd4dd40e79e381e442ce21887c844f56b573cbe0", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "440e189b541082a8" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e4d55cb3acc1af09d91e53d5bb74d024cc459f22dff12984a5699fb9509be06f", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "440e189b541082a8" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9718b2a412a691e106e40617bee1a2006c8867f5eedff481abece2655c36b000", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "440e189b541082a8" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a071c44d7a386de4982e94bf05a3df1527bc3913d0fa83bf3fed5de62920ee29", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "440e189b541082a8" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6c855783318e465ac2825cdf95b514e29f3b6c98ecf0640eb43151808c49a545", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "440e189b541082a8" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2ff284418bc6da71e1f2aed722c5fe4cb292c7ada6c1b969844a7be6cdc66313", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "440e189b541082a8" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:22282fe67ca4da77644da52ed227ab287de1560f49379cbf0083799a75669722", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.26.2", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.26.2", + "UID": "440e189b541082a8" + }, + "InstalledVersion": "v1.26.2", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", + "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:906fcdfd682f817fea49c5a83db74096755d1ec72e040a3dbd2493cd99176407", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + } + ] + }, + { + "Namespace": "proxy", + "Kind": "Deployment", + "Name": "proxy", + "Metadata": [ + { + "Size": 100374016, + "OS": { + "Family": "alpine", + "Name": "3.20.3", + "EOSL": true + }, + "ImageID": "sha256:373cc84d6ce9052d80e22a8c80f1c2a80a66eb5982a2dcc020af13e7d5520439", + "DiffIDs": [ + "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33", + "sha256:8cf796425b7c1aeb4db19c2affb3e8d833cbad96e0b47d693b2ff19276400368", + "sha256:799b24214ac2010c522653a3ba544da09a3ea51fb09fda7f60ca77b378b7a451", + "sha256:1e9ddb120aa5a56687ddde743fba8a3da4c427a38935482869582e94c6b73ae8", + "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746", + "sha256:1636f1be3bfe0cb31548ddfc2af2d6a2a3f43b039e8eeebedce33033bbeb5efb", + "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a", + "sha256:2f00568f63073659c16e501b74cc9a288bf09def94387087e5866ffab2958516" + ], + "RepoTags": [ + "linuxserver/wireguard:1.0.20210914-r4-ls54" + ], + "RepoDigests": [ + "linuxserver/wireguard@sha256:366b3fb35663fcc58991a7681c2d714465b61de0e99f0ed32d1903213ef900de" + ], + "Reference": "linuxserver/wireguard:1.0.20210914-r4-ls54", + "ImageConfig": { + "architecture": "amd64", + "created": "2024-10-03T11:28:28.684432957Z", + "history": [ + { + "created": "2024-09-28T13:38:40.331226732Z", + "created_by": "COPY /root-out/ / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-09-28T13:38:40.40557434Z", + "created_by": "ARG BUILD_DATE=2024-09-28T13:36:59+00:00", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-09-28T13:38:40.40557434Z", + "created_by": "ARG VERSION=2a6ecb14-ls14", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-09-28T13:38:40.40557434Z", + "created_by": "ARG MODS_VERSION=v3", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-09-28T13:38:40.40557434Z", + "created_by": "ARG PKG_INST_VERSION=v1", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-09-28T13:38:40.40557434Z", + "created_by": "ARG LSIOWN_VERSION=v1", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-09-28T13:38:40.40557434Z", + "created_by": "LABEL build_version=Linuxserver.io version:- 2a6ecb14-ls14 Build-date:- 2024-09-28T13:36:59+00:00", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-09-28T13:38:40.40557434Z", + "created_by": "LABEL maintainer=TheLamer", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-09-28T13:38:40.40557434Z", + "created_by": "ADD --chmod=755 https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/docker-mods.v3 /docker-mods # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-09-28T13:38:40.449099667Z", + "created_by": "ADD --chmod=755 https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/package-install.v1 /etc/s6-overlay/s6-rc.d/init-mods-package-install/run # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-09-28T13:38:40.480697404Z", + "created_by": "ADD --chmod=755 https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/lsiown.v1 /usr/bin/lsiown # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-09-28T13:38:40.480697404Z", + "created_by": "ENV PS1=$(whoami)@$(hostname):$(pwd)\\$ HOME=/root TERM=xterm S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 S6_VERBOSITY=1 S6_STAGE2_HOOK=/docker-mods VIRTUAL_ENV=/lsiopy PATH=/lsiopy/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-09-28T13:38:42.461191Z", + "created_by": "RUN |5 BUILD_DATE=2024-09-28T13:36:59+00:00 VERSION=2a6ecb14-ls14 MODS_VERSION=v3 PKG_INST_VERSION=v1 LSIOWN_VERSION=v1 /bin/sh -c echo \"**** install runtime packages ****\" \u0026\u0026 apk add --no-cache alpine-release bash ca-certificates catatonit coreutils curl findutils jq netcat-openbsd procps-ng shadow tzdata \u0026\u0026 echo \"**** create abc user and make our folders ****\" \u0026\u0026 groupmod -g 1000 users \u0026\u0026 useradd -u 911 -U -d /config -s /bin/false abc \u0026\u0026 usermod -G users abc \u0026\u0026 mkdir -p /app /config /defaults /lsiopy \u0026\u0026 echo \"**** cleanup ****\" \u0026\u0026 rm -rf /tmp/* # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-09-28T13:38:42.53035672Z", + "created_by": "COPY root/ / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-09-28T13:38:42.53035672Z", + "created_by": "ENTRYPOINT [\"/init\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-10-03T11:28:28.643277213Z", + "created_by": "ENV LSIO_FIRST_PARTY=true", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-10-03T11:28:28.643277213Z", + "created_by": "ARG BUILD_DATE=2024-10-03T11:27:04+00:00", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-10-03T11:28:28.643277213Z", + "created_by": "ARG VERSION=1.0.20210914-r4-ls54", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-10-03T11:28:28.643277213Z", + "created_by": "ARG WIREGUARD_RELEASE", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-10-03T11:28:28.643277213Z", + "created_by": "LABEL build_version=Linuxserver.io version:- 1.0.20210914-r4-ls54 Build-date:- 2024-10-03T11:27:04+00:00", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-10-03T11:28:28.643277213Z", + "created_by": "LABEL maintainer=thespad", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-10-03T11:28:28.643277213Z", + "created_by": "RUN |3 BUILD_DATE=2024-10-03T11:27:04+00:00 VERSION=1.0.20210914-r4-ls54 WIREGUARD_RELEASE= /bin/sh -c echo \"**** install dependencies ****\" \u0026\u0026 apk add --no-cache bc coredns grep iproute2 iptables iptables-legacy ip6tables iputils kmod libcap-utils libqrencode-tools net-tools openresolv wireguard-tools \u0026\u0026 echo \"wireguard\" \u003e\u003e /etc/modules \u0026\u0026 cd /sbin \u0026\u0026 for i in ! !-save !-restore; do rm -rf iptables$(echo \"${i}\" | cut -c2-) \u0026\u0026 rm -rf ip6tables$(echo \"${i}\" | cut -c2-) \u0026\u0026 ln -s iptables-legacy$(echo \"${i}\" | cut -c2-) iptables$(echo \"${i}\" | cut -c2-) \u0026\u0026 ln -s ip6tables-legacy$(echo \"${i}\" | cut -c2-) ip6tables$(echo \"${i}\" | cut -c2-); done \u0026\u0026 sed -i 's|\\[\\[ $proto == -4 \\]\\] \u0026\u0026 cmd sysctl -q net\\.ipv4\\.conf\\.all\\.src_valid_mark=1|[[ $proto == -4 ]] \\\u0026\\\u0026 [[ $(sysctl -n net.ipv4.conf.all.src_valid_mark) != 1 ]] \\\u0026\\\u0026 cmd sysctl -q net.ipv4.conf.all.src_valid_mark=1|' /usr/bin/wg-quick \u0026\u0026 rm -rf /etc/wireguard \u0026\u0026 ln -s /config/wg_confs /etc/wireguard \u0026\u0026 printf \"Linuxserver.io version: ${VERSION}\\nBuild-date: ${BUILD_DATE}\" \u003e /build_version \u0026\u0026 echo \"**** clean up ****\" \u0026\u0026 rm -rf /tmp/* # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-10-03T11:28:28.684432957Z", + "created_by": "COPY /root / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-10-03T11:28:28.684432957Z", + "created_by": "EXPOSE map[51820/udp:{}]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33", + "sha256:8cf796425b7c1aeb4db19c2affb3e8d833cbad96e0b47d693b2ff19276400368", + "sha256:799b24214ac2010c522653a3ba544da09a3ea51fb09fda7f60ca77b378b7a451", + "sha256:1e9ddb120aa5a56687ddde743fba8a3da4c427a38935482869582e94c6b73ae8", + "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746", + "sha256:1636f1be3bfe0cb31548ddfc2af2d6a2a3f43b039e8eeebedce33033bbeb5efb", + "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a", + "sha256:2f00568f63073659c16e501b74cc9a288bf09def94387087e5866ffab2958516" + ] + }, + "config": { + "Entrypoint": [ + "/init" + ], + "Env": [ + "PATH=/lsiopy/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "PS1=$(whoami)@$(hostname):$(pwd)\\$ ", + "HOME=/root", + "TERM=xterm", + "S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0", + "S6_VERBOSITY=1", + "S6_STAGE2_HOOK=/docker-mods", + "VIRTUAL_ENV=/lsiopy", + "LSIO_FIRST_PARTY=true" + ], + "Labels": { + "build_version": "Linuxserver.io version:- 1.0.20210914-r4-ls54 Build-date:- 2024-10-03T11:27:04+00:00", + "maintainer": "thespad", + "org.opencontainers.image.authors": "linuxserver.io", + "org.opencontainers.image.created": "2024-10-03T11:27:04+00:00", + "org.opencontainers.image.description": "[WireGuard®](https://www.wireguard.com/) is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.", + "org.opencontainers.image.documentation": "https://docs.linuxserver.io/images/docker-wireguard", + "org.opencontainers.image.licenses": "GPL-3.0-only", + "org.opencontainers.image.ref.name": "b4f31ddcf8373009a86a723b3ec2e3662c82b535", + "org.opencontainers.image.revision": "b4f31ddcf8373009a86a723b3ec2e3662c82b535", + "org.opencontainers.image.source": "https://github.com/linuxserver/docker-wireguard", + "org.opencontainers.image.title": "Wireguard", + "org.opencontainers.image.url": "https://github.com/linuxserver/docker-wireguard/packages", + "org.opencontainers.image.vendor": "linuxserver.io", + "org.opencontainers.image.version": "1.0.20210914-r4-ls54" + }, + "WorkingDir": "/", + "ExposedPorts": { + "51820/udp": {} + } + } + }, + "Layers": [ + { + "Size": 13608960, + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + { + "Size": 27136, + "Digest": "sha256:df25a931801a3f099815b275c9959fb0ab6affd88255040d202d9317338dea43", + "DiffID": "sha256:8cf796425b7c1aeb4db19c2affb3e8d833cbad96e0b47d693b2ff19276400368" + }, + { + "Size": 8192, + "Digest": "sha256:ab0ddebe54a67a1fcdf3f9536a9e869be50b5205d556c8a646496a8e1ca6a048", + "DiffID": "sha256:799b24214ac2010c522653a3ba544da09a3ea51fb09fda7f60ca77b378b7a451" + }, + { + "Size": 3584, + "Digest": "sha256:19f39f464468ce65076a4d16a10067f5c016e48ed60b7576328a4b89d79b9ed7", + "DiffID": "sha256:1e9ddb120aa5a56687ddde743fba8a3da4c427a38935482869582e94c6b73ae8" + }, + { + "Size": 14794240, + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + { + "Size": 74240, + "Digest": "sha256:339ecd878087fb7b73b438de330b942245fe18c8275fc5bedc34e1542b91eca9", + "DiffID": "sha256:1636f1be3bfe0cb31548ddfc2af2d6a2a3f43b039e8eeebedce33033bbeb5efb" + }, + { + "Size": 71812608, + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + { + "Size": 45056, + "Digest": "sha256:fcae2373559cdc79d2a5f9e0cde437c82fddde7061e711dd5b1cf66de0a76f22", + "DiffID": "sha256:2f00568f63073659c16e501b74cc9a288bf09def94387087e5866ffab2958516" + } + ] + } + ], + "Results": [ + { + "Target": "linuxserver/wireguard:1.0.20210914-r4-ls54 (alpine 3.20.3)", + "Class": "os-pkgs", + "Type": "alpine", + "Packages": [ + { + "ID": "alpine-baselayout@3.6.5-r0", + "Name": "alpine-baselayout", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout@3.6.5-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "f831425e4ab9f6ea" + }, + "Version": "3.6.5-r0", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.6.5-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-baselayout-data@3.6.5-r0", + "busybox-binsh@1.36.1-r29" + ], + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "Digest": "sha1:a8a719fa3db7c6cb005e681086438ef1d1e76d6c", + "InstalledFiles": [ + "etc/motd", + "etc/crontabs/root", + "etc/modprobe.d/aliases.conf", + "etc/modprobe.d/blacklist.conf", + "etc/modprobe.d/i386.conf", + "etc/modprobe.d/kms.conf", + "etc/profile.d/20locale.sh", + "etc/profile.d/README", + "etc/profile.d/color_prompt.sh.disabled", + "lib/sysctl.d/00-alpine.conf", + "var/run", + "var/spool/mail", + "var/spool/cron/crontabs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-baselayout-data@3.6.5-r0", + "Name": "alpine-baselayout-data", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.6.5-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "85afdab525a9fa9b" + }, + "Version": "3.6.5-r0", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.6.5-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "Digest": "sha1:ee68a6fb02f7e62304b428b0404a2fc1e2fc353d", + "InstalledFiles": [ + "etc/fstab", + "etc/group", + "etc/hostname", + "etc/hosts", + "etc/inittab", + "etc/modules", + "etc/mtab", + "etc/nsswitch.conf", + "etc/passwd", + "etc/profile", + "etc/protocols", + "etc/services", + "etc/shadow", + "etc/shells", + "etc/sysctl.conf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-keys@2.4-r1", + "Name": "alpine-keys", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64\u0026distro=3.20.3", + "UID": "b576915115d327d5" + }, + "Version": "2.4-r1", + "Arch": "x86_64", + "SrcName": "alpine-keys", + "SrcVersion": "2.4-r1", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "Digest": "sha1:78ab5150a3919e474204e0f91972d1cf0a344f9d", + "InstalledFiles": [ + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-release@3.20.3-r0", + "Name": "alpine-release", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-release@3.20.3-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "77afb69bae9a106b" + }, + "Version": "3.20.3-r0", + "Arch": "x86_64", + "SrcName": "alpine-base", + "SrcVersion": "3.20.3-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-keys@2.4-r1" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:c56929e1a65a8322cff95f5766591fafd09aed9e", + "InstalledFiles": [ + "etc/alpine-release", + "etc/issue", + "etc/os-release", + "etc/secfixes.d/alpine" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "apk-tools@2.14.4-r0", + "Name": "apk-tools", + "Identifier": { + "PURL": "pkg:apk/alpine/apk-tools@2.14.4-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "53f26058667c8622" + }, + "Version": "2.14.4-r0", + "Arch": "x86_64", + "SrcName": "apk-tools", + "SrcVersion": "2.14.4-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "ca-certificates-bundle@20240705-r0", + "libcrypto3@3.3.2-r0", + "libssl3@3.3.2-r0", + "musl@1.2.5-r0", + "zlib@1.3.1-r1" + ], + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "Digest": "sha1:a8c5ec2451b123ac57e39b0cb6ceccdaf26d5099", + "InstalledFiles": [ + "lib/libapk.so.2.14.0", + "sbin/apk" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "bash@5.2.26-r0", + "Name": "bash", + "Identifier": { + "PURL": "pkg:apk/alpine/bash@5.2.26-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "fd910c89ac2ef2b5" + }, + "Version": "5.2.26-r0", + "Arch": "x86_64", + "SrcName": "bash", + "SrcVersion": "5.2.26-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.36.1-r29", + "musl@1.2.5-r0", + "readline@8.2.10-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:4fbc9b6abbbb735f61cbd80d59b40d75d5a2c853", + "InstalledFiles": [ + "bin/bash", + "etc/bash/bashrc", + "etc/profile.d/00-bashrc.sh", + "usr/lib/bash/accept", + "usr/lib/bash/basename", + "usr/lib/bash/csv", + "usr/lib/bash/cut", + "usr/lib/bash/dirname", + "usr/lib/bash/dsv", + "usr/lib/bash/fdflags", + "usr/lib/bash/finfo", + "usr/lib/bash/getconf", + "usr/lib/bash/head", + "usr/lib/bash/id", + "usr/lib/bash/ln", + "usr/lib/bash/logname", + "usr/lib/bash/mkdir", + "usr/lib/bash/mkfifo", + "usr/lib/bash/mktemp", + "usr/lib/bash/mypid", + "usr/lib/bash/pathchk", + "usr/lib/bash/print", + "usr/lib/bash/printenv", + "usr/lib/bash/push", + "usr/lib/bash/realpath", + "usr/lib/bash/rm", + "usr/lib/bash/rmdir", + "usr/lib/bash/seq", + "usr/lib/bash/setpgid", + "usr/lib/bash/sleep", + "usr/lib/bash/stat", + "usr/lib/bash/strftime", + "usr/lib/bash/sync", + "usr/lib/bash/tee", + "usr/lib/bash/truefalse", + "usr/lib/bash/tty", + "usr/lib/bash/uname", + "usr/lib/bash/unlink", + "usr/lib/bash/whoami" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "bc@1.07.1-r4", + "Name": "bc", + "Identifier": { + "PURL": "pkg:apk/alpine/bc@1.07.1-r4?arch=x86_64\u0026distro=3.20.3", + "UID": "23a0fb72a9dd6e2" + }, + "Version": "1.07.1-r4", + "Arch": "x86_64", + "SrcName": "bc", + "SrcVersion": "1.07.1-r4", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0", + "readline@8.2.10-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:5845bbf3f89b03778a7629ce23dc9d692bafa364", + "InstalledFiles": [ + "usr/bin/bc", + "usr/bin/dc" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "brotli-libs@1.1.0-r2", + "Name": "brotli-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/brotli-libs@1.1.0-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "5d43ec95bd9b8f91" + }, + "Version": "1.1.0-r2", + "Arch": "x86_64", + "SrcName": "brotli", + "SrcVersion": "1.1.0-r2", + "Licenses": [ + "MIT" + ], + "Maintainer": "prspkt \u003cprspkt@protonmail.com\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:bc58ba1128a8703ca7ab3d7097a07bf095d9ddcd", + "InstalledFiles": [ + "usr/lib/libbrotlicommon.so.1", + "usr/lib/libbrotlicommon.so.1.1.0", + "usr/lib/libbrotlidec.so.1", + "usr/lib/libbrotlidec.so.1.1.0", + "usr/lib/libbrotlienc.so.1", + "usr/lib/libbrotlienc.so.1.1.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox@1.36.1-r29", + "Name": "busybox", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox@1.36.1-r29?arch=x86_64\u0026distro=3.20.3", + "UID": "9dbf157a22e0026b" + }, + "Version": "1.36.1-r29", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.36.1-r29", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "Digest": "sha1:c98f2584c17556181e8098247177ea68d69b0c9c", + "InstalledFiles": [ + "bin/busybox", + "etc/securetty", + "etc/busybox-paths.d/busybox", + "etc/logrotate.d/acpid", + "etc/network/if-up.d/dad", + "etc/udhcpc/udhcpc.conf", + "usr/share/udhcpc/default.script" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox-binsh@1.36.1-r29", + "Name": "busybox-binsh", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.36.1-r29?arch=x86_64\u0026distro=3.20.3", + "UID": "4c63f123e59f14cd" + }, + "Version": "1.36.1-r29", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.36.1-r29", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "busybox@1.36.1-r29" + ], + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "Digest": "sha1:8758e1e06605e5818449aff862e105b80b6f34bf", + "InstalledFiles": [ + "bin/sh" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "c-ares@1.33.1-r0", + "Name": "c-ares", + "Identifier": { + "PURL": "pkg:apk/alpine/c-ares@1.33.1-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "4248b5f3df939df6" + }, + "Version": "1.33.1-r0", + "Arch": "x86_64", + "SrcName": "c-ares", + "SrcVersion": "1.33.1-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:53a5a70bfac8242c69a0c0e46fbdf16648e4cfd7", + "InstalledFiles": [ + "usr/lib/libcares.so.2", + "usr/lib/libcares.so.2.18.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates@20240705-r0", + "Name": "ca-certificates", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates@20240705-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "17625b661ccac1a8" + }, + "Version": "20240705-r0", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20240705-r0", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.36.1-r29", + "libcrypto3@3.3.2-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:f87752f100dc5cd7cd220fb0acc7ef2a8dce64ec", + "InstalledFiles": [ + "etc/ca-certificates.conf", + "etc/apk/protected_paths.d/ca-certificates.list", + "etc/ca-certificates/update.d/certhash", + "usr/bin/c_rehash", + "usr/sbin/update-ca-certificates", + "usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", + "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", + "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", + "usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", + "usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", + "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", + "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", + "usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", + "usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", + "usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", + "usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", + "usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", + "usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", + "usr/share/ca-certificates/mozilla/Certigna.crt", + "usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-01.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-02.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-01.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-02.crt", + "usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", + "usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", + "usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", + "usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G4.crt", + "usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", + "usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", + "usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", + "usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", + "usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", + "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", + "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", + "usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", + "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", + "usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", + "usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/Izenpe.com.crt", + "usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", + "usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", + "usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", + "usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", + "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", + "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", + "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", + "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", + "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", + "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", + "usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", + "usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", + "usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", + "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", + "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", + "usr/share/ca-certificates/mozilla/SecureSign_RootCA11.crt", + "usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", + "usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", + "usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", + "usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", + "usr/share/ca-certificates/mozilla/Security_Communication_RootCA3.crt", + "usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", + "usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", + "usr/share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt", + "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", + "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", + "usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", + "usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", + "usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", + "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", + "usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", + "usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", + "usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", + "usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", + "usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", + "usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", + "usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", + "usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", + "usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", + "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", + "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", + "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", + "usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", + "usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates-bundle@20240705-r0", + "Name": "ca-certificates-bundle", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates-bundle@20240705-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "3eee7d032ad5ff1a" + }, + "Version": "20240705-r0", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20240705-r0", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "Digest": "sha1:a927e8d0fd49c6cff7692a115ce237ed1bd62894", + "InstalledFiles": [ + "etc/ssl/cert.pem", + "etc/ssl/certs/ca-certificates.crt", + "etc/ssl1.1/cert.pem", + "etc/ssl1.1/certs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "catatonit@0.2.0-r0", + "Name": "catatonit", + "Identifier": { + "PURL": "pkg:apk/alpine/catatonit@0.2.0-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "def5b7093e46f779" + }, + "Version": "0.2.0-r0", + "Arch": "x86_64", + "SrcName": "catatonit", + "SrcVersion": "0.2.0-r0", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Michał Polański \u003cmichal@polanski.me\u003e", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:a70336616355d8a7a3958e9047690f9c4803e158", + "InstalledFiles": [ + "usr/bin/catatonit", + "usr/libexec/podman/catatonit" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "coredns@1.11.1-r9", + "Name": "coredns", + "Identifier": { + "PURL": "pkg:apk/alpine/coredns@1.11.1-r9?arch=x86_64\u0026distro=3.20.3", + "UID": "b4571c5dd52cb45d" + }, + "Version": "1.11.1-r9", + "Arch": "x86_64", + "SrcName": "coredns", + "SrcVersion": "1.11.1-r9", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Mark Pashmfouroush \u003cmark@markpash.me\u003e", + "DependsOn": [ + "busybox-binsh@1.36.1-r29", + "musl@1.2.5-r0", + "unbound-libs@1.20.0-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:8bcef7f97e9d63be2e0e8369bb12336148aa9c49", + "InstalledFiles": [ + "etc/logrotate.d/coredns", + "usr/bin/coredns" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "coreutils@9.5-r1", + "Name": "coreutils", + "Identifier": { + "PURL": "pkg:apk/alpine/coreutils@9.5-r1?arch=x86_64\u0026distro=3.20.3", + "UID": "9b1e19fe4f22a77e" + }, + "Version": "9.5-r1", + "Arch": "x86_64", + "SrcName": "coreutils", + "SrcVersion": "9.5-r1", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.36.1-r29", + "coreutils-env@9.5-r1", + "coreutils-fmt@9.5-r1", + "coreutils-sha512sum@9.5-r1", + "libacl@2.3.2-r0", + "libattr@2.5.2-r0", + "libcrypto3@3.3.2-r0", + "musl@1.2.5-r0", + "utmps-libs@0.1.2.2-r1" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:db95b051914f9628b6dfa966ae44e2c3f7166a34", + "InstalledFiles": [ + "bin/base64", + "bin/cat", + "bin/chgrp", + "bin/chmod", + "bin/chown", + "bin/cp", + "bin/date", + "bin/dd", + "bin/df", + "bin/echo", + "bin/false", + "bin/ln", + "bin/ls", + "bin/mkdir", + "bin/mknod", + "bin/mktemp", + "bin/mv", + "bin/nice", + "bin/printenv", + "bin/pwd", + "bin/rm", + "bin/rmdir", + "bin/sleep", + "bin/stat", + "bin/stty", + "bin/sync", + "bin/touch", + "bin/true", + "bin/uname", + "usr/bin/[", + "usr/bin/b2sum", + "usr/bin/base32", + "usr/bin/basename", + "usr/bin/basenc", + "usr/bin/chcon", + "usr/bin/cksum", + "usr/bin/comm", + "usr/bin/coreutils", + "usr/bin/csplit", + "usr/bin/cut", + "usr/bin/dir", + "usr/bin/dircolors", + "usr/bin/dirname", + "usr/bin/du", + "usr/bin/expand", + "usr/bin/expr", + "usr/bin/factor", + "usr/bin/fold", + "usr/bin/head", + "usr/bin/hostid", + "usr/bin/id", + "usr/bin/install", + "usr/bin/join", + "usr/bin/link", + "usr/bin/logname", + "usr/bin/md5sum", + "usr/bin/mkfifo", + "usr/bin/nl", + "usr/bin/nohup", + "usr/bin/nproc", + "usr/bin/numfmt", + "usr/bin/od", + "usr/bin/paste", + "usr/bin/pathchk", + "usr/bin/pinky", + "usr/bin/pr", + "usr/bin/printf", + "usr/bin/ptx", + "usr/bin/readlink", + "usr/bin/realpath", + "usr/bin/runcon", + "usr/bin/seq", + "usr/bin/sha1sum", + "usr/bin/sha224sum", + "usr/bin/sha256sum", + "usr/bin/sha384sum", + "usr/bin/shred", + "usr/bin/shuf", + "usr/bin/sort", + "usr/bin/split", + "usr/bin/stdbuf", + "usr/bin/sum", + "usr/bin/tac", + "usr/bin/tail", + "usr/bin/tee", + "usr/bin/test", + "usr/bin/timeout", + "usr/bin/tr", + "usr/bin/truncate", + "usr/bin/tsort", + "usr/bin/tty", + "usr/bin/unexpand", + "usr/bin/uniq", + "usr/bin/unlink", + "usr/bin/users", + "usr/bin/vdir", + "usr/bin/wc", + "usr/bin/who", + "usr/bin/whoami", + "usr/bin/yes", + "usr/libexec/coreutils/libstdbuf.so", + "usr/sbin/chroot" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "coreutils-env@9.5-r1", + "Name": "coreutils-env", + "Identifier": { + "PURL": "pkg:apk/alpine/coreutils-env@9.5-r1?arch=x86_64\u0026distro=3.20.3", + "UID": "ada6b68ffa41274d" + }, + "Version": "9.5-r1", + "Arch": "x86_64", + "SrcName": "coreutils", + "SrcVersion": "9.5-r1", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:cdda6e18d01984c0cfd3a4f18be2772f7c92b6e5", + "InstalledFiles": [ + "usr/bin/env" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "coreutils-fmt@9.5-r1", + "Name": "coreutils-fmt", + "Identifier": { + "PURL": "pkg:apk/alpine/coreutils-fmt@9.5-r1?arch=x86_64\u0026distro=3.20.3", + "UID": "310e73e52c943d35" + }, + "Version": "9.5-r1", + "Arch": "x86_64", + "SrcName": "coreutils", + "SrcVersion": "9.5-r1", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:63bdcf190a57d58c3f9dd1d7c2932b9927086b76", + "InstalledFiles": [ + "usr/bin/fmt" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "coreutils-sha512sum@9.5-r1", + "Name": "coreutils-sha512sum", + "Identifier": { + "PURL": "pkg:apk/alpine/coreutils-sha512sum@9.5-r1?arch=x86_64\u0026distro=3.20.3", + "UID": "b7d05cd9913379f3" + }, + "Version": "9.5-r1", + "Arch": "x86_64", + "SrcName": "coreutils", + "SrcVersion": "9.5-r1", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcrypto3@3.3.2-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:11a4c5db93f9d6f84b54b7f3b1f6227db8d35420", + "InstalledFiles": [ + "usr/bin/sha512sum" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "curl@8.9.1-r2", + "Name": "curl", + "Identifier": { + "PURL": "pkg:apk/alpine/curl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "3590c6e28b7cc208" + }, + "Version": "8.9.1-r2", + "Arch": "x86_64", + "SrcName": "curl", + "SrcVersion": "8.9.1-r2", + "Licenses": [ + "curl" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcurl@8.9.1-r2", + "musl@1.2.5-r0", + "zlib@1.3.1-r1" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:2a4b115a7fd1c8180708f71ae319308ffb1eee0d", + "InstalledFiles": [ + "usr/bin/curl" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "findutils@4.9.0-r5", + "Name": "findutils", + "Identifier": { + "PURL": "pkg:apk/alpine/findutils@4.9.0-r5?arch=x86_64\u0026distro=3.20.3", + "UID": "895d07a512653278" + }, + "Version": "4.9.0-r5", + "Arch": "x86_64", + "SrcName": "findutils", + "SrcVersion": "4.9.0-r5", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Michael Mason \u003cms13sp@gmail.com\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:9f33bd1b173b7164905b88cb5f31b8cd208031bf", + "InstalledFiles": [ + "usr/bin/find", + "usr/bin/xargs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "grep@3.11-r0", + "Name": "grep", + "Identifier": { + "PURL": "pkg:apk/alpine/grep@3.11-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "27e3ce194d349dd2" + }, + "Version": "3.11-r0", + "Arch": "x86_64", + "SrcName": "grep", + "SrcVersion": "3.11-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0", + "pcre2@10.43-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:af0146702fdff30812908c4a6ea007da0e66e54f", + "InstalledFiles": [ + "bin/egrep", + "bin/fgrep", + "bin/grep" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "iproute2@6.9.0-r0", + "Name": "iproute2", + "Identifier": { + "PURL": "pkg:apk/alpine/iproute2@6.9.0-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "dbf5c47b541c8fb3" + }, + "Version": "6.9.0-r0", + "Arch": "x86_64", + "SrcName": "iproute2", + "SrcVersion": "6.9.0-r0", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.36.1-r29", + "iproute2-minimal@6.9.0-r0", + "iproute2-ss@6.9.0-r0", + "iproute2-tc@6.9.0-r0", + "libcap2@2.70-r0", + "libmnl@1.0.5-r2", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:c61e61589360afecd6134600fb8da0dd4afd3deb", + "InstalledFiles": [ + "sbin/bridge", + "sbin/ctstat", + "sbin/genl", + "sbin/ifstat", + "sbin/lnstat", + "sbin/nstat", + "sbin/routel", + "sbin/rtacct", + "sbin/rtmon", + "sbin/rtstat" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "iproute2-minimal@6.9.0-r0", + "Name": "iproute2-minimal", + "Identifier": { + "PURL": "pkg:apk/alpine/iproute2-minimal@6.9.0-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "19c3070ab9981b5d" + }, + "Version": "6.9.0-r0", + "Arch": "x86_64", + "SrcName": "iproute2", + "SrcVersion": "6.9.0-r0", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcap2@2.70-r0", + "libelf@0.191-r0", + "libmnl@1.0.5-r2", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:bbed2277bad93f8cb2f265814225c5a9a148b222", + "InstalledFiles": [ + "sbin/ip", + "usr/share/iproute2/bpf_pinning", + "usr/share/iproute2/ematch_map", + "usr/share/iproute2/group", + "usr/share/iproute2/nl_protos", + "usr/share/iproute2/rt_dsfield", + "usr/share/iproute2/rt_protos", + "usr/share/iproute2/rt_realms", + "usr/share/iproute2/rt_scopes", + "usr/share/iproute2/rt_tables" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "iproute2-ss@6.9.0-r0", + "Name": "iproute2-ss", + "Identifier": { + "PURL": "pkg:apk/alpine/iproute2-ss@6.9.0-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "ce3157d6b7f793c7" + }, + "Version": "6.9.0-r0", + "Arch": "x86_64", + "SrcName": "iproute2", + "SrcVersion": "6.9.0-r0", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcap2@2.70-r0", + "libmnl@1.0.5-r2", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:5c562a5e764b55c92ad3f363980b442fbf7db2e2", + "InstalledFiles": [ + "sbin/ss" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "iproute2-tc@6.9.0-r0", + "Name": "iproute2-tc", + "Identifier": { + "PURL": "pkg:apk/alpine/iproute2-tc@6.9.0-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "1dbfc76aa5be1ed3" + }, + "Version": "6.9.0-r0", + "Arch": "x86_64", + "SrcName": "iproute2", + "SrcVersion": "6.9.0-r0", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcap2@2.70-r0", + "libelf@0.191-r0", + "libmnl@1.0.5-r2", + "libxtables@1.8.10-r3", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:bd55f18d1e0e626ebc32a6db124ff015fcc0fcad", + "InstalledFiles": [ + "sbin/tc", + "usr/lib/tc/experimental.dist", + "usr/lib/tc/normal.dist", + "usr/lib/tc/pareto.dist", + "usr/lib/tc/paretonormal.dist" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "iptables@1.8.10-r3", + "Name": "iptables", + "Identifier": { + "PURL": "pkg:apk/alpine/iptables@1.8.10-r3?arch=x86_64\u0026distro=3.20.3", + "UID": "9f102aa6e7718fb6" + }, + "Version": "1.8.10-r3", + "Arch": "x86_64", + "SrcName": "iptables", + "SrcVersion": "1.8.10-r3", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.36.1-r29", + "libmnl@1.0.5-r2", + "libnftnl@1.2.6-r0", + "libxtables@1.8.10-r3", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:a4bc81e3f91510205018e0166d4ce93507f572c8", + "InstalledFiles": [ + "etc/ethertypes", + "sbin/arptables", + "sbin/arptables-nft", + "sbin/arptables-nft-restore", + "sbin/arptables-nft-save", + "sbin/arptables-restore", + "sbin/arptables-save", + "sbin/ebtables", + "sbin/ebtables-nft", + "sbin/ebtables-nft-restore", + "sbin/ebtables-nft-save", + "sbin/ebtables-restore", + "sbin/ebtables-save", + "sbin/ebtables-translate", + "sbin/ip6tables", + "sbin/ip6tables-apply", + "sbin/ip6tables-nft", + "sbin/ip6tables-nft-restore", + "sbin/ip6tables-nft-save", + "sbin/ip6tables-restore", + "sbin/ip6tables-restore-translate", + "sbin/ip6tables-save", + "sbin/ip6tables-translate", + "sbin/iptables", + "sbin/iptables-apply", + "sbin/iptables-nft", + "sbin/iptables-nft-restore", + "sbin/iptables-nft-save", + "sbin/iptables-restore", + "sbin/iptables-restore-translate", + "sbin/iptables-save", + "sbin/iptables-translate", + "sbin/xtables-monitor", + "sbin/xtables-nft-multi", + "usr/lib/xtables/libarpt_mangle.so", + "usr/lib/xtables/libebt_802_3.so", + "usr/lib/xtables/libebt_among.so", + "usr/lib/xtables/libebt_arp.so", + "usr/lib/xtables/libebt_arpreply.so", + "usr/lib/xtables/libebt_dnat.so", + "usr/lib/xtables/libebt_ip.so", + "usr/lib/xtables/libebt_ip6.so", + "usr/lib/xtables/libebt_log.so", + "usr/lib/xtables/libebt_mark.so", + "usr/lib/xtables/libebt_mark_m.so", + "usr/lib/xtables/libebt_nflog.so", + "usr/lib/xtables/libebt_pkttype.so", + "usr/lib/xtables/libebt_redirect.so", + "usr/lib/xtables/libebt_snat.so", + "usr/lib/xtables/libebt_stp.so", + "usr/lib/xtables/libebt_vlan.so", + "usr/lib/xtables/libip6t_DNPT.so", + "usr/lib/xtables/libip6t_HL.so", + "usr/lib/xtables/libip6t_NETMAP.so", + "usr/lib/xtables/libip6t_REJECT.so", + "usr/lib/xtables/libip6t_SNPT.so", + "usr/lib/xtables/libip6t_ah.so", + "usr/lib/xtables/libip6t_dst.so", + "usr/lib/xtables/libip6t_eui64.so", + "usr/lib/xtables/libip6t_frag.so", + "usr/lib/xtables/libip6t_hbh.so", + "usr/lib/xtables/libip6t_hl.so", + "usr/lib/xtables/libip6t_icmp6.so", + "usr/lib/xtables/libip6t_ipv6header.so", + "usr/lib/xtables/libip6t_mh.so", + "usr/lib/xtables/libip6t_rt.so", + "usr/lib/xtables/libip6t_srh.so", + "usr/lib/xtables/libipt_CLUSTERIP.so", + "usr/lib/xtables/libipt_ECN.so", + "usr/lib/xtables/libipt_NETMAP.so", + "usr/lib/xtables/libipt_REJECT.so", + "usr/lib/xtables/libipt_TTL.so", + "usr/lib/xtables/libipt_ULOG.so", + "usr/lib/xtables/libipt_ah.so", + "usr/lib/xtables/libipt_icmp.so", + "usr/lib/xtables/libipt_realm.so", + "usr/lib/xtables/libipt_ttl.so", + "usr/lib/xtables/libxt_AUDIT.so", + "usr/lib/xtables/libxt_CHECKSUM.so", + "usr/lib/xtables/libxt_CLASSIFY.so", + "usr/lib/xtables/libxt_CONNMARK.so", + "usr/lib/xtables/libxt_CONNSECMARK.so", + "usr/lib/xtables/libxt_CT.so", + "usr/lib/xtables/libxt_DNAT.so", + "usr/lib/xtables/libxt_DSCP.so", + "usr/lib/xtables/libxt_HMARK.so", + "usr/lib/xtables/libxt_IDLETIMER.so", + "usr/lib/xtables/libxt_LED.so", + "usr/lib/xtables/libxt_LOG.so", + "usr/lib/xtables/libxt_MARK.so", + "usr/lib/xtables/libxt_MASQUERADE.so", + "usr/lib/xtables/libxt_NAT.so", + "usr/lib/xtables/libxt_NFLOG.so", + "usr/lib/xtables/libxt_NFQUEUE.so", + "usr/lib/xtables/libxt_NOTRACK.so", + "usr/lib/xtables/libxt_RATEEST.so", + "usr/lib/xtables/libxt_REDIRECT.so", + "usr/lib/xtables/libxt_SECMARK.so", + "usr/lib/xtables/libxt_SET.so", + "usr/lib/xtables/libxt_SNAT.so", + "usr/lib/xtables/libxt_SYNPROXY.so", + "usr/lib/xtables/libxt_TCPMSS.so", + "usr/lib/xtables/libxt_TCPOPTSTRIP.so", + "usr/lib/xtables/libxt_TEE.so", + "usr/lib/xtables/libxt_TOS.so", + "usr/lib/xtables/libxt_TPROXY.so", + "usr/lib/xtables/libxt_TRACE.so", + "usr/lib/xtables/libxt_addrtype.so", + "usr/lib/xtables/libxt_bpf.so", + "usr/lib/xtables/libxt_cgroup.so", + "usr/lib/xtables/libxt_cluster.so", + "usr/lib/xtables/libxt_comment.so", + "usr/lib/xtables/libxt_connbytes.so", + "usr/lib/xtables/libxt_connlimit.so", + "usr/lib/xtables/libxt_connmark.so", + "usr/lib/xtables/libxt_conntrack.so", + "usr/lib/xtables/libxt_cpu.so", + "usr/lib/xtables/libxt_dccp.so", + "usr/lib/xtables/libxt_devgroup.so", + "usr/lib/xtables/libxt_dscp.so", + "usr/lib/xtables/libxt_ecn.so", + "usr/lib/xtables/libxt_esp.so", + "usr/lib/xtables/libxt_hashlimit.so", + "usr/lib/xtables/libxt_helper.so", + "usr/lib/xtables/libxt_ipcomp.so", + "usr/lib/xtables/libxt_iprange.so", + "usr/lib/xtables/libxt_ipvs.so", + "usr/lib/xtables/libxt_length.so", + "usr/lib/xtables/libxt_limit.so", + "usr/lib/xtables/libxt_mac.so", + "usr/lib/xtables/libxt_mark.so", + "usr/lib/xtables/libxt_multiport.so", + "usr/lib/xtables/libxt_nfacct.so", + "usr/lib/xtables/libxt_osf.so", + "usr/lib/xtables/libxt_owner.so", + "usr/lib/xtables/libxt_physdev.so", + "usr/lib/xtables/libxt_pkttype.so", + "usr/lib/xtables/libxt_policy.so", + "usr/lib/xtables/libxt_quota.so", + "usr/lib/xtables/libxt_rateest.so", + "usr/lib/xtables/libxt_recent.so", + "usr/lib/xtables/libxt_rpfilter.so", + "usr/lib/xtables/libxt_sctp.so", + "usr/lib/xtables/libxt_set.so", + "usr/lib/xtables/libxt_socket.so", + "usr/lib/xtables/libxt_standard.so", + "usr/lib/xtables/libxt_state.so", + "usr/lib/xtables/libxt_statistic.so", + "usr/lib/xtables/libxt_string.so", + "usr/lib/xtables/libxt_tcp.so", + "usr/lib/xtables/libxt_tcpmss.so", + "usr/lib/xtables/libxt_time.so", + "usr/lib/xtables/libxt_tos.so", + "usr/lib/xtables/libxt_u32.so", + "usr/lib/xtables/libxt_udp.so", + "usr/share/xtables/iptables.xslt" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "iptables-legacy@1.8.10-r3", + "Name": "iptables-legacy", + "Identifier": { + "PURL": "pkg:apk/alpine/iptables-legacy@1.8.10-r3?arch=x86_64\u0026distro=3.20.3", + "UID": "21184db795b7fbff" + }, + "Version": "1.8.10-r3", + "Arch": "x86_64", + "SrcName": "iptables", + "SrcVersion": "1.8.10-r3", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libip4tc@1.8.10-r3", + "libip6tc@1.8.10-r3", + "libxtables@1.8.10-r3", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:7455abb73317d7e992f8590cac0166922d7f96b4", + "InstalledFiles": [ + "sbin/ip6tables-legacy", + "sbin/ip6tables-legacy-restore", + "sbin/ip6tables-legacy-save", + "sbin/iptables-legacy", + "sbin/iptables-legacy-restore", + "sbin/iptables-legacy-save", + "sbin/xtables-legacy-multi", + "usr/bin/iptables-xml" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "iputils@20240117-r0", + "Name": "iputils", + "Identifier": { + "PURL": "pkg:apk/alpine/iputils@20240117-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "5c4776212e1969ec" + }, + "Version": "20240117-r0", + "Arch": "x86_64", + "SrcName": "iputils", + "SrcVersion": "20240117-r0", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "iputils-arping@20240117-r0", + "iputils-clockdiff@20240117-r0", + "iputils-ping@20240117-r0", + "iputils-tracepath@20240117-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:b39e39ae31e5cd4633267f337741c32834ea1293", + "AnalyzedBy": "apk" + }, + { + "ID": "iputils-arping@20240117-r0", + "Name": "iputils-arping", + "Identifier": { + "PURL": "pkg:apk/alpine/iputils-arping@20240117-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "b3ff37a971d0df9b" + }, + "Version": "20240117-r0", + "Arch": "x86_64", + "SrcName": "iputils", + "SrcVersion": "20240117-r0", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcap2@2.70-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:dc4a98cc56e312ee02c7ed28ae86d682f05f9ac9", + "InstalledFiles": [ + "usr/sbin/arping" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "iputils-clockdiff@20240117-r0", + "Name": "iputils-clockdiff", + "Identifier": { + "PURL": "pkg:apk/alpine/iputils-clockdiff@20240117-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "ce3e815897ad006a" + }, + "Version": "20240117-r0", + "Arch": "x86_64", + "SrcName": "iputils", + "SrcVersion": "20240117-r0", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcap2@2.70-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:d7e78c70bf179f70f129758c2e4c59e91228aca5", + "InstalledFiles": [ + "usr/sbin/clockdiff" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "iputils-ping@20240117-r0", + "Name": "iputils-ping", + "Identifier": { + "PURL": "pkg:apk/alpine/iputils-ping@20240117-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "88fd811ce687ea71" + }, + "Version": "20240117-r0", + "Arch": "x86_64", + "SrcName": "iputils", + "SrcVersion": "20240117-r0", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcap2@2.70-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:ea41b4dc2da620da895c18d8dbf791b70e2a6bd1", + "InstalledFiles": [ + "bin/ping", + "bin/ping6" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "iputils-tracepath@20240117-r0", + "Name": "iputils-tracepath", + "Identifier": { + "PURL": "pkg:apk/alpine/iputils-tracepath@20240117-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "b5f8bd1ce890fdd9" + }, + "Version": "20240117-r0", + "Arch": "x86_64", + "SrcName": "iputils", + "SrcVersion": "20240117-r0", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:04ab8a74626348da18b329a8aaf12d41bdfe34bb", + "InstalledFiles": [ + "usr/sbin/tracepath", + "usr/sbin/tracepath6" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "jq@1.7.1-r0", + "Name": "jq", + "Identifier": { + "PURL": "pkg:apk/alpine/jq@1.7.1-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "a85e7d55b2203540" + }, + "Version": "1.7.1-r0", + "Arch": "x86_64", + "SrcName": "jq", + "SrcVersion": "1.7.1-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Patrycja Rosa \u003calpine@ptrcnull.me\u003e", + "DependsOn": [ + "musl@1.2.5-r0", + "oniguruma@6.9.9-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:db874e07e38cd4863d8cf235966dbb713eb0bc4c", + "InstalledFiles": [ + "usr/bin/jq", + "usr/lib/libjq.so.1", + "usr/lib/libjq.so.1.0.4" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "kmod@32-r0", + "Name": "kmod", + "Identifier": { + "PURL": "pkg:apk/alpine/kmod@32-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "399102bb7b20c1a6" + }, + "Version": "32-r0", + "Arch": "x86_64", + "SrcName": "kmod", + "SrcVersion": "32-r0", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.36.1-r29", + "libcrypto3@3.3.2-r0", + "musl@1.2.5-r0", + "xz-libs@5.6.2-r0", + "zlib@1.3.1-r1", + "zstd-libs@1.5.6-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:2c573c8376a20498a8e870af2aaf02e462caf785", + "InstalledFiles": [ + "bin/depmod", + "bin/insmod", + "bin/kmod", + "bin/lsmod", + "bin/modinfo", + "bin/modprobe", + "bin/rmmod", + "sbin/depmod", + "sbin/insmod", + "sbin/lsmod", + "sbin/modinfo", + "sbin/modprobe", + "sbin/rmmod" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libacl@2.3.2-r0", + "Name": "libacl", + "Identifier": { + "PURL": "pkg:apk/alpine/libacl@2.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "3aef225ef60a107f" + }, + "Version": "2.3.2-r0", + "Arch": "x86_64", + "SrcName": "acl", + "SrcVersion": "2.3.2-r0", + "Licenses": [ + "LGPL-2.1-or-later", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:eac92152414664eed36c39ea29c97360b1194867", + "InstalledFiles": [ + "lib/libacl.so.1", + "lib/libacl.so.1.1.2302" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libattr@2.5.2-r0", + "Name": "libattr", + "Identifier": { + "PURL": "pkg:apk/alpine/libattr@2.5.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "687b918a456213c8" + }, + "Version": "2.5.2-r0", + "Arch": "x86_64", + "SrcName": "attr", + "SrcVersion": "2.5.2-r0", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:358e2a6078f8cf6625bc58d181380f42fdfc342b", + "InstalledFiles": [ + "lib/libattr.so.1", + "lib/libattr.so.1.1.2502" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libbsd@0.12.2-r0", + "Name": "libbsd", + "Identifier": { + "PURL": "pkg:apk/alpine/libbsd@0.12.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "172597f0b99393b" + }, + "Version": "0.12.2-r0", + "Arch": "x86_64", + "SrcName": "libbsd", + "SrcVersion": "0.12.2-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libmd@1.1.0-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:77cdd05ac1f7daa54b2331c822265cf6542c8f6f", + "InstalledFiles": [ + "usr/lib/libbsd.so.0", + "usr/lib/libbsd.so.0.12.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcap-getcap@2.70-r0", + "Name": "libcap-getcap", + "Identifier": { + "PURL": "pkg:apk/alpine/libcap-getcap@2.70-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "2e9f7399f8a4acb1" + }, + "Version": "2.70-r0", + "Arch": "x86_64", + "SrcName": "libcap", + "SrcVersion": "2.70-r0", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcap2@2.70-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:9f5949c3759156dd0c4ddd51b77c7eeb1827a522", + "InstalledFiles": [ + "usr/sbin/getcap" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcap-setcap@2.70-r0", + "Name": "libcap-setcap", + "Identifier": { + "PURL": "pkg:apk/alpine/libcap-setcap@2.70-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "7ead01c20c7fdb89" + }, + "Version": "2.70-r0", + "Arch": "x86_64", + "SrcName": "libcap", + "SrcVersion": "2.70-r0", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcap2@2.70-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:1b481865bb62ccad132e974eed1b2bcf91974a84", + "InstalledFiles": [ + "usr/sbin/setcap" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcap-utils@2.70-r0", + "Name": "libcap-utils", + "Identifier": { + "PURL": "pkg:apk/alpine/libcap-utils@2.70-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "2af2246a4520124f" + }, + "Version": "2.70-r0", + "Arch": "x86_64", + "SrcName": "libcap", + "SrcVersion": "2.70-r0", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcap-getcap@2.70-r0", + "libcap-setcap@2.70-r0", + "libcap2@2.70-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:9d0846422786d2955f9a2e6b8bd082753daefedd", + "InstalledFiles": [ + "usr/sbin/capsh", + "usr/sbin/getpcaps" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcap2@2.70-r0", + "Name": "libcap2", + "Identifier": { + "PURL": "pkg:apk/alpine/libcap2@2.70-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "fdb8fa1749c0da49" + }, + "Version": "2.70-r0", + "Arch": "x86_64", + "SrcName": "libcap", + "SrcVersion": "2.70-r0", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:36d62e0793057eade6594a1dfd7e0fe6fdbc26e1", + "InstalledFiles": [ + "usr/lib/libcap.so.2", + "usr/lib/libcap.so.2.70", + "usr/lib/libpsx.so.2", + "usr/lib/libpsx.so.2.70" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcrypto3@3.3.2-r0", + "Name": "libcrypto3", + "Identifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "1f07265a9a4c81e3" + }, + "Version": "3.3.2-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.3.2-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "Digest": "sha1:9bf0618d6c5fa68e03e5c2bb47d179320f7576ba", + "InstalledFiles": [ + "etc/ssl/ct_log_list.cnf", + "etc/ssl/ct_log_list.cnf.dist", + "etc/ssl/openssl.cnf", + "etc/ssl/openssl.cnf.dist", + "lib/libcrypto.so.3", + "usr/lib/libcrypto.so.3", + "usr/lib/engines-3/afalg.so", + "usr/lib/engines-3/capi.so", + "usr/lib/engines-3/loader_attic.so", + "usr/lib/engines-3/padlock.so", + "usr/lib/ossl-modules/legacy.so" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcurl@8.9.1-r2", + "Name": "libcurl", + "Identifier": { + "PURL": "pkg:apk/alpine/libcurl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "2ba374c8fc8f948f" + }, + "Version": "8.9.1-r2", + "Arch": "x86_64", + "SrcName": "curl", + "SrcVersion": "8.9.1-r2", + "Licenses": [ + "curl" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "brotli-libs@1.1.0-r2", + "c-ares@1.33.1-r0", + "ca-certificates@20240705-r0", + "libcrypto3@3.3.2-r0", + "libidn2@2.3.7-r0", + "libpsl@0.21.5-r1", + "libssl3@3.3.2-r0", + "musl@1.2.5-r0", + "nghttp2-libs@1.62.1-r0", + "zlib@1.3.1-r1", + "zstd-libs@1.5.6-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:a09d55380a33f12aa82f49e3fae0e53f7e433587", + "InstalledFiles": [ + "usr/lib/libcurl.so.4", + "usr/lib/libcurl.so.4.8.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libelf@0.191-r0", + "Name": "libelf", + "Identifier": { + "PURL": "pkg:apk/alpine/libelf@0.191-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "7d393dcfda903529" + }, + "Version": "0.191-r0", + "Arch": "x86_64", + "SrcName": "elfutils", + "SrcVersion": "0.191-r0", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-2.0-or-later", + "LGPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0", + "zlib@1.3.1-r1", + "zstd-libs@1.5.6-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:981d29d25f7ebd2043c571afebfb59675245c9bf", + "InstalledFiles": [ + "usr/lib/libelf-0.191.so", + "usr/lib/libelf.so.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libevent@2.1.12-r7", + "Name": "libevent", + "Identifier": { + "PURL": "pkg:apk/alpine/libevent@2.1.12-r7?arch=x86_64\u0026distro=3.20.3", + "UID": "8ec3d0ad20194f50" + }, + "Version": "2.1.12-r7", + "Arch": "x86_64", + "SrcName": "libevent", + "SrcVersion": "2.1.12-r7", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcrypto3@3.3.2-r0", + "libssl3@3.3.2-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:7c30b99dcb6359ecb8167c46c3a2a28a9e33aca5", + "InstalledFiles": [ + "usr/lib/libevent-2.1.so.7", + "usr/lib/libevent-2.1.so.7.0.1", + "usr/lib/libevent_core-2.1.so.7", + "usr/lib/libevent_core-2.1.so.7.0.1", + "usr/lib/libevent_extra-2.1.so.7", + "usr/lib/libevent_extra-2.1.so.7.0.1", + "usr/lib/libevent_openssl-2.1.so.7", + "usr/lib/libevent_openssl-2.1.so.7.0.1", + "usr/lib/libevent_pthreads-2.1.so.7", + "usr/lib/libevent_pthreads-2.1.so.7.0.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libidn2@2.3.7-r0", + "Name": "libidn2", + "Identifier": { + "PURL": "pkg:apk/alpine/libidn2@2.3.7-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "a36f92905da9a0" + }, + "Version": "2.3.7-r0", + "Arch": "x86_64", + "SrcName": "libidn2", + "SrcVersion": "2.3.7-r0", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libunistring@1.2-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:02629e610eec8b3f8fc422bec27b3b2359d5c962", + "InstalledFiles": [ + "usr/lib/libidn2.so.0", + "usr/lib/libidn2.so.0.4.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libintl@0.22.5-r0", + "Name": "libintl", + "Identifier": { + "PURL": "pkg:apk/alpine/libintl@0.22.5-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "b2aa65e57d55fe51" + }, + "Version": "0.22.5-r0", + "Arch": "x86_64", + "SrcName": "gettext", + "SrcVersion": "0.22.5-r0", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:e4653097ace0aed3ee1d0189be1155684458880d", + "InstalledFiles": [ + "usr/lib/libintl.so.8", + "usr/lib/libintl.so.8.4.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libip4tc@1.8.10-r3", + "Name": "libip4tc", + "Identifier": { + "PURL": "pkg:apk/alpine/libip4tc@1.8.10-r3?arch=x86_64\u0026distro=3.20.3", + "UID": "4b93dfc0c4c88429" + }, + "Version": "1.8.10-r3", + "Arch": "x86_64", + "SrcName": "iptables", + "SrcVersion": "1.8.10-r3", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:d27e94f20872901b4c22fd0c0966c7ca3fd67716", + "InstalledFiles": [ + "usr/lib/libip4tc.so.2", + "usr/lib/libip4tc.so.2.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libip6tc@1.8.10-r3", + "Name": "libip6tc", + "Identifier": { + "PURL": "pkg:apk/alpine/libip6tc@1.8.10-r3?arch=x86_64\u0026distro=3.20.3", + "UID": "f38fbd2df9cd613" + }, + "Version": "1.8.10-r3", + "Arch": "x86_64", + "SrcName": "iptables", + "SrcVersion": "1.8.10-r3", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:07b3cf845fdad8da6cb26c1318a1e73c1486a3e2", + "InstalledFiles": [ + "usr/lib/libip6tc.so.2", + "usr/lib/libip6tc.so.2.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libmd@1.1.0-r0", + "Name": "libmd", + "Identifier": { + "PURL": "pkg:apk/alpine/libmd@1.1.0-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "965d6d33e5a44093" + }, + "Version": "1.1.0-r0", + "Arch": "x86_64", + "SrcName": "libmd", + "SrcVersion": "1.1.0-r0", + "Licenses": [ + "BSD-3-Clause", + "BSD-2-Clause", + "ISC", + "Beerware", + "Public", + "Domain" + ], + "Maintainer": "omni \u003comni+alpine@hack.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:9f88c37987a5d25c3e536e0aaab3ecea413e4d94", + "InstalledFiles": [ + "usr/lib/libmd.so.0", + "usr/lib/libmd.so.0.1.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libmnl@1.0.5-r2", + "Name": "libmnl", + "Identifier": { + "PURL": "pkg:apk/alpine/libmnl@1.0.5-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "f254bead19a6f1a1" + }, + "Version": "1.0.5-r2", + "Arch": "x86_64", + "SrcName": "libmnl", + "SrcVersion": "1.0.5-r2", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:c8f07f901cbe6e64dd1c0346056483aa5bf6494b", + "InstalledFiles": [ + "usr/lib/libmnl.so.0", + "usr/lib/libmnl.so.0.2.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libncursesw@6.4_p20240420-r1", + "Name": "libncursesw", + "Identifier": { + "PURL": "pkg:apk/alpine/libncursesw@6.4_p20240420-r1?arch=x86_64\u0026distro=3.20.3", + "UID": "380e2483755d26ce" + }, + "Version": "6.4_p20240420-r1", + "Arch": "x86_64", + "SrcName": "ncurses", + "SrcVersion": "6.4_p20240420-r1", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0", + "ncurses-terminfo-base@6.4_p20240420-r1" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:ea11d954db1aef9ade8abe50bf3870c994a39c70", + "InstalledFiles": [ + "usr/lib/libncursesw.so.6", + "usr/lib/libncursesw.so.6.4" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libnftnl@1.2.6-r0", + "Name": "libnftnl", + "Identifier": { + "PURL": "pkg:apk/alpine/libnftnl@1.2.6-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "cdc849f7051784d0" + }, + "Version": "1.2.6-r0", + "Arch": "x86_64", + "SrcName": "libnftnl", + "SrcVersion": "1.2.6-r0", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", + "DependsOn": [ + "libmnl@1.0.5-r2", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:fb069ebafae8c7cc06a6dbed27724714d5cfa57b", + "InstalledFiles": [ + "usr/lib/libnftnl.so.11", + "usr/lib/libnftnl.so.11.6.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libpng@1.6.44-r0", + "Name": "libpng", + "Identifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e29ba48026f32d89" + }, + "Version": "1.6.44-r0", + "Arch": "x86_64", + "SrcName": "libpng", + "SrcVersion": "1.6.44-r0", + "Licenses": [ + "Libpng" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0", + "zlib@1.3.1-r1" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:3fc66dc77509d5afcd2aac36cb2f92108fdfcc23", + "InstalledFiles": [ + "usr/lib/libpng16.so.16", + "usr/lib/libpng16.so.16.44.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libproc2@4.0.4-r0", + "Name": "libproc2", + "Identifier": { + "PURL": "pkg:apk/alpine/libproc2@4.0.4-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "70ae2163926d9037" + }, + "Version": "4.0.4-r0", + "Arch": "x86_64", + "SrcName": "procps-ng", + "SrcVersion": "4.0.4-r0", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:9cca2d1b39191864fe89116bf9c3b3aab5d0ccb9", + "InstalledFiles": [ + "lib/libproc2.so.0", + "lib/libproc2.so.0.0.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libpsl@0.21.5-r1", + "Name": "libpsl", + "Identifier": { + "PURL": "pkg:apk/alpine/libpsl@0.21.5-r1?arch=x86_64\u0026distro=3.20.3", + "UID": "8760b1e6c7f9e61c" + }, + "Version": "0.21.5-r1", + "Arch": "x86_64", + "SrcName": "libpsl", + "SrcVersion": "0.21.5-r1", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libidn2@2.3.7-r0", + "libunistring@1.2-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:1f1e660c761dadb2614c0f573ea6ef2be8649206", + "InstalledFiles": [ + "usr/lib/libpsl.so.5", + "usr/lib/libpsl.so.5.3.5" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libqrencode@4.1.1-r2", + "Name": "libqrencode", + "Identifier": { + "PURL": "pkg:apk/alpine/libqrencode@4.1.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "6a6294b6dbd10ecf" + }, + "Version": "4.1.1-r2", + "Arch": "x86_64", + "SrcName": "libqrencode", + "SrcVersion": "4.1.1-r2", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:8ab385c2b299cdcf51e0a72c848edc9428b4c0a0", + "InstalledFiles": [ + "usr/lib/libqrencode.so.4", + "usr/lib/libqrencode.so.4.1.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libqrencode-tools@4.1.1-r2", + "Name": "libqrencode-tools", + "Identifier": { + "PURL": "pkg:apk/alpine/libqrencode-tools@4.1.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "2b353137288f0b74" + }, + "Version": "4.1.1-r2", + "Arch": "x86_64", + "SrcName": "libqrencode", + "SrcVersion": "4.1.1-r2", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libpng@1.6.44-r0", + "libqrencode@4.1.1-r2", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:de64bbf0ee1af6f8ef7626d5ec235726f3a37411", + "InstalledFiles": [ + "usr/bin/qrencode" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libssl3@3.3.2-r0", + "Name": "libssl3", + "Identifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "c6ddd7b4b8d1fc36" + }, + "Version": "3.3.2-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.3.2-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcrypto3@3.3.2-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "Digest": "sha1:f81052a84c5e1028fe4db48e94c94ab1a826a898", + "InstalledFiles": [ + "lib/libssl.so.3", + "usr/lib/libssl.so.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libunistring@1.2-r0", + "Name": "libunistring", + "Identifier": { + "PURL": "pkg:apk/alpine/libunistring@1.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "ae41cff06c3deb9e" + }, + "Version": "1.2-r0", + "Arch": "x86_64", + "SrcName": "libunistring", + "SrcVersion": "1.2-r0", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:1ff86ed40752102a6c84ece085ae89ac88c74c5a", + "InstalledFiles": [ + "usr/lib/libunistring.so.5", + "usr/lib/libunistring.so.5.1.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libxtables@1.8.10-r3", + "Name": "libxtables", + "Identifier": { + "PURL": "pkg:apk/alpine/libxtables@1.8.10-r3?arch=x86_64\u0026distro=3.20.3", + "UID": "ac7531315c20e326" + }, + "Version": "1.8.10-r3", + "Arch": "x86_64", + "SrcName": "iptables", + "SrcVersion": "1.8.10-r3", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:3f331bf2d5660c02a82152f272b8d11c3744221d", + "InstalledFiles": [ + "usr/lib/libxtables.so.12", + "usr/lib/libxtables.so.12.7.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "linux-pam@1.6.0-r0", + "Name": "linux-pam", + "Identifier": { + "PURL": "pkg:apk/alpine/linux-pam@1.6.0-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e75124828b58d10e" + }, + "Version": "1.6.0-r0", + "Arch": "x86_64", + "SrcName": "linux-pam", + "SrcVersion": "1.6.0-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0", + "utmps-libs@0.1.2.2-r1" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:3e55a9b590f857dd12a1fca8b31d9db184fc74f0", + "InstalledFiles": [ + "etc/environment", + "etc/pam.d/base-account", + "etc/pam.d/base-auth", + "etc/pam.d/base-password", + "etc/pam.d/base-session", + "etc/pam.d/base-session-noninteractive", + "etc/pam.d/login", + "etc/pam.d/other", + "etc/pam.d/su", + "etc/security/access.conf", + "etc/security/faillock.conf", + "etc/security/group.conf", + "etc/security/limits.conf", + "etc/security/namespace.conf", + "etc/security/namespace.init", + "etc/security/pam_env.conf", + "etc/security/pwhistory.conf", + "etc/security/time.conf", + "lib/libpam.so.0", + "lib/libpam.so.0.85.1", + "lib/libpam_misc.so.0", + "lib/libpam_misc.so.0.82.1", + "lib/libpamc.so.0", + "lib/libpamc.so.0.82.1", + "lib/security/pam_access.so", + "lib/security/pam_canonicalize_user.so", + "lib/security/pam_debug.so", + "lib/security/pam_deny.so", + "lib/security/pam_echo.so", + "lib/security/pam_env.so", + "lib/security/pam_exec.so", + "lib/security/pam_faildelay.so", + "lib/security/pam_faillock.so", + "lib/security/pam_filter.so", + "lib/security/pam_ftp.so", + "lib/security/pam_group.so", + "lib/security/pam_issue.so", + "lib/security/pam_keyinit.so", + "lib/security/pam_limits.so", + "lib/security/pam_listfile.so", + "lib/security/pam_localuser.so", + "lib/security/pam_loginuid.so", + "lib/security/pam_mail.so", + "lib/security/pam_mkhomedir.so", + "lib/security/pam_motd.so", + "lib/security/pam_namespace.so", + "lib/security/pam_nologin.so", + "lib/security/pam_permit.so", + "lib/security/pam_pwhistory.so", + "lib/security/pam_rootok.so", + "lib/security/pam_securetty.so", + "lib/security/pam_setquota.so", + "lib/security/pam_shells.so", + "lib/security/pam_stress.so", + "lib/security/pam_succeed_if.so", + "lib/security/pam_time.so", + "lib/security/pam_timestamp.so", + "lib/security/pam_umask.so", + "lib/security/pam_unix.so", + "lib/security/pam_usertype.so", + "lib/security/pam_warn.so", + "lib/security/pam_wheel.so", + "lib/security/pam_xauth.so", + "lib/security/pam_filter/upperLOWER", + "sbin/faillock", + "sbin/mkhomedir_helper", + "sbin/pam_namespace_helper", + "sbin/pam_timestamp_check", + "sbin/pwhistory_helper", + "sbin/unix_chkpwd", + "sbin/unix_update" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "mii-tool@2.10-r3", + "Name": "mii-tool", + "Identifier": { + "PURL": "pkg:apk/alpine/mii-tool@2.10-r3?arch=x86_64\u0026distro=3.20.3", + "UID": "f018b55be68ae905" + }, + "Version": "2.10-r3", + "Arch": "x86_64", + "SrcName": "net-tools", + "SrcVersion": "2.10-r3", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:49238c70fc68ee52895c53b4943cd323efd4e29d", + "InstalledFiles": [ + "sbin/mii-tool" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl@1.2.5-r0", + "Name": "musl", + "Identifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "d76e86ca8c96b6ac" + }, + "Version": "1.2.5-r0", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.5-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "Digest": "sha1:3d2da235e1c31f7045e9382a48cbbfa5c7375c86", + "InstalledFiles": [ + "lib/ld-musl-x86_64.so.1", + "lib/libc.musl-x86_64.so.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl-utils@1.2.5-r0", + "Name": "musl-utils", + "Identifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "a313fc68c87a2f4d" + }, + "Version": "1.2.5-r0", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.5-r0", + "Licenses": [ + "MIT", + "BSD-2-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0", + "scanelf@1.3.7-r2" + ], + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "Digest": "sha1:e11671e426dc2d8189155906d007c39be1eb1367", + "InstalledFiles": [ + "sbin/ldconfig", + "usr/bin/getconf", + "usr/bin/getent", + "usr/bin/iconv", + "usr/bin/ldd" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ncurses-terminfo-base@6.4_p20240420-r1", + "Name": "ncurses-terminfo-base", + "Identifier": { + "PURL": "pkg:apk/alpine/ncurses-terminfo-base@6.4_p20240420-r1?arch=x86_64\u0026distro=3.20.3", + "UID": "fb917cecc9ff879e" + }, + "Version": "6.4_p20240420-r1", + "Arch": "x86_64", + "SrcName": "ncurses", + "SrcVersion": "6.4_p20240420-r1", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:b94ecaed3ab420de295b36edb80b60ce311c4239", + "InstalledFiles": [ + "etc/terminfo/a/alacritty", + "etc/terminfo/a/ansi", + "etc/terminfo/d/dumb", + "etc/terminfo/g/gnome", + "etc/terminfo/g/gnome-256color", + "etc/terminfo/k/konsole", + "etc/terminfo/k/konsole-256color", + "etc/terminfo/k/konsole-linux", + "etc/terminfo/l/linux", + "etc/terminfo/p/putty", + "etc/terminfo/p/putty-256color", + "etc/terminfo/r/rxvt", + "etc/terminfo/r/rxvt-256color", + "etc/terminfo/s/screen", + "etc/terminfo/s/screen-256color", + "etc/terminfo/s/st-0.6", + "etc/terminfo/s/st-0.7", + "etc/terminfo/s/st-0.8", + "etc/terminfo/s/st-16color", + "etc/terminfo/s/st-256color", + "etc/terminfo/s/st-direct", + "etc/terminfo/s/sun", + "etc/terminfo/t/terminator", + "etc/terminfo/t/terminology", + "etc/terminfo/t/terminology-0.6.1", + "etc/terminfo/t/terminology-1.0.0", + "etc/terminfo/t/terminology-1.8.1", + "etc/terminfo/t/tmux", + "etc/terminfo/t/tmux-256color", + "etc/terminfo/v/vt100", + "etc/terminfo/v/vt102", + "etc/terminfo/v/vt200", + "etc/terminfo/v/vt220", + "etc/terminfo/v/vt52", + "etc/terminfo/v/vte", + "etc/terminfo/v/vte-256color", + "etc/terminfo/x/xterm", + "etc/terminfo/x/xterm-256color", + "etc/terminfo/x/xterm-color", + "etc/terminfo/x/xterm-xfree86" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "net-tools@2.10-r3", + "Name": "net-tools", + "Identifier": { + "PURL": "pkg:apk/alpine/net-tools@2.10-r3?arch=x86_64\u0026distro=3.20.3", + "UID": "6902e73bb63d23c2" + }, + "Version": "2.10-r3", + "Arch": "x86_64", + "SrcName": "net-tools", + "SrcVersion": "2.10-r3", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "mii-tool@2.10-r3", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:7477f3fc0aab7592d8fab926630b0b14171f7702", + "InstalledFiles": [ + "bin/dnsdomainname", + "bin/domainname", + "bin/hostname", + "bin/netstat", + "bin/nisdomainname", + "bin/route", + "bin/ypdomainname", + "sbin/arp", + "sbin/ifconfig", + "sbin/ipmaddr", + "sbin/iptunnel", + "sbin/nameif", + "sbin/plipconfig", + "sbin/rarp", + "sbin/slattach" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "netcat-openbsd@1.226-r0", + "Name": "netcat-openbsd", + "Identifier": { + "PURL": "pkg:apk/alpine/netcat-openbsd@1.226-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "9a32d2978a7cdc46" + }, + "Version": "1.226-r0", + "Arch": "x86_64", + "SrcName": "netcat-openbsd", + "SrcVersion": "1.226-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Leonardo Arena \u003crnalrd@alpinelinux.org\u003e", + "DependsOn": [ + "libbsd@0.12.2-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:05e1a042c544d3117b1dc96391e1b6d543e269fe", + "InstalledFiles": [ + "usr/bin/nc" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "nghttp2-libs@1.62.1-r0", + "Name": "nghttp2-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/nghttp2-libs@1.62.1-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "42b2705c1dbc8035" + }, + "Version": "1.62.1-r0", + "Arch": "x86_64", + "SrcName": "nghttp2", + "SrcVersion": "1.62.1-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:2c38b5b57527b4b61a9e954543ade9367c9663f9", + "InstalledFiles": [ + "usr/lib/libnghttp2.so.14", + "usr/lib/libnghttp2.so.14.28.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "oniguruma@6.9.9-r0", + "Name": "oniguruma", + "Identifier": { + "PURL": "pkg:apk/alpine/oniguruma@6.9.9-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "ab491550022f752b" + }, + "Version": "6.9.9-r0", + "Arch": "x86_64", + "SrcName": "oniguruma", + "SrcVersion": "6.9.9-r0", + "Licenses": [ + "BSD-2-Clause" + ], + "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:2c29b1278471ca8cc10785dfd7a1a4c84444fe05", + "InstalledFiles": [ + "usr/lib/libonig.so.5", + "usr/lib/libonig.so.5.4.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "openresolv@3.13.2-r0", + "Name": "openresolv", + "Identifier": { + "PURL": "pkg:apk/alpine/openresolv@3.13.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "50f378b73a425ca" + }, + "Version": "3.13.2-r0", + "Arch": "x86_64", + "SrcName": "openresolv", + "SrcVersion": "3.13.2-r0", + "Licenses": [ + "BSD-2-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:cbe9ba4c51769f47315127ce2a17c3317583d3ce", + "InstalledFiles": [ + "etc/resolvconf.conf", + "lib/resolvconf/dnsmasq", + "lib/resolvconf/libc", + "lib/resolvconf/named", + "lib/resolvconf/pdns_recursor", + "lib/resolvconf/pdnsd", + "lib/resolvconf/unbound", + "lib/resolvconf/libc.d/avahi-daemon", + "lib/resolvconf/libc.d/mdnsd", + "sbin/resolvconf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "pcre2@10.43-r0", + "Name": "pcre2", + "Identifier": { + "PURL": "pkg:apk/alpine/pcre2@10.43-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "fe49afecbfd3c35b" + }, + "Version": "10.43-r0", + "Arch": "x86_64", + "SrcName": "pcre2", + "SrcVersion": "10.43-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:447266b2ae4cb2b6ac25f42b07486a496dc71d25", + "InstalledFiles": [ + "usr/lib/libpcre2-8.so.0", + "usr/lib/libpcre2-8.so.0.12.0", + "usr/lib/libpcre2-posix.so.3", + "usr/lib/libpcre2-posix.so.3.0.5" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "procps-ng@4.0.4-r0", + "Name": "procps-ng", + "Identifier": { + "PURL": "pkg:apk/alpine/procps-ng@4.0.4-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "5b6d07cf92054959" + }, + "Version": "4.0.4-r0", + "Arch": "x86_64", + "SrcName": "procps-ng", + "SrcVersion": "4.0.4-r0", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libintl@0.22.5-r0", + "libncursesw@6.4_p20240420-r1", + "libproc2@4.0.4-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:1ba8b62fcd9d1b49b8362bc58c2d24695d194076", + "InstalledFiles": [ + "bin/pidof", + "bin/pidwait", + "bin/ps", + "bin/slabtop", + "bin/tload", + "bin/vmstat", + "bin/w", + "bin/watch", + "sbin/sysctl", + "usr/bin/free", + "usr/bin/pgrep", + "usr/bin/pkill", + "usr/bin/pmap", + "usr/bin/pwdx", + "usr/bin/top", + "usr/bin/uptime" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "protobuf-c@1.5.0-r0", + "Name": "protobuf-c", + "Identifier": { + "PURL": "pkg:apk/alpine/protobuf-c@1.5.0-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "9c236bd89ac9e4cd" + }, + "Version": "1.5.0-r0", + "Arch": "x86_64", + "SrcName": "protobuf-c", + "SrcVersion": "1.5.0-r0", + "Licenses": [ + "BSD-2-Clause" + ], + "Maintainer": "Leonardo Arena \u003crnalrd@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:70e92079dc99f9cb2ed013b321f72a35e1b4b893", + "InstalledFiles": [ + "usr/lib/libprotobuf-c.so.1", + "usr/lib/libprotobuf-c.so.1.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "readline@8.2.10-r0", + "Name": "readline", + "Identifier": { + "PURL": "pkg:apk/alpine/readline@8.2.10-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "8545917dc127fb65" + }, + "Version": "8.2.10-r0", + "Arch": "x86_64", + "SrcName": "readline", + "SrcVersion": "8.2.10-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libncursesw@6.4_p20240420-r1", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:4a9a680cad09eaf9918906e628376c4ad8269731", + "InstalledFiles": [ + "etc/inputrc", + "usr/lib/libreadline.so.8", + "usr/lib/libreadline.so.8.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "scanelf@1.3.7-r2", + "Name": "scanelf", + "Identifier": { + "PURL": "pkg:apk/alpine/scanelf@1.3.7-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "d28800ba35f564bd" + }, + "Version": "1.3.7-r2", + "Arch": "x86_64", + "SrcName": "pax-utils", + "SrcVersion": "1.3.7-r2", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "Digest": "sha1:c84b0b49111485cb08744822f9b34a9fa9524fcc", + "InstalledFiles": [ + "usr/bin/scanelf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "shadow@4.15.1-r0", + "Name": "shadow", + "Identifier": { + "PURL": "pkg:apk/alpine/shadow@4.15.1-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "607e65e775be821f" + }, + "Version": "4.15.1-r0", + "Arch": "x86_64", + "SrcName": "shadow", + "SrcVersion": "4.15.1-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Stuart Cardall \u003cdeveloper@it-offshore.co.uk\u003e", + "DependsOn": [ + "busybox-binsh@1.36.1-r29", + "libbsd@0.12.2-r0", + "linux-pam@1.6.0-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:bc531fce90f73500eee767bf67a26ec6c0cadded", + "InstalledFiles": [ + "bin/groups", + "etc/login.defs", + "etc/pam.d/chfn", + "etc/pam.d/chpasswd", + "etc/pam.d/chsh", + "etc/pam.d/groupmems", + "etc/pam.d/newusers", + "etc/pam.d/shadow-utils", + "usr/bin/chage", + "usr/bin/chfn", + "usr/bin/chsh", + "usr/bin/expiry", + "usr/bin/gpasswd", + "usr/bin/passwd", + "usr/sbin/chgpasswd", + "usr/sbin/chpasswd", + "usr/sbin/groupadd", + "usr/sbin/groupdel", + "usr/sbin/groupmems", + "usr/sbin/groupmod", + "usr/sbin/grpck", + "usr/sbin/logoutd", + "usr/sbin/newusers", + "usr/sbin/pwck", + "usr/sbin/useradd", + "usr/sbin/userdel", + "usr/sbin/usermod", + "usr/sbin/vigr", + "usr/sbin/vipw" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "skalibs@2.14.1.1-r0", + "Name": "skalibs", + "Identifier": { + "PURL": "pkg:apk/alpine/skalibs@2.14.1.1-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "6116e2b7ad3fa0a" + }, + "Version": "2.14.1.1-r0", + "Arch": "x86_64", + "SrcName": "skalibs", + "SrcVersion": "2.14.1.1-r0", + "Licenses": [ + "ISC" + ], + "Maintainer": "Laurent Bercot \u003cska-devel@skarnet.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:e9f4cc78e767f77e9b76d4ca1be2c95891d660da", + "InstalledFiles": [ + "lib/libskarnet.so.2.14", + "lib/libskarnet.so.2.14.1.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ssl_client@1.36.1-r29", + "Name": "ssl_client", + "Identifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.36.1-r29?arch=x86_64\u0026distro=3.20.3", + "UID": "98ff5cbbbcd05de1" + }, + "Version": "1.36.1-r29", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.36.1-r29", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "libcrypto3@3.3.2-r0", + "libssl3@3.3.2-r0", + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "Digest": "sha1:7e2867092a0edee7436f70e4430b6b7dde363094", + "InstalledFiles": [ + "usr/bin/ssl_client" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "tzdata@2024b-r0", + "Name": "tzdata", + "Identifier": { + "PURL": "pkg:apk/alpine/tzdata@2024b-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "f2d144c7f989a952" + }, + "Version": "2024b-r0", + "Arch": "x86_64", + "SrcName": "tzdata", + "SrcVersion": "2024b-r0", + "Licenses": [ + "Public-Domain" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:78fa61c4d1307cb88216bd8a6a45236f1d2ed6eb", + "InstalledFiles": [ + "usr/share/zoneinfo/CET", + "usr/share/zoneinfo/CST6CDT", + "usr/share/zoneinfo/Cuba", + "usr/share/zoneinfo/EET", + "usr/share/zoneinfo/EST", + "usr/share/zoneinfo/EST5EDT", + "usr/share/zoneinfo/Egypt", + "usr/share/zoneinfo/Eire", + "usr/share/zoneinfo/Factory", + "usr/share/zoneinfo/GB", + "usr/share/zoneinfo/GB-Eire", + "usr/share/zoneinfo/GMT", + "usr/share/zoneinfo/GMT+0", + "usr/share/zoneinfo/GMT-0", + "usr/share/zoneinfo/GMT0", + "usr/share/zoneinfo/Greenwich", + "usr/share/zoneinfo/HST", + "usr/share/zoneinfo/Hongkong", + "usr/share/zoneinfo/Iceland", + "usr/share/zoneinfo/Iran", + "usr/share/zoneinfo/Israel", + "usr/share/zoneinfo/Jamaica", + "usr/share/zoneinfo/Japan", + "usr/share/zoneinfo/Kwajalein", + "usr/share/zoneinfo/Libya", + "usr/share/zoneinfo/MET", + "usr/share/zoneinfo/MST", + "usr/share/zoneinfo/MST7MDT", + "usr/share/zoneinfo/NZ", + "usr/share/zoneinfo/NZ-CHAT", + "usr/share/zoneinfo/Navajo", + "usr/share/zoneinfo/PRC", + "usr/share/zoneinfo/PST8PDT", + "usr/share/zoneinfo/Poland", + "usr/share/zoneinfo/Portugal", + "usr/share/zoneinfo/ROC", + "usr/share/zoneinfo/ROK", + "usr/share/zoneinfo/Singapore", + "usr/share/zoneinfo/Turkey", + "usr/share/zoneinfo/UCT", + "usr/share/zoneinfo/UTC", + "usr/share/zoneinfo/Universal", + "usr/share/zoneinfo/W-SU", + "usr/share/zoneinfo/WET", + "usr/share/zoneinfo/Zulu", + "usr/share/zoneinfo/iso3166.tab", + "usr/share/zoneinfo/leap-seconds.list", + "usr/share/zoneinfo/posixrules", + "usr/share/zoneinfo/zone.tab", + "usr/share/zoneinfo/zone1970.tab", + "usr/share/zoneinfo/Africa/Abidjan", + "usr/share/zoneinfo/Africa/Accra", + "usr/share/zoneinfo/Africa/Addis_Ababa", + "usr/share/zoneinfo/Africa/Algiers", + "usr/share/zoneinfo/Africa/Asmara", + "usr/share/zoneinfo/Africa/Asmera", + "usr/share/zoneinfo/Africa/Bamako", + "usr/share/zoneinfo/Africa/Bangui", + "usr/share/zoneinfo/Africa/Banjul", + "usr/share/zoneinfo/Africa/Bissau", + "usr/share/zoneinfo/Africa/Blantyre", + "usr/share/zoneinfo/Africa/Brazzaville", + "usr/share/zoneinfo/Africa/Bujumbura", + "usr/share/zoneinfo/Africa/Cairo", + "usr/share/zoneinfo/Africa/Casablanca", + "usr/share/zoneinfo/Africa/Ceuta", + "usr/share/zoneinfo/Africa/Conakry", + "usr/share/zoneinfo/Africa/Dakar", + "usr/share/zoneinfo/Africa/Dar_es_Salaam", + "usr/share/zoneinfo/Africa/Djibouti", + "usr/share/zoneinfo/Africa/Douala", + "usr/share/zoneinfo/Africa/El_Aaiun", + "usr/share/zoneinfo/Africa/Freetown", + "usr/share/zoneinfo/Africa/Gaborone", + "usr/share/zoneinfo/Africa/Harare", + "usr/share/zoneinfo/Africa/Johannesburg", + "usr/share/zoneinfo/Africa/Juba", + "usr/share/zoneinfo/Africa/Kampala", + "usr/share/zoneinfo/Africa/Khartoum", + "usr/share/zoneinfo/Africa/Kigali", + "usr/share/zoneinfo/Africa/Kinshasa", + "usr/share/zoneinfo/Africa/Lagos", + "usr/share/zoneinfo/Africa/Libreville", + "usr/share/zoneinfo/Africa/Lome", + "usr/share/zoneinfo/Africa/Luanda", + "usr/share/zoneinfo/Africa/Lubumbashi", + "usr/share/zoneinfo/Africa/Lusaka", + "usr/share/zoneinfo/Africa/Malabo", + "usr/share/zoneinfo/Africa/Maputo", + "usr/share/zoneinfo/Africa/Maseru", + "usr/share/zoneinfo/Africa/Mbabane", + "usr/share/zoneinfo/Africa/Mogadishu", + "usr/share/zoneinfo/Africa/Monrovia", + "usr/share/zoneinfo/Africa/Nairobi", + "usr/share/zoneinfo/Africa/Ndjamena", + "usr/share/zoneinfo/Africa/Niamey", + "usr/share/zoneinfo/Africa/Nouakchott", + "usr/share/zoneinfo/Africa/Ouagadougou", + "usr/share/zoneinfo/Africa/Porto-Novo", + "usr/share/zoneinfo/Africa/Sao_Tome", + "usr/share/zoneinfo/Africa/Timbuktu", + "usr/share/zoneinfo/Africa/Tripoli", + "usr/share/zoneinfo/Africa/Tunis", + "usr/share/zoneinfo/Africa/Windhoek", + "usr/share/zoneinfo/America/Adak", + "usr/share/zoneinfo/America/Anchorage", + "usr/share/zoneinfo/America/Anguilla", + "usr/share/zoneinfo/America/Antigua", + "usr/share/zoneinfo/America/Araguaina", + "usr/share/zoneinfo/America/Aruba", + "usr/share/zoneinfo/America/Asuncion", + "usr/share/zoneinfo/America/Atikokan", + "usr/share/zoneinfo/America/Atka", + "usr/share/zoneinfo/America/Bahia", + "usr/share/zoneinfo/America/Bahia_Banderas", + "usr/share/zoneinfo/America/Barbados", + "usr/share/zoneinfo/America/Belem", + "usr/share/zoneinfo/America/Belize", + "usr/share/zoneinfo/America/Blanc-Sablon", + "usr/share/zoneinfo/America/Boa_Vista", + "usr/share/zoneinfo/America/Bogota", + "usr/share/zoneinfo/America/Boise", + "usr/share/zoneinfo/America/Buenos_Aires", + "usr/share/zoneinfo/America/Cambridge_Bay", + "usr/share/zoneinfo/America/Campo_Grande", + "usr/share/zoneinfo/America/Cancun", + "usr/share/zoneinfo/America/Caracas", + "usr/share/zoneinfo/America/Catamarca", + "usr/share/zoneinfo/America/Cayenne", + "usr/share/zoneinfo/America/Cayman", + "usr/share/zoneinfo/America/Chicago", + "usr/share/zoneinfo/America/Chihuahua", + "usr/share/zoneinfo/America/Ciudad_Juarez", + "usr/share/zoneinfo/America/Coral_Harbour", + "usr/share/zoneinfo/America/Cordoba", + "usr/share/zoneinfo/America/Costa_Rica", + "usr/share/zoneinfo/America/Creston", + "usr/share/zoneinfo/America/Cuiaba", + "usr/share/zoneinfo/America/Curacao", + "usr/share/zoneinfo/America/Danmarkshavn", + "usr/share/zoneinfo/America/Dawson", + "usr/share/zoneinfo/America/Dawson_Creek", + "usr/share/zoneinfo/America/Denver", + "usr/share/zoneinfo/America/Detroit", + "usr/share/zoneinfo/America/Dominica", + "usr/share/zoneinfo/America/Edmonton", + "usr/share/zoneinfo/America/Eirunepe", + "usr/share/zoneinfo/America/El_Salvador", + "usr/share/zoneinfo/America/Ensenada", + "usr/share/zoneinfo/America/Fort_Nelson", + "usr/share/zoneinfo/America/Fort_Wayne", + "usr/share/zoneinfo/America/Fortaleza", + "usr/share/zoneinfo/America/Glace_Bay", + "usr/share/zoneinfo/America/Godthab", + "usr/share/zoneinfo/America/Goose_Bay", + "usr/share/zoneinfo/America/Grand_Turk", + "usr/share/zoneinfo/America/Grenada", + "usr/share/zoneinfo/America/Guadeloupe", + "usr/share/zoneinfo/America/Guatemala", + "usr/share/zoneinfo/America/Guayaquil", + "usr/share/zoneinfo/America/Guyana", + "usr/share/zoneinfo/America/Halifax", + "usr/share/zoneinfo/America/Havana", + "usr/share/zoneinfo/America/Hermosillo", + "usr/share/zoneinfo/America/Indianapolis", + "usr/share/zoneinfo/America/Inuvik", + "usr/share/zoneinfo/America/Iqaluit", + "usr/share/zoneinfo/America/Jamaica", + "usr/share/zoneinfo/America/Jujuy", + "usr/share/zoneinfo/America/Juneau", + "usr/share/zoneinfo/America/Knox_IN", + "usr/share/zoneinfo/America/Kralendijk", + "usr/share/zoneinfo/America/La_Paz", + "usr/share/zoneinfo/America/Lima", + "usr/share/zoneinfo/America/Los_Angeles", + "usr/share/zoneinfo/America/Louisville", + "usr/share/zoneinfo/America/Lower_Princes", + "usr/share/zoneinfo/America/Maceio", + "usr/share/zoneinfo/America/Managua", + "usr/share/zoneinfo/America/Manaus", + "usr/share/zoneinfo/America/Marigot", + "usr/share/zoneinfo/America/Martinique", + "usr/share/zoneinfo/America/Matamoros", + "usr/share/zoneinfo/America/Mazatlan", + "usr/share/zoneinfo/America/Mendoza", + "usr/share/zoneinfo/America/Menominee", + "usr/share/zoneinfo/America/Merida", + "usr/share/zoneinfo/America/Metlakatla", + "usr/share/zoneinfo/America/Mexico_City", + "usr/share/zoneinfo/America/Miquelon", + "usr/share/zoneinfo/America/Moncton", + "usr/share/zoneinfo/America/Monterrey", + "usr/share/zoneinfo/America/Montevideo", + "usr/share/zoneinfo/America/Montreal", + "usr/share/zoneinfo/America/Montserrat", + "usr/share/zoneinfo/America/Nassau", + "usr/share/zoneinfo/America/New_York", + "usr/share/zoneinfo/America/Nipigon", + "usr/share/zoneinfo/America/Nome", + "usr/share/zoneinfo/America/Noronha", + "usr/share/zoneinfo/America/Nuuk", + "usr/share/zoneinfo/America/Ojinaga", + "usr/share/zoneinfo/America/Panama", + "usr/share/zoneinfo/America/Pangnirtung", + "usr/share/zoneinfo/America/Paramaribo", + "usr/share/zoneinfo/America/Phoenix", + "usr/share/zoneinfo/America/Port-au-Prince", + "usr/share/zoneinfo/America/Port_of_Spain", + "usr/share/zoneinfo/America/Porto_Acre", + "usr/share/zoneinfo/America/Porto_Velho", + "usr/share/zoneinfo/America/Puerto_Rico", + "usr/share/zoneinfo/America/Punta_Arenas", + "usr/share/zoneinfo/America/Rainy_River", + "usr/share/zoneinfo/America/Rankin_Inlet", + "usr/share/zoneinfo/America/Recife", + "usr/share/zoneinfo/America/Regina", + "usr/share/zoneinfo/America/Resolute", + "usr/share/zoneinfo/America/Rio_Branco", + "usr/share/zoneinfo/America/Rosario", + "usr/share/zoneinfo/America/Santa_Isabel", + "usr/share/zoneinfo/America/Santarem", + "usr/share/zoneinfo/America/Santiago", + "usr/share/zoneinfo/America/Santo_Domingo", + "usr/share/zoneinfo/America/Sao_Paulo", + "usr/share/zoneinfo/America/Scoresbysund", + "usr/share/zoneinfo/America/Shiprock", + "usr/share/zoneinfo/America/Sitka", + "usr/share/zoneinfo/America/St_Barthelemy", + "usr/share/zoneinfo/America/St_Johns", + "usr/share/zoneinfo/America/St_Kitts", + "usr/share/zoneinfo/America/St_Lucia", + "usr/share/zoneinfo/America/St_Thomas", + "usr/share/zoneinfo/America/St_Vincent", + "usr/share/zoneinfo/America/Swift_Current", + "usr/share/zoneinfo/America/Tegucigalpa", + "usr/share/zoneinfo/America/Thule", + "usr/share/zoneinfo/America/Thunder_Bay", + "usr/share/zoneinfo/America/Tijuana", + "usr/share/zoneinfo/America/Toronto", + "usr/share/zoneinfo/America/Tortola", + "usr/share/zoneinfo/America/Vancouver", + "usr/share/zoneinfo/America/Virgin", + "usr/share/zoneinfo/America/Whitehorse", + "usr/share/zoneinfo/America/Winnipeg", + "usr/share/zoneinfo/America/Yakutat", + "usr/share/zoneinfo/America/Yellowknife", + "usr/share/zoneinfo/America/Argentina/Buenos_Aires", + "usr/share/zoneinfo/America/Argentina/Catamarca", + "usr/share/zoneinfo/America/Argentina/ComodRivadavia", + "usr/share/zoneinfo/America/Argentina/Cordoba", + "usr/share/zoneinfo/America/Argentina/Jujuy", + "usr/share/zoneinfo/America/Argentina/La_Rioja", + "usr/share/zoneinfo/America/Argentina/Mendoza", + "usr/share/zoneinfo/America/Argentina/Rio_Gallegos", + "usr/share/zoneinfo/America/Argentina/Salta", + "usr/share/zoneinfo/America/Argentina/San_Juan", + "usr/share/zoneinfo/America/Argentina/San_Luis", + "usr/share/zoneinfo/America/Argentina/Tucuman", + "usr/share/zoneinfo/America/Argentina/Ushuaia", + "usr/share/zoneinfo/America/Indiana/Indianapolis", + "usr/share/zoneinfo/America/Indiana/Knox", + "usr/share/zoneinfo/America/Indiana/Marengo", + "usr/share/zoneinfo/America/Indiana/Petersburg", + "usr/share/zoneinfo/America/Indiana/Tell_City", + "usr/share/zoneinfo/America/Indiana/Vevay", + "usr/share/zoneinfo/America/Indiana/Vincennes", + "usr/share/zoneinfo/America/Indiana/Winamac", + "usr/share/zoneinfo/America/Kentucky/Louisville", + "usr/share/zoneinfo/America/Kentucky/Monticello", + "usr/share/zoneinfo/America/North_Dakota/Beulah", + "usr/share/zoneinfo/America/North_Dakota/Center", + "usr/share/zoneinfo/America/North_Dakota/New_Salem", + "usr/share/zoneinfo/Antarctica/Casey", + "usr/share/zoneinfo/Antarctica/Davis", + "usr/share/zoneinfo/Antarctica/DumontDUrville", + "usr/share/zoneinfo/Antarctica/Macquarie", + "usr/share/zoneinfo/Antarctica/Mawson", + "usr/share/zoneinfo/Antarctica/McMurdo", + "usr/share/zoneinfo/Antarctica/Palmer", + "usr/share/zoneinfo/Antarctica/Rothera", + "usr/share/zoneinfo/Antarctica/South_Pole", + "usr/share/zoneinfo/Antarctica/Syowa", + "usr/share/zoneinfo/Antarctica/Troll", + "usr/share/zoneinfo/Antarctica/Vostok", + "usr/share/zoneinfo/Arctic/Longyearbyen", + "usr/share/zoneinfo/Asia/Aden", + "usr/share/zoneinfo/Asia/Almaty", + "usr/share/zoneinfo/Asia/Amman", + "usr/share/zoneinfo/Asia/Anadyr", + "usr/share/zoneinfo/Asia/Aqtau", + "usr/share/zoneinfo/Asia/Aqtobe", + "usr/share/zoneinfo/Asia/Ashgabat", + "usr/share/zoneinfo/Asia/Ashkhabad", + "usr/share/zoneinfo/Asia/Atyrau", + "usr/share/zoneinfo/Asia/Baghdad", + "usr/share/zoneinfo/Asia/Bahrain", + "usr/share/zoneinfo/Asia/Baku", + "usr/share/zoneinfo/Asia/Bangkok", + "usr/share/zoneinfo/Asia/Barnaul", + "usr/share/zoneinfo/Asia/Beirut", + "usr/share/zoneinfo/Asia/Bishkek", + "usr/share/zoneinfo/Asia/Brunei", + "usr/share/zoneinfo/Asia/Calcutta", + "usr/share/zoneinfo/Asia/Chita", + "usr/share/zoneinfo/Asia/Choibalsan", + "usr/share/zoneinfo/Asia/Chongqing", + "usr/share/zoneinfo/Asia/Chungking", + "usr/share/zoneinfo/Asia/Colombo", + "usr/share/zoneinfo/Asia/Dacca", + "usr/share/zoneinfo/Asia/Damascus", + "usr/share/zoneinfo/Asia/Dhaka", + "usr/share/zoneinfo/Asia/Dili", + "usr/share/zoneinfo/Asia/Dubai", + "usr/share/zoneinfo/Asia/Dushanbe", + "usr/share/zoneinfo/Asia/Famagusta", + "usr/share/zoneinfo/Asia/Gaza", + "usr/share/zoneinfo/Asia/Harbin", + "usr/share/zoneinfo/Asia/Hebron", + "usr/share/zoneinfo/Asia/Ho_Chi_Minh", + "usr/share/zoneinfo/Asia/Hong_Kong", + "usr/share/zoneinfo/Asia/Hovd", + "usr/share/zoneinfo/Asia/Irkutsk", + "usr/share/zoneinfo/Asia/Istanbul", + "usr/share/zoneinfo/Asia/Jakarta", + "usr/share/zoneinfo/Asia/Jayapura", + "usr/share/zoneinfo/Asia/Jerusalem", + "usr/share/zoneinfo/Asia/Kabul", + "usr/share/zoneinfo/Asia/Kamchatka", + "usr/share/zoneinfo/Asia/Karachi", + "usr/share/zoneinfo/Asia/Kashgar", + "usr/share/zoneinfo/Asia/Kathmandu", + "usr/share/zoneinfo/Asia/Katmandu", + "usr/share/zoneinfo/Asia/Khandyga", + "usr/share/zoneinfo/Asia/Kolkata", + "usr/share/zoneinfo/Asia/Krasnoyarsk", + "usr/share/zoneinfo/Asia/Kuala_Lumpur", + "usr/share/zoneinfo/Asia/Kuching", + "usr/share/zoneinfo/Asia/Kuwait", + "usr/share/zoneinfo/Asia/Macao", + "usr/share/zoneinfo/Asia/Macau", + "usr/share/zoneinfo/Asia/Magadan", + "usr/share/zoneinfo/Asia/Makassar", + "usr/share/zoneinfo/Asia/Manila", + "usr/share/zoneinfo/Asia/Muscat", + "usr/share/zoneinfo/Asia/Nicosia", + "usr/share/zoneinfo/Asia/Novokuznetsk", + "usr/share/zoneinfo/Asia/Novosibirsk", + "usr/share/zoneinfo/Asia/Omsk", + "usr/share/zoneinfo/Asia/Oral", + "usr/share/zoneinfo/Asia/Phnom_Penh", + "usr/share/zoneinfo/Asia/Pontianak", + "usr/share/zoneinfo/Asia/Pyongyang", + "usr/share/zoneinfo/Asia/Qatar", + "usr/share/zoneinfo/Asia/Qostanay", + "usr/share/zoneinfo/Asia/Qyzylorda", + "usr/share/zoneinfo/Asia/Rangoon", + "usr/share/zoneinfo/Asia/Riyadh", + "usr/share/zoneinfo/Asia/Saigon", + "usr/share/zoneinfo/Asia/Sakhalin", + "usr/share/zoneinfo/Asia/Samarkand", + "usr/share/zoneinfo/Asia/Seoul", + "usr/share/zoneinfo/Asia/Shanghai", + "usr/share/zoneinfo/Asia/Singapore", + "usr/share/zoneinfo/Asia/Srednekolymsk", + "usr/share/zoneinfo/Asia/Taipei", + "usr/share/zoneinfo/Asia/Tashkent", + "usr/share/zoneinfo/Asia/Tbilisi", + "usr/share/zoneinfo/Asia/Tehran", + "usr/share/zoneinfo/Asia/Tel_Aviv", + "usr/share/zoneinfo/Asia/Thimbu", + "usr/share/zoneinfo/Asia/Thimphu", + "usr/share/zoneinfo/Asia/Tokyo", + "usr/share/zoneinfo/Asia/Tomsk", + "usr/share/zoneinfo/Asia/Ujung_Pandang", + "usr/share/zoneinfo/Asia/Ulaanbaatar", + "usr/share/zoneinfo/Asia/Ulan_Bator", + "usr/share/zoneinfo/Asia/Urumqi", + "usr/share/zoneinfo/Asia/Ust-Nera", + "usr/share/zoneinfo/Asia/Vientiane", + "usr/share/zoneinfo/Asia/Vladivostok", + "usr/share/zoneinfo/Asia/Yakutsk", + "usr/share/zoneinfo/Asia/Yangon", + "usr/share/zoneinfo/Asia/Yekaterinburg", + "usr/share/zoneinfo/Asia/Yerevan", + "usr/share/zoneinfo/Atlantic/Azores", + "usr/share/zoneinfo/Atlantic/Bermuda", + "usr/share/zoneinfo/Atlantic/Canary", + "usr/share/zoneinfo/Atlantic/Cape_Verde", + "usr/share/zoneinfo/Atlantic/Faeroe", + "usr/share/zoneinfo/Atlantic/Faroe", + "usr/share/zoneinfo/Atlantic/Jan_Mayen", + "usr/share/zoneinfo/Atlantic/Madeira", + "usr/share/zoneinfo/Atlantic/Reykjavik", + "usr/share/zoneinfo/Atlantic/South_Georgia", + "usr/share/zoneinfo/Atlantic/St_Helena", + "usr/share/zoneinfo/Atlantic/Stanley", + "usr/share/zoneinfo/Australia/ACT", + "usr/share/zoneinfo/Australia/Adelaide", + "usr/share/zoneinfo/Australia/Brisbane", + "usr/share/zoneinfo/Australia/Broken_Hill", + "usr/share/zoneinfo/Australia/Canberra", + "usr/share/zoneinfo/Australia/Currie", + "usr/share/zoneinfo/Australia/Darwin", + "usr/share/zoneinfo/Australia/Eucla", + "usr/share/zoneinfo/Australia/Hobart", + "usr/share/zoneinfo/Australia/LHI", + "usr/share/zoneinfo/Australia/Lindeman", + "usr/share/zoneinfo/Australia/Lord_Howe", + "usr/share/zoneinfo/Australia/Melbourne", + "usr/share/zoneinfo/Australia/NSW", + "usr/share/zoneinfo/Australia/North", + "usr/share/zoneinfo/Australia/Perth", + "usr/share/zoneinfo/Australia/Queensland", + "usr/share/zoneinfo/Australia/South", + "usr/share/zoneinfo/Australia/Sydney", + "usr/share/zoneinfo/Australia/Tasmania", + "usr/share/zoneinfo/Australia/Victoria", + "usr/share/zoneinfo/Australia/West", + "usr/share/zoneinfo/Australia/Yancowinna", + "usr/share/zoneinfo/Brazil/Acre", + "usr/share/zoneinfo/Brazil/DeNoronha", + "usr/share/zoneinfo/Brazil/East", + "usr/share/zoneinfo/Brazil/West", + "usr/share/zoneinfo/Canada/Atlantic", + "usr/share/zoneinfo/Canada/Central", + "usr/share/zoneinfo/Canada/Eastern", + "usr/share/zoneinfo/Canada/Mountain", + "usr/share/zoneinfo/Canada/Newfoundland", + "usr/share/zoneinfo/Canada/Pacific", + "usr/share/zoneinfo/Canada/Saskatchewan", + "usr/share/zoneinfo/Canada/Yukon", + "usr/share/zoneinfo/Chile/Continental", + "usr/share/zoneinfo/Chile/EasterIsland", + "usr/share/zoneinfo/Etc/GMT", + "usr/share/zoneinfo/Etc/GMT+0", + "usr/share/zoneinfo/Etc/GMT+1", + "usr/share/zoneinfo/Etc/GMT+10", + "usr/share/zoneinfo/Etc/GMT+11", + "usr/share/zoneinfo/Etc/GMT+12", + "usr/share/zoneinfo/Etc/GMT+2", + "usr/share/zoneinfo/Etc/GMT+3", + "usr/share/zoneinfo/Etc/GMT+4", + "usr/share/zoneinfo/Etc/GMT+5", + "usr/share/zoneinfo/Etc/GMT+6", + "usr/share/zoneinfo/Etc/GMT+7", + "usr/share/zoneinfo/Etc/GMT+8", + "usr/share/zoneinfo/Etc/GMT+9", + "usr/share/zoneinfo/Etc/GMT-0", + "usr/share/zoneinfo/Etc/GMT-1", + "usr/share/zoneinfo/Etc/GMT-10", + "usr/share/zoneinfo/Etc/GMT-11", + "usr/share/zoneinfo/Etc/GMT-12", + "usr/share/zoneinfo/Etc/GMT-13", + "usr/share/zoneinfo/Etc/GMT-14", + "usr/share/zoneinfo/Etc/GMT-2", + "usr/share/zoneinfo/Etc/GMT-3", + "usr/share/zoneinfo/Etc/GMT-4", + "usr/share/zoneinfo/Etc/GMT-5", + "usr/share/zoneinfo/Etc/GMT-6", + "usr/share/zoneinfo/Etc/GMT-7", + "usr/share/zoneinfo/Etc/GMT-8", + "usr/share/zoneinfo/Etc/GMT-9", + "usr/share/zoneinfo/Etc/GMT0", + "usr/share/zoneinfo/Etc/Greenwich", + "usr/share/zoneinfo/Etc/UCT", + "usr/share/zoneinfo/Etc/UTC", + "usr/share/zoneinfo/Etc/Universal", + "usr/share/zoneinfo/Etc/Zulu", + "usr/share/zoneinfo/Europe/Amsterdam", + "usr/share/zoneinfo/Europe/Andorra", + "usr/share/zoneinfo/Europe/Astrakhan", + "usr/share/zoneinfo/Europe/Athens", + "usr/share/zoneinfo/Europe/Belfast", + "usr/share/zoneinfo/Europe/Belgrade", + "usr/share/zoneinfo/Europe/Berlin", + "usr/share/zoneinfo/Europe/Bratislava", + "usr/share/zoneinfo/Europe/Brussels", + "usr/share/zoneinfo/Europe/Bucharest", + "usr/share/zoneinfo/Europe/Budapest", + "usr/share/zoneinfo/Europe/Busingen", + "usr/share/zoneinfo/Europe/Chisinau", + "usr/share/zoneinfo/Europe/Copenhagen", + "usr/share/zoneinfo/Europe/Dublin", + "usr/share/zoneinfo/Europe/Gibraltar", + "usr/share/zoneinfo/Europe/Guernsey", + "usr/share/zoneinfo/Europe/Helsinki", + "usr/share/zoneinfo/Europe/Isle_of_Man", + "usr/share/zoneinfo/Europe/Istanbul", + "usr/share/zoneinfo/Europe/Jersey", + "usr/share/zoneinfo/Europe/Kaliningrad", + "usr/share/zoneinfo/Europe/Kiev", + "usr/share/zoneinfo/Europe/Kirov", + "usr/share/zoneinfo/Europe/Kyiv", + "usr/share/zoneinfo/Europe/Lisbon", + "usr/share/zoneinfo/Europe/Ljubljana", + "usr/share/zoneinfo/Europe/London", + "usr/share/zoneinfo/Europe/Luxembourg", + "usr/share/zoneinfo/Europe/Madrid", + "usr/share/zoneinfo/Europe/Malta", + "usr/share/zoneinfo/Europe/Mariehamn", + "usr/share/zoneinfo/Europe/Minsk", + "usr/share/zoneinfo/Europe/Monaco", + "usr/share/zoneinfo/Europe/Moscow", + "usr/share/zoneinfo/Europe/Nicosia", + "usr/share/zoneinfo/Europe/Oslo", + "usr/share/zoneinfo/Europe/Paris", + "usr/share/zoneinfo/Europe/Podgorica", + "usr/share/zoneinfo/Europe/Prague", + "usr/share/zoneinfo/Europe/Riga", + "usr/share/zoneinfo/Europe/Rome", + "usr/share/zoneinfo/Europe/Samara", + "usr/share/zoneinfo/Europe/San_Marino", + "usr/share/zoneinfo/Europe/Sarajevo", + "usr/share/zoneinfo/Europe/Saratov", + "usr/share/zoneinfo/Europe/Simferopol", + "usr/share/zoneinfo/Europe/Skopje", + "usr/share/zoneinfo/Europe/Sofia", + "usr/share/zoneinfo/Europe/Stockholm", + "usr/share/zoneinfo/Europe/Tallinn", + "usr/share/zoneinfo/Europe/Tirane", + "usr/share/zoneinfo/Europe/Tiraspol", + "usr/share/zoneinfo/Europe/Ulyanovsk", + "usr/share/zoneinfo/Europe/Uzhgorod", + "usr/share/zoneinfo/Europe/Vaduz", + "usr/share/zoneinfo/Europe/Vatican", + "usr/share/zoneinfo/Europe/Vienna", + "usr/share/zoneinfo/Europe/Vilnius", + "usr/share/zoneinfo/Europe/Volgograd", + "usr/share/zoneinfo/Europe/Warsaw", + "usr/share/zoneinfo/Europe/Zagreb", + "usr/share/zoneinfo/Europe/Zaporozhye", + "usr/share/zoneinfo/Europe/Zurich", + "usr/share/zoneinfo/Indian/Antananarivo", + "usr/share/zoneinfo/Indian/Chagos", + "usr/share/zoneinfo/Indian/Christmas", + "usr/share/zoneinfo/Indian/Cocos", + "usr/share/zoneinfo/Indian/Comoro", + "usr/share/zoneinfo/Indian/Kerguelen", + "usr/share/zoneinfo/Indian/Mahe", + "usr/share/zoneinfo/Indian/Maldives", + "usr/share/zoneinfo/Indian/Mauritius", + "usr/share/zoneinfo/Indian/Mayotte", + "usr/share/zoneinfo/Indian/Reunion", + "usr/share/zoneinfo/Mexico/BajaNorte", + "usr/share/zoneinfo/Mexico/BajaSur", + "usr/share/zoneinfo/Mexico/General", + "usr/share/zoneinfo/Pacific/Apia", + "usr/share/zoneinfo/Pacific/Auckland", + "usr/share/zoneinfo/Pacific/Bougainville", + "usr/share/zoneinfo/Pacific/Chatham", + "usr/share/zoneinfo/Pacific/Chuuk", + "usr/share/zoneinfo/Pacific/Easter", + "usr/share/zoneinfo/Pacific/Efate", + "usr/share/zoneinfo/Pacific/Enderbury", + "usr/share/zoneinfo/Pacific/Fakaofo", + "usr/share/zoneinfo/Pacific/Fiji", + "usr/share/zoneinfo/Pacific/Funafuti", + "usr/share/zoneinfo/Pacific/Galapagos", + "usr/share/zoneinfo/Pacific/Gambier", + "usr/share/zoneinfo/Pacific/Guadalcanal", + "usr/share/zoneinfo/Pacific/Guam", + "usr/share/zoneinfo/Pacific/Honolulu", + "usr/share/zoneinfo/Pacific/Johnston", + "usr/share/zoneinfo/Pacific/Kanton", + "usr/share/zoneinfo/Pacific/Kiritimati", + "usr/share/zoneinfo/Pacific/Kosrae", + "usr/share/zoneinfo/Pacific/Kwajalein", + "usr/share/zoneinfo/Pacific/Majuro", + "usr/share/zoneinfo/Pacific/Marquesas", + "usr/share/zoneinfo/Pacific/Midway", + "usr/share/zoneinfo/Pacific/Nauru", + "usr/share/zoneinfo/Pacific/Niue", + "usr/share/zoneinfo/Pacific/Norfolk", + "usr/share/zoneinfo/Pacific/Noumea", + "usr/share/zoneinfo/Pacific/Pago_Pago", + "usr/share/zoneinfo/Pacific/Palau", + "usr/share/zoneinfo/Pacific/Pitcairn", + "usr/share/zoneinfo/Pacific/Pohnpei", + "usr/share/zoneinfo/Pacific/Ponape", + "usr/share/zoneinfo/Pacific/Port_Moresby", + "usr/share/zoneinfo/Pacific/Rarotonga", + "usr/share/zoneinfo/Pacific/Saipan", + "usr/share/zoneinfo/Pacific/Samoa", + "usr/share/zoneinfo/Pacific/Tahiti", + "usr/share/zoneinfo/Pacific/Tarawa", + "usr/share/zoneinfo/Pacific/Tongatapu", + "usr/share/zoneinfo/Pacific/Truk", + "usr/share/zoneinfo/Pacific/Wake", + "usr/share/zoneinfo/Pacific/Wallis", + "usr/share/zoneinfo/Pacific/Yap", + "usr/share/zoneinfo/US/Alaska", + "usr/share/zoneinfo/US/Aleutian", + "usr/share/zoneinfo/US/Arizona", + "usr/share/zoneinfo/US/Central", + "usr/share/zoneinfo/US/East-Indiana", + "usr/share/zoneinfo/US/Eastern", + "usr/share/zoneinfo/US/Hawaii", + "usr/share/zoneinfo/US/Indiana-Starke", + "usr/share/zoneinfo/US/Michigan", + "usr/share/zoneinfo/US/Mountain", + "usr/share/zoneinfo/US/Pacific", + "usr/share/zoneinfo/US/Samoa" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "unbound-libs@1.20.0-r0", + "Name": "unbound-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/unbound-libs@1.20.0-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "3b561481a45e3738" + }, + "Version": "1.20.0-r0", + "Arch": "x86_64", + "SrcName": "unbound", + "SrcVersion": "1.20.0-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", + "DependsOn": [ + "libcrypto3@3.3.2-r0", + "libevent@2.1.12-r7", + "libssl3@3.3.2-r0", + "musl@1.2.5-r0", + "protobuf-c@1.5.0-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:958a772ca06cb74759e760fc803f8aa12e723c6a", + "InstalledFiles": [ + "usr/lib/libunbound.so.8", + "usr/lib/libunbound.so.8.1.27" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "utmps-libs@0.1.2.2-r1", + "Name": "utmps-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/utmps-libs@0.1.2.2-r1?arch=x86_64\u0026distro=3.20.3", + "UID": "fc6db068f10560d3" + }, + "Version": "0.1.2.2-r1", + "Arch": "x86_64", + "SrcName": "utmps", + "SrcVersion": "0.1.2.2-r1", + "Licenses": [ + "ISC" + ], + "Maintainer": "Laurent Bercot \u003cska-devel@skarnet.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0", + "skalibs@2.14.1.1-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:b9878c4ee776fd97a317a468c157317fe8c1091b", + "InstalledFiles": [ + "lib/libutmps.so.0.1", + "lib/libutmps.so.0.1.2.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "wireguard-tools@1.0.20210914-r4", + "Name": "wireguard-tools", + "Identifier": { + "PURL": "pkg:apk/alpine/wireguard-tools@1.0.20210914-r4?arch=x86_64\u0026distro=3.20.3", + "UID": "c9e05a3374082f34" + }, + "Version": "1.0.20210914-r4", + "Arch": "x86_64", + "SrcName": "wireguard-tools", + "SrcVersion": "1.0.20210914-r4", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Stuart Cardall \u003cdeveloper@it-offshore.co.uk\u003e", + "DependsOn": [ + "wireguard-tools-wg-quick@1.0.20210914-r4", + "wireguard-tools-wg@1.0.20210914-r4" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:d5359c52411ae44c023a64ae8b82dfb5ce45d6ba", + "AnalyzedBy": "apk" + }, + { + "ID": "wireguard-tools-wg@1.0.20210914-r4", + "Name": "wireguard-tools-wg", + "Identifier": { + "PURL": "pkg:apk/alpine/wireguard-tools-wg@1.0.20210914-r4?arch=x86_64\u0026distro=3.20.3", + "UID": "55c956455e4b6589" + }, + "Version": "1.0.20210914-r4", + "Arch": "x86_64", + "SrcName": "wireguard-tools", + "SrcVersion": "1.0.20210914-r4", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Stuart Cardall \u003cdeveloper@it-offshore.co.uk\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:aca8005854e38a252338d9f5b0059136fb973641", + "InstalledFiles": [ + "usr/bin/wg" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "wireguard-tools-wg-quick@1.0.20210914-r4", + "Name": "wireguard-tools-wg-quick", + "Identifier": { + "PURL": "pkg:apk/alpine/wireguard-tools-wg-quick@1.0.20210914-r4?arch=x86_64\u0026distro=3.20.3", + "UID": "50de1d6f23943b31" + }, + "Version": "1.0.20210914-r4", + "Arch": "x86_64", + "SrcName": "wireguard-tools", + "SrcVersion": "1.0.20210914-r4", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Stuart Cardall \u003cdeveloper@it-offshore.co.uk\u003e", + "DependsOn": [ + "bash@5.2.26-r0", + "iproute2@6.9.0-r0", + "openresolv@3.13.2-r0", + "wireguard-tools-wg@1.0.20210914-r4" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:080736c18bc2a84ae794533298119bc6c5901524", + "InstalledFiles": [ + "usr/bin/wg-quick" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "xz-libs@5.6.2-r0", + "Name": "xz-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/xz-libs@5.6.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e1c0785d9b1550b7" + }, + "Version": "5.6.2-r0", + "Arch": "x86_64", + "SrcName": "xz", + "SrcVersion": "5.6.2-r0", + "Licenses": [ + "GPL-2.0-or-later", + "0BSD", + "Public-Domain", + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "Digest": "sha1:d59b22ae174c5a75d84c1c558e25de93d9c792b0", + "InstalledFiles": [ + "usr/lib/liblzma.so.5", + "usr/lib/liblzma.so.5.6.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "zlib@1.3.1-r1", + "Name": "zlib", + "Identifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r1?arch=x86_64\u0026distro=3.20.3", + "UID": "d805a98dcdd1a894" + }, + "Version": "1.3.1-r1", + "Arch": "x86_64", + "SrcName": "zlib", + "SrcVersion": "1.3.1-r1", + "Licenses": [ + "Zlib" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "Digest": "sha1:9ba6f253e2982e0e6e71cb4187e3d6b6c4bbae99", + "InstalledFiles": [ + "lib/libz.so.1", + "lib/libz.so.1.3.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "zstd-libs@1.5.6-r0", + "Name": "zstd-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/zstd-libs@1.5.6-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "d210b79fe91a7abc" + }, + "Version": "1.5.6-r0", + "Arch": "x86_64", + "SrcName": "zstd", + "SrcVersion": "1.5.6-r0", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r0" + ], + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "Digest": "sha1:4d60614645192deddc80e6e568fe535b38c315c1", + "InstalledFiles": [ + "usr/lib/libzstd.so.1", + "usr/lib/libzstd.so.1.5.6" + ], + "AnalyzedBy": "apk" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2024-58251", + "PkgID": "busybox@1.36.1-r29", + "PkgName": "busybox", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox@1.36.1-r29?arch=x86_64\u0026distro=3.20.3", + "UID": "9dbf157a22e0026b" + }, + "InstalledVersion": "1.36.1-r29", + "FixedVersion": "1.36.1-r31", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:5086af9baccab29110ed4ac7906e86f130b3dbde9f278c93a13fc49a62d7b3e3", + "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", + "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/23/6", + "https://bugs.busybox.net/show_bug.cgi?id=15922", + "https://www.busybox.net", + "https://www.busybox.net/downloads/", + "https://www.cve.org/CVERecord?id=CVE-2024-58251" + ], + "PublishedDate": "2025-04-23T18:16:03.057Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-58251", + "PkgID": "busybox-binsh@1.36.1-r29", + "PkgName": "busybox-binsh", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.36.1-r29?arch=x86_64\u0026distro=3.20.3", + "UID": "4c63f123e59f14cd" + }, + "InstalledVersion": "1.36.1-r29", + "FixedVersion": "1.36.1-r31", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:6bc1b30c1986a156941cd7864b7588efb425619039a18ac9a5c75f68c293f7fa", + "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", + "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/23/6", + "https://bugs.busybox.net/show_bug.cgi?id=15922", + "https://www.busybox.net", + "https://www.busybox.net/downloads/", + "https://www.cve.org/CVERecord?id=CVE-2024-58251" + ], + "PublishedDate": "2025-04-23T18:16:03.057Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-8096", + "PkgID": "curl@8.9.1-r2", + "PkgName": "curl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/curl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "3590c6e28b7cc208" + }, + "InstalledVersion": "8.9.1-r2", + "FixedVersion": "8.10.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-8096", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:d03da98932292dd508963d668b00e68539efa6efc9b496507fe4835e664f457d", + "Title": "curl: OCSP stapling bypass with GnuTLS", + "Description": "When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/09/11/1", + "https://access.redhat.com/security/cve/CVE-2024-8096", + "https://curl.se/docs/CVE-2024-8096.html", + "https://curl.se/docs/CVE-2024-8096.json", + "https://github.com/advisories/GHSA-gv3v-x3f3-7fxm", + "https://hackerone.com/reports/2669852", + "https://lists.debian.org/debian-lts-announce/2024/11/msg00008.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-8096", + "https://security.netapp.com/advisory/ntap-20241011-0005", + "https://security.netapp.com/advisory/ntap-20241011-0005/", + "https://ubuntu.com/security/notices/USN-7012-1", + "https://www.cve.org/CVERecord?id=CVE-2024-8096" + ], + "PublishedDate": "2024-09-11T10:15:02.883Z", + "LastModifiedDate": "2025-07-30T19:42:16.87Z" + }, + { + "VulnerabilityID": "CVE-2024-9681", + "PkgID": "curl@8.9.1-r2", + "PkgName": "curl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/curl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "3590c6e28b7cc208" + }, + "InstalledVersion": "8.9.1-r2", + "FixedVersion": "8.11.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-9681", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:729c20311539029a0777d1c1846c128667583c37d329f659686846ddbf720950", + "Title": "curl: HSTS subdomain overwrites parent cache entry", + "Description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-697" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "V3Score": 3.9 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://access.redhat.com/security/cve/CVE-2024-9681", + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://github.com/advisories/GHSA-g337-g667-mjvw", + "https://hackerone.com/reports/2764830", + "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "https://security.netapp.com/advisory/ntap-20241213-0006", + "https://security.netapp.com/advisory/ntap-20241213-0006/", + "https://ubuntu.com/security/notices/USN-7104-1", + "https://www.cve.org/CVERecord?id=CVE-2024-9681" + ], + "PublishedDate": "2024-11-06T08:15:03.74Z", + "LastModifiedDate": "2025-11-03T21:18:48.67Z" + }, + { + "VulnerabilityID": "CVE-2025-4947", + "PkgID": "curl@8.9.1-r2", + "PkgName": "curl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/curl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "3590c6e28b7cc208" + }, + "InstalledVersion": "8.9.1-r2", + "FixedVersion": "8.14.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4947", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:eaa2d3e3f014a56a62b89e73c38d659c5f436cfa0285b63acd4f503c0f2d27bb", + "Title": "libcurl: curl: QUIC certificate check skip with wolfSSL", + "Description": "libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/28/4", + "https://access.redhat.com/security/cve/CVE-2025-4947", + "https://curl.se/docs/CVE-2025-4947.html", + "https://curl.se/docs/CVE-2025-4947.json", + "https://github.com/advisories/GHSA-ppfq-jg49-mqj4", + "https://hackerone.com/reports/3150884", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4947", + "https://www.cve.org/CVERecord?id=CVE-2025-4947" + ], + "PublishedDate": "2025-05-28T07:15:24.78Z", + "LastModifiedDate": "2025-06-26T15:08:21.52Z" + }, + { + "VulnerabilityID": "CVE-2025-5025", + "PkgID": "curl@8.9.1-r2", + "PkgName": "curl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/curl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "3590c6e28b7cc208" + }, + "InstalledVersion": "8.9.1-r2", + "FixedVersion": "8.14.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5025", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:3c9aa6cdb4585e79d9966f754bd654daa7220a21af6fa50aaf58a694055c10a5", + "Title": "curl: libcurl: QUIC Certificate Pinning Bypass", + "Description": "libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/28/5", + "https://access.redhat.com/security/cve/CVE-2025-5025", + "https://curl.se/docs/CVE-2025-5025.html", + "https://curl.se/docs/CVE-2025-5025.json", + "https://github.com/advisories/GHSA-x8ch-h5vv-q6cm", + "https://hackerone.com/reports/3153497", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5025", + "https://www.cve.org/CVERecord?id=CVE-2025-5025" + ], + "PublishedDate": "2025-05-28T07:15:24.91Z", + "LastModifiedDate": "2025-07-30T19:41:37.987Z" + }, + { + "VulnerabilityID": "CVE-2025-5399", + "PkgID": "curl@8.9.1-r2", + "PkgName": "curl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/curl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "3590c6e28b7cc208" + }, + "InstalledVersion": "8.9.1-r2", + "FixedVersion": "8.14.1-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5399", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:1ea64a010f0303dd04251d86f35f2f89fbb44c892e4c8f07990990bf8eea51e5", + "Title": "curl: libcurl: WebSocket endless loop", + "Description": "Due to a mistake in libcurl's WebSocket code, a malicious server can send a\nparticularly crafted packet which makes libcurl get trapped in an endless\nbusy-loop.\n\nThere is no other way for the application to escape or exit this loop other\nthan killing the thread/process.\n\nThis might be used to DoS libcurl-using application.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "alma": 2, + "julia": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/06/04/2", + "https://access.redhat.com/errata/RHSA-2025:16046", + "https://access.redhat.com/security/cve/CVE-2025-5399", + "https://bugzilla.redhat.com/2359885", + "https://bugzilla.redhat.com/2359888", + "https://bugzilla.redhat.com/2359892", + "https://bugzilla.redhat.com/2359894", + "https://bugzilla.redhat.com/2359895", + "https://bugzilla.redhat.com/2359899", + "https://bugzilla.redhat.com/2359900", + "https://bugzilla.redhat.com/2359902", + "https://bugzilla.redhat.com/2359903", + "https://bugzilla.redhat.com/2359911", + "https://bugzilla.redhat.com/2359918", + "https://bugzilla.redhat.com/2359920", + "https://bugzilla.redhat.com/2359924", + "https://bugzilla.redhat.com/2359928", + "https://bugzilla.redhat.com/2359930", + "https://bugzilla.redhat.com/2359932", + "https://bugzilla.redhat.com/2359934", + "https://bugzilla.redhat.com/2359938", + "https://bugzilla.redhat.com/2359940", + "https://bugzilla.redhat.com/2359943", + "https://bugzilla.redhat.com/2359944", + "https://bugzilla.redhat.com/2359945", + "https://bugzilla.redhat.com/2359947", + "https://bugzilla.redhat.com/2359950", + "https://bugzilla.redhat.com/2359963", + "https://bugzilla.redhat.com/2359964", + "https://bugzilla.redhat.com/2359972", + "https://bugzilla.redhat.com/2370920", + "https://bugzilla.redhat.com/2380264", + "https://bugzilla.redhat.com/2380273", + "https://bugzilla.redhat.com/2380274", + "https://bugzilla.redhat.com/2380278", + "https://bugzilla.redhat.com/2380280", + "https://bugzilla.redhat.com/2380283", + "https://bugzilla.redhat.com/2380284", + "https://bugzilla.redhat.com/2380290", + "https://bugzilla.redhat.com/2380291", + "https://bugzilla.redhat.com/2380295", + "https://bugzilla.redhat.com/2380298", + "https://bugzilla.redhat.com/2380306", + "https://bugzilla.redhat.com/2380308", + "https://bugzilla.redhat.com/2380309", + "https://bugzilla.redhat.com/2380310", + "https://bugzilla.redhat.com/2380312", + "https://bugzilla.redhat.com/2380313", + "https://bugzilla.redhat.com/2380320", + "https://bugzilla.redhat.com/2380321", + "https://bugzilla.redhat.com/2380322", + "https://bugzilla.redhat.com/2380326", + "https://bugzilla.redhat.com/2380327", + "https://bugzilla.redhat.com/2380334", + "https://bugzilla.redhat.com/2380335", + "https://bugzilla.redhat.com/show_bug.cgi?id=2338999", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359885", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359888", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359892", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359894", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359895", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359899", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359900", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359902", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359903", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359911", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359920", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359924", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359928", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359930", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359932", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359934", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359938", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359940", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359943", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359944", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359945", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359947", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359950", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359963", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359964", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359972", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370920", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380264", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380274", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380280", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380283", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380284", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380290", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380291", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380295", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380298", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380306", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380308", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380309", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380312", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380313", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380320", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380321", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380322", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380326", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380327", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380334", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380335", + "https://curl.se/docs/CVE-2025-5399.html", + "https://curl.se/docs/CVE-2025-5399.json", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21574", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21575", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21577", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21579", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21580", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21581", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21584", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21585", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21588", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30681", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30682", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30683", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30684", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30685", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30687", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30688", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30693", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30695", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30696", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30699", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30703", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30704", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30721", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30722", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50077", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50078", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50079", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50080", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50081", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50082", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50083", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50084", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50085", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50086", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50087", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50088", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50093", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50094", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50096", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50097", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50098", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50099", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50100", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50101", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50102", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50104", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5399", + "https://errata.almalinux.org/9/ALSA-2025-16046.html", + "https://errata.rockylinux.org/RLSA-2025:15699", + "https://github.com/advisories/GHSA-8h93-38hx-vv92", + "https://hackerone.com/reports/3168039", + "https://linux.oracle.com/cve/CVE-2025-5399.html", + "https://linux.oracle.com/errata/ELSA-2025-16046.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5399", + "https://www.cve.org/CVERecord?id=CVE-2025-5399", + "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixMSQL" + ], + "PublishedDate": "2025-06-07T08:15:20.687Z", + "LastModifiedDate": "2025-07-30T19:41:33.457Z" + }, + { + "VulnerabilityID": "CVE-2025-9086", + "PkgID": "curl@8.9.1-r2", + "PkgName": "curl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/curl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "3590c6e28b7cc208" + }, + "InstalledVersion": "8.9.1-r2", + "FixedVersion": "8.14.1-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9086", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:69503a3727f3efc5db3d40e81d09f4889afb0a2a94e5a90720bf4c54319c0c6d", + "Title": "curl: libcurl: Curl out of bounds read for cookie path", + "Description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 1, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://access.redhat.com/errata/RHSA-2026:1350", + "https://access.redhat.com/security/cve/CVE-2025-9086", + "https://bugzilla.redhat.com/2394750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2394750", + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086", + "https://errata.almalinux.org/9/ALSA-2026-1350.html", + "https://errata.rockylinux.org/RLSA-2026:1350", + "https://github.com/advisories/GHSA-v676-f8gm-92r9", + "https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6", + "https://hackerone.com/reports/3294999", + "https://linux.oracle.com/cve/CVE-2025-9086.html", + "https://linux.oracle.com/errata/ELSA-2026-1825.html", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "https://ubuntu.com/security/notices/USN-8062-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9086" + ], + "PublishedDate": "2025-09-12T06:15:44.1Z", + "LastModifiedDate": "2026-01-20T14:58:01.347Z" + }, + { + "VulnerabilityID": "CVE-2026-4878", + "PkgID": "libcap-getcap@2.70-r0", + "PkgName": "libcap-getcap", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcap-getcap@2.70-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "2e9f7399f8a4acb1" + }, + "InstalledVersion": "2.70-r0", + "FixedVersion": "2.78-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4878", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:0c3b148570e0fc8d15a454cb319724a4aa8a265f2a308929304014f84e3b84a2", + "Title": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()", + "Description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-367" + ], + "VendorSeverity": { + "alma": 3, + "azure": 2, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/07/14", + "http://www.openwall.com/lists/oss-security/2026/04/07/4", + "http://www.openwall.com/lists/oss-security/2026/04/08/9", + "http://www.openwall.com/lists/oss-security/2026/04/09/5", + "http://www.openwall.com/lists/oss-security/2026/04/09/6", + "https://access.redhat.com/errata/RHSA-2026:12423", + "https://access.redhat.com/errata/RHSA-2026:12441", + "https://access.redhat.com/errata/RHSA-2026:13285", + "https://access.redhat.com/errata/RHSA-2026:14162", + "https://access.redhat.com/errata/RHSA-2026:14937", + "https://access.redhat.com/errata/RHSA-2026:19130", + "https://access.redhat.com/errata/RHSA-2026:19346", + "https://access.redhat.com/errata/RHSA-2026:19456", + "https://access.redhat.com/errata/RHSA-2026:19458", + "https://access.redhat.com/errata/RHSA-2026:7473", + "https://access.redhat.com/security/cve/CVE-2026-4878", + "https://bugzilla.redhat.com/2451615", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447554", + "https://bugzilla.redhat.com/show_bug.cgi?id=2451615", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4878", + "https://errata.almalinux.org/9/ALSA-2026-12441.html", + "https://errata.rockylinux.org/RLSA-2026:12441", + "https://github.com/AndrewGMorgan/libcap_mirror/security/advisories/GHSA-f78v-p5hx-m7hh", + "https://linux.oracle.com/cve/CVE-2026-4878.html", + "https://linux.oracle.com/errata/ELSA-2026-13285.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-4878", + "https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.x4zn8j3lss6r", + "https://ubuntu.com/security/notices/USN-8193-1", + "https://www.cve.org/CVERecord?id=CVE-2026-4878" + ], + "PublishedDate": "2026-04-09T16:16:31.987Z", + "LastModifiedDate": "2026-05-20T05:16:21.907Z" + }, + { + "VulnerabilityID": "CVE-2026-4878", + "PkgID": "libcap-setcap@2.70-r0", + "PkgName": "libcap-setcap", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcap-setcap@2.70-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "7ead01c20c7fdb89" + }, + "InstalledVersion": "2.70-r0", + "FixedVersion": "2.78-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4878", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:8d5360b4d5dd40e56107211b1a4c8efc96c4e0395dfb3fbbb353f95ba9dce23b", + "Title": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()", + "Description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-367" + ], + "VendorSeverity": { + "alma": 3, + "azure": 2, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/07/14", + "http://www.openwall.com/lists/oss-security/2026/04/07/4", + "http://www.openwall.com/lists/oss-security/2026/04/08/9", + "http://www.openwall.com/lists/oss-security/2026/04/09/5", + "http://www.openwall.com/lists/oss-security/2026/04/09/6", + "https://access.redhat.com/errata/RHSA-2026:12423", + "https://access.redhat.com/errata/RHSA-2026:12441", + "https://access.redhat.com/errata/RHSA-2026:13285", + "https://access.redhat.com/errata/RHSA-2026:14162", + "https://access.redhat.com/errata/RHSA-2026:14937", + "https://access.redhat.com/errata/RHSA-2026:19130", + "https://access.redhat.com/errata/RHSA-2026:19346", + "https://access.redhat.com/errata/RHSA-2026:19456", + "https://access.redhat.com/errata/RHSA-2026:19458", + "https://access.redhat.com/errata/RHSA-2026:7473", + "https://access.redhat.com/security/cve/CVE-2026-4878", + "https://bugzilla.redhat.com/2451615", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447554", + "https://bugzilla.redhat.com/show_bug.cgi?id=2451615", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4878", + "https://errata.almalinux.org/9/ALSA-2026-12441.html", + "https://errata.rockylinux.org/RLSA-2026:12441", + "https://github.com/AndrewGMorgan/libcap_mirror/security/advisories/GHSA-f78v-p5hx-m7hh", + "https://linux.oracle.com/cve/CVE-2026-4878.html", + "https://linux.oracle.com/errata/ELSA-2026-13285.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-4878", + "https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.x4zn8j3lss6r", + "https://ubuntu.com/security/notices/USN-8193-1", + "https://www.cve.org/CVERecord?id=CVE-2026-4878" + ], + "PublishedDate": "2026-04-09T16:16:31.987Z", + "LastModifiedDate": "2026-05-20T05:16:21.907Z" + }, + { + "VulnerabilityID": "CVE-2026-4878", + "PkgID": "libcap-utils@2.70-r0", + "PkgName": "libcap-utils", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcap-utils@2.70-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "2af2246a4520124f" + }, + "InstalledVersion": "2.70-r0", + "FixedVersion": "2.78-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4878", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:3d8a1c9e9be89abab84cdf220c4e8cc1c080e4749f82a4390bf8d8d634a6c725", + "Title": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()", + "Description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-367" + ], + "VendorSeverity": { + "alma": 3, + "azure": 2, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/07/14", + "http://www.openwall.com/lists/oss-security/2026/04/07/4", + "http://www.openwall.com/lists/oss-security/2026/04/08/9", + "http://www.openwall.com/lists/oss-security/2026/04/09/5", + "http://www.openwall.com/lists/oss-security/2026/04/09/6", + "https://access.redhat.com/errata/RHSA-2026:12423", + "https://access.redhat.com/errata/RHSA-2026:12441", + "https://access.redhat.com/errata/RHSA-2026:13285", + "https://access.redhat.com/errata/RHSA-2026:14162", + "https://access.redhat.com/errata/RHSA-2026:14937", + "https://access.redhat.com/errata/RHSA-2026:19130", + "https://access.redhat.com/errata/RHSA-2026:19346", + "https://access.redhat.com/errata/RHSA-2026:19456", + "https://access.redhat.com/errata/RHSA-2026:19458", + "https://access.redhat.com/errata/RHSA-2026:7473", + "https://access.redhat.com/security/cve/CVE-2026-4878", + "https://bugzilla.redhat.com/2451615", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447554", + "https://bugzilla.redhat.com/show_bug.cgi?id=2451615", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4878", + "https://errata.almalinux.org/9/ALSA-2026-12441.html", + "https://errata.rockylinux.org/RLSA-2026:12441", + "https://github.com/AndrewGMorgan/libcap_mirror/security/advisories/GHSA-f78v-p5hx-m7hh", + "https://linux.oracle.com/cve/CVE-2026-4878.html", + "https://linux.oracle.com/errata/ELSA-2026-13285.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-4878", + "https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.x4zn8j3lss6r", + "https://ubuntu.com/security/notices/USN-8193-1", + "https://www.cve.org/CVERecord?id=CVE-2026-4878" + ], + "PublishedDate": "2026-04-09T16:16:31.987Z", + "LastModifiedDate": "2026-05-20T05:16:21.907Z" + }, + { + "VulnerabilityID": "CVE-2026-4878", + "PkgID": "libcap2@2.70-r0", + "PkgName": "libcap2", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcap2@2.70-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "fdb8fa1749c0da49" + }, + "InstalledVersion": "2.70-r0", + "FixedVersion": "2.78-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4878", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:635b077196e89cf29fe6649789b439761731b8e63a0fc1f0077b473cc0ac0232", + "Title": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()", + "Description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-367" + ], + "VendorSeverity": { + "alma": 3, + "azure": 2, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 6.7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/07/14", + "http://www.openwall.com/lists/oss-security/2026/04/07/4", + "http://www.openwall.com/lists/oss-security/2026/04/08/9", + "http://www.openwall.com/lists/oss-security/2026/04/09/5", + "http://www.openwall.com/lists/oss-security/2026/04/09/6", + "https://access.redhat.com/errata/RHSA-2026:12423", + "https://access.redhat.com/errata/RHSA-2026:12441", + "https://access.redhat.com/errata/RHSA-2026:13285", + "https://access.redhat.com/errata/RHSA-2026:14162", + "https://access.redhat.com/errata/RHSA-2026:14937", + "https://access.redhat.com/errata/RHSA-2026:19130", + "https://access.redhat.com/errata/RHSA-2026:19346", + "https://access.redhat.com/errata/RHSA-2026:19456", + "https://access.redhat.com/errata/RHSA-2026:19458", + "https://access.redhat.com/errata/RHSA-2026:7473", + "https://access.redhat.com/security/cve/CVE-2026-4878", + "https://bugzilla.redhat.com/2451615", + "https://bugzilla.redhat.com/show_bug.cgi?id=2447554", + "https://bugzilla.redhat.com/show_bug.cgi?id=2451615", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4878", + "https://errata.almalinux.org/9/ALSA-2026-12441.html", + "https://errata.rockylinux.org/RLSA-2026:12441", + "https://github.com/AndrewGMorgan/libcap_mirror/security/advisories/GHSA-f78v-p5hx-m7hh", + "https://linux.oracle.com/cve/CVE-2026-4878.html", + "https://linux.oracle.com/errata/ELSA-2026-13285.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-4878", + "https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.x4zn8j3lss6r", + "https://ubuntu.com/security/notices/USN-8193-1", + "https://www.cve.org/CVERecord?id=CVE-2026-4878" + ], + "PublishedDate": "2026-04-09T16:16:31.987Z", + "LastModifiedDate": "2026-05-20T05:16:21.907Z" + }, + { + "VulnerabilityID": "CVE-2026-31789", + "PkgID": "libcrypto3@3.3.2-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "1f07265a9a4c81e3" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:50b22a44cf146aed76aae9fbd8f2e457781b0677c9582a2d3c916936cd56c03f", + "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", + "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "nvd": 4, + "photon": 4, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 5.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31789", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-j79m-9jxq-788r", + "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", + "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", + "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", + "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", + "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31789", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.617Z", + "LastModifiedDate": "2026-05-12T13:17:34.57Z" + }, + { + "VulnerabilityID": "CVE-2024-12797", + "PkgID": "libcrypto3@3.3.2-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "1f07265a9a4c81e3" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.3-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12797", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:76243d702514a2991c5107d3fa2114a85ff2a3911b49c2a7ee9603aaa20a1285", + "Title": "openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected", + "Description": "Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a\nserver may fail to notice that the server was not authenticated, because\nhandshakes don't abort as expected when the SSL_VERIFY_PEER verification mode\nis set.\n\nImpact summary: TLS and DTLS connections using raw public keys may be\nvulnerable to man-in-middle attacks when server authentication failure is not\ndetected by clients.\n\nRPKs are disabled by default in both TLS clients and TLS servers. The issue\nonly arises when TLS clients explicitly enable RPK use by the server, and the\nserver, likewise, enables sending of an RPK instead of an X.509 certificate\nchain. The affected clients are those that then rely on the handshake to\nfail when the server's RPK fails to match one of the expected public keys,\nby setting the verification mode to SSL_VERIFY_PEER.\n\nClients that enable server-side raw public keys can still find out that raw\npublic key verification failed by calling SSL_get_verify_result(), and those\nthat do, and take appropriate action, are not affected. This issue was\nintroduced in the initial implementation of RPK support in OpenSSL 3.2.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-392" + ], + "VendorSeverity": { + "alma": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 1, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/02/11/3", + "http://www.openwall.com/lists/oss-security/2025/02/11/4", + "https://access.redhat.com/errata/RHSA-2025:1330", + "https://access.redhat.com/security/cve/CVE-2024-12797", + "https://bugzilla.redhat.com/2342757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2342757", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12797", + "https://errata.almalinux.org/9/ALSA-2025-1330.html", + "https://errata.rockylinux.org/RLSA-2025:1330", + "https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9", + "https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7", + "https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699", + "https://github.com/pyca/cryptography", + "https://github.com/pyca/cryptography/security/advisories/GHSA-79v4-65xg-pq4g", + "https://linux.oracle.com/cve/CVE-2024-12797.html", + "https://linux.oracle.com/errata/ELSA-2025-1330.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-12797", + "https://openssl-library.org/news/secadv/20250211.txt", + "https://security.netapp.com/advisory/ntap-20250214-0001/", + "https://ubuntu.com/security/notices/USN-7264-1", + "https://www.cve.org/CVERecord?id=CVE-2024-12797" + ], + "PublishedDate": "2025-02-11T16:15:38.827Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-15467", + "PkgID": "libcrypto3@3.3.2-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "1f07265a9a4c81e3" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:2af0077040dc2bc64b52d8cc2b4cc3ad80e07ae5b7de40593e3936f119c1d9ca", + "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", + "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 4, + "julia": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6", + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-15467", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", + "https://github.com/guiimoraes/CVE-2025-15467", + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://linux.oracle.com/cve/CVE-2025-15467.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-15467" + ], + "PublishedDate": "2026-01-27T16:16:14.257Z", + "LastModifiedDate": "2026-05-07T18:12:43.253Z" + }, + { + "VulnerabilityID": "CVE-2025-69421", + "PkgID": "libcrypto3@3.3.2-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "1f07265a9a4c81e3" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:174734f9e5c7e5ab4a6c6c413d0ff5e1ffef49f9ca4fa90822e27cfa378616b9", + "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", + "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-69421", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://linux.oracle.com/cve/CVE-2025-69421.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69421" + ], + "PublishedDate": "2026-01-27T16:16:34.437Z", + "LastModifiedDate": "2026-05-12T13:17:26.71Z" + }, + { + "VulnerabilityID": "CVE-2026-28387", + "PkgID": "libcrypto3@3.3.2-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "1f07265a9a4c81e3" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:2947dbbe3d602a7f1e10fe5292bd388b00a0b525e3f9195c85956ad019c4a95b", + "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", + "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28387", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", + "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", + "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", + "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", + "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28387", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.7Z", + "LastModifiedDate": "2026-05-12T13:17:33.27Z" + }, + { + "VulnerabilityID": "CVE-2026-28388", + "PkgID": "libcrypto3@3.3.2-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "1f07265a9a4c81e3" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:cf76010796e77e865567ddddd933de884e2404fff383161c180e95b5d5f94fd4", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", + "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28388", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", + "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", + "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", + "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", + "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28388", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.863Z", + "LastModifiedDate": "2026-05-12T13:17:33.453Z" + }, + { + "VulnerabilityID": "CVE-2026-28389", + "PkgID": "libcrypto3@3.3.2-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "1f07265a9a4c81e3" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:23b82e1cd848348c2017666c96d03949cf4ae60881ea8e6d677432a1409a8fca", + "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28389", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/advisories/GHSA-7x88-9hgc-69gf", + "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", + "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", + "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", + "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", + "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28389", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.03Z", + "LastModifiedDate": "2026-05-12T13:17:33.637Z" + }, + { + "VulnerabilityID": "CVE-2026-28390", + "PkgID": "libcrypto3@3.3.2-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "1f07265a9a4c81e3" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:8d6fdc015784f396d2b02a393c557169c9b9c0d608d6582827f1d7040609bcb0", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28390", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", + "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", + "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", + "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", + "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28390", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.19Z", + "LastModifiedDate": "2026-05-12T13:17:33.81Z" + }, + { + "VulnerabilityID": "CVE-2025-69419", + "PkgID": "libcrypto3@3.3.2-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "1f07265a9a4c81e3" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:beddf5664e29c0fcc1f947bd20eb4c3495efb2e6f1635c80db697c04c6f3241f", + "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", + "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4472", + "https://access.redhat.com/security/cve/CVE-2025-69419", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-4472.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-x77r-97gw-wh89", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://linux.oracle.com/cve/CVE-2025-69419.html", + "https://linux.oracle.com/errata/ELSA-2026-50131.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69419" + ], + "PublishedDate": "2026-01-27T16:16:34.113Z", + "LastModifiedDate": "2026-05-12T13:17:26.19Z" + }, + { + "VulnerabilityID": "CVE-2025-9230", + "PkgID": "libcrypto3@3.3.2-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "1f07265a9a4c81e3" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:571e9f1afd0f2aae95b1baa5b7c9a6f184f78a980029071dac0ffcf24fcf074f", + "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", + "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://access.redhat.com/errata/RHSA-2026:2776", + "https://access.redhat.com/security/cve/CVE-2025-9230", + "https://bugzilla.redhat.com/2396054", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", + "https://errata.almalinux.org/9/ALSA-2026-2776.html", + "https://errata.rockylinux.org/RLSA-2025:21255", + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://linux.oracle.com/cve/CVE-2025-9230.html", + "https://linux.oracle.com/errata/ELSA-2026-50114.html", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9230" + ], + "PublishedDate": "2025-09-30T14:15:41.05Z", + "LastModifiedDate": "2026-05-12T13:17:29.767Z" + }, + { + "VulnerabilityID": "CVE-2025-9231", + "PkgID": "libcrypto3@3.3.2-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "1f07265a9a4c81e3" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:fc571513e320f7d8d81a1f6d2ccd046f6fbcf9d27edde0dcf97cb249b63973af", + "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-385" + ], + "VendorSeverity": { + "amazon": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "http://www.openwall.com/lists/oss-security/2026/05/11/11", + "https://access.redhat.com/security/cve/CVE-2025-9231", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", + "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", + "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", + "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", + "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9231" + ], + "PublishedDate": "2025-09-30T14:15:41.19Z", + "LastModifiedDate": "2026-05-12T13:17:29.927Z" + }, + { + "VulnerabilityID": "CVE-2026-31790", + "PkgID": "libcrypto3@3.3.2-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "1f07265a9a4c81e3" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:2c7cfa700eb04aaa899a020a8692effa01b20f06f6a4419e8aad0708e3e2a4b7", + "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", + "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31790", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", + "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", + "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", + "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", + "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", + "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31790", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.77Z", + "LastModifiedDate": "2026-05-12T13:17:34.75Z" + }, + { + "VulnerabilityID": "CVE-2024-8096", + "PkgID": "libcurl@8.9.1-r2", + "PkgName": "libcurl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcurl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "2ba374c8fc8f948f" + }, + "InstalledVersion": "8.9.1-r2", + "FixedVersion": "8.10.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-8096", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:53c44a7d6b5d47fb1bc6eccf444ab8c9b0892e66bab84406697d30cb52985fe7", + "Title": "curl: OCSP stapling bypass with GnuTLS", + "Description": "When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/09/11/1", + "https://access.redhat.com/security/cve/CVE-2024-8096", + "https://curl.se/docs/CVE-2024-8096.html", + "https://curl.se/docs/CVE-2024-8096.json", + "https://github.com/advisories/GHSA-gv3v-x3f3-7fxm", + "https://hackerone.com/reports/2669852", + "https://lists.debian.org/debian-lts-announce/2024/11/msg00008.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-8096", + "https://security.netapp.com/advisory/ntap-20241011-0005", + "https://security.netapp.com/advisory/ntap-20241011-0005/", + "https://ubuntu.com/security/notices/USN-7012-1", + "https://www.cve.org/CVERecord?id=CVE-2024-8096" + ], + "PublishedDate": "2024-09-11T10:15:02.883Z", + "LastModifiedDate": "2025-07-30T19:42:16.87Z" + }, + { + "VulnerabilityID": "CVE-2024-9681", + "PkgID": "libcurl@8.9.1-r2", + "PkgName": "libcurl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcurl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "2ba374c8fc8f948f" + }, + "InstalledVersion": "8.9.1-r2", + "FixedVersion": "8.11.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-9681", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ad89ef2ade3f4e5594d83f07f9f19b30987b3255c891a80114f4147c42bc5ac3", + "Title": "curl: HSTS subdomain overwrites parent cache entry", + "Description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-697" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "V3Score": 3.9 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2025/Apr/10", + "http://seclists.org/fulldisclosure/2025/Apr/11", + "http://seclists.org/fulldisclosure/2025/Apr/12", + "http://seclists.org/fulldisclosure/2025/Apr/13", + "http://seclists.org/fulldisclosure/2025/Apr/4", + "http://seclists.org/fulldisclosure/2025/Apr/5", + "http://seclists.org/fulldisclosure/2025/Apr/8", + "http://seclists.org/fulldisclosure/2025/Apr/9", + "http://www.openwall.com/lists/oss-security/2024/11/06/2", + "https://access.redhat.com/security/cve/CVE-2024-9681", + "https://curl.se/docs/CVE-2024-9681.html", + "https://curl.se/docs/CVE-2024-9681.json", + "https://github.com/advisories/GHSA-g337-g667-mjvw", + "https://hackerone.com/reports/2764830", + "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", + "https://security.netapp.com/advisory/ntap-20241213-0006", + "https://security.netapp.com/advisory/ntap-20241213-0006/", + "https://ubuntu.com/security/notices/USN-7104-1", + "https://www.cve.org/CVERecord?id=CVE-2024-9681" + ], + "PublishedDate": "2024-11-06T08:15:03.74Z", + "LastModifiedDate": "2025-11-03T21:18:48.67Z" + }, + { + "VulnerabilityID": "CVE-2025-4947", + "PkgID": "libcurl@8.9.1-r2", + "PkgName": "libcurl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcurl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "2ba374c8fc8f948f" + }, + "InstalledVersion": "8.9.1-r2", + "FixedVersion": "8.14.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4947", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:4356e654aa130320842fafdcea2b28718798fd84a33e67bc127f31a4cb435cbc", + "Title": "libcurl: curl: QUIC certificate check skip with wolfSSL", + "Description": "libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/28/4", + "https://access.redhat.com/security/cve/CVE-2025-4947", + "https://curl.se/docs/CVE-2025-4947.html", + "https://curl.se/docs/CVE-2025-4947.json", + "https://github.com/advisories/GHSA-ppfq-jg49-mqj4", + "https://hackerone.com/reports/3150884", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4947", + "https://www.cve.org/CVERecord?id=CVE-2025-4947" + ], + "PublishedDate": "2025-05-28T07:15:24.78Z", + "LastModifiedDate": "2025-06-26T15:08:21.52Z" + }, + { + "VulnerabilityID": "CVE-2025-5025", + "PkgID": "libcurl@8.9.1-r2", + "PkgName": "libcurl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcurl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "2ba374c8fc8f948f" + }, + "InstalledVersion": "8.9.1-r2", + "FixedVersion": "8.14.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5025", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:fce71c9fdcdfd44fa4324612dd8d92817e4637ec757d7182ed78aa9fc3d505a8", + "Title": "curl: libcurl: QUIC Certificate Pinning Bypass", + "Description": "libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/28/5", + "https://access.redhat.com/security/cve/CVE-2025-5025", + "https://curl.se/docs/CVE-2025-5025.html", + "https://curl.se/docs/CVE-2025-5025.json", + "https://github.com/advisories/GHSA-x8ch-h5vv-q6cm", + "https://hackerone.com/reports/3153497", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5025", + "https://www.cve.org/CVERecord?id=CVE-2025-5025" + ], + "PublishedDate": "2025-05-28T07:15:24.91Z", + "LastModifiedDate": "2025-07-30T19:41:37.987Z" + }, + { + "VulnerabilityID": "CVE-2025-5399", + "PkgID": "libcurl@8.9.1-r2", + "PkgName": "libcurl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcurl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "2ba374c8fc8f948f" + }, + "InstalledVersion": "8.9.1-r2", + "FixedVersion": "8.14.1-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5399", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:d67df0860ef3b6911e4664099e77163353cdbaf44821e04f3590aff576617c7c", + "Title": "curl: libcurl: WebSocket endless loop", + "Description": "Due to a mistake in libcurl's WebSocket code, a malicious server can send a\nparticularly crafted packet which makes libcurl get trapped in an endless\nbusy-loop.\n\nThere is no other way for the application to escape or exit this loop other\nthan killing the thread/process.\n\nThis might be used to DoS libcurl-using application.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "alma": 2, + "julia": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/06/04/2", + "https://access.redhat.com/errata/RHSA-2025:16046", + "https://access.redhat.com/security/cve/CVE-2025-5399", + "https://bugzilla.redhat.com/2359885", + "https://bugzilla.redhat.com/2359888", + "https://bugzilla.redhat.com/2359892", + "https://bugzilla.redhat.com/2359894", + "https://bugzilla.redhat.com/2359895", + "https://bugzilla.redhat.com/2359899", + "https://bugzilla.redhat.com/2359900", + "https://bugzilla.redhat.com/2359902", + "https://bugzilla.redhat.com/2359903", + "https://bugzilla.redhat.com/2359911", + "https://bugzilla.redhat.com/2359918", + "https://bugzilla.redhat.com/2359920", + "https://bugzilla.redhat.com/2359924", + "https://bugzilla.redhat.com/2359928", + "https://bugzilla.redhat.com/2359930", + "https://bugzilla.redhat.com/2359932", + "https://bugzilla.redhat.com/2359934", + "https://bugzilla.redhat.com/2359938", + "https://bugzilla.redhat.com/2359940", + "https://bugzilla.redhat.com/2359943", + "https://bugzilla.redhat.com/2359944", + "https://bugzilla.redhat.com/2359945", + "https://bugzilla.redhat.com/2359947", + "https://bugzilla.redhat.com/2359950", + "https://bugzilla.redhat.com/2359963", + "https://bugzilla.redhat.com/2359964", + "https://bugzilla.redhat.com/2359972", + "https://bugzilla.redhat.com/2370920", + "https://bugzilla.redhat.com/2380264", + "https://bugzilla.redhat.com/2380273", + "https://bugzilla.redhat.com/2380274", + "https://bugzilla.redhat.com/2380278", + "https://bugzilla.redhat.com/2380280", + "https://bugzilla.redhat.com/2380283", + "https://bugzilla.redhat.com/2380284", + "https://bugzilla.redhat.com/2380290", + "https://bugzilla.redhat.com/2380291", + "https://bugzilla.redhat.com/2380295", + "https://bugzilla.redhat.com/2380298", + "https://bugzilla.redhat.com/2380306", + "https://bugzilla.redhat.com/2380308", + "https://bugzilla.redhat.com/2380309", + "https://bugzilla.redhat.com/2380310", + "https://bugzilla.redhat.com/2380312", + "https://bugzilla.redhat.com/2380313", + "https://bugzilla.redhat.com/2380320", + "https://bugzilla.redhat.com/2380321", + "https://bugzilla.redhat.com/2380322", + "https://bugzilla.redhat.com/2380326", + "https://bugzilla.redhat.com/2380327", + "https://bugzilla.redhat.com/2380334", + "https://bugzilla.redhat.com/2380335", + "https://bugzilla.redhat.com/show_bug.cgi?id=2338999", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359885", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359888", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359892", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359894", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359895", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359899", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359900", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359902", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359903", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359911", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359920", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359924", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359928", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359930", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359932", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359934", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359938", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359940", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359943", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359944", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359945", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359947", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359950", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359963", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359964", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359972", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370920", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380264", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380274", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380280", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380283", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380284", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380290", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380291", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380295", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380298", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380306", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380308", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380309", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380312", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380313", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380320", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380321", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380322", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380326", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380327", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380334", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380335", + "https://curl.se/docs/CVE-2025-5399.html", + "https://curl.se/docs/CVE-2025-5399.json", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21574", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21575", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21577", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21579", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21580", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21581", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21584", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21585", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21588", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30681", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30682", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30683", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30684", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30685", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30687", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30688", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30693", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30695", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30696", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30699", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30703", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30704", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30721", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30722", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50077", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50078", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50079", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50080", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50081", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50082", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50083", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50084", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50085", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50086", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50087", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50088", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50093", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50094", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50096", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50097", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50098", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50099", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50100", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50101", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50102", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50104", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5399", + "https://errata.almalinux.org/9/ALSA-2025-16046.html", + "https://errata.rockylinux.org/RLSA-2025:15699", + "https://github.com/advisories/GHSA-8h93-38hx-vv92", + "https://hackerone.com/reports/3168039", + "https://linux.oracle.com/cve/CVE-2025-5399.html", + "https://linux.oracle.com/errata/ELSA-2025-16046.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5399", + "https://www.cve.org/CVERecord?id=CVE-2025-5399", + "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixMSQL" + ], + "PublishedDate": "2025-06-07T08:15:20.687Z", + "LastModifiedDate": "2025-07-30T19:41:33.457Z" + }, + { + "VulnerabilityID": "CVE-2025-9086", + "PkgID": "libcurl@8.9.1-r2", + "PkgName": "libcurl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcurl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", + "UID": "2ba374c8fc8f948f" + }, + "InstalledVersion": "8.9.1-r2", + "FixedVersion": "8.14.1-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", + "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9086", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:1c46cb8ff7069fc21bb20542d74278ec83a9594fc214f598b73c9cd04e87799e", + "Title": "curl: libcurl: Curl out of bounds read for cookie path", + "Description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 1, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://access.redhat.com/errata/RHSA-2026:1350", + "https://access.redhat.com/security/cve/CVE-2025-9086", + "https://bugzilla.redhat.com/2394750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2394750", + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086", + "https://errata.almalinux.org/9/ALSA-2026-1350.html", + "https://errata.rockylinux.org/RLSA-2026:1350", + "https://github.com/advisories/GHSA-v676-f8gm-92r9", + "https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6", + "https://hackerone.com/reports/3294999", + "https://linux.oracle.com/cve/CVE-2025-9086.html", + "https://linux.oracle.com/errata/ELSA-2026-1825.html", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "https://ubuntu.com/security/notices/USN-8062-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9086" + ], + "PublishedDate": "2025-09-12T06:15:44.1Z", + "LastModifiedDate": "2026-01-20T14:58:01.347Z" + }, + { + "VulnerabilityID": "CVE-2025-64720", + "PkgID": "libpng@1.6.44-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e29ba48026f32d89" + }, + "InstalledVersion": "1.6.44-r0", + "FixedVersion": "1.6.53-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64720", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:04666bb95f53b42d9637a877dfe34942a8290f633ba0570ee28589a5decb3562", + "Title": "libpng: LIBPNG buffer overflow", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:0933", + "https://access.redhat.com/security/cve/CVE-2025-64720", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416904", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416907", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418711", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293", + "https://errata.almalinux.org/9/ALSA-2026-0933.html", + "https://errata.rockylinux.org/RLSA-2026:0238", + "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643", + "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643 (v1.6.51)", + "https://github.com/pnggroup/libpng/issues/686", + "https://github.com/pnggroup/libpng/pull/751", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww", + "https://linux.oracle.com/cve/CVE-2025-64720.html", + "https://linux.oracle.com/errata/ELSA-2026-0932.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-64720", + "https://ubuntu.com/security/notices/USN-7924-1", + "https://www.cve.org/CVERecord?id=CVE-2025-64720", + "https://www.openwall.com/lists/oss-security/2025/11/22/1" + ], + "PublishedDate": "2025-11-25T00:15:47.46Z", + "LastModifiedDate": "2025-11-26T18:35:18.253Z" + }, + { + "VulnerabilityID": "CVE-2025-65018", + "PkgID": "libpng@1.6.44-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e29ba48026f32d89" + }, + "InstalledVersion": "1.6.44-r0", + "FixedVersion": "1.6.53-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-65018", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:86f925624b42a3bcc476777af730a9e3665744f5010a9ed80a145c9ef97ad3f6", + "Title": "libpng: LIBPNG heap buffer overflow", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-122", + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:0933", + "https://access.redhat.com/security/cve/CVE-2025-65018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416904", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416907", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418711", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293", + "https://errata.almalinux.org/9/ALSA-2026-0933.html", + "https://errata.rockylinux.org/RLSA-2026:0238", + "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d", + "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d (v1.6.51)", + "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea", + "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea (v1.6.51)", + "https://github.com/pnggroup/libpng/issues/755", + "https://github.com/pnggroup/libpng/pull/757", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g", + "https://linux.oracle.com/cve/CVE-2025-65018.html", + "https://linux.oracle.com/errata/ELSA-2026-0932.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-65018", + "https://ubuntu.com/security/notices/USN-7924-1", + "https://www.cve.org/CVERecord?id=CVE-2025-65018", + "https://www.openwall.com/lists/oss-security/2025/11/22/1" + ], + "PublishedDate": "2025-11-25T00:15:47.61Z", + "LastModifiedDate": "2025-11-26T18:34:53.65Z" + }, + { + "VulnerabilityID": "CVE-2025-66293", + "PkgID": "libpng@1.6.44-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e29ba48026f32d89" + }, + "InstalledVersion": "1.6.44-r0", + "FixedVersion": "1.6.53-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-66293", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:04d987a12397922ab23429cefdd18b90b65c29e35c2f0bf654aa3a72a68f4492", + "Title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/12/03/6", + "http://www.openwall.com/lists/oss-security/2025/12/03/7", + "http://www.openwall.com/lists/oss-security/2025/12/03/8", + "https://access.redhat.com/errata/RHSA-2026:0238", + "https://access.redhat.com/security/cve/CVE-2025-66293", + "https://bugzilla.redhat.com/2416904", + "https://bugzilla.redhat.com/2416907", + "https://bugzilla.redhat.com/2418711", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416904", + "https://bugzilla.redhat.com/show_bug.cgi?id=2416907", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418711", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293", + "https://errata.almalinux.org/9/ALSA-2026-0238.html", + "https://errata.rockylinux.org/RLSA-2026:0238", + "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1", + "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a", + "https://github.com/pnggroup/libpng/issues/764", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f", + "https://linux.oracle.com/cve/CVE-2025-66293.html", + "https://linux.oracle.com/errata/ELSA-2026-0241.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-66293", + "https://ubuntu.com/security/notices/USN-7963-1", + "https://ubuntu.com/security/notices/USN-8035-1", + "https://www.cve.org/CVERecord?id=CVE-2025-66293" + ], + "PublishedDate": "2025-12-03T21:15:53.06Z", + "LastModifiedDate": "2025-12-16T19:12:50.35Z" + }, + { + "VulnerabilityID": "CVE-2026-22695", + "PkgID": "libpng@1.6.44-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e29ba48026f32d89" + }, + "InstalledVersion": "1.6.44-r0", + "FixedVersion": "1.6.54-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22695", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:36c2a4f2b70a0b9b1661e638ba26377d62fa536fc51de4c79cb68a7ba2a8cc30", + "Title": "libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "V3Score": 7.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3405", + "https://access.redhat.com/security/cve/CVE-2026-22695", + "https://bugzilla.redhat.com/2428824", + "https://bugzilla.redhat.com/2428825", + "https://bugzilla.redhat.com/2438542", + "https://bugzilla.redhat.com/show_bug.cgi?id=2428824", + "https://bugzilla.redhat.com/show_bug.cgi?id=2428825", + "https://bugzilla.redhat.com/show_bug.cgi?id=2438542", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646", + "https://errata.almalinux.org/9/ALSA-2026-3405.html", + "https://errata.rockylinux.org/RLSA-2026:3405", + "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea", + "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2", + "https://github.com/pnggroup/libpng/issues/778", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp", + "https://linux.oracle.com/cve/CVE-2026-22695.html", + "https://linux.oracle.com/errata/ELSA-2026-4728.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-22695", + "https://ubuntu.com/security/notices/USN-7963-1", + "https://ubuntu.com/security/notices/USN-8035-1", + "https://www.cve.org/CVERecord?id=CVE-2026-22695", + "https://www.openwall.com/lists/oss-security/2026/01/12/7" + ], + "PublishedDate": "2026-01-12T23:15:52.597Z", + "LastModifiedDate": "2026-01-21T18:58:55.787Z" + }, + { + "VulnerabilityID": "CVE-2026-22801", + "PkgID": "libpng@1.6.44-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e29ba48026f32d89" + }, + "InstalledVersion": "1.6.44-r0", + "FixedVersion": "1.6.54-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22801", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:9a9a8e3cb9cf88bff61c9305c689f57738bf4b95d33ceb6be0d3b72a6c46ace4", + "Title": "libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125", + "CWE-190" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 6.6 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3405", + "https://access.redhat.com/security/cve/CVE-2026-22801", + "https://bugzilla.redhat.com/2428824", + "https://bugzilla.redhat.com/2428825", + "https://bugzilla.redhat.com/2438542", + "https://bugzilla.redhat.com/show_bug.cgi?id=2428824", + "https://bugzilla.redhat.com/show_bug.cgi?id=2428825", + "https://bugzilla.redhat.com/show_bug.cgi?id=2438542", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646", + "https://errata.almalinux.org/9/ALSA-2026-3405.html", + "https://errata.rockylinux.org/RLSA-2026:3405", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8", + "https://linux.oracle.com/cve/CVE-2026-22801.html", + "https://linux.oracle.com/errata/ELSA-2026-4728.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-22801", + "https://ubuntu.com/security/notices/USN-7963-1", + "https://ubuntu.com/security/notices/USN-8035-1", + "https://www.cve.org/CVERecord?id=CVE-2026-22801", + "https://www.openwall.com/lists/oss-security/2026/01/12/7" + ], + "PublishedDate": "2026-01-12T23:15:52.907Z", + "LastModifiedDate": "2026-01-21T18:58:18.27Z" + }, + { + "VulnerabilityID": "CVE-2026-25646", + "PkgID": "libpng@1.6.44-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e29ba48026f32d89" + }, + "InstalledVersion": "1.6.44-r0", + "FixedVersion": "1.6.55-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25646", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:85e41518a186f195db1bbfcdd98c897d6f187b31a23b89258328ced00d1e91d1", + "Title": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-122", + "CWE-126" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/02/09/7", + "https://access.redhat.com/errata/RHSA-2026:3405", + "https://access.redhat.com/security/cve/CVE-2026-25646", + "https://bugzilla.redhat.com/2428824", + "https://bugzilla.redhat.com/2428825", + "https://bugzilla.redhat.com/2438542", + "https://bugzilla.redhat.com/show_bug.cgi?id=2428824", + "https://bugzilla.redhat.com/show_bug.cgi?id=2428825", + "https://bugzilla.redhat.com/show_bug.cgi?id=2438542", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646", + "https://errata.almalinux.org/9/ALSA-2026-3405.html", + "https://errata.rockylinux.org/RLSA-2026:3405", + "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3", + "https://linux.oracle.com/cve/CVE-2026-25646.html", + "https://linux.oracle.com/errata/ELSA-2026-7032.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25646", + "https://ubuntu.com/security/notices/USN-8035-1", + "https://ubuntu.com/security/notices/USN-8039-1", + "https://ubuntu.com/security/notices/USN-8081-1", + "https://www.cve.org/CVERecord?id=CVE-2026-25646" + ], + "PublishedDate": "2026-02-10T18:16:37.817Z", + "LastModifiedDate": "2026-02-13T20:43:44.69Z" + }, + { + "VulnerabilityID": "CVE-2025-64505", + "PkgID": "libpng@1.6.44-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e29ba48026f32d89" + }, + "InstalledVersion": "1.6.44-r0", + "FixedVersion": "1.6.53-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64505", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:78e074ffd25d850c85fe6e6abc43c84ecec3d3f3b4153a3e371153f3694ce6cf", + "Title": "libpng: LIBPNG heap buffer overflow via malformed palette index", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-64505", + "https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37", + "https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37 (v1.6.51)", + "https://github.com/pnggroup/libpng/pull/748", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42", + "https://nvd.nist.gov/vuln/detail/CVE-2025-64505", + "https://ubuntu.com/security/notices/USN-7924-1", + "https://ubuntu.com/security/notices/USN-8081-1", + "https://www.cve.org/CVERecord?id=CVE-2025-64505", + "https://www.openwall.com/lists/oss-security/2025/11/22/1" + ], + "PublishedDate": "2025-11-25T00:15:47.133Z", + "LastModifiedDate": "2025-11-26T18:28:32.22Z" + }, + { + "VulnerabilityID": "CVE-2025-64506", + "PkgID": "libpng@1.6.44-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e29ba48026f32d89" + }, + "InstalledVersion": "1.6.44-r0", + "FixedVersion": "1.6.53-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64506", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:0fc39b69047b3f7bc637e716eca9c85001c852edb562b2d6c3a15ef15cf0efc3", + "Title": "libpng: LIBPNG heap buffer over-read", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-64506", + "https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821", + "https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821 (v1.6.51)", + "https://github.com/pnggroup/libpng/pull/749", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6", + "https://nvd.nist.gov/vuln/detail/CVE-2025-64506", + "https://ubuntu.com/security/notices/USN-7924-1", + "https://www.cve.org/CVERecord?id=CVE-2025-64506", + "https://www.openwall.com/lists/oss-security/2025/11/22/1" + ], + "PublishedDate": "2025-11-25T00:15:47.3Z", + "LastModifiedDate": "2025-11-26T18:34:38.24Z" + }, + { + "VulnerabilityID": "CVE-2026-33416", + "PkgID": "libpng@1.6.44-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e29ba48026f32d89" + }, + "InstalledVersion": "1.6.44-r0", + "FixedVersion": "1.6.56-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33416", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:269acfff291a9aa56bb4397f191d0e37906d9bc5eb133fc9073cbbf6aab99ee4", + "Title": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, sharing a single allocation across two structs with independent lifetimes. The `trans_alpha` aliasing has been present since at least libpng 1.0, and the `palette` aliasing since at least 1.2.1. Both affect all prior release lines `png_set_tRNS` sets `png_ptr-\u003etrans_alpha = info_ptr-\u003etrans_alpha` (256-byte buffer) and `png_set_PLTE` sets `info_ptr-\u003epalette = png_ptr-\u003epalette` (768-byte buffer). In both cases, calling `png_free_data` (with `PNG_FREE_TRNS` or `PNG_FREE_PLTE`) frees the buffer through `info_ptr` while the corresponding `png_ptr` pointer remains dangling. Subsequent row-transform functions dereference and, in some code paths, write to the freed memory. A second call to `png_set_tRNS` or `png_set_PLTE` has the same effect, because both functions call `png_free_data` internally before reallocating the `info_ptr` buffer. Version 1.6.56 fixes the issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9693", + "https://access.redhat.com/security/cve/CVE-2026-33416", + "https://bugzilla.redhat.com/show_bug.cgi?id=2451805", + "https://bugzilla.redhat.com/show_bug.cgi?id=2451819", + "https://bugzilla.redhat.com/show_bug.cgi?id=2455897", + "https://bugzilla.redhat.com/show_bug.cgi?id=2455901", + "https://bugzilla.redhat.com/show_bug.cgi?id=2455908", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5731", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5732", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5734", + "https://errata.almalinux.org/9/ALSA-2026-9693.html", + "https://errata.rockylinux.org/RLSA-2026:8459", + "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb", + "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667", + "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25", + "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1", + "https://github.com/pnggroup/libpng/pull/824", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j", + "https://linux.oracle.com/cve/CVE-2026-33416.html", + "https://linux.oracle.com/errata/ELSA-2026-9693.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33416", + "https://ubuntu.com/security/notices/USN-8251-1", + "https://www.cve.org/CVERecord?id=CVE-2026-33416" + ], + "PublishedDate": "2026-03-26T17:16:38.443Z", + "LastModifiedDate": "2026-04-02T20:28:33.973Z" + }, + { + "VulnerabilityID": "CVE-2026-33636", + "PkgID": "libpng@1.6.44-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e29ba48026f32d89" + }, + "InstalledVersion": "1.6.44-r0", + "FixedVersion": "1.6.56-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33636", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:d1798360723eacea8651a6ac09b94e12f167c01d095c31534ebfcd1448ce7e83", + "Title": "libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the final iteration dereferences pointers before the start of the row buffer (OOB read) and writes expanded pixel data to the same underflowed positions (OOB write). This is reachable via normal decoding of attacker-controlled PNG input if Neon is enabled. Version 1.6.56 fixes the issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 7.6 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9693", + "https://access.redhat.com/security/cve/CVE-2026-33636", + "https://bugzilla.redhat.com/show_bug.cgi?id=2451819", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636", + "https://errata.almalinux.org/9/ALSA-2026-9693.html", + "https://errata.rockylinux.org/RLSA-2026:14791", + "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869", + "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2", + "https://linux.oracle.com/cve/CVE-2026-33636.html", + "https://linux.oracle.com/errata/ELSA-2026-9693.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33636", + "https://ubuntu.com/security/notices/USN-8251-1", + "https://www.cve.org/CVERecord?id=CVE-2026-33636" + ], + "PublishedDate": "2026-03-26T17:16:41.477Z", + "LastModifiedDate": "2026-04-02T18:42:02.667Z" + }, + { + "VulnerabilityID": "CVE-2026-34757", + "PkgID": "libpng@1.6.44-r0", + "PkgName": "libpng", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e29ba48026f32d89" + }, + "InstalledVersion": "1.6.44-r0", + "FixedVersion": "1.6.57-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34757", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:8cbe2d00ff1387ed30628b4c0f5a887c6918973f33799a6fd61a2f93f742abbc", + "Title": "libpng: libpng: Information disclosure and data corruption via use-after-free vulnerability", + "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST back into the corresponding setter on the same png_struct/png_info pair causes the setter to read from freed memory and copy its contents into the replacement buffer. The setter frees the internal buffer before copying from the caller-supplied pointer, which now dangles. The freed region may contain stale data (producing silently corrupted chunk metadata) or data from subsequent heap allocations (leaking unrelated heap contents into the chunk struct). This vulnerability is fixed in 1.6.57.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-34757", + "https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a", + "https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc", + "https://github.com/pnggroup/libpng/issues/836", + "https://github.com/pnggroup/libpng/issues/837", + "https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645", + "https://lists.debian.org/debian-lts-announce/2026/05/msg00017.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-34757", + "https://ubuntu.com/security/notices/USN-8251-1", + "https://www.cve.org/CVERecord?id=CVE-2026-34757" + ], + "PublishedDate": "2026-04-09T15:16:11.003Z", + "LastModifiedDate": "2026-05-13T23:07:51.863Z" + }, + { + "VulnerabilityID": "CVE-2026-31789", + "PkgID": "libssl3@3.3.2-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "c6ddd7b4b8d1fc36" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:3192f6e7ad34cbbd5041d70e667f0914365e935741108b37e9db8ce9a8b0b446", + "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", + "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "nvd": 4, + "photon": 4, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 5.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31789", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-j79m-9jxq-788r", + "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", + "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", + "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", + "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", + "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31789", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.617Z", + "LastModifiedDate": "2026-05-12T13:17:34.57Z" + }, + { + "VulnerabilityID": "CVE-2024-12797", + "PkgID": "libssl3@3.3.2-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "c6ddd7b4b8d1fc36" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.3-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12797", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:e8b334e54f7abec2f2f14f0152ec3e01d5b24c3d2c8edcbe87234338a769279f", + "Title": "openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected", + "Description": "Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a\nserver may fail to notice that the server was not authenticated, because\nhandshakes don't abort as expected when the SSL_VERIFY_PEER verification mode\nis set.\n\nImpact summary: TLS and DTLS connections using raw public keys may be\nvulnerable to man-in-middle attacks when server authentication failure is not\ndetected by clients.\n\nRPKs are disabled by default in both TLS clients and TLS servers. The issue\nonly arises when TLS clients explicitly enable RPK use by the server, and the\nserver, likewise, enables sending of an RPK instead of an X.509 certificate\nchain. The affected clients are those that then rely on the handshake to\nfail when the server's RPK fails to match one of the expected public keys,\nby setting the verification mode to SSL_VERIFY_PEER.\n\nClients that enable server-side raw public keys can still find out that raw\npublic key verification failed by calling SSL_get_verify_result(), and those\nthat do, and take appropriate action, are not affected. This issue was\nintroduced in the initial implementation of RPK support in OpenSSL 3.2.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-392" + ], + "VendorSeverity": { + "alma": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 1, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/02/11/3", + "http://www.openwall.com/lists/oss-security/2025/02/11/4", + "https://access.redhat.com/errata/RHSA-2025:1330", + "https://access.redhat.com/security/cve/CVE-2024-12797", + "https://bugzilla.redhat.com/2342757", + "https://bugzilla.redhat.com/show_bug.cgi?id=2342757", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12797", + "https://errata.almalinux.org/9/ALSA-2025-1330.html", + "https://errata.rockylinux.org/RLSA-2025:1330", + "https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9", + "https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7", + "https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699", + "https://github.com/pyca/cryptography", + "https://github.com/pyca/cryptography/security/advisories/GHSA-79v4-65xg-pq4g", + "https://linux.oracle.com/cve/CVE-2024-12797.html", + "https://linux.oracle.com/errata/ELSA-2025-1330.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-12797", + "https://openssl-library.org/news/secadv/20250211.txt", + "https://security.netapp.com/advisory/ntap-20250214-0001/", + "https://ubuntu.com/security/notices/USN-7264-1", + "https://www.cve.org/CVERecord?id=CVE-2024-12797" + ], + "PublishedDate": "2025-02-11T16:15:38.827Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-15467", + "PkgID": "libssl3@3.3.2-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "c6ddd7b4b8d1fc36" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:3e4b9631d37814c8165d5cb05cf2f04ad428535d8259103309b8e848ecc52f78", + "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", + "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 4, + "julia": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6", + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-15467", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", + "https://github.com/guiimoraes/CVE-2025-15467", + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://linux.oracle.com/cve/CVE-2025-15467.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-15467" + ], + "PublishedDate": "2026-01-27T16:16:14.257Z", + "LastModifiedDate": "2026-05-07T18:12:43.253Z" + }, + { + "VulnerabilityID": "CVE-2025-69421", + "PkgID": "libssl3@3.3.2-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "c6ddd7b4b8d1fc36" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ea6b0a9d64210b3ae7a2c3c9edc7e4456d00ce56676c5361b2df3cfdb6531b23", + "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", + "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-69421", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://linux.oracle.com/cve/CVE-2025-69421.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69421" + ], + "PublishedDate": "2026-01-27T16:16:34.437Z", + "LastModifiedDate": "2026-05-12T13:17:26.71Z" + }, + { + "VulnerabilityID": "CVE-2026-28387", + "PkgID": "libssl3@3.3.2-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "c6ddd7b4b8d1fc36" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:84adba333700bc4765c878b821cab1238e683cd6025f41190a6d101cd3a63839", + "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", + "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28387", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", + "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", + "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", + "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", + "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28387", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.7Z", + "LastModifiedDate": "2026-05-12T13:17:33.27Z" + }, + { + "VulnerabilityID": "CVE-2026-28388", + "PkgID": "libssl3@3.3.2-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "c6ddd7b4b8d1fc36" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:92f3a1d31fbb98645ce72c3dc55966dd583316cce6a99208a1bfae4f47ab35a0", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", + "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28388", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", + "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", + "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", + "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", + "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28388", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.863Z", + "LastModifiedDate": "2026-05-12T13:17:33.453Z" + }, + { + "VulnerabilityID": "CVE-2026-28389", + "PkgID": "libssl3@3.3.2-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "c6ddd7b4b8d1fc36" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:4eb5b3bb6f305566c5b3f981164095e9fdf939fc9bf2159110f35a2697a6ef3e", + "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28389", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/advisories/GHSA-7x88-9hgc-69gf", + "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", + "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", + "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", + "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", + "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28389", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.03Z", + "LastModifiedDate": "2026-05-12T13:17:33.637Z" + }, + { + "VulnerabilityID": "CVE-2026-28390", + "PkgID": "libssl3@3.3.2-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "c6ddd7b4b8d1fc36" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:773fde7e774ab8a52786717be3e989c0b90a1b1993a95c8f9aa0174719dda535", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28390", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", + "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", + "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", + "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", + "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28390", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.19Z", + "LastModifiedDate": "2026-05-12T13:17:33.81Z" + }, + { + "VulnerabilityID": "CVE-2025-69419", + "PkgID": "libssl3@3.3.2-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "c6ddd7b4b8d1fc36" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:d8dcb9892c8a0702ecd8c040e1c2e582ae19dbf0354078321256d9fad0f628a9", + "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", + "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4472", + "https://access.redhat.com/security/cve/CVE-2025-69419", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-4472.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-x77r-97gw-wh89", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://linux.oracle.com/cve/CVE-2025-69419.html", + "https://linux.oracle.com/errata/ELSA-2026-50131.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69419" + ], + "PublishedDate": "2026-01-27T16:16:34.113Z", + "LastModifiedDate": "2026-05-12T13:17:26.19Z" + }, + { + "VulnerabilityID": "CVE-2025-9230", + "PkgID": "libssl3@3.3.2-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "c6ddd7b4b8d1fc36" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:9ec7e2f99720ef8080aa90597d7c48f748af6d55adeeaa42ab60933fddd9d13a", + "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", + "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://access.redhat.com/errata/RHSA-2026:2776", + "https://access.redhat.com/security/cve/CVE-2025-9230", + "https://bugzilla.redhat.com/2396054", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", + "https://errata.almalinux.org/9/ALSA-2026-2776.html", + "https://errata.rockylinux.org/RLSA-2025:21255", + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://linux.oracle.com/cve/CVE-2025-9230.html", + "https://linux.oracle.com/errata/ELSA-2026-50114.html", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9230" + ], + "PublishedDate": "2025-09-30T14:15:41.05Z", + "LastModifiedDate": "2026-05-12T13:17:29.767Z" + }, + { + "VulnerabilityID": "CVE-2025-9231", + "PkgID": "libssl3@3.3.2-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "c6ddd7b4b8d1fc36" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:1b755f8cff5cfbfd8ff0cfde0572183551f69923dee1f45be52a929f451bfbcd", + "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-385" + ], + "VendorSeverity": { + "amazon": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "http://www.openwall.com/lists/oss-security/2026/05/11/11", + "https://access.redhat.com/security/cve/CVE-2025-9231", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", + "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", + "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", + "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", + "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9231" + ], + "PublishedDate": "2025-09-30T14:15:41.19Z", + "LastModifiedDate": "2026-05-12T13:17:29.927Z" + }, + { + "VulnerabilityID": "CVE-2026-31790", + "PkgID": "libssl3@3.3.2-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "c6ddd7b4b8d1fc36" + }, + "InstalledVersion": "3.3.2-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:86dbb7f3c64a42ce7056e3cb8a41c1fef658945041a797af1e797686a1ac24c8", + "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", + "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31790", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", + "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", + "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", + "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", + "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", + "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31790", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.77Z", + "LastModifiedDate": "2026-05-12T13:17:34.75Z" + }, + { + "VulnerabilityID": "CVE-2025-26519", + "PkgID": "musl@1.2.5-r0", + "PkgName": "musl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "d76e86ca8c96b6ac" + }, + "InstalledVersion": "1.2.5-r0", + "FixedVersion": "1.2.5-r1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-26519", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:a727aa52cbae014532be6b432c52d4bc6f278c46952fc210526842c880c7d88d", + "Title": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...", + "Description": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "nvd": 3 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/02/13/2", + "http://www.openwall.com/lists/oss-security/2025/02/13/3", + "http://www.openwall.com/lists/oss-security/2025/02/13/4", + "http://www.openwall.com/lists/oss-security/2025/02/13/5", + "http://www.openwall.com/lists/oss-security/2025/02/14/5", + "http://www.openwall.com/lists/oss-security/2025/02/14/6", + "https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da", + "https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659", + "https://www.openwall.com/lists/oss-security/2025/02/13/2" + ], + "PublishedDate": "2025-02-14T04:15:09.05Z", + "LastModifiedDate": "2025-12-10T20:03:59.273Z" + }, + { + "VulnerabilityID": "CVE-2026-40200", + "PkgID": "musl@1.2.5-r0", + "PkgName": "musl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "d76e86ca8c96b6ac" + }, + "InstalledVersion": "1.2.5-r0", + "FixedVersion": "1.2.5-r3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:240b4b1b174030ab0bc7b47f7acb1c00fd1ed5ceaf9c644fd1d57998f29a9eb8", + "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", + "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-670" + ], + "VendorSeverity": { + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/10/13", + "https://access.redhat.com/security/cve/CVE-2026-40200", + "https://musl.libc.org/releases.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", + "https://www.cve.org/CVERecord?id=CVE-2026-40200", + "https://www.openwall.com/lists/oss-security/2026/04/10/13" + ], + "PublishedDate": "2026-04-10T17:17:14.107Z", + "LastModifiedDate": "2026-04-27T19:18:46.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6042", + "PkgID": "musl@1.2.5-r0", + "PkgName": "musl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "d76e86ca8c96b6ac" + }, + "InstalledVersion": "1.2.5-r0", + "FixedVersion": "1.2.5-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:4225097f346fb36e5e66ffc15adff5168cd762c2a51f67dd889aee22ad839594", + "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", + "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-404", + "CWE-407" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/09/19", + "https://access.redhat.com/security/cve/CVE-2026-6042", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", + "https://vuldb.com/submit/796352", + "https://vuldb.com/vuln/356620", + "https://vuldb.com/vuln/356620/cti", + "https://www.cve.org/CVERecord?id=CVE-2026-6042", + "https://www.openwall.com/lists/oss-security/2026/04/02/10", + "https://www.openwall.com/lists/oss-security/2026/04/03/2" + ], + "PublishedDate": "2026-04-10T09:16:25.45Z", + "LastModifiedDate": "2026-04-24T18:01:13.913Z" + }, + { + "VulnerabilityID": "CVE-2025-26519", + "PkgID": "musl-utils@1.2.5-r0", + "PkgName": "musl-utils", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "a313fc68c87a2f4d" + }, + "InstalledVersion": "1.2.5-r0", + "FixedVersion": "1.2.5-r1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-26519", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:cf18e324e2464871d5e1c1fe0e1af0fba498ed096111bab7cc2aa3c071eb319f", + "Title": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...", + "Description": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "nvd": 3 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/02/13/2", + "http://www.openwall.com/lists/oss-security/2025/02/13/3", + "http://www.openwall.com/lists/oss-security/2025/02/13/4", + "http://www.openwall.com/lists/oss-security/2025/02/13/5", + "http://www.openwall.com/lists/oss-security/2025/02/14/5", + "http://www.openwall.com/lists/oss-security/2025/02/14/6", + "https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da", + "https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659", + "https://www.openwall.com/lists/oss-security/2025/02/13/2" + ], + "PublishedDate": "2025-02-14T04:15:09.05Z", + "LastModifiedDate": "2025-12-10T20:03:59.273Z" + }, + { + "VulnerabilityID": "CVE-2026-40200", + "PkgID": "musl-utils@1.2.5-r0", + "PkgName": "musl-utils", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "a313fc68c87a2f4d" + }, + "InstalledVersion": "1.2.5-r0", + "FixedVersion": "1.2.5-r3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:62a59bae1df40f0ae3d8f5a8718ffcfa79bf1a9b60ddbf4bb4bd7f8a6eec76a4", + "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", + "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-670" + ], + "VendorSeverity": { + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/10/13", + "https://access.redhat.com/security/cve/CVE-2026-40200", + "https://musl.libc.org/releases.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", + "https://www.cve.org/CVERecord?id=CVE-2026-40200", + "https://www.openwall.com/lists/oss-security/2026/04/10/13" + ], + "PublishedDate": "2026-04-10T17:17:14.107Z", + "LastModifiedDate": "2026-04-27T19:18:46.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6042", + "PkgID": "musl-utils@1.2.5-r0", + "PkgName": "musl-utils", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "a313fc68c87a2f4d" + }, + "InstalledVersion": "1.2.5-r0", + "FixedVersion": "1.2.5-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:99236924f1de4590f536151146e93a73979976e94f5efca2132b6daf3a1111b8", + "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", + "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-404", + "CWE-407" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/09/19", + "https://access.redhat.com/security/cve/CVE-2026-6042", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", + "https://vuldb.com/submit/796352", + "https://vuldb.com/vuln/356620", + "https://vuldb.com/vuln/356620/cti", + "https://www.cve.org/CVERecord?id=CVE-2026-6042", + "https://www.openwall.com/lists/oss-security/2026/04/02/10", + "https://www.openwall.com/lists/oss-security/2026/04/03/2" + ], + "PublishedDate": "2026-04-10T09:16:25.45Z", + "LastModifiedDate": "2026-04-24T18:01:13.913Z" + }, + { + "VulnerabilityID": "CVE-2024-58251", + "PkgID": "ssl_client@1.36.1-r29", + "PkgName": "ssl_client", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.36.1-r29?arch=x86_64\u0026distro=3.20.3", + "UID": "98ff5cbbbcd05de1" + }, + "InstalledVersion": "1.36.1-r29", + "FixedVersion": "1.36.1-r31", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:fd3dcaefe79eeb607142505e9afa1284bc3ef9d44b47444d630bcbc7154022b2", + "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", + "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/23/6", + "https://bugs.busybox.net/show_bug.cgi?id=15922", + "https://www.busybox.net", + "https://www.busybox.net/downloads/", + "https://www.cve.org/CVERecord?id=CVE-2024-58251" + ], + "PublishedDate": "2025-04-23T18:16:03.057Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-5994", + "PkgID": "unbound-libs@1.20.0-r0", + "PkgName": "unbound-libs", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/unbound-libs@1.20.0-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "3b561481a45e3738" + }, + "InstalledVersion": "1.20.0-r0", + "FixedVersion": "1.20.0-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5994", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:53dd13085d6fe62b0f9526d029cea91a70c8c2d72be113aaaf0c39c65b24488a", + "Title": "unbound: Unbound Cache poisoning", + "Description": "A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along with queries to upstream name servers, i.e., at least one of the 'send-client-subnet', 'client-subnet-zone' or 'client-subnet-always-forward' options is used. Resolvers supporting ECS need to segregate outgoing queries to accommodate for different outgoing ECS information. This re-opens up resolvers to a birthday paradox attack (Rebirthday Attack) that tries to match the DNS transaction ID in order to cache non-ECS poisonous replies.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-349" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:11849", + "https://access.redhat.com/security/cve/CVE-2025-5994", + "https://bugzilla.redhat.com/2380949", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380949", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5994", + "https://errata.almalinux.org/9/ALSA-2025-11849.html", + "https://errata.rockylinux.org/RLSA-2025:11849", + "https://linux.oracle.com/cve/CVE-2025-5994.html", + "https://linux.oracle.com/errata/ELSA-2025-12064.html", + "https://lists.debian.org/debian-lts-announce/2025/08/msg00019.html", + "https://nlnetlabs.nl/downloads/unbound/CVE-2025-5994.txt", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5994", + "https://ubuntu.com/security/notices/USN-7666-1", + "https://www.cve.org/CVERecord?id=CVE-2025-5994" + ], + "PublishedDate": "2025-07-16T15:15:33.49Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-8508", + "PkgID": "unbound-libs@1.20.0-r0", + "PkgName": "unbound-libs", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/unbound-libs@1.20.0-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "3b561481a45e3738" + }, + "InstalledVersion": "1.20.0-r0", + "FixedVersion": "1.20.0-r1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-8508", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:31c274f0cab65582a62c51c117e3f46d61a787ae829728b66a62d2723376ab9b", + "Title": "unbound: Unbounded name compression could lead to Denial of Service", + "Description": "NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-606", + "CWE-1284" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/10/04/5", + "https://access.redhat.com/errata/RHSA-2024:11232", + "https://access.redhat.com/security/cve/CVE-2024-8508", + "https://bugzilla.redhat.com/2316321", + "https://bugzilla.redhat.com/show_bug.cgi?id=2316321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8508", + "https://errata.almalinux.org/9/ALSA-2024-11232.html", + "https://errata.rockylinux.org/RLSA-2025:8197", + "https://linux.oracle.com/cve/CVE-2024-8508.html", + "https://linux.oracle.com/errata/ELSA-2025-8197.html", + "https://lists.debian.org/debian-lts-announce/2024/11/msg00009.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-8508", + "https://ubuntu.com/security/notices/USN-7080-1", + "https://www.cve.org/CVERecord?id=CVE-2024-8508", + "https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-8508.txt" + ], + "PublishedDate": "2024-10-03T17:15:15.323Z", + "LastModifiedDate": "2024-12-17T19:28:03.767Z" + }, + { + "VulnerabilityID": "CVE-2025-11411", + "PkgID": "unbound-libs@1.20.0-r0", + "PkgName": "unbound-libs", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/unbound-libs@1.20.0-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "3b561481a45e3738" + }, + "InstalledVersion": "1.20.0-r0", + "FixedVersion": "1.20.0-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11411", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:017265aeb5be1ca7e0051e04b4e126617b7df4c51fb372903187b73e4879d26f", + "Title": "unbound: Unbound domain hijacking via promiscuous records", + "Description": "NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are used to update the resolver's knowledge of the zone's name servers. A malicious actor can exploit the possible poisonous effect by injecting NS RRSets (and possibly their respective address records) in a reply. This could be done for example by trying to spoof a packet or fragmentation attacks. Unbound would then proceed to update the NS RRSet data it already has since the new data has enough trust for it, i.e., in-zone data for the delegation point. Unbound 1.24.1 includes a fix that scrubs unsolicited NS RRSets (and their respective address records) from replies mitigating the possible poison effect. Unbound 1.24.2 includes an additional fix that scrubs unsolicited NS RRSets (and their respective address records) from YXDOMAIN and non-referral nodata replies, further mitigating the possible poison effect.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-349" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/11/26/4", + "https://access.redhat.com/security/cve/CVE-2025-11411", + "https://lists.debian.org/debian-lts-announce/2025/11/msg00008.html", + "https://lists.debian.org/debian-lts-announce/2025/11/msg00032.html", + "https://nlnetlabs.nl/news/2025/Nov/26/unbound-1.24.2-released/", + "https://nvd.nist.gov/vuln/detail/CVE-2025-11411", + "https://ubuntu.com/security/notices/USN-7855-1", + "https://ubuntu.com/security/notices/USN-7855-2", + "https://www.cve.org/CVERecord?id=CVE-2025-11411", + "https://www.nlnetlabs.nl/downloads/unbound/CVE-2025-11411.txt" + ], + "PublishedDate": "2025-10-22T13:15:29.21Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-31115", + "PkgID": "xz-libs@5.6.2-r0", + "PkgName": "xz-libs", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/xz-libs@5.6.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e1c0785d9b1550b7" + }, + "InstalledVersion": "5.6.2-r0", + "FixedVersion": "5.6.2-r1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-31115", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:f8e0b716ad5eb291eb7fbe7916e31f6e148c45ea2aed8a81301be807a2c74381", + "Title": "xz: XZ has a heap-use-after-free bug in threaded .xz decoder", + "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null pointer plus an offset. Applications and libraries that use the lzma_stream_decoder_mt function are affected. The bug has been fixed in XZ Utils 5.8.1, and the fix has been committed to the v5.4, v5.6, v5.8, and master branches in the xz Git repository. No new release packages will be made from the old stable branches, but a standalone patch is available that applies to all affected releases.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-366", + "CWE-416", + "CWE-476", + "CWE-826" + ], + "VendorSeverity": { + "azure": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/03/1", + "http://www.openwall.com/lists/oss-security/2025/04/03/2", + "http://www.openwall.com/lists/oss-security/2025/04/03/3", + "https://access.redhat.com/security/cve/CVE-2025-31115", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357249", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31115", + "https://errata.rockylinux.org/RLSA-2025:7524", + "https://github.com/tukaani-project/xz/commit/d5a2ffe41bb77b918a8c96084885d4dbe4bf6480", + "https://github.com/tukaani-project/xz/security/advisories/GHSA-6cc8-p5mm-29w2", + "https://linux.oracle.com/cve/CVE-2025-31115.html", + "https://linux.oracle.com/errata/ELSA-2025-7524.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-31115", + "https://tukaani.org/xz/xz-cve-2025-31115.patch", + "https://ubuntu.com/security/notices/USN-7414-1", + "https://www.cve.org/CVERecord?id=CVE-2025-31115" + ], + "PublishedDate": "2025-04-03T17:15:30.54Z", + "LastModifiedDate": "2026-05-12T13:16:40.627Z" + }, + { + "VulnerabilityID": "CVE-2026-34743", + "PkgID": "xz-libs@5.6.2-r0", + "PkgName": "xz-libs", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/xz-libs@5.6.2-r0?arch=x86_64\u0026distro=3.20.3", + "UID": "e1c0785d9b1550b7" + }, + "InstalledVersion": "5.6.2-r0", + "FixedVersion": "5.8.3-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", + "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34743", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:4570b773257acd5519a44989ea96ea2101a4ee89c804ce616cb5dc3915e091c0", + "Title": "xz: XZ Utils: Denial of Service via buffer overflow in index decoding", + "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/31/13", + "https://access.redhat.com/security/cve/CVE-2026-34743", + "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", + "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", + "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", + "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", + "https://www.cve.org/CVERecord?id=CVE-2026-34743" + ], + "PublishedDate": "2026-04-02T19:21:33.187Z", + "LastModifiedDate": "2026-04-15T17:33:17.68Z" + }, + { + "VulnerabilityID": "CVE-2026-22184", + "PkgID": "zlib@1.3.1-r1", + "PkgName": "zlib", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r1?arch=x86_64\u0026distro=3.20.3", + "UID": "d805a98dcdd1a894" + }, + "InstalledVersion": "1.3.1-r1", + "FixedVersion": "1.3.2-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22184", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:9d24c6ec2447be94b0317a9e843d58818d4cb3cd10bbf10a9933851fb7ac9e41", + "Title": "zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility", + "Description": "zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "nvd": 3, + "redhat": 3 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 8.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-22184", + "https://github.com/madler/zlib", + "https://github.com/madler/zlib/issues/1142", + "https://nvd.nist.gov/vuln/detail/CVE-2026-22184", + "https://seclists.org/fulldisclosure/2026/Jan/3", + "https://www.cve.org/CVERecord?id=CVE-2026-22184", + "https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname", + "https://zlib.net/" + ], + "PublishedDate": "2026-01-07T21:16:01.563Z", + "LastModifiedDate": "2026-03-18T16:26:31.14Z" + }, + { + "VulnerabilityID": "CVE-2026-27171", + "PkgID": "zlib@1.3.1-r1", + "PkgName": "zlib", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r1?arch=x86_64\u0026distro=3.20.3", + "UID": "d805a98dcdd1a894" + }, + "InstalledVersion": "1.3.1-r1", + "FixedVersion": "1.3.2-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", + "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:30eb18a082f4f8ba43eea88a3c709ed9a8e58ebab438c6ce5f962a8690a63e9a", + "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", + "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1284" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 1, + "cbl-mariner": 1, + "julia": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://access.redhat.com/security/cve/CVE-2026-27171", + "https://github.com/advisories/GHSA-h858-mf2m-8jf4", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "https://ostif.org/zlib-audit-complete", + "https://ostif.org/zlib-audit-complete/", + "https://www.cve.org/CVERecord?id=CVE-2026-27171" + ], + "PublishedDate": "2026-02-18T04:16:01.263Z", + "LastModifiedDate": "2026-03-25T21:27:04.603Z" + } + ] + } + ] + }, + { + "Namespace": "proxy", + "Kind": "Deployment", + "Name": "proxy", + "Metadata": [ + { + "Size": 129033216, + "OS": { + "Family": "debian", + "Name": "13.5" + }, + "ImageID": "sha256:1455a91ef4da65c2451f26ef959105bd6b21fe3a6445326649a341fa01f672d3", + "DiffIDs": [ + "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40", + "sha256:98df1ca0e575d9026c1abd12994fad3c14effa4558d50b6961fd586930956b26", + "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120", + "sha256:89bfb82659d056dd4ef25b8b3f99c7a97874083d86d92924e931ffa2fb7c7861" + ], + "RepoTags": [ + "python:3.11-slim" + ], + "RepoDigests": [ + "python@sha256:2c285c669cc837aa3bcf1af23ea1932b7b5214f9c9d3aad22417446ad91cb4fb" + ], + "Reference": "python:3.11-slim", + "ImageConfig": { + "architecture": "amd64", + "created": "2026-05-19T23:52:06.753979707Z", + "history": [ + { + "created": "2026-05-18T00:00:00Z", + "created_by": "# debian.sh --arch 'amd64' out/ 'trixie' '@1779062400'", + "comment": "debuerreotype 0.17" + }, + { + "created": "2026-05-19T23:43:52.900305759Z", + "created_by": "ENV PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T23:43:52.900305759Z", + "created_by": "ENV LANG=C.UTF-8", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T23:43:52.900305759Z", + "created_by": "RUN /bin/sh -c set -eux; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tca-certificates \t\tnetbase \t\ttzdata \t; \tapt-get dist-clean # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-19T23:43:52.900305759Z", + "created_by": "ENV GPG_KEY=A035C8C19219BA821ECEA86B64E628F8D684696D", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T23:43:52.900305759Z", + "created_by": "ENV PYTHON_VERSION=3.11.15", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T23:43:52.900305759Z", + "created_by": "ENV PYTHON_SHA256=272179ddd9a2e41a0fc8e42e33dfbdca0b3711aa5abf372d3f2d51543d09b625", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T23:52:06.637283537Z", + "created_by": "RUN /bin/sh -c set -eux; \t\tsavedAptMark=\"$(apt-mark showmanual)\"; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tdpkg-dev \t\tgcc \t\tgnupg \t\tlibbluetooth-dev \t\tlibbz2-dev \t\tlibc6-dev \t\tlibdb-dev \t\tlibffi-dev \t\tlibgdbm-dev \t\tliblzma-dev \t\tlibncursesw5-dev \t\tlibreadline-dev \t\tlibsqlite3-dev \t\tlibssl-dev \t\tmake \t\ttk-dev \t\tuuid-dev \t\twget \t\txz-utils \t\tzlib1g-dev \t; \t\twget -O python.tar.xz \"https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz\"; \techo \"$PYTHON_SHA256 *python.tar.xz\" | sha256sum -c -; \twget -O python.tar.xz.asc \"https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc\"; \tGNUPGHOME=\"$(mktemp -d)\"; export GNUPGHOME; \tgpg --batch --keyserver hkps://keys.openpgp.org --recv-keys \"$GPG_KEY\"; \tgpg --batch --verify python.tar.xz.asc python.tar.xz; \tgpgconf --kill all; \trm -rf \"$GNUPGHOME\" python.tar.xz.asc; \tmkdir -p /usr/src/python; \ttar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; \trm python.tar.xz; \t\tcd /usr/src/python; \tgnuArch=\"$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)\"; \t./configure \t\t--build=\"$gnuArch\" \t\t--enable-loadable-sqlite-extensions \t\t--enable-optimizations \t\t--enable-option-checking=fatal \t\t--enable-shared \t\t$(test \"${gnuArch%%-*}\" != 'riscv64' \u0026\u0026 echo '--with-lto') \t\t--with-ensurepip \t; \tnproc=\"$(nproc)\"; \tEXTRA_CFLAGS=\"$(dpkg-buildflags --get CFLAGS)\"; \tLDFLAGS=\"$(dpkg-buildflags --get LDFLAGS)\"; \tLDFLAGS=\"${LDFLAGS:-} -Wl,--strip-all\"; \tmake -j \"$nproc\" \t\t\"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}\" \t\t\"LDFLAGS=${LDFLAGS:-}\" \t; \trm python; \tmake -j \"$nproc\" \t\t\"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}\" \t\t\"LDFLAGS=${LDFLAGS:-} -Wl,-rpath='\\$\\$ORIGIN/../lib'\" \t\tpython \t; \tmake install; \t\tcd /; \trm -rf /usr/src/python; \t\tfind /usr/local -depth \t\t\\( \t\t\t\\( -type d -a \\( -name test -o -name tests -o -name idle_test \\) \\) \t\t\t-o \\( -type f -a \\( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \\) \\) \t\t\\) -exec rm -rf '{}' + \t; \t\tldconfig; \t\tapt-mark auto '.*' \u003e /dev/null; \tapt-mark manual $savedAptMark; \tfind /usr/local -type f -executable -not \\( -name '*tkinter*' \\) -exec ldd '{}' ';' \t\t| awk '/=\u003e/ { so = $(NF-1); if (index(so, \"/usr/local/\") == 1) { next }; gsub(\"^/(usr/)?\", \"\", so); printf \"*%s\\n\", so }' \t\t| sort -u \t\t| xargs -rt dpkg-query --search \t\t| awk 'sub(\":$\", \"\", $1) { print $1 }' \t\t| sort -u \t\t| xargs -r apt-mark manual \t; \tapt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \tapt-get dist-clean; \t\texport PYTHONDONTWRITEBYTECODE=1; \tpython3 --version; \t\tpip3 install \t\t--disable-pip-version-check \t\t--no-cache-dir \t\t--no-compile \t\t'setuptools==79.0.1' \t\t'wheel\u003c0.46' \t; \tpip3 --version # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-19T23:52:06.753979707Z", + "created_by": "RUN /bin/sh -c set -eux; \tfor src in idle3 pip3 pydoc3 python3 python3-config; do \t\tdst=\"$(echo \"$src\" | tr -d 3)\"; \t\t[ -s \"/usr/local/bin/$src\" ]; \t\t[ ! -e \"/usr/local/bin/$dst\" ]; \t\tln -svT \"$src\" \"/usr/local/bin/$dst\"; \tdone # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-19T23:52:06.753979707Z", + "created_by": "CMD [\"python3\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40", + "sha256:98df1ca0e575d9026c1abd12994fad3c14effa4558d50b6961fd586930956b26", + "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120", + "sha256:89bfb82659d056dd4ef25b8b3f99c7a97874083d86d92924e931ffa2fb7c7861" + ] + }, + "config": { + "Cmd": [ + "python3" + ], + "Env": [ + "PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "LANG=C.UTF-8", + "GPG_KEY=A035C8C19219BA821ECEA86B64E628F8D684696D", + "PYTHON_VERSION=3.11.15", + "PYTHON_SHA256=272179ddd9a2e41a0fc8e42e33dfbdca0b3711aa5abf372d3f2d51543d09b625" + ] + } + }, + "Layers": [ + { + "Size": 81049600, + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + { + "Size": 4127232, + "Digest": "sha256:8649771fee179d7c2590c94f533aaa5fceb70e36e25dec83672fe836d99577c5", + "DiffID": "sha256:98df1ca0e575d9026c1abd12994fad3c14effa4558d50b6961fd586930956b26" + }, + { + "Size": 43851264, + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + { + "Size": 5120, + "Digest": "sha256:45006ceeeea9e2ca59a046b6f4ac9a212e4b27b3d8d6e7d348b03f0aaccdac99", + "DiffID": "sha256:89bfb82659d056dd4ef25b8b3f99c7a97874083d86d92924e931ffa2fb7c7861" + } + ] + } + ], + "Results": [ + { + "Target": "python:3.11-slim (debian 13.5)", + "Class": "os-pkgs", + "Type": "debian", + "Packages": [ + { + "ID": "adduser@3.152", + "Name": "adduser", + "Identifier": { + "PURL": "pkg:deb/debian/adduser@3.152?arch=all\u0026distro=debian-13.5", + "UID": "681428a4291e51" + }, + "Version": "3.152", + "Arch": "all", + "SrcName": "adduser", + "SrcVersion": "3.152", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Debian Adduser Developers \u003cadduser@packages.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "passwd@1:4.17.4-2" + ], + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "InstalledFiles": [ + "/usr/sbin/adduser", + "/usr/sbin/deluser", + "/usr/share/doc/adduser/NEWS.Debian.gz", + "/usr/share/doc/adduser/README.gz", + "/usr/share/doc/adduser/TODO", + "/usr/share/doc/adduser/changelog.gz", + "/usr/share/doc/adduser/copyright", + "/usr/share/doc/adduser/examples/INSTALL", + "/usr/share/doc/adduser/examples/README", + "/usr/share/doc/adduser/examples/adduser.conf", + "/usr/share/doc/adduser/examples/adduser.local", + "/usr/share/doc/adduser/examples/adduser.local.conf", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/bash.bashrc", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/profile", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel.other/index.html", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_logout", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_profile", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bashrc", + "/usr/share/doc/adduser/examples/deluser.conf", + "/usr/share/man/da/man5/deluser.conf.5.gz", + "/usr/share/man/de/man5/adduser.conf.5.gz", + "/usr/share/man/de/man5/deluser.conf.5.gz", + "/usr/share/man/de/man8/adduser.8.gz", + "/usr/share/man/de/man8/adduser.local.8.gz", + "/usr/share/man/de/man8/deluser.8.gz", + "/usr/share/man/es/man5/deluser.conf.5.gz", + "/usr/share/man/fr/man5/adduser.conf.5.gz", + "/usr/share/man/fr/man5/deluser.conf.5.gz", + "/usr/share/man/fr/man8/adduser.8.gz", + "/usr/share/man/fr/man8/deluser.8.gz", + "/usr/share/man/it/man5/deluser.conf.5.gz", + "/usr/share/man/man5/adduser.conf.5.gz", + "/usr/share/man/man5/deluser.conf.5.gz", + "/usr/share/man/man8/adduser.8.gz", + "/usr/share/man/man8/adduser.local.8.gz", + "/usr/share/man/man8/deluser.8.gz", + "/usr/share/man/nl/man5/adduser.conf.5.gz", + "/usr/share/man/nl/man5/deluser.conf.5.gz", + "/usr/share/man/nl/man8/adduser.8.gz", + "/usr/share/man/nl/man8/adduser.local.8.gz", + "/usr/share/man/nl/man8/deluser.8.gz", + "/usr/share/man/pl/man5/deluser.conf.5.gz", + "/usr/share/man/pt/man5/adduser.conf.5.gz", + "/usr/share/man/pt/man5/deluser.conf.5.gz", + "/usr/share/man/pt/man8/adduser.8.gz", + "/usr/share/man/pt/man8/adduser.local.8.gz", + "/usr/share/man/pt/man8/deluser.8.gz", + "/usr/share/man/ro/man5/adduser.conf.5.gz", + "/usr/share/man/ro/man5/deluser.conf.5.gz", + "/usr/share/man/ro/man8/adduser.8.gz", + "/usr/share/man/ro/man8/adduser.local.8.gz", + "/usr/share/man/ro/man8/deluser.8.gz", + "/usr/share/man/ru/man5/deluser.conf.5.gz", + "/usr/share/man/sv/man5/deluser.conf.5.gz", + "/usr/share/perl5/Debian/AdduserCommon.pm", + "/usr/share/perl5/Debian/AdduserLogging.pm", + "/usr/share/perl5/Debian/AdduserRetvalues.pm" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "apt@3.0.3", + "Name": "apt", + "Identifier": { + "PURL": "pkg:deb/debian/apt@3.0.3?arch=amd64\u0026distro=debian-13.5", + "UID": "2e5d8c8032700559" + }, + "Version": "3.0.3", + "Arch": "amd64", + "SrcName": "apt", + "SrcVersion": "3.0.3", + "Licenses": [ + "GPL-2.0-or-later", + "curl", + "BSD-3-Clause", + "MIT", + "GPL-2.0-only" + ], + "Maintainer": "APT Development Team \u003cdeity@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "adduser@3.152", + "base-passwd@3.6.7", + "debian-archive-keyring@2025.1", + "libapt-pkg7.0@3.0.3", + "libc6@2.41-12+deb13u3", + "libgcc-s1@14.2.0-19", + "libseccomp2@2.6.0-2", + "libssl3t64@3.5.6-1~deb13u1", + "libstdc++6@14.2.0-19", + "libsystemd0@257.13-1~deb13u1", + "sqv@1.3.0-3+b2" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/apt", + "/usr/bin/apt-cache", + "/usr/bin/apt-cdrom", + "/usr/bin/apt-config", + "/usr/bin/apt-get", + "/usr/bin/apt-mark", + "/usr/lib/apt/apt-extracttemplates", + "/usr/lib/apt/apt-helper", + "/usr/lib/apt/apt.systemd.daily", + "/usr/lib/apt/methods/cdrom", + "/usr/lib/apt/methods/copy", + "/usr/lib/apt/methods/file", + "/usr/lib/apt/methods/gpgv", + "/usr/lib/apt/methods/http", + "/usr/lib/apt/methods/mirror", + "/usr/lib/apt/methods/rred", + "/usr/lib/apt/methods/sqv", + "/usr/lib/apt/methods/store", + "/usr/lib/apt/solvers/dump", + "/usr/lib/dpkg/methods/apt/desc.apt", + "/usr/lib/dpkg/methods/apt/install", + "/usr/lib/dpkg/methods/apt/names", + "/usr/lib/dpkg/methods/apt/setup", + "/usr/lib/dpkg/methods/apt/update", + "/usr/lib/systemd/system/apt-daily-upgrade.service", + "/usr/lib/systemd/system/apt-daily-upgrade.timer", + "/usr/lib/systemd/system/apt-daily.service", + "/usr/lib/systemd/system/apt-daily.timer", + "/usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0", + "/usr/share/apt/default-sequoia.config", + "/usr/share/bash-completion/completions/apt", + "/usr/share/bug/apt/script", + "/usr/share/doc/apt/NEWS.Debian.gz", + "/usr/share/doc/apt/README.md.gz", + "/usr/share/doc/apt/changelog.gz", + "/usr/share/doc/apt/copyright", + "/usr/share/doc/apt/examples/apt.conf", + "/usr/share/doc/apt/examples/configure-index", + "/usr/share/doc/apt/examples/debian.sources", + "/usr/share/doc/apt/examples/preferences", + "/usr/share/lintian/overrides/apt", + "/usr/share/locale/ar/LC_MESSAGES/apt.mo", + "/usr/share/locale/ast/LC_MESSAGES/apt.mo", + "/usr/share/locale/bg/LC_MESSAGES/apt.mo", + "/usr/share/locale/bs/LC_MESSAGES/apt.mo", + "/usr/share/locale/ca/LC_MESSAGES/apt.mo", + "/usr/share/locale/cs/LC_MESSAGES/apt.mo", + "/usr/share/locale/cy/LC_MESSAGES/apt.mo", + "/usr/share/locale/da/LC_MESSAGES/apt.mo", + "/usr/share/locale/de/LC_MESSAGES/apt.mo", + "/usr/share/locale/dz/LC_MESSAGES/apt.mo", + "/usr/share/locale/el/LC_MESSAGES/apt.mo", + "/usr/share/locale/es/LC_MESSAGES/apt.mo", + "/usr/share/locale/eu/LC_MESSAGES/apt.mo", + "/usr/share/locale/fi/LC_MESSAGES/apt.mo", + "/usr/share/locale/fr/LC_MESSAGES/apt.mo", + "/usr/share/locale/gl/LC_MESSAGES/apt.mo", + "/usr/share/locale/hu/LC_MESSAGES/apt.mo", + "/usr/share/locale/it/LC_MESSAGES/apt.mo", + "/usr/share/locale/ja/LC_MESSAGES/apt.mo", + "/usr/share/locale/km/LC_MESSAGES/apt.mo", + "/usr/share/locale/ko/LC_MESSAGES/apt.mo", + "/usr/share/locale/ku/LC_MESSAGES/apt.mo", + "/usr/share/locale/lt/LC_MESSAGES/apt.mo", + "/usr/share/locale/mr/LC_MESSAGES/apt.mo", + "/usr/share/locale/nb/LC_MESSAGES/apt.mo", + "/usr/share/locale/ne/LC_MESSAGES/apt.mo", + "/usr/share/locale/nl/LC_MESSAGES/apt.mo", + "/usr/share/locale/nn/LC_MESSAGES/apt.mo", + "/usr/share/locale/pl/LC_MESSAGES/apt.mo", + "/usr/share/locale/pt/LC_MESSAGES/apt.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/apt.mo", + "/usr/share/locale/ro/LC_MESSAGES/apt.mo", + "/usr/share/locale/ru/LC_MESSAGES/apt.mo", + "/usr/share/locale/sk/LC_MESSAGES/apt.mo", + "/usr/share/locale/sl/LC_MESSAGES/apt.mo", + "/usr/share/locale/sv/LC_MESSAGES/apt.mo", + "/usr/share/locale/th/LC_MESSAGES/apt.mo", + "/usr/share/locale/tl/LC_MESSAGES/apt.mo", + "/usr/share/locale/tr/LC_MESSAGES/apt.mo", + "/usr/share/locale/uk/LC_MESSAGES/apt.mo", + "/usr/share/locale/vi/LC_MESSAGES/apt.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/apt.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/apt.mo", + "/usr/share/man/de/man1/apt-transport-http.1.gz", + "/usr/share/man/de/man1/apt-transport-https.1.gz", + "/usr/share/man/de/man1/apt-transport-mirror.1.gz", + "/usr/share/man/de/man5/apt.conf.5.gz", + "/usr/share/man/de/man5/apt_auth.conf.5.gz", + "/usr/share/man/de/man5/apt_preferences.5.gz", + "/usr/share/man/de/man5/sources.list.5.gz", + "/usr/share/man/de/man7/apt-patterns.7.gz", + "/usr/share/man/de/man8/apt-cache.8.gz", + "/usr/share/man/de/man8/apt-cdrom.8.gz", + "/usr/share/man/de/man8/apt-config.8.gz", + "/usr/share/man/de/man8/apt-get.8.gz", + "/usr/share/man/de/man8/apt-mark.8.gz", + "/usr/share/man/de/man8/apt-secure.8.gz", + "/usr/share/man/de/man8/apt.8.gz", + "/usr/share/man/es/man5/apt_preferences.5.gz", + "/usr/share/man/es/man8/apt-cache.8.gz", + "/usr/share/man/es/man8/apt-cdrom.8.gz", + "/usr/share/man/es/man8/apt-config.8.gz", + "/usr/share/man/fr/man1/apt-transport-http.1.gz", + "/usr/share/man/fr/man1/apt-transport-https.1.gz", + "/usr/share/man/fr/man1/apt-transport-mirror.1.gz", + "/usr/share/man/fr/man5/apt.conf.5.gz", + "/usr/share/man/fr/man5/apt_auth.conf.5.gz", + "/usr/share/man/fr/man5/apt_preferences.5.gz", + "/usr/share/man/fr/man5/sources.list.5.gz", + "/usr/share/man/fr/man7/apt-patterns.7.gz", + "/usr/share/man/fr/man8/apt-cache.8.gz", + "/usr/share/man/fr/man8/apt-cdrom.8.gz", + "/usr/share/man/fr/man8/apt-config.8.gz", + "/usr/share/man/fr/man8/apt-get.8.gz", + "/usr/share/man/fr/man8/apt-mark.8.gz", + "/usr/share/man/fr/man8/apt-secure.8.gz", + "/usr/share/man/fr/man8/apt.8.gz", + "/usr/share/man/it/man5/apt.conf.5.gz", + "/usr/share/man/it/man5/apt_preferences.5.gz", + "/usr/share/man/it/man8/apt-cache.8.gz", + "/usr/share/man/it/man8/apt-cdrom.8.gz", + "/usr/share/man/it/man8/apt-config.8.gz", + "/usr/share/man/it/man8/apt-mark.8.gz", + "/usr/share/man/it/man8/apt.8.gz", + "/usr/share/man/ja/man5/apt.conf.5.gz", + "/usr/share/man/ja/man5/apt_preferences.5.gz", + "/usr/share/man/ja/man8/apt-cache.8.gz", + "/usr/share/man/ja/man8/apt-cdrom.8.gz", + "/usr/share/man/ja/man8/apt-config.8.gz", + "/usr/share/man/ja/man8/apt-mark.8.gz", + "/usr/share/man/ja/man8/apt.8.gz", + "/usr/share/man/man1/apt-transport-http.1.gz", + "/usr/share/man/man1/apt-transport-https.1.gz", + "/usr/share/man/man1/apt-transport-mirror.1.gz", + "/usr/share/man/man5/apt.conf.5.gz", + "/usr/share/man/man5/apt_auth.conf.5.gz", + "/usr/share/man/man5/apt_preferences.5.gz", + "/usr/share/man/man5/sources.list.5.gz", + "/usr/share/man/man7/apt-patterns.7.gz", + "/usr/share/man/man8/apt-cache.8.gz", + "/usr/share/man/man8/apt-cdrom.8.gz", + "/usr/share/man/man8/apt-config.8.gz", + "/usr/share/man/man8/apt-get.8.gz", + "/usr/share/man/man8/apt-mark.8.gz", + "/usr/share/man/man8/apt-secure.8.gz", + "/usr/share/man/man8/apt.8.gz", + "/usr/share/man/nl/man1/apt-transport-http.1.gz", + "/usr/share/man/nl/man1/apt-transport-https.1.gz", + "/usr/share/man/nl/man1/apt-transport-mirror.1.gz", + "/usr/share/man/nl/man5/apt.conf.5.gz", + "/usr/share/man/nl/man5/apt_auth.conf.5.gz", + "/usr/share/man/nl/man5/apt_preferences.5.gz", + "/usr/share/man/nl/man5/sources.list.5.gz", + "/usr/share/man/nl/man7/apt-patterns.7.gz", + "/usr/share/man/nl/man8/apt-cache.8.gz", + "/usr/share/man/nl/man8/apt-cdrom.8.gz", + "/usr/share/man/nl/man8/apt-config.8.gz", + "/usr/share/man/nl/man8/apt-get.8.gz", + "/usr/share/man/nl/man8/apt-mark.8.gz", + "/usr/share/man/nl/man8/apt-secure.8.gz", + "/usr/share/man/nl/man8/apt.8.gz", + "/usr/share/man/pl/man5/apt_preferences.5.gz", + "/usr/share/man/pl/man8/apt-cache.8.gz", + "/usr/share/man/pl/man8/apt-cdrom.8.gz", + "/usr/share/man/pl/man8/apt-config.8.gz", + "/usr/share/man/pt/man1/apt-transport-http.1.gz", + "/usr/share/man/pt/man1/apt-transport-https.1.gz", + "/usr/share/man/pt/man1/apt-transport-mirror.1.gz", + "/usr/share/man/pt/man5/apt.conf.5.gz", + "/usr/share/man/pt/man5/apt_auth.conf.5.gz", + "/usr/share/man/pt/man5/apt_preferences.5.gz", + "/usr/share/man/pt/man5/sources.list.5.gz", + "/usr/share/man/pt/man7/apt-patterns.7.gz", + "/usr/share/man/pt/man8/apt-cache.8.gz", + "/usr/share/man/pt/man8/apt-cdrom.8.gz", + "/usr/share/man/pt/man8/apt-config.8.gz", + "/usr/share/man/pt/man8/apt-get.8.gz", + "/usr/share/man/pt/man8/apt-mark.8.gz", + "/usr/share/man/pt/man8/apt-secure.8.gz", + "/usr/share/man/pt/man8/apt.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "base-files@13.8+deb13u5", + "Name": "base-files", + "Identifier": { + "PURL": "pkg:deb/debian/base-files@13.8%2Bdeb13u5?arch=amd64\u0026distro=debian-13.5", + "UID": "6b13e330b45e6f4f" + }, + "Version": "13.8+deb13u5", + "Arch": "amd64", + "SrcName": "base-files", + "SrcVersion": "13.8+deb13u5", + "Licenses": [ + "GPL-2.0-or-later", + "verbatim" + ], + "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/os-release", + "/usr/share/base-files/dot.bashrc", + "/usr/share/base-files/dot.profile", + "/usr/share/base-files/dot.profile.md5sums", + "/usr/share/base-files/info.dir", + "/usr/share/base-files/motd", + "/usr/share/base-files/profile", + "/usr/share/base-files/profile.md5sums", + "/usr/share/base-files/staff-group-for-usr-local", + "/usr/share/common-licenses/Apache-2.0", + "/usr/share/common-licenses/Artistic", + "/usr/share/common-licenses/BSD", + "/usr/share/common-licenses/CC0-1.0", + "/usr/share/common-licenses/GFDL-1.2", + "/usr/share/common-licenses/GFDL-1.3", + "/usr/share/common-licenses/GPL-1", + "/usr/share/common-licenses/GPL-2", + "/usr/share/common-licenses/GPL-3", + "/usr/share/common-licenses/LGPL-2", + "/usr/share/common-licenses/LGPL-2.1", + "/usr/share/common-licenses/LGPL-3", + "/usr/share/common-licenses/MPL-1.1", + "/usr/share/common-licenses/MPL-2.0", + "/usr/share/doc/base-files/NEWS.Debian.gz", + "/usr/share/doc/base-files/README", + "/usr/share/doc/base-files/README.FHS", + "/usr/share/doc/base-files/changelog.gz", + "/usr/share/doc/base-files/copyright", + "/usr/share/lintian/overrides/base-files" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "base-passwd@3.6.7", + "Name": "base-passwd", + "Identifier": { + "PURL": "pkg:deb/debian/base-passwd@3.6.7?arch=amd64\u0026distro=debian-13.5", + "UID": "f77779fa356eca05" + }, + "Version": "3.6.7", + "Arch": "amd64", + "SrcName": "base-passwd", + "SrcVersion": "3.6.7", + "Licenses": [ + "GPL-2.0-only", + "public-domain" + ], + "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libdebconfclient0@0.280", + "libselinux1@3.8.1-1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/sbin/update-passwd", + "/usr/share/base-passwd/group.master", + "/usr/share/base-passwd/passwd.master", + "/usr/share/doc-base/base-passwd.users-and-groups", + "/usr/share/doc/base-passwd/README", + "/usr/share/doc/base-passwd/changelog.gz", + "/usr/share/doc/base-passwd/copyright", + "/usr/share/doc/base-passwd/users-and-groups.html", + "/usr/share/doc/base-passwd/users-and-groups.txt.gz", + "/usr/share/lintian/overrides/base-passwd", + "/usr/share/man/de/man8/update-passwd.8.gz", + "/usr/share/man/es/man8/update-passwd.8.gz", + "/usr/share/man/fr/man8/update-passwd.8.gz", + "/usr/share/man/ja/man8/update-passwd.8.gz", + "/usr/share/man/man8/update-passwd.8.gz", + "/usr/share/man/pl/man8/update-passwd.8.gz", + "/usr/share/man/ro/man8/update-passwd.8.gz", + "/usr/share/man/ru/man8/update-passwd.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "bash@5.2.37-2+b9", + "Name": "bash", + "Identifier": { + "PURL": "pkg:deb/debian/bash@5.2.37-2%2Bb9?arch=amd64\u0026distro=debian-13.5", + "UID": "f36f9b3693158651" + }, + "Version": "5.2.37", + "Release": "2+b9", + "Arch": "amd64", + "SrcName": "bash", + "SrcVersion": "5.2.37", + "SrcRelease": "2", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "GPL-2.0-or-later", + "GPL-2.0-only", + "GFDL-1.3-no-invariants-only", + "GFDL-1.3-only", + "Latex2e", + "BSD-4-Clause-UC", + "MIT", + "permissive" + ], + "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "base-files@13.8+deb13u5", + "debianutils@5.23.2" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/bash", + "/usr/bin/bashbug", + "/usr/bin/clear_console", + "/usr/share/debianutils/shells.d/bash", + "/usr/share/doc/bash/CHANGES.gz", + "/usr/share/doc/bash/COMPAT.gz", + "/usr/share/doc/bash/INTRO.gz", + "/usr/share/doc/bash/NEWS.gz", + "/usr/share/doc/bash/POSIX.gz", + "/usr/share/doc/bash/RBASH", + "/usr/share/doc/bash/README.Debian.gz", + "/usr/share/doc/bash/README.abs-guide", + "/usr/share/doc/bash/README.commands.gz", + "/usr/share/doc/bash/README.gz", + "/usr/share/doc/bash/changelog.Debian.amd64.gz", + "/usr/share/doc/bash/changelog.Debian.gz", + "/usr/share/doc/bash/changelog.gz", + "/usr/share/doc/bash/copyright", + "/usr/share/doc/bash/inputrc.arrows", + "/usr/share/lintian/overrides/bash", + "/usr/share/locale/af/LC_MESSAGES/bash.mo", + "/usr/share/locale/bg/LC_MESSAGES/bash.mo", + "/usr/share/locale/ca/LC_MESSAGES/bash.mo", + "/usr/share/locale/cs/LC_MESSAGES/bash.mo", + "/usr/share/locale/da/LC_MESSAGES/bash.mo", + "/usr/share/locale/de/LC_MESSAGES/bash.mo", + "/usr/share/locale/el/LC_MESSAGES/bash.mo", + "/usr/share/locale/en@boldquot/LC_MESSAGES/bash.mo", + "/usr/share/locale/en@quot/LC_MESSAGES/bash.mo", + "/usr/share/locale/eo/LC_MESSAGES/bash.mo", + "/usr/share/locale/es/LC_MESSAGES/bash.mo", + "/usr/share/locale/et/LC_MESSAGES/bash.mo", + "/usr/share/locale/fi/LC_MESSAGES/bash.mo", + "/usr/share/locale/fr/LC_MESSAGES/bash.mo", + "/usr/share/locale/ga/LC_MESSAGES/bash.mo", + "/usr/share/locale/gl/LC_MESSAGES/bash.mo", + "/usr/share/locale/hr/LC_MESSAGES/bash.mo", + "/usr/share/locale/hu/LC_MESSAGES/bash.mo", + "/usr/share/locale/id/LC_MESSAGES/bash.mo", + "/usr/share/locale/it/LC_MESSAGES/bash.mo", + "/usr/share/locale/ja/LC_MESSAGES/bash.mo", + "/usr/share/locale/ko/LC_MESSAGES/bash.mo", + "/usr/share/locale/lt/LC_MESSAGES/bash.mo", + "/usr/share/locale/nb/LC_MESSAGES/bash.mo", + "/usr/share/locale/nl/LC_MESSAGES/bash.mo", + "/usr/share/locale/pl/LC_MESSAGES/bash.mo", + "/usr/share/locale/pt/LC_MESSAGES/bash.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/bash.mo", + "/usr/share/locale/ro/LC_MESSAGES/bash.mo", + "/usr/share/locale/ru/LC_MESSAGES/bash.mo", + "/usr/share/locale/sk/LC_MESSAGES/bash.mo", + "/usr/share/locale/sl/LC_MESSAGES/bash.mo", + "/usr/share/locale/sr/LC_MESSAGES/bash.mo", + "/usr/share/locale/sv/LC_MESSAGES/bash.mo", + "/usr/share/locale/tr/LC_MESSAGES/bash.mo", + "/usr/share/locale/uk/LC_MESSAGES/bash.mo", + "/usr/share/locale/vi/LC_MESSAGES/bash.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/bash.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/bash.mo", + "/usr/share/man/man1/bash.1.gz", + "/usr/share/man/man1/bashbug.1.gz", + "/usr/share/man/man1/clear_console.1.gz", + "/usr/share/man/man1/rbash.1.gz", + "/usr/share/man/man7/bash-builtins.7.gz", + "/usr/share/menu/bash" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "bsdutils@1:2.41-5", + "Name": "bsdutils", + "Identifier": { + "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "5843733a461e6ce1" + }, + "Version": "2.41", + "Release": "5", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/logger", + "/usr/bin/renice", + "/usr/bin/script", + "/usr/bin/scriptlive", + "/usr/bin/scriptreplay", + "/usr/bin/wall", + "/usr/share/bash-completion/completions/logger", + "/usr/share/bash-completion/completions/renice", + "/usr/share/bash-completion/completions/script", + "/usr/share/bash-completion/completions/scriptlive", + "/usr/share/bash-completion/completions/scriptreplay", + "/usr/share/bash-completion/completions/wall", + "/usr/share/doc/bsdutils/NEWS.Debian.gz", + "/usr/share/doc/bsdutils/changelog.Debian.gz", + "/usr/share/doc/bsdutils/changelog.gz", + "/usr/share/doc/bsdutils/copyright", + "/usr/share/lintian/overrides/bsdutils", + "/usr/share/man/man1/logger.1.gz", + "/usr/share/man/man1/renice.1.gz", + "/usr/share/man/man1/script.1.gz", + "/usr/share/man/man1/scriptlive.1.gz", + "/usr/share/man/man1/scriptreplay.1.gz", + "/usr/share/man/man1/wall.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "ca-certificates@20250419", + "Name": "ca-certificates", + "Identifier": { + "PURL": "pkg:deb/debian/ca-certificates@20250419?arch=all\u0026distro=debian-13.5", + "UID": "2c691dbd8cebdf2a" + }, + "Version": "20250419", + "Arch": "all", + "SrcName": "ca-certificates", + "SrcVersion": "20250419", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "MPL-2.0" + ], + "Maintainer": "Julien Cristau \u003cjcristau@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.91", + "openssl@3.5.6-1~deb13u1" + ], + "Layer": { + "Digest": "sha256:8649771fee179d7c2590c94f533aaa5fceb70e36e25dec83672fe836d99577c5", + "DiffID": "sha256:98df1ca0e575d9026c1abd12994fad3c14effa4558d50b6961fd586930956b26" + }, + "InstalledFiles": [ + "/usr/sbin/update-ca-certificates", + "/usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", + "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", + "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", + "/usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", + "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", + "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", + "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", + "/usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", + "/usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", + "/usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", + "/usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", + "/usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", + "/usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", + "/usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", + "/usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", + "/usr/share/ca-certificates/mozilla/Certigna.crt", + "/usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", + "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", + "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", + "/usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-01.crt", + "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-02.crt", + "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-01.crt", + "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-02.crt", + "/usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_2_2023.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_2_2023.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", + "/usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", + "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", + "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", + "/usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", + "/usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", + "/usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", + "/usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", + "/usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", + "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", + "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", + "/usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", + "/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", + "/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", + "/usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", + "/usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", + "/usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", + "/usr/share/ca-certificates/mozilla/Izenpe.com.crt", + "/usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", + "/usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", + "/usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", + "/usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", + "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", + "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", + "/usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", + "/usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", + "/usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", + "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", + "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", + "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", + "/usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", + "/usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", + "/usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", + "/usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", + "/usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", + "/usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", + "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", + "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", + "/usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", + "/usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", + "/usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", + "/usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", + "/usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", + "/usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", + "/usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", + "/usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", + "/usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", + "/usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", + "/usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", + "/usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", + "/usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", + "/usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", + "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", + "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", + "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", + "/usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt", + "/usr/share/doc/ca-certificates/README.Debian", + "/usr/share/doc/ca-certificates/changelog.gz", + "/usr/share/doc/ca-certificates/copyright", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/Makefile", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/README", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/ca-certificates-local.triggers", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/changelog", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/compat", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/control", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/copyright", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/postrm", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/rules", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/source/format", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Local_Root_CA.crt", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Makefile", + "/usr/share/man/man8/update-ca-certificates.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "coreutils@9.7-3", + "Name": "coreutils", + "Identifier": { + "PURL": "pkg:deb/debian/coreutils@9.7-3?arch=amd64\u0026distro=debian-13.5", + "UID": "cb4a55f50bda2393" + }, + "Version": "9.7", + "Release": "3", + "Arch": "amd64", + "SrcName": "coreutils", + "SrcVersion": "9.7", + "SrcRelease": "3", + "Licenses": [ + "GPL-3.0-or-later", + "BSD-4-Clause-UC", + "GPL-3.0-only", + "ISC", + "FSFULLR", + "GFDL-1.3-no-invariants-only", + "GFDL-1.3-only" + ], + "Maintainer": "Michael Stone \u003cmstone@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/[", + "/usr/bin/arch", + "/usr/bin/b2sum", + "/usr/bin/base32", + "/usr/bin/base64", + "/usr/bin/basename", + "/usr/bin/basenc", + "/usr/bin/cat", + "/usr/bin/chcon", + "/usr/bin/chgrp", + "/usr/bin/chmod", + "/usr/bin/chown", + "/usr/bin/cksum", + "/usr/bin/comm", + "/usr/bin/cp", + "/usr/bin/csplit", + "/usr/bin/cut", + "/usr/bin/date", + "/usr/bin/dd", + "/usr/bin/df", + "/usr/bin/dir", + "/usr/bin/dircolors", + "/usr/bin/dirname", + "/usr/bin/du", + "/usr/bin/echo", + "/usr/bin/env", + "/usr/bin/expand", + "/usr/bin/expr", + "/usr/bin/factor", + "/usr/bin/false", + "/usr/bin/fmt", + "/usr/bin/fold", + "/usr/bin/groups", + "/usr/bin/head", + "/usr/bin/hostid", + "/usr/bin/id", + "/usr/bin/install", + "/usr/bin/join", + "/usr/bin/link", + "/usr/bin/ln", + "/usr/bin/logname", + "/usr/bin/ls", + "/usr/bin/md5sum", + "/usr/bin/mkdir", + "/usr/bin/mkfifo", + "/usr/bin/mknod", + "/usr/bin/mktemp", + "/usr/bin/mv", + "/usr/bin/nice", + "/usr/bin/nl", + "/usr/bin/nohup", + "/usr/bin/nproc", + "/usr/bin/numfmt", + "/usr/bin/od", + "/usr/bin/paste", + "/usr/bin/pathchk", + "/usr/bin/pinky", + "/usr/bin/pr", + "/usr/bin/printenv", + "/usr/bin/printf", + "/usr/bin/ptx", + "/usr/bin/pwd", + "/usr/bin/readlink", + "/usr/bin/realpath", + "/usr/bin/rm", + "/usr/bin/rmdir", + "/usr/bin/runcon", + "/usr/bin/seq", + "/usr/bin/sha1sum", + "/usr/bin/sha224sum", + "/usr/bin/sha256sum", + "/usr/bin/sha384sum", + "/usr/bin/sha512sum", + "/usr/bin/shred", + "/usr/bin/shuf", + "/usr/bin/sleep", + "/usr/bin/sort", + "/usr/bin/split", + "/usr/bin/stat", + "/usr/bin/stdbuf", + "/usr/bin/stty", + "/usr/bin/sum", + "/usr/bin/sync", + "/usr/bin/tac", + "/usr/bin/tail", + "/usr/bin/tee", + "/usr/bin/test", + "/usr/bin/timeout", + "/usr/bin/touch", + "/usr/bin/tr", + "/usr/bin/true", + "/usr/bin/truncate", + "/usr/bin/tsort", + "/usr/bin/tty", + "/usr/bin/uname", + "/usr/bin/unexpand", + "/usr/bin/uniq", + "/usr/bin/unlink", + "/usr/bin/users", + "/usr/bin/vdir", + "/usr/bin/wc", + "/usr/bin/who", + "/usr/bin/whoami", + "/usr/bin/yes", + "/usr/libexec/coreutils/libstdbuf.so", + "/usr/sbin/chroot", + "/usr/share/doc/coreutils/AUTHORS", + "/usr/share/doc/coreutils/NEWS.gz", + "/usr/share/doc/coreutils/README.Debian", + "/usr/share/doc/coreutils/README.gz", + "/usr/share/doc/coreutils/THANKS.gz", + "/usr/share/doc/coreutils/TODO.gz", + "/usr/share/doc/coreutils/changelog.Debian.gz", + "/usr/share/doc/coreutils/changelog.gz", + "/usr/share/doc/coreutils/copyright", + "/usr/share/info/coreutils.info.gz", + "/usr/share/lintian/overrides/coreutils", + "/usr/share/locale/af/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/be/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/bg/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ca/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/cs/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/da/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/de/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/el/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/eo/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/es/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/et/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/eu/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/fi/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/fr/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ga/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/gl/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/hr/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/hu/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ia/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/id/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/it/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ja/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ka/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/kk/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ko/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/lg/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/lt/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ms/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/nb/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/nl/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/pl/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/pt/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ro/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ru/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/sk/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/sl/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/sr/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/sv/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ta/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/tr/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/uk/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/vi/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/coreutils.mo", + "/usr/share/man/man1/arch.1.gz", + "/usr/share/man/man1/b2sum.1.gz", + "/usr/share/man/man1/base32.1.gz", + "/usr/share/man/man1/base64.1.gz", + "/usr/share/man/man1/basename.1.gz", + "/usr/share/man/man1/basenc.1.gz", + "/usr/share/man/man1/cat.1.gz", + "/usr/share/man/man1/chcon.1.gz", + "/usr/share/man/man1/chgrp.1.gz", + "/usr/share/man/man1/chmod.1.gz", + "/usr/share/man/man1/chown.1.gz", + "/usr/share/man/man1/cksum.1.gz", + "/usr/share/man/man1/comm.1.gz", + "/usr/share/man/man1/cp.1.gz", + "/usr/share/man/man1/csplit.1.gz", + "/usr/share/man/man1/cut.1.gz", + "/usr/share/man/man1/date.1.gz", + "/usr/share/man/man1/dd.1.gz", + "/usr/share/man/man1/df.1.gz", + "/usr/share/man/man1/dir.1.gz", + "/usr/share/man/man1/dircolors.1.gz", + "/usr/share/man/man1/dirname.1.gz", + "/usr/share/man/man1/du.1.gz", + "/usr/share/man/man1/echo.1.gz", + "/usr/share/man/man1/env.1.gz", + "/usr/share/man/man1/expand.1.gz", + "/usr/share/man/man1/expr.1.gz", + "/usr/share/man/man1/factor.1.gz", + "/usr/share/man/man1/false.1.gz", + "/usr/share/man/man1/fmt.1.gz", + "/usr/share/man/man1/fold.1.gz", + "/usr/share/man/man1/groups.1.gz", + "/usr/share/man/man1/head.1.gz", + "/usr/share/man/man1/hostid.1.gz", + "/usr/share/man/man1/id.1.gz", + "/usr/share/man/man1/install.1.gz", + "/usr/share/man/man1/join.1.gz", + "/usr/share/man/man1/link.1.gz", + "/usr/share/man/man1/ln.1.gz", + "/usr/share/man/man1/logname.1.gz", + "/usr/share/man/man1/ls.1.gz", + "/usr/share/man/man1/md5sum.1.gz", + "/usr/share/man/man1/mkdir.1.gz", + "/usr/share/man/man1/mkfifo.1.gz", + "/usr/share/man/man1/mknod.1.gz", + "/usr/share/man/man1/mktemp.1.gz", + "/usr/share/man/man1/mv.1.gz", + "/usr/share/man/man1/nice.1.gz", + "/usr/share/man/man1/nl.1.gz", + "/usr/share/man/man1/nohup.1.gz", + "/usr/share/man/man1/nproc.1.gz", + "/usr/share/man/man1/numfmt.1.gz", + "/usr/share/man/man1/od.1.gz", + "/usr/share/man/man1/paste.1.gz", + "/usr/share/man/man1/pathchk.1.gz", + "/usr/share/man/man1/pinky.1.gz", + "/usr/share/man/man1/pr.1.gz", + "/usr/share/man/man1/printenv.1.gz", + "/usr/share/man/man1/printf.1.gz", + "/usr/share/man/man1/ptx.1.gz", + "/usr/share/man/man1/pwd.1.gz", + "/usr/share/man/man1/readlink.1.gz", + "/usr/share/man/man1/realpath.1.gz", + "/usr/share/man/man1/rm.1.gz", + "/usr/share/man/man1/rmdir.1.gz", + "/usr/share/man/man1/runcon.1.gz", + "/usr/share/man/man1/seq.1.gz", + "/usr/share/man/man1/sha1sum.1.gz", + "/usr/share/man/man1/sha224sum.1.gz", + "/usr/share/man/man1/sha256sum.1.gz", + "/usr/share/man/man1/sha384sum.1.gz", + "/usr/share/man/man1/sha512sum.1.gz", + "/usr/share/man/man1/shred.1.gz", + "/usr/share/man/man1/shuf.1.gz", + "/usr/share/man/man1/sleep.1.gz", + "/usr/share/man/man1/sort.1.gz", + "/usr/share/man/man1/split.1.gz", + "/usr/share/man/man1/stat.1.gz", + "/usr/share/man/man1/stdbuf.1.gz", + "/usr/share/man/man1/stty.1.gz", + "/usr/share/man/man1/sum.1.gz", + "/usr/share/man/man1/sync.1.gz", + "/usr/share/man/man1/tac.1.gz", + "/usr/share/man/man1/tail.1.gz", + "/usr/share/man/man1/tee.1.gz", + "/usr/share/man/man1/test.1.gz", + "/usr/share/man/man1/timeout.1.gz", + "/usr/share/man/man1/touch.1.gz", + "/usr/share/man/man1/tr.1.gz", + "/usr/share/man/man1/true.1.gz", + "/usr/share/man/man1/truncate.1.gz", + "/usr/share/man/man1/tsort.1.gz", + "/usr/share/man/man1/tty.1.gz", + "/usr/share/man/man1/uname.1.gz", + "/usr/share/man/man1/unexpand.1.gz", + "/usr/share/man/man1/uniq.1.gz", + "/usr/share/man/man1/unlink.1.gz", + "/usr/share/man/man1/users.1.gz", + "/usr/share/man/man1/vdir.1.gz", + "/usr/share/man/man1/wc.1.gz", + "/usr/share/man/man1/who.1.gz", + "/usr/share/man/man1/whoami.1.gz", + "/usr/share/man/man1/yes.1.gz", + "/usr/share/man/man8/chroot.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "dash@0.5.12-12", + "Name": "dash", + "Identifier": { + "PURL": "pkg:deb/debian/dash@0.5.12-12?arch=amd64\u0026distro=debian-13.5", + "UID": "4990b2098a2a3724" + }, + "Version": "0.5.12", + "Release": "12", + "Arch": "amd64", + "SrcName": "dash", + "SrcVersion": "0.5.12", + "SrcRelease": "12", + "Licenses": [ + "BSD-3-Clause", + "public-domain", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Andrej Shadura \u003candrewsh@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debianutils@5.23.2" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/dash", + "/usr/share/debianutils/shells.d/dash", + "/usr/share/doc/dash/README.Debian.diet", + "/usr/share/doc/dash/README.source", + "/usr/share/doc/dash/changelog.Debian.gz", + "/usr/share/doc/dash/changelog.gz", + "/usr/share/doc/dash/copyright", + "/usr/share/lintian/overrides/dash", + "/usr/share/man/man1/dash.1.gz", + "/usr/share/menu/dash" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "debconf@1.5.91", + "Name": "debconf", + "Identifier": { + "PURL": "pkg:deb/debian/debconf@1.5.91?arch=all\u0026distro=debian-13.5", + "UID": "f7c8b7ba83ed5cfe" + }, + "Version": "1.5.91", + "Arch": "all", + "SrcName": "debconf", + "SrcVersion": "1.5.91", + "Licenses": [ + "BSD-2-Clause" + ], + "Maintainer": "Debconf Developers \u003cdebconf-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/debconf", + "/usr/bin/debconf-apt-progress", + "/usr/bin/debconf-communicate", + "/usr/bin/debconf-copydb", + "/usr/bin/debconf-escape", + "/usr/bin/debconf-set-selections", + "/usr/bin/debconf-show", + "/usr/sbin/dpkg-preconfigure", + "/usr/sbin/dpkg-reconfigure", + "/usr/share/bash-completion/completions/debconf", + "/usr/share/debconf/confmodule", + "/usr/share/debconf/confmodule.sh", + "/usr/share/debconf/debconf.conf", + "/usr/share/debconf/fix_db.pl", + "/usr/share/debconf/frontend", + "/usr/share/doc/debconf/README.Debian", + "/usr/share/doc/debconf/changelog.gz", + "/usr/share/doc/debconf/copyright", + "/usr/share/lintian/overrides/debconf", + "/usr/share/man/man1/debconf-apt-progress.1.gz", + "/usr/share/man/man1/debconf-communicate.1.gz", + "/usr/share/man/man1/debconf-copydb.1.gz", + "/usr/share/man/man1/debconf-escape.1.gz", + "/usr/share/man/man1/debconf-set-selections.1.gz", + "/usr/share/man/man1/debconf-show.1.gz", + "/usr/share/man/man1/debconf.1.gz", + "/usr/share/man/man8/dpkg-preconfigure.8.gz", + "/usr/share/man/man8/dpkg-reconfigure.8.gz", + "/usr/share/perl5/Debconf/AutoSelect.pm", + "/usr/share/perl5/Debconf/Base.pm", + "/usr/share/perl5/Debconf/Client/ConfModule.pm", + "/usr/share/perl5/Debconf/ConfModule.pm", + "/usr/share/perl5/Debconf/Config.pm", + "/usr/share/perl5/Debconf/Db.pm", + "/usr/share/perl5/Debconf/DbDriver.pm", + "/usr/share/perl5/Debconf/DbDriver/Backup.pm", + "/usr/share/perl5/Debconf/DbDriver/Cache.pm", + "/usr/share/perl5/Debconf/DbDriver/Copy.pm", + "/usr/share/perl5/Debconf/DbDriver/Debug.pm", + "/usr/share/perl5/Debconf/DbDriver/DirTree.pm", + "/usr/share/perl5/Debconf/DbDriver/Directory.pm", + "/usr/share/perl5/Debconf/DbDriver/File.pm", + "/usr/share/perl5/Debconf/DbDriver/LDAP.pm", + "/usr/share/perl5/Debconf/DbDriver/PackageDir.pm", + "/usr/share/perl5/Debconf/DbDriver/Pipe.pm", + "/usr/share/perl5/Debconf/DbDriver/Stack.pm", + "/usr/share/perl5/Debconf/Element.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Error.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Note.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Password.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Progress.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Select.pm", + "/usr/share/perl5/Debconf/Element/Dialog/String.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Text.pm", + "/usr/share/perl5/Debconf/Element/Editor/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Editor/Error.pm", + "/usr/share/perl5/Debconf/Element/Editor/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Editor/Note.pm", + "/usr/share/perl5/Debconf/Element/Editor/Password.pm", + "/usr/share/perl5/Debconf/Element/Editor/Progress.pm", + "/usr/share/perl5/Debconf/Element/Editor/Select.pm", + "/usr/share/perl5/Debconf/Element/Editor/String.pm", + "/usr/share/perl5/Debconf/Element/Editor/Text.pm", + "/usr/share/perl5/Debconf/Element/Gnome.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Error.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Note.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Password.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Progress.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Select.pm", + "/usr/share/perl5/Debconf/Element/Gnome/String.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Text.pm", + "/usr/share/perl5/Debconf/Element/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Error.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Note.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Password.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Progress.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Select.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/String.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Text.pm", + "/usr/share/perl5/Debconf/Element/Select.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Error.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Note.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Password.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Progress.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Select.pm", + "/usr/share/perl5/Debconf/Element/Teletype/String.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Text.pm", + "/usr/share/perl5/Debconf/Element/Web/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Web/Error.pm", + "/usr/share/perl5/Debconf/Element/Web/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Web/Note.pm", + "/usr/share/perl5/Debconf/Element/Web/Password.pm", + "/usr/share/perl5/Debconf/Element/Web/Progress.pm", + "/usr/share/perl5/Debconf/Element/Web/Select.pm", + "/usr/share/perl5/Debconf/Element/Web/String.pm", + "/usr/share/perl5/Debconf/Element/Web/Text.pm", + "/usr/share/perl5/Debconf/Encoding.pm", + "/usr/share/perl5/Debconf/Format.pm", + "/usr/share/perl5/Debconf/Format/822.pm", + "/usr/share/perl5/Debconf/FrontEnd.pm", + "/usr/share/perl5/Debconf/FrontEnd/Dialog.pm", + "/usr/share/perl5/Debconf/FrontEnd/Editor.pm", + "/usr/share/perl5/Debconf/FrontEnd/Gnome.pm", + "/usr/share/perl5/Debconf/FrontEnd/Kde.pm", + "/usr/share/perl5/Debconf/FrontEnd/Noninteractive.pm", + "/usr/share/perl5/Debconf/FrontEnd/Passthrough.pm", + "/usr/share/perl5/Debconf/FrontEnd/Readline.pm", + "/usr/share/perl5/Debconf/FrontEnd/ScreenSize.pm", + "/usr/share/perl5/Debconf/FrontEnd/Teletype.pm", + "/usr/share/perl5/Debconf/FrontEnd/Text.pm", + "/usr/share/perl5/Debconf/FrontEnd/Web.pm", + "/usr/share/perl5/Debconf/Gettext.pm", + "/usr/share/perl5/Debconf/Iterator.pm", + "/usr/share/perl5/Debconf/Log.pm", + "/usr/share/perl5/Debconf/Path.pm", + "/usr/share/perl5/Debconf/Priority.pm", + "/usr/share/perl5/Debconf/Question.pm", + "/usr/share/perl5/Debconf/Template.pm", + "/usr/share/perl5/Debconf/Template/Transient.pm", + "/usr/share/perl5/Debconf/TmpFile.pm", + "/usr/share/perl5/Debian/DebConf/Client/ConfModule.pm", + "/usr/share/pixmaps/debian-logo.png" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "debian-archive-keyring@2025.1", + "Name": "debian-archive-keyring", + "Identifier": { + "PURL": "pkg:deb/debian/debian-archive-keyring@2025.1?arch=all\u0026distro=debian-13.5", + "UID": "a22d861380b1187c" + }, + "Version": "2025.1", + "Arch": "all", + "SrcName": "debian-archive-keyring", + "SrcVersion": "2025.1", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Debian Release Team \u003cpackages@release.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/share/doc/debian-archive-keyring/NEWS.Debian.gz", + "/usr/share/doc/debian-archive-keyring/README", + "/usr/share/doc/debian-archive-keyring/changelog.gz", + "/usr/share/doc/debian-archive-keyring/copyright", + "/usr/share/keyrings/debian-archive-bookworm-automatic.pgp", + "/usr/share/keyrings/debian-archive-bookworm-security-automatic.pgp", + "/usr/share/keyrings/debian-archive-bookworm-stable.pgp", + "/usr/share/keyrings/debian-archive-bullseye-automatic.pgp", + "/usr/share/keyrings/debian-archive-bullseye-security-automatic.pgp", + "/usr/share/keyrings/debian-archive-bullseye-stable.pgp", + "/usr/share/keyrings/debian-archive-keyring.pgp", + "/usr/share/keyrings/debian-archive-removed-keys.pgp", + "/usr/share/keyrings/debian-archive-trixie-automatic.pgp", + "/usr/share/keyrings/debian-archive-trixie-security-automatic.pgp", + "/usr/share/keyrings/debian-archive-trixie-stable.pgp" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "debianutils@5.23.2", + "Name": "debianutils", + "Identifier": { + "PURL": "pkg:deb/debian/debianutils@5.23.2?arch=amd64\u0026distro=debian-13.5", + "UID": "3c5d0b66afafddbb" + }, + "Version": "5.23.2", + "Arch": "amd64", + "SrcName": "debianutils", + "SrcVersion": "5.23.2", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "public-domain", + "SMAIL-GPL" + ], + "Maintainer": "Ileana Dumitrescu \u003cileanadumitrescu95@gmail.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/ischroot", + "/usr/bin/run-parts", + "/usr/bin/savelog", + "/usr/bin/tempfile", + "/usr/bin/which.debianutils", + "/usr/sbin/add-shell", + "/usr/sbin/installkernel", + "/usr/sbin/remove-shell", + "/usr/sbin/update-shells", + "/usr/share/debianutils/shells", + "/usr/share/doc/debianutils/README.shells", + "/usr/share/doc/debianutils/changelog.gz", + "/usr/share/doc/debianutils/copyright", + "/usr/share/man/de/man1/which.debianutils.1.gz", + "/usr/share/man/de/man8/add-shell.8.gz", + "/usr/share/man/de/man8/installkernel.8.gz", + "/usr/share/man/de/man8/remove-shell.8.gz", + "/usr/share/man/de/man8/run-parts.8.gz", + "/usr/share/man/de/man8/savelog.8.gz", + "/usr/share/man/es/man1/which.debianutils.1.gz", + "/usr/share/man/es/man8/add-shell.8.gz", + "/usr/share/man/es/man8/installkernel.8.gz", + "/usr/share/man/es/man8/remove-shell.8.gz", + "/usr/share/man/es/man8/run-parts.8.gz", + "/usr/share/man/es/man8/savelog.8.gz", + "/usr/share/man/fr/man1/which.debianutils.1.gz", + "/usr/share/man/fr/man8/add-shell.8.gz", + "/usr/share/man/fr/man8/installkernel.8.gz", + "/usr/share/man/fr/man8/remove-shell.8.gz", + "/usr/share/man/fr/man8/run-parts.8.gz", + "/usr/share/man/fr/man8/savelog.8.gz", + "/usr/share/man/it/man1/which.debianutils.1.gz", + "/usr/share/man/it/man8/add-shell.8.gz", + "/usr/share/man/it/man8/installkernel.8.gz", + "/usr/share/man/it/man8/remove-shell.8.gz", + "/usr/share/man/it/man8/run-parts.8.gz", + "/usr/share/man/it/man8/savelog.8.gz", + "/usr/share/man/ja/man1/which.debianutils.1.gz", + "/usr/share/man/ja/man8/add-shell.8.gz", + "/usr/share/man/ja/man8/installkernel.8.gz", + "/usr/share/man/ja/man8/remove-shell.8.gz", + "/usr/share/man/ja/man8/run-parts.8.gz", + "/usr/share/man/ja/man8/savelog.8.gz", + "/usr/share/man/man1/ischroot.1.gz", + "/usr/share/man/man1/tempfile.1.gz", + "/usr/share/man/man1/which.debianutils.1.gz", + "/usr/share/man/man8/add-shell.8.gz", + "/usr/share/man/man8/installkernel.8.gz", + "/usr/share/man/man8/remove-shell.8.gz", + "/usr/share/man/man8/run-parts.8.gz", + "/usr/share/man/man8/savelog.8.gz", + "/usr/share/man/man8/update-shells.8.gz", + "/usr/share/man/pl/man1/which.debianutils.1.gz", + "/usr/share/man/pl/man8/add-shell.8.gz", + "/usr/share/man/pl/man8/installkernel.8.gz", + "/usr/share/man/pl/man8/remove-shell.8.gz", + "/usr/share/man/pl/man8/run-parts.8.gz", + "/usr/share/man/pl/man8/savelog.8.gz", + "/usr/share/man/pt/man1/which.debianutils.1.gz", + "/usr/share/man/pt/man8/add-shell.8.gz", + "/usr/share/man/pt/man8/installkernel.8.gz", + "/usr/share/man/pt/man8/remove-shell.8.gz", + "/usr/share/man/pt/man8/run-parts.8.gz", + "/usr/share/man/pt/man8/savelog.8.gz", + "/usr/share/man/sl/man1/which.debianutils.1.gz", + "/usr/share/man/sl/man8/add-shell.8.gz", + "/usr/share/man/sl/man8/installkernel.8.gz", + "/usr/share/man/sl/man8/remove-shell.8.gz", + "/usr/share/man/sl/man8/run-parts.8.gz", + "/usr/share/man/sl/man8/savelog.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "diffutils@1:3.10-4", + "Name": "diffutils", + "Identifier": { + "PURL": "pkg:deb/debian/diffutils@3.10-4?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "852f693a78aaa149" + }, + "Version": "3.10", + "Release": "4", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "diffutils", + "SrcVersion": "3.10", + "SrcRelease": "4", + "SrcEpoch": 1, + "Licenses": [ + "GPL-3.0-or-later", + "FSFULLR", + "LGPL-2.1-or-later", + "GPL-3.0-with-autoconf-exception+", + "GPL-3.0-only", + "GPL-3+ with texinfo exception", + "LGPL-2.0-or-later", + "GPL-2.0-or-later", + "X11", + "FSFAP", + "GFDL-1.3-no-invariants-only", + "LGPL-3.0-or-later", + "LGPL-3.0-only", + "public-domain", + "LGPL-2.0-only", + "LGPL-2.1-only", + "GPL-2.0-only", + "GFDL-1.3-only" + ], + "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/cmp", + "/usr/bin/diff", + "/usr/bin/diff3", + "/usr/bin/sdiff", + "/usr/share/doc/diffutils/NEWS.gz", + "/usr/share/doc/diffutils/changelog.Debian.gz", + "/usr/share/doc/diffutils/changelog.gz", + "/usr/share/doc/diffutils/copyright", + "/usr/share/info/diffutils.info.gz", + "/usr/share/locale/bg/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ca/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/cs/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/da/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/de/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/el/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/eo/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/es/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/fi/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/fr/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ga/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/gl/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/he/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/hr/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/hu/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/id/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/it/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ja/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ka/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ko/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/lv/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ms/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/nb/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/nl/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/pl/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/pt/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ro/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ru/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/sr/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/sv/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/tr/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/uk/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/vi/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/diffutils.mo", + "/usr/share/man/man1/cmp.1.gz", + "/usr/share/man/man1/diff.1.gz", + "/usr/share/man/man1/diff3.1.gz", + "/usr/share/man/man1/sdiff.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "dpkg@1.22.22", + "Name": "dpkg", + "Identifier": { + "PURL": "pkg:deb/debian/dpkg@1.22.22?arch=amd64\u0026distro=debian-13.5", + "UID": "7b97f27e3bec0417" + }, + "Version": "1.22.22", + "Arch": "amd64", + "SrcName": "dpkg", + "SrcVersion": "1.22.22", + "Licenses": [ + "GPL-2.0-or-later", + "public-domain-s-s-d", + "GPL-2.0-only" + ], + "Maintainer": "Dpkg Developers \u003cdebian-dpkg@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "tar@1.35+dfsg-3.1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/dpkg", + "/usr/bin/dpkg-deb", + "/usr/bin/dpkg-divert", + "/usr/bin/dpkg-maintscript-helper", + "/usr/bin/dpkg-query", + "/usr/bin/dpkg-realpath", + "/usr/bin/dpkg-split", + "/usr/bin/dpkg-statoverride", + "/usr/bin/dpkg-trigger", + "/usr/bin/update-alternatives", + "/usr/lib/systemd/system/dpkg-db-backup.service", + "/usr/lib/systemd/system/dpkg-db-backup.timer", + "/usr/libexec/dpkg/dpkg-db-backup", + "/usr/libexec/dpkg/dpkg-db-keeper", + "/usr/sbin/start-stop-daemon", + "/usr/share/doc/dpkg/AUTHORS", + "/usr/share/doc/dpkg/README.api", + "/usr/share/doc/dpkg/README.bug-usertags.gz", + "/usr/share/doc/dpkg/README.feature-removal-schedule.gz", + "/usr/share/doc/dpkg/THANKS.gz", + "/usr/share/doc/dpkg/changelog.gz", + "/usr/share/doc/dpkg/copyright", + "/usr/share/dpkg/abitable", + "/usr/share/dpkg/cputable", + "/usr/share/dpkg/ostable", + "/usr/share/dpkg/sh/dpkg-error.sh", + "/usr/share/dpkg/tupletable", + "/usr/share/lintian/overrides/dpkg", + "/usr/share/lintian/profiles/dpkg/main.profile", + "/usr/share/locale/ast/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/bs/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ca/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/cs/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/da/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/de/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/dz/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/el/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/eo/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/es/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/et/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/eu/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/fr/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/gl/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/hu/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/id/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/it/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ja/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/km/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ko/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ku/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/lt/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/mr/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/nb/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ne/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/nl/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/nn/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/oc/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/pa/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/pl/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/pt/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ro/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ru/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/sk/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/sv/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/th/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/tl/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/tr/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/vi/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/dpkg.mo", + "/usr/share/man/de/man1/dpkg-deb.1.gz", + "/usr/share/man/de/man1/dpkg-divert.1.gz", + "/usr/share/man/de/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/de/man1/dpkg-query.1.gz", + "/usr/share/man/de/man1/dpkg-realpath.1.gz", + "/usr/share/man/de/man1/dpkg-split.1.gz", + "/usr/share/man/de/man1/dpkg-statoverride.1.gz", + "/usr/share/man/de/man1/dpkg-trigger.1.gz", + "/usr/share/man/de/man1/dpkg.1.gz", + "/usr/share/man/de/man1/update-alternatives.1.gz", + "/usr/share/man/de/man5/dpkg.cfg.5.gz", + "/usr/share/man/de/man8/start-stop-daemon.8.gz", + "/usr/share/man/es/man5/dpkg.cfg.5.gz", + "/usr/share/man/fr/man1/dpkg-divert.1.gz", + "/usr/share/man/fr/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/fr/man1/dpkg-query.1.gz", + "/usr/share/man/fr/man1/dpkg-realpath.1.gz", + "/usr/share/man/fr/man1/dpkg-split.1.gz", + "/usr/share/man/fr/man1/dpkg-trigger.1.gz", + "/usr/share/man/fr/man1/update-alternatives.1.gz", + "/usr/share/man/fr/man5/dpkg.cfg.5.gz", + "/usr/share/man/fr/man8/start-stop-daemon.8.gz", + "/usr/share/man/it/man5/dpkg.cfg.5.gz", + "/usr/share/man/ja/man5/dpkg.cfg.5.gz", + "/usr/share/man/man1/dpkg-deb.1.gz", + "/usr/share/man/man1/dpkg-divert.1.gz", + "/usr/share/man/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/man1/dpkg-query.1.gz", + "/usr/share/man/man1/dpkg-realpath.1.gz", + "/usr/share/man/man1/dpkg-split.1.gz", + "/usr/share/man/man1/dpkg-statoverride.1.gz", + "/usr/share/man/man1/dpkg-trigger.1.gz", + "/usr/share/man/man1/dpkg.1.gz", + "/usr/share/man/man1/update-alternatives.1.gz", + "/usr/share/man/man5/dpkg.cfg.5.gz", + "/usr/share/man/man8/start-stop-daemon.8.gz", + "/usr/share/man/nl/man1/dpkg-deb.1.gz", + "/usr/share/man/nl/man1/dpkg-divert.1.gz", + "/usr/share/man/nl/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/nl/man1/dpkg-query.1.gz", + "/usr/share/man/nl/man1/dpkg-realpath.1.gz", + "/usr/share/man/nl/man1/dpkg-split.1.gz", + "/usr/share/man/nl/man1/dpkg-statoverride.1.gz", + "/usr/share/man/nl/man1/dpkg-trigger.1.gz", + "/usr/share/man/nl/man1/dpkg.1.gz", + "/usr/share/man/nl/man1/update-alternatives.1.gz", + "/usr/share/man/nl/man5/dpkg.cfg.5.gz", + "/usr/share/man/nl/man8/start-stop-daemon.8.gz", + "/usr/share/man/pl/man5/dpkg.cfg.5.gz", + "/usr/share/man/pt/man1/dpkg-deb.1.gz", + "/usr/share/man/pt/man1/dpkg-divert.1.gz", + "/usr/share/man/pt/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/pt/man1/dpkg-query.1.gz", + "/usr/share/man/pt/man1/dpkg-realpath.1.gz", + "/usr/share/man/pt/man1/dpkg-split.1.gz", + "/usr/share/man/pt/man1/dpkg-statoverride.1.gz", + "/usr/share/man/pt/man1/dpkg-trigger.1.gz", + "/usr/share/man/pt/man1/dpkg.1.gz", + "/usr/share/man/pt/man1/update-alternatives.1.gz", + "/usr/share/man/pt/man5/dpkg.cfg.5.gz", + "/usr/share/man/pt/man8/start-stop-daemon.8.gz", + "/usr/share/man/sv/man1/dpkg-deb.1.gz", + "/usr/share/man/sv/man1/dpkg-divert.1.gz", + "/usr/share/man/sv/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/sv/man1/dpkg-query.1.gz", + "/usr/share/man/sv/man1/dpkg-realpath.1.gz", + "/usr/share/man/sv/man1/dpkg-split.1.gz", + "/usr/share/man/sv/man1/dpkg-statoverride.1.gz", + "/usr/share/man/sv/man1/dpkg-trigger.1.gz", + "/usr/share/man/sv/man1/dpkg.1.gz", + "/usr/share/man/sv/man1/update-alternatives.1.gz", + "/usr/share/man/sv/man5/dpkg.cfg.5.gz", + "/usr/share/man/sv/man8/start-stop-daemon.8.gz", + "/usr/share/polkit-1/actions/org.dpkg.pkexec.update-alternatives.policy" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "findutils@4.10.0-3", + "Name": "findutils", + "Identifier": { + "PURL": "pkg:deb/debian/findutils@4.10.0-3?arch=amd64\u0026distro=debian-13.5", + "UID": "12e741692291b42a" + }, + "Version": "4.10.0", + "Release": "3", + "Arch": "amd64", + "SrcName": "findutils", + "SrcVersion": "4.10.0", + "SrcRelease": "3", + "Licenses": [ + "GFDL-1.3-no-invariants-or-later", + "GPL-3.0-or-later", + "FSFAP", + "GPL-2+ with Autoconf-data exception", + "GPL-3+ with Autoconf-data exception", + "FSFULLR", + "GPL-2.0-or-later", + "X11", + "public-domain", + "LGPL-2.1-or-later", + "GPL with automake exception", + "LGPL-2.0-or-later", + "LGPL-3.0-or-later", + "BSD-3-Clause", + "GPL-3+ with Bison-2.2 exception", + "LGPL-3.0-only", + "ISC", + "GFDL-1.3-only", + "GPL-2.0-only", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Andreas Metzler \u003cametzler@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/find", + "/usr/bin/xargs", + "/usr/share/doc-base/findutils.findutils", + "/usr/share/doc/findutils/NEWS.gz", + "/usr/share/doc/findutils/README.gz", + "/usr/share/doc/findutils/TODO", + "/usr/share/doc/findutils/changelog.Debian.gz", + "/usr/share/doc/findutils/changelog.gz", + "/usr/share/doc/findutils/copyright", + "/usr/share/info/find-maint.info.gz", + "/usr/share/info/find.info.gz", + "/usr/share/locale/be/LC_MESSAGES/findutils.mo", + "/usr/share/locale/bg/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ca/LC_MESSAGES/findutils.mo", + "/usr/share/locale/cs/LC_MESSAGES/findutils.mo", + "/usr/share/locale/da/LC_MESSAGES/findutils.mo", + "/usr/share/locale/de/LC_MESSAGES/findutils.mo", + "/usr/share/locale/el/LC_MESSAGES/findutils.mo", + "/usr/share/locale/eo/LC_MESSAGES/findutils.mo", + "/usr/share/locale/es/LC_MESSAGES/findutils.mo", + "/usr/share/locale/et/LC_MESSAGES/findutils.mo", + "/usr/share/locale/fi/LC_MESSAGES/findutils.mo", + "/usr/share/locale/fr/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ga/LC_MESSAGES/findutils.mo", + "/usr/share/locale/gl/LC_MESSAGES/findutils.mo", + "/usr/share/locale/hr/LC_MESSAGES/findutils.mo", + "/usr/share/locale/hu/LC_MESSAGES/findutils.mo", + "/usr/share/locale/id/LC_MESSAGES/findutils.mo", + "/usr/share/locale/it/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ja/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ka/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ko/LC_MESSAGES/findutils.mo", + "/usr/share/locale/lg/LC_MESSAGES/findutils.mo", + "/usr/share/locale/lt/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ms/LC_MESSAGES/findutils.mo", + "/usr/share/locale/nb/LC_MESSAGES/findutils.mo", + "/usr/share/locale/nl/LC_MESSAGES/findutils.mo", + "/usr/share/locale/pl/LC_MESSAGES/findutils.mo", + "/usr/share/locale/pt/LC_MESSAGES/findutils.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ro/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ru/LC_MESSAGES/findutils.mo", + "/usr/share/locale/sk/LC_MESSAGES/findutils.mo", + "/usr/share/locale/sl/LC_MESSAGES/findutils.mo", + "/usr/share/locale/sr/LC_MESSAGES/findutils.mo", + "/usr/share/locale/sv/LC_MESSAGES/findutils.mo", + "/usr/share/locale/tr/LC_MESSAGES/findutils.mo", + "/usr/share/locale/uk/LC_MESSAGES/findutils.mo", + "/usr/share/locale/vi/LC_MESSAGES/findutils.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/findutils.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/findutils.mo", + "/usr/share/man/man1/find.1.gz", + "/usr/share/man/man1/xargs.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "gcc-14-base@14.2.0-19", + "Name": "gcc-14-base", + "Identifier": { + "PURL": "pkg:deb/debian/gcc-14-base@14.2.0-19?arch=amd64\u0026distro=debian-13.5", + "UID": "371c061d08215a1b" + }, + "Version": "14.2.0", + "Release": "19", + "Arch": "amd64", + "SrcName": "gcc-14", + "SrcVersion": "14.2.0", + "SrcRelease": "19", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-3.0-only", + "GFDL-1.2-only", + "Artistic-2.0", + "LGPL-2.0-or-later" + ], + "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/share/doc/gcc-14-base/README.Debian.amd64.gz", + "/usr/share/doc/gcc-14-base/TODO.Debian", + "/usr/share/doc/gcc-14-base/changelog.Debian.gz", + "/usr/share/doc/gcc-14-base/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "grep@3.11-4", + "Name": "grep", + "Identifier": { + "PURL": "pkg:deb/debian/grep@3.11-4?arch=amd64\u0026distro=debian-13.5", + "UID": "6ce8b4eed9c0d137" + }, + "Version": "3.11", + "Release": "4", + "Arch": "amd64", + "SrcName": "grep", + "SrcVersion": "3.11", + "SrcRelease": "4", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only" + ], + "Maintainer": "Anibal Monsalve Salazar \u003canibal@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/egrep", + "/usr/bin/fgrep", + "/usr/bin/grep", + "/usr/bin/rgrep", + "/usr/share/doc/grep/AUTHORS", + "/usr/share/doc/grep/NEWS.Debian.gz", + "/usr/share/doc/grep/NEWS.gz", + "/usr/share/doc/grep/README", + "/usr/share/doc/grep/THANKS.gz", + "/usr/share/doc/grep/TODO.gz", + "/usr/share/doc/grep/changelog.Debian.gz", + "/usr/share/doc/grep/changelog.gz", + "/usr/share/doc/grep/copyright", + "/usr/share/info/grep.info.gz", + "/usr/share/locale/af/LC_MESSAGES/grep.mo", + "/usr/share/locale/be/LC_MESSAGES/grep.mo", + "/usr/share/locale/bg/LC_MESSAGES/grep.mo", + "/usr/share/locale/ca/LC_MESSAGES/grep.mo", + "/usr/share/locale/cs/LC_MESSAGES/grep.mo", + "/usr/share/locale/da/LC_MESSAGES/grep.mo", + "/usr/share/locale/de/LC_MESSAGES/grep.mo", + "/usr/share/locale/el/LC_MESSAGES/grep.mo", + "/usr/share/locale/eo/LC_MESSAGES/grep.mo", + "/usr/share/locale/es/LC_MESSAGES/grep.mo", + "/usr/share/locale/et/LC_MESSAGES/grep.mo", + "/usr/share/locale/eu/LC_MESSAGES/grep.mo", + "/usr/share/locale/fi/LC_MESSAGES/grep.mo", + "/usr/share/locale/fr/LC_MESSAGES/grep.mo", + "/usr/share/locale/ga/LC_MESSAGES/grep.mo", + "/usr/share/locale/gl/LC_MESSAGES/grep.mo", + "/usr/share/locale/he/LC_MESSAGES/grep.mo", + "/usr/share/locale/hr/LC_MESSAGES/grep.mo", + "/usr/share/locale/hu/LC_MESSAGES/grep.mo", + "/usr/share/locale/id/LC_MESSAGES/grep.mo", + "/usr/share/locale/it/LC_MESSAGES/grep.mo", + "/usr/share/locale/ja/LC_MESSAGES/grep.mo", + "/usr/share/locale/ka/LC_MESSAGES/grep.mo", + "/usr/share/locale/ko/LC_MESSAGES/grep.mo", + "/usr/share/locale/ky/LC_MESSAGES/grep.mo", + "/usr/share/locale/lt/LC_MESSAGES/grep.mo", + "/usr/share/locale/nb/LC_MESSAGES/grep.mo", + "/usr/share/locale/nl/LC_MESSAGES/grep.mo", + "/usr/share/locale/pa/LC_MESSAGES/grep.mo", + "/usr/share/locale/pl/LC_MESSAGES/grep.mo", + "/usr/share/locale/pt/LC_MESSAGES/grep.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/grep.mo", + "/usr/share/locale/ro/LC_MESSAGES/grep.mo", + "/usr/share/locale/ru/LC_MESSAGES/grep.mo", + "/usr/share/locale/sk/LC_MESSAGES/grep.mo", + "/usr/share/locale/sl/LC_MESSAGES/grep.mo", + "/usr/share/locale/sr/LC_MESSAGES/grep.mo", + "/usr/share/locale/sv/LC_MESSAGES/grep.mo", + "/usr/share/locale/ta/LC_MESSAGES/grep.mo", + "/usr/share/locale/th/LC_MESSAGES/grep.mo", + "/usr/share/locale/tr/LC_MESSAGES/grep.mo", + "/usr/share/locale/uk/LC_MESSAGES/grep.mo", + "/usr/share/locale/vi/LC_MESSAGES/grep.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/grep.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/grep.mo", + "/usr/share/man/man1/grep.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "gzip@1.13-1", + "Name": "gzip", + "Identifier": { + "PURL": "pkg:deb/debian/gzip@1.13-1?arch=amd64\u0026distro=debian-13.5", + "UID": "954545ce99bc687e" + }, + "Version": "1.13", + "Release": "1", + "Arch": "amd64", + "SrcName": "gzip", + "SrcVersion": "1.13", + "SrcRelease": "1", + "Licenses": [ + "GPL-3.0-or-later", + "GFDL-1.3+-no-invariant", + "FSF-manpages", + "GPL-3.0-only", + "GFDL-3" + ], + "Maintainer": "Milan Kupcevic \u003cmilan@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/gunzip", + "/usr/bin/gzexe", + "/usr/bin/gzip", + "/usr/bin/zcat", + "/usr/bin/zcmp", + "/usr/bin/zdiff", + "/usr/bin/zegrep", + "/usr/bin/zfgrep", + "/usr/bin/zforce", + "/usr/bin/zgrep", + "/usr/bin/zless", + "/usr/bin/zmore", + "/usr/bin/znew", + "/usr/share/doc/gzip/NEWS.gz", + "/usr/share/doc/gzip/README.gz", + "/usr/share/doc/gzip/TODO", + "/usr/share/doc/gzip/changelog.Debian.gz", + "/usr/share/doc/gzip/changelog.gz", + "/usr/share/doc/gzip/copyright", + "/usr/share/info/gzip.info.gz", + "/usr/share/man/man1/gzexe.1.gz", + "/usr/share/man/man1/gzip.1.gz", + "/usr/share/man/man1/zdiff.1.gz", + "/usr/share/man/man1/zforce.1.gz", + "/usr/share/man/man1/zgrep.1.gz", + "/usr/share/man/man1/zless.1.gz", + "/usr/share/man/man1/zmore.1.gz", + "/usr/share/man/man1/znew.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "hostname@3.25", + "Name": "hostname", + "Identifier": { + "PURL": "pkg:deb/debian/hostname@3.25?arch=amd64\u0026distro=debian-13.5", + "UID": "641772722328aedf" + }, + "Version": "3.25", + "Arch": "amd64", + "SrcName": "hostname", + "SrcVersion": "3.25", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Michael Meskes \u003cmeskes@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/hostname", + "/usr/share/doc/hostname/changelog.gz", + "/usr/share/doc/hostname/copyright", + "/usr/share/man/man1/hostname.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "init-system-helpers@1.69~deb13u1", + "Name": "init-system-helpers", + "Identifier": { + "PURL": "pkg:deb/debian/init-system-helpers@1.69~deb13u1?arch=all\u0026distro=debian-13.5", + "UID": "cb52819ec2f1a236" + }, + "Version": "1.69~deb13u1", + "Arch": "all", + "SrcName": "init-system-helpers", + "SrcVersion": "1.69~deb13u1", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/deb-systemd-helper", + "/usr/bin/deb-systemd-invoke", + "/usr/sbin/invoke-rc.d", + "/usr/sbin/service", + "/usr/sbin/update-rc.d", + "/usr/share/bug/init-system-helpers/control", + "/usr/share/doc/init-system-helpers/README.invoke-rc.d.gz", + "/usr/share/doc/init-system-helpers/README.policy-rc.d.gz", + "/usr/share/doc/init-system-helpers/changelog.gz", + "/usr/share/doc/init-system-helpers/copyright", + "/usr/share/lintian/overrides/init-system-helpers", + "/usr/share/man/man1/deb-systemd-helper.1p.gz", + "/usr/share/man/man1/deb-systemd-invoke.1p.gz", + "/usr/share/man/man8/invoke-rc.d.8.gz", + "/usr/share/man/man8/service.8.gz", + "/usr/share/man/man8/update-rc.d.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libacl1@2.3.2-2+b1", + "Name": "libacl1", + "Identifier": { + "PURL": "pkg:deb/debian/libacl1@2.3.2-2%2Bb1?arch=amd64\u0026distro=debian-13.5", + "UID": "f9f7789d147b9636" + }, + "Version": "2.3.2", + "Release": "2+b1", + "Arch": "amd64", + "SrcName": "acl", + "SrcVersion": "2.3.2", + "SrcRelease": "2", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.0-or-later", + "LGPL-2.1-only" + ], + "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libacl.so.1.1.2302", + "/usr/share/doc/libacl1/changelog.Debian.amd64.gz", + "/usr/share/doc/libacl1/changelog.Debian.gz", + "/usr/share/doc/libacl1/changelog.gz", + "/usr/share/doc/libacl1/copyright", + "/usr/share/lintian/overrides/libacl1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libapt-pkg7.0@3.0.3", + "Name": "libapt-pkg7.0", + "Identifier": { + "PURL": "pkg:deb/debian/libapt-pkg7.0@3.0.3?arch=amd64\u0026distro=debian-13.5", + "UID": "5549812c55d79bea" + }, + "Version": "3.0.3", + "Arch": "amd64", + "SrcName": "apt", + "SrcVersion": "3.0.3", + "Licenses": [ + "GPL-2.0-or-later", + "curl", + "BSD-3-Clause", + "MIT", + "GPL-2.0-only" + ], + "Maintainer": "APT Development Team \u003cdeity@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libbz2-1.0@1.0.8-6", + "libc6@2.41-12+deb13u3", + "libgcc-s1@14.2.0-19", + "liblz4-1@1.10.0-4", + "liblzma5@5.8.1-1", + "libssl3t64@3.5.6-1~deb13u1", + "libstdc++6@14.2.0-19", + "libsystemd0@257.13-1~deb13u1", + "libudev1@257.13-1~deb13u1", + "libxxhash0@0.8.3-2", + "libzstd1@1.5.7+dfsg-1", + "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libapt-pkg.so.7.0.0", + "/usr/share/doc/libapt-pkg7.0/NEWS.Debian.gz", + "/usr/share/doc/libapt-pkg7.0/changelog.gz", + "/usr/share/doc/libapt-pkg7.0/copyright", + "/usr/share/locale/ar/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ast/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/bg/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/bs/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ca/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/cs/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/cy/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/da/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/de/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/dz/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/el/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/es/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/eu/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/fi/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/fr/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/gl/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/hu/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/it/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ja/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/km/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ko/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ku/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/lt/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/mr/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/nb/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ne/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/nl/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/nn/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/pl/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/pt/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ro/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ru/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/sk/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/sl/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/sv/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/th/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/tl/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/tr/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/uk/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/vi/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/libapt-pkg7.0.mo" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libattr1@1:2.5.2-3", + "Name": "libattr1", + "Identifier": { + "PURL": "pkg:deb/debian/libattr1@2.5.2-3?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "90d554a582a8683b" + }, + "Version": "2.5.2", + "Release": "3", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "attr", + "SrcVersion": "2.5.2", + "SrcRelease": "3", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.0-or-later", + "LGPL-2.1-only" + ], + "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libattr.so.1.1.2502", + "/usr/share/doc/libattr1/changelog.Debian.gz", + "/usr/share/doc/libattr1/changelog.gz", + "/usr/share/doc/libattr1/copyright", + "/usr/share/lintian/overrides/libattr1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libaudit-common@1:4.0.2-2", + "Name": "libaudit-common", + "Identifier": { + "PURL": "pkg:deb/debian/libaudit-common@4.0.2-2?arch=all\u0026distro=debian-13.5\u0026epoch=1", + "UID": "d20cd9a11d8e018d" + }, + "Version": "4.0.2", + "Release": "2", + "Epoch": 1, + "Arch": "all", + "SrcName": "audit", + "SrcVersion": "4.0.2", + "SrcRelease": "2", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.1-only", + "GPL-1.0-only" + ], + "Maintainer": "Laurent Bigonville \u003cbigon@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/share/doc/libaudit-common/changelog.Debian.gz", + "/usr/share/doc/libaudit-common/changelog.gz", + "/usr/share/doc/libaudit-common/copyright", + "/usr/share/man/man5/libaudit.conf.5.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libaudit1@1:4.0.2-2+b2", + "Name": "libaudit1", + "Identifier": { + "PURL": "pkg:deb/debian/libaudit1@4.0.2-2%2Bb2?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "c47a55b8e27ace3c" + }, + "Version": "4.0.2", + "Release": "2+b2", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "audit", + "SrcVersion": "4.0.2", + "SrcRelease": "2", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.1-only", + "GPL-1.0-only" + ], + "Maintainer": "Laurent Bigonville \u003cbigon@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit-common@1:4.0.2-2", + "libc6@2.41-12+deb13u3", + "libcap-ng0@0.8.5-4+b1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libaudit.so.1.0.0", + "/usr/share/doc/libaudit1/changelog.Debian.amd64.gz", + "/usr/share/doc/libaudit1/changelog.Debian.gz", + "/usr/share/doc/libaudit1/changelog.gz", + "/usr/share/doc/libaudit1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libblkid1@2.41-5", + "Name": "libblkid1", + "Identifier": { + "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "51bf0af8d40f4a01" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libblkid.so.1.1.0", + "/usr/share/doc/libblkid1/NEWS.Debian.gz", + "/usr/share/doc/libblkid1/changelog.Debian.gz", + "/usr/share/doc/libblkid1/changelog.gz", + "/usr/share/doc/libblkid1/copyright", + "/usr/share/lintian/overrides/libblkid1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libbsd0@0.12.2-2", + "Name": "libbsd0", + "Identifier": { + "PURL": "pkg:deb/debian/libbsd0@0.12.2-2?arch=amd64\u0026distro=debian-13.5", + "UID": "a8f4afa42f768363" + }, + "Version": "0.12.2", + "Release": "2", + "Arch": "amd64", + "SrcName": "libbsd", + "SrcVersion": "0.12.2", + "SrcRelease": "2", + "Licenses": [ + "BSD-3-Clause", + "BSD-3-clause-Regents", + "BSD-2-Clause-NetBSD", + "BSD-3-clause-author", + "BSD-3-clause-John-Birrell", + "BSD-5-clause-Peter-Wemm", + "BSD-2-Clause", + "BSD-2-clause-verbatim", + "BSD-2-clause-author", + "ISC", + "ISC-Original", + "MIT", + "public-domain", + "Beerware" + ], + "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libmd0@1.1.0-2+b1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libbsd.so.0.12.2", + "/usr/share/doc/libbsd0/changelog.Debian.gz", + "/usr/share/doc/libbsd0/changelog.gz", + "/usr/share/doc/libbsd0/copyright", + "/usr/share/lintian/overrides/libbsd0" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libbz2-1.0@1.0.8-6", + "Name": "libbz2-1.0", + "Identifier": { + "PURL": "pkg:deb/debian/libbz2-1.0@1.0.8-6?arch=amd64\u0026distro=debian-13.5", + "UID": "2da429aca83dde92" + }, + "Version": "1.0.8", + "Release": "6", + "Arch": "amd64", + "SrcName": "bzip2", + "SrcVersion": "1.0.8", + "SrcRelease": "6", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only" + ], + "Maintainer": "Anibal Monsalve Salazar \u003canibal@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libbz2.so.1.0.4", + "/usr/share/doc/libbz2-1.0/changelog.Debian.gz", + "/usr/share/doc/libbz2-1.0/changelog.gz", + "/usr/share/doc/libbz2-1.0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libc-bin@2.41-12+deb13u3", + "Name": "libc-bin", + "Identifier": { + "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "c45af597301c8c0b" + }, + "Version": "2.41", + "Release": "12+deb13u3", + "Arch": "amd64", + "SrcName": "glibc", + "SrcVersion": "2.41", + "SrcRelease": "12+deb13u3", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.0-or-later", + "LGPL-2.1+-with-link-exception", + "LGPL-3.0-or-later", + "GPL-2.0-or-later", + "GPL-2+-with-link-exception", + "GPL-2.0-only", + "GPL-3.0-or-later", + "FSFAP", + "Carnegie", + "Inner-Net", + "MIT-like-Lord", + "BSD-like-Spencer", + "PCRE", + "BSD-3-clause-Carnegie", + "Unicode-DFS-2016", + "BSL-1.0", + "SunPro", + "CORE-MATH", + "BSD-3-clause-Berkeley", + "BSD-3-clause-WIDE", + "BSD-2-Clause", + "BSD-3-clause-Oracle", + "DEC", + "IBM", + "ISC", + "Univ-Coimbra", + "public-domain", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/getconf", + "/usr/bin/getent", + "/usr/bin/iconv", + "/usr/bin/ldd", + "/usr/bin/locale", + "/usr/bin/localedef", + "/usr/bin/pldd", + "/usr/bin/tzselect", + "/usr/bin/zdump", + "/usr/lib/locale/C.utf8/LC_ADDRESS", + "/usr/lib/locale/C.utf8/LC_COLLATE", + "/usr/lib/locale/C.utf8/LC_CTYPE", + "/usr/lib/locale/C.utf8/LC_IDENTIFICATION", + "/usr/lib/locale/C.utf8/LC_MEASUREMENT", + "/usr/lib/locale/C.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "/usr/lib/locale/C.utf8/LC_MONETARY", + "/usr/lib/locale/C.utf8/LC_NAME", + "/usr/lib/locale/C.utf8/LC_NUMERIC", + "/usr/lib/locale/C.utf8/LC_PAPER", + "/usr/lib/locale/C.utf8/LC_TELEPHONE", + "/usr/lib/locale/C.utf8/LC_TIME", + "/usr/sbin/iconvconfig", + "/usr/sbin/ldconfig", + "/usr/sbin/zic", + "/usr/share/doc/libc-bin/changelog.Debian.gz", + "/usr/share/doc/libc-bin/changelog.gz", + "/usr/share/doc/libc-bin/copyright", + "/usr/share/libc-bin/nsswitch.conf", + "/usr/share/lintian/overrides/libc-bin", + "/usr/share/man/man1/getconf.1.gz", + "/usr/share/man/man1/tzselect.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libc6@2.41-12+deb13u3", + "Name": "libc6", + "Identifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "2a1acf211abcdd46" + }, + "Version": "2.41", + "Release": "12+deb13u3", + "Arch": "amd64", + "SrcName": "glibc", + "SrcVersion": "2.41", + "SrcRelease": "12+deb13u3", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.0-or-later", + "LGPL-2.1+-with-link-exception", + "LGPL-3.0-or-later", + "GPL-2.0-or-later", + "GPL-2+-with-link-exception", + "GPL-2.0-only", + "GPL-3.0-or-later", + "FSFAP", + "Carnegie", + "Inner-Net", + "MIT-like-Lord", + "BSD-like-Spencer", + "PCRE", + "BSD-3-clause-Carnegie", + "Unicode-DFS-2016", + "BSL-1.0", + "SunPro", + "CORE-MATH", + "BSD-3-clause-Berkeley", + "BSD-3-clause-WIDE", + "BSD-2-Clause", + "BSD-3-clause-Oracle", + "DEC", + "IBM", + "ISC", + "Univ-Coimbra", + "public-domain", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libgcc-s1@14.2.0-19" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/gconv/ANSI_X3.110.so", + "/usr/lib/x86_64-linux-gnu/gconv/ARMSCII-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/ASMO_449.so", + "/usr/lib/x86_64-linux-gnu/gconv/BIG5.so", + "/usr/lib/x86_64-linux-gnu/gconv/BIG5HKSCS.so", + "/usr/lib/x86_64-linux-gnu/gconv/BRF.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP10007.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1125.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1250.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1251.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1252.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1253.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1254.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1255.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1256.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1257.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1258.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP737.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP770.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP771.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP772.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP773.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP774.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP775.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP932.so", + "/usr/lib/x86_64-linux-gnu/gconv/CSN_369103.so", + "/usr/lib/x86_64-linux-gnu/gconv/CWI.so", + "/usr/lib/x86_64-linux-gnu/gconv/DEC-MCS.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-CA-FR.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-S.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FR.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IS-FRISS.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IT.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-PT.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-UK.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-US.so", + "/usr/lib/x86_64-linux-gnu/gconv/ECMA-CYRILLIC.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-CN.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-JISX0213.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP-MS.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-KR.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-TW.so", + "/usr/lib/x86_64-linux-gnu/gconv/GB18030.so", + "/usr/lib/x86_64-linux-gnu/gconv/GBBIG5.so", + "/usr/lib/x86_64-linux-gnu/gconv/GBGBK.so", + "/usr/lib/x86_64-linux-gnu/gconv/GBK.so", + "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-ACADEMY.so", + "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-PS.so", + "/usr/lib/x86_64-linux-gnu/gconv/GOST_19768-74.so", + "/usr/lib/x86_64-linux-gnu/gconv/GREEK-CCITT.so", + "/usr/lib/x86_64-linux-gnu/gconv/GREEK7-OLD.so", + "/usr/lib/x86_64-linux-gnu/gconv/GREEK7.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-GREEK8.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN8.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN9.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-THAI8.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-TURKISH8.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM037.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM038.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1004.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1008.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1008_420.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1025.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1026.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1046.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1047.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1097.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1112.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1122.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1123.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1124.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1129.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1130.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1132.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1133.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1137.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1140.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1141.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1142.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1143.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1144.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1145.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1146.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1147.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1148.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1149.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1153.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1154.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1155.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1156.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1157.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1158.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1160.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1161.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1162.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1163.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1164.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1166.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1167.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM12712.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1364.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1371.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1388.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1390.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1399.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM16804.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM256.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM273.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM274.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM275.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM277.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM278.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM280.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM281.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM284.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM285.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM290.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM297.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM420.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM423.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM424.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM437.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4517.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4899.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4909.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4971.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM500.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM5347.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM803.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM850.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM851.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM852.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM855.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM856.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM857.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM858.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM860.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM861.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM862.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM863.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM864.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM865.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM866.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM866NAV.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM868.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM869.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM870.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM871.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM874.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM875.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM880.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM891.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM901.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM902.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM903.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM9030.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM904.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM905.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM9066.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM918.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM921.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM922.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM930.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM932.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM933.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM935.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM937.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM939.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM943.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM9448.so", + "/usr/lib/x86_64-linux-gnu/gconv/IEC_P27-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/INIS-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/INIS-CYRILLIC.so", + "/usr/lib/x86_64-linux-gnu/gconv/INIS.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISIRI-3342.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN-EXT.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP-3.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-KR.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-197.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-209.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO646.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-10.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-11.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-13.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-14.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-15.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-16.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-2.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-3.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-4.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-5.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-6.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-7.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9E.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_10367-BOX.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_11548-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_2033.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427-EXT.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_5428.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937-2.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937.so", + "/usr/lib/x86_64-linux-gnu/gconv/JOHAB.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-R.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-RU.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-T.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-U.so", + "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-CENTRALEUROPE.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-IS.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-SAMI.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-UK.so", + "/usr/lib/x86_64-linux-gnu/gconv/MACINTOSH.so", + "/usr/lib/x86_64-linux-gnu/gconv/MIK.so", + "/usr/lib/x86_64-linux-gnu/gconv/NATS-DANO.so", + "/usr/lib/x86_64-linux-gnu/gconv/NATS-SEFI.so", + "/usr/lib/x86_64-linux-gnu/gconv/PT154.so", + "/usr/lib/x86_64-linux-gnu/gconv/RK1048.so", + "/usr/lib/x86_64-linux-gnu/gconv/SAMI-WS2.so", + "/usr/lib/x86_64-linux-gnu/gconv/SHIFT_JISX0213.so", + "/usr/lib/x86_64-linux-gnu/gconv/SJIS.so", + "/usr/lib/x86_64-linux-gnu/gconv/T.61.so", + "/usr/lib/x86_64-linux-gnu/gconv/TCVN5712-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/TIS-620.so", + "/usr/lib/x86_64-linux-gnu/gconv/TSCII.so", + "/usr/lib/x86_64-linux-gnu/gconv/UHC.so", + "/usr/lib/x86_64-linux-gnu/gconv/UNICODE.so", + "/usr/lib/x86_64-linux-gnu/gconv/UTF-16.so", + "/usr/lib/x86_64-linux-gnu/gconv/UTF-32.so", + "/usr/lib/x86_64-linux-gnu/gconv/UTF-7.so", + "/usr/lib/x86_64-linux-gnu/gconv/VISCII.so", + "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules", + "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache", + "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.d/gconv-modules-extra.conf", + "/usr/lib/x86_64-linux-gnu/gconv/libCNS.so", + "/usr/lib/x86_64-linux-gnu/gconv/libGB.so", + "/usr/lib/x86_64-linux-gnu/gconv/libISOIR165.so", + "/usr/lib/x86_64-linux-gnu/gconv/libJIS.so", + "/usr/lib/x86_64-linux-gnu/gconv/libJISX0213.so", + "/usr/lib/x86_64-linux-gnu/gconv/libKSC.so", + "/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2", + "/usr/lib/x86_64-linux-gnu/libBrokenLocale.so.1", + "/usr/lib/x86_64-linux-gnu/libanl.so.1", + "/usr/lib/x86_64-linux-gnu/libc.so.6", + "/usr/lib/x86_64-linux-gnu/libc_malloc_debug.so.0", + "/usr/lib/x86_64-linux-gnu/libdl.so.2", + "/usr/lib/x86_64-linux-gnu/libm.so.6", + "/usr/lib/x86_64-linux-gnu/libmemusage.so", + "/usr/lib/x86_64-linux-gnu/libmvec.so.1", + "/usr/lib/x86_64-linux-gnu/libnsl.so.1", + "/usr/lib/x86_64-linux-gnu/libnss_compat.so.2", + "/usr/lib/x86_64-linux-gnu/libnss_dns.so.2", + "/usr/lib/x86_64-linux-gnu/libnss_files.so.2", + "/usr/lib/x86_64-linux-gnu/libnss_hesiod.so.2", + "/usr/lib/x86_64-linux-gnu/libpcprofile.so", + "/usr/lib/x86_64-linux-gnu/libpthread.so.0", + "/usr/lib/x86_64-linux-gnu/libresolv.so.2", + "/usr/lib/x86_64-linux-gnu/librt.so.1", + "/usr/lib/x86_64-linux-gnu/libthread_db.so.1", + "/usr/lib/x86_64-linux-gnu/libutil.so.1", + "/usr/share/doc/libc6/NEWS.Debian.gz", + "/usr/share/doc/libc6/NEWS.gz", + "/usr/share/doc/libc6/README.Debian.gz", + "/usr/share/doc/libc6/README.hesiod.gz", + "/usr/share/doc/libc6/changelog.Debian.gz", + "/usr/share/doc/libc6/changelog.gz", + "/usr/share/doc/libc6/copyright", + "/usr/share/lintian/overrides/libc6" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcap-ng0@0.8.5-4+b1", + "Name": "libcap-ng0", + "Identifier": { + "PURL": "pkg:deb/debian/libcap-ng0@0.8.5-4%2Bb1?arch=amd64\u0026distro=debian-13.5", + "UID": "9b7c2d5667513e48" + }, + "Version": "0.8.5", + "Release": "4+b1", + "Arch": "amd64", + "SrcName": "libcap-ng", + "SrcVersion": "0.8.5", + "SrcRelease": "4", + "Licenses": [ + "LGPL-2.1-or-later", + "GPL-2.0-or-later", + "GPL-3.0-only", + "LGPL-2.1-only", + "GPL-2.0-only" + ], + "Maintainer": "Håvard F. Aasen \u003chavard.f.aasen@pfft.no\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/libdrop_ambient.so.0.0.0", + "/usr/share/doc/libcap-ng0/changelog.Debian.amd64.gz", + "/usr/share/doc/libcap-ng0/changelog.Debian.gz", + "/usr/share/doc/libcap-ng0/changelog.gz", + "/usr/share/doc/libcap-ng0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcap2@1:2.75-10+deb13u1+b1", + "Name": "libcap2", + "Identifier": { + "PURL": "pkg:deb/debian/libcap2@2.75-10%2Bdeb13u1%2Bb1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "7cefa0399e4d88d4" + }, + "Version": "2.75", + "Release": "10+deb13u1+b1", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "libcap2", + "SrcVersion": "2.75", + "SrcRelease": "10+deb13u1", + "SrcEpoch": 1, + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only", + "GPL-2.0-or-later" + ], + "Maintainer": "Christian Kastner \u003cckk@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libcap.so.2.75", + "/usr/lib/x86_64-linux-gnu/libpsx.so.2.75", + "/usr/share/doc/libcap2/changelog.Debian.amd64.gz", + "/usr/share/doc/libcap2/changelog.Debian.gz", + "/usr/share/doc/libcap2/changelog.gz", + "/usr/share/doc/libcap2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcrypt1@1:4.4.38-1", + "Name": "libcrypt1", + "Identifier": { + "PURL": "pkg:deb/debian/libcrypt1@4.4.38-1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "afe984ba824f92ac" + }, + "Version": "4.4.38", + "Release": "1", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "libxcrypt", + "SrcVersion": "4.4.38", + "SrcRelease": "1", + "SrcEpoch": 1, + "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0", + "/usr/share/doc/libcrypt1/changelog.Debian.gz", + "/usr/share/doc/libcrypt1/changelog.gz", + "/usr/share/doc/libcrypt1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libdb5.3t64@5.3.28+dfsg2-9", + "Name": "libdb5.3t64", + "Identifier": { + "PURL": "pkg:deb/debian/libdb5.3t64@5.3.28%2Bdfsg2-9?arch=amd64\u0026distro=debian-13.5", + "UID": "2f5f1c2fd77295dc" + }, + "Version": "5.3.28+dfsg2", + "Release": "9", + "Arch": "amd64", + "SrcName": "db5.3", + "SrcVersion": "5.3.28+dfsg2", + "SrcRelease": "9", + "Licenses": [ + "Sleepycat", + "BSD-3-Clause", + "MS-PL", + "GPL-2.0-or-later", + "Artistic-2.0", + "X11", + "MIT-old", + "TCL-like", + "BSD-3-clause-fjord", + "GPL-3.0-only", + "Zlib" + ], + "Maintainer": "Debian QA Group \u003cpackages@qa.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libdb-5.3.so", + "/usr/share/doc/libdb5.3t64/build_signature_amd64.txt", + "/usr/share/doc/libdb5.3t64/changelog.Debian.gz", + "/usr/share/doc/libdb5.3t64/copyright", + "/usr/share/lintian/overrides/libdb5.3t64" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libdebconfclient0@0.280", + "Name": "libdebconfclient0", + "Identifier": { + "PURL": "pkg:deb/debian/libdebconfclient0@0.280?arch=amd64\u0026distro=debian-13.5", + "UID": "fcad452fa456130" + }, + "Version": "0.280", + "Arch": "amd64", + "SrcName": "cdebconf", + "SrcVersion": "0.280", + "Licenses": [ + "BSD-2-Clause", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Debian Install System Team \u003cdebian-boot@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libdebconfclient.so.0.0.0", + "/usr/share/doc/libdebconfclient0/changelog.gz", + "/usr/share/doc/libdebconfclient0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libffi8@3.4.8-2", + "Name": "libffi8", + "Identifier": { + "PURL": "pkg:deb/debian/libffi8@3.4.8-2?arch=amd64\u0026distro=debian-13.5", + "UID": "e57a61a9119138e1" + }, + "Version": "3.4.8", + "Release": "2", + "Arch": "amd64", + "SrcName": "libffi", + "SrcVersion": "3.4.8", + "SrcRelease": "2", + "Licenses": [ + "MIT", + "X11", + "GPL-2.0-or-later", + "GPL-3.0-or-later", + "MPL-1.1", + "LGPL-2.1-or-later", + "public-domain" + ], + "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libffi.so.8.1.4", + "/usr/share/doc/libffi8/changelog.Debian.gz", + "/usr/share/doc/libffi8/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgcc-s1@14.2.0-19", + "Name": "libgcc-s1", + "Identifier": { + "PURL": "pkg:deb/debian/libgcc-s1@14.2.0-19?arch=amd64\u0026distro=debian-13.5", + "UID": "6ebf985ba3bd76f3" + }, + "Version": "14.2.0", + "Release": "19", + "Arch": "amd64", + "SrcName": "gcc-14", + "SrcVersion": "14.2.0", + "SrcRelease": "19", + "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "gcc-14-base@14.2.0-19", + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgcc_s.so.1", + "/usr/share/lintian/overrides/libgcc-s1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgdbm6t64@1.24-2", + "Name": "libgdbm6t64", + "Identifier": { + "PURL": "pkg:deb/debian/libgdbm6t64@1.24-2?arch=amd64\u0026distro=debian-13.5", + "UID": "a978781f1be6197e" + }, + "Version": "1.24", + "Release": "2", + "Arch": "amd64", + "SrcName": "gdbm", + "SrcVersion": "1.24", + "SrcRelease": "2", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-2.0-or-later", + "GFDL-1.3-no-invariants-or-later", + "GPL-3.0-only", + "GPL-2.0-only" + ], + "Maintainer": "Nicolas Mora \u003cbabelouest@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgdbm.so.6.0.0", + "/usr/share/doc/libgdbm6t64/changelog.Debian.gz", + "/usr/share/doc/libgdbm6t64/changelog.gz", + "/usr/share/doc/libgdbm6t64/copyright", + "/usr/share/lintian/overrides/libgdbm6t64" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgmp10@2:6.3.0+dfsg-3", + "Name": "libgmp10", + "Identifier": { + "PURL": "pkg:deb/debian/libgmp10@6.3.0%2Bdfsg-3?arch=amd64\u0026distro=debian-13.5\u0026epoch=2", + "UID": "fec85c1b440262e2" + }, + "Version": "6.3.0+dfsg", + "Release": "3", + "Epoch": 2, + "Arch": "amd64", + "SrcName": "gmp", + "SrcVersion": "6.3.0+dfsg", + "SrcRelease": "3", + "SrcEpoch": 2, + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-or-later", + "GPL-3+ with Bison exception", + "GPL-2.0-only", + "GPL-3.0-only", + "LGPL-3.0-only" + ], + "Maintainer": "Debian Science Maintainers \u003cdebian-science-maintainers@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgmp.so.10.5.0", + "/usr/share/doc/libgmp10/README.Debian", + "/usr/share/doc/libgmp10/changelog.Debian.gz", + "/usr/share/doc/libgmp10/changelog.gz", + "/usr/share/doc/libgmp10/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libhogweed6t64@3.10.1-1", + "Name": "libhogweed6t64", + "Identifier": { + "PURL": "pkg:deb/debian/libhogweed6t64@3.10.1-1?arch=amd64\u0026distro=debian-13.5", + "UID": "8a048285d77ff6c0" + }, + "Version": "3.10.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "nettle", + "SrcVersion": "3.10.1", + "SrcRelease": "1", + "Licenses": [ + "LGPL-3.0-or-later", + "GPL-2.0-or-later", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "MIT", + "GPL-3.0-with-autoconf-exception+", + "public-domain", + "GPL-2.0-only", + "GAP" + ], + "Maintainer": "Magnus Holmgren \u003cholmgren@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libgmp10@2:6.3.0+dfsg-3", + "libnettle8t64@3.10.1-1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libhogweed.so.6.10", + "/usr/share/doc/libhogweed6t64/changelog.Debian.gz", + "/usr/share/doc/libhogweed6t64/changelog.gz", + "/usr/share/doc/libhogweed6t64/copyright", + "/usr/share/lintian/overrides/libhogweed6t64" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "liblastlog2-2@2.41-5", + "Name": "liblastlog2-2", + "Identifier": { + "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "eb4f5430aea34a10" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libsqlite3-0@3.46.1-7+deb13u1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/liblastlog2.so.2.0.0", + "/usr/share/doc/liblastlog2-2/NEWS.Debian.gz", + "/usr/share/doc/liblastlog2-2/changelog.Debian.gz", + "/usr/share/doc/liblastlog2-2/changelog.gz", + "/usr/share/doc/liblastlog2-2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "liblz4-1@1.10.0-4", + "Name": "liblz4-1", + "Identifier": { + "PURL": "pkg:deb/debian/liblz4-1@1.10.0-4?arch=amd64\u0026distro=debian-13.5", + "UID": "c31b43410c927de" + }, + "Version": "1.10.0", + "Release": "4", + "Arch": "amd64", + "SrcName": "lz4", + "SrcVersion": "1.10.0", + "SrcRelease": "4", + "Licenses": [ + "GPL-2.0-or-later", + "BSD-2-Clause", + "GPL-2.0-only" + ], + "Maintainer": "Nobuhiro Iwamatsu \u003ciwamatsu@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libxxhash0@0.8.3-2" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/liblz4.so.1.10.0", + "/usr/share/doc/liblz4-1/changelog.Debian.gz", + "/usr/share/doc/liblz4-1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "liblzma5@5.8.1-1", + "Name": "liblzma5", + "Identifier": { + "PURL": "pkg:deb/debian/liblzma5@5.8.1-1?arch=amd64\u0026distro=debian-13.5", + "UID": "d7b58e04f1a265ed" + }, + "Version": "5.8.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "xz-utils", + "SrcVersion": "5.8.1", + "SrcRelease": "1", + "Licenses": [ + "0BSD", + "GPL-2.0-or-later", + "LGPL-2.1-or-later", + "FSFULLR", + "GPL-3.0-or-later-WITH-Autoconf-exception-macro", + "none", + "PD", + "permissive-nowarranty", + "FSFUL", + "noderivs", + "PD-debian", + "LGPL-2.1-only", + "GPL-2.0-only", + "GPL-3.0-only" + ], + "Maintainer": "Sebastian Andrzej Siewior \u003csebastian@breakpoint.cc\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/liblzma.so.5.8.1", + "/usr/share/doc/liblzma5/AUTHORS", + "/usr/share/doc/liblzma5/NEWS.gz", + "/usr/share/doc/liblzma5/THANKS.gz", + "/usr/share/doc/liblzma5/changelog.Debian.gz", + "/usr/share/doc/liblzma5/changelog.gz", + "/usr/share/doc/liblzma5/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libmd0@1.1.0-2+b1", + "Name": "libmd0", + "Identifier": { + "PURL": "pkg:deb/debian/libmd0@1.1.0-2%2Bb1?arch=amd64\u0026distro=debian-13.5", + "UID": "f3971c5b48c68b3c" + }, + "Version": "1.1.0", + "Release": "2+b1", + "Arch": "amd64", + "SrcName": "libmd", + "SrcVersion": "1.1.0", + "SrcRelease": "2", + "Licenses": [ + "BSD-3-Clause", + "BSD-3-clause-Aaron-D-Gifford", + "BSD-2-Clause", + "BSD-2-Clause-NetBSD", + "ISC", + "Beerware", + "public-domain-md4", + "public-domain-md5", + "public-domain-sha1" + ], + "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libmd.so.0.1.0", + "/usr/share/doc/libmd0/changelog.Debian.amd64.gz", + "/usr/share/doc/libmd0/changelog.Debian.gz", + "/usr/share/doc/libmd0/changelog.gz", + "/usr/share/doc/libmd0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libmount1@2.41-5", + "Name": "libmount1", + "Identifier": { + "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "84ccd0371833b76" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libblkid1@2.41-5", + "libc6@2.41-12+deb13u3", + "libselinux1@3.8.1-1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libmount.so.1.1.0", + "/usr/share/doc/libmount1/NEWS.Debian.gz", + "/usr/share/doc/libmount1/changelog.Debian.gz", + "/usr/share/doc/libmount1/changelog.gz", + "/usr/share/doc/libmount1/copyright", + "/usr/share/lintian/overrides/libmount1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libncursesw6@6.5+20250216-2", + "Name": "libncursesw6", + "Identifier": { + "PURL": "pkg:deb/debian/libncursesw6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", + "UID": "5efa2a2068c240d8" + }, + "Version": "6.5+20250216", + "Release": "2", + "Arch": "amd64", + "SrcName": "ncurses", + "SrcVersion": "6.5+20250216", + "SrcRelease": "2", + "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libtinfo6@6.5+20250216-2" + ], + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libformw.so.6.5", + "/usr/lib/x86_64-linux-gnu/libmenuw.so.6.5", + "/usr/lib/x86_64-linux-gnu/libncursesw.so.6.5", + "/usr/lib/x86_64-linux-gnu/libpanelw.so.6.5" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libnettle8t64@3.10.1-1", + "Name": "libnettle8t64", + "Identifier": { + "PURL": "pkg:deb/debian/libnettle8t64@3.10.1-1?arch=amd64\u0026distro=debian-13.5", + "UID": "fd78e15d23b25c1f" + }, + "Version": "3.10.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "nettle", + "SrcVersion": "3.10.1", + "SrcRelease": "1", + "Licenses": [ + "LGPL-3.0-or-later", + "GPL-2.0-or-later", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "MIT", + "GPL-3.0-with-autoconf-exception+", + "public-domain", + "GPL-2.0-only", + "GAP" + ], + "Maintainer": "Magnus Holmgren \u003cholmgren@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libnettle.so.8.10", + "/usr/share/doc/libnettle8t64/NEWS.gz", + "/usr/share/doc/libnettle8t64/README", + "/usr/share/doc/libnettle8t64/changelog.Debian.gz", + "/usr/share/doc/libnettle8t64/changelog.gz", + "/usr/share/doc/libnettle8t64/copyright", + "/usr/share/lintian/overrides/libnettle8t64" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam-modules@1.7.0-5", + "Name": "libpam-modules", + "Identifier": { + "PURL": "pkg:deb/debian/libpam-modules@1.7.0-5?arch=amd64\u0026distro=debian-13.5", + "UID": "274a704398461ef0" + }, + "Version": "1.7.0", + "Release": "5", + "Arch": "amd64", + "SrcName": "pam", + "SrcVersion": "1.7.0", + "SrcRelease": "5", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-1.0-only", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "BSD-tcp_wrappers", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "public-domain", + "Beerware" + ], + "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/security/pam_access.so", + "/usr/lib/x86_64-linux-gnu/security/pam_canonicalize_user.so", + "/usr/lib/x86_64-linux-gnu/security/pam_debug.so", + "/usr/lib/x86_64-linux-gnu/security/pam_deny.so", + "/usr/lib/x86_64-linux-gnu/security/pam_echo.so", + "/usr/lib/x86_64-linux-gnu/security/pam_env.so", + "/usr/lib/x86_64-linux-gnu/security/pam_exec.so", + "/usr/lib/x86_64-linux-gnu/security/pam_faildelay.so", + "/usr/lib/x86_64-linux-gnu/security/pam_faillock.so", + "/usr/lib/x86_64-linux-gnu/security/pam_filter.so", + "/usr/lib/x86_64-linux-gnu/security/pam_ftp.so", + "/usr/lib/x86_64-linux-gnu/security/pam_group.so", + "/usr/lib/x86_64-linux-gnu/security/pam_issue.so", + "/usr/lib/x86_64-linux-gnu/security/pam_keyinit.so", + "/usr/lib/x86_64-linux-gnu/security/pam_limits.so", + "/usr/lib/x86_64-linux-gnu/security/pam_listfile.so", + "/usr/lib/x86_64-linux-gnu/security/pam_localuser.so", + "/usr/lib/x86_64-linux-gnu/security/pam_loginuid.so", + "/usr/lib/x86_64-linux-gnu/security/pam_mail.so", + "/usr/lib/x86_64-linux-gnu/security/pam_mkhomedir.so", + "/usr/lib/x86_64-linux-gnu/security/pam_motd.so", + "/usr/lib/x86_64-linux-gnu/security/pam_namespace.so", + "/usr/lib/x86_64-linux-gnu/security/pam_nologin.so", + "/usr/lib/x86_64-linux-gnu/security/pam_permit.so", + "/usr/lib/x86_64-linux-gnu/security/pam_pwhistory.so", + "/usr/lib/x86_64-linux-gnu/security/pam_rhosts.so", + "/usr/lib/x86_64-linux-gnu/security/pam_rootok.so", + "/usr/lib/x86_64-linux-gnu/security/pam_securetty.so", + "/usr/lib/x86_64-linux-gnu/security/pam_selinux.so", + "/usr/lib/x86_64-linux-gnu/security/pam_sepermit.so", + "/usr/lib/x86_64-linux-gnu/security/pam_setquota.so", + "/usr/lib/x86_64-linux-gnu/security/pam_shells.so", + "/usr/lib/x86_64-linux-gnu/security/pam_stress.so", + "/usr/lib/x86_64-linux-gnu/security/pam_succeed_if.so", + "/usr/lib/x86_64-linux-gnu/security/pam_time.so", + "/usr/lib/x86_64-linux-gnu/security/pam_timestamp.so", + "/usr/lib/x86_64-linux-gnu/security/pam_tty_audit.so", + "/usr/lib/x86_64-linux-gnu/security/pam_umask.so", + "/usr/lib/x86_64-linux-gnu/security/pam_unix.so", + "/usr/lib/x86_64-linux-gnu/security/pam_userdb.so", + "/usr/lib/x86_64-linux-gnu/security/pam_usertype.so", + "/usr/lib/x86_64-linux-gnu/security/pam_warn.so", + "/usr/lib/x86_64-linux-gnu/security/pam_wheel.so", + "/usr/lib/x86_64-linux-gnu/security/pam_xauth.so", + "/usr/share/doc/libpam-modules/NEWS.Debian.gz", + "/usr/share/doc/libpam-modules/changelog.Debian.gz", + "/usr/share/doc/libpam-modules/changelog.gz", + "/usr/share/doc/libpam-modules/copyright", + "/usr/share/doc/libpam-modules/examples/upperLOWER.c", + "/usr/share/lintian/overrides/libpam-modules", + "/usr/share/pam-configs/mkhomedir" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam-modules-bin@1.7.0-5", + "Name": "libpam-modules-bin", + "Identifier": { + "PURL": "pkg:deb/debian/libpam-modules-bin@1.7.0-5?arch=amd64\u0026distro=debian-13.5", + "UID": "c9cbae9084b28bae" + }, + "Version": "1.7.0", + "Release": "5", + "Arch": "amd64", + "SrcName": "pam", + "SrcVersion": "1.7.0", + "SrcRelease": "5", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-1.0-only", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "BSD-tcp_wrappers", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "public-domain", + "Beerware" + ], + "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit1@1:4.0.2-2+b2", + "libc6@2.41-12+deb13u3", + "libcrypt1@1:4.4.38-1", + "libpam0g@1.7.0-5", + "libselinux1@3.8.1-1", + "libsystemd0@257.13-1~deb13u1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/systemd/system/pam_namespace.service", + "/usr/sbin/faillock", + "/usr/sbin/mkhomedir_helper", + "/usr/sbin/pam_namespace_helper", + "/usr/sbin/pam_timestamp_check", + "/usr/sbin/pwhistory_helper", + "/usr/sbin/unix_chkpwd", + "/usr/sbin/unix_update", + "/usr/share/doc/libpam-modules-bin/changelog.Debian.gz", + "/usr/share/doc/libpam-modules-bin/changelog.gz", + "/usr/share/doc/libpam-modules-bin/copyright", + "/usr/share/lintian/overrides/libpam-modules-bin" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam-runtime@1.7.0-5", + "Name": "libpam-runtime", + "Identifier": { + "PURL": "pkg:deb/debian/libpam-runtime@1.7.0-5?arch=all\u0026distro=debian-13.5", + "UID": "1d4f3eaf1c0f9548" + }, + "Version": "1.7.0", + "Release": "5", + "Arch": "all", + "SrcName": "pam", + "SrcVersion": "1.7.0", + "SrcRelease": "5", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-1.0-only", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "BSD-tcp_wrappers", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "public-domain", + "Beerware" + ], + "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.91", + "libpam-modules@1.7.0-5" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/sbin/pam-auth-update", + "/usr/sbin/pam_getenv", + "/usr/share/doc/libpam-runtime/changelog.Debian.gz", + "/usr/share/doc/libpam-runtime/changelog.gz", + "/usr/share/doc/libpam-runtime/copyright", + "/usr/share/lintian/overrides/libpam-runtime", + "/usr/share/locale/af/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/am/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ar/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/as/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/az/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/be/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/bg/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/bn/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/bn_IN/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/bs/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ca/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/cs/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/cy/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/da/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/de/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/de_CH/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/el/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/eo/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/es/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/et/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/eu/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/fa/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/fi/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/fr/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ga/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/gl/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/gu/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/he/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/hi/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/hr/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/hu/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ia/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/id/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/is/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/it/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ja/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ka/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/kk/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/km/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/kn/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ko/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/kw_GB/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ky/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/lt/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/lv/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/mk/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ml/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/mn/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/mr/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ms/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/my/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/nb/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ne/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/nl/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/nn/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/or/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/pa/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/pl/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/pt/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ro/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ru/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/si/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sk/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sl/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sq/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sr/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sr@latin/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sv/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ta/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/te/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/tg/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/th/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/tr/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/uk/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ur/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/vi/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/yo/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/zh_HK/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/zu/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/man/man5/access.conf.5.gz", + "/usr/share/man/man5/faillock.conf.5.gz", + "/usr/share/man/man5/group.conf.5.gz", + "/usr/share/man/man5/limits.conf.5.gz", + "/usr/share/man/man5/namespace.conf.5.gz", + "/usr/share/man/man5/pam.conf.5.gz", + "/usr/share/man/man5/pam_env.conf.5.gz", + "/usr/share/man/man5/pwhistory.conf.5.gz", + "/usr/share/man/man5/sepermit.conf.5.gz", + "/usr/share/man/man5/time.conf.5.gz", + "/usr/share/man/man7/PAM.7.gz", + "/usr/share/man/man8/faillock.8.gz", + "/usr/share/man/man8/mkhomedir_helper.8.gz", + "/usr/share/man/man8/pam-auth-update.8.gz", + "/usr/share/man/man8/pam_access.8.gz", + "/usr/share/man/man8/pam_canonicalize_user.8.gz", + "/usr/share/man/man8/pam_debug.8.gz", + "/usr/share/man/man8/pam_deny.8.gz", + "/usr/share/man/man8/pam_echo.8.gz", + "/usr/share/man/man8/pam_env.8.gz", + "/usr/share/man/man8/pam_exec.8.gz", + "/usr/share/man/man8/pam_faildelay.8.gz", + "/usr/share/man/man8/pam_faillock.8.gz", + "/usr/share/man/man8/pam_filter.8.gz", + "/usr/share/man/man8/pam_ftp.8.gz", + "/usr/share/man/man8/pam_getenv.8.gz", + "/usr/share/man/man8/pam_group.8.gz", + "/usr/share/man/man8/pam_issue.8.gz", + "/usr/share/man/man8/pam_keyinit.8.gz", + "/usr/share/man/man8/pam_limits.8.gz", + "/usr/share/man/man8/pam_listfile.8.gz", + "/usr/share/man/man8/pam_localuser.8.gz", + "/usr/share/man/man8/pam_loginuid.8.gz", + "/usr/share/man/man8/pam_mail.8.gz", + "/usr/share/man/man8/pam_mkhomedir.8.gz", + "/usr/share/man/man8/pam_motd.8.gz", + "/usr/share/man/man8/pam_namespace.8.gz", + "/usr/share/man/man8/pam_namespace_helper.8.gz", + "/usr/share/man/man8/pam_nologin.8.gz", + "/usr/share/man/man8/pam_permit.8.gz", + "/usr/share/man/man8/pam_pwhistory.8.gz", + "/usr/share/man/man8/pam_rhosts.8.gz", + "/usr/share/man/man8/pam_rootok.8.gz", + "/usr/share/man/man8/pam_securetty.8.gz", + "/usr/share/man/man8/pam_selinux.8.gz", + "/usr/share/man/man8/pam_sepermit.8.gz", + "/usr/share/man/man8/pam_setquota.8.gz", + "/usr/share/man/man8/pam_shells.8.gz", + "/usr/share/man/man8/pam_stress.8.gz", + "/usr/share/man/man8/pam_succeed_if.8.gz", + "/usr/share/man/man8/pam_time.8.gz", + "/usr/share/man/man8/pam_timestamp.8.gz", + "/usr/share/man/man8/pam_timestamp_check.8.gz", + "/usr/share/man/man8/pam_tty_audit.8.gz", + "/usr/share/man/man8/pam_umask.8.gz", + "/usr/share/man/man8/pam_unix.8.gz", + "/usr/share/man/man8/pam_userdb.8.gz", + "/usr/share/man/man8/pam_usertype.8.gz", + "/usr/share/man/man8/pam_warn.8.gz", + "/usr/share/man/man8/pam_wheel.8.gz", + "/usr/share/man/man8/pam_xauth.8.gz", + "/usr/share/man/man8/pwhistory_helper.8.gz", + "/usr/share/man/man8/unix_chkpwd.8.gz", + "/usr/share/man/man8/unix_update.8.gz", + "/usr/share/pam-configs/unix", + "/usr/share/pam/common-account", + "/usr/share/pam/common-account.md5sums", + "/usr/share/pam/common-auth", + "/usr/share/pam/common-auth.md5sums", + "/usr/share/pam/common-password", + "/usr/share/pam/common-password.md5sums", + "/usr/share/pam/common-session", + "/usr/share/pam/common-session-noninteractive", + "/usr/share/pam/common-session-noninteractive.md5sums", + "/usr/share/pam/common-session.md5sums" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam0g@1.7.0-5", + "Name": "libpam0g", + "Identifier": { + "PURL": "pkg:deb/debian/libpam0g@1.7.0-5?arch=amd64\u0026distro=debian-13.5", + "UID": "50a3886f7361785c" + }, + "Version": "1.7.0", + "Release": "5", + "Arch": "amd64", + "SrcName": "pam", + "SrcVersion": "1.7.0", + "SrcRelease": "5", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-1.0-only", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "BSD-tcp_wrappers", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "public-domain", + "Beerware" + ], + "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.91", + "libaudit1@1:4.0.2-2+b2", + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libpam.so.0.85.1", + "/usr/lib/x86_64-linux-gnu/libpam_misc.so.0.82.1", + "/usr/lib/x86_64-linux-gnu/libpamc.so.0.82.1", + "/usr/share/doc/libpam0g/Debian-PAM-MiniPolicy.gz", + "/usr/share/doc/libpam0g/README", + "/usr/share/doc/libpam0g/README.Debian", + "/usr/share/doc/libpam0g/TODO.Debian", + "/usr/share/doc/libpam0g/changelog.Debian.gz", + "/usr/share/doc/libpam0g/changelog.gz", + "/usr/share/doc/libpam0g/copyright", + "/usr/share/lintian/overrides/libpam0g" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpcre2-8-0@10.46-1~deb13u1", + "Name": "libpcre2-8-0", + "Identifier": { + "PURL": "pkg:deb/debian/libpcre2-8-0@10.46-1~deb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "aa7e3a6ab471d889" + }, + "Version": "10.46", + "Release": "1~deb13u1", + "Arch": "amd64", + "SrcName": "pcre2", + "SrcVersion": "10.46", + "SrcRelease": "1~deb13u1", + "Licenses": [ + "BSD-3-clause-Cambridge with BINARY LIBRARY-LIKE PACKAGES exception", + "BSD-3-Clause", + "X11", + "BSD-2-Clause", + "public-domain" + ], + "Maintainer": "Matthew Vernon \u003cmatthew@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.14.0", + "/usr/share/doc/libpcre2-8-0/README.Debian", + "/usr/share/doc/libpcre2-8-0/changelog.Debian.gz", + "/usr/share/doc/libpcre2-8-0/changelog.gz", + "/usr/share/doc/libpcre2-8-0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libreadline8t64@8.2-6", + "Name": "libreadline8t64", + "Identifier": { + "PURL": "pkg:deb/debian/libreadline8t64@8.2-6?arch=amd64\u0026distro=debian-13.5", + "UID": "a41a60a40a941961" + }, + "Version": "8.2", + "Release": "6", + "Arch": "amd64", + "SrcName": "readline", + "SrcVersion": "8.2", + "SrcRelease": "6", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only", + "GPL-2.0-or-later", + "GPL-2.0-only", + "GFDL-1.3-no-invariants-or-later", + "GFDL-1.3-or-later", + "ISC-no-attribution" + ], + "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libtinfo6@6.5+20250216-2", + "readline-common@8.2-6" + ], + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libhistory.so.8.2", + "/usr/lib/x86_64-linux-gnu/libreadline.so.8.2", + "/usr/share/doc/libreadline8t64/README.Debian", + "/usr/share/doc/libreadline8t64/USAGE", + "/usr/share/doc/libreadline8t64/changelog.Debian.gz", + "/usr/share/doc/libreadline8t64/changelog.gz", + "/usr/share/doc/libreadline8t64/copyright", + "/usr/share/doc/libreadline8t64/examples/Inputrc", + "/usr/share/doc/libreadline8t64/inputrc.arrows" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libseccomp2@2.6.0-2", + "Name": "libseccomp2", + "Identifier": { + "PURL": "pkg:deb/debian/libseccomp2@2.6.0-2?arch=amd64\u0026distro=debian-13.5", + "UID": "97e0ed663a98e78b" + }, + "Version": "2.6.0", + "Release": "2", + "Arch": "amd64", + "SrcName": "libseccomp", + "SrcVersion": "2.6.0", + "SrcRelease": "2", + "Licenses": [ + "LGPL-2.1-only" + ], + "Maintainer": "Kees Cook \u003ckees@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libseccomp.so.2.6.0", + "/usr/share/doc/libseccomp2/changelog.Debian.gz", + "/usr/share/doc/libseccomp2/changelog.gz", + "/usr/share/doc/libseccomp2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libselinux1@3.8.1-1", + "Name": "libselinux1", + "Identifier": { + "PURL": "pkg:deb/debian/libselinux1@3.8.1-1?arch=amd64\u0026distro=debian-13.5", + "UID": "f7d3a23ad693e5cb" + }, + "Version": "3.8.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "libselinux", + "SrcVersion": "3.8.1", + "SrcRelease": "1", + "Licenses": [ + "public-domain", + "GPL-2.0-only" + ], + "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libpcre2-8-0@10.46-1~deb13u1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/tmpfiles.d/libselinux1.conf", + "/usr/lib/x86_64-linux-gnu/libselinux.so.1", + "/usr/share/doc/libselinux1/changelog.Debian.gz", + "/usr/share/doc/libselinux1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsemanage-common@3.8.1-1", + "Name": "libsemanage-common", + "Identifier": { + "PURL": "pkg:deb/debian/libsemanage-common@3.8.1-1?arch=all\u0026distro=debian-13.5", + "UID": "ecc6b54d8bc6318c" + }, + "Version": "3.8.1", + "Release": "1", + "Arch": "all", + "SrcName": "libsemanage", + "SrcVersion": "3.8.1", + "SrcRelease": "1", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.1-only", + "GPL-2.0-only" + ], + "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/share/doc/libsemanage-common/changelog.Debian.gz", + "/usr/share/doc/libsemanage-common/copyright", + "/usr/share/man/man5/semanage.conf.5.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsemanage2@3.8.1-1", + "Name": "libsemanage2", + "Identifier": { + "PURL": "pkg:deb/debian/libsemanage2@3.8.1-1?arch=amd64\u0026distro=debian-13.5", + "UID": "5684bd063761ddb3" + }, + "Version": "3.8.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "libsemanage", + "SrcVersion": "3.8.1", + "SrcRelease": "1", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.1-only", + "GPL-2.0-only" + ], + "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit1@1:4.0.2-2+b2", + "libbz2-1.0@1.0.8-6", + "libc6@2.41-12+deb13u3", + "libselinux1@3.8.1-1", + "libsemanage-common@3.8.1-1", + "libsepol2@3.8.1-1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsemanage.so.2", + "/usr/share/doc/libsemanage2/changelog.Debian.gz", + "/usr/share/doc/libsemanage2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsepol2@3.8.1-1", + "Name": "libsepol2", + "Identifier": { + "PURL": "pkg:deb/debian/libsepol2@3.8.1-1?arch=amd64\u0026distro=debian-13.5", + "UID": "9990a97d658e13ae" + }, + "Version": "3.8.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "libsepol", + "SrcVersion": "3.8.1", + "SrcRelease": "1", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.1-only", + "Zlib", + "GPL-2.0-only", + "GPL-2.0-or-later" + ], + "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsepol.so.2", + "/usr/share/doc/libsepol2/changelog.Debian.gz", + "/usr/share/doc/libsepol2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsmartcols1@2.41-5", + "Name": "libsmartcols1", + "Identifier": { + "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "780dbec0869ab8e" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsmartcols.so.1.1.0", + "/usr/share/doc/libsmartcols1/NEWS.Debian.gz", + "/usr/share/doc/libsmartcols1/changelog.Debian.gz", + "/usr/share/doc/libsmartcols1/changelog.gz", + "/usr/share/doc/libsmartcols1/copyright", + "/usr/share/lintian/overrides/libsmartcols1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsqlite3-0@3.46.1-7+deb13u1", + "Name": "libsqlite3-0", + "Identifier": { + "PURL": "pkg:deb/debian/libsqlite3-0@3.46.1-7%2Bdeb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "c7da287e696e8198" + }, + "Version": "3.46.1", + "Release": "7+deb13u1", + "Arch": "amd64", + "SrcName": "sqlite3", + "SrcVersion": "3.46.1", + "SrcRelease": "7+deb13u1", + "Licenses": [ + "public-domain", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Laszlo Boszormenyi (GCS) \u003cgcs@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsqlite3.so.0.8.6", + "/usr/share/doc/libsqlite3-0/README.Debian", + "/usr/share/doc/libsqlite3-0/changelog.Debian.gz", + "/usr/share/doc/libsqlite3-0/changelog.gz", + "/usr/share/doc/libsqlite3-0/changelog.html.gz", + "/usr/share/doc/libsqlite3-0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libssl3t64@3.5.6-1~deb13u1", + "Name": "libssl3t64", + "Identifier": { + "PURL": "pkg:deb/debian/libssl3t64@3.5.6-1~deb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "19bca5c02c5a9632" + }, + "Version": "3.5.6", + "Release": "1~deb13u1", + "Arch": "amd64", + "SrcName": "openssl", + "SrcVersion": "3.5.6", + "SrcRelease": "1~deb13u1", + "Licenses": [ + "Apache-2.0", + "Artistic-2.0", + "GPL-1.0-or-later", + "GPL-1.0-only" + ], + "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libzstd1@1.5.7+dfsg-1", + "openssl-provider-legacy@3.5.6-1~deb13u1", + "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/engines-3/afalg.so", + "/usr/lib/x86_64-linux-gnu/engines-3/loader_attic.so", + "/usr/lib/x86_64-linux-gnu/engines-3/padlock.so", + "/usr/lib/x86_64-linux-gnu/libcrypto.so.3", + "/usr/lib/x86_64-linux-gnu/libssl.so.3", + "/usr/share/doc/libssl3t64/NEWS.Debian.gz", + "/usr/share/doc/libssl3t64/changelog.Debian.gz", + "/usr/share/doc/libssl3t64/changelog.gz", + "/usr/share/doc/libssl3t64/copyright", + "/usr/share/lintian/overrides/libssl3t64" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libstdc++6@14.2.0-19", + "Name": "libstdc++6", + "Identifier": { + "PURL": "pkg:deb/debian/libstdc%2B%2B6@14.2.0-19?arch=amd64\u0026distro=debian-13.5", + "UID": "1b384a6346513d7c" + }, + "Version": "14.2.0", + "Release": "19", + "Arch": "amd64", + "SrcName": "gcc-14", + "SrcVersion": "14.2.0", + "SrcRelease": "19", + "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "gcc-14-base@14.2.0-19", + "libc6@2.41-12+deb13u3", + "libgcc-s1@14.2.0-19" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.33", + "/usr/share/gcc/python/libstdcxx/__init__.py", + "/usr/share/gcc/python/libstdcxx/v6/__init__.py", + "/usr/share/gcc/python/libstdcxx/v6/printers.py", + "/usr/share/gcc/python/libstdcxx/v6/xmethods.py", + "/usr/share/gdb/auto-load/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.33-gdb.py" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsystemd0@257.13-1~deb13u1", + "Name": "libsystemd0", + "Identifier": { + "PURL": "pkg:deb/debian/libsystemd0@257.13-1~deb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "a2b4ba47389f858e" + }, + "Version": "257.13", + "Release": "1~deb13u1", + "Arch": "amd64", + "SrcName": "systemd", + "SrcVersion": "257.13", + "SrcRelease": "1~deb13u1", + "Licenses": [ + "LGPL-2.1-or-later", + "CC0-1.0", + "GPL-2 with Linux-syscall-note exception", + "MIT", + "public-domain", + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libcap2@1:2.75-10+deb13u1+b1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", + "/usr/share/doc/libsystemd0/NEWS.Debian.gz", + "/usr/share/doc/libsystemd0/changelog.Debian.gz", + "/usr/share/doc/libsystemd0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libtinfo6@6.5+20250216-2", + "Name": "libtinfo6", + "Identifier": { + "PURL": "pkg:deb/debian/libtinfo6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", + "UID": "ba2c2b464f07108a" + }, + "Version": "6.5+20250216", + "Release": "2", + "Arch": "amd64", + "SrcName": "ncurses", + "SrcVersion": "6.5+20250216", + "SrcRelease": "2", + "Licenses": [ + "MIT/X11", + "X11", + "BSD-3-Clause" + ], + "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libtic.so.6.5", + "/usr/lib/x86_64-linux-gnu/libtinfo.so.6.5", + "/usr/share/doc/libtinfo6/changelog.Debian.gz", + "/usr/share/doc/libtinfo6/changelog.gz", + "/usr/share/doc/libtinfo6/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libudev1@257.13-1~deb13u1", + "Name": "libudev1", + "Identifier": { + "PURL": "pkg:deb/debian/libudev1@257.13-1~deb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "3b7a2f1a9ab169b" + }, + "Version": "257.13", + "Release": "1~deb13u1", + "Arch": "amd64", + "SrcName": "systemd", + "SrcVersion": "257.13", + "SrcRelease": "1~deb13u1", + "Licenses": [ + "LGPL-2.1-or-later", + "CC0-1.0", + "GPL-2 with Linux-syscall-note exception", + "MIT", + "public-domain", + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libcap2@1:2.75-10+deb13u1+b1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libudev.so.1.7.10", + "/usr/share/doc/libudev1/NEWS.Debian.gz", + "/usr/share/doc/libudev1/changelog.Debian.gz", + "/usr/share/doc/libudev1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libuuid1@2.41-5", + "Name": "libuuid1", + "Identifier": { + "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "1afbb50818377478" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libuuid.so.1.3.0", + "/usr/share/doc/libuuid1/NEWS.Debian.gz", + "/usr/share/doc/libuuid1/changelog.Debian.gz", + "/usr/share/doc/libuuid1/changelog.gz", + "/usr/share/doc/libuuid1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libxxhash0@0.8.3-2", + "Name": "libxxhash0", + "Identifier": { + "PURL": "pkg:deb/debian/libxxhash0@0.8.3-2?arch=amd64\u0026distro=debian-13.5", + "UID": "d91110b5edcae2d8" + }, + "Version": "0.8.3", + "Release": "2", + "Arch": "amd64", + "SrcName": "xxhash", + "SrcVersion": "0.8.3", + "SrcRelease": "2", + "Licenses": [ + "BSD-2-Clause", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Josue Ortega \u003cjosue@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libxxhash.so.0.8.3", + "/usr/share/doc/libxxhash0/changelog.Debian.gz", + "/usr/share/doc/libxxhash0/changelog.gz", + "/usr/share/doc/libxxhash0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libzstd1@1.5.7+dfsg-1", + "Name": "libzstd1", + "Identifier": { + "PURL": "pkg:deb/debian/libzstd1@1.5.7%2Bdfsg-1?arch=amd64\u0026distro=debian-13.5", + "UID": "ca4814a2bfd07696" + }, + "Version": "1.5.7+dfsg", + "Release": "1", + "Arch": "amd64", + "SrcName": "libzstd", + "SrcVersion": "1.5.7+dfsg", + "SrcRelease": "1", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only", + "Zlib", + "MIT" + ], + "Maintainer": "RPM packaging team \u003cteam+pkg-rpm@tracker.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libzstd.so.1.5.7", + "/usr/share/doc/libzstd1/changelog.Debian.gz", + "/usr/share/doc/libzstd1/changelog.gz", + "/usr/share/doc/libzstd1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "login@1:4.16.0-2+really2.41-5", + "Name": "login", + "Identifier": { + "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "c0ab0b857644733b" + }, + "Version": "4.16.0-2+really2.41", + "Release": "5", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit1@1:4.0.2-2+b2", + "libc6@2.41-12+deb13u3", + "libcrypt1@1:4.4.38-1", + "libpam-modules@1.7.0-5", + "libpam-runtime@1.7.0-5", + "libpam0g@1.7.0-5" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/login", + "/usr/bin/newgrp", + "/usr/sbin/nologin", + "/usr/share/bash-completion/completions/newgrp", + "/usr/share/doc/login/NEWS.Debian.gz", + "/usr/share/doc/login/changelog.Debian.gz", + "/usr/share/doc/login/changelog.gz", + "/usr/share/doc/login/copyright", + "/usr/share/lintian/overrides/login", + "/usr/share/man/de/man1/login.1.gz", + "/usr/share/man/de/man8/nologin.8.gz", + "/usr/share/man/fr/man1/login.1.gz", + "/usr/share/man/man1/login.1.gz", + "/usr/share/man/man1/newgrp.1.gz", + "/usr/share/man/man8/nologin.8.gz", + "/usr/share/man/pl/man1/login.1.gz", + "/usr/share/man/pl/man1/newgrp.1.gz", + "/usr/share/man/pl/man8/nologin.8.gz", + "/usr/share/man/ro/man1/login.1.gz", + "/usr/share/man/ro/man1/newgrp.1.gz", + "/usr/share/man/ro/man8/nologin.8.gz", + "/usr/share/man/sr/man1/login.1.gz", + "/usr/share/man/sr/man8/nologin.8.gz", + "/usr/share/man/uk/man1/login.1.gz", + "/usr/share/man/uk/man1/newgrp.1.gz", + "/usr/share/man/uk/man8/nologin.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "login.defs@1:4.17.4-2", + "Name": "login.defs", + "Identifier": { + "PURL": "pkg:deb/debian/login.defs@4.17.4-2?arch=all\u0026distro=debian-13.5\u0026epoch=1", + "UID": "b6a337588c67d5a3" + }, + "Version": "4.17.4", + "Release": "2", + "Epoch": 1, + "Arch": "all", + "SrcName": "shadow", + "SrcVersion": "4.17.4", + "SrcRelease": "2", + "SrcEpoch": 1, + "Licenses": [ + "BSD-3-Clause", + "GPL-1.0-only", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/share/doc/login.defs/NEWS.Debian.gz", + "/usr/share/doc/login.defs/changelog.Debian.gz", + "/usr/share/doc/login.defs/changelog.gz", + "/usr/share/doc/login.defs/copyright", + "/usr/share/man/de/man5/login.defs.5.gz", + "/usr/share/man/fr/man5/login.defs.5.gz", + "/usr/share/man/it/man5/login.defs.5.gz", + "/usr/share/man/ja/man5/login.defs.5.gz", + "/usr/share/man/man5/login.defs.5.gz", + "/usr/share/man/ru/man5/login.defs.5.gz", + "/usr/share/man/uk/man5/login.defs.5.gz", + "/usr/share/man/zh_CN/man5/login.defs.5.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mawk@1.3.4.20250131-1", + "Name": "mawk", + "Identifier": { + "PURL": "pkg:deb/debian/mawk@1.3.4.20250131-1?arch=amd64\u0026distro=debian-13.5", + "UID": "a4460701c66e182d" + }, + "Version": "1.3.4.20250131", + "Release": "1", + "Arch": "amd64", + "SrcName": "mawk", + "SrcVersion": "1.3.4.20250131", + "SrcRelease": "1", + "Licenses": [ + "GPL-2.0-only", + "X11", + "CC-BY-3.0" + ], + "Maintainer": "Boyuan Yang \u003cbyang@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/mawk", + "/usr/share/doc/mawk/ACKNOWLEDGMENT", + "/usr/share/doc/mawk/README", + "/usr/share/doc/mawk/changelog.Debian.gz", + "/usr/share/doc/mawk/changelog.gz", + "/usr/share/doc/mawk/copyright", + "/usr/share/doc/mawk/examples/ct_length.awk", + "/usr/share/doc/mawk/examples/decl.awk", + "/usr/share/doc/mawk/examples/deps.awk", + "/usr/share/doc/mawk/examples/eatc.awk", + "/usr/share/doc/mawk/examples/gdecl.awk", + "/usr/share/doc/mawk/examples/hcal", + "/usr/share/doc/mawk/examples/hical", + "/usr/share/doc/mawk/examples/nocomment.awk", + "/usr/share/doc/mawk/examples/primes.awk", + "/usr/share/doc/mawk/examples/qsort.awk", + "/usr/share/man/man1/mawk.1.gz", + "/usr/share/man/man7/mawk-arrays.7.gz", + "/usr/share/man/man7/mawk-code.7.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mount@2.41-5", + "Name": "mount", + "Identifier": { + "PURL": "pkg:deb/debian/mount@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "55c835c674d0a0e5" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/mount", + "/usr/bin/umount", + "/usr/sbin/losetup", + "/usr/sbin/swapoff", + "/usr/sbin/swapon", + "/usr/share/bash-completion/completions/losetup", + "/usr/share/bash-completion/completions/mount", + "/usr/share/bash-completion/completions/swapoff", + "/usr/share/bash-completion/completions/swapon", + "/usr/share/bash-completion/completions/umount", + "/usr/share/doc/mount/NEWS.Debian.gz", + "/usr/share/doc/mount/changelog.Debian.gz", + "/usr/share/doc/mount/changelog.gz", + "/usr/share/doc/mount/copyright", + "/usr/share/doc/mount/examples/filesystems", + "/usr/share/doc/mount/examples/fstab", + "/usr/share/doc/mount/examples/mount.fstab", + "/usr/share/doc/mount/mount.txt", + "/usr/share/lintian/overrides/mount", + "/usr/share/man/man5/fstab.5.gz", + "/usr/share/man/man8/losetup.8.gz", + "/usr/share/man/man8/mount.8.gz", + "/usr/share/man/man8/swapon.8.gz", + "/usr/share/man/man8/umount.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "ncurses-base@6.5+20250216-2", + "Name": "ncurses-base", + "Identifier": { + "PURL": "pkg:deb/debian/ncurses-base@6.5%2B20250216-2?arch=all\u0026distro=debian-13.5", + "UID": "767a0231348a5cb5" + }, + "Version": "6.5+20250216", + "Release": "2", + "Arch": "all", + "SrcName": "ncurses", + "SrcVersion": "6.5+20250216", + "SrcRelease": "2", + "Licenses": [ + "MIT/X11", + "X11", + "BSD-3-Clause" + ], + "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/share/doc/ncurses-base/FAQ", + "/usr/share/doc/ncurses-base/TODO.Debian", + "/usr/share/doc/ncurses-base/changelog.Debian.gz", + "/usr/share/doc/ncurses-base/changelog.gz", + "/usr/share/doc/ncurses-base/copyright", + "/usr/share/lintian/overrides/ncurses-base", + "/usr/share/tabset/std", + "/usr/share/tabset/stdcrt", + "/usr/share/tabset/vt100", + "/usr/share/tabset/vt300", + "/usr/share/terminfo/E/Eterm", + "/usr/share/terminfo/a/ansi", + "/usr/share/terminfo/c/cons25", + "/usr/share/terminfo/c/cygwin", + "/usr/share/terminfo/d/dumb", + "/usr/share/terminfo/h/hurd", + "/usr/share/terminfo/l/linux", + "/usr/share/terminfo/m/mach", + "/usr/share/terminfo/m/mach-bold", + "/usr/share/terminfo/m/mach-color", + "/usr/share/terminfo/m/mach-gnu", + "/usr/share/terminfo/m/mach-gnu-color", + "/usr/share/terminfo/p/pcansi", + "/usr/share/terminfo/r/rxvt", + "/usr/share/terminfo/r/rxvt-basic", + "/usr/share/terminfo/r/rxvt-unicode", + "/usr/share/terminfo/r/rxvt-unicode-256color", + "/usr/share/terminfo/s/screen", + "/usr/share/terminfo/s/screen-256color", + "/usr/share/terminfo/s/screen-256color-bce", + "/usr/share/terminfo/s/screen-bce", + "/usr/share/terminfo/s/screen-s", + "/usr/share/terminfo/s/screen-w", + "/usr/share/terminfo/s/screen.xterm-256color", + "/usr/share/terminfo/s/sun", + "/usr/share/terminfo/t/tmux", + "/usr/share/terminfo/t/tmux-256color", + "/usr/share/terminfo/v/vt100", + "/usr/share/terminfo/v/vt102", + "/usr/share/terminfo/v/vt220", + "/usr/share/terminfo/v/vt52", + "/usr/share/terminfo/w/wsvt25", + "/usr/share/terminfo/w/wsvt25m", + "/usr/share/terminfo/x/xterm", + "/usr/share/terminfo/x/xterm-256color", + "/usr/share/terminfo/x/xterm-color", + "/usr/share/terminfo/x/xterm-mono", + "/usr/share/terminfo/x/xterm-r5", + "/usr/share/terminfo/x/xterm-r6", + "/usr/share/terminfo/x/xterm-vt220", + "/usr/share/terminfo/x/xterm-xfree86" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "ncurses-bin@6.5+20250216-2", + "Name": "ncurses-bin", + "Identifier": { + "PURL": "pkg:deb/debian/ncurses-bin@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", + "UID": "5b541563cf6587e5" + }, + "Version": "6.5+20250216", + "Release": "2", + "Arch": "amd64", + "SrcName": "ncurses", + "SrcVersion": "6.5+20250216", + "SrcRelease": "2", + "Licenses": [ + "MIT/X11", + "X11", + "BSD-3-Clause" + ], + "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/clear", + "/usr/bin/infocmp", + "/usr/bin/tabs", + "/usr/bin/tic", + "/usr/bin/toe", + "/usr/bin/tput", + "/usr/bin/tset", + "/usr/share/doc/ncurses-bin/changelog.Debian.gz", + "/usr/share/doc/ncurses-bin/changelog.gz", + "/usr/share/doc/ncurses-bin/copyright", + "/usr/share/man/man1/captoinfo.1.gz", + "/usr/share/man/man1/clear.1.gz", + "/usr/share/man/man1/infocmp.1.gz", + "/usr/share/man/man1/infotocap.1.gz", + "/usr/share/man/man1/tabs.1.gz", + "/usr/share/man/man1/tic.1.gz", + "/usr/share/man/man1/toe.1.gz", + "/usr/share/man/man1/tput.1.gz", + "/usr/share/man/man1/tset.1.gz", + "/usr/share/man/man5/scr_dump.5.gz", + "/usr/share/man/man5/term.5.gz", + "/usr/share/man/man5/terminfo.5.gz", + "/usr/share/man/man5/user_caps.5.gz", + "/usr/share/man/man7/term.7.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "netbase@6.5", + "Name": "netbase", + "Identifier": { + "PURL": "pkg:deb/debian/netbase@6.5?arch=all\u0026distro=debian-13.5", + "UID": "9929ff265179fc61" + }, + "Version": "6.5", + "Arch": "all", + "SrcName": "netbase", + "SrcVersion": "6.5", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:8649771fee179d7c2590c94f533aaa5fceb70e36e25dec83672fe836d99577c5", + "DiffID": "sha256:98df1ca0e575d9026c1abd12994fad3c14effa4558d50b6961fd586930956b26" + }, + "InstalledFiles": [ + "/usr/share/doc/netbase/changelog.gz", + "/usr/share/doc/netbase/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "openssl@3.5.6-1~deb13u1", + "Name": "openssl", + "Identifier": { + "PURL": "pkg:deb/debian/openssl@3.5.6-1~deb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "ee88be94d89898bf" + }, + "Version": "3.5.6", + "Release": "1~deb13u1", + "Arch": "amd64", + "SrcName": "openssl", + "SrcVersion": "3.5.6", + "SrcRelease": "1~deb13u1", + "Licenses": [ + "Apache-2.0", + "Artistic-2.0", + "GPL-1.0-or-later", + "GPL-1.0-only" + ], + "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libssl3t64@3.5.6-1~deb13u1" + ], + "Layer": { + "Digest": "sha256:8649771fee179d7c2590c94f533aaa5fceb70e36e25dec83672fe836d99577c5", + "DiffID": "sha256:98df1ca0e575d9026c1abd12994fad3c14effa4558d50b6961fd586930956b26" + }, + "InstalledFiles": [ + "/usr/bin/c_rehash", + "/usr/bin/openssl", + "/usr/lib/ssl/misc/CA.pl", + "/usr/lib/ssl/misc/tsget.pl", + "/usr/share/doc/openssl/HOWTO/certificates.txt.gz", + "/usr/share/doc/openssl/HOWTO/documenting-functions-and-macros.md.gz", + "/usr/share/doc/openssl/HOWTO/keys.txt.gz", + "/usr/share/doc/openssl/NEWS.md.gz", + "/usr/share/doc/openssl/README-ENGINES.md.gz", + "/usr/share/doc/openssl/README-PROVIDERS.md.gz", + "/usr/share/doc/openssl/README-QUIC.md.gz", + "/usr/share/doc/openssl/README.Debian", + "/usr/share/doc/openssl/README.md.gz", + "/usr/share/doc/openssl/changelog.Debian.gz", + "/usr/share/doc/openssl/changelog.gz", + "/usr/share/doc/openssl/copyright", + "/usr/share/doc/openssl/fingerprints.txt", + "/usr/share/lintian/overrides/openssl", + "/usr/share/man/man1/CA.pl.1ssl.gz", + "/usr/share/man/man1/openssl-asn1parse.1ssl.gz", + "/usr/share/man/man1/openssl-ca.1ssl.gz", + "/usr/share/man/man1/openssl-ciphers.1ssl.gz", + "/usr/share/man/man1/openssl-cmds.1ssl.gz", + "/usr/share/man/man1/openssl-cmp.1ssl.gz", + "/usr/share/man/man1/openssl-cms.1ssl.gz", + "/usr/share/man/man1/openssl-crl.1ssl.gz", + "/usr/share/man/man1/openssl-crl2pkcs7.1ssl.gz", + "/usr/share/man/man1/openssl-dgst.1ssl.gz", + "/usr/share/man/man1/openssl-dhparam.1ssl.gz", + "/usr/share/man/man1/openssl-dsa.1ssl.gz", + "/usr/share/man/man1/openssl-dsaparam.1ssl.gz", + "/usr/share/man/man1/openssl-ec.1ssl.gz", + "/usr/share/man/man1/openssl-ecparam.1ssl.gz", + "/usr/share/man/man1/openssl-enc.1ssl.gz", + "/usr/share/man/man1/openssl-engine.1ssl.gz", + "/usr/share/man/man1/openssl-errstr.1ssl.gz", + "/usr/share/man/man1/openssl-fipsinstall.1ssl.gz", + "/usr/share/man/man1/openssl-format-options.1ssl.gz", + "/usr/share/man/man1/openssl-gendsa.1ssl.gz", + "/usr/share/man/man1/openssl-genpkey.1ssl.gz", + "/usr/share/man/man1/openssl-genrsa.1ssl.gz", + "/usr/share/man/man1/openssl-info.1ssl.gz", + "/usr/share/man/man1/openssl-kdf.1ssl.gz", + "/usr/share/man/man1/openssl-list.1ssl.gz", + "/usr/share/man/man1/openssl-mac.1ssl.gz", + "/usr/share/man/man1/openssl-namedisplay-options.1ssl.gz", + "/usr/share/man/man1/openssl-nseq.1ssl.gz", + "/usr/share/man/man1/openssl-ocsp.1ssl.gz", + "/usr/share/man/man1/openssl-passphrase-options.1ssl.gz", + "/usr/share/man/man1/openssl-passwd.1ssl.gz", + "/usr/share/man/man1/openssl-pkcs12.1ssl.gz", + "/usr/share/man/man1/openssl-pkcs7.1ssl.gz", + "/usr/share/man/man1/openssl-pkcs8.1ssl.gz", + "/usr/share/man/man1/openssl-pkey.1ssl.gz", + "/usr/share/man/man1/openssl-pkeyparam.1ssl.gz", + "/usr/share/man/man1/openssl-pkeyutl.1ssl.gz", + "/usr/share/man/man1/openssl-prime.1ssl.gz", + "/usr/share/man/man1/openssl-rand.1ssl.gz", + "/usr/share/man/man1/openssl-rehash.1ssl.gz", + "/usr/share/man/man1/openssl-req.1ssl.gz", + "/usr/share/man/man1/openssl-rsa.1ssl.gz", + "/usr/share/man/man1/openssl-rsautl.1ssl.gz", + "/usr/share/man/man1/openssl-s_client.1ssl.gz", + "/usr/share/man/man1/openssl-s_server.1ssl.gz", + "/usr/share/man/man1/openssl-s_time.1ssl.gz", + "/usr/share/man/man1/openssl-sess_id.1ssl.gz", + "/usr/share/man/man1/openssl-skeyutl.1ssl.gz", + "/usr/share/man/man1/openssl-smime.1ssl.gz", + "/usr/share/man/man1/openssl-speed.1ssl.gz", + "/usr/share/man/man1/openssl-spkac.1ssl.gz", + "/usr/share/man/man1/openssl-srp.1ssl.gz", + "/usr/share/man/man1/openssl-storeutl.1ssl.gz", + "/usr/share/man/man1/openssl-ts.1ssl.gz", + "/usr/share/man/man1/openssl-verification-options.1ssl.gz", + "/usr/share/man/man1/openssl-verify.1ssl.gz", + "/usr/share/man/man1/openssl-version.1ssl.gz", + "/usr/share/man/man1/openssl-x509.1ssl.gz", + "/usr/share/man/man1/openssl.1ssl.gz", + "/usr/share/man/man1/tsget.1ssl.gz", + "/usr/share/man/man5/config.5ssl.gz", + "/usr/share/man/man5/fips_config.5ssl.gz", + "/usr/share/man/man5/x509v3_config.5ssl.gz", + "/usr/share/man/man7/EVP_ASYM_CIPHER-RSA.7ssl.gz", + "/usr/share/man/man7/EVP_ASYM_CIPHER-SM2.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-AES.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-ARIA.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-BLOWFISH.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-CAMELLIA.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-CAST.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-CHACHA.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-DES.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-IDEA.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-NULL.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-RC2.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-RC4.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-RC5.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-SEED.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-SM4.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-ARGON2.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-HKDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-HMAC-DRBG.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-KB.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-KRB5KDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-PBKDF1.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-PBKDF2.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-PKCS12KDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-PVKKDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-SCRYPT.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-SS.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-SSHKDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-TLS13_KDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-TLS1_PRF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-X942-ASN1.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-X942-CONCAT.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-X963.7ssl.gz", + "/usr/share/man/man7/EVP_KEM-EC.7ssl.gz", + "/usr/share/man/man7/EVP_KEM-ML-KEM.7ssl.gz", + "/usr/share/man/man7/EVP_KEM-RSA.7ssl.gz", + "/usr/share/man/man7/EVP_KEM-X25519.7ssl.gz", + "/usr/share/man/man7/EVP_KEYEXCH-DH.7ssl.gz", + "/usr/share/man/man7/EVP_KEYEXCH-ECDH.7ssl.gz", + "/usr/share/man/man7/EVP_KEYEXCH-X25519.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-BLAKE2.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-CMAC.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-GMAC.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-HMAC.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-KMAC.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-Poly1305.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-Siphash.7ssl.gz", + "/usr/share/man/man7/EVP_MD-BLAKE2.7ssl.gz", + "/usr/share/man/man7/EVP_MD-KECCAK.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MD2.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MD4.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MD5-SHA1.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MD5.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MDC2.7ssl.gz", + "/usr/share/man/man7/EVP_MD-NULL.7ssl.gz", + "/usr/share/man/man7/EVP_MD-RIPEMD160.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SHA1.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SHA2.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SHA3.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SHAKE.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SM3.7ssl.gz", + "/usr/share/man/man7/EVP_MD-WHIRLPOOL.7ssl.gz", + "/usr/share/man/man7/EVP_MD-common.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-DH.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-DSA.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-EC.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-FFC.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-HMAC.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-ML-DSA.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-ML-KEM.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-RSA.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-SLH-DSA.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-SM2.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-X25519.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-CRNG-TEST.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-CTR-DRBG.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-HASH-DRBG.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-HMAC-DRBG.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-JITTER.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-SEED-SRC.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-TEST-RAND.7ssl.gz", + "/usr/share/man/man7/EVP_RAND.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-DSA.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-ECDSA.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-ED25519.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-HMAC.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-ML-DSA.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-RSA.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-SLH-DSA.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-FIPS.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-base.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-default.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-legacy.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-null.7ssl.gz", + "/usr/share/man/man7/OSSL_STORE-winstore.7ssl.gz", + "/usr/share/man/man7/RAND.7ssl.gz", + "/usr/share/man/man7/RSA-PSS.7ssl.gz", + "/usr/share/man/man7/X25519.7ssl.gz", + "/usr/share/man/man7/bio.7ssl.gz", + "/usr/share/man/man7/ct.7ssl.gz", + "/usr/share/man/man7/des_modes.7ssl.gz", + "/usr/share/man/man7/evp.7ssl.gz", + "/usr/share/man/man7/fips_module.7ssl.gz", + "/usr/share/man/man7/life_cycle-cipher.7ssl.gz", + "/usr/share/man/man7/life_cycle-digest.7ssl.gz", + "/usr/share/man/man7/life_cycle-kdf.7ssl.gz", + "/usr/share/man/man7/life_cycle-mac.7ssl.gz", + "/usr/share/man/man7/life_cycle-pkey.7ssl.gz", + "/usr/share/man/man7/life_cycle-rand.7ssl.gz", + "/usr/share/man/man7/openssl-core.h.7ssl.gz", + "/usr/share/man/man7/openssl-core_dispatch.h.7ssl.gz", + "/usr/share/man/man7/openssl-core_names.h.7ssl.gz", + "/usr/share/man/man7/openssl-env.7ssl.gz", + "/usr/share/man/man7/openssl-glossary.7ssl.gz", + "/usr/share/man/man7/openssl-qlog.7ssl.gz", + "/usr/share/man/man7/openssl-quic-concurrency.7ssl.gz", + "/usr/share/man/man7/openssl-quic.7ssl.gz", + "/usr/share/man/man7/openssl-threads.7ssl.gz", + "/usr/share/man/man7/openssl_user_macros.7ssl.gz", + "/usr/share/man/man7/ossl-guide-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-libcrypto-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-libraries-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-libssl-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-migration.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-client-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-client-non-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-multi-stream.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-server-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-server-non-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-tls-client-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-tls-client-non-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-tls-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-tls-server-block.7ssl.gz", + "/usr/share/man/man7/ossl_store-file.7ssl.gz", + "/usr/share/man/man7/ossl_store.7ssl.gz", + "/usr/share/man/man7/passphrase-encoding.7ssl.gz", + "/usr/share/man/man7/property.7ssl.gz", + "/usr/share/man/man7/provider-asym_cipher.7ssl.gz", + "/usr/share/man/man7/provider-base.7ssl.gz", + "/usr/share/man/man7/provider-cipher.7ssl.gz", + "/usr/share/man/man7/provider-decoder.7ssl.gz", + "/usr/share/man/man7/provider-digest.7ssl.gz", + "/usr/share/man/man7/provider-encoder.7ssl.gz", + "/usr/share/man/man7/provider-kdf.7ssl.gz", + "/usr/share/man/man7/provider-kem.7ssl.gz", + "/usr/share/man/man7/provider-keyexch.7ssl.gz", + "/usr/share/man/man7/provider-keymgmt.7ssl.gz", + "/usr/share/man/man7/provider-mac.7ssl.gz", + "/usr/share/man/man7/provider-object.7ssl.gz", + "/usr/share/man/man7/provider-rand.7ssl.gz", + "/usr/share/man/man7/provider-signature.7ssl.gz", + "/usr/share/man/man7/provider-skeymgmt.7ssl.gz", + "/usr/share/man/man7/provider-storemgmt.7ssl.gz", + "/usr/share/man/man7/provider.7ssl.gz", + "/usr/share/man/man7/proxy-certificates.7ssl.gz", + "/usr/share/man/man7/x509.7ssl.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "openssl-provider-legacy@3.5.6-1~deb13u1", + "Name": "openssl-provider-legacy", + "Identifier": { + "PURL": "pkg:deb/debian/openssl-provider-legacy@3.5.6-1~deb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "c38741326d0e034f" + }, + "Version": "3.5.6", + "Release": "1~deb13u1", + "Arch": "amd64", + "SrcName": "openssl", + "SrcVersion": "3.5.6", + "SrcRelease": "1~deb13u1", + "Licenses": [ + "Apache-2.0", + "Artistic-2.0", + "GPL-1.0-or-later", + "GPL-1.0-only" + ], + "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libssl3t64@3.5.6-1~deb13u1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/ossl-modules/legacy.so", + "/usr/share/doc/openssl-provider-legacy/changelog.Debian.gz", + "/usr/share/doc/openssl-provider-legacy/changelog.gz", + "/usr/share/doc/openssl-provider-legacy/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "passwd@1:4.17.4-2", + "Name": "passwd", + "Identifier": { + "PURL": "pkg:deb/debian/passwd@4.17.4-2?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "d93f813ae3092e32" + }, + "Version": "4.17.4", + "Release": "2", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "shadow", + "SrcVersion": "4.17.4", + "SrcRelease": "2", + "SrcEpoch": 1, + "Licenses": [ + "BSD-3-Clause", + "GPL-1.0-only", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "base-passwd@3.6.7", + "libacl1@2.3.2-2+b1", + "libattr1@1:2.5.2-3", + "libaudit1@1:4.0.2-2+b2", + "libbsd0@0.12.2-2", + "libc6@2.41-12+deb13u3", + "libcrypt1@1:4.4.38-1", + "libpam-modules@1.7.0-5", + "libpam0g@1.7.0-5", + "libselinux1@3.8.1-1", + "libsemanage2@3.8.1-1", + "login.defs@1:4.17.4-2" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/chage", + "/usr/bin/chfn", + "/usr/bin/chsh", + "/usr/bin/expiry", + "/usr/bin/gpasswd", + "/usr/bin/passwd", + "/usr/lib/tmpfiles.d/passwd.conf", + "/usr/sbin/chgpasswd", + "/usr/sbin/chpasswd", + "/usr/sbin/groupadd", + "/usr/sbin/groupdel", + "/usr/sbin/groupmod", + "/usr/sbin/grpck", + "/usr/sbin/grpconv", + "/usr/sbin/grpunconv", + "/usr/sbin/newusers", + "/usr/sbin/pwck", + "/usr/sbin/pwconv", + "/usr/sbin/pwunconv", + "/usr/sbin/shadowconfig", + "/usr/sbin/useradd", + "/usr/sbin/userdel", + "/usr/sbin/usermod", + "/usr/sbin/vipw", + "/usr/share/doc/passwd/NEWS.Debian.gz", + "/usr/share/doc/passwd/README.Debian", + "/usr/share/doc/passwd/TODO.Debian", + "/usr/share/doc/passwd/changelog.Debian.gz", + "/usr/share/doc/passwd/changelog.gz", + "/usr/share/doc/passwd/copyright", + "/usr/share/doc/passwd/examples/passwd.expire.cron", + "/usr/share/lintian/overrides/passwd", + "/usr/share/locale/bs/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ca/LC_MESSAGES/shadow.mo", + "/usr/share/locale/cs/LC_MESSAGES/shadow.mo", + "/usr/share/locale/da/LC_MESSAGES/shadow.mo", + "/usr/share/locale/de/LC_MESSAGES/shadow.mo", + "/usr/share/locale/dz/LC_MESSAGES/shadow.mo", + "/usr/share/locale/el/LC_MESSAGES/shadow.mo", + "/usr/share/locale/es/LC_MESSAGES/shadow.mo", + "/usr/share/locale/eu/LC_MESSAGES/shadow.mo", + "/usr/share/locale/fi/LC_MESSAGES/shadow.mo", + "/usr/share/locale/fr/LC_MESSAGES/shadow.mo", + "/usr/share/locale/gl/LC_MESSAGES/shadow.mo", + "/usr/share/locale/he/LC_MESSAGES/shadow.mo", + "/usr/share/locale/hu/LC_MESSAGES/shadow.mo", + "/usr/share/locale/id/LC_MESSAGES/shadow.mo", + "/usr/share/locale/it/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ja/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ka/LC_MESSAGES/shadow.mo", + "/usr/share/locale/kk/LC_MESSAGES/shadow.mo", + "/usr/share/locale/km/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ko/LC_MESSAGES/shadow.mo", + "/usr/share/locale/nb/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ne/LC_MESSAGES/shadow.mo", + "/usr/share/locale/nl/LC_MESSAGES/shadow.mo", + "/usr/share/locale/nn/LC_MESSAGES/shadow.mo", + "/usr/share/locale/pl/LC_MESSAGES/shadow.mo", + "/usr/share/locale/pt/LC_MESSAGES/shadow.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ro/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ru/LC_MESSAGES/shadow.mo", + "/usr/share/locale/sk/LC_MESSAGES/shadow.mo", + "/usr/share/locale/sq/LC_MESSAGES/shadow.mo", + "/usr/share/locale/sv/LC_MESSAGES/shadow.mo", + "/usr/share/locale/tl/LC_MESSAGES/shadow.mo", + "/usr/share/locale/tr/LC_MESSAGES/shadow.mo", + "/usr/share/locale/uk/LC_MESSAGES/shadow.mo", + "/usr/share/locale/vi/LC_MESSAGES/shadow.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/shadow.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/shadow.mo", + "/usr/share/man/cs/man1/expiry.1.gz", + "/usr/share/man/cs/man1/gpasswd.1.gz", + "/usr/share/man/cs/man5/gshadow.5.gz", + "/usr/share/man/cs/man5/passwd.5.gz", + "/usr/share/man/cs/man5/shadow.5.gz", + "/usr/share/man/cs/man8/groupadd.8.gz", + "/usr/share/man/cs/man8/groupdel.8.gz", + "/usr/share/man/cs/man8/groupmod.8.gz", + "/usr/share/man/cs/man8/grpck.8.gz", + "/usr/share/man/cs/man8/vipw.8.gz", + "/usr/share/man/da/man1/chfn.1.gz", + "/usr/share/man/da/man5/gshadow.5.gz", + "/usr/share/man/da/man8/groupdel.8.gz", + "/usr/share/man/da/man8/vipw.8.gz", + "/usr/share/man/de/man1/chage.1.gz", + "/usr/share/man/de/man1/chfn.1.gz", + "/usr/share/man/de/man1/chsh.1.gz", + "/usr/share/man/de/man1/expiry.1.gz", + "/usr/share/man/de/man1/gpasswd.1.gz", + "/usr/share/man/de/man1/passwd.1.gz", + "/usr/share/man/de/man5/gshadow.5.gz", + "/usr/share/man/de/man5/passwd.5.gz", + "/usr/share/man/de/man5/shadow.5.gz", + "/usr/share/man/de/man8/chgpasswd.8.gz", + "/usr/share/man/de/man8/chpasswd.8.gz", + "/usr/share/man/de/man8/groupadd.8.gz", + "/usr/share/man/de/man8/groupdel.8.gz", + "/usr/share/man/de/man8/groupmod.8.gz", + "/usr/share/man/de/man8/grpck.8.gz", + "/usr/share/man/de/man8/newusers.8.gz", + "/usr/share/man/de/man8/pwck.8.gz", + "/usr/share/man/de/man8/pwconv.8.gz", + "/usr/share/man/de/man8/useradd.8.gz", + "/usr/share/man/de/man8/userdel.8.gz", + "/usr/share/man/de/man8/usermod.8.gz", + "/usr/share/man/de/man8/vipw.8.gz", + "/usr/share/man/fi/man1/chfn.1.gz", + "/usr/share/man/fi/man1/chsh.1.gz", + "/usr/share/man/fr/man1/chage.1.gz", + "/usr/share/man/fr/man1/chfn.1.gz", + "/usr/share/man/fr/man1/chsh.1.gz", + "/usr/share/man/fr/man1/expiry.1.gz", + "/usr/share/man/fr/man1/gpasswd.1.gz", + "/usr/share/man/fr/man1/passwd.1.gz", + "/usr/share/man/fr/man5/gshadow.5.gz", + "/usr/share/man/fr/man5/passwd.5.gz", + "/usr/share/man/fr/man5/shadow.5.gz", + "/usr/share/man/fr/man5/subgid.5.gz", + "/usr/share/man/fr/man5/subuid.5.gz", + "/usr/share/man/fr/man8/chgpasswd.8.gz", + "/usr/share/man/fr/man8/chpasswd.8.gz", + "/usr/share/man/fr/man8/groupadd.8.gz", + "/usr/share/man/fr/man8/groupdel.8.gz", + "/usr/share/man/fr/man8/groupmod.8.gz", + "/usr/share/man/fr/man8/grpck.8.gz", + "/usr/share/man/fr/man8/newusers.8.gz", + "/usr/share/man/fr/man8/pwck.8.gz", + "/usr/share/man/fr/man8/pwconv.8.gz", + "/usr/share/man/fr/man8/useradd.8.gz", + "/usr/share/man/fr/man8/userdel.8.gz", + "/usr/share/man/fr/man8/usermod.8.gz", + "/usr/share/man/fr/man8/vipw.8.gz", + "/usr/share/man/hu/man1/chsh.1.gz", + "/usr/share/man/hu/man1/gpasswd.1.gz", + "/usr/share/man/hu/man1/passwd.1.gz", + "/usr/share/man/hu/man5/passwd.5.gz", + "/usr/share/man/id/man1/chsh.1.gz", + "/usr/share/man/id/man8/useradd.8.gz", + "/usr/share/man/it/man1/chage.1.gz", + "/usr/share/man/it/man1/chfn.1.gz", + "/usr/share/man/it/man1/chsh.1.gz", + "/usr/share/man/it/man1/expiry.1.gz", + "/usr/share/man/it/man1/gpasswd.1.gz", + "/usr/share/man/it/man1/passwd.1.gz", + "/usr/share/man/it/man5/gshadow.5.gz", + "/usr/share/man/it/man5/passwd.5.gz", + "/usr/share/man/it/man5/shadow.5.gz", + "/usr/share/man/it/man8/chgpasswd.8.gz", + "/usr/share/man/it/man8/chpasswd.8.gz", + "/usr/share/man/it/man8/groupadd.8.gz", + "/usr/share/man/it/man8/groupdel.8.gz", + "/usr/share/man/it/man8/groupmod.8.gz", + "/usr/share/man/it/man8/grpck.8.gz", + "/usr/share/man/it/man8/newusers.8.gz", + "/usr/share/man/it/man8/pwck.8.gz", + "/usr/share/man/it/man8/pwconv.8.gz", + "/usr/share/man/it/man8/useradd.8.gz", + "/usr/share/man/it/man8/userdel.8.gz", + "/usr/share/man/it/man8/usermod.8.gz", + "/usr/share/man/it/man8/vipw.8.gz", + "/usr/share/man/ja/man1/chage.1.gz", + "/usr/share/man/ja/man1/chfn.1.gz", + "/usr/share/man/ja/man1/chsh.1.gz", + "/usr/share/man/ja/man1/expiry.1.gz", + "/usr/share/man/ja/man1/gpasswd.1.gz", + "/usr/share/man/ja/man1/passwd.1.gz", + "/usr/share/man/ja/man5/passwd.5.gz", + "/usr/share/man/ja/man5/shadow.5.gz", + "/usr/share/man/ja/man8/chpasswd.8.gz", + "/usr/share/man/ja/man8/groupadd.8.gz", + "/usr/share/man/ja/man8/groupdel.8.gz", + "/usr/share/man/ja/man8/groupmod.8.gz", + "/usr/share/man/ja/man8/grpck.8.gz", + "/usr/share/man/ja/man8/newusers.8.gz", + "/usr/share/man/ja/man8/pwck.8.gz", + "/usr/share/man/ja/man8/pwconv.8.gz", + "/usr/share/man/ja/man8/useradd.8.gz", + "/usr/share/man/ja/man8/userdel.8.gz", + "/usr/share/man/ja/man8/usermod.8.gz", + "/usr/share/man/ja/man8/vipw.8.gz", + "/usr/share/man/ko/man1/chfn.1.gz", + "/usr/share/man/ko/man1/chsh.1.gz", + "/usr/share/man/ko/man5/passwd.5.gz", + "/usr/share/man/ko/man8/vipw.8.gz", + "/usr/share/man/man1/chage.1.gz", + "/usr/share/man/man1/chfn.1.gz", + "/usr/share/man/man1/chsh.1.gz", + "/usr/share/man/man1/expiry.1.gz", + "/usr/share/man/man1/gpasswd.1.gz", + "/usr/share/man/man1/passwd.1.gz", + "/usr/share/man/man5/gshadow.5.gz", + "/usr/share/man/man5/passwd.5.gz", + "/usr/share/man/man5/shadow.5.gz", + "/usr/share/man/man5/subgid.5.gz", + "/usr/share/man/man5/subuid.5.gz", + "/usr/share/man/man8/chgpasswd.8.gz", + "/usr/share/man/man8/chpasswd.8.gz", + "/usr/share/man/man8/groupadd.8.gz", + "/usr/share/man/man8/groupdel.8.gz", + "/usr/share/man/man8/groupmod.8.gz", + "/usr/share/man/man8/grpck.8.gz", + "/usr/share/man/man8/newusers.8.gz", + "/usr/share/man/man8/pwck.8.gz", + "/usr/share/man/man8/pwconv.8.gz", + "/usr/share/man/man8/shadowconfig.8.gz", + "/usr/share/man/man8/useradd.8.gz", + "/usr/share/man/man8/userdel.8.gz", + "/usr/share/man/man8/usermod.8.gz", + "/usr/share/man/man8/vipw.8.gz", + "/usr/share/man/pl/man1/chage.1.gz", + "/usr/share/man/pl/man1/chsh.1.gz", + "/usr/share/man/pl/man1/expiry.1.gz", + "/usr/share/man/pl/man8/groupadd.8.gz", + "/usr/share/man/pl/man8/groupdel.8.gz", + "/usr/share/man/pl/man8/groupmod.8.gz", + "/usr/share/man/pl/man8/grpck.8.gz", + "/usr/share/man/pl/man8/userdel.8.gz", + "/usr/share/man/pl/man8/usermod.8.gz", + "/usr/share/man/pl/man8/vipw.8.gz", + "/usr/share/man/pt_BR/man1/gpasswd.1.gz", + "/usr/share/man/pt_BR/man5/passwd.5.gz", + "/usr/share/man/pt_BR/man5/shadow.5.gz", + "/usr/share/man/pt_BR/man8/groupadd.8.gz", + "/usr/share/man/pt_BR/man8/groupdel.8.gz", + "/usr/share/man/pt_BR/man8/groupmod.8.gz", + "/usr/share/man/ru/man1/chage.1.gz", + "/usr/share/man/ru/man1/chfn.1.gz", + "/usr/share/man/ru/man1/chsh.1.gz", + "/usr/share/man/ru/man1/expiry.1.gz", + "/usr/share/man/ru/man1/gpasswd.1.gz", + "/usr/share/man/ru/man1/passwd.1.gz", + "/usr/share/man/ru/man5/gshadow.5.gz", + "/usr/share/man/ru/man5/passwd.5.gz", + "/usr/share/man/ru/man5/shadow.5.gz", + "/usr/share/man/ru/man8/chgpasswd.8.gz", + "/usr/share/man/ru/man8/chpasswd.8.gz", + "/usr/share/man/ru/man8/groupadd.8.gz", + "/usr/share/man/ru/man8/groupdel.8.gz", + "/usr/share/man/ru/man8/groupmod.8.gz", + "/usr/share/man/ru/man8/grpck.8.gz", + "/usr/share/man/ru/man8/newusers.8.gz", + "/usr/share/man/ru/man8/pwck.8.gz", + "/usr/share/man/ru/man8/pwconv.8.gz", + "/usr/share/man/ru/man8/useradd.8.gz", + "/usr/share/man/ru/man8/userdel.8.gz", + "/usr/share/man/ru/man8/usermod.8.gz", + "/usr/share/man/ru/man8/vipw.8.gz", + "/usr/share/man/sv/man1/chage.1.gz", + "/usr/share/man/sv/man1/chsh.1.gz", + "/usr/share/man/sv/man1/expiry.1.gz", + "/usr/share/man/sv/man1/passwd.1.gz", + "/usr/share/man/sv/man5/gshadow.5.gz", + "/usr/share/man/sv/man5/passwd.5.gz", + "/usr/share/man/sv/man8/groupadd.8.gz", + "/usr/share/man/sv/man8/groupdel.8.gz", + "/usr/share/man/sv/man8/groupmod.8.gz", + "/usr/share/man/sv/man8/grpck.8.gz", + "/usr/share/man/sv/man8/pwck.8.gz", + "/usr/share/man/sv/man8/userdel.8.gz", + "/usr/share/man/sv/man8/vipw.8.gz", + "/usr/share/man/tr/man1/chage.1.gz", + "/usr/share/man/tr/man1/chfn.1.gz", + "/usr/share/man/tr/man1/passwd.1.gz", + "/usr/share/man/tr/man5/passwd.5.gz", + "/usr/share/man/tr/man5/shadow.5.gz", + "/usr/share/man/tr/man8/groupadd.8.gz", + "/usr/share/man/tr/man8/groupdel.8.gz", + "/usr/share/man/tr/man8/groupmod.8.gz", + "/usr/share/man/tr/man8/useradd.8.gz", + "/usr/share/man/tr/man8/userdel.8.gz", + "/usr/share/man/tr/man8/usermod.8.gz", + "/usr/share/man/uk/man1/chage.1.gz", + "/usr/share/man/uk/man1/chfn.1.gz", + "/usr/share/man/uk/man1/chsh.1.gz", + "/usr/share/man/uk/man1/expiry.1.gz", + "/usr/share/man/uk/man1/gpasswd.1.gz", + "/usr/share/man/uk/man1/passwd.1.gz", + "/usr/share/man/uk/man5/gshadow.5.gz", + "/usr/share/man/uk/man5/passwd.5.gz", + "/usr/share/man/uk/man5/shadow.5.gz", + "/usr/share/man/uk/man8/chgpasswd.8.gz", + "/usr/share/man/uk/man8/chpasswd.8.gz", + "/usr/share/man/uk/man8/groupadd.8.gz", + "/usr/share/man/uk/man8/groupdel.8.gz", + "/usr/share/man/uk/man8/groupmod.8.gz", + "/usr/share/man/uk/man8/grpck.8.gz", + "/usr/share/man/uk/man8/newusers.8.gz", + "/usr/share/man/uk/man8/pwck.8.gz", + "/usr/share/man/uk/man8/pwconv.8.gz", + "/usr/share/man/uk/man8/useradd.8.gz", + "/usr/share/man/uk/man8/userdel.8.gz", + "/usr/share/man/uk/man8/usermod.8.gz", + "/usr/share/man/uk/man8/vipw.8.gz", + "/usr/share/man/zh_CN/man1/chage.1.gz", + "/usr/share/man/zh_CN/man1/chfn.1.gz", + "/usr/share/man/zh_CN/man1/chsh.1.gz", + "/usr/share/man/zh_CN/man1/expiry.1.gz", + "/usr/share/man/zh_CN/man1/gpasswd.1.gz", + "/usr/share/man/zh_CN/man1/passwd.1.gz", + "/usr/share/man/zh_CN/man5/gshadow.5.gz", + "/usr/share/man/zh_CN/man5/passwd.5.gz", + "/usr/share/man/zh_CN/man5/shadow.5.gz", + "/usr/share/man/zh_CN/man8/chgpasswd.8.gz", + "/usr/share/man/zh_CN/man8/chpasswd.8.gz", + "/usr/share/man/zh_CN/man8/groupadd.8.gz", + "/usr/share/man/zh_CN/man8/groupdel.8.gz", + "/usr/share/man/zh_CN/man8/groupmod.8.gz", + "/usr/share/man/zh_CN/man8/grpck.8.gz", + "/usr/share/man/zh_CN/man8/newusers.8.gz", + "/usr/share/man/zh_CN/man8/pwck.8.gz", + "/usr/share/man/zh_CN/man8/pwconv.8.gz", + "/usr/share/man/zh_CN/man8/useradd.8.gz", + "/usr/share/man/zh_CN/man8/userdel.8.gz", + "/usr/share/man/zh_CN/man8/usermod.8.gz", + "/usr/share/man/zh_CN/man8/vipw.8.gz", + "/usr/share/man/zh_TW/man1/chfn.1.gz", + "/usr/share/man/zh_TW/man1/chsh.1.gz", + "/usr/share/man/zh_TW/man5/passwd.5.gz", + "/usr/share/man/zh_TW/man8/chpasswd.8.gz", + "/usr/share/man/zh_TW/man8/groupadd.8.gz", + "/usr/share/man/zh_TW/man8/groupdel.8.gz", + "/usr/share/man/zh_TW/man8/groupmod.8.gz", + "/usr/share/man/zh_TW/man8/useradd.8.gz", + "/usr/share/man/zh_TW/man8/userdel.8.gz", + "/usr/share/man/zh_TW/man8/usermod.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "perl-base@5.40.1-6", + "Name": "perl-base", + "Identifier": { + "PURL": "pkg:deb/debian/perl-base@5.40.1-6?arch=amd64\u0026distro=debian-13.5", + "UID": "546ba1bdcd66d61" + }, + "Version": "5.40.1", + "Release": "6", + "Arch": "amd64", + "SrcName": "perl", + "SrcVersion": "5.40.1", + "SrcRelease": "6", + "Licenses": [ + "GPL-1.0-or-later", + "Artistic-2.0", + "MIT", + "REGCOMP", + "GPL-2.0-with-bison-exception+", + "Unicode", + "BZIP", + "Zlib", + "GPL-2.0-or-later", + "FSFAP", + "BSD-3-clause-with-weird-numbering", + "CC0-1.0", + "TEXT-TABS", + "BSD-4-clause-POWERDOG", + "BSD-3-clause-GENERIC", + "BSD-3-Clause", + "SDBM-PUBLIC-DOMAIN", + "DONT-CHANGE-THE-GPL", + "Artistic-dist", + "LGPL-2.1-only", + "GPL-1.0-only", + "GPL-2.0-only", + "Artistic-2" + ], + "Maintainer": "Niko Tyni \u003cntyni@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/perl", + "/usr/bin/perl5.40.1", + "/usr/lib/x86_64-linux-gnu/perl-base/AutoLoader.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Carp.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Carp/Heavy.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Config.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Config_git.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/Config_heavy.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/Cwd.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/DynaLoader.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Errno.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Exporter.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Exporter/Heavy.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Fcntl.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Basename.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Glob.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Path.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec/Unix.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Temp.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/FileHandle.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Getopt/Long.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Getopt/Long/Parser.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Hash/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/File.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Handle.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Pipe.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Seekable.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Select.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/INET.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/IP.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/UNIX.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open2.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/List/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/POSIX.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Scalar/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/SelectSaver.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Socket.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Symbol.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Text/ParseWords.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Text/Tabs.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Text/Wrap.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Tie/Hash.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/XSLoader.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/attributes.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/Cwd/Cwd.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/Fcntl/Fcntl.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/File/Glob/Glob.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/Hash/Util/Util.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/IO/IO.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/List/Util/Util.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/POSIX/POSIX.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/Socket/Socket.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/attributes/attributes.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/re/re.so", + "/usr/lib/x86_64-linux-gnu/perl-base/base.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/builtin.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/bytes.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/constant.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/feature.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/fields.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/integer.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/lib.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/locale.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/overload.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/overloading.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/parent.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/re.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/strict.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Age.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bmg.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Cf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Ea.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/EqUIdeo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/GCB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Gc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Hst.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Identif2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Identifi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InPC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InSC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Isc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jg.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFCQC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFDQC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCCF.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCQC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKDQC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Na1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NameAlia.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nv.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/PerlDeci.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/SB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Sc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Scx.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Tc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Uc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Vo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/WB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlLB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlSCX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/NA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V100.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V11.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V110.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V120.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V130.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V140.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V150.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V20.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V30.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V31.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V32.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V40.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V41.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V50.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V51.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V52.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V60.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V61.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V70.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V80.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V90.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Alpha/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/B.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/BN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/CS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/EN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ES.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ET.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/L.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/NSM.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ON.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/R.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/WS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiM/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Blk/NB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/C.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/O.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CE/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CI/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCF/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCM/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWKCF/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWL/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWT/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWU/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Cased/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/A.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/ATAR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/B.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/BR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/DB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NK.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/OV.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/VR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CompEx/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/DI/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dash/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dep/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dia/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Com.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Enc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Fin.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Font.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Init.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Iso.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Med.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nar.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/NonCanon.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sqr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sub.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sup.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Vert.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EBase/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EComp/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EPres/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/A.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/H.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/Na.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/W.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Emoji/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ext/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/ExtPict/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/CN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/EX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LV.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LVT.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/PP.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/SM.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/XX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/C.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/L.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/LC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ll.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/M.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Me.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nd.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/No.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/P.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pd.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pe.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Po.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ps.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/S.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sk.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/So.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Z.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Zs.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrBase/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrExt/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hex/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hst/NA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hyphen/T.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDS/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdStatus/Allowed.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdStatus/Restrict.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/DefaultI.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Exclusio.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Inclusio.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/LimitedU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotChara.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotNFKC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotXID.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Obsolete.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Recommen.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Technica.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Uncommon.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ideo/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/10_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/11_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/13_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/14_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/15_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/7_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/8_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/9_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Bottom.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/BottomAn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Left.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/LeftAndR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/NA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Overstru.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Right.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Top.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndBo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndL2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndLe.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndRi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/VisualOr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Avagraha.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Bindu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Cantilla.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona4.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona5.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona6.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona7.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona8.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona9.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consonan.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Geminati.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Invisibl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Nukta.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Number.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Other.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/PureKill.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Syllable.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/ToneMark.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Virama.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Visarga.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Vowel.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelDep.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelInd.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Ain.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Alef.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Beh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Dal.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/FarsiYeh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Feh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Gaf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Hah.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/HanifiRo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Kaf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Lam.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/NoJoinin.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Noon.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Qaf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Reh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Sad.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Seen.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Tah.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Waw.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Yeh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/C.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/D.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/L.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/R.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/T.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/U.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AI.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CJ.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CM.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/EX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/GL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/ID.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/OP.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PO.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/QU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/SA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/XX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lower/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Math/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/M.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Di.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/None.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Nu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/11.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/12.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/13.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/14.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/15.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/16.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/17.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/18.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/19.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_16.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_4.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_6.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_8.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/200.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2_3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/300.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_16.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_4.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/400.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/500.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/600.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/700.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/800.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/900.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PCM/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PatSyn/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Alnum.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Assigned.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Blank.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Graph.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PerlWord.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PosixPun.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Print.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/SpacePer.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Title.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Word.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/XPosixPu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlAny.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCh2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCha.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlFol.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIsI.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlNch.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPat.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPr2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPro.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlQuo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/QMark/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/AT.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/CL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/EX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/FO.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LE.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LO.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/NU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/SC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/ST.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/Sp.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/UP.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/XX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SD/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/STerm/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Arab.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Beng.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cprt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cyrl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Deva.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Dupl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Geor.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Glag.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gong.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gonm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gran.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Grek.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gujr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Guru.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Han.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hang.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hira.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Kana.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Knda.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Latn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Limb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Linb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mlym.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mong.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mult.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Orya.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Sinh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Syrc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Taml.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Telu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zinh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zyyy.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Adlm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Arab.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Armn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Beng.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bhks.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bopo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cakm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cham.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Copt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cprt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cyrl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Deva.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Diak.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Dupl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Ethi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Geor.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Glag.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gong.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gonm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gran.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Grek.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gujr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Guru.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Han.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hang.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hebr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hira.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmng.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmnp.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kana.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khar.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khmr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khoj.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Knda.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kthi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lana.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lao.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Latn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Limb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lina.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Linb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mlym.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mong.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mult.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mymr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Nand.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Nko.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Orya.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Phlp.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Rohg.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Shrd.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sind.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sinh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Syrc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tagb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Takr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Talu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Taml.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tang.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Telu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Thaa.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tibt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tirh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Vith.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Xsux.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Yezi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Yi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zinh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zyyy.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zzzz.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Term/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/UIdeo/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Upper/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/VS/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/R.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/U.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/EX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/Extend.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/FO.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/HL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/KA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/LE.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/ML.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/NU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/WSegSpac.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/XX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDS/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/utf8.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/vars.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/warnings.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/warnings/register.pm", + "/usr/share/doc/perl-base/changelog.Debian.gz", + "/usr/share/doc/perl-base/changelog.gz", + "/usr/share/doc/perl-base/copyright", + "/usr/share/doc/perl/AUTHORS.gz", + "/usr/share/doc/perl/Documentation", + "/usr/share/lintian/overrides/perl-base", + "/usr/share/man/man1/perl.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "readline-common@8.2-6", + "Name": "readline-common", + "Identifier": { + "PURL": "pkg:deb/debian/readline-common@8.2-6?arch=all\u0026distro=debian-13.5", + "UID": "e762758a1681f62e" + }, + "Version": "8.2", + "Release": "6", + "Arch": "all", + "SrcName": "readline", + "SrcVersion": "8.2", + "SrcRelease": "6", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only", + "GPL-2.0-or-later", + "GPL-2.0-only", + "GFDL-1.3-no-invariants-or-later", + "GFDL-1.3-or-later", + "ISC-no-attribution" + ], + "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "InstalledFiles": [ + "/usr/share/doc/readline-common/changelog.Debian.gz", + "/usr/share/doc/readline-common/changelog.gz", + "/usr/share/doc/readline-common/copyright", + "/usr/share/doc/readline-common/inputrc.arrows", + "/usr/share/info/rluserman.info.gz", + "/usr/share/lintian/overrides/readline-common", + "/usr/share/man/man3/history.3readline.gz", + "/usr/share/man/man3/readline.3readline.gz", + "/usr/share/readline/inputrc" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "sed@4.9-2+deb13u1", + "Name": "sed", + "Identifier": { + "PURL": "pkg:deb/debian/sed@4.9-2%2Bdeb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "a041ea16982bb927" + }, + "Version": "4.9", + "Release": "2+deb13u1", + "Arch": "amd64", + "SrcName": "sed", + "SrcVersion": "4.9", + "SrcRelease": "2+deb13u1", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only", + "X11", + "GFDL-1.3-no-invariants-or-later", + "GFDL-1.3-only", + "ISC", + "BSD-4-Clause-UC", + "BSL-1", + "pcre" + ], + "Maintainer": "Clint Adams \u003cclint@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/sed", + "/usr/share/doc/sed/AUTHORS", + "/usr/share/doc/sed/BUGS.gz", + "/usr/share/doc/sed/NEWS.gz", + "/usr/share/doc/sed/README", + "/usr/share/doc/sed/THANKS.gz", + "/usr/share/doc/sed/changelog.Debian.gz", + "/usr/share/doc/sed/changelog.gz", + "/usr/share/doc/sed/copyright", + "/usr/share/doc/sed/examples/dc.sed", + "/usr/share/doc/sed/sedfaq.txt.gz", + "/usr/share/info/sed.info.gz", + "/usr/share/locale/af/LC_MESSAGES/sed.mo", + "/usr/share/locale/ast/LC_MESSAGES/sed.mo", + "/usr/share/locale/bg/LC_MESSAGES/sed.mo", + "/usr/share/locale/ca/LC_MESSAGES/sed.mo", + "/usr/share/locale/cs/LC_MESSAGES/sed.mo", + "/usr/share/locale/da/LC_MESSAGES/sed.mo", + "/usr/share/locale/de/LC_MESSAGES/sed.mo", + "/usr/share/locale/el/LC_MESSAGES/sed.mo", + "/usr/share/locale/eo/LC_MESSAGES/sed.mo", + "/usr/share/locale/es/LC_MESSAGES/sed.mo", + "/usr/share/locale/et/LC_MESSAGES/sed.mo", + "/usr/share/locale/eu/LC_MESSAGES/sed.mo", + "/usr/share/locale/fi/LC_MESSAGES/sed.mo", + "/usr/share/locale/fr/LC_MESSAGES/sed.mo", + "/usr/share/locale/ga/LC_MESSAGES/sed.mo", + "/usr/share/locale/gl/LC_MESSAGES/sed.mo", + "/usr/share/locale/he/LC_MESSAGES/sed.mo", + "/usr/share/locale/hr/LC_MESSAGES/sed.mo", + "/usr/share/locale/hu/LC_MESSAGES/sed.mo", + "/usr/share/locale/id/LC_MESSAGES/sed.mo", + "/usr/share/locale/it/LC_MESSAGES/sed.mo", + "/usr/share/locale/ja/LC_MESSAGES/sed.mo", + "/usr/share/locale/ka/LC_MESSAGES/sed.mo", + "/usr/share/locale/ko/LC_MESSAGES/sed.mo", + "/usr/share/locale/nb/LC_MESSAGES/sed.mo", + "/usr/share/locale/nl/LC_MESSAGES/sed.mo", + "/usr/share/locale/pl/LC_MESSAGES/sed.mo", + "/usr/share/locale/pt/LC_MESSAGES/sed.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/sed.mo", + "/usr/share/locale/ro/LC_MESSAGES/sed.mo", + "/usr/share/locale/ru/LC_MESSAGES/sed.mo", + "/usr/share/locale/sk/LC_MESSAGES/sed.mo", + "/usr/share/locale/sl/LC_MESSAGES/sed.mo", + "/usr/share/locale/sr/LC_MESSAGES/sed.mo", + "/usr/share/locale/sv/LC_MESSAGES/sed.mo", + "/usr/share/locale/tr/LC_MESSAGES/sed.mo", + "/usr/share/locale/uk/LC_MESSAGES/sed.mo", + "/usr/share/locale/vi/LC_MESSAGES/sed.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/sed.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/sed.mo", + "/usr/share/man/man1/sed.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "sqv@1.3.0-3+b2", + "Name": "sqv", + "Identifier": { + "PURL": "pkg:deb/debian/sqv@1.3.0-3%2Bb2?arch=amd64\u0026distro=debian-13.5", + "UID": "2bf11ffe79190750" + }, + "Version": "1.3.0", + "Release": "3+b2", + "Arch": "amd64", + "SrcName": "rust-sequoia-sqv", + "SrcVersion": "1.3.0", + "SrcRelease": "3", + "Licenses": [ + "LGPL-2.0-or-later", + "LGPL-2.0-only" + ], + "Maintainer": "Debian Rust Maintainers \u003cpkg-rust-maintainers@alioth-lists.debian.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libgcc-s1@14.2.0-19", + "libgmp10@2:6.3.0+dfsg-3", + "libhogweed6t64@3.10.1-1", + "libnettle8t64@3.10.1-1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/sqv", + "/usr/share/bash-completion/completions/sqv.bash", + "/usr/share/doc/sqv/NEWS.gz", + "/usr/share/doc/sqv/changelog.Debian.amd64.gz", + "/usr/share/doc/sqv/changelog.Debian.gz", + "/usr/share/doc/sqv/copyright", + "/usr/share/fish/completions/sqv.fish", + "/usr/share/man/man1/sqv.1.gz", + "/usr/share/zsh/vendor-completions/_sqv" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "sysvinit-utils@3.14-4", + "Name": "sysvinit-utils", + "Identifier": { + "PURL": "pkg:deb/debian/sysvinit-utils@3.14-4?arch=amd64\u0026distro=debian-13.5", + "UID": "f7fb888c58ca826e" + }, + "Version": "3.14", + "Release": "4", + "Arch": "amd64", + "SrcName": "sysvinit", + "SrcVersion": "3.14", + "SrcRelease": "4", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later", + "GPL-3.0-only", + "GPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Debian sysvinit maintainers \u003cdebian-init-diversity@chiark.greenend.org.uk\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/init/init-d-script", + "/usr/lib/init/vars.sh", + "/usr/lib/lsb/init-functions", + "/usr/lib/lsb/init-functions.d/00-verbose", + "/usr/sbin/fstab-decode", + "/usr/sbin/killall5", + "/usr/share/doc/sysvinit-utils/changelog.Debian.gz", + "/usr/share/doc/sysvinit-utils/copyright", + "/usr/share/man/man5/init-d-script.5.gz", + "/usr/share/man/man8/fstab-decode.8.gz", + "/usr/share/man/man8/killall5.8.gz", + "/usr/share/man/man8/pidof.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "tar@1.35+dfsg-3.1", + "Name": "tar", + "Identifier": { + "PURL": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?arch=amd64\u0026distro=debian-13.5", + "UID": "4f69996c49afbaca" + }, + "Version": "1.35+dfsg", + "Release": "3.1", + "Arch": "amd64", + "SrcName": "tar", + "SrcVersion": "1.35+dfsg", + "SrcRelease": "3.1", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "LGPL-2.1-or-later", + "LGPL-2.1-only", + "LGPL-3.0-or-later", + "LGPL-3.0-only", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Janos Lenart \u003cocsi@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/tar", + "/usr/lib/mime/packages/tar", + "/usr/sbin/rmt-tar", + "/usr/sbin/tarcat", + "/usr/share/doc/tar/AUTHORS", + "/usr/share/doc/tar/NEWS.gz", + "/usr/share/doc/tar/README.Debian", + "/usr/share/doc/tar/THANKS.gz", + "/usr/share/doc/tar/changelog.1.gz", + "/usr/share/doc/tar/changelog.Debian.gz", + "/usr/share/doc/tar/changelog.gz", + "/usr/share/doc/tar/copyright", + "/usr/share/locale/bg/LC_MESSAGES/tar.mo", + "/usr/share/locale/ca/LC_MESSAGES/tar.mo", + "/usr/share/locale/cs/LC_MESSAGES/tar.mo", + "/usr/share/locale/da/LC_MESSAGES/tar.mo", + "/usr/share/locale/de/LC_MESSAGES/tar.mo", + "/usr/share/locale/el/LC_MESSAGES/tar.mo", + "/usr/share/locale/eo/LC_MESSAGES/tar.mo", + "/usr/share/locale/es/LC_MESSAGES/tar.mo", + "/usr/share/locale/et/LC_MESSAGES/tar.mo", + "/usr/share/locale/eu/LC_MESSAGES/tar.mo", + "/usr/share/locale/fi/LC_MESSAGES/tar.mo", + "/usr/share/locale/fr/LC_MESSAGES/tar.mo", + "/usr/share/locale/ga/LC_MESSAGES/tar.mo", + "/usr/share/locale/gl/LC_MESSAGES/tar.mo", + "/usr/share/locale/hr/LC_MESSAGES/tar.mo", + "/usr/share/locale/hu/LC_MESSAGES/tar.mo", + "/usr/share/locale/id/LC_MESSAGES/tar.mo", + "/usr/share/locale/it/LC_MESSAGES/tar.mo", + "/usr/share/locale/ja/LC_MESSAGES/tar.mo", + "/usr/share/locale/ka/LC_MESSAGES/tar.mo", + "/usr/share/locale/ko/LC_MESSAGES/tar.mo", + "/usr/share/locale/ky/LC_MESSAGES/tar.mo", + "/usr/share/locale/ms/LC_MESSAGES/tar.mo", + "/usr/share/locale/nb/LC_MESSAGES/tar.mo", + "/usr/share/locale/nl/LC_MESSAGES/tar.mo", + "/usr/share/locale/pl/LC_MESSAGES/tar.mo", + "/usr/share/locale/pt/LC_MESSAGES/tar.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/tar.mo", + "/usr/share/locale/ro/LC_MESSAGES/tar.mo", + "/usr/share/locale/ru/LC_MESSAGES/tar.mo", + "/usr/share/locale/sk/LC_MESSAGES/tar.mo", + "/usr/share/locale/sl/LC_MESSAGES/tar.mo", + "/usr/share/locale/sr/LC_MESSAGES/tar.mo", + "/usr/share/locale/sv/LC_MESSAGES/tar.mo", + "/usr/share/locale/tr/LC_MESSAGES/tar.mo", + "/usr/share/locale/uk/LC_MESSAGES/tar.mo", + "/usr/share/locale/vi/LC_MESSAGES/tar.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/tar.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/tar.mo", + "/usr/share/man/man1/tar.1.gz", + "/usr/share/man/man1/tarcat.1.gz", + "/usr/share/man/man8/rmt-tar.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "tzdata@2026b-0+deb13u1", + "Name": "tzdata", + "Identifier": { + "PURL": "pkg:deb/debian/tzdata@2026b-0%2Bdeb13u1?arch=all\u0026distro=debian-13.5", + "UID": "9e352e373d8245f0" + }, + "Version": "2026b", + "Release": "0+deb13u1", + "Arch": "all", + "SrcName": "tzdata", + "SrcVersion": "2026b", + "SrcRelease": "0+deb13u1", + "Licenses": [ + "public-domain" + ], + "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.91" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/share/doc/tzdata/NEWS.Debian.gz", + "/usr/share/doc/tzdata/README.Debian", + "/usr/share/doc/tzdata/changelog.Debian.gz", + "/usr/share/doc/tzdata/changelog.gz", + "/usr/share/doc/tzdata/copyright", + "/usr/share/lintian/overrides/tzdata", + "/usr/share/zoneinfo/Africa/Abidjan", + "/usr/share/zoneinfo/Africa/Accra", + "/usr/share/zoneinfo/Africa/Addis_Ababa", + "/usr/share/zoneinfo/Africa/Algiers", + "/usr/share/zoneinfo/Africa/Asmara", + "/usr/share/zoneinfo/Africa/Bamako", + "/usr/share/zoneinfo/Africa/Bangui", + "/usr/share/zoneinfo/Africa/Banjul", + "/usr/share/zoneinfo/Africa/Bissau", + "/usr/share/zoneinfo/Africa/Blantyre", + "/usr/share/zoneinfo/Africa/Brazzaville", + "/usr/share/zoneinfo/Africa/Bujumbura", + "/usr/share/zoneinfo/Africa/Cairo", + "/usr/share/zoneinfo/Africa/Casablanca", + "/usr/share/zoneinfo/Africa/Ceuta", + "/usr/share/zoneinfo/Africa/Conakry", + "/usr/share/zoneinfo/Africa/Dakar", + "/usr/share/zoneinfo/Africa/Dar_es_Salaam", + "/usr/share/zoneinfo/Africa/Djibouti", + "/usr/share/zoneinfo/Africa/Douala", + "/usr/share/zoneinfo/Africa/El_Aaiun", + "/usr/share/zoneinfo/Africa/Freetown", + "/usr/share/zoneinfo/Africa/Gaborone", + "/usr/share/zoneinfo/Africa/Harare", + "/usr/share/zoneinfo/Africa/Johannesburg", + "/usr/share/zoneinfo/Africa/Juba", + "/usr/share/zoneinfo/Africa/Kampala", + "/usr/share/zoneinfo/Africa/Khartoum", + "/usr/share/zoneinfo/Africa/Kigali", + "/usr/share/zoneinfo/Africa/Kinshasa", + "/usr/share/zoneinfo/Africa/Lagos", + "/usr/share/zoneinfo/Africa/Libreville", + "/usr/share/zoneinfo/Africa/Lome", + "/usr/share/zoneinfo/Africa/Luanda", + "/usr/share/zoneinfo/Africa/Lubumbashi", + "/usr/share/zoneinfo/Africa/Lusaka", + "/usr/share/zoneinfo/Africa/Malabo", + "/usr/share/zoneinfo/Africa/Maputo", + "/usr/share/zoneinfo/Africa/Maseru", + "/usr/share/zoneinfo/Africa/Mbabane", + "/usr/share/zoneinfo/Africa/Mogadishu", + "/usr/share/zoneinfo/Africa/Monrovia", + "/usr/share/zoneinfo/Africa/Nairobi", + "/usr/share/zoneinfo/Africa/Ndjamena", + "/usr/share/zoneinfo/Africa/Niamey", + "/usr/share/zoneinfo/Africa/Nouakchott", + "/usr/share/zoneinfo/Africa/Ouagadougou", + "/usr/share/zoneinfo/Africa/Porto-Novo", + "/usr/share/zoneinfo/Africa/Sao_Tome", + "/usr/share/zoneinfo/Africa/Tripoli", + "/usr/share/zoneinfo/Africa/Tunis", + "/usr/share/zoneinfo/Africa/Windhoek", + "/usr/share/zoneinfo/America/Adak", + "/usr/share/zoneinfo/America/Anchorage", + "/usr/share/zoneinfo/America/Anguilla", + "/usr/share/zoneinfo/America/Antigua", + "/usr/share/zoneinfo/America/Araguaina", + "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", + "/usr/share/zoneinfo/America/Argentina/Catamarca", + "/usr/share/zoneinfo/America/Argentina/Cordoba", + "/usr/share/zoneinfo/America/Argentina/Jujuy", + "/usr/share/zoneinfo/America/Argentina/La_Rioja", + "/usr/share/zoneinfo/America/Argentina/Mendoza", + "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", + "/usr/share/zoneinfo/America/Argentina/Salta", + "/usr/share/zoneinfo/America/Argentina/San_Juan", + "/usr/share/zoneinfo/America/Argentina/San_Luis", + "/usr/share/zoneinfo/America/Argentina/Tucuman", + "/usr/share/zoneinfo/America/Argentina/Ushuaia", + "/usr/share/zoneinfo/America/Aruba", + "/usr/share/zoneinfo/America/Asuncion", + "/usr/share/zoneinfo/America/Atikokan", + "/usr/share/zoneinfo/America/Bahia", + "/usr/share/zoneinfo/America/Bahia_Banderas", + "/usr/share/zoneinfo/America/Barbados", + "/usr/share/zoneinfo/America/Belem", + "/usr/share/zoneinfo/America/Belize", + "/usr/share/zoneinfo/America/Blanc-Sablon", + "/usr/share/zoneinfo/America/Boa_Vista", + "/usr/share/zoneinfo/America/Bogota", + "/usr/share/zoneinfo/America/Boise", + "/usr/share/zoneinfo/America/Cambridge_Bay", + "/usr/share/zoneinfo/America/Campo_Grande", + "/usr/share/zoneinfo/America/Cancun", + "/usr/share/zoneinfo/America/Caracas", + "/usr/share/zoneinfo/America/Cayenne", + "/usr/share/zoneinfo/America/Cayman", + "/usr/share/zoneinfo/America/Chicago", + "/usr/share/zoneinfo/America/Chihuahua", + "/usr/share/zoneinfo/America/Ciudad_Juarez", + "/usr/share/zoneinfo/America/Costa_Rica", + "/usr/share/zoneinfo/America/Coyhaique", + "/usr/share/zoneinfo/America/Creston", + "/usr/share/zoneinfo/America/Cuiaba", + "/usr/share/zoneinfo/America/Curacao", + "/usr/share/zoneinfo/America/Danmarkshavn", + "/usr/share/zoneinfo/America/Dawson", + "/usr/share/zoneinfo/America/Dawson_Creek", + "/usr/share/zoneinfo/America/Denver", + "/usr/share/zoneinfo/America/Detroit", + "/usr/share/zoneinfo/America/Dominica", + "/usr/share/zoneinfo/America/Edmonton", + "/usr/share/zoneinfo/America/Eirunepe", + "/usr/share/zoneinfo/America/El_Salvador", + "/usr/share/zoneinfo/America/Fort_Nelson", + "/usr/share/zoneinfo/America/Fortaleza", + "/usr/share/zoneinfo/America/Glace_Bay", + "/usr/share/zoneinfo/America/Goose_Bay", + "/usr/share/zoneinfo/America/Grand_Turk", + "/usr/share/zoneinfo/America/Grenada", + "/usr/share/zoneinfo/America/Guadeloupe", + "/usr/share/zoneinfo/America/Guatemala", + "/usr/share/zoneinfo/America/Guayaquil", + "/usr/share/zoneinfo/America/Guyana", + "/usr/share/zoneinfo/America/Halifax", + "/usr/share/zoneinfo/America/Havana", + "/usr/share/zoneinfo/America/Hermosillo", + "/usr/share/zoneinfo/America/Indiana/Indianapolis", + "/usr/share/zoneinfo/America/Indiana/Knox", + "/usr/share/zoneinfo/America/Indiana/Marengo", + "/usr/share/zoneinfo/America/Indiana/Petersburg", + "/usr/share/zoneinfo/America/Indiana/Tell_City", + "/usr/share/zoneinfo/America/Indiana/Vevay", + "/usr/share/zoneinfo/America/Indiana/Vincennes", + "/usr/share/zoneinfo/America/Indiana/Winamac", + "/usr/share/zoneinfo/America/Inuvik", + "/usr/share/zoneinfo/America/Iqaluit", + "/usr/share/zoneinfo/America/Jamaica", + "/usr/share/zoneinfo/America/Juneau", + "/usr/share/zoneinfo/America/Kentucky/Louisville", + "/usr/share/zoneinfo/America/Kentucky/Monticello", + "/usr/share/zoneinfo/America/La_Paz", + "/usr/share/zoneinfo/America/Lima", + "/usr/share/zoneinfo/America/Los_Angeles", + "/usr/share/zoneinfo/America/Maceio", + "/usr/share/zoneinfo/America/Managua", + "/usr/share/zoneinfo/America/Manaus", + "/usr/share/zoneinfo/America/Martinique", + "/usr/share/zoneinfo/America/Matamoros", + "/usr/share/zoneinfo/America/Mazatlan", + "/usr/share/zoneinfo/America/Menominee", + "/usr/share/zoneinfo/America/Merida", + "/usr/share/zoneinfo/America/Metlakatla", + "/usr/share/zoneinfo/America/Mexico_City", + "/usr/share/zoneinfo/America/Miquelon", + "/usr/share/zoneinfo/America/Moncton", + "/usr/share/zoneinfo/America/Monterrey", + "/usr/share/zoneinfo/America/Montevideo", + "/usr/share/zoneinfo/America/Montserrat", + "/usr/share/zoneinfo/America/Nassau", + "/usr/share/zoneinfo/America/New_York", + "/usr/share/zoneinfo/America/Nome", + "/usr/share/zoneinfo/America/Noronha", + "/usr/share/zoneinfo/America/North_Dakota/Beulah", + "/usr/share/zoneinfo/America/North_Dakota/Center", + "/usr/share/zoneinfo/America/North_Dakota/New_Salem", + "/usr/share/zoneinfo/America/Nuuk", + "/usr/share/zoneinfo/America/Ojinaga", + "/usr/share/zoneinfo/America/Panama", + "/usr/share/zoneinfo/America/Paramaribo", + "/usr/share/zoneinfo/America/Phoenix", + "/usr/share/zoneinfo/America/Port-au-Prince", + "/usr/share/zoneinfo/America/Port_of_Spain", + "/usr/share/zoneinfo/America/Porto_Velho", + "/usr/share/zoneinfo/America/Puerto_Rico", + "/usr/share/zoneinfo/America/Punta_Arenas", + "/usr/share/zoneinfo/America/Rankin_Inlet", + "/usr/share/zoneinfo/America/Recife", + "/usr/share/zoneinfo/America/Regina", + "/usr/share/zoneinfo/America/Resolute", + "/usr/share/zoneinfo/America/Rio_Branco", + "/usr/share/zoneinfo/America/Santarem", + "/usr/share/zoneinfo/America/Santiago", + "/usr/share/zoneinfo/America/Santo_Domingo", + "/usr/share/zoneinfo/America/Sao_Paulo", + "/usr/share/zoneinfo/America/Scoresbysund", + "/usr/share/zoneinfo/America/Sitka", + "/usr/share/zoneinfo/America/St_Johns", + "/usr/share/zoneinfo/America/St_Kitts", + "/usr/share/zoneinfo/America/St_Lucia", + "/usr/share/zoneinfo/America/St_Thomas", + "/usr/share/zoneinfo/America/St_Vincent", + "/usr/share/zoneinfo/America/Swift_Current", + "/usr/share/zoneinfo/America/Tegucigalpa", + "/usr/share/zoneinfo/America/Thule", + "/usr/share/zoneinfo/America/Tijuana", + "/usr/share/zoneinfo/America/Toronto", + "/usr/share/zoneinfo/America/Tortola", + "/usr/share/zoneinfo/America/Vancouver", + "/usr/share/zoneinfo/America/Whitehorse", + "/usr/share/zoneinfo/America/Winnipeg", + "/usr/share/zoneinfo/America/Yakutat", + "/usr/share/zoneinfo/Antarctica/Casey", + "/usr/share/zoneinfo/Antarctica/Davis", + "/usr/share/zoneinfo/Antarctica/DumontDUrville", + "/usr/share/zoneinfo/Antarctica/Macquarie", + "/usr/share/zoneinfo/Antarctica/Mawson", + "/usr/share/zoneinfo/Antarctica/McMurdo", + "/usr/share/zoneinfo/Antarctica/Palmer", + "/usr/share/zoneinfo/Antarctica/Rothera", + "/usr/share/zoneinfo/Antarctica/Syowa", + "/usr/share/zoneinfo/Antarctica/Troll", + "/usr/share/zoneinfo/Antarctica/Vostok", + "/usr/share/zoneinfo/Asia/Aden", + "/usr/share/zoneinfo/Asia/Almaty", + "/usr/share/zoneinfo/Asia/Amman", + "/usr/share/zoneinfo/Asia/Anadyr", + "/usr/share/zoneinfo/Asia/Aqtau", + "/usr/share/zoneinfo/Asia/Aqtobe", + "/usr/share/zoneinfo/Asia/Ashgabat", + "/usr/share/zoneinfo/Asia/Atyrau", + "/usr/share/zoneinfo/Asia/Baghdad", + "/usr/share/zoneinfo/Asia/Bahrain", + "/usr/share/zoneinfo/Asia/Baku", + "/usr/share/zoneinfo/Asia/Bangkok", + "/usr/share/zoneinfo/Asia/Barnaul", + "/usr/share/zoneinfo/Asia/Beirut", + "/usr/share/zoneinfo/Asia/Bishkek", + "/usr/share/zoneinfo/Asia/Brunei", + "/usr/share/zoneinfo/Asia/Chita", + "/usr/share/zoneinfo/Asia/Colombo", + "/usr/share/zoneinfo/Asia/Damascus", + "/usr/share/zoneinfo/Asia/Dhaka", + "/usr/share/zoneinfo/Asia/Dili", + "/usr/share/zoneinfo/Asia/Dubai", + "/usr/share/zoneinfo/Asia/Dushanbe", + "/usr/share/zoneinfo/Asia/Famagusta", + "/usr/share/zoneinfo/Asia/Gaza", + "/usr/share/zoneinfo/Asia/Hebron", + "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", + "/usr/share/zoneinfo/Asia/Hong_Kong", + "/usr/share/zoneinfo/Asia/Hovd", + "/usr/share/zoneinfo/Asia/Irkutsk", + "/usr/share/zoneinfo/Asia/Jakarta", + "/usr/share/zoneinfo/Asia/Jayapura", + "/usr/share/zoneinfo/Asia/Jerusalem", + "/usr/share/zoneinfo/Asia/Kabul", + "/usr/share/zoneinfo/Asia/Kamchatka", + "/usr/share/zoneinfo/Asia/Karachi", + "/usr/share/zoneinfo/Asia/Kathmandu", + "/usr/share/zoneinfo/Asia/Khandyga", + "/usr/share/zoneinfo/Asia/Kolkata", + "/usr/share/zoneinfo/Asia/Krasnoyarsk", + "/usr/share/zoneinfo/Asia/Kuala_Lumpur", + "/usr/share/zoneinfo/Asia/Kuching", + "/usr/share/zoneinfo/Asia/Kuwait", + "/usr/share/zoneinfo/Asia/Macau", + "/usr/share/zoneinfo/Asia/Magadan", + "/usr/share/zoneinfo/Asia/Makassar", + "/usr/share/zoneinfo/Asia/Manila", + "/usr/share/zoneinfo/Asia/Muscat", + "/usr/share/zoneinfo/Asia/Nicosia", + "/usr/share/zoneinfo/Asia/Novokuznetsk", + "/usr/share/zoneinfo/Asia/Novosibirsk", + "/usr/share/zoneinfo/Asia/Omsk", + "/usr/share/zoneinfo/Asia/Oral", + "/usr/share/zoneinfo/Asia/Phnom_Penh", + "/usr/share/zoneinfo/Asia/Pontianak", + "/usr/share/zoneinfo/Asia/Pyongyang", + "/usr/share/zoneinfo/Asia/Qatar", + "/usr/share/zoneinfo/Asia/Qostanay", + "/usr/share/zoneinfo/Asia/Qyzylorda", + "/usr/share/zoneinfo/Asia/Riyadh", + "/usr/share/zoneinfo/Asia/Sakhalin", + "/usr/share/zoneinfo/Asia/Samarkand", + "/usr/share/zoneinfo/Asia/Seoul", + "/usr/share/zoneinfo/Asia/Shanghai", + "/usr/share/zoneinfo/Asia/Singapore", + "/usr/share/zoneinfo/Asia/Srednekolymsk", + "/usr/share/zoneinfo/Asia/Taipei", + "/usr/share/zoneinfo/Asia/Tashkent", + "/usr/share/zoneinfo/Asia/Tbilisi", + "/usr/share/zoneinfo/Asia/Tehran", + "/usr/share/zoneinfo/Asia/Thimphu", + "/usr/share/zoneinfo/Asia/Tokyo", + "/usr/share/zoneinfo/Asia/Tomsk", + "/usr/share/zoneinfo/Asia/Ulaanbaatar", + "/usr/share/zoneinfo/Asia/Urumqi", + "/usr/share/zoneinfo/Asia/Ust-Nera", + "/usr/share/zoneinfo/Asia/Vientiane", + "/usr/share/zoneinfo/Asia/Vladivostok", + "/usr/share/zoneinfo/Asia/Yakutsk", + "/usr/share/zoneinfo/Asia/Yangon", + "/usr/share/zoneinfo/Asia/Yekaterinburg", + "/usr/share/zoneinfo/Asia/Yerevan", + "/usr/share/zoneinfo/Atlantic/Azores", + "/usr/share/zoneinfo/Atlantic/Bermuda", + "/usr/share/zoneinfo/Atlantic/Canary", + "/usr/share/zoneinfo/Atlantic/Cape_Verde", + "/usr/share/zoneinfo/Atlantic/Faroe", + "/usr/share/zoneinfo/Atlantic/Madeira", + "/usr/share/zoneinfo/Atlantic/Reykjavik", + "/usr/share/zoneinfo/Atlantic/South_Georgia", + "/usr/share/zoneinfo/Atlantic/St_Helena", + "/usr/share/zoneinfo/Atlantic/Stanley", + "/usr/share/zoneinfo/Australia/Adelaide", + "/usr/share/zoneinfo/Australia/Brisbane", + "/usr/share/zoneinfo/Australia/Broken_Hill", + "/usr/share/zoneinfo/Australia/Darwin", + "/usr/share/zoneinfo/Australia/Eucla", + "/usr/share/zoneinfo/Australia/Hobart", + "/usr/share/zoneinfo/Australia/Lindeman", + "/usr/share/zoneinfo/Australia/Lord_Howe", + "/usr/share/zoneinfo/Australia/Melbourne", + "/usr/share/zoneinfo/Australia/Perth", + "/usr/share/zoneinfo/Australia/Sydney", + "/usr/share/zoneinfo/Etc/GMT", + "/usr/share/zoneinfo/Etc/GMT+1", + "/usr/share/zoneinfo/Etc/GMT+10", + "/usr/share/zoneinfo/Etc/GMT+11", + "/usr/share/zoneinfo/Etc/GMT+12", + "/usr/share/zoneinfo/Etc/GMT+2", + "/usr/share/zoneinfo/Etc/GMT+3", + "/usr/share/zoneinfo/Etc/GMT+4", + "/usr/share/zoneinfo/Etc/GMT+5", + "/usr/share/zoneinfo/Etc/GMT+6", + "/usr/share/zoneinfo/Etc/GMT+7", + "/usr/share/zoneinfo/Etc/GMT+8", + "/usr/share/zoneinfo/Etc/GMT+9", + "/usr/share/zoneinfo/Etc/GMT-1", + "/usr/share/zoneinfo/Etc/GMT-10", + "/usr/share/zoneinfo/Etc/GMT-11", + "/usr/share/zoneinfo/Etc/GMT-12", + "/usr/share/zoneinfo/Etc/GMT-13", + "/usr/share/zoneinfo/Etc/GMT-14", + "/usr/share/zoneinfo/Etc/GMT-2", + "/usr/share/zoneinfo/Etc/GMT-3", + "/usr/share/zoneinfo/Etc/GMT-4", + "/usr/share/zoneinfo/Etc/GMT-5", + "/usr/share/zoneinfo/Etc/GMT-6", + "/usr/share/zoneinfo/Etc/GMT-7", + "/usr/share/zoneinfo/Etc/GMT-8", + "/usr/share/zoneinfo/Etc/GMT-9", + "/usr/share/zoneinfo/Etc/UTC", + "/usr/share/zoneinfo/Europe/Amsterdam", + "/usr/share/zoneinfo/Europe/Andorra", + "/usr/share/zoneinfo/Europe/Astrakhan", + "/usr/share/zoneinfo/Europe/Athens", + "/usr/share/zoneinfo/Europe/Belgrade", + "/usr/share/zoneinfo/Europe/Berlin", + "/usr/share/zoneinfo/Europe/Brussels", + "/usr/share/zoneinfo/Europe/Bucharest", + "/usr/share/zoneinfo/Europe/Budapest", + "/usr/share/zoneinfo/Europe/Chisinau", + "/usr/share/zoneinfo/Europe/Copenhagen", + "/usr/share/zoneinfo/Europe/Dublin", + "/usr/share/zoneinfo/Europe/Gibraltar", + "/usr/share/zoneinfo/Europe/Guernsey", + "/usr/share/zoneinfo/Europe/Helsinki", + "/usr/share/zoneinfo/Europe/Isle_of_Man", + "/usr/share/zoneinfo/Europe/Istanbul", + "/usr/share/zoneinfo/Europe/Jersey", + "/usr/share/zoneinfo/Europe/Kaliningrad", + "/usr/share/zoneinfo/Europe/Kirov", + "/usr/share/zoneinfo/Europe/Kyiv", + "/usr/share/zoneinfo/Europe/Lisbon", + "/usr/share/zoneinfo/Europe/Ljubljana", + "/usr/share/zoneinfo/Europe/London", + "/usr/share/zoneinfo/Europe/Luxembourg", + "/usr/share/zoneinfo/Europe/Madrid", + "/usr/share/zoneinfo/Europe/Malta", + "/usr/share/zoneinfo/Europe/Minsk", + "/usr/share/zoneinfo/Europe/Monaco", + "/usr/share/zoneinfo/Europe/Moscow", + "/usr/share/zoneinfo/Europe/Oslo", + "/usr/share/zoneinfo/Europe/Paris", + "/usr/share/zoneinfo/Europe/Prague", + "/usr/share/zoneinfo/Europe/Riga", + "/usr/share/zoneinfo/Europe/Rome", + "/usr/share/zoneinfo/Europe/Samara", + "/usr/share/zoneinfo/Europe/Sarajevo", + "/usr/share/zoneinfo/Europe/Saratov", + "/usr/share/zoneinfo/Europe/Simferopol", + "/usr/share/zoneinfo/Europe/Skopje", + "/usr/share/zoneinfo/Europe/Sofia", + "/usr/share/zoneinfo/Europe/Stockholm", + "/usr/share/zoneinfo/Europe/Tallinn", + "/usr/share/zoneinfo/Europe/Tirane", + "/usr/share/zoneinfo/Europe/Ulyanovsk", + "/usr/share/zoneinfo/Europe/Vaduz", + "/usr/share/zoneinfo/Europe/Vienna", + "/usr/share/zoneinfo/Europe/Vilnius", + "/usr/share/zoneinfo/Europe/Volgograd", + "/usr/share/zoneinfo/Europe/Warsaw", + "/usr/share/zoneinfo/Europe/Zagreb", + "/usr/share/zoneinfo/Europe/Zurich", + "/usr/share/zoneinfo/Factory", + "/usr/share/zoneinfo/Indian/Antananarivo", + "/usr/share/zoneinfo/Indian/Chagos", + "/usr/share/zoneinfo/Indian/Christmas", + "/usr/share/zoneinfo/Indian/Cocos", + "/usr/share/zoneinfo/Indian/Comoro", + "/usr/share/zoneinfo/Indian/Kerguelen", + "/usr/share/zoneinfo/Indian/Mahe", + "/usr/share/zoneinfo/Indian/Maldives", + "/usr/share/zoneinfo/Indian/Mauritius", + "/usr/share/zoneinfo/Indian/Mayotte", + "/usr/share/zoneinfo/Indian/Reunion", + "/usr/share/zoneinfo/Pacific/Apia", + "/usr/share/zoneinfo/Pacific/Auckland", + "/usr/share/zoneinfo/Pacific/Bougainville", + "/usr/share/zoneinfo/Pacific/Chatham", + "/usr/share/zoneinfo/Pacific/Chuuk", + "/usr/share/zoneinfo/Pacific/Easter", + "/usr/share/zoneinfo/Pacific/Efate", + "/usr/share/zoneinfo/Pacific/Fakaofo", + "/usr/share/zoneinfo/Pacific/Fiji", + "/usr/share/zoneinfo/Pacific/Funafuti", + "/usr/share/zoneinfo/Pacific/Galapagos", + "/usr/share/zoneinfo/Pacific/Gambier", + "/usr/share/zoneinfo/Pacific/Guadalcanal", + "/usr/share/zoneinfo/Pacific/Guam", + "/usr/share/zoneinfo/Pacific/Honolulu", + "/usr/share/zoneinfo/Pacific/Kanton", + "/usr/share/zoneinfo/Pacific/Kiritimati", + "/usr/share/zoneinfo/Pacific/Kosrae", + "/usr/share/zoneinfo/Pacific/Kwajalein", + "/usr/share/zoneinfo/Pacific/Majuro", + "/usr/share/zoneinfo/Pacific/Marquesas", + "/usr/share/zoneinfo/Pacific/Midway", + "/usr/share/zoneinfo/Pacific/Nauru", + "/usr/share/zoneinfo/Pacific/Niue", + "/usr/share/zoneinfo/Pacific/Norfolk", + "/usr/share/zoneinfo/Pacific/Noumea", + "/usr/share/zoneinfo/Pacific/Pago_Pago", + "/usr/share/zoneinfo/Pacific/Palau", + "/usr/share/zoneinfo/Pacific/Pitcairn", + "/usr/share/zoneinfo/Pacific/Pohnpei", + "/usr/share/zoneinfo/Pacific/Port_Moresby", + "/usr/share/zoneinfo/Pacific/Rarotonga", + "/usr/share/zoneinfo/Pacific/Saipan", + "/usr/share/zoneinfo/Pacific/Tahiti", + "/usr/share/zoneinfo/Pacific/Tarawa", + "/usr/share/zoneinfo/Pacific/Tongatapu", + "/usr/share/zoneinfo/Pacific/Wake", + "/usr/share/zoneinfo/Pacific/Wallis", + "/usr/share/zoneinfo/iso3166.tab", + "/usr/share/zoneinfo/leap-seconds.list", + "/usr/share/zoneinfo/leapseconds", + "/usr/share/zoneinfo/tzdata.zi", + "/usr/share/zoneinfo/zone.tab", + "/usr/share/zoneinfo/zone1970.tab", + "/usr/share/zoneinfo/zonenow.tab" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "util-linux@2.41-5", + "Name": "util-linux", + "Identifier": { + "PURL": "pkg:deb/debian/util-linux@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "972fb85b9c9e83e7" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/choom", + "/usr/bin/chrt", + "/usr/bin/dmesg", + "/usr/bin/fallocate", + "/usr/bin/findmnt", + "/usr/bin/flock", + "/usr/bin/getopt", + "/usr/bin/hardlink", + "/usr/bin/ionice", + "/usr/bin/ipcmk", + "/usr/bin/ipcrm", + "/usr/bin/ipcs", + "/usr/bin/lsblk", + "/usr/bin/lscpu", + "/usr/bin/lsipc", + "/usr/bin/lslocks", + "/usr/bin/lslogins", + "/usr/bin/lsmem", + "/usr/bin/lsns", + "/usr/bin/mcookie", + "/usr/bin/more", + "/usr/bin/mountpoint", + "/usr/bin/namei", + "/usr/bin/nsenter", + "/usr/bin/partx", + "/usr/bin/prlimit", + "/usr/bin/rename.ul", + "/usr/bin/rev", + "/usr/bin/setarch", + "/usr/bin/setpriv", + "/usr/bin/setsid", + "/usr/bin/setterm", + "/usr/bin/su", + "/usr/bin/taskset", + "/usr/bin/uclampset", + "/usr/bin/unshare", + "/usr/bin/wdctl", + "/usr/bin/whereis", + "/usr/lib/mime/packages/util-linux", + "/usr/lib/systemd/system/fstrim.service", + "/usr/lib/systemd/system/fstrim.timer", + "/usr/sbin/agetty", + "/usr/sbin/blkdiscard", + "/usr/sbin/blkid", + "/usr/sbin/blkzone", + "/usr/sbin/blockdev", + "/usr/sbin/chcpu", + "/usr/sbin/chmem", + "/usr/sbin/findfs", + "/usr/sbin/fsck", + "/usr/sbin/fsfreeze", + "/usr/sbin/fstrim", + "/usr/sbin/isosize", + "/usr/sbin/ldattach", + "/usr/sbin/mkfs", + "/usr/sbin/mkswap", + "/usr/sbin/pivot_root", + "/usr/sbin/readprofile", + "/usr/sbin/rtcwake", + "/usr/sbin/runuser", + "/usr/sbin/sulogin", + "/usr/sbin/swaplabel", + "/usr/sbin/switch_root", + "/usr/sbin/wipefs", + "/usr/sbin/zramctl", + "/usr/share/bash-completion/completions/blkdiscard", + "/usr/share/bash-completion/completions/blkid", + "/usr/share/bash-completion/completions/blkzone", + "/usr/share/bash-completion/completions/blockdev", + "/usr/share/bash-completion/completions/chcpu", + "/usr/share/bash-completion/completions/chmem", + "/usr/share/bash-completion/completions/chrt", + "/usr/share/bash-completion/completions/dmesg", + "/usr/share/bash-completion/completions/fallocate", + "/usr/share/bash-completion/completions/findfs", + "/usr/share/bash-completion/completions/findmnt", + "/usr/share/bash-completion/completions/flock", + "/usr/share/bash-completion/completions/fsck", + "/usr/share/bash-completion/completions/fsfreeze", + "/usr/share/bash-completion/completions/fstrim", + "/usr/share/bash-completion/completions/getopt", + "/usr/share/bash-completion/completions/hardlink", + "/usr/share/bash-completion/completions/ionice", + "/usr/share/bash-completion/completions/ipcmk", + "/usr/share/bash-completion/completions/ipcrm", + "/usr/share/bash-completion/completions/ipcs", + "/usr/share/bash-completion/completions/isosize", + "/usr/share/bash-completion/completions/ldattach", + "/usr/share/bash-completion/completions/lsblk", + "/usr/share/bash-completion/completions/lscpu", + "/usr/share/bash-completion/completions/lsipc", + "/usr/share/bash-completion/completions/lslocks", + "/usr/share/bash-completion/completions/lslogins", + "/usr/share/bash-completion/completions/lsmem", + "/usr/share/bash-completion/completions/lsns", + "/usr/share/bash-completion/completions/mcookie", + "/usr/share/bash-completion/completions/mkfs", + "/usr/share/bash-completion/completions/mkswap", + "/usr/share/bash-completion/completions/more", + "/usr/share/bash-completion/completions/mountpoint", + "/usr/share/bash-completion/completions/namei", + "/usr/share/bash-completion/completions/nsenter", + "/usr/share/bash-completion/completions/partx", + "/usr/share/bash-completion/completions/pivot_root", + "/usr/share/bash-completion/completions/prlimit", + "/usr/share/bash-completion/completions/readprofile", + "/usr/share/bash-completion/completions/rename.ul", + "/usr/share/bash-completion/completions/rev", + "/usr/share/bash-completion/completions/rtcwake", + "/usr/share/bash-completion/completions/setarch", + "/usr/share/bash-completion/completions/setpriv", + "/usr/share/bash-completion/completions/setsid", + "/usr/share/bash-completion/completions/setterm", + "/usr/share/bash-completion/completions/su", + "/usr/share/bash-completion/completions/swaplabel", + "/usr/share/bash-completion/completions/taskset", + "/usr/share/bash-completion/completions/uclampset", + "/usr/share/bash-completion/completions/unshare", + "/usr/share/bash-completion/completions/wdctl", + "/usr/share/bash-completion/completions/whereis", + "/usr/share/bash-completion/completions/wipefs", + "/usr/share/bash-completion/completions/zramctl", + "/usr/share/doc/util-linux/00-about-docs.txt", + "/usr/share/doc/util-linux/AUTHORS.gz", + "/usr/share/doc/util-linux/NEWS.Debian.gz", + "/usr/share/doc/util-linux/PAM-configuration.txt", + "/usr/share/doc/util-linux/README.Debian", + "/usr/share/doc/util-linux/blkid.txt", + "/usr/share/doc/util-linux/cal.txt", + "/usr/share/doc/util-linux/changelog.Debian.gz", + "/usr/share/doc/util-linux/changelog.gz", + "/usr/share/doc/util-linux/col.txt", + "/usr/share/doc/util-linux/copyright", + "/usr/share/doc/util-linux/deprecated.txt", + "/usr/share/doc/util-linux/examples/getopt-example.bash", + "/usr/share/doc/util-linux/getopt.txt", + "/usr/share/doc/util-linux/getopt_changelog.txt", + "/usr/share/doc/util-linux/howto-build-sys.txt", + "/usr/share/doc/util-linux/howto-compilation.txt", + "/usr/share/doc/util-linux/howto-contribute.txt.gz", + "/usr/share/doc/util-linux/howto-debug.txt", + "/usr/share/doc/util-linux/howto-man-page.txt", + "/usr/share/doc/util-linux/howto-pull-request.txt.gz", + "/usr/share/doc/util-linux/howto-tests.txt", + "/usr/share/doc/util-linux/howto-usage-function.txt.gz", + "/usr/share/doc/util-linux/hwclock.txt", + "/usr/share/doc/util-linux/modems-with-agetty.txt", + "/usr/share/doc/util-linux/mount.txt", + "/usr/share/doc/util-linux/parse-date.txt.gz", + "/usr/share/doc/util-linux/pg.txt", + "/usr/share/doc/util-linux/poeigl.txt.gz", + "/usr/share/doc/util-linux/release-schedule.txt", + "/usr/share/doc/util-linux/releases/v2.13-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.14-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.15-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.16-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.17-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.18-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.19-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.20-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.21-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.22-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.23-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.24-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.25-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.26-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.27-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.28-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.29-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.30-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.31-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.32-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.33-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.34-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.35-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.36-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.37-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.38-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.39-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.40-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.41-ReleaseNotes.gz", + "/usr/share/lintian/overrides/util-linux", + "/usr/share/man/man1/choom.1.gz", + "/usr/share/man/man1/chrt.1.gz", + "/usr/share/man/man1/dmesg.1.gz", + "/usr/share/man/man1/fallocate.1.gz", + "/usr/share/man/man1/flock.1.gz", + "/usr/share/man/man1/getopt.1.gz", + "/usr/share/man/man1/hardlink.1.gz", + "/usr/share/man/man1/ionice.1.gz", + "/usr/share/man/man1/ipcmk.1.gz", + "/usr/share/man/man1/ipcrm.1.gz", + "/usr/share/man/man1/ipcs.1.gz", + "/usr/share/man/man1/lscpu.1.gz", + "/usr/share/man/man1/lsipc.1.gz", + "/usr/share/man/man1/lslogins.1.gz", + "/usr/share/man/man1/lsmem.1.gz", + "/usr/share/man/man1/mcookie.1.gz", + "/usr/share/man/man1/more.1.gz", + "/usr/share/man/man1/mountpoint.1.gz", + "/usr/share/man/man1/namei.1.gz", + "/usr/share/man/man1/nsenter.1.gz", + "/usr/share/man/man1/prlimit.1.gz", + "/usr/share/man/man1/rename.ul.1.gz", + "/usr/share/man/man1/rev.1.gz", + "/usr/share/man/man1/runuser.1.gz", + "/usr/share/man/man1/setpriv.1.gz", + "/usr/share/man/man1/setsid.1.gz", + "/usr/share/man/man1/setterm.1.gz", + "/usr/share/man/man1/su.1.gz", + "/usr/share/man/man1/taskset.1.gz", + "/usr/share/man/man1/uclampset.1.gz", + "/usr/share/man/man1/unshare.1.gz", + "/usr/share/man/man1/whereis.1.gz", + "/usr/share/man/man5/adjtime_config.5.gz", + "/usr/share/man/man5/scols-filter.5.gz", + "/usr/share/man/man5/terminal-colors.d.5.gz", + "/usr/share/man/man8/agetty.8.gz", + "/usr/share/man/man8/blkdiscard.8.gz", + "/usr/share/man/man8/blkid.8.gz", + "/usr/share/man/man8/blkzone.8.gz", + "/usr/share/man/man8/blockdev.8.gz", + "/usr/share/man/man8/chcpu.8.gz", + "/usr/share/man/man8/chmem.8.gz", + "/usr/share/man/man8/findfs.8.gz", + "/usr/share/man/man8/findmnt.8.gz", + "/usr/share/man/man8/fsck.8.gz", + "/usr/share/man/man8/fsfreeze.8.gz", + "/usr/share/man/man8/fstrim.8.gz", + "/usr/share/man/man8/isosize.8.gz", + "/usr/share/man/man8/ldattach.8.gz", + "/usr/share/man/man8/lsblk.8.gz", + "/usr/share/man/man8/lslocks.8.gz", + "/usr/share/man/man8/lsns.8.gz", + "/usr/share/man/man8/mkfs.8.gz", + "/usr/share/man/man8/mkswap.8.gz", + "/usr/share/man/man8/partx.8.gz", + "/usr/share/man/man8/pivot_root.8.gz", + "/usr/share/man/man8/readprofile.8.gz", + "/usr/share/man/man8/rtcwake.8.gz", + "/usr/share/man/man8/setarch.8.gz", + "/usr/share/man/man8/sulogin.8.gz", + "/usr/share/man/man8/swaplabel.8.gz", + "/usr/share/man/man8/switch_root.8.gz", + "/usr/share/man/man8/wdctl.8.gz", + "/usr/share/man/man8/wipefs.8.gz", + "/usr/share/man/man8/zramctl.8.gz", + "/usr/share/util-linux/logcheck/ignore.d.server/util-linux" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "zlib1g@1:1.3.dfsg+really1.3.1-1+b1", + "Name": "zlib1g", + "Identifier": { + "PURL": "pkg:deb/debian/zlib1g@1.3.dfsg%2Breally1.3.1-1%2Bb1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "ff182eb2a26a8142" + }, + "Version": "1.3.dfsg+really1.3.1", + "Release": "1+b1", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "zlib", + "SrcVersion": "1.3.dfsg+really1.3.1", + "SrcRelease": "1", + "SrcEpoch": 1, + "Licenses": [ + "Zlib" + ], + "Maintainer": "Mark Brown \u003cbroonie@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libz.so.1.3.1", + "/usr/share/doc/zlib1g/changelog.Debian.amd64.gz", + "/usr/share/doc/zlib1g/changelog.Debian.gz", + "/usr/share/doc/zlib1g/changelog.gz", + "/usr/share/doc/zlib1g/copyright" + ], + "AnalyzedBy": "dpkg" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "bsdutils@1:2.41-5", + "PkgName": "bsdutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "5843733a461e6ce1" + }, + "InstalledVersion": "1:2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:bf01be62fdb94a50f06cf15240849408e2bfd24613f8942a9b312e8bec223079", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "bsdutils@1:2.41-5", + "PkgName": "bsdutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "5843733a461e6ce1" + }, + "InstalledVersion": "1:2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:a66355654759c81e952338a564f50af6c1cac2abe1f3d2987bbe53781cd85e1a", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "libblkid1@2.41-5", + "PkgName": "libblkid1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "51bf0af8d40f4a01" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:0be34f71c1247c4a042dd0de56b09025ef719df9b53982d40ec37570d8dae439", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "libblkid1@2.41-5", + "PkgName": "libblkid1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "51bf0af8d40f4a01" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:3246ccb859267f9a3208d111acad90c2b5138a30b8331930b3e507b3af7f4a25", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-5435", + "PkgID": "libc-bin@2.41-12+deb13u3", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "c45af597301c8c0b" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5435", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:1cb74edfc808a6fd01780751b6f9fb68069a8cb8b983cdc0ebfc994148c92116", + "Title": "glibc: glibc: Out-of-bounds write via TSIG record processing", + "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-5435", + "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5435", + "https://sourceware.org/bugzilla/show_bug.cgi?id=34033", + "https://www.cve.org/CVERecord?id=CVE-2026-5435" + ], + "PublishedDate": "2026-04-28T13:19:22.29Z", + "LastModifiedDate": "2026-05-05T17:38:37.03Z" + }, + { + "VulnerabilityID": "CVE-2026-5450", + "PkgID": "libc-bin@2.41-12+deb13u3", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "c45af597301c8c0b" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5450", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:2725fe189be5d29641169f9afea7cb0b3991966648a68b32f24afe7a55be6206", + "Title": "glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width", + "Description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122", + "CWE-787" + ], + "VendorSeverity": { + "photon": 4, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-5450", + "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5450", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997", + "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450", + "https://www.cve.org/CVERecord?id=CVE-2026-5450" + ], + "PublishedDate": "2026-04-20T21:16:36.85Z", + "LastModifiedDate": "2026-04-23T15:33:34.277Z" + }, + { + "VulnerabilityID": "CVE-2026-5928", + "PkgID": "libc-bin@2.41-12+deb13u3", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "c45af597301c8c0b" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5928", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:93921d0e9e0f68cc350ab4e74076bca6dd104c8e925ddbdfde2d2a6136f55428", + "Title": "glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings", + "Description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp-\u003e_IO_read_ptr) instead of the actual wide-stream read pointer (fp-\u003e_wide_data-\u003e_IO_read_ptr). The program crash may happen in cases where fp-\u003e_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-127" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-5928", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5928", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33998", + "https://www.cve.org/CVERecord?id=CVE-2026-5928" + ], + "PublishedDate": "2026-04-20T21:16:36.963Z", + "LastModifiedDate": "2026-04-23T15:33:43.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6238", + "PkgID": "libc-bin@2.41-12+deb13u3", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "c45af597301c8c0b" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6238", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:ffd5c74a5d7fc10b9a76a9a89f91dddc33d784620c41d48536da03a332e36406", + "Title": "glibc: glibc: Application crash or uninitialized memory read via crafted DNS response", + "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.\n\nThese functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-126" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-6238", + "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6238", + "https://sourceware.org/bugzilla/show_bug.cgi?id=34069", + "https://www.cve.org/CVERecord?id=CVE-2026-6238" + ], + "PublishedDate": "2026-04-28T19:37:47.523Z", + "LastModifiedDate": "2026-05-04T17:57:24.007Z" + }, + { + "VulnerabilityID": "CVE-2026-5435", + "PkgID": "libc6@2.41-12+deb13u3", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "2a1acf211abcdd46" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5435", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:c7eb8dd93abbd9435b4f5dad521d02941b341b622d6224bd6193e262f978c00f", + "Title": "glibc: glibc: Out-of-bounds write via TSIG record processing", + "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-5435", + "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5435", + "https://sourceware.org/bugzilla/show_bug.cgi?id=34033", + "https://www.cve.org/CVERecord?id=CVE-2026-5435" + ], + "PublishedDate": "2026-04-28T13:19:22.29Z", + "LastModifiedDate": "2026-05-05T17:38:37.03Z" + }, + { + "VulnerabilityID": "CVE-2026-5450", + "PkgID": "libc6@2.41-12+deb13u3", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "2a1acf211abcdd46" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5450", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:f8ab117ef43c4591ed5ec8d9601fc7fb06695246d29c7b9f04ebd2be9b40c0df", + "Title": "glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width", + "Description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122", + "CWE-787" + ], + "VendorSeverity": { + "photon": 4, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-5450", + "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5450", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997", + "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450", + "https://www.cve.org/CVERecord?id=CVE-2026-5450" + ], + "PublishedDate": "2026-04-20T21:16:36.85Z", + "LastModifiedDate": "2026-04-23T15:33:34.277Z" + }, + { + "VulnerabilityID": "CVE-2026-5928", + "PkgID": "libc6@2.41-12+deb13u3", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "2a1acf211abcdd46" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5928", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:14285b2b7e7fde005487b5408ebc8cf6979d1f788390492fca75f862b921c6b4", + "Title": "glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings", + "Description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp-\u003e_IO_read_ptr) instead of the actual wide-stream read pointer (fp-\u003e_wide_data-\u003e_IO_read_ptr). The program crash may happen in cases where fp-\u003e_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-127" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-5928", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5928", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33998", + "https://www.cve.org/CVERecord?id=CVE-2026-5928" + ], + "PublishedDate": "2026-04-20T21:16:36.963Z", + "LastModifiedDate": "2026-04-23T15:33:43.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6238", + "PkgID": "libc6@2.41-12+deb13u3", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "2a1acf211abcdd46" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6238", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:7c950ded43411c5b62b1f75407086be2314a69a729a81c0fc2e4639638b43baf", + "Title": "glibc: glibc: Application crash or uninitialized memory read via crafted DNS response", + "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.\n\nThese functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-126" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-6238", + "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6238", + "https://sourceware.org/bugzilla/show_bug.cgi?id=34069", + "https://www.cve.org/CVERecord?id=CVE-2026-6238" + ], + "PublishedDate": "2026-04-28T19:37:47.523Z", + "LastModifiedDate": "2026-05-04T17:57:24.007Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "liblastlog2-2@2.41-5", + "PkgName": "liblastlog2-2", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "eb4f5430aea34a10" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:e6ae6234a8535f78e42173fd337f45f34d2116e133d8b47c8b8058ad1341c0b0", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "liblastlog2-2@2.41-5", + "PkgName": "liblastlog2-2", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "eb4f5430aea34a10" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:3ab60107f6ae98e4c911144e9cd427855c8729560110af1f188b8d270f36dbf4", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-34743", + "PkgID": "liblzma5@5.8.1-1", + "PkgName": "liblzma5", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/liblzma5@5.8.1-1?arch=amd64\u0026distro=debian-13.5", + "UID": "d7b58e04f1a265ed" + }, + "InstalledVersion": "5.8.1-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34743", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:b263025b4dc9edf31670d17207c20713028927beb350236806dc3db4d3ff5566", + "Title": "xz: XZ Utils: Denial of Service via buffer overflow in index decoding", + "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/31/13", + "https://access.redhat.com/security/cve/CVE-2026-34743", + "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", + "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", + "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", + "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", + "https://www.cve.org/CVERecord?id=CVE-2026-34743" + ], + "PublishedDate": "2026-04-02T19:21:33.187Z", + "LastModifiedDate": "2026-04-15T17:33:17.68Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "libmount1@2.41-5", + "PkgName": "libmount1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "84ccd0371833b76" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:6675ca620364e9fc3b283d509d0f43a3dc41cd6d9a12e1b58714fa9797f0e1dd", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "libmount1@2.41-5", + "PkgName": "libmount1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "84ccd0371833b76" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:6c9891f59a99d43d46eb232db7398429116df771576678dc27f834db1c84dc83", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2025-69720", + "PkgID": "libncursesw6@6.5+20250216-2", + "PkgName": "libncursesw6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libncursesw6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", + "UID": "5efa2a2068c240d8" + }, + "InstalledVersion": "6.5+20250216-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:de05a5d93ad2278ccd0c7acc8a3996ae8db939dd91b4fda27099712fecd0bc1f", + "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", + "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-121", + "CWE-120" + ], + "VendorSeverity": { + "alma": 2, + "azure": 4, + "cbl-mariner": 4, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:5913", + "https://access.redhat.com/security/cve/CVE-2025-69720", + "https://bugzilla.redhat.com/2449037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", + "https://errata.almalinux.org/10/ALSA-2026-5913.html", + "https://errata.rockylinux.org/RLSA-2026:5913", + "https://github.com/Cao-Wuhui/CVE-2025-69720", + "https://invisible-island.net/archives/ncurses/6.5/", + "https://invisible-island.net/ncurses/", + "https://linux.oracle.com/cve/CVE-2025-69720.html", + "https://linux.oracle.com/errata/ELSA-2026-5913.html", + "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", + "https://www.cve.org/CVERecord?id=CVE-2025-69720" + ], + "PublishedDate": "2026-03-19T15:16:21.293Z", + "LastModifiedDate": "2026-03-26T19:35:10.547Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "libsmartcols1@2.41-5", + "PkgName": "libsmartcols1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "780dbec0869ab8e" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:ddb2a9c0ae85f75310d599753fbf305ee8eb8b82a404b5e1a71c657bdca3c7ee", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "libsmartcols1@2.41-5", + "PkgName": "libsmartcols1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "780dbec0869ab8e" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:d1c8280787663190938f3278d256653543b01222ef03f4f00c518da51c298a77", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2025-69720", + "PkgID": "libtinfo6@6.5+20250216-2", + "PkgName": "libtinfo6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libtinfo6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", + "UID": "ba2c2b464f07108a" + }, + "InstalledVersion": "6.5+20250216-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:f9b82d136b60dd816e412c552dcebfc2229c4d7db3ae00c86b30c392bab15623", + "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", + "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-121", + "CWE-120" + ], + "VendorSeverity": { + "alma": 2, + "azure": 4, + "cbl-mariner": 4, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:5913", + "https://access.redhat.com/security/cve/CVE-2025-69720", + "https://bugzilla.redhat.com/2449037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", + "https://errata.almalinux.org/10/ALSA-2026-5913.html", + "https://errata.rockylinux.org/RLSA-2026:5913", + "https://github.com/Cao-Wuhui/CVE-2025-69720", + "https://invisible-island.net/archives/ncurses/6.5/", + "https://invisible-island.net/ncurses/", + "https://linux.oracle.com/cve/CVE-2025-69720.html", + "https://linux.oracle.com/errata/ELSA-2026-5913.html", + "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", + "https://www.cve.org/CVERecord?id=CVE-2025-69720" + ], + "PublishedDate": "2026-03-19T15:16:21.293Z", + "LastModifiedDate": "2026-03-26T19:35:10.547Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "libuuid1@2.41-5", + "PkgName": "libuuid1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "1afbb50818377478" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:ce2d8f6412c915c4f9080c8333413f271fffb423794de9a14d624ecbff1a6c59", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "libuuid1@2.41-5", + "PkgName": "libuuid1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "1afbb50818377478" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:1c3aeaa5bc8a7020eeb089c023b1e9fe4845632ecc2aa73b68988ec53d9024b4", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "login@1:4.16.0-2+really2.41-5", + "PkgName": "login", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "c0ab0b857644733b" + }, + "InstalledVersion": "1:4.16.0-2+really2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:848c8047737ae4215e44170ed583daf9a61cc9561f89deb81a14c273bd1ca598", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "login@1:4.16.0-2+really2.41-5", + "PkgName": "login", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "c0ab0b857644733b" + }, + "InstalledVersion": "1:4.16.0-2+really2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:bb1fdd77a280d96fbe0b0500b59b2d1a09f87157aa5b95d67e8c6f7970f5f9f9", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "mount@2.41-5", + "PkgName": "mount", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/mount@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "55c835c674d0a0e5" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:ada217038dba223d6644e6e76ec66636798179a4e323056da11b65e5e227568f", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "mount@2.41-5", + "PkgName": "mount", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/mount@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "55c835c674d0a0e5" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:9f9f39103c97b90d1f9dd0530b1358479bf7792ac614496fa50dd704970688f1", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2025-69720", + "PkgID": "ncurses-base@6.5+20250216-2", + "PkgName": "ncurses-base", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/ncurses-base@6.5%2B20250216-2?arch=all\u0026distro=debian-13.5", + "UID": "767a0231348a5cb5" + }, + "InstalledVersion": "6.5+20250216-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:321a607c699503aae57d006e47b384a2ec5ac43463cb26039a32c9569b54d9a3", + "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", + "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-121", + "CWE-120" + ], + "VendorSeverity": { + "alma": 2, + "azure": 4, + "cbl-mariner": 4, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:5913", + "https://access.redhat.com/security/cve/CVE-2025-69720", + "https://bugzilla.redhat.com/2449037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", + "https://errata.almalinux.org/10/ALSA-2026-5913.html", + "https://errata.rockylinux.org/RLSA-2026:5913", + "https://github.com/Cao-Wuhui/CVE-2025-69720", + "https://invisible-island.net/archives/ncurses/6.5/", + "https://invisible-island.net/ncurses/", + "https://linux.oracle.com/cve/CVE-2025-69720.html", + "https://linux.oracle.com/errata/ELSA-2026-5913.html", + "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", + "https://www.cve.org/CVERecord?id=CVE-2025-69720" + ], + "PublishedDate": "2026-03-19T15:16:21.293Z", + "LastModifiedDate": "2026-03-26T19:35:10.547Z" + }, + { + "VulnerabilityID": "CVE-2025-69720", + "PkgID": "ncurses-bin@6.5+20250216-2", + "PkgName": "ncurses-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/ncurses-bin@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", + "UID": "5b541563cf6587e5" + }, + "InstalledVersion": "6.5+20250216-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:028904254ebb5ac283d2481610bf41040500a23d75fb2f01f228a6c5891f7aa0", + "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", + "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-121", + "CWE-120" + ], + "VendorSeverity": { + "alma": 2, + "azure": 4, + "cbl-mariner": 4, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:5913", + "https://access.redhat.com/security/cve/CVE-2025-69720", + "https://bugzilla.redhat.com/2449037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", + "https://errata.almalinux.org/10/ALSA-2026-5913.html", + "https://errata.rockylinux.org/RLSA-2026:5913", + "https://github.com/Cao-Wuhui/CVE-2025-69720", + "https://invisible-island.net/archives/ncurses/6.5/", + "https://invisible-island.net/ncurses/", + "https://linux.oracle.com/cve/CVE-2025-69720.html", + "https://linux.oracle.com/errata/ELSA-2026-5913.html", + "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", + "https://www.cve.org/CVERecord?id=CVE-2025-69720" + ], + "PublishedDate": "2026-03-19T15:16:21.293Z", + "LastModifiedDate": "2026-03-26T19:35:10.547Z" + }, + { + "VulnerabilityID": "CVE-2026-5704", + "PkgID": "tar@1.35+dfsg-3.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?arch=amd64\u0026distro=debian-13.5", + "UID": "4f69996c49afbaca" + }, + "InstalledVersion": "1.35+dfsg-3.1", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5704", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:93438263e028824af0a31a64a4c750ab591ce4d7434e5dbd9098a659abe491c7", + "Title": "tar: tar: Hidden file injection via crafted archives", + "Description": "A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-434" + ], + "VendorSeverity": { + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/11/10", + "http://www.openwall.com/lists/oss-security/2026/04/11/11", + "http://www.openwall.com/lists/oss-security/2026/04/12/2", + "https://access.redhat.com/security/cve/CVE-2026-5704", + "https://bugzilla.redhat.com/show_bug.cgi?id=2455360", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5704", + "https://www.cve.org/CVERecord?id=CVE-2026-5704" + ], + "PublishedDate": "2026-04-06T16:16:42.14Z", + "LastModifiedDate": "2026-04-22T20:08:59.92Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "util-linux@2.41-5", + "PkgName": "util-linux", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/util-linux@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "972fb85b9c9e83e7" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:2b49edd8a1c1800d2ad92be3efe5d7b6680d17827a5a79fa74b74ff3a082fd73", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "util-linux@2.41-5", + "PkgName": "util-linux", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/util-linux@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "972fb85b9c9e83e7" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:a31885ea60c5b1b983bce32c0a66983bc1a89fc939f1eb677563652ee6d9c7d1", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-27171", + "PkgID": "zlib1g@1:1.3.dfsg+really1.3.1-1+b1", + "PkgName": "zlib1g", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/zlib1g@1.3.dfsg%2Breally1.3.1-1%2Bb1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "ff182eb2a26a8142" + }, + "InstalledVersion": "1:1.3.dfsg+really1.3.1-1+b1", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:2fa1bfdbed6a380e7ca7f570d27dab82280c0df0a381cbe9880953ef3bf3118f", + "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", + "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1284" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 1, + "cbl-mariner": 1, + "julia": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://access.redhat.com/security/cve/CVE-2026-27171", + "https://github.com/advisories/GHSA-h858-mf2m-8jf4", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "https://ostif.org/zlib-audit-complete", + "https://ostif.org/zlib-audit-complete/", + "https://www.cve.org/CVERecord?id=CVE-2026-27171" + ], + "PublishedDate": "2026-02-18T04:16:01.263Z", + "LastModifiedDate": "2026-03-25T21:27:04.603Z" + } + ] + }, + { + "Target": "Python", + "Class": "lang-pkgs", + "Type": "python-pkg", + "Packages": [ + { + "Name": "autocommand", + "Identifier": { + "PURL": "pkg:pypi/autocommand@2.2.2", + "UID": "de2aeb22213f7255" + }, + "Version": "2.2.2", + "Licenses": [ + "LGPL-3.0-only" + ], + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/autocommand-2.2.2.dist-info/METADATA", + "AnalyzedBy": "python-pkg" + }, + { + "Name": "backports.tarfile", + "Identifier": { + "PURL": "pkg:pypi/backports.tarfile@1.2.0", + "UID": "1333ca5d453000df" + }, + "Version": "1.2.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/backports.tarfile-1.2.0.dist-info/METADATA", + "AnalyzedBy": "python-pkg" + }, + { + "Name": "importlib_metadata", + "Identifier": { + "PURL": "pkg:pypi/importlib-metadata@8.0.0", + "UID": "347a36bc9e660761" + }, + "Version": "8.0.0", + "Licenses": [ + "Apache-2.0" + ], + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/importlib_metadata-8.0.0.dist-info/METADATA", + "AnalyzedBy": "python-pkg" + }, + { + "Name": "inflect", + "Identifier": { + "PURL": "pkg:pypi/inflect@7.3.1", + "UID": "51e7d1c898b69383" + }, + "Version": "7.3.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/inflect-7.3.1.dist-info/METADATA", + "AnalyzedBy": "python-pkg" + }, + { + "Name": "jaraco.collections", + "Identifier": { + "PURL": "pkg:pypi/jaraco.collections@5.1.0", + "UID": "b2e77b8a0b175ddd" + }, + "Version": "5.1.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/jaraco.collections-5.1.0.dist-info/METADATA", + "AnalyzedBy": "python-pkg" + }, + { + "Name": "jaraco.context", + "Identifier": { + "PURL": "pkg:pypi/jaraco.context@5.3.0", + "UID": "d6550b81e52efabe" + }, + "Version": "5.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/jaraco.context-5.3.0.dist-info/METADATA", + "AnalyzedBy": "python-pkg" + }, + { + "Name": "jaraco.functools", + "Identifier": { + "PURL": "pkg:pypi/jaraco.functools@4.0.1", + "UID": "f42118e4940a83a5" + }, + "Version": "4.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/jaraco.functools-4.0.1.dist-info/METADATA", + "AnalyzedBy": "python-pkg" + }, + { + "Name": "jaraco.text", + "Identifier": { + "PURL": "pkg:pypi/jaraco.text@3.12.1", + "UID": "cac1fcd2d9755e50" + }, + "Version": "3.12.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/jaraco.text-3.12.1.dist-info/METADATA", + "AnalyzedBy": "python-pkg" + }, + { + "Name": "more-itertools", + "Identifier": { + "PURL": "pkg:pypi/more-itertools@10.3.0", + "UID": "cab6d07375997e08" + }, + "Version": "10.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/more_itertools-10.3.0.dist-info/METADATA", + "AnalyzedBy": "python-pkg" + }, + { + "Name": "packaging", + "Identifier": { + "PURL": "pkg:pypi/packaging@24.2", + "UID": "dd0943476d1773a8" + }, + "Version": "24.2", + "Licenses": [ + "Apache-2.0", + "BSD-3-Clause" + ], + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/packaging-24.2.dist-info/METADATA", + "AnalyzedBy": "python-pkg" + }, + { + "Name": "pip", + "Identifier": { + "PURL": "pkg:pypi/pip@24.0", + "UID": "7a4293168b845101" + }, + "Version": "24.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "FilePath": "usr/local/lib/python3.11/site-packages/pip-24.0.dist-info/METADATA", + "AnalyzedBy": "python-pkg" + }, + { + "Name": "platformdirs", + "Identifier": { + "PURL": "pkg:pypi/platformdirs@4.2.2", + "UID": "f93e5b8c438aeaf6" + }, + "Version": "4.2.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/platformdirs-4.2.2.dist-info/METADATA", + "AnalyzedBy": "python-pkg" + }, + { + "Name": "setuptools", + "Identifier": { + "PURL": "pkg:pypi/setuptools@79.0.1", + "UID": "a34f48aa76be299c" + }, + "Version": "79.0.1", + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "FilePath": "usr/local/lib/python3.11/site-packages/setuptools-79.0.1.dist-info/METADATA", + "AnalyzedBy": "python-pkg" + }, + { + "Name": "tomli", + "Identifier": { + "PURL": "pkg:pypi/tomli@2.0.1", + "UID": "53abaa0d00072d9e" + }, + "Version": "2.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/tomli-2.0.1.dist-info/METADATA", + "AnalyzedBy": "python-pkg" + }, + { + "Name": "typeguard", + "Identifier": { + "PURL": "pkg:pypi/typeguard@4.3.0", + "UID": "f19abdf9377301a1" + }, + "Version": "4.3.0", + "Licenses": [ + "MIT" + ], + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/typeguard-4.3.0.dist-info/METADATA", + "AnalyzedBy": "python-pkg" + }, + { + "Name": "typing_extensions", + "Identifier": { + "PURL": "pkg:pypi/typing-extensions@4.12.2", + "UID": "4b1f19157aef399d" + }, + "Version": "4.12.2", + "Licenses": [ + "Python Software Foundation License" + ], + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/typing_extensions-4.12.2.dist-info/METADATA", + "AnalyzedBy": "python-pkg" + }, + { + "Name": "wheel", + "Identifier": { + "PURL": "pkg:pypi/wheel@0.45.1", + "UID": "68d1f5691b386b62" + }, + "Version": "0.45.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/wheel-0.45.1.dist-info/METADATA", + "AnalyzedBy": "python-pkg" + }, + { + "Name": "wheel", + "Identifier": { + "PURL": "pkg:pypi/wheel@0.45.1", + "UID": "588d1d5b79ef6155" + }, + "Version": "0.45.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "FilePath": "usr/local/lib/python3.11/site-packages/wheel-0.45.1.dist-info/METADATA", + "AnalyzedBy": "python-pkg" + }, + { + "Name": "zipp", + "Identifier": { + "PURL": "pkg:pypi/zipp@3.19.2", + "UID": "92d9047d0b817060" + }, + "Version": "3.19.2", + "Licenses": [ + "MIT" + ], + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/zipp-3.19.2.dist-info/METADATA", + "AnalyzedBy": "python-pkg" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2026-23949", + "VendorIDs": [ + "GHSA-58pv-8j8x-9vj2" + ], + "PkgName": "jaraco.context", + "PkgPath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/jaraco.context-5.3.0.dist-info/METADATA", + "PkgIdentifier": { + "PURL": "pkg:pypi/jaraco.context@5.3.0", + "UID": "d6550b81e52efabe" + }, + "InstalledVersion": "5.3.0", + "FixedVersion": "6.1.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23949", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory pip", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" + }, + "Fingerprint": "sha256:1c905c4c1d21dc620743774051bdd1c08e63dd6f92117b17d07dd935773d850d", + "Title": "jaraco.context: jaraco.context: Path traversal via malicious tar archives", + "Description": "jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the `jaraco.context.tarball()` function starting in version 5.2.0 and prior to version 6.1.0. The vulnerability may allow attackers to extract files outside the intended extraction directory when malicious tar archives are processed. The strip_first_component filter splits the path on the first `/` and extracts the second component, while allowing `../` sequences. Paths like `dummy_dir/../../etc/passwd` become `../../etc/passwd`. Note that this suffers from a nested tarball attack as well with multi-level tar files such as `dummy_dir/inner.tar.gz`, where the inner.tar.gz includes a traversal `dummy_dir/../../config/.env` that also gets translated to `../../config/.env`. Version 6.1.0 contains a patch for the issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "ghsa": 3, + "redhat": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 8.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 8.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-23949", + "https://github.com/jaraco/jaraco.context", + "https://github.com/jaraco/jaraco.context/blob/main/jaraco/context/__init__.py#L74-L91", + "https://github.com/jaraco/jaraco.context/commit/7b26a42b525735e4085d2e994e13802ea339d5f9", + "https://github.com/jaraco/jaraco.context/security/advisories/GHSA-58pv-8j8x-9vj2", + "https://github.com/pypa/setuptools/blob/main/setuptools/_vendor/jaraco/context.py#L55-L76", + "https://nvd.nist.gov/vuln/detail/CVE-2026-23949", + "https://ubuntu.com/security/notices/USN-7979-1", + "https://www.cve.org/CVERecord?id=CVE-2026-23949" + ], + "PublishedDate": "2026-01-20T01:15:57.723Z", + "LastModifiedDate": "2026-03-11T23:12:19.323Z" + }, + { + "VulnerabilityID": "CVE-2025-8869", + "VendorIDs": [ + "GHSA-4xh5-x5gv-qwph" + ], + "PkgName": "pip", + "PkgPath": "usr/local/lib/python3.11/site-packages/pip-24.0.dist-info/METADATA", + "PkgIdentifier": { + "PURL": "pkg:pypi/pip@24.0", + "UID": "7a4293168b845101" + }, + "InstalledVersion": "24.0", + "FixedVersion": "25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8869", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory pip", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" + }, + "Fingerprint": "sha256:a93490c6514e9ef6bc4bfc1cb8329d6a27d7b0a2ee393561d9be69fd0268dcc5", + "Title": "pip: pip missing checks on symbolic link extraction", + "Description": "When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706.\nNote that upgrading pip to a \"fixed\" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python version that implements PEP 706.\n\nNote that this is a vulnerability in pip's fallback implementation of tar extraction for Python versions that don't implement PEP 706\nand therefore are not secure to all vulnerabilities in the Python 'tarfile' module. If you're using a Python version that implements PEP 706\nthen pip doesn't use the \"vulnerable\" fallback code.\n\nMitigations include upgrading to a version of pip that includes the fix, upgrading to a Python version that implements PEP 706 (Python \u003e=3.9.17, \u003e=3.10.12, \u003e=3.11.4, or \u003e=3.12),\napplying the linked patch, or inspecting source distributions (sdists) before installation as is already a best-practice.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", + "V40Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8869", + "https://github.com/pypa/pip", + "https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a", + "https://github.com/pypa/pip/pull/13550", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html", + "https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN", + "https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN/", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8869", + "https://pip.pypa.io/en/stable/news/#v25-2", + "https://www.cve.org/CVERecord?id=CVE-2025-8869" + ], + "PublishedDate": "2025-09-24T15:15:41.293Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2026-3219", + "VendorIDs": [ + "GHSA-58qw-9mgm-455v" + ], + "PkgName": "pip", + "PkgPath": "usr/local/lib/python3.11/site-packages/pip-24.0.dist-info/METADATA", + "PkgIdentifier": { + "PURL": "pkg:pypi/pip@24.0", + "UID": "7a4293168b845101" + }, + "InstalledVersion": "24.0", + "FixedVersion": "26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3219", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory pip", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" + }, + "Fingerprint": "sha256:dd41b723ecedac6e2197e883e7c25222d8d4cd6adfbb9bcd14eddae543e89738", + "Title": "pip: pip: Incorrect file installation due to improper archive handling", + "Description": "pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing \"incorrect\" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-434" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", + "V40Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/20/8", + "https://access.redhat.com/security/cve/CVE-2026-3219", + "https://github.com/pypa/pip", + "https://github.com/pypa/pip/issues/13867", + "https://github.com/pypa/pip/pull/13870", + "https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ", + "https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ/", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3219", + "https://www.cve.org/CVERecord?id=CVE-2026-3219" + ], + "PublishedDate": "2026-04-20T16:16:45.43Z", + "LastModifiedDate": "2026-04-20T21:16:36.42Z" + }, + { + "VulnerabilityID": "CVE-2026-6357", + "VendorIDs": [ + "GHSA-jp4c-xjxw-mgf9" + ], + "PkgName": "pip", + "PkgPath": "usr/local/lib/python3.11/site-packages/pip-24.0.dist-info/METADATA", + "PkgIdentifier": { + "PURL": "pkg:pypi/pip@24.0", + "UID": "7a4293168b845101" + }, + "InstalledVersion": "24.0", + "FixedVersion": "26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6357", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory pip", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" + }, + "Fingerprint": "sha256:6459dcf2f2eef4bd4ab12e277732f7b01e31b6c6fea4a78ed65843e2fa82e853", + "Title": "pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation", + "Description": "pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-829" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", + "V40Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 5.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/27/7", + "https://access.redhat.com/security/cve/CVE-2026-6357", + "https://github.com/pypa/pip", + "https://github.com/pypa/pip/commit/b369bfc96cc524e00c267e1693290e6599c36bad", + "https://github.com/pypa/pip/pull/13923", + "https://ichard26.github.io/blog/2026/04/whats-new-in-pip-26.1/#security-fixes", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6357", + "https://www.cve.org/CVERecord?id=CVE-2026-6357" + ], + "PublishedDate": "2026-04-27T15:16:20.857Z", + "LastModifiedDate": "2026-04-27T23:16:03.533Z" + }, + { + "VulnerabilityID": "CVE-2026-24049", + "VendorIDs": [ + "GHSA-8rrh-rw8j-w5fx" + ], + "PkgName": "wheel", + "PkgPath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/wheel-0.45.1.dist-info/METADATA", + "PkgIdentifier": { + "PURL": "pkg:pypi/wheel@0.45.1", + "UID": "68d1f5691b386b62" + }, + "InstalledVersion": "0.45.1", + "FixedVersion": "0.46.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24049", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory pip", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" + }, + "Fingerprint": "sha256:97a71244772cc1cbaf9ae174378caff2543ec5c48d2a9f2f50de2997c261a548", + "Title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking", + "Description": "wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts. This issue has been fixed in version 0.46.2.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22", + "CWE-732" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 3, + "nvd": 2, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", + "V3Score": 7.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1939", + "https://access.redhat.com/security/cve/CVE-2026-24049", + "https://bugzilla.redhat.com/2431959", + "https://bugzilla.redhat.com/show_bug.cgi?id=2431959", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24049", + "https://errata.almalinux.org/9/ALSA-2026-1939.html", + "https://errata.rockylinux.org/RLSA-2026:1939", + "https://github.com/pypa/wheel", + "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef", + "https://github.com/pypa/wheel/commit/934fe177ff912c8e03d5ae951d3805e1fd90ba5e", + "https://github.com/pypa/wheel/releases/tag/0.46.2", + "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx", + "https://linux.oracle.com/cve/CVE-2026-24049.html", + "https://linux.oracle.com/errata/ELSA-2026-2090.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-24049", + "https://ubuntu.com/security/notices/USN-8221-1", + "https://www.cve.org/CVERecord?id=CVE-2026-24049" + ], + "PublishedDate": "2026-01-22T05:16:23.157Z", + "LastModifiedDate": "2026-02-18T14:56:48.657Z" + }, + { + "VulnerabilityID": "CVE-2026-24049", + "VendorIDs": [ + "GHSA-8rrh-rw8j-w5fx" + ], + "PkgName": "wheel", + "PkgPath": "usr/local/lib/python3.11/site-packages/wheel-0.45.1.dist-info/METADATA", + "PkgIdentifier": { + "PURL": "pkg:pypi/wheel@0.45.1", + "UID": "588d1d5b79ef6155" + }, + "InstalledVersion": "0.45.1", + "FixedVersion": "0.46.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", + "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24049", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory pip", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" + }, + "Fingerprint": "sha256:97a71244772cc1cbaf9ae174378caff2543ec5c48d2a9f2f50de2997c261a548", + "Title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking", + "Description": "wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts. This issue has been fixed in version 0.46.2.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22", + "CWE-732" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 3, + "nvd": 2, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", + "V3Score": 7.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1939", + "https://access.redhat.com/security/cve/CVE-2026-24049", + "https://bugzilla.redhat.com/2431959", + "https://bugzilla.redhat.com/show_bug.cgi?id=2431959", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24049", + "https://errata.almalinux.org/9/ALSA-2026-1939.html", + "https://errata.rockylinux.org/RLSA-2026:1939", + "https://github.com/pypa/wheel", + "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef", + "https://github.com/pypa/wheel/commit/934fe177ff912c8e03d5ae951d3805e1fd90ba5e", + "https://github.com/pypa/wheel/releases/tag/0.46.2", + "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx", + "https://linux.oracle.com/cve/CVE-2026-24049.html", + "https://linux.oracle.com/errata/ELSA-2026-2090.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-24049", + "https://ubuntu.com/security/notices/USN-8221-1", + "https://www.cve.org/CVERecord?id=CVE-2026-24049" + ], + "PublishedDate": "2026-01-22T05:16:23.157Z", + "LastModifiedDate": "2026-02-18T14:56:48.657Z" + } + ] + } + ] + }, + { + "Namespace": "proxy", + "Kind": "Deployment", + "Name": "proxy", + "Metadata": [ + { + "Size": 63648256, + "OS": { + "Family": "alpine", + "Name": "3.23.4" + }, + "ImageID": "sha256:a5e688db1e7424e08d0ff019d3c9962f2f6ceef71ca53227b06fe8ec7b47ed35", + "DiffIDs": [ + "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1", + "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8", + "sha256:a1de419deb2439bf43af32ecd89cbdf0ca2aaa6faacf582011c37b5201a532e7", + "sha256:ad5fa0a24cd87e37fb848811a92c2a08f294e35e0cf5da9c1869b6c91a076505", + "sha256:6f189167f676fd6d05ce1e4077551cd67098c61e7e6a74ef470628be9a811b48", + "sha256:6b7f4e280528c3a7b1708bb91457637bbe8067349b8237c0a74e21e81bdf9ac0", + "sha256:ffd61943588a7a1e97a432e5c4e60e10844afe2933a16a32c14d8fdf5f3c5b32", + "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + ], + "RepoTags": [ + "nginx:stable-alpine" + ], + "RepoDigests": [ + "nginx@sha256:c819f83c54b0361f5557601bf5eb4943d09360e7a7fdf426afc466570f45874d" + ], + "Reference": "nginx:stable-alpine", + "ImageConfig": { + "architecture": "amd64", + "created": "2026-05-19T21:17:45.223455148Z", + "history": [ + { + "created": "2026-04-15T20:01:40.139676757Z", + "created_by": "ADD alpine-minirootfs-3.23.4-x86_64.tar.gz / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-04-15T20:01:40.139676757Z", + "created_by": "CMD [\"/bin/sh\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T20:15:20.614381563Z", + "created_by": "LABEL maintainer=NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T20:15:20.614381563Z", + "created_by": "ENV NGINX_VERSION=1.30.1", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T20:15:20.614381563Z", + "created_by": "ENV PKG_RELEASE=1", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T20:15:20.614381563Z", + "created_by": "ENV DYNPKG_RELEASE=1", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T20:15:20.614381563Z", + "created_by": "RUN /bin/sh -c set -x \u0026\u0026 addgroup -g 101 -S nginx \u0026\u0026 adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \u0026\u0026 apkArch=\"$(cat /etc/apk/arch)\" \u0026\u0026 nginxPackages=\" nginx=${NGINX_VERSION}-r${PKG_RELEASE} \" \u0026\u0026 apk add --no-cache --virtual .checksum-deps openssl \u0026\u0026 case \"$apkArch\" in x86_64|aarch64) set -x \u0026\u0026 KEY_SHA512=\"e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655\" \u0026\u0026 wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \u0026\u0026 if echo \"$KEY_SHA512 */tmp/nginx_signing.rsa.pub\" | sha512sum -c -; then echo \"key verification succeeded!\"; mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; else echo \"key verification failed!\"; exit 1; fi \u0026\u0026 DEPS=$(apk query --summarize depends --recursive --no-cache --repository \"@nginxorg https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\\.[0-9]+' /etc/alpine-release)/main\" ${nginxPackages/=/@nginxorg=}) \u0026\u0026 apk add --no-cache $DEPS \u0026\u0026 apk add --repositories-file /dev/null -X \"https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\\.[0-9]+' /etc/alpine-release)/main\" --no-cache $nginxPackages ;; *) set -x \u0026\u0026 tempDir=\"$(mktemp -d)\" \u0026\u0026 chown nobody:nobody $tempDir \u0026\u0026 apk add --no-cache --virtual .build-deps gcc libc-dev make openssl-dev pcre2-dev zlib-dev linux-headers bash alpine-sdk findutils curl \u0026\u0026 su nobody -s /bin/sh -c \" export HOME=${tempDir} \u0026\u0026 cd ${tempDir} \u0026\u0026 curl -f -L -O https://github.com/nginx/pkg-oss/archive/3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz \u0026\u0026 PKGOSSCHECKSUM=\\\"83a117b77bf3f1ce7f227b75712766c1dec6bcfae0f1f87a9d522d1ef9b66a8ca550c3c0835b82e74e1242284be65126a1858a4fabd1dc9969ce8a7fd8e4681b *3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz\\\" \u0026\u0026 if [ \\\"\\$(openssl sha512 -r 3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz)\\\" = \\\"\\$PKGOSSCHECKSUM\\\" ]; then echo \\\"pkg-oss tarball checksum verification succeeded!\\\"; else echo \\\"pkg-oss tarball checksum verification failed!\\\"; exit 1; fi \u0026\u0026 tar xzvf 3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz \u0026\u0026 cd pkg-oss-3fdb8a9a864e5680a1d432aab681e40b7e269bb4 \u0026\u0026 cd alpine \u0026\u0026 make base \u0026\u0026 apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \u0026\u0026 abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \" \u0026\u0026 cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \u0026\u0026 apk del --no-network .build-deps \u0026\u0026 DEPS=$(apk query --summarize depends --recursive --no-cache --repository \"@nginxorg ${tempDir}/packages/alpine/\" ${nginxPackages/=/@nginxorg=}) \u0026\u0026 apk add --no-cache $DEPS \u0026\u0026 apk add --repositories-file /dev/null -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages ;; esac \u0026\u0026 apk del --no-network .checksum-deps \u0026\u0026 if [ -n \"$tempDir\" ]; then rm -rf \"$tempDir\"; fi \u0026\u0026 if [ -f \"/etc/apk/keys/abuild-key.rsa.pub\" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \u0026\u0026 apk add --no-cache gettext-envsubst \u0026\u0026 apk add --no-cache tzdata \u0026\u0026 ln -sf /dev/stdout /var/log/nginx/access.log \u0026\u0026 ln -sf /dev/stderr /var/log/nginx/error.log \u0026\u0026 mkdir /docker-entrypoint.d # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-19T20:15:20.637067551Z", + "created_by": "COPY docker-entrypoint.sh / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-19T20:15:20.653413667Z", + "created_by": "COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-19T20:15:20.67373055Z", + "created_by": "COPY 15-local-resolvers.envsh /docker-entrypoint.d # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-19T20:15:20.693399875Z", + "created_by": "COPY 20-envsubst-on-templates.sh /docker-entrypoint.d # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-19T20:15:20.71218327Z", + "created_by": "COPY 30-tune-worker-processes.sh /docker-entrypoint.d # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-19T20:15:20.71218327Z", + "created_by": "ENTRYPOINT [\"/docker-entrypoint.sh\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T20:15:20.71218327Z", + "created_by": "EXPOSE map[80/tcp:{}]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T20:15:20.71218327Z", + "created_by": "STOPSIGNAL SIGQUIT", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T20:15:20.71218327Z", + "created_by": "CMD [\"nginx\" \"-g\" \"daemon off;\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T21:17:45.223455148Z", + "created_by": "ENV NJS_VERSION=0.9.9", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T21:17:45.223455148Z", + "created_by": "ENV NJS_RELEASE=1", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T21:17:45.223455148Z", + "created_by": "ENV ACME_VERSION=0.4.1", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T21:17:45.223455148Z", + "created_by": "RUN /bin/sh -c set -x \u0026\u0026 apkArch=\"$(cat /etc/apk/arch)\" \u0026\u0026 nginxPackages=\" nginx=${NGINX_VERSION}-r${PKG_RELEASE} nginx-module-xslt=${NGINX_VERSION}-r${DYNPKG_RELEASE} nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} nginx-module-acme=${NGINX_VERSION}.${ACME_VERSION}-r${PKG_RELEASE} \" \u0026\u0026 apk add --no-cache --virtual .checksum-deps openssl \u0026\u0026 case \"$apkArch\" in x86_64|aarch64) apk add -X \"https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\\.[0-9]+' /etc/alpine-release)/main\" --no-cache $nginxPackages ;; *) set -x \u0026\u0026 tempDir=\"$(mktemp -d)\" \u0026\u0026 chown nobody:nobody $tempDir \u0026\u0026 apk add --no-cache --virtual .build-deps gcc libc-dev make openssl-dev pcre2-dev zlib-dev linux-headers libxslt-dev gd-dev geoip-dev libedit-dev bash alpine-sdk findutils curl cargo clang-libclang \u0026\u0026 su nobody -s /bin/sh -c \" export HOME=${tempDir} \u0026\u0026 cd ${tempDir} \u0026\u0026 curl -f -L -O https://github.com/nginx/pkg-oss/archive/3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz \u0026\u0026 PKGOSSCHECKSUM=\\\"83a117b77bf3f1ce7f227b75712766c1dec6bcfae0f1f87a9d522d1ef9b66a8ca550c3c0835b82e74e1242284be65126a1858a4fabd1dc9969ce8a7fd8e4681b *3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz\\\" \u0026\u0026 if [ \\\"\\$(openssl sha512 -r 3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz)\\\" = \\\"\\$PKGOSSCHECKSUM\\\" ]; then echo \\\"pkg-oss tarball checksum verification succeeded!\\\"; else echo \\\"pkg-oss tarball checksum verification failed!\\\"; exit 1; fi \u0026\u0026 tar xzvf 3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz \u0026\u0026 cd pkg-oss-3fdb8a9a864e5680a1d432aab681e40b7e269bb4 \u0026\u0026 cd alpine \u0026\u0026 export BUILDTARGET=\\\"module-geoip module-image-filter module-njs module-xslt module-acme\\\" \u0026\u0026 if [ \\\"\\$(apk --print-arch)\\\" = \\\"armhf\\\" ]; then BUILDTARGET=\\\"\\$( echo \\$BUILDTARGET | sed 's,module-acme,,' )\\\"; fi \u0026\u0026 make \\$BUILDTARGET \u0026\u0026 apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \u0026\u0026 abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \" \u0026\u0026 cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \u0026\u0026 apk del --no-network .build-deps \u0026\u0026 if [ \"$apkArch\" = \"armhf\" ]; then nginxPackages=\"$( echo $nginxPackages | sed 's,nginx-module-acme=.*,,')\"; fi \u0026\u0026 apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages ;; esac \u0026\u0026 apk del --no-network .checksum-deps \u0026\u0026 if [ -n \"$tempDir\" ]; then rm -rf \"$tempDir\"; fi \u0026\u0026 if [ -f \"/etc/apk/keys/abuild-key.rsa.pub\" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \u0026\u0026 apk add --no-cache curl ca-certificates # buildkit", + "comment": "buildkit.dockerfile.v0" + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1", + "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8", + "sha256:a1de419deb2439bf43af32ecd89cbdf0ca2aaa6faacf582011c37b5201a532e7", + "sha256:ad5fa0a24cd87e37fb848811a92c2a08f294e35e0cf5da9c1869b6c91a076505", + "sha256:6f189167f676fd6d05ce1e4077551cd67098c61e7e6a74ef470628be9a811b48", + "sha256:6b7f4e280528c3a7b1708bb91457637bbe8067349b8237c0a74e21e81bdf9ac0", + "sha256:ffd61943588a7a1e97a432e5c4e60e10844afe2933a16a32c14d8fdf5f3c5b32", + "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + ] + }, + "config": { + "Cmd": [ + "nginx", + "-g", + "daemon off;" + ], + "Entrypoint": [ + "/docker-entrypoint.sh" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "NGINX_VERSION=1.30.1", + "PKG_RELEASE=1", + "DYNPKG_RELEASE=1", + "NJS_VERSION=0.9.9", + "NJS_RELEASE=1", + "ACME_VERSION=0.4.1" + ], + "Labels": { + "maintainer": "NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e" + }, + "WorkingDir": "/", + "ExposedPorts": { + "80/tcp": {} + }, + "StopSignal": "SIGQUIT" + } + }, + "Layers": [ + { + "Size": 8732160, + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + { + "Size": 4737536, + "Digest": "sha256:2761f2b929073faf02088d1cd321e4cdd3134ccb2eb483426a89aa7a29d17031", + "DiffID": "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8" + }, + { + "Size": 3584, + "Digest": "sha256:9819a9bca5c765aec514db7e90c3dee6d699c76a611b592d388629f4b0f665eb", + "DiffID": "sha256:a1de419deb2439bf43af32ecd89cbdf0ca2aaa6faacf582011c37b5201a532e7" + }, + { + "Size": 4608, + "Digest": "sha256:9097b7c36bd7225e6e955ae7f0a02738f22dec88330b0816aa0c026386c1db79", + "DiffID": "sha256:ad5fa0a24cd87e37fb848811a92c2a08f294e35e0cf5da9c1869b6c91a076505" + }, + { + "Size": 2560, + "Digest": "sha256:d5e180c5634daea39efda1a8d35ea781126257c98fa38cd0374f6edcaa86a6e2", + "DiffID": "sha256:6f189167f676fd6d05ce1e4077551cd67098c61e7e6a74ef470628be9a811b48" + }, + { + "Size": 5120, + "Digest": "sha256:61194bdf8809d67a4145f10fb09173c8e7a28b51da484e25eece0ba02643fa88", + "DiffID": "sha256:6b7f4e280528c3a7b1708bb91457637bbe8067349b8237c0a74e21e81bdf9ac0" + }, + { + "Size": 7168, + "Digest": "sha256:6b213b30736dba71e4c92b43e31901658ff70cb96e46524740dce204b477c616", + "DiffID": "sha256:ffd61943588a7a1e97a432e5c4e60e10844afe2933a16a32c14d8fdf5f3c5b32" + }, + { + "Size": 50155520, + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + } + ] + } + ], + "Results": [ + { + "Target": "nginx:stable-alpine (alpine 3.23.4)", + "Class": "os-pkgs", + "Type": "alpine", + "Packages": [ + { + "ID": "alpine-baselayout@3.7.2-r0", + "Name": "alpine-baselayout", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout@3.7.2-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "ff3090489ca40326" + }, + "Version": "3.7.2-r0", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.7.2-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-baselayout-data@3.7.2-r0", + "busybox-binsh@1.37.0-r30" + ], + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:545aa6f291209af89932b761d9e422c2778596cc", + "InstalledFiles": [ + "etc/motd", + "etc/crontabs/root", + "etc/modprobe.d/aliases.conf", + "etc/modprobe.d/blacklist.conf", + "etc/modprobe.d/i386.conf", + "etc/profile.d/20locale.sh", + "etc/profile.d/README", + "etc/profile.d/color_prompt.sh.disabled", + "usr/lib/sysctl.d/00-alpine.conf", + "var/lock", + "var/run", + "var/spool/mail", + "var/spool/cron/crontabs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-baselayout-data@3.7.2-r0", + "Name": "alpine-baselayout-data", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.7.2-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "78c0ed61d7df9a7e" + }, + "Version": "3.7.2-r0", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.7.2-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:85816632dbce07ba7e9e7a629fa59eddbd1687fb", + "InstalledFiles": [ + "etc/fstab", + "etc/group", + "etc/hostname", + "etc/hosts", + "etc/inittab", + "etc/modules", + "etc/mtab", + "etc/nsswitch.conf", + "etc/passwd", + "etc/profile", + "etc/protocols", + "etc/services", + "etc/shadow", + "etc/shells", + "etc/sysctl.conf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-keys@2.6-r0", + "Name": "alpine-keys", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-keys@2.6-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "2c7cb90de388aa7d" + }, + "Version": "2.6-r0", + "Arch": "x86_64", + "SrcName": "alpine-keys", + "SrcVersion": "2.6-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:5c45a821cd6b84d543bbd7ff12a7de1855c5cd13", + "InstalledFiles": [ + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/loongarch64/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", + "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-release@3.23.4-r0", + "Name": "alpine-release", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-release@3.23.4-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "114fb0bc8cc9ff31" + }, + "Version": "3.23.4-r0", + "Arch": "x86_64", + "SrcName": "alpine-base", + "SrcVersion": "3.23.4-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-keys@2.6-r0" + ], + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:7ff0b58e52211bb31a84e2afdbcbff0620df55a1", + "InstalledFiles": [ + "etc/alpine-release", + "etc/issue", + "etc/os-release", + "etc/secfixes.d/alpine", + "usr/lib/os-release" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "aom-libs@3.13.1-r1", + "Name": "aom-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/aom-libs@3.13.1-r1?arch=x86_64\u0026distro=3.23.4", + "UID": "5c2e206a9e097520" + }, + "Version": "3.13.1-r1", + "Arch": "x86_64", + "SrcName": "aom", + "SrcVersion": "3.13.1-r1", + "Licenses": [ + "BSD-2-Clause", + "custom" + ], + "Maintainer": "Oleg Titov \u003coleg.titov@gmail.com\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:97b0c2dffcef97a0253876d015ca217de10b216a", + "InstalledFiles": [ + "usr/lib/libaom.so.3", + "usr/lib/libaom.so.3.13.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "apk-tools@3.0.6-r0", + "Name": "apk-tools", + "Identifier": { + "PURL": "pkg:apk/alpine/apk-tools@3.0.6-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "760256a5bdd94a07" + }, + "Version": "3.0.6-r0", + "Arch": "x86_64", + "SrcName": "apk-tools", + "SrcVersion": "3.0.6-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "ca-certificates-bundle@20260413-r0", + "libapk@3.0.6-r0", + "libcrypto3@3.5.6-r0", + "musl@1.2.5-r23", + "zlib@1.3.2-r0" + ], + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:86f3b3ef94d1cb213a4ed1187b34a6bb9f593033", + "InstalledFiles": [ + "sbin/apk" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "brotli-libs@1.2.0-r0", + "Name": "brotli-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/brotli-libs@1.2.0-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "234da2b3c350083b" + }, + "Version": "1.2.0-r0", + "Arch": "x86_64", + "SrcName": "brotli", + "SrcVersion": "1.2.0-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "prspkt \u003cprspkt@protonmail.com\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:0814694602f35d2741e916fdcb4c9a1e0ec50b42", + "InstalledFiles": [ + "usr/lib/libbrotlicommon.so.1", + "usr/lib/libbrotlicommon.so.1.2.0", + "usr/lib/libbrotlidec.so.1", + "usr/lib/libbrotlidec.so.1.2.0", + "usr/lib/libbrotlienc.so.1", + "usr/lib/libbrotlienc.so.1.2.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox@1.37.0-r30", + "Name": "busybox", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox@1.37.0-r30?arch=x86_64\u0026distro=3.23.4", + "UID": "9647681d0b54db77" + }, + "Version": "1.37.0-r30", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r30", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:f1347801bb96b1aa40d17f82237c3f4ff02a4725", + "InstalledFiles": [ + "bin/busybox", + "etc/securetty", + "etc/busybox-paths.d/busybox", + "etc/logrotate.d/acpid", + "etc/network/if-up.d/dad", + "etc/udhcpc/udhcpc.conf", + "usr/share/udhcpc/default.script" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox-binsh@1.37.0-r30", + "Name": "busybox-binsh", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r30?arch=x86_64\u0026distro=3.23.4", + "UID": "3e18d05d46a6f46f" + }, + "Version": "1.37.0-r30", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r30", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "busybox@1.37.0-r30" + ], + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:188d2d0110afa58e8a3e3e5fd424b2d996df7a09", + "InstalledFiles": [ + "bin/sh" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "c-ares@1.34.6-r0", + "Name": "c-ares", + "Identifier": { + "PURL": "pkg:apk/alpine/c-ares@1.34.6-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "5be96d5420bec243" + }, + "Version": "1.34.6-r0", + "Arch": "x86_64", + "SrcName": "c-ares", + "SrcVersion": "1.34.6-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:e3bb3ff47a277ff9409b8c4bb825099cfe2bcbe2", + "InstalledFiles": [ + "usr/lib/libcares.so.2", + "usr/lib/libcares.so.2.19.5" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates@20260413-r0", + "Name": "ca-certificates", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates@20260413-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "63ca5aff4886266d" + }, + "Version": "20260413-r0", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20260413-r0", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r30", + "libcrypto3@3.5.6-r0", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:af25e0f0a0412b141942909ed199144cc46f5bbc", + "InstalledFiles": [ + "etc/ca-certificates.conf", + "etc/apk/protected_paths.d/ca-certificates.list", + "etc/ca-certificates/update.d/certhash", + "usr/bin/c_rehash", + "usr/sbin/update-ca-certificates", + "usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", + "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", + "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", + "usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", + "usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", + "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", + "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", + "usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", + "usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", + "usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", + "usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", + "usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", + "usr/share/ca-certificates/mozilla/Certigna.crt", + "usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_2_2023.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_2_2023.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", + "usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", + "usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", + "usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", + "usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", + "usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", + "usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", + "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", + "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", + "usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", + "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", + "usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", + "usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/Izenpe.com.crt", + "usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", + "usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", + "usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", + "usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", + "usr/share/ca-certificates/mozilla/OISTE_Server_Root_ECC_G1.crt", + "usr/share/ca-certificates/mozilla/OISTE_Server_Root_RSA_G1.crt", + "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", + "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", + "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", + "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", + "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", + "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", + "usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", + "usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", + "usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", + "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", + "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", + "usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", + "usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", + "usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", + "usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", + "usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", + "usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", + "usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", + "usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", + "usr/share/ca-certificates/mozilla/SwissSign_RSA_TLS_Root_CA_2022_-_1.crt", + "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", + "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", + "usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", + "usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", + "usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", + "usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", + "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", + "usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", + "usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_TLS_ECC_Root_CA.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_TLS_RSA_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", + "usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", + "usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", + "usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", + "usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", + "usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", + "usr/share/ca-certificates/mozilla/e-Szigno_TLS_Root_CA_2023.crt", + "usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", + "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", + "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", + "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", + "usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", + "usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates-bundle@20260413-r0", + "Name": "ca-certificates-bundle", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates-bundle@20260413-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "d9471547e8751507" + }, + "Version": "20260413-r0", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20260413-r0", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:44c90827e10115cb6afec51081cb26785dc8f418", + "InstalledFiles": [ + "etc/ssl/cert.pem", + "etc/ssl/certs/ca-certificates.crt", + "etc/ssl1.1/cert.pem", + "etc/ssl1.1/certs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "curl@8.19.0-r0", + "Name": "curl", + "Identifier": { + "PURL": "pkg:apk/alpine/curl@8.19.0-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "f9ecf01e03ce7fef" + }, + "Version": "8.19.0-r0", + "Arch": "x86_64", + "SrcName": "curl", + "SrcVersion": "8.19.0-r0", + "Licenses": [ + "curl" + ], + "Maintainer": "Achill Gilgenast \u003cachill@achill.org\u003e", + "DependsOn": [ + "libcurl@8.19.0-r0", + "musl@1.2.5-r23", + "zlib@1.3.2-r0" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:812f1083cfc10c65b05b05bb4adfa3acb5cf6058", + "InstalledFiles": [ + "usr/bin/curl", + "usr/bin/wcurl" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "fontconfig@2.17.1-r0", + "Name": "fontconfig", + "Identifier": { + "PURL": "pkg:apk/alpine/fontconfig@2.17.1-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "d805dd422ee9c232" + }, + "Version": "2.17.1-r0", + "Arch": "x86_64", + "SrcName": "fontconfig", + "SrcVersion": "2.17.1-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r30", + "freetype@2.14.1-r0", + "libexpat@2.7.5-r0", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:8037b007516a65d246442a781a05f627073394d0", + "InstalledFiles": [ + "etc/fonts/fonts.conf", + "etc/fonts/conf.d/10-hinting-slight.conf", + "etc/fonts/conf.d/10-scale-bitmap-fonts.conf", + "etc/fonts/conf.d/10-sub-pixel-none.conf", + "etc/fonts/conf.d/10-yes-antialias.conf", + "etc/fonts/conf.d/11-lcdfilter-default.conf", + "etc/fonts/conf.d/20-unhint-small-vera.conf", + "etc/fonts/conf.d/30-metric-aliases.conf", + "etc/fonts/conf.d/40-nonlatin.conf", + "etc/fonts/conf.d/45-generic.conf", + "etc/fonts/conf.d/45-latin.conf", + "etc/fonts/conf.d/48-spacing.conf", + "etc/fonts/conf.d/49-sansserif.conf", + "etc/fonts/conf.d/50-user.conf", + "etc/fonts/conf.d/51-local.conf", + "etc/fonts/conf.d/60-generic.conf", + "etc/fonts/conf.d/60-latin.conf", + "etc/fonts/conf.d/65-fonts-persian.conf", + "etc/fonts/conf.d/65-nonlatin.conf", + "etc/fonts/conf.d/69-unifont.conf", + "etc/fonts/conf.d/70-no-bitmaps-except-emoji.conf", + "etc/fonts/conf.d/80-delicious.conf", + "etc/fonts/conf.d/90-synthetic.conf", + "etc/fonts/conf.d/README", + "usr/bin/fc-cache", + "usr/bin/fc-cat", + "usr/bin/fc-conflist", + "usr/bin/fc-list", + "usr/bin/fc-match", + "usr/bin/fc-pattern", + "usr/bin/fc-query", + "usr/bin/fc-scan", + "usr/bin/fc-validate", + "usr/lib/libfontconfig.so.1", + "usr/lib/libfontconfig.so.1.16.1", + "usr/share/fontconfig/conf.avail/05-reset-dirs-sample.conf", + "usr/share/fontconfig/conf.avail/09-autohint-if-no-hinting.conf", + "usr/share/fontconfig/conf.avail/10-autohint.conf", + "usr/share/fontconfig/conf.avail/10-hinting-full.conf", + "usr/share/fontconfig/conf.avail/10-hinting-medium.conf", + "usr/share/fontconfig/conf.avail/10-hinting-none.conf", + "usr/share/fontconfig/conf.avail/10-hinting-slight.conf", + "usr/share/fontconfig/conf.avail/10-no-antialias.conf", + "usr/share/fontconfig/conf.avail/10-scale-bitmap-fonts.conf", + "usr/share/fontconfig/conf.avail/10-sub-pixel-bgr.conf", + "usr/share/fontconfig/conf.avail/10-sub-pixel-none.conf", + "usr/share/fontconfig/conf.avail/10-sub-pixel-rgb.conf", + "usr/share/fontconfig/conf.avail/10-sub-pixel-vbgr.conf", + "usr/share/fontconfig/conf.avail/10-sub-pixel-vrgb.conf", + "usr/share/fontconfig/conf.avail/10-unhinted.conf", + "usr/share/fontconfig/conf.avail/10-yes-antialias.conf", + "usr/share/fontconfig/conf.avail/11-lcdfilter-default.conf", + "usr/share/fontconfig/conf.avail/11-lcdfilter-legacy.conf", + "usr/share/fontconfig/conf.avail/11-lcdfilter-light.conf", + "usr/share/fontconfig/conf.avail/11-lcdfilter-none.conf", + "usr/share/fontconfig/conf.avail/20-unhint-small-vera.conf", + "usr/share/fontconfig/conf.avail/25-unhint-nonlatin.conf", + "usr/share/fontconfig/conf.avail/30-metric-aliases.conf", + "usr/share/fontconfig/conf.avail/35-lang-normalize.conf", + "usr/share/fontconfig/conf.avail/40-nonlatin.conf", + "usr/share/fontconfig/conf.avail/45-generic.conf", + "usr/share/fontconfig/conf.avail/45-latin.conf", + "usr/share/fontconfig/conf.avail/48-guessfamily.conf", + "usr/share/fontconfig/conf.avail/48-spacing.conf", + "usr/share/fontconfig/conf.avail/49-sansserif.conf", + "usr/share/fontconfig/conf.avail/50-user.conf", + "usr/share/fontconfig/conf.avail/51-local.conf", + "usr/share/fontconfig/conf.avail/60-generic.conf", + "usr/share/fontconfig/conf.avail/60-latin.conf", + "usr/share/fontconfig/conf.avail/65-fonts-persian.conf", + "usr/share/fontconfig/conf.avail/65-khmer.conf", + "usr/share/fontconfig/conf.avail/65-nonlatin.conf", + "usr/share/fontconfig/conf.avail/69-unifont.conf", + "usr/share/fontconfig/conf.avail/70-no-bitmaps-and-emoji.conf", + "usr/share/fontconfig/conf.avail/70-no-bitmaps-except-emoji.conf", + "usr/share/fontconfig/conf.avail/70-no-bitmaps.conf", + "usr/share/fontconfig/conf.avail/70-yes-bitmaps.conf", + "usr/share/fontconfig/conf.avail/80-delicious.conf", + "usr/share/fontconfig/conf.avail/90-synthetic.conf", + "usr/share/xml/fontconfig/fonts.dtd" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "freetype@2.14.1-r0", + "Name": "freetype", + "Identifier": { + "PURL": "pkg:apk/alpine/freetype@2.14.1-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "d0ae0a3d160c9ff2" + }, + "Version": "2.14.1-r0", + "Arch": "x86_64", + "SrcName": "freetype", + "SrcVersion": "2.14.1-r0", + "Licenses": [ + "FTL", + "GPL-2.0-or-later" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "brotli-libs@1.2.0-r0", + "libbz2@1.0.8-r6", + "libpng@1.6.58-r1", + "musl@1.2.5-r23", + "zlib@1.3.2-r0" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:e227f29a00edd7ed5b1e62a050da6532183e60be", + "InstalledFiles": [ + "usr/lib/libfreetype.so.6", + "usr/lib/libfreetype.so.6.20.4" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "geoip@1.6.12-r6", + "Name": "geoip", + "Identifier": { + "PURL": "pkg:apk/alpine/geoip@1.6.12-r6?arch=x86_64\u0026distro=3.23.4", + "UID": "e21c96f348abf9a7" + }, + "Version": "1.6.12-r6", + "Arch": "x86_64", + "SrcName": "geoip", + "SrcVersion": "1.6.12-r6", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Leonardo Arena \u003crnalrd@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:8f2ea64ecb173949f03ec2371db4b534f142450f", + "InstalledFiles": [ + "usr/bin/geoiplookup", + "usr/bin/geoiplookup6", + "usr/lib/libGeoIP.so.1", + "usr/lib/libGeoIP.so.1.6.12" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "gettext-envsubst@0.24.1-r1", + "Name": "gettext-envsubst", + "Identifier": { + "PURL": "pkg:apk/alpine/gettext-envsubst@0.24.1-r1?arch=x86_64\u0026distro=3.23.4", + "UID": "74b745a88adcfea9" + }, + "Version": "0.24.1-r1", + "Arch": "x86_64", + "SrcName": "gettext", + "SrcVersion": "0.24.1-r1", + "Licenses": [ + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "MIT" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "libintl@0.24.1-r1", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:2761f2b929073faf02088d1cd321e4cdd3134ccb2eb483426a89aa7a29d17031", + "DiffID": "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8" + }, + "Digest": "sha1:7593f7d82a7c943f0114a5f700788c53afb8a554", + "InstalledFiles": [ + "usr/bin/envsubst" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libapk@3.0.6-r0", + "Name": "libapk", + "Identifier": { + "PURL": "pkg:apk/alpine/libapk@3.0.6-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "47dcfb9093b112c1" + }, + "Version": "3.0.6-r0", + "Arch": "x86_64", + "SrcName": "apk-tools", + "SrcVersion": "3.0.6-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcrypto3@3.5.6-r0", + "libssl3@3.5.6-r0", + "musl@1.2.5-r23", + "zlib@1.3.2-r0" + ], + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:f064c8318c4f7f17da6a490921ce0d5e709fc063", + "InstalledFiles": [ + "usr/lib/libapk.so.3.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libavif@1.3.0-r0", + "Name": "libavif", + "Identifier": { + "PURL": "pkg:apk/alpine/libavif@1.3.0-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "655cdbc6c9ce9e5b" + }, + "Version": "1.3.0-r0", + "Arch": "x86_64", + "SrcName": "libavif", + "SrcVersion": "1.3.0-r0", + "Licenses": [ + "BSD-2-Clause" + ], + "Maintainer": "Bart Ribbers \u003cbribbers@disroot.org\u003e", + "DependsOn": [ + "aom-libs@3.13.1-r1", + "libdav1d@1.5.2-r0", + "libyuv@0.0.1887.20251502-r1", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:6e0e61c8a9d1cb5a4a5f3faa64fb597844614f93", + "InstalledFiles": [ + "usr/lib/libavif.so.16", + "usr/lib/libavif.so.16.3.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libbsd@0.12.2-r0", + "Name": "libbsd", + "Identifier": { + "PURL": "pkg:apk/alpine/libbsd@0.12.2-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "dd77a74c79623bb3" + }, + "Version": "0.12.2-r0", + "Arch": "x86_64", + "SrcName": "libbsd", + "SrcVersion": "0.12.2-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libmd@1.1.0-r0", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:33970b157edad359d05a2c3e6f3460e725549c8b", + "InstalledFiles": [ + "usr/lib/libbsd.so.0", + "usr/lib/libbsd.so.0.12.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libbz2@1.0.8-r6", + "Name": "libbz2", + "Identifier": { + "PURL": "pkg:apk/alpine/libbz2@1.0.8-r6?arch=x86_64\u0026distro=3.23.4", + "UID": "d5d1649d0ebe2b41" + }, + "Version": "1.0.8-r6", + "Arch": "x86_64", + "SrcName": "bzip2", + "SrcVersion": "1.0.8-r6", + "Licenses": [ + "bzip-2-1.0.6" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:864d363da11ee24c7920e0d052d2da7f8429251e", + "InstalledFiles": [ + "usr/lib/libbz2.so.1", + "usr/lib/libbz2.so.1.0.8" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcrypto3@3.5.6-r0", + "Name": "libcrypto3", + "Identifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.6-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "975680d851f10fda" + }, + "Version": "3.5.6-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.5.6-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:9e7a866d0d052d290d3f9d621a4c89214188acff", + "InstalledFiles": [ + "etc/ssl/ct_log_list.cnf", + "etc/ssl/ct_log_list.cnf.dist", + "etc/ssl/openssl.cnf", + "etc/ssl/openssl.cnf.dist", + "usr/lib/libcrypto.so.3", + "usr/lib/engines-3/afalg.so", + "usr/lib/engines-3/capi.so", + "usr/lib/engines-3/loader_attic.so", + "usr/lib/engines-3/padlock.so", + "usr/lib/ossl-modules/legacy.so" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcurl@8.19.0-r0", + "Name": "libcurl", + "Identifier": { + "PURL": "pkg:apk/alpine/libcurl@8.19.0-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "ae99b13d03576e54" + }, + "Version": "8.19.0-r0", + "Arch": "x86_64", + "SrcName": "curl", + "SrcVersion": "8.19.0-r0", + "Licenses": [ + "curl" + ], + "Maintainer": "Achill Gilgenast \u003cachill@achill.org\u003e", + "DependsOn": [ + "brotli-libs@1.2.0-r0", + "c-ares@1.34.6-r0", + "ca-certificates-bundle@20260413-r0", + "libcrypto3@3.5.6-r0", + "libidn2@2.3.8-r0", + "libpsl@0.21.5-r3", + "libssl3@3.5.6-r0", + "musl@1.2.5-r23", + "nghttp2-libs@1.69.0-r0", + "zlib@1.3.2-r0", + "zstd-libs@1.5.7-r2" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:c833586b6e5dcd4a10da7cf354b01d9e0ee10da8", + "InstalledFiles": [ + "usr/lib/libcurl.so.4", + "usr/lib/libcurl.so.4.8.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libdav1d@1.5.2-r0", + "Name": "libdav1d", + "Identifier": { + "PURL": "pkg:apk/alpine/libdav1d@1.5.2-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "470e133c6bf6f9c4" + }, + "Version": "1.5.2-r0", + "Arch": "x86_64", + "SrcName": "dav1d", + "SrcVersion": "1.5.2-r0", + "Licenses": [ + "BSD-2-Clause" + ], + "Maintainer": "Bart Ribbers \u003cbribbers@disroot.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:62a9676453a8b99cfb42148cfd26df3b964bcc1b", + "InstalledFiles": [ + "usr/lib/libdav1d.so.7", + "usr/lib/libdav1d.so.7.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libedit@20251016.3.1-r0", + "Name": "libedit", + "Identifier": { + "PURL": "pkg:apk/alpine/libedit@20251016.3.1-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "4cd9b43219994542" + }, + "Version": "20251016.3.1-r0", + "Arch": "x86_64", + "SrcName": "libedit", + "SrcVersion": "20251016.3.1-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Celeste \u003ccielesti@protonmail.com\u003e", + "DependsOn": [ + "libncursesw@6.5_p20251123-r0", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:463f69335a3223b1ce6856ce3bef5c03fee721bf", + "InstalledFiles": [ + "usr/lib/libedit.so.0", + "usr/lib/libedit.so.0.0.76" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libexpat@2.7.5-r0", + "Name": "libexpat", + "Identifier": { + "PURL": "pkg:apk/alpine/libexpat@2.7.5-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "28e722d1da61bc2e" + }, + "Version": "2.7.5-r0", + "Arch": "x86_64", + "SrcName": "expat", + "SrcVersion": "2.7.5-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:5760d53ddd7cca8a742c672e4e00a475718eacaa", + "InstalledFiles": [ + "usr/lib/libexpat.so.1", + "usr/lib/libexpat.so.1.11.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libgcc@15.2.0-r2", + "Name": "libgcc", + "Identifier": { + "PURL": "pkg:apk/alpine/libgcc@15.2.0-r2?arch=x86_64\u0026distro=3.23.4", + "UID": "89fff20701e56ab7" + }, + "Version": "15.2.0-r2", + "Arch": "x86_64", + "SrcName": "gcc", + "SrcVersion": "15.2.0-r2", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:57fccbe9eebf23f2c4f38ee2a24f8b0bdd508ff7", + "InstalledFiles": [ + "usr/lib/libgcc_s.so.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libgd@2.3.3-r10", + "Name": "libgd", + "Identifier": { + "PURL": "pkg:apk/alpine/libgd@2.3.3-r10?arch=x86_64\u0026distro=3.23.4", + "UID": "b67312ef2319dd49" + }, + "Version": "2.3.3-r10", + "Arch": "x86_64", + "SrcName": "gd", + "SrcVersion": "2.3.3-r10", + "Licenses": [ + "GD" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "fontconfig@2.17.1-r0", + "freetype@2.14.1-r0", + "libavif@1.3.0-r0", + "libjpeg-turbo@3.1.2-r0", + "libpng@1.6.58-r1", + "libwebp@1.6.0-r0", + "libxpm@3.5.19-r0", + "musl@1.2.5-r23", + "tiff@4.7.1-r0", + "zlib@1.3.2-r0" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:948454e00c660b6ddf1338a857959222f0888336", + "InstalledFiles": [ + "usr/lib/libgd.so.3", + "usr/lib/libgd.so.3.0.11" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libice@1.1.2-r0", + "Name": "libice", + "Identifier": { + "PURL": "pkg:apk/alpine/libice@1.1.2-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "3348caa25e2ecdc4" + }, + "Version": "1.1.2-r0", + "Arch": "x86_64", + "SrcName": "libice", + "SrcVersion": "1.1.2-r0", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:997a01303f63cee0ba9773f0cd9b26b2eb5e6ace", + "InstalledFiles": [ + "usr/lib/libICE.so.6", + "usr/lib/libICE.so.6.3.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libidn2@2.3.8-r0", + "Name": "libidn2", + "Identifier": { + "PURL": "pkg:apk/alpine/libidn2@2.3.8-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "f2e21ad261c22630" + }, + "Version": "2.3.8-r0", + "Arch": "x86_64", + "SrcName": "libidn2", + "SrcVersion": "2.3.8-r0", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libunistring@1.4.1-r0", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:b8c5bfa365da5c360a01230db4d71e65af94af3d", + "InstalledFiles": [ + "usr/lib/libidn2.so.0", + "usr/lib/libidn2.so.0.4.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libintl@0.24.1-r1", + "Name": "libintl", + "Identifier": { + "PURL": "pkg:apk/alpine/libintl@0.24.1-r1?arch=x86_64\u0026distro=3.23.4", + "UID": "6b922bec7f8abaa" + }, + "Version": "0.24.1-r1", + "Arch": "x86_64", + "SrcName": "gettext", + "SrcVersion": "0.24.1-r1", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:2761f2b929073faf02088d1cd321e4cdd3134ccb2eb483426a89aa7a29d17031", + "DiffID": "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8" + }, + "Digest": "sha1:0222324bb4dfd35e8a3ec821c86eb5afbd43a3af", + "InstalledFiles": [ + "usr/lib/libintl.so.8", + "usr/lib/libintl.so.8.4.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libjpeg-turbo@3.1.2-r0", + "Name": "libjpeg-turbo", + "Identifier": { + "PURL": "pkg:apk/alpine/libjpeg-turbo@3.1.2-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "76e9eea31b92641e" + }, + "Version": "3.1.2-r0", + "Arch": "x86_64", + "SrcName": "libjpeg-turbo", + "SrcVersion": "3.1.2-r0", + "Licenses": [ + "BSD-3-Clause", + "IJG", + "Zlib" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:aa025fb7ecf9bd65ef2afe47e3740639521e09ce", + "InstalledFiles": [ + "usr/lib/libjpeg.so.8", + "usr/lib/libjpeg.so.8.3.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libmd@1.1.0-r0", + "Name": "libmd", + "Identifier": { + "PURL": "pkg:apk/alpine/libmd@1.1.0-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "53cb33d88e504fac" + }, + "Version": "1.1.0-r0", + "Arch": "x86_64", + "SrcName": "libmd", + "SrcVersion": "1.1.0-r0", + "Licenses": [ + "BSD-3-Clause", + "BSD-2-Clause", + "ISC", + "Beerware", + "Public", + "Domain" + ], + "Maintainer": "omni \u003comni+alpine@hack.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:ce7c57bd1f6628da8ba0d3f2ac18f6d8c93c0346", + "InstalledFiles": [ + "usr/lib/libmd.so.0", + "usr/lib/libmd.so.0.1.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libncursesw@6.5_p20251123-r0", + "Name": "libncursesw", + "Identifier": { + "PURL": "pkg:apk/alpine/libncursesw@6.5_p20251123-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "edc30eb15f442d49" + }, + "Version": "6.5_p20251123-r0", + "Arch": "x86_64", + "SrcName": "ncurses", + "SrcVersion": "6.5_p20251123-r0", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23", + "ncurses-terminfo-base@6.5_p20251123-r0" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:649d3041c52b80620fb50a98f5979d25ebbe1523", + "InstalledFiles": [ + "usr/lib/libncursesw.so.6", + "usr/lib/libncursesw.so.6.5" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libpng@1.6.58-r1", + "Name": "libpng", + "Identifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.58-r1?arch=x86_64\u0026distro=3.23.4", + "UID": "f22fca42d750ae4d" + }, + "Version": "1.6.58-r1", + "Arch": "x86_64", + "SrcName": "libpng", + "SrcVersion": "1.6.58-r1", + "Licenses": [ + "Libpng" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23", + "zlib@1.3.2-r0" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:2dce71ea975aa82cbbcfcaac80af209bc84dd3c8", + "InstalledFiles": [ + "usr/lib/libpng16.so.16", + "usr/lib/libpng16.so.16.58.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libpsl@0.21.5-r3", + "Name": "libpsl", + "Identifier": { + "PURL": "pkg:apk/alpine/libpsl@0.21.5-r3?arch=x86_64\u0026distro=3.23.4", + "UID": "3b2044e446534821" + }, + "Version": "0.21.5-r3", + "Arch": "x86_64", + "SrcName": "libpsl", + "SrcVersion": "0.21.5-r3", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libidn2@2.3.8-r0", + "libunistring@1.4.1-r0", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:b663c00f920a93be49c825555aa1a212e4287393", + "InstalledFiles": [ + "usr/lib/libpsl.so.5", + "usr/lib/libpsl.so.5.3.5" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libsharpyuv@1.6.0-r0", + "Name": "libsharpyuv", + "Identifier": { + "PURL": "pkg:apk/alpine/libsharpyuv@1.6.0-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "73fb52723f19371d" + }, + "Version": "1.6.0-r0", + "Arch": "x86_64", + "SrcName": "libwebp", + "SrcVersion": "1.6.0-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:9bbf3958ac62e163084cde753276246e56ff298b", + "InstalledFiles": [ + "usr/lib/libsharpyuv.so.0", + "usr/lib/libsharpyuv.so.0.1.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libsm@1.2.6-r0", + "Name": "libsm", + "Identifier": { + "PURL": "pkg:apk/alpine/libsm@1.2.6-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "5b884a45ca171ccf" + }, + "Version": "1.2.6-r0", + "Arch": "x86_64", + "SrcName": "libsm", + "SrcVersion": "1.2.6-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libice@1.1.2-r0", + "libuuid@2.41.4-r0", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:244b3b3e68f3c6c11c6202320109d460a2498e76", + "InstalledFiles": [ + "usr/lib/libSM.so.6", + "usr/lib/libSM.so.6.0.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libssl3@3.5.6-r0", + "Name": "libssl3", + "Identifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.6-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "aece396067dff154" + }, + "Version": "3.5.6-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.5.6-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcrypto3@3.5.6-r0", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:5a2620d507434903b747470a76b47e24b222de5e", + "InstalledFiles": [ + "usr/lib/libssl.so.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libstdc++@15.2.0-r2", + "Name": "libstdc++", + "Identifier": { + "PURL": "pkg:apk/alpine/libstdc%2B%2B@15.2.0-r2?arch=x86_64\u0026distro=3.23.4", + "UID": "3ff8ae215a6a54a6" + }, + "Version": "15.2.0-r2", + "Arch": "x86_64", + "SrcName": "gcc", + "SrcVersion": "15.2.0-r2", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", + "DependsOn": [ + "libgcc@15.2.0-r2", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:528d77417a16706468af852f2859ad00f176e266", + "InstalledFiles": [ + "usr/lib/libstdc++.so.6", + "usr/lib/libstdc++.so.6.0.34" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libunistring@1.4.1-r0", + "Name": "libunistring", + "Identifier": { + "PURL": "pkg:apk/alpine/libunistring@1.4.1-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "97a3c9b2cf3d0f9e" + }, + "Version": "1.4.1-r0", + "Arch": "x86_64", + "SrcName": "libunistring", + "SrcVersion": "1.4.1-r0", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:6e56562bde456bee5971787d3d95c34e84ced797", + "InstalledFiles": [ + "usr/lib/libunistring.so.5", + "usr/lib/libunistring.so.5.2.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libuuid@2.41.4-r0", + "Name": "libuuid", + "Identifier": { + "PURL": "pkg:apk/alpine/libuuid@2.41.4-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "833419752375af8a" + }, + "Version": "2.41.4-r0", + "Arch": "x86_64", + "SrcName": "util-linux", + "SrcVersion": "2.41.4-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:d03966d821a1d9454e5576f96ec455824112fe46", + "InstalledFiles": [ + "usr/lib/libuuid.so.1", + "usr/lib/libuuid.so.1.3.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libwebp@1.6.0-r0", + "Name": "libwebp", + "Identifier": { + "PURL": "pkg:apk/alpine/libwebp@1.6.0-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "cf3db5e019392979" + }, + "Version": "1.6.0-r0", + "Arch": "x86_64", + "SrcName": "libwebp", + "SrcVersion": "1.6.0-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libsharpyuv@1.6.0-r0", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:46f79fe406ce611058a6c0ce995ebe85f7b73c7a", + "InstalledFiles": [ + "usr/lib/libwebp.so.7", + "usr/lib/libwebp.so.7.2.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libx11@1.8.12-r1", + "Name": "libx11", + "Identifier": { + "PURL": "pkg:apk/alpine/libx11@1.8.12-r1?arch=x86_64\u0026distro=3.23.4", + "UID": "e8538d9e85dca6bf" + }, + "Version": "1.8.12-r1", + "Arch": "x86_64", + "SrcName": "libx11", + "SrcVersion": "1.8.12-r1", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libxcb@1.17.0-r1", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:689b36ec47d6c9abb9cbd0c7067ba4636568dbd5", + "InstalledFiles": [ + "usr/lib/libX11-xcb.so.1", + "usr/lib/libX11-xcb.so.1.0.0", + "usr/lib/libX11.so.6", + "usr/lib/libX11.so.6.4.0", + "usr/share/X11/XErrorDB", + "usr/share/X11/Xcms.txt", + "usr/share/X11/locale/compose.dir", + "usr/share/X11/locale/locale.alias", + "usr/share/X11/locale/locale.dir", + "usr/share/X11/locale/C/Compose", + "usr/share/X11/locale/C/XI18N_OBJS", + "usr/share/X11/locale/C/XLC_LOCALE", + "usr/share/X11/locale/am_ET.UTF-8/Compose", + "usr/share/X11/locale/am_ET.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/am_ET.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/armscii-8/Compose", + "usr/share/X11/locale/armscii-8/XI18N_OBJS", + "usr/share/X11/locale/armscii-8/XLC_LOCALE", + "usr/share/X11/locale/cs_CZ.UTF-8/Compose", + "usr/share/X11/locale/cs_CZ.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/cs_CZ.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/el_GR.UTF-8/Compose", + "usr/share/X11/locale/el_GR.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/el_GR.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/en_US.UTF-8/Compose", + "usr/share/X11/locale/en_US.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/en_US.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/fi_FI.UTF-8/Compose", + "usr/share/X11/locale/fi_FI.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/fi_FI.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/georgian-academy/Compose", + "usr/share/X11/locale/georgian-academy/XI18N_OBJS", + "usr/share/X11/locale/georgian-academy/XLC_LOCALE", + "usr/share/X11/locale/georgian-ps/Compose", + "usr/share/X11/locale/georgian-ps/XI18N_OBJS", + "usr/share/X11/locale/georgian-ps/XLC_LOCALE", + "usr/share/X11/locale/ibm-cp1133/Compose", + "usr/share/X11/locale/ibm-cp1133/XI18N_OBJS", + "usr/share/X11/locale/ibm-cp1133/XLC_LOCALE", + "usr/share/X11/locale/iscii-dev/Compose", + "usr/share/X11/locale/iscii-dev/XI18N_OBJS", + "usr/share/X11/locale/iscii-dev/XLC_LOCALE", + "usr/share/X11/locale/isiri-3342/Compose", + "usr/share/X11/locale/isiri-3342/XI18N_OBJS", + "usr/share/X11/locale/isiri-3342/XLC_LOCALE", + "usr/share/X11/locale/iso8859-1/Compose", + "usr/share/X11/locale/iso8859-1/XI18N_OBJS", + "usr/share/X11/locale/iso8859-1/XLC_LOCALE", + "usr/share/X11/locale/iso8859-10/Compose", + "usr/share/X11/locale/iso8859-10/XI18N_OBJS", + "usr/share/X11/locale/iso8859-10/XLC_LOCALE", + "usr/share/X11/locale/iso8859-11/Compose", + "usr/share/X11/locale/iso8859-11/XI18N_OBJS", + "usr/share/X11/locale/iso8859-11/XLC_LOCALE", + "usr/share/X11/locale/iso8859-13/Compose", + "usr/share/X11/locale/iso8859-13/XI18N_OBJS", + "usr/share/X11/locale/iso8859-13/XLC_LOCALE", + "usr/share/X11/locale/iso8859-14/Compose", + "usr/share/X11/locale/iso8859-14/XI18N_OBJS", + "usr/share/X11/locale/iso8859-14/XLC_LOCALE", + "usr/share/X11/locale/iso8859-15/Compose", + "usr/share/X11/locale/iso8859-15/XI18N_OBJS", + "usr/share/X11/locale/iso8859-15/XLC_LOCALE", + "usr/share/X11/locale/iso8859-2/Compose", + "usr/share/X11/locale/iso8859-2/XI18N_OBJS", + "usr/share/X11/locale/iso8859-2/XLC_LOCALE", + "usr/share/X11/locale/iso8859-3/Compose", + "usr/share/X11/locale/iso8859-3/XI18N_OBJS", + "usr/share/X11/locale/iso8859-3/XLC_LOCALE", + "usr/share/X11/locale/iso8859-4/Compose", + "usr/share/X11/locale/iso8859-4/XI18N_OBJS", + "usr/share/X11/locale/iso8859-4/XLC_LOCALE", + "usr/share/X11/locale/iso8859-5/Compose", + "usr/share/X11/locale/iso8859-5/XI18N_OBJS", + "usr/share/X11/locale/iso8859-5/XLC_LOCALE", + "usr/share/X11/locale/iso8859-6/Compose", + "usr/share/X11/locale/iso8859-6/XI18N_OBJS", + "usr/share/X11/locale/iso8859-6/XLC_LOCALE", + "usr/share/X11/locale/iso8859-7/Compose", + "usr/share/X11/locale/iso8859-7/XI18N_OBJS", + "usr/share/X11/locale/iso8859-7/XLC_LOCALE", + "usr/share/X11/locale/iso8859-8/Compose", + "usr/share/X11/locale/iso8859-8/XI18N_OBJS", + "usr/share/X11/locale/iso8859-8/XLC_LOCALE", + "usr/share/X11/locale/iso8859-9/Compose", + "usr/share/X11/locale/iso8859-9/XI18N_OBJS", + "usr/share/X11/locale/iso8859-9/XLC_LOCALE", + "usr/share/X11/locale/iso8859-9e/Compose", + "usr/share/X11/locale/iso8859-9e/XI18N_OBJS", + "usr/share/X11/locale/iso8859-9e/XLC_LOCALE", + "usr/share/X11/locale/ja/Compose", + "usr/share/X11/locale/ja/XI18N_OBJS", + "usr/share/X11/locale/ja/XLC_LOCALE", + "usr/share/X11/locale/ja.JIS/Compose", + "usr/share/X11/locale/ja.JIS/XI18N_OBJS", + "usr/share/X11/locale/ja.JIS/XLC_LOCALE", + "usr/share/X11/locale/ja.SJIS/Compose", + "usr/share/X11/locale/ja.SJIS/XI18N_OBJS", + "usr/share/X11/locale/ja.SJIS/XLC_LOCALE", + "usr/share/X11/locale/ja_JP.UTF-8/Compose", + "usr/share/X11/locale/ja_JP.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/ja_JP.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/km_KH.UTF-8/Compose", + "usr/share/X11/locale/km_KH.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/km_KH.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/ko/Compose", + "usr/share/X11/locale/ko/XI18N_OBJS", + "usr/share/X11/locale/ko/XLC_LOCALE", + "usr/share/X11/locale/ko_KR.UTF-8/Compose", + "usr/share/X11/locale/ko_KR.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/ko_KR.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/koi8-c/Compose", + "usr/share/X11/locale/koi8-c/XI18N_OBJS", + "usr/share/X11/locale/koi8-c/XLC_LOCALE", + "usr/share/X11/locale/koi8-r/Compose", + "usr/share/X11/locale/koi8-r/XI18N_OBJS", + "usr/share/X11/locale/koi8-r/XLC_LOCALE", + "usr/share/X11/locale/koi8-u/Compose", + "usr/share/X11/locale/koi8-u/XI18N_OBJS", + "usr/share/X11/locale/koi8-u/XLC_LOCALE", + "usr/share/X11/locale/microsoft-cp1251/Compose", + "usr/share/X11/locale/microsoft-cp1251/XI18N_OBJS", + "usr/share/X11/locale/microsoft-cp1251/XLC_LOCALE", + "usr/share/X11/locale/microsoft-cp1255/Compose", + "usr/share/X11/locale/microsoft-cp1255/XI18N_OBJS", + "usr/share/X11/locale/microsoft-cp1255/XLC_LOCALE", + "usr/share/X11/locale/microsoft-cp1256/Compose", + "usr/share/X11/locale/microsoft-cp1256/XI18N_OBJS", + "usr/share/X11/locale/microsoft-cp1256/XLC_LOCALE", + "usr/share/X11/locale/mulelao-1/Compose", + "usr/share/X11/locale/mulelao-1/XI18N_OBJS", + "usr/share/X11/locale/mulelao-1/XLC_LOCALE", + "usr/share/X11/locale/nokhchi-1/Compose", + "usr/share/X11/locale/nokhchi-1/XI18N_OBJS", + "usr/share/X11/locale/nokhchi-1/XLC_LOCALE", + "usr/share/X11/locale/pt_BR.UTF-8/Compose", + "usr/share/X11/locale/pt_BR.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/pt_BR.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/pt_PT.UTF-8/Compose", + "usr/share/X11/locale/pt_PT.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/pt_PT.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/ru_RU.UTF-8/Compose", + "usr/share/X11/locale/ru_RU.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/ru_RU.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/sr_RS.UTF-8/Compose", + "usr/share/X11/locale/sr_RS.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/sr_RS.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/tatar-cyr/Compose", + "usr/share/X11/locale/tatar-cyr/XI18N_OBJS", + "usr/share/X11/locale/tatar-cyr/XLC_LOCALE", + "usr/share/X11/locale/th_TH/Compose", + "usr/share/X11/locale/th_TH/XI18N_OBJS", + "usr/share/X11/locale/th_TH/XLC_LOCALE", + "usr/share/X11/locale/th_TH.UTF-8/Compose", + "usr/share/X11/locale/th_TH.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/th_TH.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/tscii-0/Compose", + "usr/share/X11/locale/tscii-0/XI18N_OBJS", + "usr/share/X11/locale/tscii-0/XLC_LOCALE", + "usr/share/X11/locale/vi_VN.tcvn/Compose", + "usr/share/X11/locale/vi_VN.tcvn/XI18N_OBJS", + "usr/share/X11/locale/vi_VN.tcvn/XLC_LOCALE", + "usr/share/X11/locale/vi_VN.viscii/Compose", + "usr/share/X11/locale/vi_VN.viscii/XI18N_OBJS", + "usr/share/X11/locale/vi_VN.viscii/XLC_LOCALE", + "usr/share/X11/locale/zh_CN/Compose", + "usr/share/X11/locale/zh_CN/XI18N_OBJS", + "usr/share/X11/locale/zh_CN/XLC_LOCALE", + "usr/share/X11/locale/zh_CN.UTF-8/Compose", + "usr/share/X11/locale/zh_CN.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/zh_CN.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/zh_CN.gb18030/Compose", + "usr/share/X11/locale/zh_CN.gb18030/XI18N_OBJS", + "usr/share/X11/locale/zh_CN.gb18030/XLC_LOCALE", + "usr/share/X11/locale/zh_CN.gbk/Compose", + "usr/share/X11/locale/zh_CN.gbk/XI18N_OBJS", + "usr/share/X11/locale/zh_CN.gbk/XLC_LOCALE", + "usr/share/X11/locale/zh_HK.UTF-8/Compose", + "usr/share/X11/locale/zh_HK.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/zh_HK.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/zh_HK.big5/Compose", + "usr/share/X11/locale/zh_HK.big5/XI18N_OBJS", + "usr/share/X11/locale/zh_HK.big5/XLC_LOCALE", + "usr/share/X11/locale/zh_HK.big5hkscs/Compose", + "usr/share/X11/locale/zh_HK.big5hkscs/XI18N_OBJS", + "usr/share/X11/locale/zh_HK.big5hkscs/XLC_LOCALE", + "usr/share/X11/locale/zh_TW/Compose", + "usr/share/X11/locale/zh_TW/XI18N_OBJS", + "usr/share/X11/locale/zh_TW/XLC_LOCALE", + "usr/share/X11/locale/zh_TW.UTF-8/Compose", + "usr/share/X11/locale/zh_TW.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/zh_TW.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/zh_TW.big5/Compose", + "usr/share/X11/locale/zh_TW.big5/XI18N_OBJS", + "usr/share/X11/locale/zh_TW.big5/XLC_LOCALE" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libxau@1.0.12-r0", + "Name": "libxau", + "Identifier": { + "PURL": "pkg:apk/alpine/libxau@1.0.12-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "d485bce96f246b42" + }, + "Version": "1.0.12-r0", + "Arch": "x86_64", + "SrcName": "libxau", + "SrcVersion": "1.0.12-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:89d2bc9daae3cb0e2ae095db6866357b7653f341", + "InstalledFiles": [ + "usr/lib/libXau.so.6", + "usr/lib/libXau.so.6.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libxcb@1.17.0-r1", + "Name": "libxcb", + "Identifier": { + "PURL": "pkg:apk/alpine/libxcb@1.17.0-r1?arch=x86_64\u0026distro=3.23.4", + "UID": "9257eaebc5b55b2" + }, + "Version": "1.17.0-r1", + "Arch": "x86_64", + "SrcName": "libxcb", + "SrcVersion": "1.17.0-r1", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libxau@1.0.12-r0", + "libxdmcp@1.1.5-r1", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:61b06f883e8f8d2d8ee360e4dac04ac037fcca13", + "InstalledFiles": [ + "usr/lib/libxcb-composite.so.0", + "usr/lib/libxcb-composite.so.0.0.0", + "usr/lib/libxcb-damage.so.0", + "usr/lib/libxcb-damage.so.0.0.0", + "usr/lib/libxcb-dbe.so.0", + "usr/lib/libxcb-dbe.so.0.0.0", + "usr/lib/libxcb-dpms.so.0", + "usr/lib/libxcb-dpms.so.0.0.0", + "usr/lib/libxcb-dri2.so.0", + "usr/lib/libxcb-dri2.so.0.0.0", + "usr/lib/libxcb-dri3.so.0", + "usr/lib/libxcb-dri3.so.0.1.0", + "usr/lib/libxcb-glx.so.0", + "usr/lib/libxcb-glx.so.0.0.0", + "usr/lib/libxcb-present.so.0", + "usr/lib/libxcb-present.so.0.0.0", + "usr/lib/libxcb-randr.so.0", + "usr/lib/libxcb-randr.so.0.1.0", + "usr/lib/libxcb-record.so.0", + "usr/lib/libxcb-record.so.0.0.0", + "usr/lib/libxcb-render.so.0", + "usr/lib/libxcb-render.so.0.0.0", + "usr/lib/libxcb-res.so.0", + "usr/lib/libxcb-res.so.0.0.0", + "usr/lib/libxcb-screensaver.so.0", + "usr/lib/libxcb-screensaver.so.0.0.0", + "usr/lib/libxcb-shape.so.0", + "usr/lib/libxcb-shape.so.0.0.0", + "usr/lib/libxcb-shm.so.0", + "usr/lib/libxcb-shm.so.0.0.0", + "usr/lib/libxcb-sync.so.1", + "usr/lib/libxcb-sync.so.1.0.0", + "usr/lib/libxcb-xf86dri.so.0", + "usr/lib/libxcb-xf86dri.so.0.0.0", + "usr/lib/libxcb-xfixes.so.0", + "usr/lib/libxcb-xfixes.so.0.0.0", + "usr/lib/libxcb-xinerama.so.0", + "usr/lib/libxcb-xinerama.so.0.0.0", + "usr/lib/libxcb-xinput.so.0", + "usr/lib/libxcb-xinput.so.0.1.0", + "usr/lib/libxcb-xkb.so.1", + "usr/lib/libxcb-xkb.so.1.0.0", + "usr/lib/libxcb-xtest.so.0", + "usr/lib/libxcb-xtest.so.0.0.0", + "usr/lib/libxcb-xv.so.0", + "usr/lib/libxcb-xv.so.0.0.0", + "usr/lib/libxcb-xvmc.so.0", + "usr/lib/libxcb-xvmc.so.0.0.0", + "usr/lib/libxcb.so.1", + "usr/lib/libxcb.so.1.1.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libxdmcp@1.1.5-r1", + "Name": "libxdmcp", + "Identifier": { + "PURL": "pkg:apk/alpine/libxdmcp@1.1.5-r1?arch=x86_64\u0026distro=3.23.4", + "UID": "4ce7671300ab208e" + }, + "Version": "1.1.5-r1", + "Arch": "x86_64", + "SrcName": "libxdmcp", + "SrcVersion": "1.1.5-r1", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libbsd@0.12.2-r0", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:99a24c0fa12282b5ef89a6e732a8d494b7696d9d", + "InstalledFiles": [ + "usr/lib/libXdmcp.so.6", + "usr/lib/libXdmcp.so.6.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libxext@1.3.6-r2", + "Name": "libxext", + "Identifier": { + "PURL": "pkg:apk/alpine/libxext@1.3.6-r2?arch=x86_64\u0026distro=3.23.4", + "UID": "6995b5d26ca62497" + }, + "Version": "1.3.6-r2", + "Arch": "x86_64", + "SrcName": "libxext", + "SrcVersion": "1.3.6-r2", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libx11@1.8.12-r1", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:92fb4f12c2170403d6a48c7485ecaee40c84bee2", + "InstalledFiles": [ + "usr/lib/libXext.so.6", + "usr/lib/libXext.so.6.4.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libxml2@2.13.9-r0", + "Name": "libxml2", + "Identifier": { + "PURL": "pkg:apk/alpine/libxml2@2.13.9-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "a4c496351a710b02" + }, + "Version": "2.13.9-r0", + "Arch": "x86_64", + "SrcName": "libxml2", + "SrcVersion": "2.13.9-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23", + "xz-libs@5.8.3-r0", + "zlib@1.3.2-r0" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:9fb56eb6e62b7b6658a8abe14cded8d87a47ebc7", + "InstalledFiles": [ + "usr/lib/libxml2.so.2", + "usr/lib/libxml2.so.2.13.9" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libxpm@3.5.19-r0", + "Name": "libxpm", + "Identifier": { + "PURL": "pkg:apk/alpine/libxpm@3.5.19-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "9eb303ee5fb7801a" + }, + "Version": "3.5.19-r0", + "Arch": "x86_64", + "SrcName": "libxpm", + "SrcVersion": "3.5.19-r0", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libx11@1.8.12-r1", + "libxext@1.3.6-r2", + "libxt@1.3.1-r0", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:0c1b2467462bd516e1f3b514854ccca30e0e59c0", + "InstalledFiles": [ + "usr/bin/cxpm", + "usr/bin/sxpm", + "usr/lib/libXpm.so.4", + "usr/lib/libXpm.so.4.11.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libxslt@1.1.43-r3", + "Name": "libxslt", + "Identifier": { + "PURL": "pkg:apk/alpine/libxslt@1.1.43-r3?arch=x86_64\u0026distro=3.23.4", + "UID": "f615d2a6378e26e8" + }, + "Version": "1.1.43-r3", + "Arch": "x86_64", + "SrcName": "libxslt", + "SrcVersion": "1.1.43-r3", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libxml2@2.13.9-r0", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:7d73182371fbf2141e137329e5432b94551bdd1b", + "InstalledFiles": [ + "usr/bin/xsltproc", + "usr/lib/libexslt.so.0", + "usr/lib/libexslt.so.0.8.24", + "usr/lib/libxslt.so.1", + "usr/lib/libxslt.so.1.1.43" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libxt@1.3.1-r0", + "Name": "libxt", + "Identifier": { + "PURL": "pkg:apk/alpine/libxt@1.3.1-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "3def3ac035093072" + }, + "Version": "1.3.1-r0", + "Arch": "x86_64", + "SrcName": "libxt", + "SrcVersion": "1.3.1-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libice@1.1.2-r0", + "libsm@1.2.6-r0", + "libx11@1.8.12-r1", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:1cffd892c392dcaac9ad017c999f9e268b5f8ee1", + "InstalledFiles": [ + "usr/lib/libXt.so.6", + "usr/lib/libXt.so.6.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libyuv@0.0.1887.20251502-r1", + "Name": "libyuv", + "Identifier": { + "PURL": "pkg:apk/alpine/libyuv@0.0.1887.20251502-r1?arch=x86_64\u0026distro=3.23.4", + "UID": "85b1ea36bf9f477d" + }, + "Version": "0.0.1887.20251502-r1", + "Arch": "x86_64", + "SrcName": "libyuv", + "SrcVersion": "0.0.1887.20251502-r1", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Andy Postnikov \u003capostnikov@gmail.com\u003e", + "DependsOn": [ + "libgcc@15.2.0-r2", + "libjpeg-turbo@3.1.2-r0", + "libstdc++@15.2.0-r2", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:8335fd57f5a479534322e6ac74968fdc7564d8d0", + "InstalledFiles": [ + "usr/bin/yuvconvert", + "usr/lib/libyuv.so" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl@1.2.5-r23", + "Name": "musl", + "Identifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r23?arch=x86_64\u0026distro=3.23.4", + "UID": "dca30b3fd6708a32" + }, + "Version": "1.2.5-r23", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.5-r23", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:1b6c50426d3c0656e9c5a567a5a59601c7f4307a", + "InstalledFiles": [ + "lib/ld-musl-x86_64.so.1", + "lib/libc.musl-x86_64.so.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl-utils@1.2.5-r23", + "Name": "musl-utils", + "Identifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r23?arch=x86_64\u0026distro=3.23.4", + "UID": "ffcf7198a9776c5f" + }, + "Version": "1.2.5-r23", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.5-r23", + "Licenses": [ + "MIT", + "BSD-2-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23", + "scanelf@1.3.8-r2" + ], + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:92fdbe96d25f13fe3a3d297ada56e4fb907aacec", + "InstalledFiles": [ + "sbin/ldconfig", + "usr/bin/getconf", + "usr/bin/getent", + "usr/bin/iconv", + "usr/bin/ldd" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ncurses-terminfo-base@6.5_p20251123-r0", + "Name": "ncurses-terminfo-base", + "Identifier": { + "PURL": "pkg:apk/alpine/ncurses-terminfo-base@6.5_p20251123-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "5acf10991828fa7a" + }, + "Version": "6.5_p20251123-r0", + "Arch": "x86_64", + "SrcName": "ncurses", + "SrcVersion": "6.5_p20251123-r0", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:57bd1d8124ec957eefea2314bdf45b0ed1068cee", + "InstalledFiles": [ + "etc/terminfo/a/alacritty", + "etc/terminfo/a/ansi", + "etc/terminfo/d/dumb", + "etc/terminfo/g/gnome", + "etc/terminfo/g/gnome-256color", + "etc/terminfo/k/konsole", + "etc/terminfo/k/konsole-256color", + "etc/terminfo/k/konsole-linux", + "etc/terminfo/l/linux", + "etc/terminfo/p/putty", + "etc/terminfo/p/putty-256color", + "etc/terminfo/r/rxvt", + "etc/terminfo/r/rxvt-256color", + "etc/terminfo/s/screen", + "etc/terminfo/s/screen-256color", + "etc/terminfo/s/st-0.6", + "etc/terminfo/s/st-0.7", + "etc/terminfo/s/st-0.8", + "etc/terminfo/s/st-0.8.5", + "etc/terminfo/s/st-16color", + "etc/terminfo/s/st-256color", + "etc/terminfo/s/st-direct", + "etc/terminfo/s/sun", + "etc/terminfo/t/terminator", + "etc/terminfo/t/terminology", + "etc/terminfo/t/terminology-0.6.1", + "etc/terminfo/t/terminology-1.0.0", + "etc/terminfo/t/terminology-1.8.1", + "etc/terminfo/t/tmux", + "etc/terminfo/t/tmux-256color", + "etc/terminfo/v/vt100", + "etc/terminfo/v/vt102", + "etc/terminfo/v/vt200", + "etc/terminfo/v/vt220", + "etc/terminfo/v/vt52", + "etc/terminfo/v/vte", + "etc/terminfo/v/vte-256color", + "etc/terminfo/x/xterm", + "etc/terminfo/x/xterm-256color", + "etc/terminfo/x/xterm-color", + "etc/terminfo/x/xterm-xfree86" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "nghttp2-libs@1.69.0-r0", + "Name": "nghttp2-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/nghttp2-libs@1.69.0-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "1d18d06a4faec59f" + }, + "Version": "1.69.0-r0", + "Arch": "x86_64", + "SrcName": "nghttp2", + "SrcVersion": "1.69.0-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:6b8651227dd3f9155ded30ddc171757a7f5b91a5", + "InstalledFiles": [ + "usr/lib/libnghttp2.so.14", + "usr/lib/libnghttp2.so.14.29.4" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "nginx@1.30.1-r1", + "Name": "nginx", + "Identifier": { + "PURL": "pkg:apk/alpine/nginx@1.30.1-r1?arch=x86_64\u0026distro=3.23.4", + "UID": "ee93c3492a28a9" + }, + "Version": "1.30.1-r1", + "Arch": "x86_64", + "SrcName": "nginx", + "SrcVersion": "1.30.1-r1", + "Licenses": [ + "2-clause", + "BSD-3-Clause", + "license" + ], + "Maintainer": "NGINX Packaging \u003cnginx-packaging@f5.com\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r30", + "libcrypto3@3.5.6-r0", + "libssl3@3.5.6-r0", + "musl@1.2.5-r23", + "pcre2@10.47-r0", + "zlib@1.3.2-r0" + ], + "Layer": { + "Digest": "sha256:2761f2b929073faf02088d1cd321e4cdd3134ccb2eb483426a89aa7a29d17031", + "DiffID": "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8" + }, + "Digest": "sha1:d4ce2b457870cc3e0205f6314ddba7d47535d52d", + "InstalledFiles": [ + "etc/init.d/nginx", + "etc/init.d/nginx-debug", + "etc/logrotate.d/nginx", + "etc/nginx/fastcgi.conf", + "etc/nginx/fastcgi_params", + "etc/nginx/mime.types", + "etc/nginx/modules", + "etc/nginx/nginx.conf", + "etc/nginx/scgi_params", + "etc/nginx/uwsgi_params", + "etc/nginx/conf.d/default.conf", + "usr/sbin/nginx", + "usr/sbin/nginx-debug", + "usr/share/licenses/nginx/COPYRIGHT", + "usr/share/man/man8/nginx.8.gz", + "usr/share/nginx/html/50x.html", + "usr/share/nginx/html/index.html" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "nginx-module-acme@1.30.1.0.4.1-r1", + "Name": "nginx-module-acme", + "Identifier": { + "PURL": "pkg:apk/alpine/nginx-module-acme@1.30.1.0.4.1-r1?arch=x86_64\u0026distro=3.23.4", + "UID": "c9745c5a58d2c9cc" + }, + "Version": "1.30.1.0.4.1-r1", + "Arch": "x86_64", + "SrcName": "nginx-module-acme", + "SrcVersion": "1.30.1.0.4.1-r1", + "Licenses": [ + "2-clause", + "BSD-3-Clause", + "license" + ], + "Maintainer": "NGINX Packaging \u003cnginx-packaging@f5.com\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r30", + "libgcc@15.2.0-r2", + "musl@1.2.5-r23", + "nginx@1.30.1-r1" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:760fa970bf48788491402eddebdf5aa700d099bb", + "InstalledFiles": [ + "usr/lib/nginx/modules/ngx_http_acme_module-debug.so", + "usr/lib/nginx/modules/ngx_http_acme_module.so", + "usr/share/licenses/nginx-module-acme/COPYRIGHT" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "nginx-module-geoip@1.30.1-r1", + "Name": "nginx-module-geoip", + "Identifier": { + "PURL": "pkg:apk/alpine/nginx-module-geoip@1.30.1-r1?arch=x86_64\u0026distro=3.23.4", + "UID": "2f97b19406989bba" + }, + "Version": "1.30.1-r1", + "Arch": "x86_64", + "SrcName": "nginx-module-geoip", + "SrcVersion": "1.30.1-r1", + "Licenses": [ + "2-clause", + "BSD-3-Clause", + "license" + ], + "Maintainer": "NGINX Packaging \u003cnginx-packaging@f5.com\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r30", + "geoip@1.6.12-r6", + "musl@1.2.5-r23", + "nginx@1.30.1-r1" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:8b055c7c6aab9d456bc794009fe3ed76578ba6ee", + "InstalledFiles": [ + "usr/lib/nginx/modules/ngx_http_geoip_module-debug.so", + "usr/lib/nginx/modules/ngx_http_geoip_module.so", + "usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so", + "usr/lib/nginx/modules/ngx_stream_geoip_module.so", + "usr/share/licenses/nginx-module-geoip/COPYRIGHT" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "nginx-module-image-filter@1.30.1-r1", + "Name": "nginx-module-image-filter", + "Identifier": { + "PURL": "pkg:apk/alpine/nginx-module-image-filter@1.30.1-r1?arch=x86_64\u0026distro=3.23.4", + "UID": "ffb3020ef6edeefc" + }, + "Version": "1.30.1-r1", + "Arch": "x86_64", + "SrcName": "nginx-module-image-filter", + "SrcVersion": "1.30.1-r1", + "Licenses": [ + "2-clause", + "BSD-3-Clause", + "license" + ], + "Maintainer": "NGINX Packaging \u003cnginx-packaging@f5.com\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r30", + "libgd@2.3.3-r10", + "musl@1.2.5-r23", + "nginx@1.30.1-r1" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:a8f8c1b5f8401207e51387d4a458f3a88155191b", + "InstalledFiles": [ + "usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so", + "usr/lib/nginx/modules/ngx_http_image_filter_module.so", + "usr/share/licenses/nginx-module-image-filter/COPYRIGHT" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "nginx-module-njs@1.30.1.0.9.9-r1", + "Name": "nginx-module-njs", + "Identifier": { + "PURL": "pkg:apk/alpine/nginx-module-njs@1.30.1.0.9.9-r1?arch=x86_64\u0026distro=3.23.4", + "UID": "42e11b23b4d1132e" + }, + "Version": "1.30.1.0.9.9-r1", + "Arch": "x86_64", + "SrcName": "nginx-module-njs", + "SrcVersion": "1.30.1.0.9.9-r1", + "Licenses": [ + "2-clause", + "BSD-3-Clause", + "license" + ], + "Maintainer": "NGINX Packaging \u003cnginx-packaging@f5.com\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r30", + "libcrypto3@3.5.6-r0", + "libedit@20251016.3.1-r0", + "libxml2@2.13.9-r0", + "musl@1.2.5-r23", + "nginx@1.30.1-r1", + "pcre2@10.47-r0", + "zlib@1.3.2-r0" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:8a28f607e7900e7af8c82185d67e56c9695bbb23", + "InstalledFiles": [ + "usr/bin/njs", + "usr/lib/nginx/modules/ngx_http_js_module-debug.so", + "usr/lib/nginx/modules/ngx_http_js_module.so", + "usr/lib/nginx/modules/ngx_stream_js_module-debug.so", + "usr/lib/nginx/modules/ngx_stream_js_module.so", + "usr/share/doc/nginx-module-njs/CHANGES", + "usr/share/licenses/nginx-module-njs/COPYRIGHT" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "nginx-module-xslt@1.30.1-r1", + "Name": "nginx-module-xslt", + "Identifier": { + "PURL": "pkg:apk/alpine/nginx-module-xslt@1.30.1-r1?arch=x86_64\u0026distro=3.23.4", + "UID": "7ce6e6221b100df" + }, + "Version": "1.30.1-r1", + "Arch": "x86_64", + "SrcName": "nginx-module-xslt", + "SrcVersion": "1.30.1-r1", + "Licenses": [ + "2-clause", + "BSD-3-Clause", + "license" + ], + "Maintainer": "NGINX Packaging \u003cnginx-packaging@f5.com\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r30", + "libxml2@2.13.9-r0", + "libxslt@1.1.43-r3", + "musl@1.2.5-r23", + "nginx@1.30.1-r1" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:f406cf62e97083ef3b445dfe494fd467925ecc2e", + "InstalledFiles": [ + "usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so", + "usr/lib/nginx/modules/ngx_http_xslt_filter_module.so", + "usr/share/licenses/nginx-module-xslt/COPYRIGHT" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "pcre2@10.47-r0", + "Name": "pcre2", + "Identifier": { + "PURL": "pkg:apk/alpine/pcre2@10.47-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "75fb7d2fe836dfdc" + }, + "Version": "10.47-r0", + "Arch": "x86_64", + "SrcName": "pcre2", + "SrcVersion": "10.47-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:2761f2b929073faf02088d1cd321e4cdd3134ccb2eb483426a89aa7a29d17031", + "DiffID": "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8" + }, + "Digest": "sha1:549059958151627bb0f5469bded945988b1bc24b", + "InstalledFiles": [ + "usr/lib/libpcre2-8.so.0", + "usr/lib/libpcre2-8.so.0.15.0", + "usr/lib/libpcre2-posix.so.3", + "usr/lib/libpcre2-posix.so.3.0.7" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "scanelf@1.3.8-r2", + "Name": "scanelf", + "Identifier": { + "PURL": "pkg:apk/alpine/scanelf@1.3.8-r2?arch=x86_64\u0026distro=3.23.4", + "UID": "4efd612ed6f16dca" + }, + "Version": "1.3.8-r2", + "Arch": "x86_64", + "SrcName": "pax-utils", + "SrcVersion": "1.3.8-r2", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:6ea36dd44ef9f6364f0cdfabe09ea15d2fdbe229", + "InstalledFiles": [ + "usr/bin/scanelf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ssl_client@1.37.0-r30", + "Name": "ssl_client", + "Identifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r30?arch=x86_64\u0026distro=3.23.4", + "UID": "f1acb8f2a8f94f51" + }, + "Version": "1.37.0-r30", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r30", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "libcrypto3@3.5.6-r0", + "libssl3@3.5.6-r0", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:5b6ec0939cfc9be47d9677a3152c547cc18b5edd", + "InstalledFiles": [ + "usr/bin/ssl_client" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "tiff@4.7.1-r0", + "Name": "tiff", + "Identifier": { + "PURL": "pkg:apk/alpine/tiff@4.7.1-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "551adcb8b716f210" + }, + "Version": "4.7.1-r0", + "Arch": "x86_64", + "SrcName": "tiff", + "SrcVersion": "4.7.1-r0", + "Licenses": [ + "libtiff" + ], + "Maintainer": "Michael Mason \u003cms13sp@gmail.com\u003e", + "DependsOn": [ + "libjpeg-turbo@3.1.2-r0", + "libwebp@1.6.0-r0", + "musl@1.2.5-r23", + "zlib@1.3.2-r0", + "zstd-libs@1.5.7-r2" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:b92c3394d281f51345a9375da14f347b6c1619a6", + "InstalledFiles": [ + "usr/lib/libtiff.so.6", + "usr/lib/libtiff.so.6.2.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "tzdata@2026b-r0", + "Name": "tzdata", + "Identifier": { + "PURL": "pkg:apk/alpine/tzdata@2026b-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "86f2dfb9a4acee39" + }, + "Version": "2026b-r0", + "Arch": "x86_64", + "SrcName": "tzdata", + "SrcVersion": "2026b-r0", + "Licenses": [ + "Public-Domain" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:2761f2b929073faf02088d1cd321e4cdd3134ccb2eb483426a89aa7a29d17031", + "DiffID": "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8" + }, + "Digest": "sha1:2624b59cfb8182dfb3de19043c6867cd1b3e1779", + "InstalledFiles": [ + "usr/share/zoneinfo/CET", + "usr/share/zoneinfo/CST6CDT", + "usr/share/zoneinfo/Cuba", + "usr/share/zoneinfo/EET", + "usr/share/zoneinfo/EST", + "usr/share/zoneinfo/EST5EDT", + "usr/share/zoneinfo/Egypt", + "usr/share/zoneinfo/Eire", + "usr/share/zoneinfo/Factory", + "usr/share/zoneinfo/GB", + "usr/share/zoneinfo/GB-Eire", + "usr/share/zoneinfo/GMT", + "usr/share/zoneinfo/GMT+0", + "usr/share/zoneinfo/GMT-0", + "usr/share/zoneinfo/GMT0", + "usr/share/zoneinfo/Greenwich", + "usr/share/zoneinfo/HST", + "usr/share/zoneinfo/Hongkong", + "usr/share/zoneinfo/Iceland", + "usr/share/zoneinfo/Iran", + "usr/share/zoneinfo/Israel", + "usr/share/zoneinfo/Jamaica", + "usr/share/zoneinfo/Japan", + "usr/share/zoneinfo/Kwajalein", + "usr/share/zoneinfo/Libya", + "usr/share/zoneinfo/MET", + "usr/share/zoneinfo/MST", + "usr/share/zoneinfo/MST7MDT", + "usr/share/zoneinfo/NZ", + "usr/share/zoneinfo/NZ-CHAT", + "usr/share/zoneinfo/Navajo", + "usr/share/zoneinfo/PRC", + "usr/share/zoneinfo/PST8PDT", + "usr/share/zoneinfo/Poland", + "usr/share/zoneinfo/Portugal", + "usr/share/zoneinfo/ROC", + "usr/share/zoneinfo/ROK", + "usr/share/zoneinfo/Singapore", + "usr/share/zoneinfo/Turkey", + "usr/share/zoneinfo/UCT", + "usr/share/zoneinfo/UTC", + "usr/share/zoneinfo/Universal", + "usr/share/zoneinfo/W-SU", + "usr/share/zoneinfo/WET", + "usr/share/zoneinfo/Zulu", + "usr/share/zoneinfo/iso3166.tab", + "usr/share/zoneinfo/leap-seconds.list", + "usr/share/zoneinfo/posixrules", + "usr/share/zoneinfo/zone.tab", + "usr/share/zoneinfo/zone1970.tab", + "usr/share/zoneinfo/Africa/Abidjan", + "usr/share/zoneinfo/Africa/Accra", + "usr/share/zoneinfo/Africa/Addis_Ababa", + "usr/share/zoneinfo/Africa/Algiers", + "usr/share/zoneinfo/Africa/Asmara", + "usr/share/zoneinfo/Africa/Asmera", + "usr/share/zoneinfo/Africa/Bamako", + "usr/share/zoneinfo/Africa/Bangui", + "usr/share/zoneinfo/Africa/Banjul", + "usr/share/zoneinfo/Africa/Bissau", + "usr/share/zoneinfo/Africa/Blantyre", + "usr/share/zoneinfo/Africa/Brazzaville", + "usr/share/zoneinfo/Africa/Bujumbura", + "usr/share/zoneinfo/Africa/Cairo", + "usr/share/zoneinfo/Africa/Casablanca", + "usr/share/zoneinfo/Africa/Ceuta", + "usr/share/zoneinfo/Africa/Conakry", + "usr/share/zoneinfo/Africa/Dakar", + "usr/share/zoneinfo/Africa/Dar_es_Salaam", + "usr/share/zoneinfo/Africa/Djibouti", + "usr/share/zoneinfo/Africa/Douala", + "usr/share/zoneinfo/Africa/El_Aaiun", + "usr/share/zoneinfo/Africa/Freetown", + "usr/share/zoneinfo/Africa/Gaborone", + "usr/share/zoneinfo/Africa/Harare", + "usr/share/zoneinfo/Africa/Johannesburg", + "usr/share/zoneinfo/Africa/Juba", + "usr/share/zoneinfo/Africa/Kampala", + "usr/share/zoneinfo/Africa/Khartoum", + "usr/share/zoneinfo/Africa/Kigali", + "usr/share/zoneinfo/Africa/Kinshasa", + "usr/share/zoneinfo/Africa/Lagos", + "usr/share/zoneinfo/Africa/Libreville", + "usr/share/zoneinfo/Africa/Lome", + "usr/share/zoneinfo/Africa/Luanda", + "usr/share/zoneinfo/Africa/Lubumbashi", + "usr/share/zoneinfo/Africa/Lusaka", + "usr/share/zoneinfo/Africa/Malabo", + "usr/share/zoneinfo/Africa/Maputo", + "usr/share/zoneinfo/Africa/Maseru", + "usr/share/zoneinfo/Africa/Mbabane", + "usr/share/zoneinfo/Africa/Mogadishu", + "usr/share/zoneinfo/Africa/Monrovia", + "usr/share/zoneinfo/Africa/Nairobi", + "usr/share/zoneinfo/Africa/Ndjamena", + "usr/share/zoneinfo/Africa/Niamey", + "usr/share/zoneinfo/Africa/Nouakchott", + "usr/share/zoneinfo/Africa/Ouagadougou", + "usr/share/zoneinfo/Africa/Porto-Novo", + "usr/share/zoneinfo/Africa/Sao_Tome", + "usr/share/zoneinfo/Africa/Timbuktu", + "usr/share/zoneinfo/Africa/Tripoli", + "usr/share/zoneinfo/Africa/Tunis", + "usr/share/zoneinfo/Africa/Windhoek", + "usr/share/zoneinfo/America/Adak", + "usr/share/zoneinfo/America/Anchorage", + "usr/share/zoneinfo/America/Anguilla", + "usr/share/zoneinfo/America/Antigua", + "usr/share/zoneinfo/America/Araguaina", + "usr/share/zoneinfo/America/Aruba", + "usr/share/zoneinfo/America/Asuncion", + "usr/share/zoneinfo/America/Atikokan", + "usr/share/zoneinfo/America/Atka", + "usr/share/zoneinfo/America/Bahia", + "usr/share/zoneinfo/America/Bahia_Banderas", + "usr/share/zoneinfo/America/Barbados", + "usr/share/zoneinfo/America/Belem", + "usr/share/zoneinfo/America/Belize", + "usr/share/zoneinfo/America/Blanc-Sablon", + "usr/share/zoneinfo/America/Boa_Vista", + "usr/share/zoneinfo/America/Bogota", + "usr/share/zoneinfo/America/Boise", + "usr/share/zoneinfo/America/Buenos_Aires", + "usr/share/zoneinfo/America/Cambridge_Bay", + "usr/share/zoneinfo/America/Campo_Grande", + "usr/share/zoneinfo/America/Cancun", + "usr/share/zoneinfo/America/Caracas", + "usr/share/zoneinfo/America/Catamarca", + "usr/share/zoneinfo/America/Cayenne", + "usr/share/zoneinfo/America/Cayman", + "usr/share/zoneinfo/America/Chicago", + "usr/share/zoneinfo/America/Chihuahua", + "usr/share/zoneinfo/America/Ciudad_Juarez", + "usr/share/zoneinfo/America/Coral_Harbour", + "usr/share/zoneinfo/America/Cordoba", + "usr/share/zoneinfo/America/Costa_Rica", + "usr/share/zoneinfo/America/Coyhaique", + "usr/share/zoneinfo/America/Creston", + "usr/share/zoneinfo/America/Cuiaba", + "usr/share/zoneinfo/America/Curacao", + "usr/share/zoneinfo/America/Danmarkshavn", + "usr/share/zoneinfo/America/Dawson", + "usr/share/zoneinfo/America/Dawson_Creek", + "usr/share/zoneinfo/America/Denver", + "usr/share/zoneinfo/America/Detroit", + "usr/share/zoneinfo/America/Dominica", + "usr/share/zoneinfo/America/Edmonton", + "usr/share/zoneinfo/America/Eirunepe", + "usr/share/zoneinfo/America/El_Salvador", + "usr/share/zoneinfo/America/Ensenada", + "usr/share/zoneinfo/America/Fort_Nelson", + "usr/share/zoneinfo/America/Fort_Wayne", + "usr/share/zoneinfo/America/Fortaleza", + "usr/share/zoneinfo/America/Glace_Bay", + "usr/share/zoneinfo/America/Godthab", + "usr/share/zoneinfo/America/Goose_Bay", + "usr/share/zoneinfo/America/Grand_Turk", + "usr/share/zoneinfo/America/Grenada", + "usr/share/zoneinfo/America/Guadeloupe", + "usr/share/zoneinfo/America/Guatemala", + "usr/share/zoneinfo/America/Guayaquil", + "usr/share/zoneinfo/America/Guyana", + "usr/share/zoneinfo/America/Halifax", + "usr/share/zoneinfo/America/Havana", + "usr/share/zoneinfo/America/Hermosillo", + "usr/share/zoneinfo/America/Indianapolis", + "usr/share/zoneinfo/America/Inuvik", + "usr/share/zoneinfo/America/Iqaluit", + "usr/share/zoneinfo/America/Jamaica", + "usr/share/zoneinfo/America/Jujuy", + "usr/share/zoneinfo/America/Juneau", + "usr/share/zoneinfo/America/Knox_IN", + "usr/share/zoneinfo/America/Kralendijk", + "usr/share/zoneinfo/America/La_Paz", + "usr/share/zoneinfo/America/Lima", + "usr/share/zoneinfo/America/Los_Angeles", + "usr/share/zoneinfo/America/Louisville", + "usr/share/zoneinfo/America/Lower_Princes", + "usr/share/zoneinfo/America/Maceio", + "usr/share/zoneinfo/America/Managua", + "usr/share/zoneinfo/America/Manaus", + "usr/share/zoneinfo/America/Marigot", + "usr/share/zoneinfo/America/Martinique", + "usr/share/zoneinfo/America/Matamoros", + "usr/share/zoneinfo/America/Mazatlan", + "usr/share/zoneinfo/America/Mendoza", + "usr/share/zoneinfo/America/Menominee", + "usr/share/zoneinfo/America/Merida", + "usr/share/zoneinfo/America/Metlakatla", + "usr/share/zoneinfo/America/Mexico_City", + "usr/share/zoneinfo/America/Miquelon", + "usr/share/zoneinfo/America/Moncton", + "usr/share/zoneinfo/America/Monterrey", + "usr/share/zoneinfo/America/Montevideo", + "usr/share/zoneinfo/America/Montreal", + "usr/share/zoneinfo/America/Montserrat", + "usr/share/zoneinfo/America/Nassau", + "usr/share/zoneinfo/America/New_York", + "usr/share/zoneinfo/America/Nipigon", + "usr/share/zoneinfo/America/Nome", + "usr/share/zoneinfo/America/Noronha", + "usr/share/zoneinfo/America/Nuuk", + "usr/share/zoneinfo/America/Ojinaga", + "usr/share/zoneinfo/America/Panama", + "usr/share/zoneinfo/America/Pangnirtung", + "usr/share/zoneinfo/America/Paramaribo", + "usr/share/zoneinfo/America/Phoenix", + "usr/share/zoneinfo/America/Port-au-Prince", + "usr/share/zoneinfo/America/Port_of_Spain", + "usr/share/zoneinfo/America/Porto_Acre", + "usr/share/zoneinfo/America/Porto_Velho", + "usr/share/zoneinfo/America/Puerto_Rico", + "usr/share/zoneinfo/America/Punta_Arenas", + "usr/share/zoneinfo/America/Rainy_River", + "usr/share/zoneinfo/America/Rankin_Inlet", + "usr/share/zoneinfo/America/Recife", + "usr/share/zoneinfo/America/Regina", + "usr/share/zoneinfo/America/Resolute", + "usr/share/zoneinfo/America/Rio_Branco", + "usr/share/zoneinfo/America/Rosario", + "usr/share/zoneinfo/America/Santa_Isabel", + "usr/share/zoneinfo/America/Santarem", + "usr/share/zoneinfo/America/Santiago", + "usr/share/zoneinfo/America/Santo_Domingo", + "usr/share/zoneinfo/America/Sao_Paulo", + "usr/share/zoneinfo/America/Scoresbysund", + "usr/share/zoneinfo/America/Shiprock", + "usr/share/zoneinfo/America/Sitka", + "usr/share/zoneinfo/America/St_Barthelemy", + "usr/share/zoneinfo/America/St_Johns", + "usr/share/zoneinfo/America/St_Kitts", + "usr/share/zoneinfo/America/St_Lucia", + "usr/share/zoneinfo/America/St_Thomas", + "usr/share/zoneinfo/America/St_Vincent", + "usr/share/zoneinfo/America/Swift_Current", + "usr/share/zoneinfo/America/Tegucigalpa", + "usr/share/zoneinfo/America/Thule", + "usr/share/zoneinfo/America/Thunder_Bay", + "usr/share/zoneinfo/America/Tijuana", + "usr/share/zoneinfo/America/Toronto", + "usr/share/zoneinfo/America/Tortola", + "usr/share/zoneinfo/America/Vancouver", + "usr/share/zoneinfo/America/Virgin", + "usr/share/zoneinfo/America/Whitehorse", + "usr/share/zoneinfo/America/Winnipeg", + "usr/share/zoneinfo/America/Yakutat", + "usr/share/zoneinfo/America/Yellowknife", + "usr/share/zoneinfo/America/Argentina/Buenos_Aires", + "usr/share/zoneinfo/America/Argentina/Catamarca", + "usr/share/zoneinfo/America/Argentina/ComodRivadavia", + "usr/share/zoneinfo/America/Argentina/Cordoba", + "usr/share/zoneinfo/America/Argentina/Jujuy", + "usr/share/zoneinfo/America/Argentina/La_Rioja", + "usr/share/zoneinfo/America/Argentina/Mendoza", + "usr/share/zoneinfo/America/Argentina/Rio_Gallegos", + "usr/share/zoneinfo/America/Argentina/Salta", + "usr/share/zoneinfo/America/Argentina/San_Juan", + "usr/share/zoneinfo/America/Argentina/San_Luis", + "usr/share/zoneinfo/America/Argentina/Tucuman", + "usr/share/zoneinfo/America/Argentina/Ushuaia", + "usr/share/zoneinfo/America/Indiana/Indianapolis", + "usr/share/zoneinfo/America/Indiana/Knox", + "usr/share/zoneinfo/America/Indiana/Marengo", + "usr/share/zoneinfo/America/Indiana/Petersburg", + "usr/share/zoneinfo/America/Indiana/Tell_City", + "usr/share/zoneinfo/America/Indiana/Vevay", + "usr/share/zoneinfo/America/Indiana/Vincennes", + "usr/share/zoneinfo/America/Indiana/Winamac", + "usr/share/zoneinfo/America/Kentucky/Louisville", + "usr/share/zoneinfo/America/Kentucky/Monticello", + "usr/share/zoneinfo/America/North_Dakota/Beulah", + "usr/share/zoneinfo/America/North_Dakota/Center", + "usr/share/zoneinfo/America/North_Dakota/New_Salem", + "usr/share/zoneinfo/Antarctica/Casey", + "usr/share/zoneinfo/Antarctica/Davis", + "usr/share/zoneinfo/Antarctica/DumontDUrville", + "usr/share/zoneinfo/Antarctica/Macquarie", + "usr/share/zoneinfo/Antarctica/Mawson", + "usr/share/zoneinfo/Antarctica/McMurdo", + "usr/share/zoneinfo/Antarctica/Palmer", + "usr/share/zoneinfo/Antarctica/Rothera", + "usr/share/zoneinfo/Antarctica/South_Pole", + "usr/share/zoneinfo/Antarctica/Syowa", + "usr/share/zoneinfo/Antarctica/Troll", + "usr/share/zoneinfo/Antarctica/Vostok", + "usr/share/zoneinfo/Arctic/Longyearbyen", + "usr/share/zoneinfo/Asia/Aden", + "usr/share/zoneinfo/Asia/Almaty", + "usr/share/zoneinfo/Asia/Amman", + "usr/share/zoneinfo/Asia/Anadyr", + "usr/share/zoneinfo/Asia/Aqtau", + "usr/share/zoneinfo/Asia/Aqtobe", + "usr/share/zoneinfo/Asia/Ashgabat", + "usr/share/zoneinfo/Asia/Ashkhabad", + "usr/share/zoneinfo/Asia/Atyrau", + "usr/share/zoneinfo/Asia/Baghdad", + "usr/share/zoneinfo/Asia/Bahrain", + "usr/share/zoneinfo/Asia/Baku", + "usr/share/zoneinfo/Asia/Bangkok", + "usr/share/zoneinfo/Asia/Barnaul", + "usr/share/zoneinfo/Asia/Beirut", + "usr/share/zoneinfo/Asia/Bishkek", + "usr/share/zoneinfo/Asia/Brunei", + "usr/share/zoneinfo/Asia/Calcutta", + "usr/share/zoneinfo/Asia/Chita", + "usr/share/zoneinfo/Asia/Choibalsan", + "usr/share/zoneinfo/Asia/Chongqing", + "usr/share/zoneinfo/Asia/Chungking", + "usr/share/zoneinfo/Asia/Colombo", + "usr/share/zoneinfo/Asia/Dacca", + "usr/share/zoneinfo/Asia/Damascus", + "usr/share/zoneinfo/Asia/Dhaka", + "usr/share/zoneinfo/Asia/Dili", + "usr/share/zoneinfo/Asia/Dubai", + "usr/share/zoneinfo/Asia/Dushanbe", + "usr/share/zoneinfo/Asia/Famagusta", + "usr/share/zoneinfo/Asia/Gaza", + "usr/share/zoneinfo/Asia/Harbin", + "usr/share/zoneinfo/Asia/Hebron", + "usr/share/zoneinfo/Asia/Ho_Chi_Minh", + "usr/share/zoneinfo/Asia/Hong_Kong", + "usr/share/zoneinfo/Asia/Hovd", + "usr/share/zoneinfo/Asia/Irkutsk", + "usr/share/zoneinfo/Asia/Istanbul", + "usr/share/zoneinfo/Asia/Jakarta", + "usr/share/zoneinfo/Asia/Jayapura", + "usr/share/zoneinfo/Asia/Jerusalem", + "usr/share/zoneinfo/Asia/Kabul", + "usr/share/zoneinfo/Asia/Kamchatka", + "usr/share/zoneinfo/Asia/Karachi", + "usr/share/zoneinfo/Asia/Kashgar", + "usr/share/zoneinfo/Asia/Kathmandu", + "usr/share/zoneinfo/Asia/Katmandu", + "usr/share/zoneinfo/Asia/Khandyga", + "usr/share/zoneinfo/Asia/Kolkata", + "usr/share/zoneinfo/Asia/Krasnoyarsk", + "usr/share/zoneinfo/Asia/Kuala_Lumpur", + "usr/share/zoneinfo/Asia/Kuching", + "usr/share/zoneinfo/Asia/Kuwait", + "usr/share/zoneinfo/Asia/Macao", + "usr/share/zoneinfo/Asia/Macau", + "usr/share/zoneinfo/Asia/Magadan", + "usr/share/zoneinfo/Asia/Makassar", + "usr/share/zoneinfo/Asia/Manila", + "usr/share/zoneinfo/Asia/Muscat", + "usr/share/zoneinfo/Asia/Nicosia", + "usr/share/zoneinfo/Asia/Novokuznetsk", + "usr/share/zoneinfo/Asia/Novosibirsk", + "usr/share/zoneinfo/Asia/Omsk", + "usr/share/zoneinfo/Asia/Oral", + "usr/share/zoneinfo/Asia/Phnom_Penh", + "usr/share/zoneinfo/Asia/Pontianak", + "usr/share/zoneinfo/Asia/Pyongyang", + "usr/share/zoneinfo/Asia/Qatar", + "usr/share/zoneinfo/Asia/Qostanay", + "usr/share/zoneinfo/Asia/Qyzylorda", + "usr/share/zoneinfo/Asia/Rangoon", + "usr/share/zoneinfo/Asia/Riyadh", + "usr/share/zoneinfo/Asia/Saigon", + "usr/share/zoneinfo/Asia/Sakhalin", + "usr/share/zoneinfo/Asia/Samarkand", + "usr/share/zoneinfo/Asia/Seoul", + "usr/share/zoneinfo/Asia/Shanghai", + "usr/share/zoneinfo/Asia/Singapore", + "usr/share/zoneinfo/Asia/Srednekolymsk", + "usr/share/zoneinfo/Asia/Taipei", + "usr/share/zoneinfo/Asia/Tashkent", + "usr/share/zoneinfo/Asia/Tbilisi", + "usr/share/zoneinfo/Asia/Tehran", + "usr/share/zoneinfo/Asia/Tel_Aviv", + "usr/share/zoneinfo/Asia/Thimbu", + "usr/share/zoneinfo/Asia/Thimphu", + "usr/share/zoneinfo/Asia/Tokyo", + "usr/share/zoneinfo/Asia/Tomsk", + "usr/share/zoneinfo/Asia/Ujung_Pandang", + "usr/share/zoneinfo/Asia/Ulaanbaatar", + "usr/share/zoneinfo/Asia/Ulan_Bator", + "usr/share/zoneinfo/Asia/Urumqi", + "usr/share/zoneinfo/Asia/Ust-Nera", + "usr/share/zoneinfo/Asia/Vientiane", + "usr/share/zoneinfo/Asia/Vladivostok", + "usr/share/zoneinfo/Asia/Yakutsk", + "usr/share/zoneinfo/Asia/Yangon", + "usr/share/zoneinfo/Asia/Yekaterinburg", + "usr/share/zoneinfo/Asia/Yerevan", + "usr/share/zoneinfo/Atlantic/Azores", + "usr/share/zoneinfo/Atlantic/Bermuda", + "usr/share/zoneinfo/Atlantic/Canary", + "usr/share/zoneinfo/Atlantic/Cape_Verde", + "usr/share/zoneinfo/Atlantic/Faeroe", + "usr/share/zoneinfo/Atlantic/Faroe", + "usr/share/zoneinfo/Atlantic/Jan_Mayen", + "usr/share/zoneinfo/Atlantic/Madeira", + "usr/share/zoneinfo/Atlantic/Reykjavik", + "usr/share/zoneinfo/Atlantic/South_Georgia", + "usr/share/zoneinfo/Atlantic/St_Helena", + "usr/share/zoneinfo/Atlantic/Stanley", + "usr/share/zoneinfo/Australia/ACT", + "usr/share/zoneinfo/Australia/Adelaide", + "usr/share/zoneinfo/Australia/Brisbane", + "usr/share/zoneinfo/Australia/Broken_Hill", + "usr/share/zoneinfo/Australia/Canberra", + "usr/share/zoneinfo/Australia/Currie", + "usr/share/zoneinfo/Australia/Darwin", + "usr/share/zoneinfo/Australia/Eucla", + "usr/share/zoneinfo/Australia/Hobart", + "usr/share/zoneinfo/Australia/LHI", + "usr/share/zoneinfo/Australia/Lindeman", + "usr/share/zoneinfo/Australia/Lord_Howe", + "usr/share/zoneinfo/Australia/Melbourne", + "usr/share/zoneinfo/Australia/NSW", + "usr/share/zoneinfo/Australia/North", + "usr/share/zoneinfo/Australia/Perth", + "usr/share/zoneinfo/Australia/Queensland", + "usr/share/zoneinfo/Australia/South", + "usr/share/zoneinfo/Australia/Sydney", + "usr/share/zoneinfo/Australia/Tasmania", + "usr/share/zoneinfo/Australia/Victoria", + "usr/share/zoneinfo/Australia/West", + "usr/share/zoneinfo/Australia/Yancowinna", + "usr/share/zoneinfo/Brazil/Acre", + "usr/share/zoneinfo/Brazil/DeNoronha", + "usr/share/zoneinfo/Brazil/East", + "usr/share/zoneinfo/Brazil/West", + "usr/share/zoneinfo/Canada/Atlantic", + "usr/share/zoneinfo/Canada/Central", + "usr/share/zoneinfo/Canada/Eastern", + "usr/share/zoneinfo/Canada/Mountain", + "usr/share/zoneinfo/Canada/Newfoundland", + "usr/share/zoneinfo/Canada/Pacific", + "usr/share/zoneinfo/Canada/Saskatchewan", + "usr/share/zoneinfo/Canada/Yukon", + "usr/share/zoneinfo/Chile/Continental", + "usr/share/zoneinfo/Chile/EasterIsland", + "usr/share/zoneinfo/Etc/GMT", + "usr/share/zoneinfo/Etc/GMT+0", + "usr/share/zoneinfo/Etc/GMT+1", + "usr/share/zoneinfo/Etc/GMT+10", + "usr/share/zoneinfo/Etc/GMT+11", + "usr/share/zoneinfo/Etc/GMT+12", + "usr/share/zoneinfo/Etc/GMT+2", + "usr/share/zoneinfo/Etc/GMT+3", + "usr/share/zoneinfo/Etc/GMT+4", + "usr/share/zoneinfo/Etc/GMT+5", + "usr/share/zoneinfo/Etc/GMT+6", + "usr/share/zoneinfo/Etc/GMT+7", + "usr/share/zoneinfo/Etc/GMT+8", + "usr/share/zoneinfo/Etc/GMT+9", + "usr/share/zoneinfo/Etc/GMT-0", + "usr/share/zoneinfo/Etc/GMT-1", + "usr/share/zoneinfo/Etc/GMT-10", + "usr/share/zoneinfo/Etc/GMT-11", + "usr/share/zoneinfo/Etc/GMT-12", + "usr/share/zoneinfo/Etc/GMT-13", + "usr/share/zoneinfo/Etc/GMT-14", + "usr/share/zoneinfo/Etc/GMT-2", + "usr/share/zoneinfo/Etc/GMT-3", + "usr/share/zoneinfo/Etc/GMT-4", + "usr/share/zoneinfo/Etc/GMT-5", + "usr/share/zoneinfo/Etc/GMT-6", + "usr/share/zoneinfo/Etc/GMT-7", + "usr/share/zoneinfo/Etc/GMT-8", + "usr/share/zoneinfo/Etc/GMT-9", + "usr/share/zoneinfo/Etc/GMT0", + "usr/share/zoneinfo/Etc/Greenwich", + "usr/share/zoneinfo/Etc/UCT", + "usr/share/zoneinfo/Etc/UTC", + "usr/share/zoneinfo/Etc/Universal", + "usr/share/zoneinfo/Etc/Zulu", + "usr/share/zoneinfo/Europe/Amsterdam", + "usr/share/zoneinfo/Europe/Andorra", + "usr/share/zoneinfo/Europe/Astrakhan", + "usr/share/zoneinfo/Europe/Athens", + "usr/share/zoneinfo/Europe/Belfast", + "usr/share/zoneinfo/Europe/Belgrade", + "usr/share/zoneinfo/Europe/Berlin", + "usr/share/zoneinfo/Europe/Bratislava", + "usr/share/zoneinfo/Europe/Brussels", + "usr/share/zoneinfo/Europe/Bucharest", + "usr/share/zoneinfo/Europe/Budapest", + "usr/share/zoneinfo/Europe/Busingen", + "usr/share/zoneinfo/Europe/Chisinau", + "usr/share/zoneinfo/Europe/Copenhagen", + "usr/share/zoneinfo/Europe/Dublin", + "usr/share/zoneinfo/Europe/Gibraltar", + "usr/share/zoneinfo/Europe/Guernsey", + "usr/share/zoneinfo/Europe/Helsinki", + "usr/share/zoneinfo/Europe/Isle_of_Man", + "usr/share/zoneinfo/Europe/Istanbul", + "usr/share/zoneinfo/Europe/Jersey", + "usr/share/zoneinfo/Europe/Kaliningrad", + "usr/share/zoneinfo/Europe/Kiev", + "usr/share/zoneinfo/Europe/Kirov", + "usr/share/zoneinfo/Europe/Kyiv", + "usr/share/zoneinfo/Europe/Lisbon", + "usr/share/zoneinfo/Europe/Ljubljana", + "usr/share/zoneinfo/Europe/London", + "usr/share/zoneinfo/Europe/Luxembourg", + "usr/share/zoneinfo/Europe/Madrid", + "usr/share/zoneinfo/Europe/Malta", + "usr/share/zoneinfo/Europe/Mariehamn", + "usr/share/zoneinfo/Europe/Minsk", + "usr/share/zoneinfo/Europe/Monaco", + "usr/share/zoneinfo/Europe/Moscow", + "usr/share/zoneinfo/Europe/Nicosia", + "usr/share/zoneinfo/Europe/Oslo", + "usr/share/zoneinfo/Europe/Paris", + "usr/share/zoneinfo/Europe/Podgorica", + "usr/share/zoneinfo/Europe/Prague", + "usr/share/zoneinfo/Europe/Riga", + "usr/share/zoneinfo/Europe/Rome", + "usr/share/zoneinfo/Europe/Samara", + "usr/share/zoneinfo/Europe/San_Marino", + "usr/share/zoneinfo/Europe/Sarajevo", + "usr/share/zoneinfo/Europe/Saratov", + "usr/share/zoneinfo/Europe/Simferopol", + "usr/share/zoneinfo/Europe/Skopje", + "usr/share/zoneinfo/Europe/Sofia", + "usr/share/zoneinfo/Europe/Stockholm", + "usr/share/zoneinfo/Europe/Tallinn", + "usr/share/zoneinfo/Europe/Tirane", + "usr/share/zoneinfo/Europe/Tiraspol", + "usr/share/zoneinfo/Europe/Ulyanovsk", + "usr/share/zoneinfo/Europe/Uzhgorod", + "usr/share/zoneinfo/Europe/Vaduz", + "usr/share/zoneinfo/Europe/Vatican", + "usr/share/zoneinfo/Europe/Vienna", + "usr/share/zoneinfo/Europe/Vilnius", + "usr/share/zoneinfo/Europe/Volgograd", + "usr/share/zoneinfo/Europe/Warsaw", + "usr/share/zoneinfo/Europe/Zagreb", + "usr/share/zoneinfo/Europe/Zaporozhye", + "usr/share/zoneinfo/Europe/Zurich", + "usr/share/zoneinfo/Indian/Antananarivo", + "usr/share/zoneinfo/Indian/Chagos", + "usr/share/zoneinfo/Indian/Christmas", + "usr/share/zoneinfo/Indian/Cocos", + "usr/share/zoneinfo/Indian/Comoro", + "usr/share/zoneinfo/Indian/Kerguelen", + "usr/share/zoneinfo/Indian/Mahe", + "usr/share/zoneinfo/Indian/Maldives", + "usr/share/zoneinfo/Indian/Mauritius", + "usr/share/zoneinfo/Indian/Mayotte", + "usr/share/zoneinfo/Indian/Reunion", + "usr/share/zoneinfo/Mexico/BajaNorte", + "usr/share/zoneinfo/Mexico/BajaSur", + "usr/share/zoneinfo/Mexico/General", + "usr/share/zoneinfo/Pacific/Apia", + "usr/share/zoneinfo/Pacific/Auckland", + "usr/share/zoneinfo/Pacific/Bougainville", + "usr/share/zoneinfo/Pacific/Chatham", + "usr/share/zoneinfo/Pacific/Chuuk", + "usr/share/zoneinfo/Pacific/Easter", + "usr/share/zoneinfo/Pacific/Efate", + "usr/share/zoneinfo/Pacific/Enderbury", + "usr/share/zoneinfo/Pacific/Fakaofo", + "usr/share/zoneinfo/Pacific/Fiji", + "usr/share/zoneinfo/Pacific/Funafuti", + "usr/share/zoneinfo/Pacific/Galapagos", + "usr/share/zoneinfo/Pacific/Gambier", + "usr/share/zoneinfo/Pacific/Guadalcanal", + "usr/share/zoneinfo/Pacific/Guam", + "usr/share/zoneinfo/Pacific/Honolulu", + "usr/share/zoneinfo/Pacific/Johnston", + "usr/share/zoneinfo/Pacific/Kanton", + "usr/share/zoneinfo/Pacific/Kiritimati", + "usr/share/zoneinfo/Pacific/Kosrae", + "usr/share/zoneinfo/Pacific/Kwajalein", + "usr/share/zoneinfo/Pacific/Majuro", + "usr/share/zoneinfo/Pacific/Marquesas", + "usr/share/zoneinfo/Pacific/Midway", + "usr/share/zoneinfo/Pacific/Nauru", + "usr/share/zoneinfo/Pacific/Niue", + "usr/share/zoneinfo/Pacific/Norfolk", + "usr/share/zoneinfo/Pacific/Noumea", + "usr/share/zoneinfo/Pacific/Pago_Pago", + "usr/share/zoneinfo/Pacific/Palau", + "usr/share/zoneinfo/Pacific/Pitcairn", + "usr/share/zoneinfo/Pacific/Pohnpei", + "usr/share/zoneinfo/Pacific/Ponape", + "usr/share/zoneinfo/Pacific/Port_Moresby", + "usr/share/zoneinfo/Pacific/Rarotonga", + "usr/share/zoneinfo/Pacific/Saipan", + "usr/share/zoneinfo/Pacific/Samoa", + "usr/share/zoneinfo/Pacific/Tahiti", + "usr/share/zoneinfo/Pacific/Tarawa", + "usr/share/zoneinfo/Pacific/Tongatapu", + "usr/share/zoneinfo/Pacific/Truk", + "usr/share/zoneinfo/Pacific/Wake", + "usr/share/zoneinfo/Pacific/Wallis", + "usr/share/zoneinfo/Pacific/Yap", + "usr/share/zoneinfo/US/Alaska", + "usr/share/zoneinfo/US/Aleutian", + "usr/share/zoneinfo/US/Arizona", + "usr/share/zoneinfo/US/Central", + "usr/share/zoneinfo/US/East-Indiana", + "usr/share/zoneinfo/US/Eastern", + "usr/share/zoneinfo/US/Hawaii", + "usr/share/zoneinfo/US/Indiana-Starke", + "usr/share/zoneinfo/US/Michigan", + "usr/share/zoneinfo/US/Mountain", + "usr/share/zoneinfo/US/Pacific", + "usr/share/zoneinfo/US/Samoa" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "xz-libs@5.8.3-r0", + "Name": "xz-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/xz-libs@5.8.3-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "f68b0b2917b8b773" + }, + "Version": "5.8.3-r0", + "Arch": "x86_64", + "SrcName": "xz", + "SrcVersion": "5.8.3-r0", + "Licenses": [ + "GPL-2.0-or-later", + "0BSD", + "Public-Domain", + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:ddf3f8b1c3d2561ae67523b9baef398f971959bb", + "InstalledFiles": [ + "usr/lib/liblzma.so.5", + "usr/lib/liblzma.so.5.8.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "zlib@1.3.2-r0", + "Name": "zlib", + "Identifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.2-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "23a5a7d167a86311" + }, + "Version": "1.3.2-r0", + "Arch": "x86_64", + "SrcName": "zlib", + "SrcVersion": "1.3.2-r0", + "Licenses": [ + "Zlib" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:68bb97ea5255e77aa974e65476d64832ad56288a", + "InstalledFiles": [ + "usr/lib/libz.so.1", + "usr/lib/libz.so.1.3.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "zstd-libs@1.5.7-r2", + "Name": "zstd-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/zstd-libs@1.5.7-r2?arch=x86_64\u0026distro=3.23.4", + "UID": "3653bba6b6680fed" + }, + "Version": "1.5.7-r2", + "Arch": "x86_64", + "SrcName": "zstd", + "SrcVersion": "1.5.7-r2", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:d507b8ac3c4335a40405ac20e49bac9d43642be6", + "InstalledFiles": [ + "usr/lib/libzstd.so.1", + "usr/lib/libzstd.so.1.5.7" + ], + "AnalyzedBy": "apk" + } + ] + } + ] + }, + { + "Namespace": "rustdesk", + "Kind": "Deployment", + "Name": "rustdesk", + "Metadata": [ + { + "Size": 24436224, + "ImageID": "sha256:def7b7aaf91ac2a45c0fa8bb334803d1c391c316f10be575826bfeadf7139f07", + "DiffIDs": [ + "sha256:2a51da3162f81bfaa14d4bc6772fb27927d5d71493b7bbd722d4e13ec2baacb5", + "sha256:63388dc26e3101f916dd368a60b7f4ecaff8796bc50935529c15ee37daf1cf9d", + "sha256:ceb644967212121a9a52268b3661220ea1a6140d6f963a209a1adf2084aaffef", + "sha256:f06851ff31d58216659f25e0d512063ec2c645251e2174de8196b0ef790bfaf4", + "sha256:13879ce3ed2f2b74a252edcba919228824c23e5b31c243b2ddf08b3e330d3c00", + "sha256:384187069a808292fd692fc51b663c3eb4fb13e3538035df690ad5f012225080" + ], + "RepoTags": [ + "rustdesk/rustdesk-server-s6:latest" + ], + "RepoDigests": [ + "rustdesk/rustdesk-server-s6@sha256:dcf800fe269db58f00c92a3ae033bf609b98a0fc5e51144ce96ecf2111775453" + ], + "Reference": "rustdesk/rustdesk-server-s6:latest", + "ImageConfig": { + "architecture": "amd64", + "created": "2026-01-13T02:31:13.858704964Z", + "history": [ + { + "created": "2023-05-18T22:34:17Z", + "created_by": "BusyBox 1.36.1 (glibc), Debian 13" + }, + { + "created": "2026-01-13T02:31:13.691174224Z", + "created_by": "ARG S6_OVERLAY_VERSION=3.2.0.0", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-01-13T02:31:13.691174224Z", + "created_by": "ARG S6_ARCH=x86_64", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-01-13T02:31:13.691174224Z", + "created_by": "ADD https://github.com/just-containers/s6-overlay/releases/download/v3.2.0.0/s6-overlay-noarch.tar.xz /tmp # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-01-13T02:31:13.705044648Z", + "created_by": "ADD https://github.com/just-containers/s6-overlay/releases/download/v3.2.0.0/s6-overlay-x86_64.tar.xz /tmp # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-01-13T02:31:13.827315121Z", + "created_by": "RUN |2 S6_OVERLAY_VERSION=3.2.0.0 S6_ARCH=x86_64 /bin/sh -c tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz \u0026\u0026 tar -C / -Jxpf /tmp/s6-overlay-${S6_ARCH}.tar.xz \u0026\u0026 rm /tmp/s6-overlay*.tar.xz \u0026\u0026 ln -s /run /var/run # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-01-13T02:31:13.852114134Z", + "created_by": "COPY rootfs / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-01-13T02:31:13.852114134Z", + "created_by": "ENV RELAY=relay.example.com", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-01-13T02:31:13.852114134Z", + "created_by": "ENV ENCRYPTED_ONLY=0", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-01-13T02:31:13.852114134Z", + "created_by": "EXPOSE [21115/tcp 21116/tcp 21116/udp 21117/tcp 21118/tcp 21119/tcp]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-01-13T02:31:13.852114134Z", + "created_by": "HEALTHCHECK \u0026{[\"CMD-SHELL\" \"/usr/bin/healthcheck.sh\"] \"10s\" \"5s\" \"0s\" \"0s\" '\\x00'}", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-01-13T02:31:13.858704964Z", + "created_by": "WORKDIR /data", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-01-13T02:31:13.858704964Z", + "created_by": "VOLUME [/data]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-01-13T02:31:13.858704964Z", + "created_by": "ENTRYPOINT [\"/init\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:2a51da3162f81bfaa14d4bc6772fb27927d5d71493b7bbd722d4e13ec2baacb5", + "sha256:63388dc26e3101f916dd368a60b7f4ecaff8796bc50935529c15ee37daf1cf9d", + "sha256:ceb644967212121a9a52268b3661220ea1a6140d6f963a209a1adf2084aaffef", + "sha256:f06851ff31d58216659f25e0d512063ec2c645251e2174de8196b0ef790bfaf4", + "sha256:13879ce3ed2f2b74a252edcba919228824c23e5b31c243b2ddf08b3e330d3c00", + "sha256:384187069a808292fd692fc51b663c3eb4fb13e3538035df690ad5f012225080" + ] + }, + "config": { + "Healthcheck": { + "Test": [ + "CMD-SHELL", + "/usr/bin/healthcheck.sh" + ], + "Interval": 10000000000, + "Timeout": 5000000000 + }, + "Entrypoint": [ + "/init" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "RELAY=relay.example.com", + "ENCRYPTED_ONLY=0" + ], + "Labels": { + "org.opencontainers.image.created": "2026-01-13T02:31:12.086Z", + "org.opencontainers.image.description": "RustDesk Server Program", + "org.opencontainers.image.licenses": "AGPL-3.0", + "org.opencontainers.image.revision": "bd3e73fd5168f099969788c50d3188537f9d4792", + "org.opencontainers.image.source": "https://github.com/rustdesk-org/rustdesk-server", + "org.opencontainers.image.title": "rustdesk-server", + "org.opencontainers.image.url": "https://github.com/rustdesk-org/rustdesk-server", + "org.opencontainers.image.version": "1.1.15" + }, + "Volumes": { + "/data": {} + }, + "WorkingDir": "/data", + "ExposedPorts": { + "21115/tcp": {}, + "21116/tcp": {}, + "21116/udp": {}, + "21117/tcp": {}, + "21118/tcp": {}, + "21119/tcp": {} + } + } + }, + "Layers": [ + { + "Size": 4659200, + "Digest": "sha256:91347574b77ee0e381e6518794e0a81e1b6eba076c13896f69518cca1c1214a4", + "DiffID": "sha256:2a51da3162f81bfaa14d4bc6772fb27927d5d71493b7bbd722d4e13ec2baacb5" + }, + { + "Size": 9216, + "Digest": "sha256:d6c92aa35a788f8d2c00fb09689bf1784c09d2f13ee5829ba3a753d69857db5f", + "DiffID": "sha256:63388dc26e3101f916dd368a60b7f4ecaff8796bc50935529c15ee37daf1cf9d" + }, + { + "Size": 646144, + "Digest": "sha256:8c0676fe3cbff10366cad00f37dc3155dd0a35970f68c101667c72711401cf9d", + "DiffID": "sha256:ceb644967212121a9a52268b3661220ea1a6140d6f963a209a1adf2084aaffef" + }, + { + "Size": 5460992, + "Digest": "sha256:3a5e537e8105104dcbe188be3e94d0a284afb97456e2a6eab5e997b516b2e312", + "DiffID": "sha256:f06851ff31d58216659f25e0d512063ec2c645251e2174de8196b0ef790bfaf4" + }, + { + "Size": 13659136, + "Digest": "sha256:78c280b4376453e0445069e9de655397b0830514278374c430c9c07821eca4cc", + "DiffID": "sha256:13879ce3ed2f2b74a252edcba919228824c23e5b31c243b2ddf08b3e330d3c00" + }, + { + "Size": 1536, + "Digest": "sha256:cdd242239f91bf6cd3c778c875fced03193bee604a21e49bf5ce5f73d94c9be4", + "DiffID": "sha256:384187069a808292fd692fc51b663c3eb4fb13e3538035df690ad5f012225080" + } + ] + } + ] + }, + { + "Namespace": "ssh-locker-web", + "Kind": "Deployment", + "Name": "backend", + "Metadata": [ + { + "Size": 20426752, + "OS": { + "Family": "alpine", + "Name": "3.22.1" + }, + "ImageID": "sha256:1362233042ece30e7a325bff5d9bf644d3b969d95603565891d6c885d81293a0", + "DiffIDs": [ + "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35", + "sha256:2d1c72ac7496ad39b7d580ce7e4f196a1cdf24c3d63af186e593b1408290a2b0", + "sha256:26d46fe0b0c0f8ea34c0ae17d8fd7e8034db46711ecd753968981123d7c3ab0f", + "sha256:6e16f7d72a8cb8cd1d601f208918cf4235add2ca0c23751f7f38f18fd3116f0d", + "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", + "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + ], + "RepoTags": [ + "a13labs/ssh_locker_web:latest" + ], + "RepoDigests": [ + "a13labs/ssh_locker_web@sha256:bbeb87e189f3a3d0f62dba637d53fd9e4057f322a92d90bf62aa821046d8c562" + ], + "Reference": "a13labs/ssh_locker_web:latest", + "ImageConfig": { + "architecture": "amd64", + "created": "2025-09-20T18:33:08.94184499Z", + "history": [ + { + "created": "2025-07-15T11:01:16Z", + "created_by": "ADD alpine-minirootfs-3.22.1-x86_64.tar.gz / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-07-15T11:01:16Z", + "created_by": "CMD [\"/bin/sh\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-09-20T18:32:47.386461587Z", + "created_by": "RUN /bin/sh -c apk --no-cache add ca-certificates \u0026\u0026 update-ca-certificates # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-09-20T18:32:47.451529189Z", + "created_by": "RUN /bin/sh -c addgroup -S worker \u0026\u0026 adduser -S worker -G worker # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-09-20T18:32:47.505707235Z", + "created_by": "RUN /bin/sh -c mkdir -p /app \u0026\u0026 chown -R worker:worker /app # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-09-20T18:32:47.536066893Z", + "created_by": "USER worker", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-09-20T18:32:47.536066893Z", + "created_by": "WORKDIR /app", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-09-20T18:33:08.94184499Z", + "created_by": "COPY /app/ssh_locker_web /app/ssh_locker_web # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-09-20T18:33:08.94184499Z", + "created_by": "CMD [\"/app/ssh_locker_web\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-09-20T18:33:08.94184499Z", + "created_by": "EXPOSE \u0026{[{{22 0} {22 0}}] 0xc000595c40}", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35", + "sha256:2d1c72ac7496ad39b7d580ce7e4f196a1cdf24c3d63af186e593b1408290a2b0", + "sha256:26d46fe0b0c0f8ea34c0ae17d8fd7e8034db46711ecd753968981123d7c3ab0f", + "sha256:6e16f7d72a8cb8cd1d601f208918cf4235add2ca0c23751f7f38f18fd3116f0d", + "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", + "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + ] + }, + "config": { + "Cmd": [ + "/app/ssh_locker_web" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ], + "Labels": { + "org.opencontainers.image.created": "2025-09-20T18:32:29.485Z", + "org.opencontainers.image.description": "A set of system tools", + "org.opencontainers.image.licenses": "", + "org.opencontainers.image.revision": "100488586869181887be4f9b295a8a5ef1e98169", + "org.opencontainers.image.source": "https://github.com/a13labs/systools", + "org.opencontainers.image.title": "systools", + "org.opencontainers.image.url": "https://github.com/a13labs/systools", + "org.opencontainers.image.version": "0.4.5" + }, + "User": "worker", + "WorkingDir": "/app", + "ExposedPorts": { + "8080/tcp": {} + }, + "ArgsEscaped": true + } + }, + "Layers": [ + { + "Size": 8596480, + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + { + "Size": 766464, + "Digest": "sha256:8d1175b3e210dfd651be0c00b0c32e15f86cdb5e39ec18b882ca380ea80bca63", + "DiffID": "sha256:2d1c72ac7496ad39b7d580ce7e4f196a1cdf24c3d63af186e593b1408290a2b0" + }, + { + "Size": 10752, + "Digest": "sha256:6bdcca0c0d94011e6258cc75b68ab425199771419599d21ffa62c097d777df03", + "DiffID": "sha256:26d46fe0b0c0f8ea34c0ae17d8fd7e8034db46711ecd753968981123d7c3ab0f" + }, + { + "Size": 1536, + "Digest": "sha256:e9615cd43aa626e7f8ac55384b46e2c8499727bbd38814e05878ce96ce5fb7f7", + "DiffID": "sha256:6e16f7d72a8cb8cd1d601f208918cf4235add2ca0c23751f7f38f18fd3116f0d" + }, + { + "Size": 1024, + "Digest": "sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1", + "DiffID": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" + }, + { + "Size": 11050496, + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + } + ] + } + ], + "Results": [ + { + "Target": "a13labs/ssh_locker_web:latest (alpine 3.22.1)", + "Class": "os-pkgs", + "Type": "alpine", + "Packages": [ + { + "ID": "alpine-baselayout@3.7.0-r0", + "Name": "alpine-baselayout", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout@3.7.0-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "e1b004c7909e5e42" + }, + "Version": "3.7.0-r0", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.7.0-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-baselayout-data@3.7.0-r0", + "busybox-binsh@1.37.0-r18" + ], + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:29f99748eea1ffe01f70b34024dc45c46d211f8d", + "InstalledFiles": [ + "etc/motd", + "etc/crontabs/root", + "etc/modprobe.d/aliases.conf", + "etc/modprobe.d/blacklist.conf", + "etc/modprobe.d/i386.conf", + "etc/profile.d/20locale.sh", + "etc/profile.d/README", + "etc/profile.d/color_prompt.sh.disabled", + "usr/lib/sysctl.d/00-alpine.conf", + "var/lock", + "var/run", + "var/spool/mail", + "var/spool/cron/crontabs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-baselayout-data@3.7.0-r0", + "Name": "alpine-baselayout-data", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.7.0-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "ab78613e89e34197" + }, + "Version": "3.7.0-r0", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.7.0-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:73f5ef65f8333a1784102df973c076d5a7d5b5fe", + "InstalledFiles": [ + "etc/fstab", + "etc/group", + "etc/hostname", + "etc/hosts", + "etc/inittab", + "etc/modules", + "etc/mtab", + "etc/nsswitch.conf", + "etc/passwd", + "etc/profile", + "etc/protocols", + "etc/services", + "etc/shadow", + "etc/shells", + "etc/sysctl.conf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-keys@2.5-r0", + "Name": "alpine-keys", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-keys@2.5-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "82fba6933d3c7e01" + }, + "Version": "2.5-r0", + "Arch": "x86_64", + "SrcName": "alpine-keys", + "SrcVersion": "2.5-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:b175e48144ebad03d6ba11d45b25aafc2de310c1", + "InstalledFiles": [ + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/loongarch64/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", + "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-release@3.22.1-r0", + "Name": "alpine-release", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-release@3.22.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "b919f62743ce52a6" + }, + "Version": "3.22.1-r0", + "Arch": "x86_64", + "SrcName": "alpine-base", + "SrcVersion": "3.22.1-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-keys@2.5-r0" + ], + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:20af3bbd2f59403c19b22576e458428bf8c09c12", + "InstalledFiles": [ + "etc/alpine-release", + "etc/issue", + "etc/os-release", + "etc/secfixes.d/alpine", + "usr/lib/os-release" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "apk-tools@2.14.9-r2", + "Name": "apk-tools", + "Identifier": { + "PURL": "pkg:apk/alpine/apk-tools@2.14.9-r2?arch=x86_64\u0026distro=3.22.1", + "UID": "adde765a3a34534e" + }, + "Version": "2.14.9-r2", + "Arch": "x86_64", + "SrcName": "apk-tools", + "SrcVersion": "2.14.9-r2", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "ca-certificates-bundle@20250619-r0", + "libapk2@2.14.9-r2", + "libcrypto3@3.5.1-r0", + "musl@1.2.5-r10", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:2a8910d00ac31df2e1ccd94127488ea3a06e2d48", + "InstalledFiles": [ + "sbin/apk" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox@1.37.0-r18", + "Name": "busybox", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox@1.37.0-r18?arch=x86_64\u0026distro=3.22.1", + "UID": "3da78128164dbbc4" + }, + "Version": "1.37.0-r18", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r18", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:21558d4968f31dcc377c0f27dae9bb0f32bb25d2", + "InstalledFiles": [ + "bin/busybox", + "etc/securetty", + "etc/busybox-paths.d/busybox", + "etc/logrotate.d/acpid", + "etc/network/if-up.d/dad", + "etc/udhcpc/udhcpc.conf", + "usr/share/udhcpc/default.script" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox-binsh@1.37.0-r18", + "Name": "busybox-binsh", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r18?arch=x86_64\u0026distro=3.22.1", + "UID": "c66405e3f8ffde54" + }, + "Version": "1.37.0-r18", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r18", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "busybox@1.37.0-r18" + ], + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:4bcdab5f9122afb4de71bfe8b1125c0c02796793", + "InstalledFiles": [ + "bin/sh" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates@20250619-r0", + "Name": "ca-certificates", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates@20250619-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "854fde5eb11f246f" + }, + "Version": "20250619-r0", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20250619-r0", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r18", + "libcrypto3@3.5.1-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:8d1175b3e210dfd651be0c00b0c32e15f86cdb5e39ec18b882ca380ea80bca63", + "DiffID": "sha256:2d1c72ac7496ad39b7d580ce7e4f196a1cdf24c3d63af186e593b1408290a2b0" + }, + "Digest": "sha1:3b7c32ecd4342d100cf04ca9a4a27702896461e3", + "InstalledFiles": [ + "etc/ca-certificates.conf", + "etc/apk/protected_paths.d/ca-certificates.list", + "etc/ca-certificates/update.d/certhash", + "usr/bin/c_rehash", + "usr/sbin/update-ca-certificates", + "usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", + "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", + "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", + "usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", + "usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", + "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", + "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", + "usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", + "usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", + "usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", + "usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", + "usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", + "usr/share/ca-certificates/mozilla/Certigna.crt", + "usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-01.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-02.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-01.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-02.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_2_2023.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_2_2023.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", + "usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", + "usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", + "usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", + "usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", + "usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", + "usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", + "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", + "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", + "usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", + "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", + "usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", + "usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/Izenpe.com.crt", + "usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", + "usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", + "usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", + "usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", + "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", + "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", + "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", + "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", + "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", + "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", + "usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", + "usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", + "usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", + "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", + "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", + "usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", + "usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", + "usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", + "usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", + "usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", + "usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", + "usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", + "usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", + "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", + "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", + "usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", + "usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", + "usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", + "usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", + "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", + "usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", + "usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", + "usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", + "usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", + "usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", + "usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", + "usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", + "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", + "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", + "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", + "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", + "usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", + "usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates-bundle@20250619-r0", + "Name": "ca-certificates-bundle", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates-bundle@20250619-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "dad0d13eb03c8270" + }, + "Version": "20250619-r0", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20250619-r0", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:32be9117f1879f48b44823fbbd2d9e26a6a9a500", + "InstalledFiles": [ + "etc/ssl/cert.pem", + "etc/ssl/certs/ca-certificates.crt", + "etc/ssl1.1/cert.pem", + "etc/ssl1.1/certs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libapk2@2.14.9-r2", + "Name": "libapk2", + "Identifier": { + "PURL": "pkg:apk/alpine/libapk2@2.14.9-r2?arch=x86_64\u0026distro=3.22.1", + "UID": "fc5150123bb2dd6a" + }, + "Version": "2.14.9-r2", + "Arch": "x86_64", + "SrcName": "apk-tools", + "SrcVersion": "2.14.9-r2", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "ca-certificates-bundle@20250619-r0", + "libcrypto3@3.5.1-r0", + "libssl3@3.5.1-r0", + "musl@1.2.5-r10", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:d3a20797fcda1b5742c119ffc146c1e110ed418e", + "InstalledFiles": [ + "usr/lib/libapk.so.2.14.9" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcrypto3@3.5.1-r0", + "Name": "libcrypto3", + "Identifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d1c0fc0b189b35f2" + }, + "Version": "3.5.1-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.5.1-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:cdc005cdb0f91d9f652d17b337b5b9ad0ffa2012", + "InstalledFiles": [ + "etc/ssl/ct_log_list.cnf", + "etc/ssl/ct_log_list.cnf.dist", + "etc/ssl/openssl.cnf", + "etc/ssl/openssl.cnf.dist", + "usr/lib/libcrypto.so.3", + "usr/lib/engines-3/afalg.so", + "usr/lib/engines-3/capi.so", + "usr/lib/engines-3/loader_attic.so", + "usr/lib/engines-3/padlock.so", + "usr/lib/ossl-modules/legacy.so" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libssl3@3.5.1-r0", + "Name": "libssl3", + "Identifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "bba7017a0fcca05c" + }, + "Version": "3.5.1-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.5.1-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcrypto3@3.5.1-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:fc89917981adb0b33a5ccf84e4168e4256b5065b", + "InstalledFiles": [ + "usr/lib/libssl.so.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl@1.2.5-r10", + "Name": "musl", + "Identifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r10?arch=x86_64\u0026distro=3.22.1", + "UID": "55e7e479f5580f45" + }, + "Version": "1.2.5-r10", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.5-r10", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:59283b61db830a0a0309c98f4db906a2d8fa342b", + "InstalledFiles": [ + "lib/ld-musl-x86_64.so.1", + "lib/libc.musl-x86_64.so.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl-utils@1.2.5-r10", + "Name": "musl-utils", + "Identifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r10?arch=x86_64\u0026distro=3.22.1", + "UID": "73256102bfd5faee" + }, + "Version": "1.2.5-r10", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.5-r10", + "Licenses": [ + "MIT", + "BSD-2-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10", + "scanelf@1.3.8-r1" + ], + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:7e60d0820813baa8ac266bee158394c0a69f104a", + "InstalledFiles": [ + "sbin/ldconfig", + "usr/bin/getconf", + "usr/bin/getent", + "usr/bin/iconv", + "usr/bin/ldd" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "scanelf@1.3.8-r1", + "Name": "scanelf", + "Identifier": { + "PURL": "pkg:apk/alpine/scanelf@1.3.8-r1?arch=x86_64\u0026distro=3.22.1", + "UID": "be156a8575875ef7" + }, + "Version": "1.3.8-r1", + "Arch": "x86_64", + "SrcName": "pax-utils", + "SrcVersion": "1.3.8-r1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:bd6dd1c820d476bcdf8ee38f003bcf2a73323b13", + "InstalledFiles": [ + "usr/bin/scanelf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ssl_client@1.37.0-r18", + "Name": "ssl_client", + "Identifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r18?arch=x86_64\u0026distro=3.22.1", + "UID": "24ada6e59ed92743" + }, + "Version": "1.37.0-r18", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r18", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "libcrypto3@3.5.1-r0", + "libssl3@3.5.1-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:7fa2e0f5a78d7061d18653bc5e38cb83c42d2f3a", + "InstalledFiles": [ + "usr/bin/ssl_client" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "zlib@1.3.1-r2", + "Name": "zlib", + "Identifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.22.1", + "UID": "23095b6210429e11" + }, + "Version": "1.3.1-r2", + "Arch": "x86_64", + "SrcName": "zlib", + "SrcVersion": "1.3.1-r2", + "Licenses": [ + "Zlib" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "Digest": "sha1:bf7d90d89e5429c18167b91ab8d7e6256cfc7fdf", + "InstalledFiles": [ + "usr/lib/libz.so.1", + "usr/lib/libz.so.1.3.1" + ], + "AnalyzedBy": "apk" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2024-58251", + "PkgID": "busybox@1.37.0-r18", + "PkgName": "busybox", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox@1.37.0-r18?arch=x86_64\u0026distro=3.22.1", + "UID": "3da78128164dbbc4" + }, + "InstalledVersion": "1.37.0-r18", + "FixedVersion": "1.37.0-r20", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:65cea9ebd3c3f42e10e572f43537079bfb49111dc19f09c2d96d78a36e325b3e", + "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", + "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/23/6", + "https://bugs.busybox.net/show_bug.cgi?id=15922", + "https://www.busybox.net", + "https://www.busybox.net/downloads/", + "https://www.cve.org/CVERecord?id=CVE-2024-58251" + ], + "PublishedDate": "2025-04-23T18:16:03.057Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-58251", + "PkgID": "busybox-binsh@1.37.0-r18", + "PkgName": "busybox-binsh", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r18?arch=x86_64\u0026distro=3.22.1", + "UID": "c66405e3f8ffde54" + }, + "InstalledVersion": "1.37.0-r18", + "FixedVersion": "1.37.0-r20", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:7a53e9107876f3df6b62c4204510bd86df8a10e5e12671c31cd762d00b18d0de", + "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", + "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/23/6", + "https://bugs.busybox.net/show_bug.cgi?id=15922", + "https://www.busybox.net", + "https://www.busybox.net/downloads/", + "https://www.cve.org/CVERecord?id=CVE-2024-58251" + ], + "PublishedDate": "2025-04-23T18:16:03.057Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2026-31789", + "PkgID": "libcrypto3@3.5.1-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d1c0fc0b189b35f2" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:5d455ac189dea6c059cb0a0388540a262d0d2c9ef68828e8f3a3ba226af71530", + "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", + "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "nvd": 4, + "photon": 4, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 5.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31789", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-j79m-9jxq-788r", + "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", + "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", + "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", + "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", + "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31789", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.617Z", + "LastModifiedDate": "2026-05-12T13:17:34.57Z" + }, + { + "VulnerabilityID": "CVE-2025-15467", + "PkgID": "libcrypto3@3.5.1-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d1c0fc0b189b35f2" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:58081f5cc25523784f7e9c1cda7dbd14de1a902b1cb6573192224a6e787378e6", + "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", + "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 4, + "julia": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6", + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-15467", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", + "https://github.com/guiimoraes/CVE-2025-15467", + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://linux.oracle.com/cve/CVE-2025-15467.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-15467" + ], + "PublishedDate": "2026-01-27T16:16:14.257Z", + "LastModifiedDate": "2026-05-07T18:12:43.253Z" + }, + { + "VulnerabilityID": "CVE-2025-69421", + "PkgID": "libcrypto3@3.5.1-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d1c0fc0b189b35f2" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:9a4782707ba59bcc1f2b41d160cf01ab754cfdd826ac2e5a7adce016ee847991", + "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", + "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-69421", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://linux.oracle.com/cve/CVE-2025-69421.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69421" + ], + "PublishedDate": "2026-01-27T16:16:34.437Z", + "LastModifiedDate": "2026-05-12T13:17:26.71Z" + }, + { + "VulnerabilityID": "CVE-2026-28387", + "PkgID": "libcrypto3@3.5.1-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d1c0fc0b189b35f2" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:054c16ec3a8be5defb3022a97f55e78ffa18d2ac5318b75380951c4287c1ed38", + "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", + "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28387", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", + "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", + "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", + "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", + "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28387", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.7Z", + "LastModifiedDate": "2026-05-12T13:17:33.27Z" + }, + { + "VulnerabilityID": "CVE-2026-28388", + "PkgID": "libcrypto3@3.5.1-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d1c0fc0b189b35f2" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:def71b43e350437ba74044b50e1d41b0391c43e5af623c2b564e60eb68db69f8", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", + "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28388", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", + "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", + "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", + "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", + "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28388", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.863Z", + "LastModifiedDate": "2026-05-12T13:17:33.453Z" + }, + { + "VulnerabilityID": "CVE-2026-28389", + "PkgID": "libcrypto3@3.5.1-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d1c0fc0b189b35f2" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:8594a87294e31c5096289b516bd1e2b02185325bf41273133b405cdf2d2114c7", + "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28389", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/advisories/GHSA-7x88-9hgc-69gf", + "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", + "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", + "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", + "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", + "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28389", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.03Z", + "LastModifiedDate": "2026-05-12T13:17:33.637Z" + }, + { + "VulnerabilityID": "CVE-2026-28390", + "PkgID": "libcrypto3@3.5.1-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d1c0fc0b189b35f2" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:bd95d1fbe08ba492969ca41ffab97291bb4ced080e2be85499512f7a0b3f11d8", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28390", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", + "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", + "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", + "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", + "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28390", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.19Z", + "LastModifiedDate": "2026-05-12T13:17:33.81Z" + }, + { + "VulnerabilityID": "CVE-2025-11187", + "PkgID": "libcrypto3@3.5.1-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d1c0fc0b189b35f2" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11187", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:0792d5a15f9bad99fddc3e2244ca47a8044b0b37fa0f432066f66db37a6997b2", + "Title": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file", + "Description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476", + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "julia": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-11187", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-hpc7-gcqm-58fv", + "https://github.com/metadust/CVE-2025-11187", + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://linux.oracle.com/cve/CVE-2025-11187.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-11187" + ], + "PublishedDate": "2026-01-27T16:16:14.093Z", + "LastModifiedDate": "2026-03-20T14:16:13.89Z" + }, + { + "VulnerabilityID": "CVE-2025-69419", + "PkgID": "libcrypto3@3.5.1-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d1c0fc0b189b35f2" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:5f443c1daefd26598ea7f2b8afe4cfceeb8e4a87fc2dab72b9c2ea06626205ca", + "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", + "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4472", + "https://access.redhat.com/security/cve/CVE-2025-69419", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-4472.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-x77r-97gw-wh89", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://linux.oracle.com/cve/CVE-2025-69419.html", + "https://linux.oracle.com/errata/ELSA-2026-50131.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69419" + ], + "PublishedDate": "2026-01-27T16:16:34.113Z", + "LastModifiedDate": "2026-05-12T13:17:26.19Z" + }, + { + "VulnerabilityID": "CVE-2025-9230", + "PkgID": "libcrypto3@3.5.1-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d1c0fc0b189b35f2" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.4-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:8e3f6ef30e8ae427f92a6ad778df4bbacadc2650443c936dae7e854dcb882b35", + "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", + "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://access.redhat.com/errata/RHSA-2026:2776", + "https://access.redhat.com/security/cve/CVE-2025-9230", + "https://bugzilla.redhat.com/2396054", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", + "https://errata.almalinux.org/9/ALSA-2026-2776.html", + "https://errata.rockylinux.org/RLSA-2025:21255", + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://linux.oracle.com/cve/CVE-2025-9230.html", + "https://linux.oracle.com/errata/ELSA-2026-50114.html", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9230" + ], + "PublishedDate": "2025-09-30T14:15:41.05Z", + "LastModifiedDate": "2026-05-12T13:17:29.767Z" + }, + { + "VulnerabilityID": "CVE-2025-9231", + "PkgID": "libcrypto3@3.5.1-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d1c0fc0b189b35f2" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.4-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:4d4331e30dac86bb13029d885bdf5e6312c1a46337a4d5c7d82bd7e7cf9b8a5a", + "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-385" + ], + "VendorSeverity": { + "amazon": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "http://www.openwall.com/lists/oss-security/2026/05/11/11", + "https://access.redhat.com/security/cve/CVE-2025-9231", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", + "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", + "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", + "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", + "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9231" + ], + "PublishedDate": "2025-09-30T14:15:41.19Z", + "LastModifiedDate": "2026-05-12T13:17:29.927Z" + }, + { + "VulnerabilityID": "CVE-2026-2673", + "PkgID": "libcrypto3@3.5.1-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d1c0fc0b189b35f2" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2673", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:0d40cfaf9dae6fe1af1815afba9cabdccc6bbdbeee062c5607394da8829ea29c", + "Title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group", + "Description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-757" + ], + "VendorSeverity": { + "amazon": 1, + "julia": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/13/3", + "https://access.redhat.com/security/cve/CVE-2026-2673", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-wj64-gh9j-xm82", + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", + "https://openssl-library.org/news/secadv/20260313.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-2673" + ], + "PublishedDate": "2026-03-13T19:54:34.033Z", + "LastModifiedDate": "2026-05-18T20:16:37.763Z" + }, + { + "VulnerabilityID": "CVE-2026-31790", + "PkgID": "libcrypto3@3.5.1-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "d1c0fc0b189b35f2" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:cdde9efac54b3c01aca541164bf8b7bd85c7055e2825502213012f502a9abb06", + "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", + "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31790", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", + "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", + "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", + "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", + "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", + "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31790", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.77Z", + "LastModifiedDate": "2026-05-12T13:17:34.75Z" + }, + { + "VulnerabilityID": "CVE-2026-31789", + "PkgID": "libssl3@3.5.1-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "bba7017a0fcca05c" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:323c524284e4a7efdf8c966e0bbc009de660f7a005b084a69915cc60e605fceb", + "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", + "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "nvd": 4, + "photon": 4, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 5.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31789", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-j79m-9jxq-788r", + "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", + "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", + "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", + "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", + "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31789", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.617Z", + "LastModifiedDate": "2026-05-12T13:17:34.57Z" + }, + { + "VulnerabilityID": "CVE-2025-15467", + "PkgID": "libssl3@3.5.1-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "bba7017a0fcca05c" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:6fcae4faa10b74a6d2ed8a182d8ee877202885f7dbdc42ce09e875d917f21a0a", + "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", + "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 4, + "julia": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6", + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-15467", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", + "https://github.com/guiimoraes/CVE-2025-15467", + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://linux.oracle.com/cve/CVE-2025-15467.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-15467" + ], + "PublishedDate": "2026-01-27T16:16:14.257Z", + "LastModifiedDate": "2026-05-07T18:12:43.253Z" + }, + { + "VulnerabilityID": "CVE-2025-69421", + "PkgID": "libssl3@3.5.1-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "bba7017a0fcca05c" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:9fc0daa80ae0c892305ef3cadd8592d327bf59da149d6ebe7cf8b34788494449", + "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", + "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-69421", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://linux.oracle.com/cve/CVE-2025-69421.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69421" + ], + "PublishedDate": "2026-01-27T16:16:34.437Z", + "LastModifiedDate": "2026-05-12T13:17:26.71Z" + }, + { + "VulnerabilityID": "CVE-2026-28387", + "PkgID": "libssl3@3.5.1-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "bba7017a0fcca05c" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:0edd7cc105e3c9baa2dffd47da9344f8cf926be7981550f2181fbb0d05793ec3", + "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", + "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28387", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", + "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", + "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", + "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", + "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28387", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.7Z", + "LastModifiedDate": "2026-05-12T13:17:33.27Z" + }, + { + "VulnerabilityID": "CVE-2026-28388", + "PkgID": "libssl3@3.5.1-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "bba7017a0fcca05c" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:d2a85940f0fdecc85727d4e8a34a690495968d77c3a79114ecfc9afd28cf50e8", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", + "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28388", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", + "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", + "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", + "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", + "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28388", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.863Z", + "LastModifiedDate": "2026-05-12T13:17:33.453Z" + }, + { + "VulnerabilityID": "CVE-2026-28389", + "PkgID": "libssl3@3.5.1-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "bba7017a0fcca05c" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:6fd21141292a6e7839a12878f7d0f934f59bbb96fb03fa5de99c5562a69e212c", + "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28389", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/advisories/GHSA-7x88-9hgc-69gf", + "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", + "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", + "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", + "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", + "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28389", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.03Z", + "LastModifiedDate": "2026-05-12T13:17:33.637Z" + }, + { + "VulnerabilityID": "CVE-2026-28390", + "PkgID": "libssl3@3.5.1-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "bba7017a0fcca05c" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:eb00dbda761e8feeec54226ba501524212bbb8141ef68e4ec5da1a05eb803ac6", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28390", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", + "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", + "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", + "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", + "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28390", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.19Z", + "LastModifiedDate": "2026-05-12T13:17:33.81Z" + }, + { + "VulnerabilityID": "CVE-2025-11187", + "PkgID": "libssl3@3.5.1-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "bba7017a0fcca05c" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11187", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:9fcad6ba0287c1af2e22e5749311811049ad67116746c2cd2fbbee01298e3ae7", + "Title": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file", + "Description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476", + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "julia": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-11187", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-hpc7-gcqm-58fv", + "https://github.com/metadust/CVE-2025-11187", + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://linux.oracle.com/cve/CVE-2025-11187.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-11187" + ], + "PublishedDate": "2026-01-27T16:16:14.093Z", + "LastModifiedDate": "2026-03-20T14:16:13.89Z" + }, + { + "VulnerabilityID": "CVE-2025-69419", + "PkgID": "libssl3@3.5.1-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "bba7017a0fcca05c" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:e8f22a0afd3491d4f2e46eae0aa82b5379e9b9fa4388902bbe4b8dfd8ee91fe5", + "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", + "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4472", + "https://access.redhat.com/security/cve/CVE-2025-69419", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-4472.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-x77r-97gw-wh89", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://linux.oracle.com/cve/CVE-2025-69419.html", + "https://linux.oracle.com/errata/ELSA-2026-50131.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69419" + ], + "PublishedDate": "2026-01-27T16:16:34.113Z", + "LastModifiedDate": "2026-05-12T13:17:26.19Z" + }, + { + "VulnerabilityID": "CVE-2025-9230", + "PkgID": "libssl3@3.5.1-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "bba7017a0fcca05c" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.4-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:92ec01a2e0fb18531d459f23c51d37cc3c1472da2514e0ce57a8675f4aa945c0", + "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", + "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://access.redhat.com/errata/RHSA-2026:2776", + "https://access.redhat.com/security/cve/CVE-2025-9230", + "https://bugzilla.redhat.com/2396054", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", + "https://errata.almalinux.org/9/ALSA-2026-2776.html", + "https://errata.rockylinux.org/RLSA-2025:21255", + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://linux.oracle.com/cve/CVE-2025-9230.html", + "https://linux.oracle.com/errata/ELSA-2026-50114.html", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9230" + ], + "PublishedDate": "2025-09-30T14:15:41.05Z", + "LastModifiedDate": "2026-05-12T13:17:29.767Z" + }, + { + "VulnerabilityID": "CVE-2025-9231", + "PkgID": "libssl3@3.5.1-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "bba7017a0fcca05c" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.4-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:053957d1c5bed9b5b40a0d51dfe38b5f05df33b774f52d3f54013d1545f83cd4", + "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-385" + ], + "VendorSeverity": { + "amazon": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "http://www.openwall.com/lists/oss-security/2026/05/11/11", + "https://access.redhat.com/security/cve/CVE-2025-9231", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", + "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", + "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", + "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", + "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9231" + ], + "PublishedDate": "2025-09-30T14:15:41.19Z", + "LastModifiedDate": "2026-05-12T13:17:29.927Z" + }, + { + "VulnerabilityID": "CVE-2026-2673", + "PkgID": "libssl3@3.5.1-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "bba7017a0fcca05c" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2673", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:6dc3daeaceead1f05838e4ecc27f1971c9c7331d9d0aa0681aa11e43c1f46307", + "Title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group", + "Description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-757" + ], + "VendorSeverity": { + "amazon": 1, + "julia": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/13/3", + "https://access.redhat.com/security/cve/CVE-2026-2673", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-wj64-gh9j-xm82", + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", + "https://openssl-library.org/news/secadv/20260313.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-2673" + ], + "PublishedDate": "2026-03-13T19:54:34.033Z", + "LastModifiedDate": "2026-05-18T20:16:37.763Z" + }, + { + "VulnerabilityID": "CVE-2026-31790", + "PkgID": "libssl3@3.5.1-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", + "UID": "bba7017a0fcca05c" + }, + "InstalledVersion": "3.5.1-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:2d3794646359a62f07cce055139386de85990b913098b821b111068f37828357", + "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", + "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31790", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", + "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", + "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", + "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", + "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", + "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31790", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.77Z", + "LastModifiedDate": "2026-05-12T13:17:34.75Z" + }, + { + "VulnerabilityID": "CVE-2026-40200", + "PkgID": "musl@1.2.5-r10", + "PkgName": "musl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r10?arch=x86_64\u0026distro=3.22.1", + "UID": "55e7e479f5580f45" + }, + "InstalledVersion": "1.2.5-r10", + "FixedVersion": "1.2.5-r12", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:9907fbedc070ff7ce48d16a6f1e3c7810930be6eec102214fe4cfa99f77f8473", + "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", + "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-670" + ], + "VendorSeverity": { + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/10/13", + "https://access.redhat.com/security/cve/CVE-2026-40200", + "https://musl.libc.org/releases.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", + "https://www.cve.org/CVERecord?id=CVE-2026-40200", + "https://www.openwall.com/lists/oss-security/2026/04/10/13" + ], + "PublishedDate": "2026-04-10T17:17:14.107Z", + "LastModifiedDate": "2026-04-27T19:18:46.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6042", + "PkgID": "musl@1.2.5-r10", + "PkgName": "musl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r10?arch=x86_64\u0026distro=3.22.1", + "UID": "55e7e479f5580f45" + }, + "InstalledVersion": "1.2.5-r10", + "FixedVersion": "1.2.5-r11", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:3358b3608db15a32a51dc985d961a2280365f1a45d6a1e2d163c519a9b42ac49", + "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", + "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-404", + "CWE-407" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/09/19", + "https://access.redhat.com/security/cve/CVE-2026-6042", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", + "https://vuldb.com/submit/796352", + "https://vuldb.com/vuln/356620", + "https://vuldb.com/vuln/356620/cti", + "https://www.cve.org/CVERecord?id=CVE-2026-6042", + "https://www.openwall.com/lists/oss-security/2026/04/02/10", + "https://www.openwall.com/lists/oss-security/2026/04/03/2" + ], + "PublishedDate": "2026-04-10T09:16:25.45Z", + "LastModifiedDate": "2026-04-24T18:01:13.913Z" + }, + { + "VulnerabilityID": "CVE-2026-40200", + "PkgID": "musl-utils@1.2.5-r10", + "PkgName": "musl-utils", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r10?arch=x86_64\u0026distro=3.22.1", + "UID": "73256102bfd5faee" + }, + "InstalledVersion": "1.2.5-r10", + "FixedVersion": "1.2.5-r12", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:3e5f3abe52ebd949b494c9b7f09ca1b2bef01a1957cd02190ce7a06a5a03f889", + "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", + "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-670" + ], + "VendorSeverity": { + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/10/13", + "https://access.redhat.com/security/cve/CVE-2026-40200", + "https://musl.libc.org/releases.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", + "https://www.cve.org/CVERecord?id=CVE-2026-40200", + "https://www.openwall.com/lists/oss-security/2026/04/10/13" + ], + "PublishedDate": "2026-04-10T17:17:14.107Z", + "LastModifiedDate": "2026-04-27T19:18:46.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6042", + "PkgID": "musl-utils@1.2.5-r10", + "PkgName": "musl-utils", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r10?arch=x86_64\u0026distro=3.22.1", + "UID": "73256102bfd5faee" + }, + "InstalledVersion": "1.2.5-r10", + "FixedVersion": "1.2.5-r11", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:bcb531ca5319a9af5669ab20957b226e4cc8005b18ce12abed28303ef1b2cddf", + "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", + "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-404", + "CWE-407" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/09/19", + "https://access.redhat.com/security/cve/CVE-2026-6042", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", + "https://vuldb.com/submit/796352", + "https://vuldb.com/vuln/356620", + "https://vuldb.com/vuln/356620/cti", + "https://www.cve.org/CVERecord?id=CVE-2026-6042", + "https://www.openwall.com/lists/oss-security/2026/04/02/10", + "https://www.openwall.com/lists/oss-security/2026/04/03/2" + ], + "PublishedDate": "2026-04-10T09:16:25.45Z", + "LastModifiedDate": "2026-04-24T18:01:13.913Z" + }, + { + "VulnerabilityID": "CVE-2024-58251", + "PkgID": "ssl_client@1.37.0-r18", + "PkgName": "ssl_client", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r18?arch=x86_64\u0026distro=3.22.1", + "UID": "24ada6e59ed92743" + }, + "InstalledVersion": "1.37.0-r18", + "FixedVersion": "1.37.0-r20", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:15c92ce5a74bb7a59425d44219a60c1c6ea4c0ff6b635fe2a79a092c62b5c796", + "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", + "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/23/6", + "https://bugs.busybox.net/show_bug.cgi?id=15922", + "https://www.busybox.net", + "https://www.busybox.net/downloads/", + "https://www.cve.org/CVERecord?id=CVE-2024-58251" + ], + "PublishedDate": "2025-04-23T18:16:03.057Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2026-22184", + "PkgID": "zlib@1.3.1-r2", + "PkgName": "zlib", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.22.1", + "UID": "23095b6210429e11" + }, + "InstalledVersion": "1.3.1-r2", + "FixedVersion": "1.3.2-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22184", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:9bdeaa0429925c6452a5666724fa1b346c9849288a1ccfe48e1c9735c2a25e20", + "Title": "zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility", + "Description": "zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "nvd": 3, + "redhat": 3 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 8.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-22184", + "https://github.com/madler/zlib", + "https://github.com/madler/zlib/issues/1142", + "https://nvd.nist.gov/vuln/detail/CVE-2026-22184", + "https://seclists.org/fulldisclosure/2026/Jan/3", + "https://www.cve.org/CVERecord?id=CVE-2026-22184", + "https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname", + "https://zlib.net/" + ], + "PublishedDate": "2026-01-07T21:16:01.563Z", + "LastModifiedDate": "2026-03-18T16:26:31.14Z" + }, + { + "VulnerabilityID": "CVE-2026-27171", + "PkgID": "zlib@1.3.1-r2", + "PkgName": "zlib", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.22.1", + "UID": "23095b6210429e11" + }, + "InstalledVersion": "1.3.1-r2", + "FixedVersion": "1.3.2-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", + "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:c528dfd0dc55341f7129afe8e9a623d31bd13987bd9cbb79d60565431764efa1", + "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", + "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1284" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 1, + "cbl-mariner": 1, + "julia": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://access.redhat.com/security/cve/CVE-2026-27171", + "https://github.com/advisories/GHSA-h858-mf2m-8jf4", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "https://ostif.org/zlib-audit-complete", + "https://ostif.org/zlib-audit-complete/", + "https://www.cve.org/CVERecord?id=CVE-2026-27171" + ], + "PublishedDate": "2026-02-18T04:16:01.263Z", + "LastModifiedDate": "2026-03-25T21:27:04.603Z" + } + ] + }, + { + "Target": "app/ssh_locker_web", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "stdlib@v1.24.7", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "Version": "v1.24.7", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/duosecurity/duo_universal_golang@v1.1.0", + "Name": "github.com/duosecurity/duo_universal_golang", + "Identifier": { + "PURL": "pkg:golang/github.com/duosecurity/duo_universal_golang@v1.1.0", + "UID": "8b052f2b96fcf7ca" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/lestrrat-go/backoff/v2@v2.0.8", + "Name": "github.com/lestrrat-go/backoff/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/lestrrat-go/backoff/v2@v2.0.8", + "UID": "1a88fd448f268369" + }, + "Version": "v2.0.8", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/lestrrat-go/blackmagic@v1.0.2", + "Name": "github.com/lestrrat-go/blackmagic", + "Identifier": { + "PURL": "pkg:golang/github.com/lestrrat-go/blackmagic@v1.0.2", + "UID": "3e760dc12695d535" + }, + "Version": "v1.0.2", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/lestrrat-go/httpcc@v1.0.1", + "Name": "github.com/lestrrat-go/httpcc", + "Identifier": { + "PURL": "pkg:golang/github.com/lestrrat-go/httpcc@v1.0.1", + "UID": "f2110ad84bec7b9e" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/lestrrat-go/iter@v1.0.2", + "Name": "github.com/lestrrat-go/iter", + "Identifier": { + "PURL": "pkg:golang/github.com/lestrrat-go/iter@v1.0.2", + "UID": "8aab4823e5a3d472" + }, + "Version": "v1.0.2", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/lestrrat-go/jwx@v1.2.29", + "Name": "github.com/lestrrat-go/jwx", + "Identifier": { + "PURL": "pkg:golang/github.com/lestrrat-go/jwx@v1.2.29", + "UID": "bf90cce98483088" + }, + "Version": "v1.2.29", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/lestrrat-go/option@v1.0.1", + "Name": "github.com/lestrrat-go/option", + "Identifier": { + "PURL": "pkg:golang/github.com/lestrrat-go/option@v1.0.1", + "UID": "5dfbf0265d50f6f9" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pkg/errors@v0.9.1", + "Name": "github.com/pkg/errors", + "Identifier": { + "PURL": "pkg:golang/github.com/pkg/errors@v0.9.1", + "UID": "b368c6aa19b24d50" + }, + "Version": "v0.9.1", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/crypto@v0.36.0", + "Name": "golang.org/x/crypto", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.36.0", + "UID": "c9f475005b164875" + }, + "Version": "v0.36.0", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2025-47914", + "VendorIDs": [ + "GHSA-f6x5-jh6r-wrfv" + ], + "PkgID": "golang.org/x/crypto@v0.36.0", + "PkgName": "golang.org/x/crypto", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.36.0", + "UID": "c9f475005b164875" + }, + "InstalledVersion": "v0.36.0", + "FixedVersion": "0.45.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47914", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:92940da5a35050942b7ae9adc4ce46c4ea6fae834c71dcc153ff6d169a340a8f", + "Title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages", + "Description": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "amazon": 2, + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-47914", + "https://go.dev/cl/721960", + "https://go.dev/issue/76364", + "https://go.googlesource.com/crypto", + "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47914", + "https://pkg.go.dev/vuln/GO-2025-4135", + "https://www.cve.org/CVERecord?id=CVE-2025-47914" + ], + "PublishedDate": "2025-11-19T21:15:50.517Z", + "LastModifiedDate": "2025-12-11T19:36:41.373Z" + }, + { + "VulnerabilityID": "CVE-2025-58181", + "VendorIDs": [ + "GHSA-j5w8-q4qc-rx2x" + ], + "PkgID": "golang.org/x/crypto@v0.36.0", + "PkgName": "golang.org/x/crypto", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.36.0", + "UID": "c9f475005b164875" + }, + "InstalledVersion": "v0.36.0", + "FixedVersion": "0.45.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58181", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:9449f4bb7b173d45f1d34f59a7fc267edc463aee63a098b50a435f10f3d3fa90", + "Title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication", + "Description": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-58181", + "https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c", + "https://github.com/golang/go/issues/76363", + "https://go.dev/cl/721961", + "https://go.dev/issue/76363", + "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA", + "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA?pli=1", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58181", + "https://pkg.go.dev/vuln/GO-2025-4134", + "https://ubuntu.com/security/notices/USN-7956-1", + "https://www.cve.org/CVERecord?id=CVE-2025-58181" + ], + "PublishedDate": "2025-11-19T21:15:50.85Z", + "LastModifiedDate": "2025-12-11T19:29:24.9Z" + }, + { + "VulnerabilityID": "CVE-2025-68121", + "VendorIDs": [ + "GO-2026-4337" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c80ffe4a7f349cfe1135a70ffbcfc78c5433368c81b6a19de477c9338c4779cb", + "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", + "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 4, + "cbl-mariner": 2, + "nvd": 4, + "oracle-oval": 3, + "photon": 4, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-68121", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://github.com/golang/go/issues/77113", + "https://go.dev/cl/737700", + "https://go.dev/issue/77217", + "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-68121.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", + "https://pkg.go.dev/vuln/GO-2026-4337", + "https://www.cve.org/CVERecord?id=CVE-2025-68121" + ], + "PublishedDate": "2026-02-05T18:16:10.857Z", + "LastModifiedDate": "2026-04-29T14:16:16.17Z" + }, + { + "VulnerabilityID": "CVE-2025-61726", + "VendorIDs": [ + "GO-2026-4341" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f5555ddfc5245ca9f92a34fbef2c10b119696474fc3ba31084551beddedae685", + "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", + "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 3, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-61726", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://go.dev/cl/736712", + "https://go.dev/issue/77101", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61726.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", + "https://pkg.go.dev/vuln/GO-2026-4341", + "https://www.cve.org/CVERecord?id=CVE-2025-61726" + ], + "PublishedDate": "2026-01-28T20:16:09.713Z", + "LastModifiedDate": "2026-02-06T18:47:34.52Z" + }, + { + "VulnerabilityID": "CVE-2025-61729", + "VendorIDs": [ + "GO-2025-4155" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6490541b11fdac99b886be4caa7501a36d53e65b9036907cad93e933ebc5abba", + "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", + "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 1, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3928", + "https://access.redhat.com/security/cve/CVE-2025-61729", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3928.html", + "https://errata.rockylinux.org/RLSA-2026:3928", + "https://go.dev/cl/725920", + "https://go.dev/issue/76445", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://linux.oracle.com/cve/CVE-2025-61729.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", + "https://pkg.go.dev/vuln/GO-2025-4155", + "https://www.cve.org/CVERecord?id=CVE-2025-61729" + ], + "PublishedDate": "2025-12-02T19:15:51.447Z", + "LastModifiedDate": "2025-12-19T18:25:28.283Z" + }, + { + "VulnerabilityID": "CVE-2026-25679", + "VendorIDs": [ + "GO-2026-4601" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:341f8e3b29fae111036b264ed7943095c1e15f8bda6189c353bdfbd4d6a8cd15", + "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", + "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-425" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9044", + "https://access.redhat.com/security/cve/CVE-2026-25679", + "https://bugzilla.redhat.com/2445356", + "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", + "https://errata.almalinux.org/9/ALSA-2026-9044.html", + "https://errata.rockylinux.org/RLSA-2026:8841", + "https://go.dev/cl/752180", + "https://go.dev/issue/77578", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://linux.oracle.com/cve/CVE-2026-25679.html", + "https://linux.oracle.com/errata/ELSA-2026-9044.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", + "https://pkg.go.dev/vuln/GO-2026-4601", + "https://www.cve.org/CVERecord?id=CVE-2026-25679" + ], + "PublishedDate": "2026-03-06T22:16:00.72Z", + "LastModifiedDate": "2026-04-21T14:43:03.8Z" + }, + { + "VulnerabilityID": "CVE-2026-32280", + "VendorIDs": [ + "GO-2026-4947" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:41d5cb96588041456d35afe8b1c33971e5aef669a80087a0f184abe7c7613f1c", + "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", + "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32280", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/758320", + "https://go.dev/issue/78282", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32280.html", + "https://linux.oracle.com/errata/ELSA-2026-16875.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", + "https://pkg.go.dev/vuln/GO-2026-4947", + "https://www.cve.org/CVERecord?id=CVE-2026-32280" + ], + "PublishedDate": "2026-04-08T02:16:03.247Z", + "LastModifiedDate": "2026-04-16T19:16:42.18Z" + }, + { + "VulnerabilityID": "CVE-2026-32281", + "VendorIDs": [ + "GO-2026-4946" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:01696719d498ea82d89a4f44a0f8271c0fac9b05734f643cff7a7215761dc6dd", + "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", + "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32281", + "https://go.dev/cl/758061", + "https://go.dev/issue/78281", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", + "https://pkg.go.dev/vuln/GO-2026-4946", + "https://www.cve.org/CVERecord?id=CVE-2026-32281" + ], + "PublishedDate": "2026-04-08T02:16:03.35Z", + "LastModifiedDate": "2026-04-16T19:15:57.75Z" + }, + { + "VulnerabilityID": "CVE-2026-32283", + "VendorIDs": [ + "GO-2026-4870" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:34d9088de69c5531e3507b47c34fc8bff8e87a2d1987f4363ca643f3473dc7c6", + "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", + "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32283", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763767", + "https://go.dev/issue/78334", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32283.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", + "https://pkg.go.dev/vuln/GO-2026-4870", + "https://www.cve.org/CVERecord?id=CVE-2026-32283" + ], + "PublishedDate": "2026-04-08T02:16:03.58Z", + "LastModifiedDate": "2026-04-16T19:12:10.54Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:466025c6b3bba9a0133d30c703c7bf6beb197ca0383c93c5b5dc87480fe5169e", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e9d43c45c41b019b44509e38a585affdc1cdb31740bf4ac7b1d87c119f33acb0", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:114ebaa4933fa422bcc494d043388fbf74173c76241a7cc339ff0a096d85b3e5", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d9850383b5d1a0ad019f696fd66d679afa421b427920aac2118db0053d42645d", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ab36926b06724a69e6c99a17179945abfecd4e6699b863236b263001857767c9", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2025-47912", + "VendorIDs": [ + "GO-2025-4010" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1b1c761f6cd7142adf931cccaa50028cf1eac796f5b6723ad46639a8c03c3301", + "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", + "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-47912", + "https://go.dev/cl/709857", + "https://go.dev/issue/75678", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", + "https://pkg.go.dev/vuln/GO-2025-4010", + "https://www.cve.org/CVERecord?id=CVE-2025-47912" + ], + "PublishedDate": "2025-10-29T23:16:18.187Z", + "LastModifiedDate": "2026-01-29T13:57:18.69Z" + }, + { + "VulnerabilityID": "CVE-2025-58183", + "VendorIDs": [ + "GO-2025-4014" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d82b0a3ef96c490902bdfa83360ca029df06643dc3b453caf9bd6c0d0b1a119a", + "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", + "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/errata/RHSA-2026:1381", + "https://access.redhat.com/security/cve/CVE-2025-58183", + "https://bugzilla.redhat.com/2407258", + "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", + "https://errata.almalinux.org/9/ALSA-2026-1381.html", + "https://errata.rockylinux.org/RLSA-2025:23326", + "https://go.dev/cl/709861", + "https://go.dev/issue/75677", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://linux.oracle.com/cve/CVE-2025-58183.html", + "https://linux.oracle.com/errata/ELSA-2026-50076.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", + "https://pkg.go.dev/vuln/GO-2025-4014", + "https://www.cve.org/CVERecord?id=CVE-2025-58183" + ], + "PublishedDate": "2025-10-29T23:16:19.357Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-58185", + "VendorIDs": [ + "GO-2025-4011" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c07a7bf98db73ee435819ca7d3d5b962d76fe60d9ba24f0c2e03fafa69bb4bfa", + "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", + "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58185", + "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", + "https://go.dev/cl/709856", + "https://go.dev/issue/75671", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", + "https://pkg.go.dev/vuln/GO-2025-4011", + "https://www.cve.org/CVERecord?id=CVE-2025-58185" + ], + "PublishedDate": "2025-10-29T23:16:19.45Z", + "LastModifiedDate": "2026-02-06T20:26:41.997Z" + }, + { + "VulnerabilityID": "CVE-2025-58187", + "VendorIDs": [ + "GO-2025-4007" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.24.9, 1.25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:aec2a9a5f142e0eb1feda9b5e33c019fbc83332a1b01ccce34a5e6ef8f3d2e0f", + "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", + "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58187", + "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", + "https://go.dev/cl/709854", + "https://go.dev/issue/75681", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", + "https://pkg.go.dev/vuln/GO-2025-4007", + "https://www.cve.org/CVERecord?id=CVE-2025-58187" + ], + "PublishedDate": "2025-10-29T23:16:19.643Z", + "LastModifiedDate": "2026-01-29T16:02:27.08Z" + }, + { + "VulnerabilityID": "CVE-2025-58188", + "VendorIDs": [ + "GO-2025-4013" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:066f191d4714b932eef3672ad02cc6fad8252671d6263743021b5233f78ffaa8", + "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", + "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58188", + "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", + "https://go.dev/cl/709853", + "https://go.dev/issue/75675", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", + "https://pkg.go.dev/vuln/GO-2025-4013", + "https://www.cve.org/CVERecord?id=CVE-2025-58188" + ], + "PublishedDate": "2025-10-29T23:16:19.74Z", + "LastModifiedDate": "2026-01-29T15:55:11.97Z" + }, + { + "VulnerabilityID": "CVE-2025-58189", + "VendorIDs": [ + "GO-2025-4008" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f259a05fa81b188a72724a523767311fa9a161c8897bbcca0f766604577cf6f1", + "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", + "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-532" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58189", + "https://go.dev/cl/707776", + "https://go.dev/issue/75652", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", + "https://pkg.go.dev/vuln/GO-2025-4008", + "https://www.cve.org/CVERecord?id=CVE-2025-58189" + ], + "PublishedDate": "2025-10-29T23:16:19.833Z", + "LastModifiedDate": "2026-01-29T15:49:24.543Z" + }, + { + "VulnerabilityID": "CVE-2025-61723", + "VendorIDs": [ + "GO-2025-4009" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3d195901c8d008c8e4f7383d6ddec9a51aa3e87b522a947bfa2c7a633ef0e361", + "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", + "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61723", + "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", + "https://go.dev/cl/709858", + "https://go.dev/issue/75676", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", + "https://pkg.go.dev/vuln/GO-2025-4009", + "https://www.cve.org/CVERecord?id=CVE-2025-61723" + ], + "PublishedDate": "2025-10-29T23:16:19.927Z", + "LastModifiedDate": "2026-01-29T15:49:05.343Z" + }, + { + "VulnerabilityID": "CVE-2025-61724", + "VendorIDs": [ + "GO-2025-4015" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9ae639f9cc9fcf128f63fc376dfd256a38eb8cec9df0d1b190065886d7c1c7f0", + "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", + "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61724", + "https://go.dev/cl/709859", + "https://go.dev/issue/75716", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", + "https://pkg.go.dev/vuln/GO-2025-4015", + "https://www.cve.org/CVERecord?id=CVE-2025-61724" + ], + "PublishedDate": "2025-10-29T23:16:20.02Z", + "LastModifiedDate": "2026-01-29T15:30:53.69Z" + }, + { + "VulnerabilityID": "CVE-2025-61725", + "VendorIDs": [ + "GO-2025-4006" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3efc70e7c3b0b8adf0b6def5c7c74fb3d2624015ecdf9b78ae4c0ab3c33cee81", + "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", + "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61725", + "https://go.dev/cl/709860", + "https://go.dev/issue/75680", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", + "https://pkg.go.dev/vuln/GO-2025-4006", + "https://www.cve.org/CVERecord?id=CVE-2025-61725" + ], + "PublishedDate": "2025-10-29T23:16:20.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61727", + "VendorIDs": [ + "GO-2025-4175" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:65443e0da89046060a66005167f1bc68401c8ffd03ce618cd4246a21e7c3e47b", + "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", + "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61727", + "https://go.dev/cl/723900", + "https://go.dev/issue/76442", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", + "https://pkg.go.dev/vuln/GO-2025-4175", + "https://www.cve.org/CVERecord?id=CVE-2025-61727" + ], + "PublishedDate": "2025-12-03T20:16:25.607Z", + "LastModifiedDate": "2025-12-18T20:15:10.957Z" + }, + { + "VulnerabilityID": "CVE-2025-61728", + "VendorIDs": [ + "GO-2026-4342" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:eba964b78007e547afb5f22936489a612330d99c7fba09a06295c4456bd751b6", + "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", + "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/15/4", + "https://access.redhat.com/errata/RHSA-2026:3753", + "https://access.redhat.com/security/cve/CVE-2025-61728", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434431", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3753.html", + "https://errata.rockylinux.org/RLSA-2026:3337", + "https://go.dev/cl/736713", + "https://go.dev/issue/77102", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61728.html", + "https://linux.oracle.com/errata/ELSA-2026-4672.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", + "https://pkg.go.dev/vuln/GO-2026-4342", + "https://www.cve.org/CVERecord?id=CVE-2025-61728" + ], + "PublishedDate": "2026-01-28T20:16:09.83Z", + "LastModifiedDate": "2026-02-06T18:45:10.42Z" + }, + { + "VulnerabilityID": "CVE-2025-61730", + "VendorIDs": [ + "GO-2026-4340" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f22a64189fa4a03d0a2897f88a3da7c712869aa8e6a37d2cd397f6d6f31a7aaa", + "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", + "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "bitnami": 2, + "cbl-mariner": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61730", + "https://go.dev/cl/724120", + "https://go.dev/issue/76443", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", + "https://pkg.go.dev/vuln/GO-2026-4340", + "https://www.cve.org/CVERecord?id=CVE-2025-61730" + ], + "PublishedDate": "2026-01-28T20:16:09.94Z", + "LastModifiedDate": "2026-02-03T20:36:41.3Z" + }, + { + "VulnerabilityID": "CVE-2026-27142", + "VendorIDs": [ + "GO-2026-4603" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3639d4e64ee9df86f175f425b8a7883553c8b362c77abb51682e147b6a5f5023", + "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", + "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27142", + "https://go.dev/cl/752081", + "https://go.dev/issue/77954", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", + "https://pkg.go.dev/vuln/GO-2026-4603", + "https://www.cve.org/CVERecord?id=CVE-2026-27142" + ], + "PublishedDate": "2026-03-06T22:16:01.177Z", + "LastModifiedDate": "2026-04-21T14:30:01.38Z" + }, + { + "VulnerabilityID": "CVE-2026-32282", + "VendorIDs": [ + "GO-2026-4864" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:cf38063c621e725f10127aa9b81806a4231b1883e7133e9f4ff1bd28c82aa3ce", + "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", + "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32282", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763761", + "https://go.dev/issue/78293", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32282.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", + "https://pkg.go.dev/vuln/GO-2026-4864", + "https://www.cve.org/CVERecord?id=CVE-2026-32282" + ], + "PublishedDate": "2026-04-08T02:16:03.467Z", + "LastModifiedDate": "2026-04-16T19:15:39.4Z" + }, + { + "VulnerabilityID": "CVE-2026-32288", + "VendorIDs": [ + "GO-2026-4869" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:08e961bc0029ace81311301e96c597fbcb0ba4d5ac532cff55f06cad01f40156", + "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", + "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32288", + "https://go.dev/cl/763766", + "https://go.dev/issue/78301", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", + "https://pkg.go.dev/vuln/GO-2026-4869", + "https://www.cve.org/CVERecord?id=CVE-2026-32288" + ], + "PublishedDate": "2026-04-08T02:16:03.707Z", + "LastModifiedDate": "2026-04-16T19:08:52.24Z" + }, + { + "VulnerabilityID": "CVE-2026-32289", + "VendorIDs": [ + "GO-2026-4865" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:52866a306ed5c966211b322f6182121368b03b89fedd234c5cb19584a6031a25", + "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", + "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32289", + "https://go.dev/cl/763762", + "https://go.dev/issue/78331", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", + "https://pkg.go.dev/vuln/GO-2026-4865", + "https://www.cve.org/CVERecord?id=CVE-2026-32289" + ], + "PublishedDate": "2026-04-08T02:16:03.82Z", + "LastModifiedDate": "2026-04-16T19:06:57.367Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6186520bf092fae88ce974a7344e33a071d8744e2e5a313d8f10e8c498f03963", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b9a3600f8e120416bef05de29f59ee6f6ef927def7542fc8fbb0603015792636", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.24.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.7", + "UID": "5eb25d5de04fe642" + }, + "InstalledVersion": "v1.24.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", + "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:379a84a81ef17fc8e502e03675cd976ac6471570121993bb483b8625b06894f1", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + } + ] + }, + { + "Namespace": "website", + "Kind": "Deployment", + "Name": "website-app", + "Metadata": [ + { + "Size": 63648256, + "OS": { + "Family": "alpine", + "Name": "3.23.4" + }, + "ImageID": "sha256:a5e688db1e7424e08d0ff019d3c9962f2f6ceef71ca53227b06fe8ec7b47ed35", + "DiffIDs": [ + "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1", + "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8", + "sha256:a1de419deb2439bf43af32ecd89cbdf0ca2aaa6faacf582011c37b5201a532e7", + "sha256:ad5fa0a24cd87e37fb848811a92c2a08f294e35e0cf5da9c1869b6c91a076505", + "sha256:6f189167f676fd6d05ce1e4077551cd67098c61e7e6a74ef470628be9a811b48", + "sha256:6b7f4e280528c3a7b1708bb91457637bbe8067349b8237c0a74e21e81bdf9ac0", + "sha256:ffd61943588a7a1e97a432e5c4e60e10844afe2933a16a32c14d8fdf5f3c5b32", + "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + ], + "RepoTags": [ + "nginx:stable-alpine" + ], + "RepoDigests": [ + "nginx@sha256:c819f83c54b0361f5557601bf5eb4943d09360e7a7fdf426afc466570f45874d" + ], + "Reference": "nginx:stable-alpine", + "ImageConfig": { + "architecture": "amd64", + "created": "2026-05-19T21:17:45.223455148Z", + "history": [ + { + "created": "2026-04-15T20:01:40.139676757Z", + "created_by": "ADD alpine-minirootfs-3.23.4-x86_64.tar.gz / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-04-15T20:01:40.139676757Z", + "created_by": "CMD [\"/bin/sh\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T20:15:20.614381563Z", + "created_by": "LABEL maintainer=NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T20:15:20.614381563Z", + "created_by": "ENV NGINX_VERSION=1.30.1", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T20:15:20.614381563Z", + "created_by": "ENV PKG_RELEASE=1", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T20:15:20.614381563Z", + "created_by": "ENV DYNPKG_RELEASE=1", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T20:15:20.614381563Z", + "created_by": "RUN /bin/sh -c set -x \u0026\u0026 addgroup -g 101 -S nginx \u0026\u0026 adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \u0026\u0026 apkArch=\"$(cat /etc/apk/arch)\" \u0026\u0026 nginxPackages=\" nginx=${NGINX_VERSION}-r${PKG_RELEASE} \" \u0026\u0026 apk add --no-cache --virtual .checksum-deps openssl \u0026\u0026 case \"$apkArch\" in x86_64|aarch64) set -x \u0026\u0026 KEY_SHA512=\"e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655\" \u0026\u0026 wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \u0026\u0026 if echo \"$KEY_SHA512 */tmp/nginx_signing.rsa.pub\" | sha512sum -c -; then echo \"key verification succeeded!\"; mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; else echo \"key verification failed!\"; exit 1; fi \u0026\u0026 DEPS=$(apk query --summarize depends --recursive --no-cache --repository \"@nginxorg https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\\.[0-9]+' /etc/alpine-release)/main\" ${nginxPackages/=/@nginxorg=}) \u0026\u0026 apk add --no-cache $DEPS \u0026\u0026 apk add --repositories-file /dev/null -X \"https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\\.[0-9]+' /etc/alpine-release)/main\" --no-cache $nginxPackages ;; *) set -x \u0026\u0026 tempDir=\"$(mktemp -d)\" \u0026\u0026 chown nobody:nobody $tempDir \u0026\u0026 apk add --no-cache --virtual .build-deps gcc libc-dev make openssl-dev pcre2-dev zlib-dev linux-headers bash alpine-sdk findutils curl \u0026\u0026 su nobody -s /bin/sh -c \" export HOME=${tempDir} \u0026\u0026 cd ${tempDir} \u0026\u0026 curl -f -L -O https://github.com/nginx/pkg-oss/archive/3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz \u0026\u0026 PKGOSSCHECKSUM=\\\"83a117b77bf3f1ce7f227b75712766c1dec6bcfae0f1f87a9d522d1ef9b66a8ca550c3c0835b82e74e1242284be65126a1858a4fabd1dc9969ce8a7fd8e4681b *3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz\\\" \u0026\u0026 if [ \\\"\\$(openssl sha512 -r 3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz)\\\" = \\\"\\$PKGOSSCHECKSUM\\\" ]; then echo \\\"pkg-oss tarball checksum verification succeeded!\\\"; else echo \\\"pkg-oss tarball checksum verification failed!\\\"; exit 1; fi \u0026\u0026 tar xzvf 3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz \u0026\u0026 cd pkg-oss-3fdb8a9a864e5680a1d432aab681e40b7e269bb4 \u0026\u0026 cd alpine \u0026\u0026 make base \u0026\u0026 apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \u0026\u0026 abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \" \u0026\u0026 cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \u0026\u0026 apk del --no-network .build-deps \u0026\u0026 DEPS=$(apk query --summarize depends --recursive --no-cache --repository \"@nginxorg ${tempDir}/packages/alpine/\" ${nginxPackages/=/@nginxorg=}) \u0026\u0026 apk add --no-cache $DEPS \u0026\u0026 apk add --repositories-file /dev/null -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages ;; esac \u0026\u0026 apk del --no-network .checksum-deps \u0026\u0026 if [ -n \"$tempDir\" ]; then rm -rf \"$tempDir\"; fi \u0026\u0026 if [ -f \"/etc/apk/keys/abuild-key.rsa.pub\" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \u0026\u0026 apk add --no-cache gettext-envsubst \u0026\u0026 apk add --no-cache tzdata \u0026\u0026 ln -sf /dev/stdout /var/log/nginx/access.log \u0026\u0026 ln -sf /dev/stderr /var/log/nginx/error.log \u0026\u0026 mkdir /docker-entrypoint.d # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-19T20:15:20.637067551Z", + "created_by": "COPY docker-entrypoint.sh / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-19T20:15:20.653413667Z", + "created_by": "COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-19T20:15:20.67373055Z", + "created_by": "COPY 15-local-resolvers.envsh /docker-entrypoint.d # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-19T20:15:20.693399875Z", + "created_by": "COPY 20-envsubst-on-templates.sh /docker-entrypoint.d # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-19T20:15:20.71218327Z", + "created_by": "COPY 30-tune-worker-processes.sh /docker-entrypoint.d # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-19T20:15:20.71218327Z", + "created_by": "ENTRYPOINT [\"/docker-entrypoint.sh\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T20:15:20.71218327Z", + "created_by": "EXPOSE map[80/tcp:{}]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T20:15:20.71218327Z", + "created_by": "STOPSIGNAL SIGQUIT", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T20:15:20.71218327Z", + "created_by": "CMD [\"nginx\" \"-g\" \"daemon off;\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T21:17:45.223455148Z", + "created_by": "ENV NJS_VERSION=0.9.9", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T21:17:45.223455148Z", + "created_by": "ENV NJS_RELEASE=1", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T21:17:45.223455148Z", + "created_by": "ENV ACME_VERSION=0.4.1", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T21:17:45.223455148Z", + "created_by": "RUN /bin/sh -c set -x \u0026\u0026 apkArch=\"$(cat /etc/apk/arch)\" \u0026\u0026 nginxPackages=\" nginx=${NGINX_VERSION}-r${PKG_RELEASE} nginx-module-xslt=${NGINX_VERSION}-r${DYNPKG_RELEASE} nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} nginx-module-acme=${NGINX_VERSION}.${ACME_VERSION}-r${PKG_RELEASE} \" \u0026\u0026 apk add --no-cache --virtual .checksum-deps openssl \u0026\u0026 case \"$apkArch\" in x86_64|aarch64) apk add -X \"https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\\.[0-9]+' /etc/alpine-release)/main\" --no-cache $nginxPackages ;; *) set -x \u0026\u0026 tempDir=\"$(mktemp -d)\" \u0026\u0026 chown nobody:nobody $tempDir \u0026\u0026 apk add --no-cache --virtual .build-deps gcc libc-dev make openssl-dev pcre2-dev zlib-dev linux-headers libxslt-dev gd-dev geoip-dev libedit-dev bash alpine-sdk findutils curl cargo clang-libclang \u0026\u0026 su nobody -s /bin/sh -c \" export HOME=${tempDir} \u0026\u0026 cd ${tempDir} \u0026\u0026 curl -f -L -O https://github.com/nginx/pkg-oss/archive/3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz \u0026\u0026 PKGOSSCHECKSUM=\\\"83a117b77bf3f1ce7f227b75712766c1dec6bcfae0f1f87a9d522d1ef9b66a8ca550c3c0835b82e74e1242284be65126a1858a4fabd1dc9969ce8a7fd8e4681b *3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz\\\" \u0026\u0026 if [ \\\"\\$(openssl sha512 -r 3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz)\\\" = \\\"\\$PKGOSSCHECKSUM\\\" ]; then echo \\\"pkg-oss tarball checksum verification succeeded!\\\"; else echo \\\"pkg-oss tarball checksum verification failed!\\\"; exit 1; fi \u0026\u0026 tar xzvf 3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz \u0026\u0026 cd pkg-oss-3fdb8a9a864e5680a1d432aab681e40b7e269bb4 \u0026\u0026 cd alpine \u0026\u0026 export BUILDTARGET=\\\"module-geoip module-image-filter module-njs module-xslt module-acme\\\" \u0026\u0026 if [ \\\"\\$(apk --print-arch)\\\" = \\\"armhf\\\" ]; then BUILDTARGET=\\\"\\$( echo \\$BUILDTARGET | sed 's,module-acme,,' )\\\"; fi \u0026\u0026 make \\$BUILDTARGET \u0026\u0026 apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \u0026\u0026 abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \" \u0026\u0026 cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \u0026\u0026 apk del --no-network .build-deps \u0026\u0026 if [ \"$apkArch\" = \"armhf\" ]; then nginxPackages=\"$( echo $nginxPackages | sed 's,nginx-module-acme=.*,,')\"; fi \u0026\u0026 apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages ;; esac \u0026\u0026 apk del --no-network .checksum-deps \u0026\u0026 if [ -n \"$tempDir\" ]; then rm -rf \"$tempDir\"; fi \u0026\u0026 if [ -f \"/etc/apk/keys/abuild-key.rsa.pub\" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \u0026\u0026 apk add --no-cache curl ca-certificates # buildkit", + "comment": "buildkit.dockerfile.v0" + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1", + "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8", + "sha256:a1de419deb2439bf43af32ecd89cbdf0ca2aaa6faacf582011c37b5201a532e7", + "sha256:ad5fa0a24cd87e37fb848811a92c2a08f294e35e0cf5da9c1869b6c91a076505", + "sha256:6f189167f676fd6d05ce1e4077551cd67098c61e7e6a74ef470628be9a811b48", + "sha256:6b7f4e280528c3a7b1708bb91457637bbe8067349b8237c0a74e21e81bdf9ac0", + "sha256:ffd61943588a7a1e97a432e5c4e60e10844afe2933a16a32c14d8fdf5f3c5b32", + "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + ] + }, + "config": { + "Cmd": [ + "nginx", + "-g", + "daemon off;" + ], + "Entrypoint": [ + "/docker-entrypoint.sh" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "NGINX_VERSION=1.30.1", + "PKG_RELEASE=1", + "DYNPKG_RELEASE=1", + "NJS_VERSION=0.9.9", + "NJS_RELEASE=1", + "ACME_VERSION=0.4.1" + ], + "Labels": { + "maintainer": "NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e" + }, + "WorkingDir": "/", + "ExposedPorts": { + "80/tcp": {} + }, + "StopSignal": "SIGQUIT" + } + }, + "Layers": [ + { + "Size": 8732160, + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + { + "Size": 4737536, + "Digest": "sha256:2761f2b929073faf02088d1cd321e4cdd3134ccb2eb483426a89aa7a29d17031", + "DiffID": "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8" + }, + { + "Size": 3584, + "Digest": "sha256:9819a9bca5c765aec514db7e90c3dee6d699c76a611b592d388629f4b0f665eb", + "DiffID": "sha256:a1de419deb2439bf43af32ecd89cbdf0ca2aaa6faacf582011c37b5201a532e7" + }, + { + "Size": 4608, + "Digest": "sha256:9097b7c36bd7225e6e955ae7f0a02738f22dec88330b0816aa0c026386c1db79", + "DiffID": "sha256:ad5fa0a24cd87e37fb848811a92c2a08f294e35e0cf5da9c1869b6c91a076505" + }, + { + "Size": 2560, + "Digest": "sha256:d5e180c5634daea39efda1a8d35ea781126257c98fa38cd0374f6edcaa86a6e2", + "DiffID": "sha256:6f189167f676fd6d05ce1e4077551cd67098c61e7e6a74ef470628be9a811b48" + }, + { + "Size": 5120, + "Digest": "sha256:61194bdf8809d67a4145f10fb09173c8e7a28b51da484e25eece0ba02643fa88", + "DiffID": "sha256:6b7f4e280528c3a7b1708bb91457637bbe8067349b8237c0a74e21e81bdf9ac0" + }, + { + "Size": 7168, + "Digest": "sha256:6b213b30736dba71e4c92b43e31901658ff70cb96e46524740dce204b477c616", + "DiffID": "sha256:ffd61943588a7a1e97a432e5c4e60e10844afe2933a16a32c14d8fdf5f3c5b32" + }, + { + "Size": 50155520, + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + } + ] + } + ], + "Results": [ + { + "Target": "nginx:stable-alpine (alpine 3.23.4)", + "Class": "os-pkgs", + "Type": "alpine", + "Packages": [ + { + "ID": "alpine-baselayout@3.7.2-r0", + "Name": "alpine-baselayout", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout@3.7.2-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "ff3090489ca40326" + }, + "Version": "3.7.2-r0", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.7.2-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-baselayout-data@3.7.2-r0", + "busybox-binsh@1.37.0-r30" + ], + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:545aa6f291209af89932b761d9e422c2778596cc", + "InstalledFiles": [ + "etc/motd", + "etc/crontabs/root", + "etc/modprobe.d/aliases.conf", + "etc/modprobe.d/blacklist.conf", + "etc/modprobe.d/i386.conf", + "etc/profile.d/20locale.sh", + "etc/profile.d/README", + "etc/profile.d/color_prompt.sh.disabled", + "usr/lib/sysctl.d/00-alpine.conf", + "var/lock", + "var/run", + "var/spool/mail", + "var/spool/cron/crontabs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-baselayout-data@3.7.2-r0", + "Name": "alpine-baselayout-data", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.7.2-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "78c0ed61d7df9a7e" + }, + "Version": "3.7.2-r0", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.7.2-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:85816632dbce07ba7e9e7a629fa59eddbd1687fb", + "InstalledFiles": [ + "etc/fstab", + "etc/group", + "etc/hostname", + "etc/hosts", + "etc/inittab", + "etc/modules", + "etc/mtab", + "etc/nsswitch.conf", + "etc/passwd", + "etc/profile", + "etc/protocols", + "etc/services", + "etc/shadow", + "etc/shells", + "etc/sysctl.conf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-keys@2.6-r0", + "Name": "alpine-keys", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-keys@2.6-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "2c7cb90de388aa7d" + }, + "Version": "2.6-r0", + "Arch": "x86_64", + "SrcName": "alpine-keys", + "SrcVersion": "2.6-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:5c45a821cd6b84d543bbd7ff12a7de1855c5cd13", + "InstalledFiles": [ + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/loongarch64/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", + "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-release@3.23.4-r0", + "Name": "alpine-release", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-release@3.23.4-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "114fb0bc8cc9ff31" + }, + "Version": "3.23.4-r0", + "Arch": "x86_64", + "SrcName": "alpine-base", + "SrcVersion": "3.23.4-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-keys@2.6-r0" + ], + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:7ff0b58e52211bb31a84e2afdbcbff0620df55a1", + "InstalledFiles": [ + "etc/alpine-release", + "etc/issue", + "etc/os-release", + "etc/secfixes.d/alpine", + "usr/lib/os-release" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "aom-libs@3.13.1-r1", + "Name": "aom-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/aom-libs@3.13.1-r1?arch=x86_64\u0026distro=3.23.4", + "UID": "5c2e206a9e097520" + }, + "Version": "3.13.1-r1", + "Arch": "x86_64", + "SrcName": "aom", + "SrcVersion": "3.13.1-r1", + "Licenses": [ + "BSD-2-Clause", + "custom" + ], + "Maintainer": "Oleg Titov \u003coleg.titov@gmail.com\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:97b0c2dffcef97a0253876d015ca217de10b216a", + "InstalledFiles": [ + "usr/lib/libaom.so.3", + "usr/lib/libaom.so.3.13.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "apk-tools@3.0.6-r0", + "Name": "apk-tools", + "Identifier": { + "PURL": "pkg:apk/alpine/apk-tools@3.0.6-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "760256a5bdd94a07" + }, + "Version": "3.0.6-r0", + "Arch": "x86_64", + "SrcName": "apk-tools", + "SrcVersion": "3.0.6-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "ca-certificates-bundle@20260413-r0", + "libapk@3.0.6-r0", + "libcrypto3@3.5.6-r0", + "musl@1.2.5-r23", + "zlib@1.3.2-r0" + ], + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:86f3b3ef94d1cb213a4ed1187b34a6bb9f593033", + "InstalledFiles": [ + "sbin/apk" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "brotli-libs@1.2.0-r0", + "Name": "brotli-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/brotli-libs@1.2.0-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "234da2b3c350083b" + }, + "Version": "1.2.0-r0", + "Arch": "x86_64", + "SrcName": "brotli", + "SrcVersion": "1.2.0-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "prspkt \u003cprspkt@protonmail.com\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:0814694602f35d2741e916fdcb4c9a1e0ec50b42", + "InstalledFiles": [ + "usr/lib/libbrotlicommon.so.1", + "usr/lib/libbrotlicommon.so.1.2.0", + "usr/lib/libbrotlidec.so.1", + "usr/lib/libbrotlidec.so.1.2.0", + "usr/lib/libbrotlienc.so.1", + "usr/lib/libbrotlienc.so.1.2.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox@1.37.0-r30", + "Name": "busybox", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox@1.37.0-r30?arch=x86_64\u0026distro=3.23.4", + "UID": "9647681d0b54db77" + }, + "Version": "1.37.0-r30", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r30", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:f1347801bb96b1aa40d17f82237c3f4ff02a4725", + "InstalledFiles": [ + "bin/busybox", + "etc/securetty", + "etc/busybox-paths.d/busybox", + "etc/logrotate.d/acpid", + "etc/network/if-up.d/dad", + "etc/udhcpc/udhcpc.conf", + "usr/share/udhcpc/default.script" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox-binsh@1.37.0-r30", + "Name": "busybox-binsh", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r30?arch=x86_64\u0026distro=3.23.4", + "UID": "3e18d05d46a6f46f" + }, + "Version": "1.37.0-r30", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r30", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "busybox@1.37.0-r30" + ], + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:188d2d0110afa58e8a3e3e5fd424b2d996df7a09", + "InstalledFiles": [ + "bin/sh" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "c-ares@1.34.6-r0", + "Name": "c-ares", + "Identifier": { + "PURL": "pkg:apk/alpine/c-ares@1.34.6-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "5be96d5420bec243" + }, + "Version": "1.34.6-r0", + "Arch": "x86_64", + "SrcName": "c-ares", + "SrcVersion": "1.34.6-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:e3bb3ff47a277ff9409b8c4bb825099cfe2bcbe2", + "InstalledFiles": [ + "usr/lib/libcares.so.2", + "usr/lib/libcares.so.2.19.5" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates@20260413-r0", + "Name": "ca-certificates", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates@20260413-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "63ca5aff4886266d" + }, + "Version": "20260413-r0", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20260413-r0", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r30", + "libcrypto3@3.5.6-r0", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:af25e0f0a0412b141942909ed199144cc46f5bbc", + "InstalledFiles": [ + "etc/ca-certificates.conf", + "etc/apk/protected_paths.d/ca-certificates.list", + "etc/ca-certificates/update.d/certhash", + "usr/bin/c_rehash", + "usr/sbin/update-ca-certificates", + "usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", + "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", + "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", + "usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", + "usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", + "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", + "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", + "usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", + "usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", + "usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", + "usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", + "usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", + "usr/share/ca-certificates/mozilla/Certigna.crt", + "usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_2_2023.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_2_2023.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", + "usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", + "usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", + "usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", + "usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", + "usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", + "usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", + "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", + "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", + "usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", + "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", + "usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", + "usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/Izenpe.com.crt", + "usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", + "usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", + "usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", + "usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", + "usr/share/ca-certificates/mozilla/OISTE_Server_Root_ECC_G1.crt", + "usr/share/ca-certificates/mozilla/OISTE_Server_Root_RSA_G1.crt", + "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", + "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", + "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", + "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", + "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", + "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", + "usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", + "usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", + "usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", + "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", + "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", + "usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", + "usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", + "usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", + "usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", + "usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", + "usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", + "usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", + "usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", + "usr/share/ca-certificates/mozilla/SwissSign_RSA_TLS_Root_CA_2022_-_1.crt", + "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", + "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", + "usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", + "usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", + "usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", + "usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", + "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", + "usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", + "usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_TLS_ECC_Root_CA.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_TLS_RSA_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", + "usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", + "usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", + "usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", + "usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", + "usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", + "usr/share/ca-certificates/mozilla/e-Szigno_TLS_Root_CA_2023.crt", + "usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", + "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", + "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", + "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", + "usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", + "usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates-bundle@20260413-r0", + "Name": "ca-certificates-bundle", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates-bundle@20260413-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "d9471547e8751507" + }, + "Version": "20260413-r0", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20260413-r0", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:44c90827e10115cb6afec51081cb26785dc8f418", + "InstalledFiles": [ + "etc/ssl/cert.pem", + "etc/ssl/certs/ca-certificates.crt", + "etc/ssl1.1/cert.pem", + "etc/ssl1.1/certs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "curl@8.19.0-r0", + "Name": "curl", + "Identifier": { + "PURL": "pkg:apk/alpine/curl@8.19.0-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "f9ecf01e03ce7fef" + }, + "Version": "8.19.0-r0", + "Arch": "x86_64", + "SrcName": "curl", + "SrcVersion": "8.19.0-r0", + "Licenses": [ + "curl" + ], + "Maintainer": "Achill Gilgenast \u003cachill@achill.org\u003e", + "DependsOn": [ + "libcurl@8.19.0-r0", + "musl@1.2.5-r23", + "zlib@1.3.2-r0" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:812f1083cfc10c65b05b05bb4adfa3acb5cf6058", + "InstalledFiles": [ + "usr/bin/curl", + "usr/bin/wcurl" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "fontconfig@2.17.1-r0", + "Name": "fontconfig", + "Identifier": { + "PURL": "pkg:apk/alpine/fontconfig@2.17.1-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "d805dd422ee9c232" + }, + "Version": "2.17.1-r0", + "Arch": "x86_64", + "SrcName": "fontconfig", + "SrcVersion": "2.17.1-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r30", + "freetype@2.14.1-r0", + "libexpat@2.7.5-r0", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:8037b007516a65d246442a781a05f627073394d0", + "InstalledFiles": [ + "etc/fonts/fonts.conf", + "etc/fonts/conf.d/10-hinting-slight.conf", + "etc/fonts/conf.d/10-scale-bitmap-fonts.conf", + "etc/fonts/conf.d/10-sub-pixel-none.conf", + "etc/fonts/conf.d/10-yes-antialias.conf", + "etc/fonts/conf.d/11-lcdfilter-default.conf", + "etc/fonts/conf.d/20-unhint-small-vera.conf", + "etc/fonts/conf.d/30-metric-aliases.conf", + "etc/fonts/conf.d/40-nonlatin.conf", + "etc/fonts/conf.d/45-generic.conf", + "etc/fonts/conf.d/45-latin.conf", + "etc/fonts/conf.d/48-spacing.conf", + "etc/fonts/conf.d/49-sansserif.conf", + "etc/fonts/conf.d/50-user.conf", + "etc/fonts/conf.d/51-local.conf", + "etc/fonts/conf.d/60-generic.conf", + "etc/fonts/conf.d/60-latin.conf", + "etc/fonts/conf.d/65-fonts-persian.conf", + "etc/fonts/conf.d/65-nonlatin.conf", + "etc/fonts/conf.d/69-unifont.conf", + "etc/fonts/conf.d/70-no-bitmaps-except-emoji.conf", + "etc/fonts/conf.d/80-delicious.conf", + "etc/fonts/conf.d/90-synthetic.conf", + "etc/fonts/conf.d/README", + "usr/bin/fc-cache", + "usr/bin/fc-cat", + "usr/bin/fc-conflist", + "usr/bin/fc-list", + "usr/bin/fc-match", + "usr/bin/fc-pattern", + "usr/bin/fc-query", + "usr/bin/fc-scan", + "usr/bin/fc-validate", + "usr/lib/libfontconfig.so.1", + "usr/lib/libfontconfig.so.1.16.1", + "usr/share/fontconfig/conf.avail/05-reset-dirs-sample.conf", + "usr/share/fontconfig/conf.avail/09-autohint-if-no-hinting.conf", + "usr/share/fontconfig/conf.avail/10-autohint.conf", + "usr/share/fontconfig/conf.avail/10-hinting-full.conf", + "usr/share/fontconfig/conf.avail/10-hinting-medium.conf", + "usr/share/fontconfig/conf.avail/10-hinting-none.conf", + "usr/share/fontconfig/conf.avail/10-hinting-slight.conf", + "usr/share/fontconfig/conf.avail/10-no-antialias.conf", + "usr/share/fontconfig/conf.avail/10-scale-bitmap-fonts.conf", + "usr/share/fontconfig/conf.avail/10-sub-pixel-bgr.conf", + "usr/share/fontconfig/conf.avail/10-sub-pixel-none.conf", + "usr/share/fontconfig/conf.avail/10-sub-pixel-rgb.conf", + "usr/share/fontconfig/conf.avail/10-sub-pixel-vbgr.conf", + "usr/share/fontconfig/conf.avail/10-sub-pixel-vrgb.conf", + "usr/share/fontconfig/conf.avail/10-unhinted.conf", + "usr/share/fontconfig/conf.avail/10-yes-antialias.conf", + "usr/share/fontconfig/conf.avail/11-lcdfilter-default.conf", + "usr/share/fontconfig/conf.avail/11-lcdfilter-legacy.conf", + "usr/share/fontconfig/conf.avail/11-lcdfilter-light.conf", + "usr/share/fontconfig/conf.avail/11-lcdfilter-none.conf", + "usr/share/fontconfig/conf.avail/20-unhint-small-vera.conf", + "usr/share/fontconfig/conf.avail/25-unhint-nonlatin.conf", + "usr/share/fontconfig/conf.avail/30-metric-aliases.conf", + "usr/share/fontconfig/conf.avail/35-lang-normalize.conf", + "usr/share/fontconfig/conf.avail/40-nonlatin.conf", + "usr/share/fontconfig/conf.avail/45-generic.conf", + "usr/share/fontconfig/conf.avail/45-latin.conf", + "usr/share/fontconfig/conf.avail/48-guessfamily.conf", + "usr/share/fontconfig/conf.avail/48-spacing.conf", + "usr/share/fontconfig/conf.avail/49-sansserif.conf", + "usr/share/fontconfig/conf.avail/50-user.conf", + "usr/share/fontconfig/conf.avail/51-local.conf", + "usr/share/fontconfig/conf.avail/60-generic.conf", + "usr/share/fontconfig/conf.avail/60-latin.conf", + "usr/share/fontconfig/conf.avail/65-fonts-persian.conf", + "usr/share/fontconfig/conf.avail/65-khmer.conf", + "usr/share/fontconfig/conf.avail/65-nonlatin.conf", + "usr/share/fontconfig/conf.avail/69-unifont.conf", + "usr/share/fontconfig/conf.avail/70-no-bitmaps-and-emoji.conf", + "usr/share/fontconfig/conf.avail/70-no-bitmaps-except-emoji.conf", + "usr/share/fontconfig/conf.avail/70-no-bitmaps.conf", + "usr/share/fontconfig/conf.avail/70-yes-bitmaps.conf", + "usr/share/fontconfig/conf.avail/80-delicious.conf", + "usr/share/fontconfig/conf.avail/90-synthetic.conf", + "usr/share/xml/fontconfig/fonts.dtd" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "freetype@2.14.1-r0", + "Name": "freetype", + "Identifier": { + "PURL": "pkg:apk/alpine/freetype@2.14.1-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "d0ae0a3d160c9ff2" + }, + "Version": "2.14.1-r0", + "Arch": "x86_64", + "SrcName": "freetype", + "SrcVersion": "2.14.1-r0", + "Licenses": [ + "FTL", + "GPL-2.0-or-later" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "brotli-libs@1.2.0-r0", + "libbz2@1.0.8-r6", + "libpng@1.6.58-r1", + "musl@1.2.5-r23", + "zlib@1.3.2-r0" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:e227f29a00edd7ed5b1e62a050da6532183e60be", + "InstalledFiles": [ + "usr/lib/libfreetype.so.6", + "usr/lib/libfreetype.so.6.20.4" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "geoip@1.6.12-r6", + "Name": "geoip", + "Identifier": { + "PURL": "pkg:apk/alpine/geoip@1.6.12-r6?arch=x86_64\u0026distro=3.23.4", + "UID": "e21c96f348abf9a7" + }, + "Version": "1.6.12-r6", + "Arch": "x86_64", + "SrcName": "geoip", + "SrcVersion": "1.6.12-r6", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Leonardo Arena \u003crnalrd@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:8f2ea64ecb173949f03ec2371db4b534f142450f", + "InstalledFiles": [ + "usr/bin/geoiplookup", + "usr/bin/geoiplookup6", + "usr/lib/libGeoIP.so.1", + "usr/lib/libGeoIP.so.1.6.12" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "gettext-envsubst@0.24.1-r1", + "Name": "gettext-envsubst", + "Identifier": { + "PURL": "pkg:apk/alpine/gettext-envsubst@0.24.1-r1?arch=x86_64\u0026distro=3.23.4", + "UID": "74b745a88adcfea9" + }, + "Version": "0.24.1-r1", + "Arch": "x86_64", + "SrcName": "gettext", + "SrcVersion": "0.24.1-r1", + "Licenses": [ + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "MIT" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "libintl@0.24.1-r1", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:2761f2b929073faf02088d1cd321e4cdd3134ccb2eb483426a89aa7a29d17031", + "DiffID": "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8" + }, + "Digest": "sha1:7593f7d82a7c943f0114a5f700788c53afb8a554", + "InstalledFiles": [ + "usr/bin/envsubst" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libapk@3.0.6-r0", + "Name": "libapk", + "Identifier": { + "PURL": "pkg:apk/alpine/libapk@3.0.6-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "47dcfb9093b112c1" + }, + "Version": "3.0.6-r0", + "Arch": "x86_64", + "SrcName": "apk-tools", + "SrcVersion": "3.0.6-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcrypto3@3.5.6-r0", + "libssl3@3.5.6-r0", + "musl@1.2.5-r23", + "zlib@1.3.2-r0" + ], + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:f064c8318c4f7f17da6a490921ce0d5e709fc063", + "InstalledFiles": [ + "usr/lib/libapk.so.3.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libavif@1.3.0-r0", + "Name": "libavif", + "Identifier": { + "PURL": "pkg:apk/alpine/libavif@1.3.0-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "655cdbc6c9ce9e5b" + }, + "Version": "1.3.0-r0", + "Arch": "x86_64", + "SrcName": "libavif", + "SrcVersion": "1.3.0-r0", + "Licenses": [ + "BSD-2-Clause" + ], + "Maintainer": "Bart Ribbers \u003cbribbers@disroot.org\u003e", + "DependsOn": [ + "aom-libs@3.13.1-r1", + "libdav1d@1.5.2-r0", + "libyuv@0.0.1887.20251502-r1", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:6e0e61c8a9d1cb5a4a5f3faa64fb597844614f93", + "InstalledFiles": [ + "usr/lib/libavif.so.16", + "usr/lib/libavif.so.16.3.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libbsd@0.12.2-r0", + "Name": "libbsd", + "Identifier": { + "PURL": "pkg:apk/alpine/libbsd@0.12.2-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "dd77a74c79623bb3" + }, + "Version": "0.12.2-r0", + "Arch": "x86_64", + "SrcName": "libbsd", + "SrcVersion": "0.12.2-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libmd@1.1.0-r0", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:33970b157edad359d05a2c3e6f3460e725549c8b", + "InstalledFiles": [ + "usr/lib/libbsd.so.0", + "usr/lib/libbsd.so.0.12.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libbz2@1.0.8-r6", + "Name": "libbz2", + "Identifier": { + "PURL": "pkg:apk/alpine/libbz2@1.0.8-r6?arch=x86_64\u0026distro=3.23.4", + "UID": "d5d1649d0ebe2b41" + }, + "Version": "1.0.8-r6", + "Arch": "x86_64", + "SrcName": "bzip2", + "SrcVersion": "1.0.8-r6", + "Licenses": [ + "bzip-2-1.0.6" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:864d363da11ee24c7920e0d052d2da7f8429251e", + "InstalledFiles": [ + "usr/lib/libbz2.so.1", + "usr/lib/libbz2.so.1.0.8" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcrypto3@3.5.6-r0", + "Name": "libcrypto3", + "Identifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.6-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "975680d851f10fda" + }, + "Version": "3.5.6-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.5.6-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:9e7a866d0d052d290d3f9d621a4c89214188acff", + "InstalledFiles": [ + "etc/ssl/ct_log_list.cnf", + "etc/ssl/ct_log_list.cnf.dist", + "etc/ssl/openssl.cnf", + "etc/ssl/openssl.cnf.dist", + "usr/lib/libcrypto.so.3", + "usr/lib/engines-3/afalg.so", + "usr/lib/engines-3/capi.so", + "usr/lib/engines-3/loader_attic.so", + "usr/lib/engines-3/padlock.so", + "usr/lib/ossl-modules/legacy.so" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcurl@8.19.0-r0", + "Name": "libcurl", + "Identifier": { + "PURL": "pkg:apk/alpine/libcurl@8.19.0-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "ae99b13d03576e54" + }, + "Version": "8.19.0-r0", + "Arch": "x86_64", + "SrcName": "curl", + "SrcVersion": "8.19.0-r0", + "Licenses": [ + "curl" + ], + "Maintainer": "Achill Gilgenast \u003cachill@achill.org\u003e", + "DependsOn": [ + "brotli-libs@1.2.0-r0", + "c-ares@1.34.6-r0", + "ca-certificates-bundle@20260413-r0", + "libcrypto3@3.5.6-r0", + "libidn2@2.3.8-r0", + "libpsl@0.21.5-r3", + "libssl3@3.5.6-r0", + "musl@1.2.5-r23", + "nghttp2-libs@1.69.0-r0", + "zlib@1.3.2-r0", + "zstd-libs@1.5.7-r2" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:c833586b6e5dcd4a10da7cf354b01d9e0ee10da8", + "InstalledFiles": [ + "usr/lib/libcurl.so.4", + "usr/lib/libcurl.so.4.8.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libdav1d@1.5.2-r0", + "Name": "libdav1d", + "Identifier": { + "PURL": "pkg:apk/alpine/libdav1d@1.5.2-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "470e133c6bf6f9c4" + }, + "Version": "1.5.2-r0", + "Arch": "x86_64", + "SrcName": "dav1d", + "SrcVersion": "1.5.2-r0", + "Licenses": [ + "BSD-2-Clause" + ], + "Maintainer": "Bart Ribbers \u003cbribbers@disroot.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:62a9676453a8b99cfb42148cfd26df3b964bcc1b", + "InstalledFiles": [ + "usr/lib/libdav1d.so.7", + "usr/lib/libdav1d.so.7.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libedit@20251016.3.1-r0", + "Name": "libedit", + "Identifier": { + "PURL": "pkg:apk/alpine/libedit@20251016.3.1-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "4cd9b43219994542" + }, + "Version": "20251016.3.1-r0", + "Arch": "x86_64", + "SrcName": "libedit", + "SrcVersion": "20251016.3.1-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Celeste \u003ccielesti@protonmail.com\u003e", + "DependsOn": [ + "libncursesw@6.5_p20251123-r0", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:463f69335a3223b1ce6856ce3bef5c03fee721bf", + "InstalledFiles": [ + "usr/lib/libedit.so.0", + "usr/lib/libedit.so.0.0.76" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libexpat@2.7.5-r0", + "Name": "libexpat", + "Identifier": { + "PURL": "pkg:apk/alpine/libexpat@2.7.5-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "28e722d1da61bc2e" + }, + "Version": "2.7.5-r0", + "Arch": "x86_64", + "SrcName": "expat", + "SrcVersion": "2.7.5-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:5760d53ddd7cca8a742c672e4e00a475718eacaa", + "InstalledFiles": [ + "usr/lib/libexpat.so.1", + "usr/lib/libexpat.so.1.11.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libgcc@15.2.0-r2", + "Name": "libgcc", + "Identifier": { + "PURL": "pkg:apk/alpine/libgcc@15.2.0-r2?arch=x86_64\u0026distro=3.23.4", + "UID": "89fff20701e56ab7" + }, + "Version": "15.2.0-r2", + "Arch": "x86_64", + "SrcName": "gcc", + "SrcVersion": "15.2.0-r2", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:57fccbe9eebf23f2c4f38ee2a24f8b0bdd508ff7", + "InstalledFiles": [ + "usr/lib/libgcc_s.so.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libgd@2.3.3-r10", + "Name": "libgd", + "Identifier": { + "PURL": "pkg:apk/alpine/libgd@2.3.3-r10?arch=x86_64\u0026distro=3.23.4", + "UID": "b67312ef2319dd49" + }, + "Version": "2.3.3-r10", + "Arch": "x86_64", + "SrcName": "gd", + "SrcVersion": "2.3.3-r10", + "Licenses": [ + "GD" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "fontconfig@2.17.1-r0", + "freetype@2.14.1-r0", + "libavif@1.3.0-r0", + "libjpeg-turbo@3.1.2-r0", + "libpng@1.6.58-r1", + "libwebp@1.6.0-r0", + "libxpm@3.5.19-r0", + "musl@1.2.5-r23", + "tiff@4.7.1-r0", + "zlib@1.3.2-r0" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:948454e00c660b6ddf1338a857959222f0888336", + "InstalledFiles": [ + "usr/lib/libgd.so.3", + "usr/lib/libgd.so.3.0.11" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libice@1.1.2-r0", + "Name": "libice", + "Identifier": { + "PURL": "pkg:apk/alpine/libice@1.1.2-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "3348caa25e2ecdc4" + }, + "Version": "1.1.2-r0", + "Arch": "x86_64", + "SrcName": "libice", + "SrcVersion": "1.1.2-r0", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:997a01303f63cee0ba9773f0cd9b26b2eb5e6ace", + "InstalledFiles": [ + "usr/lib/libICE.so.6", + "usr/lib/libICE.so.6.3.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libidn2@2.3.8-r0", + "Name": "libidn2", + "Identifier": { + "PURL": "pkg:apk/alpine/libidn2@2.3.8-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "f2e21ad261c22630" + }, + "Version": "2.3.8-r0", + "Arch": "x86_64", + "SrcName": "libidn2", + "SrcVersion": "2.3.8-r0", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libunistring@1.4.1-r0", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:b8c5bfa365da5c360a01230db4d71e65af94af3d", + "InstalledFiles": [ + "usr/lib/libidn2.so.0", + "usr/lib/libidn2.so.0.4.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libintl@0.24.1-r1", + "Name": "libintl", + "Identifier": { + "PURL": "pkg:apk/alpine/libintl@0.24.1-r1?arch=x86_64\u0026distro=3.23.4", + "UID": "6b922bec7f8abaa" + }, + "Version": "0.24.1-r1", + "Arch": "x86_64", + "SrcName": "gettext", + "SrcVersion": "0.24.1-r1", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:2761f2b929073faf02088d1cd321e4cdd3134ccb2eb483426a89aa7a29d17031", + "DiffID": "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8" + }, + "Digest": "sha1:0222324bb4dfd35e8a3ec821c86eb5afbd43a3af", + "InstalledFiles": [ + "usr/lib/libintl.so.8", + "usr/lib/libintl.so.8.4.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libjpeg-turbo@3.1.2-r0", + "Name": "libjpeg-turbo", + "Identifier": { + "PURL": "pkg:apk/alpine/libjpeg-turbo@3.1.2-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "76e9eea31b92641e" + }, + "Version": "3.1.2-r0", + "Arch": "x86_64", + "SrcName": "libjpeg-turbo", + "SrcVersion": "3.1.2-r0", + "Licenses": [ + "BSD-3-Clause", + "IJG", + "Zlib" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:aa025fb7ecf9bd65ef2afe47e3740639521e09ce", + "InstalledFiles": [ + "usr/lib/libjpeg.so.8", + "usr/lib/libjpeg.so.8.3.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libmd@1.1.0-r0", + "Name": "libmd", + "Identifier": { + "PURL": "pkg:apk/alpine/libmd@1.1.0-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "53cb33d88e504fac" + }, + "Version": "1.1.0-r0", + "Arch": "x86_64", + "SrcName": "libmd", + "SrcVersion": "1.1.0-r0", + "Licenses": [ + "BSD-3-Clause", + "BSD-2-Clause", + "ISC", + "Beerware", + "Public", + "Domain" + ], + "Maintainer": "omni \u003comni+alpine@hack.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:ce7c57bd1f6628da8ba0d3f2ac18f6d8c93c0346", + "InstalledFiles": [ + "usr/lib/libmd.so.0", + "usr/lib/libmd.so.0.1.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libncursesw@6.5_p20251123-r0", + "Name": "libncursesw", + "Identifier": { + "PURL": "pkg:apk/alpine/libncursesw@6.5_p20251123-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "edc30eb15f442d49" + }, + "Version": "6.5_p20251123-r0", + "Arch": "x86_64", + "SrcName": "ncurses", + "SrcVersion": "6.5_p20251123-r0", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23", + "ncurses-terminfo-base@6.5_p20251123-r0" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:649d3041c52b80620fb50a98f5979d25ebbe1523", + "InstalledFiles": [ + "usr/lib/libncursesw.so.6", + "usr/lib/libncursesw.so.6.5" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libpng@1.6.58-r1", + "Name": "libpng", + "Identifier": { + "PURL": "pkg:apk/alpine/libpng@1.6.58-r1?arch=x86_64\u0026distro=3.23.4", + "UID": "f22fca42d750ae4d" + }, + "Version": "1.6.58-r1", + "Arch": "x86_64", + "SrcName": "libpng", + "SrcVersion": "1.6.58-r1", + "Licenses": [ + "Libpng" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23", + "zlib@1.3.2-r0" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:2dce71ea975aa82cbbcfcaac80af209bc84dd3c8", + "InstalledFiles": [ + "usr/lib/libpng16.so.16", + "usr/lib/libpng16.so.16.58.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libpsl@0.21.5-r3", + "Name": "libpsl", + "Identifier": { + "PURL": "pkg:apk/alpine/libpsl@0.21.5-r3?arch=x86_64\u0026distro=3.23.4", + "UID": "3b2044e446534821" + }, + "Version": "0.21.5-r3", + "Arch": "x86_64", + "SrcName": "libpsl", + "SrcVersion": "0.21.5-r3", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libidn2@2.3.8-r0", + "libunistring@1.4.1-r0", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:b663c00f920a93be49c825555aa1a212e4287393", + "InstalledFiles": [ + "usr/lib/libpsl.so.5", + "usr/lib/libpsl.so.5.3.5" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libsharpyuv@1.6.0-r0", + "Name": "libsharpyuv", + "Identifier": { + "PURL": "pkg:apk/alpine/libsharpyuv@1.6.0-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "73fb52723f19371d" + }, + "Version": "1.6.0-r0", + "Arch": "x86_64", + "SrcName": "libwebp", + "SrcVersion": "1.6.0-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:9bbf3958ac62e163084cde753276246e56ff298b", + "InstalledFiles": [ + "usr/lib/libsharpyuv.so.0", + "usr/lib/libsharpyuv.so.0.1.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libsm@1.2.6-r0", + "Name": "libsm", + "Identifier": { + "PURL": "pkg:apk/alpine/libsm@1.2.6-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "5b884a45ca171ccf" + }, + "Version": "1.2.6-r0", + "Arch": "x86_64", + "SrcName": "libsm", + "SrcVersion": "1.2.6-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libice@1.1.2-r0", + "libuuid@2.41.4-r0", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:244b3b3e68f3c6c11c6202320109d460a2498e76", + "InstalledFiles": [ + "usr/lib/libSM.so.6", + "usr/lib/libSM.so.6.0.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libssl3@3.5.6-r0", + "Name": "libssl3", + "Identifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.6-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "aece396067dff154" + }, + "Version": "3.5.6-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.5.6-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcrypto3@3.5.6-r0", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:5a2620d507434903b747470a76b47e24b222de5e", + "InstalledFiles": [ + "usr/lib/libssl.so.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libstdc++@15.2.0-r2", + "Name": "libstdc++", + "Identifier": { + "PURL": "pkg:apk/alpine/libstdc%2B%2B@15.2.0-r2?arch=x86_64\u0026distro=3.23.4", + "UID": "3ff8ae215a6a54a6" + }, + "Version": "15.2.0-r2", + "Arch": "x86_64", + "SrcName": "gcc", + "SrcVersion": "15.2.0-r2", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", + "DependsOn": [ + "libgcc@15.2.0-r2", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:528d77417a16706468af852f2859ad00f176e266", + "InstalledFiles": [ + "usr/lib/libstdc++.so.6", + "usr/lib/libstdc++.so.6.0.34" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libunistring@1.4.1-r0", + "Name": "libunistring", + "Identifier": { + "PURL": "pkg:apk/alpine/libunistring@1.4.1-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "97a3c9b2cf3d0f9e" + }, + "Version": "1.4.1-r0", + "Arch": "x86_64", + "SrcName": "libunistring", + "SrcVersion": "1.4.1-r0", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:6e56562bde456bee5971787d3d95c34e84ced797", + "InstalledFiles": [ + "usr/lib/libunistring.so.5", + "usr/lib/libunistring.so.5.2.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libuuid@2.41.4-r0", + "Name": "libuuid", + "Identifier": { + "PURL": "pkg:apk/alpine/libuuid@2.41.4-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "833419752375af8a" + }, + "Version": "2.41.4-r0", + "Arch": "x86_64", + "SrcName": "util-linux", + "SrcVersion": "2.41.4-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:d03966d821a1d9454e5576f96ec455824112fe46", + "InstalledFiles": [ + "usr/lib/libuuid.so.1", + "usr/lib/libuuid.so.1.3.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libwebp@1.6.0-r0", + "Name": "libwebp", + "Identifier": { + "PURL": "pkg:apk/alpine/libwebp@1.6.0-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "cf3db5e019392979" + }, + "Version": "1.6.0-r0", + "Arch": "x86_64", + "SrcName": "libwebp", + "SrcVersion": "1.6.0-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libsharpyuv@1.6.0-r0", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:46f79fe406ce611058a6c0ce995ebe85f7b73c7a", + "InstalledFiles": [ + "usr/lib/libwebp.so.7", + "usr/lib/libwebp.so.7.2.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libx11@1.8.12-r1", + "Name": "libx11", + "Identifier": { + "PURL": "pkg:apk/alpine/libx11@1.8.12-r1?arch=x86_64\u0026distro=3.23.4", + "UID": "e8538d9e85dca6bf" + }, + "Version": "1.8.12-r1", + "Arch": "x86_64", + "SrcName": "libx11", + "SrcVersion": "1.8.12-r1", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libxcb@1.17.0-r1", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:689b36ec47d6c9abb9cbd0c7067ba4636568dbd5", + "InstalledFiles": [ + "usr/lib/libX11-xcb.so.1", + "usr/lib/libX11-xcb.so.1.0.0", + "usr/lib/libX11.so.6", + "usr/lib/libX11.so.6.4.0", + "usr/share/X11/XErrorDB", + "usr/share/X11/Xcms.txt", + "usr/share/X11/locale/compose.dir", + "usr/share/X11/locale/locale.alias", + "usr/share/X11/locale/locale.dir", + "usr/share/X11/locale/C/Compose", + "usr/share/X11/locale/C/XI18N_OBJS", + "usr/share/X11/locale/C/XLC_LOCALE", + "usr/share/X11/locale/am_ET.UTF-8/Compose", + "usr/share/X11/locale/am_ET.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/am_ET.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/armscii-8/Compose", + "usr/share/X11/locale/armscii-8/XI18N_OBJS", + "usr/share/X11/locale/armscii-8/XLC_LOCALE", + "usr/share/X11/locale/cs_CZ.UTF-8/Compose", + "usr/share/X11/locale/cs_CZ.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/cs_CZ.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/el_GR.UTF-8/Compose", + "usr/share/X11/locale/el_GR.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/el_GR.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/en_US.UTF-8/Compose", + "usr/share/X11/locale/en_US.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/en_US.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/fi_FI.UTF-8/Compose", + "usr/share/X11/locale/fi_FI.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/fi_FI.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/georgian-academy/Compose", + "usr/share/X11/locale/georgian-academy/XI18N_OBJS", + "usr/share/X11/locale/georgian-academy/XLC_LOCALE", + "usr/share/X11/locale/georgian-ps/Compose", + "usr/share/X11/locale/georgian-ps/XI18N_OBJS", + "usr/share/X11/locale/georgian-ps/XLC_LOCALE", + "usr/share/X11/locale/ibm-cp1133/Compose", + "usr/share/X11/locale/ibm-cp1133/XI18N_OBJS", + "usr/share/X11/locale/ibm-cp1133/XLC_LOCALE", + "usr/share/X11/locale/iscii-dev/Compose", + "usr/share/X11/locale/iscii-dev/XI18N_OBJS", + "usr/share/X11/locale/iscii-dev/XLC_LOCALE", + "usr/share/X11/locale/isiri-3342/Compose", + "usr/share/X11/locale/isiri-3342/XI18N_OBJS", + "usr/share/X11/locale/isiri-3342/XLC_LOCALE", + "usr/share/X11/locale/iso8859-1/Compose", + "usr/share/X11/locale/iso8859-1/XI18N_OBJS", + "usr/share/X11/locale/iso8859-1/XLC_LOCALE", + "usr/share/X11/locale/iso8859-10/Compose", + "usr/share/X11/locale/iso8859-10/XI18N_OBJS", + "usr/share/X11/locale/iso8859-10/XLC_LOCALE", + "usr/share/X11/locale/iso8859-11/Compose", + "usr/share/X11/locale/iso8859-11/XI18N_OBJS", + "usr/share/X11/locale/iso8859-11/XLC_LOCALE", + "usr/share/X11/locale/iso8859-13/Compose", + "usr/share/X11/locale/iso8859-13/XI18N_OBJS", + "usr/share/X11/locale/iso8859-13/XLC_LOCALE", + "usr/share/X11/locale/iso8859-14/Compose", + "usr/share/X11/locale/iso8859-14/XI18N_OBJS", + "usr/share/X11/locale/iso8859-14/XLC_LOCALE", + "usr/share/X11/locale/iso8859-15/Compose", + "usr/share/X11/locale/iso8859-15/XI18N_OBJS", + "usr/share/X11/locale/iso8859-15/XLC_LOCALE", + "usr/share/X11/locale/iso8859-2/Compose", + "usr/share/X11/locale/iso8859-2/XI18N_OBJS", + "usr/share/X11/locale/iso8859-2/XLC_LOCALE", + "usr/share/X11/locale/iso8859-3/Compose", + "usr/share/X11/locale/iso8859-3/XI18N_OBJS", + "usr/share/X11/locale/iso8859-3/XLC_LOCALE", + "usr/share/X11/locale/iso8859-4/Compose", + "usr/share/X11/locale/iso8859-4/XI18N_OBJS", + "usr/share/X11/locale/iso8859-4/XLC_LOCALE", + "usr/share/X11/locale/iso8859-5/Compose", + "usr/share/X11/locale/iso8859-5/XI18N_OBJS", + "usr/share/X11/locale/iso8859-5/XLC_LOCALE", + "usr/share/X11/locale/iso8859-6/Compose", + "usr/share/X11/locale/iso8859-6/XI18N_OBJS", + "usr/share/X11/locale/iso8859-6/XLC_LOCALE", + "usr/share/X11/locale/iso8859-7/Compose", + "usr/share/X11/locale/iso8859-7/XI18N_OBJS", + "usr/share/X11/locale/iso8859-7/XLC_LOCALE", + "usr/share/X11/locale/iso8859-8/Compose", + "usr/share/X11/locale/iso8859-8/XI18N_OBJS", + "usr/share/X11/locale/iso8859-8/XLC_LOCALE", + "usr/share/X11/locale/iso8859-9/Compose", + "usr/share/X11/locale/iso8859-9/XI18N_OBJS", + "usr/share/X11/locale/iso8859-9/XLC_LOCALE", + "usr/share/X11/locale/iso8859-9e/Compose", + "usr/share/X11/locale/iso8859-9e/XI18N_OBJS", + "usr/share/X11/locale/iso8859-9e/XLC_LOCALE", + "usr/share/X11/locale/ja/Compose", + "usr/share/X11/locale/ja/XI18N_OBJS", + "usr/share/X11/locale/ja/XLC_LOCALE", + "usr/share/X11/locale/ja.JIS/Compose", + "usr/share/X11/locale/ja.JIS/XI18N_OBJS", + "usr/share/X11/locale/ja.JIS/XLC_LOCALE", + "usr/share/X11/locale/ja.SJIS/Compose", + "usr/share/X11/locale/ja.SJIS/XI18N_OBJS", + "usr/share/X11/locale/ja.SJIS/XLC_LOCALE", + "usr/share/X11/locale/ja_JP.UTF-8/Compose", + "usr/share/X11/locale/ja_JP.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/ja_JP.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/km_KH.UTF-8/Compose", + "usr/share/X11/locale/km_KH.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/km_KH.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/ko/Compose", + "usr/share/X11/locale/ko/XI18N_OBJS", + "usr/share/X11/locale/ko/XLC_LOCALE", + "usr/share/X11/locale/ko_KR.UTF-8/Compose", + "usr/share/X11/locale/ko_KR.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/ko_KR.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/koi8-c/Compose", + "usr/share/X11/locale/koi8-c/XI18N_OBJS", + "usr/share/X11/locale/koi8-c/XLC_LOCALE", + "usr/share/X11/locale/koi8-r/Compose", + "usr/share/X11/locale/koi8-r/XI18N_OBJS", + "usr/share/X11/locale/koi8-r/XLC_LOCALE", + "usr/share/X11/locale/koi8-u/Compose", + "usr/share/X11/locale/koi8-u/XI18N_OBJS", + "usr/share/X11/locale/koi8-u/XLC_LOCALE", + "usr/share/X11/locale/microsoft-cp1251/Compose", + "usr/share/X11/locale/microsoft-cp1251/XI18N_OBJS", + "usr/share/X11/locale/microsoft-cp1251/XLC_LOCALE", + "usr/share/X11/locale/microsoft-cp1255/Compose", + "usr/share/X11/locale/microsoft-cp1255/XI18N_OBJS", + "usr/share/X11/locale/microsoft-cp1255/XLC_LOCALE", + "usr/share/X11/locale/microsoft-cp1256/Compose", + "usr/share/X11/locale/microsoft-cp1256/XI18N_OBJS", + "usr/share/X11/locale/microsoft-cp1256/XLC_LOCALE", + "usr/share/X11/locale/mulelao-1/Compose", + "usr/share/X11/locale/mulelao-1/XI18N_OBJS", + "usr/share/X11/locale/mulelao-1/XLC_LOCALE", + "usr/share/X11/locale/nokhchi-1/Compose", + "usr/share/X11/locale/nokhchi-1/XI18N_OBJS", + "usr/share/X11/locale/nokhchi-1/XLC_LOCALE", + "usr/share/X11/locale/pt_BR.UTF-8/Compose", + "usr/share/X11/locale/pt_BR.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/pt_BR.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/pt_PT.UTF-8/Compose", + "usr/share/X11/locale/pt_PT.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/pt_PT.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/ru_RU.UTF-8/Compose", + "usr/share/X11/locale/ru_RU.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/ru_RU.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/sr_RS.UTF-8/Compose", + "usr/share/X11/locale/sr_RS.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/sr_RS.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/tatar-cyr/Compose", + "usr/share/X11/locale/tatar-cyr/XI18N_OBJS", + "usr/share/X11/locale/tatar-cyr/XLC_LOCALE", + "usr/share/X11/locale/th_TH/Compose", + "usr/share/X11/locale/th_TH/XI18N_OBJS", + "usr/share/X11/locale/th_TH/XLC_LOCALE", + "usr/share/X11/locale/th_TH.UTF-8/Compose", + "usr/share/X11/locale/th_TH.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/th_TH.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/tscii-0/Compose", + "usr/share/X11/locale/tscii-0/XI18N_OBJS", + "usr/share/X11/locale/tscii-0/XLC_LOCALE", + "usr/share/X11/locale/vi_VN.tcvn/Compose", + "usr/share/X11/locale/vi_VN.tcvn/XI18N_OBJS", + "usr/share/X11/locale/vi_VN.tcvn/XLC_LOCALE", + "usr/share/X11/locale/vi_VN.viscii/Compose", + "usr/share/X11/locale/vi_VN.viscii/XI18N_OBJS", + "usr/share/X11/locale/vi_VN.viscii/XLC_LOCALE", + "usr/share/X11/locale/zh_CN/Compose", + "usr/share/X11/locale/zh_CN/XI18N_OBJS", + "usr/share/X11/locale/zh_CN/XLC_LOCALE", + "usr/share/X11/locale/zh_CN.UTF-8/Compose", + "usr/share/X11/locale/zh_CN.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/zh_CN.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/zh_CN.gb18030/Compose", + "usr/share/X11/locale/zh_CN.gb18030/XI18N_OBJS", + "usr/share/X11/locale/zh_CN.gb18030/XLC_LOCALE", + "usr/share/X11/locale/zh_CN.gbk/Compose", + "usr/share/X11/locale/zh_CN.gbk/XI18N_OBJS", + "usr/share/X11/locale/zh_CN.gbk/XLC_LOCALE", + "usr/share/X11/locale/zh_HK.UTF-8/Compose", + "usr/share/X11/locale/zh_HK.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/zh_HK.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/zh_HK.big5/Compose", + "usr/share/X11/locale/zh_HK.big5/XI18N_OBJS", + "usr/share/X11/locale/zh_HK.big5/XLC_LOCALE", + "usr/share/X11/locale/zh_HK.big5hkscs/Compose", + "usr/share/X11/locale/zh_HK.big5hkscs/XI18N_OBJS", + "usr/share/X11/locale/zh_HK.big5hkscs/XLC_LOCALE", + "usr/share/X11/locale/zh_TW/Compose", + "usr/share/X11/locale/zh_TW/XI18N_OBJS", + "usr/share/X11/locale/zh_TW/XLC_LOCALE", + "usr/share/X11/locale/zh_TW.UTF-8/Compose", + "usr/share/X11/locale/zh_TW.UTF-8/XI18N_OBJS", + "usr/share/X11/locale/zh_TW.UTF-8/XLC_LOCALE", + "usr/share/X11/locale/zh_TW.big5/Compose", + "usr/share/X11/locale/zh_TW.big5/XI18N_OBJS", + "usr/share/X11/locale/zh_TW.big5/XLC_LOCALE" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libxau@1.0.12-r0", + "Name": "libxau", + "Identifier": { + "PURL": "pkg:apk/alpine/libxau@1.0.12-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "d485bce96f246b42" + }, + "Version": "1.0.12-r0", + "Arch": "x86_64", + "SrcName": "libxau", + "SrcVersion": "1.0.12-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:89d2bc9daae3cb0e2ae095db6866357b7653f341", + "InstalledFiles": [ + "usr/lib/libXau.so.6", + "usr/lib/libXau.so.6.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libxcb@1.17.0-r1", + "Name": "libxcb", + "Identifier": { + "PURL": "pkg:apk/alpine/libxcb@1.17.0-r1?arch=x86_64\u0026distro=3.23.4", + "UID": "9257eaebc5b55b2" + }, + "Version": "1.17.0-r1", + "Arch": "x86_64", + "SrcName": "libxcb", + "SrcVersion": "1.17.0-r1", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libxau@1.0.12-r0", + "libxdmcp@1.1.5-r1", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:61b06f883e8f8d2d8ee360e4dac04ac037fcca13", + "InstalledFiles": [ + "usr/lib/libxcb-composite.so.0", + "usr/lib/libxcb-composite.so.0.0.0", + "usr/lib/libxcb-damage.so.0", + "usr/lib/libxcb-damage.so.0.0.0", + "usr/lib/libxcb-dbe.so.0", + "usr/lib/libxcb-dbe.so.0.0.0", + "usr/lib/libxcb-dpms.so.0", + "usr/lib/libxcb-dpms.so.0.0.0", + "usr/lib/libxcb-dri2.so.0", + "usr/lib/libxcb-dri2.so.0.0.0", + "usr/lib/libxcb-dri3.so.0", + "usr/lib/libxcb-dri3.so.0.1.0", + "usr/lib/libxcb-glx.so.0", + "usr/lib/libxcb-glx.so.0.0.0", + "usr/lib/libxcb-present.so.0", + "usr/lib/libxcb-present.so.0.0.0", + "usr/lib/libxcb-randr.so.0", + "usr/lib/libxcb-randr.so.0.1.0", + "usr/lib/libxcb-record.so.0", + "usr/lib/libxcb-record.so.0.0.0", + "usr/lib/libxcb-render.so.0", + "usr/lib/libxcb-render.so.0.0.0", + "usr/lib/libxcb-res.so.0", + "usr/lib/libxcb-res.so.0.0.0", + "usr/lib/libxcb-screensaver.so.0", + "usr/lib/libxcb-screensaver.so.0.0.0", + "usr/lib/libxcb-shape.so.0", + "usr/lib/libxcb-shape.so.0.0.0", + "usr/lib/libxcb-shm.so.0", + "usr/lib/libxcb-shm.so.0.0.0", + "usr/lib/libxcb-sync.so.1", + "usr/lib/libxcb-sync.so.1.0.0", + "usr/lib/libxcb-xf86dri.so.0", + "usr/lib/libxcb-xf86dri.so.0.0.0", + "usr/lib/libxcb-xfixes.so.0", + "usr/lib/libxcb-xfixes.so.0.0.0", + "usr/lib/libxcb-xinerama.so.0", + "usr/lib/libxcb-xinerama.so.0.0.0", + "usr/lib/libxcb-xinput.so.0", + "usr/lib/libxcb-xinput.so.0.1.0", + "usr/lib/libxcb-xkb.so.1", + "usr/lib/libxcb-xkb.so.1.0.0", + "usr/lib/libxcb-xtest.so.0", + "usr/lib/libxcb-xtest.so.0.0.0", + "usr/lib/libxcb-xv.so.0", + "usr/lib/libxcb-xv.so.0.0.0", + "usr/lib/libxcb-xvmc.so.0", + "usr/lib/libxcb-xvmc.so.0.0.0", + "usr/lib/libxcb.so.1", + "usr/lib/libxcb.so.1.1.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libxdmcp@1.1.5-r1", + "Name": "libxdmcp", + "Identifier": { + "PURL": "pkg:apk/alpine/libxdmcp@1.1.5-r1?arch=x86_64\u0026distro=3.23.4", + "UID": "4ce7671300ab208e" + }, + "Version": "1.1.5-r1", + "Arch": "x86_64", + "SrcName": "libxdmcp", + "SrcVersion": "1.1.5-r1", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libbsd@0.12.2-r0", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:99a24c0fa12282b5ef89a6e732a8d494b7696d9d", + "InstalledFiles": [ + "usr/lib/libXdmcp.so.6", + "usr/lib/libXdmcp.so.6.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libxext@1.3.6-r2", + "Name": "libxext", + "Identifier": { + "PURL": "pkg:apk/alpine/libxext@1.3.6-r2?arch=x86_64\u0026distro=3.23.4", + "UID": "6995b5d26ca62497" + }, + "Version": "1.3.6-r2", + "Arch": "x86_64", + "SrcName": "libxext", + "SrcVersion": "1.3.6-r2", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libx11@1.8.12-r1", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:92fb4f12c2170403d6a48c7485ecaee40c84bee2", + "InstalledFiles": [ + "usr/lib/libXext.so.6", + "usr/lib/libXext.so.6.4.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libxml2@2.13.9-r0", + "Name": "libxml2", + "Identifier": { + "PURL": "pkg:apk/alpine/libxml2@2.13.9-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "a4c496351a710b02" + }, + "Version": "2.13.9-r0", + "Arch": "x86_64", + "SrcName": "libxml2", + "SrcVersion": "2.13.9-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23", + "xz-libs@5.8.3-r0", + "zlib@1.3.2-r0" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:9fb56eb6e62b7b6658a8abe14cded8d87a47ebc7", + "InstalledFiles": [ + "usr/lib/libxml2.so.2", + "usr/lib/libxml2.so.2.13.9" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libxpm@3.5.19-r0", + "Name": "libxpm", + "Identifier": { + "PURL": "pkg:apk/alpine/libxpm@3.5.19-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "9eb303ee5fb7801a" + }, + "Version": "3.5.19-r0", + "Arch": "x86_64", + "SrcName": "libxpm", + "SrcVersion": "3.5.19-r0", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libx11@1.8.12-r1", + "libxext@1.3.6-r2", + "libxt@1.3.1-r0", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:0c1b2467462bd516e1f3b514854ccca30e0e59c0", + "InstalledFiles": [ + "usr/bin/cxpm", + "usr/bin/sxpm", + "usr/lib/libXpm.so.4", + "usr/lib/libXpm.so.4.11.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libxslt@1.1.43-r3", + "Name": "libxslt", + "Identifier": { + "PURL": "pkg:apk/alpine/libxslt@1.1.43-r3?arch=x86_64\u0026distro=3.23.4", + "UID": "f615d2a6378e26e8" + }, + "Version": "1.1.43-r3", + "Arch": "x86_64", + "SrcName": "libxslt", + "SrcVersion": "1.1.43-r3", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libxml2@2.13.9-r0", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:7d73182371fbf2141e137329e5432b94551bdd1b", + "InstalledFiles": [ + "usr/bin/xsltproc", + "usr/lib/libexslt.so.0", + "usr/lib/libexslt.so.0.8.24", + "usr/lib/libxslt.so.1", + "usr/lib/libxslt.so.1.1.43" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libxt@1.3.1-r0", + "Name": "libxt", + "Identifier": { + "PURL": "pkg:apk/alpine/libxt@1.3.1-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "3def3ac035093072" + }, + "Version": "1.3.1-r0", + "Arch": "x86_64", + "SrcName": "libxt", + "SrcVersion": "1.3.1-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libice@1.1.2-r0", + "libsm@1.2.6-r0", + "libx11@1.8.12-r1", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:1cffd892c392dcaac9ad017c999f9e268b5f8ee1", + "InstalledFiles": [ + "usr/lib/libXt.so.6", + "usr/lib/libXt.so.6.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libyuv@0.0.1887.20251502-r1", + "Name": "libyuv", + "Identifier": { + "PURL": "pkg:apk/alpine/libyuv@0.0.1887.20251502-r1?arch=x86_64\u0026distro=3.23.4", + "UID": "85b1ea36bf9f477d" + }, + "Version": "0.0.1887.20251502-r1", + "Arch": "x86_64", + "SrcName": "libyuv", + "SrcVersion": "0.0.1887.20251502-r1", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Andy Postnikov \u003capostnikov@gmail.com\u003e", + "DependsOn": [ + "libgcc@15.2.0-r2", + "libjpeg-turbo@3.1.2-r0", + "libstdc++@15.2.0-r2", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:8335fd57f5a479534322e6ac74968fdc7564d8d0", + "InstalledFiles": [ + "usr/bin/yuvconvert", + "usr/lib/libyuv.so" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl@1.2.5-r23", + "Name": "musl", + "Identifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r23?arch=x86_64\u0026distro=3.23.4", + "UID": "dca30b3fd6708a32" + }, + "Version": "1.2.5-r23", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.5-r23", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:1b6c50426d3c0656e9c5a567a5a59601c7f4307a", + "InstalledFiles": [ + "lib/ld-musl-x86_64.so.1", + "lib/libc.musl-x86_64.so.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl-utils@1.2.5-r23", + "Name": "musl-utils", + "Identifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r23?arch=x86_64\u0026distro=3.23.4", + "UID": "ffcf7198a9776c5f" + }, + "Version": "1.2.5-r23", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.5-r23", + "Licenses": [ + "MIT", + "BSD-2-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23", + "scanelf@1.3.8-r2" + ], + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:92fdbe96d25f13fe3a3d297ada56e4fb907aacec", + "InstalledFiles": [ + "sbin/ldconfig", + "usr/bin/getconf", + "usr/bin/getent", + "usr/bin/iconv", + "usr/bin/ldd" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ncurses-terminfo-base@6.5_p20251123-r0", + "Name": "ncurses-terminfo-base", + "Identifier": { + "PURL": "pkg:apk/alpine/ncurses-terminfo-base@6.5_p20251123-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "5acf10991828fa7a" + }, + "Version": "6.5_p20251123-r0", + "Arch": "x86_64", + "SrcName": "ncurses", + "SrcVersion": "6.5_p20251123-r0", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:57bd1d8124ec957eefea2314bdf45b0ed1068cee", + "InstalledFiles": [ + "etc/terminfo/a/alacritty", + "etc/terminfo/a/ansi", + "etc/terminfo/d/dumb", + "etc/terminfo/g/gnome", + "etc/terminfo/g/gnome-256color", + "etc/terminfo/k/konsole", + "etc/terminfo/k/konsole-256color", + "etc/terminfo/k/konsole-linux", + "etc/terminfo/l/linux", + "etc/terminfo/p/putty", + "etc/terminfo/p/putty-256color", + "etc/terminfo/r/rxvt", + "etc/terminfo/r/rxvt-256color", + "etc/terminfo/s/screen", + "etc/terminfo/s/screen-256color", + "etc/terminfo/s/st-0.6", + "etc/terminfo/s/st-0.7", + "etc/terminfo/s/st-0.8", + "etc/terminfo/s/st-0.8.5", + "etc/terminfo/s/st-16color", + "etc/terminfo/s/st-256color", + "etc/terminfo/s/st-direct", + "etc/terminfo/s/sun", + "etc/terminfo/t/terminator", + "etc/terminfo/t/terminology", + "etc/terminfo/t/terminology-0.6.1", + "etc/terminfo/t/terminology-1.0.0", + "etc/terminfo/t/terminology-1.8.1", + "etc/terminfo/t/tmux", + "etc/terminfo/t/tmux-256color", + "etc/terminfo/v/vt100", + "etc/terminfo/v/vt102", + "etc/terminfo/v/vt200", + "etc/terminfo/v/vt220", + "etc/terminfo/v/vt52", + "etc/terminfo/v/vte", + "etc/terminfo/v/vte-256color", + "etc/terminfo/x/xterm", + "etc/terminfo/x/xterm-256color", + "etc/terminfo/x/xterm-color", + "etc/terminfo/x/xterm-xfree86" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "nghttp2-libs@1.69.0-r0", + "Name": "nghttp2-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/nghttp2-libs@1.69.0-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "1d18d06a4faec59f" + }, + "Version": "1.69.0-r0", + "Arch": "x86_64", + "SrcName": "nghttp2", + "SrcVersion": "1.69.0-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:6b8651227dd3f9155ded30ddc171757a7f5b91a5", + "InstalledFiles": [ + "usr/lib/libnghttp2.so.14", + "usr/lib/libnghttp2.so.14.29.4" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "nginx@1.30.1-r1", + "Name": "nginx", + "Identifier": { + "PURL": "pkg:apk/alpine/nginx@1.30.1-r1?arch=x86_64\u0026distro=3.23.4", + "UID": "ee93c3492a28a9" + }, + "Version": "1.30.1-r1", + "Arch": "x86_64", + "SrcName": "nginx", + "SrcVersion": "1.30.1-r1", + "Licenses": [ + "2-clause", + "BSD-3-Clause", + "license" + ], + "Maintainer": "NGINX Packaging \u003cnginx-packaging@f5.com\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r30", + "libcrypto3@3.5.6-r0", + "libssl3@3.5.6-r0", + "musl@1.2.5-r23", + "pcre2@10.47-r0", + "zlib@1.3.2-r0" + ], + "Layer": { + "Digest": "sha256:2761f2b929073faf02088d1cd321e4cdd3134ccb2eb483426a89aa7a29d17031", + "DiffID": "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8" + }, + "Digest": "sha1:d4ce2b457870cc3e0205f6314ddba7d47535d52d", + "InstalledFiles": [ + "etc/init.d/nginx", + "etc/init.d/nginx-debug", + "etc/logrotate.d/nginx", + "etc/nginx/fastcgi.conf", + "etc/nginx/fastcgi_params", + "etc/nginx/mime.types", + "etc/nginx/modules", + "etc/nginx/nginx.conf", + "etc/nginx/scgi_params", + "etc/nginx/uwsgi_params", + "etc/nginx/conf.d/default.conf", + "usr/sbin/nginx", + "usr/sbin/nginx-debug", + "usr/share/licenses/nginx/COPYRIGHT", + "usr/share/man/man8/nginx.8.gz", + "usr/share/nginx/html/50x.html", + "usr/share/nginx/html/index.html" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "nginx-module-acme@1.30.1.0.4.1-r1", + "Name": "nginx-module-acme", + "Identifier": { + "PURL": "pkg:apk/alpine/nginx-module-acme@1.30.1.0.4.1-r1?arch=x86_64\u0026distro=3.23.4", + "UID": "c9745c5a58d2c9cc" + }, + "Version": "1.30.1.0.4.1-r1", + "Arch": "x86_64", + "SrcName": "nginx-module-acme", + "SrcVersion": "1.30.1.0.4.1-r1", + "Licenses": [ + "2-clause", + "BSD-3-Clause", + "license" + ], + "Maintainer": "NGINX Packaging \u003cnginx-packaging@f5.com\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r30", + "libgcc@15.2.0-r2", + "musl@1.2.5-r23", + "nginx@1.30.1-r1" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:760fa970bf48788491402eddebdf5aa700d099bb", + "InstalledFiles": [ + "usr/lib/nginx/modules/ngx_http_acme_module-debug.so", + "usr/lib/nginx/modules/ngx_http_acme_module.so", + "usr/share/licenses/nginx-module-acme/COPYRIGHT" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "nginx-module-geoip@1.30.1-r1", + "Name": "nginx-module-geoip", + "Identifier": { + "PURL": "pkg:apk/alpine/nginx-module-geoip@1.30.1-r1?arch=x86_64\u0026distro=3.23.4", + "UID": "2f97b19406989bba" + }, + "Version": "1.30.1-r1", + "Arch": "x86_64", + "SrcName": "nginx-module-geoip", + "SrcVersion": "1.30.1-r1", + "Licenses": [ + "2-clause", + "BSD-3-Clause", + "license" + ], + "Maintainer": "NGINX Packaging \u003cnginx-packaging@f5.com\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r30", + "geoip@1.6.12-r6", + "musl@1.2.5-r23", + "nginx@1.30.1-r1" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:8b055c7c6aab9d456bc794009fe3ed76578ba6ee", + "InstalledFiles": [ + "usr/lib/nginx/modules/ngx_http_geoip_module-debug.so", + "usr/lib/nginx/modules/ngx_http_geoip_module.so", + "usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so", + "usr/lib/nginx/modules/ngx_stream_geoip_module.so", + "usr/share/licenses/nginx-module-geoip/COPYRIGHT" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "nginx-module-image-filter@1.30.1-r1", + "Name": "nginx-module-image-filter", + "Identifier": { + "PURL": "pkg:apk/alpine/nginx-module-image-filter@1.30.1-r1?arch=x86_64\u0026distro=3.23.4", + "UID": "ffb3020ef6edeefc" + }, + "Version": "1.30.1-r1", + "Arch": "x86_64", + "SrcName": "nginx-module-image-filter", + "SrcVersion": "1.30.1-r1", + "Licenses": [ + "2-clause", + "BSD-3-Clause", + "license" + ], + "Maintainer": "NGINX Packaging \u003cnginx-packaging@f5.com\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r30", + "libgd@2.3.3-r10", + "musl@1.2.5-r23", + "nginx@1.30.1-r1" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:a8f8c1b5f8401207e51387d4a458f3a88155191b", + "InstalledFiles": [ + "usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so", + "usr/lib/nginx/modules/ngx_http_image_filter_module.so", + "usr/share/licenses/nginx-module-image-filter/COPYRIGHT" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "nginx-module-njs@1.30.1.0.9.9-r1", + "Name": "nginx-module-njs", + "Identifier": { + "PURL": "pkg:apk/alpine/nginx-module-njs@1.30.1.0.9.9-r1?arch=x86_64\u0026distro=3.23.4", + "UID": "42e11b23b4d1132e" + }, + "Version": "1.30.1.0.9.9-r1", + "Arch": "x86_64", + "SrcName": "nginx-module-njs", + "SrcVersion": "1.30.1.0.9.9-r1", + "Licenses": [ + "2-clause", + "BSD-3-Clause", + "license" + ], + "Maintainer": "NGINX Packaging \u003cnginx-packaging@f5.com\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r30", + "libcrypto3@3.5.6-r0", + "libedit@20251016.3.1-r0", + "libxml2@2.13.9-r0", + "musl@1.2.5-r23", + "nginx@1.30.1-r1", + "pcre2@10.47-r0", + "zlib@1.3.2-r0" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:8a28f607e7900e7af8c82185d67e56c9695bbb23", + "InstalledFiles": [ + "usr/bin/njs", + "usr/lib/nginx/modules/ngx_http_js_module-debug.so", + "usr/lib/nginx/modules/ngx_http_js_module.so", + "usr/lib/nginx/modules/ngx_stream_js_module-debug.so", + "usr/lib/nginx/modules/ngx_stream_js_module.so", + "usr/share/doc/nginx-module-njs/CHANGES", + "usr/share/licenses/nginx-module-njs/COPYRIGHT" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "nginx-module-xslt@1.30.1-r1", + "Name": "nginx-module-xslt", + "Identifier": { + "PURL": "pkg:apk/alpine/nginx-module-xslt@1.30.1-r1?arch=x86_64\u0026distro=3.23.4", + "UID": "7ce6e6221b100df" + }, + "Version": "1.30.1-r1", + "Arch": "x86_64", + "SrcName": "nginx-module-xslt", + "SrcVersion": "1.30.1-r1", + "Licenses": [ + "2-clause", + "BSD-3-Clause", + "license" + ], + "Maintainer": "NGINX Packaging \u003cnginx-packaging@f5.com\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r30", + "libxml2@2.13.9-r0", + "libxslt@1.1.43-r3", + "musl@1.2.5-r23", + "nginx@1.30.1-r1" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:f406cf62e97083ef3b445dfe494fd467925ecc2e", + "InstalledFiles": [ + "usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so", + "usr/lib/nginx/modules/ngx_http_xslt_filter_module.so", + "usr/share/licenses/nginx-module-xslt/COPYRIGHT" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "pcre2@10.47-r0", + "Name": "pcre2", + "Identifier": { + "PURL": "pkg:apk/alpine/pcre2@10.47-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "75fb7d2fe836dfdc" + }, + "Version": "10.47-r0", + "Arch": "x86_64", + "SrcName": "pcre2", + "SrcVersion": "10.47-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:2761f2b929073faf02088d1cd321e4cdd3134ccb2eb483426a89aa7a29d17031", + "DiffID": "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8" + }, + "Digest": "sha1:549059958151627bb0f5469bded945988b1bc24b", + "InstalledFiles": [ + "usr/lib/libpcre2-8.so.0", + "usr/lib/libpcre2-8.so.0.15.0", + "usr/lib/libpcre2-posix.so.3", + "usr/lib/libpcre2-posix.so.3.0.7" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "scanelf@1.3.8-r2", + "Name": "scanelf", + "Identifier": { + "PURL": "pkg:apk/alpine/scanelf@1.3.8-r2?arch=x86_64\u0026distro=3.23.4", + "UID": "4efd612ed6f16dca" + }, + "Version": "1.3.8-r2", + "Arch": "x86_64", + "SrcName": "pax-utils", + "SrcVersion": "1.3.8-r2", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:6ea36dd44ef9f6364f0cdfabe09ea15d2fdbe229", + "InstalledFiles": [ + "usr/bin/scanelf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ssl_client@1.37.0-r30", + "Name": "ssl_client", + "Identifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r30?arch=x86_64\u0026distro=3.23.4", + "UID": "f1acb8f2a8f94f51" + }, + "Version": "1.37.0-r30", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r30", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "libcrypto3@3.5.6-r0", + "libssl3@3.5.6-r0", + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:5b6ec0939cfc9be47d9677a3152c547cc18b5edd", + "InstalledFiles": [ + "usr/bin/ssl_client" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "tiff@4.7.1-r0", + "Name": "tiff", + "Identifier": { + "PURL": "pkg:apk/alpine/tiff@4.7.1-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "551adcb8b716f210" + }, + "Version": "4.7.1-r0", + "Arch": "x86_64", + "SrcName": "tiff", + "SrcVersion": "4.7.1-r0", + "Licenses": [ + "libtiff" + ], + "Maintainer": "Michael Mason \u003cms13sp@gmail.com\u003e", + "DependsOn": [ + "libjpeg-turbo@3.1.2-r0", + "libwebp@1.6.0-r0", + "musl@1.2.5-r23", + "zlib@1.3.2-r0", + "zstd-libs@1.5.7-r2" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:b92c3394d281f51345a9375da14f347b6c1619a6", + "InstalledFiles": [ + "usr/lib/libtiff.so.6", + "usr/lib/libtiff.so.6.2.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "tzdata@2026b-r0", + "Name": "tzdata", + "Identifier": { + "PURL": "pkg:apk/alpine/tzdata@2026b-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "86f2dfb9a4acee39" + }, + "Version": "2026b-r0", + "Arch": "x86_64", + "SrcName": "tzdata", + "SrcVersion": "2026b-r0", + "Licenses": [ + "Public-Domain" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:2761f2b929073faf02088d1cd321e4cdd3134ccb2eb483426a89aa7a29d17031", + "DiffID": "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8" + }, + "Digest": "sha1:2624b59cfb8182dfb3de19043c6867cd1b3e1779", + "InstalledFiles": [ + "usr/share/zoneinfo/CET", + "usr/share/zoneinfo/CST6CDT", + "usr/share/zoneinfo/Cuba", + "usr/share/zoneinfo/EET", + "usr/share/zoneinfo/EST", + "usr/share/zoneinfo/EST5EDT", + "usr/share/zoneinfo/Egypt", + "usr/share/zoneinfo/Eire", + "usr/share/zoneinfo/Factory", + "usr/share/zoneinfo/GB", + "usr/share/zoneinfo/GB-Eire", + "usr/share/zoneinfo/GMT", + "usr/share/zoneinfo/GMT+0", + "usr/share/zoneinfo/GMT-0", + "usr/share/zoneinfo/GMT0", + "usr/share/zoneinfo/Greenwich", + "usr/share/zoneinfo/HST", + "usr/share/zoneinfo/Hongkong", + "usr/share/zoneinfo/Iceland", + "usr/share/zoneinfo/Iran", + "usr/share/zoneinfo/Israel", + "usr/share/zoneinfo/Jamaica", + "usr/share/zoneinfo/Japan", + "usr/share/zoneinfo/Kwajalein", + "usr/share/zoneinfo/Libya", + "usr/share/zoneinfo/MET", + "usr/share/zoneinfo/MST", + "usr/share/zoneinfo/MST7MDT", + "usr/share/zoneinfo/NZ", + "usr/share/zoneinfo/NZ-CHAT", + "usr/share/zoneinfo/Navajo", + "usr/share/zoneinfo/PRC", + "usr/share/zoneinfo/PST8PDT", + "usr/share/zoneinfo/Poland", + "usr/share/zoneinfo/Portugal", + "usr/share/zoneinfo/ROC", + "usr/share/zoneinfo/ROK", + "usr/share/zoneinfo/Singapore", + "usr/share/zoneinfo/Turkey", + "usr/share/zoneinfo/UCT", + "usr/share/zoneinfo/UTC", + "usr/share/zoneinfo/Universal", + "usr/share/zoneinfo/W-SU", + "usr/share/zoneinfo/WET", + "usr/share/zoneinfo/Zulu", + "usr/share/zoneinfo/iso3166.tab", + "usr/share/zoneinfo/leap-seconds.list", + "usr/share/zoneinfo/posixrules", + "usr/share/zoneinfo/zone.tab", + "usr/share/zoneinfo/zone1970.tab", + "usr/share/zoneinfo/Africa/Abidjan", + "usr/share/zoneinfo/Africa/Accra", + "usr/share/zoneinfo/Africa/Addis_Ababa", + "usr/share/zoneinfo/Africa/Algiers", + "usr/share/zoneinfo/Africa/Asmara", + "usr/share/zoneinfo/Africa/Asmera", + "usr/share/zoneinfo/Africa/Bamako", + "usr/share/zoneinfo/Africa/Bangui", + "usr/share/zoneinfo/Africa/Banjul", + "usr/share/zoneinfo/Africa/Bissau", + "usr/share/zoneinfo/Africa/Blantyre", + "usr/share/zoneinfo/Africa/Brazzaville", + "usr/share/zoneinfo/Africa/Bujumbura", + "usr/share/zoneinfo/Africa/Cairo", + "usr/share/zoneinfo/Africa/Casablanca", + "usr/share/zoneinfo/Africa/Ceuta", + "usr/share/zoneinfo/Africa/Conakry", + "usr/share/zoneinfo/Africa/Dakar", + "usr/share/zoneinfo/Africa/Dar_es_Salaam", + "usr/share/zoneinfo/Africa/Djibouti", + "usr/share/zoneinfo/Africa/Douala", + "usr/share/zoneinfo/Africa/El_Aaiun", + "usr/share/zoneinfo/Africa/Freetown", + "usr/share/zoneinfo/Africa/Gaborone", + "usr/share/zoneinfo/Africa/Harare", + "usr/share/zoneinfo/Africa/Johannesburg", + "usr/share/zoneinfo/Africa/Juba", + "usr/share/zoneinfo/Africa/Kampala", + "usr/share/zoneinfo/Africa/Khartoum", + "usr/share/zoneinfo/Africa/Kigali", + "usr/share/zoneinfo/Africa/Kinshasa", + "usr/share/zoneinfo/Africa/Lagos", + "usr/share/zoneinfo/Africa/Libreville", + "usr/share/zoneinfo/Africa/Lome", + "usr/share/zoneinfo/Africa/Luanda", + "usr/share/zoneinfo/Africa/Lubumbashi", + "usr/share/zoneinfo/Africa/Lusaka", + "usr/share/zoneinfo/Africa/Malabo", + "usr/share/zoneinfo/Africa/Maputo", + "usr/share/zoneinfo/Africa/Maseru", + "usr/share/zoneinfo/Africa/Mbabane", + "usr/share/zoneinfo/Africa/Mogadishu", + "usr/share/zoneinfo/Africa/Monrovia", + "usr/share/zoneinfo/Africa/Nairobi", + "usr/share/zoneinfo/Africa/Ndjamena", + "usr/share/zoneinfo/Africa/Niamey", + "usr/share/zoneinfo/Africa/Nouakchott", + "usr/share/zoneinfo/Africa/Ouagadougou", + "usr/share/zoneinfo/Africa/Porto-Novo", + "usr/share/zoneinfo/Africa/Sao_Tome", + "usr/share/zoneinfo/Africa/Timbuktu", + "usr/share/zoneinfo/Africa/Tripoli", + "usr/share/zoneinfo/Africa/Tunis", + "usr/share/zoneinfo/Africa/Windhoek", + "usr/share/zoneinfo/America/Adak", + "usr/share/zoneinfo/America/Anchorage", + "usr/share/zoneinfo/America/Anguilla", + "usr/share/zoneinfo/America/Antigua", + "usr/share/zoneinfo/America/Araguaina", + "usr/share/zoneinfo/America/Aruba", + "usr/share/zoneinfo/America/Asuncion", + "usr/share/zoneinfo/America/Atikokan", + "usr/share/zoneinfo/America/Atka", + "usr/share/zoneinfo/America/Bahia", + "usr/share/zoneinfo/America/Bahia_Banderas", + "usr/share/zoneinfo/America/Barbados", + "usr/share/zoneinfo/America/Belem", + "usr/share/zoneinfo/America/Belize", + "usr/share/zoneinfo/America/Blanc-Sablon", + "usr/share/zoneinfo/America/Boa_Vista", + "usr/share/zoneinfo/America/Bogota", + "usr/share/zoneinfo/America/Boise", + "usr/share/zoneinfo/America/Buenos_Aires", + "usr/share/zoneinfo/America/Cambridge_Bay", + "usr/share/zoneinfo/America/Campo_Grande", + "usr/share/zoneinfo/America/Cancun", + "usr/share/zoneinfo/America/Caracas", + "usr/share/zoneinfo/America/Catamarca", + "usr/share/zoneinfo/America/Cayenne", + "usr/share/zoneinfo/America/Cayman", + "usr/share/zoneinfo/America/Chicago", + "usr/share/zoneinfo/America/Chihuahua", + "usr/share/zoneinfo/America/Ciudad_Juarez", + "usr/share/zoneinfo/America/Coral_Harbour", + "usr/share/zoneinfo/America/Cordoba", + "usr/share/zoneinfo/America/Costa_Rica", + "usr/share/zoneinfo/America/Coyhaique", + "usr/share/zoneinfo/America/Creston", + "usr/share/zoneinfo/America/Cuiaba", + "usr/share/zoneinfo/America/Curacao", + "usr/share/zoneinfo/America/Danmarkshavn", + "usr/share/zoneinfo/America/Dawson", + "usr/share/zoneinfo/America/Dawson_Creek", + "usr/share/zoneinfo/America/Denver", + "usr/share/zoneinfo/America/Detroit", + "usr/share/zoneinfo/America/Dominica", + "usr/share/zoneinfo/America/Edmonton", + "usr/share/zoneinfo/America/Eirunepe", + "usr/share/zoneinfo/America/El_Salvador", + "usr/share/zoneinfo/America/Ensenada", + "usr/share/zoneinfo/America/Fort_Nelson", + "usr/share/zoneinfo/America/Fort_Wayne", + "usr/share/zoneinfo/America/Fortaleza", + "usr/share/zoneinfo/America/Glace_Bay", + "usr/share/zoneinfo/America/Godthab", + "usr/share/zoneinfo/America/Goose_Bay", + "usr/share/zoneinfo/America/Grand_Turk", + "usr/share/zoneinfo/America/Grenada", + "usr/share/zoneinfo/America/Guadeloupe", + "usr/share/zoneinfo/America/Guatemala", + "usr/share/zoneinfo/America/Guayaquil", + "usr/share/zoneinfo/America/Guyana", + "usr/share/zoneinfo/America/Halifax", + "usr/share/zoneinfo/America/Havana", + "usr/share/zoneinfo/America/Hermosillo", + "usr/share/zoneinfo/America/Indianapolis", + "usr/share/zoneinfo/America/Inuvik", + "usr/share/zoneinfo/America/Iqaluit", + "usr/share/zoneinfo/America/Jamaica", + "usr/share/zoneinfo/America/Jujuy", + "usr/share/zoneinfo/America/Juneau", + "usr/share/zoneinfo/America/Knox_IN", + "usr/share/zoneinfo/America/Kralendijk", + "usr/share/zoneinfo/America/La_Paz", + "usr/share/zoneinfo/America/Lima", + "usr/share/zoneinfo/America/Los_Angeles", + "usr/share/zoneinfo/America/Louisville", + "usr/share/zoneinfo/America/Lower_Princes", + "usr/share/zoneinfo/America/Maceio", + "usr/share/zoneinfo/America/Managua", + "usr/share/zoneinfo/America/Manaus", + "usr/share/zoneinfo/America/Marigot", + "usr/share/zoneinfo/America/Martinique", + "usr/share/zoneinfo/America/Matamoros", + "usr/share/zoneinfo/America/Mazatlan", + "usr/share/zoneinfo/America/Mendoza", + "usr/share/zoneinfo/America/Menominee", + "usr/share/zoneinfo/America/Merida", + "usr/share/zoneinfo/America/Metlakatla", + "usr/share/zoneinfo/America/Mexico_City", + "usr/share/zoneinfo/America/Miquelon", + "usr/share/zoneinfo/America/Moncton", + "usr/share/zoneinfo/America/Monterrey", + "usr/share/zoneinfo/America/Montevideo", + "usr/share/zoneinfo/America/Montreal", + "usr/share/zoneinfo/America/Montserrat", + "usr/share/zoneinfo/America/Nassau", + "usr/share/zoneinfo/America/New_York", + "usr/share/zoneinfo/America/Nipigon", + "usr/share/zoneinfo/America/Nome", + "usr/share/zoneinfo/America/Noronha", + "usr/share/zoneinfo/America/Nuuk", + "usr/share/zoneinfo/America/Ojinaga", + "usr/share/zoneinfo/America/Panama", + "usr/share/zoneinfo/America/Pangnirtung", + "usr/share/zoneinfo/America/Paramaribo", + "usr/share/zoneinfo/America/Phoenix", + "usr/share/zoneinfo/America/Port-au-Prince", + "usr/share/zoneinfo/America/Port_of_Spain", + "usr/share/zoneinfo/America/Porto_Acre", + "usr/share/zoneinfo/America/Porto_Velho", + "usr/share/zoneinfo/America/Puerto_Rico", + "usr/share/zoneinfo/America/Punta_Arenas", + "usr/share/zoneinfo/America/Rainy_River", + "usr/share/zoneinfo/America/Rankin_Inlet", + "usr/share/zoneinfo/America/Recife", + "usr/share/zoneinfo/America/Regina", + "usr/share/zoneinfo/America/Resolute", + "usr/share/zoneinfo/America/Rio_Branco", + "usr/share/zoneinfo/America/Rosario", + "usr/share/zoneinfo/America/Santa_Isabel", + "usr/share/zoneinfo/America/Santarem", + "usr/share/zoneinfo/America/Santiago", + "usr/share/zoneinfo/America/Santo_Domingo", + "usr/share/zoneinfo/America/Sao_Paulo", + "usr/share/zoneinfo/America/Scoresbysund", + "usr/share/zoneinfo/America/Shiprock", + "usr/share/zoneinfo/America/Sitka", + "usr/share/zoneinfo/America/St_Barthelemy", + "usr/share/zoneinfo/America/St_Johns", + "usr/share/zoneinfo/America/St_Kitts", + "usr/share/zoneinfo/America/St_Lucia", + "usr/share/zoneinfo/America/St_Thomas", + "usr/share/zoneinfo/America/St_Vincent", + "usr/share/zoneinfo/America/Swift_Current", + "usr/share/zoneinfo/America/Tegucigalpa", + "usr/share/zoneinfo/America/Thule", + "usr/share/zoneinfo/America/Thunder_Bay", + "usr/share/zoneinfo/America/Tijuana", + "usr/share/zoneinfo/America/Toronto", + "usr/share/zoneinfo/America/Tortola", + "usr/share/zoneinfo/America/Vancouver", + "usr/share/zoneinfo/America/Virgin", + "usr/share/zoneinfo/America/Whitehorse", + "usr/share/zoneinfo/America/Winnipeg", + "usr/share/zoneinfo/America/Yakutat", + "usr/share/zoneinfo/America/Yellowknife", + "usr/share/zoneinfo/America/Argentina/Buenos_Aires", + "usr/share/zoneinfo/America/Argentina/Catamarca", + "usr/share/zoneinfo/America/Argentina/ComodRivadavia", + "usr/share/zoneinfo/America/Argentina/Cordoba", + "usr/share/zoneinfo/America/Argentina/Jujuy", + "usr/share/zoneinfo/America/Argentina/La_Rioja", + "usr/share/zoneinfo/America/Argentina/Mendoza", + "usr/share/zoneinfo/America/Argentina/Rio_Gallegos", + "usr/share/zoneinfo/America/Argentina/Salta", + "usr/share/zoneinfo/America/Argentina/San_Juan", + "usr/share/zoneinfo/America/Argentina/San_Luis", + "usr/share/zoneinfo/America/Argentina/Tucuman", + "usr/share/zoneinfo/America/Argentina/Ushuaia", + "usr/share/zoneinfo/America/Indiana/Indianapolis", + "usr/share/zoneinfo/America/Indiana/Knox", + "usr/share/zoneinfo/America/Indiana/Marengo", + "usr/share/zoneinfo/America/Indiana/Petersburg", + "usr/share/zoneinfo/America/Indiana/Tell_City", + "usr/share/zoneinfo/America/Indiana/Vevay", + "usr/share/zoneinfo/America/Indiana/Vincennes", + "usr/share/zoneinfo/America/Indiana/Winamac", + "usr/share/zoneinfo/America/Kentucky/Louisville", + "usr/share/zoneinfo/America/Kentucky/Monticello", + "usr/share/zoneinfo/America/North_Dakota/Beulah", + "usr/share/zoneinfo/America/North_Dakota/Center", + "usr/share/zoneinfo/America/North_Dakota/New_Salem", + "usr/share/zoneinfo/Antarctica/Casey", + "usr/share/zoneinfo/Antarctica/Davis", + "usr/share/zoneinfo/Antarctica/DumontDUrville", + "usr/share/zoneinfo/Antarctica/Macquarie", + "usr/share/zoneinfo/Antarctica/Mawson", + "usr/share/zoneinfo/Antarctica/McMurdo", + "usr/share/zoneinfo/Antarctica/Palmer", + "usr/share/zoneinfo/Antarctica/Rothera", + "usr/share/zoneinfo/Antarctica/South_Pole", + "usr/share/zoneinfo/Antarctica/Syowa", + "usr/share/zoneinfo/Antarctica/Troll", + "usr/share/zoneinfo/Antarctica/Vostok", + "usr/share/zoneinfo/Arctic/Longyearbyen", + "usr/share/zoneinfo/Asia/Aden", + "usr/share/zoneinfo/Asia/Almaty", + "usr/share/zoneinfo/Asia/Amman", + "usr/share/zoneinfo/Asia/Anadyr", + "usr/share/zoneinfo/Asia/Aqtau", + "usr/share/zoneinfo/Asia/Aqtobe", + "usr/share/zoneinfo/Asia/Ashgabat", + "usr/share/zoneinfo/Asia/Ashkhabad", + "usr/share/zoneinfo/Asia/Atyrau", + "usr/share/zoneinfo/Asia/Baghdad", + "usr/share/zoneinfo/Asia/Bahrain", + "usr/share/zoneinfo/Asia/Baku", + "usr/share/zoneinfo/Asia/Bangkok", + "usr/share/zoneinfo/Asia/Barnaul", + "usr/share/zoneinfo/Asia/Beirut", + "usr/share/zoneinfo/Asia/Bishkek", + "usr/share/zoneinfo/Asia/Brunei", + "usr/share/zoneinfo/Asia/Calcutta", + "usr/share/zoneinfo/Asia/Chita", + "usr/share/zoneinfo/Asia/Choibalsan", + "usr/share/zoneinfo/Asia/Chongqing", + "usr/share/zoneinfo/Asia/Chungking", + "usr/share/zoneinfo/Asia/Colombo", + "usr/share/zoneinfo/Asia/Dacca", + "usr/share/zoneinfo/Asia/Damascus", + "usr/share/zoneinfo/Asia/Dhaka", + "usr/share/zoneinfo/Asia/Dili", + "usr/share/zoneinfo/Asia/Dubai", + "usr/share/zoneinfo/Asia/Dushanbe", + "usr/share/zoneinfo/Asia/Famagusta", + "usr/share/zoneinfo/Asia/Gaza", + "usr/share/zoneinfo/Asia/Harbin", + "usr/share/zoneinfo/Asia/Hebron", + "usr/share/zoneinfo/Asia/Ho_Chi_Minh", + "usr/share/zoneinfo/Asia/Hong_Kong", + "usr/share/zoneinfo/Asia/Hovd", + "usr/share/zoneinfo/Asia/Irkutsk", + "usr/share/zoneinfo/Asia/Istanbul", + "usr/share/zoneinfo/Asia/Jakarta", + "usr/share/zoneinfo/Asia/Jayapura", + "usr/share/zoneinfo/Asia/Jerusalem", + "usr/share/zoneinfo/Asia/Kabul", + "usr/share/zoneinfo/Asia/Kamchatka", + "usr/share/zoneinfo/Asia/Karachi", + "usr/share/zoneinfo/Asia/Kashgar", + "usr/share/zoneinfo/Asia/Kathmandu", + "usr/share/zoneinfo/Asia/Katmandu", + "usr/share/zoneinfo/Asia/Khandyga", + "usr/share/zoneinfo/Asia/Kolkata", + "usr/share/zoneinfo/Asia/Krasnoyarsk", + "usr/share/zoneinfo/Asia/Kuala_Lumpur", + "usr/share/zoneinfo/Asia/Kuching", + "usr/share/zoneinfo/Asia/Kuwait", + "usr/share/zoneinfo/Asia/Macao", + "usr/share/zoneinfo/Asia/Macau", + "usr/share/zoneinfo/Asia/Magadan", + "usr/share/zoneinfo/Asia/Makassar", + "usr/share/zoneinfo/Asia/Manila", + "usr/share/zoneinfo/Asia/Muscat", + "usr/share/zoneinfo/Asia/Nicosia", + "usr/share/zoneinfo/Asia/Novokuznetsk", + "usr/share/zoneinfo/Asia/Novosibirsk", + "usr/share/zoneinfo/Asia/Omsk", + "usr/share/zoneinfo/Asia/Oral", + "usr/share/zoneinfo/Asia/Phnom_Penh", + "usr/share/zoneinfo/Asia/Pontianak", + "usr/share/zoneinfo/Asia/Pyongyang", + "usr/share/zoneinfo/Asia/Qatar", + "usr/share/zoneinfo/Asia/Qostanay", + "usr/share/zoneinfo/Asia/Qyzylorda", + "usr/share/zoneinfo/Asia/Rangoon", + "usr/share/zoneinfo/Asia/Riyadh", + "usr/share/zoneinfo/Asia/Saigon", + "usr/share/zoneinfo/Asia/Sakhalin", + "usr/share/zoneinfo/Asia/Samarkand", + "usr/share/zoneinfo/Asia/Seoul", + "usr/share/zoneinfo/Asia/Shanghai", + "usr/share/zoneinfo/Asia/Singapore", + "usr/share/zoneinfo/Asia/Srednekolymsk", + "usr/share/zoneinfo/Asia/Taipei", + "usr/share/zoneinfo/Asia/Tashkent", + "usr/share/zoneinfo/Asia/Tbilisi", + "usr/share/zoneinfo/Asia/Tehran", + "usr/share/zoneinfo/Asia/Tel_Aviv", + "usr/share/zoneinfo/Asia/Thimbu", + "usr/share/zoneinfo/Asia/Thimphu", + "usr/share/zoneinfo/Asia/Tokyo", + "usr/share/zoneinfo/Asia/Tomsk", + "usr/share/zoneinfo/Asia/Ujung_Pandang", + "usr/share/zoneinfo/Asia/Ulaanbaatar", + "usr/share/zoneinfo/Asia/Ulan_Bator", + "usr/share/zoneinfo/Asia/Urumqi", + "usr/share/zoneinfo/Asia/Ust-Nera", + "usr/share/zoneinfo/Asia/Vientiane", + "usr/share/zoneinfo/Asia/Vladivostok", + "usr/share/zoneinfo/Asia/Yakutsk", + "usr/share/zoneinfo/Asia/Yangon", + "usr/share/zoneinfo/Asia/Yekaterinburg", + "usr/share/zoneinfo/Asia/Yerevan", + "usr/share/zoneinfo/Atlantic/Azores", + "usr/share/zoneinfo/Atlantic/Bermuda", + "usr/share/zoneinfo/Atlantic/Canary", + "usr/share/zoneinfo/Atlantic/Cape_Verde", + "usr/share/zoneinfo/Atlantic/Faeroe", + "usr/share/zoneinfo/Atlantic/Faroe", + "usr/share/zoneinfo/Atlantic/Jan_Mayen", + "usr/share/zoneinfo/Atlantic/Madeira", + "usr/share/zoneinfo/Atlantic/Reykjavik", + "usr/share/zoneinfo/Atlantic/South_Georgia", + "usr/share/zoneinfo/Atlantic/St_Helena", + "usr/share/zoneinfo/Atlantic/Stanley", + "usr/share/zoneinfo/Australia/ACT", + "usr/share/zoneinfo/Australia/Adelaide", + "usr/share/zoneinfo/Australia/Brisbane", + "usr/share/zoneinfo/Australia/Broken_Hill", + "usr/share/zoneinfo/Australia/Canberra", + "usr/share/zoneinfo/Australia/Currie", + "usr/share/zoneinfo/Australia/Darwin", + "usr/share/zoneinfo/Australia/Eucla", + "usr/share/zoneinfo/Australia/Hobart", + "usr/share/zoneinfo/Australia/LHI", + "usr/share/zoneinfo/Australia/Lindeman", + "usr/share/zoneinfo/Australia/Lord_Howe", + "usr/share/zoneinfo/Australia/Melbourne", + "usr/share/zoneinfo/Australia/NSW", + "usr/share/zoneinfo/Australia/North", + "usr/share/zoneinfo/Australia/Perth", + "usr/share/zoneinfo/Australia/Queensland", + "usr/share/zoneinfo/Australia/South", + "usr/share/zoneinfo/Australia/Sydney", + "usr/share/zoneinfo/Australia/Tasmania", + "usr/share/zoneinfo/Australia/Victoria", + "usr/share/zoneinfo/Australia/West", + "usr/share/zoneinfo/Australia/Yancowinna", + "usr/share/zoneinfo/Brazil/Acre", + "usr/share/zoneinfo/Brazil/DeNoronha", + "usr/share/zoneinfo/Brazil/East", + "usr/share/zoneinfo/Brazil/West", + "usr/share/zoneinfo/Canada/Atlantic", + "usr/share/zoneinfo/Canada/Central", + "usr/share/zoneinfo/Canada/Eastern", + "usr/share/zoneinfo/Canada/Mountain", + "usr/share/zoneinfo/Canada/Newfoundland", + "usr/share/zoneinfo/Canada/Pacific", + "usr/share/zoneinfo/Canada/Saskatchewan", + "usr/share/zoneinfo/Canada/Yukon", + "usr/share/zoneinfo/Chile/Continental", + "usr/share/zoneinfo/Chile/EasterIsland", + "usr/share/zoneinfo/Etc/GMT", + "usr/share/zoneinfo/Etc/GMT+0", + "usr/share/zoneinfo/Etc/GMT+1", + "usr/share/zoneinfo/Etc/GMT+10", + "usr/share/zoneinfo/Etc/GMT+11", + "usr/share/zoneinfo/Etc/GMT+12", + "usr/share/zoneinfo/Etc/GMT+2", + "usr/share/zoneinfo/Etc/GMT+3", + "usr/share/zoneinfo/Etc/GMT+4", + "usr/share/zoneinfo/Etc/GMT+5", + "usr/share/zoneinfo/Etc/GMT+6", + "usr/share/zoneinfo/Etc/GMT+7", + "usr/share/zoneinfo/Etc/GMT+8", + "usr/share/zoneinfo/Etc/GMT+9", + "usr/share/zoneinfo/Etc/GMT-0", + "usr/share/zoneinfo/Etc/GMT-1", + "usr/share/zoneinfo/Etc/GMT-10", + "usr/share/zoneinfo/Etc/GMT-11", + "usr/share/zoneinfo/Etc/GMT-12", + "usr/share/zoneinfo/Etc/GMT-13", + "usr/share/zoneinfo/Etc/GMT-14", + "usr/share/zoneinfo/Etc/GMT-2", + "usr/share/zoneinfo/Etc/GMT-3", + "usr/share/zoneinfo/Etc/GMT-4", + "usr/share/zoneinfo/Etc/GMT-5", + "usr/share/zoneinfo/Etc/GMT-6", + "usr/share/zoneinfo/Etc/GMT-7", + "usr/share/zoneinfo/Etc/GMT-8", + "usr/share/zoneinfo/Etc/GMT-9", + "usr/share/zoneinfo/Etc/GMT0", + "usr/share/zoneinfo/Etc/Greenwich", + "usr/share/zoneinfo/Etc/UCT", + "usr/share/zoneinfo/Etc/UTC", + "usr/share/zoneinfo/Etc/Universal", + "usr/share/zoneinfo/Etc/Zulu", + "usr/share/zoneinfo/Europe/Amsterdam", + "usr/share/zoneinfo/Europe/Andorra", + "usr/share/zoneinfo/Europe/Astrakhan", + "usr/share/zoneinfo/Europe/Athens", + "usr/share/zoneinfo/Europe/Belfast", + "usr/share/zoneinfo/Europe/Belgrade", + "usr/share/zoneinfo/Europe/Berlin", + "usr/share/zoneinfo/Europe/Bratislava", + "usr/share/zoneinfo/Europe/Brussels", + "usr/share/zoneinfo/Europe/Bucharest", + "usr/share/zoneinfo/Europe/Budapest", + "usr/share/zoneinfo/Europe/Busingen", + "usr/share/zoneinfo/Europe/Chisinau", + "usr/share/zoneinfo/Europe/Copenhagen", + "usr/share/zoneinfo/Europe/Dublin", + "usr/share/zoneinfo/Europe/Gibraltar", + "usr/share/zoneinfo/Europe/Guernsey", + "usr/share/zoneinfo/Europe/Helsinki", + "usr/share/zoneinfo/Europe/Isle_of_Man", + "usr/share/zoneinfo/Europe/Istanbul", + "usr/share/zoneinfo/Europe/Jersey", + "usr/share/zoneinfo/Europe/Kaliningrad", + "usr/share/zoneinfo/Europe/Kiev", + "usr/share/zoneinfo/Europe/Kirov", + "usr/share/zoneinfo/Europe/Kyiv", + "usr/share/zoneinfo/Europe/Lisbon", + "usr/share/zoneinfo/Europe/Ljubljana", + "usr/share/zoneinfo/Europe/London", + "usr/share/zoneinfo/Europe/Luxembourg", + "usr/share/zoneinfo/Europe/Madrid", + "usr/share/zoneinfo/Europe/Malta", + "usr/share/zoneinfo/Europe/Mariehamn", + "usr/share/zoneinfo/Europe/Minsk", + "usr/share/zoneinfo/Europe/Monaco", + "usr/share/zoneinfo/Europe/Moscow", + "usr/share/zoneinfo/Europe/Nicosia", + "usr/share/zoneinfo/Europe/Oslo", + "usr/share/zoneinfo/Europe/Paris", + "usr/share/zoneinfo/Europe/Podgorica", + "usr/share/zoneinfo/Europe/Prague", + "usr/share/zoneinfo/Europe/Riga", + "usr/share/zoneinfo/Europe/Rome", + "usr/share/zoneinfo/Europe/Samara", + "usr/share/zoneinfo/Europe/San_Marino", + "usr/share/zoneinfo/Europe/Sarajevo", + "usr/share/zoneinfo/Europe/Saratov", + "usr/share/zoneinfo/Europe/Simferopol", + "usr/share/zoneinfo/Europe/Skopje", + "usr/share/zoneinfo/Europe/Sofia", + "usr/share/zoneinfo/Europe/Stockholm", + "usr/share/zoneinfo/Europe/Tallinn", + "usr/share/zoneinfo/Europe/Tirane", + "usr/share/zoneinfo/Europe/Tiraspol", + "usr/share/zoneinfo/Europe/Ulyanovsk", + "usr/share/zoneinfo/Europe/Uzhgorod", + "usr/share/zoneinfo/Europe/Vaduz", + "usr/share/zoneinfo/Europe/Vatican", + "usr/share/zoneinfo/Europe/Vienna", + "usr/share/zoneinfo/Europe/Vilnius", + "usr/share/zoneinfo/Europe/Volgograd", + "usr/share/zoneinfo/Europe/Warsaw", + "usr/share/zoneinfo/Europe/Zagreb", + "usr/share/zoneinfo/Europe/Zaporozhye", + "usr/share/zoneinfo/Europe/Zurich", + "usr/share/zoneinfo/Indian/Antananarivo", + "usr/share/zoneinfo/Indian/Chagos", + "usr/share/zoneinfo/Indian/Christmas", + "usr/share/zoneinfo/Indian/Cocos", + "usr/share/zoneinfo/Indian/Comoro", + "usr/share/zoneinfo/Indian/Kerguelen", + "usr/share/zoneinfo/Indian/Mahe", + "usr/share/zoneinfo/Indian/Maldives", + "usr/share/zoneinfo/Indian/Mauritius", + "usr/share/zoneinfo/Indian/Mayotte", + "usr/share/zoneinfo/Indian/Reunion", + "usr/share/zoneinfo/Mexico/BajaNorte", + "usr/share/zoneinfo/Mexico/BajaSur", + "usr/share/zoneinfo/Mexico/General", + "usr/share/zoneinfo/Pacific/Apia", + "usr/share/zoneinfo/Pacific/Auckland", + "usr/share/zoneinfo/Pacific/Bougainville", + "usr/share/zoneinfo/Pacific/Chatham", + "usr/share/zoneinfo/Pacific/Chuuk", + "usr/share/zoneinfo/Pacific/Easter", + "usr/share/zoneinfo/Pacific/Efate", + "usr/share/zoneinfo/Pacific/Enderbury", + "usr/share/zoneinfo/Pacific/Fakaofo", + "usr/share/zoneinfo/Pacific/Fiji", + "usr/share/zoneinfo/Pacific/Funafuti", + "usr/share/zoneinfo/Pacific/Galapagos", + "usr/share/zoneinfo/Pacific/Gambier", + "usr/share/zoneinfo/Pacific/Guadalcanal", + "usr/share/zoneinfo/Pacific/Guam", + "usr/share/zoneinfo/Pacific/Honolulu", + "usr/share/zoneinfo/Pacific/Johnston", + "usr/share/zoneinfo/Pacific/Kanton", + "usr/share/zoneinfo/Pacific/Kiritimati", + "usr/share/zoneinfo/Pacific/Kosrae", + "usr/share/zoneinfo/Pacific/Kwajalein", + "usr/share/zoneinfo/Pacific/Majuro", + "usr/share/zoneinfo/Pacific/Marquesas", + "usr/share/zoneinfo/Pacific/Midway", + "usr/share/zoneinfo/Pacific/Nauru", + "usr/share/zoneinfo/Pacific/Niue", + "usr/share/zoneinfo/Pacific/Norfolk", + "usr/share/zoneinfo/Pacific/Noumea", + "usr/share/zoneinfo/Pacific/Pago_Pago", + "usr/share/zoneinfo/Pacific/Palau", + "usr/share/zoneinfo/Pacific/Pitcairn", + "usr/share/zoneinfo/Pacific/Pohnpei", + "usr/share/zoneinfo/Pacific/Ponape", + "usr/share/zoneinfo/Pacific/Port_Moresby", + "usr/share/zoneinfo/Pacific/Rarotonga", + "usr/share/zoneinfo/Pacific/Saipan", + "usr/share/zoneinfo/Pacific/Samoa", + "usr/share/zoneinfo/Pacific/Tahiti", + "usr/share/zoneinfo/Pacific/Tarawa", + "usr/share/zoneinfo/Pacific/Tongatapu", + "usr/share/zoneinfo/Pacific/Truk", + "usr/share/zoneinfo/Pacific/Wake", + "usr/share/zoneinfo/Pacific/Wallis", + "usr/share/zoneinfo/Pacific/Yap", + "usr/share/zoneinfo/US/Alaska", + "usr/share/zoneinfo/US/Aleutian", + "usr/share/zoneinfo/US/Arizona", + "usr/share/zoneinfo/US/Central", + "usr/share/zoneinfo/US/East-Indiana", + "usr/share/zoneinfo/US/Eastern", + "usr/share/zoneinfo/US/Hawaii", + "usr/share/zoneinfo/US/Indiana-Starke", + "usr/share/zoneinfo/US/Michigan", + "usr/share/zoneinfo/US/Mountain", + "usr/share/zoneinfo/US/Pacific", + "usr/share/zoneinfo/US/Samoa" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "xz-libs@5.8.3-r0", + "Name": "xz-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/xz-libs@5.8.3-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "f68b0b2917b8b773" + }, + "Version": "5.8.3-r0", + "Arch": "x86_64", + "SrcName": "xz", + "SrcVersion": "5.8.3-r0", + "Licenses": [ + "GPL-2.0-or-later", + "0BSD", + "Public-Domain", + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:ddf3f8b1c3d2561ae67523b9baef398f971959bb", + "InstalledFiles": [ + "usr/lib/liblzma.so.5", + "usr/lib/liblzma.so.5.8.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "zlib@1.3.2-r0", + "Name": "zlib", + "Identifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.2-r0?arch=x86_64\u0026distro=3.23.4", + "UID": "23a5a7d167a86311" + }, + "Version": "1.3.2-r0", + "Arch": "x86_64", + "SrcName": "zlib", + "SrcVersion": "1.3.2-r0", + "Licenses": [ + "Zlib" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", + "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" + }, + "Digest": "sha1:68bb97ea5255e77aa974e65476d64832ad56288a", + "InstalledFiles": [ + "usr/lib/libz.so.1", + "usr/lib/libz.so.1.3.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "zstd-libs@1.5.7-r2", + "Name": "zstd-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/zstd-libs@1.5.7-r2?arch=x86_64\u0026distro=3.23.4", + "UID": "3653bba6b6680fed" + }, + "Version": "1.5.7-r2", + "Arch": "x86_64", + "SrcName": "zstd", + "SrcVersion": "1.5.7-r2", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r23" + ], + "Layer": { + "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", + "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" + }, + "Digest": "sha1:d507b8ac3c4335a40405ac20e49bac9d43642be6", + "InstalledFiles": [ + "usr/lib/libzstd.so.1", + "usr/lib/libzstd.so.1.5.7" + ], + "AnalyzedBy": "apk" + } + ] + } + ] + }, + { + "Namespace": "ingress", + "Kind": "DaemonSet", + "Name": "nginx-ingress-microk8s-controller", + "Metadata": [ + { + "Size": 300570624, + "OS": { + "Family": "alpine", + "Name": "3.21.3" + }, + "ImageID": "sha256:6af992df6ef6254e4448bd51bb5b37e3f7dcd05e86f7abe99c4bd951dc4aef4a", + "DiffIDs": [ + "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350", + "sha256:e33d3c45765e5be4b1162f7e8b066b22a5e5040fbd7bf1914d7c2f0ca6ff8d84", + "sha256:c20fadd63d0c992903bb8b4f6e97907c65d8813ba9aeefe97ee266104512c1bb", + "sha256:48a43f6596d39ee2a1b63d910cbb46f1a03ee2f2eeb3e67fefa09a4d773c4c96", + "sha256:4c41abd1ea6c653ff23d2be5f5e7449f270a67172e45efdc8532184dec377004", + "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb", + "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", + "sha256:b4536ef30a85ae24d9be2699da4f8198706ce2d9bf92624e66a237a026918152", + "sha256:9ce3e1ba2b9a8d047a1d56fbf7832dbc87e83ca28272b578860c980d6e6604cf", + "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17", + "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214", + "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b", + "sha256:8091455c14065d3454442ed87bd0c08ed4743259bd4e76458f3e9a6f5a84a3ed", + "sha256:8092223828afad76fbb149b4e7772b18df8e643bf68e845552cf474291457eb2", + "sha256:095ca2e2faf8197e860b1a0939052ab368bd2212ddff14745abfbb86cfcf9acd" + ], + "RepoTags": [ + "registry.k8s.io/ingress-nginx/controller:v1.11.5" + ], + "RepoDigests": [ + "registry.k8s.io/ingress-nginx/controller@sha256:a1cbad75b0a7098bf9325132794dddf9eef917e8a7fe246749a4cea7ff6f01eb" + ], + "Reference": "registry.k8s.io/ingress-nginx/controller:v1.11.5", + "ImageConfig": { + "architecture": "amd64", + "created": "2025-03-24T23:16:01.197088025Z", + "history": [ + { + "created": "2025-02-14T03:28:36Z", + "created_by": "ADD alpine-minirootfs-3.21.3-x86_64.tar.gz / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-02-14T03:28:36Z", + "created_by": "CMD [\"/bin/sh\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-03-24T14:50:55.998977887Z", + "created_by": "ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-03-24T14:50:55.998977887Z", + "created_by": "ENV LUA_PATH=/usr/local/share/luajit-2.1.0-beta3/?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/lib/lua/?.lua;;", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-03-24T14:50:55.998977887Z", + "created_by": "ENV LUA_CPATH=/usr/local/lib/lua/?/?.so;/usr/local/lib/lua/?.so;;", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-03-24T14:50:55.998977887Z", + "created_by": "COPY /usr/local /usr/local # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-03-24T14:50:56.537993831Z", + "created_by": "COPY /usr/lib/libopentelemetry* /usr/local/lib # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-03-24T14:50:56.606565169Z", + "created_by": "COPY /opt /opt # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-03-24T14:50:56.764343377Z", + "created_by": "COPY /etc/nginx /etc/nginx # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-03-24T14:51:02.807362199Z", + "created_by": "RUN /bin/sh -c apk update \u0026\u0026 apk upgrade \u0026\u0026 apk add -U --no-cache bash openssl pcre zlib ca-certificates patch yajl lmdb libxml2 libmaxminddb yaml-cpp dumb-init tzdata grpc-cpp libprotobuf abseil-cpp-crc-cpu-detect abseil-cpp-vlog-config-internal \u0026\u0026 ln -s /usr/local/nginx/sbin/nginx /sbin/nginx \u0026\u0026 adduser -S -D -H -u 101 -h /usr/local/nginx -s /sbin/nologin -G www-data -g www-data www-data \u0026\u0026 bash -eu -c ' writeDirs=( /var/log/nginx /var/lib/nginx/body /var/lib/nginx/fastcgi /var/lib/nginx/proxy /var/lib/nginx/scgi /var/lib/nginx/uwsgi /var/log/audit ); for dir in \"${writeDirs[@]}\"; do mkdir -p ${dir}; chown -R www-data:www-data ${dir}; done' # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-03-24T14:51:02.807362199Z", + "created_by": "EXPOSE map[443/tcp:{} 80/tcp:{}]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-03-24T14:51:02.807362199Z", + "created_by": "CMD [\"nginx\" \"-g\" \"daemon off;\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-03-24T23:15:54.15099068Z", + "created_by": "ARG TARGETARCH=amd64", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-03-24T23:15:54.15099068Z", + "created_by": "ARG VERSION=v1.11.5", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-03-24T23:15:54.15099068Z", + "created_by": "ARG COMMIT_SHA=97ffeeee0fabd4b1c6b1cdabeaed881faab612de", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-03-24T23:15:54.15099068Z", + "created_by": "ARG BUILD_ID=dd9cca89-47b4-498c-b5f7-8fe81f75df48", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-03-24T23:15:54.15099068Z", + "created_by": "LABEL org.opencontainers.image.title=NGINX Ingress Controller for Kubernetes", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-03-24T23:15:54.15099068Z", + "created_by": "LABEL org.opencontainers.image.documentation=https://kubernetes.github.io/ingress-nginx/", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-03-24T23:15:54.15099068Z", + "created_by": "LABEL org.opencontainers.image.source=https://github.com/kubernetes/ingress-nginx", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-03-24T23:15:54.15099068Z", + "created_by": "LABEL org.opencontainers.image.vendor=The Kubernetes Authors", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-03-24T23:15:54.15099068Z", + "created_by": "LABEL org.opencontainers.image.licenses=Apache-2.0", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-03-24T23:15:54.15099068Z", + "created_by": "LABEL org.opencontainers.image.version=v1.11.5", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-03-24T23:15:54.15099068Z", + "created_by": "LABEL org.opencontainers.image.revision=97ffeeee0fabd4b1c6b1cdabeaed881faab612de", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-03-24T23:15:54.15099068Z", + "created_by": "LABEL build_id=dd9cca89-47b4-498c-b5f7-8fe81f75df48", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-03-24T23:15:54.15099068Z", + "created_by": "WORKDIR /etc/nginx", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-03-24T23:15:57.970914099Z", + "created_by": "RUN |4 TARGETARCH=amd64 VERSION=v1.11.5 COMMIT_SHA=97ffeeee0fabd4b1c6b1cdabeaed881faab612de BUILD_ID=dd9cca89-47b4-498c-b5f7-8fe81f75df48 /bin/sh -c apk update \u0026\u0026 apk upgrade \u0026\u0026 apk add --no-cache diffutils \u0026\u0026 rm -rf /var/cache/apk/* # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-03-24T23:15:58.043497122Z", + "created_by": "COPY --chown=www-data:www-data etc /etc # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-03-24T23:15:58.113742726Z", + "created_by": "COPY --chown=www-data:www-data bin/amd64/dbg / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-03-24T23:15:58.42043542Z", + "created_by": "COPY --chown=www-data:www-data bin/amd64/nginx-ingress-controller / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-03-24T23:15:58.480418849Z", + "created_by": "COPY --chown=www-data:www-data bin/amd64/wait-shutdown / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-03-24T23:15:58.765533366Z", + "created_by": "RUN |4 TARGETARCH=amd64 VERSION=v1.11.5 COMMIT_SHA=97ffeeee0fabd4b1c6b1cdabeaed881faab612de BUILD_ID=dd9cca89-47b4-498c-b5f7-8fe81f75df48 /bin/sh -c bash -xeu -c ' writeDirs=( /etc/ingress-controller/ssl /etc/ingress-controller/auth /etc/ingress-controller/geoip /etc/ingress-controller/telemetry /var/log /var/log/nginx /tmp/nginx ); for dir in \"${writeDirs[@]}\"; do mkdir -p ${dir}; chown -R www-data:www-data ${dir}; done' \u0026\u0026 echo \"/lib:/usr/lib:/usr/local/lib:/modules_mount/etc/nginx/modules/otel\" \u003e /etc/ld-musl-x86_64.path # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-03-24T23:16:00.98914775Z", + "created_by": "RUN |4 TARGETARCH=amd64 VERSION=v1.11.5 COMMIT_SHA=97ffeeee0fabd4b1c6b1cdabeaed881faab612de BUILD_ID=dd9cca89-47b4-498c-b5f7-8fe81f75df48 /bin/sh -c apk add --no-cache libcap \u0026\u0026 setcap cap_net_bind_service=+ep /nginx-ingress-controller \u0026\u0026 setcap -v cap_net_bind_service=+ep /nginx-ingress-controller \u0026\u0026 setcap cap_net_bind_service=+ep /usr/local/nginx/sbin/nginx \u0026\u0026 setcap -v cap_net_bind_service=+ep /usr/local/nginx/sbin/nginx \u0026\u0026 setcap cap_net_bind_service=+ep /usr/bin/dumb-init \u0026\u0026 setcap -v cap_net_bind_service=+ep /usr/bin/dumb-init \u0026\u0026 apk del libcap \u0026\u0026 ln -sf /usr/local/nginx/sbin/nginx /usr/bin/nginx # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-03-24T23:16:00.98914775Z", + "created_by": "USER www-data", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-03-24T23:16:01.197088025Z", + "created_by": "RUN |4 TARGETARCH=amd64 VERSION=v1.11.5 COMMIT_SHA=97ffeeee0fabd4b1c6b1cdabeaed881faab612de BUILD_ID=dd9cca89-47b4-498c-b5f7-8fe81f75df48 /bin/sh -c ln -sf /dev/stdout /var/log/nginx/access.log \u0026\u0026 ln -sf /dev/stderr /var/log/nginx/error.log # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-03-24T23:16:01.197088025Z", + "created_by": "ENTRYPOINT [\"/usr/bin/dumb-init\" \"--\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-03-24T23:16:01.197088025Z", + "created_by": "CMD [\"/nginx-ingress-controller\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350", + "sha256:e33d3c45765e5be4b1162f7e8b066b22a5e5040fbd7bf1914d7c2f0ca6ff8d84", + "sha256:c20fadd63d0c992903bb8b4f6e97907c65d8813ba9aeefe97ee266104512c1bb", + "sha256:48a43f6596d39ee2a1b63d910cbb46f1a03ee2f2eeb3e67fefa09a4d773c4c96", + "sha256:4c41abd1ea6c653ff23d2be5f5e7449f270a67172e45efdc8532184dec377004", + "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb", + "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", + "sha256:b4536ef30a85ae24d9be2699da4f8198706ce2d9bf92624e66a237a026918152", + "sha256:9ce3e1ba2b9a8d047a1d56fbf7832dbc87e83ca28272b578860c980d6e6604cf", + "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17", + "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214", + "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b", + "sha256:8091455c14065d3454442ed87bd0c08ed4743259bd4e76458f3e9a6f5a84a3ed", + "sha256:8092223828afad76fbb149b4e7772b18df8e643bf68e845552cf474291457eb2", + "sha256:095ca2e2faf8197e860b1a0939052ab368bd2212ddff14745abfbb86cfcf9acd" + ] + }, + "config": { + "Cmd": [ + "/nginx-ingress-controller" + ], + "Entrypoint": [ + "/usr/bin/dumb-init", + "--" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin", + "LUA_PATH=/usr/local/share/luajit-2.1.0-beta3/?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/lib/lua/?.lua;;", + "LUA_CPATH=/usr/local/lib/lua/?/?.so;/usr/local/lib/lua/?.so;;" + ], + "Labels": { + "build_id": "dd9cca89-47b4-498c-b5f7-8fe81f75df48", + "org.opencontainers.image.documentation": "https://kubernetes.github.io/ingress-nginx/", + "org.opencontainers.image.licenses": "Apache-2.0", + "org.opencontainers.image.revision": "97ffeeee0fabd4b1c6b1cdabeaed881faab612de", + "org.opencontainers.image.source": "https://github.com/kubernetes/ingress-nginx", + "org.opencontainers.image.title": "NGINX Ingress Controller for Kubernetes", + "org.opencontainers.image.vendor": "The Kubernetes Authors", + "org.opencontainers.image.version": "v1.11.5" + }, + "User": "www-data", + "WorkingDir": "/etc/nginx", + "ExposedPorts": { + "443/tcp": {}, + "80/tcp": {} + }, + "ArgsEscaped": true + } + }, + "Layers": [ + { + "Size": 8120832, + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + { + "Size": 80165376, + "Digest": "sha256:5cc8abdb7c1985125d564afff276420817a2cbad9bc404c500758a1279eddb5e", + "DiffID": "sha256:e33d3c45765e5be4b1162f7e8b066b22a5e5040fbd7bf1914d7c2f0ca6ff8d84" + }, + { + "Size": 30490112, + "Digest": "sha256:267ec1e9fef46f0a8a9f5532aa172afdad3d4fec238f3f1b94f98d77647f50cb", + "DiffID": "sha256:c20fadd63d0c992903bb8b4f6e97907c65d8813ba9aeefe97ee266104512c1bb" + }, + { + "Size": 4096, + "Digest": "sha256:61928ff5d71793bd47b5f72457dff5f64926f8a8464435c39a2fd8567a70e3f1", + "DiffID": "sha256:48a43f6596d39ee2a1b63d910cbb46f1a03ee2f2eeb3e67fefa09a4d773c4c96" + }, + { + "Size": 2999296, + "Digest": "sha256:b0c14f15d577ef9a503dce9d66dc233daea5a0d3aa092a67b6a3b4996490051b", + "DiffID": "sha256:4c41abd1ea6c653ff23d2be5f5e7449f270a67172e45efdc8532184dec377004" + }, + { + "Size": 48074752, + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + { + "Size": 1024, + "Digest": "sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1", + "DiffID": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" + }, + { + "Size": 425984, + "Digest": "sha256:d8bf483dcaa2136ca4275dfa783369b5159ffd96ac2a1748928cb4e1864710ba", + "DiffID": "sha256:b4536ef30a85ae24d9be2699da4f8198706ce2d9bf92624e66a237a026918152" + }, + { + "Size": 323072, + "Digest": "sha256:622e118fdff9e0545c7f5a2903c6c6ee1e83575e476497564643958c5122d767", + "DiffID": "sha256:9ce3e1ba2b9a8d047a1d56fbf7832dbc87e83ca28272b578860c980d6e6604cf" + }, + { + "Size": 6465536, + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + { + "Size": 52959232, + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + { + "Size": 3930112, + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + { + "Size": 7168, + "Digest": "sha256:810f9f20a53c5f74e841b01240513cae267a347826549d794c7608a93964c8ee", + "DiffID": "sha256:8091455c14065d3454442ed87bd0c08ed4743259bd4e76458f3e9a6f5a84a3ed" + }, + { + "Size": 66600448, + "Digest": "sha256:46d0fd62d2cff7737f0fb4748d92a080a4d1a75f1a4c61c776df46bbbb024d4a", + "DiffID": "sha256:8092223828afad76fbb149b4e7772b18df8e643bf68e845552cf474291457eb2" + }, + { + "Size": 3584, + "Digest": "sha256:db5408ef777344225e7f6b3b5edbb0dd8187346fe6b8ef25d49b3206adbd589a", + "DiffID": "sha256:095ca2e2faf8197e860b1a0939052ab368bd2212ddff14745abfbb86cfcf9acd" + } + ] + } + ], + "Results": [ + { + "Target": "registry.k8s.io/ingress-nginx/controller:v1.11.5 (alpine 3.21.3)", + "Class": "os-pkgs", + "Type": "alpine", + "Packages": [ + { + "ID": "abseil-cpp-base@20240722.0-r0", + "Name": "abseil-cpp-base", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-base@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6e956a38dbfdfc7" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-raw-logging-internal@20240722.0-r0", + "abseil-cpp-spinlock-wait@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:f119fb04ecdd04739a6b7c875976b0aaf381603f", + "InstalledFiles": [ + "usr/lib/libabsl_base.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-city@20240722.0-r0", + "Name": "abseil-cpp-city", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-city@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "1db180a4f1711db6" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:9a8c072de15cc24b16c9471e597f17c429add617", + "InstalledFiles": [ + "usr/lib/libabsl_city.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-cord@20240722.0-r0", + "Name": "abseil-cpp-cord", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-cord@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "5845a704427c8012" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-cord-internal@20240722.0-r0", + "abseil-cpp-cordz-functions@20240722.0-r0", + "abseil-cpp-cordz-info@20240722.0-r0", + "abseil-cpp-crc-cord-state@20240722.0-r0", + "abseil-cpp-raw-logging-internal@20240722.0-r0", + "abseil-cpp-strings@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:4131a105d32960476940b51dd7ee2544d97ed4d3", + "InstalledFiles": [ + "usr/lib/libabsl_cord.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-cord-internal@20240722.0-r0", + "Name": "abseil-cpp-cord-internal", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-cord-internal@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "82fcff44113f8f50" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-crc-cord-state@20240722.0-r0", + "abseil-cpp-raw-logging-internal@20240722.0-r0", + "abseil-cpp-strings@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:e29cf7add6748fa7606b17e71f8e8df8c0a23f86", + "InstalledFiles": [ + "usr/lib/libabsl_cord_internal.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-cordz-functions@20240722.0-r0", + "Name": "abseil-cpp-cordz-functions", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-cordz-functions@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "5095b4f4ba95e23" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-exponential-biased@20240722.0-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:2a1d89367bc392fcdaa7fbcd59aa3d4faee279cb", + "InstalledFiles": [ + "usr/lib/libabsl_cordz_functions.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-cordz-handle@20240722.0-r0", + "Name": "abseil-cpp-cordz-handle", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-cordz-handle@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "ff14794af56e79ba" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-synchronization@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:734c3c1c0c68635797f50f2a198ac67da3b3bcbb", + "InstalledFiles": [ + "usr/lib/libabsl_cordz_handle.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-cordz-info@20240722.0-r0", + "Name": "abseil-cpp-cordz-info", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-cordz-info@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "20f772fd64b5157c" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-base@20240722.0-r0", + "abseil-cpp-cord-internal@20240722.0-r0", + "abseil-cpp-cordz-handle@20240722.0-r0", + "abseil-cpp-stacktrace@20240722.0-r0", + "abseil-cpp-synchronization@20240722.0-r0", + "abseil-cpp-time@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:3063f930f4c21a37694a362ff55a78aaa782fe40", + "InstalledFiles": [ + "usr/lib/libabsl_cordz_info.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-crc-cord-state@20240722.0-r0", + "Name": "abseil-cpp-crc-cord-state", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-crc-cord-state@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "3e60ba26069972ee" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-crc32c@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:9b17e061d71812722b55bdc26e5ccc871218bd4d", + "InstalledFiles": [ + "usr/lib/libabsl_crc_cord_state.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-crc-cpu-detect@20240722.0-r0", + "Name": "abseil-cpp-crc-cpu-detect", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-crc-cpu-detect@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c76fd3a3c1a09787" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:76c5de2f09887eac1d935fc8ed2f538547df4d07", + "InstalledFiles": [ + "usr/lib/libabsl_crc_cpu_detect.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-crc-internal@20240722.0-r0", + "Name": "abseil-cpp-crc-internal", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-crc-internal@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "25448508926240c8" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-raw-logging-internal@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:2979c617b6a34893d2ef113654e9c7a6321e4eab", + "InstalledFiles": [ + "usr/lib/libabsl_crc_internal.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-crc32c@20240722.0-r0", + "Name": "abseil-cpp-crc32c", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-crc32c@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b72b634388918bfd" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-crc-internal@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:6bcad6c81cde3be724d9ddbd0de8c1f061b0be86", + "InstalledFiles": [ + "usr/lib/libabsl_crc32c.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-debugging-internal@20240722.0-r0", + "Name": "abseil-cpp-debugging-internal", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-debugging-internal@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "5a639103f2528133" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-raw-logging-internal@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:2caa5a3fc032c6bee66100c0399d154d50da628f", + "InstalledFiles": [ + "usr/lib/libabsl_debugging_internal.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-die-if-null@20240722.0-r0", + "Name": "abseil-cpp-die-if-null", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-die-if-null@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "fb14fa1fe0d77e26" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-log-internal-message@20240722.0-r0", + "abseil-cpp-strings@20240722.0-r0", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:248499948d709f2499dd839152e8c2c62456c65d", + "InstalledFiles": [ + "usr/lib/libabsl_die_if_null.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-examine-stack@20240722.0-r0", + "Name": "abseil-cpp-examine-stack", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-examine-stack@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "3e53dab82ed518" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-stacktrace@20240722.0-r0", + "abseil-cpp-symbolize@20240722.0-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:e4c13972cf67967b571884d86c7bc9e8661b0054", + "InstalledFiles": [ + "usr/lib/libabsl_examine_stack.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-exponential-biased@20240722.0-r0", + "Name": "abseil-cpp-exponential-biased", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-exponential-biased@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "8ebcec3a9c0b8bc2" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:8caf1c24f3f009cadb4de7e21d6aff4be93b3024", + "InstalledFiles": [ + "usr/lib/libabsl_exponential_biased.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-flags-commandlineflag@20240722.0-r0", + "Name": "abseil-cpp-flags-commandlineflag", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-flags-commandlineflag@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "77e6d9de8c02c41c" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "libstdc++@14.2.0-r4" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:c8630701b27fdb9eb848d64d0682d993b7f308f1", + "InstalledFiles": [ + "usr/lib/libabsl_flags_commandlineflag.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-flags-commandlineflag-internal@20240722.0-r0", + "Name": "abseil-cpp-flags-commandlineflag-internal", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-flags-commandlineflag-internal@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "bca11bb0422d4df1" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "libstdc++@14.2.0-r4" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:475dd40133d928762fcdae68acac4687c191b0ea", + "InstalledFiles": [ + "usr/lib/libabsl_flags_commandlineflag_internal.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-flags-config@20240722.0-r0", + "Name": "abseil-cpp-flags-config", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-flags-config@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "a16c438db1d2a16c" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-flags-program-name@20240722.0-r0", + "abseil-cpp-synchronization@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:b521bd8bc838b342934a51a25cdbaadc9e45c901", + "InstalledFiles": [ + "usr/lib/libabsl_flags_config.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-flags-internal@20240722.0-r0", + "Name": "abseil-cpp-flags-internal", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-flags-internal@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "1f0671395adc3412" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-flags-commandlineflag-internal@20240722.0-r0", + "abseil-cpp-flags-commandlineflag@20240722.0-r0", + "abseil-cpp-flags-config@20240722.0-r0", + "abseil-cpp-raw-logging-internal@20240722.0-r0", + "abseil-cpp-spinlock-wait@20240722.0-r0", + "abseil-cpp-strings@20240722.0-r0", + "abseil-cpp-synchronization@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:8deabcef3489363f81090e4647cec18202ab74a4", + "InstalledFiles": [ + "usr/lib/libabsl_flags_internal.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-flags-marshalling@20240722.0-r0", + "Name": "abseil-cpp-flags-marshalling", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-flags-marshalling@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "34d6575c83748db2" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-int128@20240722.0-r0", + "abseil-cpp-str-format-internal@20240722.0-r0", + "abseil-cpp-strings@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:b9a660b37d1dde155731ce29c5f744d67bf17aa4", + "InstalledFiles": [ + "usr/lib/libabsl_flags_marshalling.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-flags-private-handle-accessor@20240722.0-r0", + "Name": "abseil-cpp-flags-private-handle-accessor", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-flags-private-handle-accessor@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "14dfe60e07741b7f" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:faa50b40dd8daa14931498cfd6523b02d21f2135", + "InstalledFiles": [ + "usr/lib/libabsl_flags_private_handle_accessor.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-flags-program-name@20240722.0-r0", + "Name": "abseil-cpp-flags-program-name", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-flags-program-name@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "d164362caa03fcd3" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-synchronization@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:a397284a756437c20200990276f7a25b0cf050d1", + "InstalledFiles": [ + "usr/lib/libabsl_flags_program_name.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-flags-reflection@20240722.0-r0", + "Name": "abseil-cpp-flags-reflection", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-flags-reflection@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "7d0d78ca5ab03a66" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-flags-commandlineflag@20240722.0-r0", + "abseil-cpp-flags-config@20240722.0-r0", + "abseil-cpp-flags-private-handle-accessor@20240722.0-r0", + "abseil-cpp-hash@20240722.0-r0", + "abseil-cpp-raw-hash-set@20240722.0-r0", + "abseil-cpp-strings@20240722.0-r0", + "abseil-cpp-synchronization@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:ea3a137ca1c8f97cf9ea705c3d196418aa7f34ab", + "InstalledFiles": [ + "usr/lib/libabsl_flags_reflection.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-hash@20240722.0-r0", + "Name": "abseil-cpp-hash", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-hash@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "ca28f67edf2db634" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-city@20240722.0-r0", + "abseil-cpp-low-level-hash@20240722.0-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:91c90604a23db8567fb5eded0fe4b93aa0e8bb09", + "InstalledFiles": [ + "usr/lib/libabsl_hash.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-int128@20240722.0-r0", + "Name": "abseil-cpp-int128", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-int128@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "887244893996a9b2" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:456cff991c6732e0470ee7d9cf9b890a86d0bd27", + "InstalledFiles": [ + "usr/lib/libabsl_int128.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-kernel-timeout-internal@20240722.0-r0", + "Name": "abseil-cpp-kernel-timeout-internal", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-kernel-timeout-internal@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "96e43af988c89514" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-raw-logging-internal@20240722.0-r0", + "abseil-cpp-time@20240722.0-r0", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:37081109feea1118fe9549e814d962d57a7504b0", + "InstalledFiles": [ + "usr/lib/libabsl_kernel_timeout_internal.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-log-globals@20240722.0-r0", + "Name": "abseil-cpp-log-globals", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-log-globals@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c0bed64b631dac7c" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-hash@20240722.0-r0", + "abseil-cpp-raw-logging-internal@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:cf3ec4b66f015006d01ebda2e0cba7473478f61f", + "InstalledFiles": [ + "usr/lib/libabsl_log_globals.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-log-internal-check-op@20240722.0-r0", + "Name": "abseil-cpp-log-internal-check-op", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-log-internal-check-op@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "71eb8367888b5b63" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-log-internal-nullguard@20240722.0-r0", + "abseil-cpp-strings@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:a183b7dadf2c425e3c7b9f7d5dbabe6f1e8b23f0", + "InstalledFiles": [ + "usr/lib/libabsl_log_internal_check_op.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-log-internal-conditions@20240722.0-r0", + "Name": "abseil-cpp-log-internal-conditions", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-log-internal-conditions@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "ce87a8a83ad2f0a5" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-base@20240722.0-r0" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:ae7d6454f7c39128b5b21cc513eaef330cdf459b", + "InstalledFiles": [ + "usr/lib/libabsl_log_internal_conditions.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-log-internal-fnmatch@20240722.0-r0", + "Name": "abseil-cpp-log-internal-fnmatch", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-log-internal-fnmatch@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "d1cbb1781ad71d88" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:d7d0fbd7b64f58d9343be0435000cdcdc5b9ec18", + "InstalledFiles": [ + "usr/lib/libabsl_log_internal_fnmatch.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-log-internal-format@20240722.0-r0", + "Name": "abseil-cpp-log-internal-format", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-log-internal-format@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "3d4a37c26952ae" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-log-internal-globals@20240722.0-r0", + "abseil-cpp-str-format-internal@20240722.0-r0", + "abseil-cpp-strings@20240722.0-r0", + "abseil-cpp-time@20240722.0-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:4e87d467ed89f85670797d3308253557f3d25596", + "InstalledFiles": [ + "usr/lib/libabsl_log_internal_format.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-log-internal-globals@20240722.0-r0", + "Name": "abseil-cpp-log-internal-globals", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-log-internal-globals@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "580bf4ad2491dd58" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-raw-logging-internal@20240722.0-r0", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:b1ad3f89916cfd368fe92fc9c36b575c5d017a56", + "InstalledFiles": [ + "usr/lib/libabsl_log_internal_globals.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-log-internal-log-sink-set@20240722.0-r0", + "Name": "abseil-cpp-log-internal-log-sink-set", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-log-internal-log-sink-set@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "343a5d7b4df20552" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-log-globals@20240722.0-r0", + "abseil-cpp-log-internal-globals@20240722.0-r0", + "abseil-cpp-log-sink@20240722.0-r0", + "abseil-cpp-raw-logging-internal@20240722.0-r0", + "abseil-cpp-spinlock-wait@20240722.0-r0", + "abseil-cpp-synchronization@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:5fdc8b05df4f0417a123db6ce33929977c2ed183", + "InstalledFiles": [ + "usr/lib/libabsl_log_internal_log_sink_set.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-log-internal-message@20240722.0-r0", + "Name": "abseil-cpp-log-internal-message", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-log-internal-message@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "2bc70f16339e71dd" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-base@20240722.0-r0", + "abseil-cpp-examine-stack@20240722.0-r0", + "abseil-cpp-log-globals@20240722.0-r0", + "abseil-cpp-log-internal-format@20240722.0-r0", + "abseil-cpp-log-internal-globals@20240722.0-r0", + "abseil-cpp-log-internal-log-sink-set@20240722.0-r0", + "abseil-cpp-log-internal-proto@20240722.0-r0", + "abseil-cpp-raw-logging-internal@20240722.0-r0", + "abseil-cpp-strerror@20240722.0-r0", + "abseil-cpp-time@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:d4fcb572a40a151bcc39b584c16aa32e069b72ff", + "InstalledFiles": [ + "usr/lib/libabsl_log_internal_message.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-log-internal-nullguard@20240722.0-r0", + "Name": "abseil-cpp-log-internal-nullguard", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-log-internal-nullguard@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "f4958860bfac8a3" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:c611f1ce74f66a6091d61ca9c71117f0238ecbfc", + "InstalledFiles": [ + "usr/lib/libabsl_log_internal_nullguard.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-log-internal-proto@20240722.0-r0", + "Name": "abseil-cpp-log-internal-proto", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-log-internal-proto@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "410b9b25c1437c68" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:a14778300945cf2e7519198b0bdf80d18121e997", + "InstalledFiles": [ + "usr/lib/libabsl_log_internal_proto.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-log-sink@20240722.0-r0", + "Name": "abseil-cpp-log-sink", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-log-sink@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "26c672fc2a1de89e" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "libstdc++@14.2.0-r4" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:4ab74d275296e155a5b5855f43d4e3fce2ec06e2", + "InstalledFiles": [ + "usr/lib/libabsl_log_sink.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-low-level-hash@20240722.0-r0", + "Name": "abseil-cpp-low-level-hash", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-low-level-hash@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "749e55ad4d3cd149" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:5c97f3e996f7c44e9b3956781cea8e56474ce637", + "InstalledFiles": [ + "usr/lib/libabsl_low_level_hash.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-malloc-internal@20240722.0-r0", + "Name": "abseil-cpp-malloc-internal", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-malloc-internal@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "4065cac98d45c567" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-base@20240722.0-r0", + "abseil-cpp-raw-logging-internal@20240722.0-r0", + "abseil-cpp-spinlock-wait@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:2453932fc50587ba3ca052a80d4a2bcf09b353f5", + "InstalledFiles": [ + "usr/lib/libabsl_malloc_internal.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-random-internal-platform@20240722.0-r0", + "Name": "abseil-cpp-random-internal-platform", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-random-internal-platform@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "d77e57c9f6a36e92" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:8c112185a73bea0e6961f4a4a6562b769bc89168", + "InstalledFiles": [ + "usr/lib/libabsl_random_internal_platform.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-random-internal-pool-urbg@20240722.0-r0", + "Name": "abseil-cpp-random-internal-pool-urbg", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-random-internal-pool-urbg@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "3f91f5259426cb3a" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-base@20240722.0-r0", + "abseil-cpp-random-internal-randen-hwaes-impl@20240722.0-r0", + "abseil-cpp-random-internal-randen-slow@20240722.0-r0", + "abseil-cpp-random-internal-randen@20240722.0-r0", + "abseil-cpp-random-internal-seed-material@20240722.0-r0", + "abseil-cpp-random-seed-gen-exception@20240722.0-r0", + "abseil-cpp-spinlock-wait@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:75ee1f1a16e0ac8458391680dbed2b1400edab69", + "InstalledFiles": [ + "usr/lib/libabsl_random_internal_pool_urbg.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-random-internal-randen@20240722.0-r0", + "Name": "abseil-cpp-random-internal-randen", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-random-internal-randen@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c07c31180059fc45" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-random-internal-randen-hwaes-impl@20240722.0-r0", + "abseil-cpp-random-internal-randen-hwaes@20240722.0-r0", + "abseil-cpp-random-internal-randen-slow@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:033c401ca9df05b4aaf520ca202fe911e42c4ed0", + "InstalledFiles": [ + "usr/lib/libabsl_random_internal_randen.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-random-internal-randen-hwaes@20240722.0-r0", + "Name": "abseil-cpp-random-internal-randen-hwaes", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-random-internal-randen-hwaes@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "9e3de93f3d0bb788" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:e4cf63a0b8761512c2ae5829314be3a71edc5685", + "InstalledFiles": [ + "usr/lib/libabsl_random_internal_randen_hwaes.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-random-internal-randen-hwaes-impl@20240722.0-r0", + "Name": "abseil-cpp-random-internal-randen-hwaes-impl", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-random-internal-randen-hwaes-impl@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "ca1dd8014001fcc" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-random-internal-platform@20240722.0-r0" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:ea18e9fbe0f5175824fdad8b2d73b44ee17304ea", + "InstalledFiles": [ + "usr/lib/libabsl_random_internal_randen_hwaes_impl.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-random-internal-randen-slow@20240722.0-r0", + "Name": "abseil-cpp-random-internal-randen-slow", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-random-internal-randen-slow@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "8fe4f12eacc94e1" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-random-internal-platform@20240722.0-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:65582a7685600f06974688534e6fae7e30a8301a", + "InstalledFiles": [ + "usr/lib/libabsl_random_internal_randen_slow.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-random-internal-seed-material@20240722.0-r0", + "Name": "abseil-cpp-random-internal-seed-material", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-random-internal-seed-material@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "7e7e19e25565a52b" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:900579c19597e37851acd08686f7680846780bd0", + "InstalledFiles": [ + "usr/lib/libabsl_random_internal_seed_material.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-random-seed-gen-exception@20240722.0-r0", + "Name": "abseil-cpp-random-seed-gen-exception", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-random-seed-gen-exception@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "ba8d34c0851c1680" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "libstdc++@14.2.0-r4" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:dfea8ec7ce220fd91a8c5d299e91566792104c14", + "InstalledFiles": [ + "usr/lib/libabsl_random_seed_gen_exception.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-raw-hash-set@20240722.0-r0", + "Name": "abseil-cpp-raw-hash-set", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-raw-hash-set@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "ce09167cd05be0d6" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-hash@20240722.0-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:685ff5da9644daad578c9309d351749f5554633b", + "InstalledFiles": [ + "usr/lib/libabsl_raw_hash_set.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-raw-logging-internal@20240722.0-r0", + "Name": "abseil-cpp-raw-logging-internal", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-raw-logging-internal@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "1f22b75a8a9602e1" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:76c969915dbdc64b61f78cca452227e743e6987e", + "InstalledFiles": [ + "usr/lib/libabsl_raw_logging_internal.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-spinlock-wait@20240722.0-r0", + "Name": "abseil-cpp-spinlock-wait", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-spinlock-wait@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "5cb03fc35b356474" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:0a78577f9488cc44a4bbc63d0c96b068a2237e20", + "InstalledFiles": [ + "usr/lib/libabsl_spinlock_wait.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-stacktrace@20240722.0-r0", + "Name": "abseil-cpp-stacktrace", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-stacktrace@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "da1fdaafb6d7c63e" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-debugging-internal@20240722.0-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:48c4df2b650fce432c89c7fe0da9a69d753df126", + "InstalledFiles": [ + "usr/lib/libabsl_stacktrace.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-status@20240722.0-r0", + "Name": "abseil-cpp-status", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-status@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "e5b7f9544a565a1d" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-cord@20240722.0-r0", + "abseil-cpp-cordz-info@20240722.0-r0", + "abseil-cpp-strerror@20240722.0-r0", + "abseil-cpp-strings@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:a1248beccb8711a937a07ab1652b482db8921ee8", + "InstalledFiles": [ + "usr/lib/libabsl_status.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-statusor@20240722.0-r0", + "Name": "abseil-cpp-statusor", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-statusor@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c265637b4b2056c1" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-raw-logging-internal@20240722.0-r0", + "abseil-cpp-spinlock-wait@20240722.0-r0", + "abseil-cpp-status@20240722.0-r0", + "abseil-cpp-strings@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:79d98f208425f33c4a5cb2033a8dd185453f7006", + "InstalledFiles": [ + "usr/lib/libabsl_statusor.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-str-format-internal@20240722.0-r0", + "Name": "abseil-cpp-str-format-internal", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-str-format-internal@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "1ada1848124c8390" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-int128@20240722.0-r0", + "abseil-cpp-strings@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:183ca56b4d2002cfb2c46dcaad5d86232510ec74", + "InstalledFiles": [ + "usr/lib/libabsl_str_format_internal.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-strerror@20240722.0-r0", + "Name": "abseil-cpp-strerror", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-strerror@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "f7f6e904ceca5f5" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:ad0797656fcf0d4cef8c8596a65284ca4b005783", + "InstalledFiles": [ + "usr/lib/libabsl_strerror.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-strings@20240722.0-r0", + "Name": "abseil-cpp-strings", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-strings@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "552ac9af594fecbe" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-raw-logging-internal@20240722.0-r0", + "abseil-cpp-strings-internal@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:8f46d13939e5532b5606ad23d273a125a90f24d1", + "InstalledFiles": [ + "usr/lib/libabsl_strings.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-strings-internal@20240722.0-r0", + "Name": "abseil-cpp-strings-internal", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-strings-internal@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c1048be15db5251f" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-raw-logging-internal@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:0dd3ef0700337844cfbb6e692078fd8e2255478f", + "InstalledFiles": [ + "usr/lib/libabsl_strings_internal.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-symbolize@20240722.0-r0", + "Name": "abseil-cpp-symbolize", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-symbolize@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b0ada86ba5aefcf0" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:2eddeea9ed9bf8cb1e74b772b017fc7f4e01cade", + "InstalledFiles": [ + "usr/lib/libabsl_symbolize.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-synchronization@20240722.0-r0", + "Name": "abseil-cpp-synchronization", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-synchronization@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "ecd8de69f50c5c67" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-base@20240722.0-r0", + "abseil-cpp-kernel-timeout-internal@20240722.0-r0", + "abseil-cpp-malloc-internal@20240722.0-r0", + "abseil-cpp-raw-logging-internal@20240722.0-r0", + "abseil-cpp-spinlock-wait@20240722.0-r0", + "abseil-cpp-stacktrace@20240722.0-r0", + "abseil-cpp-time@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:ea699a4bb26eca6d4d362ee4786b3401ddad8937", + "InstalledFiles": [ + "usr/lib/libabsl_synchronization.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-throw-delegate@20240722.0-r0", + "Name": "abseil-cpp-throw-delegate", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-throw-delegate@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "39748295d271fe77" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:14f463939675faeb271c94b0728e4ae373d31841", + "InstalledFiles": [ + "usr/lib/libabsl_throw_delegate.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-time@20240722.0-r0", + "Name": "abseil-cpp-time", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-time@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "e2e8f829b75b4612" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-raw-logging-internal@20240722.0-r0", + "abseil-cpp-strings@20240722.0-r0", + "abseil-cpp-time-zone@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:8cb0b174884d3dc0bfdfbc6d21d2f85aedb6f598", + "InstalledFiles": [ + "usr/lib/libabsl_time.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-time-zone@20240722.0-r0", + "Name": "abseil-cpp-time-zone", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-time-zone@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "e0ef7f520548f434" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:862944d24407519f781e576628065f0997b7f01c", + "InstalledFiles": [ + "usr/lib/libabsl_time_zone.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "abseil-cpp-vlog-config-internal@20240722.0-r0", + "Name": "abseil-cpp-vlog-config-internal", + "Identifier": { + "PURL": "pkg:apk/alpine/abseil-cpp-vlog-config-internal@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "53301d833f74c8e1" + }, + "Version": "20240722.0-r0", + "Arch": "x86_64", + "SrcName": "abseil-cpp", + "SrcVersion": "20240722.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", + "DependsOn": [ + "abseil-cpp-base@20240722.0-r0", + "abseil-cpp-log-internal-fnmatch@20240722.0-r0", + "abseil-cpp-strings@20240722.0-r0", + "abseil-cpp-synchronization@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:5ce4cd19787d7d45f4faf6dcbd39277a44a6f5fb", + "InstalledFiles": [ + "usr/lib/libabsl_vlog_config_internal.so.2407.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-baselayout@3.6.8-r1", + "Name": "alpine-baselayout", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout@3.6.8-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "393060090f95beb4" + }, + "Version": "3.6.8-r1", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.6.8-r1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-baselayout-data@3.6.8-r1", + "busybox-binsh@1.37.0-r12" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:eceb5e3555e7f7f8925dc248d557fcc744d573d6", + "InstalledFiles": [ + "etc/motd", + "etc/crontabs/root", + "etc/modprobe.d/aliases.conf", + "etc/modprobe.d/blacklist.conf", + "etc/modprobe.d/i386.conf", + "etc/modprobe.d/kms.conf", + "etc/profile.d/20locale.sh", + "etc/profile.d/README", + "etc/profile.d/color_prompt.sh.disabled", + "usr/lib/sysctl.d/00-alpine.conf", + "var/lock", + "var/run", + "var/spool/mail", + "var/spool/cron/crontabs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-baselayout-data@3.6.8-r1", + "Name": "alpine-baselayout-data", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.6.8-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "a35ff814457b106b" + }, + "Version": "3.6.8-r1", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.6.8-r1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:7979a835bc317cedb997d3a42f3b10be86a8d18a", + "InstalledFiles": [ + "etc/fstab", + "etc/group", + "etc/hostname", + "etc/hosts", + "etc/inittab", + "etc/modules", + "etc/mtab", + "etc/nsswitch.conf", + "etc/passwd", + "etc/profile", + "etc/protocols", + "etc/services", + "etc/shadow", + "etc/shells", + "etc/sysctl.conf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-keys@2.5-r0", + "Name": "alpine-keys", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-keys@2.5-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "e87ecc7343d144e0" + }, + "Version": "2.5-r0", + "Arch": "x86_64", + "SrcName": "alpine-keys", + "SrcVersion": "2.5-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:91014bfdba0e7f7b4505159466e9f19871606a59", + "InstalledFiles": [ + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/loongarch64/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", + "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-release@3.21.3-r0", + "Name": "alpine-release", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-release@3.21.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "67b837fa5630d327" + }, + "Version": "3.21.3-r0", + "Arch": "x86_64", + "SrcName": "alpine-base", + "SrcVersion": "3.21.3-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-keys@2.5-r0" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:b9fcfa5afb3341f82ec4f757c6dba8d8807017e3", + "InstalledFiles": [ + "etc/alpine-release", + "etc/issue", + "etc/os-release", + "etc/secfixes.d/alpine", + "usr/lib/os-release" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "apk-tools@2.14.6-r3", + "Name": "apk-tools", + "Identifier": { + "PURL": "pkg:apk/alpine/apk-tools@2.14.6-r3?arch=x86_64\u0026distro=3.21.3", + "UID": "d24a24462031f215" + }, + "Version": "2.14.6-r3", + "Arch": "x86_64", + "SrcName": "apk-tools", + "SrcVersion": "2.14.6-r3", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "ca-certificates-bundle@20241121-r1", + "libcrypto3@3.3.3-r0", + "libssl3@3.3.3-r0", + "musl@1.2.5-r9", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:9704358d1b44fa771e0a0a3a527d8a26830e3eba", + "InstalledFiles": [ + "sbin/apk", + "usr/lib/libapk.so.2.14.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "bash@5.2.37-r0", + "Name": "bash", + "Identifier": { + "PURL": "pkg:apk/alpine/bash@5.2.37-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "3a8832be3281bc02" + }, + "Version": "5.2.37-r0", + "Arch": "x86_64", + "SrcName": "bash", + "SrcVersion": "5.2.37-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r12", + "musl@1.2.5-r9", + "readline@8.2.13-r0" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:74ad67cbf2d2088eb064b74e377a7e5c5a85d8fb", + "InstalledFiles": [ + "bin/bash", + "etc/bash/bashrc", + "etc/profile.d/00-bashrc.sh", + "usr/lib/bash/accept", + "usr/lib/bash/basename", + "usr/lib/bash/csv", + "usr/lib/bash/cut", + "usr/lib/bash/dirname", + "usr/lib/bash/dsv", + "usr/lib/bash/fdflags", + "usr/lib/bash/finfo", + "usr/lib/bash/getconf", + "usr/lib/bash/head", + "usr/lib/bash/id", + "usr/lib/bash/ln", + "usr/lib/bash/logname", + "usr/lib/bash/mkdir", + "usr/lib/bash/mkfifo", + "usr/lib/bash/mktemp", + "usr/lib/bash/mypid", + "usr/lib/bash/pathchk", + "usr/lib/bash/print", + "usr/lib/bash/printenv", + "usr/lib/bash/push", + "usr/lib/bash/realpath", + "usr/lib/bash/rm", + "usr/lib/bash/rmdir", + "usr/lib/bash/seq", + "usr/lib/bash/setpgid", + "usr/lib/bash/sleep", + "usr/lib/bash/stat", + "usr/lib/bash/strftime", + "usr/lib/bash/sync", + "usr/lib/bash/tee", + "usr/lib/bash/truefalse", + "usr/lib/bash/tty", + "usr/lib/bash/uname", + "usr/lib/bash/unlink", + "usr/lib/bash/whoami" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "brotli-libs@1.1.0-r2", + "Name": "brotli-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/brotli-libs@1.1.0-r2?arch=x86_64\u0026distro=3.21.3", + "UID": "cc9451d88db1a57f" + }, + "Version": "1.1.0-r2", + "Arch": "x86_64", + "SrcName": "brotli", + "SrcVersion": "1.1.0-r2", + "Licenses": [ + "MIT" + ], + "Maintainer": "prspkt \u003cprspkt@protonmail.com\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:70f773919e72e35e8d9bbc364922178a7656f3a1", + "InstalledFiles": [ + "usr/lib/libbrotlicommon.so.1", + "usr/lib/libbrotlicommon.so.1.1.0", + "usr/lib/libbrotlidec.so.1", + "usr/lib/libbrotlidec.so.1.1.0", + "usr/lib/libbrotlienc.so.1", + "usr/lib/libbrotlienc.so.1.1.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox@1.37.0-r12", + "Name": "busybox", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", + "UID": "40c5c5c69a5100e0" + }, + "Version": "1.37.0-r12", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r12", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:b1234297831343477557fd0d4d702122363b36aa", + "InstalledFiles": [ + "bin/busybox", + "etc/securetty", + "etc/busybox-paths.d/busybox", + "etc/logrotate.d/acpid", + "etc/network/if-up.d/dad", + "etc/udhcpc/udhcpc.conf", + "usr/share/udhcpc/default.script" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox-binsh@1.37.0-r12", + "Name": "busybox-binsh", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", + "UID": "f727574eea8e47ea" + }, + "Version": "1.37.0-r12", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r12", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "busybox@1.37.0-r12" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:2a3dd16cd3f036f57a45e0b4819a7d9ffa74f101", + "InstalledFiles": [ + "bin/sh" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "c-ares@1.34.3-r0", + "Name": "c-ares", + "Identifier": { + "PURL": "pkg:apk/alpine/c-ares@1.34.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "65e5c61e1dac77c8" + }, + "Version": "1.34.3-r0", + "Arch": "x86_64", + "SrcName": "c-ares", + "SrcVersion": "1.34.3-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:ce4b51a748e0f56676097438497c0d07ae2a10ba", + "InstalledFiles": [ + "usr/lib/libcares.so.2", + "usr/lib/libcares.so.2.19.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates@20241121-r1", + "Name": "ca-certificates", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates@20241121-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "7bc60c9beb5b71aa" + }, + "Version": "20241121-r1", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20241121-r1", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r12", + "libcrypto3@3.3.3-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:ec815ac3e1ae86c055bede3a0b697b62f2b6cca0", + "InstalledFiles": [ + "etc/ca-certificates.conf", + "etc/apk/protected_paths.d/ca-certificates.list", + "etc/ca-certificates/update.d/certhash", + "usr/bin/c_rehash", + "usr/sbin/update-ca-certificates", + "usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", + "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", + "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", + "usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", + "usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", + "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", + "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", + "usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", + "usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", + "usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", + "usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", + "usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", + "usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", + "usr/share/ca-certificates/mozilla/Certigna.crt", + "usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-01.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-02.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-01.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-02.crt", + "usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", + "usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", + "usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", + "usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", + "usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", + "usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", + "usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", + "usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", + "usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", + "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", + "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", + "usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", + "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", + "usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", + "usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/Izenpe.com.crt", + "usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", + "usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", + "usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", + "usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", + "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", + "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", + "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", + "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", + "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", + "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", + "usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", + "usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", + "usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", + "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", + "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", + "usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", + "usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", + "usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", + "usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", + "usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", + "usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", + "usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", + "usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", + "usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", + "usr/share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt", + "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", + "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", + "usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", + "usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", + "usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", + "usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", + "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", + "usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", + "usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", + "usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", + "usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", + "usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", + "usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", + "usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", + "usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", + "usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", + "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", + "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", + "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", + "usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", + "usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates-bundle@20241121-r1", + "Name": "ca-certificates-bundle", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates-bundle@20241121-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "648ddfcaeba667a7" + }, + "Version": "20241121-r1", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20241121-r1", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:9cfd2df1eb4d8cf25007be42ad2818f3e5c9a37b", + "InstalledFiles": [ + "etc/ssl/cert.pem", + "etc/ssl/certs/ca-certificates.crt", + "etc/ssl1.1/cert.pem", + "etc/ssl1.1/certs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "curl@8.12.1-r1", + "Name": "curl", + "Identifier": { + "PURL": "pkg:apk/alpine/curl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "88c4306caf842e16" + }, + "Version": "8.12.1-r1", + "Arch": "x86_64", + "SrcName": "curl", + "SrcVersion": "8.12.1-r1", + "Licenses": [ + "curl" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcurl@8.12.1-r1", + "musl@1.2.5-r9", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:2c50f1a2eae9946459a4fcceeaf8d31f43fdae48", + "InstalledFiles": [ + "usr/bin/curl" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "diffutils@3.10-r0", + "Name": "diffutils", + "Identifier": { + "PURL": "pkg:apk/alpine/diffutils@3.10-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b58dd7352a97773d" + }, + "Version": "3.10-r0", + "Arch": "x86_64", + "SrcName": "diffutils", + "SrcVersion": "3.10-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Leonardo Arena \u003crnalrd@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:d8bf483dcaa2136ca4275dfa783369b5159ffd96ac2a1748928cb4e1864710ba", + "DiffID": "sha256:b4536ef30a85ae24d9be2699da4f8198706ce2d9bf92624e66a237a026918152" + }, + "Digest": "sha1:1dc7d9d822286f4e4563e540138a7ce2b6160be9", + "InstalledFiles": [ + "usr/bin/cmp", + "usr/bin/diff", + "usr/bin/diff3", + "usr/bin/sdiff" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "dumb-init@1.2.5-r3", + "Name": "dumb-init", + "Identifier": { + "PURL": "pkg:apk/alpine/dumb-init@1.2.5-r3?arch=x86_64\u0026distro=3.21.3", + "UID": "316a7eff15127cd5" + }, + "Version": "1.2.5-r3", + "Arch": "x86_64", + "SrcName": "dumb-init", + "SrcVersion": "1.2.5-r3", + "Licenses": [ + "MIT" + ], + "Maintainer": "Celeste \u003ccielesti@protonmail.com\u003e", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:9538d2911af9aa304d7a593a76c3661893cc7bd2", + "InstalledFiles": [ + "usr/bin/dumb-init" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "grpc@1.62.1-r2", + "Name": "grpc", + "Identifier": { + "PURL": "pkg:apk/alpine/grpc@1.62.1-r2?arch=x86_64\u0026distro=3.21.3", + "UID": "58cb0c34ec8dd1ab" + }, + "Version": "1.62.1-r2", + "Arch": "x86_64", + "SrcName": "grpc", + "SrcVersion": "1.62.1-r2", + "Licenses": [ + "Apache-2.0", + "BSD-3-Clause", + "MIT" + ], + "Maintainer": "wener \u003cwenermail@gmail.com\u003e", + "DependsOn": [ + "ca-certificates@20241121-r1" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:18b9a1fd9a77007bda064e56db44b9b282f4440f", + "InstalledFiles": [ + "usr/lib/libutf8_range_lib.so.39", + "usr/lib/libutf8_range_lib.so.39.0.0", + "usr/share/grpc/roots.pem" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "grpc-cpp@1.62.1-r2", + "Name": "grpc-cpp", + "Identifier": { + "PURL": "pkg:apk/alpine/grpc-cpp@1.62.1-r2?arch=x86_64\u0026distro=3.21.3", + "UID": "414602421fe3a462" + }, + "Version": "1.62.1-r2", + "Arch": "x86_64", + "SrcName": "grpc", + "SrcVersion": "1.62.1-r2", + "Licenses": [ + "Apache-2.0", + "BSD-3-Clause", + "MIT" + ], + "Maintainer": "wener \u003cwenermail@gmail.com\u003e", + "DependsOn": [ + "abseil-cpp-cord@20240722.0-r0", + "abseil-cpp-cordz-functions@20240722.0-r0", + "abseil-cpp-cordz-info@20240722.0-r0", + "abseil-cpp-hash@20240722.0-r0", + "abseil-cpp-kernel-timeout-internal@20240722.0-r0", + "abseil-cpp-raw-hash-set@20240722.0-r0", + "abseil-cpp-status@20240722.0-r0", + "abseil-cpp-statusor@20240722.0-r0", + "abseil-cpp-str-format-internal@20240722.0-r0", + "abseil-cpp-strings@20240722.0-r0", + "abseil-cpp-synchronization@20240722.0-r0", + "abseil-cpp-time@20240722.0-r0", + "grpc@1.62.1-r2", + "libgcc@14.2.0-r4", + "libgpr@1.62.1-r2", + "libgrpc@1.62.1-r2", + "libgrpc_unsecure@1.62.1-r2", + "libprotobuf@24.4-r4", + "libprotoc@24.4-r4", + "libstdc++@14.2.0-r4", + "libupb_json_lib@1.62.1-r2", + "libupb_mem_lib@1.62.1-r2", + "libupb_message_lib@1.62.1-r2", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:eeba372be0d93aebec3975f5380a445c699f0049", + "InstalledFiles": [ + "usr/lib/libgrpc++.so.1.62", + "usr/lib/libgrpc++.so.1.62.1", + "usr/lib/libgrpc++_alts.so.1.62", + "usr/lib/libgrpc++_alts.so.1.62.1", + "usr/lib/libgrpc++_error_details.so.1.62", + "usr/lib/libgrpc++_error_details.so.1.62.1", + "usr/lib/libgrpc++_reflection.so.1.62", + "usr/lib/libgrpc++_reflection.so.1.62.1", + "usr/lib/libgrpc++_unsecure.so.1.62", + "usr/lib/libgrpc++_unsecure.so.1.62.1", + "usr/lib/libgrpc_plugin_support.so.1.62", + "usr/lib/libgrpc_plugin_support.so.1.62.1", + "usr/lib/libgrpcpp_channelz.so.1.62", + "usr/lib/libgrpcpp_channelz.so.1.62.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "icu-data-en@74.2-r0", + "Name": "icu-data-en", + "Identifier": { + "PURL": "pkg:apk/alpine/icu-data-en@74.2-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "74207ee7b1ed24e6" + }, + "Version": "74.2-r0", + "Arch": "x86_64", + "SrcName": "icu", + "SrcVersion": "74.2-r0", + "Licenses": [ + "ICU" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r12" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:815998abfea0e8775482826c85a72fe1718f09ac", + "InstalledFiles": [ + "usr/share/icu/74.2/icudt74l.dat" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "icu-libs@74.2-r0", + "Name": "icu-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/icu-libs@74.2-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "f5b3fee3128ff69c" + }, + "Version": "74.2-r0", + "Arch": "x86_64", + "SrcName": "icu", + "SrcVersion": "74.2-r0", + "Licenses": [ + "ICU" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "icu-data-en@74.2-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:dfd42e43920a0639c902f491c7ce7849b9025956", + "InstalledFiles": [ + "usr/lib/libicudata.so.74", + "usr/lib/libicudata.so.74.2", + "usr/lib/libicui18n.so.74", + "usr/lib/libicui18n.so.74.2", + "usr/lib/libicuio.so.74", + "usr/lib/libicuio.so.74.2", + "usr/lib/libicuuc.so.74", + "usr/lib/libicuuc.so.74.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libaddress_sorting@1.62.1-r2", + "Name": "libaddress_sorting", + "Identifier": { + "PURL": "pkg:apk/alpine/libaddress_sorting@1.62.1-r2?arch=x86_64\u0026distro=3.21.3", + "UID": "27f9c27e0be175b6" + }, + "Version": "1.62.1-r2", + "Arch": "x86_64", + "SrcName": "grpc", + "SrcVersion": "1.62.1-r2", + "Licenses": [ + "Apache-2.0", + "BSD-3-Clause", + "MIT" + ], + "Maintainer": "wener \u003cwenermail@gmail.com\u003e", + "DependsOn": [ + "grpc@1.62.1-r2", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:3f17a6ecb56934736114d5d60ceef2fcebe63149", + "InstalledFiles": [ + "usr/lib/libaddress_sorting.so.39", + "usr/lib/libaddress_sorting.so.39.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcrypto3@3.3.3-r0", + "Name": "libcrypto3", + "Identifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "Version": "3.3.3-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.3.3-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:ba21a974113543ebb687f9e18494c0ce736775f8", + "InstalledFiles": [ + "etc/ssl/ct_log_list.cnf", + "etc/ssl/ct_log_list.cnf.dist", + "etc/ssl/openssl.cnf", + "etc/ssl/openssl.cnf.dist", + "usr/lib/libcrypto.so.3", + "usr/lib/engines-3/afalg.so", + "usr/lib/engines-3/capi.so", + "usr/lib/engines-3/loader_attic.so", + "usr/lib/engines-3/padlock.so", + "usr/lib/ossl-modules/legacy.so" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcurl@8.12.1-r1", + "Name": "libcurl", + "Identifier": { + "PURL": "pkg:apk/alpine/libcurl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "bb07c860cc2206ec" + }, + "Version": "8.12.1-r1", + "Arch": "x86_64", + "SrcName": "curl", + "SrcVersion": "8.12.1-r1", + "Licenses": [ + "curl" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "brotli-libs@1.1.0-r2", + "c-ares@1.34.3-r0", + "ca-certificates-bundle@20241121-r1", + "libcrypto3@3.3.3-r0", + "libidn2@2.3.7-r0", + "libpsl@0.21.5-r3", + "libssl3@3.3.3-r0", + "musl@1.2.5-r9", + "nghttp2-libs@1.64.0-r0", + "zlib@1.3.1-r2", + "zstd-libs@1.5.6-r2" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:572244672981ad6e6331ef0d66c4040cf65509b4", + "InstalledFiles": [ + "usr/lib/libcurl.so.4", + "usr/lib/libcurl.so.4.8.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libgcc@14.2.0-r4", + "Name": "libgcc", + "Identifier": { + "PURL": "pkg:apk/alpine/libgcc@14.2.0-r4?arch=x86_64\u0026distro=3.21.3", + "UID": "595ba1f60ecb7aa4" + }, + "Version": "14.2.0-r4", + "Arch": "x86_64", + "SrcName": "gcc", + "SrcVersion": "14.2.0-r4", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:b875969aa737f53cf28f8b5d50bb266d793a5664", + "InstalledFiles": [ + "usr/lib/libgcc_s.so.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libgpr@1.62.1-r2", + "Name": "libgpr", + "Identifier": { + "PURL": "pkg:apk/alpine/libgpr@1.62.1-r2?arch=x86_64\u0026distro=3.21.3", + "UID": "887aaf0ce28c988d" + }, + "Version": "1.62.1-r2", + "Arch": "x86_64", + "SrcName": "grpc", + "SrcVersion": "1.62.1-r2", + "Licenses": [ + "Apache-2.0", + "BSD-3-Clause", + "MIT" + ], + "Maintainer": "wener \u003cwenermail@gmail.com\u003e", + "DependsOn": [ + "abseil-cpp-flags-internal@20240722.0-r0", + "abseil-cpp-flags-marshalling@20240722.0-r0", + "abseil-cpp-flags-reflection@20240722.0-r0", + "abseil-cpp-kernel-timeout-internal@20240722.0-r0", + "abseil-cpp-spinlock-wait@20240722.0-r0", + "abseil-cpp-status@20240722.0-r0", + "abseil-cpp-str-format-internal@20240722.0-r0", + "abseil-cpp-strings@20240722.0-r0", + "abseil-cpp-synchronization@20240722.0-r0", + "abseil-cpp-time@20240722.0-r0", + "grpc@1.62.1-r2", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:67a7aa6dbdd5c3aff685be2b0529a22949aa8549", + "InstalledFiles": [ + "usr/lib/libgpr.so.39", + "usr/lib/libgpr.so.39.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libgrpc@1.62.1-r2", + "Name": "libgrpc", + "Identifier": { + "PURL": "pkg:apk/alpine/libgrpc@1.62.1-r2?arch=x86_64\u0026distro=3.21.3", + "UID": "3fa05f930f1f93ee" + }, + "Version": "1.62.1-r2", + "Arch": "x86_64", + "SrcName": "grpc", + "SrcVersion": "1.62.1-r2", + "Licenses": [ + "Apache-2.0", + "BSD-3-Clause", + "MIT" + ], + "Maintainer": "wener \u003cwenermail@gmail.com\u003e", + "DependsOn": [ + "abseil-cpp-cord@20240722.0-r0", + "abseil-cpp-cordz-info@20240722.0-r0", + "abseil-cpp-hash@20240722.0-r0", + "abseil-cpp-kernel-timeout-internal@20240722.0-r0", + "abseil-cpp-random-internal-pool-urbg@20240722.0-r0", + "abseil-cpp-random-internal-randen-hwaes-impl@20240722.0-r0", + "abseil-cpp-random-internal-randen-slow@20240722.0-r0", + "abseil-cpp-random-internal-randen@20240722.0-r0", + "abseil-cpp-raw-hash-set@20240722.0-r0", + "abseil-cpp-status@20240722.0-r0", + "abseil-cpp-statusor@20240722.0-r0", + "abseil-cpp-str-format-internal@20240722.0-r0", + "abseil-cpp-strings@20240722.0-r0", + "abseil-cpp-synchronization@20240722.0-r0", + "abseil-cpp-throw-delegate@20240722.0-r0", + "abseil-cpp-time-zone@20240722.0-r0", + "abseil-cpp-time@20240722.0-r0", + "c-ares@1.34.3-r0", + "grpc@1.62.1-r2", + "libaddress_sorting@1.62.1-r2", + "libcrypto3@3.3.3-r0", + "libgcc@14.2.0-r4", + "libgpr@1.62.1-r2", + "libssl3@3.3.3-r0", + "libstdc++@14.2.0-r4", + "libupb_base_lib@1.62.1-r2", + "libupb_json_lib@1.62.1-r2", + "libupb_mem_lib@1.62.1-r2", + "libupb_message_lib@1.62.1-r2", + "libupb_textformat_lib@1.62.1-r2", + "musl@1.2.5-r9", + "re2@2024.07.02-r1", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:1497b2560828cfa5ca52e60d0c16c28c0396ea50", + "InstalledFiles": [ + "usr/lib/libgrpc.so.39", + "usr/lib/libgrpc.so.39.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libgrpc_unsecure@1.62.1-r2", + "Name": "libgrpc_unsecure", + "Identifier": { + "PURL": "pkg:apk/alpine/libgrpc_unsecure@1.62.1-r2?arch=x86_64\u0026distro=3.21.3", + "UID": "1250a9c54be1d932" + }, + "Version": "1.62.1-r2", + "Arch": "x86_64", + "SrcName": "grpc", + "SrcVersion": "1.62.1-r2", + "Licenses": [ + "Apache-2.0", + "BSD-3-Clause", + "MIT" + ], + "Maintainer": "wener \u003cwenermail@gmail.com\u003e", + "DependsOn": [ + "abseil-cpp-cord@20240722.0-r0", + "abseil-cpp-cordz-info@20240722.0-r0", + "abseil-cpp-hash@20240722.0-r0", + "abseil-cpp-kernel-timeout-internal@20240722.0-r0", + "abseil-cpp-random-internal-pool-urbg@20240722.0-r0", + "abseil-cpp-random-internal-randen-hwaes-impl@20240722.0-r0", + "abseil-cpp-random-internal-randen-slow@20240722.0-r0", + "abseil-cpp-random-internal-randen@20240722.0-r0", + "abseil-cpp-raw-hash-set@20240722.0-r0", + "abseil-cpp-status@20240722.0-r0", + "abseil-cpp-statusor@20240722.0-r0", + "abseil-cpp-str-format-internal@20240722.0-r0", + "abseil-cpp-strings@20240722.0-r0", + "abseil-cpp-synchronization@20240722.0-r0", + "abseil-cpp-time-zone@20240722.0-r0", + "abseil-cpp-time@20240722.0-r0", + "c-ares@1.34.3-r0", + "grpc@1.62.1-r2", + "libaddress_sorting@1.62.1-r2", + "libgcc@14.2.0-r4", + "libgpr@1.62.1-r2", + "libstdc++@14.2.0-r4", + "libupb_base_lib@1.62.1-r2", + "libupb_mem_lib@1.62.1-r2", + "libupb_message_lib@1.62.1-r2", + "musl@1.2.5-r9", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:30d0cedc624c5a294c8a58dd81576ddfcc6e67fa", + "InstalledFiles": [ + "usr/lib/libgrpc_unsecure.so.39", + "usr/lib/libgrpc_unsecure.so.39.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libidn2@2.3.7-r0", + "Name": "libidn2", + "Identifier": { + "PURL": "pkg:apk/alpine/libidn2@2.3.7-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "7a5029ce71d1e992" + }, + "Version": "2.3.7-r0", + "Arch": "x86_64", + "SrcName": "libidn2", + "SrcVersion": "2.3.7-r0", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libunistring@1.2-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:ae3b64134ad2a63718269dac2826bc514a3445e2", + "InstalledFiles": [ + "usr/lib/libidn2.so.0", + "usr/lib/libidn2.so.0.4.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libmaxminddb@1.9.1-r0", + "Name": "libmaxminddb", + "Identifier": { + "PURL": "pkg:apk/alpine/libmaxminddb@1.9.1-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "2ffc4a04965340a3" + }, + "Version": "1.9.1-r0", + "Arch": "x86_64", + "SrcName": "libmaxminddb", + "SrcVersion": "1.9.1-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Timo Teräs \u003ctimo.teras@iki.fi\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r12", + "curl@8.12.1-r1", + "libmaxminddb-libs@1.9.1-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:d7f9b6f9483fb24a2722ab50f6a322d2a511b4a4", + "InstalledFiles": [ + "etc/libmaxminddb.cron.conf", + "etc/periodic/weekly/libmaxminddb", + "usr/bin/mmdblookup" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libmaxminddb-libs@1.9.1-r0", + "Name": "libmaxminddb-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/libmaxminddb-libs@1.9.1-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "8ff7b0872c407fda" + }, + "Version": "1.9.1-r0", + "Arch": "x86_64", + "SrcName": "libmaxminddb", + "SrcVersion": "1.9.1-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Timo Teräs \u003ctimo.teras@iki.fi\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:577f6a0b6245bebefcaf95328f32a938f7f99fec", + "InstalledFiles": [ + "usr/lib/libmaxminddb.so.0", + "usr/lib/libmaxminddb.so.0.0.7" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libncursesw@6.5_p20241006-r3", + "Name": "libncursesw", + "Identifier": { + "PURL": "pkg:apk/alpine/libncursesw@6.5_p20241006-r3?arch=x86_64\u0026distro=3.21.3", + "UID": "75cdd41a72db6f1" + }, + "Version": "6.5_p20241006-r3", + "Arch": "x86_64", + "SrcName": "ncurses", + "SrcVersion": "6.5_p20241006-r3", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9", + "ncurses-terminfo-base@6.5_p20241006-r3" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:1f4a0b567990a75699de992aa91da75bad914a57", + "InstalledFiles": [ + "usr/lib/libncursesw.so.6", + "usr/lib/libncursesw.so.6.5" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libprotobuf@24.4-r4", + "Name": "libprotobuf", + "Identifier": { + "PURL": "pkg:apk/alpine/libprotobuf@24.4-r4?arch=x86_64\u0026distro=3.21.3", + "UID": "e57f3191ff63cbf9" + }, + "Version": "24.4-r4", + "Arch": "x86_64", + "SrcName": "protobuf", + "SrcVersion": "24.4-r4", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "abseil-cpp-cord-internal@20240722.0-r0", + "abseil-cpp-cord@20240722.0-r0", + "abseil-cpp-cordz-info@20240722.0-r0", + "abseil-cpp-die-if-null@20240722.0-r0", + "abseil-cpp-hash@20240722.0-r0", + "abseil-cpp-log-internal-check-op@20240722.0-r0", + "abseil-cpp-log-internal-conditions@20240722.0-r0", + "abseil-cpp-log-internal-message@20240722.0-r0", + "abseil-cpp-log-internal-nullguard@20240722.0-r0", + "abseil-cpp-raw-hash-set@20240722.0-r0", + "abseil-cpp-spinlock-wait@20240722.0-r0", + "abseil-cpp-status@20240722.0-r0", + "abseil-cpp-statusor@20240722.0-r0", + "abseil-cpp-str-format-internal@20240722.0-r0", + "abseil-cpp-strings@20240722.0-r0", + "abseil-cpp-synchronization@20240722.0-r0", + "abseil-cpp-throw-delegate@20240722.0-r0", + "abseil-cpp-time-zone@20240722.0-r0", + "abseil-cpp-time@20240722.0-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:1fbaa0aaecc8f40c5801b6822fbb241a5b6f899f", + "InstalledFiles": [ + "usr/lib/libprotobuf.so.24", + "usr/lib/libprotobuf.so.24.4.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libprotoc@24.4-r4", + "Name": "libprotoc", + "Identifier": { + "PURL": "pkg:apk/alpine/libprotoc@24.4-r4?arch=x86_64\u0026distro=3.21.3", + "UID": "6c87bad9dc36f3df" + }, + "Version": "24.4-r4", + "Arch": "x86_64", + "SrcName": "protobuf", + "SrcVersion": "24.4-r4", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "abseil-cpp-hash@20240722.0-r0", + "abseil-cpp-log-internal-check-op@20240722.0-r0", + "abseil-cpp-log-internal-conditions@20240722.0-r0", + "abseil-cpp-log-internal-message@20240722.0-r0", + "abseil-cpp-log-internal-nullguard@20240722.0-r0", + "abseil-cpp-raw-hash-set@20240722.0-r0", + "abseil-cpp-spinlock-wait@20240722.0-r0", + "abseil-cpp-status@20240722.0-r0", + "abseil-cpp-statusor@20240722.0-r0", + "abseil-cpp-str-format-internal@20240722.0-r0", + "abseil-cpp-strings@20240722.0-r0", + "abseil-cpp-synchronization@20240722.0-r0", + "abseil-cpp-throw-delegate@20240722.0-r0", + "libgcc@14.2.0-r4", + "libprotobuf@24.4-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:ed909c12778522b502c6b485806530920e16a96f", + "InstalledFiles": [ + "usr/lib/libprotoc.so.24", + "usr/lib/libprotoc.so.24.4.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libpsl@0.21.5-r3", + "Name": "libpsl", + "Identifier": { + "PURL": "pkg:apk/alpine/libpsl@0.21.5-r3?arch=x86_64\u0026distro=3.21.3", + "UID": "240880a372fa2415" + }, + "Version": "0.21.5-r3", + "Arch": "x86_64", + "SrcName": "libpsl", + "SrcVersion": "0.21.5-r3", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libidn2@2.3.7-r0", + "libunistring@1.2-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:9d21a9cf20d165ea68eafc7566a5da16ce9eabfc", + "InstalledFiles": [ + "usr/lib/libpsl.so.5", + "usr/lib/libpsl.so.5.3.5" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libssl3@3.3.3-r0", + "Name": "libssl3", + "Identifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "Version": "3.3.3-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.3.3-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcrypto3@3.3.3-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:f903912bd42fe4658ee2adf39744b36019f046b3", + "InstalledFiles": [ + "usr/lib/libssl.so.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libstdc++@14.2.0-r4", + "Name": "libstdc++", + "Identifier": { + "PURL": "pkg:apk/alpine/libstdc%2B%2B@14.2.0-r4?arch=x86_64\u0026distro=3.21.3", + "UID": "82b61307dafb3df8" + }, + "Version": "14.2.0-r4", + "Arch": "x86_64", + "SrcName": "gcc", + "SrcVersion": "14.2.0-r4", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later" + ], + "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", + "DependsOn": [ + "libgcc@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:3a31f5d07864ea0b323a3c6d763ae6079ef1c91f", + "InstalledFiles": [ + "usr/lib/libstdc++.so.6", + "usr/lib/libstdc++.so.6.0.33" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libunistring@1.2-r0", + "Name": "libunistring", + "Identifier": { + "PURL": "pkg:apk/alpine/libunistring@1.2-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "afda0efd6d9fe81d" + }, + "Version": "1.2-r0", + "Arch": "x86_64", + "SrcName": "libunistring", + "SrcVersion": "1.2-r0", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:79aac0821ef4e14fc6ceaacfbf7c2a770a80cf78", + "InstalledFiles": [ + "usr/lib/libunistring.so.5", + "usr/lib/libunistring.so.5.1.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libupb_base_lib@1.62.1-r2", + "Name": "libupb_base_lib", + "Identifier": { + "PURL": "pkg:apk/alpine/libupb_base_lib@1.62.1-r2?arch=x86_64\u0026distro=3.21.3", + "UID": "756cbdd2bb1b6527" + }, + "Version": "1.62.1-r2", + "Arch": "x86_64", + "SrcName": "grpc", + "SrcVersion": "1.62.1-r2", + "Licenses": [ + "Apache-2.0", + "BSD-3-Clause", + "MIT" + ], + "Maintainer": "wener \u003cwenermail@gmail.com\u003e", + "DependsOn": [ + "grpc@1.62.1-r2", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:73003b0762a9f6876e7c32a8c3d6922d40d2e41a", + "InstalledFiles": [ + "usr/lib/libupb_base_lib.so.39", + "usr/lib/libupb_base_lib.so.39.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libupb_json_lib@1.62.1-r2", + "Name": "libupb_json_lib", + "Identifier": { + "PURL": "pkg:apk/alpine/libupb_json_lib@1.62.1-r2?arch=x86_64\u0026distro=3.21.3", + "UID": "4ebe31207d8b5b4d" + }, + "Version": "1.62.1-r2", + "Arch": "x86_64", + "SrcName": "grpc", + "SrcVersion": "1.62.1-r2", + "Licenses": [ + "Apache-2.0", + "BSD-3-Clause", + "MIT" + ], + "Maintainer": "wener \u003cwenermail@gmail.com\u003e", + "DependsOn": [ + "grpc@1.62.1-r2", + "libupb_base_lib@1.62.1-r2", + "libupb_mem_lib@1.62.1-r2", + "libupb_message_lib@1.62.1-r2", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:72c6d48dfd7b51ce9a192a3e026ea75c4236b575", + "InstalledFiles": [ + "usr/lib/libupb_json_lib.so.39", + "usr/lib/libupb_json_lib.so.39.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libupb_mem_lib@1.62.1-r2", + "Name": "libupb_mem_lib", + "Identifier": { + "PURL": "pkg:apk/alpine/libupb_mem_lib@1.62.1-r2?arch=x86_64\u0026distro=3.21.3", + "UID": "5546121ff45d2c67" + }, + "Version": "1.62.1-r2", + "Arch": "x86_64", + "SrcName": "grpc", + "SrcVersion": "1.62.1-r2", + "Licenses": [ + "Apache-2.0", + "BSD-3-Clause", + "MIT" + ], + "Maintainer": "wener \u003cwenermail@gmail.com\u003e", + "DependsOn": [ + "grpc@1.62.1-r2", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:d921853a84126f5ef61acc394841d45a8f4b16cb", + "InstalledFiles": [ + "usr/lib/libupb_mem_lib.so.39", + "usr/lib/libupb_mem_lib.so.39.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libupb_message_lib@1.62.1-r2", + "Name": "libupb_message_lib", + "Identifier": { + "PURL": "pkg:apk/alpine/libupb_message_lib@1.62.1-r2?arch=x86_64\u0026distro=3.21.3", + "UID": "14e057ae698a1bfb" + }, + "Version": "1.62.1-r2", + "Arch": "x86_64", + "SrcName": "grpc", + "SrcVersion": "1.62.1-r2", + "Licenses": [ + "Apache-2.0", + "BSD-3-Clause", + "MIT" + ], + "Maintainer": "wener \u003cwenermail@gmail.com\u003e", + "DependsOn": [ + "grpc@1.62.1-r2", + "libupb_mem_lib@1.62.1-r2", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:ea998f6924395ce9e5bf5923bb0e854f20059480", + "InstalledFiles": [ + "usr/lib/libupb_message_lib.so.39", + "usr/lib/libupb_message_lib.so.39.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libupb_textformat_lib@1.62.1-r2", + "Name": "libupb_textformat_lib", + "Identifier": { + "PURL": "pkg:apk/alpine/libupb_textformat_lib@1.62.1-r2?arch=x86_64\u0026distro=3.21.3", + "UID": "805dea2bf4d244ca" + }, + "Version": "1.62.1-r2", + "Arch": "x86_64", + "SrcName": "grpc", + "SrcVersion": "1.62.1-r2", + "Licenses": [ + "Apache-2.0", + "BSD-3-Clause", + "MIT" + ], + "Maintainer": "wener \u003cwenermail@gmail.com\u003e", + "DependsOn": [ + "grpc@1.62.1-r2", + "libupb_base_lib@1.62.1-r2", + "libupb_mem_lib@1.62.1-r2", + "libupb_message_lib@1.62.1-r2", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:d2b87b0da4d3b6c29f65f12fdbf0c5756ede6040", + "InstalledFiles": [ + "usr/lib/libupb_textformat_lib.so.39", + "usr/lib/libupb_textformat_lib.so.39.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libxml2@2.13.4-r5", + "Name": "libxml2", + "Identifier": { + "PURL": "pkg:apk/alpine/libxml2@2.13.4-r5?arch=x86_64\u0026distro=3.21.3", + "UID": "21433495685e9e6d" + }, + "Version": "2.13.4-r5", + "Arch": "x86_64", + "SrcName": "libxml2", + "SrcVersion": "2.13.4-r5", + "Licenses": [ + "MIT" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9", + "xz-libs@5.6.3-r0", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:c8d5933391e532dae14b06cc4be28715a9895b3d", + "InstalledFiles": [ + "usr/lib/libxml2.so.2", + "usr/lib/libxml2.so.2.13.4" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "lmdb@0.9.33-r0", + "Name": "lmdb", + "Identifier": { + "PURL": "pkg:apk/alpine/lmdb@0.9.33-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "ffe8c42f7e844604" + }, + "Version": "0.9.33-r0", + "Arch": "x86_64", + "SrcName": "lmdb", + "SrcVersion": "0.9.33-r0", + "Licenses": [ + "OLDAP-2.8" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:834e8434e6b20fa68035356bfdf83588fdb6182f", + "InstalledFiles": [ + "usr/lib/liblmdb.so.0", + "usr/lib/liblmdb.so.0.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl@1.2.5-r9", + "Name": "musl", + "Identifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", + "UID": "d0316c4ab0862e6b" + }, + "Version": "1.2.5-r9", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.5-r9", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:fcbef23891ec04f81a28b98dbbb521e58218d2d8", + "InstalledFiles": [ + "lib/ld-musl-x86_64.so.1", + "lib/libc.musl-x86_64.so.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl-utils@1.2.5-r9", + "Name": "musl-utils", + "Identifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", + "UID": "8991799c5350cf95" + }, + "Version": "1.2.5-r9", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.5-r9", + "Licenses": [ + "MIT", + "BSD-2-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9", + "scanelf@1.3.8-r1" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:dd00323d3c0b14f2607f7a14ef503ebb4f737d22", + "InstalledFiles": [ + "sbin/ldconfig", + "usr/bin/getconf", + "usr/bin/getent", + "usr/bin/iconv", + "usr/bin/ldd" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ncurses-terminfo-base@6.5_p20241006-r3", + "Name": "ncurses-terminfo-base", + "Identifier": { + "PURL": "pkg:apk/alpine/ncurses-terminfo-base@6.5_p20241006-r3?arch=x86_64\u0026distro=3.21.3", + "UID": "ba7a41d37c387447" + }, + "Version": "6.5_p20241006-r3", + "Arch": "x86_64", + "SrcName": "ncurses", + "SrcVersion": "6.5_p20241006-r3", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:a2bc82a235e7172605f069a36c371f955bc9d8fc", + "InstalledFiles": [ + "etc/terminfo/a/alacritty", + "etc/terminfo/a/ansi", + "etc/terminfo/d/dumb", + "etc/terminfo/g/gnome", + "etc/terminfo/g/gnome-256color", + "etc/terminfo/k/konsole", + "etc/terminfo/k/konsole-256color", + "etc/terminfo/k/konsole-linux", + "etc/terminfo/l/linux", + "etc/terminfo/p/putty", + "etc/terminfo/p/putty-256color", + "etc/terminfo/r/rxvt", + "etc/terminfo/r/rxvt-256color", + "etc/terminfo/s/screen", + "etc/terminfo/s/screen-256color", + "etc/terminfo/s/st-0.6", + "etc/terminfo/s/st-0.7", + "etc/terminfo/s/st-0.8", + "etc/terminfo/s/st-16color", + "etc/terminfo/s/st-256color", + "etc/terminfo/s/st-direct", + "etc/terminfo/s/sun", + "etc/terminfo/t/terminator", + "etc/terminfo/t/terminology", + "etc/terminfo/t/terminology-0.6.1", + "etc/terminfo/t/terminology-1.0.0", + "etc/terminfo/t/terminology-1.8.1", + "etc/terminfo/t/tmux", + "etc/terminfo/t/tmux-256color", + "etc/terminfo/v/vt100", + "etc/terminfo/v/vt102", + "etc/terminfo/v/vt200", + "etc/terminfo/v/vt220", + "etc/terminfo/v/vt52", + "etc/terminfo/v/vte", + "etc/terminfo/v/vte-256color", + "etc/terminfo/x/xterm", + "etc/terminfo/x/xterm-256color", + "etc/terminfo/x/xterm-color", + "etc/terminfo/x/xterm-xfree86" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "nghttp2-libs@1.64.0-r0", + "Name": "nghttp2-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/nghttp2-libs@1.64.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "e522ca22ea4867ac" + }, + "Version": "1.64.0-r0", + "Arch": "x86_64", + "SrcName": "nghttp2", + "SrcVersion": "1.64.0-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:239d49335b0c521c41d0823a619bf84c3f20722e", + "InstalledFiles": [ + "usr/lib/libnghttp2.so.14", + "usr/lib/libnghttp2.so.14.28.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "openssl@3.3.3-r0", + "Name": "openssl", + "Identifier": { + "PURL": "pkg:apk/alpine/openssl@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "627772e2e77f6983" + }, + "Version": "3.3.3-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.3.3-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcrypto3@3.3.3-r0", + "libssl3@3.3.3-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:fcdc0397fcfe5bb3dd7d6ae9342a02bd11e9ac33", + "InstalledFiles": [ + "usr/bin/openssl" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "patch@2.7.6-r10", + "Name": "patch", + "Identifier": { + "PURL": "pkg:apk/alpine/patch@2.7.6-r10?arch=x86_64\u0026distro=3.21.3", + "UID": "b472ade3e0965a52" + }, + "Version": "2.7.6-r10", + "Arch": "x86_64", + "SrcName": "patch", + "SrcVersion": "2.7.6-r10", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:90ecec0bf17c6aeb300d68a1c032adfbc2e737ad", + "InstalledFiles": [ + "usr/bin/patch" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "pcre@8.45-r3", + "Name": "pcre", + "Identifier": { + "PURL": "pkg:apk/alpine/pcre@8.45-r3?arch=x86_64\u0026distro=3.21.3", + "UID": "15ba0caddc86e79d" + }, + "Version": "8.45-r3", + "Arch": "x86_64", + "SrcName": "pcre", + "SrcVersion": "8.45-r3", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:2ea62a8c8ed4c25a831cdbe18d71c911cf3446a2", + "InstalledFiles": [ + "usr/lib/libpcre.so.1", + "usr/lib/libpcre.so.1.2.13", + "usr/lib/libpcreposix.so.0", + "usr/lib/libpcreposix.so.0.0.7" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "re2@2024.07.02-r1", + "Name": "re2", + "Identifier": { + "PURL": "pkg:apk/alpine/re2@2024.07.02-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "4286e90c5aa1b173" + }, + "Version": "2024.07.02-r1", + "Arch": "x86_64", + "SrcName": "re2", + "SrcVersion": "2024.07.02-r1", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", + "DependsOn": [ + "abseil-cpp-hash@20240722.0-r0", + "abseil-cpp-log-internal-check-op@20240722.0-r0", + "abseil-cpp-log-internal-message@20240722.0-r0", + "abseil-cpp-raw-hash-set@20240722.0-r0", + "abseil-cpp-raw-logging-internal@20240722.0-r0", + "abseil-cpp-spinlock-wait@20240722.0-r0", + "abseil-cpp-str-format-internal@20240722.0-r0", + "abseil-cpp-strings@20240722.0-r0", + "abseil-cpp-synchronization@20240722.0-r0", + "icu-libs@74.2-r0", + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:406087ea68ce75afc47a78126db41ad55284df70", + "InstalledFiles": [ + "usr/lib/libre2.so.11", + "usr/lib/libre2.so.11.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "readline@8.2.13-r0", + "Name": "readline", + "Identifier": { + "PURL": "pkg:apk/alpine/readline@8.2.13-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "8e448129748c2000" + }, + "Version": "8.2.13-r0", + "Arch": "x86_64", + "SrcName": "readline", + "SrcVersion": "8.2.13-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libncursesw@6.5_p20241006-r3", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:b99e42766d2d37aa8b69820daa080ab50c28a150", + "InstalledFiles": [ + "etc/inputrc", + "usr/lib/libreadline.so.8", + "usr/lib/libreadline.so.8.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "scanelf@1.3.8-r1", + "Name": "scanelf", + "Identifier": { + "PURL": "pkg:apk/alpine/scanelf@1.3.8-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "99c1bc01da347386" + }, + "Version": "1.3.8-r1", + "Arch": "x86_64", + "SrcName": "pax-utils", + "SrcVersion": "1.3.8-r1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:77729f7622baeaafb6feaf7486f4f5452c1c7b62", + "InstalledFiles": [ + "usr/bin/scanelf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ssl_client@1.37.0-r12", + "Name": "ssl_client", + "Identifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", + "UID": "7637191a09ed06b3" + }, + "Version": "1.37.0-r12", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r12", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "libcrypto3@3.3.3-r0", + "libssl3@3.3.3-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:69bfb6258ecb0a21e3b0ea12e6d4544192ab3766", + "InstalledFiles": [ + "usr/bin/ssl_client" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "tzdata@2025a-r0", + "Name": "tzdata", + "Identifier": { + "PURL": "pkg:apk/alpine/tzdata@2025a-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "6202fbbc831770e0" + }, + "Version": "2025a-r0", + "Arch": "x86_64", + "SrcName": "tzdata", + "SrcVersion": "2025a-r0", + "Licenses": [ + "Public-Domain" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:0b536b9594eb3a23cc3fcb9222d87999ee7a5a5e", + "InstalledFiles": [ + "usr/share/zoneinfo/CET", + "usr/share/zoneinfo/CST6CDT", + "usr/share/zoneinfo/Cuba", + "usr/share/zoneinfo/EET", + "usr/share/zoneinfo/EST", + "usr/share/zoneinfo/EST5EDT", + "usr/share/zoneinfo/Egypt", + "usr/share/zoneinfo/Eire", + "usr/share/zoneinfo/Factory", + "usr/share/zoneinfo/GB", + "usr/share/zoneinfo/GB-Eire", + "usr/share/zoneinfo/GMT", + "usr/share/zoneinfo/GMT+0", + "usr/share/zoneinfo/GMT-0", + "usr/share/zoneinfo/GMT0", + "usr/share/zoneinfo/Greenwich", + "usr/share/zoneinfo/HST", + "usr/share/zoneinfo/Hongkong", + "usr/share/zoneinfo/Iceland", + "usr/share/zoneinfo/Iran", + "usr/share/zoneinfo/Israel", + "usr/share/zoneinfo/Jamaica", + "usr/share/zoneinfo/Japan", + "usr/share/zoneinfo/Kwajalein", + "usr/share/zoneinfo/Libya", + "usr/share/zoneinfo/MET", + "usr/share/zoneinfo/MST", + "usr/share/zoneinfo/MST7MDT", + "usr/share/zoneinfo/NZ", + "usr/share/zoneinfo/NZ-CHAT", + "usr/share/zoneinfo/Navajo", + "usr/share/zoneinfo/PRC", + "usr/share/zoneinfo/PST8PDT", + "usr/share/zoneinfo/Poland", + "usr/share/zoneinfo/Portugal", + "usr/share/zoneinfo/ROC", + "usr/share/zoneinfo/ROK", + "usr/share/zoneinfo/Singapore", + "usr/share/zoneinfo/Turkey", + "usr/share/zoneinfo/UCT", + "usr/share/zoneinfo/UTC", + "usr/share/zoneinfo/Universal", + "usr/share/zoneinfo/W-SU", + "usr/share/zoneinfo/WET", + "usr/share/zoneinfo/Zulu", + "usr/share/zoneinfo/iso3166.tab", + "usr/share/zoneinfo/leap-seconds.list", + "usr/share/zoneinfo/posixrules", + "usr/share/zoneinfo/zone.tab", + "usr/share/zoneinfo/zone1970.tab", + "usr/share/zoneinfo/Africa/Abidjan", + "usr/share/zoneinfo/Africa/Accra", + "usr/share/zoneinfo/Africa/Addis_Ababa", + "usr/share/zoneinfo/Africa/Algiers", + "usr/share/zoneinfo/Africa/Asmara", + "usr/share/zoneinfo/Africa/Asmera", + "usr/share/zoneinfo/Africa/Bamako", + "usr/share/zoneinfo/Africa/Bangui", + "usr/share/zoneinfo/Africa/Banjul", + "usr/share/zoneinfo/Africa/Bissau", + "usr/share/zoneinfo/Africa/Blantyre", + "usr/share/zoneinfo/Africa/Brazzaville", + "usr/share/zoneinfo/Africa/Bujumbura", + "usr/share/zoneinfo/Africa/Cairo", + "usr/share/zoneinfo/Africa/Casablanca", + "usr/share/zoneinfo/Africa/Ceuta", + "usr/share/zoneinfo/Africa/Conakry", + "usr/share/zoneinfo/Africa/Dakar", + "usr/share/zoneinfo/Africa/Dar_es_Salaam", + "usr/share/zoneinfo/Africa/Djibouti", + "usr/share/zoneinfo/Africa/Douala", + "usr/share/zoneinfo/Africa/El_Aaiun", + "usr/share/zoneinfo/Africa/Freetown", + "usr/share/zoneinfo/Africa/Gaborone", + "usr/share/zoneinfo/Africa/Harare", + "usr/share/zoneinfo/Africa/Johannesburg", + "usr/share/zoneinfo/Africa/Juba", + "usr/share/zoneinfo/Africa/Kampala", + "usr/share/zoneinfo/Africa/Khartoum", + "usr/share/zoneinfo/Africa/Kigali", + "usr/share/zoneinfo/Africa/Kinshasa", + "usr/share/zoneinfo/Africa/Lagos", + "usr/share/zoneinfo/Africa/Libreville", + "usr/share/zoneinfo/Africa/Lome", + "usr/share/zoneinfo/Africa/Luanda", + "usr/share/zoneinfo/Africa/Lubumbashi", + "usr/share/zoneinfo/Africa/Lusaka", + "usr/share/zoneinfo/Africa/Malabo", + "usr/share/zoneinfo/Africa/Maputo", + "usr/share/zoneinfo/Africa/Maseru", + "usr/share/zoneinfo/Africa/Mbabane", + "usr/share/zoneinfo/Africa/Mogadishu", + "usr/share/zoneinfo/Africa/Monrovia", + "usr/share/zoneinfo/Africa/Nairobi", + "usr/share/zoneinfo/Africa/Ndjamena", + "usr/share/zoneinfo/Africa/Niamey", + "usr/share/zoneinfo/Africa/Nouakchott", + "usr/share/zoneinfo/Africa/Ouagadougou", + "usr/share/zoneinfo/Africa/Porto-Novo", + "usr/share/zoneinfo/Africa/Sao_Tome", + "usr/share/zoneinfo/Africa/Timbuktu", + "usr/share/zoneinfo/Africa/Tripoli", + "usr/share/zoneinfo/Africa/Tunis", + "usr/share/zoneinfo/Africa/Windhoek", + "usr/share/zoneinfo/America/Adak", + "usr/share/zoneinfo/America/Anchorage", + "usr/share/zoneinfo/America/Anguilla", + "usr/share/zoneinfo/America/Antigua", + "usr/share/zoneinfo/America/Araguaina", + "usr/share/zoneinfo/America/Aruba", + "usr/share/zoneinfo/America/Asuncion", + "usr/share/zoneinfo/America/Atikokan", + "usr/share/zoneinfo/America/Atka", + "usr/share/zoneinfo/America/Bahia", + "usr/share/zoneinfo/America/Bahia_Banderas", + "usr/share/zoneinfo/America/Barbados", + "usr/share/zoneinfo/America/Belem", + "usr/share/zoneinfo/America/Belize", + "usr/share/zoneinfo/America/Blanc-Sablon", + "usr/share/zoneinfo/America/Boa_Vista", + "usr/share/zoneinfo/America/Bogota", + "usr/share/zoneinfo/America/Boise", + "usr/share/zoneinfo/America/Buenos_Aires", + "usr/share/zoneinfo/America/Cambridge_Bay", + "usr/share/zoneinfo/America/Campo_Grande", + "usr/share/zoneinfo/America/Cancun", + "usr/share/zoneinfo/America/Caracas", + "usr/share/zoneinfo/America/Catamarca", + "usr/share/zoneinfo/America/Cayenne", + "usr/share/zoneinfo/America/Cayman", + "usr/share/zoneinfo/America/Chicago", + "usr/share/zoneinfo/America/Chihuahua", + "usr/share/zoneinfo/America/Ciudad_Juarez", + "usr/share/zoneinfo/America/Coral_Harbour", + "usr/share/zoneinfo/America/Cordoba", + "usr/share/zoneinfo/America/Costa_Rica", + "usr/share/zoneinfo/America/Creston", + "usr/share/zoneinfo/America/Cuiaba", + "usr/share/zoneinfo/America/Curacao", + "usr/share/zoneinfo/America/Danmarkshavn", + "usr/share/zoneinfo/America/Dawson", + "usr/share/zoneinfo/America/Dawson_Creek", + "usr/share/zoneinfo/America/Denver", + "usr/share/zoneinfo/America/Detroit", + "usr/share/zoneinfo/America/Dominica", + "usr/share/zoneinfo/America/Edmonton", + "usr/share/zoneinfo/America/Eirunepe", + "usr/share/zoneinfo/America/El_Salvador", + "usr/share/zoneinfo/America/Ensenada", + "usr/share/zoneinfo/America/Fort_Nelson", + "usr/share/zoneinfo/America/Fort_Wayne", + "usr/share/zoneinfo/America/Fortaleza", + "usr/share/zoneinfo/America/Glace_Bay", + "usr/share/zoneinfo/America/Godthab", + "usr/share/zoneinfo/America/Goose_Bay", + "usr/share/zoneinfo/America/Grand_Turk", + "usr/share/zoneinfo/America/Grenada", + "usr/share/zoneinfo/America/Guadeloupe", + "usr/share/zoneinfo/America/Guatemala", + "usr/share/zoneinfo/America/Guayaquil", + "usr/share/zoneinfo/America/Guyana", + "usr/share/zoneinfo/America/Halifax", + "usr/share/zoneinfo/America/Havana", + "usr/share/zoneinfo/America/Hermosillo", + "usr/share/zoneinfo/America/Indianapolis", + "usr/share/zoneinfo/America/Inuvik", + "usr/share/zoneinfo/America/Iqaluit", + "usr/share/zoneinfo/America/Jamaica", + "usr/share/zoneinfo/America/Jujuy", + "usr/share/zoneinfo/America/Juneau", + "usr/share/zoneinfo/America/Knox_IN", + "usr/share/zoneinfo/America/Kralendijk", + "usr/share/zoneinfo/America/La_Paz", + "usr/share/zoneinfo/America/Lima", + "usr/share/zoneinfo/America/Los_Angeles", + "usr/share/zoneinfo/America/Louisville", + "usr/share/zoneinfo/America/Lower_Princes", + "usr/share/zoneinfo/America/Maceio", + "usr/share/zoneinfo/America/Managua", + "usr/share/zoneinfo/America/Manaus", + "usr/share/zoneinfo/America/Marigot", + "usr/share/zoneinfo/America/Martinique", + "usr/share/zoneinfo/America/Matamoros", + "usr/share/zoneinfo/America/Mazatlan", + "usr/share/zoneinfo/America/Mendoza", + "usr/share/zoneinfo/America/Menominee", + "usr/share/zoneinfo/America/Merida", + "usr/share/zoneinfo/America/Metlakatla", + "usr/share/zoneinfo/America/Mexico_City", + "usr/share/zoneinfo/America/Miquelon", + "usr/share/zoneinfo/America/Moncton", + "usr/share/zoneinfo/America/Monterrey", + "usr/share/zoneinfo/America/Montevideo", + "usr/share/zoneinfo/America/Montreal", + "usr/share/zoneinfo/America/Montserrat", + "usr/share/zoneinfo/America/Nassau", + "usr/share/zoneinfo/America/New_York", + "usr/share/zoneinfo/America/Nipigon", + "usr/share/zoneinfo/America/Nome", + "usr/share/zoneinfo/America/Noronha", + "usr/share/zoneinfo/America/Nuuk", + "usr/share/zoneinfo/America/Ojinaga", + "usr/share/zoneinfo/America/Panama", + "usr/share/zoneinfo/America/Pangnirtung", + "usr/share/zoneinfo/America/Paramaribo", + "usr/share/zoneinfo/America/Phoenix", + "usr/share/zoneinfo/America/Port-au-Prince", + "usr/share/zoneinfo/America/Port_of_Spain", + "usr/share/zoneinfo/America/Porto_Acre", + "usr/share/zoneinfo/America/Porto_Velho", + "usr/share/zoneinfo/America/Puerto_Rico", + "usr/share/zoneinfo/America/Punta_Arenas", + "usr/share/zoneinfo/America/Rainy_River", + "usr/share/zoneinfo/America/Rankin_Inlet", + "usr/share/zoneinfo/America/Recife", + "usr/share/zoneinfo/America/Regina", + "usr/share/zoneinfo/America/Resolute", + "usr/share/zoneinfo/America/Rio_Branco", + "usr/share/zoneinfo/America/Rosario", + "usr/share/zoneinfo/America/Santa_Isabel", + "usr/share/zoneinfo/America/Santarem", + "usr/share/zoneinfo/America/Santiago", + "usr/share/zoneinfo/America/Santo_Domingo", + "usr/share/zoneinfo/America/Sao_Paulo", + "usr/share/zoneinfo/America/Scoresbysund", + "usr/share/zoneinfo/America/Shiprock", + "usr/share/zoneinfo/America/Sitka", + "usr/share/zoneinfo/America/St_Barthelemy", + "usr/share/zoneinfo/America/St_Johns", + "usr/share/zoneinfo/America/St_Kitts", + "usr/share/zoneinfo/America/St_Lucia", + "usr/share/zoneinfo/America/St_Thomas", + "usr/share/zoneinfo/America/St_Vincent", + "usr/share/zoneinfo/America/Swift_Current", + "usr/share/zoneinfo/America/Tegucigalpa", + "usr/share/zoneinfo/America/Thule", + "usr/share/zoneinfo/America/Thunder_Bay", + "usr/share/zoneinfo/America/Tijuana", + "usr/share/zoneinfo/America/Toronto", + "usr/share/zoneinfo/America/Tortola", + "usr/share/zoneinfo/America/Vancouver", + "usr/share/zoneinfo/America/Virgin", + "usr/share/zoneinfo/America/Whitehorse", + "usr/share/zoneinfo/America/Winnipeg", + "usr/share/zoneinfo/America/Yakutat", + "usr/share/zoneinfo/America/Yellowknife", + "usr/share/zoneinfo/America/Argentina/Buenos_Aires", + "usr/share/zoneinfo/America/Argentina/Catamarca", + "usr/share/zoneinfo/America/Argentina/ComodRivadavia", + "usr/share/zoneinfo/America/Argentina/Cordoba", + "usr/share/zoneinfo/America/Argentina/Jujuy", + "usr/share/zoneinfo/America/Argentina/La_Rioja", + "usr/share/zoneinfo/America/Argentina/Mendoza", + "usr/share/zoneinfo/America/Argentina/Rio_Gallegos", + "usr/share/zoneinfo/America/Argentina/Salta", + "usr/share/zoneinfo/America/Argentina/San_Juan", + "usr/share/zoneinfo/America/Argentina/San_Luis", + "usr/share/zoneinfo/America/Argentina/Tucuman", + "usr/share/zoneinfo/America/Argentina/Ushuaia", + "usr/share/zoneinfo/America/Indiana/Indianapolis", + "usr/share/zoneinfo/America/Indiana/Knox", + "usr/share/zoneinfo/America/Indiana/Marengo", + "usr/share/zoneinfo/America/Indiana/Petersburg", + "usr/share/zoneinfo/America/Indiana/Tell_City", + "usr/share/zoneinfo/America/Indiana/Vevay", + "usr/share/zoneinfo/America/Indiana/Vincennes", + "usr/share/zoneinfo/America/Indiana/Winamac", + "usr/share/zoneinfo/America/Kentucky/Louisville", + "usr/share/zoneinfo/America/Kentucky/Monticello", + "usr/share/zoneinfo/America/North_Dakota/Beulah", + "usr/share/zoneinfo/America/North_Dakota/Center", + "usr/share/zoneinfo/America/North_Dakota/New_Salem", + "usr/share/zoneinfo/Antarctica/Casey", + "usr/share/zoneinfo/Antarctica/Davis", + "usr/share/zoneinfo/Antarctica/DumontDUrville", + "usr/share/zoneinfo/Antarctica/Macquarie", + "usr/share/zoneinfo/Antarctica/Mawson", + "usr/share/zoneinfo/Antarctica/McMurdo", + "usr/share/zoneinfo/Antarctica/Palmer", + "usr/share/zoneinfo/Antarctica/Rothera", + "usr/share/zoneinfo/Antarctica/South_Pole", + "usr/share/zoneinfo/Antarctica/Syowa", + "usr/share/zoneinfo/Antarctica/Troll", + "usr/share/zoneinfo/Antarctica/Vostok", + "usr/share/zoneinfo/Arctic/Longyearbyen", + "usr/share/zoneinfo/Asia/Aden", + "usr/share/zoneinfo/Asia/Almaty", + "usr/share/zoneinfo/Asia/Amman", + "usr/share/zoneinfo/Asia/Anadyr", + "usr/share/zoneinfo/Asia/Aqtau", + "usr/share/zoneinfo/Asia/Aqtobe", + "usr/share/zoneinfo/Asia/Ashgabat", + "usr/share/zoneinfo/Asia/Ashkhabad", + "usr/share/zoneinfo/Asia/Atyrau", + "usr/share/zoneinfo/Asia/Baghdad", + "usr/share/zoneinfo/Asia/Bahrain", + "usr/share/zoneinfo/Asia/Baku", + "usr/share/zoneinfo/Asia/Bangkok", + "usr/share/zoneinfo/Asia/Barnaul", + "usr/share/zoneinfo/Asia/Beirut", + "usr/share/zoneinfo/Asia/Bishkek", + "usr/share/zoneinfo/Asia/Brunei", + "usr/share/zoneinfo/Asia/Calcutta", + "usr/share/zoneinfo/Asia/Chita", + "usr/share/zoneinfo/Asia/Choibalsan", + "usr/share/zoneinfo/Asia/Chongqing", + "usr/share/zoneinfo/Asia/Chungking", + "usr/share/zoneinfo/Asia/Colombo", + "usr/share/zoneinfo/Asia/Dacca", + "usr/share/zoneinfo/Asia/Damascus", + "usr/share/zoneinfo/Asia/Dhaka", + "usr/share/zoneinfo/Asia/Dili", + "usr/share/zoneinfo/Asia/Dubai", + "usr/share/zoneinfo/Asia/Dushanbe", + "usr/share/zoneinfo/Asia/Famagusta", + "usr/share/zoneinfo/Asia/Gaza", + "usr/share/zoneinfo/Asia/Harbin", + "usr/share/zoneinfo/Asia/Hebron", + "usr/share/zoneinfo/Asia/Ho_Chi_Minh", + "usr/share/zoneinfo/Asia/Hong_Kong", + "usr/share/zoneinfo/Asia/Hovd", + "usr/share/zoneinfo/Asia/Irkutsk", + "usr/share/zoneinfo/Asia/Istanbul", + "usr/share/zoneinfo/Asia/Jakarta", + "usr/share/zoneinfo/Asia/Jayapura", + "usr/share/zoneinfo/Asia/Jerusalem", + "usr/share/zoneinfo/Asia/Kabul", + "usr/share/zoneinfo/Asia/Kamchatka", + "usr/share/zoneinfo/Asia/Karachi", + "usr/share/zoneinfo/Asia/Kashgar", + "usr/share/zoneinfo/Asia/Kathmandu", + "usr/share/zoneinfo/Asia/Katmandu", + "usr/share/zoneinfo/Asia/Khandyga", + "usr/share/zoneinfo/Asia/Kolkata", + "usr/share/zoneinfo/Asia/Krasnoyarsk", + "usr/share/zoneinfo/Asia/Kuala_Lumpur", + "usr/share/zoneinfo/Asia/Kuching", + "usr/share/zoneinfo/Asia/Kuwait", + "usr/share/zoneinfo/Asia/Macao", + "usr/share/zoneinfo/Asia/Macau", + "usr/share/zoneinfo/Asia/Magadan", + "usr/share/zoneinfo/Asia/Makassar", + "usr/share/zoneinfo/Asia/Manila", + "usr/share/zoneinfo/Asia/Muscat", + "usr/share/zoneinfo/Asia/Nicosia", + "usr/share/zoneinfo/Asia/Novokuznetsk", + "usr/share/zoneinfo/Asia/Novosibirsk", + "usr/share/zoneinfo/Asia/Omsk", + "usr/share/zoneinfo/Asia/Oral", + "usr/share/zoneinfo/Asia/Phnom_Penh", + "usr/share/zoneinfo/Asia/Pontianak", + "usr/share/zoneinfo/Asia/Pyongyang", + "usr/share/zoneinfo/Asia/Qatar", + "usr/share/zoneinfo/Asia/Qostanay", + "usr/share/zoneinfo/Asia/Qyzylorda", + "usr/share/zoneinfo/Asia/Rangoon", + "usr/share/zoneinfo/Asia/Riyadh", + "usr/share/zoneinfo/Asia/Saigon", + "usr/share/zoneinfo/Asia/Sakhalin", + "usr/share/zoneinfo/Asia/Samarkand", + "usr/share/zoneinfo/Asia/Seoul", + "usr/share/zoneinfo/Asia/Shanghai", + "usr/share/zoneinfo/Asia/Singapore", + "usr/share/zoneinfo/Asia/Srednekolymsk", + "usr/share/zoneinfo/Asia/Taipei", + "usr/share/zoneinfo/Asia/Tashkent", + "usr/share/zoneinfo/Asia/Tbilisi", + "usr/share/zoneinfo/Asia/Tehran", + "usr/share/zoneinfo/Asia/Tel_Aviv", + "usr/share/zoneinfo/Asia/Thimbu", + "usr/share/zoneinfo/Asia/Thimphu", + "usr/share/zoneinfo/Asia/Tokyo", + "usr/share/zoneinfo/Asia/Tomsk", + "usr/share/zoneinfo/Asia/Ujung_Pandang", + "usr/share/zoneinfo/Asia/Ulaanbaatar", + "usr/share/zoneinfo/Asia/Ulan_Bator", + "usr/share/zoneinfo/Asia/Urumqi", + "usr/share/zoneinfo/Asia/Ust-Nera", + "usr/share/zoneinfo/Asia/Vientiane", + "usr/share/zoneinfo/Asia/Vladivostok", + "usr/share/zoneinfo/Asia/Yakutsk", + "usr/share/zoneinfo/Asia/Yangon", + "usr/share/zoneinfo/Asia/Yekaterinburg", + "usr/share/zoneinfo/Asia/Yerevan", + "usr/share/zoneinfo/Atlantic/Azores", + "usr/share/zoneinfo/Atlantic/Bermuda", + "usr/share/zoneinfo/Atlantic/Canary", + "usr/share/zoneinfo/Atlantic/Cape_Verde", + "usr/share/zoneinfo/Atlantic/Faeroe", + "usr/share/zoneinfo/Atlantic/Faroe", + "usr/share/zoneinfo/Atlantic/Jan_Mayen", + "usr/share/zoneinfo/Atlantic/Madeira", + "usr/share/zoneinfo/Atlantic/Reykjavik", + "usr/share/zoneinfo/Atlantic/South_Georgia", + "usr/share/zoneinfo/Atlantic/St_Helena", + "usr/share/zoneinfo/Atlantic/Stanley", + "usr/share/zoneinfo/Australia/ACT", + "usr/share/zoneinfo/Australia/Adelaide", + "usr/share/zoneinfo/Australia/Brisbane", + "usr/share/zoneinfo/Australia/Broken_Hill", + "usr/share/zoneinfo/Australia/Canberra", + "usr/share/zoneinfo/Australia/Currie", + "usr/share/zoneinfo/Australia/Darwin", + "usr/share/zoneinfo/Australia/Eucla", + "usr/share/zoneinfo/Australia/Hobart", + "usr/share/zoneinfo/Australia/LHI", + "usr/share/zoneinfo/Australia/Lindeman", + "usr/share/zoneinfo/Australia/Lord_Howe", + "usr/share/zoneinfo/Australia/Melbourne", + "usr/share/zoneinfo/Australia/NSW", + "usr/share/zoneinfo/Australia/North", + "usr/share/zoneinfo/Australia/Perth", + "usr/share/zoneinfo/Australia/Queensland", + "usr/share/zoneinfo/Australia/South", + "usr/share/zoneinfo/Australia/Sydney", + "usr/share/zoneinfo/Australia/Tasmania", + "usr/share/zoneinfo/Australia/Victoria", + "usr/share/zoneinfo/Australia/West", + "usr/share/zoneinfo/Australia/Yancowinna", + "usr/share/zoneinfo/Brazil/Acre", + "usr/share/zoneinfo/Brazil/DeNoronha", + "usr/share/zoneinfo/Brazil/East", + "usr/share/zoneinfo/Brazil/West", + "usr/share/zoneinfo/Canada/Atlantic", + "usr/share/zoneinfo/Canada/Central", + "usr/share/zoneinfo/Canada/Eastern", + "usr/share/zoneinfo/Canada/Mountain", + "usr/share/zoneinfo/Canada/Newfoundland", + "usr/share/zoneinfo/Canada/Pacific", + "usr/share/zoneinfo/Canada/Saskatchewan", + "usr/share/zoneinfo/Canada/Yukon", + "usr/share/zoneinfo/Chile/Continental", + "usr/share/zoneinfo/Chile/EasterIsland", + "usr/share/zoneinfo/Etc/GMT", + "usr/share/zoneinfo/Etc/GMT+0", + "usr/share/zoneinfo/Etc/GMT+1", + "usr/share/zoneinfo/Etc/GMT+10", + "usr/share/zoneinfo/Etc/GMT+11", + "usr/share/zoneinfo/Etc/GMT+12", + "usr/share/zoneinfo/Etc/GMT+2", + "usr/share/zoneinfo/Etc/GMT+3", + "usr/share/zoneinfo/Etc/GMT+4", + "usr/share/zoneinfo/Etc/GMT+5", + "usr/share/zoneinfo/Etc/GMT+6", + "usr/share/zoneinfo/Etc/GMT+7", + "usr/share/zoneinfo/Etc/GMT+8", + "usr/share/zoneinfo/Etc/GMT+9", + "usr/share/zoneinfo/Etc/GMT-0", + "usr/share/zoneinfo/Etc/GMT-1", + "usr/share/zoneinfo/Etc/GMT-10", + "usr/share/zoneinfo/Etc/GMT-11", + "usr/share/zoneinfo/Etc/GMT-12", + "usr/share/zoneinfo/Etc/GMT-13", + "usr/share/zoneinfo/Etc/GMT-14", + "usr/share/zoneinfo/Etc/GMT-2", + "usr/share/zoneinfo/Etc/GMT-3", + "usr/share/zoneinfo/Etc/GMT-4", + "usr/share/zoneinfo/Etc/GMT-5", + "usr/share/zoneinfo/Etc/GMT-6", + "usr/share/zoneinfo/Etc/GMT-7", + "usr/share/zoneinfo/Etc/GMT-8", + "usr/share/zoneinfo/Etc/GMT-9", + "usr/share/zoneinfo/Etc/GMT0", + "usr/share/zoneinfo/Etc/Greenwich", + "usr/share/zoneinfo/Etc/UCT", + "usr/share/zoneinfo/Etc/UTC", + "usr/share/zoneinfo/Etc/Universal", + "usr/share/zoneinfo/Etc/Zulu", + "usr/share/zoneinfo/Europe/Amsterdam", + "usr/share/zoneinfo/Europe/Andorra", + "usr/share/zoneinfo/Europe/Astrakhan", + "usr/share/zoneinfo/Europe/Athens", + "usr/share/zoneinfo/Europe/Belfast", + "usr/share/zoneinfo/Europe/Belgrade", + "usr/share/zoneinfo/Europe/Berlin", + "usr/share/zoneinfo/Europe/Bratislava", + "usr/share/zoneinfo/Europe/Brussels", + "usr/share/zoneinfo/Europe/Bucharest", + "usr/share/zoneinfo/Europe/Budapest", + "usr/share/zoneinfo/Europe/Busingen", + "usr/share/zoneinfo/Europe/Chisinau", + "usr/share/zoneinfo/Europe/Copenhagen", + "usr/share/zoneinfo/Europe/Dublin", + "usr/share/zoneinfo/Europe/Gibraltar", + "usr/share/zoneinfo/Europe/Guernsey", + "usr/share/zoneinfo/Europe/Helsinki", + "usr/share/zoneinfo/Europe/Isle_of_Man", + "usr/share/zoneinfo/Europe/Istanbul", + "usr/share/zoneinfo/Europe/Jersey", + "usr/share/zoneinfo/Europe/Kaliningrad", + "usr/share/zoneinfo/Europe/Kiev", + "usr/share/zoneinfo/Europe/Kirov", + "usr/share/zoneinfo/Europe/Kyiv", + "usr/share/zoneinfo/Europe/Lisbon", + "usr/share/zoneinfo/Europe/Ljubljana", + "usr/share/zoneinfo/Europe/London", + "usr/share/zoneinfo/Europe/Luxembourg", + "usr/share/zoneinfo/Europe/Madrid", + "usr/share/zoneinfo/Europe/Malta", + "usr/share/zoneinfo/Europe/Mariehamn", + "usr/share/zoneinfo/Europe/Minsk", + "usr/share/zoneinfo/Europe/Monaco", + "usr/share/zoneinfo/Europe/Moscow", + "usr/share/zoneinfo/Europe/Nicosia", + "usr/share/zoneinfo/Europe/Oslo", + "usr/share/zoneinfo/Europe/Paris", + "usr/share/zoneinfo/Europe/Podgorica", + "usr/share/zoneinfo/Europe/Prague", + "usr/share/zoneinfo/Europe/Riga", + "usr/share/zoneinfo/Europe/Rome", + "usr/share/zoneinfo/Europe/Samara", + "usr/share/zoneinfo/Europe/San_Marino", + "usr/share/zoneinfo/Europe/Sarajevo", + "usr/share/zoneinfo/Europe/Saratov", + "usr/share/zoneinfo/Europe/Simferopol", + "usr/share/zoneinfo/Europe/Skopje", + "usr/share/zoneinfo/Europe/Sofia", + "usr/share/zoneinfo/Europe/Stockholm", + "usr/share/zoneinfo/Europe/Tallinn", + "usr/share/zoneinfo/Europe/Tirane", + "usr/share/zoneinfo/Europe/Tiraspol", + "usr/share/zoneinfo/Europe/Ulyanovsk", + "usr/share/zoneinfo/Europe/Uzhgorod", + "usr/share/zoneinfo/Europe/Vaduz", + "usr/share/zoneinfo/Europe/Vatican", + "usr/share/zoneinfo/Europe/Vienna", + "usr/share/zoneinfo/Europe/Vilnius", + "usr/share/zoneinfo/Europe/Volgograd", + "usr/share/zoneinfo/Europe/Warsaw", + "usr/share/zoneinfo/Europe/Zagreb", + "usr/share/zoneinfo/Europe/Zaporozhye", + "usr/share/zoneinfo/Europe/Zurich", + "usr/share/zoneinfo/Indian/Antananarivo", + "usr/share/zoneinfo/Indian/Chagos", + "usr/share/zoneinfo/Indian/Christmas", + "usr/share/zoneinfo/Indian/Cocos", + "usr/share/zoneinfo/Indian/Comoro", + "usr/share/zoneinfo/Indian/Kerguelen", + "usr/share/zoneinfo/Indian/Mahe", + "usr/share/zoneinfo/Indian/Maldives", + "usr/share/zoneinfo/Indian/Mauritius", + "usr/share/zoneinfo/Indian/Mayotte", + "usr/share/zoneinfo/Indian/Reunion", + "usr/share/zoneinfo/Mexico/BajaNorte", + "usr/share/zoneinfo/Mexico/BajaSur", + "usr/share/zoneinfo/Mexico/General", + "usr/share/zoneinfo/Pacific/Apia", + "usr/share/zoneinfo/Pacific/Auckland", + "usr/share/zoneinfo/Pacific/Bougainville", + "usr/share/zoneinfo/Pacific/Chatham", + "usr/share/zoneinfo/Pacific/Chuuk", + "usr/share/zoneinfo/Pacific/Easter", + "usr/share/zoneinfo/Pacific/Efate", + "usr/share/zoneinfo/Pacific/Enderbury", + "usr/share/zoneinfo/Pacific/Fakaofo", + "usr/share/zoneinfo/Pacific/Fiji", + "usr/share/zoneinfo/Pacific/Funafuti", + "usr/share/zoneinfo/Pacific/Galapagos", + "usr/share/zoneinfo/Pacific/Gambier", + "usr/share/zoneinfo/Pacific/Guadalcanal", + "usr/share/zoneinfo/Pacific/Guam", + "usr/share/zoneinfo/Pacific/Honolulu", + "usr/share/zoneinfo/Pacific/Johnston", + "usr/share/zoneinfo/Pacific/Kanton", + "usr/share/zoneinfo/Pacific/Kiritimati", + "usr/share/zoneinfo/Pacific/Kosrae", + "usr/share/zoneinfo/Pacific/Kwajalein", + "usr/share/zoneinfo/Pacific/Majuro", + "usr/share/zoneinfo/Pacific/Marquesas", + "usr/share/zoneinfo/Pacific/Midway", + "usr/share/zoneinfo/Pacific/Nauru", + "usr/share/zoneinfo/Pacific/Niue", + "usr/share/zoneinfo/Pacific/Norfolk", + "usr/share/zoneinfo/Pacific/Noumea", + "usr/share/zoneinfo/Pacific/Pago_Pago", + "usr/share/zoneinfo/Pacific/Palau", + "usr/share/zoneinfo/Pacific/Pitcairn", + "usr/share/zoneinfo/Pacific/Pohnpei", + "usr/share/zoneinfo/Pacific/Ponape", + "usr/share/zoneinfo/Pacific/Port_Moresby", + "usr/share/zoneinfo/Pacific/Rarotonga", + "usr/share/zoneinfo/Pacific/Saipan", + "usr/share/zoneinfo/Pacific/Samoa", + "usr/share/zoneinfo/Pacific/Tahiti", + "usr/share/zoneinfo/Pacific/Tarawa", + "usr/share/zoneinfo/Pacific/Tongatapu", + "usr/share/zoneinfo/Pacific/Truk", + "usr/share/zoneinfo/Pacific/Wake", + "usr/share/zoneinfo/Pacific/Wallis", + "usr/share/zoneinfo/Pacific/Yap", + "usr/share/zoneinfo/US/Alaska", + "usr/share/zoneinfo/US/Aleutian", + "usr/share/zoneinfo/US/Arizona", + "usr/share/zoneinfo/US/Central", + "usr/share/zoneinfo/US/East-Indiana", + "usr/share/zoneinfo/US/Eastern", + "usr/share/zoneinfo/US/Hawaii", + "usr/share/zoneinfo/US/Indiana-Starke", + "usr/share/zoneinfo/US/Michigan", + "usr/share/zoneinfo/US/Mountain", + "usr/share/zoneinfo/US/Pacific", + "usr/share/zoneinfo/US/Samoa" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "xz-libs@5.6.3-r0", + "Name": "xz-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/xz-libs@5.6.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "458a272f25e033f6" + }, + "Version": "5.6.3-r0", + "Arch": "x86_64", + "SrcName": "xz", + "SrcVersion": "5.6.3-r0", + "Licenses": [ + "GPL-2.0-or-later", + "0BSD", + "Public-Domain", + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:019d37b9326daf6a7a7840ec5957b7a65c79ccac", + "InstalledFiles": [ + "usr/lib/liblzma.so.5", + "usr/lib/liblzma.so.5.6.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "yajl@2.1.0-r9", + "Name": "yajl", + "Identifier": { + "PURL": "pkg:apk/alpine/yajl@2.1.0-r9?arch=x86_64\u0026distro=3.21.3", + "UID": "9f268f83dfacd4e4" + }, + "Version": "2.1.0-r9", + "Arch": "x86_64", + "SrcName": "yajl", + "SrcVersion": "2.1.0-r9", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:deeebb9f26dee94a268c7794b1c9999ba8cf7d2c", + "InstalledFiles": [ + "usr/lib/libyajl.so.2", + "usr/lib/libyajl.so.2.1.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "yaml-cpp@0.8.0-r0", + "Name": "yaml-cpp", + "Identifier": { + "PURL": "pkg:apk/alpine/yaml-cpp@0.8.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "93d263e84643ff61" + }, + "Version": "0.8.0-r0", + "Arch": "x86_64", + "SrcName": "yaml-cpp", + "SrcVersion": "0.8.0-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", + "DependsOn": [ + "libgcc@14.2.0-r4", + "libstdc++@14.2.0-r4", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:bf8a86b5bf3434a9e461104384b38466ff1b3970", + "InstalledFiles": [ + "usr/lib/libyaml-cpp.so.0.8", + "usr/lib/libyaml-cpp.so.0.8.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "zlib@1.3.1-r2", + "Name": "zlib", + "Identifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.21.3", + "UID": "3b545badcbeb3bc0" + }, + "Version": "1.3.1-r2", + "Arch": "x86_64", + "SrcName": "zlib", + "SrcVersion": "1.3.1-r2", + "Licenses": [ + "Zlib" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "Digest": "sha1:f0b90f76367ac51b4a3e70432ed00e6dca6a7432", + "InstalledFiles": [ + "usr/lib/libz.so.1", + "usr/lib/libz.so.1.3.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "zstd-libs@1.5.6-r2", + "Name": "zstd-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/zstd-libs@1.5.6-r2?arch=x86_64\u0026distro=3.21.3", + "UID": "12ea9cf6ad7ac333" + }, + "Version": "1.5.6-r2", + "Arch": "x86_64", + "SrcName": "zstd", + "SrcVersion": "1.5.6-r2", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "Digest": "sha1:974f4e438a513770c78e286dae55203fc38604db", + "InstalledFiles": [ + "usr/lib/libzstd.so.1", + "usr/lib/libzstd.so.1.5.6" + ], + "AnalyzedBy": "apk" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2024-58251", + "PkgID": "busybox@1.37.0-r12", + "PkgName": "busybox", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", + "UID": "40c5c5c69a5100e0" + }, + "InstalledVersion": "1.37.0-r12", + "FixedVersion": "1.37.0-r14", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:5008ff6994044aa02c0026f5346f51c3f5eb54e36671aaea379d7d4c7c984cfc", + "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", + "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/23/6", + "https://bugs.busybox.net/show_bug.cgi?id=15922", + "https://www.busybox.net", + "https://www.busybox.net/downloads/", + "https://www.cve.org/CVERecord?id=CVE-2024-58251" + ], + "PublishedDate": "2025-04-23T18:16:03.057Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-58251", + "PkgID": "busybox-binsh@1.37.0-r12", + "PkgName": "busybox-binsh", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", + "UID": "f727574eea8e47ea" + }, + "InstalledVersion": "1.37.0-r12", + "FixedVersion": "1.37.0-r14", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:9391faf36c471b2225972a83f0f29f1ee22a3b91187a8bbfd675b82f1a0fd524", + "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", + "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/23/6", + "https://bugs.busybox.net/show_bug.cgi?id=15922", + "https://www.busybox.net", + "https://www.busybox.net/downloads/", + "https://www.cve.org/CVERecord?id=CVE-2024-58251" + ], + "PublishedDate": "2025-04-23T18:16:03.057Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-31498", + "PkgID": "c-ares@1.34.3-r0", + "PkgName": "c-ares", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/c-ares@1.34.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "65e5c61e1dac77c8" + }, + "InstalledVersion": "1.34.3-r0", + "FixedVersion": "1.34.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-31498", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:daa82d8dbf7e06b9bb819b9820844f16e7b4bab5dca39dd2d377cb80d8b86949", + "Title": "c-ares: c-ares has a use-after-free in read_answers()", + "Description": "c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in read_answers() when process_answer() may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed the connection immediately after a response. If there was an issue trying to put that new transaction on the wire, it would close the connection handle, but read_answers() was still expecting the connection handle to be available to possibly dequeue other responses. In theory a remote attacker might be able to trigger this by flooding the target with ICMP UNREACHABLE packets if they also control the upstream nameserver and can return a result with one of those conditions, this has been untested. Otherwise only a local attacker might be able to change system behavior to make send()/write() return a failure condition. This vulnerability is fixed in 1.34.5.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/08/3", + "https://access.redhat.com/errata/RHSA-2025:7433", + "https://access.redhat.com/security/cve/CVE-2025-31498", + "https://bugzilla.redhat.com/2358271", + "https://bugzilla.redhat.com/2359553", + "https://bugzilla.redhat.com/show_bug.cgi?id=2358271", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359553", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31498", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3277", + "https://errata.almalinux.org/9/ALSA-2025-7433.html", + "https://errata.rockylinux.org/RLSA-2025:7433", + "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1", + "https://github.com/c-ares/c-ares/pull/821", + "https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v", + "https://linux.oracle.com/cve/CVE-2025-31498.html", + "https://linux.oracle.com/errata/ELSA-2025-7502.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-31498", + "https://ubuntu.com/security/notices/USN-7477-1", + "https://www.cve.org/CVERecord?id=CVE-2025-31498" + ], + "PublishedDate": "2025-04-08T14:15:35.293Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-62408", + "PkgID": "c-ares@1.34.3-r0", + "PkgName": "c-ares", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/c-ares@1.34.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "65e5c61e1dac77c8" + }, + "InstalledVersion": "1.34.3-r0", + "FixedVersion": "1.34.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-62408", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:553c2d877421fd43e6ef19fe3d24b67cd08ec722d5bdb7d15e0371d6b0319c8b", + "Title": "c-ares: c-ares: Denial of Service due to query termination after maximum attempts", + "Description": "c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and process_answer(), which can cause a Denial of Service. This issue is fixed in version 1.34.6.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-62408", + "https://github.com/c-ares/c-ares/commit/714bf5675c541bd1e668a8db8e67ce012651e618", + "https://github.com/c-ares/c-ares/security/advisories/GHSA-jq53-42q6-pqr5", + "https://nvd.nist.gov/vuln/detail/CVE-2025-62408", + "https://ubuntu.com/security/notices/USN-7925-1", + "https://www.cve.org/CVERecord?id=CVE-2025-62408" + ], + "PublishedDate": "2025-12-08T22:15:52.62Z", + "LastModifiedDate": "2026-02-02T14:40:44.843Z" + }, + { + "VulnerabilityID": "CVE-2025-4947", + "PkgID": "curl@8.12.1-r1", + "PkgName": "curl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/curl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "88c4306caf842e16" + }, + "InstalledVersion": "8.12.1-r1", + "FixedVersion": "8.14.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4947", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:4fd9bb1c32eff8894a6690cbf709aeedbca4f99603382d9b88409a837da55762", + "Title": "libcurl: curl: QUIC certificate check skip with wolfSSL", + "Description": "libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/28/4", + "https://access.redhat.com/security/cve/CVE-2025-4947", + "https://curl.se/docs/CVE-2025-4947.html", + "https://curl.se/docs/CVE-2025-4947.json", + "https://github.com/advisories/GHSA-ppfq-jg49-mqj4", + "https://hackerone.com/reports/3150884", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4947", + "https://www.cve.org/CVERecord?id=CVE-2025-4947" + ], + "PublishedDate": "2025-05-28T07:15:24.78Z", + "LastModifiedDate": "2025-06-26T15:08:21.52Z" + }, + { + "VulnerabilityID": "CVE-2025-5025", + "PkgID": "curl@8.12.1-r1", + "PkgName": "curl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/curl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "88c4306caf842e16" + }, + "InstalledVersion": "8.12.1-r1", + "FixedVersion": "8.14.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5025", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:64ab30e9d878106369ea1819bda44ccdbc2bdf5f7b292293e4d4ff1dfab7a472", + "Title": "curl: libcurl: QUIC Certificate Pinning Bypass", + "Description": "libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/28/5", + "https://access.redhat.com/security/cve/CVE-2025-5025", + "https://curl.se/docs/CVE-2025-5025.html", + "https://curl.se/docs/CVE-2025-5025.json", + "https://github.com/advisories/GHSA-x8ch-h5vv-q6cm", + "https://hackerone.com/reports/3153497", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5025", + "https://www.cve.org/CVERecord?id=CVE-2025-5025" + ], + "PublishedDate": "2025-05-28T07:15:24.91Z", + "LastModifiedDate": "2025-07-30T19:41:37.987Z" + }, + { + "VulnerabilityID": "CVE-2025-5399", + "PkgID": "curl@8.12.1-r1", + "PkgName": "curl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/curl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "88c4306caf842e16" + }, + "InstalledVersion": "8.12.1-r1", + "FixedVersion": "8.14.1-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5399", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:0128598178f385c370fa49fb8756b4ca68ac94595c91f359e615af42cddfb713", + "Title": "curl: libcurl: WebSocket endless loop", + "Description": "Due to a mistake in libcurl's WebSocket code, a malicious server can send a\nparticularly crafted packet which makes libcurl get trapped in an endless\nbusy-loop.\n\nThere is no other way for the application to escape or exit this loop other\nthan killing the thread/process.\n\nThis might be used to DoS libcurl-using application.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "alma": 2, + "julia": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/06/04/2", + "https://access.redhat.com/errata/RHSA-2025:16046", + "https://access.redhat.com/security/cve/CVE-2025-5399", + "https://bugzilla.redhat.com/2359885", + "https://bugzilla.redhat.com/2359888", + "https://bugzilla.redhat.com/2359892", + "https://bugzilla.redhat.com/2359894", + "https://bugzilla.redhat.com/2359895", + "https://bugzilla.redhat.com/2359899", + "https://bugzilla.redhat.com/2359900", + "https://bugzilla.redhat.com/2359902", + "https://bugzilla.redhat.com/2359903", + "https://bugzilla.redhat.com/2359911", + "https://bugzilla.redhat.com/2359918", + "https://bugzilla.redhat.com/2359920", + "https://bugzilla.redhat.com/2359924", + "https://bugzilla.redhat.com/2359928", + "https://bugzilla.redhat.com/2359930", + "https://bugzilla.redhat.com/2359932", + "https://bugzilla.redhat.com/2359934", + "https://bugzilla.redhat.com/2359938", + "https://bugzilla.redhat.com/2359940", + "https://bugzilla.redhat.com/2359943", + "https://bugzilla.redhat.com/2359944", + "https://bugzilla.redhat.com/2359945", + "https://bugzilla.redhat.com/2359947", + "https://bugzilla.redhat.com/2359950", + "https://bugzilla.redhat.com/2359963", + "https://bugzilla.redhat.com/2359964", + "https://bugzilla.redhat.com/2359972", + "https://bugzilla.redhat.com/2370920", + "https://bugzilla.redhat.com/2380264", + "https://bugzilla.redhat.com/2380273", + "https://bugzilla.redhat.com/2380274", + "https://bugzilla.redhat.com/2380278", + "https://bugzilla.redhat.com/2380280", + "https://bugzilla.redhat.com/2380283", + "https://bugzilla.redhat.com/2380284", + "https://bugzilla.redhat.com/2380290", + "https://bugzilla.redhat.com/2380291", + "https://bugzilla.redhat.com/2380295", + "https://bugzilla.redhat.com/2380298", + "https://bugzilla.redhat.com/2380306", + "https://bugzilla.redhat.com/2380308", + "https://bugzilla.redhat.com/2380309", + "https://bugzilla.redhat.com/2380310", + "https://bugzilla.redhat.com/2380312", + "https://bugzilla.redhat.com/2380313", + "https://bugzilla.redhat.com/2380320", + "https://bugzilla.redhat.com/2380321", + "https://bugzilla.redhat.com/2380322", + "https://bugzilla.redhat.com/2380326", + "https://bugzilla.redhat.com/2380327", + "https://bugzilla.redhat.com/2380334", + "https://bugzilla.redhat.com/2380335", + "https://bugzilla.redhat.com/show_bug.cgi?id=2338999", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359885", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359888", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359892", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359894", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359895", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359899", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359900", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359902", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359903", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359911", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359920", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359924", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359928", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359930", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359932", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359934", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359938", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359940", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359943", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359944", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359945", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359947", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359950", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359963", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359964", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359972", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370920", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380264", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380274", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380280", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380283", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380284", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380290", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380291", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380295", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380298", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380306", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380308", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380309", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380312", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380313", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380320", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380321", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380322", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380326", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380327", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380334", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380335", + "https://curl.se/docs/CVE-2025-5399.html", + "https://curl.se/docs/CVE-2025-5399.json", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21574", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21575", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21577", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21579", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21580", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21581", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21584", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21585", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21588", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30681", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30682", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30683", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30684", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30685", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30687", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30688", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30693", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30695", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30696", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30699", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30703", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30704", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30721", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30722", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50077", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50078", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50079", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50080", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50081", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50082", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50083", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50084", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50085", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50086", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50087", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50088", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50093", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50094", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50096", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50097", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50098", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50099", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50100", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50101", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50102", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50104", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5399", + "https://errata.almalinux.org/9/ALSA-2025-16046.html", + "https://errata.rockylinux.org/RLSA-2025:15699", + "https://github.com/advisories/GHSA-8h93-38hx-vv92", + "https://hackerone.com/reports/3168039", + "https://linux.oracle.com/cve/CVE-2025-5399.html", + "https://linux.oracle.com/errata/ELSA-2025-16046.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5399", + "https://www.cve.org/CVERecord?id=CVE-2025-5399", + "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixMSQL" + ], + "PublishedDate": "2025-06-07T08:15:20.687Z", + "LastModifiedDate": "2025-07-30T19:41:33.457Z" + }, + { + "VulnerabilityID": "CVE-2025-9086", + "PkgID": "curl@8.12.1-r1", + "PkgName": "curl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/curl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "88c4306caf842e16" + }, + "InstalledVersion": "8.12.1-r1", + "FixedVersion": "8.14.1-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9086", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:23e3583f13b837a485d02386c6975dc9ffe90ac2ea1e1d39a1b119d50dba92c1", + "Title": "curl: libcurl: Curl out of bounds read for cookie path", + "Description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 1, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://access.redhat.com/errata/RHSA-2026:1350", + "https://access.redhat.com/security/cve/CVE-2025-9086", + "https://bugzilla.redhat.com/2394750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2394750", + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086", + "https://errata.almalinux.org/9/ALSA-2026-1350.html", + "https://errata.rockylinux.org/RLSA-2026:1350", + "https://github.com/advisories/GHSA-v676-f8gm-92r9", + "https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6", + "https://hackerone.com/reports/3294999", + "https://linux.oracle.com/cve/CVE-2025-9086.html", + "https://linux.oracle.com/errata/ELSA-2026-1825.html", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "https://ubuntu.com/security/notices/USN-8062-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9086" + ], + "PublishedDate": "2025-09-12T06:15:44.1Z", + "LastModifiedDate": "2026-01-20T14:58:01.347Z" + }, + { + "VulnerabilityID": "CVE-2025-5222", + "PkgID": "icu-data-en@74.2-r0", + "PkgName": "icu-data-en", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/icu-data-en@74.2-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "74207ee7b1ed24e6" + }, + "InstalledVersion": "74.2-r0", + "FixedVersion": "74.2-r1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5222", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:a46854b1a791c8ce12365f46b551d78715d7123fd13a5accec95fb9e76a0bfb2", + "Title": "icu: Stack buffer overflow in the SRBRoot::addTag function", + "Description": "A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-120" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:11888", + "https://access.redhat.com/errata/RHSA-2025:12083", + "https://access.redhat.com/errata/RHSA-2025:12331", + "https://access.redhat.com/errata/RHSA-2025:12332", + "https://access.redhat.com/errata/RHSA-2025:12333", + "https://access.redhat.com/security/cve/CVE-2025-5222", + "https://bugzilla.redhat.com/2368600", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368600", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5222", + "https://errata.almalinux.org/9/ALSA-2025-12083.html", + "https://errata.rockylinux.org/RLSA-2025:12083", + "https://linux.oracle.com/cve/CVE-2025-5222.html", + "https://linux.oracle.com/errata/ELSA-2025-12083.html", + "https://lists.debian.org/debian-lts-announce/2025/06/msg00015.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5222", + "https://unicode-org.atlassian.net/jira/software/c/projects/ICU/issues/ICU-22957", + "https://www.cve.org/CVERecord?id=CVE-2025-5222" + ], + "PublishedDate": "2025-05-27T21:15:23.03Z", + "LastModifiedDate": "2026-04-23T00:16:44.093Z" + }, + { + "VulnerabilityID": "CVE-2025-5222", + "PkgID": "icu-libs@74.2-r0", + "PkgName": "icu-libs", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/icu-libs@74.2-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "f5b3fee3128ff69c" + }, + "InstalledVersion": "74.2-r0", + "FixedVersion": "74.2-r1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5222", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:5365f3ab9f7d182830f7241ac6a7468fa9de559c9dbcf0dfd45b0860aade117c", + "Title": "icu: Stack buffer overflow in the SRBRoot::addTag function", + "Description": "A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-120" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 1 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:11888", + "https://access.redhat.com/errata/RHSA-2025:12083", + "https://access.redhat.com/errata/RHSA-2025:12331", + "https://access.redhat.com/errata/RHSA-2025:12332", + "https://access.redhat.com/errata/RHSA-2025:12333", + "https://access.redhat.com/security/cve/CVE-2025-5222", + "https://bugzilla.redhat.com/2368600", + "https://bugzilla.redhat.com/show_bug.cgi?id=2368600", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5222", + "https://errata.almalinux.org/9/ALSA-2025-12083.html", + "https://errata.rockylinux.org/RLSA-2025:12083", + "https://linux.oracle.com/cve/CVE-2025-5222.html", + "https://linux.oracle.com/errata/ELSA-2025-12083.html", + "https://lists.debian.org/debian-lts-announce/2025/06/msg00015.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5222", + "https://unicode-org.atlassian.net/jira/software/c/projects/ICU/issues/ICU-22957", + "https://www.cve.org/CVERecord?id=CVE-2025-5222" + ], + "PublishedDate": "2025-05-27T21:15:23.03Z", + "LastModifiedDate": "2026-04-23T00:16:44.093Z" + }, + { + "VulnerabilityID": "CVE-2026-31789", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:c2b2293c000a7726b321d64d6b79f3411e8cdb53d0de0bbe0ff99e2ebb194c06", + "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", + "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "nvd": 4, + "photon": 4, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 5.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31789", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-j79m-9jxq-788r", + "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", + "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", + "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", + "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", + "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31789", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.617Z", + "LastModifiedDate": "2026-05-12T13:17:34.57Z" + }, + { + "VulnerabilityID": "CVE-2025-15467", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:c4d596a302d97b4a2eb3c82e9da44d59f5e0f942d51b2f7fb96d52ee1fc9ca96", + "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", + "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 4, + "julia": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6", + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-15467", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", + "https://github.com/guiimoraes/CVE-2025-15467", + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://linux.oracle.com/cve/CVE-2025-15467.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-15467" + ], + "PublishedDate": "2026-01-27T16:16:14.257Z", + "LastModifiedDate": "2026-05-07T18:12:43.253Z" + }, + { + "VulnerabilityID": "CVE-2025-69421", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ef352c5cd5803b2747d077a826b2ec6137b19bf9d724dffd08d4b4cc169a1819", + "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", + "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-69421", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://linux.oracle.com/cve/CVE-2025-69421.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69421" + ], + "PublishedDate": "2026-01-27T16:16:34.437Z", + "LastModifiedDate": "2026-05-12T13:17:26.71Z" + }, + { + "VulnerabilityID": "CVE-2026-28387", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:83cde2b0e941d5d1620c5350af9f4ee76e7f1c047f5fa251719018813500b210", + "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", + "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28387", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", + "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", + "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", + "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", + "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28387", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.7Z", + "LastModifiedDate": "2026-05-12T13:17:33.27Z" + }, + { + "VulnerabilityID": "CVE-2026-28388", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:e726efbd36529ead0699c7e3be394cdd6fcfa9625e2c99787bd60bbcd9e0a6f7", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", + "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28388", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", + "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", + "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", + "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", + "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28388", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.863Z", + "LastModifiedDate": "2026-05-12T13:17:33.453Z" + }, + { + "VulnerabilityID": "CVE-2026-28389", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:1f8eb74470e013a5acd337751ec36b4cd7543b9472f3006444b4fdc09284ce52", + "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28389", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/advisories/GHSA-7x88-9hgc-69gf", + "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", + "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", + "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", + "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", + "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28389", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.03Z", + "LastModifiedDate": "2026-05-12T13:17:33.637Z" + }, + { + "VulnerabilityID": "CVE-2026-28390", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:2993df162cb6eb7c57b311da2301e251c474d4ce0e4a32829575c040edf2d6b2", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28390", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", + "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", + "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", + "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", + "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28390", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.19Z", + "LastModifiedDate": "2026-05-12T13:17:33.81Z" + }, + { + "VulnerabilityID": "CVE-2025-69419", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ab61547f35fb0521c39204a475a9246c6faeba32419af243e0d506b3f4ebc724", + "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", + "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4472", + "https://access.redhat.com/security/cve/CVE-2025-69419", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-4472.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-x77r-97gw-wh89", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://linux.oracle.com/cve/CVE-2025-69419.html", + "https://linux.oracle.com/errata/ELSA-2026-50131.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69419" + ], + "PublishedDate": "2026-01-27T16:16:34.113Z", + "LastModifiedDate": "2026-05-12T13:17:26.19Z" + }, + { + "VulnerabilityID": "CVE-2025-9230", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:31056f6e89f6449dfb80e8731a3cc0516cea7f4bbb52cac6030f426730a49cbb", + "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", + "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://access.redhat.com/errata/RHSA-2026:2776", + "https://access.redhat.com/security/cve/CVE-2025-9230", + "https://bugzilla.redhat.com/2396054", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", + "https://errata.almalinux.org/9/ALSA-2026-2776.html", + "https://errata.rockylinux.org/RLSA-2025:21255", + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://linux.oracle.com/cve/CVE-2025-9230.html", + "https://linux.oracle.com/errata/ELSA-2026-50114.html", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9230" + ], + "PublishedDate": "2025-09-30T14:15:41.05Z", + "LastModifiedDate": "2026-05-12T13:17:29.767Z" + }, + { + "VulnerabilityID": "CVE-2025-9231", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:48664925b9e964a36e4880b9b85f310edf4d319fd050325b18ab75828b6853d4", + "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-385" + ], + "VendorSeverity": { + "amazon": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "http://www.openwall.com/lists/oss-security/2026/05/11/11", + "https://access.redhat.com/security/cve/CVE-2025-9231", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", + "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", + "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", + "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", + "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9231" + ], + "PublishedDate": "2025-09-30T14:15:41.19Z", + "LastModifiedDate": "2026-05-12T13:17:29.927Z" + }, + { + "VulnerabilityID": "CVE-2026-31790", + "PkgID": "libcrypto3@3.3.3-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "b6dee14d788cd234" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:2dcfc2c3a53862a8c0b3e3585fc070ac3b33764dd2d5a8da252bb0b6b17fc053", + "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", + "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31790", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", + "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", + "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", + "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", + "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", + "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31790", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.77Z", + "LastModifiedDate": "2026-05-12T13:17:34.75Z" + }, + { + "VulnerabilityID": "CVE-2025-4947", + "PkgID": "libcurl@8.12.1-r1", + "PkgName": "libcurl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcurl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "bb07c860cc2206ec" + }, + "InstalledVersion": "8.12.1-r1", + "FixedVersion": "8.14.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4947", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:fff82804c7f1c82443ee44e0f80b2250bfadd3058d2f91cdac08922a3636046c", + "Title": "libcurl: curl: QUIC certificate check skip with wolfSSL", + "Description": "libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/28/4", + "https://access.redhat.com/security/cve/CVE-2025-4947", + "https://curl.se/docs/CVE-2025-4947.html", + "https://curl.se/docs/CVE-2025-4947.json", + "https://github.com/advisories/GHSA-ppfq-jg49-mqj4", + "https://hackerone.com/reports/3150884", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4947", + "https://www.cve.org/CVERecord?id=CVE-2025-4947" + ], + "PublishedDate": "2025-05-28T07:15:24.78Z", + "LastModifiedDate": "2025-06-26T15:08:21.52Z" + }, + { + "VulnerabilityID": "CVE-2025-5025", + "PkgID": "libcurl@8.12.1-r1", + "PkgName": "libcurl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcurl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "bb07c860cc2206ec" + }, + "InstalledVersion": "8.12.1-r1", + "FixedVersion": "8.14.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5025", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:f9cb4cd10fb504a51313abea70f9d060018fef5bba0ffa9eba5b759539cea564", + "Title": "curl: libcurl: QUIC Certificate Pinning Bypass", + "Description": "libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/28/5", + "https://access.redhat.com/security/cve/CVE-2025-5025", + "https://curl.se/docs/CVE-2025-5025.html", + "https://curl.se/docs/CVE-2025-5025.json", + "https://github.com/advisories/GHSA-x8ch-h5vv-q6cm", + "https://hackerone.com/reports/3153497", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5025", + "https://www.cve.org/CVERecord?id=CVE-2025-5025" + ], + "PublishedDate": "2025-05-28T07:15:24.91Z", + "LastModifiedDate": "2025-07-30T19:41:37.987Z" + }, + { + "VulnerabilityID": "CVE-2025-5399", + "PkgID": "libcurl@8.12.1-r1", + "PkgName": "libcurl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcurl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "bb07c860cc2206ec" + }, + "InstalledVersion": "8.12.1-r1", + "FixedVersion": "8.14.1-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5399", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:9f8793eef5fad1ef4c1a96161b310d238e89d69f8d875bc0103c196de5a42e30", + "Title": "curl: libcurl: WebSocket endless loop", + "Description": "Due to a mistake in libcurl's WebSocket code, a malicious server can send a\nparticularly crafted packet which makes libcurl get trapped in an endless\nbusy-loop.\n\nThere is no other way for the application to escape or exit this loop other\nthan killing the thread/process.\n\nThis might be used to DoS libcurl-using application.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "alma": 2, + "julia": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/06/04/2", + "https://access.redhat.com/errata/RHSA-2025:16046", + "https://access.redhat.com/security/cve/CVE-2025-5399", + "https://bugzilla.redhat.com/2359885", + "https://bugzilla.redhat.com/2359888", + "https://bugzilla.redhat.com/2359892", + "https://bugzilla.redhat.com/2359894", + "https://bugzilla.redhat.com/2359895", + "https://bugzilla.redhat.com/2359899", + "https://bugzilla.redhat.com/2359900", + "https://bugzilla.redhat.com/2359902", + "https://bugzilla.redhat.com/2359903", + "https://bugzilla.redhat.com/2359911", + "https://bugzilla.redhat.com/2359918", + "https://bugzilla.redhat.com/2359920", + "https://bugzilla.redhat.com/2359924", + "https://bugzilla.redhat.com/2359928", + "https://bugzilla.redhat.com/2359930", + "https://bugzilla.redhat.com/2359932", + "https://bugzilla.redhat.com/2359934", + "https://bugzilla.redhat.com/2359938", + "https://bugzilla.redhat.com/2359940", + "https://bugzilla.redhat.com/2359943", + "https://bugzilla.redhat.com/2359944", + "https://bugzilla.redhat.com/2359945", + "https://bugzilla.redhat.com/2359947", + "https://bugzilla.redhat.com/2359950", + "https://bugzilla.redhat.com/2359963", + "https://bugzilla.redhat.com/2359964", + "https://bugzilla.redhat.com/2359972", + "https://bugzilla.redhat.com/2370920", + "https://bugzilla.redhat.com/2380264", + "https://bugzilla.redhat.com/2380273", + "https://bugzilla.redhat.com/2380274", + "https://bugzilla.redhat.com/2380278", + "https://bugzilla.redhat.com/2380280", + "https://bugzilla.redhat.com/2380283", + "https://bugzilla.redhat.com/2380284", + "https://bugzilla.redhat.com/2380290", + "https://bugzilla.redhat.com/2380291", + "https://bugzilla.redhat.com/2380295", + "https://bugzilla.redhat.com/2380298", + "https://bugzilla.redhat.com/2380306", + "https://bugzilla.redhat.com/2380308", + "https://bugzilla.redhat.com/2380309", + "https://bugzilla.redhat.com/2380310", + "https://bugzilla.redhat.com/2380312", + "https://bugzilla.redhat.com/2380313", + "https://bugzilla.redhat.com/2380320", + "https://bugzilla.redhat.com/2380321", + "https://bugzilla.redhat.com/2380322", + "https://bugzilla.redhat.com/2380326", + "https://bugzilla.redhat.com/2380327", + "https://bugzilla.redhat.com/2380334", + "https://bugzilla.redhat.com/2380335", + "https://bugzilla.redhat.com/show_bug.cgi?id=2338999", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359885", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359888", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359892", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359894", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359895", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359899", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359900", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359902", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359903", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359911", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359918", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359920", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359924", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359928", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359930", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359932", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359934", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359938", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359940", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359943", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359944", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359945", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359947", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359950", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359963", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359964", + "https://bugzilla.redhat.com/show_bug.cgi?id=2359972", + "https://bugzilla.redhat.com/show_bug.cgi?id=2370920", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380264", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380274", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380278", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380280", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380283", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380284", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380290", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380291", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380295", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380298", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380306", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380308", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380309", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380312", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380313", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380320", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380321", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380322", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380326", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380327", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380334", + "https://bugzilla.redhat.com/show_bug.cgi?id=2380335", + "https://curl.se/docs/CVE-2025-5399.html", + "https://curl.se/docs/CVE-2025-5399.json", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21574", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21575", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21577", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21579", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21580", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21581", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21584", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21585", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21588", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30681", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30682", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30683", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30684", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30685", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30687", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30688", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30693", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30695", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30696", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30699", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30703", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30704", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30721", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30722", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50077", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50078", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50079", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50080", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50081", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50082", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50083", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50084", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50085", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50086", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50087", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50088", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50092", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50093", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50094", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50096", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50097", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50098", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50099", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50100", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50101", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50102", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50104", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5399", + "https://errata.almalinux.org/9/ALSA-2025-16046.html", + "https://errata.rockylinux.org/RLSA-2025:15699", + "https://github.com/advisories/GHSA-8h93-38hx-vv92", + "https://hackerone.com/reports/3168039", + "https://linux.oracle.com/cve/CVE-2025-5399.html", + "https://linux.oracle.com/errata/ELSA-2025-16046.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-5399", + "https://www.cve.org/CVERecord?id=CVE-2025-5399", + "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixMSQL" + ], + "PublishedDate": "2025-06-07T08:15:20.687Z", + "LastModifiedDate": "2025-07-30T19:41:33.457Z" + }, + { + "VulnerabilityID": "CVE-2025-9086", + "PkgID": "libcurl@8.12.1-r1", + "PkgName": "libcurl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcurl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", + "UID": "bb07c860cc2206ec" + }, + "InstalledVersion": "8.12.1-r1", + "FixedVersion": "8.14.1-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9086", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:2d89c5e99ace4b85335fc5ee212fbd36485b23ad513bc1f1febadf53159ad687", + "Title": "curl: libcurl: Curl out of bounds read for cookie path", + "Description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 1, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/10/1", + "https://access.redhat.com/errata/RHSA-2026:1350", + "https://access.redhat.com/security/cve/CVE-2025-9086", + "https://bugzilla.redhat.com/2394750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2394750", + "https://curl.se/docs/CVE-2025-9086.html", + "https://curl.se/docs/CVE-2025-9086.json", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086", + "https://errata.almalinux.org/9/ALSA-2026-1350.html", + "https://errata.rockylinux.org/RLSA-2026:1350", + "https://github.com/advisories/GHSA-v676-f8gm-92r9", + "https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6", + "https://hackerone.com/reports/3294999", + "https://linux.oracle.com/cve/CVE-2025-9086.html", + "https://linux.oracle.com/errata/ELSA-2026-1825.html", + "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", + "https://ubuntu.com/security/notices/USN-8062-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9086" + ], + "PublishedDate": "2025-09-12T06:15:44.1Z", + "LastModifiedDate": "2026-01-20T14:58:01.347Z" + }, + { + "VulnerabilityID": "CVE-2026-31789", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:816165668cdeafe8ccab4343cd483689691346a0cfcf487c5c457ae3aa180752", + "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", + "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "nvd": 4, + "photon": 4, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 5.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31789", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-j79m-9jxq-788r", + "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", + "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", + "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", + "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", + "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31789", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.617Z", + "LastModifiedDate": "2026-05-12T13:17:34.57Z" + }, + { + "VulnerabilityID": "CVE-2025-15467", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:38ea93bb541523ba36737dc4aa2412f26eae26c28badd9ba2ff62b74582d0204", + "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", + "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 4, + "julia": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6", + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-15467", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", + "https://github.com/guiimoraes/CVE-2025-15467", + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://linux.oracle.com/cve/CVE-2025-15467.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-15467" + ], + "PublishedDate": "2026-01-27T16:16:14.257Z", + "LastModifiedDate": "2026-05-07T18:12:43.253Z" + }, + { + "VulnerabilityID": "CVE-2025-69421", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:a4fd464c7070e02096ebd926a776f6ee06cb7d3e075ddbfadb6b9139e455123c", + "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", + "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-69421", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://linux.oracle.com/cve/CVE-2025-69421.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69421" + ], + "PublishedDate": "2026-01-27T16:16:34.437Z", + "LastModifiedDate": "2026-05-12T13:17:26.71Z" + }, + { + "VulnerabilityID": "CVE-2026-28387", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:2b0227ade8d119ef67ab6959401f922e798f3682f224abcc3bcf2f723d3f4cf9", + "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", + "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28387", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", + "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", + "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", + "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", + "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28387", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.7Z", + "LastModifiedDate": "2026-05-12T13:17:33.27Z" + }, + { + "VulnerabilityID": "CVE-2026-28388", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ef645c458dc96d0b7d0cebdacafb586a689638d57cd54fa2ec329b885c8cb3d5", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", + "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28388", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", + "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", + "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", + "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", + "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28388", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.863Z", + "LastModifiedDate": "2026-05-12T13:17:33.453Z" + }, + { + "VulnerabilityID": "CVE-2026-28389", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:7839eaa1050f4577bbc18131e7ca339b6f685e25f35892119fb395fb9493b19e", + "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28389", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/advisories/GHSA-7x88-9hgc-69gf", + "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", + "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", + "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", + "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", + "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28389", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.03Z", + "LastModifiedDate": "2026-05-12T13:17:33.637Z" + }, + { + "VulnerabilityID": "CVE-2026-28390", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:21bdd7f8facc2f3f21b6c822c1bd2da2df2b432e8178f6b2bda0bef0ca493bca", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28390", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", + "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", + "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", + "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", + "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28390", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.19Z", + "LastModifiedDate": "2026-05-12T13:17:33.81Z" + }, + { + "VulnerabilityID": "CVE-2025-69419", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:935ab403ff1dc74f0137c14f7c83a917e35f491a6e5792cb2c54668596749c0d", + "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", + "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4472", + "https://access.redhat.com/security/cve/CVE-2025-69419", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-4472.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-x77r-97gw-wh89", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://linux.oracle.com/cve/CVE-2025-69419.html", + "https://linux.oracle.com/errata/ELSA-2026-50131.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69419" + ], + "PublishedDate": "2026-01-27T16:16:34.113Z", + "LastModifiedDate": "2026-05-12T13:17:26.19Z" + }, + { + "VulnerabilityID": "CVE-2025-9230", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ab8b38c2f4e46df8c58977fd069bfd17a6c81e9e0bf5198f81f015158f78e182", + "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", + "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://access.redhat.com/errata/RHSA-2026:2776", + "https://access.redhat.com/security/cve/CVE-2025-9230", + "https://bugzilla.redhat.com/2396054", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", + "https://errata.almalinux.org/9/ALSA-2026-2776.html", + "https://errata.rockylinux.org/RLSA-2025:21255", + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://linux.oracle.com/cve/CVE-2025-9230.html", + "https://linux.oracle.com/errata/ELSA-2026-50114.html", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9230" + ], + "PublishedDate": "2025-09-30T14:15:41.05Z", + "LastModifiedDate": "2026-05-12T13:17:29.767Z" + }, + { + "VulnerabilityID": "CVE-2025-9231", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:4dba6f2517029002cdaf21625fd17646a1b03fdb18b860b9476d5ba49238e2dd", + "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-385" + ], + "VendorSeverity": { + "amazon": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "http://www.openwall.com/lists/oss-security/2026/05/11/11", + "https://access.redhat.com/security/cve/CVE-2025-9231", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", + "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", + "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", + "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", + "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9231" + ], + "PublishedDate": "2025-09-30T14:15:41.19Z", + "LastModifiedDate": "2026-05-12T13:17:29.927Z" + }, + { + "VulnerabilityID": "CVE-2026-31790", + "PkgID": "libssl3@3.3.3-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "c19c85db06279baa" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:667fc0843fbdaab630a0412052cf31090e54932e93e34d68025dd8abe2ab43cc", + "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", + "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31790", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", + "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", + "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", + "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", + "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", + "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31790", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.77Z", + "LastModifiedDate": "2026-05-12T13:17:34.75Z" + }, + { + "VulnerabilityID": "CVE-2025-32414", + "PkgID": "libxml2@2.13.4-r5", + "PkgName": "libxml2", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libxml2@2.13.4-r5?arch=x86_64\u0026distro=3.21.3", + "UID": "21433495685e9e6d" + }, + "InstalledVersion": "2.13.4-r5", + "FixedVersion": "2.13.4-r6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-32414", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:e87e88de1a5222e42ed844a40fd201078c2eda22ced1783ff87b4bc20212b829", + "Title": "libxml2: Out-of-Bounds Read in libxml2", + "Description": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-393", + "CWE-252" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "bitnami": 3, + "cbl-mariner": 2, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:13428", + "https://access.redhat.com/security/cve/CVE-2025-32414", + "https://bugzilla.redhat.com/2358121", + "https://bugzilla.redhat.com/2360768", + "https://bugzilla.redhat.com/show_bug.cgi?id=2358121", + "https://bugzilla.redhat.com/show_bug.cgi?id=2360768", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32414", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32415", + "https://errata.almalinux.org/9/ALSA-2025-13428.html", + "https://errata.rockylinux.org/RLSA-2025:13428", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889", + "https://linux.oracle.com/cve/CVE-2025-32414.html", + "https://linux.oracle.com/errata/ELSA-2025-8958.html", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-32414", + "https://ubuntu.com/security/notices/USN-7467-1", + "https://ubuntu.com/security/notices/USN-7467-2", + "https://ubuntu.com/security/notices/USN-7896-1", + "https://www.cve.org/CVERecord?id=CVE-2025-32414" + ], + "PublishedDate": "2025-04-08T03:15:15.94Z", + "LastModifiedDate": "2025-11-03T20:18:27.087Z" + }, + { + "VulnerabilityID": "CVE-2025-32415", + "PkgID": "libxml2@2.13.4-r5", + "PkgName": "libxml2", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libxml2@2.13.4-r5?arch=x86_64\u0026distro=3.21.3", + "UID": "21433495685e9e6d" + }, + "InstalledVersion": "2.13.4-r5", + "FixedVersion": "2.13.4-r6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-32415", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:be0c7071563a002000a607caec69171601073920e850a605ed7f0ccf79235e88", + "Title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables", + "Description": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1284", + "CWE-125" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 1, + "bitnami": 3, + "cbl-mariner": 1, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:13428", + "https://access.redhat.com/security/cve/CVE-2025-32415", + "https://bugzilla.redhat.com/2358121", + "https://bugzilla.redhat.com/2360768", + "https://bugzilla.redhat.com/show_bug.cgi?id=2358121", + "https://bugzilla.redhat.com/show_bug.cgi?id=2360768", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32414", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32415", + "https://errata.almalinux.org/9/ALSA-2025-13428.html", + "https://errata.rockylinux.org/RLSA-2025:13428", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890", + "https://linux.oracle.com/cve/CVE-2025-32415.html", + "https://linux.oracle.com/errata/ELSA-2025-13789.html", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-32415", + "https://ubuntu.com/security/notices/USN-7467-1", + "https://ubuntu.com/security/notices/USN-7467-2", + "https://ubuntu.com/security/notices/USN-7896-1", + "https://www.cve.org/CVERecord?id=CVE-2025-32415" + ], + "PublishedDate": "2025-04-17T17:15:33.733Z", + "LastModifiedDate": "2025-11-03T20:18:27.213Z" + }, + { + "VulnerabilityID": "CVE-2025-49794", + "PkgID": "libxml2@2.13.4-r5", + "PkgName": "libxml2", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libxml2@2.13.4-r5?arch=x86_64\u0026distro=3.21.3", + "UID": "21433495685e9e6d" + }, + "InstalledVersion": "2.13.4-r5", + "FixedVersion": "2.13.9-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-49794", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:cce68ffe7cbd1036d931ca1abc271da2964f25b731f3d6ce738a2e2c96d31e1b", + "Title": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)", + "Description": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-825" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 4, + "cbl-mariner": 4, + "oracle-oval": 3, + "photon": 4, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "V3Score": 9.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:10630", + "https://access.redhat.com/errata/RHSA-2025:10698", + "https://access.redhat.com/errata/RHSA-2025:10699", + "https://access.redhat.com/errata/RHSA-2025:11580", + "https://access.redhat.com/errata/RHSA-2025:12098", + "https://access.redhat.com/errata/RHSA-2025:12099", + "https://access.redhat.com/errata/RHSA-2025:12199", + "https://access.redhat.com/errata/RHSA-2025:12237", + "https://access.redhat.com/errata/RHSA-2025:12239", + "https://access.redhat.com/errata/RHSA-2025:12240", + "https://access.redhat.com/errata/RHSA-2025:12241", + "https://access.redhat.com/errata/RHSA-2025:13335", + "https://access.redhat.com/errata/RHSA-2025:15397", + "https://access.redhat.com/errata/RHSA-2025:15827", + "https://access.redhat.com/errata/RHSA-2025:15828", + "https://access.redhat.com/errata/RHSA-2025:18217", + "https://access.redhat.com/errata/RHSA-2025:18218", + "https://access.redhat.com/errata/RHSA-2025:18219", + "https://access.redhat.com/errata/RHSA-2025:18240", + "https://access.redhat.com/errata/RHSA-2025:19020", + "https://access.redhat.com/errata/RHSA-2025:19041", + "https://access.redhat.com/errata/RHSA-2025:19046", + "https://access.redhat.com/errata/RHSA-2025:19894", + "https://access.redhat.com/errata/RHSA-2025:21913", + "https://access.redhat.com/errata/RHSA-2026:0934", + "https://access.redhat.com/errata/RHSA-2026:7519", + "https://access.redhat.com/security/cve/CVE-2025-49794", + "https://bugzilla.redhat.com/2372373", + "https://bugzilla.redhat.com/2372385", + "https://bugzilla.redhat.com/2372406", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372373", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372385", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372406", + "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6021", + "https://errata.almalinux.org/9/ALSA-2025-10699.html", + "https://errata.rockylinux.org/RLSA-2025:10699", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931", + "https://linux.oracle.com/cve/CVE-2025-49794.html", + "https://linux.oracle.com/errata/ELSA-2025-12240.html", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-49794", + "https://ubuntu.com/security/notices/USN-7694-1", + "https://www.cve.org/CVERecord?id=CVE-2025-49794" + ], + "PublishedDate": "2025-06-16T16:15:18.997Z", + "LastModifiedDate": "2026-05-12T13:17:20.283Z" + }, + { + "VulnerabilityID": "CVE-2025-49795", + "PkgID": "libxml2@2.13.4-r5", + "PkgName": "libxml2", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libxml2@2.13.4-r5?arch=x86_64\u0026distro=3.21.3", + "UID": "21433495685e9e6d" + }, + "InstalledVersion": "2.13.4-r5", + "FixedVersion": "2.13.9-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-49795", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:6c156589e06beb5359c16aefca50e3e3f1d72e035f72fb9c3acf38aa752e0b97", + "Title": "libxml: Null pointer dereference leads to Denial of service (DoS)", + "Description": "A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-825" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:10630", + "https://access.redhat.com/errata/RHSA-2025:19020", + "https://access.redhat.com/errata/RHSA-2026:7519", + "https://access.redhat.com/security/cve/CVE-2025-49795", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372373", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372385", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6021", + "https://errata.rockylinux.org/RLSA-2025:10630", + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/24d7e15914588cb45e7fb41cbe4fcf785e1a4861 (master)", + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/499bcb78ab389f60c2fd634ce410d4bb85c18765 (master)", + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/c24909ba2601848825b49a60f988222da3019667 (2.14)", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/932", + "https://linux.oracle.com/cve/CVE-2025-49795.html", + "https://linux.oracle.com/errata/ELSA-2025-10630.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-49795", + "https://www.cve.org/CVERecord?id=CVE-2025-49795" + ], + "PublishedDate": "2025-06-16T16:15:19.203Z", + "LastModifiedDate": "2026-04-19T20:16:21.54Z" + }, + { + "VulnerabilityID": "CVE-2025-49796", + "PkgID": "libxml2@2.13.4-r5", + "PkgName": "libxml2", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libxml2@2.13.4-r5?arch=x86_64\u0026distro=3.21.3", + "UID": "21433495685e9e6d" + }, + "InstalledVersion": "2.13.4-r5", + "FixedVersion": "2.13.9-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-49796", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:f84655732ed464f978495faa9b5bbc7bb55684e32bf9f41d8c161182c8464e9d", + "Title": "libxml: Type confusion leads to Denial of service (DoS)", + "Description": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 4, + "cbl-mariner": 4, + "oracle-oval": 3, + "photon": 4, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "V3Score": 9.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:10630", + "https://access.redhat.com/errata/RHSA-2025:10698", + "https://access.redhat.com/errata/RHSA-2025:10699", + "https://access.redhat.com/errata/RHSA-2025:11580", + "https://access.redhat.com/errata/RHSA-2025:12098", + "https://access.redhat.com/errata/RHSA-2025:12099", + "https://access.redhat.com/errata/RHSA-2025:12199", + "https://access.redhat.com/errata/RHSA-2025:12237", + "https://access.redhat.com/errata/RHSA-2025:12239", + "https://access.redhat.com/errata/RHSA-2025:12240", + "https://access.redhat.com/errata/RHSA-2025:12241", + "https://access.redhat.com/errata/RHSA-2025:13267", + "https://access.redhat.com/errata/RHSA-2025:13335", + "https://access.redhat.com/errata/RHSA-2025:15397", + "https://access.redhat.com/errata/RHSA-2025:15827", + "https://access.redhat.com/errata/RHSA-2025:15828", + "https://access.redhat.com/errata/RHSA-2025:18217", + "https://access.redhat.com/errata/RHSA-2025:18218", + "https://access.redhat.com/errata/RHSA-2025:18219", + "https://access.redhat.com/errata/RHSA-2025:18240", + "https://access.redhat.com/errata/RHSA-2025:19020", + "https://access.redhat.com/errata/RHSA-2025:19041", + "https://access.redhat.com/errata/RHSA-2025:19046", + "https://access.redhat.com/errata/RHSA-2025:19894", + "https://access.redhat.com/errata/RHSA-2025:21913", + "https://access.redhat.com/errata/RHSA-2026:0934", + "https://access.redhat.com/errata/RHSA-2026:7519", + "https://access.redhat.com/security/cve/CVE-2025-49796", + "https://bugzilla.redhat.com/2372373", + "https://bugzilla.redhat.com/2372385", + "https://bugzilla.redhat.com/2372406", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372373", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372385", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372406", + "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6021", + "https://errata.almalinux.org/9/ALSA-2025-10699.html", + "https://errata.rockylinux.org/RLSA-2025:10699", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933", + "https://linux.oracle.com/cve/CVE-2025-49796.html", + "https://linux.oracle.com/errata/ELSA-2025-12240.html", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-49796", + "https://ubuntu.com/security/notices/USN-7694-1", + "https://www.cve.org/CVERecord?id=CVE-2025-49796" + ], + "PublishedDate": "2025-06-16T16:15:19.37Z", + "LastModifiedDate": "2026-05-12T13:17:20.66Z" + }, + { + "VulnerabilityID": "CVE-2025-6021", + "PkgID": "libxml2@2.13.4-r5", + "PkgName": "libxml2", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libxml2@2.13.4-r5?arch=x86_64\u0026distro=3.21.3", + "UID": "21433495685e9e6d" + }, + "InstalledVersion": "2.13.4-r5", + "FixedVersion": "2.13.9-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-6021", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:7cdcd13f8036162b08f0123f403af4e6cc38b5225390b803ee973811241350aa", + "Title": "libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2", + "Description": "A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "bitnami": 3, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:10630", + "https://access.redhat.com/errata/RHSA-2025:10698", + "https://access.redhat.com/errata/RHSA-2025:10699", + "https://access.redhat.com/errata/RHSA-2025:11580", + "https://access.redhat.com/errata/RHSA-2025:11673", + "https://access.redhat.com/errata/RHSA-2025:12098", + "https://access.redhat.com/errata/RHSA-2025:12099", + "https://access.redhat.com/errata/RHSA-2025:12199", + "https://access.redhat.com/errata/RHSA-2025:12237", + "https://access.redhat.com/errata/RHSA-2025:12239", + "https://access.redhat.com/errata/RHSA-2025:12240", + "https://access.redhat.com/errata/RHSA-2025:12241", + "https://access.redhat.com/errata/RHSA-2025:13267", + "https://access.redhat.com/errata/RHSA-2025:13289", + "https://access.redhat.com/errata/RHSA-2025:13325", + "https://access.redhat.com/errata/RHSA-2025:13335", + "https://access.redhat.com/errata/RHSA-2025:13336", + "https://access.redhat.com/errata/RHSA-2025:14059", + "https://access.redhat.com/errata/RHSA-2025:14396", + "https://access.redhat.com/errata/RHSA-2025:15308", + "https://access.redhat.com/errata/RHSA-2025:15672", + "https://access.redhat.com/errata/RHSA-2025:19020", + "https://access.redhat.com/errata/RHSA-2026:7519", + "https://access.redhat.com/security/cve/CVE-2025-6021", + "https://bugzilla.redhat.com/2372373", + "https://bugzilla.redhat.com/2372385", + "https://bugzilla.redhat.com/2372406", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372373", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372385", + "https://bugzilla.redhat.com/show_bug.cgi?id=2372406", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6021", + "https://errata.almalinux.org/9/ALSA-2025-10699.html", + "https://errata.rockylinux.org/RLSA-2025:10699", + "https://gitlab.gnome.org/GNOME/libxml2/-/issues/926", + "https://linux.oracle.com/cve/CVE-2025-6021.html", + "https://linux.oracle.com/errata/ELSA-2025-12240.html", + "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-6021", + "https://ubuntu.com/security/notices/USN-7694-1", + "https://www.cve.org/CVERecord?id=CVE-2025-6021" + ], + "PublishedDate": "2025-06-12T13:15:25.59Z", + "LastModifiedDate": "2026-05-12T13:17:27.99Z" + }, + { + "VulnerabilityID": "CVE-2026-40200", + "PkgID": "musl@1.2.5-r9", + "PkgName": "musl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", + "UID": "d0316c4ab0862e6b" + }, + "InstalledVersion": "1.2.5-r9", + "FixedVersion": "1.2.5-r11", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:a8d383e1d32aebf6a8ac832fc2d82033273b0b81a750c4b0de38aca38c37d285", + "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", + "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-670" + ], + "VendorSeverity": { + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/10/13", + "https://access.redhat.com/security/cve/CVE-2026-40200", + "https://musl.libc.org/releases.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", + "https://www.cve.org/CVERecord?id=CVE-2026-40200", + "https://www.openwall.com/lists/oss-security/2026/04/10/13" + ], + "PublishedDate": "2026-04-10T17:17:14.107Z", + "LastModifiedDate": "2026-04-27T19:18:46.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6042", + "PkgID": "musl@1.2.5-r9", + "PkgName": "musl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", + "UID": "d0316c4ab0862e6b" + }, + "InstalledVersion": "1.2.5-r9", + "FixedVersion": "1.2.5-r10", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:6e743f39e00521a198ec5150a002f23ef1a6e8a49c6fbf1dc0fb644775873185", + "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", + "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-404", + "CWE-407" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/09/19", + "https://access.redhat.com/security/cve/CVE-2026-6042", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", + "https://vuldb.com/submit/796352", + "https://vuldb.com/vuln/356620", + "https://vuldb.com/vuln/356620/cti", + "https://www.cve.org/CVERecord?id=CVE-2026-6042", + "https://www.openwall.com/lists/oss-security/2026/04/02/10", + "https://www.openwall.com/lists/oss-security/2026/04/03/2" + ], + "PublishedDate": "2026-04-10T09:16:25.45Z", + "LastModifiedDate": "2026-04-24T18:01:13.913Z" + }, + { + "VulnerabilityID": "CVE-2026-40200", + "PkgID": "musl-utils@1.2.5-r9", + "PkgName": "musl-utils", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", + "UID": "8991799c5350cf95" + }, + "InstalledVersion": "1.2.5-r9", + "FixedVersion": "1.2.5-r11", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:5ffac36e2f1da1e70fa48bde3b8995e0338949b6f02921c6ec0ceee34e9b4258", + "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", + "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-670" + ], + "VendorSeverity": { + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/10/13", + "https://access.redhat.com/security/cve/CVE-2026-40200", + "https://musl.libc.org/releases.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", + "https://www.cve.org/CVERecord?id=CVE-2026-40200", + "https://www.openwall.com/lists/oss-security/2026/04/10/13" + ], + "PublishedDate": "2026-04-10T17:17:14.107Z", + "LastModifiedDate": "2026-04-27T19:18:46.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6042", + "PkgID": "musl-utils@1.2.5-r9", + "PkgName": "musl-utils", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", + "UID": "8991799c5350cf95" + }, + "InstalledVersion": "1.2.5-r9", + "FixedVersion": "1.2.5-r10", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ff9e6aa2a2197b8d8f7d13f356dfd6d07300112c69e695edbb88264d2e1a40b8", + "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", + "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-404", + "CWE-407" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/09/19", + "https://access.redhat.com/security/cve/CVE-2026-6042", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", + "https://vuldb.com/submit/796352", + "https://vuldb.com/vuln/356620", + "https://vuldb.com/vuln/356620/cti", + "https://www.cve.org/CVERecord?id=CVE-2026-6042", + "https://www.openwall.com/lists/oss-security/2026/04/02/10", + "https://www.openwall.com/lists/oss-security/2026/04/03/2" + ], + "PublishedDate": "2026-04-10T09:16:25.45Z", + "LastModifiedDate": "2026-04-24T18:01:13.913Z" + }, + { + "VulnerabilityID": "CVE-2026-27135", + "PkgID": "nghttp2-libs@1.64.0-r0", + "PkgName": "nghttp2-libs", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/nghttp2-libs@1.64.0-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "e522ca22ea4867ac" + }, + "InstalledVersion": "1.64.0-r0", + "FixedVersion": "1.68.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27135", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:db38bc77b6879b2836b12434eb25d332cbc24bf99c416ec7ad2e75093fe89fa0", + "Title": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination", + "Description": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-617" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/20/3", + "https://access.redhat.com/errata/RHSA-2026:7896", + "https://access.redhat.com/security/cve/CVE-2026-27135", + "https://bugzilla.redhat.com/2441268", + "https://bugzilla.redhat.com/2442922", + "https://bugzilla.redhat.com/2448754", + "https://bugzilla.redhat.com/2453151", + "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", + "https://errata.almalinux.org/9/ALSA-2026-7896.html", + "https://errata.rockylinux.org/RLSA-2026:7668", + "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1", + "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6", + "https://linux.oracle.com/cve/CVE-2026-27135.html", + "https://linux.oracle.com/errata/ELSA-2026-8339.html", + "https://lists.debian.org/debian-lts-announce/2026/05/msg00025.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27135", + "https://ubuntu.com/security/notices/USN-8233-1", + "https://ubuntu.com/security/notices/USN-8233-2", + "https://www.cve.org/CVERecord?id=CVE-2026-27135" + ], + "PublishedDate": "2026-03-18T18:16:26.723Z", + "LastModifiedDate": "2026-05-13T22:16:42.337Z" + }, + { + "VulnerabilityID": "CVE-2026-31789", + "PkgID": "openssl@3.3.3-r0", + "PkgName": "openssl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/openssl@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "627772e2e77f6983" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:3eb6a8e46d1964efaa3afc148a6e6437f7b8a3503d6dd3c0c436c8d8702004db", + "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", + "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "nvd": 4, + "photon": 4, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 5.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31789", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-j79m-9jxq-788r", + "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", + "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", + "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", + "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", + "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31789", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.617Z", + "LastModifiedDate": "2026-05-12T13:17:34.57Z" + }, + { + "VulnerabilityID": "CVE-2025-15467", + "PkgID": "openssl@3.3.3-r0", + "PkgName": "openssl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/openssl@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "627772e2e77f6983" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:0190929a4b57c5005d5255ec29f27d7864a5a7d203f62d10ed1ac9c2d57d951a", + "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", + "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 4, + "julia": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6", + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-15467", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", + "https://github.com/guiimoraes/CVE-2025-15467", + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://linux.oracle.com/cve/CVE-2025-15467.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-15467" + ], + "PublishedDate": "2026-01-27T16:16:14.257Z", + "LastModifiedDate": "2026-05-07T18:12:43.253Z" + }, + { + "VulnerabilityID": "CVE-2025-69421", + "PkgID": "openssl@3.3.3-r0", + "PkgName": "openssl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/openssl@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "627772e2e77f6983" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:f0a66008460c2556a844bb5da5f8a2dfe6e5eb2ac1f525b096c1e5955d85354e", + "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", + "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-69421", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://linux.oracle.com/cve/CVE-2025-69421.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69421" + ], + "PublishedDate": "2026-01-27T16:16:34.437Z", + "LastModifiedDate": "2026-05-12T13:17:26.71Z" + }, + { + "VulnerabilityID": "CVE-2026-28387", + "PkgID": "openssl@3.3.3-r0", + "PkgName": "openssl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/openssl@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "627772e2e77f6983" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:97084352c8b28ff6a69a91ec0ecfc64f2808a19bed2b0df634c5656433c2195d", + "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", + "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28387", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", + "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", + "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", + "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", + "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28387", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.7Z", + "LastModifiedDate": "2026-05-12T13:17:33.27Z" + }, + { + "VulnerabilityID": "CVE-2026-28388", + "PkgID": "openssl@3.3.3-r0", + "PkgName": "openssl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/openssl@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "627772e2e77f6983" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:d83d51de270262c5598dc1e89d79ddf5ff5aa8acc055de26332a19ead7f05022", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", + "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28388", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", + "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", + "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", + "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", + "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28388", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.863Z", + "LastModifiedDate": "2026-05-12T13:17:33.453Z" + }, + { + "VulnerabilityID": "CVE-2026-28389", + "PkgID": "openssl@3.3.3-r0", + "PkgName": "openssl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/openssl@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "627772e2e77f6983" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:44c1437d66e7885b694f27b65b71f599a6cf2ae99400cf3750ea021002e484d9", + "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28389", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/advisories/GHSA-7x88-9hgc-69gf", + "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", + "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", + "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", + "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", + "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28389", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.03Z", + "LastModifiedDate": "2026-05-12T13:17:33.637Z" + }, + { + "VulnerabilityID": "CVE-2026-28390", + "PkgID": "openssl@3.3.3-r0", + "PkgName": "openssl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/openssl@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "627772e2e77f6983" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:7c7938214bab5110c34eeae0ffc9f28b75a87d580cb9eb9cbf2bd10340ecb65e", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28390", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", + "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", + "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", + "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", + "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28390", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.19Z", + "LastModifiedDate": "2026-05-12T13:17:33.81Z" + }, + { + "VulnerabilityID": "CVE-2025-69419", + "PkgID": "openssl@3.3.3-r0", + "PkgName": "openssl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/openssl@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "627772e2e77f6983" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:7bd8cb63432435bf6a6f78e4ddd3154eca272681406c1ce794ac54b394b6644a", + "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", + "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4472", + "https://access.redhat.com/security/cve/CVE-2025-69419", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-4472.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-x77r-97gw-wh89", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://linux.oracle.com/cve/CVE-2025-69419.html", + "https://linux.oracle.com/errata/ELSA-2026-50131.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69419" + ], + "PublishedDate": "2026-01-27T16:16:34.113Z", + "LastModifiedDate": "2026-05-12T13:17:26.19Z" + }, + { + "VulnerabilityID": "CVE-2025-9230", + "PkgID": "openssl@3.3.3-r0", + "PkgName": "openssl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/openssl@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "627772e2e77f6983" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:419fa9a1e6be0b987d312c067c874c02aa4b425b5618647475000f0246b5c9a3", + "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", + "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://access.redhat.com/errata/RHSA-2026:2776", + "https://access.redhat.com/security/cve/CVE-2025-9230", + "https://bugzilla.redhat.com/2396054", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", + "https://errata.almalinux.org/9/ALSA-2026-2776.html", + "https://errata.rockylinux.org/RLSA-2025:21255", + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://linux.oracle.com/cve/CVE-2025-9230.html", + "https://linux.oracle.com/errata/ELSA-2026-50114.html", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9230" + ], + "PublishedDate": "2025-09-30T14:15:41.05Z", + "LastModifiedDate": "2026-05-12T13:17:29.767Z" + }, + { + "VulnerabilityID": "CVE-2025-9231", + "PkgID": "openssl@3.3.3-r0", + "PkgName": "openssl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/openssl@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "627772e2e77f6983" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:7d6065367bccdaec0c8844497652eb3ff01c80e7d6db6bb7d5057c6e23385e1b", + "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-385" + ], + "VendorSeverity": { + "amazon": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "http://www.openwall.com/lists/oss-security/2026/05/11/11", + "https://access.redhat.com/security/cve/CVE-2025-9231", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", + "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", + "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", + "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", + "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9231" + ], + "PublishedDate": "2025-09-30T14:15:41.19Z", + "LastModifiedDate": "2026-05-12T13:17:29.927Z" + }, + { + "VulnerabilityID": "CVE-2026-31790", + "PkgID": "openssl@3.3.3-r0", + "PkgName": "openssl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/openssl@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "627772e2e77f6983" + }, + "InstalledVersion": "3.3.3-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:5ca45cffddc05117388629483fedddab896d92543f9c1ec08e24961941cfdc4b", + "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", + "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31790", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", + "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", + "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", + "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", + "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", + "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31790", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.77Z", + "LastModifiedDate": "2026-05-12T13:17:34.75Z" + }, + { + "VulnerabilityID": "CVE-2024-58251", + "PkgID": "ssl_client@1.37.0-r12", + "PkgName": "ssl_client", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", + "UID": "7637191a09ed06b3" + }, + "InstalledVersion": "1.37.0-r12", + "FixedVersion": "1.37.0-r14", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:30d97192c25f813ce5029bf633f9f616df39f99c1b34156d5bd79031ca89c2b4", + "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", + "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/23/6", + "https://bugs.busybox.net/show_bug.cgi?id=15922", + "https://www.busybox.net", + "https://www.busybox.net/downloads/", + "https://www.cve.org/CVERecord?id=CVE-2024-58251" + ], + "PublishedDate": "2025-04-23T18:16:03.057Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-31115", + "PkgID": "xz-libs@5.6.3-r0", + "PkgName": "xz-libs", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/xz-libs@5.6.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "458a272f25e033f6" + }, + "InstalledVersion": "5.6.3-r0", + "FixedVersion": "5.6.3-r1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-31115", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:609fb8f1d168adea1b51136fd9ae8b0ad9d9d814fac1c0b55924a3c75ec83530", + "Title": "xz: XZ has a heap-use-after-free bug in threaded .xz decoder", + "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null pointer plus an offset. Applications and libraries that use the lzma_stream_decoder_mt function are affected. The bug has been fixed in XZ Utils 5.8.1, and the fix has been committed to the v5.4, v5.6, v5.8, and master branches in the xz Git repository. No new release packages will be made from the old stable branches, but a standalone patch is available that applies to all affected releases.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-366", + "CWE-416", + "CWE-476", + "CWE-826" + ], + "VendorSeverity": { + "azure": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/03/1", + "http://www.openwall.com/lists/oss-security/2025/04/03/2", + "http://www.openwall.com/lists/oss-security/2025/04/03/3", + "https://access.redhat.com/security/cve/CVE-2025-31115", + "https://bugzilla.redhat.com/show_bug.cgi?id=2357249", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31115", + "https://errata.rockylinux.org/RLSA-2025:7524", + "https://github.com/tukaani-project/xz/commit/d5a2ffe41bb77b918a8c96084885d4dbe4bf6480", + "https://github.com/tukaani-project/xz/security/advisories/GHSA-6cc8-p5mm-29w2", + "https://linux.oracle.com/cve/CVE-2025-31115.html", + "https://linux.oracle.com/errata/ELSA-2025-7524.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-31115", + "https://tukaani.org/xz/xz-cve-2025-31115.patch", + "https://ubuntu.com/security/notices/USN-7414-1", + "https://www.cve.org/CVERecord?id=CVE-2025-31115" + ], + "PublishedDate": "2025-04-03T17:15:30.54Z", + "LastModifiedDate": "2026-05-12T13:16:40.627Z" + }, + { + "VulnerabilityID": "CVE-2026-34743", + "PkgID": "xz-libs@5.6.3-r0", + "PkgName": "xz-libs", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/xz-libs@5.6.3-r0?arch=x86_64\u0026distro=3.21.3", + "UID": "458a272f25e033f6" + }, + "InstalledVersion": "5.6.3-r0", + "FixedVersion": "5.8.3-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", + "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34743", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:be20ef980430ae0a2b27a51474b80e5f9e4f420561b702a4a870288b1b0cc4cb", + "Title": "xz: XZ Utils: Denial of Service via buffer overflow in index decoding", + "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/31/13", + "https://access.redhat.com/security/cve/CVE-2026-34743", + "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", + "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", + "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", + "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", + "https://www.cve.org/CVERecord?id=CVE-2026-34743" + ], + "PublishedDate": "2026-04-02T19:21:33.187Z", + "LastModifiedDate": "2026-04-15T17:33:17.68Z" + }, + { + "VulnerabilityID": "CVE-2026-22184", + "PkgID": "zlib@1.3.1-r2", + "PkgName": "zlib", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.21.3", + "UID": "3b545badcbeb3bc0" + }, + "InstalledVersion": "1.3.1-r2", + "FixedVersion": "1.3.2-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22184", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ee9e6f10efc9e93cb106eb9aa68b15b6c168fec2e70f268d8864d8d91d563bad", + "Title": "zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility", + "Description": "zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "nvd": 3, + "redhat": 3 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 8.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-22184", + "https://github.com/madler/zlib", + "https://github.com/madler/zlib/issues/1142", + "https://nvd.nist.gov/vuln/detail/CVE-2026-22184", + "https://seclists.org/fulldisclosure/2026/Jan/3", + "https://www.cve.org/CVERecord?id=CVE-2026-22184", + "https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname", + "https://zlib.net/" + ], + "PublishedDate": "2026-01-07T21:16:01.563Z", + "LastModifiedDate": "2026-03-18T16:26:31.14Z" + }, + { + "VulnerabilityID": "CVE-2026-27171", + "PkgID": "zlib@1.3.1-r2", + "PkgName": "zlib", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.21.3", + "UID": "3b545badcbeb3bc0" + }, + "InstalledVersion": "1.3.1-r2", + "FixedVersion": "1.3.2-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", + "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:5bc54ddc9d2e32728d49d07ecd285a37cb08095c0369301dab18eb273e614999", + "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", + "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1284" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 1, + "cbl-mariner": 1, + "julia": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://access.redhat.com/security/cve/CVE-2026-27171", + "https://github.com/advisories/GHSA-h858-mf2m-8jf4", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "https://ostif.org/zlib-audit-complete", + "https://ostif.org/zlib-audit-complete/", + "https://www.cve.org/CVERecord?id=CVE-2026-27171" + ], + "PublishedDate": "2026-02-18T04:16:01.263Z", + "LastModifiedDate": "2026-03-25T21:27:04.603Z" + } + ] + }, + { + "Target": "dbg", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "k8s.io/ingress-nginx", + "Name": "k8s.io/ingress-nginx", + "Identifier": { + "PURL": "pkg:golang/k8s.io/ingress-nginx", + "UID": "1b3f2b0a42b6cd85" + }, + "Relationship": "root", + "DependsOn": [ + "github.com/go-logr/logr@v1.4.2", + "github.com/mitchellh/go-ps@v1.0.0", + "github.com/spf13/cobra@v1.9.1", + "github.com/spf13/pflag@v1.0.6", + "k8s.io/apimachinery@v0.32.3", + "k8s.io/klog/v2@v2.130.1", + "k8s.io/utils@v0.0.0-20250321185631-1f6e0b77f77e", + "stdlib@v1.24.1" + ], + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "stdlib@v1.24.1", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "Version": "v1.24.1", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/logr@v1.4.2", + "Name": "github.com/go-logr/logr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/logr@v1.4.2", + "UID": "444b50d7e3f65db1" + }, + "Version": "v1.4.2", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mitchellh/go-ps@v1.0.0", + "Name": "github.com/mitchellh/go-ps", + "Identifier": { + "PURL": "pkg:golang/github.com/mitchellh/go-ps@v1.0.0", + "UID": "321037fa9db5ac36" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/cobra@v1.9.1", + "Name": "github.com/spf13/cobra", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/cobra@v1.9.1", + "UID": "f8be94c557b947f" + }, + "Version": "v1.9.1", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/pflag@v1.0.6", + "Name": "github.com/spf13/pflag", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.6", + "UID": "27f0717e6c121941" + }, + "Version": "v1.0.6", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/apimachinery@v0.32.3", + "Name": "k8s.io/apimachinery", + "Identifier": { + "PURL": "pkg:golang/k8s.io/apimachinery@v0.32.3", + "UID": "80857fc9182703f7" + }, + "Version": "v0.32.3", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/klog/v2@v2.130.1", + "Name": "k8s.io/klog/v2", + "Identifier": { + "PURL": "pkg:golang/k8s.io/klog/v2@v2.130.1", + "UID": "a5314aaf5a16e18b" + }, + "Version": "v2.130.1", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/utils@v0.0.0-20250321185631-1f6e0b77f77e", + "Name": "k8s.io/utils", + "Identifier": { + "PURL": "pkg:golang/k8s.io/utils@v0.0.0-20250321185631-1f6e0b77f77e", + "UID": "20f03459b73f19f" + }, + "Version": "v0.0.0-20250321185631-1f6e0b77f77e", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2025-68121", + "VendorIDs": [ + "GO-2026-4337" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9d16646cba1c014abc4b1680e3b7d86044d6e12df538b465b27650e74e8eef1b", + "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", + "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 4, + "cbl-mariner": 2, + "nvd": 4, + "oracle-oval": 3, + "photon": 4, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-68121", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://github.com/golang/go/issues/77113", + "https://go.dev/cl/737700", + "https://go.dev/issue/77217", + "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-68121.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", + "https://pkg.go.dev/vuln/GO-2026-4337", + "https://www.cve.org/CVERecord?id=CVE-2025-68121" + ], + "PublishedDate": "2026-02-05T18:16:10.857Z", + "LastModifiedDate": "2026-04-29T14:16:16.17Z" + }, + { + "VulnerabilityID": "CVE-2025-22874", + "VendorIDs": [ + "GO-2025-3749" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22874", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:638e3b1f4da448d4f3dc5e1821c5efb6504189b83c3a8749680c5240f01796b3", + "Title": "crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509", + "Description": "Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.", + "Severity": "HIGH", + "VendorSeverity": { + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "redhat": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22874", + "https://go.dev/cl/670375", + "https://go.dev/issue/73612", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22874", + "https://pkg.go.dev/vuln/GO-2025-3749", + "https://www.cve.org/CVERecord?id=CVE-2025-22874" + ], + "PublishedDate": "2025-06-11T17:15:42.167Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61726", + "VendorIDs": [ + "GO-2026-4341" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:77af338f061fd0d3c30db136ea02e2a540a9a5f0d4229ac32562b87256fbd9e7", + "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", + "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 3, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-61726", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://go.dev/cl/736712", + "https://go.dev/issue/77101", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61726.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", + "https://pkg.go.dev/vuln/GO-2026-4341", + "https://www.cve.org/CVERecord?id=CVE-2025-61726" + ], + "PublishedDate": "2026-01-28T20:16:09.713Z", + "LastModifiedDate": "2026-02-06T18:47:34.52Z" + }, + { + "VulnerabilityID": "CVE-2025-61729", + "VendorIDs": [ + "GO-2025-4155" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bb6455444a91459b66dc37f475d222dd37fc1fdfa6717c998bff78adda8b7e95", + "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", + "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 1, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3928", + "https://access.redhat.com/security/cve/CVE-2025-61729", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3928.html", + "https://errata.rockylinux.org/RLSA-2026:3928", + "https://go.dev/cl/725920", + "https://go.dev/issue/76445", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://linux.oracle.com/cve/CVE-2025-61729.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", + "https://pkg.go.dev/vuln/GO-2025-4155", + "https://www.cve.org/CVERecord?id=CVE-2025-61729" + ], + "PublishedDate": "2025-12-02T19:15:51.447Z", + "LastModifiedDate": "2025-12-19T18:25:28.283Z" + }, + { + "VulnerabilityID": "CVE-2026-25679", + "VendorIDs": [ + "GO-2026-4601" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e4dc40e75a61dba24cfb861cbe793840bccef82c625f8c9fcdef41d3961b1eb9", + "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", + "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-425" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9044", + "https://access.redhat.com/security/cve/CVE-2026-25679", + "https://bugzilla.redhat.com/2445356", + "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", + "https://errata.almalinux.org/9/ALSA-2026-9044.html", + "https://errata.rockylinux.org/RLSA-2026:8841", + "https://go.dev/cl/752180", + "https://go.dev/issue/77578", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://linux.oracle.com/cve/CVE-2026-25679.html", + "https://linux.oracle.com/errata/ELSA-2026-9044.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", + "https://pkg.go.dev/vuln/GO-2026-4601", + "https://www.cve.org/CVERecord?id=CVE-2026-25679" + ], + "PublishedDate": "2026-03-06T22:16:00.72Z", + "LastModifiedDate": "2026-04-21T14:43:03.8Z" + }, + { + "VulnerabilityID": "CVE-2026-32280", + "VendorIDs": [ + "GO-2026-4947" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:cf29d8a89128bee5046fa7381d30bc4416a2125dc4ec5e352db8b21f567e51dc", + "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", + "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32280", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/758320", + "https://go.dev/issue/78282", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32280.html", + "https://linux.oracle.com/errata/ELSA-2026-16875.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", + "https://pkg.go.dev/vuln/GO-2026-4947", + "https://www.cve.org/CVERecord?id=CVE-2026-32280" + ], + "PublishedDate": "2026-04-08T02:16:03.247Z", + "LastModifiedDate": "2026-04-16T19:16:42.18Z" + }, + { + "VulnerabilityID": "CVE-2026-32281", + "VendorIDs": [ + "GO-2026-4946" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f66d7b56cca51fe9982d4945255dbd0f8ba2531620585ef39cb5f82f37aa6e4a", + "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", + "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32281", + "https://go.dev/cl/758061", + "https://go.dev/issue/78281", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", + "https://pkg.go.dev/vuln/GO-2026-4946", + "https://www.cve.org/CVERecord?id=CVE-2026-32281" + ], + "PublishedDate": "2026-04-08T02:16:03.35Z", + "LastModifiedDate": "2026-04-16T19:15:57.75Z" + }, + { + "VulnerabilityID": "CVE-2026-32283", + "VendorIDs": [ + "GO-2026-4870" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:788b25bbc577e0ffa049cdf22ff707132599b09f0649083535abd06cce37710a", + "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", + "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32283", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763767", + "https://go.dev/issue/78334", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32283.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", + "https://pkg.go.dev/vuln/GO-2026-4870", + "https://www.cve.org/CVERecord?id=CVE-2026-32283" + ], + "PublishedDate": "2026-04-08T02:16:03.58Z", + "LastModifiedDate": "2026-04-16T19:12:10.54Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:cc9901967dcb024398a2be97b8343d9e375d846ce8117f204f6cf963bcf256aa", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f7f214d5876a41340ad77e543f35457c3d125ef19177ac3fc9b1047446f49abc", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:63689b74e7f874c5be66fdb17add79cd243e2af6852d8034792dabb7f7c7df80", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:efede7a16fb84189ff026f15f3f605a638855c5d1b5b3991504023f2d60d5bd1", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:425a4904021cce990807ea1e340fcd3e8b001e40f9511a204a17e0f019bfbdf4", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2025-0913", + "VendorIDs": [ + "GO-2025-3750" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9a061b62b0f572d9ce016552a438618c66a4aac3615494ffe27cc03e48f9245e", + "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", + "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://go.dev/cl/672396", + "https://go.dev/issue/73702", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", + "https://pkg.go.dev/vuln/GO-2025-3750" + ], + "PublishedDate": "2025-06-11T18:15:24.627Z", + "LastModifiedDate": "2025-08-08T14:53:03.55Z" + }, + { + "VulnerabilityID": "CVE-2025-22871", + "VendorIDs": [ + "GO-2025-3563" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.23.8, 1.24.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:48c85f6495d18670b5880495150a77318e7a4ab12e7bbd21ba04fc010cda6711", + "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", + "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 3, + "ghsa": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/04/4", + "https://access.redhat.com/errata/RHSA-2025:9635", + "https://access.redhat.com/security/cve/CVE-2025-22871", + "https://bugzilla.redhat.com/2358493", + "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", + "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", + "https://errata.almalinux.org/9/ALSA-2025-9635.html", + "https://errata.rockylinux.org/RLSA-2025:9635", + "https://github.com/roadrunner-server/roadrunner", + "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", + "https://github.com/roadrunner-server/roadrunner/issues/2166", + "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", + "https://go.dev/cl/652998", + "https://go.dev/issue/71988", + "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", + "https://linux.oracle.com/cve/CVE-2025-22871.html", + "https://linux.oracle.com/errata/ELSA-2025-9845.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", + "https://pkg.go.dev/vuln/GO-2025-3563", + "https://www.cve.org/CVERecord?id=CVE-2025-22871" + ], + "PublishedDate": "2025-04-08T20:15:20.183Z", + "LastModifiedDate": "2026-05-12T13:16:39.897Z" + }, + { + "VulnerabilityID": "CVE-2025-22873", + "VendorIDs": [ + "GO-2026-4403" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.23.9, 1.24.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e2ec04e1c18cb225c5597dd2a6bb9b68f9b4ba4fdeb263dbea862507af6a1b1d", + "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", + "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-23" + ], + "VendorSeverity": { + "amazon": 2, + "bitnami": 1, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "V3Score": 3.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/06/2", + "https://access.redhat.com/security/cve/CVE-2025-22873", + "https://go.dev/cl/670036", + "https://go.dev/issue/73555", + "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", + "https://pkg.go.dev/vuln/GO-2026-4403", + "https://www.cve.org/CVERecord?id=CVE-2025-22873" + ], + "PublishedDate": "2026-02-04T23:15:54.22Z", + "LastModifiedDate": "2026-02-10T15:16:40.057Z" + }, + { + "VulnerabilityID": "CVE-2025-4673", + "VendorIDs": [ + "GO-2025-3751" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:711dcd3e5eb78bcf7289f31dbb91b8c95fe890e1cd4bc0e2dcbd29f9df521ca3", + "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", + "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:15887", + "https://access.redhat.com/security/cve/CVE-2025-4673", + "https://bugzilla.redhat.com/2373305", + "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", + "https://errata.almalinux.org/9/ALSA-2025-15887.html", + "https://errata.rockylinux.org/RLSA-2025:15887", + "https://go.dev/cl/679257", + "https://go.dev/issue/73816", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://linux.oracle.com/cve/CVE-2025-4673.html", + "https://linux.oracle.com/errata/ELSA-2025-10677.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", + "https://pkg.go.dev/vuln/GO-2025-3751", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-4673" + ], + "PublishedDate": "2025-06-11T17:15:42.993Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-47906", + "VendorIDs": [ + "GO-2025-3956" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8c9dc9dc9fb5b512182cce5d31cb58871bc502b59d2d5c7783bf61aa29b876f7", + "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", + "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:22005", + "https://access.redhat.com/security/cve/CVE-2025-47906", + "https://bugzilla.redhat.com/2396546", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", + "https://errata.almalinux.org/9/ALSA-2025-22005.html", + "https://errata.rockylinux.org/RLSA-2025:22005", + "https://go.dev/cl/691775", + "https://go.dev/issue/74466", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47906.html", + "https://linux.oracle.com/errata/ELSA-2025-22668.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", + "https://pkg.go.dev/vuln/GO-2025-3956", + "https://www.cve.org/CVERecord?id=CVE-2025-47906" + ], + "PublishedDate": "2025-09-18T19:15:37.66Z", + "LastModifiedDate": "2026-01-27T19:56:17.707Z" + }, + { + "VulnerabilityID": "CVE-2025-47907", + "VendorIDs": [ + "GO-2025-3849" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8c754b992679d9559188ae9472dde97e1e6c54efac0d1ddd98876d4d4cd48219", + "Title": "database/sql: Postgres Scan Race Condition", + "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:20909", + "https://access.redhat.com/security/cve/CVE-2025-47907", + "https://bugzilla.redhat.com/2387083", + "https://bugzilla.redhat.com/2393152", + "https://errata.almalinux.org/9/ALSA-2025-20909.html", + "https://go.dev/cl/693735", + "https://go.dev/issue/74831", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47907.html", + "https://linux.oracle.com/errata/ELSA-2025-20983.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", + "https://pkg.go.dev/vuln/GO-2025-3849", + "https://www.cve.org/CVERecord?id=CVE-2025-47907" + ], + "PublishedDate": "2025-08-07T16:15:30.357Z", + "LastModifiedDate": "2026-01-29T19:11:50.67Z" + }, + { + "VulnerabilityID": "CVE-2025-47912", + "VendorIDs": [ + "GO-2025-4010" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:26b3c6be4b1c2ce72fe13e8e635d6d87aebdf60094ef5cc2089a3fd32bdd1701", + "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", + "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-47912", + "https://go.dev/cl/709857", + "https://go.dev/issue/75678", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", + "https://pkg.go.dev/vuln/GO-2025-4010", + "https://www.cve.org/CVERecord?id=CVE-2025-47912" + ], + "PublishedDate": "2025-10-29T23:16:18.187Z", + "LastModifiedDate": "2026-01-29T13:57:18.69Z" + }, + { + "VulnerabilityID": "CVE-2025-58183", + "VendorIDs": [ + "GO-2025-4014" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:391e52fd189ea97e6ce757241530559325c29dc70c918cc777363c3a087efff5", + "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", + "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/errata/RHSA-2026:1381", + "https://access.redhat.com/security/cve/CVE-2025-58183", + "https://bugzilla.redhat.com/2407258", + "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", + "https://errata.almalinux.org/9/ALSA-2026-1381.html", + "https://errata.rockylinux.org/RLSA-2025:23326", + "https://go.dev/cl/709861", + "https://go.dev/issue/75677", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://linux.oracle.com/cve/CVE-2025-58183.html", + "https://linux.oracle.com/errata/ELSA-2026-50076.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", + "https://pkg.go.dev/vuln/GO-2025-4014", + "https://www.cve.org/CVERecord?id=CVE-2025-58183" + ], + "PublishedDate": "2025-10-29T23:16:19.357Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-58185", + "VendorIDs": [ + "GO-2025-4011" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5fb5bf0d8a9f896e9b19c097839be9ff3e138bf4ddf2eb1960d4f247dc542949", + "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", + "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58185", + "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", + "https://go.dev/cl/709856", + "https://go.dev/issue/75671", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", + "https://pkg.go.dev/vuln/GO-2025-4011", + "https://www.cve.org/CVERecord?id=CVE-2025-58185" + ], + "PublishedDate": "2025-10-29T23:16:19.45Z", + "LastModifiedDate": "2026-02-06T20:26:41.997Z" + }, + { + "VulnerabilityID": "CVE-2025-58187", + "VendorIDs": [ + "GO-2025-4007" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.9, 1.25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5a170f7b166b6a45cde1d29a46c362f29a78ed19da22bf5f8aae8787e2b1ae54", + "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", + "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58187", + "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", + "https://go.dev/cl/709854", + "https://go.dev/issue/75681", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", + "https://pkg.go.dev/vuln/GO-2025-4007", + "https://www.cve.org/CVERecord?id=CVE-2025-58187" + ], + "PublishedDate": "2025-10-29T23:16:19.643Z", + "LastModifiedDate": "2026-01-29T16:02:27.08Z" + }, + { + "VulnerabilityID": "CVE-2025-58188", + "VendorIDs": [ + "GO-2025-4013" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8613488c215d9d2623d6c57d60a3ee8f3768ab6220e3fbb41bdb90743a552ff7", + "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", + "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58188", + "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", + "https://go.dev/cl/709853", + "https://go.dev/issue/75675", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", + "https://pkg.go.dev/vuln/GO-2025-4013", + "https://www.cve.org/CVERecord?id=CVE-2025-58188" + ], + "PublishedDate": "2025-10-29T23:16:19.74Z", + "LastModifiedDate": "2026-01-29T15:55:11.97Z" + }, + { + "VulnerabilityID": "CVE-2025-58189", + "VendorIDs": [ + "GO-2025-4008" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4a79149803385aab30bbac870920cfb9d29a2e9fe95972899602f046e5886861", + "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", + "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-532" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58189", + "https://go.dev/cl/707776", + "https://go.dev/issue/75652", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", + "https://pkg.go.dev/vuln/GO-2025-4008", + "https://www.cve.org/CVERecord?id=CVE-2025-58189" + ], + "PublishedDate": "2025-10-29T23:16:19.833Z", + "LastModifiedDate": "2026-01-29T15:49:24.543Z" + }, + { + "VulnerabilityID": "CVE-2025-61723", + "VendorIDs": [ + "GO-2025-4009" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a73612dba4b767db9b14ffba3cb3ed49035abeb838e7aca1d333e8603375ffa1", + "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", + "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61723", + "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", + "https://go.dev/cl/709858", + "https://go.dev/issue/75676", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", + "https://pkg.go.dev/vuln/GO-2025-4009", + "https://www.cve.org/CVERecord?id=CVE-2025-61723" + ], + "PublishedDate": "2025-10-29T23:16:19.927Z", + "LastModifiedDate": "2026-01-29T15:49:05.343Z" + }, + { + "VulnerabilityID": "CVE-2025-61724", + "VendorIDs": [ + "GO-2025-4015" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d0888da54f9f949c3c0803c66096ba519c9c887a456cd1c39822d260f8b6c1f1", + "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", + "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61724", + "https://go.dev/cl/709859", + "https://go.dev/issue/75716", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", + "https://pkg.go.dev/vuln/GO-2025-4015", + "https://www.cve.org/CVERecord?id=CVE-2025-61724" + ], + "PublishedDate": "2025-10-29T23:16:20.02Z", + "LastModifiedDate": "2026-01-29T15:30:53.69Z" + }, + { + "VulnerabilityID": "CVE-2025-61725", + "VendorIDs": [ + "GO-2025-4006" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:fabe62e1acbbbc9f16dcd754740b494ee5c313390b353635e8a55f3643b534ac", + "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", + "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61725", + "https://go.dev/cl/709860", + "https://go.dev/issue/75680", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", + "https://pkg.go.dev/vuln/GO-2025-4006", + "https://www.cve.org/CVERecord?id=CVE-2025-61725" + ], + "PublishedDate": "2025-10-29T23:16:20.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61727", + "VendorIDs": [ + "GO-2025-4175" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:51647d816847b92c817d1cad57b13bbba799c4cd66b970af871bbd99e0a1dc34", + "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", + "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61727", + "https://go.dev/cl/723900", + "https://go.dev/issue/76442", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", + "https://pkg.go.dev/vuln/GO-2025-4175", + "https://www.cve.org/CVERecord?id=CVE-2025-61727" + ], + "PublishedDate": "2025-12-03T20:16:25.607Z", + "LastModifiedDate": "2025-12-18T20:15:10.957Z" + }, + { + "VulnerabilityID": "CVE-2025-61728", + "VendorIDs": [ + "GO-2026-4342" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d21940b4ba34724326b9a9e7c94518c956c6143426ae2a5b56e952501c38dec4", + "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", + "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/15/4", + "https://access.redhat.com/errata/RHSA-2026:3753", + "https://access.redhat.com/security/cve/CVE-2025-61728", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434431", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3753.html", + "https://errata.rockylinux.org/RLSA-2026:3337", + "https://go.dev/cl/736713", + "https://go.dev/issue/77102", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61728.html", + "https://linux.oracle.com/errata/ELSA-2026-4672.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", + "https://pkg.go.dev/vuln/GO-2026-4342", + "https://www.cve.org/CVERecord?id=CVE-2025-61728" + ], + "PublishedDate": "2026-01-28T20:16:09.83Z", + "LastModifiedDate": "2026-02-06T18:45:10.42Z" + }, + { + "VulnerabilityID": "CVE-2025-61730", + "VendorIDs": [ + "GO-2026-4340" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d07d5df77dfccbbf74ecdaf4464708feec771014c162015a9b875f7f77ed8d9d", + "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", + "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "bitnami": 2, + "cbl-mariner": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61730", + "https://go.dev/cl/724120", + "https://go.dev/issue/76443", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", + "https://pkg.go.dev/vuln/GO-2026-4340", + "https://www.cve.org/CVERecord?id=CVE-2025-61730" + ], + "PublishedDate": "2026-01-28T20:16:09.94Z", + "LastModifiedDate": "2026-02-03T20:36:41.3Z" + }, + { + "VulnerabilityID": "CVE-2026-27142", + "VendorIDs": [ + "GO-2026-4603" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bcabaf9f6afe399bce6e559604aec3a3f5f9c3fba985293af94cb7f4c3a7c443", + "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", + "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27142", + "https://go.dev/cl/752081", + "https://go.dev/issue/77954", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", + "https://pkg.go.dev/vuln/GO-2026-4603", + "https://www.cve.org/CVERecord?id=CVE-2026-27142" + ], + "PublishedDate": "2026-03-06T22:16:01.177Z", + "LastModifiedDate": "2026-04-21T14:30:01.38Z" + }, + { + "VulnerabilityID": "CVE-2026-32282", + "VendorIDs": [ + "GO-2026-4864" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:79d3754b7b5f75975b123adfb7c62ac7b05c38e210a3d5e116b8c76c343201e1", + "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", + "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32282", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763761", + "https://go.dev/issue/78293", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32282.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", + "https://pkg.go.dev/vuln/GO-2026-4864", + "https://www.cve.org/CVERecord?id=CVE-2026-32282" + ], + "PublishedDate": "2026-04-08T02:16:03.467Z", + "LastModifiedDate": "2026-04-16T19:15:39.4Z" + }, + { + "VulnerabilityID": "CVE-2026-32288", + "VendorIDs": [ + "GO-2026-4869" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b701605b37b4a21b8f074ce12367a37842a0a72dfd81406945aafb835bdefae1", + "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", + "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32288", + "https://go.dev/cl/763766", + "https://go.dev/issue/78301", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", + "https://pkg.go.dev/vuln/GO-2026-4869", + "https://www.cve.org/CVERecord?id=CVE-2026-32288" + ], + "PublishedDate": "2026-04-08T02:16:03.707Z", + "LastModifiedDate": "2026-04-16T19:08:52.24Z" + }, + { + "VulnerabilityID": "CVE-2026-32289", + "VendorIDs": [ + "GO-2026-4865" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:be865b5b3a4748cf8acce35652778efc6cf85f99cd3f5ff6784da140c680e72a", + "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", + "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32289", + "https://go.dev/cl/763762", + "https://go.dev/issue/78331", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", + "https://pkg.go.dev/vuln/GO-2026-4865", + "https://www.cve.org/CVERecord?id=CVE-2026-32289" + ], + "PublishedDate": "2026-04-08T02:16:03.82Z", + "LastModifiedDate": "2026-04-16T19:06:57.367Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1423bcb79c85b02f6714f2639458e0e4cf2af5ee075bb7de688cabdb01462307", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6433d4dd438618d72a62af6304346a5f7f6b3c9e5822b163e523ca7da366275a", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "6817440068799a0a" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", + "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9c327d0ddfe26b1eb17c89633ce621a45030730d54a7785d454f7fe2528375ff", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + }, + { + "Target": "nginx-ingress-controller", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "k8s.io/ingress-nginx", + "Name": "k8s.io/ingress-nginx", + "Identifier": { + "PURL": "pkg:golang/k8s.io/ingress-nginx", + "UID": "cc0109e0583b6498" + }, + "Relationship": "root", + "DependsOn": [ + "dario.cat/mergo@v1.0.1", + "github.com/armon/go-proxyproto@v0.1.0", + "github.com/beorn7/perks@v1.0.1", + "github.com/blang/semver/v4@v4.0.0", + "github.com/cespare/xxhash/v2@v2.3.0", + "github.com/coreos/go-systemd/v22@v22.5.0", + "github.com/cyphar/filepath-securejoin@v0.4.1", + "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "github.com/eapache/channels@v1.1.0", + "github.com/eapache/queue@v1.1.0", + "github.com/emicklei/go-restful/v3@v3.12.2", + "github.com/fsnotify/fsnotify@v1.8.0", + "github.com/fullsailor/pkcs7@v0.0.0-20190404230743-d7302db945fa", + "github.com/fxamacker/cbor/v2@v2.7.0", + "github.com/go-logr/logr@v1.4.2", + "github.com/go-openapi/jsonpointer@v0.21.1", + "github.com/go-openapi/jsonreference@v0.21.0", + "github.com/go-openapi/swag@v0.23.1", + "github.com/godbus/dbus/v5@v5.1.0", + "github.com/gogo/protobuf@v1.3.2", + "github.com/golang/protobuf@v1.5.4", + "github.com/google/gnostic-models@v0.6.9", + "github.com/google/go-cmp@v0.7.0", + "github.com/google/gofuzz@v1.2.0", + "github.com/google/uuid@v1.6.0", + "github.com/josharian/intern@v1.0.0", + "github.com/json-iterator/go@v1.1.12", + "github.com/klauspost/compress@v1.18.0", + "github.com/mailru/easyjson@v0.9.0", + "github.com/mitchellh/go-ps@v1.0.0", + "github.com/mitchellh/hashstructure/v2@v2.0.2", + "github.com/mitchellh/mapstructure@v1.5.0", + "github.com/moby/sys/mountinfo@v0.7.2", + "github.com/moby/sys/userns@v0.1.0", + "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "github.com/modern-go/reflect2@v1.0.2", + "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "github.com/ncabatoff/go-seq@v0.0.0-20180805175032-b08ef85ed833", + "github.com/ncabatoff/process-exporter@v0.8.5", + "github.com/opencontainers/runc@v1.2.6", + "github.com/opencontainers/runtime-spec@v1.2.1", + "github.com/pkg/errors@v0.9.1", + "github.com/prometheus/client_golang@v1.21.1", + "github.com/prometheus/client_model@v0.6.1", + "github.com/prometheus/common@v0.63.0", + "github.com/prometheus/procfs@v0.16.0", + "github.com/sirupsen/logrus@v1.9.3", + "github.com/spf13/cobra@v1.9.1", + "github.com/spf13/pflag@v1.0.6", + "github.com/x448/float16@v0.8.4", + "github.com/zakjan/cert-chain-resolver@v0.0.0-20221221105603-fcedb00c5b30", + "go.opentelemetry.io/otel/trace@v1.35.0", + "go.opentelemetry.io/otel@v1.35.0", + "golang.org/x/net@v0.37.0", + "golang.org/x/oauth2@v0.28.0", + "golang.org/x/sys@v0.31.0", + "golang.org/x/term@v0.30.0", + "golang.org/x/text@v0.23.0", + "golang.org/x/time@v0.11.0", + "google.golang.org/protobuf@v1.36.6", + "gopkg.in/evanphx/json-patch.v4@v4.12.0", + "gopkg.in/go-playground/pool.v3@v3.1.1", + "gopkg.in/inf.v0@v0.9.1", + "gopkg.in/mcuadros/go-syslog.v2@v2.3.0", + "gopkg.in/yaml.v3@v3.0.1", + "k8s.io/api@v0.32.3", + "k8s.io/apimachinery@v0.32.3", + "k8s.io/apiserver@v0.32.3", + "k8s.io/client-go@v0.32.3", + "k8s.io/component-base@v0.32.3", + "k8s.io/klog/v2@v2.130.1", + "k8s.io/kube-openapi@v0.0.0-20250318190949-c8a335a9a2ff", + "k8s.io/utils@v0.0.0-20250321185631-1f6e0b77f77e", + "pault.ag/go/sniff@v0.0.0-20200207005214-cf7e4d167732", + "sigs.k8s.io/json@v0.0.0-20241014173422-cfa47c3a1cc8", + "sigs.k8s.io/randfill@v1.0.0", + "sigs.k8s.io/structured-merge-diff/v4@v4.6.0", + "sigs.k8s.io/yaml@v1.4.0", + "stdlib@v1.24.1" + ], + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "stdlib@v1.24.1", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "Version": "v1.24.1", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "dario.cat/mergo@v1.0.1", + "Name": "dario.cat/mergo", + "Identifier": { + "PURL": "pkg:golang/dario.cat/mergo@v1.0.1", + "UID": "20b7cc2c1bb24ba6" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/armon/go-proxyproto@v0.1.0", + "Name": "github.com/armon/go-proxyproto", + "Identifier": { + "PURL": "pkg:golang/github.com/armon/go-proxyproto@v0.1.0", + "UID": "48505436afd03f69" + }, + "Version": "v0.1.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/beorn7/perks@v1.0.1", + "Name": "github.com/beorn7/perks", + "Identifier": { + "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", + "UID": "df904d6dc239f39" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/blang/semver/v4@v4.0.0", + "Name": "github.com/blang/semver/v4", + "Identifier": { + "PURL": "pkg:golang/github.com/blang/semver/v4@v4.0.0", + "UID": "4929a22f297e930c" + }, + "Version": "v4.0.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cespare/xxhash/v2@v2.3.0", + "Name": "github.com/cespare/xxhash/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0", + "UID": "45ca0a73782083a0" + }, + "Version": "v2.3.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/coreos/go-systemd/v22@v22.5.0", + "Name": "github.com/coreos/go-systemd/v22", + "Identifier": { + "PURL": "pkg:golang/github.com/coreos/go-systemd/v22@v22.5.0", + "UID": "6c3d217b027acd04" + }, + "Version": "v22.5.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cyphar/filepath-securejoin@v0.4.1", + "Name": "github.com/cyphar/filepath-securejoin", + "Identifier": { + "PURL": "pkg:golang/github.com/cyphar/filepath-securejoin@v0.4.1", + "UID": "b80d11a47fe88f8b" + }, + "Version": "v0.4.1", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "Name": "github.com/davecgh/go-spew", + "Identifier": { + "PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "UID": "27cb78199a071cd5" + }, + "Version": "v1.1.2-0.20180830191138-d8f796af33cc", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/eapache/channels@v1.1.0", + "Name": "github.com/eapache/channels", + "Identifier": { + "PURL": "pkg:golang/github.com/eapache/channels@v1.1.0", + "UID": "c712d68bc7afe0c5" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/eapache/queue@v1.1.0", + "Name": "github.com/eapache/queue", + "Identifier": { + "PURL": "pkg:golang/github.com/eapache/queue@v1.1.0", + "UID": "69c4d6c4f1da49ce" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/emicklei/go-restful/v3@v3.12.2", + "Name": "github.com/emicklei/go-restful/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/emicklei/go-restful/v3@v3.12.2", + "UID": "2ace5a41fe9a7f2c" + }, + "Version": "v3.12.2", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/fsnotify/fsnotify@v1.8.0", + "Name": "github.com/fsnotify/fsnotify", + "Identifier": { + "PURL": "pkg:golang/github.com/fsnotify/fsnotify@v1.8.0", + "UID": "d2355c69ea66949" + }, + "Version": "v1.8.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/fullsailor/pkcs7@v0.0.0-20190404230743-d7302db945fa", + "Name": "github.com/fullsailor/pkcs7", + "Identifier": { + "PURL": "pkg:golang/github.com/fullsailor/pkcs7@v0.0.0-20190404230743-d7302db945fa", + "UID": "4c37d24d4549cd85" + }, + "Version": "v0.0.0-20190404230743-d7302db945fa", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/fxamacker/cbor/v2@v2.7.0", + "Name": "github.com/fxamacker/cbor/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/fxamacker/cbor/v2@v2.7.0", + "UID": "24803a4a5038ac61" + }, + "Version": "v2.7.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/logr@v1.4.2", + "Name": "github.com/go-logr/logr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/logr@v1.4.2", + "UID": "f1da301f55e646eb" + }, + "Version": "v1.4.2", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/jsonpointer@v0.21.1", + "Name": "github.com/go-openapi/jsonpointer", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/jsonpointer@v0.21.1", + "UID": "a832c43615bee1" + }, + "Version": "v0.21.1", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/jsonreference@v0.21.0", + "Name": "github.com/go-openapi/jsonreference", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/jsonreference@v0.21.0", + "UID": "319b05fe922f402f" + }, + "Version": "v0.21.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag@v0.23.1", + "Name": "github.com/go-openapi/swag", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag@v0.23.1", + "UID": "c49b44804a102164" + }, + "Version": "v0.23.1", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/godbus/dbus/v5@v5.1.0", + "Name": "github.com/godbus/dbus/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/godbus/dbus/v5@v5.1.0", + "UID": "1729d241a89eca21" + }, + "Version": "v5.1.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gogo/protobuf@v1.3.2", + "Name": "github.com/gogo/protobuf", + "Identifier": { + "PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2", + "UID": "77ccf57b45e9cfed" + }, + "Version": "v1.3.2", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/protobuf@v1.5.4", + "Name": "github.com/golang/protobuf", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/protobuf@v1.5.4", + "UID": "957dc5fe5a33c98f" + }, + "Version": "v1.5.4", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/gnostic-models@v0.6.9", + "Name": "github.com/google/gnostic-models", + "Identifier": { + "PURL": "pkg:golang/github.com/google/gnostic-models@v0.6.9", + "UID": "90b03d12a9938d50" + }, + "Version": "v0.6.9", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/go-cmp@v0.7.0", + "Name": "github.com/google/go-cmp", + "Identifier": { + "PURL": "pkg:golang/github.com/google/go-cmp@v0.7.0", + "UID": "20a2f80d6f5393c7" + }, + "Version": "v0.7.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/gofuzz@v1.2.0", + "Name": "github.com/google/gofuzz", + "Identifier": { + "PURL": "pkg:golang/github.com/google/gofuzz@v1.2.0", + "UID": "e183c655395772b6" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/uuid@v1.6.0", + "Name": "github.com/google/uuid", + "Identifier": { + "PURL": "pkg:golang/github.com/google/uuid@v1.6.0", + "UID": "3dd43b877a5d610f" + }, + "Version": "v1.6.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/josharian/intern@v1.0.0", + "Name": "github.com/josharian/intern", + "Identifier": { + "PURL": "pkg:golang/github.com/josharian/intern@v1.0.0", + "UID": "90c668bf046a2a31" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/json-iterator/go@v1.1.12", + "Name": "github.com/json-iterator/go", + "Identifier": { + "PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12", + "UID": "4f1bf2e06414b299" + }, + "Version": "v1.1.12", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/klauspost/compress@v1.18.0", + "Name": "github.com/klauspost/compress", + "Identifier": { + "PURL": "pkg:golang/github.com/klauspost/compress@v1.18.0", + "UID": "7f3ce6e4c78adcd2" + }, + "Version": "v1.18.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mailru/easyjson@v0.9.0", + "Name": "github.com/mailru/easyjson", + "Identifier": { + "PURL": "pkg:golang/github.com/mailru/easyjson@v0.9.0", + "UID": "8e731b85a9403a51" + }, + "Version": "v0.9.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mitchellh/go-ps@v1.0.0", + "Name": "github.com/mitchellh/go-ps", + "Identifier": { + "PURL": "pkg:golang/github.com/mitchellh/go-ps@v1.0.0", + "UID": "959547c882e5c3cc" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mitchellh/hashstructure/v2@v2.0.2", + "Name": "github.com/mitchellh/hashstructure/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/mitchellh/hashstructure/v2@v2.0.2", + "UID": "299b7baf789e1fe5" + }, + "Version": "v2.0.2", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mitchellh/mapstructure@v1.5.0", + "Name": "github.com/mitchellh/mapstructure", + "Identifier": { + "PURL": "pkg:golang/github.com/mitchellh/mapstructure@v1.5.0", + "UID": "2d2e1923a64fa913" + }, + "Version": "v1.5.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/moby/sys/mountinfo@v0.7.2", + "Name": "github.com/moby/sys/mountinfo", + "Identifier": { + "PURL": "pkg:golang/github.com/moby/sys/mountinfo@v0.7.2", + "UID": "d652a6dd9db3509" + }, + "Version": "v0.7.2", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/moby/sys/userns@v0.1.0", + "Name": "github.com/moby/sys/userns", + "Identifier": { + "PURL": "pkg:golang/github.com/moby/sys/userns@v0.1.0", + "UID": "a32d0f700bd01d80" + }, + "Version": "v0.1.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "Name": "github.com/modern-go/concurrent", + "Identifier": { + "PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "UID": "5e7d6ed6a9291007" + }, + "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/modern-go/reflect2@v1.0.2", + "Name": "github.com/modern-go/reflect2", + "Identifier": { + "PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.2", + "UID": "6336a204157ff67" + }, + "Version": "v1.0.2", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "Name": "github.com/munnerz/goautoneg", + "Identifier": { + "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "UID": "f4d996da1db5f6dd" + }, + "Version": "v0.0.0-20191010083416-a7dc8b61c822", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/ncabatoff/go-seq@v0.0.0-20180805175032-b08ef85ed833", + "Name": "github.com/ncabatoff/go-seq", + "Identifier": { + "PURL": "pkg:golang/github.com/ncabatoff/go-seq@v0.0.0-20180805175032-b08ef85ed833", + "UID": "4d26efe5f13c379e" + }, + "Version": "v0.0.0-20180805175032-b08ef85ed833", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/ncabatoff/process-exporter@v0.8.5", + "Name": "github.com/ncabatoff/process-exporter", + "Identifier": { + "PURL": "pkg:golang/github.com/ncabatoff/process-exporter@v0.8.5", + "UID": "4194ef6fd5a53a54" + }, + "Version": "v0.8.5", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/opencontainers/runc@v1.2.6", + "Name": "github.com/opencontainers/runc", + "Identifier": { + "PURL": "pkg:golang/github.com/opencontainers/runc@v1.2.6", + "UID": "f11a96d6a05d4e5" + }, + "Version": "v1.2.6", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/opencontainers/runtime-spec@v1.2.1", + "Name": "github.com/opencontainers/runtime-spec", + "Identifier": { + "PURL": "pkg:golang/github.com/opencontainers/runtime-spec@v1.2.1", + "UID": "cfc051cbed42aa7f" + }, + "Version": "v1.2.1", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pkg/errors@v0.9.1", + "Name": "github.com/pkg/errors", + "Identifier": { + "PURL": "pkg:golang/github.com/pkg/errors@v0.9.1", + "UID": "a4661d52661cde6f" + }, + "Version": "v0.9.1", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_golang@v1.21.1", + "Name": "github.com/prometheus/client_golang", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.21.1", + "UID": "cf0eec313a572c7d" + }, + "Version": "v1.21.1", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_model@v0.6.1", + "Name": "github.com/prometheus/client_model", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_model@v0.6.1", + "UID": "2969f265ba42259f" + }, + "Version": "v0.6.1", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/common@v0.63.0", + "Name": "github.com/prometheus/common", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/common@v0.63.0", + "UID": "aa68e5875a019f26" + }, + "Version": "v0.63.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/procfs@v0.16.0", + "Name": "github.com/prometheus/procfs", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/procfs@v0.16.0", + "UID": "17c0a79b577da7ad" + }, + "Version": "v0.16.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/sirupsen/logrus@v1.9.3", + "Name": "github.com/sirupsen/logrus", + "Identifier": { + "PURL": "pkg:golang/github.com/sirupsen/logrus@v1.9.3", + "UID": "c8cf16cd1ec59275" + }, + "Version": "v1.9.3", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/cobra@v1.9.1", + "Name": "github.com/spf13/cobra", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/cobra@v1.9.1", + "UID": "e5eb8289270112d1" + }, + "Version": "v1.9.1", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/pflag@v1.0.6", + "Name": "github.com/spf13/pflag", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.6", + "UID": "acf06b9053b256c3" + }, + "Version": "v1.0.6", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/x448/float16@v0.8.4", + "Name": "github.com/x448/float16", + "Identifier": { + "PURL": "pkg:golang/github.com/x448/float16@v0.8.4", + "UID": "3d224f51b980140b" + }, + "Version": "v0.8.4", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/zakjan/cert-chain-resolver@v0.0.0-20221221105603-fcedb00c5b30", + "Name": "github.com/zakjan/cert-chain-resolver", + "Identifier": { + "PURL": "pkg:golang/github.com/zakjan/cert-chain-resolver@v0.0.0-20221221105603-fcedb00c5b30", + "UID": "9bf8c7dc9014a9e9" + }, + "Version": "v0.0.0-20221221105603-fcedb00c5b30", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel@v1.35.0", + "Name": "go.opentelemetry.io/otel", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel@v1.35.0", + "UID": "e61cdb231f62acab" + }, + "Version": "v1.35.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/trace@v1.35.0", + "Name": "go.opentelemetry.io/otel/trace", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/trace@v1.35.0", + "UID": "850bec1a9a53c219" + }, + "Version": "v1.35.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/net@v0.37.0", + "Name": "golang.org/x/net", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.37.0", + "UID": "594fc3192c58f71a" + }, + "Version": "v0.37.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/oauth2@v0.28.0", + "Name": "golang.org/x/oauth2", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/oauth2@v0.28.0", + "UID": "850e9a7489590bbe" + }, + "Version": "v0.28.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sys@v0.31.0", + "Name": "golang.org/x/sys", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sys@v0.31.0", + "UID": "1000bf2374c93aec" + }, + "Version": "v0.31.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/term@v0.30.0", + "Name": "golang.org/x/term", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/term@v0.30.0", + "UID": "cd162b8c7e0dd85c" + }, + "Version": "v0.30.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/text@v0.23.0", + "Name": "golang.org/x/text", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/text@v0.23.0", + "UID": "4335d38cd87c6b25" + }, + "Version": "v0.23.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/time@v0.11.0", + "Name": "golang.org/x/time", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/time@v0.11.0", + "UID": "4f086c9601802602" + }, + "Version": "v0.11.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/protobuf@v1.36.6", + "Name": "google.golang.org/protobuf", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/protobuf@v1.36.6", + "UID": "8a81e34769b7379c" + }, + "Version": "v1.36.6", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/evanphx/json-patch.v4@v4.12.0", + "Name": "gopkg.in/evanphx/json-patch.v4", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/evanphx/json-patch.v4@v4.12.0", + "UID": "dc6c8579eea7bfd5" + }, + "Version": "v4.12.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/go-playground/pool.v3@v3.1.1", + "Name": "gopkg.in/go-playground/pool.v3", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/go-playground/pool.v3@v3.1.1", + "UID": "51162c33768de56" + }, + "Version": "v3.1.1", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/inf.v0@v0.9.1", + "Name": "gopkg.in/inf.v0", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/inf.v0@v0.9.1", + "UID": "e558b8f193113d77" + }, + "Version": "v0.9.1", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/mcuadros/go-syslog.v2@v2.3.0", + "Name": "gopkg.in/mcuadros/go-syslog.v2", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/mcuadros/go-syslog.v2@v2.3.0", + "UID": "bace5db98b94d160" + }, + "Version": "v2.3.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v3@v3.0.1", + "Name": "gopkg.in/yaml.v3", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", + "UID": "94e739c0cf8d230d" + }, + "Version": "v3.0.1", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/api@v0.32.3", + "Name": "k8s.io/api", + "Identifier": { + "PURL": "pkg:golang/k8s.io/api@v0.32.3", + "UID": "7bfe8e036a8dd27b" + }, + "Version": "v0.32.3", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/apimachinery@v0.32.3", + "Name": "k8s.io/apimachinery", + "Identifier": { + "PURL": "pkg:golang/k8s.io/apimachinery@v0.32.3", + "UID": "ec985c6a7a89cba9" + }, + "Version": "v0.32.3", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/apiserver@v0.32.3", + "Name": "k8s.io/apiserver", + "Identifier": { + "PURL": "pkg:golang/k8s.io/apiserver@v0.32.3", + "UID": "4adb1b3b54feba56" + }, + "Version": "v0.32.3", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/client-go@v0.32.3", + "Name": "k8s.io/client-go", + "Identifier": { + "PURL": "pkg:golang/k8s.io/client-go@v0.32.3", + "UID": "9eec946bc552f852" + }, + "Version": "v0.32.3", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/component-base@v0.32.3", + "Name": "k8s.io/component-base", + "Identifier": { + "PURL": "pkg:golang/k8s.io/component-base@v0.32.3", + "UID": "71b4acbfbd4d7c0f" + }, + "Version": "v0.32.3", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/klog/v2@v2.130.1", + "Name": "k8s.io/klog/v2", + "Identifier": { + "PURL": "pkg:golang/k8s.io/klog/v2@v2.130.1", + "UID": "9c74aedc99773d19" + }, + "Version": "v2.130.1", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/kube-openapi@v0.0.0-20250318190949-c8a335a9a2ff", + "Name": "k8s.io/kube-openapi", + "Identifier": { + "PURL": "pkg:golang/k8s.io/kube-openapi@v0.0.0-20250318190949-c8a335a9a2ff", + "UID": "26b8fa6ccc2fad64" + }, + "Version": "v0.0.0-20250318190949-c8a335a9a2ff", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/utils@v0.0.0-20250321185631-1f6e0b77f77e", + "Name": "k8s.io/utils", + "Identifier": { + "PURL": "pkg:golang/k8s.io/utils@v0.0.0-20250321185631-1f6e0b77f77e", + "UID": "e40f5642e5e8eefd" + }, + "Version": "v0.0.0-20250321185631-1f6e0b77f77e", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "pault.ag/go/sniff@v0.0.0-20200207005214-cf7e4d167732", + "Name": "pault.ag/go/sniff", + "Identifier": { + "PURL": "pkg:golang/pault.ag/go/sniff@v0.0.0-20200207005214-cf7e4d167732", + "UID": "f03b9756bc848d85" + }, + "Version": "v0.0.0-20200207005214-cf7e4d167732", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/json@v0.0.0-20241014173422-cfa47c3a1cc8", + "Name": "sigs.k8s.io/json", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/json@v0.0.0-20241014173422-cfa47c3a1cc8", + "UID": "357ccd18c4c5ac2a" + }, + "Version": "v0.0.0-20241014173422-cfa47c3a1cc8", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/randfill@v1.0.0", + "Name": "sigs.k8s.io/randfill", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/randfill@v1.0.0", + "UID": "1b2ad822c257fa0c" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/structured-merge-diff/v4@v4.6.0", + "Name": "sigs.k8s.io/structured-merge-diff/v4", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/structured-merge-diff/v4@v4.6.0", + "UID": "16c69a2f5d0abb9e" + }, + "Version": "v4.6.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/yaml@v1.4.0", + "Name": "sigs.k8s.io/yaml", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/yaml@v1.4.0", + "UID": "a72bbd84a84f9803" + }, + "Version": "v1.4.0", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2025-31133", + "VendorIDs": [ + "GHSA-9493-h29p-rfm2" + ], + "PkgID": "github.com/opencontainers/runc@v1.2.6", + "PkgName": "github.com/opencontainers/runc", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/opencontainers/runc@v1.2.6", + "UID": "f11a96d6a05d4e5" + }, + "InstalledVersion": "v1.2.6", + "FixedVersion": "1.2.8, 1.3.3, 1.4.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-31133", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:8a1e3328a292341418933349c356bdabc0d7ee1388c79188ffd08cff3516fdfa", + "Title": "runc: container escape via 'masked path' abuse due to mount race conditions", + "Description": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-61", + "CWE-363" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", + "V40Score": 7.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 8.2 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:20957", + "https://access.redhat.com/security/cve/CVE-2025-31133", + "https://bugzilla.redhat.com/2404705", + "https://bugzilla.redhat.com/2404708", + "https://bugzilla.redhat.com/2404715", + "https://bugzilla.redhat.com/show_bug.cgi?id=2404705", + "https://bugzilla.redhat.com/show_bug.cgi?id=2404708", + "https://bugzilla.redhat.com/show_bug.cgi?id=2404715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31133", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52565", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881", + "https://errata.almalinux.org/9/ALSA-2025-20957.html", + "https://errata.rockylinux.org/RLSA-2025:20957", + "https://github.com/opencontainers/runc", + "https://github.com/opencontainers/runc/commit/1a30a8f3d921acbbb6a4bb7e99da2c05f8d48522", + "https://github.com/opencontainers/runc/commit/5d7b2424072449872d1cd0c937f2ca25f418eb66", + "https://github.com/opencontainers/runc/commit/8476df83b534a2522b878c0507b3491def48db9f", + "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64", + "https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2", + "https://linux.oracle.com/cve/CVE-2025-31133.html", + "https://linux.oracle.com/errata/ELSA-2025-21232.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-31133", + "https://ubuntu.com/security/notices/USN-7851-1", + "https://www.cve.org/CVERecord?id=CVE-2025-31133" + ], + "PublishedDate": "2025-11-06T19:15:41.343Z", + "LastModifiedDate": "2025-12-03T18:30:15.43Z" + }, + { + "VulnerabilityID": "CVE-2025-52565", + "VendorIDs": [ + "GHSA-qw9x-cqr3-wc7r" + ], + "PkgID": "github.com/opencontainers/runc@v1.2.6", + "PkgName": "github.com/opencontainers/runc", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/opencontainers/runc@v1.2.6", + "UID": "f11a96d6a05d4e5" + }, + "InstalledVersion": "v1.2.6", + "FixedVersion": "1.2.8, 1.3.3, 1.4.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-52565", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:1a071dfab898b8c241fa1d704bde7f6632d0271b2145af8956eaa79c5d96012c", + "Title": "runc: container escape with malicious config due to /dev/console mount and related races", + "Description": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-61", + "CWE-363" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", + "V40Score": 7.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 8.2 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:20957", + "https://access.redhat.com/security/cve/CVE-2025-52565", + "https://bugzilla.redhat.com/2404705", + "https://bugzilla.redhat.com/2404708", + "https://bugzilla.redhat.com/2404715", + "https://bugzilla.redhat.com/show_bug.cgi?id=2404705", + "https://bugzilla.redhat.com/show_bug.cgi?id=2404708", + "https://bugzilla.redhat.com/show_bug.cgi?id=2404715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31133", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52565", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881", + "https://errata.almalinux.org/9/ALSA-2025-20957.html", + "https://errata.rockylinux.org/RLSA-2025:20957", + "https://github.com/opencontainers/runc", + "https://github.com/opencontainers/runc/commit/01de9d65dc72f67b256ef03f9bfb795a2bf143b4", + "https://github.com/opencontainers/runc/commit/398955bccb7f20565c224a3064d331c19e422398", + "https://github.com/opencontainers/runc/commit/531ef794e4ecd628006a865ad334a048ee2b4b2e", + "https://github.com/opencontainers/runc/commit/9be1dbf4ac67d9840a043ebd2df5c68f36705d1d", + "https://github.com/opencontainers/runc/commit/aee7d3fe355dd02939d44155e308ea0052e0d53a", + "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64", + "https://github.com/opencontainers/runc/commit/de87203e625cd7a27141fb5f2ad00a320c69c5e8", + "https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480", + "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r", + "https://linux.oracle.com/cve/CVE-2025-52565.html", + "https://linux.oracle.com/errata/ELSA-2025-21232.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-52565", + "https://ubuntu.com/security/notices/USN-7851-1", + "https://www.cve.org/CVERecord?id=CVE-2025-52565" + ], + "PublishedDate": "2025-11-06T20:15:49.24Z", + "LastModifiedDate": "2025-12-03T18:33:33.357Z" + }, + { + "VulnerabilityID": "CVE-2025-52881", + "VendorIDs": [ + "GHSA-cgrx-mc8f-2prm" + ], + "PkgID": "github.com/opencontainers/runc@v1.2.6", + "PkgName": "github.com/opencontainers/runc", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/opencontainers/runc@v1.2.6", + "UID": "f11a96d6a05d4e5" + }, + "InstalledVersion": "v1.2.6", + "FixedVersion": "1.2.8, 1.3.3, 1.4.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-52881", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:93ad6b4cf6ae903c2dca1a11884dab938157f5e4298b73f4318b126e3a6eec57", + "Title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects", + "Description": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-61", + "CWE-363" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", + "V40Score": 7.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 8.2 + } + }, + "References": [ + "http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322", + "http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3", + "https://access.redhat.com/errata/RHSA-2025:22011", + "https://access.redhat.com/security/cve/CVE-2025-52881", + "https://bugzilla.redhat.com/2404715", + "https://bugzilla.redhat.com/2407258", + "https://bugzilla.redhat.com/show_bug.cgi?id=2404715", + "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", + "https://errata.almalinux.org/9/ALSA-2025-22011.html", + "https://errata.rockylinux.org/RLSA-2025:22011", + "https://github.com/opencontainers/runc", + "https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md", + "https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557", + "https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d", + "https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58", + "https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6", + "https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f", + "https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544", + "https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db", + "https://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322", + "https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28", + "https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2", + "https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165", + "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64", + "https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1", + "https://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3", + "https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51", + "https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480", + "https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2", + "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm", + "https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw", + "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r", + "https://github.com/opencontainers/selinux/pull/237", + "https://github.com/opencontainers/selinux/releases/tag/v1.13.0", + "https://linux.oracle.com/cve/CVE-2025-52881.html", + "https://linux.oracle.com/errata/ELSA-2025-23543.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-52881", + "https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs", + "https://ubuntu.com/security/notices/USN-7851-1", + "https://www.cve.org/CVERecord?id=CVE-2025-52881", + "https://youtu.be/tGseJW_uBB8", + "https://youtu.be/y1PaBzxwRWQ" + ], + "PublishedDate": "2025-11-06T21:15:42.817Z", + "LastModifiedDate": "2025-12-03T18:37:17.917Z" + }, + { + "VulnerabilityID": "CVE-2025-22872", + "VendorIDs": [ + "GHSA-vvgc-356p-c3xw" + ], + "PkgID": "golang.org/x/net@v0.37.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.37.0", + "UID": "594fc3192c58f71a" + }, + "InstalledVersion": "v0.37.0", + "FixedVersion": "0.38.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:dc0f68a9f6e7d52fc0eaf48378351169db30573fb90e155a750e6fd2f558941d", + "Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net", + "Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", + "V40Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22872", + "https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9", + "https://github.com/advisories/GHSA-vvgc-356p-c3xw", + "https://go.dev/cl/662715", + "https://go.dev/issue/73070", + "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22872", + "https://pkg.go.dev/vuln/GO-2025-3595", + "https://security.netapp.com/advisory/ntap-20250516-0007", + "https://security.netapp.com/advisory/ntap-20250516-0007/", + "https://ubuntu.com/security/notices/USN-8089-1", + "https://ubuntu.com/security/notices/USN-8089-2", + "https://ubuntu.com/security/notices/USN-8089-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22872" + ], + "PublishedDate": "2025-04-16T18:16:04.183Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-68121", + "VendorIDs": [ + "GO-2026-4337" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:905c609d711b56c3899791cbcfdf9f0be3bcbb8467f510952266fe8efa3a272a", + "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", + "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 4, + "cbl-mariner": 2, + "nvd": 4, + "oracle-oval": 3, + "photon": 4, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-68121", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://github.com/golang/go/issues/77113", + "https://go.dev/cl/737700", + "https://go.dev/issue/77217", + "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-68121.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", + "https://pkg.go.dev/vuln/GO-2026-4337", + "https://www.cve.org/CVERecord?id=CVE-2025-68121" + ], + "PublishedDate": "2026-02-05T18:16:10.857Z", + "LastModifiedDate": "2026-04-29T14:16:16.17Z" + }, + { + "VulnerabilityID": "CVE-2025-22874", + "VendorIDs": [ + "GO-2025-3749" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22874", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4e306579cbfbc62b3d7a4fc50463b7f719aaf364e59e4ae43440a85b80d895c0", + "Title": "crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509", + "Description": "Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.", + "Severity": "HIGH", + "VendorSeverity": { + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "redhat": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22874", + "https://go.dev/cl/670375", + "https://go.dev/issue/73612", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22874", + "https://pkg.go.dev/vuln/GO-2025-3749", + "https://www.cve.org/CVERecord?id=CVE-2025-22874" + ], + "PublishedDate": "2025-06-11T17:15:42.167Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61726", + "VendorIDs": [ + "GO-2026-4341" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b65a0f771146f3dacb8fa1162ed384d4e146990c4dad91c1c05a40d1f88d9e62", + "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", + "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 3, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-61726", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://go.dev/cl/736712", + "https://go.dev/issue/77101", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61726.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", + "https://pkg.go.dev/vuln/GO-2026-4341", + "https://www.cve.org/CVERecord?id=CVE-2025-61726" + ], + "PublishedDate": "2026-01-28T20:16:09.713Z", + "LastModifiedDate": "2026-02-06T18:47:34.52Z" + }, + { + "VulnerabilityID": "CVE-2025-61729", + "VendorIDs": [ + "GO-2025-4155" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3f2216674acdf6152cca3b31c9b1349f121880f3c62de470407a033c45728b38", + "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", + "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 1, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3928", + "https://access.redhat.com/security/cve/CVE-2025-61729", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3928.html", + "https://errata.rockylinux.org/RLSA-2026:3928", + "https://go.dev/cl/725920", + "https://go.dev/issue/76445", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://linux.oracle.com/cve/CVE-2025-61729.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", + "https://pkg.go.dev/vuln/GO-2025-4155", + "https://www.cve.org/CVERecord?id=CVE-2025-61729" + ], + "PublishedDate": "2025-12-02T19:15:51.447Z", + "LastModifiedDate": "2025-12-19T18:25:28.283Z" + }, + { + "VulnerabilityID": "CVE-2026-25679", + "VendorIDs": [ + "GO-2026-4601" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a5f2288a08ebc6d32e5f8b24a5e786c808e3363f9c79526a52b5ed13c3afb815", + "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", + "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-425" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9044", + "https://access.redhat.com/security/cve/CVE-2026-25679", + "https://bugzilla.redhat.com/2445356", + "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", + "https://errata.almalinux.org/9/ALSA-2026-9044.html", + "https://errata.rockylinux.org/RLSA-2026:8841", + "https://go.dev/cl/752180", + "https://go.dev/issue/77578", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://linux.oracle.com/cve/CVE-2026-25679.html", + "https://linux.oracle.com/errata/ELSA-2026-9044.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", + "https://pkg.go.dev/vuln/GO-2026-4601", + "https://www.cve.org/CVERecord?id=CVE-2026-25679" + ], + "PublishedDate": "2026-03-06T22:16:00.72Z", + "LastModifiedDate": "2026-04-21T14:43:03.8Z" + }, + { + "VulnerabilityID": "CVE-2026-32280", + "VendorIDs": [ + "GO-2026-4947" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:236561b0d76fd633b3f8ea9589e28e8252d057ad45e61d8a715dd1089f69c2e9", + "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", + "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32280", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/758320", + "https://go.dev/issue/78282", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32280.html", + "https://linux.oracle.com/errata/ELSA-2026-16875.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", + "https://pkg.go.dev/vuln/GO-2026-4947", + "https://www.cve.org/CVERecord?id=CVE-2026-32280" + ], + "PublishedDate": "2026-04-08T02:16:03.247Z", + "LastModifiedDate": "2026-04-16T19:16:42.18Z" + }, + { + "VulnerabilityID": "CVE-2026-32281", + "VendorIDs": [ + "GO-2026-4946" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ee63850eeb0b98abc629e1bfb7f17c49fd370236ae287a7e0b158e537ecf174d", + "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", + "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32281", + "https://go.dev/cl/758061", + "https://go.dev/issue/78281", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", + "https://pkg.go.dev/vuln/GO-2026-4946", + "https://www.cve.org/CVERecord?id=CVE-2026-32281" + ], + "PublishedDate": "2026-04-08T02:16:03.35Z", + "LastModifiedDate": "2026-04-16T19:15:57.75Z" + }, + { + "VulnerabilityID": "CVE-2026-32283", + "VendorIDs": [ + "GO-2026-4870" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:de867a86b12b18b068214c64fd3cf72e14c8998239fad5c6ea8af16b2980fb3e", + "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", + "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32283", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763767", + "https://go.dev/issue/78334", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32283.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", + "https://pkg.go.dev/vuln/GO-2026-4870", + "https://www.cve.org/CVERecord?id=CVE-2026-32283" + ], + "PublishedDate": "2026-04-08T02:16:03.58Z", + "LastModifiedDate": "2026-04-16T19:12:10.54Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5c5afc7c2011bb9c9d6b6113ed0f0aba5831f90e11562c96774057ef66974da6", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b97405d0eb81b04ef8ea44c11c96115e2de07497739d0828dd1fbac26176100a", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:96e6a93426f45d4edcb196b70256393c353ba11ddaab0077a95c02d83416992f", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:eec37e0a1f9015bc4b2bea99e9dceb689b7941cc4971a017d9c2a7074e8bcf06", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ef41abd95fa90d96b0f449561d9da0b7fad3af0899abed58213a1bd2ef7067f0", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2025-0913", + "VendorIDs": [ + "GO-2025-3750" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e8f25fb842aafa1d4510df17b415b0b42eea5f7d9524b9023d9d81c353898edf", + "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", + "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://go.dev/cl/672396", + "https://go.dev/issue/73702", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", + "https://pkg.go.dev/vuln/GO-2025-3750" + ], + "PublishedDate": "2025-06-11T18:15:24.627Z", + "LastModifiedDate": "2025-08-08T14:53:03.55Z" + }, + { + "VulnerabilityID": "CVE-2025-22871", + "VendorIDs": [ + "GO-2025-3563" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.23.8, 1.24.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7b32600685af15312db364035ee9a51baabfe175fa8872dd3b12b8d7d681f0cf", + "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", + "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 3, + "ghsa": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/04/4", + "https://access.redhat.com/errata/RHSA-2025:9635", + "https://access.redhat.com/security/cve/CVE-2025-22871", + "https://bugzilla.redhat.com/2358493", + "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", + "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", + "https://errata.almalinux.org/9/ALSA-2025-9635.html", + "https://errata.rockylinux.org/RLSA-2025:9635", + "https://github.com/roadrunner-server/roadrunner", + "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", + "https://github.com/roadrunner-server/roadrunner/issues/2166", + "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", + "https://go.dev/cl/652998", + "https://go.dev/issue/71988", + "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", + "https://linux.oracle.com/cve/CVE-2025-22871.html", + "https://linux.oracle.com/errata/ELSA-2025-9845.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", + "https://pkg.go.dev/vuln/GO-2025-3563", + "https://www.cve.org/CVERecord?id=CVE-2025-22871" + ], + "PublishedDate": "2025-04-08T20:15:20.183Z", + "LastModifiedDate": "2026-05-12T13:16:39.897Z" + }, + { + "VulnerabilityID": "CVE-2025-22873", + "VendorIDs": [ + "GO-2026-4403" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.23.9, 1.24.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:da02390ac3678a9292b2e3255207ed24f83efd0a0798a4e9717e986f573f3c60", + "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", + "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-23" + ], + "VendorSeverity": { + "amazon": 2, + "bitnami": 1, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "V3Score": 3.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/06/2", + "https://access.redhat.com/security/cve/CVE-2025-22873", + "https://go.dev/cl/670036", + "https://go.dev/issue/73555", + "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", + "https://pkg.go.dev/vuln/GO-2026-4403", + "https://www.cve.org/CVERecord?id=CVE-2025-22873" + ], + "PublishedDate": "2026-02-04T23:15:54.22Z", + "LastModifiedDate": "2026-02-10T15:16:40.057Z" + }, + { + "VulnerabilityID": "CVE-2025-4673", + "VendorIDs": [ + "GO-2025-3751" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1377391e540050ec8f8e5c09fd39c39f4ec36ce1eef7b43b24cf8cf4c7640014", + "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", + "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:15887", + "https://access.redhat.com/security/cve/CVE-2025-4673", + "https://bugzilla.redhat.com/2373305", + "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", + "https://errata.almalinux.org/9/ALSA-2025-15887.html", + "https://errata.rockylinux.org/RLSA-2025:15887", + "https://go.dev/cl/679257", + "https://go.dev/issue/73816", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://linux.oracle.com/cve/CVE-2025-4673.html", + "https://linux.oracle.com/errata/ELSA-2025-10677.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", + "https://pkg.go.dev/vuln/GO-2025-3751", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-4673" + ], + "PublishedDate": "2025-06-11T17:15:42.993Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-47906", + "VendorIDs": [ + "GO-2025-3956" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b6e59841725749146d67ff2f498cc4751595312973070f2b1701fd2278663100", + "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", + "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:22005", + "https://access.redhat.com/security/cve/CVE-2025-47906", + "https://bugzilla.redhat.com/2396546", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", + "https://errata.almalinux.org/9/ALSA-2025-22005.html", + "https://errata.rockylinux.org/RLSA-2025:22005", + "https://go.dev/cl/691775", + "https://go.dev/issue/74466", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47906.html", + "https://linux.oracle.com/errata/ELSA-2025-22668.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", + "https://pkg.go.dev/vuln/GO-2025-3956", + "https://www.cve.org/CVERecord?id=CVE-2025-47906" + ], + "PublishedDate": "2025-09-18T19:15:37.66Z", + "LastModifiedDate": "2026-01-27T19:56:17.707Z" + }, + { + "VulnerabilityID": "CVE-2025-47907", + "VendorIDs": [ + "GO-2025-3849" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:649d90c9ebdf7b874cb04cf6161460a587c957f61250d11f42e1241a4300c89c", + "Title": "database/sql: Postgres Scan Race Condition", + "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:20909", + "https://access.redhat.com/security/cve/CVE-2025-47907", + "https://bugzilla.redhat.com/2387083", + "https://bugzilla.redhat.com/2393152", + "https://errata.almalinux.org/9/ALSA-2025-20909.html", + "https://go.dev/cl/693735", + "https://go.dev/issue/74831", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47907.html", + "https://linux.oracle.com/errata/ELSA-2025-20983.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", + "https://pkg.go.dev/vuln/GO-2025-3849", + "https://www.cve.org/CVERecord?id=CVE-2025-47907" + ], + "PublishedDate": "2025-08-07T16:15:30.357Z", + "LastModifiedDate": "2026-01-29T19:11:50.67Z" + }, + { + "VulnerabilityID": "CVE-2025-47912", + "VendorIDs": [ + "GO-2025-4010" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:62f595be4d83b013d1cc95156516338d322dc7297e796d0a0772f446b5a0e4fa", + "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", + "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-47912", + "https://go.dev/cl/709857", + "https://go.dev/issue/75678", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", + "https://pkg.go.dev/vuln/GO-2025-4010", + "https://www.cve.org/CVERecord?id=CVE-2025-47912" + ], + "PublishedDate": "2025-10-29T23:16:18.187Z", + "LastModifiedDate": "2026-01-29T13:57:18.69Z" + }, + { + "VulnerabilityID": "CVE-2025-58183", + "VendorIDs": [ + "GO-2025-4014" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c18ad5fc7a4f26a20a4547b8fee7296280d64f503229435da38b4d2b58145f5b", + "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", + "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/errata/RHSA-2026:1381", + "https://access.redhat.com/security/cve/CVE-2025-58183", + "https://bugzilla.redhat.com/2407258", + "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", + "https://errata.almalinux.org/9/ALSA-2026-1381.html", + "https://errata.rockylinux.org/RLSA-2025:23326", + "https://go.dev/cl/709861", + "https://go.dev/issue/75677", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://linux.oracle.com/cve/CVE-2025-58183.html", + "https://linux.oracle.com/errata/ELSA-2026-50076.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", + "https://pkg.go.dev/vuln/GO-2025-4014", + "https://www.cve.org/CVERecord?id=CVE-2025-58183" + ], + "PublishedDate": "2025-10-29T23:16:19.357Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-58185", + "VendorIDs": [ + "GO-2025-4011" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c4e3de936290d1ed3cd87066ad4bfc8a27f63d8778524ae15d31d2ebde5b6039", + "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", + "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58185", + "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", + "https://go.dev/cl/709856", + "https://go.dev/issue/75671", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", + "https://pkg.go.dev/vuln/GO-2025-4011", + "https://www.cve.org/CVERecord?id=CVE-2025-58185" + ], + "PublishedDate": "2025-10-29T23:16:19.45Z", + "LastModifiedDate": "2026-02-06T20:26:41.997Z" + }, + { + "VulnerabilityID": "CVE-2025-58187", + "VendorIDs": [ + "GO-2025-4007" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.9, 1.25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5f340d7dbc9bab368a91cf162d20d149c74771e38903e91a7d3a65cc4bef8ef0", + "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", + "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58187", + "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", + "https://go.dev/cl/709854", + "https://go.dev/issue/75681", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", + "https://pkg.go.dev/vuln/GO-2025-4007", + "https://www.cve.org/CVERecord?id=CVE-2025-58187" + ], + "PublishedDate": "2025-10-29T23:16:19.643Z", + "LastModifiedDate": "2026-01-29T16:02:27.08Z" + }, + { + "VulnerabilityID": "CVE-2025-58188", + "VendorIDs": [ + "GO-2025-4013" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3b62f995bb4fbb4828b54f06407e664a479bcb464c1d392905064051bc062f10", + "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", + "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58188", + "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", + "https://go.dev/cl/709853", + "https://go.dev/issue/75675", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", + "https://pkg.go.dev/vuln/GO-2025-4013", + "https://www.cve.org/CVERecord?id=CVE-2025-58188" + ], + "PublishedDate": "2025-10-29T23:16:19.74Z", + "LastModifiedDate": "2026-01-29T15:55:11.97Z" + }, + { + "VulnerabilityID": "CVE-2025-58189", + "VendorIDs": [ + "GO-2025-4008" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:73585e8d9c01715331b0d2c13794edcaf8add94519c45fffb5c6eda9af3d3c72", + "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", + "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-532" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58189", + "https://go.dev/cl/707776", + "https://go.dev/issue/75652", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", + "https://pkg.go.dev/vuln/GO-2025-4008", + "https://www.cve.org/CVERecord?id=CVE-2025-58189" + ], + "PublishedDate": "2025-10-29T23:16:19.833Z", + "LastModifiedDate": "2026-01-29T15:49:24.543Z" + }, + { + "VulnerabilityID": "CVE-2025-61723", + "VendorIDs": [ + "GO-2025-4009" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:15d2b0c3ca9a4ee3940d0d53254100273ce434292b6dd4a41be723789b5cc231", + "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", + "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61723", + "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", + "https://go.dev/cl/709858", + "https://go.dev/issue/75676", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", + "https://pkg.go.dev/vuln/GO-2025-4009", + "https://www.cve.org/CVERecord?id=CVE-2025-61723" + ], + "PublishedDate": "2025-10-29T23:16:19.927Z", + "LastModifiedDate": "2026-01-29T15:49:05.343Z" + }, + { + "VulnerabilityID": "CVE-2025-61724", + "VendorIDs": [ + "GO-2025-4015" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c8e4688bcfc1d0200398ee18966da8e79f81c291cf17ccadb5e1bc18f67e6682", + "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", + "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61724", + "https://go.dev/cl/709859", + "https://go.dev/issue/75716", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", + "https://pkg.go.dev/vuln/GO-2025-4015", + "https://www.cve.org/CVERecord?id=CVE-2025-61724" + ], + "PublishedDate": "2025-10-29T23:16:20.02Z", + "LastModifiedDate": "2026-01-29T15:30:53.69Z" + }, + { + "VulnerabilityID": "CVE-2025-61725", + "VendorIDs": [ + "GO-2025-4006" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ab9a9a25cb7f5ecad2df7bb44c43b9cfb210ae7b41a21834f147061fd1748e32", + "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", + "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61725", + "https://go.dev/cl/709860", + "https://go.dev/issue/75680", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", + "https://pkg.go.dev/vuln/GO-2025-4006", + "https://www.cve.org/CVERecord?id=CVE-2025-61725" + ], + "PublishedDate": "2025-10-29T23:16:20.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61727", + "VendorIDs": [ + "GO-2025-4175" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6ae918c7459278d8fe59009f26ec24974334dad5d25f0b50ae8fbc96fb891b41", + "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", + "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61727", + "https://go.dev/cl/723900", + "https://go.dev/issue/76442", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", + "https://pkg.go.dev/vuln/GO-2025-4175", + "https://www.cve.org/CVERecord?id=CVE-2025-61727" + ], + "PublishedDate": "2025-12-03T20:16:25.607Z", + "LastModifiedDate": "2025-12-18T20:15:10.957Z" + }, + { + "VulnerabilityID": "CVE-2025-61728", + "VendorIDs": [ + "GO-2026-4342" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e6c3eda8cab18233ed7b0ba449b5346707c3f0b8b738ff63eed7518b9d802bbf", + "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", + "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/15/4", + "https://access.redhat.com/errata/RHSA-2026:3753", + "https://access.redhat.com/security/cve/CVE-2025-61728", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434431", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3753.html", + "https://errata.rockylinux.org/RLSA-2026:3337", + "https://go.dev/cl/736713", + "https://go.dev/issue/77102", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61728.html", + "https://linux.oracle.com/errata/ELSA-2026-4672.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", + "https://pkg.go.dev/vuln/GO-2026-4342", + "https://www.cve.org/CVERecord?id=CVE-2025-61728" + ], + "PublishedDate": "2026-01-28T20:16:09.83Z", + "LastModifiedDate": "2026-02-06T18:45:10.42Z" + }, + { + "VulnerabilityID": "CVE-2025-61730", + "VendorIDs": [ + "GO-2026-4340" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:109f6e7d728e3169d48d9d328d9e543125c3796aaa10a6b890eee3c36edf7df5", + "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", + "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "bitnami": 2, + "cbl-mariner": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61730", + "https://go.dev/cl/724120", + "https://go.dev/issue/76443", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", + "https://pkg.go.dev/vuln/GO-2026-4340", + "https://www.cve.org/CVERecord?id=CVE-2025-61730" + ], + "PublishedDate": "2026-01-28T20:16:09.94Z", + "LastModifiedDate": "2026-02-03T20:36:41.3Z" + }, + { + "VulnerabilityID": "CVE-2026-27142", + "VendorIDs": [ + "GO-2026-4603" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6d9c37ff9b099d65e165bc41e65d23b3f5ff2848fc0672bee89f5298882780d6", + "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", + "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27142", + "https://go.dev/cl/752081", + "https://go.dev/issue/77954", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", + "https://pkg.go.dev/vuln/GO-2026-4603", + "https://www.cve.org/CVERecord?id=CVE-2026-27142" + ], + "PublishedDate": "2026-03-06T22:16:01.177Z", + "LastModifiedDate": "2026-04-21T14:30:01.38Z" + }, + { + "VulnerabilityID": "CVE-2026-32282", + "VendorIDs": [ + "GO-2026-4864" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b5238b89aaea3e7586d8507322b59a246585b0f3540e02b0e73814d3bdc9d520", + "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", + "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32282", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763761", + "https://go.dev/issue/78293", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32282.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", + "https://pkg.go.dev/vuln/GO-2026-4864", + "https://www.cve.org/CVERecord?id=CVE-2026-32282" + ], + "PublishedDate": "2026-04-08T02:16:03.467Z", + "LastModifiedDate": "2026-04-16T19:15:39.4Z" + }, + { + "VulnerabilityID": "CVE-2026-32288", + "VendorIDs": [ + "GO-2026-4869" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:cd4f8b7b8d8c881d14c33749974bf2210d36ef246e16c6bef9fef5c97808495f", + "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", + "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32288", + "https://go.dev/cl/763766", + "https://go.dev/issue/78301", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", + "https://pkg.go.dev/vuln/GO-2026-4869", + "https://www.cve.org/CVERecord?id=CVE-2026-32288" + ], + "PublishedDate": "2026-04-08T02:16:03.707Z", + "LastModifiedDate": "2026-04-16T19:08:52.24Z" + }, + { + "VulnerabilityID": "CVE-2026-32289", + "VendorIDs": [ + "GO-2026-4865" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9135ecf33a4d829c8bc5c652a7d96a5c00668faa89aa586c209d9389f906ba51", + "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", + "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32289", + "https://go.dev/cl/763762", + "https://go.dev/issue/78331", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", + "https://pkg.go.dev/vuln/GO-2026-4865", + "https://www.cve.org/CVERecord?id=CVE-2026-32289" + ], + "PublishedDate": "2026-04-08T02:16:03.82Z", + "LastModifiedDate": "2026-04-16T19:06:57.367Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:180239ca3e68711c99a35526cec49967ddb671cf7d9a38f5afdbb367d40ea675", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:cac40f1f0c4e56ef38ad7f10aa04948a38b1abfb031d38b8ace16da86018e890", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "9149befe453267f8" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", + "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1757647dd56db76b845c68ac9be53b169ca92e9300ba5030cd44ea5e5e065799", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + }, + { + "Target": "wait-shutdown", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "k8s.io/ingress-nginx", + "Name": "k8s.io/ingress-nginx", + "Identifier": { + "PURL": "pkg:golang/k8s.io/ingress-nginx", + "UID": "f76d84a54a5e2866" + }, + "Relationship": "root", + "DependsOn": [ + "github.com/go-logr/logr@v1.4.2", + "github.com/mitchellh/go-ps@v1.0.0", + "k8s.io/apimachinery@v0.32.3", + "k8s.io/klog/v2@v2.130.1", + "k8s.io/utils@v0.0.0-20250321185631-1f6e0b77f77e", + "stdlib@v1.24.1" + ], + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "stdlib@v1.24.1", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "Version": "v1.24.1", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/logr@v1.4.2", + "Name": "github.com/go-logr/logr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/logr@v1.4.2", + "UID": "8ba57ce35feb736" + }, + "Version": "v1.4.2", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mitchellh/go-ps@v1.0.0", + "Name": "github.com/mitchellh/go-ps", + "Identifier": { + "PURL": "pkg:golang/github.com/mitchellh/go-ps@v1.0.0", + "UID": "20a4401897df5931" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/apimachinery@v0.32.3", + "Name": "k8s.io/apimachinery", + "Identifier": { + "PURL": "pkg:golang/k8s.io/apimachinery@v0.32.3", + "UID": "e750bd3707f779e4" + }, + "Version": "v0.32.3", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/klog/v2@v2.130.1", + "Name": "k8s.io/klog/v2", + "Identifier": { + "PURL": "pkg:golang/k8s.io/klog/v2@v2.130.1", + "UID": "329ce9d4ca4324c" + }, + "Version": "v2.130.1", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/utils@v0.0.0-20250321185631-1f6e0b77f77e", + "Name": "k8s.io/utils", + "Identifier": { + "PURL": "pkg:golang/k8s.io/utils@v0.0.0-20250321185631-1f6e0b77f77e", + "UID": "31b8673771d1f678" + }, + "Version": "v0.0.0-20250321185631-1f6e0b77f77e", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2025-68121", + "VendorIDs": [ + "GO-2026-4337" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8b438b5ca93a4d831c4dbbdc9a1f2814098437ed85c53834cebd0c22f02e53be", + "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", + "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 4, + "cbl-mariner": 2, + "nvd": 4, + "oracle-oval": 3, + "photon": 4, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-68121", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://github.com/golang/go/issues/77113", + "https://go.dev/cl/737700", + "https://go.dev/issue/77217", + "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-68121.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", + "https://pkg.go.dev/vuln/GO-2026-4337", + "https://www.cve.org/CVERecord?id=CVE-2025-68121" + ], + "PublishedDate": "2026-02-05T18:16:10.857Z", + "LastModifiedDate": "2026-04-29T14:16:16.17Z" + }, + { + "VulnerabilityID": "CVE-2025-22874", + "VendorIDs": [ + "GO-2025-3749" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22874", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1a06adfc79b82f0e3aaee4aec31b8255872d052000188cc0b112ee3e0f238f9e", + "Title": "crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509", + "Description": "Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.", + "Severity": "HIGH", + "VendorSeverity": { + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "redhat": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22874", + "https://go.dev/cl/670375", + "https://go.dev/issue/73612", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22874", + "https://pkg.go.dev/vuln/GO-2025-3749", + "https://www.cve.org/CVERecord?id=CVE-2025-22874" + ], + "PublishedDate": "2025-06-11T17:15:42.167Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61726", + "VendorIDs": [ + "GO-2026-4341" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ca7b6583714a29ce1ef91b43015c059503768aaa984f3aae6b55c9c58c4c49d3", + "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", + "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 3, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-61726", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://go.dev/cl/736712", + "https://go.dev/issue/77101", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61726.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", + "https://pkg.go.dev/vuln/GO-2026-4341", + "https://www.cve.org/CVERecord?id=CVE-2025-61726" + ], + "PublishedDate": "2026-01-28T20:16:09.713Z", + "LastModifiedDate": "2026-02-06T18:47:34.52Z" + }, + { + "VulnerabilityID": "CVE-2025-61729", + "VendorIDs": [ + "GO-2025-4155" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bfd42409a798e77c47899901c419a06234ef7982f9293c4d272f6e1636b43d0a", + "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", + "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 1, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3928", + "https://access.redhat.com/security/cve/CVE-2025-61729", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3928.html", + "https://errata.rockylinux.org/RLSA-2026:3928", + "https://go.dev/cl/725920", + "https://go.dev/issue/76445", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://linux.oracle.com/cve/CVE-2025-61729.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", + "https://pkg.go.dev/vuln/GO-2025-4155", + "https://www.cve.org/CVERecord?id=CVE-2025-61729" + ], + "PublishedDate": "2025-12-02T19:15:51.447Z", + "LastModifiedDate": "2025-12-19T18:25:28.283Z" + }, + { + "VulnerabilityID": "CVE-2026-25679", + "VendorIDs": [ + "GO-2026-4601" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:787c0cc7871f3f82cd79a95e9e4ea9c229abdefacc9d2249d08693ffea6a00a3", + "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", + "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-425" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9044", + "https://access.redhat.com/security/cve/CVE-2026-25679", + "https://bugzilla.redhat.com/2445356", + "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", + "https://errata.almalinux.org/9/ALSA-2026-9044.html", + "https://errata.rockylinux.org/RLSA-2026:8841", + "https://go.dev/cl/752180", + "https://go.dev/issue/77578", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://linux.oracle.com/cve/CVE-2026-25679.html", + "https://linux.oracle.com/errata/ELSA-2026-9044.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", + "https://pkg.go.dev/vuln/GO-2026-4601", + "https://www.cve.org/CVERecord?id=CVE-2026-25679" + ], + "PublishedDate": "2026-03-06T22:16:00.72Z", + "LastModifiedDate": "2026-04-21T14:43:03.8Z" + }, + { + "VulnerabilityID": "CVE-2026-32280", + "VendorIDs": [ + "GO-2026-4947" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3b45aed6e12c97fe4615ce003c27d3da538b822e5dfc90066d1d9e80363f82e0", + "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", + "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32280", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/758320", + "https://go.dev/issue/78282", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32280.html", + "https://linux.oracle.com/errata/ELSA-2026-16875.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", + "https://pkg.go.dev/vuln/GO-2026-4947", + "https://www.cve.org/CVERecord?id=CVE-2026-32280" + ], + "PublishedDate": "2026-04-08T02:16:03.247Z", + "LastModifiedDate": "2026-04-16T19:16:42.18Z" + }, + { + "VulnerabilityID": "CVE-2026-32281", + "VendorIDs": [ + "GO-2026-4946" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:808d3de71e9a794b2cfd7a7f723cb3261d402ed328feeb9ffb0d7999a44787c7", + "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", + "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32281", + "https://go.dev/cl/758061", + "https://go.dev/issue/78281", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", + "https://pkg.go.dev/vuln/GO-2026-4946", + "https://www.cve.org/CVERecord?id=CVE-2026-32281" + ], + "PublishedDate": "2026-04-08T02:16:03.35Z", + "LastModifiedDate": "2026-04-16T19:15:57.75Z" + }, + { + "VulnerabilityID": "CVE-2026-32283", + "VendorIDs": [ + "GO-2026-4870" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e9ccb4904a0592b16459ea57775d5962377b1bcf8565db5e07022faefa482fe4", + "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", + "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32283", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763767", + "https://go.dev/issue/78334", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32283.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", + "https://pkg.go.dev/vuln/GO-2026-4870", + "https://www.cve.org/CVERecord?id=CVE-2026-32283" + ], + "PublishedDate": "2026-04-08T02:16:03.58Z", + "LastModifiedDate": "2026-04-16T19:12:10.54Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e08a9377494d825398d54991381662fd7cd3104fe6d54a30c4c238052651b262", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e9b1fea04b8fc34b33e6606fa6cc1db8518508d19ae385f92e7918430c41dae2", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b1fb77bdade7f09410135d5a21695990fee8b0776f9246674209bddc9b929a5d", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:38756514ee19b979d9948ccd76fb8c79c7832e54aeeffe47f64ccdc4b8b8bcfa", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2227cc02167cfde7c88f2b8e27b5fc288dd7d6ec5e51afbd4ea5397b05d46895", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2025-0913", + "VendorIDs": [ + "GO-2025-3750" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f53a9254df5b2462b0b5da383e814ce2296735c29ebca0978ea23238d0179aac", + "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", + "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://go.dev/cl/672396", + "https://go.dev/issue/73702", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", + "https://pkg.go.dev/vuln/GO-2025-3750" + ], + "PublishedDate": "2025-06-11T18:15:24.627Z", + "LastModifiedDate": "2025-08-08T14:53:03.55Z" + }, + { + "VulnerabilityID": "CVE-2025-22871", + "VendorIDs": [ + "GO-2025-3563" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.23.8, 1.24.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c4f006ff5795197b93f24ac7c29a46bbf6c3a52d66121809cd1cf039c9b4fe9d", + "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", + "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 3, + "ghsa": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/04/4", + "https://access.redhat.com/errata/RHSA-2025:9635", + "https://access.redhat.com/security/cve/CVE-2025-22871", + "https://bugzilla.redhat.com/2358493", + "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", + "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", + "https://errata.almalinux.org/9/ALSA-2025-9635.html", + "https://errata.rockylinux.org/RLSA-2025:9635", + "https://github.com/roadrunner-server/roadrunner", + "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", + "https://github.com/roadrunner-server/roadrunner/issues/2166", + "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", + "https://go.dev/cl/652998", + "https://go.dev/issue/71988", + "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", + "https://linux.oracle.com/cve/CVE-2025-22871.html", + "https://linux.oracle.com/errata/ELSA-2025-9845.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", + "https://pkg.go.dev/vuln/GO-2025-3563", + "https://www.cve.org/CVERecord?id=CVE-2025-22871" + ], + "PublishedDate": "2025-04-08T20:15:20.183Z", + "LastModifiedDate": "2026-05-12T13:16:39.897Z" + }, + { + "VulnerabilityID": "CVE-2025-22873", + "VendorIDs": [ + "GO-2026-4403" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.23.9, 1.24.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c31c2db2782c5d2a6137ccb549009ce5d5618f9f9c80c081d3b0cae760728b4f", + "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", + "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-23" + ], + "VendorSeverity": { + "amazon": 2, + "bitnami": 1, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "V3Score": 3.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/06/2", + "https://access.redhat.com/security/cve/CVE-2025-22873", + "https://go.dev/cl/670036", + "https://go.dev/issue/73555", + "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", + "https://pkg.go.dev/vuln/GO-2026-4403", + "https://www.cve.org/CVERecord?id=CVE-2025-22873" + ], + "PublishedDate": "2026-02-04T23:15:54.22Z", + "LastModifiedDate": "2026-02-10T15:16:40.057Z" + }, + { + "VulnerabilityID": "CVE-2025-4673", + "VendorIDs": [ + "GO-2025-3751" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d832e7c4f78bffb641f45933be75b831352817e629d4e4ce2e78ad8b19894316", + "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", + "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:15887", + "https://access.redhat.com/security/cve/CVE-2025-4673", + "https://bugzilla.redhat.com/2373305", + "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", + "https://errata.almalinux.org/9/ALSA-2025-15887.html", + "https://errata.rockylinux.org/RLSA-2025:15887", + "https://go.dev/cl/679257", + "https://go.dev/issue/73816", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://linux.oracle.com/cve/CVE-2025-4673.html", + "https://linux.oracle.com/errata/ELSA-2025-10677.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", + "https://pkg.go.dev/vuln/GO-2025-3751", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-4673" + ], + "PublishedDate": "2025-06-11T17:15:42.993Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-47906", + "VendorIDs": [ + "GO-2025-3956" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b8d0993f109db42bc7a4a25d3d980b94987db3d32dfc0910cd6620c59d653730", + "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", + "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:22005", + "https://access.redhat.com/security/cve/CVE-2025-47906", + "https://bugzilla.redhat.com/2396546", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", + "https://errata.almalinux.org/9/ALSA-2025-22005.html", + "https://errata.rockylinux.org/RLSA-2025:22005", + "https://go.dev/cl/691775", + "https://go.dev/issue/74466", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47906.html", + "https://linux.oracle.com/errata/ELSA-2025-22668.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", + "https://pkg.go.dev/vuln/GO-2025-3956", + "https://www.cve.org/CVERecord?id=CVE-2025-47906" + ], + "PublishedDate": "2025-09-18T19:15:37.66Z", + "LastModifiedDate": "2026-01-27T19:56:17.707Z" + }, + { + "VulnerabilityID": "CVE-2025-47907", + "VendorIDs": [ + "GO-2025-3849" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a63f50c7a2bd6717d185f143ca1d9b5e89d1976dc65435fec5cf5b3817301187", + "Title": "database/sql: Postgres Scan Race Condition", + "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:20909", + "https://access.redhat.com/security/cve/CVE-2025-47907", + "https://bugzilla.redhat.com/2387083", + "https://bugzilla.redhat.com/2393152", + "https://errata.almalinux.org/9/ALSA-2025-20909.html", + "https://go.dev/cl/693735", + "https://go.dev/issue/74831", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47907.html", + "https://linux.oracle.com/errata/ELSA-2025-20983.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", + "https://pkg.go.dev/vuln/GO-2025-3849", + "https://www.cve.org/CVERecord?id=CVE-2025-47907" + ], + "PublishedDate": "2025-08-07T16:15:30.357Z", + "LastModifiedDate": "2026-01-29T19:11:50.67Z" + }, + { + "VulnerabilityID": "CVE-2025-47912", + "VendorIDs": [ + "GO-2025-4010" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9ffeea68f0ccac5e73f8155644bac5822d40c9013c0cad37bd70a99c910ee935", + "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", + "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-47912", + "https://go.dev/cl/709857", + "https://go.dev/issue/75678", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", + "https://pkg.go.dev/vuln/GO-2025-4010", + "https://www.cve.org/CVERecord?id=CVE-2025-47912" + ], + "PublishedDate": "2025-10-29T23:16:18.187Z", + "LastModifiedDate": "2026-01-29T13:57:18.69Z" + }, + { + "VulnerabilityID": "CVE-2025-58183", + "VendorIDs": [ + "GO-2025-4014" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1e688386de97500e02d9306dbdca417285f5560b0bde700f1d5b792af8878fde", + "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", + "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/errata/RHSA-2026:1381", + "https://access.redhat.com/security/cve/CVE-2025-58183", + "https://bugzilla.redhat.com/2407258", + "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", + "https://errata.almalinux.org/9/ALSA-2026-1381.html", + "https://errata.rockylinux.org/RLSA-2025:23326", + "https://go.dev/cl/709861", + "https://go.dev/issue/75677", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://linux.oracle.com/cve/CVE-2025-58183.html", + "https://linux.oracle.com/errata/ELSA-2026-50076.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", + "https://pkg.go.dev/vuln/GO-2025-4014", + "https://www.cve.org/CVERecord?id=CVE-2025-58183" + ], + "PublishedDate": "2025-10-29T23:16:19.357Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-58185", + "VendorIDs": [ + "GO-2025-4011" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:16827813ecc3103ce94420897eedc128c33a50f2904bcdd2f8b06e58a3fd072e", + "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", + "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58185", + "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", + "https://go.dev/cl/709856", + "https://go.dev/issue/75671", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", + "https://pkg.go.dev/vuln/GO-2025-4011", + "https://www.cve.org/CVERecord?id=CVE-2025-58185" + ], + "PublishedDate": "2025-10-29T23:16:19.45Z", + "LastModifiedDate": "2026-02-06T20:26:41.997Z" + }, + { + "VulnerabilityID": "CVE-2025-58187", + "VendorIDs": [ + "GO-2025-4007" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.9, 1.25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:df64cb72b5604e5ae8232c5368267481fed7efc9998a362fdf4c07bc5c784a37", + "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", + "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58187", + "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", + "https://go.dev/cl/709854", + "https://go.dev/issue/75681", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", + "https://pkg.go.dev/vuln/GO-2025-4007", + "https://www.cve.org/CVERecord?id=CVE-2025-58187" + ], + "PublishedDate": "2025-10-29T23:16:19.643Z", + "LastModifiedDate": "2026-01-29T16:02:27.08Z" + }, + { + "VulnerabilityID": "CVE-2025-58188", + "VendorIDs": [ + "GO-2025-4013" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ddb8efb7e5c3bf44c42d115877e36c99be12c18212cc33ea2d6f6c54e8acce0f", + "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", + "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58188", + "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", + "https://go.dev/cl/709853", + "https://go.dev/issue/75675", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", + "https://pkg.go.dev/vuln/GO-2025-4013", + "https://www.cve.org/CVERecord?id=CVE-2025-58188" + ], + "PublishedDate": "2025-10-29T23:16:19.74Z", + "LastModifiedDate": "2026-01-29T15:55:11.97Z" + }, + { + "VulnerabilityID": "CVE-2025-58189", + "VendorIDs": [ + "GO-2025-4008" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1b0511288bdf8943180225fa45f04d76ebd758a0472398282cf521c3b9882e3a", + "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", + "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-532" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58189", + "https://go.dev/cl/707776", + "https://go.dev/issue/75652", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", + "https://pkg.go.dev/vuln/GO-2025-4008", + "https://www.cve.org/CVERecord?id=CVE-2025-58189" + ], + "PublishedDate": "2025-10-29T23:16:19.833Z", + "LastModifiedDate": "2026-01-29T15:49:24.543Z" + }, + { + "VulnerabilityID": "CVE-2025-61723", + "VendorIDs": [ + "GO-2025-4009" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1b9bc4cf6275727483e9fc5d2628a3d56f69924f0960652ebbc79b9ab8577378", + "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", + "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61723", + "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", + "https://go.dev/cl/709858", + "https://go.dev/issue/75676", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", + "https://pkg.go.dev/vuln/GO-2025-4009", + "https://www.cve.org/CVERecord?id=CVE-2025-61723" + ], + "PublishedDate": "2025-10-29T23:16:19.927Z", + "LastModifiedDate": "2026-01-29T15:49:05.343Z" + }, + { + "VulnerabilityID": "CVE-2025-61724", + "VendorIDs": [ + "GO-2025-4015" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:36c84b57f8819e4c2ae8394af8cdee2d73aa26ca09275ce7d254e72fc92b9bc3", + "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", + "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61724", + "https://go.dev/cl/709859", + "https://go.dev/issue/75716", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", + "https://pkg.go.dev/vuln/GO-2025-4015", + "https://www.cve.org/CVERecord?id=CVE-2025-61724" + ], + "PublishedDate": "2025-10-29T23:16:20.02Z", + "LastModifiedDate": "2026-01-29T15:30:53.69Z" + }, + { + "VulnerabilityID": "CVE-2025-61725", + "VendorIDs": [ + "GO-2025-4006" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f5cfa1ceadfda7045d80f5a2c2052f928c8a1368b770f31b6a14af28eca3fd2c", + "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", + "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61725", + "https://go.dev/cl/709860", + "https://go.dev/issue/75680", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", + "https://pkg.go.dev/vuln/GO-2025-4006", + "https://www.cve.org/CVERecord?id=CVE-2025-61725" + ], + "PublishedDate": "2025-10-29T23:16:20.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61727", + "VendorIDs": [ + "GO-2025-4175" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:cc34c0d3f0a3235f04491bebcca654a8a354ea63e298c40df6145b38829c5b82", + "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", + "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61727", + "https://go.dev/cl/723900", + "https://go.dev/issue/76442", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", + "https://pkg.go.dev/vuln/GO-2025-4175", + "https://www.cve.org/CVERecord?id=CVE-2025-61727" + ], + "PublishedDate": "2025-12-03T20:16:25.607Z", + "LastModifiedDate": "2025-12-18T20:15:10.957Z" + }, + { + "VulnerabilityID": "CVE-2025-61728", + "VendorIDs": [ + "GO-2026-4342" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:438a3d7944bd2083545b378d95bc783734d330053abc4753667ff263d33fc44c", + "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", + "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/15/4", + "https://access.redhat.com/errata/RHSA-2026:3753", + "https://access.redhat.com/security/cve/CVE-2025-61728", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434431", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3753.html", + "https://errata.rockylinux.org/RLSA-2026:3337", + "https://go.dev/cl/736713", + "https://go.dev/issue/77102", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61728.html", + "https://linux.oracle.com/errata/ELSA-2026-4672.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", + "https://pkg.go.dev/vuln/GO-2026-4342", + "https://www.cve.org/CVERecord?id=CVE-2025-61728" + ], + "PublishedDate": "2026-01-28T20:16:09.83Z", + "LastModifiedDate": "2026-02-06T18:45:10.42Z" + }, + { + "VulnerabilityID": "CVE-2025-61730", + "VendorIDs": [ + "GO-2026-4340" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f3c7ac48a568ba7a0dbf1f45680c17aa82a342d80c83010674f37241c56e9ffc", + "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", + "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "bitnami": 2, + "cbl-mariner": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61730", + "https://go.dev/cl/724120", + "https://go.dev/issue/76443", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", + "https://pkg.go.dev/vuln/GO-2026-4340", + "https://www.cve.org/CVERecord?id=CVE-2025-61730" + ], + "PublishedDate": "2026-01-28T20:16:09.94Z", + "LastModifiedDate": "2026-02-03T20:36:41.3Z" + }, + { + "VulnerabilityID": "CVE-2026-27142", + "VendorIDs": [ + "GO-2026-4603" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c4549e9dd1a9a69a08497d6b41df239a2d93725522d8c7ebda19d9dd2ff80e82", + "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", + "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27142", + "https://go.dev/cl/752081", + "https://go.dev/issue/77954", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", + "https://pkg.go.dev/vuln/GO-2026-4603", + "https://www.cve.org/CVERecord?id=CVE-2026-27142" + ], + "PublishedDate": "2026-03-06T22:16:01.177Z", + "LastModifiedDate": "2026-04-21T14:30:01.38Z" + }, + { + "VulnerabilityID": "CVE-2026-32282", + "VendorIDs": [ + "GO-2026-4864" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:538346bfa9c3654d11bb4d6f38dad64e1e41de0cd2516f768a4eca67e84f001c", + "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", + "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32282", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763761", + "https://go.dev/issue/78293", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32282.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", + "https://pkg.go.dev/vuln/GO-2026-4864", + "https://www.cve.org/CVERecord?id=CVE-2026-32282" + ], + "PublishedDate": "2026-04-08T02:16:03.467Z", + "LastModifiedDate": "2026-04-16T19:15:39.4Z" + }, + { + "VulnerabilityID": "CVE-2026-32288", + "VendorIDs": [ + "GO-2026-4869" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7679e18655b68a427396c23aa24c27fcfcdb0c73c9c596902b876087030f8cf5", + "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", + "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32288", + "https://go.dev/cl/763766", + "https://go.dev/issue/78301", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", + "https://pkg.go.dev/vuln/GO-2026-4869", + "https://www.cve.org/CVERecord?id=CVE-2026-32288" + ], + "PublishedDate": "2026-04-08T02:16:03.707Z", + "LastModifiedDate": "2026-04-16T19:08:52.24Z" + }, + { + "VulnerabilityID": "CVE-2026-32289", + "VendorIDs": [ + "GO-2026-4865" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f4bd48071eeaf9f922a82b15cc3f5fac84d715174c85c9e0d39c8edd2ce76c02", + "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", + "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32289", + "https://go.dev/cl/763762", + "https://go.dev/issue/78331", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", + "https://pkg.go.dev/vuln/GO-2026-4865", + "https://www.cve.org/CVERecord?id=CVE-2026-32289" + ], + "PublishedDate": "2026-04-08T02:16:03.82Z", + "LastModifiedDate": "2026-04-16T19:06:57.367Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:72632e2d9bff9f54d791923e01385e51f55719f03c4c8fe19b6c3f71da4faf07", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7a8aee16e92208e6febd37c5128e812bee9431e6ba2bd597c2c36828e3051868", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.24.1", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.1", + "UID": "b74b75cc6e3e916d" + }, + "InstalledVersion": "v1.24.1", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", + "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8e5e80c6d5b929995b0941508c0b5e398f5b6f336707758df23b90b16fad4e51", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + } + ] + }, + { + "Namespace": "metallb-system", + "Kind": "DaemonSet", + "Name": "speaker", + "Metadata": [ + { + "Size": 128373248, + "OS": { + "Family": "debian", + "Name": "12.8" + }, + "ImageID": "sha256:dacabb789863ddefff263613ea3345cfde0f8edf85253efc6d38742e89e4fdfa", + "DiffIDs": [ + "sha256:03af251906410714c5aef9fa705b63f6bbc39c4a5e787de7361eeb18886c2ed2", + "sha256:8fa10c0194df9b7c054c90dbe482585f768a54428fc90a5b78a0066a123b1bba", + "sha256:a80545a98dcd0866ae5eeadc9a28dec703b1e54a01ce8ff245e83f48261fe575", + "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368", + "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc", + "sha256:6f1cdceb6a3146f0ccb986521156bef8a422cdbb0863396f7f751f575ba308f4", + "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b", + "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1", + "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849", + "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3", + "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217", + "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250", + "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0", + "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b", + "sha256:850b6e87aff37bbb683118a6d8f549d991d4e316766d9dfc8db6304d9ef73ea0", + "sha256:920976b98aa632190d3608c2a91d4f3454112f7a9d43f025865b8e6a88d87a9d" + ], + "RepoTags": [ + "quay.io/metallb/speaker:v0.14.9" + ], + "RepoDigests": [ + "quay.io/metallb/speaker@sha256:b09a1dfcf330938950b65115cd58f6989108c0c21d3c096040e7fe9a25a92993" + ], + "Reference": "quay.io/metallb/speaker:v0.14.9", + "ImageConfig": { + "architecture": "amd64", + "created": "2024-12-17T14:55:52.242396277Z", + "history": [ + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "0001-01-01T00:00:00Z" + }, + { + "created": "2024-12-17T13:46:15.014506473Z", + "created_by": "COPY /build/cp-tool /cp-tool # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-12-17T14:55:52.098710856Z", + "created_by": "COPY /build/speaker /speaker # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-12-17T14:55:52.220646866Z", + "created_by": "COPY /build/frr-metrics /frr-metrics # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-12-17T14:55:52.231171864Z", + "created_by": "COPY frr-tools/reloader/frr-reloader.sh /frr-reloader.sh # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-12-17T14:55:52.242396277Z", + "created_by": "COPY LICENSE / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2024-12-17T14:55:52.242396277Z", + "created_by": "LABEL org.opencontainers.image.authors=metallb org.opencontainers.image.url=https://github.com/metallb/metallb org.opencontainers.image.documentation=https://metallb.universe.tf org.opencontainers.image.source=https://github.com/metallb/metallb org.opencontainers.image.vendor=metallb org.opencontainers.image.licenses=Apache-2.0 org.opencontainers.image.description=Metallb speaker org.opencontainers.image.title=speaker org.opencontainers.image.base.name=gcr.io/distroless/static:latest", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2024-12-17T14:55:52.242396277Z", + "created_by": "ENTRYPOINT [\"/speaker\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:03af251906410714c5aef9fa705b63f6bbc39c4a5e787de7361eeb18886c2ed2", + "sha256:8fa10c0194df9b7c054c90dbe482585f768a54428fc90a5b78a0066a123b1bba", + "sha256:a80545a98dcd0866ae5eeadc9a28dec703b1e54a01ce8ff245e83f48261fe575", + "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368", + "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc", + "sha256:6f1cdceb6a3146f0ccb986521156bef8a422cdbb0863396f7f751f575ba308f4", + "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b", + "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1", + "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849", + "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3", + "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217", + "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250", + "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0", + "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b", + "sha256:850b6e87aff37bbb683118a6d8f549d991d4e316766d9dfc8db6304d9ef73ea0", + "sha256:920976b98aa632190d3608c2a91d4f3454112f7a9d43f025865b8e6a88d87a9d" + ] + }, + "config": { + "Entrypoint": [ + "/speaker" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt" + ], + "Labels": { + "org.opencontainers.image.authors": "metallb", + "org.opencontainers.image.base.name": "gcr.io/distroless/static:latest", + "org.opencontainers.image.created": "2024-12-17T14:50:37.322Z", + "org.opencontainers.image.description": "speaker for metallb, a network load-balancer implementation for Kubernetes using standard routing protocols", + "org.opencontainers.image.documentation": "https://metallb.universe.tf", + "org.opencontainers.image.licenses": "Apache-2.0", + "org.opencontainers.image.revision": "5765ee504d21a3a237d9dab223ca707661269ecd", + "org.opencontainers.image.source": "https://github.com/metallb/metallb", + "org.opencontainers.image.title": "speaker", + "org.opencontainers.image.url": "https://github.com/metallb/metallb", + "org.opencontainers.image.vendor": "metallb", + "org.opencontainers.image.version": "v0.14.9" + }, + "User": "0", + "WorkingDir": "/" + } + }, + "Layers": [ + { + "Size": 327680, + "Digest": "sha256:0baecf37abeec25aad5f5bb99f3fa20e90f15361468ef5b66fae93e9c8283c3d", + "DiffID": "sha256:03af251906410714c5aef9fa705b63f6bbc39c4a5e787de7361eeb18886c2ed2" + }, + { + "Size": 40960, + "Digest": "sha256:bfb59b82a9b65e47d485e53b3e815bca3b3e21a095bd0cb88ced9ac0b48062bf", + "DiffID": "sha256:8fa10c0194df9b7c054c90dbe482585f768a54428fc90a5b78a0066a123b1bba" + }, + { + "Size": 2396160, + "Digest": "sha256:efa9d1d5d3a286c60a7261496166fdf31cec2284dafe7eef7cda89eba2f675d6", + "DiffID": "sha256:a80545a98dcd0866ae5eeadc9a28dec703b1e54a01ce8ff245e83f48261fe575" + }, + { + "Size": 1536, + "Digest": "sha256:0f8b424aa0b96c1c388a5fd4d90735604459256336853082afb61733438872b5", + "DiffID": "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368" + }, + { + "Size": 2560, + "Digest": "sha256:d557676654e572af3e3173c90e7874644207fda32cd87e9d3d66b5d7b98a7b21", + "DiffID": "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc" + }, + { + "Size": 2560, + "Digest": "sha256:3214acf345c0cc6bbdb56b698a41ccdefc624a09d6beb0d38b5de0b2303ecaf4", + "DiffID": "sha256:6f1cdceb6a3146f0ccb986521156bef8a422cdbb0863396f7f751f575ba308f4" + }, + { + "Size": 2560, + "Digest": "sha256:d858cbc252ade14879807ff8dbc3043a26bbdb92087da98cda831ee040b172b3", + "DiffID": "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b" + }, + { + "Size": 1536, + "Digest": "sha256:1069fc2daed1aceff7232f4b8ab21200dd3d8b04f61be9da86977a34a105dfdc", + "DiffID": "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1" + }, + { + "Size": 10240, + "Digest": "sha256:b40161cd83fc5d470d6abe50e87aa288481b6b89137012881d74187cfbf9f502", + "DiffID": "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849" + }, + { + "Size": 3072, + "Digest": "sha256:3f4e2c5863480125882d92060440a5250766bce764fee10acdbac18c872e4dc7", + "DiffID": "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3" + }, + { + "Size": 238592, + "Digest": "sha256:80a8c047508ae5cd6a591060fc43422cb8e3aea1bd908d913e8f0146e2297fea", + "DiffID": "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217" + }, + { + "Size": 2136576, + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + { + "Size": 72461824, + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + { + "Size": 50730496, + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + { + "Size": 3584, + "Digest": "sha256:b46ec170c3ced5da812e2570e4f54175c22d688b6736485136bd9fccc5cdd465", + "DiffID": "sha256:850b6e87aff37bbb683118a6d8f549d991d4e316766d9dfc8db6304d9ef73ea0" + }, + { + "Size": 13312, + "Digest": "sha256:bb22fecdd8f317c65b63e46dbea45a05f9dc5498ffd5cc5440e6840311efed67", + "DiffID": "sha256:920976b98aa632190d3608c2a91d4f3454112f7a9d43f025865b8e6a88d87a9d" + } + ] + } + ], + "Results": [ + { + "Target": "quay.io/metallb/speaker:v0.14.9 (debian 12.8)", + "Class": "os-pkgs", + "Type": "debian", + "Packages": [ + { + "ID": "base-files@12.4+deb12u8", + "Name": "base-files", + "Identifier": { + "PURL": "pkg:deb/debian/base-files@12.4%2Bdeb12u8?arch=amd64\u0026distro=debian-12.8", + "UID": "d14c71402a4a6855" + }, + "Version": "12.4+deb12u8", + "Arch": "amd64", + "SrcName": "base-files", + "SrcVersion": "12.4+deb12u8", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:0baecf37abeec25aad5f5bb99f3fa20e90f15361468ef5b66fae93e9c8283c3d", + "DiffID": "sha256:03af251906410714c5aef9fa705b63f6bbc39c4a5e787de7361eeb18886c2ed2" + }, + "InstalledFiles": [ + "/usr/lib/os-release", + "/usr/share/base-files/dot.bashrc", + "/usr/share/base-files/dot.profile", + "/usr/share/base-files/dot.profile.md5sums", + "/usr/share/base-files/info.dir", + "/usr/share/base-files/motd", + "/usr/share/base-files/profile", + "/usr/share/base-files/profile.md5sums", + "/usr/share/base-files/staff-group-for-usr-local", + "/usr/share/common-licenses/Apache-2.0", + "/usr/share/common-licenses/Artistic", + "/usr/share/common-licenses/BSD", + "/usr/share/common-licenses/CC0-1.0", + "/usr/share/common-licenses/GFDL-1.2", + "/usr/share/common-licenses/GFDL-1.3", + "/usr/share/common-licenses/GPL-1", + "/usr/share/common-licenses/GPL-2", + "/usr/share/common-licenses/GPL-3", + "/usr/share/common-licenses/LGPL-2", + "/usr/share/common-licenses/LGPL-2.1", + "/usr/share/common-licenses/LGPL-3", + "/usr/share/common-licenses/MPL-1.1", + "/usr/share/common-licenses/MPL-2.0", + "/usr/share/doc/base-files/README", + "/usr/share/doc/base-files/README.FHS", + "/usr/share/doc/base-files/changelog.gz", + "/usr/share/doc/base-files/copyright", + "/usr/share/lintian/overrides/base-files" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "netbase@6.4", + "Name": "netbase", + "Identifier": { + "PURL": "pkg:deb/debian/netbase@6.4?arch=all\u0026distro=debian-12.8", + "UID": "64adcbea2e4e887c" + }, + "Version": "6.4", + "Arch": "all", + "SrcName": "netbase", + "SrcVersion": "6.4", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:bfb59b82a9b65e47d485e53b3e815bca3b3e21a095bd0cb88ced9ac0b48062bf", + "DiffID": "sha256:8fa10c0194df9b7c054c90dbe482585f768a54428fc90a5b78a0066a123b1bba" + }, + "InstalledFiles": [ + "/usr/share/doc/netbase/changelog.gz", + "/usr/share/doc/netbase/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "tzdata@2024b-0+deb12u1", + "Name": "tzdata", + "Identifier": { + "PURL": "pkg:deb/debian/tzdata@2024b-0%2Bdeb12u1?arch=all\u0026distro=debian-12.8", + "UID": "3a3b46fd2f480cbf" + }, + "Version": "2024b", + "Release": "0+deb12u1", + "Arch": "all", + "SrcName": "tzdata", + "SrcVersion": "2024b", + "SrcRelease": "0+deb12u1", + "Licenses": [ + "public-domain" + ], + "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:efa9d1d5d3a286c60a7261496166fdf31cec2284dafe7eef7cda89eba2f675d6", + "DiffID": "sha256:a80545a98dcd0866ae5eeadc9a28dec703b1e54a01ce8ff245e83f48261fe575" + }, + "InstalledFiles": [ + "/usr/share/doc/tzdata/README.Debian", + "/usr/share/doc/tzdata/changelog.Debian.gz", + "/usr/share/doc/tzdata/changelog.gz", + "/usr/share/doc/tzdata/copyright", + "/usr/share/lintian/overrides/tzdata", + "/usr/share/zoneinfo/Africa/Abidjan", + "/usr/share/zoneinfo/Africa/Accra", + "/usr/share/zoneinfo/Africa/Addis_Ababa", + "/usr/share/zoneinfo/Africa/Algiers", + "/usr/share/zoneinfo/Africa/Asmara", + "/usr/share/zoneinfo/Africa/Bamako", + "/usr/share/zoneinfo/Africa/Bangui", + "/usr/share/zoneinfo/Africa/Banjul", + "/usr/share/zoneinfo/Africa/Bissau", + "/usr/share/zoneinfo/Africa/Blantyre", + "/usr/share/zoneinfo/Africa/Brazzaville", + "/usr/share/zoneinfo/Africa/Bujumbura", + "/usr/share/zoneinfo/Africa/Cairo", + "/usr/share/zoneinfo/Africa/Casablanca", + "/usr/share/zoneinfo/Africa/Ceuta", + "/usr/share/zoneinfo/Africa/Conakry", + "/usr/share/zoneinfo/Africa/Dakar", + "/usr/share/zoneinfo/Africa/Dar_es_Salaam", + "/usr/share/zoneinfo/Africa/Djibouti", + "/usr/share/zoneinfo/Africa/Douala", + "/usr/share/zoneinfo/Africa/El_Aaiun", + "/usr/share/zoneinfo/Africa/Freetown", + "/usr/share/zoneinfo/Africa/Gaborone", + "/usr/share/zoneinfo/Africa/Harare", + "/usr/share/zoneinfo/Africa/Johannesburg", + "/usr/share/zoneinfo/Africa/Juba", + "/usr/share/zoneinfo/Africa/Kampala", + "/usr/share/zoneinfo/Africa/Khartoum", + "/usr/share/zoneinfo/Africa/Kigali", + "/usr/share/zoneinfo/Africa/Kinshasa", + "/usr/share/zoneinfo/Africa/Lagos", + "/usr/share/zoneinfo/Africa/Libreville", + "/usr/share/zoneinfo/Africa/Lome", + "/usr/share/zoneinfo/Africa/Luanda", + "/usr/share/zoneinfo/Africa/Lubumbashi", + "/usr/share/zoneinfo/Africa/Lusaka", + "/usr/share/zoneinfo/Africa/Malabo", + "/usr/share/zoneinfo/Africa/Maputo", + "/usr/share/zoneinfo/Africa/Maseru", + "/usr/share/zoneinfo/Africa/Mbabane", + "/usr/share/zoneinfo/Africa/Mogadishu", + "/usr/share/zoneinfo/Africa/Monrovia", + "/usr/share/zoneinfo/Africa/Nairobi", + "/usr/share/zoneinfo/Africa/Ndjamena", + "/usr/share/zoneinfo/Africa/Niamey", + "/usr/share/zoneinfo/Africa/Nouakchott", + "/usr/share/zoneinfo/Africa/Ouagadougou", + "/usr/share/zoneinfo/Africa/Porto-Novo", + "/usr/share/zoneinfo/Africa/Sao_Tome", + "/usr/share/zoneinfo/Africa/Tripoli", + "/usr/share/zoneinfo/Africa/Tunis", + "/usr/share/zoneinfo/Africa/Windhoek", + "/usr/share/zoneinfo/America/Adak", + "/usr/share/zoneinfo/America/Anchorage", + "/usr/share/zoneinfo/America/Anguilla", + "/usr/share/zoneinfo/America/Antigua", + "/usr/share/zoneinfo/America/Araguaina", + "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", + "/usr/share/zoneinfo/America/Argentina/Catamarca", + "/usr/share/zoneinfo/America/Argentina/Cordoba", + "/usr/share/zoneinfo/America/Argentina/Jujuy", + "/usr/share/zoneinfo/America/Argentina/La_Rioja", + "/usr/share/zoneinfo/America/Argentina/Mendoza", + "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", + "/usr/share/zoneinfo/America/Argentina/Salta", + "/usr/share/zoneinfo/America/Argentina/San_Juan", + "/usr/share/zoneinfo/America/Argentina/San_Luis", + "/usr/share/zoneinfo/America/Argentina/Tucuman", + "/usr/share/zoneinfo/America/Argentina/Ushuaia", + "/usr/share/zoneinfo/America/Aruba", + "/usr/share/zoneinfo/America/Asuncion", + "/usr/share/zoneinfo/America/Atikokan", + "/usr/share/zoneinfo/America/Bahia", + "/usr/share/zoneinfo/America/Bahia_Banderas", + "/usr/share/zoneinfo/America/Barbados", + "/usr/share/zoneinfo/America/Belem", + "/usr/share/zoneinfo/America/Belize", + "/usr/share/zoneinfo/America/Blanc-Sablon", + "/usr/share/zoneinfo/America/Boa_Vista", + "/usr/share/zoneinfo/America/Bogota", + "/usr/share/zoneinfo/America/Boise", + "/usr/share/zoneinfo/America/Cambridge_Bay", + "/usr/share/zoneinfo/America/Campo_Grande", + "/usr/share/zoneinfo/America/Cancun", + "/usr/share/zoneinfo/America/Caracas", + "/usr/share/zoneinfo/America/Cayenne", + "/usr/share/zoneinfo/America/Cayman", + "/usr/share/zoneinfo/America/Chicago", + "/usr/share/zoneinfo/America/Chihuahua", + "/usr/share/zoneinfo/America/Ciudad_Juarez", + "/usr/share/zoneinfo/America/Costa_Rica", + "/usr/share/zoneinfo/America/Creston", + "/usr/share/zoneinfo/America/Cuiaba", + "/usr/share/zoneinfo/America/Curacao", + "/usr/share/zoneinfo/America/Danmarkshavn", + "/usr/share/zoneinfo/America/Dawson", + "/usr/share/zoneinfo/America/Dawson_Creek", + "/usr/share/zoneinfo/America/Denver", + "/usr/share/zoneinfo/America/Detroit", + "/usr/share/zoneinfo/America/Dominica", + "/usr/share/zoneinfo/America/Edmonton", + "/usr/share/zoneinfo/America/Eirunepe", + "/usr/share/zoneinfo/America/El_Salvador", + "/usr/share/zoneinfo/America/Fort_Nelson", + "/usr/share/zoneinfo/America/Fortaleza", + "/usr/share/zoneinfo/America/Glace_Bay", + "/usr/share/zoneinfo/America/Goose_Bay", + "/usr/share/zoneinfo/America/Grand_Turk", + "/usr/share/zoneinfo/America/Grenada", + "/usr/share/zoneinfo/America/Guadeloupe", + "/usr/share/zoneinfo/America/Guatemala", + "/usr/share/zoneinfo/America/Guayaquil", + "/usr/share/zoneinfo/America/Guyana", + "/usr/share/zoneinfo/America/Halifax", + "/usr/share/zoneinfo/America/Havana", + "/usr/share/zoneinfo/America/Hermosillo", + "/usr/share/zoneinfo/America/Indiana/Indianapolis", + "/usr/share/zoneinfo/America/Indiana/Knox", + "/usr/share/zoneinfo/America/Indiana/Marengo", + "/usr/share/zoneinfo/America/Indiana/Petersburg", + "/usr/share/zoneinfo/America/Indiana/Tell_City", + "/usr/share/zoneinfo/America/Indiana/Vevay", + "/usr/share/zoneinfo/America/Indiana/Vincennes", + "/usr/share/zoneinfo/America/Indiana/Winamac", + "/usr/share/zoneinfo/America/Inuvik", + "/usr/share/zoneinfo/America/Iqaluit", + "/usr/share/zoneinfo/America/Jamaica", + "/usr/share/zoneinfo/America/Juneau", + "/usr/share/zoneinfo/America/Kentucky/Louisville", + "/usr/share/zoneinfo/America/Kentucky/Monticello", + "/usr/share/zoneinfo/America/La_Paz", + "/usr/share/zoneinfo/America/Lima", + "/usr/share/zoneinfo/America/Los_Angeles", + "/usr/share/zoneinfo/America/Maceio", + "/usr/share/zoneinfo/America/Managua", + "/usr/share/zoneinfo/America/Manaus", + "/usr/share/zoneinfo/America/Martinique", + "/usr/share/zoneinfo/America/Matamoros", + "/usr/share/zoneinfo/America/Mazatlan", + "/usr/share/zoneinfo/America/Menominee", + "/usr/share/zoneinfo/America/Merida", + "/usr/share/zoneinfo/America/Metlakatla", + "/usr/share/zoneinfo/America/Mexico_City", + "/usr/share/zoneinfo/America/Miquelon", + "/usr/share/zoneinfo/America/Moncton", + "/usr/share/zoneinfo/America/Monterrey", + "/usr/share/zoneinfo/America/Montevideo", + "/usr/share/zoneinfo/America/Montserrat", + "/usr/share/zoneinfo/America/Nassau", + "/usr/share/zoneinfo/America/New_York", + "/usr/share/zoneinfo/America/Nome", + "/usr/share/zoneinfo/America/Noronha", + "/usr/share/zoneinfo/America/North_Dakota/Beulah", + "/usr/share/zoneinfo/America/North_Dakota/Center", + "/usr/share/zoneinfo/America/North_Dakota/New_Salem", + "/usr/share/zoneinfo/America/Nuuk", + "/usr/share/zoneinfo/America/Ojinaga", + "/usr/share/zoneinfo/America/Panama", + "/usr/share/zoneinfo/America/Paramaribo", + "/usr/share/zoneinfo/America/Phoenix", + "/usr/share/zoneinfo/America/Port-au-Prince", + "/usr/share/zoneinfo/America/Port_of_Spain", + "/usr/share/zoneinfo/America/Porto_Velho", + "/usr/share/zoneinfo/America/Puerto_Rico", + "/usr/share/zoneinfo/America/Punta_Arenas", + "/usr/share/zoneinfo/America/Rankin_Inlet", + "/usr/share/zoneinfo/America/Recife", + "/usr/share/zoneinfo/America/Regina", + "/usr/share/zoneinfo/America/Resolute", + "/usr/share/zoneinfo/America/Rio_Branco", + "/usr/share/zoneinfo/America/Santarem", + "/usr/share/zoneinfo/America/Santiago", + "/usr/share/zoneinfo/America/Santo_Domingo", + "/usr/share/zoneinfo/America/Sao_Paulo", + "/usr/share/zoneinfo/America/Scoresbysund", + "/usr/share/zoneinfo/America/Sitka", + "/usr/share/zoneinfo/America/St_Johns", + "/usr/share/zoneinfo/America/St_Kitts", + "/usr/share/zoneinfo/America/St_Lucia", + "/usr/share/zoneinfo/America/St_Thomas", + "/usr/share/zoneinfo/America/St_Vincent", + "/usr/share/zoneinfo/America/Swift_Current", + "/usr/share/zoneinfo/America/Tegucigalpa", + "/usr/share/zoneinfo/America/Thule", + "/usr/share/zoneinfo/America/Tijuana", + "/usr/share/zoneinfo/America/Toronto", + "/usr/share/zoneinfo/America/Tortola", + "/usr/share/zoneinfo/America/Vancouver", + "/usr/share/zoneinfo/America/Whitehorse", + "/usr/share/zoneinfo/America/Winnipeg", + "/usr/share/zoneinfo/America/Yakutat", + "/usr/share/zoneinfo/Antarctica/Casey", + "/usr/share/zoneinfo/Antarctica/Davis", + "/usr/share/zoneinfo/Antarctica/DumontDUrville", + "/usr/share/zoneinfo/Antarctica/Macquarie", + "/usr/share/zoneinfo/Antarctica/Mawson", + "/usr/share/zoneinfo/Antarctica/McMurdo", + "/usr/share/zoneinfo/Antarctica/Palmer", + "/usr/share/zoneinfo/Antarctica/Rothera", + "/usr/share/zoneinfo/Antarctica/Syowa", + "/usr/share/zoneinfo/Antarctica/Troll", + "/usr/share/zoneinfo/Antarctica/Vostok", + "/usr/share/zoneinfo/Asia/Aden", + "/usr/share/zoneinfo/Asia/Almaty", + "/usr/share/zoneinfo/Asia/Amman", + "/usr/share/zoneinfo/Asia/Anadyr", + "/usr/share/zoneinfo/Asia/Aqtau", + "/usr/share/zoneinfo/Asia/Aqtobe", + "/usr/share/zoneinfo/Asia/Ashgabat", + "/usr/share/zoneinfo/Asia/Atyrau", + "/usr/share/zoneinfo/Asia/Baghdad", + "/usr/share/zoneinfo/Asia/Bahrain", + "/usr/share/zoneinfo/Asia/Baku", + "/usr/share/zoneinfo/Asia/Bangkok", + "/usr/share/zoneinfo/Asia/Barnaul", + "/usr/share/zoneinfo/Asia/Beirut", + "/usr/share/zoneinfo/Asia/Bishkek", + "/usr/share/zoneinfo/Asia/Brunei", + "/usr/share/zoneinfo/Asia/Chita", + "/usr/share/zoneinfo/Asia/Colombo", + "/usr/share/zoneinfo/Asia/Damascus", + "/usr/share/zoneinfo/Asia/Dhaka", + "/usr/share/zoneinfo/Asia/Dili", + "/usr/share/zoneinfo/Asia/Dubai", + "/usr/share/zoneinfo/Asia/Dushanbe", + "/usr/share/zoneinfo/Asia/Famagusta", + "/usr/share/zoneinfo/Asia/Gaza", + "/usr/share/zoneinfo/Asia/Hebron", + "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", + "/usr/share/zoneinfo/Asia/Hong_Kong", + "/usr/share/zoneinfo/Asia/Hovd", + "/usr/share/zoneinfo/Asia/Irkutsk", + "/usr/share/zoneinfo/Asia/Jakarta", + "/usr/share/zoneinfo/Asia/Jayapura", + "/usr/share/zoneinfo/Asia/Jerusalem", + "/usr/share/zoneinfo/Asia/Kabul", + "/usr/share/zoneinfo/Asia/Kamchatka", + "/usr/share/zoneinfo/Asia/Karachi", + "/usr/share/zoneinfo/Asia/Kathmandu", + "/usr/share/zoneinfo/Asia/Khandyga", + "/usr/share/zoneinfo/Asia/Kolkata", + "/usr/share/zoneinfo/Asia/Krasnoyarsk", + "/usr/share/zoneinfo/Asia/Kuala_Lumpur", + "/usr/share/zoneinfo/Asia/Kuching", + "/usr/share/zoneinfo/Asia/Kuwait", + "/usr/share/zoneinfo/Asia/Macau", + "/usr/share/zoneinfo/Asia/Magadan", + "/usr/share/zoneinfo/Asia/Makassar", + "/usr/share/zoneinfo/Asia/Manila", + "/usr/share/zoneinfo/Asia/Muscat", + "/usr/share/zoneinfo/Asia/Nicosia", + "/usr/share/zoneinfo/Asia/Novokuznetsk", + "/usr/share/zoneinfo/Asia/Novosibirsk", + "/usr/share/zoneinfo/Asia/Omsk", + "/usr/share/zoneinfo/Asia/Oral", + "/usr/share/zoneinfo/Asia/Phnom_Penh", + "/usr/share/zoneinfo/Asia/Pontianak", + "/usr/share/zoneinfo/Asia/Pyongyang", + "/usr/share/zoneinfo/Asia/Qatar", + "/usr/share/zoneinfo/Asia/Qostanay", + "/usr/share/zoneinfo/Asia/Qyzylorda", + "/usr/share/zoneinfo/Asia/Riyadh", + "/usr/share/zoneinfo/Asia/Sakhalin", + "/usr/share/zoneinfo/Asia/Samarkand", + "/usr/share/zoneinfo/Asia/Seoul", + "/usr/share/zoneinfo/Asia/Shanghai", + "/usr/share/zoneinfo/Asia/Singapore", + "/usr/share/zoneinfo/Asia/Srednekolymsk", + "/usr/share/zoneinfo/Asia/Taipei", + "/usr/share/zoneinfo/Asia/Tashkent", + "/usr/share/zoneinfo/Asia/Tbilisi", + "/usr/share/zoneinfo/Asia/Tehran", + "/usr/share/zoneinfo/Asia/Thimphu", + "/usr/share/zoneinfo/Asia/Tokyo", + "/usr/share/zoneinfo/Asia/Tomsk", + "/usr/share/zoneinfo/Asia/Ulaanbaatar", + "/usr/share/zoneinfo/Asia/Urumqi", + "/usr/share/zoneinfo/Asia/Ust-Nera", + "/usr/share/zoneinfo/Asia/Vientiane", + "/usr/share/zoneinfo/Asia/Vladivostok", + "/usr/share/zoneinfo/Asia/Yakutsk", + "/usr/share/zoneinfo/Asia/Yangon", + "/usr/share/zoneinfo/Asia/Yekaterinburg", + "/usr/share/zoneinfo/Asia/Yerevan", + "/usr/share/zoneinfo/Atlantic/Azores", + "/usr/share/zoneinfo/Atlantic/Bermuda", + "/usr/share/zoneinfo/Atlantic/Canary", + "/usr/share/zoneinfo/Atlantic/Cape_Verde", + "/usr/share/zoneinfo/Atlantic/Faroe", + "/usr/share/zoneinfo/Atlantic/Madeira", + "/usr/share/zoneinfo/Atlantic/Reykjavik", + "/usr/share/zoneinfo/Atlantic/South_Georgia", + "/usr/share/zoneinfo/Atlantic/St_Helena", + "/usr/share/zoneinfo/Atlantic/Stanley", + "/usr/share/zoneinfo/Australia/Adelaide", + "/usr/share/zoneinfo/Australia/Brisbane", + "/usr/share/zoneinfo/Australia/Broken_Hill", + "/usr/share/zoneinfo/Australia/Darwin", + "/usr/share/zoneinfo/Australia/Eucla", + "/usr/share/zoneinfo/Australia/Hobart", + "/usr/share/zoneinfo/Australia/Lindeman", + "/usr/share/zoneinfo/Australia/Lord_Howe", + "/usr/share/zoneinfo/Australia/Melbourne", + "/usr/share/zoneinfo/Australia/Perth", + "/usr/share/zoneinfo/Australia/Sydney", + "/usr/share/zoneinfo/CET", + "/usr/share/zoneinfo/CST6CDT", + "/usr/share/zoneinfo/EET", + "/usr/share/zoneinfo/EST", + "/usr/share/zoneinfo/EST5EDT", + "/usr/share/zoneinfo/Etc/GMT", + "/usr/share/zoneinfo/Etc/GMT+1", + "/usr/share/zoneinfo/Etc/GMT+10", + "/usr/share/zoneinfo/Etc/GMT+11", + "/usr/share/zoneinfo/Etc/GMT+12", + "/usr/share/zoneinfo/Etc/GMT+2", + "/usr/share/zoneinfo/Etc/GMT+3", + "/usr/share/zoneinfo/Etc/GMT+4", + "/usr/share/zoneinfo/Etc/GMT+5", + "/usr/share/zoneinfo/Etc/GMT+6", + "/usr/share/zoneinfo/Etc/GMT+7", + "/usr/share/zoneinfo/Etc/GMT+8", + "/usr/share/zoneinfo/Etc/GMT+9", + "/usr/share/zoneinfo/Etc/GMT-1", + "/usr/share/zoneinfo/Etc/GMT-10", + "/usr/share/zoneinfo/Etc/GMT-11", + "/usr/share/zoneinfo/Etc/GMT-12", + "/usr/share/zoneinfo/Etc/GMT-13", + "/usr/share/zoneinfo/Etc/GMT-14", + "/usr/share/zoneinfo/Etc/GMT-2", + "/usr/share/zoneinfo/Etc/GMT-3", + "/usr/share/zoneinfo/Etc/GMT-4", + "/usr/share/zoneinfo/Etc/GMT-5", + "/usr/share/zoneinfo/Etc/GMT-6", + "/usr/share/zoneinfo/Etc/GMT-7", + "/usr/share/zoneinfo/Etc/GMT-8", + "/usr/share/zoneinfo/Etc/GMT-9", + "/usr/share/zoneinfo/Etc/UTC", + "/usr/share/zoneinfo/Europe/Amsterdam", + "/usr/share/zoneinfo/Europe/Andorra", + "/usr/share/zoneinfo/Europe/Astrakhan", + "/usr/share/zoneinfo/Europe/Athens", + "/usr/share/zoneinfo/Europe/Belgrade", + "/usr/share/zoneinfo/Europe/Berlin", + "/usr/share/zoneinfo/Europe/Brussels", + "/usr/share/zoneinfo/Europe/Bucharest", + "/usr/share/zoneinfo/Europe/Budapest", + "/usr/share/zoneinfo/Europe/Chisinau", + "/usr/share/zoneinfo/Europe/Copenhagen", + "/usr/share/zoneinfo/Europe/Dublin", + "/usr/share/zoneinfo/Europe/Gibraltar", + "/usr/share/zoneinfo/Europe/Guernsey", + "/usr/share/zoneinfo/Europe/Helsinki", + "/usr/share/zoneinfo/Europe/Isle_of_Man", + "/usr/share/zoneinfo/Europe/Istanbul", + "/usr/share/zoneinfo/Europe/Jersey", + "/usr/share/zoneinfo/Europe/Kaliningrad", + "/usr/share/zoneinfo/Europe/Kirov", + "/usr/share/zoneinfo/Europe/Kyiv", + "/usr/share/zoneinfo/Europe/Lisbon", + "/usr/share/zoneinfo/Europe/Ljubljana", + "/usr/share/zoneinfo/Europe/London", + "/usr/share/zoneinfo/Europe/Luxembourg", + "/usr/share/zoneinfo/Europe/Madrid", + "/usr/share/zoneinfo/Europe/Malta", + "/usr/share/zoneinfo/Europe/Minsk", + "/usr/share/zoneinfo/Europe/Monaco", + "/usr/share/zoneinfo/Europe/Moscow", + "/usr/share/zoneinfo/Europe/Oslo", + "/usr/share/zoneinfo/Europe/Paris", + "/usr/share/zoneinfo/Europe/Prague", + "/usr/share/zoneinfo/Europe/Riga", + "/usr/share/zoneinfo/Europe/Rome", + "/usr/share/zoneinfo/Europe/Samara", + "/usr/share/zoneinfo/Europe/Sarajevo", + "/usr/share/zoneinfo/Europe/Saratov", + "/usr/share/zoneinfo/Europe/Simferopol", + "/usr/share/zoneinfo/Europe/Skopje", + "/usr/share/zoneinfo/Europe/Sofia", + "/usr/share/zoneinfo/Europe/Stockholm", + "/usr/share/zoneinfo/Europe/Tallinn", + "/usr/share/zoneinfo/Europe/Tirane", + "/usr/share/zoneinfo/Europe/Ulyanovsk", + "/usr/share/zoneinfo/Europe/Vaduz", + "/usr/share/zoneinfo/Europe/Vienna", + "/usr/share/zoneinfo/Europe/Vilnius", + "/usr/share/zoneinfo/Europe/Volgograd", + "/usr/share/zoneinfo/Europe/Warsaw", + "/usr/share/zoneinfo/Europe/Zagreb", + "/usr/share/zoneinfo/Europe/Zurich", + "/usr/share/zoneinfo/Factory", + "/usr/share/zoneinfo/HST", + "/usr/share/zoneinfo/Indian/Antananarivo", + "/usr/share/zoneinfo/Indian/Chagos", + "/usr/share/zoneinfo/Indian/Christmas", + "/usr/share/zoneinfo/Indian/Cocos", + "/usr/share/zoneinfo/Indian/Comoro", + "/usr/share/zoneinfo/Indian/Kerguelen", + "/usr/share/zoneinfo/Indian/Mahe", + "/usr/share/zoneinfo/Indian/Maldives", + "/usr/share/zoneinfo/Indian/Mauritius", + "/usr/share/zoneinfo/Indian/Mayotte", + "/usr/share/zoneinfo/Indian/Reunion", + "/usr/share/zoneinfo/MET", + "/usr/share/zoneinfo/MST", + "/usr/share/zoneinfo/MST7MDT", + "/usr/share/zoneinfo/PST8PDT", + "/usr/share/zoneinfo/Pacific/Apia", + "/usr/share/zoneinfo/Pacific/Auckland", + "/usr/share/zoneinfo/Pacific/Bougainville", + "/usr/share/zoneinfo/Pacific/Chatham", + "/usr/share/zoneinfo/Pacific/Chuuk", + "/usr/share/zoneinfo/Pacific/Easter", + "/usr/share/zoneinfo/Pacific/Efate", + "/usr/share/zoneinfo/Pacific/Fakaofo", + "/usr/share/zoneinfo/Pacific/Fiji", + "/usr/share/zoneinfo/Pacific/Funafuti", + "/usr/share/zoneinfo/Pacific/Galapagos", + "/usr/share/zoneinfo/Pacific/Gambier", + "/usr/share/zoneinfo/Pacific/Guadalcanal", + "/usr/share/zoneinfo/Pacific/Guam", + "/usr/share/zoneinfo/Pacific/Honolulu", + "/usr/share/zoneinfo/Pacific/Kanton", + "/usr/share/zoneinfo/Pacific/Kiritimati", + "/usr/share/zoneinfo/Pacific/Kosrae", + "/usr/share/zoneinfo/Pacific/Kwajalein", + "/usr/share/zoneinfo/Pacific/Majuro", + "/usr/share/zoneinfo/Pacific/Marquesas", + "/usr/share/zoneinfo/Pacific/Midway", + "/usr/share/zoneinfo/Pacific/Nauru", + "/usr/share/zoneinfo/Pacific/Niue", + "/usr/share/zoneinfo/Pacific/Norfolk", + "/usr/share/zoneinfo/Pacific/Noumea", + "/usr/share/zoneinfo/Pacific/Pago_Pago", + "/usr/share/zoneinfo/Pacific/Palau", + "/usr/share/zoneinfo/Pacific/Pitcairn", + "/usr/share/zoneinfo/Pacific/Pohnpei", + "/usr/share/zoneinfo/Pacific/Port_Moresby", + "/usr/share/zoneinfo/Pacific/Rarotonga", + "/usr/share/zoneinfo/Pacific/Saipan", + "/usr/share/zoneinfo/Pacific/Tahiti", + "/usr/share/zoneinfo/Pacific/Tarawa", + "/usr/share/zoneinfo/Pacific/Tongatapu", + "/usr/share/zoneinfo/Pacific/Wake", + "/usr/share/zoneinfo/Pacific/Wallis", + "/usr/share/zoneinfo/WET", + "/usr/share/zoneinfo/iso3166.tab", + "/usr/share/zoneinfo/leap-seconds.list", + "/usr/share/zoneinfo/leapseconds", + "/usr/share/zoneinfo/right/Africa/Abidjan", + "/usr/share/zoneinfo/right/Africa/Accra", + "/usr/share/zoneinfo/right/Africa/Addis_Ababa", + "/usr/share/zoneinfo/right/Africa/Algiers", + "/usr/share/zoneinfo/right/Africa/Asmara", + "/usr/share/zoneinfo/right/Africa/Bamako", + "/usr/share/zoneinfo/right/Africa/Bangui", + "/usr/share/zoneinfo/right/Africa/Banjul", + "/usr/share/zoneinfo/right/Africa/Bissau", + "/usr/share/zoneinfo/right/Africa/Blantyre", + "/usr/share/zoneinfo/right/Africa/Brazzaville", + "/usr/share/zoneinfo/right/Africa/Bujumbura", + "/usr/share/zoneinfo/right/Africa/Cairo", + "/usr/share/zoneinfo/right/Africa/Casablanca", + "/usr/share/zoneinfo/right/Africa/Ceuta", + "/usr/share/zoneinfo/right/Africa/Conakry", + "/usr/share/zoneinfo/right/Africa/Dakar", + "/usr/share/zoneinfo/right/Africa/Dar_es_Salaam", + "/usr/share/zoneinfo/right/Africa/Djibouti", + "/usr/share/zoneinfo/right/Africa/Douala", + "/usr/share/zoneinfo/right/Africa/El_Aaiun", + "/usr/share/zoneinfo/right/Africa/Freetown", + "/usr/share/zoneinfo/right/Africa/Gaborone", + "/usr/share/zoneinfo/right/Africa/Harare", + "/usr/share/zoneinfo/right/Africa/Johannesburg", + "/usr/share/zoneinfo/right/Africa/Juba", + "/usr/share/zoneinfo/right/Africa/Kampala", + "/usr/share/zoneinfo/right/Africa/Khartoum", + "/usr/share/zoneinfo/right/Africa/Kigali", + "/usr/share/zoneinfo/right/Africa/Kinshasa", + "/usr/share/zoneinfo/right/Africa/Lagos", + "/usr/share/zoneinfo/right/Africa/Libreville", + "/usr/share/zoneinfo/right/Africa/Lome", + "/usr/share/zoneinfo/right/Africa/Luanda", + "/usr/share/zoneinfo/right/Africa/Lubumbashi", + "/usr/share/zoneinfo/right/Africa/Lusaka", + "/usr/share/zoneinfo/right/Africa/Malabo", + "/usr/share/zoneinfo/right/Africa/Maputo", + "/usr/share/zoneinfo/right/Africa/Maseru", + "/usr/share/zoneinfo/right/Africa/Mbabane", + "/usr/share/zoneinfo/right/Africa/Mogadishu", + "/usr/share/zoneinfo/right/Africa/Monrovia", + "/usr/share/zoneinfo/right/Africa/Nairobi", + "/usr/share/zoneinfo/right/Africa/Ndjamena", + "/usr/share/zoneinfo/right/Africa/Niamey", + "/usr/share/zoneinfo/right/Africa/Nouakchott", + "/usr/share/zoneinfo/right/Africa/Ouagadougou", + "/usr/share/zoneinfo/right/Africa/Porto-Novo", + "/usr/share/zoneinfo/right/Africa/Sao_Tome", + "/usr/share/zoneinfo/right/Africa/Tripoli", + "/usr/share/zoneinfo/right/Africa/Tunis", + "/usr/share/zoneinfo/right/Africa/Windhoek", + "/usr/share/zoneinfo/right/America/Adak", + "/usr/share/zoneinfo/right/America/Anchorage", + "/usr/share/zoneinfo/right/America/Anguilla", + "/usr/share/zoneinfo/right/America/Antigua", + "/usr/share/zoneinfo/right/America/Araguaina", + "/usr/share/zoneinfo/right/America/Argentina/Buenos_Aires", + "/usr/share/zoneinfo/right/America/Argentina/Catamarca", + "/usr/share/zoneinfo/right/America/Argentina/Cordoba", + "/usr/share/zoneinfo/right/America/Argentina/Jujuy", + "/usr/share/zoneinfo/right/America/Argentina/La_Rioja", + "/usr/share/zoneinfo/right/America/Argentina/Mendoza", + "/usr/share/zoneinfo/right/America/Argentina/Rio_Gallegos", + "/usr/share/zoneinfo/right/America/Argentina/Salta", + "/usr/share/zoneinfo/right/America/Argentina/San_Juan", + "/usr/share/zoneinfo/right/America/Argentina/San_Luis", + "/usr/share/zoneinfo/right/America/Argentina/Tucuman", + "/usr/share/zoneinfo/right/America/Argentina/Ushuaia", + "/usr/share/zoneinfo/right/America/Aruba", + "/usr/share/zoneinfo/right/America/Asuncion", + "/usr/share/zoneinfo/right/America/Atikokan", + "/usr/share/zoneinfo/right/America/Bahia", + "/usr/share/zoneinfo/right/America/Bahia_Banderas", + "/usr/share/zoneinfo/right/America/Barbados", + "/usr/share/zoneinfo/right/America/Belem", + "/usr/share/zoneinfo/right/America/Belize", + "/usr/share/zoneinfo/right/America/Blanc-Sablon", + "/usr/share/zoneinfo/right/America/Boa_Vista", + "/usr/share/zoneinfo/right/America/Bogota", + "/usr/share/zoneinfo/right/America/Boise", + "/usr/share/zoneinfo/right/America/Cambridge_Bay", + "/usr/share/zoneinfo/right/America/Campo_Grande", + "/usr/share/zoneinfo/right/America/Cancun", + "/usr/share/zoneinfo/right/America/Caracas", + "/usr/share/zoneinfo/right/America/Cayenne", + "/usr/share/zoneinfo/right/America/Cayman", + "/usr/share/zoneinfo/right/America/Chicago", + "/usr/share/zoneinfo/right/America/Chihuahua", + "/usr/share/zoneinfo/right/America/Ciudad_Juarez", + "/usr/share/zoneinfo/right/America/Costa_Rica", + "/usr/share/zoneinfo/right/America/Creston", + "/usr/share/zoneinfo/right/America/Cuiaba", + "/usr/share/zoneinfo/right/America/Curacao", + "/usr/share/zoneinfo/right/America/Danmarkshavn", + "/usr/share/zoneinfo/right/America/Dawson", + "/usr/share/zoneinfo/right/America/Dawson_Creek", + "/usr/share/zoneinfo/right/America/Denver", + "/usr/share/zoneinfo/right/America/Detroit", + "/usr/share/zoneinfo/right/America/Dominica", + "/usr/share/zoneinfo/right/America/Edmonton", + "/usr/share/zoneinfo/right/America/Eirunepe", + "/usr/share/zoneinfo/right/America/El_Salvador", + "/usr/share/zoneinfo/right/America/Fort_Nelson", + "/usr/share/zoneinfo/right/America/Fortaleza", + "/usr/share/zoneinfo/right/America/Glace_Bay", + "/usr/share/zoneinfo/right/America/Goose_Bay", + "/usr/share/zoneinfo/right/America/Grand_Turk", + "/usr/share/zoneinfo/right/America/Grenada", + "/usr/share/zoneinfo/right/America/Guadeloupe", + "/usr/share/zoneinfo/right/America/Guatemala", + "/usr/share/zoneinfo/right/America/Guayaquil", + "/usr/share/zoneinfo/right/America/Guyana", + "/usr/share/zoneinfo/right/America/Halifax", + "/usr/share/zoneinfo/right/America/Havana", + "/usr/share/zoneinfo/right/America/Hermosillo", + "/usr/share/zoneinfo/right/America/Indiana/Indianapolis", + "/usr/share/zoneinfo/right/America/Indiana/Knox", + "/usr/share/zoneinfo/right/America/Indiana/Marengo", + "/usr/share/zoneinfo/right/America/Indiana/Petersburg", + "/usr/share/zoneinfo/right/America/Indiana/Tell_City", + "/usr/share/zoneinfo/right/America/Indiana/Vevay", + "/usr/share/zoneinfo/right/America/Indiana/Vincennes", + "/usr/share/zoneinfo/right/America/Indiana/Winamac", + "/usr/share/zoneinfo/right/America/Inuvik", + "/usr/share/zoneinfo/right/America/Iqaluit", + "/usr/share/zoneinfo/right/America/Jamaica", + "/usr/share/zoneinfo/right/America/Juneau", + "/usr/share/zoneinfo/right/America/Kentucky/Louisville", + "/usr/share/zoneinfo/right/America/Kentucky/Monticello", + "/usr/share/zoneinfo/right/America/La_Paz", + "/usr/share/zoneinfo/right/America/Lima", + "/usr/share/zoneinfo/right/America/Los_Angeles", + "/usr/share/zoneinfo/right/America/Maceio", + "/usr/share/zoneinfo/right/America/Managua", + "/usr/share/zoneinfo/right/America/Manaus", + "/usr/share/zoneinfo/right/America/Martinique", + "/usr/share/zoneinfo/right/America/Matamoros", + "/usr/share/zoneinfo/right/America/Mazatlan", + "/usr/share/zoneinfo/right/America/Menominee", + "/usr/share/zoneinfo/right/America/Merida", + "/usr/share/zoneinfo/right/America/Metlakatla", + "/usr/share/zoneinfo/right/America/Mexico_City", + "/usr/share/zoneinfo/right/America/Miquelon", + "/usr/share/zoneinfo/right/America/Moncton", + "/usr/share/zoneinfo/right/America/Monterrey", + "/usr/share/zoneinfo/right/America/Montevideo", + "/usr/share/zoneinfo/right/America/Montserrat", + "/usr/share/zoneinfo/right/America/Nassau", + "/usr/share/zoneinfo/right/America/New_York", + "/usr/share/zoneinfo/right/America/Nome", + "/usr/share/zoneinfo/right/America/Noronha", + "/usr/share/zoneinfo/right/America/North_Dakota/Beulah", + "/usr/share/zoneinfo/right/America/North_Dakota/Center", + "/usr/share/zoneinfo/right/America/North_Dakota/New_Salem", + "/usr/share/zoneinfo/right/America/Nuuk", + "/usr/share/zoneinfo/right/America/Ojinaga", + "/usr/share/zoneinfo/right/America/Panama", + "/usr/share/zoneinfo/right/America/Paramaribo", + "/usr/share/zoneinfo/right/America/Phoenix", + "/usr/share/zoneinfo/right/America/Port-au-Prince", + "/usr/share/zoneinfo/right/America/Port_of_Spain", + "/usr/share/zoneinfo/right/America/Porto_Velho", + "/usr/share/zoneinfo/right/America/Puerto_Rico", + "/usr/share/zoneinfo/right/America/Punta_Arenas", + "/usr/share/zoneinfo/right/America/Rankin_Inlet", + "/usr/share/zoneinfo/right/America/Recife", + "/usr/share/zoneinfo/right/America/Regina", + "/usr/share/zoneinfo/right/America/Resolute", + "/usr/share/zoneinfo/right/America/Rio_Branco", + "/usr/share/zoneinfo/right/America/Santarem", + "/usr/share/zoneinfo/right/America/Santiago", + "/usr/share/zoneinfo/right/America/Santo_Domingo", + "/usr/share/zoneinfo/right/America/Sao_Paulo", + "/usr/share/zoneinfo/right/America/Scoresbysund", + "/usr/share/zoneinfo/right/America/Sitka", + "/usr/share/zoneinfo/right/America/St_Johns", + "/usr/share/zoneinfo/right/America/St_Kitts", + "/usr/share/zoneinfo/right/America/St_Lucia", + "/usr/share/zoneinfo/right/America/St_Thomas", + "/usr/share/zoneinfo/right/America/St_Vincent", + "/usr/share/zoneinfo/right/America/Swift_Current", + "/usr/share/zoneinfo/right/America/Tegucigalpa", + "/usr/share/zoneinfo/right/America/Thule", + "/usr/share/zoneinfo/right/America/Tijuana", + "/usr/share/zoneinfo/right/America/Toronto", + "/usr/share/zoneinfo/right/America/Tortola", + "/usr/share/zoneinfo/right/America/Vancouver", + "/usr/share/zoneinfo/right/America/Whitehorse", + "/usr/share/zoneinfo/right/America/Winnipeg", + "/usr/share/zoneinfo/right/America/Yakutat", + "/usr/share/zoneinfo/right/Antarctica/Casey", + "/usr/share/zoneinfo/right/Antarctica/Davis", + "/usr/share/zoneinfo/right/Antarctica/DumontDUrville", + "/usr/share/zoneinfo/right/Antarctica/Macquarie", + "/usr/share/zoneinfo/right/Antarctica/Mawson", + "/usr/share/zoneinfo/right/Antarctica/McMurdo", + "/usr/share/zoneinfo/right/Antarctica/Palmer", + "/usr/share/zoneinfo/right/Antarctica/Rothera", + "/usr/share/zoneinfo/right/Antarctica/Syowa", + "/usr/share/zoneinfo/right/Antarctica/Troll", + "/usr/share/zoneinfo/right/Antarctica/Vostok", + "/usr/share/zoneinfo/right/Asia/Aden", + "/usr/share/zoneinfo/right/Asia/Almaty", + "/usr/share/zoneinfo/right/Asia/Amman", + "/usr/share/zoneinfo/right/Asia/Anadyr", + "/usr/share/zoneinfo/right/Asia/Aqtau", + "/usr/share/zoneinfo/right/Asia/Aqtobe", + "/usr/share/zoneinfo/right/Asia/Ashgabat", + "/usr/share/zoneinfo/right/Asia/Atyrau", + "/usr/share/zoneinfo/right/Asia/Baghdad", + "/usr/share/zoneinfo/right/Asia/Bahrain", + "/usr/share/zoneinfo/right/Asia/Baku", + "/usr/share/zoneinfo/right/Asia/Bangkok", + "/usr/share/zoneinfo/right/Asia/Barnaul", + "/usr/share/zoneinfo/right/Asia/Beirut", + "/usr/share/zoneinfo/right/Asia/Bishkek", + "/usr/share/zoneinfo/right/Asia/Brunei", + "/usr/share/zoneinfo/right/Asia/Chita", + "/usr/share/zoneinfo/right/Asia/Colombo", + "/usr/share/zoneinfo/right/Asia/Damascus", + "/usr/share/zoneinfo/right/Asia/Dhaka", + "/usr/share/zoneinfo/right/Asia/Dili", + "/usr/share/zoneinfo/right/Asia/Dubai", + "/usr/share/zoneinfo/right/Asia/Dushanbe", + "/usr/share/zoneinfo/right/Asia/Famagusta", + "/usr/share/zoneinfo/right/Asia/Gaza", + "/usr/share/zoneinfo/right/Asia/Hebron", + "/usr/share/zoneinfo/right/Asia/Ho_Chi_Minh", + "/usr/share/zoneinfo/right/Asia/Hong_Kong", + "/usr/share/zoneinfo/right/Asia/Hovd", + "/usr/share/zoneinfo/right/Asia/Irkutsk", + "/usr/share/zoneinfo/right/Asia/Jakarta", + "/usr/share/zoneinfo/right/Asia/Jayapura", + "/usr/share/zoneinfo/right/Asia/Jerusalem", + "/usr/share/zoneinfo/right/Asia/Kabul", + "/usr/share/zoneinfo/right/Asia/Kamchatka", + "/usr/share/zoneinfo/right/Asia/Karachi", + "/usr/share/zoneinfo/right/Asia/Kathmandu", + "/usr/share/zoneinfo/right/Asia/Khandyga", + "/usr/share/zoneinfo/right/Asia/Kolkata", + "/usr/share/zoneinfo/right/Asia/Krasnoyarsk", + "/usr/share/zoneinfo/right/Asia/Kuala_Lumpur", + "/usr/share/zoneinfo/right/Asia/Kuching", + "/usr/share/zoneinfo/right/Asia/Kuwait", + "/usr/share/zoneinfo/right/Asia/Macau", + "/usr/share/zoneinfo/right/Asia/Magadan", + "/usr/share/zoneinfo/right/Asia/Makassar", + "/usr/share/zoneinfo/right/Asia/Manila", + "/usr/share/zoneinfo/right/Asia/Muscat", + "/usr/share/zoneinfo/right/Asia/Nicosia", + "/usr/share/zoneinfo/right/Asia/Novokuznetsk", + "/usr/share/zoneinfo/right/Asia/Novosibirsk", + "/usr/share/zoneinfo/right/Asia/Omsk", + "/usr/share/zoneinfo/right/Asia/Oral", + "/usr/share/zoneinfo/right/Asia/Phnom_Penh", + "/usr/share/zoneinfo/right/Asia/Pontianak", + "/usr/share/zoneinfo/right/Asia/Pyongyang", + "/usr/share/zoneinfo/right/Asia/Qatar", + "/usr/share/zoneinfo/right/Asia/Qostanay", + "/usr/share/zoneinfo/right/Asia/Qyzylorda", + "/usr/share/zoneinfo/right/Asia/Riyadh", + "/usr/share/zoneinfo/right/Asia/Sakhalin", + "/usr/share/zoneinfo/right/Asia/Samarkand", + "/usr/share/zoneinfo/right/Asia/Seoul", + "/usr/share/zoneinfo/right/Asia/Shanghai", + "/usr/share/zoneinfo/right/Asia/Singapore", + "/usr/share/zoneinfo/right/Asia/Srednekolymsk", + "/usr/share/zoneinfo/right/Asia/Taipei", + "/usr/share/zoneinfo/right/Asia/Tashkent", + "/usr/share/zoneinfo/right/Asia/Tbilisi", + "/usr/share/zoneinfo/right/Asia/Tehran", + "/usr/share/zoneinfo/right/Asia/Thimphu", + "/usr/share/zoneinfo/right/Asia/Tokyo", + "/usr/share/zoneinfo/right/Asia/Tomsk", + "/usr/share/zoneinfo/right/Asia/Ulaanbaatar", + "/usr/share/zoneinfo/right/Asia/Urumqi", + "/usr/share/zoneinfo/right/Asia/Ust-Nera", + "/usr/share/zoneinfo/right/Asia/Vientiane", + "/usr/share/zoneinfo/right/Asia/Vladivostok", + "/usr/share/zoneinfo/right/Asia/Yakutsk", + "/usr/share/zoneinfo/right/Asia/Yangon", + "/usr/share/zoneinfo/right/Asia/Yekaterinburg", + "/usr/share/zoneinfo/right/Asia/Yerevan", + "/usr/share/zoneinfo/right/Atlantic/Azores", + "/usr/share/zoneinfo/right/Atlantic/Bermuda", + "/usr/share/zoneinfo/right/Atlantic/Canary", + "/usr/share/zoneinfo/right/Atlantic/Cape_Verde", + "/usr/share/zoneinfo/right/Atlantic/Faroe", + "/usr/share/zoneinfo/right/Atlantic/Madeira", + "/usr/share/zoneinfo/right/Atlantic/Reykjavik", + "/usr/share/zoneinfo/right/Atlantic/South_Georgia", + "/usr/share/zoneinfo/right/Atlantic/St_Helena", + "/usr/share/zoneinfo/right/Atlantic/Stanley", + "/usr/share/zoneinfo/right/Australia/Adelaide", + "/usr/share/zoneinfo/right/Australia/Brisbane", + "/usr/share/zoneinfo/right/Australia/Broken_Hill", + "/usr/share/zoneinfo/right/Australia/Darwin", + "/usr/share/zoneinfo/right/Australia/Eucla", + "/usr/share/zoneinfo/right/Australia/Hobart", + "/usr/share/zoneinfo/right/Australia/Lindeman", + "/usr/share/zoneinfo/right/Australia/Lord_Howe", + "/usr/share/zoneinfo/right/Australia/Melbourne", + "/usr/share/zoneinfo/right/Australia/Perth", + "/usr/share/zoneinfo/right/Australia/Sydney", + "/usr/share/zoneinfo/right/CET", + "/usr/share/zoneinfo/right/CST6CDT", + "/usr/share/zoneinfo/right/EET", + "/usr/share/zoneinfo/right/EST", + "/usr/share/zoneinfo/right/EST5EDT", + "/usr/share/zoneinfo/right/Etc/GMT", + "/usr/share/zoneinfo/right/Etc/GMT+1", + "/usr/share/zoneinfo/right/Etc/GMT+10", + "/usr/share/zoneinfo/right/Etc/GMT+11", + "/usr/share/zoneinfo/right/Etc/GMT+12", + "/usr/share/zoneinfo/right/Etc/GMT+2", + "/usr/share/zoneinfo/right/Etc/GMT+3", + "/usr/share/zoneinfo/right/Etc/GMT+4", + "/usr/share/zoneinfo/right/Etc/GMT+5", + "/usr/share/zoneinfo/right/Etc/GMT+6", + "/usr/share/zoneinfo/right/Etc/GMT+7", + "/usr/share/zoneinfo/right/Etc/GMT+8", + "/usr/share/zoneinfo/right/Etc/GMT+9", + "/usr/share/zoneinfo/right/Etc/GMT-1", + "/usr/share/zoneinfo/right/Etc/GMT-10", + "/usr/share/zoneinfo/right/Etc/GMT-11", + "/usr/share/zoneinfo/right/Etc/GMT-12", + "/usr/share/zoneinfo/right/Etc/GMT-13", + "/usr/share/zoneinfo/right/Etc/GMT-14", + "/usr/share/zoneinfo/right/Etc/GMT-2", + "/usr/share/zoneinfo/right/Etc/GMT-3", + "/usr/share/zoneinfo/right/Etc/GMT-4", + "/usr/share/zoneinfo/right/Etc/GMT-5", + "/usr/share/zoneinfo/right/Etc/GMT-6", + "/usr/share/zoneinfo/right/Etc/GMT-7", + "/usr/share/zoneinfo/right/Etc/GMT-8", + "/usr/share/zoneinfo/right/Etc/GMT-9", + "/usr/share/zoneinfo/right/Etc/UTC", + "/usr/share/zoneinfo/right/Europe/Amsterdam", + "/usr/share/zoneinfo/right/Europe/Andorra", + "/usr/share/zoneinfo/right/Europe/Astrakhan", + "/usr/share/zoneinfo/right/Europe/Athens", + "/usr/share/zoneinfo/right/Europe/Belgrade", + "/usr/share/zoneinfo/right/Europe/Berlin", + "/usr/share/zoneinfo/right/Europe/Brussels", + "/usr/share/zoneinfo/right/Europe/Bucharest", + "/usr/share/zoneinfo/right/Europe/Budapest", + "/usr/share/zoneinfo/right/Europe/Chisinau", + "/usr/share/zoneinfo/right/Europe/Copenhagen", + "/usr/share/zoneinfo/right/Europe/Dublin", + "/usr/share/zoneinfo/right/Europe/Gibraltar", + "/usr/share/zoneinfo/right/Europe/Guernsey", + "/usr/share/zoneinfo/right/Europe/Helsinki", + "/usr/share/zoneinfo/right/Europe/Isle_of_Man", + "/usr/share/zoneinfo/right/Europe/Istanbul", + "/usr/share/zoneinfo/right/Europe/Jersey", + "/usr/share/zoneinfo/right/Europe/Kaliningrad", + "/usr/share/zoneinfo/right/Europe/Kirov", + "/usr/share/zoneinfo/right/Europe/Kyiv", + "/usr/share/zoneinfo/right/Europe/Lisbon", + "/usr/share/zoneinfo/right/Europe/Ljubljana", + "/usr/share/zoneinfo/right/Europe/London", + "/usr/share/zoneinfo/right/Europe/Luxembourg", + "/usr/share/zoneinfo/right/Europe/Madrid", + "/usr/share/zoneinfo/right/Europe/Malta", + "/usr/share/zoneinfo/right/Europe/Minsk", + "/usr/share/zoneinfo/right/Europe/Monaco", + "/usr/share/zoneinfo/right/Europe/Moscow", + "/usr/share/zoneinfo/right/Europe/Oslo", + "/usr/share/zoneinfo/right/Europe/Paris", + "/usr/share/zoneinfo/right/Europe/Prague", + "/usr/share/zoneinfo/right/Europe/Riga", + "/usr/share/zoneinfo/right/Europe/Rome", + "/usr/share/zoneinfo/right/Europe/Samara", + "/usr/share/zoneinfo/right/Europe/Sarajevo", + "/usr/share/zoneinfo/right/Europe/Saratov", + "/usr/share/zoneinfo/right/Europe/Simferopol", + "/usr/share/zoneinfo/right/Europe/Skopje", + "/usr/share/zoneinfo/right/Europe/Sofia", + "/usr/share/zoneinfo/right/Europe/Stockholm", + "/usr/share/zoneinfo/right/Europe/Tallinn", + "/usr/share/zoneinfo/right/Europe/Tirane", + "/usr/share/zoneinfo/right/Europe/Ulyanovsk", + "/usr/share/zoneinfo/right/Europe/Vaduz", + "/usr/share/zoneinfo/right/Europe/Vienna", + "/usr/share/zoneinfo/right/Europe/Vilnius", + "/usr/share/zoneinfo/right/Europe/Volgograd", + "/usr/share/zoneinfo/right/Europe/Warsaw", + "/usr/share/zoneinfo/right/Europe/Zagreb", + "/usr/share/zoneinfo/right/Europe/Zurich", + "/usr/share/zoneinfo/right/Factory", + "/usr/share/zoneinfo/right/HST", + "/usr/share/zoneinfo/right/Indian/Antananarivo", + "/usr/share/zoneinfo/right/Indian/Chagos", + "/usr/share/zoneinfo/right/Indian/Christmas", + "/usr/share/zoneinfo/right/Indian/Cocos", + "/usr/share/zoneinfo/right/Indian/Comoro", + "/usr/share/zoneinfo/right/Indian/Kerguelen", + "/usr/share/zoneinfo/right/Indian/Mahe", + "/usr/share/zoneinfo/right/Indian/Maldives", + "/usr/share/zoneinfo/right/Indian/Mauritius", + "/usr/share/zoneinfo/right/Indian/Mayotte", + "/usr/share/zoneinfo/right/Indian/Reunion", + "/usr/share/zoneinfo/right/MET", + "/usr/share/zoneinfo/right/MST", + "/usr/share/zoneinfo/right/MST7MDT", + "/usr/share/zoneinfo/right/PST8PDT", + "/usr/share/zoneinfo/right/Pacific/Apia", + "/usr/share/zoneinfo/right/Pacific/Auckland", + "/usr/share/zoneinfo/right/Pacific/Bougainville", + "/usr/share/zoneinfo/right/Pacific/Chatham", + "/usr/share/zoneinfo/right/Pacific/Chuuk", + "/usr/share/zoneinfo/right/Pacific/Easter", + "/usr/share/zoneinfo/right/Pacific/Efate", + "/usr/share/zoneinfo/right/Pacific/Fakaofo", + "/usr/share/zoneinfo/right/Pacific/Fiji", + "/usr/share/zoneinfo/right/Pacific/Funafuti", + "/usr/share/zoneinfo/right/Pacific/Galapagos", + "/usr/share/zoneinfo/right/Pacific/Gambier", + "/usr/share/zoneinfo/right/Pacific/Guadalcanal", + "/usr/share/zoneinfo/right/Pacific/Guam", + "/usr/share/zoneinfo/right/Pacific/Honolulu", + "/usr/share/zoneinfo/right/Pacific/Kanton", + "/usr/share/zoneinfo/right/Pacific/Kiritimati", + "/usr/share/zoneinfo/right/Pacific/Kosrae", + "/usr/share/zoneinfo/right/Pacific/Kwajalein", + "/usr/share/zoneinfo/right/Pacific/Majuro", + "/usr/share/zoneinfo/right/Pacific/Marquesas", + "/usr/share/zoneinfo/right/Pacific/Midway", + "/usr/share/zoneinfo/right/Pacific/Nauru", + "/usr/share/zoneinfo/right/Pacific/Niue", + "/usr/share/zoneinfo/right/Pacific/Norfolk", + "/usr/share/zoneinfo/right/Pacific/Noumea", + "/usr/share/zoneinfo/right/Pacific/Pago_Pago", + "/usr/share/zoneinfo/right/Pacific/Palau", + "/usr/share/zoneinfo/right/Pacific/Pitcairn", + "/usr/share/zoneinfo/right/Pacific/Pohnpei", + "/usr/share/zoneinfo/right/Pacific/Port_Moresby", + "/usr/share/zoneinfo/right/Pacific/Rarotonga", + "/usr/share/zoneinfo/right/Pacific/Saipan", + "/usr/share/zoneinfo/right/Pacific/Tahiti", + "/usr/share/zoneinfo/right/Pacific/Tarawa", + "/usr/share/zoneinfo/right/Pacific/Tongatapu", + "/usr/share/zoneinfo/right/Pacific/Wake", + "/usr/share/zoneinfo/right/Pacific/Wallis", + "/usr/share/zoneinfo/right/WET", + "/usr/share/zoneinfo/tzdata.zi", + "/usr/share/zoneinfo/zone.tab", + "/usr/share/zoneinfo/zone1970.tab" + ], + "AnalyzedBy": "dpkg" + } + ] + }, + { + "Target": "cp-tool", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "stdlib@v1.22.7", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "Version": "v1.22.7", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2025-68121", + "VendorIDs": [ + "GO-2026-4337" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3de90334117941c4e0e32fe0ccd9cdea80fb1e36e712301f5601e902c4c8a9ec", + "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", + "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 4, + "cbl-mariner": 2, + "nvd": 4, + "oracle-oval": 3, + "photon": 4, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-68121", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://github.com/golang/go/issues/77113", + "https://go.dev/cl/737700", + "https://go.dev/issue/77217", + "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-68121.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", + "https://pkg.go.dev/vuln/GO-2026-4337", + "https://www.cve.org/CVERecord?id=CVE-2025-68121" + ], + "PublishedDate": "2026-02-05T18:16:10.857Z", + "LastModifiedDate": "2026-04-29T14:16:16.17Z" + }, + { + "VulnerabilityID": "CVE-2025-61726", + "VendorIDs": [ + "GO-2026-4341" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4b8e942799553284577c1944fcf32858ac4e00abfdc291581c32206dfa96f6e6", + "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", + "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 3, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-61726", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://go.dev/cl/736712", + "https://go.dev/issue/77101", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61726.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", + "https://pkg.go.dev/vuln/GO-2026-4341", + "https://www.cve.org/CVERecord?id=CVE-2025-61726" + ], + "PublishedDate": "2026-01-28T20:16:09.713Z", + "LastModifiedDate": "2026-02-06T18:47:34.52Z" + }, + { + "VulnerabilityID": "CVE-2025-61729", + "VendorIDs": [ + "GO-2025-4155" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f6be3d8de86ce06ad638f9a7c682a609b1d8d906967180cfa09c6ddbc17ec5c0", + "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", + "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 1, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3928", + "https://access.redhat.com/security/cve/CVE-2025-61729", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3928.html", + "https://errata.rockylinux.org/RLSA-2026:3928", + "https://go.dev/cl/725920", + "https://go.dev/issue/76445", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://linux.oracle.com/cve/CVE-2025-61729.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", + "https://pkg.go.dev/vuln/GO-2025-4155", + "https://www.cve.org/CVERecord?id=CVE-2025-61729" + ], + "PublishedDate": "2025-12-02T19:15:51.447Z", + "LastModifiedDate": "2025-12-19T18:25:28.283Z" + }, + { + "VulnerabilityID": "CVE-2026-25679", + "VendorIDs": [ + "GO-2026-4601" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3ad5931e0ac6d48068ce64a63a5f5d9d5674f13aa5d3fd1d8f69f4bbb856bd2f", + "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", + "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-425" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9044", + "https://access.redhat.com/security/cve/CVE-2026-25679", + "https://bugzilla.redhat.com/2445356", + "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", + "https://errata.almalinux.org/9/ALSA-2026-9044.html", + "https://errata.rockylinux.org/RLSA-2026:8841", + "https://go.dev/cl/752180", + "https://go.dev/issue/77578", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://linux.oracle.com/cve/CVE-2026-25679.html", + "https://linux.oracle.com/errata/ELSA-2026-9044.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", + "https://pkg.go.dev/vuln/GO-2026-4601", + "https://www.cve.org/CVERecord?id=CVE-2026-25679" + ], + "PublishedDate": "2026-03-06T22:16:00.72Z", + "LastModifiedDate": "2026-04-21T14:43:03.8Z" + }, + { + "VulnerabilityID": "CVE-2026-32280", + "VendorIDs": [ + "GO-2026-4947" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7663d9825925adef01f87f0f591197a62d9a6297bc4cab77f862509f1154bbe9", + "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", + "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32280", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/758320", + "https://go.dev/issue/78282", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32280.html", + "https://linux.oracle.com/errata/ELSA-2026-16875.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", + "https://pkg.go.dev/vuln/GO-2026-4947", + "https://www.cve.org/CVERecord?id=CVE-2026-32280" + ], + "PublishedDate": "2026-04-08T02:16:03.247Z", + "LastModifiedDate": "2026-04-16T19:16:42.18Z" + }, + { + "VulnerabilityID": "CVE-2026-32281", + "VendorIDs": [ + "GO-2026-4946" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f26a4ca5135f99bbe0efd3f30fd8a476c811351ccf86e56f13c243fcb8d8807c", + "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", + "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32281", + "https://go.dev/cl/758061", + "https://go.dev/issue/78281", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", + "https://pkg.go.dev/vuln/GO-2026-4946", + "https://www.cve.org/CVERecord?id=CVE-2026-32281" + ], + "PublishedDate": "2026-04-08T02:16:03.35Z", + "LastModifiedDate": "2026-04-16T19:15:57.75Z" + }, + { + "VulnerabilityID": "CVE-2026-32283", + "VendorIDs": [ + "GO-2026-4870" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:62b76b8470f2938b2448692ea71fbcfaf801c3c7fcfa549132adf67d64da00b4", + "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", + "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32283", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763767", + "https://go.dev/issue/78334", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32283.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", + "https://pkg.go.dev/vuln/GO-2026-4870", + "https://www.cve.org/CVERecord?id=CVE-2026-32283" + ], + "PublishedDate": "2026-04-08T02:16:03.58Z", + "LastModifiedDate": "2026-04-16T19:12:10.54Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:334a73a3426e5876d709e596f6ead7ac658c0ca51263e59ff0dee15a7373c01c", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:df642f2f9268b59762155433cb3b3199a03bb7d9be9f425fedb3fb44cb70d8ba", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5c8ffdb77e459eeee5d186b8b1132faa14ff1c90edd791280650af959bf99cd6", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:001e6ce2930e28e6acfadab14b2479051a7b92175524ce92382ee7b31b0d5154", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:da548109ba51a5c0dc10abdbe1cc784efc5a2ebced090f6e35768588c220b39c", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2024-45336", + "VendorIDs": [ + "GO-2025-3420" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:fa9314908a82908126a26e7fc576a432fc65adb47b894cef25e489db9a9f0289", + "Title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", + "Description": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:3772", + "https://access.redhat.com/security/cve/CVE-2024-45336", + "https://bugzilla.redhat.com/2341750", + "https://bugzilla.redhat.com/2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.almalinux.org/8/ALSA-2025-3772.html", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/issues/70530", + "https://go.dev/cl/643100", + "https://go.dev/issue/70530", + "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI", + "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", + "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", + "https://linux.oracle.com/cve/CVE-2024-45336.html", + "https://linux.oracle.com/errata/ELSA-2025-7592.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-45336", + "https://pkg.go.dev/vuln/GO-2025-3420", + "https://security.netapp.com/advisory/ntap-20250221-0003/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2024-45336" + ], + "PublishedDate": "2025-01-28T02:15:28.807Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-0913", + "VendorIDs": [ + "GO-2025-3750" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:750abab068ab222c42032a476e32af8d7822157ac352659b8d4c7f874921efbd", + "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", + "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://go.dev/cl/672396", + "https://go.dev/issue/73702", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", + "https://pkg.go.dev/vuln/GO-2025-3750" + ], + "PublishedDate": "2025-06-11T18:15:24.627Z", + "LastModifiedDate": "2025-08-08T14:53:03.55Z" + }, + { + "VulnerabilityID": "CVE-2025-22866", + "VendorIDs": [ + "GO-2025-3447" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:49e89f3195b631abb3efd4fed6d80990b292e6db87eb5c45857593383c1ac409", + "Title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", + "Description": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22866", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12)", + "https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6)", + "https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)", + "https://github.com/golang/go/issues/71383", + "https://go.dev/cl/643735", + "https://go.dev/issue/71383", + "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", + "https://linux.oracle.com/cve/CVE-2025-22866.html", + "https://linux.oracle.com/errata/ELSA-2025-7466.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22866", + "https://pkg.go.dev/vuln/GO-2025-3447", + "https://security.netapp.com/advisory/ntap-20250221-0002/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22866" + ], + "PublishedDate": "2025-02-06T17:15:21.41Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22870", + "VendorIDs": [ + "GHSA-qxp5-gwg8-xv66", + "GO-2025-3503" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.23.7, 1.24.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:94802da85f2cee6023633374364e6b49cc0b0935c7c16828f08ef948676e35f7", + "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", + "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-115" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/03/07/2", + "https://access.redhat.com/security/cve/CVE-2025-22870", + "https://github.com/golang/go/issues/71984", + "https://go-review.googlesource.com/q/project:net", + "https://go.dev/cl/654697", + "https://go.dev/issue/71984", + "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", + "https://pkg.go.dev/vuln/GO-2025-3503", + "https://security.netapp.com/advisory/ntap-20250509-0007", + "https://security.netapp.com/advisory/ntap-20250509-0007/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22870" + ], + "PublishedDate": "2025-03-12T19:15:38.31Z", + "LastModifiedDate": "2026-04-16T23:16:32.86Z" + }, + { + "VulnerabilityID": "CVE-2025-22871", + "VendorIDs": [ + "GO-2025-3563" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.23.8, 1.24.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:85c991b1bcf468d295c7ddcd5ffd5b12c8db1d263ca67a643933eb50d2ac051f", + "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", + "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 3, + "ghsa": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/04/4", + "https://access.redhat.com/errata/RHSA-2025:9635", + "https://access.redhat.com/security/cve/CVE-2025-22871", + "https://bugzilla.redhat.com/2358493", + "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", + "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", + "https://errata.almalinux.org/9/ALSA-2025-9635.html", + "https://errata.rockylinux.org/RLSA-2025:9635", + "https://github.com/roadrunner-server/roadrunner", + "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", + "https://github.com/roadrunner-server/roadrunner/issues/2166", + "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", + "https://go.dev/cl/652998", + "https://go.dev/issue/71988", + "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", + "https://linux.oracle.com/cve/CVE-2025-22871.html", + "https://linux.oracle.com/errata/ELSA-2025-9845.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", + "https://pkg.go.dev/vuln/GO-2025-3563", + "https://www.cve.org/CVERecord?id=CVE-2025-22871" + ], + "PublishedDate": "2025-04-08T20:15:20.183Z", + "LastModifiedDate": "2026-05-12T13:16:39.897Z" + }, + { + "VulnerabilityID": "CVE-2025-22873", + "VendorIDs": [ + "GO-2026-4403" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.23.9, 1.24.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6ec5506ee6ba905178211231040d3b1db5f0870b9eea11f5417118e993f2462a", + "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", + "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-23" + ], + "VendorSeverity": { + "amazon": 2, + "bitnami": 1, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "V3Score": 3.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/06/2", + "https://access.redhat.com/security/cve/CVE-2025-22873", + "https://go.dev/cl/670036", + "https://go.dev/issue/73555", + "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", + "https://pkg.go.dev/vuln/GO-2026-4403", + "https://www.cve.org/CVERecord?id=CVE-2025-22873" + ], + "PublishedDate": "2026-02-04T23:15:54.22Z", + "LastModifiedDate": "2026-02-10T15:16:40.057Z" + }, + { + "VulnerabilityID": "CVE-2025-4673", + "VendorIDs": [ + "GO-2025-3751" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:511fc01cb46c568281565eb167d03b6a3c138f7a9617f456fb060cabe8c88dbe", + "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", + "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:15887", + "https://access.redhat.com/security/cve/CVE-2025-4673", + "https://bugzilla.redhat.com/2373305", + "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", + "https://errata.almalinux.org/9/ALSA-2025-15887.html", + "https://errata.rockylinux.org/RLSA-2025:15887", + "https://go.dev/cl/679257", + "https://go.dev/issue/73816", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://linux.oracle.com/cve/CVE-2025-4673.html", + "https://linux.oracle.com/errata/ELSA-2025-10677.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", + "https://pkg.go.dev/vuln/GO-2025-3751", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-4673" + ], + "PublishedDate": "2025-06-11T17:15:42.993Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-47906", + "VendorIDs": [ + "GO-2025-3956" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c72708901d217b134b57484609bfd62546bdf80682348da7be9cf6dfd544e166", + "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", + "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:22005", + "https://access.redhat.com/security/cve/CVE-2025-47906", + "https://bugzilla.redhat.com/2396546", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", + "https://errata.almalinux.org/9/ALSA-2025-22005.html", + "https://errata.rockylinux.org/RLSA-2025:22005", + "https://go.dev/cl/691775", + "https://go.dev/issue/74466", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47906.html", + "https://linux.oracle.com/errata/ELSA-2025-22668.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", + "https://pkg.go.dev/vuln/GO-2025-3956", + "https://www.cve.org/CVERecord?id=CVE-2025-47906" + ], + "PublishedDate": "2025-09-18T19:15:37.66Z", + "LastModifiedDate": "2026-01-27T19:56:17.707Z" + }, + { + "VulnerabilityID": "CVE-2025-47907", + "VendorIDs": [ + "GO-2025-3849" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5e55f707f307d5384fb2ad1fa65219ab8c56750687ec4ec1c569c09315f824fe", + "Title": "database/sql: Postgres Scan Race Condition", + "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:20909", + "https://access.redhat.com/security/cve/CVE-2025-47907", + "https://bugzilla.redhat.com/2387083", + "https://bugzilla.redhat.com/2393152", + "https://errata.almalinux.org/9/ALSA-2025-20909.html", + "https://go.dev/cl/693735", + "https://go.dev/issue/74831", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47907.html", + "https://linux.oracle.com/errata/ELSA-2025-20983.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", + "https://pkg.go.dev/vuln/GO-2025-3849", + "https://www.cve.org/CVERecord?id=CVE-2025-47907" + ], + "PublishedDate": "2025-08-07T16:15:30.357Z", + "LastModifiedDate": "2026-01-29T19:11:50.67Z" + }, + { + "VulnerabilityID": "CVE-2025-47912", + "VendorIDs": [ + "GO-2025-4010" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:89adf6a57b69a050b57118198d00c65048ed6c551a94d4e3b7449e52f9d8b20d", + "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", + "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-47912", + "https://go.dev/cl/709857", + "https://go.dev/issue/75678", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", + "https://pkg.go.dev/vuln/GO-2025-4010", + "https://www.cve.org/CVERecord?id=CVE-2025-47912" + ], + "PublishedDate": "2025-10-29T23:16:18.187Z", + "LastModifiedDate": "2026-01-29T13:57:18.69Z" + }, + { + "VulnerabilityID": "CVE-2025-58183", + "VendorIDs": [ + "GO-2025-4014" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:41417d34393cb320066c8173341e599973a47611e1424c9dd0e86a67fe0bd1a9", + "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", + "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/errata/RHSA-2026:1381", + "https://access.redhat.com/security/cve/CVE-2025-58183", + "https://bugzilla.redhat.com/2407258", + "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", + "https://errata.almalinux.org/9/ALSA-2026-1381.html", + "https://errata.rockylinux.org/RLSA-2025:23326", + "https://go.dev/cl/709861", + "https://go.dev/issue/75677", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://linux.oracle.com/cve/CVE-2025-58183.html", + "https://linux.oracle.com/errata/ELSA-2026-50076.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", + "https://pkg.go.dev/vuln/GO-2025-4014", + "https://www.cve.org/CVERecord?id=CVE-2025-58183" + ], + "PublishedDate": "2025-10-29T23:16:19.357Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-58185", + "VendorIDs": [ + "GO-2025-4011" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:31889789b7e61a3cb366e33baf28cdb8a3d0607daea8a2fc674ce33b1dc40764", + "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", + "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58185", + "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", + "https://go.dev/cl/709856", + "https://go.dev/issue/75671", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", + "https://pkg.go.dev/vuln/GO-2025-4011", + "https://www.cve.org/CVERecord?id=CVE-2025-58185" + ], + "PublishedDate": "2025-10-29T23:16:19.45Z", + "LastModifiedDate": "2026-02-06T20:26:41.997Z" + }, + { + "VulnerabilityID": "CVE-2025-58187", + "VendorIDs": [ + "GO-2025-4007" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.9, 1.25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d36f0f80bb49565fb4af523ffc748b9f737c8c6a1db4de59e06b861eb5642ba1", + "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", + "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58187", + "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", + "https://go.dev/cl/709854", + "https://go.dev/issue/75681", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", + "https://pkg.go.dev/vuln/GO-2025-4007", + "https://www.cve.org/CVERecord?id=CVE-2025-58187" + ], + "PublishedDate": "2025-10-29T23:16:19.643Z", + "LastModifiedDate": "2026-01-29T16:02:27.08Z" + }, + { + "VulnerabilityID": "CVE-2025-58188", + "VendorIDs": [ + "GO-2025-4013" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6a8b877deae38b96929fabdbd38cad3475ba990604a75be61bc4803b9eb25c20", + "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", + "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58188", + "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", + "https://go.dev/cl/709853", + "https://go.dev/issue/75675", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", + "https://pkg.go.dev/vuln/GO-2025-4013", + "https://www.cve.org/CVERecord?id=CVE-2025-58188" + ], + "PublishedDate": "2025-10-29T23:16:19.74Z", + "LastModifiedDate": "2026-01-29T15:55:11.97Z" + }, + { + "VulnerabilityID": "CVE-2025-58189", + "VendorIDs": [ + "GO-2025-4008" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:da03354f144ff5f02d6f1b2f65f507b39acb91dac2c1410678ea1d442d3fef2a", + "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", + "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-532" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58189", + "https://go.dev/cl/707776", + "https://go.dev/issue/75652", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", + "https://pkg.go.dev/vuln/GO-2025-4008", + "https://www.cve.org/CVERecord?id=CVE-2025-58189" + ], + "PublishedDate": "2025-10-29T23:16:19.833Z", + "LastModifiedDate": "2026-01-29T15:49:24.543Z" + }, + { + "VulnerabilityID": "CVE-2025-61723", + "VendorIDs": [ + "GO-2025-4009" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:39fdc4198eba9b1f7f279dfc843639046bc583d65ca3483b68de134d5c1b3208", + "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", + "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61723", + "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", + "https://go.dev/cl/709858", + "https://go.dev/issue/75676", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", + "https://pkg.go.dev/vuln/GO-2025-4009", + "https://www.cve.org/CVERecord?id=CVE-2025-61723" + ], + "PublishedDate": "2025-10-29T23:16:19.927Z", + "LastModifiedDate": "2026-01-29T15:49:05.343Z" + }, + { + "VulnerabilityID": "CVE-2025-61724", + "VendorIDs": [ + "GO-2025-4015" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:619ffc9abb08fc9f9e4d4be18a4efb148c7bea169035e718a7241b882bf875dc", + "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", + "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61724", + "https://go.dev/cl/709859", + "https://go.dev/issue/75716", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", + "https://pkg.go.dev/vuln/GO-2025-4015", + "https://www.cve.org/CVERecord?id=CVE-2025-61724" + ], + "PublishedDate": "2025-10-29T23:16:20.02Z", + "LastModifiedDate": "2026-01-29T15:30:53.69Z" + }, + { + "VulnerabilityID": "CVE-2025-61725", + "VendorIDs": [ + "GO-2025-4006" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:91dd5e3760ca80b331b1ed79fff4c9549de2f0044e1c4affc69bcf38fbdd105a", + "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", + "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61725", + "https://go.dev/cl/709860", + "https://go.dev/issue/75680", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", + "https://pkg.go.dev/vuln/GO-2025-4006", + "https://www.cve.org/CVERecord?id=CVE-2025-61725" + ], + "PublishedDate": "2025-10-29T23:16:20.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61727", + "VendorIDs": [ + "GO-2025-4175" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:01c2ba90b379c3e0a613fc081e114be945f6a20fd4a417a765494ba1fbe24078", + "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", + "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61727", + "https://go.dev/cl/723900", + "https://go.dev/issue/76442", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", + "https://pkg.go.dev/vuln/GO-2025-4175", + "https://www.cve.org/CVERecord?id=CVE-2025-61727" + ], + "PublishedDate": "2025-12-03T20:16:25.607Z", + "LastModifiedDate": "2025-12-18T20:15:10.957Z" + }, + { + "VulnerabilityID": "CVE-2025-61728", + "VendorIDs": [ + "GO-2026-4342" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ad80bfe990b0ec9586c9d17ecf1016e08bea7015c231679955858bd7ae8d93aa", + "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", + "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/15/4", + "https://access.redhat.com/errata/RHSA-2026:3753", + "https://access.redhat.com/security/cve/CVE-2025-61728", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434431", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3753.html", + "https://errata.rockylinux.org/RLSA-2026:3337", + "https://go.dev/cl/736713", + "https://go.dev/issue/77102", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61728.html", + "https://linux.oracle.com/errata/ELSA-2026-4672.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", + "https://pkg.go.dev/vuln/GO-2026-4342", + "https://www.cve.org/CVERecord?id=CVE-2025-61728" + ], + "PublishedDate": "2026-01-28T20:16:09.83Z", + "LastModifiedDate": "2026-02-06T18:45:10.42Z" + }, + { + "VulnerabilityID": "CVE-2025-61730", + "VendorIDs": [ + "GO-2026-4340" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a3de42a1e102318bca34e9e072b0c1377bf7b9695a79e0974dd79c05fddb8139", + "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", + "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "bitnami": 2, + "cbl-mariner": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61730", + "https://go.dev/cl/724120", + "https://go.dev/issue/76443", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", + "https://pkg.go.dev/vuln/GO-2026-4340", + "https://www.cve.org/CVERecord?id=CVE-2025-61730" + ], + "PublishedDate": "2026-01-28T20:16:09.94Z", + "LastModifiedDate": "2026-02-03T20:36:41.3Z" + }, + { + "VulnerabilityID": "CVE-2026-27142", + "VendorIDs": [ + "GO-2026-4603" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:638f009430de74261068f593c94e4ebd400cd2831c5c1590cac245ce9856bdf5", + "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", + "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27142", + "https://go.dev/cl/752081", + "https://go.dev/issue/77954", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", + "https://pkg.go.dev/vuln/GO-2026-4603", + "https://www.cve.org/CVERecord?id=CVE-2026-27142" + ], + "PublishedDate": "2026-03-06T22:16:01.177Z", + "LastModifiedDate": "2026-04-21T14:30:01.38Z" + }, + { + "VulnerabilityID": "CVE-2026-32282", + "VendorIDs": [ + "GO-2026-4864" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:34ecf63f8cff7598d1615278c4da604692d293414cf79ea6a8f0754c9a36801e", + "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", + "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32282", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763761", + "https://go.dev/issue/78293", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32282.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", + "https://pkg.go.dev/vuln/GO-2026-4864", + "https://www.cve.org/CVERecord?id=CVE-2026-32282" + ], + "PublishedDate": "2026-04-08T02:16:03.467Z", + "LastModifiedDate": "2026-04-16T19:15:39.4Z" + }, + { + "VulnerabilityID": "CVE-2026-32288", + "VendorIDs": [ + "GO-2026-4869" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:995179a41e43804896fce2c131df4302e4bb936e51868c90005e055b75e00bb8", + "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", + "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32288", + "https://go.dev/cl/763766", + "https://go.dev/issue/78301", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", + "https://pkg.go.dev/vuln/GO-2026-4869", + "https://www.cve.org/CVERecord?id=CVE-2026-32288" + ], + "PublishedDate": "2026-04-08T02:16:03.707Z", + "LastModifiedDate": "2026-04-16T19:08:52.24Z" + }, + { + "VulnerabilityID": "CVE-2026-32289", + "VendorIDs": [ + "GO-2026-4865" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:38fd293da161df018af8d3b89f574dc88824335f33742b31a37f10b02ed8a08d", + "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", + "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32289", + "https://go.dev/cl/763762", + "https://go.dev/issue/78331", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", + "https://pkg.go.dev/vuln/GO-2026-4865", + "https://www.cve.org/CVERecord?id=CVE-2026-32289" + ], + "PublishedDate": "2026-04-08T02:16:03.82Z", + "LastModifiedDate": "2026-04-16T19:06:57.367Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:86d288cad13fc333f386231e8a69d85455a034bde636ecaf0945419897a458bf", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8cf30882f6447587edef6f0a9edcfd52af8084d1051213e6412da6479e5e66cf", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "bb56958abc5dab22" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", + "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:66328304fe027ec260b1833d5685fc2ffeb610be0c6117dce57b48b1163cca6b", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + }, + { + "Target": "frr-metrics", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "stdlib@v1.22.7", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "Version": "v1.22.7", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/beorn7/perks@v1.0.1", + "Name": "github.com/beorn7/perks", + "Identifier": { + "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", + "UID": "3f4112e8c62b5170" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cespare/xxhash/v2@v2.3.0", + "Name": "github.com/cespare/xxhash/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0", + "UID": "ec10368b5a43be21" + }, + "Version": "v2.3.0", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "Name": "github.com/davecgh/go-spew", + "Identifier": { + "PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "UID": "6eaf11643eda2698" + }, + "Version": "v1.1.2-0.20180830191138-d8f796af33cc", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/emicklei/go-restful/v3@v3.12.1", + "Name": "github.com/emicklei/go-restful/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/emicklei/go-restful/v3@v3.12.1", + "UID": "7f8756a02d0a521d" + }, + "Version": "v3.12.1", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/evanphx/json-patch/v5@v5.9.0", + "Name": "github.com/evanphx/json-patch/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/evanphx/json-patch/v5@v5.9.0", + "UID": "4c4760f22f6ac60e" + }, + "Version": "v5.9.0", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/fxamacker/cbor/v2@v2.7.0", + "Name": "github.com/fxamacker/cbor/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/fxamacker/cbor/v2@v2.7.0", + "UID": "7c0dcabc9fe2dc" + }, + "Version": "v2.7.0", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-kit/log@v0.2.1", + "Name": "github.com/go-kit/log", + "Identifier": { + "PURL": "pkg:golang/github.com/go-kit/log@v0.2.1", + "UID": "12796a87d4abc695" + }, + "Version": "v0.2.1", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logfmt/logfmt@v0.5.1", + "Name": "github.com/go-logfmt/logfmt", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logfmt/logfmt@v0.5.1", + "UID": "bd9e1c1b4c5554aa" + }, + "Version": "v0.5.1", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/logr@v1.4.2", + "Name": "github.com/go-logr/logr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/logr@v1.4.2", + "UID": "85e3cb4f429909a2" + }, + "Version": "v1.4.2", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/zapr@v1.3.0", + "Name": "github.com/go-logr/zapr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/zapr@v1.3.0", + "UID": "b54546ada330d2ec" + }, + "Version": "v1.3.0", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/jsonpointer@v0.21.0", + "Name": "github.com/go-openapi/jsonpointer", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/jsonpointer@v0.21.0", + "UID": "72db4264218eca2a" + }, + "Version": "v0.21.0", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/jsonreference@v0.21.0", + "Name": "github.com/go-openapi/jsonreference", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/jsonreference@v0.21.0", + "UID": "77c6301ec1642f72" + }, + "Version": "v0.21.0", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag@v0.23.0", + "Name": "github.com/go-openapi/swag", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag@v0.23.0", + "UID": "79bd1d4b2f066d7b" + }, + "Version": "v0.23.0", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gogo/protobuf@v1.3.2", + "Name": "github.com/gogo/protobuf", + "Identifier": { + "PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2", + "UID": "67e0b01bfbbe3dc" + }, + "Version": "v1.3.2", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", + "Name": "github.com/golang/groupcache", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", + "UID": "63ce058a03dce34" + }, + "Version": "v0.0.0-20210331224755-41bb18bfe9da", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/protobuf@v1.5.4", + "Name": "github.com/golang/protobuf", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/protobuf@v1.5.4", + "UID": "b26e0b0a0e24c70e" + }, + "Version": "v1.5.4", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/gnostic-models@v0.6.8", + "Name": "github.com/google/gnostic-models", + "Identifier": { + "PURL": "pkg:golang/github.com/google/gnostic-models@v0.6.8", + "UID": "a6774857156882c2" + }, + "Version": "v0.6.8", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/go-cmp@v0.6.0", + "Name": "github.com/google/go-cmp", + "Identifier": { + "PURL": "pkg:golang/github.com/google/go-cmp@v0.6.0", + "UID": "954cdf1aa78855a8" + }, + "Version": "v0.6.0", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/gofuzz@v1.2.0", + "Name": "github.com/google/gofuzz", + "Identifier": { + "PURL": "pkg:golang/github.com/google/gofuzz@v1.2.0", + "UID": "98d23cf8b0539bb" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/uuid@v1.6.0", + "Name": "github.com/google/uuid", + "Identifier": { + "PURL": "pkg:golang/github.com/google/uuid@v1.6.0", + "UID": "b77ff0ce3237b67a" + }, + "Version": "v1.6.0", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/imdario/mergo@v0.3.16", + "Name": "github.com/imdario/mergo", + "Identifier": { + "PURL": "pkg:golang/github.com/imdario/mergo@v0.3.16", + "UID": "8e6aa5c346d3a5b4" + }, + "Version": "v0.3.16", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/josharian/intern@v1.0.0", + "Name": "github.com/josharian/intern", + "Identifier": { + "PURL": "pkg:golang/github.com/josharian/intern@v1.0.0", + "UID": "987ad9ce1e4abec" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/json-iterator/go@v1.1.12", + "Name": "github.com/json-iterator/go", + "Identifier": { + "PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12", + "UID": "c684ac70896d0b08" + }, + "Version": "v1.1.12", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mailru/easyjson@v0.7.7", + "Name": "github.com/mailru/easyjson", + "Identifier": { + "PURL": "pkg:golang/github.com/mailru/easyjson@v0.7.7", + "UID": "45c5c1511bfff204" + }, + "Version": "v0.7.7", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mikioh/ipaddr@v0.0.0-20190404000644-d465c8ab6721", + "Name": "github.com/mikioh/ipaddr", + "Identifier": { + "PURL": "pkg:golang/github.com/mikioh/ipaddr@v0.0.0-20190404000644-d465c8ab6721", + "UID": "2eea64a2c23f2ff4" + }, + "Version": "v0.0.0-20190404000644-d465c8ab6721", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "Name": "github.com/modern-go/concurrent", + "Identifier": { + "PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "UID": "95b42a31f1582eee" + }, + "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/modern-go/reflect2@v1.0.2", + "Name": "github.com/modern-go/reflect2", + "Identifier": { + "PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.2", + "UID": "fec19c7be7edd982" + }, + "Version": "v1.0.2", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "Name": "github.com/munnerz/goautoneg", + "Identifier": { + "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "UID": "8bbe8fe7a984b484" + }, + "Version": "v0.0.0-20191010083416-a7dc8b61c822", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pkg/errors@v0.9.1", + "Name": "github.com/pkg/errors", + "Identifier": { + "PURL": "pkg:golang/github.com/pkg/errors@v0.9.1", + "UID": "6b2a37f55e7cf71e" + }, + "Version": "v0.9.1", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_golang@v1.19.1", + "Name": "github.com/prometheus/client_golang", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.19.1", + "UID": "d10b93dcbd5765c" + }, + "Version": "v1.19.1", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_model@v0.6.1", + "Name": "github.com/prometheus/client_model", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_model@v0.6.1", + "UID": "27f8813ce576e52a" + }, + "Version": "v0.6.1", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/common@v0.55.0", + "Name": "github.com/prometheus/common", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/common@v0.55.0", + "UID": "c15341a93fbdf6f5" + }, + "Version": "v0.55.0", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/procfs@v0.15.1", + "Name": "github.com/prometheus/procfs", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/procfs@v0.15.1", + "UID": "2eadfe2f2968ad41" + }, + "Version": "v0.15.1", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/pflag@v1.0.5", + "Name": "github.com/spf13/pflag", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.5", + "UID": "3ca738efa6547118" + }, + "Version": "v1.0.5", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/x448/float16@v0.8.4", + "Name": "github.com/x448/float16", + "Identifier": { + "PURL": "pkg:golang/github.com/x448/float16@v0.8.4", + "UID": "b258dc21f3c9908a" + }, + "Version": "v0.8.4", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/multierr@v1.11.0", + "Name": "go.uber.org/multierr", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/multierr@v1.11.0", + "UID": "4f3a0a33979b08c4" + }, + "Version": "v1.11.0", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/zap@v1.27.0", + "Name": "go.uber.org/zap", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/zap@v1.27.0", + "UID": "714deacd573d510e" + }, + "Version": "v1.27.0", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.universe.tf/metallb", + "Name": "go.universe.tf/metallb", + "Identifier": { + "PURL": "pkg:golang/go.universe.tf/metallb", + "UID": "90200d942f588ebe" + }, + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/exp@v0.0.0-20240719175910-8a7402abbf56", + "Name": "golang.org/x/exp", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/exp@v0.0.0-20240719175910-8a7402abbf56", + "UID": "98ec82c538996e06" + }, + "Version": "v0.0.0-20240719175910-8a7402abbf56", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/net@v0.30.0", + "Name": "golang.org/x/net", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.30.0", + "UID": "c18e934b6f916ed6" + }, + "Version": "v0.30.0", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/oauth2@v0.21.0", + "Name": "golang.org/x/oauth2", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/oauth2@v0.21.0", + "UID": "2e16bfc11bde4a59" + }, + "Version": "v0.21.0", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sys@v0.26.0", + "Name": "golang.org/x/sys", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sys@v0.26.0", + "UID": "206d608b323ee0b9" + }, + "Version": "v0.26.0", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/term@v0.25.0", + "Name": "golang.org/x/term", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/term@v0.25.0", + "UID": "9fa6eb70c1184c26" + }, + "Version": "v0.25.0", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/text@v0.19.0", + "Name": "golang.org/x/text", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/text@v0.19.0", + "UID": "55ea6b0bf0211f1b" + }, + "Version": "v0.19.0", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/time@v0.5.0", + "Name": "golang.org/x/time", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/time@v0.5.0", + "UID": "e83ec802d68af88" + }, + "Version": "v0.5.0", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gomodules.xyz/jsonpatch/v2@v2.4.0", + "Name": "gomodules.xyz/jsonpatch/v2", + "Identifier": { + "PURL": "pkg:golang/gomodules.xyz/jsonpatch/v2@v2.4.0", + "UID": "7392231f771e2fa2" + }, + "Version": "v2.4.0", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/protobuf@v1.35.1", + "Name": "google.golang.org/protobuf", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/protobuf@v1.35.1", + "UID": "e7909224d64a9cfa" + }, + "Version": "v1.35.1", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/inf.v0@v0.9.1", + "Name": "gopkg.in/inf.v0", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/inf.v0@v0.9.1", + "UID": "4b572ab72110163e" + }, + "Version": "v0.9.1", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v2@v2.4.0", + "Name": "gopkg.in/yaml.v2", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", + "UID": "36c1c06ad9298730" + }, + "Version": "v2.4.0", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v3@v3.0.1", + "Name": "gopkg.in/yaml.v3", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", + "UID": "594d55702ac05688" + }, + "Version": "v3.0.1", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/api@v0.31.4", + "Name": "k8s.io/api", + "Identifier": { + "PURL": "pkg:golang/k8s.io/api@v0.31.4", + "UID": "dbf41b6530a0dfd8" + }, + "Version": "v0.31.4", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/apiextensions-apiserver@v0.31.1", + "Name": "k8s.io/apiextensions-apiserver", + "Identifier": { + "PURL": "pkg:golang/k8s.io/apiextensions-apiserver@v0.31.1", + "UID": "b467bfdf9a61da5f" + }, + "Version": "v0.31.1", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/apimachinery@v0.31.4", + "Name": "k8s.io/apimachinery", + "Identifier": { + "PURL": "pkg:golang/k8s.io/apimachinery@v0.31.4", + "UID": "df12b7dc65971aee" + }, + "Version": "v0.31.4", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/client-go@v0.31.4", + "Name": "k8s.io/client-go", + "Identifier": { + "PURL": "pkg:golang/k8s.io/client-go@v0.31.4", + "UID": "145c981cd0b47579" + }, + "Version": "v0.31.4", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/klog@v1.0.0", + "Name": "k8s.io/klog", + "Identifier": { + "PURL": "pkg:golang/k8s.io/klog@v1.0.0", + "UID": "ee15ce60faf56dcc" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/klog/v2@v2.130.1", + "Name": "k8s.io/klog/v2", + "Identifier": { + "PURL": "pkg:golang/k8s.io/klog/v2@v2.130.1", + "UID": "3ef017b4c32a3e10" + }, + "Version": "v2.130.1", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/kube-openapi@v0.0.0-20240521193020-835d969ad83a", + "Name": "k8s.io/kube-openapi", + "Identifier": { + "PURL": "pkg:golang/k8s.io/kube-openapi@v0.0.0-20240521193020-835d969ad83a", + "UID": "cb9b8838969ba85" + }, + "Version": "v0.0.0-20240521193020-835d969ad83a", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/utils@v0.0.0-20240711033017-18e509b52bc8", + "Name": "k8s.io/utils", + "Identifier": { + "PURL": "pkg:golang/k8s.io/utils@v0.0.0-20240711033017-18e509b52bc8", + "UID": "f93bfbac62194d9b" + }, + "Version": "v0.0.0-20240711033017-18e509b52bc8", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/controller-runtime@v0.19.3", + "Name": "sigs.k8s.io/controller-runtime", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/controller-runtime@v0.19.3", + "UID": "8ca34ba914911295" + }, + "Version": "v0.19.3", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", + "Name": "sigs.k8s.io/json", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", + "UID": "23b88bcc9ee297df" + }, + "Version": "v0.0.0-20221116044647-bc3834ca7abd", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/structured-merge-diff/v4@v4.4.1", + "Name": "sigs.k8s.io/structured-merge-diff/v4", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/structured-merge-diff/v4@v4.4.1", + "UID": "1b70600b48e83e33" + }, + "Version": "v4.4.1", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/yaml@v1.4.0", + "Name": "sigs.k8s.io/yaml", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/yaml@v1.4.0", + "UID": "24f0db3636d27d36" + }, + "Version": "v1.4.0", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2025-22870", + "VendorIDs": [ + "GHSA-qxp5-gwg8-xv66" + ], + "PkgID": "golang.org/x/net@v0.30.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.30.0", + "UID": "c18e934b6f916ed6" + }, + "InstalledVersion": "v0.30.0", + "FixedVersion": "0.36.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:7e228cf2dcbbb75a585e4a248fabf15ac0ab3d36aefe8924beb6fd5f1b5ae0f2", + "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", + "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-115" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/03/07/2", + "https://access.redhat.com/security/cve/CVE-2025-22870", + "https://github.com/golang/go/issues/71984", + "https://go-review.googlesource.com/q/project:net", + "https://go.dev/cl/654697", + "https://go.dev/issue/71984", + "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", + "https://pkg.go.dev/vuln/GO-2025-3503", + "https://security.netapp.com/advisory/ntap-20250509-0007", + "https://security.netapp.com/advisory/ntap-20250509-0007/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22870" + ], + "PublishedDate": "2025-03-12T19:15:38.31Z", + "LastModifiedDate": "2026-04-16T23:16:32.86Z" + }, + { + "VulnerabilityID": "CVE-2025-22872", + "VendorIDs": [ + "GHSA-vvgc-356p-c3xw" + ], + "PkgID": "golang.org/x/net@v0.30.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.30.0", + "UID": "c18e934b6f916ed6" + }, + "InstalledVersion": "v0.30.0", + "FixedVersion": "0.38.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:2ec0e3c34bf87edfce636c6787d0e3f322dc3b95c57eddcced91e411036fcdbb", + "Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net", + "Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", + "V40Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22872", + "https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9", + "https://github.com/advisories/GHSA-vvgc-356p-c3xw", + "https://go.dev/cl/662715", + "https://go.dev/issue/73070", + "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22872", + "https://pkg.go.dev/vuln/GO-2025-3595", + "https://security.netapp.com/advisory/ntap-20250516-0007", + "https://security.netapp.com/advisory/ntap-20250516-0007/", + "https://ubuntu.com/security/notices/USN-8089-1", + "https://ubuntu.com/security/notices/USN-8089-2", + "https://ubuntu.com/security/notices/USN-8089-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22872" + ], + "PublishedDate": "2025-04-16T18:16:04.183Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22868", + "VendorIDs": [ + "GHSA-6v2p-p543-phr9" + ], + "PkgID": "golang.org/x/oauth2@v0.21.0", + "PkgName": "golang.org/x/oauth2", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/oauth2@v0.21.0", + "UID": "2e16bfc11bde4a59" + }, + "InstalledVersion": "v0.21.0", + "FixedVersion": "0.27.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22868", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:9e0826ac7420bb2f977db7ba6a08dcd443fd9d97febba66e9b022c59fc207968", + "Title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws", + "Description": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1286" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2347423", + "https://bugzilla.redhat.com/show_bug.cgi?id=2348366", + "https://bugzilla.redhat.com/show_bug.cgi?id=2352914", + "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22868", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27144", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29786", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204", + "https://errata.rockylinux.org/RLSA-2025:7479", + "https://go.dev/cl/652155", + "https://go.dev/issue/71490", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22868", + "https://pkg.go.dev/vuln/GO-2025-3488", + "https://www.cve.org/CVERecord?id=CVE-2025-22868" + ], + "PublishedDate": "2025-02-26T08:14:24.897Z", + "LastModifiedDate": "2025-05-01T19:27:10.43Z" + }, + { + "VulnerabilityID": "CVE-2025-68121", + "VendorIDs": [ + "GO-2026-4337" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c1beccf80a968726ce1d868ed98b65a1ff95562a2760b23bd1de7f00db659320", + "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", + "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 4, + "cbl-mariner": 2, + "nvd": 4, + "oracle-oval": 3, + "photon": 4, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-68121", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://github.com/golang/go/issues/77113", + "https://go.dev/cl/737700", + "https://go.dev/issue/77217", + "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-68121.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", + "https://pkg.go.dev/vuln/GO-2026-4337", + "https://www.cve.org/CVERecord?id=CVE-2025-68121" + ], + "PublishedDate": "2026-02-05T18:16:10.857Z", + "LastModifiedDate": "2026-04-29T14:16:16.17Z" + }, + { + "VulnerabilityID": "CVE-2025-61726", + "VendorIDs": [ + "GO-2026-4341" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4062270fe341e2220e7bf1299935d2f90045cbb8667059cddf88e4dcab357872", + "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", + "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 3, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-61726", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://go.dev/cl/736712", + "https://go.dev/issue/77101", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61726.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", + "https://pkg.go.dev/vuln/GO-2026-4341", + "https://www.cve.org/CVERecord?id=CVE-2025-61726" + ], + "PublishedDate": "2026-01-28T20:16:09.713Z", + "LastModifiedDate": "2026-02-06T18:47:34.52Z" + }, + { + "VulnerabilityID": "CVE-2025-61729", + "VendorIDs": [ + "GO-2025-4155" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6e1e9ca78ce1c6998a0ab391325c343e6024dcefa2706436e669957a8044d522", + "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", + "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 1, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3928", + "https://access.redhat.com/security/cve/CVE-2025-61729", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3928.html", + "https://errata.rockylinux.org/RLSA-2026:3928", + "https://go.dev/cl/725920", + "https://go.dev/issue/76445", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://linux.oracle.com/cve/CVE-2025-61729.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", + "https://pkg.go.dev/vuln/GO-2025-4155", + "https://www.cve.org/CVERecord?id=CVE-2025-61729" + ], + "PublishedDate": "2025-12-02T19:15:51.447Z", + "LastModifiedDate": "2025-12-19T18:25:28.283Z" + }, + { + "VulnerabilityID": "CVE-2026-25679", + "VendorIDs": [ + "GO-2026-4601" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4b6e5df62405ee110ea66edf148348c9e625c55bfdd98b76f5233c0c19f2c169", + "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", + "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-425" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9044", + "https://access.redhat.com/security/cve/CVE-2026-25679", + "https://bugzilla.redhat.com/2445356", + "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", + "https://errata.almalinux.org/9/ALSA-2026-9044.html", + "https://errata.rockylinux.org/RLSA-2026:8841", + "https://go.dev/cl/752180", + "https://go.dev/issue/77578", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://linux.oracle.com/cve/CVE-2026-25679.html", + "https://linux.oracle.com/errata/ELSA-2026-9044.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", + "https://pkg.go.dev/vuln/GO-2026-4601", + "https://www.cve.org/CVERecord?id=CVE-2026-25679" + ], + "PublishedDate": "2026-03-06T22:16:00.72Z", + "LastModifiedDate": "2026-04-21T14:43:03.8Z" + }, + { + "VulnerabilityID": "CVE-2026-32280", + "VendorIDs": [ + "GO-2026-4947" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:352243f34386be0af1e12f7aee5dd6353882d34b70db16f0b7f4416b07126627", + "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", + "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32280", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/758320", + "https://go.dev/issue/78282", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32280.html", + "https://linux.oracle.com/errata/ELSA-2026-16875.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", + "https://pkg.go.dev/vuln/GO-2026-4947", + "https://www.cve.org/CVERecord?id=CVE-2026-32280" + ], + "PublishedDate": "2026-04-08T02:16:03.247Z", + "LastModifiedDate": "2026-04-16T19:16:42.18Z" + }, + { + "VulnerabilityID": "CVE-2026-32281", + "VendorIDs": [ + "GO-2026-4946" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:789997cfcf9dcf77dc556e55a02c6bd73ec9c9e4a97f33708f4ed961e6e828df", + "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", + "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32281", + "https://go.dev/cl/758061", + "https://go.dev/issue/78281", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", + "https://pkg.go.dev/vuln/GO-2026-4946", + "https://www.cve.org/CVERecord?id=CVE-2026-32281" + ], + "PublishedDate": "2026-04-08T02:16:03.35Z", + "LastModifiedDate": "2026-04-16T19:15:57.75Z" + }, + { + "VulnerabilityID": "CVE-2026-32283", + "VendorIDs": [ + "GO-2026-4870" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d51f6d5c759ae7f858c27d1e29103977e6e0b195ba2ac66e17512e03780b701f", + "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", + "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32283", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763767", + "https://go.dev/issue/78334", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32283.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", + "https://pkg.go.dev/vuln/GO-2026-4870", + "https://www.cve.org/CVERecord?id=CVE-2026-32283" + ], + "PublishedDate": "2026-04-08T02:16:03.58Z", + "LastModifiedDate": "2026-04-16T19:12:10.54Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:de131786c68a22bb248c107a6aa94cc6eafd3616b0b8eced5951522d51f8e6d2", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4c72d350e73b6f28fc317c221bb4300d0579f8e61b7a75a9d0f88280b1ad63d4", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ea4efcda40185d3171a991421d4c5afb3533698be37ffd477d3e3a97c4c86202", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ba1ed0e7d0cb04aedc71aadb5551520d8dd06e9ffbea61f93e018663c674ce3d", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:180b3b5b96d266cb5b04626f43fc3eac98e3ce4627d8ae69fd20ecb1c593e750", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2024-45336", + "VendorIDs": [ + "GO-2025-3420" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:dbf092dfbf846c0472c6a9d12182a9a538b168fb5826e31ba02311a7b6c6d099", + "Title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", + "Description": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:3772", + "https://access.redhat.com/security/cve/CVE-2024-45336", + "https://bugzilla.redhat.com/2341750", + "https://bugzilla.redhat.com/2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.almalinux.org/8/ALSA-2025-3772.html", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/issues/70530", + "https://go.dev/cl/643100", + "https://go.dev/issue/70530", + "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI", + "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", + "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", + "https://linux.oracle.com/cve/CVE-2024-45336.html", + "https://linux.oracle.com/errata/ELSA-2025-7592.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-45336", + "https://pkg.go.dev/vuln/GO-2025-3420", + "https://security.netapp.com/advisory/ntap-20250221-0003/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2024-45336" + ], + "PublishedDate": "2025-01-28T02:15:28.807Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-0913", + "VendorIDs": [ + "GO-2025-3750" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:0a40b5a4a5c38c75d67d14fb682c3b9e498f89261b9e6da522b7d429dbb1cb2a", + "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", + "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://go.dev/cl/672396", + "https://go.dev/issue/73702", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", + "https://pkg.go.dev/vuln/GO-2025-3750" + ], + "PublishedDate": "2025-06-11T18:15:24.627Z", + "LastModifiedDate": "2025-08-08T14:53:03.55Z" + }, + { + "VulnerabilityID": "CVE-2025-22866", + "VendorIDs": [ + "GO-2025-3447" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9890e5bb778fbcba2fcfc6f20c92a1af807f088ff8a3dfdd5b71353e65075be4", + "Title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", + "Description": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22866", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12)", + "https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6)", + "https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)", + "https://github.com/golang/go/issues/71383", + "https://go.dev/cl/643735", + "https://go.dev/issue/71383", + "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", + "https://linux.oracle.com/cve/CVE-2025-22866.html", + "https://linux.oracle.com/errata/ELSA-2025-7466.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22866", + "https://pkg.go.dev/vuln/GO-2025-3447", + "https://security.netapp.com/advisory/ntap-20250221-0002/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22866" + ], + "PublishedDate": "2025-02-06T17:15:21.41Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22870", + "VendorIDs": [ + "GHSA-qxp5-gwg8-xv66", + "GO-2025-3503" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.23.7, 1.24.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ee259276a1387526d41833edf0688ee799e602e38174ace6b3f95b97cbc6a030", + "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", + "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-115" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/03/07/2", + "https://access.redhat.com/security/cve/CVE-2025-22870", + "https://github.com/golang/go/issues/71984", + "https://go-review.googlesource.com/q/project:net", + "https://go.dev/cl/654697", + "https://go.dev/issue/71984", + "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", + "https://pkg.go.dev/vuln/GO-2025-3503", + "https://security.netapp.com/advisory/ntap-20250509-0007", + "https://security.netapp.com/advisory/ntap-20250509-0007/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22870" + ], + "PublishedDate": "2025-03-12T19:15:38.31Z", + "LastModifiedDate": "2026-04-16T23:16:32.86Z" + }, + { + "VulnerabilityID": "CVE-2025-22871", + "VendorIDs": [ + "GO-2025-3563" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.23.8, 1.24.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:027f4cd1d3edf70c44b7fd080dc53ab56be01b92582cf8c3a46b597fe69fb357", + "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", + "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 3, + "ghsa": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/04/4", + "https://access.redhat.com/errata/RHSA-2025:9635", + "https://access.redhat.com/security/cve/CVE-2025-22871", + "https://bugzilla.redhat.com/2358493", + "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", + "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", + "https://errata.almalinux.org/9/ALSA-2025-9635.html", + "https://errata.rockylinux.org/RLSA-2025:9635", + "https://github.com/roadrunner-server/roadrunner", + "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", + "https://github.com/roadrunner-server/roadrunner/issues/2166", + "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", + "https://go.dev/cl/652998", + "https://go.dev/issue/71988", + "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", + "https://linux.oracle.com/cve/CVE-2025-22871.html", + "https://linux.oracle.com/errata/ELSA-2025-9845.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", + "https://pkg.go.dev/vuln/GO-2025-3563", + "https://www.cve.org/CVERecord?id=CVE-2025-22871" + ], + "PublishedDate": "2025-04-08T20:15:20.183Z", + "LastModifiedDate": "2026-05-12T13:16:39.897Z" + }, + { + "VulnerabilityID": "CVE-2025-22873", + "VendorIDs": [ + "GO-2026-4403" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.23.9, 1.24.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:63d7c37ab1ca068b569a68d53e4c01c533cf0c907f880d47d5db387dd3aa9982", + "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", + "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-23" + ], + "VendorSeverity": { + "amazon": 2, + "bitnami": 1, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "V3Score": 3.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/06/2", + "https://access.redhat.com/security/cve/CVE-2025-22873", + "https://go.dev/cl/670036", + "https://go.dev/issue/73555", + "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", + "https://pkg.go.dev/vuln/GO-2026-4403", + "https://www.cve.org/CVERecord?id=CVE-2025-22873" + ], + "PublishedDate": "2026-02-04T23:15:54.22Z", + "LastModifiedDate": "2026-02-10T15:16:40.057Z" + }, + { + "VulnerabilityID": "CVE-2025-4673", + "VendorIDs": [ + "GO-2025-3751" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c65787f3c82fd4c377c9eb41ade9af1d14c2c3fb9c194cd8d5cc73478cf1c65c", + "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", + "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:15887", + "https://access.redhat.com/security/cve/CVE-2025-4673", + "https://bugzilla.redhat.com/2373305", + "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", + "https://errata.almalinux.org/9/ALSA-2025-15887.html", + "https://errata.rockylinux.org/RLSA-2025:15887", + "https://go.dev/cl/679257", + "https://go.dev/issue/73816", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://linux.oracle.com/cve/CVE-2025-4673.html", + "https://linux.oracle.com/errata/ELSA-2025-10677.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", + "https://pkg.go.dev/vuln/GO-2025-3751", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-4673" + ], + "PublishedDate": "2025-06-11T17:15:42.993Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-47906", + "VendorIDs": [ + "GO-2025-3956" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3070ff5ee6fcba4ec7ad21151468127927b05e15fdfa7f908b95bcd29349d520", + "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", + "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:22005", + "https://access.redhat.com/security/cve/CVE-2025-47906", + "https://bugzilla.redhat.com/2396546", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", + "https://errata.almalinux.org/9/ALSA-2025-22005.html", + "https://errata.rockylinux.org/RLSA-2025:22005", + "https://go.dev/cl/691775", + "https://go.dev/issue/74466", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47906.html", + "https://linux.oracle.com/errata/ELSA-2025-22668.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", + "https://pkg.go.dev/vuln/GO-2025-3956", + "https://www.cve.org/CVERecord?id=CVE-2025-47906" + ], + "PublishedDate": "2025-09-18T19:15:37.66Z", + "LastModifiedDate": "2026-01-27T19:56:17.707Z" + }, + { + "VulnerabilityID": "CVE-2025-47907", + "VendorIDs": [ + "GO-2025-3849" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c53bc24f2f2415aa76306b2bd7d9d7919d157e0f931bcc8c3ce243b8fcf7ef14", + "Title": "database/sql: Postgres Scan Race Condition", + "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:20909", + "https://access.redhat.com/security/cve/CVE-2025-47907", + "https://bugzilla.redhat.com/2387083", + "https://bugzilla.redhat.com/2393152", + "https://errata.almalinux.org/9/ALSA-2025-20909.html", + "https://go.dev/cl/693735", + "https://go.dev/issue/74831", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47907.html", + "https://linux.oracle.com/errata/ELSA-2025-20983.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", + "https://pkg.go.dev/vuln/GO-2025-3849", + "https://www.cve.org/CVERecord?id=CVE-2025-47907" + ], + "PublishedDate": "2025-08-07T16:15:30.357Z", + "LastModifiedDate": "2026-01-29T19:11:50.67Z" + }, + { + "VulnerabilityID": "CVE-2025-47912", + "VendorIDs": [ + "GO-2025-4010" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f6863c65c6019e17b8b8182cc903d9d32b641ff0664b43dce295d0f2c4bbabe4", + "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", + "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-47912", + "https://go.dev/cl/709857", + "https://go.dev/issue/75678", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", + "https://pkg.go.dev/vuln/GO-2025-4010", + "https://www.cve.org/CVERecord?id=CVE-2025-47912" + ], + "PublishedDate": "2025-10-29T23:16:18.187Z", + "LastModifiedDate": "2026-01-29T13:57:18.69Z" + }, + { + "VulnerabilityID": "CVE-2025-58183", + "VendorIDs": [ + "GO-2025-4014" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:825e95904783b55fdf82dd72717367da8562d7ed91f8e81a7aaf57cfef572b32", + "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", + "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/errata/RHSA-2026:1381", + "https://access.redhat.com/security/cve/CVE-2025-58183", + "https://bugzilla.redhat.com/2407258", + "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", + "https://errata.almalinux.org/9/ALSA-2026-1381.html", + "https://errata.rockylinux.org/RLSA-2025:23326", + "https://go.dev/cl/709861", + "https://go.dev/issue/75677", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://linux.oracle.com/cve/CVE-2025-58183.html", + "https://linux.oracle.com/errata/ELSA-2026-50076.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", + "https://pkg.go.dev/vuln/GO-2025-4014", + "https://www.cve.org/CVERecord?id=CVE-2025-58183" + ], + "PublishedDate": "2025-10-29T23:16:19.357Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-58185", + "VendorIDs": [ + "GO-2025-4011" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a26e21bce6b6f8099db776391f028efc17782dd97006b823d167938de16b69d1", + "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", + "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58185", + "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", + "https://go.dev/cl/709856", + "https://go.dev/issue/75671", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", + "https://pkg.go.dev/vuln/GO-2025-4011", + "https://www.cve.org/CVERecord?id=CVE-2025-58185" + ], + "PublishedDate": "2025-10-29T23:16:19.45Z", + "LastModifiedDate": "2026-02-06T20:26:41.997Z" + }, + { + "VulnerabilityID": "CVE-2025-58187", + "VendorIDs": [ + "GO-2025-4007" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.9, 1.25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b7d82423a809c9441e690f9b82dd917902196c1d4782945056acd2b76862f327", + "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", + "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58187", + "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", + "https://go.dev/cl/709854", + "https://go.dev/issue/75681", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", + "https://pkg.go.dev/vuln/GO-2025-4007", + "https://www.cve.org/CVERecord?id=CVE-2025-58187" + ], + "PublishedDate": "2025-10-29T23:16:19.643Z", + "LastModifiedDate": "2026-01-29T16:02:27.08Z" + }, + { + "VulnerabilityID": "CVE-2025-58188", + "VendorIDs": [ + "GO-2025-4013" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2fe77d2013ad31e9d3ad044b5dfd873cf02193076e4a750089e6a0f4ded19f92", + "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", + "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58188", + "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", + "https://go.dev/cl/709853", + "https://go.dev/issue/75675", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", + "https://pkg.go.dev/vuln/GO-2025-4013", + "https://www.cve.org/CVERecord?id=CVE-2025-58188" + ], + "PublishedDate": "2025-10-29T23:16:19.74Z", + "LastModifiedDate": "2026-01-29T15:55:11.97Z" + }, + { + "VulnerabilityID": "CVE-2025-58189", + "VendorIDs": [ + "GO-2025-4008" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b9fc084d08e657ef0e5a478f2cbe25be08ea7e3f0031a1a90d9aeedf22002068", + "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", + "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-532" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58189", + "https://go.dev/cl/707776", + "https://go.dev/issue/75652", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", + "https://pkg.go.dev/vuln/GO-2025-4008", + "https://www.cve.org/CVERecord?id=CVE-2025-58189" + ], + "PublishedDate": "2025-10-29T23:16:19.833Z", + "LastModifiedDate": "2026-01-29T15:49:24.543Z" + }, + { + "VulnerabilityID": "CVE-2025-61723", + "VendorIDs": [ + "GO-2025-4009" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ceb0a7d5c3b64357db65c8869a9af6d4b9af3a370f54482d24b43a5551b67ee8", + "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", + "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61723", + "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", + "https://go.dev/cl/709858", + "https://go.dev/issue/75676", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", + "https://pkg.go.dev/vuln/GO-2025-4009", + "https://www.cve.org/CVERecord?id=CVE-2025-61723" + ], + "PublishedDate": "2025-10-29T23:16:19.927Z", + "LastModifiedDate": "2026-01-29T15:49:05.343Z" + }, + { + "VulnerabilityID": "CVE-2025-61724", + "VendorIDs": [ + "GO-2025-4015" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:078f79b998b63225dc9f08fd2ac2fc7692e41d99dc380bf4ce14cea115bd0515", + "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", + "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61724", + "https://go.dev/cl/709859", + "https://go.dev/issue/75716", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", + "https://pkg.go.dev/vuln/GO-2025-4015", + "https://www.cve.org/CVERecord?id=CVE-2025-61724" + ], + "PublishedDate": "2025-10-29T23:16:20.02Z", + "LastModifiedDate": "2026-01-29T15:30:53.69Z" + }, + { + "VulnerabilityID": "CVE-2025-61725", + "VendorIDs": [ + "GO-2025-4006" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7bb22380be3ab55a86aaf82b755cea597f4c2d0895ed332f936e877c1fa33cb8", + "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", + "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61725", + "https://go.dev/cl/709860", + "https://go.dev/issue/75680", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", + "https://pkg.go.dev/vuln/GO-2025-4006", + "https://www.cve.org/CVERecord?id=CVE-2025-61725" + ], + "PublishedDate": "2025-10-29T23:16:20.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61727", + "VendorIDs": [ + "GO-2025-4175" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bba295c54174163967e2744ca6e70e34c8bf2e19a45d03b551fce44b26ff493f", + "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", + "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61727", + "https://go.dev/cl/723900", + "https://go.dev/issue/76442", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", + "https://pkg.go.dev/vuln/GO-2025-4175", + "https://www.cve.org/CVERecord?id=CVE-2025-61727" + ], + "PublishedDate": "2025-12-03T20:16:25.607Z", + "LastModifiedDate": "2025-12-18T20:15:10.957Z" + }, + { + "VulnerabilityID": "CVE-2025-61728", + "VendorIDs": [ + "GO-2026-4342" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:10725ecde417e2a07aa13d3d7fd99a51a4c982f8859583ae132880fc1c5ea276", + "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", + "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/15/4", + "https://access.redhat.com/errata/RHSA-2026:3753", + "https://access.redhat.com/security/cve/CVE-2025-61728", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434431", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3753.html", + "https://errata.rockylinux.org/RLSA-2026:3337", + "https://go.dev/cl/736713", + "https://go.dev/issue/77102", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61728.html", + "https://linux.oracle.com/errata/ELSA-2026-4672.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", + "https://pkg.go.dev/vuln/GO-2026-4342", + "https://www.cve.org/CVERecord?id=CVE-2025-61728" + ], + "PublishedDate": "2026-01-28T20:16:09.83Z", + "LastModifiedDate": "2026-02-06T18:45:10.42Z" + }, + { + "VulnerabilityID": "CVE-2025-61730", + "VendorIDs": [ + "GO-2026-4340" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8966ac6fd829389f344fcc68a4bd62349bab662878c0e380b31d25012967d830", + "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", + "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "bitnami": 2, + "cbl-mariner": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61730", + "https://go.dev/cl/724120", + "https://go.dev/issue/76443", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", + "https://pkg.go.dev/vuln/GO-2026-4340", + "https://www.cve.org/CVERecord?id=CVE-2025-61730" + ], + "PublishedDate": "2026-01-28T20:16:09.94Z", + "LastModifiedDate": "2026-02-03T20:36:41.3Z" + }, + { + "VulnerabilityID": "CVE-2026-27142", + "VendorIDs": [ + "GO-2026-4603" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b293c598e4f5c0183d74d791dee54a1a10654cf93839720819bffd2d21861e46", + "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", + "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27142", + "https://go.dev/cl/752081", + "https://go.dev/issue/77954", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", + "https://pkg.go.dev/vuln/GO-2026-4603", + "https://www.cve.org/CVERecord?id=CVE-2026-27142" + ], + "PublishedDate": "2026-03-06T22:16:01.177Z", + "LastModifiedDate": "2026-04-21T14:30:01.38Z" + }, + { + "VulnerabilityID": "CVE-2026-32282", + "VendorIDs": [ + "GO-2026-4864" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5e6edfcfb97ec2ea354b97bd97c19580bc97d17564688cb5d5266b5212a9c379", + "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", + "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32282", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763761", + "https://go.dev/issue/78293", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32282.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", + "https://pkg.go.dev/vuln/GO-2026-4864", + "https://www.cve.org/CVERecord?id=CVE-2026-32282" + ], + "PublishedDate": "2026-04-08T02:16:03.467Z", + "LastModifiedDate": "2026-04-16T19:15:39.4Z" + }, + { + "VulnerabilityID": "CVE-2026-32288", + "VendorIDs": [ + "GO-2026-4869" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:0e746cb410fddcd9f486658f64dc3169b2076672e221eed655f8bde7b51e8ebe", + "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", + "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32288", + "https://go.dev/cl/763766", + "https://go.dev/issue/78301", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", + "https://pkg.go.dev/vuln/GO-2026-4869", + "https://www.cve.org/CVERecord?id=CVE-2026-32288" + ], + "PublishedDate": "2026-04-08T02:16:03.707Z", + "LastModifiedDate": "2026-04-16T19:08:52.24Z" + }, + { + "VulnerabilityID": "CVE-2026-32289", + "VendorIDs": [ + "GO-2026-4865" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f48bd326b753bf5589ed81e9242d182639e3e366713a64a3c47b9d7a630b8a05", + "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", + "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32289", + "https://go.dev/cl/763762", + "https://go.dev/issue/78331", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", + "https://pkg.go.dev/vuln/GO-2026-4865", + "https://www.cve.org/CVERecord?id=CVE-2026-32289" + ], + "PublishedDate": "2026-04-08T02:16:03.82Z", + "LastModifiedDate": "2026-04-16T19:06:57.367Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8447fa2a7e3830dc56c2ceceb2f8526fb4d65b382071afd5a4423b84323a179c", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ff99b9ef454863921152770cefe9fd857cbdd953170e5343a7dea62aef4ba615", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "e7c76fb91746ebdb" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", + "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1755360c1aa3da8bff66435cf700d1f977c962f4d5b6bc5f3aca6a00e86db57d", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + }, + { + "Target": "speaker", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "go.universe.tf/metallb", + "Name": "go.universe.tf/metallb", + "Identifier": { + "PURL": "pkg:golang/go.universe.tf/metallb", + "UID": "846feac804b4039d" + }, + "Relationship": "root", + "DependsOn": [ + "github.com/armon/go-metrics@v0.3.9", + "github.com/beorn7/perks@v1.0.1", + "github.com/cespare/xxhash/v2@v2.3.0", + "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "github.com/emicklei/go-restful/v3@v3.12.1", + "github.com/evanphx/json-patch/v5@v5.9.0", + "github.com/fxamacker/cbor/v2@v2.7.0", + "github.com/go-kit/log@v0.2.1", + "github.com/go-logfmt/logfmt@v0.5.1", + "github.com/go-logr/logr@v1.4.2", + "github.com/go-logr/zapr@v1.3.0", + "github.com/go-openapi/jsonpointer@v0.21.0", + "github.com/go-openapi/jsonreference@v0.21.0", + "github.com/go-openapi/swag@v0.23.0", + "github.com/gogo/protobuf@v1.3.2", + "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", + "github.com/golang/protobuf@v1.5.4", + "github.com/google/btree@v1.0.1", + "github.com/google/gnostic-models@v0.6.8", + "github.com/google/go-cmp@v0.6.0", + "github.com/google/gofuzz@v1.2.0", + "github.com/google/uuid@v1.6.0", + "github.com/hashicorp/errwrap@v1.0.0", + "github.com/hashicorp/go-immutable-radix@v1.3.1", + "github.com/hashicorp/go-msgpack/v2@v2.1.1", + "github.com/hashicorp/go-multierror@v1.1.0", + "github.com/hashicorp/go-sockaddr@v1.0.0", + "github.com/hashicorp/golang-lru@v0.5.1", + "github.com/hashicorp/memberlist@v0.5.1", + "github.com/imdario/mergo@v0.3.16", + "github.com/josharian/intern@v1.0.0", + "github.com/josharian/native@v1.0.0", + "github.com/json-iterator/go@v1.1.12", + "github.com/mailru/easyjson@v0.7.7", + "github.com/mdlayher/arp@v0.0.0-20220221190821-c37aaafac7f9", + "github.com/mdlayher/ethernet@v0.0.0-20220221185849-529eae5b6118", + "github.com/mdlayher/ndp@v0.0.0-20200602162440-17ab9e3e5567", + "github.com/mdlayher/packet@v1.0.0", + "github.com/mdlayher/socket@v0.2.1", + "github.com/metallb/frr-k8s@v0.0.16", + "github.com/miekg/dns@v1.1.43", + "github.com/mikioh/ipaddr@v0.0.0-20190404000644-d465c8ab6721", + "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "github.com/modern-go/reflect2@v1.0.2", + "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "github.com/open-policy-agent/cert-controller@v0.10.2-0.20240531181455-2649f121ab97", + "github.com/pkg/errors@v0.9.1", + "github.com/prometheus/client_golang@v1.19.1", + "github.com/prometheus/client_model@v0.6.1", + "github.com/prometheus/common@v0.55.0", + "github.com/prometheus/procfs@v0.15.1", + "github.com/sean-/seed@v0.0.0-20170313163322-e2103e2c3529", + "github.com/spf13/pflag@v1.0.5", + "github.com/x448/float16@v0.8.4", + "gitlab.com/golang-commonmark/puny@v0.0.0-20191124015043-9f83538fa04f", + "go.uber.org/atomic@v1.11.0", + "go.uber.org/multierr@v1.11.0", + "go.uber.org/zap@v1.27.0", + "golang.org/x/exp@v0.0.0-20240719175910-8a7402abbf56", + "golang.org/x/net@v0.30.0", + "golang.org/x/oauth2@v0.21.0", + "golang.org/x/sync@v0.8.0", + "golang.org/x/sys@v0.26.0", + "golang.org/x/term@v0.25.0", + "golang.org/x/text@v0.19.0", + "golang.org/x/time@v0.5.0", + "gomodules.xyz/jsonpatch/v2@v2.4.0", + "google.golang.org/protobuf@v1.35.1", + "gopkg.in/inf.v0@v0.9.1", + "gopkg.in/yaml.v2@v2.4.0", + "gopkg.in/yaml.v3@v3.0.1", + "k8s.io/api@v0.31.4", + "k8s.io/apiextensions-apiserver@v0.31.1", + "k8s.io/apimachinery@v0.31.4", + "k8s.io/client-go@v0.31.4", + "k8s.io/klog/v2@v2.130.1", + "k8s.io/klog@v1.0.0", + "k8s.io/kube-openapi@v0.0.0-20240521193020-835d969ad83a", + "k8s.io/utils@v0.0.0-20240711033017-18e509b52bc8", + "sigs.k8s.io/controller-runtime@v0.19.3", + "sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", + "sigs.k8s.io/structured-merge-diff/v4@v4.4.1", + "sigs.k8s.io/yaml@v1.4.0", + "stdlib@v1.22.7" + ], + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "stdlib@v1.22.7", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "Version": "v1.22.7", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/armon/go-metrics@v0.3.9", + "Name": "github.com/armon/go-metrics", + "Identifier": { + "PURL": "pkg:golang/github.com/armon/go-metrics@v0.3.9", + "UID": "ad35c19656d60ddf" + }, + "Version": "v0.3.9", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/beorn7/perks@v1.0.1", + "Name": "github.com/beorn7/perks", + "Identifier": { + "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", + "UID": "ebcec89966eba1c1" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cespare/xxhash/v2@v2.3.0", + "Name": "github.com/cespare/xxhash/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0", + "UID": "c707159f7c2c0754" + }, + "Version": "v2.3.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "Name": "github.com/davecgh/go-spew", + "Identifier": { + "PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "UID": "99e546a5f4c86c65" + }, + "Version": "v1.1.2-0.20180830191138-d8f796af33cc", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/emicklei/go-restful/v3@v3.12.1", + "Name": "github.com/emicklei/go-restful/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/emicklei/go-restful/v3@v3.12.1", + "UID": "4665349f9903af7c" + }, + "Version": "v3.12.1", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/evanphx/json-patch/v5@v5.9.0", + "Name": "github.com/evanphx/json-patch/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/evanphx/json-patch/v5@v5.9.0", + "UID": "f4d0b4210873f34f" + }, + "Version": "v5.9.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/fxamacker/cbor/v2@v2.7.0", + "Name": "github.com/fxamacker/cbor/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/fxamacker/cbor/v2@v2.7.0", + "UID": "c57e8ebf4db985c1" + }, + "Version": "v2.7.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-kit/log@v0.2.1", + "Name": "github.com/go-kit/log", + "Identifier": { + "PURL": "pkg:golang/github.com/go-kit/log@v0.2.1", + "UID": "a171694966ee4bf8" + }, + "Version": "v0.2.1", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logfmt/logfmt@v0.5.1", + "Name": "github.com/go-logfmt/logfmt", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logfmt/logfmt@v0.5.1", + "UID": "b2ce925d846c17e7" + }, + "Version": "v0.5.1", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/logr@v1.4.2", + "Name": "github.com/go-logr/logr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/logr@v1.4.2", + "UID": "6756e1424cc5ac23" + }, + "Version": "v1.4.2", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/zapr@v1.3.0", + "Name": "github.com/go-logr/zapr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/zapr@v1.3.0", + "UID": "39b830a9b442b725" + }, + "Version": "v1.3.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/jsonpointer@v0.21.0", + "Name": "github.com/go-openapi/jsonpointer", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/jsonpointer@v0.21.0", + "UID": "c6e49a2b629fbe5b" + }, + "Version": "v0.21.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/jsonreference@v0.21.0", + "Name": "github.com/go-openapi/jsonreference", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/jsonreference@v0.21.0", + "UID": "9cac29b88c64f6af" + }, + "Version": "v0.21.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag@v0.23.0", + "Name": "github.com/go-openapi/swag", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag@v0.23.0", + "UID": "d119ba8f52cc1fce" + }, + "Version": "v0.23.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gogo/protobuf@v1.3.2", + "Name": "github.com/gogo/protobuf", + "Identifier": { + "PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2", + "UID": "e6091e39c90c45b5" + }, + "Version": "v1.3.2", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", + "Name": "github.com/golang/groupcache", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", + "UID": "b0048ea94d61c289" + }, + "Version": "v0.0.0-20210331224755-41bb18bfe9da", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/protobuf@v1.5.4", + "Name": "github.com/golang/protobuf", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/protobuf@v1.5.4", + "UID": "eb0d87225bff573b" + }, + "Version": "v1.5.4", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/btree@v1.0.1", + "Name": "github.com/google/btree", + "Identifier": { + "PURL": "pkg:golang/github.com/google/btree@v1.0.1", + "UID": "c272a3297801d626" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/gnostic-models@v0.6.8", + "Name": "github.com/google/gnostic-models", + "Identifier": { + "PURL": "pkg:golang/github.com/google/gnostic-models@v0.6.8", + "UID": "98c7beea1782a5b" + }, + "Version": "v0.6.8", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/go-cmp@v0.6.0", + "Name": "github.com/google/go-cmp", + "Identifier": { + "PURL": "pkg:golang/github.com/google/go-cmp@v0.6.0", + "UID": "e4be95a96b5329e9" + }, + "Version": "v0.6.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/gofuzz@v1.2.0", + "Name": "github.com/google/gofuzz", + "Identifier": { + "PURL": "pkg:golang/github.com/google/gofuzz@v1.2.0", + "UID": "7000d8bec1030e9a" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/uuid@v1.6.0", + "Name": "github.com/google/uuid", + "Identifier": { + "PURL": "pkg:golang/github.com/google/uuid@v1.6.0", + "UID": "3ca6bbd5ba55ffb" + }, + "Version": "v1.6.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/errwrap@v1.0.0", + "Name": "github.com/hashicorp/errwrap", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/errwrap@v1.0.0", + "UID": "e91c5ee03d492a28" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-immutable-radix@v1.3.1", + "Name": "github.com/hashicorp/go-immutable-radix", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-immutable-radix@v1.3.1", + "UID": "ae488d8c5f58ab39" + }, + "Version": "v1.3.1", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-msgpack/v2@v2.1.1", + "Name": "github.com/hashicorp/go-msgpack/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-msgpack/v2@v2.1.1", + "UID": "bfcd44526ff3ed48" + }, + "Version": "v2.1.1", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-multierror@v1.1.0", + "Name": "github.com/hashicorp/go-multierror", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-multierror@v1.1.0", + "UID": "95d827c5bedead6b" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-sockaddr@v1.0.0", + "Name": "github.com/hashicorp/go-sockaddr", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-sockaddr@v1.0.0", + "UID": "bdc76ac51a35102a" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/golang-lru@v0.5.1", + "Name": "github.com/hashicorp/golang-lru", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/golang-lru@v0.5.1", + "UID": "5d8a4c4ab5c0856d" + }, + "Version": "v0.5.1", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/memberlist@v0.5.1", + "Name": "github.com/hashicorp/memberlist", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/memberlist@v0.5.1", + "UID": "691be15f0ca56e65" + }, + "Version": "v0.5.1", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/imdario/mergo@v0.3.16", + "Name": "github.com/imdario/mergo", + "Identifier": { + "PURL": "pkg:golang/github.com/imdario/mergo@v0.3.16", + "UID": "69e87650d2ffef25" + }, + "Version": "v0.3.16", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/josharian/intern@v1.0.0", + "Name": "github.com/josharian/intern", + "Identifier": { + "PURL": "pkg:golang/github.com/josharian/intern@v1.0.0", + "UID": "2869f5b358cf2459" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/josharian/native@v1.0.0", + "Name": "github.com/josharian/native", + "Identifier": { + "PURL": "pkg:golang/github.com/josharian/native@v1.0.0", + "UID": "b640a6daf80877ce" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/json-iterator/go@v1.1.12", + "Name": "github.com/json-iterator/go", + "Identifier": { + "PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12", + "UID": "1beec885044e8835" + }, + "Version": "v1.1.12", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mailru/easyjson@v0.7.7", + "Name": "github.com/mailru/easyjson", + "Identifier": { + "PURL": "pkg:golang/github.com/mailru/easyjson@v0.7.7", + "UID": "8dc3bb6fedd177b9" + }, + "Version": "v0.7.7", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mdlayher/arp@v0.0.0-20220221190821-c37aaafac7f9", + "Name": "github.com/mdlayher/arp", + "Identifier": { + "PURL": "pkg:golang/github.com/mdlayher/arp@v0.0.0-20220221190821-c37aaafac7f9", + "UID": "a6d52c57995f670d" + }, + "Version": "v0.0.0-20220221190821-c37aaafac7f9", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mdlayher/ethernet@v0.0.0-20220221185849-529eae5b6118", + "Name": "github.com/mdlayher/ethernet", + "Identifier": { + "PURL": "pkg:golang/github.com/mdlayher/ethernet@v0.0.0-20220221185849-529eae5b6118", + "UID": "95c78005b2df027c" + }, + "Version": "v0.0.0-20220221185849-529eae5b6118", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mdlayher/ndp@v0.0.0-20200602162440-17ab9e3e5567", + "Name": "github.com/mdlayher/ndp", + "Identifier": { + "PURL": "pkg:golang/github.com/mdlayher/ndp@v0.0.0-20200602162440-17ab9e3e5567", + "UID": "fcf03e789d108e0b" + }, + "Version": "v0.0.0-20200602162440-17ab9e3e5567", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mdlayher/packet@v1.0.0", + "Name": "github.com/mdlayher/packet", + "Identifier": { + "PURL": "pkg:golang/github.com/mdlayher/packet@v1.0.0", + "UID": "9c8140fdfe95b84e" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mdlayher/socket@v0.2.1", + "Name": "github.com/mdlayher/socket", + "Identifier": { + "PURL": "pkg:golang/github.com/mdlayher/socket@v0.2.1", + "UID": "9e73233d9723694f" + }, + "Version": "v0.2.1", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/metallb/frr-k8s@v0.0.16", + "Name": "github.com/metallb/frr-k8s", + "Identifier": { + "PURL": "pkg:golang/github.com/metallb/frr-k8s@v0.0.16", + "UID": "220cd0ba1c85be73" + }, + "Version": "v0.0.16", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/miekg/dns@v1.1.43", + "Name": "github.com/miekg/dns", + "Identifier": { + "PURL": "pkg:golang/github.com/miekg/dns@v1.1.43", + "UID": "e7ed3271254d7e76" + }, + "Version": "v1.1.43", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mikioh/ipaddr@v0.0.0-20190404000644-d465c8ab6721", + "Name": "github.com/mikioh/ipaddr", + "Identifier": { + "PURL": "pkg:golang/github.com/mikioh/ipaddr@v0.0.0-20190404000644-d465c8ab6721", + "UID": "14e92593b7c7c1" + }, + "Version": "v0.0.0-20190404000644-d465c8ab6721", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "Name": "github.com/modern-go/concurrent", + "Identifier": { + "PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "UID": "7110fe8532e4ff7f" + }, + "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/modern-go/reflect2@v1.0.2", + "Name": "github.com/modern-go/reflect2", + "Identifier": { + "PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.2", + "UID": "763b77867080cd27" + }, + "Version": "v1.0.2", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "Name": "github.com/munnerz/goautoneg", + "Identifier": { + "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "UID": "404dcadbf5ee3d7d" + }, + "Version": "v0.0.0-20191010083416-a7dc8b61c822", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/open-policy-agent/cert-controller@v0.10.2-0.20240531181455-2649f121ab97", + "Name": "github.com/open-policy-agent/cert-controller", + "Identifier": { + "PURL": "pkg:golang/github.com/open-policy-agent/cert-controller@v0.10.2-0.20240531181455-2649f121ab97", + "UID": "d16c89f0f2be7a07" + }, + "Version": "v0.10.2-0.20240531181455-2649f121ab97", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pkg/errors@v0.9.1", + "Name": "github.com/pkg/errors", + "Identifier": { + "PURL": "pkg:golang/github.com/pkg/errors@v0.9.1", + "UID": "1a584c0a9542b353" + }, + "Version": "v0.9.1", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_golang@v1.19.1", + "Name": "github.com/prometheus/client_golang", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.19.1", + "UID": "5e232bca3c73f671" + }, + "Version": "v1.19.1", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_model@v0.6.1", + "Name": "github.com/prometheus/client_model", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_model@v0.6.1", + "UID": "9aabacfb6b704f2f" + }, + "Version": "v0.6.1", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/common@v0.55.0", + "Name": "github.com/prometheus/common", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/common@v0.55.0", + "UID": "ccfbb9bce77066ac" + }, + "Version": "v0.55.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/procfs@v0.15.1", + "Name": "github.com/prometheus/procfs", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/procfs@v0.15.1", + "UID": "e6023fc832d77bc4" + }, + "Version": "v0.15.1", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/sean-/seed@v0.0.0-20170313163322-e2103e2c3529", + "Name": "github.com/sean-/seed", + "Identifier": { + "PURL": "pkg:golang/github.com/sean-/seed@v0.0.0-20170313163322-e2103e2c3529", + "UID": "4ea27b150cb63770" + }, + "Version": "v0.0.0-20170313163322-e2103e2c3529", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/pflag@v1.0.5", + "Name": "github.com/spf13/pflag", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.5", + "UID": "533af7d5e683a689" + }, + "Version": "v1.0.5", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/x448/float16@v0.8.4", + "Name": "github.com/x448/float16", + "Identifier": { + "PURL": "pkg:golang/github.com/x448/float16@v0.8.4", + "UID": "97b18b10cd7e2073" + }, + "Version": "v0.8.4", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gitlab.com/golang-commonmark/puny@v0.0.0-20191124015043-9f83538fa04f", + "Name": "gitlab.com/golang-commonmark/puny", + "Identifier": { + "PURL": "pkg:golang/gitlab.com/golang-commonmark/puny@v0.0.0-20191124015043-9f83538fa04f", + "UID": "d99e2101a794b9a0" + }, + "Version": "v0.0.0-20191124015043-9f83538fa04f", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/atomic@v1.11.0", + "Name": "go.uber.org/atomic", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/atomic@v1.11.0", + "UID": "664106a99540c098" + }, + "Version": "v1.11.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/multierr@v1.11.0", + "Name": "go.uber.org/multierr", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/multierr@v1.11.0", + "UID": "7e400c34809a2f25" + }, + "Version": "v1.11.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/zap@v1.27.0", + "Name": "go.uber.org/zap", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/zap@v1.27.0", + "UID": "9975bb49143b152f" + }, + "Version": "v1.27.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/exp@v0.0.0-20240719175910-8a7402abbf56", + "Name": "golang.org/x/exp", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/exp@v0.0.0-20240719175910-8a7402abbf56", + "UID": "c129a3056a1b52c7" + }, + "Version": "v0.0.0-20240719175910-8a7402abbf56", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/net@v0.30.0", + "Name": "golang.org/x/net", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.30.0", + "UID": "62560f1af17e4a7" + }, + "Version": "v0.30.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/oauth2@v0.21.0", + "Name": "golang.org/x/oauth2", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/oauth2@v0.21.0", + "UID": "ea72d8a716851a40" + }, + "Version": "v0.21.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sync@v0.8.0", + "Name": "golang.org/x/sync", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sync@v0.8.0", + "UID": "1b75368d1354d3b0" + }, + "Version": "v0.8.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sys@v0.26.0", + "Name": "golang.org/x/sys", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sys@v0.26.0", + "UID": "6d49970dbcf08fd0" + }, + "Version": "v0.26.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/term@v0.25.0", + "Name": "golang.org/x/term", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/term@v0.25.0", + "UID": "3942a48f2b5a7bbf" + }, + "Version": "v0.25.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/text@v0.19.0", + "Name": "golang.org/x/text", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/text@v0.19.0", + "UID": "f31ade4ee6e4a1d2" + }, + "Version": "v0.19.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/time@v0.5.0", + "Name": "golang.org/x/time", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/time@v0.5.0", + "UID": "a07f0543ae051ae9" + }, + "Version": "v0.5.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gomodules.xyz/jsonpatch/v2@v2.4.0", + "Name": "gomodules.xyz/jsonpatch/v2", + "Identifier": { + "PURL": "pkg:golang/gomodules.xyz/jsonpatch/v2@v2.4.0", + "UID": "608bfbe0f5f9c0e7" + }, + "Version": "v2.4.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/protobuf@v1.35.1", + "Name": "google.golang.org/protobuf", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/protobuf@v1.35.1", + "UID": "3ab19043fd0f4fcb" + }, + "Version": "v1.35.1", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/inf.v0@v0.9.1", + "Name": "gopkg.in/inf.v0", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/inf.v0@v0.9.1", + "UID": "aecbe9ff65bd4707" + }, + "Version": "v0.9.1", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v2@v2.4.0", + "Name": "gopkg.in/yaml.v2", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", + "UID": "fe648cf817247a8d" + }, + "Version": "v2.4.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v3@v3.0.1", + "Name": "gopkg.in/yaml.v3", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", + "UID": "57223ab354f48a6d" + }, + "Version": "v3.0.1", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/api@v0.31.4", + "Name": "k8s.io/api", + "Identifier": { + "PURL": "pkg:golang/k8s.io/api@v0.31.4", + "UID": "2ff21172aa1ca469" + }, + "Version": "v0.31.4", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/apiextensions-apiserver@v0.31.1", + "Name": "k8s.io/apiextensions-apiserver", + "Identifier": { + "PURL": "pkg:golang/k8s.io/apiextensions-apiserver@v0.31.1", + "UID": "e3b23220cdf65e8a" + }, + "Version": "v0.31.1", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/apimachinery@v0.31.4", + "Name": "k8s.io/apimachinery", + "Identifier": { + "PURL": "pkg:golang/k8s.io/apimachinery@v0.31.4", + "UID": "37f2c2aa8bfc6817" + }, + "Version": "v0.31.4", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/client-go@v0.31.4", + "Name": "k8s.io/client-go", + "Identifier": { + "PURL": "pkg:golang/k8s.io/client-go@v0.31.4", + "UID": "416d034f5a10c848" + }, + "Version": "v0.31.4", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/klog@v1.0.0", + "Name": "k8s.io/klog", + "Identifier": { + "PURL": "pkg:golang/k8s.io/klog@v1.0.0", + "UID": "17572448ac96bdf1" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/klog/v2@v2.130.1", + "Name": "k8s.io/klog/v2", + "Identifier": { + "PURL": "pkg:golang/k8s.io/klog/v2@v2.130.1", + "UID": "84d1dd02c99f9691" + }, + "Version": "v2.130.1", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/kube-openapi@v0.0.0-20240521193020-835d969ad83a", + "Name": "k8s.io/kube-openapi", + "Identifier": { + "PURL": "pkg:golang/k8s.io/kube-openapi@v0.0.0-20240521193020-835d969ad83a", + "UID": "2cf7784861cba350" + }, + "Version": "v0.0.0-20240521193020-835d969ad83a", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/utils@v0.0.0-20240711033017-18e509b52bc8", + "Name": "k8s.io/utils", + "Identifier": { + "PURL": "pkg:golang/k8s.io/utils@v0.0.0-20240711033017-18e509b52bc8", + "UID": "df70dd6b0a3c58a2" + }, + "Version": "v0.0.0-20240711033017-18e509b52bc8", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/controller-runtime@v0.19.3", + "Name": "sigs.k8s.io/controller-runtime", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/controller-runtime@v0.19.3", + "UID": "7a485c2b64e70780" + }, + "Version": "v0.19.3", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", + "Name": "sigs.k8s.io/json", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", + "UID": "15e184c410ae5656" + }, + "Version": "v0.0.0-20221116044647-bc3834ca7abd", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/structured-merge-diff/v4@v4.4.1", + "Name": "sigs.k8s.io/structured-merge-diff/v4", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/structured-merge-diff/v4@v4.4.1", + "UID": "303719e5681eb34a" + }, + "Version": "v4.4.1", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/yaml@v1.4.0", + "Name": "sigs.k8s.io/yaml", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/yaml@v1.4.0", + "UID": "e13ea9508618b52b" + }, + "Version": "v1.4.0", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2025-22870", + "VendorIDs": [ + "GHSA-qxp5-gwg8-xv66" + ], + "PkgID": "golang.org/x/net@v0.30.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.30.0", + "UID": "62560f1af17e4a7" + }, + "InstalledVersion": "v0.30.0", + "FixedVersion": "0.36.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:18fce90bb5fb3db60d239b37d5648f901740f483b5f5cd2b18f116ee6f23c4c2", + "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", + "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-115" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/03/07/2", + "https://access.redhat.com/security/cve/CVE-2025-22870", + "https://github.com/golang/go/issues/71984", + "https://go-review.googlesource.com/q/project:net", + "https://go.dev/cl/654697", + "https://go.dev/issue/71984", + "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", + "https://pkg.go.dev/vuln/GO-2025-3503", + "https://security.netapp.com/advisory/ntap-20250509-0007", + "https://security.netapp.com/advisory/ntap-20250509-0007/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22870" + ], + "PublishedDate": "2025-03-12T19:15:38.31Z", + "LastModifiedDate": "2026-04-16T23:16:32.86Z" + }, + { + "VulnerabilityID": "CVE-2025-22872", + "VendorIDs": [ + "GHSA-vvgc-356p-c3xw" + ], + "PkgID": "golang.org/x/net@v0.30.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.30.0", + "UID": "62560f1af17e4a7" + }, + "InstalledVersion": "v0.30.0", + "FixedVersion": "0.38.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:4e2f6e53d2f5909cde76a3a4b7ecd4725bfb573a81324e9072002ee2e1f1a5dd", + "Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net", + "Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", + "V40Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22872", + "https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9", + "https://github.com/advisories/GHSA-vvgc-356p-c3xw", + "https://go.dev/cl/662715", + "https://go.dev/issue/73070", + "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22872", + "https://pkg.go.dev/vuln/GO-2025-3595", + "https://security.netapp.com/advisory/ntap-20250516-0007", + "https://security.netapp.com/advisory/ntap-20250516-0007/", + "https://ubuntu.com/security/notices/USN-8089-1", + "https://ubuntu.com/security/notices/USN-8089-2", + "https://ubuntu.com/security/notices/USN-8089-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22872" + ], + "PublishedDate": "2025-04-16T18:16:04.183Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22868", + "VendorIDs": [ + "GHSA-6v2p-p543-phr9" + ], + "PkgID": "golang.org/x/oauth2@v0.21.0", + "PkgName": "golang.org/x/oauth2", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/oauth2@v0.21.0", + "UID": "ea72d8a716851a40" + }, + "InstalledVersion": "v0.21.0", + "FixedVersion": "0.27.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22868", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:aa19e3ea355d54b30a375e6b0a9b7cc03ad580e02c411484b7c4351901b02850", + "Title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws", + "Description": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1286" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2347423", + "https://bugzilla.redhat.com/show_bug.cgi?id=2348366", + "https://bugzilla.redhat.com/show_bug.cgi?id=2352914", + "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22868", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27144", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29786", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204", + "https://errata.rockylinux.org/RLSA-2025:7479", + "https://go.dev/cl/652155", + "https://go.dev/issue/71490", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22868", + "https://pkg.go.dev/vuln/GO-2025-3488", + "https://www.cve.org/CVERecord?id=CVE-2025-22868" + ], + "PublishedDate": "2025-02-26T08:14:24.897Z", + "LastModifiedDate": "2025-05-01T19:27:10.43Z" + }, + { + "VulnerabilityID": "CVE-2025-68121", + "VendorIDs": [ + "GO-2026-4337" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ed7b2e1a9bdedff04bf6a466f8d4fa9be8f3f92c7821970cd5ee9a5f579fbb22", + "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", + "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 4, + "cbl-mariner": 2, + "nvd": 4, + "oracle-oval": 3, + "photon": 4, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-68121", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://github.com/golang/go/issues/77113", + "https://go.dev/cl/737700", + "https://go.dev/issue/77217", + "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-68121.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", + "https://pkg.go.dev/vuln/GO-2026-4337", + "https://www.cve.org/CVERecord?id=CVE-2025-68121" + ], + "PublishedDate": "2026-02-05T18:16:10.857Z", + "LastModifiedDate": "2026-04-29T14:16:16.17Z" + }, + { + "VulnerabilityID": "CVE-2025-61726", + "VendorIDs": [ + "GO-2026-4341" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1a7ff5deace5f405c9e72af926adb02663ab9e4693e6058a819073e8d8a22683", + "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", + "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 3, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-61726", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://go.dev/cl/736712", + "https://go.dev/issue/77101", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61726.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", + "https://pkg.go.dev/vuln/GO-2026-4341", + "https://www.cve.org/CVERecord?id=CVE-2025-61726" + ], + "PublishedDate": "2026-01-28T20:16:09.713Z", + "LastModifiedDate": "2026-02-06T18:47:34.52Z" + }, + { + "VulnerabilityID": "CVE-2025-61729", + "VendorIDs": [ + "GO-2025-4155" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:cea3ad9ddd1aa9d5a09392da01769f7517a0b09419c5c632fc78a8c657622852", + "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", + "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 1, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3928", + "https://access.redhat.com/security/cve/CVE-2025-61729", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3928.html", + "https://errata.rockylinux.org/RLSA-2026:3928", + "https://go.dev/cl/725920", + "https://go.dev/issue/76445", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://linux.oracle.com/cve/CVE-2025-61729.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", + "https://pkg.go.dev/vuln/GO-2025-4155", + "https://www.cve.org/CVERecord?id=CVE-2025-61729" + ], + "PublishedDate": "2025-12-02T19:15:51.447Z", + "LastModifiedDate": "2025-12-19T18:25:28.283Z" + }, + { + "VulnerabilityID": "CVE-2026-25679", + "VendorIDs": [ + "GO-2026-4601" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a6f4c23f55339cd6ce0a0e09b52c8c33ddbee9ddb003a1ba5927cb098f3c8530", + "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", + "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-425" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9044", + "https://access.redhat.com/security/cve/CVE-2026-25679", + "https://bugzilla.redhat.com/2445356", + "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", + "https://errata.almalinux.org/9/ALSA-2026-9044.html", + "https://errata.rockylinux.org/RLSA-2026:8841", + "https://go.dev/cl/752180", + "https://go.dev/issue/77578", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://linux.oracle.com/cve/CVE-2026-25679.html", + "https://linux.oracle.com/errata/ELSA-2026-9044.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", + "https://pkg.go.dev/vuln/GO-2026-4601", + "https://www.cve.org/CVERecord?id=CVE-2026-25679" + ], + "PublishedDate": "2026-03-06T22:16:00.72Z", + "LastModifiedDate": "2026-04-21T14:43:03.8Z" + }, + { + "VulnerabilityID": "CVE-2026-32280", + "VendorIDs": [ + "GO-2026-4947" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b628b03eb6f10bfe73230086ec654d75afe29dc5dff589b30fe1e61c465d17a4", + "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", + "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32280", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/758320", + "https://go.dev/issue/78282", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32280.html", + "https://linux.oracle.com/errata/ELSA-2026-16875.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", + "https://pkg.go.dev/vuln/GO-2026-4947", + "https://www.cve.org/CVERecord?id=CVE-2026-32280" + ], + "PublishedDate": "2026-04-08T02:16:03.247Z", + "LastModifiedDate": "2026-04-16T19:16:42.18Z" + }, + { + "VulnerabilityID": "CVE-2026-32281", + "VendorIDs": [ + "GO-2026-4946" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:40a91455408edd29079df701a51e0eab4ada8ef1d753afaa21a2299c2495744c", + "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", + "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32281", + "https://go.dev/cl/758061", + "https://go.dev/issue/78281", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", + "https://pkg.go.dev/vuln/GO-2026-4946", + "https://www.cve.org/CVERecord?id=CVE-2026-32281" + ], + "PublishedDate": "2026-04-08T02:16:03.35Z", + "LastModifiedDate": "2026-04-16T19:15:57.75Z" + }, + { + "VulnerabilityID": "CVE-2026-32283", + "VendorIDs": [ + "GO-2026-4870" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d5b74b3f6dbd2141d7fbd2d3a4fdeece096e19a98e4dd251fe3709b95fb9687a", + "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", + "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32283", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763767", + "https://go.dev/issue/78334", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32283.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", + "https://pkg.go.dev/vuln/GO-2026-4870", + "https://www.cve.org/CVERecord?id=CVE-2026-32283" + ], + "PublishedDate": "2026-04-08T02:16:03.58Z", + "LastModifiedDate": "2026-04-16T19:12:10.54Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:57dc868b1c860c0aae298e0656c4ba6be8a3d9c7a0b56ec1ddd2f9f4b101452c", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:96d8e419e8054cfa8c7723477aa16e2ddb9705ca8ba85c2455d16e6fd6609c4c", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ad2b5a38c1e64253f6fbd883a1ff5266b7180a5db94eacb98b465b13b4dfbe17", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d306a1bef8c3609b28ce7963a1e4c82ed6e80337f4e0ebe9be6dad0d04991764", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2cbb060e729cfc979f83fc19d9748cfaf97537814a14b59bae99398508c8936b", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2024-45336", + "VendorIDs": [ + "GO-2025-3420" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9f56dff53196874fed2e12906d1ca3924373744db38ed097da1b8acda60611c8", + "Title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", + "Description": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:3772", + "https://access.redhat.com/security/cve/CVE-2024-45336", + "https://bugzilla.redhat.com/2341750", + "https://bugzilla.redhat.com/2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.almalinux.org/8/ALSA-2025-3772.html", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/issues/70530", + "https://go.dev/cl/643100", + "https://go.dev/issue/70530", + "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI", + "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", + "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", + "https://linux.oracle.com/cve/CVE-2024-45336.html", + "https://linux.oracle.com/errata/ELSA-2025-7592.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-45336", + "https://pkg.go.dev/vuln/GO-2025-3420", + "https://security.netapp.com/advisory/ntap-20250221-0003/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2024-45336" + ], + "PublishedDate": "2025-01-28T02:15:28.807Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-0913", + "VendorIDs": [ + "GO-2025-3750" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6481f0d806780b7b2caebfa029af68e9e80a73b5ac722f04608bc2294a434353", + "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", + "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://go.dev/cl/672396", + "https://go.dev/issue/73702", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", + "https://pkg.go.dev/vuln/GO-2025-3750" + ], + "PublishedDate": "2025-06-11T18:15:24.627Z", + "LastModifiedDate": "2025-08-08T14:53:03.55Z" + }, + { + "VulnerabilityID": "CVE-2025-22866", + "VendorIDs": [ + "GO-2025-3447" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5f3ee0a3ece6d9afb820ac6bbc5622d597e748b9c4b67dbecc157f29d2184071", + "Title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", + "Description": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22866", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12)", + "https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6)", + "https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)", + "https://github.com/golang/go/issues/71383", + "https://go.dev/cl/643735", + "https://go.dev/issue/71383", + "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", + "https://linux.oracle.com/cve/CVE-2025-22866.html", + "https://linux.oracle.com/errata/ELSA-2025-7466.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22866", + "https://pkg.go.dev/vuln/GO-2025-3447", + "https://security.netapp.com/advisory/ntap-20250221-0002/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22866" + ], + "PublishedDate": "2025-02-06T17:15:21.41Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22870", + "VendorIDs": [ + "GHSA-qxp5-gwg8-xv66", + "GO-2025-3503" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.23.7, 1.24.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:22222297d6c92e04064070fd63559e430d66def94014d583945271bd69d081c0", + "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", + "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-115" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/03/07/2", + "https://access.redhat.com/security/cve/CVE-2025-22870", + "https://github.com/golang/go/issues/71984", + "https://go-review.googlesource.com/q/project:net", + "https://go.dev/cl/654697", + "https://go.dev/issue/71984", + "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", + "https://pkg.go.dev/vuln/GO-2025-3503", + "https://security.netapp.com/advisory/ntap-20250509-0007", + "https://security.netapp.com/advisory/ntap-20250509-0007/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22870" + ], + "PublishedDate": "2025-03-12T19:15:38.31Z", + "LastModifiedDate": "2026-04-16T23:16:32.86Z" + }, + { + "VulnerabilityID": "CVE-2025-22871", + "VendorIDs": [ + "GO-2025-3563" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.23.8, 1.24.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a8f5fec3127cff0a5901336344e53ac0b6378cf19cd6d79e0712a29db2c9a63f", + "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", + "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 3, + "ghsa": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/04/4", + "https://access.redhat.com/errata/RHSA-2025:9635", + "https://access.redhat.com/security/cve/CVE-2025-22871", + "https://bugzilla.redhat.com/2358493", + "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", + "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", + "https://errata.almalinux.org/9/ALSA-2025-9635.html", + "https://errata.rockylinux.org/RLSA-2025:9635", + "https://github.com/roadrunner-server/roadrunner", + "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", + "https://github.com/roadrunner-server/roadrunner/issues/2166", + "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", + "https://go.dev/cl/652998", + "https://go.dev/issue/71988", + "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", + "https://linux.oracle.com/cve/CVE-2025-22871.html", + "https://linux.oracle.com/errata/ELSA-2025-9845.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", + "https://pkg.go.dev/vuln/GO-2025-3563", + "https://www.cve.org/CVERecord?id=CVE-2025-22871" + ], + "PublishedDate": "2025-04-08T20:15:20.183Z", + "LastModifiedDate": "2026-05-12T13:16:39.897Z" + }, + { + "VulnerabilityID": "CVE-2025-22873", + "VendorIDs": [ + "GO-2026-4403" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.23.9, 1.24.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:48b572e8ccf575a8a8c5f18815eef1b8288a147583c5720e4c96c4a32eb3769e", + "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", + "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-23" + ], + "VendorSeverity": { + "amazon": 2, + "bitnami": 1, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "V3Score": 3.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/06/2", + "https://access.redhat.com/security/cve/CVE-2025-22873", + "https://go.dev/cl/670036", + "https://go.dev/issue/73555", + "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", + "https://pkg.go.dev/vuln/GO-2026-4403", + "https://www.cve.org/CVERecord?id=CVE-2025-22873" + ], + "PublishedDate": "2026-02-04T23:15:54.22Z", + "LastModifiedDate": "2026-02-10T15:16:40.057Z" + }, + { + "VulnerabilityID": "CVE-2025-4673", + "VendorIDs": [ + "GO-2025-3751" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c6377358f881e300d67df927c8d0eb693642bb9a134f8ea83ce13cc945490c65", + "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", + "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:15887", + "https://access.redhat.com/security/cve/CVE-2025-4673", + "https://bugzilla.redhat.com/2373305", + "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", + "https://errata.almalinux.org/9/ALSA-2025-15887.html", + "https://errata.rockylinux.org/RLSA-2025:15887", + "https://go.dev/cl/679257", + "https://go.dev/issue/73816", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://linux.oracle.com/cve/CVE-2025-4673.html", + "https://linux.oracle.com/errata/ELSA-2025-10677.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", + "https://pkg.go.dev/vuln/GO-2025-3751", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-4673" + ], + "PublishedDate": "2025-06-11T17:15:42.993Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-47906", + "VendorIDs": [ + "GO-2025-3956" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f691d9c06713ce8a674c3504b7d107e84273236ca11ab408e5c5464777b2836f", + "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", + "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:22005", + "https://access.redhat.com/security/cve/CVE-2025-47906", + "https://bugzilla.redhat.com/2396546", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", + "https://errata.almalinux.org/9/ALSA-2025-22005.html", + "https://errata.rockylinux.org/RLSA-2025:22005", + "https://go.dev/cl/691775", + "https://go.dev/issue/74466", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47906.html", + "https://linux.oracle.com/errata/ELSA-2025-22668.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", + "https://pkg.go.dev/vuln/GO-2025-3956", + "https://www.cve.org/CVERecord?id=CVE-2025-47906" + ], + "PublishedDate": "2025-09-18T19:15:37.66Z", + "LastModifiedDate": "2026-01-27T19:56:17.707Z" + }, + { + "VulnerabilityID": "CVE-2025-47907", + "VendorIDs": [ + "GO-2025-3849" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8bea06ed0390511ce5e7085e0c71dbb85a91f9b4c0be60bd6f6f1aaef37efde2", + "Title": "database/sql: Postgres Scan Race Condition", + "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:20909", + "https://access.redhat.com/security/cve/CVE-2025-47907", + "https://bugzilla.redhat.com/2387083", + "https://bugzilla.redhat.com/2393152", + "https://errata.almalinux.org/9/ALSA-2025-20909.html", + "https://go.dev/cl/693735", + "https://go.dev/issue/74831", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47907.html", + "https://linux.oracle.com/errata/ELSA-2025-20983.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", + "https://pkg.go.dev/vuln/GO-2025-3849", + "https://www.cve.org/CVERecord?id=CVE-2025-47907" + ], + "PublishedDate": "2025-08-07T16:15:30.357Z", + "LastModifiedDate": "2026-01-29T19:11:50.67Z" + }, + { + "VulnerabilityID": "CVE-2025-47912", + "VendorIDs": [ + "GO-2025-4010" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9b94e718368daf9c8d9a0da7270976925b6ea7f146618bad7ab94ed2220dfdab", + "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", + "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-47912", + "https://go.dev/cl/709857", + "https://go.dev/issue/75678", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", + "https://pkg.go.dev/vuln/GO-2025-4010", + "https://www.cve.org/CVERecord?id=CVE-2025-47912" + ], + "PublishedDate": "2025-10-29T23:16:18.187Z", + "LastModifiedDate": "2026-01-29T13:57:18.69Z" + }, + { + "VulnerabilityID": "CVE-2025-58183", + "VendorIDs": [ + "GO-2025-4014" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8270aaab59505d131d572bbcd7aafe4c5b2da3224d1444d56189a25e4ba57cc9", + "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", + "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/errata/RHSA-2026:1381", + "https://access.redhat.com/security/cve/CVE-2025-58183", + "https://bugzilla.redhat.com/2407258", + "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", + "https://errata.almalinux.org/9/ALSA-2026-1381.html", + "https://errata.rockylinux.org/RLSA-2025:23326", + "https://go.dev/cl/709861", + "https://go.dev/issue/75677", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://linux.oracle.com/cve/CVE-2025-58183.html", + "https://linux.oracle.com/errata/ELSA-2026-50076.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", + "https://pkg.go.dev/vuln/GO-2025-4014", + "https://www.cve.org/CVERecord?id=CVE-2025-58183" + ], + "PublishedDate": "2025-10-29T23:16:19.357Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-58185", + "VendorIDs": [ + "GO-2025-4011" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d88a48801304969cdabf96b43ce16047d86d21da62c883ad3ac722cef996e70e", + "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", + "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58185", + "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", + "https://go.dev/cl/709856", + "https://go.dev/issue/75671", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", + "https://pkg.go.dev/vuln/GO-2025-4011", + "https://www.cve.org/CVERecord?id=CVE-2025-58185" + ], + "PublishedDate": "2025-10-29T23:16:19.45Z", + "LastModifiedDate": "2026-02-06T20:26:41.997Z" + }, + { + "VulnerabilityID": "CVE-2025-58187", + "VendorIDs": [ + "GO-2025-4007" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.9, 1.25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:de27bedbf9f9a6a7de03235126ee703c69ac9db6dc5b0967da01e7e0106cb75f", + "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", + "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58187", + "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", + "https://go.dev/cl/709854", + "https://go.dev/issue/75681", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", + "https://pkg.go.dev/vuln/GO-2025-4007", + "https://www.cve.org/CVERecord?id=CVE-2025-58187" + ], + "PublishedDate": "2025-10-29T23:16:19.643Z", + "LastModifiedDate": "2026-01-29T16:02:27.08Z" + }, + { + "VulnerabilityID": "CVE-2025-58188", + "VendorIDs": [ + "GO-2025-4013" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f9bd828b02a1511583bc8ad386afc98f5de6da5eee69a6c9045c6639b781ff64", + "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", + "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58188", + "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", + "https://go.dev/cl/709853", + "https://go.dev/issue/75675", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", + "https://pkg.go.dev/vuln/GO-2025-4013", + "https://www.cve.org/CVERecord?id=CVE-2025-58188" + ], + "PublishedDate": "2025-10-29T23:16:19.74Z", + "LastModifiedDate": "2026-01-29T15:55:11.97Z" + }, + { + "VulnerabilityID": "CVE-2025-58189", + "VendorIDs": [ + "GO-2025-4008" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a9858d4e81eec0b51ff0220e6ebfcb34c4ef9825fc9b37d8800fac68dfc4d5ff", + "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", + "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-532" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58189", + "https://go.dev/cl/707776", + "https://go.dev/issue/75652", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", + "https://pkg.go.dev/vuln/GO-2025-4008", + "https://www.cve.org/CVERecord?id=CVE-2025-58189" + ], + "PublishedDate": "2025-10-29T23:16:19.833Z", + "LastModifiedDate": "2026-01-29T15:49:24.543Z" + }, + { + "VulnerabilityID": "CVE-2025-61723", + "VendorIDs": [ + "GO-2025-4009" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:71827ca2dbb4a70c906dbdc1fc61cbb310b738614c8b235a3d6636d526b80d21", + "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", + "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61723", + "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", + "https://go.dev/cl/709858", + "https://go.dev/issue/75676", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", + "https://pkg.go.dev/vuln/GO-2025-4009", + "https://www.cve.org/CVERecord?id=CVE-2025-61723" + ], + "PublishedDate": "2025-10-29T23:16:19.927Z", + "LastModifiedDate": "2026-01-29T15:49:05.343Z" + }, + { + "VulnerabilityID": "CVE-2025-61724", + "VendorIDs": [ + "GO-2025-4015" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:099192d8b992cbed4323a3cbf13f125bef85276d23d2b46e3bc4ec4ee98d9a25", + "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", + "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61724", + "https://go.dev/cl/709859", + "https://go.dev/issue/75716", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", + "https://pkg.go.dev/vuln/GO-2025-4015", + "https://www.cve.org/CVERecord?id=CVE-2025-61724" + ], + "PublishedDate": "2025-10-29T23:16:20.02Z", + "LastModifiedDate": "2026-01-29T15:30:53.69Z" + }, + { + "VulnerabilityID": "CVE-2025-61725", + "VendorIDs": [ + "GO-2025-4006" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6ef8f85f21f91a41d4e12c007346a95136a8529ff0a2544136a945c0e649f0e2", + "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", + "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61725", + "https://go.dev/cl/709860", + "https://go.dev/issue/75680", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", + "https://pkg.go.dev/vuln/GO-2025-4006", + "https://www.cve.org/CVERecord?id=CVE-2025-61725" + ], + "PublishedDate": "2025-10-29T23:16:20.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61727", + "VendorIDs": [ + "GO-2025-4175" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f88222de178935db29db47551f291b98a8fa8e9bec0398544ecf3f2c3e5bdfb6", + "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", + "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61727", + "https://go.dev/cl/723900", + "https://go.dev/issue/76442", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", + "https://pkg.go.dev/vuln/GO-2025-4175", + "https://www.cve.org/CVERecord?id=CVE-2025-61727" + ], + "PublishedDate": "2025-12-03T20:16:25.607Z", + "LastModifiedDate": "2025-12-18T20:15:10.957Z" + }, + { + "VulnerabilityID": "CVE-2025-61728", + "VendorIDs": [ + "GO-2026-4342" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ece9ad0c48168e304f69d6a613cd86e4cd22dd9ac0176c9ccd6c000d64c434c7", + "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", + "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/15/4", + "https://access.redhat.com/errata/RHSA-2026:3753", + "https://access.redhat.com/security/cve/CVE-2025-61728", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434431", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3753.html", + "https://errata.rockylinux.org/RLSA-2026:3337", + "https://go.dev/cl/736713", + "https://go.dev/issue/77102", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61728.html", + "https://linux.oracle.com/errata/ELSA-2026-4672.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", + "https://pkg.go.dev/vuln/GO-2026-4342", + "https://www.cve.org/CVERecord?id=CVE-2025-61728" + ], + "PublishedDate": "2026-01-28T20:16:09.83Z", + "LastModifiedDate": "2026-02-06T18:45:10.42Z" + }, + { + "VulnerabilityID": "CVE-2025-61730", + "VendorIDs": [ + "GO-2026-4340" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:dcaea82e35bbdf6fa7661c7d5e383d2feab4d33389fb575e2c03d93eb9d4e5c5", + "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", + "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "bitnami": 2, + "cbl-mariner": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61730", + "https://go.dev/cl/724120", + "https://go.dev/issue/76443", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", + "https://pkg.go.dev/vuln/GO-2026-4340", + "https://www.cve.org/CVERecord?id=CVE-2025-61730" + ], + "PublishedDate": "2026-01-28T20:16:09.94Z", + "LastModifiedDate": "2026-02-03T20:36:41.3Z" + }, + { + "VulnerabilityID": "CVE-2026-27142", + "VendorIDs": [ + "GO-2026-4603" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7e22f42d64c7eb103726cee18598ab59ad3e82e885209c8ef64dde2c6d4b572c", + "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", + "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27142", + "https://go.dev/cl/752081", + "https://go.dev/issue/77954", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", + "https://pkg.go.dev/vuln/GO-2026-4603", + "https://www.cve.org/CVERecord?id=CVE-2026-27142" + ], + "PublishedDate": "2026-03-06T22:16:01.177Z", + "LastModifiedDate": "2026-04-21T14:30:01.38Z" + }, + { + "VulnerabilityID": "CVE-2026-32282", + "VendorIDs": [ + "GO-2026-4864" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9609e2c648d4d6509fec78f6407b60b04bd86370fbc7c27ce661595f7738e35b", + "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", + "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32282", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763761", + "https://go.dev/issue/78293", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32282.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", + "https://pkg.go.dev/vuln/GO-2026-4864", + "https://www.cve.org/CVERecord?id=CVE-2026-32282" + ], + "PublishedDate": "2026-04-08T02:16:03.467Z", + "LastModifiedDate": "2026-04-16T19:15:39.4Z" + }, + { + "VulnerabilityID": "CVE-2026-32288", + "VendorIDs": [ + "GO-2026-4869" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:87a03bed7e97063b96220dfd5030d9c76c2f7b1ffb3730be3fdfd7e8ebeceaf4", + "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", + "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32288", + "https://go.dev/cl/763766", + "https://go.dev/issue/78301", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", + "https://pkg.go.dev/vuln/GO-2026-4869", + "https://www.cve.org/CVERecord?id=CVE-2026-32288" + ], + "PublishedDate": "2026-04-08T02:16:03.707Z", + "LastModifiedDate": "2026-04-16T19:08:52.24Z" + }, + { + "VulnerabilityID": "CVE-2026-32289", + "VendorIDs": [ + "GO-2026-4865" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:51060211f1844d15dcf2c9c0d392c316220bd6c3f9d63f371c12f5be7e752f1d", + "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", + "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32289", + "https://go.dev/cl/763762", + "https://go.dev/issue/78331", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", + "https://pkg.go.dev/vuln/GO-2026-4865", + "https://www.cve.org/CVERecord?id=CVE-2026-32289" + ], + "PublishedDate": "2026-04-08T02:16:03.82Z", + "LastModifiedDate": "2026-04-16T19:06:57.367Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f70fea5d5201f6e3b387edd9b1cbbb95cf29b2ab57a525297069f2476fbb7d1d", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:40ac66572eb4a9711c4eeee5871114bd5d090d31fe768de6c00f01019ca91d86", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.22.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.22.7", + "UID": "75b9fce06fbac122" + }, + "InstalledVersion": "v1.22.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", + "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:335ed88394a0846dafc5157ed262a1eb25d87f888725955e7be6483da04abc98", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + } + ] + }, + { + "Namespace": "gitea", + "Kind": "CronJob", + "Name": "gitea-backup", + "Metadata": [ + { + "Size": 59774464, + "OS": { + "Family": "alpine", + "Name": "3.17.0", + "EOSL": true + }, + "ImageID": "sha256:465689cd5f3a7c6709efcc91fb5418249674d1aedbe23e6bed3c1e2ee2fb1627", + "DiffIDs": [ + "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf", + "sha256:62e842859b7236f68a494bb2ccc03b4ada62270c8410cd26cb1c2586c5cdd4d7", + "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779", + "sha256:6823946f0ba7ae98d1587bb23122ee932bc17f32bb56cef6016883628c19b0f0", + "sha256:b4b66d1ee6ce658c9408aba14a7876cefb24449f6f48ea33ddbf85f051843b48" + ], + "RepoTags": [ + "rclone/rclone:1.61.1" + ], + "RepoDigests": [ + "rclone/rclone@sha256:bdda91757fbcb10c857417f442ed13518ac292703c9dca42d8399f5f88e2da6c" + ], + "Reference": "rclone/rclone:1.61.1", + "ImageConfig": { + "architecture": "amd64", + "created": "2022-12-23T18:30:20.435655422Z", + "history": [ + { + "created": "2022-11-22T22:19:28.870801855Z", + "created_by": "/bin/sh -c #(nop) ADD file:587cae71969871d3c6456d844a8795df9b64b12c710c275295a1182b46f630e7 in / " + }, + { + "created": "2022-11-22T22:19:29.008562326Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]", + "empty_layer": true + }, + { + "created": "2022-12-23T18:21:20.552610746Z", + "created_by": "RUN /bin/sh -c apk --no-cache add ca-certificates fuse tzdata \u0026\u0026 echo \"user_allow_other\" \u003e\u003e /etc/fuse.conf # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2022-12-23T18:30:20.174824107Z", + "created_by": "COPY /go/src/github.com/rclone/rclone/rclone /usr/local/bin/ # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2022-12-23T18:30:20.421025837Z", + "created_by": "RUN /bin/sh -c addgroup -g 1009 rclone \u0026\u0026 adduser -u 1009 -Ds /bin/sh -G rclone rclone # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2022-12-23T18:30:20.435655422Z", + "created_by": "ENTRYPOINT [\"rclone\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2022-12-23T18:30:20.435655422Z", + "created_by": "WORKDIR /data", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2022-12-23T18:30:20.435655422Z", + "created_by": "ENV XDG_CONFIG_HOME=/config", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf", + "sha256:62e842859b7236f68a494bb2ccc03b4ada62270c8410cd26cb1c2586c5cdd4d7", + "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779", + "sha256:6823946f0ba7ae98d1587bb23122ee932bc17f32bb56cef6016883628c19b0f0", + "sha256:b4b66d1ee6ce658c9408aba14a7876cefb24449f6f48ea33ddbf85f051843b48" + ] + }, + "config": { + "Entrypoint": [ + "rclone" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "XDG_CONFIG_HOME=/config" + ], + "WorkingDir": "/data" + } + }, + "Layers": [ + { + "Size": 7337984, + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + { + "Size": 3042816, + "Digest": "sha256:218554a38a3b1cfdc7e018c6611c9fac89e96e5c509a1472cd144154c6a96786", + "DiffID": "sha256:62e842859b7236f68a494bb2ccc03b4ada62270c8410cd26cb1c2586c5cdd4d7" + }, + { + "Size": 49380352, + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + { + "Size": 11776, + "Digest": "sha256:8ca9a3048278c27e08bbccd3670f2c5caff0128842689a9c86ed1fb0f9ce1cc9", + "DiffID": "sha256:6823946f0ba7ae98d1587bb23122ee932bc17f32bb56cef6016883628c19b0f0" + }, + { + "Size": 1536, + "Digest": "sha256:109cd48fac6cc902363d1ab766beec1fc3e4c2c95a1e7a7cde7f3407c18b3af3", + "DiffID": "sha256:b4b66d1ee6ce658c9408aba14a7876cefb24449f6f48ea33ddbf85f051843b48" + } + ] + } + ], + "Results": [ + { + "Target": "rclone/rclone:1.61.1 (alpine 3.17.0)", + "Class": "os-pkgs", + "Type": "alpine", + "Packages": [ + { + "ID": "alpine-baselayout@3.4.0-r0", + "Name": "alpine-baselayout", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout@3.4.0-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "30c2f9800d728f28" + }, + "Version": "3.4.0-r0", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.4.0-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-baselayout-data@3.4.0-r0", + "busybox-binsh@1.35.0-r29" + ], + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:fde5df99b613d565de9c54aa2a3ae86322bce0d1", + "InstalledFiles": [ + "etc/motd", + "etc/crontabs/root", + "etc/modprobe.d/aliases.conf", + "etc/modprobe.d/blacklist.conf", + "etc/modprobe.d/i386.conf", + "etc/modprobe.d/kms.conf", + "etc/profile.d/README", + "etc/profile.d/color_prompt.sh.disabled", + "etc/profile.d/locale.sh", + "lib/sysctl.d/00-alpine.conf", + "var/run", + "var/spool/mail", + "var/spool/cron/crontabs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-baselayout-data@3.4.0-r0", + "Name": "alpine-baselayout-data", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.4.0-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "e51ffe20d7623a8b" + }, + "Version": "3.4.0-r0", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.4.0-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:fc982933c27a0d623fe78d6d517fae1c4cd28eaa", + "InstalledFiles": [ + "etc/fstab", + "etc/group", + "etc/hostname", + "etc/hosts", + "etc/inittab", + "etc/modules", + "etc/mtab", + "etc/nsswitch.conf", + "etc/passwd", + "etc/profile", + "etc/protocols", + "etc/services", + "etc/shadow", + "etc/shells", + "etc/sysctl.conf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-keys@2.4-r1", + "Name": "alpine-keys", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64\u0026distro=3.17.0", + "UID": "3164c80d593e4cb3" + }, + "Version": "2.4-r1", + "Arch": "x86_64", + "SrcName": "alpine-keys", + "SrcVersion": "2.4-r1", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:28cd3595f295a7e804667db76b0ba3aa34a4acdf", + "InstalledFiles": [ + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "apk-tools@2.12.10-r1", + "Name": "apk-tools", + "Identifier": { + "PURL": "pkg:apk/alpine/apk-tools@2.12.10-r1?arch=x86_64\u0026distro=3.17.0", + "UID": "5b5afd5889ede5eb" + }, + "Version": "2.12.10-r1", + "Arch": "x86_64", + "SrcName": "apk-tools", + "SrcVersion": "2.12.10-r1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "ca-certificates-bundle@20220614-r2", + "libcrypto3@3.0.7-r0", + "libssl3@3.0.7-r0", + "musl@1.2.3-r4", + "zlib@1.2.13-r0" + ], + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:11fde2c2df9c31d1a780481a16bd944482612b34", + "InstalledFiles": [ + "lib/libapk.so.3.12.0", + "sbin/apk" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox@1.35.0-r29", + "Name": "busybox", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "63663e79f1d78cba" + }, + "Version": "1.35.0-r29", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.35.0-r29", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:34ddeca74cabf7d6ed472b2ab72de7414ad61da6", + "InstalledFiles": [ + "bin/busybox", + "etc/securetty", + "etc/udhcpd.conf", + "etc/logrotate.d/acpid", + "etc/network/if-up.d/dad", + "usr/share/udhcpc/default.script" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox-binsh@1.35.0-r29", + "Name": "busybox-binsh", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "45c394fb49457fb2" + }, + "Version": "1.35.0-r29", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.35.0-r29", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "busybox@1.35.0-r29" + ], + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:9a25b0ca158a5d51224582e1980ad5d5328cb3a0", + "InstalledFiles": [ + "bin/sh" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates@20220614-r3", + "Name": "ca-certificates", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates@20220614-r3?arch=x86_64\u0026distro=3.17.0", + "UID": "2cf7b443ea323e5e" + }, + "Version": "20220614-r3", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20220614-r3", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.35.0-r29", + "libcrypto3@3.0.7-r0", + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:218554a38a3b1cfdc7e018c6611c9fac89e96e5c509a1472cd144154c6a96786", + "DiffID": "sha256:62e842859b7236f68a494bb2ccc03b4ada62270c8410cd26cb1c2586c5cdd4d7" + }, + "Digest": "sha1:54e1755c00b5cceca1c08c2f40e448bdca0265e8", + "InstalledFiles": [ + "etc/ca-certificates.conf", + "etc/apk/protected_paths.d/ca-certificates.list", + "etc/ca-certificates/update.d/certhash", + "usr/bin/c_rehash", + "usr/sbin/update-ca-certificates", + "usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", + "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", + "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", + "usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", + "usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", + "usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", + "usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", + "usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", + "usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", + "usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", + "usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", + "usr/share/ca-certificates/mozilla/Certigna.crt", + "usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", + "usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", + "usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", + "usr/share/ca-certificates/mozilla/E-Tugra_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/E-Tugra_Global_Root_CA_ECC_v3.crt", + "usr/share/ca-certificates/mozilla/E-Tugra_Global_Root_CA_RSA_v3.crt", + "usr/share/ca-certificates/mozilla/EC-ACC.crt", + "usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G4.crt", + "usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", + "usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", + "usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", + "usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", + "usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", + "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", + "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", + "usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", + "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", + "usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", + "usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/Izenpe.com.crt", + "usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", + "usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", + "usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", + "usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", + "usr/share/ca-certificates/mozilla/Network_Solutions_Certificate_Authority.crt", + "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", + "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", + "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", + "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", + "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", + "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", + "usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", + "usr/share/ca-certificates/mozilla/SecureSign_RootCA11.crt", + "usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", + "usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", + "usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", + "usr/share/ca-certificates/mozilla/Security_Communication_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Staat_der_Nederlanden_EV_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", + "usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", + "usr/share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt", + "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", + "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", + "usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", + "usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", + "usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", + "usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", + "usr/share/ca-certificates/mozilla/TrustCor_ECA-1.crt", + "usr/share/ca-certificates/mozilla/TrustCor_RootCert_CA-1.crt", + "usr/share/ca-certificates/mozilla/TrustCor_RootCert_CA-2.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", + "usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", + "usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", + "usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", + "usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", + "usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", + "usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", + "usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", + "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", + "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", + "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", + "usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", + "usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates-bundle@20220614-r2", + "Name": "ca-certificates-bundle", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates-bundle@20220614-r2?arch=x86_64\u0026distro=3.17.0", + "UID": "abbaa17475b8f0df" + }, + "Version": "20220614-r2", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20220614-r2", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:9e3c4b432e3820273336d5c48c732fcf81615959", + "InstalledFiles": [ + "etc/ssl/cert.pem", + "etc/ssl/certs/ca-certificates.crt", + "etc/ssl1.1/cert.pem", + "etc/ssl1.1/certs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "fuse@2.9.9-r2", + "Name": "fuse", + "Identifier": { + "PURL": "pkg:apk/alpine/fuse@2.9.9-r2?arch=x86_64\u0026distro=3.17.0", + "UID": "87e240d6e1600fa2" + }, + "Version": "2.9.9-r2", + "Arch": "x86_64", + "SrcName": "fuse", + "SrcVersion": "2.9.9-r2", + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "fuse-common@3.12.0-r0", + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:218554a38a3b1cfdc7e018c6611c9fac89e96e5c509a1472cd144154c6a96786", + "DiffID": "sha256:62e842859b7236f68a494bb2ccc03b4ada62270c8410cd26cb1c2586c5cdd4d7" + }, + "Digest": "sha1:db75c36ba00ca0b9e3f361b011c40ca9c28cbe8a", + "InstalledFiles": [ + "bin/fusermount", + "bin/ulockmgr_server", + "lib/udev/rules.d/99-fuse.rules", + "sbin/mount.fuse", + "usr/lib/libfuse.so.2", + "usr/lib/libfuse.so.2.9.9", + "usr/lib/libulockmgr.so.1", + "usr/lib/libulockmgr.so.1.0.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "fuse-common@3.12.0-r0", + "Name": "fuse-common", + "Identifier": { + "PURL": "pkg:apk/alpine/fuse-common@3.12.0-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "ee399eecaf7a9402" + }, + "Version": "3.12.0-r0", + "Arch": "x86_64", + "SrcName": "fuse3", + "SrcVersion": "3.12.0-r0", + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:218554a38a3b1cfdc7e018c6611c9fac89e96e5c509a1472cd144154c6a96786", + "DiffID": "sha256:62e842859b7236f68a494bb2ccc03b4ada62270c8410cd26cb1c2586c5cdd4d7" + }, + "Digest": "sha1:e059a354f3525151167d71a48b5f2619c12d2ec0", + "InstalledFiles": [ + "etc/fuse.conf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libc-utils@0.7.2-r3", + "Name": "libc-utils", + "Identifier": { + "PURL": "pkg:apk/alpine/libc-utils@0.7.2-r3?arch=x86_64\u0026distro=3.17.0", + "UID": "1b227ba5c763f776" + }, + "Version": "0.7.2-r3", + "Arch": "x86_64", + "SrcName": "libc-dev", + "SrcVersion": "0.7.2-r3", + "Licenses": [ + "BSD-2-Clause", + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl-utils@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:f46834ea904f8a21bd50df78aa5eea226b074944", + "AnalyzedBy": "apk" + }, + { + "ID": "libcrypto3@3.0.7-r0", + "Name": "libcrypto3", + "Identifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "Version": "3.0.7-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.0.7-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", + "DependsOn": [ + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:4e39ab0046b93ca778d0f373e8e229a3e6c1796d", + "InstalledFiles": [ + "etc/ssl/ct_log_list.cnf", + "etc/ssl/ct_log_list.cnf.dist", + "etc/ssl/openssl.cnf", + "etc/ssl/openssl.cnf.dist", + "etc/ssl/misc/CA.pl", + "etc/ssl/misc/tsget", + "etc/ssl/misc/tsget.pl", + "lib/libcrypto.so.3", + "usr/lib/libcrypto.so.3", + "usr/lib/engines-3/afalg.so", + "usr/lib/engines-3/capi.so", + "usr/lib/engines-3/loader_attic.so", + "usr/lib/engines-3/padlock.so", + "usr/lib/ossl-modules/legacy.so" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libssl3@3.0.7-r0", + "Name": "libssl3", + "Identifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "Version": "3.0.7-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.0.7-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", + "DependsOn": [ + "libcrypto3@3.0.7-r0", + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:133e78acb5153e50229dcb89d9e0edc589eb7a4e", + "InstalledFiles": [ + "lib/libssl.so.3", + "usr/lib/libssl.so.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl@1.2.3-r4", + "Name": "musl", + "Identifier": { + "PURL": "pkg:apk/alpine/musl@1.2.3-r4?arch=x86_64\u0026distro=3.17.0", + "UID": "af5f98cf83a00dc2" + }, + "Version": "1.2.3-r4", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.3-r4", + "Licenses": [ + "MIT" + ], + "Maintainer": "Timo Teräs \u003ctimo.teras@iki.fi\u003e", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:3e4ef1d70a00adb0759f390c3c93ead53102c2eb", + "InstalledFiles": [ + "lib/ld-musl-x86_64.so.1", + "lib/libc.musl-x86_64.so.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl-utils@1.2.3-r4", + "Name": "musl-utils", + "Identifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.3-r4?arch=x86_64\u0026distro=3.17.0", + "UID": "69e5c84e7222babe" + }, + "Version": "1.2.3-r4", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.3-r4", + "Licenses": [ + "MIT", + "BSD-2-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Timo Teräs \u003ctimo.teras@iki.fi\u003e", + "DependsOn": [ + "musl@1.2.3-r4", + "scanelf@1.3.5-r1" + ], + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:65624be1ec92c7c9cf4a3175140260432bee36ce", + "InstalledFiles": [ + "sbin/ldconfig", + "usr/bin/getconf", + "usr/bin/getent", + "usr/bin/iconv", + "usr/bin/ldd" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "scanelf@1.3.5-r1", + "Name": "scanelf", + "Identifier": { + "PURL": "pkg:apk/alpine/scanelf@1.3.5-r1?arch=x86_64\u0026distro=3.17.0", + "UID": "9beb1e687687f8d6" + }, + "Version": "1.3.5-r1", + "Arch": "x86_64", + "SrcName": "pax-utils", + "SrcVersion": "1.3.5-r1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:d5dc5816c1ef045033cc7183a3980e4c33490f24", + "InstalledFiles": [ + "usr/bin/scanelf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ssl_client@1.35.0-r29", + "Name": "ssl_client", + "Identifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "4d574a05a4da5141" + }, + "Version": "1.35.0-r29", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.35.0-r29", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "libcrypto3@3.0.7-r0", + "libssl3@3.0.7-r0", + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:42ea998de3fa5c6f39236f6d3a2096a1f2fc0a3d", + "InstalledFiles": [ + "usr/bin/ssl_client" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "tzdata@2022f-r1", + "Name": "tzdata", + "Identifier": { + "PURL": "pkg:apk/alpine/tzdata@2022f-r1?arch=x86_64\u0026distro=3.17.0", + "UID": "16cbdb52acce2be1" + }, + "Version": "2022f-r1", + "Arch": "x86_64", + "SrcName": "tzdata", + "SrcVersion": "2022f-r1", + "Licenses": [ + "Public-Domain" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:218554a38a3b1cfdc7e018c6611c9fac89e96e5c509a1472cd144154c6a96786", + "DiffID": "sha256:62e842859b7236f68a494bb2ccc03b4ada62270c8410cd26cb1c2586c5cdd4d7" + }, + "Digest": "sha1:7752b6fc9e327fcddcd2055382debad1362804fd", + "InstalledFiles": [ + "usr/share/zoneinfo/CET", + "usr/share/zoneinfo/CST6CDT", + "usr/share/zoneinfo/Cuba", + "usr/share/zoneinfo/EET", + "usr/share/zoneinfo/EST", + "usr/share/zoneinfo/EST5EDT", + "usr/share/zoneinfo/Egypt", + "usr/share/zoneinfo/Eire", + "usr/share/zoneinfo/Factory", + "usr/share/zoneinfo/GB", + "usr/share/zoneinfo/GB-Eire", + "usr/share/zoneinfo/GMT", + "usr/share/zoneinfo/GMT+0", + "usr/share/zoneinfo/GMT-0", + "usr/share/zoneinfo/GMT0", + "usr/share/zoneinfo/Greenwich", + "usr/share/zoneinfo/HST", + "usr/share/zoneinfo/Hongkong", + "usr/share/zoneinfo/Iceland", + "usr/share/zoneinfo/Iran", + "usr/share/zoneinfo/Israel", + "usr/share/zoneinfo/Jamaica", + "usr/share/zoneinfo/Japan", + "usr/share/zoneinfo/Kwajalein", + "usr/share/zoneinfo/Libya", + "usr/share/zoneinfo/MET", + "usr/share/zoneinfo/MST", + "usr/share/zoneinfo/MST7MDT", + "usr/share/zoneinfo/NZ", + "usr/share/zoneinfo/NZ-CHAT", + "usr/share/zoneinfo/Navajo", + "usr/share/zoneinfo/PRC", + "usr/share/zoneinfo/PST8PDT", + "usr/share/zoneinfo/Poland", + "usr/share/zoneinfo/Portugal", + "usr/share/zoneinfo/ROC", + "usr/share/zoneinfo/ROK", + "usr/share/zoneinfo/Singapore", + "usr/share/zoneinfo/Turkey", + "usr/share/zoneinfo/UCT", + "usr/share/zoneinfo/UTC", + "usr/share/zoneinfo/Universal", + "usr/share/zoneinfo/W-SU", + "usr/share/zoneinfo/WET", + "usr/share/zoneinfo/Zulu", + "usr/share/zoneinfo/iso3166.tab", + "usr/share/zoneinfo/leap-seconds.list", + "usr/share/zoneinfo/posixrules", + "usr/share/zoneinfo/zone.tab", + "usr/share/zoneinfo/zone1970.tab", + "usr/share/zoneinfo/Africa/Abidjan", + "usr/share/zoneinfo/Africa/Accra", + "usr/share/zoneinfo/Africa/Addis_Ababa", + "usr/share/zoneinfo/Africa/Algiers", + "usr/share/zoneinfo/Africa/Asmara", + "usr/share/zoneinfo/Africa/Asmera", + "usr/share/zoneinfo/Africa/Bamako", + "usr/share/zoneinfo/Africa/Bangui", + "usr/share/zoneinfo/Africa/Banjul", + "usr/share/zoneinfo/Africa/Bissau", + "usr/share/zoneinfo/Africa/Blantyre", + "usr/share/zoneinfo/Africa/Brazzaville", + "usr/share/zoneinfo/Africa/Bujumbura", + "usr/share/zoneinfo/Africa/Cairo", + "usr/share/zoneinfo/Africa/Casablanca", + "usr/share/zoneinfo/Africa/Ceuta", + "usr/share/zoneinfo/Africa/Conakry", + "usr/share/zoneinfo/Africa/Dakar", + "usr/share/zoneinfo/Africa/Dar_es_Salaam", + "usr/share/zoneinfo/Africa/Djibouti", + "usr/share/zoneinfo/Africa/Douala", + "usr/share/zoneinfo/Africa/El_Aaiun", + "usr/share/zoneinfo/Africa/Freetown", + "usr/share/zoneinfo/Africa/Gaborone", + "usr/share/zoneinfo/Africa/Harare", + "usr/share/zoneinfo/Africa/Johannesburg", + "usr/share/zoneinfo/Africa/Juba", + "usr/share/zoneinfo/Africa/Kampala", + "usr/share/zoneinfo/Africa/Khartoum", + "usr/share/zoneinfo/Africa/Kigali", + "usr/share/zoneinfo/Africa/Kinshasa", + "usr/share/zoneinfo/Africa/Lagos", + "usr/share/zoneinfo/Africa/Libreville", + "usr/share/zoneinfo/Africa/Lome", + "usr/share/zoneinfo/Africa/Luanda", + "usr/share/zoneinfo/Africa/Lubumbashi", + "usr/share/zoneinfo/Africa/Lusaka", + "usr/share/zoneinfo/Africa/Malabo", + "usr/share/zoneinfo/Africa/Maputo", + "usr/share/zoneinfo/Africa/Maseru", + "usr/share/zoneinfo/Africa/Mbabane", + "usr/share/zoneinfo/Africa/Mogadishu", + "usr/share/zoneinfo/Africa/Monrovia", + "usr/share/zoneinfo/Africa/Nairobi", + "usr/share/zoneinfo/Africa/Ndjamena", + "usr/share/zoneinfo/Africa/Niamey", + "usr/share/zoneinfo/Africa/Nouakchott", + "usr/share/zoneinfo/Africa/Ouagadougou", + "usr/share/zoneinfo/Africa/Porto-Novo", + "usr/share/zoneinfo/Africa/Sao_Tome", + "usr/share/zoneinfo/Africa/Timbuktu", + "usr/share/zoneinfo/Africa/Tripoli", + "usr/share/zoneinfo/Africa/Tunis", + "usr/share/zoneinfo/Africa/Windhoek", + "usr/share/zoneinfo/America/Adak", + "usr/share/zoneinfo/America/Anchorage", + "usr/share/zoneinfo/America/Anguilla", + "usr/share/zoneinfo/America/Antigua", + "usr/share/zoneinfo/America/Araguaina", + "usr/share/zoneinfo/America/Aruba", + "usr/share/zoneinfo/America/Asuncion", + "usr/share/zoneinfo/America/Atikokan", + "usr/share/zoneinfo/America/Atka", + "usr/share/zoneinfo/America/Bahia", + "usr/share/zoneinfo/America/Bahia_Banderas", + "usr/share/zoneinfo/America/Barbados", + "usr/share/zoneinfo/America/Belem", + "usr/share/zoneinfo/America/Belize", + "usr/share/zoneinfo/America/Blanc-Sablon", + "usr/share/zoneinfo/America/Boa_Vista", + "usr/share/zoneinfo/America/Bogota", + "usr/share/zoneinfo/America/Boise", + "usr/share/zoneinfo/America/Buenos_Aires", + "usr/share/zoneinfo/America/Cambridge_Bay", + "usr/share/zoneinfo/America/Campo_Grande", + "usr/share/zoneinfo/America/Cancun", + "usr/share/zoneinfo/America/Caracas", + "usr/share/zoneinfo/America/Catamarca", + "usr/share/zoneinfo/America/Cayenne", + "usr/share/zoneinfo/America/Cayman", + "usr/share/zoneinfo/America/Chicago", + "usr/share/zoneinfo/America/Chihuahua", + "usr/share/zoneinfo/America/Coral_Harbour", + "usr/share/zoneinfo/America/Cordoba", + "usr/share/zoneinfo/America/Costa_Rica", + "usr/share/zoneinfo/America/Creston", + "usr/share/zoneinfo/America/Cuiaba", + "usr/share/zoneinfo/America/Curacao", + "usr/share/zoneinfo/America/Danmarkshavn", + "usr/share/zoneinfo/America/Dawson", + "usr/share/zoneinfo/America/Dawson_Creek", + "usr/share/zoneinfo/America/Denver", + "usr/share/zoneinfo/America/Detroit", + "usr/share/zoneinfo/America/Dominica", + "usr/share/zoneinfo/America/Edmonton", + "usr/share/zoneinfo/America/Eirunepe", + "usr/share/zoneinfo/America/El_Salvador", + "usr/share/zoneinfo/America/Ensenada", + "usr/share/zoneinfo/America/Fort_Nelson", + "usr/share/zoneinfo/America/Fort_Wayne", + "usr/share/zoneinfo/America/Fortaleza", + "usr/share/zoneinfo/America/Glace_Bay", + "usr/share/zoneinfo/America/Godthab", + "usr/share/zoneinfo/America/Goose_Bay", + "usr/share/zoneinfo/America/Grand_Turk", + "usr/share/zoneinfo/America/Grenada", + "usr/share/zoneinfo/America/Guadeloupe", + "usr/share/zoneinfo/America/Guatemala", + "usr/share/zoneinfo/America/Guayaquil", + "usr/share/zoneinfo/America/Guyana", + "usr/share/zoneinfo/America/Halifax", + "usr/share/zoneinfo/America/Havana", + "usr/share/zoneinfo/America/Hermosillo", + "usr/share/zoneinfo/America/Indianapolis", + "usr/share/zoneinfo/America/Inuvik", + "usr/share/zoneinfo/America/Iqaluit", + "usr/share/zoneinfo/America/Jamaica", + "usr/share/zoneinfo/America/Jujuy", + "usr/share/zoneinfo/America/Juneau", + "usr/share/zoneinfo/America/Knox_IN", + "usr/share/zoneinfo/America/Kralendijk", + "usr/share/zoneinfo/America/La_Paz", + "usr/share/zoneinfo/America/Lima", + "usr/share/zoneinfo/America/Los_Angeles", + "usr/share/zoneinfo/America/Louisville", + "usr/share/zoneinfo/America/Lower_Princes", + "usr/share/zoneinfo/America/Maceio", + "usr/share/zoneinfo/America/Managua", + "usr/share/zoneinfo/America/Manaus", + "usr/share/zoneinfo/America/Marigot", + "usr/share/zoneinfo/America/Martinique", + "usr/share/zoneinfo/America/Matamoros", + "usr/share/zoneinfo/America/Mazatlan", + "usr/share/zoneinfo/America/Mendoza", + "usr/share/zoneinfo/America/Menominee", + "usr/share/zoneinfo/America/Merida", + "usr/share/zoneinfo/America/Metlakatla", + "usr/share/zoneinfo/America/Mexico_City", + "usr/share/zoneinfo/America/Miquelon", + "usr/share/zoneinfo/America/Moncton", + "usr/share/zoneinfo/America/Monterrey", + "usr/share/zoneinfo/America/Montevideo", + "usr/share/zoneinfo/America/Montreal", + "usr/share/zoneinfo/America/Montserrat", + "usr/share/zoneinfo/America/Nassau", + "usr/share/zoneinfo/America/New_York", + "usr/share/zoneinfo/America/Nipigon", + "usr/share/zoneinfo/America/Nome", + "usr/share/zoneinfo/America/Noronha", + "usr/share/zoneinfo/America/Nuuk", + "usr/share/zoneinfo/America/Ojinaga", + "usr/share/zoneinfo/America/Panama", + "usr/share/zoneinfo/America/Pangnirtung", + "usr/share/zoneinfo/America/Paramaribo", + "usr/share/zoneinfo/America/Phoenix", + "usr/share/zoneinfo/America/Port-au-Prince", + "usr/share/zoneinfo/America/Port_of_Spain", + "usr/share/zoneinfo/America/Porto_Acre", + "usr/share/zoneinfo/America/Porto_Velho", + "usr/share/zoneinfo/America/Puerto_Rico", + "usr/share/zoneinfo/America/Punta_Arenas", + "usr/share/zoneinfo/America/Rainy_River", + "usr/share/zoneinfo/America/Rankin_Inlet", + "usr/share/zoneinfo/America/Recife", + "usr/share/zoneinfo/America/Regina", + "usr/share/zoneinfo/America/Resolute", + "usr/share/zoneinfo/America/Rio_Branco", + "usr/share/zoneinfo/America/Rosario", + "usr/share/zoneinfo/America/Santa_Isabel", + "usr/share/zoneinfo/America/Santarem", + "usr/share/zoneinfo/America/Santiago", + "usr/share/zoneinfo/America/Santo_Domingo", + "usr/share/zoneinfo/America/Sao_Paulo", + "usr/share/zoneinfo/America/Scoresbysund", + "usr/share/zoneinfo/America/Shiprock", + "usr/share/zoneinfo/America/Sitka", + "usr/share/zoneinfo/America/St_Barthelemy", + "usr/share/zoneinfo/America/St_Johns", + "usr/share/zoneinfo/America/St_Kitts", + "usr/share/zoneinfo/America/St_Lucia", + "usr/share/zoneinfo/America/St_Thomas", + "usr/share/zoneinfo/America/St_Vincent", + "usr/share/zoneinfo/America/Swift_Current", + "usr/share/zoneinfo/America/Tegucigalpa", + "usr/share/zoneinfo/America/Thule", + "usr/share/zoneinfo/America/Thunder_Bay", + "usr/share/zoneinfo/America/Tijuana", + "usr/share/zoneinfo/America/Toronto", + "usr/share/zoneinfo/America/Tortola", + "usr/share/zoneinfo/America/Vancouver", + "usr/share/zoneinfo/America/Virgin", + "usr/share/zoneinfo/America/Whitehorse", + "usr/share/zoneinfo/America/Winnipeg", + "usr/share/zoneinfo/America/Yakutat", + "usr/share/zoneinfo/America/Yellowknife", + "usr/share/zoneinfo/America/Argentina/Buenos_Aires", + "usr/share/zoneinfo/America/Argentina/Catamarca", + "usr/share/zoneinfo/America/Argentina/ComodRivadavia", + "usr/share/zoneinfo/America/Argentina/Cordoba", + "usr/share/zoneinfo/America/Argentina/Jujuy", + "usr/share/zoneinfo/America/Argentina/La_Rioja", + "usr/share/zoneinfo/America/Argentina/Mendoza", + "usr/share/zoneinfo/America/Argentina/Rio_Gallegos", + "usr/share/zoneinfo/America/Argentina/Salta", + "usr/share/zoneinfo/America/Argentina/San_Juan", + "usr/share/zoneinfo/America/Argentina/San_Luis", + "usr/share/zoneinfo/America/Argentina/Tucuman", + "usr/share/zoneinfo/America/Argentina/Ushuaia", + "usr/share/zoneinfo/America/Indiana/Indianapolis", + "usr/share/zoneinfo/America/Indiana/Knox", + "usr/share/zoneinfo/America/Indiana/Marengo", + "usr/share/zoneinfo/America/Indiana/Petersburg", + "usr/share/zoneinfo/America/Indiana/Tell_City", + "usr/share/zoneinfo/America/Indiana/Vevay", + "usr/share/zoneinfo/America/Indiana/Vincennes", + "usr/share/zoneinfo/America/Indiana/Winamac", + "usr/share/zoneinfo/America/Kentucky/Louisville", + "usr/share/zoneinfo/America/Kentucky/Monticello", + "usr/share/zoneinfo/America/North_Dakota/Beulah", + "usr/share/zoneinfo/America/North_Dakota/Center", + "usr/share/zoneinfo/America/North_Dakota/New_Salem", + "usr/share/zoneinfo/Antarctica/Casey", + "usr/share/zoneinfo/Antarctica/Davis", + "usr/share/zoneinfo/Antarctica/DumontDUrville", + "usr/share/zoneinfo/Antarctica/Macquarie", + "usr/share/zoneinfo/Antarctica/Mawson", + "usr/share/zoneinfo/Antarctica/McMurdo", + "usr/share/zoneinfo/Antarctica/Palmer", + "usr/share/zoneinfo/Antarctica/Rothera", + "usr/share/zoneinfo/Antarctica/South_Pole", + "usr/share/zoneinfo/Antarctica/Syowa", + "usr/share/zoneinfo/Antarctica/Troll", + "usr/share/zoneinfo/Antarctica/Vostok", + "usr/share/zoneinfo/Arctic/Longyearbyen", + "usr/share/zoneinfo/Asia/Aden", + "usr/share/zoneinfo/Asia/Almaty", + "usr/share/zoneinfo/Asia/Amman", + "usr/share/zoneinfo/Asia/Anadyr", + "usr/share/zoneinfo/Asia/Aqtau", + "usr/share/zoneinfo/Asia/Aqtobe", + "usr/share/zoneinfo/Asia/Ashgabat", + "usr/share/zoneinfo/Asia/Ashkhabad", + "usr/share/zoneinfo/Asia/Atyrau", + "usr/share/zoneinfo/Asia/Baghdad", + "usr/share/zoneinfo/Asia/Bahrain", + "usr/share/zoneinfo/Asia/Baku", + "usr/share/zoneinfo/Asia/Bangkok", + "usr/share/zoneinfo/Asia/Barnaul", + "usr/share/zoneinfo/Asia/Beirut", + "usr/share/zoneinfo/Asia/Bishkek", + "usr/share/zoneinfo/Asia/Brunei", + "usr/share/zoneinfo/Asia/Calcutta", + "usr/share/zoneinfo/Asia/Chita", + "usr/share/zoneinfo/Asia/Choibalsan", + "usr/share/zoneinfo/Asia/Chongqing", + "usr/share/zoneinfo/Asia/Chungking", + "usr/share/zoneinfo/Asia/Colombo", + "usr/share/zoneinfo/Asia/Dacca", + "usr/share/zoneinfo/Asia/Damascus", + "usr/share/zoneinfo/Asia/Dhaka", + "usr/share/zoneinfo/Asia/Dili", + "usr/share/zoneinfo/Asia/Dubai", + "usr/share/zoneinfo/Asia/Dushanbe", + "usr/share/zoneinfo/Asia/Famagusta", + "usr/share/zoneinfo/Asia/Gaza", + "usr/share/zoneinfo/Asia/Harbin", + "usr/share/zoneinfo/Asia/Hebron", + "usr/share/zoneinfo/Asia/Ho_Chi_Minh", + "usr/share/zoneinfo/Asia/Hong_Kong", + "usr/share/zoneinfo/Asia/Hovd", + "usr/share/zoneinfo/Asia/Irkutsk", + "usr/share/zoneinfo/Asia/Istanbul", + "usr/share/zoneinfo/Asia/Jakarta", + "usr/share/zoneinfo/Asia/Jayapura", + "usr/share/zoneinfo/Asia/Jerusalem", + "usr/share/zoneinfo/Asia/Kabul", + "usr/share/zoneinfo/Asia/Kamchatka", + "usr/share/zoneinfo/Asia/Karachi", + "usr/share/zoneinfo/Asia/Kashgar", + "usr/share/zoneinfo/Asia/Kathmandu", + "usr/share/zoneinfo/Asia/Katmandu", + "usr/share/zoneinfo/Asia/Khandyga", + "usr/share/zoneinfo/Asia/Kolkata", + "usr/share/zoneinfo/Asia/Krasnoyarsk", + "usr/share/zoneinfo/Asia/Kuala_Lumpur", + "usr/share/zoneinfo/Asia/Kuching", + "usr/share/zoneinfo/Asia/Kuwait", + "usr/share/zoneinfo/Asia/Macao", + "usr/share/zoneinfo/Asia/Macau", + "usr/share/zoneinfo/Asia/Magadan", + "usr/share/zoneinfo/Asia/Makassar", + "usr/share/zoneinfo/Asia/Manila", + "usr/share/zoneinfo/Asia/Muscat", + "usr/share/zoneinfo/Asia/Nicosia", + "usr/share/zoneinfo/Asia/Novokuznetsk", + "usr/share/zoneinfo/Asia/Novosibirsk", + "usr/share/zoneinfo/Asia/Omsk", + "usr/share/zoneinfo/Asia/Oral", + "usr/share/zoneinfo/Asia/Phnom_Penh", + "usr/share/zoneinfo/Asia/Pontianak", + "usr/share/zoneinfo/Asia/Pyongyang", + "usr/share/zoneinfo/Asia/Qatar", + "usr/share/zoneinfo/Asia/Qostanay", + "usr/share/zoneinfo/Asia/Qyzylorda", + "usr/share/zoneinfo/Asia/Rangoon", + "usr/share/zoneinfo/Asia/Riyadh", + "usr/share/zoneinfo/Asia/Saigon", + "usr/share/zoneinfo/Asia/Sakhalin", + "usr/share/zoneinfo/Asia/Samarkand", + "usr/share/zoneinfo/Asia/Seoul", + "usr/share/zoneinfo/Asia/Shanghai", + "usr/share/zoneinfo/Asia/Singapore", + "usr/share/zoneinfo/Asia/Srednekolymsk", + "usr/share/zoneinfo/Asia/Taipei", + "usr/share/zoneinfo/Asia/Tashkent", + "usr/share/zoneinfo/Asia/Tbilisi", + "usr/share/zoneinfo/Asia/Tehran", + "usr/share/zoneinfo/Asia/Tel_Aviv", + "usr/share/zoneinfo/Asia/Thimbu", + "usr/share/zoneinfo/Asia/Thimphu", + "usr/share/zoneinfo/Asia/Tokyo", + "usr/share/zoneinfo/Asia/Tomsk", + "usr/share/zoneinfo/Asia/Ujung_Pandang", + "usr/share/zoneinfo/Asia/Ulaanbaatar", + "usr/share/zoneinfo/Asia/Ulan_Bator", + "usr/share/zoneinfo/Asia/Urumqi", + "usr/share/zoneinfo/Asia/Ust-Nera", + "usr/share/zoneinfo/Asia/Vientiane", + "usr/share/zoneinfo/Asia/Vladivostok", + "usr/share/zoneinfo/Asia/Yakutsk", + "usr/share/zoneinfo/Asia/Yangon", + "usr/share/zoneinfo/Asia/Yekaterinburg", + "usr/share/zoneinfo/Asia/Yerevan", + "usr/share/zoneinfo/Atlantic/Azores", + "usr/share/zoneinfo/Atlantic/Bermuda", + "usr/share/zoneinfo/Atlantic/Canary", + "usr/share/zoneinfo/Atlantic/Cape_Verde", + "usr/share/zoneinfo/Atlantic/Faeroe", + "usr/share/zoneinfo/Atlantic/Faroe", + "usr/share/zoneinfo/Atlantic/Jan_Mayen", + "usr/share/zoneinfo/Atlantic/Madeira", + "usr/share/zoneinfo/Atlantic/Reykjavik", + "usr/share/zoneinfo/Atlantic/South_Georgia", + "usr/share/zoneinfo/Atlantic/St_Helena", + "usr/share/zoneinfo/Atlantic/Stanley", + "usr/share/zoneinfo/Australia/ACT", + "usr/share/zoneinfo/Australia/Adelaide", + "usr/share/zoneinfo/Australia/Brisbane", + "usr/share/zoneinfo/Australia/Broken_Hill", + "usr/share/zoneinfo/Australia/Canberra", + "usr/share/zoneinfo/Australia/Currie", + "usr/share/zoneinfo/Australia/Darwin", + "usr/share/zoneinfo/Australia/Eucla", + "usr/share/zoneinfo/Australia/Hobart", + "usr/share/zoneinfo/Australia/LHI", + "usr/share/zoneinfo/Australia/Lindeman", + "usr/share/zoneinfo/Australia/Lord_Howe", + "usr/share/zoneinfo/Australia/Melbourne", + "usr/share/zoneinfo/Australia/NSW", + "usr/share/zoneinfo/Australia/North", + "usr/share/zoneinfo/Australia/Perth", + "usr/share/zoneinfo/Australia/Queensland", + "usr/share/zoneinfo/Australia/South", + "usr/share/zoneinfo/Australia/Sydney", + "usr/share/zoneinfo/Australia/Tasmania", + "usr/share/zoneinfo/Australia/Victoria", + "usr/share/zoneinfo/Australia/West", + "usr/share/zoneinfo/Australia/Yancowinna", + "usr/share/zoneinfo/Brazil/Acre", + "usr/share/zoneinfo/Brazil/DeNoronha", + "usr/share/zoneinfo/Brazil/East", + "usr/share/zoneinfo/Brazil/West", + "usr/share/zoneinfo/Canada/Atlantic", + "usr/share/zoneinfo/Canada/Central", + "usr/share/zoneinfo/Canada/Eastern", + "usr/share/zoneinfo/Canada/Mountain", + "usr/share/zoneinfo/Canada/Newfoundland", + "usr/share/zoneinfo/Canada/Pacific", + "usr/share/zoneinfo/Canada/Saskatchewan", + "usr/share/zoneinfo/Canada/Yukon", + "usr/share/zoneinfo/Chile/Continental", + "usr/share/zoneinfo/Chile/EasterIsland", + "usr/share/zoneinfo/Etc/GMT", + "usr/share/zoneinfo/Etc/GMT+0", + "usr/share/zoneinfo/Etc/GMT+1", + "usr/share/zoneinfo/Etc/GMT+10", + "usr/share/zoneinfo/Etc/GMT+11", + "usr/share/zoneinfo/Etc/GMT+12", + "usr/share/zoneinfo/Etc/GMT+2", + "usr/share/zoneinfo/Etc/GMT+3", + "usr/share/zoneinfo/Etc/GMT+4", + "usr/share/zoneinfo/Etc/GMT+5", + "usr/share/zoneinfo/Etc/GMT+6", + "usr/share/zoneinfo/Etc/GMT+7", + "usr/share/zoneinfo/Etc/GMT+8", + "usr/share/zoneinfo/Etc/GMT+9", + "usr/share/zoneinfo/Etc/GMT-0", + "usr/share/zoneinfo/Etc/GMT-1", + "usr/share/zoneinfo/Etc/GMT-10", + "usr/share/zoneinfo/Etc/GMT-11", + "usr/share/zoneinfo/Etc/GMT-12", + "usr/share/zoneinfo/Etc/GMT-13", + "usr/share/zoneinfo/Etc/GMT-14", + "usr/share/zoneinfo/Etc/GMT-2", + "usr/share/zoneinfo/Etc/GMT-3", + "usr/share/zoneinfo/Etc/GMT-4", + "usr/share/zoneinfo/Etc/GMT-5", + "usr/share/zoneinfo/Etc/GMT-6", + "usr/share/zoneinfo/Etc/GMT-7", + "usr/share/zoneinfo/Etc/GMT-8", + "usr/share/zoneinfo/Etc/GMT-9", + "usr/share/zoneinfo/Etc/GMT0", + "usr/share/zoneinfo/Etc/Greenwich", + "usr/share/zoneinfo/Etc/UCT", + "usr/share/zoneinfo/Etc/UTC", + "usr/share/zoneinfo/Etc/Universal", + "usr/share/zoneinfo/Etc/Zulu", + "usr/share/zoneinfo/Europe/Amsterdam", + "usr/share/zoneinfo/Europe/Andorra", + "usr/share/zoneinfo/Europe/Astrakhan", + "usr/share/zoneinfo/Europe/Athens", + "usr/share/zoneinfo/Europe/Belfast", + "usr/share/zoneinfo/Europe/Belgrade", + "usr/share/zoneinfo/Europe/Berlin", + "usr/share/zoneinfo/Europe/Bratislava", + "usr/share/zoneinfo/Europe/Brussels", + "usr/share/zoneinfo/Europe/Bucharest", + "usr/share/zoneinfo/Europe/Budapest", + "usr/share/zoneinfo/Europe/Busingen", + "usr/share/zoneinfo/Europe/Chisinau", + "usr/share/zoneinfo/Europe/Copenhagen", + "usr/share/zoneinfo/Europe/Dublin", + "usr/share/zoneinfo/Europe/Gibraltar", + "usr/share/zoneinfo/Europe/Guernsey", + "usr/share/zoneinfo/Europe/Helsinki", + "usr/share/zoneinfo/Europe/Isle_of_Man", + "usr/share/zoneinfo/Europe/Istanbul", + "usr/share/zoneinfo/Europe/Jersey", + "usr/share/zoneinfo/Europe/Kaliningrad", + "usr/share/zoneinfo/Europe/Kiev", + "usr/share/zoneinfo/Europe/Kirov", + "usr/share/zoneinfo/Europe/Kyiv", + "usr/share/zoneinfo/Europe/Lisbon", + "usr/share/zoneinfo/Europe/Ljubljana", + "usr/share/zoneinfo/Europe/London", + "usr/share/zoneinfo/Europe/Luxembourg", + "usr/share/zoneinfo/Europe/Madrid", + "usr/share/zoneinfo/Europe/Malta", + "usr/share/zoneinfo/Europe/Mariehamn", + "usr/share/zoneinfo/Europe/Minsk", + "usr/share/zoneinfo/Europe/Monaco", + "usr/share/zoneinfo/Europe/Moscow", + "usr/share/zoneinfo/Europe/Nicosia", + "usr/share/zoneinfo/Europe/Oslo", + "usr/share/zoneinfo/Europe/Paris", + "usr/share/zoneinfo/Europe/Podgorica", + "usr/share/zoneinfo/Europe/Prague", + "usr/share/zoneinfo/Europe/Riga", + "usr/share/zoneinfo/Europe/Rome", + "usr/share/zoneinfo/Europe/Samara", + "usr/share/zoneinfo/Europe/San_Marino", + "usr/share/zoneinfo/Europe/Sarajevo", + "usr/share/zoneinfo/Europe/Saratov", + "usr/share/zoneinfo/Europe/Simferopol", + "usr/share/zoneinfo/Europe/Skopje", + "usr/share/zoneinfo/Europe/Sofia", + "usr/share/zoneinfo/Europe/Stockholm", + "usr/share/zoneinfo/Europe/Tallinn", + "usr/share/zoneinfo/Europe/Tirane", + "usr/share/zoneinfo/Europe/Tiraspol", + "usr/share/zoneinfo/Europe/Ulyanovsk", + "usr/share/zoneinfo/Europe/Uzhgorod", + "usr/share/zoneinfo/Europe/Vaduz", + "usr/share/zoneinfo/Europe/Vatican", + "usr/share/zoneinfo/Europe/Vienna", + "usr/share/zoneinfo/Europe/Vilnius", + "usr/share/zoneinfo/Europe/Volgograd", + "usr/share/zoneinfo/Europe/Warsaw", + "usr/share/zoneinfo/Europe/Zagreb", + "usr/share/zoneinfo/Europe/Zaporozhye", + "usr/share/zoneinfo/Europe/Zurich", + "usr/share/zoneinfo/Indian/Antananarivo", + "usr/share/zoneinfo/Indian/Chagos", + "usr/share/zoneinfo/Indian/Christmas", + "usr/share/zoneinfo/Indian/Cocos", + "usr/share/zoneinfo/Indian/Comoro", + "usr/share/zoneinfo/Indian/Kerguelen", + "usr/share/zoneinfo/Indian/Mahe", + "usr/share/zoneinfo/Indian/Maldives", + "usr/share/zoneinfo/Indian/Mauritius", + "usr/share/zoneinfo/Indian/Mayotte", + "usr/share/zoneinfo/Indian/Reunion", + "usr/share/zoneinfo/Mexico/BajaNorte", + "usr/share/zoneinfo/Mexico/BajaSur", + "usr/share/zoneinfo/Mexico/General", + "usr/share/zoneinfo/Pacific/Apia", + "usr/share/zoneinfo/Pacific/Auckland", + "usr/share/zoneinfo/Pacific/Bougainville", + "usr/share/zoneinfo/Pacific/Chatham", + "usr/share/zoneinfo/Pacific/Chuuk", + "usr/share/zoneinfo/Pacific/Easter", + "usr/share/zoneinfo/Pacific/Efate", + "usr/share/zoneinfo/Pacific/Enderbury", + "usr/share/zoneinfo/Pacific/Fakaofo", + "usr/share/zoneinfo/Pacific/Fiji", + "usr/share/zoneinfo/Pacific/Funafuti", + "usr/share/zoneinfo/Pacific/Galapagos", + "usr/share/zoneinfo/Pacific/Gambier", + "usr/share/zoneinfo/Pacific/Guadalcanal", + "usr/share/zoneinfo/Pacific/Guam", + "usr/share/zoneinfo/Pacific/Honolulu", + "usr/share/zoneinfo/Pacific/Johnston", + "usr/share/zoneinfo/Pacific/Kanton", + "usr/share/zoneinfo/Pacific/Kiritimati", + "usr/share/zoneinfo/Pacific/Kosrae", + "usr/share/zoneinfo/Pacific/Kwajalein", + "usr/share/zoneinfo/Pacific/Majuro", + "usr/share/zoneinfo/Pacific/Marquesas", + "usr/share/zoneinfo/Pacific/Midway", + "usr/share/zoneinfo/Pacific/Nauru", + "usr/share/zoneinfo/Pacific/Niue", + "usr/share/zoneinfo/Pacific/Norfolk", + "usr/share/zoneinfo/Pacific/Noumea", + "usr/share/zoneinfo/Pacific/Pago_Pago", + "usr/share/zoneinfo/Pacific/Palau", + "usr/share/zoneinfo/Pacific/Pitcairn", + "usr/share/zoneinfo/Pacific/Pohnpei", + "usr/share/zoneinfo/Pacific/Ponape", + "usr/share/zoneinfo/Pacific/Port_Moresby", + "usr/share/zoneinfo/Pacific/Rarotonga", + "usr/share/zoneinfo/Pacific/Saipan", + "usr/share/zoneinfo/Pacific/Samoa", + "usr/share/zoneinfo/Pacific/Tahiti", + "usr/share/zoneinfo/Pacific/Tarawa", + "usr/share/zoneinfo/Pacific/Tongatapu", + "usr/share/zoneinfo/Pacific/Truk", + "usr/share/zoneinfo/Pacific/Wake", + "usr/share/zoneinfo/Pacific/Wallis", + "usr/share/zoneinfo/Pacific/Yap", + "usr/share/zoneinfo/US/Alaska", + "usr/share/zoneinfo/US/Aleutian", + "usr/share/zoneinfo/US/Arizona", + "usr/share/zoneinfo/US/Central", + "usr/share/zoneinfo/US/East-Indiana", + "usr/share/zoneinfo/US/Eastern", + "usr/share/zoneinfo/US/Hawaii", + "usr/share/zoneinfo/US/Indiana-Starke", + "usr/share/zoneinfo/US/Michigan", + "usr/share/zoneinfo/US/Mountain", + "usr/share/zoneinfo/US/Pacific", + "usr/share/zoneinfo/US/Samoa", + "usr/share/zoneinfo/right/CET", + "usr/share/zoneinfo/right/CST6CDT", + "usr/share/zoneinfo/right/Cuba", + "usr/share/zoneinfo/right/EET", + "usr/share/zoneinfo/right/EST", + "usr/share/zoneinfo/right/EST5EDT", + "usr/share/zoneinfo/right/Egypt", + "usr/share/zoneinfo/right/Eire", + "usr/share/zoneinfo/right/Factory", + "usr/share/zoneinfo/right/GB", + "usr/share/zoneinfo/right/GB-Eire", + "usr/share/zoneinfo/right/GMT", + "usr/share/zoneinfo/right/GMT+0", + "usr/share/zoneinfo/right/GMT-0", + "usr/share/zoneinfo/right/GMT0", + "usr/share/zoneinfo/right/Greenwich", + "usr/share/zoneinfo/right/HST", + "usr/share/zoneinfo/right/Hongkong", + "usr/share/zoneinfo/right/Iceland", + "usr/share/zoneinfo/right/Iran", + "usr/share/zoneinfo/right/Israel", + "usr/share/zoneinfo/right/Jamaica", + "usr/share/zoneinfo/right/Japan", + "usr/share/zoneinfo/right/Kwajalein", + "usr/share/zoneinfo/right/Libya", + "usr/share/zoneinfo/right/MET", + "usr/share/zoneinfo/right/MST", + "usr/share/zoneinfo/right/MST7MDT", + "usr/share/zoneinfo/right/NZ", + "usr/share/zoneinfo/right/NZ-CHAT", + "usr/share/zoneinfo/right/Navajo", + "usr/share/zoneinfo/right/PRC", + "usr/share/zoneinfo/right/PST8PDT", + "usr/share/zoneinfo/right/Poland", + "usr/share/zoneinfo/right/Portugal", + "usr/share/zoneinfo/right/ROC", + "usr/share/zoneinfo/right/ROK", + "usr/share/zoneinfo/right/Singapore", + "usr/share/zoneinfo/right/Turkey", + "usr/share/zoneinfo/right/UCT", + "usr/share/zoneinfo/right/UTC", + "usr/share/zoneinfo/right/Universal", + "usr/share/zoneinfo/right/W-SU", + "usr/share/zoneinfo/right/WET", + "usr/share/zoneinfo/right/Zulu", + "usr/share/zoneinfo/right/Africa/Abidjan", + "usr/share/zoneinfo/right/Africa/Accra", + "usr/share/zoneinfo/right/Africa/Addis_Ababa", + "usr/share/zoneinfo/right/Africa/Algiers", + "usr/share/zoneinfo/right/Africa/Asmara", + "usr/share/zoneinfo/right/Africa/Asmera", + "usr/share/zoneinfo/right/Africa/Bamako", + "usr/share/zoneinfo/right/Africa/Bangui", + "usr/share/zoneinfo/right/Africa/Banjul", + "usr/share/zoneinfo/right/Africa/Bissau", + "usr/share/zoneinfo/right/Africa/Blantyre", + "usr/share/zoneinfo/right/Africa/Brazzaville", + "usr/share/zoneinfo/right/Africa/Bujumbura", + "usr/share/zoneinfo/right/Africa/Cairo", + "usr/share/zoneinfo/right/Africa/Casablanca", + "usr/share/zoneinfo/right/Africa/Ceuta", + "usr/share/zoneinfo/right/Africa/Conakry", + "usr/share/zoneinfo/right/Africa/Dakar", + "usr/share/zoneinfo/right/Africa/Dar_es_Salaam", + "usr/share/zoneinfo/right/Africa/Djibouti", + "usr/share/zoneinfo/right/Africa/Douala", + "usr/share/zoneinfo/right/Africa/El_Aaiun", + "usr/share/zoneinfo/right/Africa/Freetown", + "usr/share/zoneinfo/right/Africa/Gaborone", + "usr/share/zoneinfo/right/Africa/Harare", + "usr/share/zoneinfo/right/Africa/Johannesburg", + "usr/share/zoneinfo/right/Africa/Juba", + "usr/share/zoneinfo/right/Africa/Kampala", + "usr/share/zoneinfo/right/Africa/Khartoum", + "usr/share/zoneinfo/right/Africa/Kigali", + "usr/share/zoneinfo/right/Africa/Kinshasa", + "usr/share/zoneinfo/right/Africa/Lagos", + "usr/share/zoneinfo/right/Africa/Libreville", + "usr/share/zoneinfo/right/Africa/Lome", + "usr/share/zoneinfo/right/Africa/Luanda", + "usr/share/zoneinfo/right/Africa/Lubumbashi", + "usr/share/zoneinfo/right/Africa/Lusaka", + "usr/share/zoneinfo/right/Africa/Malabo", + "usr/share/zoneinfo/right/Africa/Maputo", + "usr/share/zoneinfo/right/Africa/Maseru", + "usr/share/zoneinfo/right/Africa/Mbabane", + "usr/share/zoneinfo/right/Africa/Mogadishu", + "usr/share/zoneinfo/right/Africa/Monrovia", + "usr/share/zoneinfo/right/Africa/Nairobi", + "usr/share/zoneinfo/right/Africa/Ndjamena", + "usr/share/zoneinfo/right/Africa/Niamey", + "usr/share/zoneinfo/right/Africa/Nouakchott", + "usr/share/zoneinfo/right/Africa/Ouagadougou", + "usr/share/zoneinfo/right/Africa/Porto-Novo", + "usr/share/zoneinfo/right/Africa/Sao_Tome", + "usr/share/zoneinfo/right/Africa/Timbuktu", + "usr/share/zoneinfo/right/Africa/Tripoli", + "usr/share/zoneinfo/right/Africa/Tunis", + "usr/share/zoneinfo/right/Africa/Windhoek", + "usr/share/zoneinfo/right/America/Adak", + "usr/share/zoneinfo/right/America/Anchorage", + "usr/share/zoneinfo/right/America/Anguilla", + "usr/share/zoneinfo/right/America/Antigua", + "usr/share/zoneinfo/right/America/Araguaina", + "usr/share/zoneinfo/right/America/Aruba", + "usr/share/zoneinfo/right/America/Asuncion", + "usr/share/zoneinfo/right/America/Atikokan", + "usr/share/zoneinfo/right/America/Atka", + "usr/share/zoneinfo/right/America/Bahia", + "usr/share/zoneinfo/right/America/Bahia_Banderas", + "usr/share/zoneinfo/right/America/Barbados", + "usr/share/zoneinfo/right/America/Belem", + "usr/share/zoneinfo/right/America/Belize", + "usr/share/zoneinfo/right/America/Blanc-Sablon", + "usr/share/zoneinfo/right/America/Boa_Vista", + "usr/share/zoneinfo/right/America/Bogota", + "usr/share/zoneinfo/right/America/Boise", + "usr/share/zoneinfo/right/America/Buenos_Aires", + "usr/share/zoneinfo/right/America/Cambridge_Bay", + "usr/share/zoneinfo/right/America/Campo_Grande", + "usr/share/zoneinfo/right/America/Cancun", + "usr/share/zoneinfo/right/America/Caracas", + "usr/share/zoneinfo/right/America/Catamarca", + "usr/share/zoneinfo/right/America/Cayenne", + "usr/share/zoneinfo/right/America/Cayman", + "usr/share/zoneinfo/right/America/Chicago", + "usr/share/zoneinfo/right/America/Chihuahua", + "usr/share/zoneinfo/right/America/Coral_Harbour", + "usr/share/zoneinfo/right/America/Cordoba", + "usr/share/zoneinfo/right/America/Costa_Rica", + "usr/share/zoneinfo/right/America/Creston", + "usr/share/zoneinfo/right/America/Cuiaba", + "usr/share/zoneinfo/right/America/Curacao", + "usr/share/zoneinfo/right/America/Danmarkshavn", + "usr/share/zoneinfo/right/America/Dawson", + "usr/share/zoneinfo/right/America/Dawson_Creek", + "usr/share/zoneinfo/right/America/Denver", + "usr/share/zoneinfo/right/America/Detroit", + "usr/share/zoneinfo/right/America/Dominica", + "usr/share/zoneinfo/right/America/Edmonton", + "usr/share/zoneinfo/right/America/Eirunepe", + "usr/share/zoneinfo/right/America/El_Salvador", + "usr/share/zoneinfo/right/America/Ensenada", + "usr/share/zoneinfo/right/America/Fort_Nelson", + "usr/share/zoneinfo/right/America/Fort_Wayne", + "usr/share/zoneinfo/right/America/Fortaleza", + "usr/share/zoneinfo/right/America/Glace_Bay", + "usr/share/zoneinfo/right/America/Godthab", + "usr/share/zoneinfo/right/America/Goose_Bay", + "usr/share/zoneinfo/right/America/Grand_Turk", + "usr/share/zoneinfo/right/America/Grenada", + "usr/share/zoneinfo/right/America/Guadeloupe", + "usr/share/zoneinfo/right/America/Guatemala", + "usr/share/zoneinfo/right/America/Guayaquil", + "usr/share/zoneinfo/right/America/Guyana", + "usr/share/zoneinfo/right/America/Halifax", + "usr/share/zoneinfo/right/America/Havana", + "usr/share/zoneinfo/right/America/Hermosillo", + "usr/share/zoneinfo/right/America/Indianapolis", + "usr/share/zoneinfo/right/America/Inuvik", + "usr/share/zoneinfo/right/America/Iqaluit", + "usr/share/zoneinfo/right/America/Jamaica", + "usr/share/zoneinfo/right/America/Jujuy", + "usr/share/zoneinfo/right/America/Juneau", + "usr/share/zoneinfo/right/America/Knox_IN", + "usr/share/zoneinfo/right/America/Kralendijk", + "usr/share/zoneinfo/right/America/La_Paz", + "usr/share/zoneinfo/right/America/Lima", + "usr/share/zoneinfo/right/America/Los_Angeles", + "usr/share/zoneinfo/right/America/Louisville", + "usr/share/zoneinfo/right/America/Lower_Princes", + "usr/share/zoneinfo/right/America/Maceio", + "usr/share/zoneinfo/right/America/Managua", + "usr/share/zoneinfo/right/America/Manaus", + "usr/share/zoneinfo/right/America/Marigot", + "usr/share/zoneinfo/right/America/Martinique", + "usr/share/zoneinfo/right/America/Matamoros", + "usr/share/zoneinfo/right/America/Mazatlan", + "usr/share/zoneinfo/right/America/Mendoza", + "usr/share/zoneinfo/right/America/Menominee", + "usr/share/zoneinfo/right/America/Merida", + "usr/share/zoneinfo/right/America/Metlakatla", + "usr/share/zoneinfo/right/America/Mexico_City", + "usr/share/zoneinfo/right/America/Miquelon", + "usr/share/zoneinfo/right/America/Moncton", + "usr/share/zoneinfo/right/America/Monterrey", + "usr/share/zoneinfo/right/America/Montevideo", + "usr/share/zoneinfo/right/America/Montreal", + "usr/share/zoneinfo/right/America/Montserrat", + "usr/share/zoneinfo/right/America/Nassau", + "usr/share/zoneinfo/right/America/New_York", + "usr/share/zoneinfo/right/America/Nipigon", + "usr/share/zoneinfo/right/America/Nome", + "usr/share/zoneinfo/right/America/Noronha", + "usr/share/zoneinfo/right/America/Nuuk", + "usr/share/zoneinfo/right/America/Ojinaga", + "usr/share/zoneinfo/right/America/Panama", + "usr/share/zoneinfo/right/America/Pangnirtung", + "usr/share/zoneinfo/right/America/Paramaribo", + "usr/share/zoneinfo/right/America/Phoenix", + "usr/share/zoneinfo/right/America/Port-au-Prince", + "usr/share/zoneinfo/right/America/Port_of_Spain", + "usr/share/zoneinfo/right/America/Porto_Acre", + "usr/share/zoneinfo/right/America/Porto_Velho", + "usr/share/zoneinfo/right/America/Puerto_Rico", + "usr/share/zoneinfo/right/America/Punta_Arenas", + "usr/share/zoneinfo/right/America/Rainy_River", + "usr/share/zoneinfo/right/America/Rankin_Inlet", + "usr/share/zoneinfo/right/America/Recife", + "usr/share/zoneinfo/right/America/Regina", + "usr/share/zoneinfo/right/America/Resolute", + "usr/share/zoneinfo/right/America/Rio_Branco", + "usr/share/zoneinfo/right/America/Rosario", + "usr/share/zoneinfo/right/America/Santa_Isabel", + "usr/share/zoneinfo/right/America/Santarem", + "usr/share/zoneinfo/right/America/Santiago", + "usr/share/zoneinfo/right/America/Santo_Domingo", + "usr/share/zoneinfo/right/America/Sao_Paulo", + "usr/share/zoneinfo/right/America/Scoresbysund", + "usr/share/zoneinfo/right/America/Shiprock", + "usr/share/zoneinfo/right/America/Sitka", + "usr/share/zoneinfo/right/America/St_Barthelemy", + "usr/share/zoneinfo/right/America/St_Johns", + "usr/share/zoneinfo/right/America/St_Kitts", + "usr/share/zoneinfo/right/America/St_Lucia", + "usr/share/zoneinfo/right/America/St_Thomas", + "usr/share/zoneinfo/right/America/St_Vincent", + "usr/share/zoneinfo/right/America/Swift_Current", + "usr/share/zoneinfo/right/America/Tegucigalpa", + "usr/share/zoneinfo/right/America/Thule", + "usr/share/zoneinfo/right/America/Thunder_Bay", + "usr/share/zoneinfo/right/America/Tijuana", + "usr/share/zoneinfo/right/America/Toronto", + "usr/share/zoneinfo/right/America/Tortola", + "usr/share/zoneinfo/right/America/Vancouver", + "usr/share/zoneinfo/right/America/Virgin", + "usr/share/zoneinfo/right/America/Whitehorse", + "usr/share/zoneinfo/right/America/Winnipeg", + "usr/share/zoneinfo/right/America/Yakutat", + "usr/share/zoneinfo/right/America/Yellowknife", + "usr/share/zoneinfo/right/America/Argentina/Buenos_Aires", + "usr/share/zoneinfo/right/America/Argentina/Catamarca", + "usr/share/zoneinfo/right/America/Argentina/ComodRivadavia", + "usr/share/zoneinfo/right/America/Argentina/Cordoba", + "usr/share/zoneinfo/right/America/Argentina/Jujuy", + "usr/share/zoneinfo/right/America/Argentina/La_Rioja", + "usr/share/zoneinfo/right/America/Argentina/Mendoza", + "usr/share/zoneinfo/right/America/Argentina/Rio_Gallegos", + "usr/share/zoneinfo/right/America/Argentina/Salta", + "usr/share/zoneinfo/right/America/Argentina/San_Juan", + "usr/share/zoneinfo/right/America/Argentina/San_Luis", + "usr/share/zoneinfo/right/America/Argentina/Tucuman", + "usr/share/zoneinfo/right/America/Argentina/Ushuaia", + "usr/share/zoneinfo/right/America/Indiana/Indianapolis", + "usr/share/zoneinfo/right/America/Indiana/Knox", + "usr/share/zoneinfo/right/America/Indiana/Marengo", + "usr/share/zoneinfo/right/America/Indiana/Petersburg", + "usr/share/zoneinfo/right/America/Indiana/Tell_City", + "usr/share/zoneinfo/right/America/Indiana/Vevay", + "usr/share/zoneinfo/right/America/Indiana/Vincennes", + "usr/share/zoneinfo/right/America/Indiana/Winamac", + "usr/share/zoneinfo/right/America/Kentucky/Louisville", + "usr/share/zoneinfo/right/America/Kentucky/Monticello", + "usr/share/zoneinfo/right/America/North_Dakota/Beulah", + "usr/share/zoneinfo/right/America/North_Dakota/Center", + "usr/share/zoneinfo/right/America/North_Dakota/New_Salem", + "usr/share/zoneinfo/right/Antarctica/Casey", + "usr/share/zoneinfo/right/Antarctica/Davis", + "usr/share/zoneinfo/right/Antarctica/DumontDUrville", + "usr/share/zoneinfo/right/Antarctica/Macquarie", + "usr/share/zoneinfo/right/Antarctica/Mawson", + "usr/share/zoneinfo/right/Antarctica/McMurdo", + "usr/share/zoneinfo/right/Antarctica/Palmer", + "usr/share/zoneinfo/right/Antarctica/Rothera", + "usr/share/zoneinfo/right/Antarctica/South_Pole", + "usr/share/zoneinfo/right/Antarctica/Syowa", + "usr/share/zoneinfo/right/Antarctica/Troll", + "usr/share/zoneinfo/right/Antarctica/Vostok", + "usr/share/zoneinfo/right/Arctic/Longyearbyen", + "usr/share/zoneinfo/right/Asia/Aden", + "usr/share/zoneinfo/right/Asia/Almaty", + "usr/share/zoneinfo/right/Asia/Amman", + "usr/share/zoneinfo/right/Asia/Anadyr", + "usr/share/zoneinfo/right/Asia/Aqtau", + "usr/share/zoneinfo/right/Asia/Aqtobe", + "usr/share/zoneinfo/right/Asia/Ashgabat", + "usr/share/zoneinfo/right/Asia/Ashkhabad", + "usr/share/zoneinfo/right/Asia/Atyrau", + "usr/share/zoneinfo/right/Asia/Baghdad", + "usr/share/zoneinfo/right/Asia/Bahrain", + "usr/share/zoneinfo/right/Asia/Baku", + "usr/share/zoneinfo/right/Asia/Bangkok", + "usr/share/zoneinfo/right/Asia/Barnaul", + "usr/share/zoneinfo/right/Asia/Beirut", + "usr/share/zoneinfo/right/Asia/Bishkek", + "usr/share/zoneinfo/right/Asia/Brunei", + "usr/share/zoneinfo/right/Asia/Calcutta", + "usr/share/zoneinfo/right/Asia/Chita", + "usr/share/zoneinfo/right/Asia/Choibalsan", + "usr/share/zoneinfo/right/Asia/Chongqing", + "usr/share/zoneinfo/right/Asia/Chungking", + "usr/share/zoneinfo/right/Asia/Colombo", + "usr/share/zoneinfo/right/Asia/Dacca", + "usr/share/zoneinfo/right/Asia/Damascus", + "usr/share/zoneinfo/right/Asia/Dhaka", + "usr/share/zoneinfo/right/Asia/Dili", + "usr/share/zoneinfo/right/Asia/Dubai", + "usr/share/zoneinfo/right/Asia/Dushanbe", + "usr/share/zoneinfo/right/Asia/Famagusta", + "usr/share/zoneinfo/right/Asia/Gaza", + "usr/share/zoneinfo/right/Asia/Harbin", + "usr/share/zoneinfo/right/Asia/Hebron", + "usr/share/zoneinfo/right/Asia/Ho_Chi_Minh", + "usr/share/zoneinfo/right/Asia/Hong_Kong", + "usr/share/zoneinfo/right/Asia/Hovd", + "usr/share/zoneinfo/right/Asia/Irkutsk", + "usr/share/zoneinfo/right/Asia/Istanbul", + "usr/share/zoneinfo/right/Asia/Jakarta", + "usr/share/zoneinfo/right/Asia/Jayapura", + "usr/share/zoneinfo/right/Asia/Jerusalem", + "usr/share/zoneinfo/right/Asia/Kabul", + "usr/share/zoneinfo/right/Asia/Kamchatka", + "usr/share/zoneinfo/right/Asia/Karachi", + "usr/share/zoneinfo/right/Asia/Kashgar", + "usr/share/zoneinfo/right/Asia/Kathmandu", + "usr/share/zoneinfo/right/Asia/Katmandu", + "usr/share/zoneinfo/right/Asia/Khandyga", + "usr/share/zoneinfo/right/Asia/Kolkata", + "usr/share/zoneinfo/right/Asia/Krasnoyarsk", + "usr/share/zoneinfo/right/Asia/Kuala_Lumpur", + "usr/share/zoneinfo/right/Asia/Kuching", + "usr/share/zoneinfo/right/Asia/Kuwait", + "usr/share/zoneinfo/right/Asia/Macao", + "usr/share/zoneinfo/right/Asia/Macau", + "usr/share/zoneinfo/right/Asia/Magadan", + "usr/share/zoneinfo/right/Asia/Makassar", + "usr/share/zoneinfo/right/Asia/Manila", + "usr/share/zoneinfo/right/Asia/Muscat", + "usr/share/zoneinfo/right/Asia/Nicosia", + "usr/share/zoneinfo/right/Asia/Novokuznetsk", + "usr/share/zoneinfo/right/Asia/Novosibirsk", + "usr/share/zoneinfo/right/Asia/Omsk", + "usr/share/zoneinfo/right/Asia/Oral", + "usr/share/zoneinfo/right/Asia/Phnom_Penh", + "usr/share/zoneinfo/right/Asia/Pontianak", + "usr/share/zoneinfo/right/Asia/Pyongyang", + "usr/share/zoneinfo/right/Asia/Qatar", + "usr/share/zoneinfo/right/Asia/Qostanay", + "usr/share/zoneinfo/right/Asia/Qyzylorda", + "usr/share/zoneinfo/right/Asia/Rangoon", + "usr/share/zoneinfo/right/Asia/Riyadh", + "usr/share/zoneinfo/right/Asia/Saigon", + "usr/share/zoneinfo/right/Asia/Sakhalin", + "usr/share/zoneinfo/right/Asia/Samarkand", + "usr/share/zoneinfo/right/Asia/Seoul", + "usr/share/zoneinfo/right/Asia/Shanghai", + "usr/share/zoneinfo/right/Asia/Singapore", + "usr/share/zoneinfo/right/Asia/Srednekolymsk", + "usr/share/zoneinfo/right/Asia/Taipei", + "usr/share/zoneinfo/right/Asia/Tashkent", + "usr/share/zoneinfo/right/Asia/Tbilisi", + "usr/share/zoneinfo/right/Asia/Tehran", + "usr/share/zoneinfo/right/Asia/Tel_Aviv", + "usr/share/zoneinfo/right/Asia/Thimbu", + "usr/share/zoneinfo/right/Asia/Thimphu", + "usr/share/zoneinfo/right/Asia/Tokyo", + "usr/share/zoneinfo/right/Asia/Tomsk", + "usr/share/zoneinfo/right/Asia/Ujung_Pandang", + "usr/share/zoneinfo/right/Asia/Ulaanbaatar", + "usr/share/zoneinfo/right/Asia/Ulan_Bator", + "usr/share/zoneinfo/right/Asia/Urumqi", + "usr/share/zoneinfo/right/Asia/Ust-Nera", + "usr/share/zoneinfo/right/Asia/Vientiane", + "usr/share/zoneinfo/right/Asia/Vladivostok", + "usr/share/zoneinfo/right/Asia/Yakutsk", + "usr/share/zoneinfo/right/Asia/Yangon", + "usr/share/zoneinfo/right/Asia/Yekaterinburg", + "usr/share/zoneinfo/right/Asia/Yerevan", + "usr/share/zoneinfo/right/Atlantic/Azores", + "usr/share/zoneinfo/right/Atlantic/Bermuda", + "usr/share/zoneinfo/right/Atlantic/Canary", + "usr/share/zoneinfo/right/Atlantic/Cape_Verde", + "usr/share/zoneinfo/right/Atlantic/Faeroe", + "usr/share/zoneinfo/right/Atlantic/Faroe", + "usr/share/zoneinfo/right/Atlantic/Jan_Mayen", + "usr/share/zoneinfo/right/Atlantic/Madeira", + "usr/share/zoneinfo/right/Atlantic/Reykjavik", + "usr/share/zoneinfo/right/Atlantic/South_Georgia", + "usr/share/zoneinfo/right/Atlantic/St_Helena", + "usr/share/zoneinfo/right/Atlantic/Stanley", + "usr/share/zoneinfo/right/Australia/ACT", + "usr/share/zoneinfo/right/Australia/Adelaide", + "usr/share/zoneinfo/right/Australia/Brisbane", + "usr/share/zoneinfo/right/Australia/Broken_Hill", + "usr/share/zoneinfo/right/Australia/Canberra", + "usr/share/zoneinfo/right/Australia/Currie", + "usr/share/zoneinfo/right/Australia/Darwin", + "usr/share/zoneinfo/right/Australia/Eucla", + "usr/share/zoneinfo/right/Australia/Hobart", + "usr/share/zoneinfo/right/Australia/LHI", + "usr/share/zoneinfo/right/Australia/Lindeman", + "usr/share/zoneinfo/right/Australia/Lord_Howe", + "usr/share/zoneinfo/right/Australia/Melbourne", + "usr/share/zoneinfo/right/Australia/NSW", + "usr/share/zoneinfo/right/Australia/North", + "usr/share/zoneinfo/right/Australia/Perth", + "usr/share/zoneinfo/right/Australia/Queensland", + "usr/share/zoneinfo/right/Australia/South", + "usr/share/zoneinfo/right/Australia/Sydney", + "usr/share/zoneinfo/right/Australia/Tasmania", + "usr/share/zoneinfo/right/Australia/Victoria", + "usr/share/zoneinfo/right/Australia/West", + "usr/share/zoneinfo/right/Australia/Yancowinna", + "usr/share/zoneinfo/right/Brazil/Acre", + "usr/share/zoneinfo/right/Brazil/DeNoronha", + "usr/share/zoneinfo/right/Brazil/East", + "usr/share/zoneinfo/right/Brazil/West", + "usr/share/zoneinfo/right/Canada/Atlantic", + "usr/share/zoneinfo/right/Canada/Central", + "usr/share/zoneinfo/right/Canada/Eastern", + "usr/share/zoneinfo/right/Canada/Mountain", + "usr/share/zoneinfo/right/Canada/Newfoundland", + "usr/share/zoneinfo/right/Canada/Pacific", + "usr/share/zoneinfo/right/Canada/Saskatchewan", + "usr/share/zoneinfo/right/Canada/Yukon", + "usr/share/zoneinfo/right/Chile/Continental", + "usr/share/zoneinfo/right/Chile/EasterIsland", + "usr/share/zoneinfo/right/Etc/GMT", + "usr/share/zoneinfo/right/Etc/GMT+0", + "usr/share/zoneinfo/right/Etc/GMT+1", + "usr/share/zoneinfo/right/Etc/GMT+10", + "usr/share/zoneinfo/right/Etc/GMT+11", + "usr/share/zoneinfo/right/Etc/GMT+12", + "usr/share/zoneinfo/right/Etc/GMT+2", + "usr/share/zoneinfo/right/Etc/GMT+3", + "usr/share/zoneinfo/right/Etc/GMT+4", + "usr/share/zoneinfo/right/Etc/GMT+5", + "usr/share/zoneinfo/right/Etc/GMT+6", + "usr/share/zoneinfo/right/Etc/GMT+7", + "usr/share/zoneinfo/right/Etc/GMT+8", + "usr/share/zoneinfo/right/Etc/GMT+9", + "usr/share/zoneinfo/right/Etc/GMT-0", + "usr/share/zoneinfo/right/Etc/GMT-1", + "usr/share/zoneinfo/right/Etc/GMT-10", + "usr/share/zoneinfo/right/Etc/GMT-11", + "usr/share/zoneinfo/right/Etc/GMT-12", + "usr/share/zoneinfo/right/Etc/GMT-13", + "usr/share/zoneinfo/right/Etc/GMT-14", + "usr/share/zoneinfo/right/Etc/GMT-2", + "usr/share/zoneinfo/right/Etc/GMT-3", + "usr/share/zoneinfo/right/Etc/GMT-4", + "usr/share/zoneinfo/right/Etc/GMT-5", + "usr/share/zoneinfo/right/Etc/GMT-6", + "usr/share/zoneinfo/right/Etc/GMT-7", + "usr/share/zoneinfo/right/Etc/GMT-8", + "usr/share/zoneinfo/right/Etc/GMT-9", + "usr/share/zoneinfo/right/Etc/GMT0", + "usr/share/zoneinfo/right/Etc/Greenwich", + "usr/share/zoneinfo/right/Etc/UCT", + "usr/share/zoneinfo/right/Etc/UTC", + "usr/share/zoneinfo/right/Etc/Universal", + "usr/share/zoneinfo/right/Etc/Zulu", + "usr/share/zoneinfo/right/Europe/Amsterdam", + "usr/share/zoneinfo/right/Europe/Andorra", + "usr/share/zoneinfo/right/Europe/Astrakhan", + "usr/share/zoneinfo/right/Europe/Athens", + "usr/share/zoneinfo/right/Europe/Belfast", + "usr/share/zoneinfo/right/Europe/Belgrade", + "usr/share/zoneinfo/right/Europe/Berlin", + "usr/share/zoneinfo/right/Europe/Bratislava", + "usr/share/zoneinfo/right/Europe/Brussels", + "usr/share/zoneinfo/right/Europe/Bucharest", + "usr/share/zoneinfo/right/Europe/Budapest", + "usr/share/zoneinfo/right/Europe/Busingen", + "usr/share/zoneinfo/right/Europe/Chisinau", + "usr/share/zoneinfo/right/Europe/Copenhagen", + "usr/share/zoneinfo/right/Europe/Dublin", + "usr/share/zoneinfo/right/Europe/Gibraltar", + "usr/share/zoneinfo/right/Europe/Guernsey", + "usr/share/zoneinfo/right/Europe/Helsinki", + "usr/share/zoneinfo/right/Europe/Isle_of_Man", + "usr/share/zoneinfo/right/Europe/Istanbul", + "usr/share/zoneinfo/right/Europe/Jersey", + "usr/share/zoneinfo/right/Europe/Kaliningrad", + "usr/share/zoneinfo/right/Europe/Kiev", + "usr/share/zoneinfo/right/Europe/Kirov", + "usr/share/zoneinfo/right/Europe/Kyiv", + "usr/share/zoneinfo/right/Europe/Lisbon", + "usr/share/zoneinfo/right/Europe/Ljubljana", + "usr/share/zoneinfo/right/Europe/London", + "usr/share/zoneinfo/right/Europe/Luxembourg", + "usr/share/zoneinfo/right/Europe/Madrid", + "usr/share/zoneinfo/right/Europe/Malta", + "usr/share/zoneinfo/right/Europe/Mariehamn", + "usr/share/zoneinfo/right/Europe/Minsk", + "usr/share/zoneinfo/right/Europe/Monaco", + "usr/share/zoneinfo/right/Europe/Moscow", + "usr/share/zoneinfo/right/Europe/Nicosia", + "usr/share/zoneinfo/right/Europe/Oslo", + "usr/share/zoneinfo/right/Europe/Paris", + "usr/share/zoneinfo/right/Europe/Podgorica", + "usr/share/zoneinfo/right/Europe/Prague", + "usr/share/zoneinfo/right/Europe/Riga", + "usr/share/zoneinfo/right/Europe/Rome", + "usr/share/zoneinfo/right/Europe/Samara", + "usr/share/zoneinfo/right/Europe/San_Marino", + "usr/share/zoneinfo/right/Europe/Sarajevo", + "usr/share/zoneinfo/right/Europe/Saratov", + "usr/share/zoneinfo/right/Europe/Simferopol", + "usr/share/zoneinfo/right/Europe/Skopje", + "usr/share/zoneinfo/right/Europe/Sofia", + "usr/share/zoneinfo/right/Europe/Stockholm", + "usr/share/zoneinfo/right/Europe/Tallinn", + "usr/share/zoneinfo/right/Europe/Tirane", + "usr/share/zoneinfo/right/Europe/Tiraspol", + "usr/share/zoneinfo/right/Europe/Ulyanovsk", + "usr/share/zoneinfo/right/Europe/Uzhgorod", + "usr/share/zoneinfo/right/Europe/Vaduz", + "usr/share/zoneinfo/right/Europe/Vatican", + "usr/share/zoneinfo/right/Europe/Vienna", + "usr/share/zoneinfo/right/Europe/Vilnius", + "usr/share/zoneinfo/right/Europe/Volgograd", + "usr/share/zoneinfo/right/Europe/Warsaw", + "usr/share/zoneinfo/right/Europe/Zagreb", + "usr/share/zoneinfo/right/Europe/Zaporozhye", + "usr/share/zoneinfo/right/Europe/Zurich", + "usr/share/zoneinfo/right/Indian/Antananarivo", + "usr/share/zoneinfo/right/Indian/Chagos", + "usr/share/zoneinfo/right/Indian/Christmas", + "usr/share/zoneinfo/right/Indian/Cocos", + "usr/share/zoneinfo/right/Indian/Comoro", + "usr/share/zoneinfo/right/Indian/Kerguelen", + "usr/share/zoneinfo/right/Indian/Mahe", + "usr/share/zoneinfo/right/Indian/Maldives", + "usr/share/zoneinfo/right/Indian/Mauritius", + "usr/share/zoneinfo/right/Indian/Mayotte", + "usr/share/zoneinfo/right/Indian/Reunion", + "usr/share/zoneinfo/right/Mexico/BajaNorte", + "usr/share/zoneinfo/right/Mexico/BajaSur", + "usr/share/zoneinfo/right/Mexico/General", + "usr/share/zoneinfo/right/Pacific/Apia", + "usr/share/zoneinfo/right/Pacific/Auckland", + "usr/share/zoneinfo/right/Pacific/Bougainville", + "usr/share/zoneinfo/right/Pacific/Chatham", + "usr/share/zoneinfo/right/Pacific/Chuuk", + "usr/share/zoneinfo/right/Pacific/Easter", + "usr/share/zoneinfo/right/Pacific/Efate", + "usr/share/zoneinfo/right/Pacific/Enderbury", + "usr/share/zoneinfo/right/Pacific/Fakaofo", + "usr/share/zoneinfo/right/Pacific/Fiji", + "usr/share/zoneinfo/right/Pacific/Funafuti", + "usr/share/zoneinfo/right/Pacific/Galapagos", + "usr/share/zoneinfo/right/Pacific/Gambier", + "usr/share/zoneinfo/right/Pacific/Guadalcanal", + "usr/share/zoneinfo/right/Pacific/Guam", + "usr/share/zoneinfo/right/Pacific/Honolulu", + "usr/share/zoneinfo/right/Pacific/Johnston", + "usr/share/zoneinfo/right/Pacific/Kanton", + "usr/share/zoneinfo/right/Pacific/Kiritimati", + "usr/share/zoneinfo/right/Pacific/Kosrae", + "usr/share/zoneinfo/right/Pacific/Kwajalein", + "usr/share/zoneinfo/right/Pacific/Majuro", + "usr/share/zoneinfo/right/Pacific/Marquesas", + "usr/share/zoneinfo/right/Pacific/Midway", + "usr/share/zoneinfo/right/Pacific/Nauru", + "usr/share/zoneinfo/right/Pacific/Niue", + "usr/share/zoneinfo/right/Pacific/Norfolk", + "usr/share/zoneinfo/right/Pacific/Noumea", + "usr/share/zoneinfo/right/Pacific/Pago_Pago", + "usr/share/zoneinfo/right/Pacific/Palau", + "usr/share/zoneinfo/right/Pacific/Pitcairn", + "usr/share/zoneinfo/right/Pacific/Pohnpei", + "usr/share/zoneinfo/right/Pacific/Ponape", + "usr/share/zoneinfo/right/Pacific/Port_Moresby", + "usr/share/zoneinfo/right/Pacific/Rarotonga", + "usr/share/zoneinfo/right/Pacific/Saipan", + "usr/share/zoneinfo/right/Pacific/Samoa", + "usr/share/zoneinfo/right/Pacific/Tahiti", + "usr/share/zoneinfo/right/Pacific/Tarawa", + "usr/share/zoneinfo/right/Pacific/Tongatapu", + "usr/share/zoneinfo/right/Pacific/Truk", + "usr/share/zoneinfo/right/Pacific/Wake", + "usr/share/zoneinfo/right/Pacific/Wallis", + "usr/share/zoneinfo/right/Pacific/Yap", + "usr/share/zoneinfo/right/US/Alaska", + "usr/share/zoneinfo/right/US/Aleutian", + "usr/share/zoneinfo/right/US/Arizona", + "usr/share/zoneinfo/right/US/Central", + "usr/share/zoneinfo/right/US/East-Indiana", + "usr/share/zoneinfo/right/US/Eastern", + "usr/share/zoneinfo/right/US/Hawaii", + "usr/share/zoneinfo/right/US/Indiana-Starke", + "usr/share/zoneinfo/right/US/Michigan", + "usr/share/zoneinfo/right/US/Mountain", + "usr/share/zoneinfo/right/US/Pacific", + "usr/share/zoneinfo/right/US/Samoa" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "zlib@1.2.13-r0", + "Name": "zlib", + "Identifier": { + "PURL": "pkg:apk/alpine/zlib@1.2.13-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "1565fe2d821c716a" + }, + "Version": "1.2.13-r0", + "Arch": "x86_64", + "SrcName": "zlib", + "SrcVersion": "1.2.13-r0", + "Licenses": [ + "Zlib" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:ae39d74f4d65d4f0315e1794c5ee0e95d979ac59", + "InstalledFiles": [ + "lib/libz.so.1", + "lib/libz.so.1.2.13" + ], + "AnalyzedBy": "apk" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-42363", + "PkgID": "busybox@1.35.0-r29", + "PkgName": "busybox", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "63663e79f1d78cba" + }, + "InstalledVersion": "1.35.0-r29", + "FixedVersion": "1.35.0-r31", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42363", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:137ff178bcd2a5f630515ace41391dd6d5b151ca921dae7ec3506afd1adf7e79", + "Title": "busybox: use-after-free in awk", + "Description": "A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://lists.busybox.net/pipermail/busybox/2024-May/090760.html", + "https://access.redhat.com/security/cve/CVE-2023-42363", + "https://bugs.busybox.net/show_bug.cgi?id=15865", + "https://nvd.nist.gov/vuln/detail/CVE-2023-42363", + "https://ubuntu.com/security/notices/USN-6961-1", + "https://www.cve.org/CVERecord?id=CVE-2023-42363" + ], + "PublishedDate": "2023-11-27T22:15:07.94Z", + "LastModifiedDate": "2024-11-21T08:22:28.403Z" + }, + { + "VulnerabilityID": "CVE-2023-42364", + "PkgID": "busybox@1.35.0-r29", + "PkgName": "busybox", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "63663e79f1d78cba" + }, + "InstalledVersion": "1.35.0-r29", + "FixedVersion": "1.35.0-r31", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42364", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:8272d84f0a7c05ee5438d6438476f9ef1fffea0c127124f904ed427481a15b7a", + "Title": "busybox: use-after-free", + "Description": "A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://lists.busybox.net/pipermail/busybox/2024-May/090762.html", + "https://access.redhat.com/security/cve/CVE-2023-42364", + "https://bugs.busybox.net/show_bug.cgi?id=15868", + "https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/busybox/CVE-2023-42364-CVE-2023-42365.patch", + "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-42364", + "https://ubuntu.com/security/notices/USN-6961-1", + "https://www.cve.org/CVERecord?id=CVE-2023-42364" + ], + "PublishedDate": "2023-11-27T23:15:07.313Z", + "LastModifiedDate": "2025-11-03T21:16:01.17Z" + }, + { + "VulnerabilityID": "CVE-2023-42365", + "PkgID": "busybox@1.35.0-r29", + "PkgName": "busybox", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "63663e79f1d78cba" + }, + "InstalledVersion": "1.35.0-r29", + "FixedVersion": "1.35.0-r31", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42365", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:6e6b6e251633451cf3c4bec7399fc2ebe4aa68865b7e36913f394dfac29a1dfa", + "Title": "busybox: use-after-free", + "Description": "A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://lists.busybox.net/pipermail/busybox/2024-May/090762.html", + "https://access.redhat.com/security/cve/CVE-2023-42365", + "https://bugs.busybox.net/show_bug.cgi?id=15871", + "https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/busybox/CVE-2023-42364-CVE-2023-42365.patch", + "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-42365", + "https://ubuntu.com/security/notices/USN-6961-1", + "https://www.cve.org/CVERecord?id=CVE-2023-42365" + ], + "PublishedDate": "2023-11-27T23:15:07.373Z", + "LastModifiedDate": "2025-11-03T21:16:01.393Z" + }, + { + "VulnerabilityID": "CVE-2023-42366", + "PkgID": "busybox@1.35.0-r29", + "PkgName": "busybox", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "63663e79f1d78cba" + }, + "InstalledVersion": "1.35.0-r29", + "FixedVersion": "1.35.0-r30", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42366", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:615b398e19029f654d228e19075090fe1efa506523ff7e670b4c19241f4ffee7", + "Title": "busybox: A heap-buffer-overflow", + "Description": "A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-42366", + "https://bugs.busybox.net/show_bug.cgi?id=15874", + "https://nvd.nist.gov/vuln/detail/CVE-2023-42366", + "https://security.netapp.com/advisory/ntap-20241206-0007/", + "https://www.cve.org/CVERecord?id=CVE-2023-42366" + ], + "PublishedDate": "2023-11-27T23:15:07.42Z", + "LastModifiedDate": "2024-12-06T14:15:19.53Z" + }, + { + "VulnerabilityID": "CVE-2023-42363", + "PkgID": "busybox-binsh@1.35.0-r29", + "PkgName": "busybox-binsh", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "45c394fb49457fb2" + }, + "InstalledVersion": "1.35.0-r29", + "FixedVersion": "1.35.0-r31", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42363", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:621c482752dd822e488913d85fdfa0d31232e9844cc1aa4e0fb4fa181a6e7a7c", + "Title": "busybox: use-after-free in awk", + "Description": "A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://lists.busybox.net/pipermail/busybox/2024-May/090760.html", + "https://access.redhat.com/security/cve/CVE-2023-42363", + "https://bugs.busybox.net/show_bug.cgi?id=15865", + "https://nvd.nist.gov/vuln/detail/CVE-2023-42363", + "https://ubuntu.com/security/notices/USN-6961-1", + "https://www.cve.org/CVERecord?id=CVE-2023-42363" + ], + "PublishedDate": "2023-11-27T22:15:07.94Z", + "LastModifiedDate": "2024-11-21T08:22:28.403Z" + }, + { + "VulnerabilityID": "CVE-2023-42364", + "PkgID": "busybox-binsh@1.35.0-r29", + "PkgName": "busybox-binsh", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "45c394fb49457fb2" + }, + "InstalledVersion": "1.35.0-r29", + "FixedVersion": "1.35.0-r31", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42364", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:e9567f7f6523fd07f41456a306af9c7e75ff299072c654439daaaddd0ba56c6c", + "Title": "busybox: use-after-free", + "Description": "A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://lists.busybox.net/pipermail/busybox/2024-May/090762.html", + "https://access.redhat.com/security/cve/CVE-2023-42364", + "https://bugs.busybox.net/show_bug.cgi?id=15868", + "https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/busybox/CVE-2023-42364-CVE-2023-42365.patch", + "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-42364", + "https://ubuntu.com/security/notices/USN-6961-1", + "https://www.cve.org/CVERecord?id=CVE-2023-42364" + ], + "PublishedDate": "2023-11-27T23:15:07.313Z", + "LastModifiedDate": "2025-11-03T21:16:01.17Z" + }, + { + "VulnerabilityID": "CVE-2023-42365", + "PkgID": "busybox-binsh@1.35.0-r29", + "PkgName": "busybox-binsh", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "45c394fb49457fb2" + }, + "InstalledVersion": "1.35.0-r29", + "FixedVersion": "1.35.0-r31", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42365", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:518febeb07948d101e7eab1f39815bbd020325a1bdebb8a8425cbe554a0acbf6", + "Title": "busybox: use-after-free", + "Description": "A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://lists.busybox.net/pipermail/busybox/2024-May/090762.html", + "https://access.redhat.com/security/cve/CVE-2023-42365", + "https://bugs.busybox.net/show_bug.cgi?id=15871", + "https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/busybox/CVE-2023-42364-CVE-2023-42365.patch", + "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-42365", + "https://ubuntu.com/security/notices/USN-6961-1", + "https://www.cve.org/CVERecord?id=CVE-2023-42365" + ], + "PublishedDate": "2023-11-27T23:15:07.373Z", + "LastModifiedDate": "2025-11-03T21:16:01.393Z" + }, + { + "VulnerabilityID": "CVE-2023-42366", + "PkgID": "busybox-binsh@1.35.0-r29", + "PkgName": "busybox-binsh", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "45c394fb49457fb2" + }, + "InstalledVersion": "1.35.0-r29", + "FixedVersion": "1.35.0-r30", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42366", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:a0a53bc355c04705000f4ad707170d27723b21d02330c8b5860d3074b27c4734", + "Title": "busybox: A heap-buffer-overflow", + "Description": "A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-42366", + "https://bugs.busybox.net/show_bug.cgi?id=15874", + "https://nvd.nist.gov/vuln/detail/CVE-2023-42366", + "https://security.netapp.com/advisory/ntap-20241206-0007/", + "https://www.cve.org/CVERecord?id=CVE-2023-42366" + ], + "PublishedDate": "2023-11-27T23:15:07.42Z", + "LastModifiedDate": "2024-12-06T14:15:19.53Z" + }, + { + "VulnerabilityID": "CVE-2022-3996", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.7-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3996", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:10bde7a1066ae65c13325d797715658d43c9f868a802880d876d644b7160e480", + "Title": "openssl: double locking leads to denial of service", + "Description": "If an X.509 certificate contains a malformed policy constraint and\npolicy processing is enabled, then a write lock will be taken twice\nrecursively. On some operating systems (most widely: Windows) this\nresults in a denial of service when the affected process hangs. Policy\nprocessing being enabled on a publicly facing server is not considered\nto be a common setup.\n\nPolicy processing is enabled by passing the `-policy'\nargument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.\n\nUpdate (31 March 2023): The description of the policy processing enablement\nwas corrected based on CVE-2023-0466.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-667" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 3, + "ghsa": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V3Score": 7.5, + "V40Score": 8.7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-3996", + "https://github.com/alexcrichton/openssl-src-rs", + "https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7", + "https://nvd.nist.gov/vuln/detail/CVE-2022-3996", + "https://security.netapp.com/advisory/ntap-20230203-0003/", + "https://ubuntu.com/security/notices/USN-6039-1", + "https://www.cve.org/CVERecord?id=CVE-2022-3996", + "https://www.openssl.org/news/secadv/20221213.txt" + ], + "PublishedDate": "2022-12-13T16:15:22.007Z", + "LastModifiedDate": "2024-11-21T07:20:42.003Z" + }, + { + "VulnerabilityID": "CVE-2022-4450", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4450", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:32dc6959f898bb8912fa49d39bcc14d55cd7086f7a15c96e96bc4b2e1d9a330c", + "Title": "openssl: double free after calling PEM_read_bio_ex", + "Description": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and\ndecodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data.\nIf the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are\npopulated with pointers to buffers containing the relevant decoded data. The\ncaller is responsible for freeing those buffers. It is possible to construct a\nPEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()\nwill return a failure code but will populate the header argument with a pointer\nto a buffer that has already been freed. If the caller also frees this buffer\nthen a double free will occur. This will most likely lead to a crash. This\ncould be exploited by an attacker who has the ability to supply malicious PEM\nfiles for parsing to achieve a denial of service attack.\n\nThe functions PEM_read_bio() and PEM_read() are simple wrappers around\nPEM_read_bio_ex() and therefore these functions are also directly affected.\n\nThese functions are also called indirectly by a number of other OpenSSL\nfunctions including PEM_X509_INFO_read_bio_ex() and\nSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal\nuses of these functions are not vulnerable because the caller does not free the\nheader argument if PEM_read_bio_ex() returns a failure code. These locations\ninclude the PEM_read_bio_TYPE() functions as well as the decoders introduced in\nOpenSSL 3.0.\n\nThe OpenSSL asn1parse command line application is also impacted by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2165", + "https://access.redhat.com/security/cve/CVE-2022-4450", + "https://bugzilla.redhat.com/1960321", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-2165.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b", + "https://github.com/advisories/GHSA-v5w6-wcm8-jm4q", + "https://linux.oracle.com/cve/CVE-2022-4450.html", + "https://linux.oracle.com/errata/ELSA-2023-32791.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-4450", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0010.html", + "https://security.gentoo.org/glsa/202402-08", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://ubuntu.com/security/notices/USN-6564-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2022-4450", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:23.973Z", + "LastModifiedDate": "2025-11-04T20:16:15.06Z" + }, + { + "VulnerabilityID": "CVE-2023-0215", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0215", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:dbaea0fdb8bc24a428a0992102d2ac296edbbdaea86cdc9a6ec3fb3a073c5cd5", + "Title": "openssl: use-after-free following BIO_new_NDEF", + "Description": "The public API function BIO_new_NDEF is a helper function used for streaming\nASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\nSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\nend user applications.\n\nThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\nBIO onto the front of it to form a BIO chain, and then returns the new head of\nthe BIO chain to the caller. Under certain conditions, for example if a CMS\nrecipient public key is invalid, the new filter BIO is freed and the function\nreturns a NULL result indicating a failure. However, in this case, the BIO chain\nis not properly cleaned up and the BIO passed by the caller still retains\ninternal pointers to the previously freed filter BIO. If the caller then goes on\nto call BIO_pop() on the BIO then a use-after-free will occur. This will most\nlikely result in a crash.\n\n\n\nThis scenario occurs directly in the internal function B64_write_ASN1() which\nmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\nthe BIO. This internal function is in turn called by the public API functions\nPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\nSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.\n\nOther public API functions that may be impacted by this include\ni2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\ni2d_PKCS7_bio_stream.\n\nThe OpenSSL cms and smime command line applications are similarly affected.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2165", + "https://access.redhat.com/security/cve/CVE-2023-0215", + "https://bugzilla.redhat.com/1960321", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-2165.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344", + "https://github.com/advisories/GHSA-r7jw-wp68-3xch", + "https://linux.oracle.com/cve/CVE-2023-0215.html", + "https://linux.oracle.com/errata/ELSA-2023-32791.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0215", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0009.html", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230427-0007", + "https://security.netapp.com/advisory/ntap-20230427-0007/", + "https://security.netapp.com/advisory/ntap-20230427-0009", + "https://security.netapp.com/advisory/ntap-20230427-0009/", + "https://security.netapp.com/advisory/ntap-20240621-0006", + "https://security.netapp.com/advisory/ntap-20240621-0006/", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://ubuntu.com/security/notices/USN-5845-1", + "https://ubuntu.com/security/notices/USN-5845-2", + "https://ubuntu.com/security/notices/USN-6564-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0215", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:24.107Z", + "LastModifiedDate": "2025-11-04T20:16:15.847Z" + }, + { + "VulnerabilityID": "CVE-2023-0216", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0216", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ef5596e04d3268f7337138ce58c66f9e4fb4e62ac2967404bc99af6bcb0b18c7", + "Title": "openssl: invalid pointer dereference in d2i_PKCS7 functions", + "Description": "An invalid pointer dereference on read can be triggered when an\napplication tries to load malformed PKCS7 data with the\nd2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.\n\nThe result of the dereference is an application crash which could\nlead to a denial of service attack. The TLS implementation in OpenSSL\ndoes not call this function however third party applications might\ncall these functions on untrusted data.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0946", + "https://access.redhat.com/security/cve/CVE-2023-0216", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164488", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/2164497", + "https://bugzilla.redhat.com/2164499", + "https://bugzilla.redhat.com/2164500", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-0946.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6", + "https://linux.oracle.com/cve/CVE-2023-0216.html", + "https://linux.oracle.com/errata/ELSA-2023-12152.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0216", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0011.html", + "https://security.gentoo.org/glsa/202402-08", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0216", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:24.16Z", + "LastModifiedDate": "2025-11-04T20:16:16.043Z" + }, + { + "VulnerabilityID": "CVE-2023-0217", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0217", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:4741c0cfae27a4879a2121c808f1a4da126ddfd33c6fb7eb27365fa6c6a4fb18", + "Title": "openssl: NULL dereference validating DSA public key", + "Description": "An invalid pointer dereference on read can be triggered when an\napplication tries to check a malformed DSA public key by the\nEVP_PKEY_public_check() function. This will most likely lead\nto an application crash. This function can be called on public\nkeys supplied from untrusted sources which could allow an attacker\nto cause a denial of service attack.\n\nThe TLS implementation in OpenSSL does not call this function\nbut applications might call the function if there are additional\nsecurity requirements imposed by standards such as FIPS 140-3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0946", + "https://access.redhat.com/security/cve/CVE-2023-0217", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164488", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/2164497", + "https://bugzilla.redhat.com/2164499", + "https://bugzilla.redhat.com/2164500", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-0946.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096", + "https://linux.oracle.com/cve/CVE-2023-0217.html", + "https://linux.oracle.com/errata/ELSA-2023-12152.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0217", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0012.html", + "https://security.gentoo.org/glsa/202402-08", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0217", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:24.213Z", + "LastModifiedDate": "2025-11-04T20:16:16.197Z" + }, + { + "VulnerabilityID": "CVE-2023-0286", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0286", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:63acd88afaf3250a4b590fe0de36a69111fcaaa2113d4612158897a93a8ffd46", + "Title": "openssl: X.400 address type confusion in X.509 GeneralName", + "Description": "There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-843" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + }, + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7937", + "https://access.redhat.com/security/cve/CVE-2023-0286", + "https://access.redhat.com/security/cve/cve-2023-0286", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2025-7937.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt", + "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d", + "https://github.com/advisories/GHSA-x4qr-2fvf-3mr5", + "https://github.com/pyca/cryptography", + "https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5", + "https://linux.oracle.com/cve/CVE-2023-0286.html", + "https://linux.oracle.com/errata/ELSA-2025-7937.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0286", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0006.html", + "https://security.gentoo.org/glsa/202402-08", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://ubuntu.com/security/notices/USN-5845-1", + "https://ubuntu.com/security/notices/USN-5845-2", + "https://ubuntu.com/security/notices/USN-6564-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0286", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:24.267Z", + "LastModifiedDate": "2025-11-04T20:16:16.35Z" + }, + { + "VulnerabilityID": "CVE-2023-0401", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0401", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:56fa68c9fd45445e81ce51bda360c61574bcdc9b4086dea9a32dc8e88028e086", + "Title": "openssl: NULL dereference during PKCS7 data verification", + "Description": "A NULL pointer can be dereferenced when signatures are being\nverified on PKCS7 signed or signedAndEnveloped data. In case the hash\nalgorithm used for the signature is known to the OpenSSL library but\nthe implementation of the hash algorithm is not available the digest\ninitialization will fail. There is a missing check for the return\nvalue from the initialization function which later leads to invalid\nusage of the digest API most likely leading to a crash.\n\nThe unavailability of an algorithm can be caused by using FIPS\nenabled configuration of providers or more commonly by not loading\nthe legacy provider.\n\nPKCS7 data is processed by the SMIME library calls and also by the\ntime stamp (TS) library calls. The TLS implementation in OpenSSL does\nnot call these functions however third party applications would be\naffected if they call these functions to verify signatures on untrusted\ndata.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0946", + "https://access.redhat.com/security/cve/CVE-2023-0401", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164488", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/2164497", + "https://bugzilla.redhat.com/2164499", + "https://bugzilla.redhat.com/2164500", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-0946.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674", + "https://github.com/alexcrichton/openssl-src-rs", + "https://linux.oracle.com/cve/CVE-2023-0401.html", + "https://linux.oracle.com/errata/ELSA-2023-12152.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0401", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0013.html", + "https://security.gentoo.org/glsa/202402-08", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://ubuntu.com/security/notices/USN-6564-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0401", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:24.323Z", + "LastModifiedDate": "2025-11-04T20:16:16.527Z" + }, + { + "VulnerabilityID": "CVE-2023-0464", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0464", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:461bb3b307b4fe4b13cc129d5b6e7fc198da87a4ac6fedfef9eba6814b577d84", + "Title": "openssl: Denial of service by excessive resource usage in verifying X509 policy constraints", + "Description": "A security vulnerability has been identified in all supported versions\n\nof OpenSSL related to the verification of X.509 certificate chains\nthat include policy constraints. Attackers may be able to exploit this\nvulnerability by creating a malicious certificate chain that triggers\nexponential use of computational resources, leading to a denial-of-service\n(DoS) attack on affected systems.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3722", + "https://access.redhat.com/security/cve/CVE-2023-0464", + "https://bugzilla.redhat.com/2181082", + "https://bugzilla.redhat.com/2182561", + "https://bugzilla.redhat.com/2182565", + "https://bugzilla.redhat.com/2188461", + "https://bugzilla.redhat.com/2207947", + "https://errata.almalinux.org/9/ALSA-2023-3722.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1", + "https://github.com/advisories/GHSA-w2w6-xp88-5cvw", + "https://linux.oracle.com/cve/CVE-2023-0464.html", + "https://linux.oracle.com/errata/ELSA-2023-3722.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0464", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230406-0006", + "https://security.netapp.com/advisory/ntap-20230406-0006/", + "https://security.netapp.com/advisory/ntap-20240621-0006", + "https://security.netapp.com/advisory/ntap-20240621-0006/", + "https://ubuntu.com/security/notices/USN-6039-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.couchbase.com/alerts", + "https://www.couchbase.com/alerts/", + "https://www.cve.org/CVERecord?id=CVE-2023-0464", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230322.txt" + ], + "PublishedDate": "2023-03-22T17:15:13.13Z", + "LastModifiedDate": "2025-05-05T16:15:26.103Z" + }, + { + "VulnerabilityID": "CVE-2023-5363", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.12-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-5363", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:4eea907804afa4d9f649cb6df8442f44e541df9005e291a0a801cd2d19cdab9e", + "Title": "openssl: Incorrect cipher key and IV length processing", + "Description": "Issue summary: A bug has been identified in the processing of key and\ninitialisation vector (IV) lengths. This can lead to potential truncation\nor overruns during the initialisation of some symmetric ciphers.\n\nImpact summary: A truncation in the IV can result in non-uniqueness,\nwhich could result in loss of confidentiality for some cipher modes.\n\nWhen calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or\nEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after\nthe key and IV have been established. Any alterations to the key length,\nvia the \"keylen\" parameter or the IV length, via the \"ivlen\" parameter,\nwithin the OSSL_PARAM array will not take effect as intended, potentially\ncausing truncation or overreading of these values. The following ciphers\nand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.\n\nFor the CCM, GCM and OCB cipher modes, truncation of the IV can result in\nloss of confidentiality. For example, when following NIST's SP 800-38D\nsection 8.2.1 guidance for constructing a deterministic IV for AES in\nGCM mode, truncation of the counter portion could lead to IV reuse.\n\nBoth truncations and overruns of the key and overruns of the IV will\nproduce incorrect results and could, in some cases, trigger a memory\nexception. However, these issues are not currently assessed as security\ncritical.\n\nChanging the key and/or IV lengths is not considered to be a common operation\nand the vulnerable API was recently introduced. Furthermore it is likely that\napplication developers will have spotted this problem during testing since\ndecryption would fail unless both peers in the communication were similarly\nvulnerable. For these reasons we expect the probability of an application being\nvulnerable to this to be quite low. However if an application is vulnerable then\nthis issue is considered very serious. For these reasons we have assessed this\nissue as Moderate severity overall.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because\nthe issue lies outside of the FIPS provider boundary.\n\nOpenSSL 3.1 and 3.0 are vulnerable to this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-684" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/10/24/1", + "https://access.redhat.com/errata/RHSA-2024:0310", + "https://access.redhat.com/security/cve/CVE-2023-5363", + "https://bugzilla.redhat.com/2243839", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", + "https://cert-portal.siemens.com/productcert/html/ssa-277137.html", + "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", + "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", + "https://errata.almalinux.org/9/ALSA-2024-0310.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee", + "https://github.com/advisories/GHSA-xw78-pcr6-wrg8", + "https://linux.oracle.com/cve/CVE-2023-5363.html", + "https://linux.oracle.com/errata/ELSA-2024-12093.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-5363", + "https://security.netapp.com/advisory/ntap-20231027-0010", + "https://security.netapp.com/advisory/ntap-20231027-0010/", + "https://security.netapp.com/advisory/ntap-20240201-0003", + "https://security.netapp.com/advisory/ntap-20240201-0003/", + "https://security.netapp.com/advisory/ntap-20240201-0004", + "https://security.netapp.com/advisory/ntap-20240201-0004/", + "https://security.netapp.com/advisory/ntap-20241108-0002", + "https://security.netapp.com/advisory/ntap-20241108-0002/", + "https://ubuntu.com/security/notices/USN-6450-1", + "https://www.cve.org/CVERecord?id=CVE-2023-5363", + "https://www.debian.org/security/2023/dsa-5532", + "https://www.openssl.org/news/secadv/20231024.txt" + ], + "PublishedDate": "2023-10-25T18:17:43.613Z", + "LastModifiedDate": "2026-05-12T11:16:16.87Z" + }, + { + "VulnerabilityID": "CVE-2024-6119", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.15-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-6119", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:7c7cb5a5bd99bb0252b7ac1adf6ff05b0eb395a346aedc843535dc725a52f520", + "Title": "openssl: Possible denial of service in X.509 name checks", + "Description": "Issue summary: Applications performing certificate name checks (e.g., TLS\nclients checking server certificates) may attempt to read an invalid memory\naddress resulting in abnormal termination of the application process.\n\nImpact summary: Abnormal termination of an application can a cause a denial of\nservice.\n\nApplications performing certificate name checks (e.g., TLS clients checking\nserver certificates) may attempt to read an invalid memory address when\ncomparing the expected name with an `otherName` subject alternative name of an\nX.509 certificate. This may result in an exception that terminates the\napplication program.\n\nNote that basic certificate chain validation (signatures, dates, ...) is not\naffected, the denial of service can occur only when the application also\nspecifies an expected DNS name, Email address or IP address.\n\nTLS servers rarely solicit client certificates, and even when they do, they\ngenerally don't perform a name check against a reference identifier (expected\nidentity), but rather extract the presented identity after checking the\ncertificate chain. So TLS servers are generally not affected and the severity\nof the issue is Moderate.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-843" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/09/03/4", + "https://access.redhat.com/errata/RHSA-2024:8935", + "https://access.redhat.com/security/cve/CVE-2024-6119", + "https://bugzilla.redhat.com/2306158", + "https://bugzilla.redhat.com/show_bug.cgi?id=2306158", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-613116.html", + "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6119", + "https://errata.almalinux.org/9/ALSA-2024-8935.html", + "https://errata.rockylinux.org/RLSA-2024:6783", + "https://github.com/advisories/GHSA-7m4m-pwhv-49c5", + "https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f", + "https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6", + "https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2", + "https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0", + "https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj", + "https://linux.oracle.com/cve/CVE-2024-6119.html", + "https://linux.oracle.com/errata/ELSA-2024-8935.html", + "https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-6119", + "https://openssl-library.org/news/secadv/20240903.txt", + "https://security.netapp.com/advisory/ntap-20240912-0001", + "https://security.netapp.com/advisory/ntap-20240912-0001/", + "https://ubuntu.com/security/notices/USN-6986-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2024-6119" + ], + "PublishedDate": "2024-09-03T16:15:07.177Z", + "LastModifiedDate": "2026-05-12T12:17:20.647Z" + }, + { + "VulnerabilityID": "CVE-2025-15467", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.19-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:811819248bd346b7ded1a9b5ac45e6387f5c121b361753c2ef71137978209848", + "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", + "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 4, + "julia": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6", + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-15467", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", + "https://github.com/guiimoraes/CVE-2025-15467", + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://linux.oracle.com/cve/CVE-2025-15467.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-15467" + ], + "PublishedDate": "2026-01-27T16:16:14.257Z", + "LastModifiedDate": "2026-05-07T18:12:43.253Z" + }, + { + "VulnerabilityID": "CVE-2025-69421", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.19-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:159afc701f235571ca34aa246d99c2c21c107a8dafd550271fb912fc3b9edc44", + "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", + "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-69421", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://linux.oracle.com/cve/CVE-2025-69421.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69421" + ], + "PublishedDate": "2026-01-27T16:16:34.437Z", + "LastModifiedDate": "2026-05-12T13:17:26.71Z" + }, + { + "VulnerabilityID": "CVE-2022-4203", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4203", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:c2349b4b1cc2cc0d30beb853657b2562e04ec1385e49a4a79c45fae836f1fd7a", + "Title": "openssl: read buffer overflow in X.509 certificate verification", + "Description": "A read buffer overrun can be triggered in X.509 certificate verification,\nspecifically in name constraint checking. Note that this occurs\nafter certificate chain signature verification and requires either a\nCA to have signed the malicious certificate or for the application to\ncontinue certificate verification despite failure to construct a path\nto a trusted issuer.\n\nThe read buffer overrun might result in a crash which could lead to\na denial of service attack. In theory it could also result in the disclosure\nof private memory contents (such as private keys, or sensitive plaintext)\nalthough we are not aware of any working exploit leading to memory\ncontents disclosure as of the time of release of this advisory.\n\nIn a TLS client, this can be triggered by connecting to a malicious\nserver. In a TLS server, this can be triggered if the server requests\nclient authentication and a malicious client connects.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "ghsa": 4, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 9.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0946", + "https://access.redhat.com/security/cve/CVE-2022-4203", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164488", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/2164497", + "https://bugzilla.redhat.com/2164499", + "https://bugzilla.redhat.com/2164500", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-0946.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c927a3492698c254637da836762f9b1f86cffabc", + "https://linux.oracle.com/cve/CVE-2022-4203.html", + "https://linux.oracle.com/errata/ELSA-2023-12152.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-4203", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0008.html", + "https://security.gentoo.org/glsa/202402-08", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://www.cve.org/CVERecord?id=CVE-2022-4203", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-24T15:15:11.98Z", + "LastModifiedDate": "2025-11-04T20:16:14.693Z" + }, + { + "VulnerabilityID": "CVE-2022-4304", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4304", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ca5c10e709a2da5196d6026efaeedc3e39a676f7b7136f2d2092435142a7f921", + "Title": "openssl: timing attack in RSA Decryption implementation", + "Description": "A timing based side channel exists in the OpenSSL RSA Decryption implementation\nwhich could be sufficient to recover a plaintext across a network in a\nBleichenbacher style attack. To achieve a successful decryption an attacker\nwould have to be able to send a very large number of trial messages for\ndecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,\nRSA-OEAP and RSASVE.\n\nFor example, in a TLS connection, RSA is commonly used by a client to send an\nencrypted pre-master secret to the server. An attacker that had observed a\ngenuine connection between a client and a server could use this flaw to send\ntrial messages to the server and record the time taken to process them. After a\nsufficiently large number of messages the attacker could recover the pre-master\nsecret used for the original connection and thus be able to decrypt the\napplication data sent over that connection.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-203" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + }, + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2165", + "https://access.redhat.com/security/cve/CVE-2022-4304", + "https://bugzilla.redhat.com/1960321", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-2165.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://github.com/advisories/GHSA-p52g-cm5j-mjv4", + "https://linux.oracle.com/cve/CVE-2022-4304.html", + "https://linux.oracle.com/errata/ELSA-2023-32791.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-4304", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0007.html", + "https://security.gentoo.org/glsa/202402-08", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://ubuntu.com/security/notices/USN-6564-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2022-4304", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:23.887Z", + "LastModifiedDate": "2025-11-04T20:16:14.897Z" + }, + { + "VulnerabilityID": "CVE-2023-0465", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0465", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:52ed5f91896343bee3d4b7e035ff0764016df2e8f32dae6a6f4fea3e166ecee2", + "Title": "openssl: Invalid certificate policies in leaf certificates are silently ignored", + "Description": "Applications that use a non-default option when verifying certificates may be\nvulnerable to an attack from a malicious CA to circumvent certain checks.\n\nInvalid certificate policies in leaf certificates are silently ignored by\nOpenSSL and other certificate policy checks are skipped for that certificate.\nA malicious CA could use this to deliberately assert invalid certificate policies\nin order to circumvent policy checking on the certificate altogether.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3722", + "https://access.redhat.com/security/cve/CVE-2023-0465", + "https://bugzilla.redhat.com/2181082", + "https://bugzilla.redhat.com/2182561", + "https://bugzilla.redhat.com/2182565", + "https://bugzilla.redhat.com/2188461", + "https://bugzilla.redhat.com/2207947", + "https://errata.almalinux.org/9/ALSA-2023-3722.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c", + "https://github.com/advisories/GHSA-77f3-6546-6rj7", + "https://linux.oracle.com/cve/CVE-2023-0465.html", + "https://linux.oracle.com/errata/ELSA-2023-3722.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0465", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230414-0001", + "https://security.netapp.com/advisory/ntap-20230414-0001/", + "https://ubuntu.com/security/notices/USN-6039-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0465", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230328.txt" + ], + "PublishedDate": "2023-03-28T15:15:06.82Z", + "LastModifiedDate": "2025-02-18T21:15:13.877Z" + }, + { + "VulnerabilityID": "CVE-2023-0466", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0466", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ba780eb34a2227e36f8c8b4b81d675705a7bf71af9ec98ed1d432dcc89303633", + "Title": "openssl: Certificate policy check not enabled", + "Description": "The function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\n\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\n\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\n\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/09/28/4", + "https://access.redhat.com/errata/RHSA-2023:3722", + "https://access.redhat.com/security/cve/CVE-2023-0466", + "https://bugzilla.redhat.com/2181082", + "https://bugzilla.redhat.com/2182561", + "https://bugzilla.redhat.com/2182565", + "https://bugzilla.redhat.com/2188461", + "https://bugzilla.redhat.com/2207947", + "https://errata.almalinux.org/9/ALSA-2023-3722.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061", + "https://github.com/advisories/GHSA-pxvj-4wx4-gv6w", + "https://linux.oracle.com/cve/CVE-2023-0466.html", + "https://linux.oracle.com/errata/ELSA-2023-3722.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0466", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230414-0001", + "https://security.netapp.com/advisory/ntap-20230414-0001/", + "https://ubuntu.com/security/notices/USN-6039-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0466", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230328.txt" + ], + "PublishedDate": "2023-03-28T15:15:06.88Z", + "LastModifiedDate": "2025-02-19T18:15:22.177Z" + }, + { + "VulnerabilityID": "CVE-2023-1255", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-1255", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:42f86951ca08ed0e659f02e3eeae71e10b1c7f78d2630833950893cb0a872f7d", + "Title": "openssl: Input buffer over-read in AES-XTS implementation on 64 bit ARM", + "Description": "Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM\nplatform contains a bug that could cause it to read past the input buffer,\nleading to a crash.\n\nImpact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM\nplatform can crash in rare circumstances. The AES-XTS algorithm is usually\nused for disk encryption.\n\nThe AES-XTS cipher decryption implementation for 64 bit ARM platform will read\npast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16\nbyte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext\nbuffer is unmapped, this will trigger a crash which results in a denial of\nservice.\n\nIf an attacker can control the size and location of the ciphertext buffer\nbeing decrypted by an application using AES-XTS on 64 bit ARM, the\napplication is affected. This is fairly unlikely making this issue\na Low severity one.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.1 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/04/20/13", + "https://access.redhat.com/errata/RHSA-2023:3722", + "https://access.redhat.com/security/cve/CVE-2023-1255", + "https://bugzilla.redhat.com/2181082", + "https://bugzilla.redhat.com/2182561", + "https://bugzilla.redhat.com/2182565", + "https://bugzilla.redhat.com/2188461", + "https://bugzilla.redhat.com/2207947", + "https://errata.almalinux.org/9/ALSA-2023-3722.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc2f61ad70971869b242fc1cb445b98bad50074a", + "https://github.com/advisories/GHSA-4wp2-xw7p-2gfx", + "https://linux.oracle.com/cve/CVE-2023-1255.html", + "https://linux.oracle.com/errata/ELSA-2023-3722.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-1255", + "https://security.netapp.com/advisory/ntap-20230908-0006/", + "https://ubuntu.com/security/notices/USN-6119-1", + "https://www.cve.org/CVERecord?id=CVE-2023-1255", + "https://www.openssl.org/news/secadv/20230419.txt", + "https://www.openssl.org/news/secadv/20230420.txt" + ], + "PublishedDate": "2023-04-20T17:15:06.883Z", + "LastModifiedDate": "2025-02-04T22:15:39.327Z" + }, + { + "VulnerabilityID": "CVE-2023-2650", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.9-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2650", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:db8405d450cb906bde57ccdb261306826eb867d33a9016705545694fde9fab61", + "Title": "openssl: Possible DoS translating ASN.1 object identifiers", + "Description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/05/30/1", + "https://access.redhat.com/errata/RHSA-2023:6330", + "https://access.redhat.com/security/cve/CVE-2023-2650", + "https://bugzilla.redhat.com/1858038", + "https://bugzilla.redhat.com/2207947", + "https://errata.almalinux.org/9/ALSA-2023-6330.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a", + "https://github.com/advisories/GHSA-gqxg-9vfr-p9cg", + "https://linux.oracle.com/cve/CVE-2023-2650.html", + "https://linux.oracle.com/errata/ELSA-2023-6330.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2650", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230703-0001/", + "https://security.netapp.com/advisory/ntap-20231027-0009/", + "https://ubuntu.com/security/notices/USN-6119-1", + "https://ubuntu.com/security/notices/USN-6188-1", + "https://ubuntu.com/security/notices/USN-6672-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-2650", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230530.txt" + ], + "PublishedDate": "2023-05-30T14:15:09.683Z", + "LastModifiedDate": "2025-03-19T16:15:21.89Z" + }, + { + "VulnerabilityID": "CVE-2023-2975", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.9-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2975", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:d217cf4c9a81bbfa5a676e83c071e25a89e5073390c0acc251517d841ac52d4e", + "Title": "openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries", + "Description": "Issue summary: The AES-SIV cipher implementation contains a bug that causes\nit to ignore empty associated data entries which are unauthenticated as\na consequence.\n\nImpact summary: Applications that use the AES-SIV algorithm and want to\nauthenticate empty data entries as associated data can be misled by removing,\nadding or reordering such empty entries as these are ignored by the OpenSSL\nimplementation. We are currently unaware of any such applications.\n\nThe AES-SIV algorithm allows for authentication of multiple associated\ndata entries along with the encryption. To authenticate empty data the\napplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with\nNULL pointer as the output buffer and 0 as the input buffer length.\nThe AES-SIV implementation in OpenSSL just returns success for such a call\ninstead of performing the associated data authentication operation.\nThe empty data thus will not be authenticated.\n\nAs this issue does not affect non-empty associated data authentication and\nwe expect it to be rare for an application to use empty associated data\nentries this is qualified as Low severity issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-354", + "CWE-287" + ], + "VendorSeverity": { + "alma": 1, + "amazon": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 1, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/07/15/1", + "http://www.openwall.com/lists/oss-security/2023/07/19/5", + "https://access.redhat.com/errata/RHSA-2024:2447", + "https://access.redhat.com/security/cve/CVE-2023-2975", + "https://bugzilla.redhat.com/2223016", + "https://bugzilla.redhat.com/2224962", + "https://bugzilla.redhat.com/2227852", + "https://bugzilla.redhat.com/2248616", + "https://bugzilla.redhat.com/2257571", + "https://bugzilla.redhat.com/2258502", + "https://bugzilla.redhat.com/2259944", + "https://errata.almalinux.org/9/ALSA-2024-2447.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc", + "https://github.com/advisories/GHSA-hpqg-7fjp-436p", + "https://linux.oracle.com/cve/CVE-2023-2975.html", + "https://linux.oracle.com/errata/ELSA-2024-2447.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2975", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230725-0004", + "https://security.netapp.com/advisory/ntap-20230725-0004/", + "https://ubuntu.com/security/notices/USN-6450-1", + "https://www.cve.org/CVERecord?id=CVE-2023-2975", + "https://www.openssl.org/news/secadv/20230714.txt" + ], + "PublishedDate": "2023-07-14T12:15:09.023Z", + "LastModifiedDate": "2025-04-23T17:16:32.467Z" + }, + { + "VulnerabilityID": "CVE-2023-3446", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.9-r3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3446", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:18f518d78e8c78b0839bdba171c36e6fe45872f3b876c3a9eab85d591d229de4", + "Title": "openssl: Excessive time spent checking DH keys and parameters", + "Description": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. One of those\nchecks confirms that the modulus ('p' parameter) is not too large. Trying to use\na very large modulus is slow and OpenSSL will not normally use a modulus which\nis over 10,000 bits in length.\n\nHowever the DH_check() function checks numerous aspects of the key or parameters\nthat have been supplied. Some of those checks use the supplied modulus value\neven if it has already been found to be too large.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulernable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the '-check' option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-606", + "CWE-1333" + ], + "VendorSeverity": { + "alma": 1, + "amazon": 3, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 1, + "photon": 2, + "redhat": 1, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/07/19/4", + "http://www.openwall.com/lists/oss-security/2023/07/19/5", + "http://www.openwall.com/lists/oss-security/2023/07/19/6", + "http://www.openwall.com/lists/oss-security/2023/07/31/1", + "http://www.openwall.com/lists/oss-security/2024/05/16/1", + "https://access.redhat.com/errata/RHSA-2024:2447", + "https://access.redhat.com/security/cve/CVE-2023-3446", + "https://bugzilla.redhat.com/2223016", + "https://bugzilla.redhat.com/2224962", + "https://bugzilla.redhat.com/2227852", + "https://bugzilla.redhat.com/2248616", + "https://bugzilla.redhat.com/2257571", + "https://bugzilla.redhat.com/2258502", + "https://bugzilla.redhat.com/2259944", + "https://bugzilla.redhat.com/show_bug.cgi?id=2224962", + "https://bugzilla.redhat.com/show_bug.cgi?id=2257582", + "https://bugzilla.redhat.com/show_bug.cgi?id=2257583", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258677", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258688", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258691", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258694", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258700", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36763", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36764", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45229", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45231", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45232", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45233", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45235", + "https://errata.almalinux.org/9/ALSA-2024-2447.html", + "https://errata.rockylinux.org/RLSA-2024:2264", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23", + "https://linux.oracle.com/cve/CVE-2023-3446.html", + "https://linux.oracle.com/errata/ELSA-2024-2447.html", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3446", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230803-0011/", + "https://ubuntu.com/security/notices/USN-6435-1", + "https://ubuntu.com/security/notices/USN-6435-2", + "https://ubuntu.com/security/notices/USN-6450-1", + "https://ubuntu.com/security/notices/USN-6709-1", + "https://ubuntu.com/security/notices/USN-7018-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3446", + "https://www.openssl.org/news/secadv/20230719.txt" + ], + "PublishedDate": "2023-07-19T12:15:10.003Z", + "LastModifiedDate": "2025-04-23T17:16:36.967Z" + }, + { + "VulnerabilityID": "CVE-2023-3817", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.10-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3817", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:b9e025ad75b22e285d0307215d8d25839e241b89fe5641023bae53a195a28b0b", + "Title": "OpenSSL: Excessive time spent checking DH q parameter value", + "Description": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-606", + "CWE-834" + ], + "VendorSeverity": { + "alma": 1, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 1, + "photon": 2, + "redhat": 1, + "rocky": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2023/Jul/43", + "http://www.openwall.com/lists/oss-security/2023/07/31/1", + "http://www.openwall.com/lists/oss-security/2023/09/22/11", + "http://www.openwall.com/lists/oss-security/2023/09/22/9", + "http://www.openwall.com/lists/oss-security/2023/11/06/2", + "https://access.redhat.com/errata/RHSA-2024:2447", + "https://access.redhat.com/security/cve/CVE-2023-3817", + "https://bugzilla.redhat.com/2223016", + "https://bugzilla.redhat.com/2224962", + "https://bugzilla.redhat.com/2227852", + "https://bugzilla.redhat.com/2248616", + "https://bugzilla.redhat.com/2257571", + "https://bugzilla.redhat.com/2258502", + "https://bugzilla.redhat.com/2259944", + "https://bugzilla.redhat.com/show_bug.cgi?id=2224962", + "https://bugzilla.redhat.com/show_bug.cgi?id=2227852", + "https://bugzilla.redhat.com/show_bug.cgi?id=2248616", + "https://bugzilla.redhat.com/show_bug.cgi?id=2270358", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5678", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2408", + "https://errata.almalinux.org/9/ALSA-2024-2447.html", + "https://errata.rockylinux.org/RLSA-2023:7877", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5", + "https://github.com/advisories/GHSA-c945-cqj5-wfv6", + "https://linux.oracle.com/cve/CVE-2023-3817.html", + "https://linux.oracle.com/errata/ELSA-2024-2447.html", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3817", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230818-0014", + "https://security.netapp.com/advisory/ntap-20230818-0014/", + "https://security.netapp.com/advisory/ntap-20231027-0008", + "https://security.netapp.com/advisory/ntap-20231027-0008/", + "https://security.netapp.com/advisory/ntap-20240621-0006", + "https://security.netapp.com/advisory/ntap-20240621-0006/", + "https://ubuntu.com/security/notices/USN-6435-1", + "https://ubuntu.com/security/notices/USN-6435-2", + "https://ubuntu.com/security/notices/USN-6450-1", + "https://ubuntu.com/security/notices/USN-6709-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3817", + "https://www.openssl.org/news/secadv/20230731.txt" + ], + "PublishedDate": "2023-07-31T16:15:10.497Z", + "LastModifiedDate": "2025-05-05T16:15:47.343Z" + }, + { + "VulnerabilityID": "CVE-2023-5678", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.12-r1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-5678", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:b4470fc33821ba2514083274cc7bb898452d335e9e766ebf6623b4e1a8d4c498", + "Title": "openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow", + "Description": "Issue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n\"-pubcheck\" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-606", + "CWE-754" + ], + "VendorSeverity": { + "alma": 1, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 1, + "photon": 2, + "redhat": 1, + "rocky": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/11/06/2", + "http://www.openwall.com/lists/oss-security/2024/03/11/1", + "https://access.redhat.com/errata/RHSA-2024:2447", + "https://access.redhat.com/security/cve/CVE-2023-5678", + "https://bugzilla.redhat.com/2223016", + "https://bugzilla.redhat.com/2224962", + "https://bugzilla.redhat.com/2227852", + "https://bugzilla.redhat.com/2248616", + "https://bugzilla.redhat.com/2257571", + "https://bugzilla.redhat.com/2258502", + "https://bugzilla.redhat.com/2259944", + "https://bugzilla.redhat.com/show_bug.cgi?id=2224962", + "https://bugzilla.redhat.com/show_bug.cgi?id=2227852", + "https://bugzilla.redhat.com/show_bug.cgi?id=2248616", + "https://bugzilla.redhat.com/show_bug.cgi?id=2270358", + "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", + "https://cert-portal.siemens.com/productcert/html/ssa-128433.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-277137.html", + "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", + "https://cert-portal.siemens.com/productcert/html/ssa-341067.html", + "https://cert-portal.siemens.com/productcert/html/ssa-398330.html", + "https://cert-portal.siemens.com/productcert/html/ssa-556635.html", + "https://cert-portal.siemens.com/productcert/html/ssa-613116.html", + "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", + "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", + "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5678", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2408", + "https://errata.almalinux.org/9/ALSA-2024-2447.html", + "https://errata.rockylinux.org/RLSA-2023:7877", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", + "https://github.com/advisories/GHSA-2cj7-mg3x-9mhq", + "https://linux.oracle.com/cve/CVE-2023-5678.html", + "https://linux.oracle.com/errata/ELSA-2024-2447.html", + "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html", + "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-5678", + "https://security.netapp.com/advisory/ntap-20231130-0010", + "https://security.netapp.com/advisory/ntap-20231130-0010/", + "https://ubuntu.com/security/notices/USN-6622-1", + "https://ubuntu.com/security/notices/USN-6632-1", + "https://ubuntu.com/security/notices/USN-6709-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-5678", + "https://www.openssl.org/news/secadv/20231106.txt" + ], + "PublishedDate": "2023-11-06T16:15:42.67Z", + "LastModifiedDate": "2026-05-12T11:16:17.123Z" + }, + { + "VulnerabilityID": "CVE-2023-6129", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.12-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-6129", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:c2446353807d01ebe3bdf89c198e076fe137670fa0eb216538b20419bbd81beb", + "Title": "openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC", + "Description": "Issue summary: The POLY1305 MAC (message authentication code) implementation\ncontains a bug that might corrupt the internal state of applications running\non PowerPC CPU based platforms if the CPU provides vector instructions.\n\nImpact summary: If an attacker can influence whether the POLY1305 MAC\nalgorithm is used, the application state might be corrupted with various\napplication dependent consequences.\n\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL for\nPowerPC CPUs restores the contents of vector registers in a different order\nthan they are saved. Thus the contents of some of these vector registers\nare corrupted when returning to the caller. The vulnerable code is used only\non newer PowerPC processors supporting the PowerISA 2.07 instructions.\n\nThe consequences of this kind of internal application state corruption can\nbe various - from no consequences, if the calling application does not\ndepend on the contents of non-volatile XMM registers at all, to the worst\nconsequences, where the attacker could get complete control of the application\nprocess. However unless the compiler uses the vector registers for storing\npointers, the most likely consequence, if any, would be an incorrect result\nof some application dependent calculations or a crash leading to a denial of\nservice.\n\nThe POLY1305 MAC algorithm is most frequently used as part of the\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\nversions 1.2 and 1.3. If this cipher is enabled on the server a malicious\nclient can influence whether this AEAD cipher is used. This implies that\nTLS server applications using OpenSSL can be potentially impacted. However\nwe are currently not aware of any concrete application that would be affected\nby this issue therefore we consider this a Low severity security issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-440", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 2, + "redhat": 1, + "rocky": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/01/09/1", + "http://www.openwall.com/lists/oss-security/2024/03/11/1", + "https://access.redhat.com/errata/RHSA-2024:9088", + "https://access.redhat.com/security/cve/CVE-2023-6129", + "https://bugzilla.redhat.com/2257571", + "https://bugzilla.redhat.com/2258502", + "https://bugzilla.redhat.com/2259944", + "https://bugzilla.redhat.com/2284243", + "https://bugzilla.redhat.com/show_bug.cgi?id=2257571", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258502", + "https://bugzilla.redhat.com/show_bug.cgi?id=2259944", + "https://bugzilla.redhat.com/show_bug.cgi?id=2284243", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", + "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", + "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6129", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6237", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1298", + "https://errata.almalinux.org/9/ALSA-2024-9088.html", + "https://errata.rockylinux.org/RLSA-2024:9088", + "https://github.com/advisories/GHSA-rj8q-prqp-jwfg", + "https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35", + "https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04", + "https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015", + "https://linux.oracle.com/cve/CVE-2023-6129.html", + "https://linux.oracle.com/errata/ELSA-2024-9088.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-6129", + "https://security.netapp.com/advisory/ntap-20240216-0009", + "https://security.netapp.com/advisory/ntap-20240216-0009/", + "https://security.netapp.com/advisory/ntap-20240426-0008", + "https://security.netapp.com/advisory/ntap-20240426-0008/", + "https://security.netapp.com/advisory/ntap-20240426-0013", + "https://security.netapp.com/advisory/ntap-20240426-0013/", + "https://security.netapp.com/advisory/ntap-20240503-0011", + "https://security.netapp.com/advisory/ntap-20240503-0011/", + "https://ubuntu.com/security/notices/USN-6622-1", + "https://www.cve.org/CVERecord?id=CVE-2023-6129", + "https://www.openssl.org/news/secadv/20240109.txt", + "https://www.openwall.com/lists/oss-security/2024/01/09/1" + ], + "PublishedDate": "2024-01-09T17:15:12.147Z", + "LastModifiedDate": "2026-05-12T11:16:17.563Z" + }, + { + "VulnerabilityID": "CVE-2024-0727", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.12-r4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-0727", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:46b83be43a22c4f4a3ae7620234fb589bf479b2fe9ad75040008280869c1aa90", + "Title": "openssl: denial of service via null dereference", + "Description": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 1, + "rocky": 2, + "ubuntu": 1 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/11/1", + "https://access.redhat.com/errata/RHSA-2024:9088", + "https://access.redhat.com/security/cve/CVE-2024-0727", + "https://bugzilla.redhat.com/2257571", + "https://bugzilla.redhat.com/2258502", + "https://bugzilla.redhat.com/2259944", + "https://bugzilla.redhat.com/2284243", + "https://bugzilla.redhat.com/show_bug.cgi?id=2257571", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258502", + "https://bugzilla.redhat.com/show_bug.cgi?id=2259944", + "https://bugzilla.redhat.com/show_bug.cgi?id=2284243", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-277137.html", + "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", + "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", + "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6129", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6237", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1298", + "https://errata.almalinux.org/9/ALSA-2024-9088.html", + "https://errata.rockylinux.org/RLSA-2024:9088", + "https://github.com/advisories/GHSA-9v9h-cgj8-h64p", + "https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2", + "https://github.com/github/advisory-database/pull/3472", + "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2", + "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a", + "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c", + "https://github.com/openssl/openssl/pull/23362", + "https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d", + "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8", + "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539", + "https://linux.oracle.com/cve/CVE-2024-0727.html", + "https://linux.oracle.com/errata/ELSA-2024-9088.html", + "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html", + "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-0727", + "https://security.netapp.com/advisory/ntap-20240208-0006", + "https://security.netapp.com/advisory/ntap-20240208-0006/", + "https://ubuntu.com/security/notices/USN-6622-1", + "https://ubuntu.com/security/notices/USN-6632-1", + "https://ubuntu.com/security/notices/USN-6709-1", + "https://ubuntu.com/security/notices/USN-7018-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2024-0727", + "https://www.openssl.org/news/secadv/20240125.txt" + ], + "PublishedDate": "2024-01-26T09:15:07.637Z", + "LastModifiedDate": "2026-05-12T12:16:16.567Z" + }, + { + "VulnerabilityID": "CVE-2025-69419", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.19-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:aacacbfd4dac79d085ac307b73e5efbc0cab7c5af5093b34af1103284b627dba", + "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", + "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4472", + "https://access.redhat.com/security/cve/CVE-2025-69419", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-4472.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-x77r-97gw-wh89", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://linux.oracle.com/cve/CVE-2025-69419.html", + "https://linux.oracle.com/errata/ELSA-2026-50131.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69419" + ], + "PublishedDate": "2026-01-27T16:16:34.113Z", + "LastModifiedDate": "2026-05-12T13:17:26.19Z" + }, + { + "VulnerabilityID": "CVE-2025-9230", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.19-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:9af34992240fabe114f6ee2b8ef8e974550d6d961d118742cde6862debe1b306", + "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", + "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://access.redhat.com/errata/RHSA-2026:2776", + "https://access.redhat.com/security/cve/CVE-2025-9230", + "https://bugzilla.redhat.com/2396054", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", + "https://errata.almalinux.org/9/ALSA-2026-2776.html", + "https://errata.rockylinux.org/RLSA-2025:21255", + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://linux.oracle.com/cve/CVE-2025-9230.html", + "https://linux.oracle.com/errata/ELSA-2026-50114.html", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9230" + ], + "PublishedDate": "2025-09-30T14:15:41.05Z", + "LastModifiedDate": "2026-05-12T13:17:29.767Z" + }, + { + "VulnerabilityID": "CVE-2022-3996", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.7-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3996", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:c521e9b16a4a958dab38c1647f1f5b3b101fcb3ddd8a70210f415278d10d7a09", + "Title": "openssl: double locking leads to denial of service", + "Description": "If an X.509 certificate contains a malformed policy constraint and\npolicy processing is enabled, then a write lock will be taken twice\nrecursively. On some operating systems (most widely: Windows) this\nresults in a denial of service when the affected process hangs. Policy\nprocessing being enabled on a publicly facing server is not considered\nto be a common setup.\n\nPolicy processing is enabled by passing the `-policy'\nargument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.\n\nUpdate (31 March 2023): The description of the policy processing enablement\nwas corrected based on CVE-2023-0466.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-667" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 3, + "ghsa": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V3Score": 7.5, + "V40Score": 8.7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-3996", + "https://github.com/alexcrichton/openssl-src-rs", + "https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7", + "https://nvd.nist.gov/vuln/detail/CVE-2022-3996", + "https://security.netapp.com/advisory/ntap-20230203-0003/", + "https://ubuntu.com/security/notices/USN-6039-1", + "https://www.cve.org/CVERecord?id=CVE-2022-3996", + "https://www.openssl.org/news/secadv/20221213.txt" + ], + "PublishedDate": "2022-12-13T16:15:22.007Z", + "LastModifiedDate": "2024-11-21T07:20:42.003Z" + }, + { + "VulnerabilityID": "CVE-2022-4450", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4450", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:e74ef67483321d454c4280e88d696ca3567fe79aed2a61c673096e9f61ebedc7", + "Title": "openssl: double free after calling PEM_read_bio_ex", + "Description": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and\ndecodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data.\nIf the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are\npopulated with pointers to buffers containing the relevant decoded data. The\ncaller is responsible for freeing those buffers. It is possible to construct a\nPEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()\nwill return a failure code but will populate the header argument with a pointer\nto a buffer that has already been freed. If the caller also frees this buffer\nthen a double free will occur. This will most likely lead to a crash. This\ncould be exploited by an attacker who has the ability to supply malicious PEM\nfiles for parsing to achieve a denial of service attack.\n\nThe functions PEM_read_bio() and PEM_read() are simple wrappers around\nPEM_read_bio_ex() and therefore these functions are also directly affected.\n\nThese functions are also called indirectly by a number of other OpenSSL\nfunctions including PEM_X509_INFO_read_bio_ex() and\nSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal\nuses of these functions are not vulnerable because the caller does not free the\nheader argument if PEM_read_bio_ex() returns a failure code. These locations\ninclude the PEM_read_bio_TYPE() functions as well as the decoders introduced in\nOpenSSL 3.0.\n\nThe OpenSSL asn1parse command line application is also impacted by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2165", + "https://access.redhat.com/security/cve/CVE-2022-4450", + "https://bugzilla.redhat.com/1960321", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-2165.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b", + "https://github.com/advisories/GHSA-v5w6-wcm8-jm4q", + "https://linux.oracle.com/cve/CVE-2022-4450.html", + "https://linux.oracle.com/errata/ELSA-2023-32791.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-4450", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0010.html", + "https://security.gentoo.org/glsa/202402-08", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://ubuntu.com/security/notices/USN-6564-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2022-4450", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:23.973Z", + "LastModifiedDate": "2025-11-04T20:16:15.06Z" + }, + { + "VulnerabilityID": "CVE-2023-0215", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0215", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:392f9688e7ed5b359fb574c7ca196ea6e72759c6506f484e0b7dd53e82563c16", + "Title": "openssl: use-after-free following BIO_new_NDEF", + "Description": "The public API function BIO_new_NDEF is a helper function used for streaming\nASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\nSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\nend user applications.\n\nThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\nBIO onto the front of it to form a BIO chain, and then returns the new head of\nthe BIO chain to the caller. Under certain conditions, for example if a CMS\nrecipient public key is invalid, the new filter BIO is freed and the function\nreturns a NULL result indicating a failure. However, in this case, the BIO chain\nis not properly cleaned up and the BIO passed by the caller still retains\ninternal pointers to the previously freed filter BIO. If the caller then goes on\nto call BIO_pop() on the BIO then a use-after-free will occur. This will most\nlikely result in a crash.\n\n\n\nThis scenario occurs directly in the internal function B64_write_ASN1() which\nmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\nthe BIO. This internal function is in turn called by the public API functions\nPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\nSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.\n\nOther public API functions that may be impacted by this include\ni2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\ni2d_PKCS7_bio_stream.\n\nThe OpenSSL cms and smime command line applications are similarly affected.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2165", + "https://access.redhat.com/security/cve/CVE-2023-0215", + "https://bugzilla.redhat.com/1960321", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-2165.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344", + "https://github.com/advisories/GHSA-r7jw-wp68-3xch", + "https://linux.oracle.com/cve/CVE-2023-0215.html", + "https://linux.oracle.com/errata/ELSA-2023-32791.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0215", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0009.html", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230427-0007", + "https://security.netapp.com/advisory/ntap-20230427-0007/", + "https://security.netapp.com/advisory/ntap-20230427-0009", + "https://security.netapp.com/advisory/ntap-20230427-0009/", + "https://security.netapp.com/advisory/ntap-20240621-0006", + "https://security.netapp.com/advisory/ntap-20240621-0006/", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://ubuntu.com/security/notices/USN-5845-1", + "https://ubuntu.com/security/notices/USN-5845-2", + "https://ubuntu.com/security/notices/USN-6564-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0215", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:24.107Z", + "LastModifiedDate": "2025-11-04T20:16:15.847Z" + }, + { + "VulnerabilityID": "CVE-2023-0216", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0216", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:255fc55b5c458369ee489fc9f8cd7d23bda6f0f4dae6be569e435846e2ca049b", + "Title": "openssl: invalid pointer dereference in d2i_PKCS7 functions", + "Description": "An invalid pointer dereference on read can be triggered when an\napplication tries to load malformed PKCS7 data with the\nd2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.\n\nThe result of the dereference is an application crash which could\nlead to a denial of service attack. The TLS implementation in OpenSSL\ndoes not call this function however third party applications might\ncall these functions on untrusted data.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0946", + "https://access.redhat.com/security/cve/CVE-2023-0216", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164488", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/2164497", + "https://bugzilla.redhat.com/2164499", + "https://bugzilla.redhat.com/2164500", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-0946.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6", + "https://linux.oracle.com/cve/CVE-2023-0216.html", + "https://linux.oracle.com/errata/ELSA-2023-12152.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0216", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0011.html", + "https://security.gentoo.org/glsa/202402-08", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0216", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:24.16Z", + "LastModifiedDate": "2025-11-04T20:16:16.043Z" + }, + { + "VulnerabilityID": "CVE-2023-0217", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0217", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:486e4e8ecccc52e35126714cf099e3efe98b4c68552565fef6a469b1bd77c89c", + "Title": "openssl: NULL dereference validating DSA public key", + "Description": "An invalid pointer dereference on read can be triggered when an\napplication tries to check a malformed DSA public key by the\nEVP_PKEY_public_check() function. This will most likely lead\nto an application crash. This function can be called on public\nkeys supplied from untrusted sources which could allow an attacker\nto cause a denial of service attack.\n\nThe TLS implementation in OpenSSL does not call this function\nbut applications might call the function if there are additional\nsecurity requirements imposed by standards such as FIPS 140-3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0946", + "https://access.redhat.com/security/cve/CVE-2023-0217", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164488", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/2164497", + "https://bugzilla.redhat.com/2164499", + "https://bugzilla.redhat.com/2164500", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-0946.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096", + "https://linux.oracle.com/cve/CVE-2023-0217.html", + "https://linux.oracle.com/errata/ELSA-2023-12152.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0217", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0012.html", + "https://security.gentoo.org/glsa/202402-08", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0217", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:24.213Z", + "LastModifiedDate": "2025-11-04T20:16:16.197Z" + }, + { + "VulnerabilityID": "CVE-2023-0286", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0286", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:f30a334136a9ca647beb24f0c7f9e961698345eb6b2f27e1fbe9c88496aaea50", + "Title": "openssl: X.400 address type confusion in X.509 GeneralName", + "Description": "There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-843" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + }, + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7937", + "https://access.redhat.com/security/cve/CVE-2023-0286", + "https://access.redhat.com/security/cve/cve-2023-0286", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2025-7937.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt", + "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d", + "https://github.com/advisories/GHSA-x4qr-2fvf-3mr5", + "https://github.com/pyca/cryptography", + "https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5", + "https://linux.oracle.com/cve/CVE-2023-0286.html", + "https://linux.oracle.com/errata/ELSA-2025-7937.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0286", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0006.html", + "https://security.gentoo.org/glsa/202402-08", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://ubuntu.com/security/notices/USN-5845-1", + "https://ubuntu.com/security/notices/USN-5845-2", + "https://ubuntu.com/security/notices/USN-6564-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0286", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:24.267Z", + "LastModifiedDate": "2025-11-04T20:16:16.35Z" + }, + { + "VulnerabilityID": "CVE-2023-0401", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0401", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:31a959243f5e9c166807f33178da6ebe3455303aa2e6ea50039a5b7a0bbd39b0", + "Title": "openssl: NULL dereference during PKCS7 data verification", + "Description": "A NULL pointer can be dereferenced when signatures are being\nverified on PKCS7 signed or signedAndEnveloped data. In case the hash\nalgorithm used for the signature is known to the OpenSSL library but\nthe implementation of the hash algorithm is not available the digest\ninitialization will fail. There is a missing check for the return\nvalue from the initialization function which later leads to invalid\nusage of the digest API most likely leading to a crash.\n\nThe unavailability of an algorithm can be caused by using FIPS\nenabled configuration of providers or more commonly by not loading\nthe legacy provider.\n\nPKCS7 data is processed by the SMIME library calls and also by the\ntime stamp (TS) library calls. The TLS implementation in OpenSSL does\nnot call these functions however third party applications would be\naffected if they call these functions to verify signatures on untrusted\ndata.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0946", + "https://access.redhat.com/security/cve/CVE-2023-0401", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164488", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/2164497", + "https://bugzilla.redhat.com/2164499", + "https://bugzilla.redhat.com/2164500", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-0946.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674", + "https://github.com/alexcrichton/openssl-src-rs", + "https://linux.oracle.com/cve/CVE-2023-0401.html", + "https://linux.oracle.com/errata/ELSA-2023-12152.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0401", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0013.html", + "https://security.gentoo.org/glsa/202402-08", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://ubuntu.com/security/notices/USN-6564-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0401", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:24.323Z", + "LastModifiedDate": "2025-11-04T20:16:16.527Z" + }, + { + "VulnerabilityID": "CVE-2023-0464", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0464", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:12d9ad41e98263971ded819a76c1ab64a534449c182740de5771b13a5308126b", + "Title": "openssl: Denial of service by excessive resource usage in verifying X509 policy constraints", + "Description": "A security vulnerability has been identified in all supported versions\n\nof OpenSSL related to the verification of X.509 certificate chains\nthat include policy constraints. Attackers may be able to exploit this\nvulnerability by creating a malicious certificate chain that triggers\nexponential use of computational resources, leading to a denial-of-service\n(DoS) attack on affected systems.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3722", + "https://access.redhat.com/security/cve/CVE-2023-0464", + "https://bugzilla.redhat.com/2181082", + "https://bugzilla.redhat.com/2182561", + "https://bugzilla.redhat.com/2182565", + "https://bugzilla.redhat.com/2188461", + "https://bugzilla.redhat.com/2207947", + "https://errata.almalinux.org/9/ALSA-2023-3722.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1", + "https://github.com/advisories/GHSA-w2w6-xp88-5cvw", + "https://linux.oracle.com/cve/CVE-2023-0464.html", + "https://linux.oracle.com/errata/ELSA-2023-3722.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0464", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230406-0006", + "https://security.netapp.com/advisory/ntap-20230406-0006/", + "https://security.netapp.com/advisory/ntap-20240621-0006", + "https://security.netapp.com/advisory/ntap-20240621-0006/", + "https://ubuntu.com/security/notices/USN-6039-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.couchbase.com/alerts", + "https://www.couchbase.com/alerts/", + "https://www.cve.org/CVERecord?id=CVE-2023-0464", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230322.txt" + ], + "PublishedDate": "2023-03-22T17:15:13.13Z", + "LastModifiedDate": "2025-05-05T16:15:26.103Z" + }, + { + "VulnerabilityID": "CVE-2023-5363", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.12-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-5363", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:bebc404882ec0523640e8bae9f51917d984f6d175a31eac54f7978c1842d397a", + "Title": "openssl: Incorrect cipher key and IV length processing", + "Description": "Issue summary: A bug has been identified in the processing of key and\ninitialisation vector (IV) lengths. This can lead to potential truncation\nor overruns during the initialisation of some symmetric ciphers.\n\nImpact summary: A truncation in the IV can result in non-uniqueness,\nwhich could result in loss of confidentiality for some cipher modes.\n\nWhen calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or\nEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after\nthe key and IV have been established. Any alterations to the key length,\nvia the \"keylen\" parameter or the IV length, via the \"ivlen\" parameter,\nwithin the OSSL_PARAM array will not take effect as intended, potentially\ncausing truncation or overreading of these values. The following ciphers\nand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.\n\nFor the CCM, GCM and OCB cipher modes, truncation of the IV can result in\nloss of confidentiality. For example, when following NIST's SP 800-38D\nsection 8.2.1 guidance for constructing a deterministic IV for AES in\nGCM mode, truncation of the counter portion could lead to IV reuse.\n\nBoth truncations and overruns of the key and overruns of the IV will\nproduce incorrect results and could, in some cases, trigger a memory\nexception. However, these issues are not currently assessed as security\ncritical.\n\nChanging the key and/or IV lengths is not considered to be a common operation\nand the vulnerable API was recently introduced. Furthermore it is likely that\napplication developers will have spotted this problem during testing since\ndecryption would fail unless both peers in the communication were similarly\nvulnerable. For these reasons we expect the probability of an application being\nvulnerable to this to be quite low. However if an application is vulnerable then\nthis issue is considered very serious. For these reasons we have assessed this\nissue as Moderate severity overall.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because\nthe issue lies outside of the FIPS provider boundary.\n\nOpenSSL 3.1 and 3.0 are vulnerable to this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-684" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/10/24/1", + "https://access.redhat.com/errata/RHSA-2024:0310", + "https://access.redhat.com/security/cve/CVE-2023-5363", + "https://bugzilla.redhat.com/2243839", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", + "https://cert-portal.siemens.com/productcert/html/ssa-277137.html", + "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", + "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", + "https://errata.almalinux.org/9/ALSA-2024-0310.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee", + "https://github.com/advisories/GHSA-xw78-pcr6-wrg8", + "https://linux.oracle.com/cve/CVE-2023-5363.html", + "https://linux.oracle.com/errata/ELSA-2024-12093.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-5363", + "https://security.netapp.com/advisory/ntap-20231027-0010", + "https://security.netapp.com/advisory/ntap-20231027-0010/", + "https://security.netapp.com/advisory/ntap-20240201-0003", + "https://security.netapp.com/advisory/ntap-20240201-0003/", + "https://security.netapp.com/advisory/ntap-20240201-0004", + "https://security.netapp.com/advisory/ntap-20240201-0004/", + "https://security.netapp.com/advisory/ntap-20241108-0002", + "https://security.netapp.com/advisory/ntap-20241108-0002/", + "https://ubuntu.com/security/notices/USN-6450-1", + "https://www.cve.org/CVERecord?id=CVE-2023-5363", + "https://www.debian.org/security/2023/dsa-5532", + "https://www.openssl.org/news/secadv/20231024.txt" + ], + "PublishedDate": "2023-10-25T18:17:43.613Z", + "LastModifiedDate": "2026-05-12T11:16:16.87Z" + }, + { + "VulnerabilityID": "CVE-2024-6119", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.15-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-6119", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:53a56bf3947e197e3bc575eb1b1d86b8629d2fc4f5e02873c0f385ddbf94be7a", + "Title": "openssl: Possible denial of service in X.509 name checks", + "Description": "Issue summary: Applications performing certificate name checks (e.g., TLS\nclients checking server certificates) may attempt to read an invalid memory\naddress resulting in abnormal termination of the application process.\n\nImpact summary: Abnormal termination of an application can a cause a denial of\nservice.\n\nApplications performing certificate name checks (e.g., TLS clients checking\nserver certificates) may attempt to read an invalid memory address when\ncomparing the expected name with an `otherName` subject alternative name of an\nX.509 certificate. This may result in an exception that terminates the\napplication program.\n\nNote that basic certificate chain validation (signatures, dates, ...) is not\naffected, the denial of service can occur only when the application also\nspecifies an expected DNS name, Email address or IP address.\n\nTLS servers rarely solicit client certificates, and even when they do, they\ngenerally don't perform a name check against a reference identifier (expected\nidentity), but rather extract the presented identity after checking the\ncertificate chain. So TLS servers are generally not affected and the severity\nof the issue is Moderate.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-843" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/09/03/4", + "https://access.redhat.com/errata/RHSA-2024:8935", + "https://access.redhat.com/security/cve/CVE-2024-6119", + "https://bugzilla.redhat.com/2306158", + "https://bugzilla.redhat.com/show_bug.cgi?id=2306158", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-613116.html", + "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6119", + "https://errata.almalinux.org/9/ALSA-2024-8935.html", + "https://errata.rockylinux.org/RLSA-2024:6783", + "https://github.com/advisories/GHSA-7m4m-pwhv-49c5", + "https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f", + "https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6", + "https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2", + "https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0", + "https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj", + "https://linux.oracle.com/cve/CVE-2024-6119.html", + "https://linux.oracle.com/errata/ELSA-2024-8935.html", + "https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-6119", + "https://openssl-library.org/news/secadv/20240903.txt", + "https://security.netapp.com/advisory/ntap-20240912-0001", + "https://security.netapp.com/advisory/ntap-20240912-0001/", + "https://ubuntu.com/security/notices/USN-6986-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2024-6119" + ], + "PublishedDate": "2024-09-03T16:15:07.177Z", + "LastModifiedDate": "2026-05-12T12:17:20.647Z" + }, + { + "VulnerabilityID": "CVE-2025-15467", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.19-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:f02e6f09f8c1e6494a54d4e304b04a079e71fba32afaa7c4acc7bd4cae8f199f", + "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", + "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 4, + "julia": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6", + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-15467", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", + "https://github.com/guiimoraes/CVE-2025-15467", + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://linux.oracle.com/cve/CVE-2025-15467.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-15467" + ], + "PublishedDate": "2026-01-27T16:16:14.257Z", + "LastModifiedDate": "2026-05-07T18:12:43.253Z" + }, + { + "VulnerabilityID": "CVE-2025-69421", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.19-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:32661166f09cd2a399ab80e16d014797156616a2430e13bed7b9c96d4042174c", + "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", + "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-69421", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://linux.oracle.com/cve/CVE-2025-69421.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69421" + ], + "PublishedDate": "2026-01-27T16:16:34.437Z", + "LastModifiedDate": "2026-05-12T13:17:26.71Z" + }, + { + "VulnerabilityID": "CVE-2022-4203", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4203", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:7006af1cfd8970c922a3ed64ba95a4eb26cf1ad57cf540db3061c28818105e85", + "Title": "openssl: read buffer overflow in X.509 certificate verification", + "Description": "A read buffer overrun can be triggered in X.509 certificate verification,\nspecifically in name constraint checking. Note that this occurs\nafter certificate chain signature verification and requires either a\nCA to have signed the malicious certificate or for the application to\ncontinue certificate verification despite failure to construct a path\nto a trusted issuer.\n\nThe read buffer overrun might result in a crash which could lead to\na denial of service attack. In theory it could also result in the disclosure\nof private memory contents (such as private keys, or sensitive plaintext)\nalthough we are not aware of any working exploit leading to memory\ncontents disclosure as of the time of release of this advisory.\n\nIn a TLS client, this can be triggered by connecting to a malicious\nserver. In a TLS server, this can be triggered if the server requests\nclient authentication and a malicious client connects.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "ghsa": 4, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 9.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0946", + "https://access.redhat.com/security/cve/CVE-2022-4203", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164488", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/2164497", + "https://bugzilla.redhat.com/2164499", + "https://bugzilla.redhat.com/2164500", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-0946.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c927a3492698c254637da836762f9b1f86cffabc", + "https://linux.oracle.com/cve/CVE-2022-4203.html", + "https://linux.oracle.com/errata/ELSA-2023-12152.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-4203", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0008.html", + "https://security.gentoo.org/glsa/202402-08", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://www.cve.org/CVERecord?id=CVE-2022-4203", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-24T15:15:11.98Z", + "LastModifiedDate": "2025-11-04T20:16:14.693Z" + }, + { + "VulnerabilityID": "CVE-2022-4304", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4304", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:0fe3eb2c69166b6e855a8c250deba63c09a51859ce3a1b867b03685f3d6866c9", + "Title": "openssl: timing attack in RSA Decryption implementation", + "Description": "A timing based side channel exists in the OpenSSL RSA Decryption implementation\nwhich could be sufficient to recover a plaintext across a network in a\nBleichenbacher style attack. To achieve a successful decryption an attacker\nwould have to be able to send a very large number of trial messages for\ndecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,\nRSA-OEAP and RSASVE.\n\nFor example, in a TLS connection, RSA is commonly used by a client to send an\nencrypted pre-master secret to the server. An attacker that had observed a\ngenuine connection between a client and a server could use this flaw to send\ntrial messages to the server and record the time taken to process them. After a\nsufficiently large number of messages the attacker could recover the pre-master\nsecret used for the original connection and thus be able to decrypt the\napplication data sent over that connection.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-203" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + }, + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2165", + "https://access.redhat.com/security/cve/CVE-2022-4304", + "https://bugzilla.redhat.com/1960321", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-2165.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://github.com/advisories/GHSA-p52g-cm5j-mjv4", + "https://linux.oracle.com/cve/CVE-2022-4304.html", + "https://linux.oracle.com/errata/ELSA-2023-32791.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-4304", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0007.html", + "https://security.gentoo.org/glsa/202402-08", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://ubuntu.com/security/notices/USN-6564-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2022-4304", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:23.887Z", + "LastModifiedDate": "2025-11-04T20:16:14.897Z" + }, + { + "VulnerabilityID": "CVE-2023-0465", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0465", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:3eec4f631f80c46a487cd6aa0b8c3e9d7086833e0dfb82eceb302b8e74599dfc", + "Title": "openssl: Invalid certificate policies in leaf certificates are silently ignored", + "Description": "Applications that use a non-default option when verifying certificates may be\nvulnerable to an attack from a malicious CA to circumvent certain checks.\n\nInvalid certificate policies in leaf certificates are silently ignored by\nOpenSSL and other certificate policy checks are skipped for that certificate.\nA malicious CA could use this to deliberately assert invalid certificate policies\nin order to circumvent policy checking on the certificate altogether.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3722", + "https://access.redhat.com/security/cve/CVE-2023-0465", + "https://bugzilla.redhat.com/2181082", + "https://bugzilla.redhat.com/2182561", + "https://bugzilla.redhat.com/2182565", + "https://bugzilla.redhat.com/2188461", + "https://bugzilla.redhat.com/2207947", + "https://errata.almalinux.org/9/ALSA-2023-3722.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c", + "https://github.com/advisories/GHSA-77f3-6546-6rj7", + "https://linux.oracle.com/cve/CVE-2023-0465.html", + "https://linux.oracle.com/errata/ELSA-2023-3722.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0465", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230414-0001", + "https://security.netapp.com/advisory/ntap-20230414-0001/", + "https://ubuntu.com/security/notices/USN-6039-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0465", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230328.txt" + ], + "PublishedDate": "2023-03-28T15:15:06.82Z", + "LastModifiedDate": "2025-02-18T21:15:13.877Z" + }, + { + "VulnerabilityID": "CVE-2023-0466", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0466", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:7c1f6c43f6b72b0eeea6202edb2e4c587f2051fdfff616117f07e631de1c0aa5", + "Title": "openssl: Certificate policy check not enabled", + "Description": "The function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\n\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\n\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\n\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/09/28/4", + "https://access.redhat.com/errata/RHSA-2023:3722", + "https://access.redhat.com/security/cve/CVE-2023-0466", + "https://bugzilla.redhat.com/2181082", + "https://bugzilla.redhat.com/2182561", + "https://bugzilla.redhat.com/2182565", + "https://bugzilla.redhat.com/2188461", + "https://bugzilla.redhat.com/2207947", + "https://errata.almalinux.org/9/ALSA-2023-3722.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061", + "https://github.com/advisories/GHSA-pxvj-4wx4-gv6w", + "https://linux.oracle.com/cve/CVE-2023-0466.html", + "https://linux.oracle.com/errata/ELSA-2023-3722.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0466", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230414-0001", + "https://security.netapp.com/advisory/ntap-20230414-0001/", + "https://ubuntu.com/security/notices/USN-6039-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0466", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230328.txt" + ], + "PublishedDate": "2023-03-28T15:15:06.88Z", + "LastModifiedDate": "2025-02-19T18:15:22.177Z" + }, + { + "VulnerabilityID": "CVE-2023-1255", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-1255", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ce8a0b2a3042b1f00335c51a0277a2af1c6179102b0f727118b8d5262bfc094f", + "Title": "openssl: Input buffer over-read in AES-XTS implementation on 64 bit ARM", + "Description": "Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM\nplatform contains a bug that could cause it to read past the input buffer,\nleading to a crash.\n\nImpact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM\nplatform can crash in rare circumstances. The AES-XTS algorithm is usually\nused for disk encryption.\n\nThe AES-XTS cipher decryption implementation for 64 bit ARM platform will read\npast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16\nbyte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext\nbuffer is unmapped, this will trigger a crash which results in a denial of\nservice.\n\nIf an attacker can control the size and location of the ciphertext buffer\nbeing decrypted by an application using AES-XTS on 64 bit ARM, the\napplication is affected. This is fairly unlikely making this issue\na Low severity one.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.1 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/04/20/13", + "https://access.redhat.com/errata/RHSA-2023:3722", + "https://access.redhat.com/security/cve/CVE-2023-1255", + "https://bugzilla.redhat.com/2181082", + "https://bugzilla.redhat.com/2182561", + "https://bugzilla.redhat.com/2182565", + "https://bugzilla.redhat.com/2188461", + "https://bugzilla.redhat.com/2207947", + "https://errata.almalinux.org/9/ALSA-2023-3722.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc2f61ad70971869b242fc1cb445b98bad50074a", + "https://github.com/advisories/GHSA-4wp2-xw7p-2gfx", + "https://linux.oracle.com/cve/CVE-2023-1255.html", + "https://linux.oracle.com/errata/ELSA-2023-3722.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-1255", + "https://security.netapp.com/advisory/ntap-20230908-0006/", + "https://ubuntu.com/security/notices/USN-6119-1", + "https://www.cve.org/CVERecord?id=CVE-2023-1255", + "https://www.openssl.org/news/secadv/20230419.txt", + "https://www.openssl.org/news/secadv/20230420.txt" + ], + "PublishedDate": "2023-04-20T17:15:06.883Z", + "LastModifiedDate": "2025-02-04T22:15:39.327Z" + }, + { + "VulnerabilityID": "CVE-2023-2650", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.9-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2650", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ae73f9697fc9ca15460fb53262566ac4e15682475fe51e9849f3b2a717b5e05a", + "Title": "openssl: Possible DoS translating ASN.1 object identifiers", + "Description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/05/30/1", + "https://access.redhat.com/errata/RHSA-2023:6330", + "https://access.redhat.com/security/cve/CVE-2023-2650", + "https://bugzilla.redhat.com/1858038", + "https://bugzilla.redhat.com/2207947", + "https://errata.almalinux.org/9/ALSA-2023-6330.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a", + "https://github.com/advisories/GHSA-gqxg-9vfr-p9cg", + "https://linux.oracle.com/cve/CVE-2023-2650.html", + "https://linux.oracle.com/errata/ELSA-2023-6330.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2650", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230703-0001/", + "https://security.netapp.com/advisory/ntap-20231027-0009/", + "https://ubuntu.com/security/notices/USN-6119-1", + "https://ubuntu.com/security/notices/USN-6188-1", + "https://ubuntu.com/security/notices/USN-6672-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-2650", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230530.txt" + ], + "PublishedDate": "2023-05-30T14:15:09.683Z", + "LastModifiedDate": "2025-03-19T16:15:21.89Z" + }, + { + "VulnerabilityID": "CVE-2023-2975", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.9-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2975", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:3ab0b1b24a02e8662f16cffb57ad74a3926d34e72c6b5cd39ea7261db5da2b93", + "Title": "openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries", + "Description": "Issue summary: The AES-SIV cipher implementation contains a bug that causes\nit to ignore empty associated data entries which are unauthenticated as\na consequence.\n\nImpact summary: Applications that use the AES-SIV algorithm and want to\nauthenticate empty data entries as associated data can be misled by removing,\nadding or reordering such empty entries as these are ignored by the OpenSSL\nimplementation. We are currently unaware of any such applications.\n\nThe AES-SIV algorithm allows for authentication of multiple associated\ndata entries along with the encryption. To authenticate empty data the\napplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with\nNULL pointer as the output buffer and 0 as the input buffer length.\nThe AES-SIV implementation in OpenSSL just returns success for such a call\ninstead of performing the associated data authentication operation.\nThe empty data thus will not be authenticated.\n\nAs this issue does not affect non-empty associated data authentication and\nwe expect it to be rare for an application to use empty associated data\nentries this is qualified as Low severity issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-354", + "CWE-287" + ], + "VendorSeverity": { + "alma": 1, + "amazon": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 1, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/07/15/1", + "http://www.openwall.com/lists/oss-security/2023/07/19/5", + "https://access.redhat.com/errata/RHSA-2024:2447", + "https://access.redhat.com/security/cve/CVE-2023-2975", + "https://bugzilla.redhat.com/2223016", + "https://bugzilla.redhat.com/2224962", + "https://bugzilla.redhat.com/2227852", + "https://bugzilla.redhat.com/2248616", + "https://bugzilla.redhat.com/2257571", + "https://bugzilla.redhat.com/2258502", + "https://bugzilla.redhat.com/2259944", + "https://errata.almalinux.org/9/ALSA-2024-2447.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc", + "https://github.com/advisories/GHSA-hpqg-7fjp-436p", + "https://linux.oracle.com/cve/CVE-2023-2975.html", + "https://linux.oracle.com/errata/ELSA-2024-2447.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2975", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230725-0004", + "https://security.netapp.com/advisory/ntap-20230725-0004/", + "https://ubuntu.com/security/notices/USN-6450-1", + "https://www.cve.org/CVERecord?id=CVE-2023-2975", + "https://www.openssl.org/news/secadv/20230714.txt" + ], + "PublishedDate": "2023-07-14T12:15:09.023Z", + "LastModifiedDate": "2025-04-23T17:16:32.467Z" + }, + { + "VulnerabilityID": "CVE-2023-3446", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.9-r3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3446", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:79957f0d103f50daa6c155489296ffb4503591b2952fcd8d3a8a121969908888", + "Title": "openssl: Excessive time spent checking DH keys and parameters", + "Description": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. One of those\nchecks confirms that the modulus ('p' parameter) is not too large. Trying to use\na very large modulus is slow and OpenSSL will not normally use a modulus which\nis over 10,000 bits in length.\n\nHowever the DH_check() function checks numerous aspects of the key or parameters\nthat have been supplied. Some of those checks use the supplied modulus value\neven if it has already been found to be too large.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulernable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the '-check' option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-606", + "CWE-1333" + ], + "VendorSeverity": { + "alma": 1, + "amazon": 3, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 1, + "photon": 2, + "redhat": 1, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/07/19/4", + "http://www.openwall.com/lists/oss-security/2023/07/19/5", + "http://www.openwall.com/lists/oss-security/2023/07/19/6", + "http://www.openwall.com/lists/oss-security/2023/07/31/1", + "http://www.openwall.com/lists/oss-security/2024/05/16/1", + "https://access.redhat.com/errata/RHSA-2024:2447", + "https://access.redhat.com/security/cve/CVE-2023-3446", + "https://bugzilla.redhat.com/2223016", + "https://bugzilla.redhat.com/2224962", + "https://bugzilla.redhat.com/2227852", + "https://bugzilla.redhat.com/2248616", + "https://bugzilla.redhat.com/2257571", + "https://bugzilla.redhat.com/2258502", + "https://bugzilla.redhat.com/2259944", + "https://bugzilla.redhat.com/show_bug.cgi?id=2224962", + "https://bugzilla.redhat.com/show_bug.cgi?id=2257582", + "https://bugzilla.redhat.com/show_bug.cgi?id=2257583", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258677", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258688", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258691", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258694", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258700", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36763", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36764", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45229", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45231", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45232", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45233", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45235", + "https://errata.almalinux.org/9/ALSA-2024-2447.html", + "https://errata.rockylinux.org/RLSA-2024:2264", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23", + "https://linux.oracle.com/cve/CVE-2023-3446.html", + "https://linux.oracle.com/errata/ELSA-2024-2447.html", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3446", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230803-0011/", + "https://ubuntu.com/security/notices/USN-6435-1", + "https://ubuntu.com/security/notices/USN-6435-2", + "https://ubuntu.com/security/notices/USN-6450-1", + "https://ubuntu.com/security/notices/USN-6709-1", + "https://ubuntu.com/security/notices/USN-7018-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3446", + "https://www.openssl.org/news/secadv/20230719.txt" + ], + "PublishedDate": "2023-07-19T12:15:10.003Z", + "LastModifiedDate": "2025-04-23T17:16:36.967Z" + }, + { + "VulnerabilityID": "CVE-2023-3817", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.10-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3817", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:96637ef64ca0979577e7acbecaf6e745387663235341e76fc7047c3e846c51b9", + "Title": "OpenSSL: Excessive time spent checking DH q parameter value", + "Description": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-606", + "CWE-834" + ], + "VendorSeverity": { + "alma": 1, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 1, + "photon": 2, + "redhat": 1, + "rocky": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2023/Jul/43", + "http://www.openwall.com/lists/oss-security/2023/07/31/1", + "http://www.openwall.com/lists/oss-security/2023/09/22/11", + "http://www.openwall.com/lists/oss-security/2023/09/22/9", + "http://www.openwall.com/lists/oss-security/2023/11/06/2", + "https://access.redhat.com/errata/RHSA-2024:2447", + "https://access.redhat.com/security/cve/CVE-2023-3817", + "https://bugzilla.redhat.com/2223016", + "https://bugzilla.redhat.com/2224962", + "https://bugzilla.redhat.com/2227852", + "https://bugzilla.redhat.com/2248616", + "https://bugzilla.redhat.com/2257571", + "https://bugzilla.redhat.com/2258502", + "https://bugzilla.redhat.com/2259944", + "https://bugzilla.redhat.com/show_bug.cgi?id=2224962", + "https://bugzilla.redhat.com/show_bug.cgi?id=2227852", + "https://bugzilla.redhat.com/show_bug.cgi?id=2248616", + "https://bugzilla.redhat.com/show_bug.cgi?id=2270358", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5678", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2408", + "https://errata.almalinux.org/9/ALSA-2024-2447.html", + "https://errata.rockylinux.org/RLSA-2023:7877", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5", + "https://github.com/advisories/GHSA-c945-cqj5-wfv6", + "https://linux.oracle.com/cve/CVE-2023-3817.html", + "https://linux.oracle.com/errata/ELSA-2024-2447.html", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3817", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230818-0014", + "https://security.netapp.com/advisory/ntap-20230818-0014/", + "https://security.netapp.com/advisory/ntap-20231027-0008", + "https://security.netapp.com/advisory/ntap-20231027-0008/", + "https://security.netapp.com/advisory/ntap-20240621-0006", + "https://security.netapp.com/advisory/ntap-20240621-0006/", + "https://ubuntu.com/security/notices/USN-6435-1", + "https://ubuntu.com/security/notices/USN-6435-2", + "https://ubuntu.com/security/notices/USN-6450-1", + "https://ubuntu.com/security/notices/USN-6709-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3817", + "https://www.openssl.org/news/secadv/20230731.txt" + ], + "PublishedDate": "2023-07-31T16:15:10.497Z", + "LastModifiedDate": "2025-05-05T16:15:47.343Z" + }, + { + "VulnerabilityID": "CVE-2023-5678", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.12-r1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-5678", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ad1a8827f667f499bedc0eb3e830a79d076d92900bdff7d180658450414136a2", + "Title": "openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow", + "Description": "Issue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n\"-pubcheck\" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-606", + "CWE-754" + ], + "VendorSeverity": { + "alma": 1, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 1, + "photon": 2, + "redhat": 1, + "rocky": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/11/06/2", + "http://www.openwall.com/lists/oss-security/2024/03/11/1", + "https://access.redhat.com/errata/RHSA-2024:2447", + "https://access.redhat.com/security/cve/CVE-2023-5678", + "https://bugzilla.redhat.com/2223016", + "https://bugzilla.redhat.com/2224962", + "https://bugzilla.redhat.com/2227852", + "https://bugzilla.redhat.com/2248616", + "https://bugzilla.redhat.com/2257571", + "https://bugzilla.redhat.com/2258502", + "https://bugzilla.redhat.com/2259944", + "https://bugzilla.redhat.com/show_bug.cgi?id=2224962", + "https://bugzilla.redhat.com/show_bug.cgi?id=2227852", + "https://bugzilla.redhat.com/show_bug.cgi?id=2248616", + "https://bugzilla.redhat.com/show_bug.cgi?id=2270358", + "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", + "https://cert-portal.siemens.com/productcert/html/ssa-128433.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-277137.html", + "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", + "https://cert-portal.siemens.com/productcert/html/ssa-341067.html", + "https://cert-portal.siemens.com/productcert/html/ssa-398330.html", + "https://cert-portal.siemens.com/productcert/html/ssa-556635.html", + "https://cert-portal.siemens.com/productcert/html/ssa-613116.html", + "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", + "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", + "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5678", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2408", + "https://errata.almalinux.org/9/ALSA-2024-2447.html", + "https://errata.rockylinux.org/RLSA-2023:7877", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", + "https://github.com/advisories/GHSA-2cj7-mg3x-9mhq", + "https://linux.oracle.com/cve/CVE-2023-5678.html", + "https://linux.oracle.com/errata/ELSA-2024-2447.html", + "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html", + "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-5678", + "https://security.netapp.com/advisory/ntap-20231130-0010", + "https://security.netapp.com/advisory/ntap-20231130-0010/", + "https://ubuntu.com/security/notices/USN-6622-1", + "https://ubuntu.com/security/notices/USN-6632-1", + "https://ubuntu.com/security/notices/USN-6709-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-5678", + "https://www.openssl.org/news/secadv/20231106.txt" + ], + "PublishedDate": "2023-11-06T16:15:42.67Z", + "LastModifiedDate": "2026-05-12T11:16:17.123Z" + }, + { + "VulnerabilityID": "CVE-2023-6129", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.12-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-6129", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:a77cdc3bc75a9786555250faa492a3c79a4430cda7739e4da2a868d07fb2b7bd", + "Title": "openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC", + "Description": "Issue summary: The POLY1305 MAC (message authentication code) implementation\ncontains a bug that might corrupt the internal state of applications running\non PowerPC CPU based platforms if the CPU provides vector instructions.\n\nImpact summary: If an attacker can influence whether the POLY1305 MAC\nalgorithm is used, the application state might be corrupted with various\napplication dependent consequences.\n\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL for\nPowerPC CPUs restores the contents of vector registers in a different order\nthan they are saved. Thus the contents of some of these vector registers\nare corrupted when returning to the caller. The vulnerable code is used only\non newer PowerPC processors supporting the PowerISA 2.07 instructions.\n\nThe consequences of this kind of internal application state corruption can\nbe various - from no consequences, if the calling application does not\ndepend on the contents of non-volatile XMM registers at all, to the worst\nconsequences, where the attacker could get complete control of the application\nprocess. However unless the compiler uses the vector registers for storing\npointers, the most likely consequence, if any, would be an incorrect result\nof some application dependent calculations or a crash leading to a denial of\nservice.\n\nThe POLY1305 MAC algorithm is most frequently used as part of the\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\nversions 1.2 and 1.3. If this cipher is enabled on the server a malicious\nclient can influence whether this AEAD cipher is used. This implies that\nTLS server applications using OpenSSL can be potentially impacted. However\nwe are currently not aware of any concrete application that would be affected\nby this issue therefore we consider this a Low severity security issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-440", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 2, + "redhat": 1, + "rocky": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/01/09/1", + "http://www.openwall.com/lists/oss-security/2024/03/11/1", + "https://access.redhat.com/errata/RHSA-2024:9088", + "https://access.redhat.com/security/cve/CVE-2023-6129", + "https://bugzilla.redhat.com/2257571", + "https://bugzilla.redhat.com/2258502", + "https://bugzilla.redhat.com/2259944", + "https://bugzilla.redhat.com/2284243", + "https://bugzilla.redhat.com/show_bug.cgi?id=2257571", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258502", + "https://bugzilla.redhat.com/show_bug.cgi?id=2259944", + "https://bugzilla.redhat.com/show_bug.cgi?id=2284243", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", + "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", + "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6129", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6237", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1298", + "https://errata.almalinux.org/9/ALSA-2024-9088.html", + "https://errata.rockylinux.org/RLSA-2024:9088", + "https://github.com/advisories/GHSA-rj8q-prqp-jwfg", + "https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35", + "https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04", + "https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015", + "https://linux.oracle.com/cve/CVE-2023-6129.html", + "https://linux.oracle.com/errata/ELSA-2024-9088.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-6129", + "https://security.netapp.com/advisory/ntap-20240216-0009", + "https://security.netapp.com/advisory/ntap-20240216-0009/", + "https://security.netapp.com/advisory/ntap-20240426-0008", + "https://security.netapp.com/advisory/ntap-20240426-0008/", + "https://security.netapp.com/advisory/ntap-20240426-0013", + "https://security.netapp.com/advisory/ntap-20240426-0013/", + "https://security.netapp.com/advisory/ntap-20240503-0011", + "https://security.netapp.com/advisory/ntap-20240503-0011/", + "https://ubuntu.com/security/notices/USN-6622-1", + "https://www.cve.org/CVERecord?id=CVE-2023-6129", + "https://www.openssl.org/news/secadv/20240109.txt", + "https://www.openwall.com/lists/oss-security/2024/01/09/1" + ], + "PublishedDate": "2024-01-09T17:15:12.147Z", + "LastModifiedDate": "2026-05-12T11:16:17.563Z" + }, + { + "VulnerabilityID": "CVE-2024-0727", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.12-r4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-0727", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:b83e50f2405b9491e40f4c09055a3be6b87bf960d8127881d78052fd3967cc15", + "Title": "openssl: denial of service via null dereference", + "Description": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 1, + "rocky": 2, + "ubuntu": 1 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/11/1", + "https://access.redhat.com/errata/RHSA-2024:9088", + "https://access.redhat.com/security/cve/CVE-2024-0727", + "https://bugzilla.redhat.com/2257571", + "https://bugzilla.redhat.com/2258502", + "https://bugzilla.redhat.com/2259944", + "https://bugzilla.redhat.com/2284243", + "https://bugzilla.redhat.com/show_bug.cgi?id=2257571", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258502", + "https://bugzilla.redhat.com/show_bug.cgi?id=2259944", + "https://bugzilla.redhat.com/show_bug.cgi?id=2284243", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-277137.html", + "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", + "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", + "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6129", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6237", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1298", + "https://errata.almalinux.org/9/ALSA-2024-9088.html", + "https://errata.rockylinux.org/RLSA-2024:9088", + "https://github.com/advisories/GHSA-9v9h-cgj8-h64p", + "https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2", + "https://github.com/github/advisory-database/pull/3472", + "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2", + "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a", + "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c", + "https://github.com/openssl/openssl/pull/23362", + "https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d", + "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8", + "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539", + "https://linux.oracle.com/cve/CVE-2024-0727.html", + "https://linux.oracle.com/errata/ELSA-2024-9088.html", + "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html", + "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-0727", + "https://security.netapp.com/advisory/ntap-20240208-0006", + "https://security.netapp.com/advisory/ntap-20240208-0006/", + "https://ubuntu.com/security/notices/USN-6622-1", + "https://ubuntu.com/security/notices/USN-6632-1", + "https://ubuntu.com/security/notices/USN-6709-1", + "https://ubuntu.com/security/notices/USN-7018-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2024-0727", + "https://www.openssl.org/news/secadv/20240125.txt" + ], + "PublishedDate": "2024-01-26T09:15:07.637Z", + "LastModifiedDate": "2026-05-12T12:16:16.567Z" + }, + { + "VulnerabilityID": "CVE-2025-69419", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.19-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:0acae399f7629b8fe9565fb24dbfc603c81db73a4e0b4ddb794e6ff64c29a526", + "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", + "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4472", + "https://access.redhat.com/security/cve/CVE-2025-69419", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-4472.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-x77r-97gw-wh89", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://linux.oracle.com/cve/CVE-2025-69419.html", + "https://linux.oracle.com/errata/ELSA-2026-50131.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69419" + ], + "PublishedDate": "2026-01-27T16:16:34.113Z", + "LastModifiedDate": "2026-05-12T13:17:26.19Z" + }, + { + "VulnerabilityID": "CVE-2025-9230", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.19-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:e1ce935857188d04d582bc29ae324301fb4625054080388375d2eeeac33f78da", + "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", + "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://access.redhat.com/errata/RHSA-2026:2776", + "https://access.redhat.com/security/cve/CVE-2025-9230", + "https://bugzilla.redhat.com/2396054", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", + "https://errata.almalinux.org/9/ALSA-2026-2776.html", + "https://errata.rockylinux.org/RLSA-2025:21255", + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://linux.oracle.com/cve/CVE-2025-9230.html", + "https://linux.oracle.com/errata/ELSA-2026-50114.html", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9230" + ], + "PublishedDate": "2025-09-30T14:15:41.05Z", + "LastModifiedDate": "2026-05-12T13:17:29.767Z" + }, + { + "VulnerabilityID": "CVE-2025-26519", + "PkgID": "musl@1.2.3-r4", + "PkgName": "musl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl@1.2.3-r4?arch=x86_64\u0026distro=3.17.0", + "UID": "af5f98cf83a00dc2" + }, + "InstalledVersion": "1.2.3-r4", + "FixedVersion": "1.2.3-r6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-26519", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:c3db28160797c13f6c86972e6208dcd15f750c966dc5922502b2874ce8b817e3", + "Title": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...", + "Description": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "nvd": 3 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/02/13/2", + "http://www.openwall.com/lists/oss-security/2025/02/13/3", + "http://www.openwall.com/lists/oss-security/2025/02/13/4", + "http://www.openwall.com/lists/oss-security/2025/02/13/5", + "http://www.openwall.com/lists/oss-security/2025/02/14/5", + "http://www.openwall.com/lists/oss-security/2025/02/14/6", + "https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da", + "https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659", + "https://www.openwall.com/lists/oss-security/2025/02/13/2" + ], + "PublishedDate": "2025-02-14T04:15:09.05Z", + "LastModifiedDate": "2025-12-10T20:03:59.273Z" + }, + { + "VulnerabilityID": "CVE-2025-26519", + "PkgID": "musl-utils@1.2.3-r4", + "PkgName": "musl-utils", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.3-r4?arch=x86_64\u0026distro=3.17.0", + "UID": "69e5c84e7222babe" + }, + "InstalledVersion": "1.2.3-r4", + "FixedVersion": "1.2.3-r6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-26519", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:8ab4cf830760b396c98023ad8599965608375435c48f99d6da4ba24f66fb8df6", + "Title": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...", + "Description": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "nvd": 3 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/02/13/2", + "http://www.openwall.com/lists/oss-security/2025/02/13/3", + "http://www.openwall.com/lists/oss-security/2025/02/13/4", + "http://www.openwall.com/lists/oss-security/2025/02/13/5", + "http://www.openwall.com/lists/oss-security/2025/02/14/5", + "http://www.openwall.com/lists/oss-security/2025/02/14/6", + "https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da", + "https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659", + "https://www.openwall.com/lists/oss-security/2025/02/13/2" + ], + "PublishedDate": "2025-02-14T04:15:09.05Z", + "LastModifiedDate": "2025-12-10T20:03:59.273Z" + }, + { + "VulnerabilityID": "CVE-2023-42363", + "PkgID": "ssl_client@1.35.0-r29", + "PkgName": "ssl_client", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "4d574a05a4da5141" + }, + "InstalledVersion": "1.35.0-r29", + "FixedVersion": "1.35.0-r31", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42363", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:a04960cdd2abbd5f6f409edc1c188372293c862a8dd58f08547f66aa824f675a", + "Title": "busybox: use-after-free in awk", + "Description": "A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://lists.busybox.net/pipermail/busybox/2024-May/090760.html", + "https://access.redhat.com/security/cve/CVE-2023-42363", + "https://bugs.busybox.net/show_bug.cgi?id=15865", + "https://nvd.nist.gov/vuln/detail/CVE-2023-42363", + "https://ubuntu.com/security/notices/USN-6961-1", + "https://www.cve.org/CVERecord?id=CVE-2023-42363" + ], + "PublishedDate": "2023-11-27T22:15:07.94Z", + "LastModifiedDate": "2024-11-21T08:22:28.403Z" + }, + { + "VulnerabilityID": "CVE-2023-42364", + "PkgID": "ssl_client@1.35.0-r29", + "PkgName": "ssl_client", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "4d574a05a4da5141" + }, + "InstalledVersion": "1.35.0-r29", + "FixedVersion": "1.35.0-r31", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42364", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:3a2b5e125722f465bd528378cb522881325f83a46afe8e6199234fdbdfd5a223", + "Title": "busybox: use-after-free", + "Description": "A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://lists.busybox.net/pipermail/busybox/2024-May/090762.html", + "https://access.redhat.com/security/cve/CVE-2023-42364", + "https://bugs.busybox.net/show_bug.cgi?id=15868", + "https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/busybox/CVE-2023-42364-CVE-2023-42365.patch", + "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-42364", + "https://ubuntu.com/security/notices/USN-6961-1", + "https://www.cve.org/CVERecord?id=CVE-2023-42364" + ], + "PublishedDate": "2023-11-27T23:15:07.313Z", + "LastModifiedDate": "2025-11-03T21:16:01.17Z" + }, + { + "VulnerabilityID": "CVE-2023-42365", + "PkgID": "ssl_client@1.35.0-r29", + "PkgName": "ssl_client", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "4d574a05a4da5141" + }, + "InstalledVersion": "1.35.0-r29", + "FixedVersion": "1.35.0-r31", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42365", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:980a5d2525cf2154b839f7ae93bf5b6ee255a3c8459d293123b8691139fa3d91", + "Title": "busybox: use-after-free", + "Description": "A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://lists.busybox.net/pipermail/busybox/2024-May/090762.html", + "https://access.redhat.com/security/cve/CVE-2023-42365", + "https://bugs.busybox.net/show_bug.cgi?id=15871", + "https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/busybox/CVE-2023-42364-CVE-2023-42365.patch", + "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-42365", + "https://ubuntu.com/security/notices/USN-6961-1", + "https://www.cve.org/CVERecord?id=CVE-2023-42365" + ], + "PublishedDate": "2023-11-27T23:15:07.373Z", + "LastModifiedDate": "2025-11-03T21:16:01.393Z" + }, + { + "VulnerabilityID": "CVE-2023-42366", + "PkgID": "ssl_client@1.35.0-r29", + "PkgName": "ssl_client", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "4d574a05a4da5141" + }, + "InstalledVersion": "1.35.0-r29", + "FixedVersion": "1.35.0-r30", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42366", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:66ead9d5e38cbeda8bd521e1695b3aa49f833fda8fef553eb312da917af688af", + "Title": "busybox: A heap-buffer-overflow", + "Description": "A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-42366", + "https://bugs.busybox.net/show_bug.cgi?id=15874", + "https://nvd.nist.gov/vuln/detail/CVE-2023-42366", + "https://security.netapp.com/advisory/ntap-20241206-0007/", + "https://www.cve.org/CVERecord?id=CVE-2023-42366" + ], + "PublishedDate": "2023-11-27T23:15:07.42Z", + "LastModifiedDate": "2024-12-06T14:15:19.53Z" + } + ] + }, + { + "Target": "usr/local/bin/rclone", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "github.com/rclone/rclone@v1.61.1", + "Name": "github.com/rclone/rclone", + "Identifier": { + "PURL": "pkg:golang/github.com/rclone/rclone@v1.61.1", + "UID": "ae64505d118b4275" + }, + "Version": "v1.61.1", + "Relationship": "root", + "DependsOn": [ + "bazil.org/fuse@v0.0.0-20200524192727-fb710f7dfd05", + "cloud.google.com/go/compute/metadata@v0.2.1", + "github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.1.4", + "github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.2.0", + "github.com/Azure/azure-sdk-for-go/sdk/internal@v1.0.1", + "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob@v0.5.1", + "github.com/Azure/go-ntlmssp@v0.0.0-20220621081337-cb9428e4ac1e", + "github.com/AzureAD/microsoft-authentication-library-for-go@v0.7.0", + "github.com/Max-Sum/base32768@v0.0.0-20191205131208-7937843c71d5", + "github.com/ProtonMail/go-crypto@v0.0.0-20221026131551-cf6655e29de4", + "github.com/Unknwon/goconfig@v1.0.0", + "github.com/a8m/tree@v0.0.0-20210414114729-ce3525c5c2ef", + "github.com/aalpar/deheap@v0.0.0-20210914013432-0cc84d79dec3", + "github.com/abbot/go-http-auth@v0.4.0", + "github.com/anacrolix/dms@v1.5.0", + "github.com/anacrolix/log@v0.13.1", + "github.com/artyom/mtab@v1.0.0", + "github.com/atotto/clipboard@v0.1.4", + "github.com/aws/aws-sdk-go@v1.44.145", + "github.com/beorn7/perks@v1.0.1", + "github.com/buengese/sgzip@v0.1.1", + "github.com/calebcase/tmpfile@v1.0.3", + "github.com/cespare/xxhash/v2@v2.1.2", + "github.com/cloudflare/circl@v1.1.0", + "github.com/colinmarc/hdfs/v2@v2.3.0", + "github.com/coreos/go-semver@v0.3.0", + "github.com/coreos/go-systemd@v0.0.0-20191104093116-d3cd4ed1dbcf", + "github.com/cpuguy83/go-md2man/v2@v2.0.2", + "github.com/dropbox/dropbox-sdk-go-unofficial/v6@v6.0.5", + "github.com/gabriel-vasile/mimetype@v1.4.1", + "github.com/gdamore/encoding@v1.0.0", + "github.com/gdamore/tcell/v2@v2.5.3", + "github.com/geoffgarside/ber@v1.1.0", + "github.com/go-chi/chi/v5@v5.0.7", + "github.com/gofrs/flock@v0.8.1", + "github.com/gogo/protobuf@v1.3.2", + "github.com/golang-jwt/jwt/v4@v4.4.2", + "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", + "github.com/golang/protobuf@v1.5.2", + "github.com/google/go-querystring@v1.1.0", + "github.com/google/uuid@v1.3.0", + "github.com/googleapis/enterprise-certificate-proxy@v0.2.0", + "github.com/googleapis/gax-go/v2@v2.7.0", + "github.com/hanwen/go-fuse/v2@v2.1.0", + "github.com/hashicorp/errwrap@v1.0.0", + "github.com/hashicorp/go-multierror@v1.1.1", + "github.com/hashicorp/go-uuid@v1.0.3", + "github.com/hirochachacha/go-smb2@v1.1.0", + "github.com/iguanesolutions/go-systemd/v5@v5.1.0", + "github.com/jcmturner/aescts/v2@v2.0.0", + "github.com/jcmturner/dnsutils/v2@v2.0.0", + "github.com/jcmturner/gofork@v1.7.6", + "github.com/jcmturner/goidentity/v6@v6.0.1", + "github.com/jcmturner/gokrb5/v8@v8.4.3", + "github.com/jcmturner/rpc/v2@v2.0.3", + "github.com/jmespath/go-jmespath@v0.4.0", + "github.com/jzelinskie/whirlpool@v0.0.0-20201016144138-0675e54bb004", + "github.com/klauspost/compress@v1.15.12", + "github.com/koofr/go-httpclient@v0.0.0-20200420163713-93aa7c75b348", + "github.com/koofr/go-koofrclient@v0.0.0-20190724113126-8e5366da203a", + "github.com/kr/fs@v0.1.0", + "github.com/kylelemons/godebug@v1.1.0", + "github.com/lucasb-eyer/go-colorful@v1.2.0", + "github.com/mattn/go-colorable@v0.1.13", + "github.com/mattn/go-isatty@v0.0.16", + "github.com/mattn/go-runewidth@v0.0.14", + "github.com/matttproud/golang_protobuf_extensions@v1.0.1", + "github.com/mitchellh/go-homedir@v1.1.0", + "github.com/ncw/go-acd@v0.0.0-20201019170801-fe55f33415b1", + "github.com/ncw/swift/v2@v2.0.1", + "github.com/oracle/oci-go-sdk/v65@v65.26.1", + "github.com/patrickmn/go-cache@v2.1.0+incompatible", + "github.com/pengsrc/go-shared@v0.2.1-0.20190131101655-1999055a4a14", + "github.com/pkg/browser@v0.0.0-20210115035449-ce105d075bb4", + "github.com/pkg/sftp@v1.13.5", + "github.com/pkg/xattr@v0.4.9", + "github.com/prometheus/client_golang@v1.14.0", + "github.com/prometheus/client_model@v0.3.0", + "github.com/prometheus/common@v0.37.0", + "github.com/prometheus/procfs@v0.8.0", + "github.com/putdotio/go-putio/putio@v0.0.0-20200123120452-16d982cac2b8", + "github.com/rclone/ftp@v0.0.0-20221014110213-e44dedbc76c6", + "github.com/rfjakob/eme@v1.1.2", + "github.com/rivo/uniseg@v0.2.0", + "github.com/russross/blackfriday/v2@v2.1.0", + "github.com/shirou/gopsutil/v3@v3.22.10", + "github.com/sirupsen/logrus@v1.9.0", + "github.com/skratchdot/open-golang@v0.0.0-20200116055534-eef842397966", + "github.com/sony/gobreaker@v0.5.0", + "github.com/spacemonkeygo/monkit/v3@v3.0.17", + "github.com/spf13/cobra@v1.6.1", + "github.com/spf13/pflag@v1.0.5", + "github.com/t3rm1n4l/go-mega@v0.0.0-20220725095014-c4e0c2b5debf", + "github.com/vivint/infectious@v0.0.0-20200605153912-25a574ae18a3", + "github.com/xanzy/ssh-agent@v0.3.3", + "github.com/youmark/pkcs8@v0.0.0-20201027041543-1326539a0a0a", + "github.com/yunify/qingstor-sdk-go/v3@v3.2.0", + "github.com/zeebo/errs@v1.3.0", + "go.etcd.io/bbolt@v1.3.6", + "go.opencensus.io@v0.24.0", + "goftp.io/server@v0.4.1", + "golang.org/x/crypto@v0.3.0", + "golang.org/x/net@v0.4.0", + "golang.org/x/oauth2@v0.2.0", + "golang.org/x/sync@v0.1.0", + "golang.org/x/sys@v0.3.0", + "golang.org/x/term@v0.3.0", + "golang.org/x/text@v0.5.0", + "golang.org/x/time@v0.2.0", + "google.golang.org/api@v0.103.0", + "google.golang.org/genproto@v0.0.0-20221027153422-115e99e71e1c", + "google.golang.org/grpc@v1.50.1", + "google.golang.org/protobuf@v1.28.1", + "gopkg.in/yaml.v2@v2.4.0", + "gopkg.in/yaml.v3@v3.0.1", + "stdlib@v1.19.4", + "storj.io/common@v0.0.0-20220414110316-a5cb7172d6bf", + "storj.io/drpc@v0.0.30", + "storj.io/uplink@v1.9.0" + ], + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "stdlib@v1.19.4", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "Version": "v1.19.4", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "bazil.org/fuse@v0.0.0-20200524192727-fb710f7dfd05", + "Name": "bazil.org/fuse", + "Identifier": { + "PURL": "pkg:golang/bazil.org/fuse@v0.0.0-20200524192727-fb710f7dfd05", + "UID": "e326377e7594e90d" + }, + "Version": "v0.0.0-20200524192727-fb710f7dfd05", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "cloud.google.com/go/compute/metadata@v0.2.1", + "Name": "cloud.google.com/go/compute/metadata", + "Identifier": { + "PURL": "pkg:golang/cloud.google.com/go/compute/metadata@v0.2.1", + "UID": "c49fe0c9fb0922d3" + }, + "Version": "v0.2.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.1.4", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/azcore", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azcore@v1.1.4", + "UID": "588de0eb9d873f03" + }, + "Version": "v1.1.4", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.2.0", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/azidentity", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azidentity@v1.2.0", + "UID": "9e2e4303a4195ef3" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/internal@v1.0.1", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/internal", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/internal@v1.0.1", + "UID": "3af85f292175432e" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob@v0.5.1", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/storage/azblob@v0.5.1", + "UID": "fd812700db42447b" + }, + "Version": "v0.5.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/go-ntlmssp@v0.0.0-20220621081337-cb9428e4ac1e", + "Name": "github.com/Azure/go-ntlmssp", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/go-ntlmssp@v0.0.0-20220621081337-cb9428e4ac1e", + "UID": "94423296cb8be0a" + }, + "Version": "v0.0.0-20220621081337-cb9428e4ac1e", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/AzureAD/microsoft-authentication-library-for-go@v0.7.0", + "Name": "github.com/AzureAD/microsoft-authentication-library-for-go", + "Identifier": { + "PURL": "pkg:golang/github.com/azuread/microsoft-authentication-library-for-go@v0.7.0", + "UID": "a5d005e8ef29fde0" + }, + "Version": "v0.7.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Max-Sum/base32768@v0.0.0-20191205131208-7937843c71d5", + "Name": "github.com/Max-Sum/base32768", + "Identifier": { + "PURL": "pkg:golang/github.com/max-sum/base32768@v0.0.0-20191205131208-7937843c71d5", + "UID": "dc1ed91e88817ecd" + }, + "Version": "v0.0.0-20191205131208-7937843c71d5", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/ProtonMail/go-crypto@v0.0.0-20221026131551-cf6655e29de4", + "Name": "github.com/ProtonMail/go-crypto", + "Identifier": { + "PURL": "pkg:golang/github.com/protonmail/go-crypto@v0.0.0-20221026131551-cf6655e29de4", + "UID": "47bd36c43c7a11ed" + }, + "Version": "v0.0.0-20221026131551-cf6655e29de4", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Unknwon/goconfig@v1.0.0", + "Name": "github.com/Unknwon/goconfig", + "Identifier": { + "PURL": "pkg:golang/github.com/unknwon/goconfig@v1.0.0", + "UID": "b9fcd5d99373376d" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/a8m/tree@v0.0.0-20210414114729-ce3525c5c2ef", + "Name": "github.com/a8m/tree", + "Identifier": { + "PURL": "pkg:golang/github.com/a8m/tree@v0.0.0-20210414114729-ce3525c5c2ef", + "UID": "dfe87a11b16fd373" + }, + "Version": "v0.0.0-20210414114729-ce3525c5c2ef", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aalpar/deheap@v0.0.0-20210914013432-0cc84d79dec3", + "Name": "github.com/aalpar/deheap", + "Identifier": { + "PURL": "pkg:golang/github.com/aalpar/deheap@v0.0.0-20210914013432-0cc84d79dec3", + "UID": "de2ea7084056b52e" + }, + "Version": "v0.0.0-20210914013432-0cc84d79dec3", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/abbot/go-http-auth@v0.4.0", + "Name": "github.com/abbot/go-http-auth", + "Identifier": { + "PURL": "pkg:golang/github.com/abbot/go-http-auth@v0.4.0", + "UID": "5ab0773158a33925" + }, + "Version": "v0.4.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/anacrolix/dms@v1.5.0", + "Name": "github.com/anacrolix/dms", + "Identifier": { + "PURL": "pkg:golang/github.com/anacrolix/dms@v1.5.0", + "UID": "8b414c8d1bd80ab5" + }, + "Version": "v1.5.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/anacrolix/log@v0.13.1", + "Name": "github.com/anacrolix/log", + "Identifier": { + "PURL": "pkg:golang/github.com/anacrolix/log@v0.13.1", + "UID": "35d0179d7bf6f042" + }, + "Version": "v0.13.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/artyom/mtab@v1.0.0", + "Name": "github.com/artyom/mtab", + "Identifier": { + "PURL": "pkg:golang/github.com/artyom/mtab@v1.0.0", + "UID": "34ec9fb92a539633" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/atotto/clipboard@v0.1.4", + "Name": "github.com/atotto/clipboard", + "Identifier": { + "PURL": "pkg:golang/github.com/atotto/clipboard@v0.1.4", + "UID": "9b148df82c4aaf1" + }, + "Version": "v0.1.4", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go@v1.44.145", + "Name": "github.com/aws/aws-sdk-go", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go@v1.44.145", + "UID": "64d3196ec3dc43c9" + }, + "Version": "v1.44.145", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/beorn7/perks@v1.0.1", + "Name": "github.com/beorn7/perks", + "Identifier": { + "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", + "UID": "9db812384db82867" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/buengese/sgzip@v0.1.1", + "Name": "github.com/buengese/sgzip", + "Identifier": { + "PURL": "pkg:golang/github.com/buengese/sgzip@v0.1.1", + "UID": "90a6fb3367798697" + }, + "Version": "v0.1.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/calebcase/tmpfile@v1.0.3", + "Name": "github.com/calebcase/tmpfile", + "Identifier": { + "PURL": "pkg:golang/github.com/calebcase/tmpfile@v1.0.3", + "UID": "c92ea277cada4584" + }, + "Version": "v1.0.3", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cespare/xxhash/v2@v2.1.2", + "Name": "github.com/cespare/xxhash/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.1.2", + "UID": "594caa752e9c787b" + }, + "Version": "v2.1.2", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cloudflare/circl@v1.1.0", + "Name": "github.com/cloudflare/circl", + "Identifier": { + "PURL": "pkg:golang/github.com/cloudflare/circl@v1.1.0", + "UID": "6ad71c4815031930" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/colinmarc/hdfs/v2@v2.3.0", + "Name": "github.com/colinmarc/hdfs/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/colinmarc/hdfs/v2@v2.3.0", + "UID": "3935051519b0ce30" + }, + "Version": "v2.3.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/coreos/go-semver@v0.3.0", + "Name": "github.com/coreos/go-semver", + "Identifier": { + "PURL": "pkg:golang/github.com/coreos/go-semver@v0.3.0", + "UID": "2f634c91c54af7ae" + }, + "Version": "v0.3.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/coreos/go-systemd@v0.0.0-20191104093116-d3cd4ed1dbcf", + "Name": "github.com/coreos/go-systemd", + "Identifier": { + "PURL": "pkg:golang/github.com/coreos/go-systemd@v0.0.0-20191104093116-d3cd4ed1dbcf", + "UID": "6346de3a92a6be0a" + }, + "Version": "v0.0.0-20191104093116-d3cd4ed1dbcf", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cpuguy83/go-md2man/v2@v2.0.2", + "Name": "github.com/cpuguy83/go-md2man/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/cpuguy83/go-md2man/v2@v2.0.2", + "UID": "601256f06f150e1f" + }, + "Version": "v2.0.2", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/dropbox/dropbox-sdk-go-unofficial/v6@v6.0.5", + "Name": "github.com/dropbox/dropbox-sdk-go-unofficial/v6", + "Identifier": { + "PURL": "pkg:golang/github.com/dropbox/dropbox-sdk-go-unofficial/v6@v6.0.5", + "UID": "ab721ef79da4c7b9" + }, + "Version": "v6.0.5", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gabriel-vasile/mimetype@v1.4.1", + "Name": "github.com/gabriel-vasile/mimetype", + "Identifier": { + "PURL": "pkg:golang/github.com/gabriel-vasile/mimetype@v1.4.1", + "UID": "3e6e996ab1ed72ee" + }, + "Version": "v1.4.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gdamore/encoding@v1.0.0", + "Name": "github.com/gdamore/encoding", + "Identifier": { + "PURL": "pkg:golang/github.com/gdamore/encoding@v1.0.0", + "UID": "d8de5b1778213249" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gdamore/tcell/v2@v2.5.3", + "Name": "github.com/gdamore/tcell/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/gdamore/tcell/v2@v2.5.3", + "UID": "f000ef08ec14b3ae" + }, + "Version": "v2.5.3", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/geoffgarside/ber@v1.1.0", + "Name": "github.com/geoffgarside/ber", + "Identifier": { + "PURL": "pkg:golang/github.com/geoffgarside/ber@v1.1.0", + "UID": "9684e2b37bb6c350" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-chi/chi/v5@v5.0.7", + "Name": "github.com/go-chi/chi/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/go-chi/chi/v5@v5.0.7", + "UID": "174827b0972b6f93" + }, + "Version": "v5.0.7", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gofrs/flock@v0.8.1", + "Name": "github.com/gofrs/flock", + "Identifier": { + "PURL": "pkg:golang/github.com/gofrs/flock@v0.8.1", + "UID": "9a13242c499925ec" + }, + "Version": "v0.8.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gogo/protobuf@v1.3.2", + "Name": "github.com/gogo/protobuf", + "Identifier": { + "PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2", + "UID": "d87d9eff3e69d867" + }, + "Version": "v1.3.2", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang-jwt/jwt/v4@v4.4.2", + "Name": "github.com/golang-jwt/jwt/v4", + "Identifier": { + "PURL": "pkg:golang/github.com/golang-jwt/jwt/v4@v4.4.2", + "UID": "a02ec5d34a9debc5" + }, + "Version": "v4.4.2", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", + "Name": "github.com/golang/groupcache", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", + "UID": "afd14c25f4ee5d4b" + }, + "Version": "v0.0.0-20210331224755-41bb18bfe9da", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/protobuf@v1.5.2", + "Name": "github.com/golang/protobuf", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/protobuf@v1.5.2", + "UID": "33bde5d5d825dd96" + }, + "Version": "v1.5.2", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/go-querystring@v1.1.0", + "Name": "github.com/google/go-querystring", + "Identifier": { + "PURL": "pkg:golang/github.com/google/go-querystring@v1.1.0", + "UID": "3dd1c5f700d031dd" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/uuid@v1.3.0", + "Name": "github.com/google/uuid", + "Identifier": { + "PURL": "pkg:golang/github.com/google/uuid@v1.3.0", + "UID": "4c55dd47bd0c005c" + }, + "Version": "v1.3.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/googleapis/enterprise-certificate-proxy@v0.2.0", + "Name": "github.com/googleapis/enterprise-certificate-proxy", + "Identifier": { + "PURL": "pkg:golang/github.com/googleapis/enterprise-certificate-proxy@v0.2.0", + "UID": "e26fa96544cf98a1" + }, + "Version": "v0.2.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/googleapis/gax-go/v2@v2.7.0", + "Name": "github.com/googleapis/gax-go/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/googleapis/gax-go/v2@v2.7.0", + "UID": "c5e85822c4cfb999" + }, + "Version": "v2.7.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hanwen/go-fuse/v2@v2.1.0", + "Name": "github.com/hanwen/go-fuse/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/hanwen/go-fuse/v2@v2.1.0", + "UID": "d89ade7dbb7dc768" + }, + "Version": "v2.1.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/errwrap@v1.0.0", + "Name": "github.com/hashicorp/errwrap", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/errwrap@v1.0.0", + "UID": "3af0290f673165be" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-multierror@v1.1.1", + "Name": "github.com/hashicorp/go-multierror", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-multierror@v1.1.1", + "UID": "63bc31e1a7f3db3f" + }, + "Version": "v1.1.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-uuid@v1.0.3", + "Name": "github.com/hashicorp/go-uuid", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-uuid@v1.0.3", + "UID": "e2650d386c0e7227" + }, + "Version": "v1.0.3", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hirochachacha/go-smb2@v1.1.0", + "Name": "github.com/hirochachacha/go-smb2", + "Identifier": { + "PURL": "pkg:golang/github.com/hirochachacha/go-smb2@v1.1.0", + "UID": "f665b457a9d6481b" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/iguanesolutions/go-systemd/v5@v5.1.0", + "Name": "github.com/iguanesolutions/go-systemd/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/iguanesolutions/go-systemd/v5@v5.1.0", + "UID": "fc6b6d77c91423bb" + }, + "Version": "v5.1.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jcmturner/aescts/v2@v2.0.0", + "Name": "github.com/jcmturner/aescts/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/jcmturner/aescts/v2@v2.0.0", + "UID": "c78cb1254b6a8e5b" + }, + "Version": "v2.0.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jcmturner/dnsutils/v2@v2.0.0", + "Name": "github.com/jcmturner/dnsutils/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/jcmturner/dnsutils/v2@v2.0.0", + "UID": "a7ad42b7cad868aa" + }, + "Version": "v2.0.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jcmturner/gofork@v1.7.6", + "Name": "github.com/jcmturner/gofork", + "Identifier": { + "PURL": "pkg:golang/github.com/jcmturner/gofork@v1.7.6", + "UID": "49af178ed17b2905" + }, + "Version": "v1.7.6", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jcmturner/goidentity/v6@v6.0.1", + "Name": "github.com/jcmturner/goidentity/v6", + "Identifier": { + "PURL": "pkg:golang/github.com/jcmturner/goidentity/v6@v6.0.1", + "UID": "7ef3be726cac9ac" + }, + "Version": "v6.0.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jcmturner/gokrb5/v8@v8.4.3", + "Name": "github.com/jcmturner/gokrb5/v8", + "Identifier": { + "PURL": "pkg:golang/github.com/jcmturner/gokrb5/v8@v8.4.3", + "UID": "7db6c4a4e6014e0c" + }, + "Version": "v8.4.3", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jcmturner/rpc/v2@v2.0.3", + "Name": "github.com/jcmturner/rpc/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/jcmturner/rpc/v2@v2.0.3", + "UID": "c2fadbabdb422851" + }, + "Version": "v2.0.3", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jmespath/go-jmespath@v0.4.0", + "Name": "github.com/jmespath/go-jmespath", + "Identifier": { + "PURL": "pkg:golang/github.com/jmespath/go-jmespath@v0.4.0", + "UID": "18998ac4dc32a50a" + }, + "Version": "v0.4.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jzelinskie/whirlpool@v0.0.0-20201016144138-0675e54bb004", + "Name": "github.com/jzelinskie/whirlpool", + "Identifier": { + "PURL": "pkg:golang/github.com/jzelinskie/whirlpool@v0.0.0-20201016144138-0675e54bb004", + "UID": "36634c97ac70a026" + }, + "Version": "v0.0.0-20201016144138-0675e54bb004", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/klauspost/compress@v1.15.12", + "Name": "github.com/klauspost/compress", + "Identifier": { + "PURL": "pkg:golang/github.com/klauspost/compress@v1.15.12", + "UID": "11829bcf817fab6f" + }, + "Version": "v1.15.12", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/koofr/go-httpclient@v0.0.0-20200420163713-93aa7c75b348", + "Name": "github.com/koofr/go-httpclient", + "Identifier": { + "PURL": "pkg:golang/github.com/koofr/go-httpclient@v0.0.0-20200420163713-93aa7c75b348", + "UID": "5c1ae4b9a87e2d29" + }, + "Version": "v0.0.0-20200420163713-93aa7c75b348", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/koofr/go-koofrclient@v0.0.0-20190724113126-8e5366da203a", + "Name": "github.com/koofr/go-koofrclient", + "Identifier": { + "PURL": "pkg:golang/github.com/koofr/go-koofrclient@v0.0.0-20190724113126-8e5366da203a", + "UID": "4eeaabca6565cb54" + }, + "Version": "v0.0.0-20190724113126-8e5366da203a", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/kr/fs@v0.1.0", + "Name": "github.com/kr/fs", + "Identifier": { + "PURL": "pkg:golang/github.com/kr/fs@v0.1.0", + "UID": "5afdf97ff7f34072" + }, + "Version": "v0.1.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/kylelemons/godebug@v1.1.0", + "Name": "github.com/kylelemons/godebug", + "Identifier": { + "PURL": "pkg:golang/github.com/kylelemons/godebug@v1.1.0", + "UID": "52283410ea03b5a8" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/lucasb-eyer/go-colorful@v1.2.0", + "Name": "github.com/lucasb-eyer/go-colorful", + "Identifier": { + "PURL": "pkg:golang/github.com/lucasb-eyer/go-colorful@v1.2.0", + "UID": "2da086943997a1b5" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mattn/go-colorable@v0.1.13", + "Name": "github.com/mattn/go-colorable", + "Identifier": { + "PURL": "pkg:golang/github.com/mattn/go-colorable@v0.1.13", + "UID": "cb2af01d187a561" + }, + "Version": "v0.1.13", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mattn/go-isatty@v0.0.16", + "Name": "github.com/mattn/go-isatty", + "Identifier": { + "PURL": "pkg:golang/github.com/mattn/go-isatty@v0.0.16", + "UID": "b95725f615939ad4" + }, + "Version": "v0.0.16", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mattn/go-runewidth@v0.0.14", + "Name": "github.com/mattn/go-runewidth", + "Identifier": { + "PURL": "pkg:golang/github.com/mattn/go-runewidth@v0.0.14", + "UID": "c08692dec378934b" + }, + "Version": "v0.0.14", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/matttproud/golang_protobuf_extensions@v1.0.1", + "Name": "github.com/matttproud/golang_protobuf_extensions", + "Identifier": { + "PURL": "pkg:golang/github.com/matttproud/golang_protobuf_extensions@v1.0.1", + "UID": "22bcf68bfde6516d" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mitchellh/go-homedir@v1.1.0", + "Name": "github.com/mitchellh/go-homedir", + "Identifier": { + "PURL": "pkg:golang/github.com/mitchellh/go-homedir@v1.1.0", + "UID": "b20939d7367e68a4" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/ncw/go-acd@v0.0.0-20201019170801-fe55f33415b1", + "Name": "github.com/ncw/go-acd", + "Identifier": { + "PURL": "pkg:golang/github.com/ncw/go-acd@v0.0.0-20201019170801-fe55f33415b1", + "UID": "1ce220826a0c2f83" + }, + "Version": "v0.0.0-20201019170801-fe55f33415b1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/ncw/swift/v2@v2.0.1", + "Name": "github.com/ncw/swift/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/ncw/swift/v2@v2.0.1", + "UID": "209168f39bc7757e" + }, + "Version": "v2.0.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/oracle/oci-go-sdk/v65@v65.26.1", + "Name": "github.com/oracle/oci-go-sdk/v65", + "Identifier": { + "PURL": "pkg:golang/github.com/oracle/oci-go-sdk/v65@v65.26.1", + "UID": "2a8c17704b1629a4" + }, + "Version": "v65.26.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/patrickmn/go-cache@v2.1.0+incompatible", + "Name": "github.com/patrickmn/go-cache", + "Identifier": { + "PURL": "pkg:golang/github.com/patrickmn/go-cache@v2.1.0%2Bincompatible", + "UID": "62374a16aa2bb819" + }, + "Version": "v2.1.0+incompatible", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pengsrc/go-shared@v0.2.1-0.20190131101655-1999055a4a14", + "Name": "github.com/pengsrc/go-shared", + "Identifier": { + "PURL": "pkg:golang/github.com/pengsrc/go-shared@v0.2.1-0.20190131101655-1999055a4a14", + "UID": "cb8aece86917d49e" + }, + "Version": "v0.2.1-0.20190131101655-1999055a4a14", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pkg/browser@v0.0.0-20210115035449-ce105d075bb4", + "Name": "github.com/pkg/browser", + "Identifier": { + "PURL": "pkg:golang/github.com/pkg/browser@v0.0.0-20210115035449-ce105d075bb4", + "UID": "47f3b57c556ac34b" + }, + "Version": "v0.0.0-20210115035449-ce105d075bb4", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pkg/sftp@v1.13.5", + "Name": "github.com/pkg/sftp", + "Identifier": { + "PURL": "pkg:golang/github.com/pkg/sftp@v1.13.5", + "UID": "bf37bef6f1d969d0" + }, + "Version": "v1.13.5", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pkg/xattr@v0.4.9", + "Name": "github.com/pkg/xattr", + "Identifier": { + "PURL": "pkg:golang/github.com/pkg/xattr@v0.4.9", + "UID": "2d970b6cad9ee09e" + }, + "Version": "v0.4.9", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_golang@v1.14.0", + "Name": "github.com/prometheus/client_golang", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.14.0", + "UID": "115000457136cc6f" + }, + "Version": "v1.14.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_model@v0.3.0", + "Name": "github.com/prometheus/client_model", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_model@v0.3.0", + "UID": "844dd84e5c6d6a74" + }, + "Version": "v0.3.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/common@v0.37.0", + "Name": "github.com/prometheus/common", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/common@v0.37.0", + "UID": "467a5b50e5eb9bd1" + }, + "Version": "v0.37.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/procfs@v0.8.0", + "Name": "github.com/prometheus/procfs", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/procfs@v0.8.0", + "UID": "e043b2ebc83e40f7" + }, + "Version": "v0.8.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/putdotio/go-putio/putio@v0.0.0-20200123120452-16d982cac2b8", + "Name": "github.com/putdotio/go-putio/putio", + "Identifier": { + "PURL": "pkg:golang/github.com/putdotio/go-putio/putio@v0.0.0-20200123120452-16d982cac2b8", + "UID": "52f596004ac71629" + }, + "Version": "v0.0.0-20200123120452-16d982cac2b8", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/rclone/ftp@v0.0.0-20221014110213-e44dedbc76c6", + "Name": "github.com/rclone/ftp", + "Identifier": { + "PURL": "pkg:golang/github.com/rclone/ftp@v0.0.0-20221014110213-e44dedbc76c6", + "UID": "24808aef510d50da" + }, + "Version": "v0.0.0-20221014110213-e44dedbc76c6", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/rfjakob/eme@v1.1.2", + "Name": "github.com/rfjakob/eme", + "Identifier": { + "PURL": "pkg:golang/github.com/rfjakob/eme@v1.1.2", + "UID": "13f83c9ba1855e00" + }, + "Version": "v1.1.2", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/rivo/uniseg@v0.2.0", + "Name": "github.com/rivo/uniseg", + "Identifier": { + "PURL": "pkg:golang/github.com/rivo/uniseg@v0.2.0", + "UID": "1fa9d8777d37cd57" + }, + "Version": "v0.2.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/russross/blackfriday/v2@v2.1.0", + "Name": "github.com/russross/blackfriday/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/russross/blackfriday/v2@v2.1.0", + "UID": "e1681825ad1c209b" + }, + "Version": "v2.1.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/shirou/gopsutil/v3@v3.22.10", + "Name": "github.com/shirou/gopsutil/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/shirou/gopsutil/v3@v3.22.10", + "UID": "d10e401e488fe27b" + }, + "Version": "v3.22.10", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/sirupsen/logrus@v1.9.0", + "Name": "github.com/sirupsen/logrus", + "Identifier": { + "PURL": "pkg:golang/github.com/sirupsen/logrus@v1.9.0", + "UID": "46b956ac4d3f77c5" + }, + "Version": "v1.9.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/skratchdot/open-golang@v0.0.0-20200116055534-eef842397966", + "Name": "github.com/skratchdot/open-golang", + "Identifier": { + "PURL": "pkg:golang/github.com/skratchdot/open-golang@v0.0.0-20200116055534-eef842397966", + "UID": "f5602cfe94cfcc8" + }, + "Version": "v0.0.0-20200116055534-eef842397966", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/sony/gobreaker@v0.5.0", + "Name": "github.com/sony/gobreaker", + "Identifier": { + "PURL": "pkg:golang/github.com/sony/gobreaker@v0.5.0", + "UID": "dac01ec8c4f4ee11" + }, + "Version": "v0.5.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spacemonkeygo/monkit/v3@v3.0.17", + "Name": "github.com/spacemonkeygo/monkit/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/spacemonkeygo/monkit/v3@v3.0.17", + "UID": "2bfd9f0c62daae32" + }, + "Version": "v3.0.17", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/cobra@v1.6.1", + "Name": "github.com/spf13/cobra", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/cobra@v1.6.1", + "UID": "efe1f0c40742c59f" + }, + "Version": "v1.6.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/pflag@v1.0.5", + "Name": "github.com/spf13/pflag", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.5", + "UID": "24ad49a893d9b4b3" + }, + "Version": "v1.0.5", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/t3rm1n4l/go-mega@v0.0.0-20220725095014-c4e0c2b5debf", + "Name": "github.com/t3rm1n4l/go-mega", + "Identifier": { + "PURL": "pkg:golang/github.com/t3rm1n4l/go-mega@v0.0.0-20220725095014-c4e0c2b5debf", + "UID": "bc3cce22ed41d26e" + }, + "Version": "v0.0.0-20220725095014-c4e0c2b5debf", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/vivint/infectious@v0.0.0-20200605153912-25a574ae18a3", + "Name": "github.com/vivint/infectious", + "Identifier": { + "PURL": "pkg:golang/github.com/vivint/infectious@v0.0.0-20200605153912-25a574ae18a3", + "UID": "c0a9f0339f01b2b8" + }, + "Version": "v0.0.0-20200605153912-25a574ae18a3", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/xanzy/ssh-agent@v0.3.3", + "Name": "github.com/xanzy/ssh-agent", + "Identifier": { + "PURL": "pkg:golang/github.com/xanzy/ssh-agent@v0.3.3", + "UID": "9f0f8fa279374e90" + }, + "Version": "v0.3.3", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/youmark/pkcs8@v0.0.0-20201027041543-1326539a0a0a", + "Name": "github.com/youmark/pkcs8", + "Identifier": { + "PURL": "pkg:golang/github.com/youmark/pkcs8@v0.0.0-20201027041543-1326539a0a0a", + "UID": "76c01c2387b0ff5a" + }, + "Version": "v0.0.0-20201027041543-1326539a0a0a", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/yunify/qingstor-sdk-go/v3@v3.2.0", + "Name": "github.com/yunify/qingstor-sdk-go/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/yunify/qingstor-sdk-go/v3@v3.2.0", + "UID": "486856d66f8bbad" + }, + "Version": "v3.2.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/zeebo/errs@v1.3.0", + "Name": "github.com/zeebo/errs", + "Identifier": { + "PURL": "pkg:golang/github.com/zeebo/errs@v1.3.0", + "UID": "1d3e33ea493fb64d" + }, + "Version": "v1.3.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.etcd.io/bbolt@v1.3.6", + "Name": "go.etcd.io/bbolt", + "Identifier": { + "PURL": "pkg:golang/go.etcd.io/bbolt@v1.3.6", + "UID": "cc3b8641d2eec17a" + }, + "Version": "v1.3.6", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opencensus.io@v0.24.0", + "Name": "go.opencensus.io", + "Identifier": { + "PURL": "pkg:golang/go.opencensus.io@v0.24.0", + "UID": "f4fa8432d922fc4d" + }, + "Version": "v0.24.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "goftp.io/server@v0.4.1", + "Name": "goftp.io/server", + "Identifier": { + "PURL": "pkg:golang/goftp.io/server@v0.4.1", + "UID": "a4291f5e4219beb2" + }, + "Version": "v0.4.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/crypto@v0.3.0", + "Name": "golang.org/x/crypto", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.3.0", + "UID": "31a497eb63876334" + }, + "Version": "v0.3.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/net@v0.4.0", + "Name": "golang.org/x/net", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.4.0", + "UID": "80db47ca242657ea" + }, + "Version": "v0.4.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/oauth2@v0.2.0", + "Name": "golang.org/x/oauth2", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/oauth2@v0.2.0", + "UID": "31dfa10cd8116308" + }, + "Version": "v0.2.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sync@v0.1.0", + "Name": "golang.org/x/sync", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sync@v0.1.0", + "UID": "60a1b9b8c78daac4" + }, + "Version": "v0.1.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sys@v0.3.0", + "Name": "golang.org/x/sys", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sys@v0.3.0", + "UID": "5c94e87c92f3707f" + }, + "Version": "v0.3.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/term@v0.3.0", + "Name": "golang.org/x/term", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/term@v0.3.0", + "UID": "2dc4b367dc027924" + }, + "Version": "v0.3.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/text@v0.5.0", + "Name": "golang.org/x/text", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/text@v0.5.0", + "UID": "5935d9bdb1a25c6" + }, + "Version": "v0.5.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/time@v0.2.0", + "Name": "golang.org/x/time", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/time@v0.2.0", + "UID": "dbcaba973097174b" + }, + "Version": "v0.2.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/api@v0.103.0", + "Name": "google.golang.org/api", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/api@v0.103.0", + "UID": "dfab0203996e51b7" + }, + "Version": "v0.103.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/genproto@v0.0.0-20221027153422-115e99e71e1c", + "Name": "google.golang.org/genproto", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/genproto@v0.0.0-20221027153422-115e99e71e1c", + "UID": "8311452352132e6d" + }, + "Version": "v0.0.0-20221027153422-115e99e71e1c", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/grpc@v1.50.1", + "Name": "google.golang.org/grpc", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/grpc@v1.50.1", + "UID": "295cade235701834" + }, + "Version": "v1.50.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/protobuf@v1.28.1", + "Name": "google.golang.org/protobuf", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/protobuf@v1.28.1", + "UID": "92d88af829581f08" + }, + "Version": "v1.28.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v2@v2.4.0", + "Name": "gopkg.in/yaml.v2", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", + "UID": "8f604011369f2d83" + }, + "Version": "v2.4.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v3@v3.0.1", + "Name": "gopkg.in/yaml.v3", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", + "UID": "e7eb1f43223c25c7" + }, + "Version": "v3.0.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "storj.io/common@v0.0.0-20220414110316-a5cb7172d6bf", + "Name": "storj.io/common", + "Identifier": { + "PURL": "pkg:golang/storj.io/common@v0.0.0-20220414110316-a5cb7172d6bf", + "UID": "11d5433de310f275" + }, + "Version": "v0.0.0-20220414110316-a5cb7172d6bf", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "storj.io/drpc@v0.0.30", + "Name": "storj.io/drpc", + "Identifier": { + "PURL": "pkg:golang/storj.io/drpc@v0.0.30", + "UID": "68c10d13a5960cc8" + }, + "Version": "v0.0.30", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "storj.io/uplink@v1.9.0", + "Name": "storj.io/uplink", + "Identifier": { + "PURL": "pkg:golang/storj.io/uplink@v1.9.0", + "UID": "127009b06e999ae" + }, + "Version": "v1.9.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2024-35255", + "VendorIDs": [ + "GHSA-m5vv-6r4h-3vj9" + ], + "PkgID": "github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.2.0", + "PkgName": "github.com/Azure/azure-sdk-for-go/sdk/azidentity", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azidentity@v1.2.0", + "UID": "9e2e4303a4195ef3" + }, + "InstalledVersion": "v1.2.0", + "FixedVersion": "1.6.0-beta.4.0.20240610221955-50774cd97099", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35255", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:236e960be66ee3006fa47e021696bcd2ea517532797861744a6df27accc1c8c2", + "Title": "azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity", + "Description": "Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", + "V3Score": 5.5, + "V40Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-35255", + "https://github.com/Azure/azure-sdk-for-go/commit/50774cd9709905523136fb05e8c85a50e8984499", + "https://github.com/Azure/azure-sdk-for-java/commit/5bf020d6ea056de40e2738e3647a4e06f902c18d", + "https://github.com/Azure/azure-sdk-for-js/commit/c6aa75d312ae463e744163cedfd8fc480cc8d492", + "https://github.com/Azure/azure-sdk-for-net/commit/9279a4f38bf69b457cfb9b354f210e0a540a5c53", + "https://github.com/Azure/azure-sdk-for-python/commit/cb065acd7d0f957327dc4f02d1646d4e51a94178", + "https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4806#issuecomment-2178960340", + "https://github.com/advisories/GHSA-m5vv-6r4h-3vj9", + "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255", + "https://nvd.nist.gov/vuln/detail/CVE-2024-35255", + "https://www.cve.org/CVERecord?id=CVE-2024-35255" + ], + "PublishedDate": "2024-06-11T17:16:03.55Z", + "LastModifiedDate": "2024-11-21T09:20:01.923Z" + }, + { + "VulnerabilityID": "CVE-2026-32952", + "VendorIDs": [ + "GHSA-pjcq-xvwq-hhpj" + ], + "PkgID": "github.com/Azure/go-ntlmssp@v0.0.0-20220621081337-cb9428e4ac1e", + "PkgName": "github.com/Azure/go-ntlmssp", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/azure/go-ntlmssp@v0.0.0-20220621081337-cb9428e4ac1e", + "UID": "94423296cb8be0a" + }, + "InstalledVersion": "v0.0.0-20220621081337-cb9428e4ac1e", + "FixedVersion": "0.1.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32952", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:88c2b915391c6b89f809f457edf17cce689d488f0935877a2308cb038cd0c8ac", + "Title": "go-ntlmssp: go-ntlmssp: Denial of Service via malicious NTLM challenge", + "Description": "go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1 patches the issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32952", + "https://github.com/Azure/go-ntlmssp", + "https://github.com/Azure/go-ntlmssp/releases/tag/v0.1.1", + "https://github.com/Azure/go-ntlmssp/security/advisories/GHSA-pjcq-xvwq-hhpj", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32952", + "https://www.cve.org/CVERecord?id=CVE-2026-32952" + ], + "PublishedDate": "2026-04-24T03:16:07.833Z", + "LastModifiedDate": "2026-05-21T18:22:06.247Z" + }, + { + "VulnerabilityID": "GHSA-9763-4f94-gfch", + "PkgID": "github.com/cloudflare/circl@v1.1.0", + "PkgName": "github.com/cloudflare/circl", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/cloudflare/circl@v1.1.0", + "UID": "6ad71c4815031930" + }, + "InstalledVersion": "v1.1.0", + "FixedVersion": "1.3.7", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-9763-4f94-gfch", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:78120b5b1441853998c1ae8a5421ed5c7b60ff2d06fc50faba065fe4c588ca4f", + "Title": "CIRCL's Kyber: timing side-channel (kyberslash2)", + "Description": "### Impact\nOn some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.\n\nDoes not apply to ephemeral usage, such as when used in the regular way in TLS.\n\n### Patches\nPatched in 1.3.7.\n\n### References\n- [kyberslash.cr.yp.to](https://kyberslash.cr.yp.to/)", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "References": [ + "https://github.com/cloudflare/circl", + "https://github.com/cloudflare/circl/commit/75ef91e8a2f438e6ce2b6e620d236add8be1887d", + "https://github.com/cloudflare/circl/security/advisories/GHSA-9763-4f94-gfch", + "https://kyberslash.cr.yp.to" + ], + "PublishedDate": "2024-01-08T16:45:05Z", + "LastModifiedDate": "2024-05-20T22:00:44Z" + }, + { + "VulnerabilityID": "CVE-2023-1732", + "VendorIDs": [ + "GHSA-2q89-485c-9j2x" + ], + "PkgID": "github.com/cloudflare/circl@v1.1.0", + "PkgName": "github.com/cloudflare/circl", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/cloudflare/circl@v1.1.0", + "UID": "6ad71c4815031930" + }, + "InstalledVersion": "v1.1.0", + "FixedVersion": "1.3.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-1732", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:aa573fc370c353010b43190ff83fb6a9144608eb269ad13de86a3bb115cfb6e5", + "Title": "Improper random reading in CIRCL", + "Description": "When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret.\n\nThe tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.\n\n", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20", + "CWE-755" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", + "V3Score": 8.2 + } + }, + "References": [ + "https://github.com/cloudflare/circl", + "https://github.com/cloudflare/circl/commit/ff8d91225f8954b4970b6d6382d2e4c78f4a4cf8", + "https://github.com/cloudflare/circl/releases/tag/v1.3.3", + "https://github.com/cloudflare/circl/security/advisories/GHSA-2q89-485c-9j2x", + "https://nvd.nist.gov/vuln/detail/CVE-2023-1732" + ], + "PublishedDate": "2023-05-10T12:15:10.523Z", + "LastModifiedDate": "2024-11-21T07:39:47.283Z" + }, + { + "VulnerabilityID": "GHSA-vrw8-fxc6-2r93", + "PkgID": "github.com/go-chi/chi/v5@v5.0.7", + "PkgName": "github.com/go-chi/chi/v5", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/go-chi/chi/v5@v5.0.7", + "UID": "174827b0972b6f93" + }, + "InstalledVersion": "v5.0.7", + "FixedVersion": "5.2.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-vrw8-fxc6-2r93", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:016e1306448b6bfd8ea1c2a0203cde51d109c6335b91a860de368bfcc5e2f02b", + "Title": "chi Allows Host Header Injection which Leads to Open Redirect in RedirectSlashes", + "Description": "### Summary\nThe RedirectSlashes function in middleware/strip.go is vulnerable to host header injection which leads to open redirect.\n\nWe consider this a **lower-severity** open redirect, as it can't be exploited from browsers or email clients (requires manipulation of a Host header).\n\n### Details\nThe RedirectSlashes method uses the Host header to construct the redirectURL at this line https://github.com/go-chi/chi/blob/master/middleware/strip.go#L55\n\nThe Host header can be manipulated by a user to be any arbitrary host. This leads to open redirect when using the RedirectSlashes middleware\n\n### PoC\nCreate a simple server which uses the RedirectSlashes middleware\n```\npackage main\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\n\t\"github.com/go-chi/chi/v5\"\n\t\"github.com/go-chi/chi/v5/middleware\" // Import the middleware package\n)\n\nfunc main() {\n\t// Create a new Chi router\n\tr := chi.NewRouter()\n\n\t// Use the built-in RedirectSlashes middleware\n\tr.Use(middleware.RedirectSlashes) // Use middleware.RedirectSlashes\n\n\t// Define a route handler\n\tr.Get(\"/\", func(w http.ResponseWriter, r *http.Request) {\n\t\t// A simple response\n\t\tw.Write([]byte(\"Hello, World!\"))\n\t})\n\n\t// Start the server\n\tfmt.Println(\"Starting server on :8080\")\n\thttp.ListenAndServe(\":8080\", r)\n}\n```\nRun the server `go run main.go`\n\nOnce the server is running, send a request that will trigger the RedirectSlashes function with an arbitrary Host header\n`curl -iL -H \"Host: example.com\" http://localhost:8080/test/`\n\nObserve that the request will be redirected to example.com\n\n```\ncurl -L -H \"Host: example.com\" http://localhost:8080/test/\n\n\u003c!doctype html\u003e\n\u003chtml\u003e\n\u003chead\u003e\n \u003ctitle\u003eExample Domain\u003c/title\u003e\n\n \u003cmeta charset=\"utf-8\" /\u003e\n \u003cmeta http-equiv=\"Content-type\" content=\"text/html; charset=utf-8\" /\u003e\n \u003cmeta name=\"viewport\" content=\"width=device-width, initial-scale=1\" /\u003e\n \u003cstyle type=\"text/css\"\u003e\n body {\n background-color: #f0f0f2;\n margin: 0;\n padding: 0;\n font-family: -apple-system, system-ui, BlinkMacSystemFont, \"Segoe UI\", \"Open Sans\", \"Helvetica Neue\", Helvetica, Arial, sans-serif;\n... snipped ...\n```\nWithout the host header, the response is returned from the test server\n```\ncurl -L http://localhost:8080/test/\n\n404 page not found\n```\n\n### Impact\nAn open redirect vulnerability allows attackers to trick users into visiting malicious sites. This can lead to phishing attacks, credential theft, and malware distribution, as users trust the application’s domain while being redirected to harmful sites.\n\n### Potential mitigation\nIt seems that the purpose of the RedirectSlashes function is to redirect within the same application. In that case r.RequestURI can be used instead of r.Host by default. If there is a use case to redirect to a different host, a flag can be added to use the Host header instead. As this flag will be controlled by the developer they will make the decision of allowing redirects to arbitrary hosts based on their judgement.", + "Severity": "MEDIUM", + "VendorSeverity": { + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", + "V40Score": 5.1 + } + }, + "References": [ + "https://github.com/go-chi/chi", + "https://github.com/go-chi/chi/commit/1be7ad938cc9c5b39a9dea01a5c518848928ab65", + "https://github.com/go-chi/chi/security/advisories/GHSA-vrw8-fxc6-2r93" + ], + "PublishedDate": "2025-06-20T16:37:47Z", + "LastModifiedDate": "2025-10-13T15:41:17Z" + }, + { + "VulnerabilityID": "CVE-2025-30204", + "VendorIDs": [ + "GHSA-mh63-6h87-95cp" + ], + "PkgID": "github.com/golang-jwt/jwt/v4@v4.4.2", + "PkgName": "github.com/golang-jwt/jwt/v4", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/golang-jwt/jwt/v4@v4.4.2", + "UID": "a02ec5d34a9debc5" + }, + "InstalledVersion": "v4.4.2", + "FixedVersion": "4.5.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-30204", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:57fc0ace77216019aaba8c33854d887fd8b9817865f89ef3987be09779123962", + "Title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing", + "Description": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-405" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V3Score": 7.5, + "V40Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7425", + "https://access.redhat.com/security/cve/CVE-2025-30204", + "https://bugzilla.redhat.com/2354195", + "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204", + "https://errata.almalinux.org/9/ALSA-2025-7425.html", + "https://errata.rockylinux.org/RLSA-2025:3411", + "https://github.com/golang-jwt/jwt", + "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3", + "https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb", + "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp", + "https://linux.oracle.com/cve/CVE-2025-30204.html", + "https://linux.oracle.com/errata/ELSA-2025-7967.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-30204", + "https://pkg.go.dev/vuln/GO-2025-3553", + "https://security.netapp.com/advisory/ntap-20250404-0002", + "https://security.netapp.com/advisory/ntap-20250404-0002/", + "https://www.cve.org/CVERecord?id=CVE-2025-30204" + ], + "PublishedDate": "2025-03-21T22:15:26.42Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2026-41176", + "VendorIDs": [ + "GHSA-25qr-6mpr-f7qx" + ], + "PkgID": "github.com/rclone/rclone@v1.61.1", + "PkgName": "github.com/rclone/rclone", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/rclone/rclone@v1.61.1", + "UID": "ae64505d118b4275" + }, + "InstalledVersion": "v1.61.1", + "FixedVersion": "1.73.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41176", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:bcf52b90588616e7bbeb0969945fcbc644ea5c64ff42147e5f32ad7924afeaee", + "Title": "github.com/rclone/rclone: Rclone: Unauthorized access to administrative functions through unauthenticated Remote Control endpoint.", + "Description": "Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint `options/set` is exposed without `AuthRequired: true`, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and prior to version 1.73.5, an unauthenticated attacker can set `rc.NoAuth=true`, which disables the authorization gate for many RC methods registered with `AuthRequired: true` on reachable RC servers that are started without global HTTP authentication. This can lead to unauthorized access to sensitive administrative functionality, including configuration and operational RC methods. Version 1.73.5 patches the issue.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-306" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 4, + "ghsa": 4, + "julia": 4, + "nvd": 4, + "redhat": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", + "V40Score": 9.2 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", + "V3Score": 9.8, + "V40Score": 9.2 + }, + "julia": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", + "V40Score": 9.2 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-41176", + "https://github.com/advisories/GHSA-25qr-6mpr-f7qx", + "https://github.com/rclone/rclone", + "https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/rc/config.go", + "https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/rc/rcserver/rcserver.go", + "https://github.com/rclone/rclone/security/advisories/GHSA-25qr-6mpr-f7qx", + "https://nvd.nist.gov/vuln/detail/CVE-2026-41176", + "https://www.cve.org/CVERecord?id=CVE-2026-41176" + ], + "PublishedDate": "2026-04-23T00:16:45.8Z", + "LastModifiedDate": "2026-04-27T18:19:45.303Z" + }, + { + "VulnerabilityID": "CVE-2026-41179", + "VendorIDs": [ + "GHSA-jfwf-28xr-xw6q" + ], + "PkgID": "github.com/rclone/rclone@v1.61.1", + "PkgName": "github.com/rclone/rclone", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/rclone/rclone@v1.61.1", + "UID": "ae64505d118b4275" + }, + "InstalledVersion": "v1.61.1", + "FixedVersion": "1.73.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41179", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:cd5af0614e2eca73ccf268d222ea886db8465e055c84f67f6194cdaba58bb3d9", + "Title": "github.com/rclone/rclone: Rclone: Unauthenticated local command execution via exposed RC endpoint", + "Description": "Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint `operations/fsinfo` is exposed without `AuthRequired: true` and accepts attacker-controlled `fs` input. Because `rc.GetFs(...)` supports inline backend definitions, an unauthenticated attacker can instantiate an attacker-controlled backend on demand. For the WebDAV backend, `bearer_token_command` is executed during backend initialization, making single-request unauthenticated local command execution possible on reachable RC deployments without global HTTP authentication. Version 1.73.5 patches the issue.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-78", + "CWE-306" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 4, + "ghsa": 4, + "julia": 4, + "nvd": 4, + "redhat": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", + "V40Score": 9.2 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", + "V3Score": 9.8, + "V40Score": 9.2 + }, + "julia": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", + "V40Score": 9.2 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-41179", + "https://github.com/advisories/GHSA-jfwf-28xr-xw6q", + "https://github.com/rclone/rclone", + "https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/backend/webdav/webdav.go", + "https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/operations/rc.go", + "https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/rc/cache.go", + "https://github.com/rclone/rclone/commit/2a9e952b38e03a96bf40c9eb6e8e22199865ee3b", + "https://github.com/rclone/rclone/releases/tag/v1.73.5", + "https://github.com/rclone/rclone/security/advisories/GHSA-jfwf-28xr-xw6q", + "https://nvd.nist.gov/vuln/detail/CVE-2026-41179", + "https://rclone.org/changelog/#v1-73-5-2026-04-19", + "https://www.cve.org/CVERecord?id=CVE-2026-41179" + ], + "PublishedDate": "2026-04-23T00:16:45.947Z", + "LastModifiedDate": "2026-05-20T02:16:35.92Z" + }, + { + "VulnerabilityID": "CVE-2024-52522", + "VendorIDs": [ + "GHSA-hrxh-9w67-g4cv" + ], + "PkgID": "github.com/rclone/rclone@v1.61.1", + "PkgName": "github.com/rclone/rclone", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/rclone/rclone@v1.61.1", + "UID": "ae64505d118b4275" + }, + "InstalledVersion": "v1.61.1", + "FixedVersion": "1.68.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-52522", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:0f080ae295e471601d22a1a1b951743804f3fe915e2b3143e7aae75c42c3fd9d", + "Title": "rclone: librclone: improper permission and ownership handling on symlink targets with --links and --metadata", + "Description": "Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confidentiality, and availability. This vulnerability is fixed in 1.68.2.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-61", + "CWE-281" + ], + "VendorSeverity": { + "bitnami": 2, + "ghsa": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", + "V40Score": 5.4 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", + "V3Score": 5.5, + "V40Score": 5.4 + }, + "julia": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", + "V40Score": 5.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", + "V3Score": 6.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-52522", + "https://github.com/advisories/GHSA-hrxh-9w67-g4cv", + "https://github.com/rclone/rclone", + "https://github.com/rclone/rclone/commit/01ccf204f42b4f68541b16843292439090a2dcf0", + "https://github.com/rclone/rclone/commit/01ccf204f42b4f68541b16843292439090a2dcf0 (master)", + "https://github.com/rclone/rclone/commit/669b2f2669cacd634faa2bcecb589b76e1402533 (v1.68.2)", + "https://github.com/rclone/rclone/security/advisories/GHSA-hrxh-9w67-g4cv", + "https://nvd.nist.gov/vuln/detail/CVE-2024-52522", + "https://www.cve.org/CVERecord?id=CVE-2024-52522" + ], + "PublishedDate": "2024-11-15T18:15:30.643Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-65637", + "VendorIDs": [ + "GHSA-4f99-4q7p-p3gh" + ], + "PkgID": "github.com/sirupsen/logrus@v1.9.0", + "PkgName": "github.com/sirupsen/logrus", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/sirupsen/logrus@v1.9.0", + "UID": "46b956ac4d3f77c5" + }, + "InstalledVersion": "v1.9.0", + "FixedVersion": "1.8.3, 1.9.1, 1.9.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-65637", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:754c7fc53cb7352f8025b37d2af657d82c86c5f309553b10cdc4b0329e5b91ed", + "Title": "github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload", + "Description": "A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with \"token too long\" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions \u003c 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V40Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3428", + "https://access.redhat.com/security/cve/CVE-2025-65637", + "https://bugzilla.redhat.com/2268022", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2418900", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418900", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65637", + "https://errata.almalinux.org/8/ALSA-2026-3428.html", + "https://errata.rockylinux.org/RLSA-2026:3428", + "https://github.com/mjuanxd/logrus-dos-poc", + "https://github.com/mjuanxd/logrus-dos-poc/blob/main/README.md", + "https://github.com/sirupsen/logrus", + "https://github.com/sirupsen/logrus/commit/6acd903758687c4a3db3c11701e6c414fcf1c1f7", + "https://github.com/sirupsen/logrus/issues/1370", + "https://github.com/sirupsen/logrus/pull/1376", + "https://github.com/sirupsen/logrus/releases/tag/v1.8.3", + "https://github.com/sirupsen/logrus/releases/tag/v1.9.1", + "https://github.com/sirupsen/logrus/releases/tag/v1.9.3", + "https://linux.oracle.com/cve/CVE-2025-65637.html", + "https://linux.oracle.com/errata/ELSA-2026-3428.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-65637", + "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391", + "https://www.cve.org/CVERecord?id=CVE-2025-65637" + ], + "PublishedDate": "2025-12-04T19:16:05.223Z", + "LastModifiedDate": "2025-12-23T00:26:00.703Z" + }, + { + "VulnerabilityID": "CVE-2024-45337", + "VendorIDs": [ + "GHSA-v778-237x-gjrc" + ], + "PkgID": "golang.org/x/crypto@v0.3.0", + "PkgName": "golang.org/x/crypto", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.3.0", + "UID": "31a497eb63876334" + }, + "InstalledVersion": "v0.3.0", + "FixedVersion": "0.31.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45337", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:ffb42832210e292eb14d8f5794b0d1fb19589dabde60cf7d2c1c184deb3d3b20", + "Title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto", + "Description": "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.", + "Severity": "CRITICAL", + "VendorSeverity": { + "amazon": 3, + "azure": 4, + "cbl-mariner": 4, + "ghsa": 4, + "redhat": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", + "V3Score": 8.2 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/12/11/2", + "https://access.redhat.com/security/cve/CVE-2024-45337", + "https://github.com/golang/crypto", + "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909", + "https://go-review.googlesource.com/c/crypto/+/635315/", + "https://go.dev/cl/635315", + "https://go.dev/issue/70779", + "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2024-45337", + "https://pkg.go.dev/vuln/GO-2024-3321", + "https://security.netapp.com/advisory/ntap-20250131-0007", + "https://security.netapp.com/advisory/ntap-20250131-0007/", + "https://ubuntu.com/security/notices/USN-7839-1", + "https://ubuntu.com/security/notices/USN-7839-2", + "https://www.cve.org/CVERecord?id=CVE-2024-45337" + ], + "PublishedDate": "2024-12-12T02:02:07.97Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22869", + "VendorIDs": [ + "GHSA-hcg3-q754-cr77" + ], + "PkgID": "golang.org/x/crypto@v0.3.0", + "PkgName": "golang.org/x/crypto", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.3.0", + "UID": "31a497eb63876334" + }, + "InstalledVersion": "v0.3.0", + "FixedVersion": "0.35.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22869", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:07a4bad0898b8c30a4bbd97a8173952df4cbb7f186d776d0936c8531b2b17412", + "Title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh", + "Description": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:3833", + "https://access.redhat.com/security/cve/CVE-2025-22869", + "https://bugzilla.redhat.com/2348367", + "https://bugzilla.redhat.com/show_bug.cgi?id=2348367", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869", + "https://errata.almalinux.org/9/ALSA-2025-3833.html", + "https://errata.rockylinux.org/RLSA-2025:7416", + "https://github.com/golang/crypto", + "https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22", + "https://go-review.googlesource.com/c/crypto/+/652135", + "https://go.dev/cl/652135", + "https://go.dev/issue/71931", + "https://linux.oracle.com/cve/CVE-2025-22869.html", + "https://linux.oracle.com/errata/ELSA-2025-7484.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22869", + "https://pkg.go.dev/vuln/GO-2025-3487", + "https://security.netapp.com/advisory/ntap-20250411-0010", + "https://security.netapp.com/advisory/ntap-20250411-0010/", + "https://www.cve.org/CVERecord?id=CVE-2025-22869" + ], + "PublishedDate": "2025-02-26T08:14:24.997Z", + "LastModifiedDate": "2025-05-01T19:28:20.74Z" + }, + { + "VulnerabilityID": "CVE-2023-48795", + "VendorIDs": [ + "GHSA-45x7-px36-x8w8" + ], + "PkgID": "golang.org/x/crypto@v0.3.0", + "PkgName": "golang.org/x/crypto", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.3.0", + "UID": "31a497eb63876334" + }, + "InstalledVersion": "v0.3.0", + "FixedVersion": "0.17.0, 0.0.0-20231218163308-9d2ee975ef9f", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-48795", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:f9288b1830f5a977111e89cf1128900ab775351cf4adb38607aca75ac356529c", + "Title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", + "Description": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-354" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html", + "http://seclists.org/fulldisclosure/2024/Mar/21", + "http://www.openwall.com/lists/oss-security/2023/12/18/3", + "http://www.openwall.com/lists/oss-security/2023/12/19/5", + "http://www.openwall.com/lists/oss-security/2023/12/20/3", + "http://www.openwall.com/lists/oss-security/2024/03/06/3", + "http://www.openwall.com/lists/oss-security/2024/04/17/8", + "https://access.redhat.com/errata/RHSA-2024:1150", + "https://access.redhat.com/security/cve/CVE-2023-48795", + "https://access.redhat.com/security/cve/cve-2023-48795", + "https://access.redhat.com/solutions/7071748", + "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack", + "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/", + "https://bugs.gentoo.org/920280", + "https://bugzilla.redhat.com/2254210", + "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", + "https://bugzilla.suse.com/show_bug.cgi?id=1217950", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-364175.html", + "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", + "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", + "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", + "https://crates.io/crates/thrussh/versions", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", + "https://errata.almalinux.org/9/ALSA-2024-1150.html", + "https://errata.rockylinux.org/RLSA-2024:0628", + "https://filezilla-project.org/versions.php", + "https://forum.netgate.com/topic/184941/terrapin-ssh-attack", + "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6", + "https://github.com/NixOS/nixpkgs/pull/275249", + "https://github.com/PowerShell/Win32-OpenSSH/issues/2189", + "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta", + "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0", + "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1", + "https://github.com/advisories/GHSA-45x7-px36-x8w8", + "https://github.com/apache/mina-sshd/issues/445", + "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab", + "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22", + "https://github.com/cyd01/KiTTY/issues/520", + "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6", + "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42", + "https://github.com/erlang/otp/releases/tag/OTP-26.2.1", + "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d", + "https://github.com/hierynomus/sshj/issues/916", + "https://github.com/janmojzis/tinyssh/issues/81", + "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5", + "https://github.com/libssh2/libssh2/pull/1291", + "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25", + "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3", + "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15", + "https://github.com/mwiede/jsch/issues/457", + "https://github.com/mwiede/jsch/pull/461", + "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16", + "https://github.com/openssh/openssh-portable/commits/master", + "https://github.com/paramiko/paramiko/issues/2337", + "https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773", + "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES", + "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES", + "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES", + "https://github.com/proftpd/proftpd/issues/456", + "https://github.com/rapier1/hpn-ssh/releases", + "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst", + "https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55", + "https://github.com/ronf/asyncssh/tags", + "https://github.com/ssh-mitm/ssh-mitm/issues/165", + "https://github.com/warp-tech/russh", + "https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951", + "https://github.com/warp-tech/russh/releases/tag/v0.40.2", + "https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8", + "https://gitlab.com/libssh/libssh-mirror/-/tags", + "https://go.dev/cl/550715", + "https://go.dev/issue/64784", + "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ", + "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg", + "https://help.panic.com/releasenotes/transmit5", + "https://help.panic.com/releasenotes/transmit5/", + "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795", + "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/", + "https://linux.oracle.com/cve/CVE-2023-48795.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", + "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html", + "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html", + "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html", + "https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html", + "https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", + "https://matt.ucc.asn.au/dropbear/CHANGES", + "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC", + "https://news.ycombinator.com/item?id=38684904", + "https://news.ycombinator.com/item?id=38685286", + "https://news.ycombinator.com/item?id=38732005", + "https://nova.app/releases/#v11.8", + "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", + "https://oryx-embedded.com/download/#changelog", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002", + "https://roumenpetrov.info/secsh/#news20231220", + "https://security-tracker.debian.org/tracker/CVE-2023-48795", + "https://security-tracker.debian.org/tracker/source-package/libssh2", + "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg", + "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2", + "https://security.gentoo.org/glsa/202312-16", + "https://security.gentoo.org/glsa/202312-17", + "https://security.netapp.com/advisory/ntap-20240105-0004", + "https://security.netapp.com/advisory/ntap-20240105-0004/", + "https://support.apple.com/kb/HT214084", + "https://terrapin-attack.com/", + "https://thorntech.com/cve-2023-48795-and-sftp-gateway", + "https://thorntech.com/cve-2023-48795-and-sftp-gateway/", + "https://twitter.com/TrueSkrillor/status/1736774389725565005", + "https://ubuntu.com/security/CVE-2023-48795", + "https://ubuntu.com/security/notices/USN-6560-1", + "https://ubuntu.com/security/notices/USN-6560-2", + "https://ubuntu.com/security/notices/USN-6561-1", + "https://ubuntu.com/security/notices/USN-6585-1", + "https://ubuntu.com/security/notices/USN-6589-1", + "https://ubuntu.com/security/notices/USN-6598-1", + "https://ubuntu.com/security/notices/USN-6738-1", + "https://ubuntu.com/security/notices/USN-7051-1", + "https://ubuntu.com/security/notices/USN-7292-1", + "https://ubuntu.com/security/notices/USN-7297-1", + "https://winscp.net/eng/docs/history#6.2.2", + "https://www.bitvise.com/ssh-client-version-history#933", + "https://www.bitvise.com/ssh-server-version-history", + "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", + "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update", + "https://www.cve.org/CVERecord?id=CVE-2023-48795", + "https://www.debian.org/security/2023/dsa-5586", + "https://www.debian.org/security/2023/dsa-5588", + "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc", + "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508", + "https://www.netsarang.com/en/xshell-update-history", + "https://www.netsarang.com/en/xshell-update-history/", + "https://www.openssh.com/openbsd.html", + "https://www.openssh.com/txt/release-9.6", + "https://www.openwall.com/lists/oss-security/2023/12/18/2", + "https://www.openwall.com/lists/oss-security/2023/12/18/3", + "https://www.openwall.com/lists/oss-security/2023/12/20/3", + "https://www.paramiko.org/changelog.html", + "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed", + "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/", + "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795", + "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/", + "https://www.terrapin-attack.com", + "https://www.theregister.com/2023/12/20/terrapin_attack_ssh", + "https://www.vandyke.com/products/securecrt/history.txt", + "https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit", + "https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability" + ], + "PublishedDate": "2023-12-18T16:15:10.897Z", + "LastModifiedDate": "2026-05-12T11:16:15.01Z" + }, + { + "VulnerabilityID": "CVE-2025-47914", + "VendorIDs": [ + "GHSA-f6x5-jh6r-wrfv" + ], + "PkgID": "golang.org/x/crypto@v0.3.0", + "PkgName": "golang.org/x/crypto", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.3.0", + "UID": "31a497eb63876334" + }, + "InstalledVersion": "v0.3.0", + "FixedVersion": "0.45.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47914", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:2690db819220b94406ce696cdea2be233e20da33a34652ae913fef9ee946bb05", + "Title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages", + "Description": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "amazon": 2, + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-47914", + "https://go.dev/cl/721960", + "https://go.dev/issue/76364", + "https://go.googlesource.com/crypto", + "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47914", + "https://pkg.go.dev/vuln/GO-2025-4135", + "https://www.cve.org/CVERecord?id=CVE-2025-47914" + ], + "PublishedDate": "2025-11-19T21:15:50.517Z", + "LastModifiedDate": "2025-12-11T19:36:41.373Z" + }, + { + "VulnerabilityID": "CVE-2025-58181", + "VendorIDs": [ + "GHSA-j5w8-q4qc-rx2x" + ], + "PkgID": "golang.org/x/crypto@v0.3.0", + "PkgName": "golang.org/x/crypto", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.3.0", + "UID": "31a497eb63876334" + }, + "InstalledVersion": "v0.3.0", + "FixedVersion": "0.45.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58181", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:60d584c4834f246dbb5f52a714d4375b4b3974ae99423ef93d42bdaf382fcfd1", + "Title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication", + "Description": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-58181", + "https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c", + "https://github.com/golang/go/issues/76363", + "https://go.dev/cl/721961", + "https://go.dev/issue/76363", + "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA", + "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA?pli=1", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58181", + "https://pkg.go.dev/vuln/GO-2025-4134", + "https://ubuntu.com/security/notices/USN-7956-1", + "https://www.cve.org/CVERecord?id=CVE-2025-58181" + ], + "PublishedDate": "2025-11-19T21:15:50.85Z", + "LastModifiedDate": "2025-12-11T19:29:24.9Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "VendorIDs": [ + "GHSA-vvpx-j8f3-3w6h" + ], + "PkgID": "golang.org/x/net@v0.4.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.4.0", + "UID": "80db47ca242657ea" + }, + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:0ef5d936a03196cd892e3f6b6427829606633f58f8f5681e6a8b32406038e086", + "Title": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://linux.oracle.com/cve/CVE-2022-41723.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230331-0010/", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://ubuntu.com/security/notices/USN-8089-1", + "https://ubuntu.com/security/notices/USN-8089-2", + "https://ubuntu.com/security/notices/USN-8089-3", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.couchbase.com/alerts", + "https://www.couchbase.com/alerts/", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:09.98Z", + "LastModifiedDate": "2025-05-05T16:15:20.433Z" + }, + { + "VulnerabilityID": "CVE-2023-39325", + "VendorIDs": [ + "GHSA-4374-p667-p6c8" + ], + "PkgID": "golang.org/x/net@v0.4.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.4.0", + "UID": "80db47ca242657ea" + }, + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.17.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39325", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:bfadcf552603313016822f7f1c8601aaa62cdea79df76256144fefce9adcc665", + "Title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", + "Description": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "redhat": 3, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "golang.org/x/net", + "https://access.redhat.com/errata/RHSA-2023:6077", + "https://access.redhat.com/security/cve/CVE-2023-39325", + "https://access.redhat.com/security/cve/CVE-2023-44487", + "https://bugzilla.redhat.com/2242803", + "https://bugzilla.redhat.com/2243296", + "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243296", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487", + "https://errata.almalinux.org/9/ALSA-2023-6077.html", + "https://errata.rockylinux.org/RLSA-2023:6077", + "https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21]", + "https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20]", + "https://github.com/golang/go/issues/63417", + "https://go.dev/cl/534215", + "https://go.dev/cl/534235", + "https://go.dev/issue/63417", + "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", + "https://linux.oracle.com/cve/CVE-2023-39325.html", + "https://linux.oracle.com/errata/ELSA-2023-5867.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", + "https://pkg.go.dev/vuln/GO-2023-2102", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20231110-0008", + "https://security.netapp.com/advisory/ntap-20231110-0008/", + "https://ubuntu.com/security/notices/USN-6574-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", + "https://www.cve.org/CVERecord?id=CVE-2023-39325" + ], + "PublishedDate": "2023-10-11T22:15:09.88Z", + "LastModifiedDate": "2024-11-21T08:15:09.627Z" + }, + { + "VulnerabilityID": "CVE-2023-3978", + "VendorIDs": [ + "GHSA-2wrh-6pvc-2jm9" + ], + "PkgID": "golang.org/x/net@v0.4.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.4.0", + "UID": "80db47ca242657ea" + }, + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.13.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3978", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:35f3bba783524453933832a39f7bf146106028dd265bfa2fae3bbc63fd7d79e1", + "Title": "golang.org/x/net/html: Cross site scripting", + "Description": "Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "nvd": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-3978", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://go.dev/cl/514896", + "https://go.dev/issue/61615", + "https://linux.oracle.com/cve/CVE-2023-3978.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3978", + "https://pkg.go.dev/vuln/GO-2023-1988", + "https://ubuntu.com/security/notices/USN-8089-1", + "https://ubuntu.com/security/notices/USN-8089-2", + "https://ubuntu.com/security/notices/USN-8089-3", + "https://www.cve.org/CVERecord?id=CVE-2023-3978" + ], + "PublishedDate": "2023-08-02T20:15:12.097Z", + "LastModifiedDate": "2024-11-21T08:18:27.68Z" + }, + { + "VulnerabilityID": "CVE-2023-44487", + "VendorIDs": [ + "GHSA-qppj-fm5r-hxr3" + ], + "PkgID": "golang.org/x/net@v0.4.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.4.0", + "UID": "80db47ca242657ea" + }, + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.17.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-44487", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:191a4066133e521d814ef03388f6f19d698cca0b3ecbde513d5dcb2053a32ad9", + "Title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)", + "Description": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 2, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:H", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:A", + "V3Score": 5.3, + "V40Score": 6.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/10/10/6", + "http://www.openwall.com/lists/oss-security/2023/10/10/7", + "http://www.openwall.com/lists/oss-security/2023/10/13/4", + "http://www.openwall.com/lists/oss-security/2023/10/13/9", + "http://www.openwall.com/lists/oss-security/2023/10/18/4", + "http://www.openwall.com/lists/oss-security/2023/10/18/8", + "http://www.openwall.com/lists/oss-security/2023/10/19/6", + "http://www.openwall.com/lists/oss-security/2023/10/20/8", + "http://www.openwall.com/lists/oss-security/2025/08/13/6", + "https://access.redhat.com/errata/RHSA-2023:6746", + "https://access.redhat.com/security/cve/CVE-2023-44487", + "https://access.redhat.com/security/cve/cve-2023-44487", + "https://akka.io/security/akka-http-cve-2023-44487.html", + "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size", + "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/", + "https://aws.amazon.com/security/security-bulletins/AWS-2023-011", + "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/", + "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack", + "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/", + "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack", + "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/", + "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty", + "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/", + "https://blog.powerdns.com/2024/02/16/powerdns-dnsdist-1.9.0-released", + "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack", + "https://blog.vespa.ai/cve-2023-44487", + "https://blog.vespa.ai/cve-2023-44487/", + "https://bugzilla.proxmox.com/show_bug.cgi?id=4988", + "https://bugzilla.redhat.com/2242803", + "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", + "https://bugzilla.suse.com/show_bug.cgi?id=1216123", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-341067.html", + "https://cert-portal.siemens.com/productcert/html/ssa-784301.html", + "https://cert-portal.siemens.com/productcert/html/ssa-832273.html", + "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", + "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9", + "https://chaos.social/@icing/111210915918780532", + "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps", + "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/", + "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack", + "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487", + "https://devblogs.microsoft.com/dotnet/october-2023-updates/", + "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715", + "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve", + "https://errata.almalinux.org/9/ALSA-2023-6746.html", + "https://errata.rockylinux.org/RLSA-2023:5838", + "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764", + "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088", + "https://github.com/Azure/AKS/issues/3947", + "https://github.com/Kong/kong/discussions/11741", + "https://github.com/advisories/GHSA-qppj-fm5r-hxr3", + "https://github.com/advisories/GHSA-vx74-f528-fxqg", + "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p", + "https://github.com/akka/akka-http/issues/4323", + "https://github.com/akka/akka-http/pull/4324", + "https://github.com/akka/akka-http/pull/4325", + "https://github.com/alibaba/tengine/issues/1872", + "https://github.com/apache/apisix/issues/10320", + "https://github.com/apache/httpd-site/pull/10", + "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113", + "https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628", + "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2", + "https://github.com/apache/trafficserver/pull/10564", + "https://github.com/apple/swift-nio-http2", + "https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3", + "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487", + "https://github.com/bcdannyboy/CVE-2023-44487", + "https://github.com/caddyserver/caddy/issues/5877", + "https://github.com/caddyserver/caddy/releases/tag/v2.7.5", + "https://github.com/dotnet/announcements/issues/277", + "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73", + "https://github.com/eclipse/jetty.project/issues/10679", + "https://github.com/envoyproxy/envoy/pull/30055", + "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76", + "https://github.com/etcd-io/etcd/issues/16740", + "https://github.com/facebook/proxygen/pull/466", + "https://github.com/golang/go/issues/63417", + "https://github.com/grpc/grpc-go/pull/6703", + "https://github.com/grpc/grpc-go/releases", + "https://github.com/grpc/grpc/releases/tag/v1.59.2", + "https://github.com/h2o/h2o/pull/3291", + "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf", + "https://github.com/haproxy/haproxy/issues/2312", + "https://github.com/hyperium/hyper/issues/3337", + "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244", + "https://github.com/junkurihara/rust-rpxy/issues/97", + "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1", + "https://github.com/kazu-yamamoto/http2/issues/93", + "https://github.com/kubernetes/ingress-nginx/blob/4b5c5efe2508dc915a48c54de7f23912ff2ec695/changelog/controller-1.9.3.md?plain=1#L15", + "https://github.com/kubernetes/kubernetes/pull/121120", + "https://github.com/line/armeria/pull/5232", + "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632", + "https://github.com/micrictor/http2-rst-stream", + "https://github.com/microsoft/CBL-Mariner/pull/6381", + "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61", + "https://github.com/nghttp2/nghttp2/pull/1961", + "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0", + "https://github.com/ninenines/cowboy/issues/1615", + "https://github.com/nodejs/node/pull/50121", + "https://github.com/openresty/openresty/issues/930", + "https://github.com/opensearch-project/data-prepper/issues/3474", + "https://github.com/oqtane/oqtane.framework/discussions/3367", + "https://github.com/projectcontour/contour/pull/5826", + "https://github.com/tempesta-tech/tempesta/issues/1986", + "https://github.com/varnishcache/varnish-cache/issues/3996", + "https://go.dev/cl/534215", + "https://go.dev/cl/534235", + "https://go.dev/issue/63417", + "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo", + "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", + "https://istio.io/latest/news/security/istio-security-2023-004", + "https://istio.io/latest/news/security/istio-security-2023-004/", + "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487", + "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/", + "https://linux.oracle.com/cve/CVE-2023-44487.html", + "https://linux.oracle.com/errata/ELSA-2024-1444.html", + "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q", + "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", + "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html", + "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html", + "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html", + "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html", + "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html", + "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/", + "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html", + "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html", + "https://mailman.powerdns.com/pipermail/dnsdist/2023-October/001409.html", + "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html", + "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2", + "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/", + "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487", + "https://my.f5.com/manage/s/article/K000137106", + "https://netty.io/news/2023/10/10/4-1-100-Final.html", + "https://news.ycombinator.com/item?id=37830987", + "https://news.ycombinator.com/item?id=37830998", + "https://news.ycombinator.com/item?id=37831062", + "https://news.ycombinator.com/item?id=37837043", + "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases", + "https://nvd.nist.gov/vuln/detail/CVE-2023-44487", + "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response", + "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/", + "https://pkg.go.dev/vuln/GO-2023-2102", + "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected", + "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20231016-0001", + "https://security.netapp.com/advisory/ntap-20231016-0001/", + "https://security.netapp.com/advisory/ntap-20240426-0007", + "https://security.netapp.com/advisory/ntap-20240426-0007/", + "https://security.netapp.com/advisory/ntap-20240621-0006", + "https://security.netapp.com/advisory/ntap-20240621-0006/", + "https://security.netapp.com/advisory/ntap-20240621-0007", + "https://security.netapp.com/advisory/ntap-20240621-0007/", + "https://security.paloaltonetworks.com/CVE-2023-44487", + "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14", + "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12", + "https://tomcat.apache.org/security-8.html", + "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94", + "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81", + "https://ubuntu.com/security/CVE-2023-44487", + "https://ubuntu.com/security/notices/USN-6427-1", + "https://ubuntu.com/security/notices/USN-6427-2", + "https://ubuntu.com/security/notices/USN-6438-1", + "https://ubuntu.com/security/notices/USN-6505-1", + "https://ubuntu.com/security/notices/USN-6574-1", + "https://ubuntu.com/security/notices/USN-6754-1", + "https://ubuntu.com/security/notices/USN-6994-1", + "https://ubuntu.com/security/notices/USN-7067-1", + "https://ubuntu.com/security/notices/USN-7410-1", + "https://ubuntu.com/security/notices/USN-7469-1", + "https://ubuntu.com/security/notices/USN-7469-2", + "https://ubuntu.com/security/notices/USN-7469-3", + "https://ubuntu.com/security/notices/USN-7469-4", + "https://ubuntu.com/security/notices/USN-7892-1", + "https://varnish-cache.org/releases/rel6.0.12.html#rel6-0-12", + "https://varnish-cache.org/releases/rel7.3.1.html#rel7-3-1", + "https://varnish-cache.org/releases/rel7.4.2.html#rel7-4-2", + "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records", + "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/", + "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", + "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487", + "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", + "https://www.cve.org/CVERecord?id=CVE-2023-44487", + "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event", + "https://www.debian.org/security/2023/dsa-5521", + "https://www.debian.org/security/2023/dsa-5522", + "https://www.debian.org/security/2023/dsa-5540", + "https://www.debian.org/security/2023/dsa-5549", + "https://www.debian.org/security/2023/dsa-5558", + "https://www.debian.org/security/2023/dsa-5570", + "https://www.eclipse.org/lists/jetty-announce/msg00181.html", + "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487", + "https://www.mail-archive.com/haproxy@formilux.org/msg44134.html", + "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487", + "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/", + "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products", + "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", + "https://www.openwall.com/lists/oss-security/2023/10/10/6", + "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack", + "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday", + "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/", + "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause" + ], + "PublishedDate": "2023-10-10T14:15:10.883Z", + "LastModifiedDate": "2026-05-12T15:10:32.26Z" + }, + { + "VulnerabilityID": "CVE-2023-45288", + "VendorIDs": [ + "GHSA-4v7x-pqxf-cx7m" + ], + "PkgID": "golang.org/x/net@v0.4.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.4.0", + "UID": "80db47ca242657ea" + }, + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.23.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45288", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:07a8b6a3e3be3b01d17fd9b632323f9e5ae742675d5b03a985dc5aa585f394a3", + "Title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", + "Description": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/04/03/16", + "http://www.openwall.com/lists/oss-security/2024/04/05/4", + "https://access.redhat.com/errata/RHSA-2024:2724", + "https://access.redhat.com/security/cve/CVE-2023-45288", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268018", + "https://bugzilla.redhat.com/2268019", + "https://bugzilla.redhat.com/2268273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://errata.almalinux.org/9/ALSA-2024-2724.html", + "https://errata.rockylinux.org/RLSA-2024:2724", + "https://go.dev/cl/576155", + "https://go.dev/issue/65051", + "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M", + "https://kb.cert.org/vuls/id/421644", + "https://linux.oracle.com/cve/CVE-2023-45288.html", + "https://linux.oracle.com/errata/ELSA-2024-3346.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/", + "https://nowotarski.info/http2-continuation-flood-technical-details", + "https://nowotarski.info/http2-continuation-flood/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45288", + "https://pkg.go.dev/vuln/GO-2024-2687", + "https://security.netapp.com/advisory/ntap-20240419-0009", + "https://security.netapp.com/advisory/ntap-20240419-0009/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2023-45288", + "https://www.kb.cert.org/vuls/id/421644" + ], + "PublishedDate": "2024-04-04T21:15:16.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22870", + "VendorIDs": [ + "GHSA-qxp5-gwg8-xv66" + ], + "PkgID": "golang.org/x/net@v0.4.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.4.0", + "UID": "80db47ca242657ea" + }, + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.36.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:d03ba5ebc75ffa2958093fe403616c5fdd5b3e539c29cca792f26392479bc545", + "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", + "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-115" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/03/07/2", + "https://access.redhat.com/security/cve/CVE-2025-22870", + "https://github.com/golang/go/issues/71984", + "https://go-review.googlesource.com/q/project:net", + "https://go.dev/cl/654697", + "https://go.dev/issue/71984", + "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", + "https://pkg.go.dev/vuln/GO-2025-3503", + "https://security.netapp.com/advisory/ntap-20250509-0007", + "https://security.netapp.com/advisory/ntap-20250509-0007/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22870" + ], + "PublishedDate": "2025-03-12T19:15:38.31Z", + "LastModifiedDate": "2026-04-16T23:16:32.86Z" + }, + { + "VulnerabilityID": "CVE-2025-22872", + "VendorIDs": [ + "GHSA-vvgc-356p-c3xw" + ], + "PkgID": "golang.org/x/net@v0.4.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.4.0", + "UID": "80db47ca242657ea" + }, + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.38.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:ac56483ae9c2dff44002a2b83d335b712847d0946f48490c7250cde32b0cd96a", + "Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net", + "Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", + "V40Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22872", + "https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9", + "https://github.com/advisories/GHSA-vvgc-356p-c3xw", + "https://go.dev/cl/662715", + "https://go.dev/issue/73070", + "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22872", + "https://pkg.go.dev/vuln/GO-2025-3595", + "https://security.netapp.com/advisory/ntap-20250516-0007", + "https://security.netapp.com/advisory/ntap-20250516-0007/", + "https://ubuntu.com/security/notices/USN-8089-1", + "https://ubuntu.com/security/notices/USN-8089-2", + "https://ubuntu.com/security/notices/USN-8089-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22872" + ], + "PublishedDate": "2025-04-16T18:16:04.183Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22868", + "VendorIDs": [ + "GHSA-6v2p-p543-phr9" + ], + "PkgID": "golang.org/x/oauth2@v0.2.0", + "PkgName": "golang.org/x/oauth2", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/oauth2@v0.2.0", + "UID": "31dfa10cd8116308" + }, + "InstalledVersion": "v0.2.0", + "FixedVersion": "0.27.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22868", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:89ee97870da51ebbcdfc3fc4a81aa094ec76330d0f64bf4a74106bf25778faa5", + "Title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws", + "Description": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1286" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2347423", + "https://bugzilla.redhat.com/show_bug.cgi?id=2348366", + "https://bugzilla.redhat.com/show_bug.cgi?id=2352914", + "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22868", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27144", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29786", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204", + "https://errata.rockylinux.org/RLSA-2025:7479", + "https://go.dev/cl/652155", + "https://go.dev/issue/71490", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22868", + "https://pkg.go.dev/vuln/GO-2025-3488", + "https://www.cve.org/CVERecord?id=CVE-2025-22868" + ], + "PublishedDate": "2025-02-26T08:14:24.897Z", + "LastModifiedDate": "2025-05-01T19:27:10.43Z" + }, + { + "VulnerabilityID": "CVE-2026-33186", + "VendorIDs": [ + "GHSA-p77j-4mvh-x3m3" + ], + "PkgID": "google.golang.org/grpc@v1.50.1", + "PkgName": "google.golang.org/grpc", + "PkgIdentifier": { + "PURL": "pkg:golang/google.golang.org/grpc@v1.50.1", + "UID": "295cade235701834" + }, + "InstalledVersion": "v1.50.1", + "FixedVersion": "1.79.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33186", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:f8650128a970a747ecbae3514f6e8fb3c38d7ca531c312e6ea6493ef96a2bbb0", + "Title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation", + "Description": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-285" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 4, + "photon": 4, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-33186", + "https://github.com/grpc/grpc-go", + "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33186", + "https://www.cve.org/CVERecord?id=CVE-2026-33186" + ], + "PublishedDate": "2026-03-20T23:16:45.18Z", + "LastModifiedDate": "2026-04-10T20:49:17.737Z" + }, + { + "VulnerabilityID": "GHSA-m425-mq94-257g", + "PkgID": "google.golang.org/grpc@v1.50.1", + "PkgName": "google.golang.org/grpc", + "PkgIdentifier": { + "PURL": "pkg:golang/google.golang.org/grpc@v1.50.1", + "UID": "295cade235701834" + }, + "InstalledVersion": "v1.50.1", + "FixedVersion": "1.56.3, 1.57.1, 1.58.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-m425-mq94-257g", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:42bf88f80cb34c9c3bb9e9def493bfe2e849a4f963398348ff333222ab3573c5", + "Title": "gRPC-Go HTTP/2 Rapid Reset vulnerability", + "Description": "### Impact\nIn affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit.\n\n### Patches\nThis vulnerability was addressed by #6703 and has been included in patch releases: 1.56.3, 1.57.1, 1.58.3. It is also included in the latest release, 1.59.0.\n\nAlong with applying the patch, users should also ensure they are using the `grpc.MaxConcurrentStreams` server option to apply a limit to the server's resources used for any single connection.\n\n### Workarounds\nNone.\n\n### References\n#6703\n", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/grpc/grpc-go", + "https://github.com/grpc/grpc-go/commit/f2180b4d5403d2210b30b93098eb7da31c05c721", + "https://github.com/grpc/grpc-go/pull/6703", + "https://github.com/grpc/grpc-go/security/advisories/GHSA-m425-mq94-257g", + "https://nvd.nist.gov/vuln/detail/CVE-2023-44487" + ], + "PublishedDate": "2023-10-25T21:17:37Z", + "LastModifiedDate": "2024-07-19T16:32:30Z" + }, + { + "VulnerabilityID": "CVE-2024-24786", + "VendorIDs": [ + "GHSA-8r3f-844c-mc37" + ], + "PkgID": "google.golang.org/protobuf@v1.28.1", + "PkgName": "google.golang.org/protobuf", + "PkgIdentifier": { + "PURL": "pkg:golang/google.golang.org/protobuf@v1.28.1", + "UID": "92d88af829581f08" + }, + "InstalledVersion": "v1.28.1", + "FixedVersion": "1.33.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24786", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:07adec91e1637dff377dfec82466e574fc5ad6f052a37396e270301f59bbd147", + "Title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", + "Description": "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U", + "V3Score": 7.5, + "V40Score": 6.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:2550", + "https://access.redhat.com/security/cve/CVE-2024-24786", + "https://bugzilla.redhat.com/2268046", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786", + "https://errata.almalinux.org/9/ALSA-2024-2550.html", + "https://errata.rockylinux.org/RLSA-2024:2550", + "https://github.com/protocolbuffers/protobuf-go", + "https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023", + "https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0", + "https://go-review.googlesource.com/c/protobuf/+/569356", + "https://go.dev/cl/569356", + "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", + "https://linux.oracle.com/cve/CVE-2024-24786.html", + "https://linux.oracle.com/errata/ELSA-2024-4246.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", + "https://pkg.go.dev/vuln/GO-2024-2611", + "https://security.netapp.com/advisory/ntap-20240517-0002", + "https://security.netapp.com/advisory/ntap-20240517-0002/", + "https://ubuntu.com/security/notices/USN-6746-1", + "https://ubuntu.com/security/notices/USN-6746-2", + "https://www.cve.org/CVERecord?id=CVE-2024-24786" + ], + "PublishedDate": "2024-03-05T23:15:07.82Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2023-24538", + "VendorIDs": [ + "GO-2023-1703" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.8, 1.20.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24538", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:fe43916ec2bf6fafb2cc29ed43f06670dc11a24635c2e467c1c07491fb399769", + "Title": "golang: html/template: backticks not treated as string delimiters", + "Description": "Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. \"var a = {{.}}\"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-94" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 4, + "bitnami": 4, + "cbl-mariner": 4, + "nvd": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24538", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/20374d1d759bc4e17486bde1cb9dca5be37d9e52 (go1.20.3)", + "https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b (go1.19.8)", + "https://github.com/golang/go/issues/59234", + "https://go.dev/cl/482079", + "https://go.dev/issue/59234", + "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", + "https://linux.oracle.com/cve/CVE-2023-24538.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24538", + "https://pkg.go.dev/vuln/GO-2023-1703", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20241115-0007/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24538" + ], + "PublishedDate": "2023-04-06T16:15:07.8Z", + "LastModifiedDate": "2025-02-12T17:15:14.19Z" + }, + { + "VulnerabilityID": "CVE-2023-24540", + "VendorIDs": [ + "GO-2023-1752" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.9, 1.20.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24540", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d0a08621f1760feeabcd99aba1b2996fec587eb1657090e63a89ab56c772dcac", + "Title": "golang: html/template: improper handling of JavaScript whitespace", + "Description": "Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-77" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 4, + "nvd": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 3, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24540", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/4a28cad66655ee01c6e944271e23c33cab021765 (go1.20.4)", + "https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 (go1.19.9)", + "https://github.com/golang/go/issues/59721", + "https://go.dev/cl/491616", + "https://go.dev/issue/59721", + "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", + "https://linux.oracle.com/cve/CVE-2023-24540.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24540", + "https://pkg.go.dev/vuln/GO-2023-1752", + "https://security.netapp.com/advisory/ntap-20241115-0008/", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24540" + ], + "PublishedDate": "2023-05-11T16:15:09.687Z", + "LastModifiedDate": "2025-01-24T17:15:10.893Z" + }, + { + "VulnerabilityID": "CVE-2024-24790", + "VendorIDs": [ + "GO-2024-2887" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.21.11, 1.22.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24790", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8803796c078fe993f501b97ea170ccd8766431cbf7fd63c9e89b967ac3262fc2", + "Title": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses", + "Description": "The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.", + "Severity": "CRITICAL", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 4, + "nvd": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 6.7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/06/04/1", + "https://access.redhat.com/errata/RHSA-2025:7256", + "https://access.redhat.com/security/cve/CVE-2024-24790", + "https://bugzilla.redhat.com/2237777", + "https://bugzilla.redhat.com/2237778", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2292787", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/2315719", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", + "https://errata.almalinux.org/9/ALSA-2025-7256.html", + "https://errata.rockylinux.org/RLSA-2025:7256", + "https://github.com/golang/go/commit/051bdf3fd12a40307606ff9381138039c5f452f0 (1.21)", + "https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca (1.22)", + "https://github.com/golang/go/issues/67680", + "https://go.dev/cl/590316", + "https://go.dev/issue/67680", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", + "https://linux.oracle.com/cve/CVE-2024-24790.html", + "https://linux.oracle.com/errata/ELSA-2025-7256.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24790", + "https://pkg.go.dev/vuln/GO-2024-2887", + "https://security.netapp.com/advisory/ntap-20240905-0002/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24790" + ], + "PublishedDate": "2024-06-05T16:15:10.56Z", + "LastModifiedDate": "2024-11-21T08:59:42.813Z" + }, + { + "VulnerabilityID": "CVE-2025-68121", + "VendorIDs": [ + "GO-2026-4337" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7740a96800e3667ab632ff3053b2b964df01a9283bc049863773799c4f04c18d", + "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", + "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 4, + "cbl-mariner": 2, + "nvd": 4, + "oracle-oval": 3, + "photon": 4, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-68121", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://github.com/golang/go/issues/77113", + "https://go.dev/cl/737700", + "https://go.dev/issue/77217", + "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-68121.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", + "https://pkg.go.dev/vuln/GO-2026-4337", + "https://www.cve.org/CVERecord?id=CVE-2025-68121" + ], + "PublishedDate": "2026-02-05T18:16:10.857Z", + "LastModifiedDate": "2026-04-29T14:16:16.17Z" + }, + { + "VulnerabilityID": "CVE-2022-41722", + "VendorIDs": [ + "GO-2023-1568" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.6, 1.20.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41722", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f8063f23d310aa8edccad2e55fd9eefc5e16a99a1f15b3f172bce8e538b0a092", + "Title": "golang: path/filepath: path-filepath filepath.Clean path traversal", + "Description": "A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as \"a/../c:/b\" into the valid path \"c:\\b\". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path \".\\c:\\b\".", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41722", + "https://go.dev/cl/468123", + "https://go.dev/issue/57274", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41722", + "https://pkg.go.dev/vuln/GO-2023-1568", + "https://www.cve.org/CVERecord?id=CVE-2022-41722" + ], + "PublishedDate": "2023-02-28T18:15:09.887Z", + "LastModifiedDate": "2024-11-21T07:23:44.303Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "VendorIDs": [ + "GHSA-vvpx-j8f3-3w6h", + "GO-2023-1571" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.6, 1.20.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bce00a1800d2238cfad4839b3e63b58184750e2d2394f75bd9a51cd32dba24b0", + "Title": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://linux.oracle.com/cve/CVE-2022-41723.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230331-0010/", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://ubuntu.com/security/notices/USN-8089-1", + "https://ubuntu.com/security/notices/USN-8089-2", + "https://ubuntu.com/security/notices/USN-8089-3", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.couchbase.com/alerts", + "https://www.couchbase.com/alerts/", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:09.98Z", + "LastModifiedDate": "2025-05-05T16:15:20.433Z" + }, + { + "VulnerabilityID": "CVE-2022-41724", + "VendorIDs": [ + "GO-2023-1570" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.6, 1.20.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41724", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a63f44b7335b31397b3139fec01e8f48cbc10dd1b30cec4d10eacf88d0f3ee25", + "Title": "golang: crypto/tls: large handshake records may cause panics", + "Description": "Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth \u003e= RequestClientCert).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2022-41724", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://go.dev/cl/468125", + "https://go.dev/issue/58001", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://linux.oracle.com/cve/CVE-2022-41724.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41724", + "https://pkg.go.dev/vuln/GO-2023-1570", + "https://security.gentoo.org/glsa/202311-09", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2022-41724" + ], + "PublishedDate": "2023-02-28T18:15:10.043Z", + "LastModifiedDate": "2024-11-21T07:23:44.603Z" + }, + { + "VulnerabilityID": "CVE-2022-41725", + "VendorIDs": [ + "GO-2023-1569" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.6, 1.20.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41725", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:269e20a23c370b9ad9672165a75784a8191b2fc1ab0804c78aae0a0c69275f54", + "Title": "golang: net/http, mime/multipart: denial of service from excessive resource consumption", + "Description": "A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing \"up to maxMemory bytes +10MB (reserved for non-file parts) in memory\". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, \"If stored on disk, the File's underlying concrete type will be an *os.File.\". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2022-41725", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/5c55ac9bf1e5f779220294c843526536605f42ab [1.19]", + "https://go.dev/cl/468124", + "https://go.dev/issue/58006", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://linux.oracle.com/cve/CVE-2022-41725.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41725", + "https://pkg.go.dev/vuln/GO-2023-1569", + "https://security.gentoo.org/glsa/202311-09", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2022-41725" + ], + "PublishedDate": "2023-02-28T18:15:10.12Z", + "LastModifiedDate": "2024-11-21T07:23:44.733Z" + }, + { + "VulnerabilityID": "CVE-2023-24534", + "VendorIDs": [ + "GO-2023-1704" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.8, 1.20.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24534", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:972e8f83c2e05947b1ac835779d76edf0e1888a8132802cb1fb85d1333cbb446", + "Title": "golang: net/http, net/textproto: denial of service from excessive memory allocation", + "Description": "HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24534", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/3991f6c41c7dfd167e889234c0cf1d840475e93c (go1.20.3)", + "https://github.com/golang/go/commit/d6759e7a059f4208f07aa781402841d7ddaaef96 (go1.19.8)", + "https://go.dev/cl/481994", + "https://go.dev/issue/58975", + "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", + "https://linux.oracle.com/cve/CVE-2023-24534.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24534", + "https://pkg.go.dev/vuln/GO-2023-1704", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230526-0007/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24534" + ], + "PublishedDate": "2023-04-06T16:15:07.657Z", + "LastModifiedDate": "2025-02-12T18:15:19.837Z" + }, + { + "VulnerabilityID": "CVE-2023-24536", + "VendorIDs": [ + "GO-2023-1705" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.8, 1.20.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24536", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:81885dda742ccaa999d19161793546c14fabd5067cd676ac9836ab3356812310", + "Title": "golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption", + "Description": "Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24536", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/7917b5f31204528ea72e0629f0b7d52b35b27538 (go.1.19.8)", + "https://github.com/golang/go/commit/bf8c7c575c8a552d9d79deb29e80854dc88528d0 (go1.20.3)", + "https://go.dev/cl/482075", + "https://go.dev/cl/482076", + "https://go.dev/cl/482077", + "https://go.dev/issue/59153", + "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", + "https://linux.oracle.com/cve/CVE-2023-24536.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24536", + "https://pkg.go.dev/vuln/GO-2023-1705", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230526-0007/", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24536" + ], + "PublishedDate": "2023-04-06T16:15:07.71Z", + "LastModifiedDate": "2025-02-12T18:15:20.083Z" + }, + { + "VulnerabilityID": "CVE-2023-24537", + "VendorIDs": [ + "GO-2023-1702" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.8, 1.20.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24537", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d3e9ace5a6688a352012c8d8cc8f39da8a3d3936a4ff893990dd4184c891c6be", + "Title": "golang: go/parser: Infinite loop in parsing", + "Description": "Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24537", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/126a1d02da82f93ede7ce0bd8d3c51ef627f2104 (go1.19.8)", + "https://github.com/golang/go/commit/e7c4b07ecf6b367f1afc9cc48cde963829dd0aab (go1.20.3)", + "https://github.com/golang/go/issues/59180", + "https://go.dev/cl/482078", + "https://go.dev/issue/59180", + "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", + "https://linux.oracle.com/cve/CVE-2023-24537.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24537", + "https://pkg.go.dev/vuln/GO-2023-1702", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20241129-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24537" + ], + "PublishedDate": "2023-04-06T16:15:07.753Z", + "LastModifiedDate": "2025-02-12T17:15:13.973Z" + }, + { + "VulnerabilityID": "CVE-2023-24539", + "VendorIDs": [ + "GO-2023-1751" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.9, 1.20.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24539", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bdfedff25c419e1a29cedfaf8b2ded39e7a02de5fe8c289b30164937f01a5436", + "Title": "golang: html/template: improper sanitization of CSS values", + "Description": "Angle brackets (\u003c\u003e) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-74", + "CWE-94" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24539", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/090590fdccc8442728aa31601927da1bf2ef1288 (go1.20.4)", + "https://github.com/golang/go/commit/e49282327b05192e46086bf25fd3ac691205fe80 (go1.19.9)", + "https://github.com/golang/go/issues/59720", + "https://go.dev/cl/491615", + "https://go.dev/issue/59720", + "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", + "https://linux.oracle.com/cve/CVE-2023-24539.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24539", + "https://pkg.go.dev/vuln/GO-2023-1751", + "https://security.netapp.com/advisory/ntap-20241129-0005/", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24539" + ], + "PublishedDate": "2023-05-11T16:15:09.6Z", + "LastModifiedDate": "2025-01-24T17:15:10.67Z" + }, + { + "VulnerabilityID": "CVE-2023-29400", + "VendorIDs": [ + "GO-2023-1753" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.9, 1.20.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29400", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9a2e83e8c6c052945dd72db18389ad1cfebc272cd598538d894f0c0847838298", + "Title": "golang: html/template: improper handling of empty HTML attributes", + "Description": "Templates containing actions in unquoted HTML attributes (e.g. \"attr={{.}}\") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-74", + "CWE-94" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-29400", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/337dd75343145b74ed2073d793322eb4103b56ad (go1.20.4)", + "https://github.com/golang/go/commit/9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5 (go1.19.9)", + "https://github.com/golang/go/issues/59722", + "https://go.dev/cl/491617", + "https://go.dev/issue/59722", + "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", + "https://linux.oracle.com/cve/CVE-2023-29400.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29400", + "https://pkg.go.dev/vuln/GO-2023-1753", + "https://security.netapp.com/advisory/ntap-20241213-0005/", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29400" + ], + "PublishedDate": "2023-05-11T16:15:09.85Z", + "LastModifiedDate": "2025-01-24T17:15:12.747Z" + }, + { + "VulnerabilityID": "CVE-2023-29403", + "VendorIDs": [ + "GO-2023-1840" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.10, 1.20.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29403", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c318c40a0a611e885cda10e51a384fdc124fd9a8dece3cb2f6d55df9a57eda4d", + "Title": "golang: runtime: unexpected behavior of setuid/setgid binaries", + "Description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-668" + ], + "VendorSeverity": { + "alma": 4, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 4, + "photon": 3, + "redhat": 3, + "rocky": 4, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3923", + "https://access.redhat.com/security/cve/CVE-2023-29403", + "https://bugzilla.redhat.com/2216965", + "https://bugzilla.redhat.com/2217562", + "https://bugzilla.redhat.com/2217565", + "https://bugzilla.redhat.com/2217569", + "https://bugzilla.redhat.com/show_bug.cgi?id=2216965", + "https://bugzilla.redhat.com/show_bug.cgi?id=2217562", + "https://bugzilla.redhat.com/show_bug.cgi?id=2217565", + "https://bugzilla.redhat.com/show_bug.cgi?id=2217569", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29402", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29403", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29405", + "https://errata.almalinux.org/9/ALSA-2023-3923.html", + "https://errata.rockylinux.org/RLSA-2023:3923", + "https://github.com/golang/go/commit/36144ba429ef2650940c72e7a0b932af3612d420 (go1.20.5)", + "https://github.com/golang/go/commit/a7b1cd452ddc69a6606c2f35ac5786dc892e62cb (go1.19.10)", + "https://github.com/golang/go/issues/60272", + "https://go.dev/cl/501223", + "https://go.dev/issue/60272", + "https://groups.google.com/g/golang-announce/c/q5135a9d924", + "https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ", + "https://linux.oracle.com/cve/CVE-2023-29403.html", + "https://linux.oracle.com/errata/ELSA-2023-3923.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZ2O6YCO2IZMZJELQGZYR2WAUNEDLYV6/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBS3IIK6ADV24C5ULQU55QLT2UE762ZX/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29403", + "https://pkg.go.dev/vuln/GO-2023-1840", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20241220-0009/", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29403" + ], + "PublishedDate": "2023-06-08T21:15:16.927Z", + "LastModifiedDate": "2025-01-06T20:15:25.82Z" + }, + { + "VulnerabilityID": "CVE-2023-39325", + "VendorIDs": [ + "GHSA-4374-p667-p6c8", + "GO-2023-2102" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.20.10, 1.21.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39325", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:32f3ae9d667c42356b100251444303b7961e32422f764a487b7a8bf9be1b112f", + "Title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", + "Description": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "redhat": 3, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "golang.org/x/net", + "https://access.redhat.com/errata/RHSA-2023:6077", + "https://access.redhat.com/security/cve/CVE-2023-39325", + "https://access.redhat.com/security/cve/CVE-2023-44487", + "https://bugzilla.redhat.com/2242803", + "https://bugzilla.redhat.com/2243296", + "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243296", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487", + "https://errata.almalinux.org/9/ALSA-2023-6077.html", + "https://errata.rockylinux.org/RLSA-2023:6077", + "https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21]", + "https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20]", + "https://github.com/golang/go/issues/63417", + "https://go.dev/cl/534215", + "https://go.dev/cl/534235", + "https://go.dev/issue/63417", + "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", + "https://linux.oracle.com/cve/CVE-2023-39325.html", + "https://linux.oracle.com/errata/ELSA-2023-5867.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", + "https://pkg.go.dev/vuln/GO-2023-2102", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20231110-0008", + "https://security.netapp.com/advisory/ntap-20231110-0008/", + "https://ubuntu.com/security/notices/USN-6574-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", + "https://www.cve.org/CVERecord?id=CVE-2023-39325" + ], + "PublishedDate": "2023-10-11T22:15:09.88Z", + "LastModifiedDate": "2024-11-21T08:15:09.627Z" + }, + { + "VulnerabilityID": "CVE-2023-45283", + "VendorIDs": [ + "GO-2023-2185" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.20.11, 1.21.4, 1.20.12, 1.21.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f181b31a0b2199ef517f005c9ed002a9ae262fb48388e66615df82ba5399c79b", + "Title": "The filepath package does not recognize paths with a \\??\\ prefix as sp ...", + "Description": "The filepath package does not recognize paths with a \\??\\ prefix as special. On Windows, a path beginning with \\??\\ is a Root Local Device path equivalent to a path beginning with \\\\?\\. Paths with a \\??\\ prefix may be used to access arbitrary locations on the system. For example, the path \\??\\c:\\x is equivalent to the more common path c:\\x. Before fix, Clean could convert a rooted path such as \\a\\..\\??\\b into the root local device path \\??\\b. Clean will now convert this to .\\??\\b. Similarly, Join(\\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \\??\\b. Join will now convert this to \\.\\??\\b. In addition, with fix, IsAbs now correctly reports paths beginning with \\??\\ as absolute, and VolumeName correctly reports the \\??\\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \\?, resulting in filepath.Clean(\\?\\c:) returning \\?\\c: rather than \\?\\c:\\ (among other effects). The previous behavior has been restored.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "amazon": 2, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "photon": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/12/05/2", + "https://go.dev/cl/540277", + "https://go.dev/cl/541175", + "https://go.dev/issue/63713", + "https://go.dev/issue/64028", + "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY", + "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45283", + "https://pkg.go.dev/vuln/GO-2023-2185", + "https://security.netapp.com/advisory/ntap-20231214-0008/" + ], + "PublishedDate": "2023-11-09T17:15:08.757Z", + "LastModifiedDate": "2024-11-21T08:26:41.567Z" + }, + { + "VulnerabilityID": "CVE-2023-45287", + "VendorIDs": [ + "GO-2023-2375" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.20.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45287", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a281efe4814305f41f4e9a85bb2afed9ea1d5961a3c90f2dd01ea7ad6a756cba", + "Title": "golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.", + "Description": "Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-203" + ], + "VendorSeverity": { + "alma": 2, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2272", + "https://access.redhat.com/security/cve/CVE-2023-45287", + "https://bugzilla.redhat.com/2253193", + "https://bugzilla.redhat.com/2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", + "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", + "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", + "https://errata.almalinux.org/9/ALSA-2024-2272.html", + "https://errata.rockylinux.org/RLSA-2024:2988", + "https://go.dev/cl/326012/26", + "https://go.dev/issue/20654", + "https://groups.google.com/g/golang-announce/c/QMK8IQALDvA", + "https://linux.oracle.com/cve/CVE-2023-45287.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45287", + "https://people.redhat.com/~hkario/marvin/", + "https://pkg.go.dev/vuln/GO-2023-2375", + "https://security.netapp.com/advisory/ntap-20240112-0005/", + "https://www.cve.org/CVERecord?id=CVE-2023-45287" + ], + "PublishedDate": "2023-12-05T17:15:08.57Z", + "LastModifiedDate": "2024-11-21T08:26:42.25Z" + }, + { + "VulnerabilityID": "CVE-2023-45288", + "VendorIDs": [ + "GHSA-4v7x-pqxf-cx7m", + "GO-2024-2687" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.21.9, 1.22.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f6be9f62129c24e80b5597380b940118bd36ed754f613d2fb0845717789a3f5e", + "Title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", + "Description": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/04/03/16", + "http://www.openwall.com/lists/oss-security/2024/04/05/4", + "https://access.redhat.com/errata/RHSA-2024:2724", + "https://access.redhat.com/security/cve/CVE-2023-45288", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268018", + "https://bugzilla.redhat.com/2268019", + "https://bugzilla.redhat.com/2268273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://errata.almalinux.org/9/ALSA-2024-2724.html", + "https://errata.rockylinux.org/RLSA-2024:2724", + "https://go.dev/cl/576155", + "https://go.dev/issue/65051", + "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M", + "https://kb.cert.org/vuls/id/421644", + "https://linux.oracle.com/cve/CVE-2023-45288.html", + "https://linux.oracle.com/errata/ELSA-2024-3346.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/", + "https://nowotarski.info/http2-continuation-flood-technical-details", + "https://nowotarski.info/http2-continuation-flood/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45288", + "https://pkg.go.dev/vuln/GO-2024-2687", + "https://security.netapp.com/advisory/ntap-20240419-0009", + "https://security.netapp.com/advisory/ntap-20240419-0009/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2023-45288", + "https://www.kb.cert.org/vuls/id/421644" + ], + "PublishedDate": "2024-04-04T21:15:16.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-34156", + "VendorIDs": [ + "GO-2024-3106" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.22.7, 1.23.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34156", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:37d8bcf0b840db0ef0ae42b284dbf936b2cca9cbd0f17d9b260c3a92eed4c881", + "Title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion", + "Description": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:3773", + "https://access.redhat.com/security/cve/CVE-2024-34156", + "https://bugzilla.redhat.com/2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.almalinux.org/9/ALSA-2025-3773.html", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7)", + "https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1)", + "https://go.dev/cl/611239", + "https://go.dev/issue/69139", + "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", + "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", + "https://linux.oracle.com/cve/CVE-2024-34156.html", + "https://linux.oracle.com/errata/ELSA-2025-3773.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-34156", + "https://pkg.go.dev/vuln/GO-2024-3106", + "https://security.netapp.com/advisory/ntap-20240926-0004/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-34156" + ], + "PublishedDate": "2024-09-06T21:15:12.02Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61726", + "VendorIDs": [ + "GO-2026-4341" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:181c81d64a32e335780303fc7761d90274ebc76aff13fcf7cd9f49bed47ac1b4", + "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", + "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 3, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-61726", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://go.dev/cl/736712", + "https://go.dev/issue/77101", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61726.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", + "https://pkg.go.dev/vuln/GO-2026-4341", + "https://www.cve.org/CVERecord?id=CVE-2025-61726" + ], + "PublishedDate": "2026-01-28T20:16:09.713Z", + "LastModifiedDate": "2026-02-06T18:47:34.52Z" + }, + { + "VulnerabilityID": "CVE-2025-61729", + "VendorIDs": [ + "GO-2025-4155" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:abe15e6f740d63febc0702199fa3be24f1647f94e0d2aeece2decf0c7cdd60c4", + "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", + "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 1, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3928", + "https://access.redhat.com/security/cve/CVE-2025-61729", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3928.html", + "https://errata.rockylinux.org/RLSA-2026:3928", + "https://go.dev/cl/725920", + "https://go.dev/issue/76445", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://linux.oracle.com/cve/CVE-2025-61729.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", + "https://pkg.go.dev/vuln/GO-2025-4155", + "https://www.cve.org/CVERecord?id=CVE-2025-61729" + ], + "PublishedDate": "2025-12-02T19:15:51.447Z", + "LastModifiedDate": "2025-12-19T18:25:28.283Z" + }, + { + "VulnerabilityID": "CVE-2026-25679", + "VendorIDs": [ + "GO-2026-4601" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5d811edcb18298105199bbdf6697cba230737a059a3cd8cc23efcc76f080a1a9", + "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", + "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-425" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9044", + "https://access.redhat.com/security/cve/CVE-2026-25679", + "https://bugzilla.redhat.com/2445356", + "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", + "https://errata.almalinux.org/9/ALSA-2026-9044.html", + "https://errata.rockylinux.org/RLSA-2026:8841", + "https://go.dev/cl/752180", + "https://go.dev/issue/77578", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://linux.oracle.com/cve/CVE-2026-25679.html", + "https://linux.oracle.com/errata/ELSA-2026-9044.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", + "https://pkg.go.dev/vuln/GO-2026-4601", + "https://www.cve.org/CVERecord?id=CVE-2026-25679" + ], + "PublishedDate": "2026-03-06T22:16:00.72Z", + "LastModifiedDate": "2026-04-21T14:43:03.8Z" + }, + { + "VulnerabilityID": "CVE-2026-32280", + "VendorIDs": [ + "GO-2026-4947" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7ba4c6d596d13262ce37232d2662abbf7ecae4b02510be295052cab82b3bdb7f", + "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", + "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32280", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/758320", + "https://go.dev/issue/78282", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32280.html", + "https://linux.oracle.com/errata/ELSA-2026-16875.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", + "https://pkg.go.dev/vuln/GO-2026-4947", + "https://www.cve.org/CVERecord?id=CVE-2026-32280" + ], + "PublishedDate": "2026-04-08T02:16:03.247Z", + "LastModifiedDate": "2026-04-16T19:16:42.18Z" + }, + { + "VulnerabilityID": "CVE-2026-32281", + "VendorIDs": [ + "GO-2026-4946" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e56849be0f1dce8c8b91afbb9346e451bb9970fa48251c32ce9015cafb71d70b", + "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", + "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32281", + "https://go.dev/cl/758061", + "https://go.dev/issue/78281", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", + "https://pkg.go.dev/vuln/GO-2026-4946", + "https://www.cve.org/CVERecord?id=CVE-2026-32281" + ], + "PublishedDate": "2026-04-08T02:16:03.35Z", + "LastModifiedDate": "2026-04-16T19:15:57.75Z" + }, + { + "VulnerabilityID": "CVE-2026-32283", + "VendorIDs": [ + "GO-2026-4870" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6f3c01031a807df8cbc956c45d9f624dfe330b46a6ce5a21b3029d5662a0dfc5", + "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", + "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32283", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763767", + "https://go.dev/issue/78334", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32283.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", + "https://pkg.go.dev/vuln/GO-2026-4870", + "https://www.cve.org/CVERecord?id=CVE-2026-32283" + ], + "PublishedDate": "2026-04-08T02:16:03.58Z", + "LastModifiedDate": "2026-04-16T19:12:10.54Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:83120e85f61a7c54b012cbcdaafa3983ab5a5f45943d3f7e789dd43f232c5625", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4f45024d3fd77f6e8ceb3121c8db4ceb6ceec9766749095125b24bc44ca97f85", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:248ea6931e7670cfdab2dab79cab4bed8ed1cd3c9f66c8c7535f0ae4fb47a67d", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:76929011b788af6a3291a3b5100a0ceec6807048039ca552c55c6ddb11518ee8", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bc0c240af7bad79be8cc558195a2eacaaaf3e3e47179c7cca74bb686050b4c7d", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2023-24532", + "VendorIDs": [ + "GO-2023-1621" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.7, 1.20.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24532", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:29671bca4f9eb6693c2d8d3f38cc67c380adb1b80a302cb311917ab32ae42cec", + "Title": "golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results", + "Description": "The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-682" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-24532", + "https://go.dev/cl/471255", + "https://go.dev/issue/58647", + "https://groups.google.com/g/golang-announce/c/3-TpUx48iQY", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24532", + "https://pkg.go.dev/vuln/GO-2023-1621", + "https://security.netapp.com/advisory/ntap-20230331-0011/", + "https://www.cve.org/CVERecord?id=CVE-2023-24532" + ], + "PublishedDate": "2023-03-08T20:15:09.413Z", + "LastModifiedDate": "2024-11-21T07:48:04.383Z" + }, + { + "VulnerabilityID": "CVE-2023-29406", + "VendorIDs": [ + "GO-2023-1878" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.11, 1.20.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29406", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:38e3f306d927d80632017510da112f9ce1b1bedbf99016453c9662b589b3cd32", + "Title": "golang: net/http: insufficient sanitization of Host header", + "Description": "The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-436" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-29406", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2242871", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:7202", + "https://github.com/golang/go/commit/312920c00aac9897b2a0693e752390b5b0711a5a (go1.20.6)", + "https://github.com/golang/go/commit/5fa6923b1ea891400153d04ddf1545e23b40041b (go1.19.11)", + "https://github.com/golang/go/issues/60374", + "https://go.dev/cl/506996", + "https://go.dev/issue/60374", + "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0", + "https://linux.oracle.com/cve/CVE-2023-29406.html", + "https://linux.oracle.com/errata/ELSA-2023-7202.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29406", + "https://pkg.go.dev/vuln/GO-2023-1878", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230814-0002/", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29406" + ], + "PublishedDate": "2023-07-11T20:15:10.643Z", + "LastModifiedDate": "2024-11-21T07:56:59.913Z" + }, + { + "VulnerabilityID": "CVE-2023-29409", + "VendorIDs": [ + "GO-2023-1987" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.12, 1.20.7, 1.21.0-rc.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29409", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4d5f55332c355531dd1f13f52555279ea58f0e77a154b78d2831f65bdef27718", + "Title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys", + "Description": "Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to \u003c= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:7766", + "https://access.redhat.com/security/cve/CVE-2023-29409", + "https://bugzilla.redhat.com/2228743", + "https://bugzilla.redhat.com/2237773", + "https://bugzilla.redhat.com/2237776", + "https://bugzilla.redhat.com/2237777", + "https://bugzilla.redhat.com/2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", + "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", + "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", + "https://errata.almalinux.org/9/ALSA-2023-7766.html", + "https://errata.rockylinux.org/RLSA-2024:2988", + "https://go.dev/cl/515257", + "https://go.dev/issue/61460", + "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ", + "https://linux.oracle.com/cve/CVE-2023-29409.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29409", + "https://pkg.go.dev/vuln/GO-2023-1987", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230831-0010/", + "https://www.cve.org/CVERecord?id=CVE-2023-29409" + ], + "PublishedDate": "2023-08-02T20:15:11.94Z", + "LastModifiedDate": "2024-11-21T07:57:00.287Z" + }, + { + "VulnerabilityID": "CVE-2023-39318", + "VendorIDs": [ + "GO-2023-2041" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.20.8, 1.21.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39318", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5068dedd2bdbac42f4ffb3fa94bd0e312cc32031f1a05c5040539212088c5b2b", + "Title": "golang: html/template: improper handling of HTML-like comments within script contexts", + "Description": "The html/template package does not properly handle HTML-like \"\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2160", + "https://access.redhat.com/security/cve/CVE-2023-39318", + "https://bugzilla.redhat.com/2237773", + "https://bugzilla.redhat.com/2237776", + "https://bugzilla.redhat.com/2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", + "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", + "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", + "https://errata.almalinux.org/9/ALSA-2024-2160.html", + "https://errata.rockylinux.org/RLSA-2024:2988", + "https://github.com/golang/go/commit/023b542edf38e2a1f87fcefb9f75ff2f99401b4c (go1.20.8)", + "https://github.com/golang/go/commit/b0e1d3ea26e8e8fce7726690c9ef0597e60739fb (go1.21.1)", + "https://go.dev/cl/526156", + "https://go.dev/issue/62196", + "https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM", + "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", + "https://linux.oracle.com/cve/CVE-2023-39318.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-39318", + "https://pkg.go.dev/vuln/GO-2023-2041", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20231020-0009/", + "https://ubuntu.com/security/notices/USN-6574-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://vuln.go.dev/ID/GO-2023-2041.json", + "https://www.cve.org/CVERecord?id=CVE-2023-39318" + ], + "PublishedDate": "2023-09-08T17:15:27.823Z", + "LastModifiedDate": "2024-11-21T08:15:08.737Z" + }, + { + "VulnerabilityID": "CVE-2023-39319", + "VendorIDs": [ + "GO-2023-2043" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.20.8, 1.21.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39319", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e4d6e843468339cde7a767bb38d37de85cfc1d9e662b67545087b4d46fead81f", + "Title": "golang: html/template: improper handling of special tags within script contexts", + "Description": "The html/template package does not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2160", + "https://access.redhat.com/security/cve/CVE-2023-39319", + "https://bugzilla.redhat.com/2237773", + "https://bugzilla.redhat.com/2237776", + "https://bugzilla.redhat.com/2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", + "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", + "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", + "https://errata.almalinux.org/9/ALSA-2024-2160.html", + "https://errata.rockylinux.org/RLSA-2024:2988", + "https://github.com/golang/go/commit/2070531d2f53df88e312edace6c8dfc9686ab2f5 (go1.20.8)", + "https://github.com/golang/go/commit/bbd043ff0d6d59f1a9232d31ecd5eacf6507bf6a (go1.21.1)", + "https://go.dev/cl/526157", + "https://go.dev/issue/62197", + "https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM", + "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", + "https://linux.oracle.com/cve/CVE-2023-39319.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-39319", + "https://pkg.go.dev/vuln/GO-2023-2043", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20231020-0009/", + "https://ubuntu.com/security/notices/USN-6574-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://vuln.go.dev/ID/GO-2023-2043.json", + "https://www.cve.org/CVERecord?id=CVE-2023-39319" + ], + "PublishedDate": "2023-09-08T17:15:27.91Z", + "LastModifiedDate": "2024-11-21T08:15:08.89Z" + }, + { + "VulnerabilityID": "CVE-2023-39326", + "VendorIDs": [ + "GO-2023-2382" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.20.12, 1.21.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39326", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:41179a56d694ad09d1ddc67c1fc96f31b62f79bce42b1744f42d4ffde2c0866e", + "Title": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests", + "Description": "A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2272", + "https://access.redhat.com/security/cve/CVE-2023-39326", + "https://bugzilla.redhat.com/2253193", + "https://bugzilla.redhat.com/2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", + "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", + "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", + "https://errata.almalinux.org/9/ALSA-2024-2272.html", + "https://errata.rockylinux.org/RLSA-2024:2988", + "https://github.com/golang/go/commit/6446af942e2e2b161c4ec1b60d9703a2b55dc4dd (go1.20.12)", + "https://github.com/golang/go/commit/ec8c526e4be720e94b98ca509e6364f0efaf28f7 (go1.21.5)", + "https://go.dev/cl/547335", + "https://go.dev/issue/64433", + "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", + "https://linux.oracle.com/cve/CVE-2023-39326.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIU6HOGV6RRIKWM57LOXQA75BGZSIH6G/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-39326", + "https://pkg.go.dev/vuln/GO-2023-2382", + "https://ubuntu.com/security/notices/USN-6574-1", + "https://www.cve.org/CVERecord?id=CVE-2023-39326" + ], + "PublishedDate": "2023-12-06T17:15:07.147Z", + "LastModifiedDate": "2024-11-21T08:15:09.89Z" + }, + { + "VulnerabilityID": "CVE-2023-45284", + "VendorIDs": [ + "GO-2023-2186" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.20.11, 1.21.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45284", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:224aa7cafc846f9e8320ccee4b9e4ff4b77f2a7d0c1ea5ced378ea0ee75a61f3", + "Title": "On Windows, The IsLocal function does not correctly detect reserved de ...", + "Description": "On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as \"COM1 \", and reserved names \"COM\" and \"LPT\" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "photon": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/540277", + "https://go.dev/issue/63713", + "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45284", + "https://pkg.go.dev/vuln/GO-2023-2186" + ], + "PublishedDate": "2023-11-09T17:15:08.813Z", + "LastModifiedDate": "2024-11-21T08:26:41.737Z" + }, + { + "VulnerabilityID": "CVE-2023-45289", + "VendorIDs": [ + "GO-2024-2600" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:70cd8eea89882d751fcc2faeb412709535d7586c7afac25c554cf7eb435dc09a", + "Title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", + "Description": "When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:2724", + "https://access.redhat.com/security/cve/CVE-2023-45289", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268018", + "https://bugzilla.redhat.com/2268019", + "https://bugzilla.redhat.com/2268273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://errata.almalinux.org/9/ALSA-2024-2724.html", + "https://errata.rockylinux.org/RLSA-2024:2724", + "https://github.com/golang/go/commit/20586c0dbe03d144f914155f879fa5ee287591a1 (go1.21.8)", + "https://github.com/golang/go/commit/3a855208e3efed2e9d7c20ad023f1fa78afcc0be (go1.22.1)", + "https://github.com/golang/go/issues/65065", + "https://go.dev/cl/569340", + "https://go.dev/issue/65065", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2023-45289.html", + "https://linux.oracle.com/errata/ELSA-2024-3346.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", + "https://pkg.go.dev/vuln/GO-2024-2600", + "https://security.netapp.com/advisory/ntap-20240329-0006/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://www.cve.org/CVERecord?id=CVE-2023-45289" + ], + "PublishedDate": "2024-03-05T23:15:07.137Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2023-45290", + "VendorIDs": [ + "GO-2024-2599" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45290", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e31c5afe6927f3943c4a81abe6a9624cfa8561345ed7c0a8276192d95a2a31d5", + "Title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", + "Description": "When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:9135", + "https://access.redhat.com/security/cve/CVE-2023-45290", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268022", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://errata.almalinux.org/9/ALSA-2024-9135.html", + "https://errata.rockylinux.org/RLSA-2024:9135", + "https://github.com/golang/go/commit/041a47712e765e94f86d841c3110c840e76d8f82 (go1.22.1)", + "https://github.com/golang/go/commit/bf80213b121074f4ad9b449410a4d13bae5e9be0 (go1.21.8)", + "https://github.com/golang/go/issues/65383", + "https://go.dev/cl/569341", + "https://go.dev/issue/65383", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2023-45290.html", + "https://linux.oracle.com/errata/ELSA-2024-8038.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45290", + "https://pkg.go.dev/vuln/GO-2024-2599", + "https://security.netapp.com/advisory/ntap-20240329-0004", + "https://security.netapp.com/advisory/ntap-20240329-0004/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2023-45290" + ], + "PublishedDate": "2024-03-05T23:15:07.21Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-24783", + "VendorIDs": [ + "GO-2024-2598" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24783", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c94893d8d04872a7a9ed7cfb56b0171957f4bdd080870a84754b9ff979de3592", + "Title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", + "Description": "Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:6195", + "https://access.redhat.com/security/cve/CVE-2024-24783", + "https://bugzilla.redhat.com/2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://errata.almalinux.org/9/ALSA-2024-6195.html", + "https://errata.rockylinux.org/RLSA-2024:2724", + "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp", + "https://github.com/golang/go/commit/337b8e9cbfa749d9d5c899e0dc358e2208d5e54f (go1.22.1)", + "https://github.com/golang/go/commit/be5b52bea674190ef7de272664be6c7ae93ec5a0 (go1.21.8)", + "https://github.com/golang/go/issues/65390", + "https://go.dev/cl/569339", + "https://go.dev/issue/65390", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2024-24783.html", + "https://linux.oracle.com/errata/ELSA-2024-6969.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24783", + "https://pkg.go.dev/vuln/GO-2024-2598", + "https://security.netapp.com/advisory/ntap-20240329-0005", + "https://security.netapp.com/advisory/ntap-20240329-0005/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24783" + ], + "PublishedDate": "2024-03-05T23:15:07.683Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-24784", + "VendorIDs": [ + "GO-2024-2609" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24784", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:49b7957f7b2c18863c9e96dc47db5f04708fd4aeb38d35e5ea62473fa761aa4c", + "Title": "golang: net/mail: comments in display names are incorrectly handled", + "Description": "The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:2562", + "https://access.redhat.com/security/cve/CVE-2024-24784", + "https://bugzilla.redhat.com/2262921", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268018", + "https://bugzilla.redhat.com/2268019", + "https://bugzilla.redhat.com/2268021", + "https://bugzilla.redhat.com/2268022", + "https://bugzilla.redhat.com/2268273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262921", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268021", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24784", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", + "https://errata.almalinux.org/9/ALSA-2024-2562.html", + "https://errata.rockylinux.org/RLSA-2024:2562", + "https://github.com/golang/go/commit/263c059b09fdd40d9dd945f2ecb20c89ea28efe5 (go1.21.8)", + "https://github.com/golang/go/commit/5330cd225ba54c7dc78c1b46dcdf61a4671a632c (go1.22.1)", + "https://github.com/golang/go/issues/65083", + "https://go.dev/cl/555596", + "https://go.dev/issue/65083", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2024-24784.html", + "https://linux.oracle.com/errata/ELSA-2024-6969.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24784", + "https://pkg.go.dev/vuln/GO-2024-2609", + "https://security.netapp.com/advisory/ntap-20240329-0007/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24784" + ], + "PublishedDate": "2024-03-05T23:15:07.733Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-24785", + "VendorIDs": [ + "GO-2024-2610" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24785", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:cee21c20d0d01583b7478be478d26da0beed4077249a0a9e4523d28727a5c8db", + "Title": "golang: html/template: errors returned from MarshalJSON methods may break template escaping", + "Description": "If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:9135", + "https://access.redhat.com/security/cve/CVE-2024-24785", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268022", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://errata.almalinux.org/9/ALSA-2024-9135.html", + "https://errata.rockylinux.org/RLSA-2024:9135", + "https://github.com/golang/go/commit/056b0edcb8c152152021eebf4cf42adbfbe77992 (go1.22.1)", + "https://github.com/golang/go/commit/3643147a29352ca2894fd5d0d2069bc4b4335a7e (go1.21.8)", + "https://github.com/golang/go/issues/65697", + "https://go.dev/cl/564196", + "https://go.dev/issue/65697", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2024-24785.html", + "https://linux.oracle.com/errata/ELSA-2026-3428.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24785", + "https://pkg.go.dev/vuln/GO-2024-2610", + "https://security.netapp.com/advisory/ntap-20240329-0008/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://vuln.go.dev/ID/GO-2024-2610.json", + "https://www.cve.org/CVERecord?id=CVE-2024-24785" + ], + "PublishedDate": "2024-03-05T23:15:07.777Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-24789", + "VendorIDs": [ + "GO-2024-2888" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.21.11, 1.22.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24789", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:fba2082adce1e9d10e95bb8cf345b7f44868fa938996d5a40297d9b6b728705e", + "Title": "golang: archive/zip: Incorrect handling of certain ZIP files", + "Description": "The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/06/04/1", + "https://access.redhat.com/errata/RHSA-2024:9115", + "https://access.redhat.com/security/cve/CVE-2024-24789", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2292668", + "https://bugzilla.redhat.com/2292787", + "https://bugzilla.redhat.com/2294000", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144983", + "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", + "https://bugzilla.redhat.com/show_bug.cgi?id=2292668", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4122", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3727", + "https://errata.almalinux.org/9/ALSA-2024-9115.html", + "https://errata.rockylinux.org/RLSA-2024:9102", + "https://github.com/golang/go/commit/c8e40338cf00f3c1d86c8fb23863ad67a4c72bcc (1.21)", + "https://github.com/golang/go/commit/cf501ac0c5fe351a8582d20b43562027927906e7 (1.22)", + "https://github.com/golang/go/issues/66869", + "https://go.dev/cl/585397", + "https://go.dev/issue/66869", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", + "https://linux.oracle.com/cve/CVE-2024-24789.html", + "https://linux.oracle.com/errata/ELSA-2024-9115.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24789", + "https://pkg.go.dev/vuln/GO-2024-2888", + "https://security.netapp.com/advisory/ntap-20250131-0008/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24789" + ], + "PublishedDate": "2024-06-05T16:15:10.47Z", + "LastModifiedDate": "2025-01-31T15:15:12.74Z" + }, + { + "VulnerabilityID": "CVE-2024-24791", + "VendorIDs": [ + "GO-2024-2963" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.21.12, 1.22.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24791", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a338a1059fbb3495f90b1e1a875395f2887aef6aa80aa35ff9024cb41d7b3c36", + "Title": "net/http: Denial of service due to improper 100-continue handling in net/http", + "Description": "The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an \"Expect: 100-continue\" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending \"Expect: 100-continue\" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7256", + "https://access.redhat.com/security/cve/CVE-2024-24791", + "https://bugzilla.redhat.com/2237777", + "https://bugzilla.redhat.com/2237778", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2292787", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/2315719", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", + "https://errata.almalinux.org/9/ALSA-2025-7256.html", + "https://errata.rockylinux.org/RLSA-2025:7256", + "https://go.dev/cl/591255", + "https://go.dev/issue/67555", + "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ", + "https://linux.oracle.com/cve/CVE-2024-24791.html", + "https://linux.oracle.com/errata/ELSA-2025-7256.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24791", + "https://pkg.go.dev/vuln/GO-2024-2963", + "https://security.netapp.com/advisory/ntap-20241004-0004/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24791" + ], + "PublishedDate": "2024-07-02T22:15:04.833Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-34155", + "VendorIDs": [ + "GO-2024-3105" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.22.7, 1.23.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34155", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f62137d5251fcb141fc8399085898bcc5fb8643b0f533ab1408f0bc14be49687", + "Title": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion", + "Description": "Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:9459", + "https://access.redhat.com/security/cve/CVE-2024-34155", + "https://bugzilla.redhat.com/2310527", + "https://bugzilla.redhat.com/2310528", + "https://bugzilla.redhat.com/2310529", + "https://bugzilla.redhat.com/2315691", + "https://bugzilla.redhat.com/2315887", + "https://bugzilla.redhat.com/2317458", + "https://bugzilla.redhat.com/2317467", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", + "https://errata.almalinux.org/9/ALSA-2024-9459.html", + "https://errata.rockylinux.org/RLSA-2024:8039", + "https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1)", + "https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7)", + "https://go.dev/cl/611238", + "https://go.dev/issue/69138", + "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", + "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", + "https://linux.oracle.com/cve/CVE-2024-34155.html", + "https://linux.oracle.com/errata/ELSA-2024-9459.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-34155", + "https://pkg.go.dev/vuln/GO-2024-3105", + "https://security.netapp.com/advisory/ntap-20240926-0005/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-34155" + ], + "PublishedDate": "2024-09-06T21:15:11.947Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-34158", + "VendorIDs": [ + "GO-2024-3107" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.22.7, 1.23.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34158", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ae51e5d43fb278b56e41b3c170cdaf2711319f66578e4bfedc28c8d427174617", + "Title": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion", + "Description": "Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7118", + "https://access.redhat.com/security/cve/CVE-2024-34158", + "https://bugzilla.redhat.com/2262921", + "https://bugzilla.redhat.com/2310529", + "https://bugzilla.redhat.com/2315719", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", + "https://errata.almalinux.org/9/ALSA-2025-7118.html", + "https://errata.rockylinux.org/RLSA-2024:8039", + "https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1)", + "https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7)", + "https://go.dev/cl/611240", + "https://go.dev/issue/69141", + "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", + "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", + "https://linux.oracle.com/cve/CVE-2024-34158.html", + "https://linux.oracle.com/errata/ELSA-2025-7118.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-34158", + "https://pkg.go.dev/vuln/GO-2024-3107", + "https://security.netapp.com/advisory/ntap-20241004-0003/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-34158" + ], + "PublishedDate": "2024-09-06T21:15:12.083Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-45336", + "VendorIDs": [ + "GO-2025-3420" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c14ef97ec56baf2619235292569636b8f123c7f0cc112f0b4c01a95499c2295d", + "Title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", + "Description": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:3772", + "https://access.redhat.com/security/cve/CVE-2024-45336", + "https://bugzilla.redhat.com/2341750", + "https://bugzilla.redhat.com/2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.almalinux.org/8/ALSA-2025-3772.html", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/issues/70530", + "https://go.dev/cl/643100", + "https://go.dev/issue/70530", + "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI", + "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", + "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", + "https://linux.oracle.com/cve/CVE-2024-45336.html", + "https://linux.oracle.com/errata/ELSA-2025-7592.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-45336", + "https://pkg.go.dev/vuln/GO-2025-3420", + "https://security.netapp.com/advisory/ntap-20250221-0003/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2024-45336" + ], + "PublishedDate": "2025-01-28T02:15:28.807Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-0913", + "VendorIDs": [ + "GO-2025-3750" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:14ddebbee470370c02c409a533d7ea4a592dad4b8c1c98a240858f92d196810b", + "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", + "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://go.dev/cl/672396", + "https://go.dev/issue/73702", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", + "https://pkg.go.dev/vuln/GO-2025-3750" + ], + "PublishedDate": "2025-06-11T18:15:24.627Z", + "LastModifiedDate": "2025-08-08T14:53:03.55Z" + }, + { + "VulnerabilityID": "CVE-2025-22866", + "VendorIDs": [ + "GO-2025-3447" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:fdab53a51469005bfd93892d21e0dc7586862838f05b58c7a4102b9104683122", + "Title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", + "Description": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22866", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12)", + "https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6)", + "https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)", + "https://github.com/golang/go/issues/71383", + "https://go.dev/cl/643735", + "https://go.dev/issue/71383", + "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", + "https://linux.oracle.com/cve/CVE-2025-22866.html", + "https://linux.oracle.com/errata/ELSA-2025-7466.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22866", + "https://pkg.go.dev/vuln/GO-2025-3447", + "https://security.netapp.com/advisory/ntap-20250221-0002/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22866" + ], + "PublishedDate": "2025-02-06T17:15:21.41Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22870", + "VendorIDs": [ + "GHSA-qxp5-gwg8-xv66", + "GO-2025-3503" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.23.7, 1.24.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2907e9ab9b01a306610b07f7cea441309f05d427c9abfcc859c3e6d8605e772a", + "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", + "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-115" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/03/07/2", + "https://access.redhat.com/security/cve/CVE-2025-22870", + "https://github.com/golang/go/issues/71984", + "https://go-review.googlesource.com/q/project:net", + "https://go.dev/cl/654697", + "https://go.dev/issue/71984", + "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", + "https://pkg.go.dev/vuln/GO-2025-3503", + "https://security.netapp.com/advisory/ntap-20250509-0007", + "https://security.netapp.com/advisory/ntap-20250509-0007/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22870" + ], + "PublishedDate": "2025-03-12T19:15:38.31Z", + "LastModifiedDate": "2026-04-16T23:16:32.86Z" + }, + { + "VulnerabilityID": "CVE-2025-22871", + "VendorIDs": [ + "GO-2025-3563" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.23.8, 1.24.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:28fbf2d6b32cb8c3fd90e4177de755d5fbb8509f117c5561d95b1fc490b889ed", + "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", + "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 3, + "ghsa": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/04/4", + "https://access.redhat.com/errata/RHSA-2025:9635", + "https://access.redhat.com/security/cve/CVE-2025-22871", + "https://bugzilla.redhat.com/2358493", + "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", + "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", + "https://errata.almalinux.org/9/ALSA-2025-9635.html", + "https://errata.rockylinux.org/RLSA-2025:9635", + "https://github.com/roadrunner-server/roadrunner", + "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", + "https://github.com/roadrunner-server/roadrunner/issues/2166", + "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", + "https://go.dev/cl/652998", + "https://go.dev/issue/71988", + "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", + "https://linux.oracle.com/cve/CVE-2025-22871.html", + "https://linux.oracle.com/errata/ELSA-2025-9845.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", + "https://pkg.go.dev/vuln/GO-2025-3563", + "https://www.cve.org/CVERecord?id=CVE-2025-22871" + ], + "PublishedDate": "2025-04-08T20:15:20.183Z", + "LastModifiedDate": "2026-05-12T13:16:39.897Z" + }, + { + "VulnerabilityID": "CVE-2025-22873", + "VendorIDs": [ + "GO-2026-4403" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.23.9, 1.24.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:00d7abccbe5efbc0f96ae5f671a7af06d8ccdee974d39f5944c3cce4748da71e", + "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", + "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-23" + ], + "VendorSeverity": { + "amazon": 2, + "bitnami": 1, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "V3Score": 3.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/06/2", + "https://access.redhat.com/security/cve/CVE-2025-22873", + "https://go.dev/cl/670036", + "https://go.dev/issue/73555", + "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", + "https://pkg.go.dev/vuln/GO-2026-4403", + "https://www.cve.org/CVERecord?id=CVE-2025-22873" + ], + "PublishedDate": "2026-02-04T23:15:54.22Z", + "LastModifiedDate": "2026-02-10T15:16:40.057Z" + }, + { + "VulnerabilityID": "CVE-2025-4673", + "VendorIDs": [ + "GO-2025-3751" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5c91e4fd9a76acfe823b6e3fec59ef1a1cc667a1960f73203cce377535c3b1fd", + "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", + "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:15887", + "https://access.redhat.com/security/cve/CVE-2025-4673", + "https://bugzilla.redhat.com/2373305", + "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", + "https://errata.almalinux.org/9/ALSA-2025-15887.html", + "https://errata.rockylinux.org/RLSA-2025:15887", + "https://go.dev/cl/679257", + "https://go.dev/issue/73816", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://linux.oracle.com/cve/CVE-2025-4673.html", + "https://linux.oracle.com/errata/ELSA-2025-10677.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", + "https://pkg.go.dev/vuln/GO-2025-3751", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-4673" + ], + "PublishedDate": "2025-06-11T17:15:42.993Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-47906", + "VendorIDs": [ + "GO-2025-3956" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b6b9cffca5ca6b70aa069b499d70ec5dc0016af850fafa9c251f5e30aa821cde", + "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", + "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:22005", + "https://access.redhat.com/security/cve/CVE-2025-47906", + "https://bugzilla.redhat.com/2396546", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", + "https://errata.almalinux.org/9/ALSA-2025-22005.html", + "https://errata.rockylinux.org/RLSA-2025:22005", + "https://go.dev/cl/691775", + "https://go.dev/issue/74466", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47906.html", + "https://linux.oracle.com/errata/ELSA-2025-22668.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", + "https://pkg.go.dev/vuln/GO-2025-3956", + "https://www.cve.org/CVERecord?id=CVE-2025-47906" + ], + "PublishedDate": "2025-09-18T19:15:37.66Z", + "LastModifiedDate": "2026-01-27T19:56:17.707Z" + }, + { + "VulnerabilityID": "CVE-2025-47907", + "VendorIDs": [ + "GO-2025-3849" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:957b47b92caea30c5a20bdae1971ba3422ff6ac65690704d2028bbb4e6d93226", + "Title": "database/sql: Postgres Scan Race Condition", + "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:20909", + "https://access.redhat.com/security/cve/CVE-2025-47907", + "https://bugzilla.redhat.com/2387083", + "https://bugzilla.redhat.com/2393152", + "https://errata.almalinux.org/9/ALSA-2025-20909.html", + "https://go.dev/cl/693735", + "https://go.dev/issue/74831", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47907.html", + "https://linux.oracle.com/errata/ELSA-2025-20983.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", + "https://pkg.go.dev/vuln/GO-2025-3849", + "https://www.cve.org/CVERecord?id=CVE-2025-47907" + ], + "PublishedDate": "2025-08-07T16:15:30.357Z", + "LastModifiedDate": "2026-01-29T19:11:50.67Z" + }, + { + "VulnerabilityID": "CVE-2025-47912", + "VendorIDs": [ + "GO-2025-4010" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5b7e31ce6654356bf991da6242ee5224ce9c8a1a25d0d398073b697d0d4553e1", + "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", + "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-47912", + "https://go.dev/cl/709857", + "https://go.dev/issue/75678", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", + "https://pkg.go.dev/vuln/GO-2025-4010", + "https://www.cve.org/CVERecord?id=CVE-2025-47912" + ], + "PublishedDate": "2025-10-29T23:16:18.187Z", + "LastModifiedDate": "2026-01-29T13:57:18.69Z" + }, + { + "VulnerabilityID": "CVE-2025-58183", + "VendorIDs": [ + "GO-2025-4014" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:26f3683659b6d23b903513bc38fd9dc0ab5a97b9dd3939b562adbf8710a7d6db", + "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", + "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/errata/RHSA-2026:1381", + "https://access.redhat.com/security/cve/CVE-2025-58183", + "https://bugzilla.redhat.com/2407258", + "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", + "https://errata.almalinux.org/9/ALSA-2026-1381.html", + "https://errata.rockylinux.org/RLSA-2025:23326", + "https://go.dev/cl/709861", + "https://go.dev/issue/75677", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://linux.oracle.com/cve/CVE-2025-58183.html", + "https://linux.oracle.com/errata/ELSA-2026-50076.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", + "https://pkg.go.dev/vuln/GO-2025-4014", + "https://www.cve.org/CVERecord?id=CVE-2025-58183" + ], + "PublishedDate": "2025-10-29T23:16:19.357Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-58185", + "VendorIDs": [ + "GO-2025-4011" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3add98952fa224b80d4c1ffd250f0cfb77aeae99616bae59493f069cbdd020ce", + "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", + "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58185", + "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", + "https://go.dev/cl/709856", + "https://go.dev/issue/75671", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", + "https://pkg.go.dev/vuln/GO-2025-4011", + "https://www.cve.org/CVERecord?id=CVE-2025-58185" + ], + "PublishedDate": "2025-10-29T23:16:19.45Z", + "LastModifiedDate": "2026-02-06T20:26:41.997Z" + }, + { + "VulnerabilityID": "CVE-2025-58187", + "VendorIDs": [ + "GO-2025-4007" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.9, 1.25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6221e937d05c2864bd6bb2dc3c53115f97d81ebf8fd9f342d00438ab8f27f258", + "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", + "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58187", + "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", + "https://go.dev/cl/709854", + "https://go.dev/issue/75681", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", + "https://pkg.go.dev/vuln/GO-2025-4007", + "https://www.cve.org/CVERecord?id=CVE-2025-58187" + ], + "PublishedDate": "2025-10-29T23:16:19.643Z", + "LastModifiedDate": "2026-01-29T16:02:27.08Z" + }, + { + "VulnerabilityID": "CVE-2025-58188", + "VendorIDs": [ + "GO-2025-4013" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:cfa57f3e05f6437ce97204f89f35befd9420b14d939a7e7a33aa08f2f38c7843", + "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", + "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58188", + "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", + "https://go.dev/cl/709853", + "https://go.dev/issue/75675", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", + "https://pkg.go.dev/vuln/GO-2025-4013", + "https://www.cve.org/CVERecord?id=CVE-2025-58188" + ], + "PublishedDate": "2025-10-29T23:16:19.74Z", + "LastModifiedDate": "2026-01-29T15:55:11.97Z" + }, + { + "VulnerabilityID": "CVE-2025-58189", + "VendorIDs": [ + "GO-2025-4008" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a6aafc1960afa4f843f8b57d755727989eeb2ba3aada897b6e63108626261904", + "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", + "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-532" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58189", + "https://go.dev/cl/707776", + "https://go.dev/issue/75652", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", + "https://pkg.go.dev/vuln/GO-2025-4008", + "https://www.cve.org/CVERecord?id=CVE-2025-58189" + ], + "PublishedDate": "2025-10-29T23:16:19.833Z", + "LastModifiedDate": "2026-01-29T15:49:24.543Z" + }, + { + "VulnerabilityID": "CVE-2025-61723", + "VendorIDs": [ + "GO-2025-4009" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:98e262117166ca75d1f59d8c39642fd9a1fcc8ad8681dcd47afcd9f2533cee80", + "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", + "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61723", + "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", + "https://go.dev/cl/709858", + "https://go.dev/issue/75676", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", + "https://pkg.go.dev/vuln/GO-2025-4009", + "https://www.cve.org/CVERecord?id=CVE-2025-61723" + ], + "PublishedDate": "2025-10-29T23:16:19.927Z", + "LastModifiedDate": "2026-01-29T15:49:05.343Z" + }, + { + "VulnerabilityID": "CVE-2025-61724", + "VendorIDs": [ + "GO-2025-4015" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:453b8fc13857014f95220c866590f031d6cda2b9a180d004b8a938566058c6ea", + "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", + "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61724", + "https://go.dev/cl/709859", + "https://go.dev/issue/75716", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", + "https://pkg.go.dev/vuln/GO-2025-4015", + "https://www.cve.org/CVERecord?id=CVE-2025-61724" + ], + "PublishedDate": "2025-10-29T23:16:20.02Z", + "LastModifiedDate": "2026-01-29T15:30:53.69Z" + }, + { + "VulnerabilityID": "CVE-2025-61725", + "VendorIDs": [ + "GO-2025-4006" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:782057f0693bdb1f7f58d4e421b320da28c5088dae9a0840a6d7fa17ccc99614", + "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", + "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61725", + "https://go.dev/cl/709860", + "https://go.dev/issue/75680", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", + "https://pkg.go.dev/vuln/GO-2025-4006", + "https://www.cve.org/CVERecord?id=CVE-2025-61725" + ], + "PublishedDate": "2025-10-29T23:16:20.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61727", + "VendorIDs": [ + "GO-2025-4175" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6206511f6f1d73f83577debfce16ccdced127090afff50954041e3f5616bff26", + "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", + "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61727", + "https://go.dev/cl/723900", + "https://go.dev/issue/76442", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", + "https://pkg.go.dev/vuln/GO-2025-4175", + "https://www.cve.org/CVERecord?id=CVE-2025-61727" + ], + "PublishedDate": "2025-12-03T20:16:25.607Z", + "LastModifiedDate": "2025-12-18T20:15:10.957Z" + }, + { + "VulnerabilityID": "CVE-2025-61728", + "VendorIDs": [ + "GO-2026-4342" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f569d53f380a167acff9df4a5d1d5c587802f29bd5c998987e6585930beb9821", + "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", + "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/15/4", + "https://access.redhat.com/errata/RHSA-2026:3753", + "https://access.redhat.com/security/cve/CVE-2025-61728", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434431", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3753.html", + "https://errata.rockylinux.org/RLSA-2026:3337", + "https://go.dev/cl/736713", + "https://go.dev/issue/77102", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61728.html", + "https://linux.oracle.com/errata/ELSA-2026-4672.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", + "https://pkg.go.dev/vuln/GO-2026-4342", + "https://www.cve.org/CVERecord?id=CVE-2025-61728" + ], + "PublishedDate": "2026-01-28T20:16:09.83Z", + "LastModifiedDate": "2026-02-06T18:45:10.42Z" + }, + { + "VulnerabilityID": "CVE-2025-61730", + "VendorIDs": [ + "GO-2026-4340" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:df66b0e3389c82664171428c2ce2831fcd713c21fc1810965397bcd924335c57", + "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", + "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "bitnami": 2, + "cbl-mariner": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61730", + "https://go.dev/cl/724120", + "https://go.dev/issue/76443", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", + "https://pkg.go.dev/vuln/GO-2026-4340", + "https://www.cve.org/CVERecord?id=CVE-2025-61730" + ], + "PublishedDate": "2026-01-28T20:16:09.94Z", + "LastModifiedDate": "2026-02-03T20:36:41.3Z" + }, + { + "VulnerabilityID": "CVE-2026-27142", + "VendorIDs": [ + "GO-2026-4603" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:eb28418183119f561a5fae648c1de99f9d6d598420efb1ec2c63b40c76a227d3", + "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", + "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27142", + "https://go.dev/cl/752081", + "https://go.dev/issue/77954", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", + "https://pkg.go.dev/vuln/GO-2026-4603", + "https://www.cve.org/CVERecord?id=CVE-2026-27142" + ], + "PublishedDate": "2026-03-06T22:16:01.177Z", + "LastModifiedDate": "2026-04-21T14:30:01.38Z" + }, + { + "VulnerabilityID": "CVE-2026-32282", + "VendorIDs": [ + "GO-2026-4864" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:55201a898329dd656fd5d526225d23defc384bc9307d6cfd068c633580e0b268", + "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", + "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32282", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763761", + "https://go.dev/issue/78293", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32282.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", + "https://pkg.go.dev/vuln/GO-2026-4864", + "https://www.cve.org/CVERecord?id=CVE-2026-32282" + ], + "PublishedDate": "2026-04-08T02:16:03.467Z", + "LastModifiedDate": "2026-04-16T19:15:39.4Z" + }, + { + "VulnerabilityID": "CVE-2026-32288", + "VendorIDs": [ + "GO-2026-4869" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4fa1d5931d64ffaddeed4f274e3f068e14995dacc9b068fcad5fad9111027105", + "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", + "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32288", + "https://go.dev/cl/763766", + "https://go.dev/issue/78301", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", + "https://pkg.go.dev/vuln/GO-2026-4869", + "https://www.cve.org/CVERecord?id=CVE-2026-32288" + ], + "PublishedDate": "2026-04-08T02:16:03.707Z", + "LastModifiedDate": "2026-04-16T19:08:52.24Z" + }, + { + "VulnerabilityID": "CVE-2026-32289", + "VendorIDs": [ + "GO-2026-4865" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:efb28f6d50e07a11dd5317d05b1cd20e89dae69c2c3cf92f0224fdb98f31376f", + "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", + "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32289", + "https://go.dev/cl/763762", + "https://go.dev/issue/78331", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", + "https://pkg.go.dev/vuln/GO-2026-4865", + "https://www.cve.org/CVERecord?id=CVE-2026-32289" + ], + "PublishedDate": "2026-04-08T02:16:03.82Z", + "LastModifiedDate": "2026-04-16T19:06:57.367Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8e00e230f2f471bb84731e0ea4b1556a339e803e368a38083a1971836cc98139", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b13b028b908425e894c7173419e77012837f72a2b5e068ed0682d6cdafeffef4", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:15640cacc7629040cea94faba3388e2db9327f78d2ed2b9b76a31b4907003594", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + } + ] + }, + { + "Namespace": "gitea", + "Kind": "CronJob", + "Name": "mariadb-backup-job", + "Metadata": [ + { + "Size": 401847808, + "OS": { + "Family": "ubuntu", + "Name": "20.04", + "EOSL": true + }, + "ImageID": "sha256:895b6c8829c35f8081afd5229fe4a2e179a646fd96b807e5fb784cd09fd2483b", + "DiffIDs": [ + "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20", + "sha256:e5e0f54fc85f7dd4bb1311ea35493d640d9719c2facc78564a3c2eaae0ebc462", + "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227", + "sha256:b03ce6585035a7adcce2a273ac32c43e38ab714d791e5e1a67078c836ccc375b", + "sha256:992908eeb145870620987b7a9ecd1538fab185fe01e3a9ec38766480c7dc0f10", + "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d", + "sha256:7cf9fe3aa27d644bd193db2cdd9319617e8bdcded73f5bf257a1495d8b57ea92", + "sha256:1c44195f988bba0f2987beb739f7285d767671f28dbb816fc259c9b1c21d0cf9" + ], + "RepoTags": [ + "mariadb:10.7.8" + ], + "RepoDigests": [ + "mariadb@sha256:9a48ac9f196f3d4fd6fea2cab59a49df9e7ca459bf14b2f7b85a0e38a5454571" + ], + "Reference": "mariadb:10.7.8", + "ImageConfig": { + "architecture": "amd64", + "container": "8b22bdca404ecc0b289883de74130ad53c4db8207f83e1a3eba910d5c9a18969", + "created": "2023-04-18T02:26:04.354855496Z", + "docker_version": "20.10.23", + "history": [ + { + "created": "2023-04-13T13:05:13.496726073Z", + "created_by": "/bin/sh -c #(nop) ARG RELEASE", + "empty_layer": true + }, + { + "created": "2023-04-13T13:05:13.557712287Z", + "created_by": "/bin/sh -c #(nop) ARG LAUNCHPAD_BUILD_ARCH", + "empty_layer": true + }, + { + "created": "2023-04-13T13:05:13.637326115Z", + "created_by": "/bin/sh -c #(nop) LABEL org.opencontainers.image.ref.name=ubuntu", + "empty_layer": true + }, + { + "created": "2023-04-13T13:05:13.704319522Z", + "created_by": "/bin/sh -c #(nop) LABEL org.opencontainers.image.version=20.04", + "empty_layer": true + }, + { + "created": "2023-04-13T13:05:15.451478418Z", + "created_by": "/bin/sh -c #(nop) ADD file:d05d1c0936b046937bd5755876db2f8da3ed8ccbcf464bb56c312fbc7ed78589 in / " + }, + { + "created": "2023-04-13T13:05:15.714908196Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]", + "empty_layer": true + }, + { + "created": "2023-04-18T02:25:16.913240864Z", + "created_by": "/bin/sh -c groupadd -r mysql \u0026\u0026 useradd -r -g mysql mysql" + }, + { + "created": "2023-04-18T02:25:16.997468606Z", + "created_by": "/bin/sh -c #(nop) ENV GOSU_VERSION=1.14", + "empty_layer": true + }, + { + "created": "2023-04-18T02:25:17.08103298Z", + "created_by": "/bin/sh -c #(nop) ARG GPG_KEYS=177F4010FE56CA3336300305F1656F24C74CD1D8", + "empty_layer": true + }, + { + "created": "2023-04-18T02:25:35.975629558Z", + "created_by": "|1 GPG_KEYS=177F4010FE56CA3336300305F1656F24C74CD1D8 /bin/sh -c set -eux; \tapt-get update; \tDEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \t\tca-certificates \t\tgpg \t\tgpgv \t\tlibjemalloc2 \t\tpwgen \t\ttzdata \t\txz-utils \t\tzstd ; \tsavedAptMark=\"$(apt-mark showmanual)\"; \tapt-get install -y --no-install-recommends \t\tdirmngr \t\tgpg-agent \t\twget; \trm -rf /var/lib/apt/lists/*; \tdpkgArch=\"$(dpkg --print-architecture | awk -F- '{ print $NF }')\"; \twget -q -O /usr/local/bin/gosu \"https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch\"; \twget -q -O /usr/local/bin/gosu.asc \"https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc\"; \tGNUPGHOME=\"$(mktemp -d)\"; \texport GNUPGHOME; \tgpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \tfor key in $GPG_KEYS; do \t\tgpg --batch --keyserver keyserver.ubuntu.com --recv-keys \"$key\"; \tdone; \tgpg --batch --export \"$GPG_KEYS\" \u003e /etc/apt/trusted.gpg.d/mariadb.gpg; \tif command -v gpgconf \u003e/dev/null; then \t\tgpgconf --kill all; \tfi; \tgpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \tgpgconf --kill all; \trm -rf \"$GNUPGHOME\" /usr/local/bin/gosu.asc; \tapt-mark auto '.*' \u003e /dev/null; \t[ -z \"$savedAptMark\" ] ||\tapt-mark manual $savedAptMark \u003e/dev/null; \tapt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \tchmod +x /usr/local/bin/gosu; \tgosu --version; \tgosu nobody true" + }, + { + "created": "2023-04-18T02:25:36.54142562Z", + "created_by": "|1 GPG_KEYS=177F4010FE56CA3336300305F1656F24C74CD1D8 /bin/sh -c mkdir /docker-entrypoint-initdb.d" + }, + { + "created": "2023-04-18T02:25:36.622581314Z", + "created_by": "/bin/sh -c #(nop) ENV LANG=C.UTF-8", + "empty_layer": true + }, + { + "created": "2023-04-18T02:25:36.704840537Z", + "created_by": "/bin/sh -c #(nop) LABEL org.opencontainers.image.authors=MariaDB Community org.opencontainers.image.title=MariaDB Database org.opencontainers.image.description=MariaDB Database for relational SQL org.opencontainers.image.documentation=https://hub.docker.com/_/mariadb/ org.opencontainers.image.base.name=docker.io/library/ubuntu:focal org.opencontainers.image.licenses=GPL-2.0 org.opencontainers.image.source=https://github.com/MariaDB/mariadb-docker org.opencontainers.image.vendor=MariaDB Community org.opencontainers.image.version=10.7.8 org.opencontainers.image.url=https://github.com/MariaDB/mariadb-docker", + "empty_layer": true + }, + { + "created": "2023-04-18T02:25:36.790323935Z", + "created_by": "/bin/sh -c #(nop) ARG MARIADB_MAJOR=10.7", + "empty_layer": true + }, + { + "created": "2023-04-18T02:25:36.876741874Z", + "created_by": "/bin/sh -c #(nop) ENV MARIADB_MAJOR=10.7", + "empty_layer": true + }, + { + "created": "2023-04-18T02:25:36.965346145Z", + "created_by": "/bin/sh -c #(nop) ARG MARIADB_VERSION=1:10.7.8+maria~ubu2004", + "empty_layer": true + }, + { + "created": "2023-04-18T02:25:37.049419355Z", + "created_by": "/bin/sh -c #(nop) ENV MARIADB_VERSION=1:10.7.8+maria~ubu2004", + "empty_layer": true + }, + { + "created": "2023-04-18T02:25:37.132419958Z", + "created_by": "/bin/sh -c #(nop) ARG REPOSITORY=http://archive.mariadb.org/mariadb-10.7.8/repo/ubuntu/ focal main", + "empty_layer": true + }, + { + "created": "2023-04-18T02:25:37.636803336Z", + "created_by": "|2 GPG_KEYS=177F4010FE56CA3336300305F1656F24C74CD1D8 REPOSITORY=http://archive.mariadb.org/mariadb-10.7.8/repo/ubuntu/ focal main /bin/sh -c set -e;\techo \"deb ${REPOSITORY}\" \u003e /etc/apt/sources.list.d/mariadb.list; \t{ \t\techo 'Package: *'; \t\techo 'Pin: release o=MariaDB'; \t\techo 'Pin-Priority: 999'; \t} \u003e /etc/apt/preferences.d/mariadb" + }, + { + "created": "2023-04-18T02:26:03.284314995Z", + "created_by": "|2 GPG_KEYS=177F4010FE56CA3336300305F1656F24C74CD1D8 REPOSITORY=http://archive.mariadb.org/mariadb-10.7.8/repo/ubuntu/ focal main /bin/sh -c set -ex; \t{ \t\techo \"mariadb-server-$MARIADB_MAJOR\" mysql-server/root_password password 'unused'; \t\techo \"mariadb-server-$MARIADB_MAJOR\" mysql-server/root_password_again password 'unused'; \t} | debconf-set-selections; \tapt-get update; \tapt-get install -y --no-install-recommends mariadb-server=\"$MARIADB_VERSION\" mariadb-backup socat \t; \trm -rf /var/lib/apt/lists/*; \trm -rf /var/lib/mysql; \tmkdir -p /var/lib/mysql /var/run/mysqld; \tchown -R mysql:mysql /var/lib/mysql /var/run/mysqld; \tchmod 777 /var/run/mysqld; \tfind /etc/mysql/ -name '*.cnf' -print0 \t\t| xargs -0 grep -lZE '^(bind-address|log|user\\s)' \t\t| xargs -rt -0 sed -Ei 's/^(bind-address|log|user\\s)/#\u0026/'; \tprintf \"[mariadb]\\nhost-cache-size=0\\nskip-name-resolve\\n\" \u003e /etc/mysql/mariadb.conf.d/05-skipcache.cnf; \tif [ -L /etc/mysql/my.cnf ]; then \t\tsed -i -e '/includedir/ {N;s/\\(.*\\)\\n\\(.*\\)/\\n\\2\\n\\1/}' /etc/mysql/mariadb.cnf; \tfi" + }, + { + "created": "2023-04-18T02:26:03.894441855Z", + "created_by": "/bin/sh -c #(nop) VOLUME [/var/lib/mysql]", + "empty_layer": true + }, + { + "created": "2023-04-18T02:26:03.995686971Z", + "created_by": "/bin/sh -c #(nop) COPY file:cee75098a882f7d33ad2c4c4325b29adc56fc66450e6cee3711d5a1af1bda714 in /usr/local/bin/healthcheck.sh " + }, + { + "created": "2023-04-18T02:26:04.091124973Z", + "created_by": "/bin/sh -c #(nop) COPY file:ebdfbcbc74dda1874f1c75d86e1c32733edb402d13440b2b7140a952010bc21f in /usr/local/bin/ " + }, + { + "created": "2023-04-18T02:26:04.176557383Z", + "created_by": "/bin/sh -c #(nop) ENTRYPOINT [\"docker-entrypoint.sh\"]", + "empty_layer": true + }, + { + "created": "2023-04-18T02:26:04.26544875Z", + "created_by": "/bin/sh -c #(nop) EXPOSE 3306", + "empty_layer": true + }, + { + "created": "2023-04-18T02:26:04.354855496Z", + "created_by": "/bin/sh -c #(nop) CMD [\"mariadbd\"]", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20", + "sha256:e5e0f54fc85f7dd4bb1311ea35493d640d9719c2facc78564a3c2eaae0ebc462", + "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227", + "sha256:b03ce6585035a7adcce2a273ac32c43e38ab714d791e5e1a67078c836ccc375b", + "sha256:992908eeb145870620987b7a9ecd1538fab185fe01e3a9ec38766480c7dc0f10", + "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d", + "sha256:7cf9fe3aa27d644bd193db2cdd9319617e8bdcded73f5bf257a1495d8b57ea92", + "sha256:1c44195f988bba0f2987beb739f7285d767671f28dbb816fc259c9b1c21d0cf9" + ] + }, + "config": { + "Cmd": [ + "mariadbd" + ], + "Entrypoint": [ + "docker-entrypoint.sh" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "GOSU_VERSION=1.14", + "LANG=C.UTF-8", + "MARIADB_MAJOR=10.7", + "MARIADB_VERSION=1:10.7.8+maria~ubu2004" + ], + "Image": "sha256:debc8f5123f31a10ce40605b47621d700f71022f610514046e34b9530cf8415b", + "Labels": { + "org.opencontainers.image.authors": "MariaDB Community", + "org.opencontainers.image.base.name": "docker.io/library/ubuntu:focal", + "org.opencontainers.image.description": "MariaDB Database for relational SQL", + "org.opencontainers.image.documentation": "https://hub.docker.com/_/mariadb/", + "org.opencontainers.image.licenses": "GPL-2.0", + "org.opencontainers.image.ref.name": "ubuntu", + "org.opencontainers.image.source": "https://github.com/MariaDB/mariadb-docker", + "org.opencontainers.image.title": "MariaDB Database", + "org.opencontainers.image.url": "https://github.com/MariaDB/mariadb-docker", + "org.opencontainers.image.vendor": "MariaDB Community", + "org.opencontainers.image.version": "10.7.8" + }, + "Volumes": { + "/var/lib/mysql": {} + }, + "ExposedPorts": { + "3306/tcp": {} + } + } + }, + "Layers": [ + { + "Size": 75160576, + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + { + "Size": 338432, + "Digest": "sha256:b8bc823a83fdf1329ae53f092d8f3641a60f92ee9f69e8785f5a3fd046eee30f", + "DiffID": "sha256:e5e0f54fc85f7dd4bb1311ea35493d640d9719c2facc78564a3c2eaae0ebc462" + }, + { + "Size": 19365376, + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + { + "Size": 2048, + "Digest": "sha256:b5660ff630580a5fee05c112e916f0bbca3234820aea68e604a23dba51f23d65", + "DiffID": "sha256:b03ce6585035a7adcce2a273ac32c43e38ab714d791e5e1a67078c836ccc375b" + }, + { + "Size": 5120, + "Digest": "sha256:8b13582f0741982078be0add491f4d0662adad57d09a34a8abb34b7bc5be8896", + "DiffID": "sha256:992908eeb145870620987b7a9ecd1538fab185fe01e3a9ec38766480c7dc0f10" + }, + { + "Size": 306940928, + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + { + "Size": 12288, + "Digest": "sha256:6e4fbbea63e0936e45c5f62878243de963a19e359da68f8c9c9a189fd8568420", + "DiffID": "sha256:7cf9fe3aa27d644bd193db2cdd9319617e8bdcded73f5bf257a1495d8b57ea92" + }, + { + "Size": 23040, + "Digest": "sha256:d3da1767155997ce7c8d108928c0ef1e3f3395a12cb611f0858d12a80c8af674", + "DiffID": "sha256:1c44195f988bba0f2987beb739f7285d767671f28dbb816fc259c9b1c21d0cf9" + } + ] + } + ], + "Results": [ + { + "Target": "mariadb:10.7.8 (ubuntu 20.04)", + "Class": "os-pkgs", + "Type": "ubuntu", + "Packages": [ + { + "ID": "adduser@3.118ubuntu2", + "Name": "adduser", + "Identifier": { + "PURL": "pkg:deb/ubuntu/adduser@3.118ubuntu2?arch=all\u0026distro=ubuntu-20.04", + "UID": "1305e599e05e2743" + }, + "Version": "3.118ubuntu2", + "Arch": "all", + "SrcName": "adduser", + "SrcVersion": "3.118ubuntu2", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Core Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.73", + "passwd@1:4.8.1-1ubuntu5.20.04.4" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/sbin/adduser", + "/usr/sbin/deluser", + "/usr/share/adduser/adduser.conf", + "/usr/share/doc/adduser/TODO", + "/usr/share/doc/adduser/changelog.gz", + "/usr/share/doc/adduser/copyright", + "/usr/share/doc/adduser/examples/INSTALL", + "/usr/share/doc/adduser/examples/README.gz", + "/usr/share/doc/adduser/examples/adduser.local", + "/usr/share/doc/adduser/examples/adduser.local.conf", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/adduser.conf", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/bash.bashrc", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/profile", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel.other/index.html", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_logout", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_profile", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bashrc", + "/usr/share/man/da/man5/adduser.conf.5.gz", + "/usr/share/man/da/man5/deluser.conf.5.gz", + "/usr/share/man/da/man8/adduser.8.gz", + "/usr/share/man/da/man8/deluser.8.gz", + "/usr/share/man/de/man5/adduser.conf.5.gz", + "/usr/share/man/de/man5/deluser.conf.5.gz", + "/usr/share/man/de/man8/adduser.8.gz", + "/usr/share/man/de/man8/deluser.8.gz", + "/usr/share/man/es/man5/adduser.conf.5.gz", + "/usr/share/man/es/man5/deluser.conf.5.gz", + "/usr/share/man/es/man8/adduser.8.gz", + "/usr/share/man/es/man8/deluser.8.gz", + "/usr/share/man/fr/man5/adduser.conf.5.gz", + "/usr/share/man/fr/man5/deluser.conf.5.gz", + "/usr/share/man/fr/man8/adduser.8.gz", + "/usr/share/man/fr/man8/deluser.8.gz", + "/usr/share/man/it/man5/adduser.conf.5.gz", + "/usr/share/man/it/man5/deluser.conf.5.gz", + "/usr/share/man/it/man8/adduser.8.gz", + "/usr/share/man/it/man8/deluser.8.gz", + "/usr/share/man/man5/adduser.conf.5.gz", + "/usr/share/man/man5/deluser.conf.5.gz", + "/usr/share/man/man8/adduser.8.gz", + "/usr/share/man/man8/deluser.8.gz", + "/usr/share/man/pl/man5/adduser.conf.5.gz", + "/usr/share/man/pl/man5/deluser.conf.5.gz", + "/usr/share/man/pl/man8/adduser.8.gz", + "/usr/share/man/pl/man8/deluser.8.gz", + "/usr/share/man/pt/man5/adduser.conf.5.gz", + "/usr/share/man/pt/man5/deluser.conf.5.gz", + "/usr/share/man/pt/man8/adduser.8.gz", + "/usr/share/man/pt/man8/deluser.8.gz", + "/usr/share/man/ru/man5/adduser.conf.5.gz", + "/usr/share/man/ru/man5/deluser.conf.5.gz", + "/usr/share/man/ru/man8/adduser.8.gz", + "/usr/share/man/ru/man8/deluser.8.gz", + "/usr/share/man/sv/man5/adduser.conf.5.gz", + "/usr/share/man/sv/man5/deluser.conf.5.gz", + "/usr/share/man/sv/man8/adduser.8.gz", + "/usr/share/man/sv/man8/deluser.8.gz", + "/usr/share/perl5/Debian/AdduserCommon.pm" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "apt@2.0.9", + "Name": "apt", + "Identifier": { + "PURL": "pkg:deb/ubuntu/apt@2.0.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a4e6a5232e3c5d53" + }, + "Version": "2.0.9", + "Arch": "amd64", + "SrcName": "apt", + "SrcVersion": "2.0.9", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "adduser@3.118ubuntu2", + "gpgv@2.2.19-3ubuntu2.2", + "libapt-pkg6.0@2.0.9", + "libc6@2.31-0ubuntu9.9", + "libgcc-s1@10.3.0-1ubuntu1~20.04", + "libgnutls30@3.6.13-2ubuntu1.8", + "libseccomp2@2.5.1-1ubuntu1~20.04.2", + "libstdc++6@10.3.0-1ubuntu1~20.04", + "libsystemd0@245.4-4ubuntu3.21", + "ubuntu-keyring@2020.02.11.4" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/systemd/system/apt-daily-upgrade.service", + "/lib/systemd/system/apt-daily-upgrade.timer", + "/lib/systemd/system/apt-daily.service", + "/lib/systemd/system/apt-daily.timer", + "/usr/bin/apt", + "/usr/bin/apt-cache", + "/usr/bin/apt-cdrom", + "/usr/bin/apt-config", + "/usr/bin/apt-get", + "/usr/bin/apt-key", + "/usr/bin/apt-mark", + "/usr/lib/apt/apt-helper", + "/usr/lib/apt/apt.systemd.daily", + "/usr/lib/apt/methods/cdrom", + "/usr/lib/apt/methods/copy", + "/usr/lib/apt/methods/file", + "/usr/lib/apt/methods/ftp", + "/usr/lib/apt/methods/gpgv", + "/usr/lib/apt/methods/http", + "/usr/lib/apt/methods/mirror", + "/usr/lib/apt/methods/rred", + "/usr/lib/apt/methods/rsh", + "/usr/lib/apt/methods/store", + "/usr/lib/apt/solvers/dump", + "/usr/lib/dpkg/methods/apt/desc.apt", + "/usr/lib/dpkg/methods/apt/install", + "/usr/lib/dpkg/methods/apt/names", + "/usr/lib/dpkg/methods/apt/setup", + "/usr/lib/dpkg/methods/apt/update", + "/usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0", + "/usr/share/bash-completion/completions/apt", + "/usr/share/bug/apt/script", + "/usr/share/doc/apt/copyright", + "/usr/share/doc/apt/examples/apt.conf", + "/usr/share/doc/apt/examples/configure-index", + "/usr/share/doc/apt/examples/preferences", + "/usr/share/doc/apt/examples/sources.list", + "/usr/share/lintian/overrides/apt", + "/usr/share/locale/ar/LC_MESSAGES/apt.mo", + "/usr/share/locale/ast/LC_MESSAGES/apt.mo", + "/usr/share/locale/bg/LC_MESSAGES/apt.mo", + "/usr/share/locale/bs/LC_MESSAGES/apt.mo", + "/usr/share/locale/ca/LC_MESSAGES/apt.mo", + "/usr/share/locale/cs/LC_MESSAGES/apt.mo", + "/usr/share/locale/cy/LC_MESSAGES/apt.mo", + "/usr/share/locale/da/LC_MESSAGES/apt.mo", + "/usr/share/locale/de/LC_MESSAGES/apt.mo", + "/usr/share/locale/dz/LC_MESSAGES/apt.mo", + "/usr/share/locale/el/LC_MESSAGES/apt.mo", + "/usr/share/locale/es/LC_MESSAGES/apt.mo", + "/usr/share/locale/eu/LC_MESSAGES/apt.mo", + "/usr/share/locale/fi/LC_MESSAGES/apt.mo", + "/usr/share/locale/fr/LC_MESSAGES/apt.mo", + "/usr/share/locale/gl/LC_MESSAGES/apt.mo", + "/usr/share/locale/hu/LC_MESSAGES/apt.mo", + "/usr/share/locale/it/LC_MESSAGES/apt.mo", + "/usr/share/locale/ja/LC_MESSAGES/apt.mo", + "/usr/share/locale/km/LC_MESSAGES/apt.mo", + "/usr/share/locale/ko/LC_MESSAGES/apt.mo", + "/usr/share/locale/ku/LC_MESSAGES/apt.mo", + "/usr/share/locale/lt/LC_MESSAGES/apt.mo", + "/usr/share/locale/mr/LC_MESSAGES/apt.mo", + "/usr/share/locale/nb/LC_MESSAGES/apt.mo", + "/usr/share/locale/ne/LC_MESSAGES/apt.mo", + "/usr/share/locale/nl/LC_MESSAGES/apt.mo", + "/usr/share/locale/nn/LC_MESSAGES/apt.mo", + "/usr/share/locale/pl/LC_MESSAGES/apt.mo", + "/usr/share/locale/pt/LC_MESSAGES/apt.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/apt.mo", + "/usr/share/locale/ro/LC_MESSAGES/apt.mo", + "/usr/share/locale/ru/LC_MESSAGES/apt.mo", + "/usr/share/locale/sk/LC_MESSAGES/apt.mo", + "/usr/share/locale/sl/LC_MESSAGES/apt.mo", + "/usr/share/locale/sv/LC_MESSAGES/apt.mo", + "/usr/share/locale/th/LC_MESSAGES/apt.mo", + "/usr/share/locale/tl/LC_MESSAGES/apt.mo", + "/usr/share/locale/tr/LC_MESSAGES/apt.mo", + "/usr/share/locale/uk/LC_MESSAGES/apt.mo", + "/usr/share/locale/vi/LC_MESSAGES/apt.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/apt.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/apt.mo", + "/usr/share/man/de/man1/apt-transport-http.1.gz", + "/usr/share/man/de/man1/apt-transport-https.1.gz", + "/usr/share/man/de/man1/apt-transport-mirror.1.gz", + "/usr/share/man/de/man5/apt.conf.5.gz", + "/usr/share/man/de/man5/apt_auth.conf.5.gz", + "/usr/share/man/de/man5/apt_preferences.5.gz", + "/usr/share/man/de/man5/sources.list.5.gz", + "/usr/share/man/de/man8/apt-cache.8.gz", + "/usr/share/man/de/man8/apt-cdrom.8.gz", + "/usr/share/man/de/man8/apt-config.8.gz", + "/usr/share/man/de/man8/apt-get.8.gz", + "/usr/share/man/de/man8/apt-key.8.gz", + "/usr/share/man/de/man8/apt-mark.8.gz", + "/usr/share/man/de/man8/apt-secure.8.gz", + "/usr/share/man/de/man8/apt.8.gz", + "/usr/share/man/es/man5/apt_preferences.5.gz", + "/usr/share/man/es/man8/apt-cache.8.gz", + "/usr/share/man/es/man8/apt-cdrom.8.gz", + "/usr/share/man/es/man8/apt-config.8.gz", + "/usr/share/man/fr/man1/apt-transport-http.1.gz", + "/usr/share/man/fr/man1/apt-transport-https.1.gz", + "/usr/share/man/fr/man1/apt-transport-mirror.1.gz", + "/usr/share/man/fr/man5/apt.conf.5.gz", + "/usr/share/man/fr/man5/apt_auth.conf.5.gz", + "/usr/share/man/fr/man5/apt_preferences.5.gz", + "/usr/share/man/fr/man5/sources.list.5.gz", + "/usr/share/man/fr/man8/apt-cache.8.gz", + "/usr/share/man/fr/man8/apt-cdrom.8.gz", + "/usr/share/man/fr/man8/apt-config.8.gz", + "/usr/share/man/fr/man8/apt-get.8.gz", + "/usr/share/man/fr/man8/apt-key.8.gz", + "/usr/share/man/fr/man8/apt-mark.8.gz", + "/usr/share/man/fr/man8/apt-secure.8.gz", + "/usr/share/man/fr/man8/apt.8.gz", + "/usr/share/man/it/man5/apt.conf.5.gz", + "/usr/share/man/it/man5/apt_preferences.5.gz", + "/usr/share/man/it/man5/sources.list.5.gz", + "/usr/share/man/it/man8/apt-cache.8.gz", + "/usr/share/man/it/man8/apt-cdrom.8.gz", + "/usr/share/man/it/man8/apt-config.8.gz", + "/usr/share/man/it/man8/apt-get.8.gz", + "/usr/share/man/it/man8/apt-key.8.gz", + "/usr/share/man/it/man8/apt-mark.8.gz", + "/usr/share/man/it/man8/apt-secure.8.gz", + "/usr/share/man/it/man8/apt.8.gz", + "/usr/share/man/ja/man5/apt.conf.5.gz", + "/usr/share/man/ja/man5/apt_preferences.5.gz", + "/usr/share/man/ja/man5/sources.list.5.gz", + "/usr/share/man/ja/man8/apt-cache.8.gz", + "/usr/share/man/ja/man8/apt-cdrom.8.gz", + "/usr/share/man/ja/man8/apt-config.8.gz", + "/usr/share/man/ja/man8/apt-get.8.gz", + "/usr/share/man/ja/man8/apt-key.8.gz", + "/usr/share/man/ja/man8/apt-mark.8.gz", + "/usr/share/man/ja/man8/apt-secure.8.gz", + "/usr/share/man/ja/man8/apt.8.gz", + "/usr/share/man/man1/apt-transport-http.1.gz", + "/usr/share/man/man1/apt-transport-https.1.gz", + "/usr/share/man/man1/apt-transport-mirror.1.gz", + "/usr/share/man/man5/apt.conf.5.gz", + "/usr/share/man/man5/apt_auth.conf.5.gz", + "/usr/share/man/man5/apt_preferences.5.gz", + "/usr/share/man/man5/sources.list.5.gz", + "/usr/share/man/man7/apt-patterns.7.gz", + "/usr/share/man/man8/apt-cache.8.gz", + "/usr/share/man/man8/apt-cdrom.8.gz", + "/usr/share/man/man8/apt-config.8.gz", + "/usr/share/man/man8/apt-get.8.gz", + "/usr/share/man/man8/apt-key.8.gz", + "/usr/share/man/man8/apt-mark.8.gz", + "/usr/share/man/man8/apt-secure.8.gz", + "/usr/share/man/man8/apt.8.gz", + "/usr/share/man/nl/man1/apt-transport-http.1.gz", + "/usr/share/man/nl/man1/apt-transport-https.1.gz", + "/usr/share/man/nl/man1/apt-transport-mirror.1.gz", + "/usr/share/man/nl/man5/apt.conf.5.gz", + "/usr/share/man/nl/man5/apt_auth.conf.5.gz", + "/usr/share/man/nl/man5/apt_preferences.5.gz", + "/usr/share/man/nl/man5/sources.list.5.gz", + "/usr/share/man/nl/man8/apt-cache.8.gz", + "/usr/share/man/nl/man8/apt-cdrom.8.gz", + "/usr/share/man/nl/man8/apt-config.8.gz", + "/usr/share/man/nl/man8/apt-get.8.gz", + "/usr/share/man/nl/man8/apt-key.8.gz", + "/usr/share/man/nl/man8/apt-mark.8.gz", + "/usr/share/man/nl/man8/apt-secure.8.gz", + "/usr/share/man/nl/man8/apt.8.gz", + "/usr/share/man/pl/man5/apt_preferences.5.gz", + "/usr/share/man/pl/man8/apt-cache.8.gz", + "/usr/share/man/pl/man8/apt-cdrom.8.gz", + "/usr/share/man/pl/man8/apt-config.8.gz", + "/usr/share/man/pt/man1/apt-transport-http.1.gz", + "/usr/share/man/pt/man1/apt-transport-https.1.gz", + "/usr/share/man/pt/man1/apt-transport-mirror.1.gz", + "/usr/share/man/pt/man5/apt.conf.5.gz", + "/usr/share/man/pt/man5/apt_auth.conf.5.gz", + "/usr/share/man/pt/man5/apt_preferences.5.gz", + "/usr/share/man/pt/man5/sources.list.5.gz", + "/usr/share/man/pt/man8/apt-cache.8.gz", + "/usr/share/man/pt/man8/apt-cdrom.8.gz", + "/usr/share/man/pt/man8/apt-config.8.gz", + "/usr/share/man/pt/man8/apt-get.8.gz", + "/usr/share/man/pt/man8/apt-key.8.gz", + "/usr/share/man/pt/man8/apt-mark.8.gz", + "/usr/share/man/pt/man8/apt-secure.8.gz", + "/usr/share/man/pt/man8/apt.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "base-files@11ubuntu5.7", + "Name": "base-files", + "Identifier": { + "PURL": "pkg:deb/ubuntu/base-files@11ubuntu5.7?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a5180b5a90fc72da" + }, + "Version": "11ubuntu5.7", + "Arch": "amd64", + "SrcName": "base-files", + "SrcVersion": "11ubuntu5.7", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libcrypt1@1:4.4.10-10ubuntu4" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/systemd/system/motd-news.service", + "/lib/systemd/system/motd-news.timer", + "/usr/bin/locale-check", + "/usr/lib/os-release", + "/usr/share/base-files/dot.bashrc", + "/usr/share/base-files/dot.profile", + "/usr/share/base-files/dot.profile.md5sums", + "/usr/share/base-files/info.dir", + "/usr/share/base-files/motd", + "/usr/share/base-files/networks", + "/usr/share/base-files/profile", + "/usr/share/base-files/profile.md5sums", + "/usr/share/base-files/staff-group-for-usr-local", + "/usr/share/common-licenses/Apache-2.0", + "/usr/share/common-licenses/Artistic", + "/usr/share/common-licenses/BSD", + "/usr/share/common-licenses/CC0-1.0", + "/usr/share/common-licenses/GFDL-1.2", + "/usr/share/common-licenses/GFDL-1.3", + "/usr/share/common-licenses/GPL-1", + "/usr/share/common-licenses/GPL-2", + "/usr/share/common-licenses/GPL-3", + "/usr/share/common-licenses/LGPL-2", + "/usr/share/common-licenses/LGPL-2.1", + "/usr/share/common-licenses/LGPL-3", + "/usr/share/common-licenses/MPL-1.1", + "/usr/share/common-licenses/MPL-2.0", + "/usr/share/doc/base-files/README", + "/usr/share/doc/base-files/README.FHS", + "/usr/share/doc/base-files/changelog.gz", + "/usr/share/doc/base-files/copyright", + "/usr/share/lintian/overrides/base-files" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "base-passwd@3.5.47", + "Name": "base-passwd", + "Identifier": { + "PURL": "pkg:deb/ubuntu/base-passwd@3.5.47?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "39e258627f1fe698" + }, + "Version": "3.5.47", + "Arch": "amd64", + "SrcName": "base-passwd", + "SrcVersion": "3.5.47", + "Licenses": [ + "GPL-2.0-only", + "PD" + ], + "Maintainer": "Colin Watson \u003ccjwatson@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libdebconfclient0@0.251ubuntu1" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/sbin/update-passwd", + "/usr/share/base-passwd/group.master", + "/usr/share/base-passwd/passwd.master", + "/usr/share/doc-base/users-and-groups", + "/usr/share/doc/base-passwd/README", + "/usr/share/doc/base-passwd/changelog.gz", + "/usr/share/doc/base-passwd/copyright", + "/usr/share/doc/base-passwd/users-and-groups.html", + "/usr/share/doc/base-passwd/users-and-groups.txt.gz", + "/usr/share/lintian/overrides/base-passwd", + "/usr/share/man/de/man8/update-passwd.8.gz", + "/usr/share/man/es/man8/update-passwd.8.gz", + "/usr/share/man/fr/man8/update-passwd.8.gz", + "/usr/share/man/ja/man8/update-passwd.8.gz", + "/usr/share/man/man8/update-passwd.8.gz", + "/usr/share/man/pl/man8/update-passwd.8.gz", + "/usr/share/man/ru/man8/update-passwd.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "bash@5.0-6ubuntu1.2", + "Name": "bash", + "Identifier": { + "PURL": "pkg:deb/ubuntu/bash@5.0-6ubuntu1.2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "63630bb56302d371" + }, + "Version": "5.0", + "Release": "6ubuntu1.2", + "Arch": "amd64", + "SrcName": "bash", + "SrcVersion": "5.0", + "SrcRelease": "6ubuntu1.2", + "Licenses": [ + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "base-files@11ubuntu5.7", + "debianutils@4.9.1" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/bin/bash", + "/usr/bin/bashbug", + "/usr/bin/clear_console", + "/usr/share/doc/bash/COMPAT.gz", + "/usr/share/doc/bash/INTRO.gz", + "/usr/share/doc/bash/NEWS.gz", + "/usr/share/doc/bash/POSIX.gz", + "/usr/share/doc/bash/RBASH", + "/usr/share/doc/bash/README.Debian.gz", + "/usr/share/doc/bash/README.abs-guide", + "/usr/share/doc/bash/README.commands.gz", + "/usr/share/doc/bash/README.gz", + "/usr/share/doc/bash/changelog.Debian.gz", + "/usr/share/doc/bash/copyright", + "/usr/share/doc/bash/inputrc.arrows", + "/usr/share/lintian/overrides/bash", + "/usr/share/man/man1/bash.1.gz", + "/usr/share/man/man1/bashbug.1.gz", + "/usr/share/man/man1/clear_console.1.gz", + "/usr/share/man/man1/rbash.1.gz", + "/usr/share/man/man7/bash-builtins.7.gz", + "/usr/share/menu/bash" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "bsdutils@1:2.34-0.1ubuntu9.3", + "Name": "bsdutils", + "Identifier": { + "PURL": "pkg:deb/ubuntu/bsdutils@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "c2f19fe3db589c3b" + }, + "Version": "2.34", + "Release": "0.1ubuntu9.3", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.34", + "SrcRelease": "0.1ubuntu9.3", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "public-domain", + "BSD-4-Clause", + "MIT", + "BSD-2-Clause", + "BSD-3-Clause", + "LGPL-2.0-or-later", + "LGPL-2.1-or-later", + "GPL-3.0-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/bin/logger", + "/usr/bin/renice", + "/usr/bin/script", + "/usr/bin/scriptreplay", + "/usr/bin/wall", + "/usr/share/bash-completion/completions/logger", + "/usr/share/bash-completion/completions/renice", + "/usr/share/bash-completion/completions/script", + "/usr/share/bash-completion/completions/scriptreplay", + "/usr/share/bash-completion/completions/wall", + "/usr/share/doc/bsdutils/changelog.Debian.gz", + "/usr/share/doc/bsdutils/copyright", + "/usr/share/lintian/overrides/bsdutils", + "/usr/share/man/man1/logger.1.gz", + "/usr/share/man/man1/renice.1.gz", + "/usr/share/man/man1/script.1.gz", + "/usr/share/man/man1/scriptreplay.1.gz", + "/usr/share/man/man1/wall.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "bzip2@1.0.8-2", + "Name": "bzip2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/bzip2@1.0.8-2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "8421c1f7cecd080f" + }, + "Version": "1.0.8", + "Release": "2", + "Arch": "amd64", + "SrcName": "bzip2", + "SrcVersion": "1.0.8", + "SrcRelease": "2", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libbz2-1.0@1.0.8-2", + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/bin/bunzip2", + "/bin/bzcat", + "/bin/bzdiff", + "/bin/bzexe", + "/bin/bzgrep", + "/bin/bzip2", + "/bin/bzip2recover", + "/bin/bzmore", + "/usr/share/doc/bzip2/copyright", + "/usr/share/man/man1/bzdiff.1.gz", + "/usr/share/man/man1/bzexe.1.gz", + "/usr/share/man/man1/bzgrep.1.gz", + "/usr/share/man/man1/bzip2.1.gz", + "/usr/share/man/man1/bzmore.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "ca-certificates@20211016ubuntu0.20.04.1", + "Name": "ca-certificates", + "Identifier": { + "PURL": "pkg:deb/ubuntu/ca-certificates@20211016ubuntu0.20.04.1?arch=all\u0026distro=ubuntu-20.04", + "UID": "ef025fc6e4caa49c" + }, + "Version": "20211016ubuntu0.20.04.1", + "Arch": "all", + "SrcName": "ca-certificates", + "SrcVersion": "20211016ubuntu0.20.04.1", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "MPL-2.0" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.73", + "openssl@1.1.1f-1ubuntu2.17" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "InstalledFiles": [ + "/usr/sbin/update-ca-certificates", + "/usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", + "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", + "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", + "/usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", + "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", + "/usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", + "/usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", + "/usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", + "/usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", + "/usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Certigna.crt", + "/usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", + "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", + "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", + "/usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", + "/usr/share/ca-certificates/mozilla/Cybertrust_Global_Root.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", + "/usr/share/ca-certificates/mozilla/E-Tugra_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/EC-ACC.crt", + "/usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", + "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", + "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G4.crt", + "/usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", + "/usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R2.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", + "/usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", + "/usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", + "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt", + "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", + "/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_1.crt", + "/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", + "/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", + "/usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", + "/usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", + "/usr/share/ca-certificates/mozilla/Izenpe.com.crt", + "/usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", + "/usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", + "/usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", + "/usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", + "/usr/share/ca-certificates/mozilla/Network_Solutions_Certificate_Authority.crt", + "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", + "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", + "/usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", + "/usr/share/ca-certificates/mozilla/SecureSign_RootCA11.crt", + "/usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", + "/usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", + "/usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", + "/usr/share/ca-certificates/mozilla/Security_Communication_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Staat_der_Nederlanden_EV_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", + "/usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", + "/usr/share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt", + "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", + "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", + "/usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", + "/usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", + "/usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", + "/usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", + "/usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", + "/usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", + "/usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", + "/usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", + "/usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", + "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", + "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", + "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", + "/usr/share/doc/ca-certificates/README.Debian", + "/usr/share/doc/ca-certificates/changelog.gz", + "/usr/share/doc/ca-certificates/copyright", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/Makefile", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/README", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/ca-certificates-local.triggers", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/changelog", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/compat", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/control", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/copyright", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/postrm", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/rules", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/source/format", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Local_Root_CA.crt", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Makefile", + "/usr/share/man/man8/update-ca-certificates.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "coreutils@8.30-3ubuntu2", + "Name": "coreutils", + "Identifier": { + "PURL": "pkg:deb/ubuntu/coreutils@8.30-3ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "186bbd0abf222082" + }, + "Version": "8.30", + "Release": "3ubuntu2", + "Arch": "amd64", + "SrcName": "coreutils", + "SrcVersion": "8.30", + "SrcRelease": "3ubuntu2", + "Licenses": [ + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/bin/cat", + "/bin/chgrp", + "/bin/chmod", + "/bin/chown", + "/bin/cp", + "/bin/date", + "/bin/dd", + "/bin/df", + "/bin/dir", + "/bin/echo", + "/bin/false", + "/bin/ln", + "/bin/ls", + "/bin/mkdir", + "/bin/mknod", + "/bin/mktemp", + "/bin/mv", + "/bin/pwd", + "/bin/readlink", + "/bin/rm", + "/bin/rmdir", + "/bin/sleep", + "/bin/stty", + "/bin/sync", + "/bin/touch", + "/bin/true", + "/bin/uname", + "/bin/vdir", + "/usr/bin/[", + "/usr/bin/arch", + "/usr/bin/b2sum", + "/usr/bin/base32", + "/usr/bin/base64", + "/usr/bin/basename", + "/usr/bin/chcon", + "/usr/bin/cksum", + "/usr/bin/comm", + "/usr/bin/csplit", + "/usr/bin/cut", + "/usr/bin/dircolors", + "/usr/bin/dirname", + "/usr/bin/du", + "/usr/bin/env", + "/usr/bin/expand", + "/usr/bin/expr", + "/usr/bin/factor", + "/usr/bin/fmt", + "/usr/bin/fold", + "/usr/bin/groups", + "/usr/bin/head", + "/usr/bin/hostid", + "/usr/bin/id", + "/usr/bin/install", + "/usr/bin/join", + "/usr/bin/link", + "/usr/bin/logname", + "/usr/bin/md5sum", + "/usr/bin/mkfifo", + "/usr/bin/nice", + "/usr/bin/nl", + "/usr/bin/nohup", + "/usr/bin/nproc", + "/usr/bin/numfmt", + "/usr/bin/od", + "/usr/bin/paste", + "/usr/bin/pathchk", + "/usr/bin/pinky", + "/usr/bin/pr", + "/usr/bin/printenv", + "/usr/bin/printf", + "/usr/bin/ptx", + "/usr/bin/realpath", + "/usr/bin/runcon", + "/usr/bin/seq", + "/usr/bin/sha1sum", + "/usr/bin/sha224sum", + "/usr/bin/sha256sum", + "/usr/bin/sha384sum", + "/usr/bin/sha512sum", + "/usr/bin/shred", + "/usr/bin/shuf", + "/usr/bin/sort", + "/usr/bin/split", + "/usr/bin/stat", + "/usr/bin/stdbuf", + "/usr/bin/sum", + "/usr/bin/tac", + "/usr/bin/tail", + "/usr/bin/tee", + "/usr/bin/test", + "/usr/bin/timeout", + "/usr/bin/tr", + "/usr/bin/truncate", + "/usr/bin/tsort", + "/usr/bin/tty", + "/usr/bin/unexpand", + "/usr/bin/uniq", + "/usr/bin/unlink", + "/usr/bin/users", + "/usr/bin/wc", + "/usr/bin/who", + "/usr/bin/whoami", + "/usr/bin/yes", + "/usr/lib/x86_64-linux-gnu/coreutils/libstdbuf.so", + "/usr/sbin/chroot", + "/usr/share/doc/coreutils/AUTHORS", + "/usr/share/doc/coreutils/NEWS.Debian.gz", + "/usr/share/doc/coreutils/NEWS.gz", + "/usr/share/doc/coreutils/README.Debian", + "/usr/share/doc/coreutils/README.gz", + "/usr/share/doc/coreutils/THANKS.gz", + "/usr/share/doc/coreutils/TODO.gz", + "/usr/share/doc/coreutils/changelog.Debian.gz", + "/usr/share/doc/coreutils/copyright", + "/usr/share/info/coreutils.info.gz", + "/usr/share/man/man1/arch.1.gz", + "/usr/share/man/man1/b2sum.1.gz", + "/usr/share/man/man1/base32.1.gz", + "/usr/share/man/man1/base64.1.gz", + "/usr/share/man/man1/basename.1.gz", + "/usr/share/man/man1/cat.1.gz", + "/usr/share/man/man1/chcon.1.gz", + "/usr/share/man/man1/chgrp.1.gz", + "/usr/share/man/man1/chmod.1.gz", + "/usr/share/man/man1/chown.1.gz", + "/usr/share/man/man1/cksum.1.gz", + "/usr/share/man/man1/comm.1.gz", + "/usr/share/man/man1/cp.1.gz", + "/usr/share/man/man1/csplit.1.gz", + "/usr/share/man/man1/cut.1.gz", + "/usr/share/man/man1/date.1.gz", + "/usr/share/man/man1/dd.1.gz", + "/usr/share/man/man1/df.1.gz", + "/usr/share/man/man1/dir.1.gz", + "/usr/share/man/man1/dircolors.1.gz", + "/usr/share/man/man1/dirname.1.gz", + "/usr/share/man/man1/du.1.gz", + "/usr/share/man/man1/echo.1.gz", + "/usr/share/man/man1/env.1.gz", + "/usr/share/man/man1/expand.1.gz", + "/usr/share/man/man1/expr.1.gz", + "/usr/share/man/man1/factor.1.gz", + "/usr/share/man/man1/false.1.gz", + "/usr/share/man/man1/fmt.1.gz", + "/usr/share/man/man1/fold.1.gz", + "/usr/share/man/man1/groups.1.gz", + "/usr/share/man/man1/head.1.gz", + "/usr/share/man/man1/hostid.1.gz", + "/usr/share/man/man1/id.1.gz", + "/usr/share/man/man1/install.1.gz", + "/usr/share/man/man1/join.1.gz", + "/usr/share/man/man1/link.1.gz", + "/usr/share/man/man1/ln.1.gz", + "/usr/share/man/man1/logname.1.gz", + "/usr/share/man/man1/ls.1.gz", + "/usr/share/man/man1/md5sum.1.gz", + "/usr/share/man/man1/mkdir.1.gz", + "/usr/share/man/man1/mkfifo.1.gz", + "/usr/share/man/man1/mknod.1.gz", + "/usr/share/man/man1/mktemp.1.gz", + "/usr/share/man/man1/mv.1.gz", + "/usr/share/man/man1/nice.1.gz", + "/usr/share/man/man1/nl.1.gz", + "/usr/share/man/man1/nohup.1.gz", + "/usr/share/man/man1/nproc.1.gz", + "/usr/share/man/man1/numfmt.1.gz", + "/usr/share/man/man1/od.1.gz", + "/usr/share/man/man1/paste.1.gz", + "/usr/share/man/man1/pathchk.1.gz", + "/usr/share/man/man1/pinky.1.gz", + "/usr/share/man/man1/pr.1.gz", + "/usr/share/man/man1/printenv.1.gz", + "/usr/share/man/man1/printf.1.gz", + "/usr/share/man/man1/ptx.1.gz", + "/usr/share/man/man1/pwd.1.gz", + "/usr/share/man/man1/readlink.1.gz", + "/usr/share/man/man1/realpath.1.gz", + "/usr/share/man/man1/rm.1.gz", + "/usr/share/man/man1/rmdir.1.gz", + "/usr/share/man/man1/runcon.1.gz", + "/usr/share/man/man1/seq.1.gz", + "/usr/share/man/man1/sha1sum.1.gz", + "/usr/share/man/man1/sha224sum.1.gz", + "/usr/share/man/man1/sha256sum.1.gz", + "/usr/share/man/man1/sha384sum.1.gz", + "/usr/share/man/man1/sha512sum.1.gz", + "/usr/share/man/man1/shred.1.gz", + "/usr/share/man/man1/shuf.1.gz", + "/usr/share/man/man1/sleep.1.gz", + "/usr/share/man/man1/sort.1.gz", + "/usr/share/man/man1/split.1.gz", + "/usr/share/man/man1/stat.1.gz", + "/usr/share/man/man1/stdbuf.1.gz", + "/usr/share/man/man1/stty.1.gz", + "/usr/share/man/man1/sum.1.gz", + "/usr/share/man/man1/sync.1.gz", + "/usr/share/man/man1/tac.1.gz", + "/usr/share/man/man1/tail.1.gz", + "/usr/share/man/man1/tee.1.gz", + "/usr/share/man/man1/test.1.gz", + "/usr/share/man/man1/timeout.1.gz", + "/usr/share/man/man1/touch.1.gz", + "/usr/share/man/man1/tr.1.gz", + "/usr/share/man/man1/true.1.gz", + "/usr/share/man/man1/truncate.1.gz", + "/usr/share/man/man1/tsort.1.gz", + "/usr/share/man/man1/tty.1.gz", + "/usr/share/man/man1/uname.1.gz", + "/usr/share/man/man1/unexpand.1.gz", + "/usr/share/man/man1/uniq.1.gz", + "/usr/share/man/man1/unlink.1.gz", + "/usr/share/man/man1/users.1.gz", + "/usr/share/man/man1/vdir.1.gz", + "/usr/share/man/man1/wc.1.gz", + "/usr/share/man/man1/who.1.gz", + "/usr/share/man/man1/whoami.1.gz", + "/usr/share/man/man1/yes.1.gz", + "/usr/share/man/man8/chroot.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "dash@0.5.10.2-6", + "Name": "dash", + "Identifier": { + "PURL": "pkg:deb/ubuntu/dash@0.5.10.2-6?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "339907d4c6dfa92b" + }, + "Version": "0.5.10.2", + "Release": "6", + "Arch": "amd64", + "SrcName": "dash", + "SrcVersion": "0.5.10.2", + "SrcRelease": "6", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.73", + "debianutils@4.9.1", + "dpkg@1.19.7ubuntu3.2" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/bin/dash", + "/usr/share/doc/dash/NEWS.Debian.gz", + "/usr/share/doc/dash/README.Debian.diet", + "/usr/share/doc/dash/README.source", + "/usr/share/doc/dash/changelog.Debian.gz", + "/usr/share/doc/dash/copyright", + "/usr/share/lintian/overrides/dash", + "/usr/share/man/man1/dash.1.gz", + "/usr/share/menu/dash" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "debconf@1.5.73", + "Name": "debconf", + "Identifier": { + "PURL": "pkg:deb/ubuntu/debconf@1.5.73?arch=all\u0026distro=ubuntu-20.04", + "UID": "e57d99b341400824" + }, + "Version": "1.5.73", + "Arch": "all", + "SrcName": "debconf", + "SrcVersion": "1.5.73", + "Licenses": [ + "BSD-2-Clause" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/bin/debconf", + "/usr/bin/debconf-apt-progress", + "/usr/bin/debconf-communicate", + "/usr/bin/debconf-copydb", + "/usr/bin/debconf-escape", + "/usr/bin/debconf-set-selections", + "/usr/bin/debconf-show", + "/usr/sbin/dpkg-preconfigure", + "/usr/sbin/dpkg-reconfigure", + "/usr/share/bash-completion/completions/debconf", + "/usr/share/debconf/confmodule", + "/usr/share/debconf/confmodule.sh", + "/usr/share/debconf/debconf.conf", + "/usr/share/debconf/fix_db.pl", + "/usr/share/debconf/frontend", + "/usr/share/debconf/transition_db.pl", + "/usr/share/doc/debconf/NEWS.Debian.gz", + "/usr/share/doc/debconf/README.Debian", + "/usr/share/doc/debconf/changelog.gz", + "/usr/share/doc/debconf/copyright", + "/usr/share/lintian/overrides/debconf", + "/usr/share/man/man1/debconf-apt-progress.1.gz", + "/usr/share/man/man1/debconf-communicate.1.gz", + "/usr/share/man/man1/debconf-copydb.1.gz", + "/usr/share/man/man1/debconf-escape.1.gz", + "/usr/share/man/man1/debconf-set-selections.1.gz", + "/usr/share/man/man1/debconf-show.1.gz", + "/usr/share/man/man1/debconf.1.gz", + "/usr/share/man/man8/dpkg-preconfigure.8.gz", + "/usr/share/man/man8/dpkg-reconfigure.8.gz", + "/usr/share/perl5/Debconf/AutoSelect.pm", + "/usr/share/perl5/Debconf/Base.pm", + "/usr/share/perl5/Debconf/Client/ConfModule.pm", + "/usr/share/perl5/Debconf/ConfModule.pm", + "/usr/share/perl5/Debconf/Config.pm", + "/usr/share/perl5/Debconf/Db.pm", + "/usr/share/perl5/Debconf/DbDriver.pm", + "/usr/share/perl5/Debconf/DbDriver/Backup.pm", + "/usr/share/perl5/Debconf/DbDriver/Cache.pm", + "/usr/share/perl5/Debconf/DbDriver/Copy.pm", + "/usr/share/perl5/Debconf/DbDriver/Debug.pm", + "/usr/share/perl5/Debconf/DbDriver/DirTree.pm", + "/usr/share/perl5/Debconf/DbDriver/Directory.pm", + "/usr/share/perl5/Debconf/DbDriver/File.pm", + "/usr/share/perl5/Debconf/DbDriver/LDAP.pm", + "/usr/share/perl5/Debconf/DbDriver/PackageDir.pm", + "/usr/share/perl5/Debconf/DbDriver/Pipe.pm", + "/usr/share/perl5/Debconf/DbDriver/Stack.pm", + "/usr/share/perl5/Debconf/Element.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Error.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Note.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Password.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Progress.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Select.pm", + "/usr/share/perl5/Debconf/Element/Dialog/String.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Text.pm", + "/usr/share/perl5/Debconf/Element/Editor/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Editor/Error.pm", + "/usr/share/perl5/Debconf/Element/Editor/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Editor/Note.pm", + "/usr/share/perl5/Debconf/Element/Editor/Password.pm", + "/usr/share/perl5/Debconf/Element/Editor/Progress.pm", + "/usr/share/perl5/Debconf/Element/Editor/Select.pm", + "/usr/share/perl5/Debconf/Element/Editor/String.pm", + "/usr/share/perl5/Debconf/Element/Editor/Text.pm", + "/usr/share/perl5/Debconf/Element/Gnome.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Error.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Note.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Password.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Progress.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Select.pm", + "/usr/share/perl5/Debconf/Element/Gnome/String.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Text.pm", + "/usr/share/perl5/Debconf/Element/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Error.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Note.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Password.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Progress.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Select.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/String.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Text.pm", + "/usr/share/perl5/Debconf/Element/Select.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Error.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Note.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Password.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Progress.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Select.pm", + "/usr/share/perl5/Debconf/Element/Teletype/String.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Text.pm", + "/usr/share/perl5/Debconf/Element/Web/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Web/Error.pm", + "/usr/share/perl5/Debconf/Element/Web/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Web/Note.pm", + "/usr/share/perl5/Debconf/Element/Web/Password.pm", + "/usr/share/perl5/Debconf/Element/Web/Progress.pm", + "/usr/share/perl5/Debconf/Element/Web/Select.pm", + "/usr/share/perl5/Debconf/Element/Web/String.pm", + "/usr/share/perl5/Debconf/Element/Web/Text.pm", + "/usr/share/perl5/Debconf/Encoding.pm", + "/usr/share/perl5/Debconf/Format.pm", + "/usr/share/perl5/Debconf/Format/822.pm", + "/usr/share/perl5/Debconf/FrontEnd.pm", + "/usr/share/perl5/Debconf/FrontEnd/Dialog.pm", + "/usr/share/perl5/Debconf/FrontEnd/Editor.pm", + "/usr/share/perl5/Debconf/FrontEnd/Gnome.pm", + "/usr/share/perl5/Debconf/FrontEnd/Kde.pm", + "/usr/share/perl5/Debconf/FrontEnd/Noninteractive.pm", + "/usr/share/perl5/Debconf/FrontEnd/Passthrough.pm", + "/usr/share/perl5/Debconf/FrontEnd/Readline.pm", + "/usr/share/perl5/Debconf/FrontEnd/ScreenSize.pm", + "/usr/share/perl5/Debconf/FrontEnd/Teletype.pm", + "/usr/share/perl5/Debconf/FrontEnd/Text.pm", + "/usr/share/perl5/Debconf/FrontEnd/Web.pm", + "/usr/share/perl5/Debconf/Gettext.pm", + "/usr/share/perl5/Debconf/Iterator.pm", + "/usr/share/perl5/Debconf/Log.pm", + "/usr/share/perl5/Debconf/Path.pm", + "/usr/share/perl5/Debconf/Priority.pm", + "/usr/share/perl5/Debconf/Question.pm", + "/usr/share/perl5/Debconf/Template.pm", + "/usr/share/perl5/Debconf/Template/Transient.pm", + "/usr/share/perl5/Debconf/TmpFile.pm", + "/usr/share/perl5/Debian/DebConf/Client/ConfModule.pm", + "/usr/share/pixmaps/debian-logo.png" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "debianutils@4.9.1", + "Name": "debianutils", + "Identifier": { + "PURL": "pkg:deb/ubuntu/debianutils@4.9.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "33c033894c33c0a9" + }, + "Version": "4.9.1", + "Arch": "amd64", + "SrcName": "debianutils", + "SrcVersion": "4.9.1", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/bin/run-parts", + "/bin/tempfile", + "/bin/which", + "/sbin/installkernel", + "/usr/bin/ischroot", + "/usr/bin/savelog", + "/usr/sbin/add-shell", + "/usr/sbin/remove-shell", + "/usr/share/debianutils/shells", + "/usr/share/doc/debianutils/README.shells.gz", + "/usr/share/doc/debianutils/changelog.gz", + "/usr/share/doc/debianutils/copyright", + "/usr/share/man/de/man1/tempfile.1.gz", + "/usr/share/man/de/man1/which.1.gz", + "/usr/share/man/de/man8/add-shell.8.gz", + "/usr/share/man/de/man8/installkernel.8.gz", + "/usr/share/man/de/man8/remove-shell.8.gz", + "/usr/share/man/de/man8/run-parts.8.gz", + "/usr/share/man/de/man8/savelog.8.gz", + "/usr/share/man/es/man1/tempfile.1.gz", + "/usr/share/man/es/man1/which.1.gz", + "/usr/share/man/es/man8/add-shell.8.gz", + "/usr/share/man/es/man8/installkernel.8.gz", + "/usr/share/man/es/man8/remove-shell.8.gz", + "/usr/share/man/es/man8/run-parts.8.gz", + "/usr/share/man/es/man8/savelog.8.gz", + "/usr/share/man/fr/man1/tempfile.1.gz", + "/usr/share/man/fr/man1/which.1.gz", + "/usr/share/man/fr/man8/add-shell.8.gz", + "/usr/share/man/fr/man8/installkernel.8.gz", + "/usr/share/man/fr/man8/remove-shell.8.gz", + "/usr/share/man/fr/man8/run-parts.8.gz", + "/usr/share/man/fr/man8/savelog.8.gz", + "/usr/share/man/it/man1/tempfile.1.gz", + "/usr/share/man/it/man1/which.1.gz", + "/usr/share/man/it/man8/add-shell.8.gz", + "/usr/share/man/it/man8/installkernel.8.gz", + "/usr/share/man/it/man8/remove-shell.8.gz", + "/usr/share/man/it/man8/run-parts.8.gz", + "/usr/share/man/it/man8/savelog.8.gz", + "/usr/share/man/ja/man1/tempfile.1.gz", + "/usr/share/man/ja/man1/which.1.gz", + "/usr/share/man/ja/man8/add-shell.8.gz", + "/usr/share/man/ja/man8/installkernel.8.gz", + "/usr/share/man/ja/man8/remove-shell.8.gz", + "/usr/share/man/ja/man8/run-parts.8.gz", + "/usr/share/man/ja/man8/savelog.8.gz", + "/usr/share/man/man1/ischroot.1.gz", + "/usr/share/man/man1/tempfile.1.gz", + "/usr/share/man/man1/which.1.gz", + "/usr/share/man/man8/add-shell.8.gz", + "/usr/share/man/man8/installkernel.8.gz", + "/usr/share/man/man8/remove-shell.8.gz", + "/usr/share/man/man8/run-parts.8.gz", + "/usr/share/man/man8/savelog.8.gz", + "/usr/share/man/pl/man1/tempfile.1.gz", + "/usr/share/man/pl/man1/which.1.gz", + "/usr/share/man/pl/man8/add-shell.8.gz", + "/usr/share/man/pl/man8/installkernel.8.gz", + "/usr/share/man/pl/man8/remove-shell.8.gz", + "/usr/share/man/pl/man8/run-parts.8.gz", + "/usr/share/man/pl/man8/savelog.8.gz", + "/usr/share/man/sl/man1/tempfile.1.gz", + "/usr/share/man/sl/man1/which.1.gz", + "/usr/share/man/sl/man8/add-shell.8.gz", + "/usr/share/man/sl/man8/installkernel.8.gz", + "/usr/share/man/sl/man8/remove-shell.8.gz", + "/usr/share/man/sl/man8/run-parts.8.gz", + "/usr/share/man/sl/man8/savelog.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "diffutils@1:3.7-3", + "Name": "diffutils", + "Identifier": { + "PURL": "pkg:deb/ubuntu/diffutils@3.7-3?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "20a16873c3eab51c" + }, + "Version": "3.7", + "Release": "3", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "diffutils", + "SrcVersion": "3.7", + "SrcRelease": "3", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-or-later", + "GFDL-1.3-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/bin/cmp", + "/usr/bin/diff", + "/usr/bin/diff3", + "/usr/bin/sdiff", + "/usr/share/doc/diffutils/NEWS.gz", + "/usr/share/doc/diffutils/changelog.Debian.gz", + "/usr/share/doc/diffutils/copyright", + "/usr/share/info/diffutils.info.gz", + "/usr/share/man/man1/cmp.1.gz", + "/usr/share/man/man1/diff.1.gz", + "/usr/share/man/man1/diff3.1.gz", + "/usr/share/man/man1/sdiff.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "dpkg@1.19.7ubuntu3.2", + "Name": "dpkg", + "Identifier": { + "PURL": "pkg:deb/ubuntu/dpkg@1.19.7ubuntu3.2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "ee837475a82dbbe7" + }, + "Version": "1.19.7ubuntu3.2", + "Arch": "amd64", + "SrcName": "dpkg", + "SrcVersion": "1.19.7ubuntu3.2", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "BSD-2-Clause", + "public-domain-s-s-d", + "public-domain-md5" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "tar@1.30+dfsg-7ubuntu0.20.04.3" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/sbin/start-stop-daemon", + "/usr/bin/dpkg", + "/usr/bin/dpkg-deb", + "/usr/bin/dpkg-divert", + "/usr/bin/dpkg-maintscript-helper", + "/usr/bin/dpkg-query", + "/usr/bin/dpkg-split", + "/usr/bin/dpkg-statoverride", + "/usr/bin/dpkg-trigger", + "/usr/bin/update-alternatives", + "/usr/share/bug/dpkg", + "/usr/share/doc/dpkg/AUTHORS", + "/usr/share/doc/dpkg/README.feature-removal-schedule.gz", + "/usr/share/doc/dpkg/THANKS.gz", + "/usr/share/doc/dpkg/changelog.Debian.gz", + "/usr/share/doc/dpkg/copyright", + "/usr/share/doc/dpkg/usertags.gz", + "/usr/share/dpkg/abitable", + "/usr/share/dpkg/cputable", + "/usr/share/dpkg/ostable", + "/usr/share/dpkg/tupletable", + "/usr/share/lintian/overrides/dpkg", + "/usr/share/lintian/profiles/dpkg/main.profile", + "/usr/share/locale/ast/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/bs/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ca/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/cs/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/da/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/de/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/dz/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/el/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/eo/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/es/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/et/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/eu/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/fr/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/gl/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/hu/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/id/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/it/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ja/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/km/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ko/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ku/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/lt/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/mr/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/nb/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ne/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/nl/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/nn/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/pa/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/pl/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/pt/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ro/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ru/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/sk/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/sv/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/th/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/tl/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/tr/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/vi/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/dpkg.mo", + "/usr/share/man/de/man1/dpkg-deb.1.gz", + "/usr/share/man/de/man1/dpkg-divert.1.gz", + "/usr/share/man/de/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/de/man1/dpkg-query.1.gz", + "/usr/share/man/de/man1/dpkg-split.1.gz", + "/usr/share/man/de/man1/dpkg-statoverride.1.gz", + "/usr/share/man/de/man1/dpkg-trigger.1.gz", + "/usr/share/man/de/man1/dpkg.1.gz", + "/usr/share/man/de/man1/update-alternatives.1.gz", + "/usr/share/man/de/man5/dpkg.cfg.5.gz", + "/usr/share/man/de/man8/start-stop-daemon.8.gz", + "/usr/share/man/es/man1/dpkg-split.1.gz", + "/usr/share/man/es/man1/update-alternatives.1.gz", + "/usr/share/man/fr/man1/dpkg-deb.1.gz", + "/usr/share/man/fr/man1/dpkg-divert.1.gz", + "/usr/share/man/fr/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/fr/man1/dpkg-query.1.gz", + "/usr/share/man/fr/man1/dpkg-split.1.gz", + "/usr/share/man/fr/man1/dpkg-statoverride.1.gz", + "/usr/share/man/fr/man1/dpkg-trigger.1.gz", + "/usr/share/man/fr/man1/dpkg.1.gz", + "/usr/share/man/fr/man1/update-alternatives.1.gz", + "/usr/share/man/fr/man5/dpkg.cfg.5.gz", + "/usr/share/man/fr/man8/start-stop-daemon.8.gz", + "/usr/share/man/it/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/it/man1/dpkg-split.1.gz", + "/usr/share/man/it/man1/update-alternatives.1.gz", + "/usr/share/man/ja/man1/dpkg-split.1.gz", + "/usr/share/man/ja/man1/update-alternatives.1.gz", + "/usr/share/man/man1/dpkg-deb.1.gz", + "/usr/share/man/man1/dpkg-divert.1.gz", + "/usr/share/man/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/man1/dpkg-query.1.gz", + "/usr/share/man/man1/dpkg-split.1.gz", + "/usr/share/man/man1/dpkg-statoverride.1.gz", + "/usr/share/man/man1/dpkg-trigger.1.gz", + "/usr/share/man/man1/dpkg.1.gz", + "/usr/share/man/man1/update-alternatives.1.gz", + "/usr/share/man/man5/dpkg.cfg.5.gz", + "/usr/share/man/man8/start-stop-daemon.8.gz", + "/usr/share/man/nl/man1/dpkg-deb.1.gz", + "/usr/share/man/nl/man1/dpkg-divert.1.gz", + "/usr/share/man/nl/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/nl/man1/dpkg-query.1.gz", + "/usr/share/man/nl/man1/dpkg-split.1.gz", + "/usr/share/man/nl/man1/dpkg-statoverride.1.gz", + "/usr/share/man/nl/man1/dpkg-trigger.1.gz", + "/usr/share/man/nl/man1/dpkg.1.gz", + "/usr/share/man/nl/man1/update-alternatives.1.gz", + "/usr/share/man/nl/man5/dpkg.cfg.5.gz", + "/usr/share/man/nl/man8/start-stop-daemon.8.gz", + "/usr/share/man/pl/man1/dpkg-split.1.gz", + "/usr/share/man/pl/man1/update-alternatives.1.gz", + "/usr/share/man/sv/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/sv/man1/dpkg-split.1.gz", + "/usr/share/man/sv/man1/dpkg-trigger.1.gz", + "/usr/share/man/sv/man1/update-alternatives.1.gz", + "/usr/share/polkit-1/actions/org.dpkg.pkexec.update-alternatives.policy" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "e2fsprogs@1.45.5-2ubuntu1.1", + "Name": "e2fsprogs", + "Identifier": { + "PURL": "pkg:deb/ubuntu/e2fsprogs@1.45.5-2ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "837d9bdbf71f5a70" + }, + "Version": "1.45.5", + "Release": "2ubuntu1.1", + "Arch": "amd64", + "SrcName": "e2fsprogs", + "SrcVersion": "1.45.5", + "SrcRelease": "2ubuntu1.1", + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "logsave@1.45.5-2ubuntu1.1" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/systemd/system/e2scrub@.service", + "/lib/systemd/system/e2scrub_all.service", + "/lib/systemd/system/e2scrub_all.timer", + "/lib/systemd/system/e2scrub_fail@.service", + "/lib/systemd/system/e2scrub_reap.service", + "/lib/udev/rules.d/96-e2scrub.rules", + "/sbin/badblocks", + "/sbin/debugfs", + "/sbin/dumpe2fs", + "/sbin/e2fsck", + "/sbin/e2image", + "/sbin/e2scrub", + "/sbin/e2scrub_all", + "/sbin/e2undo", + "/sbin/mke2fs", + "/sbin/resize2fs", + "/sbin/tune2fs", + "/usr/bin/chattr", + "/usr/bin/lsattr", + "/usr/lib/x86_64-linux-gnu/e2fsprogs/e2scrub_all_cron", + "/usr/lib/x86_64-linux-gnu/e2fsprogs/e2scrub_fail", + "/usr/sbin/e2freefrag", + "/usr/sbin/e4crypt", + "/usr/sbin/e4defrag", + "/usr/sbin/filefrag", + "/usr/sbin/mklost+found", + "/usr/share/doc/e2fsprogs/NEWS.gz", + "/usr/share/doc/e2fsprogs/README", + "/usr/share/doc/e2fsprogs/copyright", + "/usr/share/lintian/overrides/e2fsprogs", + "/usr/share/man/man1/chattr.1.gz", + "/usr/share/man/man1/lsattr.1.gz", + "/usr/share/man/man5/e2fsck.conf.5.gz", + "/usr/share/man/man5/ext4.5.gz", + "/usr/share/man/man5/mke2fs.conf.5.gz", + "/usr/share/man/man8/badblocks.8.gz", + "/usr/share/man/man8/debugfs.8.gz", + "/usr/share/man/man8/dumpe2fs.8.gz", + "/usr/share/man/man8/e2freefrag.8.gz", + "/usr/share/man/man8/e2fsck.8.gz", + "/usr/share/man/man8/e2image.8.gz", + "/usr/share/man/man8/e2label.8.gz", + "/usr/share/man/man8/e2mmpstatus.8.gz", + "/usr/share/man/man8/e2scrub.8.gz", + "/usr/share/man/man8/e2scrub_all.8.gz", + "/usr/share/man/man8/e2undo.8.gz", + "/usr/share/man/man8/e4crypt.8.gz", + "/usr/share/man/man8/e4defrag.8.gz", + "/usr/share/man/man8/filefrag.8.gz", + "/usr/share/man/man8/mke2fs.8.gz", + "/usr/share/man/man8/mklost+found.8.gz", + "/usr/share/man/man8/resize2fs.8.gz", + "/usr/share/man/man8/tune2fs.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "fdisk@2.34-0.1ubuntu9.3", + "Name": "fdisk", + "Identifier": { + "PURL": "pkg:deb/ubuntu/fdisk@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e93cc0834325a9d6" + }, + "Version": "2.34", + "Release": "0.1ubuntu9.3", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.34", + "SrcRelease": "0.1ubuntu9.3", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "public-domain", + "BSD-4-Clause", + "MIT", + "BSD-2-Clause", + "BSD-3-Clause", + "LGPL-2.0-or-later", + "LGPL-2.1-or-later", + "GPL-3.0-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libfdisk1@2.34-0.1ubuntu9.3", + "libmount1@2.34-0.1ubuntu9.3", + "libncursesw6@6.2-0ubuntu2", + "libsmartcols1@2.34-0.1ubuntu9.3", + "libtinfo6@6.2-0ubuntu2" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/sbin/cfdisk", + "/sbin/fdisk", + "/sbin/sfdisk", + "/usr/share/bash-completion/completions/cfdisk", + "/usr/share/bash-completion/completions/fdisk", + "/usr/share/bash-completion/completions/sfdisk", + "/usr/share/doc/fdisk/copyright", + "/usr/share/man/man8/cfdisk.8.gz", + "/usr/share/man/man8/fdisk.8.gz", + "/usr/share/man/man8/sfdisk.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "findutils@4.7.0-1ubuntu1", + "Name": "findutils", + "Identifier": { + "PURL": "pkg:deb/ubuntu/findutils@4.7.0-1ubuntu1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "cf6c12ae56df7c0c" + }, + "Version": "4.7.0", + "Release": "1ubuntu1", + "Arch": "amd64", + "SrcName": "findutils", + "SrcVersion": "4.7.0", + "SrcRelease": "1ubuntu1", + "Licenses": [ + "GPL-3.0-only", + "GFDL-1.3-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/bin/find", + "/usr/bin/xargs", + "/usr/share/doc-base/findutils", + "/usr/share/doc/findutils/NEWS.Debian.gz", + "/usr/share/doc/findutils/NEWS.gz", + "/usr/share/doc/findutils/README.gz", + "/usr/share/doc/findutils/TODO", + "/usr/share/doc/findutils/changelog.Debian.gz", + "/usr/share/doc/findutils/copyright", + "/usr/share/info/find-maint.info.gz", + "/usr/share/info/find.info-1.gz", + "/usr/share/info/find.info-2.gz", + "/usr/share/info/find.info.gz", + "/usr/share/man/man1/find.1.gz", + "/usr/share/man/man1/xargs.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "galera-4@26.4.14-ubu2004", + "Name": "galera-4", + "Identifier": { + "PURL": "pkg:deb/ubuntu/galera-4@26.4.14-ubu2004?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "75c6738053f429f6" + }, + "Version": "26.4.14", + "Release": "ubu2004", + "Arch": "amd64", + "SrcName": "galera-4", + "SrcVersion": "26.4.14", + "SrcRelease": "ubu2004", + "Licenses": [ + "GPL-2.0-only", + "other", + "GFDL-1.1-or-later", + "CC-BY-SA-3.0", + "GFDL-1.2-only" + ], + "Maintainer": "Codership Oy \u003cinfo@codership.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libgcc-s1@10.3.0-1ubuntu1~20.04", + "libssl1.1@1.1.1f-1ubuntu2.17", + "libstdc++6@10.3.0-1ubuntu1~20.04" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/lib/libgalera_smm.so", + "/usr/share/doc/galera-4/AUTHORS", + "/usr/share/doc/galera-4/README.gz", + "/usr/share/doc/galera-4/changelog.Debian.gz", + "/usr/share/doc/galera-4/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "gawk@1:5.0.1+dfsg-1", + "Name": "gawk", + "Identifier": { + "PURL": "pkg:deb/ubuntu/gawk@5.0.1%2Bdfsg-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "e7d9fd5e0ccccae5" + }, + "Version": "5.0.1+dfsg", + "Release": "1", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "gawk", + "SrcVersion": "5.0.1+dfsg", + "SrcRelease": "1", + "SrcEpoch": 1, + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/bin/gawk", + "/usr/include/gawkapi.h", + "/usr/lib/x86_64-linux-gnu/awk/grcat", + "/usr/lib/x86_64-linux-gnu/awk/pwcat", + "/usr/lib/x86_64-linux-gnu/gawk/filefuncs.so", + "/usr/lib/x86_64-linux-gnu/gawk/fnmatch.so", + "/usr/lib/x86_64-linux-gnu/gawk/fork.so", + "/usr/lib/x86_64-linux-gnu/gawk/inplace.so", + "/usr/lib/x86_64-linux-gnu/gawk/intdiv.so", + "/usr/lib/x86_64-linux-gnu/gawk/ordchr.so", + "/usr/lib/x86_64-linux-gnu/gawk/readdir.so", + "/usr/lib/x86_64-linux-gnu/gawk/readfile.so", + "/usr/lib/x86_64-linux-gnu/gawk/revoutput.so", + "/usr/lib/x86_64-linux-gnu/gawk/revtwoway.so", + "/usr/lib/x86_64-linux-gnu/gawk/rwarray.so", + "/usr/lib/x86_64-linux-gnu/gawk/time.so", + "/usr/share/awk/assert.awk", + "/usr/share/awk/bits2str.awk", + "/usr/share/awk/cliff_rand.awk", + "/usr/share/awk/ctime.awk", + "/usr/share/awk/ftrans.awk", + "/usr/share/awk/getopt.awk", + "/usr/share/awk/gettime.awk", + "/usr/share/awk/group.awk", + "/usr/share/awk/have_mpfr.awk", + "/usr/share/awk/inplace.awk", + "/usr/share/awk/intdiv0.awk", + "/usr/share/awk/join.awk", + "/usr/share/awk/libintl.awk", + "/usr/share/awk/noassign.awk", + "/usr/share/awk/ns_passwd.awk", + "/usr/share/awk/ord.awk", + "/usr/share/awk/passwd.awk", + "/usr/share/awk/processarray.awk", + "/usr/share/awk/quicksort.awk", + "/usr/share/awk/readable.awk", + "/usr/share/awk/readfile.awk", + "/usr/share/awk/rewind.awk", + "/usr/share/awk/round.awk", + "/usr/share/awk/shellquote.awk", + "/usr/share/awk/strtonum.awk", + "/usr/share/awk/walkarray.awk", + "/usr/share/awk/zerofile.awk", + "/usr/share/doc/gawk/AUTHORS", + "/usr/share/doc/gawk/NEWS.gz", + "/usr/share/doc/gawk/POSIX.STD", + "/usr/share/doc/gawk/README", + "/usr/share/doc/gawk/changelog.Debian.gz", + "/usr/share/doc/gawk/copyright", + "/usr/share/doc/gawk/examples/data/class_data1", + "/usr/share/doc/gawk/examples/data/class_data2", + "/usr/share/doc/gawk/examples/data/guide-mellow.po", + "/usr/share/doc/gawk/examples/data/guide.po", + "/usr/share/doc/gawk/examples/data/inventory-shipped", + "/usr/share/doc/gawk/examples/data/mail-list", + "/usr/share/doc/gawk/examples/lib/assert.awk", + "/usr/share/doc/gawk/examples/lib/bits2str.awk", + "/usr/share/doc/gawk/examples/lib/cliff_rand.awk", + "/usr/share/doc/gawk/examples/lib/ctime.awk", + "/usr/share/doc/gawk/examples/lib/ftrans.awk", + "/usr/share/doc/gawk/examples/lib/getopt.awk", + "/usr/share/doc/gawk/examples/lib/gettime.awk", + "/usr/share/doc/gawk/examples/lib/grcat.c", + "/usr/share/doc/gawk/examples/lib/groupawk.in", + "/usr/share/doc/gawk/examples/lib/have_mpfr.awk", + "/usr/share/doc/gawk/examples/lib/inplace.awk", + "/usr/share/doc/gawk/examples/lib/intdiv0.awk", + "/usr/share/doc/gawk/examples/lib/join.awk", + "/usr/share/doc/gawk/examples/lib/libintl.awk", + "/usr/share/doc/gawk/examples/lib/noassign.awk", + "/usr/share/doc/gawk/examples/lib/ns_passwd.awk", + "/usr/share/doc/gawk/examples/lib/ord.awk", + "/usr/share/doc/gawk/examples/lib/passwdawk.in", + "/usr/share/doc/gawk/examples/lib/processarray.awk", + "/usr/share/doc/gawk/examples/lib/pwcat.c", + "/usr/share/doc/gawk/examples/lib/quicksort.awk", + "/usr/share/doc/gawk/examples/lib/readable.awk", + "/usr/share/doc/gawk/examples/lib/readfile.awk", + "/usr/share/doc/gawk/examples/lib/rewind.awk", + "/usr/share/doc/gawk/examples/lib/round.awk", + "/usr/share/doc/gawk/examples/lib/shellquote.awk", + "/usr/share/doc/gawk/examples/lib/strtonum.awk", + "/usr/share/doc/gawk/examples/lib/walkarray.awk", + "/usr/share/doc/gawk/examples/lib/zerofile.awk", + "/usr/share/doc/gawk/examples/misc/addresses.csv", + "/usr/share/doc/gawk/examples/misc/arraymax.awk", + "/usr/share/doc/gawk/examples/misc/arraymax.data", + "/usr/share/doc/gawk/examples/misc/findpat.awk", + "/usr/share/doc/gawk/examples/misc/findpat.data", + "/usr/share/doc/gawk/examples/misc/simple-csv.awk", + "/usr/share/doc/gawk/examples/network/PostAgent.sh", + "/usr/share/doc/gawk/examples/network/coreserv.awk", + "/usr/share/doc/gawk/examples/network/eliza.awk", + "/usr/share/doc/gawk/examples/network/fingerclient.awk", + "/usr/share/doc/gawk/examples/network/geturl.awk", + "/usr/share/doc/gawk/examples/network/hello-serv.awk", + "/usr/share/doc/gawk/examples/network/maze.awk", + "/usr/share/doc/gawk/examples/network/mobag.awk", + "/usr/share/doc/gawk/examples/network/panic.awk", + "/usr/share/doc/gawk/examples/network/protbase.awk", + "/usr/share/doc/gawk/examples/network/protbase.request", + "/usr/share/doc/gawk/examples/network/protbase.result", + "/usr/share/doc/gawk/examples/network/remconf.awk", + "/usr/share/doc/gawk/examples/network/statist.awk", + "/usr/share/doc/gawk/examples/network/stoxdata.txt", + "/usr/share/doc/gawk/examples/network/stoxpred.awk", + "/usr/share/doc/gawk/examples/network/testserv.awk", + "/usr/share/doc/gawk/examples/network/urlchk.awk", + "/usr/share/doc/gawk/examples/network/webgrab.awk", + "/usr/share/doc/gawk/examples/prog/alarm.awk", + "/usr/share/doc/gawk/examples/prog/anagram.awk", + "/usr/share/doc/gawk/examples/prog/awksed.awk", + "/usr/share/doc/gawk/examples/prog/cut.awk", + "/usr/share/doc/gawk/examples/prog/dupword.awk", + "/usr/share/doc/gawk/examples/prog/egrep.awk", + "/usr/share/doc/gawk/examples/prog/extract.awk", + "/usr/share/doc/gawk/examples/prog/guide.awk", + "/usr/share/doc/gawk/examples/prog/histsort.awk", + "/usr/share/doc/gawk/examples/prog/id.awk", + "/usr/share/doc/gawk/examples/prog/igawk.sh", + "/usr/share/doc/gawk/examples/prog/indirectcall.awk", + "/usr/share/doc/gawk/examples/prog/labels.awk", + "/usr/share/doc/gawk/examples/prog/pi.awk", + "/usr/share/doc/gawk/examples/prog/split.awk", + "/usr/share/doc/gawk/examples/prog/tee.awk", + "/usr/share/doc/gawk/examples/prog/testbits.awk", + "/usr/share/doc/gawk/examples/prog/translate.awk", + "/usr/share/doc/gawk/examples/prog/uniq.awk", + "/usr/share/doc/gawk/examples/prog/wc.awk", + "/usr/share/doc/gawk/examples/prog/wordfreq.awk", + "/usr/share/man/man1/gawk.1.gz", + "/usr/share/man/man3/filefuncs.3am.gz", + "/usr/share/man/man3/fnmatch.3am.gz", + "/usr/share/man/man3/fork.3am.gz", + "/usr/share/man/man3/inplace.3am.gz", + "/usr/share/man/man3/ordchr.3am.gz", + "/usr/share/man/man3/readdir.3am.gz", + "/usr/share/man/man3/readfile.3am.gz", + "/usr/share/man/man3/revoutput.3am.gz", + "/usr/share/man/man3/revtwoway.3am.gz", + "/usr/share/man/man3/rwarray.3am.gz", + "/usr/share/man/man3/time.3am.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "gcc-10-base@10.3.0-1ubuntu1~20.04", + "Name": "gcc-10-base", + "Identifier": { + "PURL": "pkg:deb/ubuntu/gcc-10-base@10.3.0-1ubuntu1~20.04?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "df235c8a65403143" + }, + "Version": "10.3.0", + "Release": "1ubuntu1~20.04", + "Arch": "amd64", + "SrcName": "gcc-10", + "SrcVersion": "10.3.0", + "SrcRelease": "1ubuntu1~20.04", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-3.0-only", + "GFDL-1.2-only", + "GPL-2.0-only", + "Artistic-2.0", + "LGPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Core developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/share/doc/gcc-10-base/README.Debian.amd64.gz", + "/usr/share/doc/gcc-10-base/TODO.Debian", + "/usr/share/doc/gcc-10-base/changelog.Debian.gz", + "/usr/share/doc/gcc-10-base/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "gpg@2.2.19-3ubuntu2.2", + "Name": "gpg", + "Identifier": { + "PURL": "pkg:deb/ubuntu/gpg@2.2.19-3ubuntu2.2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "c3f3b0f55f5d5301" + }, + "Version": "2.2.19", + "Release": "3ubuntu2.2", + "Arch": "amd64", + "SrcName": "gnupg2", + "SrcVersion": "2.2.19", + "SrcRelease": "3ubuntu2.2", + "Licenses": [ + "GPL-3.0-or-later", + "permissive", + "LGPL-2.1-or-later", + "MIT", + "BSD-3-Clause", + "LGPL-3.0-or-later", + "RFC-Reference", + "TinySCHEME", + "CC0-1.0", + "GPL-3.0-only", + "LGPL-3.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "gpgconf@2.2.19-3ubuntu2.2", + "libassuan0@2.5.3-7ubuntu2", + "libbz2-1.0@1.0.8-2", + "libc6@2.31-0ubuntu9.9", + "libgcrypt20@1.8.5-5ubuntu1.1", + "libgpg-error0@1.37-1", + "libreadline8@8.0-4", + "libsqlite3-0@3.31.1-4ubuntu0.5", + "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "InstalledFiles": [ + "/usr/bin/gpg", + "/usr/share/doc/gpg/copyright", + "/usr/share/man/man1/gpg.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "gpgconf@2.2.19-3ubuntu2.2", + "Name": "gpgconf", + "Identifier": { + "PURL": "pkg:deb/ubuntu/gpgconf@2.2.19-3ubuntu2.2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "fc417bd7bd03106c" + }, + "Version": "2.2.19", + "Release": "3ubuntu2.2", + "Arch": "amd64", + "SrcName": "gnupg2", + "SrcVersion": "2.2.19", + "SrcRelease": "3ubuntu2.2", + "Licenses": [ + "GPL-3.0-or-later", + "permissive", + "LGPL-2.1-or-later", + "MIT", + "BSD-3-Clause", + "LGPL-3.0-or-later", + "RFC-Reference", + "TinySCHEME", + "CC0-1.0", + "GPL-3.0-only", + "LGPL-3.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libassuan0@2.5.3-7ubuntu2", + "libc6@2.31-0ubuntu9.9", + "libgcrypt20@1.8.5-5ubuntu1.1", + "libgpg-error0@1.37-1", + "libreadline8@8.0-4" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "InstalledFiles": [ + "/usr/bin/gpg-connect-agent", + "/usr/bin/gpgconf", + "/usr/share/doc/gpgconf/NEWS.Debian.gz", + "/usr/share/doc/gpgconf/changelog.Debian.gz", + "/usr/share/doc/gpgconf/copyright", + "/usr/share/doc/gpgconf/examples/gpgconf.conf", + "/usr/share/gnupg/distsigkey.gpg", + "/usr/share/man/man1/gpg-connect-agent.1.gz", + "/usr/share/man/man1/gpgconf.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "gpgv@2.2.19-3ubuntu2.2", + "Name": "gpgv", + "Identifier": { + "PURL": "pkg:deb/ubuntu/gpgv@2.2.19-3ubuntu2.2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "94c47271b8f35208" + }, + "Version": "2.2.19", + "Release": "3ubuntu2.2", + "Arch": "amd64", + "SrcName": "gnupg2", + "SrcVersion": "2.2.19", + "SrcRelease": "3ubuntu2.2", + "Licenses": [ + "GPL-3.0-or-later", + "permissive", + "LGPL-2.1-or-later", + "MIT", + "BSD-3-Clause", + "LGPL-3.0-or-later", + "RFC-Reference", + "TinySCHEME", + "CC0-1.0", + "GPL-3.0-only", + "LGPL-3.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libbz2-1.0@1.0.8-2", + "libc6@2.31-0ubuntu9.9", + "libgcrypt20@1.8.5-5ubuntu1.1", + "libgpg-error0@1.37-1", + "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/bin/gpgv", + "/usr/share/doc/gpgv/NEWS.Debian.gz", + "/usr/share/doc/gpgv/changelog.Debian.gz", + "/usr/share/doc/gpgv/copyright", + "/usr/share/man/man1/gpgv.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "grep@3.4-1", + "Name": "grep", + "Identifier": { + "PURL": "pkg:deb/ubuntu/grep@3.4-1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "7a64eb88e96b3c53" + }, + "Version": "3.4", + "Release": "1", + "Arch": "amd64", + "SrcName": "grep", + "SrcVersion": "3.4", + "SrcRelease": "1", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "dpkg@1.19.7ubuntu3.2" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/bin/egrep", + "/bin/fgrep", + "/bin/grep", + "/usr/bin/rgrep", + "/usr/share/doc/grep/AUTHORS", + "/usr/share/doc/grep/NEWS.gz", + "/usr/share/doc/grep/README", + "/usr/share/doc/grep/THANKS.gz", + "/usr/share/doc/grep/TODO.gz", + "/usr/share/doc/grep/changelog.Debian.gz", + "/usr/share/doc/grep/copyright", + "/usr/share/info/grep.info.gz", + "/usr/share/man/man1/grep.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "gzip@1.10-0ubuntu4.1", + "Name": "gzip", + "Identifier": { + "PURL": "pkg:deb/ubuntu/gzip@1.10-0ubuntu4.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e900beb6c8058551" + }, + "Version": "1.10", + "Release": "0ubuntu4.1", + "Arch": "amd64", + "SrcName": "gzip", + "SrcVersion": "1.10", + "SrcRelease": "0ubuntu4.1", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "dpkg@1.19.7ubuntu3.2" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/bin/gunzip", + "/bin/gzexe", + "/bin/gzip", + "/bin/uncompress", + "/bin/zcat", + "/bin/zcmp", + "/bin/zdiff", + "/bin/zegrep", + "/bin/zfgrep", + "/bin/zforce", + "/bin/zgrep", + "/bin/zless", + "/bin/zmore", + "/bin/znew", + "/usr/share/doc/gzip/NEWS.gz", + "/usr/share/doc/gzip/README.gz", + "/usr/share/doc/gzip/TODO", + "/usr/share/doc/gzip/changelog.Debian.gz", + "/usr/share/doc/gzip/copyright", + "/usr/share/info/gzip.info.gz", + "/usr/share/man/man1/gzexe.1.gz", + "/usr/share/man/man1/gzip.1.gz", + "/usr/share/man/man1/zdiff.1.gz", + "/usr/share/man/man1/zforce.1.gz", + "/usr/share/man/man1/zgrep.1.gz", + "/usr/share/man/man1/zless.1.gz", + "/usr/share/man/man1/zmore.1.gz", + "/usr/share/man/man1/znew.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "hostname@3.23", + "Name": "hostname", + "Identifier": { + "PURL": "pkg:deb/ubuntu/hostname@3.23?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "293246be199a9132" + }, + "Version": "3.23", + "Arch": "amd64", + "SrcName": "hostname", + "SrcVersion": "3.23", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/bin/hostname", + "/usr/share/doc/hostname/changelog.gz", + "/usr/share/doc/hostname/copyright", + "/usr/share/man/man1/hostname.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "init-system-helpers@1.57", + "Name": "init-system-helpers", + "Identifier": { + "PURL": "pkg:deb/ubuntu/init-system-helpers@1.57?arch=all\u0026distro=ubuntu-20.04", + "UID": "f62a7ab2bd759edf" + }, + "Version": "1.57", + "Arch": "all", + "SrcName": "init-system-helpers", + "SrcVersion": "1.57", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "perl-base@5.30.0-9ubuntu0.3" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/bin/deb-systemd-helper", + "/usr/bin/deb-systemd-invoke", + "/usr/sbin/invoke-rc.d", + "/usr/sbin/service", + "/usr/sbin/update-rc.d", + "/usr/share/bug/init-system-helpers/control", + "/usr/share/doc/init-system-helpers/README.invoke-rc.d.gz", + "/usr/share/doc/init-system-helpers/README.policy-rc.d.gz", + "/usr/share/doc/init-system-helpers/changelog.gz", + "/usr/share/doc/init-system-helpers/copyright", + "/usr/share/lintian/overrides/init-system-helpers", + "/usr/share/man/man1/deb-systemd-helper.1p.gz", + "/usr/share/man/man1/deb-systemd-invoke.1p.gz", + "/usr/share/man/man8/invoke-rc.d.8.gz", + "/usr/share/man/man8/service.8.gz", + "/usr/share/man/man8/update-rc.d.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "iproute2@5.5.0-1ubuntu1", + "Name": "iproute2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/iproute2@5.5.0-1ubuntu1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "8bf7bfdbafc1af2e" + }, + "Version": "5.5.0", + "Release": "1ubuntu1", + "Arch": "amd64", + "SrcName": "iproute2", + "SrcVersion": "5.5.0", + "SrcRelease": "1ubuntu1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.73", + "libbsd0@0.10.0-1", + "libc6@2.31-0ubuntu9.9", + "libcap2-bin@1:2.32-1", + "libcap2@1:2.32-1", + "libdb5.3@5.3.28+dfsg1-0.6ubuntu2", + "libelf1@0.176-1.1build1", + "libmnl0@1.0.4-2", + "libselinux1@3.0-1build2", + "libxtables12@1.8.4-3ubuntu2" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/bin/ip", + "/bin/ss", + "/sbin/bridge", + "/sbin/devlink", + "/sbin/rtacct", + "/sbin/rtmon", + "/sbin/tc", + "/sbin/tipc", + "/usr/bin/lnstat", + "/usr/bin/nstat", + "/usr/bin/rdma", + "/usr/bin/routef", + "/usr/bin/routel", + "/usr/include/iproute2/bpf_elf.h", + "/usr/lib/tc/experimental.dist", + "/usr/lib/tc/m_xt.so", + "/usr/lib/tc/normal.dist", + "/usr/lib/tc/pareto.dist", + "/usr/lib/tc/paretonormal.dist", + "/usr/lib/tc/q_atm.so", + "/usr/sbin/arpd", + "/usr/sbin/genl", + "/usr/share/bash-completion/completions/tc", + "/usr/share/doc/iproute2/README.Debian", + "/usr/share/doc/iproute2/changelog.Debian.gz", + "/usr/share/doc/iproute2/copyright", + "/usr/share/man/man3/libnetlink.3.gz", + "/usr/share/man/man7/tc-hfsc.7.gz", + "/usr/share/man/man8/arpd.8.gz", + "/usr/share/man/man8/bridge.8.gz", + "/usr/share/man/man8/devlink-dev.8.gz", + "/usr/share/man/man8/devlink-health.8.gz", + "/usr/share/man/man8/devlink-monitor.8.gz", + "/usr/share/man/man8/devlink-port.8.gz", + "/usr/share/man/man8/devlink-region.8.gz", + "/usr/share/man/man8/devlink-resource.8.gz", + "/usr/share/man/man8/devlink-sb.8.gz", + "/usr/share/man/man8/devlink-trap.8.gz", + "/usr/share/man/man8/devlink.8.gz", + "/usr/share/man/man8/genl.8.gz", + "/usr/share/man/man8/ifcfg.8.gz", + "/usr/share/man/man8/ip-address.8.gz", + "/usr/share/man/man8/ip-addrlabel.8.gz", + "/usr/share/man/man8/ip-fou.8.gz", + "/usr/share/man/man8/ip-l2tp.8.gz", + "/usr/share/man/man8/ip-link.8.gz", + "/usr/share/man/man8/ip-macsec.8.gz", + "/usr/share/man/man8/ip-maddress.8.gz", + "/usr/share/man/man8/ip-monitor.8.gz", + "/usr/share/man/man8/ip-mroute.8.gz", + "/usr/share/man/man8/ip-neighbour.8.gz", + "/usr/share/man/man8/ip-netconf.8.gz", + "/usr/share/man/man8/ip-netns.8.gz", + "/usr/share/man/man8/ip-nexthop.8.gz", + "/usr/share/man/man8/ip-ntable.8.gz", + "/usr/share/man/man8/ip-route.8.gz", + "/usr/share/man/man8/ip-rule.8.gz", + "/usr/share/man/man8/ip-sr.8.gz", + "/usr/share/man/man8/ip-tcp_metrics.8.gz", + "/usr/share/man/man8/ip-token.8.gz", + "/usr/share/man/man8/ip-tunnel.8.gz", + "/usr/share/man/man8/ip-vrf.8.gz", + "/usr/share/man/man8/ip-xfrm.8.gz", + "/usr/share/man/man8/ip.8.gz", + "/usr/share/man/man8/lnstat.8.gz", + "/usr/share/man/man8/rdma-dev.8.gz", + "/usr/share/man/man8/rdma-link.8.gz", + "/usr/share/man/man8/rdma-resource.8.gz", + "/usr/share/man/man8/rdma-statistic.8.gz", + "/usr/share/man/man8/rdma-system.8.gz", + "/usr/share/man/man8/rdma.8.gz", + "/usr/share/man/man8/routel.8.gz", + "/usr/share/man/man8/rtacct.8.gz", + "/usr/share/man/man8/rtmon.8.gz", + "/usr/share/man/man8/rtpr.8.gz", + "/usr/share/man/man8/ss.8.gz", + "/usr/share/man/man8/tc-actions.8.gz", + "/usr/share/man/man8/tc-basic.8.gz", + "/usr/share/man/man8/tc-bfifo.8.gz", + "/usr/share/man/man8/tc-bpf.8.gz", + "/usr/share/man/man8/tc-cake.8.gz", + "/usr/share/man/man8/tc-cbq-details.8.gz", + "/usr/share/man/man8/tc-cbq.8.gz", + "/usr/share/man/man8/tc-cbs.8.gz", + "/usr/share/man/man8/tc-cgroup.8.gz", + "/usr/share/man/man8/tc-choke.8.gz", + "/usr/share/man/man8/tc-codel.8.gz", + "/usr/share/man/man8/tc-connmark.8.gz", + "/usr/share/man/man8/tc-csum.8.gz", + "/usr/share/man/man8/tc-ctinfo.8.gz", + "/usr/share/man/man8/tc-drr.8.gz", + "/usr/share/man/man8/tc-ematch.8.gz", + "/usr/share/man/man8/tc-etf.8.gz", + "/usr/share/man/man8/tc-flow.8.gz", + "/usr/share/man/man8/tc-flower.8.gz", + "/usr/share/man/man8/tc-fq.8.gz", + "/usr/share/man/man8/tc-fq_codel.8.gz", + "/usr/share/man/man8/tc-fw.8.gz", + "/usr/share/man/man8/tc-hfsc.8.gz", + "/usr/share/man/man8/tc-htb.8.gz", + "/usr/share/man/man8/tc-ife.8.gz", + "/usr/share/man/man8/tc-matchall.8.gz", + "/usr/share/man/man8/tc-mirred.8.gz", + "/usr/share/man/man8/tc-mpls.8.gz", + "/usr/share/man/man8/tc-mqprio.8.gz", + "/usr/share/man/man8/tc-nat.8.gz", + "/usr/share/man/man8/tc-netem.8.gz", + "/usr/share/man/man8/tc-pedit.8.gz", + "/usr/share/man/man8/tc-pfifo_fast.8.gz", + "/usr/share/man/man8/tc-pie.8.gz", + "/usr/share/man/man8/tc-police.8.gz", + "/usr/share/man/man8/tc-prio.8.gz", + "/usr/share/man/man8/tc-red.8.gz", + "/usr/share/man/man8/tc-route.8.gz", + "/usr/share/man/man8/tc-sample.8.gz", + "/usr/share/man/man8/tc-sfb.8.gz", + "/usr/share/man/man8/tc-sfq.8.gz", + "/usr/share/man/man8/tc-simple.8.gz", + "/usr/share/man/man8/tc-skbedit.8.gz", + "/usr/share/man/man8/tc-skbmod.8.gz", + "/usr/share/man/man8/tc-skbprio.8.gz", + "/usr/share/man/man8/tc-stab.8.gz", + "/usr/share/man/man8/tc-taprio.8.gz", + "/usr/share/man/man8/tc-tbf.8.gz", + "/usr/share/man/man8/tc-tcindex.8.gz", + "/usr/share/man/man8/tc-tunnel_key.8.gz", + "/usr/share/man/man8/tc-u32.8.gz", + "/usr/share/man/man8/tc-vlan.8.gz", + "/usr/share/man/man8/tc-xt.8.gz", + "/usr/share/man/man8/tc.8.gz", + "/usr/share/man/man8/tipc-bearer.8.gz", + "/usr/share/man/man8/tipc-link.8.gz", + "/usr/share/man/man8/tipc-media.8.gz", + "/usr/share/man/man8/tipc-nametable.8.gz", + "/usr/share/man/man8/tipc-node.8.gz", + "/usr/share/man/man8/tipc-peer.8.gz", + "/usr/share/man/man8/tipc-socket.8.gz", + "/usr/share/man/man8/tipc.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libacl1@2.2.53-6", + "Name": "libacl1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libacl1@2.2.53-6?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "ec9a773bcdb37f83" + }, + "Version": "2.2.53", + "Release": "6", + "Arch": "amd64", + "SrcName": "acl", + "SrcVersion": "2.2.53", + "SrcRelease": "6", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.0-or-later", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libacl.so.1.1.2253", + "/usr/share/doc/libacl1/changelog.Debian.gz", + "/usr/share/doc/libacl1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libaio1@0.3.112-5", + "Name": "libaio1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libaio1@0.3.112-5?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "fbe69978497c82ad" + }, + "Version": "0.3.112", + "Release": "5", + "Arch": "amd64", + "SrcName": "libaio", + "SrcVersion": "0.3.112", + "SrcRelease": "5", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libaio.so.1.0.1", + "/usr/share/doc/libaio1/changelog.Debian.gz", + "/usr/share/doc/libaio1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libapt-pkg6.0@2.0.9", + "Name": "libapt-pkg6.0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libapt-pkg6.0@2.0.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "dbbcdbf32458636f" + }, + "Version": "2.0.9", + "Arch": "amd64", + "SrcName": "apt", + "SrcVersion": "2.0.9", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libbz2-1.0@1.0.8-2", + "libc6@2.31-0ubuntu9.9", + "libgcc-s1@10.3.0-1ubuntu1~20.04", + "libgcrypt20@1.8.5-5ubuntu1.1", + "liblz4-1@1.9.2-2ubuntu0.20.04.1", + "liblzma5@5.2.4-1ubuntu1.1", + "libstdc++6@10.3.0-1ubuntu1~20.04", + "libsystemd0@245.4-4ubuntu3.21", + "libudev1@245.4-4ubuntu3.21", + "libzstd1@1.4.4+dfsg-3ubuntu0.1", + "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libapt-pkg.so.6.0.0", + "/usr/share/doc/libapt-pkg6.0/NEWS.Debian.gz", + "/usr/share/doc/libapt-pkg6.0/changelog.gz", + "/usr/share/doc/libapt-pkg6.0/copyright", + "/usr/share/locale/ar/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/ast/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/bg/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/bs/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/ca/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/cs/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/cy/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/da/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/de/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/dz/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/el/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/es/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/eu/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/fi/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/fr/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/gl/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/hu/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/it/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/ja/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/km/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/ko/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/ku/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/lt/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/mr/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/nb/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/ne/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/nl/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/nn/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/pl/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/pt/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/ro/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/ru/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/sk/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/sl/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/sv/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/th/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/tl/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/tr/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/uk/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/vi/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/libapt-pkg6.0.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/libapt-pkg6.0.mo" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libassuan0@2.5.3-7ubuntu2", + "Name": "libassuan0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libassuan0@2.5.3-7ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "c29dfbde852c14ee" + }, + "Version": "2.5.3", + "Release": "7ubuntu2", + "Arch": "amd64", + "SrcName": "libassuan", + "SrcVersion": "2.5.3", + "SrcRelease": "7ubuntu2", + "Licenses": [ + "LGPL-2.1-or-later", + "GAP~FSF", + "LGPL-3.0-or-later", + "LGPL-3.0-only", + "GPL-2+ with libtool exception", + "GPL-2.0-only", + "GPL-3.0-or-later", + "GPL-3.0-only", + "GAP", + "GPL-2.0-or-later", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libgpg-error0@1.37-1" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libassuan.so.0.8.3", + "/usr/share/doc/libassuan0/changelog.Debian.gz", + "/usr/share/doc/libassuan0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libattr1@1:2.4.48-5", + "Name": "libattr1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libattr1@2.4.48-5?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "9898a89fadd05f28" + }, + "Version": "2.4.48", + "Release": "5", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "attr", + "SrcVersion": "2.4.48", + "SrcRelease": "5", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.0-or-later", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libattr.so.1.1.2448", + "/usr/share/doc/libattr1/changelog.Debian.gz", + "/usr/share/doc/libattr1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libaudit-common@1:2.8.5-2ubuntu6", + "Name": "libaudit-common", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libaudit-common@2.8.5-2ubuntu6?arch=all\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "f4ed5d0e78145801" + }, + "Version": "2.8.5", + "Release": "2ubuntu6", + "Epoch": 1, + "Arch": "all", + "SrcName": "audit", + "SrcVersion": "2.8.5", + "SrcRelease": "2ubuntu6", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.1-only", + "GPL-1.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/share/doc/libaudit-common/changelog.Debian.gz", + "/usr/share/doc/libaudit-common/copyright", + "/usr/share/man/man5/libaudit.conf.5.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libaudit1@1:2.8.5-2ubuntu6", + "Name": "libaudit1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libaudit1@2.8.5-2ubuntu6?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "cf583359012b0cc0" + }, + "Version": "2.8.5", + "Release": "2ubuntu6", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "audit", + "SrcVersion": "2.8.5", + "SrcRelease": "2ubuntu6", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.1-only", + "GPL-1.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit-common@1:2.8.5-2ubuntu6", + "libc6@2.31-0ubuntu9.9", + "libcap-ng0@0.7.9-2.1build1" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libaudit.so.1.0.0", + "/usr/share/doc/libaudit1/changelog.Debian.gz", + "/usr/share/doc/libaudit1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libblkid1@2.34-0.1ubuntu9.3", + "Name": "libblkid1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libblkid1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "97537d4ff7af8af0" + }, + "Version": "2.34", + "Release": "0.1ubuntu9.3", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.34", + "SrcRelease": "0.1ubuntu9.3", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "public-domain", + "BSD-4-Clause", + "MIT", + "BSD-2-Clause", + "BSD-3-Clause", + "LGPL-2.0-or-later", + "LGPL-2.1-or-later", + "GPL-3.0-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libblkid.so.1.1.0", + "/usr/share/doc/libblkid1/changelog.Debian.gz", + "/usr/share/doc/libblkid1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libbsd0@0.10.0-1", + "Name": "libbsd0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libbsd0@0.10.0-1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a3df79191315c8dc" + }, + "Version": "0.10.0", + "Release": "1", + "Arch": "amd64", + "SrcName": "libbsd", + "SrcVersion": "0.10.0", + "SrcRelease": "1", + "Licenses": [ + "BSD-3-Clause", + "BSD-4-clause-Niels-Provos", + "BSD-4-clause-Christopher-G-Demetriou", + "BSD-3-clause-Regents", + "BSD-2-Clause-NetBSD", + "BSD-3-clause-author", + "BSD-3-clause-John-Birrell", + "BSD-5-clause-Peter-Wemm", + "BSD-2-Clause", + "BSD-2-clause-verbatim", + "BSD-2-clause-author", + "ISC", + "ISC-Original", + "MIT", + "public-domain-Colin-Plumb", + "public-domain", + "Beerware" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libbsd.so.0.10.0", + "/usr/share/doc/libbsd0/changelog.Debian.gz", + "/usr/share/doc/libbsd0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libbz2-1.0@1.0.8-2", + "Name": "libbz2-1.0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libbz2-1.0@1.0.8-2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "25645d614e464d4" + }, + "Version": "1.0.8", + "Release": "2", + "Arch": "amd64", + "SrcName": "bzip2", + "SrcVersion": "1.0.8", + "SrcRelease": "2", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libbz2.so.1.0.4", + "/usr/share/doc/libbz2-1.0/changelog.Debian.gz", + "/usr/share/doc/libbz2-1.0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libc-bin@2.31-0ubuntu9.9", + "Name": "libc-bin", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e0f705ec068d1f26" + }, + "Version": "2.31", + "Release": "0ubuntu9.9", + "Arch": "amd64", + "SrcName": "glibc", + "SrcVersion": "2.31", + "SrcRelease": "0ubuntu9.9", + "Licenses": [ + "LGPL-2.1-only", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/sbin/ldconfig", + "/sbin/ldconfig.real", + "/usr/bin/catchsegv", + "/usr/bin/getconf", + "/usr/bin/getent", + "/usr/bin/iconv", + "/usr/bin/ldd", + "/usr/bin/locale", + "/usr/bin/localedef", + "/usr/bin/pldd", + "/usr/bin/tzselect", + "/usr/bin/zdump", + "/usr/lib/locale/C.UTF-8/LC_ADDRESS", + "/usr/lib/locale/C.UTF-8/LC_COLLATE", + "/usr/lib/locale/C.UTF-8/LC_CTYPE", + "/usr/lib/locale/C.UTF-8/LC_IDENTIFICATION", + "/usr/lib/locale/C.UTF-8/LC_MEASUREMENT", + "/usr/lib/locale/C.UTF-8/LC_MESSAGES/SYS_LC_MESSAGES", + "/usr/lib/locale/C.UTF-8/LC_MONETARY", + "/usr/lib/locale/C.UTF-8/LC_NAME", + "/usr/lib/locale/C.UTF-8/LC_NUMERIC", + "/usr/lib/locale/C.UTF-8/LC_PAPER", + "/usr/lib/locale/C.UTF-8/LC_TELEPHONE", + "/usr/lib/locale/C.UTF-8/LC_TIME", + "/usr/sbin/iconvconfig", + "/usr/sbin/zic", + "/usr/share/doc/libc-bin/copyright", + "/usr/share/libc-bin/nsswitch.conf", + "/usr/share/lintian/overrides/libc-bin", + "/usr/share/man/man1/catchsegv.1.gz", + "/usr/share/man/man1/getconf.1.gz", + "/usr/share/man/man1/tzselect.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libc6@2.31-0ubuntu9.9", + "Name": "libc6", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "6938ab7eef7e556c" + }, + "Version": "2.31", + "Release": "0ubuntu9.9", + "Arch": "amd64", + "SrcName": "glibc", + "SrcVersion": "2.31", + "SrcRelease": "0ubuntu9.9", + "Licenses": [ + "LGPL-2.1-only", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libcrypt1@1:4.4.10-10ubuntu4", + "libgcc-s1@10.3.0-1ubuntu1~20.04" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/ld-2.31.so", + "/lib/x86_64-linux-gnu/libBrokenLocale-2.31.so", + "/lib/x86_64-linux-gnu/libSegFault.so", + "/lib/x86_64-linux-gnu/libanl-2.31.so", + "/lib/x86_64-linux-gnu/libc-2.31.so", + "/lib/x86_64-linux-gnu/libdl-2.31.so", + "/lib/x86_64-linux-gnu/libm-2.31.so", + "/lib/x86_64-linux-gnu/libmemusage.so", + "/lib/x86_64-linux-gnu/libmvec-2.31.so", + "/lib/x86_64-linux-gnu/libnsl-2.31.so", + "/lib/x86_64-linux-gnu/libnss_compat-2.31.so", + "/lib/x86_64-linux-gnu/libnss_dns-2.31.so", + "/lib/x86_64-linux-gnu/libnss_files-2.31.so", + "/lib/x86_64-linux-gnu/libnss_hesiod-2.31.so", + "/lib/x86_64-linux-gnu/libnss_nis-2.31.so", + "/lib/x86_64-linux-gnu/libnss_nisplus-2.31.so", + "/lib/x86_64-linux-gnu/libpcprofile.so", + "/lib/x86_64-linux-gnu/libpthread-2.31.so", + "/lib/x86_64-linux-gnu/libresolv-2.31.so", + "/lib/x86_64-linux-gnu/librt-2.31.so", + "/lib/x86_64-linux-gnu/libthread_db-1.0.so", + "/lib/x86_64-linux-gnu/libutil-2.31.so", + "/usr/lib/x86_64-linux-gnu/audit/sotruss-lib.so", + "/usr/lib/x86_64-linux-gnu/gconv/ANSI_X3.110.so", + "/usr/lib/x86_64-linux-gnu/gconv/ARMSCII-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/ASMO_449.so", + "/usr/lib/x86_64-linux-gnu/gconv/BIG5.so", + "/usr/lib/x86_64-linux-gnu/gconv/BIG5HKSCS.so", + "/usr/lib/x86_64-linux-gnu/gconv/BRF.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP10007.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1125.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1250.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1251.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1252.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1253.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1254.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1255.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1256.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1257.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1258.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP737.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP770.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP771.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP772.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP773.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP774.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP775.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP932.so", + "/usr/lib/x86_64-linux-gnu/gconv/CSN_369103.so", + "/usr/lib/x86_64-linux-gnu/gconv/CWI.so", + "/usr/lib/x86_64-linux-gnu/gconv/DEC-MCS.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-CA-FR.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-S.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FR.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IS-FRISS.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IT.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-PT.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-UK.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-US.so", + "/usr/lib/x86_64-linux-gnu/gconv/ECMA-CYRILLIC.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-CN.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-JISX0213.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP-MS.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-KR.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-TW.so", + "/usr/lib/x86_64-linux-gnu/gconv/GB18030.so", + "/usr/lib/x86_64-linux-gnu/gconv/GBBIG5.so", + "/usr/lib/x86_64-linux-gnu/gconv/GBGBK.so", + "/usr/lib/x86_64-linux-gnu/gconv/GBK.so", + "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-ACADEMY.so", + "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-PS.so", + "/usr/lib/x86_64-linux-gnu/gconv/GOST_19768-74.so", + "/usr/lib/x86_64-linux-gnu/gconv/GREEK-CCITT.so", + "/usr/lib/x86_64-linux-gnu/gconv/GREEK7-OLD.so", + "/usr/lib/x86_64-linux-gnu/gconv/GREEK7.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-GREEK8.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN8.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN9.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-THAI8.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-TURKISH8.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM037.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM038.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1004.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1008.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1008_420.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1025.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1026.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1046.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1047.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1097.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1112.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1122.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1123.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1124.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1129.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1130.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1132.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1133.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1137.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1140.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1141.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1142.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1143.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1144.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1145.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1146.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1147.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1148.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1149.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1153.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1154.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1155.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1156.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1157.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1158.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1160.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1161.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1162.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1163.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1164.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1166.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1167.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM12712.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1364.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1371.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1388.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1390.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1399.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM16804.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM256.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM273.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM274.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM275.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM277.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM278.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM280.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM281.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM284.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM285.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM290.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM297.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM420.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM423.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM424.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM437.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4517.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4899.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4909.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4971.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM500.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM5347.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM803.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM850.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM851.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM852.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM855.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM856.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM857.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM858.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM860.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM861.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM862.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM863.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM864.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM865.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM866.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM866NAV.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM868.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM869.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM870.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM871.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM874.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM875.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM880.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM891.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM901.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM902.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM903.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM9030.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM904.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM905.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM9066.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM918.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM921.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM922.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM930.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM932.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM933.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM935.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM937.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM939.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM943.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM9448.so", + "/usr/lib/x86_64-linux-gnu/gconv/IEC_P27-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/INIS-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/INIS-CYRILLIC.so", + "/usr/lib/x86_64-linux-gnu/gconv/INIS.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISIRI-3342.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN-EXT.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP-3.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-KR.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-197.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-209.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO646.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-10.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-11.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-13.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-14.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-15.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-16.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-2.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-3.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-4.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-5.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-6.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-7.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9E.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_10367-BOX.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_11548-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_2033.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427-EXT.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_5428.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937-2.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937.so", + "/usr/lib/x86_64-linux-gnu/gconv/JOHAB.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-R.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-RU.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-T.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-U.so", + "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-CENTRALEUROPE.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-IS.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-SAMI.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-UK.so", + "/usr/lib/x86_64-linux-gnu/gconv/MACINTOSH.so", + "/usr/lib/x86_64-linux-gnu/gconv/MIK.so", + "/usr/lib/x86_64-linux-gnu/gconv/NATS-DANO.so", + "/usr/lib/x86_64-linux-gnu/gconv/NATS-SEFI.so", + "/usr/lib/x86_64-linux-gnu/gconv/PT154.so", + "/usr/lib/x86_64-linux-gnu/gconv/RK1048.so", + "/usr/lib/x86_64-linux-gnu/gconv/SAMI-WS2.so", + "/usr/lib/x86_64-linux-gnu/gconv/SHIFT_JISX0213.so", + "/usr/lib/x86_64-linux-gnu/gconv/SJIS.so", + "/usr/lib/x86_64-linux-gnu/gconv/T.61.so", + "/usr/lib/x86_64-linux-gnu/gconv/TCVN5712-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/TIS-620.so", + "/usr/lib/x86_64-linux-gnu/gconv/TSCII.so", + "/usr/lib/x86_64-linux-gnu/gconv/UHC.so", + "/usr/lib/x86_64-linux-gnu/gconv/UNICODE.so", + "/usr/lib/x86_64-linux-gnu/gconv/UTF-16.so", + "/usr/lib/x86_64-linux-gnu/gconv/UTF-32.so", + "/usr/lib/x86_64-linux-gnu/gconv/UTF-7.so", + "/usr/lib/x86_64-linux-gnu/gconv/VISCII.so", + "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules", + "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache", + "/usr/lib/x86_64-linux-gnu/gconv/libCNS.so", + "/usr/lib/x86_64-linux-gnu/gconv/libGB.so", + "/usr/lib/x86_64-linux-gnu/gconv/libISOIR165.so", + "/usr/lib/x86_64-linux-gnu/gconv/libJIS.so", + "/usr/lib/x86_64-linux-gnu/gconv/libJISX0213.so", + "/usr/lib/x86_64-linux-gnu/gconv/libKSC.so", + "/usr/share/doc/libc6/NEWS.Debian.gz", + "/usr/share/doc/libc6/NEWS.gz", + "/usr/share/doc/libc6/README.Debian.gz", + "/usr/share/doc/libc6/README.hesiod.gz", + "/usr/share/doc/libc6/changelog.Debian.gz", + "/usr/share/doc/libc6/copyright", + "/usr/share/lintian/overrides/libc6" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcap-ng0@0.7.9-2.1build1", + "Name": "libcap-ng0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libcap-ng0@0.7.9-2.1build1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e6957a49e8589507" + }, + "Version": "0.7.9", + "Release": "2.1build1", + "Arch": "amd64", + "SrcName": "libcap-ng", + "SrcVersion": "0.7.9", + "SrcRelease": "2.1build1", + "Licenses": [ + "LGPL-2.1-only", + "GPL-2.0-only", + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0", + "/usr/share/doc/libcap-ng0/changelog.Debian.gz", + "/usr/share/doc/libcap-ng0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcap2@1:2.32-1", + "Name": "libcap2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libcap2@2.32-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "f3ac8127b4642fab" + }, + "Version": "2.32", + "Release": "1", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "libcap2", + "SrcVersion": "2.32", + "SrcRelease": "1", + "SrcEpoch": 1, + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only", + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libcap.so.2.32", + "/usr/share/doc/libcap2/changelog.Debian.gz", + "/usr/share/doc/libcap2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcap2-bin@1:2.32-1", + "Name": "libcap2-bin", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libcap2-bin@2.32-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "e90e2456a8d78be" + }, + "Version": "2.32", + "Release": "1", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "libcap2", + "SrcVersion": "2.32", + "SrcRelease": "1", + "SrcEpoch": 1, + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only", + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libcap2@1:2.32-1" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/sbin/capsh", + "/sbin/getcap", + "/sbin/getpcaps", + "/sbin/setcap", + "/usr/share/doc/libcap2-bin/README.Debian", + "/usr/share/doc/libcap2-bin/copyright", + "/usr/share/lintian/overrides/libcap2-bin", + "/usr/share/man/man1/capsh.1.gz", + "/usr/share/man/man1/getpcaps.1.gz", + "/usr/share/man/man5/capability.conf.5.gz", + "/usr/share/man/man8/getcap.8.gz", + "/usr/share/man/man8/getpcaps.8.gz", + "/usr/share/man/man8/pam_cap.8.gz", + "/usr/share/man/man8/setcap.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcom-err2@1.45.5-2ubuntu1.1", + "Name": "libcom-err2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libcom-err2@1.45.5-2ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "36e525f208a3e1fd" + }, + "Version": "1.45.5", + "Release": "2ubuntu1.1", + "Arch": "amd64", + "SrcName": "e2fsprogs", + "SrcVersion": "1.45.5", + "SrcRelease": "2ubuntu1.1", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libcom_err.so.2.1", + "/usr/share/doc/libcom-err2/changelog.Debian.gz", + "/usr/share/doc/libcom-err2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libconfig-inifiles-perl@3.000002-1", + "Name": "libconfig-inifiles-perl", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libconfig-inifiles-perl@3.000002-1?arch=all\u0026distro=ubuntu-20.04", + "UID": "cd3bc5c431f610b3" + }, + "Version": "3.000002", + "Release": "1", + "Arch": "all", + "SrcName": "libconfig-inifiles-perl", + "SrcVersion": "3.000002", + "SrcRelease": "1", + "Licenses": [ + "Artistic-2.0", + "GPL-1.0-or-later", + "MIT", + "GPL-3.0-or-later", + "GPL-1.0-only", + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/share/doc/libconfig-inifiles-perl/changelog.Debian.gz", + "/usr/share/doc/libconfig-inifiles-perl/copyright", + "/usr/share/man/man3/Config::IniFiles.3pm.gz", + "/usr/share/perl5/Config/IniFiles.pm" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcrypt1@1:4.4.10-10ubuntu4", + "Name": "libcrypt1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libcrypt1@4.4.10-10ubuntu4?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "e08bb2dc0672c92e" + }, + "Version": "4.4.10", + "Release": "10ubuntu4", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "libxcrypt", + "SrcVersion": "4.4.10", + "SrcRelease": "10ubuntu4", + "SrcEpoch": 1, + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libcrypt.so.1.1.0", + "/usr/share/doc/libcrypt1/changelog.Debian.gz", + "/usr/share/doc/libcrypt1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libdb5.3@5.3.28+dfsg1-0.6ubuntu2", + "Name": "libdb5.3", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libdb5.3@5.3.28%2Bdfsg1-0.6ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "3b12cbcbfee838db" + }, + "Version": "5.3.28+dfsg1", + "Release": "0.6ubuntu2", + "Arch": "amd64", + "SrcName": "db5.3", + "SrcVersion": "5.3.28+dfsg1", + "SrcRelease": "0.6ubuntu2", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libdb-5.3.so", + "/usr/share/doc/libdb5.3/build_signature_amd64.txt", + "/usr/share/doc/libdb5.3/changelog.Debian.gz", + "/usr/share/doc/libdb5.3/copyright", + "/usr/share/lintian/overrides/libdb5.3" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libdbi-perl@1.643-1ubuntu0.1", + "Name": "libdbi-perl", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libdbi-perl@1.643-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "d12390ca45ce189d" + }, + "Version": "1.643", + "Release": "1ubuntu0.1", + "Arch": "amd64", + "SrcName": "libdbi-perl", + "SrcVersion": "1.643", + "SrcRelease": "1ubuntu0.1", + "Licenses": [ + "Artistic-2.0", + "GPL-1.0-or-later", + "GPL-1.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "perl@5.30.0-9ubuntu0.3" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/bin/dbilogstrip", + "/usr/bin/dbiprof", + "/usr/bin/dbiproxy", + "/usr/bin/dh_perl_dbi", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/Bundle/DBI.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/DBM.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/ExampleP.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/File.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/File/Developers.pod", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/File/HowTo.pod", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/File/Roadmap.pod", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Policy/Base.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Policy/classic.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Policy/pedantic.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Policy/rush.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Transport/Base.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Transport/corostream.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Transport/null.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Transport/pipeone.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Transport/stream.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Mem.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/NullP.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Proxy.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Sponge.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Changes.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Const/GetInfo/ANSI.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Const/GetInfo/ODBC.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Const/GetInfoReturn.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Const/GetInfoType.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/DBD.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/DBD/Metadata.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/DBD/SqlEngine.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/DBD/SqlEngine/Developers.pod", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/DBD/SqlEngine/HowTo.pod", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Execute.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Request.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Response.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Serializer/Base.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Serializer/DataDumper.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Serializer/Storable.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Transport/Base.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Transport/pipeone.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Transport/stream.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Profile.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/ProfileData.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/ProfileDumper.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/ProfileDumper/Apache.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/ProfileSubs.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/ProxyServer.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/PurePerl.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/SQL/Nano.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Util/CacheMemory.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Util/_accessor.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/W32ODBC.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/Win32/DBIODBC.pm", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/DBI.so", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/DBIXS.h", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/Driver.xst", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/Driver_xst.h", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/dbd_xsh.h", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/dbi_sql.h", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/dbipport.h", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/dbivport.h", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/dbixs_rev.h", + "/usr/lib/x86_64-linux-gnu/perl5/5.30/dbixs_rev.pl", + "/usr/share/doc/libdbi-perl/NEWS.Developer.gz", + "/usr/share/doc/libdbi-perl/README.Debian", + "/usr/share/doc/libdbi-perl/changelog.Debian.gz", + "/usr/share/doc/libdbi-perl/copyright", + "/usr/share/doc/libdbi-perl/examples/corogofer.pl", + "/usr/share/doc/libdbi-perl/examples/perl_dbi_nulls_test.pl", + "/usr/share/doc/libdbi-perl/examples/profile.pl", + "/usr/share/doc/libdbi-perl/examples/test.pl", + "/usr/share/libdbi-perl/perl-dbdabi.make", + "/usr/share/lintian/overrides/libdbi-perl", + "/usr/share/man/man1/dbilogstrip.1p.gz", + "/usr/share/man/man1/dbiprof.1p.gz", + "/usr/share/man/man1/dbiproxy.1p.gz", + "/usr/share/man/man1/dh_perl_dbi.1.gz", + "/usr/share/man/man3/Bundle::DBI.3pm.gz", + "/usr/share/man/man3/DBD::DBM.3pm.gz", + "/usr/share/man/man3/DBD::File.3pm.gz", + "/usr/share/man/man3/DBD::File::Developers.3pm.gz", + "/usr/share/man/man3/DBD::File::HowTo.3pm.gz", + "/usr/share/man/man3/DBD::File::Roadmap.3pm.gz", + "/usr/share/man/man3/DBD::Gofer.3pm.gz", + "/usr/share/man/man3/DBD::Gofer::Policy::Base.3pm.gz", + "/usr/share/man/man3/DBD::Gofer::Policy::classic.3pm.gz", + "/usr/share/man/man3/DBD::Gofer::Policy::pedantic.3pm.gz", + "/usr/share/man/man3/DBD::Gofer::Policy::rush.3pm.gz", + "/usr/share/man/man3/DBD::Gofer::Transport::Base.3pm.gz", + "/usr/share/man/man3/DBD::Gofer::Transport::corostream.3pm.gz", + "/usr/share/man/man3/DBD::Gofer::Transport::null.3pm.gz", + "/usr/share/man/man3/DBD::Gofer::Transport::pipeone.3pm.gz", + "/usr/share/man/man3/DBD::Gofer::Transport::stream.3pm.gz", + "/usr/share/man/man3/DBD::Mem.3pm.gz", + "/usr/share/man/man3/DBD::Proxy.3pm.gz", + "/usr/share/man/man3/DBD::Sponge.3pm.gz", + "/usr/share/man/man3/DBI.3pm.gz", + "/usr/share/man/man3/DBI::Const::GetInfo::ANSI.3pm.gz", + "/usr/share/man/man3/DBI::Const::GetInfo::ODBC.3pm.gz", + "/usr/share/man/man3/DBI::Const::GetInfoReturn.3pm.gz", + "/usr/share/man/man3/DBI::Const::GetInfoType.3pm.gz", + "/usr/share/man/man3/DBI::DBD.3pm.gz", + "/usr/share/man/man3/DBI::DBD::Metadata.3pm.gz", + "/usr/share/man/man3/DBI::DBD::SqlEngine.3pm.gz", + "/usr/share/man/man3/DBI::DBD::SqlEngine::Developers.3pm.gz", + "/usr/share/man/man3/DBI::DBD::SqlEngine::HowTo.3pm.gz", + "/usr/share/man/man3/DBI::Gofer::Execute.3pm.gz", + "/usr/share/man/man3/DBI::Gofer::Request.3pm.gz", + "/usr/share/man/man3/DBI::Gofer::Response.3pm.gz", + "/usr/share/man/man3/DBI::Gofer::Serializer::Base.3pm.gz", + "/usr/share/man/man3/DBI::Gofer::Serializer::DataDumper.3pm.gz", + "/usr/share/man/man3/DBI::Gofer::Serializer::Storable.3pm.gz", + "/usr/share/man/man3/DBI::Gofer::Transport::Base.3pm.gz", + "/usr/share/man/man3/DBI::Gofer::Transport::pipeone.3pm.gz", + "/usr/share/man/man3/DBI::Gofer::Transport::stream.3pm.gz", + "/usr/share/man/man3/DBI::Profile.3pm.gz", + "/usr/share/man/man3/DBI::ProfileData.3pm.gz", + "/usr/share/man/man3/DBI::ProfileDumper.3pm.gz", + "/usr/share/man/man3/DBI::ProfileDumper::Apache.3pm.gz", + "/usr/share/man/man3/DBI::ProfileSubs.3pm.gz", + "/usr/share/man/man3/DBI::ProxyServer.3pm.gz", + "/usr/share/man/man3/DBI::PurePerl.3pm.gz", + "/usr/share/man/man3/DBI::SQL::Nano.3pm.gz", + "/usr/share/man/man3/DBI::Util::CacheMemory.3pm.gz", + "/usr/share/man/man3/DBI::W32ODBC.3pm.gz", + "/usr/share/man/man3/Win32::DBIODBC.3pm.gz", + "/usr/share/perl5/Debian/Debhelper/Sequence/perl_dbi.pm" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libdebconfclient0@0.251ubuntu1", + "Name": "libdebconfclient0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libdebconfclient0@0.251ubuntu1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "2e3d9c7fd6546037" + }, + "Version": "0.251ubuntu1", + "Arch": "amd64", + "SrcName": "cdebconf", + "SrcVersion": "0.251ubuntu1", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libdebconfclient.so.0.0.0", + "/usr/share/doc/libdebconfclient0/changelog.gz", + "/usr/share/doc/libdebconfclient0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libelf1@0.176-1.1build1", + "Name": "libelf1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libelf1@0.176-1.1build1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a3374c93655a9823" + }, + "Version": "0.176", + "Release": "1.1build1", + "Arch": "amd64", + "SrcName": "elfutils", + "SrcVersion": "0.176", + "SrcRelease": "1.1build1", + "Licenses": [ + "GPL-2.0-only", + "GPL-3.0-only", + "LGPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libelf-0.176.so", + "/usr/share/doc/libelf1/changelog.Debian.gz", + "/usr/share/doc/libelf1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libext2fs2@1.45.5-2ubuntu1.1", + "Name": "libext2fs2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libext2fs2@1.45.5-2ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "534dde847f051859" + }, + "Version": "1.45.5", + "Release": "2ubuntu1.1", + "Arch": "amd64", + "SrcName": "e2fsprogs", + "SrcVersion": "1.45.5", + "SrcRelease": "2ubuntu1.1", + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libe2p.so.2.3", + "/lib/x86_64-linux-gnu/libext2fs.so.2.4", + "/usr/share/doc/libext2fs2/changelog.Debian.gz", + "/usr/share/doc/libext2fs2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libfdisk1@2.34-0.1ubuntu9.3", + "Name": "libfdisk1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libfdisk1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "d7ae8926642fd1bc" + }, + "Version": "2.34", + "Release": "0.1ubuntu9.3", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.34", + "SrcRelease": "0.1ubuntu9.3", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "public-domain", + "BSD-4-Clause", + "MIT", + "BSD-2-Clause", + "BSD-3-Clause", + "LGPL-2.0-or-later", + "LGPL-2.1-or-later", + "GPL-3.0-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libblkid1@2.34-0.1ubuntu9.3", + "libc6@2.31-0ubuntu9.9", + "libuuid1@2.34-0.1ubuntu9.3" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libfdisk.so.1.1.0", + "/usr/share/doc/libfdisk1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libffi7@3.3-4", + "Name": "libffi7", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libffi7@3.3-4?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "9cb3138802972730" + }, + "Version": "3.3", + "Release": "4", + "Arch": "amd64", + "SrcName": "libffi", + "SrcVersion": "3.3", + "SrcRelease": "4", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libffi.so.7.1.0", + "/usr/share/doc/libffi7/changelog.Debian.gz", + "/usr/share/doc/libffi7/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgcc-s1@10.3.0-1ubuntu1~20.04", + "Name": "libgcc-s1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libgcc-s1@10.3.0-1ubuntu1~20.04?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "307d7f89e43985bb" + }, + "Version": "10.3.0", + "Release": "1ubuntu1~20.04", + "Arch": "amd64", + "SrcName": "gcc-10", + "SrcVersion": "10.3.0", + "SrcRelease": "1ubuntu1~20.04", + "Maintainer": "Ubuntu Core developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "gcc-10-base@10.3.0-1ubuntu1~20.04", + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libgcc_s.so.1", + "/usr/share/lintian/overrides/libgcc-s1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgcrypt20@1.8.5-5ubuntu1.1", + "Name": "libgcrypt20", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libgcrypt20@1.8.5-5ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "736a4f36c99fbc42" + }, + "Version": "1.8.5", + "Release": "5ubuntu1.1", + "Arch": "amd64", + "SrcName": "libgcrypt20", + "SrcVersion": "1.8.5", + "SrcRelease": "5ubuntu1.1", + "Licenses": [ + "LGPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libgpg-error0@1.37-1" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgcrypt.so.20.2.5", + "/usr/share/doc/libgcrypt20/AUTHORS.gz", + "/usr/share/doc/libgcrypt20/NEWS.gz", + "/usr/share/doc/libgcrypt20/README.gz", + "/usr/share/doc/libgcrypt20/THANKS.gz", + "/usr/share/doc/libgcrypt20/changelog.Debian.gz", + "/usr/share/doc/libgcrypt20/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgdbm-compat4@1.18.1-5", + "Name": "libgdbm-compat4", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libgdbm-compat4@1.18.1-5?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "90f68a4641003772" + }, + "Version": "1.18.1", + "Release": "5", + "Arch": "amd64", + "SrcName": "gdbm", + "SrcVersion": "1.18.1", + "SrcRelease": "5", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-2.0-or-later", + "GFDL-1.3-no-invariants-or-later", + "GPL-3.0-only", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libgdbm6@1.18.1-5" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgdbm_compat.so.4.0.0", + "/usr/share/doc/libgdbm-compat4/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgdbm6@1.18.1-5", + "Name": "libgdbm6", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libgdbm6@1.18.1-5?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "7194f66c9d05cbb6" + }, + "Version": "1.18.1", + "Release": "5", + "Arch": "amd64", + "SrcName": "gdbm", + "SrcVersion": "1.18.1", + "SrcRelease": "5", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-2.0-or-later", + "GFDL-1.3-no-invariants-or-later", + "GPL-3.0-only", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgdbm.so.6.0.0", + "/usr/share/doc/libgdbm6/changelog.Debian.gz", + "/usr/share/doc/libgdbm6/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgmp10@2:6.2.0+dfsg-4ubuntu0.1", + "Name": "libgmp10", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libgmp10@6.2.0%2Bdfsg-4ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=2", + "UID": "986ac56e16e89784" + }, + "Version": "6.2.0+dfsg", + "Release": "4ubuntu0.1", + "Epoch": 2, + "Arch": "amd64", + "SrcName": "gmp", + "SrcVersion": "6.2.0+dfsg", + "SrcRelease": "4ubuntu0.1", + "SrcEpoch": 2, + "Licenses": [ + "LGPL-3.0-only", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgmp.so.10.4.0", + "/usr/share/doc/libgmp10/README.Debian", + "/usr/share/doc/libgmp10/changelog.Debian.gz", + "/usr/share/doc/libgmp10/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgnutls30@3.6.13-2ubuntu1.8", + "Name": "libgnutls30", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libgnutls30@3.6.13-2ubuntu1.8?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "601976e667e60bf5" + }, + "Version": "3.6.13", + "Release": "2ubuntu1.8", + "Arch": "amd64", + "SrcName": "gnutls28", + "SrcVersion": "3.6.13", + "SrcRelease": "2ubuntu1.8", + "Licenses": [ + "LGPL-2.1-only", + "LGPL-2.0-or-later", + "LGPL-3.0-only", + "GPL-2.0-or-later", + "GPL-3.0-only", + "GFDL-1.3-only", + "CC0-1.0", + "MIT", + "Apache-2.0", + "LGPL-3.0-or-later", + "LGPL-2.1-or-later", + "GPL-3.0-or-later", + "BSD-3-Clause" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libgmp10@2:6.2.0+dfsg-4ubuntu0.1", + "libhogweed5@3.5.1+really3.5.1-2ubuntu0.2", + "libidn2-0@2.2.0-2", + "libnettle7@3.5.1+really3.5.1-2ubuntu0.2", + "libp11-kit0@0.23.20-1ubuntu0.1", + "libtasn1-6@4.16.0-2", + "libunistring2@0.9.10-2" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgnutls.so.30.27.0", + "/usr/share/doc/libgnutls30/AUTHORS.gz", + "/usr/share/doc/libgnutls30/NEWS.Debian.gz", + "/usr/share/doc/libgnutls30/NEWS.gz", + "/usr/share/doc/libgnutls30/README.md.gz", + "/usr/share/doc/libgnutls30/THANKS.gz", + "/usr/share/doc/libgnutls30/changelog.Debian.gz", + "/usr/share/doc/libgnutls30/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgpg-error0@1.37-1", + "Name": "libgpg-error0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libgpg-error0@1.37-1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "119f68f873331ca8" + }, + "Version": "1.37", + "Release": "1", + "Arch": "amd64", + "SrcName": "libgpg-error", + "SrcVersion": "1.37", + "SrcRelease": "1", + "Licenses": [ + "LGPL-2.1-or-later", + "BSD-3-Clause", + "g10-permissive", + "GPL-3.0-or-later", + "LGPL-2.1-only", + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libgpg-error.so.0.28.0", + "/usr/share/doc/libgpg-error0/README.gz", + "/usr/share/doc/libgpg-error0/changelog.Debian.gz", + "/usr/share/doc/libgpg-error0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libhogweed5@3.5.1+really3.5.1-2ubuntu0.2", + "Name": "libhogweed5", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libhogweed5@3.5.1%2Breally3.5.1-2ubuntu0.2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "5173cc2e9efda0fe" + }, + "Version": "3.5.1+really3.5.1", + "Release": "2ubuntu0.2", + "Arch": "amd64", + "SrcName": "nettle", + "SrcVersion": "3.5.1+really3.5.1", + "SrcRelease": "2ubuntu0.2", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libgmp10@2:6.2.0+dfsg-4ubuntu0.1", + "libnettle7@3.5.1+really3.5.1-2ubuntu0.2" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libhogweed.so.5.0" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libidn2-0@2.2.0-2", + "Name": "libidn2-0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libidn2-0@2.2.0-2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a4d22b46c8b443be" + }, + "Version": "2.2.0", + "Release": "2", + "Arch": "amd64", + "SrcName": "libidn2", + "SrcVersion": "2.2.0", + "SrcRelease": "2", + "Licenses": [ + "GPL-3.0-or-later", + "LGPL-3.0-or-later", + "GPL-2.0-or-later", + "Unicode", + "GPL-3.0-only", + "GPL-2.0-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libunistring2@0.9.10-2" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libidn2.so.0.3.6", + "/usr/share/doc/libidn2-0/AUTHORS", + "/usr/share/doc/libidn2-0/NEWS.gz", + "/usr/share/doc/libidn2-0/README.md.gz", + "/usr/share/doc/libidn2-0/changelog.Debian.gz", + "/usr/share/doc/libidn2-0/copyright", + "/usr/share/lintian/overrides/libidn2-0" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libjemalloc2@5.2.1-1ubuntu1", + "Name": "libjemalloc2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libjemalloc2@5.2.1-1ubuntu1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "dfa342d22c9cd4aa" + }, + "Version": "5.2.1", + "Release": "1ubuntu1", + "Arch": "amd64", + "SrcName": "jemalloc", + "SrcVersion": "5.2.1", + "SrcRelease": "1ubuntu1", + "Licenses": [ + "BSD-2-Clause", + "BSD-2-Clause-Chemeris", + "BSD-3-Clause-Google", + "MIT", + "BSD-3-Clause-Hiroshima-University", + "BSD-3-Clause" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libgcc-s1@10.3.0-1ubuntu1~20.04", + "libstdc++6@10.3.0-1ubuntu1~20.04" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libjemalloc.so.2", + "/usr/share/doc/libjemalloc2/README", + "/usr/share/doc/libjemalloc2/changelog.Debian.gz", + "/usr/share/doc/libjemalloc2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "liblz4-1@1.9.2-2ubuntu0.20.04.1", + "Name": "liblz4-1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/liblz4-1@1.9.2-2ubuntu0.20.04.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "360de62e84e688a2" + }, + "Version": "1.9.2", + "Release": "2ubuntu0.20.04.1", + "Arch": "amd64", + "SrcName": "lz4", + "SrcVersion": "1.9.2", + "SrcRelease": "2ubuntu0.20.04.1", + "Licenses": [ + "BSD-2-Clause", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/liblz4.so.1.9.2", + "/usr/share/doc/liblz4-1/changelog.Debian.gz", + "/usr/share/doc/liblz4-1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "liblzma5@5.2.4-1ubuntu1.1", + "Name": "liblzma5", + "Identifier": { + "PURL": "pkg:deb/ubuntu/liblzma5@5.2.4-1ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "c2ae5f7a21c980c7" + }, + "Version": "5.2.4", + "Release": "1ubuntu1.1", + "Arch": "amd64", + "SrcName": "xz-utils", + "SrcVersion": "5.2.4", + "SrcRelease": "1ubuntu1.1", + "Licenses": [ + "PD", + "probably-PD", + "GPL-2.0-or-later", + "LGPL-2.1-or-later", + "permissive-fsf", + "Autoconf", + "permissive-nowarranty", + "GPL-2.0-only", + "none", + "config-h", + "LGPL-2.0-only", + "LGPL-2.1-only", + "noderivs", + "PD-debian", + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/liblzma.so.5.2.4", + "/usr/share/doc/liblzma5/AUTHORS", + "/usr/share/doc/liblzma5/NEWS.gz", + "/usr/share/doc/liblzma5/THANKS", + "/usr/share/doc/liblzma5/changelog.Debian.gz", + "/usr/share/doc/liblzma5/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libmariadb3@1:10.7.8+maria~ubu2004", + "Name": "libmariadb3", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libmariadb3@10.7.8%2Bmaria~ubu2004?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "3b5ea273e7b67371" + }, + "Version": "10.7.8+maria~ubu2004", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "mariadb-10.7", + "SrcVersion": "10.7.8+maria~ubu2004", + "SrcEpoch": 1, + "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libssl1.1@1.1.1f-1ubuntu2.17", + "mariadb-common@1:10.7.8+maria~ubu2004", + "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libmariadb.so.3", + "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/caching_sha2_password.so", + "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/client_ed25519.so", + "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/dialog.so", + "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/mysql_clear_password.so", + "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/sha256_password.so", + "/usr/share/doc/libmariadb3/changelog.gz", + "/usr/share/doc/libmariadb3/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libmnl0@1.0.4-2", + "Name": "libmnl0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libmnl0@1.0.4-2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "f052539b06152f0c" + }, + "Version": "1.0.4", + "Release": "2", + "Arch": "amd64", + "SrcName": "libmnl", + "SrcVersion": "1.0.4", + "SrcRelease": "2", + "Licenses": [ + "LGPL-2.1-only", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libmnl.so.0.2.0", + "/usr/share/doc/libmnl0/changelog.Debian.gz", + "/usr/share/doc/libmnl0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libmount1@2.34-0.1ubuntu9.3", + "Name": "libmount1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libmount1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "149aad062a67d915" + }, + "Version": "2.34", + "Release": "0.1ubuntu9.3", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.34", + "SrcRelease": "0.1ubuntu9.3", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "public-domain", + "BSD-4-Clause", + "MIT", + "BSD-2-Clause", + "BSD-3-Clause", + "LGPL-2.0-or-later", + "LGPL-2.1-or-later", + "GPL-3.0-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libblkid1@2.34-0.1ubuntu9.3", + "libc6@2.31-0ubuntu9.9", + "libselinux1@3.0-1build2" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libmount.so.1.1.0", + "/usr/share/doc/libmount1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libmpfr6@4.0.2-1", + "Name": "libmpfr6", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libmpfr6@4.0.2-1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "cbee374cc2146325" + }, + "Version": "4.0.2", + "Release": "1", + "Arch": "amd64", + "SrcName": "mpfr4", + "SrcVersion": "4.0.2", + "SrcRelease": "1", + "Licenses": [ + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libgmp10@2:6.2.0+dfsg-4ubuntu0.1" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libmpfr.so.6.0.2", + "/usr/share/doc/libmpfr6/AUTHORS", + "/usr/share/doc/libmpfr6/BUGS", + "/usr/share/doc/libmpfr6/NEWS.gz", + "/usr/share/doc/libmpfr6/README", + "/usr/share/doc/libmpfr6/TODO.gz", + "/usr/share/doc/libmpfr6/changelog.Debian.gz", + "/usr/share/doc/libmpfr6/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libncurses6@6.2-0ubuntu2", + "Name": "libncurses6", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libncurses6@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "daf9ae3f810ae3f0" + }, + "Version": "6.2", + "Release": "0ubuntu2", + "Arch": "amd64", + "SrcName": "ncurses", + "SrcVersion": "6.2", + "SrcRelease": "0ubuntu2", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libtinfo6@6.2-0ubuntu2" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libncurses.so.6.2", + "/usr/lib/x86_64-linux-gnu/libform.so.6.2", + "/usr/lib/x86_64-linux-gnu/libmenu.so.6.2", + "/usr/lib/x86_64-linux-gnu/libpanel.so.6.2" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libncursesw6@6.2-0ubuntu2", + "Name": "libncursesw6", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libncursesw6@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "dca50c9cdd5fdd35" + }, + "Version": "6.2", + "Release": "0ubuntu2", + "Arch": "amd64", + "SrcName": "ncurses", + "SrcVersion": "6.2", + "SrcRelease": "0ubuntu2", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libtinfo6@6.2-0ubuntu2" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libncursesw.so.6.2", + "/usr/lib/x86_64-linux-gnu/libformw.so.6.2", + "/usr/lib/x86_64-linux-gnu/libmenuw.so.6.2", + "/usr/lib/x86_64-linux-gnu/libpanelw.so.6.2" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libnettle7@3.5.1+really3.5.1-2ubuntu0.2", + "Name": "libnettle7", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libnettle7@3.5.1%2Breally3.5.1-2ubuntu0.2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "2056b6e9d75f6357" + }, + "Version": "3.5.1+really3.5.1", + "Release": "2ubuntu0.2", + "Arch": "amd64", + "SrcName": "nettle", + "SrcVersion": "3.5.1+really3.5.1", + "SrcRelease": "2ubuntu0.2", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "other", + "GPL-2.0-or-later", + "GPL-2.0-with-autoconf-exception+", + "public-domain", + "GPL-2.0-only", + "GAP" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libnettle.so.7.0", + "/usr/share/doc/libnettle7/NEWS.gz", + "/usr/share/doc/libnettle7/README", + "/usr/share/doc/libnettle7/changelog.Debian.gz", + "/usr/share/doc/libnettle7/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libp11-kit0@0.23.20-1ubuntu0.1", + "Name": "libp11-kit0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libp11-kit0@0.23.20-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "10976beda344eb50" + }, + "Version": "0.23.20", + "Release": "1ubuntu0.1", + "Arch": "amd64", + "SrcName": "p11-kit", + "SrcVersion": "0.23.20", + "SrcRelease": "1ubuntu0.1", + "Licenses": [ + "BSD-3-Clause", + "permissive-like-automake-output", + "ISC", + "ISC+IBM", + "same-as-rest-of-p11kit" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libffi7@3.3-4" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libp11-kit.so.0.3.0", + "/usr/share/doc/libp11-kit0/changelog.Debian.gz", + "/usr/share/doc/libp11-kit0/copyright", + "/usr/share/doc/libp11-kit0/examples/pkcs11.conf.example" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam-modules@1.3.1-5ubuntu4.6", + "Name": "libpam-modules", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libpam-modules@1.3.1-5ubuntu4.6?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "8238c76ab6208fd" + }, + "Version": "1.3.1", + "Release": "5ubuntu4.6", + "Arch": "amd64", + "SrcName": "pam", + "SrcVersion": "1.3.1", + "SrcRelease": "5ubuntu4.6", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/security/pam_access.so", + "/lib/x86_64-linux-gnu/security/pam_debug.so", + "/lib/x86_64-linux-gnu/security/pam_deny.so", + "/lib/x86_64-linux-gnu/security/pam_echo.so", + "/lib/x86_64-linux-gnu/security/pam_env.so", + "/lib/x86_64-linux-gnu/security/pam_exec.so", + "/lib/x86_64-linux-gnu/security/pam_extrausers.so", + "/lib/x86_64-linux-gnu/security/pam_faildelay.so", + "/lib/x86_64-linux-gnu/security/pam_faillock.so", + "/lib/x86_64-linux-gnu/security/pam_filter.so", + "/lib/x86_64-linux-gnu/security/pam_ftp.so", + "/lib/x86_64-linux-gnu/security/pam_group.so", + "/lib/x86_64-linux-gnu/security/pam_issue.so", + "/lib/x86_64-linux-gnu/security/pam_keyinit.so", + "/lib/x86_64-linux-gnu/security/pam_lastlog.so", + "/lib/x86_64-linux-gnu/security/pam_limits.so", + "/lib/x86_64-linux-gnu/security/pam_listfile.so", + "/lib/x86_64-linux-gnu/security/pam_localuser.so", + "/lib/x86_64-linux-gnu/security/pam_loginuid.so", + "/lib/x86_64-linux-gnu/security/pam_mail.so", + "/lib/x86_64-linux-gnu/security/pam_mkhomedir.so", + "/lib/x86_64-linux-gnu/security/pam_motd.so", + "/lib/x86_64-linux-gnu/security/pam_namespace.so", + "/lib/x86_64-linux-gnu/security/pam_nologin.so", + "/lib/x86_64-linux-gnu/security/pam_permit.so", + "/lib/x86_64-linux-gnu/security/pam_pwhistory.so", + "/lib/x86_64-linux-gnu/security/pam_rhosts.so", + "/lib/x86_64-linux-gnu/security/pam_rootok.so", + "/lib/x86_64-linux-gnu/security/pam_securetty.so", + "/lib/x86_64-linux-gnu/security/pam_selinux.so", + "/lib/x86_64-linux-gnu/security/pam_sepermit.so", + "/lib/x86_64-linux-gnu/security/pam_shells.so", + "/lib/x86_64-linux-gnu/security/pam_stress.so", + "/lib/x86_64-linux-gnu/security/pam_succeed_if.so", + "/lib/x86_64-linux-gnu/security/pam_tally.so", + "/lib/x86_64-linux-gnu/security/pam_tally2.so", + "/lib/x86_64-linux-gnu/security/pam_time.so", + "/lib/x86_64-linux-gnu/security/pam_timestamp.so", + "/lib/x86_64-linux-gnu/security/pam_tty_audit.so", + "/lib/x86_64-linux-gnu/security/pam_umask.so", + "/lib/x86_64-linux-gnu/security/pam_unix.so", + "/lib/x86_64-linux-gnu/security/pam_userdb.so", + "/lib/x86_64-linux-gnu/security/pam_warn.so", + "/lib/x86_64-linux-gnu/security/pam_wheel.so", + "/lib/x86_64-linux-gnu/security/pam_xauth.so", + "/usr/share/doc/libpam-modules/copyright", + "/usr/share/doc/libpam-modules/examples/upperLOWER.c", + "/usr/share/lintian/overrides/libpam-modules", + "/usr/share/man/man5/access.conf.5.gz", + "/usr/share/man/man5/faillock.conf.5.gz", + "/usr/share/man/man5/group.conf.5.gz", + "/usr/share/man/man5/limits.conf.5.gz", + "/usr/share/man/man5/namespace.conf.5.gz", + "/usr/share/man/man5/pam_env.conf.5.gz", + "/usr/share/man/man5/sepermit.conf.5.gz", + "/usr/share/man/man5/time.conf.5.gz", + "/usr/share/man/man5/update-motd.5.gz", + "/usr/share/man/man7/pam_env.7.gz", + "/usr/share/man/man7/pam_selinux.7.gz", + "/usr/share/man/man8/pam_access.8.gz", + "/usr/share/man/man8/pam_debug.8.gz", + "/usr/share/man/man8/pam_deny.8.gz", + "/usr/share/man/man8/pam_echo.8.gz", + "/usr/share/man/man8/pam_exec.8.gz", + "/usr/share/man/man8/pam_extrausers.8.gz", + "/usr/share/man/man8/pam_faildelay.8.gz", + "/usr/share/man/man8/pam_faillock.8.gz", + "/usr/share/man/man8/pam_filter.8.gz", + "/usr/share/man/man8/pam_ftp.8.gz", + "/usr/share/man/man8/pam_group.8.gz", + "/usr/share/man/man8/pam_issue.8.gz", + "/usr/share/man/man8/pam_keyinit.8.gz", + "/usr/share/man/man8/pam_lastlog.8.gz", + "/usr/share/man/man8/pam_limits.8.gz", + "/usr/share/man/man8/pam_listfile.8.gz", + "/usr/share/man/man8/pam_localuser.8.gz", + "/usr/share/man/man8/pam_loginuid.8.gz", + "/usr/share/man/man8/pam_mail.8.gz", + "/usr/share/man/man8/pam_mkhomedir.8.gz", + "/usr/share/man/man8/pam_motd.8.gz", + "/usr/share/man/man8/pam_namespace.8.gz", + "/usr/share/man/man8/pam_nologin.8.gz", + "/usr/share/man/man8/pam_permit.8.gz", + "/usr/share/man/man8/pam_pwhistory.8.gz", + "/usr/share/man/man8/pam_rhosts.8.gz", + "/usr/share/man/man8/pam_rootok.8.gz", + "/usr/share/man/man8/pam_securetty.8.gz", + "/usr/share/man/man8/pam_sepermit.8.gz", + "/usr/share/man/man8/pam_shells.8.gz", + "/usr/share/man/man8/pam_succeed_if.8.gz", + "/usr/share/man/man8/pam_tally.8.gz", + "/usr/share/man/man8/pam_tally2.8.gz", + "/usr/share/man/man8/pam_time.8.gz", + "/usr/share/man/man8/pam_timestamp.8.gz", + "/usr/share/man/man8/pam_tty_audit.8.gz", + "/usr/share/man/man8/pam_umask.8.gz", + "/usr/share/man/man8/pam_unix.8.gz", + "/usr/share/man/man8/pam_userdb.8.gz", + "/usr/share/man/man8/pam_warn.8.gz", + "/usr/share/man/man8/pam_wheel.8.gz", + "/usr/share/man/man8/pam_xauth.8.gz", + "/usr/share/pam-configs/mkhomedir" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam-modules-bin@1.3.1-5ubuntu4.6", + "Name": "libpam-modules-bin", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libpam-modules-bin@1.3.1-5ubuntu4.6?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "92c88fd5e3403ef2" + }, + "Version": "1.3.1", + "Release": "5ubuntu4.6", + "Arch": "amd64", + "SrcName": "pam", + "SrcVersion": "1.3.1", + "SrcRelease": "5ubuntu4.6", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit1@1:2.8.5-2ubuntu6", + "libc6@2.31-0ubuntu9.9", + "libcrypt1@1:4.4.10-10ubuntu4", + "libpam0g@1.3.1-5ubuntu4.6", + "libselinux1@3.0-1build2" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/sbin/mkhomedir_helper", + "/sbin/pam_extrausers_chkpwd", + "/sbin/pam_extrausers_update", + "/sbin/pam_tally", + "/sbin/pam_tally2", + "/sbin/unix_chkpwd", + "/sbin/unix_update", + "/usr/sbin/faillock", + "/usr/sbin/pam_timestamp_check", + "/usr/share/doc/libpam-modules-bin/copyright", + "/usr/share/lintian/overrides/libpam-modules-bin", + "/usr/share/man/man8/faillock.8.gz", + "/usr/share/man/man8/mkhomedir_helper.8.gz", + "/usr/share/man/man8/pam_timestamp_check.8.gz", + "/usr/share/man/man8/unix_chkpwd.8.gz", + "/usr/share/man/man8/unix_update.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam-runtime@1.3.1-5ubuntu4.6", + "Name": "libpam-runtime", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libpam-runtime@1.3.1-5ubuntu4.6?arch=all\u0026distro=ubuntu-20.04", + "UID": "815077e96d38fc4a" + }, + "Version": "1.3.1", + "Release": "5ubuntu4.6", + "Arch": "all", + "SrcName": "pam", + "SrcVersion": "1.3.1", + "SrcRelease": "5ubuntu4.6", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.73", + "libpam-modules@1.3.1-5ubuntu4.6" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/sbin/pam-auth-update", + "/usr/sbin/pam_getenv", + "/usr/share/doc/libpam-runtime/copyright", + "/usr/share/lintian/overrides/libpam-runtime", + "/usr/share/man/man5/pam.conf.5.gz", + "/usr/share/man/man7/PAM.7.gz", + "/usr/share/man/man8/pam-auth-update.8.gz", + "/usr/share/man/man8/pam_getenv.8.gz", + "/usr/share/pam-configs/unix", + "/usr/share/pam/common-account", + "/usr/share/pam/common-account.md5sums", + "/usr/share/pam/common-auth", + "/usr/share/pam/common-auth.md5sums", + "/usr/share/pam/common-password", + "/usr/share/pam/common-password.md5sums", + "/usr/share/pam/common-session", + "/usr/share/pam/common-session-noninteractive", + "/usr/share/pam/common-session-noninteractive.md5sums", + "/usr/share/pam/common-session.md5sums" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam0g@1.3.1-5ubuntu4.6", + "Name": "libpam0g", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libpam0g@1.3.1-5ubuntu4.6?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "65460bc2f0872763" + }, + "Version": "1.3.1", + "Release": "5ubuntu4.6", + "Arch": "amd64", + "SrcName": "pam", + "SrcVersion": "1.3.1", + "SrcRelease": "5ubuntu4.6", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.73", + "libaudit1@1:2.8.5-2ubuntu6", + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libpam.so.0.84.2", + "/lib/x86_64-linux-gnu/libpam_misc.so.0.82.1", + "/lib/x86_64-linux-gnu/libpamc.so.0.82.1", + "/usr/share/doc/libpam0g/Debian-PAM-MiniPolicy.gz", + "/usr/share/doc/libpam0g/NEWS.Debian.gz", + "/usr/share/doc/libpam0g/README", + "/usr/share/doc/libpam0g/README.Debian", + "/usr/share/doc/libpam0g/TODO.Debian", + "/usr/share/doc/libpam0g/changelog.Debian.gz", + "/usr/share/doc/libpam0g/copyright", + "/usr/share/lintian/overrides/libpam0g" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpcre2-8-0@10.34-7ubuntu0.1", + "Name": "libpcre2-8-0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libpcre2-8-0@10.34-7ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a2ff44836db84cd4" + }, + "Version": "10.34", + "Release": "7ubuntu0.1", + "Arch": "amd64", + "SrcName": "pcre2", + "SrcVersion": "10.34", + "SrcRelease": "7ubuntu0.1", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.9.0", + "/usr/share/doc/libpcre2-8-0/README.Debian", + "/usr/share/doc/libpcre2-8-0/changelog.Debian.gz", + "/usr/share/doc/libpcre2-8-0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpcre3@2:8.39-12ubuntu0.1", + "Name": "libpcre3", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libpcre3@8.39-12ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=2", + "UID": "27d387d3c4e2fd01" + }, + "Version": "8.39", + "Release": "12ubuntu0.1", + "Epoch": 2, + "Arch": "amd64", + "SrcName": "pcre3", + "SrcVersion": "8.39", + "SrcRelease": "12ubuntu0.1", + "SrcEpoch": 2, + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libpcre.so.3.13.3", + "/usr/lib/x86_64-linux-gnu/libpcreposix.so.3.13.3", + "/usr/share/doc/libpcre3/AUTHORS", + "/usr/share/doc/libpcre3/NEWS.gz", + "/usr/share/doc/libpcre3/README.Debian", + "/usr/share/doc/libpcre3/README.gz", + "/usr/share/doc/libpcre3/changelog.Debian.gz", + "/usr/share/doc/libpcre3/copyright", + "/usr/share/man/man3/pcrepattern.3.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libperl5.30@5.30.0-9ubuntu0.3", + "Name": "libperl5.30", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libperl5.30@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a3acb4d09929d454" + }, + "Version": "5.30.0", + "Release": "9ubuntu0.3", + "Arch": "amd64", + "SrcName": "perl", + "SrcVersion": "5.30.0", + "SrcRelease": "9ubuntu0.3", + "Licenses": [ + "GPL-1.0-or-later", + "Artistic-2.0", + "MIT", + "REGCOMP", + "GPL-2.0-with-bison-exception+", + "Unicode", + "BZIP", + "Zlib", + "GPL-2.0-or-later", + "RRA-KEEP-THIS-NOTICE", + "BSD-3-clause-with-weird-numbering", + "CC0-1.0", + "TEXT-TABS", + "BSD-4-clause-POWERDOG", + "BSD-3-clause-GENERIC", + "BSD-3-Clause", + "SDBM-PUBLIC-DOMAIN", + "DONT-CHANGE-THE-GPL", + "Artistic-dist", + "LGPL-2.1-only", + "GPL-1.0-only", + "GPL-2.0-only", + "Artistic-2", + "HSIEH-DERIVATIVE", + "HSIEH-BSD" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libbz2-1.0@1.0.8-2", + "libc6@2.31-0ubuntu9.9", + "libcrypt1@1:4.4.10-10ubuntu4", + "libdb5.3@5.3.28+dfsg1-0.6ubuntu2", + "libgdbm-compat4@1.18.1-5", + "libgdbm6@1.18.1-5", + "perl-modules-5.30@5.30.0-9ubuntu0.3", + "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/bin/cpan5.30-x86_64-linux-gnu", + "/usr/bin/perl5.30-x86_64-linux-gnu", + "/usr/lib/x86_64-linux-gnu/libperl.so.5.30.0", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/B.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/B/Concise.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/B/Showlex.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/B/Terse.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/B/Xref.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/EXTERN.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/INTERN.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/XSUB.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/av.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/bitcount.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/charclass_invlists.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/config.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/cop.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/cv.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/dosish.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/dquote_inline.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/ebcdic_tables.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/embed.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/embedvar.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/fakesdio.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/feature.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/form.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/git_version.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/gv.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/handy.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/hv.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/hv_func.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/hv_macro.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/inline.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/intrpvar.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/invlist_inline.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/iperlsys.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/keywords.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/l1_char_class_tab.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/malloc_ctl.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/metaconfig.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/mg.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/mg_data.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/mg_raw.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/mg_vtable.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/mydtrace.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/nostdio.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/op.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/op_reg_common.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/opcode.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/opnames.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/overload.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/pad.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/parser.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/patchlevel-debian.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/patchlevel.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perl.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perl_inc_macro.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perl_langinfo.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perlapi.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perlio.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perliol.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perlsdio.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perlvars.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perly.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/pp.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/pp_proto.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/proto.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/reentr.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/regcharclass.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/regcomp.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/regexp.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/regnodes.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/sbox32_hash.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/scope.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/stadtx_hash.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/sv.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/thread.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/time64.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/time64_config.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/uconfig.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/uni_keywords.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/unicode_constants.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/unixish.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/utf8.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/utfebcdic.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/util.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/uudmap.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/vutil.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/warnings.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/zaphod32_hash.h", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Compress/Raw/Bzip2.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Compress/Raw/Zlib.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Config.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Config.pod", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Config_git.pl", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Config_heavy.pl", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Cwd.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/DB_File.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Data/Dumper.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Devel/PPPort.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Devel/Peek.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Digest/MD5.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Digest/SHA.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/DynaLoader.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Alias.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Byte.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/CJKConstants.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/CN.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/CN/HZ.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Config.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/EBCDIC.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Encoder.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Encoding.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/GSM0338.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Guess.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/JP.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/JP/H2Z.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/JP/JIS7.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/KR.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/KR/2022_KR.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/MIME/Header.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/MIME/Header/ISO_2022_JP.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/MIME/Name.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Symbol.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/TW.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Unicode.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Unicode/UTF7.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Errno.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Fcntl.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/DosGlob.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Glob.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/AmigaOS.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/Cygwin.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/Epoc.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/Functions.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/Mac.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/OS2.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/Unix.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/VMS.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/Win32.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Filter/Util/Call.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/GDBM_File.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Hash/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Hash/Util/FieldHash.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/I18N/Langinfo.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Dir.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/File.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Handle.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Pipe.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Poll.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Seekable.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Select.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Socket.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Socket/INET.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Socket/UNIX.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IPC/Msg.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IPC/Semaphore.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IPC/SharedMem.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IPC/SysV.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/List/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/List/Util/XS.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/MIME/Base64.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/MIME/QuotedPrint.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Math/BigInt/FastCalc.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/NDBM_File.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/O.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/ODBM_File.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Opcode.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/POSIX.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/POSIX.pod", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/PerlIO/encoding.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/PerlIO/mmap.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/PerlIO/scalar.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/PerlIO/via.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/SDBM_File.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Scalar/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Socket.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Storable.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Sub/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Sys/Hostname.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Sys/Syslog.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Tie/Hash/NamedCapture.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Time/HiRes.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Time/Piece.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Time/Seconds.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Unicode/Collate.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Unicode/Collate/Locale.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Unicode/Normalize.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/_h2ph_pre.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/bitsperlong.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/ioctl.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/ioctls.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/posix_types.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/socket.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/sockios.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/termbits.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/termios.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/bitsperlong.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/ioctl.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/ioctls.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/posix_types.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/posix_types_32.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/posix_types_64.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/posix_types_x32.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/socket.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/sockios.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/termbits.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/termios.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/unistd.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/unistd_32.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/unistd_64.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/unistd_x32.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/attributes.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/B/B.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Compress/Raw/Bzip2/Bzip2.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Compress/Raw/Zlib/Zlib.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Cwd/Cwd.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/DB_File/DB_File.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Data/Dumper/Dumper.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Devel/Peek/Peek.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Digest/MD5/MD5.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Digest/SHA/SHA.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/Byte/Byte.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/CN/CN.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/EBCDIC/EBCDIC.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/Encode.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/JP/JP.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/KR/KR.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/Symbol/Symbol.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/TW/TW.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/Unicode/Unicode.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Fcntl/Fcntl.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/File/DosGlob/DosGlob.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/File/Glob/Glob.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Filter/Util/Call/Call.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/GDBM_File/GDBM_File.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Hash/Util/FieldHash/FieldHash.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Hash/Util/Util.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/I18N/Langinfo/Langinfo.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/IO/IO.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/IPC/SysV/SysV.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/List/Util/Util.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/MIME/Base64/Base64.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Math/BigInt/FastCalc/FastCalc.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/NDBM_File/NDBM_File.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/ODBM_File/ODBM_File.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Opcode/Opcode.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/POSIX/POSIX.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/PerlIO/encoding/encoding.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/PerlIO/mmap/mmap.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/PerlIO/scalar/scalar.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/PerlIO/via/via.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/SDBM_File/SDBM_File.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Socket/Socket.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Storable/Storable.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Sys/Hostname/Hostname.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Sys/Syslog/Syslog.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Tie/Hash/NamedCapture/NamedCapture.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Time/HiRes/HiRes.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Time/Piece/Piece.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Unicode/Collate/Collate.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Unicode/Normalize/Normalize.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/attributes/attributes.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/mro/mro.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/re/re.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/threads/shared/shared.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/threads/threads.so", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/byteswap.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/endian.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/endianness.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/ioctl-types.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/ioctls.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/long-double.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/pthreadtypes-arch.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/pthreadtypes.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/select.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/select2.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/sigaction.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/sigcontext.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/sigevent-consts.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/siginfo-arch.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/siginfo-consts-arch.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/siginfo-consts.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/signal_ext.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/signum-generic.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/signum.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/sigstack.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/sigthread.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/sockaddr.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/socket-constants.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/socket.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/socket2.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/socket_type.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/ss_flags.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/stdint-intn.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/struct_mutex.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/struct_rwlock.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/syscall.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/syslog-ldbl.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/syslog-path.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/syslog.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/thread-shared-types.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/time64.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/timesize.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/__sigset_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/__sigval_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/clock_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/clockid_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/sig_atomic_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/sigevent_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/siginfo_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/sigset_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/sigval_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/stack_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/struct_iovec.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/struct_osockaddr.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/struct_rusage.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/struct_sigstack.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/struct_timespec.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/struct_timeval.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/time_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/timer_t.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/typesizes.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/uintn-identity.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/waitflags.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/waitstatus.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/wordsize.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/encoding.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/endian.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/errno.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/features.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/gnu/stubs-64.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/gnu/stubs.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/lib.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/linux/ioctl.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/linux/posix_types.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/linux/stddef.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/mro.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/ops.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/re.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/signal.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/stdarg.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/stdc-predef.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/stddef.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/cdefs.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/ioctl.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/select.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/socket.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/syscall.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/syslog.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/time.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/ttydefaults.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/types.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/ucontext.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/wait.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/syscall.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sysexits.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/syslimits.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/syslog.ph", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/threads.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/threads/shared.pm", + "/usr/lib/x86_64-linux-gnu/perl/5.30.0/wait.ph", + "/usr/lib/x86_64-linux-gnu/perl/debian-config-data-5.30.0/README", + "/usr/lib/x86_64-linux-gnu/perl/debian-config-data-5.30.0/config.sh.debug.gz", + "/usr/lib/x86_64-linux-gnu/perl/debian-config-data-5.30.0/config.sh.shared.gz", + "/usr/lib/x86_64-linux-gnu/perl/debian-config-data-5.30.0/config.sh.static.gz", + "/usr/share/doc/libperl5.30/changelog.Debian.gz", + "/usr/share/doc/libperl5.30/copyright", + "/usr/share/man/man1/cpan5.30-x86_64-linux-gnu.1.gz", + "/usr/share/man/man1/perl5.30-x86_64-linux-gnu.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpmem1@1.8-1ubuntu1", + "Name": "libpmem1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libpmem1@1.8-1ubuntu1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "b5e316fd5e28e714" + }, + "Version": "1.8", + "Release": "1ubuntu1", + "Arch": "amd64", + "SrcName": "pmdk", + "SrcVersion": "1.8", + "SrcRelease": "1ubuntu1", + "Licenses": [ + "BSD-3-Clause", + "CDDL-1.0" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libpmem.so.1.0.0", + "/usr/share/doc/libpmem1/NEWS.Debian.gz", + "/usr/share/doc/libpmem1/changelog.Debian.gz", + "/usr/share/doc/libpmem1/copyright", + "/usr/share/man/man5/poolset.5.gz", + "/usr/share/pmdk/pmdk.magic" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpopt0@1.16-14", + "Name": "libpopt0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libpopt0@1.16-14?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "6a08802bc0d6d486" + }, + "Version": "1.16", + "Release": "14", + "Arch": "amd64", + "SrcName": "popt", + "SrcVersion": "1.16", + "SrcRelease": "14", + "Licenses": [ + "X-Consortium", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libpopt.so.0.0.0", + "/usr/share/doc/libpopt0/README", + "/usr/share/doc/libpopt0/changelog.Debian.gz", + "/usr/share/doc/libpopt0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libprocps8@2:3.3.16-1ubuntu2.3", + "Name": "libprocps8", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libprocps8@3.3.16-1ubuntu2.3?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=2", + "UID": "75a220dc5c5b9715" + }, + "Version": "3.3.16", + "Release": "1ubuntu2.3", + "Epoch": 2, + "Arch": "amd64", + "SrcName": "procps", + "SrcVersion": "3.3.16", + "SrcRelease": "1ubuntu2.3", + "SrcEpoch": 2, + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.0-or-later", + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libsystemd0@245.4-4ubuntu3.21" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libprocps.so.8.0.2", + "/usr/share/doc/libprocps8/NEWS.Debian.gz", + "/usr/share/doc/libprocps8/changelog.Debian.gz", + "/usr/share/doc/libprocps8/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libreadline5@5.2+dfsg-3build3", + "Name": "libreadline5", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libreadline5@5.2%2Bdfsg-3build3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "234af31bdc63d43c" + }, + "Version": "5.2+dfsg", + "Release": "3build3", + "Arch": "amd64", + "SrcName": "readline5", + "SrcVersion": "5.2+dfsg", + "SrcRelease": "3build3", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libtinfo6@6.2-0ubuntu2", + "readline-common@8.0-4" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libhistory.so.5.2", + "/lib/x86_64-linux-gnu/libreadline.so.5.2", + "/usr/share/doc/libreadline5/README.Debian", + "/usr/share/doc/libreadline5/USAGE", + "/usr/share/doc/libreadline5/changelog.Debian.gz", + "/usr/share/doc/libreadline5/copyright", + "/usr/share/doc/libreadline5/examples/Inputrc", + "/usr/share/doc/libreadline5/inputrc.arrows" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libreadline8@8.0-4", + "Name": "libreadline8", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libreadline8@8.0-4?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "f9e655d4edc2d8e2" + }, + "Version": "8.0", + "Release": "4", + "Arch": "amd64", + "SrcName": "readline", + "SrcVersion": "8.0", + "SrcRelease": "4", + "Licenses": [ + "GPL-3.0-only", + "GFDL-1.3-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libtinfo6@6.2-0ubuntu2", + "readline-common@8.0-4" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libhistory.so.8.0", + "/lib/x86_64-linux-gnu/libreadline.so.8.0", + "/usr/share/doc/libreadline8/README.Debian", + "/usr/share/doc/libreadline8/USAGE", + "/usr/share/doc/libreadline8/changelog.Debian.gz", + "/usr/share/doc/libreadline8/copyright", + "/usr/share/doc/libreadline8/examples/Inputrc", + "/usr/share/doc/libreadline8/inputrc.arrows" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libseccomp2@2.5.1-1ubuntu1~20.04.2", + "Name": "libseccomp2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libseccomp2@2.5.1-1ubuntu1~20.04.2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "db3912914568b1ad" + }, + "Version": "2.5.1", + "Release": "1ubuntu1~20.04.2", + "Arch": "amd64", + "SrcName": "libseccomp", + "SrcVersion": "2.5.1", + "SrcRelease": "1ubuntu1~20.04.2", + "Licenses": [ + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libseccomp.so.2.5.1", + "/usr/share/doc/libseccomp2/changelog.Debian.gz", + "/usr/share/doc/libseccomp2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libselinux1@3.0-1build2", + "Name": "libselinux1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libselinux1@3.0-1build2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a9c070ddf7ca5ca6" + }, + "Version": "3.0", + "Release": "1build2", + "Arch": "amd64", + "SrcName": "libselinux", + "SrcVersion": "3.0", + "SrcRelease": "1build2", + "Licenses": [ + "LGPL-2.1-only", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libpcre2-8-0@10.34-7ubuntu0.1" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libselinux.so.1", + "/usr/share/doc/libselinux1/changelog.Debian.gz", + "/usr/share/doc/libselinux1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsemanage-common@3.0-1build2", + "Name": "libsemanage-common", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libsemanage-common@3.0-1build2?arch=all\u0026distro=ubuntu-20.04", + "UID": "f8b9732e3155b5b4" + }, + "Version": "3.0", + "Release": "1build2", + "Arch": "all", + "SrcName": "libsemanage", + "SrcVersion": "3.0", + "SrcRelease": "1build2", + "Licenses": [ + "LGPL-2.0-or-later", + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/share/doc/libsemanage-common/changelog.Debian.gz", + "/usr/share/doc/libsemanage-common/copyright", + "/usr/share/man/man5/semanage.conf.5.gz", + "/usr/share/man/ru/man5/semanage.conf.5.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsemanage1@3.0-1build2", + "Name": "libsemanage1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libsemanage1@3.0-1build2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "eeefe3ed36f03f79" + }, + "Version": "3.0", + "Release": "1build2", + "Arch": "amd64", + "SrcName": "libsemanage", + "SrcVersion": "3.0", + "SrcRelease": "1build2", + "Licenses": [ + "LGPL-2.0-or-later", + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit1@1:2.8.5-2ubuntu6", + "libbz2-1.0@1.0.8-2", + "libc6@2.31-0ubuntu9.9", + "libselinux1@3.0-1build2", + "libsemanage-common@3.0-1build2", + "libsepol1@3.0-1ubuntu0.1" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsemanage.so.1", + "/usr/share/doc/libsemanage1/changelog.Debian.gz", + "/usr/share/doc/libsemanage1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsepol1@3.0-1ubuntu0.1", + "Name": "libsepol1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libsepol1@3.0-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "2c4a00b1d72fefc9" + }, + "Version": "3.0", + "Release": "1ubuntu0.1", + "Arch": "amd64", + "SrcName": "libsepol", + "SrcVersion": "3.0", + "SrcRelease": "1ubuntu0.1", + "Licenses": [ + "LGPL-2.0-or-later", + "GPL-2.0-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libsepol.so.1", + "/usr/share/doc/libsepol1/changelog.Debian.gz", + "/usr/share/doc/libsepol1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsigsegv2@2.12-2", + "Name": "libsigsegv2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libsigsegv2@2.12-2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "7e770d77096955f1" + }, + "Version": "2.12", + "Release": "2", + "Arch": "amd64", + "SrcName": "libsigsegv", + "SrcVersion": "2.12", + "SrcRelease": "2", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-with-autoconf-exception+", + "GPL-2.0-only", + "permissive-fsf", + "permissive-other" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsigsegv.so.2.0.5", + "/usr/share/doc/libsigsegv2/NEWS.gz", + "/usr/share/doc/libsigsegv2/README.gz", + "/usr/share/doc/libsigsegv2/changelog.Debian.gz", + "/usr/share/doc/libsigsegv2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsmartcols1@2.34-0.1ubuntu9.3", + "Name": "libsmartcols1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libsmartcols1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e0fe2b0ba0e3d931" + }, + "Version": "2.34", + "Release": "0.1ubuntu9.3", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.34", + "SrcRelease": "0.1ubuntu9.3", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "public-domain", + "BSD-4-Clause", + "MIT", + "BSD-2-Clause", + "BSD-3-Clause", + "LGPL-2.0-or-later", + "LGPL-2.1-or-later", + "GPL-3.0-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libsmartcols.so.1.1.0", + "/usr/share/doc/libsmartcols1/changelog.Debian.gz", + "/usr/share/doc/libsmartcols1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsqlite3-0@3.31.1-4ubuntu0.5", + "Name": "libsqlite3-0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libsqlite3-0@3.31.1-4ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a3370ed119e5344f" + }, + "Version": "3.31.1", + "Release": "4ubuntu0.5", + "Arch": "amd64", + "SrcName": "sqlite3", + "SrcVersion": "3.31.1", + "SrcRelease": "4ubuntu0.5", + "Licenses": [ + "public-domain", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsqlite3.so.0.8.6", + "/usr/share/doc/libsqlite3-0/README.Debian", + "/usr/share/doc/libsqlite3-0/changelog.Debian.gz", + "/usr/share/doc/libsqlite3-0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libss2@1.45.5-2ubuntu1.1", + "Name": "libss2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libss2@1.45.5-2ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "3e46290b129f0387" + }, + "Version": "1.45.5", + "Release": "2ubuntu1.1", + "Arch": "amd64", + "SrcName": "e2fsprogs", + "SrcVersion": "1.45.5", + "SrcRelease": "2ubuntu1.1", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libcom-err2@1.45.5-2ubuntu1.1" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libss.so.2.0", + "/usr/share/doc/libss2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libssl1.1@1.1.1f-1ubuntu2.17", + "Name": "libssl1.1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libssl1.1@1.1.1f-1ubuntu2.17?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "b87ebee76c1b0f05" + }, + "Version": "1.1.1f", + "Release": "1ubuntu2.17", + "Arch": "amd64", + "SrcName": "openssl", + "SrcVersion": "1.1.1f", + "SrcRelease": "1ubuntu2.17", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.73", + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/engines-1.1/afalg.so", + "/usr/lib/x86_64-linux-gnu/engines-1.1/capi.so", + "/usr/lib/x86_64-linux-gnu/engines-1.1/padlock.so", + "/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1", + "/usr/lib/x86_64-linux-gnu/libssl.so.1.1", + "/usr/share/doc/libssl1.1/NEWS.Debian.gz", + "/usr/share/doc/libssl1.1/changelog.Debian.gz", + "/usr/share/doc/libssl1.1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libstdc++6@10.3.0-1ubuntu1~20.04", + "Name": "libstdc++6", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libstdc%2B%2B6@10.3.0-1ubuntu1~20.04?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "fcbb911f1af25c92" + }, + "Version": "10.3.0", + "Release": "1ubuntu1~20.04", + "Arch": "amd64", + "SrcName": "gcc-10", + "SrcVersion": "10.3.0", + "SrcRelease": "1ubuntu1~20.04", + "Maintainer": "Ubuntu Core developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "gcc-10-base@10.3.0-1ubuntu1~20.04", + "libc6@2.31-0ubuntu9.9", + "libgcc-s1@10.3.0-1ubuntu1~20.04" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.28", + "/usr/share/gcc/python/libstdcxx/__init__.py", + "/usr/share/gcc/python/libstdcxx/v6/__init__.py", + "/usr/share/gcc/python/libstdcxx/v6/printers.py", + "/usr/share/gcc/python/libstdcxx/v6/xmethods.py", + "/usr/share/gdb/auto-load/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.28-gdb.py" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsystemd0@245.4-4ubuntu3.21", + "Name": "libsystemd0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libsystemd0@245.4-4ubuntu3.21?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "2ca4bda860660f7" + }, + "Version": "245.4", + "Release": "4ubuntu3.21", + "Arch": "amd64", + "SrcName": "systemd", + "SrcVersion": "245.4", + "SrcRelease": "4ubuntu3.21", + "Licenses": [ + "LGPL-2.1-or-later", + "CC0-1.0", + "GPL-2.0-only", + "GPL-2 with Linux-syscall-note exception", + "MIT", + "public-domain", + "GPL-2.0-or-later", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libsystemd.so.0.28.0", + "/usr/share/doc/libsystemd0/changelog.Debian.gz", + "/usr/share/doc/libsystemd0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libtasn1-6@4.16.0-2", + "Name": "libtasn1-6", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libtasn1-6@4.16.0-2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "1f3fac8fa7795921" + }, + "Version": "4.16.0", + "Release": "2", + "Arch": "amd64", + "SrcName": "libtasn1-6", + "SrcVersion": "4.16.0", + "SrcRelease": "2", + "Licenses": [ + "LGPL-2.0-or-later", + "LGPL-2.1-only", + "GPL-3.0-only", + "GFDL-1.3-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libtasn1.so.6.6.0", + "/usr/share/doc/libtasn1-6/AUTHORS", + "/usr/share/doc/libtasn1-6/README.md", + "/usr/share/doc/libtasn1-6/THANKS", + "/usr/share/doc/libtasn1-6/changelog.Debian.gz", + "/usr/share/doc/libtasn1-6/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libtinfo6@6.2-0ubuntu2", + "Name": "libtinfo6", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libtinfo6@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a7882c12b2088277" + }, + "Version": "6.2", + "Release": "0ubuntu2", + "Arch": "amd64", + "SrcName": "ncurses", + "SrcVersion": "6.2", + "SrcRelease": "0ubuntu2", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libtinfo.so.6.2", + "/usr/lib/x86_64-linux-gnu/libtic.so.6.2", + "/usr/share/doc/libtinfo6/FAQ", + "/usr/share/doc/libtinfo6/TODO.Debian", + "/usr/share/doc/libtinfo6/changelog.Debian.gz", + "/usr/share/doc/libtinfo6/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libudev1@245.4-4ubuntu3.21", + "Name": "libudev1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libudev1@245.4-4ubuntu3.21?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "f95ec49e3ef20df4" + }, + "Version": "245.4", + "Release": "4ubuntu3.21", + "Arch": "amd64", + "SrcName": "systemd", + "SrcVersion": "245.4", + "SrcRelease": "4ubuntu3.21", + "Licenses": [ + "LGPL-2.1-or-later", + "CC0-1.0", + "GPL-2.0-only", + "GPL-2 with Linux-syscall-note exception", + "MIT", + "public-domain", + "GPL-2.0-or-later", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libudev.so.1.6.17", + "/usr/share/doc/libudev1/changelog.Debian.gz", + "/usr/share/doc/libudev1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libunistring2@0.9.10-2", + "Name": "libunistring2", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libunistring2@0.9.10-2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "d67bce3ae373329f" + }, + "Version": "0.9.10", + "Release": "2", + "Arch": "amd64", + "SrcName": "libunistring", + "SrcVersion": "0.9.10", + "SrcRelease": "2", + "Licenses": [ + "LGPL-3.0-or-later", + "GPL-2.0-or-later", + "FreeSoftware", + "GPL-2+ with distribution exception", + "GPL-3.0-or-later", + "GFDL-1.2-or-later", + "MIT", + "LGPL-3.0-only", + "GPL-3.0-only", + "GPL-2.0-only", + "GFDL-1.2-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libunistring.so.2.1.0", + "/usr/share/doc/libunistring2/changelog.Debian.gz", + "/usr/share/doc/libunistring2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libuuid1@2.34-0.1ubuntu9.3", + "Name": "libuuid1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libuuid1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "51a8ab06722bbc14" + }, + "Version": "2.34", + "Release": "0.1ubuntu9.3", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.34", + "SrcRelease": "0.1ubuntu9.3", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "public-domain", + "BSD-4-Clause", + "MIT", + "BSD-2-Clause", + "BSD-3-Clause", + "LGPL-2.0-or-later", + "LGPL-2.1-or-later", + "GPL-3.0-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libuuid.so.1.3.0", + "/usr/share/doc/libuuid1/changelog.Debian.gz", + "/usr/share/doc/libuuid1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libwrap0@7.6.q-30", + "Name": "libwrap0", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libwrap0@7.6.q-30?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "5018efec0f7a250d" + }, + "Version": "7.6.q", + "Release": "30", + "Arch": "amd64", + "SrcName": "tcp-wrappers", + "SrcVersion": "7.6.q", + "SrcRelease": "30", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libwrap.so.0.7.6", + "/usr/share/doc/libwrap0/README.Debian", + "/usr/share/doc/libwrap0/README.gz", + "/usr/share/doc/libwrap0/changelog.Debian.gz", + "/usr/share/doc/libwrap0/copyright", + "/usr/share/man/man5/hosts_access.5.gz", + "/usr/share/man/man5/hosts_options.5.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libxtables12@1.8.4-3ubuntu2", + "Name": "libxtables12", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libxtables12@1.8.4-3ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e8e30686839cc4b5" + }, + "Version": "1.8.4", + "Release": "3ubuntu2", + "Arch": "amd64", + "SrcName": "iptables", + "SrcVersion": "1.8.4", + "SrcRelease": "3ubuntu2", + "Licenses": [ + "GPL-2.0-only", + "Artistic-2.0", + "GPL-2.0-or-later", + "custom" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libxtables.so.12.2.0", + "/usr/share/doc/libxtables12/NEWS.Debian.gz", + "/usr/share/doc/libxtables12/changelog.Debian.gz", + "/usr/share/doc/libxtables12/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libzstd1@1.4.4+dfsg-3ubuntu0.1", + "Name": "libzstd1", + "Identifier": { + "PURL": "pkg:deb/ubuntu/libzstd1@1.4.4%2Bdfsg-3ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "f4f84047570c3dd6" + }, + "Version": "1.4.4+dfsg", + "Release": "3ubuntu0.1", + "Arch": "amd64", + "SrcName": "libzstd", + "SrcVersion": "1.4.4+dfsg", + "SrcRelease": "3ubuntu0.1", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only", + "Zlib", + "GPL-2.0-or-later", + "MIT" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libzstd.so.1.4.4", + "/usr/share/doc/libzstd1/changelog.Debian.gz", + "/usr/share/doc/libzstd1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "login@1:4.8.1-1ubuntu5.20.04.4", + "Name": "login", + "Identifier": { + "PURL": "pkg:deb/ubuntu/login@4.8.1-1ubuntu5.20.04.4?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "a79aae34849faa64" + }, + "Version": "4.8.1", + "Release": "1ubuntu5.20.04.4", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "shadow", + "SrcVersion": "4.8.1", + "SrcRelease": "1ubuntu5.20.04.4", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/bin/login", + "/usr/bin/faillog", + "/usr/bin/lastlog", + "/usr/bin/newgrp", + "/usr/sbin/nologin", + "/usr/share/apport/package-hooks/source_shadow.py", + "/usr/share/doc/login/NEWS.Debian.gz", + "/usr/share/doc/login/changelog.Debian.gz", + "/usr/share/doc/login/copyright", + "/usr/share/lintian/overrides/login", + "/usr/share/man/cs/man5/faillog.5.gz", + "/usr/share/man/cs/man8/faillog.8.gz", + "/usr/share/man/cs/man8/lastlog.8.gz", + "/usr/share/man/cs/man8/nologin.8.gz", + "/usr/share/man/da/man1/newgrp.1.gz", + "/usr/share/man/da/man1/sg.1.gz", + "/usr/share/man/da/man8/nologin.8.gz", + "/usr/share/man/de/man1/login.1.gz", + "/usr/share/man/de/man1/newgrp.1.gz", + "/usr/share/man/de/man1/sg.1.gz", + "/usr/share/man/de/man5/faillog.5.gz", + "/usr/share/man/de/man5/login.defs.5.gz", + "/usr/share/man/de/man8/faillog.8.gz", + "/usr/share/man/de/man8/lastlog.8.gz", + "/usr/share/man/de/man8/nologin.8.gz", + "/usr/share/man/fr/man1/login.1.gz", + "/usr/share/man/fr/man1/newgrp.1.gz", + "/usr/share/man/fr/man1/sg.1.gz", + "/usr/share/man/fr/man5/faillog.5.gz", + "/usr/share/man/fr/man5/login.defs.5.gz", + "/usr/share/man/fr/man8/faillog.8.gz", + "/usr/share/man/fr/man8/lastlog.8.gz", + "/usr/share/man/fr/man8/nologin.8.gz", + "/usr/share/man/hu/man1/login.1.gz", + "/usr/share/man/hu/man1/newgrp.1.gz", + "/usr/share/man/hu/man8/lastlog.8.gz", + "/usr/share/man/id/man1/login.1.gz", + "/usr/share/man/it/man1/login.1.gz", + "/usr/share/man/it/man1/newgrp.1.gz", + "/usr/share/man/it/man1/sg.1.gz", + "/usr/share/man/it/man5/faillog.5.gz", + "/usr/share/man/it/man5/login.defs.5.gz", + "/usr/share/man/it/man8/faillog.8.gz", + "/usr/share/man/it/man8/lastlog.8.gz", + "/usr/share/man/it/man8/nologin.8.gz", + "/usr/share/man/ja/man1/login.1.gz", + "/usr/share/man/ja/man1/newgrp.1.gz", + "/usr/share/man/ja/man5/faillog.5.gz", + "/usr/share/man/ja/man5/login.defs.5.gz", + "/usr/share/man/ja/man8/faillog.8.gz", + "/usr/share/man/ja/man8/lastlog.8.gz", + "/usr/share/man/ko/man1/login.1.gz", + "/usr/share/man/man1/login.1.gz", + "/usr/share/man/man1/newgrp.1.gz", + "/usr/share/man/man1/sg.1.gz", + "/usr/share/man/man5/faillog.5.gz", + "/usr/share/man/man5/login.defs.5.gz", + "/usr/share/man/man8/faillog.8.gz", + "/usr/share/man/man8/lastlog.8.gz", + "/usr/share/man/man8/nologin.8.gz", + "/usr/share/man/pl/man1/newgrp.1.gz", + "/usr/share/man/pl/man1/sg.1.gz", + "/usr/share/man/pl/man5/faillog.5.gz", + "/usr/share/man/pl/man8/faillog.8.gz", + "/usr/share/man/pl/man8/lastlog.8.gz", + "/usr/share/man/ru/man1/login.1.gz", + "/usr/share/man/ru/man1/newgrp.1.gz", + "/usr/share/man/ru/man1/sg.1.gz", + "/usr/share/man/ru/man5/faillog.5.gz", + "/usr/share/man/ru/man5/login.defs.5.gz", + "/usr/share/man/ru/man8/faillog.8.gz", + "/usr/share/man/ru/man8/lastlog.8.gz", + "/usr/share/man/ru/man8/nologin.8.gz", + "/usr/share/man/sv/man1/newgrp.1.gz", + "/usr/share/man/sv/man1/sg.1.gz", + "/usr/share/man/sv/man5/faillog.5.gz", + "/usr/share/man/sv/man8/faillog.8.gz", + "/usr/share/man/sv/man8/lastlog.8.gz", + "/usr/share/man/sv/man8/nologin.8.gz", + "/usr/share/man/tr/man1/login.1.gz", + "/usr/share/man/zh_CN/man1/login.1.gz", + "/usr/share/man/zh_CN/man1/newgrp.1.gz", + "/usr/share/man/zh_CN/man1/sg.1.gz", + "/usr/share/man/zh_CN/man5/faillog.5.gz", + "/usr/share/man/zh_CN/man5/login.defs.5.gz", + "/usr/share/man/zh_CN/man8/faillog.8.gz", + "/usr/share/man/zh_CN/man8/lastlog.8.gz", + "/usr/share/man/zh_CN/man8/nologin.8.gz", + "/usr/share/man/zh_TW/man1/newgrp.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "logsave@1.45.5-2ubuntu1.1", + "Name": "logsave", + "Identifier": { + "PURL": "pkg:deb/ubuntu/logsave@1.45.5-2ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "8308a2b238c2c56" + }, + "Version": "1.45.5", + "Release": "2ubuntu1.1", + "Arch": "amd64", + "SrcName": "e2fsprogs", + "SrcVersion": "1.45.5", + "SrcRelease": "2ubuntu1.1", + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/sbin/logsave", + "/usr/share/doc/logsave/changelog.Debian.gz", + "/usr/share/doc/logsave/copyright", + "/usr/share/man/man8/logsave.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "lsb-base@11.1.0ubuntu2", + "Name": "lsb-base", + "Identifier": { + "PURL": "pkg:deb/ubuntu/lsb-base@11.1.0ubuntu2?arch=all\u0026distro=ubuntu-20.04", + "UID": "b3b9f72789fe717e" + }, + "Version": "11.1.0ubuntu2", + "Arch": "all", + "SrcName": "lsb", + "SrcVersion": "11.1.0ubuntu2", + "Licenses": [ + "GPL-2.0-only", + "BSD-3-Clause" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/lsb/init-functions", + "/lib/lsb/init-functions.d/00-verbose", + "/lib/lsb/init-functions.d/50-ubuntu-logging", + "/usr/share/doc/lsb-base/NEWS.Debian.gz", + "/usr/share/doc/lsb-base/README.Debian.gz", + "/usr/share/doc/lsb-base/changelog.gz", + "/usr/share/doc/lsb-base/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "lsof@4.93.2+dfsg-1ubuntu0.20.04.1", + "Name": "lsof", + "Identifier": { + "PURL": "pkg:deb/ubuntu/lsof@4.93.2%2Bdfsg-1ubuntu0.20.04.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "3ca8feeece8ad23d" + }, + "Version": "4.93.2+dfsg", + "Release": "1ubuntu0.20.04.1", + "Arch": "amd64", + "SrcName": "lsof", + "SrcVersion": "4.93.2+dfsg", + "SrcRelease": "1ubuntu0.20.04.1", + "Licenses": [ + "Purdue", + "BSD-4-Clause", + "GPL-2.0-or-later", + "LGPL-2.0-or-later", + "Sendmail", + "LGPL-2.0-only", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libselinux1@3.0-1build2" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/bin/lsof", + "/usr/share/doc/lsof/00FAQ.gz", + "/usr/share/doc/lsof/00LSOF-L", + "/usr/share/doc/lsof/00QUICKSTART.gz", + "/usr/share/doc/lsof/README.Debian", + "/usr/share/doc/lsof/changelog.Debian.gz", + "/usr/share/doc/lsof/copyright", + "/usr/share/doc/lsof/examples/00MANIFEST", + "/usr/share/doc/lsof/examples/00README", + "/usr/share/doc/lsof/examples/big_brother.perl5.gz", + "/usr/share/doc/lsof/examples/count_pf.perl", + "/usr/share/doc/lsof/examples/count_pf.perl5", + "/usr/share/doc/lsof/examples/identd.perl5", + "/usr/share/doc/lsof/examples/idrlogin.perl.gz", + "/usr/share/doc/lsof/examples/idrlogin.perl5.gz", + "/usr/share/doc/lsof/examples/list_NULf.perl5.gz", + "/usr/share/doc/lsof/examples/list_fields.awk.gz", + "/usr/share/doc/lsof/examples/list_fields.perl.gz", + "/usr/share/doc/lsof/examples/shared.perl5.gz", + "/usr/share/doc/lsof/examples/sort_res.perl5", + "/usr/share/doc/lsof/examples/watch_a_file.perl", + "/usr/share/doc/lsof/examples/xusers.awk", + "/usr/share/man/man8/lsof.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mariadb-backup@1:10.7.8+maria~ubu2004", + "Name": "mariadb-backup", + "Identifier": { + "PURL": "pkg:deb/ubuntu/mariadb-backup@10.7.8%2Bmaria~ubu2004?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "a46abd81895bde74" + }, + "Version": "10.7.8+maria~ubu2004", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "mariadb-10.7", + "SrcVersion": "10.7.8+maria~ubu2004", + "SrcEpoch": 1, + "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaio1@0.3.112-5", + "libc6@2.31-0ubuntu9.9", + "libcrypt1@1:4.4.10-10ubuntu4", + "libpcre2-8-0@10.34-7ubuntu0.1", + "libpmem1@1.8-1ubuntu1", + "libssl1.1@1.1.1f-1ubuntu2.17", + "libstdc++6@10.3.0-1ubuntu1~20.04", + "libsystemd0@245.4-4ubuntu3.21", + "mariadb-client-core-10.7@1:10.7.8+maria~ubu2004", + "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/bin/mariadb-backup", + "/usr/bin/mbstream", + "/usr/share/doc/mariadb-backup/changelog.gz", + "/usr/share/doc/mariadb-backup/copyright", + "/usr/share/man/man1/mariabackup.1.gz", + "/usr/share/man/man1/mbstream.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mariadb-client-10.7@1:10.7.8+maria~ubu2004", + "Name": "mariadb-client-10.7", + "Identifier": { + "PURL": "pkg:deb/ubuntu/mariadb-client-10.7@10.7.8%2Bmaria~ubu2004?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "ce20d725795d726c" + }, + "Version": "10.7.8+maria~ubu2004", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "mariadb-10.7", + "SrcVersion": "10.7.8+maria~ubu2004", + "SrcEpoch": 1, + "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debianutils@4.9.1", + "libc6@2.31-0ubuntu9.9", + "libconfig-inifiles-perl@3.000002-1", + "libssl1.1@1.1.1f-1ubuntu2.17", + "libstdc++6@10.3.0-1ubuntu1~20.04", + "mariadb-client-core-10.7@1:10.7.8+maria~ubu2004", + "mariadb-common@1:10.7.8+maria~ubu2004", + "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/bin/innotop", + "/usr/bin/mariadb-access", + "/usr/bin/mariadb-admin", + "/usr/bin/mariadb-binlog", + "/usr/bin/mariadb-conv", + "/usr/bin/mariadb-convert-table-format", + "/usr/bin/mariadb-dump", + "/usr/bin/mariadb-dumpslow", + "/usr/bin/mariadb-find-rows", + "/usr/bin/mariadb-fix-extensions", + "/usr/bin/mariadb-hotcopy", + "/usr/bin/mariadb-import", + "/usr/bin/mariadb-plugin", + "/usr/bin/mariadb-report", + "/usr/bin/mariadb-secure-installation", + "/usr/bin/mariadb-setpermission", + "/usr/bin/mariadb-show", + "/usr/bin/mariadb-slap", + "/usr/bin/mariadb-tzinfo-to-sql", + "/usr/bin/mariadb-waitpid", + "/usr/bin/msql2mysql", + "/usr/bin/mytop", + "/usr/bin/perror", + "/usr/bin/replace", + "/usr/bin/resolve_stack_dump", + "/usr/share/doc/mariadb-client-10.7/README.Debian", + "/usr/share/doc/mariadb-client-10.7/README.md", + "/usr/share/doc/mariadb-client-10.7/changelog.gz", + "/usr/share/doc/mariadb-client-10.7/changelog.innotop.gz", + "/usr/share/doc/mariadb-client-10.7/copyright", + "/usr/share/man/man1/innotop.1.gz", + "/usr/share/man/man1/mariadb-conv.1.gz", + "/usr/share/man/man1/mariadb-report.1.gz", + "/usr/share/man/man1/msql2mysql.1.gz", + "/usr/share/man/man1/mysql_convert_table_format.1.gz", + "/usr/share/man/man1/mysql_find_rows.1.gz", + "/usr/share/man/man1/mysql_fix_extensions.1.gz", + "/usr/share/man/man1/mysql_plugin.1.gz", + "/usr/share/man/man1/mysql_secure_installation.1.gz", + "/usr/share/man/man1/mysql_setpermission.1.gz", + "/usr/share/man/man1/mysql_tzinfo_to_sql.1.gz", + "/usr/share/man/man1/mysql_waitpid.1.gz", + "/usr/share/man/man1/mysqlaccess.1.gz", + "/usr/share/man/man1/mysqladmin.1.gz", + "/usr/share/man/man1/mysqlbinlog.1.gz", + "/usr/share/man/man1/mysqldump.1.gz", + "/usr/share/man/man1/mysqldumpslow.1.gz", + "/usr/share/man/man1/mysqlhotcopy.1.gz", + "/usr/share/man/man1/mysqlimport.1.gz", + "/usr/share/man/man1/mysqlshow.1.gz", + "/usr/share/man/man1/mysqlslap.1.gz", + "/usr/share/man/man1/mytop.1.gz", + "/usr/share/man/man1/perror.1.gz", + "/usr/share/man/man1/replace.1.gz", + "/usr/share/man/man1/resolve_stack_dump.1.gz", + "/usr/share/menu/mariadb-client-10.7" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mariadb-client-core-10.7@1:10.7.8+maria~ubu2004", + "Name": "mariadb-client-core-10.7", + "Identifier": { + "PURL": "pkg:deb/ubuntu/mariadb-client-core-10.7@10.7.8%2Bmaria~ubu2004?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "d75d249eff74841" + }, + "Version": "10.7.8+maria~ubu2004", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "mariadb-10.7", + "SrcVersion": "10.7.8+maria~ubu2004", + "SrcEpoch": 1, + "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libmariadb3@1:10.7.8+maria~ubu2004", + "libncurses6@6.2-0ubuntu2", + "libreadline5@5.2+dfsg-3build3", + "libssl1.1@1.1.1f-1ubuntu2.17", + "libstdc++6@10.3.0-1ubuntu1~20.04", + "libtinfo6@6.2-0ubuntu2", + "mariadb-common@1:10.7.8+maria~ubu2004", + "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/bin/mariadb", + "/usr/bin/mariadb-check", + "/usr/bin/my_print_defaults", + "/usr/share/doc/mariadb-client-core-10.7/changelog.gz", + "/usr/share/doc/mariadb-client-core-10.7/copyright", + "/usr/share/man/man1/my_print_defaults.1.gz", + "/usr/share/man/man1/mysql.1.gz", + "/usr/share/man/man1/mysqlcheck.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mariadb-common@1:10.7.8+maria~ubu2004", + "Name": "mariadb-common", + "Identifier": { + "PURL": "pkg:deb/ubuntu/mariadb-common@10.7.8%2Bmaria~ubu2004?arch=all\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "328c7a59af1dc0f8" + }, + "Version": "10.7.8+maria~ubu2004", + "Epoch": 1, + "Arch": "all", + "SrcName": "mariadb-10.7", + "SrcVersion": "10.7.8+maria~ubu2004", + "SrcEpoch": 1, + "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "mysql-common@1:10.7.8+maria~ubu2004" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/share/doc/mariadb-common/changelog.gz", + "/usr/share/doc/mariadb-common/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mariadb-server@1:10.7.8+maria~ubu2004", + "Name": "mariadb-server", + "Identifier": { + "PURL": "pkg:deb/ubuntu/mariadb-server@10.7.8%2Bmaria~ubu2004?arch=all\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "cec014dd99a06d48" + }, + "Version": "10.7.8+maria~ubu2004", + "Epoch": 1, + "Arch": "all", + "SrcName": "mariadb-10.7", + "SrcVersion": "10.7.8+maria~ubu2004", + "SrcEpoch": 1, + "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "mariadb-server-10.7@1:10.7.8+maria~ubu2004" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/share/doc/mariadb-server/changelog.gz", + "/usr/share/doc/mariadb-server/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mariadb-server-10.7@1:10.7.8+maria~ubu2004", + "Name": "mariadb-server-10.7", + "Identifier": { + "PURL": "pkg:deb/ubuntu/mariadb-server-10.7@10.7.8%2Bmaria~ubu2004?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "a0491ccb107eab6a" + }, + "Version": "10.7.8+maria~ubu2004", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "mariadb-10.7", + "SrcVersion": "10.7.8+maria~ubu2004", + "SrcEpoch": 1, + "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.73", + "galera-4@26.4.14-ubu2004", + "gawk@1:5.0.1+dfsg-1", + "iproute2@5.5.0-1ubuntu1", + "libc6@2.31-0ubuntu9.9", + "libdbi-perl@1.643-1ubuntu0.1", + "libpam0g@1.3.1-5ubuntu4.6", + "libssl1.1@1.1.1f-1ubuntu2.17", + "libstdc++6@10.3.0-1ubuntu1~20.04", + "lsb-base@11.1.0ubuntu2", + "lsof@4.93.2+dfsg-1ubuntu0.20.04.1", + "mariadb-client-10.7@1:10.7.8+maria~ubu2004", + "mariadb-server-core-10.7@1:10.7.8+maria~ubu2004", + "passwd@1:4.8.1-1ubuntu5.20.04.4", + "perl@5.30.0-9ubuntu0.3", + "procps@2:3.3.16-1ubuntu2.3", + "psmisc@23.3-1", + "rsync@3.1.3-8ubuntu0.5", + "socat@1.7.3.3-2", + "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/lib/systemd/system/mariadb-extra.socket", + "/lib/systemd/system/mariadb-extra@.socket", + "/lib/systemd/system/mariadb.service", + "/lib/systemd/system/mariadb.socket", + "/lib/systemd/system/mariadb@.service", + "/lib/systemd/system/mariadb@.socket", + "/lib/systemd/system/mariadb@bootstrap.service.d/use_galera_new_cluster.conf", + "/lib/x86_64-linux-gnu/security/pam_user_map.so", + "/usr/bin/aria_chk", + "/usr/bin/aria_dump_log", + "/usr/bin/aria_ftdump", + "/usr/bin/aria_pack", + "/usr/bin/aria_read_log", + "/usr/bin/galera_new_cluster", + "/usr/bin/galera_recovery", + "/usr/bin/mariadb-service-convert", + "/usr/bin/mariadbd-multi", + "/usr/bin/mariadbd-safe", + "/usr/bin/mariadbd-safe-helper", + "/usr/bin/myisam_ftdump", + "/usr/bin/myisamchk", + "/usr/bin/myisamlog", + "/usr/bin/myisampack", + "/usr/bin/wsrep_sst_common", + "/usr/bin/wsrep_sst_mariabackup", + "/usr/bin/wsrep_sst_mysqldump", + "/usr/bin/wsrep_sst_rsync", + "/usr/lib/mysql/plugin/auth_ed25519.so", + "/usr/lib/mysql/plugin/auth_pam.so", + "/usr/lib/mysql/plugin/auth_pam_tool_dir/auth_pam_tool", + "/usr/lib/mysql/plugin/auth_pam_v1.so", + "/usr/lib/mysql/plugin/disks.so", + "/usr/lib/mysql/plugin/file_key_management.so", + "/usr/lib/mysql/plugin/ha_archive.so", + "/usr/lib/mysql/plugin/ha_blackhole.so", + "/usr/lib/mysql/plugin/ha_federated.so", + "/usr/lib/mysql/plugin/ha_federatedx.so", + "/usr/lib/mysql/plugin/ha_sphinx.so", + "/usr/lib/mysql/plugin/handlersocket.so", + "/usr/lib/mysql/plugin/locales.so", + "/usr/lib/mysql/plugin/metadata_lock_info.so", + "/usr/lib/mysql/plugin/password_reuse_check.so", + "/usr/lib/mysql/plugin/query_cache_info.so", + "/usr/lib/mysql/plugin/query_response_time.so", + "/usr/lib/mysql/plugin/server_audit.so", + "/usr/lib/mysql/plugin/simple_password_check.so", + "/usr/lib/mysql/plugin/sql_errlog.so", + "/usr/lib/mysql/plugin/type_mysql_json.so", + "/usr/lib/mysql/plugin/wsrep_info.so", + "/usr/share/apport/package-hooks/source_mariadb-10.7.py", + "/usr/share/doc/mariadb-server-10.7/README.Debian.gz", + "/usr/share/doc/mariadb-server-10.7/changelog.gz", + "/usr/share/doc/mariadb-server-10.7/copyright", + "/usr/share/doc/mariadb-server-10.7/mariadbd.sym.gz", + "/usr/share/man/man1/aria_chk.1.gz", + "/usr/share/man/man1/aria_dump_log.1.gz", + "/usr/share/man/man1/aria_ftdump.1.gz", + "/usr/share/man/man1/aria_pack.1.gz", + "/usr/share/man/man1/aria_read_log.1.gz", + "/usr/share/man/man1/galera_new_cluster.1.gz", + "/usr/share/man/man1/galera_recovery.1.gz", + "/usr/share/man/man1/mariadb-service-convert.1.gz", + "/usr/share/man/man1/myisam_ftdump.1.gz", + "/usr/share/man/man1/myisamchk.1.gz", + "/usr/share/man/man1/myisamlog.1.gz", + "/usr/share/man/man1/myisampack.1.gz", + "/usr/share/man/man1/mysqld_multi.1.gz", + "/usr/share/man/man1/mysqld_safe.1.gz", + "/usr/share/man/man1/mysqld_safe_helper.1.gz", + "/usr/share/man/man1/wsrep_sst_common.1.gz", + "/usr/share/man/man1/wsrep_sst_mariabackup.1.gz", + "/usr/share/man/man1/wsrep_sst_mysqldump.1.gz", + "/usr/share/man/man1/wsrep_sst_rsync.1.gz", + "/usr/share/man/man1/wsrep_sst_rsync_wan.1.gz", + "/usr/share/mysql/debian-start.inc.sh", + "/usr/share/mysql/echo_stderr", + "/usr/share/mysql/errmsg-utf8.txt", + "/usr/share/mysql/wsrep.cnf", + "/usr/share/mysql/wsrep_notify" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mariadb-server-core-10.7@1:10.7.8+maria~ubu2004", + "Name": "mariadb-server-core-10.7", + "Identifier": { + "PURL": "pkg:deb/ubuntu/mariadb-server-core-10.7@10.7.8%2Bmaria~ubu2004?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "919704cfe08b9b7b" + }, + "Version": "10.7.8+maria~ubu2004", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "mariadb-10.7", + "SrcVersion": "10.7.8+maria~ubu2004", + "SrcEpoch": 1, + "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaio1@0.3.112-5", + "libc6@2.31-0ubuntu9.9", + "libcrypt1@1:4.4.10-10ubuntu4", + "libpcre2-8-0@10.34-7ubuntu0.1", + "libpmem1@1.8-1ubuntu1", + "libssl1.1@1.1.1f-1ubuntu2.17", + "libstdc++6@10.3.0-1ubuntu1~20.04", + "libsystemd0@245.4-4ubuntu3.21", + "mariadb-common@1:10.7.8+maria~ubu2004", + "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/bin/innochecksum", + "/usr/bin/mariadb-install-db", + "/usr/bin/mariadb-upgrade", + "/usr/bin/resolveip", + "/usr/sbin/mariadbd", + "/usr/share/doc/mariadb-server-core-10.7/changelog.gz", + "/usr/share/doc/mariadb-server-core-10.7/copyright", + "/usr/share/man/man1/innochecksum.1.gz", + "/usr/share/man/man1/mysql_install_db.1.gz", + "/usr/share/man/man1/mysql_upgrade.1.gz", + "/usr/share/man/man1/resolveip.1.gz", + "/usr/share/man/man8/mysqld.8.gz", + "/usr/share/mysql/bulgarian/errmsg.sys", + "/usr/share/mysql/charsets/Index.xml", + "/usr/share/mysql/charsets/README", + "/usr/share/mysql/charsets/armscii8.xml", + "/usr/share/mysql/charsets/ascii.xml", + "/usr/share/mysql/charsets/cp1250.xml", + "/usr/share/mysql/charsets/cp1251.xml", + "/usr/share/mysql/charsets/cp1256.xml", + "/usr/share/mysql/charsets/cp1257.xml", + "/usr/share/mysql/charsets/cp850.xml", + "/usr/share/mysql/charsets/cp852.xml", + "/usr/share/mysql/charsets/cp866.xml", + "/usr/share/mysql/charsets/dec8.xml", + "/usr/share/mysql/charsets/geostd8.xml", + "/usr/share/mysql/charsets/greek.xml", + "/usr/share/mysql/charsets/hebrew.xml", + "/usr/share/mysql/charsets/hp8.xml", + "/usr/share/mysql/charsets/keybcs2.xml", + "/usr/share/mysql/charsets/koi8r.xml", + "/usr/share/mysql/charsets/koi8u.xml", + "/usr/share/mysql/charsets/latin1.xml", + "/usr/share/mysql/charsets/latin2.xml", + "/usr/share/mysql/charsets/latin5.xml", + "/usr/share/mysql/charsets/latin7.xml", + "/usr/share/mysql/charsets/macce.xml", + "/usr/share/mysql/charsets/macroman.xml", + "/usr/share/mysql/charsets/swe7.xml", + "/usr/share/mysql/chinese/errmsg.sys", + "/usr/share/mysql/czech/errmsg.sys", + "/usr/share/mysql/danish/errmsg.sys", + "/usr/share/mysql/dutch/errmsg.sys", + "/usr/share/mysql/english/errmsg.sys", + "/usr/share/mysql/estonian/errmsg.sys", + "/usr/share/mysql/fill_help_tables.sql", + "/usr/share/mysql/french/errmsg.sys", + "/usr/share/mysql/german/errmsg.sys", + "/usr/share/mysql/greek/errmsg.sys", + "/usr/share/mysql/hindi/errmsg.sys", + "/usr/share/mysql/hungarian/errmsg.sys", + "/usr/share/mysql/italian/errmsg.sys", + "/usr/share/mysql/japanese/errmsg.sys", + "/usr/share/mysql/korean/errmsg.sys", + "/usr/share/mysql/maria_add_gis_sp_bootstrap.sql", + "/usr/share/mysql/mysql_performance_tables.sql", + "/usr/share/mysql/mysql_sys_schema.sql", + "/usr/share/mysql/mysql_system_tables.sql", + "/usr/share/mysql/mysql_system_tables_data.sql", + "/usr/share/mysql/mysql_test_data_timezone.sql", + "/usr/share/mysql/mysql_test_db.sql", + "/usr/share/mysql/norwegian-ny/errmsg.sys", + "/usr/share/mysql/norwegian/errmsg.sys", + "/usr/share/mysql/polish/errmsg.sys", + "/usr/share/mysql/portuguese/errmsg.sys", + "/usr/share/mysql/romanian/errmsg.sys", + "/usr/share/mysql/russian/errmsg.sys", + "/usr/share/mysql/serbian/errmsg.sys", + "/usr/share/mysql/slovak/errmsg.sys", + "/usr/share/mysql/spanish/errmsg.sys", + "/usr/share/mysql/swedish/errmsg.sys", + "/usr/share/mysql/ukrainian/errmsg.sys" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mawk@1.3.4.20200120-2", + "Name": "mawk", + "Identifier": { + "PURL": "pkg:deb/ubuntu/mawk@1.3.4.20200120-2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "7247efd69179ae3d" + }, + "Version": "1.3.4.20200120", + "Release": "2", + "Arch": "amd64", + "SrcName": "mawk", + "SrcVersion": "1.3.4.20200120", + "SrcRelease": "2", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/bin/mawk", + "/usr/share/doc/mawk/ACKNOWLEDGMENT", + "/usr/share/doc/mawk/README", + "/usr/share/doc/mawk/changelog.Debian.gz", + "/usr/share/doc/mawk/copyright", + "/usr/share/doc/mawk/examples/ct_length.awk", + "/usr/share/doc/mawk/examples/decl.awk", + "/usr/share/doc/mawk/examples/deps.awk", + "/usr/share/doc/mawk/examples/eatc.awk", + "/usr/share/doc/mawk/examples/gdecl.awk", + "/usr/share/doc/mawk/examples/hcal", + "/usr/share/doc/mawk/examples/hical", + "/usr/share/doc/mawk/examples/nocomment.awk", + "/usr/share/doc/mawk/examples/primes.awk", + "/usr/share/doc/mawk/examples/qsort.awk", + "/usr/share/man/man1/mawk.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mount@2.34-0.1ubuntu9.3", + "Name": "mount", + "Identifier": { + "PURL": "pkg:deb/ubuntu/mount@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "5dec57b54f278111" + }, + "Version": "2.34", + "Release": "0.1ubuntu9.3", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.34", + "SrcRelease": "0.1ubuntu9.3", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "public-domain", + "BSD-4-Clause", + "MIT", + "BSD-2-Clause", + "BSD-3-Clause", + "LGPL-2.0-or-later", + "LGPL-2.1-or-later", + "GPL-3.0-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "util-linux@2.34-0.1ubuntu9.3" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/bin/mount", + "/bin/umount", + "/sbin/losetup", + "/sbin/swapoff", + "/sbin/swapon", + "/usr/share/bash-completion/completions/losetup", + "/usr/share/bash-completion/completions/mount", + "/usr/share/bash-completion/completions/swapoff", + "/usr/share/bash-completion/completions/swapon", + "/usr/share/bash-completion/completions/umount", + "/usr/share/doc/mount/NEWS.Debian.gz", + "/usr/share/doc/mount/copyright", + "/usr/share/doc/mount/examples/mount.fstab", + "/usr/share/lintian/overrides/mount", + "/usr/share/man/man5/fstab.5.gz", + "/usr/share/man/man8/losetup.8.gz", + "/usr/share/man/man8/mount.8.gz", + "/usr/share/man/man8/swapon.8.gz", + "/usr/share/man/man8/umount.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mysql-common@1:10.7.8+maria~ubu2004", + "Name": "mysql-common", + "Identifier": { + "PURL": "pkg:deb/ubuntu/mysql-common@10.7.8%2Bmaria~ubu2004?arch=all\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "7a316d77b6050a6b" + }, + "Version": "10.7.8+maria~ubu2004", + "Epoch": 1, + "Arch": "all", + "SrcName": "mariadb-10.7", + "SrcVersion": "10.7.8+maria~ubu2004", + "SrcEpoch": 1, + "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/share/doc/mysql-common/changelog.gz", + "/usr/share/doc/mysql-common/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "ncurses-base@6.2-0ubuntu2", + "Name": "ncurses-base", + "Identifier": { + "PURL": "pkg:deb/ubuntu/ncurses-base@6.2-0ubuntu2?arch=all\u0026distro=ubuntu-20.04", + "UID": "11c3ebabbf3b213f" + }, + "Version": "6.2", + "Release": "0ubuntu2", + "Arch": "all", + "SrcName": "ncurses", + "SrcVersion": "6.2", + "SrcRelease": "0ubuntu2", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/terminfo/E/Eterm", + "/lib/terminfo/a/ansi", + "/lib/terminfo/c/cons25", + "/lib/terminfo/c/cons25-debian", + "/lib/terminfo/c/cygwin", + "/lib/terminfo/d/dumb", + "/lib/terminfo/h/hurd", + "/lib/terminfo/l/linux", + "/lib/terminfo/m/mach", + "/lib/terminfo/m/mach-bold", + "/lib/terminfo/m/mach-color", + "/lib/terminfo/m/mach-gnu", + "/lib/terminfo/m/mach-gnu-color", + "/lib/terminfo/p/pcansi", + "/lib/terminfo/r/rxvt", + "/lib/terminfo/r/rxvt-basic", + "/lib/terminfo/r/rxvt-unicode", + "/lib/terminfo/r/rxvt-unicode-256color", + "/lib/terminfo/s/screen", + "/lib/terminfo/s/screen-256color", + "/lib/terminfo/s/screen-256color-bce", + "/lib/terminfo/s/screen-bce", + "/lib/terminfo/s/screen-s", + "/lib/terminfo/s/screen-w", + "/lib/terminfo/s/screen.xterm-256color", + "/lib/terminfo/s/sun", + "/lib/terminfo/t/tmux", + "/lib/terminfo/t/tmux-256color", + "/lib/terminfo/v/vt100", + "/lib/terminfo/v/vt102", + "/lib/terminfo/v/vt220", + "/lib/terminfo/v/vt52", + "/lib/terminfo/w/wsvt25", + "/lib/terminfo/w/wsvt25m", + "/lib/terminfo/x/xterm", + "/lib/terminfo/x/xterm-256color", + "/lib/terminfo/x/xterm-color", + "/lib/terminfo/x/xterm-mono", + "/lib/terminfo/x/xterm-r5", + "/lib/terminfo/x/xterm-r6", + "/lib/terminfo/x/xterm-vt220", + "/lib/terminfo/x/xterm-xfree86", + "/usr/share/doc/ncurses-base/changelog.Debian.gz", + "/usr/share/doc/ncurses-base/copyright", + "/usr/share/lintian/overrides/ncurses-base", + "/usr/share/tabset/std", + "/usr/share/tabset/stdcrt", + "/usr/share/tabset/vt100", + "/usr/share/tabset/vt300" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "ncurses-bin@6.2-0ubuntu2", + "Name": "ncurses-bin", + "Identifier": { + "PURL": "pkg:deb/ubuntu/ncurses-bin@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "f840bf3c896244a7" + }, + "Version": "6.2", + "Release": "0ubuntu2", + "Arch": "amd64", + "SrcName": "ncurses", + "SrcVersion": "6.2", + "SrcRelease": "0ubuntu2", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/bin/clear", + "/usr/bin/infocmp", + "/usr/bin/tabs", + "/usr/bin/tic", + "/usr/bin/toe", + "/usr/bin/tput", + "/usr/bin/tset", + "/usr/share/doc/ncurses-bin/copyright", + "/usr/share/man/man1/captoinfo.1.gz", + "/usr/share/man/man1/clear.1.gz", + "/usr/share/man/man1/infocmp.1.gz", + "/usr/share/man/man1/infotocap.1.gz", + "/usr/share/man/man1/tabs.1.gz", + "/usr/share/man/man1/tic.1.gz", + "/usr/share/man/man1/toe.1.gz", + "/usr/share/man/man1/tput.1.gz", + "/usr/share/man/man1/tset.1.gz", + "/usr/share/man/man5/scr_dump.5.gz", + "/usr/share/man/man5/term.5.gz", + "/usr/share/man/man5/terminfo.5.gz", + "/usr/share/man/man5/user_caps.5.gz", + "/usr/share/man/man7/term.7.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "openssl@1.1.1f-1ubuntu2.17", + "Name": "openssl", + "Identifier": { + "PURL": "pkg:deb/ubuntu/openssl@1.1.1f-1ubuntu2.17?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "d05522de581addaf" + }, + "Version": "1.1.1f", + "Release": "1ubuntu2.17", + "Arch": "amd64", + "SrcName": "openssl", + "SrcVersion": "1.1.1f", + "SrcRelease": "1ubuntu2.17", + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libssl1.1@1.1.1f-1ubuntu2.17" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "InstalledFiles": [ + "/usr/bin/c_rehash", + "/usr/bin/openssl", + "/usr/lib/ssl/misc/CA.pl", + "/usr/lib/ssl/misc/tsget.pl", + "/usr/share/doc/openssl/FAQ", + "/usr/share/doc/openssl/HOWTO/certificates.txt.gz", + "/usr/share/doc/openssl/HOWTO/keys.txt", + "/usr/share/doc/openssl/NEWS.Debian.gz", + "/usr/share/doc/openssl/NEWS.gz", + "/usr/share/doc/openssl/README", + "/usr/share/doc/openssl/README.Debian", + "/usr/share/doc/openssl/README.ENGINE.gz", + "/usr/share/doc/openssl/README.optimization", + "/usr/share/doc/openssl/fingerprints.txt", + "/usr/share/lintian/overrides/openssl", + "/usr/share/man/man1/CA.pl.1ssl.gz", + "/usr/share/man/man1/asn1parse.1ssl.gz", + "/usr/share/man/man1/ca.1ssl.gz", + "/usr/share/man/man1/ciphers.1ssl.gz", + "/usr/share/man/man1/cms.1ssl.gz", + "/usr/share/man/man1/crl.1ssl.gz", + "/usr/share/man/man1/crl2pkcs7.1ssl.gz", + "/usr/share/man/man1/dgst.1ssl.gz", + "/usr/share/man/man1/dhparam.1ssl.gz", + "/usr/share/man/man1/dsa.1ssl.gz", + "/usr/share/man/man1/dsaparam.1ssl.gz", + "/usr/share/man/man1/ec.1ssl.gz", + "/usr/share/man/man1/ecparam.1ssl.gz", + "/usr/share/man/man1/enc.1ssl.gz", + "/usr/share/man/man1/engine.1ssl.gz", + "/usr/share/man/man1/errstr.1ssl.gz", + "/usr/share/man/man1/gendsa.1ssl.gz", + "/usr/share/man/man1/genpkey.1ssl.gz", + "/usr/share/man/man1/genrsa.1ssl.gz", + "/usr/share/man/man1/list.1ssl.gz", + "/usr/share/man/man1/nseq.1ssl.gz", + "/usr/share/man/man1/ocsp.1ssl.gz", + "/usr/share/man/man1/openssl.1ssl.gz", + "/usr/share/man/man1/passwd.1ssl.gz", + "/usr/share/man/man1/pkcs12.1ssl.gz", + "/usr/share/man/man1/pkcs7.1ssl.gz", + "/usr/share/man/man1/pkcs8.1ssl.gz", + "/usr/share/man/man1/pkey.1ssl.gz", + "/usr/share/man/man1/pkeyparam.1ssl.gz", + "/usr/share/man/man1/pkeyutl.1ssl.gz", + "/usr/share/man/man1/prime.1ssl.gz", + "/usr/share/man/man1/rand.1ssl.gz", + "/usr/share/man/man1/rehash.1ssl.gz", + "/usr/share/man/man1/req.1ssl.gz", + "/usr/share/man/man1/rsa.1ssl.gz", + "/usr/share/man/man1/rsautl.1ssl.gz", + "/usr/share/man/man1/s_client.1ssl.gz", + "/usr/share/man/man1/s_server.1ssl.gz", + "/usr/share/man/man1/s_time.1ssl.gz", + "/usr/share/man/man1/sess_id.1ssl.gz", + "/usr/share/man/man1/smime.1ssl.gz", + "/usr/share/man/man1/speed.1ssl.gz", + "/usr/share/man/man1/spkac.1ssl.gz", + "/usr/share/man/man1/srp.1ssl.gz", + "/usr/share/man/man1/storeutl.1ssl.gz", + "/usr/share/man/man1/ts.1ssl.gz", + "/usr/share/man/man1/tsget.1ssl.gz", + "/usr/share/man/man1/verify.1ssl.gz", + "/usr/share/man/man1/version.1ssl.gz", + "/usr/share/man/man1/x509.1ssl.gz", + "/usr/share/man/man5/config.5ssl.gz", + "/usr/share/man/man5/x509v3_config.5ssl.gz", + "/usr/share/man/man7/Ed25519.7ssl.gz", + "/usr/share/man/man7/RAND.7ssl.gz", + "/usr/share/man/man7/RAND_DRBG.7ssl.gz", + "/usr/share/man/man7/RSA-PSS.7ssl.gz", + "/usr/share/man/man7/SM2.7ssl.gz", + "/usr/share/man/man7/X25519.7ssl.gz", + "/usr/share/man/man7/bio.7ssl.gz", + "/usr/share/man/man7/crypto.7ssl.gz", + "/usr/share/man/man7/ct.7ssl.gz", + "/usr/share/man/man7/des_modes.7ssl.gz", + "/usr/share/man/man7/evp.7ssl.gz", + "/usr/share/man/man7/ossl_store-file.7ssl.gz", + "/usr/share/man/man7/ossl_store.7ssl.gz", + "/usr/share/man/man7/passphrase-encoding.7ssl.gz", + "/usr/share/man/man7/proxy-certificates.7ssl.gz", + "/usr/share/man/man7/scrypt.7ssl.gz", + "/usr/share/man/man7/ssl.7ssl.gz", + "/usr/share/man/man7/x509.7ssl.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "passwd@1:4.8.1-1ubuntu5.20.04.4", + "Name": "passwd", + "Identifier": { + "PURL": "pkg:deb/ubuntu/passwd@4.8.1-1ubuntu5.20.04.4?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "d3a91d4da26b7b0b" + }, + "Version": "4.8.1", + "Release": "1ubuntu5.20.04.4", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "shadow", + "SrcVersion": "4.8.1", + "SrcRelease": "1ubuntu5.20.04.4", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit1@1:2.8.5-2ubuntu6", + "libc6@2.31-0ubuntu9.9", + "libcrypt1@1:4.4.10-10ubuntu4", + "libpam-modules@1.3.1-5ubuntu4.6", + "libpam0g@1.3.1-5ubuntu4.6", + "libselinux1@3.0-1build2", + "libsemanage1@3.0-1build2" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/sbin/shadowconfig", + "/usr/bin/chage", + "/usr/bin/chfn", + "/usr/bin/chsh", + "/usr/bin/expiry", + "/usr/bin/gpasswd", + "/usr/bin/passwd", + "/usr/lib/tmpfiles.d/passwd.conf", + "/usr/sbin/chgpasswd", + "/usr/sbin/chpasswd", + "/usr/sbin/cppw", + "/usr/sbin/groupadd", + "/usr/sbin/groupdel", + "/usr/sbin/groupmems", + "/usr/sbin/groupmod", + "/usr/sbin/grpck", + "/usr/sbin/grpconv", + "/usr/sbin/grpunconv", + "/usr/sbin/newusers", + "/usr/sbin/pwck", + "/usr/sbin/pwconv", + "/usr/sbin/pwunconv", + "/usr/sbin/useradd", + "/usr/sbin/userdel", + "/usr/sbin/usermod", + "/usr/sbin/vipw", + "/usr/share/doc/passwd/NEWS.Debian.gz", + "/usr/share/doc/passwd/README.Debian", + "/usr/share/doc/passwd/TODO.Debian", + "/usr/share/doc/passwd/changelog.Debian.gz", + "/usr/share/doc/passwd/copyright", + "/usr/share/doc/passwd/examples/passwd.expire.cron", + "/usr/share/lintian/overrides/passwd", + "/usr/share/man/cs/man1/expiry.1.gz", + "/usr/share/man/cs/man1/gpasswd.1.gz", + "/usr/share/man/cs/man5/gshadow.5.gz", + "/usr/share/man/cs/man5/passwd.5.gz", + "/usr/share/man/cs/man5/shadow.5.gz", + "/usr/share/man/cs/man8/groupadd.8.gz", + "/usr/share/man/cs/man8/groupdel.8.gz", + "/usr/share/man/cs/man8/groupmod.8.gz", + "/usr/share/man/cs/man8/grpck.8.gz", + "/usr/share/man/cs/man8/vipw.8.gz", + "/usr/share/man/da/man1/chfn.1.gz", + "/usr/share/man/da/man5/gshadow.5.gz", + "/usr/share/man/da/man8/groupdel.8.gz", + "/usr/share/man/da/man8/vipw.8.gz", + "/usr/share/man/de/man1/chage.1.gz", + "/usr/share/man/de/man1/chfn.1.gz", + "/usr/share/man/de/man1/chsh.1.gz", + "/usr/share/man/de/man1/expiry.1.gz", + "/usr/share/man/de/man1/gpasswd.1.gz", + "/usr/share/man/de/man1/passwd.1.gz", + "/usr/share/man/de/man5/gshadow.5.gz", + "/usr/share/man/de/man5/passwd.5.gz", + "/usr/share/man/de/man5/shadow.5.gz", + "/usr/share/man/de/man8/chpasswd.8.gz", + "/usr/share/man/de/man8/groupadd.8.gz", + "/usr/share/man/de/man8/groupdel.8.gz", + "/usr/share/man/de/man8/groupmems.8.gz", + "/usr/share/man/de/man8/groupmod.8.gz", + "/usr/share/man/de/man8/grpck.8.gz", + "/usr/share/man/de/man8/newusers.8.gz", + "/usr/share/man/de/man8/pwck.8.gz", + "/usr/share/man/de/man8/pwconv.8.gz", + "/usr/share/man/de/man8/useradd.8.gz", + "/usr/share/man/de/man8/userdel.8.gz", + "/usr/share/man/de/man8/usermod.8.gz", + "/usr/share/man/de/man8/vipw.8.gz", + "/usr/share/man/fi/man1/chfn.1.gz", + "/usr/share/man/fi/man1/chsh.1.gz", + "/usr/share/man/fr/man1/chage.1.gz", + "/usr/share/man/fr/man1/chfn.1.gz", + "/usr/share/man/fr/man1/chsh.1.gz", + "/usr/share/man/fr/man1/expiry.1.gz", + "/usr/share/man/fr/man1/gpasswd.1.gz", + "/usr/share/man/fr/man1/passwd.1.gz", + "/usr/share/man/fr/man5/gshadow.5.gz", + "/usr/share/man/fr/man5/passwd.5.gz", + "/usr/share/man/fr/man5/shadow.5.gz", + "/usr/share/man/fr/man8/chpasswd.8.gz", + "/usr/share/man/fr/man8/groupadd.8.gz", + "/usr/share/man/fr/man8/groupdel.8.gz", + "/usr/share/man/fr/man8/groupmems.8.gz", + "/usr/share/man/fr/man8/groupmod.8.gz", + "/usr/share/man/fr/man8/grpck.8.gz", + "/usr/share/man/fr/man8/newusers.8.gz", + "/usr/share/man/fr/man8/pwck.8.gz", + "/usr/share/man/fr/man8/pwconv.8.gz", + "/usr/share/man/fr/man8/useradd.8.gz", + "/usr/share/man/fr/man8/userdel.8.gz", + "/usr/share/man/fr/man8/usermod.8.gz", + "/usr/share/man/fr/man8/vipw.8.gz", + "/usr/share/man/hu/man1/chsh.1.gz", + "/usr/share/man/hu/man1/gpasswd.1.gz", + "/usr/share/man/hu/man1/passwd.1.gz", + "/usr/share/man/hu/man5/passwd.5.gz", + "/usr/share/man/id/man1/chsh.1.gz", + "/usr/share/man/id/man8/useradd.8.gz", + "/usr/share/man/it/man1/chage.1.gz", + "/usr/share/man/it/man1/chfn.1.gz", + "/usr/share/man/it/man1/chsh.1.gz", + "/usr/share/man/it/man1/expiry.1.gz", + "/usr/share/man/it/man1/gpasswd.1.gz", + "/usr/share/man/it/man1/passwd.1.gz", + "/usr/share/man/it/man5/gshadow.5.gz", + "/usr/share/man/it/man5/passwd.5.gz", + "/usr/share/man/it/man5/shadow.5.gz", + "/usr/share/man/it/man8/chpasswd.8.gz", + "/usr/share/man/it/man8/groupadd.8.gz", + "/usr/share/man/it/man8/groupdel.8.gz", + "/usr/share/man/it/man8/groupmems.8.gz", + "/usr/share/man/it/man8/groupmod.8.gz", + "/usr/share/man/it/man8/grpck.8.gz", + "/usr/share/man/it/man8/newusers.8.gz", + "/usr/share/man/it/man8/pwck.8.gz", + "/usr/share/man/it/man8/pwconv.8.gz", + "/usr/share/man/it/man8/useradd.8.gz", + "/usr/share/man/it/man8/userdel.8.gz", + "/usr/share/man/it/man8/usermod.8.gz", + "/usr/share/man/it/man8/vipw.8.gz", + "/usr/share/man/ja/man1/chage.1.gz", + "/usr/share/man/ja/man1/chfn.1.gz", + "/usr/share/man/ja/man1/chsh.1.gz", + "/usr/share/man/ja/man1/expiry.1.gz", + "/usr/share/man/ja/man1/gpasswd.1.gz", + "/usr/share/man/ja/man1/passwd.1.gz", + "/usr/share/man/ja/man5/passwd.5.gz", + "/usr/share/man/ja/man5/shadow.5.gz", + "/usr/share/man/ja/man8/chpasswd.8.gz", + "/usr/share/man/ja/man8/groupadd.8.gz", + "/usr/share/man/ja/man8/groupdel.8.gz", + "/usr/share/man/ja/man8/groupmod.8.gz", + "/usr/share/man/ja/man8/grpck.8.gz", + "/usr/share/man/ja/man8/newusers.8.gz", + "/usr/share/man/ja/man8/pwck.8.gz", + "/usr/share/man/ja/man8/pwconv.8.gz", + "/usr/share/man/ja/man8/useradd.8.gz", + "/usr/share/man/ja/man8/userdel.8.gz", + "/usr/share/man/ja/man8/usermod.8.gz", + "/usr/share/man/ja/man8/vipw.8.gz", + "/usr/share/man/ko/man1/chfn.1.gz", + "/usr/share/man/ko/man1/chsh.1.gz", + "/usr/share/man/ko/man5/passwd.5.gz", + "/usr/share/man/ko/man8/vipw.8.gz", + "/usr/share/man/man1/chage.1.gz", + "/usr/share/man/man1/chfn.1.gz", + "/usr/share/man/man1/chsh.1.gz", + "/usr/share/man/man1/expiry.1.gz", + "/usr/share/man/man1/gpasswd.1.gz", + "/usr/share/man/man1/passwd.1.gz", + "/usr/share/man/man5/gshadow.5.gz", + "/usr/share/man/man5/passwd.5.gz", + "/usr/share/man/man5/shadow.5.gz", + "/usr/share/man/man5/subgid.5.gz", + "/usr/share/man/man5/subuid.5.gz", + "/usr/share/man/man8/chgpasswd.8.gz", + "/usr/share/man/man8/chpasswd.8.gz", + "/usr/share/man/man8/cppw.8.gz", + "/usr/share/man/man8/groupadd.8.gz", + "/usr/share/man/man8/groupdel.8.gz", + "/usr/share/man/man8/groupmems.8.gz", + "/usr/share/man/man8/groupmod.8.gz", + "/usr/share/man/man8/grpck.8.gz", + "/usr/share/man/man8/newusers.8.gz", + "/usr/share/man/man8/pwck.8.gz", + "/usr/share/man/man8/pwconv.8.gz", + "/usr/share/man/man8/useradd.8.gz", + "/usr/share/man/man8/userdel.8.gz", + "/usr/share/man/man8/usermod.8.gz", + "/usr/share/man/man8/vipw.8.gz", + "/usr/share/man/pl/man1/chage.1.gz", + "/usr/share/man/pl/man1/chsh.1.gz", + "/usr/share/man/pl/man1/expiry.1.gz", + "/usr/share/man/pl/man8/groupadd.8.gz", + "/usr/share/man/pl/man8/groupdel.8.gz", + "/usr/share/man/pl/man8/groupmems.8.gz", + "/usr/share/man/pl/man8/groupmod.8.gz", + "/usr/share/man/pl/man8/grpck.8.gz", + "/usr/share/man/pl/man8/userdel.8.gz", + "/usr/share/man/pl/man8/usermod.8.gz", + "/usr/share/man/pl/man8/vipw.8.gz", + "/usr/share/man/pt_BR/man1/gpasswd.1.gz", + "/usr/share/man/pt_BR/man5/passwd.5.gz", + "/usr/share/man/pt_BR/man5/shadow.5.gz", + "/usr/share/man/pt_BR/man8/groupadd.8.gz", + "/usr/share/man/pt_BR/man8/groupdel.8.gz", + "/usr/share/man/pt_BR/man8/groupmod.8.gz", + "/usr/share/man/ru/man1/chage.1.gz", + "/usr/share/man/ru/man1/chfn.1.gz", + "/usr/share/man/ru/man1/chsh.1.gz", + "/usr/share/man/ru/man1/expiry.1.gz", + "/usr/share/man/ru/man1/gpasswd.1.gz", + "/usr/share/man/ru/man1/passwd.1.gz", + "/usr/share/man/ru/man5/gshadow.5.gz", + "/usr/share/man/ru/man5/passwd.5.gz", + "/usr/share/man/ru/man5/shadow.5.gz", + "/usr/share/man/ru/man8/chpasswd.8.gz", + "/usr/share/man/ru/man8/groupadd.8.gz", + "/usr/share/man/ru/man8/groupdel.8.gz", + "/usr/share/man/ru/man8/groupmems.8.gz", + "/usr/share/man/ru/man8/groupmod.8.gz", + "/usr/share/man/ru/man8/grpck.8.gz", + "/usr/share/man/ru/man8/newusers.8.gz", + "/usr/share/man/ru/man8/pwck.8.gz", + "/usr/share/man/ru/man8/pwconv.8.gz", + "/usr/share/man/ru/man8/useradd.8.gz", + "/usr/share/man/ru/man8/userdel.8.gz", + "/usr/share/man/ru/man8/usermod.8.gz", + "/usr/share/man/ru/man8/vipw.8.gz", + "/usr/share/man/sv/man1/chage.1.gz", + "/usr/share/man/sv/man1/chsh.1.gz", + "/usr/share/man/sv/man1/expiry.1.gz", + "/usr/share/man/sv/man1/passwd.1.gz", + "/usr/share/man/sv/man5/gshadow.5.gz", + "/usr/share/man/sv/man5/passwd.5.gz", + "/usr/share/man/sv/man8/groupadd.8.gz", + "/usr/share/man/sv/man8/groupdel.8.gz", + "/usr/share/man/sv/man8/groupmems.8.gz", + "/usr/share/man/sv/man8/groupmod.8.gz", + "/usr/share/man/sv/man8/grpck.8.gz", + "/usr/share/man/sv/man8/pwck.8.gz", + "/usr/share/man/sv/man8/userdel.8.gz", + "/usr/share/man/sv/man8/vipw.8.gz", + "/usr/share/man/tr/man1/chage.1.gz", + "/usr/share/man/tr/man1/chfn.1.gz", + "/usr/share/man/tr/man1/passwd.1.gz", + "/usr/share/man/tr/man5/passwd.5.gz", + "/usr/share/man/tr/man5/shadow.5.gz", + "/usr/share/man/tr/man8/groupadd.8.gz", + "/usr/share/man/tr/man8/groupdel.8.gz", + "/usr/share/man/tr/man8/groupmod.8.gz", + "/usr/share/man/tr/man8/useradd.8.gz", + "/usr/share/man/tr/man8/userdel.8.gz", + "/usr/share/man/tr/man8/usermod.8.gz", + "/usr/share/man/zh_CN/man1/chage.1.gz", + "/usr/share/man/zh_CN/man1/chfn.1.gz", + "/usr/share/man/zh_CN/man1/chsh.1.gz", + "/usr/share/man/zh_CN/man1/expiry.1.gz", + "/usr/share/man/zh_CN/man1/gpasswd.1.gz", + "/usr/share/man/zh_CN/man1/passwd.1.gz", + "/usr/share/man/zh_CN/man5/gshadow.5.gz", + "/usr/share/man/zh_CN/man5/passwd.5.gz", + "/usr/share/man/zh_CN/man5/shadow.5.gz", + "/usr/share/man/zh_CN/man8/chpasswd.8.gz", + "/usr/share/man/zh_CN/man8/groupadd.8.gz", + "/usr/share/man/zh_CN/man8/groupdel.8.gz", + "/usr/share/man/zh_CN/man8/groupmems.8.gz", + "/usr/share/man/zh_CN/man8/groupmod.8.gz", + "/usr/share/man/zh_CN/man8/grpck.8.gz", + "/usr/share/man/zh_CN/man8/newusers.8.gz", + "/usr/share/man/zh_CN/man8/pwck.8.gz", + "/usr/share/man/zh_CN/man8/pwconv.8.gz", + "/usr/share/man/zh_CN/man8/useradd.8.gz", + "/usr/share/man/zh_CN/man8/userdel.8.gz", + "/usr/share/man/zh_CN/man8/usermod.8.gz", + "/usr/share/man/zh_CN/man8/vipw.8.gz", + "/usr/share/man/zh_TW/man1/chfn.1.gz", + "/usr/share/man/zh_TW/man1/chsh.1.gz", + "/usr/share/man/zh_TW/man5/passwd.5.gz", + "/usr/share/man/zh_TW/man8/chpasswd.8.gz", + "/usr/share/man/zh_TW/man8/groupadd.8.gz", + "/usr/share/man/zh_TW/man8/groupdel.8.gz", + "/usr/share/man/zh_TW/man8/groupmod.8.gz", + "/usr/share/man/zh_TW/man8/useradd.8.gz", + "/usr/share/man/zh_TW/man8/userdel.8.gz", + "/usr/share/man/zh_TW/man8/usermod.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "perl@5.30.0-9ubuntu0.3", + "Name": "perl", + "Identifier": { + "PURL": "pkg:deb/ubuntu/perl@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e4ac000ef35e9648" + }, + "Version": "5.30.0", + "Release": "9ubuntu0.3", + "Arch": "amd64", + "SrcName": "perl", + "SrcVersion": "5.30.0", + "SrcRelease": "9ubuntu0.3", + "Licenses": [ + "GPL-1.0-or-later", + "Artistic-2.0", + "MIT", + "REGCOMP", + "GPL-2.0-with-bison-exception+", + "Unicode", + "BZIP", + "Zlib", + "GPL-2.0-or-later", + "RRA-KEEP-THIS-NOTICE", + "BSD-3-clause-with-weird-numbering", + "CC0-1.0", + "TEXT-TABS", + "BSD-4-clause-POWERDOG", + "BSD-3-clause-GENERIC", + "BSD-3-Clause", + "SDBM-PUBLIC-DOMAIN", + "DONT-CHANGE-THE-GPL", + "Artistic-dist", + "LGPL-2.1-only", + "GPL-1.0-only", + "GPL-2.0-only", + "Artistic-2", + "HSIEH-DERIVATIVE", + "HSIEH-BSD" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libperl5.30@5.30.0-9ubuntu0.3", + "perl-base@5.30.0-9ubuntu0.3", + "perl-modules-5.30@5.30.0-9ubuntu0.3" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/bin/corelist", + "/usr/bin/cpan", + "/usr/bin/enc2xs", + "/usr/bin/encguess", + "/usr/bin/h2ph", + "/usr/bin/h2xs", + "/usr/bin/instmodsh", + "/usr/bin/json_pp", + "/usr/bin/libnetcfg", + "/usr/bin/perlbug", + "/usr/bin/perldoc", + "/usr/bin/perlivp", + "/usr/bin/perlthanks", + "/usr/bin/piconv", + "/usr/bin/pl2pm", + "/usr/bin/pod2html", + "/usr/bin/pod2man", + "/usr/bin/pod2text", + "/usr/bin/pod2usage", + "/usr/bin/podchecker", + "/usr/bin/podselect", + "/usr/bin/prove", + "/usr/bin/ptar", + "/usr/bin/ptardiff", + "/usr/bin/ptargrep", + "/usr/bin/shasum", + "/usr/bin/splain", + "/usr/bin/xsubpp", + "/usr/bin/zipdetails", + "/usr/share/doc/perl/README.Debian", + "/usr/share/doc/perl/copyright", + "/usr/share/lintian/overrides/perl", + "/usr/share/man/man1/corelist.1.gz", + "/usr/share/man/man1/cpan.1.gz", + "/usr/share/man/man1/enc2xs.1.gz", + "/usr/share/man/man1/encguess.1.gz", + "/usr/share/man/man1/h2ph.1.gz", + "/usr/share/man/man1/h2xs.1.gz", + "/usr/share/man/man1/instmodsh.1.gz", + "/usr/share/man/man1/json_pp.1.gz", + "/usr/share/man/man1/libnetcfg.1.gz", + "/usr/share/man/man1/perlbug.1.gz", + "/usr/share/man/man1/perlivp.1.gz", + "/usr/share/man/man1/piconv.1.gz", + "/usr/share/man/man1/pl2pm.1.gz", + "/usr/share/man/man1/pod2html.1.gz", + "/usr/share/man/man1/pod2man.1.gz", + "/usr/share/man/man1/pod2text.1.gz", + "/usr/share/man/man1/pod2usage.1.gz", + "/usr/share/man/man1/podchecker.1.gz", + "/usr/share/man/man1/podselect.1.gz", + "/usr/share/man/man1/prove.1.gz", + "/usr/share/man/man1/ptar.1.gz", + "/usr/share/man/man1/ptardiff.1.gz", + "/usr/share/man/man1/ptargrep.1.gz", + "/usr/share/man/man1/shasum.1.gz", + "/usr/share/man/man1/splain.1.gz", + "/usr/share/man/man1/xsubpp.1.gz", + "/usr/share/man/man1/zipdetails.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "perl-base@5.30.0-9ubuntu0.3", + "Name": "perl-base", + "Identifier": { + "PURL": "pkg:deb/ubuntu/perl-base@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "2289117557075356" + }, + "Version": "5.30.0", + "Release": "9ubuntu0.3", + "Arch": "amd64", + "SrcName": "perl", + "SrcVersion": "5.30.0", + "SrcRelease": "9ubuntu0.3", + "Licenses": [ + "GPL-1.0-or-later", + "Artistic-2.0", + "MIT", + "REGCOMP", + "GPL-2.0-with-bison-exception+", + "Unicode", + "BZIP", + "Zlib", + "GPL-2.0-or-later", + "RRA-KEEP-THIS-NOTICE", + "BSD-3-clause-with-weird-numbering", + "CC0-1.0", + "TEXT-TABS", + "BSD-4-clause-POWERDOG", + "BSD-3-clause-GENERIC", + "BSD-3-Clause", + "SDBM-PUBLIC-DOMAIN", + "DONT-CHANGE-THE-GPL", + "Artistic-dist", + "LGPL-2.1-only", + "GPL-1.0-only", + "GPL-2.0-only", + "Artistic-2", + "HSIEH-DERIVATIVE", + "HSIEH-BSD" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/bin/perl", + "/usr/bin/perl5.30.0", + "/usr/lib/x86_64-linux-gnu/perl-base/AutoLoader.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Carp.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Carp/Heavy.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Config.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Config_git.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/Config_heavy.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/Cwd.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/DynaLoader.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Errno.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Exporter.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Exporter/Heavy.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Fcntl.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Basename.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Glob.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Path.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec/Unix.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Temp.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/FileHandle.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Getopt/Long.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Hash/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/File.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Handle.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Pipe.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Seekable.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Select.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/INET.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/IP.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/UNIX.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open2.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/List/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/POSIX.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Scalar/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/SelectSaver.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Socket.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Symbol.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Text/ParseWords.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Text/Tabs.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Text/Wrap.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Tie/Hash.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/XSLoader.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/attributes.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/Cwd/Cwd.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/Fcntl/Fcntl.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/File/Glob/Glob.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/Hash/Util/Util.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/IO/IO.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/List/Util/Util.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/POSIX/POSIX.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/Socket/Socket.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/attributes/attributes.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/re/re.so", + "/usr/lib/x86_64-linux-gnu/perl-base/base.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/bytes.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/bytes_heavy.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/constant.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/feature.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/fields.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/integer.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/lib.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/locale.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/overload.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/overloading.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/parent.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/re.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/strict.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/Heavy.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Age.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bmg.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Cf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Digit.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Ea.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/EqUIdeo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Fold.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/GCB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Gc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Hst.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InPC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InSC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Isc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jg.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lower.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFCQC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFDQC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCCF.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCQC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKDQC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Na1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NameAlia.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nv.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/PerlDeci.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/SB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Sc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Scx.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Tc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Title.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Uc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Upper.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Vo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/WB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlLB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlSCX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/NA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V100.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V11.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V110.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V120.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V20.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V30.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V31.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V32.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V40.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V41.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V50.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V51.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V52.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V60.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V61.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V70.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V80.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V90.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Alpha/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/B.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/BN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/CS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/EN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ES.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ET.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/L.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/NSM.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ON.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/R.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/WS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiM/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Blk/NB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/C.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/O.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CE/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CI/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCF/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCM/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWKCF/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWL/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWT/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWU/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Cased/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/A.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/ATAR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/B.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/BR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/DB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NK.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/OV.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/VR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CompEx/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/DI/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dash/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dep/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dia/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Com.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Enc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Fin.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Font.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Init.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Iso.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Med.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nar.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/NonCanon.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sqr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sub.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sup.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Vert.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/A.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/H.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/Na.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/W.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ext/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/CN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/EX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LV.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LVT.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/PP.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/SM.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/XX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/C.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/L.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/LC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ll.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/M.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Me.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nd.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/No.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/P.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pd.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pe.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Po.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ps.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/S.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sk.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/So.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Z.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Zs.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrBase/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrExt/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hex/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hst/NA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hyphen/T.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDS/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ideo/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/10_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/11_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/7_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/8_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/9_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Bottom.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Left.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/LeftAndR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/NA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Overstru.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Right.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Top.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndBo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndL2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndLe.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndRi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/VisualOr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Avagraha.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Bindu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Cantilla.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona4.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona5.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona6.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona7.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consonan.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Invisibl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Nukta.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Number.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Other.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/PureKill.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Syllable.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/ToneMark.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Virama.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Visarga.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Vowel.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelDep.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelInd.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Ain.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Alef.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Beh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Dal.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/FarsiYeh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Feh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Gaf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Hah.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/HanifiRo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Kaf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Lam.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/NoJoinin.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Qaf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Reh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Sad.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Seen.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Waw.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Yeh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/C.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/D.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/L.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/R.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/T.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/U.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AI.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CJ.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CM.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/EB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/EX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/GL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/ID.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/OP.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PO.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/QU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/SA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/XX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lower/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Math/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/M.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Di.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/None.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Nu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/11.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/12.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/13.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/14.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/15.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/16.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/17.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/18.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/19.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_16.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_4.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_6.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_8.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/200.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2_3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/300.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_16.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_4.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/400.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/500.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/600.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/700.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/800.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/900.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PCM/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PatSyn/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Alnum.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Assigned.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Blank.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Graph.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PerlWord.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PosixPun.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Print.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/SpacePer.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Title.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Word.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/XPosixPu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlAny.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCh2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCha.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlFol.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIsI.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlNch.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlNon.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPat.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPr2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPro.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlQuo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/QMark/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/AT.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/CL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/EX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/FO.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LE.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LO.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/NU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/SC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/ST.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/Sp.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/UP.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/XX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SD/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/STerm/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Arab.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Armn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Beng.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cprt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cyrl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Deva.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Dupl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Geor.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Glag.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gong.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gonm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gran.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Grek.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gujr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Guru.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Han.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hang.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hira.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Kana.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Knda.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Latn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Limb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Linb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mlym.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mong.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mult.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Orya.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Sinh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Syrc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Taml.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Telu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zinh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zyyy.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Adlm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Arab.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Armn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Beng.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bhks.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bopo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cakm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cham.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Copt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cprt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cyrl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Deva.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Dupl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Ethi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Geor.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Glag.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gong.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gonm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gran.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Grek.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gujr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Guru.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Han.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hang.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hebr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hira.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmng.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmnp.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kana.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khar.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khmr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khoj.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Knda.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kthi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lana.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lao.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Latn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Limb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lina.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Linb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mlym.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mong.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mult.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mymr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Nand.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Orya.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Phlp.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Rohg.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Shrd.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sind.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sinh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Syrc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tagb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Takr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Talu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Taml.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Telu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Thaa.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tibt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tirh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Xsux.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Yi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zinh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zyyy.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zzzz.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Term/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/UIdeo/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Upper/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/R.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/U.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/EX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/Extend.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/FO.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/HL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/KA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/LE.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/ML.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/NU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/WSegSpac.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/XX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDS/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/utf8.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/utf8_heavy.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/vars.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/warnings.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/warnings/register.pm", + "/usr/share/doc/perl-base/changelog.Debian.gz", + "/usr/share/doc/perl-base/copyright", + "/usr/share/doc/perl/AUTHORS.gz", + "/usr/share/doc/perl/Documentation", + "/usr/share/lintian/overrides/perl-base", + "/usr/share/man/man1/perl.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "perl-modules-5.30@5.30.0-9ubuntu0.3", + "Name": "perl-modules-5.30", + "Identifier": { + "PURL": "pkg:deb/ubuntu/perl-modules-5.30@5.30.0-9ubuntu0.3?arch=all\u0026distro=ubuntu-20.04", + "UID": "23ac15a776adbce9" + }, + "Version": "5.30.0", + "Release": "9ubuntu0.3", + "Arch": "all", + "SrcName": "perl", + "SrcVersion": "5.30.0", + "SrcRelease": "9ubuntu0.3", + "Licenses": [ + "GPL-1.0-or-later", + "Artistic-2.0", + "MIT", + "REGCOMP", + "GPL-2.0-with-bison-exception+", + "Unicode", + "BZIP", + "Zlib", + "GPL-2.0-or-later", + "RRA-KEEP-THIS-NOTICE", + "BSD-3-clause-with-weird-numbering", + "CC0-1.0", + "TEXT-TABS", + "BSD-4-clause-POWERDOG", + "BSD-3-clause-GENERIC", + "BSD-3-Clause", + "SDBM-PUBLIC-DOMAIN", + "DONT-CHANGE-THE-GPL", + "Artistic-dist", + "LGPL-2.1-only", + "GPL-1.0-only", + "GPL-2.0-only", + "Artistic-2", + "HSIEH-DERIVATIVE", + "HSIEH-BSD" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "perl-base@5.30.0-9ubuntu0.3" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/share/doc/perl-modules-5.30/README.Debian", + "/usr/share/doc/perl-modules-5.30/copyright", + "/usr/share/lintian/overrides/perl-modules-5.30", + "/usr/share/perl/5.30.0/AnyDBM_File.pm", + "/usr/share/perl/5.30.0/App/Cpan.pm", + "/usr/share/perl/5.30.0/App/Prove.pm", + "/usr/share/perl/5.30.0/App/Prove/State.pm", + "/usr/share/perl/5.30.0/App/Prove/State/Result.pm", + "/usr/share/perl/5.30.0/App/Prove/State/Result/Test.pm", + "/usr/share/perl/5.30.0/Archive/Tar.pm", + "/usr/share/perl/5.30.0/Archive/Tar/Constant.pm", + "/usr/share/perl/5.30.0/Archive/Tar/File.pm", + "/usr/share/perl/5.30.0/Attribute/Handlers.pm", + "/usr/share/perl/5.30.0/AutoLoader.pm", + "/usr/share/perl/5.30.0/AutoSplit.pm", + "/usr/share/perl/5.30.0/B/Deparse.pm", + "/usr/share/perl/5.30.0/B/Op_private.pm", + "/usr/share/perl/5.30.0/Benchmark.pm", + "/usr/share/perl/5.30.0/CORE.pod", + "/usr/share/perl/5.30.0/CPAN.pm", + "/usr/share/perl/5.30.0/CPAN/API/HOWTO.pod", + "/usr/share/perl/5.30.0/CPAN/Author.pm", + "/usr/share/perl/5.30.0/CPAN/Bundle.pm", + "/usr/share/perl/5.30.0/CPAN/CacheMgr.pm", + "/usr/share/perl/5.30.0/CPAN/Complete.pm", + "/usr/share/perl/5.30.0/CPAN/Debug.pm", + "/usr/share/perl/5.30.0/CPAN/DeferredCode.pm", + "/usr/share/perl/5.30.0/CPAN/Distribution.pm", + "/usr/share/perl/5.30.0/CPAN/Distroprefs.pm", + "/usr/share/perl/5.30.0/CPAN/Distrostatus.pm", + "/usr/share/perl/5.30.0/CPAN/Exception/RecursiveDependency.pm", + "/usr/share/perl/5.30.0/CPAN/Exception/blocked_urllist.pm", + "/usr/share/perl/5.30.0/CPAN/Exception/yaml_not_installed.pm", + "/usr/share/perl/5.30.0/CPAN/Exception/yaml_process_error.pm", + "/usr/share/perl/5.30.0/CPAN/FTP.pm", + "/usr/share/perl/5.30.0/CPAN/FTP/netrc.pm", + "/usr/share/perl/5.30.0/CPAN/FirstTime.pm", + "/usr/share/perl/5.30.0/CPAN/HTTP/Client.pm", + "/usr/share/perl/5.30.0/CPAN/HTTP/Credentials.pm", + "/usr/share/perl/5.30.0/CPAN/HandleConfig.pm", + "/usr/share/perl/5.30.0/CPAN/Index.pm", + "/usr/share/perl/5.30.0/CPAN/InfoObj.pm", + "/usr/share/perl/5.30.0/CPAN/Kwalify.pm", + "/usr/share/perl/5.30.0/CPAN/Kwalify/distroprefs.dd", + "/usr/share/perl/5.30.0/CPAN/Kwalify/distroprefs.yml", + "/usr/share/perl/5.30.0/CPAN/LWP/UserAgent.pm", + "/usr/share/perl/5.30.0/CPAN/Meta.pm", + "/usr/share/perl/5.30.0/CPAN/Meta/Converter.pm", + "/usr/share/perl/5.30.0/CPAN/Meta/Feature.pm", + "/usr/share/perl/5.30.0/CPAN/Meta/History.pm", + "/usr/share/perl/5.30.0/CPAN/Meta/History/Meta_1_0.pod", + "/usr/share/perl/5.30.0/CPAN/Meta/History/Meta_1_1.pod", + "/usr/share/perl/5.30.0/CPAN/Meta/History/Meta_1_2.pod", + "/usr/share/perl/5.30.0/CPAN/Meta/History/Meta_1_3.pod", + "/usr/share/perl/5.30.0/CPAN/Meta/History/Meta_1_4.pod", + "/usr/share/perl/5.30.0/CPAN/Meta/Merge.pm", + "/usr/share/perl/5.30.0/CPAN/Meta/Prereqs.pm", + "/usr/share/perl/5.30.0/CPAN/Meta/Requirements.pm", + "/usr/share/perl/5.30.0/CPAN/Meta/Spec.pm", + "/usr/share/perl/5.30.0/CPAN/Meta/Validator.pm", + "/usr/share/perl/5.30.0/CPAN/Meta/YAML.pm", + "/usr/share/perl/5.30.0/CPAN/Mirrors.pm", + "/usr/share/perl/5.30.0/CPAN/Module.pm", + "/usr/share/perl/5.30.0/CPAN/Nox.pm", + "/usr/share/perl/5.30.0/CPAN/Plugin.pm", + "/usr/share/perl/5.30.0/CPAN/Plugin/Specfile.pm", + "/usr/share/perl/5.30.0/CPAN/Prompt.pm", + "/usr/share/perl/5.30.0/CPAN/Queue.pm", + "/usr/share/perl/5.30.0/CPAN/Shell.pm", + "/usr/share/perl/5.30.0/CPAN/Tarzip.pm", + "/usr/share/perl/5.30.0/CPAN/URL.pm", + "/usr/share/perl/5.30.0/CPAN/Version.pm", + "/usr/share/perl/5.30.0/Carp.pm", + "/usr/share/perl/5.30.0/Carp/Heavy.pm", + "/usr/share/perl/5.30.0/Class/Struct.pm", + "/usr/share/perl/5.30.0/Compress/Zlib.pm", + "/usr/share/perl/5.30.0/Config/Extensions.pm", + "/usr/share/perl/5.30.0/Config/Perl/V.pm", + "/usr/share/perl/5.30.0/DB.pm", + "/usr/share/perl/5.30.0/DBM_Filter.pm", + "/usr/share/perl/5.30.0/DBM_Filter/compress.pm", + "/usr/share/perl/5.30.0/DBM_Filter/encode.pm", + "/usr/share/perl/5.30.0/DBM_Filter/int32.pm", + "/usr/share/perl/5.30.0/DBM_Filter/null.pm", + "/usr/share/perl/5.30.0/DBM_Filter/utf8.pm", + "/usr/share/perl/5.30.0/Devel/SelfStubber.pm", + "/usr/share/perl/5.30.0/Digest.pm", + "/usr/share/perl/5.30.0/Digest/base.pm", + "/usr/share/perl/5.30.0/Digest/file.pm", + "/usr/share/perl/5.30.0/DirHandle.pm", + "/usr/share/perl/5.30.0/Dumpvalue.pm", + "/usr/share/perl/5.30.0/Encode/Changes.e2x", + "/usr/share/perl/5.30.0/Encode/ConfigLocal_PM.e2x", + "/usr/share/perl/5.30.0/Encode/Makefile_PL.e2x", + "/usr/share/perl/5.30.0/Encode/PerlIO.pod", + "/usr/share/perl/5.30.0/Encode/README.e2x", + "/usr/share/perl/5.30.0/Encode/Supported.pod", + "/usr/share/perl/5.30.0/Encode/_PM.e2x", + "/usr/share/perl/5.30.0/Encode/_T.e2x", + "/usr/share/perl/5.30.0/Encode/encode.h", + "/usr/share/perl/5.30.0/English.pm", + "/usr/share/perl/5.30.0/Env.pm", + "/usr/share/perl/5.30.0/Exporter.pm", + "/usr/share/perl/5.30.0/Exporter/Heavy.pm", + "/usr/share/perl/5.30.0/ExtUtils/CBuilder.pm", + "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Base.pm", + "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/Unix.pm", + "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/VMS.pm", + "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/Windows.pm", + "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/Windows/BCC.pm", + "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/Windows/GCC.pm", + "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/Windows/MSVC.pm", + "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/aix.pm", + "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/android.pm", + "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/cygwin.pm", + "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/darwin.pm", + "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/dec_osf.pm", + "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/os2.pm", + "/usr/share/perl/5.30.0/ExtUtils/Command.pm", + "/usr/share/perl/5.30.0/ExtUtils/Command/MM.pm", + "/usr/share/perl/5.30.0/ExtUtils/Constant.pm", + "/usr/share/perl/5.30.0/ExtUtils/Constant/Base.pm", + "/usr/share/perl/5.30.0/ExtUtils/Constant/ProxySubs.pm", + "/usr/share/perl/5.30.0/ExtUtils/Constant/Utils.pm", + "/usr/share/perl/5.30.0/ExtUtils/Constant/XS.pm", + "/usr/share/perl/5.30.0/ExtUtils/Embed.pm", + "/usr/share/perl/5.30.0/ExtUtils/Install.pm", + "/usr/share/perl/5.30.0/ExtUtils/Installed.pm", + "/usr/share/perl/5.30.0/ExtUtils/Liblist.pm", + "/usr/share/perl/5.30.0/ExtUtils/Liblist/Kid.pm", + "/usr/share/perl/5.30.0/ExtUtils/MANIFEST.SKIP", + "/usr/share/perl/5.30.0/ExtUtils/MM.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_AIX.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_Any.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_BeOS.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_Cygwin.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_DOS.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_Darwin.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_MacOS.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_NW5.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_OS2.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_QNX.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_UWIN.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_Unix.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_VMS.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_VOS.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_Win32.pm", + "/usr/share/perl/5.30.0/ExtUtils/MM_Win95.pm", + "/usr/share/perl/5.30.0/ExtUtils/MY.pm", + "/usr/share/perl/5.30.0/ExtUtils/MakeMaker.pm", + "/usr/share/perl/5.30.0/ExtUtils/MakeMaker/Config.pm", + "/usr/share/perl/5.30.0/ExtUtils/MakeMaker/FAQ.pod", + "/usr/share/perl/5.30.0/ExtUtils/MakeMaker/Locale.pm", + "/usr/share/perl/5.30.0/ExtUtils/MakeMaker/Tutorial.pod", + "/usr/share/perl/5.30.0/ExtUtils/MakeMaker/version.pm", + "/usr/share/perl/5.30.0/ExtUtils/Manifest.pm", + "/usr/share/perl/5.30.0/ExtUtils/Miniperl.pm", + "/usr/share/perl/5.30.0/ExtUtils/Mkbootstrap.pm", + "/usr/share/perl/5.30.0/ExtUtils/Mksymlists.pm", + "/usr/share/perl/5.30.0/ExtUtils/Packlist.pm", + "/usr/share/perl/5.30.0/ExtUtils/ParseXS.pm", + "/usr/share/perl/5.30.0/ExtUtils/ParseXS.pod", + "/usr/share/perl/5.30.0/ExtUtils/ParseXS/Constants.pm", + "/usr/share/perl/5.30.0/ExtUtils/ParseXS/CountLines.pm", + "/usr/share/perl/5.30.0/ExtUtils/ParseXS/Eval.pm", + "/usr/share/perl/5.30.0/ExtUtils/ParseXS/Utilities.pm", + "/usr/share/perl/5.30.0/ExtUtils/Typemaps.pm", + "/usr/share/perl/5.30.0/ExtUtils/Typemaps/Cmd.pm", + "/usr/share/perl/5.30.0/ExtUtils/Typemaps/InputMap.pm", + "/usr/share/perl/5.30.0/ExtUtils/Typemaps/OutputMap.pm", + "/usr/share/perl/5.30.0/ExtUtils/Typemaps/Type.pm", + "/usr/share/perl/5.30.0/ExtUtils/testlib.pm", + "/usr/share/perl/5.30.0/ExtUtils/typemap", + "/usr/share/perl/5.30.0/ExtUtils/xsubpp", + "/usr/share/perl/5.30.0/Fatal.pm", + "/usr/share/perl/5.30.0/File/Basename.pm", + "/usr/share/perl/5.30.0/File/Compare.pm", + "/usr/share/perl/5.30.0/File/Copy.pm", + "/usr/share/perl/5.30.0/File/Fetch.pm", + "/usr/share/perl/5.30.0/File/Find.pm", + "/usr/share/perl/5.30.0/File/GlobMapper.pm", + "/usr/share/perl/5.30.0/File/Path.pm", + "/usr/share/perl/5.30.0/File/Temp.pm", + "/usr/share/perl/5.30.0/File/stat.pm", + "/usr/share/perl/5.30.0/FileCache.pm", + "/usr/share/perl/5.30.0/FileHandle.pm", + "/usr/share/perl/5.30.0/Filter/Simple.pm", + "/usr/share/perl/5.30.0/FindBin.pm", + "/usr/share/perl/5.30.0/Getopt/Long.pm", + "/usr/share/perl/5.30.0/Getopt/Std.pm", + "/usr/share/perl/5.30.0/HTTP/Tiny.pm", + "/usr/share/perl/5.30.0/I18N/Collate.pm", + "/usr/share/perl/5.30.0/I18N/LangTags.pm", + "/usr/share/perl/5.30.0/I18N/LangTags/Detect.pm", + "/usr/share/perl/5.30.0/I18N/LangTags/List.pm", + "/usr/share/perl/5.30.0/IO/Compress/Adapter/Bzip2.pm", + "/usr/share/perl/5.30.0/IO/Compress/Adapter/Deflate.pm", + "/usr/share/perl/5.30.0/IO/Compress/Adapter/Identity.pm", + "/usr/share/perl/5.30.0/IO/Compress/Base.pm", + "/usr/share/perl/5.30.0/IO/Compress/Base/Common.pm", + "/usr/share/perl/5.30.0/IO/Compress/Bzip2.pm", + "/usr/share/perl/5.30.0/IO/Compress/Deflate.pm", + "/usr/share/perl/5.30.0/IO/Compress/FAQ.pod", + "/usr/share/perl/5.30.0/IO/Compress/Gzip.pm", + "/usr/share/perl/5.30.0/IO/Compress/Gzip/Constants.pm", + "/usr/share/perl/5.30.0/IO/Compress/RawDeflate.pm", + "/usr/share/perl/5.30.0/IO/Compress/Zip.pm", + "/usr/share/perl/5.30.0/IO/Compress/Zip/Constants.pm", + "/usr/share/perl/5.30.0/IO/Compress/Zlib/Constants.pm", + "/usr/share/perl/5.30.0/IO/Compress/Zlib/Extra.pm", + "/usr/share/perl/5.30.0/IO/Socket/IP.pm", + "/usr/share/perl/5.30.0/IO/Uncompress/Adapter/Bunzip2.pm", + "/usr/share/perl/5.30.0/IO/Uncompress/Adapter/Identity.pm", + "/usr/share/perl/5.30.0/IO/Uncompress/Adapter/Inflate.pm", + "/usr/share/perl/5.30.0/IO/Uncompress/AnyInflate.pm", + "/usr/share/perl/5.30.0/IO/Uncompress/AnyUncompress.pm", + "/usr/share/perl/5.30.0/IO/Uncompress/Base.pm", + "/usr/share/perl/5.30.0/IO/Uncompress/Bunzip2.pm", + "/usr/share/perl/5.30.0/IO/Uncompress/Gunzip.pm", + "/usr/share/perl/5.30.0/IO/Uncompress/Inflate.pm", + "/usr/share/perl/5.30.0/IO/Uncompress/RawInflate.pm", + "/usr/share/perl/5.30.0/IO/Uncompress/Unzip.pm", + "/usr/share/perl/5.30.0/IO/Zlib.pm", + "/usr/share/perl/5.30.0/IPC/Cmd.pm", + "/usr/share/perl/5.30.0/IPC/Open2.pm", + "/usr/share/perl/5.30.0/IPC/Open3.pm", + "/usr/share/perl/5.30.0/Internals.pod", + "/usr/share/perl/5.30.0/JSON/PP.pm", + "/usr/share/perl/5.30.0/JSON/PP/Boolean.pm", + "/usr/share/perl/5.30.0/Locale/Maketext.pm", + "/usr/share/perl/5.30.0/Locale/Maketext.pod", + "/usr/share/perl/5.30.0/Locale/Maketext/Cookbook.pod", + "/usr/share/perl/5.30.0/Locale/Maketext/Guts.pm", + "/usr/share/perl/5.30.0/Locale/Maketext/GutsLoader.pm", + "/usr/share/perl/5.30.0/Locale/Maketext/Simple.pm", + "/usr/share/perl/5.30.0/Locale/Maketext/TPJ13.pod", + "/usr/share/perl/5.30.0/Math/BigFloat.pm", + "/usr/share/perl/5.30.0/Math/BigFloat/Trace.pm", + "/usr/share/perl/5.30.0/Math/BigInt.pm", + "/usr/share/perl/5.30.0/Math/BigInt/Calc.pm", + "/usr/share/perl/5.30.0/Math/BigInt/Lib.pm", + "/usr/share/perl/5.30.0/Math/BigInt/Trace.pm", + "/usr/share/perl/5.30.0/Math/BigRat.pm", + "/usr/share/perl/5.30.0/Math/Complex.pm", + "/usr/share/perl/5.30.0/Math/Trig.pm", + "/usr/share/perl/5.30.0/Memoize.pm", + "/usr/share/perl/5.30.0/Memoize/AnyDBM_File.pm", + "/usr/share/perl/5.30.0/Memoize/Expire.pm", + "/usr/share/perl/5.30.0/Memoize/ExpireFile.pm", + "/usr/share/perl/5.30.0/Memoize/ExpireTest.pm", + "/usr/share/perl/5.30.0/Memoize/NDBM_File.pm", + "/usr/share/perl/5.30.0/Memoize/SDBM_File.pm", + "/usr/share/perl/5.30.0/Memoize/Storable.pm", + "/usr/share/perl/5.30.0/Module/CoreList.pm", + "/usr/share/perl/5.30.0/Module/CoreList.pod", + "/usr/share/perl/5.30.0/Module/CoreList/Utils.pm", + "/usr/share/perl/5.30.0/Module/Load.pm", + "/usr/share/perl/5.30.0/Module/Load/Conditional.pm", + "/usr/share/perl/5.30.0/Module/Loaded.pm", + "/usr/share/perl/5.30.0/Module/Metadata.pm", + "/usr/share/perl/5.30.0/NEXT.pm", + "/usr/share/perl/5.30.0/Net/Cmd.pm", + "/usr/share/perl/5.30.0/Net/Config.pm", + "/usr/share/perl/5.30.0/Net/Domain.pm", + "/usr/share/perl/5.30.0/Net/FTP.pm", + "/usr/share/perl/5.30.0/Net/FTP/A.pm", + "/usr/share/perl/5.30.0/Net/FTP/E.pm", + "/usr/share/perl/5.30.0/Net/FTP/I.pm", + "/usr/share/perl/5.30.0/Net/FTP/L.pm", + "/usr/share/perl/5.30.0/Net/FTP/dataconn.pm", + "/usr/share/perl/5.30.0/Net/NNTP.pm", + "/usr/share/perl/5.30.0/Net/Netrc.pm", + "/usr/share/perl/5.30.0/Net/POP3.pm", + "/usr/share/perl/5.30.0/Net/Ping.pm", + "/usr/share/perl/5.30.0/Net/SMTP.pm", + "/usr/share/perl/5.30.0/Net/Time.pm", + "/usr/share/perl/5.30.0/Net/hostent.pm", + "/usr/share/perl/5.30.0/Net/libnetFAQ.pod", + "/usr/share/perl/5.30.0/Net/netent.pm", + "/usr/share/perl/5.30.0/Net/protoent.pm", + "/usr/share/perl/5.30.0/Net/servent.pm", + "/usr/share/perl/5.30.0/Params/Check.pm", + "/usr/share/perl/5.30.0/Parse/CPAN/Meta.pm", + "/usr/share/perl/5.30.0/Perl/OSType.pm", + "/usr/share/perl/5.30.0/PerlIO.pm", + "/usr/share/perl/5.30.0/PerlIO/via/QuotedPrint.pm", + "/usr/share/perl/5.30.0/Pod/Checker.pm", + "/usr/share/perl/5.30.0/Pod/Escapes.pm", + "/usr/share/perl/5.30.0/Pod/Find.pm", + "/usr/share/perl/5.30.0/Pod/Functions.pm", + "/usr/share/perl/5.30.0/Pod/Html.pm", + "/usr/share/perl/5.30.0/Pod/InputObjects.pm", + "/usr/share/perl/5.30.0/Pod/Man.pm", + "/usr/share/perl/5.30.0/Pod/ParseLink.pm", + "/usr/share/perl/5.30.0/Pod/ParseUtils.pm", + "/usr/share/perl/5.30.0/Pod/Parser.pm", + "/usr/share/perl/5.30.0/Pod/Perldoc.pm", + "/usr/share/perl/5.30.0/Pod/Perldoc/BaseTo.pm", + "/usr/share/perl/5.30.0/Pod/Perldoc/GetOptsOO.pm", + "/usr/share/perl/5.30.0/Pod/Perldoc/ToANSI.pm", + "/usr/share/perl/5.30.0/Pod/Perldoc/ToChecker.pm", + "/usr/share/perl/5.30.0/Pod/Perldoc/ToMan.pm", + "/usr/share/perl/5.30.0/Pod/Perldoc/ToNroff.pm", + "/usr/share/perl/5.30.0/Pod/Perldoc/ToPod.pm", + "/usr/share/perl/5.30.0/Pod/Perldoc/ToRtf.pm", + "/usr/share/perl/5.30.0/Pod/Perldoc/ToTerm.pm", + "/usr/share/perl/5.30.0/Pod/Perldoc/ToText.pm", + "/usr/share/perl/5.30.0/Pod/Perldoc/ToTk.pm", + "/usr/share/perl/5.30.0/Pod/Perldoc/ToXml.pm", + "/usr/share/perl/5.30.0/Pod/PlainText.pm", + "/usr/share/perl/5.30.0/Pod/Select.pm", + "/usr/share/perl/5.30.0/Pod/Simple.pm", + "/usr/share/perl/5.30.0/Pod/Simple.pod", + "/usr/share/perl/5.30.0/Pod/Simple/BlackBox.pm", + "/usr/share/perl/5.30.0/Pod/Simple/Checker.pm", + "/usr/share/perl/5.30.0/Pod/Simple/Debug.pm", + "/usr/share/perl/5.30.0/Pod/Simple/DumpAsText.pm", + "/usr/share/perl/5.30.0/Pod/Simple/DumpAsXML.pm", + "/usr/share/perl/5.30.0/Pod/Simple/HTML.pm", + "/usr/share/perl/5.30.0/Pod/Simple/HTMLBatch.pm", + "/usr/share/perl/5.30.0/Pod/Simple/HTMLLegacy.pm", + "/usr/share/perl/5.30.0/Pod/Simple/LinkSection.pm", + "/usr/share/perl/5.30.0/Pod/Simple/Methody.pm", + "/usr/share/perl/5.30.0/Pod/Simple/Progress.pm", + "/usr/share/perl/5.30.0/Pod/Simple/PullParser.pm", + "/usr/share/perl/5.30.0/Pod/Simple/PullParserEndToken.pm", + "/usr/share/perl/5.30.0/Pod/Simple/PullParserStartToken.pm", + "/usr/share/perl/5.30.0/Pod/Simple/PullParserTextToken.pm", + "/usr/share/perl/5.30.0/Pod/Simple/PullParserToken.pm", + "/usr/share/perl/5.30.0/Pod/Simple/RTF.pm", + "/usr/share/perl/5.30.0/Pod/Simple/Search.pm", + "/usr/share/perl/5.30.0/Pod/Simple/SimpleTree.pm", + "/usr/share/perl/5.30.0/Pod/Simple/Subclassing.pod", + "/usr/share/perl/5.30.0/Pod/Simple/Text.pm", + "/usr/share/perl/5.30.0/Pod/Simple/TextContent.pm", + "/usr/share/perl/5.30.0/Pod/Simple/TiedOutFH.pm", + "/usr/share/perl/5.30.0/Pod/Simple/Transcode.pm", + "/usr/share/perl/5.30.0/Pod/Simple/TranscodeDumb.pm", + "/usr/share/perl/5.30.0/Pod/Simple/TranscodeSmart.pm", + "/usr/share/perl/5.30.0/Pod/Simple/XHTML.pm", + "/usr/share/perl/5.30.0/Pod/Simple/XMLOutStream.pm", + "/usr/share/perl/5.30.0/Pod/Text.pm", + "/usr/share/perl/5.30.0/Pod/Text/Color.pm", + "/usr/share/perl/5.30.0/Pod/Text/Overstrike.pm", + "/usr/share/perl/5.30.0/Pod/Text/Termcap.pm", + "/usr/share/perl/5.30.0/Pod/Usage.pm", + "/usr/share/perl/5.30.0/Safe.pm", + "/usr/share/perl/5.30.0/Search/Dict.pm", + "/usr/share/perl/5.30.0/SelectSaver.pm", + "/usr/share/perl/5.30.0/SelfLoader.pm", + "/usr/share/perl/5.30.0/Symbol.pm", + "/usr/share/perl/5.30.0/TAP/Base.pm", + "/usr/share/perl/5.30.0/TAP/Formatter/Base.pm", + "/usr/share/perl/5.30.0/TAP/Formatter/Color.pm", + "/usr/share/perl/5.30.0/TAP/Formatter/Console.pm", + "/usr/share/perl/5.30.0/TAP/Formatter/Console/ParallelSession.pm", + "/usr/share/perl/5.30.0/TAP/Formatter/Console/Session.pm", + "/usr/share/perl/5.30.0/TAP/Formatter/File.pm", + "/usr/share/perl/5.30.0/TAP/Formatter/File/Session.pm", + "/usr/share/perl/5.30.0/TAP/Formatter/Session.pm", + "/usr/share/perl/5.30.0/TAP/Harness.pm", + "/usr/share/perl/5.30.0/TAP/Harness/Beyond.pod", + "/usr/share/perl/5.30.0/TAP/Harness/Env.pm", + "/usr/share/perl/5.30.0/TAP/Object.pm", + "/usr/share/perl/5.30.0/TAP/Parser.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Aggregator.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Grammar.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Iterator.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Iterator/Array.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Iterator/Process.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Iterator/Stream.pm", + "/usr/share/perl/5.30.0/TAP/Parser/IteratorFactory.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Multiplexer.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Result.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Result/Bailout.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Result/Comment.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Result/Plan.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Result/Pragma.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Result/Test.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Result/Unknown.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Result/Version.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Result/YAML.pm", + "/usr/share/perl/5.30.0/TAP/Parser/ResultFactory.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Scheduler.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Scheduler/Job.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Scheduler/Spinner.pm", + "/usr/share/perl/5.30.0/TAP/Parser/Source.pm", + "/usr/share/perl/5.30.0/TAP/Parser/SourceHandler.pm", + "/usr/share/perl/5.30.0/TAP/Parser/SourceHandler/Executable.pm", + "/usr/share/perl/5.30.0/TAP/Parser/SourceHandler/File.pm", + "/usr/share/perl/5.30.0/TAP/Parser/SourceHandler/Handle.pm", + "/usr/share/perl/5.30.0/TAP/Parser/SourceHandler/Perl.pm", + "/usr/share/perl/5.30.0/TAP/Parser/SourceHandler/RawTAP.pm", + "/usr/share/perl/5.30.0/TAP/Parser/YAMLish/Reader.pm", + "/usr/share/perl/5.30.0/TAP/Parser/YAMLish/Writer.pm", + "/usr/share/perl/5.30.0/Term/ANSIColor.pm", + "/usr/share/perl/5.30.0/Term/Cap.pm", + "/usr/share/perl/5.30.0/Term/Complete.pm", + "/usr/share/perl/5.30.0/Term/ReadLine.pm", + "/usr/share/perl/5.30.0/Test.pm", + "/usr/share/perl/5.30.0/Test/Builder.pm", + "/usr/share/perl/5.30.0/Test/Builder/Formatter.pm", + "/usr/share/perl/5.30.0/Test/Builder/IO/Scalar.pm", + "/usr/share/perl/5.30.0/Test/Builder/Module.pm", + "/usr/share/perl/5.30.0/Test/Builder/Tester.pm", + "/usr/share/perl/5.30.0/Test/Builder/Tester/Color.pm", + "/usr/share/perl/5.30.0/Test/Builder/TodoDiag.pm", + "/usr/share/perl/5.30.0/Test/Harness.pm", + "/usr/share/perl/5.30.0/Test/More.pm", + "/usr/share/perl/5.30.0/Test/Simple.pm", + "/usr/share/perl/5.30.0/Test/Tester.pm", + "/usr/share/perl/5.30.0/Test/Tester/Capture.pm", + "/usr/share/perl/5.30.0/Test/Tester/CaptureRunner.pm", + "/usr/share/perl/5.30.0/Test/Tester/Delegate.pm", + "/usr/share/perl/5.30.0/Test/Tutorial.pod", + "/usr/share/perl/5.30.0/Test/use/ok.pm", + "/usr/share/perl/5.30.0/Test2.pm", + "/usr/share/perl/5.30.0/Test2/API.pm", + "/usr/share/perl/5.30.0/Test2/API/Breakage.pm", + "/usr/share/perl/5.30.0/Test2/API/Context.pm", + "/usr/share/perl/5.30.0/Test2/API/Instance.pm", + "/usr/share/perl/5.30.0/Test2/API/Stack.pm", + "/usr/share/perl/5.30.0/Test2/Event.pm", + "/usr/share/perl/5.30.0/Test2/Event/Bail.pm", + "/usr/share/perl/5.30.0/Test2/Event/Diag.pm", + "/usr/share/perl/5.30.0/Test2/Event/Encoding.pm", + "/usr/share/perl/5.30.0/Test2/Event/Exception.pm", + "/usr/share/perl/5.30.0/Test2/Event/Fail.pm", + "/usr/share/perl/5.30.0/Test2/Event/Generic.pm", + "/usr/share/perl/5.30.0/Test2/Event/Note.pm", + "/usr/share/perl/5.30.0/Test2/Event/Ok.pm", + "/usr/share/perl/5.30.0/Test2/Event/Pass.pm", + "/usr/share/perl/5.30.0/Test2/Event/Plan.pm", + "/usr/share/perl/5.30.0/Test2/Event/Skip.pm", + "/usr/share/perl/5.30.0/Test2/Event/Subtest.pm", + "/usr/share/perl/5.30.0/Test2/Event/TAP/Version.pm", + "/usr/share/perl/5.30.0/Test2/Event/V2.pm", + "/usr/share/perl/5.30.0/Test2/Event/Waiting.pm", + "/usr/share/perl/5.30.0/Test2/EventFacet.pm", + "/usr/share/perl/5.30.0/Test2/EventFacet/About.pm", + "/usr/share/perl/5.30.0/Test2/EventFacet/Amnesty.pm", + "/usr/share/perl/5.30.0/Test2/EventFacet/Assert.pm", + "/usr/share/perl/5.30.0/Test2/EventFacet/Control.pm", + "/usr/share/perl/5.30.0/Test2/EventFacet/Error.pm", + "/usr/share/perl/5.30.0/Test2/EventFacet/Hub.pm", + "/usr/share/perl/5.30.0/Test2/EventFacet/Info.pm", + "/usr/share/perl/5.30.0/Test2/EventFacet/Info/Table.pm", + "/usr/share/perl/5.30.0/Test2/EventFacet/Meta.pm", + "/usr/share/perl/5.30.0/Test2/EventFacet/Parent.pm", + "/usr/share/perl/5.30.0/Test2/EventFacet/Plan.pm", + "/usr/share/perl/5.30.0/Test2/EventFacet/Render.pm", + "/usr/share/perl/5.30.0/Test2/EventFacet/Trace.pm", + "/usr/share/perl/5.30.0/Test2/Formatter.pm", + "/usr/share/perl/5.30.0/Test2/Formatter/TAP.pm", + "/usr/share/perl/5.30.0/Test2/Hub.pm", + "/usr/share/perl/5.30.0/Test2/Hub/Interceptor.pm", + "/usr/share/perl/5.30.0/Test2/Hub/Interceptor/Terminator.pm", + "/usr/share/perl/5.30.0/Test2/Hub/Subtest.pm", + "/usr/share/perl/5.30.0/Test2/IPC.pm", + "/usr/share/perl/5.30.0/Test2/IPC/Driver.pm", + "/usr/share/perl/5.30.0/Test2/IPC/Driver/Files.pm", + "/usr/share/perl/5.30.0/Test2/Tools/Tiny.pm", + "/usr/share/perl/5.30.0/Test2/Transition.pod", + "/usr/share/perl/5.30.0/Test2/Util.pm", + "/usr/share/perl/5.30.0/Test2/Util/ExternalMeta.pm", + "/usr/share/perl/5.30.0/Test2/Util/Facets2Legacy.pm", + "/usr/share/perl/5.30.0/Test2/Util/HashBase.pm", + "/usr/share/perl/5.30.0/Test2/Util/Trace.pm", + "/usr/share/perl/5.30.0/Text/Abbrev.pm", + "/usr/share/perl/5.30.0/Text/Balanced.pm", + "/usr/share/perl/5.30.0/Text/ParseWords.pm", + "/usr/share/perl/5.30.0/Text/Tabs.pm", + "/usr/share/perl/5.30.0/Text/Wrap.pm", + "/usr/share/perl/5.30.0/Thread.pm", + "/usr/share/perl/5.30.0/Thread/Queue.pm", + "/usr/share/perl/5.30.0/Thread/Semaphore.pm", + "/usr/share/perl/5.30.0/Tie/Array.pm", + "/usr/share/perl/5.30.0/Tie/File.pm", + "/usr/share/perl/5.30.0/Tie/Handle.pm", + "/usr/share/perl/5.30.0/Tie/Hash.pm", + "/usr/share/perl/5.30.0/Tie/Memoize.pm", + "/usr/share/perl/5.30.0/Tie/RefHash.pm", + "/usr/share/perl/5.30.0/Tie/Scalar.pm", + "/usr/share/perl/5.30.0/Tie/StdHandle.pm", + "/usr/share/perl/5.30.0/Tie/SubstrHash.pm", + "/usr/share/perl/5.30.0/Time/Local.pm", + "/usr/share/perl/5.30.0/Time/gmtime.pm", + "/usr/share/perl/5.30.0/Time/localtime.pm", + "/usr/share/perl/5.30.0/Time/tm.pm", + "/usr/share/perl/5.30.0/UNIVERSAL.pm", + "/usr/share/perl/5.30.0/Unicode/Collate/CJK/Big5.pm", + "/usr/share/perl/5.30.0/Unicode/Collate/CJK/GB2312.pm", + "/usr/share/perl/5.30.0/Unicode/Collate/CJK/JISX0208.pm", + "/usr/share/perl/5.30.0/Unicode/Collate/CJK/Korean.pm", + "/usr/share/perl/5.30.0/Unicode/Collate/CJK/Pinyin.pm", + "/usr/share/perl/5.30.0/Unicode/Collate/CJK/Stroke.pm", + "/usr/share/perl/5.30.0/Unicode/Collate/CJK/Zhuyin.pm", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/af.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ar.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/as.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/az.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/be.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/bn.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ca.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/cs.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/cu.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/cy.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/da.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/de_at_ph.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/de_phone.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/dsb.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ee.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/eo.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/es.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/es_trad.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/et.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/fa.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/fi.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/fi_phone.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/fil.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/fo.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/fr_ca.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/gu.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ha.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/haw.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/he.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/hi.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/hr.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/hu.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/hy.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ig.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/is.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ja.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/kk.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/kl.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/kn.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ko.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/kok.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/lkt.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ln.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/lt.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/lv.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/mk.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ml.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/mr.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/mt.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/nb.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/nn.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/nso.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/om.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/or.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/pa.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/pl.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ro.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/sa.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/se.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/si.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/si_dict.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/sk.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/sl.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/sq.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/sr.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/sv.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/sv_refo.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ta.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/te.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/th.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/tn.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/to.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/tr.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ug_cyrl.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/uk.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ur.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/vi.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/vo.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/wae.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/wo.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/yo.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/zh.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/zh_big5.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/zh_gb.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/zh_pin.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/zh_strk.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/Locale/zh_zhu.pl", + "/usr/share/perl/5.30.0/Unicode/Collate/allkeys.txt", + "/usr/share/perl/5.30.0/Unicode/Collate/keys.txt", + "/usr/share/perl/5.30.0/Unicode/UCD.pm", + "/usr/share/perl/5.30.0/User/grent.pm", + "/usr/share/perl/5.30.0/User/pwent.pm", + "/usr/share/perl/5.30.0/XSLoader.pm", + "/usr/share/perl/5.30.0/_charnames.pm", + "/usr/share/perl/5.30.0/autodie.pm", + "/usr/share/perl/5.30.0/autodie/Scope/Guard.pm", + "/usr/share/perl/5.30.0/autodie/Scope/GuardStack.pm", + "/usr/share/perl/5.30.0/autodie/Util.pm", + "/usr/share/perl/5.30.0/autodie/exception.pm", + "/usr/share/perl/5.30.0/autodie/exception/system.pm", + "/usr/share/perl/5.30.0/autodie/hints.pm", + "/usr/share/perl/5.30.0/autodie/skip.pm", + "/usr/share/perl/5.30.0/autouse.pm", + "/usr/share/perl/5.30.0/base.pm", + "/usr/share/perl/5.30.0/bigint.pm", + "/usr/share/perl/5.30.0/bignum.pm", + "/usr/share/perl/5.30.0/bigrat.pm", + "/usr/share/perl/5.30.0/blib.pm", + "/usr/share/perl/5.30.0/bytes.pm", + "/usr/share/perl/5.30.0/bytes_heavy.pl", + "/usr/share/perl/5.30.0/charnames.pm", + "/usr/share/perl/5.30.0/constant.pm", + "/usr/share/perl/5.30.0/deprecate.pm", + "/usr/share/perl/5.30.0/diagnostics.pm", + "/usr/share/perl/5.30.0/dumpvar.pl", + "/usr/share/perl/5.30.0/encoding/warnings.pm", + "/usr/share/perl/5.30.0/experimental.pm", + "/usr/share/perl/5.30.0/feature.pm", + "/usr/share/perl/5.30.0/fields.pm", + "/usr/share/perl/5.30.0/filetest.pm", + "/usr/share/perl/5.30.0/if.pm", + "/usr/share/perl/5.30.0/integer.pm", + "/usr/share/perl/5.30.0/less.pm", + "/usr/share/perl/5.30.0/locale.pm", + "/usr/share/perl/5.30.0/meta_notation.pm", + "/usr/share/perl/5.30.0/ok.pm", + "/usr/share/perl/5.30.0/open.pm", + "/usr/share/perl/5.30.0/overload.pm", + "/usr/share/perl/5.30.0/overload/numbers.pm", + "/usr/share/perl/5.30.0/overloading.pm", + "/usr/share/perl/5.30.0/parent.pm", + "/usr/share/perl/5.30.0/perl5db.pl", + "/usr/share/perl/5.30.0/perlfaq.pm", + "/usr/share/perl/5.30.0/pod/perldiag.pod", + "/usr/share/perl/5.30.0/sigtrap.pm", + "/usr/share/perl/5.30.0/sort.pm", + "/usr/share/perl/5.30.0/strict.pm", + "/usr/share/perl/5.30.0/subs.pm", + "/usr/share/perl/5.30.0/unicore/Blocks.txt", + "/usr/share/perl/5.30.0/unicore/CombiningClass.pl", + "/usr/share/perl/5.30.0/unicore/Decomposition.pl", + "/usr/share/perl/5.30.0/unicore/Heavy.pl", + "/usr/share/perl/5.30.0/unicore/Name.pl", + "/usr/share/perl/5.30.0/unicore/Name.pm", + "/usr/share/perl/5.30.0/unicore/NamedSequences.txt", + "/usr/share/perl/5.30.0/unicore/SpecialCasing.txt", + "/usr/share/perl/5.30.0/unicore/To/Age.pl", + "/usr/share/perl/5.30.0/unicore/To/Bc.pl", + "/usr/share/perl/5.30.0/unicore/To/Bmg.pl", + "/usr/share/perl/5.30.0/unicore/To/Bpb.pl", + "/usr/share/perl/5.30.0/unicore/To/Bpt.pl", + "/usr/share/perl/5.30.0/unicore/To/Cf.pl", + "/usr/share/perl/5.30.0/unicore/To/Digit.pl", + "/usr/share/perl/5.30.0/unicore/To/Ea.pl", + "/usr/share/perl/5.30.0/unicore/To/EqUIdeo.pl", + "/usr/share/perl/5.30.0/unicore/To/Fold.pl", + "/usr/share/perl/5.30.0/unicore/To/GCB.pl", + "/usr/share/perl/5.30.0/unicore/To/Gc.pl", + "/usr/share/perl/5.30.0/unicore/To/Hst.pl", + "/usr/share/perl/5.30.0/unicore/To/InPC.pl", + "/usr/share/perl/5.30.0/unicore/To/InSC.pl", + "/usr/share/perl/5.30.0/unicore/To/Isc.pl", + "/usr/share/perl/5.30.0/unicore/To/Jg.pl", + "/usr/share/perl/5.30.0/unicore/To/Jt.pl", + "/usr/share/perl/5.30.0/unicore/To/Lb.pl", + "/usr/share/perl/5.30.0/unicore/To/Lc.pl", + "/usr/share/perl/5.30.0/unicore/To/Lower.pl", + "/usr/share/perl/5.30.0/unicore/To/NFCQC.pl", + "/usr/share/perl/5.30.0/unicore/To/NFDQC.pl", + "/usr/share/perl/5.30.0/unicore/To/NFKCCF.pl", + "/usr/share/perl/5.30.0/unicore/To/NFKCQC.pl", + "/usr/share/perl/5.30.0/unicore/To/NFKDQC.pl", + "/usr/share/perl/5.30.0/unicore/To/Na1.pl", + "/usr/share/perl/5.30.0/unicore/To/NameAlia.pl", + "/usr/share/perl/5.30.0/unicore/To/Nt.pl", + "/usr/share/perl/5.30.0/unicore/To/Nv.pl", + "/usr/share/perl/5.30.0/unicore/To/PerlDeci.pl", + "/usr/share/perl/5.30.0/unicore/To/SB.pl", + "/usr/share/perl/5.30.0/unicore/To/Sc.pl", + "/usr/share/perl/5.30.0/unicore/To/Scx.pl", + "/usr/share/perl/5.30.0/unicore/To/Tc.pl", + "/usr/share/perl/5.30.0/unicore/To/Title.pl", + "/usr/share/perl/5.30.0/unicore/To/Uc.pl", + "/usr/share/perl/5.30.0/unicore/To/Upper.pl", + "/usr/share/perl/5.30.0/unicore/To/Vo.pl", + "/usr/share/perl/5.30.0/unicore/To/WB.pl", + "/usr/share/perl/5.30.0/unicore/To/_PerlLB.pl", + "/usr/share/perl/5.30.0/unicore/To/_PerlSCX.pl", + "/usr/share/perl/5.30.0/unicore/UCD.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/NA.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V100.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V11.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V110.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V120.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V20.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V30.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V31.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V32.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V40.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V41.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V50.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V51.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V52.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V60.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V61.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V70.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V80.pl", + "/usr/share/perl/5.30.0/unicore/lib/Age/V90.pl", + "/usr/share/perl/5.30.0/unicore/lib/Alpha/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bc/AL.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bc/AN.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bc/B.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bc/BN.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bc/CS.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bc/EN.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bc/ES.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bc/ET.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bc/L.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bc/NSM.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bc/ON.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bc/R.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bc/WS.pl", + "/usr/share/perl/5.30.0/unicore/lib/BidiC/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/BidiM/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Blk/NB.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bpt/C.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bpt/N.pl", + "/usr/share/perl/5.30.0/unicore/lib/Bpt/O.pl", + "/usr/share/perl/5.30.0/unicore/lib/CE/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/CI/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/CWCF/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/CWCM/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/CWKCF/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/CWL/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/CWT/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/CWU/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Cased/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ccc/A.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ccc/AL.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ccc/AR.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ccc/ATAR.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ccc/B.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ccc/BR.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ccc/DB.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ccc/NK.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ccc/NR.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ccc/OV.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ccc/VR.pl", + "/usr/share/perl/5.30.0/unicore/lib/CompEx/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/DI/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dash/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dep/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dia/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dt/Com.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dt/Enc.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dt/Fin.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dt/Font.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dt/Init.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dt/Iso.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dt/Med.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dt/Nar.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dt/Nb.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dt/NonCanon.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dt/Sqr.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dt/Sub.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dt/Sup.pl", + "/usr/share/perl/5.30.0/unicore/lib/Dt/Vert.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ea/A.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ea/H.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ea/N.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ea/Na.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ea/W.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ext/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/GCB/CN.pl", + "/usr/share/perl/5.30.0/unicore/lib/GCB/EX.pl", + "/usr/share/perl/5.30.0/unicore/lib/GCB/LV.pl", + "/usr/share/perl/5.30.0/unicore/lib/GCB/LVT.pl", + "/usr/share/perl/5.30.0/unicore/lib/GCB/PP.pl", + "/usr/share/perl/5.30.0/unicore/lib/GCB/SM.pl", + "/usr/share/perl/5.30.0/unicore/lib/GCB/XX.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/C.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Cf.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Cn.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/L.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/LC.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Ll.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Lm.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Lo.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Lu.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/M.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Mc.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Me.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Mn.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/N.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Nd.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Nl.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/No.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/P.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Pc.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Pd.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Pe.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Pf.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Pi.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Po.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Ps.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/S.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Sc.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Sk.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Sm.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/So.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Z.pl", + "/usr/share/perl/5.30.0/unicore/lib/Gc/Zs.pl", + "/usr/share/perl/5.30.0/unicore/lib/GrBase/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/GrExt/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Hex/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Hst/NA.pl", + "/usr/share/perl/5.30.0/unicore/lib/Hyphen/T.pl", + "/usr/share/perl/5.30.0/unicore/lib/IDC/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/IDS/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Ideo/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/10_0.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/11_0.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/12_0.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/12_1.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/2_0.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/2_1.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/3_0.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/3_1.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/3_2.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/4_0.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/4_1.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/5_0.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/5_1.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/5_2.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/6_0.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/6_1.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/6_2.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/6_3.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/7_0.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/8_0.pl", + "/usr/share/perl/5.30.0/unicore/lib/In/9_0.pl", + "/usr/share/perl/5.30.0/unicore/lib/InPC/Bottom.pl", + "/usr/share/perl/5.30.0/unicore/lib/InPC/Left.pl", + "/usr/share/perl/5.30.0/unicore/lib/InPC/LeftAndR.pl", + "/usr/share/perl/5.30.0/unicore/lib/InPC/NA.pl", + "/usr/share/perl/5.30.0/unicore/lib/InPC/Overstru.pl", + "/usr/share/perl/5.30.0/unicore/lib/InPC/Right.pl", + "/usr/share/perl/5.30.0/unicore/lib/InPC/Top.pl", + "/usr/share/perl/5.30.0/unicore/lib/InPC/TopAndBo.pl", + "/usr/share/perl/5.30.0/unicore/lib/InPC/TopAndL2.pl", + "/usr/share/perl/5.30.0/unicore/lib/InPC/TopAndLe.pl", + "/usr/share/perl/5.30.0/unicore/lib/InPC/TopAndRi.pl", + "/usr/share/perl/5.30.0/unicore/lib/InPC/VisualOr.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Avagraha.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Bindu.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Cantilla.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Consona2.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Consona3.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Consona4.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Consona5.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Consona6.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Consona7.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Consonan.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Invisibl.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Nukta.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Number.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Other.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/PureKill.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Syllable.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/ToneMark.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Virama.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Visarga.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/Vowel.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/VowelDep.pl", + "/usr/share/perl/5.30.0/unicore/lib/InSC/VowelInd.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Ain.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Alef.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Beh.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Dal.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/FarsiYeh.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Feh.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Gaf.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Hah.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/HanifiRo.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Kaf.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Lam.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/NoJoinin.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Qaf.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Reh.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Sad.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Seen.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Waw.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jg/Yeh.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jt/C.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jt/D.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jt/L.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jt/R.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jt/T.pl", + "/usr/share/perl/5.30.0/unicore/lib/Jt/U.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/AI.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/AL.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/BA.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/BB.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/CJ.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/CL.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/CM.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/EB.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/EX.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/GL.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/ID.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/IN.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/IS.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/NS.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/NU.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/OP.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/PO.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/PR.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/QU.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/SA.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lb/XX.pl", + "/usr/share/perl/5.30.0/unicore/lib/Lower/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Math/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/NFCQC/M.pl", + "/usr/share/perl/5.30.0/unicore/lib/NFCQC/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/NFDQC/N.pl", + "/usr/share/perl/5.30.0/unicore/lib/NFDQC/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/NFKCQC/N.pl", + "/usr/share/perl/5.30.0/unicore/lib/NFKCQC/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/NFKDQC/N.pl", + "/usr/share/perl/5.30.0/unicore/lib/NFKDQC/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nt/Di.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nt/None.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nt/Nu.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/0.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/1.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/10.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/100.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/1000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/10000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/100000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/11.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/12.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/13.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/14.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/15.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/16.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/17.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/18.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/19.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/1_16.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/1_2.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/1_3.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/1_4.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/1_6.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/1_8.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/2.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/20.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/200.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/2000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/20000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/2_3.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/3.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/30.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/300.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/3000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/30000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/3_16.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/3_4.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/4.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/40.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/400.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/4000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/40000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/5.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/50.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/500.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/5000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/50000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/6.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/60.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/600.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/6000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/60000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/7.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/70.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/700.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/7000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/70000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/8.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/80.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/800.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/8000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/80000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/9.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/90.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/900.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/9000.pl", + "/usr/share/perl/5.30.0/unicore/lib/Nv/90000.pl", + "/usr/share/perl/5.30.0/unicore/lib/PCM/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/PatSyn/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/Alnum.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/Assigned.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/Blank.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/Graph.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/PerlWord.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/PosixPun.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/Print.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/SpacePer.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/Title.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/Word.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/XPosixPu.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlAny.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlCh2.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlCha.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlFol.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlIDC.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlIDS.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlIsI.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlNch.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlNon.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlPat.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlPr2.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlPro.pl", + "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlQuo.pl", + "/usr/share/perl/5.30.0/unicore/lib/QMark/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/SB/AT.pl", + "/usr/share/perl/5.30.0/unicore/lib/SB/CL.pl", + "/usr/share/perl/5.30.0/unicore/lib/SB/EX.pl", + "/usr/share/perl/5.30.0/unicore/lib/SB/FO.pl", + "/usr/share/perl/5.30.0/unicore/lib/SB/LE.pl", + "/usr/share/perl/5.30.0/unicore/lib/SB/LO.pl", + "/usr/share/perl/5.30.0/unicore/lib/SB/NU.pl", + "/usr/share/perl/5.30.0/unicore/lib/SB/SC.pl", + "/usr/share/perl/5.30.0/unicore/lib/SB/ST.pl", + "/usr/share/perl/5.30.0/unicore/lib/SB/Sp.pl", + "/usr/share/perl/5.30.0/unicore/lib/SB/UP.pl", + "/usr/share/perl/5.30.0/unicore/lib/SB/XX.pl", + "/usr/share/perl/5.30.0/unicore/lib/SD/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/STerm/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Arab.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Armn.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Beng.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Cprt.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Cyrl.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Deva.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Dupl.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Geor.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Glag.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Gong.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Gonm.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Gran.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Grek.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Gujr.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Guru.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Han.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Hang.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Hira.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Kana.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Knda.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Latn.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Limb.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Linb.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Mlym.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Mong.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Mult.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Orya.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Sinh.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Syrc.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Taml.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Telu.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Zinh.pl", + "/usr/share/perl/5.30.0/unicore/lib/Sc/Zyyy.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Adlm.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Arab.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Armn.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Beng.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Bhks.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Bopo.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Cakm.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Cham.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Copt.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Cprt.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Cyrl.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Deva.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Dupl.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Ethi.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Geor.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Glag.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Gong.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Gonm.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Gran.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Grek.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Gujr.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Guru.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Han.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Hang.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Hebr.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Hira.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Hmng.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Hmnp.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Kana.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Khar.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Khmr.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Khoj.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Knda.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Kthi.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Lana.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Lao.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Latn.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Limb.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Lina.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Linb.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Mlym.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Mong.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Mult.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Mymr.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Nand.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Orya.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Phlp.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Rohg.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Shrd.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Sind.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Sinh.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Syrc.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Tagb.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Takr.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Talu.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Taml.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Telu.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Thaa.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Tibt.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Tirh.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Xsux.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Yi.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Zinh.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Zyyy.pl", + "/usr/share/perl/5.30.0/unicore/lib/Scx/Zzzz.pl", + "/usr/share/perl/5.30.0/unicore/lib/Term/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/UIdeo/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Upper/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/Vo/R.pl", + "/usr/share/perl/5.30.0/unicore/lib/Vo/Tr.pl", + "/usr/share/perl/5.30.0/unicore/lib/Vo/Tu.pl", + "/usr/share/perl/5.30.0/unicore/lib/Vo/U.pl", + "/usr/share/perl/5.30.0/unicore/lib/WB/EX.pl", + "/usr/share/perl/5.30.0/unicore/lib/WB/Extend.pl", + "/usr/share/perl/5.30.0/unicore/lib/WB/FO.pl", + "/usr/share/perl/5.30.0/unicore/lib/WB/HL.pl", + "/usr/share/perl/5.30.0/unicore/lib/WB/KA.pl", + "/usr/share/perl/5.30.0/unicore/lib/WB/LE.pl", + "/usr/share/perl/5.30.0/unicore/lib/WB/MB.pl", + "/usr/share/perl/5.30.0/unicore/lib/WB/ML.pl", + "/usr/share/perl/5.30.0/unicore/lib/WB/MN.pl", + "/usr/share/perl/5.30.0/unicore/lib/WB/NU.pl", + "/usr/share/perl/5.30.0/unicore/lib/WB/WSegSpac.pl", + "/usr/share/perl/5.30.0/unicore/lib/WB/XX.pl", + "/usr/share/perl/5.30.0/unicore/lib/XIDC/Y.pl", + "/usr/share/perl/5.30.0/unicore/lib/XIDS/Y.pl", + "/usr/share/perl/5.30.0/unicore/uni_keywords.pl", + "/usr/share/perl/5.30.0/unicore/version", + "/usr/share/perl/5.30.0/utf8.pm", + "/usr/share/perl/5.30.0/utf8_heavy.pl", + "/usr/share/perl/5.30.0/vars.pm", + "/usr/share/perl/5.30.0/version.pm", + "/usr/share/perl/5.30.0/version.pod", + "/usr/share/perl/5.30.0/version/Internals.pod", + "/usr/share/perl/5.30.0/version/regex.pm", + "/usr/share/perl/5.30.0/vmsish.pm", + "/usr/share/perl/5.30.0/warnings.pm", + "/usr/share/perl/5.30.0/warnings/register.pm" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "procps@2:3.3.16-1ubuntu2.3", + "Name": "procps", + "Identifier": { + "PURL": "pkg:deb/ubuntu/procps@3.3.16-1ubuntu2.3?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=2", + "UID": "2e438941f5c4c412" + }, + "Version": "3.3.16", + "Release": "1ubuntu2.3", + "Epoch": 2, + "Arch": "amd64", + "SrcName": "procps", + "SrcVersion": "3.3.16", + "SrcRelease": "1ubuntu2.3", + "SrcEpoch": 2, + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.0-or-later", + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "init-system-helpers@1.57", + "libc6@2.31-0ubuntu9.9", + "libncurses6@6.2-0ubuntu2", + "libncursesw6@6.2-0ubuntu2", + "libprocps8@2:3.3.16-1ubuntu2.3", + "libtinfo6@6.2-0ubuntu2", + "lsb-base@11.1.0ubuntu2" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/bin/kill", + "/bin/ps", + "/sbin/sysctl", + "/usr/bin/free", + "/usr/bin/pgrep", + "/usr/bin/pmap", + "/usr/bin/pwdx", + "/usr/bin/skill", + "/usr/bin/slabtop", + "/usr/bin/tload", + "/usr/bin/top", + "/usr/bin/uptime", + "/usr/bin/vmstat", + "/usr/bin/w.procps", + "/usr/bin/watch", + "/usr/lib/sysctl.d/protect-links.conf", + "/usr/share/bug/procps/presubj", + "/usr/share/doc/procps/FAQ.gz", + "/usr/share/doc/procps/README.Debian", + "/usr/share/doc/procps/TODO.gz", + "/usr/share/doc/procps/bugs.md", + "/usr/share/doc/procps/copyright", + "/usr/share/doc/procps/examples/sysctl.conf", + "/usr/share/lintian/overrides/procps", + "/usr/share/man/de/man1/w.1.gz", + "/usr/share/man/man1/free.1.gz", + "/usr/share/man/man1/kill.1.gz", + "/usr/share/man/man1/pgrep.1.gz", + "/usr/share/man/man1/pmap.1.gz", + "/usr/share/man/man1/procps.1.gz", + "/usr/share/man/man1/ps.1.gz", + "/usr/share/man/man1/pwdx.1.gz", + "/usr/share/man/man1/skill.1.gz", + "/usr/share/man/man1/slabtop.1.gz", + "/usr/share/man/man1/tload.1.gz", + "/usr/share/man/man1/top.1.gz", + "/usr/share/man/man1/uptime.1.gz", + "/usr/share/man/man1/w.procps.1.gz", + "/usr/share/man/man1/watch.1.gz", + "/usr/share/man/man3/openproc.3.gz", + "/usr/share/man/man3/readproc.3.gz", + "/usr/share/man/man3/readproctab.3.gz", + "/usr/share/man/man5/sysctl.conf.5.gz", + "/usr/share/man/man8/sysctl.8.gz", + "/usr/share/man/man8/vmstat.8.gz", + "/usr/share/menu/procps" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "psmisc@23.3-1", + "Name": "psmisc", + "Identifier": { + "PURL": "pkg:deb/ubuntu/psmisc@23.3-1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "d4b50a8f897d1f4" + }, + "Version": "23.3", + "Release": "1", + "Arch": "amd64", + "SrcName": "psmisc", + "SrcVersion": "23.3", + "SrcRelease": "1", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libselinux1@3.0-1build2", + "libtinfo6@6.2-0ubuntu2" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/bin/fuser", + "/usr/bin/killall", + "/usr/bin/peekfd", + "/usr/bin/prtstat", + "/usr/bin/pslog", + "/usr/bin/pstree", + "/usr/share/doc/psmisc/README.Debian", + "/usr/share/doc/psmisc/README.md", + "/usr/share/doc/psmisc/changelog.Debian.gz", + "/usr/share/doc/psmisc/copyright", + "/usr/share/man/man1/fuser.1.gz", + "/usr/share/man/man1/killall.1.gz", + "/usr/share/man/man1/peekfd.1.gz", + "/usr/share/man/man1/prtstat.1.gz", + "/usr/share/man/man1/pslog.1.gz", + "/usr/share/man/man1/pstree.1.gz", + "/usr/share/menu/psmisc", + "/usr/share/pixmaps/pstree16.xpm", + "/usr/share/pixmaps/pstree32.xpm" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "pwgen@2.08-2", + "Name": "pwgen", + "Identifier": { + "PURL": "pkg:deb/ubuntu/pwgen@2.08-2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "4a7a5c2fdec829c3" + }, + "Version": "2.08", + "Release": "2", + "Arch": "amd64", + "SrcName": "pwgen", + "SrcVersion": "2.08", + "SrcRelease": "2", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "InstalledFiles": [ + "/usr/bin/pwgen", + "/usr/share/doc/pwgen/changelog.Debian.gz", + "/usr/share/doc/pwgen/copyright", + "/usr/share/man/man1/pwgen.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "readline-common@8.0-4", + "Name": "readline-common", + "Identifier": { + "PURL": "pkg:deb/ubuntu/readline-common@8.0-4?arch=all\u0026distro=ubuntu-20.04", + "UID": "f219905ad569d7cb" + }, + "Version": "8.0", + "Release": "4", + "Arch": "all", + "SrcName": "readline", + "SrcVersion": "8.0", + "SrcRelease": "4", + "Licenses": [ + "GPL-3.0-only", + "GFDL-1.3-or-later" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "dpkg@1.19.7ubuntu3.2" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "InstalledFiles": [ + "/usr/share/doc/readline-common/changelog.Debian.gz", + "/usr/share/doc/readline-common/copyright", + "/usr/share/doc/readline-common/inputrc.arrows", + "/usr/share/info/rluserman.info.gz", + "/usr/share/lintian/overrides/readline-common", + "/usr/share/man/man3/history.3readline.gz", + "/usr/share/man/man3/readline.3readline.gz", + "/usr/share/readline/inputrc" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "rsync@3.1.3-8ubuntu0.5", + "Name": "rsync", + "Identifier": { + "PURL": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "9f4dd363bd033b68" + }, + "Version": "3.1.3", + "Release": "8ubuntu0.5", + "Arch": "amd64", + "SrcName": "rsync", + "SrcVersion": "3.1.3", + "SrcRelease": "8ubuntu0.5", + "Licenses": [ + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libacl1@2.2.53-6", + "libc6@2.31-0ubuntu9.9", + "libpopt0@1.16-14", + "lsb-base@11.1.0ubuntu2" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/lib/systemd/system/rsync.service", + "/usr/bin/rsync", + "/usr/share/doc/rsync/NEWS.Debian.gz", + "/usr/share/doc/rsync/README.Debian", + "/usr/share/doc/rsync/changelog.Debian.gz", + "/usr/share/doc/rsync/copyright", + "/usr/share/doc/rsync/examples/logrotate.conf.rsync", + "/usr/share/doc/rsync/examples/rsyncd.conf", + "/usr/share/lintian/overrides/rsync", + "/usr/share/man/man1/rsync.1.gz", + "/usr/share/man/man5/rsyncd.conf.5.gz", + "/usr/share/rsync/scripts/atomic-rsync", + "/usr/share/rsync/scripts/cull_options", + "/usr/share/rsync/scripts/cvs2includes", + "/usr/share/rsync/scripts/file-attr-restore", + "/usr/share/rsync/scripts/files-to-excludes", + "/usr/share/rsync/scripts/git-set-file-times", + "/usr/share/rsync/scripts/logfilter", + "/usr/share/rsync/scripts/lsh", + "/usr/share/rsync/scripts/mnt-excl", + "/usr/share/rsync/scripts/munge-symlinks", + "/usr/share/rsync/scripts/rrsync", + "/usr/share/rsync/scripts/rsyncstats" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "sed@4.7-1", + "Name": "sed", + "Identifier": { + "PURL": "pkg:deb/ubuntu/sed@4.7-1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "7b2d46e37a3b9f9f" + }, + "Version": "4.7", + "Release": "1", + "Arch": "amd64", + "SrcName": "sed", + "SrcVersion": "4.7", + "SrcRelease": "1", + "Licenses": [ + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/bin/sed", + "/usr/share/doc/sed/AUTHORS", + "/usr/share/doc/sed/BUGS.gz", + "/usr/share/doc/sed/NEWS.gz", + "/usr/share/doc/sed/README", + "/usr/share/doc/sed/THANKS.gz", + "/usr/share/doc/sed/changelog.Debian.gz", + "/usr/share/doc/sed/copyright", + "/usr/share/doc/sed/examples/dc.sed.gz", + "/usr/share/doc/sed/sedfaq.txt.gz", + "/usr/share/info/sed.info.gz", + "/usr/share/man/man1/sed.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "sensible-utils@0.0.12+nmu1", + "Name": "sensible-utils", + "Identifier": { + "PURL": "pkg:deb/ubuntu/sensible-utils@0.0.12%2Bnmu1?arch=all\u0026distro=ubuntu-20.04", + "UID": "ead6f16917c55499" + }, + "Version": "0.0.12+nmu1", + "Arch": "all", + "SrcName": "sensible-utils", + "SrcVersion": "0.0.12+nmu1", + "Licenses": [ + "GPL-2.0-or-later", + "All-permissive", + "configure", + "installsh", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/usr/bin/select-editor", + "/usr/bin/sensible-browser", + "/usr/bin/sensible-editor", + "/usr/bin/sensible-pager", + "/usr/lib/mime/packages/sensible-utils", + "/usr/share/doc/sensible-utils/changelog.gz", + "/usr/share/doc/sensible-utils/copyright", + "/usr/share/man/cs/man1/sensible-editor.1.gz", + "/usr/share/man/de/man1/sensible-editor.1.gz", + "/usr/share/man/es/man1/sensible-editor.1.gz", + "/usr/share/man/fr/man1/sensible-editor.1.gz", + "/usr/share/man/it/man1/sensible-editor.1.gz", + "/usr/share/man/ja/man1/sensible-editor.1.gz", + "/usr/share/man/man1/select-editor.1.gz", + "/usr/share/man/man1/sensible-browser.1.gz", + "/usr/share/man/man1/sensible-editor.1.gz", + "/usr/share/man/man1/sensible-pager.1.gz", + "/usr/share/man/pl/man1/sensible-editor.1.gz", + "/usr/share/man/pt/man1/sensible-editor.1.gz", + "/usr/share/sensible-utils/bin/gettext" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "socat@1.7.3.3-2", + "Name": "socat", + "Identifier": { + "PURL": "pkg:deb/ubuntu/socat@1.7.3.3-2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "5a107641e68652a2" + }, + "Version": "1.7.3.3", + "Release": "2", + "Arch": "amd64", + "SrcName": "socat", + "SrcVersion": "1.7.3.3", + "SrcRelease": "2", + "Licenses": [ + "GPL-2.0-only", + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libssl1.1@1.1.1f-1ubuntu2.17", + "libwrap0@7.6.q-30" + ], + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "InstalledFiles": [ + "/usr/bin/filan", + "/usr/bin/procan", + "/usr/bin/socat", + "/usr/share/doc-base/socat", + "/usr/share/doc/socat/BUGREPORTS", + "/usr/share/doc/socat/DEVELOPMENT.gz", + "/usr/share/doc/socat/EXAMPLES.gz", + "/usr/share/doc/socat/FAQ", + "/usr/share/doc/socat/NEWS.Debian.gz", + "/usr/share/doc/socat/PORTING", + "/usr/share/doc/socat/README.Debian", + "/usr/share/doc/socat/README.FIPS", + "/usr/share/doc/socat/README.gz", + "/usr/share/doc/socat/SECURITY", + "/usr/share/doc/socat/changelog.Debian.gz", + "/usr/share/doc/socat/copyright", + "/usr/share/doc/socat/dest-unreach.css", + "/usr/share/doc/socat/examples/daemon.sh", + "/usr/share/doc/socat/examples/ftp.sh", + "/usr/share/doc/socat/examples/mail.sh", + "/usr/share/doc/socat/examples/proxy.sh", + "/usr/share/doc/socat/examples/proxyecho.sh", + "/usr/share/doc/socat/examples/readline-test.sh", + "/usr/share/doc/socat/examples/readline.sh", + "/usr/share/doc/socat/examples/socks4a-echo.sh", + "/usr/share/doc/socat/examples/socks4echo.sh", + "/usr/share/doc/socat/examples/test.sh", + "/usr/share/doc/socat/index.html", + "/usr/share/doc/socat/socat-genericsocket.html", + "/usr/share/doc/socat/socat-multicast.html", + "/usr/share/doc/socat/socat-openssltunnel.html", + "/usr/share/doc/socat/socat-tun.html", + "/usr/share/doc/socat/socat.html", + "/usr/share/doc/socat/xio.help.gz", + "/usr/share/lintian/overrides/socat", + "/usr/share/man/man1/socat.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "sysvinit-utils@2.96-2.1ubuntu1", + "Name": "sysvinit-utils", + "Identifier": { + "PURL": "pkg:deb/ubuntu/sysvinit-utils@2.96-2.1ubuntu1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "4abc2fedcb9de463" + }, + "Version": "2.96", + "Release": "2.1ubuntu1", + "Arch": "amd64", + "SrcName": "sysvinit", + "SrcVersion": "2.96", + "SrcRelease": "2.1ubuntu1", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "init-system-helpers@1.57", + "libc6@2.31-0ubuntu9.9", + "lsb-base@11.1.0ubuntu2", + "util-linux@2.34-0.1ubuntu9.3" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/init/init-d-script", + "/lib/init/vars.sh", + "/sbin/fstab-decode", + "/sbin/killall5", + "/usr/share/doc/sysvinit-utils/copyright", + "/usr/share/man/man5/init-d-script.5.gz", + "/usr/share/man/man8/fstab-decode.8.gz", + "/usr/share/man/man8/killall5.8.gz", + "/usr/share/man/man8/pidof.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "tar@1.30+dfsg-7ubuntu0.20.04.3", + "Name": "tar", + "Identifier": { + "PURL": "pkg:deb/ubuntu/tar@1.30%2Bdfsg-7ubuntu0.20.04.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "9e3a2b3027b922ad" + }, + "Version": "1.30+dfsg", + "Release": "7ubuntu0.20.04.3", + "Arch": "amd64", + "SrcName": "tar", + "SrcVersion": "1.30+dfsg", + "SrcRelease": "7ubuntu0.20.04.3", + "Licenses": [ + "GPL-3.0-only", + "GPL-2.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/bin/tar", + "/usr/lib/mime/packages/tar", + "/usr/sbin/rmt-tar", + "/usr/sbin/tarcat", + "/usr/share/doc/tar/AUTHORS", + "/usr/share/doc/tar/NEWS.gz", + "/usr/share/doc/tar/README.Debian", + "/usr/share/doc/tar/THANKS.gz", + "/usr/share/doc/tar/changelog.Debian.gz", + "/usr/share/doc/tar/copyright", + "/usr/share/man/man1/tar.1.gz", + "/usr/share/man/man1/tarcat.1.gz", + "/usr/share/man/man8/rmt-tar.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "tzdata@2023c-0ubuntu0.20.04.0", + "Name": "tzdata", + "Identifier": { + "PURL": "pkg:deb/ubuntu/tzdata@2023c-0ubuntu0.20.04.0?arch=all\u0026distro=ubuntu-20.04", + "UID": "89e162f2934a9272" + }, + "Version": "2023c", + "Release": "0ubuntu0.20.04.0", + "Arch": "all", + "SrcName": "tzdata", + "SrcVersion": "2023c", + "SrcRelease": "0ubuntu0.20.04.0", + "Licenses": [ + "ICU" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.73" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "InstalledFiles": [ + "/usr/sbin/tzconfig", + "/usr/share/doc/tzdata/README.Debian", + "/usr/share/doc/tzdata/changelog.Debian.gz", + "/usr/share/doc/tzdata/copyright", + "/usr/share/zoneinfo-icu/44/be/metaZones.res", + "/usr/share/zoneinfo-icu/44/be/timezoneTypes.res", + "/usr/share/zoneinfo-icu/44/be/windowsZones.res", + "/usr/share/zoneinfo-icu/44/be/zoneinfo64.res", + "/usr/share/zoneinfo-icu/44/le/metaZones.res", + "/usr/share/zoneinfo-icu/44/le/timezoneTypes.res", + "/usr/share/zoneinfo-icu/44/le/windowsZones.res", + "/usr/share/zoneinfo-icu/44/le/zoneinfo64.res", + "/usr/share/zoneinfo/Africa/Abidjan", + "/usr/share/zoneinfo/Africa/Algiers", + "/usr/share/zoneinfo/Africa/Bissau", + "/usr/share/zoneinfo/Africa/Cairo", + "/usr/share/zoneinfo/Africa/Casablanca", + "/usr/share/zoneinfo/Africa/Ceuta", + "/usr/share/zoneinfo/Africa/El_Aaiun", + "/usr/share/zoneinfo/Africa/Johannesburg", + "/usr/share/zoneinfo/Africa/Juba", + "/usr/share/zoneinfo/Africa/Khartoum", + "/usr/share/zoneinfo/Africa/Lagos", + "/usr/share/zoneinfo/Africa/Maputo", + "/usr/share/zoneinfo/Africa/Monrovia", + "/usr/share/zoneinfo/Africa/Nairobi", + "/usr/share/zoneinfo/Africa/Ndjamena", + "/usr/share/zoneinfo/Africa/Sao_Tome", + "/usr/share/zoneinfo/Africa/Tripoli", + "/usr/share/zoneinfo/Africa/Tunis", + "/usr/share/zoneinfo/Africa/Windhoek", + "/usr/share/zoneinfo/America/Adak", + "/usr/share/zoneinfo/America/Anchorage", + "/usr/share/zoneinfo/America/Araguaina", + "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", + "/usr/share/zoneinfo/America/Argentina/Catamarca", + "/usr/share/zoneinfo/America/Argentina/Cordoba", + "/usr/share/zoneinfo/America/Argentina/Jujuy", + "/usr/share/zoneinfo/America/Argentina/La_Rioja", + "/usr/share/zoneinfo/America/Argentina/Mendoza", + "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", + "/usr/share/zoneinfo/America/Argentina/Salta", + "/usr/share/zoneinfo/America/Argentina/San_Juan", + "/usr/share/zoneinfo/America/Argentina/San_Luis", + "/usr/share/zoneinfo/America/Argentina/Tucuman", + "/usr/share/zoneinfo/America/Argentina/Ushuaia", + "/usr/share/zoneinfo/America/Asuncion", + "/usr/share/zoneinfo/America/Bahia", + "/usr/share/zoneinfo/America/Bahia_Banderas", + "/usr/share/zoneinfo/America/Barbados", + "/usr/share/zoneinfo/America/Belem", + "/usr/share/zoneinfo/America/Belize", + "/usr/share/zoneinfo/America/Boa_Vista", + "/usr/share/zoneinfo/America/Bogota", + "/usr/share/zoneinfo/America/Boise", + "/usr/share/zoneinfo/America/Cambridge_Bay", + "/usr/share/zoneinfo/America/Campo_Grande", + "/usr/share/zoneinfo/America/Cancun", + "/usr/share/zoneinfo/America/Caracas", + "/usr/share/zoneinfo/America/Cayenne", + "/usr/share/zoneinfo/America/Chicago", + "/usr/share/zoneinfo/America/Chihuahua", + "/usr/share/zoneinfo/America/Ciudad_Juarez", + "/usr/share/zoneinfo/America/Costa_Rica", + "/usr/share/zoneinfo/America/Cuiaba", + "/usr/share/zoneinfo/America/Danmarkshavn", + "/usr/share/zoneinfo/America/Dawson", + "/usr/share/zoneinfo/America/Dawson_Creek", + "/usr/share/zoneinfo/America/Denver", + "/usr/share/zoneinfo/America/Detroit", + "/usr/share/zoneinfo/America/Edmonton", + "/usr/share/zoneinfo/America/Eirunepe", + "/usr/share/zoneinfo/America/El_Salvador", + "/usr/share/zoneinfo/America/Fort_Nelson", + "/usr/share/zoneinfo/America/Fortaleza", + "/usr/share/zoneinfo/America/Glace_Bay", + "/usr/share/zoneinfo/America/Goose_Bay", + "/usr/share/zoneinfo/America/Grand_Turk", + "/usr/share/zoneinfo/America/Guatemala", + "/usr/share/zoneinfo/America/Guayaquil", + "/usr/share/zoneinfo/America/Guyana", + "/usr/share/zoneinfo/America/Halifax", + "/usr/share/zoneinfo/America/Havana", + "/usr/share/zoneinfo/America/Hermosillo", + "/usr/share/zoneinfo/America/Indiana/Indianapolis", + "/usr/share/zoneinfo/America/Indiana/Knox", + "/usr/share/zoneinfo/America/Indiana/Marengo", + "/usr/share/zoneinfo/America/Indiana/Petersburg", + "/usr/share/zoneinfo/America/Indiana/Tell_City", + "/usr/share/zoneinfo/America/Indiana/Vevay", + "/usr/share/zoneinfo/America/Indiana/Vincennes", + "/usr/share/zoneinfo/America/Indiana/Winamac", + "/usr/share/zoneinfo/America/Inuvik", + "/usr/share/zoneinfo/America/Iqaluit", + "/usr/share/zoneinfo/America/Jamaica", + "/usr/share/zoneinfo/America/Juneau", + "/usr/share/zoneinfo/America/Kentucky/Louisville", + "/usr/share/zoneinfo/America/Kentucky/Monticello", + "/usr/share/zoneinfo/America/La_Paz", + "/usr/share/zoneinfo/America/Lima", + "/usr/share/zoneinfo/America/Los_Angeles", + "/usr/share/zoneinfo/America/Maceio", + "/usr/share/zoneinfo/America/Managua", + "/usr/share/zoneinfo/America/Manaus", + "/usr/share/zoneinfo/America/Martinique", + "/usr/share/zoneinfo/America/Matamoros", + "/usr/share/zoneinfo/America/Mazatlan", + "/usr/share/zoneinfo/America/Menominee", + "/usr/share/zoneinfo/America/Merida", + "/usr/share/zoneinfo/America/Metlakatla", + "/usr/share/zoneinfo/America/Mexico_City", + "/usr/share/zoneinfo/America/Miquelon", + "/usr/share/zoneinfo/America/Moncton", + "/usr/share/zoneinfo/America/Monterrey", + "/usr/share/zoneinfo/America/Montevideo", + "/usr/share/zoneinfo/America/New_York", + "/usr/share/zoneinfo/America/Nome", + "/usr/share/zoneinfo/America/Noronha", + "/usr/share/zoneinfo/America/North_Dakota/Beulah", + "/usr/share/zoneinfo/America/North_Dakota/Center", + "/usr/share/zoneinfo/America/North_Dakota/New_Salem", + "/usr/share/zoneinfo/America/Nuuk", + "/usr/share/zoneinfo/America/Ojinaga", + "/usr/share/zoneinfo/America/Panama", + "/usr/share/zoneinfo/America/Paramaribo", + "/usr/share/zoneinfo/America/Phoenix", + "/usr/share/zoneinfo/America/Port-au-Prince", + "/usr/share/zoneinfo/America/Porto_Velho", + "/usr/share/zoneinfo/America/Puerto_Rico", + "/usr/share/zoneinfo/America/Punta_Arenas", + "/usr/share/zoneinfo/America/Rankin_Inlet", + "/usr/share/zoneinfo/America/Recife", + "/usr/share/zoneinfo/America/Regina", + "/usr/share/zoneinfo/America/Resolute", + "/usr/share/zoneinfo/America/Rio_Branco", + "/usr/share/zoneinfo/America/Santarem", + "/usr/share/zoneinfo/America/Santiago", + "/usr/share/zoneinfo/America/Santo_Domingo", + "/usr/share/zoneinfo/America/Sao_Paulo", + "/usr/share/zoneinfo/America/Scoresbysund", + "/usr/share/zoneinfo/America/Sitka", + "/usr/share/zoneinfo/America/St_Johns", + "/usr/share/zoneinfo/America/Swift_Current", + "/usr/share/zoneinfo/America/Tegucigalpa", + "/usr/share/zoneinfo/America/Thule", + "/usr/share/zoneinfo/America/Tijuana", + "/usr/share/zoneinfo/America/Toronto", + "/usr/share/zoneinfo/America/Vancouver", + "/usr/share/zoneinfo/America/Whitehorse", + "/usr/share/zoneinfo/America/Winnipeg", + "/usr/share/zoneinfo/America/Yakutat", + "/usr/share/zoneinfo/Antarctica/Casey", + "/usr/share/zoneinfo/Antarctica/Davis", + "/usr/share/zoneinfo/Antarctica/Macquarie", + "/usr/share/zoneinfo/Antarctica/Mawson", + "/usr/share/zoneinfo/Antarctica/Palmer", + "/usr/share/zoneinfo/Antarctica/Rothera", + "/usr/share/zoneinfo/Antarctica/Troll", + "/usr/share/zoneinfo/Asia/Almaty", + "/usr/share/zoneinfo/Asia/Amman", + "/usr/share/zoneinfo/Asia/Anadyr", + "/usr/share/zoneinfo/Asia/Aqtau", + "/usr/share/zoneinfo/Asia/Aqtobe", + "/usr/share/zoneinfo/Asia/Ashgabat", + "/usr/share/zoneinfo/Asia/Atyrau", + "/usr/share/zoneinfo/Asia/Baghdad", + "/usr/share/zoneinfo/Asia/Baku", + "/usr/share/zoneinfo/Asia/Bangkok", + "/usr/share/zoneinfo/Asia/Barnaul", + "/usr/share/zoneinfo/Asia/Beirut", + "/usr/share/zoneinfo/Asia/Bishkek", + "/usr/share/zoneinfo/Asia/Chita", + "/usr/share/zoneinfo/Asia/Choibalsan", + "/usr/share/zoneinfo/Asia/Colombo", + "/usr/share/zoneinfo/Asia/Damascus", + "/usr/share/zoneinfo/Asia/Dhaka", + "/usr/share/zoneinfo/Asia/Dili", + "/usr/share/zoneinfo/Asia/Dubai", + "/usr/share/zoneinfo/Asia/Dushanbe", + "/usr/share/zoneinfo/Asia/Famagusta", + "/usr/share/zoneinfo/Asia/Gaza", + "/usr/share/zoneinfo/Asia/Hebron", + "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", + "/usr/share/zoneinfo/Asia/Hong_Kong", + "/usr/share/zoneinfo/Asia/Hovd", + "/usr/share/zoneinfo/Asia/Irkutsk", + "/usr/share/zoneinfo/Asia/Jakarta", + "/usr/share/zoneinfo/Asia/Jayapura", + "/usr/share/zoneinfo/Asia/Jerusalem", + "/usr/share/zoneinfo/Asia/Kabul", + "/usr/share/zoneinfo/Asia/Kamchatka", + "/usr/share/zoneinfo/Asia/Karachi", + "/usr/share/zoneinfo/Asia/Kathmandu", + "/usr/share/zoneinfo/Asia/Khandyga", + "/usr/share/zoneinfo/Asia/Kolkata", + "/usr/share/zoneinfo/Asia/Krasnoyarsk", + "/usr/share/zoneinfo/Asia/Kuching", + "/usr/share/zoneinfo/Asia/Macau", + "/usr/share/zoneinfo/Asia/Magadan", + "/usr/share/zoneinfo/Asia/Makassar", + "/usr/share/zoneinfo/Asia/Manila", + "/usr/share/zoneinfo/Asia/Nicosia", + "/usr/share/zoneinfo/Asia/Novokuznetsk", + "/usr/share/zoneinfo/Asia/Novosibirsk", + "/usr/share/zoneinfo/Asia/Omsk", + "/usr/share/zoneinfo/Asia/Oral", + "/usr/share/zoneinfo/Asia/Pontianak", + "/usr/share/zoneinfo/Asia/Pyongyang", + "/usr/share/zoneinfo/Asia/Qatar", + "/usr/share/zoneinfo/Asia/Qostanay", + "/usr/share/zoneinfo/Asia/Qyzylorda", + "/usr/share/zoneinfo/Asia/Riyadh", + "/usr/share/zoneinfo/Asia/Sakhalin", + "/usr/share/zoneinfo/Asia/Samarkand", + "/usr/share/zoneinfo/Asia/Seoul", + "/usr/share/zoneinfo/Asia/Shanghai", + "/usr/share/zoneinfo/Asia/Singapore", + "/usr/share/zoneinfo/Asia/Srednekolymsk", + "/usr/share/zoneinfo/Asia/Taipei", + "/usr/share/zoneinfo/Asia/Tashkent", + "/usr/share/zoneinfo/Asia/Tbilisi", + "/usr/share/zoneinfo/Asia/Tehran", + "/usr/share/zoneinfo/Asia/Thimphu", + "/usr/share/zoneinfo/Asia/Tokyo", + "/usr/share/zoneinfo/Asia/Tomsk", + "/usr/share/zoneinfo/Asia/Ulaanbaatar", + "/usr/share/zoneinfo/Asia/Urumqi", + "/usr/share/zoneinfo/Asia/Ust-Nera", + "/usr/share/zoneinfo/Asia/Vladivostok", + "/usr/share/zoneinfo/Asia/Yakutsk", + "/usr/share/zoneinfo/Asia/Yangon", + "/usr/share/zoneinfo/Asia/Yekaterinburg", + "/usr/share/zoneinfo/Asia/Yerevan", + "/usr/share/zoneinfo/Atlantic/Azores", + "/usr/share/zoneinfo/Atlantic/Bermuda", + "/usr/share/zoneinfo/Atlantic/Canary", + "/usr/share/zoneinfo/Atlantic/Cape_Verde", + "/usr/share/zoneinfo/Atlantic/Faroe", + "/usr/share/zoneinfo/Atlantic/Madeira", + "/usr/share/zoneinfo/Atlantic/South_Georgia", + "/usr/share/zoneinfo/Atlantic/Stanley", + "/usr/share/zoneinfo/Australia/Adelaide", + "/usr/share/zoneinfo/Australia/Brisbane", + "/usr/share/zoneinfo/Australia/Broken_Hill", + "/usr/share/zoneinfo/Australia/Darwin", + "/usr/share/zoneinfo/Australia/Eucla", + "/usr/share/zoneinfo/Australia/Hobart", + "/usr/share/zoneinfo/Australia/Lindeman", + "/usr/share/zoneinfo/Australia/Lord_Howe", + "/usr/share/zoneinfo/Australia/Melbourne", + "/usr/share/zoneinfo/Australia/Perth", + "/usr/share/zoneinfo/Australia/Sydney", + "/usr/share/zoneinfo/CET", + "/usr/share/zoneinfo/CST6CDT", + "/usr/share/zoneinfo/EET", + "/usr/share/zoneinfo/EST", + "/usr/share/zoneinfo/EST5EDT", + "/usr/share/zoneinfo/Etc/GMT", + "/usr/share/zoneinfo/Etc/GMT+1", + "/usr/share/zoneinfo/Etc/GMT+10", + "/usr/share/zoneinfo/Etc/GMT+11", + "/usr/share/zoneinfo/Etc/GMT+12", + "/usr/share/zoneinfo/Etc/GMT+2", + "/usr/share/zoneinfo/Etc/GMT+3", + "/usr/share/zoneinfo/Etc/GMT+4", + "/usr/share/zoneinfo/Etc/GMT+5", + "/usr/share/zoneinfo/Etc/GMT+6", + "/usr/share/zoneinfo/Etc/GMT+7", + "/usr/share/zoneinfo/Etc/GMT+8", + "/usr/share/zoneinfo/Etc/GMT+9", + "/usr/share/zoneinfo/Etc/GMT-1", + "/usr/share/zoneinfo/Etc/GMT-10", + "/usr/share/zoneinfo/Etc/GMT-11", + "/usr/share/zoneinfo/Etc/GMT-12", + "/usr/share/zoneinfo/Etc/GMT-13", + "/usr/share/zoneinfo/Etc/GMT-14", + "/usr/share/zoneinfo/Etc/GMT-2", + "/usr/share/zoneinfo/Etc/GMT-3", + "/usr/share/zoneinfo/Etc/GMT-4", + "/usr/share/zoneinfo/Etc/GMT-5", + "/usr/share/zoneinfo/Etc/GMT-6", + "/usr/share/zoneinfo/Etc/GMT-7", + "/usr/share/zoneinfo/Etc/GMT-8", + "/usr/share/zoneinfo/Etc/GMT-9", + "/usr/share/zoneinfo/Etc/UTC", + "/usr/share/zoneinfo/Europe/Andorra", + "/usr/share/zoneinfo/Europe/Astrakhan", + "/usr/share/zoneinfo/Europe/Athens", + "/usr/share/zoneinfo/Europe/Belgrade", + "/usr/share/zoneinfo/Europe/Berlin", + "/usr/share/zoneinfo/Europe/Brussels", + "/usr/share/zoneinfo/Europe/Bucharest", + "/usr/share/zoneinfo/Europe/Budapest", + "/usr/share/zoneinfo/Europe/Chisinau", + "/usr/share/zoneinfo/Europe/Dublin", + "/usr/share/zoneinfo/Europe/Gibraltar", + "/usr/share/zoneinfo/Europe/Helsinki", + "/usr/share/zoneinfo/Europe/Istanbul", + "/usr/share/zoneinfo/Europe/Kaliningrad", + "/usr/share/zoneinfo/Europe/Kirov", + "/usr/share/zoneinfo/Europe/Kyiv", + "/usr/share/zoneinfo/Europe/Lisbon", + "/usr/share/zoneinfo/Europe/London", + "/usr/share/zoneinfo/Europe/Madrid", + "/usr/share/zoneinfo/Europe/Malta", + "/usr/share/zoneinfo/Europe/Minsk", + "/usr/share/zoneinfo/Europe/Moscow", + "/usr/share/zoneinfo/Europe/Paris", + "/usr/share/zoneinfo/Europe/Prague", + "/usr/share/zoneinfo/Europe/Riga", + "/usr/share/zoneinfo/Europe/Rome", + "/usr/share/zoneinfo/Europe/Samara", + "/usr/share/zoneinfo/Europe/Saratov", + "/usr/share/zoneinfo/Europe/Simferopol", + "/usr/share/zoneinfo/Europe/Sofia", + "/usr/share/zoneinfo/Europe/Tallinn", + "/usr/share/zoneinfo/Europe/Tirane", + "/usr/share/zoneinfo/Europe/Ulyanovsk", + "/usr/share/zoneinfo/Europe/Vienna", + "/usr/share/zoneinfo/Europe/Vilnius", + "/usr/share/zoneinfo/Europe/Volgograd", + "/usr/share/zoneinfo/Europe/Warsaw", + "/usr/share/zoneinfo/Europe/Zurich", + "/usr/share/zoneinfo/Factory", + "/usr/share/zoneinfo/HST", + "/usr/share/zoneinfo/Indian/Chagos", + "/usr/share/zoneinfo/Indian/Maldives", + "/usr/share/zoneinfo/Indian/Mauritius", + "/usr/share/zoneinfo/MET", + "/usr/share/zoneinfo/MST", + "/usr/share/zoneinfo/MST7MDT", + "/usr/share/zoneinfo/PST8PDT", + "/usr/share/zoneinfo/Pacific/Apia", + "/usr/share/zoneinfo/Pacific/Auckland", + "/usr/share/zoneinfo/Pacific/Bougainville", + "/usr/share/zoneinfo/Pacific/Chatham", + "/usr/share/zoneinfo/Pacific/Easter", + "/usr/share/zoneinfo/Pacific/Efate", + "/usr/share/zoneinfo/Pacific/Fakaofo", + "/usr/share/zoneinfo/Pacific/Fiji", + "/usr/share/zoneinfo/Pacific/Galapagos", + "/usr/share/zoneinfo/Pacific/Gambier", + "/usr/share/zoneinfo/Pacific/Guadalcanal", + "/usr/share/zoneinfo/Pacific/Guam", + "/usr/share/zoneinfo/Pacific/Honolulu", + "/usr/share/zoneinfo/Pacific/Kanton", + "/usr/share/zoneinfo/Pacific/Kiritimati", + "/usr/share/zoneinfo/Pacific/Kosrae", + "/usr/share/zoneinfo/Pacific/Kwajalein", + "/usr/share/zoneinfo/Pacific/Marquesas", + "/usr/share/zoneinfo/Pacific/Nauru", + "/usr/share/zoneinfo/Pacific/Niue", + "/usr/share/zoneinfo/Pacific/Norfolk", + "/usr/share/zoneinfo/Pacific/Noumea", + "/usr/share/zoneinfo/Pacific/Pago_Pago", + "/usr/share/zoneinfo/Pacific/Palau", + "/usr/share/zoneinfo/Pacific/Pitcairn", + "/usr/share/zoneinfo/Pacific/Port_Moresby", + "/usr/share/zoneinfo/Pacific/Rarotonga", + "/usr/share/zoneinfo/Pacific/Tahiti", + "/usr/share/zoneinfo/Pacific/Tarawa", + "/usr/share/zoneinfo/Pacific/Tongatapu", + "/usr/share/zoneinfo/WET", + "/usr/share/zoneinfo/iso3166.tab", + "/usr/share/zoneinfo/leap-seconds.list", + "/usr/share/zoneinfo/leapseconds", + "/usr/share/zoneinfo/posix/Africa/Abidjan", + "/usr/share/zoneinfo/posix/Africa/Algiers", + "/usr/share/zoneinfo/posix/Africa/Bissau", + "/usr/share/zoneinfo/posix/Africa/Cairo", + "/usr/share/zoneinfo/posix/Africa/Casablanca", + "/usr/share/zoneinfo/posix/Africa/Ceuta", + "/usr/share/zoneinfo/posix/Africa/El_Aaiun", + "/usr/share/zoneinfo/posix/Africa/Johannesburg", + "/usr/share/zoneinfo/posix/Africa/Juba", + "/usr/share/zoneinfo/posix/Africa/Khartoum", + "/usr/share/zoneinfo/posix/Africa/Lagos", + "/usr/share/zoneinfo/posix/Africa/Maputo", + "/usr/share/zoneinfo/posix/Africa/Monrovia", + "/usr/share/zoneinfo/posix/Africa/Nairobi", + "/usr/share/zoneinfo/posix/Africa/Ndjamena", + "/usr/share/zoneinfo/posix/Africa/Sao_Tome", + "/usr/share/zoneinfo/posix/Africa/Tripoli", + "/usr/share/zoneinfo/posix/Africa/Tunis", + "/usr/share/zoneinfo/posix/Africa/Windhoek", + "/usr/share/zoneinfo/posix/America/Adak", + "/usr/share/zoneinfo/posix/America/Anchorage", + "/usr/share/zoneinfo/posix/America/Araguaina", + "/usr/share/zoneinfo/posix/America/Argentina/Buenos_Aires", + "/usr/share/zoneinfo/posix/America/Argentina/Catamarca", + "/usr/share/zoneinfo/posix/America/Argentina/Cordoba", + "/usr/share/zoneinfo/posix/America/Argentina/Jujuy", + "/usr/share/zoneinfo/posix/America/Argentina/La_Rioja", + "/usr/share/zoneinfo/posix/America/Argentina/Mendoza", + "/usr/share/zoneinfo/posix/America/Argentina/Rio_Gallegos", + "/usr/share/zoneinfo/posix/America/Argentina/Salta", + "/usr/share/zoneinfo/posix/America/Argentina/San_Juan", + "/usr/share/zoneinfo/posix/America/Argentina/San_Luis", + "/usr/share/zoneinfo/posix/America/Argentina/Tucuman", + "/usr/share/zoneinfo/posix/America/Argentina/Ushuaia", + "/usr/share/zoneinfo/posix/America/Asuncion", + "/usr/share/zoneinfo/posix/America/Bahia", + "/usr/share/zoneinfo/posix/America/Bahia_Banderas", + "/usr/share/zoneinfo/posix/America/Barbados", + "/usr/share/zoneinfo/posix/America/Belem", + "/usr/share/zoneinfo/posix/America/Belize", + "/usr/share/zoneinfo/posix/America/Boa_Vista", + "/usr/share/zoneinfo/posix/America/Bogota", + "/usr/share/zoneinfo/posix/America/Boise", + "/usr/share/zoneinfo/posix/America/Cambridge_Bay", + "/usr/share/zoneinfo/posix/America/Campo_Grande", + "/usr/share/zoneinfo/posix/America/Cancun", + "/usr/share/zoneinfo/posix/America/Caracas", + "/usr/share/zoneinfo/posix/America/Cayenne", + "/usr/share/zoneinfo/posix/America/Chicago", + "/usr/share/zoneinfo/posix/America/Chihuahua", + "/usr/share/zoneinfo/posix/America/Ciudad_Juarez", + "/usr/share/zoneinfo/posix/America/Costa_Rica", + "/usr/share/zoneinfo/posix/America/Cuiaba", + "/usr/share/zoneinfo/posix/America/Danmarkshavn", + "/usr/share/zoneinfo/posix/America/Dawson", + "/usr/share/zoneinfo/posix/America/Dawson_Creek", + "/usr/share/zoneinfo/posix/America/Denver", + "/usr/share/zoneinfo/posix/America/Detroit", + "/usr/share/zoneinfo/posix/America/Edmonton", + "/usr/share/zoneinfo/posix/America/Eirunepe", + "/usr/share/zoneinfo/posix/America/El_Salvador", + "/usr/share/zoneinfo/posix/America/Fort_Nelson", + "/usr/share/zoneinfo/posix/America/Fortaleza", + "/usr/share/zoneinfo/posix/America/Glace_Bay", + "/usr/share/zoneinfo/posix/America/Goose_Bay", + "/usr/share/zoneinfo/posix/America/Grand_Turk", + "/usr/share/zoneinfo/posix/America/Guatemala", + "/usr/share/zoneinfo/posix/America/Guayaquil", + "/usr/share/zoneinfo/posix/America/Guyana", + "/usr/share/zoneinfo/posix/America/Halifax", + "/usr/share/zoneinfo/posix/America/Havana", + "/usr/share/zoneinfo/posix/America/Hermosillo", + "/usr/share/zoneinfo/posix/America/Indiana/Indianapolis", + "/usr/share/zoneinfo/posix/America/Indiana/Knox", + "/usr/share/zoneinfo/posix/America/Indiana/Marengo", + "/usr/share/zoneinfo/posix/America/Indiana/Petersburg", + "/usr/share/zoneinfo/posix/America/Indiana/Tell_City", + "/usr/share/zoneinfo/posix/America/Indiana/Vevay", + "/usr/share/zoneinfo/posix/America/Indiana/Vincennes", + "/usr/share/zoneinfo/posix/America/Indiana/Winamac", + "/usr/share/zoneinfo/posix/America/Inuvik", + "/usr/share/zoneinfo/posix/America/Iqaluit", + "/usr/share/zoneinfo/posix/America/Jamaica", + "/usr/share/zoneinfo/posix/America/Juneau", + "/usr/share/zoneinfo/posix/America/Kentucky/Louisville", + "/usr/share/zoneinfo/posix/America/Kentucky/Monticello", + "/usr/share/zoneinfo/posix/America/La_Paz", + "/usr/share/zoneinfo/posix/America/Lima", + "/usr/share/zoneinfo/posix/America/Los_Angeles", + "/usr/share/zoneinfo/posix/America/Maceio", + "/usr/share/zoneinfo/posix/America/Managua", + "/usr/share/zoneinfo/posix/America/Manaus", + "/usr/share/zoneinfo/posix/America/Martinique", + "/usr/share/zoneinfo/posix/America/Matamoros", + "/usr/share/zoneinfo/posix/America/Mazatlan", + "/usr/share/zoneinfo/posix/America/Menominee", + "/usr/share/zoneinfo/posix/America/Merida", + "/usr/share/zoneinfo/posix/America/Metlakatla", + "/usr/share/zoneinfo/posix/America/Mexico_City", + "/usr/share/zoneinfo/posix/America/Miquelon", + "/usr/share/zoneinfo/posix/America/Moncton", + "/usr/share/zoneinfo/posix/America/Monterrey", + "/usr/share/zoneinfo/posix/America/Montevideo", + "/usr/share/zoneinfo/posix/America/New_York", + "/usr/share/zoneinfo/posix/America/Nome", + "/usr/share/zoneinfo/posix/America/Noronha", + "/usr/share/zoneinfo/posix/America/North_Dakota/Beulah", + "/usr/share/zoneinfo/posix/America/North_Dakota/Center", + "/usr/share/zoneinfo/posix/America/North_Dakota/New_Salem", + "/usr/share/zoneinfo/posix/America/Nuuk", + "/usr/share/zoneinfo/posix/America/Ojinaga", + "/usr/share/zoneinfo/posix/America/Panama", + "/usr/share/zoneinfo/posix/America/Paramaribo", + "/usr/share/zoneinfo/posix/America/Phoenix", + "/usr/share/zoneinfo/posix/America/Port-au-Prince", + "/usr/share/zoneinfo/posix/America/Porto_Velho", + "/usr/share/zoneinfo/posix/America/Puerto_Rico", + "/usr/share/zoneinfo/posix/America/Punta_Arenas", + "/usr/share/zoneinfo/posix/America/Rankin_Inlet", + "/usr/share/zoneinfo/posix/America/Recife", + "/usr/share/zoneinfo/posix/America/Regina", + "/usr/share/zoneinfo/posix/America/Resolute", + "/usr/share/zoneinfo/posix/America/Rio_Branco", + "/usr/share/zoneinfo/posix/America/Santarem", + "/usr/share/zoneinfo/posix/America/Santiago", + "/usr/share/zoneinfo/posix/America/Santo_Domingo", + "/usr/share/zoneinfo/posix/America/Sao_Paulo", + "/usr/share/zoneinfo/posix/America/Scoresbysund", + "/usr/share/zoneinfo/posix/America/Sitka", + "/usr/share/zoneinfo/posix/America/St_Johns", + "/usr/share/zoneinfo/posix/America/Swift_Current", + "/usr/share/zoneinfo/posix/America/Tegucigalpa", + "/usr/share/zoneinfo/posix/America/Thule", + "/usr/share/zoneinfo/posix/America/Tijuana", + "/usr/share/zoneinfo/posix/America/Toronto", + "/usr/share/zoneinfo/posix/America/Vancouver", + "/usr/share/zoneinfo/posix/America/Whitehorse", + "/usr/share/zoneinfo/posix/America/Winnipeg", + "/usr/share/zoneinfo/posix/America/Yakutat", + "/usr/share/zoneinfo/posix/Antarctica/Casey", + "/usr/share/zoneinfo/posix/Antarctica/Davis", + "/usr/share/zoneinfo/posix/Antarctica/Macquarie", + "/usr/share/zoneinfo/posix/Antarctica/Mawson", + "/usr/share/zoneinfo/posix/Antarctica/Palmer", + "/usr/share/zoneinfo/posix/Antarctica/Rothera", + "/usr/share/zoneinfo/posix/Antarctica/Troll", + "/usr/share/zoneinfo/posix/Asia/Almaty", + "/usr/share/zoneinfo/posix/Asia/Amman", + "/usr/share/zoneinfo/posix/Asia/Anadyr", + "/usr/share/zoneinfo/posix/Asia/Aqtau", + "/usr/share/zoneinfo/posix/Asia/Aqtobe", + "/usr/share/zoneinfo/posix/Asia/Ashgabat", + "/usr/share/zoneinfo/posix/Asia/Atyrau", + "/usr/share/zoneinfo/posix/Asia/Baghdad", + "/usr/share/zoneinfo/posix/Asia/Baku", + "/usr/share/zoneinfo/posix/Asia/Bangkok", + "/usr/share/zoneinfo/posix/Asia/Barnaul", + "/usr/share/zoneinfo/posix/Asia/Beirut", + "/usr/share/zoneinfo/posix/Asia/Bishkek", + "/usr/share/zoneinfo/posix/Asia/Chita", + "/usr/share/zoneinfo/posix/Asia/Choibalsan", + "/usr/share/zoneinfo/posix/Asia/Colombo", + "/usr/share/zoneinfo/posix/Asia/Damascus", + "/usr/share/zoneinfo/posix/Asia/Dhaka", + "/usr/share/zoneinfo/posix/Asia/Dili", + "/usr/share/zoneinfo/posix/Asia/Dubai", + "/usr/share/zoneinfo/posix/Asia/Dushanbe", + "/usr/share/zoneinfo/posix/Asia/Famagusta", + "/usr/share/zoneinfo/posix/Asia/Gaza", + "/usr/share/zoneinfo/posix/Asia/Hebron", + "/usr/share/zoneinfo/posix/Asia/Ho_Chi_Minh", + "/usr/share/zoneinfo/posix/Asia/Hong_Kong", + "/usr/share/zoneinfo/posix/Asia/Hovd", + "/usr/share/zoneinfo/posix/Asia/Irkutsk", + "/usr/share/zoneinfo/posix/Asia/Jakarta", + "/usr/share/zoneinfo/posix/Asia/Jayapura", + "/usr/share/zoneinfo/posix/Asia/Jerusalem", + "/usr/share/zoneinfo/posix/Asia/Kabul", + "/usr/share/zoneinfo/posix/Asia/Kamchatka", + "/usr/share/zoneinfo/posix/Asia/Karachi", + "/usr/share/zoneinfo/posix/Asia/Kathmandu", + "/usr/share/zoneinfo/posix/Asia/Khandyga", + "/usr/share/zoneinfo/posix/Asia/Kolkata", + "/usr/share/zoneinfo/posix/Asia/Krasnoyarsk", + "/usr/share/zoneinfo/posix/Asia/Kuching", + "/usr/share/zoneinfo/posix/Asia/Macau", + "/usr/share/zoneinfo/posix/Asia/Magadan", + "/usr/share/zoneinfo/posix/Asia/Makassar", + "/usr/share/zoneinfo/posix/Asia/Manila", + "/usr/share/zoneinfo/posix/Asia/Nicosia", + "/usr/share/zoneinfo/posix/Asia/Novokuznetsk", + "/usr/share/zoneinfo/posix/Asia/Novosibirsk", + "/usr/share/zoneinfo/posix/Asia/Omsk", + "/usr/share/zoneinfo/posix/Asia/Oral", + "/usr/share/zoneinfo/posix/Asia/Pontianak", + "/usr/share/zoneinfo/posix/Asia/Pyongyang", + "/usr/share/zoneinfo/posix/Asia/Qatar", + "/usr/share/zoneinfo/posix/Asia/Qostanay", + "/usr/share/zoneinfo/posix/Asia/Qyzylorda", + "/usr/share/zoneinfo/posix/Asia/Riyadh", + "/usr/share/zoneinfo/posix/Asia/Sakhalin", + "/usr/share/zoneinfo/posix/Asia/Samarkand", + "/usr/share/zoneinfo/posix/Asia/Seoul", + "/usr/share/zoneinfo/posix/Asia/Shanghai", + "/usr/share/zoneinfo/posix/Asia/Singapore", + "/usr/share/zoneinfo/posix/Asia/Srednekolymsk", + "/usr/share/zoneinfo/posix/Asia/Taipei", + "/usr/share/zoneinfo/posix/Asia/Tashkent", + "/usr/share/zoneinfo/posix/Asia/Tbilisi", + "/usr/share/zoneinfo/posix/Asia/Tehran", + "/usr/share/zoneinfo/posix/Asia/Thimphu", + "/usr/share/zoneinfo/posix/Asia/Tokyo", + "/usr/share/zoneinfo/posix/Asia/Tomsk", + "/usr/share/zoneinfo/posix/Asia/Ulaanbaatar", + "/usr/share/zoneinfo/posix/Asia/Urumqi", + "/usr/share/zoneinfo/posix/Asia/Ust-Nera", + "/usr/share/zoneinfo/posix/Asia/Vladivostok", + "/usr/share/zoneinfo/posix/Asia/Yakutsk", + "/usr/share/zoneinfo/posix/Asia/Yangon", + "/usr/share/zoneinfo/posix/Asia/Yekaterinburg", + "/usr/share/zoneinfo/posix/Asia/Yerevan", + "/usr/share/zoneinfo/posix/Atlantic/Azores", + "/usr/share/zoneinfo/posix/Atlantic/Bermuda", + "/usr/share/zoneinfo/posix/Atlantic/Canary", + "/usr/share/zoneinfo/posix/Atlantic/Cape_Verde", + "/usr/share/zoneinfo/posix/Atlantic/Faroe", + "/usr/share/zoneinfo/posix/Atlantic/Madeira", + "/usr/share/zoneinfo/posix/Atlantic/South_Georgia", + "/usr/share/zoneinfo/posix/Atlantic/Stanley", + "/usr/share/zoneinfo/posix/Australia/Adelaide", + "/usr/share/zoneinfo/posix/Australia/Brisbane", + "/usr/share/zoneinfo/posix/Australia/Broken_Hill", + "/usr/share/zoneinfo/posix/Australia/Darwin", + "/usr/share/zoneinfo/posix/Australia/Eucla", + "/usr/share/zoneinfo/posix/Australia/Hobart", + "/usr/share/zoneinfo/posix/Australia/Lindeman", + "/usr/share/zoneinfo/posix/Australia/Lord_Howe", + "/usr/share/zoneinfo/posix/Australia/Melbourne", + "/usr/share/zoneinfo/posix/Australia/Perth", + "/usr/share/zoneinfo/posix/Australia/Sydney", + "/usr/share/zoneinfo/posix/CET", + "/usr/share/zoneinfo/posix/CST6CDT", + "/usr/share/zoneinfo/posix/EET", + "/usr/share/zoneinfo/posix/EST", + "/usr/share/zoneinfo/posix/EST5EDT", + "/usr/share/zoneinfo/posix/Etc/GMT", + "/usr/share/zoneinfo/posix/Etc/GMT+1", + "/usr/share/zoneinfo/posix/Etc/GMT+10", + "/usr/share/zoneinfo/posix/Etc/GMT+11", + "/usr/share/zoneinfo/posix/Etc/GMT+12", + "/usr/share/zoneinfo/posix/Etc/GMT+2", + "/usr/share/zoneinfo/posix/Etc/GMT+3", + "/usr/share/zoneinfo/posix/Etc/GMT+4", + "/usr/share/zoneinfo/posix/Etc/GMT+5", + "/usr/share/zoneinfo/posix/Etc/GMT+6", + "/usr/share/zoneinfo/posix/Etc/GMT+7", + "/usr/share/zoneinfo/posix/Etc/GMT+8", + "/usr/share/zoneinfo/posix/Etc/GMT+9", + "/usr/share/zoneinfo/posix/Etc/GMT-1", + "/usr/share/zoneinfo/posix/Etc/GMT-10", + "/usr/share/zoneinfo/posix/Etc/GMT-11", + "/usr/share/zoneinfo/posix/Etc/GMT-12", + "/usr/share/zoneinfo/posix/Etc/GMT-13", + "/usr/share/zoneinfo/posix/Etc/GMT-14", + "/usr/share/zoneinfo/posix/Etc/GMT-2", + "/usr/share/zoneinfo/posix/Etc/GMT-3", + "/usr/share/zoneinfo/posix/Etc/GMT-4", + "/usr/share/zoneinfo/posix/Etc/GMT-5", + "/usr/share/zoneinfo/posix/Etc/GMT-6", + "/usr/share/zoneinfo/posix/Etc/GMT-7", + "/usr/share/zoneinfo/posix/Etc/GMT-8", + "/usr/share/zoneinfo/posix/Etc/GMT-9", + "/usr/share/zoneinfo/posix/Etc/UTC", + "/usr/share/zoneinfo/posix/Europe/Andorra", + "/usr/share/zoneinfo/posix/Europe/Astrakhan", + "/usr/share/zoneinfo/posix/Europe/Athens", + "/usr/share/zoneinfo/posix/Europe/Belgrade", + "/usr/share/zoneinfo/posix/Europe/Berlin", + "/usr/share/zoneinfo/posix/Europe/Brussels", + "/usr/share/zoneinfo/posix/Europe/Bucharest", + "/usr/share/zoneinfo/posix/Europe/Budapest", + "/usr/share/zoneinfo/posix/Europe/Chisinau", + "/usr/share/zoneinfo/posix/Europe/Dublin", + "/usr/share/zoneinfo/posix/Europe/Gibraltar", + "/usr/share/zoneinfo/posix/Europe/Helsinki", + "/usr/share/zoneinfo/posix/Europe/Istanbul", + "/usr/share/zoneinfo/posix/Europe/Kaliningrad", + "/usr/share/zoneinfo/posix/Europe/Kirov", + "/usr/share/zoneinfo/posix/Europe/Kyiv", + "/usr/share/zoneinfo/posix/Europe/Lisbon", + "/usr/share/zoneinfo/posix/Europe/London", + "/usr/share/zoneinfo/posix/Europe/Madrid", + "/usr/share/zoneinfo/posix/Europe/Malta", + "/usr/share/zoneinfo/posix/Europe/Minsk", + "/usr/share/zoneinfo/posix/Europe/Moscow", + "/usr/share/zoneinfo/posix/Europe/Paris", + "/usr/share/zoneinfo/posix/Europe/Prague", + "/usr/share/zoneinfo/posix/Europe/Riga", + "/usr/share/zoneinfo/posix/Europe/Rome", + "/usr/share/zoneinfo/posix/Europe/Samara", + "/usr/share/zoneinfo/posix/Europe/Saratov", + "/usr/share/zoneinfo/posix/Europe/Simferopol", + "/usr/share/zoneinfo/posix/Europe/Sofia", + "/usr/share/zoneinfo/posix/Europe/Tallinn", + "/usr/share/zoneinfo/posix/Europe/Tirane", + "/usr/share/zoneinfo/posix/Europe/Ulyanovsk", + "/usr/share/zoneinfo/posix/Europe/Vienna", + "/usr/share/zoneinfo/posix/Europe/Vilnius", + "/usr/share/zoneinfo/posix/Europe/Volgograd", + "/usr/share/zoneinfo/posix/Europe/Warsaw", + "/usr/share/zoneinfo/posix/Europe/Zurich", + "/usr/share/zoneinfo/posix/Factory", + "/usr/share/zoneinfo/posix/HST", + "/usr/share/zoneinfo/posix/Indian/Chagos", + "/usr/share/zoneinfo/posix/Indian/Maldives", + "/usr/share/zoneinfo/posix/Indian/Mauritius", + "/usr/share/zoneinfo/posix/MET", + "/usr/share/zoneinfo/posix/MST", + "/usr/share/zoneinfo/posix/MST7MDT", + "/usr/share/zoneinfo/posix/PST8PDT", + "/usr/share/zoneinfo/posix/Pacific/Apia", + "/usr/share/zoneinfo/posix/Pacific/Auckland", + "/usr/share/zoneinfo/posix/Pacific/Bougainville", + "/usr/share/zoneinfo/posix/Pacific/Chatham", + "/usr/share/zoneinfo/posix/Pacific/Easter", + "/usr/share/zoneinfo/posix/Pacific/Efate", + "/usr/share/zoneinfo/posix/Pacific/Fakaofo", + "/usr/share/zoneinfo/posix/Pacific/Fiji", + "/usr/share/zoneinfo/posix/Pacific/Galapagos", + "/usr/share/zoneinfo/posix/Pacific/Gambier", + "/usr/share/zoneinfo/posix/Pacific/Guadalcanal", + "/usr/share/zoneinfo/posix/Pacific/Guam", + "/usr/share/zoneinfo/posix/Pacific/Honolulu", + "/usr/share/zoneinfo/posix/Pacific/Kanton", + "/usr/share/zoneinfo/posix/Pacific/Kiritimati", + "/usr/share/zoneinfo/posix/Pacific/Kosrae", + "/usr/share/zoneinfo/posix/Pacific/Kwajalein", + "/usr/share/zoneinfo/posix/Pacific/Marquesas", + "/usr/share/zoneinfo/posix/Pacific/Nauru", + "/usr/share/zoneinfo/posix/Pacific/Niue", + "/usr/share/zoneinfo/posix/Pacific/Norfolk", + "/usr/share/zoneinfo/posix/Pacific/Noumea", + "/usr/share/zoneinfo/posix/Pacific/Pago_Pago", + "/usr/share/zoneinfo/posix/Pacific/Palau", + "/usr/share/zoneinfo/posix/Pacific/Pitcairn", + "/usr/share/zoneinfo/posix/Pacific/Port_Moresby", + "/usr/share/zoneinfo/posix/Pacific/Rarotonga", + "/usr/share/zoneinfo/posix/Pacific/Tahiti", + "/usr/share/zoneinfo/posix/Pacific/Tarawa", + "/usr/share/zoneinfo/posix/Pacific/Tongatapu", + "/usr/share/zoneinfo/posix/WET", + "/usr/share/zoneinfo/right/Africa/Abidjan", + "/usr/share/zoneinfo/right/Africa/Algiers", + "/usr/share/zoneinfo/right/Africa/Bissau", + "/usr/share/zoneinfo/right/Africa/Cairo", + "/usr/share/zoneinfo/right/Africa/Casablanca", + "/usr/share/zoneinfo/right/Africa/Ceuta", + "/usr/share/zoneinfo/right/Africa/El_Aaiun", + "/usr/share/zoneinfo/right/Africa/Johannesburg", + "/usr/share/zoneinfo/right/Africa/Juba", + "/usr/share/zoneinfo/right/Africa/Khartoum", + "/usr/share/zoneinfo/right/Africa/Lagos", + "/usr/share/zoneinfo/right/Africa/Maputo", + "/usr/share/zoneinfo/right/Africa/Monrovia", + "/usr/share/zoneinfo/right/Africa/Nairobi", + "/usr/share/zoneinfo/right/Africa/Ndjamena", + "/usr/share/zoneinfo/right/Africa/Sao_Tome", + "/usr/share/zoneinfo/right/Africa/Tripoli", + "/usr/share/zoneinfo/right/Africa/Tunis", + "/usr/share/zoneinfo/right/Africa/Windhoek", + "/usr/share/zoneinfo/right/America/Adak", + "/usr/share/zoneinfo/right/America/Anchorage", + "/usr/share/zoneinfo/right/America/Araguaina", + "/usr/share/zoneinfo/right/America/Argentina/Buenos_Aires", + "/usr/share/zoneinfo/right/America/Argentina/Catamarca", + "/usr/share/zoneinfo/right/America/Argentina/Cordoba", + "/usr/share/zoneinfo/right/America/Argentina/Jujuy", + "/usr/share/zoneinfo/right/America/Argentina/La_Rioja", + "/usr/share/zoneinfo/right/America/Argentina/Mendoza", + "/usr/share/zoneinfo/right/America/Argentina/Rio_Gallegos", + "/usr/share/zoneinfo/right/America/Argentina/Salta", + "/usr/share/zoneinfo/right/America/Argentina/San_Juan", + "/usr/share/zoneinfo/right/America/Argentina/San_Luis", + "/usr/share/zoneinfo/right/America/Argentina/Tucuman", + "/usr/share/zoneinfo/right/America/Argentina/Ushuaia", + "/usr/share/zoneinfo/right/America/Asuncion", + "/usr/share/zoneinfo/right/America/Bahia", + "/usr/share/zoneinfo/right/America/Bahia_Banderas", + "/usr/share/zoneinfo/right/America/Barbados", + "/usr/share/zoneinfo/right/America/Belem", + "/usr/share/zoneinfo/right/America/Belize", + "/usr/share/zoneinfo/right/America/Boa_Vista", + "/usr/share/zoneinfo/right/America/Bogota", + "/usr/share/zoneinfo/right/America/Boise", + "/usr/share/zoneinfo/right/America/Cambridge_Bay", + "/usr/share/zoneinfo/right/America/Campo_Grande", + "/usr/share/zoneinfo/right/America/Cancun", + "/usr/share/zoneinfo/right/America/Caracas", + "/usr/share/zoneinfo/right/America/Cayenne", + "/usr/share/zoneinfo/right/America/Chicago", + "/usr/share/zoneinfo/right/America/Chihuahua", + "/usr/share/zoneinfo/right/America/Ciudad_Juarez", + "/usr/share/zoneinfo/right/America/Costa_Rica", + "/usr/share/zoneinfo/right/America/Cuiaba", + "/usr/share/zoneinfo/right/America/Danmarkshavn", + "/usr/share/zoneinfo/right/America/Dawson", + "/usr/share/zoneinfo/right/America/Dawson_Creek", + "/usr/share/zoneinfo/right/America/Denver", + "/usr/share/zoneinfo/right/America/Detroit", + "/usr/share/zoneinfo/right/America/Edmonton", + "/usr/share/zoneinfo/right/America/Eirunepe", + "/usr/share/zoneinfo/right/America/El_Salvador", + "/usr/share/zoneinfo/right/America/Fort_Nelson", + "/usr/share/zoneinfo/right/America/Fortaleza", + "/usr/share/zoneinfo/right/America/Glace_Bay", + "/usr/share/zoneinfo/right/America/Goose_Bay", + "/usr/share/zoneinfo/right/America/Grand_Turk", + "/usr/share/zoneinfo/right/America/Guatemala", + "/usr/share/zoneinfo/right/America/Guayaquil", + "/usr/share/zoneinfo/right/America/Guyana", + "/usr/share/zoneinfo/right/America/Halifax", + "/usr/share/zoneinfo/right/America/Havana", + "/usr/share/zoneinfo/right/America/Hermosillo", + "/usr/share/zoneinfo/right/America/Indiana/Indianapolis", + "/usr/share/zoneinfo/right/America/Indiana/Knox", + "/usr/share/zoneinfo/right/America/Indiana/Marengo", + "/usr/share/zoneinfo/right/America/Indiana/Petersburg", + "/usr/share/zoneinfo/right/America/Indiana/Tell_City", + "/usr/share/zoneinfo/right/America/Indiana/Vevay", + "/usr/share/zoneinfo/right/America/Indiana/Vincennes", + "/usr/share/zoneinfo/right/America/Indiana/Winamac", + "/usr/share/zoneinfo/right/America/Inuvik", + "/usr/share/zoneinfo/right/America/Iqaluit", + "/usr/share/zoneinfo/right/America/Jamaica", + "/usr/share/zoneinfo/right/America/Juneau", + "/usr/share/zoneinfo/right/America/Kentucky/Louisville", + "/usr/share/zoneinfo/right/America/Kentucky/Monticello", + "/usr/share/zoneinfo/right/America/La_Paz", + "/usr/share/zoneinfo/right/America/Lima", + "/usr/share/zoneinfo/right/America/Los_Angeles", + "/usr/share/zoneinfo/right/America/Maceio", + "/usr/share/zoneinfo/right/America/Managua", + "/usr/share/zoneinfo/right/America/Manaus", + "/usr/share/zoneinfo/right/America/Martinique", + "/usr/share/zoneinfo/right/America/Matamoros", + "/usr/share/zoneinfo/right/America/Mazatlan", + "/usr/share/zoneinfo/right/America/Menominee", + "/usr/share/zoneinfo/right/America/Merida", + "/usr/share/zoneinfo/right/America/Metlakatla", + "/usr/share/zoneinfo/right/America/Mexico_City", + "/usr/share/zoneinfo/right/America/Miquelon", + "/usr/share/zoneinfo/right/America/Moncton", + "/usr/share/zoneinfo/right/America/Monterrey", + "/usr/share/zoneinfo/right/America/Montevideo", + "/usr/share/zoneinfo/right/America/New_York", + "/usr/share/zoneinfo/right/America/Nome", + "/usr/share/zoneinfo/right/America/Noronha", + "/usr/share/zoneinfo/right/America/North_Dakota/Beulah", + "/usr/share/zoneinfo/right/America/North_Dakota/Center", + "/usr/share/zoneinfo/right/America/North_Dakota/New_Salem", + "/usr/share/zoneinfo/right/America/Nuuk", + "/usr/share/zoneinfo/right/America/Ojinaga", + "/usr/share/zoneinfo/right/America/Panama", + "/usr/share/zoneinfo/right/America/Paramaribo", + "/usr/share/zoneinfo/right/America/Phoenix", + "/usr/share/zoneinfo/right/America/Port-au-Prince", + "/usr/share/zoneinfo/right/America/Porto_Velho", + "/usr/share/zoneinfo/right/America/Puerto_Rico", + "/usr/share/zoneinfo/right/America/Punta_Arenas", + "/usr/share/zoneinfo/right/America/Rankin_Inlet", + "/usr/share/zoneinfo/right/America/Recife", + "/usr/share/zoneinfo/right/America/Regina", + "/usr/share/zoneinfo/right/America/Resolute", + "/usr/share/zoneinfo/right/America/Rio_Branco", + "/usr/share/zoneinfo/right/America/Santarem", + "/usr/share/zoneinfo/right/America/Santiago", + "/usr/share/zoneinfo/right/America/Santo_Domingo", + "/usr/share/zoneinfo/right/America/Sao_Paulo", + "/usr/share/zoneinfo/right/America/Scoresbysund", + "/usr/share/zoneinfo/right/America/Sitka", + "/usr/share/zoneinfo/right/America/St_Johns", + "/usr/share/zoneinfo/right/America/Swift_Current", + "/usr/share/zoneinfo/right/America/Tegucigalpa", + "/usr/share/zoneinfo/right/America/Thule", + "/usr/share/zoneinfo/right/America/Tijuana", + "/usr/share/zoneinfo/right/America/Toronto", + "/usr/share/zoneinfo/right/America/Vancouver", + "/usr/share/zoneinfo/right/America/Whitehorse", + "/usr/share/zoneinfo/right/America/Winnipeg", + "/usr/share/zoneinfo/right/America/Yakutat", + "/usr/share/zoneinfo/right/Antarctica/Casey", + "/usr/share/zoneinfo/right/Antarctica/Davis", + "/usr/share/zoneinfo/right/Antarctica/Macquarie", + "/usr/share/zoneinfo/right/Antarctica/Mawson", + "/usr/share/zoneinfo/right/Antarctica/Palmer", + "/usr/share/zoneinfo/right/Antarctica/Rothera", + "/usr/share/zoneinfo/right/Antarctica/Troll", + "/usr/share/zoneinfo/right/Asia/Almaty", + "/usr/share/zoneinfo/right/Asia/Amman", + "/usr/share/zoneinfo/right/Asia/Anadyr", + "/usr/share/zoneinfo/right/Asia/Aqtau", + "/usr/share/zoneinfo/right/Asia/Aqtobe", + "/usr/share/zoneinfo/right/Asia/Ashgabat", + "/usr/share/zoneinfo/right/Asia/Atyrau", + "/usr/share/zoneinfo/right/Asia/Baghdad", + "/usr/share/zoneinfo/right/Asia/Baku", + "/usr/share/zoneinfo/right/Asia/Bangkok", + "/usr/share/zoneinfo/right/Asia/Barnaul", + "/usr/share/zoneinfo/right/Asia/Beirut", + "/usr/share/zoneinfo/right/Asia/Bishkek", + "/usr/share/zoneinfo/right/Asia/Chita", + "/usr/share/zoneinfo/right/Asia/Choibalsan", + "/usr/share/zoneinfo/right/Asia/Colombo", + "/usr/share/zoneinfo/right/Asia/Damascus", + "/usr/share/zoneinfo/right/Asia/Dhaka", + "/usr/share/zoneinfo/right/Asia/Dili", + "/usr/share/zoneinfo/right/Asia/Dubai", + "/usr/share/zoneinfo/right/Asia/Dushanbe", + "/usr/share/zoneinfo/right/Asia/Famagusta", + "/usr/share/zoneinfo/right/Asia/Gaza", + "/usr/share/zoneinfo/right/Asia/Hebron", + "/usr/share/zoneinfo/right/Asia/Ho_Chi_Minh", + "/usr/share/zoneinfo/right/Asia/Hong_Kong", + "/usr/share/zoneinfo/right/Asia/Hovd", + "/usr/share/zoneinfo/right/Asia/Irkutsk", + "/usr/share/zoneinfo/right/Asia/Jakarta", + "/usr/share/zoneinfo/right/Asia/Jayapura", + "/usr/share/zoneinfo/right/Asia/Jerusalem", + "/usr/share/zoneinfo/right/Asia/Kabul", + "/usr/share/zoneinfo/right/Asia/Kamchatka", + "/usr/share/zoneinfo/right/Asia/Karachi", + "/usr/share/zoneinfo/right/Asia/Kathmandu", + "/usr/share/zoneinfo/right/Asia/Khandyga", + "/usr/share/zoneinfo/right/Asia/Kolkata", + "/usr/share/zoneinfo/right/Asia/Krasnoyarsk", + "/usr/share/zoneinfo/right/Asia/Kuching", + "/usr/share/zoneinfo/right/Asia/Macau", + "/usr/share/zoneinfo/right/Asia/Magadan", + "/usr/share/zoneinfo/right/Asia/Makassar", + "/usr/share/zoneinfo/right/Asia/Manila", + "/usr/share/zoneinfo/right/Asia/Nicosia", + "/usr/share/zoneinfo/right/Asia/Novokuznetsk", + "/usr/share/zoneinfo/right/Asia/Novosibirsk", + "/usr/share/zoneinfo/right/Asia/Omsk", + "/usr/share/zoneinfo/right/Asia/Oral", + "/usr/share/zoneinfo/right/Asia/Pontianak", + "/usr/share/zoneinfo/right/Asia/Pyongyang", + "/usr/share/zoneinfo/right/Asia/Qatar", + "/usr/share/zoneinfo/right/Asia/Qostanay", + "/usr/share/zoneinfo/right/Asia/Qyzylorda", + "/usr/share/zoneinfo/right/Asia/Riyadh", + "/usr/share/zoneinfo/right/Asia/Sakhalin", + "/usr/share/zoneinfo/right/Asia/Samarkand", + "/usr/share/zoneinfo/right/Asia/Seoul", + "/usr/share/zoneinfo/right/Asia/Shanghai", + "/usr/share/zoneinfo/right/Asia/Singapore", + "/usr/share/zoneinfo/right/Asia/Srednekolymsk", + "/usr/share/zoneinfo/right/Asia/Taipei", + "/usr/share/zoneinfo/right/Asia/Tashkent", + "/usr/share/zoneinfo/right/Asia/Tbilisi", + "/usr/share/zoneinfo/right/Asia/Tehran", + "/usr/share/zoneinfo/right/Asia/Thimphu", + "/usr/share/zoneinfo/right/Asia/Tokyo", + "/usr/share/zoneinfo/right/Asia/Tomsk", + "/usr/share/zoneinfo/right/Asia/Ulaanbaatar", + "/usr/share/zoneinfo/right/Asia/Urumqi", + "/usr/share/zoneinfo/right/Asia/Ust-Nera", + "/usr/share/zoneinfo/right/Asia/Vladivostok", + "/usr/share/zoneinfo/right/Asia/Yakutsk", + "/usr/share/zoneinfo/right/Asia/Yangon", + "/usr/share/zoneinfo/right/Asia/Yekaterinburg", + "/usr/share/zoneinfo/right/Asia/Yerevan", + "/usr/share/zoneinfo/right/Atlantic/Azores", + "/usr/share/zoneinfo/right/Atlantic/Bermuda", + "/usr/share/zoneinfo/right/Atlantic/Canary", + "/usr/share/zoneinfo/right/Atlantic/Cape_Verde", + "/usr/share/zoneinfo/right/Atlantic/Faroe", + "/usr/share/zoneinfo/right/Atlantic/Madeira", + "/usr/share/zoneinfo/right/Atlantic/South_Georgia", + "/usr/share/zoneinfo/right/Atlantic/Stanley", + "/usr/share/zoneinfo/right/Australia/Adelaide", + "/usr/share/zoneinfo/right/Australia/Brisbane", + "/usr/share/zoneinfo/right/Australia/Broken_Hill", + "/usr/share/zoneinfo/right/Australia/Darwin", + "/usr/share/zoneinfo/right/Australia/Eucla", + "/usr/share/zoneinfo/right/Australia/Hobart", + "/usr/share/zoneinfo/right/Australia/Lindeman", + "/usr/share/zoneinfo/right/Australia/Lord_Howe", + "/usr/share/zoneinfo/right/Australia/Melbourne", + "/usr/share/zoneinfo/right/Australia/Perth", + "/usr/share/zoneinfo/right/Australia/Sydney", + "/usr/share/zoneinfo/right/CET", + "/usr/share/zoneinfo/right/CST6CDT", + "/usr/share/zoneinfo/right/EET", + "/usr/share/zoneinfo/right/EST", + "/usr/share/zoneinfo/right/EST5EDT", + "/usr/share/zoneinfo/right/Etc/GMT", + "/usr/share/zoneinfo/right/Etc/GMT+1", + "/usr/share/zoneinfo/right/Etc/GMT+10", + "/usr/share/zoneinfo/right/Etc/GMT+11", + "/usr/share/zoneinfo/right/Etc/GMT+12", + "/usr/share/zoneinfo/right/Etc/GMT+2", + "/usr/share/zoneinfo/right/Etc/GMT+3", + "/usr/share/zoneinfo/right/Etc/GMT+4", + "/usr/share/zoneinfo/right/Etc/GMT+5", + "/usr/share/zoneinfo/right/Etc/GMT+6", + "/usr/share/zoneinfo/right/Etc/GMT+7", + "/usr/share/zoneinfo/right/Etc/GMT+8", + "/usr/share/zoneinfo/right/Etc/GMT+9", + "/usr/share/zoneinfo/right/Etc/GMT-1", + "/usr/share/zoneinfo/right/Etc/GMT-10", + "/usr/share/zoneinfo/right/Etc/GMT-11", + "/usr/share/zoneinfo/right/Etc/GMT-12", + "/usr/share/zoneinfo/right/Etc/GMT-13", + "/usr/share/zoneinfo/right/Etc/GMT-14", + "/usr/share/zoneinfo/right/Etc/GMT-2", + "/usr/share/zoneinfo/right/Etc/GMT-3", + "/usr/share/zoneinfo/right/Etc/GMT-4", + "/usr/share/zoneinfo/right/Etc/GMT-5", + "/usr/share/zoneinfo/right/Etc/GMT-6", + "/usr/share/zoneinfo/right/Etc/GMT-7", + "/usr/share/zoneinfo/right/Etc/GMT-8", + "/usr/share/zoneinfo/right/Etc/GMT-9", + "/usr/share/zoneinfo/right/Etc/UTC", + "/usr/share/zoneinfo/right/Europe/Andorra", + "/usr/share/zoneinfo/right/Europe/Astrakhan", + "/usr/share/zoneinfo/right/Europe/Athens", + "/usr/share/zoneinfo/right/Europe/Belgrade", + "/usr/share/zoneinfo/right/Europe/Berlin", + "/usr/share/zoneinfo/right/Europe/Brussels", + "/usr/share/zoneinfo/right/Europe/Bucharest", + "/usr/share/zoneinfo/right/Europe/Budapest", + "/usr/share/zoneinfo/right/Europe/Chisinau", + "/usr/share/zoneinfo/right/Europe/Dublin", + "/usr/share/zoneinfo/right/Europe/Gibraltar", + "/usr/share/zoneinfo/right/Europe/Helsinki", + "/usr/share/zoneinfo/right/Europe/Istanbul", + "/usr/share/zoneinfo/right/Europe/Kaliningrad", + "/usr/share/zoneinfo/right/Europe/Kirov", + "/usr/share/zoneinfo/right/Europe/Kyiv", + "/usr/share/zoneinfo/right/Europe/Lisbon", + "/usr/share/zoneinfo/right/Europe/London", + "/usr/share/zoneinfo/right/Europe/Madrid", + "/usr/share/zoneinfo/right/Europe/Malta", + "/usr/share/zoneinfo/right/Europe/Minsk", + "/usr/share/zoneinfo/right/Europe/Moscow", + "/usr/share/zoneinfo/right/Europe/Paris", + "/usr/share/zoneinfo/right/Europe/Prague", + "/usr/share/zoneinfo/right/Europe/Riga", + "/usr/share/zoneinfo/right/Europe/Rome", + "/usr/share/zoneinfo/right/Europe/Samara", + "/usr/share/zoneinfo/right/Europe/Saratov", + "/usr/share/zoneinfo/right/Europe/Simferopol", + "/usr/share/zoneinfo/right/Europe/Sofia", + "/usr/share/zoneinfo/right/Europe/Tallinn", + "/usr/share/zoneinfo/right/Europe/Tirane", + "/usr/share/zoneinfo/right/Europe/Ulyanovsk", + "/usr/share/zoneinfo/right/Europe/Vienna", + "/usr/share/zoneinfo/right/Europe/Vilnius", + "/usr/share/zoneinfo/right/Europe/Volgograd", + "/usr/share/zoneinfo/right/Europe/Warsaw", + "/usr/share/zoneinfo/right/Europe/Zurich", + "/usr/share/zoneinfo/right/Factory", + "/usr/share/zoneinfo/right/HST", + "/usr/share/zoneinfo/right/Indian/Chagos", + "/usr/share/zoneinfo/right/Indian/Maldives", + "/usr/share/zoneinfo/right/Indian/Mauritius", + "/usr/share/zoneinfo/right/MET", + "/usr/share/zoneinfo/right/MST", + "/usr/share/zoneinfo/right/MST7MDT", + "/usr/share/zoneinfo/right/PST8PDT", + "/usr/share/zoneinfo/right/Pacific/Apia", + "/usr/share/zoneinfo/right/Pacific/Auckland", + "/usr/share/zoneinfo/right/Pacific/Bougainville", + "/usr/share/zoneinfo/right/Pacific/Chatham", + "/usr/share/zoneinfo/right/Pacific/Easter", + "/usr/share/zoneinfo/right/Pacific/Efate", + "/usr/share/zoneinfo/right/Pacific/Fakaofo", + "/usr/share/zoneinfo/right/Pacific/Fiji", + "/usr/share/zoneinfo/right/Pacific/Galapagos", + "/usr/share/zoneinfo/right/Pacific/Gambier", + "/usr/share/zoneinfo/right/Pacific/Guadalcanal", + "/usr/share/zoneinfo/right/Pacific/Guam", + "/usr/share/zoneinfo/right/Pacific/Honolulu", + "/usr/share/zoneinfo/right/Pacific/Kanton", + "/usr/share/zoneinfo/right/Pacific/Kiritimati", + "/usr/share/zoneinfo/right/Pacific/Kosrae", + "/usr/share/zoneinfo/right/Pacific/Kwajalein", + "/usr/share/zoneinfo/right/Pacific/Marquesas", + "/usr/share/zoneinfo/right/Pacific/Nauru", + "/usr/share/zoneinfo/right/Pacific/Niue", + "/usr/share/zoneinfo/right/Pacific/Norfolk", + "/usr/share/zoneinfo/right/Pacific/Noumea", + "/usr/share/zoneinfo/right/Pacific/Pago_Pago", + "/usr/share/zoneinfo/right/Pacific/Palau", + "/usr/share/zoneinfo/right/Pacific/Pitcairn", + "/usr/share/zoneinfo/right/Pacific/Port_Moresby", + "/usr/share/zoneinfo/right/Pacific/Rarotonga", + "/usr/share/zoneinfo/right/Pacific/Tahiti", + "/usr/share/zoneinfo/right/Pacific/Tarawa", + "/usr/share/zoneinfo/right/Pacific/Tongatapu", + "/usr/share/zoneinfo/right/WET", + "/usr/share/zoneinfo/tzdata.zi", + "/usr/share/zoneinfo/zone.tab", + "/usr/share/zoneinfo/zone1970.tab" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "ubuntu-keyring@2020.02.11.4", + "Name": "ubuntu-keyring", + "Identifier": { + "PURL": "pkg:deb/ubuntu/ubuntu-keyring@2020.02.11.4?arch=all\u0026distro=ubuntu-20.04", + "UID": "171f129b474e838b" + }, + "Version": "2020.02.11.4", + "Arch": "all", + "SrcName": "ubuntu-keyring", + "SrcVersion": "2020.02.11.4", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Dimitri John Ledkov \u003cdimitri.ledkov@canonical.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg", + "/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg", + "/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg", + "/usr/share/doc/ubuntu-keyring/changelog.gz", + "/usr/share/doc/ubuntu-keyring/copyright", + "/usr/share/keyrings/ubuntu-archive-keyring.gpg", + "/usr/share/keyrings/ubuntu-archive-removed-keys.gpg", + "/usr/share/keyrings/ubuntu-cloudimage-keyring.gpg", + "/usr/share/keyrings/ubuntu-cloudimage-removed-keys.gpg", + "/usr/share/keyrings/ubuntu-master-keyring.gpg" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "util-linux@2.34-0.1ubuntu9.3", + "Name": "util-linux", + "Identifier": { + "PURL": "pkg:deb/ubuntu/util-linux@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "7e27c675dec861ed" + }, + "Version": "2.34", + "Release": "0.1ubuntu9.3", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.34", + "SrcRelease": "0.1ubuntu9.3", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "public-domain", + "BSD-4-Clause", + "MIT", + "BSD-2-Clause", + "BSD-3-Clause", + "LGPL-2.0-or-later", + "LGPL-2.1-or-later", + "GPL-3.0-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "login@1:4.8.1-1ubuntu5.20.04.4" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/bin/dmesg", + "/bin/findmnt", + "/bin/lsblk", + "/bin/more", + "/bin/mountpoint", + "/bin/su", + "/bin/wdctl", + "/lib/systemd/system/fstrim.service", + "/lib/systemd/system/fstrim.timer", + "/lib/udev/hwclock-set", + "/sbin/agetty", + "/sbin/blkdiscard", + "/sbin/blkid", + "/sbin/blkzone", + "/sbin/blockdev", + "/sbin/chcpu", + "/sbin/ctrlaltdel", + "/sbin/findfs", + "/sbin/fsck", + "/sbin/fsck.cramfs", + "/sbin/fsck.minix", + "/sbin/fsfreeze", + "/sbin/fstrim", + "/sbin/hwclock", + "/sbin/isosize", + "/sbin/mkfs", + "/sbin/mkfs.bfs", + "/sbin/mkfs.cramfs", + "/sbin/mkfs.minix", + "/sbin/mkswap", + "/sbin/pivot_root", + "/sbin/raw", + "/sbin/runuser", + "/sbin/sulogin", + "/sbin/swaplabel", + "/sbin/switch_root", + "/sbin/wipefs", + "/sbin/zramctl", + "/usr/bin/addpart", + "/usr/bin/choom", + "/usr/bin/chrt", + "/usr/bin/delpart", + "/usr/bin/fallocate", + "/usr/bin/fincore", + "/usr/bin/flock", + "/usr/bin/getopt", + "/usr/bin/ionice", + "/usr/bin/ipcmk", + "/usr/bin/ipcrm", + "/usr/bin/ipcs", + "/usr/bin/last", + "/usr/bin/lscpu", + "/usr/bin/lsipc", + "/usr/bin/lslocks", + "/usr/bin/lslogins", + "/usr/bin/lsmem", + "/usr/bin/lsns", + "/usr/bin/mcookie", + "/usr/bin/mesg", + "/usr/bin/namei", + "/usr/bin/nsenter", + "/usr/bin/partx", + "/usr/bin/prlimit", + "/usr/bin/rename.ul", + "/usr/bin/resizepart", + "/usr/bin/rev", + "/usr/bin/setarch", + "/usr/bin/setpriv", + "/usr/bin/setsid", + "/usr/bin/setterm", + "/usr/bin/taskset", + "/usr/bin/unshare", + "/usr/bin/utmpdump", + "/usr/bin/whereis", + "/usr/lib/mime/packages/util-linux", + "/usr/sbin/chmem", + "/usr/sbin/fdformat", + "/usr/sbin/ldattach", + "/usr/sbin/readprofile", + "/usr/sbin/rtcwake", + "/usr/share/bash-completion/completions/addpart", + "/usr/share/bash-completion/completions/blkdiscard", + "/usr/share/bash-completion/completions/blkid", + "/usr/share/bash-completion/completions/blkzone", + "/usr/share/bash-completion/completions/blockdev", + "/usr/share/bash-completion/completions/chcpu", + "/usr/share/bash-completion/completions/chmem", + "/usr/share/bash-completion/completions/chrt", + "/usr/share/bash-completion/completions/ctrlaltdel", + "/usr/share/bash-completion/completions/delpart", + "/usr/share/bash-completion/completions/dmesg", + "/usr/share/bash-completion/completions/fallocate", + "/usr/share/bash-completion/completions/fdformat", + "/usr/share/bash-completion/completions/fincore", + "/usr/share/bash-completion/completions/findfs", + "/usr/share/bash-completion/completions/findmnt", + "/usr/share/bash-completion/completions/flock", + "/usr/share/bash-completion/completions/fsck", + "/usr/share/bash-completion/completions/fsck.cramfs", + "/usr/share/bash-completion/completions/fsck.minix", + "/usr/share/bash-completion/completions/fsfreeze", + "/usr/share/bash-completion/completions/fstrim", + "/usr/share/bash-completion/completions/getopt", + "/usr/share/bash-completion/completions/hwclock", + "/usr/share/bash-completion/completions/ionice", + "/usr/share/bash-completion/completions/ipcmk", + "/usr/share/bash-completion/completions/ipcrm", + "/usr/share/bash-completion/completions/ipcs", + "/usr/share/bash-completion/completions/isosize", + "/usr/share/bash-completion/completions/last", + "/usr/share/bash-completion/completions/ldattach", + "/usr/share/bash-completion/completions/lsblk", + "/usr/share/bash-completion/completions/lscpu", + "/usr/share/bash-completion/completions/lsipc", + "/usr/share/bash-completion/completions/lslocks", + "/usr/share/bash-completion/completions/lslogins", + "/usr/share/bash-completion/completions/lsmem", + "/usr/share/bash-completion/completions/lsns", + "/usr/share/bash-completion/completions/mcookie", + "/usr/share/bash-completion/completions/mesg", + "/usr/share/bash-completion/completions/mkfs", + "/usr/share/bash-completion/completions/mkfs.bfs", + "/usr/share/bash-completion/completions/mkfs.cramfs", + "/usr/share/bash-completion/completions/mkfs.minix", + "/usr/share/bash-completion/completions/mkswap", + "/usr/share/bash-completion/completions/more", + "/usr/share/bash-completion/completions/mountpoint", + "/usr/share/bash-completion/completions/namei", + "/usr/share/bash-completion/completions/nsenter", + "/usr/share/bash-completion/completions/partx", + "/usr/share/bash-completion/completions/pivot_root", + "/usr/share/bash-completion/completions/prlimit", + "/usr/share/bash-completion/completions/raw", + "/usr/share/bash-completion/completions/readprofile", + "/usr/share/bash-completion/completions/resizepart", + "/usr/share/bash-completion/completions/rev", + "/usr/share/bash-completion/completions/rtcwake", + "/usr/share/bash-completion/completions/setarch", + "/usr/share/bash-completion/completions/setpriv", + "/usr/share/bash-completion/completions/setsid", + "/usr/share/bash-completion/completions/setterm", + "/usr/share/bash-completion/completions/su", + "/usr/share/bash-completion/completions/swaplabel", + "/usr/share/bash-completion/completions/taskset", + "/usr/share/bash-completion/completions/unshare", + "/usr/share/bash-completion/completions/utmpdump", + "/usr/share/bash-completion/completions/wdctl", + "/usr/share/bash-completion/completions/whereis", + "/usr/share/bash-completion/completions/wipefs", + "/usr/share/bash-completion/completions/zramctl", + "/usr/share/doc/util-linux/00-about-docs.txt", + "/usr/share/doc/util-linux/AUTHORS.gz", + "/usr/share/doc/util-linux/NEWS.Debian.gz", + "/usr/share/doc/util-linux/PAM-configuration.txt", + "/usr/share/doc/util-linux/README.Debian", + "/usr/share/doc/util-linux/blkid.txt", + "/usr/share/doc/util-linux/cal.txt", + "/usr/share/doc/util-linux/col.txt", + "/usr/share/doc/util-linux/copyright", + "/usr/share/doc/util-linux/deprecated.txt", + "/usr/share/doc/util-linux/examples/filesystems", + "/usr/share/doc/util-linux/examples/fstab", + "/usr/share/doc/util-linux/examples/fstab.example2", + "/usr/share/doc/util-linux/examples/getopt-parse.bash", + "/usr/share/doc/util-linux/examples/getopt-parse.tcsh", + "/usr/share/doc/util-linux/examples/motd", + "/usr/share/doc/util-linux/examples/securetty", + "/usr/share/doc/util-linux/examples/shells", + "/usr/share/doc/util-linux/examples/udev-raw.rules", + "/usr/share/doc/util-linux/getopt.txt", + "/usr/share/doc/util-linux/getopt_changelog.txt", + "/usr/share/doc/util-linux/howto-build-sys.txt", + "/usr/share/doc/util-linux/howto-compilation.txt", + "/usr/share/doc/util-linux/howto-contribute.txt.gz", + "/usr/share/doc/util-linux/howto-debug.txt", + "/usr/share/doc/util-linux/howto-man-page.txt.gz", + "/usr/share/doc/util-linux/howto-pull-request.txt.gz", + "/usr/share/doc/util-linux/howto-tests.txt", + "/usr/share/doc/util-linux/howto-usage-function.txt.gz", + "/usr/share/doc/util-linux/hwclock.txt", + "/usr/share/doc/util-linux/modems-with-agetty.txt", + "/usr/share/doc/util-linux/mount.txt", + "/usr/share/doc/util-linux/parse-date.txt.gz", + "/usr/share/doc/util-linux/pg.txt", + "/usr/share/doc/util-linux/poeigl.txt.gz", + "/usr/share/doc/util-linux/release-schedule.txt", + "/usr/share/doc/util-linux/releases/v2.13-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.14-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.15-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.16-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.17-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.18-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.19-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.20-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.21-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.22-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.23-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.24-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.25-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.26-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.27-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.28-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.29-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.30-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.31-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.32-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.33-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.34-ReleaseNotes.gz", + "/usr/share/lintian/overrides/util-linux", + "/usr/share/man/man1/choom.1.gz", + "/usr/share/man/man1/chrt.1.gz", + "/usr/share/man/man1/dmesg.1.gz", + "/usr/share/man/man1/fallocate.1.gz", + "/usr/share/man/man1/fincore.1.gz", + "/usr/share/man/man1/flock.1.gz", + "/usr/share/man/man1/getopt.1.gz", + "/usr/share/man/man1/ionice.1.gz", + "/usr/share/man/man1/ipcmk.1.gz", + "/usr/share/man/man1/ipcrm.1.gz", + "/usr/share/man/man1/ipcs.1.gz", + "/usr/share/man/man1/last.1.gz", + "/usr/share/man/man1/lscpu.1.gz", + "/usr/share/man/man1/lsipc.1.gz", + "/usr/share/man/man1/lslogins.1.gz", + "/usr/share/man/man1/lsmem.1.gz", + "/usr/share/man/man1/mcookie.1.gz", + "/usr/share/man/man1/mesg.1.gz", + "/usr/share/man/man1/more.1.gz", + "/usr/share/man/man1/mountpoint.1.gz", + "/usr/share/man/man1/namei.1.gz", + "/usr/share/man/man1/nsenter.1.gz", + "/usr/share/man/man1/prlimit.1.gz", + "/usr/share/man/man1/rename.ul.1.gz", + "/usr/share/man/man1/rev.1.gz", + "/usr/share/man/man1/runuser.1.gz", + "/usr/share/man/man1/setpriv.1.gz", + "/usr/share/man/man1/setsid.1.gz", + "/usr/share/man/man1/setterm.1.gz", + "/usr/share/man/man1/su.1.gz", + "/usr/share/man/man1/taskset.1.gz", + "/usr/share/man/man1/unshare.1.gz", + "/usr/share/man/man1/utmpdump.1.gz", + "/usr/share/man/man1/whereis.1.gz", + "/usr/share/man/man5/adjtime_config.5.gz", + "/usr/share/man/man5/hwclock.5.gz", + "/usr/share/man/man5/terminal-colors.d.5.gz", + "/usr/share/man/man8/addpart.8.gz", + "/usr/share/man/man8/agetty.8.gz", + "/usr/share/man/man8/blkdiscard.8.gz", + "/usr/share/man/man8/blkid.8.gz", + "/usr/share/man/man8/blkzone.8.gz", + "/usr/share/man/man8/blockdev.8.gz", + "/usr/share/man/man8/chcpu.8.gz", + "/usr/share/man/man8/chmem.8.gz", + "/usr/share/man/man8/ctrlaltdel.8.gz", + "/usr/share/man/man8/delpart.8.gz", + "/usr/share/man/man8/fdformat.8.gz", + "/usr/share/man/man8/findfs.8.gz", + "/usr/share/man/man8/findmnt.8.gz", + "/usr/share/man/man8/fsck.8.gz", + "/usr/share/man/man8/fsck.cramfs.8.gz", + "/usr/share/man/man8/fsck.minix.8.gz", + "/usr/share/man/man8/fsfreeze.8.gz", + "/usr/share/man/man8/fstrim.8.gz", + "/usr/share/man/man8/hwclock.8.gz", + "/usr/share/man/man8/isosize.8.gz", + "/usr/share/man/man8/ldattach.8.gz", + "/usr/share/man/man8/lsblk.8.gz", + "/usr/share/man/man8/lslocks.8.gz", + "/usr/share/man/man8/lsns.8.gz", + "/usr/share/man/man8/mkfs.8.gz", + "/usr/share/man/man8/mkfs.bfs.8.gz", + "/usr/share/man/man8/mkfs.cramfs.8.gz", + "/usr/share/man/man8/mkfs.minix.8.gz", + "/usr/share/man/man8/mkswap.8.gz", + "/usr/share/man/man8/partx.8.gz", + "/usr/share/man/man8/pivot_root.8.gz", + "/usr/share/man/man8/raw.8.gz", + "/usr/share/man/man8/readprofile.8.gz", + "/usr/share/man/man8/resizepart.8.gz", + "/usr/share/man/man8/rtcwake.8.gz", + "/usr/share/man/man8/setarch.8.gz", + "/usr/share/man/man8/sulogin.8.gz", + "/usr/share/man/man8/swaplabel.8.gz", + "/usr/share/man/man8/switch_root.8.gz", + "/usr/share/man/man8/wdctl.8.gz", + "/usr/share/man/man8/wipefs.8.gz", + "/usr/share/man/man8/zramctl.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "xz-utils@5.2.4-1ubuntu1.1", + "Name": "xz-utils", + "Identifier": { + "PURL": "pkg:deb/ubuntu/xz-utils@5.2.4-1ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "974d966ce8465f86" + }, + "Version": "5.2.4", + "Release": "1ubuntu1.1", + "Arch": "amd64", + "SrcName": "xz-utils", + "SrcVersion": "5.2.4", + "SrcRelease": "1ubuntu1.1", + "Licenses": [ + "PD", + "probably-PD", + "GPL-2.0-or-later", + "LGPL-2.1-or-later", + "permissive-fsf", + "Autoconf", + "permissive-nowarranty", + "GPL-2.0-only", + "none", + "config-h", + "LGPL-2.0-only", + "LGPL-2.1-only", + "noderivs", + "PD-debian", + "GPL-3.0-only" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "liblzma5@5.2.4-1ubuntu1.1" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "InstalledFiles": [ + "/usr/bin/lzmainfo", + "/usr/bin/xz", + "/usr/bin/xzdiff", + "/usr/bin/xzgrep", + "/usr/bin/xzless", + "/usr/bin/xzmore", + "/usr/share/doc/xz-utils/README.Debian", + "/usr/share/doc/xz-utils/README.gz", + "/usr/share/doc/xz-utils/copyright", + "/usr/share/doc/xz-utils/extra/7z2lzma/7z2lzma.bash", + "/usr/share/doc/xz-utils/extra/scanlzma/scanlzma.c", + "/usr/share/doc/xz-utils/faq.txt.gz", + "/usr/share/doc/xz-utils/history.txt.gz", + "/usr/share/man/man1/lzmainfo.1.gz", + "/usr/share/man/man1/xz.1.gz", + "/usr/share/man/man1/xzdiff.1.gz", + "/usr/share/man/man1/xzgrep.1.gz", + "/usr/share/man/man1/xzless.1.gz", + "/usr/share/man/man1/xzmore.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "zlib1g@1:1.2.11.dfsg-2ubuntu1.5", + "Name": "zlib1g", + "Identifier": { + "PURL": "pkg:deb/ubuntu/zlib1g@1.2.11.dfsg-2ubuntu1.5?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "cfc4093dfe4613c8" + }, + "Version": "1.2.11.dfsg", + "Release": "2ubuntu1.5", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "zlib", + "SrcVersion": "1.2.11.dfsg", + "SrcRelease": "2ubuntu1.5", + "SrcEpoch": 1, + "Licenses": [ + "Zlib" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9" + ], + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "InstalledFiles": [ + "/lib/x86_64-linux-gnu/libz.so.1.2.11", + "/usr/share/doc/zlib1g/changelog.Debian.gz", + "/usr/share/doc/zlib1g/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "zstd@1.4.4+dfsg-3ubuntu0.1", + "Name": "zstd", + "Identifier": { + "PURL": "pkg:deb/ubuntu/zstd@1.4.4%2Bdfsg-3ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "c241c66ea148cdc1" + }, + "Version": "1.4.4+dfsg", + "Release": "3ubuntu0.1", + "Arch": "amd64", + "SrcName": "libzstd", + "SrcVersion": "1.4.4+dfsg", + "SrcRelease": "3ubuntu0.1", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only", + "Zlib", + "GPL-2.0-or-later", + "MIT" + ], + "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.31-0ubuntu9.9", + "libgcc-s1@10.3.0-1ubuntu1~20.04", + "liblz4-1@1.9.2-2ubuntu0.20.04.1", + "liblzma5@5.2.4-1ubuntu1.1", + "libstdc++6@10.3.0-1ubuntu1~20.04", + "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "InstalledFiles": [ + "/usr/bin/pzstd", + "/usr/bin/zstd", + "/usr/bin/zstdgrep", + "/usr/bin/zstdless", + "/usr/share/doc/zstd/CODE_OF_CONDUCT.md", + "/usr/share/doc/zstd/CONTRIBUTING.md", + "/usr/share/doc/zstd/README.md.gz", + "/usr/share/doc/zstd/TESTING.md", + "/usr/share/doc/zstd/changelog.Debian.gz", + "/usr/share/doc/zstd/copyright", + "/usr/share/man/man1/pzstd.1.gz", + "/usr/share/man/man1/unzstd.1.gz", + "/usr/share/man/man1/zstd.1.gz", + "/usr/share/man/man1/zstdcat.1.gz", + "/usr/share/man/man1/zstdgrep.1.gz", + "/usr/share/man/man1/zstdless.1.gz", + "/usr/share/man/man1/zstdmt.1.gz" + ], + "AnalyzedBy": "dpkg" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2024-28085", + "PkgID": "bsdutils@1:2.34-0.1ubuntu9.3", + "PkgName": "bsdutils", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/bsdutils@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "c2f19fe3db589c3b" + }, + "InstalledVersion": "1:2.34-0.1ubuntu9.3", + "FixedVersion": "2.34-0.1ubuntu9.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:dcc86debc2625a2205e72ae130e4acb371c763f9526934b0f197a308b03528ba", + "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", + "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "azure": 1, + "cbl-mariner": 1, + "photon": 1, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2024/Mar/35", + "http://www.openwall.com/lists/oss-security/2024/03/27/5", + "http://www.openwall.com/lists/oss-security/2024/03/27/6", + "http://www.openwall.com/lists/oss-security/2024/03/27/7", + "http://www.openwall.com/lists/oss-security/2024/03/27/8", + "http://www.openwall.com/lists/oss-security/2024/03/27/9", + "http://www.openwall.com/lists/oss-security/2024/03/28/1", + "http://www.openwall.com/lists/oss-security/2024/03/28/2", + "http://www.openwall.com/lists/oss-security/2024/03/28/3", + "https://access.redhat.com/security/cve/CVE-2024-28085", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", + "https://github.com/skyler-ferrante/CVE-2024-28085", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", + "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", + "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", + "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", + "https://security.netapp.com/advisory/ntap-20240531-0003/", + "https://ubuntu.com/security/notices/USN-6719-1", + "https://ubuntu.com/security/notices/USN-6719-2", + "https://www.cve.org/CVERecord?id=CVE-2024-28085", + "https://www.openwall.com/lists/oss-security/2024/03/27/5" + ], + "PublishedDate": "2024-03-27T19:15:48.367Z", + "LastModifiedDate": "2026-05-12T12:16:33.7Z" + }, + { + "VulnerabilityID": "CVE-2024-28085", + "PkgID": "fdisk@2.34-0.1ubuntu9.3", + "PkgName": "fdisk", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/fdisk@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e93cc0834325a9d6" + }, + "InstalledVersion": "2.34-0.1ubuntu9.3", + "FixedVersion": "2.34-0.1ubuntu9.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:8c6d839b16d74a99a59a1c5e87c95b3646588a7a0c3049e1be96153369d3f7cc", + "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", + "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "azure": 1, + "cbl-mariner": 1, + "photon": 1, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2024/Mar/35", + "http://www.openwall.com/lists/oss-security/2024/03/27/5", + "http://www.openwall.com/lists/oss-security/2024/03/27/6", + "http://www.openwall.com/lists/oss-security/2024/03/27/7", + "http://www.openwall.com/lists/oss-security/2024/03/27/8", + "http://www.openwall.com/lists/oss-security/2024/03/27/9", + "http://www.openwall.com/lists/oss-security/2024/03/28/1", + "http://www.openwall.com/lists/oss-security/2024/03/28/2", + "http://www.openwall.com/lists/oss-security/2024/03/28/3", + "https://access.redhat.com/security/cve/CVE-2024-28085", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", + "https://github.com/skyler-ferrante/CVE-2024-28085", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", + "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", + "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", + "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", + "https://security.netapp.com/advisory/ntap-20240531-0003/", + "https://ubuntu.com/security/notices/USN-6719-1", + "https://ubuntu.com/security/notices/USN-6719-2", + "https://www.cve.org/CVERecord?id=CVE-2024-28085", + "https://www.openwall.com/lists/oss-security/2024/03/27/5" + ], + "PublishedDate": "2024-03-27T19:15:48.367Z", + "LastModifiedDate": "2026-05-12T12:16:33.7Z" + }, + { + "VulnerabilityID": "CVE-2023-4156", + "PkgID": "gawk@1:5.0.1+dfsg-1", + "PkgName": "gawk", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/gawk@5.0.1%2Bdfsg-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "e7d9fd5e0ccccae5" + }, + "InstalledVersion": "1:5.0.1+dfsg-1", + "FixedVersion": "1:5.0.1+dfsg-1ubuntu0.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-4156", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:a5586142305ed8f70b5c5b8742c0eda9264fc5ad7e521a2f24bc30b4b64403cc", + "Title": "gawk: heap out of bound read in builtin.c", + "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "amazon": 1, + "cbl-mariner": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "V3Score": 7.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-4156", + "https://bugzilla.redhat.com/show_bug.cgi?id=2215930", + "https://git.savannah.gnu.org/gitweb/?p=gawk.git;a=commitdiff;h=e709eb829448ce040087a3fc5481db6bfcaae212 (gawk-5.2.0)", + "https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00000.html", + "https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00023.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", + "https://ubuntu.com/security/notices/USN-6373-1", + "https://www.cve.org/CVERecord?id=CVE-2023-4156" + ], + "PublishedDate": "2023-09-25T18:15:11.013Z", + "LastModifiedDate": "2024-11-21T08:34:30.16Z" + }, + { + "VulnerabilityID": "CVE-2025-30258", + "PkgID": "gpg@2.2.19-3ubuntu2.2", + "PkgName": "gpg", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/gpg@2.2.19-3ubuntu2.2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "c3f3b0f55f5d5301" + }, + "InstalledVersion": "2.2.19-3ubuntu2.2", + "FixedVersion": "2.2.19-3ubuntu2.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:50bd8b9ac64aae0c6357ec1b119ba46be2753a04929fa5b368def5c3face3ade", + "Title": "gnupg: verification DoS due to a malicious subkey in the keyring", + "Description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "V3Score": 2.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-30258", + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "https://ubuntu.com/security/notices/USN-7412-1", + "https://ubuntu.com/security/notices/USN-7412-3", + "https://www.cve.org/CVERecord?id=CVE-2025-30258" + ], + "PublishedDate": "2025-03-19T20:15:20.14Z", + "LastModifiedDate": "2025-10-16T16:53:07.557Z" + }, + { + "VulnerabilityID": "CVE-2025-30258", + "PkgID": "gpgconf@2.2.19-3ubuntu2.2", + "PkgName": "gpgconf", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/gpgconf@2.2.19-3ubuntu2.2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "fc417bd7bd03106c" + }, + "InstalledVersion": "2.2.19-3ubuntu2.2", + "FixedVersion": "2.2.19-3ubuntu2.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:67958bf0bc9cf0c596f07ea49621022d056aabf5c0f3483160f6bcf0ee04b33b", + "Title": "gnupg: verification DoS due to a malicious subkey in the keyring", + "Description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "V3Score": 2.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-30258", + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "https://ubuntu.com/security/notices/USN-7412-1", + "https://ubuntu.com/security/notices/USN-7412-3", + "https://www.cve.org/CVERecord?id=CVE-2025-30258" + ], + "PublishedDate": "2025-03-19T20:15:20.14Z", + "LastModifiedDate": "2025-10-16T16:53:07.557Z" + }, + { + "VulnerabilityID": "CVE-2025-30258", + "PkgID": "gpgv@2.2.19-3ubuntu2.2", + "PkgName": "gpgv", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/gpgv@2.2.19-3ubuntu2.2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "94c47271b8f35208" + }, + "InstalledVersion": "2.2.19-3ubuntu2.2", + "FixedVersion": "2.2.19-3ubuntu2.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:d0a360b33ea7a53f366e8c6b8fa3910517df123cad4e0649ee9a3c6ad95b8ab1", + "Title": "gnupg: verification DoS due to a malicious subkey in the keyring", + "Description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", + "V3Score": 2.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-30258", + "https://dev.gnupg.org/T7527", + "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", + "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", + "https://ubuntu.com/security/notices/USN-7412-1", + "https://ubuntu.com/security/notices/USN-7412-3", + "https://www.cve.org/CVERecord?id=CVE-2025-30258" + ], + "PublishedDate": "2025-03-19T20:15:20.14Z", + "LastModifiedDate": "2025-10-16T16:53:07.557Z" + }, + { + "VulnerabilityID": "CVE-2024-28085", + "PkgID": "libblkid1@2.34-0.1ubuntu9.3", + "PkgName": "libblkid1", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libblkid1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "97537d4ff7af8af0" + }, + "InstalledVersion": "2.34-0.1ubuntu9.3", + "FixedVersion": "2.34-0.1ubuntu9.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:2bc304354120fa98c9e0875a3d760707d9b4fcea877568abf9b330193b15ce10", + "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", + "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "azure": 1, + "cbl-mariner": 1, + "photon": 1, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2024/Mar/35", + "http://www.openwall.com/lists/oss-security/2024/03/27/5", + "http://www.openwall.com/lists/oss-security/2024/03/27/6", + "http://www.openwall.com/lists/oss-security/2024/03/27/7", + "http://www.openwall.com/lists/oss-security/2024/03/27/8", + "http://www.openwall.com/lists/oss-security/2024/03/27/9", + "http://www.openwall.com/lists/oss-security/2024/03/28/1", + "http://www.openwall.com/lists/oss-security/2024/03/28/2", + "http://www.openwall.com/lists/oss-security/2024/03/28/3", + "https://access.redhat.com/security/cve/CVE-2024-28085", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", + "https://github.com/skyler-ferrante/CVE-2024-28085", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", + "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", + "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", + "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", + "https://security.netapp.com/advisory/ntap-20240531-0003/", + "https://ubuntu.com/security/notices/USN-6719-1", + "https://ubuntu.com/security/notices/USN-6719-2", + "https://www.cve.org/CVERecord?id=CVE-2024-28085", + "https://www.openwall.com/lists/oss-security/2024/03/27/5" + ], + "PublishedDate": "2024-03-27T19:15:48.367Z", + "LastModifiedDate": "2026-05-12T12:16:33.7Z" + }, + { + "VulnerabilityID": "CVE-2024-2961", + "PkgID": "libc-bin@2.31-0ubuntu9.9", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e0f705ec068d1f26" + }, + "InstalledVersion": "2.31-0ubuntu9.9", + "FixedVersion": "2.31-0ubuntu9.15", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-2961", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:1f2b6349b89ac60d1388c9bd6ee6f113b4a2c859ea30810d8efed362d102cc57", + "Title": "glibc: Out of bounds write in iconv may lead to remote code execution", + "Description": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/04/17/9", + "http://www.openwall.com/lists/oss-security/2024/04/18/4", + "http://www.openwall.com/lists/oss-security/2024/04/24/2", + "http://www.openwall.com/lists/oss-security/2024/05/27/1", + "http://www.openwall.com/lists/oss-security/2024/05/27/2", + "http://www.openwall.com/lists/oss-security/2024/05/27/3", + "http://www.openwall.com/lists/oss-security/2024/05/27/4", + "http://www.openwall.com/lists/oss-security/2024/05/27/5", + "http://www.openwall.com/lists/oss-security/2024/05/27/6", + "http://www.openwall.com/lists/oss-security/2024/07/22/5", + "https://access.redhat.com/errata/RHSA-2024:3339", + "https://access.redhat.com/security/cve/CVE-2024-2961", + "https://bugzilla.redhat.com/2273404", + "https://bugzilla.redhat.com/2277202", + "https://bugzilla.redhat.com/2277204", + "https://bugzilla.redhat.com/2277205", + "https://bugzilla.redhat.com/2277206", + "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", + "https://errata.almalinux.org/9/ALSA-2024-3339.html", + "https://errata.rockylinux.org/RLSA-2024:3339", + "https://linux.oracle.com/cve/CVE-2024-2961.html", + "https://linux.oracle.com/errata/ELSA-2024-3588.html", + "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-2961", + "https://security.netapp.com/advisory/ntap-20240531-0002/", + "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004", + "https://ubuntu.com/security/notices/USN-6737-1", + "https://ubuntu.com/security/notices/USN-6737-2", + "https://ubuntu.com/security/notices/USN-6762-1", + "https://www.ambionics.io/blog/iconv-cve-2024-2961-p1", + "https://www.ambionics.io/blog/iconv-cve-2024-2961-p2", + "https://www.ambionics.io/blog/iconv-cve-2024-2961-p3", + "https://www.cve.org/CVERecord?id=CVE-2024-2961", + "https://www.openwall.com/lists/oss-security/2024/04/17/9" + ], + "PublishedDate": "2024-04-17T18:15:15.833Z", + "LastModifiedDate": "2026-05-12T12:16:34.22Z" + }, + { + "VulnerabilityID": "CVE-2024-33599", + "PkgID": "libc-bin@2.31-0ubuntu9.9", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e0f705ec068d1f26" + }, + "InstalledVersion": "2.31-0ubuntu9.9", + "FixedVersion": "2.31-0ubuntu9.16", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33599", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:a0e7d6b2813e32d617abe362bd6a5fba363f14cb80e9966d8178c3a1db196b9d", + "Title": "glibc: stack-based buffer overflow in netgroup cache", + "Description": "nscd: Stack-based buffer overflow in netgroup cache\n\nIf the Name Service Cache Daemon's (nscd) fixed size cache is exhausted\nby client requests then a subsequent client request for netgroup data\nmay result in a stack-based buffer overflow. This flaw was introduced\nin glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-121" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 7.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/07/22/5", + "https://access.redhat.com/errata/RHSA-2024:3339", + "https://access.redhat.com/security/cve/CVE-2024-33599", + "https://bugzilla.redhat.com/2273404", + "https://bugzilla.redhat.com/2277202", + "https://bugzilla.redhat.com/2277204", + "https://bugzilla.redhat.com/2277205", + "https://bugzilla.redhat.com/2277206", + "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", + "https://errata.almalinux.org/9/ALSA-2024-3339.html", + "https://errata.rockylinux.org/RLSA-2024:3339", + "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", + "https://linux.oracle.com/cve/CVE-2024-33599.html", + "https://linux.oracle.com/errata/ELSA-2024-3588.html", + "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-33599", + "https://security.netapp.com/advisory/ntap-20240524-0011/", + "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005", + "https://ubuntu.com/security/notices/USN-6804-1", + "https://www.cve.org/CVERecord?id=CVE-2024-33599", + "https://www.openwall.com/lists/oss-security/2024/04/24/2" + ], + "PublishedDate": "2024-05-06T20:15:11.437Z", + "LastModifiedDate": "2026-05-12T12:16:34.477Z" + }, + { + "VulnerabilityID": "CVE-2024-33600", + "PkgID": "libc-bin@2.31-0ubuntu9.9", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e0f705ec068d1f26" + }, + "InstalledVersion": "2.31-0ubuntu9.9", + "FixedVersion": "2.31-0ubuntu9.16", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33600", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:efebe046bdb4ad4a453378598d50cc2e9b87f6fd8d5938cae1581dde3532546c", + "Title": "glibc: null pointer dereferences after failed netgroup cache insertion", + "Description": "nscd: Null pointer crashes after notfound response\n\nIf the Name Service Cache Daemon's (nscd) cache fails to add a not-found\nnetgroup response to the cache, the client request can result in a null\npointer dereference. This flaw was introduced in glibc 2.15 when the\ncache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/07/22/5", + "https://access.redhat.com/errata/RHSA-2024:3339", + "https://access.redhat.com/security/cve/CVE-2024-33600", + "https://bugzilla.redhat.com/2273404", + "https://bugzilla.redhat.com/2277202", + "https://bugzilla.redhat.com/2277204", + "https://bugzilla.redhat.com/2277205", + "https://bugzilla.redhat.com/2277206", + "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", + "https://errata.almalinux.org/9/ALSA-2024-3339.html", + "https://errata.rockylinux.org/RLSA-2024:3339", + "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", + "https://linux.oracle.com/cve/CVE-2024-33600.html", + "https://linux.oracle.com/errata/ELSA-2024-3588.html", + "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-33600", + "https://security.netapp.com/advisory/ntap-20240524-0013/", + "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006", + "https://ubuntu.com/security/notices/USN-6804-1", + "https://www.cve.org/CVERecord?id=CVE-2024-33600", + "https://www.openwall.com/lists/oss-security/2024/04/24/2" + ], + "PublishedDate": "2024-05-06T20:15:11.523Z", + "LastModifiedDate": "2026-05-12T12:16:34.687Z" + }, + { + "VulnerabilityID": "CVE-2024-33601", + "PkgID": "libc-bin@2.31-0ubuntu9.9", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e0f705ec068d1f26" + }, + "InstalledVersion": "2.31-0ubuntu9.9", + "FixedVersion": "2.31-0ubuntu9.16", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33601", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:3cfa8d003e22285ea0551a5bcce8137199273c64b3b3fc0348bcdab5b2a46dc3", + "Title": "glibc: netgroup cache may terminate daemon on memory allocation failure", + "Description": "nscd: netgroup cache may terminate daemon on memory allocation failure\n\nThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients. The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-617" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/07/22/5", + "https://access.redhat.com/errata/RHSA-2024:3339", + "https://access.redhat.com/security/cve/CVE-2024-33601", + "https://bugzilla.redhat.com/2273404", + "https://bugzilla.redhat.com/2277202", + "https://bugzilla.redhat.com/2277204", + "https://bugzilla.redhat.com/2277205", + "https://bugzilla.redhat.com/2277206", + "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", + "https://errata.almalinux.org/9/ALSA-2024-3339.html", + "https://errata.rockylinux.org/RLSA-2024:3339", + "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", + "https://linux.oracle.com/cve/CVE-2024-33601.html", + "https://linux.oracle.com/errata/ELSA-2024-3588.html", + "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-33601", + "https://security.netapp.com/advisory/ntap-20240524-0014/", + "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007", + "https://ubuntu.com/security/notices/USN-6804-1", + "https://www.cve.org/CVERecord?id=CVE-2024-33601", + "https://www.openwall.com/lists/oss-security/2024/04/24/2" + ], + "PublishedDate": "2024-05-06T20:15:11.603Z", + "LastModifiedDate": "2026-05-12T12:16:34.87Z" + }, + { + "VulnerabilityID": "CVE-2024-33602", + "PkgID": "libc-bin@2.31-0ubuntu9.9", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e0f705ec068d1f26" + }, + "InstalledVersion": "2.31-0ubuntu9.9", + "FixedVersion": "2.31-0ubuntu9.16", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33602", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:9ae2ecfe27586e7c26fcb978b7d1e9b91cf7a5706c5d50d0d8785cc7da6ed685", + "Title": "glibc: netgroup cache assumes NSS callback uses in-buffer strings", + "Description": "nscd: netgroup cache assumes NSS callback uses in-buffer strings\n\nThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory\nwhen the NSS callback does not store all strings in the provided buffer.\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-466" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/07/22/5", + "https://access.redhat.com/errata/RHSA-2024:3339", + "https://access.redhat.com/security/cve/CVE-2024-33602", + "https://bugzilla.redhat.com/2273404", + "https://bugzilla.redhat.com/2277202", + "https://bugzilla.redhat.com/2277204", + "https://bugzilla.redhat.com/2277205", + "https://bugzilla.redhat.com/2277206", + "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", + "https://errata.almalinux.org/9/ALSA-2024-3339.html", + "https://errata.rockylinux.org/RLSA-2024:3339", + "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", + "https://linux.oracle.com/cve/CVE-2024-33602.html", + "https://linux.oracle.com/errata/ELSA-2024-3588.html", + "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-33602", + "https://security.netapp.com/advisory/ntap-20240524-0012/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=31680", + "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008", + "https://ubuntu.com/security/notices/USN-6804-1", + "https://www.cve.org/CVERecord?id=CVE-2024-33602", + "https://www.openwall.com/lists/oss-security/2024/04/24/2" + ], + "PublishedDate": "2024-05-06T20:15:11.68Z", + "LastModifiedDate": "2026-05-12T12:16:35.07Z" + }, + { + "VulnerabilityID": "CVE-2025-0395", + "PkgID": "libc-bin@2.31-0ubuntu9.9", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e0f705ec068d1f26" + }, + "InstalledVersion": "2.31-0ubuntu9.9", + "FixedVersion": "2.31-0ubuntu9.17", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0395", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:85e15b000ca9835a279b8ce1f6891d26a97feaf6cfa9a2811b3badc4bbeaa744", + "Title": "glibc: buffer overflow in the GNU C Library's assert()", + "Description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-131" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 1, + "cbl-mariner": 1, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/01/22/4", + "http://www.openwall.com/lists/oss-security/2025/01/23/2", + "http://www.openwall.com/lists/oss-security/2025/04/13/1", + "http://www.openwall.com/lists/oss-security/2025/04/24/7", + "https://access.redhat.com/errata/RHSA-2025:4244", + "https://access.redhat.com/security/cve/CVE-2025-0395", + "https://bugzilla.redhat.com/2339460", + "https://bugzilla.redhat.com/show_bug.cgi?id=2339460", + "https://cert-portal.siemens.com/productcert/html/ssa-398330.html", + "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0395", + "https://errata.almalinux.org/9/ALSA-2025-4244.html", + "https://errata.rockylinux.org/RLSA-2025:4244", + "https://linux.oracle.com/cve/CVE-2025-0395.html", + "https://linux.oracle.com/errata/ELSA-2025-4244.html", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00039.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-0395", + "https://security.netapp.com/advisory/ntap-20250228-0006/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32582", + "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001", + "https://sourceware.org/pipermail/libc-announce/2025/000044.html", + "https://ubuntu.com/security/notices/USN-7259-1", + "https://ubuntu.com/security/notices/USN-7259-2", + "https://ubuntu.com/security/notices/USN-7259-3", + "https://www.cve.org/CVERecord?id=CVE-2025-0395", + "https://www.openwall.com/lists/oss-security/2025/01/22/4" + ], + "PublishedDate": "2025-01-22T13:15:20.933Z", + "LastModifiedDate": "2026-05-12T13:16:27.947Z" + }, + { + "VulnerabilityID": "CVE-2025-4802", + "PkgID": "libc-bin@2.31-0ubuntu9.9", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e0f705ec068d1f26" + }, + "InstalledVersion": "2.31-0ubuntu9.9", + "FixedVersion": "2.31-0ubuntu9.18", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4802", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:6382b637e2a5ac61bb24bf8bc5964288d1772cd670d2af4c8cd108aa17f1f7b0", + "Title": "glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH", + "Description": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-426" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/16/7", + "http://www.openwall.com/lists/oss-security/2025/05/17/2", + "https://access.redhat.com/errata/RHSA-2025:8655", + "https://access.redhat.com/security/cve/CVE-2025-4802", + "https://bugzilla.redhat.com/2367468", + "https://bugzilla.redhat.com/show_bug.cgi?id=2367468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802", + "https://errata.almalinux.org/9/ALSA-2025-8655.html", + "https://errata.rockylinux.org/RLSA-2025:8655", + "https://inbox.sourceware.org/libc-announce/3ac997b0-28a5-4129-af53-675efe4c2dec@redhat.com/T/#u", + "https://linux.oracle.com/cve/CVE-2025-4802.html", + "https://linux.oracle.com/errata/ELSA-2025-8686.html", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00033.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4802", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32976", + "https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e", + "https://sourceware.org/cgit/glibc/commit/?id=5451fa962cd0a90a0e2ec1d8910a559ace02bba0", + "https://ubuntu.com/security/notices/USN-7541-1", + "https://www.cve.org/CVERecord?id=CVE-2025-4802", + "https://www.openwall.com/lists/oss-security/2025/05/16/7", + "https://www.openwall.com/lists/oss-security/2025/05/17/2" + ], + "PublishedDate": "2025-05-16T20:15:22.28Z", + "LastModifiedDate": "2025-11-03T20:19:11.153Z" + }, + { + "VulnerabilityID": "CVE-2024-2961", + "PkgID": "libc6@2.31-0ubuntu9.9", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "6938ab7eef7e556c" + }, + "InstalledVersion": "2.31-0ubuntu9.9", + "FixedVersion": "2.31-0ubuntu9.15", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-2961", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:a4483c5c905c58cca72650a0ccd0f013b853cc842c0ad49280823a315385b0f8", + "Title": "glibc: Out of bounds write in iconv may lead to remote code execution", + "Description": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/04/17/9", + "http://www.openwall.com/lists/oss-security/2024/04/18/4", + "http://www.openwall.com/lists/oss-security/2024/04/24/2", + "http://www.openwall.com/lists/oss-security/2024/05/27/1", + "http://www.openwall.com/lists/oss-security/2024/05/27/2", + "http://www.openwall.com/lists/oss-security/2024/05/27/3", + "http://www.openwall.com/lists/oss-security/2024/05/27/4", + "http://www.openwall.com/lists/oss-security/2024/05/27/5", + "http://www.openwall.com/lists/oss-security/2024/05/27/6", + "http://www.openwall.com/lists/oss-security/2024/07/22/5", + "https://access.redhat.com/errata/RHSA-2024:3339", + "https://access.redhat.com/security/cve/CVE-2024-2961", + "https://bugzilla.redhat.com/2273404", + "https://bugzilla.redhat.com/2277202", + "https://bugzilla.redhat.com/2277204", + "https://bugzilla.redhat.com/2277205", + "https://bugzilla.redhat.com/2277206", + "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", + "https://errata.almalinux.org/9/ALSA-2024-3339.html", + "https://errata.rockylinux.org/RLSA-2024:3339", + "https://linux.oracle.com/cve/CVE-2024-2961.html", + "https://linux.oracle.com/errata/ELSA-2024-3588.html", + "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-2961", + "https://security.netapp.com/advisory/ntap-20240531-0002/", + "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004", + "https://ubuntu.com/security/notices/USN-6737-1", + "https://ubuntu.com/security/notices/USN-6737-2", + "https://ubuntu.com/security/notices/USN-6762-1", + "https://www.ambionics.io/blog/iconv-cve-2024-2961-p1", + "https://www.ambionics.io/blog/iconv-cve-2024-2961-p2", + "https://www.ambionics.io/blog/iconv-cve-2024-2961-p3", + "https://www.cve.org/CVERecord?id=CVE-2024-2961", + "https://www.openwall.com/lists/oss-security/2024/04/17/9" + ], + "PublishedDate": "2024-04-17T18:15:15.833Z", + "LastModifiedDate": "2026-05-12T12:16:34.22Z" + }, + { + "VulnerabilityID": "CVE-2024-33599", + "PkgID": "libc6@2.31-0ubuntu9.9", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "6938ab7eef7e556c" + }, + "InstalledVersion": "2.31-0ubuntu9.9", + "FixedVersion": "2.31-0ubuntu9.16", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33599", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:ba8e58b689de97b9e613def5aff744e895d3fedb00caf73b27f3085b02392a63", + "Title": "glibc: stack-based buffer overflow in netgroup cache", + "Description": "nscd: Stack-based buffer overflow in netgroup cache\n\nIf the Name Service Cache Daemon's (nscd) fixed size cache is exhausted\nby client requests then a subsequent client request for netgroup data\nmay result in a stack-based buffer overflow. This flaw was introduced\nin glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-121" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 7.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/07/22/5", + "https://access.redhat.com/errata/RHSA-2024:3339", + "https://access.redhat.com/security/cve/CVE-2024-33599", + "https://bugzilla.redhat.com/2273404", + "https://bugzilla.redhat.com/2277202", + "https://bugzilla.redhat.com/2277204", + "https://bugzilla.redhat.com/2277205", + "https://bugzilla.redhat.com/2277206", + "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", + "https://errata.almalinux.org/9/ALSA-2024-3339.html", + "https://errata.rockylinux.org/RLSA-2024:3339", + "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", + "https://linux.oracle.com/cve/CVE-2024-33599.html", + "https://linux.oracle.com/errata/ELSA-2024-3588.html", + "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-33599", + "https://security.netapp.com/advisory/ntap-20240524-0011/", + "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005", + "https://ubuntu.com/security/notices/USN-6804-1", + "https://www.cve.org/CVERecord?id=CVE-2024-33599", + "https://www.openwall.com/lists/oss-security/2024/04/24/2" + ], + "PublishedDate": "2024-05-06T20:15:11.437Z", + "LastModifiedDate": "2026-05-12T12:16:34.477Z" + }, + { + "VulnerabilityID": "CVE-2024-33600", + "PkgID": "libc6@2.31-0ubuntu9.9", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "6938ab7eef7e556c" + }, + "InstalledVersion": "2.31-0ubuntu9.9", + "FixedVersion": "2.31-0ubuntu9.16", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33600", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:17b234455a979b22bac53ca8114639e70dd26978b4d5e40875069e3441de23aa", + "Title": "glibc: null pointer dereferences after failed netgroup cache insertion", + "Description": "nscd: Null pointer crashes after notfound response\n\nIf the Name Service Cache Daemon's (nscd) cache fails to add a not-found\nnetgroup response to the cache, the client request can result in a null\npointer dereference. This flaw was introduced in glibc 2.15 when the\ncache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/07/22/5", + "https://access.redhat.com/errata/RHSA-2024:3339", + "https://access.redhat.com/security/cve/CVE-2024-33600", + "https://bugzilla.redhat.com/2273404", + "https://bugzilla.redhat.com/2277202", + "https://bugzilla.redhat.com/2277204", + "https://bugzilla.redhat.com/2277205", + "https://bugzilla.redhat.com/2277206", + "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", + "https://errata.almalinux.org/9/ALSA-2024-3339.html", + "https://errata.rockylinux.org/RLSA-2024:3339", + "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", + "https://linux.oracle.com/cve/CVE-2024-33600.html", + "https://linux.oracle.com/errata/ELSA-2024-3588.html", + "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-33600", + "https://security.netapp.com/advisory/ntap-20240524-0013/", + "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006", + "https://ubuntu.com/security/notices/USN-6804-1", + "https://www.cve.org/CVERecord?id=CVE-2024-33600", + "https://www.openwall.com/lists/oss-security/2024/04/24/2" + ], + "PublishedDate": "2024-05-06T20:15:11.523Z", + "LastModifiedDate": "2026-05-12T12:16:34.687Z" + }, + { + "VulnerabilityID": "CVE-2024-33601", + "PkgID": "libc6@2.31-0ubuntu9.9", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "6938ab7eef7e556c" + }, + "InstalledVersion": "2.31-0ubuntu9.9", + "FixedVersion": "2.31-0ubuntu9.16", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33601", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:6f15f413c0efd0602a23f01c4c2cc251ebb66e853063810e34e7667e480a6a0c", + "Title": "glibc: netgroup cache may terminate daemon on memory allocation failure", + "Description": "nscd: netgroup cache may terminate daemon on memory allocation failure\n\nThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients. The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-617" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/07/22/5", + "https://access.redhat.com/errata/RHSA-2024:3339", + "https://access.redhat.com/security/cve/CVE-2024-33601", + "https://bugzilla.redhat.com/2273404", + "https://bugzilla.redhat.com/2277202", + "https://bugzilla.redhat.com/2277204", + "https://bugzilla.redhat.com/2277205", + "https://bugzilla.redhat.com/2277206", + "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", + "https://errata.almalinux.org/9/ALSA-2024-3339.html", + "https://errata.rockylinux.org/RLSA-2024:3339", + "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", + "https://linux.oracle.com/cve/CVE-2024-33601.html", + "https://linux.oracle.com/errata/ELSA-2024-3588.html", + "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-33601", + "https://security.netapp.com/advisory/ntap-20240524-0014/", + "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007", + "https://ubuntu.com/security/notices/USN-6804-1", + "https://www.cve.org/CVERecord?id=CVE-2024-33601", + "https://www.openwall.com/lists/oss-security/2024/04/24/2" + ], + "PublishedDate": "2024-05-06T20:15:11.603Z", + "LastModifiedDate": "2026-05-12T12:16:34.87Z" + }, + { + "VulnerabilityID": "CVE-2024-33602", + "PkgID": "libc6@2.31-0ubuntu9.9", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "6938ab7eef7e556c" + }, + "InstalledVersion": "2.31-0ubuntu9.9", + "FixedVersion": "2.31-0ubuntu9.16", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33602", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:a36507878d8eebf931b3feaa4fa907fc7f18bd0aadec0f0cef7247a2c3267333", + "Title": "glibc: netgroup cache assumes NSS callback uses in-buffer strings", + "Description": "nscd: netgroup cache assumes NSS callback uses in-buffer strings\n\nThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory\nwhen the NSS callback does not store all strings in the provided buffer.\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-466" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/07/22/5", + "https://access.redhat.com/errata/RHSA-2024:3339", + "https://access.redhat.com/security/cve/CVE-2024-33602", + "https://bugzilla.redhat.com/2273404", + "https://bugzilla.redhat.com/2277202", + "https://bugzilla.redhat.com/2277204", + "https://bugzilla.redhat.com/2277205", + "https://bugzilla.redhat.com/2277206", + "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", + "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", + "https://errata.almalinux.org/9/ALSA-2024-3339.html", + "https://errata.rockylinux.org/RLSA-2024:3339", + "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", + "https://linux.oracle.com/cve/CVE-2024-33602.html", + "https://linux.oracle.com/errata/ELSA-2024-3588.html", + "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-33602", + "https://security.netapp.com/advisory/ntap-20240524-0012/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=31680", + "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008", + "https://ubuntu.com/security/notices/USN-6804-1", + "https://www.cve.org/CVERecord?id=CVE-2024-33602", + "https://www.openwall.com/lists/oss-security/2024/04/24/2" + ], + "PublishedDate": "2024-05-06T20:15:11.68Z", + "LastModifiedDate": "2026-05-12T12:16:35.07Z" + }, + { + "VulnerabilityID": "CVE-2025-0395", + "PkgID": "libc6@2.31-0ubuntu9.9", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "6938ab7eef7e556c" + }, + "InstalledVersion": "2.31-0ubuntu9.9", + "FixedVersion": "2.31-0ubuntu9.17", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0395", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:25646668e82b3be8e55b17cceaf3d35499ed8da2c4075e14cbaa3e1dbf758b35", + "Title": "glibc: buffer overflow in the GNU C Library's assert()", + "Description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-131" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 1, + "cbl-mariner": 1, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/01/22/4", + "http://www.openwall.com/lists/oss-security/2025/01/23/2", + "http://www.openwall.com/lists/oss-security/2025/04/13/1", + "http://www.openwall.com/lists/oss-security/2025/04/24/7", + "https://access.redhat.com/errata/RHSA-2025:4244", + "https://access.redhat.com/security/cve/CVE-2025-0395", + "https://bugzilla.redhat.com/2339460", + "https://bugzilla.redhat.com/show_bug.cgi?id=2339460", + "https://cert-portal.siemens.com/productcert/html/ssa-398330.html", + "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0395", + "https://errata.almalinux.org/9/ALSA-2025-4244.html", + "https://errata.rockylinux.org/RLSA-2025:4244", + "https://linux.oracle.com/cve/CVE-2025-0395.html", + "https://linux.oracle.com/errata/ELSA-2025-4244.html", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00039.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-0395", + "https://security.netapp.com/advisory/ntap-20250228-0006/", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32582", + "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001", + "https://sourceware.org/pipermail/libc-announce/2025/000044.html", + "https://ubuntu.com/security/notices/USN-7259-1", + "https://ubuntu.com/security/notices/USN-7259-2", + "https://ubuntu.com/security/notices/USN-7259-3", + "https://www.cve.org/CVERecord?id=CVE-2025-0395", + "https://www.openwall.com/lists/oss-security/2025/01/22/4" + ], + "PublishedDate": "2025-01-22T13:15:20.933Z", + "LastModifiedDate": "2026-05-12T13:16:27.947Z" + }, + { + "VulnerabilityID": "CVE-2025-4802", + "PkgID": "libc6@2.31-0ubuntu9.9", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "6938ab7eef7e556c" + }, + "InstalledVersion": "2.31-0ubuntu9.9", + "FixedVersion": "2.31-0ubuntu9.18", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4802", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:04a137b9e7256443c0e3870e0e442da747c4cb0130e5a4d342fbe5c3935667c1", + "Title": "glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH", + "Description": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-426" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/16/7", + "http://www.openwall.com/lists/oss-security/2025/05/17/2", + "https://access.redhat.com/errata/RHSA-2025:8655", + "https://access.redhat.com/security/cve/CVE-2025-4802", + "https://bugzilla.redhat.com/2367468", + "https://bugzilla.redhat.com/show_bug.cgi?id=2367468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802", + "https://errata.almalinux.org/9/ALSA-2025-8655.html", + "https://errata.rockylinux.org/RLSA-2025:8655", + "https://inbox.sourceware.org/libc-announce/3ac997b0-28a5-4129-af53-675efe4c2dec@redhat.com/T/#u", + "https://linux.oracle.com/cve/CVE-2025-4802.html", + "https://linux.oracle.com/errata/ELSA-2025-8686.html", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00033.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4802", + "https://sourceware.org/bugzilla/show_bug.cgi?id=32976", + "https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e", + "https://sourceware.org/cgit/glibc/commit/?id=5451fa962cd0a90a0e2ec1d8910a559ace02bba0", + "https://ubuntu.com/security/notices/USN-7541-1", + "https://www.cve.org/CVERecord?id=CVE-2025-4802", + "https://www.openwall.com/lists/oss-security/2025/05/16/7", + "https://www.openwall.com/lists/oss-security/2025/05/17/2" + ], + "PublishedDate": "2025-05-16T20:15:22.28Z", + "LastModifiedDate": "2025-11-03T20:19:11.153Z" + }, + { + "VulnerabilityID": "CVE-2023-2603", + "PkgID": "libcap2@1:2.32-1", + "PkgName": "libcap2", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libcap2@2.32-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "f3ac8127b4642fab" + }, + "InstalledVersion": "1:2.32-1", + "FixedVersion": "1:2.32-1ubuntu0.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2603", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:1b3dac737ee463f4476c95ca96f0adfdebc0dbd9971dd2cb4a9d2bbaf607d5aa", + "Title": "libcap: Integer Overflow in _libcap_strdup()", + "Description": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "alma": 2, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:5071", + "https://access.redhat.com/security/cve/CVE-2023-2603", + "https://bugzilla.redhat.com/2209113", + "https://bugzilla.redhat.com/2209114", + "https://bugzilla.redhat.com/show_bug.cgi?id=2209113", + "https://bugzilla.redhat.com/show_bug.cgi?id=2209114", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2602", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2603", + "https://errata.almalinux.org/9/ALSA-2023-5071.html", + "https://errata.rockylinux.org/RLSA-2023:4524", + "https://linux.oracle.com/cve/CVE-2023-2603.html", + "https://linux.oracle.com/errata/ELSA-2023-5071.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2603", + "https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe", + "https://ubuntu.com/security/notices/USN-6166-1", + "https://ubuntu.com/security/notices/USN-6166-2", + "https://www.cve.org/CVERecord?id=CVE-2023-2603", + "https://www.openwall.com/lists/oss-security/2023/05/15/4", + "https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf" + ], + "PublishedDate": "2023-06-06T20:15:13.187Z", + "LastModifiedDate": "2025-12-02T21:15:51.163Z" + }, + { + "VulnerabilityID": "CVE-2025-1390", + "PkgID": "libcap2@1:2.32-1", + "PkgName": "libcap2", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libcap2@2.32-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "f3ac8127b4642fab" + }, + "InstalledVersion": "1:2.32-1", + "FixedVersion": "1:2.32-1ubuntu0.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:8446c0d98f147a632b0f8b18c4ff9c0e714945af931829fbb2754df903a5152b", + "Title": "libcap: pam_cap: Fix potential configuration parsing error", + "Description": "The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-284" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1390", + "https://bugzilla.openanolis.cn/show_bug.cgi?id=18804", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1390", + "https://ubuntu.com/security/notices/USN-7287-1", + "https://www.cve.org/CVERecord?id=CVE-2025-1390" + ], + "PublishedDate": "2025-02-18T03:15:10.447Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2023-2603", + "PkgID": "libcap2-bin@1:2.32-1", + "PkgName": "libcap2-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libcap2-bin@2.32-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "e90e2456a8d78be" + }, + "InstalledVersion": "1:2.32-1", + "FixedVersion": "1:2.32-1ubuntu0.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2603", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:50cf6604bf4a3ad601aff7496250206abf136607ce27b2daadd7ab0171d8e185", + "Title": "libcap: Integer Overflow in _libcap_strdup()", + "Description": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "alma": 2, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:5071", + "https://access.redhat.com/security/cve/CVE-2023-2603", + "https://bugzilla.redhat.com/2209113", + "https://bugzilla.redhat.com/2209114", + "https://bugzilla.redhat.com/show_bug.cgi?id=2209113", + "https://bugzilla.redhat.com/show_bug.cgi?id=2209114", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2602", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2603", + "https://errata.almalinux.org/9/ALSA-2023-5071.html", + "https://errata.rockylinux.org/RLSA-2023:4524", + "https://linux.oracle.com/cve/CVE-2023-2603.html", + "https://linux.oracle.com/errata/ELSA-2023-5071.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2603", + "https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe", + "https://ubuntu.com/security/notices/USN-6166-1", + "https://ubuntu.com/security/notices/USN-6166-2", + "https://www.cve.org/CVERecord?id=CVE-2023-2603", + "https://www.openwall.com/lists/oss-security/2023/05/15/4", + "https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf" + ], + "PublishedDate": "2023-06-06T20:15:13.187Z", + "LastModifiedDate": "2025-12-02T21:15:51.163Z" + }, + { + "VulnerabilityID": "CVE-2025-1390", + "PkgID": "libcap2-bin@1:2.32-1", + "PkgName": "libcap2-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libcap2-bin@2.32-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", + "UID": "e90e2456a8d78be" + }, + "InstalledVersion": "1:2.32-1", + "FixedVersion": "1:2.32-1ubuntu0.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1390", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:1ec65cfbf2954b014fdbb47ced333986079f68d2aeffbb65570e6fc58963eee9", + "Title": "libcap: pam_cap: Fix potential configuration parsing error", + "Description": "The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-284" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-1390", + "https://bugzilla.openanolis.cn/show_bug.cgi?id=18804", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1390", + "https://ubuntu.com/security/notices/USN-7287-1", + "https://www.cve.org/CVERecord?id=CVE-2025-1390" + ], + "PublishedDate": "2025-02-18T03:15:10.447Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2020-21047", + "PkgID": "libelf1@0.176-1.1build1", + "PkgName": "libelf1", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libelf1@0.176-1.1build1?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a3374c93655a9823" + }, + "InstalledVersion": "0.176-1.1build1", + "FixedVersion": "0.176-1.1ubuntu0.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-21047", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:54a621d5128ff9d0541636414038349a61eb16b968995815f3d016300795e2b3", + "Title": "The libcpu component which is used by libasm of elfutils version 0.177 ...", + "Description": "The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "amazon": 2, + "nvd": 2, + "photon": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://lists.debian.org/debian-lts-announce/2023/09/msg00026.html", + "https://sourceware.org/bugzilla/show_bug.cgi?id=25068", + "https://sourceware.org/git/?p=elfutils.git%3Ba=commitdiff%3Bh=99dc63b10b3878616b85df2dfd2e4e7103e414b8", + "https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=99dc63b10b3878616b85df2dfd2e4e7103e414b8", + "https://ubuntu.com/security/notices/USN-6322-1", + "https://www.cve.org/CVERecord?id=CVE-2020-21047" + ], + "PublishedDate": "2023-08-22T19:16:09.657Z", + "LastModifiedDate": "2024-11-21T05:12:23.31Z" + }, + { + "VulnerabilityID": "CVE-2024-28085", + "PkgID": "libfdisk1@2.34-0.1ubuntu9.3", + "PkgName": "libfdisk1", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libfdisk1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "d7ae8926642fd1bc" + }, + "InstalledVersion": "2.34-0.1ubuntu9.3", + "FixedVersion": "2.34-0.1ubuntu9.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:ca592a8a34aed4eef0e38e48edfed53d50f668db29c82e2e9cea90241071fe89", + "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", + "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "azure": 1, + "cbl-mariner": 1, + "photon": 1, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2024/Mar/35", + "http://www.openwall.com/lists/oss-security/2024/03/27/5", + "http://www.openwall.com/lists/oss-security/2024/03/27/6", + "http://www.openwall.com/lists/oss-security/2024/03/27/7", + "http://www.openwall.com/lists/oss-security/2024/03/27/8", + "http://www.openwall.com/lists/oss-security/2024/03/27/9", + "http://www.openwall.com/lists/oss-security/2024/03/28/1", + "http://www.openwall.com/lists/oss-security/2024/03/28/2", + "http://www.openwall.com/lists/oss-security/2024/03/28/3", + "https://access.redhat.com/security/cve/CVE-2024-28085", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", + "https://github.com/skyler-ferrante/CVE-2024-28085", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", + "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", + "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", + "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", + "https://security.netapp.com/advisory/ntap-20240531-0003/", + "https://ubuntu.com/security/notices/USN-6719-1", + "https://ubuntu.com/security/notices/USN-6719-2", + "https://www.cve.org/CVERecord?id=CVE-2024-28085", + "https://www.openwall.com/lists/oss-security/2024/03/27/5" + ], + "PublishedDate": "2024-03-27T19:15:48.367Z", + "LastModifiedDate": "2026-05-12T12:16:33.7Z" + }, + { + "VulnerabilityID": "CVE-2023-5981", + "PkgID": "libgnutls30@3.6.13-2ubuntu1.8", + "PkgName": "libgnutls30", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libgnutls30@3.6.13-2ubuntu1.8?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "601976e667e60bf5" + }, + "InstalledVersion": "3.6.13-2ubuntu1.8", + "FixedVersion": "3.6.13-2ubuntu1.9", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-5981", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:b7a5bdd6870d925e64b2a011129e45d04c0d9b4aaa99ac8fadabdc1f39ce4e4d", + "Title": "gnutls: timing side-channel in the RSA-PSK authentication", + "Description": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-208", + "CWE-203" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/01/19/3", + "https://access.redhat.com/errata/RHSA-2024:0155", + "https://access.redhat.com/errata/RHSA-2024:0319", + "https://access.redhat.com/errata/RHSA-2024:0399", + "https://access.redhat.com/errata/RHSA-2024:0451", + "https://access.redhat.com/errata/RHSA-2024:0533", + "https://access.redhat.com/errata/RHSA-2024:1383", + "https://access.redhat.com/errata/RHSA-2024:2094", + "https://access.redhat.com/security/cve/CVE-2023-5981", + "https://bugzilla.redhat.com/2248445", + "https://bugzilla.redhat.com/2258412", + "https://bugzilla.redhat.com/2258544", + "https://bugzilla.redhat.com/show_bug.cgi?id=2248445", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5981", + "https://errata.almalinux.org/9/ALSA-2024-0533.html", + "https://errata.rockylinux.org/RLSA-2024:0155", + "https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23", + "https://linux.oracle.com/cve/CVE-2023-5981.html", + "https://linux.oracle.com/errata/ELSA-2024-12336.html", + "https://lists.debian.org/debian-lts-announce/2023/11/msg00016.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/", + "https://lists.gnupg.org/pipermail/gnutls-help/2023-November/004837.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-5981", + "https://ubuntu.com/security/notices/USN-6499-1", + "https://ubuntu.com/security/notices/USN-6499-2", + "https://www.cve.org/CVERecord?id=CVE-2023-5981" + ], + "PublishedDate": "2023-11-28T12:15:07.04Z", + "LastModifiedDate": "2026-03-25T20:01:09.507Z" + }, + { + "VulnerabilityID": "CVE-2024-0553", + "PkgID": "libgnutls30@3.6.13-2ubuntu1.8", + "PkgName": "libgnutls30", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libgnutls30@3.6.13-2ubuntu1.8?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "601976e667e60bf5" + }, + "InstalledVersion": "3.6.13-2ubuntu1.8", + "FixedVersion": "3.6.13-2ubuntu1.10", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-0553", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:1df6c7342f33be1d73a447e14069958ed1c973b417b3d949fe608e486ab9453f", + "Title": "gnutls: incomplete fix for CVE-2023-5981", + "Description": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-203" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/01/19/3", + "https://access.redhat.com/errata/RHSA-2024:0533", + "https://access.redhat.com/errata/RHSA-2024:0627", + "https://access.redhat.com/errata/RHSA-2024:0796", + "https://access.redhat.com/errata/RHSA-2024:1082", + "https://access.redhat.com/errata/RHSA-2024:1108", + "https://access.redhat.com/errata/RHSA-2024:1383", + "https://access.redhat.com/errata/RHSA-2024:2094", + "https://access.redhat.com/security/cve/CVE-2024-0553", + "https://bugzilla.redhat.com/2248445", + "https://bugzilla.redhat.com/2258412", + "https://bugzilla.redhat.com/2258544", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258412", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0553", + "https://errata.almalinux.org/9/ALSA-2024-0533.html", + "https://errata.rockylinux.org/RLSA-2024:0627", + "https://gitlab.com/gnutls/gnutls/-/issues/1522", + "https://gnutls.org/security-new.html#GNUTLS-SA-2024-01-14", + "https://linux.oracle.com/cve/CVE-2024-0553.html", + "https://linux.oracle.com/errata/ELSA-2024-12336.html", + "https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/", + "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-0553", + "https://security.netapp.com/advisory/ntap-20240202-0011/", + "https://ubuntu.com/security/notices/USN-6593-1", + "https://www.cve.org/CVERecord?id=CVE-2024-0553" + ], + "PublishedDate": "2024-01-16T12:15:45.557Z", + "LastModifiedDate": "2026-03-24T12:16:10.683Z" + }, + { + "VulnerabilityID": "CVE-2024-12243", + "PkgID": "libgnutls30@3.6.13-2ubuntu1.8", + "PkgName": "libgnutls30", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libgnutls30@3.6.13-2ubuntu1.8?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "601976e667e60bf5" + }, + "InstalledVersion": "3.6.13-2ubuntu1.8", + "FixedVersion": "3.6.13-2ubuntu1.12", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12243", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:053a1bc135949797afd708491f67c8f9481bf892687df14212de00002f053e38", + "Title": "gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS", + "Description": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:17361", + "https://access.redhat.com/errata/RHSA-2025:4051", + "https://access.redhat.com/errata/RHSA-2025:7076", + "https://access.redhat.com/errata/RHSA-2025:8020", + "https://access.redhat.com/errata/RHSA-2025:8385", + "https://access.redhat.com/security/cve/CVE-2024-12243", + "https://bugzilla.redhat.com/2344615", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344615", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12243", + "https://errata.almalinux.org/9/ALSA-2025-7076.html", + "https://errata.rockylinux.org/RLSA-2025:7076", + "https://gitlab.com/gnutls/gnutls/-/issues/1553", + "https://gitlab.com/gnutls/libtasn1/-/issues/52", + "https://linux.oracle.com/cve/CVE-2024-12243.html", + "https://linux.oracle.com/errata/ELSA-2025-7076.html", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00027.html", + "https://lists.gnupg.org/pipermail/gnutls-help/2025-February/004875.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-12243", + "https://security.netapp.com/advisory/ntap-20250523-0002/", + "https://ubuntu.com/security/notices/USN-7281-1", + "https://www.cve.org/CVERecord?id=CVE-2024-12243", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-02-07" + ], + "PublishedDate": "2025-02-10T16:15:37.423Z", + "LastModifiedDate": "2026-05-12T12:16:17.007Z" + }, + { + "VulnerabilityID": "CVE-2024-28834", + "PkgID": "libgnutls30@3.6.13-2ubuntu1.8", + "PkgName": "libgnutls30", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libgnutls30@3.6.13-2ubuntu1.8?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "601976e667e60bf5" + }, + "InstalledVersion": "3.6.13-2ubuntu1.8", + "FixedVersion": "3.6.13-2ubuntu1.11", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28834", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:ad1200dea4e8c648e5db545bbfd27658dc9ab16f6305f99f949ec7463cf05ad7", + "Title": "gnutls: vulnerable to Minerva side-channel information leak", + "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-327" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/22/1", + "http://www.openwall.com/lists/oss-security/2024/03/22/2", + "https://access.redhat.com/errata/RHSA-2024:1784", + "https://access.redhat.com/errata/RHSA-2024:1879", + "https://access.redhat.com/errata/RHSA-2024:1997", + "https://access.redhat.com/errata/RHSA-2024:2044", + "https://access.redhat.com/errata/RHSA-2024:2570", + "https://access.redhat.com/errata/RHSA-2024:2889", + "https://access.redhat.com/security/cve/CVE-2024-28834", + "https://bugzilla.redhat.com/2269084", + "https://bugzilla.redhat.com/2269228", + "https://bugzilla.redhat.com/show_bug.cgi?id=2269084", + "https://bugzilla.redhat.com/show_bug.cgi?id=2269228", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28834", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28835", + "https://errata.almalinux.org/9/ALSA-2024-2570.html", + "https://errata.rockylinux.org/RLSA-2024:2570", + "https://linux.oracle.com/cve/CVE-2024-28834.html", + "https://linux.oracle.com/errata/ELSA-2024-2570.html", + "https://lists.debian.org/debian-lts-announce/2024/09/msg00019.html", + "https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html", + "https://minerva.crocs.fi.muni.cz/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-28834", + "https://people.redhat.com/~hkario/marvin/", + "https://security.netapp.com/advisory/ntap-20240524-0004/", + "https://ubuntu.com/security/notices/USN-6733-1", + "https://ubuntu.com/security/notices/USN-6733-2", + "https://www.cve.org/CVERecord?id=CVE-2024-28834", + "https://www.gnutls.org/security-new.html#GNUTLS-SA-2023-12-04" + ], + "PublishedDate": "2024-03-21T14:15:07.547Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-28085", + "PkgID": "libmount1@2.34-0.1ubuntu9.3", + "PkgName": "libmount1", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libmount1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "149aad062a67d915" + }, + "InstalledVersion": "2.34-0.1ubuntu9.3", + "FixedVersion": "2.34-0.1ubuntu9.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:d58cd328ba4a3a8620b7b3c682a503228a03967b24d01d65c1d2a1f183919ecd", + "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", + "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "azure": 1, + "cbl-mariner": 1, + "photon": 1, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2024/Mar/35", + "http://www.openwall.com/lists/oss-security/2024/03/27/5", + "http://www.openwall.com/lists/oss-security/2024/03/27/6", + "http://www.openwall.com/lists/oss-security/2024/03/27/7", + "http://www.openwall.com/lists/oss-security/2024/03/27/8", + "http://www.openwall.com/lists/oss-security/2024/03/27/9", + "http://www.openwall.com/lists/oss-security/2024/03/28/1", + "http://www.openwall.com/lists/oss-security/2024/03/28/2", + "http://www.openwall.com/lists/oss-security/2024/03/28/3", + "https://access.redhat.com/security/cve/CVE-2024-28085", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", + "https://github.com/skyler-ferrante/CVE-2024-28085", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", + "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", + "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", + "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", + "https://security.netapp.com/advisory/ntap-20240531-0003/", + "https://ubuntu.com/security/notices/USN-6719-1", + "https://ubuntu.com/security/notices/USN-6719-2", + "https://www.cve.org/CVERecord?id=CVE-2024-28085", + "https://www.openwall.com/lists/oss-security/2024/03/27/5" + ], + "PublishedDate": "2024-03-27T19:15:48.367Z", + "LastModifiedDate": "2026-05-12T12:16:33.7Z" + }, + { + "VulnerabilityID": "CVE-2023-29491", + "PkgID": "libncurses6@6.2-0ubuntu2", + "PkgName": "libncurses6", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libncurses6@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "daf9ae3f810ae3f0" + }, + "InstalledVersion": "6.2-0ubuntu2", + "FixedVersion": "6.2-0ubuntu2.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:c17ef77e3337af3e0c82132a6e10585d996ce4ebaa3abdac8b912046b6e1a383", + "Title": "ncurses: Local users can trigger security-relevant memory corruption via malformed data", + "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", + "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", + "http://www.openwall.com/lists/oss-security/2023/04/19/10", + "http://www.openwall.com/lists/oss-security/2023/04/19/11", + "https://access.redhat.com/errata/RHSA-2023:6698", + "https://access.redhat.com/security/cve/CVE-2023-29491", + "https://bugzilla.redhat.com/2191704", + "https://errata.almalinux.org/9/ALSA-2023-6698.html", + "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", + "https://linux.oracle.com/cve/CVE-2023-29491.html", + "https://linux.oracle.com/errata/ELSA-2023-6698.html", + "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", + "https://security.netapp.com/advisory/ntap-20230517-0009/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845", + "https://ubuntu.com/security/notices/USN-6099-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29491", + "https://www.openwall.com/lists/oss-security/2023/04/12/5", + "https://www.openwall.com/lists/oss-security/2023/04/13/4" + ], + "PublishedDate": "2023-04-14T01:15:08.57Z", + "LastModifiedDate": "2025-11-04T19:15:42.307Z" + }, + { + "VulnerabilityID": "CVE-2023-29491", + "PkgID": "libncursesw6@6.2-0ubuntu2", + "PkgName": "libncursesw6", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libncursesw6@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "dca50c9cdd5fdd35" + }, + "InstalledVersion": "6.2-0ubuntu2", + "FixedVersion": "6.2-0ubuntu2.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:300f996cb37a8b19355d852145b2afc1698895332f75bfb67a4ff9f41e7e4a70", + "Title": "ncurses: Local users can trigger security-relevant memory corruption via malformed data", + "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", + "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", + "http://www.openwall.com/lists/oss-security/2023/04/19/10", + "http://www.openwall.com/lists/oss-security/2023/04/19/11", + "https://access.redhat.com/errata/RHSA-2023:6698", + "https://access.redhat.com/security/cve/CVE-2023-29491", + "https://bugzilla.redhat.com/2191704", + "https://errata.almalinux.org/9/ALSA-2023-6698.html", + "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", + "https://linux.oracle.com/cve/CVE-2023-29491.html", + "https://linux.oracle.com/errata/ELSA-2023-6698.html", + "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", + "https://security.netapp.com/advisory/ntap-20230517-0009/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845", + "https://ubuntu.com/security/notices/USN-6099-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29491", + "https://www.openwall.com/lists/oss-security/2023/04/12/5", + "https://www.openwall.com/lists/oss-security/2023/04/13/4" + ], + "PublishedDate": "2023-04-14T01:15:08.57Z", + "LastModifiedDate": "2025-11-04T19:15:42.307Z" + }, + { + "VulnerabilityID": "CVE-2024-22365", + "PkgID": "libpam-modules@1.3.1-5ubuntu4.6", + "PkgName": "libpam-modules", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libpam-modules@1.3.1-5ubuntu4.6?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "8238c76ab6208fd" + }, + "InstalledVersion": "1.3.1-5ubuntu4.6", + "FixedVersion": "1.3.1-5ubuntu4.7", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:a03f2ae9a99b374e08cc99118b1f0a1db05124c307c5e0c4fd5522304a1d61db", + "Title": "pam: allowing unprivileged user to block another user namespace", + "Description": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-664" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 1, + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/01/18/3", + "https://access.redhat.com/errata/RHSA-2024:2438", + "https://access.redhat.com/security/cve/CVE-2024-22365", + "https://bugzilla.redhat.com/2257722", + "https://bugzilla.redhat.com/show_bug.cgi?id=2257722", + "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", + "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22365", + "https://errata.almalinux.org/9/ALSA-2024-2438.html", + "https://errata.rockylinux.org/RLSA-2024:3163", + "https://github.com/linux-pam/linux-pam", + "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb", + "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0", + "https://linux.oracle.com/cve/CVE-2024-22365.html", + "https://linux.oracle.com/errata/ELSA-2024-3163.html", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-22365", + "https://ubuntu.com/security/notices/USN-6588-1", + "https://ubuntu.com/security/notices/USN-6588-2", + "https://www.cve.org/CVERecord?id=CVE-2024-22365", + "https://www.openwall.com/lists/oss-security/2024/01/18/3" + ], + "PublishedDate": "2024-02-06T08:15:52.203Z", + "LastModifiedDate": "2026-05-12T12:16:17.363Z" + }, + { + "VulnerabilityID": "CVE-2024-22365", + "PkgID": "libpam-modules-bin@1.3.1-5ubuntu4.6", + "PkgName": "libpam-modules-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libpam-modules-bin@1.3.1-5ubuntu4.6?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "92c88fd5e3403ef2" + }, + "InstalledVersion": "1.3.1-5ubuntu4.6", + "FixedVersion": "1.3.1-5ubuntu4.7", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:1e515484b616575eb85086cba33c1316a74b048f516f8cc823056666c60a60f5", + "Title": "pam: allowing unprivileged user to block another user namespace", + "Description": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-664" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 1, + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/01/18/3", + "https://access.redhat.com/errata/RHSA-2024:2438", + "https://access.redhat.com/security/cve/CVE-2024-22365", + "https://bugzilla.redhat.com/2257722", + "https://bugzilla.redhat.com/show_bug.cgi?id=2257722", + "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", + "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22365", + "https://errata.almalinux.org/9/ALSA-2024-2438.html", + "https://errata.rockylinux.org/RLSA-2024:3163", + "https://github.com/linux-pam/linux-pam", + "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb", + "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0", + "https://linux.oracle.com/cve/CVE-2024-22365.html", + "https://linux.oracle.com/errata/ELSA-2024-3163.html", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-22365", + "https://ubuntu.com/security/notices/USN-6588-1", + "https://ubuntu.com/security/notices/USN-6588-2", + "https://www.cve.org/CVERecord?id=CVE-2024-22365", + "https://www.openwall.com/lists/oss-security/2024/01/18/3" + ], + "PublishedDate": "2024-02-06T08:15:52.203Z", + "LastModifiedDate": "2026-05-12T12:16:17.363Z" + }, + { + "VulnerabilityID": "CVE-2024-22365", + "PkgID": "libpam-runtime@1.3.1-5ubuntu4.6", + "PkgName": "libpam-runtime", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libpam-runtime@1.3.1-5ubuntu4.6?arch=all\u0026distro=ubuntu-20.04", + "UID": "815077e96d38fc4a" + }, + "InstalledVersion": "1.3.1-5ubuntu4.6", + "FixedVersion": "1.3.1-5ubuntu4.7", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:a606e3839ff7ec9ec9e605b5b0d975838b3a372cb16312ef45bfe5dbeef3554e", + "Title": "pam: allowing unprivileged user to block another user namespace", + "Description": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-664" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 1, + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/01/18/3", + "https://access.redhat.com/errata/RHSA-2024:2438", + "https://access.redhat.com/security/cve/CVE-2024-22365", + "https://bugzilla.redhat.com/2257722", + "https://bugzilla.redhat.com/show_bug.cgi?id=2257722", + "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", + "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22365", + "https://errata.almalinux.org/9/ALSA-2024-2438.html", + "https://errata.rockylinux.org/RLSA-2024:3163", + "https://github.com/linux-pam/linux-pam", + "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb", + "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0", + "https://linux.oracle.com/cve/CVE-2024-22365.html", + "https://linux.oracle.com/errata/ELSA-2024-3163.html", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-22365", + "https://ubuntu.com/security/notices/USN-6588-1", + "https://ubuntu.com/security/notices/USN-6588-2", + "https://www.cve.org/CVERecord?id=CVE-2024-22365", + "https://www.openwall.com/lists/oss-security/2024/01/18/3" + ], + "PublishedDate": "2024-02-06T08:15:52.203Z", + "LastModifiedDate": "2026-05-12T12:16:17.363Z" + }, + { + "VulnerabilityID": "CVE-2024-22365", + "PkgID": "libpam0g@1.3.1-5ubuntu4.6", + "PkgName": "libpam0g", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libpam0g@1.3.1-5ubuntu4.6?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "65460bc2f0872763" + }, + "InstalledVersion": "1.3.1-5ubuntu4.6", + "FixedVersion": "1.3.1-5ubuntu4.7", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:3b1a8c54fc9d867d0adc15cda701f3f0ffaace3d8cad138262619870974f91f0", + "Title": "pam: allowing unprivileged user to block another user namespace", + "Description": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-664" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 1, + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/01/18/3", + "https://access.redhat.com/errata/RHSA-2024:2438", + "https://access.redhat.com/security/cve/CVE-2024-22365", + "https://bugzilla.redhat.com/2257722", + "https://bugzilla.redhat.com/show_bug.cgi?id=2257722", + "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", + "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22365", + "https://errata.almalinux.org/9/ALSA-2024-2438.html", + "https://errata.rockylinux.org/RLSA-2024:3163", + "https://github.com/linux-pam/linux-pam", + "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb", + "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0", + "https://linux.oracle.com/cve/CVE-2024-22365.html", + "https://linux.oracle.com/errata/ELSA-2024-3163.html", + "https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-22365", + "https://ubuntu.com/security/notices/USN-6588-1", + "https://ubuntu.com/security/notices/USN-6588-2", + "https://www.cve.org/CVERecord?id=CVE-2024-22365", + "https://www.openwall.com/lists/oss-security/2024/01/18/3" + ], + "PublishedDate": "2024-02-06T08:15:52.203Z", + "LastModifiedDate": "2026-05-12T12:16:17.363Z" + }, + { + "VulnerabilityID": "CVE-2023-31484", + "PkgID": "libperl5.30@5.30.0-9ubuntu0.3", + "PkgName": "libperl5.30", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libperl5.30@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a3acb4d09929d454" + }, + "InstalledVersion": "5.30.0-9ubuntu0.3", + "FixedVersion": "5.30.0-9ubuntu0.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31484", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:35cbc69f39d5cc2eb7edbeaa87027fa6a982b93a0e70308cd765782db965f9c5", + "Title": "perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS", + "Description": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/04/29/1", + "http://www.openwall.com/lists/oss-security/2023/05/03/3", + "http://www.openwall.com/lists/oss-security/2023/05/03/5", + "http://www.openwall.com/lists/oss-security/2023/05/07/2", + "https://access.redhat.com/errata/RHSA-2023:6539", + "https://access.redhat.com/security/cve/CVE-2023-31484", + "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/", + "https://bugzilla.redhat.com/2218667", + "https://bugzilla.redhat.com/show_bug.cgi?id=2218667", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31484", + "https://errata.almalinux.org/9/ALSA-2023-6539.html", + "https://errata.rockylinux.org/RLSA-2023:6539", + "https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 (2.35-TRIAL)", + "https://github.com/andk/cpanpm/pull/175", + "https://linux.oracle.com/cve/CVE-2023-31484.html", + "https://linux.oracle.com/errata/ELSA-2026-0079.html", + "https://lists.debian.org/debian-lts-announce/2024/10/msg00017.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/", + "https://metacpan.org/dist/CPAN/changes", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31484", + "https://security.netapp.com/advisory/ntap-20240621-0007/", + "https://ubuntu.com/security/notices/USN-6112-1", + "https://ubuntu.com/security/notices/USN-6112-2", + "https://www.cve.org/CVERecord?id=CVE-2023-31484", + "https://www.openwall.com/lists/oss-security/2023/04/18/14" + ], + "PublishedDate": "2023-04-29T00:15:09Z", + "LastModifiedDate": "2025-11-03T22:16:19.47Z" + }, + { + "VulnerabilityID": "CVE-2023-47038", + "PkgID": "libperl5.30@5.30.0-9ubuntu0.3", + "PkgName": "libperl5.30", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libperl5.30@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a3acb4d09929d454" + }, + "InstalledVersion": "5.30.0-9ubuntu0.3", + "FixedVersion": "5.30.0-9ubuntu0.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-47038", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:8aaee366230042651d6d28762fe976621fc6a1e4e77cbbb1a504531d1f4f3a89", + "Title": "perl: Write past buffer end via illegal user-defined Unicode property", + "Description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "nvd": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2228", + "https://access.redhat.com/errata/RHSA-2024:3128", + "https://access.redhat.com/security/cve/CVE-2023-47038", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746", + "https://bugzilla.redhat.com/2249523", + "https://bugzilla.redhat.com/show_bug.cgi?id=2249523", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47038", + "https://errata.almalinux.org/9/ALSA-2024-2228.html", + "https://errata.rockylinux.org/RLSA-2024:2228", + "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010", + "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6", + "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3", + "https://github.com/aquasecurity/trivy/discussions/8400", + "https://linux.oracle.com/cve/CVE-2023-47038.html", + "https://linux.oracle.com/errata/ELSA-2024-3128.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMDZZ4SCEW6FRWZDMXGAKZ35THTAWFG6/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-47038", + "https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property", + "https://ubuntu.com/security/CVE-2023-47100", + "https://ubuntu.com/security/notices/USN-6517-1", + "https://www.cve.org/CVERecord?id=CVE-2023-47038", + "https://www.suse.com/security/cve/CVE-2023-47100.html" + ], + "PublishedDate": "2023-12-18T14:15:08.933Z", + "LastModifiedDate": "2025-11-04T19:16:05.573Z" + }, + { + "VulnerabilityID": "CVE-2024-28085", + "PkgID": "libsmartcols1@2.34-0.1ubuntu9.3", + "PkgName": "libsmartcols1", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libsmartcols1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e0fe2b0ba0e3d931" + }, + "InstalledVersion": "2.34-0.1ubuntu9.3", + "FixedVersion": "2.34-0.1ubuntu9.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:73f04dd6b4e03922d44eb3bc8d6ba47d23909833555cf6698863f5d900d161d6", + "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", + "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "azure": 1, + "cbl-mariner": 1, + "photon": 1, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2024/Mar/35", + "http://www.openwall.com/lists/oss-security/2024/03/27/5", + "http://www.openwall.com/lists/oss-security/2024/03/27/6", + "http://www.openwall.com/lists/oss-security/2024/03/27/7", + "http://www.openwall.com/lists/oss-security/2024/03/27/8", + "http://www.openwall.com/lists/oss-security/2024/03/27/9", + "http://www.openwall.com/lists/oss-security/2024/03/28/1", + "http://www.openwall.com/lists/oss-security/2024/03/28/2", + "http://www.openwall.com/lists/oss-security/2024/03/28/3", + "https://access.redhat.com/security/cve/CVE-2024-28085", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", + "https://github.com/skyler-ferrante/CVE-2024-28085", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", + "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", + "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", + "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", + "https://security.netapp.com/advisory/ntap-20240531-0003/", + "https://ubuntu.com/security/notices/USN-6719-1", + "https://ubuntu.com/security/notices/USN-6719-2", + "https://www.cve.org/CVERecord?id=CVE-2024-28085", + "https://www.openwall.com/lists/oss-security/2024/03/27/5" + ], + "PublishedDate": "2024-03-27T19:15:48.367Z", + "LastModifiedDate": "2026-05-12T12:16:33.7Z" + }, + { + "VulnerabilityID": "CVE-2023-7104", + "PkgID": "libsqlite3-0@3.31.1-4ubuntu0.5", + "PkgName": "libsqlite3-0", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libsqlite3-0@3.31.1-4ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a3370ed119e5344f" + }, + "InstalledVersion": "3.31.1-4ubuntu0.5", + "FixedVersion": "3.31.1-4ubuntu0.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-7104", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:a7ef5fdd30f5253a93ae8132db5595e51c01c28bfc92f346ae8e8df81740218c", + "Title": "sqlite: heap-buffer-overflow at sessionfuzz", + "Description": "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122", + "CWE-119" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:0465", + "https://access.redhat.com/security/cve/CVE-2023-7104", + "https://bugzilla.redhat.com/2256194", + "https://bugzilla.redhat.com/show_bug.cgi?id=2256194", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7104", + "https://errata.almalinux.org/9/ALSA-2024-0465.html", + "https://errata.rockylinux.org/RLSA-2024:0465", + "https://linux.oracle.com/cve/CVE-2023-7104.html", + "https://linux.oracle.com/errata/ELSA-2024-0465.html", + "https://lists.debian.org/debian-lts-announce/2024/09/msg00050.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-7104", + "https://security.netapp.com/advisory/ntap-20240112-0008/", + "https://sqlite.org/forum/forumpost/5bcbf4571c", + "https://sqlite.org/src/info/0e4e7a05c4204b47", + "https://ubuntu.com/security/notices/USN-6566-1", + "https://ubuntu.com/security/notices/USN-6566-2", + "https://vuldb.com/?ctiid.248999", + "https://vuldb.com/?id.248999", + "https://www.cve.org/CVERecord?id=CVE-2023-7104" + ], + "PublishedDate": "2023-12-29T10:15:13.89Z", + "LastModifiedDate": "2025-11-03T22:16:33.307Z" + }, + { + "VulnerabilityID": "CVE-2025-29088", + "PkgID": "libsqlite3-0@3.31.1-4ubuntu0.5", + "PkgName": "libsqlite3-0", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libsqlite3-0@3.31.1-4ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a3370ed119e5344f" + }, + "InstalledVersion": "3.31.1-4ubuntu0.5", + "FixedVersion": "3.31.1-4ubuntu0.7", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-29088", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:3821036529667ae99046d5980ef6b28ba44f9dc66cb6b60c703e89b0215c9b69", + "Title": "sqlite: Denial of Service in SQLite", + "Description": "In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-29088", + "https://gist.github.com/ylwango613/d3883fb9f6ba8a78086356779ce88248", + "https://github.com/sqlite/sqlite/commit/56d2fd008b108109f489339f5fd55212bb50afd4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-29088", + "https://sqlite.org/forum/forumpost/48f365daec", + "https://sqlite.org/releaselog/3_49_1.html", + "https://ubuntu.com/security/notices/USN-7528-1", + "https://ubuntu.com/security/notices/USN-7679-1", + "https://www.cve.org/CVERecord?id=CVE-2025-29088", + "https://www.sqlite.org/cves.html" + ], + "PublishedDate": "2025-04-10T14:15:27.163Z", + "LastModifiedDate": "2025-09-30T16:59:27.32Z" + }, + { + "VulnerabilityID": "CVE-2023-2650", + "PkgID": "libssl1.1@1.1.1f-1ubuntu2.17", + "PkgName": "libssl1.1", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libssl1.1@1.1.1f-1ubuntu2.17?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "b87ebee76c1b0f05" + }, + "InstalledVersion": "1.1.1f-1ubuntu2.17", + "FixedVersion": "1.1.1f-1ubuntu2.19", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2650", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:03bc9ea1810b09c88e08bb4950d3535f09ceba2f6c477a08030579ebf0936fd2", + "Title": "openssl: Possible DoS translating ASN.1 object identifiers", + "Description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/05/30/1", + "https://access.redhat.com/errata/RHSA-2023:6330", + "https://access.redhat.com/security/cve/CVE-2023-2650", + "https://bugzilla.redhat.com/1858038", + "https://bugzilla.redhat.com/2207947", + "https://errata.almalinux.org/9/ALSA-2023-6330.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a", + "https://github.com/advisories/GHSA-gqxg-9vfr-p9cg", + "https://linux.oracle.com/cve/CVE-2023-2650.html", + "https://linux.oracle.com/errata/ELSA-2023-6330.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2650", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230703-0001/", + "https://security.netapp.com/advisory/ntap-20231027-0009/", + "https://ubuntu.com/security/notices/USN-6119-1", + "https://ubuntu.com/security/notices/USN-6188-1", + "https://ubuntu.com/security/notices/USN-6672-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-2650", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230530.txt" + ], + "PublishedDate": "2023-05-30T14:15:09.683Z", + "LastModifiedDate": "2025-03-19T16:15:21.89Z" + }, + { + "VulnerabilityID": "CVE-2024-12133", + "PkgID": "libtasn1-6@4.16.0-2", + "PkgName": "libtasn1-6", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libtasn1-6@4.16.0-2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "1f3fac8fa7795921" + }, + "InstalledVersion": "4.16.0-2", + "FixedVersion": "4.16.0-2ubuntu0.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12133", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:cbdd707e25661c3cfe25b7a620ec346f4c9f8334bfb694ba5bfaee373639a856", + "Title": "libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS", + "Description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/02/06/6", + "https://access.redhat.com/errata/RHSA-2025:17347", + "https://access.redhat.com/errata/RHSA-2025:4049", + "https://access.redhat.com/errata/RHSA-2025:7077", + "https://access.redhat.com/errata/RHSA-2025:8021", + "https://access.redhat.com/errata/RHSA-2025:8385", + "https://access.redhat.com/security/cve/CVE-2024-12133", + "https://bugzilla.redhat.com/2344611", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344611", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12133", + "https://errata.almalinux.org/9/ALSA-2025-7077.html", + "https://errata.rockylinux.org/RLSA-2025:7077", + "https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md", + "https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md?ref_type=heads", + "https://gitlab.com/gnutls/libtasn1/-/issues/52", + "https://linux.oracle.com/cve/CVE-2024-12133.html", + "https://linux.oracle.com/errata/ELSA-2025-7077.html", + "https://lists.debian.org/debian-lts-announce/2025/02/msg00025.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-12133", + "https://security.netapp.com/advisory/ntap-20250523-0003/", + "https://ubuntu.com/security/notices/USN-7275-1", + "https://ubuntu.com/security/notices/USN-7275-2", + "https://www.cve.org/CVERecord?id=CVE-2024-12133" + ], + "PublishedDate": "2025-02-10T16:15:37.26Z", + "LastModifiedDate": "2026-05-12T12:16:16.793Z" + }, + { + "VulnerabilityID": "CVE-2023-29491", + "PkgID": "libtinfo6@6.2-0ubuntu2", + "PkgName": "libtinfo6", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libtinfo6@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "a7882c12b2088277" + }, + "InstalledVersion": "6.2-0ubuntu2", + "FixedVersion": "6.2-0ubuntu2.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:7f9e7b78ef03929beda03dc515dbafd02fd6fcb3576d4289eca9975628470cb8", + "Title": "ncurses: Local users can trigger security-relevant memory corruption via malformed data", + "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", + "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", + "http://www.openwall.com/lists/oss-security/2023/04/19/10", + "http://www.openwall.com/lists/oss-security/2023/04/19/11", + "https://access.redhat.com/errata/RHSA-2023:6698", + "https://access.redhat.com/security/cve/CVE-2023-29491", + "https://bugzilla.redhat.com/2191704", + "https://errata.almalinux.org/9/ALSA-2023-6698.html", + "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", + "https://linux.oracle.com/cve/CVE-2023-29491.html", + "https://linux.oracle.com/errata/ELSA-2023-6698.html", + "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", + "https://security.netapp.com/advisory/ntap-20230517-0009/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845", + "https://ubuntu.com/security/notices/USN-6099-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29491", + "https://www.openwall.com/lists/oss-security/2023/04/12/5", + "https://www.openwall.com/lists/oss-security/2023/04/13/4" + ], + "PublishedDate": "2023-04-14T01:15:08.57Z", + "LastModifiedDate": "2025-11-04T19:15:42.307Z" + }, + { + "VulnerabilityID": "CVE-2024-28085", + "PkgID": "libuuid1@2.34-0.1ubuntu9.3", + "PkgName": "libuuid1", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/libuuid1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "51a8ab06722bbc14" + }, + "InstalledVersion": "2.34-0.1ubuntu9.3", + "FixedVersion": "2.34-0.1ubuntu9.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:d67929107a1932cbad609c90607fde6329b6348e5b651ea005ee4ed00313ac26", + "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", + "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "azure": 1, + "cbl-mariner": 1, + "photon": 1, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2024/Mar/35", + "http://www.openwall.com/lists/oss-security/2024/03/27/5", + "http://www.openwall.com/lists/oss-security/2024/03/27/6", + "http://www.openwall.com/lists/oss-security/2024/03/27/7", + "http://www.openwall.com/lists/oss-security/2024/03/27/8", + "http://www.openwall.com/lists/oss-security/2024/03/27/9", + "http://www.openwall.com/lists/oss-security/2024/03/28/1", + "http://www.openwall.com/lists/oss-security/2024/03/28/2", + "http://www.openwall.com/lists/oss-security/2024/03/28/3", + "https://access.redhat.com/security/cve/CVE-2024-28085", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", + "https://github.com/skyler-ferrante/CVE-2024-28085", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", + "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", + "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", + "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", + "https://security.netapp.com/advisory/ntap-20240531-0003/", + "https://ubuntu.com/security/notices/USN-6719-1", + "https://ubuntu.com/security/notices/USN-6719-2", + "https://www.cve.org/CVERecord?id=CVE-2024-28085", + "https://www.openwall.com/lists/oss-security/2024/03/27/5" + ], + "PublishedDate": "2024-03-27T19:15:48.367Z", + "LastModifiedDate": "2026-05-12T12:16:33.7Z" + }, + { + "VulnerabilityID": "CVE-2024-28085", + "PkgID": "mount@2.34-0.1ubuntu9.3", + "PkgName": "mount", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/mount@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "5dec57b54f278111" + }, + "InstalledVersion": "2.34-0.1ubuntu9.3", + "FixedVersion": "2.34-0.1ubuntu9.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:ceb0714dc862dd302222c985a047b427dda610e90eb58d9b954bf6e7049f0090", + "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", + "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "azure": 1, + "cbl-mariner": 1, + "photon": 1, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2024/Mar/35", + "http://www.openwall.com/lists/oss-security/2024/03/27/5", + "http://www.openwall.com/lists/oss-security/2024/03/27/6", + "http://www.openwall.com/lists/oss-security/2024/03/27/7", + "http://www.openwall.com/lists/oss-security/2024/03/27/8", + "http://www.openwall.com/lists/oss-security/2024/03/27/9", + "http://www.openwall.com/lists/oss-security/2024/03/28/1", + "http://www.openwall.com/lists/oss-security/2024/03/28/2", + "http://www.openwall.com/lists/oss-security/2024/03/28/3", + "https://access.redhat.com/security/cve/CVE-2024-28085", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", + "https://github.com/skyler-ferrante/CVE-2024-28085", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", + "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", + "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", + "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", + "https://security.netapp.com/advisory/ntap-20240531-0003/", + "https://ubuntu.com/security/notices/USN-6719-1", + "https://ubuntu.com/security/notices/USN-6719-2", + "https://www.cve.org/CVERecord?id=CVE-2024-28085", + "https://www.openwall.com/lists/oss-security/2024/03/27/5" + ], + "PublishedDate": "2024-03-27T19:15:48.367Z", + "LastModifiedDate": "2026-05-12T12:16:33.7Z" + }, + { + "VulnerabilityID": "CVE-2023-29491", + "PkgID": "ncurses-base@6.2-0ubuntu2", + "PkgName": "ncurses-base", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/ncurses-base@6.2-0ubuntu2?arch=all\u0026distro=ubuntu-20.04", + "UID": "11c3ebabbf3b213f" + }, + "InstalledVersion": "6.2-0ubuntu2", + "FixedVersion": "6.2-0ubuntu2.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:7698d8c3a532211a152f70974ef4d923f583a6f4ed2f1bdf0d344e2f7f961c41", + "Title": "ncurses: Local users can trigger security-relevant memory corruption via malformed data", + "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", + "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", + "http://www.openwall.com/lists/oss-security/2023/04/19/10", + "http://www.openwall.com/lists/oss-security/2023/04/19/11", + "https://access.redhat.com/errata/RHSA-2023:6698", + "https://access.redhat.com/security/cve/CVE-2023-29491", + "https://bugzilla.redhat.com/2191704", + "https://errata.almalinux.org/9/ALSA-2023-6698.html", + "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", + "https://linux.oracle.com/cve/CVE-2023-29491.html", + "https://linux.oracle.com/errata/ELSA-2023-6698.html", + "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", + "https://security.netapp.com/advisory/ntap-20230517-0009/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845", + "https://ubuntu.com/security/notices/USN-6099-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29491", + "https://www.openwall.com/lists/oss-security/2023/04/12/5", + "https://www.openwall.com/lists/oss-security/2023/04/13/4" + ], + "PublishedDate": "2023-04-14T01:15:08.57Z", + "LastModifiedDate": "2025-11-04T19:15:42.307Z" + }, + { + "VulnerabilityID": "CVE-2023-29491", + "PkgID": "ncurses-bin@6.2-0ubuntu2", + "PkgName": "ncurses-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/ncurses-bin@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "f840bf3c896244a7" + }, + "InstalledVersion": "6.2-0ubuntu2", + "FixedVersion": "6.2-0ubuntu2.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:aadc18fa84a45be374f61b8f9e978f891dd907bb47c91d2d29980e4c4b923ccd", + "Title": "ncurses: Local users can trigger security-relevant memory corruption via malformed data", + "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", + "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", + "http://www.openwall.com/lists/oss-security/2023/04/19/10", + "http://www.openwall.com/lists/oss-security/2023/04/19/11", + "https://access.redhat.com/errata/RHSA-2023:6698", + "https://access.redhat.com/security/cve/CVE-2023-29491", + "https://bugzilla.redhat.com/2191704", + "https://errata.almalinux.org/9/ALSA-2023-6698.html", + "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", + "https://linux.oracle.com/cve/CVE-2023-29491.html", + "https://linux.oracle.com/errata/ELSA-2023-6698.html", + "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", + "https://security.netapp.com/advisory/ntap-20230517-0009/", + "https://support.apple.com/kb/HT213843", + "https://support.apple.com/kb/HT213844", + "https://support.apple.com/kb/HT213845", + "https://ubuntu.com/security/notices/USN-6099-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29491", + "https://www.openwall.com/lists/oss-security/2023/04/12/5", + "https://www.openwall.com/lists/oss-security/2023/04/13/4" + ], + "PublishedDate": "2023-04-14T01:15:08.57Z", + "LastModifiedDate": "2025-11-04T19:15:42.307Z" + }, + { + "VulnerabilityID": "CVE-2023-2650", + "PkgID": "openssl@1.1.1f-1ubuntu2.17", + "PkgName": "openssl", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/openssl@1.1.1f-1ubuntu2.17?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "d05522de581addaf" + }, + "InstalledVersion": "1.1.1f-1ubuntu2.17", + "FixedVersion": "1.1.1f-1ubuntu2.19", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2650", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:abf1c7876d89ebc6e675c79849155ece11c2aa148b727e64d58150ac7a322a20", + "Title": "openssl: Possible DoS translating ASN.1 object identifiers", + "Description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/05/30/1", + "https://access.redhat.com/errata/RHSA-2023:6330", + "https://access.redhat.com/security/cve/CVE-2023-2650", + "https://bugzilla.redhat.com/1858038", + "https://bugzilla.redhat.com/2207947", + "https://errata.almalinux.org/9/ALSA-2023-6330.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a", + "https://github.com/advisories/GHSA-gqxg-9vfr-p9cg", + "https://linux.oracle.com/cve/CVE-2023-2650.html", + "https://linux.oracle.com/errata/ELSA-2023-6330.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2650", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230703-0001/", + "https://security.netapp.com/advisory/ntap-20231027-0009/", + "https://ubuntu.com/security/notices/USN-6119-1", + "https://ubuntu.com/security/notices/USN-6188-1", + "https://ubuntu.com/security/notices/USN-6672-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-2650", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230530.txt" + ], + "PublishedDate": "2023-05-30T14:15:09.683Z", + "LastModifiedDate": "2025-03-19T16:15:21.89Z" + }, + { + "VulnerabilityID": "CVE-2023-31484", + "PkgID": "perl@5.30.0-9ubuntu0.3", + "PkgName": "perl", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/perl@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e4ac000ef35e9648" + }, + "InstalledVersion": "5.30.0-9ubuntu0.3", + "FixedVersion": "5.30.0-9ubuntu0.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31484", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:c581e71dd9498d31833e08451482d794b9dca4fbe0d984e84d2ca045579597d1", + "Title": "perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS", + "Description": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/04/29/1", + "http://www.openwall.com/lists/oss-security/2023/05/03/3", + "http://www.openwall.com/lists/oss-security/2023/05/03/5", + "http://www.openwall.com/lists/oss-security/2023/05/07/2", + "https://access.redhat.com/errata/RHSA-2023:6539", + "https://access.redhat.com/security/cve/CVE-2023-31484", + "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/", + "https://bugzilla.redhat.com/2218667", + "https://bugzilla.redhat.com/show_bug.cgi?id=2218667", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31484", + "https://errata.almalinux.org/9/ALSA-2023-6539.html", + "https://errata.rockylinux.org/RLSA-2023:6539", + "https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 (2.35-TRIAL)", + "https://github.com/andk/cpanpm/pull/175", + "https://linux.oracle.com/cve/CVE-2023-31484.html", + "https://linux.oracle.com/errata/ELSA-2026-0079.html", + "https://lists.debian.org/debian-lts-announce/2024/10/msg00017.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/", + "https://metacpan.org/dist/CPAN/changes", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31484", + "https://security.netapp.com/advisory/ntap-20240621-0007/", + "https://ubuntu.com/security/notices/USN-6112-1", + "https://ubuntu.com/security/notices/USN-6112-2", + "https://www.cve.org/CVERecord?id=CVE-2023-31484", + "https://www.openwall.com/lists/oss-security/2023/04/18/14" + ], + "PublishedDate": "2023-04-29T00:15:09Z", + "LastModifiedDate": "2025-11-03T22:16:19.47Z" + }, + { + "VulnerabilityID": "CVE-2023-47038", + "PkgID": "perl@5.30.0-9ubuntu0.3", + "PkgName": "perl", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/perl@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "e4ac000ef35e9648" + }, + "InstalledVersion": "5.30.0-9ubuntu0.3", + "FixedVersion": "5.30.0-9ubuntu0.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-47038", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:e321f1290d681502c27e967380483e41f8d097b5dd5887156e08fc782011a769", + "Title": "perl: Write past buffer end via illegal user-defined Unicode property", + "Description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "nvd": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2228", + "https://access.redhat.com/errata/RHSA-2024:3128", + "https://access.redhat.com/security/cve/CVE-2023-47038", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746", + "https://bugzilla.redhat.com/2249523", + "https://bugzilla.redhat.com/show_bug.cgi?id=2249523", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47038", + "https://errata.almalinux.org/9/ALSA-2024-2228.html", + "https://errata.rockylinux.org/RLSA-2024:2228", + "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010", + "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6", + "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3", + "https://github.com/aquasecurity/trivy/discussions/8400", + "https://linux.oracle.com/cve/CVE-2023-47038.html", + "https://linux.oracle.com/errata/ELSA-2024-3128.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMDZZ4SCEW6FRWZDMXGAKZ35THTAWFG6/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-47038", + "https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property", + "https://ubuntu.com/security/CVE-2023-47100", + "https://ubuntu.com/security/notices/USN-6517-1", + "https://www.cve.org/CVERecord?id=CVE-2023-47038", + "https://www.suse.com/security/cve/CVE-2023-47100.html" + ], + "PublishedDate": "2023-12-18T14:15:08.933Z", + "LastModifiedDate": "2025-11-04T19:16:05.573Z" + }, + { + "VulnerabilityID": "CVE-2023-31484", + "PkgID": "perl-base@5.30.0-9ubuntu0.3", + "PkgName": "perl-base", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/perl-base@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "2289117557075356" + }, + "InstalledVersion": "5.30.0-9ubuntu0.3", + "FixedVersion": "5.30.0-9ubuntu0.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31484", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:83aa268dbcedb9eba21938b2c8331b13b67a149ad18591ec3c3fcd68e8df14f2", + "Title": "perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS", + "Description": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/04/29/1", + "http://www.openwall.com/lists/oss-security/2023/05/03/3", + "http://www.openwall.com/lists/oss-security/2023/05/03/5", + "http://www.openwall.com/lists/oss-security/2023/05/07/2", + "https://access.redhat.com/errata/RHSA-2023:6539", + "https://access.redhat.com/security/cve/CVE-2023-31484", + "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/", + "https://bugzilla.redhat.com/2218667", + "https://bugzilla.redhat.com/show_bug.cgi?id=2218667", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31484", + "https://errata.almalinux.org/9/ALSA-2023-6539.html", + "https://errata.rockylinux.org/RLSA-2023:6539", + "https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 (2.35-TRIAL)", + "https://github.com/andk/cpanpm/pull/175", + "https://linux.oracle.com/cve/CVE-2023-31484.html", + "https://linux.oracle.com/errata/ELSA-2026-0079.html", + "https://lists.debian.org/debian-lts-announce/2024/10/msg00017.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/", + "https://metacpan.org/dist/CPAN/changes", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31484", + "https://security.netapp.com/advisory/ntap-20240621-0007/", + "https://ubuntu.com/security/notices/USN-6112-1", + "https://ubuntu.com/security/notices/USN-6112-2", + "https://www.cve.org/CVERecord?id=CVE-2023-31484", + "https://www.openwall.com/lists/oss-security/2023/04/18/14" + ], + "PublishedDate": "2023-04-29T00:15:09Z", + "LastModifiedDate": "2025-11-03T22:16:19.47Z" + }, + { + "VulnerabilityID": "CVE-2023-47038", + "PkgID": "perl-base@5.30.0-9ubuntu0.3", + "PkgName": "perl-base", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/perl-base@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "2289117557075356" + }, + "InstalledVersion": "5.30.0-9ubuntu0.3", + "FixedVersion": "5.30.0-9ubuntu0.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-47038", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:6219a076250c5b9f87e1722ca07ac6a7c46d0b4bf60900f0813deb110a1da954", + "Title": "perl: Write past buffer end via illegal user-defined Unicode property", + "Description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "nvd": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2228", + "https://access.redhat.com/errata/RHSA-2024:3128", + "https://access.redhat.com/security/cve/CVE-2023-47038", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746", + "https://bugzilla.redhat.com/2249523", + "https://bugzilla.redhat.com/show_bug.cgi?id=2249523", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47038", + "https://errata.almalinux.org/9/ALSA-2024-2228.html", + "https://errata.rockylinux.org/RLSA-2024:2228", + "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010", + "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6", + "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3", + "https://github.com/aquasecurity/trivy/discussions/8400", + "https://linux.oracle.com/cve/CVE-2023-47038.html", + "https://linux.oracle.com/errata/ELSA-2024-3128.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMDZZ4SCEW6FRWZDMXGAKZ35THTAWFG6/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-47038", + "https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property", + "https://ubuntu.com/security/CVE-2023-47100", + "https://ubuntu.com/security/notices/USN-6517-1", + "https://www.cve.org/CVERecord?id=CVE-2023-47038", + "https://www.suse.com/security/cve/CVE-2023-47100.html" + ], + "PublishedDate": "2023-12-18T14:15:08.933Z", + "LastModifiedDate": "2025-11-04T19:16:05.573Z" + }, + { + "VulnerabilityID": "CVE-2023-31484", + "PkgID": "perl-modules-5.30@5.30.0-9ubuntu0.3", + "PkgName": "perl-modules-5.30", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/perl-modules-5.30@5.30.0-9ubuntu0.3?arch=all\u0026distro=ubuntu-20.04", + "UID": "23ac15a776adbce9" + }, + "InstalledVersion": "5.30.0-9ubuntu0.3", + "FixedVersion": "5.30.0-9ubuntu0.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31484", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:9723ee8d6e5e76f2d08cf46e4e841f620af3780a50c4fc2fcca4c6c81b3e1d24", + "Title": "perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS", + "Description": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/04/29/1", + "http://www.openwall.com/lists/oss-security/2023/05/03/3", + "http://www.openwall.com/lists/oss-security/2023/05/03/5", + "http://www.openwall.com/lists/oss-security/2023/05/07/2", + "https://access.redhat.com/errata/RHSA-2023:6539", + "https://access.redhat.com/security/cve/CVE-2023-31484", + "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/", + "https://bugzilla.redhat.com/2218667", + "https://bugzilla.redhat.com/show_bug.cgi?id=2218667", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31484", + "https://errata.almalinux.org/9/ALSA-2023-6539.html", + "https://errata.rockylinux.org/RLSA-2023:6539", + "https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 (2.35-TRIAL)", + "https://github.com/andk/cpanpm/pull/175", + "https://linux.oracle.com/cve/CVE-2023-31484.html", + "https://linux.oracle.com/errata/ELSA-2026-0079.html", + "https://lists.debian.org/debian-lts-announce/2024/10/msg00017.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/", + "https://metacpan.org/dist/CPAN/changes", + "https://nvd.nist.gov/vuln/detail/CVE-2023-31484", + "https://security.netapp.com/advisory/ntap-20240621-0007/", + "https://ubuntu.com/security/notices/USN-6112-1", + "https://ubuntu.com/security/notices/USN-6112-2", + "https://www.cve.org/CVERecord?id=CVE-2023-31484", + "https://www.openwall.com/lists/oss-security/2023/04/18/14" + ], + "PublishedDate": "2023-04-29T00:15:09Z", + "LastModifiedDate": "2025-11-03T22:16:19.47Z" + }, + { + "VulnerabilityID": "CVE-2023-47038", + "PkgID": "perl-modules-5.30@5.30.0-9ubuntu0.3", + "PkgName": "perl-modules-5.30", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/perl-modules-5.30@5.30.0-9ubuntu0.3?arch=all\u0026distro=ubuntu-20.04", + "UID": "23ac15a776adbce9" + }, + "InstalledVersion": "5.30.0-9ubuntu0.3", + "FixedVersion": "5.30.0-9ubuntu0.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-47038", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:060d5145657351635861c52c235e66c3f393fb2fd0879840c8e17754f355504d", + "Title": "perl: Write past buffer end via illegal user-defined Unicode property", + "Description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "nvd": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2228", + "https://access.redhat.com/errata/RHSA-2024:3128", + "https://access.redhat.com/security/cve/CVE-2023-47038", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746", + "https://bugzilla.redhat.com/2249523", + "https://bugzilla.redhat.com/show_bug.cgi?id=2249523", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47038", + "https://errata.almalinux.org/9/ALSA-2024-2228.html", + "https://errata.rockylinux.org/RLSA-2024:2228", + "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010", + "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6", + "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3", + "https://github.com/aquasecurity/trivy/discussions/8400", + "https://linux.oracle.com/cve/CVE-2023-47038.html", + "https://linux.oracle.com/errata/ELSA-2024-3128.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMDZZ4SCEW6FRWZDMXGAKZ35THTAWFG6/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-47038", + "https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property", + "https://ubuntu.com/security/CVE-2023-47100", + "https://ubuntu.com/security/notices/USN-6517-1", + "https://www.cve.org/CVERecord?id=CVE-2023-47038", + "https://www.suse.com/security/cve/CVE-2023-47100.html" + ], + "PublishedDate": "2023-12-18T14:15:08.933Z", + "LastModifiedDate": "2025-11-04T19:16:05.573Z" + }, + { + "VulnerabilityID": "CVE-2024-12085", + "PkgID": "rsync@3.1.3-8ubuntu0.5", + "PkgName": "rsync", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "9f4dd363bd033b68" + }, + "InstalledVersion": "3.1.3-8ubuntu0.5", + "FixedVersion": "3.1.3-8ubuntu0.8", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12085", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:82ddf8beab0a68e5a1eaf9a1da587e80bd48217229ec1d3c16af160b632b3060", + "Title": "rsync: Info Leak via Uninitialized Stack Contents", + "Description": "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-908" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHBA-2025:6470", + "https://access.redhat.com/errata/RHSA-2025:0324", + "https://access.redhat.com/errata/RHSA-2025:0325", + "https://access.redhat.com/errata/RHSA-2025:0637", + "https://access.redhat.com/errata/RHSA-2025:0688", + "https://access.redhat.com/errata/RHSA-2025:0714", + "https://access.redhat.com/errata/RHSA-2025:0774", + "https://access.redhat.com/errata/RHSA-2025:0787", + "https://access.redhat.com/errata/RHSA-2025:0790", + "https://access.redhat.com/errata/RHSA-2025:0849", + "https://access.redhat.com/errata/RHSA-2025:0884", + "https://access.redhat.com/errata/RHSA-2025:0885", + "https://access.redhat.com/errata/RHSA-2025:1120", + "https://access.redhat.com/errata/RHSA-2025:1123", + "https://access.redhat.com/errata/RHSA-2025:1128", + "https://access.redhat.com/errata/RHSA-2025:1225", + "https://access.redhat.com/errata/RHSA-2025:1227", + "https://access.redhat.com/errata/RHSA-2025:1242", + "https://access.redhat.com/errata/RHSA-2025:1451", + "https://access.redhat.com/errata/RHSA-2025:21885", + "https://access.redhat.com/errata/RHSA-2025:2701", + "https://access.redhat.com/security/cve/CVE-2024-12085", + "https://bugzilla.redhat.com/2330539", + "https://bugzilla.redhat.com/show_bug.cgi?id=2330539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12085", + "https://errata.almalinux.org/9/ALSA-2025-0324.html", + "https://errata.rockylinux.org/RLSA-2025:0324", + "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj", + "https://kb.cert.org/vince/comm/case/2083/", + "https://kb.cert.org/vuls/id/952657", + "https://linux.oracle.com/cve/CVE-2024-12085.html", + "https://linux.oracle.com/errata/ELSA-2025-0714.html", + "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-12085", + "https://security.netapp.com/advisory/ntap-20250131-0002/", + "https://ubuntu.com/security/notices/USN-7206-1", + "https://ubuntu.com/security/notices/USN-7206-3", + "https://www.cve.org/CVERecord?id=CVE-2024-12085", + "https://www.kb.cert.org/vuls/id/952657" + ], + "PublishedDate": "2025-01-14T18:15:25.123Z", + "LastModifiedDate": "2026-04-14T22:16:24.497Z" + }, + { + "VulnerabilityID": "CVE-2024-12086", + "PkgID": "rsync@3.1.3-8ubuntu0.5", + "PkgName": "rsync", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "9f4dd363bd033b68" + }, + "InstalledVersion": "3.1.3-8ubuntu0.5", + "FixedVersion": "3.1.3-8ubuntu0.8", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12086", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:20ba46ddc7c0f2657d494d1ee7ce27baf776c56cd1a85c9f33b0e1b1b4051cea", + "Title": "rsync: rsync server leaks arbitrary client files", + "Description": "A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-390" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHBA-2025:6470", + "https://access.redhat.com/errata/RHSA-2026:19368", + "https://access.redhat.com/security/cve/CVE-2024-12086", + "https://bugzilla.redhat.com/show_bug.cgi?id=2330577", + "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj", + "https://kb.cert.org/vince/comm/case/2083/", + "https://kb.cert.org/vuls/id/952657", + "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-12086", + "https://security.netapp.com/advisory/ntap-20250131-0002/", + "https://ubuntu.com/security/notices/USN-7206-1", + "https://ubuntu.com/security/notices/USN-7206-3", + "https://www.cve.org/CVERecord?id=CVE-2024-12086", + "https://www.kb.cert.org/vuls/id/952657" + ], + "PublishedDate": "2025-01-14T18:15:25.297Z", + "LastModifiedDate": "2026-05-20T04:16:31.217Z" + }, + { + "VulnerabilityID": "CVE-2024-12087", + "PkgID": "rsync@3.1.3-8ubuntu0.5", + "PkgName": "rsync", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "9f4dd363bd033b68" + }, + "InstalledVersion": "3.1.3-8ubuntu0.5", + "FixedVersion": "3.1.3-8ubuntu0.8", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12087", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:a94e14429b5d76dc4e62f5b39f13fef6e6e0d4b533a00519d43e42b0558618e1", + "Title": "rsync: Path traversal vulnerability in rsync", + "Description": "A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHBA-2025:6470", + "https://access.redhat.com/errata/RHSA-2025:23154", + "https://access.redhat.com/errata/RHSA-2025:23235", + "https://access.redhat.com/errata/RHSA-2025:23407", + "https://access.redhat.com/errata/RHSA-2025:23415", + "https://access.redhat.com/errata/RHSA-2025:23416", + "https://access.redhat.com/errata/RHSA-2025:23842", + "https://access.redhat.com/errata/RHSA-2025:23853", + "https://access.redhat.com/errata/RHSA-2025:23854", + "https://access.redhat.com/errata/RHSA-2025:23858", + "https://access.redhat.com/errata/RHSA-2025:2600", + "https://access.redhat.com/errata/RHSA-2025:7050", + "https://access.redhat.com/errata/RHSA-2025:8385", + "https://access.redhat.com/security/cve/CVE-2024-12087", + "https://bugzilla.redhat.com/2330672", + "https://bugzilla.redhat.com/2330676", + "https://bugzilla.redhat.com/2332968", + "https://bugzilla.redhat.com/show_bug.cgi?id=2330672", + "https://bugzilla.redhat.com/show_bug.cgi?id=2330676", + "https://bugzilla.redhat.com/show_bug.cgi?id=2332968", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12087", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12088", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12747", + "https://errata.almalinux.org/9/ALSA-2025-7050.html", + "https://errata.rockylinux.org/RLSA-2025:7050", + "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj", + "https://kb.cert.org/vince/comm/case/2083/", + "https://kb.cert.org/vuls/id/952657", + "https://linux.oracle.com/cve/CVE-2024-12087.html", + "https://linux.oracle.com/errata/ELSA-2025-7050.html", + "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-12087", + "https://security.netapp.com/advisory/ntap-20250131-0002/", + "https://ubuntu.com/security/notices/USN-7206-1", + "https://ubuntu.com/security/notices/USN-7206-3", + "https://www.cve.org/CVERecord?id=CVE-2024-12087", + "https://www.kb.cert.org/vuls/id/952657" + ], + "PublishedDate": "2025-01-14T18:15:25.467Z", + "LastModifiedDate": "2026-04-14T22:16:26.837Z" + }, + { + "VulnerabilityID": "CVE-2024-12088", + "PkgID": "rsync@3.1.3-8ubuntu0.5", + "PkgName": "rsync", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "9f4dd363bd033b68" + }, + "InstalledVersion": "3.1.3-8ubuntu0.5", + "FixedVersion": "3.1.3-8ubuntu0.8", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12088", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:d044336f5b9f5c962b2389d6b4dec877a8248ba29dcfb58e789b22ecef4ddab2", + "Title": "rsync: --safe-links option bypass leads to path traversal", + "Description": "A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHBA-2025:6470", + "https://access.redhat.com/errata/RHSA-2025:2600", + "https://access.redhat.com/errata/RHSA-2025:7050", + "https://access.redhat.com/errata/RHSA-2025:8385", + "https://access.redhat.com/security/cve/CVE-2024-12088", + "https://bugzilla.redhat.com/2330672", + "https://bugzilla.redhat.com/2330676", + "https://bugzilla.redhat.com/2332968", + "https://bugzilla.redhat.com/show_bug.cgi?id=2330672", + "https://bugzilla.redhat.com/show_bug.cgi?id=2330676", + "https://bugzilla.redhat.com/show_bug.cgi?id=2332968", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12087", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12088", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12747", + "https://errata.almalinux.org/9/ALSA-2025-7050.html", + "https://errata.rockylinux.org/RLSA-2025:7050", + "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj", + "https://kb.cert.org/vince/comm/case/2083/", + "https://kb.cert.org/vuls/id/952657", + "https://linux.oracle.com/cve/CVE-2024-12088.html", + "https://linux.oracle.com/errata/ELSA-2025-7050.html", + "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-12088", + "https://security.netapp.com/advisory/ntap-20250131-0002/", + "https://ubuntu.com/security/notices/USN-7206-1", + "https://ubuntu.com/security/notices/USN-7206-3", + "https://www.cve.org/CVERecord?id=CVE-2024-12088", + "https://www.kb.cert.org/vuls/id/952657" + ], + "PublishedDate": "2025-01-14T18:15:25.643Z", + "LastModifiedDate": "2026-04-14T22:16:27.247Z" + }, + { + "VulnerabilityID": "CVE-2024-12747", + "PkgID": "rsync@3.1.3-8ubuntu0.5", + "PkgName": "rsync", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "9f4dd363bd033b68" + }, + "InstalledVersion": "3.1.3-8ubuntu0.5", + "FixedVersion": "3.1.3-8ubuntu0.8", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", + "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12747", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:d474ba9aec1fd9fa7a30fb58023d7271df57b174348b7b46b4347024e07e5c7a", + "Title": "rsync: Race Condition in rsync Handling Symbolic Links", + "Description": "A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 5.6 + } + }, + "References": [ + "https://access.redhat.com/errata/RHBA-2025:6470", + "https://access.redhat.com/errata/RHSA-2025:2600", + "https://access.redhat.com/errata/RHSA-2025:7050", + "https://access.redhat.com/errata/RHSA-2025:8385", + "https://access.redhat.com/security/cve/CVE-2024-12747", + "https://bugzilla.redhat.com/2330672", + "https://bugzilla.redhat.com/2330676", + "https://bugzilla.redhat.com/2332968", + "https://bugzilla.redhat.com/show_bug.cgi?id=2330672", + "https://bugzilla.redhat.com/show_bug.cgi?id=2330676", + "https://bugzilla.redhat.com/show_bug.cgi?id=2332968", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12087", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12088", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12747", + "https://errata.almalinux.org/9/ALSA-2025-7050.html", + "https://errata.rockylinux.org/RLSA-2025:7050", + "https://kb.cert.org/vince/comm/case/2083/", + "https://kb.cert.org/vuls/id/952657", + "https://linux.oracle.com/cve/CVE-2024-12747.html", + "https://linux.oracle.com/errata/ELSA-2025-7050.html", + "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-12747", + "https://security.netapp.com/advisory/ntap-20250131-0002/", + "https://ubuntu.com/security/notices/USN-7206-1", + "https://ubuntu.com/security/notices/USN-7206-3", + "https://www.cve.org/CVERecord?id=CVE-2024-12747", + "https://www.kb.cert.org/vuls/id/952657" + ], + "PublishedDate": "2025-01-14T18:15:25.83Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2023-39804", + "PkgID": "tar@1.30+dfsg-7ubuntu0.20.04.3", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/tar@1.30%2Bdfsg-7ubuntu0.20.04.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "9e3a2b3027b922ad" + }, + "InstalledVersion": "1.30+dfsg-7ubuntu0.20.04.3", + "FixedVersion": "1.30+dfsg-7ubuntu0.20.04.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39804", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:f77174d302da2e8fbf6e8be732c14315efdc788cc572912263e2749399652450", + "Title": "tar: Incorrectly handled extension attributes in PAX archives can lead to a crash", + "Description": "In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 1, + "cbl-mariner": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-39804", + "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058079", + "https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4", + "https://git.savannah.gnu.org/cgit/tar.git/tree/src/xheader.c?h=release_1_34#n1723", + "https://lists.debian.org/debian-lts-announce/2024/03/msg00008.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-39804", + "https://ubuntu.com/security/notices/USN-6543-1", + "https://www.cve.org/CVERecord?id=CVE-2023-39804" + ], + "PublishedDate": "2024-03-27T04:15:08.897Z", + "LastModifiedDate": "2025-11-04T19:15:55.43Z" + }, + { + "VulnerabilityID": "CVE-2024-28085", + "PkgID": "util-linux@2.34-0.1ubuntu9.3", + "PkgName": "util-linux", + "PkgIdentifier": { + "PURL": "pkg:deb/ubuntu/util-linux@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", + "UID": "7e27c675dec861ed" + }, + "InstalledVersion": "2.34-0.1ubuntu9.3", + "FixedVersion": "2.34-0.1ubuntu9.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", + "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" + }, + "SeveritySource": "ubuntu", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", + "DataSource": { + "ID": "ubuntu", + "Name": "Ubuntu CVE Tracker", + "URL": "https://git.launchpad.net/ubuntu-cve-tracker" + }, + "Fingerprint": "sha256:04d44a51ed719412d0116319893d8420281b00a6054cca1ccc7df684a5dfe2d5", + "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", + "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "azure": 1, + "cbl-mariner": 1, + "photon": 1, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.4 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2024/Mar/35", + "http://www.openwall.com/lists/oss-security/2024/03/27/5", + "http://www.openwall.com/lists/oss-security/2024/03/27/6", + "http://www.openwall.com/lists/oss-security/2024/03/27/7", + "http://www.openwall.com/lists/oss-security/2024/03/27/8", + "http://www.openwall.com/lists/oss-security/2024/03/27/9", + "http://www.openwall.com/lists/oss-security/2024/03/28/1", + "http://www.openwall.com/lists/oss-security/2024/03/28/2", + "http://www.openwall.com/lists/oss-security/2024/03/28/3", + "https://access.redhat.com/security/cve/CVE-2024-28085", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", + "https://github.com/skyler-ferrante/CVE-2024-28085", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", + "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", + "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", + "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", + "https://security.netapp.com/advisory/ntap-20240531-0003/", + "https://ubuntu.com/security/notices/USN-6719-1", + "https://ubuntu.com/security/notices/USN-6719-2", + "https://www.cve.org/CVERecord?id=CVE-2024-28085", + "https://www.openwall.com/lists/oss-security/2024/03/27/5" + ], + "PublishedDate": "2024-03-27T19:15:48.367Z", + "LastModifiedDate": "2026-05-12T12:16:33.7Z" + } + ] + }, + { + "Target": "usr/local/bin/gosu", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "github.com/tianon/gosu", + "Name": "github.com/tianon/gosu", + "Identifier": { + "PURL": "pkg:golang/github.com/tianon/gosu", + "UID": "f8be0ac9ee9f0640" + }, + "Relationship": "root", + "DependsOn": [ + "github.com/opencontainers/runc@v1.0.1", + "golang.org/x/sys@v0.0.0-20210817142637-7d9622a276b7", + "stdlib@v1.16.7" + ], + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "stdlib@v1.16.7", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "Version": "v1.16.7", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/opencontainers/runc@v1.0.1", + "Name": "github.com/opencontainers/runc", + "Identifier": { + "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", + "UID": "393c951d0b8eb33d" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sys@v0.0.0-20210817142637-7d9622a276b7", + "Name": "golang.org/x/sys", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sys@v0.0.0-20210817142637-7d9622a276b7", + "UID": "9f8e6d3b2db2ec49" + }, + "Version": "v0.0.0-20210817142637-7d9622a276b7", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-27561", + "VendorIDs": [ + "GHSA-vpvm-3wq2-2wvm" + ], + "PkgID": "github.com/opencontainers/runc@v1.0.1", + "PkgName": "github.com/opencontainers/runc", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", + "UID": "393c951d0b8eb33d" + }, + "InstalledVersion": "v1.0.1", + "FixedVersion": "1.1.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:6803b92b4954fcff324a846c6596339a7f6eec534d769c2ea6d16ddae676df64", + "Title": "runc: volume mount race condition (regression of CVE-2019-19921)", + "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-706" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6380", + "https://access.redhat.com/security/cve/CVE-2023-27561", + "https://bugzilla.redhat.com/2029439", + "https://bugzilla.redhat.com/2175721", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2182883", + "https://bugzilla.redhat.com/2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6380.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", + "https://github.com/opencontainers/runc", + "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", + "https://github.com/opencontainers/runc/issues/3751", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/releases/tag/v1.1.5", + "https://linux.oracle.com/cve/CVE-2023-27561.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ", + "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", + "https://security.netapp.com/advisory/ntap-20241206-0004", + "https://security.netapp.com/advisory/ntap-20241206-0004/", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-27561" + ], + "PublishedDate": "2023-03-03T19:15:11.33Z", + "LastModifiedDate": "2024-12-06T14:15:19.037Z" + }, + { + "VulnerabilityID": "CVE-2024-21626", + "VendorIDs": [ + "GHSA-xr7r-f8xq-vfvv" + ], + "PkgID": "github.com/opencontainers/runc@v1.0.1", + "PkgName": "github.com/opencontainers/runc", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", + "UID": "393c951d0b8eb33d" + }, + "InstalledVersion": "v1.0.1", + "FixedVersion": "1.1.12", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-21626", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:c25ce5d902cd400e0e1e8612784e5451080a86de1b3e2892fa915e277c48937f", + "Title": "runc: file descriptor leak", + "Description": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem (\"attack 2\"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run (\"attack 1\"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes (\"attack 3a\" and \"attack 3b\"). runc 1.1.12 includes patches for this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-403", + "CWE-668" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 8.6 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 8.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 8.6 + } + }, + "References": [ + "http://packetstormsecurity.com/files/176993/runc-1.1.11-File-Descriptor-Leak-Privilege-Escalation.html", + "http://www.openwall.com/lists/oss-security/2024/02/01/1", + "http://www.openwall.com/lists/oss-security/2024/02/02/3", + "https://access.redhat.com/errata/RHSA-2024:0670", + "https://access.redhat.com/security/cve/CVE-2024-21626", + "https://bugzilla.redhat.com/2258725", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21626", + "https://errata.almalinux.org/9/ALSA-2024-0670.html", + "https://errata.rockylinux.org/RLSA-2024:0752", + "https://github.com/opencontainers/runc", + "https://github.com/opencontainers/runc/commit/02120488a4c0fc487d1ed2867e901eeed7ce8ecf", + "https://github.com/opencontainers/runc/releases/tag/v1.1.12", + "https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv", + "https://linux.oracle.com/cve/CVE-2024-21626.html", + "https://linux.oracle.com/errata/ELSA-2024-17931.html", + "https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NLXNE23Q5ESQUAI22Z7A63JX2WMPJ2J", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NLXNE23Q5ESQUAI22Z7A63JX2WMPJ2J/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYMO3BANINS6RGFQFKPRG4FIOJ7GWYTL", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYMO3BANINS6RGFQFKPRG4FIOJ7GWYTL/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-21626", + "https://ubuntu.com/security/notices/USN-6619-1", + "https://www.cve.org/CVERecord?id=CVE-2024-21626", + "https://www.vicarius.io/vsociety/posts/leaky-vessels-part-1-cve-2024-21626" + ], + "PublishedDate": "2024-01-31T22:15:53.78Z", + "LastModifiedDate": "2024-11-21T08:54:45.18Z" + }, + { + "VulnerabilityID": "CVE-2025-31133", + "VendorIDs": [ + "GHSA-9493-h29p-rfm2" + ], + "PkgID": "github.com/opencontainers/runc@v1.0.1", + "PkgName": "github.com/opencontainers/runc", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", + "UID": "393c951d0b8eb33d" + }, + "InstalledVersion": "v1.0.1", + "FixedVersion": "1.2.8, 1.3.3, 1.4.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-31133", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:13665e3c39489164fa3631f04801910a84728adfd0322b4726c0fe6cd7302163", + "Title": "runc: container escape via 'masked path' abuse due to mount race conditions", + "Description": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-61", + "CWE-363" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", + "V40Score": 7.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 8.2 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:20957", + "https://access.redhat.com/security/cve/CVE-2025-31133", + "https://bugzilla.redhat.com/2404705", + "https://bugzilla.redhat.com/2404708", + "https://bugzilla.redhat.com/2404715", + "https://bugzilla.redhat.com/show_bug.cgi?id=2404705", + "https://bugzilla.redhat.com/show_bug.cgi?id=2404708", + "https://bugzilla.redhat.com/show_bug.cgi?id=2404715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31133", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52565", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881", + "https://errata.almalinux.org/9/ALSA-2025-20957.html", + "https://errata.rockylinux.org/RLSA-2025:20957", + "https://github.com/opencontainers/runc", + "https://github.com/opencontainers/runc/commit/1a30a8f3d921acbbb6a4bb7e99da2c05f8d48522", + "https://github.com/opencontainers/runc/commit/5d7b2424072449872d1cd0c937f2ca25f418eb66", + "https://github.com/opencontainers/runc/commit/8476df83b534a2522b878c0507b3491def48db9f", + "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64", + "https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2", + "https://linux.oracle.com/cve/CVE-2025-31133.html", + "https://linux.oracle.com/errata/ELSA-2025-21232.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-31133", + "https://ubuntu.com/security/notices/USN-7851-1", + "https://www.cve.org/CVERecord?id=CVE-2025-31133" + ], + "PublishedDate": "2025-11-06T19:15:41.343Z", + "LastModifiedDate": "2025-12-03T18:30:15.43Z" + }, + { + "VulnerabilityID": "CVE-2025-52565", + "VendorIDs": [ + "GHSA-qw9x-cqr3-wc7r" + ], + "PkgID": "github.com/opencontainers/runc@v1.0.1", + "PkgName": "github.com/opencontainers/runc", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", + "UID": "393c951d0b8eb33d" + }, + "InstalledVersion": "v1.0.1", + "FixedVersion": "1.2.8, 1.3.3, 1.4.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-52565", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:9bf5ac549932065f84ac95fb64379b2b2ecf56ce45a1c21b9abdd74427ab4cf8", + "Title": "runc: container escape with malicious config due to /dev/console mount and related races", + "Description": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-61", + "CWE-363" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", + "V40Score": 7.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 8.2 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:20957", + "https://access.redhat.com/security/cve/CVE-2025-52565", + "https://bugzilla.redhat.com/2404705", + "https://bugzilla.redhat.com/2404708", + "https://bugzilla.redhat.com/2404715", + "https://bugzilla.redhat.com/show_bug.cgi?id=2404705", + "https://bugzilla.redhat.com/show_bug.cgi?id=2404708", + "https://bugzilla.redhat.com/show_bug.cgi?id=2404715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31133", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52565", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881", + "https://errata.almalinux.org/9/ALSA-2025-20957.html", + "https://errata.rockylinux.org/RLSA-2025:20957", + "https://github.com/opencontainers/runc", + "https://github.com/opencontainers/runc/commit/01de9d65dc72f67b256ef03f9bfb795a2bf143b4", + "https://github.com/opencontainers/runc/commit/398955bccb7f20565c224a3064d331c19e422398", + "https://github.com/opencontainers/runc/commit/531ef794e4ecd628006a865ad334a048ee2b4b2e", + "https://github.com/opencontainers/runc/commit/9be1dbf4ac67d9840a043ebd2df5c68f36705d1d", + "https://github.com/opencontainers/runc/commit/aee7d3fe355dd02939d44155e308ea0052e0d53a", + "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64", + "https://github.com/opencontainers/runc/commit/de87203e625cd7a27141fb5f2ad00a320c69c5e8", + "https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480", + "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r", + "https://linux.oracle.com/cve/CVE-2025-52565.html", + "https://linux.oracle.com/errata/ELSA-2025-21232.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-52565", + "https://ubuntu.com/security/notices/USN-7851-1", + "https://www.cve.org/CVERecord?id=CVE-2025-52565" + ], + "PublishedDate": "2025-11-06T20:15:49.24Z", + "LastModifiedDate": "2025-12-03T18:33:33.357Z" + }, + { + "VulnerabilityID": "CVE-2025-52881", + "VendorIDs": [ + "GHSA-cgrx-mc8f-2prm" + ], + "PkgID": "github.com/opencontainers/runc@v1.0.1", + "PkgName": "github.com/opencontainers/runc", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", + "UID": "393c951d0b8eb33d" + }, + "InstalledVersion": "v1.0.1", + "FixedVersion": "1.2.8, 1.3.3, 1.4.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-52881", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:251926c142387b6deacfca4536b5807557c1cec0bc296211e140b48524ebfc11", + "Title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects", + "Description": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-61", + "CWE-363" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", + "V40Score": 7.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "V3Score": 8.2 + } + }, + "References": [ + "http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322", + "http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3", + "https://access.redhat.com/errata/RHSA-2025:22011", + "https://access.redhat.com/security/cve/CVE-2025-52881", + "https://bugzilla.redhat.com/2404715", + "https://bugzilla.redhat.com/2407258", + "https://bugzilla.redhat.com/show_bug.cgi?id=2404715", + "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", + "https://errata.almalinux.org/9/ALSA-2025-22011.html", + "https://errata.rockylinux.org/RLSA-2025:22011", + "https://github.com/opencontainers/runc", + "https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md", + "https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557", + "https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d", + "https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58", + "https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6", + "https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f", + "https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544", + "https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db", + "https://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322", + "https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28", + "https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2", + "https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165", + "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64", + "https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1", + "https://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3", + "https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51", + "https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480", + "https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2", + "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm", + "https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw", + "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r", + "https://github.com/opencontainers/selinux/pull/237", + "https://github.com/opencontainers/selinux/releases/tag/v1.13.0", + "https://linux.oracle.com/cve/CVE-2025-52881.html", + "https://linux.oracle.com/errata/ELSA-2025-23543.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-52881", + "https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs", + "https://ubuntu.com/security/notices/USN-7851-1", + "https://www.cve.org/CVERecord?id=CVE-2025-52881", + "https://youtu.be/tGseJW_uBB8", + "https://youtu.be/y1PaBzxwRWQ" + ], + "PublishedDate": "2025-11-06T21:15:42.817Z", + "LastModifiedDate": "2025-12-03T18:37:17.917Z" + }, + { + "VulnerabilityID": "CVE-2021-43784", + "VendorIDs": [ + "GHSA-v95c-p5hm-xq8f" + ], + "PkgID": "github.com/opencontainers/runc@v1.0.1", + "PkgName": "github.com/opencontainers/runc", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", + "UID": "393c951d0b8eb33d" + }, + "InstalledVersion": "v1.0.1", + "FixedVersion": "1.0.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-43784", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:ce6650dbfa114abae5db2c90134ba032100d7765e550d12747025a7def687277", + "Title": "runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration", + "Description": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "alma": 2, + "cbl-mariner": 2, + "ghsa": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", + "V3Score": 6 + }, + "nvd": { + "V2Vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V2Score": 6, + "V3Score": 5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6380", + "https://access.redhat.com/security/cve/CVE-2021-43784", + "https://bugs.chromium.org/p/project-zero/issues/detail?id=2241", + "https://bugzilla.redhat.com/2029439", + "https://bugzilla.redhat.com/2175721", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2182883", + "https://bugzilla.redhat.com/2182884", + "https://errata.almalinux.org/9/ALSA-2023-6380.html", + "https://github.com/opencontainers/runc", + "https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554", + "https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae", + "https://github.com/opencontainers/runc/commit/dde509df4e28cec33b3c99c6cda3d4fd5beafc77", + "https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed", + "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f", + "https://linux.oracle.com/cve/CVE-2021-43784.html", + "https://linux.oracle.com/errata/ELSA-2023-6380.html", + "https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html", + "https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-43784", + "https://pkg.go.dev/vuln/GO-2022-0274", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2021-43784", + "https://www.openwall.com/lists/oss-security/2021/12/06/1" + ], + "PublishedDate": "2021-12-06T18:15:08.24Z", + "LastModifiedDate": "2024-11-21T06:29:46.873Z" + }, + { + "VulnerabilityID": "CVE-2022-29162", + "VendorIDs": [ + "GHSA-f3fp-gc8g-vw66" + ], + "PkgID": "github.com/opencontainers/runc@v1.0.1", + "PkgName": "github.com/opencontainers/runc", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", + "UID": "393c951d0b8eb33d" + }, + "InstalledVersion": "v1.0.1", + "FixedVersion": "1.1.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-29162", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:cfba7434a916e00b5f196ad3952fed146bd82230b5ad485f6966013113393fe7", + "Title": "runc: incorrect handling of inheritable capabilities", + "Description": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-276" + ], + "VendorSeverity": { + "alma": 1, + "amazon": 1, + "cbl-mariner": 3, + "ghsa": 2, + "nvd": 3, + "oracle-oval": 1, + "photon": 3, + "redhat": 1, + "rocky": 1, + "ubuntu": 1 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.9 + }, + "nvd": { + "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V2Score": 4.6, + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "github.com/opencontainers/runc", + "https://access.redhat.com/errata/RHSA-2022:8090", + "https://access.redhat.com/security/cve/CVE-2022-29162", + "https://bugzilla.redhat.com/2086398", + "https://bugzilla.redhat.com/show_bug.cgi?id=2086398", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29162", + "https://errata.almalinux.org/9/ALSA-2022-8090.html", + "https://errata.rockylinux.org/RLSA-2022:8090", + "https://github.com/opencontainers/runc/commit/98fe566c527479195ce3c8167136d2a555fe6b65", + "https://github.com/opencontainers/runc/commit/d04de3a9b72d7a2455c1885fc75eb36d02cd17b5", + "https://github.com/opencontainers/runc/releases/tag/v1.1.2", + "https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66", + "https://linux.oracle.com/cve/CVE-2022-29162.html", + "https://linux.oracle.com/errata/ELSA-2022-8090.html", + "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y", + "https://nvd.nist.gov/vuln/detail/CVE-2022-29162", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2022-29162", + "https://www.openwall.com/lists/oss-security/2022/05/12/1" + ], + "PublishedDate": "2022-05-17T21:15:08.32Z", + "LastModifiedDate": "2024-11-21T06:58:36.893Z" + }, + { + "VulnerabilityID": "CVE-2023-28642", + "VendorIDs": [ + "GHSA-g2j6-57v7-gm8c" + ], + "PkgID": "github.com/opencontainers/runc@v1.0.1", + "PkgName": "github.com/opencontainers/runc", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", + "UID": "393c951d0b8eb33d" + }, + "InstalledVersion": "v1.0.1", + "FixedVersion": "1.1.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28642", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:baeba50ed00bccb64eeb21147c04cd162d5df57787d2e22415bbefd1dd60fe57", + "Title": "runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration", + "Description": "runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.\n\n", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-281", + "CWE-59" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "cbl-mariner": 3, + "ghsa": 2, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6380", + "https://access.redhat.com/security/cve/CVE-2023-28642", + "https://bugzilla.redhat.com/2029439", + "https://bugzilla.redhat.com/2175721", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2182883", + "https://bugzilla.redhat.com/2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6380.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/advisories/GHSA-g2j6-57v7-gm8c", + "https://github.com/opencontainers/runc", + "https://github.com/opencontainers/runc/pull/3785", + "https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c", + "https://linux.oracle.com/cve/CVE-2023-28642.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-28642", + "https://security.netapp.com/advisory/ntap-20241206-0005", + "https://security.netapp.com/advisory/ntap-20241206-0005/", + "https://ubuntu.com/security/notices/USN-6088-1", + "https://ubuntu.com/security/notices/USN-6088-2", + "https://www.cve.org/CVERecord?id=CVE-2023-28642" + ], + "PublishedDate": "2023-03-29T19:15:22.397Z", + "LastModifiedDate": "2024-12-06T14:15:19.25Z" + }, + { + "VulnerabilityID": "CVE-2024-45310", + "VendorIDs": [ + "GHSA-jfvp-7x6p-h2pv" + ], + "PkgID": "github.com/opencontainers/runc@v1.0.1", + "PkgName": "github.com/opencontainers/runc", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", + "UID": "393c951d0b8eb33d" + }, + "InstalledVersion": "v1.0.1", + "FixedVersion": "1.1.14, 1.2.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45310", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:05aef3760112253d5b156ed1f3879105aad792c9f20daa3384b68b553898fc69", + "Title": "runc: runc can be tricked into creating empty files/directories on host", + "Description": "runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with `os.MkdirAll`. While this could be used to create empty files, existing files would not be truncated. An attacker must have the ability to start containers using some kind of custom volume configuration. Containers using user namespaces are still affected, but the scope of places an attacker can create inodes can be significantly reduced. Sufficiently strict LSM policies (SELinux/Apparmor) can also in principle block this attack -- we suspect the industry standard SELinux policy may restrict this attack's scope but the exact scope of protection hasn't been analysed. This is exploitable using runc directly as well as through Docker and Kubernetes. The issue is fixed in runc v1.1.14 and v1.2.0-rc3.\n\nSome workarounds are available. Using user namespaces restricts this attack fairly significantly such that the attacker can only create inodes in directories that the remapped root user/group has write access to. Unless the root user is remapped to an actual\nuser on the host (such as with rootless containers that don't use `/etc/sub[ug]id`), this in practice means that an attacker would only be able to create inodes in world-writable directories. A strict enough SELinux or AppArmor policy could in principle also restrict the scope if a specific label is applied to the runc runtime, though neither the extent to which the standard existing policies block this attack nor what exact policies are needed to sufficiently restrict this attack have been thoroughly tested.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-61", + "CWE-363" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 1, + "cbl-mariner": 1, + "ghsa": 2, + "nvd": 1, + "photon": 1, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/U:Green", + "V3Score": 3.6, + "V40Score": 4.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "V3Score": 3.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "V3Score": 3.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/09/03/1", + "https://access.redhat.com/security/cve/CVE-2024-45310", + "https://github.com/opencontainers/runc", + "https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7", + "https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e", + "https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf", + "https://github.com/opencontainers/runc/pull/4359", + "https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv", + "https://nvd.nist.gov/vuln/detail/CVE-2024-45310", + "https://security.netapp.com/advisory/ntap-20250221-0008", + "https://security.netapp.com/advisory/ntap-20250221-0008/", + "https://www.cve.org/CVERecord?id=CVE-2024-45310", + "https://www.openwall.com/lists/oss-security/2024/09/03/1" + ], + "PublishedDate": "2024-09-03T19:15:15.243Z", + "LastModifiedDate": "2025-11-25T14:07:27.74Z" + }, + { + "VulnerabilityID": "CVE-2022-29526", + "VendorIDs": [ + "GHSA-p782-xgp4-8hr8" + ], + "PkgID": "golang.org/x/sys@v0.0.0-20210817142637-7d9622a276b7", + "PkgName": "golang.org/x/sys", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/sys@v0.0.0-20210817142637-7d9622a276b7", + "UID": "9f8e6d3b2db2ec49" + }, + "InstalledVersion": "v0.0.0-20210817142637-7d9622a276b7", + "FixedVersion": "0.0.0-20220412211240-33da011f77ad", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-29526", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:7077e32ac241117b3be3937a652d44c8dbce7d5c7d6e69a4862ac48590d170fe", + "Title": "golang: syscall: faccessat checks wrong group", + "Description": "Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-269" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "ghsa": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.2 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-29526", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24675", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28327", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30629", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://errata.rockylinux.org/RLSA-2022:5799", + "https://github.com/golang/go", + "https://github.com/golang/go/commit/f66925e854e71e0c54b581885380a490d7afa30c", + "https://github.com/golang/go/issues/52313", + "https://go.dev/cl/399539", + "https://go.dev/cl/400074", + "https://go.dev/issue/52313", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU", + "https://linux.oracle.com/cve/CVE-2022-29526.html", + "https://linux.oracle.com/errata/ELSA-2022-5337.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR", + "https://nvd.nist.gov/vuln/detail/CVE-2022-29526", + "https://pkg.go.dev/vuln/GO-2022-0493", + "https://security.gentoo.org/glsa/202208-02", + "https://security.netapp.com/advisory/ntap-20220729-0001", + "https://security.netapp.com/advisory/ntap-20220729-0001/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://www.cve.org/CVERecord?id=CVE-2022-29526" + ], + "PublishedDate": "2022-06-23T17:15:12.747Z", + "LastModifiedDate": "2024-11-21T06:59:15.563Z" + }, + { + "VulnerabilityID": "CVE-2022-23806", + "VendorIDs": [ + "GO-2021-0319" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.16.14, 1.17.7", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-23806", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9cbae64c748e8eed132183466377c2865dc249f54dcbac4af51ac00967729870", + "Title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements", + "Description": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-252" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 4, + "bitnami": 4, + "cbl-mariner": 4, + "nvd": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "V3Score": 9.1 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "V2Score": 6.4, + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38297.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39293.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41771.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41772.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23772.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23773.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23806.json", + "https://access.redhat.com/security/cve/CVE-2022-23806", + "https://errata.almalinux.org/8/ALSA-2022-1819.html", + "https://go.dev/cl/382455", + "https://go.dev/issue/50974", + "https://go.googlesource.com/go/+/7f9494c277a471f6f47f4af3036285c0b1419816", + "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", + "https://linux.oracle.com/cve/CVE-2022-23806.html", + "https://linux.oracle.com/errata/ELSA-2022-1819.html", + "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html", + "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html", + "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-23806", + "https://pkg.go.dev/vuln/GO-2021-0319", + "https://security.gentoo.org/glsa/202208-02", + "https://security.netapp.com/advisory/ntap-20220225-0006/", + "https://www.cve.org/CVERecord?id=CVE-2022-23806", + "https://www.oracle.com/security-alerts/cpujul2022.html" + ], + "PublishedDate": "2022-02-11T01:15:07.747Z", + "LastModifiedDate": "2024-11-21T06:49:17.407Z" + }, + { + "VulnerabilityID": "CVE-2023-24538", + "VendorIDs": [ + "GO-2023-1703" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.8, 1.20.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24538", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ba13741997a8cf16d0f4e20a7dbf2704e4688620e6c0ed7ed38a3acc9aee0cb3", + "Title": "golang: html/template: backticks not treated as string delimiters", + "Description": "Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. \"var a = {{.}}\"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-94" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 4, + "bitnami": 4, + "cbl-mariner": 4, + "nvd": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24538", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/20374d1d759bc4e17486bde1cb9dca5be37d9e52 (go1.20.3)", + "https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b (go1.19.8)", + "https://github.com/golang/go/issues/59234", + "https://go.dev/cl/482079", + "https://go.dev/issue/59234", + "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", + "https://linux.oracle.com/cve/CVE-2023-24538.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24538", + "https://pkg.go.dev/vuln/GO-2023-1703", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20241115-0007/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24538" + ], + "PublishedDate": "2023-04-06T16:15:07.8Z", + "LastModifiedDate": "2025-02-12T17:15:14.19Z" + }, + { + "VulnerabilityID": "CVE-2023-24540", + "VendorIDs": [ + "GO-2023-1752" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.9, 1.20.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24540", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d4aaf45671e59cbf1bdc0301ecea3ed227cf55fb7677fc0c815b8baa80d27d4e", + "Title": "golang: html/template: improper handling of JavaScript whitespace", + "Description": "Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-77" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 4, + "nvd": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 3, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24540", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/4a28cad66655ee01c6e944271e23c33cab021765 (go1.20.4)", + "https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 (go1.19.9)", + "https://github.com/golang/go/issues/59721", + "https://go.dev/cl/491616", + "https://go.dev/issue/59721", + "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", + "https://linux.oracle.com/cve/CVE-2023-24540.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24540", + "https://pkg.go.dev/vuln/GO-2023-1752", + "https://security.netapp.com/advisory/ntap-20241115-0008/", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24540" + ], + "PublishedDate": "2023-05-11T16:15:09.687Z", + "LastModifiedDate": "2025-01-24T17:15:10.893Z" + }, + { + "VulnerabilityID": "CVE-2024-24790", + "VendorIDs": [ + "GO-2024-2887" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.21.11, 1.22.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24790", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:60b31dc984c9612b6f157002820f95fb662b3614c6914369ecd1c2810aad0eb1", + "Title": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses", + "Description": "The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.", + "Severity": "CRITICAL", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 4, + "nvd": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 6.7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/06/04/1", + "https://access.redhat.com/errata/RHSA-2025:7256", + "https://access.redhat.com/security/cve/CVE-2024-24790", + "https://bugzilla.redhat.com/2237777", + "https://bugzilla.redhat.com/2237778", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2292787", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/2315719", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", + "https://errata.almalinux.org/9/ALSA-2025-7256.html", + "https://errata.rockylinux.org/RLSA-2025:7256", + "https://github.com/golang/go/commit/051bdf3fd12a40307606ff9381138039c5f452f0 (1.21)", + "https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca (1.22)", + "https://github.com/golang/go/issues/67680", + "https://go.dev/cl/590316", + "https://go.dev/issue/67680", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", + "https://linux.oracle.com/cve/CVE-2024-24790.html", + "https://linux.oracle.com/errata/ELSA-2025-7256.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24790", + "https://pkg.go.dev/vuln/GO-2024-2887", + "https://security.netapp.com/advisory/ntap-20240905-0002/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24790" + ], + "PublishedDate": "2024-06-05T16:15:10.56Z", + "LastModifiedDate": "2024-11-21T08:59:42.813Z" + }, + { + "VulnerabilityID": "CVE-2025-68121", + "VendorIDs": [ + "GO-2026-4337" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c459470ee439dc9e6152908a75cb25dfdef47c1168eee506295be62533fb1bd4", + "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", + "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 4, + "cbl-mariner": 2, + "nvd": 4, + "oracle-oval": 3, + "photon": 4, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-68121", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://github.com/golang/go/issues/77113", + "https://go.dev/cl/737700", + "https://go.dev/issue/77217", + "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-68121.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", + "https://pkg.go.dev/vuln/GO-2026-4337", + "https://www.cve.org/CVERecord?id=CVE-2025-68121" + ], + "PublishedDate": "2026-02-05T18:16:10.857Z", + "LastModifiedDate": "2026-04-29T14:16:16.17Z" + }, + { + "VulnerabilityID": "CVE-2021-39293", + "VendorIDs": [ + "GO-2022-0273" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.16.8, 1.17.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-39293", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:99569ae912f003f3c8086b9059682006ff5586edfbec582a405e4c98b3a27db3", + "Title": "golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)", + "Description": "In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38297.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39293.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41771.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41772.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23772.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23773.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23806.json", + "https://access.redhat.com/security/cve/CVE-2021-39293", + "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf", + "https://errata.almalinux.org/8/ALSA-2022-1819.html", + "https://go.dev/cl/343434", + "https://go.dev/issue/47801", + "https://go.googlesource.com/go/+/bacbc33439b124ffd7392c91a5f5d96eca8c0c0b", + "https://groups.google.com/g/golang-announce/c/dx9d7IOseHw", + "https://linux.oracle.com/cve/CVE-2021-39293.html", + "https://linux.oracle.com/errata/ELSA-2022-1819.html", + "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-39293", + "https://pkg.go.dev/vuln/GO-2022-0273", + "https://security.netapp.com/advisory/ntap-20220217-0009/", + "https://www.cve.org/CVERecord?id=CVE-2021-39293" + ], + "PublishedDate": "2022-01-24T01:15:07.92Z", + "LastModifiedDate": "2024-11-21T06:19:08.18Z" + }, + { + "VulnerabilityID": "CVE-2021-41771", + "VendorIDs": [ + "GO-2021-0263" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.16.10, 1.17.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-41771", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:62b6e7e510f71e5bf6592f72bcb0d5669c5c4b112e1e009d732383e996fbc9ca", + "Title": "golang: debug/macho: invalid dynamic symbol table command can cause panic", + "Description": "ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-119" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38297.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39293.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41771.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41772.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23772.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23773.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23806.json", + "https://access.redhat.com/security/cve/CVE-2021-41771", + "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", + "https://errata.almalinux.org/8/ALSA-2022-1819.html", + "https://go.dev/cl/367075", + "https://go.dev/issue/48990", + "https://go.googlesource.com/go/+/61536ec03063b4951163bd09609c86d82631fa27", + "https://groups.google.com/g/golang-announce/c/0fM21h43arc", + "https://linux.oracle.com/cve/CVE-2021-41771.html", + "https://linux.oracle.com/errata/ELSA-2022-1819.html", + "https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html", + "https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html", + "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OFS3M3OFB24SWPTIAPARKGPUMQVUY6Z/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ON7BQRRJZBOR5TJHURBAB3WLF4YXFC6Z/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-41771", + "https://pkg.go.dev/vuln/GO-2021-0263", + "https://security.gentoo.org/glsa/202208-02", + "https://security.netapp.com/advisory/ntap-20211210-0003/", + "https://www.cve.org/CVERecord?id=CVE-2021-41771", + "https://www.oracle.com/security-alerts/cpujul2022.html" + ], + "PublishedDate": "2021-11-08T06:15:08.057Z", + "LastModifiedDate": "2024-11-21T06:26:44.027Z" + }, + { + "VulnerabilityID": "CVE-2021-41772", + "VendorIDs": [ + "GO-2021-0264" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.16.10, 1.17.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-41772", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3825f9aae9819a3f9386596ac617c1878dc1ede5412bdbf94b63705ac13e35be", + "Title": "golang: archive/zip: Reader.Open panics on empty string", + "Description": "Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-20" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38297.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39293.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41771.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41772.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23772.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23773.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23806.json", + "https://access.redhat.com/security/cve/CVE-2021-41772", + "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", + "https://errata.almalinux.org/8/ALSA-2022-1819.html", + "https://go.dev/cl/349770", + "https://go.dev/issue/48085", + "https://go.googlesource.com/go/+/b24687394b55a93449e2be4e6892ead58ea9a10f", + "https://groups.google.com/g/golang-announce/c/0fM21h43arc", + "https://linux.oracle.com/cve/CVE-2021-41772.html", + "https://linux.oracle.com/errata/ELSA-2022-1819.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OFS3M3OFB24SWPTIAPARKGPUMQVUY6Z/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ON7BQRRJZBOR5TJHURBAB3WLF4YXFC6Z/", + "https://nvd.nist.gov/vuln/detail/CVE-2021-41772", + "https://pkg.go.dev/vuln/GO-2021-0264", + "https://security.gentoo.org/glsa/202208-02", + "https://security.netapp.com/advisory/ntap-20211210-0003/", + "https://www.cve.org/CVERecord?id=CVE-2021-41772", + "https://www.oracle.com/security-alerts/cpujul2022.html" + ], + "PublishedDate": "2021-11-08T06:15:08.107Z", + "LastModifiedDate": "2024-11-21T06:26:44.223Z" + }, + { + "VulnerabilityID": "CVE-2021-44716", + "VendorIDs": [ + "GHSA-vc3p-29h2-gpcp", + "GO-2022-0288" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.16.12, 1.17.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-44716", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5c90dfbb0e5e652218c2a09559411dd43eb276a3f461b75f4d37c2613075182d", + "Title": "golang: net/http: limit growth of header canonicalization cache", + "Description": "net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-44716", + "https://bugzilla.redhat.com/show_bug.cgi?id=2030801", + "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44716", + "https://errata.rockylinux.org/RLSA-2022:0001", + "https://github.com/golang/go/commit/48d948963c5ce7add72af5665a871caff6c1d35a (go1.17.5)", + "https://github.com/golang/net/commit/491a49abca63de5e07ef554052d180a1b5fe2d70", + "https://go.dev/cl/369794", + "https://go.dev/issue/50058", + "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", + "https://groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ", + "https://linux.oracle.com/cve/CVE-2021-44716.html", + "https://linux.oracle.com/errata/ELSA-2022-0001.html", + "https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html", + "https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html", + "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-44716", + "https://pkg.go.dev/vuln/GO-2022-0288", + "https://security.gentoo.org/glsa/202208-02", + "https://security.netapp.com/advisory/ntap-20220121-0002", + "https://security.netapp.com/advisory/ntap-20220121-0002/", + "https://www.cve.org/CVERecord?id=CVE-2021-44716" + ], + "PublishedDate": "2022-01-01T05:15:08.307Z", + "LastModifiedDate": "2024-11-21T06:31:26.96Z" + }, + { + "VulnerabilityID": "CVE-2022-23772", + "VendorIDs": [ + "GO-2021-0317" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.16.14, 1.17.7", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-23772", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1cf6103b28c2858c5460e4a73846c144b45e7b3e667d5e979dcb28ef7de5211c", + "Title": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString", + "Description": "Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 7.8, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38297.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39293.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41771.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41772.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23772.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23773.json", + "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23806.json", + "https://access.redhat.com/security/cve/CVE-2022-23772", + "https://errata.almalinux.org/8/ALSA-2022-1819.html", + "https://go.dev/cl/379537", + "https://go.dev/issue/50699", + "https://go.googlesource.com/go/+/ad345c265916bbf6c646865e4642eafce6d39e78", + "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", + "https://linux.oracle.com/cve/CVE-2022-23772.html", + "https://linux.oracle.com/errata/ELSA-2022-1819.html", + "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html", + "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-23772", + "https://pkg.go.dev/vuln/GO-2021-0317", + "https://security.gentoo.org/glsa/202208-02", + "https://security.netapp.com/advisory/ntap-20220225-0006/", + "https://www.cve.org/CVERecord?id=CVE-2022-23772", + "https://www.oracle.com/security-alerts/cpujul2022.html" + ], + "PublishedDate": "2022-02-11T01:15:07.657Z", + "LastModifiedDate": "2024-11-21T06:49:15.127Z" + }, + { + "VulnerabilityID": "CVE-2022-24675", + "VendorIDs": [ + "GO-2022-0433" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.9, 1.18.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-24675", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9965f691f18dbfea9d6fc41f3749753b748639835c59b8f630cc483973b1a302", + "Title": "golang: encoding/pem: fix stack overflow in Decode", + "Description": "encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-24675", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", + "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24675", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28327", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30629", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://errata.rockylinux.org/RLSA-2022:5799", + "https://go.dev/cl/399820", + "https://go.dev/issue/51853", + "https://go.googlesource.com/go/+/45c3387d777caf28f4b992ad9a6216e3085bb8fe", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/oecdBNLOml8", + "https://linux.oracle.com/cve/CVE-2022-24675.html", + "https://linux.oracle.com/errata/ELSA-2022-5337.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-24675", + "https://pkg.go.dev/vuln/GO-2022-0433", + "https://security.gentoo.org/glsa/202208-02", + "https://security.netapp.com/advisory/ntap-20220915-0010/", + "https://www.cve.org/CVERecord?id=CVE-2022-24675" + ], + "PublishedDate": "2022-04-20T10:15:07.93Z", + "LastModifiedDate": "2024-11-21T06:50:50.78Z" + }, + { + "VulnerabilityID": "CVE-2022-24921", + "VendorIDs": [ + "GO-2021-0347" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.16.15, 1.17.8", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-24921", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:58676bdef07a0196016da531117327096b1c27806e8e2c817df010bd79704904", + "Title": "golang: regexp: stack exhaustion via a deeply nested expression", + "Description": "regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-24921", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", + "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24675", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28327", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30629", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://errata.rockylinux.org/RLSA-2022:5799", + "https://go.dev/cl/384616", + "https://go.dev/issue/51112", + "https://go.googlesource.com/go/+/452f24ae94f38afa3704d4361d91d51218405c0a", + "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk", + "https://linux.oracle.com/cve/CVE-2022-24921.html", + "https://linux.oracle.com/errata/ELSA-2022-9363.html", + "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html", + "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html", + "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-24921", + "https://pkg.go.dev/vuln/GO-2021-0347", + "https://security.gentoo.org/glsa/202208-02", + "https://security.netapp.com/advisory/ntap-20220325-0010/", + "https://www.cve.org/CVERecord?id=CVE-2022-24921" + ], + "PublishedDate": "2022-03-05T20:15:08.323Z", + "LastModifiedDate": "2024-11-21T06:51:23.59Z" + }, + { + "VulnerabilityID": "CVE-2022-27664", + "VendorIDs": [ + "GHSA-69cg-p879-7622", + "GO-2022-0969" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.18.6, 1.19.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:87afd35453b7aa9bb00f993eeee667bf03cdd6a21e02000b3b7d20175d4e128d", + "Title": "golang: net/http: handle server errors after sending GOAWAY", + "Description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-27664", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", + "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", + "https://cs.opensource.google/go/x/net", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:7129", + "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)", + "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)", + "https://github.com/golang/go/issues/54658", + "https://go.dev/cl/428735", + "https://go.dev/issue/54658", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", + "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-27664.html", + "https://linux.oracle.com/errata/ELSA-2024-0121.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX", + "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", + "https://pkg.go.dev/vuln/GO-2022-0969", + "https://security.gentoo.org/glsa/202209-26", + "https://security.netapp.com/advisory/ntap-20220923-0004", + "https://security.netapp.com/advisory/ntap-20220923-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://ubuntu.com/security/notices/USN-8089-1", + "https://ubuntu.com/security/notices/USN-8089-2", + "https://ubuntu.com/security/notices/USN-8089-3", + "https://www.cve.org/CVERecord?id=CVE-2022-27664" + ], + "PublishedDate": "2022-09-06T18:15:12.747Z", + "LastModifiedDate": "2024-11-21T06:56:07.703Z" + }, + { + "VulnerabilityID": "CVE-2022-28131", + "VendorIDs": [ + "GO-2022-0521" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.12, 1.18.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-28131", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ead4cef14ebdd659423a18f57136db99211cefeefbbaec63afaf32291516bcf4", + "Title": "golang: encoding/xml: stack exhaustion in Decoder.Skip", + "Description": "Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:8057", + "https://access.redhat.com/security/cve/CVE-2022-28131", + "https://bugzilla.redhat.com/2044628", + "https://bugzilla.redhat.com/2045880", + "https://bugzilla.redhat.com/2050648", + "https://bugzilla.redhat.com/2050742", + "https://bugzilla.redhat.com/2050743", + "https://bugzilla.redhat.com/2065290", + "https://bugzilla.redhat.com/2107342", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107376", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2107390", + "https://bugzilla.redhat.com/2107392", + "https://bugzilla.redhat.com/show_bug.cgi?id=2044628", + "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", + "https://bugzilla.redhat.com/show_bug.cgi?id=2050648", + "https://bugzilla.redhat.com/show_bug.cgi?id=2050742", + "https://bugzilla.redhat.com/show_bug.cgi?id=2050743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2055349", + "https://bugzilla.redhat.com/show_bug.cgi?id=2065290", + "https://bugzilla.redhat.com/show_bug.cgi?id=2104367", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23648", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21673", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21698", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21702", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21703", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21713", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://errata.almalinux.org/9/ALSA-2022-8057.html", + "https://errata.rockylinux.org/RLSA-2022:8057", + "https://github.com/golang/go/commit/90f040ec510dd678b7860d70ca77e5682f4c7e96", + "https://go.dev/cl/417062", + "https://go.dev/issue/53614", + "https://go.googlesource.com/go/+/08c46ed43d80bbb67cb904944ea3417989be4af3", + "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", + "https://linux.oracle.com/cve/CVE-2022-28131.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-28131", + "https://pkg.go.dev/vuln/GO-2022-0521", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://www.cve.org/CVERecord?id=CVE-2022-28131" + ], + "PublishedDate": "2022-08-10T20:15:32.767Z", + "LastModifiedDate": "2024-11-21T06:56:48.57Z" + }, + { + "VulnerabilityID": "CVE-2022-28327", + "VendorIDs": [ + "GO-2022-0435" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.9, 1.18.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-28327", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ca44594540f3dc4840863e4b27396c86bd908785967fd032f9733724e8d50689", + "Title": "golang: crypto/elliptic: panic caused by oversized scalar", + "Description": "The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.", + "Severity": "HIGH", + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V2Score": 5, + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-28327", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", + "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24675", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28327", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30629", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://errata.rockylinux.org/RLSA-2022:5799", + "https://go.dev/cl/397135", + "https://go.dev/issue/52075", + "https://go.googlesource.com/go/+/37065847d87df92b5eb246c88ba2085efcf0b331", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/oecdBNLOml8", + "https://linux.oracle.com/cve/CVE-2022-28327.html", + "https://linux.oracle.com/errata/ELSA-2022-5337.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NY6GEAJMNKKMU5H46QO4D7D6A24KSPXE/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-28327", + "https://pkg.go.dev/vuln/GO-2022-0435", + "https://security.gentoo.org/glsa/202208-02", + "https://security.netapp.com/advisory/ntap-20220915-0010/", + "https://www.cve.org/CVERecord?id=CVE-2022-28327" + ], + "PublishedDate": "2022-04-20T10:15:08.03Z", + "LastModifiedDate": "2024-11-21T06:57:10.2Z" + }, + { + "VulnerabilityID": "CVE-2022-2879", + "VendorIDs": [ + "GO-2022-1037" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.18.7, 1.19.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2879", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:42766c2a9617363abd27436b723c3109e43d2704e429be31044fc32f144582e0", + "Title": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers", + "Description": "Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2204", + "https://access.redhat.com/security/cve/CVE-2022-2879", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132867", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2149311", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://errata.almalinux.org/9/ALSA-2023-2204.html", + "https://errata.rockylinux.org/RLSA-2023:0328", + "https://github.com/golang/go/commit/0a723816cd205576945fa57fbdde7e6532d59d08 (go1.18.7)", + "https://github.com/golang/go/commit/4fa773cdefd20be093c84f731be7d4febf5536fa (go1.19.2)", + "https://github.com/golang/go/issues/54853", + "https://github.com/vbatts/tar-split/releases/tag/v0.12.1", + "https://go.dev/cl/439355", + "https://go.dev/issue/54853", + "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", + "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", + "https://linux.oracle.com/cve/CVE-2022-2879.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-2879", + "https://pkg.go.dev/vuln/GO-2022-1037", + "https://security.gentoo.org/glsa/202311-09", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://www.cve.org/CVERecord?id=CVE-2022-2879" + ], + "PublishedDate": "2022-10-14T15:15:17.647Z", + "LastModifiedDate": "2024-11-21T07:01:51.487Z" + }, + { + "VulnerabilityID": "CVE-2022-2880", + "VendorIDs": [ + "GO-2022-1038" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.18.7, 1.19.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2880", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b2c717c2361d4d5cb8762f5a4f94004ee958ddaaa08f0f1ad3c97b3e02f07ead", + "Title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters", + "Description": "Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-444" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-2880", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2149311", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2023:0328", + "https://github.com/golang/go/commit/9d2c73a9fd69e45876509bb3bdb2af99bf77da1e (go1.18.7)", + "https://github.com/golang/go/commit/f6d844510d5f1e3b3098eba255d9b633d45eac3b (go1.19.2)", + "https://github.com/golang/go/issues/54663", + "https://go.dev/cl/432976", + "https://go.dev/issue/54663", + "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", + "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", + "https://linux.oracle.com/cve/CVE-2022-2880.html", + "https://linux.oracle.com/errata/ELSA-2024-3254.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-2880", + "https://pkg.go.dev/vuln/GO-2022-1038", + "https://security.gentoo.org/glsa/202311-09", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://www.cve.org/CVERecord?id=CVE-2022-2880" + ], + "PublishedDate": "2022-10-14T15:15:18.09Z", + "LastModifiedDate": "2024-11-21T07:01:51.61Z" + }, + { + "VulnerabilityID": "CVE-2022-29804", + "VendorIDs": [ + "GO-2022-0533" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.11, 1.18.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-29804", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:70ca816504b69e64be8ff94c09e0b504417317fc89d55a0f3ec0f68304727cd8", + "Title": "ELSA-2022-17957: ol8addon security update (IMPORTANT)", + "Description": "Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/401595", + "https://go.dev/issue/52476", + "https://go.googlesource.com/go/+/9cd1818a7d019c02fa4898b3e45a323e35033290", + "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", + "https://linux.oracle.com/cve/CVE-2022-29804.html", + "https://linux.oracle.com/errata/ELSA-2022-17957.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-29804", + "https://pkg.go.dev/vuln/GO-2022-0533" + ], + "PublishedDate": "2022-08-10T20:15:34.89Z", + "LastModifiedDate": "2024-11-21T06:59:42.8Z" + }, + { + "VulnerabilityID": "CVE-2022-30580", + "VendorIDs": [ + "GO-2022-0532" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.11, 1.18.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30580", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:342b9814a7093362462314331ae3dfc7388f6bc5f092e07f82a7d4ca59dbd74a", + "Title": "golang: os/exec: Code injection in Cmd.Start", + "Description": "Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either \"..com\" or \"..exe\" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-94" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-30580", + "https://go.dev/cl/403759", + "https://go.dev/issue/52574", + "https://go.googlesource.com/go/+/960ffa98ce73ef2c2060c84c7ac28d37a83f345e", + "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", + "https://linux.oracle.com/cve/CVE-2022-30580.html", + "https://linux.oracle.com/errata/ELSA-2022-17957.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-30580", + "https://pkg.go.dev/vuln/GO-2022-0532", + "https://www.cve.org/CVERecord?id=CVE-2022-30580" + ], + "PublishedDate": "2022-08-10T20:15:40.227Z", + "LastModifiedDate": "2026-03-06T18:16:11.913Z" + }, + { + "VulnerabilityID": "CVE-2022-30630", + "VendorIDs": [ + "GO-2022-0527" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.12, 1.18.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30630", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7a023b35951286e85c4038b39893da626d510cb9cfb0b26620be0ff44b6df68c", + "Title": "golang: io/fs: stack exhaustion in Glob", + "Description": "Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2180", + "https://access.redhat.com/security/cve/CVE-2022-30630", + "https://bugzilla.redhat.com/2107342", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://errata.almalinux.org/9/ALSA-2024-2180.html", + "https://errata.rockylinux.org/RLSA-2022:8250", + "https://github.com/golang/go/commit/315e80d293b684ac2902819e58f618f1b5a14d49 (1.18)", + "https://go.dev/cl/417065", + "https://go.dev/issue/53415", + "https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59", + "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", + "https://linux.oracle.com/cve/CVE-2022-30630.html", + "https://linux.oracle.com/errata/ELSA-2024-2180.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-30630", + "https://pkg.go.dev/vuln/GO-2022-0527", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://www.cve.org/CVERecord?id=CVE-2022-30630" + ], + "PublishedDate": "2022-08-10T20:15:40.977Z", + "LastModifiedDate": "2026-03-06T18:16:13.45Z" + }, + { + "VulnerabilityID": "CVE-2022-30631", + "VendorIDs": [ + "GO-2022-0524" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.12, 1.18.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30631", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7cb7508b8641ecd44b0922ebe4aa2c7a93061572a27376a8ce60df24b74adfbe", + "Title": "golang: compress/gzip: stack exhaustion in Reader.Read", + "Description": "Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2180", + "https://access.redhat.com/security/cve/CVE-2022-30631", + "https://bugzilla.redhat.com/2107342", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://errata.almalinux.org/9/ALSA-2024-2180.html", + "https://errata.rockylinux.org/RLSA-2022:8250", + "https://github.com/golang/go/commit/8e27a8ac4c001c27713810b75925aa3794049c48 (1.18)", + "https://go.dev/cl/417067", + "https://go.dev/issue/53168", + "https://go.googlesource.com/go/+/b2b8872c876201eac2d0707276c6999ff3eb185e", + "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", + "https://linux.oracle.com/cve/CVE-2022-30631.html", + "https://linux.oracle.com/errata/ELSA-2024-2180.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-30631", + "https://pkg.go.dev/vuln/GO-2022-0524", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://www.cve.org/CVERecord?id=CVE-2022-30631" + ], + "PublishedDate": "2022-08-10T20:15:41.373Z", + "LastModifiedDate": "2025-10-20T18:15:36.863Z" + }, + { + "VulnerabilityID": "CVE-2022-30632", + "VendorIDs": [ + "GO-2022-0522" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.12, 1.18.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30632", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f27af4e81eeb8da72d20085930b838365f5f8642343bec4db07151b7f43f3d64", + "Title": "golang: path/filepath: stack exhaustion in Glob", + "Description": "Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2180", + "https://access.redhat.com/security/cve/CVE-2022-30632", + "https://bugzilla.redhat.com/2107342", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://errata.almalinux.org/9/ALSA-2024-2180.html", + "https://errata.rockylinux.org/RLSA-2022:8250", + "https://github.com/golang/go/commit/5ebd862b1714dad1544bd10a24c47cdb53ad7f46 (1.18)", + "https://go.dev/cl/417066", + "https://go.dev/issue/53416", + "https://go.googlesource.com/go/+/ac68c6c683409f98250d34ad282b9e1b0c9095ef", + "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", + "https://linux.oracle.com/cve/CVE-2022-30632.html", + "https://linux.oracle.com/errata/ELSA-2024-2180.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-30632", + "https://pkg.go.dev/vuln/GO-2022-0522", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://www.cve.org/CVERecord?id=CVE-2022-30632" + ], + "PublishedDate": "2022-08-10T20:15:41.877Z", + "LastModifiedDate": "2024-11-21T07:03:04.097Z" + }, + { + "VulnerabilityID": "CVE-2022-30633", + "VendorIDs": [ + "GO-2022-0523" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.12, 1.18.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30633", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c8cabc3f0806d68609c66a4a661740b76b4d5e91bedbfe163918efd0a1dde75e", + "Title": "golang: encoding/xml: stack exhaustion in Unmarshal", + "Description": "Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:8057", + "https://access.redhat.com/security/cve/CVE-2022-30633", + "https://bugzilla.redhat.com/2044628", + "https://bugzilla.redhat.com/2045880", + "https://bugzilla.redhat.com/2050648", + "https://bugzilla.redhat.com/2050742", + "https://bugzilla.redhat.com/2050743", + "https://bugzilla.redhat.com/2065290", + "https://bugzilla.redhat.com/2107342", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107376", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2107390", + "https://bugzilla.redhat.com/2107392", + "https://bugzilla.redhat.com/show_bug.cgi?id=2044628", + "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", + "https://bugzilla.redhat.com/show_bug.cgi?id=2050648", + "https://bugzilla.redhat.com/show_bug.cgi?id=2050742", + "https://bugzilla.redhat.com/show_bug.cgi?id=2050743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2055349", + "https://bugzilla.redhat.com/show_bug.cgi?id=2065290", + "https://bugzilla.redhat.com/show_bug.cgi?id=2104367", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23648", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21673", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21698", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21702", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21703", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21713", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://errata.almalinux.org/9/ALSA-2022-8057.html", + "https://errata.rockylinux.org/RLSA-2022:8057", + "https://github.com/golang/go/commit/2924ced71d16297320e8ff18829c2038e6ad8d9b (1.18)", + "https://go.dev/cl/417061", + "https://go.dev/issue/53611", + "https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08", + "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", + "https://linux.oracle.com/cve/CVE-2022-30633.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-30633", + "https://pkg.go.dev/vuln/GO-2022-0523", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://www.cve.org/CVERecord?id=CVE-2022-30633" + ], + "PublishedDate": "2022-08-10T20:15:42.21Z", + "LastModifiedDate": "2026-03-06T18:16:13.833Z" + }, + { + "VulnerabilityID": "CVE-2022-30634", + "VendorIDs": [ + "GO-2022-0477" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.11, 1.18.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30634", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:26f822c19ebc8bcbecfb72bc8129009d326719638096c4296044e824d0504f92", + "Title": "ELSA-2022-17957: ol8addon security update (IMPORTANT)", + "Description": "Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 \u003c\u003c 32 - 1 bytes.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/402257", + "https://go.dev/issue/52561", + "https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863", + "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", + "https://linux.oracle.com/cve/CVE-2022-30634.html", + "https://linux.oracle.com/errata/ELSA-2022-17957.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-30634", + "https://pkg.go.dev/vuln/GO-2022-0477" + ], + "PublishedDate": "2022-07-15T20:15:08.597Z", + "LastModifiedDate": "2024-11-21T07:03:04.353Z" + }, + { + "VulnerabilityID": "CVE-2022-30635", + "VendorIDs": [ + "GO-2022-0526" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.12, 1.18.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30635", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:21be5ea0594f60724b6511f5ab6f7dd3bcbee7de5051043f873110782bb49da7", + "Title": "golang: encoding/gob: stack exhaustion in Decoder.Decode", + "Description": "Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-30635", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:8250", + "https://github.com/golang/go/commit/fb979a50823e5a0575cf6166b3f17a13364cbf81 (1.18)", + "https://go.dev/cl/417064", + "https://go.dev/issue/53615", + "https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7", + "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", + "https://linux.oracle.com/cve/CVE-2022-30635.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", + "https://pkg.go.dev/vuln/GO-2022-0526", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://www.cve.org/CVERecord?id=CVE-2022-30635" + ], + "PublishedDate": "2022-08-10T20:15:42.64Z", + "LastModifiedDate": "2026-03-06T18:16:14.177Z" + }, + { + "VulnerabilityID": "CVE-2022-32189", + "VendorIDs": [ + "GO-2022-0537" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.13, 1.18.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32189", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:0b9e226d42faf8c63037263f1ab92fd4e9e3fa1aba61630b6db7fa1f5c28f33d", + "Title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service", + "Description": "A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 1, + "rocky": 1, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-32189", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=2059869", + "https://bugzilla.redhat.com/show_bug.cgi?id=2059870", + "https://bugzilla.redhat.com/show_bug.cgi?id=2060061", + "https://bugzilla.redhat.com/show_bug.cgi?id=2062597", + "https://bugzilla.redhat.com/show_bug.cgi?id=2064087", + "https://bugzilla.redhat.com/show_bug.cgi?id=2088459", + "https://bugzilla.redhat.com/show_bug.cgi?id=2105961", + "https://bugzilla.redhat.com/show_bug.cgi?id=2110864", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2118831", + "https://bugzilla.redhat.com/show_bug.cgi?id=2123055", + "https://bugzilla.redhat.com/show_bug.cgi?id=2123210", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:7950", + "https://github.com/golang/go/commit/9240558e4f342fc6e98fec22de17c04b45089349 (1.18)", + "https://go.dev/cl/417774", + "https://go.dev/issue/53871", + "https://go.googlesource.com/go/+/055113ef364337607e3e72ed7d48df67fde6fc66", + "https://groups.google.com/g/golang-announce/c/YqYYG87xB10", + "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU", + "https://linux.oracle.com/cve/CVE-2022-32189.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32189", + "https://pkg.go.dev/vuln/GO-2022-0537", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://www.cve.org/CVERecord?id=CVE-2022-32189" + ], + "PublishedDate": "2022-08-10T20:15:47.507Z", + "LastModifiedDate": "2024-11-21T07:05:53.513Z" + }, + { + "VulnerabilityID": "CVE-2022-41715", + "VendorIDs": [ + "GO-2022-1039" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.18.7, 1.19.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41715", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2b3b2b59280e67cf4591a1c7e1eccf50c52bb1444faf79abc4a8ae4453ed17f0", + "Title": "golang: regexp/syntax: limit memory used by parsing regexps", + "Description": "Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2592", + "https://access.redhat.com/security/cve/CVE-2022-41715", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2149311", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://errata.almalinux.org/9/ALSA-2023-2592.html", + "https://errata.rockylinux.org/RLSA-2023:0328", + "https://github.com/golang/go/commit/645abfe529dc325e16daa17210640c2907d1c17a (go1.19.2)", + "https://github.com/golang/go/commit/e9017c2416ad0ef642f5e0c2eab2dbf3cba4d997 (go1.18.7)", + "https://github.com/golang/go/issues/55949", + "https://go.dev/cl/439356", + "https://go.dev/issue/55949", + "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", + "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", + "https://linux.oracle.com/cve/CVE-2022-41715.html", + "https://linux.oracle.com/errata/ELSA-2024-3254.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41715", + "https://pkg.go.dev/vuln/GO-2022-1039", + "https://security.gentoo.org/glsa/202311-09", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://www.cve.org/CVERecord?id=CVE-2022-41715" + ], + "PublishedDate": "2022-10-14T15:16:20.78Z", + "LastModifiedDate": "2024-11-21T07:23:43.367Z" + }, + { + "VulnerabilityID": "CVE-2022-41716", + "VendorIDs": [ + "GO-2022-1095" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.18.8, 1.19.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41716", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7b94f78ee26c9699e11eff028fbede52a2dadcb657f32b7db932a056fb086c63", + "Title": "Due to unsanitized NUL values, attackers may be able to maliciously se ...", + "Description": "Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string \"A=B\\x00C=D\" sets the variables \"A=B\" and \"C=D\".", + "Severity": "HIGH", + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/446916", + "https://go.dev/issue/56284", + "https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ", + "https://linux.oracle.com/cve/CVE-2022-41716.html", + "https://linux.oracle.com/errata/ELSA-2023-18908.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41716", + "https://pkg.go.dev/vuln/GO-2022-1095", + "https://security.netapp.com/advisory/ntap-20230120-0007/" + ], + "PublishedDate": "2022-11-02T16:15:11.15Z", + "LastModifiedDate": "2024-11-21T07:23:43.507Z" + }, + { + "VulnerabilityID": "CVE-2022-41720", + "VendorIDs": [ + "GO-2022-1143" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.18.9, 1.19.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41720", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4c0b38e344d59b3fe15077bf550dda699b9138a28e432240a4e748fba5e7d678", + "Title": "golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows", + "Description": "On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS(\"C:/tmp\").Open(\"COM1\") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS(\"\") has changed. Previously, an empty root was treated equivalently to \"/\", so os.DirFS(\"\").Open(\"tmp\") would open the path \"/tmp\". This now returns an error.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41720", + "https://go.dev/cl/455716", + "https://go.dev/issue/56694", + "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-41720.html", + "https://linux.oracle.com/errata/ELSA-2023-18908.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41720", + "https://pkg.go.dev/vuln/GO-2022-1143", + "https://www.cve.org/CVERecord?id=CVE-2022-41720" + ], + "PublishedDate": "2022-12-07T17:15:10.293Z", + "LastModifiedDate": "2025-04-23T16:15:25.373Z" + }, + { + "VulnerabilityID": "CVE-2022-41722", + "VendorIDs": [ + "GO-2023-1568" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.6, 1.20.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41722", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5c1818eb503635e192d7073b8a815be223ecbd563c2221de2f1ad7a5ec46acd3", + "Title": "golang: path/filepath: path-filepath filepath.Clean path traversal", + "Description": "A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as \"a/../c:/b\" into the valid path \"c:\\b\". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path \".\\c:\\b\".", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41722", + "https://go.dev/cl/468123", + "https://go.dev/issue/57274", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41722", + "https://pkg.go.dev/vuln/GO-2023-1568", + "https://www.cve.org/CVERecord?id=CVE-2022-41722" + ], + "PublishedDate": "2023-02-28T18:15:09.887Z", + "LastModifiedDate": "2024-11-21T07:23:44.303Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "VendorIDs": [ + "GHSA-vvpx-j8f3-3w6h", + "GO-2023-1571" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.6, 1.20.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5d07c115f59a9ae3c92d1aaa91771e45d9dbe4be27e9a7564a1ee4b628cdfbe5", + "Title": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://linux.oracle.com/cve/CVE-2022-41723.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230331-0010/", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://ubuntu.com/security/notices/USN-8089-1", + "https://ubuntu.com/security/notices/USN-8089-2", + "https://ubuntu.com/security/notices/USN-8089-3", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.couchbase.com/alerts", + "https://www.couchbase.com/alerts/", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:09.98Z", + "LastModifiedDate": "2025-05-05T16:15:20.433Z" + }, + { + "VulnerabilityID": "CVE-2022-41724", + "VendorIDs": [ + "GO-2023-1570" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.6, 1.20.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41724", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:fcf971526bbc647e429c4795eeb0e396758ac0a88e1d643a5424effad7fe02dd", + "Title": "golang: crypto/tls: large handshake records may cause panics", + "Description": "Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth \u003e= RequestClientCert).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2022-41724", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://go.dev/cl/468125", + "https://go.dev/issue/58001", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://linux.oracle.com/cve/CVE-2022-41724.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41724", + "https://pkg.go.dev/vuln/GO-2023-1570", + "https://security.gentoo.org/glsa/202311-09", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2022-41724" + ], + "PublishedDate": "2023-02-28T18:15:10.043Z", + "LastModifiedDate": "2024-11-21T07:23:44.603Z" + }, + { + "VulnerabilityID": "CVE-2022-41725", + "VendorIDs": [ + "GO-2023-1569" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.6, 1.20.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41725", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:78f833dac11e22b716598b9aab6ebd699f872e59ed5daaaec29d62262442702e", + "Title": "golang: net/http, mime/multipart: denial of service from excessive resource consumption", + "Description": "A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing \"up to maxMemory bytes +10MB (reserved for non-file parts) in memory\". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, \"If stored on disk, the File's underlying concrete type will be an *os.File.\". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2022-41725", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/5c55ac9bf1e5f779220294c843526536605f42ab [1.19]", + "https://go.dev/cl/468124", + "https://go.dev/issue/58006", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://linux.oracle.com/cve/CVE-2022-41725.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41725", + "https://pkg.go.dev/vuln/GO-2023-1569", + "https://security.gentoo.org/glsa/202311-09", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2022-41725" + ], + "PublishedDate": "2023-02-28T18:15:10.12Z", + "LastModifiedDate": "2024-11-21T07:23:44.733Z" + }, + { + "VulnerabilityID": "CVE-2023-24534", + "VendorIDs": [ + "GO-2023-1704" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.8, 1.20.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24534", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4ef6a8e9761fd2694eba1ef38494db1cf4e96102c188166298a2d551a6b67cae", + "Title": "golang: net/http, net/textproto: denial of service from excessive memory allocation", + "Description": "HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24534", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/3991f6c41c7dfd167e889234c0cf1d840475e93c (go1.20.3)", + "https://github.com/golang/go/commit/d6759e7a059f4208f07aa781402841d7ddaaef96 (go1.19.8)", + "https://go.dev/cl/481994", + "https://go.dev/issue/58975", + "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", + "https://linux.oracle.com/cve/CVE-2023-24534.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24534", + "https://pkg.go.dev/vuln/GO-2023-1704", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230526-0007/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24534" + ], + "PublishedDate": "2023-04-06T16:15:07.657Z", + "LastModifiedDate": "2025-02-12T18:15:19.837Z" + }, + { + "VulnerabilityID": "CVE-2023-24536", + "VendorIDs": [ + "GO-2023-1705" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.8, 1.20.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24536", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:38c1cc86fff275157c1d02a8131aa92eab0d7fba6b02b3d8bf31934c4ee2d5c2", + "Title": "golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption", + "Description": "Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24536", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/7917b5f31204528ea72e0629f0b7d52b35b27538 (go.1.19.8)", + "https://github.com/golang/go/commit/bf8c7c575c8a552d9d79deb29e80854dc88528d0 (go1.20.3)", + "https://go.dev/cl/482075", + "https://go.dev/cl/482076", + "https://go.dev/cl/482077", + "https://go.dev/issue/59153", + "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", + "https://linux.oracle.com/cve/CVE-2023-24536.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24536", + "https://pkg.go.dev/vuln/GO-2023-1705", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230526-0007/", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24536" + ], + "PublishedDate": "2023-04-06T16:15:07.71Z", + "LastModifiedDate": "2025-02-12T18:15:20.083Z" + }, + { + "VulnerabilityID": "CVE-2023-24537", + "VendorIDs": [ + "GO-2023-1702" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.8, 1.20.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24537", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:830fbec9d37c8045eaf6e00967380bc594f593ce9fecabbe39323ffbc9e2aea6", + "Title": "golang: go/parser: Infinite loop in parsing", + "Description": "Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24537", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/126a1d02da82f93ede7ce0bd8d3c51ef627f2104 (go1.19.8)", + "https://github.com/golang/go/commit/e7c4b07ecf6b367f1afc9cc48cde963829dd0aab (go1.20.3)", + "https://github.com/golang/go/issues/59180", + "https://go.dev/cl/482078", + "https://go.dev/issue/59180", + "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", + "https://linux.oracle.com/cve/CVE-2023-24537.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24537", + "https://pkg.go.dev/vuln/GO-2023-1702", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20241129-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24537" + ], + "PublishedDate": "2023-04-06T16:15:07.753Z", + "LastModifiedDate": "2025-02-12T17:15:13.973Z" + }, + { + "VulnerabilityID": "CVE-2023-24539", + "VendorIDs": [ + "GO-2023-1751" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.9, 1.20.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24539", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:72e9653f27e79605c69824822f4aa24b74e1ae44d2ef5ecbe201d134291eb64b", + "Title": "golang: html/template: improper sanitization of CSS values", + "Description": "Angle brackets (\u003c\u003e) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-74", + "CWE-94" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24539", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/090590fdccc8442728aa31601927da1bf2ef1288 (go1.20.4)", + "https://github.com/golang/go/commit/e49282327b05192e46086bf25fd3ac691205fe80 (go1.19.9)", + "https://github.com/golang/go/issues/59720", + "https://go.dev/cl/491615", + "https://go.dev/issue/59720", + "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", + "https://linux.oracle.com/cve/CVE-2023-24539.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24539", + "https://pkg.go.dev/vuln/GO-2023-1751", + "https://security.netapp.com/advisory/ntap-20241129-0005/", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24539" + ], + "PublishedDate": "2023-05-11T16:15:09.6Z", + "LastModifiedDate": "2025-01-24T17:15:10.67Z" + }, + { + "VulnerabilityID": "CVE-2023-29400", + "VendorIDs": [ + "GO-2023-1753" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.9, 1.20.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29400", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e2d71cac62575ad4343cb8f83ca96c12f8d8dd2e5fbff9a32f6b80b39a77101a", + "Title": "golang: html/template: improper handling of empty HTML attributes", + "Description": "Templates containing actions in unquoted HTML attributes (e.g. \"attr={{.}}\") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-74", + "CWE-94" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-29400", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/337dd75343145b74ed2073d793322eb4103b56ad (go1.20.4)", + "https://github.com/golang/go/commit/9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5 (go1.19.9)", + "https://github.com/golang/go/issues/59722", + "https://go.dev/cl/491617", + "https://go.dev/issue/59722", + "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", + "https://linux.oracle.com/cve/CVE-2023-29400.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29400", + "https://pkg.go.dev/vuln/GO-2023-1753", + "https://security.netapp.com/advisory/ntap-20241213-0005/", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29400" + ], + "PublishedDate": "2023-05-11T16:15:09.85Z", + "LastModifiedDate": "2025-01-24T17:15:12.747Z" + }, + { + "VulnerabilityID": "CVE-2023-29403", + "VendorIDs": [ + "GO-2023-1840" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.10, 1.20.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29403", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:76e5afe10c7625d790f1819b62886af77e4b932ac7643b576d1f1b518ec55c55", + "Title": "golang: runtime: unexpected behavior of setuid/setgid binaries", + "Description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-668" + ], + "VendorSeverity": { + "alma": 4, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 4, + "photon": 3, + "redhat": 3, + "rocky": 4, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3923", + "https://access.redhat.com/security/cve/CVE-2023-29403", + "https://bugzilla.redhat.com/2216965", + "https://bugzilla.redhat.com/2217562", + "https://bugzilla.redhat.com/2217565", + "https://bugzilla.redhat.com/2217569", + "https://bugzilla.redhat.com/show_bug.cgi?id=2216965", + "https://bugzilla.redhat.com/show_bug.cgi?id=2217562", + "https://bugzilla.redhat.com/show_bug.cgi?id=2217565", + "https://bugzilla.redhat.com/show_bug.cgi?id=2217569", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29402", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29403", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29405", + "https://errata.almalinux.org/9/ALSA-2023-3923.html", + "https://errata.rockylinux.org/RLSA-2023:3923", + "https://github.com/golang/go/commit/36144ba429ef2650940c72e7a0b932af3612d420 (go1.20.5)", + "https://github.com/golang/go/commit/a7b1cd452ddc69a6606c2f35ac5786dc892e62cb (go1.19.10)", + "https://github.com/golang/go/issues/60272", + "https://go.dev/cl/501223", + "https://go.dev/issue/60272", + "https://groups.google.com/g/golang-announce/c/q5135a9d924", + "https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ", + "https://linux.oracle.com/cve/CVE-2023-29403.html", + "https://linux.oracle.com/errata/ELSA-2023-3923.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZ2O6YCO2IZMZJELQGZYR2WAUNEDLYV6/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBS3IIK6ADV24C5ULQU55QLT2UE762ZX/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29403", + "https://pkg.go.dev/vuln/GO-2023-1840", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20241220-0009/", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29403" + ], + "PublishedDate": "2023-06-08T21:15:16.927Z", + "LastModifiedDate": "2025-01-06T20:15:25.82Z" + }, + { + "VulnerabilityID": "CVE-2023-39325", + "VendorIDs": [ + "GHSA-4374-p667-p6c8", + "GO-2023-2102" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.20.10, 1.21.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39325", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:12d710ff6a5075c72b494e08e169e02cd1c2ed22e45fd24abfb2cfa14fd9b172", + "Title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", + "Description": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "redhat": 3, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "golang.org/x/net", + "https://access.redhat.com/errata/RHSA-2023:6077", + "https://access.redhat.com/security/cve/CVE-2023-39325", + "https://access.redhat.com/security/cve/CVE-2023-44487", + "https://bugzilla.redhat.com/2242803", + "https://bugzilla.redhat.com/2243296", + "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243296", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487", + "https://errata.almalinux.org/9/ALSA-2023-6077.html", + "https://errata.rockylinux.org/RLSA-2023:6077", + "https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21]", + "https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20]", + "https://github.com/golang/go/issues/63417", + "https://go.dev/cl/534215", + "https://go.dev/cl/534235", + "https://go.dev/issue/63417", + "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", + "https://linux.oracle.com/cve/CVE-2023-39325.html", + "https://linux.oracle.com/errata/ELSA-2023-5867.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", + "https://pkg.go.dev/vuln/GO-2023-2102", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20231110-0008", + "https://security.netapp.com/advisory/ntap-20231110-0008/", + "https://ubuntu.com/security/notices/USN-6574-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", + "https://www.cve.org/CVERecord?id=CVE-2023-39325" + ], + "PublishedDate": "2023-10-11T22:15:09.88Z", + "LastModifiedDate": "2024-11-21T08:15:09.627Z" + }, + { + "VulnerabilityID": "CVE-2023-45283", + "VendorIDs": [ + "GO-2023-2185" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.20.11, 1.21.4, 1.20.12, 1.21.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:165df9d6435c3737e8c3e12db298e7001717a445f4bd71eff2bb88f5cf3b3977", + "Title": "The filepath package does not recognize paths with a \\??\\ prefix as sp ...", + "Description": "The filepath package does not recognize paths with a \\??\\ prefix as special. On Windows, a path beginning with \\??\\ is a Root Local Device path equivalent to a path beginning with \\\\?\\. Paths with a \\??\\ prefix may be used to access arbitrary locations on the system. For example, the path \\??\\c:\\x is equivalent to the more common path c:\\x. Before fix, Clean could convert a rooted path such as \\a\\..\\??\\b into the root local device path \\??\\b. Clean will now convert this to .\\??\\b. Similarly, Join(\\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \\??\\b. Join will now convert this to \\.\\??\\b. In addition, with fix, IsAbs now correctly reports paths beginning with \\??\\ as absolute, and VolumeName correctly reports the \\??\\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \\?, resulting in filepath.Clean(\\?\\c:) returning \\?\\c: rather than \\?\\c:\\ (among other effects). The previous behavior has been restored.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "amazon": 2, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "photon": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/12/05/2", + "https://go.dev/cl/540277", + "https://go.dev/cl/541175", + "https://go.dev/issue/63713", + "https://go.dev/issue/64028", + "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY", + "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45283", + "https://pkg.go.dev/vuln/GO-2023-2185", + "https://security.netapp.com/advisory/ntap-20231214-0008/" + ], + "PublishedDate": "2023-11-09T17:15:08.757Z", + "LastModifiedDate": "2024-11-21T08:26:41.567Z" + }, + { + "VulnerabilityID": "CVE-2023-45287", + "VendorIDs": [ + "GO-2023-2375" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.20.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45287", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f6e3e75c0ccdf7442b7c5d25bfd468d263fb887c52373604bd239f39aa272704", + "Title": "golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.", + "Description": "Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-203" + ], + "VendorSeverity": { + "alma": 2, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2272", + "https://access.redhat.com/security/cve/CVE-2023-45287", + "https://bugzilla.redhat.com/2253193", + "https://bugzilla.redhat.com/2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", + "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", + "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", + "https://errata.almalinux.org/9/ALSA-2024-2272.html", + "https://errata.rockylinux.org/RLSA-2024:2988", + "https://go.dev/cl/326012/26", + "https://go.dev/issue/20654", + "https://groups.google.com/g/golang-announce/c/QMK8IQALDvA", + "https://linux.oracle.com/cve/CVE-2023-45287.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45287", + "https://people.redhat.com/~hkario/marvin/", + "https://pkg.go.dev/vuln/GO-2023-2375", + "https://security.netapp.com/advisory/ntap-20240112-0005/", + "https://www.cve.org/CVERecord?id=CVE-2023-45287" + ], + "PublishedDate": "2023-12-05T17:15:08.57Z", + "LastModifiedDate": "2024-11-21T08:26:42.25Z" + }, + { + "VulnerabilityID": "CVE-2023-45288", + "VendorIDs": [ + "GHSA-4v7x-pqxf-cx7m", + "GO-2024-2687" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.21.9, 1.22.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:33e3e6cec2e0a8a14801eeb1d8716f05423232c7f15daf971ef304384e9c0e93", + "Title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", + "Description": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/04/03/16", + "http://www.openwall.com/lists/oss-security/2024/04/05/4", + "https://access.redhat.com/errata/RHSA-2024:2724", + "https://access.redhat.com/security/cve/CVE-2023-45288", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268018", + "https://bugzilla.redhat.com/2268019", + "https://bugzilla.redhat.com/2268273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://errata.almalinux.org/9/ALSA-2024-2724.html", + "https://errata.rockylinux.org/RLSA-2024:2724", + "https://go.dev/cl/576155", + "https://go.dev/issue/65051", + "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M", + "https://kb.cert.org/vuls/id/421644", + "https://linux.oracle.com/cve/CVE-2023-45288.html", + "https://linux.oracle.com/errata/ELSA-2024-3346.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/", + "https://nowotarski.info/http2-continuation-flood-technical-details", + "https://nowotarski.info/http2-continuation-flood/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45288", + "https://pkg.go.dev/vuln/GO-2024-2687", + "https://security.netapp.com/advisory/ntap-20240419-0009", + "https://security.netapp.com/advisory/ntap-20240419-0009/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2023-45288", + "https://www.kb.cert.org/vuls/id/421644" + ], + "PublishedDate": "2024-04-04T21:15:16.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-34156", + "VendorIDs": [ + "GO-2024-3106" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.22.7, 1.23.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34156", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bdcaa72a77b65cfd3f0147d8b775934cd536f804cefec54d833409673b1321df", + "Title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion", + "Description": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:3773", + "https://access.redhat.com/security/cve/CVE-2024-34156", + "https://bugzilla.redhat.com/2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.almalinux.org/9/ALSA-2025-3773.html", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7)", + "https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1)", + "https://go.dev/cl/611239", + "https://go.dev/issue/69139", + "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", + "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", + "https://linux.oracle.com/cve/CVE-2024-34156.html", + "https://linux.oracle.com/errata/ELSA-2025-3773.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-34156", + "https://pkg.go.dev/vuln/GO-2024-3106", + "https://security.netapp.com/advisory/ntap-20240926-0004/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-34156" + ], + "PublishedDate": "2024-09-06T21:15:12.02Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61726", + "VendorIDs": [ + "GO-2026-4341" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9ffda6afe921799e41373fb5ceb7374cd72eef03510d02a6a098521764d408f8", + "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", + "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 3, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-61726", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://go.dev/cl/736712", + "https://go.dev/issue/77101", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61726.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", + "https://pkg.go.dev/vuln/GO-2026-4341", + "https://www.cve.org/CVERecord?id=CVE-2025-61726" + ], + "PublishedDate": "2026-01-28T20:16:09.713Z", + "LastModifiedDate": "2026-02-06T18:47:34.52Z" + }, + { + "VulnerabilityID": "CVE-2025-61729", + "VendorIDs": [ + "GO-2025-4155" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b435c4f50c1fc7deecad6df9c48227db683e3da32eead6d16c174b13683048f1", + "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", + "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 1, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3928", + "https://access.redhat.com/security/cve/CVE-2025-61729", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3928.html", + "https://errata.rockylinux.org/RLSA-2026:3928", + "https://go.dev/cl/725920", + "https://go.dev/issue/76445", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://linux.oracle.com/cve/CVE-2025-61729.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", + "https://pkg.go.dev/vuln/GO-2025-4155", + "https://www.cve.org/CVERecord?id=CVE-2025-61729" + ], + "PublishedDate": "2025-12-02T19:15:51.447Z", + "LastModifiedDate": "2025-12-19T18:25:28.283Z" + }, + { + "VulnerabilityID": "CVE-2026-25679", + "VendorIDs": [ + "GO-2026-4601" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6ee63655d232783a957627b31a9c2be2f11ae29a5ebfaf8880756565584e4c89", + "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", + "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-425" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9044", + "https://access.redhat.com/security/cve/CVE-2026-25679", + "https://bugzilla.redhat.com/2445356", + "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", + "https://errata.almalinux.org/9/ALSA-2026-9044.html", + "https://errata.rockylinux.org/RLSA-2026:8841", + "https://go.dev/cl/752180", + "https://go.dev/issue/77578", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://linux.oracle.com/cve/CVE-2026-25679.html", + "https://linux.oracle.com/errata/ELSA-2026-9044.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", + "https://pkg.go.dev/vuln/GO-2026-4601", + "https://www.cve.org/CVERecord?id=CVE-2026-25679" + ], + "PublishedDate": "2026-03-06T22:16:00.72Z", + "LastModifiedDate": "2026-04-21T14:43:03.8Z" + }, + { + "VulnerabilityID": "CVE-2026-32280", + "VendorIDs": [ + "GO-2026-4947" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2f13f7c4dac3ce333bf8bf9d62d636c3bae4d8aeb95f06c433b729e6fd6312bb", + "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", + "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32280", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/758320", + "https://go.dev/issue/78282", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32280.html", + "https://linux.oracle.com/errata/ELSA-2026-16875.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", + "https://pkg.go.dev/vuln/GO-2026-4947", + "https://www.cve.org/CVERecord?id=CVE-2026-32280" + ], + "PublishedDate": "2026-04-08T02:16:03.247Z", + "LastModifiedDate": "2026-04-16T19:16:42.18Z" + }, + { + "VulnerabilityID": "CVE-2026-32281", + "VendorIDs": [ + "GO-2026-4946" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:14e2962bfcc4c6f26c1101e787b2f26b98d8fbab641b21e3d5dcfe0b993a8a64", + "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", + "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32281", + "https://go.dev/cl/758061", + "https://go.dev/issue/78281", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", + "https://pkg.go.dev/vuln/GO-2026-4946", + "https://www.cve.org/CVERecord?id=CVE-2026-32281" + ], + "PublishedDate": "2026-04-08T02:16:03.35Z", + "LastModifiedDate": "2026-04-16T19:15:57.75Z" + }, + { + "VulnerabilityID": "CVE-2026-32283", + "VendorIDs": [ + "GO-2026-4870" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3a70f3bf90c64722e30f9842c041ef3418f7395073fe425e6c234de028f3272c", + "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", + "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32283", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763767", + "https://go.dev/issue/78334", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32283.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", + "https://pkg.go.dev/vuln/GO-2026-4870", + "https://www.cve.org/CVERecord?id=CVE-2026-32283" + ], + "PublishedDate": "2026-04-08T02:16:03.58Z", + "LastModifiedDate": "2026-04-16T19:12:10.54Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5d493121e766550a8bab956bf2c54b2f69aefd525cdbf3cba053bf90a4f72fc8", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3fa6302a4c4910efc40ab28d954f71a44ba458dee644bf8655b556bd3b8693e3", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ac084dc68ec056a40664808035b454458215fd1f8efec3299325c96cb229218b", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2f31defc56731108f7ff6ff598a6da131dd3a11964c92132ba07596c2f04dfed", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:881cdb92f6c2ff8c4c6b419047daa15c282752b216c0687077d9df22c056a096", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2021-44717", + "VendorIDs": [ + "GO-2022-0289" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.16.12, 1.17.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-44717", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f3915de774619f28cdf3f5915d9e3550d2bc575964605f1425fc22b544c59bc0", + "Title": "golang: syscall: don't close fd 0 on ForkExec error", + "Description": "Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-404" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + }, + "nvd": { + "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V2Score": 5.8, + "V3Score": 4.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2021-44717", + "https://bugzilla.redhat.com/show_bug.cgi?id=2030801", + "https://bugzilla.redhat.com/show_bug.cgi?id=2030806", + "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44716", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44717", + "https://errata.rockylinux.org/RLSA-2021:5160", + "https://github.com/golang/go/commit/44a3fb49d99cc8a4de4925b69650f97bb07faf1d (go1.17.5)", + "https://github.com/golang/go/issues/50057", + "https://go.dev/cl/370576", + "https://go.dev/cl/370577", + "https://go.dev/cl/370795", + "https://go.dev/issue/50057", + "https://go.googlesource.com/go/+/a76511f3a40ea69ee4f5cd86e735e1c8a84f0aa2", + "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", + "https://groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ", + "https://linux.oracle.com/cve/CVE-2021-44717.html", + "https://linux.oracle.com/errata/ELSA-2021-5160.html", + "https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html", + "https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html", + "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html", + "https://nvd.nist.gov/vuln/detail/CVE-2021-44717", + "https://pkg.go.dev/vuln/GO-2022-0289", + "https://security.gentoo.org/glsa/202208-02", + "https://www.cve.org/CVERecord?id=CVE-2021-44717" + ], + "PublishedDate": "2022-01-01T05:15:08.367Z", + "LastModifiedDate": "2024-11-21T06:31:27.117Z" + }, + { + "VulnerabilityID": "CVE-2022-1705", + "VendorIDs": [ + "GO-2022-0525" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.12, 1.18.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1705", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3cd3a66542b1cd87133e944a9c0fca7a603a58ab7934ce035b042b153c86bf47", + "Title": "golang: net/http: improper sanitization of Transfer-Encoding header", + "Description": "Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-444" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-1705", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:8250", + "https://github.com/golang/go/commit/e5017a93fcde94f09836200bca55324af037ee5f", + "https://go.dev/cl/409874", + "https://go.dev/cl/410714", + "https://go.dev/issue/53188", + "https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f", + "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", + "https://linux.oracle.com/cve/CVE-2022-1705.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-1705", + "https://pkg.go.dev/vuln/GO-2022-0525", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://www.cve.org/CVERecord?id=CVE-2022-1705" + ], + "PublishedDate": "2022-08-10T20:15:25.353Z", + "LastModifiedDate": "2026-03-06T18:16:10.133Z" + }, + { + "VulnerabilityID": "CVE-2022-1962", + "VendorIDs": [ + "GO-2022-0515" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.12, 1.18.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1962", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5013335449f280a81fb5c3c9aeb2c6001d21b3c949fc34e8bc44459ac881fe04", + "Title": "golang: go/parser: stack exhaustion in all Parse* functions", + "Description": "Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2022:8057", + "https://access.redhat.com/security/cve/CVE-2022-1962", + "https://bugzilla.redhat.com/2044628", + "https://bugzilla.redhat.com/2045880", + "https://bugzilla.redhat.com/2050648", + "https://bugzilla.redhat.com/2050742", + "https://bugzilla.redhat.com/2050743", + "https://bugzilla.redhat.com/2065290", + "https://bugzilla.redhat.com/2107342", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107376", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2107390", + "https://bugzilla.redhat.com/2107392", + "https://bugzilla.redhat.com/show_bug.cgi?id=2044628", + "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", + "https://bugzilla.redhat.com/show_bug.cgi?id=2050648", + "https://bugzilla.redhat.com/show_bug.cgi?id=2050742", + "https://bugzilla.redhat.com/show_bug.cgi?id=2050743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2055349", + "https://bugzilla.redhat.com/show_bug.cgi?id=2065290", + "https://bugzilla.redhat.com/show_bug.cgi?id=2104367", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23648", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21673", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21698", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21702", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21703", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21713", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://errata.almalinux.org/9/ALSA-2022-8057.html", + "https://errata.rockylinux.org/RLSA-2022:8057", + "https://github.com/golang/go/commit/695be961d57508da5a82217f7415200a11845879", + "https://go.dev/cl/417063", + "https://go.dev/issue/53616", + "https://go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879", + "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", + "https://linux.oracle.com/cve/CVE-2022-1962.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", + "https://pkg.go.dev/vuln/GO-2022-0515", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://www.cve.org/CVERecord?id=CVE-2022-1962" + ], + "PublishedDate": "2022-08-10T20:15:26.25Z", + "LastModifiedDate": "2026-03-06T20:16:09.373Z" + }, + { + "VulnerabilityID": "CVE-2022-29526", + "VendorIDs": [ + "GHSA-p782-xgp4-8hr8", + "GO-2022-0493" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.10, 1.18.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-29526", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9708d907ace5d079cf43b525dd6cc48ade871e3826cb19d33936d8d93a256d72", + "Title": "golang: syscall: faccessat checks wrong group", + "Description": "Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-269" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "ghsa": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V2Score": 5, + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.2 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-29526", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24675", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28327", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30629", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://errata.rockylinux.org/RLSA-2022:5799", + "https://github.com/golang/go", + "https://github.com/golang/go/commit/f66925e854e71e0c54b581885380a490d7afa30c", + "https://github.com/golang/go/issues/52313", + "https://go.dev/cl/399539", + "https://go.dev/cl/400074", + "https://go.dev/issue/52313", + "https://groups.google.com/g/golang-announce", + "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU", + "https://linux.oracle.com/cve/CVE-2022-29526.html", + "https://linux.oracle.com/errata/ELSA-2022-5337.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR", + "https://nvd.nist.gov/vuln/detail/CVE-2022-29526", + "https://pkg.go.dev/vuln/GO-2022-0493", + "https://security.gentoo.org/glsa/202208-02", + "https://security.netapp.com/advisory/ntap-20220729-0001", + "https://security.netapp.com/advisory/ntap-20220729-0001/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://www.cve.org/CVERecord?id=CVE-2022-29526" + ], + "PublishedDate": "2022-06-23T17:15:12.747Z", + "LastModifiedDate": "2024-11-21T06:59:15.563Z" + }, + { + "VulnerabilityID": "CVE-2022-32148", + "VendorIDs": [ + "GO-2022-0520" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.17.12, 1.18.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32148", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:27df03e5cd15a51661ee796e22cbd5dd8c5ffc60be9bce740b351d726f49d115", + "Title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", + "Description": "Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2357", + "https://access.redhat.com/security/cve/CVE-2022-32148", + "https://bugzilla.redhat.com/2107371", + "https://bugzilla.redhat.com/2107374", + "https://bugzilla.redhat.com/2107383", + "https://bugzilla.redhat.com/2107386", + "https://bugzilla.redhat.com/2107388", + "https://bugzilla.redhat.com/2113814", + "https://bugzilla.redhat.com/2124669", + "https://bugzilla.redhat.com/2132868", + "https://bugzilla.redhat.com/2132872", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://errata.almalinux.org/9/ALSA-2023-2357.html", + "https://errata.rockylinux.org/RLSA-2022:8250", + "https://github.com/golang/go/commit/ebea1e3353fa766025aa5190b9c7cc05cf069187 (1.18)", + "https://go.dev/cl/412857", + "https://go.dev/issue/53423", + "https://go.googlesource.com/go/+/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a", + "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", + "https://linux.oracle.com/cve/CVE-2022-32148.html", + "https://linux.oracle.com/errata/ELSA-2023-2802.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-32148", + "https://pkg.go.dev/vuln/GO-2022-0520", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://www.cve.org/CVERecord?id=CVE-2022-32148" + ], + "PublishedDate": "2022-08-10T20:15:47.133Z", + "LastModifiedDate": "2026-03-06T20:16:10.927Z" + }, + { + "VulnerabilityID": "CVE-2022-41717", + "VendorIDs": [ + "GHSA-xrjj-mj9h-534m", + "GO-2022-1144" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.18.9, 1.19.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41717", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d8e1483200f49c5b02562d1d5c4f8253ee92920ab045a68904b217132eb98758", + "Title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests", + "Description": "An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "ghsa": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6420", + "https://access.redhat.com/security/cve/CVE-2022-41717", + "https://bugzilla.redhat.com/2131146", + "https://bugzilla.redhat.com/2131147", + "https://bugzilla.redhat.com/2131148", + "https://bugzilla.redhat.com/2138014", + "https://bugzilla.redhat.com/2138015", + "https://bugzilla.redhat.com/2148252", + "https://bugzilla.redhat.com/2158420", + "https://bugzilla.redhat.com/2161274", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", + "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2121445", + "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", + "https://bugzilla.redhat.com/show_bug.cgi?id=2161274", + "https://bugzilla.redhat.com/show_bug.cgi?id=2168256", + "https://cs.opensource.google/go/x/net", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2989", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41717", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0778", + "https://errata.almalinux.org/9/ALSA-2023-6420.html", + "https://errata.rockylinux.org/RLSA-2023:2802", + "https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27 (go1.19.4)", + "https://github.com/golang/go/commit/76cad4edc29d28432a7a0aa27e87385d3d7db7a1 (go1.18.9)", + "https://go.dev/cl/455635", + "https://go.dev/cl/455717", + "https://go.dev/issue/56350", + "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU", + "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", + "https://linux.oracle.com/cve/CVE-2022-41717.html", + "https://linux.oracle.com/errata/ELSA-2023-6420.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41717", + "https://pkg.go.dev/vuln/GO-2022-1144", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230120-0008/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://www.cve.org/CVERecord?id=CVE-2022-41717" + ], + "PublishedDate": "2022-12-08T20:15:10.33Z", + "LastModifiedDate": "2024-11-21T07:23:43.713Z" + }, + { + "VulnerabilityID": "CVE-2023-24532", + "VendorIDs": [ + "GO-2023-1621" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.7, 1.20.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24532", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bafcaa013819d6566c66aa96159651af7606fb6c60c218507dd6d939d94af43b", + "Title": "golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results", + "Description": "The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-682" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-24532", + "https://go.dev/cl/471255", + "https://go.dev/issue/58647", + "https://groups.google.com/g/golang-announce/c/3-TpUx48iQY", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24532", + "https://pkg.go.dev/vuln/GO-2023-1621", + "https://security.netapp.com/advisory/ntap-20230331-0011/", + "https://www.cve.org/CVERecord?id=CVE-2023-24532" + ], + "PublishedDate": "2023-03-08T20:15:09.413Z", + "LastModifiedDate": "2024-11-21T07:48:04.383Z" + }, + { + "VulnerabilityID": "CVE-2023-29406", + "VendorIDs": [ + "GO-2023-1878" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.11, 1.20.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29406", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:55a5565d6ceb101d96d8d128191d5aa5cab53d19ff3ba05ea9761fcf388c3e7e", + "Title": "golang: net/http: insufficient sanitization of Host header", + "Description": "The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-436" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-29406", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2242871", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:7202", + "https://github.com/golang/go/commit/312920c00aac9897b2a0693e752390b5b0711a5a (go1.20.6)", + "https://github.com/golang/go/commit/5fa6923b1ea891400153d04ddf1545e23b40041b (go1.19.11)", + "https://github.com/golang/go/issues/60374", + "https://go.dev/cl/506996", + "https://go.dev/issue/60374", + "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0", + "https://linux.oracle.com/cve/CVE-2023-29406.html", + "https://linux.oracle.com/errata/ELSA-2023-7202.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29406", + "https://pkg.go.dev/vuln/GO-2023-1878", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230814-0002/", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29406" + ], + "PublishedDate": "2023-07-11T20:15:10.643Z", + "LastModifiedDate": "2024-11-21T07:56:59.913Z" + }, + { + "VulnerabilityID": "CVE-2023-29409", + "VendorIDs": [ + "GO-2023-1987" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.19.12, 1.20.7, 1.21.0-rc.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29409", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ec065511e36172b45d84be88ce411e08f67c47a15ce94eda1f5c9d698de1a2d7", + "Title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys", + "Description": "Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to \u003c= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:7766", + "https://access.redhat.com/security/cve/CVE-2023-29409", + "https://bugzilla.redhat.com/2228743", + "https://bugzilla.redhat.com/2237773", + "https://bugzilla.redhat.com/2237776", + "https://bugzilla.redhat.com/2237777", + "https://bugzilla.redhat.com/2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", + "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", + "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", + "https://errata.almalinux.org/9/ALSA-2023-7766.html", + "https://errata.rockylinux.org/RLSA-2024:2988", + "https://go.dev/cl/515257", + "https://go.dev/issue/61460", + "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ", + "https://linux.oracle.com/cve/CVE-2023-29409.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29409", + "https://pkg.go.dev/vuln/GO-2023-1987", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230831-0010/", + "https://www.cve.org/CVERecord?id=CVE-2023-29409" + ], + "PublishedDate": "2023-08-02T20:15:11.94Z", + "LastModifiedDate": "2024-11-21T07:57:00.287Z" + }, + { + "VulnerabilityID": "CVE-2023-39318", + "VendorIDs": [ + "GO-2023-2041" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.20.8, 1.21.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39318", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3c7d75ca72905eb28d783c82764f9e7992cd0dc08bcb2f9346fc1e4fe2a82b85", + "Title": "golang: html/template: improper handling of HTML-like comments within script contexts", + "Description": "The html/template package does not properly handle HTML-like \"\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2160", + "https://access.redhat.com/security/cve/CVE-2023-39318", + "https://bugzilla.redhat.com/2237773", + "https://bugzilla.redhat.com/2237776", + "https://bugzilla.redhat.com/2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", + "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", + "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", + "https://errata.almalinux.org/9/ALSA-2024-2160.html", + "https://errata.rockylinux.org/RLSA-2024:2988", + "https://github.com/golang/go/commit/023b542edf38e2a1f87fcefb9f75ff2f99401b4c (go1.20.8)", + "https://github.com/golang/go/commit/b0e1d3ea26e8e8fce7726690c9ef0597e60739fb (go1.21.1)", + "https://go.dev/cl/526156", + "https://go.dev/issue/62196", + "https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM", + "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", + "https://linux.oracle.com/cve/CVE-2023-39318.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-39318", + "https://pkg.go.dev/vuln/GO-2023-2041", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20231020-0009/", + "https://ubuntu.com/security/notices/USN-6574-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://vuln.go.dev/ID/GO-2023-2041.json", + "https://www.cve.org/CVERecord?id=CVE-2023-39318" + ], + "PublishedDate": "2023-09-08T17:15:27.823Z", + "LastModifiedDate": "2024-11-21T08:15:08.737Z" + }, + { + "VulnerabilityID": "CVE-2023-39319", + "VendorIDs": [ + "GO-2023-2043" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.20.8, 1.21.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39319", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bb45f155fd7caffa1c2d3d0fbba06c06cd3e628d2f5bfa847b32cce406b1b48b", + "Title": "golang: html/template: improper handling of special tags within script contexts", + "Description": "The html/template package does not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2160", + "https://access.redhat.com/security/cve/CVE-2023-39319", + "https://bugzilla.redhat.com/2237773", + "https://bugzilla.redhat.com/2237776", + "https://bugzilla.redhat.com/2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", + "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", + "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", + "https://errata.almalinux.org/9/ALSA-2024-2160.html", + "https://errata.rockylinux.org/RLSA-2024:2988", + "https://github.com/golang/go/commit/2070531d2f53df88e312edace6c8dfc9686ab2f5 (go1.20.8)", + "https://github.com/golang/go/commit/bbd043ff0d6d59f1a9232d31ecd5eacf6507bf6a (go1.21.1)", + "https://go.dev/cl/526157", + "https://go.dev/issue/62197", + "https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM", + "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", + "https://linux.oracle.com/cve/CVE-2023-39319.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-39319", + "https://pkg.go.dev/vuln/GO-2023-2043", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20231020-0009/", + "https://ubuntu.com/security/notices/USN-6574-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://vuln.go.dev/ID/GO-2023-2043.json", + "https://www.cve.org/CVERecord?id=CVE-2023-39319" + ], + "PublishedDate": "2023-09-08T17:15:27.91Z", + "LastModifiedDate": "2024-11-21T08:15:08.89Z" + }, + { + "VulnerabilityID": "CVE-2023-39326", + "VendorIDs": [ + "GO-2023-2382" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.20.12, 1.21.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39326", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ae2aebc72a72a7e2a72eb25adc4b59b78b249c4dde261544c4b4d72199e2ae38", + "Title": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests", + "Description": "A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2272", + "https://access.redhat.com/security/cve/CVE-2023-39326", + "https://bugzilla.redhat.com/2253193", + "https://bugzilla.redhat.com/2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", + "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", + "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", + "https://errata.almalinux.org/9/ALSA-2024-2272.html", + "https://errata.rockylinux.org/RLSA-2024:2988", + "https://github.com/golang/go/commit/6446af942e2e2b161c4ec1b60d9703a2b55dc4dd (go1.20.12)", + "https://github.com/golang/go/commit/ec8c526e4be720e94b98ca509e6364f0efaf28f7 (go1.21.5)", + "https://go.dev/cl/547335", + "https://go.dev/issue/64433", + "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", + "https://linux.oracle.com/cve/CVE-2023-39326.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIU6HOGV6RRIKWM57LOXQA75BGZSIH6G/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-39326", + "https://pkg.go.dev/vuln/GO-2023-2382", + "https://ubuntu.com/security/notices/USN-6574-1", + "https://www.cve.org/CVERecord?id=CVE-2023-39326" + ], + "PublishedDate": "2023-12-06T17:15:07.147Z", + "LastModifiedDate": "2024-11-21T08:15:09.89Z" + }, + { + "VulnerabilityID": "CVE-2023-45284", + "VendorIDs": [ + "GO-2023-2186" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.20.11, 1.21.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45284", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1a0ebbd8ffc902c7e6695b3c2c230ff18263440c45725cf22bb23d7916599564", + "Title": "On Windows, The IsLocal function does not correctly detect reserved de ...", + "Description": "On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as \"COM1 \", and reserved names \"COM\" and \"LPT\" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "photon": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/540277", + "https://go.dev/issue/63713", + "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45284", + "https://pkg.go.dev/vuln/GO-2023-2186" + ], + "PublishedDate": "2023-11-09T17:15:08.813Z", + "LastModifiedDate": "2024-11-21T08:26:41.737Z" + }, + { + "VulnerabilityID": "CVE-2023-45289", + "VendorIDs": [ + "GO-2024-2600" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7240ce9aa087588f666e7b7f3c6989a0b30a2b67c4cb3a04eb35af0f83f3325e", + "Title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", + "Description": "When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:2724", + "https://access.redhat.com/security/cve/CVE-2023-45289", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268018", + "https://bugzilla.redhat.com/2268019", + "https://bugzilla.redhat.com/2268273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://errata.almalinux.org/9/ALSA-2024-2724.html", + "https://errata.rockylinux.org/RLSA-2024:2724", + "https://github.com/golang/go/commit/20586c0dbe03d144f914155f879fa5ee287591a1 (go1.21.8)", + "https://github.com/golang/go/commit/3a855208e3efed2e9d7c20ad023f1fa78afcc0be (go1.22.1)", + "https://github.com/golang/go/issues/65065", + "https://go.dev/cl/569340", + "https://go.dev/issue/65065", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2023-45289.html", + "https://linux.oracle.com/errata/ELSA-2024-3346.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", + "https://pkg.go.dev/vuln/GO-2024-2600", + "https://security.netapp.com/advisory/ntap-20240329-0006/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://www.cve.org/CVERecord?id=CVE-2023-45289" + ], + "PublishedDate": "2024-03-05T23:15:07.137Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2023-45290", + "VendorIDs": [ + "GO-2024-2599" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45290", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bc286a66f570ecb062d5ab156f03d2e5690bdff35c40d4078236978230eccb60", + "Title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", + "Description": "When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:9135", + "https://access.redhat.com/security/cve/CVE-2023-45290", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268022", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://errata.almalinux.org/9/ALSA-2024-9135.html", + "https://errata.rockylinux.org/RLSA-2024:9135", + "https://github.com/golang/go/commit/041a47712e765e94f86d841c3110c840e76d8f82 (go1.22.1)", + "https://github.com/golang/go/commit/bf80213b121074f4ad9b449410a4d13bae5e9be0 (go1.21.8)", + "https://github.com/golang/go/issues/65383", + "https://go.dev/cl/569341", + "https://go.dev/issue/65383", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2023-45290.html", + "https://linux.oracle.com/errata/ELSA-2024-8038.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45290", + "https://pkg.go.dev/vuln/GO-2024-2599", + "https://security.netapp.com/advisory/ntap-20240329-0004", + "https://security.netapp.com/advisory/ntap-20240329-0004/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2023-45290" + ], + "PublishedDate": "2024-03-05T23:15:07.21Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-24783", + "VendorIDs": [ + "GO-2024-2598" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24783", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b3101838f2bc40a624b23862b46b726e02c12a68e5c1af31222e76869f71fecf", + "Title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", + "Description": "Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:6195", + "https://access.redhat.com/security/cve/CVE-2024-24783", + "https://bugzilla.redhat.com/2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://errata.almalinux.org/9/ALSA-2024-6195.html", + "https://errata.rockylinux.org/RLSA-2024:2724", + "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp", + "https://github.com/golang/go/commit/337b8e9cbfa749d9d5c899e0dc358e2208d5e54f (go1.22.1)", + "https://github.com/golang/go/commit/be5b52bea674190ef7de272664be6c7ae93ec5a0 (go1.21.8)", + "https://github.com/golang/go/issues/65390", + "https://go.dev/cl/569339", + "https://go.dev/issue/65390", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2024-24783.html", + "https://linux.oracle.com/errata/ELSA-2024-6969.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24783", + "https://pkg.go.dev/vuln/GO-2024-2598", + "https://security.netapp.com/advisory/ntap-20240329-0005", + "https://security.netapp.com/advisory/ntap-20240329-0005/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24783" + ], + "PublishedDate": "2024-03-05T23:15:07.683Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-24784", + "VendorIDs": [ + "GO-2024-2609" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24784", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c2c15fde57f2dd529cad85660f5b192916f1340998779461ce41e33fea341987", + "Title": "golang: net/mail: comments in display names are incorrectly handled", + "Description": "The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:2562", + "https://access.redhat.com/security/cve/CVE-2024-24784", + "https://bugzilla.redhat.com/2262921", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268018", + "https://bugzilla.redhat.com/2268019", + "https://bugzilla.redhat.com/2268021", + "https://bugzilla.redhat.com/2268022", + "https://bugzilla.redhat.com/2268273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262921", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268021", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24784", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", + "https://errata.almalinux.org/9/ALSA-2024-2562.html", + "https://errata.rockylinux.org/RLSA-2024:2562", + "https://github.com/golang/go/commit/263c059b09fdd40d9dd945f2ecb20c89ea28efe5 (go1.21.8)", + "https://github.com/golang/go/commit/5330cd225ba54c7dc78c1b46dcdf61a4671a632c (go1.22.1)", + "https://github.com/golang/go/issues/65083", + "https://go.dev/cl/555596", + "https://go.dev/issue/65083", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2024-24784.html", + "https://linux.oracle.com/errata/ELSA-2024-6969.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24784", + "https://pkg.go.dev/vuln/GO-2024-2609", + "https://security.netapp.com/advisory/ntap-20240329-0007/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24784" + ], + "PublishedDate": "2024-03-05T23:15:07.733Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-24785", + "VendorIDs": [ + "GO-2024-2610" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24785", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:713e37b2951b5b8b8dc030ffed78b41649e8e2b7f2d015ef64db5d8e8b889591", + "Title": "golang: html/template: errors returned from MarshalJSON methods may break template escaping", + "Description": "If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:9135", + "https://access.redhat.com/security/cve/CVE-2024-24785", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268022", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://errata.almalinux.org/9/ALSA-2024-9135.html", + "https://errata.rockylinux.org/RLSA-2024:9135", + "https://github.com/golang/go/commit/056b0edcb8c152152021eebf4cf42adbfbe77992 (go1.22.1)", + "https://github.com/golang/go/commit/3643147a29352ca2894fd5d0d2069bc4b4335a7e (go1.21.8)", + "https://github.com/golang/go/issues/65697", + "https://go.dev/cl/564196", + "https://go.dev/issue/65697", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2024-24785.html", + "https://linux.oracle.com/errata/ELSA-2026-3428.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24785", + "https://pkg.go.dev/vuln/GO-2024-2610", + "https://security.netapp.com/advisory/ntap-20240329-0008/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://vuln.go.dev/ID/GO-2024-2610.json", + "https://www.cve.org/CVERecord?id=CVE-2024-24785" + ], + "PublishedDate": "2024-03-05T23:15:07.777Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-24789", + "VendorIDs": [ + "GO-2024-2888" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.21.11, 1.22.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24789", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7729a47f99c6a6f90adfc0dc1792f13a03e22f8f54df9581ddb0e68d2a950ecd", + "Title": "golang: archive/zip: Incorrect handling of certain ZIP files", + "Description": "The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/06/04/1", + "https://access.redhat.com/errata/RHSA-2024:9115", + "https://access.redhat.com/security/cve/CVE-2024-24789", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2292668", + "https://bugzilla.redhat.com/2292787", + "https://bugzilla.redhat.com/2294000", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144983", + "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", + "https://bugzilla.redhat.com/show_bug.cgi?id=2292668", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4122", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3727", + "https://errata.almalinux.org/9/ALSA-2024-9115.html", + "https://errata.rockylinux.org/RLSA-2024:9102", + "https://github.com/golang/go/commit/c8e40338cf00f3c1d86c8fb23863ad67a4c72bcc (1.21)", + "https://github.com/golang/go/commit/cf501ac0c5fe351a8582d20b43562027927906e7 (1.22)", + "https://github.com/golang/go/issues/66869", + "https://go.dev/cl/585397", + "https://go.dev/issue/66869", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", + "https://linux.oracle.com/cve/CVE-2024-24789.html", + "https://linux.oracle.com/errata/ELSA-2024-9115.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24789", + "https://pkg.go.dev/vuln/GO-2024-2888", + "https://security.netapp.com/advisory/ntap-20250131-0008/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24789" + ], + "PublishedDate": "2024-06-05T16:15:10.47Z", + "LastModifiedDate": "2025-01-31T15:15:12.74Z" + }, + { + "VulnerabilityID": "CVE-2024-24791", + "VendorIDs": [ + "GO-2024-2963" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.21.12, 1.22.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24791", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1340cf8d1aacfff2212daaef053cfd71ce02c142ceaff31fbf1013b17f95cef9", + "Title": "net/http: Denial of service due to improper 100-continue handling in net/http", + "Description": "The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an \"Expect: 100-continue\" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending \"Expect: 100-continue\" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7256", + "https://access.redhat.com/security/cve/CVE-2024-24791", + "https://bugzilla.redhat.com/2237777", + "https://bugzilla.redhat.com/2237778", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2292787", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/2315719", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", + "https://errata.almalinux.org/9/ALSA-2025-7256.html", + "https://errata.rockylinux.org/RLSA-2025:7256", + "https://go.dev/cl/591255", + "https://go.dev/issue/67555", + "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ", + "https://linux.oracle.com/cve/CVE-2024-24791.html", + "https://linux.oracle.com/errata/ELSA-2025-7256.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24791", + "https://pkg.go.dev/vuln/GO-2024-2963", + "https://security.netapp.com/advisory/ntap-20241004-0004/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24791" + ], + "PublishedDate": "2024-07-02T22:15:04.833Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-34155", + "VendorIDs": [ + "GO-2024-3105" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.22.7, 1.23.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34155", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:05ef7c7347c7db2b9bb17045b7d28fca7be773add5ca8abb3a16a5a51a42445f", + "Title": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion", + "Description": "Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:9459", + "https://access.redhat.com/security/cve/CVE-2024-34155", + "https://bugzilla.redhat.com/2310527", + "https://bugzilla.redhat.com/2310528", + "https://bugzilla.redhat.com/2310529", + "https://bugzilla.redhat.com/2315691", + "https://bugzilla.redhat.com/2315887", + "https://bugzilla.redhat.com/2317458", + "https://bugzilla.redhat.com/2317467", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", + "https://errata.almalinux.org/9/ALSA-2024-9459.html", + "https://errata.rockylinux.org/RLSA-2024:8039", + "https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1)", + "https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7)", + "https://go.dev/cl/611238", + "https://go.dev/issue/69138", + "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", + "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", + "https://linux.oracle.com/cve/CVE-2024-34155.html", + "https://linux.oracle.com/errata/ELSA-2024-9459.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-34155", + "https://pkg.go.dev/vuln/GO-2024-3105", + "https://security.netapp.com/advisory/ntap-20240926-0005/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-34155" + ], + "PublishedDate": "2024-09-06T21:15:11.947Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-34158", + "VendorIDs": [ + "GO-2024-3107" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.22.7, 1.23.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34158", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a68dda0de4ec86c4e8a264b8f27e15b8177d1222063c907636ba820ae641a948", + "Title": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion", + "Description": "Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7118", + "https://access.redhat.com/security/cve/CVE-2024-34158", + "https://bugzilla.redhat.com/2262921", + "https://bugzilla.redhat.com/2310529", + "https://bugzilla.redhat.com/2315719", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", + "https://errata.almalinux.org/9/ALSA-2025-7118.html", + "https://errata.rockylinux.org/RLSA-2024:8039", + "https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1)", + "https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7)", + "https://go.dev/cl/611240", + "https://go.dev/issue/69141", + "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", + "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", + "https://linux.oracle.com/cve/CVE-2024-34158.html", + "https://linux.oracle.com/errata/ELSA-2025-7118.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-34158", + "https://pkg.go.dev/vuln/GO-2024-3107", + "https://security.netapp.com/advisory/ntap-20241004-0003/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-34158" + ], + "PublishedDate": "2024-09-06T21:15:12.083Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-45336", + "VendorIDs": [ + "GO-2025-3420" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:65325ca53709d2a4a1ee76f49c59aac20bd16e88d47ea0582dbf823a7873405e", + "Title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", + "Description": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:3772", + "https://access.redhat.com/security/cve/CVE-2024-45336", + "https://bugzilla.redhat.com/2341750", + "https://bugzilla.redhat.com/2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.almalinux.org/8/ALSA-2025-3772.html", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/issues/70530", + "https://go.dev/cl/643100", + "https://go.dev/issue/70530", + "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI", + "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", + "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", + "https://linux.oracle.com/cve/CVE-2024-45336.html", + "https://linux.oracle.com/errata/ELSA-2025-7592.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-45336", + "https://pkg.go.dev/vuln/GO-2025-3420", + "https://security.netapp.com/advisory/ntap-20250221-0003/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2024-45336" + ], + "PublishedDate": "2025-01-28T02:15:28.807Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-0913", + "VendorIDs": [ + "GO-2025-3750" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b87af4df90f90c65e5fef0db8cda1c3702200724ff28c7cfbaca2c7786060295", + "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", + "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://go.dev/cl/672396", + "https://go.dev/issue/73702", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", + "https://pkg.go.dev/vuln/GO-2025-3750" + ], + "PublishedDate": "2025-06-11T18:15:24.627Z", + "LastModifiedDate": "2025-08-08T14:53:03.55Z" + }, + { + "VulnerabilityID": "CVE-2025-22866", + "VendorIDs": [ + "GO-2025-3447" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:258bf93f0929c32ac94547437025a98a62834eef3fe548a5edce473cf3c19412", + "Title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", + "Description": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22866", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12)", + "https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6)", + "https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)", + "https://github.com/golang/go/issues/71383", + "https://go.dev/cl/643735", + "https://go.dev/issue/71383", + "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", + "https://linux.oracle.com/cve/CVE-2025-22866.html", + "https://linux.oracle.com/errata/ELSA-2025-7466.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22866", + "https://pkg.go.dev/vuln/GO-2025-3447", + "https://security.netapp.com/advisory/ntap-20250221-0002/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22866" + ], + "PublishedDate": "2025-02-06T17:15:21.41Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22870", + "VendorIDs": [ + "GHSA-qxp5-gwg8-xv66", + "GO-2025-3503" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.23.7, 1.24.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5b5550d8d9f10001a2808329e62d447e0d9e03f826fff76af2ffb15af4240ef0", + "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", + "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-115" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/03/07/2", + "https://access.redhat.com/security/cve/CVE-2025-22870", + "https://github.com/golang/go/issues/71984", + "https://go-review.googlesource.com/q/project:net", + "https://go.dev/cl/654697", + "https://go.dev/issue/71984", + "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", + "https://pkg.go.dev/vuln/GO-2025-3503", + "https://security.netapp.com/advisory/ntap-20250509-0007", + "https://security.netapp.com/advisory/ntap-20250509-0007/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22870" + ], + "PublishedDate": "2025-03-12T19:15:38.31Z", + "LastModifiedDate": "2026-04-16T23:16:32.86Z" + }, + { + "VulnerabilityID": "CVE-2025-22871", + "VendorIDs": [ + "GO-2025-3563" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.23.8, 1.24.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6858011badccfe4078bac8e2f4aab450902640e84e399945c6b16fee1805bfd0", + "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", + "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 3, + "ghsa": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/04/4", + "https://access.redhat.com/errata/RHSA-2025:9635", + "https://access.redhat.com/security/cve/CVE-2025-22871", + "https://bugzilla.redhat.com/2358493", + "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", + "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", + "https://errata.almalinux.org/9/ALSA-2025-9635.html", + "https://errata.rockylinux.org/RLSA-2025:9635", + "https://github.com/roadrunner-server/roadrunner", + "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", + "https://github.com/roadrunner-server/roadrunner/issues/2166", + "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", + "https://go.dev/cl/652998", + "https://go.dev/issue/71988", + "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", + "https://linux.oracle.com/cve/CVE-2025-22871.html", + "https://linux.oracle.com/errata/ELSA-2025-9845.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", + "https://pkg.go.dev/vuln/GO-2025-3563", + "https://www.cve.org/CVERecord?id=CVE-2025-22871" + ], + "PublishedDate": "2025-04-08T20:15:20.183Z", + "LastModifiedDate": "2026-05-12T13:16:39.897Z" + }, + { + "VulnerabilityID": "CVE-2025-22873", + "VendorIDs": [ + "GO-2026-4403" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.23.9, 1.24.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c1293b90729ecaf702a01a0f37bb2c813b5c5b7aefc49def44efa8af582eb910", + "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", + "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-23" + ], + "VendorSeverity": { + "amazon": 2, + "bitnami": 1, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "V3Score": 3.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/06/2", + "https://access.redhat.com/security/cve/CVE-2025-22873", + "https://go.dev/cl/670036", + "https://go.dev/issue/73555", + "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", + "https://pkg.go.dev/vuln/GO-2026-4403", + "https://www.cve.org/CVERecord?id=CVE-2025-22873" + ], + "PublishedDate": "2026-02-04T23:15:54.22Z", + "LastModifiedDate": "2026-02-10T15:16:40.057Z" + }, + { + "VulnerabilityID": "CVE-2025-4673", + "VendorIDs": [ + "GO-2025-3751" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:04950be515e97208f8858f80763c111618cbb49f93c738babcb40c569677ba38", + "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", + "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:15887", + "https://access.redhat.com/security/cve/CVE-2025-4673", + "https://bugzilla.redhat.com/2373305", + "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", + "https://errata.almalinux.org/9/ALSA-2025-15887.html", + "https://errata.rockylinux.org/RLSA-2025:15887", + "https://go.dev/cl/679257", + "https://go.dev/issue/73816", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://linux.oracle.com/cve/CVE-2025-4673.html", + "https://linux.oracle.com/errata/ELSA-2025-10677.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", + "https://pkg.go.dev/vuln/GO-2025-3751", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-4673" + ], + "PublishedDate": "2025-06-11T17:15:42.993Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-47906", + "VendorIDs": [ + "GO-2025-3956" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c91525bcd5643394fe3e9779e299a8eab3559de97044221894f2ecbb6c5c83fe", + "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", + "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:22005", + "https://access.redhat.com/security/cve/CVE-2025-47906", + "https://bugzilla.redhat.com/2396546", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", + "https://errata.almalinux.org/9/ALSA-2025-22005.html", + "https://errata.rockylinux.org/RLSA-2025:22005", + "https://go.dev/cl/691775", + "https://go.dev/issue/74466", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47906.html", + "https://linux.oracle.com/errata/ELSA-2025-22668.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", + "https://pkg.go.dev/vuln/GO-2025-3956", + "https://www.cve.org/CVERecord?id=CVE-2025-47906" + ], + "PublishedDate": "2025-09-18T19:15:37.66Z", + "LastModifiedDate": "2026-01-27T19:56:17.707Z" + }, + { + "VulnerabilityID": "CVE-2025-47907", + "VendorIDs": [ + "GO-2025-3849" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:44a134cdbbf06250470ed0522690f43de09fa40d68a03e0fd92b0a85cdc6f100", + "Title": "database/sql: Postgres Scan Race Condition", + "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:20909", + "https://access.redhat.com/security/cve/CVE-2025-47907", + "https://bugzilla.redhat.com/2387083", + "https://bugzilla.redhat.com/2393152", + "https://errata.almalinux.org/9/ALSA-2025-20909.html", + "https://go.dev/cl/693735", + "https://go.dev/issue/74831", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47907.html", + "https://linux.oracle.com/errata/ELSA-2025-20983.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", + "https://pkg.go.dev/vuln/GO-2025-3849", + "https://www.cve.org/CVERecord?id=CVE-2025-47907" + ], + "PublishedDate": "2025-08-07T16:15:30.357Z", + "LastModifiedDate": "2026-01-29T19:11:50.67Z" + }, + { + "VulnerabilityID": "CVE-2025-47912", + "VendorIDs": [ + "GO-2025-4010" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:68b5939d4cdb1194b5b55b14ce2246f3637a3e6e30d7671c17d1a01fa4130bd0", + "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", + "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-47912", + "https://go.dev/cl/709857", + "https://go.dev/issue/75678", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", + "https://pkg.go.dev/vuln/GO-2025-4010", + "https://www.cve.org/CVERecord?id=CVE-2025-47912" + ], + "PublishedDate": "2025-10-29T23:16:18.187Z", + "LastModifiedDate": "2026-01-29T13:57:18.69Z" + }, + { + "VulnerabilityID": "CVE-2025-58183", + "VendorIDs": [ + "GO-2025-4014" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ce6d0bc7680092205141ce6ee1116888e2e043a31dff7a9c00f43f97981e6e69", + "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", + "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/errata/RHSA-2026:1381", + "https://access.redhat.com/security/cve/CVE-2025-58183", + "https://bugzilla.redhat.com/2407258", + "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", + "https://errata.almalinux.org/9/ALSA-2026-1381.html", + "https://errata.rockylinux.org/RLSA-2025:23326", + "https://go.dev/cl/709861", + "https://go.dev/issue/75677", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://linux.oracle.com/cve/CVE-2025-58183.html", + "https://linux.oracle.com/errata/ELSA-2026-50076.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", + "https://pkg.go.dev/vuln/GO-2025-4014", + "https://www.cve.org/CVERecord?id=CVE-2025-58183" + ], + "PublishedDate": "2025-10-29T23:16:19.357Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-58185", + "VendorIDs": [ + "GO-2025-4011" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f5cf5f81e613eb1dfa52b88d392d64c2075fe7e4320a31d8b5a2b12220065829", + "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", + "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58185", + "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", + "https://go.dev/cl/709856", + "https://go.dev/issue/75671", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", + "https://pkg.go.dev/vuln/GO-2025-4011", + "https://www.cve.org/CVERecord?id=CVE-2025-58185" + ], + "PublishedDate": "2025-10-29T23:16:19.45Z", + "LastModifiedDate": "2026-02-06T20:26:41.997Z" + }, + { + "VulnerabilityID": "CVE-2025-58187", + "VendorIDs": [ + "GO-2025-4007" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.9, 1.25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bbcba2352edd6d942d7123f021a28cf563577da314fdde33990ff2bf8fed8fb1", + "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", + "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58187", + "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", + "https://go.dev/cl/709854", + "https://go.dev/issue/75681", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", + "https://pkg.go.dev/vuln/GO-2025-4007", + "https://www.cve.org/CVERecord?id=CVE-2025-58187" + ], + "PublishedDate": "2025-10-29T23:16:19.643Z", + "LastModifiedDate": "2026-01-29T16:02:27.08Z" + }, + { + "VulnerabilityID": "CVE-2025-58188", + "VendorIDs": [ + "GO-2025-4013" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bee973e1ccbf3bd422399a7a5656b226f862ca1b0d1c099df7a02906ed337de4", + "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", + "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58188", + "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", + "https://go.dev/cl/709853", + "https://go.dev/issue/75675", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", + "https://pkg.go.dev/vuln/GO-2025-4013", + "https://www.cve.org/CVERecord?id=CVE-2025-58188" + ], + "PublishedDate": "2025-10-29T23:16:19.74Z", + "LastModifiedDate": "2026-01-29T15:55:11.97Z" + }, + { + "VulnerabilityID": "CVE-2025-58189", + "VendorIDs": [ + "GO-2025-4008" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:00da960d62aabcc580c3480402caedc2ba66ad9b7af790d53ac2fdc1592d8c62", + "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", + "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-532" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58189", + "https://go.dev/cl/707776", + "https://go.dev/issue/75652", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", + "https://pkg.go.dev/vuln/GO-2025-4008", + "https://www.cve.org/CVERecord?id=CVE-2025-58189" + ], + "PublishedDate": "2025-10-29T23:16:19.833Z", + "LastModifiedDate": "2026-01-29T15:49:24.543Z" + }, + { + "VulnerabilityID": "CVE-2025-61723", + "VendorIDs": [ + "GO-2025-4009" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1738df9520b519789d56e37ec8f7635857bbe98fe65e909d720daad3009cbeae", + "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", + "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61723", + "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", + "https://go.dev/cl/709858", + "https://go.dev/issue/75676", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", + "https://pkg.go.dev/vuln/GO-2025-4009", + "https://www.cve.org/CVERecord?id=CVE-2025-61723" + ], + "PublishedDate": "2025-10-29T23:16:19.927Z", + "LastModifiedDate": "2026-01-29T15:49:05.343Z" + }, + { + "VulnerabilityID": "CVE-2025-61724", + "VendorIDs": [ + "GO-2025-4015" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f39764349d5d15a275aa1f5e729f0ef85e32e2c9013520238139a2a0fa336c57", + "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", + "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61724", + "https://go.dev/cl/709859", + "https://go.dev/issue/75716", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", + "https://pkg.go.dev/vuln/GO-2025-4015", + "https://www.cve.org/CVERecord?id=CVE-2025-61724" + ], + "PublishedDate": "2025-10-29T23:16:20.02Z", + "LastModifiedDate": "2026-01-29T15:30:53.69Z" + }, + { + "VulnerabilityID": "CVE-2025-61725", + "VendorIDs": [ + "GO-2025-4006" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:86dba3886dda4f257f8ed37e9135a833eb6558d43cdf03a5e881b1789c1c9747", + "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", + "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61725", + "https://go.dev/cl/709860", + "https://go.dev/issue/75680", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", + "https://pkg.go.dev/vuln/GO-2025-4006", + "https://www.cve.org/CVERecord?id=CVE-2025-61725" + ], + "PublishedDate": "2025-10-29T23:16:20.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61727", + "VendorIDs": [ + "GO-2025-4175" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3f84dfe8a7541f46eaf48731e2f88c425d948ef5f68da5c8e0a0d497b344e92d", + "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", + "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61727", + "https://go.dev/cl/723900", + "https://go.dev/issue/76442", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", + "https://pkg.go.dev/vuln/GO-2025-4175", + "https://www.cve.org/CVERecord?id=CVE-2025-61727" + ], + "PublishedDate": "2025-12-03T20:16:25.607Z", + "LastModifiedDate": "2025-12-18T20:15:10.957Z" + }, + { + "VulnerabilityID": "CVE-2025-61728", + "VendorIDs": [ + "GO-2026-4342" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:053d2524af94a204c04caf2398b8847cd157f8763afab7c117823d56427ecb48", + "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", + "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/15/4", + "https://access.redhat.com/errata/RHSA-2026:3753", + "https://access.redhat.com/security/cve/CVE-2025-61728", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434431", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3753.html", + "https://errata.rockylinux.org/RLSA-2026:3337", + "https://go.dev/cl/736713", + "https://go.dev/issue/77102", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61728.html", + "https://linux.oracle.com/errata/ELSA-2026-4672.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", + "https://pkg.go.dev/vuln/GO-2026-4342", + "https://www.cve.org/CVERecord?id=CVE-2025-61728" + ], + "PublishedDate": "2026-01-28T20:16:09.83Z", + "LastModifiedDate": "2026-02-06T18:45:10.42Z" + }, + { + "VulnerabilityID": "CVE-2025-61730", + "VendorIDs": [ + "GO-2026-4340" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b9ee830a115cc19c2ceac762bb6084d4a2d6ab4c2ffd22557059df5d480f513d", + "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", + "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "bitnami": 2, + "cbl-mariner": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61730", + "https://go.dev/cl/724120", + "https://go.dev/issue/76443", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", + "https://pkg.go.dev/vuln/GO-2026-4340", + "https://www.cve.org/CVERecord?id=CVE-2025-61730" + ], + "PublishedDate": "2026-01-28T20:16:09.94Z", + "LastModifiedDate": "2026-02-03T20:36:41.3Z" + }, + { + "VulnerabilityID": "CVE-2026-27142", + "VendorIDs": [ + "GO-2026-4603" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6fddd0ccb942b6635289b13a2e5fc7f8cfcf7e88556a0f1af7d7ddc4415ddf11", + "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", + "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27142", + "https://go.dev/cl/752081", + "https://go.dev/issue/77954", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", + "https://pkg.go.dev/vuln/GO-2026-4603", + "https://www.cve.org/CVERecord?id=CVE-2026-27142" + ], + "PublishedDate": "2026-03-06T22:16:01.177Z", + "LastModifiedDate": "2026-04-21T14:30:01.38Z" + }, + { + "VulnerabilityID": "CVE-2026-32282", + "VendorIDs": [ + "GO-2026-4864" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:cb3c313b174dc07bc2ec3e3f0a2ede18eb93cd9b5f8aa7dbe34cd4ab666d6590", + "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", + "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32282", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763761", + "https://go.dev/issue/78293", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32282.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", + "https://pkg.go.dev/vuln/GO-2026-4864", + "https://www.cve.org/CVERecord?id=CVE-2026-32282" + ], + "PublishedDate": "2026-04-08T02:16:03.467Z", + "LastModifiedDate": "2026-04-16T19:15:39.4Z" + }, + { + "VulnerabilityID": "CVE-2026-32288", + "VendorIDs": [ + "GO-2026-4869" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bff6319f0195a747007b15235b0cee1c5bf25826ce03a4e6068cc3047061132c", + "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", + "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32288", + "https://go.dev/cl/763766", + "https://go.dev/issue/78301", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", + "https://pkg.go.dev/vuln/GO-2026-4869", + "https://www.cve.org/CVERecord?id=CVE-2026-32288" + ], + "PublishedDate": "2026-04-08T02:16:03.707Z", + "LastModifiedDate": "2026-04-16T19:08:52.24Z" + }, + { + "VulnerabilityID": "CVE-2026-32289", + "VendorIDs": [ + "GO-2026-4865" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:afb3468447b09de481871673ffefd4a4431c7d946a92f25b4e9a88d083b202da", + "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", + "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32289", + "https://go.dev/cl/763762", + "https://go.dev/issue/78331", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", + "https://pkg.go.dev/vuln/GO-2026-4865", + "https://www.cve.org/CVERecord?id=CVE-2026-32289" + ], + "PublishedDate": "2026-04-08T02:16:03.82Z", + "LastModifiedDate": "2026-04-16T19:06:57.367Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d20f93a1f12bde8dfe7a1cd125bc7a1e1f8fb9eafdfc7f9d06890f248b62c077", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f1b23859f09ef74a55dc825f4478cd99ec293ed3ec6b5b5eeff4e28117c764ce", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.16.7", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.16.7", + "UID": "842f8cb891eb0d61" + }, + "InstalledVersion": "v1.16.7", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", + "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4b024e76e5bc69b3939f6dc0c27ab2674dc1bb108622cf26c56a09489de644c2", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + } + ] + }, + { + "Namespace": "m3uproxy", + "Kind": "CronJob", + "Name": "geoip-update", + "Metadata": [ + { + "Size": 18586624, + "OS": { + "Family": "alpine", + "Name": "3.22.0" + }, + "ImageID": "sha256:9c9bbdc7527b0ded5cb99953f638220a88bbab20bcb7a0aab765e669e0ea439e", + "DiffIDs": [ + "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4", + "sha256:c5660a38cc9818e577cfb7157f48548aec9563399b78cae92d75cfca3786f1b7", + "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51", + "sha256:503d147e482637d20b5f6c82e9dca4d56ce203ef7bf33594bda2564859d02255", + "sha256:9c323009d257d2df356a4f7991e6a65999d484e2b30e537b1c884da939d17017", + "sha256:0cc55a3417a6931dde3668c57d0f3a5b728d280f7d4be4769c85e12e6889d3ef" + ], + "RepoTags": [ + "maxmindinc/geoipupdate:latest" + ], + "RepoDigests": [ + "maxmindinc/geoipupdate@sha256:faecdca22579730ab0b7dea5aa9af350bb3c93cb9d39845c173639ead30346d2" + ], + "Reference": "maxmindinc/geoipupdate:latest", + "ImageConfig": { + "architecture": "amd64", + "created": "2025-07-09T20:56:27.445175667Z", + "history": [ + { + "created": "2025-05-30T16:20:41Z", + "created_by": "ADD alpine-minirootfs-3.22.0-x86_64.tar.gz / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-05-30T16:20:41Z", + "created_by": "CMD [\"/bin/sh\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-07-09T20:47:09.854741761Z", + "created_by": "RUN /bin/sh -c apk update \u0026\u0026 apk add jq # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-07-09T20:56:27.318595732Z", + "created_by": "COPY geoipupdate /usr/bin/geoipupdate # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-07-09T20:56:27.358576842Z", + "created_by": "COPY docker/entry.sh /usr/bin/entry.sh # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-07-09T20:56:27.399214452Z", + "created_by": "COPY docker/healthcheck.sh /usr/bin/healthcheck.sh # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-07-09T20:56:27.445175667Z", + "created_by": "ENTRYPOINT [\"/usr/bin/entry.sh\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-07-09T20:56:27.445175667Z", + "created_by": "HEALTHCHECK \u0026{[\"CMD\" \"/usr/bin/healthcheck.sh\"] \"10s\" \"10s\" \"0s\" \"0s\" '\\x00'}", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-07-09T20:56:27.445175667Z", + "created_by": "VOLUME [/usr/share/GeoIP]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-07-09T20:56:27.445175667Z", + "created_by": "WORKDIR /var/lib/geoipupdate", + "comment": "buildkit.dockerfile.v0" + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4", + "sha256:c5660a38cc9818e577cfb7157f48548aec9563399b78cae92d75cfca3786f1b7", + "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51", + "sha256:503d147e482637d20b5f6c82e9dca4d56ce203ef7bf33594bda2564859d02255", + "sha256:9c323009d257d2df356a4f7991e6a65999d484e2b30e537b1c884da939d17017", + "sha256:0cc55a3417a6931dde3668c57d0f3a5b728d280f7d4be4769c85e12e6889d3ef" + ] + }, + "config": { + "Healthcheck": { + "Test": [ + "CMD", + "/usr/bin/healthcheck.sh" + ], + "Interval": 10000000000, + "Timeout": 10000000000 + }, + "Entrypoint": [ + "/usr/bin/entry.sh" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ], + "Volumes": { + "/usr/share/GeoIP": {} + }, + "WorkingDir": "/var/lib/geoipupdate" + } + }, + "Layers": [ + { + "Size": 8593920, + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + { + "Size": 3548672, + "Digest": "sha256:3a3d1989b42039025876d69ab36ecac567ed65b78b711ced035d06a7e01711d5", + "DiffID": "sha256:c5660a38cc9818e577cfb7157f48548aec9563399b78cae92d75cfca3786f1b7" + }, + { + "Size": 6433792, + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + { + "Size": 4096, + "Digest": "sha256:b59fdcd4cae99a4190a87d3f08190b1aff3c94768d7ef4975750789934d7a3f4", + "DiffID": "sha256:503d147e482637d20b5f6c82e9dca4d56ce203ef7bf33594bda2564859d02255" + }, + { + "Size": 3584, + "Digest": "sha256:f58d0f0a3a4ea79f9f8f550e9a39d6d7e00e424d9e625aac1dc9ec8c06b9a71f", + "DiffID": "sha256:9c323009d257d2df356a4f7991e6a65999d484e2b30e537b1c884da939d17017" + }, + { + "Size": 2560, + "Digest": "sha256:7d09e20a91f5010530d801c18812ed4fdb08c83727f01516a7731a668e4b5bda", + "DiffID": "sha256:0cc55a3417a6931dde3668c57d0f3a5b728d280f7d4be4769c85e12e6889d3ef" + } + ] + } + ], + "Results": [ + { + "Target": "maxmindinc/geoipupdate:latest (alpine 3.22.0)", + "Class": "os-pkgs", + "Type": "alpine", + "Packages": [ + { + "ID": "alpine-baselayout@3.7.0-r0", + "Name": "alpine-baselayout", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout@3.7.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "e1b004c7909e5e42" + }, + "Version": "3.7.0-r0", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.7.0-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-baselayout-data@3.7.0-r0", + "busybox-binsh@1.37.0-r18" + ], + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "Digest": "sha1:29f99748eea1ffe01f70b34024dc45c46d211f8d", + "InstalledFiles": [ + "etc/motd", + "etc/crontabs/root", + "etc/modprobe.d/aliases.conf", + "etc/modprobe.d/blacklist.conf", + "etc/modprobe.d/i386.conf", + "etc/profile.d/20locale.sh", + "etc/profile.d/README", + "etc/profile.d/color_prompt.sh.disabled", + "usr/lib/sysctl.d/00-alpine.conf", + "var/lock", + "var/run", + "var/spool/mail", + "var/spool/cron/crontabs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-baselayout-data@3.7.0-r0", + "Name": "alpine-baselayout-data", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.7.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "ab78613e89e34197" + }, + "Version": "3.7.0-r0", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.7.0-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "Digest": "sha1:73f5ef65f8333a1784102df973c076d5a7d5b5fe", + "InstalledFiles": [ + "etc/fstab", + "etc/group", + "etc/hostname", + "etc/hosts", + "etc/inittab", + "etc/modules", + "etc/mtab", + "etc/nsswitch.conf", + "etc/passwd", + "etc/profile", + "etc/protocols", + "etc/services", + "etc/shadow", + "etc/shells", + "etc/sysctl.conf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-keys@2.5-r0", + "Name": "alpine-keys", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-keys@2.5-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "82fba6933d3c7e01" + }, + "Version": "2.5-r0", + "Arch": "x86_64", + "SrcName": "alpine-keys", + "SrcVersion": "2.5-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "Digest": "sha1:b175e48144ebad03d6ba11d45b25aafc2de310c1", + "InstalledFiles": [ + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/loongarch64/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", + "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-release@3.22.0-r0", + "Name": "alpine-release", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-release@3.22.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "e327396de1f915d" + }, + "Version": "3.22.0-r0", + "Arch": "x86_64", + "SrcName": "alpine-base", + "SrcVersion": "3.22.0-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-keys@2.5-r0" + ], + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "Digest": "sha1:cf85a5b0d8654cc10db1058c8c13f521729d5dfd", + "InstalledFiles": [ + "etc/alpine-release", + "etc/issue", + "etc/os-release", + "etc/secfixes.d/alpine", + "usr/lib/os-release" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "apk-tools@2.14.9-r2", + "Name": "apk-tools", + "Identifier": { + "PURL": "pkg:apk/alpine/apk-tools@2.14.9-r2?arch=x86_64\u0026distro=3.22.0", + "UID": "36b8bfe2ff266466" + }, + "Version": "2.14.9-r2", + "Arch": "x86_64", + "SrcName": "apk-tools", + "SrcVersion": "2.14.9-r2", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "ca-certificates-bundle@20241121-r2", + "libapk2@2.14.9-r2", + "libcrypto3@3.5.0-r0", + "musl@1.2.5-r10", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "Digest": "sha1:2a8910d00ac31df2e1ccd94127488ea3a06e2d48", + "InstalledFiles": [ + "sbin/apk" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox@1.37.0-r18", + "Name": "busybox", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox@1.37.0-r18?arch=x86_64\u0026distro=3.22.0", + "UID": "3da78128164dbbc4" + }, + "Version": "1.37.0-r18", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r18", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "Digest": "sha1:21558d4968f31dcc377c0f27dae9bb0f32bb25d2", + "InstalledFiles": [ + "bin/busybox", + "etc/securetty", + "etc/busybox-paths.d/busybox", + "etc/logrotate.d/acpid", + "etc/network/if-up.d/dad", + "etc/udhcpc/udhcpc.conf", + "usr/share/udhcpc/default.script" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox-binsh@1.37.0-r18", + "Name": "busybox-binsh", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r18?arch=x86_64\u0026distro=3.22.0", + "UID": "c66405e3f8ffde54" + }, + "Version": "1.37.0-r18", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r18", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "busybox@1.37.0-r18" + ], + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "Digest": "sha1:4bcdab5f9122afb4de71bfe8b1125c0c02796793", + "InstalledFiles": [ + "bin/sh" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates-bundle@20241121-r2", + "Name": "ca-certificates-bundle", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates-bundle@20241121-r2?arch=x86_64\u0026distro=3.22.0", + "UID": "7f70be79a84f59a3" + }, + "Version": "20241121-r2", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20241121-r2", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "Digest": "sha1:9d2aaa4ca9f2446fc14264d515907f2e024fafab", + "InstalledFiles": [ + "etc/ssl/cert.pem", + "etc/ssl/certs/ca-certificates.crt", + "etc/ssl1.1/cert.pem", + "etc/ssl1.1/certs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "jq@1.8.0-r0", + "Name": "jq", + "Identifier": { + "PURL": "pkg:apk/alpine/jq@1.8.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "bbe3dd443ebd92cf" + }, + "Version": "1.8.0-r0", + "Arch": "x86_64", + "SrcName": "jq", + "SrcVersion": "1.8.0-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Patrycja Rosa \u003calpine@ptrcnull.me\u003e", + "DependsOn": [ + "musl@1.2.5-r10", + "oniguruma@6.9.10-r0" + ], + "Layer": { + "Digest": "sha256:3a3d1989b42039025876d69ab36ecac567ed65b78b711ced035d06a7e01711d5", + "DiffID": "sha256:c5660a38cc9818e577cfb7157f48548aec9563399b78cae92d75cfca3786f1b7" + }, + "Digest": "sha1:046d6a5ebd03c022be79d5ee4f32a73b96af8ab2", + "InstalledFiles": [ + "usr/bin/jq", + "usr/lib/libjq.so.1", + "usr/lib/libjq.so.1.0.4" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libapk2@2.14.9-r2", + "Name": "libapk2", + "Identifier": { + "PURL": "pkg:apk/alpine/libapk2@2.14.9-r2?arch=x86_64\u0026distro=3.22.0", + "UID": "e8d5029390f2f066" + }, + "Version": "2.14.9-r2", + "Arch": "x86_64", + "SrcName": "apk-tools", + "SrcVersion": "2.14.9-r2", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "ca-certificates-bundle@20241121-r2", + "libcrypto3@3.5.0-r0", + "libssl3@3.5.0-r0", + "musl@1.2.5-r10", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "Digest": "sha1:d3a20797fcda1b5742c119ffc146c1e110ed418e", + "InstalledFiles": [ + "usr/lib/libapk.so.2.14.9" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcrypto3@3.5.0-r0", + "Name": "libcrypto3", + "Identifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "4cbb55f7384d8982" + }, + "Version": "3.5.0-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.5.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "Digest": "sha1:3749edc5c03dedec613b9e2ee94740249dab2754", + "InstalledFiles": [ + "etc/ssl/ct_log_list.cnf", + "etc/ssl/ct_log_list.cnf.dist", + "etc/ssl/openssl.cnf", + "etc/ssl/openssl.cnf.dist", + "usr/lib/libcrypto.so.3", + "usr/lib/engines-3/afalg.so", + "usr/lib/engines-3/capi.so", + "usr/lib/engines-3/loader_attic.so", + "usr/lib/engines-3/padlock.so", + "usr/lib/ossl-modules/legacy.so" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libssl3@3.5.0-r0", + "Name": "libssl3", + "Identifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "2eea6099948a2fb" + }, + "Version": "3.5.0-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.5.0-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcrypto3@3.5.0-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "Digest": "sha1:8282bdd4fed1379f22e199f05aefd3d50a10e49b", + "InstalledFiles": [ + "usr/lib/libssl.so.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl@1.2.5-r10", + "Name": "musl", + "Identifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r10?arch=x86_64\u0026distro=3.22.0", + "UID": "55e7e479f5580f45" + }, + "Version": "1.2.5-r10", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.5-r10", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "Digest": "sha1:59283b61db830a0a0309c98f4db906a2d8fa342b", + "InstalledFiles": [ + "lib/ld-musl-x86_64.so.1", + "lib/libc.musl-x86_64.so.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl-utils@1.2.5-r10", + "Name": "musl-utils", + "Identifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r10?arch=x86_64\u0026distro=3.22.0", + "UID": "73256102bfd5faee" + }, + "Version": "1.2.5-r10", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.5-r10", + "Licenses": [ + "MIT", + "BSD-2-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10", + "scanelf@1.3.8-r1" + ], + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "Digest": "sha1:7e60d0820813baa8ac266bee158394c0a69f104a", + "InstalledFiles": [ + "sbin/ldconfig", + "usr/bin/getconf", + "usr/bin/getent", + "usr/bin/iconv", + "usr/bin/ldd" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "oniguruma@6.9.10-r0", + "Name": "oniguruma", + "Identifier": { + "PURL": "pkg:apk/alpine/oniguruma@6.9.10-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "1ed61c4d240e1101" + }, + "Version": "6.9.10-r0", + "Arch": "x86_64", + "SrcName": "oniguruma", + "SrcVersion": "6.9.10-r0", + "Licenses": [ + "BSD-2-Clause" + ], + "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:3a3d1989b42039025876d69ab36ecac567ed65b78b711ced035d06a7e01711d5", + "DiffID": "sha256:c5660a38cc9818e577cfb7157f48548aec9563399b78cae92d75cfca3786f1b7" + }, + "Digest": "sha1:41d4b327e97551f00edeeeeb41288466c6d04477", + "InstalledFiles": [ + "usr/lib/libonig.so.5", + "usr/lib/libonig.so.5.5.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "scanelf@1.3.8-r1", + "Name": "scanelf", + "Identifier": { + "PURL": "pkg:apk/alpine/scanelf@1.3.8-r1?arch=x86_64\u0026distro=3.22.0", + "UID": "be156a8575875ef7" + }, + "Version": "1.3.8-r1", + "Arch": "x86_64", + "SrcName": "pax-utils", + "SrcVersion": "1.3.8-r1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "Digest": "sha1:bd6dd1c820d476bcdf8ee38f003bcf2a73323b13", + "InstalledFiles": [ + "usr/bin/scanelf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ssl_client@1.37.0-r18", + "Name": "ssl_client", + "Identifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r18?arch=x86_64\u0026distro=3.22.0", + "UID": "8c85a01420c1a048" + }, + "Version": "1.37.0-r18", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r18", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "libcrypto3@3.5.0-r0", + "libssl3@3.5.0-r0", + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "Digest": "sha1:7fa2e0f5a78d7061d18653bc5e38cb83c42d2f3a", + "InstalledFiles": [ + "usr/bin/ssl_client" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "zlib@1.3.1-r2", + "Name": "zlib", + "Identifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.22.0", + "UID": "23095b6210429e11" + }, + "Version": "1.3.1-r2", + "Arch": "x86_64", + "SrcName": "zlib", + "SrcVersion": "1.3.1-r2", + "Licenses": [ + "Zlib" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r10" + ], + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "Digest": "sha1:bf7d90d89e5429c18167b91ab8d7e6256cfc7fdf", + "InstalledFiles": [ + "usr/lib/libz.so.1", + "usr/lib/libz.so.1.3.1" + ], + "AnalyzedBy": "apk" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2024-58251", + "PkgID": "busybox@1.37.0-r18", + "PkgName": "busybox", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox@1.37.0-r18?arch=x86_64\u0026distro=3.22.0", + "UID": "3da78128164dbbc4" + }, + "InstalledVersion": "1.37.0-r18", + "FixedVersion": "1.37.0-r20", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:33d5b0c0db42c7f1bb832edf39490540f247229f61da5f1465e9725e5bde25d4", + "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", + "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/23/6", + "https://bugs.busybox.net/show_bug.cgi?id=15922", + "https://www.busybox.net", + "https://www.busybox.net/downloads/", + "https://www.cve.org/CVERecord?id=CVE-2024-58251" + ], + "PublishedDate": "2025-04-23T18:16:03.057Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-58251", + "PkgID": "busybox-binsh@1.37.0-r18", + "PkgName": "busybox-binsh", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r18?arch=x86_64\u0026distro=3.22.0", + "UID": "c66405e3f8ffde54" + }, + "InstalledVersion": "1.37.0-r18", + "FixedVersion": "1.37.0-r20", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:1502160de79420af95b3cff87ba5037faf6e180da4ad458686571216c6d8a6c0", + "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", + "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/23/6", + "https://bugs.busybox.net/show_bug.cgi?id=15922", + "https://www.busybox.net", + "https://www.busybox.net/downloads/", + "https://www.cve.org/CVERecord?id=CVE-2024-58251" + ], + "PublishedDate": "2025-04-23T18:16:03.057Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-49014", + "PkgID": "jq@1.8.0-r0", + "PkgName": "jq", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/jq@1.8.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "bbe3dd443ebd92cf" + }, + "InstalledVersion": "1.8.0-r0", + "FixedVersion": "1.8.1-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:3a3d1989b42039025876d69ab36ecac567ed65b78b711ced035d06a7e01711d5", + "DiffID": "sha256:c5660a38cc9818e577cfb7157f48548aec9563399b78cae92d75cfca3786f1b7" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-49014", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:b0c40c16862457cd8a4405922d4af54c707119c5582eb9db11a760f02b33540c", + "Title": "jq: jq Heap Use-After-Free Vulnerability", + "Description": "jq is a command-line JSON processor. In version 1.8.0 a heap use after free vulnerability exists within the function f_strflocaltime of /src/builtin.c. This issue has been patched in commit 499c91b, no known fix version exists at time of publication.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-49014", + "https://github.com/jqlang/jq/commit/499c91bca9d4d027833bc62787d1bb075c03680e", + "https://github.com/jqlang/jq/security/advisories/GHSA-rmjp-cr27-wpg2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-49014", + "https://www.cve.org/CVERecord?id=CVE-2025-49014" + ], + "PublishedDate": "2025-06-19T15:15:20.65Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2026-31789", + "PkgID": "libcrypto3@3.5.0-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "4cbb55f7384d8982" + }, + "InstalledVersion": "3.5.0-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:b6a0321a2833ef901ce0d6da909d7478ac5f469f4cc9037ffb1b21fa8049d9a2", + "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", + "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "nvd": 4, + "photon": 4, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 5.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31789", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-j79m-9jxq-788r", + "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", + "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", + "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", + "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", + "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31789", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.617Z", + "LastModifiedDate": "2026-05-12T13:17:34.57Z" + }, + { + "VulnerabilityID": "CVE-2025-15467", + "PkgID": "libcrypto3@3.5.0-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "4cbb55f7384d8982" + }, + "InstalledVersion": "3.5.0-r0", + "FixedVersion": "3.5.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:8a7ac29c9c3ee11a0bdd0f76b473925909f3467bc521b7d6b75d36c62b24d729", + "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", + "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 4, + "julia": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6", + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-15467", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", + "https://github.com/guiimoraes/CVE-2025-15467", + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://linux.oracle.com/cve/CVE-2025-15467.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-15467" + ], + "PublishedDate": "2026-01-27T16:16:14.257Z", + "LastModifiedDate": "2026-05-07T18:12:43.253Z" + }, + { + "VulnerabilityID": "CVE-2025-69421", + "PkgID": "libcrypto3@3.5.0-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "4cbb55f7384d8982" + }, + "InstalledVersion": "3.5.0-r0", + "FixedVersion": "3.5.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:893f73a56166c73c218570fcee053bb675863382642ed20de85c710e627711b2", + "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", + "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-69421", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://linux.oracle.com/cve/CVE-2025-69421.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69421" + ], + "PublishedDate": "2026-01-27T16:16:34.437Z", + "LastModifiedDate": "2026-05-12T13:17:26.71Z" + }, + { + "VulnerabilityID": "CVE-2026-28387", + "PkgID": "libcrypto3@3.5.0-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "4cbb55f7384d8982" + }, + "InstalledVersion": "3.5.0-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:6c79a6e6f8984df42fda1ae0ca8941244d9dca51a878c4e449084c3005b595d1", + "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", + "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28387", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", + "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", + "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", + "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", + "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28387", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.7Z", + "LastModifiedDate": "2026-05-12T13:17:33.27Z" + }, + { + "VulnerabilityID": "CVE-2026-28388", + "PkgID": "libcrypto3@3.5.0-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "4cbb55f7384d8982" + }, + "InstalledVersion": "3.5.0-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:1d4c149c95f1aa465dc91262841c7f91bf1c56cd646abd7bf3f0cbc2f71640f5", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", + "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28388", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", + "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", + "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", + "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", + "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28388", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.863Z", + "LastModifiedDate": "2026-05-12T13:17:33.453Z" + }, + { + "VulnerabilityID": "CVE-2026-28389", + "PkgID": "libcrypto3@3.5.0-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "4cbb55f7384d8982" + }, + "InstalledVersion": "3.5.0-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:0a15bc4edf19170cc956e0ac987604a0d1b71d155275869cbd2341cb6871ca99", + "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28389", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/advisories/GHSA-7x88-9hgc-69gf", + "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", + "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", + "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", + "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", + "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28389", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.03Z", + "LastModifiedDate": "2026-05-12T13:17:33.637Z" + }, + { + "VulnerabilityID": "CVE-2026-28390", + "PkgID": "libcrypto3@3.5.0-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "4cbb55f7384d8982" + }, + "InstalledVersion": "3.5.0-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:aafb18796a85e9894a53464afb3244e3682f12c465bdb22329610206a2ca965a", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28390", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", + "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", + "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", + "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", + "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28390", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.19Z", + "LastModifiedDate": "2026-05-12T13:17:33.81Z" + }, + { + "VulnerabilityID": "CVE-2025-11187", + "PkgID": "libcrypto3@3.5.0-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "4cbb55f7384d8982" + }, + "InstalledVersion": "3.5.0-r0", + "FixedVersion": "3.5.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11187", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:82500943046483034d5abe872e288466779357258095b0ad837000dd06c9a4fd", + "Title": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file", + "Description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476", + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "julia": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-11187", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-hpc7-gcqm-58fv", + "https://github.com/metadust/CVE-2025-11187", + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://linux.oracle.com/cve/CVE-2025-11187.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-11187" + ], + "PublishedDate": "2026-01-27T16:16:14.093Z", + "LastModifiedDate": "2026-03-20T14:16:13.89Z" + }, + { + "VulnerabilityID": "CVE-2025-4575", + "PkgID": "libcrypto3@3.5.0-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "4cbb55f7384d8982" + }, + "InstalledVersion": "3.5.0-r0", + "FixedVersion": "3.5.1-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4575", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:5a7672d1f2cc73e9882ae40dfb536944555590b8f9ea4e3d65e0b73d6a1396a7", + "Title": "Issue summary: Use of -addreject option with the openssl x509 applicat ...", + "Description": "Issue summary: Use of -addreject option with the openssl x509 application adds\na trusted use instead of a rejected use for a certificate.\n\nImpact summary: If a user intends to make a trusted certificate rejected for\na particular use it will be instead marked as trusted for that use.\n\nA copy \u0026 paste error during minor refactoring of the code introduced this\nissue in the OpenSSL 3.5 version. If, for example, a trusted CA certificate\nshould be trusted only for the purpose of authenticating TLS servers but not\nfor CMS signature verification and the CMS signature verification is intended\nto be marked as rejected with the -addreject option, the resulting CA\ncertificate will be trusted for CMS signature verification purpose instead.\n\nOnly users which use the trusted certificate format who use the openssl x509\ncommand line application to add rejected uses are affected by this issue.\nThe issues affecting only the command line application are considered to\nbe Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue.\n\nOpenSSL 3.4, 3.3, 3.2, 3.1, 3.0, 1.1.1 and 1.0.2 are also not affected by this\nissue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "julia": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/22/1", + "https://github.com/advisories/GHSA-v8qh-5c5w-48pp", + "https://github.com/openssl/openssl/commit/e96d22446e633d117e6c9904cb15b4693e956eaa", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4575", + "https://openssl-library.org/news/secadv/20250522.txt" + ], + "PublishedDate": "2025-05-22T14:16:07.63Z", + "LastModifiedDate": "2025-10-23T14:51:30.377Z" + }, + { + "VulnerabilityID": "CVE-2025-69419", + "PkgID": "libcrypto3@3.5.0-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "4cbb55f7384d8982" + }, + "InstalledVersion": "3.5.0-r0", + "FixedVersion": "3.5.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:329ca292c906103e9c94999ba937af59c3255a1a5fb3db25f1807a33268953e2", + "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", + "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4472", + "https://access.redhat.com/security/cve/CVE-2025-69419", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-4472.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-x77r-97gw-wh89", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://linux.oracle.com/cve/CVE-2025-69419.html", + "https://linux.oracle.com/errata/ELSA-2026-50131.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69419" + ], + "PublishedDate": "2026-01-27T16:16:34.113Z", + "LastModifiedDate": "2026-05-12T13:17:26.19Z" + }, + { + "VulnerabilityID": "CVE-2025-9230", + "PkgID": "libcrypto3@3.5.0-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "4cbb55f7384d8982" + }, + "InstalledVersion": "3.5.0-r0", + "FixedVersion": "3.5.4-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:401ee2dfd28878e1f0e8f203aa3001a696f3ee4b60584a908f3f5a0fcd290d71", + "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", + "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://access.redhat.com/errata/RHSA-2026:2776", + "https://access.redhat.com/security/cve/CVE-2025-9230", + "https://bugzilla.redhat.com/2396054", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", + "https://errata.almalinux.org/9/ALSA-2026-2776.html", + "https://errata.rockylinux.org/RLSA-2025:21255", + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://linux.oracle.com/cve/CVE-2025-9230.html", + "https://linux.oracle.com/errata/ELSA-2026-50114.html", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9230" + ], + "PublishedDate": "2025-09-30T14:15:41.05Z", + "LastModifiedDate": "2026-05-12T13:17:29.767Z" + }, + { + "VulnerabilityID": "CVE-2025-9231", + "PkgID": "libcrypto3@3.5.0-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "4cbb55f7384d8982" + }, + "InstalledVersion": "3.5.0-r0", + "FixedVersion": "3.5.4-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:e69988bf421e9e5c06c890d9dbf90415babf73cfdca6592322514a36178f6857", + "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-385" + ], + "VendorSeverity": { + "amazon": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "http://www.openwall.com/lists/oss-security/2026/05/11/11", + "https://access.redhat.com/security/cve/CVE-2025-9231", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", + "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", + "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", + "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", + "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9231" + ], + "PublishedDate": "2025-09-30T14:15:41.19Z", + "LastModifiedDate": "2026-05-12T13:17:29.927Z" + }, + { + "VulnerabilityID": "CVE-2026-2673", + "PkgID": "libcrypto3@3.5.0-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "4cbb55f7384d8982" + }, + "InstalledVersion": "3.5.0-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2673", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:d7a360c69af30b24c668e18363d0cefa47ed335f4049b3e614907672be704a89", + "Title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group", + "Description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-757" + ], + "VendorSeverity": { + "amazon": 1, + "julia": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/13/3", + "https://access.redhat.com/security/cve/CVE-2026-2673", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-wj64-gh9j-xm82", + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", + "https://openssl-library.org/news/secadv/20260313.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-2673" + ], + "PublishedDate": "2026-03-13T19:54:34.033Z", + "LastModifiedDate": "2026-05-18T20:16:37.763Z" + }, + { + "VulnerabilityID": "CVE-2026-31790", + "PkgID": "libcrypto3@3.5.0-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "4cbb55f7384d8982" + }, + "InstalledVersion": "3.5.0-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:239fe000b3709b599671228100bfd056fd9f50b79f0534ab7f515feb5eeae54b", + "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", + "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31790", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", + "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", + "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", + "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", + "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", + "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31790", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.77Z", + "LastModifiedDate": "2026-05-12T13:17:34.75Z" + }, + { + "VulnerabilityID": "CVE-2026-31789", + "PkgID": "libssl3@3.5.0-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "2eea6099948a2fb" + }, + "InstalledVersion": "3.5.0-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:8ab96dd031df5aa92f842c09b9bc3a8547e1e64000597895e9f440cf05c7bec2", + "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", + "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "nvd": 4, + "photon": 4, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 5.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31789", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-j79m-9jxq-788r", + "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", + "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", + "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", + "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", + "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31789", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.617Z", + "LastModifiedDate": "2026-05-12T13:17:34.57Z" + }, + { + "VulnerabilityID": "CVE-2025-15467", + "PkgID": "libssl3@3.5.0-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "2eea6099948a2fb" + }, + "InstalledVersion": "3.5.0-r0", + "FixedVersion": "3.5.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:541936b67fa7a770e7dd387e4a79500f03e653897cb0c34cbe8359a65eed0308", + "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", + "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 4, + "julia": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6", + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-15467", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", + "https://github.com/guiimoraes/CVE-2025-15467", + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://linux.oracle.com/cve/CVE-2025-15467.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-15467" + ], + "PublishedDate": "2026-01-27T16:16:14.257Z", + "LastModifiedDate": "2026-05-07T18:12:43.253Z" + }, + { + "VulnerabilityID": "CVE-2025-69421", + "PkgID": "libssl3@3.5.0-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "2eea6099948a2fb" + }, + "InstalledVersion": "3.5.0-r0", + "FixedVersion": "3.5.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:347548b31bd15e3d1d83e7ee2d7bd455a25eb341deb34789d67990a0aacd1ae5", + "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", + "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-69421", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://linux.oracle.com/cve/CVE-2025-69421.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69421" + ], + "PublishedDate": "2026-01-27T16:16:34.437Z", + "LastModifiedDate": "2026-05-12T13:17:26.71Z" + }, + { + "VulnerabilityID": "CVE-2026-28387", + "PkgID": "libssl3@3.5.0-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "2eea6099948a2fb" + }, + "InstalledVersion": "3.5.0-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:431a86303059eb4fddf40959554db3779e6d6b2573e4aa156faf70ea6feffdc0", + "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", + "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28387", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", + "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", + "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", + "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", + "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28387", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.7Z", + "LastModifiedDate": "2026-05-12T13:17:33.27Z" + }, + { + "VulnerabilityID": "CVE-2026-28388", + "PkgID": "libssl3@3.5.0-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "2eea6099948a2fb" + }, + "InstalledVersion": "3.5.0-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:c83dc8da0a0b9574529eef6220a4c4161f046f8e8789cb261e18d500dbf65398", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", + "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28388", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", + "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", + "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", + "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", + "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28388", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.863Z", + "LastModifiedDate": "2026-05-12T13:17:33.453Z" + }, + { + "VulnerabilityID": "CVE-2026-28389", + "PkgID": "libssl3@3.5.0-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "2eea6099948a2fb" + }, + "InstalledVersion": "3.5.0-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:36f481152bfa5a48589f1ef8fe451230c13120f209a6463928b49248970ddee0", + "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28389", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/advisories/GHSA-7x88-9hgc-69gf", + "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", + "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", + "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", + "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", + "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28389", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.03Z", + "LastModifiedDate": "2026-05-12T13:17:33.637Z" + }, + { + "VulnerabilityID": "CVE-2026-28390", + "PkgID": "libssl3@3.5.0-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "2eea6099948a2fb" + }, + "InstalledVersion": "3.5.0-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:f7c3bca817cbcffbe76a46bfaa22b59feb1693657b71290591ca6748b0cb6099", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28390", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", + "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", + "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", + "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", + "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28390", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.19Z", + "LastModifiedDate": "2026-05-12T13:17:33.81Z" + }, + { + "VulnerabilityID": "CVE-2025-11187", + "PkgID": "libssl3@3.5.0-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "2eea6099948a2fb" + }, + "InstalledVersion": "3.5.0-r0", + "FixedVersion": "3.5.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11187", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:adc6f34754ce15d7c1a25769625c4cb81a5d59e689f9dfede7fd231235d79d0d", + "Title": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file", + "Description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476", + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "julia": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-11187", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-hpc7-gcqm-58fv", + "https://github.com/metadust/CVE-2025-11187", + "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", + "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", + "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", + "https://linux.oracle.com/cve/CVE-2025-11187.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-11187" + ], + "PublishedDate": "2026-01-27T16:16:14.093Z", + "LastModifiedDate": "2026-03-20T14:16:13.89Z" + }, + { + "VulnerabilityID": "CVE-2025-4575", + "PkgID": "libssl3@3.5.0-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "2eea6099948a2fb" + }, + "InstalledVersion": "3.5.0-r0", + "FixedVersion": "3.5.1-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4575", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:e803b485f6802af83b53d40c97cc43a180f3cb7449a9e8566f2a56a952928998", + "Title": "Issue summary: Use of -addreject option with the openssl x509 applicat ...", + "Description": "Issue summary: Use of -addreject option with the openssl x509 application adds\na trusted use instead of a rejected use for a certificate.\n\nImpact summary: If a user intends to make a trusted certificate rejected for\na particular use it will be instead marked as trusted for that use.\n\nA copy \u0026 paste error during minor refactoring of the code introduced this\nissue in the OpenSSL 3.5 version. If, for example, a trusted CA certificate\nshould be trusted only for the purpose of authenticating TLS servers but not\nfor CMS signature verification and the CMS signature verification is intended\nto be marked as rejected with the -addreject option, the resulting CA\ncertificate will be trusted for CMS signature verification purpose instead.\n\nOnly users which use the trusted certificate format who use the openssl x509\ncommand line application to add rejected uses are affected by this issue.\nThe issues affecting only the command line application are considered to\nbe Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue.\n\nOpenSSL 3.4, 3.3, 3.2, 3.1, 3.0, 1.1.1 and 1.0.2 are also not affected by this\nissue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "julia": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/22/1", + "https://github.com/advisories/GHSA-v8qh-5c5w-48pp", + "https://github.com/openssl/openssl/commit/e96d22446e633d117e6c9904cb15b4693e956eaa", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4575", + "https://openssl-library.org/news/secadv/20250522.txt" + ], + "PublishedDate": "2025-05-22T14:16:07.63Z", + "LastModifiedDate": "2025-10-23T14:51:30.377Z" + }, + { + "VulnerabilityID": "CVE-2025-69419", + "PkgID": "libssl3@3.5.0-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "2eea6099948a2fb" + }, + "InstalledVersion": "3.5.0-r0", + "FixedVersion": "3.5.5-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:36d03b9df531e3268c7fc878e00b9efbc0ed29e98829f3e5f7d2aa4362c6bfab", + "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", + "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4472", + "https://access.redhat.com/security/cve/CVE-2025-69419", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-4472.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-x77r-97gw-wh89", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://linux.oracle.com/cve/CVE-2025-69419.html", + "https://linux.oracle.com/errata/ELSA-2026-50131.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69419" + ], + "PublishedDate": "2026-01-27T16:16:34.113Z", + "LastModifiedDate": "2026-05-12T13:17:26.19Z" + }, + { + "VulnerabilityID": "CVE-2025-9230", + "PkgID": "libssl3@3.5.0-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "2eea6099948a2fb" + }, + "InstalledVersion": "3.5.0-r0", + "FixedVersion": "3.5.4-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:325dd25f68b26d381146578e9f51508e913a9db754d2100807201952ff29a698", + "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", + "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://access.redhat.com/errata/RHSA-2026:2776", + "https://access.redhat.com/security/cve/CVE-2025-9230", + "https://bugzilla.redhat.com/2396054", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", + "https://errata.almalinux.org/9/ALSA-2026-2776.html", + "https://errata.rockylinux.org/RLSA-2025:21255", + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://linux.oracle.com/cve/CVE-2025-9230.html", + "https://linux.oracle.com/errata/ELSA-2026-50114.html", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9230" + ], + "PublishedDate": "2025-09-30T14:15:41.05Z", + "LastModifiedDate": "2026-05-12T13:17:29.767Z" + }, + { + "VulnerabilityID": "CVE-2025-9231", + "PkgID": "libssl3@3.5.0-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "2eea6099948a2fb" + }, + "InstalledVersion": "3.5.0-r0", + "FixedVersion": "3.5.4-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:14e045a369fa0fcbda373b5371edcac51d02d376239042dce7fe15e43bd3da30", + "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-385" + ], + "VendorSeverity": { + "amazon": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "http://www.openwall.com/lists/oss-security/2026/05/11/11", + "https://access.redhat.com/security/cve/CVE-2025-9231", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", + "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", + "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", + "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", + "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9231" + ], + "PublishedDate": "2025-09-30T14:15:41.19Z", + "LastModifiedDate": "2026-05-12T13:17:29.927Z" + }, + { + "VulnerabilityID": "CVE-2026-2673", + "PkgID": "libssl3@3.5.0-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "2eea6099948a2fb" + }, + "InstalledVersion": "3.5.0-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2673", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:2bddf31a12a2ae2c4da6fa403b0ca090a75cd136f79b247ce364a111f3332b08", + "Title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group", + "Description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-757" + ], + "VendorSeverity": { + "amazon": 1, + "julia": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/13/3", + "https://access.redhat.com/security/cve/CVE-2026-2673", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-wj64-gh9j-xm82", + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", + "https://openssl-library.org/news/secadv/20260313.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-2673" + ], + "PublishedDate": "2026-03-13T19:54:34.033Z", + "LastModifiedDate": "2026-05-18T20:16:37.763Z" + }, + { + "VulnerabilityID": "CVE-2026-31790", + "PkgID": "libssl3@3.5.0-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", + "UID": "2eea6099948a2fb" + }, + "InstalledVersion": "3.5.0-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:8363fe7909335c3719bfb78136ba1b36d1858c67669500f567d6b1ef2b7fd5f6", + "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", + "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31790", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", + "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", + "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", + "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", + "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", + "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31790", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.77Z", + "LastModifiedDate": "2026-05-12T13:17:34.75Z" + }, + { + "VulnerabilityID": "CVE-2026-40200", + "PkgID": "musl@1.2.5-r10", + "PkgName": "musl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r10?arch=x86_64\u0026distro=3.22.0", + "UID": "55e7e479f5580f45" + }, + "InstalledVersion": "1.2.5-r10", + "FixedVersion": "1.2.5-r12", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:6e70462bdf3b6769a89826c9f265f673ee62312ed4c9854f5166f4c8373af98e", + "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", + "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-670" + ], + "VendorSeverity": { + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/10/13", + "https://access.redhat.com/security/cve/CVE-2026-40200", + "https://musl.libc.org/releases.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", + "https://www.cve.org/CVERecord?id=CVE-2026-40200", + "https://www.openwall.com/lists/oss-security/2026/04/10/13" + ], + "PublishedDate": "2026-04-10T17:17:14.107Z", + "LastModifiedDate": "2026-04-27T19:18:46.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6042", + "PkgID": "musl@1.2.5-r10", + "PkgName": "musl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r10?arch=x86_64\u0026distro=3.22.0", + "UID": "55e7e479f5580f45" + }, + "InstalledVersion": "1.2.5-r10", + "FixedVersion": "1.2.5-r11", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:d4790bf3f1ebde2e805e7b855e6c5f0d4b60d52a2f3ccd622628a9c500b7f3ca", + "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", + "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-404", + "CWE-407" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/09/19", + "https://access.redhat.com/security/cve/CVE-2026-6042", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", + "https://vuldb.com/submit/796352", + "https://vuldb.com/vuln/356620", + "https://vuldb.com/vuln/356620/cti", + "https://www.cve.org/CVERecord?id=CVE-2026-6042", + "https://www.openwall.com/lists/oss-security/2026/04/02/10", + "https://www.openwall.com/lists/oss-security/2026/04/03/2" + ], + "PublishedDate": "2026-04-10T09:16:25.45Z", + "LastModifiedDate": "2026-04-24T18:01:13.913Z" + }, + { + "VulnerabilityID": "CVE-2026-40200", + "PkgID": "musl-utils@1.2.5-r10", + "PkgName": "musl-utils", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r10?arch=x86_64\u0026distro=3.22.0", + "UID": "73256102bfd5faee" + }, + "InstalledVersion": "1.2.5-r10", + "FixedVersion": "1.2.5-r12", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:e59626b61d4fce53be37ea019dc6a6afc1b388b44181a4e7f55f5534ce31ab6a", + "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", + "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-670" + ], + "VendorSeverity": { + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/10/13", + "https://access.redhat.com/security/cve/CVE-2026-40200", + "https://musl.libc.org/releases.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", + "https://www.cve.org/CVERecord?id=CVE-2026-40200", + "https://www.openwall.com/lists/oss-security/2026/04/10/13" + ], + "PublishedDate": "2026-04-10T17:17:14.107Z", + "LastModifiedDate": "2026-04-27T19:18:46.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6042", + "PkgID": "musl-utils@1.2.5-r10", + "PkgName": "musl-utils", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r10?arch=x86_64\u0026distro=3.22.0", + "UID": "73256102bfd5faee" + }, + "InstalledVersion": "1.2.5-r10", + "FixedVersion": "1.2.5-r11", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:1314eed578262b13492bfed1ac058afebb1901f53faebba7653f9dac83afa90f", + "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", + "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-404", + "CWE-407" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/09/19", + "https://access.redhat.com/security/cve/CVE-2026-6042", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", + "https://vuldb.com/submit/796352", + "https://vuldb.com/vuln/356620", + "https://vuldb.com/vuln/356620/cti", + "https://www.cve.org/CVERecord?id=CVE-2026-6042", + "https://www.openwall.com/lists/oss-security/2026/04/02/10", + "https://www.openwall.com/lists/oss-security/2026/04/03/2" + ], + "PublishedDate": "2026-04-10T09:16:25.45Z", + "LastModifiedDate": "2026-04-24T18:01:13.913Z" + }, + { + "VulnerabilityID": "CVE-2024-58251", + "PkgID": "ssl_client@1.37.0-r18", + "PkgName": "ssl_client", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r18?arch=x86_64\u0026distro=3.22.0", + "UID": "8c85a01420c1a048" + }, + "InstalledVersion": "1.37.0-r18", + "FixedVersion": "1.37.0-r20", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:947b627345c7f3b1a633452e185156054b64e3f39466ce4259a37e67fddc40ee", + "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", + "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/23/6", + "https://bugs.busybox.net/show_bug.cgi?id=15922", + "https://www.busybox.net", + "https://www.busybox.net/downloads/", + "https://www.cve.org/CVERecord?id=CVE-2024-58251" + ], + "PublishedDate": "2025-04-23T18:16:03.057Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2026-22184", + "PkgID": "zlib@1.3.1-r2", + "PkgName": "zlib", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.22.0", + "UID": "23095b6210429e11" + }, + "InstalledVersion": "1.3.1-r2", + "FixedVersion": "1.3.2-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22184", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:464fac6a261877fae15a641b43e7cb86acde5907ef7361b65b9f97c50f1fb121", + "Title": "zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility", + "Description": "zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "nvd": 3, + "redhat": 3 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 8.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-22184", + "https://github.com/madler/zlib", + "https://github.com/madler/zlib/issues/1142", + "https://nvd.nist.gov/vuln/detail/CVE-2026-22184", + "https://seclists.org/fulldisclosure/2026/Jan/3", + "https://www.cve.org/CVERecord?id=CVE-2026-22184", + "https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname", + "https://zlib.net/" + ], + "PublishedDate": "2026-01-07T21:16:01.563Z", + "LastModifiedDate": "2026-03-18T16:26:31.14Z" + }, + { + "VulnerabilityID": "CVE-2026-27171", + "PkgID": "zlib@1.3.1-r2", + "PkgName": "zlib", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.22.0", + "UID": "23095b6210429e11" + }, + "InstalledVersion": "1.3.1-r2", + "FixedVersion": "1.3.2-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", + "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:bcdfc0a4b483f3d8730b468430b53ce925f705f8dd2d40355bb40490f48b1b7a", + "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", + "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1284" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 1, + "cbl-mariner": 1, + "julia": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://access.redhat.com/security/cve/CVE-2026-27171", + "https://github.com/advisories/GHSA-h858-mf2m-8jf4", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "https://ostif.org/zlib-audit-complete", + "https://ostif.org/zlib-audit-complete/", + "https://www.cve.org/CVERecord?id=CVE-2026-27171" + ], + "PublishedDate": "2026-02-18T04:16:01.263Z", + "LastModifiedDate": "2026-03-25T21:27:04.603Z" + } + ] + }, + { + "Target": "usr/bin/geoipupdate", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "github.com/maxmind/geoipupdate/v7@v7.1.1", + "Name": "github.com/maxmind/geoipupdate/v7", + "Identifier": { + "PURL": "pkg:golang/github.com/maxmind/geoipupdate/v7@7.1.1", + "UID": "e1fdcc684bf30e09" + }, + "Version": "7.1.1", + "Relationship": "root", + "DependsOn": [ + "github.com/cenkalti/backoff/v5@v5.0.2", + "github.com/gofrs/flock@v0.12.1", + "github.com/spf13/pflag@v1.0.6", + "golang.org/x/sync@v0.15.0", + "golang.org/x/sys@v0.33.0", + "stdlib@v1.24.5" + ], + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "stdlib@v1.24.5", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "Version": "v1.24.5", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cenkalti/backoff/v5@v5.0.2", + "Name": "github.com/cenkalti/backoff/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/cenkalti/backoff/v5@v5.0.2", + "UID": "a43adcbfe8b44757" + }, + "Version": "v5.0.2", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gofrs/flock@v0.12.1", + "Name": "github.com/gofrs/flock", + "Identifier": { + "PURL": "pkg:golang/github.com/gofrs/flock@v0.12.1", + "UID": "f90ca946ec076daf" + }, + "Version": "v0.12.1", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/pflag@v1.0.6", + "Name": "github.com/spf13/pflag", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.6", + "UID": "7a283d31fee624cf" + }, + "Version": "v1.0.6", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sync@v0.15.0", + "Name": "golang.org/x/sync", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sync@v0.15.0", + "UID": "93b3ef4b47fcc611" + }, + "Version": "v0.15.0", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sys@v0.33.0", + "Name": "golang.org/x/sys", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sys@v0.33.0", + "UID": "645ad521ee651f38" + }, + "Version": "v0.33.0", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2025-68121", + "VendorIDs": [ + "GO-2026-4337" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:093bc5d316cb119321362ea811a922d0e4d95e389e1ab69f0b6af59d46c5e988", + "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", + "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 4, + "cbl-mariner": 2, + "nvd": 4, + "oracle-oval": 3, + "photon": 4, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-68121", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://github.com/golang/go/issues/77113", + "https://go.dev/cl/737700", + "https://go.dev/issue/77217", + "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-68121.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", + "https://pkg.go.dev/vuln/GO-2026-4337", + "https://www.cve.org/CVERecord?id=CVE-2025-68121" + ], + "PublishedDate": "2026-02-05T18:16:10.857Z", + "LastModifiedDate": "2026-04-29T14:16:16.17Z" + }, + { + "VulnerabilityID": "CVE-2025-61726", + "VendorIDs": [ + "GO-2026-4341" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:dea0a683dd96dc39796f0e1e9caa5675babc3f81133519f1847badd75fbda9bb", + "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", + "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 3, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-61726", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://go.dev/cl/736712", + "https://go.dev/issue/77101", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61726.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", + "https://pkg.go.dev/vuln/GO-2026-4341", + "https://www.cve.org/CVERecord?id=CVE-2025-61726" + ], + "PublishedDate": "2026-01-28T20:16:09.713Z", + "LastModifiedDate": "2026-02-06T18:47:34.52Z" + }, + { + "VulnerabilityID": "CVE-2025-61729", + "VendorIDs": [ + "GO-2025-4155" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d5012b2e4e8fe1ddb676cb56ae6045a7bca9a0ce890c2d1a459bc26726b1557d", + "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", + "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 1, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3928", + "https://access.redhat.com/security/cve/CVE-2025-61729", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3928.html", + "https://errata.rockylinux.org/RLSA-2026:3928", + "https://go.dev/cl/725920", + "https://go.dev/issue/76445", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://linux.oracle.com/cve/CVE-2025-61729.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", + "https://pkg.go.dev/vuln/GO-2025-4155", + "https://www.cve.org/CVERecord?id=CVE-2025-61729" + ], + "PublishedDate": "2025-12-02T19:15:51.447Z", + "LastModifiedDate": "2025-12-19T18:25:28.283Z" + }, + { + "VulnerabilityID": "CVE-2026-25679", + "VendorIDs": [ + "GO-2026-4601" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c732aff18c6b4b63282e35c5c2931b574c78061542de02581533c50e648554d7", + "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", + "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-425" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9044", + "https://access.redhat.com/security/cve/CVE-2026-25679", + "https://bugzilla.redhat.com/2445356", + "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", + "https://errata.almalinux.org/9/ALSA-2026-9044.html", + "https://errata.rockylinux.org/RLSA-2026:8841", + "https://go.dev/cl/752180", + "https://go.dev/issue/77578", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://linux.oracle.com/cve/CVE-2026-25679.html", + "https://linux.oracle.com/errata/ELSA-2026-9044.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", + "https://pkg.go.dev/vuln/GO-2026-4601", + "https://www.cve.org/CVERecord?id=CVE-2026-25679" + ], + "PublishedDate": "2026-03-06T22:16:00.72Z", + "LastModifiedDate": "2026-04-21T14:43:03.8Z" + }, + { + "VulnerabilityID": "CVE-2026-32280", + "VendorIDs": [ + "GO-2026-4947" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f507a42e6b845dc5a2d4404d1d78ea2a049c118029af485087dc19cc52af04d4", + "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", + "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32280", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/758320", + "https://go.dev/issue/78282", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32280.html", + "https://linux.oracle.com/errata/ELSA-2026-16875.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", + "https://pkg.go.dev/vuln/GO-2026-4947", + "https://www.cve.org/CVERecord?id=CVE-2026-32280" + ], + "PublishedDate": "2026-04-08T02:16:03.247Z", + "LastModifiedDate": "2026-04-16T19:16:42.18Z" + }, + { + "VulnerabilityID": "CVE-2026-32281", + "VendorIDs": [ + "GO-2026-4946" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f0f9fc3c761331a8de4013a327c8b405aa885cf719b1445019103f2120a8507b", + "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", + "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32281", + "https://go.dev/cl/758061", + "https://go.dev/issue/78281", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", + "https://pkg.go.dev/vuln/GO-2026-4946", + "https://www.cve.org/CVERecord?id=CVE-2026-32281" + ], + "PublishedDate": "2026-04-08T02:16:03.35Z", + "LastModifiedDate": "2026-04-16T19:15:57.75Z" + }, + { + "VulnerabilityID": "CVE-2026-32283", + "VendorIDs": [ + "GO-2026-4870" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b237d367d9bd437a04e67e9e5b8b6d4efe335d30b53361e8cae69af6b1b8706b", + "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", + "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32283", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763767", + "https://go.dev/issue/78334", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32283.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", + "https://pkg.go.dev/vuln/GO-2026-4870", + "https://www.cve.org/CVERecord?id=CVE-2026-32283" + ], + "PublishedDate": "2026-04-08T02:16:03.58Z", + "LastModifiedDate": "2026-04-16T19:12:10.54Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e26fa4c6638b4ef6131abb59a21dbae1e712e499790ae853e5c9fcd6d83e1de1", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4129b1b80f4fffa1e3e3bd08e6c7a2a8a69c5f23afeff227b40f0953b3252a9a", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:75200116d1b4f9153bee1a58800c9f7c094c3c37f8d9dfbcc6944f294621dde3", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:1f08a6d50a66c86f9052af17a414b9b098e14f5b68a20d63c32b25f1bf9aac41", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:afca3edc09ef2176d396bc2a1584d06ea56f5175b9e17209a5dc5e9f806028b2", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2025-47906", + "VendorIDs": [ + "GO-2025-3956" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:80da27d0a372870498fff6767cb39195dbcbc26409fa4ba40c29f06742e12e44", + "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", + "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:22005", + "https://access.redhat.com/security/cve/CVE-2025-47906", + "https://bugzilla.redhat.com/2396546", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", + "https://errata.almalinux.org/9/ALSA-2025-22005.html", + "https://errata.rockylinux.org/RLSA-2025:22005", + "https://go.dev/cl/691775", + "https://go.dev/issue/74466", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47906.html", + "https://linux.oracle.com/errata/ELSA-2025-22668.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", + "https://pkg.go.dev/vuln/GO-2025-3956", + "https://www.cve.org/CVERecord?id=CVE-2025-47906" + ], + "PublishedDate": "2025-09-18T19:15:37.66Z", + "LastModifiedDate": "2026-01-27T19:56:17.707Z" + }, + { + "VulnerabilityID": "CVE-2025-47907", + "VendorIDs": [ + "GO-2025-3849" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:788f4a475cee3e385d45ac7876f9a316ee675c58f53ccea22f31d5539fc3a033", + "Title": "database/sql: Postgres Scan Race Condition", + "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:20909", + "https://access.redhat.com/security/cve/CVE-2025-47907", + "https://bugzilla.redhat.com/2387083", + "https://bugzilla.redhat.com/2393152", + "https://errata.almalinux.org/9/ALSA-2025-20909.html", + "https://go.dev/cl/693735", + "https://go.dev/issue/74831", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47907.html", + "https://linux.oracle.com/errata/ELSA-2025-20983.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", + "https://pkg.go.dev/vuln/GO-2025-3849", + "https://www.cve.org/CVERecord?id=CVE-2025-47907" + ], + "PublishedDate": "2025-08-07T16:15:30.357Z", + "LastModifiedDate": "2026-01-29T19:11:50.67Z" + }, + { + "VulnerabilityID": "CVE-2025-47912", + "VendorIDs": [ + "GO-2025-4010" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:282c3558c2174bd2af9b4f30d2e7cacd34ee2e7b6385c65ef675b4b19b92c331", + "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", + "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-47912", + "https://go.dev/cl/709857", + "https://go.dev/issue/75678", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", + "https://pkg.go.dev/vuln/GO-2025-4010", + "https://www.cve.org/CVERecord?id=CVE-2025-47912" + ], + "PublishedDate": "2025-10-29T23:16:18.187Z", + "LastModifiedDate": "2026-01-29T13:57:18.69Z" + }, + { + "VulnerabilityID": "CVE-2025-58183", + "VendorIDs": [ + "GO-2025-4014" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5f78cf255752f6c2431076f987af8297ac458c6a6ab43e8a5036467e298f9bef", + "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", + "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/errata/RHSA-2026:1381", + "https://access.redhat.com/security/cve/CVE-2025-58183", + "https://bugzilla.redhat.com/2407258", + "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", + "https://errata.almalinux.org/9/ALSA-2026-1381.html", + "https://errata.rockylinux.org/RLSA-2025:23326", + "https://go.dev/cl/709861", + "https://go.dev/issue/75677", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://linux.oracle.com/cve/CVE-2025-58183.html", + "https://linux.oracle.com/errata/ELSA-2026-50076.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", + "https://pkg.go.dev/vuln/GO-2025-4014", + "https://www.cve.org/CVERecord?id=CVE-2025-58183" + ], + "PublishedDate": "2025-10-29T23:16:19.357Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-58185", + "VendorIDs": [ + "GO-2025-4011" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:72fa7268764fcafc3f6e34a643d5126de2513ae9c4577954d19ca77c71f14d58", + "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", + "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58185", + "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", + "https://go.dev/cl/709856", + "https://go.dev/issue/75671", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", + "https://pkg.go.dev/vuln/GO-2025-4011", + "https://www.cve.org/CVERecord?id=CVE-2025-58185" + ], + "PublishedDate": "2025-10-29T23:16:19.45Z", + "LastModifiedDate": "2026-02-06T20:26:41.997Z" + }, + { + "VulnerabilityID": "CVE-2025-58187", + "VendorIDs": [ + "GO-2025-4007" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.24.9, 1.25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:47b38f19418d214d52b12817390a7940a4a1f45f40fbcd5f6145eb71bee951de", + "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", + "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58187", + "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", + "https://go.dev/cl/709854", + "https://go.dev/issue/75681", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", + "https://pkg.go.dev/vuln/GO-2025-4007", + "https://www.cve.org/CVERecord?id=CVE-2025-58187" + ], + "PublishedDate": "2025-10-29T23:16:19.643Z", + "LastModifiedDate": "2026-01-29T16:02:27.08Z" + }, + { + "VulnerabilityID": "CVE-2025-58188", + "VendorIDs": [ + "GO-2025-4013" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8eb5ab30a3104b447f5b46103e8ab21b4f6f2d98bc8e7afcc55eacd47c554c05", + "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", + "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58188", + "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", + "https://go.dev/cl/709853", + "https://go.dev/issue/75675", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", + "https://pkg.go.dev/vuln/GO-2025-4013", + "https://www.cve.org/CVERecord?id=CVE-2025-58188" + ], + "PublishedDate": "2025-10-29T23:16:19.74Z", + "LastModifiedDate": "2026-01-29T15:55:11.97Z" + }, + { + "VulnerabilityID": "CVE-2025-58189", + "VendorIDs": [ + "GO-2025-4008" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3d9b8af6df25f4dcfa032e43eefd678ecd9deb95af0310f184258b7eb93b7691", + "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", + "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-532" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58189", + "https://go.dev/cl/707776", + "https://go.dev/issue/75652", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", + "https://pkg.go.dev/vuln/GO-2025-4008", + "https://www.cve.org/CVERecord?id=CVE-2025-58189" + ], + "PublishedDate": "2025-10-29T23:16:19.833Z", + "LastModifiedDate": "2026-01-29T15:49:24.543Z" + }, + { + "VulnerabilityID": "CVE-2025-61723", + "VendorIDs": [ + "GO-2025-4009" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7a63959f166c2df1094d180fe284e856ecba718ec5e0623dfbf5ede880e7ab08", + "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", + "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61723", + "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", + "https://go.dev/cl/709858", + "https://go.dev/issue/75676", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", + "https://pkg.go.dev/vuln/GO-2025-4009", + "https://www.cve.org/CVERecord?id=CVE-2025-61723" + ], + "PublishedDate": "2025-10-29T23:16:19.927Z", + "LastModifiedDate": "2026-01-29T15:49:05.343Z" + }, + { + "VulnerabilityID": "CVE-2025-61724", + "VendorIDs": [ + "GO-2025-4015" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6d31a4be3ed1621dcbe7f409382967e73772787845639a3ca29c5c1002e1e0ff", + "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", + "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61724", + "https://go.dev/cl/709859", + "https://go.dev/issue/75716", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", + "https://pkg.go.dev/vuln/GO-2025-4015", + "https://www.cve.org/CVERecord?id=CVE-2025-61724" + ], + "PublishedDate": "2025-10-29T23:16:20.02Z", + "LastModifiedDate": "2026-01-29T15:30:53.69Z" + }, + { + "VulnerabilityID": "CVE-2025-61725", + "VendorIDs": [ + "GO-2025-4006" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c9842dcbb1ab9dfb88ce5a6eb7b81b2a51cf2e82d630cf4aff10f75be23314e8", + "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", + "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61725", + "https://go.dev/cl/709860", + "https://go.dev/issue/75680", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", + "https://pkg.go.dev/vuln/GO-2025-4006", + "https://www.cve.org/CVERecord?id=CVE-2025-61725" + ], + "PublishedDate": "2025-10-29T23:16:20.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61727", + "VendorIDs": [ + "GO-2025-4175" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ce60332360f44405338d8ecf78ca478bb2b67bc807e199084381aaa96623aee0", + "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", + "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61727", + "https://go.dev/cl/723900", + "https://go.dev/issue/76442", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", + "https://pkg.go.dev/vuln/GO-2025-4175", + "https://www.cve.org/CVERecord?id=CVE-2025-61727" + ], + "PublishedDate": "2025-12-03T20:16:25.607Z", + "LastModifiedDate": "2025-12-18T20:15:10.957Z" + }, + { + "VulnerabilityID": "CVE-2025-61728", + "VendorIDs": [ + "GO-2026-4342" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c1891b9d2d1df336c4c5d9648ed2f15ec83e32a2544f03d8ba195222771d9c8d", + "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", + "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/15/4", + "https://access.redhat.com/errata/RHSA-2026:3753", + "https://access.redhat.com/security/cve/CVE-2025-61728", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434431", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3753.html", + "https://errata.rockylinux.org/RLSA-2026:3337", + "https://go.dev/cl/736713", + "https://go.dev/issue/77102", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61728.html", + "https://linux.oracle.com/errata/ELSA-2026-4672.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", + "https://pkg.go.dev/vuln/GO-2026-4342", + "https://www.cve.org/CVERecord?id=CVE-2025-61728" + ], + "PublishedDate": "2026-01-28T20:16:09.83Z", + "LastModifiedDate": "2026-02-06T18:45:10.42Z" + }, + { + "VulnerabilityID": "CVE-2025-61730", + "VendorIDs": [ + "GO-2026-4340" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7cd038c76c10c2284593b3d142f55fe3a91ef11b4013150df62e99b24520e093", + "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", + "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "bitnami": 2, + "cbl-mariner": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61730", + "https://go.dev/cl/724120", + "https://go.dev/issue/76443", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", + "https://pkg.go.dev/vuln/GO-2026-4340", + "https://www.cve.org/CVERecord?id=CVE-2025-61730" + ], + "PublishedDate": "2026-01-28T20:16:09.94Z", + "LastModifiedDate": "2026-02-03T20:36:41.3Z" + }, + { + "VulnerabilityID": "CVE-2026-27142", + "VendorIDs": [ + "GO-2026-4603" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:38e0c53b25c5cf750d4c7ce1dc2f38246f08daf9fd0fff82508acbebfec89874", + "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", + "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27142", + "https://go.dev/cl/752081", + "https://go.dev/issue/77954", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", + "https://pkg.go.dev/vuln/GO-2026-4603", + "https://www.cve.org/CVERecord?id=CVE-2026-27142" + ], + "PublishedDate": "2026-03-06T22:16:01.177Z", + "LastModifiedDate": "2026-04-21T14:30:01.38Z" + }, + { + "VulnerabilityID": "CVE-2026-32282", + "VendorIDs": [ + "GO-2026-4864" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:06f48b8053e63adaa0fedf551cd8a56b2d1c5929c707827f72dad17368a7bdd8", + "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", + "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32282", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763761", + "https://go.dev/issue/78293", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32282.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", + "https://pkg.go.dev/vuln/GO-2026-4864", + "https://www.cve.org/CVERecord?id=CVE-2026-32282" + ], + "PublishedDate": "2026-04-08T02:16:03.467Z", + "LastModifiedDate": "2026-04-16T19:15:39.4Z" + }, + { + "VulnerabilityID": "CVE-2026-32288", + "VendorIDs": [ + "GO-2026-4869" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:79d60a74f35ea4ccf0cb2d3fd3a84ac99b3b6f9f710d781f0cfbb9d7d2ff6a3e", + "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", + "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32288", + "https://go.dev/cl/763766", + "https://go.dev/issue/78301", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", + "https://pkg.go.dev/vuln/GO-2026-4869", + "https://www.cve.org/CVERecord?id=CVE-2026-32288" + ], + "PublishedDate": "2026-04-08T02:16:03.707Z", + "LastModifiedDate": "2026-04-16T19:08:52.24Z" + }, + { + "VulnerabilityID": "CVE-2026-32289", + "VendorIDs": [ + "GO-2026-4865" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c8962a2c0745c725d9abcb83e60938100283faba90dd354bcf35de9a9d925ee6", + "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", + "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32289", + "https://go.dev/cl/763762", + "https://go.dev/issue/78331", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", + "https://pkg.go.dev/vuln/GO-2026-4865", + "https://www.cve.org/CVERecord?id=CVE-2026-32289" + ], + "PublishedDate": "2026-04-08T02:16:03.82Z", + "LastModifiedDate": "2026-04-16T19:06:57.367Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:76543e94a81a90053e1fe3ed8ee3d08777877b14bb0a811cf914cbe6e8b7e808", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2950219e14a82571987279110b76d7e5c72f19be6cde5b06e7db6bc19206cbf3", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.24.5", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.24.5", + "UID": "e64ea349133d28dc" + }, + "InstalledVersion": "v1.24.5", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", + "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f9f8da8a94524c41bd0de8e40f9236dcebafd888e8b209a3bcdd0032e0f844c0", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + } + ] + }, + { + "Namespace": "mail", + "Kind": "CronJob", + "Name": "cert-checker-dovecot", + "Metadata": [ + { + "Size": 123288576, + "OS": { + "Family": "debian", + "Name": "13.5" + }, + "ImageID": "sha256:e1054bc5a9f2ddbdd6d0247997c45f2201a4e9b4c6f824b247064a558e877070", + "DiffIDs": [ + "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40", + "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54", + "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939", + "sha256:6872606a6b819a8348189e0d99b8e730aa74d558c158d96f1dd2406a7c6baaf7" + ], + "RepoTags": [ + "python:3.12-slim" + ], + "RepoDigests": [ + "python@sha256:9d3abd9fc11d06998ccdbdd93b4dd49b5ad7d67fcbbc11c016eb0eb2c2194891" + ], + "Reference": "python:3.12-slim", + "ImageConfig": { + "architecture": "amd64", + "created": "2026-05-19T23:50:55.52769964Z", + "history": [ + { + "created": "2026-05-18T00:00:00Z", + "created_by": "# debian.sh --arch 'amd64' out/ 'trixie' '@1779062400'", + "comment": "debuerreotype 0.17" + }, + { + "created": "2026-05-19T23:42:40.234278553Z", + "created_by": "ENV PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T23:42:40.234278553Z", + "created_by": "ENV LANG=C.UTF-8", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T23:42:40.234278553Z", + "created_by": "RUN /bin/sh -c set -eux; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tca-certificates \t\tnetbase \t\ttzdata \t; \tapt-get dist-clean # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-19T23:42:40.234278553Z", + "created_by": "ENV GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T23:42:40.234278553Z", + "created_by": "ENV PYTHON_VERSION=3.12.13", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T23:42:40.234278553Z", + "created_by": "ENV PYTHON_SHA256=c08bc65a81971c1dd5783182826503369466c7e67374d1646519adf05207b684", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T23:50:55.41770734Z", + "created_by": "RUN /bin/sh -c set -eux; \t\tsavedAptMark=\"$(apt-mark showmanual)\"; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tdpkg-dev \t\tgcc \t\tgnupg \t\tlibbluetooth-dev \t\tlibbz2-dev \t\tlibc6-dev \t\tlibdb-dev \t\tlibffi-dev \t\tlibgdbm-dev \t\tliblzma-dev \t\tlibncursesw5-dev \t\tlibreadline-dev \t\tlibsqlite3-dev \t\tlibssl-dev \t\tmake \t\ttk-dev \t\tuuid-dev \t\twget \t\txz-utils \t\tzlib1g-dev \t; \t\twget -O python.tar.xz \"https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz\"; \techo \"$PYTHON_SHA256 *python.tar.xz\" | sha256sum -c -; \twget -O python.tar.xz.asc \"https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc\"; \tGNUPGHOME=\"$(mktemp -d)\"; export GNUPGHOME; \tgpg --batch --keyserver hkps://keys.openpgp.org --recv-keys \"$GPG_KEY\"; \tgpg --batch --verify python.tar.xz.asc python.tar.xz; \tgpgconf --kill all; \trm -rf \"$GNUPGHOME\" python.tar.xz.asc; \tmkdir -p /usr/src/python; \ttar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; \trm python.tar.xz; \t\tcd /usr/src/python; \tgnuArch=\"$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)\"; \t./configure \t\t--build=\"$gnuArch\" \t\t--enable-loadable-sqlite-extensions \t\t--enable-optimizations \t\t--enable-option-checking=fatal \t\t--enable-shared \t\t$(test \"${gnuArch%%-*}\" != 'riscv64' \u0026\u0026 echo '--with-lto') \t\t--with-ensurepip \t; \tnproc=\"$(nproc)\"; \tEXTRA_CFLAGS=\"$(dpkg-buildflags --get CFLAGS)\"; \tLDFLAGS=\"$(dpkg-buildflags --get LDFLAGS)\"; \tLDFLAGS=\"${LDFLAGS:-} -Wl,--strip-all\"; \tarch=\"$(dpkg --print-architecture)\"; arch=\"${arch##*-}\"; \tcase \"$arch\" in \t\tamd64|arm64) \t\t\tEXTRA_CFLAGS=\"${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer\"; \t\t\t;; \t\ti386) \t\t\t;; \t\t*) \t\t\tEXTRA_CFLAGS=\"${EXTRA_CFLAGS:-} -fno-omit-frame-pointer\"; \t\t\t;; \tesac; \tmake -j \"$nproc\" \t\t\"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}\" \t\t\"LDFLAGS=${LDFLAGS:-}\" \t; \trm python; \tmake -j \"$nproc\" \t\t\"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}\" \t\t\"LDFLAGS=${LDFLAGS:-} -Wl,-rpath='\\$\\$ORIGIN/../lib'\" \t\tpython \t; \tmake install; \t\tcd /; \trm -rf /usr/src/python; \t\tfind /usr/local -depth \t\t\\( \t\t\t\\( -type d -a \\( -name test -o -name tests -o -name idle_test \\) \\) \t\t\t-o \\( -type f -a \\( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \\) \\) \t\t\\) -exec rm -rf '{}' + \t; \t\tldconfig; \t\tapt-mark auto '.*' \u003e /dev/null; \tapt-mark manual $savedAptMark; \tfind /usr/local -type f -executable -not \\( -name '*tkinter*' \\) -exec ldd '{}' ';' \t\t| awk '/=\u003e/ { so = $(NF-1); if (index(so, \"/usr/local/\") == 1) { next }; gsub(\"^/(usr/)?\", \"\", so); printf \"*%s\\n\", so }' \t\t| sort -u \t\t| xargs -rt dpkg-query --search \t\t| awk 'sub(\":$\", \"\", $1) { print $1 }' \t\t| sort -u \t\t| xargs -r apt-mark manual \t; \tapt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \tapt-get dist-clean; \t\texport PYTHONDONTWRITEBYTECODE=1; \tpython3 --version; \tpip3 --version # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-19T23:50:55.52769964Z", + "created_by": "RUN /bin/sh -c set -eux; \tfor src in idle3 pip3 pydoc3 python3 python3-config; do \t\tdst=\"$(echo \"$src\" | tr -d 3)\"; \t\t[ -s \"/usr/local/bin/$src\" ]; \t\t[ ! -e \"/usr/local/bin/$dst\" ]; \t\tln -svT \"$src\" \"/usr/local/bin/$dst\"; \tdone # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-19T23:50:55.52769964Z", + "created_by": "CMD [\"python3\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40", + "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54", + "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939", + "sha256:6872606a6b819a8348189e0d99b8e730aa74d558c158d96f1dd2406a7c6baaf7" + ] + }, + "config": { + "Cmd": [ + "python3" + ], + "Env": [ + "PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "LANG=C.UTF-8", + "GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305", + "PYTHON_VERSION=3.12.13", + "PYTHON_SHA256=c08bc65a81971c1dd5783182826503369466c7e67374d1646519adf05207b684" + ] + } + }, + "Layers": [ + { + "Size": 81049600, + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + { + "Size": 4127232, + "Digest": "sha256:4a9dde5cdde190bfa0a3ab17863a083e66ea9636b157638c315357dfa476ba76", + "DiffID": "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54" + }, + { + "Size": 38106624, + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + { + "Size": 5120, + "Digest": "sha256:07342fe545e640a2c4960e97ffe33a301cd8e61e0c4d4307d7ac66b6b8a9eb2d", + "DiffID": "sha256:6872606a6b819a8348189e0d99b8e730aa74d558c158d96f1dd2406a7c6baaf7" + } + ] + } + ], + "Results": [ + { + "Target": "python:3.12-slim (debian 13.5)", + "Class": "os-pkgs", + "Type": "debian", + "Packages": [ + { + "ID": "adduser@3.152", + "Name": "adduser", + "Identifier": { + "PURL": "pkg:deb/debian/adduser@3.152?arch=all\u0026distro=debian-13.5", + "UID": "681428a4291e51" + }, + "Version": "3.152", + "Arch": "all", + "SrcName": "adduser", + "SrcVersion": "3.152", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Debian Adduser Developers \u003cadduser@packages.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "passwd@1:4.17.4-2" + ], + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "InstalledFiles": [ + "/usr/sbin/adduser", + "/usr/sbin/deluser", + "/usr/share/doc/adduser/NEWS.Debian.gz", + "/usr/share/doc/adduser/README.gz", + "/usr/share/doc/adduser/TODO", + "/usr/share/doc/adduser/changelog.gz", + "/usr/share/doc/adduser/copyright", + "/usr/share/doc/adduser/examples/INSTALL", + "/usr/share/doc/adduser/examples/README", + "/usr/share/doc/adduser/examples/adduser.conf", + "/usr/share/doc/adduser/examples/adduser.local", + "/usr/share/doc/adduser/examples/adduser.local.conf", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/bash.bashrc", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/profile", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel.other/index.html", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_logout", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_profile", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bashrc", + "/usr/share/doc/adduser/examples/deluser.conf", + "/usr/share/man/da/man5/deluser.conf.5.gz", + "/usr/share/man/de/man5/adduser.conf.5.gz", + "/usr/share/man/de/man5/deluser.conf.5.gz", + "/usr/share/man/de/man8/adduser.8.gz", + "/usr/share/man/de/man8/adduser.local.8.gz", + "/usr/share/man/de/man8/deluser.8.gz", + "/usr/share/man/es/man5/deluser.conf.5.gz", + "/usr/share/man/fr/man5/adduser.conf.5.gz", + "/usr/share/man/fr/man5/deluser.conf.5.gz", + "/usr/share/man/fr/man8/adduser.8.gz", + "/usr/share/man/fr/man8/deluser.8.gz", + "/usr/share/man/it/man5/deluser.conf.5.gz", + "/usr/share/man/man5/adduser.conf.5.gz", + "/usr/share/man/man5/deluser.conf.5.gz", + "/usr/share/man/man8/adduser.8.gz", + "/usr/share/man/man8/adduser.local.8.gz", + "/usr/share/man/man8/deluser.8.gz", + "/usr/share/man/nl/man5/adduser.conf.5.gz", + "/usr/share/man/nl/man5/deluser.conf.5.gz", + "/usr/share/man/nl/man8/adduser.8.gz", + "/usr/share/man/nl/man8/adduser.local.8.gz", + "/usr/share/man/nl/man8/deluser.8.gz", + "/usr/share/man/pl/man5/deluser.conf.5.gz", + "/usr/share/man/pt/man5/adduser.conf.5.gz", + "/usr/share/man/pt/man5/deluser.conf.5.gz", + "/usr/share/man/pt/man8/adduser.8.gz", + "/usr/share/man/pt/man8/adduser.local.8.gz", + "/usr/share/man/pt/man8/deluser.8.gz", + "/usr/share/man/ro/man5/adduser.conf.5.gz", + "/usr/share/man/ro/man5/deluser.conf.5.gz", + "/usr/share/man/ro/man8/adduser.8.gz", + "/usr/share/man/ro/man8/adduser.local.8.gz", + "/usr/share/man/ro/man8/deluser.8.gz", + "/usr/share/man/ru/man5/deluser.conf.5.gz", + "/usr/share/man/sv/man5/deluser.conf.5.gz", + "/usr/share/perl5/Debian/AdduserCommon.pm", + "/usr/share/perl5/Debian/AdduserLogging.pm", + "/usr/share/perl5/Debian/AdduserRetvalues.pm" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "apt@3.0.3", + "Name": "apt", + "Identifier": { + "PURL": "pkg:deb/debian/apt@3.0.3?arch=amd64\u0026distro=debian-13.5", + "UID": "2e5d8c8032700559" + }, + "Version": "3.0.3", + "Arch": "amd64", + "SrcName": "apt", + "SrcVersion": "3.0.3", + "Licenses": [ + "GPL-2.0-or-later", + "curl", + "BSD-3-Clause", + "MIT", + "GPL-2.0-only" + ], + "Maintainer": "APT Development Team \u003cdeity@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "adduser@3.152", + "base-passwd@3.6.7", + "debian-archive-keyring@2025.1", + "libapt-pkg7.0@3.0.3", + "libc6@2.41-12+deb13u3", + "libgcc-s1@14.2.0-19", + "libseccomp2@2.6.0-2", + "libssl3t64@3.5.6-1~deb13u1", + "libstdc++6@14.2.0-19", + "libsystemd0@257.13-1~deb13u1", + "sqv@1.3.0-3+b2" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/apt", + "/usr/bin/apt-cache", + "/usr/bin/apt-cdrom", + "/usr/bin/apt-config", + "/usr/bin/apt-get", + "/usr/bin/apt-mark", + "/usr/lib/apt/apt-extracttemplates", + "/usr/lib/apt/apt-helper", + "/usr/lib/apt/apt.systemd.daily", + "/usr/lib/apt/methods/cdrom", + "/usr/lib/apt/methods/copy", + "/usr/lib/apt/methods/file", + "/usr/lib/apt/methods/gpgv", + "/usr/lib/apt/methods/http", + "/usr/lib/apt/methods/mirror", + "/usr/lib/apt/methods/rred", + "/usr/lib/apt/methods/sqv", + "/usr/lib/apt/methods/store", + "/usr/lib/apt/solvers/dump", + "/usr/lib/dpkg/methods/apt/desc.apt", + "/usr/lib/dpkg/methods/apt/install", + "/usr/lib/dpkg/methods/apt/names", + "/usr/lib/dpkg/methods/apt/setup", + "/usr/lib/dpkg/methods/apt/update", + "/usr/lib/systemd/system/apt-daily-upgrade.service", + "/usr/lib/systemd/system/apt-daily-upgrade.timer", + "/usr/lib/systemd/system/apt-daily.service", + "/usr/lib/systemd/system/apt-daily.timer", + "/usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0", + "/usr/share/apt/default-sequoia.config", + "/usr/share/bash-completion/completions/apt", + "/usr/share/bug/apt/script", + "/usr/share/doc/apt/NEWS.Debian.gz", + "/usr/share/doc/apt/README.md.gz", + "/usr/share/doc/apt/changelog.gz", + "/usr/share/doc/apt/copyright", + "/usr/share/doc/apt/examples/apt.conf", + "/usr/share/doc/apt/examples/configure-index", + "/usr/share/doc/apt/examples/debian.sources", + "/usr/share/doc/apt/examples/preferences", + "/usr/share/lintian/overrides/apt", + "/usr/share/locale/ar/LC_MESSAGES/apt.mo", + "/usr/share/locale/ast/LC_MESSAGES/apt.mo", + "/usr/share/locale/bg/LC_MESSAGES/apt.mo", + "/usr/share/locale/bs/LC_MESSAGES/apt.mo", + "/usr/share/locale/ca/LC_MESSAGES/apt.mo", + "/usr/share/locale/cs/LC_MESSAGES/apt.mo", + "/usr/share/locale/cy/LC_MESSAGES/apt.mo", + "/usr/share/locale/da/LC_MESSAGES/apt.mo", + "/usr/share/locale/de/LC_MESSAGES/apt.mo", + "/usr/share/locale/dz/LC_MESSAGES/apt.mo", + "/usr/share/locale/el/LC_MESSAGES/apt.mo", + "/usr/share/locale/es/LC_MESSAGES/apt.mo", + "/usr/share/locale/eu/LC_MESSAGES/apt.mo", + "/usr/share/locale/fi/LC_MESSAGES/apt.mo", + "/usr/share/locale/fr/LC_MESSAGES/apt.mo", + "/usr/share/locale/gl/LC_MESSAGES/apt.mo", + "/usr/share/locale/hu/LC_MESSAGES/apt.mo", + "/usr/share/locale/it/LC_MESSAGES/apt.mo", + "/usr/share/locale/ja/LC_MESSAGES/apt.mo", + "/usr/share/locale/km/LC_MESSAGES/apt.mo", + "/usr/share/locale/ko/LC_MESSAGES/apt.mo", + "/usr/share/locale/ku/LC_MESSAGES/apt.mo", + "/usr/share/locale/lt/LC_MESSAGES/apt.mo", + "/usr/share/locale/mr/LC_MESSAGES/apt.mo", + "/usr/share/locale/nb/LC_MESSAGES/apt.mo", + "/usr/share/locale/ne/LC_MESSAGES/apt.mo", + "/usr/share/locale/nl/LC_MESSAGES/apt.mo", + "/usr/share/locale/nn/LC_MESSAGES/apt.mo", + "/usr/share/locale/pl/LC_MESSAGES/apt.mo", + "/usr/share/locale/pt/LC_MESSAGES/apt.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/apt.mo", + "/usr/share/locale/ro/LC_MESSAGES/apt.mo", + "/usr/share/locale/ru/LC_MESSAGES/apt.mo", + "/usr/share/locale/sk/LC_MESSAGES/apt.mo", + "/usr/share/locale/sl/LC_MESSAGES/apt.mo", + "/usr/share/locale/sv/LC_MESSAGES/apt.mo", + "/usr/share/locale/th/LC_MESSAGES/apt.mo", + "/usr/share/locale/tl/LC_MESSAGES/apt.mo", + "/usr/share/locale/tr/LC_MESSAGES/apt.mo", + "/usr/share/locale/uk/LC_MESSAGES/apt.mo", + "/usr/share/locale/vi/LC_MESSAGES/apt.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/apt.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/apt.mo", + "/usr/share/man/de/man1/apt-transport-http.1.gz", + "/usr/share/man/de/man1/apt-transport-https.1.gz", + "/usr/share/man/de/man1/apt-transport-mirror.1.gz", + "/usr/share/man/de/man5/apt.conf.5.gz", + "/usr/share/man/de/man5/apt_auth.conf.5.gz", + "/usr/share/man/de/man5/apt_preferences.5.gz", + "/usr/share/man/de/man5/sources.list.5.gz", + "/usr/share/man/de/man7/apt-patterns.7.gz", + "/usr/share/man/de/man8/apt-cache.8.gz", + "/usr/share/man/de/man8/apt-cdrom.8.gz", + "/usr/share/man/de/man8/apt-config.8.gz", + "/usr/share/man/de/man8/apt-get.8.gz", + "/usr/share/man/de/man8/apt-mark.8.gz", + "/usr/share/man/de/man8/apt-secure.8.gz", + "/usr/share/man/de/man8/apt.8.gz", + "/usr/share/man/es/man5/apt_preferences.5.gz", + "/usr/share/man/es/man8/apt-cache.8.gz", + "/usr/share/man/es/man8/apt-cdrom.8.gz", + "/usr/share/man/es/man8/apt-config.8.gz", + "/usr/share/man/fr/man1/apt-transport-http.1.gz", + "/usr/share/man/fr/man1/apt-transport-https.1.gz", + "/usr/share/man/fr/man1/apt-transport-mirror.1.gz", + "/usr/share/man/fr/man5/apt.conf.5.gz", + "/usr/share/man/fr/man5/apt_auth.conf.5.gz", + "/usr/share/man/fr/man5/apt_preferences.5.gz", + "/usr/share/man/fr/man5/sources.list.5.gz", + "/usr/share/man/fr/man7/apt-patterns.7.gz", + "/usr/share/man/fr/man8/apt-cache.8.gz", + "/usr/share/man/fr/man8/apt-cdrom.8.gz", + "/usr/share/man/fr/man8/apt-config.8.gz", + "/usr/share/man/fr/man8/apt-get.8.gz", + "/usr/share/man/fr/man8/apt-mark.8.gz", + "/usr/share/man/fr/man8/apt-secure.8.gz", + "/usr/share/man/fr/man8/apt.8.gz", + "/usr/share/man/it/man5/apt.conf.5.gz", + "/usr/share/man/it/man5/apt_preferences.5.gz", + "/usr/share/man/it/man8/apt-cache.8.gz", + "/usr/share/man/it/man8/apt-cdrom.8.gz", + "/usr/share/man/it/man8/apt-config.8.gz", + "/usr/share/man/it/man8/apt-mark.8.gz", + "/usr/share/man/it/man8/apt.8.gz", + "/usr/share/man/ja/man5/apt.conf.5.gz", + "/usr/share/man/ja/man5/apt_preferences.5.gz", + "/usr/share/man/ja/man8/apt-cache.8.gz", + "/usr/share/man/ja/man8/apt-cdrom.8.gz", + "/usr/share/man/ja/man8/apt-config.8.gz", + "/usr/share/man/ja/man8/apt-mark.8.gz", + "/usr/share/man/ja/man8/apt.8.gz", + "/usr/share/man/man1/apt-transport-http.1.gz", + "/usr/share/man/man1/apt-transport-https.1.gz", + "/usr/share/man/man1/apt-transport-mirror.1.gz", + "/usr/share/man/man5/apt.conf.5.gz", + "/usr/share/man/man5/apt_auth.conf.5.gz", + "/usr/share/man/man5/apt_preferences.5.gz", + "/usr/share/man/man5/sources.list.5.gz", + "/usr/share/man/man7/apt-patterns.7.gz", + "/usr/share/man/man8/apt-cache.8.gz", + "/usr/share/man/man8/apt-cdrom.8.gz", + "/usr/share/man/man8/apt-config.8.gz", + "/usr/share/man/man8/apt-get.8.gz", + "/usr/share/man/man8/apt-mark.8.gz", + "/usr/share/man/man8/apt-secure.8.gz", + "/usr/share/man/man8/apt.8.gz", + "/usr/share/man/nl/man1/apt-transport-http.1.gz", + "/usr/share/man/nl/man1/apt-transport-https.1.gz", + "/usr/share/man/nl/man1/apt-transport-mirror.1.gz", + "/usr/share/man/nl/man5/apt.conf.5.gz", + "/usr/share/man/nl/man5/apt_auth.conf.5.gz", + "/usr/share/man/nl/man5/apt_preferences.5.gz", + "/usr/share/man/nl/man5/sources.list.5.gz", + "/usr/share/man/nl/man7/apt-patterns.7.gz", + "/usr/share/man/nl/man8/apt-cache.8.gz", + "/usr/share/man/nl/man8/apt-cdrom.8.gz", + "/usr/share/man/nl/man8/apt-config.8.gz", + "/usr/share/man/nl/man8/apt-get.8.gz", + "/usr/share/man/nl/man8/apt-mark.8.gz", + "/usr/share/man/nl/man8/apt-secure.8.gz", + "/usr/share/man/nl/man8/apt.8.gz", + "/usr/share/man/pl/man5/apt_preferences.5.gz", + "/usr/share/man/pl/man8/apt-cache.8.gz", + "/usr/share/man/pl/man8/apt-cdrom.8.gz", + "/usr/share/man/pl/man8/apt-config.8.gz", + "/usr/share/man/pt/man1/apt-transport-http.1.gz", + "/usr/share/man/pt/man1/apt-transport-https.1.gz", + "/usr/share/man/pt/man1/apt-transport-mirror.1.gz", + "/usr/share/man/pt/man5/apt.conf.5.gz", + "/usr/share/man/pt/man5/apt_auth.conf.5.gz", + "/usr/share/man/pt/man5/apt_preferences.5.gz", + "/usr/share/man/pt/man5/sources.list.5.gz", + "/usr/share/man/pt/man7/apt-patterns.7.gz", + "/usr/share/man/pt/man8/apt-cache.8.gz", + "/usr/share/man/pt/man8/apt-cdrom.8.gz", + "/usr/share/man/pt/man8/apt-config.8.gz", + "/usr/share/man/pt/man8/apt-get.8.gz", + "/usr/share/man/pt/man8/apt-mark.8.gz", + "/usr/share/man/pt/man8/apt-secure.8.gz", + "/usr/share/man/pt/man8/apt.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "base-files@13.8+deb13u5", + "Name": "base-files", + "Identifier": { + "PURL": "pkg:deb/debian/base-files@13.8%2Bdeb13u5?arch=amd64\u0026distro=debian-13.5", + "UID": "6b13e330b45e6f4f" + }, + "Version": "13.8+deb13u5", + "Arch": "amd64", + "SrcName": "base-files", + "SrcVersion": "13.8+deb13u5", + "Licenses": [ + "GPL-2.0-or-later", + "verbatim" + ], + "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/os-release", + "/usr/share/base-files/dot.bashrc", + "/usr/share/base-files/dot.profile", + "/usr/share/base-files/dot.profile.md5sums", + "/usr/share/base-files/info.dir", + "/usr/share/base-files/motd", + "/usr/share/base-files/profile", + "/usr/share/base-files/profile.md5sums", + "/usr/share/base-files/staff-group-for-usr-local", + "/usr/share/common-licenses/Apache-2.0", + "/usr/share/common-licenses/Artistic", + "/usr/share/common-licenses/BSD", + "/usr/share/common-licenses/CC0-1.0", + "/usr/share/common-licenses/GFDL-1.2", + "/usr/share/common-licenses/GFDL-1.3", + "/usr/share/common-licenses/GPL-1", + "/usr/share/common-licenses/GPL-2", + "/usr/share/common-licenses/GPL-3", + "/usr/share/common-licenses/LGPL-2", + "/usr/share/common-licenses/LGPL-2.1", + "/usr/share/common-licenses/LGPL-3", + "/usr/share/common-licenses/MPL-1.1", + "/usr/share/common-licenses/MPL-2.0", + "/usr/share/doc/base-files/NEWS.Debian.gz", + "/usr/share/doc/base-files/README", + "/usr/share/doc/base-files/README.FHS", + "/usr/share/doc/base-files/changelog.gz", + "/usr/share/doc/base-files/copyright", + "/usr/share/lintian/overrides/base-files" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "base-passwd@3.6.7", + "Name": "base-passwd", + "Identifier": { + "PURL": "pkg:deb/debian/base-passwd@3.6.7?arch=amd64\u0026distro=debian-13.5", + "UID": "f77779fa356eca05" + }, + "Version": "3.6.7", + "Arch": "amd64", + "SrcName": "base-passwd", + "SrcVersion": "3.6.7", + "Licenses": [ + "GPL-2.0-only", + "public-domain" + ], + "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libdebconfclient0@0.280", + "libselinux1@3.8.1-1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/sbin/update-passwd", + "/usr/share/base-passwd/group.master", + "/usr/share/base-passwd/passwd.master", + "/usr/share/doc-base/base-passwd.users-and-groups", + "/usr/share/doc/base-passwd/README", + "/usr/share/doc/base-passwd/changelog.gz", + "/usr/share/doc/base-passwd/copyright", + "/usr/share/doc/base-passwd/users-and-groups.html", + "/usr/share/doc/base-passwd/users-and-groups.txt.gz", + "/usr/share/lintian/overrides/base-passwd", + "/usr/share/man/de/man8/update-passwd.8.gz", + "/usr/share/man/es/man8/update-passwd.8.gz", + "/usr/share/man/fr/man8/update-passwd.8.gz", + "/usr/share/man/ja/man8/update-passwd.8.gz", + "/usr/share/man/man8/update-passwd.8.gz", + "/usr/share/man/pl/man8/update-passwd.8.gz", + "/usr/share/man/ro/man8/update-passwd.8.gz", + "/usr/share/man/ru/man8/update-passwd.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "bash@5.2.37-2+b9", + "Name": "bash", + "Identifier": { + "PURL": "pkg:deb/debian/bash@5.2.37-2%2Bb9?arch=amd64\u0026distro=debian-13.5", + "UID": "f36f9b3693158651" + }, + "Version": "5.2.37", + "Release": "2+b9", + "Arch": "amd64", + "SrcName": "bash", + "SrcVersion": "5.2.37", + "SrcRelease": "2", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "GPL-2.0-or-later", + "GPL-2.0-only", + "GFDL-1.3-no-invariants-only", + "GFDL-1.3-only", + "Latex2e", + "BSD-4-Clause-UC", + "MIT", + "permissive" + ], + "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "base-files@13.8+deb13u5", + "debianutils@5.23.2" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/bash", + "/usr/bin/bashbug", + "/usr/bin/clear_console", + "/usr/share/debianutils/shells.d/bash", + "/usr/share/doc/bash/CHANGES.gz", + "/usr/share/doc/bash/COMPAT.gz", + "/usr/share/doc/bash/INTRO.gz", + "/usr/share/doc/bash/NEWS.gz", + "/usr/share/doc/bash/POSIX.gz", + "/usr/share/doc/bash/RBASH", + "/usr/share/doc/bash/README.Debian.gz", + "/usr/share/doc/bash/README.abs-guide", + "/usr/share/doc/bash/README.commands.gz", + "/usr/share/doc/bash/README.gz", + "/usr/share/doc/bash/changelog.Debian.amd64.gz", + "/usr/share/doc/bash/changelog.Debian.gz", + "/usr/share/doc/bash/changelog.gz", + "/usr/share/doc/bash/copyright", + "/usr/share/doc/bash/inputrc.arrows", + "/usr/share/lintian/overrides/bash", + "/usr/share/locale/af/LC_MESSAGES/bash.mo", + "/usr/share/locale/bg/LC_MESSAGES/bash.mo", + "/usr/share/locale/ca/LC_MESSAGES/bash.mo", + "/usr/share/locale/cs/LC_MESSAGES/bash.mo", + "/usr/share/locale/da/LC_MESSAGES/bash.mo", + "/usr/share/locale/de/LC_MESSAGES/bash.mo", + "/usr/share/locale/el/LC_MESSAGES/bash.mo", + "/usr/share/locale/en@boldquot/LC_MESSAGES/bash.mo", + "/usr/share/locale/en@quot/LC_MESSAGES/bash.mo", + "/usr/share/locale/eo/LC_MESSAGES/bash.mo", + "/usr/share/locale/es/LC_MESSAGES/bash.mo", + "/usr/share/locale/et/LC_MESSAGES/bash.mo", + "/usr/share/locale/fi/LC_MESSAGES/bash.mo", + "/usr/share/locale/fr/LC_MESSAGES/bash.mo", + "/usr/share/locale/ga/LC_MESSAGES/bash.mo", + "/usr/share/locale/gl/LC_MESSAGES/bash.mo", + "/usr/share/locale/hr/LC_MESSAGES/bash.mo", + "/usr/share/locale/hu/LC_MESSAGES/bash.mo", + "/usr/share/locale/id/LC_MESSAGES/bash.mo", + "/usr/share/locale/it/LC_MESSAGES/bash.mo", + "/usr/share/locale/ja/LC_MESSAGES/bash.mo", + "/usr/share/locale/ko/LC_MESSAGES/bash.mo", + "/usr/share/locale/lt/LC_MESSAGES/bash.mo", + "/usr/share/locale/nb/LC_MESSAGES/bash.mo", + "/usr/share/locale/nl/LC_MESSAGES/bash.mo", + "/usr/share/locale/pl/LC_MESSAGES/bash.mo", + "/usr/share/locale/pt/LC_MESSAGES/bash.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/bash.mo", + "/usr/share/locale/ro/LC_MESSAGES/bash.mo", + "/usr/share/locale/ru/LC_MESSAGES/bash.mo", + "/usr/share/locale/sk/LC_MESSAGES/bash.mo", + "/usr/share/locale/sl/LC_MESSAGES/bash.mo", + "/usr/share/locale/sr/LC_MESSAGES/bash.mo", + "/usr/share/locale/sv/LC_MESSAGES/bash.mo", + "/usr/share/locale/tr/LC_MESSAGES/bash.mo", + "/usr/share/locale/uk/LC_MESSAGES/bash.mo", + "/usr/share/locale/vi/LC_MESSAGES/bash.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/bash.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/bash.mo", + "/usr/share/man/man1/bash.1.gz", + "/usr/share/man/man1/bashbug.1.gz", + "/usr/share/man/man1/clear_console.1.gz", + "/usr/share/man/man1/rbash.1.gz", + "/usr/share/man/man7/bash-builtins.7.gz", + "/usr/share/menu/bash" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "bsdutils@1:2.41-5", + "Name": "bsdutils", + "Identifier": { + "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "5843733a461e6ce1" + }, + "Version": "2.41", + "Release": "5", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/logger", + "/usr/bin/renice", + "/usr/bin/script", + "/usr/bin/scriptlive", + "/usr/bin/scriptreplay", + "/usr/bin/wall", + "/usr/share/bash-completion/completions/logger", + "/usr/share/bash-completion/completions/renice", + "/usr/share/bash-completion/completions/script", + "/usr/share/bash-completion/completions/scriptlive", + "/usr/share/bash-completion/completions/scriptreplay", + "/usr/share/bash-completion/completions/wall", + "/usr/share/doc/bsdutils/NEWS.Debian.gz", + "/usr/share/doc/bsdutils/changelog.Debian.gz", + "/usr/share/doc/bsdutils/changelog.gz", + "/usr/share/doc/bsdutils/copyright", + "/usr/share/lintian/overrides/bsdutils", + "/usr/share/man/man1/logger.1.gz", + "/usr/share/man/man1/renice.1.gz", + "/usr/share/man/man1/script.1.gz", + "/usr/share/man/man1/scriptlive.1.gz", + "/usr/share/man/man1/scriptreplay.1.gz", + "/usr/share/man/man1/wall.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "ca-certificates@20250419", + "Name": "ca-certificates", + "Identifier": { + "PURL": "pkg:deb/debian/ca-certificates@20250419?arch=all\u0026distro=debian-13.5", + "UID": "2c691dbd8cebdf2a" + }, + "Version": "20250419", + "Arch": "all", + "SrcName": "ca-certificates", + "SrcVersion": "20250419", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "MPL-2.0" + ], + "Maintainer": "Julien Cristau \u003cjcristau@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.91", + "openssl@3.5.6-1~deb13u1" + ], + "Layer": { + "Digest": "sha256:4a9dde5cdde190bfa0a3ab17863a083e66ea9636b157638c315357dfa476ba76", + "DiffID": "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54" + }, + "InstalledFiles": [ + "/usr/sbin/update-ca-certificates", + "/usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", + "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", + "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", + "/usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", + "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", + "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", + "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", + "/usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", + "/usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", + "/usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", + "/usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", + "/usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", + "/usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", + "/usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", + "/usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", + "/usr/share/ca-certificates/mozilla/Certigna.crt", + "/usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", + "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", + "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", + "/usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-01.crt", + "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-02.crt", + "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-01.crt", + "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-02.crt", + "/usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_2_2023.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_2_2023.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", + "/usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", + "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", + "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", + "/usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", + "/usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", + "/usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", + "/usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", + "/usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", + "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", + "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", + "/usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", + "/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", + "/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", + "/usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", + "/usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", + "/usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", + "/usr/share/ca-certificates/mozilla/Izenpe.com.crt", + "/usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", + "/usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", + "/usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", + "/usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", + "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", + "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", + "/usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", + "/usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", + "/usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", + "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", + "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", + "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", + "/usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", + "/usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", + "/usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", + "/usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", + "/usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", + "/usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", + "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", + "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", + "/usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", + "/usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", + "/usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", + "/usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", + "/usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", + "/usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", + "/usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", + "/usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", + "/usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", + "/usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", + "/usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", + "/usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", + "/usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", + "/usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", + "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", + "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", + "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", + "/usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt", + "/usr/share/doc/ca-certificates/README.Debian", + "/usr/share/doc/ca-certificates/changelog.gz", + "/usr/share/doc/ca-certificates/copyright", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/Makefile", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/README", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/ca-certificates-local.triggers", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/changelog", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/compat", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/control", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/copyright", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/postrm", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/rules", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/source/format", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Local_Root_CA.crt", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Makefile", + "/usr/share/man/man8/update-ca-certificates.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "coreutils@9.7-3", + "Name": "coreutils", + "Identifier": { + "PURL": "pkg:deb/debian/coreutils@9.7-3?arch=amd64\u0026distro=debian-13.5", + "UID": "cb4a55f50bda2393" + }, + "Version": "9.7", + "Release": "3", + "Arch": "amd64", + "SrcName": "coreutils", + "SrcVersion": "9.7", + "SrcRelease": "3", + "Licenses": [ + "GPL-3.0-or-later", + "BSD-4-Clause-UC", + "GPL-3.0-only", + "ISC", + "FSFULLR", + "GFDL-1.3-no-invariants-only", + "GFDL-1.3-only" + ], + "Maintainer": "Michael Stone \u003cmstone@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/[", + "/usr/bin/arch", + "/usr/bin/b2sum", + "/usr/bin/base32", + "/usr/bin/base64", + "/usr/bin/basename", + "/usr/bin/basenc", + "/usr/bin/cat", + "/usr/bin/chcon", + "/usr/bin/chgrp", + "/usr/bin/chmod", + "/usr/bin/chown", + "/usr/bin/cksum", + "/usr/bin/comm", + "/usr/bin/cp", + "/usr/bin/csplit", + "/usr/bin/cut", + "/usr/bin/date", + "/usr/bin/dd", + "/usr/bin/df", + "/usr/bin/dir", + "/usr/bin/dircolors", + "/usr/bin/dirname", + "/usr/bin/du", + "/usr/bin/echo", + "/usr/bin/env", + "/usr/bin/expand", + "/usr/bin/expr", + "/usr/bin/factor", + "/usr/bin/false", + "/usr/bin/fmt", + "/usr/bin/fold", + "/usr/bin/groups", + "/usr/bin/head", + "/usr/bin/hostid", + "/usr/bin/id", + "/usr/bin/install", + "/usr/bin/join", + "/usr/bin/link", + "/usr/bin/ln", + "/usr/bin/logname", + "/usr/bin/ls", + "/usr/bin/md5sum", + "/usr/bin/mkdir", + "/usr/bin/mkfifo", + "/usr/bin/mknod", + "/usr/bin/mktemp", + "/usr/bin/mv", + "/usr/bin/nice", + "/usr/bin/nl", + "/usr/bin/nohup", + "/usr/bin/nproc", + "/usr/bin/numfmt", + "/usr/bin/od", + "/usr/bin/paste", + "/usr/bin/pathchk", + "/usr/bin/pinky", + "/usr/bin/pr", + "/usr/bin/printenv", + "/usr/bin/printf", + "/usr/bin/ptx", + "/usr/bin/pwd", + "/usr/bin/readlink", + "/usr/bin/realpath", + "/usr/bin/rm", + "/usr/bin/rmdir", + "/usr/bin/runcon", + "/usr/bin/seq", + "/usr/bin/sha1sum", + "/usr/bin/sha224sum", + "/usr/bin/sha256sum", + "/usr/bin/sha384sum", + "/usr/bin/sha512sum", + "/usr/bin/shred", + "/usr/bin/shuf", + "/usr/bin/sleep", + "/usr/bin/sort", + "/usr/bin/split", + "/usr/bin/stat", + "/usr/bin/stdbuf", + "/usr/bin/stty", + "/usr/bin/sum", + "/usr/bin/sync", + "/usr/bin/tac", + "/usr/bin/tail", + "/usr/bin/tee", + "/usr/bin/test", + "/usr/bin/timeout", + "/usr/bin/touch", + "/usr/bin/tr", + "/usr/bin/true", + "/usr/bin/truncate", + "/usr/bin/tsort", + "/usr/bin/tty", + "/usr/bin/uname", + "/usr/bin/unexpand", + "/usr/bin/uniq", + "/usr/bin/unlink", + "/usr/bin/users", + "/usr/bin/vdir", + "/usr/bin/wc", + "/usr/bin/who", + "/usr/bin/whoami", + "/usr/bin/yes", + "/usr/libexec/coreutils/libstdbuf.so", + "/usr/sbin/chroot", + "/usr/share/doc/coreutils/AUTHORS", + "/usr/share/doc/coreutils/NEWS.gz", + "/usr/share/doc/coreutils/README.Debian", + "/usr/share/doc/coreutils/README.gz", + "/usr/share/doc/coreutils/THANKS.gz", + "/usr/share/doc/coreutils/TODO.gz", + "/usr/share/doc/coreutils/changelog.Debian.gz", + "/usr/share/doc/coreutils/changelog.gz", + "/usr/share/doc/coreutils/copyright", + "/usr/share/info/coreutils.info.gz", + "/usr/share/lintian/overrides/coreutils", + "/usr/share/locale/af/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/be/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/bg/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ca/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/cs/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/da/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/de/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/el/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/eo/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/es/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/et/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/eu/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/fi/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/fr/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ga/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/gl/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/hr/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/hu/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ia/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/id/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/it/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ja/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ka/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/kk/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ko/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/lg/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/lt/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ms/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/nb/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/nl/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/pl/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/pt/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ro/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ru/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/sk/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/sl/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/sr/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/sv/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ta/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/tr/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/uk/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/vi/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/coreutils.mo", + "/usr/share/man/man1/arch.1.gz", + "/usr/share/man/man1/b2sum.1.gz", + "/usr/share/man/man1/base32.1.gz", + "/usr/share/man/man1/base64.1.gz", + "/usr/share/man/man1/basename.1.gz", + "/usr/share/man/man1/basenc.1.gz", + "/usr/share/man/man1/cat.1.gz", + "/usr/share/man/man1/chcon.1.gz", + "/usr/share/man/man1/chgrp.1.gz", + "/usr/share/man/man1/chmod.1.gz", + "/usr/share/man/man1/chown.1.gz", + "/usr/share/man/man1/cksum.1.gz", + "/usr/share/man/man1/comm.1.gz", + "/usr/share/man/man1/cp.1.gz", + "/usr/share/man/man1/csplit.1.gz", + "/usr/share/man/man1/cut.1.gz", + "/usr/share/man/man1/date.1.gz", + "/usr/share/man/man1/dd.1.gz", + "/usr/share/man/man1/df.1.gz", + "/usr/share/man/man1/dir.1.gz", + "/usr/share/man/man1/dircolors.1.gz", + "/usr/share/man/man1/dirname.1.gz", + "/usr/share/man/man1/du.1.gz", + "/usr/share/man/man1/echo.1.gz", + "/usr/share/man/man1/env.1.gz", + "/usr/share/man/man1/expand.1.gz", + "/usr/share/man/man1/expr.1.gz", + "/usr/share/man/man1/factor.1.gz", + "/usr/share/man/man1/false.1.gz", + "/usr/share/man/man1/fmt.1.gz", + "/usr/share/man/man1/fold.1.gz", + "/usr/share/man/man1/groups.1.gz", + "/usr/share/man/man1/head.1.gz", + "/usr/share/man/man1/hostid.1.gz", + "/usr/share/man/man1/id.1.gz", + "/usr/share/man/man1/install.1.gz", + "/usr/share/man/man1/join.1.gz", + "/usr/share/man/man1/link.1.gz", + "/usr/share/man/man1/ln.1.gz", + "/usr/share/man/man1/logname.1.gz", + "/usr/share/man/man1/ls.1.gz", + "/usr/share/man/man1/md5sum.1.gz", + "/usr/share/man/man1/mkdir.1.gz", + "/usr/share/man/man1/mkfifo.1.gz", + "/usr/share/man/man1/mknod.1.gz", + "/usr/share/man/man1/mktemp.1.gz", + "/usr/share/man/man1/mv.1.gz", + "/usr/share/man/man1/nice.1.gz", + "/usr/share/man/man1/nl.1.gz", + "/usr/share/man/man1/nohup.1.gz", + "/usr/share/man/man1/nproc.1.gz", + "/usr/share/man/man1/numfmt.1.gz", + "/usr/share/man/man1/od.1.gz", + "/usr/share/man/man1/paste.1.gz", + "/usr/share/man/man1/pathchk.1.gz", + "/usr/share/man/man1/pinky.1.gz", + "/usr/share/man/man1/pr.1.gz", + "/usr/share/man/man1/printenv.1.gz", + "/usr/share/man/man1/printf.1.gz", + "/usr/share/man/man1/ptx.1.gz", + "/usr/share/man/man1/pwd.1.gz", + "/usr/share/man/man1/readlink.1.gz", + "/usr/share/man/man1/realpath.1.gz", + "/usr/share/man/man1/rm.1.gz", + "/usr/share/man/man1/rmdir.1.gz", + "/usr/share/man/man1/runcon.1.gz", + "/usr/share/man/man1/seq.1.gz", + "/usr/share/man/man1/sha1sum.1.gz", + "/usr/share/man/man1/sha224sum.1.gz", + "/usr/share/man/man1/sha256sum.1.gz", + "/usr/share/man/man1/sha384sum.1.gz", + "/usr/share/man/man1/sha512sum.1.gz", + "/usr/share/man/man1/shred.1.gz", + "/usr/share/man/man1/shuf.1.gz", + "/usr/share/man/man1/sleep.1.gz", + "/usr/share/man/man1/sort.1.gz", + "/usr/share/man/man1/split.1.gz", + "/usr/share/man/man1/stat.1.gz", + "/usr/share/man/man1/stdbuf.1.gz", + "/usr/share/man/man1/stty.1.gz", + "/usr/share/man/man1/sum.1.gz", + "/usr/share/man/man1/sync.1.gz", + "/usr/share/man/man1/tac.1.gz", + "/usr/share/man/man1/tail.1.gz", + "/usr/share/man/man1/tee.1.gz", + "/usr/share/man/man1/test.1.gz", + "/usr/share/man/man1/timeout.1.gz", + "/usr/share/man/man1/touch.1.gz", + "/usr/share/man/man1/tr.1.gz", + "/usr/share/man/man1/true.1.gz", + "/usr/share/man/man1/truncate.1.gz", + "/usr/share/man/man1/tsort.1.gz", + "/usr/share/man/man1/tty.1.gz", + "/usr/share/man/man1/uname.1.gz", + "/usr/share/man/man1/unexpand.1.gz", + "/usr/share/man/man1/uniq.1.gz", + "/usr/share/man/man1/unlink.1.gz", + "/usr/share/man/man1/users.1.gz", + "/usr/share/man/man1/vdir.1.gz", + "/usr/share/man/man1/wc.1.gz", + "/usr/share/man/man1/who.1.gz", + "/usr/share/man/man1/whoami.1.gz", + "/usr/share/man/man1/yes.1.gz", + "/usr/share/man/man8/chroot.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "dash@0.5.12-12", + "Name": "dash", + "Identifier": { + "PURL": "pkg:deb/debian/dash@0.5.12-12?arch=amd64\u0026distro=debian-13.5", + "UID": "4990b2098a2a3724" + }, + "Version": "0.5.12", + "Release": "12", + "Arch": "amd64", + "SrcName": "dash", + "SrcVersion": "0.5.12", + "SrcRelease": "12", + "Licenses": [ + "BSD-3-Clause", + "public-domain", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Andrej Shadura \u003candrewsh@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debianutils@5.23.2" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/dash", + "/usr/share/debianutils/shells.d/dash", + "/usr/share/doc/dash/README.Debian.diet", + "/usr/share/doc/dash/README.source", + "/usr/share/doc/dash/changelog.Debian.gz", + "/usr/share/doc/dash/changelog.gz", + "/usr/share/doc/dash/copyright", + "/usr/share/lintian/overrides/dash", + "/usr/share/man/man1/dash.1.gz", + "/usr/share/menu/dash" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "debconf@1.5.91", + "Name": "debconf", + "Identifier": { + "PURL": "pkg:deb/debian/debconf@1.5.91?arch=all\u0026distro=debian-13.5", + "UID": "f7c8b7ba83ed5cfe" + }, + "Version": "1.5.91", + "Arch": "all", + "SrcName": "debconf", + "SrcVersion": "1.5.91", + "Licenses": [ + "BSD-2-Clause" + ], + "Maintainer": "Debconf Developers \u003cdebconf-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/debconf", + "/usr/bin/debconf-apt-progress", + "/usr/bin/debconf-communicate", + "/usr/bin/debconf-copydb", + "/usr/bin/debconf-escape", + "/usr/bin/debconf-set-selections", + "/usr/bin/debconf-show", + "/usr/sbin/dpkg-preconfigure", + "/usr/sbin/dpkg-reconfigure", + "/usr/share/bash-completion/completions/debconf", + "/usr/share/debconf/confmodule", + "/usr/share/debconf/confmodule.sh", + "/usr/share/debconf/debconf.conf", + "/usr/share/debconf/fix_db.pl", + "/usr/share/debconf/frontend", + "/usr/share/doc/debconf/README.Debian", + "/usr/share/doc/debconf/changelog.gz", + "/usr/share/doc/debconf/copyright", + "/usr/share/lintian/overrides/debconf", + "/usr/share/man/man1/debconf-apt-progress.1.gz", + "/usr/share/man/man1/debconf-communicate.1.gz", + "/usr/share/man/man1/debconf-copydb.1.gz", + "/usr/share/man/man1/debconf-escape.1.gz", + "/usr/share/man/man1/debconf-set-selections.1.gz", + "/usr/share/man/man1/debconf-show.1.gz", + "/usr/share/man/man1/debconf.1.gz", + "/usr/share/man/man8/dpkg-preconfigure.8.gz", + "/usr/share/man/man8/dpkg-reconfigure.8.gz", + "/usr/share/perl5/Debconf/AutoSelect.pm", + "/usr/share/perl5/Debconf/Base.pm", + "/usr/share/perl5/Debconf/Client/ConfModule.pm", + "/usr/share/perl5/Debconf/ConfModule.pm", + "/usr/share/perl5/Debconf/Config.pm", + "/usr/share/perl5/Debconf/Db.pm", + "/usr/share/perl5/Debconf/DbDriver.pm", + "/usr/share/perl5/Debconf/DbDriver/Backup.pm", + "/usr/share/perl5/Debconf/DbDriver/Cache.pm", + "/usr/share/perl5/Debconf/DbDriver/Copy.pm", + "/usr/share/perl5/Debconf/DbDriver/Debug.pm", + "/usr/share/perl5/Debconf/DbDriver/DirTree.pm", + "/usr/share/perl5/Debconf/DbDriver/Directory.pm", + "/usr/share/perl5/Debconf/DbDriver/File.pm", + "/usr/share/perl5/Debconf/DbDriver/LDAP.pm", + "/usr/share/perl5/Debconf/DbDriver/PackageDir.pm", + "/usr/share/perl5/Debconf/DbDriver/Pipe.pm", + "/usr/share/perl5/Debconf/DbDriver/Stack.pm", + "/usr/share/perl5/Debconf/Element.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Error.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Note.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Password.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Progress.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Select.pm", + "/usr/share/perl5/Debconf/Element/Dialog/String.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Text.pm", + "/usr/share/perl5/Debconf/Element/Editor/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Editor/Error.pm", + "/usr/share/perl5/Debconf/Element/Editor/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Editor/Note.pm", + "/usr/share/perl5/Debconf/Element/Editor/Password.pm", + "/usr/share/perl5/Debconf/Element/Editor/Progress.pm", + "/usr/share/perl5/Debconf/Element/Editor/Select.pm", + "/usr/share/perl5/Debconf/Element/Editor/String.pm", + "/usr/share/perl5/Debconf/Element/Editor/Text.pm", + "/usr/share/perl5/Debconf/Element/Gnome.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Error.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Note.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Password.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Progress.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Select.pm", + "/usr/share/perl5/Debconf/Element/Gnome/String.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Text.pm", + "/usr/share/perl5/Debconf/Element/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Error.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Note.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Password.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Progress.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Select.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/String.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Text.pm", + "/usr/share/perl5/Debconf/Element/Select.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Error.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Note.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Password.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Progress.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Select.pm", + "/usr/share/perl5/Debconf/Element/Teletype/String.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Text.pm", + "/usr/share/perl5/Debconf/Element/Web/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Web/Error.pm", + "/usr/share/perl5/Debconf/Element/Web/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Web/Note.pm", + "/usr/share/perl5/Debconf/Element/Web/Password.pm", + "/usr/share/perl5/Debconf/Element/Web/Progress.pm", + "/usr/share/perl5/Debconf/Element/Web/Select.pm", + "/usr/share/perl5/Debconf/Element/Web/String.pm", + "/usr/share/perl5/Debconf/Element/Web/Text.pm", + "/usr/share/perl5/Debconf/Encoding.pm", + "/usr/share/perl5/Debconf/Format.pm", + "/usr/share/perl5/Debconf/Format/822.pm", + "/usr/share/perl5/Debconf/FrontEnd.pm", + "/usr/share/perl5/Debconf/FrontEnd/Dialog.pm", + "/usr/share/perl5/Debconf/FrontEnd/Editor.pm", + "/usr/share/perl5/Debconf/FrontEnd/Gnome.pm", + "/usr/share/perl5/Debconf/FrontEnd/Kde.pm", + "/usr/share/perl5/Debconf/FrontEnd/Noninteractive.pm", + "/usr/share/perl5/Debconf/FrontEnd/Passthrough.pm", + "/usr/share/perl5/Debconf/FrontEnd/Readline.pm", + "/usr/share/perl5/Debconf/FrontEnd/ScreenSize.pm", + "/usr/share/perl5/Debconf/FrontEnd/Teletype.pm", + "/usr/share/perl5/Debconf/FrontEnd/Text.pm", + "/usr/share/perl5/Debconf/FrontEnd/Web.pm", + "/usr/share/perl5/Debconf/Gettext.pm", + "/usr/share/perl5/Debconf/Iterator.pm", + "/usr/share/perl5/Debconf/Log.pm", + "/usr/share/perl5/Debconf/Path.pm", + "/usr/share/perl5/Debconf/Priority.pm", + "/usr/share/perl5/Debconf/Question.pm", + "/usr/share/perl5/Debconf/Template.pm", + "/usr/share/perl5/Debconf/Template/Transient.pm", + "/usr/share/perl5/Debconf/TmpFile.pm", + "/usr/share/perl5/Debian/DebConf/Client/ConfModule.pm", + "/usr/share/pixmaps/debian-logo.png" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "debian-archive-keyring@2025.1", + "Name": "debian-archive-keyring", + "Identifier": { + "PURL": "pkg:deb/debian/debian-archive-keyring@2025.1?arch=all\u0026distro=debian-13.5", + "UID": "a22d861380b1187c" + }, + "Version": "2025.1", + "Arch": "all", + "SrcName": "debian-archive-keyring", + "SrcVersion": "2025.1", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Debian Release Team \u003cpackages@release.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/share/doc/debian-archive-keyring/NEWS.Debian.gz", + "/usr/share/doc/debian-archive-keyring/README", + "/usr/share/doc/debian-archive-keyring/changelog.gz", + "/usr/share/doc/debian-archive-keyring/copyright", + "/usr/share/keyrings/debian-archive-bookworm-automatic.pgp", + "/usr/share/keyrings/debian-archive-bookworm-security-automatic.pgp", + "/usr/share/keyrings/debian-archive-bookworm-stable.pgp", + "/usr/share/keyrings/debian-archive-bullseye-automatic.pgp", + "/usr/share/keyrings/debian-archive-bullseye-security-automatic.pgp", + "/usr/share/keyrings/debian-archive-bullseye-stable.pgp", + "/usr/share/keyrings/debian-archive-keyring.pgp", + "/usr/share/keyrings/debian-archive-removed-keys.pgp", + "/usr/share/keyrings/debian-archive-trixie-automatic.pgp", + "/usr/share/keyrings/debian-archive-trixie-security-automatic.pgp", + "/usr/share/keyrings/debian-archive-trixie-stable.pgp" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "debianutils@5.23.2", + "Name": "debianutils", + "Identifier": { + "PURL": "pkg:deb/debian/debianutils@5.23.2?arch=amd64\u0026distro=debian-13.5", + "UID": "3c5d0b66afafddbb" + }, + "Version": "5.23.2", + "Arch": "amd64", + "SrcName": "debianutils", + "SrcVersion": "5.23.2", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "public-domain", + "SMAIL-GPL" + ], + "Maintainer": "Ileana Dumitrescu \u003cileanadumitrescu95@gmail.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/ischroot", + "/usr/bin/run-parts", + "/usr/bin/savelog", + "/usr/bin/tempfile", + "/usr/bin/which.debianutils", + "/usr/sbin/add-shell", + "/usr/sbin/installkernel", + "/usr/sbin/remove-shell", + "/usr/sbin/update-shells", + "/usr/share/debianutils/shells", + "/usr/share/doc/debianutils/README.shells", + "/usr/share/doc/debianutils/changelog.gz", + "/usr/share/doc/debianutils/copyright", + "/usr/share/man/de/man1/which.debianutils.1.gz", + "/usr/share/man/de/man8/add-shell.8.gz", + "/usr/share/man/de/man8/installkernel.8.gz", + "/usr/share/man/de/man8/remove-shell.8.gz", + "/usr/share/man/de/man8/run-parts.8.gz", + "/usr/share/man/de/man8/savelog.8.gz", + "/usr/share/man/es/man1/which.debianutils.1.gz", + "/usr/share/man/es/man8/add-shell.8.gz", + "/usr/share/man/es/man8/installkernel.8.gz", + "/usr/share/man/es/man8/remove-shell.8.gz", + "/usr/share/man/es/man8/run-parts.8.gz", + "/usr/share/man/es/man8/savelog.8.gz", + "/usr/share/man/fr/man1/which.debianutils.1.gz", + "/usr/share/man/fr/man8/add-shell.8.gz", + "/usr/share/man/fr/man8/installkernel.8.gz", + "/usr/share/man/fr/man8/remove-shell.8.gz", + "/usr/share/man/fr/man8/run-parts.8.gz", + "/usr/share/man/fr/man8/savelog.8.gz", + "/usr/share/man/it/man1/which.debianutils.1.gz", + "/usr/share/man/it/man8/add-shell.8.gz", + "/usr/share/man/it/man8/installkernel.8.gz", + "/usr/share/man/it/man8/remove-shell.8.gz", + "/usr/share/man/it/man8/run-parts.8.gz", + "/usr/share/man/it/man8/savelog.8.gz", + "/usr/share/man/ja/man1/which.debianutils.1.gz", + "/usr/share/man/ja/man8/add-shell.8.gz", + "/usr/share/man/ja/man8/installkernel.8.gz", + "/usr/share/man/ja/man8/remove-shell.8.gz", + "/usr/share/man/ja/man8/run-parts.8.gz", + "/usr/share/man/ja/man8/savelog.8.gz", + "/usr/share/man/man1/ischroot.1.gz", + "/usr/share/man/man1/tempfile.1.gz", + "/usr/share/man/man1/which.debianutils.1.gz", + "/usr/share/man/man8/add-shell.8.gz", + "/usr/share/man/man8/installkernel.8.gz", + "/usr/share/man/man8/remove-shell.8.gz", + "/usr/share/man/man8/run-parts.8.gz", + "/usr/share/man/man8/savelog.8.gz", + "/usr/share/man/man8/update-shells.8.gz", + "/usr/share/man/pl/man1/which.debianutils.1.gz", + "/usr/share/man/pl/man8/add-shell.8.gz", + "/usr/share/man/pl/man8/installkernel.8.gz", + "/usr/share/man/pl/man8/remove-shell.8.gz", + "/usr/share/man/pl/man8/run-parts.8.gz", + "/usr/share/man/pl/man8/savelog.8.gz", + "/usr/share/man/pt/man1/which.debianutils.1.gz", + "/usr/share/man/pt/man8/add-shell.8.gz", + "/usr/share/man/pt/man8/installkernel.8.gz", + "/usr/share/man/pt/man8/remove-shell.8.gz", + "/usr/share/man/pt/man8/run-parts.8.gz", + "/usr/share/man/pt/man8/savelog.8.gz", + "/usr/share/man/sl/man1/which.debianutils.1.gz", + "/usr/share/man/sl/man8/add-shell.8.gz", + "/usr/share/man/sl/man8/installkernel.8.gz", + "/usr/share/man/sl/man8/remove-shell.8.gz", + "/usr/share/man/sl/man8/run-parts.8.gz", + "/usr/share/man/sl/man8/savelog.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "diffutils@1:3.10-4", + "Name": "diffutils", + "Identifier": { + "PURL": "pkg:deb/debian/diffutils@3.10-4?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "852f693a78aaa149" + }, + "Version": "3.10", + "Release": "4", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "diffutils", + "SrcVersion": "3.10", + "SrcRelease": "4", + "SrcEpoch": 1, + "Licenses": [ + "GPL-3.0-or-later", + "FSFULLR", + "LGPL-2.1-or-later", + "GPL-3.0-with-autoconf-exception+", + "GPL-3.0-only", + "GPL-3+ with texinfo exception", + "LGPL-2.0-or-later", + "GPL-2.0-or-later", + "X11", + "FSFAP", + "GFDL-1.3-no-invariants-only", + "LGPL-3.0-or-later", + "LGPL-3.0-only", + "public-domain", + "LGPL-2.0-only", + "LGPL-2.1-only", + "GPL-2.0-only", + "GFDL-1.3-only" + ], + "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/cmp", + "/usr/bin/diff", + "/usr/bin/diff3", + "/usr/bin/sdiff", + "/usr/share/doc/diffutils/NEWS.gz", + "/usr/share/doc/diffutils/changelog.Debian.gz", + "/usr/share/doc/diffutils/changelog.gz", + "/usr/share/doc/diffutils/copyright", + "/usr/share/info/diffutils.info.gz", + "/usr/share/locale/bg/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ca/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/cs/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/da/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/de/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/el/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/eo/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/es/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/fi/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/fr/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ga/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/gl/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/he/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/hr/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/hu/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/id/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/it/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ja/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ka/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ko/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/lv/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ms/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/nb/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/nl/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/pl/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/pt/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ro/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ru/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/sr/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/sv/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/tr/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/uk/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/vi/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/diffutils.mo", + "/usr/share/man/man1/cmp.1.gz", + "/usr/share/man/man1/diff.1.gz", + "/usr/share/man/man1/diff3.1.gz", + "/usr/share/man/man1/sdiff.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "dpkg@1.22.22", + "Name": "dpkg", + "Identifier": { + "PURL": "pkg:deb/debian/dpkg@1.22.22?arch=amd64\u0026distro=debian-13.5", + "UID": "7b97f27e3bec0417" + }, + "Version": "1.22.22", + "Arch": "amd64", + "SrcName": "dpkg", + "SrcVersion": "1.22.22", + "Licenses": [ + "GPL-2.0-or-later", + "public-domain-s-s-d", + "GPL-2.0-only" + ], + "Maintainer": "Dpkg Developers \u003cdebian-dpkg@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "tar@1.35+dfsg-3.1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/dpkg", + "/usr/bin/dpkg-deb", + "/usr/bin/dpkg-divert", + "/usr/bin/dpkg-maintscript-helper", + "/usr/bin/dpkg-query", + "/usr/bin/dpkg-realpath", + "/usr/bin/dpkg-split", + "/usr/bin/dpkg-statoverride", + "/usr/bin/dpkg-trigger", + "/usr/bin/update-alternatives", + "/usr/lib/systemd/system/dpkg-db-backup.service", + "/usr/lib/systemd/system/dpkg-db-backup.timer", + "/usr/libexec/dpkg/dpkg-db-backup", + "/usr/libexec/dpkg/dpkg-db-keeper", + "/usr/sbin/start-stop-daemon", + "/usr/share/doc/dpkg/AUTHORS", + "/usr/share/doc/dpkg/README.api", + "/usr/share/doc/dpkg/README.bug-usertags.gz", + "/usr/share/doc/dpkg/README.feature-removal-schedule.gz", + "/usr/share/doc/dpkg/THANKS.gz", + "/usr/share/doc/dpkg/changelog.gz", + "/usr/share/doc/dpkg/copyright", + "/usr/share/dpkg/abitable", + "/usr/share/dpkg/cputable", + "/usr/share/dpkg/ostable", + "/usr/share/dpkg/sh/dpkg-error.sh", + "/usr/share/dpkg/tupletable", + "/usr/share/lintian/overrides/dpkg", + "/usr/share/lintian/profiles/dpkg/main.profile", + "/usr/share/locale/ast/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/bs/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ca/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/cs/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/da/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/de/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/dz/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/el/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/eo/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/es/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/et/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/eu/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/fr/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/gl/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/hu/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/id/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/it/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ja/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/km/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ko/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ku/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/lt/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/mr/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/nb/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ne/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/nl/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/nn/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/oc/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/pa/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/pl/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/pt/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ro/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ru/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/sk/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/sv/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/th/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/tl/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/tr/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/vi/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/dpkg.mo", + "/usr/share/man/de/man1/dpkg-deb.1.gz", + "/usr/share/man/de/man1/dpkg-divert.1.gz", + "/usr/share/man/de/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/de/man1/dpkg-query.1.gz", + "/usr/share/man/de/man1/dpkg-realpath.1.gz", + "/usr/share/man/de/man1/dpkg-split.1.gz", + "/usr/share/man/de/man1/dpkg-statoverride.1.gz", + "/usr/share/man/de/man1/dpkg-trigger.1.gz", + "/usr/share/man/de/man1/dpkg.1.gz", + "/usr/share/man/de/man1/update-alternatives.1.gz", + "/usr/share/man/de/man5/dpkg.cfg.5.gz", + "/usr/share/man/de/man8/start-stop-daemon.8.gz", + "/usr/share/man/es/man5/dpkg.cfg.5.gz", + "/usr/share/man/fr/man1/dpkg-divert.1.gz", + "/usr/share/man/fr/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/fr/man1/dpkg-query.1.gz", + "/usr/share/man/fr/man1/dpkg-realpath.1.gz", + "/usr/share/man/fr/man1/dpkg-split.1.gz", + "/usr/share/man/fr/man1/dpkg-trigger.1.gz", + "/usr/share/man/fr/man1/update-alternatives.1.gz", + "/usr/share/man/fr/man5/dpkg.cfg.5.gz", + "/usr/share/man/fr/man8/start-stop-daemon.8.gz", + "/usr/share/man/it/man5/dpkg.cfg.5.gz", + "/usr/share/man/ja/man5/dpkg.cfg.5.gz", + "/usr/share/man/man1/dpkg-deb.1.gz", + "/usr/share/man/man1/dpkg-divert.1.gz", + "/usr/share/man/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/man1/dpkg-query.1.gz", + "/usr/share/man/man1/dpkg-realpath.1.gz", + "/usr/share/man/man1/dpkg-split.1.gz", + "/usr/share/man/man1/dpkg-statoverride.1.gz", + "/usr/share/man/man1/dpkg-trigger.1.gz", + "/usr/share/man/man1/dpkg.1.gz", + "/usr/share/man/man1/update-alternatives.1.gz", + "/usr/share/man/man5/dpkg.cfg.5.gz", + "/usr/share/man/man8/start-stop-daemon.8.gz", + "/usr/share/man/nl/man1/dpkg-deb.1.gz", + "/usr/share/man/nl/man1/dpkg-divert.1.gz", + "/usr/share/man/nl/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/nl/man1/dpkg-query.1.gz", + "/usr/share/man/nl/man1/dpkg-realpath.1.gz", + "/usr/share/man/nl/man1/dpkg-split.1.gz", + "/usr/share/man/nl/man1/dpkg-statoverride.1.gz", + "/usr/share/man/nl/man1/dpkg-trigger.1.gz", + "/usr/share/man/nl/man1/dpkg.1.gz", + "/usr/share/man/nl/man1/update-alternatives.1.gz", + "/usr/share/man/nl/man5/dpkg.cfg.5.gz", + "/usr/share/man/nl/man8/start-stop-daemon.8.gz", + "/usr/share/man/pl/man5/dpkg.cfg.5.gz", + "/usr/share/man/pt/man1/dpkg-deb.1.gz", + "/usr/share/man/pt/man1/dpkg-divert.1.gz", + "/usr/share/man/pt/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/pt/man1/dpkg-query.1.gz", + "/usr/share/man/pt/man1/dpkg-realpath.1.gz", + "/usr/share/man/pt/man1/dpkg-split.1.gz", + "/usr/share/man/pt/man1/dpkg-statoverride.1.gz", + "/usr/share/man/pt/man1/dpkg-trigger.1.gz", + "/usr/share/man/pt/man1/dpkg.1.gz", + "/usr/share/man/pt/man1/update-alternatives.1.gz", + "/usr/share/man/pt/man5/dpkg.cfg.5.gz", + "/usr/share/man/pt/man8/start-stop-daemon.8.gz", + "/usr/share/man/sv/man1/dpkg-deb.1.gz", + "/usr/share/man/sv/man1/dpkg-divert.1.gz", + "/usr/share/man/sv/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/sv/man1/dpkg-query.1.gz", + "/usr/share/man/sv/man1/dpkg-realpath.1.gz", + "/usr/share/man/sv/man1/dpkg-split.1.gz", + "/usr/share/man/sv/man1/dpkg-statoverride.1.gz", + "/usr/share/man/sv/man1/dpkg-trigger.1.gz", + "/usr/share/man/sv/man1/dpkg.1.gz", + "/usr/share/man/sv/man1/update-alternatives.1.gz", + "/usr/share/man/sv/man5/dpkg.cfg.5.gz", + "/usr/share/man/sv/man8/start-stop-daemon.8.gz", + "/usr/share/polkit-1/actions/org.dpkg.pkexec.update-alternatives.policy" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "findutils@4.10.0-3", + "Name": "findutils", + "Identifier": { + "PURL": "pkg:deb/debian/findutils@4.10.0-3?arch=amd64\u0026distro=debian-13.5", + "UID": "12e741692291b42a" + }, + "Version": "4.10.0", + "Release": "3", + "Arch": "amd64", + "SrcName": "findutils", + "SrcVersion": "4.10.0", + "SrcRelease": "3", + "Licenses": [ + "GFDL-1.3-no-invariants-or-later", + "GPL-3.0-or-later", + "FSFAP", + "GPL-2+ with Autoconf-data exception", + "GPL-3+ with Autoconf-data exception", + "FSFULLR", + "GPL-2.0-or-later", + "X11", + "public-domain", + "LGPL-2.1-or-later", + "GPL with automake exception", + "LGPL-2.0-or-later", + "LGPL-3.0-or-later", + "BSD-3-Clause", + "GPL-3+ with Bison-2.2 exception", + "LGPL-3.0-only", + "ISC", + "GFDL-1.3-only", + "GPL-2.0-only", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Andreas Metzler \u003cametzler@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/find", + "/usr/bin/xargs", + "/usr/share/doc-base/findutils.findutils", + "/usr/share/doc/findutils/NEWS.gz", + "/usr/share/doc/findutils/README.gz", + "/usr/share/doc/findutils/TODO", + "/usr/share/doc/findutils/changelog.Debian.gz", + "/usr/share/doc/findutils/changelog.gz", + "/usr/share/doc/findutils/copyright", + "/usr/share/info/find-maint.info.gz", + "/usr/share/info/find.info.gz", + "/usr/share/locale/be/LC_MESSAGES/findutils.mo", + "/usr/share/locale/bg/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ca/LC_MESSAGES/findutils.mo", + "/usr/share/locale/cs/LC_MESSAGES/findutils.mo", + "/usr/share/locale/da/LC_MESSAGES/findutils.mo", + "/usr/share/locale/de/LC_MESSAGES/findutils.mo", + "/usr/share/locale/el/LC_MESSAGES/findutils.mo", + "/usr/share/locale/eo/LC_MESSAGES/findutils.mo", + "/usr/share/locale/es/LC_MESSAGES/findutils.mo", + "/usr/share/locale/et/LC_MESSAGES/findutils.mo", + "/usr/share/locale/fi/LC_MESSAGES/findutils.mo", + "/usr/share/locale/fr/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ga/LC_MESSAGES/findutils.mo", + "/usr/share/locale/gl/LC_MESSAGES/findutils.mo", + "/usr/share/locale/hr/LC_MESSAGES/findutils.mo", + "/usr/share/locale/hu/LC_MESSAGES/findutils.mo", + "/usr/share/locale/id/LC_MESSAGES/findutils.mo", + "/usr/share/locale/it/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ja/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ka/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ko/LC_MESSAGES/findutils.mo", + "/usr/share/locale/lg/LC_MESSAGES/findutils.mo", + "/usr/share/locale/lt/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ms/LC_MESSAGES/findutils.mo", + "/usr/share/locale/nb/LC_MESSAGES/findutils.mo", + "/usr/share/locale/nl/LC_MESSAGES/findutils.mo", + "/usr/share/locale/pl/LC_MESSAGES/findutils.mo", + "/usr/share/locale/pt/LC_MESSAGES/findutils.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ro/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ru/LC_MESSAGES/findutils.mo", + "/usr/share/locale/sk/LC_MESSAGES/findutils.mo", + "/usr/share/locale/sl/LC_MESSAGES/findutils.mo", + "/usr/share/locale/sr/LC_MESSAGES/findutils.mo", + "/usr/share/locale/sv/LC_MESSAGES/findutils.mo", + "/usr/share/locale/tr/LC_MESSAGES/findutils.mo", + "/usr/share/locale/uk/LC_MESSAGES/findutils.mo", + "/usr/share/locale/vi/LC_MESSAGES/findutils.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/findutils.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/findutils.mo", + "/usr/share/man/man1/find.1.gz", + "/usr/share/man/man1/xargs.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "gcc-14-base@14.2.0-19", + "Name": "gcc-14-base", + "Identifier": { + "PURL": "pkg:deb/debian/gcc-14-base@14.2.0-19?arch=amd64\u0026distro=debian-13.5", + "UID": "371c061d08215a1b" + }, + "Version": "14.2.0", + "Release": "19", + "Arch": "amd64", + "SrcName": "gcc-14", + "SrcVersion": "14.2.0", + "SrcRelease": "19", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-3.0-only", + "GFDL-1.2-only", + "Artistic-2.0", + "LGPL-2.0-or-later" + ], + "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/share/doc/gcc-14-base/README.Debian.amd64.gz", + "/usr/share/doc/gcc-14-base/TODO.Debian", + "/usr/share/doc/gcc-14-base/changelog.Debian.gz", + "/usr/share/doc/gcc-14-base/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "grep@3.11-4", + "Name": "grep", + "Identifier": { + "PURL": "pkg:deb/debian/grep@3.11-4?arch=amd64\u0026distro=debian-13.5", + "UID": "6ce8b4eed9c0d137" + }, + "Version": "3.11", + "Release": "4", + "Arch": "amd64", + "SrcName": "grep", + "SrcVersion": "3.11", + "SrcRelease": "4", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only" + ], + "Maintainer": "Anibal Monsalve Salazar \u003canibal@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/egrep", + "/usr/bin/fgrep", + "/usr/bin/grep", + "/usr/bin/rgrep", + "/usr/share/doc/grep/AUTHORS", + "/usr/share/doc/grep/NEWS.Debian.gz", + "/usr/share/doc/grep/NEWS.gz", + "/usr/share/doc/grep/README", + "/usr/share/doc/grep/THANKS.gz", + "/usr/share/doc/grep/TODO.gz", + "/usr/share/doc/grep/changelog.Debian.gz", + "/usr/share/doc/grep/changelog.gz", + "/usr/share/doc/grep/copyright", + "/usr/share/info/grep.info.gz", + "/usr/share/locale/af/LC_MESSAGES/grep.mo", + "/usr/share/locale/be/LC_MESSAGES/grep.mo", + "/usr/share/locale/bg/LC_MESSAGES/grep.mo", + "/usr/share/locale/ca/LC_MESSAGES/grep.mo", + "/usr/share/locale/cs/LC_MESSAGES/grep.mo", + "/usr/share/locale/da/LC_MESSAGES/grep.mo", + "/usr/share/locale/de/LC_MESSAGES/grep.mo", + "/usr/share/locale/el/LC_MESSAGES/grep.mo", + "/usr/share/locale/eo/LC_MESSAGES/grep.mo", + "/usr/share/locale/es/LC_MESSAGES/grep.mo", + "/usr/share/locale/et/LC_MESSAGES/grep.mo", + "/usr/share/locale/eu/LC_MESSAGES/grep.mo", + "/usr/share/locale/fi/LC_MESSAGES/grep.mo", + "/usr/share/locale/fr/LC_MESSAGES/grep.mo", + "/usr/share/locale/ga/LC_MESSAGES/grep.mo", + "/usr/share/locale/gl/LC_MESSAGES/grep.mo", + "/usr/share/locale/he/LC_MESSAGES/grep.mo", + "/usr/share/locale/hr/LC_MESSAGES/grep.mo", + "/usr/share/locale/hu/LC_MESSAGES/grep.mo", + "/usr/share/locale/id/LC_MESSAGES/grep.mo", + "/usr/share/locale/it/LC_MESSAGES/grep.mo", + "/usr/share/locale/ja/LC_MESSAGES/grep.mo", + "/usr/share/locale/ka/LC_MESSAGES/grep.mo", + "/usr/share/locale/ko/LC_MESSAGES/grep.mo", + "/usr/share/locale/ky/LC_MESSAGES/grep.mo", + "/usr/share/locale/lt/LC_MESSAGES/grep.mo", + "/usr/share/locale/nb/LC_MESSAGES/grep.mo", + "/usr/share/locale/nl/LC_MESSAGES/grep.mo", + "/usr/share/locale/pa/LC_MESSAGES/grep.mo", + "/usr/share/locale/pl/LC_MESSAGES/grep.mo", + "/usr/share/locale/pt/LC_MESSAGES/grep.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/grep.mo", + "/usr/share/locale/ro/LC_MESSAGES/grep.mo", + "/usr/share/locale/ru/LC_MESSAGES/grep.mo", + "/usr/share/locale/sk/LC_MESSAGES/grep.mo", + "/usr/share/locale/sl/LC_MESSAGES/grep.mo", + "/usr/share/locale/sr/LC_MESSAGES/grep.mo", + "/usr/share/locale/sv/LC_MESSAGES/grep.mo", + "/usr/share/locale/ta/LC_MESSAGES/grep.mo", + "/usr/share/locale/th/LC_MESSAGES/grep.mo", + "/usr/share/locale/tr/LC_MESSAGES/grep.mo", + "/usr/share/locale/uk/LC_MESSAGES/grep.mo", + "/usr/share/locale/vi/LC_MESSAGES/grep.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/grep.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/grep.mo", + "/usr/share/man/man1/grep.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "gzip@1.13-1", + "Name": "gzip", + "Identifier": { + "PURL": "pkg:deb/debian/gzip@1.13-1?arch=amd64\u0026distro=debian-13.5", + "UID": "954545ce99bc687e" + }, + "Version": "1.13", + "Release": "1", + "Arch": "amd64", + "SrcName": "gzip", + "SrcVersion": "1.13", + "SrcRelease": "1", + "Licenses": [ + "GPL-3.0-or-later", + "GFDL-1.3+-no-invariant", + "FSF-manpages", + "GPL-3.0-only", + "GFDL-3" + ], + "Maintainer": "Milan Kupcevic \u003cmilan@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/gunzip", + "/usr/bin/gzexe", + "/usr/bin/gzip", + "/usr/bin/zcat", + "/usr/bin/zcmp", + "/usr/bin/zdiff", + "/usr/bin/zegrep", + "/usr/bin/zfgrep", + "/usr/bin/zforce", + "/usr/bin/zgrep", + "/usr/bin/zless", + "/usr/bin/zmore", + "/usr/bin/znew", + "/usr/share/doc/gzip/NEWS.gz", + "/usr/share/doc/gzip/README.gz", + "/usr/share/doc/gzip/TODO", + "/usr/share/doc/gzip/changelog.Debian.gz", + "/usr/share/doc/gzip/changelog.gz", + "/usr/share/doc/gzip/copyright", + "/usr/share/info/gzip.info.gz", + "/usr/share/man/man1/gzexe.1.gz", + "/usr/share/man/man1/gzip.1.gz", + "/usr/share/man/man1/zdiff.1.gz", + "/usr/share/man/man1/zforce.1.gz", + "/usr/share/man/man1/zgrep.1.gz", + "/usr/share/man/man1/zless.1.gz", + "/usr/share/man/man1/zmore.1.gz", + "/usr/share/man/man1/znew.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "hostname@3.25", + "Name": "hostname", + "Identifier": { + "PURL": "pkg:deb/debian/hostname@3.25?arch=amd64\u0026distro=debian-13.5", + "UID": "641772722328aedf" + }, + "Version": "3.25", + "Arch": "amd64", + "SrcName": "hostname", + "SrcVersion": "3.25", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Michael Meskes \u003cmeskes@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/hostname", + "/usr/share/doc/hostname/changelog.gz", + "/usr/share/doc/hostname/copyright", + "/usr/share/man/man1/hostname.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "init-system-helpers@1.69~deb13u1", + "Name": "init-system-helpers", + "Identifier": { + "PURL": "pkg:deb/debian/init-system-helpers@1.69~deb13u1?arch=all\u0026distro=debian-13.5", + "UID": "cb52819ec2f1a236" + }, + "Version": "1.69~deb13u1", + "Arch": "all", + "SrcName": "init-system-helpers", + "SrcVersion": "1.69~deb13u1", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/deb-systemd-helper", + "/usr/bin/deb-systemd-invoke", + "/usr/sbin/invoke-rc.d", + "/usr/sbin/service", + "/usr/sbin/update-rc.d", + "/usr/share/bug/init-system-helpers/control", + "/usr/share/doc/init-system-helpers/README.invoke-rc.d.gz", + "/usr/share/doc/init-system-helpers/README.policy-rc.d.gz", + "/usr/share/doc/init-system-helpers/changelog.gz", + "/usr/share/doc/init-system-helpers/copyright", + "/usr/share/lintian/overrides/init-system-helpers", + "/usr/share/man/man1/deb-systemd-helper.1p.gz", + "/usr/share/man/man1/deb-systemd-invoke.1p.gz", + "/usr/share/man/man8/invoke-rc.d.8.gz", + "/usr/share/man/man8/service.8.gz", + "/usr/share/man/man8/update-rc.d.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libacl1@2.3.2-2+b1", + "Name": "libacl1", + "Identifier": { + "PURL": "pkg:deb/debian/libacl1@2.3.2-2%2Bb1?arch=amd64\u0026distro=debian-13.5", + "UID": "f9f7789d147b9636" + }, + "Version": "2.3.2", + "Release": "2+b1", + "Arch": "amd64", + "SrcName": "acl", + "SrcVersion": "2.3.2", + "SrcRelease": "2", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.0-or-later", + "LGPL-2.1-only" + ], + "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libacl.so.1.1.2302", + "/usr/share/doc/libacl1/changelog.Debian.amd64.gz", + "/usr/share/doc/libacl1/changelog.Debian.gz", + "/usr/share/doc/libacl1/changelog.gz", + "/usr/share/doc/libacl1/copyright", + "/usr/share/lintian/overrides/libacl1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libapt-pkg7.0@3.0.3", + "Name": "libapt-pkg7.0", + "Identifier": { + "PURL": "pkg:deb/debian/libapt-pkg7.0@3.0.3?arch=amd64\u0026distro=debian-13.5", + "UID": "5549812c55d79bea" + }, + "Version": "3.0.3", + "Arch": "amd64", + "SrcName": "apt", + "SrcVersion": "3.0.3", + "Licenses": [ + "GPL-2.0-or-later", + "curl", + "BSD-3-Clause", + "MIT", + "GPL-2.0-only" + ], + "Maintainer": "APT Development Team \u003cdeity@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libbz2-1.0@1.0.8-6", + "libc6@2.41-12+deb13u3", + "libgcc-s1@14.2.0-19", + "liblz4-1@1.10.0-4", + "liblzma5@5.8.1-1", + "libssl3t64@3.5.6-1~deb13u1", + "libstdc++6@14.2.0-19", + "libsystemd0@257.13-1~deb13u1", + "libudev1@257.13-1~deb13u1", + "libxxhash0@0.8.3-2", + "libzstd1@1.5.7+dfsg-1", + "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libapt-pkg.so.7.0.0", + "/usr/share/doc/libapt-pkg7.0/NEWS.Debian.gz", + "/usr/share/doc/libapt-pkg7.0/changelog.gz", + "/usr/share/doc/libapt-pkg7.0/copyright", + "/usr/share/locale/ar/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ast/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/bg/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/bs/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ca/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/cs/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/cy/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/da/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/de/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/dz/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/el/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/es/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/eu/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/fi/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/fr/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/gl/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/hu/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/it/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ja/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/km/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ko/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ku/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/lt/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/mr/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/nb/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ne/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/nl/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/nn/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/pl/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/pt/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ro/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ru/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/sk/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/sl/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/sv/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/th/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/tl/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/tr/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/uk/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/vi/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/libapt-pkg7.0.mo" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libattr1@1:2.5.2-3", + "Name": "libattr1", + "Identifier": { + "PURL": "pkg:deb/debian/libattr1@2.5.2-3?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "90d554a582a8683b" + }, + "Version": "2.5.2", + "Release": "3", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "attr", + "SrcVersion": "2.5.2", + "SrcRelease": "3", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.0-or-later", + "LGPL-2.1-only" + ], + "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libattr.so.1.1.2502", + "/usr/share/doc/libattr1/changelog.Debian.gz", + "/usr/share/doc/libattr1/changelog.gz", + "/usr/share/doc/libattr1/copyright", + "/usr/share/lintian/overrides/libattr1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libaudit-common@1:4.0.2-2", + "Name": "libaudit-common", + "Identifier": { + "PURL": "pkg:deb/debian/libaudit-common@4.0.2-2?arch=all\u0026distro=debian-13.5\u0026epoch=1", + "UID": "d20cd9a11d8e018d" + }, + "Version": "4.0.2", + "Release": "2", + "Epoch": 1, + "Arch": "all", + "SrcName": "audit", + "SrcVersion": "4.0.2", + "SrcRelease": "2", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.1-only", + "GPL-1.0-only" + ], + "Maintainer": "Laurent Bigonville \u003cbigon@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/share/doc/libaudit-common/changelog.Debian.gz", + "/usr/share/doc/libaudit-common/changelog.gz", + "/usr/share/doc/libaudit-common/copyright", + "/usr/share/man/man5/libaudit.conf.5.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libaudit1@1:4.0.2-2+b2", + "Name": "libaudit1", + "Identifier": { + "PURL": "pkg:deb/debian/libaudit1@4.0.2-2%2Bb2?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "c47a55b8e27ace3c" + }, + "Version": "4.0.2", + "Release": "2+b2", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "audit", + "SrcVersion": "4.0.2", + "SrcRelease": "2", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.1-only", + "GPL-1.0-only" + ], + "Maintainer": "Laurent Bigonville \u003cbigon@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit-common@1:4.0.2-2", + "libc6@2.41-12+deb13u3", + "libcap-ng0@0.8.5-4+b1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libaudit.so.1.0.0", + "/usr/share/doc/libaudit1/changelog.Debian.amd64.gz", + "/usr/share/doc/libaudit1/changelog.Debian.gz", + "/usr/share/doc/libaudit1/changelog.gz", + "/usr/share/doc/libaudit1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libblkid1@2.41-5", + "Name": "libblkid1", + "Identifier": { + "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "51bf0af8d40f4a01" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libblkid.so.1.1.0", + "/usr/share/doc/libblkid1/NEWS.Debian.gz", + "/usr/share/doc/libblkid1/changelog.Debian.gz", + "/usr/share/doc/libblkid1/changelog.gz", + "/usr/share/doc/libblkid1/copyright", + "/usr/share/lintian/overrides/libblkid1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libbsd0@0.12.2-2", + "Name": "libbsd0", + "Identifier": { + "PURL": "pkg:deb/debian/libbsd0@0.12.2-2?arch=amd64\u0026distro=debian-13.5", + "UID": "a8f4afa42f768363" + }, + "Version": "0.12.2", + "Release": "2", + "Arch": "amd64", + "SrcName": "libbsd", + "SrcVersion": "0.12.2", + "SrcRelease": "2", + "Licenses": [ + "BSD-3-Clause", + "BSD-3-clause-Regents", + "BSD-2-Clause-NetBSD", + "BSD-3-clause-author", + "BSD-3-clause-John-Birrell", + "BSD-5-clause-Peter-Wemm", + "BSD-2-Clause", + "BSD-2-clause-verbatim", + "BSD-2-clause-author", + "ISC", + "ISC-Original", + "MIT", + "public-domain", + "Beerware" + ], + "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libmd0@1.1.0-2+b1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libbsd.so.0.12.2", + "/usr/share/doc/libbsd0/changelog.Debian.gz", + "/usr/share/doc/libbsd0/changelog.gz", + "/usr/share/doc/libbsd0/copyright", + "/usr/share/lintian/overrides/libbsd0" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libbz2-1.0@1.0.8-6", + "Name": "libbz2-1.0", + "Identifier": { + "PURL": "pkg:deb/debian/libbz2-1.0@1.0.8-6?arch=amd64\u0026distro=debian-13.5", + "UID": "2da429aca83dde92" + }, + "Version": "1.0.8", + "Release": "6", + "Arch": "amd64", + "SrcName": "bzip2", + "SrcVersion": "1.0.8", + "SrcRelease": "6", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only" + ], + "Maintainer": "Anibal Monsalve Salazar \u003canibal@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libbz2.so.1.0.4", + "/usr/share/doc/libbz2-1.0/changelog.Debian.gz", + "/usr/share/doc/libbz2-1.0/changelog.gz", + "/usr/share/doc/libbz2-1.0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libc-bin@2.41-12+deb13u3", + "Name": "libc-bin", + "Identifier": { + "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "c45af597301c8c0b" + }, + "Version": "2.41", + "Release": "12+deb13u3", + "Arch": "amd64", + "SrcName": "glibc", + "SrcVersion": "2.41", + "SrcRelease": "12+deb13u3", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.0-or-later", + "LGPL-2.1+-with-link-exception", + "LGPL-3.0-or-later", + "GPL-2.0-or-later", + "GPL-2+-with-link-exception", + "GPL-2.0-only", + "GPL-3.0-or-later", + "FSFAP", + "Carnegie", + "Inner-Net", + "MIT-like-Lord", + "BSD-like-Spencer", + "PCRE", + "BSD-3-clause-Carnegie", + "Unicode-DFS-2016", + "BSL-1.0", + "SunPro", + "CORE-MATH", + "BSD-3-clause-Berkeley", + "BSD-3-clause-WIDE", + "BSD-2-Clause", + "BSD-3-clause-Oracle", + "DEC", + "IBM", + "ISC", + "Univ-Coimbra", + "public-domain", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/getconf", + "/usr/bin/getent", + "/usr/bin/iconv", + "/usr/bin/ldd", + "/usr/bin/locale", + "/usr/bin/localedef", + "/usr/bin/pldd", + "/usr/bin/tzselect", + "/usr/bin/zdump", + "/usr/lib/locale/C.utf8/LC_ADDRESS", + "/usr/lib/locale/C.utf8/LC_COLLATE", + "/usr/lib/locale/C.utf8/LC_CTYPE", + "/usr/lib/locale/C.utf8/LC_IDENTIFICATION", + "/usr/lib/locale/C.utf8/LC_MEASUREMENT", + "/usr/lib/locale/C.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "/usr/lib/locale/C.utf8/LC_MONETARY", + "/usr/lib/locale/C.utf8/LC_NAME", + "/usr/lib/locale/C.utf8/LC_NUMERIC", + "/usr/lib/locale/C.utf8/LC_PAPER", + "/usr/lib/locale/C.utf8/LC_TELEPHONE", + "/usr/lib/locale/C.utf8/LC_TIME", + "/usr/sbin/iconvconfig", + "/usr/sbin/ldconfig", + "/usr/sbin/zic", + "/usr/share/doc/libc-bin/changelog.Debian.gz", + "/usr/share/doc/libc-bin/changelog.gz", + "/usr/share/doc/libc-bin/copyright", + "/usr/share/libc-bin/nsswitch.conf", + "/usr/share/lintian/overrides/libc-bin", + "/usr/share/man/man1/getconf.1.gz", + "/usr/share/man/man1/tzselect.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libc6@2.41-12+deb13u3", + "Name": "libc6", + "Identifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "2a1acf211abcdd46" + }, + "Version": "2.41", + "Release": "12+deb13u3", + "Arch": "amd64", + "SrcName": "glibc", + "SrcVersion": "2.41", + "SrcRelease": "12+deb13u3", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.0-or-later", + "LGPL-2.1+-with-link-exception", + "LGPL-3.0-or-later", + "GPL-2.0-or-later", + "GPL-2+-with-link-exception", + "GPL-2.0-only", + "GPL-3.0-or-later", + "FSFAP", + "Carnegie", + "Inner-Net", + "MIT-like-Lord", + "BSD-like-Spencer", + "PCRE", + "BSD-3-clause-Carnegie", + "Unicode-DFS-2016", + "BSL-1.0", + "SunPro", + "CORE-MATH", + "BSD-3-clause-Berkeley", + "BSD-3-clause-WIDE", + "BSD-2-Clause", + "BSD-3-clause-Oracle", + "DEC", + "IBM", + "ISC", + "Univ-Coimbra", + "public-domain", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libgcc-s1@14.2.0-19" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/gconv/ANSI_X3.110.so", + "/usr/lib/x86_64-linux-gnu/gconv/ARMSCII-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/ASMO_449.so", + "/usr/lib/x86_64-linux-gnu/gconv/BIG5.so", + "/usr/lib/x86_64-linux-gnu/gconv/BIG5HKSCS.so", + "/usr/lib/x86_64-linux-gnu/gconv/BRF.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP10007.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1125.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1250.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1251.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1252.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1253.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1254.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1255.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1256.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1257.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1258.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP737.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP770.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP771.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP772.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP773.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP774.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP775.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP932.so", + "/usr/lib/x86_64-linux-gnu/gconv/CSN_369103.so", + "/usr/lib/x86_64-linux-gnu/gconv/CWI.so", + "/usr/lib/x86_64-linux-gnu/gconv/DEC-MCS.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-CA-FR.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-S.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FR.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IS-FRISS.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IT.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-PT.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-UK.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-US.so", + "/usr/lib/x86_64-linux-gnu/gconv/ECMA-CYRILLIC.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-CN.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-JISX0213.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP-MS.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-KR.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-TW.so", + "/usr/lib/x86_64-linux-gnu/gconv/GB18030.so", + "/usr/lib/x86_64-linux-gnu/gconv/GBBIG5.so", + "/usr/lib/x86_64-linux-gnu/gconv/GBGBK.so", + "/usr/lib/x86_64-linux-gnu/gconv/GBK.so", + "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-ACADEMY.so", + "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-PS.so", + "/usr/lib/x86_64-linux-gnu/gconv/GOST_19768-74.so", + "/usr/lib/x86_64-linux-gnu/gconv/GREEK-CCITT.so", + "/usr/lib/x86_64-linux-gnu/gconv/GREEK7-OLD.so", + "/usr/lib/x86_64-linux-gnu/gconv/GREEK7.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-GREEK8.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN8.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN9.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-THAI8.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-TURKISH8.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM037.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM038.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1004.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1008.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1008_420.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1025.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1026.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1046.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1047.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1097.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1112.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1122.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1123.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1124.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1129.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1130.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1132.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1133.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1137.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1140.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1141.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1142.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1143.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1144.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1145.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1146.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1147.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1148.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1149.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1153.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1154.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1155.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1156.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1157.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1158.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1160.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1161.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1162.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1163.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1164.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1166.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1167.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM12712.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1364.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1371.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1388.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1390.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1399.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM16804.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM256.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM273.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM274.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM275.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM277.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM278.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM280.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM281.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM284.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM285.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM290.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM297.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM420.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM423.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM424.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM437.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4517.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4899.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4909.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4971.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM500.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM5347.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM803.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM850.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM851.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM852.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM855.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM856.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM857.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM858.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM860.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM861.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM862.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM863.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM864.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM865.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM866.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM866NAV.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM868.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM869.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM870.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM871.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM874.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM875.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM880.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM891.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM901.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM902.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM903.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM9030.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM904.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM905.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM9066.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM918.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM921.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM922.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM930.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM932.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM933.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM935.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM937.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM939.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM943.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM9448.so", + "/usr/lib/x86_64-linux-gnu/gconv/IEC_P27-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/INIS-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/INIS-CYRILLIC.so", + "/usr/lib/x86_64-linux-gnu/gconv/INIS.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISIRI-3342.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN-EXT.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP-3.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-KR.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-197.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-209.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO646.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-10.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-11.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-13.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-14.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-15.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-16.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-2.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-3.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-4.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-5.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-6.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-7.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9E.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_10367-BOX.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_11548-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_2033.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427-EXT.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_5428.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937-2.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937.so", + "/usr/lib/x86_64-linux-gnu/gconv/JOHAB.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-R.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-RU.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-T.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-U.so", + "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-CENTRALEUROPE.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-IS.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-SAMI.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-UK.so", + "/usr/lib/x86_64-linux-gnu/gconv/MACINTOSH.so", + "/usr/lib/x86_64-linux-gnu/gconv/MIK.so", + "/usr/lib/x86_64-linux-gnu/gconv/NATS-DANO.so", + "/usr/lib/x86_64-linux-gnu/gconv/NATS-SEFI.so", + "/usr/lib/x86_64-linux-gnu/gconv/PT154.so", + "/usr/lib/x86_64-linux-gnu/gconv/RK1048.so", + "/usr/lib/x86_64-linux-gnu/gconv/SAMI-WS2.so", + "/usr/lib/x86_64-linux-gnu/gconv/SHIFT_JISX0213.so", + "/usr/lib/x86_64-linux-gnu/gconv/SJIS.so", + "/usr/lib/x86_64-linux-gnu/gconv/T.61.so", + "/usr/lib/x86_64-linux-gnu/gconv/TCVN5712-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/TIS-620.so", + "/usr/lib/x86_64-linux-gnu/gconv/TSCII.so", + "/usr/lib/x86_64-linux-gnu/gconv/UHC.so", + "/usr/lib/x86_64-linux-gnu/gconv/UNICODE.so", + "/usr/lib/x86_64-linux-gnu/gconv/UTF-16.so", + "/usr/lib/x86_64-linux-gnu/gconv/UTF-32.so", + "/usr/lib/x86_64-linux-gnu/gconv/UTF-7.so", + "/usr/lib/x86_64-linux-gnu/gconv/VISCII.so", + "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules", + "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache", + "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.d/gconv-modules-extra.conf", + "/usr/lib/x86_64-linux-gnu/gconv/libCNS.so", + "/usr/lib/x86_64-linux-gnu/gconv/libGB.so", + "/usr/lib/x86_64-linux-gnu/gconv/libISOIR165.so", + "/usr/lib/x86_64-linux-gnu/gconv/libJIS.so", + "/usr/lib/x86_64-linux-gnu/gconv/libJISX0213.so", + "/usr/lib/x86_64-linux-gnu/gconv/libKSC.so", + "/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2", + "/usr/lib/x86_64-linux-gnu/libBrokenLocale.so.1", + "/usr/lib/x86_64-linux-gnu/libanl.so.1", + "/usr/lib/x86_64-linux-gnu/libc.so.6", + "/usr/lib/x86_64-linux-gnu/libc_malloc_debug.so.0", + "/usr/lib/x86_64-linux-gnu/libdl.so.2", + "/usr/lib/x86_64-linux-gnu/libm.so.6", + "/usr/lib/x86_64-linux-gnu/libmemusage.so", + "/usr/lib/x86_64-linux-gnu/libmvec.so.1", + "/usr/lib/x86_64-linux-gnu/libnsl.so.1", + "/usr/lib/x86_64-linux-gnu/libnss_compat.so.2", + "/usr/lib/x86_64-linux-gnu/libnss_dns.so.2", + "/usr/lib/x86_64-linux-gnu/libnss_files.so.2", + "/usr/lib/x86_64-linux-gnu/libnss_hesiod.so.2", + "/usr/lib/x86_64-linux-gnu/libpcprofile.so", + "/usr/lib/x86_64-linux-gnu/libpthread.so.0", + "/usr/lib/x86_64-linux-gnu/libresolv.so.2", + "/usr/lib/x86_64-linux-gnu/librt.so.1", + "/usr/lib/x86_64-linux-gnu/libthread_db.so.1", + "/usr/lib/x86_64-linux-gnu/libutil.so.1", + "/usr/share/doc/libc6/NEWS.Debian.gz", + "/usr/share/doc/libc6/NEWS.gz", + "/usr/share/doc/libc6/README.Debian.gz", + "/usr/share/doc/libc6/README.hesiod.gz", + "/usr/share/doc/libc6/changelog.Debian.gz", + "/usr/share/doc/libc6/changelog.gz", + "/usr/share/doc/libc6/copyright", + "/usr/share/lintian/overrides/libc6" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcap-ng0@0.8.5-4+b1", + "Name": "libcap-ng0", + "Identifier": { + "PURL": "pkg:deb/debian/libcap-ng0@0.8.5-4%2Bb1?arch=amd64\u0026distro=debian-13.5", + "UID": "9b7c2d5667513e48" + }, + "Version": "0.8.5", + "Release": "4+b1", + "Arch": "amd64", + "SrcName": "libcap-ng", + "SrcVersion": "0.8.5", + "SrcRelease": "4", + "Licenses": [ + "LGPL-2.1-or-later", + "GPL-2.0-or-later", + "GPL-3.0-only", + "LGPL-2.1-only", + "GPL-2.0-only" + ], + "Maintainer": "Håvard F. Aasen \u003chavard.f.aasen@pfft.no\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/libdrop_ambient.so.0.0.0", + "/usr/share/doc/libcap-ng0/changelog.Debian.amd64.gz", + "/usr/share/doc/libcap-ng0/changelog.Debian.gz", + "/usr/share/doc/libcap-ng0/changelog.gz", + "/usr/share/doc/libcap-ng0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcap2@1:2.75-10+deb13u1+b1", + "Name": "libcap2", + "Identifier": { + "PURL": "pkg:deb/debian/libcap2@2.75-10%2Bdeb13u1%2Bb1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "7cefa0399e4d88d4" + }, + "Version": "2.75", + "Release": "10+deb13u1+b1", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "libcap2", + "SrcVersion": "2.75", + "SrcRelease": "10+deb13u1", + "SrcEpoch": 1, + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only", + "GPL-2.0-or-later" + ], + "Maintainer": "Christian Kastner \u003cckk@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libcap.so.2.75", + "/usr/lib/x86_64-linux-gnu/libpsx.so.2.75", + "/usr/share/doc/libcap2/changelog.Debian.amd64.gz", + "/usr/share/doc/libcap2/changelog.Debian.gz", + "/usr/share/doc/libcap2/changelog.gz", + "/usr/share/doc/libcap2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcrypt1@1:4.4.38-1", + "Name": "libcrypt1", + "Identifier": { + "PURL": "pkg:deb/debian/libcrypt1@4.4.38-1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "afe984ba824f92ac" + }, + "Version": "4.4.38", + "Release": "1", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "libxcrypt", + "SrcVersion": "4.4.38", + "SrcRelease": "1", + "SrcEpoch": 1, + "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0", + "/usr/share/doc/libcrypt1/changelog.Debian.gz", + "/usr/share/doc/libcrypt1/changelog.gz", + "/usr/share/doc/libcrypt1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libdb5.3t64@5.3.28+dfsg2-9", + "Name": "libdb5.3t64", + "Identifier": { + "PURL": "pkg:deb/debian/libdb5.3t64@5.3.28%2Bdfsg2-9?arch=amd64\u0026distro=debian-13.5", + "UID": "2f5f1c2fd77295dc" + }, + "Version": "5.3.28+dfsg2", + "Release": "9", + "Arch": "amd64", + "SrcName": "db5.3", + "SrcVersion": "5.3.28+dfsg2", + "SrcRelease": "9", + "Licenses": [ + "Sleepycat", + "BSD-3-Clause", + "MS-PL", + "GPL-2.0-or-later", + "Artistic-2.0", + "X11", + "MIT-old", + "TCL-like", + "BSD-3-clause-fjord", + "GPL-3.0-only", + "Zlib" + ], + "Maintainer": "Debian QA Group \u003cpackages@qa.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libdb-5.3.so", + "/usr/share/doc/libdb5.3t64/build_signature_amd64.txt", + "/usr/share/doc/libdb5.3t64/changelog.Debian.gz", + "/usr/share/doc/libdb5.3t64/copyright", + "/usr/share/lintian/overrides/libdb5.3t64" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libdebconfclient0@0.280", + "Name": "libdebconfclient0", + "Identifier": { + "PURL": "pkg:deb/debian/libdebconfclient0@0.280?arch=amd64\u0026distro=debian-13.5", + "UID": "fcad452fa456130" + }, + "Version": "0.280", + "Arch": "amd64", + "SrcName": "cdebconf", + "SrcVersion": "0.280", + "Licenses": [ + "BSD-2-Clause", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Debian Install System Team \u003cdebian-boot@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libdebconfclient.so.0.0.0", + "/usr/share/doc/libdebconfclient0/changelog.gz", + "/usr/share/doc/libdebconfclient0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libffi8@3.4.8-2", + "Name": "libffi8", + "Identifier": { + "PURL": "pkg:deb/debian/libffi8@3.4.8-2?arch=amd64\u0026distro=debian-13.5", + "UID": "e57a61a9119138e1" + }, + "Version": "3.4.8", + "Release": "2", + "Arch": "amd64", + "SrcName": "libffi", + "SrcVersion": "3.4.8", + "SrcRelease": "2", + "Licenses": [ + "MIT", + "X11", + "GPL-2.0-or-later", + "GPL-3.0-or-later", + "MPL-1.1", + "LGPL-2.1-or-later", + "public-domain" + ], + "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libffi.so.8.1.4", + "/usr/share/doc/libffi8/changelog.Debian.gz", + "/usr/share/doc/libffi8/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgcc-s1@14.2.0-19", + "Name": "libgcc-s1", + "Identifier": { + "PURL": "pkg:deb/debian/libgcc-s1@14.2.0-19?arch=amd64\u0026distro=debian-13.5", + "UID": "6ebf985ba3bd76f3" + }, + "Version": "14.2.0", + "Release": "19", + "Arch": "amd64", + "SrcName": "gcc-14", + "SrcVersion": "14.2.0", + "SrcRelease": "19", + "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "gcc-14-base@14.2.0-19", + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgcc_s.so.1", + "/usr/share/lintian/overrides/libgcc-s1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgdbm6t64@1.24-2", + "Name": "libgdbm6t64", + "Identifier": { + "PURL": "pkg:deb/debian/libgdbm6t64@1.24-2?arch=amd64\u0026distro=debian-13.5", + "UID": "a978781f1be6197e" + }, + "Version": "1.24", + "Release": "2", + "Arch": "amd64", + "SrcName": "gdbm", + "SrcVersion": "1.24", + "SrcRelease": "2", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-2.0-or-later", + "GFDL-1.3-no-invariants-or-later", + "GPL-3.0-only", + "GPL-2.0-only" + ], + "Maintainer": "Nicolas Mora \u003cbabelouest@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgdbm.so.6.0.0", + "/usr/share/doc/libgdbm6t64/changelog.Debian.gz", + "/usr/share/doc/libgdbm6t64/changelog.gz", + "/usr/share/doc/libgdbm6t64/copyright", + "/usr/share/lintian/overrides/libgdbm6t64" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgmp10@2:6.3.0+dfsg-3", + "Name": "libgmp10", + "Identifier": { + "PURL": "pkg:deb/debian/libgmp10@6.3.0%2Bdfsg-3?arch=amd64\u0026distro=debian-13.5\u0026epoch=2", + "UID": "fec85c1b440262e2" + }, + "Version": "6.3.0+dfsg", + "Release": "3", + "Epoch": 2, + "Arch": "amd64", + "SrcName": "gmp", + "SrcVersion": "6.3.0+dfsg", + "SrcRelease": "3", + "SrcEpoch": 2, + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-or-later", + "GPL-3+ with Bison exception", + "GPL-2.0-only", + "GPL-3.0-only", + "LGPL-3.0-only" + ], + "Maintainer": "Debian Science Maintainers \u003cdebian-science-maintainers@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgmp.so.10.5.0", + "/usr/share/doc/libgmp10/README.Debian", + "/usr/share/doc/libgmp10/changelog.Debian.gz", + "/usr/share/doc/libgmp10/changelog.gz", + "/usr/share/doc/libgmp10/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libhogweed6t64@3.10.1-1", + "Name": "libhogweed6t64", + "Identifier": { + "PURL": "pkg:deb/debian/libhogweed6t64@3.10.1-1?arch=amd64\u0026distro=debian-13.5", + "UID": "8a048285d77ff6c0" + }, + "Version": "3.10.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "nettle", + "SrcVersion": "3.10.1", + "SrcRelease": "1", + "Licenses": [ + "LGPL-3.0-or-later", + "GPL-2.0-or-later", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "MIT", + "GPL-3.0-with-autoconf-exception+", + "public-domain", + "GPL-2.0-only", + "GAP" + ], + "Maintainer": "Magnus Holmgren \u003cholmgren@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libgmp10@2:6.3.0+dfsg-3", + "libnettle8t64@3.10.1-1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libhogweed.so.6.10", + "/usr/share/doc/libhogweed6t64/changelog.Debian.gz", + "/usr/share/doc/libhogweed6t64/changelog.gz", + "/usr/share/doc/libhogweed6t64/copyright", + "/usr/share/lintian/overrides/libhogweed6t64" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "liblastlog2-2@2.41-5", + "Name": "liblastlog2-2", + "Identifier": { + "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "eb4f5430aea34a10" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libsqlite3-0@3.46.1-7+deb13u1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/liblastlog2.so.2.0.0", + "/usr/share/doc/liblastlog2-2/NEWS.Debian.gz", + "/usr/share/doc/liblastlog2-2/changelog.Debian.gz", + "/usr/share/doc/liblastlog2-2/changelog.gz", + "/usr/share/doc/liblastlog2-2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "liblz4-1@1.10.0-4", + "Name": "liblz4-1", + "Identifier": { + "PURL": "pkg:deb/debian/liblz4-1@1.10.0-4?arch=amd64\u0026distro=debian-13.5", + "UID": "c31b43410c927de" + }, + "Version": "1.10.0", + "Release": "4", + "Arch": "amd64", + "SrcName": "lz4", + "SrcVersion": "1.10.0", + "SrcRelease": "4", + "Licenses": [ + "GPL-2.0-or-later", + "BSD-2-Clause", + "GPL-2.0-only" + ], + "Maintainer": "Nobuhiro Iwamatsu \u003ciwamatsu@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libxxhash0@0.8.3-2" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/liblz4.so.1.10.0", + "/usr/share/doc/liblz4-1/changelog.Debian.gz", + "/usr/share/doc/liblz4-1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "liblzma5@5.8.1-1", + "Name": "liblzma5", + "Identifier": { + "PURL": "pkg:deb/debian/liblzma5@5.8.1-1?arch=amd64\u0026distro=debian-13.5", + "UID": "d7b58e04f1a265ed" + }, + "Version": "5.8.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "xz-utils", + "SrcVersion": "5.8.1", + "SrcRelease": "1", + "Licenses": [ + "0BSD", + "GPL-2.0-or-later", + "LGPL-2.1-or-later", + "FSFULLR", + "GPL-3.0-or-later-WITH-Autoconf-exception-macro", + "none", + "PD", + "permissive-nowarranty", + "FSFUL", + "noderivs", + "PD-debian", + "LGPL-2.1-only", + "GPL-2.0-only", + "GPL-3.0-only" + ], + "Maintainer": "Sebastian Andrzej Siewior \u003csebastian@breakpoint.cc\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/liblzma.so.5.8.1", + "/usr/share/doc/liblzma5/AUTHORS", + "/usr/share/doc/liblzma5/NEWS.gz", + "/usr/share/doc/liblzma5/THANKS.gz", + "/usr/share/doc/liblzma5/changelog.Debian.gz", + "/usr/share/doc/liblzma5/changelog.gz", + "/usr/share/doc/liblzma5/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libmd0@1.1.0-2+b1", + "Name": "libmd0", + "Identifier": { + "PURL": "pkg:deb/debian/libmd0@1.1.0-2%2Bb1?arch=amd64\u0026distro=debian-13.5", + "UID": "f3971c5b48c68b3c" + }, + "Version": "1.1.0", + "Release": "2+b1", + "Arch": "amd64", + "SrcName": "libmd", + "SrcVersion": "1.1.0", + "SrcRelease": "2", + "Licenses": [ + "BSD-3-Clause", + "BSD-3-clause-Aaron-D-Gifford", + "BSD-2-Clause", + "BSD-2-Clause-NetBSD", + "ISC", + "Beerware", + "public-domain-md4", + "public-domain-md5", + "public-domain-sha1" + ], + "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libmd.so.0.1.0", + "/usr/share/doc/libmd0/changelog.Debian.amd64.gz", + "/usr/share/doc/libmd0/changelog.Debian.gz", + "/usr/share/doc/libmd0/changelog.gz", + "/usr/share/doc/libmd0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libmount1@2.41-5", + "Name": "libmount1", + "Identifier": { + "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "84ccd0371833b76" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libblkid1@2.41-5", + "libc6@2.41-12+deb13u3", + "libselinux1@3.8.1-1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libmount.so.1.1.0", + "/usr/share/doc/libmount1/NEWS.Debian.gz", + "/usr/share/doc/libmount1/changelog.Debian.gz", + "/usr/share/doc/libmount1/changelog.gz", + "/usr/share/doc/libmount1/copyright", + "/usr/share/lintian/overrides/libmount1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libncursesw6@6.5+20250216-2", + "Name": "libncursesw6", + "Identifier": { + "PURL": "pkg:deb/debian/libncursesw6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", + "UID": "5efa2a2068c240d8" + }, + "Version": "6.5+20250216", + "Release": "2", + "Arch": "amd64", + "SrcName": "ncurses", + "SrcVersion": "6.5+20250216", + "SrcRelease": "2", + "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libtinfo6@6.5+20250216-2" + ], + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libformw.so.6.5", + "/usr/lib/x86_64-linux-gnu/libmenuw.so.6.5", + "/usr/lib/x86_64-linux-gnu/libncursesw.so.6.5", + "/usr/lib/x86_64-linux-gnu/libpanelw.so.6.5" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libnettle8t64@3.10.1-1", + "Name": "libnettle8t64", + "Identifier": { + "PURL": "pkg:deb/debian/libnettle8t64@3.10.1-1?arch=amd64\u0026distro=debian-13.5", + "UID": "fd78e15d23b25c1f" + }, + "Version": "3.10.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "nettle", + "SrcVersion": "3.10.1", + "SrcRelease": "1", + "Licenses": [ + "LGPL-3.0-or-later", + "GPL-2.0-or-later", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "MIT", + "GPL-3.0-with-autoconf-exception+", + "public-domain", + "GPL-2.0-only", + "GAP" + ], + "Maintainer": "Magnus Holmgren \u003cholmgren@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libnettle.so.8.10", + "/usr/share/doc/libnettle8t64/NEWS.gz", + "/usr/share/doc/libnettle8t64/README", + "/usr/share/doc/libnettle8t64/changelog.Debian.gz", + "/usr/share/doc/libnettle8t64/changelog.gz", + "/usr/share/doc/libnettle8t64/copyright", + "/usr/share/lintian/overrides/libnettle8t64" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam-modules@1.7.0-5", + "Name": "libpam-modules", + "Identifier": { + "PURL": "pkg:deb/debian/libpam-modules@1.7.0-5?arch=amd64\u0026distro=debian-13.5", + "UID": "274a704398461ef0" + }, + "Version": "1.7.0", + "Release": "5", + "Arch": "amd64", + "SrcName": "pam", + "SrcVersion": "1.7.0", + "SrcRelease": "5", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-1.0-only", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "BSD-tcp_wrappers", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "public-domain", + "Beerware" + ], + "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/security/pam_access.so", + "/usr/lib/x86_64-linux-gnu/security/pam_canonicalize_user.so", + "/usr/lib/x86_64-linux-gnu/security/pam_debug.so", + "/usr/lib/x86_64-linux-gnu/security/pam_deny.so", + "/usr/lib/x86_64-linux-gnu/security/pam_echo.so", + "/usr/lib/x86_64-linux-gnu/security/pam_env.so", + "/usr/lib/x86_64-linux-gnu/security/pam_exec.so", + "/usr/lib/x86_64-linux-gnu/security/pam_faildelay.so", + "/usr/lib/x86_64-linux-gnu/security/pam_faillock.so", + "/usr/lib/x86_64-linux-gnu/security/pam_filter.so", + "/usr/lib/x86_64-linux-gnu/security/pam_ftp.so", + "/usr/lib/x86_64-linux-gnu/security/pam_group.so", + "/usr/lib/x86_64-linux-gnu/security/pam_issue.so", + "/usr/lib/x86_64-linux-gnu/security/pam_keyinit.so", + "/usr/lib/x86_64-linux-gnu/security/pam_limits.so", + "/usr/lib/x86_64-linux-gnu/security/pam_listfile.so", + "/usr/lib/x86_64-linux-gnu/security/pam_localuser.so", + "/usr/lib/x86_64-linux-gnu/security/pam_loginuid.so", + "/usr/lib/x86_64-linux-gnu/security/pam_mail.so", + "/usr/lib/x86_64-linux-gnu/security/pam_mkhomedir.so", + "/usr/lib/x86_64-linux-gnu/security/pam_motd.so", + "/usr/lib/x86_64-linux-gnu/security/pam_namespace.so", + "/usr/lib/x86_64-linux-gnu/security/pam_nologin.so", + "/usr/lib/x86_64-linux-gnu/security/pam_permit.so", + "/usr/lib/x86_64-linux-gnu/security/pam_pwhistory.so", + "/usr/lib/x86_64-linux-gnu/security/pam_rhosts.so", + "/usr/lib/x86_64-linux-gnu/security/pam_rootok.so", + "/usr/lib/x86_64-linux-gnu/security/pam_securetty.so", + "/usr/lib/x86_64-linux-gnu/security/pam_selinux.so", + "/usr/lib/x86_64-linux-gnu/security/pam_sepermit.so", + "/usr/lib/x86_64-linux-gnu/security/pam_setquota.so", + "/usr/lib/x86_64-linux-gnu/security/pam_shells.so", + "/usr/lib/x86_64-linux-gnu/security/pam_stress.so", + "/usr/lib/x86_64-linux-gnu/security/pam_succeed_if.so", + "/usr/lib/x86_64-linux-gnu/security/pam_time.so", + "/usr/lib/x86_64-linux-gnu/security/pam_timestamp.so", + "/usr/lib/x86_64-linux-gnu/security/pam_tty_audit.so", + "/usr/lib/x86_64-linux-gnu/security/pam_umask.so", + "/usr/lib/x86_64-linux-gnu/security/pam_unix.so", + "/usr/lib/x86_64-linux-gnu/security/pam_userdb.so", + "/usr/lib/x86_64-linux-gnu/security/pam_usertype.so", + "/usr/lib/x86_64-linux-gnu/security/pam_warn.so", + "/usr/lib/x86_64-linux-gnu/security/pam_wheel.so", + "/usr/lib/x86_64-linux-gnu/security/pam_xauth.so", + "/usr/share/doc/libpam-modules/NEWS.Debian.gz", + "/usr/share/doc/libpam-modules/changelog.Debian.gz", + "/usr/share/doc/libpam-modules/changelog.gz", + "/usr/share/doc/libpam-modules/copyright", + "/usr/share/doc/libpam-modules/examples/upperLOWER.c", + "/usr/share/lintian/overrides/libpam-modules", + "/usr/share/pam-configs/mkhomedir" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam-modules-bin@1.7.0-5", + "Name": "libpam-modules-bin", + "Identifier": { + "PURL": "pkg:deb/debian/libpam-modules-bin@1.7.0-5?arch=amd64\u0026distro=debian-13.5", + "UID": "c9cbae9084b28bae" + }, + "Version": "1.7.0", + "Release": "5", + "Arch": "amd64", + "SrcName": "pam", + "SrcVersion": "1.7.0", + "SrcRelease": "5", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-1.0-only", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "BSD-tcp_wrappers", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "public-domain", + "Beerware" + ], + "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit1@1:4.0.2-2+b2", + "libc6@2.41-12+deb13u3", + "libcrypt1@1:4.4.38-1", + "libpam0g@1.7.0-5", + "libselinux1@3.8.1-1", + "libsystemd0@257.13-1~deb13u1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/systemd/system/pam_namespace.service", + "/usr/sbin/faillock", + "/usr/sbin/mkhomedir_helper", + "/usr/sbin/pam_namespace_helper", + "/usr/sbin/pam_timestamp_check", + "/usr/sbin/pwhistory_helper", + "/usr/sbin/unix_chkpwd", + "/usr/sbin/unix_update", + "/usr/share/doc/libpam-modules-bin/changelog.Debian.gz", + "/usr/share/doc/libpam-modules-bin/changelog.gz", + "/usr/share/doc/libpam-modules-bin/copyright", + "/usr/share/lintian/overrides/libpam-modules-bin" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam-runtime@1.7.0-5", + "Name": "libpam-runtime", + "Identifier": { + "PURL": "pkg:deb/debian/libpam-runtime@1.7.0-5?arch=all\u0026distro=debian-13.5", + "UID": "1d4f3eaf1c0f9548" + }, + "Version": "1.7.0", + "Release": "5", + "Arch": "all", + "SrcName": "pam", + "SrcVersion": "1.7.0", + "SrcRelease": "5", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-1.0-only", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "BSD-tcp_wrappers", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "public-domain", + "Beerware" + ], + "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.91", + "libpam-modules@1.7.0-5" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/sbin/pam-auth-update", + "/usr/sbin/pam_getenv", + "/usr/share/doc/libpam-runtime/changelog.Debian.gz", + "/usr/share/doc/libpam-runtime/changelog.gz", + "/usr/share/doc/libpam-runtime/copyright", + "/usr/share/lintian/overrides/libpam-runtime", + "/usr/share/locale/af/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/am/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ar/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/as/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/az/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/be/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/bg/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/bn/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/bn_IN/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/bs/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ca/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/cs/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/cy/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/da/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/de/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/de_CH/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/el/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/eo/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/es/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/et/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/eu/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/fa/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/fi/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/fr/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ga/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/gl/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/gu/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/he/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/hi/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/hr/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/hu/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ia/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/id/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/is/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/it/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ja/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ka/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/kk/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/km/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/kn/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ko/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/kw_GB/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ky/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/lt/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/lv/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/mk/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ml/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/mn/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/mr/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ms/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/my/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/nb/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ne/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/nl/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/nn/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/or/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/pa/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/pl/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/pt/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ro/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ru/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/si/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sk/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sl/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sq/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sr/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sr@latin/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sv/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ta/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/te/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/tg/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/th/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/tr/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/uk/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ur/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/vi/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/yo/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/zh_HK/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/zu/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/man/man5/access.conf.5.gz", + "/usr/share/man/man5/faillock.conf.5.gz", + "/usr/share/man/man5/group.conf.5.gz", + "/usr/share/man/man5/limits.conf.5.gz", + "/usr/share/man/man5/namespace.conf.5.gz", + "/usr/share/man/man5/pam.conf.5.gz", + "/usr/share/man/man5/pam_env.conf.5.gz", + "/usr/share/man/man5/pwhistory.conf.5.gz", + "/usr/share/man/man5/sepermit.conf.5.gz", + "/usr/share/man/man5/time.conf.5.gz", + "/usr/share/man/man7/PAM.7.gz", + "/usr/share/man/man8/faillock.8.gz", + "/usr/share/man/man8/mkhomedir_helper.8.gz", + "/usr/share/man/man8/pam-auth-update.8.gz", + "/usr/share/man/man8/pam_access.8.gz", + "/usr/share/man/man8/pam_canonicalize_user.8.gz", + "/usr/share/man/man8/pam_debug.8.gz", + "/usr/share/man/man8/pam_deny.8.gz", + "/usr/share/man/man8/pam_echo.8.gz", + "/usr/share/man/man8/pam_env.8.gz", + "/usr/share/man/man8/pam_exec.8.gz", + "/usr/share/man/man8/pam_faildelay.8.gz", + "/usr/share/man/man8/pam_faillock.8.gz", + "/usr/share/man/man8/pam_filter.8.gz", + "/usr/share/man/man8/pam_ftp.8.gz", + "/usr/share/man/man8/pam_getenv.8.gz", + "/usr/share/man/man8/pam_group.8.gz", + "/usr/share/man/man8/pam_issue.8.gz", + "/usr/share/man/man8/pam_keyinit.8.gz", + "/usr/share/man/man8/pam_limits.8.gz", + "/usr/share/man/man8/pam_listfile.8.gz", + "/usr/share/man/man8/pam_localuser.8.gz", + "/usr/share/man/man8/pam_loginuid.8.gz", + "/usr/share/man/man8/pam_mail.8.gz", + "/usr/share/man/man8/pam_mkhomedir.8.gz", + "/usr/share/man/man8/pam_motd.8.gz", + "/usr/share/man/man8/pam_namespace.8.gz", + "/usr/share/man/man8/pam_namespace_helper.8.gz", + "/usr/share/man/man8/pam_nologin.8.gz", + "/usr/share/man/man8/pam_permit.8.gz", + "/usr/share/man/man8/pam_pwhistory.8.gz", + "/usr/share/man/man8/pam_rhosts.8.gz", + "/usr/share/man/man8/pam_rootok.8.gz", + "/usr/share/man/man8/pam_securetty.8.gz", + "/usr/share/man/man8/pam_selinux.8.gz", + "/usr/share/man/man8/pam_sepermit.8.gz", + "/usr/share/man/man8/pam_setquota.8.gz", + "/usr/share/man/man8/pam_shells.8.gz", + "/usr/share/man/man8/pam_stress.8.gz", + "/usr/share/man/man8/pam_succeed_if.8.gz", + "/usr/share/man/man8/pam_time.8.gz", + "/usr/share/man/man8/pam_timestamp.8.gz", + "/usr/share/man/man8/pam_timestamp_check.8.gz", + "/usr/share/man/man8/pam_tty_audit.8.gz", + "/usr/share/man/man8/pam_umask.8.gz", + "/usr/share/man/man8/pam_unix.8.gz", + "/usr/share/man/man8/pam_userdb.8.gz", + "/usr/share/man/man8/pam_usertype.8.gz", + "/usr/share/man/man8/pam_warn.8.gz", + "/usr/share/man/man8/pam_wheel.8.gz", + "/usr/share/man/man8/pam_xauth.8.gz", + "/usr/share/man/man8/pwhistory_helper.8.gz", + "/usr/share/man/man8/unix_chkpwd.8.gz", + "/usr/share/man/man8/unix_update.8.gz", + "/usr/share/pam-configs/unix", + "/usr/share/pam/common-account", + "/usr/share/pam/common-account.md5sums", + "/usr/share/pam/common-auth", + "/usr/share/pam/common-auth.md5sums", + "/usr/share/pam/common-password", + "/usr/share/pam/common-password.md5sums", + "/usr/share/pam/common-session", + "/usr/share/pam/common-session-noninteractive", + "/usr/share/pam/common-session-noninteractive.md5sums", + "/usr/share/pam/common-session.md5sums" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam0g@1.7.0-5", + "Name": "libpam0g", + "Identifier": { + "PURL": "pkg:deb/debian/libpam0g@1.7.0-5?arch=amd64\u0026distro=debian-13.5", + "UID": "50a3886f7361785c" + }, + "Version": "1.7.0", + "Release": "5", + "Arch": "amd64", + "SrcName": "pam", + "SrcVersion": "1.7.0", + "SrcRelease": "5", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-1.0-only", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "BSD-tcp_wrappers", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "public-domain", + "Beerware" + ], + "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.91", + "libaudit1@1:4.0.2-2+b2", + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libpam.so.0.85.1", + "/usr/lib/x86_64-linux-gnu/libpam_misc.so.0.82.1", + "/usr/lib/x86_64-linux-gnu/libpamc.so.0.82.1", + "/usr/share/doc/libpam0g/Debian-PAM-MiniPolicy.gz", + "/usr/share/doc/libpam0g/README", + "/usr/share/doc/libpam0g/README.Debian", + "/usr/share/doc/libpam0g/TODO.Debian", + "/usr/share/doc/libpam0g/changelog.Debian.gz", + "/usr/share/doc/libpam0g/changelog.gz", + "/usr/share/doc/libpam0g/copyright", + "/usr/share/lintian/overrides/libpam0g" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpcre2-8-0@10.46-1~deb13u1", + "Name": "libpcre2-8-0", + "Identifier": { + "PURL": "pkg:deb/debian/libpcre2-8-0@10.46-1~deb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "aa7e3a6ab471d889" + }, + "Version": "10.46", + "Release": "1~deb13u1", + "Arch": "amd64", + "SrcName": "pcre2", + "SrcVersion": "10.46", + "SrcRelease": "1~deb13u1", + "Licenses": [ + "BSD-3-clause-Cambridge with BINARY LIBRARY-LIKE PACKAGES exception", + "BSD-3-Clause", + "X11", + "BSD-2-Clause", + "public-domain" + ], + "Maintainer": "Matthew Vernon \u003cmatthew@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.14.0", + "/usr/share/doc/libpcre2-8-0/README.Debian", + "/usr/share/doc/libpcre2-8-0/changelog.Debian.gz", + "/usr/share/doc/libpcre2-8-0/changelog.gz", + "/usr/share/doc/libpcre2-8-0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libreadline8t64@8.2-6", + "Name": "libreadline8t64", + "Identifier": { + "PURL": "pkg:deb/debian/libreadline8t64@8.2-6?arch=amd64\u0026distro=debian-13.5", + "UID": "a41a60a40a941961" + }, + "Version": "8.2", + "Release": "6", + "Arch": "amd64", + "SrcName": "readline", + "SrcVersion": "8.2", + "SrcRelease": "6", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only", + "GPL-2.0-or-later", + "GPL-2.0-only", + "GFDL-1.3-no-invariants-or-later", + "GFDL-1.3-or-later", + "ISC-no-attribution" + ], + "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libtinfo6@6.5+20250216-2", + "readline-common@8.2-6" + ], + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libhistory.so.8.2", + "/usr/lib/x86_64-linux-gnu/libreadline.so.8.2", + "/usr/share/doc/libreadline8t64/README.Debian", + "/usr/share/doc/libreadline8t64/USAGE", + "/usr/share/doc/libreadline8t64/changelog.Debian.gz", + "/usr/share/doc/libreadline8t64/changelog.gz", + "/usr/share/doc/libreadline8t64/copyright", + "/usr/share/doc/libreadline8t64/examples/Inputrc", + "/usr/share/doc/libreadline8t64/inputrc.arrows" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libseccomp2@2.6.0-2", + "Name": "libseccomp2", + "Identifier": { + "PURL": "pkg:deb/debian/libseccomp2@2.6.0-2?arch=amd64\u0026distro=debian-13.5", + "UID": "97e0ed663a98e78b" + }, + "Version": "2.6.0", + "Release": "2", + "Arch": "amd64", + "SrcName": "libseccomp", + "SrcVersion": "2.6.0", + "SrcRelease": "2", + "Licenses": [ + "LGPL-2.1-only" + ], + "Maintainer": "Kees Cook \u003ckees@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libseccomp.so.2.6.0", + "/usr/share/doc/libseccomp2/changelog.Debian.gz", + "/usr/share/doc/libseccomp2/changelog.gz", + "/usr/share/doc/libseccomp2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libselinux1@3.8.1-1", + "Name": "libselinux1", + "Identifier": { + "PURL": "pkg:deb/debian/libselinux1@3.8.1-1?arch=amd64\u0026distro=debian-13.5", + "UID": "f7d3a23ad693e5cb" + }, + "Version": "3.8.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "libselinux", + "SrcVersion": "3.8.1", + "SrcRelease": "1", + "Licenses": [ + "public-domain", + "GPL-2.0-only" + ], + "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libpcre2-8-0@10.46-1~deb13u1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/tmpfiles.d/libselinux1.conf", + "/usr/lib/x86_64-linux-gnu/libselinux.so.1", + "/usr/share/doc/libselinux1/changelog.Debian.gz", + "/usr/share/doc/libselinux1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsemanage-common@3.8.1-1", + "Name": "libsemanage-common", + "Identifier": { + "PURL": "pkg:deb/debian/libsemanage-common@3.8.1-1?arch=all\u0026distro=debian-13.5", + "UID": "ecc6b54d8bc6318c" + }, + "Version": "3.8.1", + "Release": "1", + "Arch": "all", + "SrcName": "libsemanage", + "SrcVersion": "3.8.1", + "SrcRelease": "1", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.1-only", + "GPL-2.0-only" + ], + "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/share/doc/libsemanage-common/changelog.Debian.gz", + "/usr/share/doc/libsemanage-common/copyright", + "/usr/share/man/man5/semanage.conf.5.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsemanage2@3.8.1-1", + "Name": "libsemanage2", + "Identifier": { + "PURL": "pkg:deb/debian/libsemanage2@3.8.1-1?arch=amd64\u0026distro=debian-13.5", + "UID": "5684bd063761ddb3" + }, + "Version": "3.8.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "libsemanage", + "SrcVersion": "3.8.1", + "SrcRelease": "1", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.1-only", + "GPL-2.0-only" + ], + "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit1@1:4.0.2-2+b2", + "libbz2-1.0@1.0.8-6", + "libc6@2.41-12+deb13u3", + "libselinux1@3.8.1-1", + "libsemanage-common@3.8.1-1", + "libsepol2@3.8.1-1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsemanage.so.2", + "/usr/share/doc/libsemanage2/changelog.Debian.gz", + "/usr/share/doc/libsemanage2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsepol2@3.8.1-1", + "Name": "libsepol2", + "Identifier": { + "PURL": "pkg:deb/debian/libsepol2@3.8.1-1?arch=amd64\u0026distro=debian-13.5", + "UID": "9990a97d658e13ae" + }, + "Version": "3.8.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "libsepol", + "SrcVersion": "3.8.1", + "SrcRelease": "1", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.1-only", + "Zlib", + "GPL-2.0-only", + "GPL-2.0-or-later" + ], + "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsepol.so.2", + "/usr/share/doc/libsepol2/changelog.Debian.gz", + "/usr/share/doc/libsepol2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsmartcols1@2.41-5", + "Name": "libsmartcols1", + "Identifier": { + "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "780dbec0869ab8e" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsmartcols.so.1.1.0", + "/usr/share/doc/libsmartcols1/NEWS.Debian.gz", + "/usr/share/doc/libsmartcols1/changelog.Debian.gz", + "/usr/share/doc/libsmartcols1/changelog.gz", + "/usr/share/doc/libsmartcols1/copyright", + "/usr/share/lintian/overrides/libsmartcols1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsqlite3-0@3.46.1-7+deb13u1", + "Name": "libsqlite3-0", + "Identifier": { + "PURL": "pkg:deb/debian/libsqlite3-0@3.46.1-7%2Bdeb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "c7da287e696e8198" + }, + "Version": "3.46.1", + "Release": "7+deb13u1", + "Arch": "amd64", + "SrcName": "sqlite3", + "SrcVersion": "3.46.1", + "SrcRelease": "7+deb13u1", + "Licenses": [ + "public-domain", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Laszlo Boszormenyi (GCS) \u003cgcs@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsqlite3.so.0.8.6", + "/usr/share/doc/libsqlite3-0/README.Debian", + "/usr/share/doc/libsqlite3-0/changelog.Debian.gz", + "/usr/share/doc/libsqlite3-0/changelog.gz", + "/usr/share/doc/libsqlite3-0/changelog.html.gz", + "/usr/share/doc/libsqlite3-0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libssl3t64@3.5.6-1~deb13u1", + "Name": "libssl3t64", + "Identifier": { + "PURL": "pkg:deb/debian/libssl3t64@3.5.6-1~deb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "19bca5c02c5a9632" + }, + "Version": "3.5.6", + "Release": "1~deb13u1", + "Arch": "amd64", + "SrcName": "openssl", + "SrcVersion": "3.5.6", + "SrcRelease": "1~deb13u1", + "Licenses": [ + "Apache-2.0", + "Artistic-2.0", + "GPL-1.0-or-later", + "GPL-1.0-only" + ], + "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libzstd1@1.5.7+dfsg-1", + "openssl-provider-legacy@3.5.6-1~deb13u1", + "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/engines-3/afalg.so", + "/usr/lib/x86_64-linux-gnu/engines-3/loader_attic.so", + "/usr/lib/x86_64-linux-gnu/engines-3/padlock.so", + "/usr/lib/x86_64-linux-gnu/libcrypto.so.3", + "/usr/lib/x86_64-linux-gnu/libssl.so.3", + "/usr/share/doc/libssl3t64/NEWS.Debian.gz", + "/usr/share/doc/libssl3t64/changelog.Debian.gz", + "/usr/share/doc/libssl3t64/changelog.gz", + "/usr/share/doc/libssl3t64/copyright", + "/usr/share/lintian/overrides/libssl3t64" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libstdc++6@14.2.0-19", + "Name": "libstdc++6", + "Identifier": { + "PURL": "pkg:deb/debian/libstdc%2B%2B6@14.2.0-19?arch=amd64\u0026distro=debian-13.5", + "UID": "1b384a6346513d7c" + }, + "Version": "14.2.0", + "Release": "19", + "Arch": "amd64", + "SrcName": "gcc-14", + "SrcVersion": "14.2.0", + "SrcRelease": "19", + "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "gcc-14-base@14.2.0-19", + "libc6@2.41-12+deb13u3", + "libgcc-s1@14.2.0-19" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.33", + "/usr/share/gcc/python/libstdcxx/__init__.py", + "/usr/share/gcc/python/libstdcxx/v6/__init__.py", + "/usr/share/gcc/python/libstdcxx/v6/printers.py", + "/usr/share/gcc/python/libstdcxx/v6/xmethods.py", + "/usr/share/gdb/auto-load/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.33-gdb.py" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsystemd0@257.13-1~deb13u1", + "Name": "libsystemd0", + "Identifier": { + "PURL": "pkg:deb/debian/libsystemd0@257.13-1~deb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "a2b4ba47389f858e" + }, + "Version": "257.13", + "Release": "1~deb13u1", + "Arch": "amd64", + "SrcName": "systemd", + "SrcVersion": "257.13", + "SrcRelease": "1~deb13u1", + "Licenses": [ + "LGPL-2.1-or-later", + "CC0-1.0", + "GPL-2 with Linux-syscall-note exception", + "MIT", + "public-domain", + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libcap2@1:2.75-10+deb13u1+b1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", + "/usr/share/doc/libsystemd0/NEWS.Debian.gz", + "/usr/share/doc/libsystemd0/changelog.Debian.gz", + "/usr/share/doc/libsystemd0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libtinfo6@6.5+20250216-2", + "Name": "libtinfo6", + "Identifier": { + "PURL": "pkg:deb/debian/libtinfo6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", + "UID": "ba2c2b464f07108a" + }, + "Version": "6.5+20250216", + "Release": "2", + "Arch": "amd64", + "SrcName": "ncurses", + "SrcVersion": "6.5+20250216", + "SrcRelease": "2", + "Licenses": [ + "MIT/X11", + "X11", + "BSD-3-Clause" + ], + "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libtic.so.6.5", + "/usr/lib/x86_64-linux-gnu/libtinfo.so.6.5", + "/usr/share/doc/libtinfo6/changelog.Debian.gz", + "/usr/share/doc/libtinfo6/changelog.gz", + "/usr/share/doc/libtinfo6/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libudev1@257.13-1~deb13u1", + "Name": "libudev1", + "Identifier": { + "PURL": "pkg:deb/debian/libudev1@257.13-1~deb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "3b7a2f1a9ab169b" + }, + "Version": "257.13", + "Release": "1~deb13u1", + "Arch": "amd64", + "SrcName": "systemd", + "SrcVersion": "257.13", + "SrcRelease": "1~deb13u1", + "Licenses": [ + "LGPL-2.1-or-later", + "CC0-1.0", + "GPL-2 with Linux-syscall-note exception", + "MIT", + "public-domain", + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libcap2@1:2.75-10+deb13u1+b1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libudev.so.1.7.10", + "/usr/share/doc/libudev1/NEWS.Debian.gz", + "/usr/share/doc/libudev1/changelog.Debian.gz", + "/usr/share/doc/libudev1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libuuid1@2.41-5", + "Name": "libuuid1", + "Identifier": { + "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "1afbb50818377478" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libuuid.so.1.3.0", + "/usr/share/doc/libuuid1/NEWS.Debian.gz", + "/usr/share/doc/libuuid1/changelog.Debian.gz", + "/usr/share/doc/libuuid1/changelog.gz", + "/usr/share/doc/libuuid1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libxxhash0@0.8.3-2", + "Name": "libxxhash0", + "Identifier": { + "PURL": "pkg:deb/debian/libxxhash0@0.8.3-2?arch=amd64\u0026distro=debian-13.5", + "UID": "d91110b5edcae2d8" + }, + "Version": "0.8.3", + "Release": "2", + "Arch": "amd64", + "SrcName": "xxhash", + "SrcVersion": "0.8.3", + "SrcRelease": "2", + "Licenses": [ + "BSD-2-Clause", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Josue Ortega \u003cjosue@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libxxhash.so.0.8.3", + "/usr/share/doc/libxxhash0/changelog.Debian.gz", + "/usr/share/doc/libxxhash0/changelog.gz", + "/usr/share/doc/libxxhash0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libzstd1@1.5.7+dfsg-1", + "Name": "libzstd1", + "Identifier": { + "PURL": "pkg:deb/debian/libzstd1@1.5.7%2Bdfsg-1?arch=amd64\u0026distro=debian-13.5", + "UID": "ca4814a2bfd07696" + }, + "Version": "1.5.7+dfsg", + "Release": "1", + "Arch": "amd64", + "SrcName": "libzstd", + "SrcVersion": "1.5.7+dfsg", + "SrcRelease": "1", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only", + "Zlib", + "MIT" + ], + "Maintainer": "RPM packaging team \u003cteam+pkg-rpm@tracker.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libzstd.so.1.5.7", + "/usr/share/doc/libzstd1/changelog.Debian.gz", + "/usr/share/doc/libzstd1/changelog.gz", + "/usr/share/doc/libzstd1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "login@1:4.16.0-2+really2.41-5", + "Name": "login", + "Identifier": { + "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "c0ab0b857644733b" + }, + "Version": "4.16.0-2+really2.41", + "Release": "5", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit1@1:4.0.2-2+b2", + "libc6@2.41-12+deb13u3", + "libcrypt1@1:4.4.38-1", + "libpam-modules@1.7.0-5", + "libpam-runtime@1.7.0-5", + "libpam0g@1.7.0-5" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/login", + "/usr/bin/newgrp", + "/usr/sbin/nologin", + "/usr/share/bash-completion/completions/newgrp", + "/usr/share/doc/login/NEWS.Debian.gz", + "/usr/share/doc/login/changelog.Debian.gz", + "/usr/share/doc/login/changelog.gz", + "/usr/share/doc/login/copyright", + "/usr/share/lintian/overrides/login", + "/usr/share/man/de/man1/login.1.gz", + "/usr/share/man/de/man8/nologin.8.gz", + "/usr/share/man/fr/man1/login.1.gz", + "/usr/share/man/man1/login.1.gz", + "/usr/share/man/man1/newgrp.1.gz", + "/usr/share/man/man8/nologin.8.gz", + "/usr/share/man/pl/man1/login.1.gz", + "/usr/share/man/pl/man1/newgrp.1.gz", + "/usr/share/man/pl/man8/nologin.8.gz", + "/usr/share/man/ro/man1/login.1.gz", + "/usr/share/man/ro/man1/newgrp.1.gz", + "/usr/share/man/ro/man8/nologin.8.gz", + "/usr/share/man/sr/man1/login.1.gz", + "/usr/share/man/sr/man8/nologin.8.gz", + "/usr/share/man/uk/man1/login.1.gz", + "/usr/share/man/uk/man1/newgrp.1.gz", + "/usr/share/man/uk/man8/nologin.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "login.defs@1:4.17.4-2", + "Name": "login.defs", + "Identifier": { + "PURL": "pkg:deb/debian/login.defs@4.17.4-2?arch=all\u0026distro=debian-13.5\u0026epoch=1", + "UID": "b6a337588c67d5a3" + }, + "Version": "4.17.4", + "Release": "2", + "Epoch": 1, + "Arch": "all", + "SrcName": "shadow", + "SrcVersion": "4.17.4", + "SrcRelease": "2", + "SrcEpoch": 1, + "Licenses": [ + "BSD-3-Clause", + "GPL-1.0-only", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/share/doc/login.defs/NEWS.Debian.gz", + "/usr/share/doc/login.defs/changelog.Debian.gz", + "/usr/share/doc/login.defs/changelog.gz", + "/usr/share/doc/login.defs/copyright", + "/usr/share/man/de/man5/login.defs.5.gz", + "/usr/share/man/fr/man5/login.defs.5.gz", + "/usr/share/man/it/man5/login.defs.5.gz", + "/usr/share/man/ja/man5/login.defs.5.gz", + "/usr/share/man/man5/login.defs.5.gz", + "/usr/share/man/ru/man5/login.defs.5.gz", + "/usr/share/man/uk/man5/login.defs.5.gz", + "/usr/share/man/zh_CN/man5/login.defs.5.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mawk@1.3.4.20250131-1", + "Name": "mawk", + "Identifier": { + "PURL": "pkg:deb/debian/mawk@1.3.4.20250131-1?arch=amd64\u0026distro=debian-13.5", + "UID": "a4460701c66e182d" + }, + "Version": "1.3.4.20250131", + "Release": "1", + "Arch": "amd64", + "SrcName": "mawk", + "SrcVersion": "1.3.4.20250131", + "SrcRelease": "1", + "Licenses": [ + "GPL-2.0-only", + "X11", + "CC-BY-3.0" + ], + "Maintainer": "Boyuan Yang \u003cbyang@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/mawk", + "/usr/share/doc/mawk/ACKNOWLEDGMENT", + "/usr/share/doc/mawk/README", + "/usr/share/doc/mawk/changelog.Debian.gz", + "/usr/share/doc/mawk/changelog.gz", + "/usr/share/doc/mawk/copyright", + "/usr/share/doc/mawk/examples/ct_length.awk", + "/usr/share/doc/mawk/examples/decl.awk", + "/usr/share/doc/mawk/examples/deps.awk", + "/usr/share/doc/mawk/examples/eatc.awk", + "/usr/share/doc/mawk/examples/gdecl.awk", + "/usr/share/doc/mawk/examples/hcal", + "/usr/share/doc/mawk/examples/hical", + "/usr/share/doc/mawk/examples/nocomment.awk", + "/usr/share/doc/mawk/examples/primes.awk", + "/usr/share/doc/mawk/examples/qsort.awk", + "/usr/share/man/man1/mawk.1.gz", + "/usr/share/man/man7/mawk-arrays.7.gz", + "/usr/share/man/man7/mawk-code.7.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mount@2.41-5", + "Name": "mount", + "Identifier": { + "PURL": "pkg:deb/debian/mount@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "55c835c674d0a0e5" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/mount", + "/usr/bin/umount", + "/usr/sbin/losetup", + "/usr/sbin/swapoff", + "/usr/sbin/swapon", + "/usr/share/bash-completion/completions/losetup", + "/usr/share/bash-completion/completions/mount", + "/usr/share/bash-completion/completions/swapoff", + "/usr/share/bash-completion/completions/swapon", + "/usr/share/bash-completion/completions/umount", + "/usr/share/doc/mount/NEWS.Debian.gz", + "/usr/share/doc/mount/changelog.Debian.gz", + "/usr/share/doc/mount/changelog.gz", + "/usr/share/doc/mount/copyright", + "/usr/share/doc/mount/examples/filesystems", + "/usr/share/doc/mount/examples/fstab", + "/usr/share/doc/mount/examples/mount.fstab", + "/usr/share/doc/mount/mount.txt", + "/usr/share/lintian/overrides/mount", + "/usr/share/man/man5/fstab.5.gz", + "/usr/share/man/man8/losetup.8.gz", + "/usr/share/man/man8/mount.8.gz", + "/usr/share/man/man8/swapon.8.gz", + "/usr/share/man/man8/umount.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "ncurses-base@6.5+20250216-2", + "Name": "ncurses-base", + "Identifier": { + "PURL": "pkg:deb/debian/ncurses-base@6.5%2B20250216-2?arch=all\u0026distro=debian-13.5", + "UID": "767a0231348a5cb5" + }, + "Version": "6.5+20250216", + "Release": "2", + "Arch": "all", + "SrcName": "ncurses", + "SrcVersion": "6.5+20250216", + "SrcRelease": "2", + "Licenses": [ + "MIT/X11", + "X11", + "BSD-3-Clause" + ], + "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/share/doc/ncurses-base/FAQ", + "/usr/share/doc/ncurses-base/TODO.Debian", + "/usr/share/doc/ncurses-base/changelog.Debian.gz", + "/usr/share/doc/ncurses-base/changelog.gz", + "/usr/share/doc/ncurses-base/copyright", + "/usr/share/lintian/overrides/ncurses-base", + "/usr/share/tabset/std", + "/usr/share/tabset/stdcrt", + "/usr/share/tabset/vt100", + "/usr/share/tabset/vt300", + "/usr/share/terminfo/E/Eterm", + "/usr/share/terminfo/a/ansi", + "/usr/share/terminfo/c/cons25", + "/usr/share/terminfo/c/cygwin", + "/usr/share/terminfo/d/dumb", + "/usr/share/terminfo/h/hurd", + "/usr/share/terminfo/l/linux", + "/usr/share/terminfo/m/mach", + "/usr/share/terminfo/m/mach-bold", + "/usr/share/terminfo/m/mach-color", + "/usr/share/terminfo/m/mach-gnu", + "/usr/share/terminfo/m/mach-gnu-color", + "/usr/share/terminfo/p/pcansi", + "/usr/share/terminfo/r/rxvt", + "/usr/share/terminfo/r/rxvt-basic", + "/usr/share/terminfo/r/rxvt-unicode", + "/usr/share/terminfo/r/rxvt-unicode-256color", + "/usr/share/terminfo/s/screen", + "/usr/share/terminfo/s/screen-256color", + "/usr/share/terminfo/s/screen-256color-bce", + "/usr/share/terminfo/s/screen-bce", + "/usr/share/terminfo/s/screen-s", + "/usr/share/terminfo/s/screen-w", + "/usr/share/terminfo/s/screen.xterm-256color", + "/usr/share/terminfo/s/sun", + "/usr/share/terminfo/t/tmux", + "/usr/share/terminfo/t/tmux-256color", + "/usr/share/terminfo/v/vt100", + "/usr/share/terminfo/v/vt102", + "/usr/share/terminfo/v/vt220", + "/usr/share/terminfo/v/vt52", + "/usr/share/terminfo/w/wsvt25", + "/usr/share/terminfo/w/wsvt25m", + "/usr/share/terminfo/x/xterm", + "/usr/share/terminfo/x/xterm-256color", + "/usr/share/terminfo/x/xterm-color", + "/usr/share/terminfo/x/xterm-mono", + "/usr/share/terminfo/x/xterm-r5", + "/usr/share/terminfo/x/xterm-r6", + "/usr/share/terminfo/x/xterm-vt220", + "/usr/share/terminfo/x/xterm-xfree86" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "ncurses-bin@6.5+20250216-2", + "Name": "ncurses-bin", + "Identifier": { + "PURL": "pkg:deb/debian/ncurses-bin@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", + "UID": "5b541563cf6587e5" + }, + "Version": "6.5+20250216", + "Release": "2", + "Arch": "amd64", + "SrcName": "ncurses", + "SrcVersion": "6.5+20250216", + "SrcRelease": "2", + "Licenses": [ + "MIT/X11", + "X11", + "BSD-3-Clause" + ], + "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/clear", + "/usr/bin/infocmp", + "/usr/bin/tabs", + "/usr/bin/tic", + "/usr/bin/toe", + "/usr/bin/tput", + "/usr/bin/tset", + "/usr/share/doc/ncurses-bin/changelog.Debian.gz", + "/usr/share/doc/ncurses-bin/changelog.gz", + "/usr/share/doc/ncurses-bin/copyright", + "/usr/share/man/man1/captoinfo.1.gz", + "/usr/share/man/man1/clear.1.gz", + "/usr/share/man/man1/infocmp.1.gz", + "/usr/share/man/man1/infotocap.1.gz", + "/usr/share/man/man1/tabs.1.gz", + "/usr/share/man/man1/tic.1.gz", + "/usr/share/man/man1/toe.1.gz", + "/usr/share/man/man1/tput.1.gz", + "/usr/share/man/man1/tset.1.gz", + "/usr/share/man/man5/scr_dump.5.gz", + "/usr/share/man/man5/term.5.gz", + "/usr/share/man/man5/terminfo.5.gz", + "/usr/share/man/man5/user_caps.5.gz", + "/usr/share/man/man7/term.7.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "netbase@6.5", + "Name": "netbase", + "Identifier": { + "PURL": "pkg:deb/debian/netbase@6.5?arch=all\u0026distro=debian-13.5", + "UID": "9929ff265179fc61" + }, + "Version": "6.5", + "Arch": "all", + "SrcName": "netbase", + "SrcVersion": "6.5", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:4a9dde5cdde190bfa0a3ab17863a083e66ea9636b157638c315357dfa476ba76", + "DiffID": "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54" + }, + "InstalledFiles": [ + "/usr/share/doc/netbase/changelog.gz", + "/usr/share/doc/netbase/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "openssl@3.5.6-1~deb13u1", + "Name": "openssl", + "Identifier": { + "PURL": "pkg:deb/debian/openssl@3.5.6-1~deb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "ee88be94d89898bf" + }, + "Version": "3.5.6", + "Release": "1~deb13u1", + "Arch": "amd64", + "SrcName": "openssl", + "SrcVersion": "3.5.6", + "SrcRelease": "1~deb13u1", + "Licenses": [ + "Apache-2.0", + "Artistic-2.0", + "GPL-1.0-or-later", + "GPL-1.0-only" + ], + "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libssl3t64@3.5.6-1~deb13u1" + ], + "Layer": { + "Digest": "sha256:4a9dde5cdde190bfa0a3ab17863a083e66ea9636b157638c315357dfa476ba76", + "DiffID": "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54" + }, + "InstalledFiles": [ + "/usr/bin/c_rehash", + "/usr/bin/openssl", + "/usr/lib/ssl/misc/CA.pl", + "/usr/lib/ssl/misc/tsget.pl", + "/usr/share/doc/openssl/HOWTO/certificates.txt.gz", + "/usr/share/doc/openssl/HOWTO/documenting-functions-and-macros.md.gz", + "/usr/share/doc/openssl/HOWTO/keys.txt.gz", + "/usr/share/doc/openssl/NEWS.md.gz", + "/usr/share/doc/openssl/README-ENGINES.md.gz", + "/usr/share/doc/openssl/README-PROVIDERS.md.gz", + "/usr/share/doc/openssl/README-QUIC.md.gz", + "/usr/share/doc/openssl/README.Debian", + "/usr/share/doc/openssl/README.md.gz", + "/usr/share/doc/openssl/changelog.Debian.gz", + "/usr/share/doc/openssl/changelog.gz", + "/usr/share/doc/openssl/copyright", + "/usr/share/doc/openssl/fingerprints.txt", + "/usr/share/lintian/overrides/openssl", + "/usr/share/man/man1/CA.pl.1ssl.gz", + "/usr/share/man/man1/openssl-asn1parse.1ssl.gz", + "/usr/share/man/man1/openssl-ca.1ssl.gz", + "/usr/share/man/man1/openssl-ciphers.1ssl.gz", + "/usr/share/man/man1/openssl-cmds.1ssl.gz", + "/usr/share/man/man1/openssl-cmp.1ssl.gz", + "/usr/share/man/man1/openssl-cms.1ssl.gz", + "/usr/share/man/man1/openssl-crl.1ssl.gz", + "/usr/share/man/man1/openssl-crl2pkcs7.1ssl.gz", + "/usr/share/man/man1/openssl-dgst.1ssl.gz", + "/usr/share/man/man1/openssl-dhparam.1ssl.gz", + "/usr/share/man/man1/openssl-dsa.1ssl.gz", + "/usr/share/man/man1/openssl-dsaparam.1ssl.gz", + "/usr/share/man/man1/openssl-ec.1ssl.gz", + "/usr/share/man/man1/openssl-ecparam.1ssl.gz", + "/usr/share/man/man1/openssl-enc.1ssl.gz", + "/usr/share/man/man1/openssl-engine.1ssl.gz", + "/usr/share/man/man1/openssl-errstr.1ssl.gz", + "/usr/share/man/man1/openssl-fipsinstall.1ssl.gz", + "/usr/share/man/man1/openssl-format-options.1ssl.gz", + "/usr/share/man/man1/openssl-gendsa.1ssl.gz", + "/usr/share/man/man1/openssl-genpkey.1ssl.gz", + "/usr/share/man/man1/openssl-genrsa.1ssl.gz", + "/usr/share/man/man1/openssl-info.1ssl.gz", + "/usr/share/man/man1/openssl-kdf.1ssl.gz", + "/usr/share/man/man1/openssl-list.1ssl.gz", + "/usr/share/man/man1/openssl-mac.1ssl.gz", + "/usr/share/man/man1/openssl-namedisplay-options.1ssl.gz", + "/usr/share/man/man1/openssl-nseq.1ssl.gz", + "/usr/share/man/man1/openssl-ocsp.1ssl.gz", + "/usr/share/man/man1/openssl-passphrase-options.1ssl.gz", + "/usr/share/man/man1/openssl-passwd.1ssl.gz", + "/usr/share/man/man1/openssl-pkcs12.1ssl.gz", + "/usr/share/man/man1/openssl-pkcs7.1ssl.gz", + "/usr/share/man/man1/openssl-pkcs8.1ssl.gz", + "/usr/share/man/man1/openssl-pkey.1ssl.gz", + "/usr/share/man/man1/openssl-pkeyparam.1ssl.gz", + "/usr/share/man/man1/openssl-pkeyutl.1ssl.gz", + "/usr/share/man/man1/openssl-prime.1ssl.gz", + "/usr/share/man/man1/openssl-rand.1ssl.gz", + "/usr/share/man/man1/openssl-rehash.1ssl.gz", + "/usr/share/man/man1/openssl-req.1ssl.gz", + "/usr/share/man/man1/openssl-rsa.1ssl.gz", + "/usr/share/man/man1/openssl-rsautl.1ssl.gz", + "/usr/share/man/man1/openssl-s_client.1ssl.gz", + "/usr/share/man/man1/openssl-s_server.1ssl.gz", + "/usr/share/man/man1/openssl-s_time.1ssl.gz", + "/usr/share/man/man1/openssl-sess_id.1ssl.gz", + "/usr/share/man/man1/openssl-skeyutl.1ssl.gz", + "/usr/share/man/man1/openssl-smime.1ssl.gz", + "/usr/share/man/man1/openssl-speed.1ssl.gz", + "/usr/share/man/man1/openssl-spkac.1ssl.gz", + "/usr/share/man/man1/openssl-srp.1ssl.gz", + "/usr/share/man/man1/openssl-storeutl.1ssl.gz", + "/usr/share/man/man1/openssl-ts.1ssl.gz", + "/usr/share/man/man1/openssl-verification-options.1ssl.gz", + "/usr/share/man/man1/openssl-verify.1ssl.gz", + "/usr/share/man/man1/openssl-version.1ssl.gz", + "/usr/share/man/man1/openssl-x509.1ssl.gz", + "/usr/share/man/man1/openssl.1ssl.gz", + "/usr/share/man/man1/tsget.1ssl.gz", + "/usr/share/man/man5/config.5ssl.gz", + "/usr/share/man/man5/fips_config.5ssl.gz", + "/usr/share/man/man5/x509v3_config.5ssl.gz", + "/usr/share/man/man7/EVP_ASYM_CIPHER-RSA.7ssl.gz", + "/usr/share/man/man7/EVP_ASYM_CIPHER-SM2.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-AES.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-ARIA.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-BLOWFISH.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-CAMELLIA.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-CAST.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-CHACHA.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-DES.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-IDEA.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-NULL.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-RC2.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-RC4.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-RC5.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-SEED.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-SM4.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-ARGON2.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-HKDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-HMAC-DRBG.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-KB.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-KRB5KDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-PBKDF1.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-PBKDF2.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-PKCS12KDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-PVKKDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-SCRYPT.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-SS.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-SSHKDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-TLS13_KDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-TLS1_PRF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-X942-ASN1.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-X942-CONCAT.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-X963.7ssl.gz", + "/usr/share/man/man7/EVP_KEM-EC.7ssl.gz", + "/usr/share/man/man7/EVP_KEM-ML-KEM.7ssl.gz", + "/usr/share/man/man7/EVP_KEM-RSA.7ssl.gz", + "/usr/share/man/man7/EVP_KEM-X25519.7ssl.gz", + "/usr/share/man/man7/EVP_KEYEXCH-DH.7ssl.gz", + "/usr/share/man/man7/EVP_KEYEXCH-ECDH.7ssl.gz", + "/usr/share/man/man7/EVP_KEYEXCH-X25519.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-BLAKE2.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-CMAC.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-GMAC.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-HMAC.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-KMAC.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-Poly1305.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-Siphash.7ssl.gz", + "/usr/share/man/man7/EVP_MD-BLAKE2.7ssl.gz", + "/usr/share/man/man7/EVP_MD-KECCAK.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MD2.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MD4.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MD5-SHA1.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MD5.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MDC2.7ssl.gz", + "/usr/share/man/man7/EVP_MD-NULL.7ssl.gz", + "/usr/share/man/man7/EVP_MD-RIPEMD160.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SHA1.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SHA2.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SHA3.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SHAKE.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SM3.7ssl.gz", + "/usr/share/man/man7/EVP_MD-WHIRLPOOL.7ssl.gz", + "/usr/share/man/man7/EVP_MD-common.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-DH.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-DSA.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-EC.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-FFC.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-HMAC.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-ML-DSA.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-ML-KEM.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-RSA.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-SLH-DSA.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-SM2.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-X25519.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-CRNG-TEST.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-CTR-DRBG.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-HASH-DRBG.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-HMAC-DRBG.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-JITTER.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-SEED-SRC.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-TEST-RAND.7ssl.gz", + "/usr/share/man/man7/EVP_RAND.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-DSA.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-ECDSA.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-ED25519.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-HMAC.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-ML-DSA.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-RSA.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-SLH-DSA.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-FIPS.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-base.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-default.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-legacy.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-null.7ssl.gz", + "/usr/share/man/man7/OSSL_STORE-winstore.7ssl.gz", + "/usr/share/man/man7/RAND.7ssl.gz", + "/usr/share/man/man7/RSA-PSS.7ssl.gz", + "/usr/share/man/man7/X25519.7ssl.gz", + "/usr/share/man/man7/bio.7ssl.gz", + "/usr/share/man/man7/ct.7ssl.gz", + "/usr/share/man/man7/des_modes.7ssl.gz", + "/usr/share/man/man7/evp.7ssl.gz", + "/usr/share/man/man7/fips_module.7ssl.gz", + "/usr/share/man/man7/life_cycle-cipher.7ssl.gz", + "/usr/share/man/man7/life_cycle-digest.7ssl.gz", + "/usr/share/man/man7/life_cycle-kdf.7ssl.gz", + "/usr/share/man/man7/life_cycle-mac.7ssl.gz", + "/usr/share/man/man7/life_cycle-pkey.7ssl.gz", + "/usr/share/man/man7/life_cycle-rand.7ssl.gz", + "/usr/share/man/man7/openssl-core.h.7ssl.gz", + "/usr/share/man/man7/openssl-core_dispatch.h.7ssl.gz", + "/usr/share/man/man7/openssl-core_names.h.7ssl.gz", + "/usr/share/man/man7/openssl-env.7ssl.gz", + "/usr/share/man/man7/openssl-glossary.7ssl.gz", + "/usr/share/man/man7/openssl-qlog.7ssl.gz", + "/usr/share/man/man7/openssl-quic-concurrency.7ssl.gz", + "/usr/share/man/man7/openssl-quic.7ssl.gz", + "/usr/share/man/man7/openssl-threads.7ssl.gz", + "/usr/share/man/man7/openssl_user_macros.7ssl.gz", + "/usr/share/man/man7/ossl-guide-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-libcrypto-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-libraries-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-libssl-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-migration.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-client-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-client-non-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-multi-stream.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-server-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-server-non-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-tls-client-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-tls-client-non-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-tls-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-tls-server-block.7ssl.gz", + "/usr/share/man/man7/ossl_store-file.7ssl.gz", + "/usr/share/man/man7/ossl_store.7ssl.gz", + "/usr/share/man/man7/passphrase-encoding.7ssl.gz", + "/usr/share/man/man7/property.7ssl.gz", + "/usr/share/man/man7/provider-asym_cipher.7ssl.gz", + "/usr/share/man/man7/provider-base.7ssl.gz", + "/usr/share/man/man7/provider-cipher.7ssl.gz", + "/usr/share/man/man7/provider-decoder.7ssl.gz", + "/usr/share/man/man7/provider-digest.7ssl.gz", + "/usr/share/man/man7/provider-encoder.7ssl.gz", + "/usr/share/man/man7/provider-kdf.7ssl.gz", + "/usr/share/man/man7/provider-kem.7ssl.gz", + "/usr/share/man/man7/provider-keyexch.7ssl.gz", + "/usr/share/man/man7/provider-keymgmt.7ssl.gz", + "/usr/share/man/man7/provider-mac.7ssl.gz", + "/usr/share/man/man7/provider-object.7ssl.gz", + "/usr/share/man/man7/provider-rand.7ssl.gz", + "/usr/share/man/man7/provider-signature.7ssl.gz", + "/usr/share/man/man7/provider-skeymgmt.7ssl.gz", + "/usr/share/man/man7/provider-storemgmt.7ssl.gz", + "/usr/share/man/man7/provider.7ssl.gz", + "/usr/share/man/man7/proxy-certificates.7ssl.gz", + "/usr/share/man/man7/x509.7ssl.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "openssl-provider-legacy@3.5.6-1~deb13u1", + "Name": "openssl-provider-legacy", + "Identifier": { + "PURL": "pkg:deb/debian/openssl-provider-legacy@3.5.6-1~deb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "c38741326d0e034f" + }, + "Version": "3.5.6", + "Release": "1~deb13u1", + "Arch": "amd64", + "SrcName": "openssl", + "SrcVersion": "3.5.6", + "SrcRelease": "1~deb13u1", + "Licenses": [ + "Apache-2.0", + "Artistic-2.0", + "GPL-1.0-or-later", + "GPL-1.0-only" + ], + "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libssl3t64@3.5.6-1~deb13u1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/ossl-modules/legacy.so", + "/usr/share/doc/openssl-provider-legacy/changelog.Debian.gz", + "/usr/share/doc/openssl-provider-legacy/changelog.gz", + "/usr/share/doc/openssl-provider-legacy/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "passwd@1:4.17.4-2", + "Name": "passwd", + "Identifier": { + "PURL": "pkg:deb/debian/passwd@4.17.4-2?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "d93f813ae3092e32" + }, + "Version": "4.17.4", + "Release": "2", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "shadow", + "SrcVersion": "4.17.4", + "SrcRelease": "2", + "SrcEpoch": 1, + "Licenses": [ + "BSD-3-Clause", + "GPL-1.0-only", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "base-passwd@3.6.7", + "libacl1@2.3.2-2+b1", + "libattr1@1:2.5.2-3", + "libaudit1@1:4.0.2-2+b2", + "libbsd0@0.12.2-2", + "libc6@2.41-12+deb13u3", + "libcrypt1@1:4.4.38-1", + "libpam-modules@1.7.0-5", + "libpam0g@1.7.0-5", + "libselinux1@3.8.1-1", + "libsemanage2@3.8.1-1", + "login.defs@1:4.17.4-2" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/chage", + "/usr/bin/chfn", + "/usr/bin/chsh", + "/usr/bin/expiry", + "/usr/bin/gpasswd", + "/usr/bin/passwd", + "/usr/lib/tmpfiles.d/passwd.conf", + "/usr/sbin/chgpasswd", + "/usr/sbin/chpasswd", + "/usr/sbin/groupadd", + "/usr/sbin/groupdel", + "/usr/sbin/groupmod", + "/usr/sbin/grpck", + "/usr/sbin/grpconv", + "/usr/sbin/grpunconv", + "/usr/sbin/newusers", + "/usr/sbin/pwck", + "/usr/sbin/pwconv", + "/usr/sbin/pwunconv", + "/usr/sbin/shadowconfig", + "/usr/sbin/useradd", + "/usr/sbin/userdel", + "/usr/sbin/usermod", + "/usr/sbin/vipw", + "/usr/share/doc/passwd/NEWS.Debian.gz", + "/usr/share/doc/passwd/README.Debian", + "/usr/share/doc/passwd/TODO.Debian", + "/usr/share/doc/passwd/changelog.Debian.gz", + "/usr/share/doc/passwd/changelog.gz", + "/usr/share/doc/passwd/copyright", + "/usr/share/doc/passwd/examples/passwd.expire.cron", + "/usr/share/lintian/overrides/passwd", + "/usr/share/locale/bs/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ca/LC_MESSAGES/shadow.mo", + "/usr/share/locale/cs/LC_MESSAGES/shadow.mo", + "/usr/share/locale/da/LC_MESSAGES/shadow.mo", + "/usr/share/locale/de/LC_MESSAGES/shadow.mo", + "/usr/share/locale/dz/LC_MESSAGES/shadow.mo", + "/usr/share/locale/el/LC_MESSAGES/shadow.mo", + "/usr/share/locale/es/LC_MESSAGES/shadow.mo", + "/usr/share/locale/eu/LC_MESSAGES/shadow.mo", + "/usr/share/locale/fi/LC_MESSAGES/shadow.mo", + "/usr/share/locale/fr/LC_MESSAGES/shadow.mo", + "/usr/share/locale/gl/LC_MESSAGES/shadow.mo", + "/usr/share/locale/he/LC_MESSAGES/shadow.mo", + "/usr/share/locale/hu/LC_MESSAGES/shadow.mo", + "/usr/share/locale/id/LC_MESSAGES/shadow.mo", + "/usr/share/locale/it/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ja/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ka/LC_MESSAGES/shadow.mo", + "/usr/share/locale/kk/LC_MESSAGES/shadow.mo", + "/usr/share/locale/km/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ko/LC_MESSAGES/shadow.mo", + "/usr/share/locale/nb/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ne/LC_MESSAGES/shadow.mo", + "/usr/share/locale/nl/LC_MESSAGES/shadow.mo", + "/usr/share/locale/nn/LC_MESSAGES/shadow.mo", + "/usr/share/locale/pl/LC_MESSAGES/shadow.mo", + "/usr/share/locale/pt/LC_MESSAGES/shadow.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ro/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ru/LC_MESSAGES/shadow.mo", + "/usr/share/locale/sk/LC_MESSAGES/shadow.mo", + "/usr/share/locale/sq/LC_MESSAGES/shadow.mo", + "/usr/share/locale/sv/LC_MESSAGES/shadow.mo", + "/usr/share/locale/tl/LC_MESSAGES/shadow.mo", + "/usr/share/locale/tr/LC_MESSAGES/shadow.mo", + "/usr/share/locale/uk/LC_MESSAGES/shadow.mo", + "/usr/share/locale/vi/LC_MESSAGES/shadow.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/shadow.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/shadow.mo", + "/usr/share/man/cs/man1/expiry.1.gz", + "/usr/share/man/cs/man1/gpasswd.1.gz", + "/usr/share/man/cs/man5/gshadow.5.gz", + "/usr/share/man/cs/man5/passwd.5.gz", + "/usr/share/man/cs/man5/shadow.5.gz", + "/usr/share/man/cs/man8/groupadd.8.gz", + "/usr/share/man/cs/man8/groupdel.8.gz", + "/usr/share/man/cs/man8/groupmod.8.gz", + "/usr/share/man/cs/man8/grpck.8.gz", + "/usr/share/man/cs/man8/vipw.8.gz", + "/usr/share/man/da/man1/chfn.1.gz", + "/usr/share/man/da/man5/gshadow.5.gz", + "/usr/share/man/da/man8/groupdel.8.gz", + "/usr/share/man/da/man8/vipw.8.gz", + "/usr/share/man/de/man1/chage.1.gz", + "/usr/share/man/de/man1/chfn.1.gz", + "/usr/share/man/de/man1/chsh.1.gz", + "/usr/share/man/de/man1/expiry.1.gz", + "/usr/share/man/de/man1/gpasswd.1.gz", + "/usr/share/man/de/man1/passwd.1.gz", + "/usr/share/man/de/man5/gshadow.5.gz", + "/usr/share/man/de/man5/passwd.5.gz", + "/usr/share/man/de/man5/shadow.5.gz", + "/usr/share/man/de/man8/chgpasswd.8.gz", + "/usr/share/man/de/man8/chpasswd.8.gz", + "/usr/share/man/de/man8/groupadd.8.gz", + "/usr/share/man/de/man8/groupdel.8.gz", + "/usr/share/man/de/man8/groupmod.8.gz", + "/usr/share/man/de/man8/grpck.8.gz", + "/usr/share/man/de/man8/newusers.8.gz", + "/usr/share/man/de/man8/pwck.8.gz", + "/usr/share/man/de/man8/pwconv.8.gz", + "/usr/share/man/de/man8/useradd.8.gz", + "/usr/share/man/de/man8/userdel.8.gz", + "/usr/share/man/de/man8/usermod.8.gz", + "/usr/share/man/de/man8/vipw.8.gz", + "/usr/share/man/fi/man1/chfn.1.gz", + "/usr/share/man/fi/man1/chsh.1.gz", + "/usr/share/man/fr/man1/chage.1.gz", + "/usr/share/man/fr/man1/chfn.1.gz", + "/usr/share/man/fr/man1/chsh.1.gz", + "/usr/share/man/fr/man1/expiry.1.gz", + "/usr/share/man/fr/man1/gpasswd.1.gz", + "/usr/share/man/fr/man1/passwd.1.gz", + "/usr/share/man/fr/man5/gshadow.5.gz", + "/usr/share/man/fr/man5/passwd.5.gz", + "/usr/share/man/fr/man5/shadow.5.gz", + "/usr/share/man/fr/man5/subgid.5.gz", + "/usr/share/man/fr/man5/subuid.5.gz", + "/usr/share/man/fr/man8/chgpasswd.8.gz", + "/usr/share/man/fr/man8/chpasswd.8.gz", + "/usr/share/man/fr/man8/groupadd.8.gz", + "/usr/share/man/fr/man8/groupdel.8.gz", + "/usr/share/man/fr/man8/groupmod.8.gz", + "/usr/share/man/fr/man8/grpck.8.gz", + "/usr/share/man/fr/man8/newusers.8.gz", + "/usr/share/man/fr/man8/pwck.8.gz", + "/usr/share/man/fr/man8/pwconv.8.gz", + "/usr/share/man/fr/man8/useradd.8.gz", + "/usr/share/man/fr/man8/userdel.8.gz", + "/usr/share/man/fr/man8/usermod.8.gz", + "/usr/share/man/fr/man8/vipw.8.gz", + "/usr/share/man/hu/man1/chsh.1.gz", + "/usr/share/man/hu/man1/gpasswd.1.gz", + "/usr/share/man/hu/man1/passwd.1.gz", + "/usr/share/man/hu/man5/passwd.5.gz", + "/usr/share/man/id/man1/chsh.1.gz", + "/usr/share/man/id/man8/useradd.8.gz", + "/usr/share/man/it/man1/chage.1.gz", + "/usr/share/man/it/man1/chfn.1.gz", + "/usr/share/man/it/man1/chsh.1.gz", + "/usr/share/man/it/man1/expiry.1.gz", + "/usr/share/man/it/man1/gpasswd.1.gz", + "/usr/share/man/it/man1/passwd.1.gz", + "/usr/share/man/it/man5/gshadow.5.gz", + "/usr/share/man/it/man5/passwd.5.gz", + "/usr/share/man/it/man5/shadow.5.gz", + "/usr/share/man/it/man8/chgpasswd.8.gz", + "/usr/share/man/it/man8/chpasswd.8.gz", + "/usr/share/man/it/man8/groupadd.8.gz", + "/usr/share/man/it/man8/groupdel.8.gz", + "/usr/share/man/it/man8/groupmod.8.gz", + "/usr/share/man/it/man8/grpck.8.gz", + "/usr/share/man/it/man8/newusers.8.gz", + "/usr/share/man/it/man8/pwck.8.gz", + "/usr/share/man/it/man8/pwconv.8.gz", + "/usr/share/man/it/man8/useradd.8.gz", + "/usr/share/man/it/man8/userdel.8.gz", + "/usr/share/man/it/man8/usermod.8.gz", + "/usr/share/man/it/man8/vipw.8.gz", + "/usr/share/man/ja/man1/chage.1.gz", + "/usr/share/man/ja/man1/chfn.1.gz", + "/usr/share/man/ja/man1/chsh.1.gz", + "/usr/share/man/ja/man1/expiry.1.gz", + "/usr/share/man/ja/man1/gpasswd.1.gz", + "/usr/share/man/ja/man1/passwd.1.gz", + "/usr/share/man/ja/man5/passwd.5.gz", + "/usr/share/man/ja/man5/shadow.5.gz", + "/usr/share/man/ja/man8/chpasswd.8.gz", + "/usr/share/man/ja/man8/groupadd.8.gz", + "/usr/share/man/ja/man8/groupdel.8.gz", + "/usr/share/man/ja/man8/groupmod.8.gz", + "/usr/share/man/ja/man8/grpck.8.gz", + "/usr/share/man/ja/man8/newusers.8.gz", + "/usr/share/man/ja/man8/pwck.8.gz", + "/usr/share/man/ja/man8/pwconv.8.gz", + "/usr/share/man/ja/man8/useradd.8.gz", + "/usr/share/man/ja/man8/userdel.8.gz", + "/usr/share/man/ja/man8/usermod.8.gz", + "/usr/share/man/ja/man8/vipw.8.gz", + "/usr/share/man/ko/man1/chfn.1.gz", + "/usr/share/man/ko/man1/chsh.1.gz", + "/usr/share/man/ko/man5/passwd.5.gz", + "/usr/share/man/ko/man8/vipw.8.gz", + "/usr/share/man/man1/chage.1.gz", + "/usr/share/man/man1/chfn.1.gz", + "/usr/share/man/man1/chsh.1.gz", + "/usr/share/man/man1/expiry.1.gz", + "/usr/share/man/man1/gpasswd.1.gz", + "/usr/share/man/man1/passwd.1.gz", + "/usr/share/man/man5/gshadow.5.gz", + "/usr/share/man/man5/passwd.5.gz", + "/usr/share/man/man5/shadow.5.gz", + "/usr/share/man/man5/subgid.5.gz", + "/usr/share/man/man5/subuid.5.gz", + "/usr/share/man/man8/chgpasswd.8.gz", + "/usr/share/man/man8/chpasswd.8.gz", + "/usr/share/man/man8/groupadd.8.gz", + "/usr/share/man/man8/groupdel.8.gz", + "/usr/share/man/man8/groupmod.8.gz", + "/usr/share/man/man8/grpck.8.gz", + "/usr/share/man/man8/newusers.8.gz", + "/usr/share/man/man8/pwck.8.gz", + "/usr/share/man/man8/pwconv.8.gz", + "/usr/share/man/man8/shadowconfig.8.gz", + "/usr/share/man/man8/useradd.8.gz", + "/usr/share/man/man8/userdel.8.gz", + "/usr/share/man/man8/usermod.8.gz", + "/usr/share/man/man8/vipw.8.gz", + "/usr/share/man/pl/man1/chage.1.gz", + "/usr/share/man/pl/man1/chsh.1.gz", + "/usr/share/man/pl/man1/expiry.1.gz", + "/usr/share/man/pl/man8/groupadd.8.gz", + "/usr/share/man/pl/man8/groupdel.8.gz", + "/usr/share/man/pl/man8/groupmod.8.gz", + "/usr/share/man/pl/man8/grpck.8.gz", + "/usr/share/man/pl/man8/userdel.8.gz", + "/usr/share/man/pl/man8/usermod.8.gz", + "/usr/share/man/pl/man8/vipw.8.gz", + "/usr/share/man/pt_BR/man1/gpasswd.1.gz", + "/usr/share/man/pt_BR/man5/passwd.5.gz", + "/usr/share/man/pt_BR/man5/shadow.5.gz", + "/usr/share/man/pt_BR/man8/groupadd.8.gz", + "/usr/share/man/pt_BR/man8/groupdel.8.gz", + "/usr/share/man/pt_BR/man8/groupmod.8.gz", + "/usr/share/man/ru/man1/chage.1.gz", + "/usr/share/man/ru/man1/chfn.1.gz", + "/usr/share/man/ru/man1/chsh.1.gz", + "/usr/share/man/ru/man1/expiry.1.gz", + "/usr/share/man/ru/man1/gpasswd.1.gz", + "/usr/share/man/ru/man1/passwd.1.gz", + "/usr/share/man/ru/man5/gshadow.5.gz", + "/usr/share/man/ru/man5/passwd.5.gz", + "/usr/share/man/ru/man5/shadow.5.gz", + "/usr/share/man/ru/man8/chgpasswd.8.gz", + "/usr/share/man/ru/man8/chpasswd.8.gz", + "/usr/share/man/ru/man8/groupadd.8.gz", + "/usr/share/man/ru/man8/groupdel.8.gz", + "/usr/share/man/ru/man8/groupmod.8.gz", + "/usr/share/man/ru/man8/grpck.8.gz", + "/usr/share/man/ru/man8/newusers.8.gz", + "/usr/share/man/ru/man8/pwck.8.gz", + "/usr/share/man/ru/man8/pwconv.8.gz", + "/usr/share/man/ru/man8/useradd.8.gz", + "/usr/share/man/ru/man8/userdel.8.gz", + "/usr/share/man/ru/man8/usermod.8.gz", + "/usr/share/man/ru/man8/vipw.8.gz", + "/usr/share/man/sv/man1/chage.1.gz", + "/usr/share/man/sv/man1/chsh.1.gz", + "/usr/share/man/sv/man1/expiry.1.gz", + "/usr/share/man/sv/man1/passwd.1.gz", + "/usr/share/man/sv/man5/gshadow.5.gz", + "/usr/share/man/sv/man5/passwd.5.gz", + "/usr/share/man/sv/man8/groupadd.8.gz", + "/usr/share/man/sv/man8/groupdel.8.gz", + "/usr/share/man/sv/man8/groupmod.8.gz", + "/usr/share/man/sv/man8/grpck.8.gz", + "/usr/share/man/sv/man8/pwck.8.gz", + "/usr/share/man/sv/man8/userdel.8.gz", + "/usr/share/man/sv/man8/vipw.8.gz", + "/usr/share/man/tr/man1/chage.1.gz", + "/usr/share/man/tr/man1/chfn.1.gz", + "/usr/share/man/tr/man1/passwd.1.gz", + "/usr/share/man/tr/man5/passwd.5.gz", + "/usr/share/man/tr/man5/shadow.5.gz", + "/usr/share/man/tr/man8/groupadd.8.gz", + "/usr/share/man/tr/man8/groupdel.8.gz", + "/usr/share/man/tr/man8/groupmod.8.gz", + "/usr/share/man/tr/man8/useradd.8.gz", + "/usr/share/man/tr/man8/userdel.8.gz", + "/usr/share/man/tr/man8/usermod.8.gz", + "/usr/share/man/uk/man1/chage.1.gz", + "/usr/share/man/uk/man1/chfn.1.gz", + "/usr/share/man/uk/man1/chsh.1.gz", + "/usr/share/man/uk/man1/expiry.1.gz", + "/usr/share/man/uk/man1/gpasswd.1.gz", + "/usr/share/man/uk/man1/passwd.1.gz", + "/usr/share/man/uk/man5/gshadow.5.gz", + "/usr/share/man/uk/man5/passwd.5.gz", + "/usr/share/man/uk/man5/shadow.5.gz", + "/usr/share/man/uk/man8/chgpasswd.8.gz", + "/usr/share/man/uk/man8/chpasswd.8.gz", + "/usr/share/man/uk/man8/groupadd.8.gz", + "/usr/share/man/uk/man8/groupdel.8.gz", + "/usr/share/man/uk/man8/groupmod.8.gz", + "/usr/share/man/uk/man8/grpck.8.gz", + "/usr/share/man/uk/man8/newusers.8.gz", + "/usr/share/man/uk/man8/pwck.8.gz", + "/usr/share/man/uk/man8/pwconv.8.gz", + "/usr/share/man/uk/man8/useradd.8.gz", + "/usr/share/man/uk/man8/userdel.8.gz", + "/usr/share/man/uk/man8/usermod.8.gz", + "/usr/share/man/uk/man8/vipw.8.gz", + "/usr/share/man/zh_CN/man1/chage.1.gz", + "/usr/share/man/zh_CN/man1/chfn.1.gz", + "/usr/share/man/zh_CN/man1/chsh.1.gz", + "/usr/share/man/zh_CN/man1/expiry.1.gz", + "/usr/share/man/zh_CN/man1/gpasswd.1.gz", + "/usr/share/man/zh_CN/man1/passwd.1.gz", + "/usr/share/man/zh_CN/man5/gshadow.5.gz", + "/usr/share/man/zh_CN/man5/passwd.5.gz", + "/usr/share/man/zh_CN/man5/shadow.5.gz", + "/usr/share/man/zh_CN/man8/chgpasswd.8.gz", + "/usr/share/man/zh_CN/man8/chpasswd.8.gz", + "/usr/share/man/zh_CN/man8/groupadd.8.gz", + "/usr/share/man/zh_CN/man8/groupdel.8.gz", + "/usr/share/man/zh_CN/man8/groupmod.8.gz", + "/usr/share/man/zh_CN/man8/grpck.8.gz", + "/usr/share/man/zh_CN/man8/newusers.8.gz", + "/usr/share/man/zh_CN/man8/pwck.8.gz", + "/usr/share/man/zh_CN/man8/pwconv.8.gz", + "/usr/share/man/zh_CN/man8/useradd.8.gz", + "/usr/share/man/zh_CN/man8/userdel.8.gz", + "/usr/share/man/zh_CN/man8/usermod.8.gz", + "/usr/share/man/zh_CN/man8/vipw.8.gz", + "/usr/share/man/zh_TW/man1/chfn.1.gz", + "/usr/share/man/zh_TW/man1/chsh.1.gz", + "/usr/share/man/zh_TW/man5/passwd.5.gz", + "/usr/share/man/zh_TW/man8/chpasswd.8.gz", + "/usr/share/man/zh_TW/man8/groupadd.8.gz", + "/usr/share/man/zh_TW/man8/groupdel.8.gz", + "/usr/share/man/zh_TW/man8/groupmod.8.gz", + "/usr/share/man/zh_TW/man8/useradd.8.gz", + "/usr/share/man/zh_TW/man8/userdel.8.gz", + "/usr/share/man/zh_TW/man8/usermod.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "perl-base@5.40.1-6", + "Name": "perl-base", + "Identifier": { + "PURL": "pkg:deb/debian/perl-base@5.40.1-6?arch=amd64\u0026distro=debian-13.5", + "UID": "546ba1bdcd66d61" + }, + "Version": "5.40.1", + "Release": "6", + "Arch": "amd64", + "SrcName": "perl", + "SrcVersion": "5.40.1", + "SrcRelease": "6", + "Licenses": [ + "GPL-1.0-or-later", + "Artistic-2.0", + "MIT", + "REGCOMP", + "GPL-2.0-with-bison-exception+", + "Unicode", + "BZIP", + "Zlib", + "GPL-2.0-or-later", + "FSFAP", + "BSD-3-clause-with-weird-numbering", + "CC0-1.0", + "TEXT-TABS", + "BSD-4-clause-POWERDOG", + "BSD-3-clause-GENERIC", + "BSD-3-Clause", + "SDBM-PUBLIC-DOMAIN", + "DONT-CHANGE-THE-GPL", + "Artistic-dist", + "LGPL-2.1-only", + "GPL-1.0-only", + "GPL-2.0-only", + "Artistic-2" + ], + "Maintainer": "Niko Tyni \u003cntyni@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/perl", + "/usr/bin/perl5.40.1", + "/usr/lib/x86_64-linux-gnu/perl-base/AutoLoader.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Carp.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Carp/Heavy.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Config.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Config_git.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/Config_heavy.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/Cwd.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/DynaLoader.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Errno.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Exporter.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Exporter/Heavy.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Fcntl.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Basename.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Glob.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Path.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec/Unix.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Temp.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/FileHandle.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Getopt/Long.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Getopt/Long/Parser.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Hash/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/File.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Handle.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Pipe.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Seekable.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Select.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/INET.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/IP.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/UNIX.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open2.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/List/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/POSIX.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Scalar/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/SelectSaver.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Socket.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Symbol.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Text/ParseWords.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Text/Tabs.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Text/Wrap.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Tie/Hash.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/XSLoader.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/attributes.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/Cwd/Cwd.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/Fcntl/Fcntl.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/File/Glob/Glob.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/Hash/Util/Util.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/IO/IO.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/List/Util/Util.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/POSIX/POSIX.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/Socket/Socket.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/attributes/attributes.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/re/re.so", + "/usr/lib/x86_64-linux-gnu/perl-base/base.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/builtin.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/bytes.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/constant.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/feature.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/fields.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/integer.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/lib.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/locale.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/overload.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/overloading.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/parent.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/re.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/strict.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Age.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bmg.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Cf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Ea.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/EqUIdeo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/GCB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Gc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Hst.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Identif2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Identifi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InPC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InSC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Isc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jg.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFCQC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFDQC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCCF.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCQC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKDQC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Na1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NameAlia.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nv.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/PerlDeci.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/SB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Sc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Scx.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Tc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Uc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Vo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/WB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlLB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlSCX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/NA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V100.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V11.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V110.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V120.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V130.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V140.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V150.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V20.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V30.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V31.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V32.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V40.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V41.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V50.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V51.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V52.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V60.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V61.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V70.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V80.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V90.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Alpha/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/B.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/BN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/CS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/EN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ES.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ET.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/L.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/NSM.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ON.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/R.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/WS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiM/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Blk/NB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/C.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/O.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CE/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CI/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCF/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCM/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWKCF/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWL/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWT/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWU/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Cased/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/A.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/ATAR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/B.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/BR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/DB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NK.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/OV.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/VR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CompEx/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/DI/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dash/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dep/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dia/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Com.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Enc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Fin.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Font.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Init.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Iso.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Med.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nar.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/NonCanon.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sqr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sub.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sup.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Vert.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EBase/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EComp/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EPres/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/A.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/H.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/Na.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/W.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Emoji/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ext/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/ExtPict/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/CN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/EX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LV.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LVT.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/PP.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/SM.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/XX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/C.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/L.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/LC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ll.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/M.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Me.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nd.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/No.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/P.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pd.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pe.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Po.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ps.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/S.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sk.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/So.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Z.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Zs.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrBase/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrExt/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hex/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hst/NA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hyphen/T.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDS/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdStatus/Allowed.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdStatus/Restrict.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/DefaultI.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Exclusio.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Inclusio.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/LimitedU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotChara.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotNFKC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotXID.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Obsolete.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Recommen.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Technica.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Uncommon.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ideo/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/10_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/11_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/13_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/14_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/15_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/7_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/8_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/9_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Bottom.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/BottomAn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Left.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/LeftAndR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/NA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Overstru.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Right.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Top.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndBo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndL2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndLe.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndRi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/VisualOr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Avagraha.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Bindu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Cantilla.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona4.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona5.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona6.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona7.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona8.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona9.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consonan.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Geminati.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Invisibl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Nukta.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Number.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Other.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/PureKill.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Syllable.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/ToneMark.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Virama.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Visarga.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Vowel.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelDep.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelInd.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Ain.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Alef.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Beh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Dal.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/FarsiYeh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Feh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Gaf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Hah.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/HanifiRo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Kaf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Lam.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/NoJoinin.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Noon.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Qaf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Reh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Sad.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Seen.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Tah.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Waw.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Yeh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/C.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/D.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/L.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/R.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/T.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/U.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AI.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CJ.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CM.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/EX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/GL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/ID.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/OP.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PO.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/QU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/SA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/XX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lower/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Math/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/M.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Di.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/None.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Nu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/11.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/12.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/13.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/14.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/15.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/16.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/17.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/18.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/19.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_16.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_4.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_6.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_8.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/200.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2_3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/300.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_16.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_4.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/400.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/500.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/600.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/700.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/800.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/900.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PCM/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PatSyn/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Alnum.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Assigned.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Blank.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Graph.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PerlWord.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PosixPun.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Print.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/SpacePer.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Title.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Word.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/XPosixPu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlAny.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCh2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCha.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlFol.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIsI.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlNch.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPat.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPr2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPro.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlQuo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/QMark/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/AT.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/CL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/EX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/FO.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LE.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LO.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/NU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/SC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/ST.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/Sp.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/UP.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/XX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SD/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/STerm/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Arab.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Beng.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cprt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cyrl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Deva.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Dupl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Geor.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Glag.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gong.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gonm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gran.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Grek.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gujr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Guru.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Han.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hang.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hira.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Kana.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Knda.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Latn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Limb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Linb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mlym.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mong.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mult.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Orya.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Sinh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Syrc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Taml.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Telu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zinh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zyyy.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Adlm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Arab.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Armn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Beng.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bhks.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bopo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cakm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cham.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Copt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cprt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cyrl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Deva.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Diak.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Dupl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Ethi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Geor.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Glag.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gong.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gonm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gran.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Grek.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gujr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Guru.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Han.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hang.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hebr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hira.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmng.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmnp.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kana.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khar.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khmr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khoj.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Knda.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kthi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lana.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lao.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Latn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Limb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lina.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Linb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mlym.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mong.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mult.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mymr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Nand.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Nko.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Orya.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Phlp.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Rohg.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Shrd.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sind.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sinh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Syrc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tagb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Takr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Talu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Taml.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tang.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Telu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Thaa.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tibt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tirh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Vith.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Xsux.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Yezi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Yi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zinh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zyyy.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zzzz.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Term/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/UIdeo/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Upper/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/VS/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/R.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/U.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/EX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/Extend.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/FO.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/HL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/KA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/LE.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/ML.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/NU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/WSegSpac.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/XX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDS/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/utf8.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/vars.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/warnings.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/warnings/register.pm", + "/usr/share/doc/perl-base/changelog.Debian.gz", + "/usr/share/doc/perl-base/changelog.gz", + "/usr/share/doc/perl-base/copyright", + "/usr/share/doc/perl/AUTHORS.gz", + "/usr/share/doc/perl/Documentation", + "/usr/share/lintian/overrides/perl-base", + "/usr/share/man/man1/perl.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "readline-common@8.2-6", + "Name": "readline-common", + "Identifier": { + "PURL": "pkg:deb/debian/readline-common@8.2-6?arch=all\u0026distro=debian-13.5", + "UID": "e762758a1681f62e" + }, + "Version": "8.2", + "Release": "6", + "Arch": "all", + "SrcName": "readline", + "SrcVersion": "8.2", + "SrcRelease": "6", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only", + "GPL-2.0-or-later", + "GPL-2.0-only", + "GFDL-1.3-no-invariants-or-later", + "GFDL-1.3-or-later", + "ISC-no-attribution" + ], + "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "InstalledFiles": [ + "/usr/share/doc/readline-common/changelog.Debian.gz", + "/usr/share/doc/readline-common/changelog.gz", + "/usr/share/doc/readline-common/copyright", + "/usr/share/doc/readline-common/inputrc.arrows", + "/usr/share/info/rluserman.info.gz", + "/usr/share/lintian/overrides/readline-common", + "/usr/share/man/man3/history.3readline.gz", + "/usr/share/man/man3/readline.3readline.gz", + "/usr/share/readline/inputrc" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "sed@4.9-2+deb13u1", + "Name": "sed", + "Identifier": { + "PURL": "pkg:deb/debian/sed@4.9-2%2Bdeb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "a041ea16982bb927" + }, + "Version": "4.9", + "Release": "2+deb13u1", + "Arch": "amd64", + "SrcName": "sed", + "SrcVersion": "4.9", + "SrcRelease": "2+deb13u1", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only", + "X11", + "GFDL-1.3-no-invariants-or-later", + "GFDL-1.3-only", + "ISC", + "BSD-4-Clause-UC", + "BSL-1", + "pcre" + ], + "Maintainer": "Clint Adams \u003cclint@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/sed", + "/usr/share/doc/sed/AUTHORS", + "/usr/share/doc/sed/BUGS.gz", + "/usr/share/doc/sed/NEWS.gz", + "/usr/share/doc/sed/README", + "/usr/share/doc/sed/THANKS.gz", + "/usr/share/doc/sed/changelog.Debian.gz", + "/usr/share/doc/sed/changelog.gz", + "/usr/share/doc/sed/copyright", + "/usr/share/doc/sed/examples/dc.sed", + "/usr/share/doc/sed/sedfaq.txt.gz", + "/usr/share/info/sed.info.gz", + "/usr/share/locale/af/LC_MESSAGES/sed.mo", + "/usr/share/locale/ast/LC_MESSAGES/sed.mo", + "/usr/share/locale/bg/LC_MESSAGES/sed.mo", + "/usr/share/locale/ca/LC_MESSAGES/sed.mo", + "/usr/share/locale/cs/LC_MESSAGES/sed.mo", + "/usr/share/locale/da/LC_MESSAGES/sed.mo", + "/usr/share/locale/de/LC_MESSAGES/sed.mo", + "/usr/share/locale/el/LC_MESSAGES/sed.mo", + "/usr/share/locale/eo/LC_MESSAGES/sed.mo", + "/usr/share/locale/es/LC_MESSAGES/sed.mo", + "/usr/share/locale/et/LC_MESSAGES/sed.mo", + "/usr/share/locale/eu/LC_MESSAGES/sed.mo", + "/usr/share/locale/fi/LC_MESSAGES/sed.mo", + "/usr/share/locale/fr/LC_MESSAGES/sed.mo", + "/usr/share/locale/ga/LC_MESSAGES/sed.mo", + "/usr/share/locale/gl/LC_MESSAGES/sed.mo", + "/usr/share/locale/he/LC_MESSAGES/sed.mo", + "/usr/share/locale/hr/LC_MESSAGES/sed.mo", + "/usr/share/locale/hu/LC_MESSAGES/sed.mo", + "/usr/share/locale/id/LC_MESSAGES/sed.mo", + "/usr/share/locale/it/LC_MESSAGES/sed.mo", + "/usr/share/locale/ja/LC_MESSAGES/sed.mo", + "/usr/share/locale/ka/LC_MESSAGES/sed.mo", + "/usr/share/locale/ko/LC_MESSAGES/sed.mo", + "/usr/share/locale/nb/LC_MESSAGES/sed.mo", + "/usr/share/locale/nl/LC_MESSAGES/sed.mo", + "/usr/share/locale/pl/LC_MESSAGES/sed.mo", + "/usr/share/locale/pt/LC_MESSAGES/sed.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/sed.mo", + "/usr/share/locale/ro/LC_MESSAGES/sed.mo", + "/usr/share/locale/ru/LC_MESSAGES/sed.mo", + "/usr/share/locale/sk/LC_MESSAGES/sed.mo", + "/usr/share/locale/sl/LC_MESSAGES/sed.mo", + "/usr/share/locale/sr/LC_MESSAGES/sed.mo", + "/usr/share/locale/sv/LC_MESSAGES/sed.mo", + "/usr/share/locale/tr/LC_MESSAGES/sed.mo", + "/usr/share/locale/uk/LC_MESSAGES/sed.mo", + "/usr/share/locale/vi/LC_MESSAGES/sed.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/sed.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/sed.mo", + "/usr/share/man/man1/sed.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "sqv@1.3.0-3+b2", + "Name": "sqv", + "Identifier": { + "PURL": "pkg:deb/debian/sqv@1.3.0-3%2Bb2?arch=amd64\u0026distro=debian-13.5", + "UID": "2bf11ffe79190750" + }, + "Version": "1.3.0", + "Release": "3+b2", + "Arch": "amd64", + "SrcName": "rust-sequoia-sqv", + "SrcVersion": "1.3.0", + "SrcRelease": "3", + "Licenses": [ + "LGPL-2.0-or-later", + "LGPL-2.0-only" + ], + "Maintainer": "Debian Rust Maintainers \u003cpkg-rust-maintainers@alioth-lists.debian.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libgcc-s1@14.2.0-19", + "libgmp10@2:6.3.0+dfsg-3", + "libhogweed6t64@3.10.1-1", + "libnettle8t64@3.10.1-1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/sqv", + "/usr/share/bash-completion/completions/sqv.bash", + "/usr/share/doc/sqv/NEWS.gz", + "/usr/share/doc/sqv/changelog.Debian.amd64.gz", + "/usr/share/doc/sqv/changelog.Debian.gz", + "/usr/share/doc/sqv/copyright", + "/usr/share/fish/completions/sqv.fish", + "/usr/share/man/man1/sqv.1.gz", + "/usr/share/zsh/vendor-completions/_sqv" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "sysvinit-utils@3.14-4", + "Name": "sysvinit-utils", + "Identifier": { + "PURL": "pkg:deb/debian/sysvinit-utils@3.14-4?arch=amd64\u0026distro=debian-13.5", + "UID": "f7fb888c58ca826e" + }, + "Version": "3.14", + "Release": "4", + "Arch": "amd64", + "SrcName": "sysvinit", + "SrcVersion": "3.14", + "SrcRelease": "4", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later", + "GPL-3.0-only", + "GPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Debian sysvinit maintainers \u003cdebian-init-diversity@chiark.greenend.org.uk\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/init/init-d-script", + "/usr/lib/init/vars.sh", + "/usr/lib/lsb/init-functions", + "/usr/lib/lsb/init-functions.d/00-verbose", + "/usr/sbin/fstab-decode", + "/usr/sbin/killall5", + "/usr/share/doc/sysvinit-utils/changelog.Debian.gz", + "/usr/share/doc/sysvinit-utils/copyright", + "/usr/share/man/man5/init-d-script.5.gz", + "/usr/share/man/man8/fstab-decode.8.gz", + "/usr/share/man/man8/killall5.8.gz", + "/usr/share/man/man8/pidof.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "tar@1.35+dfsg-3.1", + "Name": "tar", + "Identifier": { + "PURL": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?arch=amd64\u0026distro=debian-13.5", + "UID": "4f69996c49afbaca" + }, + "Version": "1.35+dfsg", + "Release": "3.1", + "Arch": "amd64", + "SrcName": "tar", + "SrcVersion": "1.35+dfsg", + "SrcRelease": "3.1", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "LGPL-2.1-or-later", + "LGPL-2.1-only", + "LGPL-3.0-or-later", + "LGPL-3.0-only", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Janos Lenart \u003cocsi@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/tar", + "/usr/lib/mime/packages/tar", + "/usr/sbin/rmt-tar", + "/usr/sbin/tarcat", + "/usr/share/doc/tar/AUTHORS", + "/usr/share/doc/tar/NEWS.gz", + "/usr/share/doc/tar/README.Debian", + "/usr/share/doc/tar/THANKS.gz", + "/usr/share/doc/tar/changelog.1.gz", + "/usr/share/doc/tar/changelog.Debian.gz", + "/usr/share/doc/tar/changelog.gz", + "/usr/share/doc/tar/copyright", + "/usr/share/locale/bg/LC_MESSAGES/tar.mo", + "/usr/share/locale/ca/LC_MESSAGES/tar.mo", + "/usr/share/locale/cs/LC_MESSAGES/tar.mo", + "/usr/share/locale/da/LC_MESSAGES/tar.mo", + "/usr/share/locale/de/LC_MESSAGES/tar.mo", + "/usr/share/locale/el/LC_MESSAGES/tar.mo", + "/usr/share/locale/eo/LC_MESSAGES/tar.mo", + "/usr/share/locale/es/LC_MESSAGES/tar.mo", + "/usr/share/locale/et/LC_MESSAGES/tar.mo", + "/usr/share/locale/eu/LC_MESSAGES/tar.mo", + "/usr/share/locale/fi/LC_MESSAGES/tar.mo", + "/usr/share/locale/fr/LC_MESSAGES/tar.mo", + "/usr/share/locale/ga/LC_MESSAGES/tar.mo", + "/usr/share/locale/gl/LC_MESSAGES/tar.mo", + "/usr/share/locale/hr/LC_MESSAGES/tar.mo", + "/usr/share/locale/hu/LC_MESSAGES/tar.mo", + "/usr/share/locale/id/LC_MESSAGES/tar.mo", + "/usr/share/locale/it/LC_MESSAGES/tar.mo", + "/usr/share/locale/ja/LC_MESSAGES/tar.mo", + "/usr/share/locale/ka/LC_MESSAGES/tar.mo", + "/usr/share/locale/ko/LC_MESSAGES/tar.mo", + "/usr/share/locale/ky/LC_MESSAGES/tar.mo", + "/usr/share/locale/ms/LC_MESSAGES/tar.mo", + "/usr/share/locale/nb/LC_MESSAGES/tar.mo", + "/usr/share/locale/nl/LC_MESSAGES/tar.mo", + "/usr/share/locale/pl/LC_MESSAGES/tar.mo", + "/usr/share/locale/pt/LC_MESSAGES/tar.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/tar.mo", + "/usr/share/locale/ro/LC_MESSAGES/tar.mo", + "/usr/share/locale/ru/LC_MESSAGES/tar.mo", + "/usr/share/locale/sk/LC_MESSAGES/tar.mo", + "/usr/share/locale/sl/LC_MESSAGES/tar.mo", + "/usr/share/locale/sr/LC_MESSAGES/tar.mo", + "/usr/share/locale/sv/LC_MESSAGES/tar.mo", + "/usr/share/locale/tr/LC_MESSAGES/tar.mo", + "/usr/share/locale/uk/LC_MESSAGES/tar.mo", + "/usr/share/locale/vi/LC_MESSAGES/tar.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/tar.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/tar.mo", + "/usr/share/man/man1/tar.1.gz", + "/usr/share/man/man1/tarcat.1.gz", + "/usr/share/man/man8/rmt-tar.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "tzdata@2026b-0+deb13u1", + "Name": "tzdata", + "Identifier": { + "PURL": "pkg:deb/debian/tzdata@2026b-0%2Bdeb13u1?arch=all\u0026distro=debian-13.5", + "UID": "9e352e373d8245f0" + }, + "Version": "2026b", + "Release": "0+deb13u1", + "Arch": "all", + "SrcName": "tzdata", + "SrcVersion": "2026b", + "SrcRelease": "0+deb13u1", + "Licenses": [ + "public-domain" + ], + "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.91" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/share/doc/tzdata/NEWS.Debian.gz", + "/usr/share/doc/tzdata/README.Debian", + "/usr/share/doc/tzdata/changelog.Debian.gz", + "/usr/share/doc/tzdata/changelog.gz", + "/usr/share/doc/tzdata/copyright", + "/usr/share/lintian/overrides/tzdata", + "/usr/share/zoneinfo/Africa/Abidjan", + "/usr/share/zoneinfo/Africa/Accra", + "/usr/share/zoneinfo/Africa/Addis_Ababa", + "/usr/share/zoneinfo/Africa/Algiers", + "/usr/share/zoneinfo/Africa/Asmara", + "/usr/share/zoneinfo/Africa/Bamako", + "/usr/share/zoneinfo/Africa/Bangui", + "/usr/share/zoneinfo/Africa/Banjul", + "/usr/share/zoneinfo/Africa/Bissau", + "/usr/share/zoneinfo/Africa/Blantyre", + "/usr/share/zoneinfo/Africa/Brazzaville", + "/usr/share/zoneinfo/Africa/Bujumbura", + "/usr/share/zoneinfo/Africa/Cairo", + "/usr/share/zoneinfo/Africa/Casablanca", + "/usr/share/zoneinfo/Africa/Ceuta", + "/usr/share/zoneinfo/Africa/Conakry", + "/usr/share/zoneinfo/Africa/Dakar", + "/usr/share/zoneinfo/Africa/Dar_es_Salaam", + "/usr/share/zoneinfo/Africa/Djibouti", + "/usr/share/zoneinfo/Africa/Douala", + "/usr/share/zoneinfo/Africa/El_Aaiun", + "/usr/share/zoneinfo/Africa/Freetown", + "/usr/share/zoneinfo/Africa/Gaborone", + "/usr/share/zoneinfo/Africa/Harare", + "/usr/share/zoneinfo/Africa/Johannesburg", + "/usr/share/zoneinfo/Africa/Juba", + "/usr/share/zoneinfo/Africa/Kampala", + "/usr/share/zoneinfo/Africa/Khartoum", + "/usr/share/zoneinfo/Africa/Kigali", + "/usr/share/zoneinfo/Africa/Kinshasa", + "/usr/share/zoneinfo/Africa/Lagos", + "/usr/share/zoneinfo/Africa/Libreville", + "/usr/share/zoneinfo/Africa/Lome", + "/usr/share/zoneinfo/Africa/Luanda", + "/usr/share/zoneinfo/Africa/Lubumbashi", + "/usr/share/zoneinfo/Africa/Lusaka", + "/usr/share/zoneinfo/Africa/Malabo", + "/usr/share/zoneinfo/Africa/Maputo", + "/usr/share/zoneinfo/Africa/Maseru", + "/usr/share/zoneinfo/Africa/Mbabane", + "/usr/share/zoneinfo/Africa/Mogadishu", + "/usr/share/zoneinfo/Africa/Monrovia", + "/usr/share/zoneinfo/Africa/Nairobi", + "/usr/share/zoneinfo/Africa/Ndjamena", + "/usr/share/zoneinfo/Africa/Niamey", + "/usr/share/zoneinfo/Africa/Nouakchott", + "/usr/share/zoneinfo/Africa/Ouagadougou", + "/usr/share/zoneinfo/Africa/Porto-Novo", + "/usr/share/zoneinfo/Africa/Sao_Tome", + "/usr/share/zoneinfo/Africa/Tripoli", + "/usr/share/zoneinfo/Africa/Tunis", + "/usr/share/zoneinfo/Africa/Windhoek", + "/usr/share/zoneinfo/America/Adak", + "/usr/share/zoneinfo/America/Anchorage", + "/usr/share/zoneinfo/America/Anguilla", + "/usr/share/zoneinfo/America/Antigua", + "/usr/share/zoneinfo/America/Araguaina", + "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", + "/usr/share/zoneinfo/America/Argentina/Catamarca", + "/usr/share/zoneinfo/America/Argentina/Cordoba", + "/usr/share/zoneinfo/America/Argentina/Jujuy", + "/usr/share/zoneinfo/America/Argentina/La_Rioja", + "/usr/share/zoneinfo/America/Argentina/Mendoza", + "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", + "/usr/share/zoneinfo/America/Argentina/Salta", + "/usr/share/zoneinfo/America/Argentina/San_Juan", + "/usr/share/zoneinfo/America/Argentina/San_Luis", + "/usr/share/zoneinfo/America/Argentina/Tucuman", + "/usr/share/zoneinfo/America/Argentina/Ushuaia", + "/usr/share/zoneinfo/America/Aruba", + "/usr/share/zoneinfo/America/Asuncion", + "/usr/share/zoneinfo/America/Atikokan", + "/usr/share/zoneinfo/America/Bahia", + "/usr/share/zoneinfo/America/Bahia_Banderas", + "/usr/share/zoneinfo/America/Barbados", + "/usr/share/zoneinfo/America/Belem", + "/usr/share/zoneinfo/America/Belize", + "/usr/share/zoneinfo/America/Blanc-Sablon", + "/usr/share/zoneinfo/America/Boa_Vista", + "/usr/share/zoneinfo/America/Bogota", + "/usr/share/zoneinfo/America/Boise", + "/usr/share/zoneinfo/America/Cambridge_Bay", + "/usr/share/zoneinfo/America/Campo_Grande", + "/usr/share/zoneinfo/America/Cancun", + "/usr/share/zoneinfo/America/Caracas", + "/usr/share/zoneinfo/America/Cayenne", + "/usr/share/zoneinfo/America/Cayman", + "/usr/share/zoneinfo/America/Chicago", + "/usr/share/zoneinfo/America/Chihuahua", + "/usr/share/zoneinfo/America/Ciudad_Juarez", + "/usr/share/zoneinfo/America/Costa_Rica", + "/usr/share/zoneinfo/America/Coyhaique", + "/usr/share/zoneinfo/America/Creston", + "/usr/share/zoneinfo/America/Cuiaba", + "/usr/share/zoneinfo/America/Curacao", + "/usr/share/zoneinfo/America/Danmarkshavn", + "/usr/share/zoneinfo/America/Dawson", + "/usr/share/zoneinfo/America/Dawson_Creek", + "/usr/share/zoneinfo/America/Denver", + "/usr/share/zoneinfo/America/Detroit", + "/usr/share/zoneinfo/America/Dominica", + "/usr/share/zoneinfo/America/Edmonton", + "/usr/share/zoneinfo/America/Eirunepe", + "/usr/share/zoneinfo/America/El_Salvador", + "/usr/share/zoneinfo/America/Fort_Nelson", + "/usr/share/zoneinfo/America/Fortaleza", + "/usr/share/zoneinfo/America/Glace_Bay", + "/usr/share/zoneinfo/America/Goose_Bay", + "/usr/share/zoneinfo/America/Grand_Turk", + "/usr/share/zoneinfo/America/Grenada", + "/usr/share/zoneinfo/America/Guadeloupe", + "/usr/share/zoneinfo/America/Guatemala", + "/usr/share/zoneinfo/America/Guayaquil", + "/usr/share/zoneinfo/America/Guyana", + "/usr/share/zoneinfo/America/Halifax", + "/usr/share/zoneinfo/America/Havana", + "/usr/share/zoneinfo/America/Hermosillo", + "/usr/share/zoneinfo/America/Indiana/Indianapolis", + "/usr/share/zoneinfo/America/Indiana/Knox", + "/usr/share/zoneinfo/America/Indiana/Marengo", + "/usr/share/zoneinfo/America/Indiana/Petersburg", + "/usr/share/zoneinfo/America/Indiana/Tell_City", + "/usr/share/zoneinfo/America/Indiana/Vevay", + "/usr/share/zoneinfo/America/Indiana/Vincennes", + "/usr/share/zoneinfo/America/Indiana/Winamac", + "/usr/share/zoneinfo/America/Inuvik", + "/usr/share/zoneinfo/America/Iqaluit", + "/usr/share/zoneinfo/America/Jamaica", + "/usr/share/zoneinfo/America/Juneau", + "/usr/share/zoneinfo/America/Kentucky/Louisville", + "/usr/share/zoneinfo/America/Kentucky/Monticello", + "/usr/share/zoneinfo/America/La_Paz", + "/usr/share/zoneinfo/America/Lima", + "/usr/share/zoneinfo/America/Los_Angeles", + "/usr/share/zoneinfo/America/Maceio", + "/usr/share/zoneinfo/America/Managua", + "/usr/share/zoneinfo/America/Manaus", + "/usr/share/zoneinfo/America/Martinique", + "/usr/share/zoneinfo/America/Matamoros", + "/usr/share/zoneinfo/America/Mazatlan", + "/usr/share/zoneinfo/America/Menominee", + "/usr/share/zoneinfo/America/Merida", + "/usr/share/zoneinfo/America/Metlakatla", + "/usr/share/zoneinfo/America/Mexico_City", + "/usr/share/zoneinfo/America/Miquelon", + "/usr/share/zoneinfo/America/Moncton", + "/usr/share/zoneinfo/America/Monterrey", + "/usr/share/zoneinfo/America/Montevideo", + "/usr/share/zoneinfo/America/Montserrat", + "/usr/share/zoneinfo/America/Nassau", + "/usr/share/zoneinfo/America/New_York", + "/usr/share/zoneinfo/America/Nome", + "/usr/share/zoneinfo/America/Noronha", + "/usr/share/zoneinfo/America/North_Dakota/Beulah", + "/usr/share/zoneinfo/America/North_Dakota/Center", + "/usr/share/zoneinfo/America/North_Dakota/New_Salem", + "/usr/share/zoneinfo/America/Nuuk", + "/usr/share/zoneinfo/America/Ojinaga", + "/usr/share/zoneinfo/America/Panama", + "/usr/share/zoneinfo/America/Paramaribo", + "/usr/share/zoneinfo/America/Phoenix", + "/usr/share/zoneinfo/America/Port-au-Prince", + "/usr/share/zoneinfo/America/Port_of_Spain", + "/usr/share/zoneinfo/America/Porto_Velho", + "/usr/share/zoneinfo/America/Puerto_Rico", + "/usr/share/zoneinfo/America/Punta_Arenas", + "/usr/share/zoneinfo/America/Rankin_Inlet", + "/usr/share/zoneinfo/America/Recife", + "/usr/share/zoneinfo/America/Regina", + "/usr/share/zoneinfo/America/Resolute", + "/usr/share/zoneinfo/America/Rio_Branco", + "/usr/share/zoneinfo/America/Santarem", + "/usr/share/zoneinfo/America/Santiago", + "/usr/share/zoneinfo/America/Santo_Domingo", + "/usr/share/zoneinfo/America/Sao_Paulo", + "/usr/share/zoneinfo/America/Scoresbysund", + "/usr/share/zoneinfo/America/Sitka", + "/usr/share/zoneinfo/America/St_Johns", + "/usr/share/zoneinfo/America/St_Kitts", + "/usr/share/zoneinfo/America/St_Lucia", + "/usr/share/zoneinfo/America/St_Thomas", + "/usr/share/zoneinfo/America/St_Vincent", + "/usr/share/zoneinfo/America/Swift_Current", + "/usr/share/zoneinfo/America/Tegucigalpa", + "/usr/share/zoneinfo/America/Thule", + "/usr/share/zoneinfo/America/Tijuana", + "/usr/share/zoneinfo/America/Toronto", + "/usr/share/zoneinfo/America/Tortola", + "/usr/share/zoneinfo/America/Vancouver", + "/usr/share/zoneinfo/America/Whitehorse", + "/usr/share/zoneinfo/America/Winnipeg", + "/usr/share/zoneinfo/America/Yakutat", + "/usr/share/zoneinfo/Antarctica/Casey", + "/usr/share/zoneinfo/Antarctica/Davis", + "/usr/share/zoneinfo/Antarctica/DumontDUrville", + "/usr/share/zoneinfo/Antarctica/Macquarie", + "/usr/share/zoneinfo/Antarctica/Mawson", + "/usr/share/zoneinfo/Antarctica/McMurdo", + "/usr/share/zoneinfo/Antarctica/Palmer", + "/usr/share/zoneinfo/Antarctica/Rothera", + "/usr/share/zoneinfo/Antarctica/Syowa", + "/usr/share/zoneinfo/Antarctica/Troll", + "/usr/share/zoneinfo/Antarctica/Vostok", + "/usr/share/zoneinfo/Asia/Aden", + "/usr/share/zoneinfo/Asia/Almaty", + "/usr/share/zoneinfo/Asia/Amman", + "/usr/share/zoneinfo/Asia/Anadyr", + "/usr/share/zoneinfo/Asia/Aqtau", + "/usr/share/zoneinfo/Asia/Aqtobe", + "/usr/share/zoneinfo/Asia/Ashgabat", + "/usr/share/zoneinfo/Asia/Atyrau", + "/usr/share/zoneinfo/Asia/Baghdad", + "/usr/share/zoneinfo/Asia/Bahrain", + "/usr/share/zoneinfo/Asia/Baku", + "/usr/share/zoneinfo/Asia/Bangkok", + "/usr/share/zoneinfo/Asia/Barnaul", + "/usr/share/zoneinfo/Asia/Beirut", + "/usr/share/zoneinfo/Asia/Bishkek", + "/usr/share/zoneinfo/Asia/Brunei", + "/usr/share/zoneinfo/Asia/Chita", + "/usr/share/zoneinfo/Asia/Colombo", + "/usr/share/zoneinfo/Asia/Damascus", + "/usr/share/zoneinfo/Asia/Dhaka", + "/usr/share/zoneinfo/Asia/Dili", + "/usr/share/zoneinfo/Asia/Dubai", + "/usr/share/zoneinfo/Asia/Dushanbe", + "/usr/share/zoneinfo/Asia/Famagusta", + "/usr/share/zoneinfo/Asia/Gaza", + "/usr/share/zoneinfo/Asia/Hebron", + "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", + "/usr/share/zoneinfo/Asia/Hong_Kong", + "/usr/share/zoneinfo/Asia/Hovd", + "/usr/share/zoneinfo/Asia/Irkutsk", + "/usr/share/zoneinfo/Asia/Jakarta", + "/usr/share/zoneinfo/Asia/Jayapura", + "/usr/share/zoneinfo/Asia/Jerusalem", + "/usr/share/zoneinfo/Asia/Kabul", + "/usr/share/zoneinfo/Asia/Kamchatka", + "/usr/share/zoneinfo/Asia/Karachi", + "/usr/share/zoneinfo/Asia/Kathmandu", + "/usr/share/zoneinfo/Asia/Khandyga", + "/usr/share/zoneinfo/Asia/Kolkata", + "/usr/share/zoneinfo/Asia/Krasnoyarsk", + "/usr/share/zoneinfo/Asia/Kuala_Lumpur", + "/usr/share/zoneinfo/Asia/Kuching", + "/usr/share/zoneinfo/Asia/Kuwait", + "/usr/share/zoneinfo/Asia/Macau", + "/usr/share/zoneinfo/Asia/Magadan", + "/usr/share/zoneinfo/Asia/Makassar", + "/usr/share/zoneinfo/Asia/Manila", + "/usr/share/zoneinfo/Asia/Muscat", + "/usr/share/zoneinfo/Asia/Nicosia", + "/usr/share/zoneinfo/Asia/Novokuznetsk", + "/usr/share/zoneinfo/Asia/Novosibirsk", + "/usr/share/zoneinfo/Asia/Omsk", + "/usr/share/zoneinfo/Asia/Oral", + "/usr/share/zoneinfo/Asia/Phnom_Penh", + "/usr/share/zoneinfo/Asia/Pontianak", + "/usr/share/zoneinfo/Asia/Pyongyang", + "/usr/share/zoneinfo/Asia/Qatar", + "/usr/share/zoneinfo/Asia/Qostanay", + "/usr/share/zoneinfo/Asia/Qyzylorda", + "/usr/share/zoneinfo/Asia/Riyadh", + "/usr/share/zoneinfo/Asia/Sakhalin", + "/usr/share/zoneinfo/Asia/Samarkand", + "/usr/share/zoneinfo/Asia/Seoul", + "/usr/share/zoneinfo/Asia/Shanghai", + "/usr/share/zoneinfo/Asia/Singapore", + "/usr/share/zoneinfo/Asia/Srednekolymsk", + "/usr/share/zoneinfo/Asia/Taipei", + "/usr/share/zoneinfo/Asia/Tashkent", + "/usr/share/zoneinfo/Asia/Tbilisi", + "/usr/share/zoneinfo/Asia/Tehran", + "/usr/share/zoneinfo/Asia/Thimphu", + "/usr/share/zoneinfo/Asia/Tokyo", + "/usr/share/zoneinfo/Asia/Tomsk", + "/usr/share/zoneinfo/Asia/Ulaanbaatar", + "/usr/share/zoneinfo/Asia/Urumqi", + "/usr/share/zoneinfo/Asia/Ust-Nera", + "/usr/share/zoneinfo/Asia/Vientiane", + "/usr/share/zoneinfo/Asia/Vladivostok", + "/usr/share/zoneinfo/Asia/Yakutsk", + "/usr/share/zoneinfo/Asia/Yangon", + "/usr/share/zoneinfo/Asia/Yekaterinburg", + "/usr/share/zoneinfo/Asia/Yerevan", + "/usr/share/zoneinfo/Atlantic/Azores", + "/usr/share/zoneinfo/Atlantic/Bermuda", + "/usr/share/zoneinfo/Atlantic/Canary", + "/usr/share/zoneinfo/Atlantic/Cape_Verde", + "/usr/share/zoneinfo/Atlantic/Faroe", + "/usr/share/zoneinfo/Atlantic/Madeira", + "/usr/share/zoneinfo/Atlantic/Reykjavik", + "/usr/share/zoneinfo/Atlantic/South_Georgia", + "/usr/share/zoneinfo/Atlantic/St_Helena", + "/usr/share/zoneinfo/Atlantic/Stanley", + "/usr/share/zoneinfo/Australia/Adelaide", + "/usr/share/zoneinfo/Australia/Brisbane", + "/usr/share/zoneinfo/Australia/Broken_Hill", + "/usr/share/zoneinfo/Australia/Darwin", + "/usr/share/zoneinfo/Australia/Eucla", + "/usr/share/zoneinfo/Australia/Hobart", + "/usr/share/zoneinfo/Australia/Lindeman", + "/usr/share/zoneinfo/Australia/Lord_Howe", + "/usr/share/zoneinfo/Australia/Melbourne", + "/usr/share/zoneinfo/Australia/Perth", + "/usr/share/zoneinfo/Australia/Sydney", + "/usr/share/zoneinfo/Etc/GMT", + "/usr/share/zoneinfo/Etc/GMT+1", + "/usr/share/zoneinfo/Etc/GMT+10", + "/usr/share/zoneinfo/Etc/GMT+11", + "/usr/share/zoneinfo/Etc/GMT+12", + "/usr/share/zoneinfo/Etc/GMT+2", + "/usr/share/zoneinfo/Etc/GMT+3", + "/usr/share/zoneinfo/Etc/GMT+4", + "/usr/share/zoneinfo/Etc/GMT+5", + "/usr/share/zoneinfo/Etc/GMT+6", + "/usr/share/zoneinfo/Etc/GMT+7", + "/usr/share/zoneinfo/Etc/GMT+8", + "/usr/share/zoneinfo/Etc/GMT+9", + "/usr/share/zoneinfo/Etc/GMT-1", + "/usr/share/zoneinfo/Etc/GMT-10", + "/usr/share/zoneinfo/Etc/GMT-11", + "/usr/share/zoneinfo/Etc/GMT-12", + "/usr/share/zoneinfo/Etc/GMT-13", + "/usr/share/zoneinfo/Etc/GMT-14", + "/usr/share/zoneinfo/Etc/GMT-2", + "/usr/share/zoneinfo/Etc/GMT-3", + "/usr/share/zoneinfo/Etc/GMT-4", + "/usr/share/zoneinfo/Etc/GMT-5", + "/usr/share/zoneinfo/Etc/GMT-6", + "/usr/share/zoneinfo/Etc/GMT-7", + "/usr/share/zoneinfo/Etc/GMT-8", + "/usr/share/zoneinfo/Etc/GMT-9", + "/usr/share/zoneinfo/Etc/UTC", + "/usr/share/zoneinfo/Europe/Amsterdam", + "/usr/share/zoneinfo/Europe/Andorra", + "/usr/share/zoneinfo/Europe/Astrakhan", + "/usr/share/zoneinfo/Europe/Athens", + "/usr/share/zoneinfo/Europe/Belgrade", + "/usr/share/zoneinfo/Europe/Berlin", + "/usr/share/zoneinfo/Europe/Brussels", + "/usr/share/zoneinfo/Europe/Bucharest", + "/usr/share/zoneinfo/Europe/Budapest", + "/usr/share/zoneinfo/Europe/Chisinau", + "/usr/share/zoneinfo/Europe/Copenhagen", + "/usr/share/zoneinfo/Europe/Dublin", + "/usr/share/zoneinfo/Europe/Gibraltar", + "/usr/share/zoneinfo/Europe/Guernsey", + "/usr/share/zoneinfo/Europe/Helsinki", + "/usr/share/zoneinfo/Europe/Isle_of_Man", + "/usr/share/zoneinfo/Europe/Istanbul", + "/usr/share/zoneinfo/Europe/Jersey", + "/usr/share/zoneinfo/Europe/Kaliningrad", + "/usr/share/zoneinfo/Europe/Kirov", + "/usr/share/zoneinfo/Europe/Kyiv", + "/usr/share/zoneinfo/Europe/Lisbon", + "/usr/share/zoneinfo/Europe/Ljubljana", + "/usr/share/zoneinfo/Europe/London", + "/usr/share/zoneinfo/Europe/Luxembourg", + "/usr/share/zoneinfo/Europe/Madrid", + "/usr/share/zoneinfo/Europe/Malta", + "/usr/share/zoneinfo/Europe/Minsk", + "/usr/share/zoneinfo/Europe/Monaco", + "/usr/share/zoneinfo/Europe/Moscow", + "/usr/share/zoneinfo/Europe/Oslo", + "/usr/share/zoneinfo/Europe/Paris", + "/usr/share/zoneinfo/Europe/Prague", + "/usr/share/zoneinfo/Europe/Riga", + "/usr/share/zoneinfo/Europe/Rome", + "/usr/share/zoneinfo/Europe/Samara", + "/usr/share/zoneinfo/Europe/Sarajevo", + "/usr/share/zoneinfo/Europe/Saratov", + "/usr/share/zoneinfo/Europe/Simferopol", + "/usr/share/zoneinfo/Europe/Skopje", + "/usr/share/zoneinfo/Europe/Sofia", + "/usr/share/zoneinfo/Europe/Stockholm", + "/usr/share/zoneinfo/Europe/Tallinn", + "/usr/share/zoneinfo/Europe/Tirane", + "/usr/share/zoneinfo/Europe/Ulyanovsk", + "/usr/share/zoneinfo/Europe/Vaduz", + "/usr/share/zoneinfo/Europe/Vienna", + "/usr/share/zoneinfo/Europe/Vilnius", + "/usr/share/zoneinfo/Europe/Volgograd", + "/usr/share/zoneinfo/Europe/Warsaw", + "/usr/share/zoneinfo/Europe/Zagreb", + "/usr/share/zoneinfo/Europe/Zurich", + "/usr/share/zoneinfo/Factory", + "/usr/share/zoneinfo/Indian/Antananarivo", + "/usr/share/zoneinfo/Indian/Chagos", + "/usr/share/zoneinfo/Indian/Christmas", + "/usr/share/zoneinfo/Indian/Cocos", + "/usr/share/zoneinfo/Indian/Comoro", + "/usr/share/zoneinfo/Indian/Kerguelen", + "/usr/share/zoneinfo/Indian/Mahe", + "/usr/share/zoneinfo/Indian/Maldives", + "/usr/share/zoneinfo/Indian/Mauritius", + "/usr/share/zoneinfo/Indian/Mayotte", + "/usr/share/zoneinfo/Indian/Reunion", + "/usr/share/zoneinfo/Pacific/Apia", + "/usr/share/zoneinfo/Pacific/Auckland", + "/usr/share/zoneinfo/Pacific/Bougainville", + "/usr/share/zoneinfo/Pacific/Chatham", + "/usr/share/zoneinfo/Pacific/Chuuk", + "/usr/share/zoneinfo/Pacific/Easter", + "/usr/share/zoneinfo/Pacific/Efate", + "/usr/share/zoneinfo/Pacific/Fakaofo", + "/usr/share/zoneinfo/Pacific/Fiji", + "/usr/share/zoneinfo/Pacific/Funafuti", + "/usr/share/zoneinfo/Pacific/Galapagos", + "/usr/share/zoneinfo/Pacific/Gambier", + "/usr/share/zoneinfo/Pacific/Guadalcanal", + "/usr/share/zoneinfo/Pacific/Guam", + "/usr/share/zoneinfo/Pacific/Honolulu", + "/usr/share/zoneinfo/Pacific/Kanton", + "/usr/share/zoneinfo/Pacific/Kiritimati", + "/usr/share/zoneinfo/Pacific/Kosrae", + "/usr/share/zoneinfo/Pacific/Kwajalein", + "/usr/share/zoneinfo/Pacific/Majuro", + "/usr/share/zoneinfo/Pacific/Marquesas", + "/usr/share/zoneinfo/Pacific/Midway", + "/usr/share/zoneinfo/Pacific/Nauru", + "/usr/share/zoneinfo/Pacific/Niue", + "/usr/share/zoneinfo/Pacific/Norfolk", + "/usr/share/zoneinfo/Pacific/Noumea", + "/usr/share/zoneinfo/Pacific/Pago_Pago", + "/usr/share/zoneinfo/Pacific/Palau", + "/usr/share/zoneinfo/Pacific/Pitcairn", + "/usr/share/zoneinfo/Pacific/Pohnpei", + "/usr/share/zoneinfo/Pacific/Port_Moresby", + "/usr/share/zoneinfo/Pacific/Rarotonga", + "/usr/share/zoneinfo/Pacific/Saipan", + "/usr/share/zoneinfo/Pacific/Tahiti", + "/usr/share/zoneinfo/Pacific/Tarawa", + "/usr/share/zoneinfo/Pacific/Tongatapu", + "/usr/share/zoneinfo/Pacific/Wake", + "/usr/share/zoneinfo/Pacific/Wallis", + "/usr/share/zoneinfo/iso3166.tab", + "/usr/share/zoneinfo/leap-seconds.list", + "/usr/share/zoneinfo/leapseconds", + "/usr/share/zoneinfo/tzdata.zi", + "/usr/share/zoneinfo/zone.tab", + "/usr/share/zoneinfo/zone1970.tab", + "/usr/share/zoneinfo/zonenow.tab" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "util-linux@2.41-5", + "Name": "util-linux", + "Identifier": { + "PURL": "pkg:deb/debian/util-linux@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "972fb85b9c9e83e7" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/choom", + "/usr/bin/chrt", + "/usr/bin/dmesg", + "/usr/bin/fallocate", + "/usr/bin/findmnt", + "/usr/bin/flock", + "/usr/bin/getopt", + "/usr/bin/hardlink", + "/usr/bin/ionice", + "/usr/bin/ipcmk", + "/usr/bin/ipcrm", + "/usr/bin/ipcs", + "/usr/bin/lsblk", + "/usr/bin/lscpu", + "/usr/bin/lsipc", + "/usr/bin/lslocks", + "/usr/bin/lslogins", + "/usr/bin/lsmem", + "/usr/bin/lsns", + "/usr/bin/mcookie", + "/usr/bin/more", + "/usr/bin/mountpoint", + "/usr/bin/namei", + "/usr/bin/nsenter", + "/usr/bin/partx", + "/usr/bin/prlimit", + "/usr/bin/rename.ul", + "/usr/bin/rev", + "/usr/bin/setarch", + "/usr/bin/setpriv", + "/usr/bin/setsid", + "/usr/bin/setterm", + "/usr/bin/su", + "/usr/bin/taskset", + "/usr/bin/uclampset", + "/usr/bin/unshare", + "/usr/bin/wdctl", + "/usr/bin/whereis", + "/usr/lib/mime/packages/util-linux", + "/usr/lib/systemd/system/fstrim.service", + "/usr/lib/systemd/system/fstrim.timer", + "/usr/sbin/agetty", + "/usr/sbin/blkdiscard", + "/usr/sbin/blkid", + "/usr/sbin/blkzone", + "/usr/sbin/blockdev", + "/usr/sbin/chcpu", + "/usr/sbin/chmem", + "/usr/sbin/findfs", + "/usr/sbin/fsck", + "/usr/sbin/fsfreeze", + "/usr/sbin/fstrim", + "/usr/sbin/isosize", + "/usr/sbin/ldattach", + "/usr/sbin/mkfs", + "/usr/sbin/mkswap", + "/usr/sbin/pivot_root", + "/usr/sbin/readprofile", + "/usr/sbin/rtcwake", + "/usr/sbin/runuser", + "/usr/sbin/sulogin", + "/usr/sbin/swaplabel", + "/usr/sbin/switch_root", + "/usr/sbin/wipefs", + "/usr/sbin/zramctl", + "/usr/share/bash-completion/completions/blkdiscard", + "/usr/share/bash-completion/completions/blkid", + "/usr/share/bash-completion/completions/blkzone", + "/usr/share/bash-completion/completions/blockdev", + "/usr/share/bash-completion/completions/chcpu", + "/usr/share/bash-completion/completions/chmem", + "/usr/share/bash-completion/completions/chrt", + "/usr/share/bash-completion/completions/dmesg", + "/usr/share/bash-completion/completions/fallocate", + "/usr/share/bash-completion/completions/findfs", + "/usr/share/bash-completion/completions/findmnt", + "/usr/share/bash-completion/completions/flock", + "/usr/share/bash-completion/completions/fsck", + "/usr/share/bash-completion/completions/fsfreeze", + "/usr/share/bash-completion/completions/fstrim", + "/usr/share/bash-completion/completions/getopt", + "/usr/share/bash-completion/completions/hardlink", + "/usr/share/bash-completion/completions/ionice", + "/usr/share/bash-completion/completions/ipcmk", + "/usr/share/bash-completion/completions/ipcrm", + "/usr/share/bash-completion/completions/ipcs", + "/usr/share/bash-completion/completions/isosize", + "/usr/share/bash-completion/completions/ldattach", + "/usr/share/bash-completion/completions/lsblk", + "/usr/share/bash-completion/completions/lscpu", + "/usr/share/bash-completion/completions/lsipc", + "/usr/share/bash-completion/completions/lslocks", + "/usr/share/bash-completion/completions/lslogins", + "/usr/share/bash-completion/completions/lsmem", + "/usr/share/bash-completion/completions/lsns", + "/usr/share/bash-completion/completions/mcookie", + "/usr/share/bash-completion/completions/mkfs", + "/usr/share/bash-completion/completions/mkswap", + "/usr/share/bash-completion/completions/more", + "/usr/share/bash-completion/completions/mountpoint", + "/usr/share/bash-completion/completions/namei", + "/usr/share/bash-completion/completions/nsenter", + "/usr/share/bash-completion/completions/partx", + "/usr/share/bash-completion/completions/pivot_root", + "/usr/share/bash-completion/completions/prlimit", + "/usr/share/bash-completion/completions/readprofile", + "/usr/share/bash-completion/completions/rename.ul", + "/usr/share/bash-completion/completions/rev", + "/usr/share/bash-completion/completions/rtcwake", + "/usr/share/bash-completion/completions/setarch", + "/usr/share/bash-completion/completions/setpriv", + "/usr/share/bash-completion/completions/setsid", + "/usr/share/bash-completion/completions/setterm", + "/usr/share/bash-completion/completions/su", + "/usr/share/bash-completion/completions/swaplabel", + "/usr/share/bash-completion/completions/taskset", + "/usr/share/bash-completion/completions/uclampset", + "/usr/share/bash-completion/completions/unshare", + "/usr/share/bash-completion/completions/wdctl", + "/usr/share/bash-completion/completions/whereis", + "/usr/share/bash-completion/completions/wipefs", + "/usr/share/bash-completion/completions/zramctl", + "/usr/share/doc/util-linux/00-about-docs.txt", + "/usr/share/doc/util-linux/AUTHORS.gz", + "/usr/share/doc/util-linux/NEWS.Debian.gz", + "/usr/share/doc/util-linux/PAM-configuration.txt", + "/usr/share/doc/util-linux/README.Debian", + "/usr/share/doc/util-linux/blkid.txt", + "/usr/share/doc/util-linux/cal.txt", + "/usr/share/doc/util-linux/changelog.Debian.gz", + "/usr/share/doc/util-linux/changelog.gz", + "/usr/share/doc/util-linux/col.txt", + "/usr/share/doc/util-linux/copyright", + "/usr/share/doc/util-linux/deprecated.txt", + "/usr/share/doc/util-linux/examples/getopt-example.bash", + "/usr/share/doc/util-linux/getopt.txt", + "/usr/share/doc/util-linux/getopt_changelog.txt", + "/usr/share/doc/util-linux/howto-build-sys.txt", + "/usr/share/doc/util-linux/howto-compilation.txt", + "/usr/share/doc/util-linux/howto-contribute.txt.gz", + "/usr/share/doc/util-linux/howto-debug.txt", + "/usr/share/doc/util-linux/howto-man-page.txt", + "/usr/share/doc/util-linux/howto-pull-request.txt.gz", + "/usr/share/doc/util-linux/howto-tests.txt", + "/usr/share/doc/util-linux/howto-usage-function.txt.gz", + "/usr/share/doc/util-linux/hwclock.txt", + "/usr/share/doc/util-linux/modems-with-agetty.txt", + "/usr/share/doc/util-linux/mount.txt", + "/usr/share/doc/util-linux/parse-date.txt.gz", + "/usr/share/doc/util-linux/pg.txt", + "/usr/share/doc/util-linux/poeigl.txt.gz", + "/usr/share/doc/util-linux/release-schedule.txt", + "/usr/share/doc/util-linux/releases/v2.13-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.14-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.15-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.16-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.17-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.18-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.19-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.20-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.21-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.22-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.23-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.24-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.25-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.26-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.27-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.28-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.29-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.30-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.31-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.32-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.33-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.34-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.35-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.36-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.37-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.38-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.39-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.40-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.41-ReleaseNotes.gz", + "/usr/share/lintian/overrides/util-linux", + "/usr/share/man/man1/choom.1.gz", + "/usr/share/man/man1/chrt.1.gz", + "/usr/share/man/man1/dmesg.1.gz", + "/usr/share/man/man1/fallocate.1.gz", + "/usr/share/man/man1/flock.1.gz", + "/usr/share/man/man1/getopt.1.gz", + "/usr/share/man/man1/hardlink.1.gz", + "/usr/share/man/man1/ionice.1.gz", + "/usr/share/man/man1/ipcmk.1.gz", + "/usr/share/man/man1/ipcrm.1.gz", + "/usr/share/man/man1/ipcs.1.gz", + "/usr/share/man/man1/lscpu.1.gz", + "/usr/share/man/man1/lsipc.1.gz", + "/usr/share/man/man1/lslogins.1.gz", + "/usr/share/man/man1/lsmem.1.gz", + "/usr/share/man/man1/mcookie.1.gz", + "/usr/share/man/man1/more.1.gz", + "/usr/share/man/man1/mountpoint.1.gz", + "/usr/share/man/man1/namei.1.gz", + "/usr/share/man/man1/nsenter.1.gz", + "/usr/share/man/man1/prlimit.1.gz", + "/usr/share/man/man1/rename.ul.1.gz", + "/usr/share/man/man1/rev.1.gz", + "/usr/share/man/man1/runuser.1.gz", + "/usr/share/man/man1/setpriv.1.gz", + "/usr/share/man/man1/setsid.1.gz", + "/usr/share/man/man1/setterm.1.gz", + "/usr/share/man/man1/su.1.gz", + "/usr/share/man/man1/taskset.1.gz", + "/usr/share/man/man1/uclampset.1.gz", + "/usr/share/man/man1/unshare.1.gz", + "/usr/share/man/man1/whereis.1.gz", + "/usr/share/man/man5/adjtime_config.5.gz", + "/usr/share/man/man5/scols-filter.5.gz", + "/usr/share/man/man5/terminal-colors.d.5.gz", + "/usr/share/man/man8/agetty.8.gz", + "/usr/share/man/man8/blkdiscard.8.gz", + "/usr/share/man/man8/blkid.8.gz", + "/usr/share/man/man8/blkzone.8.gz", + "/usr/share/man/man8/blockdev.8.gz", + "/usr/share/man/man8/chcpu.8.gz", + "/usr/share/man/man8/chmem.8.gz", + "/usr/share/man/man8/findfs.8.gz", + "/usr/share/man/man8/findmnt.8.gz", + "/usr/share/man/man8/fsck.8.gz", + "/usr/share/man/man8/fsfreeze.8.gz", + "/usr/share/man/man8/fstrim.8.gz", + "/usr/share/man/man8/isosize.8.gz", + "/usr/share/man/man8/ldattach.8.gz", + "/usr/share/man/man8/lsblk.8.gz", + "/usr/share/man/man8/lslocks.8.gz", + "/usr/share/man/man8/lsns.8.gz", + "/usr/share/man/man8/mkfs.8.gz", + "/usr/share/man/man8/mkswap.8.gz", + "/usr/share/man/man8/partx.8.gz", + "/usr/share/man/man8/pivot_root.8.gz", + "/usr/share/man/man8/readprofile.8.gz", + "/usr/share/man/man8/rtcwake.8.gz", + "/usr/share/man/man8/setarch.8.gz", + "/usr/share/man/man8/sulogin.8.gz", + "/usr/share/man/man8/swaplabel.8.gz", + "/usr/share/man/man8/switch_root.8.gz", + "/usr/share/man/man8/wdctl.8.gz", + "/usr/share/man/man8/wipefs.8.gz", + "/usr/share/man/man8/zramctl.8.gz", + "/usr/share/util-linux/logcheck/ignore.d.server/util-linux" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "zlib1g@1:1.3.dfsg+really1.3.1-1+b1", + "Name": "zlib1g", + "Identifier": { + "PURL": "pkg:deb/debian/zlib1g@1.3.dfsg%2Breally1.3.1-1%2Bb1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "ff182eb2a26a8142" + }, + "Version": "1.3.dfsg+really1.3.1", + "Release": "1+b1", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "zlib", + "SrcVersion": "1.3.dfsg+really1.3.1", + "SrcRelease": "1", + "SrcEpoch": 1, + "Licenses": [ + "Zlib" + ], + "Maintainer": "Mark Brown \u003cbroonie@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libz.so.1.3.1", + "/usr/share/doc/zlib1g/changelog.Debian.amd64.gz", + "/usr/share/doc/zlib1g/changelog.Debian.gz", + "/usr/share/doc/zlib1g/changelog.gz", + "/usr/share/doc/zlib1g/copyright" + ], + "AnalyzedBy": "dpkg" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "bsdutils@1:2.41-5", + "PkgName": "bsdutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "5843733a461e6ce1" + }, + "InstalledVersion": "1:2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:48d45065fd36f9b29605ea9e40dcda4160994ad29bfaa13740de33043026e270", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "bsdutils@1:2.41-5", + "PkgName": "bsdutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "5843733a461e6ce1" + }, + "InstalledVersion": "1:2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:24958e6e74e26b300133f285c228b9f461b52b95614b7a6a11a8c375f56fd1ad", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "libblkid1@2.41-5", + "PkgName": "libblkid1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "51bf0af8d40f4a01" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:208d533fb99315acb62e1e9ea4784a159117a77fde3e0e2ecd946a623ec63e05", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "libblkid1@2.41-5", + "PkgName": "libblkid1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "51bf0af8d40f4a01" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:6c64f70629ab0593fa1bf5c32fccbdd6becc9bd93e29919dad32d10e21c7b220", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-5435", + "PkgID": "libc-bin@2.41-12+deb13u3", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "c45af597301c8c0b" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5435", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:b3629142443e8ebf9958830b2ca46a0923ef41f10d95ed80964f96f8d430d6fb", + "Title": "glibc: glibc: Out-of-bounds write via TSIG record processing", + "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-5435", + "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5435", + "https://sourceware.org/bugzilla/show_bug.cgi?id=34033", + "https://www.cve.org/CVERecord?id=CVE-2026-5435" + ], + "PublishedDate": "2026-04-28T13:19:22.29Z", + "LastModifiedDate": "2026-05-05T17:38:37.03Z" + }, + { + "VulnerabilityID": "CVE-2026-5450", + "PkgID": "libc-bin@2.41-12+deb13u3", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "c45af597301c8c0b" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5450", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:6b2c53bb9c79464e2f0dec6316df2631ed75aa71b95b1f19e5ac05de11c9f099", + "Title": "glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width", + "Description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122", + "CWE-787" + ], + "VendorSeverity": { + "photon": 4, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-5450", + "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5450", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997", + "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450", + "https://www.cve.org/CVERecord?id=CVE-2026-5450" + ], + "PublishedDate": "2026-04-20T21:16:36.85Z", + "LastModifiedDate": "2026-04-23T15:33:34.277Z" + }, + { + "VulnerabilityID": "CVE-2026-5928", + "PkgID": "libc-bin@2.41-12+deb13u3", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "c45af597301c8c0b" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5928", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:f30717acc188a932e74e113d90b2fa1d0d6e93472dc89eaa63e3d2f7bb298274", + "Title": "glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings", + "Description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp-\u003e_IO_read_ptr) instead of the actual wide-stream read pointer (fp-\u003e_wide_data-\u003e_IO_read_ptr). The program crash may happen in cases where fp-\u003e_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-127" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-5928", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5928", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33998", + "https://www.cve.org/CVERecord?id=CVE-2026-5928" + ], + "PublishedDate": "2026-04-20T21:16:36.963Z", + "LastModifiedDate": "2026-04-23T15:33:43.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6238", + "PkgID": "libc-bin@2.41-12+deb13u3", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "c45af597301c8c0b" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6238", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:5632cb45b00790fcb54577cca57d9deadf8594b579bad2da7b4c9523a96e7e17", + "Title": "glibc: glibc: Application crash or uninitialized memory read via crafted DNS response", + "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.\n\nThese functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-126" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-6238", + "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6238", + "https://sourceware.org/bugzilla/show_bug.cgi?id=34069", + "https://www.cve.org/CVERecord?id=CVE-2026-6238" + ], + "PublishedDate": "2026-04-28T19:37:47.523Z", + "LastModifiedDate": "2026-05-04T17:57:24.007Z" + }, + { + "VulnerabilityID": "CVE-2026-5435", + "PkgID": "libc6@2.41-12+deb13u3", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "2a1acf211abcdd46" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5435", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:5a8735a67c5528254a880003379960bf48d334877ea38796a8e0a0d0fc196082", + "Title": "glibc: glibc: Out-of-bounds write via TSIG record processing", + "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-5435", + "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5435", + "https://sourceware.org/bugzilla/show_bug.cgi?id=34033", + "https://www.cve.org/CVERecord?id=CVE-2026-5435" + ], + "PublishedDate": "2026-04-28T13:19:22.29Z", + "LastModifiedDate": "2026-05-05T17:38:37.03Z" + }, + { + "VulnerabilityID": "CVE-2026-5450", + "PkgID": "libc6@2.41-12+deb13u3", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "2a1acf211abcdd46" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5450", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:557af5ca4f16b799113e71a4c02df0775e2633618c3da39aa59d62a9c9cb9173", + "Title": "glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width", + "Description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122", + "CWE-787" + ], + "VendorSeverity": { + "photon": 4, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-5450", + "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5450", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997", + "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450", + "https://www.cve.org/CVERecord?id=CVE-2026-5450" + ], + "PublishedDate": "2026-04-20T21:16:36.85Z", + "LastModifiedDate": "2026-04-23T15:33:34.277Z" + }, + { + "VulnerabilityID": "CVE-2026-5928", + "PkgID": "libc6@2.41-12+deb13u3", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "2a1acf211abcdd46" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5928", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:2c364f60364adcd795282d836c525d2d9580ff33848aaacc76918b133bd782c6", + "Title": "glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings", + "Description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp-\u003e_IO_read_ptr) instead of the actual wide-stream read pointer (fp-\u003e_wide_data-\u003e_IO_read_ptr). The program crash may happen in cases where fp-\u003e_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-127" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-5928", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5928", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33998", + "https://www.cve.org/CVERecord?id=CVE-2026-5928" + ], + "PublishedDate": "2026-04-20T21:16:36.963Z", + "LastModifiedDate": "2026-04-23T15:33:43.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6238", + "PkgID": "libc6@2.41-12+deb13u3", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "2a1acf211abcdd46" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6238", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:f1e6150153fa20a27fd1d8c7890a10aadb565bbcd41c56c6354bff22c2b98a0d", + "Title": "glibc: glibc: Application crash or uninitialized memory read via crafted DNS response", + "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.\n\nThese functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-126" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-6238", + "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6238", + "https://sourceware.org/bugzilla/show_bug.cgi?id=34069", + "https://www.cve.org/CVERecord?id=CVE-2026-6238" + ], + "PublishedDate": "2026-04-28T19:37:47.523Z", + "LastModifiedDate": "2026-05-04T17:57:24.007Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "liblastlog2-2@2.41-5", + "PkgName": "liblastlog2-2", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "eb4f5430aea34a10" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:3c38d5dfebf43ad288b31d346954f63e024106bb02129276cf89249a8daa3c0f", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "liblastlog2-2@2.41-5", + "PkgName": "liblastlog2-2", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "eb4f5430aea34a10" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:f130dbdbae22fc4b1c7349d3a6714730f734e338f00e4a9b128e1b73962b3876", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-34743", + "PkgID": "liblzma5@5.8.1-1", + "PkgName": "liblzma5", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/liblzma5@5.8.1-1?arch=amd64\u0026distro=debian-13.5", + "UID": "d7b58e04f1a265ed" + }, + "InstalledVersion": "5.8.1-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34743", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:60084a3cd4b884c5709e460ec100a32d128b23729546865106a2cb844f42456a", + "Title": "xz: XZ Utils: Denial of Service via buffer overflow in index decoding", + "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/31/13", + "https://access.redhat.com/security/cve/CVE-2026-34743", + "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", + "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", + "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", + "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", + "https://www.cve.org/CVERecord?id=CVE-2026-34743" + ], + "PublishedDate": "2026-04-02T19:21:33.187Z", + "LastModifiedDate": "2026-04-15T17:33:17.68Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "libmount1@2.41-5", + "PkgName": "libmount1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "84ccd0371833b76" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:367889648a8f344f1a26014bcfac03328b7ecb97ca9ef56d880e8bae4c4eb2b3", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "libmount1@2.41-5", + "PkgName": "libmount1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "84ccd0371833b76" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:f77fd9fe2df1096b0a48c53a57120f7cc957a8ccc6427a72d98ff72f8cb90b79", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2025-69720", + "PkgID": "libncursesw6@6.5+20250216-2", + "PkgName": "libncursesw6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libncursesw6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", + "UID": "5efa2a2068c240d8" + }, + "InstalledVersion": "6.5+20250216-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:4d57d21013edd86f841c91aca2d842828d24719fe3ec6ac4e58977f3c2213a44", + "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", + "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-121", + "CWE-120" + ], + "VendorSeverity": { + "alma": 2, + "azure": 4, + "cbl-mariner": 4, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:5913", + "https://access.redhat.com/security/cve/CVE-2025-69720", + "https://bugzilla.redhat.com/2449037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", + "https://errata.almalinux.org/10/ALSA-2026-5913.html", + "https://errata.rockylinux.org/RLSA-2026:5913", + "https://github.com/Cao-Wuhui/CVE-2025-69720", + "https://invisible-island.net/archives/ncurses/6.5/", + "https://invisible-island.net/ncurses/", + "https://linux.oracle.com/cve/CVE-2025-69720.html", + "https://linux.oracle.com/errata/ELSA-2026-5913.html", + "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", + "https://www.cve.org/CVERecord?id=CVE-2025-69720" + ], + "PublishedDate": "2026-03-19T15:16:21.293Z", + "LastModifiedDate": "2026-03-26T19:35:10.547Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "libsmartcols1@2.41-5", + "PkgName": "libsmartcols1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "780dbec0869ab8e" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:bfbd68f5f2157efeec31929024ed24baa54fb339adaecda9d72eaf97d64afeec", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "libsmartcols1@2.41-5", + "PkgName": "libsmartcols1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "780dbec0869ab8e" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:9650bf90815644bd7452abf1b641da490c28fa22ce8e98f6f96c3d09dc924d3b", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2025-69720", + "PkgID": "libtinfo6@6.5+20250216-2", + "PkgName": "libtinfo6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libtinfo6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", + "UID": "ba2c2b464f07108a" + }, + "InstalledVersion": "6.5+20250216-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:a909bd893728c34e84d63a7248be944e4dcfd752e481f53a8f04edf766c02b3f", + "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", + "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-121", + "CWE-120" + ], + "VendorSeverity": { + "alma": 2, + "azure": 4, + "cbl-mariner": 4, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:5913", + "https://access.redhat.com/security/cve/CVE-2025-69720", + "https://bugzilla.redhat.com/2449037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", + "https://errata.almalinux.org/10/ALSA-2026-5913.html", + "https://errata.rockylinux.org/RLSA-2026:5913", + "https://github.com/Cao-Wuhui/CVE-2025-69720", + "https://invisible-island.net/archives/ncurses/6.5/", + "https://invisible-island.net/ncurses/", + "https://linux.oracle.com/cve/CVE-2025-69720.html", + "https://linux.oracle.com/errata/ELSA-2026-5913.html", + "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", + "https://www.cve.org/CVERecord?id=CVE-2025-69720" + ], + "PublishedDate": "2026-03-19T15:16:21.293Z", + "LastModifiedDate": "2026-03-26T19:35:10.547Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "libuuid1@2.41-5", + "PkgName": "libuuid1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "1afbb50818377478" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:3b69a00de2c02ec54249af8e1ff7cddb7fa5a1783783c62347c47e9128444395", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "libuuid1@2.41-5", + "PkgName": "libuuid1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "1afbb50818377478" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:2f240b864e2ccdb5b47f89a5e698a2cae073228852916f4e53e2a1c97829c73d", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "login@1:4.16.0-2+really2.41-5", + "PkgName": "login", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "c0ab0b857644733b" + }, + "InstalledVersion": "1:4.16.0-2+really2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:ad3fb67c2c1cfac7c7ca3788194728a8a9a94cf4a5917a13f2072e6c0af7a350", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "login@1:4.16.0-2+really2.41-5", + "PkgName": "login", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "c0ab0b857644733b" + }, + "InstalledVersion": "1:4.16.0-2+really2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:fb5eb329a8139c265be893d38c331dbd2c789abe300b5ce939b6ab4e0cd82bbf", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "mount@2.41-5", + "PkgName": "mount", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/mount@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "55c835c674d0a0e5" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:106a84cd7883c06968fcd11d3092990ea04c50c21fcaa677d38ce047fa8742da", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "mount@2.41-5", + "PkgName": "mount", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/mount@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "55c835c674d0a0e5" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:2dd84bb9ffd00958438e2b069976dafcf778dad93f30a0ad778c2691e27475cb", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2025-69720", + "PkgID": "ncurses-base@6.5+20250216-2", + "PkgName": "ncurses-base", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/ncurses-base@6.5%2B20250216-2?arch=all\u0026distro=debian-13.5", + "UID": "767a0231348a5cb5" + }, + "InstalledVersion": "6.5+20250216-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:c66678f7af162644c73504b2cd8d87bd9aec4095d1d1bcfe42329e78187f366b", + "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", + "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-121", + "CWE-120" + ], + "VendorSeverity": { + "alma": 2, + "azure": 4, + "cbl-mariner": 4, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:5913", + "https://access.redhat.com/security/cve/CVE-2025-69720", + "https://bugzilla.redhat.com/2449037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", + "https://errata.almalinux.org/10/ALSA-2026-5913.html", + "https://errata.rockylinux.org/RLSA-2026:5913", + "https://github.com/Cao-Wuhui/CVE-2025-69720", + "https://invisible-island.net/archives/ncurses/6.5/", + "https://invisible-island.net/ncurses/", + "https://linux.oracle.com/cve/CVE-2025-69720.html", + "https://linux.oracle.com/errata/ELSA-2026-5913.html", + "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", + "https://www.cve.org/CVERecord?id=CVE-2025-69720" + ], + "PublishedDate": "2026-03-19T15:16:21.293Z", + "LastModifiedDate": "2026-03-26T19:35:10.547Z" + }, + { + "VulnerabilityID": "CVE-2025-69720", + "PkgID": "ncurses-bin@6.5+20250216-2", + "PkgName": "ncurses-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/ncurses-bin@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", + "UID": "5b541563cf6587e5" + }, + "InstalledVersion": "6.5+20250216-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:5c62c30e5dd0b9165b4bc1c123ad4d01ae809c974f4911cad2f47e09e5033541", + "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", + "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-121", + "CWE-120" + ], + "VendorSeverity": { + "alma": 2, + "azure": 4, + "cbl-mariner": 4, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:5913", + "https://access.redhat.com/security/cve/CVE-2025-69720", + "https://bugzilla.redhat.com/2449037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", + "https://errata.almalinux.org/10/ALSA-2026-5913.html", + "https://errata.rockylinux.org/RLSA-2026:5913", + "https://github.com/Cao-Wuhui/CVE-2025-69720", + "https://invisible-island.net/archives/ncurses/6.5/", + "https://invisible-island.net/ncurses/", + "https://linux.oracle.com/cve/CVE-2025-69720.html", + "https://linux.oracle.com/errata/ELSA-2026-5913.html", + "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", + "https://www.cve.org/CVERecord?id=CVE-2025-69720" + ], + "PublishedDate": "2026-03-19T15:16:21.293Z", + "LastModifiedDate": "2026-03-26T19:35:10.547Z" + }, + { + "VulnerabilityID": "CVE-2026-5704", + "PkgID": "tar@1.35+dfsg-3.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?arch=amd64\u0026distro=debian-13.5", + "UID": "4f69996c49afbaca" + }, + "InstalledVersion": "1.35+dfsg-3.1", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5704", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:dba3b85f8665a48ab473c378207a09a8b34da3047907f53125a50d132564de74", + "Title": "tar: tar: Hidden file injection via crafted archives", + "Description": "A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-434" + ], + "VendorSeverity": { + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/11/10", + "http://www.openwall.com/lists/oss-security/2026/04/11/11", + "http://www.openwall.com/lists/oss-security/2026/04/12/2", + "https://access.redhat.com/security/cve/CVE-2026-5704", + "https://bugzilla.redhat.com/show_bug.cgi?id=2455360", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5704", + "https://www.cve.org/CVERecord?id=CVE-2026-5704" + ], + "PublishedDate": "2026-04-06T16:16:42.14Z", + "LastModifiedDate": "2026-04-22T20:08:59.92Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "util-linux@2.41-5", + "PkgName": "util-linux", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/util-linux@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "972fb85b9c9e83e7" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:ec60f9924a55c1f9ad836fae64b1b02f24e3c2259288502dad705a073235719d", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "util-linux@2.41-5", + "PkgName": "util-linux", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/util-linux@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "972fb85b9c9e83e7" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:e9e56abe608dcfe0bd1d69e938e9be3eb06d81ae7b7e6d82fe022198d4d0d4dc", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-27171", + "PkgID": "zlib1g@1:1.3.dfsg+really1.3.1-1+b1", + "PkgName": "zlib1g", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/zlib1g@1.3.dfsg%2Breally1.3.1-1%2Bb1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "ff182eb2a26a8142" + }, + "InstalledVersion": "1:1.3.dfsg+really1.3.1-1+b1", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:bf46a3644bc01c553b46ca0ad39c24caf0bef6e14a5aec064021802c26cb0284", + "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", + "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1284" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 1, + "cbl-mariner": 1, + "julia": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://access.redhat.com/security/cve/CVE-2026-27171", + "https://github.com/advisories/GHSA-h858-mf2m-8jf4", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "https://ostif.org/zlib-audit-complete", + "https://ostif.org/zlib-audit-complete/", + "https://www.cve.org/CVERecord?id=CVE-2026-27171" + ], + "PublishedDate": "2026-02-18T04:16:01.263Z", + "LastModifiedDate": "2026-03-25T21:27:04.603Z" + } + ] + }, + { + "Target": "Python", + "Class": "lang-pkgs", + "Type": "python-pkg", + "Packages": [ + { + "Name": "pip", + "Identifier": { + "PURL": "pkg:pypi/pip@25.0.1", + "UID": "7d864d9a4bf3bfe8" + }, + "Version": "25.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "FilePath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", + "AnalyzedBy": "python-pkg" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2025-8869", + "VendorIDs": [ + "GHSA-4xh5-x5gv-qwph" + ], + "PkgName": "pip", + "PkgPath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", + "PkgIdentifier": { + "PURL": "pkg:pypi/pip@25.0.1", + "UID": "7d864d9a4bf3bfe8" + }, + "InstalledVersion": "25.0.1", + "FixedVersion": "25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8869", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory pip", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" + }, + "Fingerprint": "sha256:42863a411c9517557e1744d4dfd39ff9bc29495eff1e5499dcd724418ce89c2d", + "Title": "pip: pip missing checks on symbolic link extraction", + "Description": "When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706.\nNote that upgrading pip to a \"fixed\" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python version that implements PEP 706.\n\nNote that this is a vulnerability in pip's fallback implementation of tar extraction for Python versions that don't implement PEP 706\nand therefore are not secure to all vulnerabilities in the Python 'tarfile' module. If you're using a Python version that implements PEP 706\nthen pip doesn't use the \"vulnerable\" fallback code.\n\nMitigations include upgrading to a version of pip that includes the fix, upgrading to a Python version that implements PEP 706 (Python \u003e=3.9.17, \u003e=3.10.12, \u003e=3.11.4, or \u003e=3.12),\napplying the linked patch, or inspecting source distributions (sdists) before installation as is already a best-practice.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", + "V40Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8869", + "https://github.com/pypa/pip", + "https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a", + "https://github.com/pypa/pip/pull/13550", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html", + "https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN", + "https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN/", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8869", + "https://pip.pypa.io/en/stable/news/#v25-2", + "https://www.cve.org/CVERecord?id=CVE-2025-8869" + ], + "PublishedDate": "2025-09-24T15:15:41.293Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2026-3219", + "VendorIDs": [ + "GHSA-58qw-9mgm-455v" + ], + "PkgName": "pip", + "PkgPath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", + "PkgIdentifier": { + "PURL": "pkg:pypi/pip@25.0.1", + "UID": "7d864d9a4bf3bfe8" + }, + "InstalledVersion": "25.0.1", + "FixedVersion": "26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3219", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory pip", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" + }, + "Fingerprint": "sha256:7bf17290665b4787fc0122d98ffb36d3c01a88784921e24e7c39276cc7339c42", + "Title": "pip: pip: Incorrect file installation due to improper archive handling", + "Description": "pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing \"incorrect\" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-434" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", + "V40Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/20/8", + "https://access.redhat.com/security/cve/CVE-2026-3219", + "https://github.com/pypa/pip", + "https://github.com/pypa/pip/issues/13867", + "https://github.com/pypa/pip/pull/13870", + "https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ", + "https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ/", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3219", + "https://www.cve.org/CVERecord?id=CVE-2026-3219" + ], + "PublishedDate": "2026-04-20T16:16:45.43Z", + "LastModifiedDate": "2026-04-20T21:16:36.42Z" + }, + { + "VulnerabilityID": "CVE-2026-6357", + "VendorIDs": [ + "GHSA-jp4c-xjxw-mgf9" + ], + "PkgName": "pip", + "PkgPath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", + "PkgIdentifier": { + "PURL": "pkg:pypi/pip@25.0.1", + "UID": "7d864d9a4bf3bfe8" + }, + "InstalledVersion": "25.0.1", + "FixedVersion": "26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6357", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory pip", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" + }, + "Fingerprint": "sha256:50c01cddfb2d5c6addeb179114d8bb183aab36219080d055522332e33d4d5aa1", + "Title": "pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation", + "Description": "pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-829" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", + "V40Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 5.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/27/7", + "https://access.redhat.com/security/cve/CVE-2026-6357", + "https://github.com/pypa/pip", + "https://github.com/pypa/pip/commit/b369bfc96cc524e00c267e1693290e6599c36bad", + "https://github.com/pypa/pip/pull/13923", + "https://ichard26.github.io/blog/2026/04/whats-new-in-pip-26.1/#security-fixes", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6357", + "https://www.cve.org/CVERecord?id=CVE-2026-6357" + ], + "PublishedDate": "2026-04-27T15:16:20.857Z", + "LastModifiedDate": "2026-04-27T23:16:03.533Z" + } + ] + } + ] + }, + { + "Namespace": "mail", + "Kind": "CronJob", + "Name": "cert-checker-postfix", + "Metadata": [ + { + "Size": 123288576, + "OS": { + "Family": "debian", + "Name": "13.5" + }, + "ImageID": "sha256:e1054bc5a9f2ddbdd6d0247997c45f2201a4e9b4c6f824b247064a558e877070", + "DiffIDs": [ + "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40", + "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54", + "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939", + "sha256:6872606a6b819a8348189e0d99b8e730aa74d558c158d96f1dd2406a7c6baaf7" + ], + "RepoTags": [ + "python:3.12-slim" + ], + "RepoDigests": [ + "python@sha256:9d3abd9fc11d06998ccdbdd93b4dd49b5ad7d67fcbbc11c016eb0eb2c2194891" + ], + "Reference": "python:3.12-slim", + "ImageConfig": { + "architecture": "amd64", + "created": "2026-05-19T23:50:55.52769964Z", + "history": [ + { + "created": "2026-05-18T00:00:00Z", + "created_by": "# debian.sh --arch 'amd64' out/ 'trixie' '@1779062400'", + "comment": "debuerreotype 0.17" + }, + { + "created": "2026-05-19T23:42:40.234278553Z", + "created_by": "ENV PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T23:42:40.234278553Z", + "created_by": "ENV LANG=C.UTF-8", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T23:42:40.234278553Z", + "created_by": "RUN /bin/sh -c set -eux; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tca-certificates \t\tnetbase \t\ttzdata \t; \tapt-get dist-clean # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-19T23:42:40.234278553Z", + "created_by": "ENV GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T23:42:40.234278553Z", + "created_by": "ENV PYTHON_VERSION=3.12.13", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T23:42:40.234278553Z", + "created_by": "ENV PYTHON_SHA256=c08bc65a81971c1dd5783182826503369466c7e67374d1646519adf05207b684", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-05-19T23:50:55.41770734Z", + "created_by": "RUN /bin/sh -c set -eux; \t\tsavedAptMark=\"$(apt-mark showmanual)\"; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tdpkg-dev \t\tgcc \t\tgnupg \t\tlibbluetooth-dev \t\tlibbz2-dev \t\tlibc6-dev \t\tlibdb-dev \t\tlibffi-dev \t\tlibgdbm-dev \t\tliblzma-dev \t\tlibncursesw5-dev \t\tlibreadline-dev \t\tlibsqlite3-dev \t\tlibssl-dev \t\tmake \t\ttk-dev \t\tuuid-dev \t\twget \t\txz-utils \t\tzlib1g-dev \t; \t\twget -O python.tar.xz \"https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz\"; \techo \"$PYTHON_SHA256 *python.tar.xz\" | sha256sum -c -; \twget -O python.tar.xz.asc \"https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc\"; \tGNUPGHOME=\"$(mktemp -d)\"; export GNUPGHOME; \tgpg --batch --keyserver hkps://keys.openpgp.org --recv-keys \"$GPG_KEY\"; \tgpg --batch --verify python.tar.xz.asc python.tar.xz; \tgpgconf --kill all; \trm -rf \"$GNUPGHOME\" python.tar.xz.asc; \tmkdir -p /usr/src/python; \ttar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; \trm python.tar.xz; \t\tcd /usr/src/python; \tgnuArch=\"$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)\"; \t./configure \t\t--build=\"$gnuArch\" \t\t--enable-loadable-sqlite-extensions \t\t--enable-optimizations \t\t--enable-option-checking=fatal \t\t--enable-shared \t\t$(test \"${gnuArch%%-*}\" != 'riscv64' \u0026\u0026 echo '--with-lto') \t\t--with-ensurepip \t; \tnproc=\"$(nproc)\"; \tEXTRA_CFLAGS=\"$(dpkg-buildflags --get CFLAGS)\"; \tLDFLAGS=\"$(dpkg-buildflags --get LDFLAGS)\"; \tLDFLAGS=\"${LDFLAGS:-} -Wl,--strip-all\"; \tarch=\"$(dpkg --print-architecture)\"; arch=\"${arch##*-}\"; \tcase \"$arch\" in \t\tamd64|arm64) \t\t\tEXTRA_CFLAGS=\"${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer\"; \t\t\t;; \t\ti386) \t\t\t;; \t\t*) \t\t\tEXTRA_CFLAGS=\"${EXTRA_CFLAGS:-} -fno-omit-frame-pointer\"; \t\t\t;; \tesac; \tmake -j \"$nproc\" \t\t\"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}\" \t\t\"LDFLAGS=${LDFLAGS:-}\" \t; \trm python; \tmake -j \"$nproc\" \t\t\"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}\" \t\t\"LDFLAGS=${LDFLAGS:-} -Wl,-rpath='\\$\\$ORIGIN/../lib'\" \t\tpython \t; \tmake install; \t\tcd /; \trm -rf /usr/src/python; \t\tfind /usr/local -depth \t\t\\( \t\t\t\\( -type d -a \\( -name test -o -name tests -o -name idle_test \\) \\) \t\t\t-o \\( -type f -a \\( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \\) \\) \t\t\\) -exec rm -rf '{}' + \t; \t\tldconfig; \t\tapt-mark auto '.*' \u003e /dev/null; \tapt-mark manual $savedAptMark; \tfind /usr/local -type f -executable -not \\( -name '*tkinter*' \\) -exec ldd '{}' ';' \t\t| awk '/=\u003e/ { so = $(NF-1); if (index(so, \"/usr/local/\") == 1) { next }; gsub(\"^/(usr/)?\", \"\", so); printf \"*%s\\n\", so }' \t\t| sort -u \t\t| xargs -rt dpkg-query --search \t\t| awk 'sub(\":$\", \"\", $1) { print $1 }' \t\t| sort -u \t\t| xargs -r apt-mark manual \t; \tapt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \tapt-get dist-clean; \t\texport PYTHONDONTWRITEBYTECODE=1; \tpython3 --version; \tpip3 --version # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-19T23:50:55.52769964Z", + "created_by": "RUN /bin/sh -c set -eux; \tfor src in idle3 pip3 pydoc3 python3 python3-config; do \t\tdst=\"$(echo \"$src\" | tr -d 3)\"; \t\t[ -s \"/usr/local/bin/$src\" ]; \t\t[ ! -e \"/usr/local/bin/$dst\" ]; \t\tln -svT \"$src\" \"/usr/local/bin/$dst\"; \tdone # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-05-19T23:50:55.52769964Z", + "created_by": "CMD [\"python3\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40", + "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54", + "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939", + "sha256:6872606a6b819a8348189e0d99b8e730aa74d558c158d96f1dd2406a7c6baaf7" + ] + }, + "config": { + "Cmd": [ + "python3" + ], + "Env": [ + "PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "LANG=C.UTF-8", + "GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305", + "PYTHON_VERSION=3.12.13", + "PYTHON_SHA256=c08bc65a81971c1dd5783182826503369466c7e67374d1646519adf05207b684" + ] + } + }, + "Layers": [ + { + "Size": 81049600, + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + { + "Size": 4127232, + "Digest": "sha256:4a9dde5cdde190bfa0a3ab17863a083e66ea9636b157638c315357dfa476ba76", + "DiffID": "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54" + }, + { + "Size": 38106624, + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + { + "Size": 5120, + "Digest": "sha256:07342fe545e640a2c4960e97ffe33a301cd8e61e0c4d4307d7ac66b6b8a9eb2d", + "DiffID": "sha256:6872606a6b819a8348189e0d99b8e730aa74d558c158d96f1dd2406a7c6baaf7" + } + ] + } + ], + "Results": [ + { + "Target": "python:3.12-slim (debian 13.5)", + "Class": "os-pkgs", + "Type": "debian", + "Packages": [ + { + "ID": "adduser@3.152", + "Name": "adduser", + "Identifier": { + "PURL": "pkg:deb/debian/adduser@3.152?arch=all\u0026distro=debian-13.5", + "UID": "681428a4291e51" + }, + "Version": "3.152", + "Arch": "all", + "SrcName": "adduser", + "SrcVersion": "3.152", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Debian Adduser Developers \u003cadduser@packages.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "passwd@1:4.17.4-2" + ], + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "InstalledFiles": [ + "/usr/sbin/adduser", + "/usr/sbin/deluser", + "/usr/share/doc/adduser/NEWS.Debian.gz", + "/usr/share/doc/adduser/README.gz", + "/usr/share/doc/adduser/TODO", + "/usr/share/doc/adduser/changelog.gz", + "/usr/share/doc/adduser/copyright", + "/usr/share/doc/adduser/examples/INSTALL", + "/usr/share/doc/adduser/examples/README", + "/usr/share/doc/adduser/examples/adduser.conf", + "/usr/share/doc/adduser/examples/adduser.local", + "/usr/share/doc/adduser/examples/adduser.local.conf", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/bash.bashrc", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/profile", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel.other/index.html", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_logout", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_profile", + "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bashrc", + "/usr/share/doc/adduser/examples/deluser.conf", + "/usr/share/man/da/man5/deluser.conf.5.gz", + "/usr/share/man/de/man5/adduser.conf.5.gz", + "/usr/share/man/de/man5/deluser.conf.5.gz", + "/usr/share/man/de/man8/adduser.8.gz", + "/usr/share/man/de/man8/adduser.local.8.gz", + "/usr/share/man/de/man8/deluser.8.gz", + "/usr/share/man/es/man5/deluser.conf.5.gz", + "/usr/share/man/fr/man5/adduser.conf.5.gz", + "/usr/share/man/fr/man5/deluser.conf.5.gz", + "/usr/share/man/fr/man8/adduser.8.gz", + "/usr/share/man/fr/man8/deluser.8.gz", + "/usr/share/man/it/man5/deluser.conf.5.gz", + "/usr/share/man/man5/adduser.conf.5.gz", + "/usr/share/man/man5/deluser.conf.5.gz", + "/usr/share/man/man8/adduser.8.gz", + "/usr/share/man/man8/adduser.local.8.gz", + "/usr/share/man/man8/deluser.8.gz", + "/usr/share/man/nl/man5/adduser.conf.5.gz", + "/usr/share/man/nl/man5/deluser.conf.5.gz", + "/usr/share/man/nl/man8/adduser.8.gz", + "/usr/share/man/nl/man8/adduser.local.8.gz", + "/usr/share/man/nl/man8/deluser.8.gz", + "/usr/share/man/pl/man5/deluser.conf.5.gz", + "/usr/share/man/pt/man5/adduser.conf.5.gz", + "/usr/share/man/pt/man5/deluser.conf.5.gz", + "/usr/share/man/pt/man8/adduser.8.gz", + "/usr/share/man/pt/man8/adduser.local.8.gz", + "/usr/share/man/pt/man8/deluser.8.gz", + "/usr/share/man/ro/man5/adduser.conf.5.gz", + "/usr/share/man/ro/man5/deluser.conf.5.gz", + "/usr/share/man/ro/man8/adduser.8.gz", + "/usr/share/man/ro/man8/adduser.local.8.gz", + "/usr/share/man/ro/man8/deluser.8.gz", + "/usr/share/man/ru/man5/deluser.conf.5.gz", + "/usr/share/man/sv/man5/deluser.conf.5.gz", + "/usr/share/perl5/Debian/AdduserCommon.pm", + "/usr/share/perl5/Debian/AdduserLogging.pm", + "/usr/share/perl5/Debian/AdduserRetvalues.pm" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "apt@3.0.3", + "Name": "apt", + "Identifier": { + "PURL": "pkg:deb/debian/apt@3.0.3?arch=amd64\u0026distro=debian-13.5", + "UID": "2e5d8c8032700559" + }, + "Version": "3.0.3", + "Arch": "amd64", + "SrcName": "apt", + "SrcVersion": "3.0.3", + "Licenses": [ + "GPL-2.0-or-later", + "curl", + "BSD-3-Clause", + "MIT", + "GPL-2.0-only" + ], + "Maintainer": "APT Development Team \u003cdeity@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "adduser@3.152", + "base-passwd@3.6.7", + "debian-archive-keyring@2025.1", + "libapt-pkg7.0@3.0.3", + "libc6@2.41-12+deb13u3", + "libgcc-s1@14.2.0-19", + "libseccomp2@2.6.0-2", + "libssl3t64@3.5.6-1~deb13u1", + "libstdc++6@14.2.0-19", + "libsystemd0@257.13-1~deb13u1", + "sqv@1.3.0-3+b2" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/apt", + "/usr/bin/apt-cache", + "/usr/bin/apt-cdrom", + "/usr/bin/apt-config", + "/usr/bin/apt-get", + "/usr/bin/apt-mark", + "/usr/lib/apt/apt-extracttemplates", + "/usr/lib/apt/apt-helper", + "/usr/lib/apt/apt.systemd.daily", + "/usr/lib/apt/methods/cdrom", + "/usr/lib/apt/methods/copy", + "/usr/lib/apt/methods/file", + "/usr/lib/apt/methods/gpgv", + "/usr/lib/apt/methods/http", + "/usr/lib/apt/methods/mirror", + "/usr/lib/apt/methods/rred", + "/usr/lib/apt/methods/sqv", + "/usr/lib/apt/methods/store", + "/usr/lib/apt/solvers/dump", + "/usr/lib/dpkg/methods/apt/desc.apt", + "/usr/lib/dpkg/methods/apt/install", + "/usr/lib/dpkg/methods/apt/names", + "/usr/lib/dpkg/methods/apt/setup", + "/usr/lib/dpkg/methods/apt/update", + "/usr/lib/systemd/system/apt-daily-upgrade.service", + "/usr/lib/systemd/system/apt-daily-upgrade.timer", + "/usr/lib/systemd/system/apt-daily.service", + "/usr/lib/systemd/system/apt-daily.timer", + "/usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0", + "/usr/share/apt/default-sequoia.config", + "/usr/share/bash-completion/completions/apt", + "/usr/share/bug/apt/script", + "/usr/share/doc/apt/NEWS.Debian.gz", + "/usr/share/doc/apt/README.md.gz", + "/usr/share/doc/apt/changelog.gz", + "/usr/share/doc/apt/copyright", + "/usr/share/doc/apt/examples/apt.conf", + "/usr/share/doc/apt/examples/configure-index", + "/usr/share/doc/apt/examples/debian.sources", + "/usr/share/doc/apt/examples/preferences", + "/usr/share/lintian/overrides/apt", + "/usr/share/locale/ar/LC_MESSAGES/apt.mo", + "/usr/share/locale/ast/LC_MESSAGES/apt.mo", + "/usr/share/locale/bg/LC_MESSAGES/apt.mo", + "/usr/share/locale/bs/LC_MESSAGES/apt.mo", + "/usr/share/locale/ca/LC_MESSAGES/apt.mo", + "/usr/share/locale/cs/LC_MESSAGES/apt.mo", + "/usr/share/locale/cy/LC_MESSAGES/apt.mo", + "/usr/share/locale/da/LC_MESSAGES/apt.mo", + "/usr/share/locale/de/LC_MESSAGES/apt.mo", + "/usr/share/locale/dz/LC_MESSAGES/apt.mo", + "/usr/share/locale/el/LC_MESSAGES/apt.mo", + "/usr/share/locale/es/LC_MESSAGES/apt.mo", + "/usr/share/locale/eu/LC_MESSAGES/apt.mo", + "/usr/share/locale/fi/LC_MESSAGES/apt.mo", + "/usr/share/locale/fr/LC_MESSAGES/apt.mo", + "/usr/share/locale/gl/LC_MESSAGES/apt.mo", + "/usr/share/locale/hu/LC_MESSAGES/apt.mo", + "/usr/share/locale/it/LC_MESSAGES/apt.mo", + "/usr/share/locale/ja/LC_MESSAGES/apt.mo", + "/usr/share/locale/km/LC_MESSAGES/apt.mo", + "/usr/share/locale/ko/LC_MESSAGES/apt.mo", + "/usr/share/locale/ku/LC_MESSAGES/apt.mo", + "/usr/share/locale/lt/LC_MESSAGES/apt.mo", + "/usr/share/locale/mr/LC_MESSAGES/apt.mo", + "/usr/share/locale/nb/LC_MESSAGES/apt.mo", + "/usr/share/locale/ne/LC_MESSAGES/apt.mo", + "/usr/share/locale/nl/LC_MESSAGES/apt.mo", + "/usr/share/locale/nn/LC_MESSAGES/apt.mo", + "/usr/share/locale/pl/LC_MESSAGES/apt.mo", + "/usr/share/locale/pt/LC_MESSAGES/apt.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/apt.mo", + "/usr/share/locale/ro/LC_MESSAGES/apt.mo", + "/usr/share/locale/ru/LC_MESSAGES/apt.mo", + "/usr/share/locale/sk/LC_MESSAGES/apt.mo", + "/usr/share/locale/sl/LC_MESSAGES/apt.mo", + "/usr/share/locale/sv/LC_MESSAGES/apt.mo", + "/usr/share/locale/th/LC_MESSAGES/apt.mo", + "/usr/share/locale/tl/LC_MESSAGES/apt.mo", + "/usr/share/locale/tr/LC_MESSAGES/apt.mo", + "/usr/share/locale/uk/LC_MESSAGES/apt.mo", + "/usr/share/locale/vi/LC_MESSAGES/apt.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/apt.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/apt.mo", + "/usr/share/man/de/man1/apt-transport-http.1.gz", + "/usr/share/man/de/man1/apt-transport-https.1.gz", + "/usr/share/man/de/man1/apt-transport-mirror.1.gz", + "/usr/share/man/de/man5/apt.conf.5.gz", + "/usr/share/man/de/man5/apt_auth.conf.5.gz", + "/usr/share/man/de/man5/apt_preferences.5.gz", + "/usr/share/man/de/man5/sources.list.5.gz", + "/usr/share/man/de/man7/apt-patterns.7.gz", + "/usr/share/man/de/man8/apt-cache.8.gz", + "/usr/share/man/de/man8/apt-cdrom.8.gz", + "/usr/share/man/de/man8/apt-config.8.gz", + "/usr/share/man/de/man8/apt-get.8.gz", + "/usr/share/man/de/man8/apt-mark.8.gz", + "/usr/share/man/de/man8/apt-secure.8.gz", + "/usr/share/man/de/man8/apt.8.gz", + "/usr/share/man/es/man5/apt_preferences.5.gz", + "/usr/share/man/es/man8/apt-cache.8.gz", + "/usr/share/man/es/man8/apt-cdrom.8.gz", + "/usr/share/man/es/man8/apt-config.8.gz", + "/usr/share/man/fr/man1/apt-transport-http.1.gz", + "/usr/share/man/fr/man1/apt-transport-https.1.gz", + "/usr/share/man/fr/man1/apt-transport-mirror.1.gz", + "/usr/share/man/fr/man5/apt.conf.5.gz", + "/usr/share/man/fr/man5/apt_auth.conf.5.gz", + "/usr/share/man/fr/man5/apt_preferences.5.gz", + "/usr/share/man/fr/man5/sources.list.5.gz", + "/usr/share/man/fr/man7/apt-patterns.7.gz", + "/usr/share/man/fr/man8/apt-cache.8.gz", + "/usr/share/man/fr/man8/apt-cdrom.8.gz", + "/usr/share/man/fr/man8/apt-config.8.gz", + "/usr/share/man/fr/man8/apt-get.8.gz", + "/usr/share/man/fr/man8/apt-mark.8.gz", + "/usr/share/man/fr/man8/apt-secure.8.gz", + "/usr/share/man/fr/man8/apt.8.gz", + "/usr/share/man/it/man5/apt.conf.5.gz", + "/usr/share/man/it/man5/apt_preferences.5.gz", + "/usr/share/man/it/man8/apt-cache.8.gz", + "/usr/share/man/it/man8/apt-cdrom.8.gz", + "/usr/share/man/it/man8/apt-config.8.gz", + "/usr/share/man/it/man8/apt-mark.8.gz", + "/usr/share/man/it/man8/apt.8.gz", + "/usr/share/man/ja/man5/apt.conf.5.gz", + "/usr/share/man/ja/man5/apt_preferences.5.gz", + "/usr/share/man/ja/man8/apt-cache.8.gz", + "/usr/share/man/ja/man8/apt-cdrom.8.gz", + "/usr/share/man/ja/man8/apt-config.8.gz", + "/usr/share/man/ja/man8/apt-mark.8.gz", + "/usr/share/man/ja/man8/apt.8.gz", + "/usr/share/man/man1/apt-transport-http.1.gz", + "/usr/share/man/man1/apt-transport-https.1.gz", + "/usr/share/man/man1/apt-transport-mirror.1.gz", + "/usr/share/man/man5/apt.conf.5.gz", + "/usr/share/man/man5/apt_auth.conf.5.gz", + "/usr/share/man/man5/apt_preferences.5.gz", + "/usr/share/man/man5/sources.list.5.gz", + "/usr/share/man/man7/apt-patterns.7.gz", + "/usr/share/man/man8/apt-cache.8.gz", + "/usr/share/man/man8/apt-cdrom.8.gz", + "/usr/share/man/man8/apt-config.8.gz", + "/usr/share/man/man8/apt-get.8.gz", + "/usr/share/man/man8/apt-mark.8.gz", + "/usr/share/man/man8/apt-secure.8.gz", + "/usr/share/man/man8/apt.8.gz", + "/usr/share/man/nl/man1/apt-transport-http.1.gz", + "/usr/share/man/nl/man1/apt-transport-https.1.gz", + "/usr/share/man/nl/man1/apt-transport-mirror.1.gz", + "/usr/share/man/nl/man5/apt.conf.5.gz", + "/usr/share/man/nl/man5/apt_auth.conf.5.gz", + "/usr/share/man/nl/man5/apt_preferences.5.gz", + "/usr/share/man/nl/man5/sources.list.5.gz", + "/usr/share/man/nl/man7/apt-patterns.7.gz", + "/usr/share/man/nl/man8/apt-cache.8.gz", + "/usr/share/man/nl/man8/apt-cdrom.8.gz", + "/usr/share/man/nl/man8/apt-config.8.gz", + "/usr/share/man/nl/man8/apt-get.8.gz", + "/usr/share/man/nl/man8/apt-mark.8.gz", + "/usr/share/man/nl/man8/apt-secure.8.gz", + "/usr/share/man/nl/man8/apt.8.gz", + "/usr/share/man/pl/man5/apt_preferences.5.gz", + "/usr/share/man/pl/man8/apt-cache.8.gz", + "/usr/share/man/pl/man8/apt-cdrom.8.gz", + "/usr/share/man/pl/man8/apt-config.8.gz", + "/usr/share/man/pt/man1/apt-transport-http.1.gz", + "/usr/share/man/pt/man1/apt-transport-https.1.gz", + "/usr/share/man/pt/man1/apt-transport-mirror.1.gz", + "/usr/share/man/pt/man5/apt.conf.5.gz", + "/usr/share/man/pt/man5/apt_auth.conf.5.gz", + "/usr/share/man/pt/man5/apt_preferences.5.gz", + "/usr/share/man/pt/man5/sources.list.5.gz", + "/usr/share/man/pt/man7/apt-patterns.7.gz", + "/usr/share/man/pt/man8/apt-cache.8.gz", + "/usr/share/man/pt/man8/apt-cdrom.8.gz", + "/usr/share/man/pt/man8/apt-config.8.gz", + "/usr/share/man/pt/man8/apt-get.8.gz", + "/usr/share/man/pt/man8/apt-mark.8.gz", + "/usr/share/man/pt/man8/apt-secure.8.gz", + "/usr/share/man/pt/man8/apt.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "base-files@13.8+deb13u5", + "Name": "base-files", + "Identifier": { + "PURL": "pkg:deb/debian/base-files@13.8%2Bdeb13u5?arch=amd64\u0026distro=debian-13.5", + "UID": "6b13e330b45e6f4f" + }, + "Version": "13.8+deb13u5", + "Arch": "amd64", + "SrcName": "base-files", + "SrcVersion": "13.8+deb13u5", + "Licenses": [ + "GPL-2.0-or-later", + "verbatim" + ], + "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/os-release", + "/usr/share/base-files/dot.bashrc", + "/usr/share/base-files/dot.profile", + "/usr/share/base-files/dot.profile.md5sums", + "/usr/share/base-files/info.dir", + "/usr/share/base-files/motd", + "/usr/share/base-files/profile", + "/usr/share/base-files/profile.md5sums", + "/usr/share/base-files/staff-group-for-usr-local", + "/usr/share/common-licenses/Apache-2.0", + "/usr/share/common-licenses/Artistic", + "/usr/share/common-licenses/BSD", + "/usr/share/common-licenses/CC0-1.0", + "/usr/share/common-licenses/GFDL-1.2", + "/usr/share/common-licenses/GFDL-1.3", + "/usr/share/common-licenses/GPL-1", + "/usr/share/common-licenses/GPL-2", + "/usr/share/common-licenses/GPL-3", + "/usr/share/common-licenses/LGPL-2", + "/usr/share/common-licenses/LGPL-2.1", + "/usr/share/common-licenses/LGPL-3", + "/usr/share/common-licenses/MPL-1.1", + "/usr/share/common-licenses/MPL-2.0", + "/usr/share/doc/base-files/NEWS.Debian.gz", + "/usr/share/doc/base-files/README", + "/usr/share/doc/base-files/README.FHS", + "/usr/share/doc/base-files/changelog.gz", + "/usr/share/doc/base-files/copyright", + "/usr/share/lintian/overrides/base-files" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "base-passwd@3.6.7", + "Name": "base-passwd", + "Identifier": { + "PURL": "pkg:deb/debian/base-passwd@3.6.7?arch=amd64\u0026distro=debian-13.5", + "UID": "f77779fa356eca05" + }, + "Version": "3.6.7", + "Arch": "amd64", + "SrcName": "base-passwd", + "SrcVersion": "3.6.7", + "Licenses": [ + "GPL-2.0-only", + "public-domain" + ], + "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libdebconfclient0@0.280", + "libselinux1@3.8.1-1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/sbin/update-passwd", + "/usr/share/base-passwd/group.master", + "/usr/share/base-passwd/passwd.master", + "/usr/share/doc-base/base-passwd.users-and-groups", + "/usr/share/doc/base-passwd/README", + "/usr/share/doc/base-passwd/changelog.gz", + "/usr/share/doc/base-passwd/copyright", + "/usr/share/doc/base-passwd/users-and-groups.html", + "/usr/share/doc/base-passwd/users-and-groups.txt.gz", + "/usr/share/lintian/overrides/base-passwd", + "/usr/share/man/de/man8/update-passwd.8.gz", + "/usr/share/man/es/man8/update-passwd.8.gz", + "/usr/share/man/fr/man8/update-passwd.8.gz", + "/usr/share/man/ja/man8/update-passwd.8.gz", + "/usr/share/man/man8/update-passwd.8.gz", + "/usr/share/man/pl/man8/update-passwd.8.gz", + "/usr/share/man/ro/man8/update-passwd.8.gz", + "/usr/share/man/ru/man8/update-passwd.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "bash@5.2.37-2+b9", + "Name": "bash", + "Identifier": { + "PURL": "pkg:deb/debian/bash@5.2.37-2%2Bb9?arch=amd64\u0026distro=debian-13.5", + "UID": "f36f9b3693158651" + }, + "Version": "5.2.37", + "Release": "2+b9", + "Arch": "amd64", + "SrcName": "bash", + "SrcVersion": "5.2.37", + "SrcRelease": "2", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "GPL-2.0-or-later", + "GPL-2.0-only", + "GFDL-1.3-no-invariants-only", + "GFDL-1.3-only", + "Latex2e", + "BSD-4-Clause-UC", + "MIT", + "permissive" + ], + "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "base-files@13.8+deb13u5", + "debianutils@5.23.2" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/bash", + "/usr/bin/bashbug", + "/usr/bin/clear_console", + "/usr/share/debianutils/shells.d/bash", + "/usr/share/doc/bash/CHANGES.gz", + "/usr/share/doc/bash/COMPAT.gz", + "/usr/share/doc/bash/INTRO.gz", + "/usr/share/doc/bash/NEWS.gz", + "/usr/share/doc/bash/POSIX.gz", + "/usr/share/doc/bash/RBASH", + "/usr/share/doc/bash/README.Debian.gz", + "/usr/share/doc/bash/README.abs-guide", + "/usr/share/doc/bash/README.commands.gz", + "/usr/share/doc/bash/README.gz", + "/usr/share/doc/bash/changelog.Debian.amd64.gz", + "/usr/share/doc/bash/changelog.Debian.gz", + "/usr/share/doc/bash/changelog.gz", + "/usr/share/doc/bash/copyright", + "/usr/share/doc/bash/inputrc.arrows", + "/usr/share/lintian/overrides/bash", + "/usr/share/locale/af/LC_MESSAGES/bash.mo", + "/usr/share/locale/bg/LC_MESSAGES/bash.mo", + "/usr/share/locale/ca/LC_MESSAGES/bash.mo", + "/usr/share/locale/cs/LC_MESSAGES/bash.mo", + "/usr/share/locale/da/LC_MESSAGES/bash.mo", + "/usr/share/locale/de/LC_MESSAGES/bash.mo", + "/usr/share/locale/el/LC_MESSAGES/bash.mo", + "/usr/share/locale/en@boldquot/LC_MESSAGES/bash.mo", + "/usr/share/locale/en@quot/LC_MESSAGES/bash.mo", + "/usr/share/locale/eo/LC_MESSAGES/bash.mo", + "/usr/share/locale/es/LC_MESSAGES/bash.mo", + "/usr/share/locale/et/LC_MESSAGES/bash.mo", + "/usr/share/locale/fi/LC_MESSAGES/bash.mo", + "/usr/share/locale/fr/LC_MESSAGES/bash.mo", + "/usr/share/locale/ga/LC_MESSAGES/bash.mo", + "/usr/share/locale/gl/LC_MESSAGES/bash.mo", + "/usr/share/locale/hr/LC_MESSAGES/bash.mo", + "/usr/share/locale/hu/LC_MESSAGES/bash.mo", + "/usr/share/locale/id/LC_MESSAGES/bash.mo", + "/usr/share/locale/it/LC_MESSAGES/bash.mo", + "/usr/share/locale/ja/LC_MESSAGES/bash.mo", + "/usr/share/locale/ko/LC_MESSAGES/bash.mo", + "/usr/share/locale/lt/LC_MESSAGES/bash.mo", + "/usr/share/locale/nb/LC_MESSAGES/bash.mo", + "/usr/share/locale/nl/LC_MESSAGES/bash.mo", + "/usr/share/locale/pl/LC_MESSAGES/bash.mo", + "/usr/share/locale/pt/LC_MESSAGES/bash.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/bash.mo", + "/usr/share/locale/ro/LC_MESSAGES/bash.mo", + "/usr/share/locale/ru/LC_MESSAGES/bash.mo", + "/usr/share/locale/sk/LC_MESSAGES/bash.mo", + "/usr/share/locale/sl/LC_MESSAGES/bash.mo", + "/usr/share/locale/sr/LC_MESSAGES/bash.mo", + "/usr/share/locale/sv/LC_MESSAGES/bash.mo", + "/usr/share/locale/tr/LC_MESSAGES/bash.mo", + "/usr/share/locale/uk/LC_MESSAGES/bash.mo", + "/usr/share/locale/vi/LC_MESSAGES/bash.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/bash.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/bash.mo", + "/usr/share/man/man1/bash.1.gz", + "/usr/share/man/man1/bashbug.1.gz", + "/usr/share/man/man1/clear_console.1.gz", + "/usr/share/man/man1/rbash.1.gz", + "/usr/share/man/man7/bash-builtins.7.gz", + "/usr/share/menu/bash" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "bsdutils@1:2.41-5", + "Name": "bsdutils", + "Identifier": { + "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "5843733a461e6ce1" + }, + "Version": "2.41", + "Release": "5", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/logger", + "/usr/bin/renice", + "/usr/bin/script", + "/usr/bin/scriptlive", + "/usr/bin/scriptreplay", + "/usr/bin/wall", + "/usr/share/bash-completion/completions/logger", + "/usr/share/bash-completion/completions/renice", + "/usr/share/bash-completion/completions/script", + "/usr/share/bash-completion/completions/scriptlive", + "/usr/share/bash-completion/completions/scriptreplay", + "/usr/share/bash-completion/completions/wall", + "/usr/share/doc/bsdutils/NEWS.Debian.gz", + "/usr/share/doc/bsdutils/changelog.Debian.gz", + "/usr/share/doc/bsdutils/changelog.gz", + "/usr/share/doc/bsdutils/copyright", + "/usr/share/lintian/overrides/bsdutils", + "/usr/share/man/man1/logger.1.gz", + "/usr/share/man/man1/renice.1.gz", + "/usr/share/man/man1/script.1.gz", + "/usr/share/man/man1/scriptlive.1.gz", + "/usr/share/man/man1/scriptreplay.1.gz", + "/usr/share/man/man1/wall.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "ca-certificates@20250419", + "Name": "ca-certificates", + "Identifier": { + "PURL": "pkg:deb/debian/ca-certificates@20250419?arch=all\u0026distro=debian-13.5", + "UID": "2c691dbd8cebdf2a" + }, + "Version": "20250419", + "Arch": "all", + "SrcName": "ca-certificates", + "SrcVersion": "20250419", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "MPL-2.0" + ], + "Maintainer": "Julien Cristau \u003cjcristau@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.91", + "openssl@3.5.6-1~deb13u1" + ], + "Layer": { + "Digest": "sha256:4a9dde5cdde190bfa0a3ab17863a083e66ea9636b157638c315357dfa476ba76", + "DiffID": "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54" + }, + "InstalledFiles": [ + "/usr/sbin/update-ca-certificates", + "/usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", + "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", + "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", + "/usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", + "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", + "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", + "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", + "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", + "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", + "/usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", + "/usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", + "/usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", + "/usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", + "/usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", + "/usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", + "/usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", + "/usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", + "/usr/share/ca-certificates/mozilla/Certigna.crt", + "/usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", + "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", + "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", + "/usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-01.crt", + "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-02.crt", + "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-01.crt", + "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-02.crt", + "/usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_2_2023.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_2_2023.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", + "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", + "/usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", + "/usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", + "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", + "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", + "/usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", + "/usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", + "/usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", + "/usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", + "/usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", + "/usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", + "/usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", + "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", + "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", + "/usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", + "/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", + "/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", + "/usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", + "/usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", + "/usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", + "/usr/share/ca-certificates/mozilla/Izenpe.com.crt", + "/usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", + "/usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", + "/usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", + "/usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", + "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", + "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", + "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", + "/usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", + "/usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", + "/usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", + "/usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", + "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", + "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", + "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", + "/usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", + "/usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", + "/usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", + "/usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", + "/usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", + "/usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", + "/usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", + "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", + "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", + "/usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", + "/usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", + "/usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", + "/usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", + "/usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", + "/usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", + "/usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", + "/usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", + "/usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", + "/usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", + "/usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", + "/usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", + "/usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", + "/usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", + "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", + "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", + "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", + "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", + "/usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", + "/usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt", + "/usr/share/doc/ca-certificates/README.Debian", + "/usr/share/doc/ca-certificates/changelog.gz", + "/usr/share/doc/ca-certificates/copyright", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/Makefile", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/README", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/ca-certificates-local.triggers", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/changelog", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/compat", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/control", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/copyright", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/postrm", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/rules", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/source/format", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Local_Root_CA.crt", + "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Makefile", + "/usr/share/man/man8/update-ca-certificates.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "coreutils@9.7-3", + "Name": "coreutils", + "Identifier": { + "PURL": "pkg:deb/debian/coreutils@9.7-3?arch=amd64\u0026distro=debian-13.5", + "UID": "cb4a55f50bda2393" + }, + "Version": "9.7", + "Release": "3", + "Arch": "amd64", + "SrcName": "coreutils", + "SrcVersion": "9.7", + "SrcRelease": "3", + "Licenses": [ + "GPL-3.0-or-later", + "BSD-4-Clause-UC", + "GPL-3.0-only", + "ISC", + "FSFULLR", + "GFDL-1.3-no-invariants-only", + "GFDL-1.3-only" + ], + "Maintainer": "Michael Stone \u003cmstone@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/[", + "/usr/bin/arch", + "/usr/bin/b2sum", + "/usr/bin/base32", + "/usr/bin/base64", + "/usr/bin/basename", + "/usr/bin/basenc", + "/usr/bin/cat", + "/usr/bin/chcon", + "/usr/bin/chgrp", + "/usr/bin/chmod", + "/usr/bin/chown", + "/usr/bin/cksum", + "/usr/bin/comm", + "/usr/bin/cp", + "/usr/bin/csplit", + "/usr/bin/cut", + "/usr/bin/date", + "/usr/bin/dd", + "/usr/bin/df", + "/usr/bin/dir", + "/usr/bin/dircolors", + "/usr/bin/dirname", + "/usr/bin/du", + "/usr/bin/echo", + "/usr/bin/env", + "/usr/bin/expand", + "/usr/bin/expr", + "/usr/bin/factor", + "/usr/bin/false", + "/usr/bin/fmt", + "/usr/bin/fold", + "/usr/bin/groups", + "/usr/bin/head", + "/usr/bin/hostid", + "/usr/bin/id", + "/usr/bin/install", + "/usr/bin/join", + "/usr/bin/link", + "/usr/bin/ln", + "/usr/bin/logname", + "/usr/bin/ls", + "/usr/bin/md5sum", + "/usr/bin/mkdir", + "/usr/bin/mkfifo", + "/usr/bin/mknod", + "/usr/bin/mktemp", + "/usr/bin/mv", + "/usr/bin/nice", + "/usr/bin/nl", + "/usr/bin/nohup", + "/usr/bin/nproc", + "/usr/bin/numfmt", + "/usr/bin/od", + "/usr/bin/paste", + "/usr/bin/pathchk", + "/usr/bin/pinky", + "/usr/bin/pr", + "/usr/bin/printenv", + "/usr/bin/printf", + "/usr/bin/ptx", + "/usr/bin/pwd", + "/usr/bin/readlink", + "/usr/bin/realpath", + "/usr/bin/rm", + "/usr/bin/rmdir", + "/usr/bin/runcon", + "/usr/bin/seq", + "/usr/bin/sha1sum", + "/usr/bin/sha224sum", + "/usr/bin/sha256sum", + "/usr/bin/sha384sum", + "/usr/bin/sha512sum", + "/usr/bin/shred", + "/usr/bin/shuf", + "/usr/bin/sleep", + "/usr/bin/sort", + "/usr/bin/split", + "/usr/bin/stat", + "/usr/bin/stdbuf", + "/usr/bin/stty", + "/usr/bin/sum", + "/usr/bin/sync", + "/usr/bin/tac", + "/usr/bin/tail", + "/usr/bin/tee", + "/usr/bin/test", + "/usr/bin/timeout", + "/usr/bin/touch", + "/usr/bin/tr", + "/usr/bin/true", + "/usr/bin/truncate", + "/usr/bin/tsort", + "/usr/bin/tty", + "/usr/bin/uname", + "/usr/bin/unexpand", + "/usr/bin/uniq", + "/usr/bin/unlink", + "/usr/bin/users", + "/usr/bin/vdir", + "/usr/bin/wc", + "/usr/bin/who", + "/usr/bin/whoami", + "/usr/bin/yes", + "/usr/libexec/coreutils/libstdbuf.so", + "/usr/sbin/chroot", + "/usr/share/doc/coreutils/AUTHORS", + "/usr/share/doc/coreutils/NEWS.gz", + "/usr/share/doc/coreutils/README.Debian", + "/usr/share/doc/coreutils/README.gz", + "/usr/share/doc/coreutils/THANKS.gz", + "/usr/share/doc/coreutils/TODO.gz", + "/usr/share/doc/coreutils/changelog.Debian.gz", + "/usr/share/doc/coreutils/changelog.gz", + "/usr/share/doc/coreutils/copyright", + "/usr/share/info/coreutils.info.gz", + "/usr/share/lintian/overrides/coreutils", + "/usr/share/locale/af/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/be/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/bg/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ca/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/cs/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/da/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/de/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/el/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/eo/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/es/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/et/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/eu/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/fi/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/fr/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ga/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/gl/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/hr/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/hu/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ia/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/id/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/it/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ja/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ka/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/kk/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ko/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/lg/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/lt/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ms/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/nb/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/nl/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/pl/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/pt/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ro/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ru/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/sk/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/sl/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/sr/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/sv/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/ta/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/tr/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/uk/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/vi/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/coreutils.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/coreutils.mo", + "/usr/share/man/man1/arch.1.gz", + "/usr/share/man/man1/b2sum.1.gz", + "/usr/share/man/man1/base32.1.gz", + "/usr/share/man/man1/base64.1.gz", + "/usr/share/man/man1/basename.1.gz", + "/usr/share/man/man1/basenc.1.gz", + "/usr/share/man/man1/cat.1.gz", + "/usr/share/man/man1/chcon.1.gz", + "/usr/share/man/man1/chgrp.1.gz", + "/usr/share/man/man1/chmod.1.gz", + "/usr/share/man/man1/chown.1.gz", + "/usr/share/man/man1/cksum.1.gz", + "/usr/share/man/man1/comm.1.gz", + "/usr/share/man/man1/cp.1.gz", + "/usr/share/man/man1/csplit.1.gz", + "/usr/share/man/man1/cut.1.gz", + "/usr/share/man/man1/date.1.gz", + "/usr/share/man/man1/dd.1.gz", + "/usr/share/man/man1/df.1.gz", + "/usr/share/man/man1/dir.1.gz", + "/usr/share/man/man1/dircolors.1.gz", + "/usr/share/man/man1/dirname.1.gz", + "/usr/share/man/man1/du.1.gz", + "/usr/share/man/man1/echo.1.gz", + "/usr/share/man/man1/env.1.gz", + "/usr/share/man/man1/expand.1.gz", + "/usr/share/man/man1/expr.1.gz", + "/usr/share/man/man1/factor.1.gz", + "/usr/share/man/man1/false.1.gz", + "/usr/share/man/man1/fmt.1.gz", + "/usr/share/man/man1/fold.1.gz", + "/usr/share/man/man1/groups.1.gz", + "/usr/share/man/man1/head.1.gz", + "/usr/share/man/man1/hostid.1.gz", + "/usr/share/man/man1/id.1.gz", + "/usr/share/man/man1/install.1.gz", + "/usr/share/man/man1/join.1.gz", + "/usr/share/man/man1/link.1.gz", + "/usr/share/man/man1/ln.1.gz", + "/usr/share/man/man1/logname.1.gz", + "/usr/share/man/man1/ls.1.gz", + "/usr/share/man/man1/md5sum.1.gz", + "/usr/share/man/man1/mkdir.1.gz", + "/usr/share/man/man1/mkfifo.1.gz", + "/usr/share/man/man1/mknod.1.gz", + "/usr/share/man/man1/mktemp.1.gz", + "/usr/share/man/man1/mv.1.gz", + "/usr/share/man/man1/nice.1.gz", + "/usr/share/man/man1/nl.1.gz", + "/usr/share/man/man1/nohup.1.gz", + "/usr/share/man/man1/nproc.1.gz", + "/usr/share/man/man1/numfmt.1.gz", + "/usr/share/man/man1/od.1.gz", + "/usr/share/man/man1/paste.1.gz", + "/usr/share/man/man1/pathchk.1.gz", + "/usr/share/man/man1/pinky.1.gz", + "/usr/share/man/man1/pr.1.gz", + "/usr/share/man/man1/printenv.1.gz", + "/usr/share/man/man1/printf.1.gz", + "/usr/share/man/man1/ptx.1.gz", + "/usr/share/man/man1/pwd.1.gz", + "/usr/share/man/man1/readlink.1.gz", + "/usr/share/man/man1/realpath.1.gz", + "/usr/share/man/man1/rm.1.gz", + "/usr/share/man/man1/rmdir.1.gz", + "/usr/share/man/man1/runcon.1.gz", + "/usr/share/man/man1/seq.1.gz", + "/usr/share/man/man1/sha1sum.1.gz", + "/usr/share/man/man1/sha224sum.1.gz", + "/usr/share/man/man1/sha256sum.1.gz", + "/usr/share/man/man1/sha384sum.1.gz", + "/usr/share/man/man1/sha512sum.1.gz", + "/usr/share/man/man1/shred.1.gz", + "/usr/share/man/man1/shuf.1.gz", + "/usr/share/man/man1/sleep.1.gz", + "/usr/share/man/man1/sort.1.gz", + "/usr/share/man/man1/split.1.gz", + "/usr/share/man/man1/stat.1.gz", + "/usr/share/man/man1/stdbuf.1.gz", + "/usr/share/man/man1/stty.1.gz", + "/usr/share/man/man1/sum.1.gz", + "/usr/share/man/man1/sync.1.gz", + "/usr/share/man/man1/tac.1.gz", + "/usr/share/man/man1/tail.1.gz", + "/usr/share/man/man1/tee.1.gz", + "/usr/share/man/man1/test.1.gz", + "/usr/share/man/man1/timeout.1.gz", + "/usr/share/man/man1/touch.1.gz", + "/usr/share/man/man1/tr.1.gz", + "/usr/share/man/man1/true.1.gz", + "/usr/share/man/man1/truncate.1.gz", + "/usr/share/man/man1/tsort.1.gz", + "/usr/share/man/man1/tty.1.gz", + "/usr/share/man/man1/uname.1.gz", + "/usr/share/man/man1/unexpand.1.gz", + "/usr/share/man/man1/uniq.1.gz", + "/usr/share/man/man1/unlink.1.gz", + "/usr/share/man/man1/users.1.gz", + "/usr/share/man/man1/vdir.1.gz", + "/usr/share/man/man1/wc.1.gz", + "/usr/share/man/man1/who.1.gz", + "/usr/share/man/man1/whoami.1.gz", + "/usr/share/man/man1/yes.1.gz", + "/usr/share/man/man8/chroot.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "dash@0.5.12-12", + "Name": "dash", + "Identifier": { + "PURL": "pkg:deb/debian/dash@0.5.12-12?arch=amd64\u0026distro=debian-13.5", + "UID": "4990b2098a2a3724" + }, + "Version": "0.5.12", + "Release": "12", + "Arch": "amd64", + "SrcName": "dash", + "SrcVersion": "0.5.12", + "SrcRelease": "12", + "Licenses": [ + "BSD-3-Clause", + "public-domain", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Andrej Shadura \u003candrewsh@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debianutils@5.23.2" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/dash", + "/usr/share/debianutils/shells.d/dash", + "/usr/share/doc/dash/README.Debian.diet", + "/usr/share/doc/dash/README.source", + "/usr/share/doc/dash/changelog.Debian.gz", + "/usr/share/doc/dash/changelog.gz", + "/usr/share/doc/dash/copyright", + "/usr/share/lintian/overrides/dash", + "/usr/share/man/man1/dash.1.gz", + "/usr/share/menu/dash" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "debconf@1.5.91", + "Name": "debconf", + "Identifier": { + "PURL": "pkg:deb/debian/debconf@1.5.91?arch=all\u0026distro=debian-13.5", + "UID": "f7c8b7ba83ed5cfe" + }, + "Version": "1.5.91", + "Arch": "all", + "SrcName": "debconf", + "SrcVersion": "1.5.91", + "Licenses": [ + "BSD-2-Clause" + ], + "Maintainer": "Debconf Developers \u003cdebconf-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/debconf", + "/usr/bin/debconf-apt-progress", + "/usr/bin/debconf-communicate", + "/usr/bin/debconf-copydb", + "/usr/bin/debconf-escape", + "/usr/bin/debconf-set-selections", + "/usr/bin/debconf-show", + "/usr/sbin/dpkg-preconfigure", + "/usr/sbin/dpkg-reconfigure", + "/usr/share/bash-completion/completions/debconf", + "/usr/share/debconf/confmodule", + "/usr/share/debconf/confmodule.sh", + "/usr/share/debconf/debconf.conf", + "/usr/share/debconf/fix_db.pl", + "/usr/share/debconf/frontend", + "/usr/share/doc/debconf/README.Debian", + "/usr/share/doc/debconf/changelog.gz", + "/usr/share/doc/debconf/copyright", + "/usr/share/lintian/overrides/debconf", + "/usr/share/man/man1/debconf-apt-progress.1.gz", + "/usr/share/man/man1/debconf-communicate.1.gz", + "/usr/share/man/man1/debconf-copydb.1.gz", + "/usr/share/man/man1/debconf-escape.1.gz", + "/usr/share/man/man1/debconf-set-selections.1.gz", + "/usr/share/man/man1/debconf-show.1.gz", + "/usr/share/man/man1/debconf.1.gz", + "/usr/share/man/man8/dpkg-preconfigure.8.gz", + "/usr/share/man/man8/dpkg-reconfigure.8.gz", + "/usr/share/perl5/Debconf/AutoSelect.pm", + "/usr/share/perl5/Debconf/Base.pm", + "/usr/share/perl5/Debconf/Client/ConfModule.pm", + "/usr/share/perl5/Debconf/ConfModule.pm", + "/usr/share/perl5/Debconf/Config.pm", + "/usr/share/perl5/Debconf/Db.pm", + "/usr/share/perl5/Debconf/DbDriver.pm", + "/usr/share/perl5/Debconf/DbDriver/Backup.pm", + "/usr/share/perl5/Debconf/DbDriver/Cache.pm", + "/usr/share/perl5/Debconf/DbDriver/Copy.pm", + "/usr/share/perl5/Debconf/DbDriver/Debug.pm", + "/usr/share/perl5/Debconf/DbDriver/DirTree.pm", + "/usr/share/perl5/Debconf/DbDriver/Directory.pm", + "/usr/share/perl5/Debconf/DbDriver/File.pm", + "/usr/share/perl5/Debconf/DbDriver/LDAP.pm", + "/usr/share/perl5/Debconf/DbDriver/PackageDir.pm", + "/usr/share/perl5/Debconf/DbDriver/Pipe.pm", + "/usr/share/perl5/Debconf/DbDriver/Stack.pm", + "/usr/share/perl5/Debconf/Element.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Error.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Note.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Password.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Progress.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Select.pm", + "/usr/share/perl5/Debconf/Element/Dialog/String.pm", + "/usr/share/perl5/Debconf/Element/Dialog/Text.pm", + "/usr/share/perl5/Debconf/Element/Editor/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Editor/Error.pm", + "/usr/share/perl5/Debconf/Element/Editor/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Editor/Note.pm", + "/usr/share/perl5/Debconf/Element/Editor/Password.pm", + "/usr/share/perl5/Debconf/Element/Editor/Progress.pm", + "/usr/share/perl5/Debconf/Element/Editor/Select.pm", + "/usr/share/perl5/Debconf/Element/Editor/String.pm", + "/usr/share/perl5/Debconf/Element/Editor/Text.pm", + "/usr/share/perl5/Debconf/Element/Gnome.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Error.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Note.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Password.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Progress.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Select.pm", + "/usr/share/perl5/Debconf/Element/Gnome/String.pm", + "/usr/share/perl5/Debconf/Element/Gnome/Text.pm", + "/usr/share/perl5/Debconf/Element/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Error.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Note.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Password.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Progress.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Select.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/String.pm", + "/usr/share/perl5/Debconf/Element/Noninteractive/Text.pm", + "/usr/share/perl5/Debconf/Element/Select.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Error.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Note.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Password.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Progress.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Select.pm", + "/usr/share/perl5/Debconf/Element/Teletype/String.pm", + "/usr/share/perl5/Debconf/Element/Teletype/Text.pm", + "/usr/share/perl5/Debconf/Element/Web/Boolean.pm", + "/usr/share/perl5/Debconf/Element/Web/Error.pm", + "/usr/share/perl5/Debconf/Element/Web/Multiselect.pm", + "/usr/share/perl5/Debconf/Element/Web/Note.pm", + "/usr/share/perl5/Debconf/Element/Web/Password.pm", + "/usr/share/perl5/Debconf/Element/Web/Progress.pm", + "/usr/share/perl5/Debconf/Element/Web/Select.pm", + "/usr/share/perl5/Debconf/Element/Web/String.pm", + "/usr/share/perl5/Debconf/Element/Web/Text.pm", + "/usr/share/perl5/Debconf/Encoding.pm", + "/usr/share/perl5/Debconf/Format.pm", + "/usr/share/perl5/Debconf/Format/822.pm", + "/usr/share/perl5/Debconf/FrontEnd.pm", + "/usr/share/perl5/Debconf/FrontEnd/Dialog.pm", + "/usr/share/perl5/Debconf/FrontEnd/Editor.pm", + "/usr/share/perl5/Debconf/FrontEnd/Gnome.pm", + "/usr/share/perl5/Debconf/FrontEnd/Kde.pm", + "/usr/share/perl5/Debconf/FrontEnd/Noninteractive.pm", + "/usr/share/perl5/Debconf/FrontEnd/Passthrough.pm", + "/usr/share/perl5/Debconf/FrontEnd/Readline.pm", + "/usr/share/perl5/Debconf/FrontEnd/ScreenSize.pm", + "/usr/share/perl5/Debconf/FrontEnd/Teletype.pm", + "/usr/share/perl5/Debconf/FrontEnd/Text.pm", + "/usr/share/perl5/Debconf/FrontEnd/Web.pm", + "/usr/share/perl5/Debconf/Gettext.pm", + "/usr/share/perl5/Debconf/Iterator.pm", + "/usr/share/perl5/Debconf/Log.pm", + "/usr/share/perl5/Debconf/Path.pm", + "/usr/share/perl5/Debconf/Priority.pm", + "/usr/share/perl5/Debconf/Question.pm", + "/usr/share/perl5/Debconf/Template.pm", + "/usr/share/perl5/Debconf/Template/Transient.pm", + "/usr/share/perl5/Debconf/TmpFile.pm", + "/usr/share/perl5/Debian/DebConf/Client/ConfModule.pm", + "/usr/share/pixmaps/debian-logo.png" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "debian-archive-keyring@2025.1", + "Name": "debian-archive-keyring", + "Identifier": { + "PURL": "pkg:deb/debian/debian-archive-keyring@2025.1?arch=all\u0026distro=debian-13.5", + "UID": "a22d861380b1187c" + }, + "Version": "2025.1", + "Arch": "all", + "SrcName": "debian-archive-keyring", + "SrcVersion": "2025.1", + "Licenses": [ + "GPL-2.0-or-later" + ], + "Maintainer": "Debian Release Team \u003cpackages@release.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/share/doc/debian-archive-keyring/NEWS.Debian.gz", + "/usr/share/doc/debian-archive-keyring/README", + "/usr/share/doc/debian-archive-keyring/changelog.gz", + "/usr/share/doc/debian-archive-keyring/copyright", + "/usr/share/keyrings/debian-archive-bookworm-automatic.pgp", + "/usr/share/keyrings/debian-archive-bookworm-security-automatic.pgp", + "/usr/share/keyrings/debian-archive-bookworm-stable.pgp", + "/usr/share/keyrings/debian-archive-bullseye-automatic.pgp", + "/usr/share/keyrings/debian-archive-bullseye-security-automatic.pgp", + "/usr/share/keyrings/debian-archive-bullseye-stable.pgp", + "/usr/share/keyrings/debian-archive-keyring.pgp", + "/usr/share/keyrings/debian-archive-removed-keys.pgp", + "/usr/share/keyrings/debian-archive-trixie-automatic.pgp", + "/usr/share/keyrings/debian-archive-trixie-security-automatic.pgp", + "/usr/share/keyrings/debian-archive-trixie-stable.pgp" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "debianutils@5.23.2", + "Name": "debianutils", + "Identifier": { + "PURL": "pkg:deb/debian/debianutils@5.23.2?arch=amd64\u0026distro=debian-13.5", + "UID": "3c5d0b66afafddbb" + }, + "Version": "5.23.2", + "Arch": "amd64", + "SrcName": "debianutils", + "SrcVersion": "5.23.2", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "public-domain", + "SMAIL-GPL" + ], + "Maintainer": "Ileana Dumitrescu \u003cileanadumitrescu95@gmail.com\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/ischroot", + "/usr/bin/run-parts", + "/usr/bin/savelog", + "/usr/bin/tempfile", + "/usr/bin/which.debianutils", + "/usr/sbin/add-shell", + "/usr/sbin/installkernel", + "/usr/sbin/remove-shell", + "/usr/sbin/update-shells", + "/usr/share/debianutils/shells", + "/usr/share/doc/debianutils/README.shells", + "/usr/share/doc/debianutils/changelog.gz", + "/usr/share/doc/debianutils/copyright", + "/usr/share/man/de/man1/which.debianutils.1.gz", + "/usr/share/man/de/man8/add-shell.8.gz", + "/usr/share/man/de/man8/installkernel.8.gz", + "/usr/share/man/de/man8/remove-shell.8.gz", + "/usr/share/man/de/man8/run-parts.8.gz", + "/usr/share/man/de/man8/savelog.8.gz", + "/usr/share/man/es/man1/which.debianutils.1.gz", + "/usr/share/man/es/man8/add-shell.8.gz", + "/usr/share/man/es/man8/installkernel.8.gz", + "/usr/share/man/es/man8/remove-shell.8.gz", + "/usr/share/man/es/man8/run-parts.8.gz", + "/usr/share/man/es/man8/savelog.8.gz", + "/usr/share/man/fr/man1/which.debianutils.1.gz", + "/usr/share/man/fr/man8/add-shell.8.gz", + "/usr/share/man/fr/man8/installkernel.8.gz", + "/usr/share/man/fr/man8/remove-shell.8.gz", + "/usr/share/man/fr/man8/run-parts.8.gz", + "/usr/share/man/fr/man8/savelog.8.gz", + "/usr/share/man/it/man1/which.debianutils.1.gz", + "/usr/share/man/it/man8/add-shell.8.gz", + "/usr/share/man/it/man8/installkernel.8.gz", + "/usr/share/man/it/man8/remove-shell.8.gz", + "/usr/share/man/it/man8/run-parts.8.gz", + "/usr/share/man/it/man8/savelog.8.gz", + "/usr/share/man/ja/man1/which.debianutils.1.gz", + "/usr/share/man/ja/man8/add-shell.8.gz", + "/usr/share/man/ja/man8/installkernel.8.gz", + "/usr/share/man/ja/man8/remove-shell.8.gz", + "/usr/share/man/ja/man8/run-parts.8.gz", + "/usr/share/man/ja/man8/savelog.8.gz", + "/usr/share/man/man1/ischroot.1.gz", + "/usr/share/man/man1/tempfile.1.gz", + "/usr/share/man/man1/which.debianutils.1.gz", + "/usr/share/man/man8/add-shell.8.gz", + "/usr/share/man/man8/installkernel.8.gz", + "/usr/share/man/man8/remove-shell.8.gz", + "/usr/share/man/man8/run-parts.8.gz", + "/usr/share/man/man8/savelog.8.gz", + "/usr/share/man/man8/update-shells.8.gz", + "/usr/share/man/pl/man1/which.debianutils.1.gz", + "/usr/share/man/pl/man8/add-shell.8.gz", + "/usr/share/man/pl/man8/installkernel.8.gz", + "/usr/share/man/pl/man8/remove-shell.8.gz", + "/usr/share/man/pl/man8/run-parts.8.gz", + "/usr/share/man/pl/man8/savelog.8.gz", + "/usr/share/man/pt/man1/which.debianutils.1.gz", + "/usr/share/man/pt/man8/add-shell.8.gz", + "/usr/share/man/pt/man8/installkernel.8.gz", + "/usr/share/man/pt/man8/remove-shell.8.gz", + "/usr/share/man/pt/man8/run-parts.8.gz", + "/usr/share/man/pt/man8/savelog.8.gz", + "/usr/share/man/sl/man1/which.debianutils.1.gz", + "/usr/share/man/sl/man8/add-shell.8.gz", + "/usr/share/man/sl/man8/installkernel.8.gz", + "/usr/share/man/sl/man8/remove-shell.8.gz", + "/usr/share/man/sl/man8/run-parts.8.gz", + "/usr/share/man/sl/man8/savelog.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "diffutils@1:3.10-4", + "Name": "diffutils", + "Identifier": { + "PURL": "pkg:deb/debian/diffutils@3.10-4?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "852f693a78aaa149" + }, + "Version": "3.10", + "Release": "4", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "diffutils", + "SrcVersion": "3.10", + "SrcRelease": "4", + "SrcEpoch": 1, + "Licenses": [ + "GPL-3.0-or-later", + "FSFULLR", + "LGPL-2.1-or-later", + "GPL-3.0-with-autoconf-exception+", + "GPL-3.0-only", + "GPL-3+ with texinfo exception", + "LGPL-2.0-or-later", + "GPL-2.0-or-later", + "X11", + "FSFAP", + "GFDL-1.3-no-invariants-only", + "LGPL-3.0-or-later", + "LGPL-3.0-only", + "public-domain", + "LGPL-2.0-only", + "LGPL-2.1-only", + "GPL-2.0-only", + "GFDL-1.3-only" + ], + "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/cmp", + "/usr/bin/diff", + "/usr/bin/diff3", + "/usr/bin/sdiff", + "/usr/share/doc/diffutils/NEWS.gz", + "/usr/share/doc/diffutils/changelog.Debian.gz", + "/usr/share/doc/diffutils/changelog.gz", + "/usr/share/doc/diffutils/copyright", + "/usr/share/info/diffutils.info.gz", + "/usr/share/locale/bg/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ca/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/cs/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/da/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/de/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/el/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/eo/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/es/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/fi/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/fr/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ga/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/gl/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/he/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/hr/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/hu/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/id/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/it/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ja/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ka/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ko/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/lv/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ms/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/nb/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/nl/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/pl/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/pt/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ro/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/ru/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/sr/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/sv/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/tr/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/uk/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/vi/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/diffutils.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/diffutils.mo", + "/usr/share/man/man1/cmp.1.gz", + "/usr/share/man/man1/diff.1.gz", + "/usr/share/man/man1/diff3.1.gz", + "/usr/share/man/man1/sdiff.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "dpkg@1.22.22", + "Name": "dpkg", + "Identifier": { + "PURL": "pkg:deb/debian/dpkg@1.22.22?arch=amd64\u0026distro=debian-13.5", + "UID": "7b97f27e3bec0417" + }, + "Version": "1.22.22", + "Arch": "amd64", + "SrcName": "dpkg", + "SrcVersion": "1.22.22", + "Licenses": [ + "GPL-2.0-or-later", + "public-domain-s-s-d", + "GPL-2.0-only" + ], + "Maintainer": "Dpkg Developers \u003cdebian-dpkg@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "tar@1.35+dfsg-3.1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/dpkg", + "/usr/bin/dpkg-deb", + "/usr/bin/dpkg-divert", + "/usr/bin/dpkg-maintscript-helper", + "/usr/bin/dpkg-query", + "/usr/bin/dpkg-realpath", + "/usr/bin/dpkg-split", + "/usr/bin/dpkg-statoverride", + "/usr/bin/dpkg-trigger", + "/usr/bin/update-alternatives", + "/usr/lib/systemd/system/dpkg-db-backup.service", + "/usr/lib/systemd/system/dpkg-db-backup.timer", + "/usr/libexec/dpkg/dpkg-db-backup", + "/usr/libexec/dpkg/dpkg-db-keeper", + "/usr/sbin/start-stop-daemon", + "/usr/share/doc/dpkg/AUTHORS", + "/usr/share/doc/dpkg/README.api", + "/usr/share/doc/dpkg/README.bug-usertags.gz", + "/usr/share/doc/dpkg/README.feature-removal-schedule.gz", + "/usr/share/doc/dpkg/THANKS.gz", + "/usr/share/doc/dpkg/changelog.gz", + "/usr/share/doc/dpkg/copyright", + "/usr/share/dpkg/abitable", + "/usr/share/dpkg/cputable", + "/usr/share/dpkg/ostable", + "/usr/share/dpkg/sh/dpkg-error.sh", + "/usr/share/dpkg/tupletable", + "/usr/share/lintian/overrides/dpkg", + "/usr/share/lintian/profiles/dpkg/main.profile", + "/usr/share/locale/ast/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/bs/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ca/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/cs/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/da/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/de/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/dz/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/el/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/eo/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/es/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/et/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/eu/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/fr/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/gl/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/hu/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/id/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/it/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ja/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/km/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ko/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ku/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/lt/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/mr/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/nb/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ne/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/nl/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/nn/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/oc/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/pa/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/pl/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/pt/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ro/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/ru/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/sk/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/sv/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/th/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/tl/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/tr/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/vi/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/dpkg.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/dpkg.mo", + "/usr/share/man/de/man1/dpkg-deb.1.gz", + "/usr/share/man/de/man1/dpkg-divert.1.gz", + "/usr/share/man/de/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/de/man1/dpkg-query.1.gz", + "/usr/share/man/de/man1/dpkg-realpath.1.gz", + "/usr/share/man/de/man1/dpkg-split.1.gz", + "/usr/share/man/de/man1/dpkg-statoverride.1.gz", + "/usr/share/man/de/man1/dpkg-trigger.1.gz", + "/usr/share/man/de/man1/dpkg.1.gz", + "/usr/share/man/de/man1/update-alternatives.1.gz", + "/usr/share/man/de/man5/dpkg.cfg.5.gz", + "/usr/share/man/de/man8/start-stop-daemon.8.gz", + "/usr/share/man/es/man5/dpkg.cfg.5.gz", + "/usr/share/man/fr/man1/dpkg-divert.1.gz", + "/usr/share/man/fr/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/fr/man1/dpkg-query.1.gz", + "/usr/share/man/fr/man1/dpkg-realpath.1.gz", + "/usr/share/man/fr/man1/dpkg-split.1.gz", + "/usr/share/man/fr/man1/dpkg-trigger.1.gz", + "/usr/share/man/fr/man1/update-alternatives.1.gz", + "/usr/share/man/fr/man5/dpkg.cfg.5.gz", + "/usr/share/man/fr/man8/start-stop-daemon.8.gz", + "/usr/share/man/it/man5/dpkg.cfg.5.gz", + "/usr/share/man/ja/man5/dpkg.cfg.5.gz", + "/usr/share/man/man1/dpkg-deb.1.gz", + "/usr/share/man/man1/dpkg-divert.1.gz", + "/usr/share/man/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/man1/dpkg-query.1.gz", + "/usr/share/man/man1/dpkg-realpath.1.gz", + "/usr/share/man/man1/dpkg-split.1.gz", + "/usr/share/man/man1/dpkg-statoverride.1.gz", + "/usr/share/man/man1/dpkg-trigger.1.gz", + "/usr/share/man/man1/dpkg.1.gz", + "/usr/share/man/man1/update-alternatives.1.gz", + "/usr/share/man/man5/dpkg.cfg.5.gz", + "/usr/share/man/man8/start-stop-daemon.8.gz", + "/usr/share/man/nl/man1/dpkg-deb.1.gz", + "/usr/share/man/nl/man1/dpkg-divert.1.gz", + "/usr/share/man/nl/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/nl/man1/dpkg-query.1.gz", + "/usr/share/man/nl/man1/dpkg-realpath.1.gz", + "/usr/share/man/nl/man1/dpkg-split.1.gz", + "/usr/share/man/nl/man1/dpkg-statoverride.1.gz", + "/usr/share/man/nl/man1/dpkg-trigger.1.gz", + "/usr/share/man/nl/man1/dpkg.1.gz", + "/usr/share/man/nl/man1/update-alternatives.1.gz", + "/usr/share/man/nl/man5/dpkg.cfg.5.gz", + "/usr/share/man/nl/man8/start-stop-daemon.8.gz", + "/usr/share/man/pl/man5/dpkg.cfg.5.gz", + "/usr/share/man/pt/man1/dpkg-deb.1.gz", + "/usr/share/man/pt/man1/dpkg-divert.1.gz", + "/usr/share/man/pt/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/pt/man1/dpkg-query.1.gz", + "/usr/share/man/pt/man1/dpkg-realpath.1.gz", + "/usr/share/man/pt/man1/dpkg-split.1.gz", + "/usr/share/man/pt/man1/dpkg-statoverride.1.gz", + "/usr/share/man/pt/man1/dpkg-trigger.1.gz", + "/usr/share/man/pt/man1/dpkg.1.gz", + "/usr/share/man/pt/man1/update-alternatives.1.gz", + "/usr/share/man/pt/man5/dpkg.cfg.5.gz", + "/usr/share/man/pt/man8/start-stop-daemon.8.gz", + "/usr/share/man/sv/man1/dpkg-deb.1.gz", + "/usr/share/man/sv/man1/dpkg-divert.1.gz", + "/usr/share/man/sv/man1/dpkg-maintscript-helper.1.gz", + "/usr/share/man/sv/man1/dpkg-query.1.gz", + "/usr/share/man/sv/man1/dpkg-realpath.1.gz", + "/usr/share/man/sv/man1/dpkg-split.1.gz", + "/usr/share/man/sv/man1/dpkg-statoverride.1.gz", + "/usr/share/man/sv/man1/dpkg-trigger.1.gz", + "/usr/share/man/sv/man1/dpkg.1.gz", + "/usr/share/man/sv/man1/update-alternatives.1.gz", + "/usr/share/man/sv/man5/dpkg.cfg.5.gz", + "/usr/share/man/sv/man8/start-stop-daemon.8.gz", + "/usr/share/polkit-1/actions/org.dpkg.pkexec.update-alternatives.policy" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "findutils@4.10.0-3", + "Name": "findutils", + "Identifier": { + "PURL": "pkg:deb/debian/findutils@4.10.0-3?arch=amd64\u0026distro=debian-13.5", + "UID": "12e741692291b42a" + }, + "Version": "4.10.0", + "Release": "3", + "Arch": "amd64", + "SrcName": "findutils", + "SrcVersion": "4.10.0", + "SrcRelease": "3", + "Licenses": [ + "GFDL-1.3-no-invariants-or-later", + "GPL-3.0-or-later", + "FSFAP", + "GPL-2+ with Autoconf-data exception", + "GPL-3+ with Autoconf-data exception", + "FSFULLR", + "GPL-2.0-or-later", + "X11", + "public-domain", + "LGPL-2.1-or-later", + "GPL with automake exception", + "LGPL-2.0-or-later", + "LGPL-3.0-or-later", + "BSD-3-Clause", + "GPL-3+ with Bison-2.2 exception", + "LGPL-3.0-only", + "ISC", + "GFDL-1.3-only", + "GPL-2.0-only", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Andreas Metzler \u003cametzler@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/find", + "/usr/bin/xargs", + "/usr/share/doc-base/findutils.findutils", + "/usr/share/doc/findutils/NEWS.gz", + "/usr/share/doc/findutils/README.gz", + "/usr/share/doc/findutils/TODO", + "/usr/share/doc/findutils/changelog.Debian.gz", + "/usr/share/doc/findutils/changelog.gz", + "/usr/share/doc/findutils/copyright", + "/usr/share/info/find-maint.info.gz", + "/usr/share/info/find.info.gz", + "/usr/share/locale/be/LC_MESSAGES/findutils.mo", + "/usr/share/locale/bg/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ca/LC_MESSAGES/findutils.mo", + "/usr/share/locale/cs/LC_MESSAGES/findutils.mo", + "/usr/share/locale/da/LC_MESSAGES/findutils.mo", + "/usr/share/locale/de/LC_MESSAGES/findutils.mo", + "/usr/share/locale/el/LC_MESSAGES/findutils.mo", + "/usr/share/locale/eo/LC_MESSAGES/findutils.mo", + "/usr/share/locale/es/LC_MESSAGES/findutils.mo", + "/usr/share/locale/et/LC_MESSAGES/findutils.mo", + "/usr/share/locale/fi/LC_MESSAGES/findutils.mo", + "/usr/share/locale/fr/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ga/LC_MESSAGES/findutils.mo", + "/usr/share/locale/gl/LC_MESSAGES/findutils.mo", + "/usr/share/locale/hr/LC_MESSAGES/findutils.mo", + "/usr/share/locale/hu/LC_MESSAGES/findutils.mo", + "/usr/share/locale/id/LC_MESSAGES/findutils.mo", + "/usr/share/locale/it/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ja/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ka/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ko/LC_MESSAGES/findutils.mo", + "/usr/share/locale/lg/LC_MESSAGES/findutils.mo", + "/usr/share/locale/lt/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ms/LC_MESSAGES/findutils.mo", + "/usr/share/locale/nb/LC_MESSAGES/findutils.mo", + "/usr/share/locale/nl/LC_MESSAGES/findutils.mo", + "/usr/share/locale/pl/LC_MESSAGES/findutils.mo", + "/usr/share/locale/pt/LC_MESSAGES/findutils.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ro/LC_MESSAGES/findutils.mo", + "/usr/share/locale/ru/LC_MESSAGES/findutils.mo", + "/usr/share/locale/sk/LC_MESSAGES/findutils.mo", + "/usr/share/locale/sl/LC_MESSAGES/findutils.mo", + "/usr/share/locale/sr/LC_MESSAGES/findutils.mo", + "/usr/share/locale/sv/LC_MESSAGES/findutils.mo", + "/usr/share/locale/tr/LC_MESSAGES/findutils.mo", + "/usr/share/locale/uk/LC_MESSAGES/findutils.mo", + "/usr/share/locale/vi/LC_MESSAGES/findutils.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/findutils.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/findutils.mo", + "/usr/share/man/man1/find.1.gz", + "/usr/share/man/man1/xargs.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "gcc-14-base@14.2.0-19", + "Name": "gcc-14-base", + "Identifier": { + "PURL": "pkg:deb/debian/gcc-14-base@14.2.0-19?arch=amd64\u0026distro=debian-13.5", + "UID": "371c061d08215a1b" + }, + "Version": "14.2.0", + "Release": "19", + "Arch": "amd64", + "SrcName": "gcc-14", + "SrcVersion": "14.2.0", + "SrcRelease": "19", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-3.0-only", + "GFDL-1.2-only", + "Artistic-2.0", + "LGPL-2.0-or-later" + ], + "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/share/doc/gcc-14-base/README.Debian.amd64.gz", + "/usr/share/doc/gcc-14-base/TODO.Debian", + "/usr/share/doc/gcc-14-base/changelog.Debian.gz", + "/usr/share/doc/gcc-14-base/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "grep@3.11-4", + "Name": "grep", + "Identifier": { + "PURL": "pkg:deb/debian/grep@3.11-4?arch=amd64\u0026distro=debian-13.5", + "UID": "6ce8b4eed9c0d137" + }, + "Version": "3.11", + "Release": "4", + "Arch": "amd64", + "SrcName": "grep", + "SrcVersion": "3.11", + "SrcRelease": "4", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only" + ], + "Maintainer": "Anibal Monsalve Salazar \u003canibal@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/egrep", + "/usr/bin/fgrep", + "/usr/bin/grep", + "/usr/bin/rgrep", + "/usr/share/doc/grep/AUTHORS", + "/usr/share/doc/grep/NEWS.Debian.gz", + "/usr/share/doc/grep/NEWS.gz", + "/usr/share/doc/grep/README", + "/usr/share/doc/grep/THANKS.gz", + "/usr/share/doc/grep/TODO.gz", + "/usr/share/doc/grep/changelog.Debian.gz", + "/usr/share/doc/grep/changelog.gz", + "/usr/share/doc/grep/copyright", + "/usr/share/info/grep.info.gz", + "/usr/share/locale/af/LC_MESSAGES/grep.mo", + "/usr/share/locale/be/LC_MESSAGES/grep.mo", + "/usr/share/locale/bg/LC_MESSAGES/grep.mo", + "/usr/share/locale/ca/LC_MESSAGES/grep.mo", + "/usr/share/locale/cs/LC_MESSAGES/grep.mo", + "/usr/share/locale/da/LC_MESSAGES/grep.mo", + "/usr/share/locale/de/LC_MESSAGES/grep.mo", + "/usr/share/locale/el/LC_MESSAGES/grep.mo", + "/usr/share/locale/eo/LC_MESSAGES/grep.mo", + "/usr/share/locale/es/LC_MESSAGES/grep.mo", + "/usr/share/locale/et/LC_MESSAGES/grep.mo", + "/usr/share/locale/eu/LC_MESSAGES/grep.mo", + "/usr/share/locale/fi/LC_MESSAGES/grep.mo", + "/usr/share/locale/fr/LC_MESSAGES/grep.mo", + "/usr/share/locale/ga/LC_MESSAGES/grep.mo", + "/usr/share/locale/gl/LC_MESSAGES/grep.mo", + "/usr/share/locale/he/LC_MESSAGES/grep.mo", + "/usr/share/locale/hr/LC_MESSAGES/grep.mo", + "/usr/share/locale/hu/LC_MESSAGES/grep.mo", + "/usr/share/locale/id/LC_MESSAGES/grep.mo", + "/usr/share/locale/it/LC_MESSAGES/grep.mo", + "/usr/share/locale/ja/LC_MESSAGES/grep.mo", + "/usr/share/locale/ka/LC_MESSAGES/grep.mo", + "/usr/share/locale/ko/LC_MESSAGES/grep.mo", + "/usr/share/locale/ky/LC_MESSAGES/grep.mo", + "/usr/share/locale/lt/LC_MESSAGES/grep.mo", + "/usr/share/locale/nb/LC_MESSAGES/grep.mo", + "/usr/share/locale/nl/LC_MESSAGES/grep.mo", + "/usr/share/locale/pa/LC_MESSAGES/grep.mo", + "/usr/share/locale/pl/LC_MESSAGES/grep.mo", + "/usr/share/locale/pt/LC_MESSAGES/grep.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/grep.mo", + "/usr/share/locale/ro/LC_MESSAGES/grep.mo", + "/usr/share/locale/ru/LC_MESSAGES/grep.mo", + "/usr/share/locale/sk/LC_MESSAGES/grep.mo", + "/usr/share/locale/sl/LC_MESSAGES/grep.mo", + "/usr/share/locale/sr/LC_MESSAGES/grep.mo", + "/usr/share/locale/sv/LC_MESSAGES/grep.mo", + "/usr/share/locale/ta/LC_MESSAGES/grep.mo", + "/usr/share/locale/th/LC_MESSAGES/grep.mo", + "/usr/share/locale/tr/LC_MESSAGES/grep.mo", + "/usr/share/locale/uk/LC_MESSAGES/grep.mo", + "/usr/share/locale/vi/LC_MESSAGES/grep.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/grep.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/grep.mo", + "/usr/share/man/man1/grep.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "gzip@1.13-1", + "Name": "gzip", + "Identifier": { + "PURL": "pkg:deb/debian/gzip@1.13-1?arch=amd64\u0026distro=debian-13.5", + "UID": "954545ce99bc687e" + }, + "Version": "1.13", + "Release": "1", + "Arch": "amd64", + "SrcName": "gzip", + "SrcVersion": "1.13", + "SrcRelease": "1", + "Licenses": [ + "GPL-3.0-or-later", + "GFDL-1.3+-no-invariant", + "FSF-manpages", + "GPL-3.0-only", + "GFDL-3" + ], + "Maintainer": "Milan Kupcevic \u003cmilan@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/gunzip", + "/usr/bin/gzexe", + "/usr/bin/gzip", + "/usr/bin/zcat", + "/usr/bin/zcmp", + "/usr/bin/zdiff", + "/usr/bin/zegrep", + "/usr/bin/zfgrep", + "/usr/bin/zforce", + "/usr/bin/zgrep", + "/usr/bin/zless", + "/usr/bin/zmore", + "/usr/bin/znew", + "/usr/share/doc/gzip/NEWS.gz", + "/usr/share/doc/gzip/README.gz", + "/usr/share/doc/gzip/TODO", + "/usr/share/doc/gzip/changelog.Debian.gz", + "/usr/share/doc/gzip/changelog.gz", + "/usr/share/doc/gzip/copyright", + "/usr/share/info/gzip.info.gz", + "/usr/share/man/man1/gzexe.1.gz", + "/usr/share/man/man1/gzip.1.gz", + "/usr/share/man/man1/zdiff.1.gz", + "/usr/share/man/man1/zforce.1.gz", + "/usr/share/man/man1/zgrep.1.gz", + "/usr/share/man/man1/zless.1.gz", + "/usr/share/man/man1/zmore.1.gz", + "/usr/share/man/man1/znew.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "hostname@3.25", + "Name": "hostname", + "Identifier": { + "PURL": "pkg:deb/debian/hostname@3.25?arch=amd64\u0026distro=debian-13.5", + "UID": "641772722328aedf" + }, + "Version": "3.25", + "Arch": "amd64", + "SrcName": "hostname", + "SrcVersion": "3.25", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Michael Meskes \u003cmeskes@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/hostname", + "/usr/share/doc/hostname/changelog.gz", + "/usr/share/doc/hostname/copyright", + "/usr/share/man/man1/hostname.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "init-system-helpers@1.69~deb13u1", + "Name": "init-system-helpers", + "Identifier": { + "PURL": "pkg:deb/debian/init-system-helpers@1.69~deb13u1?arch=all\u0026distro=debian-13.5", + "UID": "cb52819ec2f1a236" + }, + "Version": "1.69~deb13u1", + "Arch": "all", + "SrcName": "init-system-helpers", + "SrcVersion": "1.69~deb13u1", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/deb-systemd-helper", + "/usr/bin/deb-systemd-invoke", + "/usr/sbin/invoke-rc.d", + "/usr/sbin/service", + "/usr/sbin/update-rc.d", + "/usr/share/bug/init-system-helpers/control", + "/usr/share/doc/init-system-helpers/README.invoke-rc.d.gz", + "/usr/share/doc/init-system-helpers/README.policy-rc.d.gz", + "/usr/share/doc/init-system-helpers/changelog.gz", + "/usr/share/doc/init-system-helpers/copyright", + "/usr/share/lintian/overrides/init-system-helpers", + "/usr/share/man/man1/deb-systemd-helper.1p.gz", + "/usr/share/man/man1/deb-systemd-invoke.1p.gz", + "/usr/share/man/man8/invoke-rc.d.8.gz", + "/usr/share/man/man8/service.8.gz", + "/usr/share/man/man8/update-rc.d.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libacl1@2.3.2-2+b1", + "Name": "libacl1", + "Identifier": { + "PURL": "pkg:deb/debian/libacl1@2.3.2-2%2Bb1?arch=amd64\u0026distro=debian-13.5", + "UID": "f9f7789d147b9636" + }, + "Version": "2.3.2", + "Release": "2+b1", + "Arch": "amd64", + "SrcName": "acl", + "SrcVersion": "2.3.2", + "SrcRelease": "2", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.0-or-later", + "LGPL-2.1-only" + ], + "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libacl.so.1.1.2302", + "/usr/share/doc/libacl1/changelog.Debian.amd64.gz", + "/usr/share/doc/libacl1/changelog.Debian.gz", + "/usr/share/doc/libacl1/changelog.gz", + "/usr/share/doc/libacl1/copyright", + "/usr/share/lintian/overrides/libacl1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libapt-pkg7.0@3.0.3", + "Name": "libapt-pkg7.0", + "Identifier": { + "PURL": "pkg:deb/debian/libapt-pkg7.0@3.0.3?arch=amd64\u0026distro=debian-13.5", + "UID": "5549812c55d79bea" + }, + "Version": "3.0.3", + "Arch": "amd64", + "SrcName": "apt", + "SrcVersion": "3.0.3", + "Licenses": [ + "GPL-2.0-or-later", + "curl", + "BSD-3-Clause", + "MIT", + "GPL-2.0-only" + ], + "Maintainer": "APT Development Team \u003cdeity@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libbz2-1.0@1.0.8-6", + "libc6@2.41-12+deb13u3", + "libgcc-s1@14.2.0-19", + "liblz4-1@1.10.0-4", + "liblzma5@5.8.1-1", + "libssl3t64@3.5.6-1~deb13u1", + "libstdc++6@14.2.0-19", + "libsystemd0@257.13-1~deb13u1", + "libudev1@257.13-1~deb13u1", + "libxxhash0@0.8.3-2", + "libzstd1@1.5.7+dfsg-1", + "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libapt-pkg.so.7.0.0", + "/usr/share/doc/libapt-pkg7.0/NEWS.Debian.gz", + "/usr/share/doc/libapt-pkg7.0/changelog.gz", + "/usr/share/doc/libapt-pkg7.0/copyright", + "/usr/share/locale/ar/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ast/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/bg/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/bs/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ca/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/cs/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/cy/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/da/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/de/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/dz/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/el/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/es/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/eu/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/fi/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/fr/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/gl/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/hu/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/it/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ja/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/km/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ko/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ku/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/lt/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/mr/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/nb/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ne/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/nl/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/nn/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/pl/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/pt/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ro/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/ru/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/sk/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/sl/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/sv/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/th/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/tl/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/tr/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/uk/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/vi/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/libapt-pkg7.0.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/libapt-pkg7.0.mo" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libattr1@1:2.5.2-3", + "Name": "libattr1", + "Identifier": { + "PURL": "pkg:deb/debian/libattr1@2.5.2-3?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "90d554a582a8683b" + }, + "Version": "2.5.2", + "Release": "3", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "attr", + "SrcVersion": "2.5.2", + "SrcRelease": "3", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.0-or-later", + "LGPL-2.1-only" + ], + "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libattr.so.1.1.2502", + "/usr/share/doc/libattr1/changelog.Debian.gz", + "/usr/share/doc/libattr1/changelog.gz", + "/usr/share/doc/libattr1/copyright", + "/usr/share/lintian/overrides/libattr1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libaudit-common@1:4.0.2-2", + "Name": "libaudit-common", + "Identifier": { + "PURL": "pkg:deb/debian/libaudit-common@4.0.2-2?arch=all\u0026distro=debian-13.5\u0026epoch=1", + "UID": "d20cd9a11d8e018d" + }, + "Version": "4.0.2", + "Release": "2", + "Epoch": 1, + "Arch": "all", + "SrcName": "audit", + "SrcVersion": "4.0.2", + "SrcRelease": "2", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.1-only", + "GPL-1.0-only" + ], + "Maintainer": "Laurent Bigonville \u003cbigon@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/share/doc/libaudit-common/changelog.Debian.gz", + "/usr/share/doc/libaudit-common/changelog.gz", + "/usr/share/doc/libaudit-common/copyright", + "/usr/share/man/man5/libaudit.conf.5.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libaudit1@1:4.0.2-2+b2", + "Name": "libaudit1", + "Identifier": { + "PURL": "pkg:deb/debian/libaudit1@4.0.2-2%2Bb2?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "c47a55b8e27ace3c" + }, + "Version": "4.0.2", + "Release": "2+b2", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "audit", + "SrcVersion": "4.0.2", + "SrcRelease": "2", + "SrcEpoch": 1, + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.1-only", + "GPL-1.0-only" + ], + "Maintainer": "Laurent Bigonville \u003cbigon@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit-common@1:4.0.2-2", + "libc6@2.41-12+deb13u3", + "libcap-ng0@0.8.5-4+b1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libaudit.so.1.0.0", + "/usr/share/doc/libaudit1/changelog.Debian.amd64.gz", + "/usr/share/doc/libaudit1/changelog.Debian.gz", + "/usr/share/doc/libaudit1/changelog.gz", + "/usr/share/doc/libaudit1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libblkid1@2.41-5", + "Name": "libblkid1", + "Identifier": { + "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "51bf0af8d40f4a01" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libblkid.so.1.1.0", + "/usr/share/doc/libblkid1/NEWS.Debian.gz", + "/usr/share/doc/libblkid1/changelog.Debian.gz", + "/usr/share/doc/libblkid1/changelog.gz", + "/usr/share/doc/libblkid1/copyright", + "/usr/share/lintian/overrides/libblkid1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libbsd0@0.12.2-2", + "Name": "libbsd0", + "Identifier": { + "PURL": "pkg:deb/debian/libbsd0@0.12.2-2?arch=amd64\u0026distro=debian-13.5", + "UID": "a8f4afa42f768363" + }, + "Version": "0.12.2", + "Release": "2", + "Arch": "amd64", + "SrcName": "libbsd", + "SrcVersion": "0.12.2", + "SrcRelease": "2", + "Licenses": [ + "BSD-3-Clause", + "BSD-3-clause-Regents", + "BSD-2-Clause-NetBSD", + "BSD-3-clause-author", + "BSD-3-clause-John-Birrell", + "BSD-5-clause-Peter-Wemm", + "BSD-2-Clause", + "BSD-2-clause-verbatim", + "BSD-2-clause-author", + "ISC", + "ISC-Original", + "MIT", + "public-domain", + "Beerware" + ], + "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libmd0@1.1.0-2+b1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libbsd.so.0.12.2", + "/usr/share/doc/libbsd0/changelog.Debian.gz", + "/usr/share/doc/libbsd0/changelog.gz", + "/usr/share/doc/libbsd0/copyright", + "/usr/share/lintian/overrides/libbsd0" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libbz2-1.0@1.0.8-6", + "Name": "libbz2-1.0", + "Identifier": { + "PURL": "pkg:deb/debian/libbz2-1.0@1.0.8-6?arch=amd64\u0026distro=debian-13.5", + "UID": "2da429aca83dde92" + }, + "Version": "1.0.8", + "Release": "6", + "Arch": "amd64", + "SrcName": "bzip2", + "SrcVersion": "1.0.8", + "SrcRelease": "6", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only" + ], + "Maintainer": "Anibal Monsalve Salazar \u003canibal@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libbz2.so.1.0.4", + "/usr/share/doc/libbz2-1.0/changelog.Debian.gz", + "/usr/share/doc/libbz2-1.0/changelog.gz", + "/usr/share/doc/libbz2-1.0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libc-bin@2.41-12+deb13u3", + "Name": "libc-bin", + "Identifier": { + "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "c45af597301c8c0b" + }, + "Version": "2.41", + "Release": "12+deb13u3", + "Arch": "amd64", + "SrcName": "glibc", + "SrcVersion": "2.41", + "SrcRelease": "12+deb13u3", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.0-or-later", + "LGPL-2.1+-with-link-exception", + "LGPL-3.0-or-later", + "GPL-2.0-or-later", + "GPL-2+-with-link-exception", + "GPL-2.0-only", + "GPL-3.0-or-later", + "FSFAP", + "Carnegie", + "Inner-Net", + "MIT-like-Lord", + "BSD-like-Spencer", + "PCRE", + "BSD-3-clause-Carnegie", + "Unicode-DFS-2016", + "BSL-1.0", + "SunPro", + "CORE-MATH", + "BSD-3-clause-Berkeley", + "BSD-3-clause-WIDE", + "BSD-2-Clause", + "BSD-3-clause-Oracle", + "DEC", + "IBM", + "ISC", + "Univ-Coimbra", + "public-domain", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/getconf", + "/usr/bin/getent", + "/usr/bin/iconv", + "/usr/bin/ldd", + "/usr/bin/locale", + "/usr/bin/localedef", + "/usr/bin/pldd", + "/usr/bin/tzselect", + "/usr/bin/zdump", + "/usr/lib/locale/C.utf8/LC_ADDRESS", + "/usr/lib/locale/C.utf8/LC_COLLATE", + "/usr/lib/locale/C.utf8/LC_CTYPE", + "/usr/lib/locale/C.utf8/LC_IDENTIFICATION", + "/usr/lib/locale/C.utf8/LC_MEASUREMENT", + "/usr/lib/locale/C.utf8/LC_MESSAGES/SYS_LC_MESSAGES", + "/usr/lib/locale/C.utf8/LC_MONETARY", + "/usr/lib/locale/C.utf8/LC_NAME", + "/usr/lib/locale/C.utf8/LC_NUMERIC", + "/usr/lib/locale/C.utf8/LC_PAPER", + "/usr/lib/locale/C.utf8/LC_TELEPHONE", + "/usr/lib/locale/C.utf8/LC_TIME", + "/usr/sbin/iconvconfig", + "/usr/sbin/ldconfig", + "/usr/sbin/zic", + "/usr/share/doc/libc-bin/changelog.Debian.gz", + "/usr/share/doc/libc-bin/changelog.gz", + "/usr/share/doc/libc-bin/copyright", + "/usr/share/libc-bin/nsswitch.conf", + "/usr/share/lintian/overrides/libc-bin", + "/usr/share/man/man1/getconf.1.gz", + "/usr/share/man/man1/tzselect.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libc6@2.41-12+deb13u3", + "Name": "libc6", + "Identifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "2a1acf211abcdd46" + }, + "Version": "2.41", + "Release": "12+deb13u3", + "Arch": "amd64", + "SrcName": "glibc", + "SrcVersion": "2.41", + "SrcRelease": "12+deb13u3", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.0-or-later", + "LGPL-2.1+-with-link-exception", + "LGPL-3.0-or-later", + "GPL-2.0-or-later", + "GPL-2+-with-link-exception", + "GPL-2.0-only", + "GPL-3.0-or-later", + "FSFAP", + "Carnegie", + "Inner-Net", + "MIT-like-Lord", + "BSD-like-Spencer", + "PCRE", + "BSD-3-clause-Carnegie", + "Unicode-DFS-2016", + "BSL-1.0", + "SunPro", + "CORE-MATH", + "BSD-3-clause-Berkeley", + "BSD-3-clause-WIDE", + "BSD-2-Clause", + "BSD-3-clause-Oracle", + "DEC", + "IBM", + "ISC", + "Univ-Coimbra", + "public-domain", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libgcc-s1@14.2.0-19" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/gconv/ANSI_X3.110.so", + "/usr/lib/x86_64-linux-gnu/gconv/ARMSCII-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/ASMO_449.so", + "/usr/lib/x86_64-linux-gnu/gconv/BIG5.so", + "/usr/lib/x86_64-linux-gnu/gconv/BIG5HKSCS.so", + "/usr/lib/x86_64-linux-gnu/gconv/BRF.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP10007.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1125.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1250.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1251.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1252.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1253.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1254.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1255.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1256.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1257.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP1258.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP737.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP770.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP771.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP772.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP773.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP774.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP775.so", + "/usr/lib/x86_64-linux-gnu/gconv/CP932.so", + "/usr/lib/x86_64-linux-gnu/gconv/CSN_369103.so", + "/usr/lib/x86_64-linux-gnu/gconv/CWI.so", + "/usr/lib/x86_64-linux-gnu/gconv/DEC-MCS.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-CA-FR.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-S.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE-A.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FR.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IS-FRISS.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IT.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-PT.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-UK.so", + "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-US.so", + "/usr/lib/x86_64-linux-gnu/gconv/ECMA-CYRILLIC.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-CN.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-JISX0213.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP-MS.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-KR.so", + "/usr/lib/x86_64-linux-gnu/gconv/EUC-TW.so", + "/usr/lib/x86_64-linux-gnu/gconv/GB18030.so", + "/usr/lib/x86_64-linux-gnu/gconv/GBBIG5.so", + "/usr/lib/x86_64-linux-gnu/gconv/GBGBK.so", + "/usr/lib/x86_64-linux-gnu/gconv/GBK.so", + "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-ACADEMY.so", + "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-PS.so", + "/usr/lib/x86_64-linux-gnu/gconv/GOST_19768-74.so", + "/usr/lib/x86_64-linux-gnu/gconv/GREEK-CCITT.so", + "/usr/lib/x86_64-linux-gnu/gconv/GREEK7-OLD.so", + "/usr/lib/x86_64-linux-gnu/gconv/GREEK7.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-GREEK8.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN8.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN9.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-THAI8.so", + "/usr/lib/x86_64-linux-gnu/gconv/HP-TURKISH8.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM037.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM038.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1004.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1008.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1008_420.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1025.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1026.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1046.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1047.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1097.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1112.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1122.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1123.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1124.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1129.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1130.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1132.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1133.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1137.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1140.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1141.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1142.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1143.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1144.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1145.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1146.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1147.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1148.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1149.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1153.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1154.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1155.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1156.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1157.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1158.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1160.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1161.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1162.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1163.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1164.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1166.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1167.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM12712.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1364.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1371.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1388.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1390.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM1399.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM16804.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM256.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM273.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM274.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM275.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM277.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM278.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM280.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM281.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM284.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM285.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM290.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM297.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM420.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM423.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM424.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM437.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4517.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4899.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4909.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM4971.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM500.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM5347.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM803.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM850.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM851.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM852.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM855.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM856.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM857.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM858.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM860.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM861.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM862.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM863.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM864.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM865.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM866.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM866NAV.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM868.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM869.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM870.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM871.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM874.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM875.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM880.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM891.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM901.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM902.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM903.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM9030.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM904.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM905.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM9066.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM918.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM921.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM922.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM930.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM932.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM933.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM935.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM937.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM939.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM943.so", + "/usr/lib/x86_64-linux-gnu/gconv/IBM9448.so", + "/usr/lib/x86_64-linux-gnu/gconv/IEC_P27-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/INIS-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/INIS-CYRILLIC.so", + "/usr/lib/x86_64-linux-gnu/gconv/INIS.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISIRI-3342.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN-EXT.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP-3.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-KR.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-197.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-209.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO646.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-10.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-11.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-13.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-14.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-15.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-16.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-2.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-3.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-4.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-5.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-6.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-7.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9E.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_10367-BOX.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_11548-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_2033.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427-EXT.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_5428.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937-2.so", + "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937.so", + "/usr/lib/x86_64-linux-gnu/gconv/JOHAB.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI-8.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-R.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-RU.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-T.so", + "/usr/lib/x86_64-linux-gnu/gconv/KOI8-U.so", + "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-CENTRALEUROPE.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-IS.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-SAMI.so", + "/usr/lib/x86_64-linux-gnu/gconv/MAC-UK.so", + "/usr/lib/x86_64-linux-gnu/gconv/MACINTOSH.so", + "/usr/lib/x86_64-linux-gnu/gconv/MIK.so", + "/usr/lib/x86_64-linux-gnu/gconv/NATS-DANO.so", + "/usr/lib/x86_64-linux-gnu/gconv/NATS-SEFI.so", + "/usr/lib/x86_64-linux-gnu/gconv/PT154.so", + "/usr/lib/x86_64-linux-gnu/gconv/RK1048.so", + "/usr/lib/x86_64-linux-gnu/gconv/SAMI-WS2.so", + "/usr/lib/x86_64-linux-gnu/gconv/SHIFT_JISX0213.so", + "/usr/lib/x86_64-linux-gnu/gconv/SJIS.so", + "/usr/lib/x86_64-linux-gnu/gconv/T.61.so", + "/usr/lib/x86_64-linux-gnu/gconv/TCVN5712-1.so", + "/usr/lib/x86_64-linux-gnu/gconv/TIS-620.so", + "/usr/lib/x86_64-linux-gnu/gconv/TSCII.so", + "/usr/lib/x86_64-linux-gnu/gconv/UHC.so", + "/usr/lib/x86_64-linux-gnu/gconv/UNICODE.so", + "/usr/lib/x86_64-linux-gnu/gconv/UTF-16.so", + "/usr/lib/x86_64-linux-gnu/gconv/UTF-32.so", + "/usr/lib/x86_64-linux-gnu/gconv/UTF-7.so", + "/usr/lib/x86_64-linux-gnu/gconv/VISCII.so", + "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules", + "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache", + "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.d/gconv-modules-extra.conf", + "/usr/lib/x86_64-linux-gnu/gconv/libCNS.so", + "/usr/lib/x86_64-linux-gnu/gconv/libGB.so", + "/usr/lib/x86_64-linux-gnu/gconv/libISOIR165.so", + "/usr/lib/x86_64-linux-gnu/gconv/libJIS.so", + "/usr/lib/x86_64-linux-gnu/gconv/libJISX0213.so", + "/usr/lib/x86_64-linux-gnu/gconv/libKSC.so", + "/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2", + "/usr/lib/x86_64-linux-gnu/libBrokenLocale.so.1", + "/usr/lib/x86_64-linux-gnu/libanl.so.1", + "/usr/lib/x86_64-linux-gnu/libc.so.6", + "/usr/lib/x86_64-linux-gnu/libc_malloc_debug.so.0", + "/usr/lib/x86_64-linux-gnu/libdl.so.2", + "/usr/lib/x86_64-linux-gnu/libm.so.6", + "/usr/lib/x86_64-linux-gnu/libmemusage.so", + "/usr/lib/x86_64-linux-gnu/libmvec.so.1", + "/usr/lib/x86_64-linux-gnu/libnsl.so.1", + "/usr/lib/x86_64-linux-gnu/libnss_compat.so.2", + "/usr/lib/x86_64-linux-gnu/libnss_dns.so.2", + "/usr/lib/x86_64-linux-gnu/libnss_files.so.2", + "/usr/lib/x86_64-linux-gnu/libnss_hesiod.so.2", + "/usr/lib/x86_64-linux-gnu/libpcprofile.so", + "/usr/lib/x86_64-linux-gnu/libpthread.so.0", + "/usr/lib/x86_64-linux-gnu/libresolv.so.2", + "/usr/lib/x86_64-linux-gnu/librt.so.1", + "/usr/lib/x86_64-linux-gnu/libthread_db.so.1", + "/usr/lib/x86_64-linux-gnu/libutil.so.1", + "/usr/share/doc/libc6/NEWS.Debian.gz", + "/usr/share/doc/libc6/NEWS.gz", + "/usr/share/doc/libc6/README.Debian.gz", + "/usr/share/doc/libc6/README.hesiod.gz", + "/usr/share/doc/libc6/changelog.Debian.gz", + "/usr/share/doc/libc6/changelog.gz", + "/usr/share/doc/libc6/copyright", + "/usr/share/lintian/overrides/libc6" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcap-ng0@0.8.5-4+b1", + "Name": "libcap-ng0", + "Identifier": { + "PURL": "pkg:deb/debian/libcap-ng0@0.8.5-4%2Bb1?arch=amd64\u0026distro=debian-13.5", + "UID": "9b7c2d5667513e48" + }, + "Version": "0.8.5", + "Release": "4+b1", + "Arch": "amd64", + "SrcName": "libcap-ng", + "SrcVersion": "0.8.5", + "SrcRelease": "4", + "Licenses": [ + "LGPL-2.1-or-later", + "GPL-2.0-or-later", + "GPL-3.0-only", + "LGPL-2.1-only", + "GPL-2.0-only" + ], + "Maintainer": "Håvard F. Aasen \u003chavard.f.aasen@pfft.no\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0", + "/usr/lib/x86_64-linux-gnu/libdrop_ambient.so.0.0.0", + "/usr/share/doc/libcap-ng0/changelog.Debian.amd64.gz", + "/usr/share/doc/libcap-ng0/changelog.Debian.gz", + "/usr/share/doc/libcap-ng0/changelog.gz", + "/usr/share/doc/libcap-ng0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcap2@1:2.75-10+deb13u1+b1", + "Name": "libcap2", + "Identifier": { + "PURL": "pkg:deb/debian/libcap2@2.75-10%2Bdeb13u1%2Bb1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "7cefa0399e4d88d4" + }, + "Version": "2.75", + "Release": "10+deb13u1+b1", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "libcap2", + "SrcVersion": "2.75", + "SrcRelease": "10+deb13u1", + "SrcEpoch": 1, + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only", + "GPL-2.0-or-later" + ], + "Maintainer": "Christian Kastner \u003cckk@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libcap.so.2.75", + "/usr/lib/x86_64-linux-gnu/libpsx.so.2.75", + "/usr/share/doc/libcap2/changelog.Debian.amd64.gz", + "/usr/share/doc/libcap2/changelog.Debian.gz", + "/usr/share/doc/libcap2/changelog.gz", + "/usr/share/doc/libcap2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libcrypt1@1:4.4.38-1", + "Name": "libcrypt1", + "Identifier": { + "PURL": "pkg:deb/debian/libcrypt1@4.4.38-1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "afe984ba824f92ac" + }, + "Version": "4.4.38", + "Release": "1", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "libxcrypt", + "SrcVersion": "4.4.38", + "SrcRelease": "1", + "SrcEpoch": 1, + "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0", + "/usr/share/doc/libcrypt1/changelog.Debian.gz", + "/usr/share/doc/libcrypt1/changelog.gz", + "/usr/share/doc/libcrypt1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libdb5.3t64@5.3.28+dfsg2-9", + "Name": "libdb5.3t64", + "Identifier": { + "PURL": "pkg:deb/debian/libdb5.3t64@5.3.28%2Bdfsg2-9?arch=amd64\u0026distro=debian-13.5", + "UID": "2f5f1c2fd77295dc" + }, + "Version": "5.3.28+dfsg2", + "Release": "9", + "Arch": "amd64", + "SrcName": "db5.3", + "SrcVersion": "5.3.28+dfsg2", + "SrcRelease": "9", + "Licenses": [ + "Sleepycat", + "BSD-3-Clause", + "MS-PL", + "GPL-2.0-or-later", + "Artistic-2.0", + "X11", + "MIT-old", + "TCL-like", + "BSD-3-clause-fjord", + "GPL-3.0-only", + "Zlib" + ], + "Maintainer": "Debian QA Group \u003cpackages@qa.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libdb-5.3.so", + "/usr/share/doc/libdb5.3t64/build_signature_amd64.txt", + "/usr/share/doc/libdb5.3t64/changelog.Debian.gz", + "/usr/share/doc/libdb5.3t64/copyright", + "/usr/share/lintian/overrides/libdb5.3t64" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libdebconfclient0@0.280", + "Name": "libdebconfclient0", + "Identifier": { + "PURL": "pkg:deb/debian/libdebconfclient0@0.280?arch=amd64\u0026distro=debian-13.5", + "UID": "fcad452fa456130" + }, + "Version": "0.280", + "Arch": "amd64", + "SrcName": "cdebconf", + "SrcVersion": "0.280", + "Licenses": [ + "BSD-2-Clause", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Debian Install System Team \u003cdebian-boot@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libdebconfclient.so.0.0.0", + "/usr/share/doc/libdebconfclient0/changelog.gz", + "/usr/share/doc/libdebconfclient0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libffi8@3.4.8-2", + "Name": "libffi8", + "Identifier": { + "PURL": "pkg:deb/debian/libffi8@3.4.8-2?arch=amd64\u0026distro=debian-13.5", + "UID": "e57a61a9119138e1" + }, + "Version": "3.4.8", + "Release": "2", + "Arch": "amd64", + "SrcName": "libffi", + "SrcVersion": "3.4.8", + "SrcRelease": "2", + "Licenses": [ + "MIT", + "X11", + "GPL-2.0-or-later", + "GPL-3.0-or-later", + "MPL-1.1", + "LGPL-2.1-or-later", + "public-domain" + ], + "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libffi.so.8.1.4", + "/usr/share/doc/libffi8/changelog.Debian.gz", + "/usr/share/doc/libffi8/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgcc-s1@14.2.0-19", + "Name": "libgcc-s1", + "Identifier": { + "PURL": "pkg:deb/debian/libgcc-s1@14.2.0-19?arch=amd64\u0026distro=debian-13.5", + "UID": "6ebf985ba3bd76f3" + }, + "Version": "14.2.0", + "Release": "19", + "Arch": "amd64", + "SrcName": "gcc-14", + "SrcVersion": "14.2.0", + "SrcRelease": "19", + "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "gcc-14-base@14.2.0-19", + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgcc_s.so.1", + "/usr/share/lintian/overrides/libgcc-s1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgdbm6t64@1.24-2", + "Name": "libgdbm6t64", + "Identifier": { + "PURL": "pkg:deb/debian/libgdbm6t64@1.24-2?arch=amd64\u0026distro=debian-13.5", + "UID": "a978781f1be6197e" + }, + "Version": "1.24", + "Release": "2", + "Arch": "amd64", + "SrcName": "gdbm", + "SrcVersion": "1.24", + "SrcRelease": "2", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-2.0-or-later", + "GFDL-1.3-no-invariants-or-later", + "GPL-3.0-only", + "GPL-2.0-only" + ], + "Maintainer": "Nicolas Mora \u003cbabelouest@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgdbm.so.6.0.0", + "/usr/share/doc/libgdbm6t64/changelog.Debian.gz", + "/usr/share/doc/libgdbm6t64/changelog.gz", + "/usr/share/doc/libgdbm6t64/copyright", + "/usr/share/lintian/overrides/libgdbm6t64" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libgmp10@2:6.3.0+dfsg-3", + "Name": "libgmp10", + "Identifier": { + "PURL": "pkg:deb/debian/libgmp10@6.3.0%2Bdfsg-3?arch=amd64\u0026distro=debian-13.5\u0026epoch=2", + "UID": "fec85c1b440262e2" + }, + "Version": "6.3.0+dfsg", + "Release": "3", + "Epoch": 2, + "Arch": "amd64", + "SrcName": "gmp", + "SrcVersion": "6.3.0+dfsg", + "SrcRelease": "3", + "SrcEpoch": 2, + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-3.0-or-later", + "GPL-3.0-or-later", + "GPL-3+ with Bison exception", + "GPL-2.0-only", + "GPL-3.0-only", + "LGPL-3.0-only" + ], + "Maintainer": "Debian Science Maintainers \u003cdebian-science-maintainers@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libgmp.so.10.5.0", + "/usr/share/doc/libgmp10/README.Debian", + "/usr/share/doc/libgmp10/changelog.Debian.gz", + "/usr/share/doc/libgmp10/changelog.gz", + "/usr/share/doc/libgmp10/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libhogweed6t64@3.10.1-1", + "Name": "libhogweed6t64", + "Identifier": { + "PURL": "pkg:deb/debian/libhogweed6t64@3.10.1-1?arch=amd64\u0026distro=debian-13.5", + "UID": "8a048285d77ff6c0" + }, + "Version": "3.10.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "nettle", + "SrcVersion": "3.10.1", + "SrcRelease": "1", + "Licenses": [ + "LGPL-3.0-or-later", + "GPL-2.0-or-later", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "MIT", + "GPL-3.0-with-autoconf-exception+", + "public-domain", + "GPL-2.0-only", + "GAP" + ], + "Maintainer": "Magnus Holmgren \u003cholmgren@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libgmp10@2:6.3.0+dfsg-3", + "libnettle8t64@3.10.1-1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libhogweed.so.6.10", + "/usr/share/doc/libhogweed6t64/changelog.Debian.gz", + "/usr/share/doc/libhogweed6t64/changelog.gz", + "/usr/share/doc/libhogweed6t64/copyright", + "/usr/share/lintian/overrides/libhogweed6t64" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "liblastlog2-2@2.41-5", + "Name": "liblastlog2-2", + "Identifier": { + "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "eb4f5430aea34a10" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libsqlite3-0@3.46.1-7+deb13u1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/liblastlog2.so.2.0.0", + "/usr/share/doc/liblastlog2-2/NEWS.Debian.gz", + "/usr/share/doc/liblastlog2-2/changelog.Debian.gz", + "/usr/share/doc/liblastlog2-2/changelog.gz", + "/usr/share/doc/liblastlog2-2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "liblz4-1@1.10.0-4", + "Name": "liblz4-1", + "Identifier": { + "PURL": "pkg:deb/debian/liblz4-1@1.10.0-4?arch=amd64\u0026distro=debian-13.5", + "UID": "c31b43410c927de" + }, + "Version": "1.10.0", + "Release": "4", + "Arch": "amd64", + "SrcName": "lz4", + "SrcVersion": "1.10.0", + "SrcRelease": "4", + "Licenses": [ + "GPL-2.0-or-later", + "BSD-2-Clause", + "GPL-2.0-only" + ], + "Maintainer": "Nobuhiro Iwamatsu \u003ciwamatsu@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libxxhash0@0.8.3-2" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/liblz4.so.1.10.0", + "/usr/share/doc/liblz4-1/changelog.Debian.gz", + "/usr/share/doc/liblz4-1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "liblzma5@5.8.1-1", + "Name": "liblzma5", + "Identifier": { + "PURL": "pkg:deb/debian/liblzma5@5.8.1-1?arch=amd64\u0026distro=debian-13.5", + "UID": "d7b58e04f1a265ed" + }, + "Version": "5.8.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "xz-utils", + "SrcVersion": "5.8.1", + "SrcRelease": "1", + "Licenses": [ + "0BSD", + "GPL-2.0-or-later", + "LGPL-2.1-or-later", + "FSFULLR", + "GPL-3.0-or-later-WITH-Autoconf-exception-macro", + "none", + "PD", + "permissive-nowarranty", + "FSFUL", + "noderivs", + "PD-debian", + "LGPL-2.1-only", + "GPL-2.0-only", + "GPL-3.0-only" + ], + "Maintainer": "Sebastian Andrzej Siewior \u003csebastian@breakpoint.cc\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/liblzma.so.5.8.1", + "/usr/share/doc/liblzma5/AUTHORS", + "/usr/share/doc/liblzma5/NEWS.gz", + "/usr/share/doc/liblzma5/THANKS.gz", + "/usr/share/doc/liblzma5/changelog.Debian.gz", + "/usr/share/doc/liblzma5/changelog.gz", + "/usr/share/doc/liblzma5/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libmd0@1.1.0-2+b1", + "Name": "libmd0", + "Identifier": { + "PURL": "pkg:deb/debian/libmd0@1.1.0-2%2Bb1?arch=amd64\u0026distro=debian-13.5", + "UID": "f3971c5b48c68b3c" + }, + "Version": "1.1.0", + "Release": "2+b1", + "Arch": "amd64", + "SrcName": "libmd", + "SrcVersion": "1.1.0", + "SrcRelease": "2", + "Licenses": [ + "BSD-3-Clause", + "BSD-3-clause-Aaron-D-Gifford", + "BSD-2-Clause", + "BSD-2-Clause-NetBSD", + "ISC", + "Beerware", + "public-domain-md4", + "public-domain-md5", + "public-domain-sha1" + ], + "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libmd.so.0.1.0", + "/usr/share/doc/libmd0/changelog.Debian.amd64.gz", + "/usr/share/doc/libmd0/changelog.Debian.gz", + "/usr/share/doc/libmd0/changelog.gz", + "/usr/share/doc/libmd0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libmount1@2.41-5", + "Name": "libmount1", + "Identifier": { + "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "84ccd0371833b76" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libblkid1@2.41-5", + "libc6@2.41-12+deb13u3", + "libselinux1@3.8.1-1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libmount.so.1.1.0", + "/usr/share/doc/libmount1/NEWS.Debian.gz", + "/usr/share/doc/libmount1/changelog.Debian.gz", + "/usr/share/doc/libmount1/changelog.gz", + "/usr/share/doc/libmount1/copyright", + "/usr/share/lintian/overrides/libmount1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libncursesw6@6.5+20250216-2", + "Name": "libncursesw6", + "Identifier": { + "PURL": "pkg:deb/debian/libncursesw6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", + "UID": "5efa2a2068c240d8" + }, + "Version": "6.5+20250216", + "Release": "2", + "Arch": "amd64", + "SrcName": "ncurses", + "SrcVersion": "6.5+20250216", + "SrcRelease": "2", + "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libtinfo6@6.5+20250216-2" + ], + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libformw.so.6.5", + "/usr/lib/x86_64-linux-gnu/libmenuw.so.6.5", + "/usr/lib/x86_64-linux-gnu/libncursesw.so.6.5", + "/usr/lib/x86_64-linux-gnu/libpanelw.so.6.5" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libnettle8t64@3.10.1-1", + "Name": "libnettle8t64", + "Identifier": { + "PURL": "pkg:deb/debian/libnettle8t64@3.10.1-1?arch=amd64\u0026distro=debian-13.5", + "UID": "fd78e15d23b25c1f" + }, + "Version": "3.10.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "nettle", + "SrcVersion": "3.10.1", + "SrcRelease": "1", + "Licenses": [ + "LGPL-3.0-or-later", + "GPL-2.0-or-later", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "MIT", + "GPL-3.0-with-autoconf-exception+", + "public-domain", + "GPL-2.0-only", + "GAP" + ], + "Maintainer": "Magnus Holmgren \u003cholmgren@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libnettle.so.8.10", + "/usr/share/doc/libnettle8t64/NEWS.gz", + "/usr/share/doc/libnettle8t64/README", + "/usr/share/doc/libnettle8t64/changelog.Debian.gz", + "/usr/share/doc/libnettle8t64/changelog.gz", + "/usr/share/doc/libnettle8t64/copyright", + "/usr/share/lintian/overrides/libnettle8t64" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam-modules@1.7.0-5", + "Name": "libpam-modules", + "Identifier": { + "PURL": "pkg:deb/debian/libpam-modules@1.7.0-5?arch=amd64\u0026distro=debian-13.5", + "UID": "274a704398461ef0" + }, + "Version": "1.7.0", + "Release": "5", + "Arch": "amd64", + "SrcName": "pam", + "SrcVersion": "1.7.0", + "SrcRelease": "5", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-1.0-only", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "BSD-tcp_wrappers", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "public-domain", + "Beerware" + ], + "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/security/pam_access.so", + "/usr/lib/x86_64-linux-gnu/security/pam_canonicalize_user.so", + "/usr/lib/x86_64-linux-gnu/security/pam_debug.so", + "/usr/lib/x86_64-linux-gnu/security/pam_deny.so", + "/usr/lib/x86_64-linux-gnu/security/pam_echo.so", + "/usr/lib/x86_64-linux-gnu/security/pam_env.so", + "/usr/lib/x86_64-linux-gnu/security/pam_exec.so", + "/usr/lib/x86_64-linux-gnu/security/pam_faildelay.so", + "/usr/lib/x86_64-linux-gnu/security/pam_faillock.so", + "/usr/lib/x86_64-linux-gnu/security/pam_filter.so", + "/usr/lib/x86_64-linux-gnu/security/pam_ftp.so", + "/usr/lib/x86_64-linux-gnu/security/pam_group.so", + "/usr/lib/x86_64-linux-gnu/security/pam_issue.so", + "/usr/lib/x86_64-linux-gnu/security/pam_keyinit.so", + "/usr/lib/x86_64-linux-gnu/security/pam_limits.so", + "/usr/lib/x86_64-linux-gnu/security/pam_listfile.so", + "/usr/lib/x86_64-linux-gnu/security/pam_localuser.so", + "/usr/lib/x86_64-linux-gnu/security/pam_loginuid.so", + "/usr/lib/x86_64-linux-gnu/security/pam_mail.so", + "/usr/lib/x86_64-linux-gnu/security/pam_mkhomedir.so", + "/usr/lib/x86_64-linux-gnu/security/pam_motd.so", + "/usr/lib/x86_64-linux-gnu/security/pam_namespace.so", + "/usr/lib/x86_64-linux-gnu/security/pam_nologin.so", + "/usr/lib/x86_64-linux-gnu/security/pam_permit.so", + "/usr/lib/x86_64-linux-gnu/security/pam_pwhistory.so", + "/usr/lib/x86_64-linux-gnu/security/pam_rhosts.so", + "/usr/lib/x86_64-linux-gnu/security/pam_rootok.so", + "/usr/lib/x86_64-linux-gnu/security/pam_securetty.so", + "/usr/lib/x86_64-linux-gnu/security/pam_selinux.so", + "/usr/lib/x86_64-linux-gnu/security/pam_sepermit.so", + "/usr/lib/x86_64-linux-gnu/security/pam_setquota.so", + "/usr/lib/x86_64-linux-gnu/security/pam_shells.so", + "/usr/lib/x86_64-linux-gnu/security/pam_stress.so", + "/usr/lib/x86_64-linux-gnu/security/pam_succeed_if.so", + "/usr/lib/x86_64-linux-gnu/security/pam_time.so", + "/usr/lib/x86_64-linux-gnu/security/pam_timestamp.so", + "/usr/lib/x86_64-linux-gnu/security/pam_tty_audit.so", + "/usr/lib/x86_64-linux-gnu/security/pam_umask.so", + "/usr/lib/x86_64-linux-gnu/security/pam_unix.so", + "/usr/lib/x86_64-linux-gnu/security/pam_userdb.so", + "/usr/lib/x86_64-linux-gnu/security/pam_usertype.so", + "/usr/lib/x86_64-linux-gnu/security/pam_warn.so", + "/usr/lib/x86_64-linux-gnu/security/pam_wheel.so", + "/usr/lib/x86_64-linux-gnu/security/pam_xauth.so", + "/usr/share/doc/libpam-modules/NEWS.Debian.gz", + "/usr/share/doc/libpam-modules/changelog.Debian.gz", + "/usr/share/doc/libpam-modules/changelog.gz", + "/usr/share/doc/libpam-modules/copyright", + "/usr/share/doc/libpam-modules/examples/upperLOWER.c", + "/usr/share/lintian/overrides/libpam-modules", + "/usr/share/pam-configs/mkhomedir" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam-modules-bin@1.7.0-5", + "Name": "libpam-modules-bin", + "Identifier": { + "PURL": "pkg:deb/debian/libpam-modules-bin@1.7.0-5?arch=amd64\u0026distro=debian-13.5", + "UID": "c9cbae9084b28bae" + }, + "Version": "1.7.0", + "Release": "5", + "Arch": "amd64", + "SrcName": "pam", + "SrcVersion": "1.7.0", + "SrcRelease": "5", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-1.0-only", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "BSD-tcp_wrappers", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "public-domain", + "Beerware" + ], + "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit1@1:4.0.2-2+b2", + "libc6@2.41-12+deb13u3", + "libcrypt1@1:4.4.38-1", + "libpam0g@1.7.0-5", + "libselinux1@3.8.1-1", + "libsystemd0@257.13-1~deb13u1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/systemd/system/pam_namespace.service", + "/usr/sbin/faillock", + "/usr/sbin/mkhomedir_helper", + "/usr/sbin/pam_namespace_helper", + "/usr/sbin/pam_timestamp_check", + "/usr/sbin/pwhistory_helper", + "/usr/sbin/unix_chkpwd", + "/usr/sbin/unix_update", + "/usr/share/doc/libpam-modules-bin/changelog.Debian.gz", + "/usr/share/doc/libpam-modules-bin/changelog.gz", + "/usr/share/doc/libpam-modules-bin/copyright", + "/usr/share/lintian/overrides/libpam-modules-bin" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam-runtime@1.7.0-5", + "Name": "libpam-runtime", + "Identifier": { + "PURL": "pkg:deb/debian/libpam-runtime@1.7.0-5?arch=all\u0026distro=debian-13.5", + "UID": "1d4f3eaf1c0f9548" + }, + "Version": "1.7.0", + "Release": "5", + "Arch": "all", + "SrcName": "pam", + "SrcVersion": "1.7.0", + "SrcRelease": "5", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-1.0-only", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "BSD-tcp_wrappers", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "public-domain", + "Beerware" + ], + "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.91", + "libpam-modules@1.7.0-5" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/sbin/pam-auth-update", + "/usr/sbin/pam_getenv", + "/usr/share/doc/libpam-runtime/changelog.Debian.gz", + "/usr/share/doc/libpam-runtime/changelog.gz", + "/usr/share/doc/libpam-runtime/copyright", + "/usr/share/lintian/overrides/libpam-runtime", + "/usr/share/locale/af/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/am/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ar/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/as/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/az/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/be/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/bg/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/bn/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/bn_IN/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/bs/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ca/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/cs/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/cy/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/da/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/de/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/de_CH/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/el/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/eo/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/es/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/et/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/eu/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/fa/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/fi/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/fr/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ga/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/gl/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/gu/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/he/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/hi/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/hr/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/hu/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ia/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/id/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/is/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/it/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ja/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ka/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/kk/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/km/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/kn/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ko/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/kw_GB/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ky/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/lt/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/lv/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/mk/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ml/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/mn/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/mr/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ms/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/my/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/nb/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ne/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/nl/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/nn/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/or/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/pa/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/pl/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/pt/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ro/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ru/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/si/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sk/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sl/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sq/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sr/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sr@latin/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/sv/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ta/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/te/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/tg/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/th/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/tr/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/uk/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/ur/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/vi/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/yo/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/zh_HK/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/locale/zu/LC_MESSAGES/Linux-PAM.mo", + "/usr/share/man/man5/access.conf.5.gz", + "/usr/share/man/man5/faillock.conf.5.gz", + "/usr/share/man/man5/group.conf.5.gz", + "/usr/share/man/man5/limits.conf.5.gz", + "/usr/share/man/man5/namespace.conf.5.gz", + "/usr/share/man/man5/pam.conf.5.gz", + "/usr/share/man/man5/pam_env.conf.5.gz", + "/usr/share/man/man5/pwhistory.conf.5.gz", + "/usr/share/man/man5/sepermit.conf.5.gz", + "/usr/share/man/man5/time.conf.5.gz", + "/usr/share/man/man7/PAM.7.gz", + "/usr/share/man/man8/faillock.8.gz", + "/usr/share/man/man8/mkhomedir_helper.8.gz", + "/usr/share/man/man8/pam-auth-update.8.gz", + "/usr/share/man/man8/pam_access.8.gz", + "/usr/share/man/man8/pam_canonicalize_user.8.gz", + "/usr/share/man/man8/pam_debug.8.gz", + "/usr/share/man/man8/pam_deny.8.gz", + "/usr/share/man/man8/pam_echo.8.gz", + "/usr/share/man/man8/pam_env.8.gz", + "/usr/share/man/man8/pam_exec.8.gz", + "/usr/share/man/man8/pam_faildelay.8.gz", + "/usr/share/man/man8/pam_faillock.8.gz", + "/usr/share/man/man8/pam_filter.8.gz", + "/usr/share/man/man8/pam_ftp.8.gz", + "/usr/share/man/man8/pam_getenv.8.gz", + "/usr/share/man/man8/pam_group.8.gz", + "/usr/share/man/man8/pam_issue.8.gz", + "/usr/share/man/man8/pam_keyinit.8.gz", + "/usr/share/man/man8/pam_limits.8.gz", + "/usr/share/man/man8/pam_listfile.8.gz", + "/usr/share/man/man8/pam_localuser.8.gz", + "/usr/share/man/man8/pam_loginuid.8.gz", + "/usr/share/man/man8/pam_mail.8.gz", + "/usr/share/man/man8/pam_mkhomedir.8.gz", + "/usr/share/man/man8/pam_motd.8.gz", + "/usr/share/man/man8/pam_namespace.8.gz", + "/usr/share/man/man8/pam_namespace_helper.8.gz", + "/usr/share/man/man8/pam_nologin.8.gz", + "/usr/share/man/man8/pam_permit.8.gz", + "/usr/share/man/man8/pam_pwhistory.8.gz", + "/usr/share/man/man8/pam_rhosts.8.gz", + "/usr/share/man/man8/pam_rootok.8.gz", + "/usr/share/man/man8/pam_securetty.8.gz", + "/usr/share/man/man8/pam_selinux.8.gz", + "/usr/share/man/man8/pam_sepermit.8.gz", + "/usr/share/man/man8/pam_setquota.8.gz", + "/usr/share/man/man8/pam_shells.8.gz", + "/usr/share/man/man8/pam_stress.8.gz", + "/usr/share/man/man8/pam_succeed_if.8.gz", + "/usr/share/man/man8/pam_time.8.gz", + "/usr/share/man/man8/pam_timestamp.8.gz", + "/usr/share/man/man8/pam_timestamp_check.8.gz", + "/usr/share/man/man8/pam_tty_audit.8.gz", + "/usr/share/man/man8/pam_umask.8.gz", + "/usr/share/man/man8/pam_unix.8.gz", + "/usr/share/man/man8/pam_userdb.8.gz", + "/usr/share/man/man8/pam_usertype.8.gz", + "/usr/share/man/man8/pam_warn.8.gz", + "/usr/share/man/man8/pam_wheel.8.gz", + "/usr/share/man/man8/pam_xauth.8.gz", + "/usr/share/man/man8/pwhistory_helper.8.gz", + "/usr/share/man/man8/unix_chkpwd.8.gz", + "/usr/share/man/man8/unix_update.8.gz", + "/usr/share/pam-configs/unix", + "/usr/share/pam/common-account", + "/usr/share/pam/common-account.md5sums", + "/usr/share/pam/common-auth", + "/usr/share/pam/common-auth.md5sums", + "/usr/share/pam/common-password", + "/usr/share/pam/common-password.md5sums", + "/usr/share/pam/common-session", + "/usr/share/pam/common-session-noninteractive", + "/usr/share/pam/common-session-noninteractive.md5sums", + "/usr/share/pam/common-session.md5sums" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpam0g@1.7.0-5", + "Name": "libpam0g", + "Identifier": { + "PURL": "pkg:deb/debian/libpam0g@1.7.0-5?arch=amd64\u0026distro=debian-13.5", + "UID": "50a3886f7361785c" + }, + "Version": "1.7.0", + "Release": "5", + "Arch": "amd64", + "SrcName": "pam", + "SrcVersion": "1.7.0", + "SrcRelease": "5", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later", + "GPL-1.0-only", + "GPL-2.0-only", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "BSD-tcp_wrappers", + "LGPL-2.0-or-later", + "LGPL-2.0-only", + "public-domain", + "Beerware" + ], + "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.91", + "libaudit1@1:4.0.2-2+b2", + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libpam.so.0.85.1", + "/usr/lib/x86_64-linux-gnu/libpam_misc.so.0.82.1", + "/usr/lib/x86_64-linux-gnu/libpamc.so.0.82.1", + "/usr/share/doc/libpam0g/Debian-PAM-MiniPolicy.gz", + "/usr/share/doc/libpam0g/README", + "/usr/share/doc/libpam0g/README.Debian", + "/usr/share/doc/libpam0g/TODO.Debian", + "/usr/share/doc/libpam0g/changelog.Debian.gz", + "/usr/share/doc/libpam0g/changelog.gz", + "/usr/share/doc/libpam0g/copyright", + "/usr/share/lintian/overrides/libpam0g" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libpcre2-8-0@10.46-1~deb13u1", + "Name": "libpcre2-8-0", + "Identifier": { + "PURL": "pkg:deb/debian/libpcre2-8-0@10.46-1~deb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "aa7e3a6ab471d889" + }, + "Version": "10.46", + "Release": "1~deb13u1", + "Arch": "amd64", + "SrcName": "pcre2", + "SrcVersion": "10.46", + "SrcRelease": "1~deb13u1", + "Licenses": [ + "BSD-3-clause-Cambridge with BINARY LIBRARY-LIKE PACKAGES exception", + "BSD-3-Clause", + "X11", + "BSD-2-Clause", + "public-domain" + ], + "Maintainer": "Matthew Vernon \u003cmatthew@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.14.0", + "/usr/share/doc/libpcre2-8-0/README.Debian", + "/usr/share/doc/libpcre2-8-0/changelog.Debian.gz", + "/usr/share/doc/libpcre2-8-0/changelog.gz", + "/usr/share/doc/libpcre2-8-0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libreadline8t64@8.2-6", + "Name": "libreadline8t64", + "Identifier": { + "PURL": "pkg:deb/debian/libreadline8t64@8.2-6?arch=amd64\u0026distro=debian-13.5", + "UID": "a41a60a40a941961" + }, + "Version": "8.2", + "Release": "6", + "Arch": "amd64", + "SrcName": "readline", + "SrcVersion": "8.2", + "SrcRelease": "6", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only", + "GPL-2.0-or-later", + "GPL-2.0-only", + "GFDL-1.3-no-invariants-or-later", + "GFDL-1.3-or-later", + "ISC-no-attribution" + ], + "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libtinfo6@6.5+20250216-2", + "readline-common@8.2-6" + ], + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libhistory.so.8.2", + "/usr/lib/x86_64-linux-gnu/libreadline.so.8.2", + "/usr/share/doc/libreadline8t64/README.Debian", + "/usr/share/doc/libreadline8t64/USAGE", + "/usr/share/doc/libreadline8t64/changelog.Debian.gz", + "/usr/share/doc/libreadline8t64/changelog.gz", + "/usr/share/doc/libreadline8t64/copyright", + "/usr/share/doc/libreadline8t64/examples/Inputrc", + "/usr/share/doc/libreadline8t64/inputrc.arrows" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libseccomp2@2.6.0-2", + "Name": "libseccomp2", + "Identifier": { + "PURL": "pkg:deb/debian/libseccomp2@2.6.0-2?arch=amd64\u0026distro=debian-13.5", + "UID": "97e0ed663a98e78b" + }, + "Version": "2.6.0", + "Release": "2", + "Arch": "amd64", + "SrcName": "libseccomp", + "SrcVersion": "2.6.0", + "SrcRelease": "2", + "Licenses": [ + "LGPL-2.1-only" + ], + "Maintainer": "Kees Cook \u003ckees@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libseccomp.so.2.6.0", + "/usr/share/doc/libseccomp2/changelog.Debian.gz", + "/usr/share/doc/libseccomp2/changelog.gz", + "/usr/share/doc/libseccomp2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libselinux1@3.8.1-1", + "Name": "libselinux1", + "Identifier": { + "PURL": "pkg:deb/debian/libselinux1@3.8.1-1?arch=amd64\u0026distro=debian-13.5", + "UID": "f7d3a23ad693e5cb" + }, + "Version": "3.8.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "libselinux", + "SrcVersion": "3.8.1", + "SrcRelease": "1", + "Licenses": [ + "public-domain", + "GPL-2.0-only" + ], + "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libpcre2-8-0@10.46-1~deb13u1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/tmpfiles.d/libselinux1.conf", + "/usr/lib/x86_64-linux-gnu/libselinux.so.1", + "/usr/share/doc/libselinux1/changelog.Debian.gz", + "/usr/share/doc/libselinux1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsemanage-common@3.8.1-1", + "Name": "libsemanage-common", + "Identifier": { + "PURL": "pkg:deb/debian/libsemanage-common@3.8.1-1?arch=all\u0026distro=debian-13.5", + "UID": "ecc6b54d8bc6318c" + }, + "Version": "3.8.1", + "Release": "1", + "Arch": "all", + "SrcName": "libsemanage", + "SrcVersion": "3.8.1", + "SrcRelease": "1", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.1-only", + "GPL-2.0-only" + ], + "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/share/doc/libsemanage-common/changelog.Debian.gz", + "/usr/share/doc/libsemanage-common/copyright", + "/usr/share/man/man5/semanage.conf.5.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsemanage2@3.8.1-1", + "Name": "libsemanage2", + "Identifier": { + "PURL": "pkg:deb/debian/libsemanage2@3.8.1-1?arch=amd64\u0026distro=debian-13.5", + "UID": "5684bd063761ddb3" + }, + "Version": "3.8.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "libsemanage", + "SrcVersion": "3.8.1", + "SrcRelease": "1", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.1-only", + "GPL-2.0-only" + ], + "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit1@1:4.0.2-2+b2", + "libbz2-1.0@1.0.8-6", + "libc6@2.41-12+deb13u3", + "libselinux1@3.8.1-1", + "libsemanage-common@3.8.1-1", + "libsepol2@3.8.1-1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsemanage.so.2", + "/usr/share/doc/libsemanage2/changelog.Debian.gz", + "/usr/share/doc/libsemanage2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsepol2@3.8.1-1", + "Name": "libsepol2", + "Identifier": { + "PURL": "pkg:deb/debian/libsepol2@3.8.1-1?arch=amd64\u0026distro=debian-13.5", + "UID": "9990a97d658e13ae" + }, + "Version": "3.8.1", + "Release": "1", + "Arch": "amd64", + "SrcName": "libsepol", + "SrcVersion": "3.8.1", + "SrcRelease": "1", + "Licenses": [ + "LGPL-2.1-or-later", + "LGPL-2.1-only", + "Zlib", + "GPL-2.0-only", + "GPL-2.0-or-later" + ], + "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsepol.so.2", + "/usr/share/doc/libsepol2/changelog.Debian.gz", + "/usr/share/doc/libsepol2/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsmartcols1@2.41-5", + "Name": "libsmartcols1", + "Identifier": { + "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "780dbec0869ab8e" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsmartcols.so.1.1.0", + "/usr/share/doc/libsmartcols1/NEWS.Debian.gz", + "/usr/share/doc/libsmartcols1/changelog.Debian.gz", + "/usr/share/doc/libsmartcols1/changelog.gz", + "/usr/share/doc/libsmartcols1/copyright", + "/usr/share/lintian/overrides/libsmartcols1" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsqlite3-0@3.46.1-7+deb13u1", + "Name": "libsqlite3-0", + "Identifier": { + "PURL": "pkg:deb/debian/libsqlite3-0@3.46.1-7%2Bdeb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "c7da287e696e8198" + }, + "Version": "3.46.1", + "Release": "7+deb13u1", + "Arch": "amd64", + "SrcName": "sqlite3", + "SrcVersion": "3.46.1", + "SrcRelease": "7+deb13u1", + "Licenses": [ + "public-domain", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Laszlo Boszormenyi (GCS) \u003cgcs@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsqlite3.so.0.8.6", + "/usr/share/doc/libsqlite3-0/README.Debian", + "/usr/share/doc/libsqlite3-0/changelog.Debian.gz", + "/usr/share/doc/libsqlite3-0/changelog.gz", + "/usr/share/doc/libsqlite3-0/changelog.html.gz", + "/usr/share/doc/libsqlite3-0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libssl3t64@3.5.6-1~deb13u1", + "Name": "libssl3t64", + "Identifier": { + "PURL": "pkg:deb/debian/libssl3t64@3.5.6-1~deb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "19bca5c02c5a9632" + }, + "Version": "3.5.6", + "Release": "1~deb13u1", + "Arch": "amd64", + "SrcName": "openssl", + "SrcVersion": "3.5.6", + "SrcRelease": "1~deb13u1", + "Licenses": [ + "Apache-2.0", + "Artistic-2.0", + "GPL-1.0-or-later", + "GPL-1.0-only" + ], + "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libzstd1@1.5.7+dfsg-1", + "openssl-provider-legacy@3.5.6-1~deb13u1", + "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/engines-3/afalg.so", + "/usr/lib/x86_64-linux-gnu/engines-3/loader_attic.so", + "/usr/lib/x86_64-linux-gnu/engines-3/padlock.so", + "/usr/lib/x86_64-linux-gnu/libcrypto.so.3", + "/usr/lib/x86_64-linux-gnu/libssl.so.3", + "/usr/share/doc/libssl3t64/NEWS.Debian.gz", + "/usr/share/doc/libssl3t64/changelog.Debian.gz", + "/usr/share/doc/libssl3t64/changelog.gz", + "/usr/share/doc/libssl3t64/copyright", + "/usr/share/lintian/overrides/libssl3t64" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libstdc++6@14.2.0-19", + "Name": "libstdc++6", + "Identifier": { + "PURL": "pkg:deb/debian/libstdc%2B%2B6@14.2.0-19?arch=amd64\u0026distro=debian-13.5", + "UID": "1b384a6346513d7c" + }, + "Version": "14.2.0", + "Release": "19", + "Arch": "amd64", + "SrcName": "gcc-14", + "SrcVersion": "14.2.0", + "SrcRelease": "19", + "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "gcc-14-base@14.2.0-19", + "libc6@2.41-12+deb13u3", + "libgcc-s1@14.2.0-19" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.33", + "/usr/share/gcc/python/libstdcxx/__init__.py", + "/usr/share/gcc/python/libstdcxx/v6/__init__.py", + "/usr/share/gcc/python/libstdcxx/v6/printers.py", + "/usr/share/gcc/python/libstdcxx/v6/xmethods.py", + "/usr/share/gdb/auto-load/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.33-gdb.py" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libsystemd0@257.13-1~deb13u1", + "Name": "libsystemd0", + "Identifier": { + "PURL": "pkg:deb/debian/libsystemd0@257.13-1~deb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "a2b4ba47389f858e" + }, + "Version": "257.13", + "Release": "1~deb13u1", + "Arch": "amd64", + "SrcName": "systemd", + "SrcVersion": "257.13", + "SrcRelease": "1~deb13u1", + "Licenses": [ + "LGPL-2.1-or-later", + "CC0-1.0", + "GPL-2 with Linux-syscall-note exception", + "MIT", + "public-domain", + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libcap2@1:2.75-10+deb13u1+b1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", + "/usr/share/doc/libsystemd0/NEWS.Debian.gz", + "/usr/share/doc/libsystemd0/changelog.Debian.gz", + "/usr/share/doc/libsystemd0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libtinfo6@6.5+20250216-2", + "Name": "libtinfo6", + "Identifier": { + "PURL": "pkg:deb/debian/libtinfo6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", + "UID": "ba2c2b464f07108a" + }, + "Version": "6.5+20250216", + "Release": "2", + "Arch": "amd64", + "SrcName": "ncurses", + "SrcVersion": "6.5+20250216", + "SrcRelease": "2", + "Licenses": [ + "MIT/X11", + "X11", + "BSD-3-Clause" + ], + "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libtic.so.6.5", + "/usr/lib/x86_64-linux-gnu/libtinfo.so.6.5", + "/usr/share/doc/libtinfo6/changelog.Debian.gz", + "/usr/share/doc/libtinfo6/changelog.gz", + "/usr/share/doc/libtinfo6/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libudev1@257.13-1~deb13u1", + "Name": "libudev1", + "Identifier": { + "PURL": "pkg:deb/debian/libudev1@257.13-1~deb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "3b7a2f1a9ab169b" + }, + "Version": "257.13", + "Release": "1~deb13u1", + "Arch": "amd64", + "SrcName": "systemd", + "SrcVersion": "257.13", + "SrcRelease": "1~deb13u1", + "Licenses": [ + "LGPL-2.1-or-later", + "CC0-1.0", + "GPL-2 with Linux-syscall-note exception", + "MIT", + "public-domain", + "GPL-2.0-or-later", + "GPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libcap2@1:2.75-10+deb13u1+b1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libudev.so.1.7.10", + "/usr/share/doc/libudev1/NEWS.Debian.gz", + "/usr/share/doc/libudev1/changelog.Debian.gz", + "/usr/share/doc/libudev1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libuuid1@2.41-5", + "Name": "libuuid1", + "Identifier": { + "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "1afbb50818377478" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libuuid.so.1.3.0", + "/usr/share/doc/libuuid1/NEWS.Debian.gz", + "/usr/share/doc/libuuid1/changelog.Debian.gz", + "/usr/share/doc/libuuid1/changelog.gz", + "/usr/share/doc/libuuid1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libxxhash0@0.8.3-2", + "Name": "libxxhash0", + "Identifier": { + "PURL": "pkg:deb/debian/libxxhash0@0.8.3-2?arch=amd64\u0026distro=debian-13.5", + "UID": "d91110b5edcae2d8" + }, + "Version": "0.8.3", + "Release": "2", + "Arch": "amd64", + "SrcName": "xxhash", + "SrcVersion": "0.8.3", + "SrcRelease": "2", + "Licenses": [ + "BSD-2-Clause", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Josue Ortega \u003cjosue@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libxxhash.so.0.8.3", + "/usr/share/doc/libxxhash0/changelog.Debian.gz", + "/usr/share/doc/libxxhash0/changelog.gz", + "/usr/share/doc/libxxhash0/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "libzstd1@1.5.7+dfsg-1", + "Name": "libzstd1", + "Identifier": { + "PURL": "pkg:deb/debian/libzstd1@1.5.7%2Bdfsg-1?arch=amd64\u0026distro=debian-13.5", + "UID": "ca4814a2bfd07696" + }, + "Version": "1.5.7+dfsg", + "Release": "1", + "Arch": "amd64", + "SrcName": "libzstd", + "SrcVersion": "1.5.7+dfsg", + "SrcRelease": "1", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-only", + "Zlib", + "MIT" + ], + "Maintainer": "RPM packaging team \u003cteam+pkg-rpm@tracker.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libzstd.so.1.5.7", + "/usr/share/doc/libzstd1/changelog.Debian.gz", + "/usr/share/doc/libzstd1/changelog.gz", + "/usr/share/doc/libzstd1/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "login@1:4.16.0-2+really2.41-5", + "Name": "login", + "Identifier": { + "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "c0ab0b857644733b" + }, + "Version": "4.16.0-2+really2.41", + "Release": "5", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libaudit1@1:4.0.2-2+b2", + "libc6@2.41-12+deb13u3", + "libcrypt1@1:4.4.38-1", + "libpam-modules@1.7.0-5", + "libpam-runtime@1.7.0-5", + "libpam0g@1.7.0-5" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/login", + "/usr/bin/newgrp", + "/usr/sbin/nologin", + "/usr/share/bash-completion/completions/newgrp", + "/usr/share/doc/login/NEWS.Debian.gz", + "/usr/share/doc/login/changelog.Debian.gz", + "/usr/share/doc/login/changelog.gz", + "/usr/share/doc/login/copyright", + "/usr/share/lintian/overrides/login", + "/usr/share/man/de/man1/login.1.gz", + "/usr/share/man/de/man8/nologin.8.gz", + "/usr/share/man/fr/man1/login.1.gz", + "/usr/share/man/man1/login.1.gz", + "/usr/share/man/man1/newgrp.1.gz", + "/usr/share/man/man8/nologin.8.gz", + "/usr/share/man/pl/man1/login.1.gz", + "/usr/share/man/pl/man1/newgrp.1.gz", + "/usr/share/man/pl/man8/nologin.8.gz", + "/usr/share/man/ro/man1/login.1.gz", + "/usr/share/man/ro/man1/newgrp.1.gz", + "/usr/share/man/ro/man8/nologin.8.gz", + "/usr/share/man/sr/man1/login.1.gz", + "/usr/share/man/sr/man8/nologin.8.gz", + "/usr/share/man/uk/man1/login.1.gz", + "/usr/share/man/uk/man1/newgrp.1.gz", + "/usr/share/man/uk/man8/nologin.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "login.defs@1:4.17.4-2", + "Name": "login.defs", + "Identifier": { + "PURL": "pkg:deb/debian/login.defs@4.17.4-2?arch=all\u0026distro=debian-13.5\u0026epoch=1", + "UID": "b6a337588c67d5a3" + }, + "Version": "4.17.4", + "Release": "2", + "Epoch": 1, + "Arch": "all", + "SrcName": "shadow", + "SrcVersion": "4.17.4", + "SrcRelease": "2", + "SrcEpoch": 1, + "Licenses": [ + "BSD-3-Clause", + "GPL-1.0-only", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/share/doc/login.defs/NEWS.Debian.gz", + "/usr/share/doc/login.defs/changelog.Debian.gz", + "/usr/share/doc/login.defs/changelog.gz", + "/usr/share/doc/login.defs/copyright", + "/usr/share/man/de/man5/login.defs.5.gz", + "/usr/share/man/fr/man5/login.defs.5.gz", + "/usr/share/man/it/man5/login.defs.5.gz", + "/usr/share/man/ja/man5/login.defs.5.gz", + "/usr/share/man/man5/login.defs.5.gz", + "/usr/share/man/ru/man5/login.defs.5.gz", + "/usr/share/man/uk/man5/login.defs.5.gz", + "/usr/share/man/zh_CN/man5/login.defs.5.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mawk@1.3.4.20250131-1", + "Name": "mawk", + "Identifier": { + "PURL": "pkg:deb/debian/mawk@1.3.4.20250131-1?arch=amd64\u0026distro=debian-13.5", + "UID": "a4460701c66e182d" + }, + "Version": "1.3.4.20250131", + "Release": "1", + "Arch": "amd64", + "SrcName": "mawk", + "SrcVersion": "1.3.4.20250131", + "SrcRelease": "1", + "Licenses": [ + "GPL-2.0-only", + "X11", + "CC-BY-3.0" + ], + "Maintainer": "Boyuan Yang \u003cbyang@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/mawk", + "/usr/share/doc/mawk/ACKNOWLEDGMENT", + "/usr/share/doc/mawk/README", + "/usr/share/doc/mawk/changelog.Debian.gz", + "/usr/share/doc/mawk/changelog.gz", + "/usr/share/doc/mawk/copyright", + "/usr/share/doc/mawk/examples/ct_length.awk", + "/usr/share/doc/mawk/examples/decl.awk", + "/usr/share/doc/mawk/examples/deps.awk", + "/usr/share/doc/mawk/examples/eatc.awk", + "/usr/share/doc/mawk/examples/gdecl.awk", + "/usr/share/doc/mawk/examples/hcal", + "/usr/share/doc/mawk/examples/hical", + "/usr/share/doc/mawk/examples/nocomment.awk", + "/usr/share/doc/mawk/examples/primes.awk", + "/usr/share/doc/mawk/examples/qsort.awk", + "/usr/share/man/man1/mawk.1.gz", + "/usr/share/man/man7/mawk-arrays.7.gz", + "/usr/share/man/man7/mawk-code.7.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "mount@2.41-5", + "Name": "mount", + "Identifier": { + "PURL": "pkg:deb/debian/mount@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "55c835c674d0a0e5" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/mount", + "/usr/bin/umount", + "/usr/sbin/losetup", + "/usr/sbin/swapoff", + "/usr/sbin/swapon", + "/usr/share/bash-completion/completions/losetup", + "/usr/share/bash-completion/completions/mount", + "/usr/share/bash-completion/completions/swapoff", + "/usr/share/bash-completion/completions/swapon", + "/usr/share/bash-completion/completions/umount", + "/usr/share/doc/mount/NEWS.Debian.gz", + "/usr/share/doc/mount/changelog.Debian.gz", + "/usr/share/doc/mount/changelog.gz", + "/usr/share/doc/mount/copyright", + "/usr/share/doc/mount/examples/filesystems", + "/usr/share/doc/mount/examples/fstab", + "/usr/share/doc/mount/examples/mount.fstab", + "/usr/share/doc/mount/mount.txt", + "/usr/share/lintian/overrides/mount", + "/usr/share/man/man5/fstab.5.gz", + "/usr/share/man/man8/losetup.8.gz", + "/usr/share/man/man8/mount.8.gz", + "/usr/share/man/man8/swapon.8.gz", + "/usr/share/man/man8/umount.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "ncurses-base@6.5+20250216-2", + "Name": "ncurses-base", + "Identifier": { + "PURL": "pkg:deb/debian/ncurses-base@6.5%2B20250216-2?arch=all\u0026distro=debian-13.5", + "UID": "767a0231348a5cb5" + }, + "Version": "6.5+20250216", + "Release": "2", + "Arch": "all", + "SrcName": "ncurses", + "SrcVersion": "6.5+20250216", + "SrcRelease": "2", + "Licenses": [ + "MIT/X11", + "X11", + "BSD-3-Clause" + ], + "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/share/doc/ncurses-base/FAQ", + "/usr/share/doc/ncurses-base/TODO.Debian", + "/usr/share/doc/ncurses-base/changelog.Debian.gz", + "/usr/share/doc/ncurses-base/changelog.gz", + "/usr/share/doc/ncurses-base/copyright", + "/usr/share/lintian/overrides/ncurses-base", + "/usr/share/tabset/std", + "/usr/share/tabset/stdcrt", + "/usr/share/tabset/vt100", + "/usr/share/tabset/vt300", + "/usr/share/terminfo/E/Eterm", + "/usr/share/terminfo/a/ansi", + "/usr/share/terminfo/c/cons25", + "/usr/share/terminfo/c/cygwin", + "/usr/share/terminfo/d/dumb", + "/usr/share/terminfo/h/hurd", + "/usr/share/terminfo/l/linux", + "/usr/share/terminfo/m/mach", + "/usr/share/terminfo/m/mach-bold", + "/usr/share/terminfo/m/mach-color", + "/usr/share/terminfo/m/mach-gnu", + "/usr/share/terminfo/m/mach-gnu-color", + "/usr/share/terminfo/p/pcansi", + "/usr/share/terminfo/r/rxvt", + "/usr/share/terminfo/r/rxvt-basic", + "/usr/share/terminfo/r/rxvt-unicode", + "/usr/share/terminfo/r/rxvt-unicode-256color", + "/usr/share/terminfo/s/screen", + "/usr/share/terminfo/s/screen-256color", + "/usr/share/terminfo/s/screen-256color-bce", + "/usr/share/terminfo/s/screen-bce", + "/usr/share/terminfo/s/screen-s", + "/usr/share/terminfo/s/screen-w", + "/usr/share/terminfo/s/screen.xterm-256color", + "/usr/share/terminfo/s/sun", + "/usr/share/terminfo/t/tmux", + "/usr/share/terminfo/t/tmux-256color", + "/usr/share/terminfo/v/vt100", + "/usr/share/terminfo/v/vt102", + "/usr/share/terminfo/v/vt220", + "/usr/share/terminfo/v/vt52", + "/usr/share/terminfo/w/wsvt25", + "/usr/share/terminfo/w/wsvt25m", + "/usr/share/terminfo/x/xterm", + "/usr/share/terminfo/x/xterm-256color", + "/usr/share/terminfo/x/xterm-color", + "/usr/share/terminfo/x/xterm-mono", + "/usr/share/terminfo/x/xterm-r5", + "/usr/share/terminfo/x/xterm-r6", + "/usr/share/terminfo/x/xterm-vt220", + "/usr/share/terminfo/x/xterm-xfree86" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "ncurses-bin@6.5+20250216-2", + "Name": "ncurses-bin", + "Identifier": { + "PURL": "pkg:deb/debian/ncurses-bin@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", + "UID": "5b541563cf6587e5" + }, + "Version": "6.5+20250216", + "Release": "2", + "Arch": "amd64", + "SrcName": "ncurses", + "SrcVersion": "6.5+20250216", + "SrcRelease": "2", + "Licenses": [ + "MIT/X11", + "X11", + "BSD-3-Clause" + ], + "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/clear", + "/usr/bin/infocmp", + "/usr/bin/tabs", + "/usr/bin/tic", + "/usr/bin/toe", + "/usr/bin/tput", + "/usr/bin/tset", + "/usr/share/doc/ncurses-bin/changelog.Debian.gz", + "/usr/share/doc/ncurses-bin/changelog.gz", + "/usr/share/doc/ncurses-bin/copyright", + "/usr/share/man/man1/captoinfo.1.gz", + "/usr/share/man/man1/clear.1.gz", + "/usr/share/man/man1/infocmp.1.gz", + "/usr/share/man/man1/infotocap.1.gz", + "/usr/share/man/man1/tabs.1.gz", + "/usr/share/man/man1/tic.1.gz", + "/usr/share/man/man1/toe.1.gz", + "/usr/share/man/man1/tput.1.gz", + "/usr/share/man/man1/tset.1.gz", + "/usr/share/man/man5/scr_dump.5.gz", + "/usr/share/man/man5/term.5.gz", + "/usr/share/man/man5/terminfo.5.gz", + "/usr/share/man/man5/user_caps.5.gz", + "/usr/share/man/man7/term.7.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "netbase@6.5", + "Name": "netbase", + "Identifier": { + "PURL": "pkg:deb/debian/netbase@6.5?arch=all\u0026distro=debian-13.5", + "UID": "9929ff265179fc61" + }, + "Version": "6.5", + "Arch": "all", + "SrcName": "netbase", + "SrcVersion": "6.5", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:4a9dde5cdde190bfa0a3ab17863a083e66ea9636b157638c315357dfa476ba76", + "DiffID": "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54" + }, + "InstalledFiles": [ + "/usr/share/doc/netbase/changelog.gz", + "/usr/share/doc/netbase/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "openssl@3.5.6-1~deb13u1", + "Name": "openssl", + "Identifier": { + "PURL": "pkg:deb/debian/openssl@3.5.6-1~deb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "ee88be94d89898bf" + }, + "Version": "3.5.6", + "Release": "1~deb13u1", + "Arch": "amd64", + "SrcName": "openssl", + "SrcVersion": "3.5.6", + "SrcRelease": "1~deb13u1", + "Licenses": [ + "Apache-2.0", + "Artistic-2.0", + "GPL-1.0-or-later", + "GPL-1.0-only" + ], + "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libssl3t64@3.5.6-1~deb13u1" + ], + "Layer": { + "Digest": "sha256:4a9dde5cdde190bfa0a3ab17863a083e66ea9636b157638c315357dfa476ba76", + "DiffID": "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54" + }, + "InstalledFiles": [ + "/usr/bin/c_rehash", + "/usr/bin/openssl", + "/usr/lib/ssl/misc/CA.pl", + "/usr/lib/ssl/misc/tsget.pl", + "/usr/share/doc/openssl/HOWTO/certificates.txt.gz", + "/usr/share/doc/openssl/HOWTO/documenting-functions-and-macros.md.gz", + "/usr/share/doc/openssl/HOWTO/keys.txt.gz", + "/usr/share/doc/openssl/NEWS.md.gz", + "/usr/share/doc/openssl/README-ENGINES.md.gz", + "/usr/share/doc/openssl/README-PROVIDERS.md.gz", + "/usr/share/doc/openssl/README-QUIC.md.gz", + "/usr/share/doc/openssl/README.Debian", + "/usr/share/doc/openssl/README.md.gz", + "/usr/share/doc/openssl/changelog.Debian.gz", + "/usr/share/doc/openssl/changelog.gz", + "/usr/share/doc/openssl/copyright", + "/usr/share/doc/openssl/fingerprints.txt", + "/usr/share/lintian/overrides/openssl", + "/usr/share/man/man1/CA.pl.1ssl.gz", + "/usr/share/man/man1/openssl-asn1parse.1ssl.gz", + "/usr/share/man/man1/openssl-ca.1ssl.gz", + "/usr/share/man/man1/openssl-ciphers.1ssl.gz", + "/usr/share/man/man1/openssl-cmds.1ssl.gz", + "/usr/share/man/man1/openssl-cmp.1ssl.gz", + "/usr/share/man/man1/openssl-cms.1ssl.gz", + "/usr/share/man/man1/openssl-crl.1ssl.gz", + "/usr/share/man/man1/openssl-crl2pkcs7.1ssl.gz", + "/usr/share/man/man1/openssl-dgst.1ssl.gz", + "/usr/share/man/man1/openssl-dhparam.1ssl.gz", + "/usr/share/man/man1/openssl-dsa.1ssl.gz", + "/usr/share/man/man1/openssl-dsaparam.1ssl.gz", + "/usr/share/man/man1/openssl-ec.1ssl.gz", + "/usr/share/man/man1/openssl-ecparam.1ssl.gz", + "/usr/share/man/man1/openssl-enc.1ssl.gz", + "/usr/share/man/man1/openssl-engine.1ssl.gz", + "/usr/share/man/man1/openssl-errstr.1ssl.gz", + "/usr/share/man/man1/openssl-fipsinstall.1ssl.gz", + "/usr/share/man/man1/openssl-format-options.1ssl.gz", + "/usr/share/man/man1/openssl-gendsa.1ssl.gz", + "/usr/share/man/man1/openssl-genpkey.1ssl.gz", + "/usr/share/man/man1/openssl-genrsa.1ssl.gz", + "/usr/share/man/man1/openssl-info.1ssl.gz", + "/usr/share/man/man1/openssl-kdf.1ssl.gz", + "/usr/share/man/man1/openssl-list.1ssl.gz", + "/usr/share/man/man1/openssl-mac.1ssl.gz", + "/usr/share/man/man1/openssl-namedisplay-options.1ssl.gz", + "/usr/share/man/man1/openssl-nseq.1ssl.gz", + "/usr/share/man/man1/openssl-ocsp.1ssl.gz", + "/usr/share/man/man1/openssl-passphrase-options.1ssl.gz", + "/usr/share/man/man1/openssl-passwd.1ssl.gz", + "/usr/share/man/man1/openssl-pkcs12.1ssl.gz", + "/usr/share/man/man1/openssl-pkcs7.1ssl.gz", + "/usr/share/man/man1/openssl-pkcs8.1ssl.gz", + "/usr/share/man/man1/openssl-pkey.1ssl.gz", + "/usr/share/man/man1/openssl-pkeyparam.1ssl.gz", + "/usr/share/man/man1/openssl-pkeyutl.1ssl.gz", + "/usr/share/man/man1/openssl-prime.1ssl.gz", + "/usr/share/man/man1/openssl-rand.1ssl.gz", + "/usr/share/man/man1/openssl-rehash.1ssl.gz", + "/usr/share/man/man1/openssl-req.1ssl.gz", + "/usr/share/man/man1/openssl-rsa.1ssl.gz", + "/usr/share/man/man1/openssl-rsautl.1ssl.gz", + "/usr/share/man/man1/openssl-s_client.1ssl.gz", + "/usr/share/man/man1/openssl-s_server.1ssl.gz", + "/usr/share/man/man1/openssl-s_time.1ssl.gz", + "/usr/share/man/man1/openssl-sess_id.1ssl.gz", + "/usr/share/man/man1/openssl-skeyutl.1ssl.gz", + "/usr/share/man/man1/openssl-smime.1ssl.gz", + "/usr/share/man/man1/openssl-speed.1ssl.gz", + "/usr/share/man/man1/openssl-spkac.1ssl.gz", + "/usr/share/man/man1/openssl-srp.1ssl.gz", + "/usr/share/man/man1/openssl-storeutl.1ssl.gz", + "/usr/share/man/man1/openssl-ts.1ssl.gz", + "/usr/share/man/man1/openssl-verification-options.1ssl.gz", + "/usr/share/man/man1/openssl-verify.1ssl.gz", + "/usr/share/man/man1/openssl-version.1ssl.gz", + "/usr/share/man/man1/openssl-x509.1ssl.gz", + "/usr/share/man/man1/openssl.1ssl.gz", + "/usr/share/man/man1/tsget.1ssl.gz", + "/usr/share/man/man5/config.5ssl.gz", + "/usr/share/man/man5/fips_config.5ssl.gz", + "/usr/share/man/man5/x509v3_config.5ssl.gz", + "/usr/share/man/man7/EVP_ASYM_CIPHER-RSA.7ssl.gz", + "/usr/share/man/man7/EVP_ASYM_CIPHER-SM2.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-AES.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-ARIA.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-BLOWFISH.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-CAMELLIA.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-CAST.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-CHACHA.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-DES.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-IDEA.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-NULL.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-RC2.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-RC4.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-RC5.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-SEED.7ssl.gz", + "/usr/share/man/man7/EVP_CIPHER-SM4.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-ARGON2.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-HKDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-HMAC-DRBG.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-KB.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-KRB5KDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-PBKDF1.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-PBKDF2.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-PKCS12KDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-PVKKDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-SCRYPT.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-SS.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-SSHKDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-TLS13_KDF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-TLS1_PRF.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-X942-ASN1.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-X942-CONCAT.7ssl.gz", + "/usr/share/man/man7/EVP_KDF-X963.7ssl.gz", + "/usr/share/man/man7/EVP_KEM-EC.7ssl.gz", + "/usr/share/man/man7/EVP_KEM-ML-KEM.7ssl.gz", + "/usr/share/man/man7/EVP_KEM-RSA.7ssl.gz", + "/usr/share/man/man7/EVP_KEM-X25519.7ssl.gz", + "/usr/share/man/man7/EVP_KEYEXCH-DH.7ssl.gz", + "/usr/share/man/man7/EVP_KEYEXCH-ECDH.7ssl.gz", + "/usr/share/man/man7/EVP_KEYEXCH-X25519.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-BLAKE2.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-CMAC.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-GMAC.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-HMAC.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-KMAC.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-Poly1305.7ssl.gz", + "/usr/share/man/man7/EVP_MAC-Siphash.7ssl.gz", + "/usr/share/man/man7/EVP_MD-BLAKE2.7ssl.gz", + "/usr/share/man/man7/EVP_MD-KECCAK.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MD2.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MD4.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MD5-SHA1.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MD5.7ssl.gz", + "/usr/share/man/man7/EVP_MD-MDC2.7ssl.gz", + "/usr/share/man/man7/EVP_MD-NULL.7ssl.gz", + "/usr/share/man/man7/EVP_MD-RIPEMD160.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SHA1.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SHA2.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SHA3.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SHAKE.7ssl.gz", + "/usr/share/man/man7/EVP_MD-SM3.7ssl.gz", + "/usr/share/man/man7/EVP_MD-WHIRLPOOL.7ssl.gz", + "/usr/share/man/man7/EVP_MD-common.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-DH.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-DSA.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-EC.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-FFC.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-HMAC.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-ML-DSA.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-ML-KEM.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-RSA.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-SLH-DSA.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-SM2.7ssl.gz", + "/usr/share/man/man7/EVP_PKEY-X25519.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-CRNG-TEST.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-CTR-DRBG.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-HASH-DRBG.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-HMAC-DRBG.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-JITTER.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-SEED-SRC.7ssl.gz", + "/usr/share/man/man7/EVP_RAND-TEST-RAND.7ssl.gz", + "/usr/share/man/man7/EVP_RAND.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-DSA.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-ECDSA.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-ED25519.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-HMAC.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-ML-DSA.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-RSA.7ssl.gz", + "/usr/share/man/man7/EVP_SIGNATURE-SLH-DSA.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-FIPS.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-base.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-default.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-legacy.7ssl.gz", + "/usr/share/man/man7/OSSL_PROVIDER-null.7ssl.gz", + "/usr/share/man/man7/OSSL_STORE-winstore.7ssl.gz", + "/usr/share/man/man7/RAND.7ssl.gz", + "/usr/share/man/man7/RSA-PSS.7ssl.gz", + "/usr/share/man/man7/X25519.7ssl.gz", + "/usr/share/man/man7/bio.7ssl.gz", + "/usr/share/man/man7/ct.7ssl.gz", + "/usr/share/man/man7/des_modes.7ssl.gz", + "/usr/share/man/man7/evp.7ssl.gz", + "/usr/share/man/man7/fips_module.7ssl.gz", + "/usr/share/man/man7/life_cycle-cipher.7ssl.gz", + "/usr/share/man/man7/life_cycle-digest.7ssl.gz", + "/usr/share/man/man7/life_cycle-kdf.7ssl.gz", + "/usr/share/man/man7/life_cycle-mac.7ssl.gz", + "/usr/share/man/man7/life_cycle-pkey.7ssl.gz", + "/usr/share/man/man7/life_cycle-rand.7ssl.gz", + "/usr/share/man/man7/openssl-core.h.7ssl.gz", + "/usr/share/man/man7/openssl-core_dispatch.h.7ssl.gz", + "/usr/share/man/man7/openssl-core_names.h.7ssl.gz", + "/usr/share/man/man7/openssl-env.7ssl.gz", + "/usr/share/man/man7/openssl-glossary.7ssl.gz", + "/usr/share/man/man7/openssl-qlog.7ssl.gz", + "/usr/share/man/man7/openssl-quic-concurrency.7ssl.gz", + "/usr/share/man/man7/openssl-quic.7ssl.gz", + "/usr/share/man/man7/openssl-threads.7ssl.gz", + "/usr/share/man/man7/openssl_user_macros.7ssl.gz", + "/usr/share/man/man7/ossl-guide-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-libcrypto-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-libraries-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-libssl-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-migration.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-client-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-client-non-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-multi-stream.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-server-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-quic-server-non-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-tls-client-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-tls-client-non-block.7ssl.gz", + "/usr/share/man/man7/ossl-guide-tls-introduction.7ssl.gz", + "/usr/share/man/man7/ossl-guide-tls-server-block.7ssl.gz", + "/usr/share/man/man7/ossl_store-file.7ssl.gz", + "/usr/share/man/man7/ossl_store.7ssl.gz", + "/usr/share/man/man7/passphrase-encoding.7ssl.gz", + "/usr/share/man/man7/property.7ssl.gz", + "/usr/share/man/man7/provider-asym_cipher.7ssl.gz", + "/usr/share/man/man7/provider-base.7ssl.gz", + "/usr/share/man/man7/provider-cipher.7ssl.gz", + "/usr/share/man/man7/provider-decoder.7ssl.gz", + "/usr/share/man/man7/provider-digest.7ssl.gz", + "/usr/share/man/man7/provider-encoder.7ssl.gz", + "/usr/share/man/man7/provider-kdf.7ssl.gz", + "/usr/share/man/man7/provider-kem.7ssl.gz", + "/usr/share/man/man7/provider-keyexch.7ssl.gz", + "/usr/share/man/man7/provider-keymgmt.7ssl.gz", + "/usr/share/man/man7/provider-mac.7ssl.gz", + "/usr/share/man/man7/provider-object.7ssl.gz", + "/usr/share/man/man7/provider-rand.7ssl.gz", + "/usr/share/man/man7/provider-signature.7ssl.gz", + "/usr/share/man/man7/provider-skeymgmt.7ssl.gz", + "/usr/share/man/man7/provider-storemgmt.7ssl.gz", + "/usr/share/man/man7/provider.7ssl.gz", + "/usr/share/man/man7/proxy-certificates.7ssl.gz", + "/usr/share/man/man7/x509.7ssl.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "openssl-provider-legacy@3.5.6-1~deb13u1", + "Name": "openssl-provider-legacy", + "Identifier": { + "PURL": "pkg:deb/debian/openssl-provider-legacy@3.5.6-1~deb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "c38741326d0e034f" + }, + "Version": "3.5.6", + "Release": "1~deb13u1", + "Arch": "amd64", + "SrcName": "openssl", + "SrcVersion": "3.5.6", + "SrcRelease": "1~deb13u1", + "Licenses": [ + "Apache-2.0", + "Artistic-2.0", + "GPL-1.0-or-later", + "GPL-1.0-only" + ], + "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libssl3t64@3.5.6-1~deb13u1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/ossl-modules/legacy.so", + "/usr/share/doc/openssl-provider-legacy/changelog.Debian.gz", + "/usr/share/doc/openssl-provider-legacy/changelog.gz", + "/usr/share/doc/openssl-provider-legacy/copyright" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "passwd@1:4.17.4-2", + "Name": "passwd", + "Identifier": { + "PURL": "pkg:deb/debian/passwd@4.17.4-2?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "d93f813ae3092e32" + }, + "Version": "4.17.4", + "Release": "2", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "shadow", + "SrcVersion": "4.17.4", + "SrcRelease": "2", + "SrcEpoch": 1, + "Licenses": [ + "BSD-3-Clause", + "GPL-1.0-only", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "base-passwd@3.6.7", + "libacl1@2.3.2-2+b1", + "libattr1@1:2.5.2-3", + "libaudit1@1:4.0.2-2+b2", + "libbsd0@0.12.2-2", + "libc6@2.41-12+deb13u3", + "libcrypt1@1:4.4.38-1", + "libpam-modules@1.7.0-5", + "libpam0g@1.7.0-5", + "libselinux1@3.8.1-1", + "libsemanage2@3.8.1-1", + "login.defs@1:4.17.4-2" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/chage", + "/usr/bin/chfn", + "/usr/bin/chsh", + "/usr/bin/expiry", + "/usr/bin/gpasswd", + "/usr/bin/passwd", + "/usr/lib/tmpfiles.d/passwd.conf", + "/usr/sbin/chgpasswd", + "/usr/sbin/chpasswd", + "/usr/sbin/groupadd", + "/usr/sbin/groupdel", + "/usr/sbin/groupmod", + "/usr/sbin/grpck", + "/usr/sbin/grpconv", + "/usr/sbin/grpunconv", + "/usr/sbin/newusers", + "/usr/sbin/pwck", + "/usr/sbin/pwconv", + "/usr/sbin/pwunconv", + "/usr/sbin/shadowconfig", + "/usr/sbin/useradd", + "/usr/sbin/userdel", + "/usr/sbin/usermod", + "/usr/sbin/vipw", + "/usr/share/doc/passwd/NEWS.Debian.gz", + "/usr/share/doc/passwd/README.Debian", + "/usr/share/doc/passwd/TODO.Debian", + "/usr/share/doc/passwd/changelog.Debian.gz", + "/usr/share/doc/passwd/changelog.gz", + "/usr/share/doc/passwd/copyright", + "/usr/share/doc/passwd/examples/passwd.expire.cron", + "/usr/share/lintian/overrides/passwd", + "/usr/share/locale/bs/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ca/LC_MESSAGES/shadow.mo", + "/usr/share/locale/cs/LC_MESSAGES/shadow.mo", + "/usr/share/locale/da/LC_MESSAGES/shadow.mo", + "/usr/share/locale/de/LC_MESSAGES/shadow.mo", + "/usr/share/locale/dz/LC_MESSAGES/shadow.mo", + "/usr/share/locale/el/LC_MESSAGES/shadow.mo", + "/usr/share/locale/es/LC_MESSAGES/shadow.mo", + "/usr/share/locale/eu/LC_MESSAGES/shadow.mo", + "/usr/share/locale/fi/LC_MESSAGES/shadow.mo", + "/usr/share/locale/fr/LC_MESSAGES/shadow.mo", + "/usr/share/locale/gl/LC_MESSAGES/shadow.mo", + "/usr/share/locale/he/LC_MESSAGES/shadow.mo", + "/usr/share/locale/hu/LC_MESSAGES/shadow.mo", + "/usr/share/locale/id/LC_MESSAGES/shadow.mo", + "/usr/share/locale/it/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ja/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ka/LC_MESSAGES/shadow.mo", + "/usr/share/locale/kk/LC_MESSAGES/shadow.mo", + "/usr/share/locale/km/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ko/LC_MESSAGES/shadow.mo", + "/usr/share/locale/nb/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ne/LC_MESSAGES/shadow.mo", + "/usr/share/locale/nl/LC_MESSAGES/shadow.mo", + "/usr/share/locale/nn/LC_MESSAGES/shadow.mo", + "/usr/share/locale/pl/LC_MESSAGES/shadow.mo", + "/usr/share/locale/pt/LC_MESSAGES/shadow.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ro/LC_MESSAGES/shadow.mo", + "/usr/share/locale/ru/LC_MESSAGES/shadow.mo", + "/usr/share/locale/sk/LC_MESSAGES/shadow.mo", + "/usr/share/locale/sq/LC_MESSAGES/shadow.mo", + "/usr/share/locale/sv/LC_MESSAGES/shadow.mo", + "/usr/share/locale/tl/LC_MESSAGES/shadow.mo", + "/usr/share/locale/tr/LC_MESSAGES/shadow.mo", + "/usr/share/locale/uk/LC_MESSAGES/shadow.mo", + "/usr/share/locale/vi/LC_MESSAGES/shadow.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/shadow.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/shadow.mo", + "/usr/share/man/cs/man1/expiry.1.gz", + "/usr/share/man/cs/man1/gpasswd.1.gz", + "/usr/share/man/cs/man5/gshadow.5.gz", + "/usr/share/man/cs/man5/passwd.5.gz", + "/usr/share/man/cs/man5/shadow.5.gz", + "/usr/share/man/cs/man8/groupadd.8.gz", + "/usr/share/man/cs/man8/groupdel.8.gz", + "/usr/share/man/cs/man8/groupmod.8.gz", + "/usr/share/man/cs/man8/grpck.8.gz", + "/usr/share/man/cs/man8/vipw.8.gz", + "/usr/share/man/da/man1/chfn.1.gz", + "/usr/share/man/da/man5/gshadow.5.gz", + "/usr/share/man/da/man8/groupdel.8.gz", + "/usr/share/man/da/man8/vipw.8.gz", + "/usr/share/man/de/man1/chage.1.gz", + "/usr/share/man/de/man1/chfn.1.gz", + "/usr/share/man/de/man1/chsh.1.gz", + "/usr/share/man/de/man1/expiry.1.gz", + "/usr/share/man/de/man1/gpasswd.1.gz", + "/usr/share/man/de/man1/passwd.1.gz", + "/usr/share/man/de/man5/gshadow.5.gz", + "/usr/share/man/de/man5/passwd.5.gz", + "/usr/share/man/de/man5/shadow.5.gz", + "/usr/share/man/de/man8/chgpasswd.8.gz", + "/usr/share/man/de/man8/chpasswd.8.gz", + "/usr/share/man/de/man8/groupadd.8.gz", + "/usr/share/man/de/man8/groupdel.8.gz", + "/usr/share/man/de/man8/groupmod.8.gz", + "/usr/share/man/de/man8/grpck.8.gz", + "/usr/share/man/de/man8/newusers.8.gz", + "/usr/share/man/de/man8/pwck.8.gz", + "/usr/share/man/de/man8/pwconv.8.gz", + "/usr/share/man/de/man8/useradd.8.gz", + "/usr/share/man/de/man8/userdel.8.gz", + "/usr/share/man/de/man8/usermod.8.gz", + "/usr/share/man/de/man8/vipw.8.gz", + "/usr/share/man/fi/man1/chfn.1.gz", + "/usr/share/man/fi/man1/chsh.1.gz", + "/usr/share/man/fr/man1/chage.1.gz", + "/usr/share/man/fr/man1/chfn.1.gz", + "/usr/share/man/fr/man1/chsh.1.gz", + "/usr/share/man/fr/man1/expiry.1.gz", + "/usr/share/man/fr/man1/gpasswd.1.gz", + "/usr/share/man/fr/man1/passwd.1.gz", + "/usr/share/man/fr/man5/gshadow.5.gz", + "/usr/share/man/fr/man5/passwd.5.gz", + "/usr/share/man/fr/man5/shadow.5.gz", + "/usr/share/man/fr/man5/subgid.5.gz", + "/usr/share/man/fr/man5/subuid.5.gz", + "/usr/share/man/fr/man8/chgpasswd.8.gz", + "/usr/share/man/fr/man8/chpasswd.8.gz", + "/usr/share/man/fr/man8/groupadd.8.gz", + "/usr/share/man/fr/man8/groupdel.8.gz", + "/usr/share/man/fr/man8/groupmod.8.gz", + "/usr/share/man/fr/man8/grpck.8.gz", + "/usr/share/man/fr/man8/newusers.8.gz", + "/usr/share/man/fr/man8/pwck.8.gz", + "/usr/share/man/fr/man8/pwconv.8.gz", + "/usr/share/man/fr/man8/useradd.8.gz", + "/usr/share/man/fr/man8/userdel.8.gz", + "/usr/share/man/fr/man8/usermod.8.gz", + "/usr/share/man/fr/man8/vipw.8.gz", + "/usr/share/man/hu/man1/chsh.1.gz", + "/usr/share/man/hu/man1/gpasswd.1.gz", + "/usr/share/man/hu/man1/passwd.1.gz", + "/usr/share/man/hu/man5/passwd.5.gz", + "/usr/share/man/id/man1/chsh.1.gz", + "/usr/share/man/id/man8/useradd.8.gz", + "/usr/share/man/it/man1/chage.1.gz", + "/usr/share/man/it/man1/chfn.1.gz", + "/usr/share/man/it/man1/chsh.1.gz", + "/usr/share/man/it/man1/expiry.1.gz", + "/usr/share/man/it/man1/gpasswd.1.gz", + "/usr/share/man/it/man1/passwd.1.gz", + "/usr/share/man/it/man5/gshadow.5.gz", + "/usr/share/man/it/man5/passwd.5.gz", + "/usr/share/man/it/man5/shadow.5.gz", + "/usr/share/man/it/man8/chgpasswd.8.gz", + "/usr/share/man/it/man8/chpasswd.8.gz", + "/usr/share/man/it/man8/groupadd.8.gz", + "/usr/share/man/it/man8/groupdel.8.gz", + "/usr/share/man/it/man8/groupmod.8.gz", + "/usr/share/man/it/man8/grpck.8.gz", + "/usr/share/man/it/man8/newusers.8.gz", + "/usr/share/man/it/man8/pwck.8.gz", + "/usr/share/man/it/man8/pwconv.8.gz", + "/usr/share/man/it/man8/useradd.8.gz", + "/usr/share/man/it/man8/userdel.8.gz", + "/usr/share/man/it/man8/usermod.8.gz", + "/usr/share/man/it/man8/vipw.8.gz", + "/usr/share/man/ja/man1/chage.1.gz", + "/usr/share/man/ja/man1/chfn.1.gz", + "/usr/share/man/ja/man1/chsh.1.gz", + "/usr/share/man/ja/man1/expiry.1.gz", + "/usr/share/man/ja/man1/gpasswd.1.gz", + "/usr/share/man/ja/man1/passwd.1.gz", + "/usr/share/man/ja/man5/passwd.5.gz", + "/usr/share/man/ja/man5/shadow.5.gz", + "/usr/share/man/ja/man8/chpasswd.8.gz", + "/usr/share/man/ja/man8/groupadd.8.gz", + "/usr/share/man/ja/man8/groupdel.8.gz", + "/usr/share/man/ja/man8/groupmod.8.gz", + "/usr/share/man/ja/man8/grpck.8.gz", + "/usr/share/man/ja/man8/newusers.8.gz", + "/usr/share/man/ja/man8/pwck.8.gz", + "/usr/share/man/ja/man8/pwconv.8.gz", + "/usr/share/man/ja/man8/useradd.8.gz", + "/usr/share/man/ja/man8/userdel.8.gz", + "/usr/share/man/ja/man8/usermod.8.gz", + "/usr/share/man/ja/man8/vipw.8.gz", + "/usr/share/man/ko/man1/chfn.1.gz", + "/usr/share/man/ko/man1/chsh.1.gz", + "/usr/share/man/ko/man5/passwd.5.gz", + "/usr/share/man/ko/man8/vipw.8.gz", + "/usr/share/man/man1/chage.1.gz", + "/usr/share/man/man1/chfn.1.gz", + "/usr/share/man/man1/chsh.1.gz", + "/usr/share/man/man1/expiry.1.gz", + "/usr/share/man/man1/gpasswd.1.gz", + "/usr/share/man/man1/passwd.1.gz", + "/usr/share/man/man5/gshadow.5.gz", + "/usr/share/man/man5/passwd.5.gz", + "/usr/share/man/man5/shadow.5.gz", + "/usr/share/man/man5/subgid.5.gz", + "/usr/share/man/man5/subuid.5.gz", + "/usr/share/man/man8/chgpasswd.8.gz", + "/usr/share/man/man8/chpasswd.8.gz", + "/usr/share/man/man8/groupadd.8.gz", + "/usr/share/man/man8/groupdel.8.gz", + "/usr/share/man/man8/groupmod.8.gz", + "/usr/share/man/man8/grpck.8.gz", + "/usr/share/man/man8/newusers.8.gz", + "/usr/share/man/man8/pwck.8.gz", + "/usr/share/man/man8/pwconv.8.gz", + "/usr/share/man/man8/shadowconfig.8.gz", + "/usr/share/man/man8/useradd.8.gz", + "/usr/share/man/man8/userdel.8.gz", + "/usr/share/man/man8/usermod.8.gz", + "/usr/share/man/man8/vipw.8.gz", + "/usr/share/man/pl/man1/chage.1.gz", + "/usr/share/man/pl/man1/chsh.1.gz", + "/usr/share/man/pl/man1/expiry.1.gz", + "/usr/share/man/pl/man8/groupadd.8.gz", + "/usr/share/man/pl/man8/groupdel.8.gz", + "/usr/share/man/pl/man8/groupmod.8.gz", + "/usr/share/man/pl/man8/grpck.8.gz", + "/usr/share/man/pl/man8/userdel.8.gz", + "/usr/share/man/pl/man8/usermod.8.gz", + "/usr/share/man/pl/man8/vipw.8.gz", + "/usr/share/man/pt_BR/man1/gpasswd.1.gz", + "/usr/share/man/pt_BR/man5/passwd.5.gz", + "/usr/share/man/pt_BR/man5/shadow.5.gz", + "/usr/share/man/pt_BR/man8/groupadd.8.gz", + "/usr/share/man/pt_BR/man8/groupdel.8.gz", + "/usr/share/man/pt_BR/man8/groupmod.8.gz", + "/usr/share/man/ru/man1/chage.1.gz", + "/usr/share/man/ru/man1/chfn.1.gz", + "/usr/share/man/ru/man1/chsh.1.gz", + "/usr/share/man/ru/man1/expiry.1.gz", + "/usr/share/man/ru/man1/gpasswd.1.gz", + "/usr/share/man/ru/man1/passwd.1.gz", + "/usr/share/man/ru/man5/gshadow.5.gz", + "/usr/share/man/ru/man5/passwd.5.gz", + "/usr/share/man/ru/man5/shadow.5.gz", + "/usr/share/man/ru/man8/chgpasswd.8.gz", + "/usr/share/man/ru/man8/chpasswd.8.gz", + "/usr/share/man/ru/man8/groupadd.8.gz", + "/usr/share/man/ru/man8/groupdel.8.gz", + "/usr/share/man/ru/man8/groupmod.8.gz", + "/usr/share/man/ru/man8/grpck.8.gz", + "/usr/share/man/ru/man8/newusers.8.gz", + "/usr/share/man/ru/man8/pwck.8.gz", + "/usr/share/man/ru/man8/pwconv.8.gz", + "/usr/share/man/ru/man8/useradd.8.gz", + "/usr/share/man/ru/man8/userdel.8.gz", + "/usr/share/man/ru/man8/usermod.8.gz", + "/usr/share/man/ru/man8/vipw.8.gz", + "/usr/share/man/sv/man1/chage.1.gz", + "/usr/share/man/sv/man1/chsh.1.gz", + "/usr/share/man/sv/man1/expiry.1.gz", + "/usr/share/man/sv/man1/passwd.1.gz", + "/usr/share/man/sv/man5/gshadow.5.gz", + "/usr/share/man/sv/man5/passwd.5.gz", + "/usr/share/man/sv/man8/groupadd.8.gz", + "/usr/share/man/sv/man8/groupdel.8.gz", + "/usr/share/man/sv/man8/groupmod.8.gz", + "/usr/share/man/sv/man8/grpck.8.gz", + "/usr/share/man/sv/man8/pwck.8.gz", + "/usr/share/man/sv/man8/userdel.8.gz", + "/usr/share/man/sv/man8/vipw.8.gz", + "/usr/share/man/tr/man1/chage.1.gz", + "/usr/share/man/tr/man1/chfn.1.gz", + "/usr/share/man/tr/man1/passwd.1.gz", + "/usr/share/man/tr/man5/passwd.5.gz", + "/usr/share/man/tr/man5/shadow.5.gz", + "/usr/share/man/tr/man8/groupadd.8.gz", + "/usr/share/man/tr/man8/groupdel.8.gz", + "/usr/share/man/tr/man8/groupmod.8.gz", + "/usr/share/man/tr/man8/useradd.8.gz", + "/usr/share/man/tr/man8/userdel.8.gz", + "/usr/share/man/tr/man8/usermod.8.gz", + "/usr/share/man/uk/man1/chage.1.gz", + "/usr/share/man/uk/man1/chfn.1.gz", + "/usr/share/man/uk/man1/chsh.1.gz", + "/usr/share/man/uk/man1/expiry.1.gz", + "/usr/share/man/uk/man1/gpasswd.1.gz", + "/usr/share/man/uk/man1/passwd.1.gz", + "/usr/share/man/uk/man5/gshadow.5.gz", + "/usr/share/man/uk/man5/passwd.5.gz", + "/usr/share/man/uk/man5/shadow.5.gz", + "/usr/share/man/uk/man8/chgpasswd.8.gz", + "/usr/share/man/uk/man8/chpasswd.8.gz", + "/usr/share/man/uk/man8/groupadd.8.gz", + "/usr/share/man/uk/man8/groupdel.8.gz", + "/usr/share/man/uk/man8/groupmod.8.gz", + "/usr/share/man/uk/man8/grpck.8.gz", + "/usr/share/man/uk/man8/newusers.8.gz", + "/usr/share/man/uk/man8/pwck.8.gz", + "/usr/share/man/uk/man8/pwconv.8.gz", + "/usr/share/man/uk/man8/useradd.8.gz", + "/usr/share/man/uk/man8/userdel.8.gz", + "/usr/share/man/uk/man8/usermod.8.gz", + "/usr/share/man/uk/man8/vipw.8.gz", + "/usr/share/man/zh_CN/man1/chage.1.gz", + "/usr/share/man/zh_CN/man1/chfn.1.gz", + "/usr/share/man/zh_CN/man1/chsh.1.gz", + "/usr/share/man/zh_CN/man1/expiry.1.gz", + "/usr/share/man/zh_CN/man1/gpasswd.1.gz", + "/usr/share/man/zh_CN/man1/passwd.1.gz", + "/usr/share/man/zh_CN/man5/gshadow.5.gz", + "/usr/share/man/zh_CN/man5/passwd.5.gz", + "/usr/share/man/zh_CN/man5/shadow.5.gz", + "/usr/share/man/zh_CN/man8/chgpasswd.8.gz", + "/usr/share/man/zh_CN/man8/chpasswd.8.gz", + "/usr/share/man/zh_CN/man8/groupadd.8.gz", + "/usr/share/man/zh_CN/man8/groupdel.8.gz", + "/usr/share/man/zh_CN/man8/groupmod.8.gz", + "/usr/share/man/zh_CN/man8/grpck.8.gz", + "/usr/share/man/zh_CN/man8/newusers.8.gz", + "/usr/share/man/zh_CN/man8/pwck.8.gz", + "/usr/share/man/zh_CN/man8/pwconv.8.gz", + "/usr/share/man/zh_CN/man8/useradd.8.gz", + "/usr/share/man/zh_CN/man8/userdel.8.gz", + "/usr/share/man/zh_CN/man8/usermod.8.gz", + "/usr/share/man/zh_CN/man8/vipw.8.gz", + "/usr/share/man/zh_TW/man1/chfn.1.gz", + "/usr/share/man/zh_TW/man1/chsh.1.gz", + "/usr/share/man/zh_TW/man5/passwd.5.gz", + "/usr/share/man/zh_TW/man8/chpasswd.8.gz", + "/usr/share/man/zh_TW/man8/groupadd.8.gz", + "/usr/share/man/zh_TW/man8/groupdel.8.gz", + "/usr/share/man/zh_TW/man8/groupmod.8.gz", + "/usr/share/man/zh_TW/man8/useradd.8.gz", + "/usr/share/man/zh_TW/man8/userdel.8.gz", + "/usr/share/man/zh_TW/man8/usermod.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "perl-base@5.40.1-6", + "Name": "perl-base", + "Identifier": { + "PURL": "pkg:deb/debian/perl-base@5.40.1-6?arch=amd64\u0026distro=debian-13.5", + "UID": "546ba1bdcd66d61" + }, + "Version": "5.40.1", + "Release": "6", + "Arch": "amd64", + "SrcName": "perl", + "SrcVersion": "5.40.1", + "SrcRelease": "6", + "Licenses": [ + "GPL-1.0-or-later", + "Artistic-2.0", + "MIT", + "REGCOMP", + "GPL-2.0-with-bison-exception+", + "Unicode", + "BZIP", + "Zlib", + "GPL-2.0-or-later", + "FSFAP", + "BSD-3-clause-with-weird-numbering", + "CC0-1.0", + "TEXT-TABS", + "BSD-4-clause-POWERDOG", + "BSD-3-clause-GENERIC", + "BSD-3-Clause", + "SDBM-PUBLIC-DOMAIN", + "DONT-CHANGE-THE-GPL", + "Artistic-dist", + "LGPL-2.1-only", + "GPL-1.0-only", + "GPL-2.0-only", + "Artistic-2" + ], + "Maintainer": "Niko Tyni \u003cntyni@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/perl", + "/usr/bin/perl5.40.1", + "/usr/lib/x86_64-linux-gnu/perl-base/AutoLoader.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Carp.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Carp/Heavy.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Config.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Config_git.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/Config_heavy.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/Cwd.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/DynaLoader.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Errno.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Exporter.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Exporter/Heavy.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Fcntl.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Basename.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Glob.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Path.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec/Unix.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/File/Temp.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/FileHandle.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Getopt/Long.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Getopt/Long/Parser.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Hash/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/File.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Handle.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Pipe.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Seekable.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Select.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/INET.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/IP.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/UNIX.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open2.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/List/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/POSIX.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Scalar/Util.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/SelectSaver.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Socket.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Symbol.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Text/ParseWords.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Text/Tabs.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Text/Wrap.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/Tie/Hash.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/XSLoader.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/attributes.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/Cwd/Cwd.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/Fcntl/Fcntl.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/File/Glob/Glob.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/Hash/Util/Util.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/IO/IO.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/List/Util/Util.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/POSIX/POSIX.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/Socket/Socket.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/attributes/attributes.so", + "/usr/lib/x86_64-linux-gnu/perl-base/auto/re/re.so", + "/usr/lib/x86_64-linux-gnu/perl-base/base.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/builtin.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/bytes.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/constant.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/feature.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/fields.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/integer.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/lib.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/locale.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/overload.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/overloading.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/parent.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/re.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/strict.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Age.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bmg.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Cf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Ea.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/EqUIdeo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/GCB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Gc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Hst.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Identif2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Identifi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InPC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InSC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Isc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jg.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFCQC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFDQC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCCF.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCQC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKDQC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Na1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NameAlia.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nv.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/PerlDeci.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/SB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Sc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Scx.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Tc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Uc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Vo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/WB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlLB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlSCX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/NA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V100.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V11.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V110.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V120.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V130.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V140.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V150.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V20.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V30.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V31.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V32.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V40.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V41.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V50.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V51.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V52.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V60.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V61.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V70.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V80.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V90.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Alpha/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/B.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/BN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/CS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/EN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ES.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ET.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/L.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/NSM.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ON.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/R.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/WS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiM/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Blk/NB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/C.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/O.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CE/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CI/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCF/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCM/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWKCF/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWL/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWT/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWU/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Cased/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/A.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/ATAR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/B.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/BR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/DB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NK.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/OV.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/VR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CompEx/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/DI/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dash/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dep/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dia/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Com.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Enc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Fin.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Font.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Init.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Iso.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Med.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nar.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/NonCanon.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sqr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sub.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sup.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Vert.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EBase/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EComp/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EPres/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/A.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/H.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/Na.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/W.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Emoji/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ext/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/ExtPict/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/CN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/EX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LV.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LVT.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/PP.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/SM.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/XX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/C.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/L.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/LC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ll.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/M.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Me.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nd.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/No.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/P.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pd.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pe.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Po.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ps.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/S.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sk.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/So.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Z.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Zs.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrBase/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrExt/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hex/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hst/NA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hyphen/T.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDS/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdStatus/Allowed.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdStatus/Restrict.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/DefaultI.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Exclusio.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Inclusio.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/LimitedU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotChara.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotNFKC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotXID.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Obsolete.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Recommen.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Technica.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Uncommon.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ideo/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/10_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/11_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/13_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/14_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/15_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/7_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/8_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/9_0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Bottom.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/BottomAn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Left.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/LeftAndR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/NA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Overstru.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Right.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Top.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndBo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndL2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndLe.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndRi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/VisualOr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Avagraha.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Bindu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Cantilla.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona4.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona5.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona6.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona7.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona8.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona9.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consonan.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Geminati.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Invisibl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Nukta.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Number.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Other.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/PureKill.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Syllable.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/ToneMark.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Virama.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Visarga.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Vowel.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelDep.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelInd.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Ain.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Alef.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Beh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Dal.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/FarsiYeh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Feh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Gaf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Hah.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/HanifiRo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Kaf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Lam.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/NoJoinin.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Noon.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Qaf.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Reh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Sad.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Seen.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Tah.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Waw.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Yeh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/C.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/D.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/L.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/R.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/T.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/U.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AI.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CJ.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CM.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/EX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/GL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/ID.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/OP.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PO.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PR.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/QU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/SA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/XX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lower/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Math/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/M.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/N.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Di.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/None.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Nu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/0.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/11.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/12.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/13.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/14.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/15.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/16.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/17.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/18.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/19.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_16.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_4.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_6.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_8.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/200.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2_3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/300.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_16.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_4.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/400.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/500.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/600.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/700.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/800.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/900.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90000.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PCM/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PatSyn/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Alnum.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Assigned.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Blank.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Graph.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PerlWord.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PosixPun.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Print.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/SpacePer.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Title.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Word.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/XPosixPu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlAny.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCh2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCha.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlFol.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDS.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIsI.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlNch.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPat.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPr2.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPro.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlQuo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/QMark/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/AT.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/CL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/EX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/FO.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LE.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LO.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/NU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/SC.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/ST.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/Sp.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/UP.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/XX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SD/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/STerm/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Arab.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Beng.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cprt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cyrl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Deva.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Dupl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Geor.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Glag.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gong.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gonm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gran.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Grek.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gujr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Guru.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Han.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hang.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hira.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Kana.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Knda.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Latn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Limb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Linb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mlym.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mong.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mult.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Orya.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Sinh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Syrc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Taml.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Telu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zinh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zyyy.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Adlm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Arab.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Armn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Beng.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bhks.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bopo.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cakm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cham.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Copt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cprt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cyrl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Deva.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Diak.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Dupl.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Ethi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Geor.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Glag.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gong.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gonm.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gran.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Grek.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gujr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Guru.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Han.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hang.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hebr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hira.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmng.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmnp.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kana.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khar.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khmr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khoj.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Knda.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kthi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lana.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lao.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Latn.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Limb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lina.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Linb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mlym.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mong.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mult.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mymr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Nand.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Nko.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Orya.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Phlp.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Rohg.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Shrd.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sind.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sinh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Syrc.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tagb.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Takr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Talu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Taml.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tang.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Telu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Thaa.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tibt.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tirh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Vith.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Xsux.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Yezi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Yi.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zinh.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zyyy.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zzzz.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Term/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/UIdeo/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Upper/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/VS/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/R.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tr.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tu.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/U.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/EX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/Extend.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/FO.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/HL.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/KA.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/LE.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MB.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/ML.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MN.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/NU.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/WSegSpac.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/XX.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDC/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDS/Y.pl", + "/usr/lib/x86_64-linux-gnu/perl-base/utf8.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/vars.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/warnings.pm", + "/usr/lib/x86_64-linux-gnu/perl-base/warnings/register.pm", + "/usr/share/doc/perl-base/changelog.Debian.gz", + "/usr/share/doc/perl-base/changelog.gz", + "/usr/share/doc/perl-base/copyright", + "/usr/share/doc/perl/AUTHORS.gz", + "/usr/share/doc/perl/Documentation", + "/usr/share/lintian/overrides/perl-base", + "/usr/share/man/man1/perl.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "readline-common@8.2-6", + "Name": "readline-common", + "Identifier": { + "PURL": "pkg:deb/debian/readline-common@8.2-6?arch=all\u0026distro=debian-13.5", + "UID": "e762758a1681f62e" + }, + "Version": "8.2", + "Release": "6", + "Arch": "all", + "SrcName": "readline", + "SrcVersion": "8.2", + "SrcRelease": "6", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only", + "GPL-2.0-or-later", + "GPL-2.0-only", + "GFDL-1.3-no-invariants-or-later", + "GFDL-1.3-or-later", + "ISC-no-attribution" + ], + "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "InstalledFiles": [ + "/usr/share/doc/readline-common/changelog.Debian.gz", + "/usr/share/doc/readline-common/changelog.gz", + "/usr/share/doc/readline-common/copyright", + "/usr/share/doc/readline-common/inputrc.arrows", + "/usr/share/info/rluserman.info.gz", + "/usr/share/lintian/overrides/readline-common", + "/usr/share/man/man3/history.3readline.gz", + "/usr/share/man/man3/readline.3readline.gz", + "/usr/share/readline/inputrc" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "sed@4.9-2+deb13u1", + "Name": "sed", + "Identifier": { + "PURL": "pkg:deb/debian/sed@4.9-2%2Bdeb13u1?arch=amd64\u0026distro=debian-13.5", + "UID": "a041ea16982bb927" + }, + "Version": "4.9", + "Release": "2+deb13u1", + "Arch": "amd64", + "SrcName": "sed", + "SrcVersion": "4.9", + "SrcRelease": "2+deb13u1", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only", + "X11", + "GFDL-1.3-no-invariants-or-later", + "GFDL-1.3-only", + "ISC", + "BSD-4-Clause-UC", + "BSL-1", + "pcre" + ], + "Maintainer": "Clint Adams \u003cclint@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/sed", + "/usr/share/doc/sed/AUTHORS", + "/usr/share/doc/sed/BUGS.gz", + "/usr/share/doc/sed/NEWS.gz", + "/usr/share/doc/sed/README", + "/usr/share/doc/sed/THANKS.gz", + "/usr/share/doc/sed/changelog.Debian.gz", + "/usr/share/doc/sed/changelog.gz", + "/usr/share/doc/sed/copyright", + "/usr/share/doc/sed/examples/dc.sed", + "/usr/share/doc/sed/sedfaq.txt.gz", + "/usr/share/info/sed.info.gz", + "/usr/share/locale/af/LC_MESSAGES/sed.mo", + "/usr/share/locale/ast/LC_MESSAGES/sed.mo", + "/usr/share/locale/bg/LC_MESSAGES/sed.mo", + "/usr/share/locale/ca/LC_MESSAGES/sed.mo", + "/usr/share/locale/cs/LC_MESSAGES/sed.mo", + "/usr/share/locale/da/LC_MESSAGES/sed.mo", + "/usr/share/locale/de/LC_MESSAGES/sed.mo", + "/usr/share/locale/el/LC_MESSAGES/sed.mo", + "/usr/share/locale/eo/LC_MESSAGES/sed.mo", + "/usr/share/locale/es/LC_MESSAGES/sed.mo", + "/usr/share/locale/et/LC_MESSAGES/sed.mo", + "/usr/share/locale/eu/LC_MESSAGES/sed.mo", + "/usr/share/locale/fi/LC_MESSAGES/sed.mo", + "/usr/share/locale/fr/LC_MESSAGES/sed.mo", + "/usr/share/locale/ga/LC_MESSAGES/sed.mo", + "/usr/share/locale/gl/LC_MESSAGES/sed.mo", + "/usr/share/locale/he/LC_MESSAGES/sed.mo", + "/usr/share/locale/hr/LC_MESSAGES/sed.mo", + "/usr/share/locale/hu/LC_MESSAGES/sed.mo", + "/usr/share/locale/id/LC_MESSAGES/sed.mo", + "/usr/share/locale/it/LC_MESSAGES/sed.mo", + "/usr/share/locale/ja/LC_MESSAGES/sed.mo", + "/usr/share/locale/ka/LC_MESSAGES/sed.mo", + "/usr/share/locale/ko/LC_MESSAGES/sed.mo", + "/usr/share/locale/nb/LC_MESSAGES/sed.mo", + "/usr/share/locale/nl/LC_MESSAGES/sed.mo", + "/usr/share/locale/pl/LC_MESSAGES/sed.mo", + "/usr/share/locale/pt/LC_MESSAGES/sed.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/sed.mo", + "/usr/share/locale/ro/LC_MESSAGES/sed.mo", + "/usr/share/locale/ru/LC_MESSAGES/sed.mo", + "/usr/share/locale/sk/LC_MESSAGES/sed.mo", + "/usr/share/locale/sl/LC_MESSAGES/sed.mo", + "/usr/share/locale/sr/LC_MESSAGES/sed.mo", + "/usr/share/locale/sv/LC_MESSAGES/sed.mo", + "/usr/share/locale/tr/LC_MESSAGES/sed.mo", + "/usr/share/locale/uk/LC_MESSAGES/sed.mo", + "/usr/share/locale/vi/LC_MESSAGES/sed.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/sed.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/sed.mo", + "/usr/share/man/man1/sed.1.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "sqv@1.3.0-3+b2", + "Name": "sqv", + "Identifier": { + "PURL": "pkg:deb/debian/sqv@1.3.0-3%2Bb2?arch=amd64\u0026distro=debian-13.5", + "UID": "2bf11ffe79190750" + }, + "Version": "1.3.0", + "Release": "3+b2", + "Arch": "amd64", + "SrcName": "rust-sequoia-sqv", + "SrcVersion": "1.3.0", + "SrcRelease": "3", + "Licenses": [ + "LGPL-2.0-or-later", + "LGPL-2.0-only" + ], + "Maintainer": "Debian Rust Maintainers \u003cpkg-rust-maintainers@alioth-lists.debian.net\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3", + "libgcc-s1@14.2.0-19", + "libgmp10@2:6.3.0+dfsg-3", + "libhogweed6t64@3.10.1-1", + "libnettle8t64@3.10.1-1" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/sqv", + "/usr/share/bash-completion/completions/sqv.bash", + "/usr/share/doc/sqv/NEWS.gz", + "/usr/share/doc/sqv/changelog.Debian.amd64.gz", + "/usr/share/doc/sqv/changelog.Debian.gz", + "/usr/share/doc/sqv/copyright", + "/usr/share/fish/completions/sqv.fish", + "/usr/share/man/man1/sqv.1.gz", + "/usr/share/zsh/vendor-completions/_sqv" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "sysvinit-utils@3.14-4", + "Name": "sysvinit-utils", + "Identifier": { + "PURL": "pkg:deb/debian/sysvinit-utils@3.14-4?arch=amd64\u0026distro=debian-13.5", + "UID": "f7fb888c58ca826e" + }, + "Version": "3.14", + "Release": "4", + "Arch": "amd64", + "SrcName": "sysvinit", + "SrcVersion": "3.14", + "SrcRelease": "4", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.1-or-later", + "GPL-3.0-only", + "GPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Debian sysvinit maintainers \u003cdebian-init-diversity@chiark.greenend.org.uk\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/init/init-d-script", + "/usr/lib/init/vars.sh", + "/usr/lib/lsb/init-functions", + "/usr/lib/lsb/init-functions.d/00-verbose", + "/usr/sbin/fstab-decode", + "/usr/sbin/killall5", + "/usr/share/doc/sysvinit-utils/changelog.Debian.gz", + "/usr/share/doc/sysvinit-utils/copyright", + "/usr/share/man/man5/init-d-script.5.gz", + "/usr/share/man/man8/fstab-decode.8.gz", + "/usr/share/man/man8/killall5.8.gz", + "/usr/share/man/man8/pidof.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "tar@1.35+dfsg-3.1", + "Name": "tar", + "Identifier": { + "PURL": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?arch=amd64\u0026distro=debian-13.5", + "UID": "4f69996c49afbaca" + }, + "Version": "1.35+dfsg", + "Release": "3.1", + "Arch": "amd64", + "SrcName": "tar", + "SrcVersion": "1.35+dfsg", + "SrcRelease": "3.1", + "Licenses": [ + "GPL-3.0-or-later", + "GPL-3.0-only", + "GPL-3+ with Bison exception", + "LGPL-2.1-or-later", + "LGPL-2.1-only", + "LGPL-3.0-or-later", + "LGPL-3.0-only", + "GPL-2.0-or-later", + "GPL-2.0-only" + ], + "Maintainer": "Janos Lenart \u003cocsi@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/tar", + "/usr/lib/mime/packages/tar", + "/usr/sbin/rmt-tar", + "/usr/sbin/tarcat", + "/usr/share/doc/tar/AUTHORS", + "/usr/share/doc/tar/NEWS.gz", + "/usr/share/doc/tar/README.Debian", + "/usr/share/doc/tar/THANKS.gz", + "/usr/share/doc/tar/changelog.1.gz", + "/usr/share/doc/tar/changelog.Debian.gz", + "/usr/share/doc/tar/changelog.gz", + "/usr/share/doc/tar/copyright", + "/usr/share/locale/bg/LC_MESSAGES/tar.mo", + "/usr/share/locale/ca/LC_MESSAGES/tar.mo", + "/usr/share/locale/cs/LC_MESSAGES/tar.mo", + "/usr/share/locale/da/LC_MESSAGES/tar.mo", + "/usr/share/locale/de/LC_MESSAGES/tar.mo", + "/usr/share/locale/el/LC_MESSAGES/tar.mo", + "/usr/share/locale/eo/LC_MESSAGES/tar.mo", + "/usr/share/locale/es/LC_MESSAGES/tar.mo", + "/usr/share/locale/et/LC_MESSAGES/tar.mo", + "/usr/share/locale/eu/LC_MESSAGES/tar.mo", + "/usr/share/locale/fi/LC_MESSAGES/tar.mo", + "/usr/share/locale/fr/LC_MESSAGES/tar.mo", + "/usr/share/locale/ga/LC_MESSAGES/tar.mo", + "/usr/share/locale/gl/LC_MESSAGES/tar.mo", + "/usr/share/locale/hr/LC_MESSAGES/tar.mo", + "/usr/share/locale/hu/LC_MESSAGES/tar.mo", + "/usr/share/locale/id/LC_MESSAGES/tar.mo", + "/usr/share/locale/it/LC_MESSAGES/tar.mo", + "/usr/share/locale/ja/LC_MESSAGES/tar.mo", + "/usr/share/locale/ka/LC_MESSAGES/tar.mo", + "/usr/share/locale/ko/LC_MESSAGES/tar.mo", + "/usr/share/locale/ky/LC_MESSAGES/tar.mo", + "/usr/share/locale/ms/LC_MESSAGES/tar.mo", + "/usr/share/locale/nb/LC_MESSAGES/tar.mo", + "/usr/share/locale/nl/LC_MESSAGES/tar.mo", + "/usr/share/locale/pl/LC_MESSAGES/tar.mo", + "/usr/share/locale/pt/LC_MESSAGES/tar.mo", + "/usr/share/locale/pt_BR/LC_MESSAGES/tar.mo", + "/usr/share/locale/ro/LC_MESSAGES/tar.mo", + "/usr/share/locale/ru/LC_MESSAGES/tar.mo", + "/usr/share/locale/sk/LC_MESSAGES/tar.mo", + "/usr/share/locale/sl/LC_MESSAGES/tar.mo", + "/usr/share/locale/sr/LC_MESSAGES/tar.mo", + "/usr/share/locale/sv/LC_MESSAGES/tar.mo", + "/usr/share/locale/tr/LC_MESSAGES/tar.mo", + "/usr/share/locale/uk/LC_MESSAGES/tar.mo", + "/usr/share/locale/vi/LC_MESSAGES/tar.mo", + "/usr/share/locale/zh_CN/LC_MESSAGES/tar.mo", + "/usr/share/locale/zh_TW/LC_MESSAGES/tar.mo", + "/usr/share/man/man1/tar.1.gz", + "/usr/share/man/man1/tarcat.1.gz", + "/usr/share/man/man8/rmt-tar.8.gz" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "tzdata@2026b-0+deb13u1", + "Name": "tzdata", + "Identifier": { + "PURL": "pkg:deb/debian/tzdata@2026b-0%2Bdeb13u1?arch=all\u0026distro=debian-13.5", + "UID": "9e352e373d8245f0" + }, + "Version": "2026b", + "Release": "0+deb13u1", + "Arch": "all", + "SrcName": "tzdata", + "SrcVersion": "2026b", + "SrcRelease": "0+deb13u1", + "Licenses": [ + "public-domain" + ], + "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "debconf@1.5.91" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/share/doc/tzdata/NEWS.Debian.gz", + "/usr/share/doc/tzdata/README.Debian", + "/usr/share/doc/tzdata/changelog.Debian.gz", + "/usr/share/doc/tzdata/changelog.gz", + "/usr/share/doc/tzdata/copyright", + "/usr/share/lintian/overrides/tzdata", + "/usr/share/zoneinfo/Africa/Abidjan", + "/usr/share/zoneinfo/Africa/Accra", + "/usr/share/zoneinfo/Africa/Addis_Ababa", + "/usr/share/zoneinfo/Africa/Algiers", + "/usr/share/zoneinfo/Africa/Asmara", + "/usr/share/zoneinfo/Africa/Bamako", + "/usr/share/zoneinfo/Africa/Bangui", + "/usr/share/zoneinfo/Africa/Banjul", + "/usr/share/zoneinfo/Africa/Bissau", + "/usr/share/zoneinfo/Africa/Blantyre", + "/usr/share/zoneinfo/Africa/Brazzaville", + "/usr/share/zoneinfo/Africa/Bujumbura", + "/usr/share/zoneinfo/Africa/Cairo", + "/usr/share/zoneinfo/Africa/Casablanca", + "/usr/share/zoneinfo/Africa/Ceuta", + "/usr/share/zoneinfo/Africa/Conakry", + "/usr/share/zoneinfo/Africa/Dakar", + "/usr/share/zoneinfo/Africa/Dar_es_Salaam", + "/usr/share/zoneinfo/Africa/Djibouti", + "/usr/share/zoneinfo/Africa/Douala", + "/usr/share/zoneinfo/Africa/El_Aaiun", + "/usr/share/zoneinfo/Africa/Freetown", + "/usr/share/zoneinfo/Africa/Gaborone", + "/usr/share/zoneinfo/Africa/Harare", + "/usr/share/zoneinfo/Africa/Johannesburg", + "/usr/share/zoneinfo/Africa/Juba", + "/usr/share/zoneinfo/Africa/Kampala", + "/usr/share/zoneinfo/Africa/Khartoum", + "/usr/share/zoneinfo/Africa/Kigali", + "/usr/share/zoneinfo/Africa/Kinshasa", + "/usr/share/zoneinfo/Africa/Lagos", + "/usr/share/zoneinfo/Africa/Libreville", + "/usr/share/zoneinfo/Africa/Lome", + "/usr/share/zoneinfo/Africa/Luanda", + "/usr/share/zoneinfo/Africa/Lubumbashi", + "/usr/share/zoneinfo/Africa/Lusaka", + "/usr/share/zoneinfo/Africa/Malabo", + "/usr/share/zoneinfo/Africa/Maputo", + "/usr/share/zoneinfo/Africa/Maseru", + "/usr/share/zoneinfo/Africa/Mbabane", + "/usr/share/zoneinfo/Africa/Mogadishu", + "/usr/share/zoneinfo/Africa/Monrovia", + "/usr/share/zoneinfo/Africa/Nairobi", + "/usr/share/zoneinfo/Africa/Ndjamena", + "/usr/share/zoneinfo/Africa/Niamey", + "/usr/share/zoneinfo/Africa/Nouakchott", + "/usr/share/zoneinfo/Africa/Ouagadougou", + "/usr/share/zoneinfo/Africa/Porto-Novo", + "/usr/share/zoneinfo/Africa/Sao_Tome", + "/usr/share/zoneinfo/Africa/Tripoli", + "/usr/share/zoneinfo/Africa/Tunis", + "/usr/share/zoneinfo/Africa/Windhoek", + "/usr/share/zoneinfo/America/Adak", + "/usr/share/zoneinfo/America/Anchorage", + "/usr/share/zoneinfo/America/Anguilla", + "/usr/share/zoneinfo/America/Antigua", + "/usr/share/zoneinfo/America/Araguaina", + "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", + "/usr/share/zoneinfo/America/Argentina/Catamarca", + "/usr/share/zoneinfo/America/Argentina/Cordoba", + "/usr/share/zoneinfo/America/Argentina/Jujuy", + "/usr/share/zoneinfo/America/Argentina/La_Rioja", + "/usr/share/zoneinfo/America/Argentina/Mendoza", + "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", + "/usr/share/zoneinfo/America/Argentina/Salta", + "/usr/share/zoneinfo/America/Argentina/San_Juan", + "/usr/share/zoneinfo/America/Argentina/San_Luis", + "/usr/share/zoneinfo/America/Argentina/Tucuman", + "/usr/share/zoneinfo/America/Argentina/Ushuaia", + "/usr/share/zoneinfo/America/Aruba", + "/usr/share/zoneinfo/America/Asuncion", + "/usr/share/zoneinfo/America/Atikokan", + "/usr/share/zoneinfo/America/Bahia", + "/usr/share/zoneinfo/America/Bahia_Banderas", + "/usr/share/zoneinfo/America/Barbados", + "/usr/share/zoneinfo/America/Belem", + "/usr/share/zoneinfo/America/Belize", + "/usr/share/zoneinfo/America/Blanc-Sablon", + "/usr/share/zoneinfo/America/Boa_Vista", + "/usr/share/zoneinfo/America/Bogota", + "/usr/share/zoneinfo/America/Boise", + "/usr/share/zoneinfo/America/Cambridge_Bay", + "/usr/share/zoneinfo/America/Campo_Grande", + "/usr/share/zoneinfo/America/Cancun", + "/usr/share/zoneinfo/America/Caracas", + "/usr/share/zoneinfo/America/Cayenne", + "/usr/share/zoneinfo/America/Cayman", + "/usr/share/zoneinfo/America/Chicago", + "/usr/share/zoneinfo/America/Chihuahua", + "/usr/share/zoneinfo/America/Ciudad_Juarez", + "/usr/share/zoneinfo/America/Costa_Rica", + "/usr/share/zoneinfo/America/Coyhaique", + "/usr/share/zoneinfo/America/Creston", + "/usr/share/zoneinfo/America/Cuiaba", + "/usr/share/zoneinfo/America/Curacao", + "/usr/share/zoneinfo/America/Danmarkshavn", + "/usr/share/zoneinfo/America/Dawson", + "/usr/share/zoneinfo/America/Dawson_Creek", + "/usr/share/zoneinfo/America/Denver", + "/usr/share/zoneinfo/America/Detroit", + "/usr/share/zoneinfo/America/Dominica", + "/usr/share/zoneinfo/America/Edmonton", + "/usr/share/zoneinfo/America/Eirunepe", + "/usr/share/zoneinfo/America/El_Salvador", + "/usr/share/zoneinfo/America/Fort_Nelson", + "/usr/share/zoneinfo/America/Fortaleza", + "/usr/share/zoneinfo/America/Glace_Bay", + "/usr/share/zoneinfo/America/Goose_Bay", + "/usr/share/zoneinfo/America/Grand_Turk", + "/usr/share/zoneinfo/America/Grenada", + "/usr/share/zoneinfo/America/Guadeloupe", + "/usr/share/zoneinfo/America/Guatemala", + "/usr/share/zoneinfo/America/Guayaquil", + "/usr/share/zoneinfo/America/Guyana", + "/usr/share/zoneinfo/America/Halifax", + "/usr/share/zoneinfo/America/Havana", + "/usr/share/zoneinfo/America/Hermosillo", + "/usr/share/zoneinfo/America/Indiana/Indianapolis", + "/usr/share/zoneinfo/America/Indiana/Knox", + "/usr/share/zoneinfo/America/Indiana/Marengo", + "/usr/share/zoneinfo/America/Indiana/Petersburg", + "/usr/share/zoneinfo/America/Indiana/Tell_City", + "/usr/share/zoneinfo/America/Indiana/Vevay", + "/usr/share/zoneinfo/America/Indiana/Vincennes", + "/usr/share/zoneinfo/America/Indiana/Winamac", + "/usr/share/zoneinfo/America/Inuvik", + "/usr/share/zoneinfo/America/Iqaluit", + "/usr/share/zoneinfo/America/Jamaica", + "/usr/share/zoneinfo/America/Juneau", + "/usr/share/zoneinfo/America/Kentucky/Louisville", + "/usr/share/zoneinfo/America/Kentucky/Monticello", + "/usr/share/zoneinfo/America/La_Paz", + "/usr/share/zoneinfo/America/Lima", + "/usr/share/zoneinfo/America/Los_Angeles", + "/usr/share/zoneinfo/America/Maceio", + "/usr/share/zoneinfo/America/Managua", + "/usr/share/zoneinfo/America/Manaus", + "/usr/share/zoneinfo/America/Martinique", + "/usr/share/zoneinfo/America/Matamoros", + "/usr/share/zoneinfo/America/Mazatlan", + "/usr/share/zoneinfo/America/Menominee", + "/usr/share/zoneinfo/America/Merida", + "/usr/share/zoneinfo/America/Metlakatla", + "/usr/share/zoneinfo/America/Mexico_City", + "/usr/share/zoneinfo/America/Miquelon", + "/usr/share/zoneinfo/America/Moncton", + "/usr/share/zoneinfo/America/Monterrey", + "/usr/share/zoneinfo/America/Montevideo", + "/usr/share/zoneinfo/America/Montserrat", + "/usr/share/zoneinfo/America/Nassau", + "/usr/share/zoneinfo/America/New_York", + "/usr/share/zoneinfo/America/Nome", + "/usr/share/zoneinfo/America/Noronha", + "/usr/share/zoneinfo/America/North_Dakota/Beulah", + "/usr/share/zoneinfo/America/North_Dakota/Center", + "/usr/share/zoneinfo/America/North_Dakota/New_Salem", + "/usr/share/zoneinfo/America/Nuuk", + "/usr/share/zoneinfo/America/Ojinaga", + "/usr/share/zoneinfo/America/Panama", + "/usr/share/zoneinfo/America/Paramaribo", + "/usr/share/zoneinfo/America/Phoenix", + "/usr/share/zoneinfo/America/Port-au-Prince", + "/usr/share/zoneinfo/America/Port_of_Spain", + "/usr/share/zoneinfo/America/Porto_Velho", + "/usr/share/zoneinfo/America/Puerto_Rico", + "/usr/share/zoneinfo/America/Punta_Arenas", + "/usr/share/zoneinfo/America/Rankin_Inlet", + "/usr/share/zoneinfo/America/Recife", + "/usr/share/zoneinfo/America/Regina", + "/usr/share/zoneinfo/America/Resolute", + "/usr/share/zoneinfo/America/Rio_Branco", + "/usr/share/zoneinfo/America/Santarem", + "/usr/share/zoneinfo/America/Santiago", + "/usr/share/zoneinfo/America/Santo_Domingo", + "/usr/share/zoneinfo/America/Sao_Paulo", + "/usr/share/zoneinfo/America/Scoresbysund", + "/usr/share/zoneinfo/America/Sitka", + "/usr/share/zoneinfo/America/St_Johns", + "/usr/share/zoneinfo/America/St_Kitts", + "/usr/share/zoneinfo/America/St_Lucia", + "/usr/share/zoneinfo/America/St_Thomas", + "/usr/share/zoneinfo/America/St_Vincent", + "/usr/share/zoneinfo/America/Swift_Current", + "/usr/share/zoneinfo/America/Tegucigalpa", + "/usr/share/zoneinfo/America/Thule", + "/usr/share/zoneinfo/America/Tijuana", + "/usr/share/zoneinfo/America/Toronto", + "/usr/share/zoneinfo/America/Tortola", + "/usr/share/zoneinfo/America/Vancouver", + "/usr/share/zoneinfo/America/Whitehorse", + "/usr/share/zoneinfo/America/Winnipeg", + "/usr/share/zoneinfo/America/Yakutat", + "/usr/share/zoneinfo/Antarctica/Casey", + "/usr/share/zoneinfo/Antarctica/Davis", + "/usr/share/zoneinfo/Antarctica/DumontDUrville", + "/usr/share/zoneinfo/Antarctica/Macquarie", + "/usr/share/zoneinfo/Antarctica/Mawson", + "/usr/share/zoneinfo/Antarctica/McMurdo", + "/usr/share/zoneinfo/Antarctica/Palmer", + "/usr/share/zoneinfo/Antarctica/Rothera", + "/usr/share/zoneinfo/Antarctica/Syowa", + "/usr/share/zoneinfo/Antarctica/Troll", + "/usr/share/zoneinfo/Antarctica/Vostok", + "/usr/share/zoneinfo/Asia/Aden", + "/usr/share/zoneinfo/Asia/Almaty", + "/usr/share/zoneinfo/Asia/Amman", + "/usr/share/zoneinfo/Asia/Anadyr", + "/usr/share/zoneinfo/Asia/Aqtau", + "/usr/share/zoneinfo/Asia/Aqtobe", + "/usr/share/zoneinfo/Asia/Ashgabat", + "/usr/share/zoneinfo/Asia/Atyrau", + "/usr/share/zoneinfo/Asia/Baghdad", + "/usr/share/zoneinfo/Asia/Bahrain", + "/usr/share/zoneinfo/Asia/Baku", + "/usr/share/zoneinfo/Asia/Bangkok", + "/usr/share/zoneinfo/Asia/Barnaul", + "/usr/share/zoneinfo/Asia/Beirut", + "/usr/share/zoneinfo/Asia/Bishkek", + "/usr/share/zoneinfo/Asia/Brunei", + "/usr/share/zoneinfo/Asia/Chita", + "/usr/share/zoneinfo/Asia/Colombo", + "/usr/share/zoneinfo/Asia/Damascus", + "/usr/share/zoneinfo/Asia/Dhaka", + "/usr/share/zoneinfo/Asia/Dili", + "/usr/share/zoneinfo/Asia/Dubai", + "/usr/share/zoneinfo/Asia/Dushanbe", + "/usr/share/zoneinfo/Asia/Famagusta", + "/usr/share/zoneinfo/Asia/Gaza", + "/usr/share/zoneinfo/Asia/Hebron", + "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", + "/usr/share/zoneinfo/Asia/Hong_Kong", + "/usr/share/zoneinfo/Asia/Hovd", + "/usr/share/zoneinfo/Asia/Irkutsk", + "/usr/share/zoneinfo/Asia/Jakarta", + "/usr/share/zoneinfo/Asia/Jayapura", + "/usr/share/zoneinfo/Asia/Jerusalem", + "/usr/share/zoneinfo/Asia/Kabul", + "/usr/share/zoneinfo/Asia/Kamchatka", + "/usr/share/zoneinfo/Asia/Karachi", + "/usr/share/zoneinfo/Asia/Kathmandu", + "/usr/share/zoneinfo/Asia/Khandyga", + "/usr/share/zoneinfo/Asia/Kolkata", + "/usr/share/zoneinfo/Asia/Krasnoyarsk", + "/usr/share/zoneinfo/Asia/Kuala_Lumpur", + "/usr/share/zoneinfo/Asia/Kuching", + "/usr/share/zoneinfo/Asia/Kuwait", + "/usr/share/zoneinfo/Asia/Macau", + "/usr/share/zoneinfo/Asia/Magadan", + "/usr/share/zoneinfo/Asia/Makassar", + "/usr/share/zoneinfo/Asia/Manila", + "/usr/share/zoneinfo/Asia/Muscat", + "/usr/share/zoneinfo/Asia/Nicosia", + "/usr/share/zoneinfo/Asia/Novokuznetsk", + "/usr/share/zoneinfo/Asia/Novosibirsk", + "/usr/share/zoneinfo/Asia/Omsk", + "/usr/share/zoneinfo/Asia/Oral", + "/usr/share/zoneinfo/Asia/Phnom_Penh", + "/usr/share/zoneinfo/Asia/Pontianak", + "/usr/share/zoneinfo/Asia/Pyongyang", + "/usr/share/zoneinfo/Asia/Qatar", + "/usr/share/zoneinfo/Asia/Qostanay", + "/usr/share/zoneinfo/Asia/Qyzylorda", + "/usr/share/zoneinfo/Asia/Riyadh", + "/usr/share/zoneinfo/Asia/Sakhalin", + "/usr/share/zoneinfo/Asia/Samarkand", + "/usr/share/zoneinfo/Asia/Seoul", + "/usr/share/zoneinfo/Asia/Shanghai", + "/usr/share/zoneinfo/Asia/Singapore", + "/usr/share/zoneinfo/Asia/Srednekolymsk", + "/usr/share/zoneinfo/Asia/Taipei", + "/usr/share/zoneinfo/Asia/Tashkent", + "/usr/share/zoneinfo/Asia/Tbilisi", + "/usr/share/zoneinfo/Asia/Tehran", + "/usr/share/zoneinfo/Asia/Thimphu", + "/usr/share/zoneinfo/Asia/Tokyo", + "/usr/share/zoneinfo/Asia/Tomsk", + "/usr/share/zoneinfo/Asia/Ulaanbaatar", + "/usr/share/zoneinfo/Asia/Urumqi", + "/usr/share/zoneinfo/Asia/Ust-Nera", + "/usr/share/zoneinfo/Asia/Vientiane", + "/usr/share/zoneinfo/Asia/Vladivostok", + "/usr/share/zoneinfo/Asia/Yakutsk", + "/usr/share/zoneinfo/Asia/Yangon", + "/usr/share/zoneinfo/Asia/Yekaterinburg", + "/usr/share/zoneinfo/Asia/Yerevan", + "/usr/share/zoneinfo/Atlantic/Azores", + "/usr/share/zoneinfo/Atlantic/Bermuda", + "/usr/share/zoneinfo/Atlantic/Canary", + "/usr/share/zoneinfo/Atlantic/Cape_Verde", + "/usr/share/zoneinfo/Atlantic/Faroe", + "/usr/share/zoneinfo/Atlantic/Madeira", + "/usr/share/zoneinfo/Atlantic/Reykjavik", + "/usr/share/zoneinfo/Atlantic/South_Georgia", + "/usr/share/zoneinfo/Atlantic/St_Helena", + "/usr/share/zoneinfo/Atlantic/Stanley", + "/usr/share/zoneinfo/Australia/Adelaide", + "/usr/share/zoneinfo/Australia/Brisbane", + "/usr/share/zoneinfo/Australia/Broken_Hill", + "/usr/share/zoneinfo/Australia/Darwin", + "/usr/share/zoneinfo/Australia/Eucla", + "/usr/share/zoneinfo/Australia/Hobart", + "/usr/share/zoneinfo/Australia/Lindeman", + "/usr/share/zoneinfo/Australia/Lord_Howe", + "/usr/share/zoneinfo/Australia/Melbourne", + "/usr/share/zoneinfo/Australia/Perth", + "/usr/share/zoneinfo/Australia/Sydney", + "/usr/share/zoneinfo/Etc/GMT", + "/usr/share/zoneinfo/Etc/GMT+1", + "/usr/share/zoneinfo/Etc/GMT+10", + "/usr/share/zoneinfo/Etc/GMT+11", + "/usr/share/zoneinfo/Etc/GMT+12", + "/usr/share/zoneinfo/Etc/GMT+2", + "/usr/share/zoneinfo/Etc/GMT+3", + "/usr/share/zoneinfo/Etc/GMT+4", + "/usr/share/zoneinfo/Etc/GMT+5", + "/usr/share/zoneinfo/Etc/GMT+6", + "/usr/share/zoneinfo/Etc/GMT+7", + "/usr/share/zoneinfo/Etc/GMT+8", + "/usr/share/zoneinfo/Etc/GMT+9", + "/usr/share/zoneinfo/Etc/GMT-1", + "/usr/share/zoneinfo/Etc/GMT-10", + "/usr/share/zoneinfo/Etc/GMT-11", + "/usr/share/zoneinfo/Etc/GMT-12", + "/usr/share/zoneinfo/Etc/GMT-13", + "/usr/share/zoneinfo/Etc/GMT-14", + "/usr/share/zoneinfo/Etc/GMT-2", + "/usr/share/zoneinfo/Etc/GMT-3", + "/usr/share/zoneinfo/Etc/GMT-4", + "/usr/share/zoneinfo/Etc/GMT-5", + "/usr/share/zoneinfo/Etc/GMT-6", + "/usr/share/zoneinfo/Etc/GMT-7", + "/usr/share/zoneinfo/Etc/GMT-8", + "/usr/share/zoneinfo/Etc/GMT-9", + "/usr/share/zoneinfo/Etc/UTC", + "/usr/share/zoneinfo/Europe/Amsterdam", + "/usr/share/zoneinfo/Europe/Andorra", + "/usr/share/zoneinfo/Europe/Astrakhan", + "/usr/share/zoneinfo/Europe/Athens", + "/usr/share/zoneinfo/Europe/Belgrade", + "/usr/share/zoneinfo/Europe/Berlin", + "/usr/share/zoneinfo/Europe/Brussels", + "/usr/share/zoneinfo/Europe/Bucharest", + "/usr/share/zoneinfo/Europe/Budapest", + "/usr/share/zoneinfo/Europe/Chisinau", + "/usr/share/zoneinfo/Europe/Copenhagen", + "/usr/share/zoneinfo/Europe/Dublin", + "/usr/share/zoneinfo/Europe/Gibraltar", + "/usr/share/zoneinfo/Europe/Guernsey", + "/usr/share/zoneinfo/Europe/Helsinki", + "/usr/share/zoneinfo/Europe/Isle_of_Man", + "/usr/share/zoneinfo/Europe/Istanbul", + "/usr/share/zoneinfo/Europe/Jersey", + "/usr/share/zoneinfo/Europe/Kaliningrad", + "/usr/share/zoneinfo/Europe/Kirov", + "/usr/share/zoneinfo/Europe/Kyiv", + "/usr/share/zoneinfo/Europe/Lisbon", + "/usr/share/zoneinfo/Europe/Ljubljana", + "/usr/share/zoneinfo/Europe/London", + "/usr/share/zoneinfo/Europe/Luxembourg", + "/usr/share/zoneinfo/Europe/Madrid", + "/usr/share/zoneinfo/Europe/Malta", + "/usr/share/zoneinfo/Europe/Minsk", + "/usr/share/zoneinfo/Europe/Monaco", + "/usr/share/zoneinfo/Europe/Moscow", + "/usr/share/zoneinfo/Europe/Oslo", + "/usr/share/zoneinfo/Europe/Paris", + "/usr/share/zoneinfo/Europe/Prague", + "/usr/share/zoneinfo/Europe/Riga", + "/usr/share/zoneinfo/Europe/Rome", + "/usr/share/zoneinfo/Europe/Samara", + "/usr/share/zoneinfo/Europe/Sarajevo", + "/usr/share/zoneinfo/Europe/Saratov", + "/usr/share/zoneinfo/Europe/Simferopol", + "/usr/share/zoneinfo/Europe/Skopje", + "/usr/share/zoneinfo/Europe/Sofia", + "/usr/share/zoneinfo/Europe/Stockholm", + "/usr/share/zoneinfo/Europe/Tallinn", + "/usr/share/zoneinfo/Europe/Tirane", + "/usr/share/zoneinfo/Europe/Ulyanovsk", + "/usr/share/zoneinfo/Europe/Vaduz", + "/usr/share/zoneinfo/Europe/Vienna", + "/usr/share/zoneinfo/Europe/Vilnius", + "/usr/share/zoneinfo/Europe/Volgograd", + "/usr/share/zoneinfo/Europe/Warsaw", + "/usr/share/zoneinfo/Europe/Zagreb", + "/usr/share/zoneinfo/Europe/Zurich", + "/usr/share/zoneinfo/Factory", + "/usr/share/zoneinfo/Indian/Antananarivo", + "/usr/share/zoneinfo/Indian/Chagos", + "/usr/share/zoneinfo/Indian/Christmas", + "/usr/share/zoneinfo/Indian/Cocos", + "/usr/share/zoneinfo/Indian/Comoro", + "/usr/share/zoneinfo/Indian/Kerguelen", + "/usr/share/zoneinfo/Indian/Mahe", + "/usr/share/zoneinfo/Indian/Maldives", + "/usr/share/zoneinfo/Indian/Mauritius", + "/usr/share/zoneinfo/Indian/Mayotte", + "/usr/share/zoneinfo/Indian/Reunion", + "/usr/share/zoneinfo/Pacific/Apia", + "/usr/share/zoneinfo/Pacific/Auckland", + "/usr/share/zoneinfo/Pacific/Bougainville", + "/usr/share/zoneinfo/Pacific/Chatham", + "/usr/share/zoneinfo/Pacific/Chuuk", + "/usr/share/zoneinfo/Pacific/Easter", + "/usr/share/zoneinfo/Pacific/Efate", + "/usr/share/zoneinfo/Pacific/Fakaofo", + "/usr/share/zoneinfo/Pacific/Fiji", + "/usr/share/zoneinfo/Pacific/Funafuti", + "/usr/share/zoneinfo/Pacific/Galapagos", + "/usr/share/zoneinfo/Pacific/Gambier", + "/usr/share/zoneinfo/Pacific/Guadalcanal", + "/usr/share/zoneinfo/Pacific/Guam", + "/usr/share/zoneinfo/Pacific/Honolulu", + "/usr/share/zoneinfo/Pacific/Kanton", + "/usr/share/zoneinfo/Pacific/Kiritimati", + "/usr/share/zoneinfo/Pacific/Kosrae", + "/usr/share/zoneinfo/Pacific/Kwajalein", + "/usr/share/zoneinfo/Pacific/Majuro", + "/usr/share/zoneinfo/Pacific/Marquesas", + "/usr/share/zoneinfo/Pacific/Midway", + "/usr/share/zoneinfo/Pacific/Nauru", + "/usr/share/zoneinfo/Pacific/Niue", + "/usr/share/zoneinfo/Pacific/Norfolk", + "/usr/share/zoneinfo/Pacific/Noumea", + "/usr/share/zoneinfo/Pacific/Pago_Pago", + "/usr/share/zoneinfo/Pacific/Palau", + "/usr/share/zoneinfo/Pacific/Pitcairn", + "/usr/share/zoneinfo/Pacific/Pohnpei", + "/usr/share/zoneinfo/Pacific/Port_Moresby", + "/usr/share/zoneinfo/Pacific/Rarotonga", + "/usr/share/zoneinfo/Pacific/Saipan", + "/usr/share/zoneinfo/Pacific/Tahiti", + "/usr/share/zoneinfo/Pacific/Tarawa", + "/usr/share/zoneinfo/Pacific/Tongatapu", + "/usr/share/zoneinfo/Pacific/Wake", + "/usr/share/zoneinfo/Pacific/Wallis", + "/usr/share/zoneinfo/iso3166.tab", + "/usr/share/zoneinfo/leap-seconds.list", + "/usr/share/zoneinfo/leapseconds", + "/usr/share/zoneinfo/tzdata.zi", + "/usr/share/zoneinfo/zone.tab", + "/usr/share/zoneinfo/zone1970.tab", + "/usr/share/zoneinfo/zonenow.tab" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "util-linux@2.41-5", + "Name": "util-linux", + "Identifier": { + "PURL": "pkg:deb/debian/util-linux@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "972fb85b9c9e83e7" + }, + "Version": "2.41", + "Release": "5", + "Arch": "amd64", + "SrcName": "util-linux", + "SrcVersion": "2.41", + "SrcRelease": "5", + "Licenses": [ + "GPL-2.0-or-later", + "GPL-2.0-only", + "GPL-3.0-or-later", + "LGPL-2.1-or-later", + "public-domain", + "BSD-4-Clause", + "MIT", + "ISC", + "BSD-3-Clause", + "BSLA", + "LGPL-2.0-or-later", + "BSD-2-Clause", + "LGPL-3.0-or-later", + "GPL-3.0-only", + "LGPL-2.0-only", + "LGPL-2.1-only", + "LGPL-3.0-only" + ], + "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/bin/choom", + "/usr/bin/chrt", + "/usr/bin/dmesg", + "/usr/bin/fallocate", + "/usr/bin/findmnt", + "/usr/bin/flock", + "/usr/bin/getopt", + "/usr/bin/hardlink", + "/usr/bin/ionice", + "/usr/bin/ipcmk", + "/usr/bin/ipcrm", + "/usr/bin/ipcs", + "/usr/bin/lsblk", + "/usr/bin/lscpu", + "/usr/bin/lsipc", + "/usr/bin/lslocks", + "/usr/bin/lslogins", + "/usr/bin/lsmem", + "/usr/bin/lsns", + "/usr/bin/mcookie", + "/usr/bin/more", + "/usr/bin/mountpoint", + "/usr/bin/namei", + "/usr/bin/nsenter", + "/usr/bin/partx", + "/usr/bin/prlimit", + "/usr/bin/rename.ul", + "/usr/bin/rev", + "/usr/bin/setarch", + "/usr/bin/setpriv", + "/usr/bin/setsid", + "/usr/bin/setterm", + "/usr/bin/su", + "/usr/bin/taskset", + "/usr/bin/uclampset", + "/usr/bin/unshare", + "/usr/bin/wdctl", + "/usr/bin/whereis", + "/usr/lib/mime/packages/util-linux", + "/usr/lib/systemd/system/fstrim.service", + "/usr/lib/systemd/system/fstrim.timer", + "/usr/sbin/agetty", + "/usr/sbin/blkdiscard", + "/usr/sbin/blkid", + "/usr/sbin/blkzone", + "/usr/sbin/blockdev", + "/usr/sbin/chcpu", + "/usr/sbin/chmem", + "/usr/sbin/findfs", + "/usr/sbin/fsck", + "/usr/sbin/fsfreeze", + "/usr/sbin/fstrim", + "/usr/sbin/isosize", + "/usr/sbin/ldattach", + "/usr/sbin/mkfs", + "/usr/sbin/mkswap", + "/usr/sbin/pivot_root", + "/usr/sbin/readprofile", + "/usr/sbin/rtcwake", + "/usr/sbin/runuser", + "/usr/sbin/sulogin", + "/usr/sbin/swaplabel", + "/usr/sbin/switch_root", + "/usr/sbin/wipefs", + "/usr/sbin/zramctl", + "/usr/share/bash-completion/completions/blkdiscard", + "/usr/share/bash-completion/completions/blkid", + "/usr/share/bash-completion/completions/blkzone", + "/usr/share/bash-completion/completions/blockdev", + "/usr/share/bash-completion/completions/chcpu", + "/usr/share/bash-completion/completions/chmem", + "/usr/share/bash-completion/completions/chrt", + "/usr/share/bash-completion/completions/dmesg", + "/usr/share/bash-completion/completions/fallocate", + "/usr/share/bash-completion/completions/findfs", + "/usr/share/bash-completion/completions/findmnt", + "/usr/share/bash-completion/completions/flock", + "/usr/share/bash-completion/completions/fsck", + "/usr/share/bash-completion/completions/fsfreeze", + "/usr/share/bash-completion/completions/fstrim", + "/usr/share/bash-completion/completions/getopt", + "/usr/share/bash-completion/completions/hardlink", + "/usr/share/bash-completion/completions/ionice", + "/usr/share/bash-completion/completions/ipcmk", + "/usr/share/bash-completion/completions/ipcrm", + "/usr/share/bash-completion/completions/ipcs", + "/usr/share/bash-completion/completions/isosize", + "/usr/share/bash-completion/completions/ldattach", + "/usr/share/bash-completion/completions/lsblk", + "/usr/share/bash-completion/completions/lscpu", + "/usr/share/bash-completion/completions/lsipc", + "/usr/share/bash-completion/completions/lslocks", + "/usr/share/bash-completion/completions/lslogins", + "/usr/share/bash-completion/completions/lsmem", + "/usr/share/bash-completion/completions/lsns", + "/usr/share/bash-completion/completions/mcookie", + "/usr/share/bash-completion/completions/mkfs", + "/usr/share/bash-completion/completions/mkswap", + "/usr/share/bash-completion/completions/more", + "/usr/share/bash-completion/completions/mountpoint", + "/usr/share/bash-completion/completions/namei", + "/usr/share/bash-completion/completions/nsenter", + "/usr/share/bash-completion/completions/partx", + "/usr/share/bash-completion/completions/pivot_root", + "/usr/share/bash-completion/completions/prlimit", + "/usr/share/bash-completion/completions/readprofile", + "/usr/share/bash-completion/completions/rename.ul", + "/usr/share/bash-completion/completions/rev", + "/usr/share/bash-completion/completions/rtcwake", + "/usr/share/bash-completion/completions/setarch", + "/usr/share/bash-completion/completions/setpriv", + "/usr/share/bash-completion/completions/setsid", + "/usr/share/bash-completion/completions/setterm", + "/usr/share/bash-completion/completions/su", + "/usr/share/bash-completion/completions/swaplabel", + "/usr/share/bash-completion/completions/taskset", + "/usr/share/bash-completion/completions/uclampset", + "/usr/share/bash-completion/completions/unshare", + "/usr/share/bash-completion/completions/wdctl", + "/usr/share/bash-completion/completions/whereis", + "/usr/share/bash-completion/completions/wipefs", + "/usr/share/bash-completion/completions/zramctl", + "/usr/share/doc/util-linux/00-about-docs.txt", + "/usr/share/doc/util-linux/AUTHORS.gz", + "/usr/share/doc/util-linux/NEWS.Debian.gz", + "/usr/share/doc/util-linux/PAM-configuration.txt", + "/usr/share/doc/util-linux/README.Debian", + "/usr/share/doc/util-linux/blkid.txt", + "/usr/share/doc/util-linux/cal.txt", + "/usr/share/doc/util-linux/changelog.Debian.gz", + "/usr/share/doc/util-linux/changelog.gz", + "/usr/share/doc/util-linux/col.txt", + "/usr/share/doc/util-linux/copyright", + "/usr/share/doc/util-linux/deprecated.txt", + "/usr/share/doc/util-linux/examples/getopt-example.bash", + "/usr/share/doc/util-linux/getopt.txt", + "/usr/share/doc/util-linux/getopt_changelog.txt", + "/usr/share/doc/util-linux/howto-build-sys.txt", + "/usr/share/doc/util-linux/howto-compilation.txt", + "/usr/share/doc/util-linux/howto-contribute.txt.gz", + "/usr/share/doc/util-linux/howto-debug.txt", + "/usr/share/doc/util-linux/howto-man-page.txt", + "/usr/share/doc/util-linux/howto-pull-request.txt.gz", + "/usr/share/doc/util-linux/howto-tests.txt", + "/usr/share/doc/util-linux/howto-usage-function.txt.gz", + "/usr/share/doc/util-linux/hwclock.txt", + "/usr/share/doc/util-linux/modems-with-agetty.txt", + "/usr/share/doc/util-linux/mount.txt", + "/usr/share/doc/util-linux/parse-date.txt.gz", + "/usr/share/doc/util-linux/pg.txt", + "/usr/share/doc/util-linux/poeigl.txt.gz", + "/usr/share/doc/util-linux/release-schedule.txt", + "/usr/share/doc/util-linux/releases/v2.13-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.14-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.15-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.16-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.17-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.18-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.19-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.20-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.21-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.22-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.23-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.24-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.25-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.26-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.27-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.28-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.29-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.30-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.31-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.32-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.33-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.34-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.35-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.36-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.37-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.38-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.39-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.40-ReleaseNotes.gz", + "/usr/share/doc/util-linux/releases/v2.41-ReleaseNotes.gz", + "/usr/share/lintian/overrides/util-linux", + "/usr/share/man/man1/choom.1.gz", + "/usr/share/man/man1/chrt.1.gz", + "/usr/share/man/man1/dmesg.1.gz", + "/usr/share/man/man1/fallocate.1.gz", + "/usr/share/man/man1/flock.1.gz", + "/usr/share/man/man1/getopt.1.gz", + "/usr/share/man/man1/hardlink.1.gz", + "/usr/share/man/man1/ionice.1.gz", + "/usr/share/man/man1/ipcmk.1.gz", + "/usr/share/man/man1/ipcrm.1.gz", + "/usr/share/man/man1/ipcs.1.gz", + "/usr/share/man/man1/lscpu.1.gz", + "/usr/share/man/man1/lsipc.1.gz", + "/usr/share/man/man1/lslogins.1.gz", + "/usr/share/man/man1/lsmem.1.gz", + "/usr/share/man/man1/mcookie.1.gz", + "/usr/share/man/man1/more.1.gz", + "/usr/share/man/man1/mountpoint.1.gz", + "/usr/share/man/man1/namei.1.gz", + "/usr/share/man/man1/nsenter.1.gz", + "/usr/share/man/man1/prlimit.1.gz", + "/usr/share/man/man1/rename.ul.1.gz", + "/usr/share/man/man1/rev.1.gz", + "/usr/share/man/man1/runuser.1.gz", + "/usr/share/man/man1/setpriv.1.gz", + "/usr/share/man/man1/setsid.1.gz", + "/usr/share/man/man1/setterm.1.gz", + "/usr/share/man/man1/su.1.gz", + "/usr/share/man/man1/taskset.1.gz", + "/usr/share/man/man1/uclampset.1.gz", + "/usr/share/man/man1/unshare.1.gz", + "/usr/share/man/man1/whereis.1.gz", + "/usr/share/man/man5/adjtime_config.5.gz", + "/usr/share/man/man5/scols-filter.5.gz", + "/usr/share/man/man5/terminal-colors.d.5.gz", + "/usr/share/man/man8/agetty.8.gz", + "/usr/share/man/man8/blkdiscard.8.gz", + "/usr/share/man/man8/blkid.8.gz", + "/usr/share/man/man8/blkzone.8.gz", + "/usr/share/man/man8/blockdev.8.gz", + "/usr/share/man/man8/chcpu.8.gz", + "/usr/share/man/man8/chmem.8.gz", + "/usr/share/man/man8/findfs.8.gz", + "/usr/share/man/man8/findmnt.8.gz", + "/usr/share/man/man8/fsck.8.gz", + "/usr/share/man/man8/fsfreeze.8.gz", + "/usr/share/man/man8/fstrim.8.gz", + "/usr/share/man/man8/isosize.8.gz", + "/usr/share/man/man8/ldattach.8.gz", + "/usr/share/man/man8/lsblk.8.gz", + "/usr/share/man/man8/lslocks.8.gz", + "/usr/share/man/man8/lsns.8.gz", + "/usr/share/man/man8/mkfs.8.gz", + "/usr/share/man/man8/mkswap.8.gz", + "/usr/share/man/man8/partx.8.gz", + "/usr/share/man/man8/pivot_root.8.gz", + "/usr/share/man/man8/readprofile.8.gz", + "/usr/share/man/man8/rtcwake.8.gz", + "/usr/share/man/man8/setarch.8.gz", + "/usr/share/man/man8/sulogin.8.gz", + "/usr/share/man/man8/swaplabel.8.gz", + "/usr/share/man/man8/switch_root.8.gz", + "/usr/share/man/man8/wdctl.8.gz", + "/usr/share/man/man8/wipefs.8.gz", + "/usr/share/man/man8/zramctl.8.gz", + "/usr/share/util-linux/logcheck/ignore.d.server/util-linux" + ], + "AnalyzedBy": "dpkg" + }, + { + "ID": "zlib1g@1:1.3.dfsg+really1.3.1-1+b1", + "Name": "zlib1g", + "Identifier": { + "PURL": "pkg:deb/debian/zlib1g@1.3.dfsg%2Breally1.3.1-1%2Bb1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "ff182eb2a26a8142" + }, + "Version": "1.3.dfsg+really1.3.1", + "Release": "1+b1", + "Epoch": 1, + "Arch": "amd64", + "SrcName": "zlib", + "SrcVersion": "1.3.dfsg+really1.3.1", + "SrcRelease": "1", + "SrcEpoch": 1, + "Licenses": [ + "Zlib" + ], + "Maintainer": "Mark Brown \u003cbroonie@debian.org\u003e", + "Repository": { + "Class": "official" + }, + "DependsOn": [ + "libc6@2.41-12+deb13u3" + ], + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "InstalledFiles": [ + "/usr/lib/x86_64-linux-gnu/libz.so.1.3.1", + "/usr/share/doc/zlib1g/changelog.Debian.amd64.gz", + "/usr/share/doc/zlib1g/changelog.Debian.gz", + "/usr/share/doc/zlib1g/changelog.gz", + "/usr/share/doc/zlib1g/copyright" + ], + "AnalyzedBy": "dpkg" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "bsdutils@1:2.41-5", + "PkgName": "bsdutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "5843733a461e6ce1" + }, + "InstalledVersion": "1:2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:48d45065fd36f9b29605ea9e40dcda4160994ad29bfaa13740de33043026e270", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "bsdutils@1:2.41-5", + "PkgName": "bsdutils", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "5843733a461e6ce1" + }, + "InstalledVersion": "1:2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:24958e6e74e26b300133f285c228b9f461b52b95614b7a6a11a8c375f56fd1ad", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "libblkid1@2.41-5", + "PkgName": "libblkid1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "51bf0af8d40f4a01" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:208d533fb99315acb62e1e9ea4784a159117a77fde3e0e2ecd946a623ec63e05", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "libblkid1@2.41-5", + "PkgName": "libblkid1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "51bf0af8d40f4a01" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:6c64f70629ab0593fa1bf5c32fccbdd6becc9bd93e29919dad32d10e21c7b220", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-5435", + "PkgID": "libc-bin@2.41-12+deb13u3", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "c45af597301c8c0b" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5435", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:b3629142443e8ebf9958830b2ca46a0923ef41f10d95ed80964f96f8d430d6fb", + "Title": "glibc: glibc: Out-of-bounds write via TSIG record processing", + "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-5435", + "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5435", + "https://sourceware.org/bugzilla/show_bug.cgi?id=34033", + "https://www.cve.org/CVERecord?id=CVE-2026-5435" + ], + "PublishedDate": "2026-04-28T13:19:22.29Z", + "LastModifiedDate": "2026-05-05T17:38:37.03Z" + }, + { + "VulnerabilityID": "CVE-2026-5450", + "PkgID": "libc-bin@2.41-12+deb13u3", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "c45af597301c8c0b" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5450", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:6b2c53bb9c79464e2f0dec6316df2631ed75aa71b95b1f19e5ac05de11c9f099", + "Title": "glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width", + "Description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122", + "CWE-787" + ], + "VendorSeverity": { + "photon": 4, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-5450", + "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5450", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997", + "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450", + "https://www.cve.org/CVERecord?id=CVE-2026-5450" + ], + "PublishedDate": "2026-04-20T21:16:36.85Z", + "LastModifiedDate": "2026-04-23T15:33:34.277Z" + }, + { + "VulnerabilityID": "CVE-2026-5928", + "PkgID": "libc-bin@2.41-12+deb13u3", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "c45af597301c8c0b" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5928", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:f30717acc188a932e74e113d90b2fa1d0d6e93472dc89eaa63e3d2f7bb298274", + "Title": "glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings", + "Description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp-\u003e_IO_read_ptr) instead of the actual wide-stream read pointer (fp-\u003e_wide_data-\u003e_IO_read_ptr). The program crash may happen in cases where fp-\u003e_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-127" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-5928", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5928", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33998", + "https://www.cve.org/CVERecord?id=CVE-2026-5928" + ], + "PublishedDate": "2026-04-20T21:16:36.963Z", + "LastModifiedDate": "2026-04-23T15:33:43.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6238", + "PkgID": "libc-bin@2.41-12+deb13u3", + "PkgName": "libc-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "c45af597301c8c0b" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6238", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:5632cb45b00790fcb54577cca57d9deadf8594b579bad2da7b4c9523a96e7e17", + "Title": "glibc: glibc: Application crash or uninitialized memory read via crafted DNS response", + "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.\n\nThese functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-126" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-6238", + "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6238", + "https://sourceware.org/bugzilla/show_bug.cgi?id=34069", + "https://www.cve.org/CVERecord?id=CVE-2026-6238" + ], + "PublishedDate": "2026-04-28T19:37:47.523Z", + "LastModifiedDate": "2026-05-04T17:57:24.007Z" + }, + { + "VulnerabilityID": "CVE-2026-5435", + "PkgID": "libc6@2.41-12+deb13u3", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "2a1acf211abcdd46" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5435", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:5a8735a67c5528254a880003379960bf48d334877ea38796a8e0a0d0fc196082", + "Title": "glibc: glibc: Out-of-bounds write via TSIG record processing", + "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-5435", + "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5435", + "https://sourceware.org/bugzilla/show_bug.cgi?id=34033", + "https://www.cve.org/CVERecord?id=CVE-2026-5435" + ], + "PublishedDate": "2026-04-28T13:19:22.29Z", + "LastModifiedDate": "2026-05-05T17:38:37.03Z" + }, + { + "VulnerabilityID": "CVE-2026-5450", + "PkgID": "libc6@2.41-12+deb13u3", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "2a1acf211abcdd46" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5450", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:557af5ca4f16b799113e71a4c02df0775e2633618c3da39aa59d62a9c9cb9173", + "Title": "glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width", + "Description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122", + "CWE-787" + ], + "VendorSeverity": { + "photon": 4, + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-5450", + "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5450", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997", + "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450", + "https://www.cve.org/CVERecord?id=CVE-2026-5450" + ], + "PublishedDate": "2026-04-20T21:16:36.85Z", + "LastModifiedDate": "2026-04-23T15:33:34.277Z" + }, + { + "VulnerabilityID": "CVE-2026-5928", + "PkgID": "libc6@2.41-12+deb13u3", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "2a1acf211abcdd46" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5928", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:2c364f60364adcd795282d836c525d2d9580ff33848aaacc76918b133bd782c6", + "Title": "glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings", + "Description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp-\u003e_IO_read_ptr) instead of the actual wide-stream read pointer (fp-\u003e_wide_data-\u003e_IO_read_ptr). The program crash may happen in cases where fp-\u003e_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-127" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", + "V3Score": 5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-5928", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5928", + "https://sourceware.org/bugzilla/show_bug.cgi?id=33998", + "https://www.cve.org/CVERecord?id=CVE-2026-5928" + ], + "PublishedDate": "2026-04-20T21:16:36.963Z", + "LastModifiedDate": "2026-04-23T15:33:43.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6238", + "PkgID": "libc6@2.41-12+deb13u3", + "PkgName": "libc6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", + "UID": "2a1acf211abcdd46" + }, + "InstalledVersion": "2.41-12+deb13u3", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6238", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:f1e6150153fa20a27fd1d8c7890a10aadb565bbcd41c56c6354bff22c2b98a0d", + "Title": "glibc: glibc: Application crash or uninitialized memory read via crafted DNS response", + "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.\n\nThese functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-126" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-6238", + "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6238", + "https://sourceware.org/bugzilla/show_bug.cgi?id=34069", + "https://www.cve.org/CVERecord?id=CVE-2026-6238" + ], + "PublishedDate": "2026-04-28T19:37:47.523Z", + "LastModifiedDate": "2026-05-04T17:57:24.007Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "liblastlog2-2@2.41-5", + "PkgName": "liblastlog2-2", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "eb4f5430aea34a10" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:3c38d5dfebf43ad288b31d346954f63e024106bb02129276cf89249a8daa3c0f", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "liblastlog2-2@2.41-5", + "PkgName": "liblastlog2-2", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "eb4f5430aea34a10" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:f130dbdbae22fc4b1c7349d3a6714730f734e338f00e4a9b128e1b73962b3876", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-34743", + "PkgID": "liblzma5@5.8.1-1", + "PkgName": "liblzma5", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/liblzma5@5.8.1-1?arch=amd64\u0026distro=debian-13.5", + "UID": "d7b58e04f1a265ed" + }, + "InstalledVersion": "5.8.1-1", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34743", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:60084a3cd4b884c5709e460ec100a32d128b23729546865106a2cb844f42456a", + "Title": "xz: XZ Utils: Denial of Service via buffer overflow in index decoding", + "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/31/13", + "https://access.redhat.com/security/cve/CVE-2026-34743", + "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", + "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", + "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", + "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", + "https://www.cve.org/CVERecord?id=CVE-2026-34743" + ], + "PublishedDate": "2026-04-02T19:21:33.187Z", + "LastModifiedDate": "2026-04-15T17:33:17.68Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "libmount1@2.41-5", + "PkgName": "libmount1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "84ccd0371833b76" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:367889648a8f344f1a26014bcfac03328b7ecb97ca9ef56d880e8bae4c4eb2b3", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "libmount1@2.41-5", + "PkgName": "libmount1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "84ccd0371833b76" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:f77fd9fe2df1096b0a48c53a57120f7cc957a8ccc6427a72d98ff72f8cb90b79", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2025-69720", + "PkgID": "libncursesw6@6.5+20250216-2", + "PkgName": "libncursesw6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libncursesw6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", + "UID": "5efa2a2068c240d8" + }, + "InstalledVersion": "6.5+20250216-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:4d57d21013edd86f841c91aca2d842828d24719fe3ec6ac4e58977f3c2213a44", + "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", + "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-121", + "CWE-120" + ], + "VendorSeverity": { + "alma": 2, + "azure": 4, + "cbl-mariner": 4, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:5913", + "https://access.redhat.com/security/cve/CVE-2025-69720", + "https://bugzilla.redhat.com/2449037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", + "https://errata.almalinux.org/10/ALSA-2026-5913.html", + "https://errata.rockylinux.org/RLSA-2026:5913", + "https://github.com/Cao-Wuhui/CVE-2025-69720", + "https://invisible-island.net/archives/ncurses/6.5/", + "https://invisible-island.net/ncurses/", + "https://linux.oracle.com/cve/CVE-2025-69720.html", + "https://linux.oracle.com/errata/ELSA-2026-5913.html", + "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", + "https://www.cve.org/CVERecord?id=CVE-2025-69720" + ], + "PublishedDate": "2026-03-19T15:16:21.293Z", + "LastModifiedDate": "2026-03-26T19:35:10.547Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "libsmartcols1@2.41-5", + "PkgName": "libsmartcols1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "780dbec0869ab8e" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:bfbd68f5f2157efeec31929024ed24baa54fb339adaecda9d72eaf97d64afeec", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "libsmartcols1@2.41-5", + "PkgName": "libsmartcols1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "780dbec0869ab8e" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:9650bf90815644bd7452abf1b641da490c28fa22ce8e98f6f96c3d09dc924d3b", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2025-69720", + "PkgID": "libtinfo6@6.5+20250216-2", + "PkgName": "libtinfo6", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libtinfo6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", + "UID": "ba2c2b464f07108a" + }, + "InstalledVersion": "6.5+20250216-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:a909bd893728c34e84d63a7248be944e4dcfd752e481f53a8f04edf766c02b3f", + "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", + "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-121", + "CWE-120" + ], + "VendorSeverity": { + "alma": 2, + "azure": 4, + "cbl-mariner": 4, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:5913", + "https://access.redhat.com/security/cve/CVE-2025-69720", + "https://bugzilla.redhat.com/2449037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", + "https://errata.almalinux.org/10/ALSA-2026-5913.html", + "https://errata.rockylinux.org/RLSA-2026:5913", + "https://github.com/Cao-Wuhui/CVE-2025-69720", + "https://invisible-island.net/archives/ncurses/6.5/", + "https://invisible-island.net/ncurses/", + "https://linux.oracle.com/cve/CVE-2025-69720.html", + "https://linux.oracle.com/errata/ELSA-2026-5913.html", + "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", + "https://www.cve.org/CVERecord?id=CVE-2025-69720" + ], + "PublishedDate": "2026-03-19T15:16:21.293Z", + "LastModifiedDate": "2026-03-26T19:35:10.547Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "libuuid1@2.41-5", + "PkgName": "libuuid1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "1afbb50818377478" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:3b69a00de2c02ec54249af8e1ff7cddb7fa5a1783783c62347c47e9128444395", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "libuuid1@2.41-5", + "PkgName": "libuuid1", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "1afbb50818377478" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:2f240b864e2ccdb5b47f89a5e698a2cae073228852916f4e53e2a1c97829c73d", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "login@1:4.16.0-2+really2.41-5", + "PkgName": "login", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "c0ab0b857644733b" + }, + "InstalledVersion": "1:4.16.0-2+really2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:ad3fb67c2c1cfac7c7ca3788194728a8a9a94cf4a5917a13f2072e6c0af7a350", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "login@1:4.16.0-2+really2.41-5", + "PkgName": "login", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "c0ab0b857644733b" + }, + "InstalledVersion": "1:4.16.0-2+really2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:fb5eb329a8139c265be893d38c331dbd2c789abe300b5ce939b6ab4e0cd82bbf", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "mount@2.41-5", + "PkgName": "mount", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/mount@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "55c835c674d0a0e5" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:106a84cd7883c06968fcd11d3092990ea04c50c21fcaa677d38ce047fa8742da", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "mount@2.41-5", + "PkgName": "mount", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/mount@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "55c835c674d0a0e5" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:2dd84bb9ffd00958438e2b069976dafcf778dad93f30a0ad778c2691e27475cb", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2025-69720", + "PkgID": "ncurses-base@6.5+20250216-2", + "PkgName": "ncurses-base", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/ncurses-base@6.5%2B20250216-2?arch=all\u0026distro=debian-13.5", + "UID": "767a0231348a5cb5" + }, + "InstalledVersion": "6.5+20250216-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:c66678f7af162644c73504b2cd8d87bd9aec4095d1d1bcfe42329e78187f366b", + "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", + "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-121", + "CWE-120" + ], + "VendorSeverity": { + "alma": 2, + "azure": 4, + "cbl-mariner": 4, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:5913", + "https://access.redhat.com/security/cve/CVE-2025-69720", + "https://bugzilla.redhat.com/2449037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", + "https://errata.almalinux.org/10/ALSA-2026-5913.html", + "https://errata.rockylinux.org/RLSA-2026:5913", + "https://github.com/Cao-Wuhui/CVE-2025-69720", + "https://invisible-island.net/archives/ncurses/6.5/", + "https://invisible-island.net/ncurses/", + "https://linux.oracle.com/cve/CVE-2025-69720.html", + "https://linux.oracle.com/errata/ELSA-2026-5913.html", + "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", + "https://www.cve.org/CVERecord?id=CVE-2025-69720" + ], + "PublishedDate": "2026-03-19T15:16:21.293Z", + "LastModifiedDate": "2026-03-26T19:35:10.547Z" + }, + { + "VulnerabilityID": "CVE-2025-69720", + "PkgID": "ncurses-bin@6.5+20250216-2", + "PkgName": "ncurses-bin", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/ncurses-bin@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", + "UID": "5b541563cf6587e5" + }, + "InstalledVersion": "6.5+20250216-2", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:5c62c30e5dd0b9165b4bc1c123ad4d01ae809c974f4911cad2f47e09e5033541", + "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", + "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-121", + "CWE-120" + ], + "VendorSeverity": { + "alma": 2, + "azure": 4, + "cbl-mariner": 4, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:5913", + "https://access.redhat.com/security/cve/CVE-2025-69720", + "https://bugzilla.redhat.com/2449037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", + "https://errata.almalinux.org/10/ALSA-2026-5913.html", + "https://errata.rockylinux.org/RLSA-2026:5913", + "https://github.com/Cao-Wuhui/CVE-2025-69720", + "https://invisible-island.net/archives/ncurses/6.5/", + "https://invisible-island.net/ncurses/", + "https://linux.oracle.com/cve/CVE-2025-69720.html", + "https://linux.oracle.com/errata/ELSA-2026-5913.html", + "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", + "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", + "https://www.cve.org/CVERecord?id=CVE-2025-69720" + ], + "PublishedDate": "2026-03-19T15:16:21.293Z", + "LastModifiedDate": "2026-03-26T19:35:10.547Z" + }, + { + "VulnerabilityID": "CVE-2026-5704", + "PkgID": "tar@1.35+dfsg-3.1", + "PkgName": "tar", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?arch=amd64\u0026distro=debian-13.5", + "UID": "4f69996c49afbaca" + }, + "InstalledVersion": "1.35+dfsg-3.1", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5704", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:dba3b85f8665a48ab473c378207a09a8b34da3047907f53125a50d132564de74", + "Title": "tar: tar: Hidden file injection via crafted archives", + "Description": "A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-434" + ], + "VendorSeverity": { + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/11/10", + "http://www.openwall.com/lists/oss-security/2026/04/11/11", + "http://www.openwall.com/lists/oss-security/2026/04/12/2", + "https://access.redhat.com/security/cve/CVE-2026-5704", + "https://bugzilla.redhat.com/show_bug.cgi?id=2455360", + "https://nvd.nist.gov/vuln/detail/CVE-2026-5704", + "https://www.cve.org/CVERecord?id=CVE-2026-5704" + ], + "PublishedDate": "2026-04-06T16:16:42.14Z", + "LastModifiedDate": "2026-04-22T20:08:59.92Z" + }, + { + "VulnerabilityID": "CVE-2026-27456", + "PkgID": "util-linux@2.41-5", + "PkgName": "util-linux", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/util-linux@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "972fb85b9c9e83e7" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:ec60f9924a55c1f9ad836fae64b1b02f24e3c2259288502dad705a073235719d", + "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", + "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-269", + "CWE-367" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 4.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27456", + "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", + "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", + "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", + "https://www.cve.org/CVERecord?id=CVE-2026-27456" + ], + "PublishedDate": "2026-04-03T22:16:25.4Z", + "LastModifiedDate": "2026-04-22T16:08:55.1Z" + }, + { + "VulnerabilityID": "CVE-2026-3184", + "PkgID": "util-linux@2.41-5", + "PkgName": "util-linux", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/util-linux@2.41-5?arch=amd64\u0026distro=debian-13.5", + "UID": "972fb85b9c9e83e7" + }, + "InstalledVersion": "2.41-5", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:e9e56abe608dcfe0bd1d69e938e9be3eb06d81ae7b7e6d82fe022198d4d0d4dc", + "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", + "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-289" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:7180", + "https://access.redhat.com/security/cve/CVE-2026-3184", + "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", + "https://www.cve.org/CVERecord?id=CVE-2026-3184" + ], + "PublishedDate": "2026-04-03T19:17:23.377Z", + "LastModifiedDate": "2026-05-01T19:29:51.02Z" + }, + { + "VulnerabilityID": "CVE-2026-27171", + "PkgID": "zlib1g@1:1.3.dfsg+really1.3.1-1+b1", + "PkgName": "zlib1g", + "PkgIdentifier": { + "PURL": "pkg:deb/debian/zlib1g@1.3.dfsg%2Breally1.3.1-1%2Bb1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", + "UID": "ff182eb2a26a8142" + }, + "InstalledVersion": "1:1.3.dfsg+really1.3.1-1+b1", + "Status": "affected", + "Layer": { + "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", + "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", + "DataSource": { + "ID": "debian", + "Name": "Debian Security Tracker", + "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" + }, + "Fingerprint": "sha256:bf46a3644bc01c553b46ca0ad39c24caf0bef6e14a5aec064021802c26cb0284", + "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", + "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1284" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 1, + "cbl-mariner": 1, + "julia": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://access.redhat.com/security/cve/CVE-2026-27171", + "https://github.com/advisories/GHSA-h858-mf2m-8jf4", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "https://ostif.org/zlib-audit-complete", + "https://ostif.org/zlib-audit-complete/", + "https://www.cve.org/CVERecord?id=CVE-2026-27171" + ], + "PublishedDate": "2026-02-18T04:16:01.263Z", + "LastModifiedDate": "2026-03-25T21:27:04.603Z" + } + ] + }, + { + "Target": "Python", + "Class": "lang-pkgs", + "Type": "python-pkg", + "Packages": [ + { + "Name": "pip", + "Identifier": { + "PURL": "pkg:pypi/pip@25.0.1", + "UID": "7d864d9a4bf3bfe8" + }, + "Version": "25.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "FilePath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", + "AnalyzedBy": "python-pkg" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2025-8869", + "VendorIDs": [ + "GHSA-4xh5-x5gv-qwph" + ], + "PkgName": "pip", + "PkgPath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", + "PkgIdentifier": { + "PURL": "pkg:pypi/pip@25.0.1", + "UID": "7d864d9a4bf3bfe8" + }, + "InstalledVersion": "25.0.1", + "FixedVersion": "25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8869", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory pip", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" + }, + "Fingerprint": "sha256:42863a411c9517557e1744d4dfd39ff9bc29495eff1e5499dcd724418ce89c2d", + "Title": "pip: pip missing checks on symbolic link extraction", + "Description": "When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706.\nNote that upgrading pip to a \"fixed\" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python version that implements PEP 706.\n\nNote that this is a vulnerability in pip's fallback implementation of tar extraction for Python versions that don't implement PEP 706\nand therefore are not secure to all vulnerabilities in the Python 'tarfile' module. If you're using a Python version that implements PEP 706\nthen pip doesn't use the \"vulnerable\" fallback code.\n\nMitigations include upgrading to a version of pip that includes the fix, upgrading to a Python version that implements PEP 706 (Python \u003e=3.9.17, \u003e=3.10.12, \u003e=3.11.4, or \u003e=3.12),\napplying the linked patch, or inspecting source distributions (sdists) before installation as is already a best-practice.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", + "V40Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8869", + "https://github.com/pypa/pip", + "https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a", + "https://github.com/pypa/pip/pull/13550", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html", + "https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN", + "https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN/", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8869", + "https://pip.pypa.io/en/stable/news/#v25-2", + "https://www.cve.org/CVERecord?id=CVE-2025-8869" + ], + "PublishedDate": "2025-09-24T15:15:41.293Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2026-3219", + "VendorIDs": [ + "GHSA-58qw-9mgm-455v" + ], + "PkgName": "pip", + "PkgPath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", + "PkgIdentifier": { + "PURL": "pkg:pypi/pip@25.0.1", + "UID": "7d864d9a4bf3bfe8" + }, + "InstalledVersion": "25.0.1", + "FixedVersion": "26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3219", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory pip", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" + }, + "Fingerprint": "sha256:7bf17290665b4787fc0122d98ffb36d3c01a88784921e24e7c39276cc7339c42", + "Title": "pip: pip: Incorrect file installation due to improper archive handling", + "Description": "pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing \"incorrect\" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-434" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", + "V40Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/20/8", + "https://access.redhat.com/security/cve/CVE-2026-3219", + "https://github.com/pypa/pip", + "https://github.com/pypa/pip/issues/13867", + "https://github.com/pypa/pip/pull/13870", + "https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ", + "https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ/", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3219", + "https://www.cve.org/CVERecord?id=CVE-2026-3219" + ], + "PublishedDate": "2026-04-20T16:16:45.43Z", + "LastModifiedDate": "2026-04-20T21:16:36.42Z" + }, + { + "VulnerabilityID": "CVE-2026-6357", + "VendorIDs": [ + "GHSA-jp4c-xjxw-mgf9" + ], + "PkgName": "pip", + "PkgPath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", + "PkgIdentifier": { + "PURL": "pkg:pypi/pip@25.0.1", + "UID": "7d864d9a4bf3bfe8" + }, + "InstalledVersion": "25.0.1", + "FixedVersion": "26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", + "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6357", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory pip", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" + }, + "Fingerprint": "sha256:50c01cddfb2d5c6addeb179114d8bb183aab36219080d055522332e33d4d5aa1", + "Title": "pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation", + "Description": "pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-829" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", + "V40Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 5.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/27/7", + "https://access.redhat.com/security/cve/CVE-2026-6357", + "https://github.com/pypa/pip", + "https://github.com/pypa/pip/commit/b369bfc96cc524e00c267e1693290e6599c36bad", + "https://github.com/pypa/pip/pull/13923", + "https://ichard26.github.io/blog/2026/04/whats-new-in-pip-26.1/#security-fixes", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6357", + "https://www.cve.org/CVERecord?id=CVE-2026-6357" + ], + "PublishedDate": "2026-04-27T15:16:20.857Z", + "LastModifiedDate": "2026-04-27T23:16:03.533Z" + } + ] + } + ] + }, + { + "Namespace": "mail", + "Kind": "CronJob", + "Name": "mail-backup", + "Metadata": [ + { + "Size": 59774464, + "OS": { + "Family": "alpine", + "Name": "3.17.0", + "EOSL": true + }, + "ImageID": "sha256:465689cd5f3a7c6709efcc91fb5418249674d1aedbe23e6bed3c1e2ee2fb1627", + "DiffIDs": [ + "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf", + "sha256:62e842859b7236f68a494bb2ccc03b4ada62270c8410cd26cb1c2586c5cdd4d7", + "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779", + "sha256:6823946f0ba7ae98d1587bb23122ee932bc17f32bb56cef6016883628c19b0f0", + "sha256:b4b66d1ee6ce658c9408aba14a7876cefb24449f6f48ea33ddbf85f051843b48" + ], + "RepoTags": [ + "rclone/rclone:1.61.1" + ], + "RepoDigests": [ + "rclone/rclone@sha256:bdda91757fbcb10c857417f442ed13518ac292703c9dca42d8399f5f88e2da6c" + ], + "Reference": "rclone/rclone:1.61.1", + "ImageConfig": { + "architecture": "amd64", + "created": "2022-12-23T18:30:20.435655422Z", + "history": [ + { + "created": "2022-11-22T22:19:28.870801855Z", + "created_by": "/bin/sh -c #(nop) ADD file:587cae71969871d3c6456d844a8795df9b64b12c710c275295a1182b46f630e7 in / " + }, + { + "created": "2022-11-22T22:19:29.008562326Z", + "created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]", + "empty_layer": true + }, + { + "created": "2022-12-23T18:21:20.552610746Z", + "created_by": "RUN /bin/sh -c apk --no-cache add ca-certificates fuse tzdata \u0026\u0026 echo \"user_allow_other\" \u003e\u003e /etc/fuse.conf # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2022-12-23T18:30:20.174824107Z", + "created_by": "COPY /go/src/github.com/rclone/rclone/rclone /usr/local/bin/ # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2022-12-23T18:30:20.421025837Z", + "created_by": "RUN /bin/sh -c addgroup -g 1009 rclone \u0026\u0026 adduser -u 1009 -Ds /bin/sh -G rclone rclone # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2022-12-23T18:30:20.435655422Z", + "created_by": "ENTRYPOINT [\"rclone\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2022-12-23T18:30:20.435655422Z", + "created_by": "WORKDIR /data", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2022-12-23T18:30:20.435655422Z", + "created_by": "ENV XDG_CONFIG_HOME=/config", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf", + "sha256:62e842859b7236f68a494bb2ccc03b4ada62270c8410cd26cb1c2586c5cdd4d7", + "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779", + "sha256:6823946f0ba7ae98d1587bb23122ee932bc17f32bb56cef6016883628c19b0f0", + "sha256:b4b66d1ee6ce658c9408aba14a7876cefb24449f6f48ea33ddbf85f051843b48" + ] + }, + "config": { + "Entrypoint": [ + "rclone" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "XDG_CONFIG_HOME=/config" + ], + "WorkingDir": "/data" + } + }, + "Layers": [ + { + "Size": 7337984, + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + { + "Size": 3042816, + "Digest": "sha256:218554a38a3b1cfdc7e018c6611c9fac89e96e5c509a1472cd144154c6a96786", + "DiffID": "sha256:62e842859b7236f68a494bb2ccc03b4ada62270c8410cd26cb1c2586c5cdd4d7" + }, + { + "Size": 49380352, + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + { + "Size": 11776, + "Digest": "sha256:8ca9a3048278c27e08bbccd3670f2c5caff0128842689a9c86ed1fb0f9ce1cc9", + "DiffID": "sha256:6823946f0ba7ae98d1587bb23122ee932bc17f32bb56cef6016883628c19b0f0" + }, + { + "Size": 1536, + "Digest": "sha256:109cd48fac6cc902363d1ab766beec1fc3e4c2c95a1e7a7cde7f3407c18b3af3", + "DiffID": "sha256:b4b66d1ee6ce658c9408aba14a7876cefb24449f6f48ea33ddbf85f051843b48" + } + ] + } + ], + "Results": [ + { + "Target": "rclone/rclone:1.61.1 (alpine 3.17.0)", + "Class": "os-pkgs", + "Type": "alpine", + "Packages": [ + { + "ID": "alpine-baselayout@3.4.0-r0", + "Name": "alpine-baselayout", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout@3.4.0-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "30c2f9800d728f28" + }, + "Version": "3.4.0-r0", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.4.0-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-baselayout-data@3.4.0-r0", + "busybox-binsh@1.35.0-r29" + ], + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:fde5df99b613d565de9c54aa2a3ae86322bce0d1", + "InstalledFiles": [ + "etc/motd", + "etc/crontabs/root", + "etc/modprobe.d/aliases.conf", + "etc/modprobe.d/blacklist.conf", + "etc/modprobe.d/i386.conf", + "etc/modprobe.d/kms.conf", + "etc/profile.d/README", + "etc/profile.d/color_prompt.sh.disabled", + "etc/profile.d/locale.sh", + "lib/sysctl.d/00-alpine.conf", + "var/run", + "var/spool/mail", + "var/spool/cron/crontabs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-baselayout-data@3.4.0-r0", + "Name": "alpine-baselayout-data", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.4.0-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "e51ffe20d7623a8b" + }, + "Version": "3.4.0-r0", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.4.0-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:fc982933c27a0d623fe78d6d517fae1c4cd28eaa", + "InstalledFiles": [ + "etc/fstab", + "etc/group", + "etc/hostname", + "etc/hosts", + "etc/inittab", + "etc/modules", + "etc/mtab", + "etc/nsswitch.conf", + "etc/passwd", + "etc/profile", + "etc/protocols", + "etc/services", + "etc/shadow", + "etc/shells", + "etc/sysctl.conf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-keys@2.4-r1", + "Name": "alpine-keys", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64\u0026distro=3.17.0", + "UID": "3164c80d593e4cb3" + }, + "Version": "2.4-r1", + "Arch": "x86_64", + "SrcName": "alpine-keys", + "SrcVersion": "2.4-r1", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:28cd3595f295a7e804667db76b0ba3aa34a4acdf", + "InstalledFiles": [ + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "apk-tools@2.12.10-r1", + "Name": "apk-tools", + "Identifier": { + "PURL": "pkg:apk/alpine/apk-tools@2.12.10-r1?arch=x86_64\u0026distro=3.17.0", + "UID": "5b5afd5889ede5eb" + }, + "Version": "2.12.10-r1", + "Arch": "x86_64", + "SrcName": "apk-tools", + "SrcVersion": "2.12.10-r1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "ca-certificates-bundle@20220614-r2", + "libcrypto3@3.0.7-r0", + "libssl3@3.0.7-r0", + "musl@1.2.3-r4", + "zlib@1.2.13-r0" + ], + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:11fde2c2df9c31d1a780481a16bd944482612b34", + "InstalledFiles": [ + "lib/libapk.so.3.12.0", + "sbin/apk" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox@1.35.0-r29", + "Name": "busybox", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "63663e79f1d78cba" + }, + "Version": "1.35.0-r29", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.35.0-r29", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:34ddeca74cabf7d6ed472b2ab72de7414ad61da6", + "InstalledFiles": [ + "bin/busybox", + "etc/securetty", + "etc/udhcpd.conf", + "etc/logrotate.d/acpid", + "etc/network/if-up.d/dad", + "usr/share/udhcpc/default.script" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox-binsh@1.35.0-r29", + "Name": "busybox-binsh", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "45c394fb49457fb2" + }, + "Version": "1.35.0-r29", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.35.0-r29", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "busybox@1.35.0-r29" + ], + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:9a25b0ca158a5d51224582e1980ad5d5328cb3a0", + "InstalledFiles": [ + "bin/sh" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates@20220614-r3", + "Name": "ca-certificates", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates@20220614-r3?arch=x86_64\u0026distro=3.17.0", + "UID": "2cf7b443ea323e5e" + }, + "Version": "20220614-r3", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20220614-r3", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.35.0-r29", + "libcrypto3@3.0.7-r0", + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:218554a38a3b1cfdc7e018c6611c9fac89e96e5c509a1472cd144154c6a96786", + "DiffID": "sha256:62e842859b7236f68a494bb2ccc03b4ada62270c8410cd26cb1c2586c5cdd4d7" + }, + "Digest": "sha1:54e1755c00b5cceca1c08c2f40e448bdca0265e8", + "InstalledFiles": [ + "etc/ca-certificates.conf", + "etc/apk/protected_paths.d/ca-certificates.list", + "etc/ca-certificates/update.d/certhash", + "usr/bin/c_rehash", + "usr/sbin/update-ca-certificates", + "usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", + "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", + "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", + "usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", + "usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", + "usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", + "usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", + "usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", + "usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", + "usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", + "usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", + "usr/share/ca-certificates/mozilla/Certigna.crt", + "usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", + "usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", + "usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", + "usr/share/ca-certificates/mozilla/E-Tugra_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/E-Tugra_Global_Root_CA_ECC_v3.crt", + "usr/share/ca-certificates/mozilla/E-Tugra_Global_Root_CA_RSA_v3.crt", + "usr/share/ca-certificates/mozilla/EC-ACC.crt", + "usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G4.crt", + "usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", + "usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", + "usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", + "usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", + "usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", + "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", + "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", + "usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", + "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", + "usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", + "usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/Izenpe.com.crt", + "usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", + "usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", + "usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", + "usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", + "usr/share/ca-certificates/mozilla/Network_Solutions_Certificate_Authority.crt", + "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", + "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", + "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", + "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", + "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", + "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", + "usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", + "usr/share/ca-certificates/mozilla/SecureSign_RootCA11.crt", + "usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", + "usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", + "usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", + "usr/share/ca-certificates/mozilla/Security_Communication_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Staat_der_Nederlanden_EV_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", + "usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", + "usr/share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt", + "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", + "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", + "usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", + "usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", + "usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", + "usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", + "usr/share/ca-certificates/mozilla/TrustCor_ECA-1.crt", + "usr/share/ca-certificates/mozilla/TrustCor_RootCert_CA-1.crt", + "usr/share/ca-certificates/mozilla/TrustCor_RootCert_CA-2.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", + "usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", + "usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", + "usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", + "usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", + "usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", + "usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", + "usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", + "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", + "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", + "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", + "usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", + "usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates-bundle@20220614-r2", + "Name": "ca-certificates-bundle", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates-bundle@20220614-r2?arch=x86_64\u0026distro=3.17.0", + "UID": "abbaa17475b8f0df" + }, + "Version": "20220614-r2", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20220614-r2", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:9e3c4b432e3820273336d5c48c732fcf81615959", + "InstalledFiles": [ + "etc/ssl/cert.pem", + "etc/ssl/certs/ca-certificates.crt", + "etc/ssl1.1/cert.pem", + "etc/ssl1.1/certs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "fuse@2.9.9-r2", + "Name": "fuse", + "Identifier": { + "PURL": "pkg:apk/alpine/fuse@2.9.9-r2?arch=x86_64\u0026distro=3.17.0", + "UID": "87e240d6e1600fa2" + }, + "Version": "2.9.9-r2", + "Arch": "x86_64", + "SrcName": "fuse", + "SrcVersion": "2.9.9-r2", + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "fuse-common@3.12.0-r0", + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:218554a38a3b1cfdc7e018c6611c9fac89e96e5c509a1472cd144154c6a96786", + "DiffID": "sha256:62e842859b7236f68a494bb2ccc03b4ada62270c8410cd26cb1c2586c5cdd4d7" + }, + "Digest": "sha1:db75c36ba00ca0b9e3f361b011c40ca9c28cbe8a", + "InstalledFiles": [ + "bin/fusermount", + "bin/ulockmgr_server", + "lib/udev/rules.d/99-fuse.rules", + "sbin/mount.fuse", + "usr/lib/libfuse.so.2", + "usr/lib/libfuse.so.2.9.9", + "usr/lib/libulockmgr.so.1", + "usr/lib/libulockmgr.so.1.0.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "fuse-common@3.12.0-r0", + "Name": "fuse-common", + "Identifier": { + "PURL": "pkg:apk/alpine/fuse-common@3.12.0-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "ee399eecaf7a9402" + }, + "Version": "3.12.0-r0", + "Arch": "x86_64", + "SrcName": "fuse3", + "SrcVersion": "3.12.0-r0", + "Licenses": [ + "GPL-2.0-only", + "LGPL-2.1-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:218554a38a3b1cfdc7e018c6611c9fac89e96e5c509a1472cd144154c6a96786", + "DiffID": "sha256:62e842859b7236f68a494bb2ccc03b4ada62270c8410cd26cb1c2586c5cdd4d7" + }, + "Digest": "sha1:e059a354f3525151167d71a48b5f2619c12d2ec0", + "InstalledFiles": [ + "etc/fuse.conf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libc-utils@0.7.2-r3", + "Name": "libc-utils", + "Identifier": { + "PURL": "pkg:apk/alpine/libc-utils@0.7.2-r3?arch=x86_64\u0026distro=3.17.0", + "UID": "1b227ba5c763f776" + }, + "Version": "0.7.2-r3", + "Arch": "x86_64", + "SrcName": "libc-dev", + "SrcVersion": "0.7.2-r3", + "Licenses": [ + "BSD-2-Clause", + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl-utils@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:f46834ea904f8a21bd50df78aa5eea226b074944", + "AnalyzedBy": "apk" + }, + { + "ID": "libcrypto3@3.0.7-r0", + "Name": "libcrypto3", + "Identifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "Version": "3.0.7-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.0.7-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", + "DependsOn": [ + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:4e39ab0046b93ca778d0f373e8e229a3e6c1796d", + "InstalledFiles": [ + "etc/ssl/ct_log_list.cnf", + "etc/ssl/ct_log_list.cnf.dist", + "etc/ssl/openssl.cnf", + "etc/ssl/openssl.cnf.dist", + "etc/ssl/misc/CA.pl", + "etc/ssl/misc/tsget", + "etc/ssl/misc/tsget.pl", + "lib/libcrypto.so.3", + "usr/lib/libcrypto.so.3", + "usr/lib/engines-3/afalg.so", + "usr/lib/engines-3/capi.so", + "usr/lib/engines-3/loader_attic.so", + "usr/lib/engines-3/padlock.so", + "usr/lib/ossl-modules/legacy.so" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libssl3@3.0.7-r0", + "Name": "libssl3", + "Identifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "Version": "3.0.7-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.0.7-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", + "DependsOn": [ + "libcrypto3@3.0.7-r0", + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:133e78acb5153e50229dcb89d9e0edc589eb7a4e", + "InstalledFiles": [ + "lib/libssl.so.3", + "usr/lib/libssl.so.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl@1.2.3-r4", + "Name": "musl", + "Identifier": { + "PURL": "pkg:apk/alpine/musl@1.2.3-r4?arch=x86_64\u0026distro=3.17.0", + "UID": "af5f98cf83a00dc2" + }, + "Version": "1.2.3-r4", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.3-r4", + "Licenses": [ + "MIT" + ], + "Maintainer": "Timo Teräs \u003ctimo.teras@iki.fi\u003e", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:3e4ef1d70a00adb0759f390c3c93ead53102c2eb", + "InstalledFiles": [ + "lib/ld-musl-x86_64.so.1", + "lib/libc.musl-x86_64.so.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl-utils@1.2.3-r4", + "Name": "musl-utils", + "Identifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.3-r4?arch=x86_64\u0026distro=3.17.0", + "UID": "69e5c84e7222babe" + }, + "Version": "1.2.3-r4", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.3-r4", + "Licenses": [ + "MIT", + "BSD-2-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Timo Teräs \u003ctimo.teras@iki.fi\u003e", + "DependsOn": [ + "musl@1.2.3-r4", + "scanelf@1.3.5-r1" + ], + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:65624be1ec92c7c9cf4a3175140260432bee36ce", + "InstalledFiles": [ + "sbin/ldconfig", + "usr/bin/getconf", + "usr/bin/getent", + "usr/bin/iconv", + "usr/bin/ldd" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "scanelf@1.3.5-r1", + "Name": "scanelf", + "Identifier": { + "PURL": "pkg:apk/alpine/scanelf@1.3.5-r1?arch=x86_64\u0026distro=3.17.0", + "UID": "9beb1e687687f8d6" + }, + "Version": "1.3.5-r1", + "Arch": "x86_64", + "SrcName": "pax-utils", + "SrcVersion": "1.3.5-r1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:d5dc5816c1ef045033cc7183a3980e4c33490f24", + "InstalledFiles": [ + "usr/bin/scanelf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ssl_client@1.35.0-r29", + "Name": "ssl_client", + "Identifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "4d574a05a4da5141" + }, + "Version": "1.35.0-r29", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.35.0-r29", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "libcrypto3@3.0.7-r0", + "libssl3@3.0.7-r0", + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:42ea998de3fa5c6f39236f6d3a2096a1f2fc0a3d", + "InstalledFiles": [ + "usr/bin/ssl_client" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "tzdata@2022f-r1", + "Name": "tzdata", + "Identifier": { + "PURL": "pkg:apk/alpine/tzdata@2022f-r1?arch=x86_64\u0026distro=3.17.0", + "UID": "16cbdb52acce2be1" + }, + "Version": "2022f-r1", + "Arch": "x86_64", + "SrcName": "tzdata", + "SrcVersion": "2022f-r1", + "Licenses": [ + "Public-Domain" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:218554a38a3b1cfdc7e018c6611c9fac89e96e5c509a1472cd144154c6a96786", + "DiffID": "sha256:62e842859b7236f68a494bb2ccc03b4ada62270c8410cd26cb1c2586c5cdd4d7" + }, + "Digest": "sha1:7752b6fc9e327fcddcd2055382debad1362804fd", + "InstalledFiles": [ + "usr/share/zoneinfo/CET", + "usr/share/zoneinfo/CST6CDT", + "usr/share/zoneinfo/Cuba", + "usr/share/zoneinfo/EET", + "usr/share/zoneinfo/EST", + "usr/share/zoneinfo/EST5EDT", + "usr/share/zoneinfo/Egypt", + "usr/share/zoneinfo/Eire", + "usr/share/zoneinfo/Factory", + "usr/share/zoneinfo/GB", + "usr/share/zoneinfo/GB-Eire", + "usr/share/zoneinfo/GMT", + "usr/share/zoneinfo/GMT+0", + "usr/share/zoneinfo/GMT-0", + "usr/share/zoneinfo/GMT0", + "usr/share/zoneinfo/Greenwich", + "usr/share/zoneinfo/HST", + "usr/share/zoneinfo/Hongkong", + "usr/share/zoneinfo/Iceland", + "usr/share/zoneinfo/Iran", + "usr/share/zoneinfo/Israel", + "usr/share/zoneinfo/Jamaica", + "usr/share/zoneinfo/Japan", + "usr/share/zoneinfo/Kwajalein", + "usr/share/zoneinfo/Libya", + "usr/share/zoneinfo/MET", + "usr/share/zoneinfo/MST", + "usr/share/zoneinfo/MST7MDT", + "usr/share/zoneinfo/NZ", + "usr/share/zoneinfo/NZ-CHAT", + "usr/share/zoneinfo/Navajo", + "usr/share/zoneinfo/PRC", + "usr/share/zoneinfo/PST8PDT", + "usr/share/zoneinfo/Poland", + "usr/share/zoneinfo/Portugal", + "usr/share/zoneinfo/ROC", + "usr/share/zoneinfo/ROK", + "usr/share/zoneinfo/Singapore", + "usr/share/zoneinfo/Turkey", + "usr/share/zoneinfo/UCT", + "usr/share/zoneinfo/UTC", + "usr/share/zoneinfo/Universal", + "usr/share/zoneinfo/W-SU", + "usr/share/zoneinfo/WET", + "usr/share/zoneinfo/Zulu", + "usr/share/zoneinfo/iso3166.tab", + "usr/share/zoneinfo/leap-seconds.list", + "usr/share/zoneinfo/posixrules", + "usr/share/zoneinfo/zone.tab", + "usr/share/zoneinfo/zone1970.tab", + "usr/share/zoneinfo/Africa/Abidjan", + "usr/share/zoneinfo/Africa/Accra", + "usr/share/zoneinfo/Africa/Addis_Ababa", + "usr/share/zoneinfo/Africa/Algiers", + "usr/share/zoneinfo/Africa/Asmara", + "usr/share/zoneinfo/Africa/Asmera", + "usr/share/zoneinfo/Africa/Bamako", + "usr/share/zoneinfo/Africa/Bangui", + "usr/share/zoneinfo/Africa/Banjul", + "usr/share/zoneinfo/Africa/Bissau", + "usr/share/zoneinfo/Africa/Blantyre", + "usr/share/zoneinfo/Africa/Brazzaville", + "usr/share/zoneinfo/Africa/Bujumbura", + "usr/share/zoneinfo/Africa/Cairo", + "usr/share/zoneinfo/Africa/Casablanca", + "usr/share/zoneinfo/Africa/Ceuta", + "usr/share/zoneinfo/Africa/Conakry", + "usr/share/zoneinfo/Africa/Dakar", + "usr/share/zoneinfo/Africa/Dar_es_Salaam", + "usr/share/zoneinfo/Africa/Djibouti", + "usr/share/zoneinfo/Africa/Douala", + "usr/share/zoneinfo/Africa/El_Aaiun", + "usr/share/zoneinfo/Africa/Freetown", + "usr/share/zoneinfo/Africa/Gaborone", + "usr/share/zoneinfo/Africa/Harare", + "usr/share/zoneinfo/Africa/Johannesburg", + "usr/share/zoneinfo/Africa/Juba", + "usr/share/zoneinfo/Africa/Kampala", + "usr/share/zoneinfo/Africa/Khartoum", + "usr/share/zoneinfo/Africa/Kigali", + "usr/share/zoneinfo/Africa/Kinshasa", + "usr/share/zoneinfo/Africa/Lagos", + "usr/share/zoneinfo/Africa/Libreville", + "usr/share/zoneinfo/Africa/Lome", + "usr/share/zoneinfo/Africa/Luanda", + "usr/share/zoneinfo/Africa/Lubumbashi", + "usr/share/zoneinfo/Africa/Lusaka", + "usr/share/zoneinfo/Africa/Malabo", + "usr/share/zoneinfo/Africa/Maputo", + "usr/share/zoneinfo/Africa/Maseru", + "usr/share/zoneinfo/Africa/Mbabane", + "usr/share/zoneinfo/Africa/Mogadishu", + "usr/share/zoneinfo/Africa/Monrovia", + "usr/share/zoneinfo/Africa/Nairobi", + "usr/share/zoneinfo/Africa/Ndjamena", + "usr/share/zoneinfo/Africa/Niamey", + "usr/share/zoneinfo/Africa/Nouakchott", + "usr/share/zoneinfo/Africa/Ouagadougou", + "usr/share/zoneinfo/Africa/Porto-Novo", + "usr/share/zoneinfo/Africa/Sao_Tome", + "usr/share/zoneinfo/Africa/Timbuktu", + "usr/share/zoneinfo/Africa/Tripoli", + "usr/share/zoneinfo/Africa/Tunis", + "usr/share/zoneinfo/Africa/Windhoek", + "usr/share/zoneinfo/America/Adak", + "usr/share/zoneinfo/America/Anchorage", + "usr/share/zoneinfo/America/Anguilla", + "usr/share/zoneinfo/America/Antigua", + "usr/share/zoneinfo/America/Araguaina", + "usr/share/zoneinfo/America/Aruba", + "usr/share/zoneinfo/America/Asuncion", + "usr/share/zoneinfo/America/Atikokan", + "usr/share/zoneinfo/America/Atka", + "usr/share/zoneinfo/America/Bahia", + "usr/share/zoneinfo/America/Bahia_Banderas", + "usr/share/zoneinfo/America/Barbados", + "usr/share/zoneinfo/America/Belem", + "usr/share/zoneinfo/America/Belize", + "usr/share/zoneinfo/America/Blanc-Sablon", + "usr/share/zoneinfo/America/Boa_Vista", + "usr/share/zoneinfo/America/Bogota", + "usr/share/zoneinfo/America/Boise", + "usr/share/zoneinfo/America/Buenos_Aires", + "usr/share/zoneinfo/America/Cambridge_Bay", + "usr/share/zoneinfo/America/Campo_Grande", + "usr/share/zoneinfo/America/Cancun", + "usr/share/zoneinfo/America/Caracas", + "usr/share/zoneinfo/America/Catamarca", + "usr/share/zoneinfo/America/Cayenne", + "usr/share/zoneinfo/America/Cayman", + "usr/share/zoneinfo/America/Chicago", + "usr/share/zoneinfo/America/Chihuahua", + "usr/share/zoneinfo/America/Coral_Harbour", + "usr/share/zoneinfo/America/Cordoba", + "usr/share/zoneinfo/America/Costa_Rica", + "usr/share/zoneinfo/America/Creston", + "usr/share/zoneinfo/America/Cuiaba", + "usr/share/zoneinfo/America/Curacao", + "usr/share/zoneinfo/America/Danmarkshavn", + "usr/share/zoneinfo/America/Dawson", + "usr/share/zoneinfo/America/Dawson_Creek", + "usr/share/zoneinfo/America/Denver", + "usr/share/zoneinfo/America/Detroit", + "usr/share/zoneinfo/America/Dominica", + "usr/share/zoneinfo/America/Edmonton", + "usr/share/zoneinfo/America/Eirunepe", + "usr/share/zoneinfo/America/El_Salvador", + "usr/share/zoneinfo/America/Ensenada", + "usr/share/zoneinfo/America/Fort_Nelson", + "usr/share/zoneinfo/America/Fort_Wayne", + "usr/share/zoneinfo/America/Fortaleza", + "usr/share/zoneinfo/America/Glace_Bay", + "usr/share/zoneinfo/America/Godthab", + "usr/share/zoneinfo/America/Goose_Bay", + "usr/share/zoneinfo/America/Grand_Turk", + "usr/share/zoneinfo/America/Grenada", + "usr/share/zoneinfo/America/Guadeloupe", + "usr/share/zoneinfo/America/Guatemala", + "usr/share/zoneinfo/America/Guayaquil", + "usr/share/zoneinfo/America/Guyana", + "usr/share/zoneinfo/America/Halifax", + "usr/share/zoneinfo/America/Havana", + "usr/share/zoneinfo/America/Hermosillo", + "usr/share/zoneinfo/America/Indianapolis", + "usr/share/zoneinfo/America/Inuvik", + "usr/share/zoneinfo/America/Iqaluit", + "usr/share/zoneinfo/America/Jamaica", + "usr/share/zoneinfo/America/Jujuy", + "usr/share/zoneinfo/America/Juneau", + "usr/share/zoneinfo/America/Knox_IN", + "usr/share/zoneinfo/America/Kralendijk", + "usr/share/zoneinfo/America/La_Paz", + "usr/share/zoneinfo/America/Lima", + "usr/share/zoneinfo/America/Los_Angeles", + "usr/share/zoneinfo/America/Louisville", + "usr/share/zoneinfo/America/Lower_Princes", + "usr/share/zoneinfo/America/Maceio", + "usr/share/zoneinfo/America/Managua", + "usr/share/zoneinfo/America/Manaus", + "usr/share/zoneinfo/America/Marigot", + "usr/share/zoneinfo/America/Martinique", + "usr/share/zoneinfo/America/Matamoros", + "usr/share/zoneinfo/America/Mazatlan", + "usr/share/zoneinfo/America/Mendoza", + "usr/share/zoneinfo/America/Menominee", + "usr/share/zoneinfo/America/Merida", + "usr/share/zoneinfo/America/Metlakatla", + "usr/share/zoneinfo/America/Mexico_City", + "usr/share/zoneinfo/America/Miquelon", + "usr/share/zoneinfo/America/Moncton", + "usr/share/zoneinfo/America/Monterrey", + "usr/share/zoneinfo/America/Montevideo", + "usr/share/zoneinfo/America/Montreal", + "usr/share/zoneinfo/America/Montserrat", + "usr/share/zoneinfo/America/Nassau", + "usr/share/zoneinfo/America/New_York", + "usr/share/zoneinfo/America/Nipigon", + "usr/share/zoneinfo/America/Nome", + "usr/share/zoneinfo/America/Noronha", + "usr/share/zoneinfo/America/Nuuk", + "usr/share/zoneinfo/America/Ojinaga", + "usr/share/zoneinfo/America/Panama", + "usr/share/zoneinfo/America/Pangnirtung", + "usr/share/zoneinfo/America/Paramaribo", + "usr/share/zoneinfo/America/Phoenix", + "usr/share/zoneinfo/America/Port-au-Prince", + "usr/share/zoneinfo/America/Port_of_Spain", + "usr/share/zoneinfo/America/Porto_Acre", + "usr/share/zoneinfo/America/Porto_Velho", + "usr/share/zoneinfo/America/Puerto_Rico", + "usr/share/zoneinfo/America/Punta_Arenas", + "usr/share/zoneinfo/America/Rainy_River", + "usr/share/zoneinfo/America/Rankin_Inlet", + "usr/share/zoneinfo/America/Recife", + "usr/share/zoneinfo/America/Regina", + "usr/share/zoneinfo/America/Resolute", + "usr/share/zoneinfo/America/Rio_Branco", + "usr/share/zoneinfo/America/Rosario", + "usr/share/zoneinfo/America/Santa_Isabel", + "usr/share/zoneinfo/America/Santarem", + "usr/share/zoneinfo/America/Santiago", + "usr/share/zoneinfo/America/Santo_Domingo", + "usr/share/zoneinfo/America/Sao_Paulo", + "usr/share/zoneinfo/America/Scoresbysund", + "usr/share/zoneinfo/America/Shiprock", + "usr/share/zoneinfo/America/Sitka", + "usr/share/zoneinfo/America/St_Barthelemy", + "usr/share/zoneinfo/America/St_Johns", + "usr/share/zoneinfo/America/St_Kitts", + "usr/share/zoneinfo/America/St_Lucia", + "usr/share/zoneinfo/America/St_Thomas", + "usr/share/zoneinfo/America/St_Vincent", + "usr/share/zoneinfo/America/Swift_Current", + "usr/share/zoneinfo/America/Tegucigalpa", + "usr/share/zoneinfo/America/Thule", + "usr/share/zoneinfo/America/Thunder_Bay", + "usr/share/zoneinfo/America/Tijuana", + "usr/share/zoneinfo/America/Toronto", + "usr/share/zoneinfo/America/Tortola", + "usr/share/zoneinfo/America/Vancouver", + "usr/share/zoneinfo/America/Virgin", + "usr/share/zoneinfo/America/Whitehorse", + "usr/share/zoneinfo/America/Winnipeg", + "usr/share/zoneinfo/America/Yakutat", + "usr/share/zoneinfo/America/Yellowknife", + "usr/share/zoneinfo/America/Argentina/Buenos_Aires", + "usr/share/zoneinfo/America/Argentina/Catamarca", + "usr/share/zoneinfo/America/Argentina/ComodRivadavia", + "usr/share/zoneinfo/America/Argentina/Cordoba", + "usr/share/zoneinfo/America/Argentina/Jujuy", + "usr/share/zoneinfo/America/Argentina/La_Rioja", + "usr/share/zoneinfo/America/Argentina/Mendoza", + "usr/share/zoneinfo/America/Argentina/Rio_Gallegos", + "usr/share/zoneinfo/America/Argentina/Salta", + "usr/share/zoneinfo/America/Argentina/San_Juan", + "usr/share/zoneinfo/America/Argentina/San_Luis", + "usr/share/zoneinfo/America/Argentina/Tucuman", + "usr/share/zoneinfo/America/Argentina/Ushuaia", + "usr/share/zoneinfo/America/Indiana/Indianapolis", + "usr/share/zoneinfo/America/Indiana/Knox", + "usr/share/zoneinfo/America/Indiana/Marengo", + "usr/share/zoneinfo/America/Indiana/Petersburg", + "usr/share/zoneinfo/America/Indiana/Tell_City", + "usr/share/zoneinfo/America/Indiana/Vevay", + "usr/share/zoneinfo/America/Indiana/Vincennes", + "usr/share/zoneinfo/America/Indiana/Winamac", + "usr/share/zoneinfo/America/Kentucky/Louisville", + "usr/share/zoneinfo/America/Kentucky/Monticello", + "usr/share/zoneinfo/America/North_Dakota/Beulah", + "usr/share/zoneinfo/America/North_Dakota/Center", + "usr/share/zoneinfo/America/North_Dakota/New_Salem", + "usr/share/zoneinfo/Antarctica/Casey", + "usr/share/zoneinfo/Antarctica/Davis", + "usr/share/zoneinfo/Antarctica/DumontDUrville", + "usr/share/zoneinfo/Antarctica/Macquarie", + "usr/share/zoneinfo/Antarctica/Mawson", + "usr/share/zoneinfo/Antarctica/McMurdo", + "usr/share/zoneinfo/Antarctica/Palmer", + "usr/share/zoneinfo/Antarctica/Rothera", + "usr/share/zoneinfo/Antarctica/South_Pole", + "usr/share/zoneinfo/Antarctica/Syowa", + "usr/share/zoneinfo/Antarctica/Troll", + "usr/share/zoneinfo/Antarctica/Vostok", + "usr/share/zoneinfo/Arctic/Longyearbyen", + "usr/share/zoneinfo/Asia/Aden", + "usr/share/zoneinfo/Asia/Almaty", + "usr/share/zoneinfo/Asia/Amman", + "usr/share/zoneinfo/Asia/Anadyr", + "usr/share/zoneinfo/Asia/Aqtau", + "usr/share/zoneinfo/Asia/Aqtobe", + "usr/share/zoneinfo/Asia/Ashgabat", + "usr/share/zoneinfo/Asia/Ashkhabad", + "usr/share/zoneinfo/Asia/Atyrau", + "usr/share/zoneinfo/Asia/Baghdad", + "usr/share/zoneinfo/Asia/Bahrain", + "usr/share/zoneinfo/Asia/Baku", + "usr/share/zoneinfo/Asia/Bangkok", + "usr/share/zoneinfo/Asia/Barnaul", + "usr/share/zoneinfo/Asia/Beirut", + "usr/share/zoneinfo/Asia/Bishkek", + "usr/share/zoneinfo/Asia/Brunei", + "usr/share/zoneinfo/Asia/Calcutta", + "usr/share/zoneinfo/Asia/Chita", + "usr/share/zoneinfo/Asia/Choibalsan", + "usr/share/zoneinfo/Asia/Chongqing", + "usr/share/zoneinfo/Asia/Chungking", + "usr/share/zoneinfo/Asia/Colombo", + "usr/share/zoneinfo/Asia/Dacca", + "usr/share/zoneinfo/Asia/Damascus", + "usr/share/zoneinfo/Asia/Dhaka", + "usr/share/zoneinfo/Asia/Dili", + "usr/share/zoneinfo/Asia/Dubai", + "usr/share/zoneinfo/Asia/Dushanbe", + "usr/share/zoneinfo/Asia/Famagusta", + "usr/share/zoneinfo/Asia/Gaza", + "usr/share/zoneinfo/Asia/Harbin", + "usr/share/zoneinfo/Asia/Hebron", + "usr/share/zoneinfo/Asia/Ho_Chi_Minh", + "usr/share/zoneinfo/Asia/Hong_Kong", + "usr/share/zoneinfo/Asia/Hovd", + "usr/share/zoneinfo/Asia/Irkutsk", + "usr/share/zoneinfo/Asia/Istanbul", + "usr/share/zoneinfo/Asia/Jakarta", + "usr/share/zoneinfo/Asia/Jayapura", + "usr/share/zoneinfo/Asia/Jerusalem", + "usr/share/zoneinfo/Asia/Kabul", + "usr/share/zoneinfo/Asia/Kamchatka", + "usr/share/zoneinfo/Asia/Karachi", + "usr/share/zoneinfo/Asia/Kashgar", + "usr/share/zoneinfo/Asia/Kathmandu", + "usr/share/zoneinfo/Asia/Katmandu", + "usr/share/zoneinfo/Asia/Khandyga", + "usr/share/zoneinfo/Asia/Kolkata", + "usr/share/zoneinfo/Asia/Krasnoyarsk", + "usr/share/zoneinfo/Asia/Kuala_Lumpur", + "usr/share/zoneinfo/Asia/Kuching", + "usr/share/zoneinfo/Asia/Kuwait", + "usr/share/zoneinfo/Asia/Macao", + "usr/share/zoneinfo/Asia/Macau", + "usr/share/zoneinfo/Asia/Magadan", + "usr/share/zoneinfo/Asia/Makassar", + "usr/share/zoneinfo/Asia/Manila", + "usr/share/zoneinfo/Asia/Muscat", + "usr/share/zoneinfo/Asia/Nicosia", + "usr/share/zoneinfo/Asia/Novokuznetsk", + "usr/share/zoneinfo/Asia/Novosibirsk", + "usr/share/zoneinfo/Asia/Omsk", + "usr/share/zoneinfo/Asia/Oral", + "usr/share/zoneinfo/Asia/Phnom_Penh", + "usr/share/zoneinfo/Asia/Pontianak", + "usr/share/zoneinfo/Asia/Pyongyang", + "usr/share/zoneinfo/Asia/Qatar", + "usr/share/zoneinfo/Asia/Qostanay", + "usr/share/zoneinfo/Asia/Qyzylorda", + "usr/share/zoneinfo/Asia/Rangoon", + "usr/share/zoneinfo/Asia/Riyadh", + "usr/share/zoneinfo/Asia/Saigon", + "usr/share/zoneinfo/Asia/Sakhalin", + "usr/share/zoneinfo/Asia/Samarkand", + "usr/share/zoneinfo/Asia/Seoul", + "usr/share/zoneinfo/Asia/Shanghai", + "usr/share/zoneinfo/Asia/Singapore", + "usr/share/zoneinfo/Asia/Srednekolymsk", + "usr/share/zoneinfo/Asia/Taipei", + "usr/share/zoneinfo/Asia/Tashkent", + "usr/share/zoneinfo/Asia/Tbilisi", + "usr/share/zoneinfo/Asia/Tehran", + "usr/share/zoneinfo/Asia/Tel_Aviv", + "usr/share/zoneinfo/Asia/Thimbu", + "usr/share/zoneinfo/Asia/Thimphu", + "usr/share/zoneinfo/Asia/Tokyo", + "usr/share/zoneinfo/Asia/Tomsk", + "usr/share/zoneinfo/Asia/Ujung_Pandang", + "usr/share/zoneinfo/Asia/Ulaanbaatar", + "usr/share/zoneinfo/Asia/Ulan_Bator", + "usr/share/zoneinfo/Asia/Urumqi", + "usr/share/zoneinfo/Asia/Ust-Nera", + "usr/share/zoneinfo/Asia/Vientiane", + "usr/share/zoneinfo/Asia/Vladivostok", + "usr/share/zoneinfo/Asia/Yakutsk", + "usr/share/zoneinfo/Asia/Yangon", + "usr/share/zoneinfo/Asia/Yekaterinburg", + "usr/share/zoneinfo/Asia/Yerevan", + "usr/share/zoneinfo/Atlantic/Azores", + "usr/share/zoneinfo/Atlantic/Bermuda", + "usr/share/zoneinfo/Atlantic/Canary", + "usr/share/zoneinfo/Atlantic/Cape_Verde", + "usr/share/zoneinfo/Atlantic/Faeroe", + "usr/share/zoneinfo/Atlantic/Faroe", + "usr/share/zoneinfo/Atlantic/Jan_Mayen", + "usr/share/zoneinfo/Atlantic/Madeira", + "usr/share/zoneinfo/Atlantic/Reykjavik", + "usr/share/zoneinfo/Atlantic/South_Georgia", + "usr/share/zoneinfo/Atlantic/St_Helena", + "usr/share/zoneinfo/Atlantic/Stanley", + "usr/share/zoneinfo/Australia/ACT", + "usr/share/zoneinfo/Australia/Adelaide", + "usr/share/zoneinfo/Australia/Brisbane", + "usr/share/zoneinfo/Australia/Broken_Hill", + "usr/share/zoneinfo/Australia/Canberra", + "usr/share/zoneinfo/Australia/Currie", + "usr/share/zoneinfo/Australia/Darwin", + "usr/share/zoneinfo/Australia/Eucla", + "usr/share/zoneinfo/Australia/Hobart", + "usr/share/zoneinfo/Australia/LHI", + "usr/share/zoneinfo/Australia/Lindeman", + "usr/share/zoneinfo/Australia/Lord_Howe", + "usr/share/zoneinfo/Australia/Melbourne", + "usr/share/zoneinfo/Australia/NSW", + "usr/share/zoneinfo/Australia/North", + "usr/share/zoneinfo/Australia/Perth", + "usr/share/zoneinfo/Australia/Queensland", + "usr/share/zoneinfo/Australia/South", + "usr/share/zoneinfo/Australia/Sydney", + "usr/share/zoneinfo/Australia/Tasmania", + "usr/share/zoneinfo/Australia/Victoria", + "usr/share/zoneinfo/Australia/West", + "usr/share/zoneinfo/Australia/Yancowinna", + "usr/share/zoneinfo/Brazil/Acre", + "usr/share/zoneinfo/Brazil/DeNoronha", + "usr/share/zoneinfo/Brazil/East", + "usr/share/zoneinfo/Brazil/West", + "usr/share/zoneinfo/Canada/Atlantic", + "usr/share/zoneinfo/Canada/Central", + "usr/share/zoneinfo/Canada/Eastern", + "usr/share/zoneinfo/Canada/Mountain", + "usr/share/zoneinfo/Canada/Newfoundland", + "usr/share/zoneinfo/Canada/Pacific", + "usr/share/zoneinfo/Canada/Saskatchewan", + "usr/share/zoneinfo/Canada/Yukon", + "usr/share/zoneinfo/Chile/Continental", + "usr/share/zoneinfo/Chile/EasterIsland", + "usr/share/zoneinfo/Etc/GMT", + "usr/share/zoneinfo/Etc/GMT+0", + "usr/share/zoneinfo/Etc/GMT+1", + "usr/share/zoneinfo/Etc/GMT+10", + "usr/share/zoneinfo/Etc/GMT+11", + "usr/share/zoneinfo/Etc/GMT+12", + "usr/share/zoneinfo/Etc/GMT+2", + "usr/share/zoneinfo/Etc/GMT+3", + "usr/share/zoneinfo/Etc/GMT+4", + "usr/share/zoneinfo/Etc/GMT+5", + "usr/share/zoneinfo/Etc/GMT+6", + "usr/share/zoneinfo/Etc/GMT+7", + "usr/share/zoneinfo/Etc/GMT+8", + "usr/share/zoneinfo/Etc/GMT+9", + "usr/share/zoneinfo/Etc/GMT-0", + "usr/share/zoneinfo/Etc/GMT-1", + "usr/share/zoneinfo/Etc/GMT-10", + "usr/share/zoneinfo/Etc/GMT-11", + "usr/share/zoneinfo/Etc/GMT-12", + "usr/share/zoneinfo/Etc/GMT-13", + "usr/share/zoneinfo/Etc/GMT-14", + "usr/share/zoneinfo/Etc/GMT-2", + "usr/share/zoneinfo/Etc/GMT-3", + "usr/share/zoneinfo/Etc/GMT-4", + "usr/share/zoneinfo/Etc/GMT-5", + "usr/share/zoneinfo/Etc/GMT-6", + "usr/share/zoneinfo/Etc/GMT-7", + "usr/share/zoneinfo/Etc/GMT-8", + "usr/share/zoneinfo/Etc/GMT-9", + "usr/share/zoneinfo/Etc/GMT0", + "usr/share/zoneinfo/Etc/Greenwich", + "usr/share/zoneinfo/Etc/UCT", + "usr/share/zoneinfo/Etc/UTC", + "usr/share/zoneinfo/Etc/Universal", + "usr/share/zoneinfo/Etc/Zulu", + "usr/share/zoneinfo/Europe/Amsterdam", + "usr/share/zoneinfo/Europe/Andorra", + "usr/share/zoneinfo/Europe/Astrakhan", + "usr/share/zoneinfo/Europe/Athens", + "usr/share/zoneinfo/Europe/Belfast", + "usr/share/zoneinfo/Europe/Belgrade", + "usr/share/zoneinfo/Europe/Berlin", + "usr/share/zoneinfo/Europe/Bratislava", + "usr/share/zoneinfo/Europe/Brussels", + "usr/share/zoneinfo/Europe/Bucharest", + "usr/share/zoneinfo/Europe/Budapest", + "usr/share/zoneinfo/Europe/Busingen", + "usr/share/zoneinfo/Europe/Chisinau", + "usr/share/zoneinfo/Europe/Copenhagen", + "usr/share/zoneinfo/Europe/Dublin", + "usr/share/zoneinfo/Europe/Gibraltar", + "usr/share/zoneinfo/Europe/Guernsey", + "usr/share/zoneinfo/Europe/Helsinki", + "usr/share/zoneinfo/Europe/Isle_of_Man", + "usr/share/zoneinfo/Europe/Istanbul", + "usr/share/zoneinfo/Europe/Jersey", + "usr/share/zoneinfo/Europe/Kaliningrad", + "usr/share/zoneinfo/Europe/Kiev", + "usr/share/zoneinfo/Europe/Kirov", + "usr/share/zoneinfo/Europe/Kyiv", + "usr/share/zoneinfo/Europe/Lisbon", + "usr/share/zoneinfo/Europe/Ljubljana", + "usr/share/zoneinfo/Europe/London", + "usr/share/zoneinfo/Europe/Luxembourg", + "usr/share/zoneinfo/Europe/Madrid", + "usr/share/zoneinfo/Europe/Malta", + "usr/share/zoneinfo/Europe/Mariehamn", + "usr/share/zoneinfo/Europe/Minsk", + "usr/share/zoneinfo/Europe/Monaco", + "usr/share/zoneinfo/Europe/Moscow", + "usr/share/zoneinfo/Europe/Nicosia", + "usr/share/zoneinfo/Europe/Oslo", + "usr/share/zoneinfo/Europe/Paris", + "usr/share/zoneinfo/Europe/Podgorica", + "usr/share/zoneinfo/Europe/Prague", + "usr/share/zoneinfo/Europe/Riga", + "usr/share/zoneinfo/Europe/Rome", + "usr/share/zoneinfo/Europe/Samara", + "usr/share/zoneinfo/Europe/San_Marino", + "usr/share/zoneinfo/Europe/Sarajevo", + "usr/share/zoneinfo/Europe/Saratov", + "usr/share/zoneinfo/Europe/Simferopol", + "usr/share/zoneinfo/Europe/Skopje", + "usr/share/zoneinfo/Europe/Sofia", + "usr/share/zoneinfo/Europe/Stockholm", + "usr/share/zoneinfo/Europe/Tallinn", + "usr/share/zoneinfo/Europe/Tirane", + "usr/share/zoneinfo/Europe/Tiraspol", + "usr/share/zoneinfo/Europe/Ulyanovsk", + "usr/share/zoneinfo/Europe/Uzhgorod", + "usr/share/zoneinfo/Europe/Vaduz", + "usr/share/zoneinfo/Europe/Vatican", + "usr/share/zoneinfo/Europe/Vienna", + "usr/share/zoneinfo/Europe/Vilnius", + "usr/share/zoneinfo/Europe/Volgograd", + "usr/share/zoneinfo/Europe/Warsaw", + "usr/share/zoneinfo/Europe/Zagreb", + "usr/share/zoneinfo/Europe/Zaporozhye", + "usr/share/zoneinfo/Europe/Zurich", + "usr/share/zoneinfo/Indian/Antananarivo", + "usr/share/zoneinfo/Indian/Chagos", + "usr/share/zoneinfo/Indian/Christmas", + "usr/share/zoneinfo/Indian/Cocos", + "usr/share/zoneinfo/Indian/Comoro", + "usr/share/zoneinfo/Indian/Kerguelen", + "usr/share/zoneinfo/Indian/Mahe", + "usr/share/zoneinfo/Indian/Maldives", + "usr/share/zoneinfo/Indian/Mauritius", + "usr/share/zoneinfo/Indian/Mayotte", + "usr/share/zoneinfo/Indian/Reunion", + "usr/share/zoneinfo/Mexico/BajaNorte", + "usr/share/zoneinfo/Mexico/BajaSur", + "usr/share/zoneinfo/Mexico/General", + "usr/share/zoneinfo/Pacific/Apia", + "usr/share/zoneinfo/Pacific/Auckland", + "usr/share/zoneinfo/Pacific/Bougainville", + "usr/share/zoneinfo/Pacific/Chatham", + "usr/share/zoneinfo/Pacific/Chuuk", + "usr/share/zoneinfo/Pacific/Easter", + "usr/share/zoneinfo/Pacific/Efate", + "usr/share/zoneinfo/Pacific/Enderbury", + "usr/share/zoneinfo/Pacific/Fakaofo", + "usr/share/zoneinfo/Pacific/Fiji", + "usr/share/zoneinfo/Pacific/Funafuti", + "usr/share/zoneinfo/Pacific/Galapagos", + "usr/share/zoneinfo/Pacific/Gambier", + "usr/share/zoneinfo/Pacific/Guadalcanal", + "usr/share/zoneinfo/Pacific/Guam", + "usr/share/zoneinfo/Pacific/Honolulu", + "usr/share/zoneinfo/Pacific/Johnston", + "usr/share/zoneinfo/Pacific/Kanton", + "usr/share/zoneinfo/Pacific/Kiritimati", + "usr/share/zoneinfo/Pacific/Kosrae", + "usr/share/zoneinfo/Pacific/Kwajalein", + "usr/share/zoneinfo/Pacific/Majuro", + "usr/share/zoneinfo/Pacific/Marquesas", + "usr/share/zoneinfo/Pacific/Midway", + "usr/share/zoneinfo/Pacific/Nauru", + "usr/share/zoneinfo/Pacific/Niue", + "usr/share/zoneinfo/Pacific/Norfolk", + "usr/share/zoneinfo/Pacific/Noumea", + "usr/share/zoneinfo/Pacific/Pago_Pago", + "usr/share/zoneinfo/Pacific/Palau", + "usr/share/zoneinfo/Pacific/Pitcairn", + "usr/share/zoneinfo/Pacific/Pohnpei", + "usr/share/zoneinfo/Pacific/Ponape", + "usr/share/zoneinfo/Pacific/Port_Moresby", + "usr/share/zoneinfo/Pacific/Rarotonga", + "usr/share/zoneinfo/Pacific/Saipan", + "usr/share/zoneinfo/Pacific/Samoa", + "usr/share/zoneinfo/Pacific/Tahiti", + "usr/share/zoneinfo/Pacific/Tarawa", + "usr/share/zoneinfo/Pacific/Tongatapu", + "usr/share/zoneinfo/Pacific/Truk", + "usr/share/zoneinfo/Pacific/Wake", + "usr/share/zoneinfo/Pacific/Wallis", + "usr/share/zoneinfo/Pacific/Yap", + "usr/share/zoneinfo/US/Alaska", + "usr/share/zoneinfo/US/Aleutian", + "usr/share/zoneinfo/US/Arizona", + "usr/share/zoneinfo/US/Central", + "usr/share/zoneinfo/US/East-Indiana", + "usr/share/zoneinfo/US/Eastern", + "usr/share/zoneinfo/US/Hawaii", + "usr/share/zoneinfo/US/Indiana-Starke", + "usr/share/zoneinfo/US/Michigan", + "usr/share/zoneinfo/US/Mountain", + "usr/share/zoneinfo/US/Pacific", + "usr/share/zoneinfo/US/Samoa", + "usr/share/zoneinfo/right/CET", + "usr/share/zoneinfo/right/CST6CDT", + "usr/share/zoneinfo/right/Cuba", + "usr/share/zoneinfo/right/EET", + "usr/share/zoneinfo/right/EST", + "usr/share/zoneinfo/right/EST5EDT", + "usr/share/zoneinfo/right/Egypt", + "usr/share/zoneinfo/right/Eire", + "usr/share/zoneinfo/right/Factory", + "usr/share/zoneinfo/right/GB", + "usr/share/zoneinfo/right/GB-Eire", + "usr/share/zoneinfo/right/GMT", + "usr/share/zoneinfo/right/GMT+0", + "usr/share/zoneinfo/right/GMT-0", + "usr/share/zoneinfo/right/GMT0", + "usr/share/zoneinfo/right/Greenwich", + "usr/share/zoneinfo/right/HST", + "usr/share/zoneinfo/right/Hongkong", + "usr/share/zoneinfo/right/Iceland", + "usr/share/zoneinfo/right/Iran", + "usr/share/zoneinfo/right/Israel", + "usr/share/zoneinfo/right/Jamaica", + "usr/share/zoneinfo/right/Japan", + "usr/share/zoneinfo/right/Kwajalein", + "usr/share/zoneinfo/right/Libya", + "usr/share/zoneinfo/right/MET", + "usr/share/zoneinfo/right/MST", + "usr/share/zoneinfo/right/MST7MDT", + "usr/share/zoneinfo/right/NZ", + "usr/share/zoneinfo/right/NZ-CHAT", + "usr/share/zoneinfo/right/Navajo", + "usr/share/zoneinfo/right/PRC", + "usr/share/zoneinfo/right/PST8PDT", + "usr/share/zoneinfo/right/Poland", + "usr/share/zoneinfo/right/Portugal", + "usr/share/zoneinfo/right/ROC", + "usr/share/zoneinfo/right/ROK", + "usr/share/zoneinfo/right/Singapore", + "usr/share/zoneinfo/right/Turkey", + "usr/share/zoneinfo/right/UCT", + "usr/share/zoneinfo/right/UTC", + "usr/share/zoneinfo/right/Universal", + "usr/share/zoneinfo/right/W-SU", + "usr/share/zoneinfo/right/WET", + "usr/share/zoneinfo/right/Zulu", + "usr/share/zoneinfo/right/Africa/Abidjan", + "usr/share/zoneinfo/right/Africa/Accra", + "usr/share/zoneinfo/right/Africa/Addis_Ababa", + "usr/share/zoneinfo/right/Africa/Algiers", + "usr/share/zoneinfo/right/Africa/Asmara", + "usr/share/zoneinfo/right/Africa/Asmera", + "usr/share/zoneinfo/right/Africa/Bamako", + "usr/share/zoneinfo/right/Africa/Bangui", + "usr/share/zoneinfo/right/Africa/Banjul", + "usr/share/zoneinfo/right/Africa/Bissau", + "usr/share/zoneinfo/right/Africa/Blantyre", + "usr/share/zoneinfo/right/Africa/Brazzaville", + "usr/share/zoneinfo/right/Africa/Bujumbura", + "usr/share/zoneinfo/right/Africa/Cairo", + "usr/share/zoneinfo/right/Africa/Casablanca", + "usr/share/zoneinfo/right/Africa/Ceuta", + "usr/share/zoneinfo/right/Africa/Conakry", + "usr/share/zoneinfo/right/Africa/Dakar", + "usr/share/zoneinfo/right/Africa/Dar_es_Salaam", + "usr/share/zoneinfo/right/Africa/Djibouti", + "usr/share/zoneinfo/right/Africa/Douala", + "usr/share/zoneinfo/right/Africa/El_Aaiun", + "usr/share/zoneinfo/right/Africa/Freetown", + "usr/share/zoneinfo/right/Africa/Gaborone", + "usr/share/zoneinfo/right/Africa/Harare", + "usr/share/zoneinfo/right/Africa/Johannesburg", + "usr/share/zoneinfo/right/Africa/Juba", + "usr/share/zoneinfo/right/Africa/Kampala", + "usr/share/zoneinfo/right/Africa/Khartoum", + "usr/share/zoneinfo/right/Africa/Kigali", + "usr/share/zoneinfo/right/Africa/Kinshasa", + "usr/share/zoneinfo/right/Africa/Lagos", + "usr/share/zoneinfo/right/Africa/Libreville", + "usr/share/zoneinfo/right/Africa/Lome", + "usr/share/zoneinfo/right/Africa/Luanda", + "usr/share/zoneinfo/right/Africa/Lubumbashi", + "usr/share/zoneinfo/right/Africa/Lusaka", + "usr/share/zoneinfo/right/Africa/Malabo", + "usr/share/zoneinfo/right/Africa/Maputo", + "usr/share/zoneinfo/right/Africa/Maseru", + "usr/share/zoneinfo/right/Africa/Mbabane", + "usr/share/zoneinfo/right/Africa/Mogadishu", + "usr/share/zoneinfo/right/Africa/Monrovia", + "usr/share/zoneinfo/right/Africa/Nairobi", + "usr/share/zoneinfo/right/Africa/Ndjamena", + "usr/share/zoneinfo/right/Africa/Niamey", + "usr/share/zoneinfo/right/Africa/Nouakchott", + "usr/share/zoneinfo/right/Africa/Ouagadougou", + "usr/share/zoneinfo/right/Africa/Porto-Novo", + "usr/share/zoneinfo/right/Africa/Sao_Tome", + "usr/share/zoneinfo/right/Africa/Timbuktu", + "usr/share/zoneinfo/right/Africa/Tripoli", + "usr/share/zoneinfo/right/Africa/Tunis", + "usr/share/zoneinfo/right/Africa/Windhoek", + "usr/share/zoneinfo/right/America/Adak", + "usr/share/zoneinfo/right/America/Anchorage", + "usr/share/zoneinfo/right/America/Anguilla", + "usr/share/zoneinfo/right/America/Antigua", + "usr/share/zoneinfo/right/America/Araguaina", + "usr/share/zoneinfo/right/America/Aruba", + "usr/share/zoneinfo/right/America/Asuncion", + "usr/share/zoneinfo/right/America/Atikokan", + "usr/share/zoneinfo/right/America/Atka", + "usr/share/zoneinfo/right/America/Bahia", + "usr/share/zoneinfo/right/America/Bahia_Banderas", + "usr/share/zoneinfo/right/America/Barbados", + "usr/share/zoneinfo/right/America/Belem", + "usr/share/zoneinfo/right/America/Belize", + "usr/share/zoneinfo/right/America/Blanc-Sablon", + "usr/share/zoneinfo/right/America/Boa_Vista", + "usr/share/zoneinfo/right/America/Bogota", + "usr/share/zoneinfo/right/America/Boise", + "usr/share/zoneinfo/right/America/Buenos_Aires", + "usr/share/zoneinfo/right/America/Cambridge_Bay", + "usr/share/zoneinfo/right/America/Campo_Grande", + "usr/share/zoneinfo/right/America/Cancun", + "usr/share/zoneinfo/right/America/Caracas", + "usr/share/zoneinfo/right/America/Catamarca", + "usr/share/zoneinfo/right/America/Cayenne", + "usr/share/zoneinfo/right/America/Cayman", + "usr/share/zoneinfo/right/America/Chicago", + "usr/share/zoneinfo/right/America/Chihuahua", + "usr/share/zoneinfo/right/America/Coral_Harbour", + "usr/share/zoneinfo/right/America/Cordoba", + "usr/share/zoneinfo/right/America/Costa_Rica", + "usr/share/zoneinfo/right/America/Creston", + "usr/share/zoneinfo/right/America/Cuiaba", + "usr/share/zoneinfo/right/America/Curacao", + "usr/share/zoneinfo/right/America/Danmarkshavn", + "usr/share/zoneinfo/right/America/Dawson", + "usr/share/zoneinfo/right/America/Dawson_Creek", + "usr/share/zoneinfo/right/America/Denver", + "usr/share/zoneinfo/right/America/Detroit", + "usr/share/zoneinfo/right/America/Dominica", + "usr/share/zoneinfo/right/America/Edmonton", + "usr/share/zoneinfo/right/America/Eirunepe", + "usr/share/zoneinfo/right/America/El_Salvador", + "usr/share/zoneinfo/right/America/Ensenada", + "usr/share/zoneinfo/right/America/Fort_Nelson", + "usr/share/zoneinfo/right/America/Fort_Wayne", + "usr/share/zoneinfo/right/America/Fortaleza", + "usr/share/zoneinfo/right/America/Glace_Bay", + "usr/share/zoneinfo/right/America/Godthab", + "usr/share/zoneinfo/right/America/Goose_Bay", + "usr/share/zoneinfo/right/America/Grand_Turk", + "usr/share/zoneinfo/right/America/Grenada", + "usr/share/zoneinfo/right/America/Guadeloupe", + "usr/share/zoneinfo/right/America/Guatemala", + "usr/share/zoneinfo/right/America/Guayaquil", + "usr/share/zoneinfo/right/America/Guyana", + "usr/share/zoneinfo/right/America/Halifax", + "usr/share/zoneinfo/right/America/Havana", + "usr/share/zoneinfo/right/America/Hermosillo", + "usr/share/zoneinfo/right/America/Indianapolis", + "usr/share/zoneinfo/right/America/Inuvik", + "usr/share/zoneinfo/right/America/Iqaluit", + "usr/share/zoneinfo/right/America/Jamaica", + "usr/share/zoneinfo/right/America/Jujuy", + "usr/share/zoneinfo/right/America/Juneau", + "usr/share/zoneinfo/right/America/Knox_IN", + "usr/share/zoneinfo/right/America/Kralendijk", + "usr/share/zoneinfo/right/America/La_Paz", + "usr/share/zoneinfo/right/America/Lima", + "usr/share/zoneinfo/right/America/Los_Angeles", + "usr/share/zoneinfo/right/America/Louisville", + "usr/share/zoneinfo/right/America/Lower_Princes", + "usr/share/zoneinfo/right/America/Maceio", + "usr/share/zoneinfo/right/America/Managua", + "usr/share/zoneinfo/right/America/Manaus", + "usr/share/zoneinfo/right/America/Marigot", + "usr/share/zoneinfo/right/America/Martinique", + "usr/share/zoneinfo/right/America/Matamoros", + "usr/share/zoneinfo/right/America/Mazatlan", + "usr/share/zoneinfo/right/America/Mendoza", + "usr/share/zoneinfo/right/America/Menominee", + "usr/share/zoneinfo/right/America/Merida", + "usr/share/zoneinfo/right/America/Metlakatla", + "usr/share/zoneinfo/right/America/Mexico_City", + "usr/share/zoneinfo/right/America/Miquelon", + "usr/share/zoneinfo/right/America/Moncton", + "usr/share/zoneinfo/right/America/Monterrey", + "usr/share/zoneinfo/right/America/Montevideo", + "usr/share/zoneinfo/right/America/Montreal", + "usr/share/zoneinfo/right/America/Montserrat", + "usr/share/zoneinfo/right/America/Nassau", + "usr/share/zoneinfo/right/America/New_York", + "usr/share/zoneinfo/right/America/Nipigon", + "usr/share/zoneinfo/right/America/Nome", + "usr/share/zoneinfo/right/America/Noronha", + "usr/share/zoneinfo/right/America/Nuuk", + "usr/share/zoneinfo/right/America/Ojinaga", + "usr/share/zoneinfo/right/America/Panama", + "usr/share/zoneinfo/right/America/Pangnirtung", + "usr/share/zoneinfo/right/America/Paramaribo", + "usr/share/zoneinfo/right/America/Phoenix", + "usr/share/zoneinfo/right/America/Port-au-Prince", + "usr/share/zoneinfo/right/America/Port_of_Spain", + "usr/share/zoneinfo/right/America/Porto_Acre", + "usr/share/zoneinfo/right/America/Porto_Velho", + "usr/share/zoneinfo/right/America/Puerto_Rico", + "usr/share/zoneinfo/right/America/Punta_Arenas", + "usr/share/zoneinfo/right/America/Rainy_River", + "usr/share/zoneinfo/right/America/Rankin_Inlet", + "usr/share/zoneinfo/right/America/Recife", + "usr/share/zoneinfo/right/America/Regina", + "usr/share/zoneinfo/right/America/Resolute", + "usr/share/zoneinfo/right/America/Rio_Branco", + "usr/share/zoneinfo/right/America/Rosario", + "usr/share/zoneinfo/right/America/Santa_Isabel", + "usr/share/zoneinfo/right/America/Santarem", + "usr/share/zoneinfo/right/America/Santiago", + "usr/share/zoneinfo/right/America/Santo_Domingo", + "usr/share/zoneinfo/right/America/Sao_Paulo", + "usr/share/zoneinfo/right/America/Scoresbysund", + "usr/share/zoneinfo/right/America/Shiprock", + "usr/share/zoneinfo/right/America/Sitka", + "usr/share/zoneinfo/right/America/St_Barthelemy", + "usr/share/zoneinfo/right/America/St_Johns", + "usr/share/zoneinfo/right/America/St_Kitts", + "usr/share/zoneinfo/right/America/St_Lucia", + "usr/share/zoneinfo/right/America/St_Thomas", + "usr/share/zoneinfo/right/America/St_Vincent", + "usr/share/zoneinfo/right/America/Swift_Current", + "usr/share/zoneinfo/right/America/Tegucigalpa", + "usr/share/zoneinfo/right/America/Thule", + "usr/share/zoneinfo/right/America/Thunder_Bay", + "usr/share/zoneinfo/right/America/Tijuana", + "usr/share/zoneinfo/right/America/Toronto", + "usr/share/zoneinfo/right/America/Tortola", + "usr/share/zoneinfo/right/America/Vancouver", + "usr/share/zoneinfo/right/America/Virgin", + "usr/share/zoneinfo/right/America/Whitehorse", + "usr/share/zoneinfo/right/America/Winnipeg", + "usr/share/zoneinfo/right/America/Yakutat", + "usr/share/zoneinfo/right/America/Yellowknife", + "usr/share/zoneinfo/right/America/Argentina/Buenos_Aires", + "usr/share/zoneinfo/right/America/Argentina/Catamarca", + "usr/share/zoneinfo/right/America/Argentina/ComodRivadavia", + "usr/share/zoneinfo/right/America/Argentina/Cordoba", + "usr/share/zoneinfo/right/America/Argentina/Jujuy", + "usr/share/zoneinfo/right/America/Argentina/La_Rioja", + "usr/share/zoneinfo/right/America/Argentina/Mendoza", + "usr/share/zoneinfo/right/America/Argentina/Rio_Gallegos", + "usr/share/zoneinfo/right/America/Argentina/Salta", + "usr/share/zoneinfo/right/America/Argentina/San_Juan", + "usr/share/zoneinfo/right/America/Argentina/San_Luis", + "usr/share/zoneinfo/right/America/Argentina/Tucuman", + "usr/share/zoneinfo/right/America/Argentina/Ushuaia", + "usr/share/zoneinfo/right/America/Indiana/Indianapolis", + "usr/share/zoneinfo/right/America/Indiana/Knox", + "usr/share/zoneinfo/right/America/Indiana/Marengo", + "usr/share/zoneinfo/right/America/Indiana/Petersburg", + "usr/share/zoneinfo/right/America/Indiana/Tell_City", + "usr/share/zoneinfo/right/America/Indiana/Vevay", + "usr/share/zoneinfo/right/America/Indiana/Vincennes", + "usr/share/zoneinfo/right/America/Indiana/Winamac", + "usr/share/zoneinfo/right/America/Kentucky/Louisville", + "usr/share/zoneinfo/right/America/Kentucky/Monticello", + "usr/share/zoneinfo/right/America/North_Dakota/Beulah", + "usr/share/zoneinfo/right/America/North_Dakota/Center", + "usr/share/zoneinfo/right/America/North_Dakota/New_Salem", + "usr/share/zoneinfo/right/Antarctica/Casey", + "usr/share/zoneinfo/right/Antarctica/Davis", + "usr/share/zoneinfo/right/Antarctica/DumontDUrville", + "usr/share/zoneinfo/right/Antarctica/Macquarie", + "usr/share/zoneinfo/right/Antarctica/Mawson", + "usr/share/zoneinfo/right/Antarctica/McMurdo", + "usr/share/zoneinfo/right/Antarctica/Palmer", + "usr/share/zoneinfo/right/Antarctica/Rothera", + "usr/share/zoneinfo/right/Antarctica/South_Pole", + "usr/share/zoneinfo/right/Antarctica/Syowa", + "usr/share/zoneinfo/right/Antarctica/Troll", + "usr/share/zoneinfo/right/Antarctica/Vostok", + "usr/share/zoneinfo/right/Arctic/Longyearbyen", + "usr/share/zoneinfo/right/Asia/Aden", + "usr/share/zoneinfo/right/Asia/Almaty", + "usr/share/zoneinfo/right/Asia/Amman", + "usr/share/zoneinfo/right/Asia/Anadyr", + "usr/share/zoneinfo/right/Asia/Aqtau", + "usr/share/zoneinfo/right/Asia/Aqtobe", + "usr/share/zoneinfo/right/Asia/Ashgabat", + "usr/share/zoneinfo/right/Asia/Ashkhabad", + "usr/share/zoneinfo/right/Asia/Atyrau", + "usr/share/zoneinfo/right/Asia/Baghdad", + "usr/share/zoneinfo/right/Asia/Bahrain", + "usr/share/zoneinfo/right/Asia/Baku", + "usr/share/zoneinfo/right/Asia/Bangkok", + "usr/share/zoneinfo/right/Asia/Barnaul", + "usr/share/zoneinfo/right/Asia/Beirut", + "usr/share/zoneinfo/right/Asia/Bishkek", + "usr/share/zoneinfo/right/Asia/Brunei", + "usr/share/zoneinfo/right/Asia/Calcutta", + "usr/share/zoneinfo/right/Asia/Chita", + "usr/share/zoneinfo/right/Asia/Choibalsan", + "usr/share/zoneinfo/right/Asia/Chongqing", + "usr/share/zoneinfo/right/Asia/Chungking", + "usr/share/zoneinfo/right/Asia/Colombo", + "usr/share/zoneinfo/right/Asia/Dacca", + "usr/share/zoneinfo/right/Asia/Damascus", + "usr/share/zoneinfo/right/Asia/Dhaka", + "usr/share/zoneinfo/right/Asia/Dili", + "usr/share/zoneinfo/right/Asia/Dubai", + "usr/share/zoneinfo/right/Asia/Dushanbe", + "usr/share/zoneinfo/right/Asia/Famagusta", + "usr/share/zoneinfo/right/Asia/Gaza", + "usr/share/zoneinfo/right/Asia/Harbin", + "usr/share/zoneinfo/right/Asia/Hebron", + "usr/share/zoneinfo/right/Asia/Ho_Chi_Minh", + "usr/share/zoneinfo/right/Asia/Hong_Kong", + "usr/share/zoneinfo/right/Asia/Hovd", + "usr/share/zoneinfo/right/Asia/Irkutsk", + "usr/share/zoneinfo/right/Asia/Istanbul", + "usr/share/zoneinfo/right/Asia/Jakarta", + "usr/share/zoneinfo/right/Asia/Jayapura", + "usr/share/zoneinfo/right/Asia/Jerusalem", + "usr/share/zoneinfo/right/Asia/Kabul", + "usr/share/zoneinfo/right/Asia/Kamchatka", + "usr/share/zoneinfo/right/Asia/Karachi", + "usr/share/zoneinfo/right/Asia/Kashgar", + "usr/share/zoneinfo/right/Asia/Kathmandu", + "usr/share/zoneinfo/right/Asia/Katmandu", + "usr/share/zoneinfo/right/Asia/Khandyga", + "usr/share/zoneinfo/right/Asia/Kolkata", + "usr/share/zoneinfo/right/Asia/Krasnoyarsk", + "usr/share/zoneinfo/right/Asia/Kuala_Lumpur", + "usr/share/zoneinfo/right/Asia/Kuching", + "usr/share/zoneinfo/right/Asia/Kuwait", + "usr/share/zoneinfo/right/Asia/Macao", + "usr/share/zoneinfo/right/Asia/Macau", + "usr/share/zoneinfo/right/Asia/Magadan", + "usr/share/zoneinfo/right/Asia/Makassar", + "usr/share/zoneinfo/right/Asia/Manila", + "usr/share/zoneinfo/right/Asia/Muscat", + "usr/share/zoneinfo/right/Asia/Nicosia", + "usr/share/zoneinfo/right/Asia/Novokuznetsk", + "usr/share/zoneinfo/right/Asia/Novosibirsk", + "usr/share/zoneinfo/right/Asia/Omsk", + "usr/share/zoneinfo/right/Asia/Oral", + "usr/share/zoneinfo/right/Asia/Phnom_Penh", + "usr/share/zoneinfo/right/Asia/Pontianak", + "usr/share/zoneinfo/right/Asia/Pyongyang", + "usr/share/zoneinfo/right/Asia/Qatar", + "usr/share/zoneinfo/right/Asia/Qostanay", + "usr/share/zoneinfo/right/Asia/Qyzylorda", + "usr/share/zoneinfo/right/Asia/Rangoon", + "usr/share/zoneinfo/right/Asia/Riyadh", + "usr/share/zoneinfo/right/Asia/Saigon", + "usr/share/zoneinfo/right/Asia/Sakhalin", + "usr/share/zoneinfo/right/Asia/Samarkand", + "usr/share/zoneinfo/right/Asia/Seoul", + "usr/share/zoneinfo/right/Asia/Shanghai", + "usr/share/zoneinfo/right/Asia/Singapore", + "usr/share/zoneinfo/right/Asia/Srednekolymsk", + "usr/share/zoneinfo/right/Asia/Taipei", + "usr/share/zoneinfo/right/Asia/Tashkent", + "usr/share/zoneinfo/right/Asia/Tbilisi", + "usr/share/zoneinfo/right/Asia/Tehran", + "usr/share/zoneinfo/right/Asia/Tel_Aviv", + "usr/share/zoneinfo/right/Asia/Thimbu", + "usr/share/zoneinfo/right/Asia/Thimphu", + "usr/share/zoneinfo/right/Asia/Tokyo", + "usr/share/zoneinfo/right/Asia/Tomsk", + "usr/share/zoneinfo/right/Asia/Ujung_Pandang", + "usr/share/zoneinfo/right/Asia/Ulaanbaatar", + "usr/share/zoneinfo/right/Asia/Ulan_Bator", + "usr/share/zoneinfo/right/Asia/Urumqi", + "usr/share/zoneinfo/right/Asia/Ust-Nera", + "usr/share/zoneinfo/right/Asia/Vientiane", + "usr/share/zoneinfo/right/Asia/Vladivostok", + "usr/share/zoneinfo/right/Asia/Yakutsk", + "usr/share/zoneinfo/right/Asia/Yangon", + "usr/share/zoneinfo/right/Asia/Yekaterinburg", + "usr/share/zoneinfo/right/Asia/Yerevan", + "usr/share/zoneinfo/right/Atlantic/Azores", + "usr/share/zoneinfo/right/Atlantic/Bermuda", + "usr/share/zoneinfo/right/Atlantic/Canary", + "usr/share/zoneinfo/right/Atlantic/Cape_Verde", + "usr/share/zoneinfo/right/Atlantic/Faeroe", + "usr/share/zoneinfo/right/Atlantic/Faroe", + "usr/share/zoneinfo/right/Atlantic/Jan_Mayen", + "usr/share/zoneinfo/right/Atlantic/Madeira", + "usr/share/zoneinfo/right/Atlantic/Reykjavik", + "usr/share/zoneinfo/right/Atlantic/South_Georgia", + "usr/share/zoneinfo/right/Atlantic/St_Helena", + "usr/share/zoneinfo/right/Atlantic/Stanley", + "usr/share/zoneinfo/right/Australia/ACT", + "usr/share/zoneinfo/right/Australia/Adelaide", + "usr/share/zoneinfo/right/Australia/Brisbane", + "usr/share/zoneinfo/right/Australia/Broken_Hill", + "usr/share/zoneinfo/right/Australia/Canberra", + "usr/share/zoneinfo/right/Australia/Currie", + "usr/share/zoneinfo/right/Australia/Darwin", + "usr/share/zoneinfo/right/Australia/Eucla", + "usr/share/zoneinfo/right/Australia/Hobart", + "usr/share/zoneinfo/right/Australia/LHI", + "usr/share/zoneinfo/right/Australia/Lindeman", + "usr/share/zoneinfo/right/Australia/Lord_Howe", + "usr/share/zoneinfo/right/Australia/Melbourne", + "usr/share/zoneinfo/right/Australia/NSW", + "usr/share/zoneinfo/right/Australia/North", + "usr/share/zoneinfo/right/Australia/Perth", + "usr/share/zoneinfo/right/Australia/Queensland", + "usr/share/zoneinfo/right/Australia/South", + "usr/share/zoneinfo/right/Australia/Sydney", + "usr/share/zoneinfo/right/Australia/Tasmania", + "usr/share/zoneinfo/right/Australia/Victoria", + "usr/share/zoneinfo/right/Australia/West", + "usr/share/zoneinfo/right/Australia/Yancowinna", + "usr/share/zoneinfo/right/Brazil/Acre", + "usr/share/zoneinfo/right/Brazil/DeNoronha", + "usr/share/zoneinfo/right/Brazil/East", + "usr/share/zoneinfo/right/Brazil/West", + "usr/share/zoneinfo/right/Canada/Atlantic", + "usr/share/zoneinfo/right/Canada/Central", + "usr/share/zoneinfo/right/Canada/Eastern", + "usr/share/zoneinfo/right/Canada/Mountain", + "usr/share/zoneinfo/right/Canada/Newfoundland", + "usr/share/zoneinfo/right/Canada/Pacific", + "usr/share/zoneinfo/right/Canada/Saskatchewan", + "usr/share/zoneinfo/right/Canada/Yukon", + "usr/share/zoneinfo/right/Chile/Continental", + "usr/share/zoneinfo/right/Chile/EasterIsland", + "usr/share/zoneinfo/right/Etc/GMT", + "usr/share/zoneinfo/right/Etc/GMT+0", + "usr/share/zoneinfo/right/Etc/GMT+1", + "usr/share/zoneinfo/right/Etc/GMT+10", + "usr/share/zoneinfo/right/Etc/GMT+11", + "usr/share/zoneinfo/right/Etc/GMT+12", + "usr/share/zoneinfo/right/Etc/GMT+2", + "usr/share/zoneinfo/right/Etc/GMT+3", + "usr/share/zoneinfo/right/Etc/GMT+4", + "usr/share/zoneinfo/right/Etc/GMT+5", + "usr/share/zoneinfo/right/Etc/GMT+6", + "usr/share/zoneinfo/right/Etc/GMT+7", + "usr/share/zoneinfo/right/Etc/GMT+8", + "usr/share/zoneinfo/right/Etc/GMT+9", + "usr/share/zoneinfo/right/Etc/GMT-0", + "usr/share/zoneinfo/right/Etc/GMT-1", + "usr/share/zoneinfo/right/Etc/GMT-10", + "usr/share/zoneinfo/right/Etc/GMT-11", + "usr/share/zoneinfo/right/Etc/GMT-12", + "usr/share/zoneinfo/right/Etc/GMT-13", + "usr/share/zoneinfo/right/Etc/GMT-14", + "usr/share/zoneinfo/right/Etc/GMT-2", + "usr/share/zoneinfo/right/Etc/GMT-3", + "usr/share/zoneinfo/right/Etc/GMT-4", + "usr/share/zoneinfo/right/Etc/GMT-5", + "usr/share/zoneinfo/right/Etc/GMT-6", + "usr/share/zoneinfo/right/Etc/GMT-7", + "usr/share/zoneinfo/right/Etc/GMT-8", + "usr/share/zoneinfo/right/Etc/GMT-9", + "usr/share/zoneinfo/right/Etc/GMT0", + "usr/share/zoneinfo/right/Etc/Greenwich", + "usr/share/zoneinfo/right/Etc/UCT", + "usr/share/zoneinfo/right/Etc/UTC", + "usr/share/zoneinfo/right/Etc/Universal", + "usr/share/zoneinfo/right/Etc/Zulu", + "usr/share/zoneinfo/right/Europe/Amsterdam", + "usr/share/zoneinfo/right/Europe/Andorra", + "usr/share/zoneinfo/right/Europe/Astrakhan", + "usr/share/zoneinfo/right/Europe/Athens", + "usr/share/zoneinfo/right/Europe/Belfast", + "usr/share/zoneinfo/right/Europe/Belgrade", + "usr/share/zoneinfo/right/Europe/Berlin", + "usr/share/zoneinfo/right/Europe/Bratislava", + "usr/share/zoneinfo/right/Europe/Brussels", + "usr/share/zoneinfo/right/Europe/Bucharest", + "usr/share/zoneinfo/right/Europe/Budapest", + "usr/share/zoneinfo/right/Europe/Busingen", + "usr/share/zoneinfo/right/Europe/Chisinau", + "usr/share/zoneinfo/right/Europe/Copenhagen", + "usr/share/zoneinfo/right/Europe/Dublin", + "usr/share/zoneinfo/right/Europe/Gibraltar", + "usr/share/zoneinfo/right/Europe/Guernsey", + "usr/share/zoneinfo/right/Europe/Helsinki", + "usr/share/zoneinfo/right/Europe/Isle_of_Man", + "usr/share/zoneinfo/right/Europe/Istanbul", + "usr/share/zoneinfo/right/Europe/Jersey", + "usr/share/zoneinfo/right/Europe/Kaliningrad", + "usr/share/zoneinfo/right/Europe/Kiev", + "usr/share/zoneinfo/right/Europe/Kirov", + "usr/share/zoneinfo/right/Europe/Kyiv", + "usr/share/zoneinfo/right/Europe/Lisbon", + "usr/share/zoneinfo/right/Europe/Ljubljana", + "usr/share/zoneinfo/right/Europe/London", + "usr/share/zoneinfo/right/Europe/Luxembourg", + "usr/share/zoneinfo/right/Europe/Madrid", + "usr/share/zoneinfo/right/Europe/Malta", + "usr/share/zoneinfo/right/Europe/Mariehamn", + "usr/share/zoneinfo/right/Europe/Minsk", + "usr/share/zoneinfo/right/Europe/Monaco", + "usr/share/zoneinfo/right/Europe/Moscow", + "usr/share/zoneinfo/right/Europe/Nicosia", + "usr/share/zoneinfo/right/Europe/Oslo", + "usr/share/zoneinfo/right/Europe/Paris", + "usr/share/zoneinfo/right/Europe/Podgorica", + "usr/share/zoneinfo/right/Europe/Prague", + "usr/share/zoneinfo/right/Europe/Riga", + "usr/share/zoneinfo/right/Europe/Rome", + "usr/share/zoneinfo/right/Europe/Samara", + "usr/share/zoneinfo/right/Europe/San_Marino", + "usr/share/zoneinfo/right/Europe/Sarajevo", + "usr/share/zoneinfo/right/Europe/Saratov", + "usr/share/zoneinfo/right/Europe/Simferopol", + "usr/share/zoneinfo/right/Europe/Skopje", + "usr/share/zoneinfo/right/Europe/Sofia", + "usr/share/zoneinfo/right/Europe/Stockholm", + "usr/share/zoneinfo/right/Europe/Tallinn", + "usr/share/zoneinfo/right/Europe/Tirane", + "usr/share/zoneinfo/right/Europe/Tiraspol", + "usr/share/zoneinfo/right/Europe/Ulyanovsk", + "usr/share/zoneinfo/right/Europe/Uzhgorod", + "usr/share/zoneinfo/right/Europe/Vaduz", + "usr/share/zoneinfo/right/Europe/Vatican", + "usr/share/zoneinfo/right/Europe/Vienna", + "usr/share/zoneinfo/right/Europe/Vilnius", + "usr/share/zoneinfo/right/Europe/Volgograd", + "usr/share/zoneinfo/right/Europe/Warsaw", + "usr/share/zoneinfo/right/Europe/Zagreb", + "usr/share/zoneinfo/right/Europe/Zaporozhye", + "usr/share/zoneinfo/right/Europe/Zurich", + "usr/share/zoneinfo/right/Indian/Antananarivo", + "usr/share/zoneinfo/right/Indian/Chagos", + "usr/share/zoneinfo/right/Indian/Christmas", + "usr/share/zoneinfo/right/Indian/Cocos", + "usr/share/zoneinfo/right/Indian/Comoro", + "usr/share/zoneinfo/right/Indian/Kerguelen", + "usr/share/zoneinfo/right/Indian/Mahe", + "usr/share/zoneinfo/right/Indian/Maldives", + "usr/share/zoneinfo/right/Indian/Mauritius", + "usr/share/zoneinfo/right/Indian/Mayotte", + "usr/share/zoneinfo/right/Indian/Reunion", + "usr/share/zoneinfo/right/Mexico/BajaNorte", + "usr/share/zoneinfo/right/Mexico/BajaSur", + "usr/share/zoneinfo/right/Mexico/General", + "usr/share/zoneinfo/right/Pacific/Apia", + "usr/share/zoneinfo/right/Pacific/Auckland", + "usr/share/zoneinfo/right/Pacific/Bougainville", + "usr/share/zoneinfo/right/Pacific/Chatham", + "usr/share/zoneinfo/right/Pacific/Chuuk", + "usr/share/zoneinfo/right/Pacific/Easter", + "usr/share/zoneinfo/right/Pacific/Efate", + "usr/share/zoneinfo/right/Pacific/Enderbury", + "usr/share/zoneinfo/right/Pacific/Fakaofo", + "usr/share/zoneinfo/right/Pacific/Fiji", + "usr/share/zoneinfo/right/Pacific/Funafuti", + "usr/share/zoneinfo/right/Pacific/Galapagos", + "usr/share/zoneinfo/right/Pacific/Gambier", + "usr/share/zoneinfo/right/Pacific/Guadalcanal", + "usr/share/zoneinfo/right/Pacific/Guam", + "usr/share/zoneinfo/right/Pacific/Honolulu", + "usr/share/zoneinfo/right/Pacific/Johnston", + "usr/share/zoneinfo/right/Pacific/Kanton", + "usr/share/zoneinfo/right/Pacific/Kiritimati", + "usr/share/zoneinfo/right/Pacific/Kosrae", + "usr/share/zoneinfo/right/Pacific/Kwajalein", + "usr/share/zoneinfo/right/Pacific/Majuro", + "usr/share/zoneinfo/right/Pacific/Marquesas", + "usr/share/zoneinfo/right/Pacific/Midway", + "usr/share/zoneinfo/right/Pacific/Nauru", + "usr/share/zoneinfo/right/Pacific/Niue", + "usr/share/zoneinfo/right/Pacific/Norfolk", + "usr/share/zoneinfo/right/Pacific/Noumea", + "usr/share/zoneinfo/right/Pacific/Pago_Pago", + "usr/share/zoneinfo/right/Pacific/Palau", + "usr/share/zoneinfo/right/Pacific/Pitcairn", + "usr/share/zoneinfo/right/Pacific/Pohnpei", + "usr/share/zoneinfo/right/Pacific/Ponape", + "usr/share/zoneinfo/right/Pacific/Port_Moresby", + "usr/share/zoneinfo/right/Pacific/Rarotonga", + "usr/share/zoneinfo/right/Pacific/Saipan", + "usr/share/zoneinfo/right/Pacific/Samoa", + "usr/share/zoneinfo/right/Pacific/Tahiti", + "usr/share/zoneinfo/right/Pacific/Tarawa", + "usr/share/zoneinfo/right/Pacific/Tongatapu", + "usr/share/zoneinfo/right/Pacific/Truk", + "usr/share/zoneinfo/right/Pacific/Wake", + "usr/share/zoneinfo/right/Pacific/Wallis", + "usr/share/zoneinfo/right/Pacific/Yap", + "usr/share/zoneinfo/right/US/Alaska", + "usr/share/zoneinfo/right/US/Aleutian", + "usr/share/zoneinfo/right/US/Arizona", + "usr/share/zoneinfo/right/US/Central", + "usr/share/zoneinfo/right/US/East-Indiana", + "usr/share/zoneinfo/right/US/Eastern", + "usr/share/zoneinfo/right/US/Hawaii", + "usr/share/zoneinfo/right/US/Indiana-Starke", + "usr/share/zoneinfo/right/US/Michigan", + "usr/share/zoneinfo/right/US/Mountain", + "usr/share/zoneinfo/right/US/Pacific", + "usr/share/zoneinfo/right/US/Samoa" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "zlib@1.2.13-r0", + "Name": "zlib", + "Identifier": { + "PURL": "pkg:apk/alpine/zlib@1.2.13-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "1565fe2d821c716a" + }, + "Version": "1.2.13-r0", + "Arch": "x86_64", + "SrcName": "zlib", + "SrcVersion": "1.2.13-r0", + "Licenses": [ + "Zlib" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.3-r4" + ], + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "Digest": "sha1:ae39d74f4d65d4f0315e1794c5ee0e95d979ac59", + "InstalledFiles": [ + "lib/libz.so.1", + "lib/libz.so.1.2.13" + ], + "AnalyzedBy": "apk" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2023-42363", + "PkgID": "busybox@1.35.0-r29", + "PkgName": "busybox", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "63663e79f1d78cba" + }, + "InstalledVersion": "1.35.0-r29", + "FixedVersion": "1.35.0-r31", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42363", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:137ff178bcd2a5f630515ace41391dd6d5b151ca921dae7ec3506afd1adf7e79", + "Title": "busybox: use-after-free in awk", + "Description": "A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://lists.busybox.net/pipermail/busybox/2024-May/090760.html", + "https://access.redhat.com/security/cve/CVE-2023-42363", + "https://bugs.busybox.net/show_bug.cgi?id=15865", + "https://nvd.nist.gov/vuln/detail/CVE-2023-42363", + "https://ubuntu.com/security/notices/USN-6961-1", + "https://www.cve.org/CVERecord?id=CVE-2023-42363" + ], + "PublishedDate": "2023-11-27T22:15:07.94Z", + "LastModifiedDate": "2024-11-21T08:22:28.403Z" + }, + { + "VulnerabilityID": "CVE-2023-42364", + "PkgID": "busybox@1.35.0-r29", + "PkgName": "busybox", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "63663e79f1d78cba" + }, + "InstalledVersion": "1.35.0-r29", + "FixedVersion": "1.35.0-r31", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42364", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:8272d84f0a7c05ee5438d6438476f9ef1fffea0c127124f904ed427481a15b7a", + "Title": "busybox: use-after-free", + "Description": "A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://lists.busybox.net/pipermail/busybox/2024-May/090762.html", + "https://access.redhat.com/security/cve/CVE-2023-42364", + "https://bugs.busybox.net/show_bug.cgi?id=15868", + "https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/busybox/CVE-2023-42364-CVE-2023-42365.patch", + "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-42364", + "https://ubuntu.com/security/notices/USN-6961-1", + "https://www.cve.org/CVERecord?id=CVE-2023-42364" + ], + "PublishedDate": "2023-11-27T23:15:07.313Z", + "LastModifiedDate": "2025-11-03T21:16:01.17Z" + }, + { + "VulnerabilityID": "CVE-2023-42365", + "PkgID": "busybox@1.35.0-r29", + "PkgName": "busybox", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "63663e79f1d78cba" + }, + "InstalledVersion": "1.35.0-r29", + "FixedVersion": "1.35.0-r31", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42365", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:6e6b6e251633451cf3c4bec7399fc2ebe4aa68865b7e36913f394dfac29a1dfa", + "Title": "busybox: use-after-free", + "Description": "A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://lists.busybox.net/pipermail/busybox/2024-May/090762.html", + "https://access.redhat.com/security/cve/CVE-2023-42365", + "https://bugs.busybox.net/show_bug.cgi?id=15871", + "https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/busybox/CVE-2023-42364-CVE-2023-42365.patch", + "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-42365", + "https://ubuntu.com/security/notices/USN-6961-1", + "https://www.cve.org/CVERecord?id=CVE-2023-42365" + ], + "PublishedDate": "2023-11-27T23:15:07.373Z", + "LastModifiedDate": "2025-11-03T21:16:01.393Z" + }, + { + "VulnerabilityID": "CVE-2023-42366", + "PkgID": "busybox@1.35.0-r29", + "PkgName": "busybox", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "63663e79f1d78cba" + }, + "InstalledVersion": "1.35.0-r29", + "FixedVersion": "1.35.0-r30", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42366", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:615b398e19029f654d228e19075090fe1efa506523ff7e670b4c19241f4ffee7", + "Title": "busybox: A heap-buffer-overflow", + "Description": "A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-42366", + "https://bugs.busybox.net/show_bug.cgi?id=15874", + "https://nvd.nist.gov/vuln/detail/CVE-2023-42366", + "https://security.netapp.com/advisory/ntap-20241206-0007/", + "https://www.cve.org/CVERecord?id=CVE-2023-42366" + ], + "PublishedDate": "2023-11-27T23:15:07.42Z", + "LastModifiedDate": "2024-12-06T14:15:19.53Z" + }, + { + "VulnerabilityID": "CVE-2023-42363", + "PkgID": "busybox-binsh@1.35.0-r29", + "PkgName": "busybox-binsh", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "45c394fb49457fb2" + }, + "InstalledVersion": "1.35.0-r29", + "FixedVersion": "1.35.0-r31", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42363", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:621c482752dd822e488913d85fdfa0d31232e9844cc1aa4e0fb4fa181a6e7a7c", + "Title": "busybox: use-after-free in awk", + "Description": "A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://lists.busybox.net/pipermail/busybox/2024-May/090760.html", + "https://access.redhat.com/security/cve/CVE-2023-42363", + "https://bugs.busybox.net/show_bug.cgi?id=15865", + "https://nvd.nist.gov/vuln/detail/CVE-2023-42363", + "https://ubuntu.com/security/notices/USN-6961-1", + "https://www.cve.org/CVERecord?id=CVE-2023-42363" + ], + "PublishedDate": "2023-11-27T22:15:07.94Z", + "LastModifiedDate": "2024-11-21T08:22:28.403Z" + }, + { + "VulnerabilityID": "CVE-2023-42364", + "PkgID": "busybox-binsh@1.35.0-r29", + "PkgName": "busybox-binsh", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "45c394fb49457fb2" + }, + "InstalledVersion": "1.35.0-r29", + "FixedVersion": "1.35.0-r31", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42364", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:e9567f7f6523fd07f41456a306af9c7e75ff299072c654439daaaddd0ba56c6c", + "Title": "busybox: use-after-free", + "Description": "A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://lists.busybox.net/pipermail/busybox/2024-May/090762.html", + "https://access.redhat.com/security/cve/CVE-2023-42364", + "https://bugs.busybox.net/show_bug.cgi?id=15868", + "https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/busybox/CVE-2023-42364-CVE-2023-42365.patch", + "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-42364", + "https://ubuntu.com/security/notices/USN-6961-1", + "https://www.cve.org/CVERecord?id=CVE-2023-42364" + ], + "PublishedDate": "2023-11-27T23:15:07.313Z", + "LastModifiedDate": "2025-11-03T21:16:01.17Z" + }, + { + "VulnerabilityID": "CVE-2023-42365", + "PkgID": "busybox-binsh@1.35.0-r29", + "PkgName": "busybox-binsh", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "45c394fb49457fb2" + }, + "InstalledVersion": "1.35.0-r29", + "FixedVersion": "1.35.0-r31", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42365", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:518febeb07948d101e7eab1f39815bbd020325a1bdebb8a8425cbe554a0acbf6", + "Title": "busybox: use-after-free", + "Description": "A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://lists.busybox.net/pipermail/busybox/2024-May/090762.html", + "https://access.redhat.com/security/cve/CVE-2023-42365", + "https://bugs.busybox.net/show_bug.cgi?id=15871", + "https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/busybox/CVE-2023-42364-CVE-2023-42365.patch", + "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-42365", + "https://ubuntu.com/security/notices/USN-6961-1", + "https://www.cve.org/CVERecord?id=CVE-2023-42365" + ], + "PublishedDate": "2023-11-27T23:15:07.373Z", + "LastModifiedDate": "2025-11-03T21:16:01.393Z" + }, + { + "VulnerabilityID": "CVE-2023-42366", + "PkgID": "busybox-binsh@1.35.0-r29", + "PkgName": "busybox-binsh", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "45c394fb49457fb2" + }, + "InstalledVersion": "1.35.0-r29", + "FixedVersion": "1.35.0-r30", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42366", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:a0a53bc355c04705000f4ad707170d27723b21d02330c8b5860d3074b27c4734", + "Title": "busybox: A heap-buffer-overflow", + "Description": "A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-42366", + "https://bugs.busybox.net/show_bug.cgi?id=15874", + "https://nvd.nist.gov/vuln/detail/CVE-2023-42366", + "https://security.netapp.com/advisory/ntap-20241206-0007/", + "https://www.cve.org/CVERecord?id=CVE-2023-42366" + ], + "PublishedDate": "2023-11-27T23:15:07.42Z", + "LastModifiedDate": "2024-12-06T14:15:19.53Z" + }, + { + "VulnerabilityID": "CVE-2022-3996", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.7-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3996", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:10bde7a1066ae65c13325d797715658d43c9f868a802880d876d644b7160e480", + "Title": "openssl: double locking leads to denial of service", + "Description": "If an X.509 certificate contains a malformed policy constraint and\npolicy processing is enabled, then a write lock will be taken twice\nrecursively. On some operating systems (most widely: Windows) this\nresults in a denial of service when the affected process hangs. Policy\nprocessing being enabled on a publicly facing server is not considered\nto be a common setup.\n\nPolicy processing is enabled by passing the `-policy'\nargument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.\n\nUpdate (31 March 2023): The description of the policy processing enablement\nwas corrected based on CVE-2023-0466.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-667" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 3, + "ghsa": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V3Score": 7.5, + "V40Score": 8.7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-3996", + "https://github.com/alexcrichton/openssl-src-rs", + "https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7", + "https://nvd.nist.gov/vuln/detail/CVE-2022-3996", + "https://security.netapp.com/advisory/ntap-20230203-0003/", + "https://ubuntu.com/security/notices/USN-6039-1", + "https://www.cve.org/CVERecord?id=CVE-2022-3996", + "https://www.openssl.org/news/secadv/20221213.txt" + ], + "PublishedDate": "2022-12-13T16:15:22.007Z", + "LastModifiedDate": "2024-11-21T07:20:42.003Z" + }, + { + "VulnerabilityID": "CVE-2022-4450", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4450", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:32dc6959f898bb8912fa49d39bcc14d55cd7086f7a15c96e96bc4b2e1d9a330c", + "Title": "openssl: double free after calling PEM_read_bio_ex", + "Description": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and\ndecodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data.\nIf the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are\npopulated with pointers to buffers containing the relevant decoded data. The\ncaller is responsible for freeing those buffers. It is possible to construct a\nPEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()\nwill return a failure code but will populate the header argument with a pointer\nto a buffer that has already been freed. If the caller also frees this buffer\nthen a double free will occur. This will most likely lead to a crash. This\ncould be exploited by an attacker who has the ability to supply malicious PEM\nfiles for parsing to achieve a denial of service attack.\n\nThe functions PEM_read_bio() and PEM_read() are simple wrappers around\nPEM_read_bio_ex() and therefore these functions are also directly affected.\n\nThese functions are also called indirectly by a number of other OpenSSL\nfunctions including PEM_X509_INFO_read_bio_ex() and\nSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal\nuses of these functions are not vulnerable because the caller does not free the\nheader argument if PEM_read_bio_ex() returns a failure code. These locations\ninclude the PEM_read_bio_TYPE() functions as well as the decoders introduced in\nOpenSSL 3.0.\n\nThe OpenSSL asn1parse command line application is also impacted by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2165", + "https://access.redhat.com/security/cve/CVE-2022-4450", + "https://bugzilla.redhat.com/1960321", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-2165.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b", + "https://github.com/advisories/GHSA-v5w6-wcm8-jm4q", + "https://linux.oracle.com/cve/CVE-2022-4450.html", + "https://linux.oracle.com/errata/ELSA-2023-32791.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-4450", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0010.html", + "https://security.gentoo.org/glsa/202402-08", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://ubuntu.com/security/notices/USN-6564-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2022-4450", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:23.973Z", + "LastModifiedDate": "2025-11-04T20:16:15.06Z" + }, + { + "VulnerabilityID": "CVE-2023-0215", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0215", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:dbaea0fdb8bc24a428a0992102d2ac296edbbdaea86cdc9a6ec3fb3a073c5cd5", + "Title": "openssl: use-after-free following BIO_new_NDEF", + "Description": "The public API function BIO_new_NDEF is a helper function used for streaming\nASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\nSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\nend user applications.\n\nThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\nBIO onto the front of it to form a BIO chain, and then returns the new head of\nthe BIO chain to the caller. Under certain conditions, for example if a CMS\nrecipient public key is invalid, the new filter BIO is freed and the function\nreturns a NULL result indicating a failure. However, in this case, the BIO chain\nis not properly cleaned up and the BIO passed by the caller still retains\ninternal pointers to the previously freed filter BIO. If the caller then goes on\nto call BIO_pop() on the BIO then a use-after-free will occur. This will most\nlikely result in a crash.\n\n\n\nThis scenario occurs directly in the internal function B64_write_ASN1() which\nmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\nthe BIO. This internal function is in turn called by the public API functions\nPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\nSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.\n\nOther public API functions that may be impacted by this include\ni2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\ni2d_PKCS7_bio_stream.\n\nThe OpenSSL cms and smime command line applications are similarly affected.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2165", + "https://access.redhat.com/security/cve/CVE-2023-0215", + "https://bugzilla.redhat.com/1960321", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-2165.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344", + "https://github.com/advisories/GHSA-r7jw-wp68-3xch", + "https://linux.oracle.com/cve/CVE-2023-0215.html", + "https://linux.oracle.com/errata/ELSA-2023-32791.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0215", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0009.html", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230427-0007", + "https://security.netapp.com/advisory/ntap-20230427-0007/", + "https://security.netapp.com/advisory/ntap-20230427-0009", + "https://security.netapp.com/advisory/ntap-20230427-0009/", + "https://security.netapp.com/advisory/ntap-20240621-0006", + "https://security.netapp.com/advisory/ntap-20240621-0006/", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://ubuntu.com/security/notices/USN-5845-1", + "https://ubuntu.com/security/notices/USN-5845-2", + "https://ubuntu.com/security/notices/USN-6564-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0215", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:24.107Z", + "LastModifiedDate": "2025-11-04T20:16:15.847Z" + }, + { + "VulnerabilityID": "CVE-2023-0216", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0216", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ef5596e04d3268f7337138ce58c66f9e4fb4e62ac2967404bc99af6bcb0b18c7", + "Title": "openssl: invalid pointer dereference in d2i_PKCS7 functions", + "Description": "An invalid pointer dereference on read can be triggered when an\napplication tries to load malformed PKCS7 data with the\nd2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.\n\nThe result of the dereference is an application crash which could\nlead to a denial of service attack. The TLS implementation in OpenSSL\ndoes not call this function however third party applications might\ncall these functions on untrusted data.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0946", + "https://access.redhat.com/security/cve/CVE-2023-0216", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164488", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/2164497", + "https://bugzilla.redhat.com/2164499", + "https://bugzilla.redhat.com/2164500", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-0946.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6", + "https://linux.oracle.com/cve/CVE-2023-0216.html", + "https://linux.oracle.com/errata/ELSA-2023-12152.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0216", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0011.html", + "https://security.gentoo.org/glsa/202402-08", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0216", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:24.16Z", + "LastModifiedDate": "2025-11-04T20:16:16.043Z" + }, + { + "VulnerabilityID": "CVE-2023-0217", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0217", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:4741c0cfae27a4879a2121c808f1a4da126ddfd33c6fb7eb27365fa6c6a4fb18", + "Title": "openssl: NULL dereference validating DSA public key", + "Description": "An invalid pointer dereference on read can be triggered when an\napplication tries to check a malformed DSA public key by the\nEVP_PKEY_public_check() function. This will most likely lead\nto an application crash. This function can be called on public\nkeys supplied from untrusted sources which could allow an attacker\nto cause a denial of service attack.\n\nThe TLS implementation in OpenSSL does not call this function\nbut applications might call the function if there are additional\nsecurity requirements imposed by standards such as FIPS 140-3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0946", + "https://access.redhat.com/security/cve/CVE-2023-0217", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164488", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/2164497", + "https://bugzilla.redhat.com/2164499", + "https://bugzilla.redhat.com/2164500", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-0946.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096", + "https://linux.oracle.com/cve/CVE-2023-0217.html", + "https://linux.oracle.com/errata/ELSA-2023-12152.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0217", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0012.html", + "https://security.gentoo.org/glsa/202402-08", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0217", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:24.213Z", + "LastModifiedDate": "2025-11-04T20:16:16.197Z" + }, + { + "VulnerabilityID": "CVE-2023-0286", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0286", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:63acd88afaf3250a4b590fe0de36a69111fcaaa2113d4612158897a93a8ffd46", + "Title": "openssl: X.400 address type confusion in X.509 GeneralName", + "Description": "There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-843" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + }, + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7937", + "https://access.redhat.com/security/cve/CVE-2023-0286", + "https://access.redhat.com/security/cve/cve-2023-0286", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2025-7937.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt", + "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d", + "https://github.com/advisories/GHSA-x4qr-2fvf-3mr5", + "https://github.com/pyca/cryptography", + "https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5", + "https://linux.oracle.com/cve/CVE-2023-0286.html", + "https://linux.oracle.com/errata/ELSA-2025-7937.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0286", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0006.html", + "https://security.gentoo.org/glsa/202402-08", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://ubuntu.com/security/notices/USN-5845-1", + "https://ubuntu.com/security/notices/USN-5845-2", + "https://ubuntu.com/security/notices/USN-6564-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0286", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:24.267Z", + "LastModifiedDate": "2025-11-04T20:16:16.35Z" + }, + { + "VulnerabilityID": "CVE-2023-0401", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0401", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:56fa68c9fd45445e81ce51bda360c61574bcdc9b4086dea9a32dc8e88028e086", + "Title": "openssl: NULL dereference during PKCS7 data verification", + "Description": "A NULL pointer can be dereferenced when signatures are being\nverified on PKCS7 signed or signedAndEnveloped data. In case the hash\nalgorithm used for the signature is known to the OpenSSL library but\nthe implementation of the hash algorithm is not available the digest\ninitialization will fail. There is a missing check for the return\nvalue from the initialization function which later leads to invalid\nusage of the digest API most likely leading to a crash.\n\nThe unavailability of an algorithm can be caused by using FIPS\nenabled configuration of providers or more commonly by not loading\nthe legacy provider.\n\nPKCS7 data is processed by the SMIME library calls and also by the\ntime stamp (TS) library calls. The TLS implementation in OpenSSL does\nnot call these functions however third party applications would be\naffected if they call these functions to verify signatures on untrusted\ndata.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0946", + "https://access.redhat.com/security/cve/CVE-2023-0401", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164488", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/2164497", + "https://bugzilla.redhat.com/2164499", + "https://bugzilla.redhat.com/2164500", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-0946.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674", + "https://github.com/alexcrichton/openssl-src-rs", + "https://linux.oracle.com/cve/CVE-2023-0401.html", + "https://linux.oracle.com/errata/ELSA-2023-12152.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0401", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0013.html", + "https://security.gentoo.org/glsa/202402-08", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://ubuntu.com/security/notices/USN-6564-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0401", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:24.323Z", + "LastModifiedDate": "2025-11-04T20:16:16.527Z" + }, + { + "VulnerabilityID": "CVE-2023-0464", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0464", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:461bb3b307b4fe4b13cc129d5b6e7fc198da87a4ac6fedfef9eba6814b577d84", + "Title": "openssl: Denial of service by excessive resource usage in verifying X509 policy constraints", + "Description": "A security vulnerability has been identified in all supported versions\n\nof OpenSSL related to the verification of X.509 certificate chains\nthat include policy constraints. Attackers may be able to exploit this\nvulnerability by creating a malicious certificate chain that triggers\nexponential use of computational resources, leading to a denial-of-service\n(DoS) attack on affected systems.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3722", + "https://access.redhat.com/security/cve/CVE-2023-0464", + "https://bugzilla.redhat.com/2181082", + "https://bugzilla.redhat.com/2182561", + "https://bugzilla.redhat.com/2182565", + "https://bugzilla.redhat.com/2188461", + "https://bugzilla.redhat.com/2207947", + "https://errata.almalinux.org/9/ALSA-2023-3722.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1", + "https://github.com/advisories/GHSA-w2w6-xp88-5cvw", + "https://linux.oracle.com/cve/CVE-2023-0464.html", + "https://linux.oracle.com/errata/ELSA-2023-3722.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0464", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230406-0006", + "https://security.netapp.com/advisory/ntap-20230406-0006/", + "https://security.netapp.com/advisory/ntap-20240621-0006", + "https://security.netapp.com/advisory/ntap-20240621-0006/", + "https://ubuntu.com/security/notices/USN-6039-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.couchbase.com/alerts", + "https://www.couchbase.com/alerts/", + "https://www.cve.org/CVERecord?id=CVE-2023-0464", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230322.txt" + ], + "PublishedDate": "2023-03-22T17:15:13.13Z", + "LastModifiedDate": "2025-05-05T16:15:26.103Z" + }, + { + "VulnerabilityID": "CVE-2023-5363", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.12-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-5363", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:4eea907804afa4d9f649cb6df8442f44e541df9005e291a0a801cd2d19cdab9e", + "Title": "openssl: Incorrect cipher key and IV length processing", + "Description": "Issue summary: A bug has been identified in the processing of key and\ninitialisation vector (IV) lengths. This can lead to potential truncation\nor overruns during the initialisation of some symmetric ciphers.\n\nImpact summary: A truncation in the IV can result in non-uniqueness,\nwhich could result in loss of confidentiality for some cipher modes.\n\nWhen calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or\nEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after\nthe key and IV have been established. Any alterations to the key length,\nvia the \"keylen\" parameter or the IV length, via the \"ivlen\" parameter,\nwithin the OSSL_PARAM array will not take effect as intended, potentially\ncausing truncation or overreading of these values. The following ciphers\nand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.\n\nFor the CCM, GCM and OCB cipher modes, truncation of the IV can result in\nloss of confidentiality. For example, when following NIST's SP 800-38D\nsection 8.2.1 guidance for constructing a deterministic IV for AES in\nGCM mode, truncation of the counter portion could lead to IV reuse.\n\nBoth truncations and overruns of the key and overruns of the IV will\nproduce incorrect results and could, in some cases, trigger a memory\nexception. However, these issues are not currently assessed as security\ncritical.\n\nChanging the key and/or IV lengths is not considered to be a common operation\nand the vulnerable API was recently introduced. Furthermore it is likely that\napplication developers will have spotted this problem during testing since\ndecryption would fail unless both peers in the communication were similarly\nvulnerable. For these reasons we expect the probability of an application being\nvulnerable to this to be quite low. However if an application is vulnerable then\nthis issue is considered very serious. For these reasons we have assessed this\nissue as Moderate severity overall.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because\nthe issue lies outside of the FIPS provider boundary.\n\nOpenSSL 3.1 and 3.0 are vulnerable to this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-684" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/10/24/1", + "https://access.redhat.com/errata/RHSA-2024:0310", + "https://access.redhat.com/security/cve/CVE-2023-5363", + "https://bugzilla.redhat.com/2243839", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", + "https://cert-portal.siemens.com/productcert/html/ssa-277137.html", + "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", + "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", + "https://errata.almalinux.org/9/ALSA-2024-0310.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee", + "https://github.com/advisories/GHSA-xw78-pcr6-wrg8", + "https://linux.oracle.com/cve/CVE-2023-5363.html", + "https://linux.oracle.com/errata/ELSA-2024-12093.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-5363", + "https://security.netapp.com/advisory/ntap-20231027-0010", + "https://security.netapp.com/advisory/ntap-20231027-0010/", + "https://security.netapp.com/advisory/ntap-20240201-0003", + "https://security.netapp.com/advisory/ntap-20240201-0003/", + "https://security.netapp.com/advisory/ntap-20240201-0004", + "https://security.netapp.com/advisory/ntap-20240201-0004/", + "https://security.netapp.com/advisory/ntap-20241108-0002", + "https://security.netapp.com/advisory/ntap-20241108-0002/", + "https://ubuntu.com/security/notices/USN-6450-1", + "https://www.cve.org/CVERecord?id=CVE-2023-5363", + "https://www.debian.org/security/2023/dsa-5532", + "https://www.openssl.org/news/secadv/20231024.txt" + ], + "PublishedDate": "2023-10-25T18:17:43.613Z", + "LastModifiedDate": "2026-05-12T11:16:16.87Z" + }, + { + "VulnerabilityID": "CVE-2024-6119", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.15-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-6119", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:7c7cb5a5bd99bb0252b7ac1adf6ff05b0eb395a346aedc843535dc725a52f520", + "Title": "openssl: Possible denial of service in X.509 name checks", + "Description": "Issue summary: Applications performing certificate name checks (e.g., TLS\nclients checking server certificates) may attempt to read an invalid memory\naddress resulting in abnormal termination of the application process.\n\nImpact summary: Abnormal termination of an application can a cause a denial of\nservice.\n\nApplications performing certificate name checks (e.g., TLS clients checking\nserver certificates) may attempt to read an invalid memory address when\ncomparing the expected name with an `otherName` subject alternative name of an\nX.509 certificate. This may result in an exception that terminates the\napplication program.\n\nNote that basic certificate chain validation (signatures, dates, ...) is not\naffected, the denial of service can occur only when the application also\nspecifies an expected DNS name, Email address or IP address.\n\nTLS servers rarely solicit client certificates, and even when they do, they\ngenerally don't perform a name check against a reference identifier (expected\nidentity), but rather extract the presented identity after checking the\ncertificate chain. So TLS servers are generally not affected and the severity\nof the issue is Moderate.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-843" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/09/03/4", + "https://access.redhat.com/errata/RHSA-2024:8935", + "https://access.redhat.com/security/cve/CVE-2024-6119", + "https://bugzilla.redhat.com/2306158", + "https://bugzilla.redhat.com/show_bug.cgi?id=2306158", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-613116.html", + "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6119", + "https://errata.almalinux.org/9/ALSA-2024-8935.html", + "https://errata.rockylinux.org/RLSA-2024:6783", + "https://github.com/advisories/GHSA-7m4m-pwhv-49c5", + "https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f", + "https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6", + "https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2", + "https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0", + "https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj", + "https://linux.oracle.com/cve/CVE-2024-6119.html", + "https://linux.oracle.com/errata/ELSA-2024-8935.html", + "https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-6119", + "https://openssl-library.org/news/secadv/20240903.txt", + "https://security.netapp.com/advisory/ntap-20240912-0001", + "https://security.netapp.com/advisory/ntap-20240912-0001/", + "https://ubuntu.com/security/notices/USN-6986-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2024-6119" + ], + "PublishedDate": "2024-09-03T16:15:07.177Z", + "LastModifiedDate": "2026-05-12T12:17:20.647Z" + }, + { + "VulnerabilityID": "CVE-2025-15467", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.19-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:811819248bd346b7ded1a9b5ac45e6387f5c121b361753c2ef71137978209848", + "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", + "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 4, + "julia": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6", + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-15467", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", + "https://github.com/guiimoraes/CVE-2025-15467", + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://linux.oracle.com/cve/CVE-2025-15467.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-15467" + ], + "PublishedDate": "2026-01-27T16:16:14.257Z", + "LastModifiedDate": "2026-05-07T18:12:43.253Z" + }, + { + "VulnerabilityID": "CVE-2025-69421", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.19-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:159afc701f235571ca34aa246d99c2c21c107a8dafd550271fb912fc3b9edc44", + "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", + "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-69421", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://linux.oracle.com/cve/CVE-2025-69421.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69421" + ], + "PublishedDate": "2026-01-27T16:16:34.437Z", + "LastModifiedDate": "2026-05-12T13:17:26.71Z" + }, + { + "VulnerabilityID": "CVE-2022-4203", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4203", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:c2349b4b1cc2cc0d30beb853657b2562e04ec1385e49a4a79c45fae836f1fd7a", + "Title": "openssl: read buffer overflow in X.509 certificate verification", + "Description": "A read buffer overrun can be triggered in X.509 certificate verification,\nspecifically in name constraint checking. Note that this occurs\nafter certificate chain signature verification and requires either a\nCA to have signed the malicious certificate or for the application to\ncontinue certificate verification despite failure to construct a path\nto a trusted issuer.\n\nThe read buffer overrun might result in a crash which could lead to\na denial of service attack. In theory it could also result in the disclosure\nof private memory contents (such as private keys, or sensitive plaintext)\nalthough we are not aware of any working exploit leading to memory\ncontents disclosure as of the time of release of this advisory.\n\nIn a TLS client, this can be triggered by connecting to a malicious\nserver. In a TLS server, this can be triggered if the server requests\nclient authentication and a malicious client connects.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "ghsa": 4, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 9.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0946", + "https://access.redhat.com/security/cve/CVE-2022-4203", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164488", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/2164497", + "https://bugzilla.redhat.com/2164499", + "https://bugzilla.redhat.com/2164500", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-0946.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c927a3492698c254637da836762f9b1f86cffabc", + "https://linux.oracle.com/cve/CVE-2022-4203.html", + "https://linux.oracle.com/errata/ELSA-2023-12152.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-4203", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0008.html", + "https://security.gentoo.org/glsa/202402-08", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://www.cve.org/CVERecord?id=CVE-2022-4203", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-24T15:15:11.98Z", + "LastModifiedDate": "2025-11-04T20:16:14.693Z" + }, + { + "VulnerabilityID": "CVE-2022-4304", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4304", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ca5c10e709a2da5196d6026efaeedc3e39a676f7b7136f2d2092435142a7f921", + "Title": "openssl: timing attack in RSA Decryption implementation", + "Description": "A timing based side channel exists in the OpenSSL RSA Decryption implementation\nwhich could be sufficient to recover a plaintext across a network in a\nBleichenbacher style attack. To achieve a successful decryption an attacker\nwould have to be able to send a very large number of trial messages for\ndecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,\nRSA-OEAP and RSASVE.\n\nFor example, in a TLS connection, RSA is commonly used by a client to send an\nencrypted pre-master secret to the server. An attacker that had observed a\ngenuine connection between a client and a server could use this flaw to send\ntrial messages to the server and record the time taken to process them. After a\nsufficiently large number of messages the attacker could recover the pre-master\nsecret used for the original connection and thus be able to decrypt the\napplication data sent over that connection.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-203" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + }, + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2165", + "https://access.redhat.com/security/cve/CVE-2022-4304", + "https://bugzilla.redhat.com/1960321", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-2165.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://github.com/advisories/GHSA-p52g-cm5j-mjv4", + "https://linux.oracle.com/cve/CVE-2022-4304.html", + "https://linux.oracle.com/errata/ELSA-2023-32791.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-4304", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0007.html", + "https://security.gentoo.org/glsa/202402-08", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://ubuntu.com/security/notices/USN-6564-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2022-4304", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:23.887Z", + "LastModifiedDate": "2025-11-04T20:16:14.897Z" + }, + { + "VulnerabilityID": "CVE-2023-0465", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0465", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:52ed5f91896343bee3d4b7e035ff0764016df2e8f32dae6a6f4fea3e166ecee2", + "Title": "openssl: Invalid certificate policies in leaf certificates are silently ignored", + "Description": "Applications that use a non-default option when verifying certificates may be\nvulnerable to an attack from a malicious CA to circumvent certain checks.\n\nInvalid certificate policies in leaf certificates are silently ignored by\nOpenSSL and other certificate policy checks are skipped for that certificate.\nA malicious CA could use this to deliberately assert invalid certificate policies\nin order to circumvent policy checking on the certificate altogether.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3722", + "https://access.redhat.com/security/cve/CVE-2023-0465", + "https://bugzilla.redhat.com/2181082", + "https://bugzilla.redhat.com/2182561", + "https://bugzilla.redhat.com/2182565", + "https://bugzilla.redhat.com/2188461", + "https://bugzilla.redhat.com/2207947", + "https://errata.almalinux.org/9/ALSA-2023-3722.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c", + "https://github.com/advisories/GHSA-77f3-6546-6rj7", + "https://linux.oracle.com/cve/CVE-2023-0465.html", + "https://linux.oracle.com/errata/ELSA-2023-3722.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0465", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230414-0001", + "https://security.netapp.com/advisory/ntap-20230414-0001/", + "https://ubuntu.com/security/notices/USN-6039-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0465", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230328.txt" + ], + "PublishedDate": "2023-03-28T15:15:06.82Z", + "LastModifiedDate": "2025-02-18T21:15:13.877Z" + }, + { + "VulnerabilityID": "CVE-2023-0466", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0466", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ba780eb34a2227e36f8c8b4b81d675705a7bf71af9ec98ed1d432dcc89303633", + "Title": "openssl: Certificate policy check not enabled", + "Description": "The function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\n\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\n\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\n\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/09/28/4", + "https://access.redhat.com/errata/RHSA-2023:3722", + "https://access.redhat.com/security/cve/CVE-2023-0466", + "https://bugzilla.redhat.com/2181082", + "https://bugzilla.redhat.com/2182561", + "https://bugzilla.redhat.com/2182565", + "https://bugzilla.redhat.com/2188461", + "https://bugzilla.redhat.com/2207947", + "https://errata.almalinux.org/9/ALSA-2023-3722.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061", + "https://github.com/advisories/GHSA-pxvj-4wx4-gv6w", + "https://linux.oracle.com/cve/CVE-2023-0466.html", + "https://linux.oracle.com/errata/ELSA-2023-3722.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0466", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230414-0001", + "https://security.netapp.com/advisory/ntap-20230414-0001/", + "https://ubuntu.com/security/notices/USN-6039-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0466", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230328.txt" + ], + "PublishedDate": "2023-03-28T15:15:06.88Z", + "LastModifiedDate": "2025-02-19T18:15:22.177Z" + }, + { + "VulnerabilityID": "CVE-2023-1255", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-1255", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:42f86951ca08ed0e659f02e3eeae71e10b1c7f78d2630833950893cb0a872f7d", + "Title": "openssl: Input buffer over-read in AES-XTS implementation on 64 bit ARM", + "Description": "Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM\nplatform contains a bug that could cause it to read past the input buffer,\nleading to a crash.\n\nImpact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM\nplatform can crash in rare circumstances. The AES-XTS algorithm is usually\nused for disk encryption.\n\nThe AES-XTS cipher decryption implementation for 64 bit ARM platform will read\npast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16\nbyte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext\nbuffer is unmapped, this will trigger a crash which results in a denial of\nservice.\n\nIf an attacker can control the size and location of the ciphertext buffer\nbeing decrypted by an application using AES-XTS on 64 bit ARM, the\napplication is affected. This is fairly unlikely making this issue\na Low severity one.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.1 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/04/20/13", + "https://access.redhat.com/errata/RHSA-2023:3722", + "https://access.redhat.com/security/cve/CVE-2023-1255", + "https://bugzilla.redhat.com/2181082", + "https://bugzilla.redhat.com/2182561", + "https://bugzilla.redhat.com/2182565", + "https://bugzilla.redhat.com/2188461", + "https://bugzilla.redhat.com/2207947", + "https://errata.almalinux.org/9/ALSA-2023-3722.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc2f61ad70971869b242fc1cb445b98bad50074a", + "https://github.com/advisories/GHSA-4wp2-xw7p-2gfx", + "https://linux.oracle.com/cve/CVE-2023-1255.html", + "https://linux.oracle.com/errata/ELSA-2023-3722.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-1255", + "https://security.netapp.com/advisory/ntap-20230908-0006/", + "https://ubuntu.com/security/notices/USN-6119-1", + "https://www.cve.org/CVERecord?id=CVE-2023-1255", + "https://www.openssl.org/news/secadv/20230419.txt", + "https://www.openssl.org/news/secadv/20230420.txt" + ], + "PublishedDate": "2023-04-20T17:15:06.883Z", + "LastModifiedDate": "2025-02-04T22:15:39.327Z" + }, + { + "VulnerabilityID": "CVE-2023-2650", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.9-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2650", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:db8405d450cb906bde57ccdb261306826eb867d33a9016705545694fde9fab61", + "Title": "openssl: Possible DoS translating ASN.1 object identifiers", + "Description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/05/30/1", + "https://access.redhat.com/errata/RHSA-2023:6330", + "https://access.redhat.com/security/cve/CVE-2023-2650", + "https://bugzilla.redhat.com/1858038", + "https://bugzilla.redhat.com/2207947", + "https://errata.almalinux.org/9/ALSA-2023-6330.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a", + "https://github.com/advisories/GHSA-gqxg-9vfr-p9cg", + "https://linux.oracle.com/cve/CVE-2023-2650.html", + "https://linux.oracle.com/errata/ELSA-2023-6330.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2650", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230703-0001/", + "https://security.netapp.com/advisory/ntap-20231027-0009/", + "https://ubuntu.com/security/notices/USN-6119-1", + "https://ubuntu.com/security/notices/USN-6188-1", + "https://ubuntu.com/security/notices/USN-6672-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-2650", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230530.txt" + ], + "PublishedDate": "2023-05-30T14:15:09.683Z", + "LastModifiedDate": "2025-03-19T16:15:21.89Z" + }, + { + "VulnerabilityID": "CVE-2023-2975", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.9-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2975", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:d217cf4c9a81bbfa5a676e83c071e25a89e5073390c0acc251517d841ac52d4e", + "Title": "openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries", + "Description": "Issue summary: The AES-SIV cipher implementation contains a bug that causes\nit to ignore empty associated data entries which are unauthenticated as\na consequence.\n\nImpact summary: Applications that use the AES-SIV algorithm and want to\nauthenticate empty data entries as associated data can be misled by removing,\nadding or reordering such empty entries as these are ignored by the OpenSSL\nimplementation. We are currently unaware of any such applications.\n\nThe AES-SIV algorithm allows for authentication of multiple associated\ndata entries along with the encryption. To authenticate empty data the\napplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with\nNULL pointer as the output buffer and 0 as the input buffer length.\nThe AES-SIV implementation in OpenSSL just returns success for such a call\ninstead of performing the associated data authentication operation.\nThe empty data thus will not be authenticated.\n\nAs this issue does not affect non-empty associated data authentication and\nwe expect it to be rare for an application to use empty associated data\nentries this is qualified as Low severity issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-354", + "CWE-287" + ], + "VendorSeverity": { + "alma": 1, + "amazon": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 1, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/07/15/1", + "http://www.openwall.com/lists/oss-security/2023/07/19/5", + "https://access.redhat.com/errata/RHSA-2024:2447", + "https://access.redhat.com/security/cve/CVE-2023-2975", + "https://bugzilla.redhat.com/2223016", + "https://bugzilla.redhat.com/2224962", + "https://bugzilla.redhat.com/2227852", + "https://bugzilla.redhat.com/2248616", + "https://bugzilla.redhat.com/2257571", + "https://bugzilla.redhat.com/2258502", + "https://bugzilla.redhat.com/2259944", + "https://errata.almalinux.org/9/ALSA-2024-2447.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc", + "https://github.com/advisories/GHSA-hpqg-7fjp-436p", + "https://linux.oracle.com/cve/CVE-2023-2975.html", + "https://linux.oracle.com/errata/ELSA-2024-2447.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2975", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230725-0004", + "https://security.netapp.com/advisory/ntap-20230725-0004/", + "https://ubuntu.com/security/notices/USN-6450-1", + "https://www.cve.org/CVERecord?id=CVE-2023-2975", + "https://www.openssl.org/news/secadv/20230714.txt" + ], + "PublishedDate": "2023-07-14T12:15:09.023Z", + "LastModifiedDate": "2025-04-23T17:16:32.467Z" + }, + { + "VulnerabilityID": "CVE-2023-3446", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.9-r3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3446", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:18f518d78e8c78b0839bdba171c36e6fe45872f3b876c3a9eab85d591d229de4", + "Title": "openssl: Excessive time spent checking DH keys and parameters", + "Description": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. One of those\nchecks confirms that the modulus ('p' parameter) is not too large. Trying to use\na very large modulus is slow and OpenSSL will not normally use a modulus which\nis over 10,000 bits in length.\n\nHowever the DH_check() function checks numerous aspects of the key or parameters\nthat have been supplied. Some of those checks use the supplied modulus value\neven if it has already been found to be too large.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulernable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the '-check' option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-606", + "CWE-1333" + ], + "VendorSeverity": { + "alma": 1, + "amazon": 3, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 1, + "photon": 2, + "redhat": 1, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/07/19/4", + "http://www.openwall.com/lists/oss-security/2023/07/19/5", + "http://www.openwall.com/lists/oss-security/2023/07/19/6", + "http://www.openwall.com/lists/oss-security/2023/07/31/1", + "http://www.openwall.com/lists/oss-security/2024/05/16/1", + "https://access.redhat.com/errata/RHSA-2024:2447", + "https://access.redhat.com/security/cve/CVE-2023-3446", + "https://bugzilla.redhat.com/2223016", + "https://bugzilla.redhat.com/2224962", + "https://bugzilla.redhat.com/2227852", + "https://bugzilla.redhat.com/2248616", + "https://bugzilla.redhat.com/2257571", + "https://bugzilla.redhat.com/2258502", + "https://bugzilla.redhat.com/2259944", + "https://bugzilla.redhat.com/show_bug.cgi?id=2224962", + "https://bugzilla.redhat.com/show_bug.cgi?id=2257582", + "https://bugzilla.redhat.com/show_bug.cgi?id=2257583", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258677", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258688", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258691", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258694", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258700", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36763", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36764", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45229", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45231", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45232", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45233", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45235", + "https://errata.almalinux.org/9/ALSA-2024-2447.html", + "https://errata.rockylinux.org/RLSA-2024:2264", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23", + "https://linux.oracle.com/cve/CVE-2023-3446.html", + "https://linux.oracle.com/errata/ELSA-2024-2447.html", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3446", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230803-0011/", + "https://ubuntu.com/security/notices/USN-6435-1", + "https://ubuntu.com/security/notices/USN-6435-2", + "https://ubuntu.com/security/notices/USN-6450-1", + "https://ubuntu.com/security/notices/USN-6709-1", + "https://ubuntu.com/security/notices/USN-7018-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3446", + "https://www.openssl.org/news/secadv/20230719.txt" + ], + "PublishedDate": "2023-07-19T12:15:10.003Z", + "LastModifiedDate": "2025-04-23T17:16:36.967Z" + }, + { + "VulnerabilityID": "CVE-2023-3817", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.10-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3817", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:b9e025ad75b22e285d0307215d8d25839e241b89fe5641023bae53a195a28b0b", + "Title": "OpenSSL: Excessive time spent checking DH q parameter value", + "Description": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-606", + "CWE-834" + ], + "VendorSeverity": { + "alma": 1, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 1, + "photon": 2, + "redhat": 1, + "rocky": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2023/Jul/43", + "http://www.openwall.com/lists/oss-security/2023/07/31/1", + "http://www.openwall.com/lists/oss-security/2023/09/22/11", + "http://www.openwall.com/lists/oss-security/2023/09/22/9", + "http://www.openwall.com/lists/oss-security/2023/11/06/2", + "https://access.redhat.com/errata/RHSA-2024:2447", + "https://access.redhat.com/security/cve/CVE-2023-3817", + "https://bugzilla.redhat.com/2223016", + "https://bugzilla.redhat.com/2224962", + "https://bugzilla.redhat.com/2227852", + "https://bugzilla.redhat.com/2248616", + "https://bugzilla.redhat.com/2257571", + "https://bugzilla.redhat.com/2258502", + "https://bugzilla.redhat.com/2259944", + "https://bugzilla.redhat.com/show_bug.cgi?id=2224962", + "https://bugzilla.redhat.com/show_bug.cgi?id=2227852", + "https://bugzilla.redhat.com/show_bug.cgi?id=2248616", + "https://bugzilla.redhat.com/show_bug.cgi?id=2270358", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5678", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2408", + "https://errata.almalinux.org/9/ALSA-2024-2447.html", + "https://errata.rockylinux.org/RLSA-2023:7877", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5", + "https://github.com/advisories/GHSA-c945-cqj5-wfv6", + "https://linux.oracle.com/cve/CVE-2023-3817.html", + "https://linux.oracle.com/errata/ELSA-2024-2447.html", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3817", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230818-0014", + "https://security.netapp.com/advisory/ntap-20230818-0014/", + "https://security.netapp.com/advisory/ntap-20231027-0008", + "https://security.netapp.com/advisory/ntap-20231027-0008/", + "https://security.netapp.com/advisory/ntap-20240621-0006", + "https://security.netapp.com/advisory/ntap-20240621-0006/", + "https://ubuntu.com/security/notices/USN-6435-1", + "https://ubuntu.com/security/notices/USN-6435-2", + "https://ubuntu.com/security/notices/USN-6450-1", + "https://ubuntu.com/security/notices/USN-6709-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3817", + "https://www.openssl.org/news/secadv/20230731.txt" + ], + "PublishedDate": "2023-07-31T16:15:10.497Z", + "LastModifiedDate": "2025-05-05T16:15:47.343Z" + }, + { + "VulnerabilityID": "CVE-2023-5678", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.12-r1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-5678", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:b4470fc33821ba2514083274cc7bb898452d335e9e766ebf6623b4e1a8d4c498", + "Title": "openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow", + "Description": "Issue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n\"-pubcheck\" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-606", + "CWE-754" + ], + "VendorSeverity": { + "alma": 1, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 1, + "photon": 2, + "redhat": 1, + "rocky": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/11/06/2", + "http://www.openwall.com/lists/oss-security/2024/03/11/1", + "https://access.redhat.com/errata/RHSA-2024:2447", + "https://access.redhat.com/security/cve/CVE-2023-5678", + "https://bugzilla.redhat.com/2223016", + "https://bugzilla.redhat.com/2224962", + "https://bugzilla.redhat.com/2227852", + "https://bugzilla.redhat.com/2248616", + "https://bugzilla.redhat.com/2257571", + "https://bugzilla.redhat.com/2258502", + "https://bugzilla.redhat.com/2259944", + "https://bugzilla.redhat.com/show_bug.cgi?id=2224962", + "https://bugzilla.redhat.com/show_bug.cgi?id=2227852", + "https://bugzilla.redhat.com/show_bug.cgi?id=2248616", + "https://bugzilla.redhat.com/show_bug.cgi?id=2270358", + "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", + "https://cert-portal.siemens.com/productcert/html/ssa-128433.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-277137.html", + "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", + "https://cert-portal.siemens.com/productcert/html/ssa-341067.html", + "https://cert-portal.siemens.com/productcert/html/ssa-398330.html", + "https://cert-portal.siemens.com/productcert/html/ssa-556635.html", + "https://cert-portal.siemens.com/productcert/html/ssa-613116.html", + "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", + "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", + "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5678", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2408", + "https://errata.almalinux.org/9/ALSA-2024-2447.html", + "https://errata.rockylinux.org/RLSA-2023:7877", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", + "https://github.com/advisories/GHSA-2cj7-mg3x-9mhq", + "https://linux.oracle.com/cve/CVE-2023-5678.html", + "https://linux.oracle.com/errata/ELSA-2024-2447.html", + "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html", + "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-5678", + "https://security.netapp.com/advisory/ntap-20231130-0010", + "https://security.netapp.com/advisory/ntap-20231130-0010/", + "https://ubuntu.com/security/notices/USN-6622-1", + "https://ubuntu.com/security/notices/USN-6632-1", + "https://ubuntu.com/security/notices/USN-6709-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-5678", + "https://www.openssl.org/news/secadv/20231106.txt" + ], + "PublishedDate": "2023-11-06T16:15:42.67Z", + "LastModifiedDate": "2026-05-12T11:16:17.123Z" + }, + { + "VulnerabilityID": "CVE-2023-6129", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.12-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-6129", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:c2446353807d01ebe3bdf89c198e076fe137670fa0eb216538b20419bbd81beb", + "Title": "openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC", + "Description": "Issue summary: The POLY1305 MAC (message authentication code) implementation\ncontains a bug that might corrupt the internal state of applications running\non PowerPC CPU based platforms if the CPU provides vector instructions.\n\nImpact summary: If an attacker can influence whether the POLY1305 MAC\nalgorithm is used, the application state might be corrupted with various\napplication dependent consequences.\n\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL for\nPowerPC CPUs restores the contents of vector registers in a different order\nthan they are saved. Thus the contents of some of these vector registers\nare corrupted when returning to the caller. The vulnerable code is used only\non newer PowerPC processors supporting the PowerISA 2.07 instructions.\n\nThe consequences of this kind of internal application state corruption can\nbe various - from no consequences, if the calling application does not\ndepend on the contents of non-volatile XMM registers at all, to the worst\nconsequences, where the attacker could get complete control of the application\nprocess. However unless the compiler uses the vector registers for storing\npointers, the most likely consequence, if any, would be an incorrect result\nof some application dependent calculations or a crash leading to a denial of\nservice.\n\nThe POLY1305 MAC algorithm is most frequently used as part of the\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\nversions 1.2 and 1.3. If this cipher is enabled on the server a malicious\nclient can influence whether this AEAD cipher is used. This implies that\nTLS server applications using OpenSSL can be potentially impacted. However\nwe are currently not aware of any concrete application that would be affected\nby this issue therefore we consider this a Low severity security issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-440", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 2, + "redhat": 1, + "rocky": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/01/09/1", + "http://www.openwall.com/lists/oss-security/2024/03/11/1", + "https://access.redhat.com/errata/RHSA-2024:9088", + "https://access.redhat.com/security/cve/CVE-2023-6129", + "https://bugzilla.redhat.com/2257571", + "https://bugzilla.redhat.com/2258502", + "https://bugzilla.redhat.com/2259944", + "https://bugzilla.redhat.com/2284243", + "https://bugzilla.redhat.com/show_bug.cgi?id=2257571", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258502", + "https://bugzilla.redhat.com/show_bug.cgi?id=2259944", + "https://bugzilla.redhat.com/show_bug.cgi?id=2284243", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", + "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", + "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6129", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6237", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1298", + "https://errata.almalinux.org/9/ALSA-2024-9088.html", + "https://errata.rockylinux.org/RLSA-2024:9088", + "https://github.com/advisories/GHSA-rj8q-prqp-jwfg", + "https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35", + "https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04", + "https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015", + "https://linux.oracle.com/cve/CVE-2023-6129.html", + "https://linux.oracle.com/errata/ELSA-2024-9088.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-6129", + "https://security.netapp.com/advisory/ntap-20240216-0009", + "https://security.netapp.com/advisory/ntap-20240216-0009/", + "https://security.netapp.com/advisory/ntap-20240426-0008", + "https://security.netapp.com/advisory/ntap-20240426-0008/", + "https://security.netapp.com/advisory/ntap-20240426-0013", + "https://security.netapp.com/advisory/ntap-20240426-0013/", + "https://security.netapp.com/advisory/ntap-20240503-0011", + "https://security.netapp.com/advisory/ntap-20240503-0011/", + "https://ubuntu.com/security/notices/USN-6622-1", + "https://www.cve.org/CVERecord?id=CVE-2023-6129", + "https://www.openssl.org/news/secadv/20240109.txt", + "https://www.openwall.com/lists/oss-security/2024/01/09/1" + ], + "PublishedDate": "2024-01-09T17:15:12.147Z", + "LastModifiedDate": "2026-05-12T11:16:17.563Z" + }, + { + "VulnerabilityID": "CVE-2024-0727", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.12-r4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-0727", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:46b83be43a22c4f4a3ae7620234fb589bf479b2fe9ad75040008280869c1aa90", + "Title": "openssl: denial of service via null dereference", + "Description": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 1, + "rocky": 2, + "ubuntu": 1 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/11/1", + "https://access.redhat.com/errata/RHSA-2024:9088", + "https://access.redhat.com/security/cve/CVE-2024-0727", + "https://bugzilla.redhat.com/2257571", + "https://bugzilla.redhat.com/2258502", + "https://bugzilla.redhat.com/2259944", + "https://bugzilla.redhat.com/2284243", + "https://bugzilla.redhat.com/show_bug.cgi?id=2257571", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258502", + "https://bugzilla.redhat.com/show_bug.cgi?id=2259944", + "https://bugzilla.redhat.com/show_bug.cgi?id=2284243", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-277137.html", + "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", + "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", + "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6129", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6237", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1298", + "https://errata.almalinux.org/9/ALSA-2024-9088.html", + "https://errata.rockylinux.org/RLSA-2024:9088", + "https://github.com/advisories/GHSA-9v9h-cgj8-h64p", + "https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2", + "https://github.com/github/advisory-database/pull/3472", + "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2", + "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a", + "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c", + "https://github.com/openssl/openssl/pull/23362", + "https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d", + "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8", + "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539", + "https://linux.oracle.com/cve/CVE-2024-0727.html", + "https://linux.oracle.com/errata/ELSA-2024-9088.html", + "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html", + "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-0727", + "https://security.netapp.com/advisory/ntap-20240208-0006", + "https://security.netapp.com/advisory/ntap-20240208-0006/", + "https://ubuntu.com/security/notices/USN-6622-1", + "https://ubuntu.com/security/notices/USN-6632-1", + "https://ubuntu.com/security/notices/USN-6709-1", + "https://ubuntu.com/security/notices/USN-7018-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2024-0727", + "https://www.openssl.org/news/secadv/20240125.txt" + ], + "PublishedDate": "2024-01-26T09:15:07.637Z", + "LastModifiedDate": "2026-05-12T12:16:16.567Z" + }, + { + "VulnerabilityID": "CVE-2025-69419", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.19-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:aacacbfd4dac79d085ac307b73e5efbc0cab7c5af5093b34af1103284b627dba", + "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", + "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4472", + "https://access.redhat.com/security/cve/CVE-2025-69419", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-4472.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-x77r-97gw-wh89", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://linux.oracle.com/cve/CVE-2025-69419.html", + "https://linux.oracle.com/errata/ELSA-2026-50131.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69419" + ], + "PublishedDate": "2026-01-27T16:16:34.113Z", + "LastModifiedDate": "2026-05-12T13:17:26.19Z" + }, + { + "VulnerabilityID": "CVE-2025-9230", + "PkgID": "libcrypto3@3.0.7-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "4c265b9f9fb6f74e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.19-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:9af34992240fabe114f6ee2b8ef8e974550d6d961d118742cde6862debe1b306", + "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", + "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://access.redhat.com/errata/RHSA-2026:2776", + "https://access.redhat.com/security/cve/CVE-2025-9230", + "https://bugzilla.redhat.com/2396054", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", + "https://errata.almalinux.org/9/ALSA-2026-2776.html", + "https://errata.rockylinux.org/RLSA-2025:21255", + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://linux.oracle.com/cve/CVE-2025-9230.html", + "https://linux.oracle.com/errata/ELSA-2026-50114.html", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9230" + ], + "PublishedDate": "2025-09-30T14:15:41.05Z", + "LastModifiedDate": "2026-05-12T13:17:29.767Z" + }, + { + "VulnerabilityID": "CVE-2022-3996", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.7-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3996", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:c521e9b16a4a958dab38c1647f1f5b3b101fcb3ddd8a70210f415278d10d7a09", + "Title": "openssl: double locking leads to denial of service", + "Description": "If an X.509 certificate contains a malformed policy constraint and\npolicy processing is enabled, then a write lock will be taken twice\nrecursively. On some operating systems (most widely: Windows) this\nresults in a denial of service when the affected process hangs. Policy\nprocessing being enabled on a publicly facing server is not considered\nto be a common setup.\n\nPolicy processing is enabled by passing the `-policy'\nargument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.\n\nUpdate (31 March 2023): The description of the policy processing enablement\nwas corrected based on CVE-2023-0466.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-667" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 3, + "ghsa": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V3Score": 7.5, + "V40Score": 8.7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-3996", + "https://github.com/alexcrichton/openssl-src-rs", + "https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7", + "https://nvd.nist.gov/vuln/detail/CVE-2022-3996", + "https://security.netapp.com/advisory/ntap-20230203-0003/", + "https://ubuntu.com/security/notices/USN-6039-1", + "https://www.cve.org/CVERecord?id=CVE-2022-3996", + "https://www.openssl.org/news/secadv/20221213.txt" + ], + "PublishedDate": "2022-12-13T16:15:22.007Z", + "LastModifiedDate": "2024-11-21T07:20:42.003Z" + }, + { + "VulnerabilityID": "CVE-2022-4450", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4450", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:e74ef67483321d454c4280e88d696ca3567fe79aed2a61c673096e9f61ebedc7", + "Title": "openssl: double free after calling PEM_read_bio_ex", + "Description": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and\ndecodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data.\nIf the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are\npopulated with pointers to buffers containing the relevant decoded data. The\ncaller is responsible for freeing those buffers. It is possible to construct a\nPEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()\nwill return a failure code but will populate the header argument with a pointer\nto a buffer that has already been freed. If the caller also frees this buffer\nthen a double free will occur. This will most likely lead to a crash. This\ncould be exploited by an attacker who has the ability to supply malicious PEM\nfiles for parsing to achieve a denial of service attack.\n\nThe functions PEM_read_bio() and PEM_read() are simple wrappers around\nPEM_read_bio_ex() and therefore these functions are also directly affected.\n\nThese functions are also called indirectly by a number of other OpenSSL\nfunctions including PEM_X509_INFO_read_bio_ex() and\nSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal\nuses of these functions are not vulnerable because the caller does not free the\nheader argument if PEM_read_bio_ex() returns a failure code. These locations\ninclude the PEM_read_bio_TYPE() functions as well as the decoders introduced in\nOpenSSL 3.0.\n\nThe OpenSSL asn1parse command line application is also impacted by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2165", + "https://access.redhat.com/security/cve/CVE-2022-4450", + "https://bugzilla.redhat.com/1960321", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-2165.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b", + "https://github.com/advisories/GHSA-v5w6-wcm8-jm4q", + "https://linux.oracle.com/cve/CVE-2022-4450.html", + "https://linux.oracle.com/errata/ELSA-2023-32791.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-4450", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0010.html", + "https://security.gentoo.org/glsa/202402-08", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://ubuntu.com/security/notices/USN-6564-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2022-4450", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:23.973Z", + "LastModifiedDate": "2025-11-04T20:16:15.06Z" + }, + { + "VulnerabilityID": "CVE-2023-0215", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0215", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:392f9688e7ed5b359fb574c7ca196ea6e72759c6506f484e0b7dd53e82563c16", + "Title": "openssl: use-after-free following BIO_new_NDEF", + "Description": "The public API function BIO_new_NDEF is a helper function used for streaming\nASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\nSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\nend user applications.\n\nThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\nBIO onto the front of it to form a BIO chain, and then returns the new head of\nthe BIO chain to the caller. Under certain conditions, for example if a CMS\nrecipient public key is invalid, the new filter BIO is freed and the function\nreturns a NULL result indicating a failure. However, in this case, the BIO chain\nis not properly cleaned up and the BIO passed by the caller still retains\ninternal pointers to the previously freed filter BIO. If the caller then goes on\nto call BIO_pop() on the BIO then a use-after-free will occur. This will most\nlikely result in a crash.\n\n\n\nThis scenario occurs directly in the internal function B64_write_ASN1() which\nmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\nthe BIO. This internal function is in turn called by the public API functions\nPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\nSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.\n\nOther public API functions that may be impacted by this include\ni2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\ni2d_PKCS7_bio_stream.\n\nThe OpenSSL cms and smime command line applications are similarly affected.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2165", + "https://access.redhat.com/security/cve/CVE-2023-0215", + "https://bugzilla.redhat.com/1960321", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-2165.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344", + "https://github.com/advisories/GHSA-r7jw-wp68-3xch", + "https://linux.oracle.com/cve/CVE-2023-0215.html", + "https://linux.oracle.com/errata/ELSA-2023-32791.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0215", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0009.html", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230427-0007", + "https://security.netapp.com/advisory/ntap-20230427-0007/", + "https://security.netapp.com/advisory/ntap-20230427-0009", + "https://security.netapp.com/advisory/ntap-20230427-0009/", + "https://security.netapp.com/advisory/ntap-20240621-0006", + "https://security.netapp.com/advisory/ntap-20240621-0006/", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://ubuntu.com/security/notices/USN-5845-1", + "https://ubuntu.com/security/notices/USN-5845-2", + "https://ubuntu.com/security/notices/USN-6564-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0215", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:24.107Z", + "LastModifiedDate": "2025-11-04T20:16:15.847Z" + }, + { + "VulnerabilityID": "CVE-2023-0216", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0216", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:255fc55b5c458369ee489fc9f8cd7d23bda6f0f4dae6be569e435846e2ca049b", + "Title": "openssl: invalid pointer dereference in d2i_PKCS7 functions", + "Description": "An invalid pointer dereference on read can be triggered when an\napplication tries to load malformed PKCS7 data with the\nd2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.\n\nThe result of the dereference is an application crash which could\nlead to a denial of service attack. The TLS implementation in OpenSSL\ndoes not call this function however third party applications might\ncall these functions on untrusted data.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0946", + "https://access.redhat.com/security/cve/CVE-2023-0216", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164488", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/2164497", + "https://bugzilla.redhat.com/2164499", + "https://bugzilla.redhat.com/2164500", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-0946.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6", + "https://linux.oracle.com/cve/CVE-2023-0216.html", + "https://linux.oracle.com/errata/ELSA-2023-12152.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0216", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0011.html", + "https://security.gentoo.org/glsa/202402-08", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0216", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:24.16Z", + "LastModifiedDate": "2025-11-04T20:16:16.043Z" + }, + { + "VulnerabilityID": "CVE-2023-0217", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0217", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:486e4e8ecccc52e35126714cf099e3efe98b4c68552565fef6a469b1bd77c89c", + "Title": "openssl: NULL dereference validating DSA public key", + "Description": "An invalid pointer dereference on read can be triggered when an\napplication tries to check a malformed DSA public key by the\nEVP_PKEY_public_check() function. This will most likely lead\nto an application crash. This function can be called on public\nkeys supplied from untrusted sources which could allow an attacker\nto cause a denial of service attack.\n\nThe TLS implementation in OpenSSL does not call this function\nbut applications might call the function if there are additional\nsecurity requirements imposed by standards such as FIPS 140-3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0946", + "https://access.redhat.com/security/cve/CVE-2023-0217", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164488", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/2164497", + "https://bugzilla.redhat.com/2164499", + "https://bugzilla.redhat.com/2164500", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-0946.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096", + "https://linux.oracle.com/cve/CVE-2023-0217.html", + "https://linux.oracle.com/errata/ELSA-2023-12152.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0217", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0012.html", + "https://security.gentoo.org/glsa/202402-08", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0217", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:24.213Z", + "LastModifiedDate": "2025-11-04T20:16:16.197Z" + }, + { + "VulnerabilityID": "CVE-2023-0286", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0286", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:f30a334136a9ca647beb24f0c7f9e961698345eb6b2f27e1fbe9c88496aaea50", + "Title": "openssl: X.400 address type confusion in X.509 GeneralName", + "Description": "There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-843" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + }, + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7937", + "https://access.redhat.com/security/cve/CVE-2023-0286", + "https://access.redhat.com/security/cve/cve-2023-0286", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2025-7937.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt", + "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d", + "https://github.com/advisories/GHSA-x4qr-2fvf-3mr5", + "https://github.com/pyca/cryptography", + "https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5", + "https://linux.oracle.com/cve/CVE-2023-0286.html", + "https://linux.oracle.com/errata/ELSA-2025-7937.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0286", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0006.html", + "https://security.gentoo.org/glsa/202402-08", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://ubuntu.com/security/notices/USN-5845-1", + "https://ubuntu.com/security/notices/USN-5845-2", + "https://ubuntu.com/security/notices/USN-6564-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0286", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:24.267Z", + "LastModifiedDate": "2025-11-04T20:16:16.35Z" + }, + { + "VulnerabilityID": "CVE-2023-0401", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0401", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:31a959243f5e9c166807f33178da6ebe3455303aa2e6ea50039a5b7a0bbd39b0", + "Title": "openssl: NULL dereference during PKCS7 data verification", + "Description": "A NULL pointer can be dereferenced when signatures are being\nverified on PKCS7 signed or signedAndEnveloped data. In case the hash\nalgorithm used for the signature is known to the OpenSSL library but\nthe implementation of the hash algorithm is not available the digest\ninitialization will fail. There is a missing check for the return\nvalue from the initialization function which later leads to invalid\nusage of the digest API most likely leading to a crash.\n\nThe unavailability of an algorithm can be caused by using FIPS\nenabled configuration of providers or more commonly by not loading\nthe legacy provider.\n\nPKCS7 data is processed by the SMIME library calls and also by the\ntime stamp (TS) library calls. The TLS implementation in OpenSSL does\nnot call these functions however third party applications would be\naffected if they call these functions to verify signatures on untrusted\ndata.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0946", + "https://access.redhat.com/security/cve/CVE-2023-0401", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164488", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/2164497", + "https://bugzilla.redhat.com/2164499", + "https://bugzilla.redhat.com/2164500", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-0946.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674", + "https://github.com/alexcrichton/openssl-src-rs", + "https://linux.oracle.com/cve/CVE-2023-0401.html", + "https://linux.oracle.com/errata/ELSA-2023-12152.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0401", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0013.html", + "https://security.gentoo.org/glsa/202402-08", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://ubuntu.com/security/notices/USN-6564-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0401", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:24.323Z", + "LastModifiedDate": "2025-11-04T20:16:16.527Z" + }, + { + "VulnerabilityID": "CVE-2023-0464", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0464", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:12d9ad41e98263971ded819a76c1ab64a534449c182740de5771b13a5308126b", + "Title": "openssl: Denial of service by excessive resource usage in verifying X509 policy constraints", + "Description": "A security vulnerability has been identified in all supported versions\n\nof OpenSSL related to the verification of X.509 certificate chains\nthat include policy constraints. Attackers may be able to exploit this\nvulnerability by creating a malicious certificate chain that triggers\nexponential use of computational resources, leading to a denial-of-service\n(DoS) attack on affected systems.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3722", + "https://access.redhat.com/security/cve/CVE-2023-0464", + "https://bugzilla.redhat.com/2181082", + "https://bugzilla.redhat.com/2182561", + "https://bugzilla.redhat.com/2182565", + "https://bugzilla.redhat.com/2188461", + "https://bugzilla.redhat.com/2207947", + "https://errata.almalinux.org/9/ALSA-2023-3722.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1", + "https://github.com/advisories/GHSA-w2w6-xp88-5cvw", + "https://linux.oracle.com/cve/CVE-2023-0464.html", + "https://linux.oracle.com/errata/ELSA-2023-3722.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0464", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230406-0006", + "https://security.netapp.com/advisory/ntap-20230406-0006/", + "https://security.netapp.com/advisory/ntap-20240621-0006", + "https://security.netapp.com/advisory/ntap-20240621-0006/", + "https://ubuntu.com/security/notices/USN-6039-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.couchbase.com/alerts", + "https://www.couchbase.com/alerts/", + "https://www.cve.org/CVERecord?id=CVE-2023-0464", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230322.txt" + ], + "PublishedDate": "2023-03-22T17:15:13.13Z", + "LastModifiedDate": "2025-05-05T16:15:26.103Z" + }, + { + "VulnerabilityID": "CVE-2023-5363", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.12-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-5363", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:bebc404882ec0523640e8bae9f51917d984f6d175a31eac54f7978c1842d397a", + "Title": "openssl: Incorrect cipher key and IV length processing", + "Description": "Issue summary: A bug has been identified in the processing of key and\ninitialisation vector (IV) lengths. This can lead to potential truncation\nor overruns during the initialisation of some symmetric ciphers.\n\nImpact summary: A truncation in the IV can result in non-uniqueness,\nwhich could result in loss of confidentiality for some cipher modes.\n\nWhen calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or\nEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after\nthe key and IV have been established. Any alterations to the key length,\nvia the \"keylen\" parameter or the IV length, via the \"ivlen\" parameter,\nwithin the OSSL_PARAM array will not take effect as intended, potentially\ncausing truncation or overreading of these values. The following ciphers\nand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.\n\nFor the CCM, GCM and OCB cipher modes, truncation of the IV can result in\nloss of confidentiality. For example, when following NIST's SP 800-38D\nsection 8.2.1 guidance for constructing a deterministic IV for AES in\nGCM mode, truncation of the counter portion could lead to IV reuse.\n\nBoth truncations and overruns of the key and overruns of the IV will\nproduce incorrect results and could, in some cases, trigger a memory\nexception. However, these issues are not currently assessed as security\ncritical.\n\nChanging the key and/or IV lengths is not considered to be a common operation\nand the vulnerable API was recently introduced. Furthermore it is likely that\napplication developers will have spotted this problem during testing since\ndecryption would fail unless both peers in the communication were similarly\nvulnerable. For these reasons we expect the probability of an application being\nvulnerable to this to be quite low. However if an application is vulnerable then\nthis issue is considered very serious. For these reasons we have assessed this\nissue as Moderate severity overall.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because\nthe issue lies outside of the FIPS provider boundary.\n\nOpenSSL 3.1 and 3.0 are vulnerable to this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-684" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/10/24/1", + "https://access.redhat.com/errata/RHSA-2024:0310", + "https://access.redhat.com/security/cve/CVE-2023-5363", + "https://bugzilla.redhat.com/2243839", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", + "https://cert-portal.siemens.com/productcert/html/ssa-277137.html", + "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", + "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", + "https://errata.almalinux.org/9/ALSA-2024-0310.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee", + "https://github.com/advisories/GHSA-xw78-pcr6-wrg8", + "https://linux.oracle.com/cve/CVE-2023-5363.html", + "https://linux.oracle.com/errata/ELSA-2024-12093.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-5363", + "https://security.netapp.com/advisory/ntap-20231027-0010", + "https://security.netapp.com/advisory/ntap-20231027-0010/", + "https://security.netapp.com/advisory/ntap-20240201-0003", + "https://security.netapp.com/advisory/ntap-20240201-0003/", + "https://security.netapp.com/advisory/ntap-20240201-0004", + "https://security.netapp.com/advisory/ntap-20240201-0004/", + "https://security.netapp.com/advisory/ntap-20241108-0002", + "https://security.netapp.com/advisory/ntap-20241108-0002/", + "https://ubuntu.com/security/notices/USN-6450-1", + "https://www.cve.org/CVERecord?id=CVE-2023-5363", + "https://www.debian.org/security/2023/dsa-5532", + "https://www.openssl.org/news/secadv/20231024.txt" + ], + "PublishedDate": "2023-10-25T18:17:43.613Z", + "LastModifiedDate": "2026-05-12T11:16:16.87Z" + }, + { + "VulnerabilityID": "CVE-2024-6119", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.15-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-6119", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:53a56bf3947e197e3bc575eb1b1d86b8629d2fc4f5e02873c0f385ddbf94be7a", + "Title": "openssl: Possible denial of service in X.509 name checks", + "Description": "Issue summary: Applications performing certificate name checks (e.g., TLS\nclients checking server certificates) may attempt to read an invalid memory\naddress resulting in abnormal termination of the application process.\n\nImpact summary: Abnormal termination of an application can a cause a denial of\nservice.\n\nApplications performing certificate name checks (e.g., TLS clients checking\nserver certificates) may attempt to read an invalid memory address when\ncomparing the expected name with an `otherName` subject alternative name of an\nX.509 certificate. This may result in an exception that terminates the\napplication program.\n\nNote that basic certificate chain validation (signatures, dates, ...) is not\naffected, the denial of service can occur only when the application also\nspecifies an expected DNS name, Email address or IP address.\n\nTLS servers rarely solicit client certificates, and even when they do, they\ngenerally don't perform a name check against a reference identifier (expected\nidentity), but rather extract the presented identity after checking the\ncertificate chain. So TLS servers are generally not affected and the severity\nof the issue is Moderate.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-843" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/09/03/4", + "https://access.redhat.com/errata/RHSA-2024:8935", + "https://access.redhat.com/security/cve/CVE-2024-6119", + "https://bugzilla.redhat.com/2306158", + "https://bugzilla.redhat.com/show_bug.cgi?id=2306158", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-613116.html", + "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6119", + "https://errata.almalinux.org/9/ALSA-2024-8935.html", + "https://errata.rockylinux.org/RLSA-2024:6783", + "https://github.com/advisories/GHSA-7m4m-pwhv-49c5", + "https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f", + "https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6", + "https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2", + "https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0", + "https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj", + "https://linux.oracle.com/cve/CVE-2024-6119.html", + "https://linux.oracle.com/errata/ELSA-2024-8935.html", + "https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-6119", + "https://openssl-library.org/news/secadv/20240903.txt", + "https://security.netapp.com/advisory/ntap-20240912-0001", + "https://security.netapp.com/advisory/ntap-20240912-0001/", + "https://ubuntu.com/security/notices/USN-6986-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2024-6119" + ], + "PublishedDate": "2024-09-03T16:15:07.177Z", + "LastModifiedDate": "2026-05-12T12:17:20.647Z" + }, + { + "VulnerabilityID": "CVE-2025-15467", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.19-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:f02e6f09f8c1e6494a54d4e304b04a079e71fba32afaa7c4acc7bd4cae8f199f", + "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", + "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 4, + "julia": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6", + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-15467", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", + "https://github.com/guiimoraes/CVE-2025-15467", + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://linux.oracle.com/cve/CVE-2025-15467.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-15467" + ], + "PublishedDate": "2026-01-27T16:16:14.257Z", + "LastModifiedDate": "2026-05-07T18:12:43.253Z" + }, + { + "VulnerabilityID": "CVE-2025-69421", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.19-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:32661166f09cd2a399ab80e16d014797156616a2430e13bed7b9c96d4042174c", + "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", + "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-69421", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://linux.oracle.com/cve/CVE-2025-69421.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69421" + ], + "PublishedDate": "2026-01-27T16:16:34.437Z", + "LastModifiedDate": "2026-05-12T13:17:26.71Z" + }, + { + "VulnerabilityID": "CVE-2022-4203", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4203", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:7006af1cfd8970c922a3ed64ba95a4eb26cf1ad57cf540db3061c28818105e85", + "Title": "openssl: read buffer overflow in X.509 certificate verification", + "Description": "A read buffer overrun can be triggered in X.509 certificate verification,\nspecifically in name constraint checking. Note that this occurs\nafter certificate chain signature verification and requires either a\nCA to have signed the malicious certificate or for the application to\ncontinue certificate verification despite failure to construct a path\nto a trusted issuer.\n\nThe read buffer overrun might result in a crash which could lead to\na denial of service attack. In theory it could also result in the disclosure\nof private memory contents (such as private keys, or sensitive plaintext)\nalthough we are not aware of any working exploit leading to memory\ncontents disclosure as of the time of release of this advisory.\n\nIn a TLS client, this can be triggered by connecting to a malicious\nserver. In a TLS server, this can be triggered if the server requests\nclient authentication and a malicious client connects.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "ghsa": 4, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "V3Score": 9.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 4.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:0946", + "https://access.redhat.com/security/cve/CVE-2022-4203", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164488", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/2164497", + "https://bugzilla.redhat.com/2164499", + "https://bugzilla.redhat.com/2164500", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-0946.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c927a3492698c254637da836762f9b1f86cffabc", + "https://linux.oracle.com/cve/CVE-2022-4203.html", + "https://linux.oracle.com/errata/ELSA-2023-12152.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-4203", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0008.html", + "https://security.gentoo.org/glsa/202402-08", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://www.cve.org/CVERecord?id=CVE-2022-4203", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-24T15:15:11.98Z", + "LastModifiedDate": "2025-11-04T20:16:14.693Z" + }, + { + "VulnerabilityID": "CVE-2022-4304", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4304", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:0fe3eb2c69166b6e855a8c250deba63c09a51859ce3a1b867b03685f3d6866c9", + "Title": "openssl: timing attack in RSA Decryption implementation", + "Description": "A timing based side channel exists in the OpenSSL RSA Decryption implementation\nwhich could be sufficient to recover a plaintext across a network in a\nBleichenbacher style attack. To achieve a successful decryption an attacker\nwould have to be able to send a very large number of trial messages for\ndecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,\nRSA-OEAP and RSASVE.\n\nFor example, in a TLS connection, RSA is commonly used by a client to send an\nencrypted pre-master secret to the server. An attacker that had observed a\ngenuine connection between a client and a server could use this flaw to send\ntrial messages to the server and record the time taken to process them. After a\nsufficiently large number of messages the attacker could recover the pre-master\nsecret used for the original connection and thus be able to decrypt the\napplication data sent over that connection.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-203" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + }, + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:2165", + "https://access.redhat.com/security/cve/CVE-2022-4304", + "https://bugzilla.redhat.com/1960321", + "https://bugzilla.redhat.com/2164440", + "https://bugzilla.redhat.com/2164487", + "https://bugzilla.redhat.com/2164492", + "https://bugzilla.redhat.com/2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", + "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", + "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", + "https://errata.almalinux.org/9/ALSA-2023-2165.html", + "https://errata.rockylinux.org/RLSA-2023:0946", + "https://github.com/advisories/GHSA-p52g-cm5j-mjv4", + "https://linux.oracle.com/cve/CVE-2022-4304.html", + "https://linux.oracle.com/errata/ELSA-2023-32791.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-4304", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", + "https://rustsec.org/advisories/RUSTSEC-2023-0007.html", + "https://security.gentoo.org/glsa/202402-08", + "https://ubuntu.com/security/notices/USN-5844-1", + "https://ubuntu.com/security/notices/USN-6564-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2022-4304", + "https://www.openssl.org/news/secadv/20230207.txt" + ], + "PublishedDate": "2023-02-08T20:15:23.887Z", + "LastModifiedDate": "2025-11-04T20:16:14.897Z" + }, + { + "VulnerabilityID": "CVE-2023-0465", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0465", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:3eec4f631f80c46a487cd6aa0b8c3e9d7086833e0dfb82eceb302b8e74599dfc", + "Title": "openssl: Invalid certificate policies in leaf certificates are silently ignored", + "Description": "Applications that use a non-default option when verifying certificates may be\nvulnerable to an attack from a malicious CA to circumvent certain checks.\n\nInvalid certificate policies in leaf certificates are silently ignored by\nOpenSSL and other certificate policy checks are skipped for that certificate.\nA malicious CA could use this to deliberately assert invalid certificate policies\nin order to circumvent policy checking on the certificate altogether.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3722", + "https://access.redhat.com/security/cve/CVE-2023-0465", + "https://bugzilla.redhat.com/2181082", + "https://bugzilla.redhat.com/2182561", + "https://bugzilla.redhat.com/2182565", + "https://bugzilla.redhat.com/2188461", + "https://bugzilla.redhat.com/2207947", + "https://errata.almalinux.org/9/ALSA-2023-3722.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c", + "https://github.com/advisories/GHSA-77f3-6546-6rj7", + "https://linux.oracle.com/cve/CVE-2023-0465.html", + "https://linux.oracle.com/errata/ELSA-2023-3722.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0465", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230414-0001", + "https://security.netapp.com/advisory/ntap-20230414-0001/", + "https://ubuntu.com/security/notices/USN-6039-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0465", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230328.txt" + ], + "PublishedDate": "2023-03-28T15:15:06.82Z", + "LastModifiedDate": "2025-02-18T21:15:13.877Z" + }, + { + "VulnerabilityID": "CVE-2023-0466", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0466", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:7c1f6c43f6b72b0eeea6202edb2e4c587f2051fdfff616117f07e631de1c0aa5", + "Title": "openssl: Certificate policy check not enabled", + "Description": "The function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\n\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\n\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\n\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/09/28/4", + "https://access.redhat.com/errata/RHSA-2023:3722", + "https://access.redhat.com/security/cve/CVE-2023-0466", + "https://bugzilla.redhat.com/2181082", + "https://bugzilla.redhat.com/2182561", + "https://bugzilla.redhat.com/2182565", + "https://bugzilla.redhat.com/2188461", + "https://bugzilla.redhat.com/2207947", + "https://errata.almalinux.org/9/ALSA-2023-3722.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061", + "https://github.com/advisories/GHSA-pxvj-4wx4-gv6w", + "https://linux.oracle.com/cve/CVE-2023-0466.html", + "https://linux.oracle.com/errata/ELSA-2023-3722.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-0466", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230414-0001", + "https://security.netapp.com/advisory/ntap-20230414-0001/", + "https://ubuntu.com/security/notices/USN-6039-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-0466", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230328.txt" + ], + "PublishedDate": "2023-03-28T15:15:06.88Z", + "LastModifiedDate": "2025-02-19T18:15:22.177Z" + }, + { + "VulnerabilityID": "CVE-2023-1255", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.8-r4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-1255", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ce8a0b2a3042b1f00335c51a0277a2af1c6179102b0f727118b8d5262bfc094f", + "Title": "openssl: Input buffer over-read in AES-XTS implementation on 64 bit ARM", + "Description": "Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM\nplatform contains a bug that could cause it to read past the input buffer,\nleading to a crash.\n\nImpact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM\nplatform can crash in rare circumstances. The AES-XTS algorithm is usually\nused for disk encryption.\n\nThe AES-XTS cipher decryption implementation for 64 bit ARM platform will read\npast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16\nbyte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext\nbuffer is unmapped, this will trigger a crash which results in a denial of\nservice.\n\nIf an attacker can control the size and location of the ciphertext buffer\nbeing decrypted by an application using AES-XTS on 64 bit ARM, the\napplication is affected. This is fairly unlikely making this issue\na Low severity one.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.1 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/04/20/13", + "https://access.redhat.com/errata/RHSA-2023:3722", + "https://access.redhat.com/security/cve/CVE-2023-1255", + "https://bugzilla.redhat.com/2181082", + "https://bugzilla.redhat.com/2182561", + "https://bugzilla.redhat.com/2182565", + "https://bugzilla.redhat.com/2188461", + "https://bugzilla.redhat.com/2207947", + "https://errata.almalinux.org/9/ALSA-2023-3722.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc2f61ad70971869b242fc1cb445b98bad50074a", + "https://github.com/advisories/GHSA-4wp2-xw7p-2gfx", + "https://linux.oracle.com/cve/CVE-2023-1255.html", + "https://linux.oracle.com/errata/ELSA-2023-3722.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-1255", + "https://security.netapp.com/advisory/ntap-20230908-0006/", + "https://ubuntu.com/security/notices/USN-6119-1", + "https://www.cve.org/CVERecord?id=CVE-2023-1255", + "https://www.openssl.org/news/secadv/20230419.txt", + "https://www.openssl.org/news/secadv/20230420.txt" + ], + "PublishedDate": "2023-04-20T17:15:06.883Z", + "LastModifiedDate": "2025-02-04T22:15:39.327Z" + }, + { + "VulnerabilityID": "CVE-2023-2650", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.9-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2650", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ae73f9697fc9ca15460fb53262566ac4e15682475fe51e9849f3b2a717b5e05a", + "Title": "openssl: Possible DoS translating ASN.1 object identifiers", + "Description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/05/30/1", + "https://access.redhat.com/errata/RHSA-2023:6330", + "https://access.redhat.com/security/cve/CVE-2023-2650", + "https://bugzilla.redhat.com/1858038", + "https://bugzilla.redhat.com/2207947", + "https://errata.almalinux.org/9/ALSA-2023-6330.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a", + "https://github.com/advisories/GHSA-gqxg-9vfr-p9cg", + "https://linux.oracle.com/cve/CVE-2023-2650.html", + "https://linux.oracle.com/errata/ELSA-2023-6330.html", + "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2650", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230703-0001/", + "https://security.netapp.com/advisory/ntap-20231027-0009/", + "https://ubuntu.com/security/notices/USN-6119-1", + "https://ubuntu.com/security/notices/USN-6188-1", + "https://ubuntu.com/security/notices/USN-6672-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-2650", + "https://www.debian.org/security/2023/dsa-5417", + "https://www.openssl.org/news/secadv/20230530.txt" + ], + "PublishedDate": "2023-05-30T14:15:09.683Z", + "LastModifiedDate": "2025-03-19T16:15:21.89Z" + }, + { + "VulnerabilityID": "CVE-2023-2975", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.9-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2975", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:3ab0b1b24a02e8662f16cffb57ad74a3926d34e72c6b5cd39ea7261db5da2b93", + "Title": "openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries", + "Description": "Issue summary: The AES-SIV cipher implementation contains a bug that causes\nit to ignore empty associated data entries which are unauthenticated as\na consequence.\n\nImpact summary: Applications that use the AES-SIV algorithm and want to\nauthenticate empty data entries as associated data can be misled by removing,\nadding or reordering such empty entries as these are ignored by the OpenSSL\nimplementation. We are currently unaware of any such applications.\n\nThe AES-SIV algorithm allows for authentication of multiple associated\ndata entries along with the encryption. To authenticate empty data the\napplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with\nNULL pointer as the output buffer and 0 as the input buffer length.\nThe AES-SIV implementation in OpenSSL just returns success for such a call\ninstead of performing the associated data authentication operation.\nThe empty data thus will not be authenticated.\n\nAs this issue does not affect non-empty associated data authentication and\nwe expect it to be rare for an application to use empty associated data\nentries this is qualified as Low severity issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-354", + "CWE-287" + ], + "VendorSeverity": { + "alma": 1, + "amazon": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 1, + "photon": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/07/15/1", + "http://www.openwall.com/lists/oss-security/2023/07/19/5", + "https://access.redhat.com/errata/RHSA-2024:2447", + "https://access.redhat.com/security/cve/CVE-2023-2975", + "https://bugzilla.redhat.com/2223016", + "https://bugzilla.redhat.com/2224962", + "https://bugzilla.redhat.com/2227852", + "https://bugzilla.redhat.com/2248616", + "https://bugzilla.redhat.com/2257571", + "https://bugzilla.redhat.com/2258502", + "https://bugzilla.redhat.com/2259944", + "https://errata.almalinux.org/9/ALSA-2024-2447.html", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc", + "https://github.com/advisories/GHSA-hpqg-7fjp-436p", + "https://linux.oracle.com/cve/CVE-2023-2975.html", + "https://linux.oracle.com/errata/ELSA-2024-2447.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-2975", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230725-0004", + "https://security.netapp.com/advisory/ntap-20230725-0004/", + "https://ubuntu.com/security/notices/USN-6450-1", + "https://www.cve.org/CVERecord?id=CVE-2023-2975", + "https://www.openssl.org/news/secadv/20230714.txt" + ], + "PublishedDate": "2023-07-14T12:15:09.023Z", + "LastModifiedDate": "2025-04-23T17:16:32.467Z" + }, + { + "VulnerabilityID": "CVE-2023-3446", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.9-r3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3446", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:79957f0d103f50daa6c155489296ffb4503591b2952fcd8d3a8a121969908888", + "Title": "openssl: Excessive time spent checking DH keys and parameters", + "Description": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. One of those\nchecks confirms that the modulus ('p' parameter) is not too large. Trying to use\na very large modulus is slow and OpenSSL will not normally use a modulus which\nis over 10,000 bits in length.\n\nHowever the DH_check() function checks numerous aspects of the key or parameters\nthat have been supplied. Some of those checks use the supplied modulus value\neven if it has already been found to be too large.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulernable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the '-check' option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-606", + "CWE-1333" + ], + "VendorSeverity": { + "alma": 1, + "amazon": 3, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 1, + "photon": 2, + "redhat": 1, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/07/19/4", + "http://www.openwall.com/lists/oss-security/2023/07/19/5", + "http://www.openwall.com/lists/oss-security/2023/07/19/6", + "http://www.openwall.com/lists/oss-security/2023/07/31/1", + "http://www.openwall.com/lists/oss-security/2024/05/16/1", + "https://access.redhat.com/errata/RHSA-2024:2447", + "https://access.redhat.com/security/cve/CVE-2023-3446", + "https://bugzilla.redhat.com/2223016", + "https://bugzilla.redhat.com/2224962", + "https://bugzilla.redhat.com/2227852", + "https://bugzilla.redhat.com/2248616", + "https://bugzilla.redhat.com/2257571", + "https://bugzilla.redhat.com/2258502", + "https://bugzilla.redhat.com/2259944", + "https://bugzilla.redhat.com/show_bug.cgi?id=2224962", + "https://bugzilla.redhat.com/show_bug.cgi?id=2257582", + "https://bugzilla.redhat.com/show_bug.cgi?id=2257583", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258677", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258688", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258691", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258694", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258700", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36763", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36764", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45229", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45231", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45232", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45233", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45235", + "https://errata.almalinux.org/9/ALSA-2024-2447.html", + "https://errata.rockylinux.org/RLSA-2024:2264", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23", + "https://linux.oracle.com/cve/CVE-2023-3446.html", + "https://linux.oracle.com/errata/ELSA-2024-2447.html", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3446", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230803-0011/", + "https://ubuntu.com/security/notices/USN-6435-1", + "https://ubuntu.com/security/notices/USN-6435-2", + "https://ubuntu.com/security/notices/USN-6450-1", + "https://ubuntu.com/security/notices/USN-6709-1", + "https://ubuntu.com/security/notices/USN-7018-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3446", + "https://www.openssl.org/news/secadv/20230719.txt" + ], + "PublishedDate": "2023-07-19T12:15:10.003Z", + "LastModifiedDate": "2025-04-23T17:16:36.967Z" + }, + { + "VulnerabilityID": "CVE-2023-3817", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.10-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3817", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:96637ef64ca0979577e7acbecaf6e745387663235341e76fc7047c3e846c51b9", + "Title": "OpenSSL: Excessive time spent checking DH q parameter value", + "Description": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-606", + "CWE-834" + ], + "VendorSeverity": { + "alma": 1, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 1, + "photon": 2, + "redhat": 1, + "rocky": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://seclists.org/fulldisclosure/2023/Jul/43", + "http://www.openwall.com/lists/oss-security/2023/07/31/1", + "http://www.openwall.com/lists/oss-security/2023/09/22/11", + "http://www.openwall.com/lists/oss-security/2023/09/22/9", + "http://www.openwall.com/lists/oss-security/2023/11/06/2", + "https://access.redhat.com/errata/RHSA-2024:2447", + "https://access.redhat.com/security/cve/CVE-2023-3817", + "https://bugzilla.redhat.com/2223016", + "https://bugzilla.redhat.com/2224962", + "https://bugzilla.redhat.com/2227852", + "https://bugzilla.redhat.com/2248616", + "https://bugzilla.redhat.com/2257571", + "https://bugzilla.redhat.com/2258502", + "https://bugzilla.redhat.com/2259944", + "https://bugzilla.redhat.com/show_bug.cgi?id=2224962", + "https://bugzilla.redhat.com/show_bug.cgi?id=2227852", + "https://bugzilla.redhat.com/show_bug.cgi?id=2248616", + "https://bugzilla.redhat.com/show_bug.cgi?id=2270358", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5678", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2408", + "https://errata.almalinux.org/9/ALSA-2024-2447.html", + "https://errata.rockylinux.org/RLSA-2023:7877", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5", + "https://github.com/advisories/GHSA-c945-cqj5-wfv6", + "https://linux.oracle.com/cve/CVE-2023-3817.html", + "https://linux.oracle.com/errata/ELSA-2024-2447.html", + "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3817", + "https://security.gentoo.org/glsa/202402-08", + "https://security.netapp.com/advisory/ntap-20230818-0014", + "https://security.netapp.com/advisory/ntap-20230818-0014/", + "https://security.netapp.com/advisory/ntap-20231027-0008", + "https://security.netapp.com/advisory/ntap-20231027-0008/", + "https://security.netapp.com/advisory/ntap-20240621-0006", + "https://security.netapp.com/advisory/ntap-20240621-0006/", + "https://ubuntu.com/security/notices/USN-6435-1", + "https://ubuntu.com/security/notices/USN-6435-2", + "https://ubuntu.com/security/notices/USN-6450-1", + "https://ubuntu.com/security/notices/USN-6709-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-3817", + "https://www.openssl.org/news/secadv/20230731.txt" + ], + "PublishedDate": "2023-07-31T16:15:10.497Z", + "LastModifiedDate": "2025-05-05T16:15:47.343Z" + }, + { + "VulnerabilityID": "CVE-2023-5678", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.12-r1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-5678", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ad1a8827f667f499bedc0eb3e830a79d076d92900bdff7d180658450414136a2", + "Title": "openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow", + "Description": "Issue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n\"-pubcheck\" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-606", + "CWE-754" + ], + "VendorSeverity": { + "alma": 1, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 1, + "photon": 2, + "redhat": 1, + "rocky": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/11/06/2", + "http://www.openwall.com/lists/oss-security/2024/03/11/1", + "https://access.redhat.com/errata/RHSA-2024:2447", + "https://access.redhat.com/security/cve/CVE-2023-5678", + "https://bugzilla.redhat.com/2223016", + "https://bugzilla.redhat.com/2224962", + "https://bugzilla.redhat.com/2227852", + "https://bugzilla.redhat.com/2248616", + "https://bugzilla.redhat.com/2257571", + "https://bugzilla.redhat.com/2258502", + "https://bugzilla.redhat.com/2259944", + "https://bugzilla.redhat.com/show_bug.cgi?id=2224962", + "https://bugzilla.redhat.com/show_bug.cgi?id=2227852", + "https://bugzilla.redhat.com/show_bug.cgi?id=2248616", + "https://bugzilla.redhat.com/show_bug.cgi?id=2270358", + "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", + "https://cert-portal.siemens.com/productcert/html/ssa-128433.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-277137.html", + "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", + "https://cert-portal.siemens.com/productcert/html/ssa-341067.html", + "https://cert-portal.siemens.com/productcert/html/ssa-398330.html", + "https://cert-portal.siemens.com/productcert/html/ssa-556635.html", + "https://cert-portal.siemens.com/productcert/html/ssa-613116.html", + "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", + "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", + "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5678", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2408", + "https://errata.almalinux.org/9/ALSA-2024-2447.html", + "https://errata.rockylinux.org/RLSA-2023:7877", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017", + "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", + "https://github.com/advisories/GHSA-2cj7-mg3x-9mhq", + "https://linux.oracle.com/cve/CVE-2023-5678.html", + "https://linux.oracle.com/errata/ELSA-2024-2447.html", + "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html", + "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-5678", + "https://security.netapp.com/advisory/ntap-20231130-0010", + "https://security.netapp.com/advisory/ntap-20231130-0010/", + "https://ubuntu.com/security/notices/USN-6622-1", + "https://ubuntu.com/security/notices/USN-6632-1", + "https://ubuntu.com/security/notices/USN-6709-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2023-5678", + "https://www.openssl.org/news/secadv/20231106.txt" + ], + "PublishedDate": "2023-11-06T16:15:42.67Z", + "LastModifiedDate": "2026-05-12T11:16:17.123Z" + }, + { + "VulnerabilityID": "CVE-2023-6129", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.12-r2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-6129", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:a77cdc3bc75a9786555250faa492a3c79a4430cda7739e4da2a868d07fb2b7bd", + "Title": "openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC", + "Description": "Issue summary: The POLY1305 MAC (message authentication code) implementation\ncontains a bug that might corrupt the internal state of applications running\non PowerPC CPU based platforms if the CPU provides vector instructions.\n\nImpact summary: If an attacker can influence whether the POLY1305 MAC\nalgorithm is used, the application state might be corrupted with various\napplication dependent consequences.\n\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL for\nPowerPC CPUs restores the contents of vector registers in a different order\nthan they are saved. Thus the contents of some of these vector registers\nare corrupted when returning to the caller. The vulnerable code is used only\non newer PowerPC processors supporting the PowerISA 2.07 instructions.\n\nThe consequences of this kind of internal application state corruption can\nbe various - from no consequences, if the calling application does not\ndepend on the contents of non-volatile XMM registers at all, to the worst\nconsequences, where the attacker could get complete control of the application\nprocess. However unless the compiler uses the vector registers for storing\npointers, the most likely consequence, if any, would be an incorrect result\nof some application dependent calculations or a crash leading to a denial of\nservice.\n\nThe POLY1305 MAC algorithm is most frequently used as part of the\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\nversions 1.2 and 1.3. If this cipher is enabled on the server a malicious\nclient can influence whether this AEAD cipher is used. This implies that\nTLS server applications using OpenSSL can be potentially impacted. However\nwe are currently not aware of any concrete application that would be affected\nby this issue therefore we consider this a Low severity security issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-440", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 2, + "redhat": 1, + "rocky": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/01/09/1", + "http://www.openwall.com/lists/oss-security/2024/03/11/1", + "https://access.redhat.com/errata/RHSA-2024:9088", + "https://access.redhat.com/security/cve/CVE-2023-6129", + "https://bugzilla.redhat.com/2257571", + "https://bugzilla.redhat.com/2258502", + "https://bugzilla.redhat.com/2259944", + "https://bugzilla.redhat.com/2284243", + "https://bugzilla.redhat.com/show_bug.cgi?id=2257571", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258502", + "https://bugzilla.redhat.com/show_bug.cgi?id=2259944", + "https://bugzilla.redhat.com/show_bug.cgi?id=2284243", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", + "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", + "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6129", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6237", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1298", + "https://errata.almalinux.org/9/ALSA-2024-9088.html", + "https://errata.rockylinux.org/RLSA-2024:9088", + "https://github.com/advisories/GHSA-rj8q-prqp-jwfg", + "https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35", + "https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04", + "https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015", + "https://linux.oracle.com/cve/CVE-2023-6129.html", + "https://linux.oracle.com/errata/ELSA-2024-9088.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-6129", + "https://security.netapp.com/advisory/ntap-20240216-0009", + "https://security.netapp.com/advisory/ntap-20240216-0009/", + "https://security.netapp.com/advisory/ntap-20240426-0008", + "https://security.netapp.com/advisory/ntap-20240426-0008/", + "https://security.netapp.com/advisory/ntap-20240426-0013", + "https://security.netapp.com/advisory/ntap-20240426-0013/", + "https://security.netapp.com/advisory/ntap-20240503-0011", + "https://security.netapp.com/advisory/ntap-20240503-0011/", + "https://ubuntu.com/security/notices/USN-6622-1", + "https://www.cve.org/CVERecord?id=CVE-2023-6129", + "https://www.openssl.org/news/secadv/20240109.txt", + "https://www.openwall.com/lists/oss-security/2024/01/09/1" + ], + "PublishedDate": "2024-01-09T17:15:12.147Z", + "LastModifiedDate": "2026-05-12T11:16:17.563Z" + }, + { + "VulnerabilityID": "CVE-2024-0727", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.12-r4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-0727", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:b83e50f2405b9491e40f4c09055a3be6b87bf960d8127881d78052fd3967cc15", + "Title": "openssl: denial of service via null dereference", + "Description": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "julia": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 1, + "rocky": 2, + "ubuntu": 1 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/11/1", + "https://access.redhat.com/errata/RHSA-2024:9088", + "https://access.redhat.com/security/cve/CVE-2024-0727", + "https://bugzilla.redhat.com/2257571", + "https://bugzilla.redhat.com/2258502", + "https://bugzilla.redhat.com/2259944", + "https://bugzilla.redhat.com/2284243", + "https://bugzilla.redhat.com/show_bug.cgi?id=2257571", + "https://bugzilla.redhat.com/show_bug.cgi?id=2258502", + "https://bugzilla.redhat.com/show_bug.cgi?id=2259944", + "https://bugzilla.redhat.com/show_bug.cgi?id=2284243", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-277137.html", + "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", + "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", + "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6129", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6237", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1298", + "https://errata.almalinux.org/9/ALSA-2024-9088.html", + "https://errata.rockylinux.org/RLSA-2024:9088", + "https://github.com/advisories/GHSA-9v9h-cgj8-h64p", + "https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2", + "https://github.com/github/advisory-database/pull/3472", + "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2", + "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a", + "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c", + "https://github.com/openssl/openssl/pull/23362", + "https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d", + "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8", + "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539", + "https://linux.oracle.com/cve/CVE-2024-0727.html", + "https://linux.oracle.com/errata/ELSA-2024-9088.html", + "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html", + "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-0727", + "https://security.netapp.com/advisory/ntap-20240208-0006", + "https://security.netapp.com/advisory/ntap-20240208-0006/", + "https://ubuntu.com/security/notices/USN-6622-1", + "https://ubuntu.com/security/notices/USN-6632-1", + "https://ubuntu.com/security/notices/USN-6709-1", + "https://ubuntu.com/security/notices/USN-7018-1", + "https://ubuntu.com/security/notices/USN-7894-1", + "https://www.cve.org/CVERecord?id=CVE-2024-0727", + "https://www.openssl.org/news/secadv/20240125.txt" + ], + "PublishedDate": "2024-01-26T09:15:07.637Z", + "LastModifiedDate": "2026-05-12T12:16:16.567Z" + }, + { + "VulnerabilityID": "CVE-2025-69419", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.19-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:0acae399f7629b8fe9565fb24dbfc603c81db73a4e0b4ddb794e6ff64c29a526", + "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", + "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4472", + "https://access.redhat.com/security/cve/CVE-2025-69419", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-4472.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-x77r-97gw-wh89", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://linux.oracle.com/cve/CVE-2025-69419.html", + "https://linux.oracle.com/errata/ELSA-2026-50131.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69419" + ], + "PublishedDate": "2026-01-27T16:16:34.113Z", + "LastModifiedDate": "2026-05-12T13:17:26.19Z" + }, + { + "VulnerabilityID": "CVE-2025-9230", + "PkgID": "libssl3@3.0.7-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", + "UID": "b9e47beded0d444e" + }, + "InstalledVersion": "3.0.7-r0", + "FixedVersion": "3.0.19-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:e1ce935857188d04d582bc29ae324301fb4625054080388375d2eeeac33f78da", + "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", + "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125", + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 5.6 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/09/30/5", + "https://access.redhat.com/errata/RHSA-2026:2776", + "https://access.redhat.com/security/cve/CVE-2025-9230", + "https://bugzilla.redhat.com/2396054", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", + "https://errata.almalinux.org/9/ALSA-2026-2776.html", + "https://errata.rockylinux.org/RLSA-2025:21255", + "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", + "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", + "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", + "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", + "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", + "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", + "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", + "https://linux.oracle.com/cve/CVE-2025-9230.html", + "https://linux.oracle.com/errata/ELSA-2026-50114.html", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", + "https://openssl-library.org/news/secadv/20250930.txt", + "https://ubuntu.com/security/notices/USN-7786-1", + "https://www.cve.org/CVERecord?id=CVE-2025-9230" + ], + "PublishedDate": "2025-09-30T14:15:41.05Z", + "LastModifiedDate": "2026-05-12T13:17:29.767Z" + }, + { + "VulnerabilityID": "CVE-2025-26519", + "PkgID": "musl@1.2.3-r4", + "PkgName": "musl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl@1.2.3-r4?arch=x86_64\u0026distro=3.17.0", + "UID": "af5f98cf83a00dc2" + }, + "InstalledVersion": "1.2.3-r4", + "FixedVersion": "1.2.3-r6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-26519", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:c3db28160797c13f6c86972e6208dcd15f750c966dc5922502b2874ce8b817e3", + "Title": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...", + "Description": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "nvd": 3 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/02/13/2", + "http://www.openwall.com/lists/oss-security/2025/02/13/3", + "http://www.openwall.com/lists/oss-security/2025/02/13/4", + "http://www.openwall.com/lists/oss-security/2025/02/13/5", + "http://www.openwall.com/lists/oss-security/2025/02/14/5", + "http://www.openwall.com/lists/oss-security/2025/02/14/6", + "https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da", + "https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659", + "https://www.openwall.com/lists/oss-security/2025/02/13/2" + ], + "PublishedDate": "2025-02-14T04:15:09.05Z", + "LastModifiedDate": "2025-12-10T20:03:59.273Z" + }, + { + "VulnerabilityID": "CVE-2025-26519", + "PkgID": "musl-utils@1.2.3-r4", + "PkgName": "musl-utils", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.3-r4?arch=x86_64\u0026distro=3.17.0", + "UID": "69e5c84e7222babe" + }, + "InstalledVersion": "1.2.3-r4", + "FixedVersion": "1.2.3-r6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-26519", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:8ab4cf830760b396c98023ad8599965608375435c48f99d6da4ba24f66fb8df6", + "Title": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...", + "Description": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "nvd": 3 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/02/13/2", + "http://www.openwall.com/lists/oss-security/2025/02/13/3", + "http://www.openwall.com/lists/oss-security/2025/02/13/4", + "http://www.openwall.com/lists/oss-security/2025/02/13/5", + "http://www.openwall.com/lists/oss-security/2025/02/14/5", + "http://www.openwall.com/lists/oss-security/2025/02/14/6", + "https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da", + "https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659", + "https://www.openwall.com/lists/oss-security/2025/02/13/2" + ], + "PublishedDate": "2025-02-14T04:15:09.05Z", + "LastModifiedDate": "2025-12-10T20:03:59.273Z" + }, + { + "VulnerabilityID": "CVE-2023-42363", + "PkgID": "ssl_client@1.35.0-r29", + "PkgName": "ssl_client", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "4d574a05a4da5141" + }, + "InstalledVersion": "1.35.0-r29", + "FixedVersion": "1.35.0-r31", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42363", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:a04960cdd2abbd5f6f409edc1c188372293c862a8dd58f08547f66aa824f675a", + "Title": "busybox: use-after-free in awk", + "Description": "A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://lists.busybox.net/pipermail/busybox/2024-May/090760.html", + "https://access.redhat.com/security/cve/CVE-2023-42363", + "https://bugs.busybox.net/show_bug.cgi?id=15865", + "https://nvd.nist.gov/vuln/detail/CVE-2023-42363", + "https://ubuntu.com/security/notices/USN-6961-1", + "https://www.cve.org/CVERecord?id=CVE-2023-42363" + ], + "PublishedDate": "2023-11-27T22:15:07.94Z", + "LastModifiedDate": "2024-11-21T08:22:28.403Z" + }, + { + "VulnerabilityID": "CVE-2023-42364", + "PkgID": "ssl_client@1.35.0-r29", + "PkgName": "ssl_client", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "4d574a05a4da5141" + }, + "InstalledVersion": "1.35.0-r29", + "FixedVersion": "1.35.0-r31", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42364", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:3a2b5e125722f465bd528378cb522881325f83a46afe8e6199234fdbdfd5a223", + "Title": "busybox: use-after-free", + "Description": "A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://lists.busybox.net/pipermail/busybox/2024-May/090762.html", + "https://access.redhat.com/security/cve/CVE-2023-42364", + "https://bugs.busybox.net/show_bug.cgi?id=15868", + "https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/busybox/CVE-2023-42364-CVE-2023-42365.patch", + "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-42364", + "https://ubuntu.com/security/notices/USN-6961-1", + "https://www.cve.org/CVERecord?id=CVE-2023-42364" + ], + "PublishedDate": "2023-11-27T23:15:07.313Z", + "LastModifiedDate": "2025-11-03T21:16:01.17Z" + }, + { + "VulnerabilityID": "CVE-2023-42365", + "PkgID": "ssl_client@1.35.0-r29", + "PkgName": "ssl_client", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "4d574a05a4da5141" + }, + "InstalledVersion": "1.35.0-r29", + "FixedVersion": "1.35.0-r31", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42365", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:980a5d2525cf2154b839f7ae93bf5b6ee255a3c8459d293123b8691139fa3d91", + "Title": "busybox: use-after-free", + "Description": "A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://lists.busybox.net/pipermail/busybox/2024-May/090762.html", + "https://access.redhat.com/security/cve/CVE-2023-42365", + "https://bugs.busybox.net/show_bug.cgi?id=15871", + "https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/busybox/CVE-2023-42364-CVE-2023-42365.patch", + "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-42365", + "https://ubuntu.com/security/notices/USN-6961-1", + "https://www.cve.org/CVERecord?id=CVE-2023-42365" + ], + "PublishedDate": "2023-11-27T23:15:07.373Z", + "LastModifiedDate": "2025-11-03T21:16:01.393Z" + }, + { + "VulnerabilityID": "CVE-2023-42366", + "PkgID": "ssl_client@1.35.0-r29", + "PkgName": "ssl_client", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", + "UID": "4d574a05a4da5141" + }, + "InstalledVersion": "1.35.0-r29", + "FixedVersion": "1.35.0-r30", + "Status": "fixed", + "Layer": { + "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", + "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42366", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:66ead9d5e38cbeda8bd521e1695b3aa49f833fda8fef553eb312da917af688af", + "Title": "busybox: A heap-buffer-overflow", + "Description": "A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "cbl-mariner": 2, + "nvd": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", + "V3Score": 7.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-42366", + "https://bugs.busybox.net/show_bug.cgi?id=15874", + "https://nvd.nist.gov/vuln/detail/CVE-2023-42366", + "https://security.netapp.com/advisory/ntap-20241206-0007/", + "https://www.cve.org/CVERecord?id=CVE-2023-42366" + ], + "PublishedDate": "2023-11-27T23:15:07.42Z", + "LastModifiedDate": "2024-12-06T14:15:19.53Z" + } + ] + }, + { + "Target": "usr/local/bin/rclone", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "github.com/rclone/rclone@v1.61.1", + "Name": "github.com/rclone/rclone", + "Identifier": { + "PURL": "pkg:golang/github.com/rclone/rclone@v1.61.1", + "UID": "ae64505d118b4275" + }, + "Version": "v1.61.1", + "Relationship": "root", + "DependsOn": [ + "bazil.org/fuse@v0.0.0-20200524192727-fb710f7dfd05", + "cloud.google.com/go/compute/metadata@v0.2.1", + "github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.1.4", + "github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.2.0", + "github.com/Azure/azure-sdk-for-go/sdk/internal@v1.0.1", + "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob@v0.5.1", + "github.com/Azure/go-ntlmssp@v0.0.0-20220621081337-cb9428e4ac1e", + "github.com/AzureAD/microsoft-authentication-library-for-go@v0.7.0", + "github.com/Max-Sum/base32768@v0.0.0-20191205131208-7937843c71d5", + "github.com/ProtonMail/go-crypto@v0.0.0-20221026131551-cf6655e29de4", + "github.com/Unknwon/goconfig@v1.0.0", + "github.com/a8m/tree@v0.0.0-20210414114729-ce3525c5c2ef", + "github.com/aalpar/deheap@v0.0.0-20210914013432-0cc84d79dec3", + "github.com/abbot/go-http-auth@v0.4.0", + "github.com/anacrolix/dms@v1.5.0", + "github.com/anacrolix/log@v0.13.1", + "github.com/artyom/mtab@v1.0.0", + "github.com/atotto/clipboard@v0.1.4", + "github.com/aws/aws-sdk-go@v1.44.145", + "github.com/beorn7/perks@v1.0.1", + "github.com/buengese/sgzip@v0.1.1", + "github.com/calebcase/tmpfile@v1.0.3", + "github.com/cespare/xxhash/v2@v2.1.2", + "github.com/cloudflare/circl@v1.1.0", + "github.com/colinmarc/hdfs/v2@v2.3.0", + "github.com/coreos/go-semver@v0.3.0", + "github.com/coreos/go-systemd@v0.0.0-20191104093116-d3cd4ed1dbcf", + "github.com/cpuguy83/go-md2man/v2@v2.0.2", + "github.com/dropbox/dropbox-sdk-go-unofficial/v6@v6.0.5", + "github.com/gabriel-vasile/mimetype@v1.4.1", + "github.com/gdamore/encoding@v1.0.0", + "github.com/gdamore/tcell/v2@v2.5.3", + "github.com/geoffgarside/ber@v1.1.0", + "github.com/go-chi/chi/v5@v5.0.7", + "github.com/gofrs/flock@v0.8.1", + "github.com/gogo/protobuf@v1.3.2", + "github.com/golang-jwt/jwt/v4@v4.4.2", + "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", + "github.com/golang/protobuf@v1.5.2", + "github.com/google/go-querystring@v1.1.0", + "github.com/google/uuid@v1.3.0", + "github.com/googleapis/enterprise-certificate-proxy@v0.2.0", + "github.com/googleapis/gax-go/v2@v2.7.0", + "github.com/hanwen/go-fuse/v2@v2.1.0", + "github.com/hashicorp/errwrap@v1.0.0", + "github.com/hashicorp/go-multierror@v1.1.1", + "github.com/hashicorp/go-uuid@v1.0.3", + "github.com/hirochachacha/go-smb2@v1.1.0", + "github.com/iguanesolutions/go-systemd/v5@v5.1.0", + "github.com/jcmturner/aescts/v2@v2.0.0", + "github.com/jcmturner/dnsutils/v2@v2.0.0", + "github.com/jcmturner/gofork@v1.7.6", + "github.com/jcmturner/goidentity/v6@v6.0.1", + "github.com/jcmturner/gokrb5/v8@v8.4.3", + "github.com/jcmturner/rpc/v2@v2.0.3", + "github.com/jmespath/go-jmespath@v0.4.0", + "github.com/jzelinskie/whirlpool@v0.0.0-20201016144138-0675e54bb004", + "github.com/klauspost/compress@v1.15.12", + "github.com/koofr/go-httpclient@v0.0.0-20200420163713-93aa7c75b348", + "github.com/koofr/go-koofrclient@v0.0.0-20190724113126-8e5366da203a", + "github.com/kr/fs@v0.1.0", + "github.com/kylelemons/godebug@v1.1.0", + "github.com/lucasb-eyer/go-colorful@v1.2.0", + "github.com/mattn/go-colorable@v0.1.13", + "github.com/mattn/go-isatty@v0.0.16", + "github.com/mattn/go-runewidth@v0.0.14", + "github.com/matttproud/golang_protobuf_extensions@v1.0.1", + "github.com/mitchellh/go-homedir@v1.1.0", + "github.com/ncw/go-acd@v0.0.0-20201019170801-fe55f33415b1", + "github.com/ncw/swift/v2@v2.0.1", + "github.com/oracle/oci-go-sdk/v65@v65.26.1", + "github.com/patrickmn/go-cache@v2.1.0+incompatible", + "github.com/pengsrc/go-shared@v0.2.1-0.20190131101655-1999055a4a14", + "github.com/pkg/browser@v0.0.0-20210115035449-ce105d075bb4", + "github.com/pkg/sftp@v1.13.5", + "github.com/pkg/xattr@v0.4.9", + "github.com/prometheus/client_golang@v1.14.0", + "github.com/prometheus/client_model@v0.3.0", + "github.com/prometheus/common@v0.37.0", + "github.com/prometheus/procfs@v0.8.0", + "github.com/putdotio/go-putio/putio@v0.0.0-20200123120452-16d982cac2b8", + "github.com/rclone/ftp@v0.0.0-20221014110213-e44dedbc76c6", + "github.com/rfjakob/eme@v1.1.2", + "github.com/rivo/uniseg@v0.2.0", + "github.com/russross/blackfriday/v2@v2.1.0", + "github.com/shirou/gopsutil/v3@v3.22.10", + "github.com/sirupsen/logrus@v1.9.0", + "github.com/skratchdot/open-golang@v0.0.0-20200116055534-eef842397966", + "github.com/sony/gobreaker@v0.5.0", + "github.com/spacemonkeygo/monkit/v3@v3.0.17", + "github.com/spf13/cobra@v1.6.1", + "github.com/spf13/pflag@v1.0.5", + "github.com/t3rm1n4l/go-mega@v0.0.0-20220725095014-c4e0c2b5debf", + "github.com/vivint/infectious@v0.0.0-20200605153912-25a574ae18a3", + "github.com/xanzy/ssh-agent@v0.3.3", + "github.com/youmark/pkcs8@v0.0.0-20201027041543-1326539a0a0a", + "github.com/yunify/qingstor-sdk-go/v3@v3.2.0", + "github.com/zeebo/errs@v1.3.0", + "go.etcd.io/bbolt@v1.3.6", + "go.opencensus.io@v0.24.0", + "goftp.io/server@v0.4.1", + "golang.org/x/crypto@v0.3.0", + "golang.org/x/net@v0.4.0", + "golang.org/x/oauth2@v0.2.0", + "golang.org/x/sync@v0.1.0", + "golang.org/x/sys@v0.3.0", + "golang.org/x/term@v0.3.0", + "golang.org/x/text@v0.5.0", + "golang.org/x/time@v0.2.0", + "google.golang.org/api@v0.103.0", + "google.golang.org/genproto@v0.0.0-20221027153422-115e99e71e1c", + "google.golang.org/grpc@v1.50.1", + "google.golang.org/protobuf@v1.28.1", + "gopkg.in/yaml.v2@v2.4.0", + "gopkg.in/yaml.v3@v3.0.1", + "stdlib@v1.19.4", + "storj.io/common@v0.0.0-20220414110316-a5cb7172d6bf", + "storj.io/drpc@v0.0.30", + "storj.io/uplink@v1.9.0" + ], + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "stdlib@v1.19.4", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "Version": "v1.19.4", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "bazil.org/fuse@v0.0.0-20200524192727-fb710f7dfd05", + "Name": "bazil.org/fuse", + "Identifier": { + "PURL": "pkg:golang/bazil.org/fuse@v0.0.0-20200524192727-fb710f7dfd05", + "UID": "e326377e7594e90d" + }, + "Version": "v0.0.0-20200524192727-fb710f7dfd05", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "cloud.google.com/go/compute/metadata@v0.2.1", + "Name": "cloud.google.com/go/compute/metadata", + "Identifier": { + "PURL": "pkg:golang/cloud.google.com/go/compute/metadata@v0.2.1", + "UID": "c49fe0c9fb0922d3" + }, + "Version": "v0.2.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.1.4", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/azcore", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azcore@v1.1.4", + "UID": "588de0eb9d873f03" + }, + "Version": "v1.1.4", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.2.0", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/azidentity", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azidentity@v1.2.0", + "UID": "9e2e4303a4195ef3" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/internal@v1.0.1", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/internal", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/internal@v1.0.1", + "UID": "3af85f292175432e" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob@v0.5.1", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/storage/azblob@v0.5.1", + "UID": "fd812700db42447b" + }, + "Version": "v0.5.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/go-ntlmssp@v0.0.0-20220621081337-cb9428e4ac1e", + "Name": "github.com/Azure/go-ntlmssp", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/go-ntlmssp@v0.0.0-20220621081337-cb9428e4ac1e", + "UID": "94423296cb8be0a" + }, + "Version": "v0.0.0-20220621081337-cb9428e4ac1e", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/AzureAD/microsoft-authentication-library-for-go@v0.7.0", + "Name": "github.com/AzureAD/microsoft-authentication-library-for-go", + "Identifier": { + "PURL": "pkg:golang/github.com/azuread/microsoft-authentication-library-for-go@v0.7.0", + "UID": "a5d005e8ef29fde0" + }, + "Version": "v0.7.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Max-Sum/base32768@v0.0.0-20191205131208-7937843c71d5", + "Name": "github.com/Max-Sum/base32768", + "Identifier": { + "PURL": "pkg:golang/github.com/max-sum/base32768@v0.0.0-20191205131208-7937843c71d5", + "UID": "dc1ed91e88817ecd" + }, + "Version": "v0.0.0-20191205131208-7937843c71d5", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/ProtonMail/go-crypto@v0.0.0-20221026131551-cf6655e29de4", + "Name": "github.com/ProtonMail/go-crypto", + "Identifier": { + "PURL": "pkg:golang/github.com/protonmail/go-crypto@v0.0.0-20221026131551-cf6655e29de4", + "UID": "47bd36c43c7a11ed" + }, + "Version": "v0.0.0-20221026131551-cf6655e29de4", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Unknwon/goconfig@v1.0.0", + "Name": "github.com/Unknwon/goconfig", + "Identifier": { + "PURL": "pkg:golang/github.com/unknwon/goconfig@v1.0.0", + "UID": "b9fcd5d99373376d" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/a8m/tree@v0.0.0-20210414114729-ce3525c5c2ef", + "Name": "github.com/a8m/tree", + "Identifier": { + "PURL": "pkg:golang/github.com/a8m/tree@v0.0.0-20210414114729-ce3525c5c2ef", + "UID": "dfe87a11b16fd373" + }, + "Version": "v0.0.0-20210414114729-ce3525c5c2ef", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aalpar/deheap@v0.0.0-20210914013432-0cc84d79dec3", + "Name": "github.com/aalpar/deheap", + "Identifier": { + "PURL": "pkg:golang/github.com/aalpar/deheap@v0.0.0-20210914013432-0cc84d79dec3", + "UID": "de2ea7084056b52e" + }, + "Version": "v0.0.0-20210914013432-0cc84d79dec3", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/abbot/go-http-auth@v0.4.0", + "Name": "github.com/abbot/go-http-auth", + "Identifier": { + "PURL": "pkg:golang/github.com/abbot/go-http-auth@v0.4.0", + "UID": "5ab0773158a33925" + }, + "Version": "v0.4.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/anacrolix/dms@v1.5.0", + "Name": "github.com/anacrolix/dms", + "Identifier": { + "PURL": "pkg:golang/github.com/anacrolix/dms@v1.5.0", + "UID": "8b414c8d1bd80ab5" + }, + "Version": "v1.5.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/anacrolix/log@v0.13.1", + "Name": "github.com/anacrolix/log", + "Identifier": { + "PURL": "pkg:golang/github.com/anacrolix/log@v0.13.1", + "UID": "35d0179d7bf6f042" + }, + "Version": "v0.13.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/artyom/mtab@v1.0.0", + "Name": "github.com/artyom/mtab", + "Identifier": { + "PURL": "pkg:golang/github.com/artyom/mtab@v1.0.0", + "UID": "34ec9fb92a539633" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/atotto/clipboard@v0.1.4", + "Name": "github.com/atotto/clipboard", + "Identifier": { + "PURL": "pkg:golang/github.com/atotto/clipboard@v0.1.4", + "UID": "9b148df82c4aaf1" + }, + "Version": "v0.1.4", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go@v1.44.145", + "Name": "github.com/aws/aws-sdk-go", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go@v1.44.145", + "UID": "64d3196ec3dc43c9" + }, + "Version": "v1.44.145", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/beorn7/perks@v1.0.1", + "Name": "github.com/beorn7/perks", + "Identifier": { + "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", + "UID": "9db812384db82867" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/buengese/sgzip@v0.1.1", + "Name": "github.com/buengese/sgzip", + "Identifier": { + "PURL": "pkg:golang/github.com/buengese/sgzip@v0.1.1", + "UID": "90a6fb3367798697" + }, + "Version": "v0.1.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/calebcase/tmpfile@v1.0.3", + "Name": "github.com/calebcase/tmpfile", + "Identifier": { + "PURL": "pkg:golang/github.com/calebcase/tmpfile@v1.0.3", + "UID": "c92ea277cada4584" + }, + "Version": "v1.0.3", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cespare/xxhash/v2@v2.1.2", + "Name": "github.com/cespare/xxhash/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.1.2", + "UID": "594caa752e9c787b" + }, + "Version": "v2.1.2", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cloudflare/circl@v1.1.0", + "Name": "github.com/cloudflare/circl", + "Identifier": { + "PURL": "pkg:golang/github.com/cloudflare/circl@v1.1.0", + "UID": "6ad71c4815031930" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/colinmarc/hdfs/v2@v2.3.0", + "Name": "github.com/colinmarc/hdfs/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/colinmarc/hdfs/v2@v2.3.0", + "UID": "3935051519b0ce30" + }, + "Version": "v2.3.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/coreos/go-semver@v0.3.0", + "Name": "github.com/coreos/go-semver", + "Identifier": { + "PURL": "pkg:golang/github.com/coreos/go-semver@v0.3.0", + "UID": "2f634c91c54af7ae" + }, + "Version": "v0.3.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/coreos/go-systemd@v0.0.0-20191104093116-d3cd4ed1dbcf", + "Name": "github.com/coreos/go-systemd", + "Identifier": { + "PURL": "pkg:golang/github.com/coreos/go-systemd@v0.0.0-20191104093116-d3cd4ed1dbcf", + "UID": "6346de3a92a6be0a" + }, + "Version": "v0.0.0-20191104093116-d3cd4ed1dbcf", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cpuguy83/go-md2man/v2@v2.0.2", + "Name": "github.com/cpuguy83/go-md2man/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/cpuguy83/go-md2man/v2@v2.0.2", + "UID": "601256f06f150e1f" + }, + "Version": "v2.0.2", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/dropbox/dropbox-sdk-go-unofficial/v6@v6.0.5", + "Name": "github.com/dropbox/dropbox-sdk-go-unofficial/v6", + "Identifier": { + "PURL": "pkg:golang/github.com/dropbox/dropbox-sdk-go-unofficial/v6@v6.0.5", + "UID": "ab721ef79da4c7b9" + }, + "Version": "v6.0.5", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gabriel-vasile/mimetype@v1.4.1", + "Name": "github.com/gabriel-vasile/mimetype", + "Identifier": { + "PURL": "pkg:golang/github.com/gabriel-vasile/mimetype@v1.4.1", + "UID": "3e6e996ab1ed72ee" + }, + "Version": "v1.4.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gdamore/encoding@v1.0.0", + "Name": "github.com/gdamore/encoding", + "Identifier": { + "PURL": "pkg:golang/github.com/gdamore/encoding@v1.0.0", + "UID": "d8de5b1778213249" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gdamore/tcell/v2@v2.5.3", + "Name": "github.com/gdamore/tcell/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/gdamore/tcell/v2@v2.5.3", + "UID": "f000ef08ec14b3ae" + }, + "Version": "v2.5.3", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/geoffgarside/ber@v1.1.0", + "Name": "github.com/geoffgarside/ber", + "Identifier": { + "PURL": "pkg:golang/github.com/geoffgarside/ber@v1.1.0", + "UID": "9684e2b37bb6c350" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-chi/chi/v5@v5.0.7", + "Name": "github.com/go-chi/chi/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/go-chi/chi/v5@v5.0.7", + "UID": "174827b0972b6f93" + }, + "Version": "v5.0.7", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gofrs/flock@v0.8.1", + "Name": "github.com/gofrs/flock", + "Identifier": { + "PURL": "pkg:golang/github.com/gofrs/flock@v0.8.1", + "UID": "9a13242c499925ec" + }, + "Version": "v0.8.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gogo/protobuf@v1.3.2", + "Name": "github.com/gogo/protobuf", + "Identifier": { + "PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2", + "UID": "d87d9eff3e69d867" + }, + "Version": "v1.3.2", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang-jwt/jwt/v4@v4.4.2", + "Name": "github.com/golang-jwt/jwt/v4", + "Identifier": { + "PURL": "pkg:golang/github.com/golang-jwt/jwt/v4@v4.4.2", + "UID": "a02ec5d34a9debc5" + }, + "Version": "v4.4.2", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", + "Name": "github.com/golang/groupcache", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", + "UID": "afd14c25f4ee5d4b" + }, + "Version": "v0.0.0-20210331224755-41bb18bfe9da", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/protobuf@v1.5.2", + "Name": "github.com/golang/protobuf", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/protobuf@v1.5.2", + "UID": "33bde5d5d825dd96" + }, + "Version": "v1.5.2", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/go-querystring@v1.1.0", + "Name": "github.com/google/go-querystring", + "Identifier": { + "PURL": "pkg:golang/github.com/google/go-querystring@v1.1.0", + "UID": "3dd1c5f700d031dd" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/uuid@v1.3.0", + "Name": "github.com/google/uuid", + "Identifier": { + "PURL": "pkg:golang/github.com/google/uuid@v1.3.0", + "UID": "4c55dd47bd0c005c" + }, + "Version": "v1.3.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/googleapis/enterprise-certificate-proxy@v0.2.0", + "Name": "github.com/googleapis/enterprise-certificate-proxy", + "Identifier": { + "PURL": "pkg:golang/github.com/googleapis/enterprise-certificate-proxy@v0.2.0", + "UID": "e26fa96544cf98a1" + }, + "Version": "v0.2.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/googleapis/gax-go/v2@v2.7.0", + "Name": "github.com/googleapis/gax-go/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/googleapis/gax-go/v2@v2.7.0", + "UID": "c5e85822c4cfb999" + }, + "Version": "v2.7.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hanwen/go-fuse/v2@v2.1.0", + "Name": "github.com/hanwen/go-fuse/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/hanwen/go-fuse/v2@v2.1.0", + "UID": "d89ade7dbb7dc768" + }, + "Version": "v2.1.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/errwrap@v1.0.0", + "Name": "github.com/hashicorp/errwrap", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/errwrap@v1.0.0", + "UID": "3af0290f673165be" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-multierror@v1.1.1", + "Name": "github.com/hashicorp/go-multierror", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-multierror@v1.1.1", + "UID": "63bc31e1a7f3db3f" + }, + "Version": "v1.1.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-uuid@v1.0.3", + "Name": "github.com/hashicorp/go-uuid", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-uuid@v1.0.3", + "UID": "e2650d386c0e7227" + }, + "Version": "v1.0.3", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hirochachacha/go-smb2@v1.1.0", + "Name": "github.com/hirochachacha/go-smb2", + "Identifier": { + "PURL": "pkg:golang/github.com/hirochachacha/go-smb2@v1.1.0", + "UID": "f665b457a9d6481b" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/iguanesolutions/go-systemd/v5@v5.1.0", + "Name": "github.com/iguanesolutions/go-systemd/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/iguanesolutions/go-systemd/v5@v5.1.0", + "UID": "fc6b6d77c91423bb" + }, + "Version": "v5.1.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jcmturner/aescts/v2@v2.0.0", + "Name": "github.com/jcmturner/aescts/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/jcmturner/aescts/v2@v2.0.0", + "UID": "c78cb1254b6a8e5b" + }, + "Version": "v2.0.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jcmturner/dnsutils/v2@v2.0.0", + "Name": "github.com/jcmturner/dnsutils/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/jcmturner/dnsutils/v2@v2.0.0", + "UID": "a7ad42b7cad868aa" + }, + "Version": "v2.0.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jcmturner/gofork@v1.7.6", + "Name": "github.com/jcmturner/gofork", + "Identifier": { + "PURL": "pkg:golang/github.com/jcmturner/gofork@v1.7.6", + "UID": "49af178ed17b2905" + }, + "Version": "v1.7.6", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jcmturner/goidentity/v6@v6.0.1", + "Name": "github.com/jcmturner/goidentity/v6", + "Identifier": { + "PURL": "pkg:golang/github.com/jcmturner/goidentity/v6@v6.0.1", + "UID": "7ef3be726cac9ac" + }, + "Version": "v6.0.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jcmturner/gokrb5/v8@v8.4.3", + "Name": "github.com/jcmturner/gokrb5/v8", + "Identifier": { + "PURL": "pkg:golang/github.com/jcmturner/gokrb5/v8@v8.4.3", + "UID": "7db6c4a4e6014e0c" + }, + "Version": "v8.4.3", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jcmturner/rpc/v2@v2.0.3", + "Name": "github.com/jcmturner/rpc/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/jcmturner/rpc/v2@v2.0.3", + "UID": "c2fadbabdb422851" + }, + "Version": "v2.0.3", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jmespath/go-jmespath@v0.4.0", + "Name": "github.com/jmespath/go-jmespath", + "Identifier": { + "PURL": "pkg:golang/github.com/jmespath/go-jmespath@v0.4.0", + "UID": "18998ac4dc32a50a" + }, + "Version": "v0.4.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jzelinskie/whirlpool@v0.0.0-20201016144138-0675e54bb004", + "Name": "github.com/jzelinskie/whirlpool", + "Identifier": { + "PURL": "pkg:golang/github.com/jzelinskie/whirlpool@v0.0.0-20201016144138-0675e54bb004", + "UID": "36634c97ac70a026" + }, + "Version": "v0.0.0-20201016144138-0675e54bb004", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/klauspost/compress@v1.15.12", + "Name": "github.com/klauspost/compress", + "Identifier": { + "PURL": "pkg:golang/github.com/klauspost/compress@v1.15.12", + "UID": "11829bcf817fab6f" + }, + "Version": "v1.15.12", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/koofr/go-httpclient@v0.0.0-20200420163713-93aa7c75b348", + "Name": "github.com/koofr/go-httpclient", + "Identifier": { + "PURL": "pkg:golang/github.com/koofr/go-httpclient@v0.0.0-20200420163713-93aa7c75b348", + "UID": "5c1ae4b9a87e2d29" + }, + "Version": "v0.0.0-20200420163713-93aa7c75b348", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/koofr/go-koofrclient@v0.0.0-20190724113126-8e5366da203a", + "Name": "github.com/koofr/go-koofrclient", + "Identifier": { + "PURL": "pkg:golang/github.com/koofr/go-koofrclient@v0.0.0-20190724113126-8e5366da203a", + "UID": "4eeaabca6565cb54" + }, + "Version": "v0.0.0-20190724113126-8e5366da203a", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/kr/fs@v0.1.0", + "Name": "github.com/kr/fs", + "Identifier": { + "PURL": "pkg:golang/github.com/kr/fs@v0.1.0", + "UID": "5afdf97ff7f34072" + }, + "Version": "v0.1.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/kylelemons/godebug@v1.1.0", + "Name": "github.com/kylelemons/godebug", + "Identifier": { + "PURL": "pkg:golang/github.com/kylelemons/godebug@v1.1.0", + "UID": "52283410ea03b5a8" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/lucasb-eyer/go-colorful@v1.2.0", + "Name": "github.com/lucasb-eyer/go-colorful", + "Identifier": { + "PURL": "pkg:golang/github.com/lucasb-eyer/go-colorful@v1.2.0", + "UID": "2da086943997a1b5" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mattn/go-colorable@v0.1.13", + "Name": "github.com/mattn/go-colorable", + "Identifier": { + "PURL": "pkg:golang/github.com/mattn/go-colorable@v0.1.13", + "UID": "cb2af01d187a561" + }, + "Version": "v0.1.13", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mattn/go-isatty@v0.0.16", + "Name": "github.com/mattn/go-isatty", + "Identifier": { + "PURL": "pkg:golang/github.com/mattn/go-isatty@v0.0.16", + "UID": "b95725f615939ad4" + }, + "Version": "v0.0.16", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mattn/go-runewidth@v0.0.14", + "Name": "github.com/mattn/go-runewidth", + "Identifier": { + "PURL": "pkg:golang/github.com/mattn/go-runewidth@v0.0.14", + "UID": "c08692dec378934b" + }, + "Version": "v0.0.14", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/matttproud/golang_protobuf_extensions@v1.0.1", + "Name": "github.com/matttproud/golang_protobuf_extensions", + "Identifier": { + "PURL": "pkg:golang/github.com/matttproud/golang_protobuf_extensions@v1.0.1", + "UID": "22bcf68bfde6516d" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mitchellh/go-homedir@v1.1.0", + "Name": "github.com/mitchellh/go-homedir", + "Identifier": { + "PURL": "pkg:golang/github.com/mitchellh/go-homedir@v1.1.0", + "UID": "b20939d7367e68a4" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/ncw/go-acd@v0.0.0-20201019170801-fe55f33415b1", + "Name": "github.com/ncw/go-acd", + "Identifier": { + "PURL": "pkg:golang/github.com/ncw/go-acd@v0.0.0-20201019170801-fe55f33415b1", + "UID": "1ce220826a0c2f83" + }, + "Version": "v0.0.0-20201019170801-fe55f33415b1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/ncw/swift/v2@v2.0.1", + "Name": "github.com/ncw/swift/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/ncw/swift/v2@v2.0.1", + "UID": "209168f39bc7757e" + }, + "Version": "v2.0.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/oracle/oci-go-sdk/v65@v65.26.1", + "Name": "github.com/oracle/oci-go-sdk/v65", + "Identifier": { + "PURL": "pkg:golang/github.com/oracle/oci-go-sdk/v65@v65.26.1", + "UID": "2a8c17704b1629a4" + }, + "Version": "v65.26.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/patrickmn/go-cache@v2.1.0+incompatible", + "Name": "github.com/patrickmn/go-cache", + "Identifier": { + "PURL": "pkg:golang/github.com/patrickmn/go-cache@v2.1.0%2Bincompatible", + "UID": "62374a16aa2bb819" + }, + "Version": "v2.1.0+incompatible", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pengsrc/go-shared@v0.2.1-0.20190131101655-1999055a4a14", + "Name": "github.com/pengsrc/go-shared", + "Identifier": { + "PURL": "pkg:golang/github.com/pengsrc/go-shared@v0.2.1-0.20190131101655-1999055a4a14", + "UID": "cb8aece86917d49e" + }, + "Version": "v0.2.1-0.20190131101655-1999055a4a14", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pkg/browser@v0.0.0-20210115035449-ce105d075bb4", + "Name": "github.com/pkg/browser", + "Identifier": { + "PURL": "pkg:golang/github.com/pkg/browser@v0.0.0-20210115035449-ce105d075bb4", + "UID": "47f3b57c556ac34b" + }, + "Version": "v0.0.0-20210115035449-ce105d075bb4", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pkg/sftp@v1.13.5", + "Name": "github.com/pkg/sftp", + "Identifier": { + "PURL": "pkg:golang/github.com/pkg/sftp@v1.13.5", + "UID": "bf37bef6f1d969d0" + }, + "Version": "v1.13.5", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pkg/xattr@v0.4.9", + "Name": "github.com/pkg/xattr", + "Identifier": { + "PURL": "pkg:golang/github.com/pkg/xattr@v0.4.9", + "UID": "2d970b6cad9ee09e" + }, + "Version": "v0.4.9", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_golang@v1.14.0", + "Name": "github.com/prometheus/client_golang", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.14.0", + "UID": "115000457136cc6f" + }, + "Version": "v1.14.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/client_model@v0.3.0", + "Name": "github.com/prometheus/client_model", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/client_model@v0.3.0", + "UID": "844dd84e5c6d6a74" + }, + "Version": "v0.3.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/common@v0.37.0", + "Name": "github.com/prometheus/common", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/common@v0.37.0", + "UID": "467a5b50e5eb9bd1" + }, + "Version": "v0.37.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/prometheus/procfs@v0.8.0", + "Name": "github.com/prometheus/procfs", + "Identifier": { + "PURL": "pkg:golang/github.com/prometheus/procfs@v0.8.0", + "UID": "e043b2ebc83e40f7" + }, + "Version": "v0.8.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/putdotio/go-putio/putio@v0.0.0-20200123120452-16d982cac2b8", + "Name": "github.com/putdotio/go-putio/putio", + "Identifier": { + "PURL": "pkg:golang/github.com/putdotio/go-putio/putio@v0.0.0-20200123120452-16d982cac2b8", + "UID": "52f596004ac71629" + }, + "Version": "v0.0.0-20200123120452-16d982cac2b8", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/rclone/ftp@v0.0.0-20221014110213-e44dedbc76c6", + "Name": "github.com/rclone/ftp", + "Identifier": { + "PURL": "pkg:golang/github.com/rclone/ftp@v0.0.0-20221014110213-e44dedbc76c6", + "UID": "24808aef510d50da" + }, + "Version": "v0.0.0-20221014110213-e44dedbc76c6", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/rfjakob/eme@v1.1.2", + "Name": "github.com/rfjakob/eme", + "Identifier": { + "PURL": "pkg:golang/github.com/rfjakob/eme@v1.1.2", + "UID": "13f83c9ba1855e00" + }, + "Version": "v1.1.2", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/rivo/uniseg@v0.2.0", + "Name": "github.com/rivo/uniseg", + "Identifier": { + "PURL": "pkg:golang/github.com/rivo/uniseg@v0.2.0", + "UID": "1fa9d8777d37cd57" + }, + "Version": "v0.2.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/russross/blackfriday/v2@v2.1.0", + "Name": "github.com/russross/blackfriday/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/russross/blackfriday/v2@v2.1.0", + "UID": "e1681825ad1c209b" + }, + "Version": "v2.1.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/shirou/gopsutil/v3@v3.22.10", + "Name": "github.com/shirou/gopsutil/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/shirou/gopsutil/v3@v3.22.10", + "UID": "d10e401e488fe27b" + }, + "Version": "v3.22.10", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/sirupsen/logrus@v1.9.0", + "Name": "github.com/sirupsen/logrus", + "Identifier": { + "PURL": "pkg:golang/github.com/sirupsen/logrus@v1.9.0", + "UID": "46b956ac4d3f77c5" + }, + "Version": "v1.9.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/skratchdot/open-golang@v0.0.0-20200116055534-eef842397966", + "Name": "github.com/skratchdot/open-golang", + "Identifier": { + "PURL": "pkg:golang/github.com/skratchdot/open-golang@v0.0.0-20200116055534-eef842397966", + "UID": "f5602cfe94cfcc8" + }, + "Version": "v0.0.0-20200116055534-eef842397966", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/sony/gobreaker@v0.5.0", + "Name": "github.com/sony/gobreaker", + "Identifier": { + "PURL": "pkg:golang/github.com/sony/gobreaker@v0.5.0", + "UID": "dac01ec8c4f4ee11" + }, + "Version": "v0.5.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spacemonkeygo/monkit/v3@v3.0.17", + "Name": "github.com/spacemonkeygo/monkit/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/spacemonkeygo/monkit/v3@v3.0.17", + "UID": "2bfd9f0c62daae32" + }, + "Version": "v3.0.17", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/cobra@v1.6.1", + "Name": "github.com/spf13/cobra", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/cobra@v1.6.1", + "UID": "efe1f0c40742c59f" + }, + "Version": "v1.6.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/pflag@v1.0.5", + "Name": "github.com/spf13/pflag", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.5", + "UID": "24ad49a893d9b4b3" + }, + "Version": "v1.0.5", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/t3rm1n4l/go-mega@v0.0.0-20220725095014-c4e0c2b5debf", + "Name": "github.com/t3rm1n4l/go-mega", + "Identifier": { + "PURL": "pkg:golang/github.com/t3rm1n4l/go-mega@v0.0.0-20220725095014-c4e0c2b5debf", + "UID": "bc3cce22ed41d26e" + }, + "Version": "v0.0.0-20220725095014-c4e0c2b5debf", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/vivint/infectious@v0.0.0-20200605153912-25a574ae18a3", + "Name": "github.com/vivint/infectious", + "Identifier": { + "PURL": "pkg:golang/github.com/vivint/infectious@v0.0.0-20200605153912-25a574ae18a3", + "UID": "c0a9f0339f01b2b8" + }, + "Version": "v0.0.0-20200605153912-25a574ae18a3", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/xanzy/ssh-agent@v0.3.3", + "Name": "github.com/xanzy/ssh-agent", + "Identifier": { + "PURL": "pkg:golang/github.com/xanzy/ssh-agent@v0.3.3", + "UID": "9f0f8fa279374e90" + }, + "Version": "v0.3.3", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/youmark/pkcs8@v0.0.0-20201027041543-1326539a0a0a", + "Name": "github.com/youmark/pkcs8", + "Identifier": { + "PURL": "pkg:golang/github.com/youmark/pkcs8@v0.0.0-20201027041543-1326539a0a0a", + "UID": "76c01c2387b0ff5a" + }, + "Version": "v0.0.0-20201027041543-1326539a0a0a", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/yunify/qingstor-sdk-go/v3@v3.2.0", + "Name": "github.com/yunify/qingstor-sdk-go/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/yunify/qingstor-sdk-go/v3@v3.2.0", + "UID": "486856d66f8bbad" + }, + "Version": "v3.2.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/zeebo/errs@v1.3.0", + "Name": "github.com/zeebo/errs", + "Identifier": { + "PURL": "pkg:golang/github.com/zeebo/errs@v1.3.0", + "UID": "1d3e33ea493fb64d" + }, + "Version": "v1.3.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.etcd.io/bbolt@v1.3.6", + "Name": "go.etcd.io/bbolt", + "Identifier": { + "PURL": "pkg:golang/go.etcd.io/bbolt@v1.3.6", + "UID": "cc3b8641d2eec17a" + }, + "Version": "v1.3.6", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opencensus.io@v0.24.0", + "Name": "go.opencensus.io", + "Identifier": { + "PURL": "pkg:golang/go.opencensus.io@v0.24.0", + "UID": "f4fa8432d922fc4d" + }, + "Version": "v0.24.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "goftp.io/server@v0.4.1", + "Name": "goftp.io/server", + "Identifier": { + "PURL": "pkg:golang/goftp.io/server@v0.4.1", + "UID": "a4291f5e4219beb2" + }, + "Version": "v0.4.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/crypto@v0.3.0", + "Name": "golang.org/x/crypto", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.3.0", + "UID": "31a497eb63876334" + }, + "Version": "v0.3.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/net@v0.4.0", + "Name": "golang.org/x/net", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.4.0", + "UID": "80db47ca242657ea" + }, + "Version": "v0.4.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/oauth2@v0.2.0", + "Name": "golang.org/x/oauth2", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/oauth2@v0.2.0", + "UID": "31dfa10cd8116308" + }, + "Version": "v0.2.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sync@v0.1.0", + "Name": "golang.org/x/sync", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sync@v0.1.0", + "UID": "60a1b9b8c78daac4" + }, + "Version": "v0.1.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sys@v0.3.0", + "Name": "golang.org/x/sys", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sys@v0.3.0", + "UID": "5c94e87c92f3707f" + }, + "Version": "v0.3.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/term@v0.3.0", + "Name": "golang.org/x/term", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/term@v0.3.0", + "UID": "2dc4b367dc027924" + }, + "Version": "v0.3.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/text@v0.5.0", + "Name": "golang.org/x/text", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/text@v0.5.0", + "UID": "5935d9bdb1a25c6" + }, + "Version": "v0.5.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/time@v0.2.0", + "Name": "golang.org/x/time", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/time@v0.2.0", + "UID": "dbcaba973097174b" + }, + "Version": "v0.2.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/api@v0.103.0", + "Name": "google.golang.org/api", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/api@v0.103.0", + "UID": "dfab0203996e51b7" + }, + "Version": "v0.103.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/genproto@v0.0.0-20221027153422-115e99e71e1c", + "Name": "google.golang.org/genproto", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/genproto@v0.0.0-20221027153422-115e99e71e1c", + "UID": "8311452352132e6d" + }, + "Version": "v0.0.0-20221027153422-115e99e71e1c", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/grpc@v1.50.1", + "Name": "google.golang.org/grpc", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/grpc@v1.50.1", + "UID": "295cade235701834" + }, + "Version": "v1.50.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/protobuf@v1.28.1", + "Name": "google.golang.org/protobuf", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/protobuf@v1.28.1", + "UID": "92d88af829581f08" + }, + "Version": "v1.28.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v2@v2.4.0", + "Name": "gopkg.in/yaml.v2", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", + "UID": "8f604011369f2d83" + }, + "Version": "v2.4.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v3@v3.0.1", + "Name": "gopkg.in/yaml.v3", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", + "UID": "e7eb1f43223c25c7" + }, + "Version": "v3.0.1", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "storj.io/common@v0.0.0-20220414110316-a5cb7172d6bf", + "Name": "storj.io/common", + "Identifier": { + "PURL": "pkg:golang/storj.io/common@v0.0.0-20220414110316-a5cb7172d6bf", + "UID": "11d5433de310f275" + }, + "Version": "v0.0.0-20220414110316-a5cb7172d6bf", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "storj.io/drpc@v0.0.30", + "Name": "storj.io/drpc", + "Identifier": { + "PURL": "pkg:golang/storj.io/drpc@v0.0.30", + "UID": "68c10d13a5960cc8" + }, + "Version": "v0.0.30", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "storj.io/uplink@v1.9.0", + "Name": "storj.io/uplink", + "Identifier": { + "PURL": "pkg:golang/storj.io/uplink@v1.9.0", + "UID": "127009b06e999ae" + }, + "Version": "v1.9.0", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2024-35255", + "VendorIDs": [ + "GHSA-m5vv-6r4h-3vj9" + ], + "PkgID": "github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.2.0", + "PkgName": "github.com/Azure/azure-sdk-for-go/sdk/azidentity", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azidentity@v1.2.0", + "UID": "9e2e4303a4195ef3" + }, + "InstalledVersion": "v1.2.0", + "FixedVersion": "1.6.0-beta.4.0.20240610221955-50774cd97099", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35255", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:236e960be66ee3006fa47e021696bcd2ea517532797861744a6df27accc1c8c2", + "Title": "azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity", + "Description": "Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", + "V3Score": 5.5, + "V40Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-35255", + "https://github.com/Azure/azure-sdk-for-go/commit/50774cd9709905523136fb05e8c85a50e8984499", + "https://github.com/Azure/azure-sdk-for-java/commit/5bf020d6ea056de40e2738e3647a4e06f902c18d", + "https://github.com/Azure/azure-sdk-for-js/commit/c6aa75d312ae463e744163cedfd8fc480cc8d492", + "https://github.com/Azure/azure-sdk-for-net/commit/9279a4f38bf69b457cfb9b354f210e0a540a5c53", + "https://github.com/Azure/azure-sdk-for-python/commit/cb065acd7d0f957327dc4f02d1646d4e51a94178", + "https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4806#issuecomment-2178960340", + "https://github.com/advisories/GHSA-m5vv-6r4h-3vj9", + "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255", + "https://nvd.nist.gov/vuln/detail/CVE-2024-35255", + "https://www.cve.org/CVERecord?id=CVE-2024-35255" + ], + "PublishedDate": "2024-06-11T17:16:03.55Z", + "LastModifiedDate": "2024-11-21T09:20:01.923Z" + }, + { + "VulnerabilityID": "CVE-2026-32952", + "VendorIDs": [ + "GHSA-pjcq-xvwq-hhpj" + ], + "PkgID": "github.com/Azure/go-ntlmssp@v0.0.0-20220621081337-cb9428e4ac1e", + "PkgName": "github.com/Azure/go-ntlmssp", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/azure/go-ntlmssp@v0.0.0-20220621081337-cb9428e4ac1e", + "UID": "94423296cb8be0a" + }, + "InstalledVersion": "v0.0.0-20220621081337-cb9428e4ac1e", + "FixedVersion": "0.1.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32952", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:88c2b915391c6b89f809f457edf17cce689d488f0935877a2308cb038cd0c8ac", + "Title": "go-ntlmssp: go-ntlmssp: Denial of Service via malicious NTLM challenge", + "Description": "go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1 patches the issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32952", + "https://github.com/Azure/go-ntlmssp", + "https://github.com/Azure/go-ntlmssp/releases/tag/v0.1.1", + "https://github.com/Azure/go-ntlmssp/security/advisories/GHSA-pjcq-xvwq-hhpj", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32952", + "https://www.cve.org/CVERecord?id=CVE-2026-32952" + ], + "PublishedDate": "2026-04-24T03:16:07.833Z", + "LastModifiedDate": "2026-05-21T18:22:06.247Z" + }, + { + "VulnerabilityID": "GHSA-9763-4f94-gfch", + "PkgID": "github.com/cloudflare/circl@v1.1.0", + "PkgName": "github.com/cloudflare/circl", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/cloudflare/circl@v1.1.0", + "UID": "6ad71c4815031930" + }, + "InstalledVersion": "v1.1.0", + "FixedVersion": "1.3.7", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-9763-4f94-gfch", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:78120b5b1441853998c1ae8a5421ed5c7b60ff2d06fc50faba065fe4c588ca4f", + "Title": "CIRCL's Kyber: timing side-channel (kyberslash2)", + "Description": "### Impact\nOn some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.\n\nDoes not apply to ephemeral usage, such as when used in the regular way in TLS.\n\n### Patches\nPatched in 1.3.7.\n\n### References\n- [kyberslash.cr.yp.to](https://kyberslash.cr.yp.to/)", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "References": [ + "https://github.com/cloudflare/circl", + "https://github.com/cloudflare/circl/commit/75ef91e8a2f438e6ce2b6e620d236add8be1887d", + "https://github.com/cloudflare/circl/security/advisories/GHSA-9763-4f94-gfch", + "https://kyberslash.cr.yp.to" + ], + "PublishedDate": "2024-01-08T16:45:05Z", + "LastModifiedDate": "2024-05-20T22:00:44Z" + }, + { + "VulnerabilityID": "CVE-2023-1732", + "VendorIDs": [ + "GHSA-2q89-485c-9j2x" + ], + "PkgID": "github.com/cloudflare/circl@v1.1.0", + "PkgName": "github.com/cloudflare/circl", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/cloudflare/circl@v1.1.0", + "UID": "6ad71c4815031930" + }, + "InstalledVersion": "v1.1.0", + "FixedVersion": "1.3.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-1732", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:aa573fc370c353010b43190ff83fb6a9144608eb269ad13de86a3bb115cfb6e5", + "Title": "Improper random reading in CIRCL", + "Description": "When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret.\n\nThe tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.\n\n", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20", + "CWE-755" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", + "V3Score": 8.2 + } + }, + "References": [ + "https://github.com/cloudflare/circl", + "https://github.com/cloudflare/circl/commit/ff8d91225f8954b4970b6d6382d2e4c78f4a4cf8", + "https://github.com/cloudflare/circl/releases/tag/v1.3.3", + "https://github.com/cloudflare/circl/security/advisories/GHSA-2q89-485c-9j2x", + "https://nvd.nist.gov/vuln/detail/CVE-2023-1732" + ], + "PublishedDate": "2023-05-10T12:15:10.523Z", + "LastModifiedDate": "2024-11-21T07:39:47.283Z" + }, + { + "VulnerabilityID": "GHSA-vrw8-fxc6-2r93", + "PkgID": "github.com/go-chi/chi/v5@v5.0.7", + "PkgName": "github.com/go-chi/chi/v5", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/go-chi/chi/v5@v5.0.7", + "UID": "174827b0972b6f93" + }, + "InstalledVersion": "v5.0.7", + "FixedVersion": "5.2.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-vrw8-fxc6-2r93", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:016e1306448b6bfd8ea1c2a0203cde51d109c6335b91a860de368bfcc5e2f02b", + "Title": "chi Allows Host Header Injection which Leads to Open Redirect in RedirectSlashes", + "Description": "### Summary\nThe RedirectSlashes function in middleware/strip.go is vulnerable to host header injection which leads to open redirect.\n\nWe consider this a **lower-severity** open redirect, as it can't be exploited from browsers or email clients (requires manipulation of a Host header).\n\n### Details\nThe RedirectSlashes method uses the Host header to construct the redirectURL at this line https://github.com/go-chi/chi/blob/master/middleware/strip.go#L55\n\nThe Host header can be manipulated by a user to be any arbitrary host. This leads to open redirect when using the RedirectSlashes middleware\n\n### PoC\nCreate a simple server which uses the RedirectSlashes middleware\n```\npackage main\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\n\t\"github.com/go-chi/chi/v5\"\n\t\"github.com/go-chi/chi/v5/middleware\" // Import the middleware package\n)\n\nfunc main() {\n\t// Create a new Chi router\n\tr := chi.NewRouter()\n\n\t// Use the built-in RedirectSlashes middleware\n\tr.Use(middleware.RedirectSlashes) // Use middleware.RedirectSlashes\n\n\t// Define a route handler\n\tr.Get(\"/\", func(w http.ResponseWriter, r *http.Request) {\n\t\t// A simple response\n\t\tw.Write([]byte(\"Hello, World!\"))\n\t})\n\n\t// Start the server\n\tfmt.Println(\"Starting server on :8080\")\n\thttp.ListenAndServe(\":8080\", r)\n}\n```\nRun the server `go run main.go`\n\nOnce the server is running, send a request that will trigger the RedirectSlashes function with an arbitrary Host header\n`curl -iL -H \"Host: example.com\" http://localhost:8080/test/`\n\nObserve that the request will be redirected to example.com\n\n```\ncurl -L -H \"Host: example.com\" http://localhost:8080/test/\n\n\u003c!doctype html\u003e\n\u003chtml\u003e\n\u003chead\u003e\n \u003ctitle\u003eExample Domain\u003c/title\u003e\n\n \u003cmeta charset=\"utf-8\" /\u003e\n \u003cmeta http-equiv=\"Content-type\" content=\"text/html; charset=utf-8\" /\u003e\n \u003cmeta name=\"viewport\" content=\"width=device-width, initial-scale=1\" /\u003e\n \u003cstyle type=\"text/css\"\u003e\n body {\n background-color: #f0f0f2;\n margin: 0;\n padding: 0;\n font-family: -apple-system, system-ui, BlinkMacSystemFont, \"Segoe UI\", \"Open Sans\", \"Helvetica Neue\", Helvetica, Arial, sans-serif;\n... snipped ...\n```\nWithout the host header, the response is returned from the test server\n```\ncurl -L http://localhost:8080/test/\n\n404 page not found\n```\n\n### Impact\nAn open redirect vulnerability allows attackers to trick users into visiting malicious sites. This can lead to phishing attacks, credential theft, and malware distribution, as users trust the application’s domain while being redirected to harmful sites.\n\n### Potential mitigation\nIt seems that the purpose of the RedirectSlashes function is to redirect within the same application. In that case r.RequestURI can be used instead of r.Host by default. If there is a use case to redirect to a different host, a flag can be added to use the Host header instead. As this flag will be controlled by the developer they will make the decision of allowing redirects to arbitrary hosts based on their judgement.", + "Severity": "MEDIUM", + "VendorSeverity": { + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", + "V40Score": 5.1 + } + }, + "References": [ + "https://github.com/go-chi/chi", + "https://github.com/go-chi/chi/commit/1be7ad938cc9c5b39a9dea01a5c518848928ab65", + "https://github.com/go-chi/chi/security/advisories/GHSA-vrw8-fxc6-2r93" + ], + "PublishedDate": "2025-06-20T16:37:47Z", + "LastModifiedDate": "2025-10-13T15:41:17Z" + }, + { + "VulnerabilityID": "CVE-2025-30204", + "VendorIDs": [ + "GHSA-mh63-6h87-95cp" + ], + "PkgID": "github.com/golang-jwt/jwt/v4@v4.4.2", + "PkgName": "github.com/golang-jwt/jwt/v4", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/golang-jwt/jwt/v4@v4.4.2", + "UID": "a02ec5d34a9debc5" + }, + "InstalledVersion": "v4.4.2", + "FixedVersion": "4.5.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-30204", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:57fc0ace77216019aaba8c33854d887fd8b9817865f89ef3987be09779123962", + "Title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing", + "Description": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-405" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V3Score": 7.5, + "V40Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7425", + "https://access.redhat.com/security/cve/CVE-2025-30204", + "https://bugzilla.redhat.com/2354195", + "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204", + "https://errata.almalinux.org/9/ALSA-2025-7425.html", + "https://errata.rockylinux.org/RLSA-2025:3411", + "https://github.com/golang-jwt/jwt", + "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3", + "https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb", + "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp", + "https://linux.oracle.com/cve/CVE-2025-30204.html", + "https://linux.oracle.com/errata/ELSA-2025-7967.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-30204", + "https://pkg.go.dev/vuln/GO-2025-3553", + "https://security.netapp.com/advisory/ntap-20250404-0002", + "https://security.netapp.com/advisory/ntap-20250404-0002/", + "https://www.cve.org/CVERecord?id=CVE-2025-30204" + ], + "PublishedDate": "2025-03-21T22:15:26.42Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2026-41176", + "VendorIDs": [ + "GHSA-25qr-6mpr-f7qx" + ], + "PkgID": "github.com/rclone/rclone@v1.61.1", + "PkgName": "github.com/rclone/rclone", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/rclone/rclone@v1.61.1", + "UID": "ae64505d118b4275" + }, + "InstalledVersion": "v1.61.1", + "FixedVersion": "1.73.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41176", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:bcf52b90588616e7bbeb0969945fcbc644ea5c64ff42147e5f32ad7924afeaee", + "Title": "github.com/rclone/rclone: Rclone: Unauthorized access to administrative functions through unauthenticated Remote Control endpoint.", + "Description": "Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint `options/set` is exposed without `AuthRequired: true`, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and prior to version 1.73.5, an unauthenticated attacker can set `rc.NoAuth=true`, which disables the authorization gate for many RC methods registered with `AuthRequired: true` on reachable RC servers that are started without global HTTP authentication. This can lead to unauthorized access to sensitive administrative functionality, including configuration and operational RC methods. Version 1.73.5 patches the issue.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-306" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 4, + "ghsa": 4, + "julia": 4, + "nvd": 4, + "redhat": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", + "V40Score": 9.2 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", + "V3Score": 9.8, + "V40Score": 9.2 + }, + "julia": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", + "V40Score": 9.2 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-41176", + "https://github.com/advisories/GHSA-25qr-6mpr-f7qx", + "https://github.com/rclone/rclone", + "https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/rc/config.go", + "https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/rc/rcserver/rcserver.go", + "https://github.com/rclone/rclone/security/advisories/GHSA-25qr-6mpr-f7qx", + "https://nvd.nist.gov/vuln/detail/CVE-2026-41176", + "https://www.cve.org/CVERecord?id=CVE-2026-41176" + ], + "PublishedDate": "2026-04-23T00:16:45.8Z", + "LastModifiedDate": "2026-04-27T18:19:45.303Z" + }, + { + "VulnerabilityID": "CVE-2026-41179", + "VendorIDs": [ + "GHSA-jfwf-28xr-xw6q" + ], + "PkgID": "github.com/rclone/rclone@v1.61.1", + "PkgName": "github.com/rclone/rclone", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/rclone/rclone@v1.61.1", + "UID": "ae64505d118b4275" + }, + "InstalledVersion": "v1.61.1", + "FixedVersion": "1.73.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41179", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:cd5af0614e2eca73ccf268d222ea886db8465e055c84f67f6194cdaba58bb3d9", + "Title": "github.com/rclone/rclone: Rclone: Unauthenticated local command execution via exposed RC endpoint", + "Description": "Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint `operations/fsinfo` is exposed without `AuthRequired: true` and accepts attacker-controlled `fs` input. Because `rc.GetFs(...)` supports inline backend definitions, an unauthenticated attacker can instantiate an attacker-controlled backend on demand. For the WebDAV backend, `bearer_token_command` is executed during backend initialization, making single-request unauthenticated local command execution possible on reachable RC deployments without global HTTP authentication. Version 1.73.5 patches the issue.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-78", + "CWE-306" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 4, + "ghsa": 4, + "julia": 4, + "nvd": 4, + "redhat": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", + "V40Score": 9.2 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", + "V3Score": 9.8, + "V40Score": 9.2 + }, + "julia": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", + "V40Score": 9.2 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-41179", + "https://github.com/advisories/GHSA-jfwf-28xr-xw6q", + "https://github.com/rclone/rclone", + "https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/backend/webdav/webdav.go", + "https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/operations/rc.go", + "https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/rc/cache.go", + "https://github.com/rclone/rclone/commit/2a9e952b38e03a96bf40c9eb6e8e22199865ee3b", + "https://github.com/rclone/rclone/releases/tag/v1.73.5", + "https://github.com/rclone/rclone/security/advisories/GHSA-jfwf-28xr-xw6q", + "https://nvd.nist.gov/vuln/detail/CVE-2026-41179", + "https://rclone.org/changelog/#v1-73-5-2026-04-19", + "https://www.cve.org/CVERecord?id=CVE-2026-41179" + ], + "PublishedDate": "2026-04-23T00:16:45.947Z", + "LastModifiedDate": "2026-05-20T02:16:35.92Z" + }, + { + "VulnerabilityID": "CVE-2024-52522", + "VendorIDs": [ + "GHSA-hrxh-9w67-g4cv" + ], + "PkgID": "github.com/rclone/rclone@v1.61.1", + "PkgName": "github.com/rclone/rclone", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/rclone/rclone@v1.61.1", + "UID": "ae64505d118b4275" + }, + "InstalledVersion": "v1.61.1", + "FixedVersion": "1.68.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-52522", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:0f080ae295e471601d22a1a1b951743804f3fe915e2b3143e7aae75c42c3fd9d", + "Title": "rclone: librclone: improper permission and ownership handling on symlink targets with --links and --metadata", + "Description": "Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confidentiality, and availability. This vulnerability is fixed in 1.68.2.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59", + "CWE-61", + "CWE-281" + ], + "VendorSeverity": { + "bitnami": 2, + "ghsa": 2, + "julia": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", + "V40Score": 5.4 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", + "V3Score": 5.5, + "V40Score": 5.4 + }, + "julia": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", + "V40Score": 5.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", + "V3Score": 6.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-52522", + "https://github.com/advisories/GHSA-hrxh-9w67-g4cv", + "https://github.com/rclone/rclone", + "https://github.com/rclone/rclone/commit/01ccf204f42b4f68541b16843292439090a2dcf0", + "https://github.com/rclone/rclone/commit/01ccf204f42b4f68541b16843292439090a2dcf0 (master)", + "https://github.com/rclone/rclone/commit/669b2f2669cacd634faa2bcecb589b76e1402533 (v1.68.2)", + "https://github.com/rclone/rclone/security/advisories/GHSA-hrxh-9w67-g4cv", + "https://nvd.nist.gov/vuln/detail/CVE-2024-52522", + "https://www.cve.org/CVERecord?id=CVE-2024-52522" + ], + "PublishedDate": "2024-11-15T18:15:30.643Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-65637", + "VendorIDs": [ + "GHSA-4f99-4q7p-p3gh" + ], + "PkgID": "github.com/sirupsen/logrus@v1.9.0", + "PkgName": "github.com/sirupsen/logrus", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/sirupsen/logrus@v1.9.0", + "UID": "46b956ac4d3f77c5" + }, + "InstalledVersion": "v1.9.0", + "FixedVersion": "1.8.3, 1.9.1, 1.9.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-65637", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:754c7fc53cb7352f8025b37d2af657d82c86c5f309553b10cdc4b0329e5b91ed", + "Title": "github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload", + "Description": "A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with \"token too long\" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions \u003c 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V40Score": 8.7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3428", + "https://access.redhat.com/security/cve/CVE-2025-65637", + "https://bugzilla.redhat.com/2268022", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2418900", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418900", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65637", + "https://errata.almalinux.org/8/ALSA-2026-3428.html", + "https://errata.rockylinux.org/RLSA-2026:3428", + "https://github.com/mjuanxd/logrus-dos-poc", + "https://github.com/mjuanxd/logrus-dos-poc/blob/main/README.md", + "https://github.com/sirupsen/logrus", + "https://github.com/sirupsen/logrus/commit/6acd903758687c4a3db3c11701e6c414fcf1c1f7", + "https://github.com/sirupsen/logrus/issues/1370", + "https://github.com/sirupsen/logrus/pull/1376", + "https://github.com/sirupsen/logrus/releases/tag/v1.8.3", + "https://github.com/sirupsen/logrus/releases/tag/v1.9.1", + "https://github.com/sirupsen/logrus/releases/tag/v1.9.3", + "https://linux.oracle.com/cve/CVE-2025-65637.html", + "https://linux.oracle.com/errata/ELSA-2026-3428.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-65637", + "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391", + "https://www.cve.org/CVERecord?id=CVE-2025-65637" + ], + "PublishedDate": "2025-12-04T19:16:05.223Z", + "LastModifiedDate": "2025-12-23T00:26:00.703Z" + }, + { + "VulnerabilityID": "CVE-2024-45337", + "VendorIDs": [ + "GHSA-v778-237x-gjrc" + ], + "PkgID": "golang.org/x/crypto@v0.3.0", + "PkgName": "golang.org/x/crypto", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.3.0", + "UID": "31a497eb63876334" + }, + "InstalledVersion": "v0.3.0", + "FixedVersion": "0.31.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45337", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:ffb42832210e292eb14d8f5794b0d1fb19589dabde60cf7d2c1c184deb3d3b20", + "Title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto", + "Description": "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.", + "Severity": "CRITICAL", + "VendorSeverity": { + "amazon": 3, + "azure": 4, + "cbl-mariner": 4, + "ghsa": 4, + "redhat": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", + "V3Score": 8.2 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/12/11/2", + "https://access.redhat.com/security/cve/CVE-2024-45337", + "https://github.com/golang/crypto", + "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909", + "https://go-review.googlesource.com/c/crypto/+/635315/", + "https://go.dev/cl/635315", + "https://go.dev/issue/70779", + "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2024-45337", + "https://pkg.go.dev/vuln/GO-2024-3321", + "https://security.netapp.com/advisory/ntap-20250131-0007", + "https://security.netapp.com/advisory/ntap-20250131-0007/", + "https://ubuntu.com/security/notices/USN-7839-1", + "https://ubuntu.com/security/notices/USN-7839-2", + "https://www.cve.org/CVERecord?id=CVE-2024-45337" + ], + "PublishedDate": "2024-12-12T02:02:07.97Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22869", + "VendorIDs": [ + "GHSA-hcg3-q754-cr77" + ], + "PkgID": "golang.org/x/crypto@v0.3.0", + "PkgName": "golang.org/x/crypto", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.3.0", + "UID": "31a497eb63876334" + }, + "InstalledVersion": "v0.3.0", + "FixedVersion": "0.35.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22869", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:07a4bad0898b8c30a4bbd97a8173952df4cbb7f186d776d0936c8531b2b17412", + "Title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh", + "Description": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:3833", + "https://access.redhat.com/security/cve/CVE-2025-22869", + "https://bugzilla.redhat.com/2348367", + "https://bugzilla.redhat.com/show_bug.cgi?id=2348367", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869", + "https://errata.almalinux.org/9/ALSA-2025-3833.html", + "https://errata.rockylinux.org/RLSA-2025:7416", + "https://github.com/golang/crypto", + "https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22", + "https://go-review.googlesource.com/c/crypto/+/652135", + "https://go.dev/cl/652135", + "https://go.dev/issue/71931", + "https://linux.oracle.com/cve/CVE-2025-22869.html", + "https://linux.oracle.com/errata/ELSA-2025-7484.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22869", + "https://pkg.go.dev/vuln/GO-2025-3487", + "https://security.netapp.com/advisory/ntap-20250411-0010", + "https://security.netapp.com/advisory/ntap-20250411-0010/", + "https://www.cve.org/CVERecord?id=CVE-2025-22869" + ], + "PublishedDate": "2025-02-26T08:14:24.997Z", + "LastModifiedDate": "2025-05-01T19:28:20.74Z" + }, + { + "VulnerabilityID": "CVE-2023-48795", + "VendorIDs": [ + "GHSA-45x7-px36-x8w8" + ], + "PkgID": "golang.org/x/crypto@v0.3.0", + "PkgName": "golang.org/x/crypto", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.3.0", + "UID": "31a497eb63876334" + }, + "InstalledVersion": "v0.3.0", + "FixedVersion": "0.17.0, 0.0.0-20231218163308-9d2ee975ef9f", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-48795", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:f9288b1830f5a977111e89cf1128900ab775351cf4adb38607aca75ac356529c", + "Title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", + "Description": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-354" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html", + "http://seclists.org/fulldisclosure/2024/Mar/21", + "http://www.openwall.com/lists/oss-security/2023/12/18/3", + "http://www.openwall.com/lists/oss-security/2023/12/19/5", + "http://www.openwall.com/lists/oss-security/2023/12/20/3", + "http://www.openwall.com/lists/oss-security/2024/03/06/3", + "http://www.openwall.com/lists/oss-security/2024/04/17/8", + "https://access.redhat.com/errata/RHSA-2024:1150", + "https://access.redhat.com/security/cve/CVE-2023-48795", + "https://access.redhat.com/security/cve/cve-2023-48795", + "https://access.redhat.com/solutions/7071748", + "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack", + "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/", + "https://bugs.gentoo.org/920280", + "https://bugzilla.redhat.com/2254210", + "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", + "https://bugzilla.suse.com/show_bug.cgi?id=1217950", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-364175.html", + "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", + "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", + "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", + "https://crates.io/crates/thrussh/versions", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", + "https://errata.almalinux.org/9/ALSA-2024-1150.html", + "https://errata.rockylinux.org/RLSA-2024:0628", + "https://filezilla-project.org/versions.php", + "https://forum.netgate.com/topic/184941/terrapin-ssh-attack", + "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6", + "https://github.com/NixOS/nixpkgs/pull/275249", + "https://github.com/PowerShell/Win32-OpenSSH/issues/2189", + "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta", + "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0", + "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1", + "https://github.com/advisories/GHSA-45x7-px36-x8w8", + "https://github.com/apache/mina-sshd/issues/445", + "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab", + "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22", + "https://github.com/cyd01/KiTTY/issues/520", + "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6", + "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42", + "https://github.com/erlang/otp/releases/tag/OTP-26.2.1", + "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d", + "https://github.com/hierynomus/sshj/issues/916", + "https://github.com/janmojzis/tinyssh/issues/81", + "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5", + "https://github.com/libssh2/libssh2/pull/1291", + "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25", + "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3", + "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15", + "https://github.com/mwiede/jsch/issues/457", + "https://github.com/mwiede/jsch/pull/461", + "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16", + "https://github.com/openssh/openssh-portable/commits/master", + "https://github.com/paramiko/paramiko/issues/2337", + "https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773", + "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES", + "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES", + "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES", + "https://github.com/proftpd/proftpd/issues/456", + "https://github.com/rapier1/hpn-ssh/releases", + "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst", + "https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55", + "https://github.com/ronf/asyncssh/tags", + "https://github.com/ssh-mitm/ssh-mitm/issues/165", + "https://github.com/warp-tech/russh", + "https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951", + "https://github.com/warp-tech/russh/releases/tag/v0.40.2", + "https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8", + "https://gitlab.com/libssh/libssh-mirror/-/tags", + "https://go.dev/cl/550715", + "https://go.dev/issue/64784", + "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ", + "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg", + "https://help.panic.com/releasenotes/transmit5", + "https://help.panic.com/releasenotes/transmit5/", + "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795", + "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/", + "https://linux.oracle.com/cve/CVE-2023-48795.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", + "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html", + "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html", + "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html", + "https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html", + "https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html", + "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", + "https://matt.ucc.asn.au/dropbear/CHANGES", + "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC", + "https://news.ycombinator.com/item?id=38684904", + "https://news.ycombinator.com/item?id=38685286", + "https://news.ycombinator.com/item?id=38732005", + "https://nova.app/releases/#v11.8", + "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", + "https://oryx-embedded.com/download/#changelog", + "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002", + "https://roumenpetrov.info/secsh/#news20231220", + "https://security-tracker.debian.org/tracker/CVE-2023-48795", + "https://security-tracker.debian.org/tracker/source-package/libssh2", + "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg", + "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2", + "https://security.gentoo.org/glsa/202312-16", + "https://security.gentoo.org/glsa/202312-17", + "https://security.netapp.com/advisory/ntap-20240105-0004", + "https://security.netapp.com/advisory/ntap-20240105-0004/", + "https://support.apple.com/kb/HT214084", + "https://terrapin-attack.com/", + "https://thorntech.com/cve-2023-48795-and-sftp-gateway", + "https://thorntech.com/cve-2023-48795-and-sftp-gateway/", + "https://twitter.com/TrueSkrillor/status/1736774389725565005", + "https://ubuntu.com/security/CVE-2023-48795", + "https://ubuntu.com/security/notices/USN-6560-1", + "https://ubuntu.com/security/notices/USN-6560-2", + "https://ubuntu.com/security/notices/USN-6561-1", + "https://ubuntu.com/security/notices/USN-6585-1", + "https://ubuntu.com/security/notices/USN-6589-1", + "https://ubuntu.com/security/notices/USN-6598-1", + "https://ubuntu.com/security/notices/USN-6738-1", + "https://ubuntu.com/security/notices/USN-7051-1", + "https://ubuntu.com/security/notices/USN-7292-1", + "https://ubuntu.com/security/notices/USN-7297-1", + "https://winscp.net/eng/docs/history#6.2.2", + "https://www.bitvise.com/ssh-client-version-history#933", + "https://www.bitvise.com/ssh-server-version-history", + "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", + "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update", + "https://www.cve.org/CVERecord?id=CVE-2023-48795", + "https://www.debian.org/security/2023/dsa-5586", + "https://www.debian.org/security/2023/dsa-5588", + "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc", + "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508", + "https://www.netsarang.com/en/xshell-update-history", + "https://www.netsarang.com/en/xshell-update-history/", + "https://www.openssh.com/openbsd.html", + "https://www.openssh.com/txt/release-9.6", + "https://www.openwall.com/lists/oss-security/2023/12/18/2", + "https://www.openwall.com/lists/oss-security/2023/12/18/3", + "https://www.openwall.com/lists/oss-security/2023/12/20/3", + "https://www.paramiko.org/changelog.html", + "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed", + "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/", + "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795", + "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/", + "https://www.terrapin-attack.com", + "https://www.theregister.com/2023/12/20/terrapin_attack_ssh", + "https://www.vandyke.com/products/securecrt/history.txt", + "https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit", + "https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability" + ], + "PublishedDate": "2023-12-18T16:15:10.897Z", + "LastModifiedDate": "2026-05-12T11:16:15.01Z" + }, + { + "VulnerabilityID": "CVE-2025-47914", + "VendorIDs": [ + "GHSA-f6x5-jh6r-wrfv" + ], + "PkgID": "golang.org/x/crypto@v0.3.0", + "PkgName": "golang.org/x/crypto", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.3.0", + "UID": "31a497eb63876334" + }, + "InstalledVersion": "v0.3.0", + "FixedVersion": "0.45.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47914", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:2690db819220b94406ce696cdea2be233e20da33a34652ae913fef9ee946bb05", + "Title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages", + "Description": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-125" + ], + "VendorSeverity": { + "amazon": 2, + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-47914", + "https://go.dev/cl/721960", + "https://go.dev/issue/76364", + "https://go.googlesource.com/crypto", + "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47914", + "https://pkg.go.dev/vuln/GO-2025-4135", + "https://www.cve.org/CVERecord?id=CVE-2025-47914" + ], + "PublishedDate": "2025-11-19T21:15:50.517Z", + "LastModifiedDate": "2025-12-11T19:36:41.373Z" + }, + { + "VulnerabilityID": "CVE-2025-58181", + "VendorIDs": [ + "GHSA-j5w8-q4qc-rx2x" + ], + "PkgID": "golang.org/x/crypto@v0.3.0", + "PkgName": "golang.org/x/crypto", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.3.0", + "UID": "31a497eb63876334" + }, + "InstalledVersion": "v0.3.0", + "FixedVersion": "0.45.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58181", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:60d584c4834f246dbb5f52a714d4375b4b3974ae99423ef93d42bdaf382fcfd1", + "Title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication", + "Description": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-58181", + "https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c", + "https://github.com/golang/go/issues/76363", + "https://go.dev/cl/721961", + "https://go.dev/issue/76363", + "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA", + "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA?pli=1", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58181", + "https://pkg.go.dev/vuln/GO-2025-4134", + "https://ubuntu.com/security/notices/USN-7956-1", + "https://www.cve.org/CVERecord?id=CVE-2025-58181" + ], + "PublishedDate": "2025-11-19T21:15:50.85Z", + "LastModifiedDate": "2025-12-11T19:29:24.9Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "VendorIDs": [ + "GHSA-vvpx-j8f3-3w6h" + ], + "PkgID": "golang.org/x/net@v0.4.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.4.0", + "UID": "80db47ca242657ea" + }, + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.7.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:0ef5d936a03196cd892e3f6b6427829606633f58f8f5681e6a8b32406038e086", + "Title": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://linux.oracle.com/cve/CVE-2022-41723.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230331-0010/", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://ubuntu.com/security/notices/USN-8089-1", + "https://ubuntu.com/security/notices/USN-8089-2", + "https://ubuntu.com/security/notices/USN-8089-3", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.couchbase.com/alerts", + "https://www.couchbase.com/alerts/", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:09.98Z", + "LastModifiedDate": "2025-05-05T16:15:20.433Z" + }, + { + "VulnerabilityID": "CVE-2023-39325", + "VendorIDs": [ + "GHSA-4374-p667-p6c8" + ], + "PkgID": "golang.org/x/net@v0.4.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.4.0", + "UID": "80db47ca242657ea" + }, + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.17.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39325", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:bfadcf552603313016822f7f1c8601aaa62cdea79df76256144fefce9adcc665", + "Title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", + "Description": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "redhat": 3, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "golang.org/x/net", + "https://access.redhat.com/errata/RHSA-2023:6077", + "https://access.redhat.com/security/cve/CVE-2023-39325", + "https://access.redhat.com/security/cve/CVE-2023-44487", + "https://bugzilla.redhat.com/2242803", + "https://bugzilla.redhat.com/2243296", + "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243296", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487", + "https://errata.almalinux.org/9/ALSA-2023-6077.html", + "https://errata.rockylinux.org/RLSA-2023:6077", + "https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21]", + "https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20]", + "https://github.com/golang/go/issues/63417", + "https://go.dev/cl/534215", + "https://go.dev/cl/534235", + "https://go.dev/issue/63417", + "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", + "https://linux.oracle.com/cve/CVE-2023-39325.html", + "https://linux.oracle.com/errata/ELSA-2023-5867.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", + "https://pkg.go.dev/vuln/GO-2023-2102", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20231110-0008", + "https://security.netapp.com/advisory/ntap-20231110-0008/", + "https://ubuntu.com/security/notices/USN-6574-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", + "https://www.cve.org/CVERecord?id=CVE-2023-39325" + ], + "PublishedDate": "2023-10-11T22:15:09.88Z", + "LastModifiedDate": "2024-11-21T08:15:09.627Z" + }, + { + "VulnerabilityID": "CVE-2023-3978", + "VendorIDs": [ + "GHSA-2wrh-6pvc-2jm9" + ], + "PkgID": "golang.org/x/net@v0.4.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.4.0", + "UID": "80db47ca242657ea" + }, + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.13.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3978", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:35f3bba783524453933832a39f7bf146106028dd265bfa2fae3bbc63fd7d79e1", + "Title": "golang.org/x/net/html: Cross site scripting", + "Description": "Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "nvd": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-3978", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://go.dev/cl/514896", + "https://go.dev/issue/61615", + "https://linux.oracle.com/cve/CVE-2023-3978.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-3978", + "https://pkg.go.dev/vuln/GO-2023-1988", + "https://ubuntu.com/security/notices/USN-8089-1", + "https://ubuntu.com/security/notices/USN-8089-2", + "https://ubuntu.com/security/notices/USN-8089-3", + "https://www.cve.org/CVERecord?id=CVE-2023-3978" + ], + "PublishedDate": "2023-08-02T20:15:12.097Z", + "LastModifiedDate": "2024-11-21T08:18:27.68Z" + }, + { + "VulnerabilityID": "CVE-2023-44487", + "VendorIDs": [ + "GHSA-qppj-fm5r-hxr3" + ], + "PkgID": "golang.org/x/net@v0.4.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.4.0", + "UID": "80db47ca242657ea" + }, + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.17.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-44487", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:191a4066133e521d814ef03388f6f19d698cca0b3ecbde513d5dcb2053a32ad9", + "Title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)", + "Description": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 2, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:H", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:A", + "V3Score": 5.3, + "V40Score": 6.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/10/10/6", + "http://www.openwall.com/lists/oss-security/2023/10/10/7", + "http://www.openwall.com/lists/oss-security/2023/10/13/4", + "http://www.openwall.com/lists/oss-security/2023/10/13/9", + "http://www.openwall.com/lists/oss-security/2023/10/18/4", + "http://www.openwall.com/lists/oss-security/2023/10/18/8", + "http://www.openwall.com/lists/oss-security/2023/10/19/6", + "http://www.openwall.com/lists/oss-security/2023/10/20/8", + "http://www.openwall.com/lists/oss-security/2025/08/13/6", + "https://access.redhat.com/errata/RHSA-2023:6746", + "https://access.redhat.com/security/cve/CVE-2023-44487", + "https://access.redhat.com/security/cve/cve-2023-44487", + "https://akka.io/security/akka-http-cve-2023-44487.html", + "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size", + "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/", + "https://aws.amazon.com/security/security-bulletins/AWS-2023-011", + "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/", + "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack", + "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/", + "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack", + "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/", + "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty", + "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/", + "https://blog.powerdns.com/2024/02/16/powerdns-dnsdist-1.9.0-released", + "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack", + "https://blog.vespa.ai/cve-2023-44487", + "https://blog.vespa.ai/cve-2023-44487/", + "https://bugzilla.proxmox.com/show_bug.cgi?id=4988", + "https://bugzilla.redhat.com/2242803", + "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", + "https://bugzilla.suse.com/show_bug.cgi?id=1216123", + "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", + "https://cert-portal.siemens.com/productcert/html/ssa-341067.html", + "https://cert-portal.siemens.com/productcert/html/ssa-784301.html", + "https://cert-portal.siemens.com/productcert/html/ssa-832273.html", + "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", + "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9", + "https://chaos.social/@icing/111210915918780532", + "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps", + "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/", + "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack", + "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487", + "https://devblogs.microsoft.com/dotnet/october-2023-updates/", + "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715", + "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve", + "https://errata.almalinux.org/9/ALSA-2023-6746.html", + "https://errata.rockylinux.org/RLSA-2023:5838", + "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764", + "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088", + "https://github.com/Azure/AKS/issues/3947", + "https://github.com/Kong/kong/discussions/11741", + "https://github.com/advisories/GHSA-qppj-fm5r-hxr3", + "https://github.com/advisories/GHSA-vx74-f528-fxqg", + "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p", + "https://github.com/akka/akka-http/issues/4323", + "https://github.com/akka/akka-http/pull/4324", + "https://github.com/akka/akka-http/pull/4325", + "https://github.com/alibaba/tengine/issues/1872", + "https://github.com/apache/apisix/issues/10320", + "https://github.com/apache/httpd-site/pull/10", + "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113", + "https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628", + "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2", + "https://github.com/apache/trafficserver/pull/10564", + "https://github.com/apple/swift-nio-http2", + "https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3", + "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487", + "https://github.com/bcdannyboy/CVE-2023-44487", + "https://github.com/caddyserver/caddy/issues/5877", + "https://github.com/caddyserver/caddy/releases/tag/v2.7.5", + "https://github.com/dotnet/announcements/issues/277", + "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73", + "https://github.com/eclipse/jetty.project/issues/10679", + "https://github.com/envoyproxy/envoy/pull/30055", + "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76", + "https://github.com/etcd-io/etcd/issues/16740", + "https://github.com/facebook/proxygen/pull/466", + "https://github.com/golang/go/issues/63417", + "https://github.com/grpc/grpc-go/pull/6703", + "https://github.com/grpc/grpc-go/releases", + "https://github.com/grpc/grpc/releases/tag/v1.59.2", + "https://github.com/h2o/h2o/pull/3291", + "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf", + "https://github.com/haproxy/haproxy/issues/2312", + "https://github.com/hyperium/hyper/issues/3337", + "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244", + "https://github.com/junkurihara/rust-rpxy/issues/97", + "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1", + "https://github.com/kazu-yamamoto/http2/issues/93", + "https://github.com/kubernetes/ingress-nginx/blob/4b5c5efe2508dc915a48c54de7f23912ff2ec695/changelog/controller-1.9.3.md?plain=1#L15", + "https://github.com/kubernetes/kubernetes/pull/121120", + "https://github.com/line/armeria/pull/5232", + "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632", + "https://github.com/micrictor/http2-rst-stream", + "https://github.com/microsoft/CBL-Mariner/pull/6381", + "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61", + "https://github.com/nghttp2/nghttp2/pull/1961", + "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0", + "https://github.com/ninenines/cowboy/issues/1615", + "https://github.com/nodejs/node/pull/50121", + "https://github.com/openresty/openresty/issues/930", + "https://github.com/opensearch-project/data-prepper/issues/3474", + "https://github.com/oqtane/oqtane.framework/discussions/3367", + "https://github.com/projectcontour/contour/pull/5826", + "https://github.com/tempesta-tech/tempesta/issues/1986", + "https://github.com/varnishcache/varnish-cache/issues/3996", + "https://go.dev/cl/534215", + "https://go.dev/cl/534235", + "https://go.dev/issue/63417", + "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo", + "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", + "https://istio.io/latest/news/security/istio-security-2023-004", + "https://istio.io/latest/news/security/istio-security-2023-004/", + "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487", + "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/", + "https://linux.oracle.com/cve/CVE-2023-44487.html", + "https://linux.oracle.com/errata/ELSA-2024-1444.html", + "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q", + "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", + "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html", + "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html", + "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html", + "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html", + "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html", + "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4", + "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/", + "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html", + "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html", + "https://mailman.powerdns.com/pipermail/dnsdist/2023-October/001409.html", + "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html", + "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2", + "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/", + "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487", + "https://my.f5.com/manage/s/article/K000137106", + "https://netty.io/news/2023/10/10/4-1-100-Final.html", + "https://news.ycombinator.com/item?id=37830987", + "https://news.ycombinator.com/item?id=37830998", + "https://news.ycombinator.com/item?id=37831062", + "https://news.ycombinator.com/item?id=37837043", + "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases", + "https://nvd.nist.gov/vuln/detail/CVE-2023-44487", + "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response", + "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/", + "https://pkg.go.dev/vuln/GO-2023-2102", + "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected", + "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20231016-0001", + "https://security.netapp.com/advisory/ntap-20231016-0001/", + "https://security.netapp.com/advisory/ntap-20240426-0007", + "https://security.netapp.com/advisory/ntap-20240426-0007/", + "https://security.netapp.com/advisory/ntap-20240621-0006", + "https://security.netapp.com/advisory/ntap-20240621-0006/", + "https://security.netapp.com/advisory/ntap-20240621-0007", + "https://security.netapp.com/advisory/ntap-20240621-0007/", + "https://security.paloaltonetworks.com/CVE-2023-44487", + "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14", + "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12", + "https://tomcat.apache.org/security-8.html", + "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94", + "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81", + "https://ubuntu.com/security/CVE-2023-44487", + "https://ubuntu.com/security/notices/USN-6427-1", + "https://ubuntu.com/security/notices/USN-6427-2", + "https://ubuntu.com/security/notices/USN-6438-1", + "https://ubuntu.com/security/notices/USN-6505-1", + "https://ubuntu.com/security/notices/USN-6574-1", + "https://ubuntu.com/security/notices/USN-6754-1", + "https://ubuntu.com/security/notices/USN-6994-1", + "https://ubuntu.com/security/notices/USN-7067-1", + "https://ubuntu.com/security/notices/USN-7410-1", + "https://ubuntu.com/security/notices/USN-7469-1", + "https://ubuntu.com/security/notices/USN-7469-2", + "https://ubuntu.com/security/notices/USN-7469-3", + "https://ubuntu.com/security/notices/USN-7469-4", + "https://ubuntu.com/security/notices/USN-7892-1", + "https://varnish-cache.org/releases/rel6.0.12.html#rel6-0-12", + "https://varnish-cache.org/releases/rel7.3.1.html#rel7-3-1", + "https://varnish-cache.org/releases/rel7.4.2.html#rel7-4-2", + "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records", + "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/", + "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", + "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487", + "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", + "https://www.cve.org/CVERecord?id=CVE-2023-44487", + "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event", + "https://www.debian.org/security/2023/dsa-5521", + "https://www.debian.org/security/2023/dsa-5522", + "https://www.debian.org/security/2023/dsa-5540", + "https://www.debian.org/security/2023/dsa-5549", + "https://www.debian.org/security/2023/dsa-5558", + "https://www.debian.org/security/2023/dsa-5570", + "https://www.eclipse.org/lists/jetty-announce/msg00181.html", + "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487", + "https://www.mail-archive.com/haproxy@formilux.org/msg44134.html", + "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487", + "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/", + "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products", + "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", + "https://www.openwall.com/lists/oss-security/2023/10/10/6", + "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack", + "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday", + "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/", + "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause" + ], + "PublishedDate": "2023-10-10T14:15:10.883Z", + "LastModifiedDate": "2026-05-12T15:10:32.26Z" + }, + { + "VulnerabilityID": "CVE-2023-45288", + "VendorIDs": [ + "GHSA-4v7x-pqxf-cx7m" + ], + "PkgID": "golang.org/x/net@v0.4.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.4.0", + "UID": "80db47ca242657ea" + }, + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.23.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45288", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:07a8b6a3e3be3b01d17fd9b632323f9e5ae742675d5b03a985dc5aa585f394a3", + "Title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", + "Description": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/04/03/16", + "http://www.openwall.com/lists/oss-security/2024/04/05/4", + "https://access.redhat.com/errata/RHSA-2024:2724", + "https://access.redhat.com/security/cve/CVE-2023-45288", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268018", + "https://bugzilla.redhat.com/2268019", + "https://bugzilla.redhat.com/2268273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://errata.almalinux.org/9/ALSA-2024-2724.html", + "https://errata.rockylinux.org/RLSA-2024:2724", + "https://go.dev/cl/576155", + "https://go.dev/issue/65051", + "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M", + "https://kb.cert.org/vuls/id/421644", + "https://linux.oracle.com/cve/CVE-2023-45288.html", + "https://linux.oracle.com/errata/ELSA-2024-3346.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/", + "https://nowotarski.info/http2-continuation-flood-technical-details", + "https://nowotarski.info/http2-continuation-flood/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45288", + "https://pkg.go.dev/vuln/GO-2024-2687", + "https://security.netapp.com/advisory/ntap-20240419-0009", + "https://security.netapp.com/advisory/ntap-20240419-0009/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2023-45288", + "https://www.kb.cert.org/vuls/id/421644" + ], + "PublishedDate": "2024-04-04T21:15:16.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22870", + "VendorIDs": [ + "GHSA-qxp5-gwg8-xv66" + ], + "PkgID": "golang.org/x/net@v0.4.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.4.0", + "UID": "80db47ca242657ea" + }, + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.36.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:d03ba5ebc75ffa2958093fe403616c5fdd5b3e539c29cca792f26392479bc545", + "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", + "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-115" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/03/07/2", + "https://access.redhat.com/security/cve/CVE-2025-22870", + "https://github.com/golang/go/issues/71984", + "https://go-review.googlesource.com/q/project:net", + "https://go.dev/cl/654697", + "https://go.dev/issue/71984", + "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", + "https://pkg.go.dev/vuln/GO-2025-3503", + "https://security.netapp.com/advisory/ntap-20250509-0007", + "https://security.netapp.com/advisory/ntap-20250509-0007/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22870" + ], + "PublishedDate": "2025-03-12T19:15:38.31Z", + "LastModifiedDate": "2026-04-16T23:16:32.86Z" + }, + { + "VulnerabilityID": "CVE-2025-22872", + "VendorIDs": [ + "GHSA-vvgc-356p-c3xw" + ], + "PkgID": "golang.org/x/net@v0.4.0", + "PkgName": "golang.org/x/net", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.4.0", + "UID": "80db47ca242657ea" + }, + "InstalledVersion": "v0.4.0", + "FixedVersion": "0.38.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:ac56483ae9c2dff44002a2b83d335b712847d0946f48490c7250cde32b0cd96a", + "Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net", + "Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", + "V40Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22872", + "https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9", + "https://github.com/advisories/GHSA-vvgc-356p-c3xw", + "https://go.dev/cl/662715", + "https://go.dev/issue/73070", + "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22872", + "https://pkg.go.dev/vuln/GO-2025-3595", + "https://security.netapp.com/advisory/ntap-20250516-0007", + "https://security.netapp.com/advisory/ntap-20250516-0007/", + "https://ubuntu.com/security/notices/USN-8089-1", + "https://ubuntu.com/security/notices/USN-8089-2", + "https://ubuntu.com/security/notices/USN-8089-3", + "https://www.cve.org/CVERecord?id=CVE-2025-22872" + ], + "PublishedDate": "2025-04-16T18:16:04.183Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22868", + "VendorIDs": [ + "GHSA-6v2p-p543-phr9" + ], + "PkgID": "golang.org/x/oauth2@v0.2.0", + "PkgName": "golang.org/x/oauth2", + "PkgIdentifier": { + "PURL": "pkg:golang/golang.org/x/oauth2@v0.2.0", + "UID": "31dfa10cd8116308" + }, + "InstalledVersion": "v0.2.0", + "FixedVersion": "0.27.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22868", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:89ee97870da51ebbcdfc3fc4a81aa094ec76330d0f64bf4a74106bf25778faa5", + "Title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws", + "Description": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-1286" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2347423", + "https://bugzilla.redhat.com/show_bug.cgi?id=2348366", + "https://bugzilla.redhat.com/show_bug.cgi?id=2352914", + "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22868", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27144", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29786", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204", + "https://errata.rockylinux.org/RLSA-2025:7479", + "https://go.dev/cl/652155", + "https://go.dev/issue/71490", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22868", + "https://pkg.go.dev/vuln/GO-2025-3488", + "https://www.cve.org/CVERecord?id=CVE-2025-22868" + ], + "PublishedDate": "2025-02-26T08:14:24.897Z", + "LastModifiedDate": "2025-05-01T19:27:10.43Z" + }, + { + "VulnerabilityID": "CVE-2026-33186", + "VendorIDs": [ + "GHSA-p77j-4mvh-x3m3" + ], + "PkgID": "google.golang.org/grpc@v1.50.1", + "PkgName": "google.golang.org/grpc", + "PkgIdentifier": { + "PURL": "pkg:golang/google.golang.org/grpc@v1.50.1", + "UID": "295cade235701834" + }, + "InstalledVersion": "v1.50.1", + "FixedVersion": "1.79.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33186", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:f8650128a970a747ecbae3514f6e8fb3c38d7ca531c312e6ea6493ef96a2bbb0", + "Title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation", + "Description": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-285" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 4, + "photon": 4, + "redhat": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-33186", + "https://github.com/grpc/grpc-go", + "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33186", + "https://www.cve.org/CVERecord?id=CVE-2026-33186" + ], + "PublishedDate": "2026-03-20T23:16:45.18Z", + "LastModifiedDate": "2026-04-10T20:49:17.737Z" + }, + { + "VulnerabilityID": "GHSA-m425-mq94-257g", + "PkgID": "google.golang.org/grpc@v1.50.1", + "PkgName": "google.golang.org/grpc", + "PkgIdentifier": { + "PURL": "pkg:golang/google.golang.org/grpc@v1.50.1", + "UID": "295cade235701834" + }, + "InstalledVersion": "v1.50.1", + "FixedVersion": "1.56.3, 1.57.1, 1.58.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-m425-mq94-257g", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:42bf88f80cb34c9c3bb9e9def493bfe2e849a4f963398348ff333222ab3573c5", + "Title": "gRPC-Go HTTP/2 Rapid Reset vulnerability", + "Description": "### Impact\nIn affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit.\n\n### Patches\nThis vulnerability was addressed by #6703 and has been included in patch releases: 1.56.3, 1.57.1, 1.58.3. It is also included in the latest release, 1.59.0.\n\nAlong with applying the patch, users should also ensure they are using the `grpc.MaxConcurrentStreams` server option to apply a limit to the server's resources used for any single connection.\n\n### Workarounds\nNone.\n\n### References\n#6703\n", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://github.com/grpc/grpc-go", + "https://github.com/grpc/grpc-go/commit/f2180b4d5403d2210b30b93098eb7da31c05c721", + "https://github.com/grpc/grpc-go/pull/6703", + "https://github.com/grpc/grpc-go/security/advisories/GHSA-m425-mq94-257g", + "https://nvd.nist.gov/vuln/detail/CVE-2023-44487" + ], + "PublishedDate": "2023-10-25T21:17:37Z", + "LastModifiedDate": "2024-07-19T16:32:30Z" + }, + { + "VulnerabilityID": "CVE-2024-24786", + "VendorIDs": [ + "GHSA-8r3f-844c-mc37" + ], + "PkgID": "google.golang.org/protobuf@v1.28.1", + "PkgName": "google.golang.org/protobuf", + "PkgIdentifier": { + "PURL": "pkg:golang/google.golang.org/protobuf@v1.28.1", + "UID": "92d88af829581f08" + }, + "InstalledVersion": "v1.28.1", + "FixedVersion": "1.33.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24786", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:07adec91e1637dff377dfec82466e574fc5ad6f052a37396e270301f59bbd147", + "Title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", + "Description": "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U", + "V3Score": 7.5, + "V40Score": 6.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:2550", + "https://access.redhat.com/security/cve/CVE-2024-24786", + "https://bugzilla.redhat.com/2268046", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786", + "https://errata.almalinux.org/9/ALSA-2024-2550.html", + "https://errata.rockylinux.org/RLSA-2024:2550", + "https://github.com/protocolbuffers/protobuf-go", + "https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023", + "https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0", + "https://go-review.googlesource.com/c/protobuf/+/569356", + "https://go.dev/cl/569356", + "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", + "https://linux.oracle.com/cve/CVE-2024-24786.html", + "https://linux.oracle.com/errata/ELSA-2024-4246.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", + "https://pkg.go.dev/vuln/GO-2024-2611", + "https://security.netapp.com/advisory/ntap-20240517-0002", + "https://security.netapp.com/advisory/ntap-20240517-0002/", + "https://ubuntu.com/security/notices/USN-6746-1", + "https://ubuntu.com/security/notices/USN-6746-2", + "https://www.cve.org/CVERecord?id=CVE-2024-24786" + ], + "PublishedDate": "2024-03-05T23:15:07.82Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2023-24538", + "VendorIDs": [ + "GO-2023-1703" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.8, 1.20.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24538", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:fe43916ec2bf6fafb2cc29ed43f06670dc11a24635c2e467c1c07491fb399769", + "Title": "golang: html/template: backticks not treated as string delimiters", + "Description": "Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. \"var a = {{.}}\"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-94" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 4, + "bitnami": 4, + "cbl-mariner": 4, + "nvd": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24538", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/20374d1d759bc4e17486bde1cb9dca5be37d9e52 (go1.20.3)", + "https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b (go1.19.8)", + "https://github.com/golang/go/issues/59234", + "https://go.dev/cl/482079", + "https://go.dev/issue/59234", + "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", + "https://linux.oracle.com/cve/CVE-2023-24538.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24538", + "https://pkg.go.dev/vuln/GO-2023-1703", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20241115-0007/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24538" + ], + "PublishedDate": "2023-04-06T16:15:07.8Z", + "LastModifiedDate": "2025-02-12T17:15:14.19Z" + }, + { + "VulnerabilityID": "CVE-2023-24540", + "VendorIDs": [ + "GO-2023-1752" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.9, 1.20.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24540", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d0a08621f1760feeabcd99aba1b2996fec587eb1657090e63a89ab56c772dcac", + "Title": "golang: html/template: improper handling of JavaScript whitespace", + "Description": "Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-77" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 4, + "nvd": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 3, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24540", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/4a28cad66655ee01c6e944271e23c33cab021765 (go1.20.4)", + "https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 (go1.19.9)", + "https://github.com/golang/go/issues/59721", + "https://go.dev/cl/491616", + "https://go.dev/issue/59721", + "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", + "https://linux.oracle.com/cve/CVE-2023-24540.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24540", + "https://pkg.go.dev/vuln/GO-2023-1752", + "https://security.netapp.com/advisory/ntap-20241115-0008/", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24540" + ], + "PublishedDate": "2023-05-11T16:15:09.687Z", + "LastModifiedDate": "2025-01-24T17:15:10.893Z" + }, + { + "VulnerabilityID": "CVE-2024-24790", + "VendorIDs": [ + "GO-2024-2887" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.21.11, 1.22.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24790", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8803796c078fe993f501b97ea170ccd8766431cbf7fd63c9e89b967ac3262fc2", + "Title": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses", + "Description": "The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.", + "Severity": "CRITICAL", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 4, + "nvd": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 6.7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/06/04/1", + "https://access.redhat.com/errata/RHSA-2025:7256", + "https://access.redhat.com/security/cve/CVE-2024-24790", + "https://bugzilla.redhat.com/2237777", + "https://bugzilla.redhat.com/2237778", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2292787", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/2315719", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", + "https://errata.almalinux.org/9/ALSA-2025-7256.html", + "https://errata.rockylinux.org/RLSA-2025:7256", + "https://github.com/golang/go/commit/051bdf3fd12a40307606ff9381138039c5f452f0 (1.21)", + "https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca (1.22)", + "https://github.com/golang/go/issues/67680", + "https://go.dev/cl/590316", + "https://go.dev/issue/67680", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", + "https://linux.oracle.com/cve/CVE-2024-24790.html", + "https://linux.oracle.com/errata/ELSA-2025-7256.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24790", + "https://pkg.go.dev/vuln/GO-2024-2887", + "https://security.netapp.com/advisory/ntap-20240905-0002/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24790" + ], + "PublishedDate": "2024-06-05T16:15:10.56Z", + "LastModifiedDate": "2024-11-21T08:59:42.813Z" + }, + { + "VulnerabilityID": "CVE-2025-68121", + "VendorIDs": [ + "GO-2026-4337" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7740a96800e3667ab632ff3053b2b964df01a9283bc049863773799c4f04c18d", + "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", + "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 4, + "cbl-mariner": 2, + "nvd": 4, + "oracle-oval": 3, + "photon": 4, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 10 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-68121", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://github.com/golang/go/issues/77113", + "https://go.dev/cl/737700", + "https://go.dev/issue/77217", + "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-68121.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", + "https://pkg.go.dev/vuln/GO-2026-4337", + "https://www.cve.org/CVERecord?id=CVE-2025-68121" + ], + "PublishedDate": "2026-02-05T18:16:10.857Z", + "LastModifiedDate": "2026-04-29T14:16:16.17Z" + }, + { + "VulnerabilityID": "CVE-2022-41722", + "VendorIDs": [ + "GO-2023-1568" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.6, 1.20.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41722", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f8063f23d310aa8edccad2e55fd9eefc5e16a99a1f15b3f172bce8e538b0a092", + "Title": "golang: path/filepath: path-filepath filepath.Clean path traversal", + "Description": "A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as \"a/../c:/b\" into the valid path \"c:\\b\". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path \".\\c:\\b\".", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2022-41722", + "https://go.dev/cl/468123", + "https://go.dev/issue/57274", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41722", + "https://pkg.go.dev/vuln/GO-2023-1568", + "https://www.cve.org/CVERecord?id=CVE-2022-41722" + ], + "PublishedDate": "2023-02-28T18:15:09.887Z", + "LastModifiedDate": "2024-11-21T07:23:44.303Z" + }, + { + "VulnerabilityID": "CVE-2022-41723", + "VendorIDs": [ + "GHSA-vvpx-j8f3-3w6h", + "GO-2023-1571" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.6, 1.20.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bce00a1800d2238cfad4839b3e63b58184750e2d2394f75bd9a51cd32dba24b0", + "Title": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding", + "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2022-41723", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", + "https://go.dev/cl/468135", + "https://go.dev/cl/468295", + "https://go.dev/issue/57855", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://linux.oracle.com/cve/CVE-2022-41723.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", + "https://pkg.go.dev/vuln/GO-2023-1571", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230331-0010/", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://ubuntu.com/security/notices/USN-8089-1", + "https://ubuntu.com/security/notices/USN-8089-2", + "https://ubuntu.com/security/notices/USN-8089-3", + "https://vuln.go.dev/ID/GO-2023-1571.json", + "https://www.couchbase.com/alerts", + "https://www.couchbase.com/alerts/", + "https://www.cve.org/CVERecord?id=CVE-2022-41723" + ], + "PublishedDate": "2023-02-28T18:15:09.98Z", + "LastModifiedDate": "2025-05-05T16:15:20.433Z" + }, + { + "VulnerabilityID": "CVE-2022-41724", + "VendorIDs": [ + "GO-2023-1570" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.6, 1.20.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41724", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a63f44b7335b31397b3139fec01e8f48cbc10dd1b30cec4d10eacf88d0f3ee25", + "Title": "golang: crypto/tls: large handshake records may cause panics", + "Description": "Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth \u003e= RequestClientCert).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2022-41724", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://go.dev/cl/468125", + "https://go.dev/issue/58001", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://linux.oracle.com/cve/CVE-2022-41724.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41724", + "https://pkg.go.dev/vuln/GO-2023-1570", + "https://security.gentoo.org/glsa/202311-09", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2022-41724" + ], + "PublishedDate": "2023-02-28T18:15:10.043Z", + "LastModifiedDate": "2024-11-21T07:23:44.603Z" + }, + { + "VulnerabilityID": "CVE-2022-41725", + "VendorIDs": [ + "GO-2023-1569" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.6, 1.20.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41725", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:269e20a23c370b9ad9672165a75784a8191b2fc1ab0804c78aae0a0c69275f54", + "Title": "golang: net/http, mime/multipart: denial of service from excessive resource consumption", + "Description": "A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing \"up to maxMemory bytes +10MB (reserved for non-file parts) in memory\". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, \"If stored on disk, the File's underlying concrete type will be an *os.File.\". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2022-41725", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/5c55ac9bf1e5f779220294c843526536605f42ab [1.19]", + "https://go.dev/cl/468124", + "https://go.dev/issue/58006", + "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", + "https://linux.oracle.com/cve/CVE-2022-41725.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2022-41725", + "https://pkg.go.dev/vuln/GO-2023-1569", + "https://security.gentoo.org/glsa/202311-09", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2022-41725" + ], + "PublishedDate": "2023-02-28T18:15:10.12Z", + "LastModifiedDate": "2024-11-21T07:23:44.733Z" + }, + { + "VulnerabilityID": "CVE-2023-24534", + "VendorIDs": [ + "GO-2023-1704" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.8, 1.20.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24534", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:972e8f83c2e05947b1ac835779d76edf0e1888a8132802cb1fb85d1333cbb446", + "Title": "golang: net/http, net/textproto: denial of service from excessive memory allocation", + "Description": "HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24534", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/3991f6c41c7dfd167e889234c0cf1d840475e93c (go1.20.3)", + "https://github.com/golang/go/commit/d6759e7a059f4208f07aa781402841d7ddaaef96 (go1.19.8)", + "https://go.dev/cl/481994", + "https://go.dev/issue/58975", + "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", + "https://linux.oracle.com/cve/CVE-2023-24534.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24534", + "https://pkg.go.dev/vuln/GO-2023-1704", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230526-0007/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24534" + ], + "PublishedDate": "2023-04-06T16:15:07.657Z", + "LastModifiedDate": "2025-02-12T18:15:19.837Z" + }, + { + "VulnerabilityID": "CVE-2023-24536", + "VendorIDs": [ + "GO-2023-1705" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.8, 1.20.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24536", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:81885dda742ccaa999d19161793546c14fabd5067cd676ac9836ab3356812310", + "Title": "golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption", + "Description": "Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24536", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/7917b5f31204528ea72e0629f0b7d52b35b27538 (go.1.19.8)", + "https://github.com/golang/go/commit/bf8c7c575c8a552d9d79deb29e80854dc88528d0 (go1.20.3)", + "https://go.dev/cl/482075", + "https://go.dev/cl/482076", + "https://go.dev/cl/482077", + "https://go.dev/issue/59153", + "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", + "https://linux.oracle.com/cve/CVE-2023-24536.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24536", + "https://pkg.go.dev/vuln/GO-2023-1705", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230526-0007/", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24536" + ], + "PublishedDate": "2023-04-06T16:15:07.71Z", + "LastModifiedDate": "2025-02-12T18:15:20.083Z" + }, + { + "VulnerabilityID": "CVE-2023-24537", + "VendorIDs": [ + "GO-2023-1702" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.8, 1.20.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24537", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d3e9ace5a6688a352012c8d8cc8f39da8a3d3936a4ff893990dd4184c891c6be", + "Title": "golang: go/parser: Infinite loop in parsing", + "Description": "Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24537", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/126a1d02da82f93ede7ce0bd8d3c51ef627f2104 (go1.19.8)", + "https://github.com/golang/go/commit/e7c4b07ecf6b367f1afc9cc48cde963829dd0aab (go1.20.3)", + "https://github.com/golang/go/issues/59180", + "https://go.dev/cl/482078", + "https://go.dev/issue/59180", + "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", + "https://linux.oracle.com/cve/CVE-2023-24537.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24537", + "https://pkg.go.dev/vuln/GO-2023-1702", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20241129-0004/", + "https://ubuntu.com/security/notices/USN-6038-1", + "https://ubuntu.com/security/notices/USN-6038-2", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24537" + ], + "PublishedDate": "2023-04-06T16:15:07.753Z", + "LastModifiedDate": "2025-02-12T17:15:13.973Z" + }, + { + "VulnerabilityID": "CVE-2023-24539", + "VendorIDs": [ + "GO-2023-1751" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.9, 1.20.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24539", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bdfedff25c419e1a29cedfaf8b2ded39e7a02de5fe8c289b30164937f01a5436", + "Title": "golang: html/template: improper sanitization of CSS values", + "Description": "Angle brackets (\u003c\u003e) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-74", + "CWE-94" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-24539", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/090590fdccc8442728aa31601927da1bf2ef1288 (go1.20.4)", + "https://github.com/golang/go/commit/e49282327b05192e46086bf25fd3ac691205fe80 (go1.19.9)", + "https://github.com/golang/go/issues/59720", + "https://go.dev/cl/491615", + "https://go.dev/issue/59720", + "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", + "https://linux.oracle.com/cve/CVE-2023-24539.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24539", + "https://pkg.go.dev/vuln/GO-2023-1751", + "https://security.netapp.com/advisory/ntap-20241129-0005/", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://www.cve.org/CVERecord?id=CVE-2023-24539" + ], + "PublishedDate": "2023-05-11T16:15:09.6Z", + "LastModifiedDate": "2025-01-24T17:15:10.67Z" + }, + { + "VulnerabilityID": "CVE-2023-29400", + "VendorIDs": [ + "GO-2023-1753" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.9, 1.20.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29400", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9a2e83e8c6c052945dd72db18389ad1cfebc272cd598538d894f0c0847838298", + "Title": "golang: html/template: improper handling of empty HTML attributes", + "Description": "Templates containing actions in unquoted HTML attributes (e.g. \"attr={{.}}\") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-74", + "CWE-94" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "V3Score": 7.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-29400", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", + "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", + "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", + "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", + "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", + "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", + "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:6939", + "https://github.com/golang/go/commit/337dd75343145b74ed2073d793322eb4103b56ad (go1.20.4)", + "https://github.com/golang/go/commit/9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5 (go1.19.9)", + "https://github.com/golang/go/issues/59722", + "https://go.dev/cl/491617", + "https://go.dev/issue/59722", + "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", + "https://linux.oracle.com/cve/CVE-2023-29400.html", + "https://linux.oracle.com/errata/ELSA-2023-6939.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29400", + "https://pkg.go.dev/vuln/GO-2023-1753", + "https://security.netapp.com/advisory/ntap-20241213-0005/", + "https://ubuntu.com/security/notices/USN-6140-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29400" + ], + "PublishedDate": "2023-05-11T16:15:09.85Z", + "LastModifiedDate": "2025-01-24T17:15:12.747Z" + }, + { + "VulnerabilityID": "CVE-2023-29403", + "VendorIDs": [ + "GO-2023-1840" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.10, 1.20.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29403", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c318c40a0a611e885cda10e51a384fdc124fd9a8dece3cb2f6d55df9a57eda4d", + "Title": "golang: runtime: unexpected behavior of setuid/setgid binaries", + "Description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-668" + ], + "VendorSeverity": { + "alma": 4, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 4, + "photon": 3, + "redhat": 3, + "rocky": 4, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:3923", + "https://access.redhat.com/security/cve/CVE-2023-29403", + "https://bugzilla.redhat.com/2216965", + "https://bugzilla.redhat.com/2217562", + "https://bugzilla.redhat.com/2217565", + "https://bugzilla.redhat.com/2217569", + "https://bugzilla.redhat.com/show_bug.cgi?id=2216965", + "https://bugzilla.redhat.com/show_bug.cgi?id=2217562", + "https://bugzilla.redhat.com/show_bug.cgi?id=2217565", + "https://bugzilla.redhat.com/show_bug.cgi?id=2217569", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29402", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29403", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29404", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29405", + "https://errata.almalinux.org/9/ALSA-2023-3923.html", + "https://errata.rockylinux.org/RLSA-2023:3923", + "https://github.com/golang/go/commit/36144ba429ef2650940c72e7a0b932af3612d420 (go1.20.5)", + "https://github.com/golang/go/commit/a7b1cd452ddc69a6606c2f35ac5786dc892e62cb (go1.19.10)", + "https://github.com/golang/go/issues/60272", + "https://go.dev/cl/501223", + "https://go.dev/issue/60272", + "https://groups.google.com/g/golang-announce/c/q5135a9d924", + "https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ", + "https://linux.oracle.com/cve/CVE-2023-29403.html", + "https://linux.oracle.com/errata/ELSA-2023-3923.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZ2O6YCO2IZMZJELQGZYR2WAUNEDLYV6/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBS3IIK6ADV24C5ULQU55QLT2UE762ZX/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29403", + "https://pkg.go.dev/vuln/GO-2023-1840", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20241220-0009/", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29403" + ], + "PublishedDate": "2023-06-08T21:15:16.927Z", + "LastModifiedDate": "2025-01-06T20:15:25.82Z" + }, + { + "VulnerabilityID": "CVE-2023-39325", + "VendorIDs": [ + "GHSA-4374-p667-p6c8", + "GO-2023-2102" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.20.10, 1.21.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39325", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:32f3ae9d667c42356b100251444303b7961e32422f764a487b7a8bf9be1b112f", + "Title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", + "Description": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "oracle-oval": 2, + "redhat": 3, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "golang.org/x/net", + "https://access.redhat.com/errata/RHSA-2023:6077", + "https://access.redhat.com/security/cve/CVE-2023-39325", + "https://access.redhat.com/security/cve/CVE-2023-44487", + "https://bugzilla.redhat.com/2242803", + "https://bugzilla.redhat.com/2243296", + "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", + "https://bugzilla.redhat.com/show_bug.cgi?id=2243296", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487", + "https://errata.almalinux.org/9/ALSA-2023-6077.html", + "https://errata.rockylinux.org/RLSA-2023:6077", + "https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21]", + "https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20]", + "https://github.com/golang/go/issues/63417", + "https://go.dev/cl/534215", + "https://go.dev/cl/534235", + "https://go.dev/issue/63417", + "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", + "https://linux.oracle.com/cve/CVE-2023-39325.html", + "https://linux.oracle.com/errata/ELSA-2023-5867.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", + "https://pkg.go.dev/vuln/GO-2023-2102", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20231110-0008", + "https://security.netapp.com/advisory/ntap-20231110-0008/", + "https://ubuntu.com/security/notices/USN-6574-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", + "https://www.cve.org/CVERecord?id=CVE-2023-39325" + ], + "PublishedDate": "2023-10-11T22:15:09.88Z", + "LastModifiedDate": "2024-11-21T08:15:09.627Z" + }, + { + "VulnerabilityID": "CVE-2023-45283", + "VendorIDs": [ + "GO-2023-2185" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.20.11, 1.21.4, 1.20.12, 1.21.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f181b31a0b2199ef517f005c9ed002a9ae262fb48388e66615df82ba5399c79b", + "Title": "The filepath package does not recognize paths with a \\??\\ prefix as sp ...", + "Description": "The filepath package does not recognize paths with a \\??\\ prefix as special. On Windows, a path beginning with \\??\\ is a Root Local Device path equivalent to a path beginning with \\\\?\\. Paths with a \\??\\ prefix may be used to access arbitrary locations on the system. For example, the path \\??\\c:\\x is equivalent to the more common path c:\\x. Before fix, Clean could convert a rooted path such as \\a\\..\\??\\b into the root local device path \\??\\b. Clean will now convert this to .\\??\\b. Similarly, Join(\\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \\??\\b. Join will now convert this to \\.\\??\\b. In addition, with fix, IsAbs now correctly reports paths beginning with \\??\\ as absolute, and VolumeName correctly reports the \\??\\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \\?, resulting in filepath.Clean(\\?\\c:) returning \\?\\c: rather than \\?\\c:\\ (among other effects). The previous behavior has been restored.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-22" + ], + "VendorSeverity": { + "amazon": 2, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "photon": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2023/12/05/2", + "https://go.dev/cl/540277", + "https://go.dev/cl/541175", + "https://go.dev/issue/63713", + "https://go.dev/issue/64028", + "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY", + "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45283", + "https://pkg.go.dev/vuln/GO-2023-2185", + "https://security.netapp.com/advisory/ntap-20231214-0008/" + ], + "PublishedDate": "2023-11-09T17:15:08.757Z", + "LastModifiedDate": "2024-11-21T08:26:41.567Z" + }, + { + "VulnerabilityID": "CVE-2023-45287", + "VendorIDs": [ + "GO-2023-2375" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.20.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45287", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a281efe4814305f41f4e9a85bb2afed9ea1d5961a3c90f2dd01ea7ad6a756cba", + "Title": "golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.", + "Description": "Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-203" + ], + "VendorSeverity": { + "alma": 2, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "nvd": 3, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2272", + "https://access.redhat.com/security/cve/CVE-2023-45287", + "https://bugzilla.redhat.com/2253193", + "https://bugzilla.redhat.com/2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", + "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", + "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", + "https://errata.almalinux.org/9/ALSA-2024-2272.html", + "https://errata.rockylinux.org/RLSA-2024:2988", + "https://go.dev/cl/326012/26", + "https://go.dev/issue/20654", + "https://groups.google.com/g/golang-announce/c/QMK8IQALDvA", + "https://linux.oracle.com/cve/CVE-2023-45287.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45287", + "https://people.redhat.com/~hkario/marvin/", + "https://pkg.go.dev/vuln/GO-2023-2375", + "https://security.netapp.com/advisory/ntap-20240112-0005/", + "https://www.cve.org/CVERecord?id=CVE-2023-45287" + ], + "PublishedDate": "2023-12-05T17:15:08.57Z", + "LastModifiedDate": "2024-11-21T08:26:42.25Z" + }, + { + "VulnerabilityID": "CVE-2023-45288", + "VendorIDs": [ + "GHSA-4v7x-pqxf-cx7m", + "GO-2024-2687" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.21.9, 1.22.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f6be9f62129c24e80b5597380b940118bd36ed754f613d2fb0845717789a3f5e", + "Title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", + "Description": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "ghsa": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/04/03/16", + "http://www.openwall.com/lists/oss-security/2024/04/05/4", + "https://access.redhat.com/errata/RHSA-2024:2724", + "https://access.redhat.com/security/cve/CVE-2023-45288", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268018", + "https://bugzilla.redhat.com/2268019", + "https://bugzilla.redhat.com/2268273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://errata.almalinux.org/9/ALSA-2024-2724.html", + "https://errata.rockylinux.org/RLSA-2024:2724", + "https://go.dev/cl/576155", + "https://go.dev/issue/65051", + "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M", + "https://kb.cert.org/vuls/id/421644", + "https://linux.oracle.com/cve/CVE-2023-45288.html", + "https://linux.oracle.com/errata/ELSA-2024-3346.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/", + "https://nowotarski.info/http2-continuation-flood-technical-details", + "https://nowotarski.info/http2-continuation-flood/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45288", + "https://pkg.go.dev/vuln/GO-2024-2687", + "https://security.netapp.com/advisory/ntap-20240419-0009", + "https://security.netapp.com/advisory/ntap-20240419-0009/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2023-45288", + "https://www.kb.cert.org/vuls/id/421644" + ], + "PublishedDate": "2024-04-04T21:15:16.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-34156", + "VendorIDs": [ + "GO-2024-3106" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.22.7, 1.23.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34156", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:37d8bcf0b840db0ef0ae42b284dbf936b2cca9cbd0f17d9b260c3a92eed4c881", + "Title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion", + "Description": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", + "Severity": "HIGH", + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:3773", + "https://access.redhat.com/security/cve/CVE-2024-34156", + "https://bugzilla.redhat.com/2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.almalinux.org/9/ALSA-2025-3773.html", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7)", + "https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1)", + "https://go.dev/cl/611239", + "https://go.dev/issue/69139", + "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", + "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", + "https://linux.oracle.com/cve/CVE-2024-34156.html", + "https://linux.oracle.com/errata/ELSA-2025-3773.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-34156", + "https://pkg.go.dev/vuln/GO-2024-3106", + "https://security.netapp.com/advisory/ntap-20240926-0004/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-34156" + ], + "PublishedDate": "2024-09-06T21:15:12.02Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61726", + "VendorIDs": [ + "GO-2026-4341" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:181c81d64a32e335780303fc7761d90274ebc76aff13fcf7cd9f49bed47ac1b4", + "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", + "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 3, + "cbl-mariner": 2, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4177", + "https://access.redhat.com/security/cve/CVE-2025-61726", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-4177.html", + "https://errata.rockylinux.org/RLSA-2026:4177", + "https://go.dev/cl/736712", + "https://go.dev/issue/77101", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61726.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", + "https://pkg.go.dev/vuln/GO-2026-4341", + "https://www.cve.org/CVERecord?id=CVE-2025-61726" + ], + "PublishedDate": "2026-01-28T20:16:09.713Z", + "LastModifiedDate": "2026-02-06T18:47:34.52Z" + }, + { + "VulnerabilityID": "CVE-2025-61729", + "VendorIDs": [ + "GO-2025-4155" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:abe15e6f740d63febc0702199fa3be24f1647f94e0d2aeece2decf0c7cdd60c4", + "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", + "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 1, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:3928", + "https://access.redhat.com/security/cve/CVE-2025-61729", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3928.html", + "https://errata.rockylinux.org/RLSA-2026:3928", + "https://go.dev/cl/725920", + "https://go.dev/issue/76445", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://linux.oracle.com/cve/CVE-2025-61729.html", + "https://linux.oracle.com/errata/ELSA-2026-5146.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", + "https://pkg.go.dev/vuln/GO-2025-4155", + "https://www.cve.org/CVERecord?id=CVE-2025-61729" + ], + "PublishedDate": "2025-12-02T19:15:51.447Z", + "LastModifiedDate": "2025-12-19T18:25:28.283Z" + }, + { + "VulnerabilityID": "CVE-2026-25679", + "VendorIDs": [ + "GO-2026-4601" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5d811edcb18298105199bbdf6697cba230737a059a3cd8cc23efcc76f080a1a9", + "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", + "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-425" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:9044", + "https://access.redhat.com/security/cve/CVE-2026-25679", + "https://bugzilla.redhat.com/2445356", + "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", + "https://errata.almalinux.org/9/ALSA-2026-9044.html", + "https://errata.rockylinux.org/RLSA-2026:8841", + "https://go.dev/cl/752180", + "https://go.dev/issue/77578", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://linux.oracle.com/cve/CVE-2026-25679.html", + "https://linux.oracle.com/errata/ELSA-2026-9044.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", + "https://pkg.go.dev/vuln/GO-2026-4601", + "https://www.cve.org/CVERecord?id=CVE-2026-25679" + ], + "PublishedDate": "2026-03-06T22:16:00.72Z", + "LastModifiedDate": "2026-04-21T14:43:03.8Z" + }, + { + "VulnerabilityID": "CVE-2026-32280", + "VendorIDs": [ + "GO-2026-4947" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:7ba4c6d596d13262ce37232d2662abbf7ecae4b02510be295052cab82b3bdb7f", + "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", + "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32280", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/758320", + "https://go.dev/issue/78282", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32280.html", + "https://linux.oracle.com/errata/ELSA-2026-16875.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", + "https://pkg.go.dev/vuln/GO-2026-4947", + "https://www.cve.org/CVERecord?id=CVE-2026-32280" + ], + "PublishedDate": "2026-04-08T02:16:03.247Z", + "LastModifiedDate": "2026-04-16T19:16:42.18Z" + }, + { + "VulnerabilityID": "CVE-2026-32281", + "VendorIDs": [ + "GO-2026-4946" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e56849be0f1dce8c8b91afbb9346e451bb9970fa48251c32ce9015cafb71d70b", + "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", + "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32281", + "https://go.dev/cl/758061", + "https://go.dev/issue/78281", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", + "https://pkg.go.dev/vuln/GO-2026-4946", + "https://www.cve.org/CVERecord?id=CVE-2026-32281" + ], + "PublishedDate": "2026-04-08T02:16:03.35Z", + "LastModifiedDate": "2026-04-16T19:15:57.75Z" + }, + { + "VulnerabilityID": "CVE-2026-32283", + "VendorIDs": [ + "GO-2026-4870" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6f3c01031a807df8cbc956c45d9f624dfe330b46a6ce5a21b3029d5662a0dfc5", + "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", + "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "nvd": 3, + "oracle-oval": 3, + "redhat": 3, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32283", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763767", + "https://go.dev/issue/78334", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32283.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", + "https://pkg.go.dev/vuln/GO-2026-4870", + "https://www.cve.org/CVERecord?id=CVE-2026-32283" + ], + "PublishedDate": "2026-04-08T02:16:03.58Z", + "LastModifiedDate": "2026-04-16T19:12:10.54Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:83120e85f61a7c54b012cbcdaafa3983ab5a5f45943d3f7e789dd43f232c5625", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4f45024d3fd77f6e8ceb3121c8db4ceb6ceec9766749095125b24bc44ca97f85", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:248ea6931e7670cfdab2dab79cab4bed8ed1cd3c9f66c8c7535f0ae4fb47a67d", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:76929011b788af6a3291a3b5100a0ceec6807048039ca552c55c6ddb11518ee8", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:bc0c240af7bad79be8cc558195a2eacaaaf3e3e47179c7cca74bb686050b4c7d", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2023-24532", + "VendorIDs": [ + "GO-2023-1621" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.7, 1.20.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24532", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:29671bca4f9eb6693c2d8d3f38cc67c380adb1b80a302cb311917ab32ae42cec", + "Title": "golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results", + "Description": "The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-682" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2023-24532", + "https://go.dev/cl/471255", + "https://go.dev/issue/58647", + "https://groups.google.com/g/golang-announce/c/3-TpUx48iQY", + "https://nvd.nist.gov/vuln/detail/CVE-2023-24532", + "https://pkg.go.dev/vuln/GO-2023-1621", + "https://security.netapp.com/advisory/ntap-20230331-0011/", + "https://www.cve.org/CVERecord?id=CVE-2023-24532" + ], + "PublishedDate": "2023-03-08T20:15:09.413Z", + "LastModifiedDate": "2024-11-21T07:48:04.383Z" + }, + { + "VulnerabilityID": "CVE-2023-29406", + "VendorIDs": [ + "GO-2023-1878" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.11, 1.20.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29406", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:38e3f306d927d80632017510da112f9ce1b1bedbf99016453c9662b589b3cd32", + "Title": "golang: net/http: insufficient sanitization of Host header", + "Description": "The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-436" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:6474", + "https://access.redhat.com/security/cve/CVE-2023-29406", + "https://bugzilla.redhat.com/2174485", + "https://bugzilla.redhat.com/2178358", + "https://bugzilla.redhat.com/2178488", + "https://bugzilla.redhat.com/2178492", + "https://bugzilla.redhat.com/2184481", + "https://bugzilla.redhat.com/2184482", + "https://bugzilla.redhat.com/2184483", + "https://bugzilla.redhat.com/2184484", + "https://bugzilla.redhat.com/2196026", + "https://bugzilla.redhat.com/2196027", + "https://bugzilla.redhat.com/2196029", + "https://bugzilla.redhat.com/2222167", + "https://bugzilla.redhat.com/2228689", + "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", + "https://bugzilla.redhat.com/show_bug.cgi?id=2242871", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", + "https://errata.almalinux.org/9/ALSA-2023-6474.html", + "https://errata.rockylinux.org/RLSA-2023:7202", + "https://github.com/golang/go/commit/312920c00aac9897b2a0693e752390b5b0711a5a (go1.20.6)", + "https://github.com/golang/go/commit/5fa6923b1ea891400153d04ddf1545e23b40041b (go1.19.11)", + "https://github.com/golang/go/issues/60374", + "https://go.dev/cl/506996", + "https://go.dev/issue/60374", + "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0", + "https://linux.oracle.com/cve/CVE-2023-29406.html", + "https://linux.oracle.com/errata/ELSA-2023-7202.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29406", + "https://pkg.go.dev/vuln/GO-2023-1878", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230814-0002/", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://www.cve.org/CVERecord?id=CVE-2023-29406" + ], + "PublishedDate": "2023-07-11T20:15:10.643Z", + "LastModifiedDate": "2024-11-21T07:56:59.913Z" + }, + { + "VulnerabilityID": "CVE-2023-29409", + "VendorIDs": [ + "GO-2023-1987" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.19.12, 1.20.7, 1.21.0-rc.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29409", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4d5f55332c355531dd1f13f52555279ea58f0e77a154b78d2831f65bdef27718", + "Title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys", + "Description": "Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to \u003c= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-400" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2023:7766", + "https://access.redhat.com/security/cve/CVE-2023-29409", + "https://bugzilla.redhat.com/2228743", + "https://bugzilla.redhat.com/2237773", + "https://bugzilla.redhat.com/2237776", + "https://bugzilla.redhat.com/2237777", + "https://bugzilla.redhat.com/2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", + "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", + "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", + "https://errata.almalinux.org/9/ALSA-2023-7766.html", + "https://errata.rockylinux.org/RLSA-2024:2988", + "https://go.dev/cl/515257", + "https://go.dev/issue/61460", + "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ", + "https://linux.oracle.com/cve/CVE-2023-29409.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-29409", + "https://pkg.go.dev/vuln/GO-2023-1987", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20230831-0010/", + "https://www.cve.org/CVERecord?id=CVE-2023-29409" + ], + "PublishedDate": "2023-08-02T20:15:11.94Z", + "LastModifiedDate": "2024-11-21T07:57:00.287Z" + }, + { + "VulnerabilityID": "CVE-2023-39318", + "VendorIDs": [ + "GO-2023-2041" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.20.8, 1.21.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39318", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5068dedd2bdbac42f4ffb3fa94bd0e312cc32031f1a05c5040539212088c5b2b", + "Title": "golang: html/template: improper handling of HTML-like comments within script contexts", + "Description": "The html/template package does not properly handle HTML-like \"\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2160", + "https://access.redhat.com/security/cve/CVE-2023-39318", + "https://bugzilla.redhat.com/2237773", + "https://bugzilla.redhat.com/2237776", + "https://bugzilla.redhat.com/2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", + "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", + "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", + "https://errata.almalinux.org/9/ALSA-2024-2160.html", + "https://errata.rockylinux.org/RLSA-2024:2988", + "https://github.com/golang/go/commit/023b542edf38e2a1f87fcefb9f75ff2f99401b4c (go1.20.8)", + "https://github.com/golang/go/commit/b0e1d3ea26e8e8fce7726690c9ef0597e60739fb (go1.21.1)", + "https://go.dev/cl/526156", + "https://go.dev/issue/62196", + "https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM", + "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", + "https://linux.oracle.com/cve/CVE-2023-39318.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-39318", + "https://pkg.go.dev/vuln/GO-2023-2041", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20231020-0009/", + "https://ubuntu.com/security/notices/USN-6574-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://vuln.go.dev/ID/GO-2023-2041.json", + "https://www.cve.org/CVERecord?id=CVE-2023-39318" + ], + "PublishedDate": "2023-09-08T17:15:27.823Z", + "LastModifiedDate": "2024-11-21T08:15:08.737Z" + }, + { + "VulnerabilityID": "CVE-2023-39319", + "VendorIDs": [ + "GO-2023-2043" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.20.8, 1.21.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39319", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e4d6e843468339cde7a767bb38d37de85cfc1d9e662b67545087b4d46fead81f", + "Title": "golang: html/template: improper handling of special tags within script contexts", + "Description": "The html/template package does not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2160", + "https://access.redhat.com/security/cve/CVE-2023-39319", + "https://bugzilla.redhat.com/2237773", + "https://bugzilla.redhat.com/2237776", + "https://bugzilla.redhat.com/2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", + "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", + "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", + "https://errata.almalinux.org/9/ALSA-2024-2160.html", + "https://errata.rockylinux.org/RLSA-2024:2988", + "https://github.com/golang/go/commit/2070531d2f53df88e312edace6c8dfc9686ab2f5 (go1.20.8)", + "https://github.com/golang/go/commit/bbd043ff0d6d59f1a9232d31ecd5eacf6507bf6a (go1.21.1)", + "https://go.dev/cl/526157", + "https://go.dev/issue/62197", + "https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM", + "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", + "https://linux.oracle.com/cve/CVE-2023-39319.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-39319", + "https://pkg.go.dev/vuln/GO-2023-2043", + "https://security.gentoo.org/glsa/202311-09", + "https://security.netapp.com/advisory/ntap-20231020-0009/", + "https://ubuntu.com/security/notices/USN-6574-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://vuln.go.dev/ID/GO-2023-2043.json", + "https://www.cve.org/CVERecord?id=CVE-2023-39319" + ], + "PublishedDate": "2023-09-08T17:15:27.91Z", + "LastModifiedDate": "2024-11-21T08:15:08.89Z" + }, + { + "VulnerabilityID": "CVE-2023-39326", + "VendorIDs": [ + "GO-2023-2382" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.20.12, 1.21.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39326", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:41179a56d694ad09d1ddc67c1fc96f31b62f79bce42b1744f42d4ffde2c0866e", + "Title": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests", + "Description": "A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:2272", + "https://access.redhat.com/security/cve/CVE-2023-39326", + "https://bugzilla.redhat.com/2253193", + "https://bugzilla.redhat.com/2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", + "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", + "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", + "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", + "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", + "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", + "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", + "https://errata.almalinux.org/9/ALSA-2024-2272.html", + "https://errata.rockylinux.org/RLSA-2024:2988", + "https://github.com/golang/go/commit/6446af942e2e2b161c4ec1b60d9703a2b55dc4dd (go1.20.12)", + "https://github.com/golang/go/commit/ec8c526e4be720e94b98ca509e6364f0efaf28f7 (go1.21.5)", + "https://go.dev/cl/547335", + "https://go.dev/issue/64433", + "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", + "https://linux.oracle.com/cve/CVE-2023-39326.html", + "https://linux.oracle.com/errata/ELSA-2024-2988.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIU6HOGV6RRIKWM57LOXQA75BGZSIH6G/", + "https://nvd.nist.gov/vuln/detail/CVE-2023-39326", + "https://pkg.go.dev/vuln/GO-2023-2382", + "https://ubuntu.com/security/notices/USN-6574-1", + "https://www.cve.org/CVERecord?id=CVE-2023-39326" + ], + "PublishedDate": "2023-12-06T17:15:07.147Z", + "LastModifiedDate": "2024-11-21T08:15:09.89Z" + }, + { + "VulnerabilityID": "CVE-2023-45284", + "VendorIDs": [ + "GO-2023-2186" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.20.11, 1.21.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45284", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:224aa7cafc846f9e8320ccee4b9e4ff4b77f2a7d0c1ea5ced378ea0ee75a61f3", + "Title": "On Windows, The IsLocal function does not correctly detect reserved de ...", + "Description": "On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as \"COM1 \", and reserved names \"COM\" and \"LPT\" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "photon": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/540277", + "https://go.dev/issue/63713", + "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45284", + "https://pkg.go.dev/vuln/GO-2023-2186" + ], + "PublishedDate": "2023-11-09T17:15:08.813Z", + "LastModifiedDate": "2024-11-21T08:26:41.737Z" + }, + { + "VulnerabilityID": "CVE-2023-45289", + "VendorIDs": [ + "GO-2024-2600" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:70cd8eea89882d751fcc2faeb412709535d7586c7afac25c554cf7eb435dc09a", + "Title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", + "Description": "When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:2724", + "https://access.redhat.com/security/cve/CVE-2023-45289", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268018", + "https://bugzilla.redhat.com/2268019", + "https://bugzilla.redhat.com/2268273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://errata.almalinux.org/9/ALSA-2024-2724.html", + "https://errata.rockylinux.org/RLSA-2024:2724", + "https://github.com/golang/go/commit/20586c0dbe03d144f914155f879fa5ee287591a1 (go1.21.8)", + "https://github.com/golang/go/commit/3a855208e3efed2e9d7c20ad023f1fa78afcc0be (go1.22.1)", + "https://github.com/golang/go/issues/65065", + "https://go.dev/cl/569340", + "https://go.dev/issue/65065", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2023-45289.html", + "https://linux.oracle.com/errata/ELSA-2024-3346.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", + "https://pkg.go.dev/vuln/GO-2024-2600", + "https://security.netapp.com/advisory/ntap-20240329-0006/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://www.cve.org/CVERecord?id=CVE-2023-45289" + ], + "PublishedDate": "2024-03-05T23:15:07.137Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2023-45290", + "VendorIDs": [ + "GO-2024-2599" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45290", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:e31c5afe6927f3943c4a81abe6a9624cfa8561345ed7c0a8276192d95a2a31d5", + "Title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", + "Description": "When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:9135", + "https://access.redhat.com/security/cve/CVE-2023-45290", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268022", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://errata.almalinux.org/9/ALSA-2024-9135.html", + "https://errata.rockylinux.org/RLSA-2024:9135", + "https://github.com/golang/go/commit/041a47712e765e94f86d841c3110c840e76d8f82 (go1.22.1)", + "https://github.com/golang/go/commit/bf80213b121074f4ad9b449410a4d13bae5e9be0 (go1.21.8)", + "https://github.com/golang/go/issues/65383", + "https://go.dev/cl/569341", + "https://go.dev/issue/65383", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2023-45290.html", + "https://linux.oracle.com/errata/ELSA-2024-8038.html", + "https://nvd.nist.gov/vuln/detail/CVE-2023-45290", + "https://pkg.go.dev/vuln/GO-2024-2599", + "https://security.netapp.com/advisory/ntap-20240329-0004", + "https://security.netapp.com/advisory/ntap-20240329-0004/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2023-45290" + ], + "PublishedDate": "2024-03-05T23:15:07.21Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-24783", + "VendorIDs": [ + "GO-2024-2598" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24783", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c94893d8d04872a7a9ed7cfb56b0171957f4bdd080870a84754b9ff979de3592", + "Title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", + "Description": "Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:6195", + "https://access.redhat.com/security/cve/CVE-2024-24783", + "https://bugzilla.redhat.com/2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://errata.almalinux.org/9/ALSA-2024-6195.html", + "https://errata.rockylinux.org/RLSA-2024:2724", + "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp", + "https://github.com/golang/go/commit/337b8e9cbfa749d9d5c899e0dc358e2208d5e54f (go1.22.1)", + "https://github.com/golang/go/commit/be5b52bea674190ef7de272664be6c7ae93ec5a0 (go1.21.8)", + "https://github.com/golang/go/issues/65390", + "https://go.dev/cl/569339", + "https://go.dev/issue/65390", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2024-24783.html", + "https://linux.oracle.com/errata/ELSA-2024-6969.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24783", + "https://pkg.go.dev/vuln/GO-2024-2598", + "https://security.netapp.com/advisory/ntap-20240329-0005", + "https://security.netapp.com/advisory/ntap-20240329-0005/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24783" + ], + "PublishedDate": "2024-03-05T23:15:07.683Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-24784", + "VendorIDs": [ + "GO-2024-2609" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24784", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:49b7957f7b2c18863c9e96dc47db5f04708fd4aeb38d35e5ea62473fa761aa4c", + "Title": "golang: net/mail: comments in display names are incorrectly handled", + "Description": "The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:2562", + "https://access.redhat.com/security/cve/CVE-2024-24784", + "https://bugzilla.redhat.com/2262921", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268018", + "https://bugzilla.redhat.com/2268019", + "https://bugzilla.redhat.com/2268021", + "https://bugzilla.redhat.com/2268022", + "https://bugzilla.redhat.com/2268273", + "https://bugzilla.redhat.com/show_bug.cgi?id=2262921", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268021", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24784", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", + "https://errata.almalinux.org/9/ALSA-2024-2562.html", + "https://errata.rockylinux.org/RLSA-2024:2562", + "https://github.com/golang/go/commit/263c059b09fdd40d9dd945f2ecb20c89ea28efe5 (go1.21.8)", + "https://github.com/golang/go/commit/5330cd225ba54c7dc78c1b46dcdf61a4671a632c (go1.22.1)", + "https://github.com/golang/go/issues/65083", + "https://go.dev/cl/555596", + "https://go.dev/issue/65083", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2024-24784.html", + "https://linux.oracle.com/errata/ELSA-2024-6969.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24784", + "https://pkg.go.dev/vuln/GO-2024-2609", + "https://security.netapp.com/advisory/ntap-20240329-0007/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24784" + ], + "PublishedDate": "2024-03-05T23:15:07.733Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-24785", + "VendorIDs": [ + "GO-2024-2610" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.21.8, 1.22.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24785", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:cee21c20d0d01583b7478be478d26da0beed4077249a0a9e4523d28727a5c8db", + "Title": "golang: html/template: errors returned from MarshalJSON methods may break template escaping", + "Description": "If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/03/08/4", + "https://access.redhat.com/errata/RHSA-2024:9135", + "https://access.redhat.com/security/cve/CVE-2024-24785", + "https://bugzilla.redhat.com/2268017", + "https://bugzilla.redhat.com/2268022", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", + "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://errata.almalinux.org/9/ALSA-2024-9135.html", + "https://errata.rockylinux.org/RLSA-2024:9135", + "https://github.com/golang/go/commit/056b0edcb8c152152021eebf4cf42adbfbe77992 (go1.22.1)", + "https://github.com/golang/go/commit/3643147a29352ca2894fd5d0d2069bc4b4335a7e (go1.21.8)", + "https://github.com/golang/go/issues/65697", + "https://go.dev/cl/564196", + "https://go.dev/issue/65697", + "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "https://linux.oracle.com/cve/CVE-2024-24785.html", + "https://linux.oracle.com/errata/ELSA-2026-3428.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24785", + "https://pkg.go.dev/vuln/GO-2024-2610", + "https://security.netapp.com/advisory/ntap-20240329-0008/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7061-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://vuln.go.dev/ID/GO-2024-2610.json", + "https://www.cve.org/CVERecord?id=CVE-2024-24785" + ], + "PublishedDate": "2024-03-05T23:15:07.777Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-24789", + "VendorIDs": [ + "GO-2024-2888" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.21.11, 1.22.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24789", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:fba2082adce1e9d10e95bb8cf345b7f44868fa938996d5a40297d9b6b728705e", + "Title": "golang: archive/zip: Incorrect handling of certain ZIP files", + "Description": "The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "nvd": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2024/06/04/1", + "https://access.redhat.com/errata/RHSA-2024:9115", + "https://access.redhat.com/security/cve/CVE-2024-24789", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2292668", + "https://bugzilla.redhat.com/2292787", + "https://bugzilla.redhat.com/2294000", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2144983", + "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", + "https://bugzilla.redhat.com/show_bug.cgi?id=2292668", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4122", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3727", + "https://errata.almalinux.org/9/ALSA-2024-9115.html", + "https://errata.rockylinux.org/RLSA-2024:9102", + "https://github.com/golang/go/commit/c8e40338cf00f3c1d86c8fb23863ad67a4c72bcc (1.21)", + "https://github.com/golang/go/commit/cf501ac0c5fe351a8582d20b43562027927906e7 (1.22)", + "https://github.com/golang/go/issues/66869", + "https://go.dev/cl/585397", + "https://go.dev/issue/66869", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", + "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", + "https://linux.oracle.com/cve/CVE-2024-24789.html", + "https://linux.oracle.com/errata/ELSA-2024-9115.html", + "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24789", + "https://pkg.go.dev/vuln/GO-2024-2888", + "https://security.netapp.com/advisory/ntap-20250131-0008/", + "https://ubuntu.com/security/notices/USN-6886-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24789" + ], + "PublishedDate": "2024-06-05T16:15:10.47Z", + "LastModifiedDate": "2025-01-31T15:15:12.74Z" + }, + { + "VulnerabilityID": "CVE-2024-24791", + "VendorIDs": [ + "GO-2024-2963" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.21.12, 1.22.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24791", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a338a1059fbb3495f90b1e1a875395f2887aef6aa80aa35ff9024cb41d7b3c36", + "Title": "net/http: Denial of service due to improper 100-continue handling in net/http", + "Description": "The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an \"Expect: 100-continue\" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending \"Expect: 100-continue\" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7256", + "https://access.redhat.com/security/cve/CVE-2024-24791", + "https://bugzilla.redhat.com/2237777", + "https://bugzilla.redhat.com/2237778", + "https://bugzilla.redhat.com/2279814", + "https://bugzilla.redhat.com/2292787", + "https://bugzilla.redhat.com/2295310", + "https://bugzilla.redhat.com/2315719", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", + "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", + "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", + "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", + "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", + "https://errata.almalinux.org/9/ALSA-2025-7256.html", + "https://errata.rockylinux.org/RLSA-2025:7256", + "https://go.dev/cl/591255", + "https://go.dev/issue/67555", + "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ", + "https://linux.oracle.com/cve/CVE-2024-24791.html", + "https://linux.oracle.com/errata/ELSA-2025-7256.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-24791", + "https://pkg.go.dev/vuln/GO-2024-2963", + "https://security.netapp.com/advisory/ntap-20241004-0004/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-24791" + ], + "PublishedDate": "2024-07-02T22:15:04.833Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-34155", + "VendorIDs": [ + "GO-2024-3105" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.22.7, 1.23.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34155", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f62137d5251fcb141fc8399085898bcc5fb8643b0f533ab1408f0bc14be49687", + "Title": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion", + "Description": "Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2024:9459", + "https://access.redhat.com/security/cve/CVE-2024-34155", + "https://bugzilla.redhat.com/2310527", + "https://bugzilla.redhat.com/2310528", + "https://bugzilla.redhat.com/2310529", + "https://bugzilla.redhat.com/2315691", + "https://bugzilla.redhat.com/2315887", + "https://bugzilla.redhat.com/2317458", + "https://bugzilla.redhat.com/2317467", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", + "https://errata.almalinux.org/9/ALSA-2024-9459.html", + "https://errata.rockylinux.org/RLSA-2024:8039", + "https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1)", + "https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7)", + "https://go.dev/cl/611238", + "https://go.dev/issue/69138", + "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", + "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", + "https://linux.oracle.com/cve/CVE-2024-34155.html", + "https://linux.oracle.com/errata/ELSA-2024-9459.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-34155", + "https://pkg.go.dev/vuln/GO-2024-3105", + "https://security.netapp.com/advisory/ntap-20240926-0005/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-34155" + ], + "PublishedDate": "2024-09-06T21:15:11.947Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-34158", + "VendorIDs": [ + "GO-2024-3107" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.22.7, 1.23.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34158", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:ae51e5d43fb278b56e41b3c170cdaf2711319f66578e4bfedc28c8d427174617", + "Title": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion", + "Description": "Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-674" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:7118", + "https://access.redhat.com/security/cve/CVE-2024-34158", + "https://bugzilla.redhat.com/2262921", + "https://bugzilla.redhat.com/2310529", + "https://bugzilla.redhat.com/2315719", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", + "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", + "https://errata.almalinux.org/9/ALSA-2025-7118.html", + "https://errata.rockylinux.org/RLSA-2024:8039", + "https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1)", + "https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7)", + "https://go.dev/cl/611240", + "https://go.dev/issue/69141", + "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", + "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", + "https://linux.oracle.com/cve/CVE-2024-34158.html", + "https://linux.oracle.com/errata/ELSA-2025-7118.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-34158", + "https://pkg.go.dev/vuln/GO-2024-3107", + "https://security.netapp.com/advisory/ntap-20241004-0003/", + "https://ubuntu.com/security/notices/USN-7081-1", + "https://ubuntu.com/security/notices/USN-7109-1", + "https://ubuntu.com/security/notices/USN-7111-1", + "https://www.cve.org/CVERecord?id=CVE-2024-34158" + ], + "PublishedDate": "2024-09-06T21:15:12.083Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-45336", + "VendorIDs": [ + "GO-2025-3420" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:c14ef97ec56baf2619235292569636b8f123c7f0cc112f0b4c01a95499c2295d", + "Title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", + "Description": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 2, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 3, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:3772", + "https://access.redhat.com/security/cve/CVE-2024-45336", + "https://bugzilla.redhat.com/2341750", + "https://bugzilla.redhat.com/2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.almalinux.org/8/ALSA-2025-3772.html", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/issues/70530", + "https://go.dev/cl/643100", + "https://go.dev/issue/70530", + "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI", + "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", + "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", + "https://linux.oracle.com/cve/CVE-2024-45336.html", + "https://linux.oracle.com/errata/ELSA-2025-7592.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-45336", + "https://pkg.go.dev/vuln/GO-2025-3420", + "https://security.netapp.com/advisory/ntap-20250221-0003/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2024-45336" + ], + "PublishedDate": "2025-01-28T02:15:28.807Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-0913", + "VendorIDs": [ + "GO-2025-3750" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:14ddebbee470370c02c409a533d7ea4a592dad4b8c1c98a240858f92d196810b", + "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", + "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 5.5 + } + }, + "References": [ + "https://go.dev/cl/672396", + "https://go.dev/issue/73702", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", + "https://pkg.go.dev/vuln/GO-2025-3750" + ], + "PublishedDate": "2025-06-11T18:15:24.627Z", + "LastModifiedDate": "2025-08-08T14:53:03.55Z" + }, + { + "VulnerabilityID": "CVE-2025-22866", + "VendorIDs": [ + "GO-2025-3447" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:fdab53a51469005bfd93892d21e0dc7586862838f05b58c7a4102b9104683122", + "Title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", + "Description": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-22866", + "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", + "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", + "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", + "https://errata.rockylinux.org/RLSA-2025:3773", + "https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12)", + "https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6)", + "https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)", + "https://github.com/golang/go/issues/71383", + "https://go.dev/cl/643735", + "https://go.dev/issue/71383", + "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", + "https://linux.oracle.com/cve/CVE-2025-22866.html", + "https://linux.oracle.com/errata/ELSA-2025-7466.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22866", + "https://pkg.go.dev/vuln/GO-2025-3447", + "https://security.netapp.com/advisory/ntap-20250221-0002/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22866" + ], + "PublishedDate": "2025-02-06T17:15:21.41Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-22870", + "VendorIDs": [ + "GHSA-qxp5-gwg8-xv66", + "GO-2025-3503" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.23.7, 1.24.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:2907e9ab9b01a306610b07f7cea441309f05d427c9abfcc859c3e6d8605e772a", + "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", + "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-115" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 4.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/03/07/2", + "https://access.redhat.com/security/cve/CVE-2025-22870", + "https://github.com/golang/go/issues/71984", + "https://go-review.googlesource.com/q/project:net", + "https://go.dev/cl/654697", + "https://go.dev/issue/71984", + "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", + "https://pkg.go.dev/vuln/GO-2025-3503", + "https://security.netapp.com/advisory/ntap-20250509-0007", + "https://security.netapp.com/advisory/ntap-20250509-0007/", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-22870" + ], + "PublishedDate": "2025-03-12T19:15:38.31Z", + "LastModifiedDate": "2026-04-16T23:16:32.86Z" + }, + { + "VulnerabilityID": "CVE-2025-22871", + "VendorIDs": [ + "GO-2025-3563" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.23.8, 1.24.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:28fbf2d6b32cb8c3fd90e4177de755d5fbb8509f117c5561d95b1fc490b889ed", + "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", + "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "bitnami": 4, + "cbl-mariner": 3, + "ghsa": 4, + "oracle-oval": 2, + "photon": 4, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 9.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/04/4", + "https://access.redhat.com/errata/RHSA-2025:9635", + "https://access.redhat.com/security/cve/CVE-2025-22871", + "https://bugzilla.redhat.com/2358493", + "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", + "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", + "https://errata.almalinux.org/9/ALSA-2025-9635.html", + "https://errata.rockylinux.org/RLSA-2025:9635", + "https://github.com/roadrunner-server/roadrunner", + "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", + "https://github.com/roadrunner-server/roadrunner/issues/2166", + "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", + "https://go.dev/cl/652998", + "https://go.dev/issue/71988", + "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", + "https://linux.oracle.com/cve/CVE-2025-22871.html", + "https://linux.oracle.com/errata/ELSA-2025-9845.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", + "https://pkg.go.dev/vuln/GO-2025-3563", + "https://www.cve.org/CVERecord?id=CVE-2025-22871" + ], + "PublishedDate": "2025-04-08T20:15:20.183Z", + "LastModifiedDate": "2026-05-12T13:16:39.897Z" + }, + { + "VulnerabilityID": "CVE-2025-22873", + "VendorIDs": [ + "GO-2026-4403" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.23.9, 1.24.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:00d7abccbe5efbc0f96ae5f671a7af06d8ccdee974d39f5944c3cce4748da71e", + "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", + "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-23" + ], + "VendorSeverity": { + "amazon": 2, + "bitnami": 1, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "V3Score": 3.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/05/06/2", + "https://access.redhat.com/security/cve/CVE-2025-22873", + "https://go.dev/cl/670036", + "https://go.dev/issue/73555", + "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", + "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", + "https://pkg.go.dev/vuln/GO-2026-4403", + "https://www.cve.org/CVERecord?id=CVE-2025-22873" + ], + "PublishedDate": "2026-02-04T23:15:54.22Z", + "LastModifiedDate": "2026-02-10T15:16:40.057Z" + }, + { + "VulnerabilityID": "CVE-2025-4673", + "VendorIDs": [ + "GO-2025-3751" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.23.10, 1.24.4", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5c91e4fd9a76acfe823b6e3fec59ef1a1cc667a1960f73203cce377535c3b1fd", + "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", + "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "redhat": 2, + "rocky": 2, + "ubuntu": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", + "V3Score": 6.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2025:15887", + "https://access.redhat.com/security/cve/CVE-2025-4673", + "https://bugzilla.redhat.com/2373305", + "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", + "https://errata.almalinux.org/9/ALSA-2025-15887.html", + "https://errata.rockylinux.org/RLSA-2025:15887", + "https://go.dev/cl/679257", + "https://go.dev/issue/73816", + "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", + "https://linux.oracle.com/cve/CVE-2025-4673.html", + "https://linux.oracle.com/errata/ELSA-2025-10677.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", + "https://pkg.go.dev/vuln/GO-2025-3751", + "https://ubuntu.com/security/notices/USN-7574-1", + "https://www.cve.org/CVERecord?id=CVE-2025-4673" + ], + "PublishedDate": "2025-06-11T17:15:42.993Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-47906", + "VendorIDs": [ + "GO-2025-3956" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b6b9cffca5ca6b70aa069b499d70ec5dc0016af850fafa9c251f5e30aa821cde", + "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", + "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:22005", + "https://access.redhat.com/security/cve/CVE-2025-47906", + "https://bugzilla.redhat.com/2396546", + "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", + "https://errata.almalinux.org/9/ALSA-2025-22005.html", + "https://errata.rockylinux.org/RLSA-2025:22005", + "https://go.dev/cl/691775", + "https://go.dev/issue/74466", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47906.html", + "https://linux.oracle.com/errata/ELSA-2025-22668.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", + "https://pkg.go.dev/vuln/GO-2025-3956", + "https://www.cve.org/CVERecord?id=CVE-2025-47906" + ], + "PublishedDate": "2025-09-18T19:15:37.66Z", + "LastModifiedDate": "2026-01-27T19:56:17.707Z" + }, + { + "VulnerabilityID": "CVE-2025-47907", + "VendorIDs": [ + "GO-2025-3849" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.23.12, 1.24.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:957b47b92caea30c5a20bdae1971ba3422ff6ac65690704d2028bbb4e6d93226", + "Title": "database/sql: Postgres Scan Race Condition", + "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-362" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "bitnami": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "V3Score": 7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/08/06/1", + "https://access.redhat.com/errata/RHSA-2025:20909", + "https://access.redhat.com/security/cve/CVE-2025-47907", + "https://bugzilla.redhat.com/2387083", + "https://bugzilla.redhat.com/2393152", + "https://errata.almalinux.org/9/ALSA-2025-20909.html", + "https://go.dev/cl/693735", + "https://go.dev/issue/74831", + "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", + "https://linux.oracle.com/cve/CVE-2025-47907.html", + "https://linux.oracle.com/errata/ELSA-2025-20983.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", + "https://pkg.go.dev/vuln/GO-2025-3849", + "https://www.cve.org/CVERecord?id=CVE-2025-47907" + ], + "PublishedDate": "2025-08-07T16:15:30.357Z", + "LastModifiedDate": "2026-01-29T19:11:50.67Z" + }, + { + "VulnerabilityID": "CVE-2025-47912", + "VendorIDs": [ + "GO-2025-4010" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:5b7e31ce6654356bf991da6242ee5224ce9c8a1a25d0d398073b697d0d4553e1", + "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", + "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-47912", + "https://go.dev/cl/709857", + "https://go.dev/issue/75678", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", + "https://pkg.go.dev/vuln/GO-2025-4010", + "https://www.cve.org/CVERecord?id=CVE-2025-47912" + ], + "PublishedDate": "2025-10-29T23:16:18.187Z", + "LastModifiedDate": "2026-01-29T13:57:18.69Z" + }, + { + "VulnerabilityID": "CVE-2025-58183", + "VendorIDs": [ + "GO-2025-4014" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:26f3683659b6d23b903513bc38fd9dc0ab5a97b9dd3939b562adbf8710a7d6db", + "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", + "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", + "Severity": "MEDIUM", + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 2, + "bitnami": 2, + "cbl-mariner": 2, + "oracle-oval": 2, + "photon": 2, + "redhat": 2, + "rocky": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/errata/RHSA-2026:1381", + "https://access.redhat.com/security/cve/CVE-2025-58183", + "https://bugzilla.redhat.com/2407258", + "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", + "https://errata.almalinux.org/9/ALSA-2026-1381.html", + "https://errata.rockylinux.org/RLSA-2025:23326", + "https://go.dev/cl/709861", + "https://go.dev/issue/75677", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://linux.oracle.com/cve/CVE-2025-58183.html", + "https://linux.oracle.com/errata/ELSA-2026-50076.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", + "https://pkg.go.dev/vuln/GO-2025-4014", + "https://www.cve.org/CVERecord?id=CVE-2025-58183" + ], + "PublishedDate": "2025-10-29T23:16:19.357Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-58185", + "VendorIDs": [ + "GO-2025-4011" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3add98952fa224b80d4c1ffd250f0cfb77aeae99616bae59493f069cbdd020ce", + "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", + "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58185", + "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", + "https://go.dev/cl/709856", + "https://go.dev/issue/75671", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", + "https://pkg.go.dev/vuln/GO-2025-4011", + "https://www.cve.org/CVERecord?id=CVE-2025-58185" + ], + "PublishedDate": "2025-10-29T23:16:19.45Z", + "LastModifiedDate": "2026-02-06T20:26:41.997Z" + }, + { + "VulnerabilityID": "CVE-2025-58187", + "VendorIDs": [ + "GO-2025-4007" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.9, 1.25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6221e937d05c2864bd6bb2dc3c53115f97d81ebf8fd9f342d00438ab8f27f258", + "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", + "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-407" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58187", + "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", + "https://go.dev/cl/709854", + "https://go.dev/issue/75681", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", + "https://pkg.go.dev/vuln/GO-2025-4007", + "https://www.cve.org/CVERecord?id=CVE-2025-58187" + ], + "PublishedDate": "2025-10-29T23:16:19.643Z", + "LastModifiedDate": "2026-01-29T16:02:27.08Z" + }, + { + "VulnerabilityID": "CVE-2025-58188", + "VendorIDs": [ + "GO-2025-4013" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:cfa57f3e05f6437ce97204f89f35befd9420b14d939a7e7a33aa08f2f38c7843", + "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", + "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58188", + "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", + "https://go.dev/cl/709853", + "https://go.dev/issue/75675", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", + "https://pkg.go.dev/vuln/GO-2025-4013", + "https://www.cve.org/CVERecord?id=CVE-2025-58188" + ], + "PublishedDate": "2025-10-29T23:16:19.74Z", + "LastModifiedDate": "2026-01-29T15:55:11.97Z" + }, + { + "VulnerabilityID": "CVE-2025-58189", + "VendorIDs": [ + "GO-2025-4008" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a6aafc1960afa4f843f8b57d755727989eeb2ba3aada897b6e63108626261904", + "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", + "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-532" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-58189", + "https://go.dev/cl/707776", + "https://go.dev/issue/75652", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", + "https://pkg.go.dev/vuln/GO-2025-4008", + "https://www.cve.org/CVERecord?id=CVE-2025-58189" + ], + "PublishedDate": "2025-10-29T23:16:19.833Z", + "LastModifiedDate": "2026-01-29T15:49:24.543Z" + }, + { + "VulnerabilityID": "CVE-2025-61723", + "VendorIDs": [ + "GO-2025-4009" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:98e262117166ca75d1f59d8c39642fd9a1fcc8ad8681dcd47afcd9f2533cee80", + "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", + "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61723", + "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", + "https://go.dev/cl/709858", + "https://go.dev/issue/75676", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", + "https://pkg.go.dev/vuln/GO-2025-4009", + "https://www.cve.org/CVERecord?id=CVE-2025-61723" + ], + "PublishedDate": "2025-10-29T23:16:19.927Z", + "LastModifiedDate": "2026-01-29T15:49:05.343Z" + }, + { + "VulnerabilityID": "CVE-2025-61724", + "VendorIDs": [ + "GO-2025-4015" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:453b8fc13857014f95220c866590f031d6cda2b9a180d004b8a938566058c6ea", + "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", + "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61724", + "https://go.dev/cl/709859", + "https://go.dev/issue/75716", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", + "https://pkg.go.dev/vuln/GO-2025-4015", + "https://www.cve.org/CVERecord?id=CVE-2025-61724" + ], + "PublishedDate": "2025-10-29T23:16:20.02Z", + "LastModifiedDate": "2026-01-29T15:30:53.69Z" + }, + { + "VulnerabilityID": "CVE-2025-61725", + "VendorIDs": [ + "GO-2025-4006" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.8, 1.25.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:782057f0693bdb1f7f58d4e421b320da28c5088dae9a0840a6d7fa17ccc99614", + "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", + "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 3, + "bitnami": 3, + "photon": 3, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/10/08/1", + "https://access.redhat.com/security/cve/CVE-2025-61725", + "https://go.dev/cl/709860", + "https://go.dev/issue/75680", + "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", + "https://pkg.go.dev/vuln/GO-2025-4006", + "https://www.cve.org/CVERecord?id=CVE-2025-61725" + ], + "PublishedDate": "2025-10-29T23:16:20.113Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2025-61727", + "VendorIDs": [ + "GO-2025-4175" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.11, 1.25.5", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:6206511f6f1d73f83577debfce16ccdced127090afff50954041e3f5616bff26", + "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", + "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-295" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61727", + "https://go.dev/cl/723900", + "https://go.dev/issue/76442", + "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", + "https://pkg.go.dev/vuln/GO-2025-4175", + "https://www.cve.org/CVERecord?id=CVE-2025-61727" + ], + "PublishedDate": "2025-12-03T20:16:25.607Z", + "LastModifiedDate": "2025-12-18T20:15:10.957Z" + }, + { + "VulnerabilityID": "CVE-2025-61728", + "VendorIDs": [ + "GO-2026-4342" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:f569d53f380a167acff9df4a5d1d5c587802f29bd5c998987e6585930beb9821", + "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", + "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 2, + "azure": 2, + "bitnami": 2, + "oracle-oval": 3, + "photon": 2, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/15/4", + "https://access.redhat.com/errata/RHSA-2026:3753", + "https://access.redhat.com/security/cve/CVE-2025-61728", + "https://bugzilla.redhat.com/2418462", + "https://bugzilla.redhat.com/2434431", + "https://bugzilla.redhat.com/2434432", + "https://bugzilla.redhat.com/2437111", + "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", + "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", + "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", + "https://errata.almalinux.org/9/ALSA-2026-3753.html", + "https://errata.rockylinux.org/RLSA-2026:3337", + "https://go.dev/cl/736713", + "https://go.dev/issue/77102", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://linux.oracle.com/cve/CVE-2025-61728.html", + "https://linux.oracle.com/errata/ELSA-2026-4672.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", + "https://pkg.go.dev/vuln/GO-2026-4342", + "https://www.cve.org/CVERecord?id=CVE-2025-61728" + ], + "PublishedDate": "2026-01-28T20:16:09.83Z", + "LastModifiedDate": "2026-02-06T18:45:10.42Z" + }, + { + "VulnerabilityID": "CVE-2025-61730", + "VendorIDs": [ + "GO-2026-4340" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.24.12, 1.25.6", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:df66b0e3389c82664171428c2ce2831fcd713c21fc1810965397bcd924335c57", + "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", + "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 1, + "bitnami": 2, + "cbl-mariner": 1, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-61730", + "https://go.dev/cl/724120", + "https://go.dev/issue/76443", + "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", + "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", + "https://pkg.go.dev/vuln/GO-2026-4340", + "https://www.cve.org/CVERecord?id=CVE-2025-61730" + ], + "PublishedDate": "2026-01-28T20:16:09.94Z", + "LastModifiedDate": "2026-02-03T20:36:41.3Z" + }, + { + "VulnerabilityID": "CVE-2026-27142", + "VendorIDs": [ + "GO-2026-4603" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.8, 1.26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:eb28418183119f561a5fae648c1de99f9d6d598420efb1ec2c63b40c76a227d3", + "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", + "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-27142", + "https://go.dev/cl/752081", + "https://go.dev/issue/77954", + "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", + "https://pkg.go.dev/vuln/GO-2026-4603", + "https://www.cve.org/CVERecord?id=CVE-2026-27142" + ], + "PublishedDate": "2026-03-06T22:16:01.177Z", + "LastModifiedDate": "2026-04-21T14:30:01.38Z" + }, + { + "VulnerabilityID": "CVE-2026-32282", + "VendorIDs": [ + "GO-2026-4864" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:55201a898329dd656fd5d526225d23defc384bc9307d6cfd068c633580e0b268", + "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", + "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-59" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "oracle-oval": 3, + "redhat": 2, + "rocky": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 6.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:14200", + "https://access.redhat.com/security/cve/CVE-2026-32282", + "https://bugzilla.redhat.com/2456336", + "https://bugzilla.redhat.com/2456338", + "https://bugzilla.redhat.com/2456339", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", + "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", + "https://errata.almalinux.org/9/ALSA-2026-14200.html", + "https://errata.rockylinux.org/RLSA-2026:14200", + "https://go.dev/cl/763761", + "https://go.dev/issue/78293", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://linux.oracle.com/cve/CVE-2026-32282.html", + "https://linux.oracle.com/errata/ELSA-2026-17075.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", + "https://pkg.go.dev/vuln/GO-2026-4864", + "https://www.cve.org/CVERecord?id=CVE-2026-32282" + ], + "PublishedDate": "2026-04-08T02:16:03.467Z", + "LastModifiedDate": "2026-04-16T19:15:39.4Z" + }, + { + "VulnerabilityID": "CVE-2026-32288", + "VendorIDs": [ + "GO-2026-4869" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:4fa1d5931d64ffaddeed4f274e3f068e14995dacc9b068fcad5fad9111027105", + "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", + "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "V3Score": 4.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32288", + "https://go.dev/cl/763766", + "https://go.dev/issue/78301", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", + "https://pkg.go.dev/vuln/GO-2026-4869", + "https://www.cve.org/CVERecord?id=CVE-2026-32288" + ], + "PublishedDate": "2026-04-08T02:16:03.707Z", + "LastModifiedDate": "2026-04-16T19:08:52.24Z" + }, + { + "VulnerabilityID": "CVE-2026-32289", + "VendorIDs": [ + "GO-2026-4865" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.9, 1.26.2", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:efb28f6d50e07a11dd5317d05b1cd20e89dae69c2c3cf92f0224fdb98f31376f", + "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", + "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "amazon": 3, + "bitnami": 2, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "V3Score": 5.4 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-32289", + "https://go.dev/cl/763762", + "https://go.dev/issue/78331", + "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", + "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", + "https://pkg.go.dev/vuln/GO-2026-4865", + "https://www.cve.org/CVERecord?id=CVE-2026-32289" + ], + "PublishedDate": "2026-04-08T02:16:03.82Z", + "LastModifiedDate": "2026-04-16T19:06:57.367Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8e00e230f2f471bb84731e0ea4b1556a339e803e368a38083a1971836cc98139", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b13b028b908425e894c7173419e77012837f72a2b5e068ed0682d6cdafeffef4", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.19.4", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.19.4", + "UID": "7f0176a350289a2f" + }, + "InstalledVersion": "v1.19.4", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", + "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:15640cacc7629040cea94faba3388e2db9327f78d2ed2b9b76a31b4907003594", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + } + ] + }, + { + "Namespace": "trivy", + "Kind": "CronJob", + "Name": "trivy-scan", + "Metadata": [ + { + "Size": 182796800, + "OS": { + "Family": "alpine", + "Name": "3.23.3" + }, + "ImageID": "sha256:c0a2b004a57047aff2bc7a8b87d693d368ba40cd10ef9bb1213345f043f416dd", + "DiffIDs": [ + "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e", + "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361", + "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463", + "sha256:8e24578a3bf2345b8b54eacb75014598922c3f50f6dbc12b5081bec827dcc945" + ], + "RepoTags": [ + "aquasec/trivy:latest" + ], + "RepoDigests": [ + "aquasec/trivy@sha256:be1190afcb28352bfddc4ddeb71470835d16462af68d310f9f4bca710961a41e" + ], + "Reference": "aquasec/trivy:latest", + "ImageConfig": { + "architecture": "amd64", + "created": "2026-04-17T06:46:17.848848818Z", + "history": [ + { + "created": "2026-01-28T01:18:04.977843834Z", + "created_by": "ADD alpine-minirootfs-3.23.3-x86_64.tar.gz / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-01-28T01:18:04.977843834Z", + "created_by": "CMD [\"/bin/sh\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2026-04-17T06:46:17.378600453Z", + "created_by": "RUN /bin/sh -c apk --no-cache add ca-certificates git # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-04-17T06:46:17.826497912Z", + "created_by": "COPY trivy /usr/local/bin/trivy # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-04-17T06:46:17.848848818Z", + "created_by": "COPY contrib/*.tpl contrib/ # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2026-04-17T06:46:17.848848818Z", + "created_by": "ENTRYPOINT [\"trivy\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e", + "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361", + "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463", + "sha256:8e24578a3bf2345b8b54eacb75014598922c3f50f6dbc12b5081bec827dcc945" + ] + }, + "config": { + "Entrypoint": [ + "trivy" + ], + "Env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ], + "Labels": { + "org.opencontainers.image.created": "2026-04-17T06:10:29Z", + "org.opencontainers.image.description": "A Fast Vulnerability Scanner for Containers", + "org.opencontainers.image.documentation": "https://trivy.dev/v0.70.0/", + "org.opencontainers.image.revision": "8a3177aedf7ee0864920eb1852eef031cd3742b8", + "org.opencontainers.image.source": "https://github.com/aquasecurity/trivy", + "org.opencontainers.image.title": "trivy", + "org.opencontainers.image.url": "https://www.aquasec.com/products/trivy/", + "org.opencontainers.image.vendor": "Aqua Security", + "org.opencontainers.image.version": "0.70.0" + }, + "WorkingDir": "/" + } + }, + "Layers": [ + { + "Size": 8724480, + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + { + "Size": 13867520, + "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", + "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" + }, + { + "Size": 160177664, + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + { + "Size": 27136, + "Digest": "sha256:fcdcff3e8f067b4d09db51a0b1046ef56e923461ba34c19eae8650f8ebeafa09", + "DiffID": "sha256:8e24578a3bf2345b8b54eacb75014598922c3f50f6dbc12b5081bec827dcc945" + } + ] + } + ], + "Results": [ + { + "Target": "aquasec/trivy:latest (alpine 3.23.3)", + "Class": "os-pkgs", + "Type": "alpine", + "Packages": [ + { + "ID": "alpine-baselayout@3.7.1-r8", + "Name": "alpine-baselayout", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout@3.7.1-r8?arch=x86_64\u0026distro=3.23.3", + "UID": "dc092fc47b5d9e05" + }, + "Version": "3.7.1-r8", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.7.1-r8", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-baselayout-data@3.7.1-r8", + "busybox-binsh@1.37.0-r30" + ], + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "Digest": "sha1:9a137c3c8e738bcabac13326c9fc5472fa58aaf4", + "InstalledFiles": [ + "etc/motd", + "etc/crontabs/root", + "etc/modprobe.d/aliases.conf", + "etc/modprobe.d/blacklist.conf", + "etc/modprobe.d/i386.conf", + "etc/profile.d/20locale.sh", + "etc/profile.d/README", + "etc/profile.d/color_prompt.sh.disabled", + "usr/lib/sysctl.d/00-alpine.conf", + "var/lock", + "var/run", + "var/spool/mail", + "var/spool/cron/crontabs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-baselayout-data@3.7.1-r8", + "Name": "alpine-baselayout-data", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.7.1-r8?arch=x86_64\u0026distro=3.23.3", + "UID": "6542463feabe92df" + }, + "Version": "3.7.1-r8", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.7.1-r8", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "Digest": "sha1:9a60b0edb4559ab279cf004b7e685cfd78dd0c15", + "InstalledFiles": [ + "etc/fstab", + "etc/group", + "etc/hostname", + "etc/hosts", + "etc/inittab", + "etc/modules", + "etc/mtab", + "etc/nsswitch.conf", + "etc/passwd", + "etc/profile", + "etc/protocols", + "etc/services", + "etc/shadow", + "etc/shells", + "etc/sysctl.conf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-keys@2.6-r0", + "Name": "alpine-keys", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-keys@2.6-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "2c7cb90de388aa7d" + }, + "Version": "2.6-r0", + "Arch": "x86_64", + "SrcName": "alpine-keys", + "SrcVersion": "2.6-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "Digest": "sha1:5c45a821cd6b84d543bbd7ff12a7de1855c5cd13", + "InstalledFiles": [ + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/loongarch64/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", + "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-release@3.23.3-r0", + "Name": "alpine-release", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-release@3.23.3-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "4820d6f0afb6a834" + }, + "Version": "3.23.3-r0", + "Arch": "x86_64", + "SrcName": "alpine-base", + "SrcVersion": "3.23.3-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-keys@2.6-r0" + ], + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "Digest": "sha1:e71144a1a35c4844507cd1a3281a7189049f3522", + "InstalledFiles": [ + "etc/alpine-release", + "etc/issue", + "etc/os-release", + "etc/secfixes.d/alpine", + "usr/lib/os-release" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "apk-tools@3.0.3-r1", + "Name": "apk-tools", + "Identifier": { + "PURL": "pkg:apk/alpine/apk-tools@3.0.3-r1?arch=x86_64\u0026distro=3.23.3", + "UID": "135e6dc8dcafde4f" + }, + "Version": "3.0.3-r1", + "Arch": "x86_64", + "SrcName": "apk-tools", + "SrcVersion": "3.0.3-r1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "ca-certificates-bundle@20251003-r0", + "libapk@3.0.3-r1", + "libcrypto3@3.5.5-r0", + "musl@1.2.5-r21", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "Digest": "sha1:b2f877e6c9fb945c185cf36ed546064b8b374245", + "InstalledFiles": [ + "sbin/apk" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "brotli-libs@1.2.0-r0", + "Name": "brotli-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/brotli-libs@1.2.0-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "18708ffc8b6c1544" + }, + "Version": "1.2.0-r0", + "Arch": "x86_64", + "SrcName": "brotli", + "SrcVersion": "1.2.0-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "prspkt \u003cprspkt@protonmail.com\u003e", + "DependsOn": [ + "musl@1.2.5-r21" + ], + "Layer": { + "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", + "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" + }, + "Digest": "sha1:0814694602f35d2741e916fdcb4c9a1e0ec50b42", + "InstalledFiles": [ + "usr/lib/libbrotlicommon.so.1", + "usr/lib/libbrotlicommon.so.1.2.0", + "usr/lib/libbrotlidec.so.1", + "usr/lib/libbrotlidec.so.1.2.0", + "usr/lib/libbrotlienc.so.1", + "usr/lib/libbrotlienc.so.1.2.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox@1.37.0-r30", + "Name": "busybox", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox@1.37.0-r30?arch=x86_64\u0026distro=3.23.3", + "UID": "1701a73d4be0e35a" + }, + "Version": "1.37.0-r30", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r30", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "musl@1.2.5-r21" + ], + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "Digest": "sha1:f1347801bb96b1aa40d17f82237c3f4ff02a4725", + "InstalledFiles": [ + "bin/busybox", + "etc/securetty", + "etc/busybox-paths.d/busybox", + "etc/logrotate.d/acpid", + "etc/network/if-up.d/dad", + "etc/udhcpc/udhcpc.conf", + "usr/share/udhcpc/default.script" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox-binsh@1.37.0-r30", + "Name": "busybox-binsh", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r30?arch=x86_64\u0026distro=3.23.3", + "UID": "3e18d05d46a6f46f" + }, + "Version": "1.37.0-r30", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r30", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "busybox@1.37.0-r30" + ], + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "Digest": "sha1:188d2d0110afa58e8a3e3e5fd424b2d996df7a09", + "InstalledFiles": [ + "bin/sh" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "c-ares@1.34.6-r0", + "Name": "c-ares", + "Identifier": { + "PURL": "pkg:apk/alpine/c-ares@1.34.6-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "2fc69dd6afab16ae" + }, + "Version": "1.34.6-r0", + "Arch": "x86_64", + "SrcName": "c-ares", + "SrcVersion": "1.34.6-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r21" + ], + "Layer": { + "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", + "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" + }, + "Digest": "sha1:e3bb3ff47a277ff9409b8c4bb825099cfe2bcbe2", + "InstalledFiles": [ + "usr/lib/libcares.so.2", + "usr/lib/libcares.so.2.19.5" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates@20260413-r0", + "Name": "ca-certificates", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates@20260413-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "48d5a874bbec291a" + }, + "Version": "20260413-r0", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20260413-r0", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r30", + "libcrypto3@3.5.5-r0", + "musl@1.2.5-r21" + ], + "Layer": { + "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", + "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" + }, + "Digest": "sha1:af25e0f0a0412b141942909ed199144cc46f5bbc", + "InstalledFiles": [ + "etc/ca-certificates.conf", + "etc/apk/protected_paths.d/ca-certificates.list", + "etc/ca-certificates/update.d/certhash", + "usr/bin/c_rehash", + "usr/sbin/update-ca-certificates", + "usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", + "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", + "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", + "usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", + "usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", + "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", + "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", + "usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", + "usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", + "usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", + "usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", + "usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", + "usr/share/ca-certificates/mozilla/Certigna.crt", + "usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_2_2023.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_2_2023.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", + "usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", + "usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", + "usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", + "usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", + "usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", + "usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", + "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", + "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", + "usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", + "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", + "usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", + "usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/Izenpe.com.crt", + "usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", + "usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", + "usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", + "usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", + "usr/share/ca-certificates/mozilla/OISTE_Server_Root_ECC_G1.crt", + "usr/share/ca-certificates/mozilla/OISTE_Server_Root_RSA_G1.crt", + "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", + "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", + "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", + "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", + "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", + "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", + "usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", + "usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", + "usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", + "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", + "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", + "usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", + "usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", + "usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", + "usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", + "usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", + "usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", + "usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", + "usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", + "usr/share/ca-certificates/mozilla/SwissSign_RSA_TLS_Root_CA_2022_-_1.crt", + "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", + "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", + "usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", + "usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", + "usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", + "usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", + "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", + "usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", + "usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_TLS_ECC_Root_CA.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_TLS_RSA_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", + "usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", + "usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", + "usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", + "usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", + "usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", + "usr/share/ca-certificates/mozilla/e-Szigno_TLS_Root_CA_2023.crt", + "usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", + "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", + "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", + "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", + "usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", + "usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates-bundle@20251003-r0", + "Name": "ca-certificates-bundle", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates-bundle@20251003-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "f667a2210d1d97c1" + }, + "Version": "20251003-r0", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20251003-r0", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "Digest": "sha1:63ebe72ba79f548b6cdc8a9894e16a90d80f42b0", + "InstalledFiles": [ + "etc/ssl/cert.pem", + "etc/ssl/certs/ca-certificates.crt", + "etc/ssl1.1/cert.pem", + "etc/ssl1.1/certs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "git@2.52.0-r0", + "Name": "git", + "Identifier": { + "PURL": "pkg:apk/alpine/git@2.52.0-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "10d9be57a3f499b0" + }, + "Version": "2.52.0-r0", + "Arch": "x86_64", + "SrcName": "git", + "SrcVersion": "2.52.0-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcurl@8.17.0-r1", + "libexpat@2.7.5-r0", + "musl@1.2.5-r21", + "pcre2@10.47-r0", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", + "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" + }, + "Digest": "sha1:bd0b28f91894dc75880a22468445a2d084beb009", + "InstalledFiles": [ + "usr/bin/git", + "usr/bin/git-receive-pack", + "usr/bin/git-shell", + "usr/bin/git-upload-archive", + "usr/bin/git-upload-pack", + "usr/libexec/git-core/git", + "usr/libexec/git-core/git-add", + "usr/libexec/git-core/git-am", + "usr/libexec/git-core/git-annotate", + "usr/libexec/git-core/git-apply", + "usr/libexec/git-core/git-archive", + "usr/libexec/git-core/git-backfill", + "usr/libexec/git-core/git-bisect", + "usr/libexec/git-core/git-blame", + "usr/libexec/git-core/git-branch", + "usr/libexec/git-core/git-bugreport", + "usr/libexec/git-core/git-bundle", + "usr/libexec/git-core/git-cat-file", + "usr/libexec/git-core/git-check-attr", + "usr/libexec/git-core/git-check-ignore", + "usr/libexec/git-core/git-check-mailmap", + "usr/libexec/git-core/git-check-ref-format", + "usr/libexec/git-core/git-checkout", + "usr/libexec/git-core/git-checkout--worker", + "usr/libexec/git-core/git-checkout-index", + "usr/libexec/git-core/git-cherry", + "usr/libexec/git-core/git-cherry-pick", + "usr/libexec/git-core/git-clean", + "usr/libexec/git-core/git-clone", + "usr/libexec/git-core/git-column", + "usr/libexec/git-core/git-commit", + "usr/libexec/git-core/git-commit-graph", + "usr/libexec/git-core/git-commit-tree", + "usr/libexec/git-core/git-config", + "usr/libexec/git-core/git-count-objects", + "usr/libexec/git-core/git-credential", + "usr/libexec/git-core/git-credential-cache", + "usr/libexec/git-core/git-credential-cache--daemon", + "usr/libexec/git-core/git-credential-store", + "usr/libexec/git-core/git-describe", + "usr/libexec/git-core/git-diagnose", + "usr/libexec/git-core/git-diff", + "usr/libexec/git-core/git-diff-files", + "usr/libexec/git-core/git-diff-index", + "usr/libexec/git-core/git-diff-pairs", + "usr/libexec/git-core/git-diff-tree", + "usr/libexec/git-core/git-difftool", + "usr/libexec/git-core/git-difftool--helper", + "usr/libexec/git-core/git-fast-export", + "usr/libexec/git-core/git-fetch", + "usr/libexec/git-core/git-fetch-pack", + "usr/libexec/git-core/git-filter-branch", + "usr/libexec/git-core/git-fmt-merge-msg", + "usr/libexec/git-core/git-for-each-ref", + "usr/libexec/git-core/git-for-each-repo", + "usr/libexec/git-core/git-format-patch", + "usr/libexec/git-core/git-fsck", + "usr/libexec/git-core/git-fsck-objects", + "usr/libexec/git-core/git-fsmonitor--daemon", + "usr/libexec/git-core/git-gc", + "usr/libexec/git-core/git-get-tar-commit-id", + "usr/libexec/git-core/git-grep", + "usr/libexec/git-core/git-gui--askyesno", + "usr/libexec/git-core/git-hash-object", + "usr/libexec/git-core/git-help", + "usr/libexec/git-core/git-hook", + "usr/libexec/git-core/git-http-fetch", + "usr/libexec/git-core/git-http-push", + "usr/libexec/git-core/git-index-pack", + "usr/libexec/git-core/git-init", + "usr/libexec/git-core/git-init-db", + "usr/libexec/git-core/git-interpret-trailers", + "usr/libexec/git-core/git-last-modified", + "usr/libexec/git-core/git-log", + "usr/libexec/git-core/git-ls-files", + "usr/libexec/git-core/git-ls-remote", + "usr/libexec/git-core/git-ls-tree", + "usr/libexec/git-core/git-mailinfo", + "usr/libexec/git-core/git-mailsplit", + "usr/libexec/git-core/git-maintenance", + "usr/libexec/git-core/git-merge", + "usr/libexec/git-core/git-merge-base", + "usr/libexec/git-core/git-merge-file", + "usr/libexec/git-core/git-merge-index", + "usr/libexec/git-core/git-merge-octopus", + "usr/libexec/git-core/git-merge-one-file", + "usr/libexec/git-core/git-merge-ours", + "usr/libexec/git-core/git-merge-recursive", + "usr/libexec/git-core/git-merge-resolve", + "usr/libexec/git-core/git-merge-subtree", + "usr/libexec/git-core/git-merge-tree", + "usr/libexec/git-core/git-mergetool", + "usr/libexec/git-core/git-mergetool--lib", + "usr/libexec/git-core/git-mktag", + "usr/libexec/git-core/git-mktree", + "usr/libexec/git-core/git-multi-pack-index", + "usr/libexec/git-core/git-mv", + "usr/libexec/git-core/git-name-rev", + "usr/libexec/git-core/git-notes", + "usr/libexec/git-core/git-pack-objects", + "usr/libexec/git-core/git-pack-redundant", + "usr/libexec/git-core/git-pack-refs", + "usr/libexec/git-core/git-patch-id", + "usr/libexec/git-core/git-prune", + "usr/libexec/git-core/git-prune-packed", + "usr/libexec/git-core/git-pull", + "usr/libexec/git-core/git-push", + "usr/libexec/git-core/git-quiltimport", + "usr/libexec/git-core/git-range-diff", + "usr/libexec/git-core/git-read-tree", + "usr/libexec/git-core/git-rebase", + "usr/libexec/git-core/git-receive-pack", + "usr/libexec/git-core/git-reflog", + "usr/libexec/git-core/git-refs", + "usr/libexec/git-core/git-remote", + "usr/libexec/git-core/git-remote-ext", + "usr/libexec/git-core/git-remote-fd", + "usr/libexec/git-core/git-remote-ftp", + "usr/libexec/git-core/git-remote-ftps", + "usr/libexec/git-core/git-remote-http", + "usr/libexec/git-core/git-remote-https", + "usr/libexec/git-core/git-repack", + "usr/libexec/git-core/git-replace", + "usr/libexec/git-core/git-replay", + "usr/libexec/git-core/git-repo", + "usr/libexec/git-core/git-request-pull", + "usr/libexec/git-core/git-rerere", + "usr/libexec/git-core/git-reset", + "usr/libexec/git-core/git-restore", + "usr/libexec/git-core/git-rev-list", + "usr/libexec/git-core/git-rev-parse", + "usr/libexec/git-core/git-revert", + "usr/libexec/git-core/git-rm", + "usr/libexec/git-core/git-send-pack", + "usr/libexec/git-core/git-sh-i18n", + "usr/libexec/git-core/git-sh-i18n--envsubst", + "usr/libexec/git-core/git-sh-setup", + "usr/libexec/git-core/git-shortlog", + "usr/libexec/git-core/git-show", + "usr/libexec/git-core/git-show-branch", + "usr/libexec/git-core/git-show-index", + "usr/libexec/git-core/git-show-ref", + "usr/libexec/git-core/git-sparse-checkout", + "usr/libexec/git-core/git-stage", + "usr/libexec/git-core/git-stash", + "usr/libexec/git-core/git-status", + "usr/libexec/git-core/git-stripspace", + "usr/libexec/git-core/git-submodule", + "usr/libexec/git-core/git-submodule--helper", + "usr/libexec/git-core/git-switch", + "usr/libexec/git-core/git-symbolic-ref", + "usr/libexec/git-core/git-tag", + "usr/libexec/git-core/git-unpack-file", + "usr/libexec/git-core/git-unpack-objects", + "usr/libexec/git-core/git-update-index", + "usr/libexec/git-core/git-update-ref", + "usr/libexec/git-core/git-update-server-info", + "usr/libexec/git-core/git-upload-archive", + "usr/libexec/git-core/git-upload-pack", + "usr/libexec/git-core/git-var", + "usr/libexec/git-core/git-verify-commit", + "usr/libexec/git-core/git-verify-pack", + "usr/libexec/git-core/git-verify-tag", + "usr/libexec/git-core/git-version", + "usr/libexec/git-core/git-web--browse", + "usr/libexec/git-core/git-whatchanged", + "usr/libexec/git-core/git-worktree", + "usr/libexec/git-core/git-write-tree", + "usr/libexec/git-core/mergetools/araxis", + "usr/libexec/git-core/mergetools/bc", + "usr/libexec/git-core/mergetools/codecompare", + "usr/libexec/git-core/mergetools/deltawalker", + "usr/libexec/git-core/mergetools/diffmerge", + "usr/libexec/git-core/mergetools/diffuse", + "usr/libexec/git-core/mergetools/ecmerge", + "usr/libexec/git-core/mergetools/emerge", + "usr/libexec/git-core/mergetools/examdiff", + "usr/libexec/git-core/mergetools/guiffy", + "usr/libexec/git-core/mergetools/gvimdiff", + "usr/libexec/git-core/mergetools/kdiff3", + "usr/libexec/git-core/mergetools/kompare", + "usr/libexec/git-core/mergetools/meld", + "usr/libexec/git-core/mergetools/nvimdiff", + "usr/libexec/git-core/mergetools/opendiff", + "usr/libexec/git-core/mergetools/smerge", + "usr/libexec/git-core/mergetools/tkdiff", + "usr/libexec/git-core/mergetools/tortoisemerge", + "usr/libexec/git-core/mergetools/vimdiff", + "usr/libexec/git-core/mergetools/vscode", + "usr/libexec/git-core/mergetools/winmerge", + "usr/libexec/git-core/mergetools/xxdiff" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "git-init-template@2.52.0-r0", + "Name": "git-init-template", + "Identifier": { + "PURL": "pkg:apk/alpine/git-init-template@2.52.0-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "3266ef12238e4e14" + }, + "Version": "2.52.0-r0", + "Arch": "x86_64", + "SrcName": "git", + "SrcVersion": "2.52.0-r0", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", + "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" + }, + "Digest": "sha1:ff15a67d1f4948618a1022091ae7a1bf399f3665", + "InstalledFiles": [ + "usr/share/git-core/templates/description", + "usr/share/git-core/templates/hooks/applypatch-msg.sample", + "usr/share/git-core/templates/hooks/commit-msg.sample", + "usr/share/git-core/templates/hooks/post-update.sample", + "usr/share/git-core/templates/hooks/pre-applypatch.sample", + "usr/share/git-core/templates/hooks/pre-commit.sample", + "usr/share/git-core/templates/hooks/pre-merge-commit.sample", + "usr/share/git-core/templates/hooks/pre-push.sample", + "usr/share/git-core/templates/hooks/pre-rebase.sample", + "usr/share/git-core/templates/hooks/pre-receive.sample", + "usr/share/git-core/templates/hooks/prepare-commit-msg.sample", + "usr/share/git-core/templates/hooks/push-to-checkout.sample", + "usr/share/git-core/templates/hooks/sendemail-validate.sample", + "usr/share/git-core/templates/hooks/update.sample", + "usr/share/git-core/templates/info/exclude" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libapk@3.0.3-r1", + "Name": "libapk", + "Identifier": { + "PURL": "pkg:apk/alpine/libapk@3.0.3-r1?arch=x86_64\u0026distro=3.23.3", + "UID": "d8a4dac06126e84f" + }, + "Version": "3.0.3-r1", + "Arch": "x86_64", + "SrcName": "apk-tools", + "SrcVersion": "3.0.3-r1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcrypto3@3.5.5-r0", + "libssl3@3.5.5-r0", + "musl@1.2.5-r21", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "Digest": "sha1:17d0c18e379eb411aaa3e07392343a2dd6e098cc", + "InstalledFiles": [ + "usr/lib/libapk.so.3.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcrypto3@3.5.5-r0", + "Name": "libcrypto3", + "Identifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "6778a588f2cebd48" + }, + "Version": "3.5.5-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.5.5-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r21" + ], + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "Digest": "sha1:9ebf6995e814bacff0c04a868b0b27c3e82090f4", + "InstalledFiles": [ + "etc/ssl/ct_log_list.cnf", + "etc/ssl/ct_log_list.cnf.dist", + "etc/ssl/openssl.cnf", + "etc/ssl/openssl.cnf.dist", + "usr/lib/libcrypto.so.3", + "usr/lib/engines-3/afalg.so", + "usr/lib/engines-3/capi.so", + "usr/lib/engines-3/loader_attic.so", + "usr/lib/engines-3/padlock.so", + "usr/lib/ossl-modules/legacy.so" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcurl@8.17.0-r1", + "Name": "libcurl", + "Identifier": { + "PURL": "pkg:apk/alpine/libcurl@8.17.0-r1?arch=x86_64\u0026distro=3.23.3", + "UID": "85c7760f5617ed48" + }, + "Version": "8.17.0-r1", + "Arch": "x86_64", + "SrcName": "curl", + "SrcVersion": "8.17.0-r1", + "Licenses": [ + "curl" + ], + "Maintainer": "Achill Gilgenast \u003cachill@achill.org\u003e", + "DependsOn": [ + "brotli-libs@1.2.0-r0", + "c-ares@1.34.6-r0", + "ca-certificates-bundle@20251003-r0", + "libcrypto3@3.5.5-r0", + "libidn2@2.3.8-r0", + "libpsl@0.21.5-r3", + "libssl3@3.5.5-r0", + "musl@1.2.5-r21", + "nghttp2-libs@1.68.0-r0", + "nghttp3@1.13.1-r0", + "zlib@1.3.1-r2", + "zstd-libs@1.5.7-r2" + ], + "Layer": { + "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", + "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" + }, + "Digest": "sha1:4018e686de80aa87659e95c1e62a3539c1d2542f", + "InstalledFiles": [ + "usr/lib/libcurl.so.4", + "usr/lib/libcurl.so.4.8.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libexpat@2.7.5-r0", + "Name": "libexpat", + "Identifier": { + "PURL": "pkg:apk/alpine/libexpat@2.7.5-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "60ae354914fcce6c" + }, + "Version": "2.7.5-r0", + "Arch": "x86_64", + "SrcName": "expat", + "SrcVersion": "2.7.5-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r21" + ], + "Layer": { + "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", + "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" + }, + "Digest": "sha1:5760d53ddd7cca8a742c672e4e00a475718eacaa", + "InstalledFiles": [ + "usr/lib/libexpat.so.1", + "usr/lib/libexpat.so.1.11.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libidn2@2.3.8-r0", + "Name": "libidn2", + "Identifier": { + "PURL": "pkg:apk/alpine/libidn2@2.3.8-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "e2fcbba2f74d78bf" + }, + "Version": "2.3.8-r0", + "Arch": "x86_64", + "SrcName": "libidn2", + "SrcVersion": "2.3.8-r0", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libunistring@1.4.1-r0", + "musl@1.2.5-r21" + ], + "Layer": { + "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", + "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" + }, + "Digest": "sha1:b8c5bfa365da5c360a01230db4d71e65af94af3d", + "InstalledFiles": [ + "usr/lib/libidn2.so.0", + "usr/lib/libidn2.so.0.4.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libpsl@0.21.5-r3", + "Name": "libpsl", + "Identifier": { + "PURL": "pkg:apk/alpine/libpsl@0.21.5-r3?arch=x86_64\u0026distro=3.23.3", + "UID": "9fb5bd2254e54a0" + }, + "Version": "0.21.5-r3", + "Arch": "x86_64", + "SrcName": "libpsl", + "SrcVersion": "0.21.5-r3", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libidn2@2.3.8-r0", + "libunistring@1.4.1-r0", + "musl@1.2.5-r21" + ], + "Layer": { + "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", + "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" + }, + "Digest": "sha1:b663c00f920a93be49c825555aa1a212e4287393", + "InstalledFiles": [ + "usr/lib/libpsl.so.5", + "usr/lib/libpsl.so.5.3.5" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libssl3@3.5.5-r0", + "Name": "libssl3", + "Identifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "bca2260902e2ef48" + }, + "Version": "3.5.5-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.5.5-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcrypto3@3.5.5-r0", + "musl@1.2.5-r21" + ], + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "Digest": "sha1:12234895b6577cddcbe3450406f357600e8a6951", + "InstalledFiles": [ + "usr/lib/libssl.so.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libunistring@1.4.1-r0", + "Name": "libunistring", + "Identifier": { + "PURL": "pkg:apk/alpine/libunistring@1.4.1-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "4e0ee8fa7d9a5823" + }, + "Version": "1.4.1-r0", + "Arch": "x86_64", + "SrcName": "libunistring", + "SrcVersion": "1.4.1-r0", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r21" + ], + "Layer": { + "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", + "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" + }, + "Digest": "sha1:6e56562bde456bee5971787d3d95c34e84ced797", + "InstalledFiles": [ + "usr/lib/libunistring.so.5", + "usr/lib/libunistring.so.5.2.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl@1.2.5-r21", + "Name": "musl", + "Identifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r21?arch=x86_64\u0026distro=3.23.3", + "UID": "750ab06f52f2bfe9" + }, + "Version": "1.2.5-r21", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.5-r21", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "Digest": "sha1:d05a75ec13e1a7a8bab56ce7cd3dc79bd727e698", + "InstalledFiles": [ + "lib/ld-musl-x86_64.so.1", + "lib/libc.musl-x86_64.so.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl-utils@1.2.5-r21", + "Name": "musl-utils", + "Identifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r21?arch=x86_64\u0026distro=3.23.3", + "UID": "9dadd6d4093981ad" + }, + "Version": "1.2.5-r21", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.5-r21", + "Licenses": [ + "MIT", + "BSD-2-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r21", + "scanelf@1.3.8-r2" + ], + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "Digest": "sha1:daa79528d2cf877f6d656207a818d43c8dea9a30", + "InstalledFiles": [ + "sbin/ldconfig", + "usr/bin/getconf", + "usr/bin/getent", + "usr/bin/iconv", + "usr/bin/ldd" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "nghttp2-libs@1.68.0-r0", + "Name": "nghttp2-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/nghttp2-libs@1.68.0-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "802c936f9e7891b2" + }, + "Version": "1.68.0-r0", + "Arch": "x86_64", + "SrcName": "nghttp2", + "SrcVersion": "1.68.0-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r21" + ], + "Layer": { + "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", + "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" + }, + "Digest": "sha1:584b6a1b0aed58a3f543bfd77729b0d8a8b1745b", + "InstalledFiles": [ + "usr/lib/libnghttp2.so.14", + "usr/lib/libnghttp2.so.14.29.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "nghttp3@1.13.1-r0", + "Name": "nghttp3", + "Identifier": { + "PURL": "pkg:apk/alpine/nghttp3@1.13.1-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "7999d360d1276f40" + }, + "Version": "1.13.1-r0", + "Arch": "x86_64", + "SrcName": "nghttp3", + "SrcVersion": "1.13.1-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", + "DependsOn": [ + "musl@1.2.5-r21" + ], + "Layer": { + "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", + "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" + }, + "Digest": "sha1:e48fcb3e81f7e46a42e3926d8513c83b7798774b", + "InstalledFiles": [ + "usr/lib/libnghttp3.so.9", + "usr/lib/libnghttp3.so.9.5.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "pcre2@10.47-r0", + "Name": "pcre2", + "Identifier": { + "PURL": "pkg:apk/alpine/pcre2@10.47-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "84da847bec967f4e" + }, + "Version": "10.47-r0", + "Arch": "x86_64", + "SrcName": "pcre2", + "SrcVersion": "10.47-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", + "DependsOn": [ + "musl@1.2.5-r21" + ], + "Layer": { + "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", + "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" + }, + "Digest": "sha1:549059958151627bb0f5469bded945988b1bc24b", + "InstalledFiles": [ + "usr/lib/libpcre2-8.so.0", + "usr/lib/libpcre2-8.so.0.15.0", + "usr/lib/libpcre2-posix.so.3", + "usr/lib/libpcre2-posix.so.3.0.7" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "scanelf@1.3.8-r2", + "Name": "scanelf", + "Identifier": { + "PURL": "pkg:apk/alpine/scanelf@1.3.8-r2?arch=x86_64\u0026distro=3.23.3", + "UID": "948b35f6525ae462" + }, + "Version": "1.3.8-r2", + "Arch": "x86_64", + "SrcName": "pax-utils", + "SrcVersion": "1.3.8-r2", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r21" + ], + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "Digest": "sha1:6ea36dd44ef9f6364f0cdfabe09ea15d2fdbe229", + "InstalledFiles": [ + "usr/bin/scanelf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ssl_client@1.37.0-r30", + "Name": "ssl_client", + "Identifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r30?arch=x86_64\u0026distro=3.23.3", + "UID": "260f15056a81cadb" + }, + "Version": "1.37.0-r30", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r30", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "libcrypto3@3.5.5-r0", + "libssl3@3.5.5-r0", + "musl@1.2.5-r21" + ], + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "Digest": "sha1:5b6ec0939cfc9be47d9677a3152c547cc18b5edd", + "InstalledFiles": [ + "usr/bin/ssl_client" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "zlib@1.3.1-r2", + "Name": "zlib", + "Identifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.23.3", + "UID": "792cdc69bc59d880" + }, + "Version": "1.3.1-r2", + "Arch": "x86_64", + "SrcName": "zlib", + "SrcVersion": "1.3.1-r2", + "Licenses": [ + "Zlib" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r21" + ], + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "Digest": "sha1:3e8e8e76dfefb4efd27658ada6d792e66ba2775e", + "InstalledFiles": [ + "usr/lib/libz.so.1", + "usr/lib/libz.so.1.3.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "zstd-libs@1.5.7-r2", + "Name": "zstd-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/zstd-libs@1.5.7-r2?arch=x86_64\u0026distro=3.23.3", + "UID": "8146f1dd71a6e601" + }, + "Version": "1.5.7-r2", + "Arch": "x86_64", + "SrcName": "zstd", + "SrcVersion": "1.5.7-r2", + "Licenses": [ + "BSD-3-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r21" + ], + "Layer": { + "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", + "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" + }, + "Digest": "sha1:d507b8ac3c4335a40405ac20e49bac9d43642be6", + "InstalledFiles": [ + "usr/lib/libzstd.so.1", + "usr/lib/libzstd.so.1.5.7" + ], + "AnalyzedBy": "apk" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2026-31789", + "PkgID": "libcrypto3@3.5.5-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "6778a588f2cebd48" + }, + "InstalledVersion": "3.5.5-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:efa3ef64336fffb0fcb789c0f6d347b122302023cf686d68f62f775a5f9dda83", + "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", + "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "nvd": 4, + "photon": 4, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 5.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31789", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-j79m-9jxq-788r", + "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", + "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", + "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", + "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", + "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31789", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.617Z", + "LastModifiedDate": "2026-05-12T13:17:34.57Z" + }, + { + "VulnerabilityID": "CVE-2026-28387", + "PkgID": "libcrypto3@3.5.5-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "6778a588f2cebd48" + }, + "InstalledVersion": "3.5.5-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:808873f705a62e9e892cb67453c7adf6abd85475d65a56bee74d01cdea665f38", + "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", + "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28387", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", + "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", + "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", + "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", + "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28387", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.7Z", + "LastModifiedDate": "2026-05-12T13:17:33.27Z" + }, + { + "VulnerabilityID": "CVE-2026-28388", + "PkgID": "libcrypto3@3.5.5-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "6778a588f2cebd48" + }, + "InstalledVersion": "3.5.5-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:55d5ee4148b21f462fa3d76250089f2207c1e01c638e5a3d0bbd846e51f23100", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", + "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28388", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", + "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", + "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", + "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", + "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28388", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.863Z", + "LastModifiedDate": "2026-05-12T13:17:33.453Z" + }, + { + "VulnerabilityID": "CVE-2026-28389", + "PkgID": "libcrypto3@3.5.5-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "6778a588f2cebd48" + }, + "InstalledVersion": "3.5.5-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:a6c5131c65f1f8d4c30af1e141abf1a7fdc7a868b849228fa5979f5cb3137e27", + "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28389", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/advisories/GHSA-7x88-9hgc-69gf", + "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", + "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", + "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", + "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", + "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28389", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.03Z", + "LastModifiedDate": "2026-05-12T13:17:33.637Z" + }, + { + "VulnerabilityID": "CVE-2026-28390", + "PkgID": "libcrypto3@3.5.5-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "6778a588f2cebd48" + }, + "InstalledVersion": "3.5.5-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:12800cb78f6499baee4d6edf1076df5790b07bad532b526c0badc415fd8f7311", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28390", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", + "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", + "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", + "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", + "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28390", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.19Z", + "LastModifiedDate": "2026-05-12T13:17:33.81Z" + }, + { + "VulnerabilityID": "CVE-2026-2673", + "PkgID": "libcrypto3@3.5.5-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "6778a588f2cebd48" + }, + "InstalledVersion": "3.5.5-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2673", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:2b5e63401b26bbba233754bac4181283679ad576d70f4432016343d409de6901", + "Title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group", + "Description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-757" + ], + "VendorSeverity": { + "amazon": 1, + "julia": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/13/3", + "https://access.redhat.com/security/cve/CVE-2026-2673", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-wj64-gh9j-xm82", + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", + "https://openssl-library.org/news/secadv/20260313.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-2673" + ], + "PublishedDate": "2026-03-13T19:54:34.033Z", + "LastModifiedDate": "2026-05-18T20:16:37.763Z" + }, + { + "VulnerabilityID": "CVE-2026-31790", + "PkgID": "libcrypto3@3.5.5-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "6778a588f2cebd48" + }, + "InstalledVersion": "3.5.5-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:ba281cca75bb4ae35020b82eadc016988de3edbdacfd4af21375e931e1c78fcd", + "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", + "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31790", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", + "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", + "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", + "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", + "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", + "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31790", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.77Z", + "LastModifiedDate": "2026-05-12T13:17:34.75Z" + }, + { + "VulnerabilityID": "CVE-2025-14017", + "PkgID": "libcurl@8.17.0-r1", + "PkgName": "libcurl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcurl@8.17.0-r1?arch=x86_64\u0026distro=3.23.3", + "UID": "85c7760f5617ed48" + }, + "InstalledVersion": "8.17.0-r1", + "FixedVersion": "8.19.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", + "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-14017", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:90ac65d633603b375d33a7464e7ac0c0253a920725fc01636b36a80abff5911a", + "Title": "curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers", + "Description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "julia": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 6.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 4.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/07/3", + "https://access.redhat.com/security/cve/CVE-2025-14017", + "https://curl.se/docs/CVE-2025-14017.html", + "https://curl.se/docs/CVE-2025-14017.json", + "https://github.com/advisories/GHSA-jh4h-2cg6-889h", + "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", + "https://ubuntu.com/security/notices/USN-8062-1", + "https://ubuntu.com/security/notices/USN-8062-2", + "https://www.cve.org/CVERecord?id=CVE-2025-14017" + ], + "PublishedDate": "2026-01-08T10:15:45.667Z", + "LastModifiedDate": "2026-01-27T21:29:39.953Z" + }, + { + "VulnerabilityID": "CVE-2026-1965", + "PkgID": "libcurl@8.17.0-r1", + "PkgName": "libcurl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcurl@8.17.0-r1?arch=x86_64\u0026distro=3.23.3", + "UID": "85c7760f5617ed48" + }, + "InstalledVersion": "8.17.0-r1", + "FixedVersion": "8.19.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", + "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-1965", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:2b6a7f862474fdd6c3b8407f8c67a43cd2e9b3eea80326f00fc137c5494d7710", + "Title": "curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication", + "Description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-305" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 6.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-1965", + "https://curl.se/docs/CVE-2026-1965.html", + "https://curl.se/docs/CVE-2026-1965.json", + "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", + "https://ubuntu.com/security/notices/USN-8084-1", + "https://ubuntu.com/security/notices/USN-8099-1", + "https://www.cve.org/CVERecord?id=CVE-2026-1965" + ], + "PublishedDate": "2026-03-11T11:15:59.177Z", + "LastModifiedDate": "2026-03-12T14:11:19.07Z" + }, + { + "VulnerabilityID": "CVE-2026-3783", + "PkgID": "libcurl@8.17.0-r1", + "PkgName": "libcurl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcurl@8.17.0-r1?arch=x86_64\u0026distro=3.23.3", + "UID": "85c7760f5617ed48" + }, + "InstalledVersion": "8.17.0-r1", + "FixedVersion": "8.19.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", + "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3783", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:f2fd33fb7e29cf16af77e18c81bb33d9f7d462fb157cdebd6ae7784c926f6caf", + "Title": "curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect", + "Description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-522" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 5.7 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/11/2", + "https://access.redhat.com/security/cve/CVE-2026-3783", + "https://curl.se/docs/CVE-2026-3783.html", + "https://curl.se/docs/CVE-2026-3783.json", + "https://github.com/advisories/GHSA-8whr-249c-vfjp", + "https://hackerone.com/reports/3583983", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", + "https://ubuntu.com/security/notices/USN-8084-1", + "https://ubuntu.com/security/notices/USN-8099-1", + "https://www.cve.org/CVERecord?id=CVE-2026-3783" + ], + "PublishedDate": "2026-03-11T11:16:00.08Z", + "LastModifiedDate": "2026-03-12T14:10:37.3Z" + }, + { + "VulnerabilityID": "CVE-2026-3784", + "PkgID": "libcurl@8.17.0-r1", + "PkgName": "libcurl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcurl@8.17.0-r1?arch=x86_64\u0026distro=3.23.3", + "UID": "85c7760f5617ed48" + }, + "InstalledVersion": "8.17.0-r1", + "FixedVersion": "8.19.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", + "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3784", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:c080017a1ac95299310222d88329fdabb6c31d0e496e383e0198e1ff7f2421a7", + "Title": "curl: curl: Unauthorized access due to improper HTTP proxy connection reuse", + "Description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-305" + ], + "VendorSeverity": { + "azure": 2, + "julia": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/11/3", + "https://access.redhat.com/security/cve/CVE-2026-3784", + "https://curl.se/docs/CVE-2026-3784.html", + "https://curl.se/docs/CVE-2026-3784.json", + "https://github.com/advisories/GHSA-5q3w-6p3j-mw6p", + "https://hackerone.com/reports/3584903", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", + "https://ubuntu.com/security/notices/USN-8084-1", + "https://ubuntu.com/security/notices/USN-8099-1", + "https://www.cve.org/CVERecord?id=CVE-2026-3784" + ], + "PublishedDate": "2026-03-11T11:16:00.437Z", + "LastModifiedDate": "2026-03-12T14:09:50.47Z" + }, + { + "VulnerabilityID": "CVE-2026-3805", + "PkgID": "libcurl@8.17.0-r1", + "PkgName": "libcurl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcurl@8.17.0-r1?arch=x86_64\u0026distro=3.23.3", + "UID": "85c7760f5617ed48" + }, + "InstalledVersion": "8.17.0-r1", + "FixedVersion": "8.19.0-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", + "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3805", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:23c7f777ba95adc58824dcb9a982e61a1dc5dd59d150177ff10868b2c82b16d8", + "Title": "curl: curl: Arbitrary code execution or Denial of Service via use-after-free in SMB request handling", + "Description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 2, + "julia": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "V3Score": 6.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/11/4", + "https://access.redhat.com/security/cve/CVE-2026-3805", + "https://curl.se/docs/CVE-2026-3805.html", + "https://curl.se/docs/CVE-2026-3805.json", + "https://github.com/advisories/GHSA-2289-hhfc-p684", + "https://hackerone.com/reports/3591944", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", + "https://ubuntu.com/security/notices/USN-8084-1", + "https://www.cve.org/CVERecord?id=CVE-2026-3805" + ], + "PublishedDate": "2026-03-11T11:16:00.967Z", + "LastModifiedDate": "2026-03-12T14:08:56.79Z" + }, + { + "VulnerabilityID": "CVE-2026-31789", + "PkgID": "libssl3@3.5.5-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "bca2260902e2ef48" + }, + "InstalledVersion": "3.5.5-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:520ece7ddbe640a6bd03db266b91bf156337bd7efba857cbe08ba36bba8af278", + "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", + "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "nvd": 4, + "photon": 4, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 5.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31789", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-j79m-9jxq-788r", + "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", + "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", + "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", + "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", + "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31789", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.617Z", + "LastModifiedDate": "2026-05-12T13:17:34.57Z" + }, + { + "VulnerabilityID": "CVE-2026-28387", + "PkgID": "libssl3@3.5.5-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "bca2260902e2ef48" + }, + "InstalledVersion": "3.5.5-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:79d777037b571dce22acaad3a86f94a4e8847796312ec0d61102fc7a36d3cb71", + "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", + "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28387", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", + "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", + "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", + "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", + "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28387", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.7Z", + "LastModifiedDate": "2026-05-12T13:17:33.27Z" + }, + { + "VulnerabilityID": "CVE-2026-28388", + "PkgID": "libssl3@3.5.5-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "bca2260902e2ef48" + }, + "InstalledVersion": "3.5.5-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:75e0f1ea5b288bb693f870ca4e5922461b12656b70a9e0e3efc48968bbec3d4c", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", + "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28388", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", + "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", + "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", + "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", + "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28388", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.863Z", + "LastModifiedDate": "2026-05-12T13:17:33.453Z" + }, + { + "VulnerabilityID": "CVE-2026-28389", + "PkgID": "libssl3@3.5.5-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "bca2260902e2ef48" + }, + "InstalledVersion": "3.5.5-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:f04763aa82196f5d25fffdfd61747aed9be06cda31b5f15b2ea4ce70e13c9fb4", + "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28389", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/advisories/GHSA-7x88-9hgc-69gf", + "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", + "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", + "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", + "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", + "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28389", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.03Z", + "LastModifiedDate": "2026-05-12T13:17:33.637Z" + }, + { + "VulnerabilityID": "CVE-2026-28390", + "PkgID": "libssl3@3.5.5-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "bca2260902e2ef48" + }, + "InstalledVersion": "3.5.5-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:3f3399011da49e464fc723132fba081923571904ffccf9b07ac51d19671bddd2", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28390", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", + "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", + "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", + "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", + "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28390", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.19Z", + "LastModifiedDate": "2026-05-12T13:17:33.81Z" + }, + { + "VulnerabilityID": "CVE-2026-2673", + "PkgID": "libssl3@3.5.5-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "bca2260902e2ef48" + }, + "InstalledVersion": "3.5.5-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2673", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:46a2167cf1001230ba7640f1a0e3a476c4e51b54f2c2d70fcd3a4e057db8a12c", + "Title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group", + "Description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-757" + ], + "VendorSeverity": { + "amazon": 1, + "julia": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/13/3", + "https://access.redhat.com/security/cve/CVE-2026-2673", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-wj64-gh9j-xm82", + "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", + "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", + "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", + "https://openssl-library.org/news/secadv/20260313.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-2673" + ], + "PublishedDate": "2026-03-13T19:54:34.033Z", + "LastModifiedDate": "2026-05-18T20:16:37.763Z" + }, + { + "VulnerabilityID": "CVE-2026-31790", + "PkgID": "libssl3@3.5.5-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "bca2260902e2ef48" + }, + "InstalledVersion": "3.5.5-r0", + "FixedVersion": "3.5.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:18dc66e795824fa11e34349e3d5818a217635cd19da4c8375a630dd916663dbc", + "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", + "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31790", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", + "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", + "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", + "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", + "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", + "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31790", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.77Z", + "LastModifiedDate": "2026-05-12T13:17:34.75Z" + }, + { + "VulnerabilityID": "CVE-2026-40200", + "PkgID": "musl@1.2.5-r21", + "PkgName": "musl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r21?arch=x86_64\u0026distro=3.23.3", + "UID": "750ab06f52f2bfe9" + }, + "InstalledVersion": "1.2.5-r21", + "FixedVersion": "1.2.5-r23", + "Status": "fixed", + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:1af05b521a89d3104045dc0928e138a9e3fda66e1a0fb9b68f697759c38e5725", + "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", + "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-670" + ], + "VendorSeverity": { + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/10/13", + "https://access.redhat.com/security/cve/CVE-2026-40200", + "https://musl.libc.org/releases.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", + "https://www.cve.org/CVERecord?id=CVE-2026-40200", + "https://www.openwall.com/lists/oss-security/2026/04/10/13" + ], + "PublishedDate": "2026-04-10T17:17:14.107Z", + "LastModifiedDate": "2026-04-27T19:18:46.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6042", + "PkgID": "musl@1.2.5-r21", + "PkgName": "musl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r21?arch=x86_64\u0026distro=3.23.3", + "UID": "750ab06f52f2bfe9" + }, + "InstalledVersion": "1.2.5-r21", + "FixedVersion": "1.2.5-r22", + "Status": "fixed", + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:2288b5c03030ef0b3ba2bcd80e031ba38e2cf10d08ed346d2f5600e7014a8815", + "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", + "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-404", + "CWE-407" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/09/19", + "https://access.redhat.com/security/cve/CVE-2026-6042", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", + "https://vuldb.com/submit/796352", + "https://vuldb.com/vuln/356620", + "https://vuldb.com/vuln/356620/cti", + "https://www.cve.org/CVERecord?id=CVE-2026-6042", + "https://www.openwall.com/lists/oss-security/2026/04/02/10", + "https://www.openwall.com/lists/oss-security/2026/04/03/2" + ], + "PublishedDate": "2026-04-10T09:16:25.45Z", + "LastModifiedDate": "2026-04-24T18:01:13.913Z" + }, + { + "VulnerabilityID": "CVE-2026-40200", + "PkgID": "musl-utils@1.2.5-r21", + "PkgName": "musl-utils", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r21?arch=x86_64\u0026distro=3.23.3", + "UID": "9dadd6d4093981ad" + }, + "InstalledVersion": "1.2.5-r21", + "FixedVersion": "1.2.5-r23", + "Status": "fixed", + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:bd4c836188a3de802b4c2cc7d3797bdde6d097170d1bd491a4ca67cf5dd1fc17", + "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", + "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-670" + ], + "VendorSeverity": { + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/10/13", + "https://access.redhat.com/security/cve/CVE-2026-40200", + "https://musl.libc.org/releases.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", + "https://www.cve.org/CVERecord?id=CVE-2026-40200", + "https://www.openwall.com/lists/oss-security/2026/04/10/13" + ], + "PublishedDate": "2026-04-10T17:17:14.107Z", + "LastModifiedDate": "2026-04-27T19:18:46.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6042", + "PkgID": "musl-utils@1.2.5-r21", + "PkgName": "musl-utils", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r21?arch=x86_64\u0026distro=3.23.3", + "UID": "9dadd6d4093981ad" + }, + "InstalledVersion": "1.2.5-r21", + "FixedVersion": "1.2.5-r22", + "Status": "fixed", + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:521b01fe45309eba6b9d38c429dab2fc72c19bce470e35d27df35cb9e860098f", + "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", + "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-404", + "CWE-407" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/09/19", + "https://access.redhat.com/security/cve/CVE-2026-6042", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", + "https://vuldb.com/submit/796352", + "https://vuldb.com/vuln/356620", + "https://vuldb.com/vuln/356620/cti", + "https://www.cve.org/CVERecord?id=CVE-2026-6042", + "https://www.openwall.com/lists/oss-security/2026/04/02/10", + "https://www.openwall.com/lists/oss-security/2026/04/03/2" + ], + "PublishedDate": "2026-04-10T09:16:25.45Z", + "LastModifiedDate": "2026-04-24T18:01:13.913Z" + }, + { + "VulnerabilityID": "CVE-2026-27135", + "PkgID": "nghttp2-libs@1.68.0-r0", + "PkgName": "nghttp2-libs", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/nghttp2-libs@1.68.0-r0?arch=x86_64\u0026distro=3.23.3", + "UID": "802c936f9e7891b2" + }, + "InstalledVersion": "1.68.0-r0", + "FixedVersion": "1.68.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", + "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27135", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:c9e94a7acd488cbaee93b05343345abaee769540529e58ed562c58f4189579db", + "Title": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination", + "Description": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-617" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/20/3", + "https://access.redhat.com/errata/RHSA-2026:7896", + "https://access.redhat.com/security/cve/CVE-2026-27135", + "https://bugzilla.redhat.com/2441268", + "https://bugzilla.redhat.com/2442922", + "https://bugzilla.redhat.com/2448754", + "https://bugzilla.redhat.com/2453151", + "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", + "https://errata.almalinux.org/9/ALSA-2026-7896.html", + "https://errata.rockylinux.org/RLSA-2026:7668", + "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1", + "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6", + "https://linux.oracle.com/cve/CVE-2026-27135.html", + "https://linux.oracle.com/errata/ELSA-2026-8339.html", + "https://lists.debian.org/debian-lts-announce/2026/05/msg00025.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27135", + "https://ubuntu.com/security/notices/USN-8233-1", + "https://ubuntu.com/security/notices/USN-8233-2", + "https://www.cve.org/CVERecord?id=CVE-2026-27135" + ], + "PublishedDate": "2026-03-18T18:16:26.723Z", + "LastModifiedDate": "2026-05-13T22:16:42.337Z" + }, + { + "VulnerabilityID": "CVE-2026-22184", + "PkgID": "zlib@1.3.1-r2", + "PkgName": "zlib", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.23.3", + "UID": "792cdc69bc59d880" + }, + "InstalledVersion": "1.3.1-r2", + "FixedVersion": "1.3.2-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22184", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:8190a34a5d84b8416e0d151cc902ec5ec5840abea353691120372b8052c7a2c3", + "Title": "zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility", + "Description": "zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "nvd": 3, + "redhat": 3 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 8.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-22184", + "https://github.com/madler/zlib", + "https://github.com/madler/zlib/issues/1142", + "https://nvd.nist.gov/vuln/detail/CVE-2026-22184", + "https://seclists.org/fulldisclosure/2026/Jan/3", + "https://www.cve.org/CVERecord?id=CVE-2026-22184", + "https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname", + "https://zlib.net/" + ], + "PublishedDate": "2026-01-07T21:16:01.563Z", + "LastModifiedDate": "2026-03-18T16:26:31.14Z" + }, + { + "VulnerabilityID": "CVE-2026-27171", + "PkgID": "zlib@1.3.1-r2", + "PkgName": "zlib", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.23.3", + "UID": "792cdc69bc59d880" + }, + "InstalledVersion": "1.3.1-r2", + "FixedVersion": "1.3.2-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", + "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:884aea9aa695ea50acf4ada39f0cbeefdd8215bb3b182bd268387a168419ef8a", + "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", + "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1284" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 1, + "cbl-mariner": 1, + "julia": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://access.redhat.com/security/cve/CVE-2026-27171", + "https://github.com/advisories/GHSA-h858-mf2m-8jf4", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "https://ostif.org/zlib-audit-complete", + "https://ostif.org/zlib-audit-complete/", + "https://www.cve.org/CVERecord?id=CVE-2026-27171" + ], + "PublishedDate": "2026-02-18T04:16:01.263Z", + "LastModifiedDate": "2026-03-25T21:27:04.603Z" + } + ] + }, + { + "Target": "usr/local/bin/trivy", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "ID": "github.com/aquasecurity/trivy@v0.70.0", + "Name": "github.com/aquasecurity/trivy", + "Identifier": { + "PURL": "pkg:golang/github.com/aquasecurity/trivy@v0.70.0", + "UID": "3b38ce3f34d371cf" + }, + "Version": "v0.70.0", + "Relationship": "root", + "DependsOn": [ + "cel.dev/expr@v0.25.1", + "cloud.google.com/go/auth/oauth2adapt@v0.2.8", + "cloud.google.com/go/auth@v0.18.2", + "cloud.google.com/go/compute/metadata@v0.9.0", + "cloud.google.com/go/iam@v1.5.3", + "cloud.google.com/go/monitoring@v1.24.3", + "cloud.google.com/go/storage@v1.61.3", + "cloud.google.com/go@v0.123.0", + "dario.cat/mergo@v1.0.2", + "github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.21.0", + "github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.13.1", + "github.com/Azure/azure-sdk-for-go/sdk/containers/azcontainerregistry@v0.2.3", + "github.com/Azure/azure-sdk-for-go/sdk/internal@v1.11.2", + "github.com/AzureAD/microsoft-authentication-library-for-go@v1.6.0", + "github.com/BurntSushi/toml@v1.6.0", + "github.com/CycloneDX/cyclonedx-go@v0.10.0", + "github.com/GoogleCloudPlatform/docker-credential-gcr/v2@v2.1.32", + "github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp@v1.30.0", + "github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric@v0.55.0", + "github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping@v0.55.0", + "github.com/Intevation/gval@v1.3.0", + "github.com/Intevation/jsonpath@v0.2.1", + "github.com/MakeNowJust/heredoc@v1.0.0", + "github.com/Masterminds/goutils@v1.1.1", + "github.com/Masterminds/semver/v3@v3.4.0", + "github.com/Masterminds/sprig/v3@v3.3.0", + "github.com/Masterminds/squirrel@v1.5.4", + "github.com/NYTimes/gziphandler@v1.1.1", + "github.com/ProtonMail/go-crypto@v1.3.0", + "github.com/VividCortex/ewma@v1.2.0", + "github.com/agext/levenshtein@v1.2.3", + "github.com/agnivade/levenshtein@v1.2.1", + "github.com/alecthomas/chroma@v0.10.0", + "github.com/anchore/go-struct-converter@v0.1.0", + "github.com/apparentlymart/go-cidr@v1.1.0", + "github.com/apparentlymart/go-textseg/v15@v15.0.0", + "github.com/aquasecurity/go-gem-version@v0.0.0-20201115065557-8eed6fe000ce", + "github.com/aquasecurity/go-npm-version@v0.0.2", + "github.com/aquasecurity/go-pep440-version@v0.0.1", + "github.com/aquasecurity/go-version@v0.0.1", + "github.com/aquasecurity/iamgo@v0.0.10", + "github.com/aquasecurity/jfather@v0.0.8", + "github.com/aquasecurity/table@v1.11.0", + "github.com/aquasecurity/tml@v0.6.1", + "github.com/aquasecurity/trivy-checks@v1.12.2-0.20251219190323-79d27547baf5", + "github.com/aquasecurity/trivy-db@v0.0.0-20251222105351-a833f47f8f0d", + "github.com/aquasecurity/trivy-java-db@v0.0.0-20240109071736-184bd7481d48", + "github.com/aquasecurity/trivy-kubernetes@v0.9.1", + "github.com/asaskevich/govalidator@v0.0.0-20230301143203-a9d515a09cc2", + "github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream@v1.7.8", + "github.com/aws/aws-sdk-go-v2/config@v1.32.12", + "github.com/aws/aws-sdk-go-v2/credentials@v1.19.12", + "github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.20", + "github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.21", + "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.21", + "github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", + "github.com/aws/aws-sdk-go-v2/internal/v4a@v1.4.22", + "github.com/aws/aws-sdk-go-v2/service/ebs@v1.22.1", + "github.com/aws/aws-sdk-go-v2/service/ec2@v1.290.0", + "github.com/aws/aws-sdk-go-v2/service/ecr@v1.55.2", + "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", + "github.com/aws/aws-sdk-go-v2/service/internal/checksum@v1.9.13", + "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.21", + "github.com/aws/aws-sdk-go-v2/service/internal/s3shared@v1.19.21", + "github.com/aws/aws-sdk-go-v2/service/s3@v1.97.3", + "github.com/aws/aws-sdk-go-v2/service/signin@v1.0.8", + "github.com/aws/aws-sdk-go-v2/service/sso@v1.30.13", + "github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.17", + "github.com/aws/aws-sdk-go-v2/service/sts@v1.41.9", + "github.com/aws/aws-sdk-go-v2@v1.41.5", + "github.com/aws/smithy-go@v1.24.2", + "github.com/bgentry/go-netrc@v0.0.0-20140422174119-9fd32a8b3d3d", + "github.com/bitnami/go-version@v0.0.0-20231130084017-bb00604d650c", + "github.com/blang/semver/v4@v4.0.0", + "github.com/blang/semver@v3.5.1+incompatible", + "github.com/bmatcuk/doublestar/v4@v4.10.0", + "github.com/briandowns/spinner@v1.23.0", + "github.com/cenkalti/backoff/v4@v4.3.0", + "github.com/cenkalti/backoff/v5@v5.0.3", + "github.com/cespare/xxhash/v2@v2.3.0", + "github.com/chai2010/gettext-go@v1.0.2", + "github.com/cheggaaa/pb/v3@v3.1.7", + "github.com/cloudflare/circl@v1.6.3", + "github.com/cncf/xds/go@v0.0.0-20251210132809-ee656c7534f5", + "github.com/containerd/containerd/api@v1.10.0", + "github.com/containerd/containerd/v2@v2.2.2", + "github.com/containerd/containerd@v1.7.30", + "github.com/containerd/continuity@v0.4.5", + "github.com/containerd/errdefs/pkg@v0.3.0", + "github.com/containerd/errdefs@v1.0.0", + "github.com/containerd/fifo@v1.1.0", + "github.com/containerd/log@v0.1.0", + "github.com/containerd/platforms@v1.0.0-rc.4", + "github.com/containerd/plugin@v1.0.0", + "github.com/containerd/stargz-snapshotter/estargz@v0.18.2", + "github.com/containerd/ttrpc@v1.2.8", + "github.com/containerd/typeurl/v2@v2.2.3", + "github.com/coreos/go-oidc/v3@v3.17.0", + "github.com/cyberphone/json-canonicalization@v0.0.0-20241213102144-19d51d7fe467", + "github.com/cyphar/filepath-securejoin@v0.6.1", + "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "github.com/dgryski/go-rendezvous@v0.0.0-20200823014737-9f7001d12a5f", + "github.com/digitorus/pkcs7@v0.0.0-20230818184609-3a137a874352", + "github.com/digitorus/timestamp@v0.0.0-20231217203849-220c5c2851b7", + "github.com/distribution/reference@v0.6.0", + "github.com/dlclark/regexp2@v1.11.0", + "github.com/docker/cli@v29.4.0+incompatible", + "github.com/docker/distribution@v2.8.3+incompatible", + "github.com/docker/docker-credential-helpers@v0.9.5", + "github.com/docker/go-connections@v0.6.0", + "github.com/docker/go-units@v0.5.0", + "github.com/dsnet/compress@v0.0.2-0.20230904184137-39efe44ab707", + "github.com/dustin/go-humanize@v1.0.1", + "github.com/emicklei/go-restful/v3@v3.13.0", + "github.com/emirpasic/gods@v1.18.1", + "github.com/envoyproxy/go-control-plane/envoy@v1.36.0", + "github.com/envoyproxy/protoc-gen-validate@v1.3.0", + "github.com/evanphx/json-patch@v5.9.11+incompatible", + "github.com/exponent-io/jsonpath@v0.0.0-20210407135951-1de76d718b3f", + "github.com/fatih/color@v1.19.0", + "github.com/felixge/httpsnoop@v1.0.4", + "github.com/fsnotify/fsnotify@v1.9.0", + "github.com/fvbommel/sortorder@v1.1.0", + "github.com/fxamacker/cbor/v2@v2.9.0", + "github.com/go-chi/chi/v5@v5.2.5", + "github.com/go-errors/errors@v1.4.2", + "github.com/go-git/gcfg@v1.5.1-0.20230307220236-3a3c6141e376", + "github.com/go-git/go-billy/v5@v5.8.0", + "github.com/go-git/go-git/v5@v5.17.2", + "github.com/go-gorp/gorp/v3@v3.1.0", + "github.com/go-ini/ini@v1.67.0", + "github.com/go-jose/go-jose/v4@v4.1.4", + "github.com/go-logr/logr@v1.4.3", + "github.com/go-logr/stdr@v1.2.2", + "github.com/go-openapi/analysis@v0.24.3", + "github.com/go-openapi/errors@v0.22.7", + "github.com/go-openapi/jsonpointer@v0.22.5", + "github.com/go-openapi/jsonreference@v0.21.5", + "github.com/go-openapi/loads@v0.23.3", + "github.com/go-openapi/runtime@v0.29.3", + "github.com/go-openapi/spec@v0.22.4", + "github.com/go-openapi/strfmt@v0.26.1", + "github.com/go-openapi/swag/cmdutils@v0.25.5", + "github.com/go-openapi/swag/conv@v0.25.5", + "github.com/go-openapi/swag/fileutils@v0.25.5", + "github.com/go-openapi/swag/jsonname@v0.25.5", + "github.com/go-openapi/swag/jsonutils@v0.25.5", + "github.com/go-openapi/swag/loading@v0.25.5", + "github.com/go-openapi/swag/mangling@v0.25.5", + "github.com/go-openapi/swag/netutils@v0.25.5", + "github.com/go-openapi/swag/stringutils@v0.25.5", + "github.com/go-openapi/swag/typeutils@v0.25.5", + "github.com/go-openapi/swag/yamlutils@v0.25.5", + "github.com/go-openapi/swag@v0.25.5", + "github.com/go-openapi/validate@v0.25.2", + "github.com/go-redis/redis/v8@v8.11.5", + "github.com/go-viper/mapstructure/v2@v2.5.0", + "github.com/gobwas/glob@v0.2.3", + "github.com/gocsaf/csaf/v3@v3.5.1", + "github.com/gogo/protobuf@v1.3.2", + "github.com/golang-jwt/jwt/v5@v5.3.1", + "github.com/golang/groupcache@v0.0.0-20241129210726-2c02b8208cf8", + "github.com/golang/snappy@v0.0.4", + "github.com/google/btree@v1.1.3", + "github.com/google/certificate-transparency-go@v1.3.2", + "github.com/google/gnostic-models@v0.7.0", + "github.com/google/go-cmp@v0.7.0", + "github.com/google/go-containerregistry@v0.21.2", + "github.com/google/go-github/v62@v62.0.0", + "github.com/google/go-querystring@v1.1.0", + "github.com/google/licenseclassifier/v2@v2.0.0", + "github.com/google/s2a-go@v0.1.9", + "github.com/google/uuid@v1.6.0", + "github.com/googleapis/enterprise-certificate-proxy@v0.3.14", + "github.com/googleapis/gax-go/v2@v2.19.0", + "github.com/gosuri/uitable@v0.0.4", + "github.com/gregjones/httpcache@v0.0.0-20190611155906-901d90724c79", + "github.com/grpc-ecosystem/grpc-gateway/v2@v2.27.7", + "github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.72", + "github.com/hashicorp/errwrap@v1.1.0", + "github.com/hashicorp/go-cleanhttp@v0.5.2", + "github.com/hashicorp/go-getter@v1.8.6", + "github.com/hashicorp/go-multierror@v1.1.1", + "github.com/hashicorp/go-retryablehttp@v0.7.8", + "github.com/hashicorp/go-uuid@v1.0.3", + "github.com/hashicorp/go-version@v1.9.0", + "github.com/hashicorp/golang-lru/v2@v2.0.7", + "github.com/hashicorp/hcl/v2@v2.24.0", + "github.com/huandu/xstrings@v1.5.0", + "github.com/in-toto/attestation@v1.1.2", + "github.com/in-toto/in-toto-golang@v0.10.0", + "github.com/jbenet/go-context@v0.0.0-20150711004518-d14ea06fba99", + "github.com/jedisct1/go-minisign@v0.0.0-20230811132847-661be99b8267", + "github.com/jmoiron/sqlx@v1.4.0", + "github.com/josephburnett/jd/v2@v2.3.0", + "github.com/json-iterator/go@v1.1.12", + "github.com/kevinburke/ssh_config@v1.2.0", + "github.com/klauspost/compress@v1.18.5", + "github.com/knqyf263/go-apk-version@v0.0.0-20200609155635-041fdbb8563f", + "github.com/knqyf263/go-deb-version@v0.0.0-20241115132648-6f4aee6ccd23", + "github.com/knqyf263/go-rpm-version@v0.0.0-20220614171824-631e686d1075", + "github.com/knqyf263/go-rpmdb@v0.1.1", + "github.com/knqyf263/nested@v0.0.1", + "github.com/kylelemons/godebug@v1.1.0", + "github.com/lann/builder@v0.0.0-20180802200727-47ae307949d0", + "github.com/lann/ps@v0.0.0-20150810152359-62de8c46ede0", + "github.com/lestrrat-go/blackmagic@v1.0.4", + "github.com/lestrrat-go/dsig@v1.0.0", + "github.com/lestrrat-go/httpcc@v1.0.1", + "github.com/lestrrat-go/httprc/v3@v3.0.2", + "github.com/lestrrat-go/jwx/v3@v3.0.13", + "github.com/lestrrat-go/option/v2@v2.0.0", + "github.com/letsencrypt/boulder@v0.20260223.0", + "github.com/lib/pq@v1.10.9", + "github.com/liggitt/tabwriter@v0.0.0-20181228230101-89fcab3d43de", + "github.com/lunixbochs/struc@v0.0.0-20200707160740-784aaebc1d40", + "github.com/masahiro331/go-disk@v0.0.0-20240625071113-56c933208fee", + "github.com/masahiro331/go-ebs-file@v0.0.0-20240917043618-e6d2bea5c32e", + "github.com/masahiro331/go-ext4-filesystem@v0.0.0-20240620024024-ca14e6327bbd", + "github.com/masahiro331/go-mvn-version@v0.0.0-20250131095131-f4974fa13b8a", + "github.com/masahiro331/go-vmdk-parser@v0.0.0-20221225061455-612096e4bbbd", + "github.com/masahiro331/go-xfs-filesystem@v0.0.0-20231205045356-1b22259a6c44", + "github.com/mattn/go-colorable@v0.1.14", + "github.com/mattn/go-isatty@v0.0.20", + "github.com/mattn/go-runewidth@v0.0.16", + "github.com/mattn/go-shellwords@v1.0.12", + "github.com/mitchellh/copystructure@v1.2.0", + "github.com/mitchellh/go-homedir@v1.1.0", + "github.com/mitchellh/go-wordwrap@v1.0.1", + "github.com/mitchellh/hashstructure/v2@v2.0.2", + "github.com/mitchellh/mapstructure@v1.5.1-0.20231216201459-8508981c8b6c", + "github.com/mitchellh/reflectwalk@v1.0.2", + "github.com/moby/buildkit@v0.29.0", + "github.com/moby/docker-image-spec@v1.3.1", + "github.com/moby/locker@v1.0.1", + "github.com/moby/moby/api@v1.54.1", + "github.com/moby/moby/client@v0.4.0", + "github.com/moby/sys/atomicwriter@v0.1.0", + "github.com/moby/sys/mountinfo@v0.7.2", + "github.com/moby/sys/sequential@v0.6.0", + "github.com/moby/sys/signal@v0.7.1", + "github.com/moby/sys/user@v0.4.0", + "github.com/moby/sys/userns@v0.1.0", + "github.com/moby/term@v0.5.2", + "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "github.com/modern-go/reflect2@v1.0.3-0.20250322232337-35a7c28c31ee", + "github.com/monochromegane/go-gitignore@v0.0.0-20200626010858-205db1a8cc00", + "github.com/morikuni/aec@v1.1.0", + "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "github.com/nikolalohinski/gonja/v2@v2.7.0", + "github.com/nozzle/throttler@v0.0.0-20180817012639-2ea982251481", + "github.com/oklog/ulid/v2@v2.1.1", + "github.com/open-policy-agent/opa@v1.15.2", + "github.com/opencontainers/go-digest@v1.0.0", + "github.com/opencontainers/image-spec@v1.1.1", + "github.com/opencontainers/runtime-spec@v1.3.0", + "github.com/opencontainers/selinux@v1.13.1", + "github.com/openvex/discovery@v0.1.1-0.20240802171711-7c54efc57553", + "github.com/openvex/go-vex@v0.2.7", + "github.com/owenrumney/go-sarif/v2@v2.3.3", + "github.com/owenrumney/squealer@v1.2.12", + "github.com/package-url/packageurl-go@v0.1.5", + "github.com/pandatix/go-cvss@v0.6.2", + "github.com/pelletier/go-toml/v2@v2.2.4", + "github.com/peterbourgon/diskv@v2.0.1+incompatible", + "github.com/pjbgf/sha1cd@v0.3.2", + "github.com/pkg/browser@v0.0.0-20240102092130-5ac0b6a4141c", + "github.com/pkg/errors@v0.9.1", + "github.com/planetscale/vtprotobuf@v0.6.1-0.20240319094008-0393e58bdf10", + "github.com/pmezard/go-difflib@v1.0.1-0.20181226105442-5d4384ee4fb2", + "github.com/rcrowley/go-metrics@v0.0.0-20250401214520-65e299d6c5c9", + "github.com/remyoudompheng/bigfft@v0.0.0-20230129092748-24d4a6f8daec", + "github.com/rivo/uniseg@v0.4.7", + "github.com/rubenv/sql-migrate@v1.8.1", + "github.com/russross/blackfriday/v2@v2.1.0", + "github.com/rust-secure-code/go-rustaudit@v0.0.0-20250226111315-e20ec32e963c", + "github.com/sagikazarmark/locafero@v0.11.0", + "github.com/samber/lo@v1.53.0", + "github.com/samber/oops@v1.18.1", + "github.com/santhosh-tekuri/jsonschema/v6@v6.0.2", + "github.com/sassoftware/go-rpmutils@v0.4.0", + "github.com/sassoftware/relic@v7.2.1+incompatible", + "github.com/secure-systems-lab/go-securesystemslib@v0.10.0", + "github.com/sergi/go-diff@v1.4.0", + "github.com/shibumi/go-pathspec@v1.3.0", + "github.com/shopspring/decimal@v1.4.0", + "github.com/sigstore/cosign/v2@v2.6.2", + "github.com/sigstore/protobuf-specs@v0.5.0", + "github.com/sigstore/rekor-tiles/v2@v2.0.1", + "github.com/sigstore/rekor@v1.5.1", + "github.com/sigstore/sigstore-go@v1.1.4", + "github.com/sigstore/sigstore@v1.10.5", + "github.com/sigstore/timestamp-authority/v2@v2.0.6", + "github.com/sirupsen/logrus@v1.9.4", + "github.com/skeema/knownhosts@v1.3.1", + "github.com/sourcegraph/conc@v0.3.1-0.20240121214520-5f936abd7ae8", + "github.com/spdx/tools-golang@v0.5.7", + "github.com/spf13/afero@v1.15.0", + "github.com/spf13/cast@v1.10.0", + "github.com/spf13/cobra@v1.10.2", + "github.com/spf13/pflag@v1.0.10", + "github.com/spf13/viper@v1.21.0", + "github.com/spiffe/go-spiffe/v2@v2.6.0", + "github.com/stretchr/objx@v0.5.3", + "github.com/stretchr/testify@v1.11.1", + "github.com/subosito/gotenv@v1.6.0", + "github.com/syndtr/goleveldb@v1.0.1-0.20220721030215-126854af5e6d", + "github.com/tchap/go-patricia/v2@v2.3.3", + "github.com/tetratelabs/wazero@v1.11.0", + "github.com/theupdateframework/go-tuf/v2@v2.4.1", + "github.com/theupdateframework/go-tuf@v0.7.0", + "github.com/titanous/rocacheck@v0.0.0-20171023193734-afe73141d399", + "github.com/tonistiigi/go-csvvalue@v0.0.0-20240814133006-030d3b2625d0", + "github.com/toqueteos/webbrowser@v1.2.0", + "github.com/transparency-dev/formats@v0.0.0-20251017110053-404c0d5b696c", + "github.com/transparency-dev/merkle@v0.0.2", + "github.com/twitchtv/twirp@v8.1.3+incompatible", + "github.com/ulikunitz/xz@v0.5.15", + "github.com/valyala/fastjson@v1.6.7", + "github.com/vbatts/tar-split@v0.12.2", + "github.com/vektah/gqlparser/v2@v2.5.32", + "github.com/vmihailenco/msgpack/v5@v5.4.1", + "github.com/vmihailenco/tagparser/v2@v2.0.0", + "github.com/x448/float16@v0.8.4", + "github.com/xanzy/ssh-agent@v0.3.3", + "github.com/xeipuuv/gojsonpointer@v0.0.0-20190905194746-02993c407bfb", + "github.com/xeipuuv/gojsonreference@v0.0.0-20180127040603-bd5ef7bd5415", + "github.com/xeipuuv/gojsonschema@v1.2.0", + "github.com/xi2/xz@v0.0.0-20171230120015-48954b6210f8", + "github.com/xlab/treeprint@v1.2.0", + "github.com/yashtewari/glob-intersection@v0.2.0", + "github.com/zclconf/go-cty-yaml@v1.2.0", + "github.com/zclconf/go-cty@v1.18.0", + "go.etcd.io/bbolt@v1.4.3", + "go.opentelemetry.io/auto/sdk@v1.2.1", + "go.opentelemetry.io/contrib/detectors/gcp@v1.39.0", + "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.63.0", + "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.65.0", + "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc@v1.40.0", + "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.40.0", + "go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.40.0", + "go.opentelemetry.io/otel/metric@v1.43.0", + "go.opentelemetry.io/otel/sdk/metric@v1.43.0", + "go.opentelemetry.io/otel/sdk@v1.43.0", + "go.opentelemetry.io/otel/trace@v1.43.0", + "go.opentelemetry.io/otel@v1.43.0", + "go.opentelemetry.io/proto/otlp@v1.9.0", + "go.uber.org/multierr@v1.11.0", + "go.uber.org/zap@v1.27.1", + "go.yaml.in/yaml/v2@v2.4.3", + "go.yaml.in/yaml/v3@v3.0.4", + "go.yaml.in/yaml/v4@v4.0.0-rc.3", + "golang.org/x/crypto@v0.50.0", + "golang.org/x/exp@v0.0.0-20251023183803-a4bb9ffd2546", + "golang.org/x/mod@v0.34.0", + "golang.org/x/net@v0.53.0", + "golang.org/x/oauth2@v0.36.0", + "golang.org/x/sync@v0.20.0", + "golang.org/x/sys@v0.43.0", + "golang.org/x/term@v0.42.0", + "golang.org/x/text@v0.36.0", + "golang.org/x/time@v0.15.0", + "golang.org/x/xerrors@v0.0.0-20240903120638-7835f813f4da", + "google.golang.org/api@v0.272.0", + "google.golang.org/genproto/googleapis/api@v0.0.0-20260316180232-0b37fe3546d5", + "google.golang.org/genproto/googleapis/rpc@v0.0.0-20260316180232-0b37fe3546d5", + "google.golang.org/genproto@v0.0.0-20260316180232-0b37fe3546d5", + "google.golang.org/grpc@v1.79.3", + "google.golang.org/protobuf@v1.36.11", + "gopkg.in/evanphx/json-patch.v4@v4.13.0", + "gopkg.in/inf.v0@v0.9.1", + "gopkg.in/warnings.v0@v0.1.2", + "gopkg.in/yaml.v3@v3.0.1", + "helm.sh/helm/v3@v3.20.2", + "k8s.io/api@v0.35.3", + "k8s.io/apiextensions-apiserver@v0.35.1", + "k8s.io/apimachinery@v0.35.3", + "k8s.io/apiserver@v0.35.1", + "k8s.io/cli-runtime@v0.35.1", + "k8s.io/client-go@v0.35.1", + "k8s.io/component-base@v0.35.1", + "k8s.io/klog/v2@v2.130.1", + "k8s.io/kube-openapi@v0.0.0-20250910181357-589584f1c912", + "k8s.io/kubectl@v0.35.1", + "k8s.io/utils@v0.0.0-20251002143259-bc988d571ff4", + "modernc.org/libc@v1.70.0", + "modernc.org/mathutil@v1.7.1", + "modernc.org/memory@v1.11.0", + "modernc.org/sqlite@v1.48.2", + "mvdan.cc/sh/v3@v3.12.0", + "oras.land/oras-go/v2@v2.6.0", + "sigs.k8s.io/json@v0.0.0-20250730193827-2d320260d730", + "sigs.k8s.io/kustomize/api@v0.20.1", + "sigs.k8s.io/kustomize/kyaml@v0.20.1", + "sigs.k8s.io/randfill@v1.0.0", + "sigs.k8s.io/structured-merge-diff/v6@v6.3.0", + "sigs.k8s.io/yaml@v1.6.0", + "stdlib@v1.25.9" + ], + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "stdlib@v1.25.9", + "Name": "stdlib", + "Identifier": { + "PURL": "pkg:golang/stdlib@v1.25.9", + "UID": "2185fb41a98d095a" + }, + "Version": "v1.25.9", + "Relationship": "direct", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "cel.dev/expr@v0.25.1", + "Name": "cel.dev/expr", + "Identifier": { + "PURL": "pkg:golang/cel.dev/expr@v0.25.1", + "UID": "3a3f81106e986320" + }, + "Version": "v0.25.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "cloud.google.com/go@v0.123.0", + "Name": "cloud.google.com/go", + "Identifier": { + "PURL": "pkg:golang/cloud.google.com/go@v0.123.0", + "UID": "b8e3ea83df2ce9f" + }, + "Version": "v0.123.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "cloud.google.com/go/auth@v0.18.2", + "Name": "cloud.google.com/go/auth", + "Identifier": { + "PURL": "pkg:golang/cloud.google.com/go/auth@v0.18.2", + "UID": "4585a7e6f2769abf" + }, + "Version": "v0.18.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "cloud.google.com/go/auth/oauth2adapt@v0.2.8", + "Name": "cloud.google.com/go/auth/oauth2adapt", + "Identifier": { + "PURL": "pkg:golang/cloud.google.com/go/auth/oauth2adapt@v0.2.8", + "UID": "89722113ab90a828" + }, + "Version": "v0.2.8", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "cloud.google.com/go/compute/metadata@v0.9.0", + "Name": "cloud.google.com/go/compute/metadata", + "Identifier": { + "PURL": "pkg:golang/cloud.google.com/go/compute/metadata@v0.9.0", + "UID": "fc19f40bf2534128" + }, + "Version": "v0.9.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "cloud.google.com/go/iam@v1.5.3", + "Name": "cloud.google.com/go/iam", + "Identifier": { + "PURL": "pkg:golang/cloud.google.com/go/iam@v1.5.3", + "UID": "f4b3ea708216af4f" + }, + "Version": "v1.5.3", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "cloud.google.com/go/monitoring@v1.24.3", + "Name": "cloud.google.com/go/monitoring", + "Identifier": { + "PURL": "pkg:golang/cloud.google.com/go/monitoring@v1.24.3", + "UID": "748f52b62b891361" + }, + "Version": "v1.24.3", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "cloud.google.com/go/storage@v1.61.3", + "Name": "cloud.google.com/go/storage", + "Identifier": { + "PURL": "pkg:golang/cloud.google.com/go/storage@v1.61.3", + "UID": "1c5a375112375afd" + }, + "Version": "v1.61.3", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "dario.cat/mergo@v1.0.2", + "Name": "dario.cat/mergo", + "Identifier": { + "PURL": "pkg:golang/dario.cat/mergo@v1.0.2", + "UID": "845249a35e27a89c" + }, + "Version": "v1.0.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.21.0", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/azcore", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azcore@v1.21.0", + "UID": "831d39c1af1cf2b9" + }, + "Version": "v1.21.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.13.1", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/azidentity", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azidentity@v1.13.1", + "UID": "bfc00f17f19945a6" + }, + "Version": "v1.13.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/containers/azcontainerregistry@v0.2.3", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/containers/azcontainerregistry", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/containers/azcontainerregistry@v0.2.3", + "UID": "c4797b4a61dc7864" + }, + "Version": "v0.2.3", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Azure/azure-sdk-for-go/sdk/internal@v1.11.2", + "Name": "github.com/Azure/azure-sdk-for-go/sdk/internal", + "Identifier": { + "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/internal@v1.11.2", + "UID": "59875928d7d3bcc3" + }, + "Version": "v1.11.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/AzureAD/microsoft-authentication-library-for-go@v1.6.0", + "Name": "github.com/AzureAD/microsoft-authentication-library-for-go", + "Identifier": { + "PURL": "pkg:golang/github.com/azuread/microsoft-authentication-library-for-go@v1.6.0", + "UID": "ad99691021c61587" + }, + "Version": "v1.6.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/BurntSushi/toml@v1.6.0", + "Name": "github.com/BurntSushi/toml", + "Identifier": { + "PURL": "pkg:golang/github.com/burntsushi/toml@v1.6.0", + "UID": "320cfbc135c8727" + }, + "Version": "v1.6.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/CycloneDX/cyclonedx-go@v0.10.0", + "Name": "github.com/CycloneDX/cyclonedx-go", + "Identifier": { + "PURL": "pkg:golang/github.com/cyclonedx/cyclonedx-go@v0.10.0", + "UID": "bbd2f34327d37edd" + }, + "Version": "v0.10.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/GoogleCloudPlatform/docker-credential-gcr/v2@v2.1.32", + "Name": "github.com/GoogleCloudPlatform/docker-credential-gcr/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/googlecloudplatform/docker-credential-gcr/v2@v2.1.32", + "UID": "c69f2c152939e7fa" + }, + "Version": "v2.1.32", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp@v1.30.0", + "Name": "github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp", + "Identifier": { + "PURL": "pkg:golang/github.com/googlecloudplatform/opentelemetry-operations-go/detectors/gcp@v1.30.0", + "UID": "bd076868acc12bb8" + }, + "Version": "v1.30.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric@v0.55.0", + "Name": "github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric", + "Identifier": { + "PURL": "pkg:golang/github.com/googlecloudplatform/opentelemetry-operations-go/exporter/metric@v0.55.0", + "UID": "50288f5cba67d6e7" + }, + "Version": "v0.55.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping@v0.55.0", + "Name": "github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping", + "Identifier": { + "PURL": "pkg:golang/github.com/googlecloudplatform/opentelemetry-operations-go/internal/resourcemapping@v0.55.0", + "UID": "a9a9981d7f0bff4e" + }, + "Version": "v0.55.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Intevation/gval@v1.3.0", + "Name": "github.com/Intevation/gval", + "Identifier": { + "PURL": "pkg:golang/github.com/intevation/gval@v1.3.0", + "UID": "fa3c462812e871fb" + }, + "Version": "v1.3.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Intevation/jsonpath@v0.2.1", + "Name": "github.com/Intevation/jsonpath", + "Identifier": { + "PURL": "pkg:golang/github.com/intevation/jsonpath@v0.2.1", + "UID": "a9a60cabd7f99c0c" + }, + "Version": "v0.2.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/MakeNowJust/heredoc@v1.0.0", + "Name": "github.com/MakeNowJust/heredoc", + "Identifier": { + "PURL": "pkg:golang/github.com/makenowjust/heredoc@v1.0.0", + "UID": "b068af423e564eea" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Masterminds/goutils@v1.1.1", + "Name": "github.com/Masterminds/goutils", + "Identifier": { + "PURL": "pkg:golang/github.com/masterminds/goutils@v1.1.1", + "UID": "37d89d1f385187b5" + }, + "Version": "v1.1.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Masterminds/semver/v3@v3.4.0", + "Name": "github.com/Masterminds/semver/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/masterminds/semver/v3@v3.4.0", + "UID": "c049fe793ba31e7e" + }, + "Version": "v3.4.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Masterminds/sprig/v3@v3.3.0", + "Name": "github.com/Masterminds/sprig/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/masterminds/sprig/v3@v3.3.0", + "UID": "166233e18a533d23" + }, + "Version": "v3.3.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/Masterminds/squirrel@v1.5.4", + "Name": "github.com/Masterminds/squirrel", + "Identifier": { + "PURL": "pkg:golang/github.com/masterminds/squirrel@v1.5.4", + "UID": "e315e6d3604bd0ec" + }, + "Version": "v1.5.4", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/NYTimes/gziphandler@v1.1.1", + "Name": "github.com/NYTimes/gziphandler", + "Identifier": { + "PURL": "pkg:golang/github.com/nytimes/gziphandler@v1.1.1", + "UID": "52a6f5a72031c19d" + }, + "Version": "v1.1.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/ProtonMail/go-crypto@v1.3.0", + "Name": "github.com/ProtonMail/go-crypto", + "Identifier": { + "PURL": "pkg:golang/github.com/protonmail/go-crypto@v1.3.0", + "UID": "8c7dc483cbcf244" + }, + "Version": "v1.3.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/VividCortex/ewma@v1.2.0", + "Name": "github.com/VividCortex/ewma", + "Identifier": { + "PURL": "pkg:golang/github.com/vividcortex/ewma@v1.2.0", + "UID": "7360e300aa1d5c1c" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/agext/levenshtein@v1.2.3", + "Name": "github.com/agext/levenshtein", + "Identifier": { + "PURL": "pkg:golang/github.com/agext/levenshtein@v1.2.3", + "UID": "ba61c4617bd20321" + }, + "Version": "v1.2.3", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/agnivade/levenshtein@v1.2.1", + "Name": "github.com/agnivade/levenshtein", + "Identifier": { + "PURL": "pkg:golang/github.com/agnivade/levenshtein@v1.2.1", + "UID": "6ee11ca5cc59261f" + }, + "Version": "v1.2.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/alecthomas/chroma@v0.10.0", + "Name": "github.com/alecthomas/chroma", + "Identifier": { + "PURL": "pkg:golang/github.com/alecthomas/chroma@v0.10.0", + "UID": "b8841d03c63fae79" + }, + "Version": "v0.10.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/anchore/go-struct-converter@v0.1.0", + "Name": "github.com/anchore/go-struct-converter", + "Identifier": { + "PURL": "pkg:golang/github.com/anchore/go-struct-converter@v0.1.0", + "UID": "8c9a62b90209b70b" + }, + "Version": "v0.1.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/apparentlymart/go-cidr@v1.1.0", + "Name": "github.com/apparentlymart/go-cidr", + "Identifier": { + "PURL": "pkg:golang/github.com/apparentlymart/go-cidr@v1.1.0", + "UID": "67e2533915fe7827" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/apparentlymart/go-textseg/v15@v15.0.0", + "Name": "github.com/apparentlymart/go-textseg/v15", + "Identifier": { + "PURL": "pkg:golang/github.com/apparentlymart/go-textseg/v15@v15.0.0", + "UID": "7302b909c1a14cd3" + }, + "Version": "v15.0.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aquasecurity/go-gem-version@v0.0.0-20201115065557-8eed6fe000ce", + "Name": "github.com/aquasecurity/go-gem-version", + "Identifier": { + "PURL": "pkg:golang/github.com/aquasecurity/go-gem-version@v0.0.0-20201115065557-8eed6fe000ce", + "UID": "da90d30f7b6732ee" + }, + "Version": "v0.0.0-20201115065557-8eed6fe000ce", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aquasecurity/go-npm-version@v0.0.2", + "Name": "github.com/aquasecurity/go-npm-version", + "Identifier": { + "PURL": "pkg:golang/github.com/aquasecurity/go-npm-version@v0.0.2", + "UID": "aa93be567b62bbfe" + }, + "Version": "v0.0.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aquasecurity/go-pep440-version@v0.0.1", + "Name": "github.com/aquasecurity/go-pep440-version", + "Identifier": { + "PURL": "pkg:golang/github.com/aquasecurity/go-pep440-version@v0.0.1", + "UID": "cedc73fe91c54bda" + }, + "Version": "v0.0.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aquasecurity/go-version@v0.0.1", + "Name": "github.com/aquasecurity/go-version", + "Identifier": { + "PURL": "pkg:golang/github.com/aquasecurity/go-version@v0.0.1", + "UID": "5cf24bc2cd5d0fdb" + }, + "Version": "v0.0.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aquasecurity/iamgo@v0.0.10", + "Name": "github.com/aquasecurity/iamgo", + "Identifier": { + "PURL": "pkg:golang/github.com/aquasecurity/iamgo@v0.0.10", + "UID": "93152bd8e471e265" + }, + "Version": "v0.0.10", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aquasecurity/jfather@v0.0.8", + "Name": "github.com/aquasecurity/jfather", + "Identifier": { + "PURL": "pkg:golang/github.com/aquasecurity/jfather@v0.0.8", + "UID": "bf15b08043cea001" + }, + "Version": "v0.0.8", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aquasecurity/table@v1.11.0", + "Name": "github.com/aquasecurity/table", + "Identifier": { + "PURL": "pkg:golang/github.com/aquasecurity/table@v1.11.0", + "UID": "14a3aabc245ea1dc" + }, + "Version": "v1.11.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aquasecurity/tml@v0.6.1", + "Name": "github.com/aquasecurity/tml", + "Identifier": { + "PURL": "pkg:golang/github.com/aquasecurity/tml@v0.6.1", + "UID": "7661a770247124b5" + }, + "Version": "v0.6.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aquasecurity/trivy-checks@v1.12.2-0.20251219190323-79d27547baf5", + "Name": "github.com/aquasecurity/trivy-checks", + "Identifier": { + "PURL": "pkg:golang/github.com/aquasecurity/trivy-checks@v1.12.2-0.20251219190323-79d27547baf5", + "UID": "9faa6481b79673ca" + }, + "Version": "v1.12.2-0.20251219190323-79d27547baf5", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aquasecurity/trivy-db@v0.0.0-20251222105351-a833f47f8f0d", + "Name": "github.com/aquasecurity/trivy-db", + "Identifier": { + "PURL": "pkg:golang/github.com/aquasecurity/trivy-db@v0.0.0-20251222105351-a833f47f8f0d", + "UID": "3bfa832052a25e02" + }, + "Version": "v0.0.0-20251222105351-a833f47f8f0d", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aquasecurity/trivy-java-db@v0.0.0-20240109071736-184bd7481d48", + "Name": "github.com/aquasecurity/trivy-java-db", + "Identifier": { + "PURL": "pkg:golang/github.com/aquasecurity/trivy-java-db@v0.0.0-20240109071736-184bd7481d48", + "UID": "333174c279cee4b4" + }, + "Version": "v0.0.0-20240109071736-184bd7481d48", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aquasecurity/trivy-kubernetes@v0.9.1", + "Name": "github.com/aquasecurity/trivy-kubernetes", + "Identifier": { + "PURL": "pkg:golang/github.com/aquasecurity/trivy-kubernetes@v0.9.1", + "UID": "57e7108b9dbce948" + }, + "Version": "v0.9.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/asaskevich/govalidator@v0.0.0-20230301143203-a9d515a09cc2", + "Name": "github.com/asaskevich/govalidator", + "Identifier": { + "PURL": "pkg:golang/github.com/asaskevich/govalidator@v0.0.0-20230301143203-a9d515a09cc2", + "UID": "748caa937e831829" + }, + "Version": "v0.0.0-20230301143203-a9d515a09cc2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2@v1.41.5", + "Name": "github.com/aws/aws-sdk-go-v2", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2@v1.41.5", + "UID": "d0f15a16c6e2ebd9" + }, + "Version": "v1.41.5", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream@v1.7.8", + "Name": "github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream@v1.7.8", + "UID": "7139731b3c2d4f0b" + }, + "Version": "v1.7.8", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/config@v1.32.12", + "Name": "github.com/aws/aws-sdk-go-v2/config", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/config@v1.32.12", + "UID": "98ddbead56697e85" + }, + "Version": "v1.32.12", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/credentials@v1.19.12", + "Name": "github.com/aws/aws-sdk-go-v2/credentials", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/credentials@v1.19.12", + "UID": "743d75746fff57b8" + }, + "Version": "v1.19.12", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.20", + "Name": "github.com/aws/aws-sdk-go-v2/feature/ec2/imds", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.20", + "UID": "86e8cf7982efa9f7" + }, + "Version": "v1.18.20", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.21", + "Name": "github.com/aws/aws-sdk-go-v2/internal/configsources", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.21", + "UID": "b1e5c4852b425059" + }, + "Version": "v1.4.21", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.21", + "Name": "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.21", + "UID": "6109162ea01bb525" + }, + "Version": "v2.7.21", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", + "Name": "github.com/aws/aws-sdk-go-v2/internal/ini", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", + "UID": "352227855b3f8171" + }, + "Version": "v1.8.6", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/internal/v4a@v1.4.22", + "Name": "github.com/aws/aws-sdk-go-v2/internal/v4a", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/v4a@v1.4.22", + "UID": "e042f682bd481bae" + }, + "Version": "v1.4.22", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/ebs@v1.22.1", + "Name": "github.com/aws/aws-sdk-go-v2/service/ebs", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/ebs@v1.22.1", + "UID": "d376858ebfa4efc5" + }, + "Version": "v1.22.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/ec2@v1.290.0", + "Name": "github.com/aws/aws-sdk-go-v2/service/ec2", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/ec2@v1.290.0", + "UID": "4c6d110a4b1a2b9" + }, + "Version": "v1.290.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/ecr@v1.55.2", + "Name": "github.com/aws/aws-sdk-go-v2/service/ecr", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/ecr@v1.55.2", + "UID": "d313cd21e64bd3b5" + }, + "Version": "v1.55.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", + "Name": "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", + "UID": "264e4852134677d" + }, + "Version": "v1.13.7", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/internal/checksum@v1.9.13", + "Name": "github.com/aws/aws-sdk-go-v2/service/internal/checksum", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/internal/checksum@v1.9.13", + "UID": "bc993c0e51723c61" + }, + "Version": "v1.9.13", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.21", + "Name": "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.21", + "UID": "b7d5cb751e275ce7" + }, + "Version": "v1.13.21", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/internal/s3shared@v1.19.21", + "Name": "github.com/aws/aws-sdk-go-v2/service/internal/s3shared", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/internal/s3shared@v1.19.21", + "UID": "a8fd92a1eb41ecd6" + }, + "Version": "v1.19.21", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/s3@v1.97.3", + "Name": "github.com/aws/aws-sdk-go-v2/service/s3", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/s3@v1.97.3", + "UID": "52116e8eca12d5af" + }, + "Version": "v1.97.3", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/signin@v1.0.8", + "Name": "github.com/aws/aws-sdk-go-v2/service/signin", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/signin@v1.0.8", + "UID": "7d647df9ee9b6e87" + }, + "Version": "v1.0.8", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/sso@v1.30.13", + "Name": "github.com/aws/aws-sdk-go-v2/service/sso", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/sso@v1.30.13", + "UID": "6df2547c61b3a33d" + }, + "Version": "v1.30.13", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.17", + "Name": "github.com/aws/aws-sdk-go-v2/service/ssooidc", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.17", + "UID": "41a36a54098d454c" + }, + "Version": "v1.35.17", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/aws-sdk-go-v2/service/sts@v1.41.9", + "Name": "github.com/aws/aws-sdk-go-v2/service/sts", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/sts@v1.41.9", + "UID": "38fa3cce8bd090bb" + }, + "Version": "v1.41.9", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/aws/smithy-go@v1.24.2", + "Name": "github.com/aws/smithy-go", + "Identifier": { + "PURL": "pkg:golang/github.com/aws/smithy-go@v1.24.2", + "UID": "6dce721f3a9fe03" + }, + "Version": "v1.24.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/bgentry/go-netrc@v0.0.0-20140422174119-9fd32a8b3d3d", + "Name": "github.com/bgentry/go-netrc", + "Identifier": { + "PURL": "pkg:golang/github.com/bgentry/go-netrc@v0.0.0-20140422174119-9fd32a8b3d3d", + "UID": "7155361c56c63d88" + }, + "Version": "v0.0.0-20140422174119-9fd32a8b3d3d", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/bitnami/go-version@v0.0.0-20231130084017-bb00604d650c", + "Name": "github.com/bitnami/go-version", + "Identifier": { + "PURL": "pkg:golang/github.com/bitnami/go-version@v0.0.0-20231130084017-bb00604d650c", + "UID": "c60f8b011537a993" + }, + "Version": "v0.0.0-20231130084017-bb00604d650c", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/blang/semver@v3.5.1+incompatible", + "Name": "github.com/blang/semver", + "Identifier": { + "PURL": "pkg:golang/github.com/blang/semver@v3.5.1%2Bincompatible", + "UID": "6aea81035a2e6920" + }, + "Version": "v3.5.1+incompatible", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/blang/semver/v4@v4.0.0", + "Name": "github.com/blang/semver/v4", + "Identifier": { + "PURL": "pkg:golang/github.com/blang/semver/v4@v4.0.0", + "UID": "3459292fd94134d7" + }, + "Version": "v4.0.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/bmatcuk/doublestar/v4@v4.10.0", + "Name": "github.com/bmatcuk/doublestar/v4", + "Identifier": { + "PURL": "pkg:golang/github.com/bmatcuk/doublestar/v4@v4.10.0", + "UID": "f7f88ed60346878f" + }, + "Version": "v4.10.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/briandowns/spinner@v1.23.0", + "Name": "github.com/briandowns/spinner", + "Identifier": { + "PURL": "pkg:golang/github.com/briandowns/spinner@v1.23.0", + "UID": "f9e42def9281dc64" + }, + "Version": "v1.23.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cenkalti/backoff/v4@v4.3.0", + "Name": "github.com/cenkalti/backoff/v4", + "Identifier": { + "PURL": "pkg:golang/github.com/cenkalti/backoff/v4@v4.3.0", + "UID": "d60a15ccb83435c3" + }, + "Version": "v4.3.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cenkalti/backoff/v5@v5.0.3", + "Name": "github.com/cenkalti/backoff/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/cenkalti/backoff/v5@v5.0.3", + "UID": "b413c9d5ede90ef1" + }, + "Version": "v5.0.3", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cespare/xxhash/v2@v2.3.0", + "Name": "github.com/cespare/xxhash/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0", + "UID": "7420e8489ac3e3df" + }, + "Version": "v2.3.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/chai2010/gettext-go@v1.0.2", + "Name": "github.com/chai2010/gettext-go", + "Identifier": { + "PURL": "pkg:golang/github.com/chai2010/gettext-go@v1.0.2", + "UID": "31122e61f0e8c561" + }, + "Version": "v1.0.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cheggaaa/pb/v3@v3.1.7", + "Name": "github.com/cheggaaa/pb/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/cheggaaa/pb/v3@v3.1.7", + "UID": "c49347f7daeef85f" + }, + "Version": "v3.1.7", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cloudflare/circl@v1.6.3", + "Name": "github.com/cloudflare/circl", + "Identifier": { + "PURL": "pkg:golang/github.com/cloudflare/circl@v1.6.3", + "UID": "7dd212f6b7e4add7" + }, + "Version": "v1.6.3", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cncf/xds/go@v0.0.0-20251210132809-ee656c7534f5", + "Name": "github.com/cncf/xds/go", + "Identifier": { + "PURL": "pkg:golang/github.com/cncf/xds/go@v0.0.0-20251210132809-ee656c7534f5", + "UID": "12e0fd4ab66a4933" + }, + "Version": "v0.0.0-20251210132809-ee656c7534f5", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/containerd/containerd@v1.7.30", + "Name": "github.com/containerd/containerd", + "Identifier": { + "PURL": "pkg:golang/github.com/containerd/containerd@v1.7.30", + "UID": "8a3aa4155939eb09" + }, + "Version": "v1.7.30", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/containerd/containerd/api@v1.10.0", + "Name": "github.com/containerd/containerd/api", + "Identifier": { + "PURL": "pkg:golang/github.com/containerd/containerd/api@v1.10.0", + "UID": "b54dc237d643f400" + }, + "Version": "v1.10.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/containerd/containerd/v2@v2.2.2", + "Name": "github.com/containerd/containerd/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/containerd/containerd/v2@v2.2.2", + "UID": "e463cbb6b7f5a5c1" + }, + "Version": "v2.2.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/containerd/continuity@v0.4.5", + "Name": "github.com/containerd/continuity", + "Identifier": { + "PURL": "pkg:golang/github.com/containerd/continuity@v0.4.5", + "UID": "24fc0316059e88fc" + }, + "Version": "v0.4.5", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/containerd/errdefs@v1.0.0", + "Name": "github.com/containerd/errdefs", + "Identifier": { + "PURL": "pkg:golang/github.com/containerd/errdefs@v1.0.0", + "UID": "2f6a100f51f96d0b" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/containerd/errdefs/pkg@v0.3.0", + "Name": "github.com/containerd/errdefs/pkg", + "Identifier": { + "PURL": "pkg:golang/github.com/containerd/errdefs/pkg@v0.3.0", + "UID": "a2e103ed59fc1a8b" + }, + "Version": "v0.3.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/containerd/fifo@v1.1.0", + "Name": "github.com/containerd/fifo", + "Identifier": { + "PURL": "pkg:golang/github.com/containerd/fifo@v1.1.0", + "UID": "74f97782f798c55a" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/containerd/log@v0.1.0", + "Name": "github.com/containerd/log", + "Identifier": { + "PURL": "pkg:golang/github.com/containerd/log@v0.1.0", + "UID": "521059ac4c61a913" + }, + "Version": "v0.1.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/containerd/platforms@v1.0.0-rc.4", + "Name": "github.com/containerd/platforms", + "Identifier": { + "PURL": "pkg:golang/github.com/containerd/platforms@v1.0.0-rc.4", + "UID": "fe4a42a0d011600c" + }, + "Version": "v1.0.0-rc.4", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/containerd/plugin@v1.0.0", + "Name": "github.com/containerd/plugin", + "Identifier": { + "PURL": "pkg:golang/github.com/containerd/plugin@v1.0.0", + "UID": "90d7a4cd62ba315" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/containerd/stargz-snapshotter/estargz@v0.18.2", + "Name": "github.com/containerd/stargz-snapshotter/estargz", + "Identifier": { + "PURL": "pkg:golang/github.com/containerd/stargz-snapshotter/estargz@v0.18.2", + "UID": "14b6d6355aae7692" + }, + "Version": "v0.18.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/containerd/ttrpc@v1.2.8", + "Name": "github.com/containerd/ttrpc", + "Identifier": { + "PURL": "pkg:golang/github.com/containerd/ttrpc@v1.2.8", + "UID": "7002e885ca0711a" + }, + "Version": "v1.2.8", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/containerd/typeurl/v2@v2.2.3", + "Name": "github.com/containerd/typeurl/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/containerd/typeurl/v2@v2.2.3", + "UID": "545d3a854aa31468" + }, + "Version": "v2.2.3", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/coreos/go-oidc/v3@v3.17.0", + "Name": "github.com/coreos/go-oidc/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/coreos/go-oidc/v3@v3.17.0", + "UID": "228c0c54f092b6fc" + }, + "Version": "v3.17.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cyberphone/json-canonicalization@v0.0.0-20241213102144-19d51d7fe467", + "Name": "github.com/cyberphone/json-canonicalization", + "Identifier": { + "PURL": "pkg:golang/github.com/cyberphone/json-canonicalization@v0.0.0-20241213102144-19d51d7fe467", + "UID": "de38c87c6788664b" + }, + "Version": "v0.0.0-20241213102144-19d51d7fe467", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/cyphar/filepath-securejoin@v0.6.1", + "Name": "github.com/cyphar/filepath-securejoin", + "Identifier": { + "PURL": "pkg:golang/github.com/cyphar/filepath-securejoin@v0.6.1", + "UID": "ae3fbe4ef77ee834" + }, + "Version": "v0.6.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "Name": "github.com/davecgh/go-spew", + "Identifier": { + "PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", + "UID": "177deb7bf0e6e1da" + }, + "Version": "v1.1.2-0.20180830191138-d8f796af33cc", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/dgryski/go-rendezvous@v0.0.0-20200823014737-9f7001d12a5f", + "Name": "github.com/dgryski/go-rendezvous", + "Identifier": { + "PURL": "pkg:golang/github.com/dgryski/go-rendezvous@v0.0.0-20200823014737-9f7001d12a5f", + "UID": "8e6aeda998d11e9" + }, + "Version": "v0.0.0-20200823014737-9f7001d12a5f", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/digitorus/pkcs7@v0.0.0-20230818184609-3a137a874352", + "Name": "github.com/digitorus/pkcs7", + "Identifier": { + "PURL": "pkg:golang/github.com/digitorus/pkcs7@v0.0.0-20230818184609-3a137a874352", + "UID": "c0e08d90f6138dd3" + }, + "Version": "v0.0.0-20230818184609-3a137a874352", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/digitorus/timestamp@v0.0.0-20231217203849-220c5c2851b7", + "Name": "github.com/digitorus/timestamp", + "Identifier": { + "PURL": "pkg:golang/github.com/digitorus/timestamp@v0.0.0-20231217203849-220c5c2851b7", + "UID": "ff13c2f135349018" + }, + "Version": "v0.0.0-20231217203849-220c5c2851b7", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/distribution/reference@v0.6.0", + "Name": "github.com/distribution/reference", + "Identifier": { + "PURL": "pkg:golang/github.com/distribution/reference@v0.6.0", + "UID": "e0231b6ce8eedfdc" + }, + "Version": "v0.6.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/dlclark/regexp2@v1.11.0", + "Name": "github.com/dlclark/regexp2", + "Identifier": { + "PURL": "pkg:golang/github.com/dlclark/regexp2@v1.11.0", + "UID": "8463b6fd36d46358" + }, + "Version": "v1.11.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/docker/cli@v29.4.0+incompatible", + "Name": "github.com/docker/cli", + "Identifier": { + "PURL": "pkg:golang/github.com/docker/cli@v29.4.0%2Bincompatible", + "UID": "bae265f20ee2749" + }, + "Version": "v29.4.0+incompatible", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/docker/distribution@v2.8.3+incompatible", + "Name": "github.com/docker/distribution", + "Identifier": { + "PURL": "pkg:golang/github.com/docker/distribution@v2.8.3%2Bincompatible", + "UID": "f609c2b0edbf528c" + }, + "Version": "v2.8.3+incompatible", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/docker/docker-credential-helpers@v0.9.5", + "Name": "github.com/docker/docker-credential-helpers", + "Identifier": { + "PURL": "pkg:golang/github.com/docker/docker-credential-helpers@v0.9.5", + "UID": "664cef0f793703cb" + }, + "Version": "v0.9.5", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/docker/go-connections@v0.6.0", + "Name": "github.com/docker/go-connections", + "Identifier": { + "PURL": "pkg:golang/github.com/docker/go-connections@v0.6.0", + "UID": "c390a1201a106d4d" + }, + "Version": "v0.6.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/docker/go-units@v0.5.0", + "Name": "github.com/docker/go-units", + "Identifier": { + "PURL": "pkg:golang/github.com/docker/go-units@v0.5.0", + "UID": "7699d652ae140b3d" + }, + "Version": "v0.5.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/dsnet/compress@v0.0.2-0.20230904184137-39efe44ab707", + "Name": "github.com/dsnet/compress", + "Identifier": { + "PURL": "pkg:golang/github.com/dsnet/compress@v0.0.2-0.20230904184137-39efe44ab707", + "UID": "341d202e7fbf0123" + }, + "Version": "v0.0.2-0.20230904184137-39efe44ab707", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/dustin/go-humanize@v1.0.1", + "Name": "github.com/dustin/go-humanize", + "Identifier": { + "PURL": "pkg:golang/github.com/dustin/go-humanize@v1.0.1", + "UID": "25825162961c806c" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/emicklei/go-restful/v3@v3.13.0", + "Name": "github.com/emicklei/go-restful/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/emicklei/go-restful/v3@v3.13.0", + "UID": "457fed7f74a7bb23" + }, + "Version": "v3.13.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/emirpasic/gods@v1.18.1", + "Name": "github.com/emirpasic/gods", + "Identifier": { + "PURL": "pkg:golang/github.com/emirpasic/gods@v1.18.1", + "UID": "df2f169083665ebb" + }, + "Version": "v1.18.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/envoyproxy/go-control-plane/envoy@v1.36.0", + "Name": "github.com/envoyproxy/go-control-plane/envoy", + "Identifier": { + "PURL": "pkg:golang/github.com/envoyproxy/go-control-plane/envoy@v1.36.0", + "UID": "f376c48de84dc16a" + }, + "Version": "v1.36.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/envoyproxy/protoc-gen-validate@v1.3.0", + "Name": "github.com/envoyproxy/protoc-gen-validate", + "Identifier": { + "PURL": "pkg:golang/github.com/envoyproxy/protoc-gen-validate@v1.3.0", + "UID": "d963ad27de6540ba" + }, + "Version": "v1.3.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/evanphx/json-patch@v5.9.11+incompatible", + "Name": "github.com/evanphx/json-patch", + "Identifier": { + "PURL": "pkg:golang/github.com/evanphx/json-patch@v5.9.11%2Bincompatible", + "UID": "ada729514d5237d8" + }, + "Version": "v5.9.11+incompatible", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/exponent-io/jsonpath@v0.0.0-20210407135951-1de76d718b3f", + "Name": "github.com/exponent-io/jsonpath", + "Identifier": { + "PURL": "pkg:golang/github.com/exponent-io/jsonpath@v0.0.0-20210407135951-1de76d718b3f", + "UID": "932561f5279c2e0" + }, + "Version": "v0.0.0-20210407135951-1de76d718b3f", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/fatih/color@v1.19.0", + "Name": "github.com/fatih/color", + "Identifier": { + "PURL": "pkg:golang/github.com/fatih/color@v1.19.0", + "UID": "75527f86957cee76" + }, + "Version": "v1.19.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/felixge/httpsnoop@v1.0.4", + "Name": "github.com/felixge/httpsnoop", + "Identifier": { + "PURL": "pkg:golang/github.com/felixge/httpsnoop@v1.0.4", + "UID": "8cd8c4aa1f9cbb59" + }, + "Version": "v1.0.4", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/fsnotify/fsnotify@v1.9.0", + "Name": "github.com/fsnotify/fsnotify", + "Identifier": { + "PURL": "pkg:golang/github.com/fsnotify/fsnotify@v1.9.0", + "UID": "442635c0cd3c2f64" + }, + "Version": "v1.9.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/fvbommel/sortorder@v1.1.0", + "Name": "github.com/fvbommel/sortorder", + "Identifier": { + "PURL": "pkg:golang/github.com/fvbommel/sortorder@v1.1.0", + "UID": "c9d2cd52a9cbcb3d" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/fxamacker/cbor/v2@v2.9.0", + "Name": "github.com/fxamacker/cbor/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/fxamacker/cbor/v2@v2.9.0", + "UID": "f1e66889e749c6f8" + }, + "Version": "v2.9.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-chi/chi/v5@v5.2.5", + "Name": "github.com/go-chi/chi/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/go-chi/chi/v5@v5.2.5", + "UID": "a4efc862bac87022" + }, + "Version": "v5.2.5", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-errors/errors@v1.4.2", + "Name": "github.com/go-errors/errors", + "Identifier": { + "PURL": "pkg:golang/github.com/go-errors/errors@v1.4.2", + "UID": "a8ccf9e9b2b48be" + }, + "Version": "v1.4.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-git/gcfg@v1.5.1-0.20230307220236-3a3c6141e376", + "Name": "github.com/go-git/gcfg", + "Identifier": { + "PURL": "pkg:golang/github.com/go-git/gcfg@v1.5.1-0.20230307220236-3a3c6141e376", + "UID": "68d2db0be8cd7b36" + }, + "Version": "v1.5.1-0.20230307220236-3a3c6141e376", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-git/go-billy/v5@v5.8.0", + "Name": "github.com/go-git/go-billy/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/go-git/go-billy/v5@v5.8.0", + "UID": "a9d04c20d96dbd1f" + }, + "Version": "v5.8.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-git/go-git/v5@v5.17.2", + "Name": "github.com/go-git/go-git/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/go-git/go-git/v5@v5.17.2", + "UID": "d4aabe835d9af77e" + }, + "Version": "v5.17.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-gorp/gorp/v3@v3.1.0", + "Name": "github.com/go-gorp/gorp/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/go-gorp/gorp/v3@v3.1.0", + "UID": "6da688dfefb3f370" + }, + "Version": "v3.1.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-ini/ini@v1.67.0", + "Name": "github.com/go-ini/ini", + "Identifier": { + "PURL": "pkg:golang/github.com/go-ini/ini@v1.67.0", + "UID": "4ae900b73cd81f6e" + }, + "Version": "v1.67.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-jose/go-jose/v4@v4.1.4", + "Name": "github.com/go-jose/go-jose/v4", + "Identifier": { + "PURL": "pkg:golang/github.com/go-jose/go-jose/v4@v4.1.4", + "UID": "75bc8b9f782c4e3b" + }, + "Version": "v4.1.4", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/logr@v1.4.3", + "Name": "github.com/go-logr/logr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/logr@v1.4.3", + "UID": "9b65828b74992e71" + }, + "Version": "v1.4.3", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-logr/stdr@v1.2.2", + "Name": "github.com/go-logr/stdr", + "Identifier": { + "PURL": "pkg:golang/github.com/go-logr/stdr@v1.2.2", + "UID": "b63365cd332e6c8a" + }, + "Version": "v1.2.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/analysis@v0.24.3", + "Name": "github.com/go-openapi/analysis", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/analysis@v0.24.3", + "UID": "c37ba67596b9ac1e" + }, + "Version": "v0.24.3", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/errors@v0.22.7", + "Name": "github.com/go-openapi/errors", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/errors@v0.22.7", + "UID": "a868f9fe9c399df9" + }, + "Version": "v0.22.7", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/jsonpointer@v0.22.5", + "Name": "github.com/go-openapi/jsonpointer", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/jsonpointer@v0.22.5", + "UID": "ab316ef725e2dcca" + }, + "Version": "v0.22.5", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/jsonreference@v0.21.5", + "Name": "github.com/go-openapi/jsonreference", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/jsonreference@v0.21.5", + "UID": "383fdd803290f543" + }, + "Version": "v0.21.5", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/loads@v0.23.3", + "Name": "github.com/go-openapi/loads", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/loads@v0.23.3", + "UID": "da38871085d1e5e2" + }, + "Version": "v0.23.3", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/runtime@v0.29.3", + "Name": "github.com/go-openapi/runtime", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/runtime@v0.29.3", + "UID": "1287c4a9b21ecc1" + }, + "Version": "v0.29.3", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/spec@v0.22.4", + "Name": "github.com/go-openapi/spec", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/spec@v0.22.4", + "UID": "cb4af003201cfff0" + }, + "Version": "v0.22.4", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/strfmt@v0.26.1", + "Name": "github.com/go-openapi/strfmt", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/strfmt@v0.26.1", + "UID": "90dca1913340f7d" + }, + "Version": "v0.26.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag@v0.25.5", + "Name": "github.com/go-openapi/swag", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag@v0.25.5", + "UID": "cd98a5968759c59a" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/cmdutils@v0.25.5", + "Name": "github.com/go-openapi/swag/cmdutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/cmdutils@v0.25.5", + "UID": "2251e3e073452027" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/conv@v0.25.5", + "Name": "github.com/go-openapi/swag/conv", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/conv@v0.25.5", + "UID": "af277c8e160446c2" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/fileutils@v0.25.5", + "Name": "github.com/go-openapi/swag/fileutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/fileutils@v0.25.5", + "UID": "c98e912a19b1153" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/jsonname@v0.25.5", + "Name": "github.com/go-openapi/swag/jsonname", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/jsonname@v0.25.5", + "UID": "c3fe991888a31cf9" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/jsonutils@v0.25.5", + "Name": "github.com/go-openapi/swag/jsonutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/jsonutils@v0.25.5", + "UID": "abb77528d461238e" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/loading@v0.25.5", + "Name": "github.com/go-openapi/swag/loading", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/loading@v0.25.5", + "UID": "685b41496b381af5" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/mangling@v0.25.5", + "Name": "github.com/go-openapi/swag/mangling", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/mangling@v0.25.5", + "UID": "c3dc10871d1fe56a" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/netutils@v0.25.5", + "Name": "github.com/go-openapi/swag/netutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/netutils@v0.25.5", + "UID": "fc64e297d4730486" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/stringutils@v0.25.5", + "Name": "github.com/go-openapi/swag/stringutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/stringutils@v0.25.5", + "UID": "96b887c052452258" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/typeutils@v0.25.5", + "Name": "github.com/go-openapi/swag/typeutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/typeutils@v0.25.5", + "UID": "f9ffcec6f9f7d4e9" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/swag/yamlutils@v0.25.5", + "Name": "github.com/go-openapi/swag/yamlutils", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/swag/yamlutils@v0.25.5", + "UID": "19a94317bd31eb24" + }, + "Version": "v0.25.5", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-openapi/validate@v0.25.2", + "Name": "github.com/go-openapi/validate", + "Identifier": { + "PURL": "pkg:golang/github.com/go-openapi/validate@v0.25.2", + "UID": "31f101a2dc168a5" + }, + "Version": "v0.25.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-redis/redis/v8@v8.11.5", + "Name": "github.com/go-redis/redis/v8", + "Identifier": { + "PURL": "pkg:golang/github.com/go-redis/redis/v8@v8.11.5", + "UID": "a6b25aa71308a0be" + }, + "Version": "v8.11.5", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/go-viper/mapstructure/v2@v2.5.0", + "Name": "github.com/go-viper/mapstructure/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/go-viper/mapstructure/v2@v2.5.0", + "UID": "670ec7107ce43c3" + }, + "Version": "v2.5.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gobwas/glob@v0.2.3", + "Name": "github.com/gobwas/glob", + "Identifier": { + "PURL": "pkg:golang/github.com/gobwas/glob@v0.2.3", + "UID": "4bfc27b14d8230cd" + }, + "Version": "v0.2.3", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gocsaf/csaf/v3@v3.5.1", + "Name": "github.com/gocsaf/csaf/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/gocsaf/csaf/v3@v3.5.1", + "UID": "6da99e8e9e275b0e" + }, + "Version": "v3.5.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gogo/protobuf@v1.3.2", + "Name": "github.com/gogo/protobuf", + "Identifier": { + "PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2", + "UID": "bd605447eccb6b6" + }, + "Version": "v1.3.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang-jwt/jwt/v5@v5.3.1", + "Name": "github.com/golang-jwt/jwt/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/golang-jwt/jwt/v5@v5.3.1", + "UID": "28944257493e3b0b" + }, + "Version": "v5.3.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/groupcache@v0.0.0-20241129210726-2c02b8208cf8", + "Name": "github.com/golang/groupcache", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/groupcache@v0.0.0-20241129210726-2c02b8208cf8", + "UID": "f7634b74afb299e5" + }, + "Version": "v0.0.0-20241129210726-2c02b8208cf8", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/golang/snappy@v0.0.4", + "Name": "github.com/golang/snappy", + "Identifier": { + "PURL": "pkg:golang/github.com/golang/snappy@v0.0.4", + "UID": "b3ace0027834640d" + }, + "Version": "v0.0.4", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/btree@v1.1.3", + "Name": "github.com/google/btree", + "Identifier": { + "PURL": "pkg:golang/github.com/google/btree@v1.1.3", + "UID": "ce96f8e1fe72622a" + }, + "Version": "v1.1.3", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/certificate-transparency-go@v1.3.2", + "Name": "github.com/google/certificate-transparency-go", + "Identifier": { + "PURL": "pkg:golang/github.com/google/certificate-transparency-go@v1.3.2", + "UID": "cfce12744a264325" + }, + "Version": "v1.3.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/gnostic-models@v0.7.0", + "Name": "github.com/google/gnostic-models", + "Identifier": { + "PURL": "pkg:golang/github.com/google/gnostic-models@v0.7.0", + "UID": "fd1a49f61e834953" + }, + "Version": "v0.7.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/go-cmp@v0.7.0", + "Name": "github.com/google/go-cmp", + "Identifier": { + "PURL": "pkg:golang/github.com/google/go-cmp@v0.7.0", + "UID": "e3c84b5fba3830a0" + }, + "Version": "v0.7.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/go-containerregistry@v0.21.2", + "Name": "github.com/google/go-containerregistry", + "Identifier": { + "PURL": "pkg:golang/github.com/google/go-containerregistry@v0.21.2", + "UID": "ed3919294eb028ee" + }, + "Version": "v0.21.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/go-github/v62@v62.0.0", + "Name": "github.com/google/go-github/v62", + "Identifier": { + "PURL": "pkg:golang/github.com/google/go-github/v62@v62.0.0", + "UID": "19b5e2550861be92" + }, + "Version": "v62.0.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/go-querystring@v1.1.0", + "Name": "github.com/google/go-querystring", + "Identifier": { + "PURL": "pkg:golang/github.com/google/go-querystring@v1.1.0", + "UID": "5f3daded25b8c1d4" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/licenseclassifier/v2@v2.0.0", + "Name": "github.com/google/licenseclassifier/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/google/licenseclassifier/v2@v2.0.0", + "UID": "2aec5b25a72ccee9" + }, + "Version": "v2.0.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/s2a-go@v0.1.9", + "Name": "github.com/google/s2a-go", + "Identifier": { + "PURL": "pkg:golang/github.com/google/s2a-go@v0.1.9", + "UID": "94f441342607d6a2" + }, + "Version": "v0.1.9", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/google/uuid@v1.6.0", + "Name": "github.com/google/uuid", + "Identifier": { + "PURL": "pkg:golang/github.com/google/uuid@v1.6.0", + "UID": "4adfd753a865f35c" + }, + "Version": "v1.6.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/googleapis/enterprise-certificate-proxy@v0.3.14", + "Name": "github.com/googleapis/enterprise-certificate-proxy", + "Identifier": { + "PURL": "pkg:golang/github.com/googleapis/enterprise-certificate-proxy@v0.3.14", + "UID": "6b3e9f2b79ed48f2" + }, + "Version": "v0.3.14", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/googleapis/gax-go/v2@v2.19.0", + "Name": "github.com/googleapis/gax-go/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/googleapis/gax-go/v2@v2.19.0", + "UID": "ab6bdbe52288f04c" + }, + "Version": "v2.19.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gosuri/uitable@v0.0.4", + "Name": "github.com/gosuri/uitable", + "Identifier": { + "PURL": "pkg:golang/github.com/gosuri/uitable@v0.0.4", + "UID": "635e731e4f2c4de1" + }, + "Version": "v0.0.4", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/gregjones/httpcache@v0.0.0-20190611155906-901d90724c79", + "Name": "github.com/gregjones/httpcache", + "Identifier": { + "PURL": "pkg:golang/github.com/gregjones/httpcache@v0.0.0-20190611155906-901d90724c79", + "UID": "c4b2ee53fc8b5507" + }, + "Version": "v0.0.0-20190611155906-901d90724c79", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/grpc-ecosystem/grpc-gateway/v2@v2.27.7", + "Name": "github.com/grpc-ecosystem/grpc-gateway/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/grpc-ecosystem/grpc-gateway/v2@v2.27.7", + "UID": "ae8690ef198e0f" + }, + "Version": "v2.27.7", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.72", + "Name": "github.com/hashicorp/aws-sdk-go-base/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.72", + "UID": "5d4401a17b34519e" + }, + "Version": "v2.0.0-beta.72", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/errwrap@v1.1.0", + "Name": "github.com/hashicorp/errwrap", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/errwrap@v1.1.0", + "UID": "f9f174fc60d72c60" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-cleanhttp@v0.5.2", + "Name": "github.com/hashicorp/go-cleanhttp", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-cleanhttp@v0.5.2", + "UID": "319168650022a808" + }, + "Version": "v0.5.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-getter@v1.8.6", + "Name": "github.com/hashicorp/go-getter", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-getter@v1.8.6", + "UID": "5f2672a787440ada" + }, + "Version": "v1.8.6", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-multierror@v1.1.1", + "Name": "github.com/hashicorp/go-multierror", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-multierror@v1.1.1", + "UID": "f8a807dbd0ac6b8e" + }, + "Version": "v1.1.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-retryablehttp@v0.7.8", + "Name": "github.com/hashicorp/go-retryablehttp", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-retryablehttp@v0.7.8", + "UID": "850c3b8b1967c5cb" + }, + "Version": "v0.7.8", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-uuid@v1.0.3", + "Name": "github.com/hashicorp/go-uuid", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-uuid@v1.0.3", + "UID": "a6cc044877c2ba56" + }, + "Version": "v1.0.3", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/go-version@v1.9.0", + "Name": "github.com/hashicorp/go-version", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/go-version@v1.9.0", + "UID": "a9df302b362a91b0" + }, + "Version": "v1.9.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/golang-lru/v2@v2.0.7", + "Name": "github.com/hashicorp/golang-lru/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/golang-lru/v2@v2.0.7", + "UID": "892de27466788eb3" + }, + "Version": "v2.0.7", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/hashicorp/hcl/v2@v2.24.0", + "Name": "github.com/hashicorp/hcl/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/hashicorp/hcl/v2@v2.24.0", + "UID": "63418544b8efe68" + }, + "Version": "v2.24.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/huandu/xstrings@v1.5.0", + "Name": "github.com/huandu/xstrings", + "Identifier": { + "PURL": "pkg:golang/github.com/huandu/xstrings@v1.5.0", + "UID": "eff1932730483db9" + }, + "Version": "v1.5.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/in-toto/attestation@v1.1.2", + "Name": "github.com/in-toto/attestation", + "Identifier": { + "PURL": "pkg:golang/github.com/in-toto/attestation@v1.1.2", + "UID": "79bfbbf807da507b" + }, + "Version": "v1.1.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/in-toto/in-toto-golang@v0.10.0", + "Name": "github.com/in-toto/in-toto-golang", + "Identifier": { + "PURL": "pkg:golang/github.com/in-toto/in-toto-golang@v0.10.0", + "UID": "74c4305e96ee4efa" + }, + "Version": "v0.10.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jbenet/go-context@v0.0.0-20150711004518-d14ea06fba99", + "Name": "github.com/jbenet/go-context", + "Identifier": { + "PURL": "pkg:golang/github.com/jbenet/go-context@v0.0.0-20150711004518-d14ea06fba99", + "UID": "b187397dc575a5b8" + }, + "Version": "v0.0.0-20150711004518-d14ea06fba99", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jedisct1/go-minisign@v0.0.0-20230811132847-661be99b8267", + "Name": "github.com/jedisct1/go-minisign", + "Identifier": { + "PURL": "pkg:golang/github.com/jedisct1/go-minisign@v0.0.0-20230811132847-661be99b8267", + "UID": "ba594e09b3ea77d1" + }, + "Version": "v0.0.0-20230811132847-661be99b8267", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/jmoiron/sqlx@v1.4.0", + "Name": "github.com/jmoiron/sqlx", + "Identifier": { + "PURL": "pkg:golang/github.com/jmoiron/sqlx@v1.4.0", + "UID": "c2bbf8c046c155bf" + }, + "Version": "v1.4.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/josephburnett/jd/v2@v2.3.0", + "Name": "github.com/josephburnett/jd/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/josephburnett/jd/v2@v2.3.0", + "UID": "4dc86ae1c3ce3a53" + }, + "Version": "v2.3.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/json-iterator/go@v1.1.12", + "Name": "github.com/json-iterator/go", + "Identifier": { + "PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12", + "UID": "ccf474b777dd1d0a" + }, + "Version": "v1.1.12", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/kevinburke/ssh_config@v1.2.0", + "Name": "github.com/kevinburke/ssh_config", + "Identifier": { + "PURL": "pkg:golang/github.com/kevinburke/ssh_config@v1.2.0", + "UID": "984f626e5be33db1" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/klauspost/compress@v1.18.5", + "Name": "github.com/klauspost/compress", + "Identifier": { + "PURL": "pkg:golang/github.com/klauspost/compress@v1.18.5", + "UID": "bdf42e01995337d9" + }, + "Version": "v1.18.5", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/knqyf263/go-apk-version@v0.0.0-20200609155635-041fdbb8563f", + "Name": "github.com/knqyf263/go-apk-version", + "Identifier": { + "PURL": "pkg:golang/github.com/knqyf263/go-apk-version@v0.0.0-20200609155635-041fdbb8563f", + "UID": "5a439fea08385dc1" + }, + "Version": "v0.0.0-20200609155635-041fdbb8563f", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/knqyf263/go-deb-version@v0.0.0-20241115132648-6f4aee6ccd23", + "Name": "github.com/knqyf263/go-deb-version", + "Identifier": { + "PURL": "pkg:golang/github.com/knqyf263/go-deb-version@v0.0.0-20241115132648-6f4aee6ccd23", + "UID": "59a0ea1156563560" + }, + "Version": "v0.0.0-20241115132648-6f4aee6ccd23", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/knqyf263/go-rpm-version@v0.0.0-20220614171824-631e686d1075", + "Name": "github.com/knqyf263/go-rpm-version", + "Identifier": { + "PURL": "pkg:golang/github.com/knqyf263/go-rpm-version@v0.0.0-20220614171824-631e686d1075", + "UID": "2889647244f1e914" + }, + "Version": "v0.0.0-20220614171824-631e686d1075", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/knqyf263/go-rpmdb@v0.1.1", + "Name": "github.com/knqyf263/go-rpmdb", + "Identifier": { + "PURL": "pkg:golang/github.com/knqyf263/go-rpmdb@v0.1.1", + "UID": "6baa1f6fea56525f" + }, + "Version": "v0.1.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/knqyf263/nested@v0.0.1", + "Name": "github.com/knqyf263/nested", + "Identifier": { + "PURL": "pkg:golang/github.com/knqyf263/nested@v0.0.1", + "UID": "548f1f2ebc2981ff" + }, + "Version": "v0.0.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/kylelemons/godebug@v1.1.0", + "Name": "github.com/kylelemons/godebug", + "Identifier": { + "PURL": "pkg:golang/github.com/kylelemons/godebug@v1.1.0", + "UID": "ff906bab37369ddd" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/lann/builder@v0.0.0-20180802200727-47ae307949d0", + "Name": "github.com/lann/builder", + "Identifier": { + "PURL": "pkg:golang/github.com/lann/builder@v0.0.0-20180802200727-47ae307949d0", + "UID": "7681856814d3464c" + }, + "Version": "v0.0.0-20180802200727-47ae307949d0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/lann/ps@v0.0.0-20150810152359-62de8c46ede0", + "Name": "github.com/lann/ps", + "Identifier": { + "PURL": "pkg:golang/github.com/lann/ps@v0.0.0-20150810152359-62de8c46ede0", + "UID": "11f18e42e534d361" + }, + "Version": "v0.0.0-20150810152359-62de8c46ede0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/lestrrat-go/blackmagic@v1.0.4", + "Name": "github.com/lestrrat-go/blackmagic", + "Identifier": { + "PURL": "pkg:golang/github.com/lestrrat-go/blackmagic@v1.0.4", + "UID": "2f116dd30f37c68e" + }, + "Version": "v1.0.4", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/lestrrat-go/dsig@v1.0.0", + "Name": "github.com/lestrrat-go/dsig", + "Identifier": { + "PURL": "pkg:golang/github.com/lestrrat-go/dsig@v1.0.0", + "UID": "b4561b8403a5cbb7" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/lestrrat-go/httpcc@v1.0.1", + "Name": "github.com/lestrrat-go/httpcc", + "Identifier": { + "PURL": "pkg:golang/github.com/lestrrat-go/httpcc@v1.0.1", + "UID": "92f5816769ba0dce" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/lestrrat-go/httprc/v3@v3.0.2", + "Name": "github.com/lestrrat-go/httprc/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/lestrrat-go/httprc/v3@v3.0.2", + "UID": "f2f414be14728a9b" + }, + "Version": "v3.0.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/lestrrat-go/jwx/v3@v3.0.13", + "Name": "github.com/lestrrat-go/jwx/v3", + "Identifier": { + "PURL": "pkg:golang/github.com/lestrrat-go/jwx/v3@v3.0.13", + "UID": "540841d527ca89e4" + }, + "Version": "v3.0.13", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/lestrrat-go/option/v2@v2.0.0", + "Name": "github.com/lestrrat-go/option/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/lestrrat-go/option/v2@v2.0.0", + "UID": "c9370e1dcc031bd" + }, + "Version": "v2.0.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/letsencrypt/boulder@v0.20260223.0", + "Name": "github.com/letsencrypt/boulder", + "Identifier": { + "PURL": "pkg:golang/github.com/letsencrypt/boulder@v0.20260223.0", + "UID": "5e08636e166d3ed5" + }, + "Version": "v0.20260223.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/lib/pq@v1.10.9", + "Name": "github.com/lib/pq", + "Identifier": { + "PURL": "pkg:golang/github.com/lib/pq@v1.10.9", + "UID": "cfa2eb3385a0302e" + }, + "Version": "v1.10.9", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/liggitt/tabwriter@v0.0.0-20181228230101-89fcab3d43de", + "Name": "github.com/liggitt/tabwriter", + "Identifier": { + "PURL": "pkg:golang/github.com/liggitt/tabwriter@v0.0.0-20181228230101-89fcab3d43de", + "UID": "55b742e7cde03956" + }, + "Version": "v0.0.0-20181228230101-89fcab3d43de", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/lunixbochs/struc@v0.0.0-20200707160740-784aaebc1d40", + "Name": "github.com/lunixbochs/struc", + "Identifier": { + "PURL": "pkg:golang/github.com/lunixbochs/struc@v0.0.0-20200707160740-784aaebc1d40", + "UID": "6bd0cb0f40593335" + }, + "Version": "v0.0.0-20200707160740-784aaebc1d40", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/masahiro331/go-disk@v0.0.0-20240625071113-56c933208fee", + "Name": "github.com/masahiro331/go-disk", + "Identifier": { + "PURL": "pkg:golang/github.com/masahiro331/go-disk@v0.0.0-20240625071113-56c933208fee", + "UID": "cbe1fc9b3028b1f1" + }, + "Version": "v0.0.0-20240625071113-56c933208fee", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/masahiro331/go-ebs-file@v0.0.0-20240917043618-e6d2bea5c32e", + "Name": "github.com/masahiro331/go-ebs-file", + "Identifier": { + "PURL": "pkg:golang/github.com/masahiro331/go-ebs-file@v0.0.0-20240917043618-e6d2bea5c32e", + "UID": "d73fafbc7b8e192e" + }, + "Version": "v0.0.0-20240917043618-e6d2bea5c32e", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/masahiro331/go-ext4-filesystem@v0.0.0-20240620024024-ca14e6327bbd", + "Name": "github.com/masahiro331/go-ext4-filesystem", + "Identifier": { + "PURL": "pkg:golang/github.com/masahiro331/go-ext4-filesystem@v0.0.0-20240620024024-ca14e6327bbd", + "UID": "98b8046f540c5afe" + }, + "Version": "v0.0.0-20240620024024-ca14e6327bbd", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/masahiro331/go-mvn-version@v0.0.0-20250131095131-f4974fa13b8a", + "Name": "github.com/masahiro331/go-mvn-version", + "Identifier": { + "PURL": "pkg:golang/github.com/masahiro331/go-mvn-version@v0.0.0-20250131095131-f4974fa13b8a", + "UID": "4fe113cc4ecb2529" + }, + "Version": "v0.0.0-20250131095131-f4974fa13b8a", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/masahiro331/go-vmdk-parser@v0.0.0-20221225061455-612096e4bbbd", + "Name": "github.com/masahiro331/go-vmdk-parser", + "Identifier": { + "PURL": "pkg:golang/github.com/masahiro331/go-vmdk-parser@v0.0.0-20221225061455-612096e4bbbd", + "UID": "3f3e6b539a89f83f" + }, + "Version": "v0.0.0-20221225061455-612096e4bbbd", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/masahiro331/go-xfs-filesystem@v0.0.0-20231205045356-1b22259a6c44", + "Name": "github.com/masahiro331/go-xfs-filesystem", + "Identifier": { + "PURL": "pkg:golang/github.com/masahiro331/go-xfs-filesystem@v0.0.0-20231205045356-1b22259a6c44", + "UID": "ac3ec924bcd08a18" + }, + "Version": "v0.0.0-20231205045356-1b22259a6c44", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mattn/go-colorable@v0.1.14", + "Name": "github.com/mattn/go-colorable", + "Identifier": { + "PURL": "pkg:golang/github.com/mattn/go-colorable@v0.1.14", + "UID": "78a083a3b6b6f949" + }, + "Version": "v0.1.14", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mattn/go-isatty@v0.0.20", + "Name": "github.com/mattn/go-isatty", + "Identifier": { + "PURL": "pkg:golang/github.com/mattn/go-isatty@v0.0.20", + "UID": "a634dfff900e18d9" + }, + "Version": "v0.0.20", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mattn/go-runewidth@v0.0.16", + "Name": "github.com/mattn/go-runewidth", + "Identifier": { + "PURL": "pkg:golang/github.com/mattn/go-runewidth@v0.0.16", + "UID": "3e8619b76f70a00a" + }, + "Version": "v0.0.16", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mattn/go-shellwords@v1.0.12", + "Name": "github.com/mattn/go-shellwords", + "Identifier": { + "PURL": "pkg:golang/github.com/mattn/go-shellwords@v1.0.12", + "UID": "d8b7a20ae7a3f459" + }, + "Version": "v1.0.12", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mitchellh/copystructure@v1.2.0", + "Name": "github.com/mitchellh/copystructure", + "Identifier": { + "PURL": "pkg:golang/github.com/mitchellh/copystructure@v1.2.0", + "UID": "e30f0cbc5f8bfc95" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mitchellh/go-homedir@v1.1.0", + "Name": "github.com/mitchellh/go-homedir", + "Identifier": { + "PURL": "pkg:golang/github.com/mitchellh/go-homedir@v1.1.0", + "UID": "fa8f0e1153843461" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mitchellh/go-wordwrap@v1.0.1", + "Name": "github.com/mitchellh/go-wordwrap", + "Identifier": { + "PURL": "pkg:golang/github.com/mitchellh/go-wordwrap@v1.0.1", + "UID": "dc4c0112b3745677" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mitchellh/hashstructure/v2@v2.0.2", + "Name": "github.com/mitchellh/hashstructure/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/mitchellh/hashstructure/v2@v2.0.2", + "UID": "2b15407a4f16411e" + }, + "Version": "v2.0.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mitchellh/mapstructure@v1.5.1-0.20231216201459-8508981c8b6c", + "Name": "github.com/mitchellh/mapstructure", + "Identifier": { + "PURL": "pkg:golang/github.com/mitchellh/mapstructure@v1.5.1-0.20231216201459-8508981c8b6c", + "UID": "9a667c12cebf833c" + }, + "Version": "v1.5.1-0.20231216201459-8508981c8b6c", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/mitchellh/reflectwalk@v1.0.2", + "Name": "github.com/mitchellh/reflectwalk", + "Identifier": { + "PURL": "pkg:golang/github.com/mitchellh/reflectwalk@v1.0.2", + "UID": "9d3e22e67a4104dc" + }, + "Version": "v1.0.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/moby/buildkit@v0.29.0", + "Name": "github.com/moby/buildkit", + "Identifier": { + "PURL": "pkg:golang/github.com/moby/buildkit@v0.29.0", + "UID": "5c4e512424da2407" + }, + "Version": "v0.29.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/moby/docker-image-spec@v1.3.1", + "Name": "github.com/moby/docker-image-spec", + "Identifier": { + "PURL": "pkg:golang/github.com/moby/docker-image-spec@v1.3.1", + "UID": "207218627447f3da" + }, + "Version": "v1.3.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/moby/locker@v1.0.1", + "Name": "github.com/moby/locker", + "Identifier": { + "PURL": "pkg:golang/github.com/moby/locker@v1.0.1", + "UID": "1b784e9739956710" + }, + "Version": "v1.0.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/moby/moby/api@v1.54.1", + "Name": "github.com/moby/moby/api", + "Identifier": { + "PURL": "pkg:golang/github.com/moby/moby/api@v1.54.1", + "UID": "b03fa3128f1368ab" + }, + "Version": "v1.54.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/moby/moby/client@v0.4.0", + "Name": "github.com/moby/moby/client", + "Identifier": { + "PURL": "pkg:golang/github.com/moby/moby/client@v0.4.0", + "UID": "fa4d5d3160880ce9" + }, + "Version": "v0.4.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/moby/sys/atomicwriter@v0.1.0", + "Name": "github.com/moby/sys/atomicwriter", + "Identifier": { + "PURL": "pkg:golang/github.com/moby/sys/atomicwriter@v0.1.0", + "UID": "3cedde4e0e228c02" + }, + "Version": "v0.1.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/moby/sys/mountinfo@v0.7.2", + "Name": "github.com/moby/sys/mountinfo", + "Identifier": { + "PURL": "pkg:golang/github.com/moby/sys/mountinfo@v0.7.2", + "UID": "dbcdeefba4897daa" + }, + "Version": "v0.7.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/moby/sys/sequential@v0.6.0", + "Name": "github.com/moby/sys/sequential", + "Identifier": { + "PURL": "pkg:golang/github.com/moby/sys/sequential@v0.6.0", + "UID": "4406f1662e8257e8" + }, + "Version": "v0.6.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/moby/sys/signal@v0.7.1", + "Name": "github.com/moby/sys/signal", + "Identifier": { + "PURL": "pkg:golang/github.com/moby/sys/signal@v0.7.1", + "UID": "89a80bacb9ff4c65" + }, + "Version": "v0.7.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/moby/sys/user@v0.4.0", + "Name": "github.com/moby/sys/user", + "Identifier": { + "PURL": "pkg:golang/github.com/moby/sys/user@v0.4.0", + "UID": "ad18d7ea40e71960" + }, + "Version": "v0.4.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/moby/sys/userns@v0.1.0", + "Name": "github.com/moby/sys/userns", + "Identifier": { + "PURL": "pkg:golang/github.com/moby/sys/userns@v0.1.0", + "UID": "7c9cc0e22521e813" + }, + "Version": "v0.1.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/moby/term@v0.5.2", + "Name": "github.com/moby/term", + "Identifier": { + "PURL": "pkg:golang/github.com/moby/term@v0.5.2", + "UID": "5aa86afd32dc7e17" + }, + "Version": "v0.5.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "Name": "github.com/modern-go/concurrent", + "Identifier": { + "PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", + "UID": "fd92eda2da191208" + }, + "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/modern-go/reflect2@v1.0.3-0.20250322232337-35a7c28c31ee", + "Name": "github.com/modern-go/reflect2", + "Identifier": { + "PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.3-0.20250322232337-35a7c28c31ee", + "UID": "4281e5fee818b0c0" + }, + "Version": "v1.0.3-0.20250322232337-35a7c28c31ee", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/monochromegane/go-gitignore@v0.0.0-20200626010858-205db1a8cc00", + "Name": "github.com/monochromegane/go-gitignore", + "Identifier": { + "PURL": "pkg:golang/github.com/monochromegane/go-gitignore@v0.0.0-20200626010858-205db1a8cc00", + "UID": "ad17ce6a104ac8a6" + }, + "Version": "v0.0.0-20200626010858-205db1a8cc00", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/morikuni/aec@v1.1.0", + "Name": "github.com/morikuni/aec", + "Identifier": { + "PURL": "pkg:golang/github.com/morikuni/aec@v1.1.0", + "UID": "205366929dd7a8a1" + }, + "Version": "v1.1.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "Name": "github.com/munnerz/goautoneg", + "Identifier": { + "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", + "UID": "abe45a24072fe29e" + }, + "Version": "v0.0.0-20191010083416-a7dc8b61c822", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/nikolalohinski/gonja/v2@v2.7.0", + "Name": "github.com/nikolalohinski/gonja/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/nikolalohinski/gonja/v2@v2.7.0", + "UID": "919cbe7c6edf6b4b" + }, + "Version": "v2.7.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/nozzle/throttler@v0.0.0-20180817012639-2ea982251481", + "Name": "github.com/nozzle/throttler", + "Identifier": { + "PURL": "pkg:golang/github.com/nozzle/throttler@v0.0.0-20180817012639-2ea982251481", + "UID": "d13be155ec41c2f3" + }, + "Version": "v0.0.0-20180817012639-2ea982251481", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/oklog/ulid/v2@v2.1.1", + "Name": "github.com/oklog/ulid/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/oklog/ulid/v2@v2.1.1", + "UID": "701be4c8e01768c0" + }, + "Version": "v2.1.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/open-policy-agent/opa@v1.15.2", + "Name": "github.com/open-policy-agent/opa", + "Identifier": { + "PURL": "pkg:golang/github.com/open-policy-agent/opa@v1.15.2", + "UID": "c641ebd8a2967d03" + }, + "Version": "v1.15.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/opencontainers/go-digest@v1.0.0", + "Name": "github.com/opencontainers/go-digest", + "Identifier": { + "PURL": "pkg:golang/github.com/opencontainers/go-digest@v1.0.0", + "UID": "d509e6b9eec734c6" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/opencontainers/image-spec@v1.1.1", + "Name": "github.com/opencontainers/image-spec", + "Identifier": { + "PURL": "pkg:golang/github.com/opencontainers/image-spec@v1.1.1", + "UID": "f2d1b95b6086ab3c" + }, + "Version": "v1.1.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/opencontainers/runtime-spec@v1.3.0", + "Name": "github.com/opencontainers/runtime-spec", + "Identifier": { + "PURL": "pkg:golang/github.com/opencontainers/runtime-spec@v1.3.0", + "UID": "865523aa6ebaea64" + }, + "Version": "v1.3.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/opencontainers/selinux@v1.13.1", + "Name": "github.com/opencontainers/selinux", + "Identifier": { + "PURL": "pkg:golang/github.com/opencontainers/selinux@v1.13.1", + "UID": "7efa7b4ec13bfa51" + }, + "Version": "v1.13.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/openvex/discovery@v0.1.1-0.20240802171711-7c54efc57553", + "Name": "github.com/openvex/discovery", + "Identifier": { + "PURL": "pkg:golang/github.com/openvex/discovery@v0.1.1-0.20240802171711-7c54efc57553", + "UID": "caa63d2783605865" + }, + "Version": "v0.1.1-0.20240802171711-7c54efc57553", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/openvex/go-vex@v0.2.7", + "Name": "github.com/openvex/go-vex", + "Identifier": { + "PURL": "pkg:golang/github.com/openvex/go-vex@v0.2.7", + "UID": "1af917eb213b6f76" + }, + "Version": "v0.2.7", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/owenrumney/go-sarif/v2@v2.3.3", + "Name": "github.com/owenrumney/go-sarif/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/owenrumney/go-sarif/v2@v2.3.3", + "UID": "22b7c5a0a79c718d" + }, + "Version": "v2.3.3", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/owenrumney/squealer@v1.2.12", + "Name": "github.com/owenrumney/squealer", + "Identifier": { + "PURL": "pkg:golang/github.com/owenrumney/squealer@v1.2.12", + "UID": "107576fbf5aab4f2" + }, + "Version": "v1.2.12", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/package-url/packageurl-go@v0.1.5", + "Name": "github.com/package-url/packageurl-go", + "Identifier": { + "PURL": "pkg:golang/github.com/package-url/packageurl-go@v0.1.5", + "UID": "b39f919f48358a8" + }, + "Version": "v0.1.5", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pandatix/go-cvss@v0.6.2", + "Name": "github.com/pandatix/go-cvss", + "Identifier": { + "PURL": "pkg:golang/github.com/pandatix/go-cvss@v0.6.2", + "UID": "2887439a7735853" + }, + "Version": "v0.6.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pelletier/go-toml/v2@v2.2.4", + "Name": "github.com/pelletier/go-toml/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/pelletier/go-toml/v2@v2.2.4", + "UID": "f09256c52422d9de" + }, + "Version": "v2.2.4", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/peterbourgon/diskv@v2.0.1+incompatible", + "Name": "github.com/peterbourgon/diskv", + "Identifier": { + "PURL": "pkg:golang/github.com/peterbourgon/diskv@v2.0.1%2Bincompatible", + "UID": "c467f44ba766a609" + }, + "Version": "v2.0.1+incompatible", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pjbgf/sha1cd@v0.3.2", + "Name": "github.com/pjbgf/sha1cd", + "Identifier": { + "PURL": "pkg:golang/github.com/pjbgf/sha1cd@v0.3.2", + "UID": "ce7daffeb334bed8" + }, + "Version": "v0.3.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pkg/browser@v0.0.0-20240102092130-5ac0b6a4141c", + "Name": "github.com/pkg/browser", + "Identifier": { + "PURL": "pkg:golang/github.com/pkg/browser@v0.0.0-20240102092130-5ac0b6a4141c", + "UID": "bf4fddf3420621bc" + }, + "Version": "v0.0.0-20240102092130-5ac0b6a4141c", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pkg/errors@v0.9.1", + "Name": "github.com/pkg/errors", + "Identifier": { + "PURL": "pkg:golang/github.com/pkg/errors@v0.9.1", + "UID": "af2c635457b37790" + }, + "Version": "v0.9.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/planetscale/vtprotobuf@v0.6.1-0.20240319094008-0393e58bdf10", + "Name": "github.com/planetscale/vtprotobuf", + "Identifier": { + "PURL": "pkg:golang/github.com/planetscale/vtprotobuf@v0.6.1-0.20240319094008-0393e58bdf10", + "UID": "1cf140e58a1f3afe" + }, + "Version": "v0.6.1-0.20240319094008-0393e58bdf10", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/pmezard/go-difflib@v1.0.1-0.20181226105442-5d4384ee4fb2", + "Name": "github.com/pmezard/go-difflib", + "Identifier": { + "PURL": "pkg:golang/github.com/pmezard/go-difflib@v1.0.1-0.20181226105442-5d4384ee4fb2", + "UID": "8d5735bc78902712" + }, + "Version": "v1.0.1-0.20181226105442-5d4384ee4fb2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/rcrowley/go-metrics@v0.0.0-20250401214520-65e299d6c5c9", + "Name": "github.com/rcrowley/go-metrics", + "Identifier": { + "PURL": "pkg:golang/github.com/rcrowley/go-metrics@v0.0.0-20250401214520-65e299d6c5c9", + "UID": "4bbc26a320477f67" + }, + "Version": "v0.0.0-20250401214520-65e299d6c5c9", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/remyoudompheng/bigfft@v0.0.0-20230129092748-24d4a6f8daec", + "Name": "github.com/remyoudompheng/bigfft", + "Identifier": { + "PURL": "pkg:golang/github.com/remyoudompheng/bigfft@v0.0.0-20230129092748-24d4a6f8daec", + "UID": "9f4ca67645d87fd5" + }, + "Version": "v0.0.0-20230129092748-24d4a6f8daec", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/rivo/uniseg@v0.4.7", + "Name": "github.com/rivo/uniseg", + "Identifier": { + "PURL": "pkg:golang/github.com/rivo/uniseg@v0.4.7", + "UID": "6e101f5213f5b3cc" + }, + "Version": "v0.4.7", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/rubenv/sql-migrate@v1.8.1", + "Name": "github.com/rubenv/sql-migrate", + "Identifier": { + "PURL": "pkg:golang/github.com/rubenv/sql-migrate@v1.8.1", + "UID": "e0ff8f4c1226e806" + }, + "Version": "v1.8.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/russross/blackfriday/v2@v2.1.0", + "Name": "github.com/russross/blackfriday/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/russross/blackfriday/v2@v2.1.0", + "UID": "1a251e8605ee5576" + }, + "Version": "v2.1.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/rust-secure-code/go-rustaudit@v0.0.0-20250226111315-e20ec32e963c", + "Name": "github.com/rust-secure-code/go-rustaudit", + "Identifier": { + "PURL": "pkg:golang/github.com/rust-secure-code/go-rustaudit@v0.0.0-20250226111315-e20ec32e963c", + "UID": "7783937f4d7bc0bc" + }, + "Version": "v0.0.0-20250226111315-e20ec32e963c", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/sagikazarmark/locafero@v0.11.0", + "Name": "github.com/sagikazarmark/locafero", + "Identifier": { + "PURL": "pkg:golang/github.com/sagikazarmark/locafero@v0.11.0", + "UID": "c38c5e2cc1d8392e" + }, + "Version": "v0.11.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/samber/lo@v1.53.0", + "Name": "github.com/samber/lo", + "Identifier": { + "PURL": "pkg:golang/github.com/samber/lo@v1.53.0", + "UID": "9c4f4fb4c35a9b89" + }, + "Version": "v1.53.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/samber/oops@v1.18.1", + "Name": "github.com/samber/oops", + "Identifier": { + "PURL": "pkg:golang/github.com/samber/oops@v1.18.1", + "UID": "c38900b323ca8518" + }, + "Version": "v1.18.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/santhosh-tekuri/jsonschema/v6@v6.0.2", + "Name": "github.com/santhosh-tekuri/jsonschema/v6", + "Identifier": { + "PURL": "pkg:golang/github.com/santhosh-tekuri/jsonschema/v6@v6.0.2", + "UID": "ebe07f57a3fe66d9" + }, + "Version": "v6.0.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/sassoftware/go-rpmutils@v0.4.0", + "Name": "github.com/sassoftware/go-rpmutils", + "Identifier": { + "PURL": "pkg:golang/github.com/sassoftware/go-rpmutils@v0.4.0", + "UID": "ec4d5355ead87635" + }, + "Version": "v0.4.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/sassoftware/relic@v7.2.1+incompatible", + "Name": "github.com/sassoftware/relic", + "Identifier": { + "PURL": "pkg:golang/github.com/sassoftware/relic@v7.2.1%2Bincompatible", + "UID": "b0b63eb8cb43d2c0" + }, + "Version": "v7.2.1+incompatible", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/secure-systems-lab/go-securesystemslib@v0.10.0", + "Name": "github.com/secure-systems-lab/go-securesystemslib", + "Identifier": { + "PURL": "pkg:golang/github.com/secure-systems-lab/go-securesystemslib@v0.10.0", + "UID": "25e12c8331ef3135" + }, + "Version": "v0.10.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/sergi/go-diff@v1.4.0", + "Name": "github.com/sergi/go-diff", + "Identifier": { + "PURL": "pkg:golang/github.com/sergi/go-diff@v1.4.0", + "UID": "10646aa622a6ef3a" + }, + "Version": "v1.4.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/shibumi/go-pathspec@v1.3.0", + "Name": "github.com/shibumi/go-pathspec", + "Identifier": { + "PURL": "pkg:golang/github.com/shibumi/go-pathspec@v1.3.0", + "UID": "2b89a4645080d727" + }, + "Version": "v1.3.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/shopspring/decimal@v1.4.0", + "Name": "github.com/shopspring/decimal", + "Identifier": { + "PURL": "pkg:golang/github.com/shopspring/decimal@v1.4.0", + "UID": "5b96e4c5a98ecd4d" + }, + "Version": "v1.4.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/sigstore/cosign/v2@v2.6.2", + "Name": "github.com/sigstore/cosign/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/sigstore/cosign/v2@v2.6.2", + "UID": "9446708cfde2a8d8" + }, + "Version": "v2.6.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/sigstore/protobuf-specs@v0.5.0", + "Name": "github.com/sigstore/protobuf-specs", + "Identifier": { + "PURL": "pkg:golang/github.com/sigstore/protobuf-specs@v0.5.0", + "UID": "779ba31bea7440e3" + }, + "Version": "v0.5.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/sigstore/rekor@v1.5.1", + "Name": "github.com/sigstore/rekor", + "Identifier": { + "PURL": "pkg:golang/github.com/sigstore/rekor@v1.5.1", + "UID": "c8bb1a796b199c71" + }, + "Version": "v1.5.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/sigstore/rekor-tiles/v2@v2.0.1", + "Name": "github.com/sigstore/rekor-tiles/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/sigstore/rekor-tiles/v2@v2.0.1", + "UID": "318e94ab6159e848" + }, + "Version": "v2.0.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/sigstore/sigstore@v1.10.5", + "Name": "github.com/sigstore/sigstore", + "Identifier": { + "PURL": "pkg:golang/github.com/sigstore/sigstore@v1.10.5", + "UID": "ed3218a83663b288" + }, + "Version": "v1.10.5", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/sigstore/sigstore-go@v1.1.4", + "Name": "github.com/sigstore/sigstore-go", + "Identifier": { + "PURL": "pkg:golang/github.com/sigstore/sigstore-go@v1.1.4", + "UID": "9d7bb6c3e0e0c79e" + }, + "Version": "v1.1.4", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/sigstore/timestamp-authority/v2@v2.0.6", + "Name": "github.com/sigstore/timestamp-authority/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/sigstore/timestamp-authority/v2@v2.0.6", + "UID": "ff386c449d83eeff" + }, + "Version": "v2.0.6", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/sirupsen/logrus@v1.9.4", + "Name": "github.com/sirupsen/logrus", + "Identifier": { + "PURL": "pkg:golang/github.com/sirupsen/logrus@v1.9.4", + "UID": "9190fb84187cf0b0" + }, + "Version": "v1.9.4", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/skeema/knownhosts@v1.3.1", + "Name": "github.com/skeema/knownhosts", + "Identifier": { + "PURL": "pkg:golang/github.com/skeema/knownhosts@v1.3.1", + "UID": "c2eac9faf6f8437" + }, + "Version": "v1.3.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/sourcegraph/conc@v0.3.1-0.20240121214520-5f936abd7ae8", + "Name": "github.com/sourcegraph/conc", + "Identifier": { + "PURL": "pkg:golang/github.com/sourcegraph/conc@v0.3.1-0.20240121214520-5f936abd7ae8", + "UID": "43058d7611ee50f8" + }, + "Version": "v0.3.1-0.20240121214520-5f936abd7ae8", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spdx/tools-golang@v0.5.7", + "Name": "github.com/spdx/tools-golang", + "Identifier": { + "PURL": "pkg:golang/github.com/spdx/tools-golang@v0.5.7", + "UID": "d697b7adfed34095" + }, + "Version": "v0.5.7", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/afero@v1.15.0", + "Name": "github.com/spf13/afero", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/afero@v1.15.0", + "UID": "752bc372f98b210e" + }, + "Version": "v1.15.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/cast@v1.10.0", + "Name": "github.com/spf13/cast", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/cast@v1.10.0", + "UID": "92b00a99adb32b82" + }, + "Version": "v1.10.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/cobra@v1.10.2", + "Name": "github.com/spf13/cobra", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/cobra@v1.10.2", + "UID": "c733cc590073febc" + }, + "Version": "v1.10.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/pflag@v1.0.10", + "Name": "github.com/spf13/pflag", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.10", + "UID": "f1451eafa1f92c90" + }, + "Version": "v1.0.10", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spf13/viper@v1.21.0", + "Name": "github.com/spf13/viper", + "Identifier": { + "PURL": "pkg:golang/github.com/spf13/viper@v1.21.0", + "UID": "56d107254faa550a" + }, + "Version": "v1.21.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/spiffe/go-spiffe/v2@v2.6.0", + "Name": "github.com/spiffe/go-spiffe/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/spiffe/go-spiffe/v2@v2.6.0", + "UID": "f7f01d013898a5d9" + }, + "Version": "v2.6.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/stretchr/objx@v0.5.3", + "Name": "github.com/stretchr/objx", + "Identifier": { + "PURL": "pkg:golang/github.com/stretchr/objx@v0.5.3", + "UID": "8a29c26a63a441f1" + }, + "Version": "v0.5.3", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/stretchr/testify@v1.11.1", + "Name": "github.com/stretchr/testify", + "Identifier": { + "PURL": "pkg:golang/github.com/stretchr/testify@v1.11.1", + "UID": "e8a6d9abf20c7eb8" + }, + "Version": "v1.11.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/subosito/gotenv@v1.6.0", + "Name": "github.com/subosito/gotenv", + "Identifier": { + "PURL": "pkg:golang/github.com/subosito/gotenv@v1.6.0", + "UID": "a5b03d3a9c2090c" + }, + "Version": "v1.6.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/syndtr/goleveldb@v1.0.1-0.20220721030215-126854af5e6d", + "Name": "github.com/syndtr/goleveldb", + "Identifier": { + "PURL": "pkg:golang/github.com/syndtr/goleveldb@v1.0.1-0.20220721030215-126854af5e6d", + "UID": "f56d59e7e12a0c95" + }, + "Version": "v1.0.1-0.20220721030215-126854af5e6d", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/tchap/go-patricia/v2@v2.3.3", + "Name": "github.com/tchap/go-patricia/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/tchap/go-patricia/v2@v2.3.3", + "UID": "44d9f889c096e5d3" + }, + "Version": "v2.3.3", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/tetratelabs/wazero@v1.11.0", + "Name": "github.com/tetratelabs/wazero", + "Identifier": { + "PURL": "pkg:golang/github.com/tetratelabs/wazero@v1.11.0", + "UID": "68b5f7de1fc27d8b" + }, + "Version": "v1.11.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/theupdateframework/go-tuf@v0.7.0", + "Name": "github.com/theupdateframework/go-tuf", + "Identifier": { + "PURL": "pkg:golang/github.com/theupdateframework/go-tuf@v0.7.0", + "UID": "e0e9ac03cae71a01" + }, + "Version": "v0.7.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/theupdateframework/go-tuf/v2@v2.4.1", + "Name": "github.com/theupdateframework/go-tuf/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/theupdateframework/go-tuf/v2@v2.4.1", + "UID": "64398ae254426b4a" + }, + "Version": "v2.4.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/titanous/rocacheck@v0.0.0-20171023193734-afe73141d399", + "Name": "github.com/titanous/rocacheck", + "Identifier": { + "PURL": "pkg:golang/github.com/titanous/rocacheck@v0.0.0-20171023193734-afe73141d399", + "UID": "51673eb00726726" + }, + "Version": "v0.0.0-20171023193734-afe73141d399", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/tonistiigi/go-csvvalue@v0.0.0-20240814133006-030d3b2625d0", + "Name": "github.com/tonistiigi/go-csvvalue", + "Identifier": { + "PURL": "pkg:golang/github.com/tonistiigi/go-csvvalue@v0.0.0-20240814133006-030d3b2625d0", + "UID": "ba96d9fdca130e4c" + }, + "Version": "v0.0.0-20240814133006-030d3b2625d0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/toqueteos/webbrowser@v1.2.0", + "Name": "github.com/toqueteos/webbrowser", + "Identifier": { + "PURL": "pkg:golang/github.com/toqueteos/webbrowser@v1.2.0", + "UID": "edce0f4ca4a76d84" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/transparency-dev/formats@v0.0.0-20251017110053-404c0d5b696c", + "Name": "github.com/transparency-dev/formats", + "Identifier": { + "PURL": "pkg:golang/github.com/transparency-dev/formats@v0.0.0-20251017110053-404c0d5b696c", + "UID": "3841a3b958f5539f" + }, + "Version": "v0.0.0-20251017110053-404c0d5b696c", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/transparency-dev/merkle@v0.0.2", + "Name": "github.com/transparency-dev/merkle", + "Identifier": { + "PURL": "pkg:golang/github.com/transparency-dev/merkle@v0.0.2", + "UID": "91d4619d2f5e0a2b" + }, + "Version": "v0.0.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/twitchtv/twirp@v8.1.3+incompatible", + "Name": "github.com/twitchtv/twirp", + "Identifier": { + "PURL": "pkg:golang/github.com/twitchtv/twirp@v8.1.3%2Bincompatible", + "UID": "7ceaa58dec508301" + }, + "Version": "v8.1.3+incompatible", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/ulikunitz/xz@v0.5.15", + "Name": "github.com/ulikunitz/xz", + "Identifier": { + "PURL": "pkg:golang/github.com/ulikunitz/xz@v0.5.15", + "UID": "57867d58e7ed3139" + }, + "Version": "v0.5.15", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/valyala/fastjson@v1.6.7", + "Name": "github.com/valyala/fastjson", + "Identifier": { + "PURL": "pkg:golang/github.com/valyala/fastjson@v1.6.7", + "UID": "46c290945432c4ba" + }, + "Version": "v1.6.7", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/vbatts/tar-split@v0.12.2", + "Name": "github.com/vbatts/tar-split", + "Identifier": { + "PURL": "pkg:golang/github.com/vbatts/tar-split@v0.12.2", + "UID": "1fdefc95e0bde68f" + }, + "Version": "v0.12.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/vektah/gqlparser/v2@v2.5.32", + "Name": "github.com/vektah/gqlparser/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/vektah/gqlparser/v2@v2.5.32", + "UID": "aeb7124d7829827" + }, + "Version": "v2.5.32", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/vmihailenco/msgpack/v5@v5.4.1", + "Name": "github.com/vmihailenco/msgpack/v5", + "Identifier": { + "PURL": "pkg:golang/github.com/vmihailenco/msgpack/v5@v5.4.1", + "UID": "98be7c75c8890879" + }, + "Version": "v5.4.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/vmihailenco/tagparser/v2@v2.0.0", + "Name": "github.com/vmihailenco/tagparser/v2", + "Identifier": { + "PURL": "pkg:golang/github.com/vmihailenco/tagparser/v2@v2.0.0", + "UID": "4084a10b585e7ec" + }, + "Version": "v2.0.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/x448/float16@v0.8.4", + "Name": "github.com/x448/float16", + "Identifier": { + "PURL": "pkg:golang/github.com/x448/float16@v0.8.4", + "UID": "92e4d1656274958c" + }, + "Version": "v0.8.4", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/xanzy/ssh-agent@v0.3.3", + "Name": "github.com/xanzy/ssh-agent", + "Identifier": { + "PURL": "pkg:golang/github.com/xanzy/ssh-agent@v0.3.3", + "UID": "206689b5d59442fd" + }, + "Version": "v0.3.3", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/xeipuuv/gojsonpointer@v0.0.0-20190905194746-02993c407bfb", + "Name": "github.com/xeipuuv/gojsonpointer", + "Identifier": { + "PURL": "pkg:golang/github.com/xeipuuv/gojsonpointer@v0.0.0-20190905194746-02993c407bfb", + "UID": "9288aec111001403" + }, + "Version": "v0.0.0-20190905194746-02993c407bfb", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/xeipuuv/gojsonreference@v0.0.0-20180127040603-bd5ef7bd5415", + "Name": "github.com/xeipuuv/gojsonreference", + "Identifier": { + "PURL": "pkg:golang/github.com/xeipuuv/gojsonreference@v0.0.0-20180127040603-bd5ef7bd5415", + "UID": "d0b0b1bfb36b2e19" + }, + "Version": "v0.0.0-20180127040603-bd5ef7bd5415", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/xeipuuv/gojsonschema@v1.2.0", + "Name": "github.com/xeipuuv/gojsonschema", + "Identifier": { + "PURL": "pkg:golang/github.com/xeipuuv/gojsonschema@v1.2.0", + "UID": "44d170518914b732" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/xi2/xz@v0.0.0-20171230120015-48954b6210f8", + "Name": "github.com/xi2/xz", + "Identifier": { + "PURL": "pkg:golang/github.com/xi2/xz@v0.0.0-20171230120015-48954b6210f8", + "UID": "7b7c196f8c1e6fff" + }, + "Version": "v0.0.0-20171230120015-48954b6210f8", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/xlab/treeprint@v1.2.0", + "Name": "github.com/xlab/treeprint", + "Identifier": { + "PURL": "pkg:golang/github.com/xlab/treeprint@v1.2.0", + "UID": "e2a2781874aba2cd" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/yashtewari/glob-intersection@v0.2.0", + "Name": "github.com/yashtewari/glob-intersection", + "Identifier": { + "PURL": "pkg:golang/github.com/yashtewari/glob-intersection@v0.2.0", + "UID": "c9bac6d9131501d1" + }, + "Version": "v0.2.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/zclconf/go-cty@v1.18.0", + "Name": "github.com/zclconf/go-cty", + "Identifier": { + "PURL": "pkg:golang/github.com/zclconf/go-cty@v1.18.0", + "UID": "5b7fa8ee0cadfb74" + }, + "Version": "v1.18.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "github.com/zclconf/go-cty-yaml@v1.2.0", + "Name": "github.com/zclconf/go-cty-yaml", + "Identifier": { + "PURL": "pkg:golang/github.com/zclconf/go-cty-yaml@v1.2.0", + "UID": "ad085d1cb6f3825f" + }, + "Version": "v1.2.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.etcd.io/bbolt@v1.4.3", + "Name": "go.etcd.io/bbolt", + "Identifier": { + "PURL": "pkg:golang/go.etcd.io/bbolt@v1.4.3", + "UID": "ce28fe3e008ea977" + }, + "Version": "v1.4.3", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/auto/sdk@v1.2.1", + "Name": "go.opentelemetry.io/auto/sdk", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/auto/sdk@v1.2.1", + "UID": "d6b64dd7665d89ca" + }, + "Version": "v1.2.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/contrib/detectors/gcp@v1.39.0", + "Name": "go.opentelemetry.io/contrib/detectors/gcp", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/contrib/detectors/gcp@v1.39.0", + "UID": "dbc3ac183d924f55" + }, + "Version": "v1.39.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.63.0", + "Name": "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.63.0", + "UID": "119a3a02abd64f86" + }, + "Version": "v0.63.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.65.0", + "Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.65.0", + "UID": "cd264fff9e77fe50" + }, + "Version": "v0.65.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel@v1.43.0", + "Name": "go.opentelemetry.io/otel", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel@v1.43.0", + "UID": "5840357d5c7e6a0e" + }, + "Version": "v1.43.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc@v1.40.0", + "Name": "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc@v1.40.0", + "UID": "ea147c69c10fd292" + }, + "Version": "v1.40.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.40.0", + "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.40.0", + "UID": "1a10031b56e9de01" + }, + "Version": "v1.40.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.40.0", + "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.40.0", + "UID": "dbc6c48d47458ba1" + }, + "Version": "v1.40.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/metric@v1.43.0", + "Name": "go.opentelemetry.io/otel/metric", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/metric@v1.43.0", + "UID": "621ee72e35bf16b4" + }, + "Version": "v1.43.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/sdk@v1.43.0", + "Name": "go.opentelemetry.io/otel/sdk", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/sdk@v1.43.0", + "UID": "83e3015693054a4b" + }, + "Version": "v1.43.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/sdk/metric@v1.43.0", + "Name": "go.opentelemetry.io/otel/sdk/metric", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/sdk/metric@v1.43.0", + "UID": "420a18a964055ae3" + }, + "Version": "v1.43.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/otel/trace@v1.43.0", + "Name": "go.opentelemetry.io/otel/trace", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/otel/trace@v1.43.0", + "UID": "75355cb2493ca108" + }, + "Version": "v1.43.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.opentelemetry.io/proto/otlp@v1.9.0", + "Name": "go.opentelemetry.io/proto/otlp", + "Identifier": { + "PURL": "pkg:golang/go.opentelemetry.io/proto/otlp@v1.9.0", + "UID": "2aba49ffae12a4c6" + }, + "Version": "v1.9.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/multierr@v1.11.0", + "Name": "go.uber.org/multierr", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/multierr@v1.11.0", + "UID": "8eaf98cbf1107a3a" + }, + "Version": "v1.11.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.uber.org/zap@v1.27.1", + "Name": "go.uber.org/zap", + "Identifier": { + "PURL": "pkg:golang/go.uber.org/zap@v1.27.1", + "UID": "b214d3640bfaa20f" + }, + "Version": "v1.27.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.yaml.in/yaml/v2@v2.4.3", + "Name": "go.yaml.in/yaml/v2", + "Identifier": { + "PURL": "pkg:golang/go.yaml.in/yaml/v2@v2.4.3", + "UID": "e79d0af40d5c4ac8" + }, + "Version": "v2.4.3", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.yaml.in/yaml/v3@v3.0.4", + "Name": "go.yaml.in/yaml/v3", + "Identifier": { + "PURL": "pkg:golang/go.yaml.in/yaml/v3@v3.0.4", + "UID": "92c2e4faa7706d93" + }, + "Version": "v3.0.4", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "go.yaml.in/yaml/v4@v4.0.0-rc.3", + "Name": "go.yaml.in/yaml/v4", + "Identifier": { + "PURL": "pkg:golang/go.yaml.in/yaml/v4@v4.0.0-rc.3", + "UID": "f64e5ca26f59181b" + }, + "Version": "v4.0.0-rc.3", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/crypto@v0.50.0", + "Name": "golang.org/x/crypto", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/crypto@v0.50.0", + "UID": "86b9f77577ddb8d2" + }, + "Version": "v0.50.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/exp@v0.0.0-20251023183803-a4bb9ffd2546", + "Name": "golang.org/x/exp", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/exp@v0.0.0-20251023183803-a4bb9ffd2546", + "UID": "e672dbdb4c81c90" + }, + "Version": "v0.0.0-20251023183803-a4bb9ffd2546", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/mod@v0.34.0", + "Name": "golang.org/x/mod", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/mod@v0.34.0", + "UID": "f7b41f716f7b0fe4" + }, + "Version": "v0.34.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/net@v0.53.0", + "Name": "golang.org/x/net", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/net@v0.53.0", + "UID": "a5e3f765714179cd" + }, + "Version": "v0.53.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/oauth2@v0.36.0", + "Name": "golang.org/x/oauth2", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/oauth2@v0.36.0", + "UID": "d129272d4fc9917e" + }, + "Version": "v0.36.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sync@v0.20.0", + "Name": "golang.org/x/sync", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sync@v0.20.0", + "UID": "1ebf53664e9778b2" + }, + "Version": "v0.20.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/sys@v0.43.0", + "Name": "golang.org/x/sys", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/sys@v0.43.0", + "UID": "5bfd09e654941e78" + }, + "Version": "v0.43.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/term@v0.42.0", + "Name": "golang.org/x/term", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/term@v0.42.0", + "UID": "6689b29d8b98d344" + }, + "Version": "v0.42.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/text@v0.36.0", + "Name": "golang.org/x/text", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/text@v0.36.0", + "UID": "bef56439b881a874" + }, + "Version": "v0.36.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/time@v0.15.0", + "Name": "golang.org/x/time", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/time@v0.15.0", + "UID": "edfc8c1e95c89dfd" + }, + "Version": "v0.15.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "golang.org/x/xerrors@v0.0.0-20240903120638-7835f813f4da", + "Name": "golang.org/x/xerrors", + "Identifier": { + "PURL": "pkg:golang/golang.org/x/xerrors@v0.0.0-20240903120638-7835f813f4da", + "UID": "4139b93d2beead57" + }, + "Version": "v0.0.0-20240903120638-7835f813f4da", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/api@v0.272.0", + "Name": "google.golang.org/api", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/api@v0.272.0", + "UID": "df88e5c29e892c05" + }, + "Version": "v0.272.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/genproto@v0.0.0-20260316180232-0b37fe3546d5", + "Name": "google.golang.org/genproto", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/genproto@v0.0.0-20260316180232-0b37fe3546d5", + "UID": "fa1ed387c196a4b4" + }, + "Version": "v0.0.0-20260316180232-0b37fe3546d5", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/genproto/googleapis/api@v0.0.0-20260316180232-0b37fe3546d5", + "Name": "google.golang.org/genproto/googleapis/api", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/genproto/googleapis/api@v0.0.0-20260316180232-0b37fe3546d5", + "UID": "2a6945d432f07fcf" + }, + "Version": "v0.0.0-20260316180232-0b37fe3546d5", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/genproto/googleapis/rpc@v0.0.0-20260316180232-0b37fe3546d5", + "Name": "google.golang.org/genproto/googleapis/rpc", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/genproto/googleapis/rpc@v0.0.0-20260316180232-0b37fe3546d5", + "UID": "29befa9e37336165" + }, + "Version": "v0.0.0-20260316180232-0b37fe3546d5", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/grpc@v1.79.3", + "Name": "google.golang.org/grpc", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/grpc@v1.79.3", + "UID": "3220fe69c7d38e52" + }, + "Version": "v1.79.3", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "google.golang.org/protobuf@v1.36.11", + "Name": "google.golang.org/protobuf", + "Identifier": { + "PURL": "pkg:golang/google.golang.org/protobuf@v1.36.11", + "UID": "144bffa6b3faea2e" + }, + "Version": "v1.36.11", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/evanphx/json-patch.v4@v4.13.0", + "Name": "gopkg.in/evanphx/json-patch.v4", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/evanphx/json-patch.v4@v4.13.0", + "UID": "1120979d6aee3bbd" + }, + "Version": "v4.13.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/inf.v0@v0.9.1", + "Name": "gopkg.in/inf.v0", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/inf.v0@v0.9.1", + "UID": "c9e4c68e9826a838" + }, + "Version": "v0.9.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/warnings.v0@v0.1.2", + "Name": "gopkg.in/warnings.v0", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/warnings.v0@v0.1.2", + "UID": "486bb224ab4934ad" + }, + "Version": "v0.1.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "gopkg.in/yaml.v3@v3.0.1", + "Name": "gopkg.in/yaml.v3", + "Identifier": { + "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", + "UID": "176d36fc44a1e402" + }, + "Version": "v3.0.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "helm.sh/helm/v3@v3.20.2", + "Name": "helm.sh/helm/v3", + "Identifier": { + "PURL": "pkg:golang/helm.sh/helm/v3@v3.20.2", + "UID": "76d80ac4706fda3a" + }, + "Version": "v3.20.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/api@v0.35.3", + "Name": "k8s.io/api", + "Identifier": { + "PURL": "pkg:golang/k8s.io/api@v0.35.3", + "UID": "d8ad17bda34daba8" + }, + "Version": "v0.35.3", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/apiextensions-apiserver@v0.35.1", + "Name": "k8s.io/apiextensions-apiserver", + "Identifier": { + "PURL": "pkg:golang/k8s.io/apiextensions-apiserver@v0.35.1", + "UID": "2d39273b1635eee4" + }, + "Version": "v0.35.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/apimachinery@v0.35.3", + "Name": "k8s.io/apimachinery", + "Identifier": { + "PURL": "pkg:golang/k8s.io/apimachinery@v0.35.3", + "UID": "e4888e0d00944efa" + }, + "Version": "v0.35.3", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/apiserver@v0.35.1", + "Name": "k8s.io/apiserver", + "Identifier": { + "PURL": "pkg:golang/k8s.io/apiserver@v0.35.1", + "UID": "9d1d8296131305eb" + }, + "Version": "v0.35.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/cli-runtime@v0.35.1", + "Name": "k8s.io/cli-runtime", + "Identifier": { + "PURL": "pkg:golang/k8s.io/cli-runtime@v0.35.1", + "UID": "6650816b26cb93a2" + }, + "Version": "v0.35.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/client-go@v0.35.1", + "Name": "k8s.io/client-go", + "Identifier": { + "PURL": "pkg:golang/k8s.io/client-go@v0.35.1", + "UID": "7924b0ead58c24a3" + }, + "Version": "v0.35.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/component-base@v0.35.1", + "Name": "k8s.io/component-base", + "Identifier": { + "PURL": "pkg:golang/k8s.io/component-base@v0.35.1", + "UID": "79d051d2fea4bea0" + }, + "Version": "v0.35.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/klog/v2@v2.130.1", + "Name": "k8s.io/klog/v2", + "Identifier": { + "PURL": "pkg:golang/k8s.io/klog/v2@v2.130.1", + "UID": "7c2d5dab024da7b6" + }, + "Version": "v2.130.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/kube-openapi@v0.0.0-20250910181357-589584f1c912", + "Name": "k8s.io/kube-openapi", + "Identifier": { + "PURL": "pkg:golang/k8s.io/kube-openapi@v0.0.0-20250910181357-589584f1c912", + "UID": "5f691970e5bc8bd2" + }, + "Version": "v0.0.0-20250910181357-589584f1c912", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/kubectl@v0.35.1", + "Name": "k8s.io/kubectl", + "Identifier": { + "PURL": "pkg:golang/k8s.io/kubectl@v0.35.1", + "UID": "d606c5afd5d2e829" + }, + "Version": "v0.35.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "k8s.io/utils@v0.0.0-20251002143259-bc988d571ff4", + "Name": "k8s.io/utils", + "Identifier": { + "PURL": "pkg:golang/k8s.io/utils@v0.0.0-20251002143259-bc988d571ff4", + "UID": "407f39c02212e306" + }, + "Version": "v0.0.0-20251002143259-bc988d571ff4", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "modernc.org/libc@v1.70.0", + "Name": "modernc.org/libc", + "Identifier": { + "PURL": "pkg:golang/modernc.org/libc@v1.70.0", + "UID": "2a9c262bfe453b23" + }, + "Version": "v1.70.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "modernc.org/mathutil@v1.7.1", + "Name": "modernc.org/mathutil", + "Identifier": { + "PURL": "pkg:golang/modernc.org/mathutil@v1.7.1", + "UID": "119a717fa5a87496" + }, + "Version": "v1.7.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "modernc.org/memory@v1.11.0", + "Name": "modernc.org/memory", + "Identifier": { + "PURL": "pkg:golang/modernc.org/memory@v1.11.0", + "UID": "a55e6c1ef6a462e" + }, + "Version": "v1.11.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "modernc.org/sqlite@v1.48.2", + "Name": "modernc.org/sqlite", + "Identifier": { + "PURL": "pkg:golang/modernc.org/sqlite@v1.48.2", + "UID": "a990af1daedfce00" + }, + "Version": "v1.48.2", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "mvdan.cc/sh/v3@v3.12.0", + "Name": "mvdan.cc/sh/v3", + "Identifier": { + "PURL": "pkg:golang/mvdan.cc/sh/v3@v3.12.0", + "UID": "d108624b106a9349" + }, + "Version": "v3.12.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "oras.land/oras-go/v2@v2.6.0", + "Name": "oras.land/oras-go/v2", + "Identifier": { + "PURL": "pkg:golang/oras.land/oras-go/v2@v2.6.0", + "UID": "7e5aa3baf9c41f95" + }, + "Version": "v2.6.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/json@v0.0.0-20250730193827-2d320260d730", + "Name": "sigs.k8s.io/json", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/json@v0.0.0-20250730193827-2d320260d730", + "UID": "2f32cc9fa9f2d728" + }, + "Version": "v0.0.0-20250730193827-2d320260d730", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/kustomize/api@v0.20.1", + "Name": "sigs.k8s.io/kustomize/api", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/kustomize/api@v0.20.1", + "UID": "7460457c9d4cf9d8" + }, + "Version": "v0.20.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/kustomize/kyaml@v0.20.1", + "Name": "sigs.k8s.io/kustomize/kyaml", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/kustomize/kyaml@v0.20.1", + "UID": "7815e09b4bda8a59" + }, + "Version": "v0.20.1", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/randfill@v1.0.0", + "Name": "sigs.k8s.io/randfill", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/randfill@v1.0.0", + "UID": "9fae49ed5b8729bf" + }, + "Version": "v1.0.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/structured-merge-diff/v6@v6.3.0", + "Name": "sigs.k8s.io/structured-merge-diff/v6", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/structured-merge-diff/v6@v6.3.0", + "UID": "73f8b875003da698" + }, + "Version": "v6.3.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + }, + { + "ID": "sigs.k8s.io/yaml@v1.6.0", + "Name": "sigs.k8s.io/yaml", + "Identifier": { + "PURL": "pkg:golang/sigs.k8s.io/yaml@v1.6.0", + "UID": "96380c28bea11814" + }, + "Version": "v1.6.0", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "AnalyzedBy": "gobinary" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2026-44973", + "VendorIDs": [ + "GHSA-qw64-3x98-g7q2" + ], + "PkgID": "github.com/go-git/go-billy/v5@v5.8.0", + "PkgName": "github.com/go-git/go-billy/v5", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/go-git/go-billy/v5@v5.8.0", + "UID": "a9d04c20d96dbd1f" + }, + "InstalledVersion": "v5.8.0", + "FixedVersion": "5.9.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44973", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:c5153d0342527f76a60ed912cfd09412ce064f17d7c74f2abb874c7c0583c62b", + "Title": "go-billy has path traversal vulnerabilities", + "Description": "### Impact\nMultiple path traversal issues exist across different components of `go-billy`. Insufficient path sanitization and boundary enforcement may allow crafted paths (e.g., using `..`) to escape intended base directories.\n\nWhile go-billy was not originally designed to provide a strong security boundary, some of these issues were inconsistent across some of the built-in implementations. This results in scenarios where applications relying on `go-billy` for some level of isolation may inadvertently expose access to unintended filesystem locations.\n\nThe `osfs.ChrootOS` implementation is notably affected by this vulnerability and is now deprecated in `v5`, removed at `v6`. Users are recommended to move on to `osfs.BoundOS` instead: `osfs.New(path, WithBoundOS())`.\n\nUsers requiring stronger security boundary enforcement are recommended to upgrade to `v6`, where the `osfs` implementation are backed by the [traversal-resistant](https://go.dev/blog/osroot) primitive [os.Root](https://pkg.go.dev/os#Root).\n\n### Patches\nUsers should upgrade to a patched version in order to mitigate this vulnerability. Versions prior to `v5` are likely to be affected, users are recommended to upgrade to a supported `go-billy` version.\n\n### Credits\nThanks to @faran66 and @vnykmshr for finding and separately reporting this issue privately to the go-git project. 🙇", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 8.1 + } + }, + "References": [ + "https://github.com/go-git/go-billy", + "https://github.com/go-git/go-billy/releases/tag/v5.9.0", + "https://github.com/go-git/go-billy/releases/tag/v6.0.0-alpha.1", + "https://github.com/go-git/go-billy/security/advisories/GHSA-qw64-3x98-g7q2" + ] + }, + { + "VulnerabilityID": "CVE-2026-44740", + "VendorIDs": [ + "GHSA-m3xc-h892-ggx6" + ], + "PkgID": "github.com/go-git/go-billy/v5@v5.8.0", + "PkgName": "github.com/go-git/go-billy/v5", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/go-git/go-billy/v5@v5.8.0", + "UID": "a9d04c20d96dbd1f" + }, + "InstalledVersion": "v5.8.0", + "FixedVersion": "5.9.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44740", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:79128f723988bbb936235edf5904a751b111f2746567ecd5a246d681df5bcf54", + "Title": "go-billy: Lack of depth and cycle detection in symlink resolution may lead to infinite loops and resource exhaustion", + "Description": "### Impact\nMultiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption.\n\nThese issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or defensive handling of unexpected states when processing untrusted repository data and filesystem structures.\n\n### Patches\nUsers should upgrade to a patched version in order to mitigate this vulnerability. Versions prior to `v5` are likely to be affected, users are recommended to upgrade to a supported `go-billy` version.\n\n### Credits\nThanks to @faran66 for finding and reporting this issue privately to the go-git project. 🙇", + "Severity": "MEDIUM", + "VendorSeverity": { + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://github.com/go-git/go-billy", + "https://github.com/go-git/go-billy/releases/tag/v5.9.0", + "https://github.com/go-git/go-billy/releases/tag/v6.0.0-alpha.1", + "https://github.com/go-git/go-billy/security/advisories/GHSA-m3xc-h892-ggx6" + ] + }, + { + "VulnerabilityID": "CVE-2026-45022", + "VendorIDs": [ + "GHSA-389r-gv7p-r3rp" + ], + "PkgID": "github.com/go-git/go-git/v5@v5.17.2", + "PkgName": "github.com/go-git/go-git/v5", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/go-git/go-git/v5@v5.17.2", + "UID": "d4aabe835d9af77e" + }, + "InstalledVersion": "v5.17.2", + "FixedVersion": "5.19.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-45022", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:2e1156f702ecddb041c1e07cb011d8ba29023bee4a5eb685ee009497df20c964", + "Title": "go-git's improper parsing of specially crafted objects may lead to inconsistent interpretation compared to upstream Git", + "Description": "### Impact\n`go-git` may parse malformed Git objects in a way that differs from upstream Git. When `commit` or `tag` objects contain ambiguous or malformed headers, `go-git`’s decoded representation may expose values differently from how Git itself would interpret or reject the same object.\n\nAdditionally, `go-git`’s commit signing and verification logic operates over commit data reconstructed from `go-git`’s parsed representation rather than the original raw object bytes. As a result, `go-git` may sign or verify a commit payload that is not byte-for-byte equivalent to the object stored in the repository.\n\nThis can cause a signature to appear valid for a commit whose displayed or effective metadata differs from the object that was intended to be signed.\n\n### Patches\nUsers should upgrade to a patched version in order to mitigate this vulnerability. Versions prior to v5 are likely to be affected, users are recommended to upgrade to a supported `go-git` version.\n\n### Credit\n\nThanks to @bugbunny-research (https://bugbunny.ai/) for reporting this to `sigstore/gitsign`, and to @wlynch, @patzielinski and @adityasaky for coordinating the disclosure with the `go-git` project. :bow: :1st_place_medal: \n\nThanks to @wayphinder for reporting this to the `go-git` project. :bow:", + "Severity": "HIGH", + "VendorSeverity": { + "ghsa": 3 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N", + "V40Score": 7 + } + }, + "References": [ + "https://github.com/go-git/go-git", + "https://github.com/go-git/go-git/security/advisories/GHSA-389r-gv7p-r3rp" + ] + }, + { + "VulnerabilityID": "CVE-2026-41506", + "VendorIDs": [ + "GHSA-3xc5-wrhm-f963" + ], + "PkgID": "github.com/go-git/go-git/v5@v5.17.2", + "PkgName": "github.com/go-git/go-git/v5", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/go-git/go-git/v5@v5.17.2", + "UID": "d4aabe835d9af77e" + }, + "InstalledVersion": "v5.17.2", + "FixedVersion": "5.18.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41506", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:e21a36a77830e36aa3fc2dd2dc153b38253765187f14ba563b6d9532844739f4", + "Title": "golang: github.com/go-git/go-git: go-git: Information disclosure of HTTP authentication credentials via redirects", + "Description": "go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha.2.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-522" + ], + "VendorSeverity": { + "ghsa": 2, + "nvd": 3, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", + "V3Score": 4.7 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-41506", + "https://github.com/go-git/go-git", + "https://github.com/go-git/go-git/releases/tag/v5.18.0", + "https://github.com/go-git/go-git/releases/tag/v6.0.0-alpha.2", + "https://github.com/go-git/go-git/security/advisories/GHSA-3xc5-wrhm-f963", + "https://nvd.nist.gov/vuln/detail/CVE-2026-41506", + "https://www.cve.org/CVERecord?id=CVE-2026-41506" + ], + "PublishedDate": "2026-05-08T14:16:33.983Z", + "LastModifiedDate": "2026-05-12T14:33:02.04Z" + }, + { + "VulnerabilityID": "CVE-2026-45571", + "VendorIDs": [ + "GHSA-crhj-59gh-8x96" + ], + "PkgID": "github.com/go-git/go-git/v5@v5.17.2", + "PkgName": "github.com/go-git/go-git/v5", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/go-git/go-git/v5@v5.17.2", + "UID": "d4aabe835d9af77e" + }, + "InstalledVersion": "v5.17.2", + "FixedVersion": "5.19.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-45571", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:f8d74b7f3e86e9bf92371f0ac1f02b7c9807352a8c6522181dbbdfac712aba70", + "Title": "go-git: Crafted repositories may modify main and submodule .git directories", + "Description": "### Impact\nA path validation issue in `go-git` could allow crafted repository data to affect files outside the intended checkout target, including the repository's `.git` directory.\n\nThese validations were introduced in upstream Git years ago, so the vulnerability arose from go-git drifting from those checks. Some attack vectors were platform-specific: certain payloads affected only Windows users, others affected only macOS users, and some applied across all supported platforms.\n\nUsing non-descendant `go-billy` filesystem instances, or different filesystem types, for the `Storer` and `Worktree` may provide some isolation against `.git` directory manipulation. For example, users that store the `.git` directory through `memfs` while using `osfs` for the worktree are not affected by this vulnerability in the main repository, because repository metadata is not materialized inside the worktree filesystem.\n\nHowever, this isolation does not necessarily apply when the repository contains submodules, since submodule dotgit directories may still be represented or materialized within the worktree context.\n\nIt is important to note that exploitation requires a maliciously crafted repository payload. Users should always exercise caution when interacting with repositories or Git servers they do not trust.\n\n### Patches\nUsers should upgrade to a patched version in order to mitigate this vulnerability. Versions prior to `v5` are likely to be affected, users are recommended to upgrade to a supported go-git version.\n\n### Credits\nThanks to @kodareef5, @AyushParkara and @N0zoM1z0 for reporting this to the go-git project in three separate reports. 🙇", + "Severity": "MEDIUM", + "VendorSeverity": { + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "V3Score": 5.4 + } + }, + "References": [ + "https://github.com/go-git/go-git", + "https://github.com/go-git/go-git/security/advisories/GHSA-crhj-59gh-8x96" + ] + }, + { + "VulnerabilityID": "GHSA-pmwq-pjrm-6p5r", + "PkgID": "github.com/in-toto/in-toto-golang@v0.10.0", + "PkgName": "github.com/in-toto/in-toto-golang", + "PkgIdentifier": { + "PURL": "pkg:golang/github.com/in-toto/in-toto-golang@v0.10.0", + "UID": "74c4305e96ee4efa" + }, + "InstalledVersion": "v0.10.0", + "FixedVersion": "0.11.0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://github.com/advisories/GHSA-pmwq-pjrm-6p5r", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Fingerprint": "sha256:300782395e82b1648aaac97d4f9932af8725e9dde9dd3ae8f7438c078c930abb", + "Title": "in-toto-golang and in-toto-python have inconsistent negation behavior", + "Description": "### Impact\n_What kind of vulnerability is it? Who is impacted?_\n\nin-toto-golang and in-toto-python both support glob patterns in artifact rules to indicate the artifacts that a rule applies to. Both support negations in character classes to indicate what should *not* be matched, but they used different operators to indicate the negation. in-toto-python uses `!` while in-toto-golang used `^`. A layout authored with the expectations of one implementation can therefore exhibit different behavior in the other implementation.\n\nThis impacts users in a specific set of circumstances where two different implementations are used to verify the same layout + attestation bundle at different stages of the same pipeline. As a rule of thumb, we advise using a single implementation across all aspects of a pipeline, from layout creation to pipeline execution and verification to prevent this class of bugs.\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\n\nin-toto-golang has been updated to use `!` instead of `^` to indicate negation. See https://github.com/in-toto/in-toto-golang/pull/462. This is part of v0.11.0.", + "Severity": "MEDIUM", + "VendorSeverity": { + "ghsa": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N", + "V3Score": 4.1 + } + }, + "References": [ + "https://github.com/in-toto/in-toto-golang", + "https://github.com/in-toto/in-toto-golang/commit/36d782ffb2ca3adbffcdce1fd971c23319dd4469", + "https://github.com/in-toto/in-toto-golang/pull/462", + "https://github.com/in-toto/in-toto-golang/security/advisories/GHSA-pmwq-pjrm-6p5r" + ], + "PublishedDate": "2026-05-08T22:24:19Z", + "LastModifiedDate": "2026-05-08T22:24:19Z" + }, + { + "VulnerabilityID": "CVE-2026-33811", + "VendorIDs": [ + "GO-2026-4981" + ], + "PkgID": "stdlib@v1.25.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.9", + "UID": "2185fb41a98d095a" + }, + "InstalledVersion": "v1.25.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:8d5f60b665b4a4e797ae7260293cdffb084f11d2449ae9a068c83cbf719a0674", + "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", + "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-415" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/767860", + "https://go.dev/issue/78803", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", + "https://pkg.go.dev/vuln/GO-2026-4981" + ], + "PublishedDate": "2026-05-07T20:16:42.77Z", + "LastModifiedDate": "2026-05-12T20:23:02.333Z" + }, + { + "VulnerabilityID": "CVE-2026-33814", + "VendorIDs": [ + "GO-2026-4918" + ], + "PkgID": "stdlib@v1.25.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.9", + "UID": "2185fb41a98d095a" + }, + "InstalledVersion": "v1.25.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:d1a5bda7c8fb647e11995cbfe0d7ebc67b9d91d2205270d54d4d51495c7195bf", + "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", + "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-835" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/761581", + "https://go.dev/cl/761640", + "https://go.dev/issue/78476", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", + "https://pkg.go.dev/vuln/GO-2026-4918" + ], + "PublishedDate": "2026-05-07T20:16:42.88Z", + "LastModifiedDate": "2026-05-13T14:41:59.52Z" + }, + { + "VulnerabilityID": "CVE-2026-39820", + "VendorIDs": [ + "GO-2026-4986" + ], + "PkgID": "stdlib@v1.25.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.9", + "UID": "2185fb41a98d095a" + }, + "InstalledVersion": "v1.25.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:3a18b77a0f02a0839ca8dbbf52b3e12cb124b258c89755eefeb4de535300d265", + "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", + "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-770" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/759940", + "https://go.dev/issue/78566", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", + "https://pkg.go.dev/vuln/GO-2026-4986" + ], + "PublishedDate": "2026-05-07T20:16:43.187Z", + "LastModifiedDate": "2026-05-13T15:10:58.65Z" + }, + { + "VulnerabilityID": "CVE-2026-39836", + "VendorIDs": [ + "GO-2026-4971" + ], + "PkgID": "stdlib@v1.25.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.9", + "UID": "2185fb41a98d095a" + }, + "InstalledVersion": "v1.25.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:a641094dfe43212e9905fbfae6e8a333d7f50b6d419a47c577196e7949a46a41", + "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", + "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "bitnami": 3, + "nvd": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/775320", + "https://go.dev/issue/79006", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", + "https://pkg.go.dev/vuln/GO-2026-4971" + ], + "PublishedDate": "2026-05-07T20:16:43.593Z", + "LastModifiedDate": "2026-05-13T15:11:10.31Z" + }, + { + "VulnerabilityID": "CVE-2026-42499", + "VendorIDs": [ + "GO-2026-4977" + ], + "PkgID": "stdlib@v1.25.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.9", + "UID": "2185fb41a98d095a" + }, + "InstalledVersion": "v1.25.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:9dc6d05a7cc3763b85c687c3ca79b67a758379dcdc550cb0291e1ad6014547d4", + "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", + "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", + "Severity": "HIGH", + "VendorSeverity": { + "bitnami": 3 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://go.dev/cl/771520", + "https://go.dev/issue/78987", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", + "https://pkg.go.dev/vuln/GO-2026-4977" + ], + "PublishedDate": "2026-05-07T20:16:44.54Z", + "LastModifiedDate": "2026-05-13T16:59:17.563Z" + }, + { + "VulnerabilityID": "CVE-2026-39823", + "VendorIDs": [ + "GO-2026-4982" + ], + "PkgID": "stdlib@v1.25.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.9", + "UID": "2185fb41a98d095a" + }, + "InstalledVersion": "v1.25.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:b0e0719cb0ecab391f08778fb48a2e3c16161a3a91fd3fd522b6a38dc1e9896b", + "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", + "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-79" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/769920", + "https://go.dev/issue/78913", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", + "https://pkg.go.dev/vuln/GO-2026-4982" + ], + "PublishedDate": "2026-05-07T20:16:43.29Z", + "LastModifiedDate": "2026-05-13T16:58:45.697Z" + }, + { + "VulnerabilityID": "CVE-2026-39825", + "VendorIDs": [ + "GO-2026-4976" + ], + "PkgID": "stdlib@v1.25.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.9", + "UID": "2185fb41a98d095a" + }, + "InstalledVersion": "v1.25.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:63c091901fbd4cc0cd5ae879356120748acdca2cc65c2ecbe8c3d6db21aaeb75", + "Title": "ReverseProxy can forward queries containing parameters not visible to ...", + "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", + "Severity": "MEDIUM", + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://go.dev/cl/770541", + "https://go.dev/issue/78948", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", + "https://pkg.go.dev/vuln/GO-2026-4976" + ], + "PublishedDate": "2026-05-07T20:16:43.39Z", + "LastModifiedDate": "2026-05-13T16:58:56.39Z" + }, + { + "VulnerabilityID": "CVE-2026-39826", + "VendorIDs": [ + "GO-2026-4980" + ], + "PkgID": "stdlib@v1.25.9", + "PkgName": "stdlib", + "PkgIdentifier": { + "PURL": "pkg:golang/stdlib@v1.25.9", + "UID": "2185fb41a98d095a" + }, + "InstalledVersion": "v1.25.9", + "FixedVersion": "1.25.10, 1.26.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", + "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", + "DataSource": { + "ID": "govulndb", + "Name": "The Go Vulnerability Database", + "URL": "https://pkg.go.dev/vuln/" + }, + "Fingerprint": "sha256:62270cd333928b960b17b3197d04c569edc40d9cca9827898c52dd4900615c34", + "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", + "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-116" + ], + "VendorSeverity": { + "bitnami": 2 + }, + "CVSS": { + "bitnami": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "V3Score": 6.1 + } + }, + "References": [ + "https://go.dev/cl/771180", + "https://go.dev/issue/78981", + "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", + "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", + "https://pkg.go.dev/vuln/GO-2026-4980" + ], + "PublishedDate": "2026-05-07T20:16:43.49Z", + "LastModifiedDate": "2026-05-13T16:59:07.48Z" + } + ] + } + ] + }, + { + "Namespace": "trivy", + "Kind": "CronJob", + "Name": "trivy-scan", + "Metadata": [ + { + "Size": 50504704, + "OS": { + "Family": "alpine", + "Name": "3.21.5" + }, + "ImageID": "sha256:1b6a05fecb7dedc83f13456cc8d9ddd6ab53be5303e386d819167c8986e36915", + "DiffIDs": [ + "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b", + "sha256:6d4435bda110341f7737aecca319b193f2c984077bb0f202f1011f66f74129e7", + "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9", + "sha256:97dfed8fdc320612c2f64f4f25a3dea01c498bc5dc332ca05844dc5c55590fbd" + ], + "RepoTags": [ + "python:3.12-alpine3.21" + ], + "RepoDigests": [ + "python@sha256:d4f9227f21409479c7fe92288f2e40b1a56ae591c8ad3b5446dfeaef90f67857" + ], + "Reference": "python:3.12-alpine3.21", + "ImageConfig": { + "architecture": "amd64", + "created": "2025-10-09T15:49:21Z", + "history": [ + { + "created": "2025-10-08T11:06:42Z", + "created_by": "ADD alpine-minirootfs-3.21.5-x86_64.tar.gz / # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-10-08T11:06:42Z", + "created_by": "CMD [\"/bin/sh\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-10-09T15:49:21Z", + "created_by": "ENV PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-10-09T15:49:21Z", + "created_by": "ENV LANG=C.UTF-8", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-10-09T15:49:21Z", + "created_by": "RUN /bin/sh -c set -eux; \tapk add --no-cache \t\tca-certificates \t\ttzdata \t; # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-10-09T15:49:21Z", + "created_by": "ENV GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-10-09T15:49:21Z", + "created_by": "ENV PYTHON_VERSION=3.12.12", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-10-09T15:49:21Z", + "created_by": "ENV PYTHON_SHA256=fb85a13414b028c49ba18bbd523c2d055a30b56b18b92ce454ea2c51edc656c4", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + }, + { + "created": "2025-10-09T15:49:21Z", + "created_by": "RUN /bin/sh -c set -eux; \t\tapk add --no-cache --virtual .build-deps \t\tbluez-dev \t\tbzip2-dev \t\tdpkg-dev dpkg \t\tfindutils \t\tgcc \t\tgdbm-dev \t\tgnupg \t\tlibc-dev \t\tlibffi-dev \t\tlibnsl-dev \t\tlibtirpc-dev \t\tlinux-headers \t\tmake \t\tncurses-dev \t\topenssl-dev \t\tpax-utils \t\treadline-dev \t\tsqlite-dev \t\ttar \t\ttcl-dev \t\ttk \t\ttk-dev \t\tutil-linux-dev \t\txz \t\txz-dev \t\tzlib-dev \t; \t\twget -O python.tar.xz \"https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz\"; \techo \"$PYTHON_SHA256 *python.tar.xz\" | sha256sum -c -; \twget -O python.tar.xz.asc \"https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc\"; \tGNUPGHOME=\"$(mktemp -d)\"; export GNUPGHOME; \tgpg --batch --keyserver hkps://keys.openpgp.org --recv-keys \"$GPG_KEY\"; \tgpg --batch --verify python.tar.xz.asc python.tar.xz; \tgpgconf --kill all; \trm -rf \"$GNUPGHOME\" python.tar.xz.asc; \tmkdir -p /usr/src/python; \ttar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; \trm python.tar.xz; \t\tcd /usr/src/python; \tgnuArch=\"$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)\"; \t./configure \t\t--build=\"$gnuArch\" \t\t--enable-loadable-sqlite-extensions \t\t--enable-option-checking=fatal \t\t--enable-shared \t\t$(test \"${gnuArch%%-*}\" != 'riscv64' \u0026\u0026 echo '--with-lto') \t\t--with-ensurepip \t; \tnproc=\"$(nproc)\"; \tEXTRA_CFLAGS=\"-DTHREAD_STACK_SIZE=0x100000\"; \tLDFLAGS=\"${LDFLAGS:--Wl},--strip-all\"; \t\tarch=\"$(apk --print-arch)\"; \t\tcase \"$arch\" in \t\t\tx86_64|aarch64) \t\t\t\tEXTRA_CFLAGS=\"${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer\"; \t\t\t\t;; \t\t\tx86) \t\t\t\t;; \t\t\t*) \t\t\t\tEXTRA_CFLAGS=\"${EXTRA_CFLAGS:-} -fno-omit-frame-pointer\"; \t\t\t\t;; \t\tesac; \tmake -j \"$nproc\" \t\t\"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}\" \t\t\"LDFLAGS=${LDFLAGS:-}\" \t; \trm python; \tmake -j \"$nproc\" \t\t\"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}\" \t\t\"LDFLAGS=${LDFLAGS:--Wl},-rpath='\\$\\$ORIGIN/../lib'\" \t\tpython \t; \tmake install; \t\tcd /; \trm -rf /usr/src/python; \t\tfind /usr/local -depth \t\t\\( \t\t\t\\( -type d -a \\( -name test -o -name tests -o -name idle_test \\) \\) \t\t\t-o \\( -type f -a \\( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \\) \\) \t\t\\) -exec rm -rf '{}' + \t; \t\tfind /usr/local -type f -executable -not \\( -name '*tkinter*' \\) -exec scanelf --needed --nobanner --format '%n#p' '{}' ';' \t\t| tr ',' '\\n' \t\t| sort -u \t\t| awk 'system(\"[ -e /usr/local/lib/\" $1 \" ]\") == 0 { next } { print \"so:\" $1 }' \t\t| xargs -rt apk add --no-network --virtual .python-rundeps \t; \tapk del --no-network .build-deps; \t\texport PYTHONDONTWRITEBYTECODE=1; \tpython3 --version; \tpip3 --version # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-10-09T15:49:21Z", + "created_by": "RUN /bin/sh -c set -eux; \tfor src in idle3 pip3 pydoc3 python3 python3-config; do \t\tdst=\"$(echo \"$src\" | tr -d 3)\"; \t\t[ -s \"/usr/local/bin/$src\" ]; \t\t[ ! -e \"/usr/local/bin/$dst\" ]; \t\tln -svT \"$src\" \"/usr/local/bin/$dst\"; \tdone # buildkit", + "comment": "buildkit.dockerfile.v0" + }, + { + "created": "2025-10-09T15:49:21Z", + "created_by": "CMD [\"python3\"]", + "comment": "buildkit.dockerfile.v0", + "empty_layer": true + } + ], + "os": "linux", + "rootfs": { + "type": "layers", + "diff_ids": [ + "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b", + "sha256:6d4435bda110341f7737aecca319b193f2c984077bb0f202f1011f66f74129e7", + "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9", + "sha256:97dfed8fdc320612c2f64f4f25a3dea01c498bc5dc332ca05844dc5c55590fbd" + ] + }, + "config": { + "Cmd": [ + "python3" + ], + "Env": [ + "PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "LANG=C.UTF-8", + "GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305", + "PYTHON_VERSION=3.12.12", + "PYTHON_SHA256=fb85a13414b028c49ba18bbd523c2d055a30b56b18b92ce454ea2c51edc656c4" + ], + "WorkingDir": "/" + } + }, + "Layers": [ + { + "Size": 8117760, + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + { + "Size": 1676288, + "Digest": "sha256:2e4c45faf316c45eb1b02cc0c7e3b4c25a3584c52c3fc6e1c540fda517bfddd5", + "DiffID": "sha256:6d4435bda110341f7737aecca319b193f2c984077bb0f202f1011f66f74129e7" + }, + { + "Size": 40705536, + "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", + "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" + }, + { + "Size": 5120, + "Digest": "sha256:5bb875b37f265fbc80ba641245a01eceb6b761e9fbf2ecc408ac218339139bd5", + "DiffID": "sha256:97dfed8fdc320612c2f64f4f25a3dea01c498bc5dc332ca05844dc5c55590fbd" + } + ] + } + ], + "Results": [ + { + "Target": "python:3.12-alpine3.21 (alpine 3.21.5)", + "Class": "os-pkgs", + "Type": "alpine", + "Packages": [ + { + "ID": ".python-rundeps@20251009.223744", + "Name": ".python-rundeps", + "Identifier": { + "PURL": "pkg:apk/alpine/.python-rundeps@20251009.223744?arch=noarch\u0026distro=3.21.5", + "UID": "89249f3f0dfa2450" + }, + "Version": "20251009.223744", + "Arch": "noarch", + "DependsOn": [ + "gdbm@1.24-r0", + "libbz2@1.0.8-r6", + "libcrypto3@3.3.5-r0", + "libffi@3.4.7-r0", + "libncursesw@6.5_p20241006-r3", + "libnsl@2.0.1-r0", + "libpanelw@6.5_p20241006-r3", + "libssl3@3.3.5-r0", + "libtirpc@1.3.5-r0", + "libuuid@2.40.4-r1", + "musl@1.2.5-r9", + "readline@8.2.13-r0", + "sqlite-libs@3.48.0-r4", + "xz-libs@5.6.3-r1", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", + "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" + }, + "Digest": "sha1:9048b25a36292f5a93d8af024af7422615f4abad", + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-baselayout@3.6.8-r1", + "Name": "alpine-baselayout", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout@3.6.8-r1?arch=x86_64\u0026distro=3.21.5", + "UID": "488bbcabff990e76" + }, + "Version": "3.6.8-r1", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.6.8-r1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-baselayout-data@3.6.8-r1", + "busybox-binsh@1.37.0-r13" + ], + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "Digest": "sha1:eceb5e3555e7f7f8925dc248d557fcc744d573d6", + "InstalledFiles": [ + "etc/motd", + "etc/crontabs/root", + "etc/modprobe.d/aliases.conf", + "etc/modprobe.d/blacklist.conf", + "etc/modprobe.d/i386.conf", + "etc/modprobe.d/kms.conf", + "etc/profile.d/20locale.sh", + "etc/profile.d/README", + "etc/profile.d/color_prompt.sh.disabled", + "usr/lib/sysctl.d/00-alpine.conf", + "var/lock", + "var/run", + "var/spool/mail", + "var/spool/cron/crontabs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-baselayout-data@3.6.8-r1", + "Name": "alpine-baselayout-data", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.6.8-r1?arch=x86_64\u0026distro=3.21.5", + "UID": "a35ff814457b106b" + }, + "Version": "3.6.8-r1", + "Arch": "x86_64", + "SrcName": "alpine-baselayout", + "SrcVersion": "3.6.8-r1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "Digest": "sha1:7979a835bc317cedb997d3a42f3b10be86a8d18a", + "InstalledFiles": [ + "etc/fstab", + "etc/group", + "etc/hostname", + "etc/hosts", + "etc/inittab", + "etc/modules", + "etc/mtab", + "etc/nsswitch.conf", + "etc/passwd", + "etc/profile", + "etc/protocols", + "etc/services", + "etc/shadow", + "etc/shells", + "etc/sysctl.conf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-keys@2.5-r0", + "Name": "alpine-keys", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-keys@2.5-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "e87ecc7343d144e0" + }, + "Version": "2.5-r0", + "Arch": "x86_64", + "SrcName": "alpine-keys", + "SrcVersion": "2.5-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "Digest": "sha1:91014bfdba0e7f7b4505159466e9f19871606a59", + "InstalledFiles": [ + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", + "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", + "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", + "usr/share/apk/keys/loongarch64/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", + "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", + "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", + "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", + "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", + "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", + "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "alpine-release@3.21.5-r0", + "Name": "alpine-release", + "Identifier": { + "PURL": "pkg:apk/alpine/alpine-release@3.21.5-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "5f453612d66d3774" + }, + "Version": "3.21.5-r0", + "Arch": "x86_64", + "SrcName": "alpine-base", + "SrcVersion": "3.21.5-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "alpine-keys@2.5-r0" + ], + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "Digest": "sha1:17fc4cd975359564a4cedfc75de2bbc1c121d0fa", + "InstalledFiles": [ + "etc/alpine-release", + "etc/issue", + "etc/os-release", + "etc/secfixes.d/alpine", + "usr/lib/os-release" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "apk-tools@2.14.6-r3", + "Name": "apk-tools", + "Identifier": { + "PURL": "pkg:apk/alpine/apk-tools@2.14.6-r3?arch=x86_64\u0026distro=3.21.5", + "UID": "c5364b2cfe848b91" + }, + "Version": "2.14.6-r3", + "Arch": "x86_64", + "SrcName": "apk-tools", + "SrcVersion": "2.14.6-r3", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "ca-certificates-bundle@20250911-r0", + "libcrypto3@3.3.5-r0", + "libssl3@3.3.5-r0", + "musl@1.2.5-r9", + "zlib@1.3.1-r2" + ], + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "Digest": "sha1:9704358d1b44fa771e0a0a3a527d8a26830e3eba", + "InstalledFiles": [ + "sbin/apk", + "usr/lib/libapk.so.2.14.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox@1.37.0-r13", + "Name": "busybox", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox@1.37.0-r13?arch=x86_64\u0026distro=3.21.5", + "UID": "8fda363a8f5a07b1" + }, + "Version": "1.37.0-r13", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r13", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "Digest": "sha1:8540c848721426856761fe719d4af87212c0809e", + "InstalledFiles": [ + "bin/busybox", + "etc/securetty", + "etc/busybox-paths.d/busybox", + "etc/logrotate.d/acpid", + "etc/network/if-up.d/dad", + "etc/udhcpc/udhcpc.conf", + "usr/share/udhcpc/default.script" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "busybox-binsh@1.37.0-r13", + "Name": "busybox-binsh", + "Identifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r13?arch=x86_64\u0026distro=3.21.5", + "UID": "cb91567fa5d7f91d" + }, + "Version": "1.37.0-r13", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r13", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "busybox@1.37.0-r13" + ], + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "Digest": "sha1:c6fb712fe218a91441c3c93af8320da9d41725d9", + "InstalledFiles": [ + "bin/sh" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates@20250911-r0", + "Name": "ca-certificates", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates@20250911-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "4430103926921dfa" + }, + "Version": "20250911-r0", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20250911-r0", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "busybox-binsh@1.37.0-r13", + "libcrypto3@3.3.5-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:2e4c45faf316c45eb1b02cc0c7e3b4c25a3584c52c3fc6e1c540fda517bfddd5", + "DiffID": "sha256:6d4435bda110341f7737aecca319b193f2c984077bb0f202f1011f66f74129e7" + }, + "Digest": "sha1:cfc09a91ee9238553277ed988779162b9e45a457", + "InstalledFiles": [ + "etc/ca-certificates.conf", + "etc/apk/protected_paths.d/ca-certificates.list", + "etc/ca-certificates/update.d/certhash", + "usr/bin/c_rehash", + "usr/sbin/update-ca-certificates", + "usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", + "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", + "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", + "usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", + "usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", + "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", + "usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", + "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", + "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", + "usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", + "usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", + "usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", + "usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", + "usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", + "usr/share/ca-certificates/mozilla/Certigna.crt", + "usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", + "usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-01.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-02.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-01.crt", + "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-02.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_2_2023.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_2_2023.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", + "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", + "usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", + "usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", + "usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", + "usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", + "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", + "usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", + "usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", + "usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", + "usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", + "usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", + "usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", + "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", + "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", + "usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", + "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", + "usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", + "usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", + "usr/share/ca-certificates/mozilla/Izenpe.com.crt", + "usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", + "usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", + "usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", + "usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", + "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", + "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", + "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", + "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", + "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", + "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", + "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", + "usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", + "usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", + "usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", + "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", + "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", + "usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", + "usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", + "usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", + "usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", + "usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", + "usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", + "usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", + "usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", + "usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", + "usr/share/ca-certificates/mozilla/SwissSign_RSA_TLS_Root_CA_2022_-_1.crt", + "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", + "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", + "usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", + "usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", + "usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", + "usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", + "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", + "usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", + "usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_TLS_ECC_Root_CA.crt", + "usr/share/ca-certificates/mozilla/TrustAsia_TLS_RSA_Root_CA.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", + "usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", + "usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", + "usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", + "usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", + "usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", + "usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", + "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", + "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", + "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", + "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", + "usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", + "usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ca-certificates-bundle@20250911-r0", + "Name": "ca-certificates-bundle", + "Identifier": { + "PURL": "pkg:apk/alpine/ca-certificates-bundle@20250911-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "bd747ea9500caca2" + }, + "Version": "20250911-r0", + "Arch": "x86_64", + "SrcName": "ca-certificates", + "SrcVersion": "20250911-r0", + "Licenses": [ + "MPL-2.0", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "Digest": "sha1:2c8ae30112c2bcd07e1a9d44f0ff64a7286cdabc", + "InstalledFiles": [ + "etc/ssl/cert.pem", + "etc/ssl/certs/ca-certificates.crt", + "etc/ssl1.1/cert.pem", + "etc/ssl1.1/certs" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "gdbm@1.24-r0", + "Name": "gdbm", + "Identifier": { + "PURL": "pkg:apk/alpine/gdbm@1.24-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "16187e1189640a5f" + }, + "Version": "1.24-r0", + "Arch": "x86_64", + "SrcName": "gdbm", + "SrcVersion": "1.24-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", + "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" + }, + "Digest": "sha1:06876a4fe8da5ca1e5930daa08aaf90629c35074", + "InstalledFiles": [ + "usr/lib/libgdbm.so.6", + "usr/lib/libgdbm.so.6.0.0", + "usr/lib/libgdbm_compat.so.4", + "usr/lib/libgdbm_compat.so.4.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "keyutils-libs@1.6.3-r4", + "Name": "keyutils-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/keyutils-libs@1.6.3-r4?arch=x86_64\u0026distro=3.21.5", + "UID": "5818e21637d6b797" + }, + "Version": "1.6.3-r4", + "Arch": "x86_64", + "SrcName": "keyutils", + "SrcVersion": "1.6.3-r4", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", + "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" + }, + "Digest": "sha1:128ea507e8ce17fd70c5ec18f8581633dac01a66", + "InstalledFiles": [ + "usr/lib/libkeyutils.so.1", + "usr/lib/libkeyutils.so.1.10" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "krb5-conf@1.0-r2", + "Name": "krb5-conf", + "Identifier": { + "PURL": "pkg:apk/alpine/krb5-conf@1.0-r2?arch=x86_64\u0026distro=3.21.5", + "UID": "9273a2b8d3ad3c52" + }, + "Version": "1.0-r2", + "Arch": "x86_64", + "SrcName": "krb5-conf", + "SrcVersion": "1.0-r2", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", + "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" + }, + "Digest": "sha1:bd3748a2e1d04eaea8668277f2540249decf38b0", + "InstalledFiles": [ + "etc/krb5.conf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "krb5-libs@1.21.3-r0", + "Name": "krb5-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/krb5-libs@1.21.3-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "4453bf7797342d0d" + }, + "Version": "1.21.3-r0", + "Arch": "x86_64", + "SrcName": "krb5", + "SrcVersion": "1.21.3-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "keyutils-libs@1.6.3-r4", + "krb5-conf@1.0-r2", + "libcom_err@1.47.1-r1", + "libcrypto3@3.3.5-r0", + "libssl3@3.3.5-r0", + "libverto@0.3.2-r2", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", + "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" + }, + "Digest": "sha1:8da452f1ff426ddb0c8d6f62ad3f0201980d20fe", + "InstalledFiles": [ + "usr/lib/libgssapi_krb5.so.2", + "usr/lib/libgssapi_krb5.so.2.2", + "usr/lib/libgssrpc.so.4", + "usr/lib/libgssrpc.so.4.2", + "usr/lib/libk5crypto.so.3", + "usr/lib/libk5crypto.so.3.1", + "usr/lib/libkadm5clnt_mit.so.12", + "usr/lib/libkadm5clnt_mit.so.12.0", + "usr/lib/libkadm5srv_mit.so.12", + "usr/lib/libkadm5srv_mit.so.12.0", + "usr/lib/libkdb5.so.10", + "usr/lib/libkdb5.so.10.0", + "usr/lib/libkrad.so.0", + "usr/lib/libkrad.so.0.0", + "usr/lib/libkrb5.so.3", + "usr/lib/libkrb5.so.3.3", + "usr/lib/libkrb5support.so.0", + "usr/lib/libkrb5support.so.0.1", + "usr/lib/krb5/plugins/kdb/db2.so", + "usr/lib/krb5/plugins/preauth/otp.so", + "usr/lib/krb5/plugins/preauth/spake.so", + "usr/lib/krb5/plugins/preauth/test.so", + "usr/lib/krb5/plugins/tls/k5tls.so" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libbz2@1.0.8-r6", + "Name": "libbz2", + "Identifier": { + "PURL": "pkg:apk/alpine/libbz2@1.0.8-r6?arch=x86_64\u0026distro=3.21.5", + "UID": "68ca16760186f1f7" + }, + "Version": "1.0.8-r6", + "Arch": "x86_64", + "SrcName": "bzip2", + "SrcVersion": "1.0.8-r6", + "Licenses": [ + "bzip-2-1.0.6" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", + "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" + }, + "Digest": "sha1:54f88b518e92e39616f55bff21e0c3c1eec44446", + "InstalledFiles": [ + "usr/lib/libbz2.so.1", + "usr/lib/libbz2.so.1.0.8" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcom_err@1.47.1-r1", + "Name": "libcom_err", + "Identifier": { + "PURL": "pkg:apk/alpine/libcom_err@1.47.1-r1?arch=x86_64\u0026distro=3.21.5", + "UID": "9ea7f0ab0731d03d" + }, + "Version": "1.47.1-r1", + "Arch": "x86_64", + "SrcName": "e2fsprogs", + "SrcVersion": "1.47.1-r1", + "Licenses": [ + "GPL-2.0-or-later", + "LGPL-2.0-or-later", + "BSD-3-Clause", + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", + "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" + }, + "Digest": "sha1:fadca43c547e85389b2b11af9197aa8562e9ea45", + "InstalledFiles": [ + "usr/lib/libcom_err.so.2", + "usr/lib/libcom_err.so.2.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libcrypto3@3.3.5-r0", + "Name": "libcrypto3", + "Identifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "15bbec8716141e63" + }, + "Version": "3.3.5-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.3.5-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "Digest": "sha1:58660d06cbe9b18680a8d6856f20d788b1732347", + "InstalledFiles": [ + "etc/ssl/ct_log_list.cnf", + "etc/ssl/ct_log_list.cnf.dist", + "etc/ssl/openssl.cnf", + "etc/ssl/openssl.cnf.dist", + "usr/lib/libcrypto.so.3", + "usr/lib/engines-3/afalg.so", + "usr/lib/engines-3/capi.so", + "usr/lib/engines-3/loader_attic.so", + "usr/lib/engines-3/padlock.so", + "usr/lib/ossl-modules/legacy.so" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libffi@3.4.7-r0", + "Name": "libffi", + "Identifier": { + "PURL": "pkg:apk/alpine/libffi@3.4.7-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "f8faa7473f2fb614" + }, + "Version": "3.4.7-r0", + "Arch": "x86_64", + "SrcName": "libffi", + "SrcVersion": "3.4.7-r0", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", + "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" + }, + "Digest": "sha1:1e1f0d2d6f18a06f48d3b34d0bbddbfe7c77e23a", + "InstalledFiles": [ + "usr/lib/libffi.so.8", + "usr/lib/libffi.so.8.1.4" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libintl@0.22.5-r0", + "Name": "libintl", + "Identifier": { + "PURL": "pkg:apk/alpine/libintl@0.22.5-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "8042f9b62820ffd5" + }, + "Version": "0.22.5-r0", + "Arch": "x86_64", + "SrcName": "gettext", + "SrcVersion": "0.22.5-r0", + "Licenses": [ + "LGPL-2.1-or-later" + ], + "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", + "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" + }, + "Digest": "sha1:c3f183a55f73801890303634540cf1c84530cc17", + "InstalledFiles": [ + "usr/lib/libintl.so.8", + "usr/lib/libintl.so.8.4.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libncursesw@6.5_p20241006-r3", + "Name": "libncursesw", + "Identifier": { + "PURL": "pkg:apk/alpine/libncursesw@6.5_p20241006-r3?arch=x86_64\u0026distro=3.21.5", + "UID": "75cdd41a72db6f1" + }, + "Version": "6.5_p20241006-r3", + "Arch": "x86_64", + "SrcName": "ncurses", + "SrcVersion": "6.5_p20241006-r3", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9", + "ncurses-terminfo-base@6.5_p20241006-r3" + ], + "Layer": { + "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", + "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" + }, + "Digest": "sha1:1f4a0b567990a75699de992aa91da75bad914a57", + "InstalledFiles": [ + "usr/lib/libncursesw.so.6", + "usr/lib/libncursesw.so.6.5" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libnsl@2.0.1-r0", + "Name": "libnsl", + "Identifier": { + "PURL": "pkg:apk/alpine/libnsl@2.0.1-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "9057250f5191ae3a" + }, + "Version": "2.0.1-r0", + "Arch": "x86_64", + "SrcName": "libnsl", + "SrcVersion": "2.0.1-r0", + "Licenses": [ + "LGPL-2.0-or-later" + ], + "Maintainer": "Valery Kartel \u003cvalery.kartel@gmail.com\u003e", + "DependsOn": [ + "libintl@0.22.5-r0", + "libtirpc@1.3.5-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", + "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" + }, + "Digest": "sha1:3a613a31b8318cd70b67c824c0ba76b236401bbd", + "InstalledFiles": [ + "usr/lib/libnsl.so.3", + "usr/lib/libnsl.so.3.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libpanelw@6.5_p20241006-r3", + "Name": "libpanelw", + "Identifier": { + "PURL": "pkg:apk/alpine/libpanelw@6.5_p20241006-r3?arch=x86_64\u0026distro=3.21.5", + "UID": "bc19a00a809b43ea" + }, + "Version": "6.5_p20241006-r3", + "Arch": "x86_64", + "SrcName": "ncurses", + "SrcVersion": "6.5_p20241006-r3", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libncursesw@6.5_p20241006-r3", + "musl@1.2.5-r9", + "ncurses-terminfo-base@6.5_p20241006-r3" + ], + "Layer": { + "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", + "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" + }, + "Digest": "sha1:b7928b751d482d3ee192ef1cb0f4b8de1baa0b20", + "InstalledFiles": [ + "usr/lib/libpanelw.so.6", + "usr/lib/libpanelw.so.6.5" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libssl3@3.3.5-r0", + "Name": "libssl3", + "Identifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "4587120bb4626f4e" + }, + "Version": "3.3.5-r0", + "Arch": "x86_64", + "SrcName": "openssl", + "SrcVersion": "3.3.5-r0", + "Licenses": [ + "Apache-2.0" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libcrypto3@3.3.5-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "Digest": "sha1:6d1b46956b699923dfc7b5217178bc44c090d14d", + "InstalledFiles": [ + "usr/lib/libssl.so.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libtirpc@1.3.5-r0", + "Name": "libtirpc", + "Identifier": { + "PURL": "pkg:apk/alpine/libtirpc@1.3.5-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "9f843b39cfcaf60e" + }, + "Version": "1.3.5-r0", + "Arch": "x86_64", + "SrcName": "libtirpc", + "SrcVersion": "1.3.5-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "krb5-libs@1.21.3-r0", + "libtirpc-conf@1.3.5-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", + "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" + }, + "Digest": "sha1:f110fc99b234f7808622abb3ff4a65d9d2cf4be3", + "InstalledFiles": [ + "usr/lib/libtirpc.so.3", + "usr/lib/libtirpc.so.3.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libtirpc-conf@1.3.5-r0", + "Name": "libtirpc-conf", + "Identifier": { + "PURL": "pkg:apk/alpine/libtirpc-conf@1.3.5-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "4b1fd5c09318a135" + }, + "Version": "1.3.5-r0", + "Arch": "x86_64", + "SrcName": "libtirpc", + "SrcVersion": "1.3.5-r0", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", + "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" + }, + "Digest": "sha1:e10eac0d013b135befa2311a7ef3791424895595", + "InstalledFiles": [ + "etc/bindresvport.blacklist", + "etc/netconfig" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libuuid@2.40.4-r1", + "Name": "libuuid", + "Identifier": { + "PURL": "pkg:apk/alpine/libuuid@2.40.4-r1?arch=x86_64\u0026distro=3.21.5", + "UID": "1955cd330a5ab9e8" + }, + "Version": "2.40.4-r1", + "Arch": "x86_64", + "SrcName": "util-linux", + "SrcVersion": "2.40.4-r1", + "Licenses": [ + "BSD-3-Clause" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", + "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" + }, + "Digest": "sha1:8d5e7fbe81f31a882f22c00eba732dcf45a7e90c", + "InstalledFiles": [ + "usr/lib/libuuid.so.1", + "usr/lib/libuuid.so.1.3.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "libverto@0.3.2-r2", + "Name": "libverto", + "Identifier": { + "PURL": "pkg:apk/alpine/libverto@0.3.2-r2?arch=x86_64\u0026distro=3.21.5", + "UID": "67e5fa5840c0d028" + }, + "Version": "0.3.2-r2", + "Arch": "x86_64", + "SrcName": "libverto", + "SrcVersion": "0.3.2-r2", + "Licenses": [ + "MIT" + ], + "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", + "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" + }, + "Digest": "sha1:154644a18e6de4d3b6d9d6c2c35d28826b9167a1", + "InstalledFiles": [ + "usr/lib/libverto.so.1", + "usr/lib/libverto.so.1.0.0" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl@1.2.5-r9", + "Name": "musl", + "Identifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r9?arch=x86_64\u0026distro=3.21.5", + "UID": "d0316c4ab0862e6b" + }, + "Version": "1.2.5-r9", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.5-r9", + "Licenses": [ + "MIT" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "Digest": "sha1:fcbef23891ec04f81a28b98dbbb521e58218d2d8", + "InstalledFiles": [ + "lib/ld-musl-x86_64.so.1", + "lib/libc.musl-x86_64.so.1" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "musl-utils@1.2.5-r9", + "Name": "musl-utils", + "Identifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r9?arch=x86_64\u0026distro=3.21.5", + "UID": "8991799c5350cf95" + }, + "Version": "1.2.5-r9", + "Arch": "x86_64", + "SrcName": "musl", + "SrcVersion": "1.2.5-r9", + "Licenses": [ + "MIT", + "BSD-2-Clause", + "GPL-2.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9", + "scanelf@1.3.8-r1" + ], + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "Digest": "sha1:dd00323d3c0b14f2607f7a14ef503ebb4f737d22", + "InstalledFiles": [ + "sbin/ldconfig", + "usr/bin/getconf", + "usr/bin/getent", + "usr/bin/iconv", + "usr/bin/ldd" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ncurses-terminfo-base@6.5_p20241006-r3", + "Name": "ncurses-terminfo-base", + "Identifier": { + "PURL": "pkg:apk/alpine/ncurses-terminfo-base@6.5_p20241006-r3?arch=x86_64\u0026distro=3.21.5", + "UID": "ba7a41d37c387447" + }, + "Version": "6.5_p20241006-r3", + "Arch": "x86_64", + "SrcName": "ncurses", + "SrcVersion": "6.5_p20241006-r3", + "Licenses": [ + "X-11" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", + "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" + }, + "Digest": "sha1:a2bc82a235e7172605f069a36c371f955bc9d8fc", + "InstalledFiles": [ + "etc/terminfo/a/alacritty", + "etc/terminfo/a/ansi", + "etc/terminfo/d/dumb", + "etc/terminfo/g/gnome", + "etc/terminfo/g/gnome-256color", + "etc/terminfo/k/konsole", + "etc/terminfo/k/konsole-256color", + "etc/terminfo/k/konsole-linux", + "etc/terminfo/l/linux", + "etc/terminfo/p/putty", + "etc/terminfo/p/putty-256color", + "etc/terminfo/r/rxvt", + "etc/terminfo/r/rxvt-256color", + "etc/terminfo/s/screen", + "etc/terminfo/s/screen-256color", + "etc/terminfo/s/st-0.6", + "etc/terminfo/s/st-0.7", + "etc/terminfo/s/st-0.8", + "etc/terminfo/s/st-16color", + "etc/terminfo/s/st-256color", + "etc/terminfo/s/st-direct", + "etc/terminfo/s/sun", + "etc/terminfo/t/terminator", + "etc/terminfo/t/terminology", + "etc/terminfo/t/terminology-0.6.1", + "etc/terminfo/t/terminology-1.0.0", + "etc/terminfo/t/terminology-1.8.1", + "etc/terminfo/t/tmux", + "etc/terminfo/t/tmux-256color", + "etc/terminfo/v/vt100", + "etc/terminfo/v/vt102", + "etc/terminfo/v/vt200", + "etc/terminfo/v/vt220", + "etc/terminfo/v/vt52", + "etc/terminfo/v/vte", + "etc/terminfo/v/vte-256color", + "etc/terminfo/x/xterm", + "etc/terminfo/x/xterm-256color", + "etc/terminfo/x/xterm-color", + "etc/terminfo/x/xterm-xfree86" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "readline@8.2.13-r0", + "Name": "readline", + "Identifier": { + "PURL": "pkg:apk/alpine/readline@8.2.13-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "8e448129748c2000" + }, + "Version": "8.2.13-r0", + "Arch": "x86_64", + "SrcName": "readline", + "SrcVersion": "8.2.13-r0", + "Licenses": [ + "GPL-3.0-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "libncursesw@6.5_p20241006-r3", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", + "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" + }, + "Digest": "sha1:b99e42766d2d37aa8b69820daa080ab50c28a150", + "InstalledFiles": [ + "etc/inputrc", + "usr/lib/libreadline.so.8", + "usr/lib/libreadline.so.8.2" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "scanelf@1.3.8-r1", + "Name": "scanelf", + "Identifier": { + "PURL": "pkg:apk/alpine/scanelf@1.3.8-r1?arch=x86_64\u0026distro=3.21.5", + "UID": "99c1bc01da347386" + }, + "Version": "1.3.8-r1", + "Arch": "x86_64", + "SrcName": "pax-utils", + "SrcVersion": "1.3.8-r1", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "Digest": "sha1:77729f7622baeaafb6feaf7486f4f5452c1c7b62", + "InstalledFiles": [ + "usr/bin/scanelf" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "sqlite-libs@3.48.0-r4", + "Name": "sqlite-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/sqlite-libs@3.48.0-r4?arch=x86_64\u0026distro=3.21.5", + "UID": "4ecf52bb751970f8" + }, + "Version": "3.48.0-r4", + "Arch": "x86_64", + "SrcName": "sqlite", + "SrcVersion": "3.48.0-r4", + "Licenses": [ + "blessing" + ], + "Maintainer": "Celeste \u003ccielesti@protonmail.com\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", + "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" + }, + "Digest": "sha1:21356bb7c412444a10317870f10d60ad6eb9dcba", + "InstalledFiles": [ + "usr/lib/libsqlite3.so.0", + "usr/lib/libsqlite3.so.0.8.6" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "ssl_client@1.37.0-r13", + "Name": "ssl_client", + "Identifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r13?arch=x86_64\u0026distro=3.21.5", + "UID": "a2f8df60e844b202" + }, + "Version": "1.37.0-r13", + "Arch": "x86_64", + "SrcName": "busybox", + "SrcVersion": "1.37.0-r13", + "Licenses": [ + "GPL-2.0-only" + ], + "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", + "DependsOn": [ + "libcrypto3@3.3.5-r0", + "libssl3@3.3.5-r0", + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "Digest": "sha1:ba7b8b5914ab3e8f1a86aaf46bfa1a8f3bc26fa7", + "InstalledFiles": [ + "usr/bin/ssl_client" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "tzdata@2025b-r0", + "Name": "tzdata", + "Identifier": { + "PURL": "pkg:apk/alpine/tzdata@2025b-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "f39c8382d2f13a32" + }, + "Version": "2025b-r0", + "Arch": "x86_64", + "SrcName": "tzdata", + "SrcVersion": "2025b-r0", + "Licenses": [ + "Public-Domain" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "Layer": { + "Digest": "sha256:2e4c45faf316c45eb1b02cc0c7e3b4c25a3584c52c3fc6e1c540fda517bfddd5", + "DiffID": "sha256:6d4435bda110341f7737aecca319b193f2c984077bb0f202f1011f66f74129e7" + }, + "Digest": "sha1:c4fd9128726d6147b326fdaf47a64e72749b3488", + "InstalledFiles": [ + "usr/share/zoneinfo/CET", + "usr/share/zoneinfo/CST6CDT", + "usr/share/zoneinfo/Cuba", + "usr/share/zoneinfo/EET", + "usr/share/zoneinfo/EST", + "usr/share/zoneinfo/EST5EDT", + "usr/share/zoneinfo/Egypt", + "usr/share/zoneinfo/Eire", + "usr/share/zoneinfo/Factory", + "usr/share/zoneinfo/GB", + "usr/share/zoneinfo/GB-Eire", + "usr/share/zoneinfo/GMT", + "usr/share/zoneinfo/GMT+0", + "usr/share/zoneinfo/GMT-0", + "usr/share/zoneinfo/GMT0", + "usr/share/zoneinfo/Greenwich", + "usr/share/zoneinfo/HST", + "usr/share/zoneinfo/Hongkong", + "usr/share/zoneinfo/Iceland", + "usr/share/zoneinfo/Iran", + "usr/share/zoneinfo/Israel", + "usr/share/zoneinfo/Jamaica", + "usr/share/zoneinfo/Japan", + "usr/share/zoneinfo/Kwajalein", + "usr/share/zoneinfo/Libya", + "usr/share/zoneinfo/MET", + "usr/share/zoneinfo/MST", + "usr/share/zoneinfo/MST7MDT", + "usr/share/zoneinfo/NZ", + "usr/share/zoneinfo/NZ-CHAT", + "usr/share/zoneinfo/Navajo", + "usr/share/zoneinfo/PRC", + "usr/share/zoneinfo/PST8PDT", + "usr/share/zoneinfo/Poland", + "usr/share/zoneinfo/Portugal", + "usr/share/zoneinfo/ROC", + "usr/share/zoneinfo/ROK", + "usr/share/zoneinfo/Singapore", + "usr/share/zoneinfo/Turkey", + "usr/share/zoneinfo/UCT", + "usr/share/zoneinfo/UTC", + "usr/share/zoneinfo/Universal", + "usr/share/zoneinfo/W-SU", + "usr/share/zoneinfo/WET", + "usr/share/zoneinfo/Zulu", + "usr/share/zoneinfo/iso3166.tab", + "usr/share/zoneinfo/leap-seconds.list", + "usr/share/zoneinfo/posixrules", + "usr/share/zoneinfo/zone.tab", + "usr/share/zoneinfo/zone1970.tab", + "usr/share/zoneinfo/Africa/Abidjan", + "usr/share/zoneinfo/Africa/Accra", + "usr/share/zoneinfo/Africa/Addis_Ababa", + "usr/share/zoneinfo/Africa/Algiers", + "usr/share/zoneinfo/Africa/Asmara", + "usr/share/zoneinfo/Africa/Asmera", + "usr/share/zoneinfo/Africa/Bamako", + "usr/share/zoneinfo/Africa/Bangui", + "usr/share/zoneinfo/Africa/Banjul", + "usr/share/zoneinfo/Africa/Bissau", + "usr/share/zoneinfo/Africa/Blantyre", + "usr/share/zoneinfo/Africa/Brazzaville", + "usr/share/zoneinfo/Africa/Bujumbura", + "usr/share/zoneinfo/Africa/Cairo", + "usr/share/zoneinfo/Africa/Casablanca", + "usr/share/zoneinfo/Africa/Ceuta", + "usr/share/zoneinfo/Africa/Conakry", + "usr/share/zoneinfo/Africa/Dakar", + "usr/share/zoneinfo/Africa/Dar_es_Salaam", + "usr/share/zoneinfo/Africa/Djibouti", + "usr/share/zoneinfo/Africa/Douala", + "usr/share/zoneinfo/Africa/El_Aaiun", + "usr/share/zoneinfo/Africa/Freetown", + "usr/share/zoneinfo/Africa/Gaborone", + "usr/share/zoneinfo/Africa/Harare", + "usr/share/zoneinfo/Africa/Johannesburg", + "usr/share/zoneinfo/Africa/Juba", + "usr/share/zoneinfo/Africa/Kampala", + "usr/share/zoneinfo/Africa/Khartoum", + "usr/share/zoneinfo/Africa/Kigali", + "usr/share/zoneinfo/Africa/Kinshasa", + "usr/share/zoneinfo/Africa/Lagos", + "usr/share/zoneinfo/Africa/Libreville", + "usr/share/zoneinfo/Africa/Lome", + "usr/share/zoneinfo/Africa/Luanda", + "usr/share/zoneinfo/Africa/Lubumbashi", + "usr/share/zoneinfo/Africa/Lusaka", + "usr/share/zoneinfo/Africa/Malabo", + "usr/share/zoneinfo/Africa/Maputo", + "usr/share/zoneinfo/Africa/Maseru", + "usr/share/zoneinfo/Africa/Mbabane", + "usr/share/zoneinfo/Africa/Mogadishu", + "usr/share/zoneinfo/Africa/Monrovia", + "usr/share/zoneinfo/Africa/Nairobi", + "usr/share/zoneinfo/Africa/Ndjamena", + "usr/share/zoneinfo/Africa/Niamey", + "usr/share/zoneinfo/Africa/Nouakchott", + "usr/share/zoneinfo/Africa/Ouagadougou", + "usr/share/zoneinfo/Africa/Porto-Novo", + "usr/share/zoneinfo/Africa/Sao_Tome", + "usr/share/zoneinfo/Africa/Timbuktu", + "usr/share/zoneinfo/Africa/Tripoli", + "usr/share/zoneinfo/Africa/Tunis", + "usr/share/zoneinfo/Africa/Windhoek", + "usr/share/zoneinfo/America/Adak", + "usr/share/zoneinfo/America/Anchorage", + "usr/share/zoneinfo/America/Anguilla", + "usr/share/zoneinfo/America/Antigua", + "usr/share/zoneinfo/America/Araguaina", + "usr/share/zoneinfo/America/Aruba", + "usr/share/zoneinfo/America/Asuncion", + "usr/share/zoneinfo/America/Atikokan", + "usr/share/zoneinfo/America/Atka", + "usr/share/zoneinfo/America/Bahia", + "usr/share/zoneinfo/America/Bahia_Banderas", + "usr/share/zoneinfo/America/Barbados", + "usr/share/zoneinfo/America/Belem", + "usr/share/zoneinfo/America/Belize", + "usr/share/zoneinfo/America/Blanc-Sablon", + "usr/share/zoneinfo/America/Boa_Vista", + "usr/share/zoneinfo/America/Bogota", + "usr/share/zoneinfo/America/Boise", + "usr/share/zoneinfo/America/Buenos_Aires", + "usr/share/zoneinfo/America/Cambridge_Bay", + "usr/share/zoneinfo/America/Campo_Grande", + "usr/share/zoneinfo/America/Cancun", + "usr/share/zoneinfo/America/Caracas", + "usr/share/zoneinfo/America/Catamarca", + "usr/share/zoneinfo/America/Cayenne", + "usr/share/zoneinfo/America/Cayman", + "usr/share/zoneinfo/America/Chicago", + "usr/share/zoneinfo/America/Chihuahua", + "usr/share/zoneinfo/America/Ciudad_Juarez", + "usr/share/zoneinfo/America/Coral_Harbour", + "usr/share/zoneinfo/America/Cordoba", + "usr/share/zoneinfo/America/Costa_Rica", + "usr/share/zoneinfo/America/Coyhaique", + "usr/share/zoneinfo/America/Creston", + "usr/share/zoneinfo/America/Cuiaba", + "usr/share/zoneinfo/America/Curacao", + "usr/share/zoneinfo/America/Danmarkshavn", + "usr/share/zoneinfo/America/Dawson", + "usr/share/zoneinfo/America/Dawson_Creek", + "usr/share/zoneinfo/America/Denver", + "usr/share/zoneinfo/America/Detroit", + "usr/share/zoneinfo/America/Dominica", + "usr/share/zoneinfo/America/Edmonton", + "usr/share/zoneinfo/America/Eirunepe", + "usr/share/zoneinfo/America/El_Salvador", + "usr/share/zoneinfo/America/Ensenada", + "usr/share/zoneinfo/America/Fort_Nelson", + "usr/share/zoneinfo/America/Fort_Wayne", + "usr/share/zoneinfo/America/Fortaleza", + "usr/share/zoneinfo/America/Glace_Bay", + "usr/share/zoneinfo/America/Godthab", + "usr/share/zoneinfo/America/Goose_Bay", + "usr/share/zoneinfo/America/Grand_Turk", + "usr/share/zoneinfo/America/Grenada", + "usr/share/zoneinfo/America/Guadeloupe", + "usr/share/zoneinfo/America/Guatemala", + "usr/share/zoneinfo/America/Guayaquil", + "usr/share/zoneinfo/America/Guyana", + "usr/share/zoneinfo/America/Halifax", + "usr/share/zoneinfo/America/Havana", + "usr/share/zoneinfo/America/Hermosillo", + "usr/share/zoneinfo/America/Indianapolis", + "usr/share/zoneinfo/America/Inuvik", + "usr/share/zoneinfo/America/Iqaluit", + "usr/share/zoneinfo/America/Jamaica", + "usr/share/zoneinfo/America/Jujuy", + "usr/share/zoneinfo/America/Juneau", + "usr/share/zoneinfo/America/Knox_IN", + "usr/share/zoneinfo/America/Kralendijk", + "usr/share/zoneinfo/America/La_Paz", + "usr/share/zoneinfo/America/Lima", + "usr/share/zoneinfo/America/Los_Angeles", + "usr/share/zoneinfo/America/Louisville", + "usr/share/zoneinfo/America/Lower_Princes", + "usr/share/zoneinfo/America/Maceio", + "usr/share/zoneinfo/America/Managua", + "usr/share/zoneinfo/America/Manaus", + "usr/share/zoneinfo/America/Marigot", + "usr/share/zoneinfo/America/Martinique", + "usr/share/zoneinfo/America/Matamoros", + "usr/share/zoneinfo/America/Mazatlan", + "usr/share/zoneinfo/America/Mendoza", + "usr/share/zoneinfo/America/Menominee", + "usr/share/zoneinfo/America/Merida", + "usr/share/zoneinfo/America/Metlakatla", + "usr/share/zoneinfo/America/Mexico_City", + "usr/share/zoneinfo/America/Miquelon", + "usr/share/zoneinfo/America/Moncton", + "usr/share/zoneinfo/America/Monterrey", + "usr/share/zoneinfo/America/Montevideo", + "usr/share/zoneinfo/America/Montreal", + "usr/share/zoneinfo/America/Montserrat", + "usr/share/zoneinfo/America/Nassau", + "usr/share/zoneinfo/America/New_York", + "usr/share/zoneinfo/America/Nipigon", + "usr/share/zoneinfo/America/Nome", + "usr/share/zoneinfo/America/Noronha", + "usr/share/zoneinfo/America/Nuuk", + "usr/share/zoneinfo/America/Ojinaga", + "usr/share/zoneinfo/America/Panama", + "usr/share/zoneinfo/America/Pangnirtung", + "usr/share/zoneinfo/America/Paramaribo", + "usr/share/zoneinfo/America/Phoenix", + "usr/share/zoneinfo/America/Port-au-Prince", + "usr/share/zoneinfo/America/Port_of_Spain", + "usr/share/zoneinfo/America/Porto_Acre", + "usr/share/zoneinfo/America/Porto_Velho", + "usr/share/zoneinfo/America/Puerto_Rico", + "usr/share/zoneinfo/America/Punta_Arenas", + "usr/share/zoneinfo/America/Rainy_River", + "usr/share/zoneinfo/America/Rankin_Inlet", + "usr/share/zoneinfo/America/Recife", + "usr/share/zoneinfo/America/Regina", + "usr/share/zoneinfo/America/Resolute", + "usr/share/zoneinfo/America/Rio_Branco", + "usr/share/zoneinfo/America/Rosario", + "usr/share/zoneinfo/America/Santa_Isabel", + "usr/share/zoneinfo/America/Santarem", + "usr/share/zoneinfo/America/Santiago", + "usr/share/zoneinfo/America/Santo_Domingo", + "usr/share/zoneinfo/America/Sao_Paulo", + "usr/share/zoneinfo/America/Scoresbysund", + "usr/share/zoneinfo/America/Shiprock", + "usr/share/zoneinfo/America/Sitka", + "usr/share/zoneinfo/America/St_Barthelemy", + "usr/share/zoneinfo/America/St_Johns", + "usr/share/zoneinfo/America/St_Kitts", + "usr/share/zoneinfo/America/St_Lucia", + "usr/share/zoneinfo/America/St_Thomas", + "usr/share/zoneinfo/America/St_Vincent", + "usr/share/zoneinfo/America/Swift_Current", + "usr/share/zoneinfo/America/Tegucigalpa", + "usr/share/zoneinfo/America/Thule", + "usr/share/zoneinfo/America/Thunder_Bay", + "usr/share/zoneinfo/America/Tijuana", + "usr/share/zoneinfo/America/Toronto", + "usr/share/zoneinfo/America/Tortola", + "usr/share/zoneinfo/America/Vancouver", + "usr/share/zoneinfo/America/Virgin", + "usr/share/zoneinfo/America/Whitehorse", + "usr/share/zoneinfo/America/Winnipeg", + "usr/share/zoneinfo/America/Yakutat", + "usr/share/zoneinfo/America/Yellowknife", + "usr/share/zoneinfo/America/Argentina/Buenos_Aires", + "usr/share/zoneinfo/America/Argentina/Catamarca", + "usr/share/zoneinfo/America/Argentina/ComodRivadavia", + "usr/share/zoneinfo/America/Argentina/Cordoba", + "usr/share/zoneinfo/America/Argentina/Jujuy", + "usr/share/zoneinfo/America/Argentina/La_Rioja", + "usr/share/zoneinfo/America/Argentina/Mendoza", + "usr/share/zoneinfo/America/Argentina/Rio_Gallegos", + "usr/share/zoneinfo/America/Argentina/Salta", + "usr/share/zoneinfo/America/Argentina/San_Juan", + "usr/share/zoneinfo/America/Argentina/San_Luis", + "usr/share/zoneinfo/America/Argentina/Tucuman", + "usr/share/zoneinfo/America/Argentina/Ushuaia", + "usr/share/zoneinfo/America/Indiana/Indianapolis", + "usr/share/zoneinfo/America/Indiana/Knox", + "usr/share/zoneinfo/America/Indiana/Marengo", + "usr/share/zoneinfo/America/Indiana/Petersburg", + "usr/share/zoneinfo/America/Indiana/Tell_City", + "usr/share/zoneinfo/America/Indiana/Vevay", + "usr/share/zoneinfo/America/Indiana/Vincennes", + "usr/share/zoneinfo/America/Indiana/Winamac", + "usr/share/zoneinfo/America/Kentucky/Louisville", + "usr/share/zoneinfo/America/Kentucky/Monticello", + "usr/share/zoneinfo/America/North_Dakota/Beulah", + "usr/share/zoneinfo/America/North_Dakota/Center", + "usr/share/zoneinfo/America/North_Dakota/New_Salem", + "usr/share/zoneinfo/Antarctica/Casey", + "usr/share/zoneinfo/Antarctica/Davis", + "usr/share/zoneinfo/Antarctica/DumontDUrville", + "usr/share/zoneinfo/Antarctica/Macquarie", + "usr/share/zoneinfo/Antarctica/Mawson", + "usr/share/zoneinfo/Antarctica/McMurdo", + "usr/share/zoneinfo/Antarctica/Palmer", + "usr/share/zoneinfo/Antarctica/Rothera", + "usr/share/zoneinfo/Antarctica/South_Pole", + "usr/share/zoneinfo/Antarctica/Syowa", + "usr/share/zoneinfo/Antarctica/Troll", + "usr/share/zoneinfo/Antarctica/Vostok", + "usr/share/zoneinfo/Arctic/Longyearbyen", + "usr/share/zoneinfo/Asia/Aden", + "usr/share/zoneinfo/Asia/Almaty", + "usr/share/zoneinfo/Asia/Amman", + "usr/share/zoneinfo/Asia/Anadyr", + "usr/share/zoneinfo/Asia/Aqtau", + "usr/share/zoneinfo/Asia/Aqtobe", + "usr/share/zoneinfo/Asia/Ashgabat", + "usr/share/zoneinfo/Asia/Ashkhabad", + "usr/share/zoneinfo/Asia/Atyrau", + "usr/share/zoneinfo/Asia/Baghdad", + "usr/share/zoneinfo/Asia/Bahrain", + "usr/share/zoneinfo/Asia/Baku", + "usr/share/zoneinfo/Asia/Bangkok", + "usr/share/zoneinfo/Asia/Barnaul", + "usr/share/zoneinfo/Asia/Beirut", + "usr/share/zoneinfo/Asia/Bishkek", + "usr/share/zoneinfo/Asia/Brunei", + "usr/share/zoneinfo/Asia/Calcutta", + "usr/share/zoneinfo/Asia/Chita", + "usr/share/zoneinfo/Asia/Choibalsan", + "usr/share/zoneinfo/Asia/Chongqing", + "usr/share/zoneinfo/Asia/Chungking", + "usr/share/zoneinfo/Asia/Colombo", + "usr/share/zoneinfo/Asia/Dacca", + "usr/share/zoneinfo/Asia/Damascus", + "usr/share/zoneinfo/Asia/Dhaka", + "usr/share/zoneinfo/Asia/Dili", + "usr/share/zoneinfo/Asia/Dubai", + "usr/share/zoneinfo/Asia/Dushanbe", + "usr/share/zoneinfo/Asia/Famagusta", + "usr/share/zoneinfo/Asia/Gaza", + "usr/share/zoneinfo/Asia/Harbin", + "usr/share/zoneinfo/Asia/Hebron", + "usr/share/zoneinfo/Asia/Ho_Chi_Minh", + "usr/share/zoneinfo/Asia/Hong_Kong", + "usr/share/zoneinfo/Asia/Hovd", + "usr/share/zoneinfo/Asia/Irkutsk", + "usr/share/zoneinfo/Asia/Istanbul", + "usr/share/zoneinfo/Asia/Jakarta", + "usr/share/zoneinfo/Asia/Jayapura", + "usr/share/zoneinfo/Asia/Jerusalem", + "usr/share/zoneinfo/Asia/Kabul", + "usr/share/zoneinfo/Asia/Kamchatka", + "usr/share/zoneinfo/Asia/Karachi", + "usr/share/zoneinfo/Asia/Kashgar", + "usr/share/zoneinfo/Asia/Kathmandu", + "usr/share/zoneinfo/Asia/Katmandu", + "usr/share/zoneinfo/Asia/Khandyga", + "usr/share/zoneinfo/Asia/Kolkata", + "usr/share/zoneinfo/Asia/Krasnoyarsk", + "usr/share/zoneinfo/Asia/Kuala_Lumpur", + "usr/share/zoneinfo/Asia/Kuching", + "usr/share/zoneinfo/Asia/Kuwait", + "usr/share/zoneinfo/Asia/Macao", + "usr/share/zoneinfo/Asia/Macau", + "usr/share/zoneinfo/Asia/Magadan", + "usr/share/zoneinfo/Asia/Makassar", + "usr/share/zoneinfo/Asia/Manila", + "usr/share/zoneinfo/Asia/Muscat", + "usr/share/zoneinfo/Asia/Nicosia", + "usr/share/zoneinfo/Asia/Novokuznetsk", + "usr/share/zoneinfo/Asia/Novosibirsk", + "usr/share/zoneinfo/Asia/Omsk", + "usr/share/zoneinfo/Asia/Oral", + "usr/share/zoneinfo/Asia/Phnom_Penh", + "usr/share/zoneinfo/Asia/Pontianak", + "usr/share/zoneinfo/Asia/Pyongyang", + "usr/share/zoneinfo/Asia/Qatar", + "usr/share/zoneinfo/Asia/Qostanay", + "usr/share/zoneinfo/Asia/Qyzylorda", + "usr/share/zoneinfo/Asia/Rangoon", + "usr/share/zoneinfo/Asia/Riyadh", + "usr/share/zoneinfo/Asia/Saigon", + "usr/share/zoneinfo/Asia/Sakhalin", + "usr/share/zoneinfo/Asia/Samarkand", + "usr/share/zoneinfo/Asia/Seoul", + "usr/share/zoneinfo/Asia/Shanghai", + "usr/share/zoneinfo/Asia/Singapore", + "usr/share/zoneinfo/Asia/Srednekolymsk", + "usr/share/zoneinfo/Asia/Taipei", + "usr/share/zoneinfo/Asia/Tashkent", + "usr/share/zoneinfo/Asia/Tbilisi", + "usr/share/zoneinfo/Asia/Tehran", + "usr/share/zoneinfo/Asia/Tel_Aviv", + "usr/share/zoneinfo/Asia/Thimbu", + "usr/share/zoneinfo/Asia/Thimphu", + "usr/share/zoneinfo/Asia/Tokyo", + "usr/share/zoneinfo/Asia/Tomsk", + "usr/share/zoneinfo/Asia/Ujung_Pandang", + "usr/share/zoneinfo/Asia/Ulaanbaatar", + "usr/share/zoneinfo/Asia/Ulan_Bator", + "usr/share/zoneinfo/Asia/Urumqi", + "usr/share/zoneinfo/Asia/Ust-Nera", + "usr/share/zoneinfo/Asia/Vientiane", + "usr/share/zoneinfo/Asia/Vladivostok", + "usr/share/zoneinfo/Asia/Yakutsk", + "usr/share/zoneinfo/Asia/Yangon", + "usr/share/zoneinfo/Asia/Yekaterinburg", + "usr/share/zoneinfo/Asia/Yerevan", + "usr/share/zoneinfo/Atlantic/Azores", + "usr/share/zoneinfo/Atlantic/Bermuda", + "usr/share/zoneinfo/Atlantic/Canary", + "usr/share/zoneinfo/Atlantic/Cape_Verde", + "usr/share/zoneinfo/Atlantic/Faeroe", + "usr/share/zoneinfo/Atlantic/Faroe", + "usr/share/zoneinfo/Atlantic/Jan_Mayen", + "usr/share/zoneinfo/Atlantic/Madeira", + "usr/share/zoneinfo/Atlantic/Reykjavik", + "usr/share/zoneinfo/Atlantic/South_Georgia", + "usr/share/zoneinfo/Atlantic/St_Helena", + "usr/share/zoneinfo/Atlantic/Stanley", + "usr/share/zoneinfo/Australia/ACT", + "usr/share/zoneinfo/Australia/Adelaide", + "usr/share/zoneinfo/Australia/Brisbane", + "usr/share/zoneinfo/Australia/Broken_Hill", + "usr/share/zoneinfo/Australia/Canberra", + "usr/share/zoneinfo/Australia/Currie", + "usr/share/zoneinfo/Australia/Darwin", + "usr/share/zoneinfo/Australia/Eucla", + "usr/share/zoneinfo/Australia/Hobart", + "usr/share/zoneinfo/Australia/LHI", + "usr/share/zoneinfo/Australia/Lindeman", + "usr/share/zoneinfo/Australia/Lord_Howe", + "usr/share/zoneinfo/Australia/Melbourne", + "usr/share/zoneinfo/Australia/NSW", + "usr/share/zoneinfo/Australia/North", + "usr/share/zoneinfo/Australia/Perth", + "usr/share/zoneinfo/Australia/Queensland", + "usr/share/zoneinfo/Australia/South", + "usr/share/zoneinfo/Australia/Sydney", + "usr/share/zoneinfo/Australia/Tasmania", + "usr/share/zoneinfo/Australia/Victoria", + "usr/share/zoneinfo/Australia/West", + "usr/share/zoneinfo/Australia/Yancowinna", + "usr/share/zoneinfo/Brazil/Acre", + "usr/share/zoneinfo/Brazil/DeNoronha", + "usr/share/zoneinfo/Brazil/East", + "usr/share/zoneinfo/Brazil/West", + "usr/share/zoneinfo/Canada/Atlantic", + "usr/share/zoneinfo/Canada/Central", + "usr/share/zoneinfo/Canada/Eastern", + "usr/share/zoneinfo/Canada/Mountain", + "usr/share/zoneinfo/Canada/Newfoundland", + "usr/share/zoneinfo/Canada/Pacific", + "usr/share/zoneinfo/Canada/Saskatchewan", + "usr/share/zoneinfo/Canada/Yukon", + "usr/share/zoneinfo/Chile/Continental", + "usr/share/zoneinfo/Chile/EasterIsland", + "usr/share/zoneinfo/Etc/GMT", + "usr/share/zoneinfo/Etc/GMT+0", + "usr/share/zoneinfo/Etc/GMT+1", + "usr/share/zoneinfo/Etc/GMT+10", + "usr/share/zoneinfo/Etc/GMT+11", + "usr/share/zoneinfo/Etc/GMT+12", + "usr/share/zoneinfo/Etc/GMT+2", + "usr/share/zoneinfo/Etc/GMT+3", + "usr/share/zoneinfo/Etc/GMT+4", + "usr/share/zoneinfo/Etc/GMT+5", + "usr/share/zoneinfo/Etc/GMT+6", + "usr/share/zoneinfo/Etc/GMT+7", + "usr/share/zoneinfo/Etc/GMT+8", + "usr/share/zoneinfo/Etc/GMT+9", + "usr/share/zoneinfo/Etc/GMT-0", + "usr/share/zoneinfo/Etc/GMT-1", + "usr/share/zoneinfo/Etc/GMT-10", + "usr/share/zoneinfo/Etc/GMT-11", + "usr/share/zoneinfo/Etc/GMT-12", + "usr/share/zoneinfo/Etc/GMT-13", + "usr/share/zoneinfo/Etc/GMT-14", + "usr/share/zoneinfo/Etc/GMT-2", + "usr/share/zoneinfo/Etc/GMT-3", + "usr/share/zoneinfo/Etc/GMT-4", + "usr/share/zoneinfo/Etc/GMT-5", + "usr/share/zoneinfo/Etc/GMT-6", + "usr/share/zoneinfo/Etc/GMT-7", + "usr/share/zoneinfo/Etc/GMT-8", + "usr/share/zoneinfo/Etc/GMT-9", + "usr/share/zoneinfo/Etc/GMT0", + "usr/share/zoneinfo/Etc/Greenwich", + "usr/share/zoneinfo/Etc/UCT", + "usr/share/zoneinfo/Etc/UTC", + "usr/share/zoneinfo/Etc/Universal", + "usr/share/zoneinfo/Etc/Zulu", + "usr/share/zoneinfo/Europe/Amsterdam", + "usr/share/zoneinfo/Europe/Andorra", + "usr/share/zoneinfo/Europe/Astrakhan", + "usr/share/zoneinfo/Europe/Athens", + "usr/share/zoneinfo/Europe/Belfast", + "usr/share/zoneinfo/Europe/Belgrade", + "usr/share/zoneinfo/Europe/Berlin", + "usr/share/zoneinfo/Europe/Bratislava", + "usr/share/zoneinfo/Europe/Brussels", + "usr/share/zoneinfo/Europe/Bucharest", + "usr/share/zoneinfo/Europe/Budapest", + "usr/share/zoneinfo/Europe/Busingen", + "usr/share/zoneinfo/Europe/Chisinau", + "usr/share/zoneinfo/Europe/Copenhagen", + "usr/share/zoneinfo/Europe/Dublin", + "usr/share/zoneinfo/Europe/Gibraltar", + "usr/share/zoneinfo/Europe/Guernsey", + "usr/share/zoneinfo/Europe/Helsinki", + "usr/share/zoneinfo/Europe/Isle_of_Man", + "usr/share/zoneinfo/Europe/Istanbul", + "usr/share/zoneinfo/Europe/Jersey", + "usr/share/zoneinfo/Europe/Kaliningrad", + "usr/share/zoneinfo/Europe/Kiev", + "usr/share/zoneinfo/Europe/Kirov", + "usr/share/zoneinfo/Europe/Kyiv", + "usr/share/zoneinfo/Europe/Lisbon", + "usr/share/zoneinfo/Europe/Ljubljana", + "usr/share/zoneinfo/Europe/London", + "usr/share/zoneinfo/Europe/Luxembourg", + "usr/share/zoneinfo/Europe/Madrid", + "usr/share/zoneinfo/Europe/Malta", + "usr/share/zoneinfo/Europe/Mariehamn", + "usr/share/zoneinfo/Europe/Minsk", + "usr/share/zoneinfo/Europe/Monaco", + "usr/share/zoneinfo/Europe/Moscow", + "usr/share/zoneinfo/Europe/Nicosia", + "usr/share/zoneinfo/Europe/Oslo", + "usr/share/zoneinfo/Europe/Paris", + "usr/share/zoneinfo/Europe/Podgorica", + "usr/share/zoneinfo/Europe/Prague", + "usr/share/zoneinfo/Europe/Riga", + "usr/share/zoneinfo/Europe/Rome", + "usr/share/zoneinfo/Europe/Samara", + "usr/share/zoneinfo/Europe/San_Marino", + "usr/share/zoneinfo/Europe/Sarajevo", + "usr/share/zoneinfo/Europe/Saratov", + "usr/share/zoneinfo/Europe/Simferopol", + "usr/share/zoneinfo/Europe/Skopje", + "usr/share/zoneinfo/Europe/Sofia", + "usr/share/zoneinfo/Europe/Stockholm", + "usr/share/zoneinfo/Europe/Tallinn", + "usr/share/zoneinfo/Europe/Tirane", + "usr/share/zoneinfo/Europe/Tiraspol", + "usr/share/zoneinfo/Europe/Ulyanovsk", + "usr/share/zoneinfo/Europe/Uzhgorod", + "usr/share/zoneinfo/Europe/Vaduz", + "usr/share/zoneinfo/Europe/Vatican", + "usr/share/zoneinfo/Europe/Vienna", + "usr/share/zoneinfo/Europe/Vilnius", + "usr/share/zoneinfo/Europe/Volgograd", + "usr/share/zoneinfo/Europe/Warsaw", + "usr/share/zoneinfo/Europe/Zagreb", + "usr/share/zoneinfo/Europe/Zaporozhye", + "usr/share/zoneinfo/Europe/Zurich", + "usr/share/zoneinfo/Indian/Antananarivo", + "usr/share/zoneinfo/Indian/Chagos", + "usr/share/zoneinfo/Indian/Christmas", + "usr/share/zoneinfo/Indian/Cocos", + "usr/share/zoneinfo/Indian/Comoro", + "usr/share/zoneinfo/Indian/Kerguelen", + "usr/share/zoneinfo/Indian/Mahe", + "usr/share/zoneinfo/Indian/Maldives", + "usr/share/zoneinfo/Indian/Mauritius", + "usr/share/zoneinfo/Indian/Mayotte", + "usr/share/zoneinfo/Indian/Reunion", + "usr/share/zoneinfo/Mexico/BajaNorte", + "usr/share/zoneinfo/Mexico/BajaSur", + "usr/share/zoneinfo/Mexico/General", + "usr/share/zoneinfo/Pacific/Apia", + "usr/share/zoneinfo/Pacific/Auckland", + "usr/share/zoneinfo/Pacific/Bougainville", + "usr/share/zoneinfo/Pacific/Chatham", + "usr/share/zoneinfo/Pacific/Chuuk", + "usr/share/zoneinfo/Pacific/Easter", + "usr/share/zoneinfo/Pacific/Efate", + "usr/share/zoneinfo/Pacific/Enderbury", + "usr/share/zoneinfo/Pacific/Fakaofo", + "usr/share/zoneinfo/Pacific/Fiji", + "usr/share/zoneinfo/Pacific/Funafuti", + "usr/share/zoneinfo/Pacific/Galapagos", + "usr/share/zoneinfo/Pacific/Gambier", + "usr/share/zoneinfo/Pacific/Guadalcanal", + "usr/share/zoneinfo/Pacific/Guam", + "usr/share/zoneinfo/Pacific/Honolulu", + "usr/share/zoneinfo/Pacific/Johnston", + "usr/share/zoneinfo/Pacific/Kanton", + "usr/share/zoneinfo/Pacific/Kiritimati", + "usr/share/zoneinfo/Pacific/Kosrae", + "usr/share/zoneinfo/Pacific/Kwajalein", + "usr/share/zoneinfo/Pacific/Majuro", + "usr/share/zoneinfo/Pacific/Marquesas", + "usr/share/zoneinfo/Pacific/Midway", + "usr/share/zoneinfo/Pacific/Nauru", + "usr/share/zoneinfo/Pacific/Niue", + "usr/share/zoneinfo/Pacific/Norfolk", + "usr/share/zoneinfo/Pacific/Noumea", + "usr/share/zoneinfo/Pacific/Pago_Pago", + "usr/share/zoneinfo/Pacific/Palau", + "usr/share/zoneinfo/Pacific/Pitcairn", + "usr/share/zoneinfo/Pacific/Pohnpei", + "usr/share/zoneinfo/Pacific/Ponape", + "usr/share/zoneinfo/Pacific/Port_Moresby", + "usr/share/zoneinfo/Pacific/Rarotonga", + "usr/share/zoneinfo/Pacific/Saipan", + "usr/share/zoneinfo/Pacific/Samoa", + "usr/share/zoneinfo/Pacific/Tahiti", + "usr/share/zoneinfo/Pacific/Tarawa", + "usr/share/zoneinfo/Pacific/Tongatapu", + "usr/share/zoneinfo/Pacific/Truk", + "usr/share/zoneinfo/Pacific/Wake", + "usr/share/zoneinfo/Pacific/Wallis", + "usr/share/zoneinfo/Pacific/Yap", + "usr/share/zoneinfo/US/Alaska", + "usr/share/zoneinfo/US/Aleutian", + "usr/share/zoneinfo/US/Arizona", + "usr/share/zoneinfo/US/Central", + "usr/share/zoneinfo/US/East-Indiana", + "usr/share/zoneinfo/US/Eastern", + "usr/share/zoneinfo/US/Hawaii", + "usr/share/zoneinfo/US/Indiana-Starke", + "usr/share/zoneinfo/US/Michigan", + "usr/share/zoneinfo/US/Mountain", + "usr/share/zoneinfo/US/Pacific", + "usr/share/zoneinfo/US/Samoa" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "xz-libs@5.6.3-r1", + "Name": "xz-libs", + "Identifier": { + "PURL": "pkg:apk/alpine/xz-libs@5.6.3-r1?arch=x86_64\u0026distro=3.21.5", + "UID": "219720ff66151d62" + }, + "Version": "5.6.3-r1", + "Arch": "x86_64", + "SrcName": "xz", + "SrcVersion": "5.6.3-r1", + "Licenses": [ + "GPL-2.0-or-later", + "0BSD", + "Public-Domain", + "LGPL-2.1-or-later" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", + "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" + }, + "Digest": "sha1:b7d7b85e5f9f845bf7a7dcc383d09f327a7eebc8", + "InstalledFiles": [ + "usr/lib/liblzma.so.5", + "usr/lib/liblzma.so.5.6.3" + ], + "AnalyzedBy": "apk" + }, + { + "ID": "zlib@1.3.1-r2", + "Name": "zlib", + "Identifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.21.5", + "UID": "3b545badcbeb3bc0" + }, + "Version": "1.3.1-r2", + "Arch": "x86_64", + "SrcName": "zlib", + "SrcVersion": "1.3.1-r2", + "Licenses": [ + "Zlib" + ], + "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", + "DependsOn": [ + "musl@1.2.5-r9" + ], + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "Digest": "sha1:f0b90f76367ac51b4a3e70432ed00e6dca6a7432", + "InstalledFiles": [ + "usr/lib/libz.so.1", + "usr/lib/libz.so.1.3.1" + ], + "AnalyzedBy": "apk" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2024-58251", + "PkgID": "busybox@1.37.0-r13", + "PkgName": "busybox", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox@1.37.0-r13?arch=x86_64\u0026distro=3.21.5", + "UID": "8fda363a8f5a07b1" + }, + "InstalledVersion": "1.37.0-r13", + "FixedVersion": "1.37.0-r14", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:4769ef7cc8954f84fe3adb2840035f2a0b85bdac180646d478f43473d7aec50a", + "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", + "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/23/6", + "https://bugs.busybox.net/show_bug.cgi?id=15922", + "https://www.busybox.net", + "https://www.busybox.net/downloads/", + "https://www.cve.org/CVERecord?id=CVE-2024-58251" + ], + "PublishedDate": "2025-04-23T18:16:03.057Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2024-58251", + "PkgID": "busybox-binsh@1.37.0-r13", + "PkgName": "busybox-binsh", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r13?arch=x86_64\u0026distro=3.21.5", + "UID": "cb91567fa5d7f91d" + }, + "InstalledVersion": "1.37.0-r13", + "FixedVersion": "1.37.0-r14", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:c9c03970f5574a95c1b782d0a873e5722415efe2c9f69ebc5e8ed8f302bd9f3d", + "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", + "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/23/6", + "https://bugs.busybox.net/show_bug.cgi?id=15922", + "https://www.busybox.net", + "https://www.busybox.net/downloads/", + "https://www.cve.org/CVERecord?id=CVE-2024-58251" + ], + "PublishedDate": "2025-04-23T18:16:03.057Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2026-31789", + "PkgID": "libcrypto3@3.3.5-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "15bbec8716141e63" + }, + "InstalledVersion": "3.3.5-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:3db07b6ba7cda805170174d8cb576c43dd8fe14aead3b1ef6893e07fa0306b47", + "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", + "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "nvd": 4, + "photon": 4, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 5.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31789", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-j79m-9jxq-788r", + "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", + "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", + "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", + "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", + "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31789", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.617Z", + "LastModifiedDate": "2026-05-12T13:17:34.57Z" + }, + { + "VulnerabilityID": "CVE-2025-15467", + "PkgID": "libcrypto3@3.3.5-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "15bbec8716141e63" + }, + "InstalledVersion": "3.3.5-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:4d1866f146424f020347149979b3d69b47ec566c816225af062eab9df9a60b81", + "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", + "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 4, + "julia": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6", + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-15467", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", + "https://github.com/guiimoraes/CVE-2025-15467", + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://linux.oracle.com/cve/CVE-2025-15467.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-15467" + ], + "PublishedDate": "2026-01-27T16:16:14.257Z", + "LastModifiedDate": "2026-05-07T18:12:43.253Z" + }, + { + "VulnerabilityID": "CVE-2025-69421", + "PkgID": "libcrypto3@3.3.5-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "15bbec8716141e63" + }, + "InstalledVersion": "3.3.5-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:cdfba9503c1edc4b8ebde99df384caeba17d8e1548bcf7ddcae0175357427d69", + "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", + "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-69421", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://linux.oracle.com/cve/CVE-2025-69421.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69421" + ], + "PublishedDate": "2026-01-27T16:16:34.437Z", + "LastModifiedDate": "2026-05-12T13:17:26.71Z" + }, + { + "VulnerabilityID": "CVE-2026-28387", + "PkgID": "libcrypto3@3.3.5-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "15bbec8716141e63" + }, + "InstalledVersion": "3.3.5-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:c73dfa75ecdc28b7b59481c625664dca5f1567d3433a011796f60630616a2c84", + "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", + "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28387", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", + "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", + "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", + "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", + "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28387", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.7Z", + "LastModifiedDate": "2026-05-12T13:17:33.27Z" + }, + { + "VulnerabilityID": "CVE-2026-28388", + "PkgID": "libcrypto3@3.3.5-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "15bbec8716141e63" + }, + "InstalledVersion": "3.3.5-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:2e412aa05e81b858d11a0dbfa9ff0e93d1bc48df9d6e7056139311f29978e4c2", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", + "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28388", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", + "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", + "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", + "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", + "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28388", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.863Z", + "LastModifiedDate": "2026-05-12T13:17:33.453Z" + }, + { + "VulnerabilityID": "CVE-2026-28389", + "PkgID": "libcrypto3@3.3.5-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "15bbec8716141e63" + }, + "InstalledVersion": "3.3.5-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:e007bd13b9efe4509564993a9619dffefdf9c27ad378bcb8189b387973ac6173", + "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28389", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/advisories/GHSA-7x88-9hgc-69gf", + "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", + "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", + "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", + "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", + "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28389", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.03Z", + "LastModifiedDate": "2026-05-12T13:17:33.637Z" + }, + { + "VulnerabilityID": "CVE-2026-28390", + "PkgID": "libcrypto3@3.3.5-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "15bbec8716141e63" + }, + "InstalledVersion": "3.3.5-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:e8b2b38c85318afd8eebb5e2a53d0b74045ee04b6f69482008851f6a3d36a274", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28390", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", + "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", + "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", + "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", + "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28390", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.19Z", + "LastModifiedDate": "2026-05-12T13:17:33.81Z" + }, + { + "VulnerabilityID": "CVE-2025-69419", + "PkgID": "libcrypto3@3.3.5-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "15bbec8716141e63" + }, + "InstalledVersion": "3.3.5-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:52e7c37e891b0efa79c7a284d28a83454d2a970bc07f65fab2700d119d30a631", + "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", + "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4472", + "https://access.redhat.com/security/cve/CVE-2025-69419", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-4472.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-x77r-97gw-wh89", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://linux.oracle.com/cve/CVE-2025-69419.html", + "https://linux.oracle.com/errata/ELSA-2026-50131.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69419" + ], + "PublishedDate": "2026-01-27T16:16:34.113Z", + "LastModifiedDate": "2026-05-12T13:17:26.19Z" + }, + { + "VulnerabilityID": "CVE-2026-31790", + "PkgID": "libcrypto3@3.3.5-r0", + "PkgName": "libcrypto3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libcrypto3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "15bbec8716141e63" + }, + "InstalledVersion": "3.3.5-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:92f3162a090499f265b8e8be426810f6495e343b1c37587f8bd4b3a30e6443e9", + "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", + "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31790", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", + "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", + "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", + "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", + "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", + "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31790", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.77Z", + "LastModifiedDate": "2026-05-12T13:17:34.75Z" + }, + { + "VulnerabilityID": "CVE-2026-31789", + "PkgID": "libssl3@3.3.5-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "4587120bb4626f4e" + }, + "InstalledVersion": "3.3.5-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:1d6717851fa4e703591b43d980160aecf6933cc24b2f49c2a93685e2b39bd072", + "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", + "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "CRITICAL", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "azure": 2, + "nvd": 4, + "photon": 4, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", + "V3Score": 5.8 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31789", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-j79m-9jxq-788r", + "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", + "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", + "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", + "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", + "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31789", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.617Z", + "LastModifiedDate": "2026-05-12T13:17:34.57Z" + }, + { + "VulnerabilityID": "CVE-2025-15467", + "PkgID": "libssl3@3.3.5-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "4587120bb4626f4e" + }, + "InstalledVersion": "3.3.5-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:1437a19caff4ee2bcf6730b7499c41abf227e8212f28e1a0d5bedd847a7b3dea", + "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", + "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 4, + "julia": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 3, + "rocky": 3, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 8.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 9.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/01/27/10", + "http://www.openwall.com/lists/oss-security/2026/02/25/6", + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-15467", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", + "https://github.com/guiimoraes/CVE-2025-15467", + "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", + "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", + "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", + "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", + "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", + "https://linux.oracle.com/cve/CVE-2025-15467.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://www.cve.org/CVERecord?id=CVE-2025-15467" + ], + "PublishedDate": "2026-01-27T16:16:14.257Z", + "LastModifiedDate": "2026-05-07T18:12:43.253Z" + }, + { + "VulnerabilityID": "CVE-2025-69421", + "PkgID": "libssl3@3.3.5-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "4587120bb4626f4e" + }, + "InstalledVersion": "3.3.5-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:096219af776daf754743f716da7449b62f325ed5bbd354a60ba845bbf9822954", + "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", + "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "alma": 3, + "amazon": 3, + "azure": 2, + "cbl-mariner": 2, + "julia": 3, + "nvd": 3, + "oracle-oval": 3, + "photon": 3, + "redhat": 1, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:1473", + "https://access.redhat.com/security/cve/CVE-2025-69421", + "https://bugzilla.redhat.com/2430375", + "https://bugzilla.redhat.com/2430376", + "https://bugzilla.redhat.com/2430377", + "https://bugzilla.redhat.com/2430378", + "https://bugzilla.redhat.com/2430379", + "https://bugzilla.redhat.com/2430380", + "https://bugzilla.redhat.com/2430381", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/2430387", + "https://bugzilla.redhat.com/2430388", + "https://bugzilla.redhat.com/2430389", + "https://bugzilla.redhat.com/2430390", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-1473.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", + "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", + "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", + "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", + "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", + "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", + "https://linux.oracle.com/cve/CVE-2025-69421.html", + "https://linux.oracle.com/errata/ELSA-2026-50081.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69421" + ], + "PublishedDate": "2026-01-27T16:16:34.437Z", + "LastModifiedDate": "2026-05-12T13:17:26.71Z" + }, + { + "VulnerabilityID": "CVE-2026-28387", + "PkgID": "libssl3@3.3.5-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "4587120bb4626f4e" + }, + "InstalledVersion": "3.3.5-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:1a04911cc9d7692bb14718be2a60b4170c1ed9e3efdd1da31fdc41bd9d9f6d8f", + "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", + "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-416" + ], + "VendorSeverity": { + "amazon": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 8.1 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28387", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", + "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", + "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", + "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", + "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28387", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.7Z", + "LastModifiedDate": "2026-05-12T13:17:33.27Z" + }, + { + "VulnerabilityID": "CVE-2026-28388", + "PkgID": "libssl3@3.3.5-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "4587120bb4626f4e" + }, + "InstalledVersion": "3.3.5-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:249ad61b8786371b8cdde03ace6afd11781880dc4428ab221dcec784d67f408c", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", + "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28388", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", + "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", + "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", + "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", + "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28388", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:20.863Z", + "LastModifiedDate": "2026-05-12T13:17:33.453Z" + }, + { + "VulnerabilityID": "CVE-2026-28389", + "PkgID": "libssl3@3.3.5-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "4587120bb4626f4e" + }, + "InstalledVersion": "3.3.5-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:8b571e6c9fee18912718ba81be4a4b96623ee191f765490b6549f352b07ba598", + "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28389", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/advisories/GHSA-7x88-9hgc-69gf", + "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", + "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", + "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", + "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", + "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28389", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.03Z", + "LastModifiedDate": "2026-05-12T13:17:33.637Z" + }, + { + "VulnerabilityID": "CVE-2026-28390", + "PkgID": "libssl3@3.3.5-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "4587120bb4626f4e" + }, + "InstalledVersion": "3.3.5-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:5582751d26ddbe3ada4a3a6dba7b010f38b4f15af3ef55c3751a1b48a3658746", + "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", + "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-476" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "nvd": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 7.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-28390", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", + "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", + "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", + "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", + "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", + "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://ubuntu.com/security/notices/USN-8155-2", + "https://www.cve.org/CVERecord?id=CVE-2026-28390", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.19Z", + "LastModifiedDate": "2026-05-12T13:17:33.81Z" + }, + { + "VulnerabilityID": "CVE-2025-69419", + "PkgID": "libssl3@3.3.5-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "4587120bb4626f4e" + }, + "InstalledVersion": "3.3.5-r0", + "FixedVersion": "3.3.6-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:493f8c12cd66607c3cdf4468f84ce16479260e5ebf41324b67f5823d75f1dd35", + "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", + "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "alma": 2, + "amazon": 3, + "azure": 3, + "cbl-mariner": 3, + "julia": 3, + "oracle-oval": 2, + "photon": 3, + "redhat": 2, + "rocky": 3, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 7.4 + } + }, + "References": [ + "https://access.redhat.com/errata/RHSA-2026:4472", + "https://access.redhat.com/security/cve/CVE-2025-69419", + "https://bugzilla.redhat.com/2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", + "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", + "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", + "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", + "https://errata.almalinux.org/9/ALSA-2026-4472.html", + "https://errata.rockylinux.org/RLSA-2026:1473", + "https://github.com/advisories/GHSA-x77r-97gw-wh89", + "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", + "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", + "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", + "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", + "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", + "https://linux.oracle.com/cve/CVE-2025-69419.html", + "https://linux.oracle.com/errata/ELSA-2026-50131.html", + "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", + "https://openssl-library.org/news/secadv/20260127.txt", + "https://ubuntu.com/security/notices/USN-7980-1", + "https://ubuntu.com/security/notices/USN-7980-2", + "https://www.cve.org/CVERecord?id=CVE-2025-69419" + ], + "PublishedDate": "2026-01-27T16:16:34.113Z", + "LastModifiedDate": "2026-05-12T13:17:26.19Z" + }, + { + "VulnerabilityID": "CVE-2026-31790", + "PkgID": "libssl3@3.3.5-r0", + "PkgName": "libssl3", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/libssl3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", + "UID": "4587120bb4626f4e" + }, + "InstalledVersion": "3.3.5-r0", + "FixedVersion": "3.3.7-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:0b6b3b7f9bdfdd22262237d2b6a50912046a720bed7292b54e08761b37d72993", + "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", + "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-754" + ], + "VendorSeverity": { + "amazon": 3, + "azure": 2, + "julia": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 7.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "V3Score": 5.9 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-31790", + "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", + "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", + "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", + "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", + "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", + "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", + "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", + "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", + "https://openssl-library.org/news/secadv/20260407.txt", + "https://ubuntu.com/security/notices/USN-8155-1", + "https://www.cve.org/CVERecord?id=CVE-2026-31790", + "https://www.openwall.com/lists/oss-security/2026/04/07/11" + ], + "PublishedDate": "2026-04-07T22:16:21.77Z", + "LastModifiedDate": "2026-05-12T13:17:34.75Z" + }, + { + "VulnerabilityID": "CVE-2026-40200", + "PkgID": "musl@1.2.5-r9", + "PkgName": "musl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r9?arch=x86_64\u0026distro=3.21.5", + "UID": "d0316c4ab0862e6b" + }, + "InstalledVersion": "1.2.5-r9", + "FixedVersion": "1.2.5-r11", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:3b70696114eb8af6ac1c25a7df8202a3e19c8258f9edffb8f902b1be55d26cf9", + "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", + "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-670" + ], + "VendorSeverity": { + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/10/13", + "https://access.redhat.com/security/cve/CVE-2026-40200", + "https://musl.libc.org/releases.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", + "https://www.cve.org/CVERecord?id=CVE-2026-40200", + "https://www.openwall.com/lists/oss-security/2026/04/10/13" + ], + "PublishedDate": "2026-04-10T17:17:14.107Z", + "LastModifiedDate": "2026-04-27T19:18:46.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6042", + "PkgID": "musl@1.2.5-r9", + "PkgName": "musl", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl@1.2.5-r9?arch=x86_64\u0026distro=3.21.5", + "UID": "d0316c4ab0862e6b" + }, + "InstalledVersion": "1.2.5-r9", + "FixedVersion": "1.2.5-r10", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:6c518e0aad464ce69885e78590ea8671cf7a1fa3bd4851badd57004b83531808", + "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", + "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-404", + "CWE-407" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/09/19", + "https://access.redhat.com/security/cve/CVE-2026-6042", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", + "https://vuldb.com/submit/796352", + "https://vuldb.com/vuln/356620", + "https://vuldb.com/vuln/356620/cti", + "https://www.cve.org/CVERecord?id=CVE-2026-6042", + "https://www.openwall.com/lists/oss-security/2026/04/02/10", + "https://www.openwall.com/lists/oss-security/2026/04/03/2" + ], + "PublishedDate": "2026-04-10T09:16:25.45Z", + "LastModifiedDate": "2026-04-24T18:01:13.913Z" + }, + { + "VulnerabilityID": "CVE-2026-40200", + "PkgID": "musl-utils@1.2.5-r9", + "PkgName": "musl-utils", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r9?arch=x86_64\u0026distro=3.21.5", + "UID": "8991799c5350cf95" + }, + "InstalledVersion": "1.2.5-r9", + "FixedVersion": "1.2.5-r11", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:7f84aa240989d79e16a3f952f585220d989a3876b46f87394aaad471d435533a", + "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", + "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", + "Severity": "HIGH", + "CweIDs": [ + "CWE-670" + ], + "VendorSeverity": { + "redhat": 3 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "V3Score": 7.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/10/13", + "https://access.redhat.com/security/cve/CVE-2026-40200", + "https://musl.libc.org/releases.html", + "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", + "https://www.cve.org/CVERecord?id=CVE-2026-40200", + "https://www.openwall.com/lists/oss-security/2026/04/10/13" + ], + "PublishedDate": "2026-04-10T17:17:14.107Z", + "LastModifiedDate": "2026-04-27T19:18:46.69Z" + }, + { + "VulnerabilityID": "CVE-2026-6042", + "PkgID": "musl-utils@1.2.5-r9", + "PkgName": "musl-utils", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r9?arch=x86_64\u0026distro=3.21.5", + "UID": "8991799c5350cf95" + }, + "InstalledVersion": "1.2.5-r9", + "FixedVersion": "1.2.5-r10", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:f4c49b384be7f1f152a1909ce0a6a7fa66bf4d9f8ae22659543b7a0b39e8072c", + "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", + "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-404", + "CWE-407" + ], + "VendorSeverity": { + "redhat": 2 + }, + "CVSS": { + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/09/19", + "https://access.redhat.com/security/cve/CVE-2026-6042", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", + "https://vuldb.com/submit/796352", + "https://vuldb.com/vuln/356620", + "https://vuldb.com/vuln/356620/cti", + "https://www.cve.org/CVERecord?id=CVE-2026-6042", + "https://www.openwall.com/lists/oss-security/2026/04/02/10", + "https://www.openwall.com/lists/oss-security/2026/04/03/2" + ], + "PublishedDate": "2026-04-10T09:16:25.45Z", + "LastModifiedDate": "2026-04-24T18:01:13.913Z" + }, + { + "VulnerabilityID": "CVE-2024-58251", + "PkgID": "ssl_client@1.37.0-r13", + "PkgName": "ssl_client", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r13?arch=x86_64\u0026distro=3.21.5", + "UID": "a2f8df60e844b202" + }, + "InstalledVersion": "1.37.0-r13", + "FixedVersion": "1.37.0-r14", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:e98fa594d7d019c081dc79e6619cb4cc216db1c0183ff0b8f3661edffd20b880", + "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", + "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-150" + ], + "VendorSeverity": { + "ubuntu": 2 + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/04/23/6", + "https://bugs.busybox.net/show_bug.cgi?id=15922", + "https://www.busybox.net", + "https://www.busybox.net/downloads/", + "https://www.cve.org/CVERecord?id=CVE-2024-58251" + ], + "PublishedDate": "2025-04-23T18:16:03.057Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2026-34743", + "PkgID": "xz-libs@5.6.3-r1", + "PkgName": "xz-libs", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/xz-libs@5.6.3-r1?arch=x86_64\u0026distro=3.21.5", + "UID": "219720ff66151d62" + }, + "InstalledVersion": "5.6.3-r1", + "FixedVersion": "5.8.3-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", + "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34743", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:093c4389bbefa87edd302c3db8bc6bfcf6be67b38e2330936cb2c88219ea83da", + "Title": "xz: XZ Utils: Denial of Service via buffer overflow in index decoding", + "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-122" + ], + "VendorSeverity": { + "azure": 1, + "nvd": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 5.3 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/03/31/13", + "https://access.redhat.com/security/cve/CVE-2026-34743", + "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", + "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", + "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", + "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", + "https://www.cve.org/CVERecord?id=CVE-2026-34743" + ], + "PublishedDate": "2026-04-02T19:21:33.187Z", + "LastModifiedDate": "2026-04-15T17:33:17.68Z" + }, + { + "VulnerabilityID": "CVE-2026-22184", + "PkgID": "zlib@1.3.1-r2", + "PkgName": "zlib", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.21.5", + "UID": "3b545badcbeb3bc0" + }, + "InstalledVersion": "1.3.1-r2", + "FixedVersion": "1.3.2-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22184", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:08dab42c48f656d2a6523d1da0090f06db9f143f40f4e0f8d6dca55d4b8ebe7e", + "Title": "zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility", + "Description": "zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-787" + ], + "VendorSeverity": { + "nvd": 3, + "redhat": 3 + }, + "CVSS": { + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", + "V3Score": 8.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2026-22184", + "https://github.com/madler/zlib", + "https://github.com/madler/zlib/issues/1142", + "https://nvd.nist.gov/vuln/detail/CVE-2026-22184", + "https://seclists.org/fulldisclosure/2026/Jan/3", + "https://www.cve.org/CVERecord?id=CVE-2026-22184", + "https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname", + "https://zlib.net/" + ], + "PublishedDate": "2026-01-07T21:16:01.563Z", + "LastModifiedDate": "2026-03-18T16:26:31.14Z" + }, + { + "VulnerabilityID": "CVE-2026-27171", + "PkgID": "zlib@1.3.1-r2", + "PkgName": "zlib", + "PkgIdentifier": { + "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.21.5", + "UID": "3b545badcbeb3bc0" + }, + "InstalledVersion": "1.3.1-r2", + "FixedVersion": "1.3.2-r0", + "Status": "fixed", + "Layer": { + "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", + "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" + }, + "SeveritySource": "nvd", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", + "DataSource": { + "ID": "alpine", + "Name": "Alpine Secdb", + "URL": "https://secdb.alpinelinux.org/" + }, + "Fingerprint": "sha256:fd9a815cad7c05334f6594127b9383218dae695bd2a9fdb26e51bef18efb9bf4", + "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", + "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-1284" + ], + "VendorSeverity": { + "amazon": 1, + "azure": 1, + "cbl-mariner": 1, + "julia": 1, + "nvd": 2, + "redhat": 1, + "ubuntu": 1 + }, + "CVSS": { + "julia": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 2.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "V3Score": 3.3 + } + }, + "References": [ + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", + "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", + "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", + "https://access.redhat.com/security/cve/CVE-2026-27171", + "https://github.com/advisories/GHSA-h858-mf2m-8jf4", + "https://github.com/madler/zlib/issues/904", + "https://github.com/madler/zlib/releases/tag/v1.3.2", + "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", + "https://ostif.org/zlib-audit-complete", + "https://ostif.org/zlib-audit-complete/", + "https://www.cve.org/CVERecord?id=CVE-2026-27171" + ], + "PublishedDate": "2026-02-18T04:16:01.263Z", + "LastModifiedDate": "2026-03-25T21:27:04.603Z" + } + ] + }, + { + "Target": "Python", + "Class": "lang-pkgs", + "Type": "python-pkg", + "Packages": [ + { + "Name": "pip", + "Identifier": { + "PURL": "pkg:pypi/pip@25.0.1", + "UID": "7d864d9a4bf3bfe8" + }, + "Version": "25.0.1", + "Licenses": [ + "MIT" + ], + "Layer": { + "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", + "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" + }, + "FilePath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", + "AnalyzedBy": "python-pkg" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2025-8869", + "VendorIDs": [ + "GHSA-4xh5-x5gv-qwph" + ], + "PkgName": "pip", + "PkgPath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", + "PkgIdentifier": { + "PURL": "pkg:pypi/pip@25.0.1", + "UID": "7d864d9a4bf3bfe8" + }, + "InstalledVersion": "25.0.1", + "FixedVersion": "25.3", + "Status": "fixed", + "Layer": { + "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", + "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8869", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory pip", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" + }, + "Fingerprint": "sha256:ffc428a4a653908d36bb9197b506bf2d5fda91eb1caaddc6eb1e4f9ce4a2d0dc", + "Title": "pip: pip missing checks on symbolic link extraction", + "Description": "When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706.\nNote that upgrading pip to a \"fixed\" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python version that implements PEP 706.\n\nNote that this is a vulnerability in pip's fallback implementation of tar extraction for Python versions that don't implement PEP 706\nand therefore are not secure to all vulnerabilities in the Python 'tarfile' module. If you're using a Python version that implements PEP 706\nthen pip doesn't use the \"vulnerable\" fallback code.\n\nMitigations include upgrading to a version of pip that includes the fix, upgrading to a Python version that implements PEP 706 (Python \u003e=3.9.17, \u003e=3.10.12, \u003e=3.11.4, or \u003e=3.12),\napplying the linked patch, or inspecting source distributions (sdists) before installation as is already a best-practice.", + "Severity": "MEDIUM", + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "ghsa": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", + "V40Score": 5.9 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5.3 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-8869", + "https://github.com/pypa/pip", + "https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a", + "https://github.com/pypa/pip/pull/13550", + "https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html", + "https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN", + "https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN/", + "https://nvd.nist.gov/vuln/detail/CVE-2025-8869", + "https://pip.pypa.io/en/stable/news/#v25-2", + "https://www.cve.org/CVERecord?id=CVE-2025-8869" + ], + "PublishedDate": "2025-09-24T15:15:41.293Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + }, + { + "VulnerabilityID": "CVE-2026-3219", + "VendorIDs": [ + "GHSA-58qw-9mgm-455v" + ], + "PkgName": "pip", + "PkgPath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", + "PkgIdentifier": { + "PURL": "pkg:pypi/pip@25.0.1", + "UID": "7d864d9a4bf3bfe8" + }, + "InstalledVersion": "25.0.1", + "FixedVersion": "26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", + "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3219", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory pip", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" + }, + "Fingerprint": "sha256:ab0b138ac5e6cdf5cbd178746207c1790297a62af85b1cebb3d9d44563d79514", + "Title": "pip: pip: Incorrect file installation due to improper archive handling", + "Description": "pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing \"incorrect\" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-434" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", + "V40Score": 4.6 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", + "V3Score": 5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/20/8", + "https://access.redhat.com/security/cve/CVE-2026-3219", + "https://github.com/pypa/pip", + "https://github.com/pypa/pip/issues/13867", + "https://github.com/pypa/pip/pull/13870", + "https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ", + "https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ/", + "https://nvd.nist.gov/vuln/detail/CVE-2026-3219", + "https://www.cve.org/CVERecord?id=CVE-2026-3219" + ], + "PublishedDate": "2026-04-20T16:16:45.43Z", + "LastModifiedDate": "2026-04-20T21:16:36.42Z" + }, + { + "VulnerabilityID": "CVE-2026-6357", + "VendorIDs": [ + "GHSA-jp4c-xjxw-mgf9" + ], + "PkgName": "pip", + "PkgPath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", + "PkgIdentifier": { + "PURL": "pkg:pypi/pip@25.0.1", + "UID": "7d864d9a4bf3bfe8" + }, + "InstalledVersion": "25.0.1", + "FixedVersion": "26.1", + "Status": "fixed", + "Layer": { + "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", + "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" + }, + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6357", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory pip", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" + }, + "Fingerprint": "sha256:4e64f64654e43fc7ec07c64eec788565784adeb2a04cb3a186280de4a4bf7379", + "Title": "pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation", + "Description": "pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-829" + ], + "VendorSeverity": { + "amazon": 3, + "ghsa": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", + "V40Score": 5.3 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", + "V3Score": 5.8 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2026/04/27/7", + "https://access.redhat.com/security/cve/CVE-2026-6357", + "https://github.com/pypa/pip", + "https://github.com/pypa/pip/commit/b369bfc96cc524e00c267e1693290e6599c36bad", + "https://github.com/pypa/pip/pull/13923", + "https://ichard26.github.io/blog/2026/04/whats-new-in-pip-26.1/#security-fixes", + "https://nvd.nist.gov/vuln/detail/CVE-2026-6357", + "https://www.cve.org/CVERecord?id=CVE-2026-6357" + ], + "PublishedDate": "2026-04-27T15:16:20.857Z", + "LastModifiedDate": "2026-04-27T23:16:03.533Z" + } + ] + } + ] + }, + { + "Namespace": "metallb-system", + "Kind": "ControlPlaneComponents", + "Name": "controller", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ControlPlaneComponents/controller", + "Class": "lang-pkgs", + "Type": "kubernetes", + "Packages": [ + { + "Name": "controller", + "Version": "v0.14.9" + } + ] + } + ] + }, + { + "Namespace": "metallb-system", + "Kind": "ControlPlaneComponents", + "Name": "speaker", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ControlPlaneComponents/speaker", + "Class": "lang-pkgs", + "Type": "kubernetes", + "Packages": [ + { + "Name": "speaker", + "Version": "v0.14.9" + } + ] + } + ] + }, + { + "Namespace": "cert-manager", + "Kind": "ControlPlaneComponents", + "Name": "cert-manager", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ControlPlaneComponents/cert-manager", + "Class": "lang-pkgs", + "Type": "kubernetes", + "Packages": [ + { + "Name": "cert-manager", + "Version": "v1.14.5" + } + ] + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ControlPlaneComponents", + "Name": "kube-dns", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ControlPlaneComponents/kube-dns", + "Class": "lang-pkgs", + "Type": "kubernetes", + "Packages": [ + { + "Name": "kube-dns" + } + ] + } + ] + }, + { + "Namespace": "kube-system", + "Kind": "ControlPlaneComponents", + "Name": "hostpath-provisioner", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "ControlPlaneComponents/hostpath-provisioner", + "Class": "lang-pkgs", + "Type": "kubernetes", + "Packages": [ + { + "Name": "hostpath-provisioner", + "Version": "v1.5.0" + } + ] + } + ] + }, + { + "Kind": "NodeComponents", + "Name": "prod-01.alexpires.me", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "NodeComponents/prod-01.alexpires.me", + "Class": "lang-pkgs", + "Type": "kubernetes", + "Packages": [ + { + "Name": "k8s.io/kubelet", + "Version": "v1.29.15" + } + ] + }, + { + "Target": "prod-01.alexpires.me", + "Class": "lang-pkgs", + "Type": "gobinary", + "Packages": [ + { + "Name": "github.com/containerd/containerd", + "Version": "v1.6.28" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2024-25621", + "VendorIDs": [ + "GHSA-pwhc-rpq9-4c8w" + ], + "PkgName": "github.com/containerd/containerd", + "InstalledVersion": "v1.6.28", + "FixedVersion": "1.7.29", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-25621", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "github.com/containerd/containerd: containerd local privilege escalation", + "Description": "containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths `/var/lib/containerd`, `/run/containerd/io.containerd.grpc.v1.cri` and `/run/containerd/io.containerd.sandbox.controller.v1.shim` were all created with incorrect permissions. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. Workarounds include updating system administrator permissions so the host can manually chmod the directories to not have group or world accessible permissions, or to run containerd in rootless mode.", + "Severity": "HIGH", + "CweIDs": [ + "CWE-279" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 3, + "cbl-mariner": 3, + "ghsa": 3, + "nvd": 3, + "photon": 3, + "redhat": 3, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "V3Score": 7.3 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L", + "V3Score": 7.7 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-25621", + "https://github.com/containerd/containerd", + "https://github.com/containerd/containerd/blob/main/docs/rootless.md", + "https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5", + "https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w", + "https://nvd.nist.gov/vuln/detail/CVE-2024-25621", + "https://ubuntu.com/security/notices/USN-7983-1", + "https://www.cve.org/CVERecord?id=CVE-2024-25621" + ], + "PublishedDate": "2025-11-06T19:15:40.09Z", + "LastModifiedDate": "2025-12-31T02:29:30.48Z" + }, + { + "VulnerabilityID": "CVE-2024-40635", + "VendorIDs": [ + "GHSA-265r-hfxg-fhmg" + ], + "PkgName": "github.com/containerd/containerd", + "InstalledVersion": "v1.6.28", + "FixedVersion": "1.7.27, 1.6.38", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-40635", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "containerd: containerd has an integer overflow in User ID handling", + "Description": "containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. This bug has been fixed in containerd 1.6.38, 1.7.27, and 2.04. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-190" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "nvd": 3, + "photon": 3, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "V3Score": 4.6 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "V3Score": 7.8 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "V3Score": 4.6 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2024-40635", + "https://github.com/containerd/containerd", + "https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da", + "https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27)", + "https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20", + "https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38)", + "https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a", + "https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg", + "https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html", + "https://nvd.nist.gov/vuln/detail/CVE-2024-40635", + "https://ubuntu.com/security/notices/USN-7374-1", + "https://www.cve.org/CVERecord?id=CVE-2024-40635" + ], + "PublishedDate": "2025-03-17T22:15:13.15Z", + "LastModifiedDate": "2025-10-02T01:51:43.21Z" + }, + { + "VulnerabilityID": "CVE-2025-64329", + "VendorIDs": [ + "GHSA-m6hq-p25p-ffr2" + ], + "PkgName": "github.com/containerd/containerd", + "InstalledVersion": "v1.6.28", + "FixedVersion": "1.7.29", + "Status": "fixed", + "SeveritySource": "ghsa", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64329", + "DataSource": { + "ID": "ghsa", + "Name": "GitHub Security Advisory Go", + "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" + }, + "Title": "github.com/containerd/containerd: containerd: Memory exhaustion via CRI Attach implementation goroutine leaks", + "Description": "containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. To workaround this vulnerability, users can set up an admission controller to control accesses to pods/attach resources.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-401" + ], + "VendorSeverity": { + "amazon": 2, + "azure": 2, + "cbl-mariner": 2, + "ghsa": 2, + "nvd": 2, + "photon": 2, + "redhat": 2, + "ubuntu": 2 + }, + "CVSS": { + "ghsa": { + "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "V40Score": 6.9 + }, + "nvd": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "V3Score": 5.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "V3Score": 6.5 + } + }, + "References": [ + "https://access.redhat.com/security/cve/CVE-2025-64329", + "https://github.com/containerd/containerd", + "https://github.com/containerd/containerd/commit/083b53cd6f19b5de7717b0ce92c11bdf95e612df", + "https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2", + "https://nvd.nist.gov/vuln/detail/CVE-2025-64329", + "https://ubuntu.com/security/notices/USN-7983-1", + "https://www.cve.org/CVERecord?id=CVE-2025-64329" + ], + "PublishedDate": "2025-11-07T05:16:08.017Z", + "LastModifiedDate": "2025-12-31T18:34:48.06Z" + } + ] + } + ] + }, + { + "Kind": "Cluster", + "Name": "k8s.io/kubernetes", + "Metadata": [ + {} + ], + "Results": [ + { + "Target": "Cluster/k8s.io/kubernetes", + "Class": "lang-pkgs", + "Type": "kubernetes", + "Packages": [ + { + "Name": "k8s.io/kubernetes", + "Version": "1.29.15" + } + ], + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2025-1767", + "PkgName": "k8s.io/kubernetes", + "InstalledVersion": "1.29.15", + "Status": "affected", + "SeveritySource": "k8s", + "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1767", + "DataSource": { + "ID": "k8s", + "Name": "Official Kubernetes CVE Feed", + "URL": "https://kubernetes.io/docs/reference/issues-security/official-cve-feed/index.json" + }, + "Title": "kubelet: GitRepo Volume Inadvertent Local Repository Access", + "Description": "This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable.", + "Severity": "MEDIUM", + "CweIDs": [ + "CWE-20" + ], + "VendorSeverity": { + "ghsa": 2, + "k8s": 2, + "photon": 2, + "redhat": 2 + }, + "CVSS": { + "ghsa": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 6.5 + }, + "k8s": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 6.5 + }, + "redhat": { + "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "V3Score": 6.5 + } + }, + "References": [ + "http://www.openwall.com/lists/oss-security/2025/03/13/9", + "https://access.redhat.com/security/cve/CVE-2025-1767", + "https://github.com/kubernetes/kubernetes", + "https://github.com/kubernetes/kubernetes/issues/130786", + "https://github.com/kubernetes/kubernetes/pull/130786", + "https://groups.google.com/g/kubernetes-security-announce/c/19irihsKg7s", + "https://nvd.nist.gov/vuln/detail/CVE-2025-1767", + "https://www.cve.org/CVERecord?id=CVE-2025-1767", + "https://www.cve.org/cverecord?id=CVE-2025-1767" + ], + "PublishedDate": "2025-03-13T17:15:36.437Z", + "LastModifiedDate": "2026-04-15T00:35:42.02Z" + } + ] + } + ] + } + ] +} diff --git a/terraform/modules/utils/trivy/resources/generate_report.sh b/terraform/modules/utils/trivy/resources/generate_report.sh index 1ceb0f7..6c1bdd1 100644 --- a/terraform/modules/utils/trivy/resources/generate_report.sh +++ b/terraform/modules/utils/trivy/resources/generate_report.sh @@ -8,8 +8,9 @@ trivy plugin install scan2html trivy k8s --report=${REPORT_TYPE:-all} \ --exit-code=0 \ --severity=${LEVELS:-CRITICAL,HIGH,MEDIUM} \ - -o tmp/trivy.json \ + --scanners ${SCANNERS:-vuln,misconfig} \ + -o /tmp/trivy.json \ --format json \ --disable-node-collector \ --parallel ${PARALLEL:-5} -trivy scan2html generate --scan2html-flags --output tmp/report.html --from tmp/trivy.json \ No newline at end of file +trivy scan2html generate --scan2html-flags --output /tmp/report.html --from /tmp/trivy.json \ No newline at end of file diff --git a/terraform/modules/utils/trivy/resources/send_report.py b/terraform/modules/utils/trivy/resources/send_report.py index 17da03f..5035b7a 100644 --- a/terraform/modules/utils/trivy/resources/send_report.py +++ b/terraform/modules/utils/trivy/resources/send_report.py @@ -3,6 +3,455 @@ import os import time import smtplib from email.message import EmailMessage +import json +import re +import urllib.request +import urllib.error +from datetime import datetime +from typing import Dict, List, Optional, Any +from dataclasses import dataclass, field + +# Imports and Configuration +@dataclass +class Misconfiguration: + """Represents a Trivy misconfiguration finding.""" + status: str + message: str + severity: str + check_id: str = "" + title: str = "" + check_namespace: str = "" + primary_url: str = "" + + +@dataclass +class Vulnerability: + """Represents a Trivy vulnerability finding.""" + vulnerability_id: str + package_name: str + severity: str + target: str = "" + vuln_type: str = "" + class_name: str = "" + installed_version: str = "" + fixed_version: str = "" + title: str = "" + +@dataclass +class Resource: + """Represents a Trivy scan resource.""" + type: str + name: str + kind: Optional[str] = None + namespace: Optional[str] = None + image_digests: List[str] = field(default_factory=list) + metadata: List[dict] = field(default_factory=list) + misconf_summary: dict = field(default_factory=dict) + misconfigurations: List[Misconfiguration] = field(default_factory=list) + vulnerabilities: List[Vulnerability] = field(default_factory=list) + vulnerability_summary: dict = field(default_factory=dict) + successes_count: int = 0 + failures_count: int = 0 + +@dataclass +class ParseResult: + """Parsed Trivy scan result.""" + cluster_name: Optional[str] = None + resources: List[Resource] = field(default_factory=list) + start_time: Optional[datetime] = None + end_time: Optional[datetime] = None + duration: Optional[float] = None + image: Optional[str] = None + +# Configuration +PUSHGATEWAY_URL = os.environ.get("PUSHGATEWAY_URL", "http://pushgateway:9091/metrics") +PUSHGATEWAY_NAMESPACE = os.environ.get("PUSHGATEWAY_NAMESPACE", "trivy") +PUSHGATEWAY_JOB = os.environ.get("PUSHGATEWAY_JOB", "trivy-metrics") +METRICS_PREFIX = "trivy" +REQUEST_TIMEOUT = 30 +REPORT_PATH = os.environ.get("REPORT_PATH", "/tmp/report.html") +TRIVY_OUTPUT_FILE = os.environ.get("TRIVY_OUTPUT_FILE", "/tmp/trivy.json") +WAIT_TIMEOUT = int(os.environ.get("WAIT_TIMEOUT", "200")) +SLEEP_INTERVAL = int(os.environ.get("SLEEP_INTERVAL", "5") ) + +# Metric definitions +METRICS = { + "vulnerabilities_found": { + "type": "gauge", + "description": "Total number of vulnerabilities found", + "labels": ["severity", "type", "package", "vulnerability_id"] + }, + "vulnerabilities_by_severity": { + "type": "gauge", + "description": "Count of vulnerabilities grouped by severity", + "labels": ["severity"] + }, + "vulnerabilities_by_type": { + "type": "gauge", + "description": "Count of vulnerabilities grouped by type", + "labels": ["type"] + }, + "scans_completed": { + "type": "counter", + "description": "Total number of scans completed", + "labels": ["status"] + }, + "scan_duration_seconds": { + "type": "gauge", + "description": "Duration of the last scan in seconds", + "labels": ["status"] + }, + "image_scanned": { + "type": "gauge", + "description": "Image that was scanned", + "labels": ["image"] + }, + "scan_timestamp": { + "type": "gauge", + "description": "Timestamp of the scan", + "labels": [] + }, + "severities_found": { + "type": "gauge", + "description": "Severities found in the scan", + "labels": ["severity"] + } +} + + +def parse_trivy_output(output: str) -> ParseResult: + """Parse Trivy scan output and extract metrics.""" + # Try to parse JSON output if available + if output.strip().startswith("{"): + try: + data = json.loads(output) + # Check if it's Kubernetes/container scan JSON + if "Resources" in data or "ClusterName" in data: + result = ParseResult(cluster_name=data.get("ClusterName")) + + for resource_data in data.get("Resources", []): + misconfigurations = [] + vulnerabilities = [] + misconf_summary: dict = {} + vulnerability_summary: dict = {} + resource_type = "kubernetes" + + for res in resource_data.get("Results", []): + resource_type = res.get("Type") or resource_type + for k, v in res.get("MisconfSummary", {}).items(): + misconf_summary[k] = misconf_summary.get(k, 0) + v + for mc in res.get("Misconfigurations", []): + misconfigurations.append(Misconfiguration( + status=mc.get("Status", ""), + message=mc.get("Message", ""), + severity=mc.get("Severity", ""), + check_id=mc.get("ID", ""), + title=mc.get("Title", ""), + check_namespace=mc.get("Namespace", ""), + primary_url=mc.get("PrimaryURL", ""), + )) + + for v in res.get("Vulnerabilities", []): + severity = v.get("Severity", "UNKNOWN") + vulnerability_summary[severity] = vulnerability_summary.get(severity, 0) + 1 + vulnerabilities.append(Vulnerability( + vulnerability_id=v.get("VulnerabilityID", ""), + package_name=v.get("PkgName", ""), + severity=severity, + target=res.get("Target", ""), + vuln_type=res.get("Type", ""), + class_name=res.get("Class", ""), + installed_version=v.get("InstalledVersion", ""), + fixed_version=v.get("FixedVersion", ""), + title=v.get("Title", ""), + )) + + resource = Resource( + type=resource_type, + name=resource_data.get("Name", ""), + kind=resource_data.get("Kind"), + namespace=resource_data.get("Namespace"), + metadata=resource_data.get("Metadata", []), + misconf_summary=misconf_summary, + misconfigurations=misconfigurations, + vulnerabilities=vulnerabilities, + vulnerability_summary=vulnerability_summary, + successes_count=misconf_summary.get("Successes", 0), + failures_count=misconf_summary.get("Failures", 0), + ) + result.resources.append(resource) + return result + except json.JSONDecodeError: + pass + + # Parse text output for image scanning + metrics_data = { + "vulnerabilities": [], + "image": None, + "start_time": None, + "end_time": None, + "summary": {} + } + + # Extract image name + image_match = re.search(r'Scanning image: (.+)', output) + if image_match: + metrics_data["image"] = image_match.group(1).strip() + + # Extract scan duration + duration_match = re.search(r'Spent.*? (\d+(?:\.\d+)?)', output) + if duration_match: + metrics_data["scan_duration"] = float(duration_match.group(1)) + + # Extract severity counts + severity_patterns = { + "CRITICAL": r'Critical:.*?(\d+)', + "HIGH": r'High:.*?(\d+)', + "MEDIUM": r'Medium:.*?(\d+)', + "LOW": r'Low:.*?(\d+)', + "UNKNOWN": r'Unknown:.*?(\d+)', + "STYLE": r'Style:.*?(\d+)', + "NOT_SET": r'Not Set:.*?(\d+)' + } + + severity_counts = {} + for severity, pattern in severity_patterns.items(): + match = re.search(pattern, output) + if match: + severity_counts[severity] = int(match.group(1)) + + metrics_data["summary"] = severity_counts + + for line in output.split('\n'): + # Match vulnerability lines + vuln_match = re.search(r'\[.*?\].*?CVE-?\d+\.\d+-\d+', line) + if vuln_match: + # Parse vulnerability details + vuln_data = { + "cve": None, + "package": None, + "type": None, + "severity": None, + "fix_version": None + } + + # Extract CVE + cve_match = re.search(r'CVE-?\d+\.\d+-\d+', line) + if cve_match: + vuln_data["cve"] = cve_match.group() + + # Extract package name + pkg_match = re.search(r'package: (\S+)', line) + if pkg_match: + vuln_data["package"] = pkg_match.group(1) + + # Extract vulnerability ID + vuln_id_match = re.search(r'ID: ([\w\-]+)', line) + if vuln_id_match: + vuln_data["vulnerability_id"] = vuln_id_match.group(1) + + # Extract severity + severity_match = re.search(r'severity: (\S+)', line) + if severity_match: + vuln_data["severity"] = severity_match.group(1) + + if any(vuln_data.values()): + metrics_data["vulnerabilities"].append(vuln_data) + + # Convert to ParseResult for backward compatibility + result = ParseResult() + result.image = metrics_data.get("image") + result.start_time = metrics_data.get("start_time") + result.end_time = metrics_data.get("end_time") + result.duration = metrics_data.get("scan_duration") + return result + + +def generate_prometheus_metrics(scan_data: Dict[str, Any], scan_duration: Optional[float] = None) -> str: + """Generate Prometheus metrics format from scan data.""" + lines = [] + + # Scan metadata + timestamp = datetime.utcnow().isoformat() + "Z" + lines.append(f'# HELP {METRICS_PREFIX}_scan_timestamp Timestamp of the scan') + lines.append(f'# TYPE {METRICS_PREFIX}_scan_timestamp gauge') + lines.append(f'{METRICS_PREFIX}_scan_timestamp 1') + + # Image scanned + if scan_data.get("image"): + image = scan_data["image"].replace(":", "_").replace("/", "_") + lines.append(f'# HELP {METRICS_PREFIX}_image_scanned Image that was scanned') + lines.append(f'# TYPE {METRICS_PREFIX}_image_scanned gauge') + lines.append(f'{METRICS_PREFIX}_image_scanned{{image="{image}"}} 1') + + # Duration + if scan_duration is not None: + lines.append(f'# HELP {METRICS_PREFIX}_scan_duration_seconds Duration of the last scan in seconds') + lines.append(f'# TYPE {METRICS_PREFIX}_scan_duration_seconds gauge') + lines.append(f'{METRICS_PREFIX}_scan_duration_seconds{{status="success"}} {scan_duration}') + + # Vulnerabilities by severity + summary = scan_data.get("summary", {}) + for severity, count in summary.items(): + if count > 0: + lines.append(f'# HELP {METRICS_PREFIX}_vulnerabilities_by_severity Count of vulnerabilities grouped by severity') + lines.append(f'# TYPE {METRICS_PREFIX}_vulnerabilities_by_severity gauge') + lines.append(f'{METRICS_PREFIX}_vulnerabilities_by_severity{{severity="{severity}"}} {count}') + + # Individual vulnerabilities + vulnerabilities = scan_data.get("vulnerabilities", []) + for vuln in vulnerabilities: + cve = vuln.get("cve", "unknown") + package = vuln.get("package", "unknown") + vuln_id = vuln.get("vulnerability_id", cve) + severity = vuln.get("severity", "unknown") + + # Truncate CVE to fit in label + cve_short = cve[-12:] if len(cve) > 12 else cve + + lines.append(f'# HELP {METRICS_PREFIX}_vulnerabilities_found Total number of vulnerabilities found') + lines.append(f'# TYPE {METRICS_PREFIX}_vulnerabilities_found gauge') + labels = { + "severity": severity, + "type": vuln.get("type", "unknown"), + "package": package, + "vulnerability_id": cve_short + } + # Sanitize labels for Prometheus + safe_labels = {k: str(v).replace('"', "").replace("'", "")[:20] for k, v in labels.items()} + label_string = ",".join(f'{k}="{v}"' for k, v in safe_labels.items()) + lines.append(f'{METRICS_PREFIX}_vulnerabilities_found{{{label_string}}} 1') + + # Clean up duplicate HELP lines + cleaned_lines = [] + last_help = None + for line in lines: + if line.startswith('# HELP'): + if last_help and line.split()[2] == last_help.split()[2]: + continue # Skip duplicate HELP + last_help = line.split()[2] + cleaned_lines.append(line) + + return '\n'.join(cleaned_lines) + + +def push_metrics_to_pushgateway(metrics: str): + """Push metrics to PushGateway.""" + try: + validated_metrics = sanitize_prometheus_metrics(metrics) + if not validated_metrics: + print("✗ No valid Prometheus metrics remained after sanitization") + return False + + req = urllib.request.Request( + PUSHGATEWAY_URL, + data=(validated_metrics + "\n").encode("utf-8"), + headers={"Content-Type": "text/plain; charset=utf-8"}, + method="POST", + ) + + with urllib.request.urlopen(req, timeout=REQUEST_TIMEOUT) as response: + status_code = response.getcode() + response_body = response.read().decode("utf-8", errors="replace") + + if status_code == 200: + print(f"✓ Successfully pushed {len(validated_metrics.split(chr(10)))} lines of metrics to PushGateway") + return True + else: + print(f"✗ Failed to push metrics to PushGateway. Status code: {status_code}") + print(f"Response: {response_body}") + return False + + except urllib.error.HTTPError as e: + body = e.read().decode("utf-8", errors="replace") + print(f"✗ Error pushing metrics to PushGateway: HTTP {e.code} {e.reason}") + print(f"Response: {body}") + return False + except urllib.error.URLError as e: + print(f"✗ Error pushing metrics to PushGateway: {e}") + return False + + +def _has_balanced_label_quotes(label_block: str) -> bool: + """Return True when all double quotes in a label block are balanced.""" + in_quotes = False + escaped = False + for ch in label_block: + if escaped: + escaped = False + continue + if ch == "\\": + escaped = True + continue + if ch == '"': + in_quotes = not in_quotes + return not in_quotes + + +def sanitize_prometheus_metrics(metrics: str) -> str: + """Drop malformed metric lines so one bad sample does not break the whole push.""" + sanitized_lines: List[str] = [] + dropped_lines = 0 + merged_duplicates = 0 + series_totals: Dict[str, float] = {} + series_order: List[str] = [] + + def _format_value(value: float) -> str: + return str(int(value)) if value.is_integer() else format(value, "g") + + for idx, raw_line in enumerate(metrics.splitlines(), start=1): + line = raw_line.rstrip("\r") + + if not line: + continue + if line.startswith("#"): + sanitized_lines.append(line) + continue + + if "{" in line: + open_brace = line.find("{") + close_brace = line.find("}", open_brace + 1) + if close_brace == -1: + print(f"⚠ Dropping malformed metric line {idx}: missing closing brace") + dropped_lines += 1 + continue + label_block = line[open_brace + 1:close_brace] + if not _has_balanced_label_quotes(label_block): + print(f"⚠ Dropping malformed metric line {idx}: unbalanced label quotes") + dropped_lines += 1 + continue + + parts = line.rsplit(" ", 1) + if len(parts) != 2: + print(f"⚠ Dropping malformed metric line {idx}: missing value") + dropped_lines += 1 + continue + + series_id, value_raw = parts[0], parts[1].strip() + try: + value = float(value_raw) + except ValueError: + print(f"⚠ Dropping malformed metric line {idx}: invalid numeric value '{value_raw}'") + dropped_lines += 1 + continue + + if series_id in series_totals: + merged_duplicates += 1 + series_totals[series_id] += value + else: + series_order.append(series_id) + series_totals[series_id] = value + + if dropped_lines: + print(f"⚠ Dropped {dropped_lines} malformed metric line(s) before push") + for series_id in series_order: + sanitized_lines.append(f"{series_id} {_format_value(series_totals[series_id])}") + + if merged_duplicates: + print(f"⚠ Merged {merged_duplicates} duplicate metric line(s) before push") + + return "\n".join(sanitized_lines) + def dispatch_email(report_path, subject): msg = EmailMessage() @@ -26,38 +475,253 @@ def dispatch_email(report_path, subject): smtp_user = os.environ.get("SMTP_USER", "user") smtp_pass = os.environ.get("SMTP_PASS", "pass") - with smtplib.SMTP(smtp_host, smtp_port) as server: - if smtp_port == 465: - server = smtplib.SMTP_SSL(smtp_host, smtp_port) - else: - server = smtplib.SMTP(smtp_host, smtp_port) - if smtp_port != 465: - server.starttls() - try: - server.login(smtp_user, smtp_pass) - except smtplib.SMTPAuthenticationError: - print("SMTP Authentication Error: Check your SMTP credentials.") - return - server.send_message(msg) - print("Report sent.") + if smtp_port == 465: + server = smtplib.SMTP_SSL(smtp_host, smtp_port) + else: + server = smtplib.SMTP(smtp_host, smtp_port) + server.starttls() + try: + server.login(smtp_user, smtp_pass) + except smtplib.SMTPAuthenticationError: + print("SMTP Authentication Error: Check your SMTP credentials.") + server.quit() + return + server.send_message(msg) + server.quit() + print("Report sent.") -if __name__ == "__main__": - report_path = os.environ.get("REPORT_PATH", "/tmp/report.html") - wait_timeout = int(os.environ.get("WAIT_TIMEOUT", "200")) - sleep_interval = int(os.environ.get("SLEEP_INTERVAL", "5") ) - print("Trivy report path:", report_path) +def generate_prometheus_metrics_from_parse_result(scan_result: ParseResult) -> str: + """Generate Prometheus metrics from ParseResult object.""" + lines = [] + + lines.append(f'# HELP {METRICS_PREFIX}_cluster_scan_timestamp Timestamp of the cluster scan') + lines.append(f'# TYPE {METRICS_PREFIX}_cluster_scan_timestamp gauge') + lines.append(f'{METRICS_PREFIX}_cluster_scan_timestamp 1') + + lines.append(f'# HELP {METRICS_PREFIX}_cluster_name Name of the cluster') + lines.append(f'# TYPE {METRICS_PREFIX}_cluster_name gauge') + def _safe_label(value: str) -> str: + # Prometheus label values cannot contain unescaped control chars/newlines. + cleaned = re.sub(r"[\x00-\x1F\x7F]+", " ", value) + return cleaned.replace('\\', '\\\\').replace('"', '\\"') + + def _safe_truncated_label(value: str, max_len: int) -> str: + # Truncate before escaping so we never cut through an escape sequence. + raw_truncated = re.sub(r"[\x00-\x1F\x7F]+", " ", value)[:max_len] + return _safe_label(raw_truncated) + + safe_cluster_name = _safe_label(scan_result.cluster_name or "") + lines.append(f'{METRICS_PREFIX}_cluster_name{{cluster_name="{safe_cluster_name}"}} 1') + + resource_type_header_written = False + image_digest_header_written = False + successes_header_written = False + failures_header_written = False + misconfig_header_written = False + vulnerability_total_header_written = False + vulnerability_severity_header_written = False + vulnerability_header_written = False + + for resource in scan_result.resources: + rtype = _safe_label(resource.type or "") + rname = _safe_label(resource.name or "") + rkind = _safe_label(resource.kind or "") + rns = _safe_label(resource.namespace or "") + resource_labels = f'type="{rtype}",kind="{rkind}",name="{rname}",namespace="{rns}"' + + if not resource_type_header_written: + lines.append(f'# HELP {METRICS_PREFIX}_resource_type Type of resource') + lines.append(f'# TYPE {METRICS_PREFIX}_resource_type gauge') + resource_type_header_written = True + lines.append(f'{METRICS_PREFIX}_resource_type{{{resource_labels}}} 1') + + if resource.image_digests: + if not image_digest_header_written: + lines.append(f'# HELP {METRICS_PREFIX}_image_digest Image digest') + lines.append(f'# TYPE {METRICS_PREFIX}_image_digest gauge') + image_digest_header_written = True + for digest in resource.image_digests: + safe_digest = _safe_truncated_label(digest, 64) + lines.append(f'{METRICS_PREFIX}_image_digest{{{resource_labels},digest="{safe_digest}"}} 1') + + if resource.misconf_summary: + summary = resource.misconf_summary + successes = summary.get('Successes', 0) + failures = summary.get('Failures', 0) + + if not successes_header_written: + lines.append(f'# HELP {METRICS_PREFIX}_misconfiguration_successes Successful checks') + lines.append(f'# TYPE {METRICS_PREFIX}_misconfiguration_successes gauge') + successes_header_written = True + lines.append(f'{METRICS_PREFIX}_misconfiguration_successes{{{resource_labels}}} {successes}') + + if not failures_header_written: + lines.append(f'# HELP {METRICS_PREFIX}_misconfiguration_failures Failed checks') + lines.append(f'# TYPE {METRICS_PREFIX}_misconfiguration_failures gauge') + failures_header_written = True + lines.append(f'{METRICS_PREFIX}_misconfiguration_failures{{{resource_labels}}} {failures}') + + misconfig_counts = {} + for m in resource.misconfigurations: + key = ( + _safe_label(m.severity or ""), + _safe_label(m.status or ""), + _safe_truncated_label(m.check_id or "", 32), + _safe_truncated_label(m.check_namespace or "", 64), + _safe_truncated_label(m.title or "", 100), + _safe_truncated_label(m.primary_url or "", 200), + ) + misconfig_counts[key] = misconfig_counts.get(key, 0) + 1 + + for (safe_severity, safe_status, safe_check_id, safe_check_namespace, safe_title, safe_primary_url), count in misconfig_counts.items(): + if not misconfig_header_written: + lines.append(f'# HELP {METRICS_PREFIX}_misconfiguration Misconfiguration finding') + lines.append(f'# TYPE {METRICS_PREFIX}_misconfiguration gauge') + misconfig_header_written = True + lines.append( + f'{METRICS_PREFIX}_misconfiguration{{{resource_labels},' + f'severity="{safe_severity}",status="{safe_status}",' + f'check_id="{safe_check_id}",check_namespace="{safe_check_namespace}",title="{safe_title}",primary_url="{safe_primary_url}"}} {count}' + ) + + if not vulnerability_total_header_written: + lines.append(f'# HELP {METRICS_PREFIX}_vulnerability_total Total vulnerabilities for resource') + lines.append(f'# TYPE {METRICS_PREFIX}_vulnerability_total gauge') + vulnerability_total_header_written = True + lines.append(f'{METRICS_PREFIX}_vulnerability_total{{{resource_labels}}} {len(resource.vulnerabilities)}') + + for severity, count in resource.vulnerability_summary.items(): + safe_severity = _safe_label(severity) + if not vulnerability_severity_header_written: + lines.append(f'# HELP {METRICS_PREFIX}_vulnerability_severity_count Vulnerabilities grouped by severity for resource') + lines.append(f'# TYPE {METRICS_PREFIX}_vulnerability_severity_count gauge') + vulnerability_severity_header_written = True + lines.append( + f'{METRICS_PREFIX}_vulnerability_severity_count{{{resource_labels},severity="{safe_severity}"}} {count}' + ) + + vulnerability_counts = {} + for v in resource.vulnerabilities: + key = ( + _safe_label(v.severity or ""), + _safe_truncated_label(v.vulnerability_id or "", 32), + _safe_truncated_label(v.package_name or "", 64), + _safe_truncated_label(v.target or "", 96), + _safe_truncated_label(v.vuln_type or "", 24), + _safe_truncated_label(v.class_name or "", 24), + ) + vulnerability_counts[key] = vulnerability_counts.get(key, 0) + 1 + + for (safe_severity, safe_vuln_id, safe_package, safe_target, safe_vuln_type, safe_class_name), count in vulnerability_counts.items(): + if not vulnerability_header_written: + lines.append(f'# HELP {METRICS_PREFIX}_vulnerability Vulnerability finding') + lines.append(f'# TYPE {METRICS_PREFIX}_vulnerability gauge') + vulnerability_header_written = True + lines.append( + f'{METRICS_PREFIX}_vulnerability{{{resource_labels},' + f'severity="{safe_severity}",vulnerability_id="{safe_vuln_id}",' + f'package="{safe_package}",target="{safe_target}",' + f'vuln_type="{safe_vuln_type}",class="{safe_class_name}"}} {count}' + ) + + if scan_result.duration: + lines.append(f'# HELP {METRICS_PREFIX}_scan_duration Duration of the last scan in seconds') + lines.append(f'# TYPE {METRICS_PREFIX}_scan_duration gauge') + lines.append(f'{METRICS_PREFIX}_scan_duration {scan_result.duration}') + + return '\n'.join(lines) + + +def main(): + + """Main function to process Trivy scan output and push metrics.""" + print("🔍 Trivy Metrics Exporter") + print(f"📍 PushGateway URL: {PUSHGATEWAY_URL}") + print(f"🏷️ Namespace: {PUSHGATEWAY_NAMESPACE}") + print(f"💼 Job: {PUSHGATEWAY_JOB}") + print(f"⏳ Request timeout: {REQUEST_TIMEOUT} seconds") + print() + + print("Trivy report path:", REPORT_PATH) print("Starting to wait for the report to be generated...") start = time.time() - while not os.path.exists(report_path): - if time.time() - start > wait_timeout: + while not os.path.exists(REPORT_PATH): + if time.time() - start > WAIT_TIMEOUT: print("Timeout waiting for report to be generated.") dispatch_email(None, "Trivy Scan Report - Timeout") exit(1) print("Still waiting for report to be generated...") - time.sleep(sleep_interval) + time.sleep(SLEEP_INTERVAL) print("Report generated, proceeding to send email...") time.sleep(5) # Wait for a bit to ensure the file is fully written - dispatch_email(report_path, "Trivy Scan Report - " + time.strftime("%Y-%m-%d %H:%M:%S")) + dispatch_email(REPORT_PATH, "Trivy Scan Report - " + time.strftime("%Y-%m-%d %H:%M:%S")) + + if not os.path.exists(TRIVY_OUTPUT_FILE): + print(f"✗ Output file not found: {TRIVY_OUTPUT_FILE}") + print(" Make sure Trivy has written its output before running this script.") + exit(1) + + print(f"📄 Reading scan output from: {TRIVY_OUTPUT_FILE}") + + with open(TRIVY_OUTPUT_FILE, 'r') as f: + output = f.read() + + print(f"📊 Parsing scan output...") + + # Parse the output + scan_data = parse_trivy_output(output) + + # Handle both ParseResult (for Kubernetes scans) and old dict format (for image scans) + if hasattr(scan_data, 'resources'): + # ParseResult object (Kubernetes/container scan output) + resource_count = len(scan_data.resources) if scan_data.resources else 0 + if resource_count == 0: + print("⚠️ No vulnerabilities found in scan output") + print(" Pushing basic scan metadata...") + scan_data = None + else: + print(f"Found {resource_count} resource(s) to scan") + # Generate Prometheus metrics + print("🔧 Generating Prometheus metrics...") + metrics = generate_prometheus_metrics_from_parse_result(scan_data) + + # Push to PushGateway + print("🚀 Pushing metrics to PushGateway...") + success = push_metrics_to_pushgateway(metrics) + + if success: + print("✓ Metrics successfully pushed to PushGateway") + + # Also print a summary to stdout for dashboards + print("\n📈 Scan Summary:") + print(f" Resources scanned: {resource_count}") + total_vulns = sum(resource.misconf_summary.get('Failures', 0) for resource in scan_data.resources) + print(f" Misconfigurations found: {total_vulns}") + for resource in scan_data.resources: + if resource.misconf_summary: + print(f" Resource: {resource.name} ({resource.type})") + for severity, count in resource.misconf_summary.items(): + if count > 0: + print(f" - {severity}: {count}") + else: + print("✗ Failed to push metrics") + exit(1) + else: + # Old dict format (image scan output) - keep existing behavior for backward compatibility + print("⚠️ No vulnerabilities found in scan output") + print(" Pushing basic scan metadata...") + # For backward compatibility with image scans + metrics = generate_prometheus_metrics(scan_data) + print("🚀 Pushing metrics to PushGateway...") + success = push_metrics_to_pushgateway(metrics) + if success: + print("✓ Metrics successfully pushed to PushGateway") + else: + print("✗ Failed to push metrics") + exit(1) + +if __name__ == "__main__": + main() \ No newline at end of file diff --git a/terraform/modules/utils/trivy/resources/test_parse_trivy_output.py b/terraform/modules/utils/trivy/resources/test_parse_trivy_output.py new file mode 100644 index 0000000..0720cf5 --- /dev/null +++ b/terraform/modules/utils/trivy/resources/test_parse_trivy_output.py @@ -0,0 +1,343 @@ +"""Unit tests for parse_trivy_output function.""" + +import pytest +from pathlib import Path +from typing import Any +import json + +from send_report import ( + parse_trivy_output, + generate_prometheus_metrics_from_parse_result, + ParseResult, + Resource, + Misconfiguration, +) + + +class TestParseTrivyOutput: + """Tests for parsing Trivy JSON output.""" + + @pytest.fixture + def fixture_path(self) -> Path: + """Path to the Trivy fixture file.""" + return Path(__file__).parent / "fixtures" / "trivy.json" + + @pytest.fixture + def fixture_data(self, fixture_path: Path) -> dict[str, Any]: + """Load fixture data.""" + with open(fixture_path, "r") as f: + return json.load(f) + + def test_parse_trivy_output_cluster_name(self, fixture_data: dict[str, Any]) -> None: + """Test parsing cluster name from Trivy output.""" + result = parse_trivy_output(json.dumps(fixture_data)) + assert result.cluster_name == "microk8s-prod-01" + + def test_parse_trivy_output_results_empty(self, fixture_data: dict[str, Any]) -> None: + """Test when no resources are found.""" + # Modify fixture to remove resources + modified_data = {**fixture_data, "Resources": []} + result = parse_trivy_output(json.dumps(modified_data)) + assert result.cluster_name == "microk8s-prod-01" + assert result.resources == [] + assert len(result.resources) == 0 + + def test_parse_trivy_output_single_resource(self, fixture_data: dict[str, Any]) -> None: + """Test parsing a single resource.""" + result = parse_trivy_output(json.dumps(fixture_data)) + assert isinstance(result.resources, list) + assert len(result.resources) > 0 + + def test_parse_trivy_output_result_types(self, fixture_data: dict[str, Any]) -> None: + """Test result types for different resources.""" + result = parse_trivy_output(json.dumps(fixture_data)) + for resource in result.resources: + assert hasattr(resource, "type") + assert isinstance(resource.type, str) + assert len(resource.type) > 0 + + def test_parse_trivy_output_metadata_list(self, fixture_data: dict[str, Any]) -> None: + """Test that metadata is correctly parsed as a list.""" + resource = result = parse_trivy_output(json.dumps(fixture_data)).resources[0] + assert hasattr(resource, "metadata") + assert isinstance(resource.metadata, list) + + def test_parse_trivy_output_misconfiguration_summary(self, fixture_data: dict[str, Any]) -> None: + """Test that misconfiguration summary is correctly parsed.""" + resource = result = parse_trivy_output(json.dumps(fixture_data)).resources[0] + assert hasattr(resource, "misconf_summary") + assert isinstance(resource.misconf_summary, dict) + assert "Successes" in resource.misconf_summary + assert "Failures" in resource.misconf_summary + + def test_parse_trivy_output_misconfigurations_list(self, fixture_data: dict[str, Any]) -> None: + """Test that misconfigurations are correctly parsed as a list.""" + resource = result = parse_trivy_output(json.dumps(fixture_data)).resources[0] + assert hasattr(resource, "misconfigurations") + assert isinstance(resource.misconfigurations, list) + + def test_parse_trivy_output_successes_count(self, fixture_data: dict[str, Any]) -> None: + """Test that successes count is accurately parsed.""" + resource = result = parse_trivy_output(json.dumps(fixture_data)).resources[0] + for misconfig in resource.misconfigurations: + if misconfig.status == "PASS": + resource.successes_count += 1 + assert resource.successes_count > 0 + + def test_parse_trivy_output_failures_count(self, fixture_data: dict[str, Any]) -> None: + """Test that failures count is accurately parsed.""" + resource = result = parse_trivy_output(json.dumps(fixture_data)).resources[0] + for misconfig in resource.misconfigurations: + if misconfig.status == "FAIL": + resource.failures_count += 1 + assert resource.failures_count > 0 + + def test_parse_trivy_output_kubernetes_type(self, fixture_data: dict[str, Any]) -> None: + """Test parsing of Kubernetes resource type.""" + resource = result = parse_trivy_output(json.dumps(fixture_data)).resources[0] + assert resource.type == "kubernetes" + + def test_parse_trivy_output_resource_name(self, fixture_data: dict[str, Any]) -> None: + """Test parsing resource name (e.g., ClusterRole, Namespace).""" + resource = result = parse_trivy_output(json.dumps(fixture_data)).resources[0] + assert resource.name == "admin" or resource.name == "namespace" + + def test_parse_trivy_output_namespace_field(self, fixture_data: dict[str, Any]) -> None: + """Test that namespace field is correctly extracted.""" + resource = result = parse_trivy_output(json.dumps(fixture_data)).resources[0] + # Namespace field may be None for cluster-scoped resources + assert hasattr(resource, "namespace") + assert resource.namespace is None or isinstance(resource.namespace, str) + + def test_parse_trivy_output_empty_namespaces(self, fixture_data: dict[str, Any]) -> None: + """Test parsing when namespaces array is empty.""" + resource = result = parse_trivy_output(json.dumps(fixture_data)).resources[0] + if hasattr(resource, "namespaces"): + assert isinstance(resource.namespaces, list) + + def test_parse_trivy_output_empty_image_list(self, fixture_data: dict[str, Any]) -> None: + """Test parsing when images array is empty.""" + resource = result = parse_trivy_output(json.dumps(fixture_data)).resources[0] + if hasattr(resource, "images"): + assert isinstance(resource.images, list) + + def test_parse_trivy_output_empty_image_digest_list(self, fixture_data: dict[str, Any]) -> None: + """Test parsing when image digests array is empty.""" + resource = result = parse_trivy_output(json.dumps(fixture_data)).resources[0] + if hasattr(resource, "image_digests"): + assert isinstance(resource.image_digests, list) + + def test_parse_trivy_output_parses_vulnerabilities(self) -> None: + """Test parsing vulnerabilities from Kubernetes JSON results.""" + sample = { + "ClusterName": "microk8s-prod-01", + "Resources": [ + { + "Kind": "Deployment", + "Name": "sample-app", + "Namespace": "default", + "Results": [ + { + "Class": "os-pkgs", + "Type": "alpine", + "Target": "sample-app:1.0", + "Vulnerabilities": [ + { + "VulnerabilityID": "CVE-2024-0001", + "PkgName": "openssl", + "InstalledVersion": "3.0.0", + "FixedVersion": "3.0.1", + "Severity": "HIGH", + "Title": "Example vulnerability" + } + ] + } + ] + } + ] + } + + result = parse_trivy_output(json.dumps(sample)) + assert len(result.resources) == 1 + resource = result.resources[0] + assert len(resource.vulnerabilities) == 1 + assert resource.vulnerabilities[0].vulnerability_id == "CVE-2024-0001" + assert resource.vulnerability_summary["HIGH"] == 1 + + +class TestGeneratePrometheusMetricsFromParseResult: + """Tests for generate_prometheus_metrics_from_parse_result.""" + + @pytest.fixture + def fixture_data(self) -> dict[str, Any]: + fixture_path = Path(__file__).parent / "fixtures" / "trivy.json" + with open(fixture_path) as f: + return json.load(f) + + @pytest.fixture + def parsed_result(self, fixture_data: dict[str, Any]) -> ParseResult: + return parse_trivy_output(json.dumps(fixture_data)) + + @pytest.fixture + def simple_result(self) -> ParseResult: + return ParseResult( + cluster_name="test-cluster", + resources=[ + Resource( + type="kubernetes", + name="my-role", + namespace="default", + misconf_summary={"Successes": 10, "Failures": 3}, + misconfigurations=[ + Misconfiguration( + status="FAIL", + message="Bad config", + severity="HIGH", + check_id="KSV-0041", + title="Manage secrets", + check_namespace="builtin.kubernetes.KSV041", + primary_url="https://avd.aquasec.com/misconfig/ksv-0041", + ), + Misconfiguration( + status="FAIL", + message="Another issue", + severity="MEDIUM", + check_id="KSV-0114", + title="Limit wildcard access", + check_namespace="builtin.kubernetes.KSV114", + primary_url="https://avd.aquasec.com/misconfig/ksv-0114", + ), + ], + ) + ], + ) + + def test_output_is_string(self, parsed_result: ParseResult) -> None: + output = generate_prometheus_metrics_from_parse_result(parsed_result) + assert isinstance(output, str) + + def test_contains_cluster_timestamp(self, parsed_result: ParseResult) -> None: + output = generate_prometheus_metrics_from_parse_result(parsed_result) + assert "trivy_cluster_scan_timestamp 1" in output + + def test_contains_cluster_name(self, parsed_result: ParseResult) -> None: + output = generate_prometheus_metrics_from_parse_result(parsed_result) + assert 'cluster_name="microk8s-prod-01"' in output + + def test_contains_resource_type_metric(self, simple_result: ParseResult) -> None: + output = generate_prometheus_metrics_from_parse_result(simple_result) + assert "trivy_resource_type" in output + assert 'name="my-role"' in output + assert 'namespace="default"' in output + + def test_contains_misconfiguration_successes(self, simple_result: ParseResult) -> None: + output = generate_prometheus_metrics_from_parse_result(simple_result) + assert "trivy_misconfiguration_successes" in output + assert "} 10" in output + + def test_contains_misconfiguration_failures(self, simple_result: ParseResult) -> None: + output = generate_prometheus_metrics_from_parse_result(simple_result) + assert "trivy_misconfiguration_failures" in output + assert "} 3" in output + + def test_contains_individual_misconfigurations(self, simple_result: ParseResult) -> None: + output = generate_prometheus_metrics_from_parse_result(simple_result) + assert 'severity="HIGH"' in output + assert 'severity="MEDIUM"' in output + assert 'status="FAIL"' in output + + def test_contains_misconfiguration_identity_labels(self, simple_result: ParseResult) -> None: + output = generate_prometheus_metrics_from_parse_result(simple_result) + assert 'check_id="KSV-0041"' in output + assert 'check_namespace="builtin.kubernetes.KSV041"' in output + assert 'title="Manage secrets"' in output + assert 'primary_url="https://avd.aquasec.com/misconfig/ksv-0041"' in output + + def test_parse_trivy_output_primary_url(self, fixture_data: dict[str, Any]) -> None: + result = parse_trivy_output(json.dumps(fixture_data)) + first_with_url = None + for resource in result.resources: + for misconfig in resource.misconfigurations: + if misconfig.primary_url: + first_with_url = misconfig + break + if first_with_url: + break + + assert first_with_url is not None + assert first_with_url.primary_url.startswith("https://avd.aquasec.com/misconfig/") + + def test_empty_resources_still_has_header(self) -> None: + result = ParseResult(cluster_name="empty-cluster", resources=[]) + output = generate_prometheus_metrics_from_parse_result(result) + assert "trivy_cluster_scan_timestamp" in output + assert 'cluster_name="empty-cluster"' in output + assert "trivy_resource_type" not in output + + def test_no_misconf_summary_skips_summary_metrics(self) -> None: + result = ParseResult( + cluster_name="c", + resources=[Resource(type="kubernetes", name="r", misconf_summary={})], + ) + output = generate_prometheus_metrics_from_parse_result(result) + assert "trivy_misconfiguration_successes" not in output + assert "trivy_misconfiguration_failures" not in output + + def test_duration_metric_present_when_set(self) -> None: + result = ParseResult(cluster_name="c", resources=[], duration=42.5) + output = generate_prometheus_metrics_from_parse_result(result) + assert "trivy_scan_duration 42.5" in output + + def test_duration_metric_absent_when_not_set(self) -> None: + result = ParseResult(cluster_name="c", resources=[]) + output = generate_prometheus_metrics_from_parse_result(result) + assert "trivy_scan_duration" not in output + + def test_image_digest_metric_emitted(self) -> None: + result = ParseResult( + cluster_name="c", + resources=[ + Resource( + type="kubernetes", + name="r", + image_digests=["sha256:abc123"], + ) + ], + ) + output = generate_prometheus_metrics_from_parse_result(result) + assert "trivy_image_digest" in output + assert "sha256:abc123" in output + + def test_fixture_produces_nonempty_output(self, parsed_result: ParseResult) -> None: + output = generate_prometheus_metrics_from_parse_result(parsed_result) + lines = [l for l in output.splitlines() if l and not l.startswith("#")] + assert len(lines) > 0 + + def test_prometheus_help_type_pairs(self, simple_result: ParseResult) -> None: + output = generate_prometheus_metrics_from_parse_result(simple_result) + lines = output.splitlines() + for i, line in enumerate(lines): + if line.startswith("# TYPE"): + metric_name = line.split()[2] + assert any( + l.startswith(metric_name) for l in lines[i + 1 :] + ), f"No sample line found after TYPE declaration for {metric_name}" + + def test_contains_vulnerability_metrics(self) -> None: + result = ParseResult( + cluster_name="test-cluster", + resources=[ + Resource( + type="kubernetes", + kind="Deployment", + name="sample-app", + namespace="default", + vulnerability_summary={"CRITICAL": 1, "HIGH": 2}, + vulnerabilities=[], + ) + ], + ) + output = generate_prometheus_metrics_from_parse_result(result) + assert "trivy_vulnerability_total" in output + assert "trivy_vulnerability_severity_count" in output + assert 'severity="CRITICAL"' in output \ No newline at end of file diff --git a/terraform/modules/utils/trivy/variables.tf b/terraform/modules/utils/trivy/variables.tf index c59ee3c..3cbe10b 100644 --- a/terraform/modules/utils/trivy/variables.tf +++ b/terraform/modules/utils/trivy/variables.tf @@ -10,7 +10,7 @@ variable "smtp_host" { variable "smtp_port" { description = "The SMTP relay port" - type = number + type = string } variable "smtp_username" { @@ -43,7 +43,6 @@ variable "cron_schedule" { variable "tag" { description = "The version of Trivy to install" type = string - default = "latest" } variable "report_type" { @@ -57,3 +56,9 @@ variable "levels" { type = string default = "HIGH,CRITICAL" } + +variable "pushgateway_url" { + description = "URL of the Prometheus Pushgateway including /metrics/job/ path" + type = string + default = "http://pushgateway.prometheus.svc.cluster.local:9091/metrics/job/trivy-metrics" +}